added msg_auth flag in radius_message_t sign() method

diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
index 1cc19afaa1c6498f3a6bec8200dfd9f8a6e97c15..5823142cc96d2c8fe96e2136a5e48da4072c0823 100644 (file)
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@@ -190,7 +190,7 @@ static void send_response(private_eap_radius_dae_t *this,
        response = radius_message_create(code);
        response->set_identifier(response, request->get_identifier(request));
        response->sign(response, request->get_authenticator(request),
-                                  this->secret, this->hasher, this->signer, NULL);
+                                  this->secret, this->hasher, this->signer, NULL, FALSE);
 
        send_message(this, response, client);
        save_retransmit(this, response, client);

diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 0edecc8453d73fd3a0969eec303e907d5287eaf0..2e330e7c2f3d447a32e45ece17a52ae87bbc81f6 100644 (file)
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -183,7 +183,7 @@ static void send_response(private_tnc_pdp_t *this,
        }
        response->set_identifier(response, request->get_identifier(request));
        response->sign(response, request->get_authenticator(request),
-                                  this->secret, this->hasher, this->signer, NULL);
+                                  this->secret, this->hasher, this->signer, NULL, TRUE);
 
        DBG1(DBG_CFG, "sending RADIUS %N to client '%H'", radius_message_code_names,
                 code, client);

diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c
index a63374b5c4f2145a6d165ad1b120405ed6c5dc19..03be5a2270c1eb369a567fbfeff518a32bec902f 100644 (file)
--- a/src/libradius/radius_message.c
+++ b/src/libradius/radius_message.c
@@ -280,7 +280,7 @@ METHOD(radius_message_t, add, void,
 
 METHOD(radius_message_t, sign, void,
        private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
-       hasher_t *hasher, signer_t *signer, rng_t *rng)
+       hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth)
 {
        if (rng)
        {
@@ -289,7 +289,7 @@ METHOD(radius_message_t, sign, void,
        }
        else
        {
-               /* build Response-Authenticator */
+               /* prepare build of Response-Authenticator */
                if (req_auth)
                {
                        memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5);
@@ -300,9 +300,7 @@ METHOD(radius_message_t, sign, void,
                }
        }
 
-       if (rng || this->msg->code == RMC_ACCESS_CHALLENGE
-                       || this->msg->code == RMC_ACCESS_ACCEPT
-                       || this->msg->code == RMC_ACCESS_REJECT)
+       if (msg_auth)
        {
                char buf[HASH_SIZE_MD5];
 
@@ -318,6 +316,7 @@ METHOD(radius_message_t, sign, void,
        {
                chunk_t msg;
 
+               /* build Response-Authenticator */
                msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length));
                hasher->get_hash(hasher, msg, NULL);
                hasher->get_hash(hasher, secret, this->msg->authenticator);

diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h
index 41cfb51a31114f990cdd187e18da106cc59ec558..a03af3362f8f7b1b75a1a0d23d0a7b3e96c009c2 100644 (file)
--- a/src/libradius/radius_message.h
+++ b/src/libradius/radius_message.h
@@ -251,10 +251,11 @@ struct radius_message_t {
         * @param secret                shared RADIUS secret
         * @param signer                HMAC-MD5 signer with secret set
         * @param hasher                MD5 hasher
-        * @param rng                   RNG to create Message-Authenticator, NULL to omit
+        * @param rng                   RNG to create Request-Authenticator, NULL to omit
+        * @param msg_auth              calculate and add Message-Authenticator
         */
        void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
-                                hasher_t *hasher, signer_t *signer, rng_t *rng);
+                                hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
 
        /**
         * Verify the integrity of a received RADIUS message.

diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c
index f84856942d0dbde362a8a17a8f192252159e0cb1..70500f5560f8bd0fa29d9a665f73fe7e8f6ccad5 100644 (file)
--- a/src/libradius/radius_socket.c
+++ b/src/libradius/radius_socket.c
@@ -157,7 +157,8 @@ METHOD(radius_socket_t, request, radius_message_t*,
        /* set Message Identifier */
        request->set_identifier(request, this->identifier++);
        /* sign the request */
-       request->sign(request, NULL, this->secret, this->hasher, this->signer, rng);
+       request->sign(request, NULL, this->secret, this->hasher, this->signer,
+                                                  rng, rng != NULL);
 
        if (!check_connection(this, fd, port))
        {