summaryrefslogtreecommitdiff
path: root/lib/packet.c
Commit message (Collapse)AuthorAgeFilesLines
* Add rs_packet_add_avp() and use it.Linus Nordberg2013-05-081-2/+43
| | | | | | | | | | | | | rs_packet_create_authn_request() now uses rs_packet_add_avp() instead of rs_packet_append_avp() which makes it possible to create a authentication packet without knowing the shared secret. Calling rs_packet_add_avp() on a packet is incompatible with using rs_packet_append_avp() on the same packet but since rs_packet_create_authn_request() adds attribute-value pairs for user name and password only if those arguments are supplied, code that doesn't use user name and password (i.e. mech_eap) should still be fine.
* Revert "Add formal argument 'secret' to two public functions."Linus Nordberg2013-05-081-4/+1
| | | | | | | This reverts commit 09d1cff2418a900b587b2113f508984f2417cc11. Conflicts: lib/include/radsec/request.h
* Remove dead code.Linus Nordberg2013-01-281-10/+0
|
* Rename COPYING -> LICENSE.Linus Nordberg2012-12-191-1/+1
| | | | And distribute LICENSE and HACKING.
* Whitespace.Linus Nordberg2012-12-171-1/+1
|
* Add formal argument 'secret' to two public functions.Linus Nordberg2012-12-171-1/+4
| | | | | | | | | | The functions are rs_packet_create_authn_request() and rs_request_create_authn(). Attributes of type PW_USER_PASSWORD are supposed to be MD5 obfuscated (see vp2data_any()). NOTE: This is a non-backward compatible API change.
* Merge libradsec-new-client.Linus Nordberg2012-04-271-50/+115
|\
| * remove rs_packet_frpktLuke Howard2011-11-141-7/+0
| |
| * port to new RADIUS client libraryLuke Howard2011-11-141-43/+115
| |
* | Postpone resolving of DNS names of server.Linus Nordberg2012-04-251-2/+2
|/ | | | | | | | | | We used to resolve DNS names when reading configuration. We now do it in event_init_socket() and cache the result in the connection object. The imminent need for changing this is to keep host names around for X509 certificate verification (CNAME and subjectAltName). This will also help later when we implement server failover (and later, when people want to do more dynamic configuration, f.ex. NAPTR).
* (rs_packet_destroy): Free unconditionally.Linus Nordberg2011-03-141-7/+6
|
* Remove struct rs_attr and all use of it.Linus Nordberg2011-03-141-18/+15
| | | | | | | A new API for attributes will be added once we've decided how to deal with RADIUS packets internally. For now, removing the half baked wrapping seems more sensible than trying to free rs_attr objects and their VALUE_PAIR's.
* Get UDP working.Linus Nordberg2011-03-091-2/+0
| | | | | | | | | | | | | | | | For UDP, activate retransmit timer before receiving rather than sending makes the event loop break nicely after sending a message (which is important for blocking mode). Not quite sure that this is really accurate wrt to retransmission timing though but it should do for now. For UDP, set the user_data member for the read callback in rs_conn_receive_packet -- the one from udp_init() doesn't do much good now. For UDP, implement receiving message. Add compat_recv().
* Don't add Message-Authenticator more than once.Linus Nordberg2011-03-091-2/+8
| | | | | Retransmiting the packet showed that we added another Message-Authenticator attribute every time we sent it.
* Formatting changes.Linus Nordberg2011-03-091-0/+1
|
* Add retransmission timer support (UDP).Linus Nordberg2011-03-091-2/+4
|
* Move verification of response packets up to a level where it makes sense.Linus Nordberg2011-03-071-3/+36
| | | | | | | | | | | | | | | | | | | | | Replace the user_dispatch_flag on connections with conn_user_dispatch_p(). Remove the 'original' member from packet and instead have an upper layer verify. Rename packet valid_flag --> received_flag to reflect that we don't verify. Move _close_conn() --> conn_close(). Move packet flags into a single unsigned int, for portability. (_read_packet): Don't verify packet. (rs_conn_receive_packet): Don't touch PKT_OUT if there isn't a packet. (rs_conn_receive_packet): Verify packet using packet_verify_response().
* Restructure code, moving most code out of packet.cLinus Nordberg2011-03-061-775/+7
| | | | Also, move copyright notice out of COPYING and into every file.
* UDP w/o bufferevents, part 1.Linus Nordberg2011-03-061-69/+208
| | | | Sending, no retransmitting and no receiving.
* Cosmetic changes.Linus Nordberg2011-03-061-5/+5
|
* _init_evb: Don't crash on socket errors.Linus Nordberg2011-03-031-2/+4
|
* Correct an error code.Linus Nordberg2011-03-031-1/+3
|
* Correct an error string.Linus Nordberg2011-03-031-1/+1
|
* Error handling cleanup 3.Linus Nordberg2011-03-011-2/+2
| | | | Split timeout errors in connecting and I/O.
* Error handling cleanup 2.Linus Nordberg2011-03-011-2/+1
| | | | RSE_NOSYS doesn't need a string.
* Error handling cleanupLinus Nordberg2011-03-011-2/+2
| | | | | Remove RSE_SOME_ERROR. rs_tls_init: Push SSL error stack on libradsec error stack.
* Rename relevant functions to reflect authn as opposed to authz.Linus Nordberg2011-02-281-3/+3
| | | | Also add a "bare" create request function.
* Time out on connect and break event loop on errors.Linus Nordberg2011-02-251-0/+48
|
* Get rid of loopbreak as a mean for signalling successful packet handling.Linus Nordberg2011-02-251-29/+14
| | | | | | | | | | | | | In blocking mode, breaking the event loop with loopbreak will probably be needed for exceptions like timeout so we shouldn't use it for breaking the loop and signalling success. In the user callbaks used in blocking mode (_rcb and _wcb), disable read and write events on the event buffer. This will stop the loop. Also, set a flag in the packet struct to signal success. In the "low level callbacks" (_read_cb and _write_cb), enable read or write, accordingly.
* Config file changes and small API changes.Linus Nordberg2011-02-241-61/+105
| | | | | | | | 'timeout' and 'tries' move from 'server' stanza to top. 'tries' is now 'retries'. Moving around in internal data structs, making struct peer strictly config. Bug fixes in configuration code. Adding some more cleanup code, freeing allocated memory (still not done!).
* Report SSL errors with error string rather than an integer.Linus Nordberg2011-02-201-1/+1
|
* Improve protocol robustness and invoke user callbacks.Linus Nordberg2011-02-191-142/+270
| | | | | | | | | | | | All aborts are removed, as well as all asserts which aren't programming errors. When an invalid packet is received, the connection is closed, as per draft-ietf-radext-tcp-transport-08 (2.6.4). Use new rs_debug() macro rather than fprintf() for debug printouts. Coding style overhaul.
* Merge branch 'libradsec' of /tmp/radsecproxy into libradsecLinus Nordberg2011-02-151-1/+1
|\
| * Include debug.h regardless if DEBUG -- rs_debug needs to be declared.Linus Nordberg2011-02-151-1/+1
| |
* | Add comments.Linus Nordberg2011-02-151-1/+3
|/
* Handle more read, write and packet verification errors.Linus Nordberg2011-02-041-42/+75
| | | | Still some aborts left.
* Add and use rs_debug() instead of fprintf to stderr.Linus Nordberg2011-02-041-9/+8
|
* Don't consume sent packets.Linus Nordberg2011-02-041-2/+0
| | | | | | | A sent packet is a fine thing to have when you're verifying the Response Authenticator. We could solve this by having an upper layer saving only the Request Authenticator somewhere instead the whole packet and we might just do that at some point which is not now.
* API breakage -- rename rs_packet_create_acc_request().linus2011-01-211-33/+33
|
* Improve error message.linus2011-01-201-1/+1
| | | | | Differentiate between an invalid connection type string in config file when parsing and unknown connection type (number) when connecting.
* Cosmetic changes.linus2011-01-171-1/+1
|
* Remove spurious comment.Linus Nordberg2010-11-111-1/+0
|
* Build even when not configured with `--enable-tls'.Linus Nordberg2010-11-111-1/+5
|
* Bringing up TLS connections working.Linus Nordberg2010-11-111-4/+58
| | | | | | | NOTE: Clean up of resources not yet sane. Expect resource leakages. NOTE: Most failure cases are not handled properly. With the wind at your back and the sun shining, it might work.
* Merge branch 'merge-luke' into libradsecLinus Nordberg2010-10-111-35/+94
|\ | | | | | | | | | | 8a676ab Robustness fixes (and some callback invocation) by Luke Howard. ff55882 Request object implementation and bug fixes by Luke Howard. 06936d1 Have rad_decode() verify responses.
| * Have rad_decode() verify responses.Luke Howard2010-10-111-5/+36
| |
| * Request object implementation and bug fixes by Luke Howard.Linus Nordberg2010-10-111-26/+38
| |
| * Compile again after bad fixes.Linus Nordberg2010-10-101-5/+4
| |
| * Robustness fixes (and some callback invocation) by Luke Howard.Linus Nordberg2010-10-101-8/+31
| | | | | | | | | | | | | | | | | | | | | | | | * lib/packet.c (_packet_create): Set packet identity properly. (_do_send): Return an int. (_do_send): Don't ignore rad_encode() errors. (_do_send): Do invoke rad_sign(). (_event_cb): Invoke callbacks. (_event_cb): Honour _do_send() return code. (_read_cb): Check packet (by invoking rad_packet_ok()). (_read_cb): Don't ignore rad_decode() errors. (_read_cb): Invoke callbacks.
* | Don't require username & pw in rs_packet_create_acc_request().Linus Nordberg2010-10-101-7/+14
|/