diff options
| author | Martin Willi <martin@revosec.ch> | 2010-07-09 13:53:43 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-07-09 13:53:43 +0200 |
| commit | 52f97c389300491720980933609d38e46dd46e9d (patch) | |
| tree | 1e19a86676975061fe3730959e6a4d003a9fedd2 /src | |
| parent | cfa1c0760496f8963330803e07be8a8ba38bc506 (diff) | |
| download | strongswan-52f97c389300491720980933609d38e46dd46e9d.tar.bz2 strongswan-52f97c389300491720980933609d38e46dd46e9d.tar.xz | |
Do not interpret long class attributes (such as from NPS) as group
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/eap_radius/eap_radius.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index dfb97786a..4b1a879c3 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -195,15 +195,23 @@ static void process_class(private_eap_radius_t *this, radius_message_t *msg) { if (type == RAT_CLASS) { + identification_t *id; ike_sa_t *ike_sa; auth_cfg_t *auth; + if (data.len >= 44) + { /* quirk: ignore long class attributes, these are used for + * other purposes by some RADIUS servers (such as NPS). */ + continue; + } + ike_sa = charon->bus->get_sa(charon->bus); if (ike_sa) { auth = ike_sa->get_auth_cfg(ike_sa, FALSE); - auth->add(auth, AUTH_RULE_GROUP, - identification_create_from_data(data)); + id = identification_create_from_data(data); + DBG1(DBG_CFG, "received group membership '%Y' from RADIUS", id); + auth->add(auth, AUTH_RULE_GROUP, id); } } } |