-/* $OpenBSD: config.c,v 1.98 2024/07/13 12:22:46 yasuoka Exp $ */
+/* $OpenBSD: config.c,v 1.99 2024/09/15 11:08:50 yasuoka Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
ibuf_free(sa->sa_eap.id_buf);
free(sa->sa_eapid);
ibuf_free(sa->sa_eapmsk);
+ ibuf_free(sa->sa_eapclass);
free(sa->sa_cp_addr);
free(sa->sa_cp_addr6);
-/* $OpenBSD: iked.h,v 1.231 2024/07/13 12:22:46 yasuoka Exp $ */
+/* $OpenBSD: iked.h,v 1.232 2024/09/15 11:08:50 yasuoka Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
char *sa_eapid; /* EAP identity */
struct iked_id sa_eap; /* EAP challenge */
struct ibuf *sa_eapmsk; /* EAK session key */
+ struct ibuf *sa_eapclass; /* EAP/RADIUS class */
struct iked_proposals sa_proposals; /* SA proposals */
struct iked_childsas sa_childsas; /* IPsec Child SAs */
-/* $OpenBSD: ikev2.c,v 1.387 2024/07/13 12:22:46 yasuoka Exp $ */
+/* $OpenBSD: ikev2.c,v 1.388 2024/09/15 11:08:50 yasuoka Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
/* sa_eapid needs to be set on both for radius accounting */
if (sa->sa_eapid)
nsa->sa_eapid = strdup(sa->sa_eapid);
+ if (sa->sa_eapclass)
+ nsa->sa_eapclass = ibuf_dup(sa->sa_eapclass);
log_info("%srekeyed as new IKESA %s (enc %s%s%s group %s prf %s)",
SPI_SA(sa, NULL), print_spi(nsa->sa_hdr.sh_ispi, 8),
-/* $OpenBSD: radius.c,v 1.12 2024/09/11 00:41:51 yasuoka Exp $ */
+/* $OpenBSD: radius.c,v 1.13 2024/09/15 11:08:50 yasuoka Exp $ */
/*
* Copyright (c) 2024 Internet Initiative Japan Inc.
req->rr_sa->sa_eapid = req->rr_user;
req->rr_user = NULL;
+ if (radius_get_raw_attr_ptr(pkt, RADIUS_TYPE_CLASS, &attrval,
+ &attrlen) == 0) {
+ ibuf_free(req->rr_sa->sa_eapclass);
+ if ((req->rr_sa->sa_eapclass = ibuf_new(attrval,
+ attrlen)) == NULL) {
+ log_info("%s: ibuf_new() failed: %s", __func__,
+ strerror(errno));
+ }
+ }
+
sa_state(env, req->rr_sa, IKEV2_STATE_AUTH_SUCCESS);
/* Map RADIUS attributes to cp */
switch (stype) {
case RADIUS_ACCT_STATUS_TYPE_START:
+ if (req->rr_sa && req->rr_sa->sa_eapclass != NULL)
+ radius_put_raw_attr(pkt, RADIUS_TYPE_CLASS,
+ ibuf_data(req->rr_sa->sa_eapclass),
+ ibuf_size(req->rr_sa->sa_eapclass));
break;
case RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE:
case RADIUS_ACCT_STATUS_TYPE_STOP: