Merge branch 'xauth-radius-multi'

Introduces multiple rounds in the eap-radius XAuth backend, concatenating
answers to a single password to verify using a RADIUS User-Password attribute.
This is known to work fine with iOS and OS X clients, allowing two-factor
authentication with proper dialogs.

Different XAuth "profiles" for each backend can be selected using a generic
colon sperated suffix for the XAuth string.

1 files changed, 23 insertions, 2 deletions

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 9bb8e5145..3896d7199 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1268,17 +1268,38 @@ static char* get_string(private_message_t *this, char *buf, int len)
 			pos += written;
 			len -= written;
 		}
-		if (payload->get_type(payload) == CONFIGURATION)
+		if (payload->get_type(payload) == CONFIGURATION ||
+			payload->get_type(payload) == CONFIGURATION_V1)
 		{
 			cp_payload_t *cp = (cp_payload_t*)payload;
 			enumerator_t *attributes;
 			configuration_attribute_t *attribute;
 			bool first = TRUE;
+			char *pfx;
+
+			switch (cp->get_type(cp))
+			{
+				case CFG_REQUEST:
+					pfx = "RQ(";
+					break;
+				case CFG_REPLY:
+					pfx = "RP(";
+					break;
+				case CFG_SET:
+					pfx = "S(";
+					break;
+				case CFG_ACK:
+					pfx = "A(";
+					break;
+				default:
+					pfx = "(";
+					break;
+			}
 
 			attributes = cp->create_attribute_enumerator(cp);
 			while (attributes->enumerate(attributes, &attribute))
 			{
-				written = snprintf(pos, len, "%s%N", first ? "(" : " ",
+				written = snprintf(pos, len, "%s%N", first ? pfx : " ",
 								   configuration_attribute_type_short_names,
 								   attribute->get_type(attribute));
 				if (written >= len || written < 0)