*/
char *id_prefix;
- /**
- * Handle the Class attribute as group membership information?
- */
- bool class_group;
-
- /**
- * Handle the Filter-Id attribute as IPsec CHILD_SA name?
- */
- bool filter_id;
-
/**
* Format string we use for Called/Calling-Station-Id for a host
*/
/**
* Handle the Class attribute as group membership information
*/
-static void process_class(private_eap_radius_t *this, radius_message_t *msg)
+static void process_class(radius_message_t *msg)
{
enumerator_t *enumerator;
chunk_t data;
/**
* Handle the Filter-Id attribute as IPsec CHILD_SA name
*/
-static void process_filter_id(private_eap_radius_t *this, radius_message_t *msg)
+static void process_filter_id(radius_message_t *msg)
{
enumerator_t *enumerator;
int type;
/**
* Handle Session-Timeout attribte and Interim updates
*/
-static void process_timeout(private_eap_radius_t *this, radius_message_t *msg)
+static void process_timeout(radius_message_t *msg)
{
enumerator_t *enumerator;
ike_sa_t *ike_sa;
/**
* Handle Framed-IP-Address and other IKE configuration attributes
*/
-static void process_cfg_attributes(private_eap_radius_t *this,
- radius_message_t *msg)
+static void process_cfg_attributes(radius_message_t *msg)
{
eap_radius_provider_t *provider;
enumerator_t *enumerator;
}
}
+/**
+ * See header.
+ */
+void eap_radius_process_attributes(radius_message_t *message)
+{
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.class_group", FALSE, charon->name))
+ {
+ process_class(message);
+ }
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.filter_id", FALSE, charon->name))
+ {
+ process_filter_id(message);
+ }
+ process_timeout(message);
+ process_cfg_attributes(message);
+}
+
METHOD(eap_method_t, process, status_t,
private_eap_radius_t *this, eap_payload_t *in, eap_payload_t **out)
{
status = FAILED;
break;
case RMC_ACCESS_ACCEPT:
- if (this->class_group)
- {
- process_class(this, response);
- }
- if (this->filter_id)
- {
- process_filter_id(this, response);
- }
- process_timeout(this, response);
- process_cfg_attributes(this, response);
+ eap_radius_process_attributes(response);
DBG1(DBG_IKE, "RADIUS authentication of '%Y' successful",
this->peer);
status = SUCCESS;
.id_prefix = lib->settings->get_str(lib->settings,
"%s.plugins.eap-radius.id_prefix", "",
charon->name),
- .class_group = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.class_group", FALSE,
- charon->name),
- .filter_id = lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.filter_id", FALSE,
- charon->name),
);
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name))
typedef struct eap_radius_t eap_radius_t;
#include <sa/eap/eap_method.h>
+#include <radius_message.h>
/**
* Implementation of the eap_method_t interface using a RADIUS server.
*/
eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer);
+/**
+ * Process additional attributes from an Access-Accept.
+ *
+ * Parses and applies additional authorization attributes from an Accept
+ * message, such as group membership information or IKE configuration
+ * attributes.
+ *
+ * @param message Access-Accept message to process
+ */
+void eap_radius_process_attributes(radius_message_t *message);
+
#endif /** EAP_RADIUS_H_ @}*/
projects / thirdparty / strongswan.git / commitdiff
