projects / freeradius.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reject on any channel bindings attribute mismatch
[freeradius.git] / raddb / sites-available / channel_bindings
diff --git a/raddb/sites-available/channel_bindings b/raddb/sites-available/channel_bindings
index 1252230..4a18a08 100644 (file)
--- a/raddb/sites-available/channel_bindings
+++ b/raddb/sites-available/channel_bindings
@@ -13,6 +13,12 @@ authorize {
        if (GSS-Acceptor-Service-Name && (outer.request:GSS-Acceptor-Service-Name != GSS-Acceptor-Service-Name)) {
                reject
        }
+       if (GSS-Acceptor-Host-Name && outer.request:GSS-Acceptor-Host-Name != GSS-Acceptor-Host-Name ) {
+               reject
+       }
+       if (GSS-Acceptor-Realm-Name && outer.request:GSS-Acceptor-Realm-Name != GSS-Acceptor-Realm-Name ) {
+               reject
+       }
 
        if (GSS-Acceptor-Service-Name || GSS-Acceptor-Realm-Name || GSS-Acceptor-Host-Name) {
                update control {
Unnamed repository; edit this file 'description' to name the repository.