diff --git a/src/modules/rlm_eap/types/rlm_eap_aka/eap_aka.h b/src/modules/rlm_eap/types/rlm_eap_aka/eap_aka.h index c72bc7c5bdfb..13b29e867c2c 100644 --- a/src/modules/rlm_eap/types/rlm_eap_aka/eap_aka.h +++ b/src/modules/rlm_eap/types/rlm_eap_aka/eap_aka.h @@ -81,8 +81,9 @@ typedef struct { } eap_aka_session_t; typedef struct { - char const *virtual_server; //!< Virtual server for HLR integration. char const *network_id; //!< Network ID as described by RFC 5448. bool request_identity; //!< Whether we always request the identity of ///< the subscriber. + char const *virtual_server; //!< Virtual server for HLR integration. + bool protected_success; } rlm_eap_aka_t; diff --git a/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c b/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c index f95dd93cdfd9..5c3a55705c89 100644 --- a/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c +++ b/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c @@ -51,7 +51,8 @@ static rlm_rcode_t mod_process(UNUSED void *arg, eap_session_t *eap_session); static CONF_PARSER submodule_config[] = { { FR_CONF_OFFSET("network_id", FR_TYPE_STRING | FR_TYPE_REQUIRED, rlm_eap_aka_t, network_id ) }, - { FR_CONF_OFFSET("request_identity", FR_TYPE_BOOL, rlm_eap_aka_t, request_identity ), .dflt = "yes" }, + { FR_CONF_OFFSET("request_identity", FR_TYPE_BOOL, rlm_eap_aka_t, request_identity ), .dflt = "no" }, + { FR_CONF_OFFSET("protected_success", FR_TYPE_BOOL, rlm_eap_aka_t, protected_success ), .dflt = "no" }, { FR_CONF_OFFSET("virtual_server", FR_TYPE_STRING, rlm_eap_aka_t, virtual_server) }, CONF_PARSER_TERMINATOR }; @@ -1018,7 +1019,7 @@ static rlm_rcode_t mod_session_init(void *instance, eap_session_t *eap_session) * to be toggled by attributes later. */ eap_aka_session->request_identity = inst->request_identity; - eap_aka_session->send_result_ind = true; + eap_aka_session->send_result_ind = inst->protected_success; eap_aka_session->id_req = SIM_NO_ID_REQ; /* Set the default */ /* diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/eap_sim.h b/src/modules/rlm_eap/types/rlm_eap_sim/eap_sim.h index 70080fb655f3..187a9cff8089 100644 --- a/src/modules/rlm_eap/types/rlm_eap_sim/eap_sim.h +++ b/src/modules/rlm_eap/types/rlm_eap_sim/eap_sim.h @@ -51,10 +51,6 @@ typedef struct { fr_sim_id_req_type_t id_req; //!< The type of identity we're requesting ///< or previously requested. - - bool request_identity; //!< Always send an identity request before a - ///< challenge. - bool send_result_ind; //!< Say that we would like to use protected result ///< indications (SIM-Notification-Success). @@ -64,6 +60,5 @@ typedef struct { typedef struct { char const *virtual_server; //!< Virtual server for HLR integration. - bool request_identity; //!< Whether we always request the identity of - ///< the subscriber. + bool protected_success; //!< Send protected success messages. } rlm_eap_sim_t; diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c index 4e7161554bc7..cf98051acecd 100644 --- a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c +++ b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c @@ -51,6 +51,7 @@ FR_NAME_NUMBER const sim_state_table[] = { static CONF_PARSER submodule_config[] = { { FR_CONF_OFFSET("virtual_server", FR_TYPE_STRING, rlm_eap_sim_t, virtual_server) }, + { FR_CONF_OFFSET("protected_success", FR_TYPE_BOOL, rlm_eap_sim_t, protected_success ), .dflt = "no" }, CONF_PARSER_TERMINATOR }; @@ -875,7 +876,7 @@ static rlm_rcode_t mod_session_init(UNUSED void *instance, eap_session_t *eap_se { REQUEST *request = eap_session->request; eap_sim_session_t *eap_sim_session; -// rlm_eap_sim_t *inst = instance; + rlm_eap_sim_t *inst = instance; fr_sim_id_type_t type; fr_sim_method_hint_t method; @@ -887,7 +888,7 @@ static rlm_rcode_t mod_session_init(UNUSED void *instance, eap_session_t *eap_se * Set default configuration, we may allow these * to be toggled by attributes later. */ - eap_sim_session->send_result_ind = true; + eap_sim_session->send_result_ind = inst->protected_success; eap_sim_session->id_req = SIM_ANY_ID_REQ; /* Set the default */ /*