summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/eap_radius/eap_radius.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/eap_radius/eap_radius.c')
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c45
1 files changed, 26 insertions, 19 deletions
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index a2530e653..fbbf6da83 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2012-2017 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -271,37 +272,47 @@ METHOD(eap_method_t, initiate, status_t,
}
/**
- * Handle the Class attribute as group membership information
+ * Handle the Class attribute
*/
static void process_class(radius_message_t *msg)
{
enumerator_t *enumerator;
+ ike_sa_t *ike_sa;
+ identification_t *id;
+ auth_cfg_t *auth;
chunk_t data;
+ bool class_group, class_send;
int type;
+ class_group = lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.class_group", FALSE, lib->ns);
+ class_send = lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.accounting_send_class", FALSE, lib->ns);
+ ike_sa = charon->bus->get_sa(charon->bus);
+
+ if ((!class_group && !class_send) || !ike_sa)
+ {
+ return;
+ }
+
enumerator = msg->create_enumerator(msg);
while (enumerator->enumerate(enumerator, &type, &data))
{
if (type == RAT_CLASS)
{
- identification_t *id;
- ike_sa_t *ike_sa;
- auth_cfg_t *auth;
-
- if (data.len >= 44)
+ if (class_group && data.len < 44)
{ /* quirk: ignore long class attributes, these are used for
* other purposes by some RADIUS servers (such as NPS). */
- continue;
- }
-
- ike_sa = charon->bus->get_sa(charon->bus);
- if (ike_sa)
- {
auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
id = identification_create_from_data(data);
- DBG1(DBG_CFG, "received group membership '%Y' from RADIUS", id);
+ DBG1(DBG_CFG, "received group membership '%Y' from RADIUS",
+ id);
auth->add(auth, AUTH_RULE_GROUP, id);
}
+ if (class_send)
+ {
+ eap_radius_accounting_add_class(ike_sa, data);
+ }
}
}
enumerator->destroy(enumerator);
@@ -631,11 +642,7 @@ static void process_cfg_attributes(radius_message_t *msg)
*/
void eap_radius_process_attributes(radius_message_t *message)
{
- if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.class_group", FALSE, lib->ns))
- {
- process_class(message);
- }
+ process_class(message);
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.filter_id", FALSE, lib->ns))
{
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 08:28:33 +0000