diff options
| author | Martin Willi <martin@revosec.ch> | 2013-07-22 09:55:00 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-07-29 09:00:48 +0200 |
| commit | 94ec80e74cb04e80212d33821cf335915e091136 (patch) | |
| tree | a523a29742afefcd4157428270901c36c9f81add /src/libcharon/plugins/eap_radius | |
| parent | 7612a6e42fa4779adbeab74ec044bd554d00c3b3 (diff) | |
| download | strongswan-94ec80e74cb04e80212d33821cf335915e091136.tar.bz2 strongswan-94ec80e74cb04e80212d33821cf335915e091136.tar.xz | |
eap-radius: export function to process common attributes of Access-Accept
Diffstat (limited to 'src/libcharon/plugins/eap_radius')
| -rw-r--r-- | src/libcharon/plugins/eap_radius/eap_radius.c | 55 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_radius/eap_radius.h | 12 |
2 files changed, 36 insertions, 31 deletions
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 1400c75a1..6f058df36 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -77,16 +77,6 @@ struct private_eap_radius_t { char *id_prefix; /** - * Handle the Class attribute as group membership information? - */ - bool class_group; - - /** - * Handle the Filter-Id attribute as IPsec CHILD_SA name? - */ - bool filter_id; - - /** * Format string we use for Called/Calling-Station-Id for a host */ char *station_id_fmt; @@ -268,7 +258,7 @@ METHOD(eap_method_t, initiate, status_t, /** * Handle the Class attribute as group membership information */ -static void process_class(private_eap_radius_t *this, radius_message_t *msg) +static void process_class(radius_message_t *msg) { enumerator_t *enumerator; chunk_t data; @@ -305,7 +295,7 @@ static void process_class(private_eap_radius_t *this, radius_message_t *msg) /** * Handle the Filter-Id attribute as IPsec CHILD_SA name */ -static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg) +static void process_filter_id(radius_message_t *msg) { enumerator_t *enumerator; int type; @@ -361,7 +351,7 @@ static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg) /** * Handle Session-Timeout attribte and Interim updates */ -static void process_timeout(private_eap_radius_t *this, radius_message_t *msg) +static void process_timeout(radius_message_t *msg) { enumerator_t *enumerator; ike_sa_t *ike_sa; @@ -390,8 +380,7 @@ static void process_timeout(private_eap_radius_t *this, radius_message_t *msg) /** * Handle Framed-IP-Address and other IKE configuration attributes */ -static void process_cfg_attributes(private_eap_radius_t *this, - radius_message_t *msg) +static void process_cfg_attributes(radius_message_t *msg) { eap_radius_provider_t *provider; enumerator_t *enumerator; @@ -444,6 +433,25 @@ static void process_cfg_attributes(private_eap_radius_t *this, } } +/** + * See header. + */ +void eap_radius_process_attributes(radius_message_t *message) +{ + if (lib->settings->get_bool(lib->settings, + "%s.plugins.eap-radius.class_group", FALSE, charon->name)) + { + process_class(message); + } + if (lib->settings->get_bool(lib->settings, + "%s.plugins.eap-radius.filter_id", FALSE, charon->name)) + { + process_filter_id(message); + } + process_timeout(message); + process_cfg_attributes(message); +} + METHOD(eap_method_t, process, status_t, private_eap_radius_t *this, eap_payload_t *in, eap_payload_t **out) { @@ -481,16 +489,7 @@ METHOD(eap_method_t, process, status_t, status = FAILED; break; case RMC_ACCESS_ACCEPT: - if (this->class_group) - { - process_class(this, response); - } - if (this->filter_id) - { - process_filter_id(this, response); - } - process_timeout(this, response); - process_cfg_attributes(this, response); + eap_radius_process_attributes(response); DBG1(DBG_IKE, "RADIUS authentication of '%Y' successful", this->peer); status = SUCCESS; @@ -591,12 +590,6 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer .id_prefix = lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.id_prefix", "", charon->name), - .class_group = lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.class_group", FALSE, - charon->name), - .filter_id = lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.filter_id", FALSE, - charon->name), ); if (lib->settings->get_bool(lib->settings, "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name)) diff --git a/src/libcharon/plugins/eap_radius/eap_radius.h b/src/libcharon/plugins/eap_radius/eap_radius.h index 875543554..c6b70bb6d 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.h +++ b/src/libcharon/plugins/eap_radius/eap_radius.h @@ -24,6 +24,7 @@ typedef struct eap_radius_t eap_radius_t; #include <sa/eap/eap_method.h> +#include <radius_message.h> /** * Implementation of the eap_method_t interface using a RADIUS server. @@ -45,4 +46,15 @@ struct eap_radius_t { */ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer); +/** + * Process additional attributes from an Access-Accept. + * + * Parses and applies additional authorization attributes from an Accept + * message, such as group membership information or IKE configuration + * attributes. + * + * @param message Access-Accept message to process + */ +void eap_radius_process_attributes(radius_message_t *message); + #endif /** EAP_RADIUS_H_ @}*/ |