Reject on any channel bindings attribute mismatch

author Kevin Wasserman <krwasserman@painless-security.com>

Mon, 14 Jul 2014 18:42:13 +0000 (14:42 -0400)

committer Kevin Wasserman <krwasserman@painless-security.com>

Mon, 14 Jul 2014 18:42:13 +0000 (14:42 -0400)
author Kevin Wasserman <krwasserman@painless-security.com>
Mon, 14 Jul 2014 18:42:13 +0000 (14:42 -0400)
committer Kevin Wasserman <krwasserman@painless-security.com>
Mon, 14 Jul 2014 18:42:13 +0000 (14:42 -0400)
diff --git a/raddb/sites-available/channel_bindings b/raddb/sites-available/channel_bindings

index 1252230..4a18a08 100644 (file)
--- a/raddb/sites-available/channel_bindings
+++ b/raddb/sites-available/channel_bindings
@@ -13,6 +13,12 @@ authorize {
         if (GSS-Acceptor-Service-Name && (outer.request:GSS-Acceptor-Service-Name != GSS-Acceptor-Service-Name)) {
                 reject
         }
+       if (GSS-Acceptor-Host-Name && outer.request:GSS-Acceptor-Host-Name != GSS-Acceptor-Host-Name ) {
+               reject
+       }
+       if (GSS-Acceptor-Realm-Name && outer.request:GSS-Acceptor-Realm-Name != GSS-Acceptor-Realm-Name ) {
+               reject
+       }
  
         if (GSS-Acceptor-Service-Name || GSS-Acceptor-Realm-Name || GSS-Acceptor-Host-Name) {
                 update control {
author	Kevin Wasserman <krwasserman@painless-security.com>
	Mon, 14 Jul 2014 18:42:13 +0000 (14:42 -0400)
committer	Kevin Wasserman <krwasserman@painless-security.com>
	Mon, 14 Jul 2014 18:42:13 +0000 (14:42 -0400)