freeradius-config 3.0.16+dfsg-1ubuntu3 / etc / freeradius / 3.0 / policy.d / eap

This file is indexed.

/etc/freeradius/3.0/policy.d/eap is in freeradius-config 3.0.16+dfsg-1ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#
#	Response caching to handle proxy failovers
#
Xeap.authorize {
	cache_eap
	if (ok) {
		#
		#	Expire previous cache entry
		#
		if (&control:State) {
			update control {
				&Cache-TTL := 0
			}
			cache_eap

			update control {
				&State !* ANY
			}
		}

		handled
	}
	else {
		eap.authorize
	}
}

#
#	Populate cache with responses from the EAP module
#
Xeap.authenticate {
	eap {
		handled = 1
	}
	if (handled) {
		cache_eap.authorize

		handled
	}

	cache_eap.authorize
}

#
#       Forbid all EAP types.  Enable this by putting "forbid_eap"
#       into the "authorize" section.
#
forbid_eap {
	if (&EAP-Message) {
		reject
	}
}

#
#       Forbid all non-EAP types outside of an EAP tunnel.
#
permit_only_eap {
	if (!&EAP-Message) {
		#  We MAY be inside of a TTLS tunnel.
		#  PEAP and EAP-FAST require EAP inside of
		#  the tunnel, so this check is OK.
		#  If so, then there MUST be an outer EAP message.
		if (!&outer.request || !&outer.request:EAP-Message) {
			reject
		}
	}
}

#
#       Remove Reply-Message from response if were doing EAP
#
#  Be RFC 3579 2.6.5 compliant - EAP-Message and Reply-Message should
#  not be present in the same response.
#
remove_reply_message_if_eap {
	if (&reply:EAP-Message && &reply:Reply-Message) {
		update reply {
			&Reply-Message !* ANY
		}
	}
	else {
		noop
	}
}

APT Browse - Built by Thomas Orozco.