Add formal argument 'secret' to two public functions.

The functions are rs_packet_create_authn_request() and rs_request_create_authn(). Attributes of type PW_USER_PASSWORD are supposed to be MD5 obfuscated (see vp2data_any()). NOTE: This is a non-backward compatible API change.
author: Linus Nordberg <linus@nordberg.se> 2012-12-17 16:11:14 +0100
committer: Linus Nordberg <linus@nordberg.se> 2012-12-17 16:11:14 +0100
commit: 09d1cff2418a900b587b2113f508984f2417cc11 (patch)
tree: 95dce8da09eccdeb8e70f10adcb285d7047b3120
parent: 5b117878698519e798f928cef18eafc9dad4c15a (diff)
5 files changed, 18 insertions, 10 deletions
diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c
index 1b77de3..773a26c 100644
--- a/lib/examples/client-blocking.c
+++ b/lib/examples/client-blocking.c
@@ -59,14 +59,14 @@ blocking_client (const char *config_fn, const char *configuration,
 
   if (use_request_object_flag)
     {
-      if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW))
+      if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW, SECRET))
 	goto cleanup;
       if (rs_request_send (request, &resp))
 	goto cleanup;
     }
   else
     {
-      if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW))
+      if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW, SECRET))
 	goto cleanup;
       if (rs_packet_send (req, NULL))
 	goto cleanup;
diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h
index 6c4f6a7..b45aea1 100644
--- a/lib/include/radsec/radsec.h
+++ b/lib/include/radsec/radsec.h
@@ -310,12 +310,14 @@ int rs_packet_send(struct rs_packet *pkt, void *user_data);
 
 /** Create a RADIUS authentication request packet associated with
     connection \a conn.  Optionally, User-Name and User-Password
-    attributes are added to the packet using the data in \a user_name
-    and \a user_pw.  */
+    attributes are added to the packet using the data in \a user_name,
+    \a user_pw and \a secret where \secret is the RADIUS shared
+    secret. */
 int rs_packet_create_authn_request(struct rs_connection *conn,
 				   struct rs_packet **pkt,
 				   const char *user_name,
-				   const char *user_pw);
+				   const char *user_pw,
+                                   const char *secret);
 
 /*** Append \a tail to packet \a pkt.  */
 int
diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h
index f124373..574f395 100644
--- a/lib/include/radsec/request.h
+++ b/lib/include/radsec/request.h
@@ -22,11 +22,13 @@ void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg);
 /** Create a request associated with connection \a conn containing a
     newly created RADIUS authentication message, possibly with \a
     user_name and \a user_pw attributes.  \a user_name and _user_pw
-    are optional and can be NULL.  */
+    are optional and can be NULL.  If they are present, \a secret must
+    also be given and is used for "hiding" the password. */
 int rs_request_create_authn(struct rs_connection *conn,
 			    struct rs_request **req_out,
 			    const char *user_name,
-			    const char *user_pw);
+			    const char *user_pw,
+                            const char *secret);
 
 /** Send request \a req and wait for a matching response.  The
     response is put in \a resp_msg (if not NULL).  NOTE: At present,
diff --git a/lib/packet.c b/lib/packet.c
index ce68bea..fe87bfd 100644
--- a/lib/packet.c
+++ b/lib/packet.c
@@ -169,7 +169,9 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
 int
 rs_packet_create_authn_request (struct rs_connection *conn,
 				struct rs_packet **pkt_out,
-				const char *user_name, const char *user_pw)
+				const char *user_name,
+                                const char *user_pw,
+                                const char *secret)
 {
   struct rs_packet *pkt;
   int err;
@@ -189,6 +191,7 @@ rs_packet_create_authn_request (struct rs_connection *conn,
 
   if (user_pw)
     {
+      pkt->rpkt->secret = secret;
       err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0);
       if (err)
 	return err;
diff --git a/lib/request.c b/lib/request.c
index b964bea..d624162 100644
--- a/lib/request.c
+++ b/lib/request.c
@@ -51,7 +51,8 @@ int
 rs_request_create_authn (struct rs_connection *conn,
 			 struct rs_request **req_out,
 			 const char *user_name,
-			 const char *user_pw)
+			 const char *user_pw,
+                         const char *secret)
 {
   struct rs_request *req = NULL;
   assert (req_out);
@@ -59,7 +60,7 @@ rs_request_create_authn (struct rs_connection *conn,
   if (rs_request_create (conn, &req))
     return -1;
 
-  if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw))
+  if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw, secret))
     return -1;
 
   if (req_out)
author	Linus Nordberg <linus@nordberg.se>	2012-12-17 16:11:14 +0100
committer	Linus Nordberg <linus@nordberg.se>	2012-12-17 16:11:14 +0100
commit	09d1cff2418a900b587b2113f508984f2417cc11 (patch)
tree	95dce8da09eccdeb8e70f10adcb285d7047b3120
parent	5b117878698519e798f928cef18eafc9dad4c15a (diff)