From 34b047015c13082e1eace5cb8b5a0a20df09b3a1 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Sun, 7 Sep 2014 17:50:19 -0400 Subject: [PATCH] Final patches to make trust router work --- raddb/mods-available/realm | 7 +++++++ raddb/policy.d/abfab-tr | 5 ++--- src/modules/rlm_eap/libeap/eap_chbind.c | 2 +- src/modules/rlm_realm/configure | 34 ++++++++++++++++----------------- src/modules/rlm_realm/configure.ac | 8 ++++---- 5 files changed, 31 insertions(+), 25 deletions(-) diff --git a/raddb/mods-available/realm b/raddb/mods-available/realm index 0b87548..b4c8ee3 100644 --- a/raddb/mods-available/realm +++ b/raddb/mods-available/realm @@ -28,6 +28,13 @@ realm IPASS { realm suffix { format = suffix delimiter = "@" + + # The next 3 configuration items are valid ONLY + # for a trust-router. For all other realms, + # they are ignored. +# trust_router = "localhost" +# rp_realm = "painless-security.com" +# default_community = "apc.moonshot.ja.net" } # 'username%realm' diff --git a/raddb/policy.d/abfab-tr b/raddb/policy.d/abfab-tr index 2b98329..b55adc8 100644 --- a/raddb/policy.d/abfab-tr +++ b/raddb/policy.d/abfab-tr @@ -29,9 +29,9 @@ abfab_pre_proxy { } # set trust-router-coi attribute from the client configuration - if ("%{client:trust-router_coi}") { + if ("%{client:trust_router_coi}") { update proxy-request { - Trust-Router-COI := "%{client:moonshot_coi}" + Trust-Router-COI := "%{client:trust_router_coi}" } } @@ -43,7 +43,6 @@ abfab_pre_proxy { } } -# # A policy which is used to validate channel-bindings. # abfab_channel_bindings { diff --git a/src/modules/rlm_eap/libeap/eap_chbind.c b/src/modules/rlm_eap/libeap/eap_chbind.c index 99be8ce..fae1b77 100644 --- a/src/modules/rlm_eap/libeap/eap_chbind.c +++ b/src/modules/rlm_eap/libeap/eap_chbind.c @@ -290,7 +290,7 @@ VALUE_PAIR *eap_chbind_packet2vp(REQUEST *request, const chbind_packet_t *packet vp = paircreate(request->packet, PW_UKERNA_CHBIND, VENDORPEC_UKERNA); if (!vp) return NULL; - pairmemcpy(vp, (const uint8_t *) packet, talloc_array_length(packet)); + pairmemcpy(vp, (const uint8_t *) packet, talloc_array_length((uint8_t *)packet)); return vp; } diff --git a/src/modules/rlm_realm/configure b/src/modules/rlm_realm/configure index d13d2bf..32f9a24 100755 --- a/src/modules/rlm_realm/configure +++ b/src/modules/rlm_realm/configure @@ -2921,7 +2921,7 @@ fi -ac_safe=`echo "trust_router/tr_dh" | sed 'y%./+-%__pm%'` +ac_safe=`echo "trust_router/tr_dh.h" | sed 'y%./+-%__pm%'` old_CPPFLAGS="$CPPFLAGS" smart_include= smart_include_dir="/usr/local/include /opt/include" @@ -2941,13 +2941,13 @@ done if test "x$_smart_try_dir" != "x"; then for try in $_smart_try_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for trust_router/tr_dh in $try" >&5 -$as_echo_n "checking for trust_router/tr_dh in $try... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for trust_router/tr_dh.h in $try" >&5 +$as_echo_n "checking for trust_router/tr_dh.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include + #include int main () { @@ -2977,13 +2977,13 @@ fi if test "x$smart_include" = "x"; then for _prefix in $smart_prefix; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/trust_router/tr_dh" >&5 -$as_echo_n "checking for ${_prefix}/trust_router/tr_dh... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/trust_router/tr_dh.h" >&5 +$as_echo_n "checking for ${_prefix}/trust_router/tr_dh.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include + #include int main () { @@ -3011,13 +3011,13 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "x$smart_include" = "x"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for trust_router/tr_dh" >&5 -$as_echo_n "checking for trust_router/tr_dh... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for trust_router/tr_dh.h" >&5 +$as_echo_n "checking for trust_router/tr_dh.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include + #include int main () { @@ -3078,7 +3078,7 @@ eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" if test "x$LOCATE" != "x"; then DIRS= - file=trust_router/tr_dh + file=trust_router/tr_dh.h for x in `${LOCATE} $file 2>/dev/null`; do base=`echo $x | sed "s%/${file}%%"` @@ -3103,13 +3103,13 @@ eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" for try in $_smart_include_dir; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for trust_router/tr_dh in $try" >&5 -$as_echo_n "checking for trust_router/tr_dh in $try... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for trust_router/tr_dh.h in $try" >&5 +$as_echo_n "checking for trust_router/tr_dh.h in $try... " >&6; } CPPFLAGS="-isystem $try $old_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include + #include int main () { @@ -3146,9 +3146,9 @@ fi smart_prefix= - if test "x$ac_cv_have_tr_tid_tidc_create" != "x"; then - if test "x$ac_cv_have_trust_router_tr_dh" != "x"; then - SMART_CPPFLAGS="$SMART_CPPFLAGS} -DHAVE_TRUSTROUTER_TR_DH_H" + if test "x$ac_cv_lib_tr_tid_tidc_create" != "x"; then + if test "x$ac_cv_header_trust_router_tr_dh_h" != "x"; then + SMART_CPPFLAGS="$SMART_CPPFLAGS -DHAVE_TRUSTROUTER_TR_DH_H" trustrouter=yes fi fi diff --git a/src/modules/rlm_realm/configure.ac b/src/modules/rlm_realm/configure.ac index 9d225c6..63c590e 100644 --- a/src/modules/rlm_realm/configure.ac +++ b/src/modules/rlm_realm/configure.ac @@ -8,11 +8,11 @@ if test x$with_[]modname != xno; then AC_PROG_CPP FR_SMART_CHECK_LIB(tr_tid, tidc_create) - FR_SMART_CHECK_INCLUDE(trust_router/tr_dh) + FR_SMART_CHECK_INCLUDE(trust_router/tr_dh.h) - if test "x$ac_cv_have_tr_tid_tidc_create" != "x"; then - if test "x$ac_cv_have_trust_router_tr_dh" != "x"; then - SMART_CPPFLAGS="$SMART_CPPFLAGS} -DHAVE_TRUSTROUTER_TR_DH_H" + if test "x$ac_cv_lib_tr_tid_tidc_create" != "x"; then + if test "x$ac_cv_header_trust_router_tr_dh_h" != "x"; then + SMART_CPPFLAGS="$SMART_CPPFLAGS -DHAVE_TRUSTROUTER_TR_DH_H" trustrouter=yes fi fi -- 2.1.4