Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request
authorMartin Willi <martin@revosec.ch>
Wed, 13 Mar 2013 10:11:49 +0000 (11:11 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 13 Mar 2013 14:20:11 +0000 (15:20 +0100)
src/libcharon/plugins/eap_radius/eap_radius.c
src/libradius/radius_client.c

index 62aa1fb..a39eb80 100644 (file)
@@ -156,17 +156,67 @@ static bool radius2ike(private_eap_radius_t *this,
        return FALSE;
 }
 
+/**
+ * Add a set of RADIUS attributes to a request message
+ */
+static void add_radius_request_attrs(private_eap_radius_t *this,
+                                                                        radius_message_t *request)
+{
+       ike_sa_t *ike_sa;
+       host_t *host;
+       char buf[40];
+       u_int32_t value;
+       chunk_t chunk;
+
+       chunk = chunk_from_str(this->id_prefix);
+       chunk = chunk_cata("cc", chunk, this->peer->get_encoding(this->peer));
+       request->add(request, RAT_USER_NAME, chunk);
+
+       /* virtual NAS-Port-Type */
+       value = htonl(5);
+       request->add(request, RAT_NAS_PORT_TYPE, chunk_from_thing(value));
+       /* framed ServiceType */
+       value = htonl(2);
+       request->add(request, RAT_SERVICE_TYPE, chunk_from_thing(value));
+
+       ike_sa = charon->bus->get_sa(charon->bus);
+       if (ike_sa)
+       {
+               value = htonl(ike_sa->get_unique_id(ike_sa));
+               request->add(request, RAT_NAS_PORT, chunk_from_thing(value));
+               request->add(request, RAT_NAS_PORT_ID,
+                                        chunk_from_str(ike_sa->get_name(ike_sa)));
+
+               host = ike_sa->get_my_host(ike_sa);
+               chunk = host->get_address(host);
+               switch (host->get_family(host))
+               {
+                       case AF_INET:
+                               request->add(request, RAT_NAS_IP_ADDRESS, chunk);
+                               break;
+                       case AF_INET6:
+                               request->add(request, RAT_NAS_IPV6_ADDRESS, chunk);
+                       default:
+                               break;
+               }
+               snprintf(buf, sizeof(buf), "%#H", host);
+               request->add(request, RAT_CALLED_STATION_ID, chunk_from_str(buf));
+               host = ike_sa->get_other_host(ike_sa);
+               snprintf(buf, sizeof(buf), "%#H", host);
+               request->add(request, RAT_CALLING_STATION_ID, chunk_from_str(buf));
+       }
+
+       eap_radius_forward_from_ike(request);
+}
+
 METHOD(eap_method_t, initiate, status_t,
        private_eap_radius_t *this, eap_payload_t **out)
 {
        radius_message_t *request, *response;
        status_t status = FAILED;
-       chunk_t username;
 
        request = radius_message_create(RMC_ACCESS_REQUEST);
-       username = chunk_create(this->id_prefix, strlen(this->id_prefix));
-       username = chunk_cata("cc", username, this->peer->get_encoding(this->peer));
-       request->add(request, RAT_USER_NAME, username);
+       add_radius_request_attrs(this, request);
 
        if (this->eap_start)
        {
@@ -176,7 +226,6 @@ METHOD(eap_method_t, initiate, status_t,
        {
                add_eap_identity(this, request);
        }
-       eap_radius_forward_from_ike(request);
 
        response = this->client->request(this->client, request);
        if (response)
@@ -391,7 +440,8 @@ METHOD(eap_method_t, process, status_t,
        chunk_t data;
 
        request = radius_message_create(RMC_ACCESS_REQUEST);
-       request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer));
+       add_radius_request_attrs(this, request);
+
        data = in->get_data(in);
        DBG3(DBG_IKE, "%N payload %B", eap_type_names, this->type, &data);
 
@@ -404,7 +454,6 @@ METHOD(eap_method_t, process, status_t,
        }
        request->add(request, RAT_EAP_MESSAGE, data);
 
-       eap_radius_forward_from_ike(request);
        response = this->client->request(this->client, request);
        if (response)
        {
index 1478c3d..d44c5a2 100644 (file)
@@ -81,13 +81,10 @@ static void save_state(private_radius_client_t *this, radius_message_t *msg)
 METHOD(radius_client_t, request, radius_message_t*,
        private_radius_client_t *this, radius_message_t *req)
 {
-       char virtual[] = {0x00,0x00,0x00,0x05};
        radius_socket_t *socket;
        radius_message_t *res;
        chunk_t data;
 
-       /* we add the "Virtual" NAS-Port-Type, as we SHOULD include one */
-       req->add(req, RAT_NAS_PORT_TYPE, chunk_create(virtual, sizeof(virtual)));
        /* add our NAS-Identifier */
        req->add(req, RAT_NAS_IDENTIFIER,
                         this->config->get_nas_identifier(this->config));