Add formal argument 'secret' to two public functions.

The functions are rs_packet_create_authn_request() and
rs_request_create_authn().

Attributes of type PW_USER_PASSWORD are supposed to be MD5
obfuscated (see vp2data_any()).

NOTE: This is a non-backward compatible API change.

diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c
index 1b77de3..773a26c 100644 (file)
--- a/lib/examples/client-blocking.c
+++ b/lib/examples/client-blocking.c
@@ -59,14 +59,14 @@ blocking_client (const char *config_fn, const char *configuration,
 
   if (use_request_object_flag)
     {
-      if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW))
+      if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW, SECRET))
        goto cleanup;
       if (rs_request_send (request, &resp))
        goto cleanup;
     }
   else
     {
-      if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW))
+      if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW, SECRET))
        goto cleanup;
       if (rs_packet_send (req, NULL))
        goto cleanup;

diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h
index 6c4f6a7..b45aea1 100644 (file)
--- a/lib/include/radsec/radsec.h
+++ b/lib/include/radsec/radsec.h
@@ -310,12 +310,14 @@ int rs_packet_send(struct rs_packet *pkt, void *user_data);
 
 /** Create a RADIUS authentication request packet associated with
     connection \a conn.  Optionally, User-Name and User-Password
-    attributes are added to the packet using the data in \a user_name
-    and \a user_pw.  */
+    attributes are added to the packet using the data in \a user_name,
+    \a user_pw and \a secret where \secret is the RADIUS shared
+    secret. */
 int rs_packet_create_authn_request(struct rs_connection *conn,
                                   struct rs_packet **pkt,
                                   const char *user_name,
-                                  const char *user_pw);
+                                  const char *user_pw,
+                                   const char *secret);
 
 /*** Append \a tail to packet \a pkt.  */
 int

diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h
index f124373..574f395 100644 (file)
--- a/lib/include/radsec/request.h
+++ b/lib/include/radsec/request.h
@@ -22,11 +22,13 @@ void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg);
 /** Create a request associated with connection \a conn containing a
     newly created RADIUS authentication message, possibly with \a
     user_name and \a user_pw attributes.  \a user_name and _user_pw
-    are optional and can be NULL.  */
+    are optional and can be NULL.  If they are present, \a secret must
+    also be given and is used for "hiding" the password. */
 int rs_request_create_authn(struct rs_connection *conn,
                            struct rs_request **req_out,
                            const char *user_name,
-                           const char *user_pw);
+                           const char *user_pw,
+                            const char *secret);
 
 /** Send request \a req and wait for a matching response.  The
     response is put in \a resp_msg (if not NULL).  NOTE: At present,

diff --git a/lib/packet.c b/lib/packet.c
index ce68bea..fe87bfd 100644 (file)
--- a/lib/packet.c
+++ b/lib/packet.c
@@ -169,7 +169,9 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
 int
 rs_packet_create_authn_request (struct rs_connection *conn,
                                struct rs_packet **pkt_out,
-                               const char *user_name, const char *user_pw)
+                               const char *user_name,
+                                const char *user_pw,
+                                const char *secret)
 {
   struct rs_packet *pkt;
   int err;
@@ -189,6 +191,7 @@ rs_packet_create_authn_request (struct rs_connection *conn,
 
   if (user_pw)
     {
+      pkt->rpkt->secret = secret;
       err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0);
       if (err)
        return err;

diff --git a/lib/request.c b/lib/request.c
index b964bea..d624162 100644 (file)
--- a/lib/request.c
+++ b/lib/request.c
@@ -51,7 +51,8 @@ int
 rs_request_create_authn (struct rs_connection *conn,
                         struct rs_request **req_out,
                         const char *user_name,
-                        const char *user_pw)
+                        const char *user_pw,
+                         const char *secret)
 {
   struct rs_request *req = NULL;
   assert (req_out);
@@ -59,7 +60,7 @@ rs_request_create_authn (struct rs_connection *conn,
   if (rs_request_create (conn, &req))
     return -1;
 
-  if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw))
+  if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw, secret))
     return -1;
 
   if (req_out)