diff options
author | Linus Nordberg <linus@nordu.net> | 2011-03-06 15:53:58 +0100 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2011-03-06 15:53:58 +0100 |
commit | 5c60297a1eaab7b10d6f584ba329493a41b812d0 (patch) | |
tree | ec1eef1d6adb859ef94e5aeeff8f190d35e63215 /lib/tcp.c | |
parent | 7636505962a348d9564e53922834dc6df1274653 (diff) |
Restructure code, moving most code out of packet.c
Also, move copyright notice out of COPYING and into every file.
Diffstat (limited to 'lib/tcp.c')
-rw-r--r-- | lib/tcp.c | 276 |
1 files changed, 276 insertions, 0 deletions
diff --git a/lib/tcp.c b/lib/tcp.c new file mode 100644 index 0000000..2e641f6 --- /dev/null +++ b/lib/tcp.c @@ -0,0 +1,276 @@ +/* Copyright 2011 NORDUnet A/S. All rights reserved. + See the file COPYING for licensing information. */ + +#if defined HAVE_CONFIG_H +#include <config.h> +#endif + +#include <assert.h> +#include <event2/event.h> +#include <event2/bufferevent.h> +#if defined (RS_ENABLE_TLS) +#include <event2/bufferevent_ssl.h> +#include <openssl/err.h> +#endif +#include <radsec/radsec.h> +#include <radsec/radsec-impl.h> +#include "tcp.h" +#include "packet.h" +#include "debug.h" +#include "event.h" + +#if defined (DEBUG) +#include <event2/buffer.h> +#endif + +static int +_close_conn (struct rs_connection **connp) +{ + int r; + assert (connp); + assert (*connp); + r = rs_conn_destroy (*connp); + if (!r) + *connp = NULL; + return r; +} + +/* Read one RADIUS packet header. Return !0 on error. A return value + of 0 means that we need more data. */ +static int +_read_header (struct rs_packet *pkt) +{ + size_t n = 0; + + n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN); + if (n == RS_HEADER_LEN) + { + pkt->hdr_read_flag = 1; + pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3]; + if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096) + { + _close_conn (&pkt->conn); + return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, + "invalid packet length: %d", + pkt->rpkt->data_len); + } + pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len); + if (!pkt->rpkt->data) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__, + NULL); + } + memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN); + bufferevent_setwatermark (pkt->conn->bev, EV_READ, + pkt->rpkt->data_len - RS_HEADER_LEN, 0); + rs_debug (("%s: packet header read, total pkt len=%d\n", + __func__, pkt->rpkt->data_len)); + } + else if (n < 0) + { + rs_debug (("%s: buffer frozen while reading header\n", __func__)); + } + else /* Error: libevent gave us less than the low watermark. */ + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__, + "got %d octets reading header", n); + } + + return 0; +} + +static int +_read_packet (struct rs_packet *pkt) +{ + size_t n = 0; + + rs_debug (("%s: trying to read %d octets of packet data\n", __func__, + pkt->rpkt->data_len - RS_HEADER_LEN)); + + n = bufferevent_read (pkt->conn->bev, + pkt->rpkt->data + RS_HEADER_LEN, + pkt->rpkt->data_len - RS_HEADER_LEN); + + rs_debug (("%s: read %ld octets of packet data\n", __func__, n)); + + if (n == pkt->rpkt->data_len - RS_HEADER_LEN) + { + bufferevent_disable (pkt->conn->bev, EV_READ); + rs_debug (("%s: complete packet read\n", __func__)); + pkt->hdr_read_flag = 0; + memset (pkt->hdr, 0, sizeof(*pkt->hdr)); + + /* Checks done by rad_packet_ok: + - lenghts (FIXME: checks really ok for tcp?) + - invalid code field + - attribute lengths >= 2 + - attribute sizes adding up correctly */ + if (!rad_packet_ok (pkt->rpkt, 0) != 0) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, + "invalid packet: %s", fr_strerror ()); + } + + /* TODO: Verify that reception of an unsolicited response packet + results in connection being closed. */ + + /* If we have a request to match this response against, verify + and decode the response. */ + if (pkt->original) + { + /* Verify header and message authenticator. */ + if (rad_verify (pkt->rpkt, pkt->original->rpkt, + pkt->conn->active_peer->secret)) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, + "rad_verify: %s", fr_strerror ()); + } + + /* Decode and decrypt. */ + if (rad_decode (pkt->rpkt, pkt->original->rpkt, + pkt->conn->active_peer->secret)) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, + "rad_decode: %s", fr_strerror ()); + } + } + +#if defined (DEBUG) + /* Find out what happens if there's data left in the buffer. */ + { + size_t rest = 0; + rest = evbuffer_get_length (bufferevent_get_input (pkt->conn->bev)); + if (rest) + rs_debug (("%s: returning with %d octets left in buffer\n", __func__, + rest)); + } +#endif + + /* Hand over message to user, changes ownership of pkt. Don't + touch it afterwards -- it might have been freed. */ + if (pkt->conn->callbacks.received_cb) + pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data); + } + else if (n < 0) /* Buffer frozen. */ + rs_debug (("%s: buffer frozen when reading packet\n", __func__)); + else /* Short packet. */ + rs_debug (("%s: waiting for another %d octets\n", __func__, + pkt->rpkt->data_len - RS_HEADER_LEN - n)); + + return 0; +} + +/* Read callback for TCP. + + Read exactly one RADIUS message from BEV and store it in struct + rs_packet passed in CTX (hereby called 'pkt'). + + Verify the received packet against pkt->original, if !NULL. + + Inform upper layer about successful reception of valid RADIUS + message by invoking conn->callbacks.recevied_cb(), if !NULL. */ +void +tcp_read_cb (struct bufferevent *bev, void *user_data) +{ + struct rs_packet *pkt = (struct rs_packet *) user_data; + + assert (pkt); + assert (pkt->conn); + assert (pkt->rpkt); + + pkt->rpkt->sockfd = pkt->conn->fd; + pkt->rpkt->vps = NULL; + + if (!pkt->hdr_read_flag) + if (_read_header (pkt)) + return; + _read_packet (pkt); +} + +void +tcp_event_cb (struct bufferevent *bev, short events, void *user_data) +{ + struct rs_packet *pkt = (struct rs_packet *) user_data; + struct rs_connection *conn = NULL; + struct rs_peer *p = NULL; + int sockerr = 0; +#if defined (RS_ENABLE_TLS) + unsigned long tlserr = 0; +#endif + + assert (pkt); + assert (pkt->conn); + assert (pkt->conn->active_peer); + conn = pkt->conn; + p = conn->active_peer; + + conn->is_connecting = 0; + if (events & BEV_EVENT_CONNECTED) + { + event_on_connect (conn, pkt); + } + else if (events & BEV_EVENT_EOF) + { + event_on_disconnect (conn); + } + else if (events & BEV_EVENT_TIMEOUT) + { + rs_debug (("%s: %p times out on %s\n", __func__, p, + (events & BEV_EVENT_READING) ? "read" : "write")); + rs_err_conn_push_fl (pkt->conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL); + } + else if (events & BEV_EVENT_ERROR) + { + sockerr = evutil_socket_geterror (conn->active_peer->fd); + if (sockerr == 0) /* FIXME: True that errno == 0 means closed? */ + { + event_on_disconnect (conn); + } + else + { + rs_debug (("%s: %d: %d (%s)\n", __func__, conn->fd, sockerr, + evutil_socket_error_to_string (sockerr))); + rs_err_conn_push_fl (pkt->conn, RSE_SOCKERR, __FILE__, __LINE__, + "%d: %d (%s)", conn->fd, sockerr, + evutil_socket_error_to_string (sockerr)); + } +#if defined (RS_ENABLE_TLS) + if (conn->tls_ssl) /* FIXME: correct check? */ + { + for (tlserr = bufferevent_get_openssl_error (conn->bev); + tlserr; + tlserr = bufferevent_get_openssl_error (conn->bev)) + { + rs_debug (("%s: openssl error: %s\n", __func__, + ERR_error_string (tlserr, NULL))); + rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__, + ERR_error_string (tlserr, NULL)); + } + } +#endif /* RS_ENABLE_TLS */ + event_loopbreak (conn); + } + +#if defined (DEBUG) + if (events & BEV_EVENT_ERROR && events != BEV_EVENT_ERROR) + rs_debug (("%s: BEV_EVENT_ERROR and more: 0x%x\n", __func__, events)); +#endif +} + +void +tcp_write_cb (struct bufferevent *bev, void *ctx) +{ + struct rs_packet *pkt = (struct rs_packet *) ctx; + + assert (pkt); + assert (pkt->conn); + + if (pkt->conn->callbacks.sent_cb) + pkt->conn->callbacks.sent_cb (pkt->conn->user_data); +} + |