C/Code snippet
[C] 가변 리스트 (pack된 속성)에 대한 고찰, Variable list of packed attribute
2022. 5. 22. 02:31반응형
Strongswan 소스코드에서, 추측해볼만한 사실들,
1. 가변 길이 배열은 unit8_t attributes[], 즉, []형 자료형으로 선언한다.
(https://github.com/strongswan/strongswan/blob/master/src/libradius/radius_message.c)
- 코드
/**
* RADIUS message header
*/
struct rmsg_t {
/** message code, radius_message_code_t */
uint8_t code;
/** message identifier */
uint8_t identifier;
/** length of Code, Identifier, Length, Authenticator and Attributes */
uint16_t length;
/** message authenticator, MD5 hash */
uint8_t authenticator[HASH_SIZE_MD5];
/** variable list of packed attributes */
uint8_t attributes[];
} __attribute__((packed));
Attributes
The Attribute field is variable in length, and contains the list
of Attributes that are required for the type of service, as well
as any desired optional Attributes.
관련 스펙
4. Packet Types
The RADIUS Packet type is determined by the Code field in the first
octet of the Packet.
4.1. Access-Request
Description
Access-Request packets are sent to a RADIUS server, and convey
information used to determine whether a user is allowed access to
a specific NAS, and any special services requested for that user.
An implementation wishing to authenticate a user MUST transmit a
RADIUS packet with the Code field set to 1 (Access-Request).
Upon receipt of an Access-Request from a valid client, an
appropriate reply MUST be transmitted.
An Access-Request SHOULD contain a User-Name attribute. It MUST
contain either a NAS-IP-Address attribute or a NAS-Identifier
attribute (or both).
An Access-Request MUST contain either a User-Password or a CHAP-
Password or a State. An Access-Request MUST NOT contain both a
User-Password and a CHAP-Password. If future extensions allow
other kinds of authentication information to be conveyed, the
attribute for that can be used in an Access-Request instead of
User-Password or CHAP-Password.
An Access-Request SHOULD contain a NAS-Port or NAS-Port-Type
attribute or both unless the type of access being requested does
not involve a port or the NAS does not distinguish among its
ports.
An Access-Request MAY contain additional attributes as a hint to
the server, but the server is not required to honor the hint.
When a User-Password is present, it is hidden using a method based
on the RSA Message Digest Algorithm MD5 [3].
Rigney, et al. Standards Track [Page 17]
RFC 2865 RADIUS June 2000
A summary of the Access-Request packet format is shown below. The
fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Request Authenticator |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
1 for Access-Request.
Identifier
The Identifier field MUST be changed whenever the content of the
Attributes field changes, and whenever a valid reply has been
received for a previous request. For retransmissions, the
Identifier MUST remain unchanged.
Request Authenticator
The Request Authenticator value MUST be changed each time a new
Identifier is used.
Attributes
The Attribute field is variable in length, and contains the list
of Attributes that are required for the type of service, as well
as any desired optional Attributes.
반응형
'C > Code snippet' 카테고리의 다른 글
[C/코드해석] pop_string (0) | 2022.05.26 |
---|---|
[C][Linux] realloc, malloc 그리고 malloc 사이즈 구하기 (0) | 2022.05.22 |
[C] 버블정렬 (0) | 2022.05.19 |
[C] 나만의 utils 만들기 (0) | 2022.05.18 |
[Linux/C] strcat 사용시 주의사항 (0) | 2022.05.14 |