summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/eap_radius
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/eap_radius')
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in20
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c91
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.h2
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_plugin.c6
-rw-r--r--src/libcharon/plugins/eap_radius/radius_server.h1
5 files changed, 107 insertions, 13 deletions
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index bb372d13c..1d771d9a4 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -169,6 +170,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -200,14 +203,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -222,24 +228,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -247,7 +260,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index 65b868bc6..157034fe5 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -20,6 +20,8 @@
#include <daemon.h>
+#define TUNNEL_TYPE_ESP 9
+
typedef struct private_eap_radius_t private_eap_radius_t;
/**
@@ -71,6 +73,11 @@ struct private_eap_radius_t {
* Handle the Class attribute as group membership information?
*/
bool class_group;
+
+ /**
+ * Handle the Filter-Id attribute as IPsec CHILD_SA name?
+ */
+ bool filter_id;
};
/**
@@ -211,6 +218,62 @@ static void process_class(private_eap_radius_t *this, radius_message_t *msg)
enumerator->destroy(enumerator);
}
+/**
+ * Handle the Filter-Id attribute as IPsec CHILD_SA name
+ */
+static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg)
+{
+ enumerator_t *enumerator;
+ int type;
+ u_int8_t tunnel_tag;
+ u_int32_t tunnel_type;
+ chunk_t filter_id = chunk_empty, data;
+ bool is_esp_tunnel = FALSE;
+
+ enumerator = msg->create_enumerator(msg);
+ while (enumerator->enumerate(enumerator, &type, &data))
+ {
+ switch (type)
+ {
+ case RAT_TUNNEL_TYPE:
+ if (data.len != 4)
+ {
+ continue;
+ }
+ tunnel_tag = *data.ptr;
+ *data.ptr = 0x00;
+ tunnel_type = untoh32(data.ptr);
+ DBG1(DBG_IKE, "received RADIUS attribute Tunnel-Type: "
+ "tag = %u, value = %u", tunnel_tag, tunnel_type);
+ is_esp_tunnel = (tunnel_type == TUNNEL_TYPE_ESP);
+ break;
+ case RAT_FILTER_ID:
+ filter_id = data;
+ DBG1(DBG_IKE, "received RADIUS attribute Filter-Id: "
+ "'%.*s'", filter_id.len, filter_id.ptr);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (is_esp_tunnel && filter_id.len)
+ {
+ identification_t *id;
+ ike_sa_t *ike_sa;
+ auth_cfg_t *auth;
+
+ ike_sa = charon->bus->get_sa(charon->bus);
+ if (ike_sa)
+ {
+ auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
+ id = identification_create_from_data(filter_id);
+ auth->add(auth, AUTH_RULE_GROUP, id);
+ }
+ }
+}
+
METHOD(eap_method_t, process, status_t,
private_eap_radius_t *this, eap_payload_t *in, eap_payload_t **out)
{
@@ -247,12 +310,17 @@ METHOD(eap_method_t, process, status_t,
{
process_class(this, response);
}
+ if (this->filter_id)
+ {
+ process_filter_id(this, response);
+ }
+ DBG1(DBG_IKE, "RADIUS authentication of '%Y' successful",
+ this->peer);
status = SUCCESS;
break;
case RMC_ACCESS_REJECT:
default:
- DBG1(DBG_CFG, "received %N from RADIUS server",
- radius_message_code_names, response->get_code(response));
+ DBG1(DBG_IKE, "RADIUS authentication of '%Y' failed", this->peer);
status = FAILED;
break;
}
@@ -313,13 +381,15 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
private_eap_radius_t *this;
INIT(this,
- .public.eap_method_interface = {
- .initiate = _initiate,
- .process = _process,
- .get_type = _get_type,
- .is_mutual = _is_mutual,
- .get_msk = _get_msk,
- .destroy = _destroy,
+ .public = {
+ .eap_method = {
+ .initiate = _initiate,
+ .process = _process,
+ .get_type = _get_type,
+ .is_mutual = _is_mutual,
+ .get_msk = _get_msk,
+ .destroy = _destroy,
+ },
},
/* initially EAP_RADIUS, but is set to the method selected by RADIUS */
.type = EAP_RADIUS,
@@ -329,6 +399,9 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
"charon.plugins.eap-radius.id_prefix", ""),
.class_group = lib->settings->get_bool(lib->settings,
"charon.plugins.eap-radius.class_group", FALSE),
+ .filter_id = lib->settings->get_bool(lib->settings,
+ "charon.plugins.eap-radius.filter_id", FALSE),
+
);
this->client = radius_client_create();
if (!this->client)
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.h b/src/libcharon/plugins/eap_radius/eap_radius.h
index 8eb9e8c2d..e98cb06e3 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius.h
@@ -33,7 +33,7 @@ struct eap_radius_t {
/**
* Implemented eap_method_t interface.
*/
- eap_method_t eap_method_interface;
+ eap_method_t eap_method;
};
/**
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 91aae2f62..1c24d77d5 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -151,7 +151,11 @@ plugin_t *eap_radius_plugin_create()
private_eap_radius_plugin_t *this;
INIT(this,
- .public.plugin.destroy = _destroy,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
.servers = linked_list_create(),
);
diff --git a/src/libcharon/plugins/eap_radius/radius_server.h b/src/libcharon/plugins/eap_radius/radius_server.h
index b820cb583..ba4c94619 100644
--- a/src/libcharon/plugins/eap_radius/radius_server.h
+++ b/src/libcharon/plugins/eap_radius/radius_server.h
@@ -79,6 +79,7 @@ struct radius_server_t {
* @param server server address
* @param port server port
* @param nas_identifier NAS-Identifier to use with this server
+ * @param secret secret to use with this server
* @param sockets number of sockets to create in pool
* @param preference preference boost for this server
*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 18:57:19 +0000