summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/eap_radius/eap_radius.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/eap_radius/eap_radius.c')
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c116
1 files changed, 58 insertions, 58 deletions
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index c9e1cdaad..b06b6c392 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -75,21 +75,6 @@ struct private_eap_radius_t {
* Prefix to prepend to EAP identity
*/
char *id_prefix;
-
- /**
- * Handle the Class attribute as group membership information?
- */
- bool class_group;
-
- /**
- * Handle the Filter-Id attribute as IPsec CHILD_SA name?
- */
- bool filter_id;
-
- /**
- * Format string we use for Called/Calling-Station-Id for a host
- */
- char *station_id_fmt;
};
/**
@@ -163,21 +148,16 @@ static bool radius2ike(private_eap_radius_t *this,
}
/**
- * Add a set of RADIUS attributes to a request message
+ * See header.
*/
-static void add_radius_request_attrs(private_eap_radius_t *this,
- radius_message_t *request)
+void eap_radius_build_attributes(radius_message_t *request)
{
ike_sa_t *ike_sa;
host_t *host;
- char buf[40];
+ char buf[40], *station_id_fmt;;
u_int32_t value;
chunk_t chunk;
- chunk = chunk_from_str(this->id_prefix);
- chunk = chunk_cata("cc", chunk, this->peer->get_encoding(this->peer));
- request->add(request, RAT_USER_NAME, chunk);
-
/* virtual NAS-Port-Type */
value = htonl(5);
request->add(request, RAT_NAS_PORT_TYPE, chunk_from_thing(value));
@@ -205,13 +185,37 @@ static void add_radius_request_attrs(private_eap_radius_t *this,
default:
break;
}
- snprintf(buf, sizeof(buf), this->station_id_fmt, host);
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.station_id_with_port",
+ TRUE, charon->name))
+ {
+ station_id_fmt = "%#H";
+ }
+ else
+ {
+ station_id_fmt = "%H";
+ }
+ snprintf(buf, sizeof(buf), station_id_fmt, host);
request->add(request, RAT_CALLED_STATION_ID, chunk_from_str(buf));
host = ike_sa->get_other_host(ike_sa);
- snprintf(buf, sizeof(buf), this->station_id_fmt, host);
+ snprintf(buf, sizeof(buf), station_id_fmt, host);
request->add(request, RAT_CALLING_STATION_ID, chunk_from_str(buf));
}
+}
+
+/**
+ * Add a set of RADIUS attributes to a request message
+ */
+static void add_radius_request_attrs(private_eap_radius_t *this,
+ radius_message_t *request)
+{
+ chunk_t chunk;
+ chunk = chunk_from_str(this->id_prefix);
+ chunk = chunk_cata("cc", chunk, this->peer->get_encoding(this->peer));
+ request->add(request, RAT_USER_NAME, chunk);
+
+ eap_radius_build_attributes(request);
eap_radius_forward_from_ike(request);
}
@@ -268,7 +272,7 @@ METHOD(eap_method_t, initiate, status_t,
/**
* Handle the Class attribute as group membership information
*/
-static void process_class(private_eap_radius_t *this, radius_message_t *msg)
+static void process_class(radius_message_t *msg)
{
enumerator_t *enumerator;
chunk_t data;
@@ -305,7 +309,7 @@ static void process_class(private_eap_radius_t *this, radius_message_t *msg)
/**
* Handle the Filter-Id attribute as IPsec CHILD_SA name
*/
-static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg)
+static void process_filter_id(radius_message_t *msg)
{
enumerator_t *enumerator;
int type;
@@ -361,7 +365,7 @@ static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg)
/**
* Handle Session-Timeout attribte and Interim updates
*/
-static void process_timeout(private_eap_radius_t *this, radius_message_t *msg)
+static void process_timeout(radius_message_t *msg)
{
enumerator_t *enumerator;
ike_sa_t *ike_sa;
@@ -390,8 +394,7 @@ static void process_timeout(private_eap_radius_t *this, radius_message_t *msg)
/**
* Handle Framed-IP-Address and other IKE configuration attributes
*/
-static void process_cfg_attributes(private_eap_radius_t *this,
- radius_message_t *msg)
+static void process_cfg_attributes(radius_message_t *msg)
{
eap_radius_provider_t *provider;
enumerator_t *enumerator;
@@ -412,7 +415,8 @@ static void process_cfg_attributes(private_eap_radius_t *this,
host = host_create_from_chunk(AF_INET, data, 0);
if (host)
{
- provider->add_framed_ip(provider, this->peer, host);
+ provider->add_framed_ip(provider,
+ ike_sa->get_unique_id(ike_sa), host);
}
}
}
@@ -429,8 +433,9 @@ static void process_cfg_attributes(private_eap_radius_t *this,
case 36: /* CVPN3000-IPSec-Banner2 */
if (ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
{
- provider->add_attribute(provider, this->peer,
- UNITY_BANNER, data);
+ provider->add_attribute(provider,
+ ike_sa->get_unique_id(ike_sa),
+ UNITY_BANNER, data);
}
break;
default:
@@ -442,6 +447,25 @@ static void process_cfg_attributes(private_eap_radius_t *this,
}
}
+/**
+ * See header.
+ */
+void eap_radius_process_attributes(radius_message_t *message)
+{
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.class_group", FALSE, charon->name))
+ {
+ process_class(message);
+ }
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.filter_id", FALSE, charon->name))
+ {
+ process_filter_id(message);
+ }
+ process_timeout(message);
+ process_cfg_attributes(message);
+}
+
METHOD(eap_method_t, process, status_t,
private_eap_radius_t *this, eap_payload_t *in, eap_payload_t **out)
{
@@ -479,16 +503,7 @@ METHOD(eap_method_t, process, status_t,
status = FAILED;
break;
case RMC_ACCESS_ACCEPT:
- if (this->class_group)
- {
- process_class(this, response);
- }
- if (this->filter_id)
- {
- process_filter_id(this, response);
- }
- process_timeout(this, response);
- process_cfg_attributes(this, response);
+ eap_radius_process_attributes(response);
DBG1(DBG_IKE, "RADIUS authentication of '%Y' successful",
this->peer);
status = SUCCESS;
@@ -589,22 +604,7 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
.id_prefix = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.id_prefix", "",
charon->name),
- .class_group = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.class_group", FALSE,
- charon->name),
- .filter_id = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.filter_id", FALSE,
- charon->name),
);
- if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name))
- {
- this->station_id_fmt = "%#H";
- }
- else
- {
- this->station_id_fmt = "%H";
- }
this->client = eap_radius_create_client();
if (!this->client)
{
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:59:18 +0000