On 15.12.2016 14.04, Hartmaier Alexander wrote:

If you get context from $p, it does not matter if, for example,
EAP_UseState was enabled or note. It's easier and more reliable to get
it from $p.
I've removed EAP_UseState from our config since everything works as
before. Can the nested auth of PEAP-TLS cause this in conjunction with
the state ID generation?

I'd say in your case the call to get EAP worked fine because it simply returned the context that was retrieved earlier. In other words, it did the same as getting the context with $p->{EAPContext}.

Our PostAuthHook already has this at the very top since the beginning.
Is this the correct way to check?

my $p      = ${$_[0]};
my $rp     = ${$_[1]};
my $result = $_[2];
my $reason = $_[3];

        unless $$result == $main::ACCEPT;

Yes. This looks fine. The reason you are given a reference to result is that you can also change it in case you need to modify the result with your hook.

Yes, but it only points to EAP.pm which didn't change much since 4.16.
How should they be persisted after writing to $context?

I hope this is clarified below. Now when I look at the notes, I can see that a mentioned of eap_save_resume_context and eap_recover_resume_context could have been included.

So basically write to and read from
$context->{eap_resume_context}->{foo} instead of $context->{foo}?
As this doesn't use an accessor method I'd like it at least documented
somewhere so we can be sure it doesn't break without notice on one of
the next updates.

Yes, that's correct. eap_resume_context points to the context that is saved across resumed sessions. You are correct that there are no accessors yet. These would be among the helpers for hooks that I wrote about earlier.

Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
radiator mailing list

Reply via email to