From 5e89bdc1762372e6c79295176a6f8d68407b4841 Mon Sep 17 00:00:00 2001 From: Marc Huber Date: Tue, 10 Dec 2024 10:15:53 +0100 Subject: [PATCH] tac_plus-ng/headers.h: no need for dedicated radius_key pointer in 'struct context' --- tac_plus-ng/config.c | 2 +- tac_plus-ng/headers.h | 1 - tac_plus-ng/main.c | 2 +- tac_plus-ng/packet.c | 12 ++++++------ 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/tac_plus-ng/config.c b/tac_plus-ng/config.c index 26a55b6a..2c8448a8 100644 --- a/tac_plus-ng/config.c +++ b/tac_plus-ng/config.c @@ -1519,7 +1519,7 @@ int rad_get_password(tac_session *session, char **val, size_t *val_len) for (int i = 0; i <= p[1]; i++) { if (!(i & 0xf)) { struct iovec iov[2] = { - {.iov_base = session->ctx->radius_key->key,.iov_len = session->ctx->radius_key->len }, + {.iov_base = session->ctx->key->key,.iov_len = session->ctx->key->len }, {.iov_base = i ? (p + i + 2 - 16) : session->radius_data->pak_in->authenticator,.iov_len = 16 } }; md5v(digest, 16, iov, 2); diff --git a/tac_plus-ng/headers.h b/tac_plus-ng/headers.h index 3e51e488..1c2b65b7 100644 --- a/tac_plus-ng/headers.h +++ b/tac_plus-ng/headers.h @@ -898,7 +898,6 @@ struct context { union pak_hdr hdr; ssize_t hdroff; struct tac_key *key; - struct tac_key *radius_key; time_t last_io; struct radius_data *radius_data; #ifdef WITH_SSL diff --git a/tac_plus-ng/main.c b/tac_plus-ng/main.c index b4ab3110..c4100443 100644 --- a/tac_plus-ng/main.c +++ b/tac_plus-ng/main.c @@ -1291,7 +1291,7 @@ static void complete_host_mavis_udp(struct context *ctx) } if (ctx->host) - ctx->radius_key = ctx->host->radius_key; + ctx->key = ctx->host->radius_key; #define S "CONN-START" ctx->msgid = S; diff --git a/tac_plus-ng/packet.c b/tac_plus-ng/packet.c index d833f591..71bb5395 100644 --- a/tac_plus-ng/packet.c +++ b/tac_plus-ng/packet.c @@ -321,7 +321,7 @@ static void set_response_authenticator(tac_session *session, rad_pak_hdr *pak) {.iov_base = pak, 4 }, {.iov_base = session->radius_data->pak_in->authenticator,.iov_len = 16 }, {.iov_base = session->radius_data->data,.iov_len = session->radius_data->data_len }, - {.iov_base = session->ctx->radius_key->key,.iov_len = session->ctx->radius_key->len } + {.iov_base = session->ctx->key->key,.iov_len = session->ctx->key->len } }; md5v(pak->authenticator, MD5_LEN, iov, 4); } @@ -560,7 +560,7 @@ void tac_read(struct context *ctx, int cur) key_radsec->len = 6; strcpy(key_radsec->key, "radsec"); } - ctx->radius_key = key_radsec; + ctx->key = key_radsec; io_set_cb_i(ctx->io, ctx->sock, (void *) rad_read); return; @@ -811,18 +811,18 @@ static int rad_check_failed(struct context *ctx, u_char *p, u_char *e) #ifdef WITH_SSL // Packet looks sane, check message authentiator, if present if (message_authenticator) { - for (; ctx->radius_key; ctx->radius_key = ctx->radius_key->next) { + for (; ctx->key; ctx->key = ctx->key->next) { u_char ma_original[16]; u_char ma_calculated[16]; memcpy(ma_original, message_authenticator, 16); memset(message_authenticator, 0, 16); u_int ma_calculated_len = sizeof(ma_calculated); - HMAC(EVP_md5(), ctx->radius_key->key, ctx->radius_key->len, (const unsigned char *) &ctx->in->pak.uchar, ntohs(ctx->in->pak.rad.length), + HMAC(EVP_md5(), ctx->key->key, ctx->key->len, (const unsigned char *) &ctx->in->pak.uchar, ntohs(ctx->in->pak.rad.length), ma_calculated, &ma_calculated_len); memcpy(message_authenticator, ma_original, 16); if (!memcmp(ma_original, ma_calculated, 16)) { - if (ctx->radius_key->warn) - report(NULL, LOG_INFO, ~0, "%s uses deprecated radius key (line %d)", ctx->device_addr_ascii, ctx->radius_key->line); + if (ctx->key->warn) + report(NULL, LOG_INFO, ~0, "%s uses deprecated radius key (line %d)", ctx->device_addr_ascii, ctx->key->line); return 0; } }