API, keeping backward compatibility.
First consumer for this functionality is going to become forthcoming MPD-5.4,
supporting CoA and DR of RFC 3576: Dynamic Authorization Extensions to RADIUS.
MFC after: 1 month
MS-CHAPv1 MPPE-keys).
- Added rad_demangle_mppe_key() for demangling mppe-keys (needed
for MPPE-keys).
- Added some typecasts for avoiding compiler warnings.
- Fix: better handle wrong usage of the lib (if the programmer
has not called rad_create_request() but rad_put_*(), then a
weird error message was returned).
- Added a new function for putting the Message-Authenticator.
- Verify the Message-Authenticator, if it was found inside a
response packet and silently drop the packet, if the validation
failed.
- Implicitly put the Message-Authenticator, if the EAP-Message
attribute was added.
- Added some missing defines.
Submitted by: Michael Bretterklieber
PR: 46555
rad_request_authenticator()
Returns the Request-Authenticator relevant to the most recently received
RADIUS response.
rad_server_secret()
Returns the Shared Secret relevant to the most recently received
RADIUS response.
Neither of these functions should be necessary, however, the
MS-MPPE-Recv-Key and MS-MPPE-Send-Key Microsoft Vendor Specific
attributes are supplied in a mangled (encrypted) format, requiring
this information to demangle.
It's not clear whether these functions should be replaced with a
rad_demangle() function or whether these attributes are one-offs.
Sponsored by: Monzoon
of the /etc/radius.conf file. But the code contains hacks for
backward compatibility, so old files will continue to work.
I updated the man pages and made a couple of minor changes, but
everything else was submitted by Oleg.
PR: misc/14284
Submitted by: Oleg Semyonov <os@altavista.net>
Don't insist that RAD_USER_PASSWORD is supplied before
calling rad_send_request(). Instead, insist on only one
of RAD_USER_PASSWORD and RAD_CHAP_PASSWORD.
Sponsored by: Internet Business Solutions Ltd., Switzerland