eap-radius: export function to process common attributes of Access-Accept
authorMartin Willi <martin@revosec.ch>
Mon, 22 Jul 2013 07:55:00 +0000 (09:55 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 29 Jul 2013 07:00:48 +0000 (09:00 +0200)
src/libcharon/plugins/eap_radius/eap_radius.c
src/libcharon/plugins/eap_radius/eap_radius.h

index 1400c75..6f058df 100644 (file)
@@ -77,16 +77,6 @@ struct private_eap_radius_t {
        char *id_prefix;
 
        /**
-        * Handle the Class attribute as group membership information?
-        */
-       bool class_group;
-
-       /**
-        * Handle the Filter-Id attribute as IPsec CHILD_SA name?
-        */
-       bool filter_id;
-
-       /**
         * Format string we use for Called/Calling-Station-Id for a host
         */
        char *station_id_fmt;
@@ -268,7 +258,7 @@ METHOD(eap_method_t, initiate, status_t,
 /**
  * Handle the Class attribute as group membership information
  */
-static void process_class(private_eap_radius_t *this, radius_message_t *msg)
+static void process_class(radius_message_t *msg)
 {
        enumerator_t *enumerator;
        chunk_t data;
@@ -305,7 +295,7 @@ static void process_class(private_eap_radius_t *this, radius_message_t *msg)
 /**
  * Handle the Filter-Id attribute as IPsec CHILD_SA name
  */
-static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg)
+static void process_filter_id(radius_message_t *msg)
 {
        enumerator_t *enumerator;
        int type;
@@ -361,7 +351,7 @@ static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg)
 /**
  * Handle Session-Timeout attribte and Interim updates
  */
-static void process_timeout(private_eap_radius_t *this, radius_message_t *msg)
+static void process_timeout(radius_message_t *msg)
 {
        enumerator_t *enumerator;
        ike_sa_t *ike_sa;
@@ -390,8 +380,7 @@ static void process_timeout(private_eap_radius_t *this, radius_message_t *msg)
 /**
  * Handle Framed-IP-Address and other IKE configuration attributes
  */
-static void process_cfg_attributes(private_eap_radius_t *this,
-                                                                  radius_message_t *msg)
+static void process_cfg_attributes(radius_message_t *msg)
 {
        eap_radius_provider_t *provider;
        enumerator_t *enumerator;
@@ -444,6 +433,25 @@ static void process_cfg_attributes(private_eap_radius_t *this,
        }
 }
 
+/**
+ * See header.
+ */
+void eap_radius_process_attributes(radius_message_t *message)
+{
+       if (lib->settings->get_bool(lib->settings,
+                                       "%s.plugins.eap-radius.class_group", FALSE, charon->name))
+       {
+               process_class(message);
+       }
+       if (lib->settings->get_bool(lib->settings,
+                                       "%s.plugins.eap-radius.filter_id", FALSE, charon->name))
+       {
+               process_filter_id(message);
+       }
+       process_timeout(message);
+       process_cfg_attributes(message);
+}
+
 METHOD(eap_method_t, process, status_t,
        private_eap_radius_t *this, eap_payload_t *in, eap_payload_t **out)
 {
@@ -481,16 +489,7 @@ METHOD(eap_method_t, process, status_t,
                                status = FAILED;
                                break;
                        case RMC_ACCESS_ACCEPT:
-                               if (this->class_group)
-                               {
-                                       process_class(this, response);
-                               }
-                               if (this->filter_id)
-                               {
-                                       process_filter_id(this, response);
-                               }
-                               process_timeout(this, response);
-                               process_cfg_attributes(this, response);
+                               eap_radius_process_attributes(response);
                                DBG1(DBG_IKE, "RADIUS authentication of '%Y' successful",
                                         this->peer);
                                status = SUCCESS;
@@ -591,12 +590,6 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
                .id_prefix = lib->settings->get_str(lib->settings,
                                                                        "%s.plugins.eap-radius.id_prefix", "",
                                                                        charon->name),
-               .class_group = lib->settings->get_bool(lib->settings,
-                                                                       "%s.plugins.eap-radius.class_group", FALSE,
-                                                                       charon->name),
-               .filter_id = lib->settings->get_bool(lib->settings,
-                                                                       "%s.plugins.eap-radius.filter_id", FALSE,
-                                                                       charon->name),
        );
        if (lib->settings->get_bool(lib->settings,
                        "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name))
index 8755435..c6b70bb 100644 (file)
@@ -24,6 +24,7 @@
 typedef struct eap_radius_t eap_radius_t;
 
 #include <sa/eap/eap_method.h>
+#include <radius_message.h>
 
 /**
  * Implementation of the eap_method_t interface using a RADIUS server.
@@ -45,4 +46,15 @@ struct eap_radius_t {
  */
 eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer);
 
+/**
+ * Process additional attributes from an Access-Accept.
+ *
+ * Parses and applies additional authorization attributes from an Accept
+ * message, such as group membership information or IKE configuration
+ * attributes.
+ *
+ * @param message      Access-Accept message to process
+ */
+void eap_radius_process_attributes(radius_message_t *message);
+
 #endif /** EAP_RADIUS_H_ @}*/