move to using request_authenticator for encode, too

diff --git a/src/protocols/radius/base.c b/src/protocols/radius/base.c
index 2d5c5b310322092b9712a969113276146cc6b801..cfb8bc05f91755f6b2cd858e74ce63cc21d1aff4 100644 (file)
--- a/src/protocols/radius/base.c
+++ b/src/protocols/radius/base.c
@@ -875,6 +875,7 @@ ssize_t fr_radius_encode_dbuff(fr_dbuff_t *dbuff, uint8_t const *original,
        common_ctx.secret_length = secret_len;
 
        packet_ctx.common = &common_ctx;
+       packet_ctx.request_authenticator = common_ctx.vector;
        packet_ctx.rand_ctx.a = fr_rand();
        packet_ctx.rand_ctx.b = fr_rand();
        packet_ctx.disallow_tunnel_passwords = disallow_tunnel_passwords[code];

diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c
index d71841d962fd08834986ece1a8a925f54042522c..b7a1bdd5f8090aea41c6ba463418b298cded5803 100644 (file)
--- a/src/protocols/radius/encode.c
+++ b/src/protocols/radius/encode.c
@@ -190,7 +190,7 @@ static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in,
        fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, talloc_array_length(packet_ctx->common->secret) - 1);
        fr_md5_ctx_copy(md5_ctx_old, md5_ctx);
 
-       fr_md5_update(md5_ctx, packet_ctx->common->vector, RADIUS_AUTH_VECTOR_LENGTH);
+       fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH);
        fr_md5_update(md5_ctx, &tpasswd[0], 2);
 
        /*
@@ -506,7 +506,7 @@ static ssize_t encode_value(fr_dbuff_t *dbuff,
                 *      Encode the password in place
                 */
                slen = encode_password(&work_dbuff, &value_start, fr_dbuff_used(&value_dbuff),
-                                      packet_ctx->common->secret, packet_ctx->common->vector);
+                                      packet_ctx->common->secret, packet_ctx->request_authenticator);
                if (slen < 0) return slen;
                encrypted = true;
                break;
@@ -557,7 +557,7 @@ static ssize_t encode_value(fr_dbuff_t *dbuff,
                 *      there can pass a marker so we can use it here, too.
                 */
                slen = fr_radius_ascend_secret(&work_dbuff, fr_dbuff_current(&value_start), fr_dbuff_used(&value_dbuff),
-                                              packet_ctx->common->secret, packet_ctx->common->vector);
+                                              packet_ctx->common->secret, packet_ctx->request_authenticator);
                if (slen < 0) return slen;
                encrypted = true;
                break;
@@ -1680,7 +1680,7 @@ static int encode_test_ctx(void **out, TALLOC_CTX *ctx)
        test_ctx->common->secret = talloc_strdup(test_ctx->common, "testing123");
        test_ctx->common->secret_length = talloc_array_length(test_ctx->common->secret);
 
-       memcpy(test_ctx->common->vector, vector, sizeof(test_ctx->common->vector));
+       test_ctx->request_authenticator = vector;
        test_ctx->rand_ctx.a = 6809;
        test_ctx->rand_ctx.b = 2112;
        talloc_set_destructor(test_ctx, _test_ctx_free);

diff --git a/src/protocols/radius/radius.h b/src/protocols/radius/radius.h
index c8b5019a2d1ad630007d4cc4eac48dfabc28db42..56c11a88c2ebb8cc096116bc903fd6d9e823a11e 100644 (file)
--- a/src/protocols/radius/radius.h
+++ b/src/protocols/radius/radius.h
@@ -122,6 +122,8 @@ typedef struct {
 typedef struct {
        fr_radius_ctx_t         *common;
 
+       uint8_t const           *request_authenticator;
+
        fr_fast_rand_t          rand_ctx;               //!< for tunnel passwords
        int                     salt_offset;            //!< for tunnel passwords