From 09d1cff2418a900b587b2113f508984f2417cc11 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 17 Dec 2012 16:11:14 +0100
Subject: Add formal argument 'secret' to two public functions.

The functions are rs_packet_create_authn_request() and
rs_request_create_authn().

Attributes of type PW_USER_PASSWORD are supposed to be MD5
obfuscated (see vp2data_any()).

NOTE: This is a non-backward compatible API change.
---
 lib/include/radsec/radsec.h  | 8 +++++---
 lib/include/radsec/request.h | 6 ++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

(limited to 'lib/include')

diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h
index 6c4f6a7..b45aea1 100644
--- a/lib/include/radsec/radsec.h
+++ b/lib/include/radsec/radsec.h
@@ -310,12 +310,14 @@ int rs_packet_send(struct rs_packet *pkt, void *user_data);
 
 /** Create a RADIUS authentication request packet associated with
     connection \a conn.  Optionally, User-Name and User-Password
-    attributes are added to the packet using the data in \a user_name
-    and \a user_pw.  */
+    attributes are added to the packet using the data in \a user_name,
+    \a user_pw and \a secret where \secret is the RADIUS shared
+    secret. */
 int rs_packet_create_authn_request(struct rs_connection *conn,
 				   struct rs_packet **pkt,
 				   const char *user_name,
-				   const char *user_pw);
+				   const char *user_pw,
+                                   const char *secret);
 
 /*** Append \a tail to packet \a pkt.  */
 int
diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h
index f124373..574f395 100644
--- a/lib/include/radsec/request.h
+++ b/lib/include/radsec/request.h
@@ -22,11 +22,13 @@ void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg);
 /** Create a request associated with connection \a conn containing a
     newly created RADIUS authentication message, possibly with \a
     user_name and \a user_pw attributes.  \a user_name and _user_pw
-    are optional and can be NULL.  */
+    are optional and can be NULL.  If they are present, \a secret must
+    also be given and is used for "hiding" the password. */
 int rs_request_create_authn(struct rs_connection *conn,
 			    struct rs_request **req_out,
 			    const char *user_name,
-			    const char *user_pw);
+			    const char *user_pw,
+                            const char *secret);
 
 /** Send request \a req and wait for a matching response.  The
     response is put in \a resp_msg (if not NULL).  NOTE: At present,
-- 
cgit v1.1