Added and documented "virtual_server" config for PEAP and TTLS.

	This lets the administrator control which virtual server
	processes the tunneled request.

diff --git a/raddb/eap.conf b/raddb/eap.conf
index 6c47ee3..c9f1562 100644 (file)
--- a/raddb/eap.conf
+++ b/raddb/eap.conf
@@ -277,6 +277,18 @@
                        #
                        # allowed values: {no, yes}
                        use_tunneled_reply = no
+
+                       #
+                       #  The inner tunneled request can be sent
+                       #  through a virtual server constructed
+                       #  specifically for this purpose.
+                       #
+                       #  If this entry is commented out, the inner
+                       #  tunneled request will be sent through
+                       #  the virtual server that processed the
+                       #  outer requests.
+                       #
+                       #virtual_server = "inner-tunnel"
                }
 
                ##################################################
@@ -341,6 +353,18 @@
                        #  Set this entry to "no" to proxy the tunneled
                        #  EAP-MSCHAP-V2 as normal MSCHAPv2.
                #       proxy_tunneled_request_as_eap = yes
+
+                       #
+                       #  The inner tunneled request can be sent
+                       #  through a virtual server constructed
+                       #  specifically for this purpose.
+                       #
+                       #  If this entry is commented out, the inner
+                       #  tunneled request will be sent through
+                       #  the virtual server that processed the
+                       #  outer requests.
+                       #
+                       #virtual_server = "inner-tunnel"
                }
 
                #

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h b/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h
index ab4b720..33bf78b 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h
@@ -38,6 +38,7 @@ typedef struct peap_tunnel_t {
        int             copy_request_to_tunnel;
        int             use_tunneled_reply;
        int             proxy_tunneled_request_as_eap;
+       const char      *virtual_server;
 } peap_tunnel_t;
 
 #define PEAP_STATUS_START_PART2 0

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
index 68a10c3..a5cefa6 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
@@ -786,7 +786,11 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session)
 
        if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER)) != NULL) {
                fake->server = vp->vp_strvalue;
-       }
+
+       } else if (t->virtual_server) {
+               fake->server = t->virtual_server;
+
+       } /* else fake->server == request->server */
 
 #ifndef NDEBUG
        if (debug_flag > 0) {

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
index 9eeb822..f0f130e 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
@@ -51,6 +51,11 @@ typedef struct rlm_eap_peap_t {
         *      protocol.
         */
        int     proxy_tunneled_request_as_eap;
+
+       /*
+        *      Virtual server for inner tunnel session.
+        */
+       char    *virtual_server;
 } rlm_eap_peap_t;
 
 
@@ -67,6 +72,9 @@ static CONF_PARSER module_config[] = {
        { "proxy_tunneled_request_as_eap", PW_TYPE_BOOLEAN,
          offsetof(rlm_eap_peap_t, proxy_tunneled_request_as_eap), NULL, "yes" },
 
+       { "virtual_server", PW_TYPE_STRING_PTR,
+         offsetof(rlm_eap_peap_t, virtual_server), NULL, NULL },
+
        { NULL, -1, 0, NULL, NULL }           /* end the list */
 };
 
@@ -153,6 +161,7 @@ static peap_tunnel_t *peap_alloc(rlm_eap_peap_t *inst)
        t->copy_request_to_tunnel = inst->copy_request_to_tunnel;
        t->use_tunneled_reply = inst->use_tunneled_reply;
        t->proxy_tunneled_request_as_eap = inst->proxy_tunneled_request_as_eap;
+       t->virtual_server = inst->virtual_server;
 
        return t;
 }

diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h b/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h
index 30ebf85..6bdba3c 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h
@@ -36,6 +36,7 @@ typedef struct ttls_tunnel_t {
        int             default_eap_type;
        int             copy_request_to_tunnel;
        int             use_tunneled_reply;
+       const char      *virtual_server;
 } ttls_tunnel_t;
 
 /*

diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c
index 8b08930..28c0067 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c
@@ -46,6 +46,11 @@ typedef struct rlm_eap_ttls_t {
         *      tunneled session in the tunneled request
         */
        int     copy_request_to_tunnel;
+
+       /*
+        *      Virtual server for inner tunnel session.
+        */
+       char    *virtual_server;
 } rlm_eap_ttls_t;
 
 
@@ -59,6 +64,9 @@ static CONF_PARSER module_config[] = {
        { "use_tunneled_reply", PW_TYPE_BOOLEAN,
          offsetof(rlm_eap_ttls_t, use_tunneled_reply), NULL, "no" },
 
+       { "virtual_server", PW_TYPE_STRING_PTR,
+         offsetof(rlm_eap_ttls_t, virtual_server), NULL, NULL },
+
        { NULL, -1, 0, NULL, NULL }           /* end the list */
 };
 
@@ -163,6 +171,7 @@ static ttls_tunnel_t *ttls_alloc(rlm_eap_ttls_t *inst)
        t->default_eap_type = inst->default_eap_type;
        t->copy_request_to_tunnel = inst->copy_request_to_tunnel;
        t->use_tunneled_reply = inst->use_tunneled_reply;
+       t->virtual_server = inst->virtual_server;
        return t;
 }
 

diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
index 779f884..9064c34 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
@@ -1145,7 +1145,12 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session)
 
        if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER)) != NULL) {
                fake->server = vp->vp_strvalue;
-       }
+
+       } else if (t->virtual_server) {
+               fake->server = t->virtual_server;
+
+       } /* else fake->server == request->server */
+
 
 #ifndef NDEBUG
        if (debug_flag > 0) {