path: root/lib/libradius
diff options
authorBrian Somers <brian@FreeBSD.org>2002-06-12 00:21:07 +0000
committerBrian Somers <brian@FreeBSD.org>2002-06-12 00:21:07 +0000
commit628e6cd45f03e625c2a48a645533ea28745c60d4 (patch)
tree79d1bcfaed665df1da22adebe3ca6d09c471e256 /lib/libradius
parent963d43d4da98d2671542f41db0cede4267ce0852 (diff)
Add the following functions:
rad_request_authenticator() Returns the Request-Authenticator relevant to the most recently received RADIUS response. rad_server_secret() Returns the Shared Secret relevant to the most recently received RADIUS response. Neither of these functions should be necessary, however, the MS-MPPE-Recv-Key and MS-MPPE-Send-Key Microsoft Vendor Specific attributes are supplied in a mangled (encrypted) format, requiring this information to demangle. It's not clear whether these functions should be replaced with a rad_demangle() function or whether these attributes are one-offs. Sponsored by: Monzoon
Notes: svn path=/head/; revision=98131
Diffstat (limited to 'lib/libradius')
3 files changed, 45 insertions, 0 deletions
diff --git a/lib/libradius/libradius.3 b/lib/libradius/libradius.3
index 24fdd4dbb5d0..9291c387af52 100644
--- a/lib/libradius/libradius.3
+++ b/lib/libradius/libradius.3
@@ -74,9 +74,13 @@
.Fn rad_put_vendor_int "struct rad_handle *h" "int vendor" "int type" "u_int32_t value"
.Ft int
.Fn rad_put_vendor_string "struct rad_handle *h" "int vendor" "int type" "const char *str"
+.Ft ssize_t
+.Fn rad_request_authenticator "struct rad_handle *h" "char *buf" "size_t len"
.Ft int
.Fn rad_send_request "struct rad_handle *h"
.Ft const char *
+.Fn rad_server_secret "struct rad_handle *h"
+.Ft const char *
.Fn rad_strerror "struct rad_handle *h"
@@ -343,6 +347,27 @@ returns
.Fn rad_cvt_int
cannot fail.
+.Fn rad_request_authenticator
+function may be used to obtain the Request-Authenticator attribute value
+associated with the current RADIUS server according to the supplied
+The target buffer
+.Ar buf
+of length
+.Ar len
+must be supplied and should be at least 16 bytes.
+The return value is the number of bytes written to
+.Ar buf
+or -1 to indicate that
+.Ar len
+was not large enough.
+.Fn rad_server_secret
+returns the secret shared with the current RADIUS server according to the
+supplied rad_handle.
Those functions which accept a
.Va struct rad_handle *
diff --git a/lib/libradius/radlib.c b/lib/libradius/radlib.c
index bc3679e06674..702b06f12fe9 100644
--- a/lib/libradius/radlib.c
+++ b/lib/libradius/radlib.c
@@ -928,3 +928,20 @@ rad_put_vendor_string(struct rad_handle *h, int vendor, int type,
return (rad_put_vendor_attr(h, vendor, type, str, strlen(str)));
+rad_request_authenticator(struct rad_handle *h, char *buf, size_t len)
+ if (len < LEN_AUTH)
+ return (-1);
+ memcpy(buf, h->request + POS_AUTH, LEN_AUTH);
+ if (len > LEN_AUTH)
+ buf[LEN_AUTH] = '\0';
+ return (LEN_AUTH);
+const char *
+rad_server_secret(struct rad_handle *h)
+ return (h->servers[h->srv].secret);
diff --git a/lib/libradius/radlib.h b/lib/libradius/radlib.h
index 9a737b409fec..8d04d98915af 100644
--- a/lib/libradius/radlib.h
+++ b/lib/libradius/radlib.h
@@ -190,7 +190,10 @@ int rad_put_attr(struct rad_handle *, int,
int rad_put_int(struct rad_handle *, int, u_int32_t);
int rad_put_string(struct rad_handle *, int,
const char *);
+ssize_t rad_request_authenticator(struct rad_handle *, char *,
+ size_t);
int rad_send_request(struct rad_handle *);
+const char *rad_server_secret(struct rad_handle *);
const char *rad_strerror(struct rad_handle *);