diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-03-08 22:36:06 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-03-13 16:27:17 +0100 |
| commit | b3ec6521924b137d7d8a7f67e07907662a112e81 (patch) | |
| tree | 1c400fddc3e146bc2f7a22d487d573cfa356229a /src | |
| parent | 4fc6c7d44252040f987f434670cffa5a773930b1 (diff) | |
| download | strongswan-b3ec6521924b137d7d8a7f67e07907662a112e81.tar.bz2 strongswan-b3ec6521924b137d7d8a7f67e07907662a112e81.tar.xz | |
added msg_auth flag in radius_message_t sign() method
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/eap_radius/eap_radius_dae.c | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnc_pdp/tnc_pdp.c | 2 | ||||
| -rw-r--r-- | src/libradius/radius_message.c | 9 | ||||
| -rw-r--r-- | src/libradius/radius_message.h | 5 | ||||
| -rw-r--r-- | src/libradius/radius_socket.c | 3 |
5 files changed, 11 insertions, 10 deletions
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c index 1cc19afaa..5823142cc 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c @@ -190,7 +190,7 @@ static void send_response(private_eap_radius_dae_t *this, response = radius_message_create(code); response->set_identifier(response, request->get_identifier(request)); response->sign(response, request->get_authenticator(request), - this->secret, this->hasher, this->signer, NULL); + this->secret, this->hasher, this->signer, NULL, FALSE); send_message(this, response, client); save_retransmit(this, response, client); diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 0edecc845..2e330e7c2 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -183,7 +183,7 @@ static void send_response(private_tnc_pdp_t *this, } response->set_identifier(response, request->get_identifier(request)); response->sign(response, request->get_authenticator(request), - this->secret, this->hasher, this->signer, NULL); + this->secret, this->hasher, this->signer, NULL, TRUE); DBG1(DBG_CFG, "sending RADIUS %N to client '%H'", radius_message_code_names, code, client); diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index a63374b5c..03be5a227 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -280,7 +280,7 @@ METHOD(radius_message_t, add, void, METHOD(radius_message_t, sign, void, private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret, - hasher_t *hasher, signer_t *signer, rng_t *rng) + hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth) { if (rng) { @@ -289,7 +289,7 @@ METHOD(radius_message_t, sign, void, } else { - /* build Response-Authenticator */ + /* prepare build of Response-Authenticator */ if (req_auth) { memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5); @@ -300,9 +300,7 @@ METHOD(radius_message_t, sign, void, } } - if (rng || this->msg->code == RMC_ACCESS_CHALLENGE - || this->msg->code == RMC_ACCESS_ACCEPT - || this->msg->code == RMC_ACCESS_REJECT) + if (msg_auth) { char buf[HASH_SIZE_MD5]; @@ -318,6 +316,7 @@ METHOD(radius_message_t, sign, void, { chunk_t msg; + /* build Response-Authenticator */ msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length)); hasher->get_hash(hasher, msg, NULL); hasher->get_hash(hasher, secret, this->msg->authenticator); diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h index 41cfb51a3..a03af3362 100644 --- a/src/libradius/radius_message.h +++ b/src/libradius/radius_message.h @@ -251,10 +251,11 @@ struct radius_message_t { * @param secret shared RADIUS secret * @param signer HMAC-MD5 signer with secret set * @param hasher MD5 hasher - * @param rng RNG to create Message-Authenticator, NULL to omit + * @param rng RNG to create Request-Authenticator, NULL to omit + * @param msg_auth calculate and add Message-Authenticator */ void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, - hasher_t *hasher, signer_t *signer, rng_t *rng); + hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth); /** * Verify the integrity of a received RADIUS message. diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c index f84856942..70500f556 100644 --- a/src/libradius/radius_socket.c +++ b/src/libradius/radius_socket.c @@ -157,7 +157,8 @@ METHOD(radius_socket_t, request, radius_message_t*, /* set Message Identifier */ request->set_identifier(request, this->identifier++); /* sign the request */ - request->sign(request, NULL, this->secret, this->hasher, this->signer, rng); + request->sign(request, NULL, this->secret, this->hasher, this->signer, + rng, rng != NULL); if (!check_connection(this, fd, port)) { |