return RLM_MODULE_INVALID;
}
+#ifdef WITH_PROXY
/*
* If we're doing horrible tunneling work, remember it.
*/
return RLM_MODULE_HANDLED;
}
+#endif
-
+#ifdef WITH_PROXY
/*
* Maybe the request was marked to be proxied. If so,
* proxy it.
RDEBUG2(" Tunneled session will be proxied. Not doing EAP.");
return RLM_MODULE_HANDLED;
}
+#endif
/*
* We are done, wrap the EAP-request in RADIUS to send
inst = (rlm_eap_t *)instance;
+#ifdef WITH_PROXY
/*
* We don't do authorization again, once we've seen the
* proxy reply (or the proxied packet)
*/
if (request->proxy != NULL)
return RLM_MODULE_NOOP;
+#endif
/*
* For EAP_START, send Access-Challenge with EAP Identity
return RLM_MODULE_UPDATED;
}
+
+#ifdef WITH_PROXY
/*
* If we're proxying EAP, then there may be magic we need
* to do.
return RLM_MODULE_UPDATED;
}
-
+#endif
/*
* The module name should be the only globally exported symbol.
NULL, /* accounting */
NULL, /* checksimul */
NULL, /* pre-proxy */
+#ifdef WITH_PROXY
eap_post_proxy, /* post-proxy */
+#else
+ NULL,
+#endif
NULL /* post-auth */
},
};
eapmschapv2_compose(handler, challenge);
pairfree(&challenge);
+#ifdef WITH_PROXY
/*
* The EAP session doesn't have enough information to
* proxy the "inside EAP" protocol. Disable EAP proxying.
*/
handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
+#endif
/*
* We don't need to authorize the user at this point.
return 1;
}
-
+#ifdef WITH_PROXY
/*
* Do post-proxy processing,
* 0 = fail
return 1;
}
-
+#endif
/*
* Authenticate a previously sent challenge.
return 0;
}
+#ifdef WITH_PROXY
/*
* It's a success. Don't proxy it.
*/
handler->request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
+#endif
eap_ds->request->code = PW_EAP_SUCCESS;
return 1;
pairadd(&handler->request->packet->vps, challenge);
pairadd(&handler->request->packet->vps, response);
+#ifdef WITH_PROXY
/*
* If this options is set, then we do NOT authenticate the
* user here. Instead, now that we've added the MS-CHAP
*/
return 1;
}
+#endif
/*
* This is a wild & crazy hack.
*/
int copy_request_to_tunnel;
+#ifdef WITH_PROXY
/*
* Proxy tunneled session as EAP, or as de-capsulated
* protocol.
*/
int proxy_tunneled_request_as_eap;
+#endif
/*
* Virtual server for inner tunnel session.
{ "use_tunneled_reply", PW_TYPE_BOOLEAN,
offsetof(rlm_eap_peap_t, use_tunneled_reply), NULL, "no" },
+#ifdef WITH_PROXY
{ "proxy_tunneled_request_as_eap", PW_TYPE_BOOLEAN,
offsetof(rlm_eap_peap_t, proxy_tunneled_request_as_eap), NULL, "yes" },
+#endif
{ "virtual_server", PW_TYPE_STRING_PTR,
offsetof(rlm_eap_peap_t, virtual_server), NULL, NULL },
t->default_eap_type = inst->default_eap_type;
t->copy_request_to_tunnel = inst->copy_request_to_tunnel;
t->use_tunneled_reply = inst->use_tunneled_reply;
+#ifdef WITH_PROXY
t->proxy_tunneled_request_as_eap = inst->proxy_tunneled_request_as_eap;
+#endif
t->virtual_server = inst->virtual_server;
t->session_resumption_state = PEAP_RESUMPTION_MAYBE;
* will proxy it, rather than returning an EAP packet.
*/
case RLM_MODULE_UPDATED:
+#ifdef WITH_PROXY
rad_assert(handler->request->proxy != NULL);
+#endif
return 1;
break;
typedef struct ttls_tunnel_t {
VALUE_PAIR *username;
VALUE_PAIR *state;
- VALUE_PAIR *reply;
+ VALUE_PAIR *accept_vps;
int authenticated;
int default_eap_type;
int copy_request_to_tunnel;
pairfree(&t->username);
pairfree(&t->state);
- pairfree(&t->reply);
+ pairfree(&t->accept_vps);
free(t);
}
}
if (t && t->authenticated) {
- if (t->reply) {
- pairmove(&handler->request->reply->vps,
- &t->reply);
- pairfree(&t->reply);
+ if (t->accept_vps) {
+ pairadd(&handler->request->reply->vps,
+ &t->accept_vps);
+ pairfree(&t->accept_vps);
}
do_keys:
/*
* will proxy it, rather than returning an EAP packet.
*/
case PW_STATUS_CLIENT:
+#ifdef WITH_PROXY
rad_assert(handler->request->proxy != NULL);
+#endif
return 1;
break;