summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--fticks.c87
-rw-r--r--fticks.h13
-rw-r--r--radsecproxy.c75
-rw-r--r--radsecproxy.h1
4 files changed, 99 insertions, 77 deletions
diff --git a/fticks.c b/fticks.c
index ab750a3..98022cd 100644
--- a/fticks.c
+++ b/fticks.c
@@ -7,6 +7,15 @@
#include <nettle/sha.h>
#include <nettle/hmac.h>
+#include <regex.h>
+#include <pthread.h>
+#include <sys/time.h>
+#include "list.h"
+#include "radsecproxy.h"
+#include "debug.h"
+
+#include "fticks.h"
+
static void
format_hash(const uint8_t *hash, size_t out_len, uint8_t *out)
{
@@ -62,6 +71,84 @@ fticks_hashmac(const uint8_t *in,
hash(in, key, out_len, out);
}
+void
+fticks_log(const struct options *options,
+ const struct client *client,
+ const struct radmsg *msg,
+ const struct rqout *rqout)
+{
+ unsigned char *username = NULL;
+ unsigned char *realm = NULL;
+ uint8_t visinst[8+40+1+1]; /* Room for 40 octets of VISINST. */
+ uint8_t *macin = NULL;
+ uint8_t macout[2*32+1]; /* Room for ASCII representation of SHA256. */
+
+ username = radattr2ascii(radmsg_gettype(rqout->rq->msg,
+ RAD_Attr_User_Name));
+ if (username != NULL) {
+ realm = (unsigned char *) strrchr((char *) username, '@');
+ if (realm != NULL)
+ realm++;
+ else
+ realm = (unsigned char *) "";
+ }
+
+ memset(visinst, 0, sizeof(visinst));
+ if (options->fticks_reporting == RSP_FTICKS_REPORTING_FULL)
+ snprintf((char *) visinst, sizeof(visinst), "VISINST=%s#",
+ client->conf->name);
+
+#define BOGUS_MAC "00:00:00:00:00:00" /* FIXME: Is there a standard
+ * for bogus MAC addresses? */
+ memset(macout, 0, sizeof(macout));
+ strncpy((char *) macout, BOGUS_MAC, sizeof(macout) - 1);
+ if (options->fticks_mac != RSP_FTICKS_MAC_STATIC) {
+ macin = radattr2ascii(radmsg_gettype(rqout->rq->msg,
+ RAD_Attr_Calling_Station_Id));
+ }
+#if RS_TESTING || 1
+ if (macin == NULL)
+ macin = (uint8_t *) strdup(BOGUS_MAC);
+#endif /* RS_TESTING */
+
+ switch (options->fticks_mac)
+ {
+ case RSP_FTICKS_MAC_STATIC:
+ memcpy(macout, BOGUS_MAC, sizeof(BOGUS_MAC));
+ break;
+ case RSP_FTICKS_MAC_ORIGINAL:
+ memcpy(macout, macin, sizeof(macout));
+ break;
+ case RSP_FTICKS_MAC_VENDOR_HASHED:
+ fticks_hashmac(macin + 3, NULL, sizeof(macout), macout);
+ break;
+ case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
+ fticks_hashmac(macin + 3, options->fticks_key, sizeof(macout),
+ macout);
+ break;
+ case RSP_FTICKS_MAC_FULLY_HASHED:
+ fticks_hashmac(macin, NULL, sizeof(macout), macout);
+ break;
+ case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
+ fticks_hashmac(macin, options->fticks_key, sizeof(macout), macout);
+ break;
+ default:
+ debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
+ options->fticks_mac);
+ }
+ debug(0xff,
+ "F-TICKS/eduroam/1.0#REALM=%s#VISCOUNTRY=%s#%sCSI=%s#RESULT=%s#",
+ realm,
+ client->conf->fticks_viscountry,
+ visinst,
+ macout,
+ msg->code == RAD_Access_Accept ? "OK" : "FAIL");
+ if (macin != NULL)
+ free(macin);
+ if (username != NULL)
+ free(username);
+}
+
/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */
diff --git a/fticks.h b/fticks.h
index 4098fb5..b749d98 100644
--- a/fticks.h
+++ b/fticks.h
@@ -1,7 +1,12 @@
/* Copyright (C) 2011 NORDUnet A/S
* See LICENSE for information about licensing.
*/
-int fticks_hashmac(const uint8_t *in,
- const uint8_t *key,
- size_t out_len,
- uint8_t *out);
+void fticks_hashmac(const uint8_t *in,
+ const uint8_t *key,
+ size_t out_len,
+ uint8_t *out);
+void fticks_log(const struct options *options,
+ const struct client *client,
+ const struct radmsg *msg,
+ const struct rqout *rqout);
+
diff --git a/radsecproxy.c b/radsecproxy.c
index 5c6b260..2227193 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -1692,79 +1692,8 @@ void replyh(struct server *server, unsigned char *buf) {
debug(msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Accounting_Response ? DBG_WARN : DBG_INFO,
"replyh: passing %s to client %s (%s)", radmsgtype2string(msg->code), from->conf->name, addr2string(from->addr));
- if (options.fticks_reporting && from->conf->fticks_viscountry != NULL) {
- unsigned char *username = NULL;
- unsigned char *realm = NULL;
- uint8_t visinst[8+40+1+1]; /* Room for 40 octets of VISINST. */
- uint8_t *macin = NULL;
- uint8_t macout[2*32+1]; /* Room for ASCII representation of SHA256. */
-
- username = radattr2ascii(radmsg_gettype(rqout->rq->msg,
- RAD_Attr_User_Name));
- if (username != NULL) {
- realm = (unsigned char *) strrchr((char *) username, '@');
- if (realm != NULL)
- realm++;
- else
- realm = (unsigned char *) "";
- }
-
- memset(visinst, 0, sizeof(visinst));
- if (options.fticks_reporting == RSP_FTICKS_REPORTING_FULL)
- snprintf((char *) visinst, sizeof(visinst), "VISINST=%s#",
- from->conf->name);
-
-#define BOGUS_MAC "00:00:00:00:00:00" /* FIXME: Is there a standard
- * for bogus MAC addresses? */
- memset(macout, 0, sizeof(macout));
- strncpy((char *) macout, BOGUS_MAC, sizeof(macout) - 1);
- if (options.fticks_mac != RSP_FTICKS_MAC_STATIC) {
- macin = radattr2ascii(radmsg_gettype(rqout->rq->msg,
- RAD_Attr_Calling_Station_Id));
- }
-#if RS_TESTING || 1
- if (macin == NULL)
- macin = (uint8_t *) strdup(BOGUS_MAC);
-#endif /* RS_TESTING */
-
- switch (options.fticks_mac)
- {
- case RSP_FTICKS_MAC_STATIC:
- memcpy(macout, BOGUS_MAC, sizeof(BOGUS_MAC));
- break;
- case RSP_FTICKS_MAC_ORIGINAL:
- memcpy(macout, macin, sizeof(macout));
- break;
- case RSP_FTICKS_MAC_VENDOR_HASHED:
- fticks_hashmac(macin + 3, NULL, sizeof(macout), macout);
- break;
- case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
- fticks_hashmac(macin + 3, options.fticks_key, sizeof(macout),
- macout);
- break;
- case RSP_FTICKS_MAC_FULLY_HASHED:
- fticks_hashmac(macin, NULL, sizeof(macout), macout);
- break;
- case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
- fticks_hashmac(macin, options.fticks_key, sizeof(macout), macout);
- break;
- default:
- debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
- options.fticks_mac);
- }
- debug(0xff,
- "F-TICKS/eduroam/1.0#REALM=%s#VISCOUNTRY=%s#%sCSI=%s#RESULT=%s#",
- realm,
- from->conf->fticks_viscountry,
- visinst,
- macout,
- msg->code == RAD_Access_Accept ? "OK" : "FAIL");
- if (macin != NULL)
- free(macin);
- if (username != NULL)
- free(username);
-
- }
+ if (options.fticks_reporting && from->conf->fticks_viscountry != NULL)
+ fticks_log(&options, from, msg, rqout);
radmsg_free(rqout->rq->msg);
rqout->rq->msg = msg;
diff --git a/radsecproxy.h b/radsecproxy.h
index 1644c77..3c80ee6 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -230,6 +230,7 @@ void freerq(struct request *rq);
int radsrv(struct request *rq);
void replyh(struct server *server, unsigned char *buf);
struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
+uint8_t *radattr2ascii(struct tlv *attr);
/* Local Variables: */
/* c-file-style: "stroustrup" */