Add the following functions:

rad_request_authenticator() Returns the Request-Authenticator relevant to the most recently received RADIUS response. rad_server_secret() Returns the Shared Secret relevant to the most recently received RADIUS response. Neither of these functions should be necessary, however, the MS-MPPE-Recv-Key and MS-MPPE-Send-Key Microsoft Vendor Specific attributes are supplied in a mangled (encrypted) format, requiring this information to demangle. It's not clear whether these functions should be replaced with a rad_demangle() function or whether these attributes are one-offs. Sponsored by: Monzoon
2002-06-12 00:21:07 +00:00 · 2002-06-12 00:21:07 +00:00 · 900ca32669
commit 900ca32669
parent 78fa6fde27
3 changed files with 45 additions and 0 deletions
--- a/lib/libradius/libradius.3
+++ b/lib/libradius/libradius.3
@ -74,9 +74,13 @@
 .Fn rad_put_vendor_int "struct rad_handle *h" "int vendor" "int type" "u_int32_t value"
 .Ft int
 .Fn rad_put_vendor_string "struct rad_handle *h" "int vendor" "int type" "const char *str"
+.Ft ssize_t
+.Fn rad_request_authenticator "struct rad_handle *h" "char *buf" "size_t len"
 .Ft int
 .Fn rad_send_request "struct rad_handle *h"
 .Ft const char *
+.Fn rad_server_secret "struct rad_handle *h"
+.Ft const char *
 .Fn rad_strerror "struct rad_handle *h"
 .Sh DESCRIPTION
 The
@ -343,6 +347,27 @@ returns
 and
 .Fn rad_cvt_int
 cannot fail.
+.Pp
+The
+.Fn rad_request_authenticator
+function may be used to obtain the Request-Authenticator attribute value
+associated with the current RADIUS server according to the supplied
+rad_handle.
+The target buffer
+.Ar buf
+of length
+.Ar len
+must be supplied and should be at least 16 bytes.
+The return value is the number of bytes written to
+.Ar buf
+or -1 to indicate that
+.Ar len
+was not large enough.
+.Pp
+The
+.Fn rad_server_secret
+returns the secret shared with the current RADIUS server according to the
+supplied rad_handle.
 .Sh OBTAINING ERROR MESSAGES
 Those functions which accept a
 .Va struct rad_handle *
--- a/lib/libradius/radlib.c
+++ b/lib/libradius/radlib.c
@ -928,3 +928,20 @@ rad_put_vendor_string(struct rad_handle *h, int vendor, int type,
 {
 	return (rad_put_vendor_attr(h, vendor, type, str, strlen(str)));
 }
+
+ssize_t
+rad_request_authenticator(struct rad_handle *h, char *buf, size_t len)
+{
+	if (len < LEN_AUTH)
+		return (-1);
+	memcpy(buf, h->request + POS_AUTH, LEN_AUTH);
+	if (len > LEN_AUTH)
+		buf[LEN_AUTH] = '\0';
+	return (LEN_AUTH);
+}
+
+const char *
+rad_server_secret(struct rad_handle *h)
+{
+	return (h->servers[h->srv].secret);
+}
--- a/lib/libradius/radlib.h
+++ b/lib/libradius/radlib.h
@ -190,7 +190,10 @@ int			 rad_put_attr(struct rad_handle *, int,
 int			 rad_put_int(struct rad_handle *, int, u_int32_t);
 int			 rad_put_string(struct rad_handle *, int,
 			    const char *);
+ssize_t			 rad_request_authenticator(struct rad_handle *, char *,
+			    size_t);
 int			 rad_send_request(struct rad_handle *);
+const char		*rad_server_secret(struct rad_handle *);
 const char		*rad_strerror(struct rad_handle *);
 __END_DECLS