diff options
author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-09-15 11:08:51 +0000 |
---|---|---|
committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-09-15 11:08:51 +0000 |
commit | 4d3371919fa991220b0ad5825189da84ccba22ea (patch) | |
tree | 9c9541902589de299ba358336a2a3cfdb7037daa | |
parent | e85030ff11ba3e2767bef29bc50690a162c71233 (diff) |
Add handling of "Class" attribute. diff from markus
ok markus
-rw-r--r-- | sbin/iked/config.c | 3 | ||||
-rw-r--r-- | sbin/iked/iked.h | 3 | ||||
-rw-r--r-- | sbin/iked/ikev2.c | 4 | ||||
-rw-r--r-- | sbin/iked/radius.c | 16 |
4 files changed, 22 insertions, 4 deletions
diff --git a/sbin/iked/config.c b/sbin/iked/config.c index d4204509522..def970e05a0 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.98 2024/07/13 12:22:46 yasuoka Exp $ */ +/* $OpenBSD: config.c,v 1.99 2024/09/15 11:08:50 yasuoka Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -178,6 +178,7 @@ config_free_sa(struct iked *env, struct iked_sa *sa) ibuf_free(sa->sa_eap.id_buf); free(sa->sa_eapid); ibuf_free(sa->sa_eapmsk); + ibuf_free(sa->sa_eapclass); free(sa->sa_cp_addr); free(sa->sa_cp_addr6); diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 5d95dd92908..d3da0b7b38d 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.231 2024/07/13 12:22:46 yasuoka Exp $ */ +/* $OpenBSD: iked.h,v 1.232 2024/09/15 11:08:50 yasuoka Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -491,6 +491,7 @@ struct iked_sa { char *sa_eapid; /* EAP identity */ struct iked_id sa_eap; /* EAP challenge */ struct ibuf *sa_eapmsk; /* EAK session key */ + struct ibuf *sa_eapclass; /* EAP/RADIUS class */ struct iked_proposals sa_proposals; /* SA proposals */ struct iked_childsas sa_childsas; /* IPsec Child SAs */ diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index ccbab9de1cb..b6e8ecee93c 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.387 2024/07/13 12:22:46 yasuoka Exp $ */ +/* $OpenBSD: ikev2.c,v 1.388 2024/09/15 11:08:50 yasuoka Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -4774,6 +4774,8 @@ ikev2_ikesa_enable(struct iked *env, struct iked_sa *sa, struct iked_sa *nsa) /* sa_eapid needs to be set on both for radius accounting */ if (sa->sa_eapid) nsa->sa_eapid = strdup(sa->sa_eapid); + if (sa->sa_eapclass) + nsa->sa_eapclass = ibuf_dup(sa->sa_eapclass); log_info("%srekeyed as new IKESA %s (enc %s%s%s group %s prf %s)", SPI_SA(sa, NULL), print_spi(nsa->sa_hdr.sh_ispi, 8), diff --git a/sbin/iked/radius.c b/sbin/iked/radius.c index e14c83560ad..fcaf52198c2 100644 --- a/sbin/iked/radius.c +++ b/sbin/iked/radius.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius.c,v 1.12 2024/09/11 00:41:51 yasuoka Exp $ */ +/* $OpenBSD: radius.c,v 1.13 2024/09/15 11:08:50 yasuoka Exp $ */ /* * Copyright (c) 2024 Internet Initiative Japan Inc. @@ -270,6 +270,16 @@ iked_radius_on_event(int fd, short ev, void *ctx) req->rr_sa->sa_eapid = req->rr_user; req->rr_user = NULL; + if (radius_get_raw_attr_ptr(pkt, RADIUS_TYPE_CLASS, &attrval, + &attrlen) == 0) { + ibuf_free(req->rr_sa->sa_eapclass); + if ((req->rr_sa->sa_eapclass = ibuf_new(attrval, + attrlen)) == NULL) { + log_info("%s: ibuf_new() failed: %s", __func__, + strerror(errno)); + } + } + sa_state(env, req->rr_sa, IKEV2_STATE_AUTH_SUCCESS); /* Map RADIUS attributes to cp */ @@ -748,6 +758,10 @@ iked_radius_acct_request(struct iked *env, struct iked_sa *sa, uint8_t stype) switch (stype) { case RADIUS_ACCT_STATUS_TYPE_START: + if (req->rr_sa && req->rr_sa->sa_eapclass != NULL) + radius_put_raw_attr(pkt, RADIUS_TYPE_CLASS, + ibuf_data(req->rr_sa->sa_eapclass), + ibuf_size(req->rr_sa->sa_eapclass)); break; case RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE: case RADIUS_ACCT_STATUS_TYPE_STOP: |