Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request

src/libcharon/plugins/eap_radius/eap_radius.c

@@ -156,17 +156,67 @@ static bool radius2ike(private_eap_radius_t *this,
 	return FALSE;
 }
 
+/**
+ * Add a set of RADIUS attributes to a request message
+ */
+static void add_radius_request_attrs(private_eap_radius_t *this,
+									 radius_message_t *request)
+{
+	ike_sa_t *ike_sa;
+	host_t *host;
+	char buf[40];
+	u_int32_t value;
+	chunk_t chunk;
+
+	chunk = chunk_from_str(this->id_prefix);
+	chunk = chunk_cata("cc", chunk, this->peer->get_encoding(this->peer));
+	request->add(request, RAT_USER_NAME, chunk);
+
+	/* virtual NAS-Port-Type */
+	value = htonl(5);
+	request->add(request, RAT_NAS_PORT_TYPE, chunk_from_thing(value));
+	/* framed ServiceType */
+	value = htonl(2);
+	request->add(request, RAT_SERVICE_TYPE, chunk_from_thing(value));
+
+	ike_sa = charon->bus->get_sa(charon->bus);
+	if (ike_sa)
+	{
+		value = htonl(ike_sa->get_unique_id(ike_sa));
+		request->add(request, RAT_NAS_PORT, chunk_from_thing(value));
+		request->add(request, RAT_NAS_PORT_ID,
+					 chunk_from_str(ike_sa->get_name(ike_sa)));
+
+		host = ike_sa->get_my_host(ike_sa);
+		chunk = host->get_address(host);
+		switch (host->get_family(host))
+		{
+			case AF_INET:
+				request->add(request, RAT_NAS_IP_ADDRESS, chunk);
+				break;
+			case AF_INET6:
+				request->add(request, RAT_NAS_IPV6_ADDRESS, chunk);
+			default:
+				break;
+		}
+		snprintf(buf, sizeof(buf), "%#H", host);
+		request->add(request, RAT_CALLED_STATION_ID, chunk_from_str(buf));
+		host = ike_sa->get_other_host(ike_sa);
+		snprintf(buf, sizeof(buf), "%#H", host);
+		request->add(request, RAT_CALLING_STATION_ID, chunk_from_str(buf));
+	}
+
+	eap_radius_forward_from_ike(request);
+}
+
 METHOD(eap_method_t, initiate, status_t,
 	private_eap_radius_t *this, eap_payload_t **out)
 {
 	radius_message_t *request, *response;
 	status_t status = FAILED;
-	chunk_t username;
 
 	request = radius_message_create(RMC_ACCESS_REQUEST);
-	username = chunk_create(this->id_prefix, strlen(this->id_prefix));
-	username = chunk_cata("cc", username, this->peer->get_encoding(this->peer));
-	request->add(request, RAT_USER_NAME, username);
+	add_radius_request_attrs(this, request);
 
 	if (this->eap_start)
 	{
@@ -176,7 +226,6 @@ METHOD(eap_method_t, initiate, status_t,
 	{
 		add_eap_identity(this, request);
 	}
-	eap_radius_forward_from_ike(request);
 
 	response = this->client->request(this->client, request);
 	if (response)
@@ -391,7 +440,8 @@ METHOD(eap_method_t, process, status_t,
 	chunk_t data;
 
 	request = radius_message_create(RMC_ACCESS_REQUEST);
-	request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer));
+	add_radius_request_attrs(this, request);
+
 	data = in->get_data(in);
 	DBG3(DBG_IKE, "%N payload %B", eap_type_names, this->type, &data);
 
@@ -404,7 +454,6 @@ METHOD(eap_method_t, process, status_t,
 	}
 	request->add(request, RAT_EAP_MESSAGE, data);
 
-	eap_radius_forward_from_ike(request);
 	response = this->client->request(this->client, request);
 	if (response)
 	{

src/libradius/radius_client.c

@@ -81,13 +81,10 @@ static void save_state(private_radius_client_t *this, radius_message_t *msg)
 METHOD(radius_client_t, request, radius_message_t*,
 	private_radius_client_t *this, radius_message_t *req)
 {
-	char virtual[] = {0x00,0x00,0x00,0x05};
 	radius_socket_t *socket;
 	radius_message_t *res;
 	chunk_t data;
 
-	/* we add the "Virtual" NAS-Port-Type, as we SHOULD include one */
-	req->add(req, RAT_NAS_PORT_TYPE, chunk_create(virtual, sizeof(virtual)));
 	/* add our NAS-Identifier */
 	req->add(req, RAT_NAS_IDENTIFIER,
 			 this->config->get_nas_identifier(this->config));