Move build_response_preamble() to rpacket.c

85bec976 · Robert Dubner · 72731f0b · 85bec976 · 85bec976 · 85bec976
Commit 85bec976 authored Sep 24, 2021 by Robert Dubner
--- a/contrib/slapd-modules/radiusov/radius.c
+++ b/contrib/slapd-modules/radiusov/radius.c
@@ -26,26 +26,6 @@

 //#define TEST_NT_RESPONSE 1

-static void
-build_response_preamble(RADIUS_PACKET *response, RADIUS_PACKET *request)
-    {
-    radius_packet_initialize(response);
-
-    // Indicate that we are a RADIUS access challenge:
-    response->packet_data[response->build_loc++] = PC_Access_Challenge;
-
-    // Establish the RADIUS identifier:
-    response->packet_data[response->build_loc++] = get_identifier(request);
-
-    // Next is the two-byte length; we'll fill it in later
-    response->build_loc += LENGTH_OF_PACKET_LENGTH;
-
-    // This is where the RADIUS packet authenticator will go.  (This is not the same as
-    // the Message-Authenticator attribute.)  Again, we'll be filling this in later.  That
-    // calculation is described in RFC2865 section 3; see below
-    response->build_loc += AUTHENTICATOR_LENGTH;
-    }
-
 static void
 AdjustPacketForSending( RADIUS_PACKET *response,
                        RADIUS_PACKET *request,
@@ -243,7 +223,7 @@ build_md5_challenge(RADIUS_PACKET *response,
                    const char *shared_secret)
    {
    DENTER;
-    build_response_preamble(response, request);
+    build_response_preamble(response, get_identifier(request));

    // This brings us to the attributes portion of the RADIUS packet we are building.

@@ -275,7 +255,7 @@ build_peap_challenge(   RADIUS_PACKET *response,
    {
    DENTER;

-    build_response_preamble(response, request);
+    build_response_preamble(response, get_identifier(request));
    // This brings us to the attributes portion of the RADIUS packet we are building.

    // The first attribute we are going to build is an EAP-PEAP challenge.
@@ -303,7 +283,7 @@ build_ttls_challenge(   RADIUS_PACKET *response,
                        const char *shared_secret)
    {
    DENTER;
-    build_response_preamble(response, request);
+    build_response_preamble(response, get_identifier(request));
    // This brings us to the attributes portion of the RADIUS packet we are building.

    // The first attribute we are going to build is an EAP-TTLS challenge.
@@ -711,7 +691,7 @@ build_tls_response( RADIUS_PACKET *response,
    //      123 bytes of EAP-TLS data, to make up the 129 bytes

    int retval = NO_RESPONSE_NECESSARY;
-    build_response_preamble(response, volatiles->request);
+    build_response_preamble(response, get_identifier(volatiles->request));

    // Figure out how many EAP-TLS bytes we'll be transferring
    size_t remaining_packet_tls_bytes = state->mtu; //MAXIMUM_PEAP_BYTES_PER_RADIUS_PACKET;
@@ -863,7 +843,7 @@ encrypt_and_send_response(  STATE *state,

    RADIUS_PACKET response_;
    RADIUS_PACKET *response = &response_;
-    build_response_preamble(response, volatiles->request);
+    build_response_preamble(response, get_identifier(volatiles->request));

    // It's now time to encrypt the data in cleartext_out
    SSL_write(  state->ssl,
@@ -1638,7 +1618,7 @@ send_access_accept(STATE *state)
    RADIUS_PACKET response_;
    RADIUS_PACKET *response = &response_;

-    build_response_preamble(response, volatiles->request);
+    build_response_preamble(response, get_identifier(volatiles->request));

    // Rather ham-handedly change the packet code::
    response->packet_data[0] = PC_Access_Accept;
@@ -1702,7 +1682,7 @@ send_access_reject(STATE *state)
    RADIUS_PACKET response_;
    RADIUS_PACKET *response = &response_;

-    build_response_preamble(response, volatiles->request);
+    build_response_preamble(response, get_identifier(volatiles->request));

    // Rather ham-handedly change the packet code::
    response->packet_data[0] = PC_Access_Reject;

--- a/contrib/slapd-modules/radiusov/rpacket.c
+++ b/contrib/slapd-modules/radiusov/rpacket.c
@@ -591,3 +591,22 @@ debugging_display_of(RADIUS_PACKET *packet)
        }
    }

+void
+build_response_preamble(RADIUS_PACKET *response, uint8_t packet_id)
+    {
+    radius_packet_initialize(response);
+
+    // Indicate that we are a RADIUS access challenge:
+    response->packet_data[response->build_loc++] = PC_Access_Challenge;
+
+    // Establish the RADIUS identifier:
+    response->packet_data[response->build_loc++] = packet_id;
+
+    // Next is the two-byte length; we'll fill it in later
+    response->build_loc += LENGTH_OF_PACKET_LENGTH;
+
+    // This is where the RADIUS packet authenticator will go.  (This is not the same as
+    // the Message-Authenticator attribute.)  Again, we'll be filling this in later.  That
+    // calculation is described in RFC2865 section 3; see below
+    response->build_loc += AUTHENTICATOR_LENGTH;
+    }
--- a/contrib/slapd-modules/radiusov/rpacket.h
+++ b/contrib/slapd-modules/radiusov/rpacket.h
@@ -296,6 +296,8 @@ uint8_t  *get_authenticator(RADIUS_PACKET *radius_packet);
 char * radius_attribute_to_text(RADIUS_ATTRIBUTE *ra, char *buffer, size_t buf_len);

 void radius_packet_initialize( RADIUS_PACKET *radius_packet );
+void build_response_preamble(RADIUS_PACKET *response, uint8_t packet_idt);
+
 int radiusov_get_packet_from_request(   RADIUS_PACKET *radius_packet,
                                        uint8_t *incoming_request,
                                        ssize_t recv_len);