From 93894efe339664a9bf5ed19b13995bd3e8aabff7 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 23 Jan 2013 16:18:26 +0100 Subject: Handle case where config hasn't yet been read better. Don't segfault is a good start. --- lib/conf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/conf.c b/lib/conf.c index 14b7579..8ad0a45 100644 --- a/lib/conf.c +++ b/lib/conf.c @@ -241,9 +241,11 @@ struct rs_realm * rs_conf_find_realm(struct rs_context *ctx, const char *name) { struct rs_realm *r; + assert (ctx); - for (r = ctx->config->realms; r; r = r->next) - if (strcmp (r->name, name) == 0) + if (ctx->config) + for (r = ctx->config->realms; r; r = r->next) + if (strcmp (r->name, name) == 0) return r; return NULL; -- cgit v1.1 From 54ca8b0dc915b6fac25de9d7cdaf6154dbbb27da Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 23 Jan 2013 18:26:12 +0100 Subject: New demo CA for tests. Update examples config file accordingly. --- lib/examples/client.conf | 12 +++---- lib/tests/demoCA/index.txt | 6 ++-- lib/tests/demoCA/newcerts/01.pem | 64 +++++++++++++++++--------------------- lib/tests/demoCA/newcerts/02.pem | 61 ++++++++++++++++++------------------ lib/tests/demoCA/newcerts/03.pem | 61 ++++++++++++++++++------------------ lib/tests/demoCA/private/c2key.pem | 9 ------ lib/tests/demoCA/private/c3key.pem | 9 ------ lib/tests/demoCA/private/cakey.pem | 14 ++++----- 8 files changed, 105 insertions(+), 131 deletions(-) delete mode 100644 lib/tests/demoCA/private/c2key.pem delete mode 100644 lib/tests/demoCA/private/c3key.pem diff --git a/lib/examples/client.conf b/lib/examples/client.conf index bf57434..1540bbe 100644 --- a/lib/examples/client.conf +++ b/lib/examples/client.conf @@ -14,14 +14,14 @@ realm blocking-tls { timeout = 1 retries = 3 cacertfile = "tests/demoCA/newcerts/01.pem" - certfile = "tests/demoCA/newcerts/02.pem" - certkeyfile = "tests/demoCA/private/c2key.pem" + certfile = "tests/demoCA/newcerts/03.pem" + certkeyfile = "tests/demoCA/private/cli1.key" #pskstr = "sikrit psk" - pskhexstr = "deadbeef4711" - pskid = "Client_identity" - pskex = "PSK" + #pskhexstr = "deadbeef4711" + #pskid = "Client_identity" + #pskex = "PSK" server { - hostname = "localhost" + hostname = "srv1" service = "2083" secret = "sikrit" } diff --git a/lib/tests/demoCA/index.txt b/lib/tests/demoCA/index.txt index d28b575..51f934f 100644 --- a/lib/tests/demoCA/index.txt +++ b/lib/tests/demoCA/index.txt @@ -1,3 +1,3 @@ -V 240216122242Z 01 unknown /C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus CA for testing libradsec -V 240216123520Z 02 unknown /C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus Certificate for testing libradsec -V 240216150052Z 03 unknown /C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus Client Certificate for testing libradsec +V 250806115449Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ca +V 250806115457Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=srv1 +V 250806115504Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=cli1 diff --git a/lib/tests/demoCA/newcerts/01.pem b/lib/tests/demoCA/newcerts/01.pem index 79fa539..29cb5ee 100644 --- a/lib/tests/demoCA/newcerts/01.pem +++ b/lib/tests/demoCA/newcerts/01.pem @@ -2,51 +2,45 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Validity - Not Before: Mar 25 12:22:42 2011 GMT - Not After : Feb 16 12:22:42 2024 GMT - Subject: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Not Before: Sep 12 11:54:49 2012 GMT + Not After : Aug 6 11:54:49 2025 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (512 bit) - Modulus (512 bit): - 00:aa:27:7d:3b:29:12:1e:39:8d:9f:43:ad:ae:83: - 6f:22:88:08:07:92:b9:1d:d4:88:5f:58:b9:76:ec: - 4a:e9:c9:6a:73:ed:70:66:5e:6f:dc:02:15:9f:dd: - 7a:5f:cc:3b:98:8a:27:b1:f5:98:fb:6b:c7:ab:5e: - 5e:ea:3c:c4:5f + Public-Key: (512 bit) + Modulus: + 00:eb:9e:52:bf:1a:7c:32:63:9f:96:80:71:f1:98: + 87:90:97:f1:7a:4a:81:6d:66:7e:8e:7c:50:5f:f9: + 6e:94:1a:b0:7b:46:87:b5:9e:23:48:04:ad:f3:55: + a1:f9:31:50:a1:10:ab:ca:ba:70:ac:58:95:4e:9d: + 3a:2b:52:36:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 + 11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 X509v3 Authority Key Identifier: - keyid:5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 - DirName:/C=SE/ST=Bogus State/O=Bogus Ltd/OU=Bogus/CN=My Bogus CA for testing libradsec - serial:01 + keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 18:a2:21:92:a6:2a:e0:a4:4d:57:c0:89:94:5c:b0:26:64:f8: - b1:0c:97:f8:cd:d5:af:c8:38:3e:a3:68:47:82:e1:a6:2e:63: - 97:4d:c0:79:f5:9a:ff:38:67:10:d6:22:61:44:89:84:50:85: - ee:38:87:6d:4f:06:10:36:33:39 + 15:12:3b:79:3d:61:d2:c7:d2:a8:0c:df:82:ea:66:76:26:cb: + ab:b5:83:a3:52:a0:23:1a:a9:92:8e:93:41:f7:6c:3f:8a:2c: + bd:32:3d:70:3f:b6:fd:f2:37:50:0a:66:8c:1c:44:bf:ef:50: + 24:33:bd:48:47:04:ee:8c:61:88 -----BEGIN CERTIFICATE----- -MIICqDCCAlKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJTRTEU -MBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEOMAwGA1UE -CxMFQm9ndXMxKjAoBgNVBAMTIU15IEJvZ3VzIENBIGZvciB0ZXN0aW5nIGxpYnJh -ZHNlYzAeFw0xMTAzMjUxMjIyNDJaFw0yNDAyMTYxMjIyNDJaMHMxCzAJBgNVBAYT -AlNFMRQwEgYDVQQIEwtCb2d1cyBTdGF0ZTESMBAGA1UEChMJQm9ndXMgTHRkMQ4w -DAYDVQQLEwVCb2d1czEqMCgGA1UEAxMhTXkgQm9ndXMgQ0EgZm9yIHRlc3Rpbmcg -bGlicmFkc2VjMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKonfTspEh45jZ9Dra6D -byKICAeSuR3UiF9YuXbsSunJanPtcGZeb9wCFZ/del/MO5iKJ7H1mPtrx6teXuo8 -xF8CAwEAAaOB0DCBzTAdBgNVHQ4EFgQUWpu66Kab6XhzHguDAEmURhOcHIkwgZ0G -A1UdIwSBlTCBkoAUWpu66Kab6XhzHguDAEmURhOcHImhd6R1MHMxCzAJBgNVBAYT -AlNFMRQwEgYDVQQIEwtCb2d1cyBTdGF0ZTESMBAGA1UEChMJQm9ndXMgTHRkMQ4w -DAYDVQQLEwVCb2d1czEqMCgGA1UEAxMhTXkgQm9ndXMgQ0EgZm9yIHRlc3Rpbmcg -bGlicmFkc2VjggEBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADQQAYoiGS -pirgpE1XwImUXLAmZPixDJf4zdWvyDg+o2hHguGmLmOXTcB59Zr/OGcQ1iJhRImE -UIXuOIdtTwYQNjM5 +MIIB5TCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU0NDlaFw0yNTA4MDYxMTU0 +NDlaMFIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK +DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAMMAmNhMFwwDQYJKoZI +hvcNAQEBBQADSwAwSAJBAOueUr8afDJjn5aAcfGYh5CX8XpKgW1mfo58UF/5bpQa +sHtGh7WeI0gErfNVofkxUKEQq8q6cKxYlU6dOitSNt8CAwEAAaNQME4wHQYDVR0O +BBYEFBFXQAvwMy+uwtqkOgC66TSzdSAFMB8GA1UdIwQYMBaAFBFXQAvwMy+uwtqk +OgC66TSzdSAFMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADQQAVEjt5PWHS +x9KoDN+C6mZ2JsurtYOjUqAjGqmSjpNB92w/iiy9Mj1wP7b98jdQCmaMHES/71Ak +M71IRwTujGGI -----END CERTIFICATE----- diff --git a/lib/tests/demoCA/newcerts/02.pem b/lib/tests/demoCA/newcerts/02.pem index 4345003..2e1cccb 100644 --- a/lib/tests/demoCA/newcerts/02.pem +++ b/lib/tests/demoCA/newcerts/02.pem @@ -2,21 +2,21 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Validity - Not Before: Mar 25 12:35:20 2011 GMT - Not After : Feb 16 12:35:20 2024 GMT - Subject: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus Certificate for testing libradsec + Not Before: Sep 12 11:54:57 2012 GMT + Not After : Aug 6 11:54:57 2025 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=srv1 Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (512 bit) - Modulus (512 bit): - 00:c3:e5:16:74:47:84:bb:26:bc:50:fe:dc:b5:70: - 21:ad:21:b6:ff:cb:ac:b2:24:9e:08:75:39:5d:ba: - f4:b1:59:f6:a8:14:02:62:c3:68:6d:f2:08:9b:fe: - 66:5c:72:92:16:04:60:b5:08:83:66:28:3b:46:f0: - cf:95:37:b7:d7 + Public-Key: (512 bit) + Modulus: + 00:ac:21:78:6f:cb:1c:10:c2:71:7b:72:03:e3:4b: + b2:c7:f6:63:3f:69:d3:d3:48:e0:90:16:0f:5a:44: + f5:9c:ed:b9:6b:72:be:11:6e:26:09:32:0c:51:25: + 10:35:fe:a0:33:fe:cf:90:9f:2c:8b:3a:c5:98:86: + c2:a9:5c:ba:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -24,27 +24,26 @@ Certificate: Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: - 89:23:42:95:2B:52:A4:77:FC:5E:59:CA:8D:E0:30:AF:D3:B5:C3:C2 + 08:13:6F:A0:93:47:21:31:9F:02:79:A5:CF:24:4A:D1:0B:A7:10:09 X509v3 Authority Key Identifier: - keyid:5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 + keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 Signature Algorithm: sha1WithRSAEncryption - 60:71:c8:00:ba:88:67:97:75:97:0a:f7:77:70:7d:dc:91:24: - 35:5b:ce:5b:cf:24:00:9b:d1:8f:f0:63:58:76:24:f3:67:06: - a3:ad:e3:43:13:30:d0:d4:62:64:d5:78:4a:aa:9c:13:bc:ea: - 7c:99:8e:5f:b6:c6:5f:11:0d:c9 + 2c:7e:61:65:48:cc:46:50:58:cc:9d:1b:b2:e7:2d:2b:72:e2: + a1:2f:2c:14:35:4d:b8:42:87:66:57:77:c4:02:17:fa:3c:db: + 83:3f:89:37:ae:f8:e9:00:fe:96:d8:4b:80:63:db:08:7a:c6: + e1:c7:59:ec:d9:76:4a:be:1a:19 -----BEGIN CERTIFICATE----- -MIICWzCCAgWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJTRTEU -MBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEOMAwGA1UE -CxMFQm9ndXMxKjAoBgNVBAMTIU15IEJvZ3VzIENBIGZvciB0ZXN0aW5nIGxpYnJh -ZHNlYzAeFw0xMTAzMjUxMjM1MjBaFw0yNDAyMTYxMjM1MjBaMHwxCzAJBgNVBAYT -AlNFMRQwEgYDVQQIEwtCb2d1cyBTdGF0ZTESMBAGA1UEChMJQm9ndXMgTHRkMQ4w -DAYDVQQLEwVCb2d1czEzMDEGA1UEAxMqTXkgQm9ndXMgQ2VydGlmaWNhdGUgZm9y -IHRlc3RpbmcgbGlicmFkc2VjMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMPlFnRH -hLsmvFD+3LVwIa0htv/LrLIkngh1OV269LFZ9qgUAmLDaG3yCJv+ZlxykhYEYLUI -g2YoO0bwz5U3t9cCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd -T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIkjQpUrUqR3 -/F5Zyo3gMK/TtcPCMB8GA1UdIwQYMBaAFFqbuuimm+l4cx4LgwBJlEYTnByJMA0G -CSqGSIb3DQEBBQUAA0EAYHHIALqIZ5d1lwr3d3B93JEkNVvOW88kAJvRj/BjWHYk -82cGo63jQxMw0NRiZNV4SqqcE7zqfJmOX7bGXxENyQ== +MIICEjCCAbygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU0NTdaFw0yNTA4MDYxMTU0 +NTdaMFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK +DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBHNydjEwXDANBgkq +hkiG9w0BAQEFAANLADBIAkEArCF4b8scEMJxe3ID40uyx/ZjP2nT00jgkBYPWkT1 +nO25a3K+EW4mCTIMUSUQNf6gM/7PkJ8sizrFmIbCqVy6pwIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUCBNvoJNHITGfAnmlzyRK0QunEAkwHwYDVR0jBBgwFoAU +EVdAC/AzL67C2qQ6ALrpNLN1IAUwDQYJKoZIhvcNAQEFBQADQQAsfmFlSMxGUFjM +nRuy5y0rcuKhLywUNU24QodmV3fEAhf6PNuDP4k3rvjpAP6W2EuAY9sIesbhx1ns +2XZKvhoZ -----END CERTIFICATE----- diff --git a/lib/tests/demoCA/newcerts/03.pem b/lib/tests/demoCA/newcerts/03.pem index ab42785..d07be19 100644 --- a/lib/tests/demoCA/newcerts/03.pem +++ b/lib/tests/demoCA/newcerts/03.pem @@ -2,21 +2,21 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus CA for testing libradsec + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca Validity - Not Before: Mar 25 15:00:52 2011 GMT - Not After : Feb 16 15:00:52 2024 GMT - Subject: C=SE, ST=Bogus State, O=Bogus Ltd, OU=Bogus, CN=My Bogus Client Certificate for testing libradsec + Not Before: Sep 12 11:55:04 2012 GMT + Not After : Aug 6 11:55:04 2025 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=cli1 Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (512 bit) - Modulus (512 bit): - 00:ae:ba:06:81:e2:7c:a8:ee:4e:fa:46:a3:dd:c7: - d4:f8:33:80:c0:43:09:bd:a7:7d:59:4a:c8:af:3f: - 07:54:72:4c:b1:ac:2e:53:5a:c0:b6:6c:06:55:97: - 55:36:cb:fc:7d:5d:c1:c1:97:95:52:a7:a8:da:b0: - b3:3a:0d:b7:87 + Public-Key: (512 bit) + Modulus: + 00:99:7b:86:e0:46:de:f1:69:10:97:f8:4e:78:c8: + ee:c2:c8:65:64:90:72:dd:51:4f:c6:58:78:49:07: + 61:b9:ed:0a:77:7b:d2:6a:c3:49:e5:91:6c:bf:78: + d0:fc:8a:5c:80:1a:b0:03:28:b2:ea:e8:c8:a0:b6: + be:a1:42:30:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -24,27 +24,26 @@ Certificate: Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: - 70:83:4E:39:98:5A:B6:8E:C7:18:95:57:E9:44:BC:26:0F:78:95:45 + 10:17:90:80:D8:B0:7E:91:91:13:32:27:8C:EF:A6:DE:9F:C1:C4:A7 X509v3 Authority Key Identifier: - keyid:5A:9B:BA:E8:A6:9B:E9:78:73:1E:0B:83:00:49:94:46:13:9C:1C:89 + keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 Signature Algorithm: sha1WithRSAEncryption - 72:ea:52:71:bf:6e:9c:de:0d:3a:e7:18:ed:21:46:37:3a:d4: - 7f:21:ff:21:6a:09:fd:4e:fa:85:0a:fb:46:b5:2d:53:3a:25: - 2d:40:44:ee:48:81:9d:6d:5e:cf:20:aa:a1:e8:a7:22:d5:ae: - 58:35:92:ea:bb:b5:a6:f7:29:5c + b1:08:87:88:7d:90:78:01:da:4a:e7:be:82:22:3f:58:07:f7: + 46:a9:9a:42:a4:88:d9:b8:6a:69:bf:cb:d0:39:2d:c9:49:06: + fa:31:80:66:17:32:cc:e8:ae:36:9c:c1:d5:ae:6d:3c:eb:72: + 77:55:92:fa:ab:f5:a3:bc:19:2d -----BEGIN CERTIFICATE----- -MIICYzCCAg2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJTRTEU -MBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEOMAwGA1UE -CxMFQm9ndXMxKjAoBgNVBAMTIU15IEJvZ3VzIENBIGZvciB0ZXN0aW5nIGxpYnJh -ZHNlYzAeFw0xMTAzMjUxNTAwNTJaFw0yNDAyMTYxNTAwNTJaMIGDMQswCQYDVQQG -EwJTRTEUMBIGA1UECBMLQm9ndXMgU3RhdGUxEjAQBgNVBAoTCUJvZ3VzIEx0ZDEO -MAwGA1UECxMFQm9ndXMxOjA4BgNVBAMTMU15IEJvZ3VzIENsaWVudCBDZXJ0aWZp -Y2F0ZSBmb3IgdGVzdGluZyBsaWJyYWRzZWMwXDANBgkqhkiG9w0BAQEFAANLADBI -AkEArroGgeJ8qO5O+kaj3cfU+DOAwEMJvad9WUrIrz8HVHJMsawuU1rAtmwGVZdV -Nsv8fV3BwZeVUqeo2rCzOg23hwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG -+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU -cINOOZhato7HGJVX6US8Jg94lUUwHwYDVR0jBBgwFoAUWpu66Kab6XhzHguDAEmU -RhOcHIkwDQYJKoZIhvcNAQEFBQADQQBy6lJxv26c3g065xjtIUY3OtR/If8hagn9 -TvqFCvtGtS1TOiUtQETuSIGdbV7PIKqh6Kci1a5YNZLqu7Wm9ylc +MIICEjCCAbygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU1MDRaFw0yNTA4MDYxMTU1 +MDRaMFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK +DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBGNsaTEwXDANBgkq +hkiG9w0BAQEFAANLADBIAkEAmXuG4Ebe8WkQl/hOeMjuwshlZJBy3VFPxlh4SQdh +ue0Kd3vSasNJ5ZFsv3jQ/IpcgBqwAyiy6ujIoLa+oUIwXQIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUEBeQgNiwfpGREzInjO+m3p/BxKcwHwYDVR0jBBgwFoAU +EVdAC/AzL67C2qQ6ALrpNLN1IAUwDQYJKoZIhvcNAQEFBQADQQCxCIeIfZB4AdpK +576CIj9YB/dGqZpCpIjZuGppv8vQOS3JSQb6MYBmFzLM6K42nMHVrm0863J3VZL6 +q/WjvBkt -----END CERTIFICATE----- diff --git a/lib/tests/demoCA/private/c2key.pem b/lib/tests/demoCA/private/c2key.pem deleted file mode 100644 index 6b0c1ee..0000000 --- a/lib/tests/demoCA/private/c2key.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOQIBAAJBAMPlFnRHhLsmvFD+3LVwIa0htv/LrLIkngh1OV269LFZ9qgUAmLD -aG3yCJv+ZlxykhYEYLUIg2YoO0bwz5U3t9cCAwEAAQJAZtVEg0fj2mbMJmyTqb8y -PnNbYE4n2uA0AVagBZ8Vwl7+rV84tSxXqfZt+G+I9iIwdGZzw9PKEgITX802MTjx -cQIhAPJmBKucvt8d/a9BjvWaOT51anzWBiG+2FJ3dsM9t1+vAiEAzuMPCITPXNlL -1frMDuqqcY8XuEN4Drru/Bs/ChlIzFkCIQDuge1Ugt3YoiTsniAxj7eFuni2Ls1H -xQYLVtr3zzEwpwIfTMX1zjN6v/njKoTnNKHgnkN7ieV/p/e2t9dkjVrUqQIgYzK1 -atYmygSrgsaPkwpYXNVrNBJmBDJpd68pb59wM2Y= ------END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/c3key.pem b/lib/tests/demoCA/private/c3key.pem deleted file mode 100644 index 21b8b3b..0000000 --- a/lib/tests/demoCA/private/c3key.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK66BoHifKjuTvpGo93H1PgzgMBDCb2nfVlKyK8/B1RyTLGsLlNa -wLZsBlWXVTbL/H1dwcGXlVKnqNqwszoNt4cCAwEAAQJAWnD6G1Mj2cF46f2UpqDg -cRUfqOVKbnv62zRliqiiX6fqpGV85mIcBKzh2GhqtL9xxdFSa7MXxllsKQ5M+EkF -kQIhAOY0HjDtlknbkXCUJyBeOdJsw8F7RaeEdjBOlUMCuQwpAiEAwk5u7RsIy3m3 -TRiAFVpqOWuFZ6WB+0Hsx13tOS7AHC8CIF6iwl6e7Y/DYhED9unJkr+80uTxhnsN -a4EEbTw1HFmxAiA1rOUHqsgrLVxtd68qNufRJNqdXyMg/X0jNdcqTLfVEQIhAKYP -+3yM6TAtaTu+lSdhqQokBp77Reco0hYkLkRm3aPO ------END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/cakey.pem b/lib/tests/demoCA/private/cakey.pem index 6c60bc7..e7df9d0 100644 --- a/lib/tests/demoCA/private/cakey.pem +++ b/lib/tests/demoCA/private/cakey.pem @@ -1,9 +1,9 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOwIBAAJBAKonfTspEh45jZ9Dra6DbyKICAeSuR3UiF9YuXbsSunJanPtcGZe -b9wCFZ/del/MO5iKJ7H1mPtrx6teXuo8xF8CAwEAAQJASypsqPDIvy9ff6avF/OZ -6aA8I9ROEH5ty+ju7TkPEt0dgtcA20m20FtbkKuv1ymEAQk2DbfibWgVfu8NtXia -gQIhAN04azjSAO94wlahTblo9NOe3Sl9VoSju/P2vPZhMbufAiEAxOfIdv7eUYxW -tfdF58H6R5SKt/PJ3f5ofIAcIMqQP0ECIGTacdeHtjF2xnKkO0EKHoPT61Qc9jKm -SuvgUymoCfpVAiEAigtdlV9ViaJz4Bq9nZ920dwn7JMzwTjtE+vUzIB25IECIQC4 -Hp8D00gBVlUgW0OlpmA3PWa3TfkEL3pghZqgeYZzXA== +MIIBOgIBAAJBAOueUr8afDJjn5aAcfGYh5CX8XpKgW1mfo58UF/5bpQasHtGh7We +I0gErfNVofkxUKEQq8q6cKxYlU6dOitSNt8CAwEAAQJAR+SmQPN24/Ur88M7gUlW +TBNgtjzXoyb8BMP/zlkQmZW5Tcv1xCa1UwK33u2wSmhSNP6zA1QrC2d2pv/7XZEp +wQIhAPpf2QuEooR5BPrvDiAVPlKp31EROrZOiOV5hbV1Kzx/AiEA8OmZZrvgrdQu +3PKRLfxD11NKf0yhC+7WdVWguYZ1VaECIF99XMcyz9TcXxThRa7gy0M1vJErlAvh +yf5TKba6OEI7AiBpNctdl11G7OxOZ8zJZWsHRYO6Vm/as0KLWYromvTxIQIhAK0c +r+G23R+dHDUdNEBSi6G74dbaJqaA8LsVr9w9m5gY -----END RSA PRIVATE KEY----- -- cgit v1.1 From 683e3e1bbbdfe2f08dc12f1e840e71ed6088a0e3 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 24 Jan 2013 08:32:23 +0100 Subject: Rename rs_packet_flags members. Uppercase to make them appear as the constants they are, as opposed to variables. Remove 'flag' suffix, typically used for variables. Spell out HEADER. --- lib/conn.c | 6 +++--- lib/include/radsec/radsec-impl.h | 6 +++--- lib/send.c | 4 ++-- lib/tcp.c | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/conn.c b/lib/conn.c index c6692a2..09a1ac0 100644 --- a/lib/conn.c +++ b/lib/conn.c @@ -207,7 +207,7 @@ _rcb (struct rs_packet *packet, void *user_data) assert (pkt); assert (pkt->conn); - pkt->flags |= rs_packet_received_flag; + pkt->flags |= RS_PACKET_RECEIVED; if (pkt->conn->bev) bufferevent_disable (pkt->conn->bev, EV_WRITE|EV_READ); else @@ -234,7 +234,7 @@ rs_conn_receive_packet (struct rs_connection *conn, conn->callbacks.received_cb = _rcb; conn->user_data = pkt; - pkt->flags &= ~rs_packet_received_flag; + pkt->flags &= ~RS_PACKET_RECEIVED; if (conn->bev) /* TCP. */ { @@ -267,7 +267,7 @@ rs_conn_receive_packet (struct rs_connection *conn, evutil_gai_strerror (err)); rs_debug (("%s: event loop done\n", __func__)); - if ((pkt->flags & rs_packet_received_flag) == 0 + if ((pkt->flags & RS_PACKET_RECEIVED) == 0 || (req_msg && packet_verify_response (pkt->conn, pkt, req_msg) != RSE_OK)) { diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index a4d97f0..6c02dcf 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -116,9 +116,9 @@ struct rs_connection { }; enum rs_packet_flags { - rs_packet_hdr_read_flag, - rs_packet_received_flag, - rs_packet_sent_flag, + RS_PACKET_HEADER_READ, + RS_PACKET_RECEIVED, + RS_PACKET_SENT, }; struct radius_packet; diff --git a/lib/send.c b/lib/send.c index 6b887c5..e58b42c 100644 --- a/lib/send.c +++ b/lib/send.c @@ -67,7 +67,7 @@ _wcb (void *user_data) { struct rs_packet *pkt = (struct rs_packet *) user_data; assert (pkt); - pkt->flags |= rs_packet_sent_flag; + pkt->flags |= RS_PACKET_SENT; if (pkt->conn->bev) bufferevent_disable (pkt->conn->bev, EV_WRITE|EV_READ); else @@ -127,7 +127,7 @@ rs_packet_send (struct rs_packet *pkt, void *user_data) conn->callbacks.sent_cb = NULL; conn->user_data = NULL; - if ((pkt->flags & rs_packet_sent_flag) == 0) + if ((pkt->flags & RS_PACKET_SENT) == 0) { assert (rs_err_conn_peek_code (conn)); return rs_err_conn_peek_code (conn); diff --git a/lib/tcp.c b/lib/tcp.c index 588d046..e2e9feb 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -34,7 +34,7 @@ _read_header (struct rs_packet *pkt) n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN); if (n == RS_HEADER_LEN) { - pkt->flags |= rs_packet_hdr_read_flag; + pkt->flags |= RS_PACKET_HEADER_READ; pkt->rpkt->length = (pkt->hdr[2] << 8) + pkt->hdr[3]; if (pkt->rpkt->length < 20 || pkt->rpkt->length > RS_MAX_PACKET_LEN) { @@ -89,7 +89,7 @@ _read_packet (struct rs_packet *pkt) { bufferevent_disable (pkt->conn->bev, EV_READ); rs_debug (("%s: complete packet read\n", __func__)); - pkt->flags &= ~rs_packet_hdr_read_flag; + pkt->flags &= ~RS_PACKET_HEADER_READ; memset (pkt->hdr, 0, sizeof(*pkt->hdr)); /* Checks done by rad_packet_ok: @@ -155,7 +155,7 @@ tcp_read_cb (struct bufferevent *bev, void *user_data) Room for improvement: Peek inside buffer (evbuffer_copyout()) to avoid the extra copying. */ - if ((pkt->flags & rs_packet_hdr_read_flag) == 0) + if ((pkt->flags & RS_PACKET_HEADER_READ) == 0) if (_read_header (pkt)) return; /* Error. */ _read_packet (pkt); -- cgit v1.1 From 9b24cd55e1c62e092ab9437774a1a51368309809 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 24 Jan 2013 12:44:19 +0100 Subject: Add missing key files to demoCA. --- lib/tests/demoCA/private/cli1.key | 9 +++++++++ lib/tests/demoCA/private/srv1.key | 9 +++++++++ 2 files changed, 18 insertions(+) create mode 100644 lib/tests/demoCA/private/cli1.key create mode 100644 lib/tests/demoCA/private/srv1.key diff --git a/lib/tests/demoCA/private/cli1.key b/lib/tests/demoCA/private/cli1.key new file mode 100644 index 0000000..09381f1 --- /dev/null +++ b/lib/tests/demoCA/private/cli1.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBAJl7huBG3vFpEJf4TnjI7sLIZWSQct1RT8ZYeEkHYbntCnd70mrD +SeWRbL940PyKXIAasAMosuroyKC2vqFCMF0CAwEAAQJAEozki1zle0YYlFWVnnGi +sfYokxQGXguC2dU9jI4Q2LjGut6mVx/zLIU59BS4nUq2aYHg0hxwwzOba92c0lT/ +HQIhAMp0+k7FtDdRQzIaDzeEY6MYyLhhhukhI3xpyXYVuyx7AiEAwhLQl6hYlsgh +78CzTAhAdbheAwIQWyvY7XjKzxdpGwcCIG/hr0YC2bHMNZ8laY1bmxhRpPLH6p9A +0fR6HXwlTDerAiA1y21SfHGB6huuD2Yjry3e86nrf4j1HKRWvuLIoJ6bxQIgWmyj +YOSFsaBwj9ptkY0d4H84SDHnt7GRypm0/98OSg8= +-----END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/srv1.key b/lib/tests/demoCA/private/srv1.key new file mode 100644 index 0000000..284f1e1 --- /dev/null +++ b/lib/tests/demoCA/private/srv1.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAKwheG/LHBDCcXtyA+NLssf2Yz9p09NI4JAWD1pE9ZztuWtyvhFu +JgkyDFElEDX+oDP+z5CfLIs6xZiGwqlcuqcCAwEAAQJAbviJF7GfH2LsHISt4vyr +fuTmqTxF1wI13E6MiUrJ+eftT7Hq1Wq6B7gmlI1iJiJLlAH6o93PYhp8559Dfp+q +wQIhAOMbFp0NJPrVpycx5dQAYpM/edqXoOENQf1lMLOmOHlhAiEAwgfTbAaGNfQS +uXfzj0sx+IvoKE/MXfLKZ/uE9futCQcCIQC/mMjZMo+yNrHQdV5KHxEK3RB2hFmr +xD2aA9a0mVUnwQIgbYjHdNNWDr1DmMo7h+g2RI6Ot7scruiyFPNrgwXaEB8CICMa +8wjF27wlJ2nmhM9ZXUBtvBKgU+jspsA8n+wU+o+f +-----END RSA PRIVATE KEY----- -- cgit v1.1 From 823ea9ba4a39998e3fe210e99e8e59d342fccfda Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 24 Jan 2013 16:51:36 +0100 Subject: Don't verify server certificate if we're using PSK. --- lib/event.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/event.c b/lib/event.c index 3ebc5a7..78a9156 100644 --- a/lib/event.c +++ b/lib/event.c @@ -246,8 +246,9 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt) assert (!conn->is_connecting); #if defined (RS_ENABLE_TLS) - if (conn->realm->type == RS_CONN_TYPE_TLS - || conn->realm->type == RS_CONN_TYPE_DTLS) + if ((conn->realm->type == RS_CONN_TYPE_TLS + || conn->realm->type == RS_CONN_TYPE_DTLS) + && conn->realm->transport_cred->type != RS_CRED_TLS_PSK) if (tls_verify_cert (conn) != RSE_OK) { rs_debug (("%s: server cert verification failed\n", __func__)); -- cgit v1.1 From 0fc12902522123ec85913beac30349925b9deed8 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 24 Jan 2013 17:22:14 +0100 Subject: Order functions properly in conn.c. --- lib/conn.c | 36 +++++++++++++++++++----------------- lib/conn.h | 2 +- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/lib/conn.c b/lib/conn.c index 09a1ac0..64c2344 100644 --- a/lib/conn.c +++ b/lib/conn.c @@ -43,6 +43,25 @@ conn_user_dispatch_p (const struct rs_connection *conn) conn->callbacks.sent_cb); } + +int +conn_activate_timeout (struct rs_connection *conn) +{ + assert (conn); + assert (conn->tev); + assert (conn->evb); + if (conn->timeout.tv_sec || conn->timeout.tv_usec) + { + rs_debug (("%s: activating timer: %d.%d\n", __func__, + conn->timeout.tv_sec, conn->timeout.tv_usec)); + if (evtimer_add (conn->tev, &conn->timeout)) + return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, + "evtimer_add: %d", errno); + } + return RSE_OK; +} + +/* Public functions. */ int rs_conn_create (struct rs_context *ctx, struct rs_connection **conn, @@ -290,20 +309,3 @@ rs_conn_set_timeout(struct rs_connection *conn, struct timeval *tv) assert (tv); conn->timeout = *tv; } - -int -conn_activate_timeout (struct rs_connection *conn) -{ - assert (conn); - assert (conn->tev); - assert (conn->evb); - if (conn->timeout.tv_sec || conn->timeout.tv_usec) - { - rs_debug (("%s: activating timer: %d.%d\n", __func__, - conn->timeout.tv_sec, conn->timeout.tv_usec)); - if (evtimer_add (conn->tev, &conn->timeout)) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "evtimer_add: %d", errno); - } - return RSE_OK; -} diff --git a/lib/conn.h b/lib/conn.h index f58cc53..cf15b80 100644 --- a/lib/conn.h +++ b/lib/conn.h @@ -1,6 +1,6 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ -int conn_user_dispatch_p (const struct rs_connection *conn); int conn_close (struct rs_connection **connp); +int conn_user_dispatch_p (const struct rs_connection *conn); int conn_activate_timeout (struct rs_connection *conn); -- cgit v1.1 From abd279561b8fc63e9a8ae7c8cab5135df77bb816 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 24 Jan 2013 17:31:49 +0100 Subject: Add two helper functions to conn.[ch]. --- lib/conn.c | 15 +++++++++++++++ lib/conn.h | 2 ++ 2 files changed, 17 insertions(+) diff --git a/lib/conn.c b/lib/conn.c index 64c2344..7522782 100644 --- a/lib/conn.c +++ b/lib/conn.c @@ -61,6 +61,21 @@ conn_activate_timeout (struct rs_connection *conn) return RSE_OK; } +int +conn_type_tls (const struct rs_connection *conn) +{ + return conn->realm->type == RS_CONN_TYPE_TLS + || conn->realm->type == RS_CONN_TYPE_DTLS; +} + +int +conn_cred_psk (const struct rs_connection *conn) +{ + return conn->realm->transport_cred && + conn->realm->transport_cred->type == RS_CRED_TLS_PSK; +} + + /* Public functions. */ int rs_conn_create (struct rs_context *ctx, diff --git a/lib/conn.h b/lib/conn.h index cf15b80..c538a8c 100644 --- a/lib/conn.h +++ b/lib/conn.h @@ -4,3 +4,5 @@ int conn_close (struct rs_connection **connp); int conn_user_dispatch_p (const struct rs_connection *conn); int conn_activate_timeout (struct rs_connection *conn); +int conn_type_tls (const struct rs_connection *conn); +int conn_cred_psk (const struct rs_connection *conn); -- cgit v1.1 From 9cf549b20eb0ae56afac8c3ddff8725c8c1380db Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 24 Jan 2013 17:32:18 +0100 Subject: Do the test for PSK properly. Fixes 823ea9ba. --- lib/event.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/event.c b/lib/event.c index 78a9156..e51616a 100644 --- a/lib/event.c +++ b/lib/event.c @@ -246,9 +246,7 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt) assert (!conn->is_connecting); #if defined (RS_ENABLE_TLS) - if ((conn->realm->type == RS_CONN_TYPE_TLS - || conn->realm->type == RS_CONN_TYPE_DTLS) - && conn->realm->transport_cred->type != RS_CRED_TLS_PSK) + if (conn_type_tls(conn) && !conn_cred_psk(conn)) if (tls_verify_cert (conn) != RSE_OK) { rs_debug (("%s: server cert verification failed\n", __func__)); -- cgit v1.1 From 7847caaf22f0fadd5532fc6f0525bfd75ef72fef Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 24 Jan 2013 17:33:08 +0100 Subject: Add PSK example in examples/client.conf. --- lib/examples/client.conf | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/examples/client.conf b/lib/examples/client.conf index 1540bbe..a19b699 100644 --- a/lib/examples/client.conf +++ b/lib/examples/client.conf @@ -16,13 +16,24 @@ realm blocking-tls { cacertfile = "tests/demoCA/newcerts/01.pem" certfile = "tests/demoCA/newcerts/03.pem" certkeyfile = "tests/demoCA/private/cli1.key" - #pskstr = "sikrit psk" - #pskhexstr = "deadbeef4711" - #pskid = "Client_identity" - #pskex = "PSK" server { hostname = "srv1" service = "2083" secret = "sikrit" } } + +realm blocking-tls-psk { + type = "TLS" + timeout = 1 + retries = 3 + #pskstr = "sikrit psk" + pskhexstr = "deadbeef4711" + pskid = "Client_identity" + pskex = "PSK" + server { + hostname = "srv1" + service = "4433" + secret = "sikrit" + } +} -- cgit v1.1 From 48737bdeca1b2426405032c115d63aec7b93aa7a Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Fri, 25 Jan 2013 09:58:26 +0100 Subject: Update HACKING with a rough road map. --- lib/HACKING | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/HACKING b/lib/HACKING index fad366a..27745dd 100644 --- a/lib/HACKING +++ b/lib/HACKING @@ -1,6 +1,6 @@ HACKING file for libradsec (in Emacs -*- org -*- mode). -Status as of libradsec-0.0.2.dev (2011-03-24). +Status as of libradsec-0.0.2.dev (2013-01-25). * Build instructions sh autogen.sh @@ -56,7 +56,7 @@ Details (within parentheses) apply to Debian Wheezy. - OpenSSL (1.0.1c-4) -- optional, for TLS and DTLS support sudo apt-get install libssl-dev libssl1.0.0 -* Functionality and quality +* Functionality and quality in 0.0.x ** Not well tested - reading config file - [TCP] short read @@ -70,10 +70,11 @@ Details (within parentheses) apply to Debian Wheezy. - custom allocation scheme is not used in all places ** Not implemented -- [client] server failover +- dispatch mode (planned for 0.1) +- [client] server failover / RFC3539 watchdog (planned for 0.1) +- [server] support (planned for 0.2) +- on-your-own mode - [DTLS] support -- [server] support -- dispatch mode and on-your-own mode * Found a bug? Please report it. That is how we improve the quality of the code. -- cgit v1.1 From 6d2889ba0a558100ebf7616f9769864daf5ece8e Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 28 Jan 2013 16:22:14 +0100 Subject: Remove dead code. --- lib/HACKING | 1 + lib/packet.c | 10 ---------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/lib/HACKING b/lib/HACKING index 27745dd..83a91b5 100644 --- a/lib/HACKING +++ b/lib/HACKING @@ -73,6 +73,7 @@ Details (within parentheses) apply to Debian Wheezy. - dispatch mode (planned for 0.1) - [client] server failover / RFC3539 watchdog (planned for 0.1) - [server] support (planned for 0.2) +- [client] TCP keepalive - on-your-own mode - [DTLS] support diff --git a/lib/packet.c b/lib/packet.c index 17f022e..8073945 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -137,16 +137,6 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) if (rpkt == NULL) return rs_err_conn_push (conn, RSE_NOMEM, __func__); - /* - * This doesn't make sense; the packet identifier is constant for - * an entire conversation. A separate API should be provided to - * allow the application to set the packet ID, or a conversation - * object should group related packets together. - */ -#if 0 - rpkt->id = conn->nextid++ -#endif - err = nr_packet_init (rpkt, NULL, NULL, PW_ACCESS_REQUEST, rpkt + 1, RS_MAX_PACKET_LEN); -- cgit v1.1 From 7b40db442c2fccaa484c6162b238b4e707e8733e Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 29 Jan 2013 15:27:26 +0100 Subject: Improve documentation. --- lib/include/radsec/radsec.h | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 7bd7f10..fb2aea9 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -296,16 +296,21 @@ int rs_packet_create(struct rs_connection *conn, struct rs_packet **pkt_out); /** Free all memory allocated for packet \a pkt. */ void rs_packet_destroy(struct rs_packet *pkt); -/** Send packet \a pkt on the connection associated with \a pkt. \a - user_data is sent to the \a rs_conn_packet_received_cb callback - registered with the connection. If no callback is registered with +/** Send packet \a pkt on the connection associated with \a pkt. + \a user_data is passed to the \a rs_conn_packet_received_cb callback + registered with the connection. If no callback is registered with the connection, the event loop is run by \a rs_packet_send and it - blocks until the packet has been succesfully sent. - - \return On success, RSE_OK (0) is returned. On error, !0 is + blocks until the full packet has been sent. Note that sending can + fail in several ways, f.ex. if the transmission protocol in use + is connection oriented (\a RS_CONN_TYPE_TCP and \a RS_CONN_TYPE_TLS) + and the connection can not be established. Also note that no + retransmission is done, something that is required for connectionless + transport protocols (\a RS_CONN_TYPE_UDP and \a RS_CONN_TYPE_DTLS). + The "request" API with \a rs_request_send can help with this. + + \return On success, RSE_OK (0) is returned. On error, !0 is returned and a struct \a rs_error is pushed on the error stack for - the connection. The error can be accessed using \a - rs_err_conn_pop. */ + the connection. The error can be accessed using \a rs_err_conn_pop. */ int rs_packet_send(struct rs_packet *pkt, void *user_data); /** Create a RADIUS authentication request packet associated with -- cgit v1.1 From 573db792fa3ffc3f1d774f45ed31ec34a3c4e708 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 6 May 2013 14:35:12 +0200 Subject: Bump version to 0.0.4.dev to keep ahead of moonshot. --- lib/HACKING | 2 +- lib/configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/HACKING b/lib/HACKING index 83a91b5..a92f0f9 100644 --- a/lib/HACKING +++ b/lib/HACKING @@ -1,6 +1,6 @@ HACKING file for libradsec (in Emacs -*- org -*- mode). -Status as of libradsec-0.0.2.dev (2013-01-25). +Status as of libradsec-0.0.4.dev (2013-05-06). * Build instructions sh autogen.sh diff --git a/lib/configure.ac b/lib/configure.ac index e69135b..4abd170 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -1,7 +1,7 @@ # -*- Autoconf -*- script for libradsec. AC_PREREQ([2.65]) -AC_INIT([libradsec], [0.0.2.dev], [linus+libradsec@nordu.net]) +AC_INIT([libradsec], [0.0.4.dev], [linus+libradsec@nordu.net]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([radsec.c]) AC_CONFIG_AUX_DIR([build-aux]) -- cgit v1.1 From b9e967b3cde6af41cd0e863e9ff073897019625a Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 6 May 2013 14:45:33 +0200 Subject: Bump library interface revision. Commit edf4c047 claimed it did this but didn't really do it. Should really have been done as part of bumping the library version (0.0.2.dev in configure.ac). --- lib/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 46f573a..597f6dd 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -50,5 +50,5 @@ endif EXTRA_DIST = HACKING LICENSE libradsec_la_LIBADD = radsecproxy/libradsec-radsecproxy.la radius/libradsec-radius.la -libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols radsec.sym +libradsec_la_LDFLAGS = -version-info 1:0:0 -export-symbols radsec.sym libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT -- cgit v1.1 From 468e6e2a047583fc1d43c535d02507f83e88fc01 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 6 May 2013 20:30:47 +0200 Subject: Use CUnit for tests. cgreen didn't seem properly maintained. CUnit seems to be widely used. --- lib/tests/Makefile.am | 2 +- lib/tests/README | 27 ++++++++----- lib/tests/test-udp.c | 106 ++++++++++++++++++++----------------------------- lib/tests/test.conf | 2 - lib/tests/udp-server.c | 3 ++ lib/tests/udp.c | 6 ++- lib/tests/udp.h | 3 ++ 7 files changed, 71 insertions(+), 78 deletions(-) diff --git a/lib/tests/Makefile.am b/lib/tests/Makefile.am index 33ddb51..045991a 100644 --- a/lib/tests/Makefile.am +++ b/lib/tests/Makefile.am @@ -7,6 +7,6 @@ TESTS = test-udp check_PROGRAMS = test-udp udp-server test_udp_SOURCES = test-udp.c udp.c -test_udp_LDADD = ../libradsec.la -lcgreen -lm +test_udp_LDADD = ../libradsec.la -lcunit -lm udp_server_SOURCES = udp-server.c udp.c diff --git a/lib/tests/README b/lib/tests/README index 4d68bde..33bddc1 100644 --- a/lib/tests/README +++ b/lib/tests/README @@ -1,8 +1,14 @@ +This is the README file for the test directory of libradsec. + Build ----- -In order to build and run the tests, you'll need to have libcgreen -installed (http://www.lastcraft.com/cgreen.php). +In order to build and run the tests, you'll need to have CUnit +installed. + +Source code: http://cunit.sourceforge.net/ +Debian package: libcunit1-dev +FreeBSD port: devel/cunit Run @@ -23,12 +29,11 @@ Run the tests by typing The output should read something like - Completed "main": 32 passes, 0 failures, 0 exceptions. - - -When trying to debug the test programs under GDB you might run into -trouble with multiple threads being executed by the test framework. -If so, make sure to run a single test rather than the full test suite. -For example: - - libtool --mode execute gdb --args test-udp test_auth + --Run Summary: Type Total Ran Passed Failed + suites 2 2 n/a 0 + tests 2 2 2 0 + asserts 23 23 23 0 + PASS: test-udp + ============= + 1 test passed + ============= diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c index ccad607..7c2e73c 100644 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@ -1,24 +1,26 @@ +/* Copyright 2011,2013, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include -#include +#include +#include +#include "radius/client.h" #include "radsec/radsec.h" #include "radsec/request.h" #include "udp.h" -#define true 1 /* FIXME: Bug report cgreen. */ -#define false 0 - static void authenticate (struct rs_connection *conn, const char *user, const char *pw) { struct rs_request *req; struct rs_packet *msg, *resp; - assert_true (rs_request_create (conn, &req) == 0); - assert_true (rs_packet_create_authn_request (conn, &msg, user, pw) == 0); + CU_ASSERT (rs_request_create (conn, &req) == 0); + CU_ASSERT (!rs_packet_create_authn_request (conn, &msg, user, pw, "sikrit")); rs_request_add_reqpkt (req, msg); - assert_true (rs_request_send (req, &resp) == 0); + CU_ASSERT (rs_request_send (req, &resp) == 0); //printf ("%s\n", rs_err_msg (rs_err_conn_pop (conn), 1)); - assert_true (rs_packet_code(resp) == PW_ACCESS_ACCEPT); + CU_ASSERT (rs_packet_code(resp) == PW_ACCESS_ACCEPT); rs_request_destroy (req); } @@ -28,10 +30,12 @@ send_more_than_one_msg_in_one_packet (struct rs_connection *conn) { struct rs_packet *msg0, *msg1; - assert_true (rs_packet_create_authn_request (conn, &msg0, NULL, NULL) == 0); - assert_true (rs_packet_create_authn_request (conn, &msg1, NULL, NULL) == 0); - assert_true (rs_packet_send (msg0, NULL) == 0); - assert_true (rs_packet_send (msg1, NULL) == 0); + CU_ASSERT (rs_packet_create_authn_request (conn, &msg0, NULL, NULL, "sikrit") + == 0); + CU_ASSERT (rs_packet_create_authn_request (conn, &msg1, NULL, NULL, "sikrit") + == 0); + CU_ASSERT (rs_packet_send (msg0, NULL) == 0); + CU_ASSERT (rs_packet_send (msg1, NULL) == 0); } #if 0 @@ -44,18 +48,18 @@ send_large_packet (struct rs_connection *conn) int f; buf = malloc (RS_MAX_PACKET_LEN); - assert_true (buf != NULL); + CU_ASSERT (buf != NULL); memset (buf, 0, RS_MAX_PACKET_LEN); - assert_true (rs_packet_create (conn, &msg0) == 0); + CU_ASSERT (rs_packet_create (conn, &msg0) == 0); /* 16 chunks --> heap corruption in evbuffer_drain detected by free() */ for (f = 0; f < 15; f++) { memset (buf, 'a' + f, 252); //vp = pairmake ("EAP-Message", buf, T_OP_EQ); - assert_true (rs_packet_append_avp (msg0, fixme...) == RSE_OK); + CU_ASSERT (rs_packet_append_avp (msg0, fixme...) == RSE_OK); } - assert_true (rs_packet_send (msg0, NULL) == 0); + CU_ASSERT (rs_packet_send (msg0, NULL) == 0); } #endif /* 0 */ @@ -78,10 +82,9 @@ test_auth () setup.username = "molgan@PROJECT-MOONSHOT.ORG"; setup.pw = "password"; - assert_true (rs_context_create (&ctx) == 0); - assert_true (rs_context_read_config (ctx, setup.config_file) == 0); - assert_true (rs_context_init_freeradius_dict (ctx, NULL) == 0); - assert_true (rs_conn_create (ctx, &conn, setup.config_name) == 0); + CU_ASSERT (rs_context_create (&ctx) == 0); + CU_ASSERT (rs_context_read_config (ctx, setup.config_file) == 0); + CU_ASSERT (rs_conn_create (ctx, &conn, setup.config_name) == 0); authenticate (conn, setup.username, setup.pw); @@ -97,9 +100,9 @@ test_buffering_cb (const uint8_t *buf, ssize_t len) #if 0 hd (buf, len); #endif - assert_true (len >= 20); - assert_true (len <= RS_MAX_PACKET_LEN); - assert_true ((buf[2] << 8) + buf[3] == len); + CU_ASSERT (len >= 20); + CU_ASSERT (len <= RS_MAX_PACKET_LEN); + CU_ASSERT ((buf[2] << 8) + buf[3] == len); return len; } @@ -111,34 +114,19 @@ test_buffering () struct timeval timeout; struct polldata *polldata; - assert_true (rs_context_create (&ctx) == 0); - assert_true (rs_context_read_config (ctx, "test.conf") == 0); - assert_true (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); + CU_ASSERT (rs_context_create (&ctx) == 0); + CU_ASSERT (rs_context_read_config (ctx, "test.conf") == 0); + CU_ASSERT (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); timeout.tv_sec = 0; timeout.tv_usec = 150000; polldata = udp_server ("11820", &timeout, test_buffering_cb); - assert_true (polldata != NULL); + CU_ASSERT (polldata != NULL); send_more_than_one_msg_in_one_packet (conn); - assert_true (udp_poll (polldata) > 0); - assert_true (udp_poll (polldata) > 0); + CU_ASSERT (udp_poll (polldata) > 0); + CU_ASSERT (udp_poll (polldata) > 0); -#if 0 -" -send_large_packet() disabled, it's hanging after - -Sending Access-Request of id 1 to (null) port 0 - Message-Authenticator = 0x00000000000000000000000000000000 -packet_do_send: about to send this to localhost:11820: - Code: 1, Identifier: 1, Lenght: 38 -rs_packet_send: entering event loop -_evcb: fd=5 what = WRITE -rs_packet_send: event loop done -" - send_large_packet (conn); - assert_true (udp_poll (polldata) > 0); -#endif /* 0 */ udp_free_polldata (polldata); rs_conn_destroy (conn); @@ -146,28 +134,20 @@ rs_packet_send: event loop done } /* ************************************************************ */ -static void -setup_auth (TestSuite *ts) -{ - add_test (ts, test_auth); -} - -static void -setup_buffering (TestSuite *ts) -{ - add_test (ts, test_buffering); -} - int main (int argc, char *argv[]) { - TestSuite *ts = create_test_suite (); + CU_pSuite s = NULL; + CU_pTest t = NULL; + + assert (CU_initialize_registry () == CUE_SUCCESS); + s = CU_add_suite ("auth", NULL, NULL); assert (s); + t = CU_ADD_TEST (s, test_auth); assert (t); + s = CU_add_suite ("buffering", NULL, NULL); assert (s); + t = CU_ADD_TEST (s, test_buffering); assert (t); - setup_auth (ts); - setup_buffering (ts); + return !(CU_basic_run_tests () == CUE_SUCCESS); - if (argc > 1) - return run_single_test (ts, argv[1], create_text_reporter ()); - else - return run_test_suite (ts, create_text_reporter ()); + CU_cleanup_registry (); + return 0; } diff --git a/lib/tests/test.conf b/lib/tests/test.conf index 839fd75..98d0330 100644 --- a/lib/tests/test.conf +++ b/lib/tests/test.conf @@ -1,5 +1,3 @@ -dictionary = "/home/linus/usr/moonshot/share/freeradius/dictionary" - realm test-udp-auth { type = "UDP" server { diff --git a/lib/tests/udp-server.c b/lib/tests/udp-server.c index ce0136a..77a35df 100644 --- a/lib/tests/udp-server.c +++ b/lib/tests/udp-server.c @@ -1,3 +1,6 @@ +/* Copyright 2011, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include #include #include "udp.h" diff --git a/lib/tests/udp.c b/lib/tests/udp.c index 47ea595..2c580da 100644 --- a/lib/tests/udp.c +++ b/lib/tests/udp.c @@ -1,3 +1,6 @@ +/* Copyright 2011,2013, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include #include #include @@ -10,6 +13,7 @@ #include #include #include +#include "radius/client.h" #include "udp.h" static struct addrinfo * @@ -57,7 +61,7 @@ ssize_t udp_poll (struct polldata *data) { int r; - long timeout; + long timeout = 0; fd_set rfds; ssize_t len; uint8_t buf[RS_MAX_PACKET_LEN]; diff --git a/lib/tests/udp.h b/lib/tests/udp.h index 004b7ca..a8d5f23 100644 --- a/lib/tests/udp.h +++ b/lib/tests/udp.h @@ -1,3 +1,6 @@ +/* Copyright 2011, NORDUnet A/S. All rights reserved. */ +/* See LICENSE for licensing information. */ + #include #include #include -- cgit v1.1 From 147f8ab3277afdbe9f63676539a95aaaa48de336 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 7 May 2013 10:09:53 +0200 Subject: Build include before building '.' Patch by Sam Hartman (ff1af013 in moonshot). --- lib/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 597f6dd..547fc14 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -17,7 +17,7 @@ ACLOCAL_AMFLAGS = -I m4 # library interface is _changed_. -SUBDIRS = radius radsecproxy . include examples +SUBDIRS = radius radsecproxy include . examples INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -Werror -g -- cgit v1.1 From eec88306951cec38d1376ad4fbba6e690b4a1358 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 18 Sep 2012 20:50:12 -0400 Subject: Add and fix RADIUS attributes (4b9e4cb1, e4b6e972). Fix capitalization in abfab dictionary Update to IETF RADIUS attributes draft-ietf-abfab-gss-eap has been approved; include IANA-issued standard radius attributes for Moonshot. Fix capitalization in abfab dictionary --- lib/radius/Makefile.am | 5 ++++- lib/radius/share/dictionary.abfab.ietf | 4 ++++ lib/radius/share/dictionary.ukerna | 8 ++++---- 3 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 lib/radius/share/dictionary.abfab.ietf diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am index 92a12cf..96bafae 100644 --- a/lib/radius/Makefile.am +++ b/lib/radius/Makefile.am @@ -24,7 +24,10 @@ DICTIONARIES = \ share/dictionary.txt \ share/dictionary.juniper \ share/dictionary.microsoft \ - share/dictionary.ukerna + share/dictionary.ukerna \ + share/dictionary.abfab.ietf + +EXTRA_DIST = $(DICTIONARIES) $(top_srcdir)/include/radsec/radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl $(srcdir)/convert.pl ${DICTIONARIES} diff --git a/lib/radius/share/dictionary.abfab.ietf b/lib/radius/share/dictionary.abfab.ietf new file mode 100644 index 0000000..b60702c --- /dev/null +++ b/lib/radius/share/dictionary.abfab.ietf @@ -0,0 +1,4 @@ +ATTRIBUTE GSS-Acceptor-Service-Name 164 string +ATTRIBUTE GSS-Acceptor-Host-Name 165 string +ATTRIBUTE GSS-Acceptor-Service-Specifics 166 string +ATTRIBUTE GSS-Acceptor-Realm-Name 167 string diff --git a/lib/radius/share/dictionary.ukerna b/lib/radius/share/dictionary.ukerna index 0e35d43..7d9d22d 100644 --- a/lib/radius/share/dictionary.ukerna +++ b/lib/radius/share/dictionary.ukerna @@ -9,10 +9,10 @@ VENDOR UKERNA 25622 BEGIN-VENDOR UKERNA -ATTRIBUTE GSS-Acceptor-Service-Name 128 string -ATTRIBUTE GSS-Acceptor-Host-Name 129 string -ATTRIBUTE GSS-Acceptor-Service-Specific 130 string -ATTRIBUTE GSS-Acceptor-Realm-Name 131 string +ATTRIBUTE GSS-Acceptor-Service-Name-VS 128 string +ATTRIBUTE GSS-Acceptor-Host-Name-VS 129 string +ATTRIBUTE GSS-Acceptor-Service-Specific-VS 130 string +ATTRIBUTE GSS-Acceptor-Realm-Name-VS 131 string ATTRIBUTE SAML-AAA-Assertion 132 string ATTRIBUTE MS-Windows-Auth-Data 133 octets ATTRIBUTE MS-Windows-Group-Sid 134 string -- cgit v1.1 From c682577a243902164de1d80f38425a66a4853d82 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 6 May 2013 12:00:00 +0200 Subject: Revert "Add formal argument 'secret' to two public functions." This reverts commit 09d1cff2418a900b587b2113f508984f2417cc11. Conflicts: lib/include/radsec/request.h --- lib/examples/client-blocking.c | 4 ++-- lib/include/radsec/radsec.h | 8 +++----- lib/include/radsec/request.h | 11 ++++------- lib/packet.c | 5 +---- lib/request.c | 5 ++--- 5 files changed, 12 insertions(+), 21 deletions(-) diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c index 1303905..cce00bf 100644 --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@ -55,14 +55,14 @@ blocking_client (const char *config_fn, const char *configuration, if (use_request_object_flag) { - if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW, SECRET)) + if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW)) goto cleanup; if (rs_request_send (request, &resp)) goto cleanup; } else { - if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW, SECRET)) + if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW)) goto cleanup; if (rs_packet_send (req, NULL)) goto cleanup; diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index fb2aea9..2d20b6e 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -315,14 +315,12 @@ int rs_packet_send(struct rs_packet *pkt, void *user_data); /** Create a RADIUS authentication request packet associated with connection \a conn. Optionally, User-Name and User-Password - attributes are added to the packet using the data in \a user_name, - \a user_pw and \a secret where \secret is the RADIUS shared - secret. */ + attributes are added to the packet using the data in \a user_name + and \a user_pw. */ int rs_packet_create_authn_request(struct rs_connection *conn, struct rs_packet **pkt, const char *user_name, - const char *user_pw, - const char *secret); + const char *user_pw); /*** Append \a tail to packet \a pkt. */ int diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h index f0151f8..7e58008 100644 --- a/lib/include/radsec/request.h +++ b/lib/include/radsec/request.h @@ -20,16 +20,13 @@ int rs_request_create(struct rs_connection *conn, struct rs_request **req_out); void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg); /** Create a request associated with connection \a conn containing a - newly created RADIUS authentication message, possibly with - \a user_name and \a user_pw attributes. \a user_name and \a user_pw - are optional and can be NULL. If \a user_name and \a user_pw are provided, - \a secret must also be provided. \a secret is used for "hiding" the - password. */ + newly created RADIUS authentication message, possibly with \a + user_name and \a user_pw attributes. \a user_name and _user_pw + are optional and can be NULL. */ int rs_request_create_authn(struct rs_connection *conn, struct rs_request **req_out, const char *user_name, - const char *user_pw, - const char *secret); + const char *user_pw); /** Send request \a req and wait for a matching response. The response is put in \a resp_msg (if not NULL). NOTE: At present, diff --git a/lib/packet.c b/lib/packet.c index 8073945..ba7ddb8 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -159,9 +159,7 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) int rs_packet_create_authn_request (struct rs_connection *conn, struct rs_packet **pkt_out, - const char *user_name, - const char *user_pw, - const char *secret) + const char *user_name, const char *user_pw) { struct rs_packet *pkt; int err; @@ -181,7 +179,6 @@ rs_packet_create_authn_request (struct rs_connection *conn, if (user_pw) { - pkt->rpkt->secret = secret; err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0); if (err) return err; diff --git a/lib/request.c b/lib/request.c index 9ad7843..5649ee1 100644 --- a/lib/request.c +++ b/lib/request.c @@ -51,8 +51,7 @@ int rs_request_create_authn (struct rs_connection *conn, struct rs_request **req_out, const char *user_name, - const char *user_pw, - const char *secret) + const char *user_pw) { struct rs_request *req = NULL; assert (req_out); @@ -60,7 +59,7 @@ rs_request_create_authn (struct rs_connection *conn, if (rs_request_create (conn, &req)) return -1; - if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw, secret)) + if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw)) return -1; if (req_out) -- cgit v1.1 From 0a3ac2ab74778832966237b6a3e488cb8d627ec4 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 6 May 2013 12:01:00 +0200 Subject: Follow API change in tests. --- lib/tests/test-udp.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c index 7c2e73c..7ad340a 100644 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@ -16,7 +16,7 @@ authenticate (struct rs_connection *conn, const char *user, const char *pw) struct rs_packet *msg, *resp; CU_ASSERT (rs_request_create (conn, &req) == 0); - CU_ASSERT (!rs_packet_create_authn_request (conn, &msg, user, pw, "sikrit")); + CU_ASSERT (!rs_packet_create_authn_request (conn, &msg, user, pw)); rs_request_add_reqpkt (req, msg); CU_ASSERT (rs_request_send (req, &resp) == 0); //printf ("%s\n", rs_err_msg (rs_err_conn_pop (conn), 1)); @@ -30,10 +30,8 @@ send_more_than_one_msg_in_one_packet (struct rs_connection *conn) { struct rs_packet *msg0, *msg1; - CU_ASSERT (rs_packet_create_authn_request (conn, &msg0, NULL, NULL, "sikrit") - == 0); - CU_ASSERT (rs_packet_create_authn_request (conn, &msg1, NULL, NULL, "sikrit") - == 0); + CU_ASSERT (rs_packet_create_authn_request (conn, &msg0, NULL, NULL) == 0); + CU_ASSERT (rs_packet_create_authn_request (conn, &msg1, NULL, NULL) == 0); CU_ASSERT (rs_packet_send (msg0, NULL) == 0); CU_ASSERT (rs_packet_send (msg1, NULL) == 0); } -- cgit v1.1 From 25261df09d801d070df4c31e11e1702614546090 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 12:00:00 +0200 Subject: Remove an unused error code and unusued RSE_MAX. Also, remove unused file attr.c. --- lib/attr.c | 48 --------------------------------------------- lib/include/radsec/radsec.h | 2 -- 2 files changed, 50 deletions(-) delete mode 100644 lib/attr.c diff --git a/lib/attr.c b/lib/attr.c deleted file mode 100644 index 74d352c..0000000 --- a/lib/attr.c +++ /dev/null @@ -1,48 +0,0 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -/* NOTE: This file is not in use at the moment (libradsec-0.0.1). */ - -#if defined HAVE_CONFIG_H -#include -#endif - -#include -#include -#include - -int -rs_attr_create(struct rs_connection *conn, - struct rs_attr **attr, - const char *type, - const char *val) -{ - VALUE_PAIR *vp; - struct rs_attr *a; - - *attr = NULL; - a = (struct rs_attr *) malloc (sizeof(struct rs_attr)); - if (!a) - return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - memset (a, 0, sizeof(struct rs_attr)); - - vp = pairmake (type, val, T_OP_EQ); - if (!vp) - { - rs_attr_destroy (a); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - } - - a->vp = vp; - *attr = a; - return RSE_OK; -} - -void -rs_attr_destroy (struct rs_attr *attr) -{ - if (attr->vp) - pairfree (&attr->vp); - free (attr); -} diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 2d20b6e..00c8d7b 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -29,7 +29,6 @@ enum rs_error_code { RSE_INVALID_CTX = 3, RSE_INVALID_CONN = 4, RSE_CONN_TYPE_MISMATCH = 5, - RSE_FR = 6, RSE_BADADDR = 7, RSE_NOPEER = 8, RSE_EVENT = 9, /* libevent error. */ @@ -68,7 +67,6 @@ enum rs_error_code { RSE_VENDOR_UNKNOWN = 42, RSE_CRED = 43, RSE_CERT = 44, - RSE_MAX = RSE_CERT }; enum rs_conn_type { -- cgit v1.1 From a64a823a8759a7a7223d4ca1a0f0af0bb1d616fa Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 15:00:00 +0200 Subject: Add an assert in error handling code. --- lib/err.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/err.c b/lib/err.c index 432a67e..854a4a9 100644 --- a/lib/err.c +++ b/lib/err.c @@ -158,6 +158,8 @@ rs_err_ctx_push_fl (struct rs_context *ctx, int code, const char *file, int err_conn_push_err (struct rs_connection *conn, struct rs_error *err) { + assert (conn); + assert (err); if (conn->err) rs_err_free (conn->err); -- cgit v1.1 From f71f1bdd87e58fb6fb5abc90a1b2119a4f35f1b3 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 17:05:57 +0200 Subject: Revive RSE_MAX. It's being used after all. --- lib/include/radsec/radsec.h | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 00c8d7b..230f671 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -67,6 +67,7 @@ enum rs_error_code { RSE_VENDOR_UNKNOWN = 42, RSE_CRED = 43, RSE_CERT = 44, + RSE_MAX = RSE_CERT }; enum rs_conn_type { -- cgit v1.1 From 82c9dd49e981943c3c9af192b3023b141efc6f6b Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 17:10:10 +0200 Subject: Push an error on the error stack when returning !RSE_OK. --- lib/packet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/packet.c b/lib/packet.c index ba7ddb8..8135749 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -211,7 +211,7 @@ rs_packet_append_avp (struct rs_packet *pkt, da = nr_dict_attr_byvalue (attr, vendor); if (da == NULL) - return RSE_ATTR_TYPE_UNKNOWN; + return rs_err_conn_push (pkt->conn, RSE_ATTR_TYPE_UNKNOWN, __func__); err = nr_packet_attr_append (pkt->rpkt, NULL, da, data, data_len); if (err < 0) -- cgit v1.1 From 68c9e3104d83febbcdb97cead0b8b6bfb6576d89 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 20:21:18 +0200 Subject: Constify the MD5 implementation. --- lib/md5.c | 6 +++--- lib/md5.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/md5.c b/lib/md5.c index 7d43a60..f4ac436 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -89,9 +89,9 @@ * This processes one or more 64-byte data blocks, but does NOT update * the bit counters. There are no alignment requirements. */ -static void *body(MD5_CTX *ctx, void *data, unsigned long size) +static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) { - unsigned char *ptr; + const unsigned char *ptr; MD5_u32plus a, b, c, d; MD5_u32plus saved_a, saved_b, saved_c, saved_d; @@ -207,7 +207,7 @@ void MD5_Init(MD5_CTX *ctx) ctx->hi = 0; } -void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size) +void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) { MD5_u32plus saved_lo; unsigned long used, free; diff --git a/lib/md5.h b/lib/md5.h index f1a6857..2da44bf 100644 --- a/lib/md5.h +++ b/lib/md5.h @@ -39,7 +39,7 @@ typedef struct { } MD5_CTX; extern void MD5_Init(MD5_CTX *ctx); -extern void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size); +extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size); extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); #endif -- cgit v1.1 From 591a8ea24d0e2426ff34a3ccc549fee8cc70c323 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 20:23:06 +0200 Subject: Add 'tests' to SUBDIRS to make 'make check' work. --- lib/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 547fc14..3de4657 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -17,7 +17,7 @@ ACLOCAL_AMFLAGS = -I m4 # library interface is _changed_. -SUBDIRS = radius radsecproxy include . examples +SUBDIRS = radius radsecproxy include . examples tests INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -Werror -g -- cgit v1.1 From 6d4cfa75426dfdc28dcc97c9c3d532a417ad1194 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 20:28:17 +0200 Subject: Exit tests with number of failures. Now 'make check' really fails when a test fails. --- lib/tests/test-udp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c index 7ad340a..ed176c0 100644 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@ -137,6 +137,7 @@ main (int argc, char *argv[]) { CU_pSuite s = NULL; CU_pTest t = NULL; + unsigned int nfail; assert (CU_initialize_registry () == CUE_SUCCESS); s = CU_add_suite ("auth", NULL, NULL); assert (s); @@ -144,8 +145,9 @@ main (int argc, char *argv[]) s = CU_add_suite ("buffering", NULL, NULL); assert (s); t = CU_ADD_TEST (s, test_buffering); assert (t); - return !(CU_basic_run_tests () == CUE_SUCCESS); + assert (CU_basic_run_tests () == CUE_SUCCESS); + nfail = CU_get_number_of_failures(); CU_cleanup_registry (); - return 0; + return nfail; } -- cgit v1.1 From 8d8356c0b2596a73f5593d3519040df77293ac22 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 21:17:54 +0200 Subject: Add a few bits to README. --- lib/README | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/lib/README b/lib/README index 37a5d16..111c570 100644 --- a/lib/README +++ b/lib/README @@ -1,16 +1,17 @@ -libradsec is a RADIUS library for clients doing RADIUS over UDP or -TLS. The goal is to add support for writing servers (and thus -proxies) and to add transports TCP and DTLS. +Libradsec is a RADIUS library for clients doing RADIUS over UDP or +TLS. The goal is to add support for writing servers (and thus proxies) +and to add transports TCP and DTLS. The canonical pickup point is http://git.nordu.net/?p=radsecproxy.git;a=shortlog;h=refs/heads/libradsec -The source code is licensed under a 3-clause BSD license. See LICENSE. +The source code is licensed under a 3-clause BSD license. See the +LICENSE file. -libradsec depends on +Libradsec depends on - libconfuse - libevent2 - openssl (if configured with --enable-tls) @@ -18,10 +19,24 @@ libradsec depends on To compile the library and the examples, do something like - sh autogen.sh && ./configure && make + sh autogen.sh && ./configure && make -If any of the libraries are not found, try setting environment -variable LDFLAGS at configure time like so: + +There are a couple of options that can be used when configuring. See + + ./configure --help + +for the full list. Worth mentioning here is --enable-tls and +--enable-tls-psk. + +If the preprocessor has a hard time finding some of the header files +are, try setting environment variable CPPFLAGS at configure +time. Example: + + CPPFLAGS="-I/usr/local/include" ./configure --enable-tls + +If the link editor has trouble finding any of the libraries needed, +try setting environment variable LDFLAGS at configure time. Example: LDFLAGS="-L/usr/local/lib" ./configure --enable-tls -- cgit v1.1 From f2626416d939c08f3eab5091582af558ce23b472 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 21:42:17 +0200 Subject: Initial RPM packaging Adapted from commit 8ff4e9ab2308fc6ee1e9b140d85ba45eff5287ce Author: Sam hartman Date: Mon Oct 10 15:25:11 2011 +0100 Conflicts: lib/Makefile.am lib/configure.ac --- lib/Makefile.am | 17 +++++++++++- lib/configure.ac | 8 +++--- lib/libradsec.spec.in | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+), 5 deletions(-) create mode 100644 lib/libradsec.spec.in diff --git a/lib/Makefile.am b/lib/Makefile.am index 3de4657..5fad0b0 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -47,7 +47,22 @@ else libradsec_la_SOURCES += md5.c endif -EXTRA_DIST = HACKING LICENSE +libradsec_la_SOURCES += \ + compat.h \ + conn.h \ + debug.h \ + err.h \ + event.h \ + md5.h \ + packet.h \ + peer.h \ + radsec.h \ + tcp.h \ + tls.h \ + udp.h \ + util.h + +EXTRA_DIST = HACKING LICENSE libradsec.spec radsec.sym libradsec_la_LIBADD = radsecproxy/libradsec-radsecproxy.la radius/libradsec-radius.la libradsec_la_LDFLAGS = -version-info 1:0:0 -export-symbols radsec.sym diff --git a/lib/configure.ac b/lib/configure.ac index 4abd170..ab775e4 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -1,6 +1,6 @@ # -*- Autoconf -*- script for libradsec. -AC_PREREQ([2.65]) +AC_PREREQ([2.63]) AC_INIT([libradsec], [0.0.4.dev], [linus+libradsec@nordu.net]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([radsec.c]) @@ -53,10 +53,10 @@ AC_TYPE_UINT8_T # Checks for library functions. AC_CHECK_FUNCS([memset socket strdup strerror strrchr]) -AC_CONFIG_FILES([Makefile +AC_CONFIG_FILES([Makefile libradsec.spec radsecproxy/Makefile - radius/Makefile - include/Makefile + radius/Makefile + include/Makefile examples/Makefile tests/Makefile]) AC_OUTPUT diff --git a/lib/libradsec.spec.in b/lib/libradsec.spec.in new file mode 100644 index 0000000..97d6178 --- /dev/null +++ b/lib/libradsec.spec.in @@ -0,0 +1,77 @@ +Name: @PACKAGE@ +Version: @PACKAGE_VERSION@ +Release: 1%{?dist} +Summary: RADIUS over TLS library + +Group: System Environment/Libraries +License: BSD +URL: http://software.uninett.no/radsecproxy/?page=documentation +Source0: %{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root + + + +BuildRequires: openssl-devel +BuildRequires: libconfuse-devel +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: libevent-devel >= 2.0 + + + +%description + Libradsec is a RADIUS over TLS library. + + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + + +%prep +%setup -q + + +%build + export CPPFLAGS='-I%{_includedir}' + export LDFLAGS='-L%{_libdir}' +%configure --disable-static +make %{?_smp_mflags} + + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%defattr(-,root,root,-) +%doc README +%{_libdir}/*.so.* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/* +%{_libdir}/*.so + + +%changelog +* Tue Sep 27 2011 - %{version}-1 +- initial version + -- cgit v1.1 From f08d4effdb7fb0dbe63b73d4fa4e3310d3b3e0ca Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 22:17:32 +0200 Subject: Don't include tests in SUBIDRS after all. It requires a running radius server. That's not a nice thing to require for something like distcheck. --- lib/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 5fad0b0..292451f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -17,7 +17,8 @@ ACLOCAL_AMFLAGS = -I m4 # library interface is _changed_. -SUBDIRS = radius radsecproxy include . examples tests +SUBDIRS = radius radsecproxy include . examples +DIST_SUBDIRS = $(SUBDIRS) tests INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -Werror -g -- cgit v1.1 From b73a7432ab85d5ca8d0683166c2c7cc75553db69 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 22:18:27 +0200 Subject: Pass make distcheck. --- lib/Makefile.am | 3 ++- lib/examples/Makefile.am | 2 +- lib/radius/Makefile.am | 5 +++-- lib/radsecproxy/Makefile.am | 15 ++++++++++----- lib/tests/Makefile.am | 6 +++--- 5 files changed, 19 insertions(+), 12 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 292451f..2e8401a 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -64,7 +64,8 @@ libradsec_la_SOURCES += \ util.h EXTRA_DIST = HACKING LICENSE libradsec.spec radsec.sym +AM_DISTCHECK_CONFIGURE_FLAGS = --enable-tls --enable-tls-psk libradsec_la_LIBADD = radsecproxy/libradsec-radsecproxy.la radius/libradsec-radius.la -libradsec_la_LDFLAGS = -version-info 1:0:0 -export-symbols radsec.sym +libradsec_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(srcdir)/radsec.sym libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT diff --git a/lib/examples/Makefile.am b/lib/examples/Makefile.am index bfd31e8..f300627 100644 --- a/lib/examples/Makefile.am +++ b/lib/examples/Makefile.am @@ -1,5 +1,5 @@ AUTOMAKE_OPTIONS = foreign -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir) AM_CFLAGS = -Wall -Werror -g noinst_PROGRAMS = client diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am index 96bafae..c827465 100644 --- a/lib/radius/Makefile.am +++ b/lib/radius/Makefile.am @@ -18,6 +18,8 @@ libradsec_radius_la_SOURCES = \ static.c \ valuepair.c +libradsec_radius_la_SOURCES += client.h + libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H DICTIONARIES = \ @@ -27,7 +29,7 @@ DICTIONARIES = \ share/dictionary.ukerna \ share/dictionary.abfab.ietf -EXTRA_DIST = $(DICTIONARIES) +EXTRA_DIST = dictionaries.c $(DICTIONARIES) common.pl convert.pl $(top_srcdir)/include/radsec/radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl $(srcdir)/convert.pl ${DICTIONARIES} @@ -38,4 +40,3 @@ clean-local: rm -f dictionaries.c $(libradsec_radius_la_SOURCES): $(top_srcdir)/include/radsec/radius.h - diff --git a/lib/radsecproxy/Makefile.am b/lib/radsecproxy/Makefile.am index 0d4a882..962f367 100644 --- a/lib/radsecproxy/Makefile.am +++ b/lib/radsecproxy/Makefile.am @@ -7,12 +7,17 @@ AM_CFLAGS = -Wall -Werror -g noinst_LTLIBRARIES = libradsec-radsecproxy.la libradsec_radsecproxy_la_SOURCES = \ - debug.c \ - hash.c \ - list.c \ - util.c + debug.c debug.h \ + gconfig.h \ + hash.c hash.h \ + hostport_types.h \ + list.c list.h \ + radmsg.h \ + radsecproxy.h \ + tlv11.h \ + util.c util.h if RS_ENABLE_TLS libradsec_radsecproxy_la_SOURCES += \ - tlscommon.c + tlscommon.c tlscommon.h endif diff --git a/lib/tests/Makefile.am b/lib/tests/Makefile.am index 045991a..dc15264 100644 --- a/lib/tests/Makefile.am +++ b/lib/tests/Makefile.am @@ -1,12 +1,12 @@ AUTOMAKE_OPTIONS = foreign -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir) AM_CFLAGS = -Wall -Werror -g TESTS = test-udp check_PROGRAMS = test-udp udp-server -test_udp_SOURCES = test-udp.c udp.c +test_udp_SOURCES = test-udp.c udp.c udp.h test_udp_LDADD = ../libradsec.la -lcunit -lm -udp_server_SOURCES = udp-server.c udp.c +udp_server_SOURCES = udp-server.c udp.c udp.h -- cgit v1.1 From f4608111b51edf1744cef31306d6bf06129dd591 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 22:42:00 +0200 Subject: Clarify and reformat comments on how to use Libtool's -version-info. --- lib/Makefile.am | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 2e8401a..8f86aa4 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -3,18 +3,18 @@ ACLOCAL_AMFLAGS = -I m4 # Shared library interface version, i.e. -version-info to Libtool, # expressed as three integers CURRENT:REVISION:AGE. - -# CURRENT is the version number of the current interface. Increment -# CURRENT when the library interface changes. - +# +# CURRENT is the version number of the current interface. Increment +# CURRENT when the library interface has changed or has been extended. +# # REVISION is the version number of the _implementation_ of the -# CURRENT interface. Set REVISION to 0 when CURRENT changes, -# else increment. - +# CURRENT interface. Set REVISION to 0 when CURRENT changes, else +# increment. +# # AGE is the number of interfaces this library implements, i.e. how -# many versions before CURRENT that are supported. Increment AGE -# when the library interface is _extended_. Set AGE to 0 when the -# library interface is _changed_. +# many versions before CURRENT that are supported. Increment AGE when +# the library interface is _extended_. Set AGE to 0 when the library +# interface is _changed_. SUBDIRS = radius radsecproxy include . examples -- cgit v1.1 From de670651b8d513c3956fc8618bca303ba55a04f4 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 8 May 2013 23:10:11 +0200 Subject: Revert "Bump library interface revision." So there were two things wrong with that commit. 1. Library interface revision should be bumped only immediately before a public release. 2. Given the changes in the library, it should change to 0:1:0 since the interface didn't change (including not being extended). This reverts commit b9e967b3cde6af41cd0e863e9ff073897019625a. Conflicts: lib/Makefile.am --- lib/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 8f86aa4..237294a 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -67,5 +67,5 @@ EXTRA_DIST = HACKING LICENSE libradsec.spec radsec.sym AM_DISTCHECK_CONFIGURE_FLAGS = --enable-tls --enable-tls-psk libradsec_la_LIBADD = radsecproxy/libradsec-radsecproxy.la radius/libradsec-radius.la -libradsec_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(srcdir)/radsec.sym +libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols $(srcdir)/radsec.sym libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT -- cgit v1.1 From 65a9a8786d5507e7f150567e4effd6e7409ac92c Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 9 May 2013 08:59:00 +0200 Subject: Use malloc+memcpy rather than calloc+strcpy in rs_strdup. For effiency (but triggered by calloc needing unistd.h on Darwin). --- lib/util.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/util.c b/lib/util.c index eceaec9..1142afa 100644 --- a/lib/util.c +++ b/lib/util.c @@ -1,4 +1,4 @@ -/* Copyright 2012 NORDUnet A/S. All rights reserved. +/* Copyright 2012,2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #include @@ -9,11 +9,16 @@ char * rs_strdup (struct rs_context *ctx, const char *s) { - char *buf = rs_calloc (ctx, 1, strlen (s) + 1); + size_t len; + char *buf; + + len = strlen (s); + buf = rs_malloc (ctx, len + 1); if (buf != NULL) - return strcpy (buf, s); + memcpy (buf, s, len + 1); + else + rs_err_ctx_push (ctx, RSE_NOMEM, __func__); - rs_err_ctx_push (ctx, RSE_NOMEM, NULL); - return NULL; + return buf; } -- cgit v1.1 From 4f9a7e63c1d14837ec880b9a63cc6a92a822e7d5 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 9 May 2013 09:32:31 +0200 Subject: Include stdlib.h everywhere we call (m|c)alloc. --- lib/packet.c | 3 ++- lib/tls.c | 3 ++- lib/util.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/packet.c b/lib/packet.c index 8135749..bfa82df 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -1,10 +1,11 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include #endif +#include #include #include #include diff --git a/lib/tls.c b/lib/tls.c index a5040f4..ddf14c9 100644 --- a/lib/tls.c +++ b/lib/tls.c @@ -1,10 +1,11 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include #endif +#include #include #include #include diff --git a/lib/util.c b/lib/util.c index 1142afa..e50d473 100644 --- a/lib/util.c +++ b/lib/util.c @@ -1,6 +1,7 @@ /* Copyright 2012,2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ +#include #include #include #include -- cgit v1.1 From f0df8b47b0c7639ab3842c2b92c80f70b8ed66d3 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 9 May 2013 09:49:37 +0200 Subject: Update copyright years. --- lib/LICENSE | 2 +- lib/conf.c | 4 ++-- lib/conn.c | 4 ++-- lib/conn.h | 4 ++-- lib/err.c | 4 ++-- lib/event.c | 4 ++-- lib/event.h | 4 ++-- lib/include/radsec/radsec-impl.h | 3 ++- lib/include/radsec/radsec.h | 3 ++- lib/include/radsec/request-impl.h | 3 ++- lib/include/radsec/request.h | 3 ++- lib/peer.c | 4 ++-- lib/radsec.c | 4 ++-- lib/request.c | 4 ++-- lib/send.c | 4 ++-- lib/tcp.c | 4 ++-- lib/tls.h | 4 ++-- lib/util.c | 4 ++-- 18 files changed, 35 insertions(+), 31 deletions(-) diff --git a/lib/LICENSE b/lib/LICENSE index 43a0ec8..be32a9a 100644 --- a/lib/LICENSE +++ b/lib/LICENSE @@ -1,6 +1,6 @@ * Copyright (c) 2007-2010, UNINETT AS * Copyright (c) 2011, JANET(UK) -* Copyright (c) 2010-2011, NORDUnet A/S +* Copyright (c) 2010-2013, NORDUnet A/S * All rights reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/lib/conf.c b/lib/conf.c index 8ad0a45..68da0a5 100644 --- a/lib/conf.c +++ b/lib/conf.c @@ -1,5 +1,5 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/conn.c b/lib/conn.c index 7522782..f89ac70 100644 --- a/lib/conn.c +++ b/lib/conn.c @@ -1,5 +1,5 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/conn.h b/lib/conn.h index c538a8c..dfeaf74 100644 --- a/lib/conn.h +++ b/lib/conn.h @@ -1,5 +1,5 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ int conn_close (struct rs_connection **connp); int conn_user_dispatch_p (const struct rs_connection *conn); diff --git a/lib/err.c b/lib/err.c index 854a4a9..0c7d5a8 100644 --- a/lib/err.c +++ b/lib/err.c @@ -1,5 +1,5 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/event.c b/lib/event.c index e51616a..802c0b9 100644 --- a/lib/event.c +++ b/lib/event.c @@ -1,5 +1,5 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2011-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/event.h b/lib/event.h index 9c239df..bd9ec77 100644 --- a/lib/event.h +++ b/lib/event.h @@ -1,5 +1,5 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2011-2012 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ void event_on_disconnect (struct rs_connection *conn); int event_on_connect (struct rs_connection *conn, struct rs_packet *pkt); diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index 6c02dcf..e472703 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -1,7 +1,8 @@ /** @file libradsec-impl.h @brief Libraray internal header file for libradsec. */ -/* See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #ifndef _RADSEC_RADSEC_IMPL_H_ #define _RADSEC_RADSEC_IMPL_H_ 1 diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 230f671..d6150bf 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -1,7 +1,8 @@ /** \file radsec.h \brief Public interface for libradsec. */ -/* See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #ifndef _RADSEC_RADSEC_H_ #define _RADSEC_RADSEC_H_ 1 diff --git a/lib/include/radsec/request-impl.h b/lib/include/radsec/request-impl.h index bb61dd6..97335e5 100644 --- a/lib/include/radsec/request-impl.h +++ b/lib/include/radsec/request-impl.h @@ -1,4 +1,5 @@ -/* See LICENSE for licensing information. */ +/* Copyright 2010-2011 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #ifndef _RADSEC_REQUEST_IMPL_H_ #define _RADSEC_REQUEST_IMPL_H_ 1 diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h index 7e58008..d4c72b3 100644 --- a/lib/include/radsec/request.h +++ b/lib/include/radsec/request.h @@ -1,7 +1,8 @@ /** \file request.h \brief Public interface for libradsec request's. */ -/* See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #ifndef _RADSEC_REQUEST_H_ #define _RADSEC_REQUEST_H_ 1 diff --git a/lib/peer.c b/lib/peer.c index 0ac4114..decc64b 100644 --- a/lib/peer.c +++ b/lib/peer.c @@ -1,5 +1,5 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2012 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/radsec.c b/lib/radsec.c index db406ae..efd2dc3 100644 --- a/lib/radsec.c +++ b/lib/radsec.c @@ -1,5 +1,5 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/request.c b/lib/request.c index 5649ee1..3a8b6dd 100644 --- a/lib/request.c +++ b/lib/request.c @@ -1,5 +1,5 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2011 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/send.c b/lib/send.c index e58b42c..3161bbe 100644 --- a/lib/send.c +++ b/lib/send.c @@ -1,5 +1,5 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/tcp.c b/lib/tcp.c index e2e9feb..8ea6a5e 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -1,5 +1,5 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2011-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/tls.h b/lib/tls.h index 74a63b3..4707b93 100644 --- a/lib/tls.h +++ b/lib/tls.h @@ -1,5 +1,5 @@ -/* Copyright 2010 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2010-2012 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #if defined (__cplusplus) extern "C" { diff --git a/lib/util.c b/lib/util.c index e50d473..70d815c 100644 --- a/lib/util.c +++ b/lib/util.c @@ -1,5 +1,5 @@ -/* Copyright 2012,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ +/* Copyright 2012-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ #include #include -- cgit v1.1 From fed9094cd8cda69605d0c103acd14308379b6eb0 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Thu, 9 May 2013 09:50:11 +0200 Subject: Whitespace changes in license headers. --- lib/avp.c | 2 +- lib/compat.c | 2 +- lib/compat.h | 2 +- lib/debug.c | 2 +- lib/debug.h | 2 +- lib/err.h | 2 +- lib/packet.c | 2 +- lib/packet.h | 2 +- lib/peer.h | 2 +- lib/radsec.h | 2 +- lib/tcp.h | 2 +- lib/tls.c | 2 +- lib/udp.c | 2 +- lib/udp.h | 2 +- lib/util.h | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/avp.c b/lib/avp.c index c60d9ef..11c56db 100644 --- a/lib/avp.c +++ b/lib/avp.c @@ -1,5 +1,5 @@ /* Copyright 2011 JANET(UK). All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/compat.c b/lib/compat.c index c09e795..7c4e346 100644 --- a/lib/compat.c +++ b/lib/compat.c @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/compat.h b/lib/compat.h index f132779..d3083e9 100644 --- a/lib/compat.h +++ b/lib/compat.h @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ ssize_t compat_send (int sockfd, const void *buf, size_t len, int flags); ssize_t compat_recv (int sockfd, void *buf, size_t len, int flags); diff --git a/lib/debug.c b/lib/debug.c index 25c7fd6..903c793 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/debug.h b/lib/debug.h index c319085..ed62da1 100644 --- a/lib/debug.h +++ b/lib/debug.h @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #define hd(p, l) { int i; \ for (i = 1; i <= l; i++) { \ diff --git a/lib/err.h b/lib/err.h index 6615ac8..ba83a53 100644 --- a/lib/err.h +++ b/lib/err.h @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ struct rs_error *err_create (unsigned int code, const char *file, diff --git a/lib/packet.c b/lib/packet.c index bfa82df..a0b3eb2 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -1,5 +1,5 @@ /* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/packet.h b/lib/packet.h index c020d69..7cdbb35 100644 --- a/lib/packet.h +++ b/lib/packet.h @@ -1,5 +1,5 @@ /* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ int packet_do_send (struct rs_packet *pkt); int packet_verify_response (struct rs_connection *conn, diff --git a/lib/peer.h b/lib/peer.h index 4e976c5..b15395f 100644 --- a/lib/peer.h +++ b/lib/peer.h @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ struct rs_peer *peer_create (struct rs_context *ctx, struct rs_peer **rootp); struct rs_peer *peer_pick_peer (struct rs_connection *conn); diff --git a/lib/radsec.h b/lib/radsec.h index c8fa2fb..703e44b 100644 --- a/lib/radsec.h +++ b/lib/radsec.h @@ -1,5 +1,5 @@ /* Copyright 2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ struct rs_error *rs_resolve (struct evutil_addrinfo **addr, rs_conn_type_t type, diff --git a/lib/tcp.h b/lib/tcp.h index d945fda..eddc4c8 100644 --- a/lib/tcp.h +++ b/lib/tcp.h @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ void tcp_event_cb (struct bufferevent *bev, short events, void *user_data); void tcp_read_cb (struct bufferevent *bev, void *user_data); diff --git a/lib/tls.c b/lib/tls.c index ddf14c9..62e219e 100644 --- a/lib/tls.c +++ b/lib/tls.c @@ -1,5 +1,5 @@ /* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/udp.c b/lib/udp.c index 90a5fbf..5eb0645 100644 --- a/lib/udp.c +++ b/lib/udp.c @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ #if defined HAVE_CONFIG_H #include diff --git a/lib/udp.h b/lib/udp.h index e0d39f0..39d1aeb 100644 --- a/lib/udp.h +++ b/lib/udp.h @@ -1,5 +1,5 @@ /* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ int udp_init (struct rs_connection *conn, struct rs_packet *pkt); int udp_init_retransmit_timer (struct rs_connection *conn); diff --git a/lib/util.h b/lib/util.h index 9edac7b..f988d86 100644 --- a/lib/util.h +++ b/lib/util.h @@ -1,4 +1,4 @@ /* Copyright 2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ + See LICENSE for licensing information. */ char *rs_strdup (struct rs_context *ctx, const char *s); -- cgit v1.1 From 65b62d83ee72012d1171f1813b8f989f8805497c Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 15 May 2013 11:57:09 +0200 Subject: Don't crash on reading invalid messages. Also, invoke disconnected callback and close connection in error cases. --- lib/conn.c | 32 +++++++++++++++++++------------- lib/conn.h | 1 - lib/tcp.c | 12 ++++++++---- lib/udp.c | 32 +++++++++++++------------------- 4 files changed, 40 insertions(+), 37 deletions(-) diff --git a/lib/conn.c b/lib/conn.c index f89ac70..499c330 100644 --- a/lib/conn.c +++ b/lib/conn.c @@ -20,19 +20,6 @@ #include "tcp.h" int -conn_close (struct rs_connection **connp) -{ - int r = 0; - assert (connp); - assert (*connp); - if ((*connp)->is_connected) - r = rs_conn_disconnect (*connp); - if (r == RSE_OK) - *connp = NULL; - return r; -} - -int conn_user_dispatch_p (const struct rs_connection *conn) { assert (conn); @@ -145,6 +132,25 @@ rs_conn_disconnect (struct rs_connection *conn) assert (conn); + if (conn->is_connected) + event_on_disconnect (conn); + + if (conn->bev) + { + bufferevent_free (conn->bev); + conn->bev = NULL; + } + if (conn->rev) + { + event_free (conn->rev); + conn->rev = NULL; + } + if (conn->wev) + { + event_free (conn->wev); + conn->wev = NULL; + } + err = evutil_closesocket (conn->fd); conn->fd = -1; return err; diff --git a/lib/conn.h b/lib/conn.h index dfeaf74..66e15e2 100644 --- a/lib/conn.h +++ b/lib/conn.h @@ -1,7 +1,6 @@ /* Copyright 2011,2013 NORDUnet A/S. All rights reserved. See LICENSE for licensing information. */ -int conn_close (struct rs_connection **connp); int conn_user_dispatch_p (const struct rs_connection *conn); int conn_activate_timeout (struct rs_connection *conn); int conn_type_tls (const struct rs_connection *conn); diff --git a/lib/tcp.c b/lib/tcp.c index 8ea6a5e..e2b1a2f 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -38,7 +38,9 @@ _read_header (struct rs_packet *pkt) pkt->rpkt->length = (pkt->hdr[2] << 8) + pkt->hdr[3]; if (pkt->rpkt->length < 20 || pkt->rpkt->length > RS_MAX_PACKET_LEN) { - conn_close (&pkt->conn); + rs_debug (("%s: invalid packet length: %d\n", + __func__, pkt->rpkt->length)); + rs_conn_disconnect (pkt->conn); return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, "invalid packet length: %d", pkt->rpkt->length); @@ -55,7 +57,8 @@ _read_header (struct rs_packet *pkt) } else /* Error: libevent gave us less than the low watermark. */ { - conn_close (&pkt->conn); + rs_debug (("%s: got: %d octets reading header\n", __func__, n)); + rs_conn_disconnect (pkg->conn); return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__, "got %d octets reading header", n); } @@ -100,8 +103,9 @@ _read_packet (struct rs_packet *pkt) err = nr_packet_ok (pkt->rpkt); if (err != RSE_OK) { - conn_close (&pkt->conn); - return rs_err_conn_push_fl (pkt->conn, err, __FILE__, __LINE__, + rs_debug (("%s: %d: invalid packet\n", __func__, -err)); + rs_conn_disconnect (pkt->conn); + return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, "invalid packet"); } diff --git a/lib/udp.c b/lib/udp.c index 5eb0645..36af084 100644 --- a/lib/udp.c +++ b/lib/udp.c @@ -65,22 +65,22 @@ static void _evcb (evutil_socket_t fd, short what, void *user_data) { int err; + struct rs_packet *pkt = (struct rs_packet *) user_data; rs_debug (("%s: fd=%d what =", __func__, fd)); - if (what & EV_TIMEOUT) rs_debug ((" TIMEOUT")); + if (what & EV_TIMEOUT) rs_debug ((" TIMEOUT -- shouldn't happen!")); if (what & EV_READ) rs_debug ((" READ")); if (what & EV_WRITE) rs_debug ((" WRITE")); rs_debug (("\n")); + assert (pkt); + assert (pkt->conn); if (what & EV_READ) { /* Read a single UDP packet and stick it in USER_DATA. */ /* TODO: Verify that unsolicited packets are dropped. */ - struct rs_packet *pkt = (struct rs_packet *) user_data; ssize_t r = 0; - assert (pkt); - assert (pkt->conn); assert (pkt->rpkt->data); r = compat_recv (fd, pkt->rpkt->data, RS_MAX_PACKET_LEN, MSG_TRUNC); @@ -92,7 +92,7 @@ _evcb (evutil_socket_t fd, short what, void *user_data) /* FIXME: Really shouldn't happen since we've been told that fd is readable! */ rs_debug (("%s: EAGAIN reading UDP packet -- wot?")); - return; + goto err_out; } /* Hard error. */ @@ -100,23 +100,22 @@ _evcb (evutil_socket_t fd, short what, void *user_data) "%d: recv: %d (%s)", fd, sockerr, evutil_socket_error_to_string (sockerr)); event_del (pkt->conn->tev); - return; + goto err_out; } event_del (pkt->conn->tev); if (r < 20 || r > RS_MAX_PACKET_LEN) /* Short or long packet. */ { rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, - "invalid packet length: %d", - pkt->rpkt->length); - return; + "invalid packet length: %d", r); + goto err_out; } pkt->rpkt->length = (pkt->rpkt->data[2] << 8) + pkt->rpkt->data[3]; err = nr_packet_ok (pkt->rpkt); if (err) { - rs_err_conn_push_fl (pkt->conn, err, __FILE__, __LINE__, + rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, "invalid packet"); - return; + goto err_out; } /* Hand over message to user. This changes ownership of pkt. Don't touch it afterwards -- it might have been freed. */ @@ -125,10 +124,6 @@ _evcb (evutil_socket_t fd, short what, void *user_data) } else if (what & EV_WRITE) { - struct rs_packet *pkt = (struct rs_packet *) user_data; - assert (pkt); - assert (pkt->conn); - if (!pkt->conn->is_connected) event_on_connect (pkt->conn, pkt); @@ -137,11 +132,10 @@ _evcb (evutil_socket_t fd, short what, void *user_data) if (pkt->conn->callbacks.sent_cb) pkt->conn->callbacks.sent_cb (pkt->conn->user_data); } + return; -#if defined (DEBUG) - if (what & EV_TIMEOUT) - rs_debug (("%s: timeout on UDP event, shouldn't happen\n", __func__)); -#endif + err_out: + rs_conn_disconnect (pkt->conn); } int -- cgit v1.1