diff options
Diffstat (limited to 'lib')
57 files changed, 471 insertions, 376 deletions
diff --git a/lib/HACKING b/lib/HACKING index 62da414..c896324 100644 --- a/lib/HACKING +++ b/lib/HACKING @@ -1,6 +1,6 @@ HACKING file for libradsec (in Emacs -*- org -*- mode). -Status as of libradsec-0.2.0.dev (2013-05-02). +Status as of libradsec-0.2.0.dev (2013-05-06). * Build instructions sh autogen.sh @@ -19,7 +19,7 @@ Details (within parentheses) apply to Debian Wheezy. - OpenSSL (1.0.1c-4) -- optional, for TLS and DTLS support sudo apt-get install libssl-dev libssl1.0.0 -* Functionality and quality in 0.0.x +* Functionality and quality in 0.2.x ** Not well tested - reading config file - [TCP] short read diff --git a/lib/LICENSE b/lib/LICENSE index 43a0ec8..be32a9a 100644 --- a/lib/LICENSE +++ b/lib/LICENSE @@ -1,6 +1,6 @@ * Copyright (c) 2007-2010, UNINETT AS * Copyright (c) 2011, JANET(UK) -* Copyright (c) 2010-2011, NORDUnet A/S +* Copyright (c) 2010-2013, NORDUnet A/S * All rights reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/lib/Makefile.am b/lib/Makefile.am index 6a96d32..e202218 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -4,23 +4,24 @@ ACLOCAL_AMFLAGS = -I m4 # Shared library interface version, i.e. -version-info to Libtool, # expressed as three integers CURRENT:REVISION:AGE. # -# CURRENT is the version number of the current interface. -# Increment CURRENT when the library interface changes. +# CURRENT is the version number of the current interface. Increment +# CURRENT when the library interface has changed or has been extended. # # REVISION is the version number of the _implementation_ of the -# CURRENT interface. -# Set REVISION to 0 when CURRENT changes, else increment. +# CURRENT interface. Set REVISION to 0 when CURRENT changes, else +# increment. # # AGE is the number of interfaces this library implements, i.e. how -# many versions before CURRENT that are supported. -# Increment AGE when the library interface is _extended_. -# Set AGE to 0 when the library interface is _changed_. +# many versions before CURRENT that are supported. Increment AGE when +# the library interface is _extended_. Set AGE to 0 when the library +# interface is _changed_. VER_CUR = 1 VER_REV = 0 VER_AGE = 0 -SUBDIRS = radius radsecproxy . include examples +SUBDIRS = radius radsecproxy include . examples +DIST_SUBDIRS = $(SUBDIRS) tests INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -Werror -g @@ -52,14 +53,28 @@ else libradsec_la_SOURCES += md5.c endif -EXTRA_DIST = HACKING LICENSE +libradsec_la_SOURCES += \ + compat.h \ + conn.h \ + debug.h \ + err.h \ + event.h \ + md5.h \ + peer.h \ + radsec.h \ + tcp.h \ + tls.h \ + udp.h \ + util.h + +EXTRA_DIST = HACKING LICENSE radsec.sym EXTRA_libradsec_la_DEPENDENCIES = radsec.sym libradsec_la_CFLAGS = \ - $(AM_CFLAGS) -DHAVE_CONFIG_H -DDEBUG -DDEBUG_LEVENT + $(AM_CFLAGS) -DHAVE_CONFIG_H #-DDEBUG -DDEBUG_LEVENT libradsec_la_LDFLAGS = \ -version-info $(VER_CUR):$(VER_REV):$(VER_AGE) \ - -export-symbols radsec.sym + -export-symbols $(srcdir)/radsec.sym libradsec_la_LIBADD = \ radsecproxy/libradsec-radsecproxy.la \ radius/libradsec-radius.la @@ -16,7 +16,8 @@ The canonical pickup point is http://git.nordu.net/?p=radsecproxy.git;a=shortlog;h=refs/heads/libradsec -The source code is licensed under a 3-clause BSD license. See LICENSE. +The source code is licensed under a 3-clause BSD license. See the +LICENSE file. Libradsec depends on @@ -30,10 +31,24 @@ For changes between releases, see the CHANGES file. To compile the library and the examples, do something like - sh autogen.sh && ./configure && make + sh autogen.sh && ./configure && make -If any of the libraries are not found, try setting environment -variable LDFLAGS at configure time like so: + +There are a couple of options that can be used when configuring. See + + ./configure --help + +for the full list. Worth mentioning here is --enable-tls and +--enable-tls-psk. + +If the preprocessor has a hard time finding some of the header files +are, try setting environment variable CPPFLAGS at configure +time. Example: + + CPPFLAGS="-I/usr/local/include" ./configure --enable-tls + +If the link editor has trouble finding any of the libraries needed, +try setting environment variable LDFLAGS at configure time. Example: LDFLAGS="-L/usr/local/lib" ./configure --enable-tls diff --git a/lib/attr.c b/lib/attr.c deleted file mode 100644 index 74d352c..0000000 --- a/lib/attr.c +++ /dev/null @@ -1,48 +0,0 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -/* NOTE: This file is not in use at the moment (libradsec-0.0.1). */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <radius/client.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> - -int -rs_attr_create(struct rs_connection *conn, - struct rs_attr **attr, - const char *type, - const char *val) -{ - VALUE_PAIR *vp; - struct rs_attr *a; - - *attr = NULL; - a = (struct rs_attr *) malloc (sizeof(struct rs_attr)); - if (!a) - return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - memset (a, 0, sizeof(struct rs_attr)); - - vp = pairmake (type, val, T_OP_EQ); - if (!vp) - { - rs_attr_destroy (a); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - } - - a->vp = vp; - *attr = a; - return RSE_OK; -} - -void -rs_attr_destroy (struct rs_attr *attr) -{ - if (attr->vp) - pairfree (&attr->vp); - free (attr); -} @@ -1,5 +1,5 @@ /* Copyright 2011 JANET(UK). All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> diff --git a/lib/compat.c b/lib/compat.c index c09e795..7c4e346 100644 --- a/lib/compat.c +++ b/lib/compat.c @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> diff --git a/lib/compat.h b/lib/compat.h index 63de65f..bb43e9b 100644 --- a/lib/compat.h +++ b/lib/compat.h @@ -1,5 +1,5 @@ -/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2011 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #ifdef _WIN32 #define INLINE __inline @@ -1,4 +1,4 @@ -/* Copyright 2010, 2011, 2013 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H diff --git a/lib/configure.ac b/lib/configure.ac index 4aacfed..b8b3231 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -1,6 +1,6 @@ # -*- Autoconf -*- script for libradsec. -AC_PREREQ([2.65]) +AC_PREREQ([2.63]) AC_INIT([libradsec], [0.2.0.dev], [linus+libradsec@nordu.net]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([radsec.c]) @@ -53,10 +53,10 @@ AC_TYPE_UINT8_T # Checks for library functions. AC_CHECK_FUNCS([memset socket strdup strerror strrchr]) -AC_CONFIG_FILES([Makefile +AC_CONFIG_FILES([Makefile libradsec.spec radsecproxy/Makefile - radius/Makefile - include/Makefile + radius/Makefile + include/Makefile examples/Makefile tests/Makefile]) AC_OUTPUT @@ -1,4 +1,4 @@ -/* Copyright 2010,2011,2013 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H @@ -34,16 +34,18 @@ conn_user_dispatch_p (const struct rs_connection *conn) int conn_activate_timeout (struct rs_connection *conn) { + const struct rs_conn_base *connbase; assert (conn); + connbase = TO_BASE_CONN (conn); + assert (connbase->ctx); + assert (connbase->ctx->evb); assert (conn->tev); - assert (conn->base_.ctx->evb); - if (conn->base_.timeout.tv_sec || conn->base_.timeout.tv_usec) + if (connbase->timeout.tv_sec || connbase->timeout.tv_usec) { rs_debug (("%s: activating timer: %d.%d\n", __func__, - conn->base_.timeout.tv_sec, conn->base_.timeout.tv_usec)); - if (evtimer_add (conn->tev, &conn->base_.timeout)) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "evtimer_add: %d", errno); + connbase->timeout.tv_sec, connbase->timeout.tv_usec)); + if (evtimer_add (conn->tev, &connbase->timeout)) + return rs_err_conn_push (conn, RSE_EVENT, "evtimer_add: %d", errno); } return RSE_OK; } @@ -73,9 +75,9 @@ int conn_cred_psk (const struct rs_connection *conn) { assert (conn); - assert (conn->active_peer); - return conn->active_peer->transport_cred && - conn->active_peer->transport_cred->type == RS_CRED_TLS_PSK; + return conn->active_peer != NULL + && conn->active_peer->transport_cred + && conn->active_peer->transport_cred->type == RS_CRED_TLS_PSK; } void @@ -249,8 +251,31 @@ rs_conn_add_listener (struct rs_connection *conn, int rs_conn_disconnect (struct rs_connection *conn) { - int err = baseconn_close (TO_BASE_CONN (conn)); - conn->state = RS_CONN_STATE_UNDEFINED; + int err = 0; + + assert (conn); + + if (conn->state == RS_CONN_STATE_CONNECTED) + event_on_disconnect (conn); + + if (TO_BASE_CONN (conn)->bev) + { + bufferevent_free (TO_BASE_CONN (conn)->bev); + TO_BASE_CONN (conn)->bev = NULL; + } + if (TO_BASE_CONN (conn)->rev) + { + event_free (TO_BASE_CONN (conn)->rev); + TO_BASE_CONN (conn)->rev = NULL; + } + if (TO_BASE_CONN (conn)->wev) + { + event_free (TO_BASE_CONN (conn)->wev); + TO_BASE_CONN (conn)->wev = NULL; + } + + err = evutil_closesocket (TO_BASE_CONN (conn)->fd); + TO_BASE_CONN (conn)->fd = -1; return err; } diff --git a/lib/debug.c b/lib/debug.c index 4d30846..66264e5 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> diff --git a/lib/debug.h b/lib/debug.h index 7befa7e..f979528 100644 --- a/lib/debug.h +++ b/lib/debug.h @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #define hd(p, l) { int i; \ for (i = 1; i <= l; i++) { \ diff --git a/lib/event.c b/lib/event.c index fadcc14..dcf7e1c 100644 --- a/lib/event.c +++ b/lib/event.c @@ -1,4 +1,4 @@ -/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. +/* Copyright 2011-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H diff --git a/lib/event.h b/lib/event.h index 63fccc5..83f24f2 100644 --- a/lib/event.h +++ b/lib/event.h @@ -1,4 +1,4 @@ -/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. +/* Copyright 2011-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ void event_on_disconnect (struct rs_connection *conn); diff --git a/lib/examples/Makefile.am b/lib/examples/Makefile.am index d86f4f8..63b6abe 100644 --- a/lib/examples/Makefile.am +++ b/lib/examples/Makefile.am @@ -1,6 +1,6 @@ AUTOMAKE_OPTIONS = foreign -INCLUDES = -I$(top_srcdir)/include -AM_CFLAGS = -Wall -Werror -g -DDEBUG -DDEBUG_LEVENT +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir) +AM_CFLAGS = -Wall -Werror -g #-DDEBUG -DDEBUG_LEVENT LDADD = ../libradsec.la #-lefence CFLAGS = $(AM_CFLAGS) -DUSE_CONFIG_FILE diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c index 82a4453..bebde65 100644 --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@ -78,7 +78,7 @@ blocking_client (const char *av1, const char *av2, const char *av3, if (use_request_object_flag) { - if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW, SECRET)) + if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW)) goto cleanup; if (rs_request_send (request, &resp)) goto cleanup; diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index 28e9e4c..7da00dd 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -1,7 +1,7 @@ /** @file libradsec-impl.h @brief Libraray internal header file for libradsec. */ -/* Copyright 2010,2011,2013 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #ifndef _RADSEC_RADSEC_IMPL_H_ @@ -132,7 +132,6 @@ struct rs_conn_base { struct event *rev; /* Read event (for UDP). */ }; - enum rs_conn_state { RS_CONN_STATE_UNDEFINED = 0, RS_CONN_STATE_CONNECTING, diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 2858f9e..6b319d3 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -1,7 +1,7 @@ /** \file radsec.h \brief Public interface for libradsec. */ -/* Copyright 2010,2011,2013 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #ifndef _RADSEC_RADSEC_H_ @@ -31,7 +31,6 @@ enum rs_error_code { RSE_INVALID_CTX = 3, RSE_INVALID_CONN = 4, RSE_CONN_TYPE_MISMATCH = 5, - RSE_FR = 6, RSE_BADADDR = 7, RSE_NOPEER = 8, RSE_EVENT = 9, /* libevent error. */ @@ -373,10 +372,19 @@ void rs_message_destroy(struct rs_message *msg); \a rs_message_send and it blocks until the message has been succesfully sent. + Note that sending can fail in several ways, f.ex. if the + transmission protocol in use is connection oriented + (\a RS_CONN_TYPE_TCP and \a RS_CONN_TYPE_TLS) and the connection + can not be established. + + Also note that no retransmission is being done. This is required + for connectionless transport protocols (\a RS_CONN_TYPE_UDP and + \a RS_CONN_TYPE_DTLS). The "request" API with \a rs_request_send can + help with this. + \return On success, RSE_OK (0) is returned. On error, !0 is returned and a struct \a rs_error is pushed on the error stack for - the connection. The error can be accessed using \a - rs_err_conn_pop. */ + the connection. The error can be accessed using \a rs_err_conn_pop. */ int rs_message_send(struct rs_message *msg); /** Create a RADIUS authentication request message associated with diff --git a/lib/include/radsec/request-impl.h b/lib/include/radsec/request-impl.h index dbb4244..685a666 100644 --- a/lib/include/radsec/request-impl.h +++ b/lib/include/radsec/request-impl.h @@ -1,4 +1,4 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2011 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #ifndef _RADSEC_REQUEST_IMPL_H_ diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h index b78411a..c686de3 100644 --- a/lib/include/radsec/request.h +++ b/lib/include/radsec/request.h @@ -1,7 +1,7 @@ /** \file request.h \brief Public interface for libradsec request's. */ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #ifndef _RADSEC_REQUEST_H_ @@ -24,16 +24,13 @@ int rs_request_create(struct rs_connection *conn, struct rs_request **req_out); void rs_request_add_reqmsg(struct rs_request *req, struct rs_message *req_msg); /** Create a request associated with connection \a conn containing a - newly created RADIUS authentication message, possibly with - \a user_name and \a user_pw attributes. \a user_name and \a user_pw - are optional and can be NULL. If \a user_name and \a user_pw are provided, - \a secret must also be provided. \a secret is used for "hiding" the - password. */ + newly created RADIUS authentication message, possibly with \a + user_name and \a user_pw attributes. \a user_name and _user_pw + are optional and can be NULL. */ int rs_request_create_authn(struct rs_connection *conn, struct rs_request **req_out, const char *user_name, - const char *user_pw, - const char *secret); + const char *user_pw); /** Send request \a req and wait for a matching response. The response is put in \a resp_msg (if not NULL). NOTE: At present, diff --git a/lib/libradsec.spec.in b/lib/libradsec.spec.in new file mode 100644 index 0000000..97d6178 --- /dev/null +++ b/lib/libradsec.spec.in @@ -0,0 +1,77 @@ +Name: @PACKAGE@ +Version: @PACKAGE_VERSION@ +Release: 1%{?dist} +Summary: RADIUS over TLS library + +Group: System Environment/Libraries +License: BSD +URL: http://software.uninett.no/radsecproxy/?page=documentation +Source0: %{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root + + + +BuildRequires: openssl-devel +BuildRequires: libconfuse-devel +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: libevent-devel >= 2.0 + + + +%description + Libradsec is a RADIUS over TLS library. + + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + + +%prep +%setup -q + + +%build + export CPPFLAGS='-I%{_includedir}' + export LDFLAGS='-L%{_libdir}' +%configure --disable-static +make %{?_smp_mflags} + + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%defattr(-,root,root,-) +%doc README +%{_libdir}/*.so.* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/* +%{_libdir}/*.so + + +%changelog +* Tue Sep 27 2011 <hartmans@moonbuildcentos.dev.ja.net> - %{version}-1 +- initial version + @@ -89,9 +89,9 @@ * This processes one or more 64-byte data blocks, but does NOT update * the bit counters. There are no alignment requirements. */ -static void *body(MD5_CTX *ctx, void *data, unsigned long size) +static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) { - unsigned char *ptr; + const unsigned char *ptr; MD5_u32plus a, b, c, d; MD5_u32plus saved_a, saved_b, saved_c, saved_d; @@ -207,7 +207,7 @@ void MD5_Init(MD5_CTX *ctx) ctx->hi = 0; } -void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size) +void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) { MD5_u32plus saved_lo; unsigned long used, free; @@ -39,7 +39,7 @@ typedef struct { } MD5_CTX; extern void MD5_Init(MD5_CTX *ctx); -extern void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size); +extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size); extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); #endif @@ -1,4 +1,4 @@ -/* Copyright 2010,2011,2013 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am index 92a12cf..c827465 100644 --- a/lib/radius/Makefile.am +++ b/lib/radius/Makefile.am @@ -18,13 +18,18 @@ libradsec_radius_la_SOURCES = \ static.c \ valuepair.c +libradsec_radius_la_SOURCES += client.h + libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H DICTIONARIES = \ share/dictionary.txt \ share/dictionary.juniper \ share/dictionary.microsoft \ - share/dictionary.ukerna + share/dictionary.ukerna \ + share/dictionary.abfab.ietf + +EXTRA_DIST = dictionaries.c $(DICTIONARIES) common.pl convert.pl $(top_srcdir)/include/radsec/radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl $(srcdir)/convert.pl ${DICTIONARIES} @@ -35,4 +40,3 @@ clean-local: rm -f dictionaries.c $(libradsec_radius_la_SOURCES): $(top_srcdir)/include/radsec/radius.h - diff --git a/lib/radius/share/dictionary.abfab.ietf b/lib/radius/share/dictionary.abfab.ietf new file mode 100644 index 0000000..b60702c --- /dev/null +++ b/lib/radius/share/dictionary.abfab.ietf @@ -0,0 +1,4 @@ +ATTRIBUTE GSS-Acceptor-Service-Name 164 string +ATTRIBUTE GSS-Acceptor-Host-Name 165 string +ATTRIBUTE GSS-Acceptor-Service-Specifics 166 string +ATTRIBUTE GSS-Acceptor-Realm-Name 167 string diff --git a/lib/radius/share/dictionary.ukerna b/lib/radius/share/dictionary.ukerna index 0e35d43..7d9d22d 100644 --- a/lib/radius/share/dictionary.ukerna +++ b/lib/radius/share/dictionary.ukerna @@ -9,10 +9,10 @@ VENDOR UKERNA 25622 BEGIN-VENDOR UKERNA -ATTRIBUTE GSS-Acceptor-Service-Name 128 string -ATTRIBUTE GSS-Acceptor-Host-Name 129 string -ATTRIBUTE GSS-Acceptor-Service-Specific 130 string -ATTRIBUTE GSS-Acceptor-Realm-Name 131 string +ATTRIBUTE GSS-Acceptor-Service-Name-VS 128 string +ATTRIBUTE GSS-Acceptor-Host-Name-VS 129 string +ATTRIBUTE GSS-Acceptor-Service-Specific-VS 130 string +ATTRIBUTE GSS-Acceptor-Realm-Name-VS 131 string ATTRIBUTE SAML-AAA-Assertion 132 string ATTRIBUTE MS-Windows-Auth-Data 133 octets ATTRIBUTE MS-Windows-Group-Sid 134 string diff --git a/lib/radsec.c b/lib/radsec.c index 48fe221..fed02c3 100644 --- a/lib/radsec.c +++ b/lib/radsec.c @@ -1,5 +1,5 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> diff --git a/lib/radsec.h b/lib/radsec.h index c8fa2fb..703e44b 100644 --- a/lib/radsec.h +++ b/lib/radsec.h @@ -1,5 +1,5 @@ /* Copyright 2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ struct rs_error *rs_resolve (struct evutil_addrinfo **addr, rs_conn_type_t type, diff --git a/lib/radsecproxy/Makefile.am b/lib/radsecproxy/Makefile.am index 0d4a882..962f367 100644 --- a/lib/radsecproxy/Makefile.am +++ b/lib/radsecproxy/Makefile.am @@ -7,12 +7,17 @@ AM_CFLAGS = -Wall -Werror -g noinst_LTLIBRARIES = libradsec-radsecproxy.la libradsec_radsecproxy_la_SOURCES = \ - debug.c \ - hash.c \ - list.c \ - util.c + debug.c debug.h \ + gconfig.h \ + hash.c hash.h \ + hostport_types.h \ + list.c list.h \ + radmsg.h \ + radsecproxy.h \ + tlv11.h \ + util.c util.h if RS_ENABLE_TLS libradsec_radsecproxy_la_SOURCES += \ - tlscommon.c + tlscommon.c tlscommon.h endif diff --git a/lib/request.c b/lib/request.c index 611cbdf..b75dd92 100644 --- a/lib/request.c +++ b/lib/request.c @@ -1,5 +1,5 @@ -/* Copyright 2010,2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> @@ -51,8 +51,7 @@ int rs_request_create_authn (struct rs_connection *conn, struct rs_request **req_out, const char *user_name, - const char *user_pw, - const char *secret) + const char *user_pw) { struct rs_request *req = NULL; assert (req_out); @@ -1,5 +1,5 @@ /* Copyright 2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> @@ -1,5 +1,5 @@ -/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2011-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> @@ -37,9 +37,14 @@ _read_header (struct rs_message *msg) msg->flags |= RS_MESSAGE_HEADER_READ; msg->rpkt->length = (msg->hdr[2] << 8) + msg->hdr[3]; if (msg->rpkt->length < 20 || msg->rpkt->length > RS_MAX_PACKET_LEN) - return rs_err_conn_push (msg->conn, RSE_INVALID_MSG, - "invalid message length: %d", - msg->rpkt->length); + { + rs_debug (("%s: invalid packet length: %d\n", __func__, + msg->rpkt->length)); + rs_conn_disconnect (msg->conn); + return rs_err_conn_push (msg->conn, RSE_INVALID_MSG, + "invalid message length: %d", + msg->rpkt->length); + } memcpy (msg->rpkt->data, msg->hdr, RS_HEADER_LEN); bufferevent_setwatermark (TO_BASE_CONN(msg->conn)->bev, EV_READ, msg->rpkt->length - RS_HEADER_LEN, 0); @@ -49,8 +54,13 @@ _read_header (struct rs_message *msg) else if (n < 0) rs_debug (("%s: buffer frozen while reading header\n", __func__)); else /* Error: libevent gave us less than the low watermark. */ - return rs_err_conn_push_fl (msg->conn, RSE_INTERNAL, __FILE__, __LINE__, - "got %d octets reading header", n); + { + rs_debug (("%s: got: %d octets reading header\n", __func__, n)); + rs_conn_disconnect (msg->conn); + return rs_err_conn_push (msg->conn, RSE_INTERNAL, + "got %d octets reading header", n); + } + return RSE_OK; } @@ -90,8 +100,11 @@ _read_message (struct rs_message *msg) - attribute sizes adding up correctly */ err = nr_packet_ok (msg->rpkt); if (err) - return rs_err_conn_push_fl (msg->conn, err, __FILE__, __LINE__, - "invalid message"); + { + rs_debug (("%s: %d: invalid packet\n", __func__, -err)); + rs_conn_disconnect (msg->conn); + return rs_err_conn_push (msg->conn, -err, "invalid message"); + } #if defined (DEBUG) /* Find out what happens if there's data left in the buffer. */ @@ -147,8 +160,7 @@ tcp_read_cb (struct bufferevent *bev, void *user_data) if ((msg->flags & RS_MESSAGE_HEADER_READ) == 0) if (_read_header (msg)) return; /* Invalid header. */ - if (_read_message (msg)) - return; /* Invalid message. */ + _read_message (msg); } void @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ void tcp_event_cb (struct bufferevent *bev, short events, void *user_data); void tcp_read_cb (struct bufferevent *bev, void *user_data); diff --git a/lib/tests/Makefile.am b/lib/tests/Makefile.am index 30f5e0f..fcd016b 100644 --- a/lib/tests/Makefile.am +++ b/lib/tests/Makefile.am @@ -1,16 +1,15 @@ AUTOMAKE_OPTIONS = foreign -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir) AM_CFLAGS = -Wall -Werror -g TESTS = test-udp check_PROGRAMS = test-udp udp-server tls-server -test_udp_SOURCES = test-udp.c udp.c -test_udp_LDADD = ../libradsec.la -lcgreen -lm +test_udp_SOURCES = test-udp.c udp.c udp.h +test_udp_LDADD = ../libradsec.la -lcunit -lm -udp_server_SOURCES = udp-server.c udp.c +udp_server_SOURCES = udp-server.c udp.c udp.h tls_server_SOURCES = server.c tls_server_LDADD = ../libradsec.la - diff --git a/lib/tests/README b/lib/tests/README index 4d68bde..33bddc1 100644 --- a/lib/tests/README +++ b/lib/tests/README @@ -1,8 +1,14 @@ +This is the README file for the test directory of libradsec. + Build ----- -In order to build and run the tests, you'll need to have libcgreen -installed (http://www.lastcraft.com/cgreen.php). +In order to build and run the tests, you'll need to have CUnit +installed. + +Source code: http://cunit.sourceforge.net/ +Debian package: libcunit1-dev +FreeBSD port: devel/cunit Run @@ -23,12 +29,11 @@ Run the tests by typing The output should read something like - Completed "main": 32 passes, 0 failures, 0 exceptions. - - -When trying to debug the test programs under GDB you might run into -trouble with multiple threads being executed by the test framework. -If so, make sure to run a single test rather than the full test suite. -For example: - - libtool --mode execute gdb --args test-udp test_auth + --Run Summary: Type Total Ran Passed Failed + suites 2 2 n/a 0 + tests 2 2 2 0 + asserts 23 23 23 0 + PASS: test-udp + ============= + 1 test passed + ============= diff --git a/lib/tests/demoCA/index.txt b/lib/tests/demoCA/index.txt index d28b575..51f934f 100644 --- a/lib/tests/demoCA/index.txt +++ b/lib/tests/demoCA/index.txt @@ -1,3 +1,3 @@ -V 240216122242Z 01 unknown /C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus CA for testing libradsec -V 240216123520Z 02 unknown /C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus Certificate for testing libradsec -V 240216150052Z 03 unknown /C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus Client Certificate for testing libradsec +V 250806115449Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ca +V 250806115457Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=srv1 +V 250806115504Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=cli1 diff --git a/lib/tests/demoCA/newcerts/01.pem b/lib/tests/demoCA/newcerts/01.pem index 79fa539..29cb5ee 100644 --- a/lib/tests/demoCA/newcerts/01.pem +++ b/lib/tests/demoCA/newcerts/01.pem @@ -2,51 +2,45 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Validity - Not Before: Mar 25 12:22:42 2011 GMT - Not After : Feb 16 12:22:42 2024 GMT - Subject: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Not Before: Sep 12 11:54:49 2012 GMT + Not After : Aug 6 11:54:49 2025 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (512 bit) - Modulus (512 bit): - 00:aa:27:7d:3b:29:12:1e:39:8d:9f:43:ad:ae:83: - 6f:22:88:08:07:92:b9:1d:d4:88:5f:58:b9:76:ec: - 4a:e9:c9:6a:73:ed:70:66:5e:6f:dc:02:15:9f:dd: - 7a:5f:cc:3b:98:8a:27:b1:f5:98:fb:6b:c7:ab:5e: - 5e:ea:3c:c4:5f + Public-Key: (512 bit) + Modulus: + 00:eb:9e:52:bf:1a:7c:32:63:9f:96:80:71:f1:98: + 87:90:97:f1:7a:4a:81:6d:66:7e:8e:7c:50:5f:f9: + 6e:94:1a:b0:7b:46:87:b5:9e:23:48:04:ad:f3:55: + a1:f9:31:50:a1:10:ab:ca:ba:70:ac:58:95:4e:9d: + 3a:2b:52:36:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 + 11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 X509v3 Authority Key Identifier: - keyid:5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 - DirName:/C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus CA for testing libradsec - serial:01 + keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 18:a2:21:92:a6:2a:e0:a4:4d:57:c0:89:94:5c:b0:26:64:f8: - b1:0c:97:f8:cd:d5:af:c8:38:3e:a3:68:47:82:e1:a6:2e:63: - 97:4d:c0:79:f5:9a:ff:38:67:10:d6:22:61:44:89:84:50:85: - ee:38:87:6d:4f:06:10:36:33:39 + 15:12:3b:79:3d:61:d2:c7:d2:a8:0c:df:82:ea:66:76:26:cb: + ab:b5:83:a3:52:a0:23:1a:a9:92:8e:93:41:f7:6c:3f:8a:2c: + bd:32:3d:70:3f:b6:fd:f2:37:50:0a:66:8c:1c:44:bf:ef:50: + 24:33:bd:48:47:04:ee:8c:61:88 -----BEGIN CERTIFICATE----- -MIICqDCCAlKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJTRTEU -MBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEOMAwGA1UE -CxMFQm9ndXMxKjAoBgNVBAMTIU15IEJvZ3VzIENBIGZvciB0ZXN0aW5nIGxpYnJh -ZHNlYzAeFw0xMTAzMjUxMjIyNDJaFw0yNDAyMTYxMjIyNDJaMHMxCzAJBgNVBAYT -AlNFMRQwEgYDVQQIEwtCb2d1cyBTdGF0ZTESMBAGA1UEChMJQm9ndXMgTHRkMQ4w -DAYDVQQLEwVCb2d1czEqMCgGA1UEAxMhTXkgQm9ndXMgQ0EgZm9yIHRlc3Rpbmcg -bGlicmFkc2VjMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKonfTspEh45jZ9Dra6D -byKICAeSuR3UiF9YuXbsSunJanPtcGZeb9wCFZ/del/MO5iKJ7H1mPtrx6teXuo8 -xF8CAwEAAaOB0DCBzTAdBgNVHQ4EFgQUWpu66Kab6XhzHguDAEmURhOcHIkwgZ0G -A1UdIwSBlTCBkoAUWpu66Kab6XhzHguDAEmURhOcHImhd6R1MHMxCzAJBgNVBAYT -AlNFMRQwEgYDVQQIEwtCb2d1cyBTdGF0ZTESMBAGA1UEChMJQm9ndXMgTHRkMQ4w -DAYDVQQLEwVCb2d1czEqMCgGA1UEAxMhTXkgQm9ndXMgQ0EgZm9yIHRlc3Rpbmcg -bGlicmFkc2VjggEBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADQQAYoiGS -pirgpE1XwImUXLAmZPixDJf4zdWvyDg+o2hHguGmLmOXTcB59Zr/OGcQ1iJhRImE -UIXuOIdtTwYQNjM5 +MIIB5TCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU0NDlaFw0yNTA4MDYxMTU0 +NDlaMFIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK +DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAMMAmNhMFwwDQYJKoZI +hvcNAQEBBQADSwAwSAJBAOueUr8afDJjn5aAcfGYh5CX8XpKgW1mfo58UF/5bpQa +sHtGh7WeI0gErfNVofkxUKEQq8q6cKxYlU6dOitSNt8CAwEAAaNQME4wHQYDVR0O +BBYEFBFXQAvwMy+uwtqkOgC66TSzdSAFMB8GA1UdIwQYMBaAFBFXQAvwMy+uwtqk +OgC66TSzdSAFMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADQQAVEjt5PWHS +x9KoDN+C6mZ2JsurtYOjUqAjGqmSjpNB92w/iiy9Mj1wP7b98jdQCmaMHES/71Ak +M71IRwTujGGI -----END CERTIFICATE----- diff --git a/lib/tests/demoCA/newcerts/02.pem b/lib/tests/demoCA/newcerts/02.pem index 4345003..2e1cccb 100644 --- a/lib/tests/demoCA/newcerts/02.pem +++ b/lib/tests/demoCA/newcerts/02.pem @@ -2,21 +2,21 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Validity - Not Before: Mar 25 12:35:20 2011 GMT - Not After : Feb 16 12:35:20 2024 GMT - Subject: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus Certificate for testing libradsec + Not Before: Sep 12 11:54:57 2012 GMT + Not After : Aug 6 11:54:57 2025 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=srv1 Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (512 bit) - Modulus (512 bit): - 00:c3:e5:16:74:47:84:bb:26:bc:50:fe:dc:b5:70: - 21:ad:21:b6:ff:cb:ac:b2:24:9e:08:75:39:5d:ba: - f4:b1:59:f6:a8:14:02:62:c3:68:6d:f2:08:9b:fe: - 66:5c:72:92:16:04:60:b5:08:83:66:28:3b:46:f0: - cf:95:37:b7:d7 + Public-Key: (512 bit) + Modulus: + 00:ac:21:78:6f:cb:1c:10:c2:71:7b:72:03:e3:4b: + b2:c7:f6:63:3f:69:d3:d3:48:e0:90:16:0f:5a:44: + f5:9c:ed:b9:6b:72:be:11:6e:26:09:32:0c:51:25: + 10:35:fe:a0:33:fe:cf:90:9f:2c:8b:3a:c5:98:86: + c2:a9:5c:ba:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -24,27 +24,26 @@ Certificate: Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: - 89:23:42:95:2B:52:A4:77:FC:5E:59:CA:8D:E0:30:AF:D3:B5:C3:C2 + 08:13:6F:A0:93:47:21:31:9F:02:79:A5:CF:24:4A:D1:0B:A7:10:09 X509v3 Authority Key Identifier: - keyid:5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 + keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 Signature Algorithm: sha1WithRSAEncryption - 60:71:c8:00:ba:88:67:97:75:97:0a:f7:77:70:7d:dc:91:24: - 35:5b:ce:5b:cf:24:00:9b:d1:8f:f0:63:58:76:24:f3:67:06: - a3:ad:e3:43:13:30:d0:d4:62:64:d5:78:4a:aa:9c:13:bc:ea: - 7c:99:8e:5f:b6:c6:5f:11:0d:c9 + 2c:7e:61:65:48:cc:46:50:58:cc:9d:1b:b2:e7:2d:2b:72:e2: + a1:2f:2c:14:35:4d:b8:42:87:66:57:77:c4:02:17:fa:3c:db: + 83:3f:89:37:ae:f8:e9:00:fe:96:d8:4b:80:63:db:08:7a:c6: + e1:c7:59:ec:d9:76:4a:be:1a:19 -----BEGIN CERTIFICATE----- -MIICWzCCAgWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJTRTEU -MBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEOMAwGA1UE -CxMFQm9ndXMxKjAoBgNVBAMTIU15IEJvZ3VzIENBIGZvciB0ZXN0aW5nIGxpYnJh -ZHNlYzAeFw0xMTAzMjUxMjM1MjBaFw0yNDAyMTYxMjM1MjBaMHwxCzAJBgNVBAYT -AlNFMRQwEgYDVQQIEwtCb2d1cyBTdGF0ZTESMBAGA1UEChMJQm9ndXMgTHRkMQ4w -DAYDVQQLEwVCb2d1czEzMDEGA1UEAxMqTXkgQm9ndXMgQ2VydGlmaWNhdGUgZm9y -IHRlc3RpbmcgbGlicmFkc2VjMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMPlFnRH -hLsmvFD+3LVwIa0htv/LrLIkngh1OV269LFZ9qgUAmLDaG3yCJv+ZlxykhYEYLUI -g2YoO0bwz5U3t9cCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd -T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIkjQpUrUqR3 -/F5Zyo3gMK/TtcPCMB8GA1UdIwQYMBaAFFqbuuimm+l4cx4LgwBJlEYTnByJMA0G -CSqGSIb3DQEBBQUAA0EAYHHIALqIZ5d1lwr3d3B93JEkNVvOW88kAJvRj/BjWHYk -82cGo63jQxMw0NRiZNV4SqqcE7zqfJmOX7bGXxENyQ== +MIICEjCCAbygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU0NTdaFw0yNTA4MDYxMTU0 +NTdaMFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK +DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBHNydjEwXDANBgkq +hkiG9w0BAQEFAANLADBIAkEArCF4b8scEMJxe3ID40uyx/ZjP2nT00jgkBYPWkT1 +nO25a3K+EW4mCTIMUSUQNf6gM/7PkJ8sizrFmIbCqVy6pwIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUCBNvoJNHITGfAnmlzyRK0QunEAkwHwYDVR0jBBgwFoAU +EVdAC/AzL67C2qQ6ALrpNLN1IAUwDQYJKoZIhvcNAQEFBQADQQAsfmFlSMxGUFjM +nRuy5y0rcuKhLywUNU24QodmV3fEAhf6PNuDP4k3rvjpAP6W2EuAY9sIesbhx1ns +2XZKvhoZ -----END CERTIFICATE----- diff --git a/lib/tests/demoCA/newcerts/03.pem b/lib/tests/demoCA/newcerts/03.pem index ab42785..d07be19 100644 --- a/lib/tests/demoCA/newcerts/03.pem +++ b/lib/tests/demoCA/newcerts/03.pem @@ -2,21 +2,21 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Validity - Not Before: Mar 25 15:00:52 2011 GMT - Not After : Feb 16 15:00:52 2024 GMT - Subject: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus Client Certificate for testing libradsec + Not Before: Sep 12 11:55:04 2012 GMT + Not After : Aug 6 11:55:04 2025 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=cli1 Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (512 bit) - Modulus (512 bit): - 00:ae:ba:06:81:e2:7c:a8:ee:4e:fa:46:a3:dd:c7: - d4:f8:33:80:c0:43:09:bd:a7:7d:59:4a:c8:af:3f: - 07:54:72:4c:b1:ac:2e:53:5a:c0:b6:6c:06:55:97: - 55:36:cb:fc:7d:5d:c1:c1:97:95:52:a7:a8:da:b0: - b3:3a:0d:b7:87 + Public-Key: (512 bit) + Modulus: + 00:99:7b:86:e0:46:de:f1:69:10:97:f8:4e:78:c8: + ee:c2:c8:65:64:90:72:dd:51:4f:c6:58:78:49:07: + 61:b9:ed:0a:77:7b:d2:6a:c3:49:e5:91:6c:bf:78: + d0:fc:8a:5c:80:1a:b0:03:28:b2:ea:e8:c8:a0:b6: + be:a1:42:30:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -24,27 +24,26 @@ Certificate: Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: - 70:83:4E:39:98:5A:B6:8E:C7:18:95:57:E9:44:BC:26:0F:78:95:45 + 10:17:90:80:D8:B0:7E:91:91:13:32:27:8C:EF:A6:DE:9F:C1:C4:A7 X509v3 Authority Key Identifier: - keyid:5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 + keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 Signature Algorithm: sha1WithRSAEncryption - 72:ea:52:71:bf:6e:9c:de:0d:3a:e7:18:ed:21:46:37:3a:d4: - 7f:21:ff:21:6a:09:fd:4e:fa:85:0a:fb:46:b5:2d:53:3a:25: - 2d:40:44:ee:48:81:9d:6d:5e:cf:20:aa:a1:e8:a7:22:d5:ae: - 58:35:92:ea:bb:b5:a6:f7:29:5c + b1:08:87:88:7d:90:78:01:da:4a:e7:be:82:22:3f:58:07:f7: + 46:a9:9a:42:a4:88:d9:b8:6a:69:bf:cb:d0:39:2d:c9:49:06: + fa:31:80:66:17:32:cc:e8:ae:36:9c:c1:d5:ae:6d:3c:eb:72: + 77:55:92:fa:ab:f5:a3:bc:19:2d -----BEGIN CERTIFICATE----- -MIICYzCCAg2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJTRTEU -MBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEOMAwGA1UE -CxMFQm9ndXMxKjAoBgNVBAMTIU15IEJvZ3VzIENBIGZvciB0ZXN0aW5nIGxpYnJh -ZHNlYzAeFw0xMTAzMjUxNTAwNTJaFw0yNDAyMTYxNTAwNTJaMIGDMQswCQYDVQQG -EwJTRTEUMBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEO -MAwGA1UECxMFQm9ndXMxOjA4BgNVBAMTMU15IEJvZ3VzIENsaWVudCBDZXJ0aWZp -Y2F0ZSBmb3IgdGVzdGluZyBsaWJyYWRzZWMwXDANBgkqhkiG9w0BAQEFAANLADBI -AkEArroGgeJ8qO5O+kaj3cfU+DOAwEMJvad9WUrIrz8HVHJMsawuU1rAtmwGVZdV -Nsv8fV3BwZeVUqeo2rCzOg23hwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG -+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU -cINOOZhato7HGJVX6US8Jg94lUUwHwYDVR0jBBgwFoAUWpu66Kab6XhzHguDAEmU -RhOcHIkwDQYJKoZIhvcNAQEFBQADQQBy6lJxv26c3g065xjtIUY3OtR/If8hagn9 -TvqFCvtGtS1TOiUtQETuSIGdbV7PIKqh6Kci1a5YNZLqu7Wm9ylc +MIICEjCCAbygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU1MDRaFw0yNTA4MDYxMTU1 +MDRaMFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK +DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBGNsaTEwXDANBgkq +hkiG9w0BAQEFAANLADBIAkEAmXuG4Ebe8WkQl/hOeMjuwshlZJBy3VFPxlh4SQdh +ue0Kd3vSasNJ5ZFsv3jQ/IpcgBqwAyiy6ujIoLa+oUIwXQIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUEBeQgNiwfpGREzInjO+m3p/BxKcwHwYDVR0jBBgwFoAU +EVdAC/AzL67C2qQ6ALrpNLN1IAUwDQYJKoZIhvcNAQEFBQADQQCxCIeIfZB4AdpK +576CIj9YB/dGqZpCpIjZuGppv8vQOS3JSQb6MYBmFzLM6K42nMHVrm0863J3VZL6 +q/WjvBkt -----END CERTIFICATE----- diff --git a/lib/tests/demoCA/private/c2key.pem b/lib/tests/demoCA/private/c2key.pem deleted file mode 100644 index 6b0c1ee..0000000 --- a/lib/tests/demoCA/private/c2key.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOQIBAAJBAMPlFnRHhLsmvFD+3LVwIa0htv/LrLIkngh1OV269LFZ9qgUAmLD -aG3yCJv+ZlxykhYEYLUIg2YoO0bwz5U3t9cCAwEAAQJAZtVEg0fj2mbMJmyTqb8y -PnNbYE4n2uA0AVagBZ8Vwl7+rV84tSxXqfZt+G+I9iIwdGZzw9PKEgITX802MTjx -cQIhAPJmBKucvt8d/a9BjvWaOT51anzWBiG+2FJ3dsM9t1+vAiEAzuMPCITPXNlL -1frMDuqqcY8XuEN4Drru/Bs/ChlIzFkCIQDuge1Ugt3YoiTsniAxj7eFuni2Ls1H -xQYLVtr3zzEwpwIfTMX1zjN6v/njKoTnNKHgnkN7ieV/p/e2t9dkjVrUqQIgYzK1 -atYmygSrgsaPkwpYXNVrNBJmBDJpd68pb59wM2Y= ------END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/c3key.pem b/lib/tests/demoCA/private/c3key.pem deleted file mode 100644 index 21b8b3b..0000000 --- a/lib/tests/demoCA/private/c3key.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK66BoHifKjuTvpGo93H1PgzgMBDCb2nfVlKyK8/B1RyTLGsLlNa -wLZsBlWXVTbL/H1dwcGXlVKnqNqwszoNt4cCAwEAAQJAWnD6G1Mj2cF46f2UpqDg -cRUfqOVKbnv62zRliqiiX6fqpGV85mIcBKzh2GhqtL9xxdFSa7MXxllsKQ5M+EkF -kQIhAOY0HjDtlknbkXCUJyBeOdJsw8F7RaeEdjBOlUMCuQwpAiEAwk5u7RsIy3m3 -TRiAFVpqOWuFZ6WB+0Hsx13tOS7AHC8CIF6iwl6e7Y/DYhED9unJkr+80uTxhnsN -a4EEbTw1HFmxAiA1rOUHqsgrLVxtd68qNufRJNqdXyMg/X0jNdcqTLfVEQIhAKYP -+3yM6TAtaTu+lSdhqQokBp77Reco0hYkLkRm3aPO ------END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/cakey.pem b/lib/tests/demoCA/private/cakey.pem index 6c60bc7..e7df9d0 100644 --- a/lib/tests/demoCA/private/cakey.pem +++ b/lib/tests/demoCA/private/cakey.pem @@ -1,9 +1,9 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOwIBAAJBAKonfTspEh45jZ9Dra6DbyKICAeSuR3UiF9YuXbsSunJanPtcGZe -b9wCFZ/del/MO5iKJ7H1mPtrx6teXuo8xF8CAwEAAQJASypsqPDIvy9ff6avF/OZ -6aA8I9ROEH5ty+ju7TkPEt0dgtcA20m20FtbkKuv1ymEAQk2DbfibWgVfu8NtXia -gQIhAN04azjSAO94wlahTblo9NOe3Sl9VoSju/P2vPZhMbufAiEAxOfIdv7eUYxW -tfdF58H6R5SKt/PJ3f5ofIAcIMqQP0ECIGTacdeHtjF2xnKkO0EKHoPT61Qc9jKm -SuvgUymoCfpVAiEAigtdlV9ViaJz4Bq9nZ920dwn7JMzwTjtE+vUzIB25IECIQC4 -Hp8D00gBVlUgW0OlpmA3PWa3TfkEL3pghZqgeYZzXA== +MIIBOgIBAAJBAOueUr8afDJjn5aAcfGYh5CX8XpKgW1mfo58UF/5bpQasHtGh7We +I0gErfNVofkxUKEQq8q6cKxYlU6dOitSNt8CAwEAAQJAR+SmQPN24/Ur88M7gUlW +TBNgtjzXoyb8BMP/zlkQmZW5Tcv1xCa1UwK33u2wSmhSNP6zA1QrC2d2pv/7XZEp +wQIhAPpf2QuEooR5BPrvDiAVPlKp31EROrZOiOV5hbV1Kzx/AiEA8OmZZrvgrdQu +3PKRLfxD11NKf0yhC+7WdVWguYZ1VaECIF99XMcyz9TcXxThRa7gy0M1vJErlAvh +yf5TKba6OEI7AiBpNctdl11G7OxOZ8zJZWsHRYO6Vm/as0KLWYromvTxIQIhAK0c +r+G23R+dHDUdNEBSi6G74dbaJqaA8LsVr9w9m5gY -----END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/cli1.key b/lib/tests/demoCA/private/cli1.key new file mode 100644 index 0000000..09381f1 --- /dev/null +++ b/lib/tests/demoCA/private/cli1.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBAJl7huBG3vFpEJf4TnjI7sLIZWSQct1RT8ZYeEkHYbntCnd70mrD +SeWRbL940PyKXIAasAMosuroyKC2vqFCMF0CAwEAAQJAEozki1zle0YYlFWVnnGi +sfYokxQGXguC2dU9jI4Q2LjGut6mVx/zLIU59BS4nUq2aYHg0hxwwzOba92c0lT/ +HQIhAMp0+k7FtDdRQzIaDzeEY6MYyLhhhukhI3xpyXYVuyx7AiEAwhLQl6hYlsgh +78CzTAhAdbheAwIQWyvY7XjKzxdpGwcCIG/hr0YC2bHMNZ8laY1bmxhRpPLH6p9A +0fR6HXwlTDerAiA1y21SfHGB6huuD2Yjry3e86nrf4j1HKRWvuLIoJ6bxQIgWmyj +YOSFsaBwj9ptkY0d4H84SDHnt7GRypm0/98OSg8= +-----END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/srv1.key b/lib/tests/demoCA/private/srv1.key new file mode 100644 index 0000000..284f1e1 --- /dev/null +++ b/lib/tests/demoCA/private/srv1.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAKwheG/LHBDCcXtyA+NLssf2Yz9p09NI4JAWD1pE9ZztuWtyvhFu +JgkyDFElEDX+oDP+z5CfLIs6xZiGwqlcuqcCAwEAAQJAbviJF7GfH2LsHISt4vyr +fuTmqTxF1wI13E6MiUrJ+eftT7Hq1Wq6B7gmlI1iJiJLlAH6o93PYhp8559Dfp+q +wQIhAOMbFp0NJPrVpycx5dQAYpM/edqXoOENQf1lMLOmOHlhAiEAwgfTbAaGNfQS +uXfzj0sx+IvoKE/MXfLKZ/uE9futCQcCIQC/mMjZMo+yNrHQdV5KHxEK3RB2hFmr +xD2aA9a0mVUnwQIgbYjHdNNWDr1DmMo7h+g2RI6Ot7scruiyFPNrgwXaEB8CICMa +8wjF27wlJ2nmhM9ZXUBtvBKgU+jspsA8n+wU+o+f +-----END RSA PRIVATE KEY----- diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c index ccad607..ed176c0 100644 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@ -1,24 +1,26 @@ +/* Copyright 2011,2013, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include <stdlib.h> -#include <cgreen/cgreen.h> +#include <assert.h> +#include <CUnit/Basic.h> +#include "radius/client.h" #include "radsec/radsec.h" #include "radsec/request.h" #include "udp.h" -#define true 1 /* FIXME: Bug report cgreen. */ -#define false 0 - static void authenticate (struct rs_connection *conn, const char *user, const char *pw) { struct rs_request *req; struct rs_packet *msg, *resp; - assert_true (rs_request_create (conn, &req) == 0); - assert_true (rs_packet_create_authn_request (conn, &msg, user, pw) == 0); + CU_ASSERT (rs_request_create (conn, &req) == 0); + CU_ASSERT (!rs_packet_create_authn_request (conn, &msg, user, pw)); rs_request_add_reqpkt (req, msg); - assert_true (rs_request_send (req, &resp) == 0); + CU_ASSERT (rs_request_send (req, &resp) == 0); //printf ("%s\n", rs_err_msg (rs_err_conn_pop (conn), 1)); - assert_true (rs_packet_code(resp) == PW_ACCESS_ACCEPT); + CU_ASSERT (rs_packet_code(resp) == PW_ACCESS_ACCEPT); rs_request_destroy (req); } @@ -28,10 +30,10 @@ send_more_than_one_msg_in_one_packet (struct rs_connection *conn) { struct rs_packet *msg0, *msg1; - assert_true (rs_packet_create_authn_request (conn, &msg0, NULL, NULL) == 0); - assert_true (rs_packet_create_authn_request (conn, &msg1, NULL, NULL) == 0); - assert_true (rs_packet_send (msg0, NULL) == 0); - assert_true (rs_packet_send (msg1, NULL) == 0); + CU_ASSERT (rs_packet_create_authn_request (conn, &msg0, NULL, NULL) == 0); + CU_ASSERT (rs_packet_create_authn_request (conn, &msg1, NULL, NULL) == 0); + CU_ASSERT (rs_packet_send (msg0, NULL) == 0); + CU_ASSERT (rs_packet_send (msg1, NULL) == 0); } #if 0 @@ -44,18 +46,18 @@ send_large_packet (struct rs_connection *conn) int f; buf = malloc (RS_MAX_PACKET_LEN); - assert_true (buf != NULL); + CU_ASSERT (buf != NULL); memset (buf, 0, RS_MAX_PACKET_LEN); - assert_true (rs_packet_create (conn, &msg0) == 0); + CU_ASSERT (rs_packet_create (conn, &msg0) == 0); /* 16 chunks --> heap corruption in evbuffer_drain detected by free() */ for (f = 0; f < 15; f++) { memset (buf, 'a' + f, 252); //vp = pairmake ("EAP-Message", buf, T_OP_EQ); - assert_true (rs_packet_append_avp (msg0, fixme...) == RSE_OK); + CU_ASSERT (rs_packet_append_avp (msg0, fixme...) == RSE_OK); } - assert_true (rs_packet_send (msg0, NULL) == 0); + CU_ASSERT (rs_packet_send (msg0, NULL) == 0); } #endif /* 0 */ @@ -78,10 +80,9 @@ test_auth () setup.username = "molgan@PROJECT-MOONSHOT.ORG"; setup.pw = "password"; - assert_true (rs_context_create (&ctx) == 0); - assert_true (rs_context_read_config (ctx, setup.config_file) == 0); - assert_true (rs_context_init_freeradius_dict (ctx, NULL) == 0); - assert_true (rs_conn_create (ctx, &conn, setup.config_name) == 0); + CU_ASSERT (rs_context_create (&ctx) == 0); + CU_ASSERT (rs_context_read_config (ctx, setup.config_file) == 0); + CU_ASSERT (rs_conn_create (ctx, &conn, setup.config_name) == 0); authenticate (conn, setup.username, setup.pw); @@ -97,9 +98,9 @@ test_buffering_cb (const uint8_t *buf, ssize_t len) #if 0 hd (buf, len); #endif - assert_true (len >= 20); - assert_true (len <= RS_MAX_PACKET_LEN); - assert_true ((buf[2] << 8) + buf[3] == len); + CU_ASSERT (len >= 20); + CU_ASSERT (len <= RS_MAX_PACKET_LEN); + CU_ASSERT ((buf[2] << 8) + buf[3] == len); return len; } @@ -111,34 +112,19 @@ test_buffering () struct timeval timeout; struct polldata *polldata; - assert_true (rs_context_create (&ctx) == 0); - assert_true (rs_context_read_config (ctx, "test.conf") == 0); - assert_true (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); + CU_ASSERT (rs_context_create (&ctx) == 0); + CU_ASSERT (rs_context_read_config (ctx, "test.conf") == 0); + CU_ASSERT (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); timeout.tv_sec = 0; timeout.tv_usec = 150000; polldata = udp_server ("11820", &timeout, test_buffering_cb); - assert_true (polldata != NULL); + CU_ASSERT (polldata != NULL); send_more_than_one_msg_in_one_packet (conn); - assert_true (udp_poll (polldata) > 0); - assert_true (udp_poll (polldata) > 0); + CU_ASSERT (udp_poll (polldata) > 0); + CU_ASSERT (udp_poll (polldata) > 0); -#if 0 -" -send_large_packet() disabled, it's hanging after - -Sending Access-Request of id 1 to (null) port 0 - Message-Authenticator = 0x00000000000000000000000000000000 -packet_do_send: about to send this to localhost:11820: - Code: 1, Identifier: 1, Lenght: 38 -rs_packet_send: entering event loop -_evcb: fd=5 what = WRITE -rs_packet_send: event loop done -" - send_large_packet (conn); - assert_true (udp_poll (polldata) > 0); -#endif /* 0 */ udp_free_polldata (polldata); rs_conn_destroy (conn); @@ -146,28 +132,22 @@ rs_packet_send: event loop done } /* ************************************************************ */ -static void -setup_auth (TestSuite *ts) -{ - add_test (ts, test_auth); -} - -static void -setup_buffering (TestSuite *ts) -{ - add_test (ts, test_buffering); -} - int main (int argc, char *argv[]) { - TestSuite *ts = create_test_suite (); + CU_pSuite s = NULL; + CU_pTest t = NULL; + unsigned int nfail; + + assert (CU_initialize_registry () == CUE_SUCCESS); + s = CU_add_suite ("auth", NULL, NULL); assert (s); + t = CU_ADD_TEST (s, test_auth); assert (t); + s = CU_add_suite ("buffering", NULL, NULL); assert (s); + t = CU_ADD_TEST (s, test_buffering); assert (t); - setup_auth (ts); - setup_buffering (ts); + assert (CU_basic_run_tests () == CUE_SUCCESS); + nfail = CU_get_number_of_failures(); - if (argc > 1) - return run_single_test (ts, argv[1], create_text_reporter ()); - else - return run_test_suite (ts, create_text_reporter ()); + CU_cleanup_registry (); + return nfail; } diff --git a/lib/tests/test.conf b/lib/tests/test.conf index 839fd75..98d0330 100644 --- a/lib/tests/test.conf +++ b/lib/tests/test.conf @@ -1,5 +1,3 @@ -dictionary = "/home/linus/usr/moonshot/share/freeradius/dictionary" - realm test-udp-auth { type = "UDP" server { diff --git a/lib/tests/udp-server.c b/lib/tests/udp-server.c index ce0136a..77a35df 100644 --- a/lib/tests/udp-server.c +++ b/lib/tests/udp-server.c @@ -1,3 +1,6 @@ +/* Copyright 2011, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include <stdlib.h> #include <stdio.h> #include "udp.h" diff --git a/lib/tests/udp.c b/lib/tests/udp.c index 47ea595..2c580da 100644 --- a/lib/tests/udp.c +++ b/lib/tests/udp.c @@ -1,3 +1,6 @@ +/* Copyright 2011,2013, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include <stdlib.h> #include <string.h> #include <unistd.h> @@ -10,6 +13,7 @@ #include <netdb.h> #include <sys/select.h> #include <sys/time.h> +#include "radius/client.h" #include "udp.h" static struct addrinfo * @@ -57,7 +61,7 @@ ssize_t udp_poll (struct polldata *data) { int r; - long timeout; + long timeout = 0; fd_set rfds; ssize_t len; uint8_t buf[RS_MAX_PACKET_LEN]; diff --git a/lib/tests/udp.h b/lib/tests/udp.h index 004b7ca..a8d5f23 100644 --- a/lib/tests/udp.h +++ b/lib/tests/udp.h @@ -1,3 +1,6 @@ +/* Copyright 2011, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include <stdint.h> #include <unistd.h> #include <sys/time.h> @@ -1,10 +1,11 @@ -/* Copyright 2010,2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> #endif +#include <stdlib.h> #include <assert.h> #include <openssl/ssl.h> #include <openssl/err.h> @@ -1,5 +1,5 @@ -/* Copyright 2010 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2012 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined (__cplusplus) extern "C" { @@ -1,5 +1,5 @@ /* Copyright 2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> @@ -64,15 +64,15 @@ _evcb (evutil_socket_t fd, short what, void *user_data) { int err; struct rs_message *msg = (struct rs_message *) user_data; - assert (msg); - assert (msg->conn); rs_debug (("%s: fd=%d what =", __func__, fd)); - if (what & EV_TIMEOUT) rs_debug ((" TIMEOUT")); + if (what & EV_TIMEOUT) rs_debug ((" TIMEOUT -- shouldn't happen!")); if (what & EV_READ) rs_debug ((" READ")); if (what & EV_WRITE) rs_debug ((" WRITE")); rs_debug (("\n")); + assert (msg); + assert (msg->conn); if (what & EV_READ) { /* Read a single UDP packet and stick it in the struct @@ -91,7 +91,7 @@ _evcb (evutil_socket_t fd, short what, void *user_data) /* FIXME: Really shouldn't happen since we've been told that fd is readable! */ rs_debug (("%s: EAGAIN reading UDP packet -- wot?")); - return; + goto err_out; } /* Hard error. */ @@ -99,23 +99,21 @@ _evcb (evutil_socket_t fd, short what, void *user_data) "%d: recv: %d (%s)", fd, sockerr, evutil_socket_error_to_string (sockerr)); event_del (msg->conn->tev); - return; + goto err_out; } event_del (msg->conn->tev); if (r < 20 || r > RS_MAX_PACKET_LEN) /* Short or long packet. */ { rs_err_conn_push (msg->conn, RSE_INVALID_MSG, - "invalid message length: %d", - msg->rpkt->length); - return; + "invalid message length: %d", r); + goto err_out; } msg->rpkt->length = (msg->rpkt->data[2] << 8) + msg->rpkt->data[3]; err = nr_packet_ok (msg->rpkt); if (err) { - rs_err_conn_push_fl (msg->conn, err, __FILE__, __LINE__, - "invalid message"); - return; + rs_err_conn_push (msg->conn, -err, "invalid message"); + goto err_out; } /* Hand over message to user. This changes ownership of msg. Don't touch it afterwards -- it might have been freed. */ @@ -142,11 +140,10 @@ _evcb (evutil_socket_t fd, short what, void *user_data) if (msg->conn->callbacks.sent_cb) msg->conn->callbacks.sent_cb (msg->conn->base_.user_data); } + return; -#if defined (DEBUG) - if (what & EV_TIMEOUT) - rs_debug (("%s: timeout on UDP event, shouldn't happen\n", __func__)); -#endif + err_out: + rs_conn_disconnect (msg->conn); } int @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ int udp_init (struct rs_connection *conn, struct rs_message *msg); int udp_init_retransmit_timer (struct rs_connection *conn); @@ -1,6 +1,7 @@ -/* Copyright 2012,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2012-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ +#include <stdlib.h> #include <string.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> @@ -1,4 +1,4 @@ /* Copyright 2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ char *rs_strdup (struct rs_context *ctx, const char *s); |