From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Thu, 18 Oct 2012 10:39:42 +0000 (+0100)
Subject: Substitute 'signature' for 'Request Authenticator' or 'Response Authenticator' where... 
X-Git-Tag: release_2_2_1~246
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7ade8e9e66bbb81ed1d722352fc91c0c2a7d03f;p=thirdparty%2Ffreeradius-server.git

Substitute 'signature' for 'Request Authenticator' or 'Response Authenticator' where appropriate
---

diff --git a/src/lib/radius.c b/src/lib/radius.c
index 397281721c5..d61c35b7f80 100644
--- a/src/lib/radius.c
+++ b/src/lib/radius.c
@@ -1407,7 +1407,7 @@ int rad_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original,
 
 		/*
 		 *	Set the authentication vector to zero,
-		 *	calculate the signature, and put it
+		 *	calculate the HMAC, and put it
 		 *	into the Message-Authenticator
 		 *	attribute.
 		 */
@@ -1553,7 +1553,7 @@ int rad_digest_cmp(const uint8_t *a, const uint8_t *b, size_t length)
 
 /*
  *	Validates the requesting client NAS.  Calculates the
- *	signature based on the clients private key.
+ *	Request Authenticator based on the clients private key.
  */
 static int calc_acctdigest(RADIUS_PACKET *packet, const char *secret)
 {
@@ -1586,7 +1586,7 @@ static int calc_acctdigest(RADIUS_PACKET *packet, const char *secret)
 
 /*
  *	Validates the requesting client NAS.  Calculates the
- *	signature based on the clients private key.
+ *	Response Authenticator based on the clients private key.
  */
 static int calc_replydigest(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 			    const char *secret)
@@ -2049,7 +2049,8 @@ RADIUS_PACKET *rad_recv(int fd, int flags)
 
 
 /*
- *	Verify the signature of a packet.
+ *	Verify the Request/Response Authenticator
+ *	(and Message-Authenticator if present) of a packet.
  */
 int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 	       const char *secret)
@@ -2143,13 +2144,13 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 	} /* loop over the packet, sanity checking the attributes */
 
 	/*
-	 *	It looks like a RADIUS packet, but we can't validate
-	 *	the signature.
+	 *	It looks like a RADIUS packet, but we don't know what it is
+	 *	so can't validate the authenticators.
 	 */
 	if ((packet->code == 0) || (packet->code >= FR_MAX_PACKET_CODE)) {
 		char buffer[32];
 		fr_strerror_printf("Received Unknown packet code %d "
-			   "from client %s port %d: Cannot validate signature.",
+			   "from client %s port %d: Cannot validate Request/Response Authenticator.",
 			   packet->code,
 			   inet_ntop(packet->src_ipaddr.af,
 				     &packet->src_ipaddr.ipaddr,
@@ -2159,7 +2160,7 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 	}
 
 	/*
-	 *	Calculate and/or verify digest.
+	 *	Calculate and/or verify Request or Response Authenticator.
 	 */
 	switch(packet->code) {
 		int rcode;
@@ -2178,7 +2179,7 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 		case PW_ACCOUNTING_REQUEST:
 			if (calc_acctdigest(packet, secret) > 1) {
 				fr_strerror_printf("Received %s packet "
-					   "from client %s with invalid signature!  (Shared secret is incorrect.)",
+					   "from client %s with invalid Request Authenticator!  (Shared secret is incorrect.)",
 					   fr_packet_codes[packet->code],
 					   inet_ntop(packet->src_ipaddr.af,
 						     &packet->src_ipaddr.ipaddr,
@@ -2199,7 +2200,7 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 			rcode = calc_replydigest(packet, original, secret);
 			if (rcode > 1) {
 				fr_strerror_printf("Received %s packet "
-					   "from home server %s port %d with invalid signature!  (Shared secret is incorrect.)",
+					   "from home server %s port %d with invalid Response Authenticator!  (Shared secret is incorrect.)",
 					   fr_packet_codes[packet->code],
 					   inet_ntop(packet->src_ipaddr.af,
 						     &packet->src_ipaddr.ipaddr,
@@ -2211,7 +2212,7 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 
 		default:
 			fr_strerror_printf("Received Unknown packet code %d "
-				   "from client %s port %d: Cannot validate signature",
+				   "from client %s port %d: Cannot validate Request/Response Authenticator",
 				   packet->code,
 				   inet_ntop(packet->src_ipaddr.af,
 					     &packet->src_ipaddr.ipaddr,
@@ -3537,7 +3538,7 @@ int rad_chap_encode(RADIUS_PACKET *packet, uint8_t *output, int id,
 
 	/*
 	 *	Use Chap-Challenge pair if present,
-	 *	Request-Authenticator otherwise.
+	 *	Request Authenticator otherwise.
 	 */
 	challenge = pairfind(packet->vps, PW_CHAP_CHALLENGE);
 	if (challenge) {
diff --git a/src/main/command.c b/src/main/command.c
index 7959a6612a2..3f70fc010ea 100644
--- a/src/main/command.c
+++ b/src/main/command.c
@@ -1509,7 +1509,7 @@ static int command_print_stats(rad_listen_t *listener, fr_stats_t *stats,
 	cprintf(listener, "\tdup\t\t%u\n", stats->total_dup_requests);
 	cprintf(listener, "\tinvalid\t\t%u\n", stats->total_invalid_requests);
 	cprintf(listener, "\tmalformed\t%u\n", stats->total_malformed_requests);
-	cprintf(listener, "\tbad_signature\t%u\n", stats->total_bad_authenticators);
+	cprintf(listener, "\tbad_authenticator\t%u\n", stats->total_bad_authenticators);
 	cprintf(listener, "\tdropped\t\t%u\n", stats->total_packets_dropped);
 	cprintf(listener, "\tunknown_types\t%u\n", stats->total_unknown_types);