diff options
Diffstat (limited to 'src/libcharon/plugins/eap_radius/eap_radius.c')
-rw-r--r-- | src/libcharon/plugins/eap_radius/eap_radius.c | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index a2530e653..fbbf6da83 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2012-2017 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -271,37 +272,47 @@ METHOD(eap_method_t, initiate, status_t, } /** - * Handle the Class attribute as group membership information + * Handle the Class attribute */ static void process_class(radius_message_t *msg) { enumerator_t *enumerator; + ike_sa_t *ike_sa; + identification_t *id; + auth_cfg_t *auth; chunk_t data; + bool class_group, class_send; int type; + class_group = lib->settings->get_bool(lib->settings, + "%s.plugins.eap-radius.class_group", FALSE, lib->ns); + class_send = lib->settings->get_bool(lib->settings, + "%s.plugins.eap-radius.accounting_send_class", FALSE, lib->ns); + ike_sa = charon->bus->get_sa(charon->bus); + + if ((!class_group && !class_send) || !ike_sa) + { + return; + } + enumerator = msg->create_enumerator(msg); while (enumerator->enumerate(enumerator, &type, &data)) { if (type == RAT_CLASS) { - identification_t *id; - ike_sa_t *ike_sa; - auth_cfg_t *auth; - - if (data.len >= 44) + if (class_group && data.len < 44) { /* quirk: ignore long class attributes, these are used for * other purposes by some RADIUS servers (such as NPS). */ - continue; - } - - ike_sa = charon->bus->get_sa(charon->bus); - if (ike_sa) - { auth = ike_sa->get_auth_cfg(ike_sa, FALSE); id = identification_create_from_data(data); - DBG1(DBG_CFG, "received group membership '%Y' from RADIUS", id); + DBG1(DBG_CFG, "received group membership '%Y' from RADIUS", + id); auth->add(auth, AUTH_RULE_GROUP, id); } + if (class_send) + { + eap_radius_accounting_add_class(ike_sa, data); + } } } enumerator->destroy(enumerator); @@ -631,11 +642,7 @@ static void process_cfg_attributes(radius_message_t *msg) */ void eap_radius_process_attributes(radius_message_t *message) { - if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.class_group", FALSE, lib->ns)) - { - process_class(message); - } + process_class(message); if (lib->settings->get_bool(lib->settings, "%s.plugins.eap-radius.filter_id", FALSE, lib->ns)) { |