summaryrefslogtreecommitdiff
path: root/lib/tcp.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2011-03-07 15:23:40 +0100
committerLinus Nordberg <linus@nordu.net>2011-03-07 15:23:40 +0100
commitcbcaa6a7c8f8a6704f6b4a68f260020957214a07 (patch)
tree1d0bc882bfd69f490562daa829a7a8845ecf4552 /lib/tcp.c
parent41af6cd03dac4eb905d0d3de574d2e4f3f9600eb (diff)
Move verification of response packets up to a level where it makes sense.
Replace the user_dispatch_flag on connections with conn_user_dispatch_p(). Remove the 'original' member from packet and instead have an upper layer verify. Rename packet valid_flag --> received_flag to reflect that we don't verify. Move _close_conn() --> conn_close(). Move packet flags into a single unsigned int, for portability. (_read_packet): Don't verify packet. (rs_conn_receive_packet): Don't touch PKT_OUT if there isn't a packet. (rs_conn_receive_packet): Verify packet using packet_verify_response().
Diffstat (limited to 'lib/tcp.c')
-rw-r--r--lib/tcp.c69
1 files changed, 15 insertions, 54 deletions
diff --git a/lib/tcp.c b/lib/tcp.c
index acee94b..1801d62 100644
--- a/lib/tcp.c
+++ b/lib/tcp.c
@@ -16,6 +16,7 @@
#include <radsec/radsec-impl.h>
#include "tcp.h"
#include "packet.h"
+#include "conn.h"
#include "debug.h"
#include "event.h"
@@ -41,18 +42,6 @@ _conn_timeout_cb (int fd, short event, void *data)
}
}
-static int
-_close_conn (struct rs_connection **connp)
-{
- int r;
- assert (connp);
- assert (*connp);
- r = rs_conn_destroy (*connp);
- if (!r)
- *connp = NULL;
- return r;
-}
-
/* Read one RADIUS packet header. Return !0 on error. A return value
of 0 means that we need more data. */
static int
@@ -63,11 +52,11 @@ _read_header (struct rs_packet *pkt)
n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN);
if (n == RS_HEADER_LEN)
{
- pkt->hdr_read_flag = 1;
+ pkt->flags |= rs_packet_hdr_read_flag;
pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3];
if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096)
{
- _close_conn (&pkt->conn);
+ conn_close (&pkt->conn);
return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT,
"invalid packet length: %d",
pkt->rpkt->data_len);
@@ -75,7 +64,7 @@ _read_header (struct rs_packet *pkt)
pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len);
if (!pkt->rpkt->data)
{
- _close_conn (&pkt->conn);
+ conn_close (&pkt->conn);
return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
NULL);
}
@@ -91,7 +80,7 @@ _read_header (struct rs_packet *pkt)
}
else /* Error: libevent gave us less than the low watermark. */
{
- _close_conn (&pkt->conn);
+ conn_close (&pkt->conn);
return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__,
"got %d octets reading header", n);
}
@@ -117,7 +106,7 @@ _read_packet (struct rs_packet *pkt)
{
bufferevent_disable (pkt->conn->bev, EV_READ);
rs_debug (("%s: complete packet read\n", __func__));
- pkt->hdr_read_flag = 0;
+ pkt->flags &= ~rs_packet_hdr_read_flag;
memset (pkt->hdr, 0, sizeof(*pkt->hdr));
/* Checks done by rad_packet_ok:
@@ -125,39 +114,13 @@ _read_packet (struct rs_packet *pkt)
- invalid code field
- attribute lengths >= 2
- attribute sizes adding up correctly */
- if (!rad_packet_ok (pkt->rpkt, 0) != 0)
+ if (!rad_packet_ok (pkt->rpkt, 0))
{
- _close_conn (&pkt->conn);
+ conn_close (&pkt->conn);
return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
"invalid packet: %s", fr_strerror ());
}
- /* TODO: Verify that reception of an unsolicited response packet
- results in connection being closed. */
-
- /* If we have a request to match this response against, verify
- and decode the response. */
- if (pkt->original)
- {
- /* Verify header and message authenticator. */
- if (rad_verify (pkt->rpkt, pkt->original->rpkt,
- pkt->conn->active_peer->secret))
- {
- _close_conn (&pkt->conn);
- return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
- "rad_verify: %s", fr_strerror ());
- }
-
- /* Decode and decrypt. */
- if (rad_decode (pkt->rpkt, pkt->original->rpkt,
- pkt->conn->active_peer->secret))
- {
- _close_conn (&pkt->conn);
- return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
- "rad_decode: %s", fr_strerror ());
- }
- }
-
#if defined (DEBUG)
/* Find out what happens if there's data left in the buffer. */
{
@@ -169,8 +132,8 @@ _read_packet (struct rs_packet *pkt)
}
#endif
- /* Hand over message to user, changes ownership of pkt. Don't
- touch it afterwards -- it might have been freed. */
+ /* Hand over message to user. This changes ownership of pkt.
+ Don't touch it afterwards -- it might have been freed. */
if (pkt->conn->callbacks.received_cb)
pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data);
}
@@ -183,14 +146,12 @@ _read_packet (struct rs_packet *pkt)
return 0;
}
-/* Read callback for TCP.
+/* The read callback for TCP.
Read exactly one RADIUS message from BEV and store it in struct
- rs_packet passed in CTX (hereby called 'pkt').
-
- Verify the received packet against pkt->original, if !NULL.
+ rs_packet passed in USER_DATA.
- Inform upper layer about successful reception of valid RADIUS
+ Inform upper layer about successful reception of received RADIUS
message by invoking conn->callbacks.recevied_cb(), if !NULL. */
void
tcp_read_cb (struct bufferevent *bev, void *user_data)
@@ -204,9 +165,9 @@ tcp_read_cb (struct bufferevent *bev, void *user_data)
pkt->rpkt->sockfd = pkt->conn->fd;
pkt->rpkt->vps = NULL;
- if (!pkt->hdr_read_flag)
+ if ((pkt->flags & rs_packet_hdr_read_flag) == 0)
if (_read_header (pkt))
- return;
+ return; /* Error. */
_read_packet (pkt);
}
generated by cgit v1.1 at 2024-12-27 21:07:22 +0000