summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2012-12-17 16:11:14 +0100
committerLinus Nordberg <linus@nordberg.se>2012-12-17 16:11:14 +0100
commit09d1cff2418a900b587b2113f508984f2417cc11 (patch)
tree95dce8da09eccdeb8e70f10adcb285d7047b3120 /lib
parent5b117878698519e798f928cef18eafc9dad4c15a (diff)
Add formal argument 'secret' to two public functions.
The functions are rs_packet_create_authn_request() and rs_request_create_authn(). Attributes of type PW_USER_PASSWORD are supposed to be MD5 obfuscated (see vp2data_any()). NOTE: This is a non-backward compatible API change.
Diffstat (limited to 'lib')
-rw-r--r--lib/examples/client-blocking.c4
-rw-r--r--lib/include/radsec/radsec.h8
-rw-r--r--lib/include/radsec/request.h6
-rw-r--r--lib/packet.c5
-rw-r--r--lib/request.c5
5 files changed, 18 insertions, 10 deletions
diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c
index 1b77de3..773a26c 100644
--- a/lib/examples/client-blocking.c
+++ b/lib/examples/client-blocking.c
@@ -59,14 +59,14 @@ blocking_client (const char *config_fn, const char *configuration,
if (use_request_object_flag)
{
- if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW))
+ if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW, SECRET))
goto cleanup;
if (rs_request_send (request, &resp))
goto cleanup;
}
else
{
- if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW))
+ if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW, SECRET))
goto cleanup;
if (rs_packet_send (req, NULL))
goto cleanup;
diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h
index 6c4f6a7..b45aea1 100644
--- a/lib/include/radsec/radsec.h
+++ b/lib/include/radsec/radsec.h
@@ -310,12 +310,14 @@ int rs_packet_send(struct rs_packet *pkt, void *user_data);
/** Create a RADIUS authentication request packet associated with
connection \a conn. Optionally, User-Name and User-Password
- attributes are added to the packet using the data in \a user_name
- and \a user_pw. */
+ attributes are added to the packet using the data in \a user_name,
+ \a user_pw and \a secret where \secret is the RADIUS shared
+ secret. */
int rs_packet_create_authn_request(struct rs_connection *conn,
struct rs_packet **pkt,
const char *user_name,
- const char *user_pw);
+ const char *user_pw,
+ const char *secret);
/*** Append \a tail to packet \a pkt. */
int
diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h
index f124373..574f395 100644
--- a/lib/include/radsec/request.h
+++ b/lib/include/radsec/request.h
@@ -22,11 +22,13 @@ void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg);
/** Create a request associated with connection \a conn containing a
newly created RADIUS authentication message, possibly with \a
user_name and \a user_pw attributes. \a user_name and _user_pw
- are optional and can be NULL. */
+ are optional and can be NULL. If they are present, \a secret must
+ also be given and is used for "hiding" the password. */
int rs_request_create_authn(struct rs_connection *conn,
struct rs_request **req_out,
const char *user_name,
- const char *user_pw);
+ const char *user_pw,
+ const char *secret);
/** Send request \a req and wait for a matching response. The
response is put in \a resp_msg (if not NULL). NOTE: At present,
diff --git a/lib/packet.c b/lib/packet.c
index ce68bea..fe87bfd 100644
--- a/lib/packet.c
+++ b/lib/packet.c
@@ -169,7 +169,9 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
int
rs_packet_create_authn_request (struct rs_connection *conn,
struct rs_packet **pkt_out,
- const char *user_name, const char *user_pw)
+ const char *user_name,
+ const char *user_pw,
+ const char *secret)
{
struct rs_packet *pkt;
int err;
@@ -189,6 +191,7 @@ rs_packet_create_authn_request (struct rs_connection *conn,
if (user_pw)
{
+ pkt->rpkt->secret = secret;
err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0);
if (err)
return err;
diff --git a/lib/request.c b/lib/request.c
index b964bea..d624162 100644
--- a/lib/request.c
+++ b/lib/request.c
@@ -51,7 +51,8 @@ int
rs_request_create_authn (struct rs_connection *conn,
struct rs_request **req_out,
const char *user_name,
- const char *user_pw)
+ const char *user_pw,
+ const char *secret)
{
struct rs_request *req = NULL;
assert (req_out);
@@ -59,7 +60,7 @@ rs_request_create_authn (struct rs_connection *conn,
if (rs_request_create (conn, &req))
return -1;
- if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw))
+ if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw, secret))
return -1;
if (req_out)