diff options
| author | Linus Nordberg <linus@nordberg.se> | 2014-02-05 11:10:02 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@nordberg.se> | 2014-02-05 11:10:02 +0100 |
| commit | 3d954bfd2f658ac05a0f20a1241738ed3e3fdd28 (patch) | |
| tree | d95b364fbab298c9b94c9c729afc98904c7c5bb0 /lib/radius | |
| parent | 67bdfa83f1879312fef0fbac769f6fb45df12d1a (diff) | |
Move lib to the root.
Diffstat (limited to 'lib/radius')
34 files changed, 0 insertions, 8648 deletions
diff --git a/lib/radius/.gitignore b/lib/radius/.gitignore deleted file mode 100644 index 1af03df..0000000 --- a/lib/radius/.gitignore +++ /dev/null @@ -1 +0,0 @@ -dictionaries.c diff --git a/lib/radius/LICENSE b/lib/radius/LICENSE deleted file mode 100644 index 01dbe92..0000000 --- a/lib/radius/LICENSE +++ /dev/null @@ -1,24 +0,0 @@ -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am deleted file mode 100644 index 462a1e0..0000000 --- a/lib/radius/Makefile.am +++ /dev/null @@ -1,42 +0,0 @@ -AUTOMAKE_OPTIONS = foreign -ACLOCAL_AMFLAGS = -I m4 - -AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir) -AM_CFLAGS = -Wall -g - -noinst_LTLIBRARIES = libradsec-radius.la - -libradsec_radius_la_SOURCES = \ - attrs.c \ - crypto.c \ - custom.c \ - dict.c \ - id.c \ - parse.c \ - print.c \ - radpkt.c \ - static.c \ - valuepair.c - -libradsec_radius_la_SOURCES += client.h - -libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H - -DICTIONARIES = \ - share/dictionary.txt \ - share/dictionary.juniper \ - share/dictionary.microsoft \ - share/dictionary.ukerna \ - share/dictionary.abfab.ietf - -EXTRA_DIST = dictionaries.c $(DICTIONARIES) common.pl convert.pl - -$(top_srcdir)/include/radsec/radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl - $(srcdir)/convert.pl ${DICTIONARIES} - -static.$(OBJEXT): static.c dictionaries.c - -clean-local: - rm -f dictionaries.c - -$(libradsec_radius_la_SOURCES): $(top_srcdir)/include/radsec/radius.h diff --git a/lib/radius/attrs.c b/lib/radius/attrs.c deleted file mode 100644 index 21cd3f0..0000000 --- a/lib/radius/attrs.c +++ /dev/null @@ -1,1411 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file attrs.c - * \brief Attribute encoding and decoding routines. - */ - -#include "client.h" - -/* - * Encodes the data portion of an attribute. - * Returns -1 on error, or the length of the data portion. - */ -static ssize_t vp2data_any(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - int nest, - const VALUE_PAIR **pvp, - uint8_t *start, size_t room) -{ - uint32_t lvalue; - ssize_t len; - const uint8_t *data; - uint8_t *ptr = start; - uint8_t array[4]; - const VALUE_PAIR *vp = *pvp; - -#ifdef RS_TYPE_TLV - /* - * See if we need to encode a TLV. The low portion of - * the attribute has already been placed into the packer. - * If there are still attribute bytes left, then go - * encode them as TLVs. - * - * If we cared about the stack, we could unroll the loop. - */ - if ((nest > 0) && (nest <= nr_attr_max_tlv) && - ((vp->da->attr >> nr_attr_shift[nest]) != 0)) { - return vp2data_tlvs(packet, original, nest, pvp, - start, room); - } -#else - nest = nest; /* -Wunused */ -#endif - - /* - * Set up the default sources for the data. - */ - data = vp->vp_octets; - len = vp->length; - - switch(vp->da->type) { - case RS_TYPE_IPV6PREFIX: - len = sizeof(vp->vp_ipv6prefix); - break; - - case RS_TYPE_STRING: - case RS_TYPE_OCTETS: - case RS_TYPE_IFID: - case RS_TYPE_IPV6ADDR: -#ifdef RS_TYPE_ABINARY - case RS_TYPE_ABINARY: -#endif - /* nothing more to do */ - break; - - case RS_TYPE_BYTE: - len = 1; /* just in case */ - array[0] = vp->vp_integer & 0xff; - data = array; - break; - - case RS_TYPE_SHORT: - len = 2; /* just in case */ - array[0] = (vp->vp_integer >> 8) & 0xff; - array[1] = vp->vp_integer & 0xff; - data = array; - break; - - case RS_TYPE_INTEGER: - len = 4; /* just in case */ - lvalue = htonl(vp->vp_integer); - memcpy(array, &lvalue, sizeof(lvalue)); - data = array; - break; - - case RS_TYPE_IPADDR: - data = (const uint8_t *) &vp->vp_ipaddr; - len = 4; /* just in case */ - break; - - /* - * There are no tagged date attributes. - */ - case RS_TYPE_DATE: - lvalue = htonl(vp->vp_date); - data = (const uint8_t *) &lvalue; - len = 4; /* just in case */ - break; - -#ifdef VENDORPEC_WIMAX - case RS_TYPE_SIGNED: - { - int32_t slvalue; - - len = 4; /* just in case */ - slvalue = htonl(vp->vp_signed); - memcpy(array, &slvalue, sizeof(slvalue)); - break; - } -#endif - -#ifdef RS_TYPE_TLV - case RS_TYPE_TLV: - data = vp->vp_tlv; - if (!data) { - nr_debug_error("ERROR: Cannot encode NULL TLV"); - return -RSE_INVAL; - } - len = vp->length; - break; -#endif - - default: /* unknown type: ignore it */ - nr_debug_error("ERROR: Unknown attribute type %d", vp->da->type); - return -RSE_ATTR_TYPE_UNKNOWN; - } - - /* - * Bound the data to the calling size - */ - if (len > (ssize_t) room) len = room; - -#ifndef FLAG_ENCRYPT_TUNNEL_PASSWORD - original = original; /* -Wunused */ -#endif - - /* - * Encrypt the various password styles - * - * Attributes with encrypted values MUST be less than - * 128 bytes long. - */ - switch (vp->da->flags.encrypt) { - case FLAG_ENCRYPT_USER_PASSWORD: - len = nr_password_encrypt(ptr, room, data, len, - packet->secret, packet->vector); - break; - -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - case FLAG_ENCRYPT_TUNNEL_PASSWORD: - lvalue = 0; - if (vp->da->flags.has_tag) lvalue = 1; - - /* - * Check if there's enough room. If there isn't, - * we discard the attribute. - * - * This is ONLY a problem if we have multiple VSA's - * in one Vendor-Specific, though. - */ - if (room < (18 + lvalue)) { - *pvp = vp->next; - return 0; - } - - switch (packet->code) { - case PW_ACCESS_ACCEPT: - case PW_ACCESS_REJECT: - case PW_ACCESS_CHALLENGE: - default: - if (!original) { - nr_debug_error("ERROR: No request packet, cannot encrypt %s attribute in the vp.", vp->da->name); - return -RSE_REQUEST_REQUIRED; - } - - if (lvalue) ptr[0] = vp->tag; - len = nr_tunnelpw_encrypt(ptr + lvalue, - room - lvalue, data, len, - packet->secret, - original->vector); - if (len < 0) return len; - break; - case PW_ACCOUNTING_REQUEST: - case PW_DISCONNECT_REQUEST: - case PW_COA_REQUEST: - ptr[0] = vp->tag; - len = nr_tunnelpw_encrypt(ptr + 1, room, data, len - 1, - packet->secret, - packet->vector); - if (len < 0) return len; - break; - } - break; -#endif - - /* - * The code above ensures that this attribute - * always fits. - */ -#ifdef FLAG_ENCRYPT_ASCEND_SECRET - case FLAG_ENCRYPT_ASCEND_SECRET: - make_secret(ptr, packet->vector, packet->secret, data); - len = AUTH_VECTOR_LEN; - break; -#endif - - default: - if (vp->da->flags.has_tag && TAG_VALID(vp->tag)) { - if (vp->da->type == RS_TYPE_STRING) { - if (len > ((ssize_t) (room - 1))) len = room - 1; - ptr[0] = vp->tag; - ptr++; - } else if (vp->da->type == RS_TYPE_INTEGER) { - array[0] = vp->tag; - } /* else it can't be any other type */ - } - memcpy(ptr, data, len); - break; - } /* switch over encryption flags */ - - *(pvp) = vp->next; - return len + (ptr - start);; -} - - -/* - * Encode an RFC format TLV. This could be a standard attribute, - * or a TLV data type. If it's a standard attribute, then - * vp->da->attr == attribute. Otherwise, attribute may be - * something else. - */ -static ssize_t vp2attr_rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - unsigned int attribute, uint8_t *ptr, size_t room) -{ - ssize_t len; - - if (room < 2) { - *pvp = (*pvp)->next; - return 0; - } - - ptr[0] = attribute & 0xff; - ptr[1] = 2; - - if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; - - len = vp2data_any(packet, original, 0, pvp, ptr + ptr[1], room); - if (len < 0) return len; - - ptr[1] += len; - - return ptr[1]; -} - - -#ifndef WITHOUT_VSAS -/* - * Encode a VSA which is a TLV. If it's in the RFC format, call - * vp2attr_rfc. Otherwise, encode it here. - */ -static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - unsigned int attribute, unsigned int vendor, - uint8_t *ptr, size_t room) -{ - ssize_t len; - const DICT_VENDOR *dv; - - /* - * Unknown vendor: RFC format. - * Known vendor and RFC format: go do that. - */ - dv = nr_dict_vendor_byvalue(vendor); - if (!dv || - ( -#ifdef RS_TYPE_TLV - !(*pvp)->flags.is_tlv && -#endif - (dv->type == 1) && (dv->length == 1))) { - return vp2attr_rfc(packet, original, pvp, - attribute, ptr, room); - } - -#ifdef RS_TYPE_TLV - if ((*pvp)->flags.is_tlv) { - return data2vp_tlvs(packet, original, 0, pvp, - ptr, room); - } -#endif - - switch (dv->type) { - default: - nr_debug_error("vp2attr_vsa: Internal sanity check failed," - " type %u", (unsigned) dv->type); - return -RSE_INTERNAL; - - case 4: - ptr[0] = 0; /* attr must be 24-bit */ - ptr[1] = (attribute >> 16) & 0xff; - ptr[2] = (attribute >> 8) & 0xff; - ptr[3] = attribute & 0xff; - break; - - case 2: - ptr[0] = (attribute >> 8) & 0xff; - ptr[1] = attribute & 0xff; - break; - - case 1: - ptr[0] = attribute & 0xff; - break; - } - - switch (dv->length) { - default: - nr_debug_error("vp2attr_vsa: Internal sanity check failed," - " length %u", (unsigned) dv->length); - return -RSE_INTERNAL; - - case 0: - break; - - case 2: - ptr[dv->type] = 0; - /* FALL-THROUGH */ - - case 1: - ptr[dv->type + dv->length - 1] = dv->type + dv->length; - break; - - } - - if (room > ((unsigned) 255 - (dv->type + dv->length))) { - room = 255 - (dv->type + dv->length); - } - - len = vp2data_any(packet, original, 0, pvp, - ptr + dv->type + dv->length, room); - if (len < 0) return len; - - if (dv->length) ptr[dv->type + dv->length - 1] += len; - - return dv->type + dv->length + len; -} - - -/* - * Encode a Vendor-Specific attribute. - */ -ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *ptr, - size_t room) -{ - ssize_t len; - uint32_t lvalue; - const VALUE_PAIR *vp = *pvp; - -#ifdef VENDORPEC_WIMAX - /* - * Double-check for WiMAX - */ - if (vp->da->vendor == VENDORPEC_WIMAX) { - return nr_vp2wimax(packet, original, pvp, - ptr, room); - } -#endif - - if (vp->da->vendor > RS_MAX_VENDOR) { - nr_debug_error("nr_vp2vsa: Invalid arguments"); - return -RSE_INVAL; - } - - /* - * Not enough room for: - * attr, len, vendor-id - */ - if (room < 6) { - *pvp = vp->next; - return 0; - } - - /* - * Build the Vendor-Specific header - */ - ptr[0] = PW_VENDOR_SPECIFIC; - ptr[1] = 6; - lvalue = htonl(vp->da->vendor); - memcpy(ptr + 2, &lvalue, 4); - - if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; - - len = vp2attr_vsa(packet, original, pvp, - vp->da->attr, vp->da->vendor, - ptr + ptr[1], room); - if (len < 0) return len; - - ptr[1] += len; - - return ptr[1]; -} -#endif - - -/* - * Encode an RFC standard attribute 1..255 - */ -ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - uint8_t *ptr, size_t room) -{ - const VALUE_PAIR *vp = *pvp; - - if (vp->da->vendor != 0) { - nr_debug_error("nr_vp2rfc called with VSA"); - return -RSE_INVAL; - } - - if ((vp->da->attr == 0) || (vp->da->attr > 255)) { - nr_debug_error("nr_vp2rfc called with non-standard attribute %u", vp->da->attr); - return -RSE_INVAL; - } - -#ifdef PW_CHARGEABLE_USER_IDENTITY - if ((vp->length == 0) && - (vp->da != RS_DA_CHARGEABLE_USER_IDENTITY)) { - *pvp = vp->next; - return 0; - } -#endif - - return vp2attr_rfc(packet, original, pvp, vp->da->attr, - ptr, room); -} - -#ifdef PW_CHAP_PASSWORD -/* - * Encode an RFC standard attribute 1..255 - */ -static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - uint8_t *ptr, size_t room) -{ - ssize_t rcode; - const VALUE_PAIR *vp = *pvp; - RS_MD5_CTX ctx; - uint8_t buffer[RS_MAX_STRING_LEN*2 + 1], *p; - VALUE_PAIR chap = { - RS_DA_CHAP_PASSWORD, - 17, - 0, - NULL, - { - .octets = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }, - }, - }; - - if ((vp->da->vendor != 0) || (vp->da != RS_DA_CHAP_PASSWORD)) { - nr_debug_error("nr_chap2rfc called with non-CHAP"); - return -RSE_INVAL; - } - - p = buffer; - *(p++) = nr_rand() & 0xff; /* id */ - - memcpy(p, vp->vp_strvalue, strlen(vp->vp_strvalue)); - p += strlen(vp->vp_strvalue); - - vp = nr_vps_find(packet->vps, PW_CHAP_CHALLENGE, 0); - if (vp) { - memcpy(p, vp->vp_octets, vp->length); - p += vp->length; - } else { - memcpy(p, packet->vector, sizeof(packet->vector)); - p += sizeof(packet->vector); - } - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, buffer, p - buffer); - RS_MD5Final(&chap.vp_octets[1], &ctx); - - chap.vp_octets[0] = buffer[0]; - vp = &chap; - - rcode = vp2attr_rfc(packet, original, &vp, chap.da->attr, - ptr, room); - if (rcode < 0) return rcode; - - *pvp = (*pvp)->next; - return rcode; -} -#endif /* PW_CHAP_PASSWORD */ - -#ifdef PW_MESSAGE_AUTHENTICATOR -/** Fake Message-Authenticator. - * - * This structure is used to replace a Message-Authenticator in the - * input list of VALUE_PAIRs when encoding a packet. If the caller - * asks us to encode a Message-Authenticator, we ignore the one given - * to us by the caller (which may have the wrong length, etc.), and - * instead use this one, which has the correct length and data. - */ -static const VALUE_PAIR fake_ma = { - RS_DA_MESSAGE_AUTHENTICATOR, - 16, - 0, - NULL, - { - .octets = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }, - } -}; -#endif /* PW_MESSAGE_AUTHENTICATOR */ - -/* - * Parse a data structure into a RADIUS attribute. - */ -ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *start, - size_t room) -{ - const VALUE_PAIR *vp = *pvp; - - /* - * RFC format attributes take the fast path. - */ - if (vp->da->vendor != 0) { -#ifdef VENDORPEC_EXTENDED - if (vp->da->vendor > RS_MAX_VENDOR) { - return nr_vp2attr_extended(packet, original, - pvp, start, room); - - } -#endif - -#ifdef VENDORPEC_WIMAX - if (vp->da->vendor == VENDORPEC_WIMAX) { - return nr_vp2attr_wimax(packet, original, - pvp, start, room); - } -#endif - -#ifndef WITHOUT_VSAS - return nr_vp2vsa(packet, original, pvp, start, room); -#else - nr_debug_error("VSAs are not supported"); - return -RSE_UNSUPPORTED; -#endif - } - - /* - * Ignore non-protocol attributes. - */ - if (vp->da->attr > 255) { - *pvp = vp->next; - return 0; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - /* - * The caller wants a Message-Authenticator, but doesn't - * know how to calculate it, or what the correct values - * are. So... create one for him. - */ - if (vp->da == RS_DA_MESSAGE_AUTHENTICATOR) { - ssize_t rcode; - - vp = &fake_ma; - rcode = nr_vp2rfc(packet, original, &vp, start, room); - if (rcode <= 0) return rcode; - *pvp = (*pvp)->next; - return rcode; - } -#endif - -#ifdef PW_CHAP_PASSWORD - /* - * The caller wants a CHAP-Password, but doesn't know how - * to calculate it, or what the correct values are. To - * help, we calculate it for him. - */ - if (vp->da == RS_DA_CHAP_PASSWORD) { - int encoded = 0; - - /* - * CHAP is ID + MD5(...). If it's length is NOT - * 17, then the caller has passed us a password, - * and wants us to encode it. If the length IS - * 17, then we need to double-check if the caller - * has already encoded it. - */ - if (vp->length == 17) { - int i; - - /* - * ASCII and UTF-8 disallow values 0..31. - * If they appear, then the CHAP-Password - * has already been encoded by the - * caller. The probability of a - * CHAP-Password being all 32..256 is - * (1-32/256)^17 =~ .10 - * - * This check isn't perfect, but it - * should be pretty rare for people to - * have 17-character passwords *and* have - * them all 32..256. - */ - for (i = 0; i < 17; i++) { - if (vp->vp_octets[i] < 32) { - encoded = 1; - break; - } - } - } - - if (!encoded) { - return nr_chap2rfc(packet, original, pvp, start, room); - } - } -#endif - - return nr_vp2rfc(packet, original, pvp, - start, room); -} - - -/* - * Ignore unknown attributes, but "decoding" them into nothing. - */ -static ssize_t data2vp_raw(UNUSED const RADIUS_PACKET *packet, - UNUSED const RADIUS_PACKET *original, - unsigned int attribute, - unsigned int vendor, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - VALUE_PAIR *vp; - - if (length > sizeof(vp->vp_octets)) return -RSE_ATTR_OVERFLOW; - - vp = nr_vp_alloc_raw(attribute, vendor); - if (!vp) return -RSE_NOMEM; - - memcpy(vp->vp_octets, data, length); - vp->length = length; - - *pvp = vp; - return length; -} - -ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - - return data2vp_raw(packet, original, data[0], 0, - data + 2, data[1] - 2, pvp); -} - -/* - * Create any kind of VP from the attribute contents. - * - * Will return -1 on error, or "length". - */ -static ssize_t data2vp_any(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - int nest, - unsigned int attribute, unsigned int vendor, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - ssize_t rcode; -#endif - int data_offset = 0; - const DICT_ATTR *da; - VALUE_PAIR *vp = NULL; - - if (length == 0) { - /* - * Hacks for CUI. The WiMAX spec says that it - * can be zero length, even though this is - * forbidden by the RADIUS specs. So... we make - * a special case for it. - */ - if ((vendor == 0) && - (attribute == PW_CHARGEABLE_USER_IDENTITY)) { - data = (const uint8_t *) ""; - length = 1; - } else { - *pvp = NULL; - return 0; - } - } - - da = nr_dict_attr_byvalue(attribute, vendor); - - /* - * Unknown attribute. Create it as a "raw" attribute. - */ - if (!da) { - raw: - if (vp) nr_vp_free(&vp); - return data2vp_raw(packet, original, - attribute, vendor, data, length, pvp); - } - -#ifdef RS_TYPE_TLV - /* - * TLVs are handled first. They can't be tagged, and - * they can't be encrypted. - */ - if (da->da->type == RS_TYPE_TLV) { - return data2vp_tlvs(packet, original, - attribute, vendor, nest, - data, length, pvp); - } -#else - nest = nest; /* -Wunused */ -#endif - - /* - * The attribute is known, and well formed. We can now - * create it. The main failure from here on in is being - * out of memory. - */ - vp = nr_vp_alloc(da); - if (!vp) return -RSE_NOMEM; - - /* - * Handle tags. - */ - if (vp->da->flags.has_tag) { - if (TAG_VALID(data[0]) -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - || (vp->da->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) -#endif - ) { - /* - * Tunnel passwords REQUIRE a tag, even - * if don't have a valid tag. - */ - vp->tag = data[0]; - - if ((vp->da->type == RS_TYPE_STRING) || - (vp->da->type == RS_TYPE_OCTETS)) { - if (length == 0) goto raw; - data_offset = 1; - } - } - } - - /* - * Copy the data to be decrypted - */ - vp->length = length - data_offset; - memcpy(&vp->vp_octets[0], data + data_offset, vp->length); - - /* - * Decrypt the attribute. - */ - switch (vp->da->flags.encrypt) { - /* - * User-Password - */ - case FLAG_ENCRYPT_USER_PASSWORD: - if (original) { - rcode = nr_password_encrypt(vp->vp_octets, - sizeof(vp->vp_strvalue), - data + data_offset, vp->length, - packet->secret, - original->vector); - } else { - rcode = nr_password_encrypt(vp->vp_octets, - sizeof(vp->vp_strvalue), - data + data_offset, vp->length, - packet->secret, - packet->vector); - } - if (rcode < 0) goto raw; - vp->vp_strvalue[128] = '\0'; - vp->length = strlen(vp->vp_strvalue); - break; - - /* - * Tunnel-Password's may go ONLY - * in response packets. - */ -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - case FLAG_ENCRYPT_TUNNEL_PASSWORD: - if (!original) goto raw; - - rcode = nr_tunnelpw_decrypt(vp->vp_octets, - sizeof(vp->vp_octets), - data + data_offset, vp->length, - packet->secret, original->vector); - if (rcode < 0) goto raw; - vp->length = rcode; - break; -#endif - - -#ifdef FLAG_ENCRYPT_ASCEND_SECRET - /* - * Ascend-Send-Secret - * Ascend-Receive-Secret - */ - case FLAG_ENCRYPT_ASCEND_SECRET: - if (!original) { - goto raw; - } else { - uint8_t my_digest[AUTH_VECTOR_LEN]; - make_secret(my_digest, - original->vector, - packet->secret, data); - memcpy(vp->vp_strvalue, my_digest, - AUTH_VECTOR_LEN ); - vp->vp_strvalue[AUTH_VECTOR_LEN] = '\0'; - vp->length = strlen(vp->vp_strvalue); - } - break; -#endif - - default: - break; - } /* switch over encryption flags */ - - /* - * Expected a certain length, but got something else. - */ - if ((vp->da->flags.length != 0) && - (vp->length != vp->da->flags.length)) { - goto raw; - } - - switch (vp->da->type) { - case RS_TYPE_STRING: - case RS_TYPE_OCTETS: -#ifdef RS_TYPE_ABINARY - case RS_TYPE_ABINARY: -#endif - /* nothing more to do */ - break; - - case RS_TYPE_BYTE: - vp->vp_integer = vp->vp_octets[0]; - break; - - - case RS_TYPE_SHORT: - vp->vp_integer = (vp->vp_octets[0] << 8) | vp->vp_octets[1]; - break; - - case RS_TYPE_INTEGER: - memcpy(&vp->vp_integer, vp->vp_octets, 4); - vp->vp_integer = ntohl(vp->vp_integer); - - if (vp->da->flags.has_tag) vp->vp_integer &= 0x00ffffff; - break; - - case RS_TYPE_DATE: - memcpy(&vp->vp_date, vp->vp_octets, 4); - vp->vp_date = ntohl(vp->vp_date); - break; - - - case RS_TYPE_IPADDR: - memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); - break; - - /* - * IPv6 interface ID is 8 octets long. - */ - case RS_TYPE_IFID: - /* vp->vp_ifid == vp->vp_octets */ - break; - - /* - * IPv6 addresses are 16 octets long - */ - case RS_TYPE_IPV6ADDR: - /* vp->vp_ipv6addr == vp->vp_octets */ - break; - - /* - * IPv6 prefixes are 2 to 18 octets long. - * - * RFC 3162: The first octet is unused. - * The second is the length of the prefix - * the rest are the prefix data. - * - * The prefix length can have value 0 to 128. - */ - case RS_TYPE_IPV6PREFIX: - if (vp->length < 2 || vp->length > 18) goto raw; - if (vp->vp_octets[1] > 128) goto raw; - - /* - * FIXME: double-check that - * (vp->vp_octets[1] >> 3) matches vp->length + 2 - */ - if (vp->length < 18) { - memset(vp->vp_octets + vp->length, 0, - 18 - vp->length); - } - break; - -#ifdef VENDORPEC_WIMAX - case RS_TYPE_SIGNED: - if (vp->length != 4) goto raw; - - /* - * Overload vp_integer for ntohl, which takes - * uint32_t, not int32_t - */ - memcpy(&vp->vp_integer, vp->vp_octets, 4); - vp->vp_integer = ntohl(vp->vp_integer); - memcpy(&vp->vp_signed, &vp->vp_integer, 4); - break; -#endif - -#ifdef RS_TYPE_TLV - case RS_TYPE_TLV: - nr_vp_free(&vp); - nr_debug_error("data2vp_any: Internal sanity check failed"); - return -RSE_ATTR_TYPE_UNKNOWN; -#endif - -#ifdef VENDORPEC_WIMAX - case RS_TYPE_COMBO_IP: - if (vp->length == 4) { - vp->da->type = RS_TYPE_IPADDR; - memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); - break; - - } else if (vp->length == 16) { - vp->da->type = RS_TYPE_IPV6ADDR; - /* vp->vp_ipv6addr == vp->vp_octets */ - break; - - } - /* FALL-THROUGH */ -#endif - - default: - goto raw; - } - - *pvp = vp; - - return length; -} - - -/* - * Create a "standard" RFC VALUE_PAIR from the given data. - */ -ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - ssize_t rcode; - - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - - rcode = data2vp_any(packet, original, 0, - data[0], 0, data + 2, data[1] - 2, pvp); - if (rcode < 0) return rcode; - - return data[1]; -} - -#ifndef WITHOUT_VSAS -/* - * Check if a set of RADIUS formatted TLVs are OK. - */ -int nr_tlv_ok(const uint8_t *data, size_t length, - size_t dv_type, size_t dv_length) -{ - const uint8_t *end = data + length; - - if ((dv_length > 2) || (dv_type == 0) || (dv_type > 4)) { - nr_debug_error("nr_tlv_ok: Invalid arguments"); - return -RSE_INVAL; - } - - while (data < end) { - size_t attrlen; - - if ((data + dv_type + dv_length) > end) { - nr_debug_error("Attribute header overflow"); - return -RSE_ATTR_TOO_SMALL; - } - - switch (dv_type) { - case 4: - if ((data[0] == 0) && (data[1] == 0) && - (data[2] == 0) && (data[3] == 0)) { - zero: - nr_debug_error("Invalid attribute 0"); - return -RSE_ATTR_INVALID; - } - - if (data[0] != 0) { - nr_debug_error("Invalid attribute > 2^24"); - return -RSE_ATTR_INVALID; - } - break; - - case 2: - if ((data[1] == 0) && (data[1] == 0)) goto zero; - break; - - case 1: - if (data[0] == 0) goto zero; - break; - - default: - nr_debug_error("Internal sanity check failed"); - return -RSE_INTERNAL; - } - - switch (dv_length) { - case 0: - return 0; - - case 2: - if (data[dv_type + 1] != 0) { - nr_debug_error("Attribute is longer than 256 octets"); - return -RSE_ATTR_TOO_LARGE; - } - /* FALL-THROUGH */ - case 1: - attrlen = data[dv_type + dv_length - 1]; - break; - - - default: - nr_debug_error("Internal sanity check failed"); - return -RSE_INTERNAL; - } - - if (attrlen < (dv_type + dv_length)) { - nr_debug_error("Attribute header has invalid length"); - return -RSE_PACKET_TOO_SMALL; - } - - if (attrlen > length) { - nr_debug_error("Attribute overflows container"); - return -RSE_ATTR_OVERFLOW; - } - - data += attrlen; - length -= attrlen; - } - - return 0; -} - - -/* - * Convert a top-level VSA to a VP. - */ -static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - unsigned int vendor, - size_t dv_type, size_t dv_length, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - unsigned int attribute; - ssize_t attrlen, my_len; - -#ifndef NDEBUG - if (length <= (dv_type + dv_length)) { - nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); - return -RSE_PACKET_TOO_SMALL; - } -#endif - - switch (dv_type) { - case 4: - /* data[0] must be zero */ - attribute = data[1] << 16; - attribute |= data[2] << 8; - attribute |= data[3]; - break; - - case 2: - attribute = data[0] << 8; - attribute |= data[1]; - break; - - case 1: - attribute = data[0]; - break; - - default: - nr_debug_error("attr2vp_vsa: Internal sanity check failed"); - return -RSE_INTERNAL; - } - - switch (dv_length) { - case 2: - /* data[dv_type] must be zero */ - attrlen = data[dv_type + 1]; - break; - - case 1: - attrlen = data[dv_type]; - break; - - case 0: - attrlen = length; - break; - - default: - nr_debug_error("attr2vp_vsa: Internal sanity check failed"); - return -RSE_INTERNAL; - } - -#ifndef NDEBUG - if (attrlen <= (ssize_t) (dv_type + dv_length)) { - nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); - return -RSE_PACKET_TOO_SMALL; - } -#endif - - attrlen -= (dv_type + dv_length); - - my_len = data2vp_any(packet, original, 0, - attribute, vendor, - data + dv_type + dv_length, attrlen, pvp); - if (my_len < 0) return my_len; - -#ifndef NDEBUG - if (my_len != attrlen) { - nr_vp_free(pvp); - nr_debug_error("attr2vp_vsa: Incomplete decode %d != %d", - (int) my_len, (int) attrlen); - return -RSE_INTERNAL; - } -#endif - - return dv_type + dv_length + attrlen; -} - - -/* - * Create Vendor-Specifc VALUE_PAIRs from a RADIUS attribute. - */ -ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - size_t dv_type, dv_length; - ssize_t my_len; - uint32_t lvalue; - const DICT_VENDOR *dv; - - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - - if (data[0] != PW_VENDOR_SPECIFIC) { - nr_debug_error("nr_attr2vp_vsa: Invalid attribute"); - return -RSE_INVAL; - } - - /* - * Not enough room for a Vendor-Id. - * Or the high octet of the Vendor-Id is set. - */ - if ((data[1] < 6) || (data[2] != 0)) { - return nr_attr2vp_raw(packet, original, - data, length, pvp); - } - - memcpy(&lvalue, data + 2, 4); - lvalue = ntohl(lvalue); - -#ifdef VENDORPEC_WIMAX - /* - * WiMAX gets its own set of magic. - */ - if (lvalue == VENDORPEC_WIMAX) { - return nr_attr2vp_wimax(packet, original, - data, length, pvp); - } -#endif - - dv_type = dv_length = 1; - dv = nr_dict_vendor_byvalue(lvalue); - if (!dv) { - return nr_attr2vp_rfc(packet, original, - data, length, pvp); - } - - dv_type = dv->type; - dv_length = dv->length; - - /* - * Attribute is not in the correct form. - */ - if (nr_tlv_ok(data + 6, data[1] - 6, dv_type, dv_length) < 0) { - return nr_attr2vp_raw(packet, original, - data, length, pvp); - } - - my_len = attr2vp_vsa(packet, original, - lvalue, dv_type, dv_length, - data + 6, data[1] - 6, pvp); - if (my_len < 0) return my_len; - -#ifndef NDEBUG - if (my_len != (data[1] - 6)) { - nr_vp_free(pvp); - nr_debug_error("nr_attr2vp_vsa: Incomplete decode"); - return -RSE_INTERNAL; - } -#endif - - return data[1]; -} -#endif /* WITHOUT_VSAS */ - - -/* - * Create a "normal" VALUE_PAIR from the given data. - */ -ssize_t nr_attr2vp(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - -#ifndef WITHOUT_VSAS - /* - * VSAs get their own handler. - */ - if (data[0] == PW_VENDOR_SPECIFIC) { - return nr_attr2vp_vsa(packet, original, - data, length, pvp); - } -#endif - -#ifdef VENDORPEC_EXTENDED - /* - * Extended attribute format gets their own handler. - */ - if (nr_dict_attr_byvalue(data[0], VENDORPEC_EXTENDED) != NULL) { - return nr_attr2vp_extended(packet, original, - data, length, pvp); - } -#endif - - return nr_attr2vp_rfc(packet, original, data, length, pvp); -} - -ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, - unsigned int attribute, unsigned int vendor, - const uint8_t **pdata, size_t *plength) -{ - uint8_t *data, *attr; - const uint8_t *end; - - if (!packet || !pdata || !plength) return -RSE_INVAL; - - if (!packet->data) return -RSE_INVAL; - if (packet->length < 20) return -RSE_INVAL; - - /* - * Too long or short, not good. - */ - if ((start < 0) || - ((start > 0) && (start < 20))) return -RSE_INVAL; - - if ((size_t) start >= (packet->length - 2)) return -RSE_INVAL; - - end = packet->data + packet->length; - - /* - * Loop over the packet, converting attrs to VPs. - */ - if (start == 0) { - data = packet->data + 20; - } else { - data = packet->data + start; - data += data[1]; - if (data >= end) return 0; - } - - for (attr = data; attr < end; attr += attr[1]) { - const DICT_VENDOR *dv = NULL; - -#ifndef NEBUG - /* - * This code is copied from packet_ok(). - * It could be put into a separate function. - */ - if ((attr + 2) > end) { - nr_debug_error("Attribute overflows packet"); - return -RSE_ATTR_OVERFLOW; - } - - if (attr[1] < 2) { - nr_debug_error("Attribute length is too small"); - return -RSE_ATTR_TOO_SMALL; - } - - if ((attr + attr[1]) > end) { - nr_debug_error("Attribute length is too large"); - return -RSE_ATTR_TOO_LARGE; - } -#endif - - if ((vendor == 0) && (attr[0] == attribute)) { - *pdata = attr + 2; - *plength = attr[1] - 2; - return attr - packet->data; - } - -#ifndef WITHOUT_VSAS - if (vendor != 0) { - uint32_t vendorpec; - - if (attr[0] != PW_VENDOR_SPECIFIC) continue; - - if (attr[1] < 6) continue; - - memcpy(&vendorpec, attr + 2, 4); - vendorpec = ntohl(vendorpec); - if (vendor != vendorpec) continue; - - if (!dv) { - dv = nr_dict_vendor_byvalue(vendor); - if (dv && - ((dv->type != 1) || (dv->length != 1))) { - return -RSE_VENDOR_UNKNOWN; - } - } - - /* - * No data. - */ - if (attr[1] < 9) continue; - - /* - * Malformed, or more than one VSA in - * the Vendor-Specific - */ - if (attr[7] + 6 != attr[1]) continue; - - /* - * Not the right VSA. - */ - if (attr[6] != attribute) continue; - - *pdata = attr + 8; - *plength = attr[1] - 8; - return attr - packet->data; - } -#endif - } - - return 0; /* nothing more: stop */ -} - diff --git a/lib/radius/client.h b/lib/radius/client.h deleted file mode 100644 index ab4718a..0000000 --- a/lib/radius/client.h +++ /dev/null @@ -1,1302 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file client.h - * \brief Main header file. - */ - -#ifndef _RADIUS_CLIENT_H_ -#define _RADIUS_CLIENT_H_ 1 - -/* - * System-specific header files. - */ -#include <config.h> -#include <errno.h> -#include <stdio.h> -#ifdef HAVE_STDINT_H -#include <stdint.h> -#endif -#ifdef HAVE_STDLIB_H -#include <stdlib.h> -#endif -#ifdef HAVE_STRING_H -#include <string.h> -#endif -#include <stdarg.h> -#include <sys/types.h> -#ifdef HAVE_NETDB_H -#include <netdb.h> -#endif -#ifdef HAVE_NETINET_IN_H -#include <netinet/in.h> -#endif -#ifdef HAVE_SYS_TIME_H -#include <sys/time.h> -#endif - -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include <radsec/radius.h> - -/** \defgroup build Build Helpers - * - * These definitions give the GNU C compiler more information about - * the functions being compiled. They are used to either remove - * warnings, or to enable better warnings. - **/ - -/** \defgroup custom Portability Functions - * - * These functions and definitions should be modified for your local - * system. See the individual definitions for details. - */ - -/** \defgroup error Error handling - * - * These definitions and routines manage errors. - */ - -/** \defgroup value_pair Attribute manipulation - * - * These routines manage structures which map to attributes. - */ - -/**\defgroup dict Dictionary Lookup Functions - * - * \sa doc/dictionaries.txt - * - * The RADIUS dictionaries perform name to number mappings. The names - * are used only for administrator convenience, for parsing - * configuration files, and printing humanly-readable output. The - * numbers are used when encoding data in a packet. - * - * When attributes are decoded from a packet, the numbers are used to - * look up the associated name, which is then placed into a data - * structure. - * - * When the data structures are encoded into a packet, the numbers are - * used to create RFC and VSA format attributes. - * - * \attention The definitions, structures, and functions given below - * are useful only for implementing "low level" RADIUS - * functionality. There is usually no need to refer to them in a - * client application. The library should be used at a higher level, - * which exposes a much simpler API. - */ - -/** \defgroup packet Packet manipulation - * - * These routines perform encoding and decoding of RADIUS packets. - */ - -/** \defgroup print Print / parse functions - * - * These routines convert the internal data structures to a printable - * form, or parse them. - */ - -/** \defgroup id ID allocation and freeing - * - * These routines manage RADIUS ID allocation. - */ - -/** \defgroup attr Low-level attribute encode/decoding - * - * These routines perform "low level" encoding, decoding, sending, and - * reception of RADIUS attributes. They are called by the \ref packet - * functions. - * - * \attention The structures and functions given below are useful only - * for implementing "low level" RADIUS functionality. There is usually - * no need to refer to them in a client application. The library - * should be used at a higher level, which exposes a much simpler API. - */ - -/** \defgroup internal Internal support functions. - * - * These functions are required to perform internal or "low-level" - * data manipulation. While they are exposed for completeness, they - * should not be called by any application. - */ - -#ifdef PW_EAP_MESSAGE -#ifndef PW_MESSAGE_AUTHENTICATOR -#error EAP-Message requires Message-Authenticator -#endif -#endif - -#ifdef WITHOUT_OPENSSL -#include "md5.h" -#else -#include <openssl/md5.h> -#endif - -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5_CTX MD5_CTX -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5Init MD5_Init -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5Update MD5_Update -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5Final MD5_Final - - -#ifndef RS_MAX_PACKET_LEN -/** The maximum size of a packet that the library will send or receive. \ingroup custom - * - * The RFC requirement is to handle at least 4K packets. However, if - * you expect to only do username/password authentication, this value - * can be set to a smaller value, such as 256. - * - * Be warned that any packets larger than this value will be ignored - * and silently discarded. - */ -#define RS_MAX_PACKET_LEN (4096) -#endif - -#ifndef RS_MAX_ATTRIBUTES -/** The maximum number of attributes that the library will allow in a packet. \ingroup custom - * - * Packets which contain more than ::RS_MAX_ATTRIBUTES will generate - * an error. This value is configurable because there may be a need - * to accept a large mumber of attributes. - * - * This value is ignored when packets are sent. The library will - * send as many attributes as it is told to send. - */ -#define RS_MAX_ATTRIBUTES (200) -#endif - -#undef RS_MAX_PACKET_CODE -/** The maximum RADIUS_PACKET::code which we can accept. \ingroup dict - * - * \attention This should not be changed, as it is used by other - * structures such as ::nr_packet_codes. - */ -#define RS_MAX_PACKET_CODE PW_COA_NAK - -/** The maximum vendor number which is permitted. \ingroup dict - * - * The RFCs require that the Vendor Id or Private Enterprise Number - * be encoded as 32 bits, with the upper 8 bits being zero. - */ -#define RS_MAX_VENDOR (1 << 24) - -/** Data Type Definitions. \ingroup dict - */ -#define TAG_VALID(x) ((x) < 0x20) - -/** The attribute is not encrypted. */ -#define FLAG_ENCRYPT_NONE (0) - -/** The attribute is encrypted using the RFC 2865 User-Password method */ -#define FLAG_ENCRYPT_USER_PASSWORD (1) - -/** The attribute is encrypted using the RFC 2868 Tunnel-Password method */ -#define FLAG_ENCRYPT_TUNNEL_PASSWORD (2) - -/** A set of flags which determine how the attribute should be handled. - * - * Most attributes are "normal", and do not require special handling. - * However, some require "encryption", tagging, or have other special - * formats. This structure contains the various options for the - * attribute formats. - */ -typedef struct attr_flags { - unsigned int has_tag : 1; /**< Attribute has an RFC 2868 tag */ - unsigned int unknown : 1; /**< Attribute is unknown */ -#ifdef RS_TYPE_TLV - unsigned int has_tlv : 1; /* has sub attributes */ - unsigned int is_tlv : 1; /* is a sub attribute */ -#endif - unsigned int extended : 1; /* extended attribute */ - unsigned int extended_flags : 1; /* with flag */ - unsigned int evs : 1; /* extended VSA */ - uint8_t encrypt; /**< Attribute encryption method */ - uint8_t length; /**< The expected length of the attribute */ -} ATTR_FLAGS; - - -/** Defines an dictionary mapping for an attribute. \ingroup dict - * - * The RADIUS dictionaries map humanly readable names to protocol - * numbers. The protocol numbers are used to encode/decode the - * attributes in a packet. - */ -typedef struct nr_dict_attr { - unsigned int attr; /**< Attribute number */ - rs_attr_type_t type; /**< Data type */ - unsigned int vendor; /**< Vendor-Id number */ - ATTR_FLAGS flags; - const char *name; /**< Printable name */ -} DICT_ATTR; - -/** Defines a dictionary mapping for a named enumeration. \ingroup dict - * - * This structure is currently not used. - */ -typedef struct nr_dict_value { - const DICT_ATTR *da; /**< pointer to a ::DICT_ATTR */ - int value; /**< enumerated value */ - char name[1]; /**< printable name */ -} DICT_VALUE; - -/** Defines an dictionary mapping for a vendor. \ingroup dict - * - * The RADIUS dictionaries map humanly readable vendor names to a - * Vendor-Id (or Private Enterprise Code) assigned by IANA. The - * Vendor-Id is used to encode/decode Vendor-Specific attributes in a - * packet. - */ -typedef struct nr_dict_vendor { - unsigned int vendor; /**< Vendor Private Enterprise Code */ - size_t type; /**< size of Vendor-Type field */ - size_t length; /**< size of Vendor-Length field */ - const char *name; /**< Printable name */ -} DICT_VENDOR; - -/** Union holding all possible types of data for a ::VALUE_PAIR. \ingroup value_pair - * - */ -typedef union value_pair_data { - char strvalue[RS_MAX_STRING_LEN]; /* +1 for NUL */ - uint8_t octets[253]; - struct in_addr ipaddr; - struct in6_addr ipv6addr; - uint32_t date; - uint32_t integer; -#ifdef RS_TYPE_SIGNED - int32_t sinteger; -#endif -#ifdef RS_TYPE_ABINARY - uint8_t filter[32]; -#endif - uint8_t ifid[8]; /* struct? */ - uint8_t ipv6prefix[18]; /* struct? */ -#ifdef RS_TYPE_TLV - uint8_t *tlv; -#endif -} VALUE_PAIR_DATA; - - -/** C structure version of a RADIUS attribute. \ingroup value_pair - * - * The library APIs use this structure to avoid depending on the - * details of the protocol. - */ -typedef struct value_pair { - const DICT_ATTR *da; /**< dictionary definition */ - size_t length; /**< number of octets in the data */ - int tag; /**< tag value if da->flags.has_tag */ - struct value_pair *next; /**< enables a linked list of values */ - VALUE_PAIR_DATA data; /**< the data of the attribute */ -} VALUE_PAIR; -#define vp_strvalue data.strvalue -#define vp_octets data.octets -#define vp_ipv6addr data.ipv6addr -#define vp_ifid data.ifid -#define vp_ipv6prefix data.ipv6prefix -#define vp_ipaddr data.ipaddr.s_addr -#define vp_date data.integer -#define vp_integer data.integer -#ifdef RS_TYPE_ABINARY -#define vp_filter data.filter -#endif -#ifdef RS_TYPE_ETHER -#define vp_ether data.ether -#endif -#ifdef RS_TYPE_SIGNED -#define vp_signed data.sinteger -#endif -#ifdef RS_TYPE_TLV -#define vp_tlv data.tlv -#endif - -#ifdef RS_TYPE_TLV -#define RS_ATTR_MAX_TLV (4) -extern const int nr_attr_shift[RS_ATTR_MAX_TLV]; -extern const int nr_attr_mask[RS_ATTR_MAX_TLV]; -extern const unsigned int nr_attr_max_tlv; -#endif - -/** A structure which describes a RADIUS packet. \ingroup packet - * - * In general, it should not be necessary to refererence the elements - * of this structure. - */ -typedef struct radius_packet { - int sockfd; /** The socket descriptor */ - struct sockaddr_storage src; /**< The packet source address */ - struct sockaddr_storage dst; /**< the packet destination address */ - const char *secret; /**< The shared secret */ - size_t sizeof_secret; /**< Length of the shared secret */ - unsigned int code; /**< The RADIUS Packet Code */ - int id; /**< The RADIUS Packet Id */ - size_t length; /**< The RADIUS Packet Length. This will be no larger than RADIUS_PACKET::sizeof_data */ - uint8_t vector[16]; /**< A copy of the authentication vector */ - int flags; /**< Internal flags. Do not modify this field. */ - int attempts; /**< The number of transmission attempt */ - uint8_t *data; /**< The raw packet data */ - size_t sizeof_data; /**< size of the data buffer */ - VALUE_PAIR *vps; /**< linked list of ::VALUE_PAIR */ -} RADIUS_PACKET; - -#define RS_PACKET_ENCODED (1 << 0) -#define RS_PACKET_HEADER (1 << 1) -#define RS_PACKET_SIGNED (1 << 2) -#define RS_PACKET_OK (1 << 3) -#define RS_PACKET_VERIFIED (1 << 4) -#define RS_PACKET_DECODED (1 << 5) - - -/** Track packets sent to a server. \ingroup id - * - * This data structure tracks Identifiers which are used to - * communicate with a particular destination server. The application - * should call nr_server_init() to initialize it. If necessary, the - * application should then call nr_server_set_ipv4() to open an IPv4 - * socket to the server. - * - * If the RADIUS packets are being transported over an encapsulation - * layer (e.g. RADIUS over TLS), then nr_server_set_ipv4() does not - * need to be called. The ::nr_server_t structure should instead be - * associated wih the TLS session / socket. - */ -typedef struct nr_server_t { - int sockfd; /**< socket for sending packets */ - int code; /**< default value for the Code */ - - struct sockaddr_storage src; /**< Source address of the packet */ - struct sockaddr_storage dst; /**< Destination address of the packet */ - - /** The shared secret. - * - * See also nr_packet_send() and nr_packet_recv(). - */ - const char *secret; - - /** The length of the shared secret. - * - * See also nr_packet_send() and nr_packet_recv(). - */ - size_t sizeof_secret; - - int used; /**< Number of used IDs */ - - void *free_list; /**< For managing packets */ - - RADIUS_PACKET *ids[256]; /**< Pointers to "in flight" packets */ -} nr_server_t; - - -/** Return a printable error message. \ingroup error - * - * This function returns a string describing the last error that - * occurred. These messages are intended for developers, and are not - * suitable for display to an end user. The application using this - * library should instead produce a "summary" message when an error - * occurs. e.g. "Failed to receive a response", is better than - * messages produced by this function, which contain text like - * "invalid response authentication vector". The first is - * understandable, the second is not. - * - * @param[in] error The error code (can be less than zero) - * @return A printable string describing the error. - */ -extern const char *nr_strerror(int error); - -/** Allocate a ::VALUE_PAIR which refers to a ::DICT_ATTR. \ingroup value_pair - * - * This returned ::VALUE_PAIR has no data associated with it. The - * nr_vp_set_data() function must be called before placing the - * ::VALUE_PAIR in a ::RADIUS_PACKET. - * - * @param[in] da The ::DICT_ATTR associated with the ::VALUE_PAIR - * @return The created ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da); - -/** Free a ::VALUE_PAIR. \ingroup value_pair - * - * This function frees the ::VALUE_PAIR, and sets the head pointer to NULL. - * If head refers to a ::VALUE_PAIR list, then all of the structures in the - * list are freed. - * - * @param[in,out] head The pointer to a ::VALUE_PAIR, or a ::VALUE_PAIR list. - */ -extern void nr_vp_free(VALUE_PAIR **head); - -/** Initializes a ::VALUE_PAIR from a ::DICT_ATTR \ingroup value_pair - * - * This function assumes that the ::VALUE_PAIR points to existing - * and writable memory. - * - * @param[in,out] vp The ::VALUE_PAIR to be initialized - * @param[in] da The ::DICT_ATTR used to initialize the ::VALUE_PAIR - * @return The initialized ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da); - -/** Allocate a ::VALUE_PAIR which refers to an unknown attribute. \ingroup value_pair - * - * It is used when an attribute is received, and that attribute does - * not exist in the dictionaries. - * - * The returned ::VALUE_PAIR has no data (i.e. VALUE_PAIR::length is - * zero). The nr_vp_set_data() function must be called before - * placing the ::VALUE_PAIR in a ::RADIUS_PACKET. - * - * @param[in] attr The attribute number, 0..2^16 - * @param[in] vendor The vendor number, 0..2^16 - * @return The created ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor); - -/** Set the data associated with a previously allocated ::VALUE_PAIR. \ingroup value_pair - * - * If this function succeeds, VALUE_PAIR::length is no longer zero, - * and the structure contains the data. - * - * @param[in,out] vp The ::VALUE_PAIR to update - * @param[in] data Data to set inside of the ::VALUE_PAIR - * @param[in] data_len Length of the data field - * @return <0 on error, 0 for "data was truncated" - * >0 for "data successfully added" - */ -extern int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t data_len); - -/** Create a ::VALUE_PAIR and set its data. \ingroup value_pair - * - * @param[in] attr The attribute number of the ::VALUE_PAIR to create - * @param[in] vendor The vendor number of the ::VALUE_PAIR to create - * @param[in] data Data to set inside of the ::VALUE_PAIR - * @param[in] data_len Length of the data field - * @return The created ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, - size_t data_len); - -/** Append a ::VALUE_PAIR to the end of a ::VALUE_PAIR list. \ingroup value_pair - * - * @param[in,out] head The head of the ::VALUE_PAIR list. May not be NULL. - * @param[in] vp The ::VALUE_PAIR to append to the list. - */ -extern void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *vp); - -/** Search a ::VALUE_PAIR list for one of a given number. \ingroup value_pair - * - * @param[in] head The head of the ::VALUE_PAIR list to search. - * @param[in] attr The attribute number of the ::VALUE_PAIR to find - * @param[in] vendor The vendor number of the ::VALUE_PAIR to find - * @return The found ::VALUE_PAIR, or NULL if it was not found. - */ -extern VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, - unsigned int attr, unsigned int vendor); - -/** Look up an attribute in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the attribute, - * such as printable name, data type (ipaddr, integer, etc), and - * various other things used to encode/decode the attribute in a - * packet. - * - * \attention There is usually no need to call this function. Use - * the RS_DA_* definitions instead. - * - * @param[in] attr Value of the attribute - * @param[in] vendor Value of the vendor - * @return NULL for "not found", or a pointer to the attribute mapping. - */ -extern const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, - unsigned int vendor); - -/** Look up an attribute in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the attribute, - * such as printable name, data type (ipaddr, integer, etc), and - * various other things used to encode/decode the attribute in a - * packet. - * - * \attention There is usually no need to call this function. - * - * @param[in] name Name of the attribute - * @return NULL for "not found", or a pointer to the attribute mapping. - */ -extern const DICT_ATTR *nr_dict_attr_byname(const char *name); - -/** Converts raw data to a ::DICT_ATTR structure. \ingroup dict - * - * It is called when the library is asked to decode an attribute - * which is not in the pre-defined dictionaries. - * - * \attention There is usually no need to call this function. - * - * @param[in,out] da The ::DICT_ATTR structure to initialize - * @param[in] attr The attribute number - * @param[in] vendor The vendor number - * @param[in] buffer The buffer where the name of the attribute is stored - * @param[in] bufsize Size of the buffer - * @return <0 for error, 0 for success - */ -extern int nr_dict_attr_2struct(DICT_ATTR *da, - unsigned int attr, unsigned int vendor, - char *buffer, size_t bufsize); - -/** Unused. \ngroup dict - * - */ -extern const DICT_VALUE *nr_dict_value_byattr(unsigned int attr, - unsigned int vendor, - int value); - -/** Unused. \ngroup dict - * - */ -const DICT_VALUE *nr_dict_value_byname(unsigned int attr, - unsigned int vendor, - const char *name); - -/** Look up a vendor in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the vendor, such - * as printable name, VSA encoding method, etc. - * - * \attention There is usually no need to call this function. - * Applications do not need access to low-level RADIUS protocol - * information. - * - * @param[in] name Name of the vendor. - * @return NULL for "not found", or a pointer to the vendor mapping. - */ -extern int nr_dict_vendor_byname(const char *name); - -/** Look up an vendor in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the vendor, such - * as printable name, VSA encoding method, etc. - * - * \attention There is usually no need to call this function. - * - * @param[in] vendor Vendor-Id (or Private Enterprise code) for the vendor. - * @return NULL for "not found", or a pointer to the vendor mapping. - */ -extern const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor); - -/** Static array of known vendors. \ingroup dict - * - * \attention This structure should only be accessed by internal RADIUS library - * functions. - */ -extern const DICT_VENDOR nr_dict_vendors[]; - -/** The number of attribute definitions in the dictionary. \ingroup dict - * - * This number is guaranteed to be at least 256, for speed. - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const int nr_dict_num_attrs; - -/** The list of attribute definitions. \ingroup dict - * - * The "standard" RFC attributes are located in the first 256 - * entries. Standard attributes without a dictionary definition are - * given an empty entry. - * - * The attributes are orderd by (vendor, attribute), in increasing - * order. This allows the dictionary lookups to find attributes by a - * binary search. - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const DICT_ATTR nr_dict_attrs[]; - -/** The number of attributes with names. \ingroup dict - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const int nr_dict_num_names; - -/** The list of attribute definitions, organized by name. \ingroup dict - * - * The attributes are orderd by name (case insensitive), in - * increasing order. This allows the dictionary lookups to find - * attributes by a binary search. - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const DICT_ATTR const *nr_dict_attr_names[]; - -/** Static array containing names the RADIUS_PACKET::code field. \ingroup dict - * - * The names are hard-coded and not in any dictionary because they do - * not change. - * - * The names are exported because they may be useful in your - * application. Packet codes which are not handled by the library - * have NULL for their names. - */ -extern const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1]; - -/** Verifies that a packet is "well formed". \ingroup packet - * - * This function performs basic validation to see if the packet is - * well formed. It is automatically called by nr_packet_decode(). - * - * @param[in] packet A pointer to the ::RADIUS_PACKET data. - * @return <0 means malformed, >= 0 means well-formed. - */ -extern int nr_packet_ok(RADIUS_PACKET *packet); - -/** Verifies that a packet is "well formed". \ingroup packet - * - * This function performs basic validation to see if the packet is - * well formed. You should normally use nr_packet_ok() instead of - * this function. - * - * @param[in] data A pointer to the raw packet data. - * @param[in] sizeof_data The length of the raw packet data - * @return <0 means malformed, >= 0 means well-formed. - */ -extern int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data); - -/** Encodes a packet. \ingroup packet - * - * This function encodes a packet using the fields of the - * ::RADIUS_PACKET structure. The RADIUS_PACKET::code and - * RADIUS_PACKET::id fields are used to fill in the relevant fields - * of the raw (encoded) packet. The RADIUS_PACKET::vps list is - * walked to encode the attributes. The packet is signed, if - * required. - * - * The raw packet is placed into the RADIUS_PACKET::data field, up to - * RADIUS_PACKET::sizeof_data bytes. the RADIUS_PACKET::length field - * is updated with the length of the raw packet. This field is - * always less than, or equal to, the RADIUS_PACKET::size_data field. - * If there is insufficient room to store all of the attributes, then - * some attributes are silently discarded. - * - * The RADIUS_PACKET::vector field is either calculated as part of - * the signing process, or is initialized by this function to be a - * random sequence of bytes. That field should therefore be left - * alone by the caller. - * - * When the encoding has been successful, it sets the - * RADIUS_PACKET::encoded field to non-zero. - * - * In addition, all required attribute "encryption" is performed. - * - * User-Password. The vp_strvalue field is assumed to contain the - * "clear-text" version of the password. The encrypted version is - * calculated, and placed in the packet. - * - * CHAP-Password. The vp_strvalue field is assumed to contain the - * "clear-text" version of the password. The encrypted version is - * calculated, and placed in the packet. If the RADIUS_PACKET::vps - * list contains a CHAP-Challenge attribute, it is used. Otherwise - * the RADIUS_PACKET::vector field is used a the challenge. - * - * Message-Authenticator. The contents of the Message-Authenticator - * in the RADIUS_PACKET::vps list are ignored. Instead, a - * "place-holder" is put into the packt. Tthe correct value is - * calculated and placed into the packet by nr_packet_sign(). - * - * The RADIUS_PACKET::vps list is left untouched by this function, - * even when attribute encryption or signing is performed. Any - * VALUE_PAIR structures can therefore be taken from static "const" - * variables. - * - * @param[in] packet The RADIUS packet to encode. - * @param[in] original The original request, when encoding a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); - -/** Decodes a packet. \ingroup packet - * - * This function decodes a packet from the RADIUS_PACKET::data field - * into a sequence of ::VALUE_PAIR structures in the - * RADIUS_PACKET::vps list. - * - * @param[in] packet The RADIUS packet to decode. - * @param[in] original The original request, when decoding a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); - -/** Signs a packet so that it can be sent. \ingroup packet - * - * This function calculates the Message-Authenticator (if required), - * and signs the packet. - * - * @param[in] packet The RADIUS packet to sign. - * @param[in] original The original request, when signing a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original); - -/** Verifies that a packet is well-formed and contains the correct signature. \ingroup packet - * - * If "original" is specified, it also verifies that the packet is a - * response to the original request, and that it has the correct - * signature. - * - * @param[in] packet The RADIUS packet to verify. - * @param[in] original The original request, when verifying a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_verify(RADIUS_PACKET *packet, - const RADIUS_PACKET *original); - -/** Pretty-prints a hex dump of a RADIUS packet. \ingroup packet print - * - * This function is available only in debugging builds of the - * library. It is useful during development, but should not be used - * in a production system. - * - * The packet headers are printed individually, and each attribute is - * printed as "type length data..." - * - * @param[in] packet The RADIUS packet to print - */ -extern void nr_packet_print_hex(RADIUS_PACKET *packet); - - -/** Return the given number of random bytes. \ingroup custom - * - * This function should be replaced by one that is specific to your - * system. - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @param[in] data Location where the random bytes will be stored - * @param[in] data_len Number of bytes to store - * @return <0 on error, or the total number of bytes stored. - */ -extern ssize_t nr_rand_bytes(uint8_t *data, size_t data_len); - -/** Return a random 32-bit integer. \ingroup custom - * - * This function should be replaced by one that is specific to your - * system. The version supplied here just calls nr_rand_bytes() each - * time, which is slow. - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @return An unsigned 32-bit random integer. - */ -extern uint32_t nr_rand(void); - -/** Add a time to the given ::struct timeval. \ingroup custom - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @param[in,out] t The timeval to which the time is added. - * @param[in] seconds Time in seconds to add - * @param[in] usec Time in microseconds to add - */ -extern void nr_timeval_add(struct timeval *t, unsigned int seconds, - unsigned int usec); - -/** Compare two times. \ingroup custom - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @param[in] a One timeval - * @param[in] b Another one - * @return a <=> b - */ -extern int nr_timeval_cmp(const struct timeval *a, const struct timeval *b); - -/** Initializes an ::nr_server_t. \ingroup id - * - * @param[in,ut] s The ::nr_server_t to initialize - * @param[in] code The packet code used for packets sent to this server - * @param[in] secret The shared secret used for packet sent to this server - * @return <0 for error, >= 0 for success - */ -extern int nr_server_init(nr_server_t *s, int code, const char *secret); - -/** Closes an ::nr_server_t data structure. \ingroup id - * - * Ensures that all IDs are free, and closes the socket. - * - * @param[in] s The server structure to close. - * @return <0 for error, 0 for success - */ -extern int nr_server_close(const nr_server_t *s); - -/** Allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id - * - * This function allocates a RADIUS_PACKET::id from the ::nr_server_t - * structure. It also fills in the RADIUS_PACKET::sockfd, - * RADIUS_PACKET::code, and RADIUS_PACKET::dst fields. - * - * @param[in] s The server structure which tracks the ID - * @param[in] packet The packet which needs an ID - * @return <0 for error, 0 for success - */ -extern int nr_server_id_alloc(nr_server_t *id, RADIUS_PACKET *packet); - -/** Re-allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id - * - * It is used when retransmitting an Accounting-Request packet to a - * server, after updating the Acct-Delay-Time field. The "realloc" - * name means that the new ID is allocated, and is guaranteed to be - * different from the old one. - * - * @param[in] s The server structure which tracks the ID - * @param[in] packet The packet which needs a new ID - * @return <0 for error, 0 for success - */ -extern int nr_server_id_realloc(nr_server_t *id, RADIUS_PACKET *packet); - -/** Free a RADIUS_PACKET::id value after sending a packet to a server. \ingroup id - * - * @param[in] s The server structure which tracks the ID - * @param[in] packet The packet which has an ID, and wants to free it - * @return <0 for error, 0 for success - */ -extern int nr_server_id_free(nr_server_t *id, RADIUS_PACKET *packet); - - -/** Allocates a packet using malloc(), and initializes it. \ingroup id - * - * @param[in] s The server structure - * @param[in,out] packet_p Pointer to the ::RADIUS_PACKET to be allocated - * @return <0 for error, 0 for success - */ -extern int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p); - -/** Record a humanly readable error message. \ingroup error - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[in] fmt The format to use. - */ -extern void nr_strerror_printf(const char *fmt, ...); - -#ifndef NDEBUG -#define nr_debug_error nr_strerror_printf /** \ingroup error */ -#else -#define nr_debug_error if (0) nr_strerror_printf -#endif - -/** Encrypts or decrypts a User-Password attribute. \ingroup internal - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[out] output Buffer where the password is stored - * @param[out] outlen Size of the output buffer - * @param[in] input Input buffer with password - * @param[in] inlen Length of the input buffer - * @param[in] secret The shared secret - * @param[in] vector Authentication vector - * @return <0 on error, or the length of data in "output" - */ -extern ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector); - -/** Encrypts a Tunnel-Password attribute. \ingroup internal - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[out] output Buffer where the password is stored - * @param[out] outlen Size of the output buffer - * @param[in] input Input buffer with password - * @param[in] inlen Length of the input buffer - * @param[in] secret The shared secret - * @param[in] vector Authentication vector - * @return <0 on error, or the length of data in "output" - */ -extern ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector); - -/** Decrypts a Tunnel-Password attribute. \ingroup internal - * - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[out] output Buffer where the password is stored - * @param[out] outlen Size of the output buffer - * @param[in] input Input buffer with password - * @param[in] inlen Length of the input buffer - * @param[in] secret The shared secret - * @param[in] vector Authentication vector - * @return <0 on error, or the length of data in "output" - */ -extern ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector); - -/** Calculates an HMAC-MD5. \ingroup internal - * - * @param[in] data Data to be hashed - * @param[in] data_len Length of data to be hashed - * @param[in] key Key for the HMAC - * @param[in] key_len Length of the key - * @param[out] digest - */ -extern void nr_hmac_md5(const uint8_t *data, size_t data_len, - const uint8_t *key, size_t key_len, - uint8_t digest[16]); - -/** Checks if a TLV is properly formatted. \ingroup internal - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[in] data Data to check - * @param[in] length Length of the data field - * @param[in] dv_type Length of the TLV "type" field - * @param[in] dv_length Length of the TLV "length" field - * @return <0 on error, 0 for "TLV is OK" - */ -extern int nr_tlv_ok(const uint8_t *data, size_t length, - size_t dv_type, size_t dv_length); - -/** A callback function used by nr_packet_walk(). \ingroup packet - * - * The function should return 0 on success (i.e. keep walking), and - * otherwise a negative number indicating an error code - * (::nr_error_t). That negative number will be used as the return - * code for nr_packet_walk(). - */ -typedef int (*nr_packet_walk_func_t)(void *, const DICT_ATTR *, const uint8_t *, size_t); - -/** Walks over all attributes in a packet. \ingroup packet - * - * This function is an iterator which calls a user-supplied callback - * function for each attribute in the packet. It should be used - * instead of manually walking over the attributes. There are a - * number of odd corner cases when handling Vendor-Specific - * attributes, and it is easy to get those corner cases wrong. - * - * This function iterates over *all* attributes, including nested - * VSAs. That is its main value. - * - * Encrypted attributes such as User-Password are not decrypted. - * - * @param[in] packet The packet containing the data - * @param[in] ctx A user-supplied context. May be NULL - * @param[in] callback The callback function where the information is passed. - * - * @return <0 for error, - * 0 for success. - */ -extern int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, - nr_packet_walk_func_t callback); - -/** Initialize a packet - * - * If original is specified, the packet is initialized as a response - * to the original request. - * - * @param[in,out] packet The packet to initialize - * @param[in] original The original request (if any) to use as a template - * @param[in] secret Shared secret - * @param[in] code RADIUS Code field. - * @param[in] data Buffer where packets will be stored (RADIUS_PACKET::data) - * @param[in] sizeof_data Size of buffer (RADIUS_PACKET::sizeof_data) - * @return <0 on error, 0 for success. - */ -extern int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret, int code, - void *data, size_t sizeof_data); - -/** Add one attribute to the packet. - * - * This function can be used to add "raw" data to a packet. It - * allows the caller to extend the RADIUS packet without using a - * ::VALUE_PAIR data structure. - * - * Some attributes are handled specially by this function. - * - * EAP-Message. This attribute is automatically split into 253-octet - * chunks. - * - * User-Password, CHAP-Password, and Message-Authenticator. These - * attributes are automatically encrypted, as is done by - * nr_packet_encode(). - * - * @param[in] packet The packet to edit - * @param[in] original The original request (if any) - * @param[in] da Pointer to the attribute definition - * @param[in] data Data to append to the packet - * @param[in] data_len Length of data to append to the packet - * - * @return <0 for error, >= 0 for "successfully appended data" - * The function returns the number of octets appended to the packet. - */ -extern ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const DICT_ATTR *da, - const void *data, size_t data_len); - - -/** Encodes any ::VALUE_PAIR into an attribute. \ingroup attr - * - * This function can be called for any ::VALUE_PAIR. It will examine - * that structure, and call one of nr_vp2rfc() or nr_vp2vsa() as - * necessary. - * - * \attention This function should not be called. - * - * @param[in] packet Where to place the encoded attribute. - * @param[in] original The original request (optional), if "packet" is a response - * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. - * @param[in] data Where the attribute is to be encoded. - * @param[in] room How many octets are available for attribute encoding. - * - * @return <0 for error, or the number of octets used to encode the attribute. - */ -extern ssize_t nr_vp2attr(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *data, size_t room); - -/** Encodes an RFC "standard" ::VALUE_PAIR into an attribute. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet Where to place the encoded attribute. - * @param[in] original The original request (optional), if "packet" is a response - * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. - * @param[in] data Where the attribute is to be encoded. - * @param[in] room How many octets are available for attribute encoding. - * - * @return <0 for error, or the number of octets used to encode the attribute. - */ -extern ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - uint8_t *data, size_t room); - -/** Decodes any attribute into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Decodes an RFC "standard" attribute into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Decodes a Vendor-Specific attribute into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Decodes an attribute with an unexpected length into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Encodes a Vendor-Specific ::VALUE_PAIR into an attribute. - * - * \attention This function should not be called. - * - * @param[in] packet Where to place the encoded attribute. - * @param[in] original The original request (optional), if "packet" is a response - * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. - * @param[in] data Where the attribute is to be encoded. - * @param[in] room How many octets are available for attribute encoding. - * - * @return <0 for error, or the number of octets used to encode the attribute. - */ -extern ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *data, - size_t room); - -/** Returns raw data from the RADIUS packet, for a given attribute. \ingroup attr - * - * This function can be called repeatedly to find all instances of a - * given attribute. The first time it is called, the "start" - * parameter should be zero. If the function returns a non-zero - * positive number, it means that there *may* be more attributes - * available. The returned value should be then passed via the - * "start" option in any subsequent calls to the function. - * - * This function should be called by an application when it wants - * access to data which is not in the pre-defined dictionaries. - * - * @param[in] packet The packet containing the attribute. - * @param[in] start Where in the packet we start searching for the attribute. - * @param[in] attr Value of the attribute to search for - * @param[in] vendor Value of the vendor (use 0 for IETF attributes) - * @param[out] pdata Pointer to the data. If no data was found, the pointer is unchanged. - * @param[out] plength Length of the data. If no data was found, the value pointed to is unchanged. - * - * @return <0 for error, - * 0 for "no attribute found, stop searching" - * >0 offset where the attribute was found. - */ -extern ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, - unsigned int attr, unsigned int vendor, - const uint8_t **pdata, size_t *plength); - -/** Pretty-print the entire ::VALUE_PAIR \ingroup print - * - * All data is printed in ASCII format. The data type of "octets" is - * printed as a hex string (e.g. 0xabcdef01...). The data type of - * "ipaddr" is printed as a dotted-quad (e.g. 192.0.2.15). - * - * The format is "Attribute-Name = value" - * - * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored - * @param[in] bufsize size of the output buffer - * @param[in] vp ::VALUE_PAIR to print - * @return length of data in buffer - */ -extern size_t nr_vp_snprintf(char *buffer, size_t bufsize, const VALUE_PAIR *vp); - -/** Pretty-print the VALUE_PAIR::data field \ingroup print - * - * Prints the value of a ::VALUE_PAIR, without the name or "=" sign. - * - * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored - * @param[in] bufsize size of the output buffer - * @param[in] vp ::VALUE_PAIR to print - * @return length of data in buffer - */ -extern size_t nr_vp_snprintf_value(char *buffer, size_t bufsize, const VALUE_PAIR *vp); - -/** Prints a list of :VALUE_PAIR structures to the given output. \ingroup print - * - * @param[in] fp Where to print the results - * @param[in] vps Linked list of ::VALUE_PAIR to print - */ -extern void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps); - -/** Scan a string into a ::VALUE_PAIR. The counterpart to - * nr_vp_snprintf_value() \ingroup print - * - * @param[in] string Printable version of the ::VALUE_PAIR - * @param[out] pvp Newly allocated ::VALUE_PAIR - * @return <0 on error, 0 for success. - */ -extern int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp); - -/** Scan the data portion of a ::VALUE_PAIR. The counterpart to - * nr_vp_snprintf_value() \ingroup print - * - * @param[in,out] vp The ::VALUE_PAIR where the data will be stored - * @param[in] value The string version of the data to be parsed - * @return <0 on error, >=0 for the number of characters parsed in value. - */ -extern ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value); - -#if defined(__GNUC__) -# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) -# define NEVER_RETURNS __attribute__ ((noreturn)) -# define UNUSED __attribute__ ((unused)) -# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ -#else - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define PRINTF_LIKE(n) - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define NEVER_RETURNS - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define UNUSED - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define BLANK_FORMAT "" -#endif - -#endif /* _RADIUS_CLIENT_H_ */ diff --git a/lib/radius/common.pl b/lib/radius/common.pl deleted file mode 100644 index 7042fe5..0000000 --- a/lib/radius/common.pl +++ /dev/null @@ -1,220 +0,0 @@ -###################################################################### -# Copyright (c) 2011, Network RADIUS SARL -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the <organization> nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -###################################################################### -our %attributes; -our %vendor; -our %vendorpec; -our $begin_vendor = 0; - -$vendorpec{'0'} = "IETF"; - -sub do_file() -{ - my $filename = shift; - my $fh; - - $dir = $filename; - $dir =~ s:/[^/]+?$::; - $lineno = 0; - - open $fh, "<$filename" or die "Failed to open $filename: $!\n"; - - while (<$fh>) { - $lineno++; - next if (/^\s*#/); - next if (/^\s*$/); - s/#.*//; - s/\s+$//; - - next if ($_ eq ""); - - # - # Remember the vendor - # - if (/^VENDOR\s+([\w-]+)\s+(\w+)(.*)/) { - my $me = $1; - - $vendor{$me}{'pec'} = $2; - $vendorpec{$2} = $me; - - $vendor{$me}{'type'} = 1; - $vendor{$me}{'length'} = 1; - - if ($3) { - $format=$3; - $format =~ s/^\s+//; - - if ($format !~ /^format=(\d+),(\d+)$/) { - die "Unknown format $format\n"; - } - $vendor{$me}{'type'} = $1; - $vendor{$me}{'length'} = $2; - } - next; - } - - # - # Remember if we did begin-vendor. - # - if (/^BEGIN-VENDOR\s+([\w-]+)/) { - if (!defined $vendor{$1}) { - die "Unknown vendor $1\n"; - } - $begin_vendor = $vendor{$1}{'pec'}; - next; - } - - # - # Remember if we did this. - # - if (/^END-VENDOR/) { - $begin_vendor = 0; - next; - } - - # - # Get attribute. - # - if (/^ATTRIBUTE\s+([\w-\/.]+)\s+(\w+)\s+(\w+)(.*)/) { - $name=$1; - $value = $2; - $type = $3; - $stuff = $4; - - $value =~ tr/[A-F]/[a-f]/; # normal form for hex - $value =~ tr/X/x/; - - if ($value =~ /^0x/) { - $index = hex $value; - } else { - $index = $value; - } - - next if (($begin_vendor == 0) && ($index > 255)); - - $index += ($begin_vendor << 16); - - $attributes{$index}{'name'} = $name; - $attributes{$index}{'value'} = $value; - if ($begin_vendor ne "") { - $attributes{$index}{'vendor'} = $begin_vendor; - } - - $type =~ tr/a-z/A-Z/; - $attributes{$index}{'type'} = "RS_TYPE_$type"; - - $stuff =~ s/^\s*//; - - if ($stuff) { - foreach $text (split /,/, $stuff) { - if ($text eq "encrypt=1") { - $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_USER_PASSWORD"; - } elsif ($text eq "encrypt=2") { - $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_TUNNEL_PASSWORD"; - - } elsif ($text eq "encrypt=3") { - $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_ASCEND_SECRET"; - - } elsif ($text eq "has_tag") { - $attributes{$index}{'flags'}{'has_tag'} = "1"; - - } elsif ($text =~ /\[(\d+)\]/) { - $attributes{$index}{'flags'}{'length'} = $1; - - } else { - die "$filename: $lineno - Unknown flag $text\n"; - } - } - } - - if ($type eq "BYTE") { - $attributes{$index}{'flags'}{'length'} = "1"; - - } elsif ($type eq "SHORT") { - $attributes{$index}{'flags'}{'length'} = "2"; - - } elsif ($type eq "INTEGER") { - $attributes{$index}{'flags'}{'length'} = "4"; - - } elsif ($type eq "IPADDR") { - $attributes{$index}{'flags'}{'length'} = "4"; - - } elsif ($type eq "DATE") { - $attributes{$index}{'flags'}{'length'} = "4"; - - } elsif ($type eq "IFID") { - $attributes{$index}{'flags'}{'length'} = "8"; - - } elsif ($type eq "IPV6ADDR") { - - $attributes{$index}{'flags'}{'length'} = "16"; - } - - $name2val{$name} = $index; - next; - } - - # - # Values. - # - if (/^VALUE\s+([\d\w-\/.]+)\s+([\w-\/,.+]+)\s+(\w+)(.*)/) { - next; - - $attr = $1; - $name = $2; - $value = $3; - $stuff = $d; - - $value =~ tr/[A-F]/[a-f]/; # normal form for hex - $value =~ tr/X/x/; - - if ($value =~ /^0x/) { - $index = hex $value; - } else { - $index = $value; - } - - if (!defined $name2val{$attr}) { - print "# FIXME: FORWARD REF?\nVALUE $attr $name $value$stuff\n"; - next; - } - - $values{$name2val{$attr}}{$index} = "$attr $name $value$stuff"; - next; - } - - if (/^\$INCLUDE\s+(.*)$/) { - do_file("$dir/$1"); - next; - } - - die "unknown text in line $lineno of $filename: $_\n"; - } - - close $fh; -} - -1; diff --git a/lib/radius/convert.pl b/lib/radius/convert.pl deleted file mode 100755 index 7ca424e..0000000 --- a/lib/radius/convert.pl +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/env perl -###################################################################### -# Copyright (c) 2011, Network RADIUS SARL -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the <organization> nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -###################################################################### -# -# Converts dictionaries to C structures. Does not yet do "VALUE"s. -# -# Usage: ./convert.pl dictionary ... -# -# Reads input dictionaries, and outputs "radius.h" and "dictionaries.c" -# -# $Id$ -# -require "common.pl"; - -# -# Read all of the dictionaries -# -while (@ARGV) { - $filename = shift; - do_file($filename); -} - -# -# For speed, the dictionary data structures have the first 256 -# attributes at fixed offsets in the array. If the user didn't -# define them, then we set them here to be "raw" or unknown. -# -foreach $attr_val (0..255) { - next if defined $attributes{$attr_val}; - - $attributes{$attr_val}{'raw'} = 1; -} - -if (scalar keys %attributes == 0) { - die "No attributes were defined\n"; -} - - -open DICT, ">dictionaries.c" or die "Failed creating dictionaries.c: $!\n"; - -# -# Print out the data structues for the vendors. -# -if (scalar keys %vendor > 0) { - print DICT "const DICT_VENDOR nr_dict_vendors[] = {\n"; - foreach $v (sort keys %vendor) { - print DICT " { \n"; - print DICT " " . $vendor{$v}{'pec'} . ", \n"; - print DICT " " . $vendor{$v}{'type'} . ",\n"; - print DICT " " . $vendor{$v}{'length'} . ",\n"; - print DICT " \"" . $v, "\"\n"; - print DICT " },\n"; - } - print DICT " { \n"; - print DICT " 0,\n"; - print DICT " 0,\n"; - print DICT " 0,\n"; - print DICT " NULL\n"; - print DICT " },\n"; - print DICT "};\n\n"; -} - -# needed for later. -$vendor{""}{'pec'} = 0; - -sub printAttrFlag -{ - my $tmp = $attributes{$attr_val}{'flags'}{$_[0]}; - - if (!$tmp) { - $tmp = 0; - } - - print DICT $tmp . ", "; -} - -# -# Print DICT out the attributes sorted by number. -# -my $offset = 0; -my $num_names = 0; -print DICT "const DICT_ATTR nr_dict_attrs[] = {\n"; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - print DICT " { /* $offset */ \n"; - - if (defined $attributes{$attr_val}{'raw'}) { - print DICT " 0\n", - } else { - print DICT " ", $attributes{$attr_val}{'value'}, ", \n"; - print DICT " ", $attributes{$attr_val}{'type'}, ", \n"; - print DICT " ", $attributes{$attr_val}{'vendor'}, ", \n"; - print DICT " { "; - &printAttrFlag('has_tag'); - &printAttrFlag('unknown'); -# &printAttrFlag('has_tlv'); -# &printAttrFlag('is_tlv'); - &printAttrFlag('extended'); - &printAttrFlag('extended_flags'); - &printAttrFlag('evs'); - &printAttrFlag('encrypt'); - &printAttrFlag('length'); - print DICT "},\n"; - print DICT " \"", $attributes{$attr_val}{'name'}, "\", \n"; - $num_names++; - } - - $attributes{$attr_val}{'offset'} = $offset++; - - print DICT " },\n"; - -} -print DICT "};\n\n"; - -print DICT "const int nr_dict_num_attrs = ", $offset - 1, ";\n\n"; -print DICT "const int nr_dict_num_names = ", $num_names - 1, ";\n\n"; - -my $offset = 0; -print DICT "const DICT_ATTR *nr_dict_attr_names[] = {\n"; -foreach $attr_val (sort {lc($attributes{$a}{'name'}) cmp lc($attributes{$b}{'name'})} keys %attributes) { - next if (defined $attributes{$attr_val}{'raw'}); - - print DICT " &nr_dict_attrs[", $attributes{$attr_val}{'offset'}, "], /* ", $attributes{$attr_val}{'name'}, " */\n"; -} - -print DICT "};\n\n"; -close DICT; - -open HDR, ">../include/radsec/radius.h" or die "Failed creating radius.c: $!\n"; - -print HDR "/* Automatically generated file. Do not edit */\n\n"; - -foreach $v (sort keys %vendor) { - next if ($v eq ""); - - $name = $v; - $name =~ tr/a-z/A-Z/; # uppercase - $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ - - print HDR "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; -} -print HDR "\n"; - -$begin_vendor = -1; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - next if (defined $attributes{$attr_val}{'raw'}); - - if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { - print HDR "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; - $begin_vendor = $attributes{$attr_val}{'vendor'}; - } - - $name = $attributes{$attr_val}{'name'}; - $name =~ tr/a-z/A-Z/; - $name =~ tr/A-Z0-9/_/c; - - print HDR "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; -} -print HDR "\n"; - -print HDR "/* Fixed offsets to dictionary definitions of attributes */\n"; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - next if (defined $attributes{$attr_val}{'raw'}); - - $name = $attributes{$attr_val}{'name'}; - $name =~ tr/a-z/A-Z/; - $name =~ tr/-/_/; - - print HDR "#define RS_DA_$name (&nr_dict_attrs[$attributes{$attr_val}{'offset'}])\n"; -} - -print HDR "/* Automatically generated file. Do not edit */\n"; - -close HDR; diff --git a/lib/radius/crypto.c b/lib/radius/crypto.c deleted file mode 100644 index 21cc7d0..0000000 --- a/lib/radius/crypto.c +++ /dev/null @@ -1,233 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file crypto.c - * \brief Data obfuscation and signing, using MD5. - * - * The "encryption" methods defined here are export-safe. The - * technical cryptography name for these functions is "obfuscation". - * They cannot properly be called "encryption", in the same way that - * DES or AES performs encryption. - */ - -/** \cond PRIVATE */ - -#include "client.h" - - -ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector) -{ - size_t i, j, len; - uint8_t digest[16]; - RS_MD5_CTX ctx, secret_ctx; - - if (!output || (outlen < 16) || !input || (inlen == 0) || - !secret || !vector) { - return -RSE_INVAL; - } - - len = inlen; - if (len > 128) return -RSE_ATTR_OVERFLOW; - - len = (len + 0x0f) & ~0x0f; /* round up to 16 byte boundary */ - - if (outlen < len) return -RSE_ATTR_OVERFLOW; - - memcpy(output, input, len); - memset(output + len, 0, 128 - len); - - RS_MD5Init(&secret_ctx); - RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); - - for (j = 0; j < len; j += 16) { - ctx = secret_ctx; - - if (j == 0) { - RS_MD5Update(&ctx, vector, 16); - RS_MD5Final(digest, &ctx); - } else { - RS_MD5Update(&ctx, &output[j - 16], 16); - RS_MD5Final(digest, &ctx); - } - - for (i = 0; i < 16; i++) { - output[i + j] ^= digest[i]; - } - } - - return len; -} - -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD -ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector) -{ - size_t i, j, len; - RS_MD5_CTX ctx, secret_ctx; - uint8_t digest[16]; - - if (!output || (outlen < 18) || !input || (inlen == 0) || - !secret || !vector) { - return -RSE_INVAL; - } - - len = ((inlen + 1) + 0x0f) & ~0x0f; - if (len > 251) return -RSE_ATTR_OVERFLOW; - - output[0] = (nr_rand() & 0xff) | 0x80; - output[1] = nr_rand() & 0xff; - output[2] = inlen; - - memcpy(output + 3, input, inlen); - memset(output + 3 + inlen, 0, len - inlen - 1); - - RS_MD5Init(&secret_ctx); - RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); - - for (j = 0; j < len; j += 16) { - ctx = secret_ctx; - - if (j == 0) { - RS_MD5Update(&ctx, vector, 16); - RS_MD5Update(&ctx, output, 2); - RS_MD5Final(digest, &ctx); - } else { - RS_MD5Update(&ctx, &output[j + 2 - 16], 16); - RS_MD5Final(digest, &ctx); - } - - for (i = 0; i < 16; i++) { - output[i + j + 2] ^= digest[i]; - } - } - - return len + 2; -} - -ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector) -{ - size_t i, j, len, encoded_len; - RS_MD5_CTX ctx, secret_ctx; - uint8_t digest[16]; - - if (!output || (outlen < 1) || !input || (inlen < 2) || - !secret || !vector) { - return -RSE_INVAL; - } - - if (inlen <= 3) { - output[0] = 0; - return 0; - } - - len = inlen - 2; - - if (outlen < (len - 1)) return -RSE_ATTR_OVERFLOW; - - RS_MD5Init(&secret_ctx); - RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); - - ctx = secret_ctx; - - RS_MD5Update(&ctx, vector, 16); /* MD5(secret + vector + salt) */ - RS_MD5Update(&ctx, input, 2); - RS_MD5Final(digest, &ctx); - - encoded_len = input[2] ^ digest[0]; - if (encoded_len >= len) { - return -RSE_ATTR_TOO_LARGE; - } - - for (i = 0; i < 15; i++) { - output[i] = input[i + 3] ^ digest[i + 1]; - } - - for (j = 16; j < len; j += 16) { - ctx = secret_ctx; - - RS_MD5Update(&ctx, input + j - 16 + 2, 16); - RS_MD5Final(digest, &ctx); - - for (i = 0; i < 16; i++) { - output[i + j - 1] = input[i + j + 2] ^ digest[i]; - } - - - } - - output[encoded_len] = '\0'; - return encoded_len; -} -#endif - -void -nr_hmac_md5(const uint8_t *data, size_t data_len, - const uint8_t *key, size_t key_len, - uint8_t digest[16]) -{ - size_t i; - uint8_t k_ipad[64]; - uint8_t k_opad[64]; - uint8_t tk[16]; - RS_MD5_CTX ctx; - - if (key_len > 64) { - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, key, key_len); - RS_MD5Final(tk, &ctx); - - key = tk; - key_len = 16; - } - - memset(k_ipad, 0, sizeof(k_ipad)); - memset(k_opad, 0, sizeof(k_opad)); - memcpy(k_ipad, key, key_len); - memcpy(k_opad, key, key_len); - - for (i = 0; i < sizeof(k_ipad); i++) { - k_ipad[i] ^= 0x36; - k_opad[i] ^= 0x5c; - } - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, k_ipad, sizeof(k_ipad)); - RS_MD5Update(&ctx, data, data_len); - RS_MD5Final(digest, &ctx); - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, k_opad, sizeof(k_opad)); - RS_MD5Update(&ctx, digest, 16); - RS_MD5Final(digest, &ctx); -} - -/** \endcond */ diff --git a/lib/radius/custom.c b/lib/radius/custom.c deleted file mode 100644 index 917939a..0000000 --- a/lib/radius/custom.c +++ /dev/null @@ -1,163 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2006 Kungliga Tekniska HAÎåÎÝgskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/** \file custom.c - * \brief Functions which should be customized for your local system. - */ - -#include "client.h" - -#include <unistd.h> -#include <fcntl.h> - -#ifdef WIN32 -#include <wincrypt.h> - -volatile static HCRYPTPROV nr_cryptprovider = 0; - -static HCRYPTPROV -nr_CryptProvider(void) -{ - BOOL rv; - HCRYPTPROV cryptprovider = 0; - - if (nr_cryptprovider != 0) - return nr_cryptprovider; - - rv = CryptAcquireContext(&cryptprovider, NULL, - MS_ENHANCED_PROV, PROV_RSA_FULL, - 0); - - if (GetLastError() == NTE_BAD_KEYSET) { - if(!rv) - rv = CryptAcquireContext(&cryptprovider, NULL, - MS_ENHANCED_PROV, PROV_RSA_FULL, - CRYPT_NEWKEYSET); - } - - if (rv && - InterlockedCompareExchangePointer((PVOID *) &nr_cryptprovider, - (PVOID) cryptprovider, 0) != 0) { - - CryptReleaseContext(cryptprovider, 0); - cryptprovider = nr_cryptprovider; - } - - return cryptprovider; -} - -ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) -{ - if (CryptGenRandom(nr_CryptProvider(), data_len, data)) - return 0; - return data_len; -} -#else -ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) -{ - static int fd = -1; - - if (fd < 0) { - fd = open("/dev/urandom", O_RDONLY); - if (fd < 0) { - nr_strerror_printf("Error opening randomness: %s", - strerror(errno)); - return 0; - } - } - - return read(fd, data, data_len); -} -#endif /* WIN32 */ - -uint32_t nr_rand(void) -{ - uint32_t lvalue; - - nr_rand_bytes((void *)&lvalue, sizeof(lvalue)); - return lvalue; -} - - -#ifndef USEC -#define USEC (1000000) -#endif - -void nr_timeval_add(struct timeval *t, unsigned int seconds, unsigned int usec) -{ - t->tv_sec += seconds; - t->tv_sec += usec / USEC; - t->tv_usec += usec % USEC; - if (t->tv_usec > USEC) { - t->tv_sec++; - t->tv_usec -= USEC; - } -} - -int nr_timeval_cmp(const struct timeval *a, const struct timeval *b) -{ - if (a->tv_sec > b->tv_sec) return +1; - if (a->tv_sec < b->tv_sec) return -1; - - if (a->tv_usec > b->tv_usec) return +1; - if (a->tv_usec < b->tv_usec) return -1; - - return 0; -} - diff --git a/lib/radius/dict.c b/lib/radius/dict.c deleted file mode 100644 index fc04ee2..0000000 --- a/lib/radius/dict.c +++ /dev/null @@ -1,172 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "client.h" -#include <ctype.h> - -/** \file dict.c - * \brief Functions for name to number, and number to name mappings. - */ - -const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, unsigned int vendor) -{ - int start, half, end; - - if (!vendor && (attr > 0) && (attr < 256)) { - if (nr_dict_attrs[attr].name) { - return &nr_dict_attrs[attr]; - } - return NULL; - } - - if (!vendor) return NULL; /* no "non-protocol" attributes */ - - start = 256; /* first 256 entries are "standard" ones */ - end = nr_dict_num_attrs; - - do { - half = (start + end) / 2; - - if ((nr_dict_attrs[half].vendor == vendor) && - (nr_dict_attrs[half].attr == attr)) { - return &nr_dict_attrs[half]; - } - - if ((vendor >= nr_dict_attrs[half].vendor) && - (attr > nr_dict_attrs[half].attr)) { - start = half + 1; - } else { - end = half - 1; - } - - } while (start <= end); - - return NULL; -} - -const DICT_ATTR *nr_dict_attr_byname(const char *name) -{ - int start, half, end; - - start = 1; - end = nr_dict_num_names; - - if (!name || !*name) return NULL; - - do { - int rcode; - - half = (start + end) / 2; - - rcode = strcasecmp(name, nr_dict_attr_names[half]->name); - if (rcode == 0) return nr_dict_attr_names[half]; - - if (rcode > 0) { - start = half + 1; - } else { - end = half - 1; - } - - - } while (start <= end); - - return NULL; -} - -int nr_dict_attr_2struct(DICT_ATTR *da, unsigned int attr, unsigned int vendor, - char *buffer, size_t bufsize) -{ - if (!da || !buffer) return -RSE_INVAL; - - if (!vendor) { - if (attr > 256) return -RSE_INVAL; - - } else if (vendor > (1 << 24)) { - return -RSE_INVAL; - } - - memset(da, 0, sizeof(*da)); - da->attr = attr; - da->flags.unknown = 1; - da->type = RS_TYPE_OCTETS; - da->vendor = vendor; - - if (da->vendor) { - snprintf(buffer, bufsize, "Attr-26.%u.%u", - vendor, attr); - } else { - snprintf(buffer, bufsize, "Attr-%u", attr); - } - da->name = buffer; - - return 0; -} - - -const DICT_VALUE *nr_dict_value_byattr(UNUSED unsigned int attr, - UNUSED unsigned int vendor, - UNUSED int value) -{ - return NULL; -} - -const DICT_VALUE *nr_dict_value_byname(UNUSED unsigned int attr, - UNUSED unsigned int vendor, - UNUSED const char *name) -{ - return NULL; -} - -int nr_dict_vendor_byname(const char *name) -{ - const DICT_VENDOR *dv; - - if (!name || !*name) return 0; - - /* - * O(n) lookup. - */ - for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { - if (strcasecmp(dv->name, name) == 0) return dv->vendor; - } - - return 0; -} - -const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor) -{ - const DICT_VENDOR *dv; - - /* - * O(n) lookup. - */ - for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { - if (dv->vendor == vendor) return dv; - } - - return NULL; -} diff --git a/lib/radius/doc.txt b/lib/radius/doc.txt deleted file mode 100644 index 09a8415..0000000 --- a/lib/radius/doc.txt +++ /dev/null @@ -1,41 +0,0 @@ -/** - -\file doc.txt -\brief The main documentation. - -\mainpage The Network RADIUS Client Library - -This client library is intended for use in embedded systems. It is -small with a simple API, yet has more functionality than most -commercial or Open Source products. - -\section License - -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -\ref dictionaries.txt "Dictionaries and dictionary formats" - -*/ diff --git a/lib/radius/doxygen.conf b/lib/radius/doxygen.conf deleted file mode 100644 index e310771..0000000 --- a/lib/radius/doxygen.conf +++ /dev/null @@ -1,1417 +0,0 @@ -# Doxyfile 1.5.6 - -# This file describes the settings to be used by the documentation system -# doxygen (www.doxygen.org) for a project -# -# All text after a hash (#) is considered a comment and will be ignored -# The format is: -# TAG = value [value, ...] -# For lists items can also be appended using: -# TAG += value [value, ...] -# Values that contain spaces should be placed between quotes (" ") - -#--------------------------------------------------------------------------- -# Project related configuration options -#--------------------------------------------------------------------------- - -# This tag specifies the encoding used for all characters in the config file -# that follow. The default is UTF-8 which is also the encoding used for all -# text before the first occurrence of this tag. Doxygen uses libiconv (or the -# iconv built into libc) for the transcoding. See -# http://www.gnu.org/software/libiconv for the list of possible encodings. - -DOXYFILE_ENCODING = UTF-8 - -# The PROJECT_NAME tag is a single word (or a sequence of words surrounded -# by quotes) that should identify the project. - -PROJECT_NAME = networkclient - -# The PROJECT_NUMBER tag can be used to enter a project or revision number. -# This could be handy for archiving the generated documentation or -# if some version control system is used. - -PROJECT_NUMBER = - -# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) -# base path where the generated documentation will be put. -# If a relative path is entered, it will be relative to the location -# where doxygen was started. If left blank the current directory will be used. - -OUTPUT_DIRECTORY = - -# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create -# 4096 sub-directories (in 2 levels) under the output directory of each output -# format and will distribute the generated files over these directories. -# Enabling this option can be useful when feeding doxygen a huge amount of -# source files, where putting all generated files in the same directory would -# otherwise cause performance problems for the file system. - -CREATE_SUBDIRS = NO - -# The OUTPUT_LANGUAGE tag is used to specify the language in which all -# documentation generated by doxygen is written. Doxygen will use this -# information to generate all constant output in the proper language. -# The default language is English, other supported languages are: -# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, -# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, -# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), -# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, -# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, -# and Ukrainian. - -OUTPUT_LANGUAGE = English - -# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will -# include brief member descriptions after the members that are listed in -# the file and class documentation (similar to JavaDoc). -# Set to NO to disable this. - -BRIEF_MEMBER_DESC = YES - -# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend -# the brief description of a member or function before the detailed description. -# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the -# brief descriptions will be completely suppressed. - -REPEAT_BRIEF = YES - -# This tag implements a quasi-intelligent brief description abbreviator -# that is used to form the text in various listings. Each string -# in this list, if found as the leading text of the brief description, will be -# stripped from the text and the result after processing the whole list, is -# used as the annotated text. Otherwise, the brief description is used as-is. -# If left blank, the following values are used ("$name" is automatically -# replaced with the name of the entity): "The $name class" "The $name widget" -# "The $name file" "is" "provides" "specifies" "contains" -# "represents" "a" "an" "the" - -ABBREVIATE_BRIEF = - -# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then -# Doxygen will generate a detailed section even if there is only a brief -# description. - -ALWAYS_DETAILED_SEC = NO - -# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all -# inherited members of a class in the documentation of that class as if those -# members were ordinary class members. Constructors, destructors and assignment -# operators of the base classes will not be shown. - -INLINE_INHERITED_MEMB = NO - -# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full -# path before files name in the file list and in the header files. If set -# to NO the shortest path that makes the file name unique will be used. - -FULL_PATH_NAMES = YES - -# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag -# can be used to strip a user-defined part of the path. Stripping is -# only done if one of the specified strings matches the left-hand part of -# the path. The tag can be used to show relative paths in the file list. -# If left blank the directory from which doxygen is run is used as the -# path to strip. - -STRIP_FROM_PATH = - -# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of -# the path mentioned in the documentation of a class, which tells -# the reader which header file to include in order to use a class. -# If left blank only the name of the header file containing the class -# definition is used. Otherwise one should specify the include paths that -# are normally passed to the compiler using the -I flag. - -STRIP_FROM_INC_PATH = - -# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter -# (but less readable) file names. This can be useful is your file systems -# doesn't support long names like on DOS, Mac, or CD-ROM. - -SHORT_NAMES = NO - -# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen -# will interpret the first line (until the first dot) of a JavaDoc-style -# comment as the brief description. If set to NO, the JavaDoc -# comments will behave just like regular Qt-style comments -# (thus requiring an explicit @brief command for a brief description.) - -JAVADOC_AUTOBRIEF = NO - -# If the QT_AUTOBRIEF tag is set to YES then Doxygen will -# interpret the first line (until the first dot) of a Qt-style -# comment as the brief description. If set to NO, the comments -# will behave just like regular Qt-style comments (thus requiring -# an explicit \brief command for a brief description.) - -QT_AUTOBRIEF = NO - -# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen -# treat a multi-line C++ special comment block (i.e. a block of //! or /// -# comments) as a brief description. This used to be the default behaviour. -# The new default is to treat a multi-line C++ comment block as a detailed -# description. Set this tag to YES if you prefer the old behaviour instead. - -MULTILINE_CPP_IS_BRIEF = NO - -# If the DETAILS_AT_TOP tag is set to YES then Doxygen -# will output the detailed description near the top, like JavaDoc. -# If set to NO, the detailed description appears after the member -# documentation. - -DETAILS_AT_TOP = YES - -# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented -# member inherits the documentation from any documented member that it -# re-implements. - -INHERIT_DOCS = YES - -# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce -# a new page for each member. If set to NO, the documentation of a member will -# be part of the file/class/namespace that contains it. - -SEPARATE_MEMBER_PAGES = NO - -# The TAB_SIZE tag can be used to set the number of spaces in a tab. -# Doxygen uses this value to replace tabs by spaces in code fragments. - -TAB_SIZE = 8 - -# This tag can be used to specify a number of aliases that acts -# as commands in the documentation. An alias has the form "name=value". -# For example adding "sideeffect=\par Side Effects:\n" will allow you to -# put the command \sideeffect (or @sideeffect) in the documentation, which -# will result in a user-defined paragraph with heading "Side Effects:". -# You can put \n's in the value part of an alias to insert newlines. - -ALIASES = - -# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C -# sources only. Doxygen will then generate output that is more tailored for C. -# For instance, some of the names that are used will be different. The list -# of all members will be omitted, etc. - -OPTIMIZE_OUTPUT_FOR_C = YES - -# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java -# sources only. Doxygen will then generate output that is more tailored for -# Java. For instance, namespaces will be presented as packages, qualified -# scopes will look different, etc. - -OPTIMIZE_OUTPUT_JAVA = NO - -# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran -# sources only. Doxygen will then generate output that is more tailored for -# Fortran. - -OPTIMIZE_FOR_FORTRAN = NO - -# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL -# sources. Doxygen will then generate output that is tailored for -# VHDL. - -OPTIMIZE_OUTPUT_VHDL = NO - -# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want -# to include (a tag file for) the STL sources as input, then you should -# set this tag to YES in order to let doxygen match functions declarations and -# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. -# func(std::string) {}). This also make the inheritance and collaboration -# diagrams that involve STL classes more complete and accurate. - -BUILTIN_STL_SUPPORT = NO - -# If you use Microsoft's C++/CLI language, you should set this option to YES to -# enable parsing support. - -CPP_CLI_SUPPORT = NO - -# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. -# Doxygen will parse them like normal C++ but will assume all classes use public -# instead of private inheritance when no explicit protection keyword is present. - -SIP_SUPPORT = NO - -# For Microsoft's IDL there are propget and propput attributes to indicate getter -# and setter methods for a property. Setting this option to YES (the default) -# will make doxygen to replace the get and set methods by a property in the -# documentation. This will only work if the methods are indeed getting or -# setting a simple type. If this is not the case, or you want to show the -# methods anyway, you should set this option to NO. - -IDL_PROPERTY_SUPPORT = YES - -# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC -# tag is set to YES, then doxygen will reuse the documentation of the first -# member in the group (if any) for the other members of the group. By default -# all members of a group must be documented explicitly. - -DISTRIBUTE_GROUP_DOC = NO - -# Set the SUBGROUPING tag to YES (the default) to allow class member groups of -# the same type (for instance a group of public functions) to be put as a -# subgroup of that type (e.g. under the Public Functions section). Set it to -# NO to prevent subgrouping. Alternatively, this can be done per class using -# the \nosubgrouping command. - -SUBGROUPING = YES - -# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum -# is documented as struct, union, or enum with the name of the typedef. So -# typedef struct TypeS {} TypeT, will appear in the documentation as a struct -# with name TypeT. When disabled the typedef will appear as a member of a file, -# namespace, or class. And the struct will be named TypeS. This can typically -# be useful for C code in case the coding convention dictates that all compound -# types are typedef'ed and only the typedef is referenced, never the tag name. - -TYPEDEF_HIDES_STRUCT = NO - -#--------------------------------------------------------------------------- -# Build related configuration options -#--------------------------------------------------------------------------- - -# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in -# documentation are documented, even if no documentation was available. -# Private class members and static file members will be hidden unless -# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES - -EXTRACT_ALL = YES - -# If the EXTRACT_PRIVATE tag is set to YES all private members of a class -# will be included in the documentation. - -EXTRACT_PRIVATE = NO - -# If the EXTRACT_STATIC tag is set to YES all static members of a file -# will be included in the documentation. - -EXTRACT_STATIC = NO - -# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) -# defined locally in source files will be included in the documentation. -# If set to NO only classes defined in header files are included. - -EXTRACT_LOCAL_CLASSES = YES - -# This flag is only useful for Objective-C code. When set to YES local -# methods, which are defined in the implementation section but not in -# the interface are included in the documentation. -# If set to NO (the default) only methods in the interface are included. - -EXTRACT_LOCAL_METHODS = NO - -# If this flag is set to YES, the members of anonymous namespaces will be -# extracted and appear in the documentation as a namespace called -# 'anonymous_namespace{file}', where file will be replaced with the base -# name of the file that contains the anonymous namespace. By default -# anonymous namespace are hidden. - -EXTRACT_ANON_NSPACES = NO - -# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all -# undocumented members of documented classes, files or namespaces. -# If set to NO (the default) these members will be included in the -# various overviews, but no documentation section is generated. -# This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_MEMBERS = NO - -# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all -# undocumented classes that are normally visible in the class hierarchy. -# If set to NO (the default) these classes will be included in the various -# overviews. This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_CLASSES = NO - -# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all -# friend (class|struct|union) declarations. -# If set to NO (the default) these declarations will be included in the -# documentation. - -HIDE_FRIEND_COMPOUNDS = NO - -# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any -# documentation blocks found inside the body of a function. -# If set to NO (the default) these blocks will be appended to the -# function's detailed documentation block. - -HIDE_IN_BODY_DOCS = NO - -# The INTERNAL_DOCS tag determines if documentation -# that is typed after a \internal command is included. If the tag is set -# to NO (the default) then the documentation will be excluded. -# Set it to YES to include the internal documentation. - -INTERNAL_DOCS = NO - -# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate -# file names in lower-case letters. If set to YES upper-case letters are also -# allowed. This is useful if you have classes or files whose names only differ -# in case and if your file system supports case sensitive file names. Windows -# and Mac users are advised to set this option to NO. - -CASE_SENSE_NAMES = NO - -# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen -# will show members with their full class and namespace scopes in the -# documentation. If set to YES the scope will be hidden. - -HIDE_SCOPE_NAMES = NO - -# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen -# will put a list of the files that are included by a file in the documentation -# of that file. - -SHOW_INCLUDE_FILES = YES - -# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] -# is inserted in the documentation for inline members. - -INLINE_INFO = YES - -# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen -# will sort the (detailed) documentation of file and class members -# alphabetically by member name. If set to NO the members will appear in -# declaration order. - -SORT_MEMBER_DOCS = YES - -# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the -# brief documentation of file, namespace and class members alphabetically -# by member name. If set to NO (the default) the members will appear in -# declaration order. - -SORT_BRIEF_DOCS = NO - -# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the -# hierarchy of group names into alphabetical order. If set to NO (the default) -# the group names will appear in their defined order. - -SORT_GROUP_NAMES = NO - -# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be -# sorted by fully-qualified names, including namespaces. If set to -# NO (the default), the class list will be sorted only by class name, -# not including the namespace part. -# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. -# Note: This option applies only to the class list, not to the -# alphabetical list. - -SORT_BY_SCOPE_NAME = NO - -# The GENERATE_TODOLIST tag can be used to enable (YES) or -# disable (NO) the todo list. This list is created by putting \todo -# commands in the documentation. - -GENERATE_TODOLIST = YES - -# The GENERATE_TESTLIST tag can be used to enable (YES) or -# disable (NO) the test list. This list is created by putting \test -# commands in the documentation. - -GENERATE_TESTLIST = YES - -# The GENERATE_BUGLIST tag can be used to enable (YES) or -# disable (NO) the bug list. This list is created by putting \bug -# commands in the documentation. - -GENERATE_BUGLIST = YES - -# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or -# disable (NO) the deprecated list. This list is created by putting -# \deprecated commands in the documentation. - -GENERATE_DEPRECATEDLIST= YES - -# The ENABLED_SECTIONS tag can be used to enable conditional -# documentation sections, marked by \if sectionname ... \endif. - -ENABLED_SECTIONS = - -# The MAX_INITIALIZER_LINES tag determines the maximum number of lines -# the initial value of a variable or define consists of for it to appear in -# the documentation. If the initializer consists of more lines than specified -# here it will be hidden. Use a value of 0 to hide initializers completely. -# The appearance of the initializer of individual variables and defines in the -# documentation can be controlled using \showinitializer or \hideinitializer -# command in the documentation regardless of this setting. - -MAX_INITIALIZER_LINES = 30 - -# Set the SHOW_USED_FILES tag to NO to disable the list of files generated -# at the bottom of the documentation of classes and structs. If set to YES the -# list will mention the files that were used to generate the documentation. - -SHOW_USED_FILES = YES - -# If the sources in your project are distributed over multiple directories -# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy -# in the documentation. The default is NO. - -SHOW_DIRECTORIES = NO - -# Set the SHOW_FILES tag to NO to disable the generation of the Files page. -# This will remove the Files entry from the Quick Index and from the -# Folder Tree View (if specified). The default is YES. - -SHOW_FILES = YES - -# Set the SHOW_NAMESPACES tag to NO to disable the generation of the -# Namespaces page. This will remove the Namespaces entry from the Quick Index -# and from the Folder Tree View (if specified). The default is YES. - -SHOW_NAMESPACES = YES - -# The FILE_VERSION_FILTER tag can be used to specify a program or script that -# doxygen should invoke to get the current version for each file (typically from -# the version control system). Doxygen will invoke the program by executing (via -# popen()) the command <command> <input-file>, where <command> is the value of -# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file -# provided by doxygen. Whatever the program writes to standard output -# is used as the file version. See the manual for examples. - -FILE_VERSION_FILTER = - -#--------------------------------------------------------------------------- -# configuration options related to warning and progress messages -#--------------------------------------------------------------------------- - -# The QUIET tag can be used to turn on/off the messages that are generated -# by doxygen. Possible values are YES and NO. If left blank NO is used. - -QUIET = NO - -# The WARNINGS tag can be used to turn on/off the warning messages that are -# generated by doxygen. Possible values are YES and NO. If left blank -# NO is used. - -WARNINGS = YES - -# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings -# for undocumented members. If EXTRACT_ALL is set to YES then this flag will -# automatically be disabled. - -WARN_IF_UNDOCUMENTED = YES - -# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for -# potential errors in the documentation, such as not documenting some -# parameters in a documented function, or documenting parameters that -# don't exist or using markup commands wrongly. - -WARN_IF_DOC_ERROR = YES - -# This WARN_NO_PARAMDOC option can be abled to get warnings for -# functions that are documented, but have no documentation for their parameters -# or return value. If set to NO (the default) doxygen will only warn about -# wrong or incomplete parameter documentation, but not about the absence of -# documentation. - -WARN_NO_PARAMDOC = NO - -# The WARN_FORMAT tag determines the format of the warning messages that -# doxygen can produce. The string should contain the $file, $line, and $text -# tags, which will be replaced by the file and line number from which the -# warning originated and the warning text. Optionally the format may contain -# $version, which will be replaced by the version of the file (if it could -# be obtained via FILE_VERSION_FILTER) - -WARN_FORMAT = "$file:$line: $text" - -# The WARN_LOGFILE tag can be used to specify a file to which warning -# and error messages should be written. If left blank the output is written -# to stderr. - -WARN_LOGFILE = - -#--------------------------------------------------------------------------- -# configuration options related to the input files -#--------------------------------------------------------------------------- - -# The INPUT tag can be used to specify the files and/or directories that contain -# documented source files. You may enter file names like "myfile.cpp" or -# directories like "/usr/src/myproject". Separate the files or directories -# with spaces. - -INPUT = . doc/ - -# This tag can be used to specify the character encoding of the source files -# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is -# also the default input encoding. Doxygen uses libiconv (or the iconv built -# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for -# the list of possible encodings. - -INPUT_ENCODING = UTF-8 - -# If the value of the INPUT tag contains directories, you can use the -# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank the following patterns are tested: -# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx -# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 - -FILE_PATTERNS = *.txt *.[ch] - -# The RECURSIVE tag can be used to turn specify whether or not subdirectories -# should be searched for input files as well. Possible values are YES and NO. -# If left blank NO is used. - -RECURSIVE = NO - -# The EXCLUDE tag can be used to specify files and/or directories that should -# excluded from the INPUT source files. This way you can easily exclude a -# subdirectory from a directory tree whose root is specified with the INPUT tag. - -EXCLUDE = - -# The EXCLUDE_SYMLINKS tag can be used select whether or not files or -# directories that are symbolic links (a Unix filesystem feature) are excluded -# from the input. - -EXCLUDE_SYMLINKS = NO - -# If the value of the INPUT tag contains directories, you can use the -# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude -# certain files from those directories. Note that the wildcards are matched -# against the file with absolute path, so to exclude all test directories -# for example use the pattern */test/* - -EXCLUDE_PATTERNS = - -# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names -# (namespaces, classes, functions, etc.) that should be excluded from the -# output. The symbol name can be a fully qualified name, a word, or if the -# wildcard * is used, a substring. Examples: ANamespace, AClass, -# AClass::ANamespace, ANamespace::*Test - -EXCLUDE_SYMBOLS = - -# The EXAMPLE_PATH tag can be used to specify one or more files or -# directories that contain example code fragments that are included (see -# the \include command). - -EXAMPLE_PATH = examples - -# If the value of the EXAMPLE_PATH tag contains directories, you can use the -# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank all files are included. - -EXAMPLE_PATTERNS = *.[ch] - -# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be -# searched for input files to be used with the \include or \dontinclude -# commands irrespective of the value of the RECURSIVE tag. -# Possible values are YES and NO. If left blank NO is used. - -EXAMPLE_RECURSIVE = NO - -# The IMAGE_PATH tag can be used to specify one or more files or -# directories that contain image that are included in the documentation (see -# the \image command). - -IMAGE_PATH = - -# The INPUT_FILTER tag can be used to specify a program that doxygen should -# invoke to filter for each input file. Doxygen will invoke the filter program -# by executing (via popen()) the command <filter> <input-file>, where <filter> -# is the value of the INPUT_FILTER tag, and <input-file> is the name of an -# input file. Doxygen will then use the output that the filter program writes -# to standard output. If FILTER_PATTERNS is specified, this tag will be -# ignored. - -INPUT_FILTER = - -# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern -# basis. Doxygen will compare the file name with each pattern and apply the -# filter if there is a match. The filters are a list of the form: -# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further -# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER -# is applied to all files. - -FILTER_PATTERNS = - -# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using -# INPUT_FILTER) will be used to filter the input files when producing source -# files to browse (i.e. when SOURCE_BROWSER is set to YES). - -FILTER_SOURCE_FILES = NO - -#--------------------------------------------------------------------------- -# configuration options related to source browsing -#--------------------------------------------------------------------------- - -# If the SOURCE_BROWSER tag is set to YES then a list of source files will -# be generated. Documented entities will be cross-referenced with these sources. -# Note: To get rid of all source code in the generated output, make sure also -# VERBATIM_HEADERS is set to NO. - -SOURCE_BROWSER = NO - -# Setting the INLINE_SOURCES tag to YES will include the body -# of functions and classes directly in the documentation. - -INLINE_SOURCES = NO - -# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct -# doxygen to hide any special comment blocks from generated source code -# fragments. Normal C and C++ comments will always remain visible. - -STRIP_CODE_COMMENTS = YES - -# If the REFERENCED_BY_RELATION tag is set to YES -# then for each documented function all documented -# functions referencing it will be listed. - -REFERENCED_BY_RELATION = YES - -# If the REFERENCES_RELATION tag is set to YES -# then for each documented function all documented entities -# called/used by that function will be listed. - -REFERENCES_RELATION = YES - -# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) -# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from -# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will -# link to the source code. Otherwise they will link to the documentstion. - -REFERENCES_LINK_SOURCE = NO - -# If the USE_HTAGS tag is set to YES then the references to source code -# will point to the HTML generated by the htags(1) tool instead of doxygen -# built-in source browser. The htags tool is part of GNU's global source -# tagging system (see http://www.gnu.org/software/global/global.html). You -# will need version 4.8.6 or higher. - -USE_HTAGS = NO - -# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen -# will generate a verbatim copy of the header file for each class for -# which an include is specified. Set to NO to disable this. - -VERBATIM_HEADERS = YES - -#--------------------------------------------------------------------------- -# configuration options related to the alphabetical class index -#--------------------------------------------------------------------------- - -# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index -# of all compounds will be generated. Enable this if the project -# contains a lot of classes, structs, unions or interfaces. - -ALPHABETICAL_INDEX = NO - -# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then -# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns -# in which this list will be split (can be a number in the range [1..20]) - -COLS_IN_ALPHA_INDEX = 5 - -# In case all classes in a project start with a common prefix, all -# classes will be put under the same header in the alphabetical index. -# The IGNORE_PREFIX tag can be used to specify one or more prefixes that -# should be ignored while generating the index headers. - -IGNORE_PREFIX = - -#--------------------------------------------------------------------------- -# configuration options related to the HTML output -#--------------------------------------------------------------------------- - -# If the GENERATE_HTML tag is set to YES (the default) Doxygen will -# generate HTML output. - -GENERATE_HTML = YES - -# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `html' will be used as the default path. - -HTML_OUTPUT = html - -# The HTML_FILE_EXTENSION tag can be used to specify the file extension for -# each generated HTML page (for example: .htm,.php,.asp). If it is left blank -# doxygen will generate files with .html extension. - -HTML_FILE_EXTENSION = .html - -# The HTML_HEADER tag can be used to specify a personal HTML header for -# each generated HTML page. If it is left blank doxygen will generate a -# standard header. - -HTML_HEADER = - -# The HTML_FOOTER tag can be used to specify a personal HTML footer for -# each generated HTML page. If it is left blank doxygen will generate a -# standard footer. - -HTML_FOOTER = - -# The HTML_STYLESHEET tag can be used to specify a user-defined cascading -# style sheet that is used by each HTML page. It can be used to -# fine-tune the look of the HTML output. If the tag is left blank doxygen -# will generate a default style sheet. Note that doxygen will try to copy -# the style sheet file to the HTML output directory, so don't put your own -# stylesheet in the HTML output directory as well, or it will be erased! - -HTML_STYLESHEET = - -# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, -# files or namespaces will be aligned in HTML using tables. If set to -# NO a bullet list will be used. - -HTML_ALIGN_MEMBERS = YES - -# If the GENERATE_HTMLHELP tag is set to YES, additional index files -# will be generated that can be used as input for tools like the -# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) -# of the generated HTML documentation. - -GENERATE_HTMLHELP = NO - -# If the GENERATE_DOCSET tag is set to YES, additional index files -# will be generated that can be used as input for Apple's Xcode 3 -# integrated development environment, introduced with OSX 10.5 (Leopard). -# To create a documentation set, doxygen will generate a Makefile in the -# HTML output directory. Running make will produce the docset in that -# directory and running "make install" will install the docset in -# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find -# it at startup. - -GENERATE_DOCSET = NO - -# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the -# feed. A documentation feed provides an umbrella under which multiple -# documentation sets from a single provider (such as a company or product suite) -# can be grouped. - -DOCSET_FEEDNAME = "Doxygen generated docs" - -# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that -# should uniquely identify the documentation set bundle. This should be a -# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen -# will append .docset to the name. - -DOCSET_BUNDLE_ID = org.doxygen.Project - -# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML -# documentation will contain sections that can be hidden and shown after the -# page has loaded. For this to work a browser that supports -# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox -# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). - -HTML_DYNAMIC_SECTIONS = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can -# be used to specify the file name of the resulting .chm file. You -# can add a path in front of the file if the result should not be -# written to the html output directory. - -CHM_FILE = - -# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can -# be used to specify the location (absolute path including file name) of -# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run -# the HTML help compiler on the generated index.hhp. - -HHC_LOCATION = - -# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag -# controls if a separate .chi index file is generated (YES) or that -# it should be included in the master .chm file (NO). - -GENERATE_CHI = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING -# is used to encode HtmlHelp index (hhk), content (hhc) and project file -# content. - -CHM_INDEX_ENCODING = - -# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag -# controls whether a binary table of contents is generated (YES) or a -# normal table of contents (NO) in the .chm file. - -BINARY_TOC = NO - -# The TOC_EXPAND flag can be set to YES to add extra items for group members -# to the contents of the HTML help documentation and to the tree view. - -TOC_EXPAND = NO - -# The DISABLE_INDEX tag can be used to turn on/off the condensed index at -# top of each HTML page. The value NO (the default) enables the index and -# the value YES disables it. - -DISABLE_INDEX = NO - -# This tag can be used to set the number of enum values (range [1..20]) -# that doxygen will group on one line in the generated HTML documentation. - -ENUM_VALUES_PER_LINE = 4 - -# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index -# structure should be generated to display hierarchical information. -# If the tag value is set to FRAME, a side panel will be generated -# containing a tree-like index structure (just like the one that -# is generated for HTML Help). For this to work a browser that supports -# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, -# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are -# probably better off using the HTML help feature. Other possible values -# for this tag are: HIERARCHIES, which will generate the Groups, Directories, -# and Class Hiererachy pages using a tree view instead of an ordered list; -# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which -# disables this behavior completely. For backwards compatibility with previous -# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE -# respectively. - -GENERATE_TREEVIEW = YES - -# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be -# used to set the initial width (in pixels) of the frame in which the tree -# is shown. - -TREEVIEW_WIDTH = 250 - -# Use this tag to change the font size of Latex formulas included -# as images in the HTML documentation. The default is 10. Note that -# when you change the font size after a successful doxygen run you need -# to manually remove any form_*.png images from the HTML output directory -# to force them to be regenerated. - -FORMULA_FONTSIZE = 10 - -#--------------------------------------------------------------------------- -# configuration options related to the LaTeX output -#--------------------------------------------------------------------------- - -# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will -# generate Latex output. - -GENERATE_LATEX = NO - -# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `latex' will be used as the default path. - -LATEX_OUTPUT = latex - -# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be -# invoked. If left blank `latex' will be used as the default command name. - -LATEX_CMD_NAME = latex - -# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to -# generate index for LaTeX. If left blank `makeindex' will be used as the -# default command name. - -MAKEINDEX_CMD_NAME = makeindex - -# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact -# LaTeX documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_LATEX = NO - -# The PAPER_TYPE tag can be used to set the paper type that is used -# by the printer. Possible values are: a4, a4wide, letter, legal and -# executive. If left blank a4wide will be used. - -PAPER_TYPE = a4wide - -# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX -# packages that should be included in the LaTeX output. - -EXTRA_PACKAGES = - -# The LATEX_HEADER tag can be used to specify a personal LaTeX header for -# the generated latex document. The header should contain everything until -# the first chapter. If it is left blank doxygen will generate a -# standard header. Notice: only use this tag if you know what you are doing! - -LATEX_HEADER = - -# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated -# is prepared for conversion to pdf (using ps2pdf). The pdf file will -# contain links (just like the HTML output) instead of page references -# This makes the output suitable for online browsing using a pdf viewer. - -PDF_HYPERLINKS = YES - -# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of -# plain latex in the generated Makefile. Set this option to YES to get a -# higher quality PDF documentation. - -USE_PDFLATEX = YES - -# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. -# command to the generated LaTeX files. This will instruct LaTeX to keep -# running if errors occur, instead of asking the user for help. -# This option is also used when generating formulas in HTML. - -LATEX_BATCHMODE = NO - -# If LATEX_HIDE_INDICES is set to YES then doxygen will not -# include the index chapters (such as File Index, Compound Index, etc.) -# in the output. - -LATEX_HIDE_INDICES = NO - -#--------------------------------------------------------------------------- -# configuration options related to the RTF output -#--------------------------------------------------------------------------- - -# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output -# The RTF output is optimized for Word 97 and may not look very pretty with -# other RTF readers or editors. - -GENERATE_RTF = NO - -# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `rtf' will be used as the default path. - -RTF_OUTPUT = rtf - -# If the COMPACT_RTF tag is set to YES Doxygen generates more compact -# RTF documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_RTF = NO - -# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated -# will contain hyperlink fields. The RTF file will -# contain links (just like the HTML output) instead of page references. -# This makes the output suitable for online browsing using WORD or other -# programs which support those fields. -# Note: wordpad (write) and others do not support links. - -RTF_HYPERLINKS = NO - -# Load stylesheet definitions from file. Syntax is similar to doxygen's -# config file, i.e. a series of assignments. You only have to provide -# replacements, missing definitions are set to their default value. - -RTF_STYLESHEET_FILE = - -# Set optional variables used in the generation of an rtf document. -# Syntax is similar to doxygen's config file. - -RTF_EXTENSIONS_FILE = - -#--------------------------------------------------------------------------- -# configuration options related to the man page output -#--------------------------------------------------------------------------- - -# If the GENERATE_MAN tag is set to YES (the default) Doxygen will -# generate man pages - -GENERATE_MAN = NO - -# The MAN_OUTPUT tag is used to specify where the man pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `man' will be used as the default path. - -MAN_OUTPUT = man - -# The MAN_EXTENSION tag determines the extension that is added to -# the generated man pages (default is the subroutine's section .3) - -MAN_EXTENSION = .3 - -# If the MAN_LINKS tag is set to YES and Doxygen generates man output, -# then it will generate one additional man file for each entity -# documented in the real man page(s). These additional files -# only source the real man page, but without them the man command -# would be unable to find the correct page. The default is NO. - -MAN_LINKS = NO - -#--------------------------------------------------------------------------- -# configuration options related to the XML output -#--------------------------------------------------------------------------- - -# If the GENERATE_XML tag is set to YES Doxygen will -# generate an XML file that captures the structure of -# the code including all documentation. - -GENERATE_XML = NO - -# The XML_OUTPUT tag is used to specify where the XML pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `xml' will be used as the default path. - -XML_OUTPUT = xml - -# The XML_SCHEMA tag can be used to specify an XML schema, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_SCHEMA = - -# The XML_DTD tag can be used to specify an XML DTD, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_DTD = - -# If the XML_PROGRAMLISTING tag is set to YES Doxygen will -# dump the program listings (including syntax highlighting -# and cross-referencing information) to the XML output. Note that -# enabling this will significantly increase the size of the XML output. - -XML_PROGRAMLISTING = YES - -#--------------------------------------------------------------------------- -# configuration options for the AutoGen Definitions output -#--------------------------------------------------------------------------- - -# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will -# generate an AutoGen Definitions (see autogen.sf.net) file -# that captures the structure of the code including all -# documentation. Note that this feature is still experimental -# and incomplete at the moment. - -GENERATE_AUTOGEN_DEF = NO - -#--------------------------------------------------------------------------- -# configuration options related to the Perl module output -#--------------------------------------------------------------------------- - -# If the GENERATE_PERLMOD tag is set to YES Doxygen will -# generate a Perl module file that captures the structure of -# the code including all documentation. Note that this -# feature is still experimental and incomplete at the -# moment. - -GENERATE_PERLMOD = NO - -# If the PERLMOD_LATEX tag is set to YES Doxygen will generate -# the necessary Makefile rules, Perl scripts and LaTeX code to be able -# to generate PDF and DVI output from the Perl module output. - -PERLMOD_LATEX = NO - -# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be -# nicely formatted so it can be parsed by a human reader. This is useful -# if you want to understand what is going on. On the other hand, if this -# tag is set to NO the size of the Perl module output will be much smaller -# and Perl will parse it just the same. - -PERLMOD_PRETTY = YES - -# The names of the make variables in the generated doxyrules.make file -# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. -# This is useful so different doxyrules.make files included by the same -# Makefile don't overwrite each other's variables. - -PERLMOD_MAKEVAR_PREFIX = - -#--------------------------------------------------------------------------- -# Configuration options related to the preprocessor -#--------------------------------------------------------------------------- - -# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will -# evaluate all C-preprocessor directives found in the sources and include -# files. - -ENABLE_PREPROCESSING = YES - -# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro -# names in the source code. If set to NO (the default) only conditional -# compilation will be performed. Macro expansion can be done in a controlled -# way by setting EXPAND_ONLY_PREDEF to YES. - -MACRO_EXPANSION = NO - -# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES -# then the macro expansion is limited to the macros specified with the -# PREDEFINED and EXPAND_AS_DEFINED tags. - -EXPAND_ONLY_PREDEF = NO - -# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files -# in the INCLUDE_PATH (see below) will be search if a #include is found. - -SEARCH_INCLUDES = YES - -# The INCLUDE_PATH tag can be used to specify one or more directories that -# contain include files that are not input files but should be processed by -# the preprocessor. - -INCLUDE_PATH = - -# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard -# patterns (like *.h and *.hpp) to filter out the header-files in the -# directories. If left blank, the patterns specified with FILE_PATTERNS will -# be used. - -INCLUDE_FILE_PATTERNS = - -# The PREDEFINED tag can be used to specify one or more macro names that -# are defined before the preprocessor is started (similar to the -D option of -# gcc). The argument of the tag is a list of macros of the form: name -# or name=definition (no spaces). If the definition and the = are -# omitted =1 is assumed. To prevent a macro definition from being -# undefined via #undef or recursively expanded use the := operator -# instead of the = operator. - -PREDEFINED = - -# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then -# this tag can be used to specify a list of macro names that should be expanded. -# The macro definition that is found in the sources will be used. -# Use the PREDEFINED tag if you want to use a different macro definition. - -EXPAND_AS_DEFINED = - -# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then -# doxygen's preprocessor will remove all function-like macros that are alone -# on a line, have an all uppercase name, and do not end with a semicolon. Such -# function macros are typically used for boiler-plate code, and will confuse -# the parser if not removed. - -SKIP_FUNCTION_MACROS = YES - -#--------------------------------------------------------------------------- -# Configuration::additions related to external references -#--------------------------------------------------------------------------- - -# The TAGFILES option can be used to specify one or more tagfiles. -# Optionally an initial location of the external documentation -# can be added for each tagfile. The format of a tag file without -# this location is as follows: -# TAGFILES = file1 file2 ... -# Adding location for the tag files is done as follows: -# TAGFILES = file1=loc1 "file2 = loc2" ... -# where "loc1" and "loc2" can be relative or absolute paths or -# URLs. If a location is present for each tag, the installdox tool -# does not have to be run to correct the links. -# Note that each tag file must have a unique name -# (where the name does NOT include the path) -# If a tag file is not located in the directory in which doxygen -# is run, you must also specify the path to the tagfile here. - -TAGFILES = - -# When a file name is specified after GENERATE_TAGFILE, doxygen will create -# a tag file that is based on the input files it reads. - -GENERATE_TAGFILE = - -# If the ALLEXTERNALS tag is set to YES all external classes will be listed -# in the class index. If set to NO only the inherited external classes -# will be listed. - -ALLEXTERNALS = NO - -# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed -# in the modules index. If set to NO, only the current project's groups will -# be listed. - -EXTERNAL_GROUPS = YES - -# The PERL_PATH should be the absolute path and name of the perl script -# interpreter (i.e. the result of `which perl'). - -PERL_PATH = /usr/bin/perl - -#--------------------------------------------------------------------------- -# Configuration options related to the dot tool -#--------------------------------------------------------------------------- - -# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will -# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base -# or super classes. Setting the tag to NO turns the diagrams off. Note that -# this option is superseded by the HAVE_DOT option below. This is only a -# fallback. It is recommended to install and use dot, since it yields more -# powerful graphs. - -CLASS_DIAGRAMS = YES - -# You can define message sequence charts within doxygen comments using the \msc -# command. Doxygen will then run the mscgen tool (see -# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the -# documentation. The MSCGEN_PATH tag allows you to specify the directory where -# the mscgen tool resides. If left empty the tool is assumed to be found in the -# default search path. - -MSCGEN_PATH = - -# If set to YES, the inheritance and collaboration graphs will hide -# inheritance and usage relations if the target is undocumented -# or is not a class. - -HIDE_UNDOC_RELATIONS = YES - -# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is -# available from the path. This tool is part of Graphviz, a graph visualization -# toolkit from AT&T and Lucent Bell Labs. The other options in this section -# have no effect if this option is set to NO (the default) - -HAVE_DOT = YES - -# By default doxygen will write a font called FreeSans.ttf to the output -# directory and reference it in all dot files that doxygen generates. This -# font does not include all possible unicode characters however, so when you need -# these (or just want a differently looking font) you can specify the font name -# using DOT_FONTNAME. You need need to make sure dot is able to find the font, -# which can be done by putting it in a standard location or by setting the -# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory -# containing the font. - -DOT_FONTNAME = FreeSans - -# By default doxygen will tell dot to use the output directory to look for the -# FreeSans.ttf font (which doxygen will put there itself). If you specify a -# different font using DOT_FONTNAME you can set the path where dot -# can find it using this tag. - -DOT_FONTPATH = - -# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect inheritance relations. Setting this tag to YES will force the -# the CLASS_DIAGRAMS tag to NO. - -CLASS_GRAPH = YES - -# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect implementation dependencies (inheritance, containment, and -# class references variables) of the class with other documented classes. - -COLLABORATION_GRAPH = YES - -# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for groups, showing the direct groups dependencies - -GROUP_GRAPHS = YES - -# If the UML_LOOK tag is set to YES doxygen will generate inheritance and -# collaboration diagrams in a style similar to the OMG's Unified Modeling -# Language. - -UML_LOOK = NO - -# If set to YES, the inheritance and collaboration graphs will show the -# relations between templates and their instances. - -TEMPLATE_RELATIONS = NO - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT -# tags are set to YES then doxygen will generate a graph for each documented -# file showing the direct and indirect include dependencies of the file with -# other documented files. - -INCLUDE_GRAPH = YES - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and -# HAVE_DOT tags are set to YES then doxygen will generate a graph for each -# documented header file showing the documented files that directly or -# indirectly include this file. - -INCLUDED_BY_GRAPH = YES - -# If the CALL_GRAPH and HAVE_DOT options are set to YES then -# doxygen will generate a call dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable call graphs -# for selected functions only using the \callgraph command. - -CALL_GRAPH = YES - -# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then -# doxygen will generate a caller dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable caller -# graphs for selected functions only using the \callergraph command. - -CALLER_GRAPH = NO - -# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen -# will graphical hierarchy of all classes instead of a textual one. - -GRAPHICAL_HIERARCHY = YES - -# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES -# then doxygen will show the dependencies a directory has on other directories -# in a graphical way. The dependency relations are determined by the #include -# relations between the files in the directories. - -DIRECTORY_GRAPH = YES - -# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images -# generated by dot. Possible values are png, jpg, or gif -# If left blank png will be used. - -DOT_IMAGE_FORMAT = png - -# The tag DOT_PATH can be used to specify the path where the dot tool can be -# found. If left blank, it is assumed the dot tool can be found in the path. - -DOT_PATH = - -# The DOTFILE_DIRS tag can be used to specify one or more directories that -# contain dot files that are included in the documentation (see the -# \dotfile command). - -DOTFILE_DIRS = - -# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of -# nodes that will be shown in the graph. If the number of nodes in a graph -# becomes larger than this value, doxygen will truncate the graph, which is -# visualized by representing a node as a red box. Note that doxygen if the -# number of direct children of the root node in a graph is already larger than -# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note -# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. - -DOT_GRAPH_MAX_NODES = 50 - -# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the -# graphs generated by dot. A depth value of 3 means that only nodes reachable -# from the root by following a path via at most 3 edges will be shown. Nodes -# that lay further from the root node will be omitted. Note that setting this -# option to 1 or 2 may greatly reduce the computation time needed for large -# code bases. Also note that the size of a graph can be further restricted by -# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. - -MAX_DOT_GRAPH_DEPTH = 0 - -# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent -# background. This is enabled by default, which results in a transparent -# background. Warning: Depending on the platform used, enabling this option -# may lead to badly anti-aliased labels on the edges of a graph (i.e. they -# become hard to read). - -DOT_TRANSPARENT = YES - -# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output -# files in one run (i.e. multiple -o and -T options on the command line). This -# makes dot run faster, but since only newer versions of dot (>1.8.10) -# support this, this feature is disabled by default. - -DOT_MULTI_TARGETS = NO - -# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will -# generate a legend page explaining the meaning of the various boxes and -# arrows in the dot generated graphs. - -GENERATE_LEGEND = YES - -# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will -# remove the intermediate dot files that are used to generate -# the various graphs. - -DOT_CLEANUP = YES - -#--------------------------------------------------------------------------- -# Configuration::additions related to the search engine -#--------------------------------------------------------------------------- - -# The SEARCHENGINE tag specifies whether or not a search engine should be -# used. If set to NO the values of all tags below this one will be ignored. - -SEARCHENGINE = NO diff --git a/lib/radius/examples/Makefile b/lib/radius/examples/Makefile deleted file mode 100644 index f39c343..0000000 --- a/lib/radius/examples/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# -# GNU Makefile -# -.PHONY: all clean install - -SRCS = example_1.c example_2.c example_3.c example_4.c - -OBJS := ${SRCS:.c=.o} -PROGRAMS := ${SRCS:.c=} - -all: ${PROGRAMS} - -HEADERS := ../client.h ../radius.h - -${OBJS}: ${HEADERS} - -$(info ${PROGRAMS} ${OBJS}) - -${PROGRAMS}: ../libnetworkradius-client.a - - -%.o : %.c - $(CC) $(CFLAGS) -I.. -I. -c $< - -%.o: ${HEADERS} - -LDFLAGS = -L.. -lnetworkradius-client -lcrypto -lssl -CFLAGS = -I.. - -../libnetworkradius-client.a: - @${MAKE} -C .. libnetworkradius-client.a - -radsample.o: radsample.c ${HEADERS} nr_vp_create.c nr_packet_send.c - -#radsample: radsample.o ../libnetworkradius-client.a -# ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -sample_chap.o: sample_chap.c ${HEADERS} - -sample_chap: sample_chap.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -radsample2.o: radsample2.c ${HEADERS} nr_vp_create.c - -radsample2: radsample2.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -radsample3.o: radsample3.c ${HEADERS} nr_transmit.c nr_server_t.c nr_vp_create.c - -radsample3: radsample3.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -clean: - @rm -rf *.o *.a *~ diff --git a/lib/radius/examples/example_1.c b/lib/radius/examples/example_1.c deleted file mode 100644 index 265c880..0000000 --- a/lib/radius/examples/example_1.c +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_1.c - * \brief Sample code to initialize a RADIUS packet. - * - * This example initializes a packet, and then adds User-Name and - * User-Password to it. The resulting packet is then printed to the - * standard output. - */ - -static const char *secret = "testing123"; -static uint8_t request_buffer[RS_MAX_PACKET_LEN]; -static uint8_t response_buffer[RS_MAX_PACKET_LEN]; -static RADIUS_PACKET request, response; - -int main(int argc, const char *argv[]) -{ - ssize_t rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_PASSWORD, - password, 0); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_decode(&request, NULL); - if (rcode < 0) goto error; - - nr_vp_fprintf_list(stdout, request.vps); - nr_vp_free(&request.vps); - - return 0; -} diff --git a/lib/radius/examples/example_2.c b/lib/radius/examples/example_2.c deleted file mode 100644 index 0a58523..0000000 --- a/lib/radius/examples/example_2.c +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_2.c - * \brief Sample code to initialize a RADIUS packet. - * - * This example initializes a packet, and then adds User-Name and - * CHAP-Password to it. The resulting packet is then printed to the - * standard output. - */ - -static const char *secret = "testing123"; -static uint8_t request_buffer[RS_MAX_PACKET_LEN]; -static uint8_t response_buffer[RS_MAX_PACKET_LEN]; -static RADIUS_PACKET request, response; - -int main(int argc, const char *argv[]) -{ - int rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_CHAP_PASSWORD, - password, strlen(password)); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_decode(&request, NULL); - if (rcode < 0) goto error; - - nr_vp_fprintf_list(stdout, request.vps); - nr_vp_free(&request.vps); - - return 0; -} diff --git a/lib/radius/examples/example_3.c b/lib/radius/examples/example_3.c deleted file mode 100644 index 33fc671..0000000 --- a/lib/radius/examples/example_3.c +++ /dev/null @@ -1,123 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_3.c - * \brief Sample code to initialize a RADIUS packet and a response to it. - * - * This example initializes a packet, and then adds User-Name and - * User-Password to it. The resulting packet is then printed to the - * standard output. - * - * As a next step, it then creates the response, and prints that, - * too. - */ - -static const char *secret = "testing123"; -static uint8_t request_buffer[RS_MAX_PACKET_LEN]; -static uint8_t response_buffer[RS_MAX_PACKET_LEN]; -static RADIUS_PACKET request, response; - -int main(int argc, const char *argv[]) -{ - int rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_PASSWORD, - password, 0); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, - response_buffer, sizeof(response_buffer)); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&response, &request, - RS_DA_REPLY_MESSAGE, - "Success!", 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&response, &request, - RS_DA_TUNNEL_PASSWORD, - password, 0); - if (rcode < 0) goto error; - rcode = nr_packet_sign(&response, &request); - if (rcode < 0) goto error; - - nr_packet_print_hex(&response); - - /* - * Check that the response is well-formed. The - * nr_packet_verify() function also calls nr_packet_ok(). - * However, it is sometimes useful to separate "malformed - * packet" errors from "packet is not a response to a - * reqeust" errors. - */ - rcode = nr_packet_ok(&response); - if (rcode < 0) goto error; - - /* - * Double-check the signature of the response. - */ - rcode = nr_packet_verify(&response, &request); - if (rcode < 0) goto error; - - rcode = nr_packet_decode(&response, &request); - if (rcode < 0) goto error; - - nr_vp_fprintf_list(stdout, response.vps); - nr_vp_free(&response.vps); - - return 0; -} diff --git a/lib/radius/examples/example_4.c b/lib/radius/examples/example_4.c deleted file mode 100644 index 2dadc89..0000000 --- a/lib/radius/examples/example_4.c +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_4.c - * \brief Allocate and manage multiple packets. - */ - -static const char *secret = "testing123"; -static nr_server_t server; - -int main(int argc, const char *argv[]) -{ - int rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_PASSWORD, - password, 0); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, - response_buffer, sizeof(response_buffer)); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&response, &request, - RS_DA_REPLY_MESSAGE, - "Success!", 0); - if (rcode < 0) goto error; - - rcode = nr_packet_sign(&response, &request); - if (rcode < 0) goto error; - - nr_packet_print_hex(&response); - - /* - * Double-check the signature of the response. - */ - rcode = nr_packet_verify(&response, &request); - if (rcode < 0) goto error; - - return 0; -} diff --git a/lib/radius/examples/nr_vp_create.c b/lib/radius/examples/nr_vp_create.c deleted file mode 100644 index bd04f17..0000000 --- a/lib/radius/examples/nr_vp_create.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * The person or persons who have associated work with this document - * (the "Dedicator" or "Certifier") hereby either (a) certifies that, - * to the best of his knowledge, the work of authorship identified is - * in the public domain of the country from which the work is - * published, or (b) hereby dedicates whatever copyright the - * dedicators holds in the work of authorship identified below (the - * "Work") to the public domain. A certifier, moreover, dedicates any - * copyright interest he may have in the associated work, and for - * these purposes, is described as a "dedicator" below. - * - * A certifier has taken reasonable steps to verify the copyright - * status of this work. Certifier recognizes that his good faith - * efforts may not shield him from liability if in fact the work - * certified is not in the public domain. - * - * Dedicator makes this dedication for the benefit of the public at - * large and to the detriment of the Dedicator's heirs and - * successors. Dedicator intends this dedication to be an overt act of - * relinquishment in perpetuity of all present and future rights under - * copyright law, whether vested or contingent, in the Work. Dedicator - * understands that such relinquishment of all rights includes the - * relinquishment of all rights to enforce (by lawsuit or otherwise) - * those copyrights in the Work. - * - * Dedicator recognizes that, once placed in the public domain, the - * Work may be freely reproduced, distributed, transmitted, used, - * modified, built upon, or otherwise exploited by anyone for any - * purpose, commercial or non-commercial, and in any way, including by - * methods that have not yet been invented or conceived. - */ - -static VALUE_PAIR *example_nr_vp_create(void) -{ - VALUE_PAIR *vp; - VALUE_PAIR *head = NULL; - - /* - * Create the request contents. - */ - vp = nr_vp_create(PW_USER_NAME, 0, "bob", 4); - if (!vp) { - fprintf(stderr, "User-Name: %s\n", nr_strerror(0)); - exit(1); - } - nr_vps_append(&head, vp); - - /* - * The User-Password attribute is automatically encrypted - * when being placed in the packet. This version stays - * untouched, and should be "plain text". - */ - vp = nr_vp_create(PW_USER_PASSWORD, 0, "hello", 6); - if (!vp) { - fprintf(stderr, "User-Password: %s\n", nr_strerror(0)); - exit(1); - } - nr_vps_append(&head, vp); - - return head; -} diff --git a/lib/radius/header.pl b/lib/radius/header.pl deleted file mode 100755 index c366612..0000000 --- a/lib/radius/header.pl +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env perl -###################################################################### -# Copyright (c) 2011, Network RADIUS SARL -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the <organization> nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -###################################################################### -# -# Converts dictionaries to C defines. Does not yet do "VALUE"s. -# -# $Id$ -# -require "common.pl"; - -while (@ARGV) { - $filename = shift; - do_file($filename); -} - - -print "/* Automatically generated file. Do not edit */\n\n"; - -foreach $v (sort keys %vendor) { - $name = $v; - $name =~ tr/a-z/A-Z/; # uppercase - $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ - - print "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; -} -print "\n"; - -$begin_vendor = -1; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { - print "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; - $begin_vendor = $attributes{$attr_val}{'vendor'}; - } - - $name = $attributes{$attr_val}{'name'}; - $name =~ tr/a-z/A-Z/; - $name =~ tr/A-Z0-9/_/c; - - print "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; -} -print "\n\n"; - -print "/* Automatically generated file. Do not edit */\n"; - diff --git a/lib/radius/id.c b/lib/radius/id.c deleted file mode 100644 index 4ccd032..0000000 --- a/lib/radius/id.c +++ /dev/null @@ -1,181 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "client.h" - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -/** \file id.c - * \brief Handling of ID allocation / freeing - * - */ - -static int find_id(nr_server_t *s) -{ - int i; - uint32_t lvalue; - - if ((s->used < 0) || (s->used > 256)) return -RSE_INTERNAL; - - /* - * Ensure that the ID allocation is random. - */ - lvalue = nr_rand(); - - for (i = 0; i < 256; i++) { - int offset = (i + lvalue) & 0xff; - - if (!s->ids[offset]) return offset; - } - - nr_strerror_printf("Out of IDs for server"); - return -1; -} - -int nr_server_id_alloc(nr_server_t *s, RADIUS_PACKET *packet) -{ - int new_id; - - if (!s || !packet) return -RSE_INVAL; - - new_id = find_id(s); - if (new_id < 0) return -new_id; - - s->ids[new_id] = packet; - s->used++; - packet->sockfd = s->sockfd; - packet->code = s->code; - packet->src = s->src; - packet->dst = s->dst; - packet->id = new_id; - - return 0; -} - -int nr_server_id_free(nr_server_t *s, RADIUS_PACKET *packet) -{ - if (!s || !packet) return -RSE_INVAL; - - if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { - return -RSE_INVAL; - } - - if (s->ids[packet->id] != packet) return -RSE_INTERNAL; - - s->ids[packet->id] = NULL; - s->used--; - packet->sockfd = -1; - - return 0; -} - -int nr_server_id_realloc(nr_server_t *s, RADIUS_PACKET *packet) -{ - int new_id; - - if (!s || !packet) return -RSE_INVAL; - - if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { - return -RSE_INVAL; - } - - if (s->ids[packet->id] != packet) return -RSE_INTERNAL; - - new_id = find_id(s); - if (new_id < 0) return new_id; - - s->ids[packet->id] = NULL; - packet->id = new_id; - s->ids[packet->id] = packet; - - return 0; -} - - -int nr_server_init(nr_server_t *s, int code, const char *secret) -{ - if (!s || !secret || !*secret || - (code == 0) || (code > RS_MAX_PACKET_CODE)) { - return -RSE_INVAL; - } - - memset(s, 0, sizeof(*s)); - - s->sockfd = -1; - s->code = code; - s->secret = secret; - s->sizeof_secret = strlen(secret); - s->src.ss_family = AF_UNSPEC; - s->dst.ss_family = AF_UNSPEC; - - return 0; -} - - -int nr_server_close(const nr_server_t *s) -{ - if (!s) return -RSE_INVAL; - - if (s->used > 0) return -RSE_INUSE; - - if (s->sockfd >= 0) evutil_closesocket(s->sockfd); - - return 0; -} - -int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p) -{ - int rcode; - RADIUS_PACKET *packet; - - if (!packet_p) return -RSE_INVAL; - - packet = malloc(sizeof(*packet) + RS_MAX_PACKET_LEN); - if (!packet) return -RSE_NOMEM; - - memset(packet, 0, sizeof(*packet)); - - if (!s) { - packet->data = (uint8_t *)(packet + 1); - packet->sizeof_data = RS_MAX_PACKET_LEN; - - *packet_p = packet; - return 0; - } - - rcode = nr_packet_init(packet, NULL, s->secret, s->code, - (uint8_t *)(packet + 1), RS_MAX_PACKET_LEN); - if (rcode < 0) { - free(packet); - return rcode; - } - - *packet_p = packet; - return 0; -} diff --git a/lib/radius/parse.c b/lib/radius/parse.c deleted file mode 100644 index 8446306..0000000 --- a/lib/radius/parse.c +++ /dev/null @@ -1,149 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file parse.c - * \brief Routines to parse strings into internal data structures - */ - -#include "client.h" - -#ifdef HAVE_ARPA_INET_H -#include <arpa/inet.h> -#endif - -ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) -{ - char *end; - - switch (vp->da->type) { - case RS_TYPE_STRING: { - size_t len = strlen(value); - - if (len >= RS_MAX_STRING_LEN) - return -RSE_ATTR_TOO_LARGE; - - memcpy(vp->vp_strvalue, value, len + 1); - return (vp->length = len); - } - case RS_TYPE_DATE: - case RS_TYPE_INTEGER: - vp->vp_integer = strtoul(value, &end, 10); - if ((value == end) || (*end != '\0')) { - nr_debug_error("Invalid value"); - return -RSE_ATTR_VALUE_MALFORMED; - } - return (end - value); - - case RS_TYPE_IPADDR: - if (inet_pton(AF_INET, value, &vp->vp_ipaddr) < 0) { - return -RSE_NOSYS; - } - return strlen(value); - -#ifdef RS_TYPE_IPV6ADDR - case RS_TYPE_IPV6ADDR: - if (inet_pton(AF_INET6, value, &vp-vp>ipv6addr) < 0) { - return -RSE_NOSYS; - } - return strlen(value); -#endif - -#ifdef RS_TYPE_IFID - case RS_TYPE_IFID: - { - int i, array[8]; - - if (sscanf(value, "%02x%02x%02x%02x%02x%02x%02x%02x", - &array[0], &array[1], &array[2], &array[3], - &array[4], &array[5], &array[6], &array[7]) != 8) { - return -RSE_SYSTEM; - } - - for (i = 0; i < 8; i++) vp->vp_ifid[i] = array[i] & 0xff; - - } - break; -#endif - - default: - nr_debug_error("Invalid type"); - return -RSE_ATTR_TYPE_UNKNOWN; - } - - return 0; -} - -int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp) -{ - int rcode; - const char *p; - char *q; - const DICT_ATTR *da; - VALUE_PAIR *vp; - char buffer[256]; - - if (!string || !pvp) return -RSE_INVAL; - - p = string; - q = buffer; - while (*p && (*p != ' ') && (*p != '=')) { - *(q++) = *(p++); - } - *q = '\0'; - - if (q == buffer) { - nr_debug_error("No Attribute name"); - return -RSE_ATTR_BAD_NAME; - } - - da = nr_dict_attr_byname(buffer); - if (!da) { - nr_debug_error("Unknown attribute \"%s\"", buffer); - return -RSE_ATTR_UNKNOWN; - } - - while (*p == ' ') p++; - if (*p != '=') { - nr_debug_error("Unexpected text after attribute name"); - return -RSE_ATTR_BAD_NAME; - } - - p++; - while (*p == ' ') p++; - - vp = nr_vp_alloc(da); - if (!vp) return -RSE_NOMEM; - - rcode = nr_vp_sscanf_value(vp, p); - if (rcode < 0) { - nr_vp_free(&vp); - return rcode; - } - - *pvp = vp; - return 0; -} diff --git a/lib/radius/print.c b/lib/radius/print.c deleted file mode 100644 index 6fa06d7..0000000 --- a/lib/radius/print.c +++ /dev/null @@ -1,227 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file print.c - * \brief Functions to print things. - */ - -#include "client.h" -#include <string.h> -#ifdef RS_TYPE_IPV6ADDR -#include <arpa/inet.h> -#endif - -#ifndef NDEBUG -void nr_packet_print_hex(RADIUS_PACKET *packet) -{ - int i; - - if (!packet->data) return; - - printf(" Code:\t\t%u\n", packet->data[0]); - printf(" Id:\t\t%u\n", packet->data[1]); - printf(" Length:\t%u\n", ((packet->data[2] << 8) | - (packet->data[3]))); - printf(" Vector:\t"); - for (i = 4; i < 20; i++) { - printf("%02x", packet->data[i]); - } - printf("\n"); - if ((packet->flags & RS_PACKET_SIGNED) == 0) printf("\t\tWARNING: nr_packet_sign() was not called!\n"); - - if (packet->length > 20) { - int total; - const uint8_t *ptr; - printf(" Data:"); - - total = packet->length - 20; - ptr = packet->data + 20; - - while (total > 0) { - int attrlen; - - printf("\t\t"); - if (total < 2) { /* too short */ - printf("%02x\n", *ptr); - break; - } - - if (ptr[1] > total) { /* too long */ - for (i = 0; i < total; i++) { - printf("%02x ", ptr[i]); - } - break; - } - - printf("%02x %02x ", ptr[0], ptr[1]); - attrlen = ptr[1] - 2; - ptr += 2; - total -= 2; - - for (i = 0; i < attrlen; i++) { - if ((i > 0) && ((i & 0x0f) == 0x00)) - printf("\t\t\t"); - printf("%02x ", ptr[i]); - if ((i & 0x0f) == 0x0f) printf("\n"); - } - - if (!attrlen || ((attrlen & 0x0f) != 0x00)) printf("\n"); - - ptr += attrlen; - total -= attrlen; - } - } - printf("\n"); - fflush(stdout); -} -#endif - -size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) -{ - size_t i, len; - char *p = buffer; - - switch (vp->da->type) { - case RS_TYPE_STRING: - /* - * FIXME: escape backslash && quotes! - */ - len = snprintf(p, buflen, "%s", vp->vp_strvalue); - break; - - case RS_TYPE_DATE: - case RS_TYPE_INTEGER: - case RS_TYPE_SHORT: - case RS_TYPE_BYTE: - len = snprintf(p, buflen, "%u", vp->vp_integer); - break; - - case RS_TYPE_IPADDR: - len = snprintf(p, buflen, "%u.%u.%u.%u", - (vp->vp_ipaddr >> 24) & 0xff, - (vp->vp_ipaddr >> 16) & 0xff, - (vp->vp_ipaddr >> 8) & 0xff, - vp->vp_ipaddr & 0xff); - break; - -#ifdef RS_TYPE_IPV6ADDR - case RS_TYPE_IPV6ADDR: - if (!inet_ntop(AF_INET6, &vp->vp_ipv6addr, buffer, buflen)) { - return -RSE_SYSTEM; - } - break; -#endif - -#ifdef RS_TYPE_IFID - case RS_TYPE_IFID: - len = snprintf(p, buflen, "%02x%02x%02x%02x%02x%02x%02x%02x", - vp->vp_ifid[0], vp->vp_ifid[1], - vp->vp_ifid[2], vp->vp_ifid[3], - vp->vp_ifid[4], vp->vp_ifid[5], - vp->vp_ifid[6], vp->vp_ifid[7]); - break; -#endif - - case RS_TYPE_OCTETS: - len = snprintf(p, buflen, "0x"); - if (len >= buflen) return 0; - - p += len; - buflen -= len; - - for (i = 0; i < vp->length; i++) { - len = snprintf(p, buflen, "%02x", vp->vp_octets[i]); - if (len >= buflen) return 0; - - p += len; - buflen -= len; - } - len = 0; - break; - - default: - len = 0; - break; - } - - if (len >= buflen) return 0; - - p += len; - buflen -= len; - - return p - buffer; -} - -size_t nr_vp_snprintf(char *buffer, size_t buflen, const VALUE_PAIR *vp) -{ - size_t len; - char *p = buffer; - - len = snprintf(p, buflen, "%s = ", vp->da->name); - if (len >= buflen) return 0; - - p += len; - buflen -= len; - - len = nr_vp_snprintf_value(p, buflen, vp); - if (len == 0) return 0; - - if (len >= buflen) return 0; - - p += len; - - return p - buffer; -} - -#ifndef NDEBUG -void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps) -{ - const VALUE_PAIR *vp; - char buffer[1024]; - - for (vp = vps; vp != NULL; vp = vp->next) { - nr_vp_snprintf(buffer, sizeof(buffer), vp); - fprintf(fp, "\t%s\n", buffer); - } -} -#endif - -/** \cond PRIVATE */ -#define NR_STRERROR_BUFSIZE (1024) -static char nr_strerror_buffer[NR_STRERROR_BUFSIZE]; - -void nr_strerror_printf(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - vsnprintf(nr_strerror_buffer, sizeof(nr_strerror_buffer), fmt, ap); - va_end(ap); - - fprintf(stderr, "ERROR: %s\n", nr_strerror_buffer); -} -/** \endcond */ - diff --git a/lib/radius/radpkt.c b/lib/radius/radpkt.c deleted file mode 100644 index d9486ea..0000000 --- a/lib/radius/radpkt.c +++ /dev/null @@ -1,920 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file packet.c - * \brief Encoding and decoding packets - */ - -#include "client.h" - -#if RS_MAX_PACKET_LEN < 64 -#error RS_MAX_PACKET_LEN is too small. It should be at least 64. -#endif - -#if RS_MAX_PACKET_LEN > 16384 -#error RS_MAX_PACKET_LEN is too large. It should be smaller than 16K. -#endif - -const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1] = { - NULL, - "Access-Request", - "Access-Accept", - "Access-Reject", - "Accounting-Request", - "Accounting-Response", - NULL, NULL, NULL, NULL, NULL, - "Access-Challenge", - "Status-Server", /* 12 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 19 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 20..29 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 30..39 */ - "Disconnect-Request", - "Disconnect-ACK", - "Disconnect-NAK", - "CoA-Request", - "CoA-ACK", - "CoA-NAK" -}; - - -static uint64_t allowed_responses[RS_MAX_PACKET_CODE + 1] = { - 0, - (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE), - 0, 0, - 1 << PW_ACCOUNTING_RESPONSE, - 0, - 0, 0, 0, 0, 0, - 0, - (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE) | (1 << PW_ACCOUNTING_RESPONSE), - 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20..29 */ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30..39 */ - (((uint64_t) 1) << PW_DISCONNECT_ACK) | (((uint64_t) 1) << PW_DISCONNECT_NAK), - 0, - 0, - (((uint64_t) 1) << PW_COA_ACK) | (((uint64_t) 1) << PW_COA_NAK), - 0, - 0 -}; - - -int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) -{ - size_t packet_len; - const uint8_t *attr, *end; - - if (!data || (sizeof_data < 20)) { - nr_debug_error("Invalid argument"); - return -RSE_INVAL; - } - - packet_len = (data[2] << 8) | data[3]; - if (packet_len < 20) { - nr_debug_error("Packet length is too small"); - return -RSE_PACKET_TOO_SMALL; - } - - if (packet_len > sizeof_data) { - nr_debug_error("Packet length overflows received data"); - return -RSE_PACKET_TOO_LARGE; - } - - /* - * If we receive 100 bytes, and the header says it's 20 bytes, - * then it's 20 bytes. - */ - end = data + packet_len; - - for (attr = data + 20; attr < end; attr += attr[1]) { - if ((attr + 2) > end) { - nr_debug_error("Attribute overflows packet"); - return -RSE_ATTR_OVERFLOW; - } - - if (attr[1] < 2) { - nr_debug_error("Attribute length is too small"); - return -RSE_ATTR_TOO_SMALL; - } - - if ((attr + attr[1]) > end) { - nr_debug_error("Attribute length is too large"); - return -RSE_ATTR_TOO_LARGE; - } - } - - return 0; -} - -int nr_packet_ok(RADIUS_PACKET *packet) -{ - int rcode; - - if (!packet) return -RSE_INVAL; - - if ((packet->flags & RS_PACKET_OK) != 0) return 0; - - rcode = nr_packet_ok_raw(packet->data, packet->length); - if (rcode < 0) return rcode; - - packet->flags |= RS_PACKET_OK; - return 0; -} - - -/* - * Comparison function that is time-independent. Using "memcmp" - * would satisfy the "comparison" part. However, it would also - * leak information about *which* bytes are wrong. Attackers - * could use that leak to create a "correct" RADIUS packet which - * will be accepted by the client and/or server. - */ -static int digest_cmp(const uint8_t *a, const uint8_t *b, size_t length) -{ - int result = 0; - size_t i; - - for (i = 0; i < length; i++) { - result |= (a[i] ^ b[i]); - } - - return result; -} - - -#ifdef PW_MESSAGE_AUTHENTICATOR -static int msg_auth_ok(const RADIUS_PACKET *original, - uint8_t *ma, - uint8_t *data, size_t length) -{ - uint8_t packet_vector[sizeof(original->vector)]; - uint8_t msg_auth_vector[sizeof(original->vector)]; - uint8_t calc_auth_vector[sizeof(original->vector)]; - - if (ma[1] != 18) { - nr_debug_error("Message-Authenticator has invalid length"); - return -RSE_MSG_AUTH_LEN; - } - - memcpy(packet_vector, data + 4, sizeof(packet_vector)); - memcpy(msg_auth_vector, ma + 2, sizeof(msg_auth_vector)); - memset(ma + 2, 0, sizeof(msg_auth_vector)); - - switch (data[0]) { - default: - break; - - case PW_ACCOUNTING_REQUEST: - case PW_ACCOUNTING_RESPONSE: - case PW_DISCONNECT_REQUEST: - case PW_DISCONNECT_ACK: - case PW_DISCONNECT_NAK: - case PW_COA_REQUEST: - case PW_COA_ACK: - case PW_COA_NAK: - memset(data + 4, 0, sizeof(packet_vector)); - break; - - case PW_ACCESS_ACCEPT: - case PW_ACCESS_REJECT: - case PW_ACCESS_CHALLENGE: - if (!original) { - nr_debug_error("Cannot validate response without request"); - return -RSE_REQUEST_REQUIRED; - } - memcpy(data + 4, original->vector, sizeof(original->vector)); - break; - } - - nr_hmac_md5(data, length, - (const uint8_t *) original->secret, original->sizeof_secret, - calc_auth_vector); - - memcpy(ma + 2, msg_auth_vector, sizeof(msg_auth_vector)); - memcpy(data + 4, packet_vector, sizeof(packet_vector)); - - if (digest_cmp(calc_auth_vector, msg_auth_vector, - sizeof(calc_auth_vector)) != 0) { - nr_debug_error("Invalid Message-Authenticator"); - return -RSE_MSG_AUTH_WRONG; - } - - return 1; -} -#endif - -/* - * The caller ensures that the packet codes are as expected. - */ -static int packet_auth_ok(const RADIUS_PACKET *original, - uint8_t *data, size_t length) -{ - uint8_t packet_vector[sizeof(original->vector)]; - uint8_t calc_digest[sizeof(original->vector)]; - RS_MD5_CTX ctx; - - if ((data[0] == PW_ACCESS_REQUEST) || - (data[0] == PW_STATUS_SERVER)) return 1; - - memcpy(packet_vector, data + 4, sizeof(packet_vector)); - - if (!original) { - memset(data + 4, 0, sizeof(packet_vector)); - } else { - memcpy(data + 4, original->vector, sizeof(original->vector)); - } - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, data, length); - RS_MD5Update(&ctx, (const unsigned char *)original->secret, original->sizeof_secret); - RS_MD5Final(calc_digest, &ctx); - - memcpy(data + 4, packet_vector, sizeof(packet_vector)); - - if (digest_cmp(calc_digest, packet_vector, - sizeof(packet_vector)) != 0) { - nr_debug_error("Invalid authentication vector"); - return -RSE_AUTH_VECTOR_WRONG; - } - - return 0; -} - - -int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ - int rcode; - uint8_t *attr; -#ifdef PW_MESSAGE_AUTHENTICATOR - const uint8_t *end; -#endif - - if (!packet || !packet->data || !packet->secret) { - nr_debug_error("Invalid argument"); - return -RSE_INVAL; - } - - if ((packet->flags & RS_PACKET_VERIFIED) != 0) return 0; - - /* - * Packet isn't well formed. Ignore it. - */ - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - /* - * Get rid of improper packets as early as possible. - */ - if (original) { - uint64_t mask; - - if (original->code > RS_MAX_PACKET_CODE) { - nr_debug_error("Invalid original code %u", - original->code); - return -RSE_INVALID_REQUEST_CODE; - } - - if (packet->data[1] != original->id) { - nr_debug_error("Ignoring response with wrong ID %u", - packet->data[1]); - return -RSE_INVALID_RESPONSE_CODE; - } - - mask = 1; - mask <<= packet->data[0]; - - if ((allowed_responses[original->code] & mask) == 0) { - nr_debug_error("Ignoring response with wrong code %u", - packet->data[0]); - return -RSE_INVALID_RESPONSE_CODE; - } - - if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && - (evutil_sockaddr_cmp((struct sockaddr *)&packet->src, (struct sockaddr *)&original->dst, 1) != 0)) { - nr_debug_error("Ignoring response from wrong IP/port"); - return -RSE_INVALID_RESPONSE_SRC; - } - - } else if (allowed_responses[packet->data[0]] != 0) { - nr_debug_error("Ignoring response without original"); - return -RSE_INVALID_RESPONSE_CODE; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - end = packet->data + packet->length; - - /* - * Note that the packet MUST be well-formed here. - */ - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { - rcode = msg_auth_ok(original, attr, - packet->data, packet->length); - if (rcode < 0) return rcode; - } - } -#endif - - /* - * Verify the packet authenticator. - */ - rcode = packet_auth_ok(original, packet->data, packet->length); - if (rcode < 0) return rcode; - - packet->flags |= RS_PACKET_VERIFIED; - - return 0; -} - - -int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ - int rcode, num_attributes; - uint8_t *data, *attr; - const uint8_t *end; - VALUE_PAIR **tail, *vp; - - if (!packet) return -RSE_INVAL; - - if ((packet->flags & RS_PACKET_DECODED) != 0) return 0; - - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - data = packet->data; - end = data + packet->length; - tail = &packet->vps; - num_attributes = 0; - - /* - * Loop over the packet, converting attrs to VPs. - */ - for (attr = data + 20; attr < end; attr += attr[1]) { - rcode = nr_attr2vp(packet, original, - attr, end - attr, &vp); - if (rcode < 0) { - nr_vp_free(&packet->vps); - return -rcode; - } - - *tail = vp; - while (vp) { - num_attributes++; - tail = &(vp->next); - vp = vp->next; - } - - if (num_attributes > RS_MAX_ATTRIBUTES) { - nr_debug_error("Too many attributes"); - nr_vp_free(&packet->vps); - return -RSE_TOO_MANY_ATTRS; - } - } - - packet->code = data[0]; - packet->id = data[1]; - memcpy(packet->vector, data + 4, sizeof(packet->vector)); - - packet->flags |= RS_PACKET_DECODED; - - return 0; -} - - -int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ -#ifdef PW_MESSAGE_AUTHENTICATOR - size_t ma = 0; - const uint8_t *attr, *end; -#endif - - if ((packet->flags & RS_PACKET_SIGNED) != 0) return 0; - - if ((packet->flags & RS_PACKET_ENCODED) == 0) { - int rcode; - - rcode = nr_packet_encode(packet, original); - if (rcode < 0) return rcode; - } - - if ((packet->code == PW_ACCESS_ACCEPT) || - (packet->code == PW_ACCESS_CHALLENGE) || - (packet->code == PW_ACCESS_REJECT)) { -#ifdef PW_MESSAGE_AUTHENTICATOR - if (!original) { - nr_debug_error("Original packet is required to create the Message-Authenticator"); - return -RSE_REQUEST_REQUIRED; - } -#endif - - memcpy(packet->data + 4, original->vector, - sizeof(original->vector)); - } else { - memcpy(packet->data + 4, packet->vector, - sizeof(packet->vector)); - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - end = packet->data + packet->length; - - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { - ma = (attr - packet->data); - break; - } - } - - /* - * Force all Access-Request packets to have a - * Message-Authenticator. - */ - if (!ma && ((packet->length + 18) <= packet->sizeof_data) && - ((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER))) { - ma = packet->length; - - packet->data[ma]= PW_MESSAGE_AUTHENTICATOR; - packet->data[ma + 1] = 18; - memset(&packet->data[ma + 2], 0, 16); - packet->length += 18; - } - - /* - * Reset the length. - */ - packet->data[2] = (packet->length >> 8) & 0xff; - packet->data[3] = packet->length & 0xff; - - /* - * Sign the Message-Authenticator && packet. - */ - if (ma) { - nr_hmac_md5(packet->data, packet->length, - (const uint8_t *) packet->secret, packet->sizeof_secret, - packet->data + ma + 2); - } -#endif - - /* - * Calculate the signature. - */ - if (!((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER))) { - RS_MD5_CTX ctx; - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, packet->data, packet->length); - RS_MD5Update(&ctx, (const unsigned char *)packet->secret, packet->sizeof_secret); - RS_MD5Final(packet->vector, &ctx); - } - - memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); - - packet->attempts = 0; - packet->flags |= RS_PACKET_SIGNED; - - return 0; -} - - -static int can_encode_packet(RADIUS_PACKET *packet, - const RADIUS_PACKET *original) -{ - if ((packet->code == 0) || - (packet->code > RS_MAX_PACKET_CODE) || - (original && (original->code > RS_MAX_PACKET_CODE))) { - nr_debug_error("Cannot send unknown packet code"); - return -RSE_INVALID_REQUEST_CODE; - } - - if (!nr_packet_codes[packet->code]) { - nr_debug_error("Cannot handle packet code %u", - packet->code); - return -RSE_INVALID_REQUEST_CODE; - } - -#ifdef NR_NO_MALLOC - if (!packet->data) { - nr_debug_error("No place to put packet"); - return -RSE_NO_PACKET_DATA; - } -#endif - - if (packet->sizeof_data < 20) { - nr_debug_error("The buffer is too small to encode the packet"); - return -RSE_PACKET_TOO_SMALL; - } - - /* - * Enforce request / response correlation. - */ - if (original) { - uint64_t mask; - - mask = 1; - mask <<= packet->code; - - if ((allowed_responses[original->code] & mask) == 0) { - nr_debug_error("Cannot encode response %u to packet %u", - packet->code, original->code); - return -RSE_INVALID_RESPONSE_CODE; - } - packet->id = original->id; - - } else if (allowed_responses[packet->code] == 0) { - nr_debug_error("Cannot encode response %u without original", - packet->code); - return -RSE_REQUEST_REQUIRED; - } - - return 0; -} - -static void encode_header(RADIUS_PACKET *packet) -{ - if ((packet->flags & RS_PACKET_HEADER) != 0) return; - - memset(packet->data, 0, 20); - packet->data[0] = packet->code; - packet->data[1] = packet->id; - packet->data[2] = 0; - packet->data[3] = 20; - packet->length = 20; - - /* - * Calculate a random authentication vector. - */ - if ((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER)) { - nr_rand_bytes(packet->vector, sizeof(packet->vector)); - } else { - memset(packet->vector, 0, sizeof(packet->vector)); - } - - memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); - - packet->flags |= RS_PACKET_HEADER; -} - -int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ -#ifdef PW_MESSAGE_AUTHENTICATOR - size_t ma = 0; -#endif - int rcode; - ssize_t len; - const VALUE_PAIR *vp; - uint8_t *data, *end; - - if ((packet->flags & RS_PACKET_ENCODED) != 0) return 0; - - rcode = can_encode_packet(packet, original); - if (rcode < 0) return rcode; - - data = packet->data; - end = data + packet->sizeof_data; - - encode_header(packet); - data += 20; - - /* - * Encode each VALUE_PAIR - */ - vp = packet->vps; - while (vp) { -#ifdef PW_MESSAGE_AUTHENTICATOR - if (vp->da->attr == PW_MESSAGE_AUTHENTICATOR) { - ma = (data - packet->data); - } -#endif - len = nr_vp2attr(packet, original, &vp, - data, end - data); - if (len < 0) return len; - - if (len == 0) break; /* insufficient room to encode it */ - - data += data[1]; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - /* - * Always send a Message-Authenticator. - * - * We do *not* recommend removing this code. - */ - if (((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER)) && - !ma && - ((data + 18) <= end)) { - ma = (data - packet->data); - data[0] = PW_MESSAGE_AUTHENTICATOR; - data[1] = 18; - memset(data + 2, 0, 16); - data += data[1]; - } -#endif - - packet->length = data - packet->data; - - packet->data[2] = (packet->length >> 8) & 0xff; - packet->data[3] = packet->length & 0xff; - - packet->flags |= RS_PACKET_ENCODED; - - return packet->length; -} - - -/* - * Ensure that the nr_data2attr_t structure is filled in - * appropriately. This includes filling in a fake DICT_ATTR - * structure, if necessary. - */ -static int do_callback(void *ctx, nr_packet_walk_func_t callback, - int attr, int vendor, - const uint8_t *data, size_t sizeof_data) - -{ - int rcode; - const DICT_ATTR *da; - DICT_ATTR myda; - char buffer[64]; - - da = nr_dict_attr_byvalue(attr, vendor); - - /* - * The attribute is supposed to have a particular length, - * but does not. It is therefore malformed. - */ - if (da && (da->flags.length != 0) && - da->flags.length != sizeof_data) { - da = NULL; - } - - if (!da) { - rcode = nr_dict_attr_2struct(&myda, attr, vendor, - buffer, sizeof(buffer)); - - if (rcode < 0) return rcode; - da = &myda; - } - - rcode = callback(ctx, da, data, sizeof_data); - if (rcode < 0) return rcode; - - return 0; -} - - -int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, - nr_packet_walk_func_t callback) -{ - int rcode; - uint8_t *attr; - const uint8_t *end; - - if (!packet || !callback) return -RSE_INVAL; - - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - end = packet->data + packet->length; - - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - int length, value; - int dv_type, dv_length; - uint32_t vendorpec; - const uint8_t *vsa; - const DICT_VENDOR *dv = NULL; - - vendorpec = 0; - value = attr[0]; - - if (value != PW_VENDOR_SPECIFIC) { - raw: - rcode = do_callback(ctx, callback, - attr[0], 0, - attr + 2, attr[1] - 2); - if (rcode < 0) return rcode; - continue; - } - - if (attr[1] < 6) goto raw; - memcpy(&vendorpec, attr + 2, 4); - vendorpec = ntohl(vendorpec); - - if (dv && (dv->vendor != vendorpec)) dv = NULL; - - if (!dv) dv = nr_dict_vendor_byvalue(vendorpec); - - if (dv) { - dv_type = dv->type; - dv_length = dv->length; - } else { - dv_type = 1; - dv_length = 1; - } - - /* - * Malformed: it's a raw attribute. - */ - if (nr_tlv_ok(attr + 6, attr[1] - 6, dv_type, dv_length) < 0) { - goto raw; - } - - for (vsa = attr + 6; vsa < attr + attr[1]; vsa += length) { - switch (dv_type) { - case 4: - value = (vsa[2] << 8) | vsa[3]; - break; - - case 2: - value = (vsa[0] << 8) | vsa[1]; - break; - - case 1: - value = vsa[0]; - break; - - default: - return -RSE_INTERNAL; - } - - switch (dv_length) { - case 0: - length = attr[1] - 6 - dv_type; - break; - - case 2: - case 1: - length = vsa[dv_type + dv_length - 1]; - break; - - default: - return -RSE_INTERNAL; - } - - rcode = do_callback(ctx, callback, - value, vendorpec, - vsa + dv_type + dv_length, - length - dv_type - dv_length); - if (rcode < 0) return rcode; - } - } - - return 0; -} - -int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret, int code, - void *data, size_t sizeof_data) -{ - int rcode; - - if ((code < 0) || (code > RS_MAX_PACKET_CODE)) { - return -RSE_INVALID_REQUEST_CODE; - } - - if (!data || (sizeof_data < 20)) return -RSE_INVAL; - - memset(packet, 0, sizeof(*packet)); - packet->secret = secret; - packet->sizeof_secret = secret ? strlen(secret) : 0; - packet->code = code; - packet->id = 0; - packet->data = data; - packet->sizeof_data = sizeof_data; - - rcode = can_encode_packet(packet, original); - if (rcode < 0) return rcode; - - encode_header(packet); - - return 0; -} - - -static int pack_eap(RADIUS_PACKET *packet, - const void *data, size_t data_len) -{ - uint8_t *attr, *end; - const uint8_t *eap; - size_t left; - - eap = data; - left = data_len; - attr = packet->data + packet->length; - end = attr + packet->sizeof_data; - - while (left > 253) { - if ((attr + 255) > end) return -RSE_ATTR_OVERFLOW; - - attr[0] = PW_EAP_MESSAGE; - attr[1] = 255; - memcpy(attr + 2, eap, 253); - attr += attr[1]; - eap += 253; - left -= 253; - } - - if ((attr + (2 + left)) > end) return -RSE_ATTR_OVERFLOW; - - attr[0] = PW_EAP_MESSAGE; - attr[1] = 2 + left; - memcpy(attr + 2, eap, left); - attr += attr[1]; - packet->length = attr - packet->data; - - return 0; -} - -ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const DICT_ATTR *da, - const void *data, size_t data_len) -{ - ssize_t rcode; - uint8_t *attr, *end; - VALUE_PAIR my_vp; - const VALUE_PAIR *vp; - - if (!packet || !da || !data) { - return -RSE_INVAL; - } - - if (data_len == 0) { - if (da->type != RS_TYPE_STRING) return -RSE_ATTR_TOO_SMALL; - - data_len = strlen(data); - } - - /* We're going to mark the whole packet as encoded so we - better not have any unencoded value-pairs attached. */ - if (packet->vps) - return -RSE_INVAL; - packet->flags |= RS_PACKET_ENCODED; - - attr = packet->data + packet->length; - end = attr + packet->sizeof_data; - - if ((attr + 2 + data_len) > end) { - return -RSE_ATTR_OVERFLOW; - } - - if ((da->flags.length != 0) && - (data_len != da->flags.length)) { - return -RSE_ATTR_VALUE_MALFORMED; - } - -#ifdef PW_EAP_MESSAGE - /* - * automatically split EAP-Message into multiple - * attributes. - */ - if (!da->vendor && (da->attr == PW_EAP_MESSAGE) && (data_len > 253)) { - return pack_eap(packet, data, data_len); - } -#endif - - if (data_len > 253) return -RSE_ATTR_TOO_LARGE; - - vp = nr_vp_init(&my_vp, da); - rcode = nr_vp_set_data(&my_vp, data, data_len); - if (rcode < 0) return rcode; - - /* - * Note that this function packs VSAs each into their own - * Vendor-Specific attribute. If this isn't what you - * want, use the version of the library with full support - * for TLVs, WiMAX, and extended attributes. - */ - rcode = nr_vp2attr(packet, original, &vp, attr, end - attr); - if (rcode <= 0) return rcode; - - packet->length += rcode; - - return rcode; -} diff --git a/lib/radius/share/dictionary.abfab.ietf b/lib/radius/share/dictionary.abfab.ietf deleted file mode 100644 index b60702c..0000000 --- a/lib/radius/share/dictionary.abfab.ietf +++ /dev/null @@ -1,4 +0,0 @@ -ATTRIBUTE GSS-Acceptor-Service-Name 164 string -ATTRIBUTE GSS-Acceptor-Host-Name 165 string -ATTRIBUTE GSS-Acceptor-Service-Specifics 166 string -ATTRIBUTE GSS-Acceptor-Realm-Name 167 string diff --git a/lib/radius/share/dictionary.juniper b/lib/radius/share/dictionary.juniper deleted file mode 100644 index 9aa5df4..0000000 --- a/lib/radius/share/dictionary.juniper +++ /dev/null @@ -1,23 +0,0 @@ -# -*- text -*- -# -# dictionary.juniper -# -# As posted to the list by Eric Kilfoil <ekilfoil@uslec.net> -# -# Version: $Id$ -# - -VENDOR Juniper 2636 - -BEGIN-VENDOR Juniper - -ATTRIBUTE Juniper-Local-User-Name 1 string -ATTRIBUTE Juniper-Allow-Commands 2 string -ATTRIBUTE Juniper-Deny-Commands 3 string -ATTRIBUTE Juniper-Allow-Configuration 4 string -ATTRIBUTE Juniper-Deny-Configuration 5 string -ATTRIBUTE Juniper-Interactive-Command 8 string -ATTRIBUTE Juniper-Configuration-Change 9 string -ATTRIBUTE Juniper-User-Permissions 10 string - -END-VENDOR Juniper diff --git a/lib/radius/share/dictionary.microsoft b/lib/radius/share/dictionary.microsoft deleted file mode 100644 index 034e5f0..0000000 --- a/lib/radius/share/dictionary.microsoft +++ /dev/null @@ -1,17 +0,0 @@ -# A minimal dictionary for Microsoft VSAs -# -VENDOR Microsoft 311 - -BEGIN-VENDOR Microsoft -ATTRIBUTE MS-CHAP-Response 1 octets -ATTRIBUTE MS-CHAP-Error 2 string -ATTRIBUTE MS-MPPE-Encryption-Policy 7 octets -ATTRIBUTE MS-MPPE-Encryption-Types 8 octets -ATTRIBUTE MS-CHAP-Domain 10 string -ATTRIBUTE MS-CHAP-Challenge 11 octets -ATTRIBUTE MS-CHAP-MPPE-Keys 12 octets encrypt=1 -ATTRIBUTE MS-MPPE-Send-Key 16 octets encrypt=2 -ATTRIBUTE MS-MPPE-Recv-Key 17 octets encrypt=2 -ATTRIBUTE MS-CHAP2-Response 25 octets -ATTRIBUTE MS-CHAP2-Success 26 octets -END-VENDOR Microsoft diff --git a/lib/radius/share/dictionary.txt b/lib/radius/share/dictionary.txt deleted file mode 100644 index e62f8b3..0000000 --- a/lib/radius/share/dictionary.txt +++ /dev/null @@ -1,136 +0,0 @@ -ATTRIBUTE User-Name 1 string -ATTRIBUTE User-Password 2 string encrypt=1 -ATTRIBUTE CHAP-Password 3 octets -ATTRIBUTE NAS-IP-Address 4 ipaddr -ATTRIBUTE NAS-Port 5 integer -ATTRIBUTE Service-Type 6 integer -ATTRIBUTE Framed-Protocol 7 integer -ATTRIBUTE Framed-IP-Address 8 ipaddr -ATTRIBUTE Framed-IP-Netmask 9 ipaddr -ATTRIBUTE Framed-Routing 10 integer -ATTRIBUTE Filter-Id 11 string -ATTRIBUTE Framed-MTU 12 integer -ATTRIBUTE Framed-Compression 13 integer -ATTRIBUTE Login-IP-Host 14 ipaddr -ATTRIBUTE Login-Service 15 integer -ATTRIBUTE Login-TCP-Port 16 integer -ATTRIBUTE Reply-Message 18 string -ATTRIBUTE Callback-Number 19 string -ATTRIBUTE Callback-Id 20 string -ATTRIBUTE Framed-Route 22 string -ATTRIBUTE Framed-IPX-Network 23 ipaddr -ATTRIBUTE State 24 octets -ATTRIBUTE Class 25 octets -ATTRIBUTE Vendor-Specific 26 octets -ATTRIBUTE Session-Timeout 27 integer -ATTRIBUTE Idle-Timeout 28 integer -ATTRIBUTE Termination-Action 29 integer -ATTRIBUTE Called-Station-Id 30 string -ATTRIBUTE Calling-Station-Id 31 string -ATTRIBUTE NAS-Identifier 32 string -ATTRIBUTE Proxy-State 33 octets -ATTRIBUTE Login-LAT-Service 34 string -ATTRIBUTE Login-LAT-Node 35 string -ATTRIBUTE Login-LAT-Group 36 octets -ATTRIBUTE Framed-AppleTalk-Link 37 integer -ATTRIBUTE Framed-AppleTalk-Network 38 integer -ATTRIBUTE Framed-AppleTalk-Zone 39 string -ATTRIBUTE CHAP-Challenge 60 octets -ATTRIBUTE NAS-Port-Type 61 integer -ATTRIBUTE Port-Limit 62 integer -ATTRIBUTE Login-LAT-Port 63 string -ATTRIBUTE Acct-Status-Type 40 integer -ATTRIBUTE Acct-Delay-Time 41 integer -ATTRIBUTE Acct-Input-Octets 42 integer -ATTRIBUTE Acct-Output-Octets 43 integer -ATTRIBUTE Acct-Session-Id 44 string -ATTRIBUTE Acct-Authentic 45 integer -ATTRIBUTE Acct-Session-Time 46 integer -ATTRIBUTE Acct-Input-Packets 47 integer -ATTRIBUTE Acct-Output-Packets 48 integer -ATTRIBUTE Acct-Terminate-Cause 49 integer -ATTRIBUTE Acct-Multi-Session-Id 50 string -ATTRIBUTE Acct-Link-Count 51 integer -ATTRIBUTE Acct-Tunnel-Connection 68 string -ATTRIBUTE Acct-Tunnel-Packets-Lost 86 integer -ATTRIBUTE Tunnel-Type 64 integer has_tag -ATTRIBUTE Tunnel-Medium-Type 65 integer has_tag -ATTRIBUTE Tunnel-Client-Endpoint 66 string has_tag -ATTRIBUTE Tunnel-Server-Endpoint 67 string has_tag -ATTRIBUTE Tunnel-Password 69 string has_tag,encrypt=2 -ATTRIBUTE Tunnel-Private-Group-Id 81 string has_tag -ATTRIBUTE Tunnel-Assignment-Id 82 string has_tag -ATTRIBUTE Tunnel-Preference 83 integer has_tag -ATTRIBUTE Tunnel-Client-Auth-Id 90 string has_tag -ATTRIBUTE Tunnel-Server-Auth-Id 91 string has_tag -ATTRIBUTE Acct-Input-Gigawords 52 integer -ATTRIBUTE Acct-Output-Gigawords 53 integer -ATTRIBUTE Event-Timestamp 55 date -ATTRIBUTE ARAP-Password 70 octets[16] -ATTRIBUTE ARAP-Features 71 octets[14] -ATTRIBUTE ARAP-Zone-Access 72 integer -ATTRIBUTE ARAP-Security 73 integer -ATTRIBUTE ARAP-Security-Data 74 string -ATTRIBUTE Password-Retry 75 integer -ATTRIBUTE Prompt 76 integer -ATTRIBUTE Connect-Info 77 string -ATTRIBUTE Configuration-Token 78 string -ATTRIBUTE EAP-Message 79 octets -ATTRIBUTE Message-Authenticator 80 octets -ATTRIBUTE ARAP-Challenge-Response 84 octets[8] -ATTRIBUTE Acct-Interim-Interval 85 integer -ATTRIBUTE NAS-Port-Id 87 string -ATTRIBUTE Framed-Pool 88 string -ATTRIBUTE NAS-IPv6-Address 95 ipv6addr -ATTRIBUTE Framed-Interface-Id 96 ifid -ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix -ATTRIBUTE Login-IPv6-Host 98 ipv6addr -ATTRIBUTE Framed-IPv6-Route 99 string -ATTRIBUTE Framed-IPv6-Pool 100 string -ATTRIBUTE Error-Cause 101 integer -ATTRIBUTE EAP-Key-Name 102 string -ATTRIBUTE Chargeable-User-Identity 89 string -ATTRIBUTE Egress-VLANID 56 integer -ATTRIBUTE Ingress-Filters 57 integer -ATTRIBUTE Egress-VLAN-Name 58 string -ATTRIBUTE User-Priority-Table 59 octets -ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix -ATTRIBUTE NAS-Filter-Rule 92 string -ATTRIBUTE Digest-Response 103 string -ATTRIBUTE Digest-Realm 104 string -ATTRIBUTE Digest-Nonce 105 string -ATTRIBUTE Digest-Response-Auth 106 string -ATTRIBUTE Digest-Nextnonce 107 string -ATTRIBUTE Digest-Method 108 string -ATTRIBUTE Digest-URI 109 string -ATTRIBUTE Digest-Qop 110 string -ATTRIBUTE Digest-Algorithm 111 string -ATTRIBUTE Digest-Entity-Body-Hash 112 string -ATTRIBUTE Digest-CNonce 113 string -ATTRIBUTE Digest-Nonce-Count 114 string -ATTRIBUTE Digest-Username 115 string -ATTRIBUTE Digest-Opaque 116 string -ATTRIBUTE Digest-Auth-Param 117 string -ATTRIBUTE Digest-AKA-Auts 118 string -ATTRIBUTE Digest-Domain 119 string -ATTRIBUTE Digest-Stale 120 string -ATTRIBUTE Digest-HA1 121 string -ATTRIBUTE SIP-AOR 122 string -ATTRIBUTE Operator-Name 126 string -ATTRIBUTE Location-Information 127 octets -ATTRIBUTE Location-Data 128 octets -ATTRIBUTE Basic-Location-Policy-Rules 129 octets -ATTRIBUTE Extended-Location-Policy-Rules 130 octets -ATTRIBUTE Location-Capable 131 integer -ATTRIBUTE Requested-Location-Info 132 integer -ATTRIBUTE Framed-Management 133 integer -ATTRIBUTE Management-Transport-Protection 134 integer -ATTRIBUTE Management-Policy-Id 135 string -ATTRIBUTE Management-Privilege-Level 136 integer -ATTRIBUTE PKM-SS-Cert 137 octets -ATTRIBUTE PKM-CA-Cert 138 octets -ATTRIBUTE PKM-Config-Settings 139 octets -ATTRIBUTE PKM-Cryptosuite-List 140 octets -ATTRIBUTE PKM-SAID 141 short -ATTRIBUTE PKM-SA-Descriptor 142 octets -ATTRIBUTE PKM-Auth-Key 143 octets diff --git a/lib/radius/share/dictionary.ukerna b/lib/radius/share/dictionary.ukerna deleted file mode 100644 index 7d9d22d..0000000 --- a/lib/radius/share/dictionary.ukerna +++ /dev/null @@ -1,20 +0,0 @@ -# -*- text -*- -# -# GSS-EAP VSAs -# -# $Id$ -# - -VENDOR UKERNA 25622 - -BEGIN-VENDOR UKERNA - -ATTRIBUTE GSS-Acceptor-Service-Name-VS 128 string -ATTRIBUTE GSS-Acceptor-Host-Name-VS 129 string -ATTRIBUTE GSS-Acceptor-Service-Specific-VS 130 string -ATTRIBUTE GSS-Acceptor-Realm-Name-VS 131 string -ATTRIBUTE SAML-AAA-Assertion 132 string -ATTRIBUTE MS-Windows-Auth-Data 133 octets -ATTRIBUTE MS-Windows-Group-Sid 134 string - -END-VENDOR UKERNA diff --git a/lib/radius/share/dictionary.vendor b/lib/radius/share/dictionary.vendor deleted file mode 100644 index 571dbc4..0000000 --- a/lib/radius/share/dictionary.vendor +++ /dev/null @@ -1,10 +0,0 @@ -# a sample vendor-specific dictionary - -VENDOR example 65535 - -BEGIN-VENDOR example -ATTRIBUTE Example-Integer 1 integer -ATTRIBUTE Example-String 2 string -ATTRIBUTE Example-IP-Address 3 ipaddr - -END-VENDOR example diff --git a/lib/radius/static.c b/lib/radius/static.c deleted file mode 100644 index bd87272..0000000 --- a/lib/radius/static.c +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file static.c - * \brief Dummy file to include auto-generating static dictionary mappings. - */ - -#include "client.h" - -/* - * Include the dynamically generated dictionaries. - */ -#include "dictionaries.c" diff --git a/lib/radius/tests/Makefile b/lib/radius/tests/Makefile deleted file mode 100644 index b9d74ad..0000000 --- a/lib/radius/tests/Makefile +++ /dev/null @@ -1,25 +0,0 @@ -# -# GNU Makefile -# -.PHONY: all clean -all: radattr - -HEADERS := ../client.h ../radius.h -CFLAGS := -g - -%.o : %.c - $(CC) $(CFLAGS) -I.. -I. -c $< - -%.o: ${HEADERS} - -LIBS := -lcrypto -lssl -LDFLAGS = -L.. -lnetworkradius-client - -../libnetworkradius-client.a: - @${MAKE} -C .. libnetworkradius-client.a - -radattr: radattr.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -clean: - @rm -rf *.o *.a *~ diff --git a/lib/radius/tests/radattr.c b/lib/radius/tests/radattr.c deleted file mode 100644 index d41499a..0000000 --- a/lib/radius/tests/radattr.c +++ /dev/null @@ -1,769 +0,0 @@ -/* - * Copyright (C) 2011 Network RADIUS SARL <info@networkradius.com> - * - * This software may not be redistributed in any form without the prior - * written consent of Network RADIUS. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -#include <ctype.h> - -#include <assert.h> - -static int packet_code = PW_ACCESS_REQUEST; -static int packet_id = 1; -static uint8_t packet_vector[16] = { 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0 }; -static char secret[256] = "testing123"; - -static int encode_tlv(char *buffer, uint8_t *output, size_t outlen); - -static const char *hextab = "0123456789abcdef"; - -static int encode_data_string(char *buffer, - uint8_t *output, size_t outlen) -{ - int length = 0; - char *p; - - p = buffer + 1; - - while (*p && (outlen > 0)) { - if (*p == '"') { - return length; - } - - if (*p != '\\') { - *(output++) = *(p++); - outlen--; - length++; - continue; - } - - switch (p[1]) { - default: - *(output++) = p[1]; - break; - - case 'n': - *(output++) = '\n'; - break; - - case 'r': - *(output++) = '\r'; - break; - - case 't': - *(output++) = '\t'; - break; - } - - outlen--; - length++; - } - - fprintf(stderr, "String is not terminated\n"); - return 0; -} - -static int encode_data_tlv(char *buffer, char **endptr, - uint8_t *output, size_t outlen) -{ - int depth = 0; - int length; - char *p; - - for (p = buffer; *p != '\0'; p++) { - if (*p == '{') depth++; - if (*p == '}') { - depth--; - if (depth == 0) break; - } - } - - if (*p != '}') { - fprintf(stderr, "No trailing '}' in string starting " - "with \"%s\"\n", - buffer); - return 0; - } - - *endptr = p + 1; - *p = '\0'; - - p = buffer + 1; - while (isspace((int) *p)) p++; - - length = encode_tlv(p, output, outlen); - if (length == 0) return 0; - - return length; -} - -static int encode_hex(char *p, uint8_t *output, size_t outlen) -{ - int length = 0; - while (*p) { - char *c1, *c2; - - while (isspace((int) *p)) p++; - - if (!*p) break; - - if(!(c1 = memchr(hextab, tolower((int) p[0]), 16)) || - !(c2 = memchr(hextab, tolower((int) p[1]), 16))) { - fprintf(stderr, "Invalid data starting at " - "\"%s\"\n", p); - return 0; - } - - *output = ((c1 - hextab) << 4) + (c2 - hextab); - output++; - length++; - p += 2; - - outlen--; - if (outlen == 0) { - fprintf(stderr, "Too much data\n"); - return 0; - } - } - - return length; -} - - -static int encode_data(char *p, uint8_t *output, size_t outlen) -{ - int length; - - if (!isspace((int) *p)) { - fprintf(stderr, "Invalid character following attribute " - "definition\n"); - return 0; - } - - while (isspace((int) *p)) p++; - - if (*p == '{') { - int sublen; - char *q; - - length = 0; - - do { - while (isspace((int) *p)) p++; - if (!*p) { - if (length == 0) { - fprintf(stderr, "No data\n"); - return 0; - } - - break; - } - - sublen = encode_data_tlv(p, &q, output, outlen); - if (sublen == 0) return 0; - - length += sublen; - output += sublen; - outlen -= sublen; - p = q; - } while (*q); - - return length; - } - - if (*p == '"') { - length = encode_data_string(p, output, outlen); - return length; - } - - length = encode_hex(p, output, outlen); - - if (length == 0) { - fprintf(stderr, "Empty string\n"); - return 0; - } - - return length; -} - -static int decode_attr(char *buffer, char **endptr) -{ - long attr; - - attr = strtol(buffer, endptr, 10); - if (*endptr == buffer) { - fprintf(stderr, "No valid number found in string " - "starting with \"%s\"\n", buffer); - return 0; - } - - if (!**endptr) { - fprintf(stderr, "Nothing follows attribute number\n"); - return 0; - } - - if ((attr <= 0) || (attr > 256)) { - fprintf(stderr, "Attribute number is out of valid " - "range\n"); - return 0; - } - - return (int) attr; -} - -static int decode_vendor(char *buffer, char **endptr) -{ - long vendor; - - if (*buffer != '.') { - fprintf(stderr, "Invalid separator before vendor id\n"); - return 0; - } - - vendor = strtol(buffer + 1, endptr, 10); - if (*endptr == (buffer + 1)) { - fprintf(stderr, "No valid vendor number found\n"); - return 0; - } - - if (!**endptr) { - fprintf(stderr, "Nothing follows vendor number\n"); - return 0; - } - - if ((vendor <= 0) || (vendor > (1 << 24))) { - fprintf(stderr, "Vendor number is out of valid range\n"); - return 0; - } - - if (**endptr != '.') { - fprintf(stderr, "Invalid data following vendor number\n"); - return 0; - } - (*endptr)++; - - return (int) vendor; -} - -static int encode_tlv(char *buffer, uint8_t *output, size_t outlen) -{ - int attr; - int length; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - output[0] = attr; - output[1] = 2; - - if (*p == '.') { - p++; - length = encode_tlv(p, output + 2, outlen - 2); - - } else { - length = encode_data(p, output + 2, outlen - 2); - } - - if (length == 0) return 0; - if (length > (255 - 2)) { - fprintf(stderr, "TLV data is too long\n"); - return 0; - } - - output[1] += length; - - return length + 2; -} - -static int encode_vsa(char *buffer, uint8_t *output, size_t outlen) -{ - int vendor; - int length; - char *p; - - vendor = decode_vendor(buffer, &p); - if (vendor == 0) return 0; - - output[0] = 0; - output[1] = (vendor >> 16) & 0xff; - output[2] = (vendor >> 8) & 0xff; - output[3] = vendor & 0xff; - - length = encode_tlv(p, output + 4, outlen - 4); - if (length == 0) return 0; - if (length > (255 - 6)) { - fprintf(stderr, "VSA data is too long\n"); - return 0; - } - - - return length + 4; -} - -static int encode_evs(char *buffer, uint8_t *output, size_t outlen) -{ - int vendor; - int attr; - int length; - char *p; - - vendor = decode_vendor(buffer, &p); - if (vendor == 0) return 0; - - attr = decode_attr(p, &p); - if (attr == 0) return 0; - - output[0] = 0; - output[1] = (vendor >> 16) & 0xff; - output[2] = (vendor >> 8) & 0xff; - output[3] = vendor & 0xff; - output[4] = attr; - - length = encode_data(p, output + 5, outlen - 5); - if (length == 0) return 0; - - return length + 5; -} - -static int encode_extended(char *buffer, - uint8_t *output, size_t outlen) -{ - int attr; - int length; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - output[0] = attr; - - if (attr == 26) { - length = encode_evs(p, output + 1, outlen - 1); - } else { - length = encode_data(p, output + 1, outlen - 1); - } - if (length == 0) return 0; - if (length > (255 - 3)) { - fprintf(stderr, "Extended Attr data is too long\n"); - return 0; - } - - return length + 1; -} - -static int encode_extended_flags(char *buffer, - uint8_t *output, size_t outlen) -{ - int attr; - int length, total; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - /* output[0] is the extended attribute */ - output[1] = 4; - output[2] = attr; - output[3] = 0; - - if (attr == 26) { - length = encode_evs(p, output + 4, outlen - 4); - if (length == 0) return 0; - - output[1] += 5; - length -= 5; - } else { - length = encode_data(p, output + 4, outlen - 4); - } - if (length == 0) return 0; - - total = 0; - while (1) { - int sublen = 255 - output[1]; - - if (length <= sublen) { - output[1] += length; - total += output[1]; - break; - } - - length -= sublen; - - memmove(output + 255 + 4, output + 255, length); - memcpy(output + 255, output, 4); - - output[1] = 255; - output[3] |= 0x80; - - output += 255; - output[1] = 4; - total += 255; - } - - return total; -} - -static int encode_rfc(char *buffer, uint8_t *output, size_t outlen) -{ - int attr; - int length, sublen; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - length = 2; - output[0] = attr; - output[1] = 2; - - if (attr == 26) { - sublen = encode_vsa(p, output + 2, outlen - 2); - - } else if ((attr < 241) || (attr > 246)) { - sublen = encode_data(p, output + 2, outlen - 2); - - } else { - if (*p != '.') { - fprintf(stderr, "Invalid data following " - "attribute number\n"); - return 0; - } - - if (attr < 245) { - sublen = encode_extended(p + 1, - output + 2, outlen - 2); - } else { - - /* - * Not like the others! - */ - return encode_extended_flags(p + 1, output, outlen); - } - } - if (sublen == 0) return 0; - if (sublen > (255 -2)) { - fprintf(stderr, "RFC Data is too long\n"); - return 0; - } - - output[1] += sublen; - return length + sublen; -} - -static int walk_callback(void *ctx, const DICT_ATTR *da, - const uint8_t *data, size_t sizeof_data) -{ - char **p = ctx; - - sprintf(*p, "v%u a%u l%ld,", - da->vendor, da->attr, sizeof_data); - - *p += strlen(*p); -} - -static void process_file(const char *filename) -{ - int lineno, rcode; - size_t i, outlen; - ssize_t len, data_len; - FILE *fp; - RADIUS_PACKET packet; - char input[8192], buffer[8192]; - char output[8192]; - uint8_t *attr, data[2048]; - - if (strcmp(filename, "-") == 0) { - fp = stdin; - filename = "<stdin>"; - - } else { - fp = fopen(filename, "r"); - if (!fp) { - fprintf(stderr, "Error opening %s: %s\n", - filename, strerror(errno)); - exit(1); - } - } - - lineno = 0; - *output = '\0'; - data_len = 0; - - while (fgets(buffer, sizeof(buffer), fp) != NULL) { - char *p = strchr(buffer, '\n'); - VALUE_PAIR *vp, *head = NULL; - VALUE_PAIR **tail = &head; - - lineno++; - - if (!p) { - if (!feof(fp)) { - fprintf(stderr, "Line %d too long in %s\n", - lineno, filename); - exit(1); - } - } else { - *p = '\0'; - } - - p = strchr(buffer, '#'); - if (p) *p = '\0'; - - p = buffer; - while (isspace((int) *p)) p++; - if (!*p) continue; - - strcpy(input, p); - - if (strncmp(p, "raw ", 4) == 0) { - outlen = encode_rfc(p + 4, data, sizeof(data)); - if (outlen == 0) { - fprintf(stderr, "Parse error in line %d of %s\n", - lineno, filename); - exit(1); - } - - print_hex: - if (outlen == 0) { - output[0] = 0; - continue; - } - - data_len = outlen; - for (i = 0; i < outlen; i++) { - snprintf(output + 3*i, sizeof(output), - "%02x ", data[i]); - } - outlen = strlen(output); - output[outlen - 1] = '\0'; - continue; - } - - if (strncmp(p, "data ", 5) == 0) { - if (strcmp(p + 5, output) != 0) { - fprintf(stderr, "Mismatch in line %d of %s, expected: %s\n", - lineno, filename, output); - exit(1); - } - continue; - } - - head = NULL; - if (strncmp(p, "encode ", 7) == 0) { - if (strcmp(p + 7, "-") == 0) { - p = output; - } else { - p += 7; - } - - rcode = nr_vp_sscanf(p, &head); - if (rcode < 0) { - strcpy(output, nr_strerror(rcode)); - continue; - } - - attr = data; - vp = head; - while (vp != NULL) { - len = nr_vp2attr(NULL, NULL, &vp, - attr, sizeof(data) - (attr - data)); - if (len < 0) { - fprintf(stderr, "Failed encoding %s: %s\n", - vp->da->name, nr_strerror(len)); - exit(1); - } - - attr += len; - if (len == 0) break; - } - - nr_vp_free(&head); - outlen = len; - goto print_hex; - } - - if (strncmp(p, "decode ", 7) == 0) { - ssize_t my_len; - - if (strcmp(p + 7, "-") == 0) { - attr = data; - len = data_len; - } else { - attr = data; - len = encode_hex(p + 7, data, sizeof(data)); - if (len == 0) { - fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); - exit(1); - } - } - - while (len > 0) { - vp = NULL; - my_len = nr_attr2vp(NULL, NULL, - attr, len, &vp); - if (my_len < 0) { - nr_vp_free(&head); - break; - } - - if (my_len > len) { - fprintf(stderr, "Internal sanity check failed at %d\n", __LINE__); - exit(1); - } - - *tail = vp; - while (vp) { - tail = &(vp->next); - vp = vp->next; - } - - attr += my_len; - len -= my_len; - } - - /* - * Output may be an error, and we ignore - * it if so. - */ - if (head) { - p = output; - for (vp = head; vp != NULL; vp = vp->next) { - nr_vp_snprintf(p, sizeof(output) - (p - output), vp); - p += strlen(p); - - if (vp->next) {strcpy(p, ", "); - p += 2; - } - } - - nr_vp_free(&head); - } else if (my_len < 0) { - strcpy(output, nr_strerror(my_len)); - - } else { /* zero-length attribute */ - *output = '\0'; - } - continue; - } - - if (strncmp(p, "walk ", 5) == 0) { - len = encode_hex(p + 5, data + 20, sizeof(data) - 20); - - if (len == 0) { - fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); - exit(1); - } - - memset(data, 0, 20); - packet.data = data; - packet.length = len + 20; - packet.data[2] = ((len + 20) >> 8) & 0xff; - packet.data[3] = (len + 20) & 0xff; - - *output = '\0'; - p = output; - - rcode = nr_packet_walk(&packet, &p, walk_callback); - if (rcode < 0) { - snprintf(output, sizeof(output), "%d", rcode); - continue; - } - - if (*output) output[strlen(output) - 1] = '\0'; - continue; - } - - if (strncmp(p, "$INCLUDE ", 9) == 0) { - p += 9; - while (isspace((int) *p)) p++; - - process_file(p); - continue; - } - - if (strncmp(p, "secret ", 7) == 0) { - strlcpy(secret, p + 7, sizeof(secret)); - strlcpy(output, secret, sizeof(output)); - continue; - } - - if (strncmp(p, "code ", 5) == 0) { - packet_code = atoi(p + 5); - snprintf(output, sizeof(output), "%u", packet_code); - continue; - } - - if (strncmp(p, "sign ", 5) == 0) { - len = encode_hex(p + 5, data + 20, sizeof(data) - 20); - if (len == 0) { - fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); - exit(1); - } - - memset(&packet, 0, sizeof(packet)); - packet.secret = secret; - packet.sizeof_secret = strlen(secret); - packet.code = packet_code; - packet.id = packet_id; - memcpy(packet.vector, packet_vector, 16); - packet.data = data; - packet.length = len + 20; - - /* - * Hack encode the packet. - */ - packet.data[0] = packet_code; - packet.data[1] = packet_id; - packet.data[2] = ((len + 20) >> 8) & 0xff; - packet.data[3] = (len + 20) & 0xff; - memcpy(packet.data + 4, packet_vector, 16); - - rcode = nr_packet_sign(&packet, NULL); - if (rcode < 0) { - snprintf(output, sizeof(output), "%d", rcode); - continue; - } - - memcpy(data, packet.vector, sizeof(packet.vector)); - outlen = sizeof(packet.vector); - goto print_hex; - } - - fprintf(stderr, "Unknown input at line %d of %s\n", - lineno, filename); - exit(1); - } - - if (fp != stdin) fclose(fp); -} - -int main(int argc, char *argv[]) -{ - int c; - - if (argc < 2) { - process_file("-"); - - } else { - process_file(argv[1]); - } - - return 0; -} diff --git a/lib/radius/tests/rfc.txt b/lib/radius/tests/rfc.txt deleted file mode 100644 index d8bd613..0000000 --- a/lib/radius/tests/rfc.txt +++ /dev/null @@ -1,144 +0,0 @@ -# All attribute lengths are implicit, and are calculated automatically -# -# Input is of the form: -# -# WORD ... -# -# The WORD is a keyword which indicates the format of the following text. -# WORD is one of: -# -# raw - read the grammar defined below, and encode an attribute. -# The grammer supports a trivial way of describing RADIUS -# attributes, without reference to dictionaries or fancy -# parsers -# -# encode - reads "Attribute-Name = value", encodes it, and prints -# the result as text. -# use "-" to encode the output of the last command -# -# decode - reads hex, and decodes it "Attribute-Name = value" -# use "-" to decode the output of the last command -# -# data - the expected output of the previous command, in ASCII form. -# if the actual command output is different, an error message -# is produced, and the program terminates. -# -# -# The "raw" input satisfies the following grammar: -# -# Identifier = 1*DIGIT *( "." 1*DIGIT ) -# -# HEXCHAR = HEXDIG HEXDIG -# -# STRING = DQUOTE *CHAR DQUOTE -# -# TLV = "{" 1*DIGIT DATA "}" -# -# DATA = 1*HEXCHAR / 1*TLV / STRING -# -# LINE = Identifier DATA -# -# The "Identifier" is a RADIUS attribute identifier, as given in the draft. -# -# e.g. 1 for User-Name -# 26.9.1 Vendor-Specific, Cisco, Cisco-AVPAir -# 241.1 Extended Attribute, number 1 -# 241.2.3 Extended Attribute 2, data type TLV, TLV type 3 -# etc. -# -# The "DATA" portion is the contents of the RADIUS Attribute. -# -# 123456789abcdef hex string -# 12 34 56 ab with spaces for clarity -# "hello" Text string -# { 1 abcdef } TLV, TLV-Type 1, data "abcdef" -# -# TLVs can be nested: -# -# { tlv-type { tlv-type data } } { 3 { 4 01020304 } } -# -# TLVs can be concatencated -# -# {tlv-type data } { tlv-type data} { 3 040506 } { 8 aabbcc } -# -# The "raw" data is encoded without reference to dictionaries. Any -# valid string is parsed to a RADIUS attribute. The resulting RADIUS -# attribute *may not* be correctly formatted to the relevant RADIUS -# specifications. i.e. you can use this tool to create attribute 1 -# (User-Name), which is encoded as a series of TLVs. That's up to you. -# -# The purpose of the "raw" command is to have a simple way of encoding -# attributes which is independent of any dictionaries or packet processing -# routines. -# -# The output data is the hex version of the encoded attribute. -# - -encode User-Name = bob -data 01 05 62 6f 62 - -decode - -data User-Name = "bob" - -decode 01 05 62 6f 62 -data User-Name = "bob" - -# -# The Type/Length is OK, but the attribute data is of the wrong size. -# -decode 04 04 ab cd -data Attr-4 = 0xabcd - -# Zero-length attributes -decode 01 02 -data - -# don't encode zero-length attributes -#encode User-Name = "" -#data - -# except for CUI. Thank you, WiMAX! -decode 59 02 -data Chargeable-User-Identity = "" - -# Hah! Thought you had it figured out, didn't you? -#encode - -#data 59 02 - -encode NAS-Port = 10 -data 05 06 00 00 00 0a - -decode - -data NAS-Port = 10 - -walk 05 06 00 00 00 0a -data v0 a5 l4 - -walk 05 06 00 00 00 0a 02 06 00 00 00 0a -data v0 a5 l4,v0 a2 l4 - -walk 1a 0c 00 00 00 01 05 06 00 00 00 0a -data v1 a5 l4 - -walk 1a 12 00 00 00 01 05 06 00 00 00 0a 03 06 00 00 00 0a -data v1 a5 l4,v1 a3 l4 - -# Access-Request, code 1, authentication vector of zero -sign 05 06 00 00 00 0a -data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - -code 4 - -sign 05 06 00 00 00 0a -data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 - -sign 05 06 00 00 00 0a -data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 - -secret hello -sign 05 06 00 00 00 0a -data 69 20 c0 b9 e1 2f 12 54 9f 92 16 5e f4 64 9b fd - -secret testing123 -sign 05 06 00 00 00 0a -data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 diff --git a/lib/radius/valuepair.c b/lib/radius/valuepair.c deleted file mode 100644 index 6277f7d..0000000 --- a/lib/radius/valuepair.c +++ /dev/null @@ -1,191 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file valuepair.c - * \brief Functions to manipulate C structure versions of RADIUS attributes. - */ - -#include "client.h" - -void nr_vp_free(VALUE_PAIR **head) -{ - VALUE_PAIR *next, *vp; - - for (vp = *head; vp != NULL; vp = next) { - next = vp->next; - if (vp->da->flags.encrypt) { - memset(vp, 0, sizeof(vp)); - } - free(vp); - } - - *head = NULL; -} - - -VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da) -{ - memset(vp, 0, sizeof(*vp)); - - vp->da = da; - vp->length = da->flags.length; - - return vp; -} - - -VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da) -{ - VALUE_PAIR *vp = NULL; - - if (!da) { - nr_strerror_printf("Unknown attribute"); - return NULL; - } - - vp = malloc(sizeof(*vp)); - if (!vp) { - nr_strerror_printf("Out of memory"); - return NULL; - } - - return nr_vp_init(vp, da); -} - -VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor) -{ - VALUE_PAIR *vp = NULL; - DICT_ATTR *da; - - vp = malloc(sizeof(*vp) + sizeof(*da) + 64); - if (!vp) { - nr_strerror_printf("Out of memory"); - return NULL; - } - memset(vp, 0, sizeof(*vp)); - - da = (DICT_ATTR *) (vp + 1); - - if (nr_dict_attr_2struct(da, attr, vendor, (char *) (da + 1), 64) < 0) { - free(vp); - return NULL; - } - - vp->da = da; - - return vp; -} - -int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t sizeof_data) -{ - int rcode = 1; /* OK */ - - if (!vp || !data || (sizeof_data == 0)) return -RSE_INVAL; - - switch (vp->da->type) { - case RS_TYPE_BYTE: - vp->vp_integer = *(const uint8_t *) data; - break; - - case RS_TYPE_SHORT: - vp->vp_integer = *(const uint16_t *) data; - break; - - case RS_TYPE_INTEGER: - case RS_TYPE_DATE: - case RS_TYPE_IPADDR: - vp->vp_integer = *(const uint32_t *) data; - break; - - case RS_TYPE_STRING: - if (sizeof_data >= sizeof(vp->vp_strvalue)) { - sizeof_data = sizeof(vp->vp_strvalue) - 1; - rcode = 0; /* truncated */ - } - - memcpy(vp->vp_strvalue, (const char *) data, sizeof_data); - vp->vp_strvalue[sizeof_data + 1] = '\0'; - vp->length = sizeof_data; - break; - - case RS_TYPE_OCTETS: - if (sizeof_data > sizeof(vp->vp_octets)) { - sizeof_data = sizeof(vp->vp_octets); - rcode = 0; /* truncated */ - } - memcpy(vp->vp_octets, data, sizeof_data); - vp->length = sizeof_data; - break; - - default: - return -RSE_ATTR_TYPE_UNKNOWN; - } - - return rcode; -} - -VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, size_t data_len) -{ - const DICT_ATTR *da; - VALUE_PAIR *vp; - - da = nr_dict_attr_byvalue(attr, vendor); - if (!da) return NULL; - - vp = nr_vp_alloc(da); - if (!vp) return NULL; - - if (nr_vp_set_data(vp, data, data_len) < 0) { - nr_vp_free(&vp); - return NULL; - } - - return vp; -} - -void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *tail) -{ - if (!tail) return; - - while (*head) { - head = &((*head)->next); - } - - *head = tail; -} - -VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, - unsigned int attr, unsigned int vendor) -{ - while (head) { - if ((head->da->attr == attr) && - (head->da->vendor == vendor)) return head; - head = head->next; - } - - return NULL; -} |