return 0;
}
-
/* Do not convert to TALLOC - Thread safety */
/* alloc and convert to ASN.1 */
sess_blob = malloc(blob_len);
goto error;
}
+ /*
+ * Set the filename to be temporarily write-only.
+ */
+ if (request) {
+ VALUE_PAIR *vp;
+
+ vp = fr_pair_afrom_num(request->state_ctx, PW_TLS_CACHE_FILENAME, 0);
+ if (vp) {
+ fr_pair_value_strcpy(vp, filename);
+ fr_pair_add(&request->state, vp);
+ }
+
+ (void) fchmod(fd, S_IWUSR);
+ }
+
todo = blob_len;
p = sess_blob;
while (todo > 0) {
#include "rlm_eap.h"
+#include <sys/stat.h>
+
static const CONF_PARSER module_config[] = {
{ "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_t, default_method_name), "md5" },
{ "timer_expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_t, timer_limit), "60" },
}
/*
+ * Enable the cached entry on success.
+ */
+ if (handler->eap_ds->request->code == PW_EAP_SUCCESS) {
+ VALUE_PAIR *vp;
+
+ vp = fr_pair_find_by_num(request->state, PW_TLS_CACHE_FILENAME, 0, TAG_ANY);
+ if (vp) (void) chmod(vp->vp_strvalue, S_IRUSR | S_IWUSR);
+ }
+
+ /*
+ * Disable the cached entry on failure.
+ */
+ if (handler->eap_ds->request->code == PW_EAP_FAILURE) {
+ VALUE_PAIR *vp;
+
+ vp = fr_pair_find_by_num(request->state, PW_TLS_CACHE_FILENAME, 0, TAG_ANY);
+ if (vp) (void) unlink(vp->vp_strvalue);
+ }
+
+ /*
* If it's an Access-Accept, RFC 2869, Section 2.3.1
* says that we MUST include a User-Name attribute in the
* Access-Accept.