From 09d1cff2418a900b587b2113f508984f2417cc11 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 17 Dec 2012 16:11:14 +0100 Subject: [PATCH] Add formal argument 'secret' to two public functions. The functions are rs_packet_create_authn_request() and rs_request_create_authn(). Attributes of type PW_USER_PASSWORD are supposed to be MD5 obfuscated (see vp2data_any()). NOTE: This is a non-backward compatible API change. --- lib/examples/client-blocking.c | 4 ++-- lib/include/radsec/radsec.h | 8 +++++--- lib/include/radsec/request.h | 6 ++++-- lib/packet.c | 5 ++++- lib/request.c | 5 +++-- 5 files changed, 18 insertions(+), 10 deletions(-) diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c index 1b77de3..773a26c 100644 --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@ -59,14 +59,14 @@ blocking_client (const char *config_fn, const char *configuration, if (use_request_object_flag) { - if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW)) + if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW, SECRET)) goto cleanup; if (rs_request_send (request, &resp)) goto cleanup; } else { - if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW)) + if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW, SECRET)) goto cleanup; if (rs_packet_send (req, NULL)) goto cleanup; diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 6c4f6a7..b45aea1 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -310,12 +310,14 @@ int rs_packet_send(struct rs_packet *pkt, void *user_data); /** Create a RADIUS authentication request packet associated with connection \a conn. Optionally, User-Name and User-Password - attributes are added to the packet using the data in \a user_name - and \a user_pw. */ + attributes are added to the packet using the data in \a user_name, + \a user_pw and \a secret where \secret is the RADIUS shared + secret. */ int rs_packet_create_authn_request(struct rs_connection *conn, struct rs_packet **pkt, const char *user_name, - const char *user_pw); + const char *user_pw, + const char *secret); /*** Append \a tail to packet \a pkt. */ int diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h index f124373..574f395 100644 --- a/lib/include/radsec/request.h +++ b/lib/include/radsec/request.h @@ -22,11 +22,13 @@ void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg); /** Create a request associated with connection \a conn containing a newly created RADIUS authentication message, possibly with \a user_name and \a user_pw attributes. \a user_name and _user_pw - are optional and can be NULL. */ + are optional and can be NULL. If they are present, \a secret must + also be given and is used for "hiding" the password. */ int rs_request_create_authn(struct rs_connection *conn, struct rs_request **req_out, const char *user_name, - const char *user_pw); + const char *user_pw, + const char *secret); /** Send request \a req and wait for a matching response. The response is put in \a resp_msg (if not NULL). NOTE: At present, diff --git a/lib/packet.c b/lib/packet.c index ce68bea..fe87bfd 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -169,7 +169,9 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) int rs_packet_create_authn_request (struct rs_connection *conn, struct rs_packet **pkt_out, - const char *user_name, const char *user_pw) + const char *user_name, + const char *user_pw, + const char *secret) { struct rs_packet *pkt; int err; @@ -189,6 +191,7 @@ rs_packet_create_authn_request (struct rs_connection *conn, if (user_pw) { + pkt->rpkt->secret = secret; err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0); if (err) return err; diff --git a/lib/request.c b/lib/request.c index b964bea..d624162 100644 --- a/lib/request.c +++ b/lib/request.c @@ -51,7 +51,8 @@ int rs_request_create_authn (struct rs_connection *conn, struct rs_request **req_out, const char *user_name, - const char *user_pw) + const char *user_pw, + const char *secret) { struct rs_request *req = NULL; assert (req_out); @@ -59,7 +60,7 @@ rs_request_create_authn (struct rs_connection *conn, if (rs_request_create (conn, &req)) return -1; - if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw)) + if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw, secret)) return -1; if (req_out) -- 2.1.4