diff options
author | Linus Nordberg <linus@nordberg.se> | 2013-01-21 11:02:17 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordberg.se> | 2013-01-21 11:02:17 +0100 |
commit | 35311406413e0418112f7c295fee054a3506cbe8 (patch) | |
tree | f463a573a83951fb229a358425e08d9c7484268b /lib/packet.c | |
parent | dc61b6b2c2dd3d7b47d83dc6d574bd65dffeadd6 (diff) | |
parent | b8260ee68d9bc60f3204f860cc6919964a6e9464 (diff) |
Merge branch 'libradsec-new-client' into libradsec
Diffstat (limited to 'lib/packet.c')
-rw-r--r-- | lib/packet.c | 172 |
1 files changed, 120 insertions, 52 deletions
diff --git a/lib/packet.c b/lib/packet.c index 8e6f22d..17f022e 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -1,11 +1,12 @@ /* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See the file COPYING for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include <config.h> #endif #include <assert.h> +#include <radius/client.h> #include <event2/bufferevent.h> #include <radsec/radsec.h> #include <radsec/radsec-impl.h> @@ -24,6 +25,8 @@ packet_verify_response (struct rs_connection *conn, struct rs_packet *response, struct rs_packet *request) { + int err; + assert (conn); assert (conn->active_peer); assert (conn->active_peer->secret); @@ -32,20 +35,27 @@ packet_verify_response (struct rs_connection *conn, assert (request); assert (request->rpkt); + response->rpkt->secret = conn->active_peer->secret; + response->rpkt->sizeof_secret = strlen (conn->active_peer->secret); + /* Verify header and message authenticator. */ - if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret)) + err = nr_packet_verify (response->rpkt, request->rpkt); + if (err) { - conn_close (&conn); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "rad_verify: %s", fr_strerror ()); + if (conn->is_connected) + rs_conn_disconnect(conn); + return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, + "nr_packet_verify"); } /* Decode and decrypt. */ - if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret)) + err = nr_packet_decode (response->rpkt, request->rpkt); + if (err) { - conn_close (&conn); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "rad_decode: %s", fr_strerror ()); + if (conn->is_connected) + rs_conn_disconnect(conn); + return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, + "nr_packet_decode"); } return RSE_OK; @@ -57,7 +67,7 @@ packet_verify_response (struct rs_connection *conn, int packet_do_send (struct rs_packet *pkt) { - VALUE_PAIR *vp = NULL; + int err; assert (pkt); assert (pkt->conn); @@ -65,22 +75,19 @@ packet_do_send (struct rs_packet *pkt) assert (pkt->conn->active_peer->secret); assert (pkt->rpkt); - /* Add a Message-Authenticator, RFC 2869, if not already present. */ - /* FIXME: Make Message-Authenticator optional? */ - vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS); - if (!vp) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "paircreate: %s", fr_strerror ()); - pairreplace (&pkt->rpkt->vps, vp); + pkt->rpkt->secret = pkt->conn->active_peer->secret; + pkt->rpkt->sizeof_secret = strlen (pkt->rpkt->secret); /* Encode message. */ - if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret)) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_encode: %s", fr_strerror ()); + err = nr_packet_encode (pkt->rpkt, NULL); + if (err < 0) + return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, + "nr_packet_encode"); /* Sign message. */ - if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret)) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_sign: %s", fr_strerror ()); + err = nr_packet_sign (pkt->rpkt, NULL); + if (err < 0) + return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, + "nr_packet_sign"); #if defined (DEBUG) { char host[80], serv[80]; @@ -98,7 +105,7 @@ packet_do_send (struct rs_packet *pkt) if (pkt->conn->bev) /* TCP. */ { int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data, - pkt->rpkt->data_len); + pkt->rpkt->length); if (err < 0) return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__, "bufferevent_write: %s", @@ -122,21 +129,36 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) { struct rs_packet *p; RADIUS_PACKET *rpkt; + int err; *pkt_out = NULL; - rpkt = rad_alloc (1); - if (!rpkt) + rpkt = rs_malloc (conn->ctx, sizeof(*rpkt) + RS_MAX_PACKET_LEN); + if (rpkt == NULL) return rs_err_conn_push (conn, RSE_NOMEM, __func__); - rpkt->id = conn->nextid++; - p = (struct rs_packet *) malloc (sizeof (struct rs_packet)); - if (!p) + /* + * This doesn't make sense; the packet identifier is constant for + * an entire conversation. A separate API should be provided to + * allow the application to set the packet ID, or a conversation + * object should group related packets together. + */ +#if 0 + rpkt->id = conn->nextid++ +#endif + + err = nr_packet_init (rpkt, NULL, NULL, + PW_ACCESS_REQUEST, + rpkt + 1, RS_MAX_PACKET_LEN); + if (err < 0) + return rs_err_conn_push (conn, -err, __func__); + + p = (struct rs_packet *) rs_calloc (conn->ctx, 1, sizeof (*p)); + if (p == NULL) { - rad_free (&rpkt); + rs_free (conn->ctx, rpkt); return rs_err_conn_push (conn, RSE_NOMEM, __func__); } - memset (p, 0, sizeof (struct rs_packet)); p->conn = conn; p->rpkt = rpkt; @@ -147,44 +169,37 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) int rs_packet_create_authn_request (struct rs_connection *conn, struct rs_packet **pkt_out, - const char *user_name, const char *user_pw) + const char *user_name, + const char *user_pw, + const char *secret) { struct rs_packet *pkt; - VALUE_PAIR *vp = NULL; + int err; if (rs_packet_create (conn, pkt_out)) return -1; + pkt = *pkt_out; - pkt->rpkt->code = PW_AUTHENTICATION_REQUEST; + pkt->rpkt->code = PW_ACCESS_REQUEST; if (user_name) { - vp = pairmake ("User-Name", user_name, T_OP_EQ); - if (vp == NULL) - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - pairadd (&pkt->rpkt->vps, vp); + err = rs_packet_append_avp (pkt, PW_USER_NAME, 0, user_name, 0); + if (err) + return err; } if (user_pw) { - vp = pairmake ("User-Password", user_pw, T_OP_EQ); - if (vp == NULL) - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - pairadd (&pkt->rpkt->vps, vp); + pkt->rpkt->secret = secret; + err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0); + if (err) + return err; } return RSE_OK; } -struct radius_packet * -rs_packet_frpkt (struct rs_packet *pkt) -{ - assert (pkt); - return pkt->rpkt; -} - void rs_packet_destroy (struct rs_packet *pkt) { @@ -192,6 +207,59 @@ rs_packet_destroy (struct rs_packet *pkt) assert (pkt->conn); assert (pkt->conn->ctx); - rad_free (&pkt->rpkt); /* Note: This frees the VALUE_PAIR's too. */ + rs_avp_free (&pkt->rpkt->vps); + rs_free (pkt->conn->ctx, pkt->rpkt); rs_free (pkt->conn->ctx, pkt); } + +int +rs_packet_append_avp (struct rs_packet *pkt, + unsigned int attr, unsigned int vendor, + const void *data, size_t data_len) +{ + const DICT_ATTR *da; + int err; + + assert (pkt); + + da = nr_dict_attr_byvalue (attr, vendor); + if (da == NULL) + return RSE_ATTR_TYPE_UNKNOWN; + + err = nr_packet_attr_append (pkt->rpkt, NULL, da, data, data_len); + if (err < 0) + return rs_err_conn_push (pkt->conn, -err, __func__); + + return RSE_OK; +} + +void +rs_packet_avps (struct rs_packet *pkt, rs_avp ***vps) +{ + assert (pkt); + *vps = &pkt->rpkt->vps; +} + +unsigned int +rs_packet_code (struct rs_packet *pkt) +{ + assert (pkt); + return pkt->rpkt->code; +} + +rs_const_avp * +rs_packet_find_avp (struct rs_packet *pkt, unsigned int attr, unsigned int vendor) +{ + assert (pkt); + return rs_avp_find_const (pkt->rpkt->vps, attr, vendor); +} + +int +rs_packet_set_id (struct rs_packet *pkt, int id) +{ + int old = pkt->rpkt->id; + + pkt->rpkt->id = id; + + return old; +} |