| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
rs_packet_create_authn_request() now uses rs_packet_add_avp() instead
of rs_packet_append_avp() which makes it possible to create a
authentication packet without knowing the shared secret.
Calling rs_packet_add_avp() on a packet is incompatible with using
rs_packet_append_avp() on the same packet but since
rs_packet_create_authn_request() adds attribute-value pairs for user
name and password only if those arguments are supplied, code that
doesn't use user name and password (i.e. mech_eap) should still be
fine.
|
|
|
|
|
|
|
| |
This reverts commit 09d1cff2418a900b587b2113f508984f2417cc11.
Conflicts:
lib/include/radsec/request.h
|
| |
|
|
|
|
| |
And distribute LICENSE and HACKING.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The functions are rs_packet_create_authn_request() and
rs_request_create_authn().
Attributes of type PW_USER_PASSWORD are supposed to be MD5
obfuscated (see vp2data_any()).
NOTE: This is a non-backward compatible API change.
|
|\ |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
| |
We used to resolve DNS names when reading configuration. We now do it
in event_init_socket() and cache the result in the connection object.
The imminent need for changing this is to keep host names around for
X509 certificate verification (CNAME and subjectAltName). This will
also help later when we implement server failover (and later, when
people want to do more dynamic configuration, f.ex. NAPTR).
|
| |
|
|
|
|
|
|
|
| |
A new API for attributes will be added once we've decided how to deal
with RADIUS packets internally. For now, removing the half baked
wrapping seems more sensible than trying to free rs_attr objects and
their VALUE_PAIR's.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For UDP, activate retransmit timer before receiving rather than
sending makes the event loop break nicely after sending a message
(which is important for blocking mode). Not quite sure that this is
really accurate wrt to retransmission timing though but it should do
for now.
For UDP, set the user_data member for the read callback in
rs_conn_receive_packet -- the one from udp_init() doesn't do much good
now.
For UDP, implement receiving message.
Add compat_recv().
|
|
|
|
|
| |
Retransmiting the packet showed that we added another
Message-Authenticator attribute every time we sent it.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the user_dispatch_flag on connections with
conn_user_dispatch_p().
Remove the 'original' member from packet and instead have an upper
layer verify.
Rename packet valid_flag --> received_flag to reflect that we don't
verify.
Move _close_conn() --> conn_close().
Move packet flags into a single unsigned int, for portability.
(_read_packet): Don't verify packet.
(rs_conn_receive_packet): Don't touch PKT_OUT if there isn't a packet.
(rs_conn_receive_packet): Verify packet using packet_verify_response().
|
|
|
|
| |
Also, move copyright notice out of COPYING and into every file.
|
|
|
|
| |
Sending, no retransmitting and no receiving.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Split timeout errors in connecting and I/O.
|
|
|
|
| |
RSE_NOSYS doesn't need a string.
|
|
|
|
|
| |
Remove RSE_SOME_ERROR.
rs_tls_init: Push SSL error stack on libradsec error stack.
|
|
|
|
| |
Also add a "bare" create request function.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In blocking mode, breaking the event loop with loopbreak will probably
be needed for exceptions like timeout so we shouldn't use it for
breaking the loop and signalling success.
In the user callbaks used in blocking mode (_rcb and _wcb), disable
read and write events on the event buffer. This will stop the loop.
Also, set a flag in the packet struct to signal success.
In the "low level callbacks" (_read_cb and _write_cb), enable read or
write, accordingly.
|
|
|
|
|
|
|
|
| |
'timeout' and 'tries' move from 'server' stanza to top. 'tries' is
now 'retries'.
Moving around in internal data structs, making struct peer strictly config.
Bug fixes in configuration code.
Adding some more cleanup code, freeing allocated memory (still not done!).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All aborts are removed, as well as all asserts which aren't
programming errors.
When an invalid packet is received, the connection is closed, as per
draft-ietf-radext-tcp-transport-08 (2.6.4).
Use new rs_debug() macro rather than fprintf() for debug printouts.
Coding style overhaul.
|
|\ |
|
| | |
|
|/ |
|
|
|
|
| |
Still some aborts left.
|
| |
|
|
|
|
|
|
|
| |
A sent packet is a fine thing to have when you're verifying the
Response Authenticator. We could solve this by having an upper layer
saving only the Request Authenticator somewhere instead the whole
packet and we might just do that at some point which is not now.
|
| |
|
|
|
|
|
| |
Differentiate between an invalid connection type string in config file
when parsing and unknown connection type (number) when connecting.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
NOTE: Clean up of resources not yet sane. Expect resource leakages.
NOTE: Most failure cases are not handled properly. With the wind at
your back and the sun shining, it might work.
|
|\
| |
| |
| |
| |
| | |
8a676ab Robustness fixes (and some callback invocation) by Luke Howard.
ff55882 Request object implementation and bug fixes by Luke Howard.
06936d1 Have rad_decode() verify responses.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* lib/packet.c (_packet_create): Set packet identity properly.
(_do_send): Return an int.
(_do_send): Don't ignore rad_encode() errors.
(_do_send): Do invoke rad_sign().
(_event_cb): Invoke callbacks.
(_event_cb): Honour _do_send() return code.
(_read_cb): Check packet (by invoking rad_packet_ok()).
(_read_cb): Don't ignore rad_decode() errors.
(_read_cb): Invoke callbacks.
|
|/ |
|