diff options
| author | Linus Nordberg <linus@nordu.net> | 2011-03-07 15:23:40 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2011-03-07 15:23:40 +0100 |
| commit | cbcaa6a7c8f8a6704f6b4a68f260020957214a07 (patch) | |
| tree | 1d0bc882bfd69f490562daa829a7a8845ecf4552 /lib/packet.c | |
| parent | 41af6cd03dac4eb905d0d3de574d2e4f3f9600eb (diff) | |
Move verification of response packets up to a level where it makes sense.
Replace the user_dispatch_flag on connections with
conn_user_dispatch_p().
Remove the 'original' member from packet and instead have an upper
layer verify.
Rename packet valid_flag --> received_flag to reflect that we don't
verify.
Move _close_conn() --> conn_close().
Move packet flags into a single unsigned int, for portability.
(_read_packet): Don't verify packet.
(rs_conn_receive_packet): Don't touch PKT_OUT if there isn't a packet.
(rs_conn_receive_packet): Verify packet using packet_verify_response().
Diffstat (limited to 'lib/packet.c')
| -rw-r--r-- | lib/packet.c | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/lib/packet.c b/lib/packet.c index 6ba9fd3..799234f 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -9,6 +9,7 @@ #include <event2/bufferevent.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> +#include "conn.h" #include "debug.h" #include "packet.h" @@ -18,15 +19,47 @@ #include <event2/buffer.h> #endif -/* Badly named helper function for preparing a RADIUS message and - queue it. FIXME: Rename. */ +int +packet_verify_response (struct rs_connection *conn, + struct rs_packet *response, + struct rs_packet *request) +{ + assert (conn); + assert (conn->active_peer); + assert (conn->active_peer->secret); + assert (response); + assert (response->rpkt); + assert (request); + assert (request->rpkt); + + /* Verify header and message authenticator. */ + if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret)) + { + conn_close (&conn); + return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, + "rad_verify: %s", fr_strerror ()); + } + + /* Decode and decrypt. */ + if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret)) + { + conn_close (&conn); + return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, + "rad_decode: %s", fr_strerror ()); + } + + return RSE_OK; +} + + +/* Badly named function for preparing a RADIUS message and queue it. + FIXME: Rename. */ int packet_do_send (struct rs_packet *pkt) { VALUE_PAIR *vp = NULL; assert (pkt->rpkt); - assert (!pkt->original); /* Add Message-Authenticator, RFC 2869. */ /* FIXME: Make Message-Authenticator optional? */ |