From 7ec93ff9e4d979e4bbcf33f9c90c94dc9d3cdba9 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sun, 13 Nov 2011 16:16:05 +1100 Subject: add new RADIUS client library --- lib/radius/LICENSE | 24 + lib/radius/Makefile | 68 ++ lib/radius/attrs.c | 1411 ++++++++++++++++++++++++++++++ lib/radius/client.h | 1408 ++++++++++++++++++++++++++++++ lib/radius/common.pl | 220 +++++ lib/radius/convert.pl | 182 ++++ lib/radius/crypto.c | 233 +++++ lib/radius/custom.c | 87 ++ lib/radius/dict.c | 172 ++++ lib/radius/dictionaries.c | 1515 +++++++++++++++++++++++++++++++++ lib/radius/doc.txt | 41 + lib/radius/doxygen.conf | 1417 ++++++++++++++++++++++++++++++ lib/radius/examples/Makefile | 54 ++ lib/radius/examples/example_1.c | 86 ++ lib/radius/examples/example_2.c | 86 ++ lib/radius/examples/example_3.c | 123 +++ lib/radius/examples/example_4.c | 94 ++ lib/radius/examples/nr_vp_create.c | 61 ++ lib/radius/header.pl | 68 ++ lib/radius/id.c | 178 ++++ lib/radius/packet.c | 918 ++++++++++++++++++++ lib/radius/parse.c | 142 +++ lib/radius/print.c | 265 ++++++ lib/radius/radius.h | 314 +++++++ lib/radius/share/dictionary.microsoft | 17 + lib/radius/share/dictionary.txt | 136 +++ lib/radius/share/dictionary.vendor | 10 + lib/radius/static.c | 37 + lib/radius/tests/Makefile | 25 + lib/radius/tests/radattr.c | 769 +++++++++++++++++ lib/radius/tests/rfc.txt | 144 ++++ lib/radius/valuepair.c | 199 +++++ 32 files changed, 10504 insertions(+) create mode 100644 lib/radius/LICENSE create mode 100644 lib/radius/Makefile create mode 100644 lib/radius/attrs.c create mode 100644 lib/radius/client.h create mode 100644 lib/radius/common.pl create mode 100755 lib/radius/convert.pl create mode 100644 lib/radius/crypto.c create mode 100644 lib/radius/custom.c create mode 100644 lib/radius/dict.c create mode 100644 lib/radius/dictionaries.c create mode 100644 lib/radius/doc.txt create mode 100644 lib/radius/doxygen.conf create mode 100644 lib/radius/examples/Makefile create mode 100644 lib/radius/examples/example_1.c create mode 100644 lib/radius/examples/example_2.c create mode 100644 lib/radius/examples/example_3.c create mode 100644 lib/radius/examples/example_4.c create mode 100644 lib/radius/examples/nr_vp_create.c create mode 100755 lib/radius/header.pl create mode 100644 lib/radius/id.c create mode 100644 lib/radius/packet.c create mode 100644 lib/radius/parse.c create mode 100644 lib/radius/print.c create mode 100644 lib/radius/radius.h create mode 100644 lib/radius/share/dictionary.microsoft create mode 100644 lib/radius/share/dictionary.txt create mode 100644 lib/radius/share/dictionary.vendor create mode 100644 lib/radius/static.c create mode 100644 lib/radius/tests/Makefile create mode 100644 lib/radius/tests/radattr.c create mode 100644 lib/radius/tests/rfc.txt create mode 100644 lib/radius/valuepair.c (limited to 'lib') diff --git a/lib/radius/LICENSE b/lib/radius/LICENSE new file mode 100644 index 0000000..01dbe92 --- /dev/null +++ b/lib/radius/LICENSE @@ -0,0 +1,24 @@ +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/lib/radius/Makefile b/lib/radius/Makefile new file mode 100644 index 0000000..63eff89 --- /dev/null +++ b/lib/radius/Makefile @@ -0,0 +1,68 @@ +# +# GNU Makefile +# +.PHONY: all clean install +all: libnetworkradius-client.a + +SRCS := dict.c attrs.c packet.c valuepair.c static.c id.c \ + crypto.c custom.c print.c parse.c + +OBJS := ${SRCS:.c=.o} + +HEADERS := client.h radius.h + +CFLAGS := -I. -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef + +VERSION := 1.0 +NAME := networkradius-client-$(VERSION) + + +# +# The DICTIONARIES variable can be used to point to the FreeRADIUS +# dictionaries. +# +ifeq "${DICTIONARIES}" "" +DICTIONARIES := $(filter-out %~,$(wildcard share/dictionary*)) +endif + +${OBJS}: ${HEADERS} + +radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl + ./convert.pl ${DICTIONARIES} + +static.o: static.c dictionaries.c + +%.o : %.c + $(CC) $(CFLAGS) -c $< + +%.o: ${HEADERS} + +.PHONY: networkradius-devel +networkradius-devel: + @[ -e $@ ] || ln -s . $@ + +libnetworkradius-client.a: ${OBJS} + ${AR} ${ARFLAGS} $@ $^ + +LIBS := -lcrypto -lssl +LDFLAGS = -L. -lnetworkradius-client + +.PHONY: html +html: + doxygen doxygen.conf + +clean: + @rm -rf *.o *.a *~ html + +install: libnetworkradius-client.a + +.PHONY: publish +publish: + @scp -r html/* networkradius.com@liberty:www.new/site/clientapi/ + +$(NAME).tar.gz: $(wildcard Makefile *.pl *.txt *.[ch] \ + examples/*.[ch] doc/*.txt share/dictionary*) + git archive --format=tar --prefix=$(NAME)/ bsd | gzip > $@ + +.PHONY: tar +tar: $(NAME).tar.gz diff --git a/lib/radius/attrs.c b/lib/radius/attrs.c new file mode 100644 index 0000000..4fd2bf4 --- /dev/null +++ b/lib/radius/attrs.c @@ -0,0 +1,1411 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file attrs.c + * \brief Attribute encoding and decoding routines. + */ + +#include + +/* + * Encodes the data portion of an attribute. + * Returns -1 on error, or the length of the data portion. + */ +static ssize_t vp2data_any(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + int nest, + const VALUE_PAIR **pvp, + uint8_t *start, size_t room) +{ + uint32_t lvalue; + ssize_t len; + const uint8_t *data; + uint8_t *ptr = start; + uint8_t array[4]; + const VALUE_PAIR *vp = *pvp; + +#ifdef NR_TYPE_TLV + /* + * See if we need to encode a TLV. The low portion of + * the attribute has already been placed into the packer. + * If there are still attribute bytes left, then go + * encode them as TLVs. + * + * If we cared about the stack, we could unroll the loop. + */ + if ((nest > 0) && (nest <= nr_attr_max_tlv) && + ((vp->da->attr >> nr_attr_shift[nest]) != 0)) { + return vp2data_tlvs(packet, original, nest, pvp, + start, room); + } +#else + nest = nest; /* -Wunused */ +#endif + + /* + * Set up the default sources for the data. + */ + data = vp->vp_octets; + len = vp->length; + + switch(vp->da->type) { + case NR_TYPE_IPV6PREFIX: + len = sizeof(vp->vp_ipv6prefix); + break; + + case NR_TYPE_STRING: + case NR_TYPE_OCTETS: + case NR_TYPE_IFID: + case NR_TYPE_IPV6ADDR: +#ifdef NR_TYPE_ABINARY + case NR_TYPE_ABINARY: +#endif + /* nothing more to do */ + break; + + case NR_TYPE_BYTE: + len = 1; /* just in case */ + array[0] = vp->vp_integer & 0xff; + data = array; + break; + + case NR_TYPE_SHORT: + len = 2; /* just in case */ + array[0] = (vp->vp_integer >> 8) & 0xff; + array[1] = vp->vp_integer & 0xff; + data = array; + break; + + case NR_TYPE_INTEGER: + len = 4; /* just in case */ + lvalue = htonl(vp->vp_integer); + memcpy(array, &lvalue, sizeof(lvalue)); + data = array; + break; + + case NR_TYPE_IPADDR: + data = (const uint8_t *) &vp->vp_ipaddr; + len = 4; /* just in case */ + break; + + /* + * There are no tagged date attributes. + */ + case NR_TYPE_DATE: + lvalue = htonl(vp->vp_date); + data = (const uint8_t *) &lvalue; + len = 4; /* just in case */ + break; + +#ifdef VENDORPEC_WIMAX + case NR_TYPE_SIGNED: + { + int32_t slvalue; + + len = 4; /* just in case */ + slvalue = htonl(vp->vp_signed); + memcpy(array, &slvalue, sizeof(slvalue)); + break; + } +#endif + +#ifdef NR_TYPE_TLV + case NR_TYPE_TLV: + data = vp->vp_tlv; + if (!data) { + nr_debug_error("ERROR: Cannot encode NULL TLV"); + return -NR_ERR_INVALID_ARG; + } + len = vp->length; + break; +#endif + + default: /* unknown type: ignore it */ + nr_debug_error("ERROR: Unknown attribute type %d", vp->da->type); + return -NR_ERR_ATTR_TYPE_UNKNOWN; + } + + /* + * Bound the data to the calling size + */ + if (len > (ssize_t) room) len = room; + +#ifndef FLAG_ENCRYPT_TUNNEL_PASSWORD + original = original; /* -Wunused */ +#endif + + /* + * Encrypt the various password styles + * + * Attributes with encrypted values MUST be less than + * 128 bytes long. + */ + switch (vp->da->flags.encrypt) { + case FLAG_ENCRYPT_USER_PASSWORD: + len = nr_password_encrypt(ptr, room, data, len, + packet->secret, packet->vector); + break; + +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + case FLAG_ENCRYPT_TUNNEL_PASSWORD: + lvalue = 0; + if (vp->da->flags.has_tag) lvalue = 1; + + /* + * Check if there's enough room. If there isn't, + * we discard the attribute. + * + * This is ONLY a problem if we have multiple VSA's + * in one Vendor-Specific, though. + */ + if (room < (18 + lvalue)) { + *pvp = vp->next; + return 0; + } + + switch (packet->code) { + case PW_ACCESS_ACCEPT: + case PW_ACCESS_REJECT: + case PW_ACCESS_CHALLENGE: + default: + if (!original) { + nr_debug_error("ERROR: No request packet, cannot encrypt %s attribute in the vp.", vp->da->name); + return -NR_ERR_REQUEST_REQUIRED; + } + + if (lvalue) ptr[0] = vp->tag; + len = nr_tunnelpw_encrypt(ptr + lvalue, + room - lvalue, data, len, + packet->secret, + original->vector); + if (len < 0) return len; + break; + case PW_ACCOUNTING_REQUEST: + case PW_DISCONNECT_REQUEST: + case PW_COA_REQUEST: + ptr[0] = vp->tag; + len = nr_tunnelpw_encrypt(ptr + 1, room, data, len - 1, + packet->secret, + packet->vector); + if (len < 0) return len; + break; + } + break; +#endif + + /* + * The code above ensures that this attribute + * always fits. + */ +#ifdef FLAG_ENCRYPT_ASCEND_SECRET + case FLAG_ENCRYPT_ASCEND_SECRET: + make_secret(ptr, packet->vector, packet->secret, data); + len = AUTH_VECTOR_LEN; + break; +#endif + + default: + if (vp->da->flags.has_tag && TAG_VALID(vp->tag)) { + if (vp->da->type == NR_TYPE_STRING) { + if (len > ((ssize_t) (room - 1))) len = room - 1; + ptr[0] = vp->tag; + ptr++; + } else if (vp->da->type == NR_TYPE_INTEGER) { + array[0] = vp->tag; + } /* else it can't be any other type */ + } + memcpy(ptr, data, len); + break; + } /* switch over encryption flags */ + + *(pvp) = vp->next; + return len + (ptr - start);; +} + + +/* + * Encode an RFC format TLV. This could be a standard attribute, + * or a TLV data type. If it's a standard attribute, then + * vp->da->attr == attribute. Otherwise, attribute may be + * something else. + */ +static ssize_t vp2attr_rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + unsigned int attribute, uint8_t *ptr, size_t room) +{ + ssize_t len; + + if (room < 2) { + *pvp = (*pvp)->next; + return 0; + } + + ptr[0] = attribute & 0xff; + ptr[1] = 2; + + if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; + + len = vp2data_any(packet, original, 0, pvp, ptr + ptr[1], room); + if (len < 0) return len; + + ptr[1] += len; + + return ptr[1]; +} + + +#ifndef WITHOUT_VSAS +/* + * Encode a VSA which is a TLV. If it's in the RFC format, call + * vp2attr_rfc. Otherwise, encode it here. + */ +static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + unsigned int attribute, unsigned int vendor, + uint8_t *ptr, size_t room) +{ + ssize_t len; + const DICT_VENDOR *dv; + + /* + * Unknown vendor: RFC format. + * Known vendor and RFC format: go do that. + */ + dv = nr_dict_vendor_byvalue(vendor); + if (!dv || + ( +#ifdef NR_TYPE_TLV + !(*pvp)->flags.is_tlv && +#endif + (dv->type == 1) && (dv->length == 1))) { + return vp2attr_rfc(packet, original, pvp, + attribute, ptr, room); + } + +#ifdef NR_TYPE_TLV + if ((*pvp)->flags.is_tlv) { + return data2vp_tlvs(packet, original, 0, pvp, + ptr, room); + } +#endif + + switch (dv->type) { + default: + nr_debug_error("vp2attr_vsa: Internal sanity check failed," + " type %u", (unsigned) dv->type); + return -NR_ERR_INTERNAL_FAILURE; + + case 4: + ptr[0] = 0; /* attr must be 24-bit */ + ptr[1] = (attribute >> 16) & 0xff; + ptr[2] = (attribute >> 8) & 0xff; + ptr[3] = attribute & 0xff; + break; + + case 2: + ptr[0] = (attribute >> 8) & 0xff; + ptr[1] = attribute & 0xff; + break; + + case 1: + ptr[0] = attribute & 0xff; + break; + } + + switch (dv->length) { + default: + nr_debug_error("vp2attr_vsa: Internal sanity check failed," + " length %u", (unsigned) dv->length); + return -NR_ERR_INTERNAL_FAILURE; + + case 0: + break; + + case 2: + ptr[dv->type] = 0; + /* FALL-THROUGH */ + + case 1: + ptr[dv->type + dv->length - 1] = dv->type + dv->length; + break; + + } + + if (room > ((unsigned) 255 - (dv->type + dv->length))) { + room = 255 - (dv->type + dv->length); + } + + len = vp2data_any(packet, original, 0, pvp, + ptr + dv->type + dv->length, room); + if (len < 0) return len; + + if (dv->length) ptr[dv->type + dv->length - 1] += len; + + return dv->type + dv->length + len; +} + + +/* + * Encode a Vendor-Specific attribute. + */ +ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *ptr, + size_t room) +{ + ssize_t len; + uint32_t lvalue; + const VALUE_PAIR *vp = *pvp; + +#ifdef VENDORPEC_WIMAX + /* + * Double-check for WiMAX + */ + if (vp->da->vendor == VENDORPEC_WIMAX) { + return nr_vp2wimax(packet, original, pvp, + ptr, room); + } +#endif + + if (vp->da->vendor > NR_MAX_VENDOR) { + nr_debug_error("nr_vp2vsa: Invalid arguments"); + return -NR_ERR_INVALID_ARG; + } + + /* + * Not enough room for: + * attr, len, vendor-id + */ + if (room < 6) { + *pvp = vp->next; + return 0; + } + + /* + * Build the Vendor-Specific header + */ + ptr[0] = PW_VENDOR_SPECIFIC; + ptr[1] = 6; + lvalue = htonl(vp->da->vendor); + memcpy(ptr + 2, &lvalue, 4); + + if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; + + len = vp2attr_vsa(packet, original, pvp, + vp->da->attr, vp->da->vendor, + ptr + ptr[1], room); + if (len < 0) return len; + + ptr[1] += len; + + return ptr[1]; +} +#endif + + +/* + * Encode an RFC standard attribute 1..255 + */ +ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + uint8_t *ptr, size_t room) +{ + const VALUE_PAIR *vp = *pvp; + + if (vp->da->vendor != 0) { + nr_debug_error("nr_vp2rfc called with VSA"); + return -NR_ERR_INVALID_ARG; + } + + if ((vp->da->attr == 0) || (vp->da->attr > 255)) { + nr_debug_error("nr_vp2rfc called with non-standard attribute %u", vp->da->attr); + return -NR_ERR_INVALID_ARG; + } + +#ifdef PW_CHARGEABLE_USER_IDENTITY + if ((vp->length == 0) && + (vp->da != NR_DA_CHARGEABLE_USER_IDENTITY)) { + *pvp = vp->next; + return 0; + } +#endif + + return vp2attr_rfc(packet, original, pvp, vp->da->attr, + ptr, room); +} + +#ifdef PW_CHAP_PASSWORD +/* + * Encode an RFC standard attribute 1..255 + */ +static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + uint8_t *ptr, size_t room) +{ + ssize_t rcode; + const VALUE_PAIR *vp = *pvp; + NR_MD5_CTX ctx; + uint8_t buffer[MAX_STRING_LEN*2 + 1], *p; + VALUE_PAIR chap = { + NR_DA_CHAP_PASSWORD, + 17, + 0, + NULL, + { + .octets = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }, + }, + }; + + if ((vp->da->vendor != 0) || (vp->da != NR_DA_CHAP_PASSWORD)) { + nr_debug_error("nr_chap2rfc called with non-CHAP"); + return -NR_ERR_INVALID_ARG; + } + + p = buffer; + *(p++) = nr_rand() & 0xff; /* id */ + + memcpy(p, vp->vp_strvalue, strlen(vp->vp_strvalue)); + p += strlen(vp->vp_strvalue); + + vp = nr_vps_find(packet->vps, PW_CHAP_CHALLENGE, 0); + if (vp) { + memcpy(p, vp->vp_octets, vp->length); + p += vp->length; + } else { + memcpy(p, packet->vector, sizeof(packet->vector)); + p += sizeof(packet->vector); + } + + nr_MD5Init(&ctx); + nr_MD5Update(&ctx, buffer, p - buffer); + nr_MD5Final(&chap.vp_octets[1], &ctx); + + chap.vp_octets[0] = buffer[0]; + vp = &chap; + + rcode = vp2attr_rfc(packet, original, &vp, chap.da->attr, + ptr, room); + if (rcode < 0) return rcode; + + *pvp = (*pvp)->next; + return rcode; +} +#endif /* PW_CHAP_PASSWORD */ + +#ifdef PW_MESSAGE_AUTHENTICATOR +/** Fake Message-Authenticator. + * + * This structure is used to replace a Message-Authenticator in the + * input list of VALUE_PAIRs when encoding a packet. If the caller + * asks us to encode a Message-Authenticator, we ignore the one given + * to us by the caller (which may have the wrong length, etc.), and + * instead use this one, which has the correct length and data. + */ +static const VALUE_PAIR fake_ma = { + NR_DA_MESSAGE_AUTHENTICATOR, + 16, + 0, + NULL, + { + .octets = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }, + } +}; +#endif /* PW_MESSAGE_AUTHENTICATOR */ + +/* + * Parse a data structure into a RADIUS attribute. + */ +ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *start, + size_t room) +{ + const VALUE_PAIR *vp = *pvp; + + /* + * RFC format attributes take the fast path. + */ + if (vp->da->vendor != 0) { +#ifdef VENDORPEC_EXTENDED + if (vp->da->vendor > NR_MAX_VENDOR) { + return nr_vp2attr_extended(packet, original, + pvp, start, room); + + } +#endif + +#ifdef VENDORPEC_WIMAX + if (vp->da->vendor == VENDORPEC_WIMAX) { + return nr_vp2attr_wimax(packet, original, + pvp, start, room); + } +#endif + +#ifndef WITHOUT_VSAS + return nr_vp2vsa(packet, original, pvp, start, room); +#else + nr_debug_error("VSAs are not supported"); + return -NR_ERR_UNSUPPORTED; +#endif + } + + /* + * Ignore non-protocol attributes. + */ + if (vp->da->attr > 255) { + *pvp = vp->next; + return 0; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + /* + * The caller wants a Message-Authenticator, but doesn't + * know how to calculate it, or what the correct values + * are. So... create one for him. + */ + if (vp->da == NR_DA_MESSAGE_AUTHENTICATOR) { + ssize_t rcode; + + vp = &fake_ma; + rcode = nr_vp2rfc(packet, original, &vp, start, room); + if (rcode <= 0) return rcode; + *pvp = (*pvp)->next; + return rcode; + } +#endif + +#ifdef PW_CHAP_PASSWORD + /* + * The caller wants a CHAP-Password, but doesn't know how + * to calculate it, or what the correct values are. To + * help, we calculate it for him. + */ + if (vp->da == NR_DA_CHAP_PASSWORD) { + int encoded = 0; + + /* + * CHAP is ID + MD5(...). If it's length is NOT + * 17, then the caller has passed us a password, + * and wants us to encode it. If the length IS + * 17, then we need to double-check if the caller + * has already encoded it. + */ + if (vp->length == 17) { + int i; + + /* + * ASCII and UTF-8 disallow values 0..31. + * If they appear, then the CHAP-Password + * has already been encoded by the + * caller. The probability of a + * CHAP-Password being all 32..256 is + * (1-32/256)^17 =~ .10 + * + * This check isn't perfect, but it + * should be pretty rare for people to + * have 17-character passwords *and* have + * them all 32..256. + */ + for (i = 0; i < 17; i++) { + if (vp->vp_octets[i] < 32) { + encoded = 1; + break; + } + } + } + + if (!encoded) { + return nr_chap2rfc(packet, original, pvp, start, room); + } + } +#endif + + return nr_vp2rfc(packet, original, pvp, + start, room); +} + + +/* + * Ignore unknown attributes, but "decoding" them into nothing. + */ +static ssize_t data2vp_raw(UNUSED const RADIUS_PACKET *packet, + UNUSED const RADIUS_PACKET *original, + unsigned int attribute, + unsigned int vendor, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + VALUE_PAIR *vp; + + if (length > sizeof(vp->vp_octets)) return -NR_ERR_ATTR_OVERFLOW; + + vp = nr_vp_alloc_raw(attribute, vendor); + if (!vp) return -NR_ERR_NO_MEM; + + memcpy(vp->vp_octets, data, length); + vp->length = length; + + *pvp = vp; + return length; +} + +ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + + if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; + if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; + if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + + return data2vp_raw(packet, original, data[0], 0, + data + 2, data[1] - 2, pvp); +} + +/* + * Create any kind of VP from the attribute contents. + * + * Will return -1 on error, or "length". + */ +static ssize_t data2vp_any(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + int nest, + unsigned int attribute, unsigned int vendor, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + ssize_t rcode; +#endif + int data_offset = 0; + const DICT_ATTR *da; + VALUE_PAIR *vp = NULL; + + if (length == 0) { + /* + * Hacks for CUI. The WiMAX spec says that it + * can be zero length, even though this is + * forbidden by the RADIUS specs. So... we make + * a special case for it. + */ + if ((vendor == 0) && + (attribute == PW_CHARGEABLE_USER_IDENTITY)) { + data = (const uint8_t *) ""; + length = 1; + } else { + *pvp = NULL; + return 0; + } + } + + da = nr_dict_attr_byvalue(attribute, vendor); + + /* + * Unknown attribute. Create it as a "raw" attribute. + */ + if (!da) { + raw: + if (vp) nr_vp_free(&vp); + return data2vp_raw(packet, original, + attribute, vendor, data, length, pvp); + } + +#ifdef NR_TYPE_TLV + /* + * TLVs are handled first. They can't be tagged, and + * they can't be encrypted. + */ + if (da->da->type == NR_TYPE_TLV) { + return data2vp_tlvs(packet, original, + attribute, vendor, nest, + data, length, pvp); + } +#else + nest = nest; /* -Wunused */ +#endif + + /* + * The attribute is known, and well formed. We can now + * create it. The main failure from here on in is being + * out of memory. + */ + vp = nr_vp_alloc(da); + if (!vp) return -NR_ERR_NO_MEM; + + /* + * Handle tags. + */ + if (vp->da->flags.has_tag) { + if (TAG_VALID(data[0]) +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + || (vp->da->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) +#endif + ) { + /* + * Tunnel passwords REQUIRE a tag, even + * if don't have a valid tag. + */ + vp->tag = data[0]; + + if ((vp->da->type == NR_TYPE_STRING) || + (vp->da->type == NR_TYPE_OCTETS)) { + if (length == 0) goto raw; + data_offset = 1; + } + } + } + + /* + * Copy the data to be decrypted + */ + vp->length = length - data_offset; + memcpy(&vp->vp_octets[0], data + data_offset, vp->length); + + /* + * Decrypt the attribute. + */ + switch (vp->da->flags.encrypt) { + /* + * User-Password + */ + case FLAG_ENCRYPT_USER_PASSWORD: + if (original) { + rcode = nr_password_encrypt(vp->vp_octets, + sizeof(vp->vp_strvalue), + data + data_offset, vp->length, + packet->secret, + original->vector); + } else { + rcode = nr_password_encrypt(vp->vp_octets, + sizeof(vp->vp_strvalue), + data + data_offset, vp->length, + packet->secret, + packet->vector); + } + if (rcode < 0) goto raw; + vp->vp_strvalue[128] = '\0'; + vp->length = strlen(vp->vp_strvalue); + break; + + /* + * Tunnel-Password's may go ONLY + * in response packets. + */ +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD + case FLAG_ENCRYPT_TUNNEL_PASSWORD: + if (!original) goto raw; + + rcode = nr_tunnelpw_decrypt(vp->vp_octets, + sizeof(vp->vp_octets), + data + data_offset, vp->length, + packet->secret, original->vector); + if (rcode < 0) goto raw; + vp->length = rcode; + break; +#endif + + +#ifdef FLAG_ENCRYPT_ASCEND_SECRET: + /* + * Ascend-Send-Secret + * Ascend-Receive-Secret + */ + case FLAG_ENCRYPT_ASCEND_SECRET: + if (!original) { + goto raw; + } else { + uint8_t my_digest[AUTH_VECTOR_LEN]; + make_secret(my_digest, + original->vector, + packet->secret, data); + memcpy(vp->vp_strvalue, my_digest, + AUTH_VECTOR_LEN ); + vp->vp_strvalue[AUTH_VECTOR_LEN] = '\0'; + vp->length = strlen(vp->vp_strvalue); + } + break; +#endif + + default: + break; + } /* switch over encryption flags */ + + /* + * Expected a certain length, but got something else. + */ + if ((vp->da->flags.length != 0) && + (vp->length != vp->da->flags.length)) { + goto raw; + } + + switch (vp->da->type) { + case NR_TYPE_STRING: + case NR_TYPE_OCTETS: +#ifdef NR_TYPE_ABINARY + case NR_TYPE_ABINARY: +#endif + /* nothing more to do */ + break; + + case NR_TYPE_BYTE: + vp->vp_integer = vp->vp_octets[0]; + break; + + + case NR_TYPE_SHORT: + vp->vp_integer = (vp->vp_octets[0] << 8) | vp->vp_octets[1]; + break; + + case NR_TYPE_INTEGER: + memcpy(&vp->vp_integer, vp->vp_octets, 4); + vp->vp_integer = ntohl(vp->vp_integer); + + if (vp->da->flags.has_tag) vp->vp_integer &= 0x00ffffff; + break; + + case NR_TYPE_DATE: + memcpy(&vp->vp_date, vp->vp_octets, 4); + vp->vp_date = ntohl(vp->vp_date); + break; + + + case NR_TYPE_IPADDR: + memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); + break; + + /* + * IPv6 interface ID is 8 octets long. + */ + case NR_TYPE_IFID: + /* vp->vp_ifid == vp->vp_octets */ + break; + + /* + * IPv6 addresses are 16 octets long + */ + case NR_TYPE_IPV6ADDR: + /* vp->vp_ipv6addr == vp->vp_octets */ + break; + + /* + * IPv6 prefixes are 2 to 18 octets long. + * + * RFC 3162: The first octet is unused. + * The second is the length of the prefix + * the rest are the prefix data. + * + * The prefix length can have value 0 to 128. + */ + case NR_TYPE_IPV6PREFIX: + if (vp->length < 2 || vp->length > 18) goto raw; + if (vp->vp_octets[1] > 128) goto raw; + + /* + * FIXME: double-check that + * (vp->vp_octets[1] >> 3) matches vp->length + 2 + */ + if (vp->length < 18) { + memset(vp->vp_octets + vp->length, 0, + 18 - vp->length); + } + break; + +#ifdef VENDORPEC_WIMAX + case NR_TYPE_SIGNED: + if (vp->length != 4) goto raw; + + /* + * Overload vp_integer for ntohl, which takes + * uint32_t, not int32_t + */ + memcpy(&vp->vp_integer, vp->vp_octets, 4); + vp->vp_integer = ntohl(vp->vp_integer); + memcpy(&vp->vp_signed, &vp->vp_integer, 4); + break; +#endif + +#ifdef NR_TYPE_TLV + case NR_TYPE_TLV: + nr_vp_free(&vp); + nr_debug_error("data2vp_any: Internal sanity check failed"); + return -NR_ERR_ATTR_TYPE_UNKNOWN; +#endif + +#ifdef VENDORPEC_WIMAX + case NR_TYPE_COMBO_IP: + if (vp->length == 4) { + vp->da->type = NR_TYPE_IPADDR; + memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); + break; + + } else if (vp->length == 16) { + vp->da->type = NR_TYPE_IPV6ADDR; + /* vp->vp_ipv6addr == vp->vp_octets */ + break; + + } + /* FALL-THROUGH */ +#endif + + default: + goto raw; + } + + *pvp = vp; + + return length; +} + + +/* + * Create a "standard" RFC VALUE_PAIR from the given data. + */ +ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + ssize_t rcode; + + if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; + if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; + if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + + rcode = data2vp_any(packet, original, 0, + data[0], 0, data + 2, data[1] - 2, pvp); + if (rcode < 0) return rcode; + + return data[1]; +} + +#ifndef WITHOUT_VSAS +/* + * Check if a set of RADIUS formatted TLVs are OK. + */ +int nr_tlv_ok(const uint8_t *data, size_t length, + size_t dv_type, size_t dv_length) +{ + const uint8_t *end = data + length; + + if ((dv_length > 2) || (dv_type == 0) || (dv_type > 4)) { + nr_debug_error("nr_tlv_ok: Invalid arguments"); + return -NR_ERR_INVALID_ARG; + } + + while (data < end) { + size_t attrlen; + + if ((data + dv_type + dv_length) > end) { + nr_debug_error("Attribute header overflow"); + return -NR_ERR_ATTR_TOO_SMALL; + } + + switch (dv_type) { + case 4: + if ((data[0] == 0) && (data[1] == 0) && + (data[2] == 0) && (data[3] == 0)) { + zero: + nr_debug_error("Invalid attribute 0"); + return -NR_ERR_ATTR_INVALID; + } + + if (data[0] != 0) { + nr_debug_error("Invalid attribute > 2^24"); + return -NR_ERR_ATTR_INVALID; + } + break; + + case 2: + if ((data[1] == 0) && (data[1] == 0)) goto zero; + break; + + case 1: + if (data[0] == 0) goto zero; + break; + + default: + nr_debug_error("Internal sanity check failed"); + return -NR_ERR_INTERNAL_FAILURE; + } + + switch (dv_length) { + case 0: + return 0; + + case 2: + if (data[dv_type + 1] != 0) { + nr_debug_error("Attribute is longer than 256 octets"); + return -NR_ERR_ATTR_TOO_LARGE; + } + /* FALL-THROUGH */ + case 1: + attrlen = data[dv_type + dv_length - 1]; + break; + + + default: + nr_debug_error("Internal sanity check failed"); + return -NR_ERR_INTERNAL_FAILURE; + } + + if (attrlen < (dv_type + dv_length)) { + nr_debug_error("Attribute header has invalid length"); + return -NR_ERR_PACKET_TOO_SMALL; + } + + if (attrlen > length) { + nr_debug_error("Attribute overflows container"); + return -NR_ERR_ATTR_OVERFLOW; + } + + data += attrlen; + length -= attrlen; + } + + return 0; +} + + +/* + * Convert a top-level VSA to a VP. + */ +static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + unsigned int vendor, + size_t dv_type, size_t dv_length, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + unsigned int attribute; + ssize_t attrlen, my_len; + +#ifndef NDEBUG + if (length <= (dv_type + dv_length)) { + nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); + return -NR_ERR_PACKET_TOO_SMALL; + } +#endif + + switch (dv_type) { + case 4: + /* data[0] must be zero */ + attribute = data[1] << 16; + attribute |= data[2] << 8; + attribute |= data[3]; + break; + + case 2: + attribute = data[0] << 8; + attribute |= data[1]; + break; + + case 1: + attribute = data[0]; + break; + + default: + nr_debug_error("attr2vp_vsa: Internal sanity check failed"); + return -NR_ERR_INTERNAL_FAILURE; + } + + switch (dv_length) { + case 2: + /* data[dv_type] must be zero */ + attrlen = data[dv_type + 1]; + break; + + case 1: + attrlen = data[dv_type]; + break; + + case 0: + attrlen = length; + break; + + default: + nr_debug_error("attr2vp_vsa: Internal sanity check failed"); + return -NR_ERR_INTERNAL_FAILURE; + } + +#ifndef NDEBUG + if (attrlen <= (ssize_t) (dv_type + dv_length)) { + nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); + return -NR_ERR_PACKET_TOO_SMALL; + } +#endif + + attrlen -= (dv_type + dv_length); + + my_len = data2vp_any(packet, original, 0, + attribute, vendor, + data + dv_type + dv_length, attrlen, pvp); + if (my_len < 0) return my_len; + +#ifndef NDEBUG + if (my_len != attrlen) { + nr_vp_free(pvp); + nr_debug_error("attr2vp_vsa: Incomplete decode %d != %d", + (int) my_len, (int) attrlen); + return -NR_ERR_INTERNAL_FAILURE; + } +#endif + + return dv_type + dv_length + attrlen; +} + + +/* + * Create Vendor-Specifc VALUE_PAIRs from a RADIUS attribute. + */ +ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + size_t dv_type, dv_length; + ssize_t my_len; + uint32_t lvalue; + const DICT_VENDOR *dv; + + if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; + if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; + if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + + if (data[0] != PW_VENDOR_SPECIFIC) { + nr_debug_error("nr_attr2vp_vsa: Invalid attribute"); + return -NR_ERR_INVALID_ARG; + } + + /* + * Not enough room for a Vendor-Id. + * Or the high octet of the Vendor-Id is set. + */ + if ((data[1] < 6) || (data[2] != 0)) { + return nr_attr2vp_raw(packet, original, + data, length, pvp); + } + + memcpy(&lvalue, data + 2, 4); + lvalue = ntohl(lvalue); + +#ifdef VENDORPEC_WIMAX + /* + * WiMAX gets its own set of magic. + */ + if (lvalue == VENDORPEC_WIMAX) { + return nr_attr2vp_wimax(packet, original, + data, length, pvp); + } +#endif + + dv_type = dv_length = 1; + dv = nr_dict_vendor_byvalue(lvalue); + if (!dv) { + return nr_attr2vp_rfc(packet, original, + data, length, pvp); + } + + dv_type = dv->type; + dv_length = dv->length; + + /* + * Attribute is not in the correct form. + */ + if (nr_tlv_ok(data + 6, data[1] - 6, dv_type, dv_length) < 0) { + return nr_attr2vp_raw(packet, original, + data, length, pvp); + } + + my_len = attr2vp_vsa(packet, original, + lvalue, dv_type, dv_length, + data + 6, data[1] - 6, pvp); + if (my_len < 0) return my_len; + +#ifndef NDEBUG + if (my_len != (data[1] - 6)) { + nr_vp_free(pvp); + nr_debug_error("nr_attr2vp_vsa: Incomplete decode"); + return -NR_ERR_INTERNAL_FAILURE; + } +#endif + + return data[1]; +} +#endif /* WITHOUT_VSAS */ + + +/* + * Create a "normal" VALUE_PAIR from the given data. + */ +ssize_t nr_attr2vp(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp) +{ + if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; + if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; + if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + +#ifndef WITHOUT_VSAS + /* + * VSAs get their own handler. + */ + if (data[0] == PW_VENDOR_SPECIFIC) { + return nr_attr2vp_vsa(packet, original, + data, length, pvp); + } +#endif + +#ifdef VENDORPEC_EXTENDED + /* + * Extended attribute format gets their own handler. + */ + if (nr_dict_attr_byvalue(data[0], VENDORPEC_EXTENDED) != NULL) { + return nr_attr2vp_extended(packet, original, + data, length, pvp); + } +#endif + + return nr_attr2vp_rfc(packet, original, data, length, pvp); +} + +ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, + unsigned int attribute, unsigned int vendor, + const uint8_t **pdata, size_t *plength) +{ + uint8_t *data, *attr; + const uint8_t *end; + + if (!packet || !pdata || !plength) return -NR_ERR_INVALID_ARG; + + if (!packet->data) return -NR_ERR_INVALID_ARG; + if (packet->length < 20) return -NR_ERR_INVALID_ARG; + + /* + * Too long or short, not good. + */ + if ((start < 0) || + ((start > 0) && (start < 20))) return -NR_ERR_INVALID_ARG; + + if ((size_t) start >= (packet->length - 2)) return -NR_ERR_INVALID_ARG; + + end = packet->data + packet->length; + + /* + * Loop over the packet, converting attrs to VPs. + */ + if (start == 0) { + data = packet->data + 20; + } else { + data = packet->data + start; + data += data[1]; + if (data >= end) return 0; + } + + for (attr = data; attr < end; attr += attr[1]) { + const DICT_VENDOR *dv = NULL; + +#ifndef NEBUG + /* + * This code is copied from packet_ok(). + * It could be put into a separate function. + */ + if ((attr + 2) > end) { + nr_debug_error("Attribute overflows packet"); + return -NR_ERR_ATTR_OVERFLOW; + } + + if (attr[1] < 2) { + nr_debug_error("Attribute length is too small"); + return -NR_ERR_ATTR_TOO_SMALL; + } + + if ((attr + attr[1]) > end) { + nr_debug_error("Attribute length is too large"); + return -NR_ERR_ATTR_TOO_LARGE; + } +#endif + + if ((vendor == 0) && (attr[0] == attribute)) { + *pdata = attr + 2; + *plength = attr[1] - 2; + return attr - packet->data; + } + +#ifndef WITHOUT_VSAS + if (vendor != 0) { + uint32_t vendorpec; + + if (attr[0] != PW_VENDOR_SPECIFIC) continue; + + if (attr[1] < 6) continue; + + memcpy(&vendorpec, attr + 2, 4); + vendorpec = ntohl(vendorpec); + if (vendor != vendorpec) continue; + + if (!dv) { + dv = nr_dict_vendor_byvalue(vendor); + if (dv && + ((dv->type != 1) || (dv->length != 1))) { + return -NR_ERR_VENDOR_UNKNOWN; + } + } + + /* + * No data. + */ + if (attr[1] < 9) continue; + + /* + * Malformed, or more than one VSA in + * the Vendor-Specific + */ + if (attr[7] + 6 != attr[1]) continue; + + /* + * Not the right VSA. + */ + if (attr[6] != attribute) continue; + + *pdata = attr + 8; + *plength = attr[1] - 8; + return attr - packet->data; + } +#endif + } + + return 0; /* nothing more: stop */ +} + diff --git a/lib/radius/client.h b/lib/radius/client.h new file mode 100644 index 0000000..591884f --- /dev/null +++ b/lib/radius/client.h @@ -0,0 +1,1408 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file client.h + * \brief Main header file. + */ + +/* + * System-specific header files. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * Definitions of attributes. + */ +#include + +/** \defgroup build Build Helpers + * + * These definitions give the GNU C compiler more information about + * the functions being compiled. They are used to either remove + * warnings, or to enable better warnings. + **/ + +/** \defgroup custom Portability Functions + * + * These functions and definitions should be modified for your local + * system. See the individual definitions for details. + */ + +/** \defgroup error Error handling + * + * These definitions and routines manage errors. + */ + +/** \defgroup value_pair Attribute manipulation + * + * These routines manage structures which map to attributes. + */ + +/**\defgroup dict Dictionary Lookup Functions + * + * \sa doc/dictionaries.txt + * + * The RADIUS dictionaries perform name to number mappings. The names + * are used only for administrator convenience, for parsing + * configuration files, and printing humanly-readable output. The + * numbers are used when encoding data in a packet. + * + * When attributes are decoded from a packet, the numbers are used to + * look up the associated name, which is then placed into a data + * structure. + * + * When the data structures are encoded into a packet, the numbers are + * used to create RFC and VSA format attributes. + * + * \attention The definitions, structures, and functions given below + * are useful only for implementing "low level" RADIUS + * functionality. There is usually no need to refer to them in a + * client application. The library should be used at a higher level, + * which exposes a much simpler API. + */ + +/** \defgroup packet Packet manipulation + * + * These routines perform encoding and decoding of RADIUS packets. + */ + +/** \defgroup print Print / parse functions + * + * These routines convert the internal data structures to a printable + * form, or parse them. + */ + +/** \defgroup id ID allocation and freeing + * + * These routines manage RADIUS ID allocation. + */ + +/** \defgroup attr Low-level attribute encode/decoding + * + * These routines perform "low level" encoding, decoding, sending, and + * reception of RADIUS attributes. They are called by the \ref packet + * functions. + * + * \attention The structures and functions given below are useful only + * for implementing "low level" RADIUS functionality. There is usually + * no need to refer to them in a client application. The library + * should be used at a higher level, which exposes a much simpler API. + */ + +/** \defgroup internal Internal support functions. + * + * These functions are required to perform internal or "low-level" + * data manipulation. While they are exposed for completeness, they + * should not be called by any application. + */ + +#ifdef PW_EAP_MESSAGE +#ifndef PW_MESSAGE_AUTHENTICATOR +#error EAP-Message requires Message-Authenticator +#endif +#endif + +#ifdef WITHOUT_OPENSSL +#ifndef NR_MD5_CTX +#error NR_MD5_CTX must be defined +#endif +#ifndef nr_MD5Init +#error n_rMD5Init must be defined +#endif +#ifndef nr_MD5Update +#error nr_MD5Updyae must be defined +#endif +#ifndef nr_MD5Final +#error nr_MD5Final must be defined +#endif +#ifndef nr_MD5Transform +#error nr_MD5Transform must be defined +#endif + +#else /* WITHOUT_OPENSSL */ + +#include +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define NR_MD5_CTX MD5_CTX +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define nr_MD5Init MD5_Init +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define nr_MD5Update MD5_Update +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define nr_MD5Final MD5_Final +/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ +#define nr_MD5Transform MD5_Transform +#endif + +#ifndef NR_MAX_PACKET_LEN +/** The maximum size of a packet that the library will send or receive. \ingroup custom + * + * The RFC requirement is to handle at least 4K packets. However, if + * you expect to only do username/password authentication, this value + * can be set to a smaller value, such as 256. + * + * Be warned that any packets larger than this value will be ignored + * and silently discarded. + */ +#define NR_MAX_PACKET_LEN (4096) +#endif + +#ifndef NR_MAX_ATTRIBUTES +/** The maximum number of attributes that the library will allow in a packet. \ingroup custom + * + * Packets which contain more than ::NR_MAX_ATTRIBUTES will generate + * an error. This value is configurable because there may be a need + * to accept a large mumber of attributes. + * + * This value is ignored when packets are sent. The library will + * send as many attributes as it is told to send. + */ +#define NR_MAX_ATTRIBUTES (200) +#endif + +#undef NR_MAX_PACKET_CODE +/** The maximum RADIUS_PACKET::code which we can accept. \ingroup dict + * + * \attention This should not be changed, as it is used by other + * structures such as ::nr_packet_codes. + */ +#define NR_MAX_PACKET_CODE PW_COA_NAK + +/** The maximum vendor number which is permitted. \ingroup dict + * + * The RFCs require that the Vendor Id or Private Enterprise Number + * be encoded as 32 bits, with the upper 8 bits being zero. + */ +#define NR_MAX_VENDOR (1 << 24) + +/** The maximum length of a RADIUS attribute. + * + * The RFCs require that a RADIUS attribute transport no more than + * 253 octets of data. We add an extra byte for a trailing NUL, so + * that the VALUE_PAIR::vp_strvalue field can be handled as a C + * string. + */ +#define MAX_STRING_LEN (254) + +/** Data Type Definitions. \ingroup dict + */ +typedef enum nr_attr_type_t { + NR_TYPE_INVALID = 0, /**< Invalid data type */ + NR_TYPE_STRING, /**< printable-text */ + NR_TYPE_INTEGER, /**< a 32-bit unsigned integer */ + NR_TYPE_IPADDR, /**< an IPv4 address */ + NR_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */ + NR_TYPE_OCTETS, /**< a sequence of binary octets */ + NR_TYPE_IFID, /**< an Interface Id */ + NR_TYPE_IPV6ADDR, /**< an IPv6 address */ + NR_TYPE_IPV6PREFIX, /**< an IPv6 prefix */ + NR_TYPE_BYTE, /**< an 8-bit integer */ + NR_TYPE_SHORT, /**< a 16-bit integer */ +} nr_attr_type_t; + +#define PW_ACCESS_REQUEST 1 +#define PW_ACCESS_ACCEPT 2 +#define PW_ACCESS_REJECT 3 +#define PW_ACCOUNTING_REQUEST 4 +#define PW_ACCOUNTING_RESPONSE 5 +#define PW_ACCOUNTING_STATUS 6 +#define PW_PASSWORD_REQUEST 7 +#define PW_PASSWORD_ACK 8 +#define PW_PASSWORD_REJECT 9 +#define PW_ACCOUNTING_MESSAGE 10 +#define PW_ACCESS_CHALLENGE 11 +#define PW_STATUS_SERVER 12 +#define PW_STATUS_CLIENT 13 +#define PW_DISCONNECT_REQUEST 40 +#define PW_DISCONNECT_ACK 41 +#define PW_DISCONNECT_NAK 42 +#define PW_COA_REQUEST 43 +#define PW_COA_ACK 44 +#define PW_COA_NAK 45 + +/** Error codes \ingroup error + * + * The numerical value of these definitions may change from version + * to version of the library. + */ +typedef enum nr_error_t { + /** Invalid argument */ + NR_ERR_INVALID_ARG = 1, + /** Insufficient data to decode the packet */ + NR_ERR_PACKET_TOO_SMALL, + /** The packet header says it is larger than the received data */ + NR_ERR_PACKET_TOO_LARGE, + /** the attribute overflows the packet */ + NR_ERR_ATTR_OVERFLOW, + /** the attribute header "length" field is too small */ + NR_ERR_ATTR_TOO_SMALL, + /** the attribute is more than 256 octets long */ + NR_ERR_ATTR_TOO_LARGE, + /** the attribute is unknown */ + NR_ERR_ATTR_UNKNOWN, + /** the attribute name is improperly formatted */ + NR_ERR_ATTR_BAD_NAME, + /** the attribute value could not be parsed */ + NR_ERR_ATTR_VALUE_MALFORMED, + /** the attribute "type" is invalid */ + NR_ERR_ATTR_INVALID, + /** the packet has too many attributes */ + NR_ERR_TOO_MANY_ATTRS, + /** the attribute has an unsupported data type */ + NR_ERR_ATTR_TYPE_UNKNOWN, + /** the Message-Authenticator has the wrong length */ + NR_ERR_MSG_AUTH_LEN, + /** the Message-Authenticator is wrong */ + NR_ERR_MSG_AUTH_WRONG, + /** we need a request packet to calculate something in the response */ + NR_ERR_REQUEST_REQUIRED, + /** the request code is unsupported */ + NR_ERR_REQUEST_CODE_INVALID, + /** the Authentication Vector is wrong */ + NR_ERR_AUTH_VECTOR_WRONG, + /** the response code is unsupported */ + NR_ERR_RESPONSE_CODE_INVALID, + /** the response ID field is invalid */ + NR_ERR_RESPONSE_ID_INVALID, + /** the response is not from the correct source IP/port */ + NR_ERR_RESPONSE_SRC_INVALID, + /** Look at "errno" for the error */ + NR_ERR_SYSTEM, + /** We cannot encode the packet because of invalid arguments */ + NR_ERR_NO_PACKET_DATA, + /** the vendor is unknown */ + NR_ERR_VENDOR_UNKNOWN, + /** an internal sanity check failed */ + NR_ERR_INTERNAL_FAILURE, + /** the caller requested an unsupported featuer */ + NR_ERR_UNSUPPORTED, + /** we were unable to allocate memory */ + NR_ERR_NO_MEM, + /** Resource is in use */ + NR_ERR_IN_USE, +} nr_error_t; + +#define TAG_VALID(x) ((x) < 0x20) + +/** The attribute is not encrypted. */ +#define FLAG_ENCRYPT_NONE (0) + +/** The attribute is encrypted using the RFC 2865 User-Password method */ +#define FLAG_ENCRYPT_USER_PASSWORD (1) + +/** The attribute is encrypted using the RFC 2868 Tunnel-Password method */ +#define FLAG_ENCRYPT_TUNNEL_PASSWORD (2) + +/** A set of flags which determine how the attribute should be handled. + * + * Most attributes are "normal", and do not require special handling. + * However, some require "encryption", tagging, or have other special + * formats. This structure contains the various options for the + * attribute formats. + */ +typedef struct attr_flags { + unsigned int has_tag : 1; /**< Attribute has an RFC 2868 tag */ + unsigned int unknown : 1; /**< Attribute is unknown */ +#ifdef NR_TYPE_TLV + unsigned int has_tlv : 1; /* has sub attributes */ + unsigned int is_tlv : 1; /* is a sub attribute */ +#endif +#ifdef VENDOR_EXTENDED + unsigned int extended : 1; /* extended attribute */ + unsigned int extended_flags : 1; /* with flag */ + unsigned int evs : 1; /* extended VSA */ +#endif + + uint8_t encrypt; /**< Attribute encryption method */ + uint8_t length; /**< The expected length of the attribute */ +} ATTR_FLAGS; + + +/** Defines an dictionary mapping for an attribute. \ingroup dict + * + * The RADIUS dictionaries map humanly readable names to protocol + * numbers. The protocol numbers are used to encode/decode the + * attributes in a packet. + */ +typedef struct nr_dict_attr { + unsigned int attr; /**< Attribute number */ + nr_attr_type_t type; /**< Data type */ + unsigned int vendor; /**< Vendor-Id number */ + ATTR_FLAGS flags; + const char *name; /**< Printable name */ +} DICT_ATTR; + +/** Defines a dictionary mapping for a named enumeration. \ingroup dict + * + * This structure is currently not used. + */ +typedef struct nr_dict_value { + const DICT_ATTR *da; /**< pointer to a ::DICT_ATTR */ + int value; /**< enumerated value */ + char name[1]; /**< printable name */ +} DICT_VALUE; + +/** Defines an dictionary mapping for a vendor. \ingroup dict + * + * The RADIUS dictionaries map humanly readable vendor names to a + * Vendor-Id (or Private Enterprise Code) assigned by IANA. The + * Vendor-Id is used to encode/decode Vendor-Specific attributes in a + * packet. + */ +typedef struct nr_dict_vendor { + unsigned int vendor; /**< Vendor Private Enterprise Code */ + size_t type; /**< size of Vendor-Type field */ + size_t length; /**< size of Vendor-Length field */ + const char *name; /**< Printable name */ +} DICT_VENDOR; + +/** Union holding all possible types of data for a ::VALUE_PAIR. \ingroup value_pair + * + */ +typedef union value_pair_data { + char strvalue[MAX_STRING_LEN]; /* +1 for NUL */ + uint8_t octets[253]; + struct in_addr ipaddr; + struct in6_addr ipv6addr; + uint32_t date; + uint32_t integer; +#ifdef NR_TYPE_SIGNED + int32_t sinteger; +#endif +#ifdef NR_TYPE_ABINARY + uint8_t filter[32]; +#endif + uint8_t ifid[8]; /* struct? */ + uint8_t ipv6prefix[18]; /* struct? */ +#ifdef NR_TYPE_TLV + uint8_t *tlv; +#endif +} VALUE_PAIR_DATA; + + +/** C structure version of a RADIUS attribute. \ingroup value_pair + * + * The library APIs use this structure to avoid depending on the + * details of the protocol. + */ +typedef struct value_pair { + const DICT_ATTR *da; /**< dictionary definition */ + size_t length; /**< number of octets in the data */ + int tag; /**< tag value if da->flags.has_tag */ + struct value_pair *next; /**< enables a linked list of values */ + VALUE_PAIR_DATA data; /**< the data of the attribute */ +} VALUE_PAIR; +#define vp_strvalue data.strvalue +#define vp_octets data.octets +#define vp_ipv6addr data.ipv6addr +#define vp_ifid data.ifid +#define vp_ipv6prefix data.ipv6prefix +#define vp_ipaddr data.ipaddr.s_addr +#define vp_date data.integer +#define vp_integer data.integer +#ifdef NR_TYPE_ABINARY +#define vp_filter data.filter +#endif +#ifdef NR_TYPE_ETHER +#define vp_ether data.ether +#endif +#ifdef NR_TYPE_SIGNED +#define vp_signed data.sinteger +#endif +#ifdef NR_TYPE_TLV +#define vp_tlv data.tlv +#endif + +#ifdef NR_TYPE_TLV +#define NR_ATTR_MAX_TLV (4) +extern const int nr_attr_shift[NR_ATTR_MAX_TLV]; +extern const int nr_attr_mask[NR_ATTR_MAX_TLV]; +extern const unsigned int nr_attr_max_tlv; +#endif + +/** A structure which describes a RADIUS packet. \ingroup packet + * + * In general, it should not be necessary to refererence the elements + * of this structure. + */ +typedef struct radius_packet { + int sockfd; /** The socket descriptor */ + struct sockaddr_storage src; /**< The packet source address */ + struct sockaddr_storage dst; /**< the packet destination address */ + const char *secret; /**< The shared secret */ + size_t sizeof_secret; /**< Length of the shared secret */ + unsigned int code; /**< The RADIUS Packet Code */ + int id; /**< The RADIUS Packet Id */ + size_t length; /**< The RADIUS Packet Length. This will be no larger than RADIUS_PACKET::sizeof_data */ + uint8_t vector[16]; /**< A copy of the authentication vector */ + int flags; /**< Internal flags. Do not modify this field. */ + int attempts; /**< The number of transmission attempt */ + uint8_t *data; /**< The raw packet data */ + size_t sizeof_data; /**< size of the data buffer */ + VALUE_PAIR *vps; /**< linked list of ::VALUE_PAIR */ +} RADIUS_PACKET; + +#define NR_PACKET_ENCODED (1 << 0) +#define NR_PACKET_HEADER (1 << 1) +#define NR_PACKET_SIGNED (1 << 2) +#define NR_PACKET_OK (1 << 3) +#define NR_PACKET_VERIFIED (1 << 4) +#define NR_PACKET_DECODED (1 << 5) + + +/** Track packets sent to a server. \ingroup id + * + * This data structure tracks Identifiers which are used to + * communicate with a particular destination server. The application + * should call nr_server_init() to initialize it. If necessary, the + * application should then call nr_server_set_ipv4() to open an IPv4 + * socket to the server. + * + * If the RADIUS packets are being transported over an encapsulation + * layer (e.g. RADIUS over TLS), then nr_server_set_ipv4() does not + * need to be called. The ::nr_server_t structure should instead be + * associated wih the TLS session / socket. + */ +typedef struct nr_server_t { + int sockfd; /**< socket for sending packets */ + int code; /**< default value for the Code */ + + struct sockaddr_storage src; /**< Source address of the packet */ + struct sockaddr_storage dst; /**< Destination address of the packet */ + + /** The shared secret. + * + * See also nr_packet_send() and nr_packet_recv(). + */ + const char *secret; + + /** The length of the shared secret. + * + * See also nr_packet_send() and nr_packet_recv(). + */ + size_t sizeof_secret; + + int used; /**< Number of used IDs */ + + void *free_list; /**< For managing packets */ + + RADIUS_PACKET *ids[256]; /**< Pointers to "in flight" packets */ +} nr_server_t; + + +/** Return a printable error message. \ingroup error + * + * This function returns a string describing the last error that + * occurred. These messages are intended for developers, and are not + * suitable for display to an end user. The application using this + * library should instead produce a "summary" message when an error + * occurs. e.g. "Failed to receive a response", is better than + * messages produced by this function, which contain text like + * "invalid response authentication vector". The first is + * understandable, the second is not. + * + * @param[in] error The error code (can be less than zero) + * @return A printable string describing the error. + */ +extern const char *nr_strerror(int error); + +/** Allocate a ::VALUE_PAIR which refers to a ::DICT_ATTR. \ingroup value_pair + * + * This returned ::VALUE_PAIR has no data associated with it. The + * nr_vp_set_data() function must be called before placing the + * ::VALUE_PAIR in a ::RADIUS_PACKET. + * + * @param[in] da The ::DICT_ATTR associated with the ::VALUE_PAIR + * @return The created ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da); + +/** Free a ::VALUE_PAIR. \ingroup value_pair + * + * This function frees the ::VALUE_PAIR, and sets the head pointer to NULL. + * If head refers to a ::VALUE_PAIR list, then all of the structures in the + * list are freed. + * + * @param[in,out] head The pointer to a ::VALUE_PAIR, or a ::VALUE_PAIR list. + */ +extern void nr_vp_free(VALUE_PAIR **head); + +/** Initializes a ::VALUE_PAIR from a ::DICT_ATTR \ingroup value_pair + * + * This function assumes that the ::VALUE_PAIR points to existing + * and writable memory. + * + * @param[in,out] vp The ::VALUE_PAIR to be initialized + * @param[in] da The ::DICT_ATTR used to initialize the ::VALUE_PAIR + * @return The initialized ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da); + +/** Allocate a ::VALUE_PAIR which refers to an unknown attribute. \ingroup value_pair + * + * It is used when an attribute is received, and that attribute does + * not exist in the dictionaries. + * + * The returned ::VALUE_PAIR has no data (i.e. VALUE_PAIR::length is + * zero). The nr_vp_set_data() function must be called before + * placing the ::VALUE_PAIR in a ::RADIUS_PACKET. + * + * @param[in] attr The attribute number, 0..2^16 + * @param[in] vendor The vendor number, 0..2^16 + * @return The created ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor); + +/** Set the data associated with a previously allocated ::VALUE_PAIR. \ingroup value_pair + * + * If this function succeeds, VALUE_PAIR::length is no longer zero, + * and the structure contains the data. + * + * @param[in,out] vp The ::VALUE_PAIR to update + * @param[in] data Data to set inside of the ::VALUE_PAIR + * @param[in] data_len Length of the data field + * @return <0 on error, 0 for "data was truncated" + * >0 for "data successfully added" + */ +extern int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t data_len); + +/** Create a ::VALUE_PAIR and set its data. \ingroup value_pair + * + * @param[in] attr The attribute number of the ::VALUE_PAIR to create + * @param[in] vendor The vendor number of the ::VALUE_PAIR to create + * @param[in] data Data to set inside of the ::VALUE_PAIR + * @param[in] data_len Length of the data field + * @return The created ::VALUE_PAIR, or NULL on error. + */ +extern VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, + size_t data_len); + +/** Append a ::VALUE_PAIR to the end of a ::VALUE_PAIR list. \ingroup value_pair + * + * @param[in,out] head The head of the ::VALUE_PAIR list. May not be NULL. + * @param[in] vp The ::VALUE_PAIR to append to the list. + */ +extern void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *vp); + +/** Search a ::VALUE_PAIR list for one of a given number. \ingroup value_pair + * + * @param[in] head The head of the ::VALUE_PAIR list to search. + * @param[in] attr The attribute number of the ::VALUE_PAIR to find + * @param[in] vendor The vendor number of the ::VALUE_PAIR to find + * @return The found ::VALUE_PAIR, or NULL if it was not found. + */ +extern VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, + unsigned int attr, unsigned int vendor); + +/** Look up an attribute in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the attribute, + * such as printable name, data type (ipaddr, integer, etc), and + * various other things used to encode/decode the attribute in a + * packet. + * + * \attention There is usually no need to call this function. Use + * the NR_DA_* definitions instead. + * + * @param[in] attr Value of the attribute + * @param[in] vendor Value of the vendor + * @return NULL for "not found", or a pointer to the attribute mapping. + */ +extern const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, + unsigned int vendor); + +/** Look up an attribute in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the attribute, + * such as printable name, data type (ipaddr, integer, etc), and + * various other things used to encode/decode the attribute in a + * packet. + * + * \attention There is usually no need to call this function. + * + * @param[in] name Name of the attribute + * @return NULL for "not found", or a pointer to the attribute mapping. + */ +extern const DICT_ATTR *nr_dict_attr_byname(const char *name); + +/** Converts raw data to a ::DICT_ATTR structure. \ingroup dict + * + * It is called when the library is asked to decode an attribute + * which is not in the pre-defined dictionaries. + * + * \attention There is usually no need to call this function. + * + * @param[in,out] da The ::DICT_ATTR structure to initialize + * @param[in] attr The attribute number + * @param[in] vendor The vendor number + * @param[in] buffer The buffer where the name of the attribute is stored + * @param[in] bufsize Size of the buffer + * @return <0 for error, 0 for success + */ +extern int nr_dict_attr_2struct(DICT_ATTR *da, + unsigned int attr, unsigned int vendor, + char *buffer, size_t bufsize); + +/** Unused. \ngroup dict + * + */ +extern const DICT_VALUE *nr_dict_value_byattr(unsigned int attr, + unsigned int vendor, + int value); + +/** Unused. \ngroup dict + * + */ +const DICT_VALUE *nr_dict_value_byname(unsigned int attr, + unsigned int vendor, + const char *name); + +/** Look up a vendor in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the vendor, such + * as printable name, VSA encoding method, etc. + * + * \attention There is usually no need to call this function. + * Applications do not need access to low-level RADIUS protocol + * information. + * + * @param[in] name Name of the vendor. + * @return NULL for "not found", or a pointer to the vendor mapping. + */ +extern int nr_dict_vendor_byname(const char *name); + +/** Look up an vendor in the dictionaries. \ingroup dict + * + * The dictionary mapping contains information about the vendor, such + * as printable name, VSA encoding method, etc. + * + * \attention There is usually no need to call this function. + * + * @param[in] vendor Vendor-Id (or Private Enterprise code) for the vendor. + * @return NULL for "not found", or a pointer to the vendor mapping. + */ +extern const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor); + +/** Static array of known vendors. \ingroup dict + * + * \attention This structure should only be accessed by internal RADIUS library + * functions. + */ +extern const DICT_VENDOR nr_dict_vendors[]; + +/** The number of attribute definitions in the dictionary. \ingroup dict + * + * This number is guaranteed to be at least 256, for speed. + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const int nr_dict_num_attrs; + +/** The list of attribute definitions. \ingroup dict + * + * The "standard" RFC attributes are located in the first 256 + * entries. Standard attributes without a dictionary definition are + * given an empty entry. + * + * The attributes are orderd by (vendor, attribute), in increasing + * order. This allows the dictionary lookups to find attributes by a + * binary search. + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const DICT_ATTR nr_dict_attrs[]; + +/** The number of attributes with names. \ingroup dict + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const int nr_dict_num_names; + +/** The list of attribute definitions, organized by name. \ingroup dict + * + * The attributes are orderd by name (case insensitive), in + * increasing order. This allows the dictionary lookups to find + * attributes by a binary search. + * + * \attention This variable should only be accessed by internal RADIUS library + * functions. + */ +extern const DICT_ATTR const *nr_dict_attr_names[]; + +/** Static array containing names the RADIUS_PACKET::code field. \ingroup dict + * + * The names are hard-coded and not in any dictionary because they do + * not change. + * + * The names are exported because they may be useful in your + * application. Packet codes which are not handled by the library + * have NULL for their names. + */ +extern const char *nr_packet_codes[NR_MAX_PACKET_CODE + 1]; + +/** Verifies that a packet is "well formed". \ingroup packet + * + * This function performs basic validation to see if the packet is + * well formed. It is automatically called by nr_packet_decode(). + * + * @param[in] packet A pointer to the ::RADIUS_PACKET data. + * @return <0 means malformed, >= 0 means well-formed. + */ +extern int nr_packet_ok(RADIUS_PACKET *packet); + +/** Verifies that a packet is "well formed". \ingroup packet + * + * This function performs basic validation to see if the packet is + * well formed. You should normally use nr_packet_ok() instead of + * this function. + * + * @param[in] data A pointer to the raw packet data. + * @param[in] sizeof_data The length of the raw packet data + * @return <0 means malformed, >= 0 means well-formed. + */ +extern int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data); + +/** Encodes a packet. \ingroup packet + * + * This function encodes a packet using the fields of the + * ::RADIUS_PACKET structure. The RADIUS_PACKET::code and + * RADIUS_PACKET::id fields are used to fill in the relevant fields + * of the raw (encoded) packet. The RADIUS_PACKET::vps list is + * walked to encode the attributes. The packet is signed, if + * required. + * + * The raw packet is placed into the RADIUS_PACKET::data field, up to + * RADIUS_PACKET::sizeof_data bytes. the RADIUS_PACKET::length field + * is updated with the length of the raw packet. This field is + * always less than, or equal to, the RADIUS_PACKET::size_data field. + * If there is insufficient room to store all of the attributes, then + * some attributes are silently discarded. + * + * The RADIUS_PACKET::vector field is either calculated as part of + * the signing process, or is initialized by this function to be a + * random sequence of bytes. That field should therefore be left + * alone by the caller. + * + * When the encoding has been successful, it sets the + * RADIUS_PACKET::encoded field to non-zero. + * + * In addition, all required attribute "encryption" is performed. + * + * User-Password. The vp_strvalue field is assumed to contain the + * "clear-text" version of the password. The encrypted version is + * calculated, and placed in the packet. + * + * CHAP-Password. The vp_strvalue field is assumed to contain the + * "clear-text" version of the password. The encrypted version is + * calculated, and placed in the packet. If the RADIUS_PACKET::vps + * list contains a CHAP-Challenge attribute, it is used. Otherwise + * the RADIUS_PACKET::vector field is used a the challenge. + * + * Message-Authenticator. The contents of the Message-Authenticator + * in the RADIUS_PACKET::vps list are ignored. Instead, a + * "place-holder" is put into the packt. Tthe correct value is + * calculated and placed into the packet by nr_packet_sign(). + * + * The RADIUS_PACKET::vps list is left untouched by this function, + * even when attribute encryption or signing is performed. Any + * VALUE_PAIR structures can therefore be taken from static "const" + * variables. + * + * @param[in] packet The RADIUS packet to encode. + * @param[in] original The original request, when encoding a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); + +/** Decodes a packet. \ingroup packet + * + * This function decodes a packet from the RADIUS_PACKET::data field + * into a sequence of ::VALUE_PAIR structures in the + * RADIUS_PACKET::vps list. + * + * @param[in] packet The RADIUS packet to decode. + * @param[in] original The original request, when decoding a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); + +/** Signs a packet so that it can be sent. \ingroup packet + * + * This function calculates the Message-Authenticator (if required), + * and signs the packet. + * + * @param[in] packet The RADIUS packet to sign. + * @param[in] original The original request, when signing a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original); + +/** Verifies that a packet is well-formed and contains the correct signature. \ingroup packet + * + * If "original" is specified, it also verifies that the packet is a + * response to the original request, and that it has the correct + * signature. + * + * @param[in] packet The RADIUS packet to verify. + * @param[in] original The original request, when verifying a response. + * @return <0 on error, >= 0 on success. + */ +extern int nr_packet_verify(RADIUS_PACKET *packet, + const RADIUS_PACKET *original); + +/** Pretty-prints a hex dump of a RADIUS packet. \ingroup packet print + * + * This function is available only in debugging builds of the + * library. It is useful during development, but should not be used + * in a production system. + * + * The packet headers are printed individually, and each attribute is + * printed as "type length data..." + * + * @param[in] packet The RADIUS packet to print + */ +extern void nr_packet_print_hex(RADIUS_PACKET *packet); + + +/** Return the given number of random bytes. \ingroup custom + * + * This function should be replaced by one that is specific to your + * system. + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @param[in] data Location where the random bytes will be stored + * @param[in] data_len Number of bytes to store + * @return <0 on error, or the total number of bytes stored. + */ +extern ssize_t nr_rand_bytes(uint8_t *data, size_t data_len); + +/** Return a random 32-bit integer. \ingroup custom + * + * This function should be replaced by one that is specific to your + * system. The version supplied here just calls nr_rand_bytes() each + * time, which is slow. + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @return An unsigned 32-bit random integer. + */ +extern uint32_t nr_rand(void); + +/** Add a time to the given ::struct timeval. \ingroup custom + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @param[in,out] t The timeval to which the time is added. + * @param[in] seconds Time in seconds to add + * @param[in] usec Time in microseconds to add + */ +extern void nr_timeval_add(struct timeval *t, unsigned int seconds, + unsigned int usec); + +/** Compare two times. \ingroup custom + * + * This is a wrapper function which enables the library to be more + * portable. + * + * @param[in] a One timeval + * @param[in] b Another one + * @return a <=> b + */ +extern int nr_timeval_cmp(const struct timeval *a, const struct timeval *b); + +/** Initializes an ::nr_server_t. \ingroup id + * + * @param[in,ut] s The ::nr_server_t to initialize + * @param[in] code The packet code used for packets sent to this server + * @param[in] secret The shared secret used for packet sent to this server + * @return <0 for error, >= 0 for success + */ +extern int nr_server_init(nr_server_t *s, int code, const char *secret); + +/** Closes an ::nr_server_t data structure. \ingroup id + * + * Ensures that all IDs are free, and closes the socket. + * + * @param[in] s The server structure to close. + * @return <0 for error, 0 for success + */ +extern int nr_server_close(const nr_server_t *s); + +/** Allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id + * + * This function allocates a RADIUS_PACKET::id from the ::nr_server_t + * structure. It also fills in the RADIUS_PACKET::sockfd, + * RADIUS_PACKET::code, and RADIUS_PACKET::dst fields. + * + * @param[in] s The server structure which tracks the ID + * @param[in] packet The packet which needs an ID + * @return <0 for error, 0 for success + */ +extern int nr_server_id_alloc(nr_server_t *id, RADIUS_PACKET *packet); + +/** Re-allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id + * + * It is used when retransmitting an Accounting-Request packet to a + * server, after updating the Acct-Delay-Time field. The "realloc" + * name means that the new ID is allocated, and is guaranteed to be + * different from the old one. + * + * @param[in] s The server structure which tracks the ID + * @param[in] packet The packet which needs a new ID + * @return <0 for error, 0 for success + */ +extern int nr_server_id_realloc(nr_server_t *id, RADIUS_PACKET *packet); + +/** Free a RADIUS_PACKET::id value after sending a packet to a server. \ingroup id + * + * @param[in] s The server structure which tracks the ID + * @param[in] packet The packet which has an ID, and wants to free it + * @return <0 for error, 0 for success + */ +extern int nr_server_id_free(nr_server_t *id, RADIUS_PACKET *packet); + + +/** Allocates a packet using malloc(), and initializes it. \ingroup id + * + * @param[in] s The server structure + * @param[in,out] packet_p Pointer to the ::RADIUS_PACKET to be allocated + * @return <0 for error, 0 for success + */ +extern int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p); + +/** Record a humanly readable error message. \ingroup error + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[in] fmt The format to use. + */ +extern void nr_strerror_printf(const char *fmt, ...); + +#ifndef NDEBUG +#define nr_debug_error nr_strerror_printf /** \ingroup error */ +#else +#define nr_debug_error if (0) nr_strerror_printf +#endif + +/** Encrypts or decrypts a User-Password attribute. \ingroup internal + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[out] output Buffer where the password is stored + * @param[out] outlen Size of the output buffer + * @param[in] input Input buffer with password + * @param[in] inlen Length of the input buffer + * @param[in] secret The shared secret + * @param[in] vector Authentication vector + * @return <0 on error, or the length of data in "output" + */ +extern ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector); + +/** Encrypts a Tunnel-Password attribute. \ingroup internal + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[out] output Buffer where the password is stored + * @param[out] outlen Size of the output buffer + * @param[in] input Input buffer with password + * @param[in] inlen Length of the input buffer + * @param[in] secret The shared secret + * @param[in] vector Authentication vector + * @return <0 on error, or the length of data in "output" + */ +extern ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector); + +/** Decrypts a Tunnel-Password attribute. \ingroup internal + * + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[out] output Buffer where the password is stored + * @param[out] outlen Size of the output buffer + * @param[in] input Input buffer with password + * @param[in] inlen Length of the input buffer + * @param[in] secret The shared secret + * @param[in] vector Authentication vector + * @return <0 on error, or the length of data in "output" + */ +extern ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector); + +/** Calculates an HMAC-MD5. \ingroup internal + * + * @param[in] data Data to be hashed + * @param[in] data_len Length of data to be hashed + * @param[in] key Key for the HMAC + * @param[in] key_len Length of the key + * @param[out] digest + */ +extern void nr_hmac_md5(const uint8_t *data, size_t data_len, + const uint8_t *key, size_t key_len, + uint8_t digest[16]); + +/** Checks if a TLV is properly formatted. \ingroup internal + * + * \attention This structure should only be accessed by internal + * RADIUS library functions. + * + * @param[in] data Data to check + * @param[in] length Length of the data field + * @param[in] dv_type Length of the TLV "type" field + * @param[in] dv_length Length of the TLV "length" field + * @return <0 on error, 0 for "TLV is OK" + */ +extern int nr_tlv_ok(const uint8_t *data, size_t length, + size_t dv_type, size_t dv_length); + +/** A callback function used by nr_packet_walk(). \ingroup packet + * + * The function should return 0 on success (i.e. keep walking), and + * otherwise a negative number indicating an error code + * (::nr_error_t). That negative number will be used as the return + * code for nr_packet_walk(). + */ +typedef int (*nr_packet_walk_func_t)(void *, const DICT_ATTR *, const uint8_t *, size_t); + +/** Walks over all attributes in a packet. \ingroup packet + * + * This function is an iterator which calls a user-supplied callback + * function for each attribute in the packet. It should be used + * instead of manually walking over the attributes. There are a + * number of odd corner cases when handling Vendor-Specific + * attributes, and it is easy to get those corner cases wrong. + * + * This function iterates over *all* attributes, including nested + * VSAs. That is its main value. + * + * Encrypted attributes such as User-Password are not decrypted. + * + * @param[in] packet The packet containing the data + * @param[in] ctx A user-supplied context. May be NULL + * @param[in] callback The callback function where the information is passed. + * + * @return <0 for error, + * 0 for success. + */ +extern int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, + nr_packet_walk_func_t callback); + +/** Initialize a packet + * + * If original is specified, the packet is initialized as a response + * to the original request. + * + * @param[in,out] packet The packet to initialize + * @param[in] original The original request (if any) to use as a template + * @param[in] secret Shared secret + * @param[in] code RADIUS Code field. + * @param[in] data Buffer where packets will be stored (RADIUS_PACKET::data) + * @param[in] sizeof_data Size of buffer (RADIUS_PACKET::sizeof_data) + * @return <0 on error, 0 for success. + */ +extern int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const char *secret, int code, + void *data, size_t sizeof_data); + +/** Add one attribute to the packet. + * + * This function can be used to add "raw" data to a packet. It + * allows the caller to extend the RADIUS packet without using a + * ::VALUE_PAIR data structure. + * + * Some attributes are handled specially by this function. + * + * EAP-Message. This attribute is automatically split into 253-octet + * chunks. + * + * User-Password, CHAP-Password, and Message-Authenticator. These + * attributes are automatically encrypted, as is done by + * nr_packet_encode(). + * + * @param[in] packet The packet to edit + * @param[in] original The original request (if any) + * @param[in] da Pointer to the attribute definition + * @param[in] data Data to append to the packet + * @param[in] data_len Length of data to append to the packet + * + * @return <0 for error, >= 0 for "successfully appended data" + * The function returns the number of octets appended to the packet. + */ +extern ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const DICT_ATTR *da, + const void *data, size_t data_len); + + +/** Encodes any ::VALUE_PAIR into an attribute. \ingroup attr + * + * This function can be called for any ::VALUE_PAIR. It will examine + * that structure, and call one of nr_vp2rfc() or nr_vp2vsa() as + * necessary. + * + * \attention This function should not be called. + * + * @param[in] packet Where to place the encoded attribute. + * @param[in] original The original request (optional), if "packet" is a response + * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. + * @param[in] data Where the attribute is to be encoded. + * @param[in] room How many octets are available for attribute encoding. + * + * @return <0 for error, or the number of octets used to encode the attribute. + */ +extern ssize_t nr_vp2attr(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *data, size_t room); + +/** Encodes an RFC "standard" ::VALUE_PAIR into an attribute. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet Where to place the encoded attribute. + * @param[in] original The original request (optional), if "packet" is a response + * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. + * @param[in] data Where the attribute is to be encoded. + * @param[in] room How many octets are available for attribute encoding. + * + * @return <0 for error, or the number of octets used to encode the attribute. + */ +extern ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, + uint8_t *data, size_t room); + +/** Decodes any attribute into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Decodes an RFC "standard" attribute into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Decodes a Vendor-Specific attribute into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Decodes an attribute with an unexpected length into a ::VALUE_PAIR. \ingroup attr + * + * \attention This function should not be called. + * + * @param[in] packet The packet containing the attribute to be decoded. + * @param[in] original The original request (optional), if "packet" is a response + * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. + * @param[in] data Where the attribute is to be encoded. + * @param[in] length How many octets are available for attribute decoding. + * + * @return <0 for error, or the number of octets used to decode the attribute. + */ +extern ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const uint8_t *data, size_t length, + VALUE_PAIR **pvp); + +/** Encodes a Vendor-Specific ::VALUE_PAIR into an attribute. + * + * \attention This function should not be called. + * + * @param[in] packet Where to place the encoded attribute. + * @param[in] original The original request (optional), if "packet" is a response + * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. + * @param[in] data Where the attribute is to be encoded. + * @param[in] room How many octets are available for attribute encoding. + * + * @return <0 for error, or the number of octets used to encode the attribute. + */ +extern ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const VALUE_PAIR **pvp, uint8_t *data, + size_t room); + +/** Returns raw data from the RADIUS packet, for a given attribute. \ingroup attr + * + * This function can be called repeatedly to find all instances of a + * given attribute. The first time it is called, the "start" + * parameter should be zero. If the function returns a non-zero + * positive number, it means that there *may* be more attributes + * available. The returned value should be then passed via the + * "start" option in any subsequent calls to the function. + * + * This function should be called by an application when it wants + * access to data which is not in the pre-defined dictionaries. + * + * @param[in] packet The packet containing the attribute. + * @param[in] start Where in the packet we start searching for the attribute. + * @param[in] attr Value of the attribute to search for + * @param[in] vendor Value of the vendor (use 0 for IETF attributes) + * @param[out] pdata Pointer to the data. If no data was found, the pointer is unchanged. + * @param[out] plength Length of the data. If no data was found, the value pointed to is unchanged. + * + * @return <0 for error, + * 0 for "no attribute found, stop searching" + * >0 offset where the attribute was found. + */ +extern ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, + unsigned int attr, unsigned int vendor, + const uint8_t **pdata, size_t *plength); + +/** Pretty-print the entire ::VALUE_PAIR \ingroup print + * + * All data is printed in ASCII format. The data type of "octets" is + * printed as a hex string (e.g. 0xabcdef01...). The data type of + * "ipaddr" is printed as a dotted-quad (e.g. 192.0.2.15). + * + * The format is "Attribute-Name = value" + * + * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored + * @param[in] bufsize size of the output buffer + * @param[in] vp ::VALUE_PAIR to print + * @return length of data in buffer + */ +extern size_t nr_vp_snprintf(char *buffer, size_t bufsize, const VALUE_PAIR *vp); + +/** Pretty-print the VALUE_PAIR::data field \ingroup print + * + * Prints the value of a ::VALUE_PAIR, without the name or "=" sign. + * + * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored + * @param[in] bufsize size of the output buffer + * @param[in] vp ::VALUE_PAIR to print + * @return length of data in buffer + */ +extern size_t nr_vp_snprintf_value(char *buffer, size_t bufsize, const VALUE_PAIR *vp); + +/** Prints a list of :VALUE_PAIR structures to the given output. \ingroup print + * + * @param[in] fp Where to print the results + * @param[in] vps Linked list of ::VALUE_PAIR to print + */ +extern void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps); + +/** Scan a string into a ::VALUE_PAIR. The counterpart to + * nr_vp_snprintf_value() \ingroup print + * + * @param[in] string Printable version of the ::VALUE_PAIR + * @param[out] pvp Newly allocated ::VALUE_PAIR + * @return <0 on error, 0 for success. + */ +extern int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp); + +/** Scan the data portion of a ::VALUE_PAIR. The counterpart to + * nr_vp_snprintf_value() \ingroup print + * + * @param[in,out] vp The ::VALUE_PAIR where the data will be stored + * @param[in] value The string version of the data to be parsed + * @return <0 on error, >=0 for the number of characters parsed in value. + */ +extern ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value); + +#if defined(__GNUC__) +# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) +# define NEVER_RETURNS __attribute__ ((noreturn)) +# define UNUSED __attribute__ ((unused)) +# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ +#else + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define PRINTF_LIKE(n) + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define NEVER_RETURNS + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define UNUSED + +/** Macro used to quiet compiler warnings inside of the library. \ingroup build + * + */ +# define BLANK_FORMAT "" +#endif diff --git a/lib/radius/common.pl b/lib/radius/common.pl new file mode 100644 index 0000000..c08489a --- /dev/null +++ b/lib/radius/common.pl @@ -0,0 +1,220 @@ +###################################################################### +# Copyright (c) 2011, Network RADIUS SARL +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +###################################################################### +our %attributes; +our %vendor; +our %vendorpec; +our $begin_vendor = 0; + +$vendorpec{'0'} = "IETF"; + +sub do_file() +{ + my $filename = shift; + my $fh; + + $dir = $filename; + $dir =~ s:/[^/]+?$::; + $lineno = 0; + + open $fh, "<$filename" or die "Failed to open $filename: $!\n"; + + while (<$fh>) { + $lineno++; + next if (/^\s*#/); + next if (/^\s*$/); + s/#.*//; + s/\s+$//; + + next if ($_ eq ""); + + # + # Remember the vendor + # + if (/^VENDOR\s+([\w-]+)\s+(\w+)(.*)/) { + my $me = $1; + + $vendor{$me}{'pec'} = $2; + $vendorpec{$2} = $me; + + $vendor{$me}{'type'} = 1; + $vendor{$me}{'length'} = 1; + + if ($3) { + $format=$3; + $format =~ s/^\s+//; + + if ($format !~ /^format=(\d+),(\d+)$/) { + die "Unknown format $format\n"; + } + $vendor{$me}{'type'} = $1; + $vendor{$me}{'length'} = $2; + } + next; + } + + # + # Remember if we did begin-vendor. + # + if (/^BEGIN-VENDOR\s+([\w-]+)/) { + if (!defined $vendor{$1}) { + die "Unknown vendor $1\n"; + } + $begin_vendor = $vendor{$1}{'pec'}; + next; + } + + # + # Remember if we did this. + # + if (/^END-VENDOR/) { + $begin_vendor = 0; + next; + } + + # + # Get attribute. + # + if (/^ATTRIBUTE\s+([\w-\/.]+)\s+(\w+)\s+(\w+)(.*)/) { + $name=$1; + $value = $2; + $type = $3; + $stuff = $4; + + $value =~ tr/[A-F]/[a-f]/; # normal form for hex + $value =~ tr/X/x/; + + if ($value =~ /^0x/) { + $index = hex $value; + } else { + $index = $value; + } + + next if (($begin_vendor == 0) && ($index > 255)); + + $index += ($begin_vendor << 16); + + $attributes{$index}{'name'} = $name; + $attributes{$index}{'value'} = $value; + if ($begin_vendor ne "") { + $attributes{$index}{'vendor'} = $begin_vendor; + } + + $type =~ tr/a-z/A-Z/; + $attributes{$index}{'type'} = "NR_TYPE_$type"; + + $stuff =~ s/^\s*//; + + if ($stuff) { + foreach $text (split /,/, $stuff) { + if ($text eq "encrypt=1") { + $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_USER_PASSWORD"; + } elsif ($text eq "encrypt=2") { + $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_TUNNEL_PASSWORD"; + + } elsif ($text eq "encrypt=3") { + $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_ASCEND_SECRET"; + + } elsif ($text eq "has_tag") { + $attributes{$index}{'flags'}{'has_tag'} = "1"; + + } elsif ($text =~ /\[(\d+)\]/) { + $attributes{$index}{'flags'}{'length'} = $1; + + } else { + die "$filename: $lineno - Unknown flag $text\n"; + } + } + } + + if ($type eq "BYTE") { + $attributes{$index}{'flags'}{'length'} = "1"; + + } elsif ($type eq "SHORT") { + $attributes{$index}{'flags'}{'length'} = "2"; + + } elsif ($type eq "INTEGER") { + $attributes{$index}{'flags'}{'length'} = "4"; + + } elsif ($type eq "IPADDR") { + $attributes{$index}{'flags'}{'length'} = "4"; + + } elsif ($type eq "DATE") { + $attributes{$index}{'flags'}{'length'} = "4"; + + } elsif ($type eq "IFID") { + $attributes{$index}{'flags'}{'length'} = "8"; + + } elsif ($type eq "IPV6ADDR") { + + $attributes{$index}{'flags'}{'length'} = "16"; + } + + $name2val{$name} = $index; + next; + } + + # + # Values. + # + if (/^VALUE\s+([\d\w-\/.]+)\s+([\w-\/,.+]+)\s+(\w+)(.*)/) { + next; + + $attr = $1; + $name = $2; + $value = $3; + $stuff = $d; + + $value =~ tr/[A-F]/[a-f]/; # normal form for hex + $value =~ tr/X/x/; + + if ($value =~ /^0x/) { + $index = hex $value; + } else { + $index = $value; + } + + if (!defined $name2val{$attr}) { + print "# FIXME: FORWARD REF?\nVALUE $attr $name $value$stuff\n"; + next; + } + + $values{$name2val{$attr}}{$index} = "$attr $name $value$stuff"; + next; + } + + if (/^\$INCLUDE\s+(.*)$/) { + do_file("$dir/$1"); + next; + } + + die "unknown text in line $lineno of $filename: $_\n"; + } + + close $fh; +} + +1; diff --git a/lib/radius/convert.pl b/lib/radius/convert.pl new file mode 100755 index 0000000..ce7cccd --- /dev/null +++ b/lib/radius/convert.pl @@ -0,0 +1,182 @@ +#!/usr/bin/env perl +###################################################################### +# Copyright (c) 2011, Network RADIUS SARL +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +###################################################################### +# +# Converts dictionaries to C structures. Does not yet do "VALUE"s. +# +# Usage: ./convert.pl dictionary ... +# +# Reads input dictionaries, and outputs "radius.h" and "dictionaries.c" +# +# $Id$ +# +require "common.pl"; + +# +# Read all of the dictionaries +# +while (@ARGV) { + $filename = shift; + do_file($filename); +} + +# +# For speed, the dictionary data structures have the first 256 +# attributes at fixed offsets in the array. If the user didn't +# define them, then we set them here to be "raw" or unknown. +# +foreach $attr_val (0..255) { + next if defined $attributes{$attr_val}; + + $attributes{$attr_val}{'raw'} = 1; +} + +if (scalar keys %attributes == 0) { + die "No attributes were defined\n"; +} + + +open DICT, ">dictionaries.c" or die "Failed creating dictionaries.c: $!\n"; + +# +# Print out the data structues for the vendors. +# +if (scalar keys %vendor > 0) { + print DICT "const DICT_VENDOR nr_dict_vendors[] = {\n"; + foreach $v (sort keys %vendor) { + print DICT " { \n"; + print DICT " .name = \"", $v, "\", \n"; + print DICT " .vendor = ", $vendor{$v}{'pec'}, ", \n"; + print DICT " .type = ", $vendor{$v}{'type'}, ",\n"; + print DICT " .length = ", $vendor{$v}{'length'}, ",\n"; + print DICT " },\n"; + } + print DICT "\n { .name = NULL, }\n"; + print DICT "};\n\n"; +} + +# needed for later. +$vendor{""}{'pec'} = 0; + +# +# Print DICT out the attributes sorted by number. +# +my $offset = 0; +my $num_names = 0; +print DICT "const DICT_ATTR nr_dict_attrs[] = {\n"; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + print DICT " { /* $offset */ \n"; + + if (defined $attributes{$attr_val}{'raw'}) { + print DICT " .name = NULL, \n"; + } else { + print DICT " .name = \"", $attributes{$attr_val}{'name'}, "\", \n"; + if ($attributes{$attr_val}{'vendor'}) { + print DICT " .vendor = ", $attributes{$attr_val}{'vendor'}, ", \n"; + } + + print DICT " .attr = ", $attributes{$attr_val}{'value'}, ", \n"; + print DICT " .type = ", $attributes{$attr_val}{'type'}, ", \n"; + + if ($attributes{$attr_val}{'flags'}) { + print DICT " .flags = {\n"; + foreach $flag (keys %{$attributes{$attr_val}{'flags'}}) { + print DICT " .$flag = $attributes{$attr_val}{'flags'}{$flag},\n"; + } + print DICT " },\n"; + } + + $num_names++; + } + + $attributes{$attr_val}{'offset'} = $offset++; + + print DICT " },\n"; + +} +print DICT "};\n\n"; + +print DICT "const int nr_dict_num_attrs = ", $offset - 1, ";\n\n"; +print DICT "const int nr_dict_num_names = ", $num_names - 1, ";\n\n"; + +my $offset = 0; +print DICT "const DICT_ATTR *nr_dict_attr_names[] = {\n"; +foreach $attr_val (sort {lc($attributes{$a}{'name'}) cmp lc($attributes{$b}{'name'})} keys %attributes) { + next if (defined $attributes{$attr_val}{'raw'}); + + print DICT " &nr_dict_attrs[", $attributes{$attr_val}{'offset'}, "], /* ", $attributes{$attr_val}{'name'}, " */\n"; +} + +print DICT "};\n\n"; +close DICT; + +open HDR, ">radius.h" or die "Failed creating radius.c: $!\n"; + +print HDR "/* Automatically generated file. Do not edit */\n\n"; + +foreach $v (sort keys %vendor) { + next if ($v eq ""); + + $name = $v; + $name =~ tr/a-z/A-Z/; # uppercase + $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ + + print HDR "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; +} +print HDR "\n"; + +$begin_vendor = -1; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + next if (defined $attributes{$attr_val}{'raw'}); + + if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { + print HDR "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; + $begin_vendor = $attributes{$attr_val}{'vendor'}; + } + + $name = $attributes{$attr_val}{'name'}; + $name =~ tr/a-z/A-Z/; + $name =~ tr/A-Z0-9/_/c; + + print HDR "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; +} +print HDR "\n"; + +print HDR "/* Fixed offsets to dictionary definitions of attributes */\n"; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + next if (defined $attributes{$attr_val}{'raw'}); + + $name = $attributes{$attr_val}{'name'}; + $name =~ tr/a-z/A-Z/; + $name =~ tr/-/_/; + + print HDR "#define NR_DA_$name (&nr_dict_attrs[$attributes{$attr_val}{'offset'}])\n"; +} + +print HDR "/* Automatically generated file. Do not edit */\n"; + +close HDR; diff --git a/lib/radius/crypto.c b/lib/radius/crypto.c new file mode 100644 index 0000000..02a223d --- /dev/null +++ b/lib/radius/crypto.c @@ -0,0 +1,233 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file crypto.c + * \brief Data obfuscation and signing, using MD5. + * + * The "encryption" methods defined here are export-safe. The + * technical cryptography name for these functions is "obfuscation". + * They cannot properly be called "encryption", in the same way that + * DES or AES performs encryption. + */ + +/** \cond PRIVATE */ + +#include + + +ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector) +{ + size_t i, j, len; + uint8_t digest[16]; + NR_MD5_CTX ctx, secret_ctx; + + if (!output || (outlen < 16) || !input || (inlen == 0) || + !secret || !vector) { + return -NR_ERR_INVALID_ARG; + } + + len = inlen; + if (len > 128) return -NR_ERR_ATTR_OVERFLOW; + + len = (len + 0x0f) & ~0x0f; /* round up to 16 byte boundary */ + + if (outlen < len) return -NR_ERR_ATTR_OVERFLOW; + + memcpy(output, input, len); + memset(output + len, 0, 128 - len); + + nr_MD5Init(&secret_ctx); + nr_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + + for (j = 0; j < len; j += 16) { + ctx = secret_ctx; + + if (j == 0) { + nr_MD5Update(&ctx, vector, 16); + nr_MD5Final(digest, &ctx); + } else { + nr_MD5Update(&ctx, &output[j - 16], 16); + nr_MD5Final(digest, &ctx); + } + + for (i = 0; i < 16; i++) { + output[i + j] ^= digest[i]; + } + } + + return len; +} + +#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD +ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector) +{ + size_t i, j, len; + NR_MD5_CTX ctx, secret_ctx; + uint8_t digest[16]; + + if (!output || (outlen < 18) || !input || (inlen == 0) || + !secret || !vector) { + return -NR_ERR_INVALID_ARG; + } + + len = ((inlen + 1) + 0x0f) & ~0x0f; + if (len > 251) return -NR_ERR_ATTR_OVERFLOW; + + output[0] = (nr_rand() & 0xff) | 0x80; + output[1] = nr_rand() & 0xff; + output[2] = inlen; + + memcpy(output + 3, input, inlen); + memset(output + 3 + inlen, 0, len - inlen - 1); + + nr_MD5Init(&secret_ctx); + nr_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + + for (j = 0; j < len; j += 16) { + ctx = secret_ctx; + + if (j == 0) { + nr_MD5Update(&ctx, vector, 16); + nr_MD5Update(&ctx, output, 2); + nr_MD5Final(digest, &ctx); + } else { + nr_MD5Update(&ctx, &output[j + 2 - 16], 16); + nr_MD5Final(digest, &ctx); + } + + for (i = 0; i < 16; i++) { + output[i + j + 2] ^= digest[i]; + } + } + + return len + 2; +} + +ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, + const uint8_t *input, size_t inlen, + const char *secret, const uint8_t *vector) +{ + size_t i, j, len, encoded_len; + NR_MD5_CTX ctx, secret_ctx; + uint8_t digest[16]; + + if (!output || (outlen < 1) || !input || (inlen < 2) || + !secret || !vector) { + return -NR_ERR_INVALID_ARG; + } + + if (inlen <= 3) { + output[0] = 0; + return 0; + } + + len = inlen - 2; + + if (outlen < (len - 1)) return -NR_ERR_ATTR_OVERFLOW; + + nr_MD5Init(&secret_ctx); + nr_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + + ctx = secret_ctx; + + nr_MD5Update(&ctx, vector, 16); /* MD5(secret + vector + salt) */ + nr_MD5Update(&ctx, input, 2); + nr_MD5Final(digest, &ctx); + + encoded_len = input[2] ^ digest[0]; + if (encoded_len >= len) { + return -NR_ERR_ATTR_TOO_LARGE; + } + + for (i = 0; i < 15; i++) { + output[i] = input[i + 3] ^ digest[i + 1]; + } + + for (j = 16; j < len; j += 16) { + ctx = secret_ctx; + + nr_MD5Update(&ctx, input + j - 16 + 2, 16); + nr_MD5Final(digest, &ctx); + + for (i = 0; i < 16; i++) { + output[i + j - 1] = input[i + j + 2] ^ digest[i]; + } + + + } + + output[encoded_len] = '\0'; + return encoded_len; +} +#endif + +void +nr_hmac_md5(const uint8_t *data, size_t data_len, + const uint8_t *key, size_t key_len, + uint8_t digest[16]) +{ + size_t i; + uint8_t k_ipad[64]; + uint8_t k_opad[64]; + uint8_t tk[16]; + NR_MD5_CTX ctx; + + if (key_len > 64) { + nr_MD5Init(&ctx); + nr_MD5Update(&ctx, key, key_len); + nr_MD5Final(tk, &ctx); + + key = tk; + key_len = 16; + } + + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memcpy(k_ipad, key, key_len); + memcpy(k_opad, key, key_len); + + for (i = 0; i < sizeof(k_ipad); i++) { + k_ipad[i] ^= 0x36; + k_opad[i] ^= 0x5c; + } + + nr_MD5Init(&ctx); + nr_MD5Update(&ctx, k_ipad, sizeof(k_ipad)); + nr_MD5Update(&ctx, data, data_len); + nr_MD5Final(digest, &ctx); + + nr_MD5Init(&ctx); + nr_MD5Update(&ctx, k_opad, sizeof(k_opad)); + nr_MD5Update(&ctx, digest, 16); + nr_MD5Final(digest, &ctx); +} + +/** \endcond */ diff --git a/lib/radius/custom.c b/lib/radius/custom.c new file mode 100644 index 0000000..e33cf5a --- /dev/null +++ b/lib/radius/custom.c @@ -0,0 +1,87 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file custom.c + * \brief Functions which should be customized for your local system. + */ + +#include + +#include +#include + +ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) +{ + static int fd = -1; + + if (fd < 0) { + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + nr_strerror_printf("Error opening randomness: %s", + strerror(errno)); + return 0; + } + } + + return read(fd, data, data_len); +} + +uint32_t nr_rand(void) +{ + uint32_t lvalue; + + nr_rand_bytes((void *)&lvalue, sizeof(lvalue)); + return lvalue; +} + + +#ifndef USEC +#define USEC (1000000) +#endif + +void nr_timeval_add(struct timeval *t, unsigned int seconds, unsigned int usec) +{ + t->tv_sec += seconds; + t->tv_sec += usec / USEC; + t->tv_usec += usec % USEC; + if (t->tv_usec > USEC) { + t->tv_sec++; + t->tv_usec -= USEC; + } +} + +int nr_timeval_cmp(const struct timeval *a, const struct timeval *b) +{ + if (a->tv_sec > b->tv_sec) return +1; + if (a->tv_sec < b->tv_sec) return -1; + + if (a->tv_usec > b->tv_usec) return +1; + if (a->tv_usec < b->tv_usec) return -1; + + return 0; +} + diff --git a/lib/radius/dict.c b/lib/radius/dict.c new file mode 100644 index 0000000..26fe7d0 --- /dev/null +++ b/lib/radius/dict.c @@ -0,0 +1,172 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +/** \file dict.c + * \brief Functions for name to number, and number to name mappings. + */ + +const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, unsigned int vendor) +{ + int start, half, end; + + if (!vendor && (attr > 0) && (attr < 256)) { + if (nr_dict_attrs[attr].name) { + return &nr_dict_attrs[attr]; + } + return NULL; + } + + if (!vendor) return NULL; /* no "non-protocol" attributes */ + + start = 256; /* first 256 entries are "standard" ones */ + end = nr_dict_num_attrs; + + do { + half = (start + end) / 2; + + if ((nr_dict_attrs[half].vendor == vendor) && + (nr_dict_attrs[half].attr == attr)) { + return &nr_dict_attrs[half]; + } + + if ((vendor > nr_dict_attrs[half].vendor) && + (attr > nr_dict_attrs[half].attr)) { + start = half + 1; + } else { + end = half - 1; + } + + } while (start <= end); + + return NULL; +} + +const DICT_ATTR *nr_dict_attr_byname(const char *name) +{ + int start, half, end; + + start = 1; + end = nr_dict_num_names; + + if (!name || !*name) return NULL; + + do { + int rcode; + + half = (start + end) / 2; + + rcode = strcasecmp(name, nr_dict_attr_names[half]->name); + if (rcode == 0) return nr_dict_attr_names[half]; + + if (rcode > 0) { + start = half + 1; + } else { + end = half - 1; + } + + + } while (start <= end); + + return NULL; +} + +int nr_dict_attr_2struct(DICT_ATTR *da, unsigned int attr, unsigned int vendor, + char *buffer, size_t bufsize) +{ + if (!da || !buffer) return -NR_ERR_INVALID_ARG; + + if (!vendor) { + if (attr > 256) return -NR_ERR_INVALID_ARG; + + } else if (vendor > (1 << 24)) { + return -NR_ERR_INVALID_ARG; + } + + memset(da, 0, sizeof(*da)); + da->attr = attr; + da->flags.unknown = 1; + da->type = NR_TYPE_OCTETS; + da->vendor = vendor; + + if (da->vendor) { + snprintf(buffer, bufsize, "Attr-26.%u.%u", + vendor, attr); + } else { + snprintf(buffer, bufsize, "Attr-%u", attr); + } + da->name = buffer; + + return 0; +} + + +const DICT_VALUE *nr_dict_value_byattr(UNUSED unsigned int attr, + UNUSED unsigned int vendor, + UNUSED int value) +{ + return NULL; +} + +const DICT_VALUE *nr_dict_value_byname(UNUSED unsigned int attr, + UNUSED unsigned int vendor, + UNUSED const char *name) +{ + return NULL; +} + +int nr_dict_vendor_byname(const char *name) +{ + const DICT_VENDOR *dv; + + if (!name || !*name) return 0; + + /* + * O(n) lookup. + */ + for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { + if (strcasecmp(dv->name, name) == 0) return dv->vendor; + } + + return 0; +} + +const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor) +{ + const DICT_VENDOR *dv; + + /* + * O(n) lookup. + */ + for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { + if (dv->vendor == vendor) return dv; + } + + return NULL; +} diff --git a/lib/radius/dictionaries.c b/lib/radius/dictionaries.c new file mode 100644 index 0000000..d1f4b6f --- /dev/null +++ b/lib/radius/dictionaries.c @@ -0,0 +1,1515 @@ +const DICT_VENDOR nr_dict_vendors[] = { + { + .name = "Microsoft", + .vendor = 311, + .type = 1, + .length = 1, + }, + { + .name = "example", + .vendor = 65535, + .type = 1, + .length = 1, + }, + + { .name = NULL, } +}; + +const DICT_ATTR nr_dict_attrs[] = { + { /* 0 */ + .name = NULL, + }, + { /* 1 */ + .name = "User-Name", + .attr = 1, + .type = NR_TYPE_STRING, + }, + { /* 2 */ + .name = "User-Password", + .attr = 2, + .type = NR_TYPE_STRING, + .flags = { + .encrypt = FLAG_ENCRYPT_USER_PASSWORD, + }, + }, + { /* 3 */ + .name = "CHAP-Password", + .attr = 3, + .type = NR_TYPE_OCTETS, + }, + { /* 4 */ + .name = "NAS-IP-Address", + .attr = 4, + .type = NR_TYPE_IPADDR, + .flags = { + .length = 4, + }, + }, + { /* 5 */ + .name = "NAS-Port", + .attr = 5, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 6 */ + .name = "Service-Type", + .attr = 6, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 7 */ + .name = "Framed-Protocol", + .attr = 7, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 8 */ + .name = "Framed-IP-Address", + .attr = 8, + .type = NR_TYPE_IPADDR, + .flags = { + .length = 4, + }, + }, + { /* 9 */ + .name = "Framed-IP-Netmask", + .attr = 9, + .type = NR_TYPE_IPADDR, + .flags = { + .length = 4, + }, + }, + { /* 10 */ + .name = "Framed-Routing", + .attr = 10, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 11 */ + .name = "Filter-Id", + .attr = 11, + .type = NR_TYPE_STRING, + }, + { /* 12 */ + .name = "Framed-MTU", + .attr = 12, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 13 */ + .name = "Framed-Compression", + .attr = 13, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 14 */ + .name = "Login-IP-Host", + .attr = 14, + .type = NR_TYPE_IPADDR, + .flags = { + .length = 4, + }, + }, + { /* 15 */ + .name = "Login-Service", + .attr = 15, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 16 */ + .name = "Login-TCP-Port", + .attr = 16, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 17 */ + .name = NULL, + }, + { /* 18 */ + .name = "Reply-Message", + .attr = 18, + .type = NR_TYPE_STRING, + }, + { /* 19 */ + .name = "Callback-Number", + .attr = 19, + .type = NR_TYPE_STRING, + }, + { /* 20 */ + .name = "Callback-Id", + .attr = 20, + .type = NR_TYPE_STRING, + }, + { /* 21 */ + .name = NULL, + }, + { /* 22 */ + .name = "Framed-Route", + .attr = 22, + .type = NR_TYPE_STRING, + }, + { /* 23 */ + .name = "Framed-IPX-Network", + .attr = 23, + .type = NR_TYPE_IPADDR, + .flags = { + .length = 4, + }, + }, + { /* 24 */ + .name = "State", + .attr = 24, + .type = NR_TYPE_OCTETS, + }, + { /* 25 */ + .name = "Class", + .attr = 25, + .type = NR_TYPE_OCTETS, + }, + { /* 26 */ + .name = "Vendor-Specific", + .attr = 26, + .type = NR_TYPE_OCTETS, + }, + { /* 27 */ + .name = "Session-Timeout", + .attr = 27, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 28 */ + .name = "Idle-Timeout", + .attr = 28, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 29 */ + .name = "Termination-Action", + .attr = 29, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 30 */ + .name = "Called-Station-Id", + .attr = 30, + .type = NR_TYPE_STRING, + }, + { /* 31 */ + .name = "Calling-Station-Id", + .attr = 31, + .type = NR_TYPE_STRING, + }, + { /* 32 */ + .name = "NAS-Identifier", + .attr = 32, + .type = NR_TYPE_STRING, + }, + { /* 33 */ + .name = "Proxy-State", + .attr = 33, + .type = NR_TYPE_OCTETS, + }, + { /* 34 */ + .name = "Login-LAT-Service", + .attr = 34, + .type = NR_TYPE_STRING, + }, + { /* 35 */ + .name = "Login-LAT-Node", + .attr = 35, + .type = NR_TYPE_STRING, + }, + { /* 36 */ + .name = "Login-LAT-Group", + .attr = 36, + .type = NR_TYPE_OCTETS, + }, + { /* 37 */ + .name = "Framed-AppleTalk-Link", + .attr = 37, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 38 */ + .name = "Framed-AppleTalk-Network", + .attr = 38, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 39 */ + .name = "Framed-AppleTalk-Zone", + .attr = 39, + .type = NR_TYPE_STRING, + }, + { /* 40 */ + .name = "Acct-Status-Type", + .attr = 40, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 41 */ + .name = "Acct-Delay-Time", + .attr = 41, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 42 */ + .name = "Acct-Input-Octets", + .attr = 42, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 43 */ + .name = "Acct-Output-Octets", + .attr = 43, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 44 */ + .name = "Acct-Session-Id", + .attr = 44, + .type = NR_TYPE_STRING, + }, + { /* 45 */ + .name = "Acct-Authentic", + .attr = 45, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 46 */ + .name = "Acct-Session-Time", + .attr = 46, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 47 */ + .name = "Acct-Input-Packets", + .attr = 47, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 48 */ + .name = "Acct-Output-Packets", + .attr = 48, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 49 */ + .name = "Acct-Terminate-Cause", + .attr = 49, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 50 */ + .name = "Acct-Multi-Session-Id", + .attr = 50, + .type = NR_TYPE_STRING, + }, + { /* 51 */ + .name = "Acct-Link-Count", + .attr = 51, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 52 */ + .name = "Acct-Input-Gigawords", + .attr = 52, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 53 */ + .name = "Acct-Output-Gigawords", + .attr = 53, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 54 */ + .name = NULL, + }, + { /* 55 */ + .name = "Event-Timestamp", + .attr = 55, + .type = NR_TYPE_DATE, + .flags = { + .length = 4, + }, + }, + { /* 56 */ + .name = "Egress-VLANID", + .attr = 56, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 57 */ + .name = "Ingress-Filters", + .attr = 57, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 58 */ + .name = "Egress-VLAN-Name", + .attr = 58, + .type = NR_TYPE_STRING, + }, + { /* 59 */ + .name = "User-Priority-Table", + .attr = 59, + .type = NR_TYPE_OCTETS, + }, + { /* 60 */ + .name = "CHAP-Challenge", + .attr = 60, + .type = NR_TYPE_OCTETS, + }, + { /* 61 */ + .name = "NAS-Port-Type", + .attr = 61, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 62 */ + .name = "Port-Limit", + .attr = 62, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 63 */ + .name = "Login-LAT-Port", + .attr = 63, + .type = NR_TYPE_STRING, + }, + { /* 64 */ + .name = "Tunnel-Type", + .attr = 64, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + .has_tag = 1, + }, + }, + { /* 65 */ + .name = "Tunnel-Medium-Type", + .attr = 65, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + .has_tag = 1, + }, + }, + { /* 66 */ + .name = "Tunnel-Client-Endpoint", + .attr = 66, + .type = NR_TYPE_STRING, + .flags = { + .has_tag = 1, + }, + }, + { /* 67 */ + .name = "Tunnel-Server-Endpoint", + .attr = 67, + .type = NR_TYPE_STRING, + .flags = { + .has_tag = 1, + }, + }, + { /* 68 */ + .name = "Acct-Tunnel-Connection", + .attr = 68, + .type = NR_TYPE_STRING, + }, + { /* 69 */ + .name = "Tunnel-Password", + .attr = 69, + .type = NR_TYPE_STRING, + .flags = { + .encrypt = FLAG_ENCRYPT_TUNNEL_PASSWORD, + .has_tag = 1, + }, + }, + { /* 70 */ + .name = "ARAP-Password", + .attr = 70, + .type = NR_TYPE_OCTETS, + .flags = { + .length = 16, + }, + }, + { /* 71 */ + .name = "ARAP-Features", + .attr = 71, + .type = NR_TYPE_OCTETS, + .flags = { + .length = 14, + }, + }, + { /* 72 */ + .name = "ARAP-Zone-Access", + .attr = 72, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 73 */ + .name = "ARAP-Security", + .attr = 73, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 74 */ + .name = "ARAP-Security-Data", + .attr = 74, + .type = NR_TYPE_STRING, + }, + { /* 75 */ + .name = "Password-Retry", + .attr = 75, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 76 */ + .name = "Prompt", + .attr = 76, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 77 */ + .name = "Connect-Info", + .attr = 77, + .type = NR_TYPE_STRING, + }, + { /* 78 */ + .name = "Configuration-Token", + .attr = 78, + .type = NR_TYPE_STRING, + }, + { /* 79 */ + .name = "EAP-Message", + .attr = 79, + .type = NR_TYPE_OCTETS, + }, + { /* 80 */ + .name = "Message-Authenticator", + .attr = 80, + .type = NR_TYPE_OCTETS, + }, + { /* 81 */ + .name = "Tunnel-Private-Group-Id", + .attr = 81, + .type = NR_TYPE_STRING, + .flags = { + .has_tag = 1, + }, + }, + { /* 82 */ + .name = "Tunnel-Assignment-Id", + .attr = 82, + .type = NR_TYPE_STRING, + .flags = { + .has_tag = 1, + }, + }, + { /* 83 */ + .name = "Tunnel-Preference", + .attr = 83, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + .has_tag = 1, + }, + }, + { /* 84 */ + .name = "ARAP-Challenge-Response", + .attr = 84, + .type = NR_TYPE_OCTETS, + .flags = { + .length = 8, + }, + }, + { /* 85 */ + .name = "Acct-Interim-Interval", + .attr = 85, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 86 */ + .name = "Acct-Tunnel-Packets-Lost", + .attr = 86, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 87 */ + .name = "NAS-Port-Id", + .attr = 87, + .type = NR_TYPE_STRING, + }, + { /* 88 */ + .name = "Framed-Pool", + .attr = 88, + .type = NR_TYPE_STRING, + }, + { /* 89 */ + .name = "Chargeable-User-Identity", + .attr = 89, + .type = NR_TYPE_STRING, + }, + { /* 90 */ + .name = "Tunnel-Client-Auth-Id", + .attr = 90, + .type = NR_TYPE_STRING, + .flags = { + .has_tag = 1, + }, + }, + { /* 91 */ + .name = "Tunnel-Server-Auth-Id", + .attr = 91, + .type = NR_TYPE_STRING, + .flags = { + .has_tag = 1, + }, + }, + { /* 92 */ + .name = "NAS-Filter-Rule", + .attr = 92, + .type = NR_TYPE_STRING, + }, + { /* 93 */ + .name = NULL, + }, + { /* 94 */ + .name = NULL, + }, + { /* 95 */ + .name = "NAS-IPv6-Address", + .attr = 95, + .type = NR_TYPE_IPV6ADDR, + .flags = { + .length = 16, + }, + }, + { /* 96 */ + .name = "Framed-Interface-Id", + .attr = 96, + .type = NR_TYPE_IFID, + .flags = { + .length = 8, + }, + }, + { /* 97 */ + .name = "Framed-IPv6-Prefix", + .attr = 97, + .type = NR_TYPE_IPV6PREFIX, + }, + { /* 98 */ + .name = "Login-IPv6-Host", + .attr = 98, + .type = NR_TYPE_IPV6ADDR, + .flags = { + .length = 16, + }, + }, + { /* 99 */ + .name = "Framed-IPv6-Route", + .attr = 99, + .type = NR_TYPE_STRING, + }, + { /* 100 */ + .name = "Framed-IPv6-Pool", + .attr = 100, + .type = NR_TYPE_STRING, + }, + { /* 101 */ + .name = "Error-Cause", + .attr = 101, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 102 */ + .name = "EAP-Key-Name", + .attr = 102, + .type = NR_TYPE_STRING, + }, + { /* 103 */ + .name = "Digest-Response", + .attr = 103, + .type = NR_TYPE_STRING, + }, + { /* 104 */ + .name = "Digest-Realm", + .attr = 104, + .type = NR_TYPE_STRING, + }, + { /* 105 */ + .name = "Digest-Nonce", + .attr = 105, + .type = NR_TYPE_STRING, + }, + { /* 106 */ + .name = "Digest-Response-Auth", + .attr = 106, + .type = NR_TYPE_STRING, + }, + { /* 107 */ + .name = "Digest-Nextnonce", + .attr = 107, + .type = NR_TYPE_STRING, + }, + { /* 108 */ + .name = "Digest-Method", + .attr = 108, + .type = NR_TYPE_STRING, + }, + { /* 109 */ + .name = "Digest-URI", + .attr = 109, + .type = NR_TYPE_STRING, + }, + { /* 110 */ + .name = "Digest-Qop", + .attr = 110, + .type = NR_TYPE_STRING, + }, + { /* 111 */ + .name = "Digest-Algorithm", + .attr = 111, + .type = NR_TYPE_STRING, + }, + { /* 112 */ + .name = "Digest-Entity-Body-Hash", + .attr = 112, + .type = NR_TYPE_STRING, + }, + { /* 113 */ + .name = "Digest-CNonce", + .attr = 113, + .type = NR_TYPE_STRING, + }, + { /* 114 */ + .name = "Digest-Nonce-Count", + .attr = 114, + .type = NR_TYPE_STRING, + }, + { /* 115 */ + .name = "Digest-Username", + .attr = 115, + .type = NR_TYPE_STRING, + }, + { /* 116 */ + .name = "Digest-Opaque", + .attr = 116, + .type = NR_TYPE_STRING, + }, + { /* 117 */ + .name = "Digest-Auth-Param", + .attr = 117, + .type = NR_TYPE_STRING, + }, + { /* 118 */ + .name = "Digest-AKA-Auts", + .attr = 118, + .type = NR_TYPE_STRING, + }, + { /* 119 */ + .name = "Digest-Domain", + .attr = 119, + .type = NR_TYPE_STRING, + }, + { /* 120 */ + .name = "Digest-Stale", + .attr = 120, + .type = NR_TYPE_STRING, + }, + { /* 121 */ + .name = "Digest-HA1", + .attr = 121, + .type = NR_TYPE_STRING, + }, + { /* 122 */ + .name = "SIP-AOR", + .attr = 122, + .type = NR_TYPE_STRING, + }, + { /* 123 */ + .name = "Delegated-IPv6-Prefix", + .attr = 123, + .type = NR_TYPE_IPV6PREFIX, + }, + { /* 124 */ + .name = NULL, + }, + { /* 125 */ + .name = NULL, + }, + { /* 126 */ + .name = "Operator-Name", + .attr = 126, + .type = NR_TYPE_STRING, + }, + { /* 127 */ + .name = "Location-Information", + .attr = 127, + .type = NR_TYPE_OCTETS, + }, + { /* 128 */ + .name = "Location-Data", + .attr = 128, + .type = NR_TYPE_OCTETS, + }, + { /* 129 */ + .name = "Basic-Location-Policy-Rules", + .attr = 129, + .type = NR_TYPE_OCTETS, + }, + { /* 130 */ + .name = "Extended-Location-Policy-Rules", + .attr = 130, + .type = NR_TYPE_OCTETS, + }, + { /* 131 */ + .name = "Location-Capable", + .attr = 131, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 132 */ + .name = "Requested-Location-Info", + .attr = 132, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 133 */ + .name = "Framed-Management", + .attr = 133, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 134 */ + .name = "Management-Transport-Protection", + .attr = 134, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 135 */ + .name = "Management-Policy-Id", + .attr = 135, + .type = NR_TYPE_STRING, + }, + { /* 136 */ + .name = "Management-Privilege-Level", + .attr = 136, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 137 */ + .name = "PKM-SS-Cert", + .attr = 137, + .type = NR_TYPE_OCTETS, + }, + { /* 138 */ + .name = "PKM-CA-Cert", + .attr = 138, + .type = NR_TYPE_OCTETS, + }, + { /* 139 */ + .name = "PKM-Config-Settings", + .attr = 139, + .type = NR_TYPE_OCTETS, + }, + { /* 140 */ + .name = "PKM-Cryptosuite-List", + .attr = 140, + .type = NR_TYPE_OCTETS, + }, + { /* 141 */ + .name = "PKM-SAID", + .attr = 141, + .type = NR_TYPE_SHORT, + .flags = { + .length = 2, + }, + }, + { /* 142 */ + .name = "PKM-SA-Descriptor", + .attr = 142, + .type = NR_TYPE_OCTETS, + }, + { /* 143 */ + .name = "PKM-Auth-Key", + .attr = 143, + .type = NR_TYPE_OCTETS, + }, + { /* 144 */ + .name = NULL, + }, + { /* 145 */ + .name = NULL, + }, + { /* 146 */ + .name = NULL, + }, + { /* 147 */ + .name = NULL, + }, + { /* 148 */ + .name = NULL, + }, + { /* 149 */ + .name = NULL, + }, + { /* 150 */ + .name = NULL, + }, + { /* 151 */ + .name = NULL, + }, + { /* 152 */ + .name = NULL, + }, + { /* 153 */ + .name = NULL, + }, + { /* 154 */ + .name = NULL, + }, + { /* 155 */ + .name = NULL, + }, + { /* 156 */ + .name = NULL, + }, + { /* 157 */ + .name = NULL, + }, + { /* 158 */ + .name = NULL, + }, + { /* 159 */ + .name = NULL, + }, + { /* 160 */ + .name = NULL, + }, + { /* 161 */ + .name = NULL, + }, + { /* 162 */ + .name = NULL, + }, + { /* 163 */ + .name = NULL, + }, + { /* 164 */ + .name = NULL, + }, + { /* 165 */ + .name = NULL, + }, + { /* 166 */ + .name = NULL, + }, + { /* 167 */ + .name = NULL, + }, + { /* 168 */ + .name = NULL, + }, + { /* 169 */ + .name = NULL, + }, + { /* 170 */ + .name = NULL, + }, + { /* 171 */ + .name = NULL, + }, + { /* 172 */ + .name = NULL, + }, + { /* 173 */ + .name = NULL, + }, + { /* 174 */ + .name = NULL, + }, + { /* 175 */ + .name = NULL, + }, + { /* 176 */ + .name = NULL, + }, + { /* 177 */ + .name = NULL, + }, + { /* 178 */ + .name = NULL, + }, + { /* 179 */ + .name = NULL, + }, + { /* 180 */ + .name = NULL, + }, + { /* 181 */ + .name = NULL, + }, + { /* 182 */ + .name = NULL, + }, + { /* 183 */ + .name = NULL, + }, + { /* 184 */ + .name = NULL, + }, + { /* 185 */ + .name = NULL, + }, + { /* 186 */ + .name = NULL, + }, + { /* 187 */ + .name = NULL, + }, + { /* 188 */ + .name = NULL, + }, + { /* 189 */ + .name = NULL, + }, + { /* 190 */ + .name = NULL, + }, + { /* 191 */ + .name = NULL, + }, + { /* 192 */ + .name = NULL, + }, + { /* 193 */ + .name = NULL, + }, + { /* 194 */ + .name = NULL, + }, + { /* 195 */ + .name = NULL, + }, + { /* 196 */ + .name = NULL, + }, + { /* 197 */ + .name = NULL, + }, + { /* 198 */ + .name = NULL, + }, + { /* 199 */ + .name = NULL, + }, + { /* 200 */ + .name = NULL, + }, + { /* 201 */ + .name = NULL, + }, + { /* 202 */ + .name = NULL, + }, + { /* 203 */ + .name = NULL, + }, + { /* 204 */ + .name = NULL, + }, + { /* 205 */ + .name = NULL, + }, + { /* 206 */ + .name = NULL, + }, + { /* 207 */ + .name = NULL, + }, + { /* 208 */ + .name = NULL, + }, + { /* 209 */ + .name = NULL, + }, + { /* 210 */ + .name = NULL, + }, + { /* 211 */ + .name = NULL, + }, + { /* 212 */ + .name = NULL, + }, + { /* 213 */ + .name = NULL, + }, + { /* 214 */ + .name = NULL, + }, + { /* 215 */ + .name = NULL, + }, + { /* 216 */ + .name = NULL, + }, + { /* 217 */ + .name = NULL, + }, + { /* 218 */ + .name = NULL, + }, + { /* 219 */ + .name = NULL, + }, + { /* 220 */ + .name = NULL, + }, + { /* 221 */ + .name = NULL, + }, + { /* 222 */ + .name = NULL, + }, + { /* 223 */ + .name = NULL, + }, + { /* 224 */ + .name = NULL, + }, + { /* 225 */ + .name = NULL, + }, + { /* 226 */ + .name = NULL, + }, + { /* 227 */ + .name = NULL, + }, + { /* 228 */ + .name = NULL, + }, + { /* 229 */ + .name = NULL, + }, + { /* 230 */ + .name = NULL, + }, + { /* 231 */ + .name = NULL, + }, + { /* 232 */ + .name = NULL, + }, + { /* 233 */ + .name = NULL, + }, + { /* 234 */ + .name = NULL, + }, + { /* 235 */ + .name = NULL, + }, + { /* 236 */ + .name = NULL, + }, + { /* 237 */ + .name = NULL, + }, + { /* 238 */ + .name = NULL, + }, + { /* 239 */ + .name = NULL, + }, + { /* 240 */ + .name = NULL, + }, + { /* 241 */ + .name = NULL, + }, + { /* 242 */ + .name = NULL, + }, + { /* 243 */ + .name = NULL, + }, + { /* 244 */ + .name = NULL, + }, + { /* 245 */ + .name = NULL, + }, + { /* 246 */ + .name = NULL, + }, + { /* 247 */ + .name = NULL, + }, + { /* 248 */ + .name = NULL, + }, + { /* 249 */ + .name = NULL, + }, + { /* 250 */ + .name = NULL, + }, + { /* 251 */ + .name = NULL, + }, + { /* 252 */ + .name = NULL, + }, + { /* 253 */ + .name = NULL, + }, + { /* 254 */ + .name = NULL, + }, + { /* 255 */ + .name = NULL, + }, + { /* 256 */ + .name = "MS-CHAP-Response", + .vendor = 311, + .attr = 1, + .type = NR_TYPE_OCTETS, + }, + { /* 257 */ + .name = "MS-CHAP-Error", + .vendor = 311, + .attr = 2, + .type = NR_TYPE_STRING, + }, + { /* 258 */ + .name = "MS-MPPE-Encryption-Policy", + .vendor = 311, + .attr = 7, + .type = NR_TYPE_OCTETS, + }, + { /* 259 */ + .name = "MS-MPPE-Encryption-Types", + .vendor = 311, + .attr = 8, + .type = NR_TYPE_OCTETS, + }, + { /* 260 */ + .name = "MS-CHAP-Domain", + .vendor = 311, + .attr = 10, + .type = NR_TYPE_STRING, + }, + { /* 261 */ + .name = "MS-CHAP-Challenge", + .vendor = 311, + .attr = 11, + .type = NR_TYPE_OCTETS, + }, + { /* 262 */ + .name = "MS-CHAP-MPPE-Keys", + .vendor = 311, + .attr = 12, + .type = NR_TYPE_OCTETS, + .flags = { + .encrypt = FLAG_ENCRYPT_USER_PASSWORD, + }, + }, + { /* 263 */ + .name = "MS-MPPE-Send-Key", + .vendor = 311, + .attr = 16, + .type = NR_TYPE_OCTETS, + .flags = { + .encrypt = FLAG_ENCRYPT_TUNNEL_PASSWORD, + }, + }, + { /* 264 */ + .name = "MS-MPPE-Recv-Key", + .vendor = 311, + .attr = 17, + .type = NR_TYPE_OCTETS, + .flags = { + .encrypt = FLAG_ENCRYPT_TUNNEL_PASSWORD, + }, + }, + { /* 265 */ + .name = "MS-CHAP2-Response", + .vendor = 311, + .attr = 25, + .type = NR_TYPE_OCTETS, + }, + { /* 266 */ + .name = "MS-CHAP2-Success", + .vendor = 311, + .attr = 26, + .type = NR_TYPE_OCTETS, + }, + { /* 267 */ + .name = "Example-Integer", + .vendor = 65535, + .attr = 1, + .type = NR_TYPE_INTEGER, + .flags = { + .length = 4, + }, + }, + { /* 268 */ + .name = "Example-String", + .vendor = 65535, + .attr = 2, + .type = NR_TYPE_STRING, + }, + { /* 269 */ + .name = "Example-IP-Address", + .vendor = 65535, + .attr = 3, + .type = NR_TYPE_IPADDR, + .flags = { + .length = 4, + }, + }, +}; + +const int nr_dict_num_attrs = 269; + +const int nr_dict_num_names = 149; + +const DICT_ATTR *nr_dict_attr_names[] = { + &nr_dict_attrs[45], /* Acct-Authentic */ + &nr_dict_attrs[41], /* Acct-Delay-Time */ + &nr_dict_attrs[52], /* Acct-Input-Gigawords */ + &nr_dict_attrs[42], /* Acct-Input-Octets */ + &nr_dict_attrs[47], /* Acct-Input-Packets */ + &nr_dict_attrs[85], /* Acct-Interim-Interval */ + &nr_dict_attrs[51], /* Acct-Link-Count */ + &nr_dict_attrs[50], /* Acct-Multi-Session-Id */ + &nr_dict_attrs[53], /* Acct-Output-Gigawords */ + &nr_dict_attrs[43], /* Acct-Output-Octets */ + &nr_dict_attrs[48], /* Acct-Output-Packets */ + &nr_dict_attrs[44], /* Acct-Session-Id */ + &nr_dict_attrs[46], /* Acct-Session-Time */ + &nr_dict_attrs[40], /* Acct-Status-Type */ + &nr_dict_attrs[49], /* Acct-Terminate-Cause */ + &nr_dict_attrs[68], /* Acct-Tunnel-Connection */ + &nr_dict_attrs[86], /* Acct-Tunnel-Packets-Lost */ + &nr_dict_attrs[84], /* ARAP-Challenge-Response */ + &nr_dict_attrs[71], /* ARAP-Features */ + &nr_dict_attrs[70], /* ARAP-Password */ + &nr_dict_attrs[73], /* ARAP-Security */ + &nr_dict_attrs[74], /* ARAP-Security-Data */ + &nr_dict_attrs[72], /* ARAP-Zone-Access */ + &nr_dict_attrs[129], /* Basic-Location-Policy-Rules */ + &nr_dict_attrs[20], /* Callback-Id */ + &nr_dict_attrs[19], /* Callback-Number */ + &nr_dict_attrs[30], /* Called-Station-Id */ + &nr_dict_attrs[31], /* Calling-Station-Id */ + &nr_dict_attrs[60], /* CHAP-Challenge */ + &nr_dict_attrs[3], /* CHAP-Password */ + &nr_dict_attrs[89], /* Chargeable-User-Identity */ + &nr_dict_attrs[25], /* Class */ + &nr_dict_attrs[78], /* Configuration-Token */ + &nr_dict_attrs[77], /* Connect-Info */ + &nr_dict_attrs[123], /* Delegated-IPv6-Prefix */ + &nr_dict_attrs[118], /* Digest-AKA-Auts */ + &nr_dict_attrs[111], /* Digest-Algorithm */ + &nr_dict_attrs[117], /* Digest-Auth-Param */ + &nr_dict_attrs[113], /* Digest-CNonce */ + &nr_dict_attrs[119], /* Digest-Domain */ + &nr_dict_attrs[112], /* Digest-Entity-Body-Hash */ + &nr_dict_attrs[121], /* Digest-HA1 */ + &nr_dict_attrs[108], /* Digest-Method */ + &nr_dict_attrs[107], /* Digest-Nextnonce */ + &nr_dict_attrs[105], /* Digest-Nonce */ + &nr_dict_attrs[114], /* Digest-Nonce-Count */ + &nr_dict_attrs[116], /* Digest-Opaque */ + &nr_dict_attrs[110], /* Digest-Qop */ + &nr_dict_attrs[104], /* Digest-Realm */ + &nr_dict_attrs[103], /* Digest-Response */ + &nr_dict_attrs[106], /* Digest-Response-Auth */ + &nr_dict_attrs[120], /* Digest-Stale */ + &nr_dict_attrs[109], /* Digest-URI */ + &nr_dict_attrs[115], /* Digest-Username */ + &nr_dict_attrs[102], /* EAP-Key-Name */ + &nr_dict_attrs[79], /* EAP-Message */ + &nr_dict_attrs[58], /* Egress-VLAN-Name */ + &nr_dict_attrs[56], /* Egress-VLANID */ + &nr_dict_attrs[101], /* Error-Cause */ + &nr_dict_attrs[55], /* Event-Timestamp */ + &nr_dict_attrs[267], /* Example-Integer */ + &nr_dict_attrs[269], /* Example-IP-Address */ + &nr_dict_attrs[268], /* Example-String */ + &nr_dict_attrs[130], /* Extended-Location-Policy-Rules */ + &nr_dict_attrs[11], /* Filter-Id */ + &nr_dict_attrs[37], /* Framed-AppleTalk-Link */ + &nr_dict_attrs[38], /* Framed-AppleTalk-Network */ + &nr_dict_attrs[39], /* Framed-AppleTalk-Zone */ + &nr_dict_attrs[13], /* Framed-Compression */ + &nr_dict_attrs[96], /* Framed-Interface-Id */ + &nr_dict_attrs[8], /* Framed-IP-Address */ + &nr_dict_attrs[9], /* Framed-IP-Netmask */ + &nr_dict_attrs[100], /* Framed-IPv6-Pool */ + &nr_dict_attrs[97], /* Framed-IPv6-Prefix */ + &nr_dict_attrs[99], /* Framed-IPv6-Route */ + &nr_dict_attrs[23], /* Framed-IPX-Network */ + &nr_dict_attrs[133], /* Framed-Management */ + &nr_dict_attrs[12], /* Framed-MTU */ + &nr_dict_attrs[88], /* Framed-Pool */ + &nr_dict_attrs[7], /* Framed-Protocol */ + &nr_dict_attrs[22], /* Framed-Route */ + &nr_dict_attrs[10], /* Framed-Routing */ + &nr_dict_attrs[28], /* Idle-Timeout */ + &nr_dict_attrs[57], /* Ingress-Filters */ + &nr_dict_attrs[131], /* Location-Capable */ + &nr_dict_attrs[128], /* Location-Data */ + &nr_dict_attrs[127], /* Location-Information */ + &nr_dict_attrs[14], /* Login-IP-Host */ + &nr_dict_attrs[98], /* Login-IPv6-Host */ + &nr_dict_attrs[36], /* Login-LAT-Group */ + &nr_dict_attrs[35], /* Login-LAT-Node */ + &nr_dict_attrs[63], /* Login-LAT-Port */ + &nr_dict_attrs[34], /* Login-LAT-Service */ + &nr_dict_attrs[15], /* Login-Service */ + &nr_dict_attrs[16], /* Login-TCP-Port */ + &nr_dict_attrs[135], /* Management-Policy-Id */ + &nr_dict_attrs[136], /* Management-Privilege-Level */ + &nr_dict_attrs[134], /* Management-Transport-Protection */ + &nr_dict_attrs[80], /* Message-Authenticator */ + &nr_dict_attrs[261], /* MS-CHAP-Challenge */ + &nr_dict_attrs[260], /* MS-CHAP-Domain */ + &nr_dict_attrs[257], /* MS-CHAP-Error */ + &nr_dict_attrs[262], /* MS-CHAP-MPPE-Keys */ + &nr_dict_attrs[256], /* MS-CHAP-Response */ + &nr_dict_attrs[265], /* MS-CHAP2-Response */ + &nr_dict_attrs[266], /* MS-CHAP2-Success */ + &nr_dict_attrs[258], /* MS-MPPE-Encryption-Policy */ + &nr_dict_attrs[259], /* MS-MPPE-Encryption-Types */ + &nr_dict_attrs[264], /* MS-MPPE-Recv-Key */ + &nr_dict_attrs[263], /* MS-MPPE-Send-Key */ + &nr_dict_attrs[92], /* NAS-Filter-Rule */ + &nr_dict_attrs[32], /* NAS-Identifier */ + &nr_dict_attrs[4], /* NAS-IP-Address */ + &nr_dict_attrs[95], /* NAS-IPv6-Address */ + &nr_dict_attrs[5], /* NAS-Port */ + &nr_dict_attrs[87], /* NAS-Port-Id */ + &nr_dict_attrs[61], /* NAS-Port-Type */ + &nr_dict_attrs[126], /* Operator-Name */ + &nr_dict_attrs[75], /* Password-Retry */ + &nr_dict_attrs[143], /* PKM-Auth-Key */ + &nr_dict_attrs[138], /* PKM-CA-Cert */ + &nr_dict_attrs[139], /* PKM-Config-Settings */ + &nr_dict_attrs[140], /* PKM-Cryptosuite-List */ + &nr_dict_attrs[142], /* PKM-SA-Descriptor */ + &nr_dict_attrs[141], /* PKM-SAID */ + &nr_dict_attrs[137], /* PKM-SS-Cert */ + &nr_dict_attrs[62], /* Port-Limit */ + &nr_dict_attrs[76], /* Prompt */ + &nr_dict_attrs[33], /* Proxy-State */ + &nr_dict_attrs[18], /* Reply-Message */ + &nr_dict_attrs[132], /* Requested-Location-Info */ + &nr_dict_attrs[6], /* Service-Type */ + &nr_dict_attrs[27], /* Session-Timeout */ + &nr_dict_attrs[122], /* SIP-AOR */ + &nr_dict_attrs[24], /* State */ + &nr_dict_attrs[29], /* Termination-Action */ + &nr_dict_attrs[82], /* Tunnel-Assignment-Id */ + &nr_dict_attrs[90], /* Tunnel-Client-Auth-Id */ + &nr_dict_attrs[66], /* Tunnel-Client-Endpoint */ + &nr_dict_attrs[65], /* Tunnel-Medium-Type */ + &nr_dict_attrs[69], /* Tunnel-Password */ + &nr_dict_attrs[83], /* Tunnel-Preference */ + &nr_dict_attrs[81], /* Tunnel-Private-Group-Id */ + &nr_dict_attrs[91], /* Tunnel-Server-Auth-Id */ + &nr_dict_attrs[67], /* Tunnel-Server-Endpoint */ + &nr_dict_attrs[64], /* Tunnel-Type */ + &nr_dict_attrs[1], /* User-Name */ + &nr_dict_attrs[2], /* User-Password */ + &nr_dict_attrs[59], /* User-Priority-Table */ + &nr_dict_attrs[26], /* Vendor-Specific */ +}; + diff --git a/lib/radius/doc.txt b/lib/radius/doc.txt new file mode 100644 index 0000000..09a8415 --- /dev/null +++ b/lib/radius/doc.txt @@ -0,0 +1,41 @@ +/** + +\file doc.txt +\brief The main documentation. + +\mainpage The Network RADIUS Client Library + +This client library is intended for use in embedded systems. It is +small with a simple API, yet has more functionality than most +commercial or Open Source products. + +\section License + +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +\ref dictionaries.txt "Dictionaries and dictionary formats" + +*/ diff --git a/lib/radius/doxygen.conf b/lib/radius/doxygen.conf new file mode 100644 index 0000000..e310771 --- /dev/null +++ b/lib/radius/doxygen.conf @@ -0,0 +1,1417 @@ +# Doxyfile 1.5.6 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# http://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = networkclient + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, +# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = YES + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = YES + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = NO + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = NO + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = NO + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command , where is the value of +# the FILE_VERSION_FILTER tag, and is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = YES + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = . doc/ + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 + +FILE_PATTERNS = *.txt *.[ch] + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = NO + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = examples + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = *.[ch] + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command , where +# is the value of the INPUT_FILTER tag, and is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = YES + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = YES + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = NO + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = NO + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 4 + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to FRAME, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. Other possible values +# for this tag are: HIERARCHIES, which will generate the Groups, Directories, +# and Class Hiererachy pages using a tree view instead of an ordered list; +# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which +# disables this behavior completely. For backwards compatibility with previous +# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE +# respectively. + +GENERATE_TREEVIEW = YES + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = NO + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = YES + +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# containing the font. + +DOT_FONTNAME = FreeSans + +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot +# can find it using this tag. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = YES + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is enabled by default, which results in a transparent +# background. Warning: Depending on the platform used, enabling this option +# may lead to badly anti-aliased labels on the edges of a graph (i.e. they +# become hard to read). + +DOT_TRANSPARENT = YES + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/lib/radius/examples/Makefile b/lib/radius/examples/Makefile new file mode 100644 index 0000000..f39c343 --- /dev/null +++ b/lib/radius/examples/Makefile @@ -0,0 +1,54 @@ +# +# GNU Makefile +# +.PHONY: all clean install + +SRCS = example_1.c example_2.c example_3.c example_4.c + +OBJS := ${SRCS:.c=.o} +PROGRAMS := ${SRCS:.c=} + +all: ${PROGRAMS} + +HEADERS := ../client.h ../radius.h + +${OBJS}: ${HEADERS} + +$(info ${PROGRAMS} ${OBJS}) + +${PROGRAMS}: ../libnetworkradius-client.a + + +%.o : %.c + $(CC) $(CFLAGS) -I.. -I. -c $< + +%.o: ${HEADERS} + +LDFLAGS = -L.. -lnetworkradius-client -lcrypto -lssl +CFLAGS = -I.. + +../libnetworkradius-client.a: + @${MAKE} -C .. libnetworkradius-client.a + +radsample.o: radsample.c ${HEADERS} nr_vp_create.c nr_packet_send.c + +#radsample: radsample.o ../libnetworkradius-client.a +# ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +sample_chap.o: sample_chap.c ${HEADERS} + +sample_chap: sample_chap.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +radsample2.o: radsample2.c ${HEADERS} nr_vp_create.c + +radsample2: radsample2.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +radsample3.o: radsample3.c ${HEADERS} nr_transmit.c nr_server_t.c nr_vp_create.c + +radsample3: radsample3.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +clean: + @rm -rf *.o *.a *~ diff --git a/lib/radius/examples/example_1.c b/lib/radius/examples/example_1.c new file mode 100644 index 0000000..503d927 --- /dev/null +++ b/lib/radius/examples/example_1.c @@ -0,0 +1,86 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +/** \file example_1.c + * \brief Sample code to initialize a RADIUS packet. + * + * This example initializes a packet, and then adds User-Name and + * User-Password to it. The resulting packet is then printed to the + * standard output. + */ + +static const char *secret = "testing123"; +static uint8_t request_buffer[NR_MAX_PACKET_LEN]; +static uint8_t response_buffer[NR_MAX_PACKET_LEN]; +static RADIUS_PACKET request, response; + +int main(int argc, const char *argv[]) +{ + ssize_t rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_USER_PASSWORD, + password, 0); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_decode(&request, NULL); + if (rcode < 0) goto error; + + nr_vp_fprintf_list(stdout, request.vps); + nr_vp_free(&request.vps); + + return 0; +} diff --git a/lib/radius/examples/example_2.c b/lib/radius/examples/example_2.c new file mode 100644 index 0000000..1065c8e --- /dev/null +++ b/lib/radius/examples/example_2.c @@ -0,0 +1,86 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +/** \file example_2.c + * \brief Sample code to initialize a RADIUS packet. + * + * This example initializes a packet, and then adds User-Name and + * CHAP-Password to it. The resulting packet is then printed to the + * standard output. + */ + +static const char *secret = "testing123"; +static uint8_t request_buffer[NR_MAX_PACKET_LEN]; +static uint8_t response_buffer[NR_MAX_PACKET_LEN]; +static RADIUS_PACKET request, response; + +int main(int argc, const char *argv[]) +{ + int rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_CHAP_PASSWORD, + password, strlen(password)); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_decode(&request, NULL); + if (rcode < 0) goto error; + + nr_vp_fprintf_list(stdout, request.vps); + nr_vp_free(&request.vps); + + return 0; +} diff --git a/lib/radius/examples/example_3.c b/lib/radius/examples/example_3.c new file mode 100644 index 0000000..6104f6f --- /dev/null +++ b/lib/radius/examples/example_3.c @@ -0,0 +1,123 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +/** \file example_3.c + * \brief Sample code to initialize a RADIUS packet and a response to it. + * + * This example initializes a packet, and then adds User-Name and + * User-Password to it. The resulting packet is then printed to the + * standard output. + * + * As a next step, it then creates the response, and prints that, + * too. + */ + +static const char *secret = "testing123"; +static uint8_t request_buffer[NR_MAX_PACKET_LEN]; +static uint8_t response_buffer[NR_MAX_PACKET_LEN]; +static RADIUS_PACKET request, response; + +int main(int argc, const char *argv[]) +{ + int rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_USER_PASSWORD, + password, 0); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, + response_buffer, sizeof(response_buffer)); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&response, &request, + NR_DA_REPLY_MESSAGE, + "Success!", 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&response, &request, + NR_DA_TUNNEL_PASSWORD, + password, 0); + if (rcode < 0) goto error; + rcode = nr_packet_sign(&response, &request); + if (rcode < 0) goto error; + + nr_packet_print_hex(&response); + + /* + * Check that the response is well-formed. The + * nr_packet_verify() function also calls nr_packet_ok(). + * However, it is sometimes useful to separate "malformed + * packet" errors from "packet is not a response to a + * reqeust" errors. + */ + rcode = nr_packet_ok(&response); + if (rcode < 0) goto error; + + /* + * Double-check the signature of the response. + */ + rcode = nr_packet_verify(&response, &request); + if (rcode < 0) goto error; + + rcode = nr_packet_decode(&response, &request); + if (rcode < 0) goto error; + + nr_vp_fprintf_list(stdout, response.vps); + nr_vp_free(&response.vps); + + return 0; +} diff --git a/lib/radius/examples/example_4.c b/lib/radius/examples/example_4.c new file mode 100644 index 0000000..f93764c --- /dev/null +++ b/lib/radius/examples/example_4.c @@ -0,0 +1,94 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +/** \file example_4.c + * \brief Allocate and manage multiple packets. + */ + +static const char *secret = "testing123"; +static nr_server_t server; + +int main(int argc, const char *argv[]) +{ + int rcode; + const char *user = "bob"; + const char *password = "password"; + + rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, + request_buffer, sizeof(request_buffer)); + if (rcode < 0) { + error: + fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); + return 1; + } + + if (argc > 1) user = argv[1]; + if (argc > 2) password = argv[2]; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_USER_NAME, + user, 0); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&request, NULL, + NR_DA_USER_PASSWORD, + password, 0); + if (rcode < 0) goto error; + + /* + * ALWAYS call nr_packet_sign() before sending the packet + * to anyone else! + */ + rcode = nr_packet_sign(&request, NULL); + if (rcode < 0) goto error; + + nr_packet_print_hex(&request); + + rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, + response_buffer, sizeof(response_buffer)); + if (rcode < 0) goto error; + + rcode = nr_packet_attr_append(&response, &request, + NR_DA_REPLY_MESSAGE, + "Success!", 0); + if (rcode < 0) goto error; + + rcode = nr_packet_sign(&response, &request); + if (rcode < 0) goto error; + + nr_packet_print_hex(&response); + + /* + * Double-check the signature of the response. + */ + rcode = nr_packet_verify(&response, &request); + if (rcode < 0) goto error; + + return 0; +} diff --git a/lib/radius/examples/nr_vp_create.c b/lib/radius/examples/nr_vp_create.c new file mode 100644 index 0000000..bd04f17 --- /dev/null +++ b/lib/radius/examples/nr_vp_create.c @@ -0,0 +1,61 @@ +/* + * The person or persons who have associated work with this document + * (the "Dedicator" or "Certifier") hereby either (a) certifies that, + * to the best of his knowledge, the work of authorship identified is + * in the public domain of the country from which the work is + * published, or (b) hereby dedicates whatever copyright the + * dedicators holds in the work of authorship identified below (the + * "Work") to the public domain. A certifier, moreover, dedicates any + * copyright interest he may have in the associated work, and for + * these purposes, is described as a "dedicator" below. + * + * A certifier has taken reasonable steps to verify the copyright + * status of this work. Certifier recognizes that his good faith + * efforts may not shield him from liability if in fact the work + * certified is not in the public domain. + * + * Dedicator makes this dedication for the benefit of the public at + * large and to the detriment of the Dedicator's heirs and + * successors. Dedicator intends this dedication to be an overt act of + * relinquishment in perpetuity of all present and future rights under + * copyright law, whether vested or contingent, in the Work. Dedicator + * understands that such relinquishment of all rights includes the + * relinquishment of all rights to enforce (by lawsuit or otherwise) + * those copyrights in the Work. + * + * Dedicator recognizes that, once placed in the public domain, the + * Work may be freely reproduced, distributed, transmitted, used, + * modified, built upon, or otherwise exploited by anyone for any + * purpose, commercial or non-commercial, and in any way, including by + * methods that have not yet been invented or conceived. + */ + +static VALUE_PAIR *example_nr_vp_create(void) +{ + VALUE_PAIR *vp; + VALUE_PAIR *head = NULL; + + /* + * Create the request contents. + */ + vp = nr_vp_create(PW_USER_NAME, 0, "bob", 4); + if (!vp) { + fprintf(stderr, "User-Name: %s\n", nr_strerror(0)); + exit(1); + } + nr_vps_append(&head, vp); + + /* + * The User-Password attribute is automatically encrypted + * when being placed in the packet. This version stays + * untouched, and should be "plain text". + */ + vp = nr_vp_create(PW_USER_PASSWORD, 0, "hello", 6); + if (!vp) { + fprintf(stderr, "User-Password: %s\n", nr_strerror(0)); + exit(1); + } + nr_vps_append(&head, vp); + + return head; +} diff --git a/lib/radius/header.pl b/lib/radius/header.pl new file mode 100755 index 0000000..c366612 --- /dev/null +++ b/lib/radius/header.pl @@ -0,0 +1,68 @@ +#!/usr/bin/env perl +###################################################################### +# Copyright (c) 2011, Network RADIUS SARL +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +###################################################################### +# +# Converts dictionaries to C defines. Does not yet do "VALUE"s. +# +# $Id$ +# +require "common.pl"; + +while (@ARGV) { + $filename = shift; + do_file($filename); +} + + +print "/* Automatically generated file. Do not edit */\n\n"; + +foreach $v (sort keys %vendor) { + $name = $v; + $name =~ tr/a-z/A-Z/; # uppercase + $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ + + print "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; +} +print "\n"; + +$begin_vendor = -1; +foreach $attr_val (sort {$a <=> $b} keys %attributes) { + if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { + print "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; + $begin_vendor = $attributes{$attr_val}{'vendor'}; + } + + $name = $attributes{$attr_val}{'name'}; + $name =~ tr/a-z/A-Z/; + $name =~ tr/A-Z0-9/_/c; + + print "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; +} +print "\n\n"; + +print "/* Automatically generated file. Do not edit */\n"; + diff --git a/lib/radius/id.c b/lib/radius/id.c new file mode 100644 index 0000000..4fbe631 --- /dev/null +++ b/lib/radius/id.c @@ -0,0 +1,178 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +/** \file id.c + * \brief Handling of ID allocation / freeing + * + */ + +static int find_id(nr_server_t *s) +{ + int i; + uint32_t lvalue; + + if ((s->used < 0) || (s->used > 256)) return -NR_ERR_INTERNAL_FAILURE; + + /* + * Ensure that the ID allocation is random. + */ + lvalue = nr_rand(); + + for (i = 0; i < 256; i++) { + int offset = (i + lvalue) & 0xff; + + if (!s->ids[offset]) return offset; + } + + nr_strerror_printf("Out of IDs for server"); + return -1; +} + +int nr_server_id_alloc(nr_server_t *s, RADIUS_PACKET *packet) +{ + int new_id; + + if (!s || !packet) return -NR_ERR_INVALID_ARG; + + new_id = find_id(s); + if (new_id < 0) return -new_id; + + s->ids[new_id] = packet; + s->used++; + packet->sockfd = s->sockfd; + packet->code = s->code; + packet->src = s->src; + packet->dst = s->dst; + packet->id = new_id; + + return 0; +} + +int nr_server_id_free(nr_server_t *s, RADIUS_PACKET *packet) +{ + if (!s || !packet) return -NR_ERR_INVALID_ARG; + + if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { + return -NR_ERR_INVALID_ARG; + } + + if (s->ids[packet->id] != packet) return -NR_ERR_INTERNAL_FAILURE; + + s->ids[packet->id] = NULL; + s->used--; + packet->sockfd = -1; + + return 0; +} + +int nr_server_id_realloc(nr_server_t *s, RADIUS_PACKET *packet) +{ + int new_id; + + if (!s || !packet) return -NR_ERR_INVALID_ARG; + + if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { + return -NR_ERR_INVALID_ARG; + } + + if (s->ids[packet->id] != packet) return -NR_ERR_INTERNAL_FAILURE; + + new_id = find_id(s); + if (new_id < 0) return new_id; + + s->ids[packet->id] = NULL; + packet->id = new_id; + s->ids[packet->id] = packet; + + return 0; +} + + +int nr_server_init(nr_server_t *s, int code, const char *secret) +{ + if (!s || !secret || !*secret || + (code == 0) || (code > NR_MAX_PACKET_CODE)) { + return -NR_ERR_INVALID_ARG; + } + + memset(s, 0, sizeof(*s)); + + s->sockfd = -1; + s->code = code; + s->secret = secret; + s->sizeof_secret = strlen(secret); + s->src.ss_family = AF_UNSPEC; + s->dst.ss_family = AF_UNSPEC; + + return 0; +} + + +int nr_server_close(const nr_server_t *s) +{ + if (!s) return -NR_ERR_INVALID_ARG; + + if (s->used > 0) return -NR_ERR_IN_USE; + + if (s->sockfd >= 0) close(s->sockfd); + + return 0; +} + +int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p) +{ + int rcode; + RADIUS_PACKET *packet; + + if (!packet_p) return -NR_ERR_INVALID_ARG; + + packet = malloc(sizeof(*packet) + NR_MAX_PACKET_LEN); + if (!packet) return -NR_ERR_NO_MEM; + + memset(packet, 0, sizeof(*packet)); + + if (!s) { + packet->data = (uint8_t *)(packet + 1); + packet->sizeof_data = NR_MAX_PACKET_LEN; + + *packet_p = packet; + return 0; + } + + rcode = nr_packet_init(packet, NULL, s->secret, s->code, + (uint8_t *)(packet + 1), NR_MAX_PACKET_LEN); + if (rcode < 0) { + free(packet); + return rcode; + } + + *packet_p = packet; + return 0; +} diff --git a/lib/radius/packet.c b/lib/radius/packet.c new file mode 100644 index 0000000..77e3d14 --- /dev/null +++ b/lib/radius/packet.c @@ -0,0 +1,918 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file packet.c + * \brief Encoding and decoding packets + */ + +#include + +#if NR_MAX_PACKET_LEN < 64 +#error NR_MAX_PACKET_LEN is too small. It should be at least 64. +#endif + +#if NR_MAX_PACKET_LEN > 16384 +#error NR_MAX_PACKET_LEN is too large. It should be smaller than 16K. +#endif + +const char *nr_packet_codes[NR_MAX_PACKET_CODE + 1] = { + NULL, + "Access-Request", + "Access-Accept", + "Access-Reject", + "Accounting-Request", + "Accounting-Response", + NULL, NULL, NULL, NULL, NULL, + "Access-Challenge", + "Status-Server", /* 12 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 19 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 20..29 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 30..39 */ + "Disconnect-Request", + "Disconnect-ACK", + "Disconnect-NAK", + "CoA-Request", + "CoA-ACK", + "CoA-NAK" +}; + + +static uint64_t allowed_responses[NR_MAX_PACKET_CODE + 1] = { + 0, + (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE), + 0, 0, + 1 << PW_ACCOUNTING_RESPONSE, + 0, + 0, 0, 0, 0, 0, + 0, + (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE) | (1 << PW_ACCOUNTING_RESPONSE), + 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20..29 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30..39 */ + (((uint64_t) 1) << PW_DISCONNECT_ACK) | (((uint64_t) 1) << PW_DISCONNECT_NAK), + 0, + 0, + (((uint64_t) 1) << PW_COA_ACK) | (((uint64_t) 1) << PW_COA_NAK), + 0, + 0 +}; + + +int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) +{ + size_t packet_len; + const uint8_t *attr, *end; + + if (!data || (sizeof_data < 20)) { + nr_debug_error("Invalid argument"); + return -NR_ERR_INVALID_ARG; + } + + packet_len = (data[2] << 8) | data[3]; + if (packet_len < 20) { + nr_debug_error("Packet length is too small"); + return -NR_ERR_PACKET_TOO_SMALL; + } + + if (packet_len > sizeof_data) { + nr_debug_error("Packet length overflows received data"); + return -NR_ERR_PACKET_TOO_LARGE; + } + + /* + * If we receive 100 bytes, and the header says it's 20 bytes, + * then it's 20 bytes. + */ + end = data + packet_len; + + for (attr = data + 20; attr < end; attr += attr[1]) { + if ((attr + 2) > end) { + nr_debug_error("Attribute overflows packet"); + return -NR_ERR_ATTR_OVERFLOW; + } + + if (attr[1] < 2) { + nr_debug_error("Attribute length is too small"); + return -NR_ERR_ATTR_TOO_SMALL; + } + + if ((attr + attr[1]) > end) { + nr_debug_error("Attribute length is too large"); + return -NR_ERR_ATTR_TOO_LARGE; + } + } + + return 0; +} + +int nr_packet_ok(RADIUS_PACKET *packet) +{ + int rcode; + + if (!packet) return -NR_ERR_INVALID_ARG; + + if ((packet->flags & NR_PACKET_OK) != 0) return 0; + + rcode = nr_packet_ok_raw(packet->data, packet->length); + if (rcode < 0) return rcode; + + packet->flags |= NR_PACKET_OK; + return 0; +} + + +/* + * Comparison function that is time-independent. Using "memcmp" + * would satisfy the "comparison" part. However, it would also + * leak information about *which* bytes are wrong. Attackers + * could use that leak to create a "correct" RADIUS packet which + * will be accepted by the client and/or server. + */ +static int digest_cmp(const uint8_t *a, const uint8_t *b, size_t length) +{ + int result = 0; + size_t i; + + for (i = 0; i < length; i++) { + result |= (a[i] ^ b[i]); + } + + return result; +} + + +#ifdef PW_MESSAGE_AUTHENTICATOR +static int msg_auth_ok(const RADIUS_PACKET *original, + uint8_t *ma, + uint8_t *data, size_t length) +{ + uint8_t packet_vector[sizeof(original->vector)]; + uint8_t msg_auth_vector[sizeof(original->vector)]; + uint8_t calc_auth_vector[sizeof(original->vector)]; + + if (ma[1] != 18) { + nr_debug_error("Message-Authenticator has invalid length"); + return -NR_ERR_MSG_AUTH_LEN; + } + + memcpy(packet_vector, data + 4, sizeof(packet_vector)); + memcpy(msg_auth_vector, ma + 2, sizeof(msg_auth_vector)); + memset(ma + 2, 0, sizeof(msg_auth_vector)); + + switch (data[0]) { + default: + break; + + case PW_ACCOUNTING_REQUEST: + case PW_ACCOUNTING_RESPONSE: + case PW_DISCONNECT_REQUEST: + case PW_DISCONNECT_ACK: + case PW_DISCONNECT_NAK: + case PW_COA_REQUEST: + case PW_COA_ACK: + case PW_COA_NAK: + memset(data + 4, 0, sizeof(packet_vector)); + break; + + case PW_ACCESS_ACCEPT: + case PW_ACCESS_REJECT: + case PW_ACCESS_CHALLENGE: + if (!original) { + nr_debug_error("Cannot validate response without request"); + return -NR_ERR_REQUEST_REQUIRED; + } + memcpy(data + 4, original->vector, sizeof(original->vector)); + break; + } + + nr_hmac_md5(data, length, + (const uint8_t *) original->secret, original->sizeof_secret, + calc_auth_vector); + + memcpy(ma + 2, msg_auth_vector, sizeof(msg_auth_vector)); + memcpy(data + 4, packet_vector, sizeof(packet_vector)); + + if (digest_cmp(calc_auth_vector, msg_auth_vector, + sizeof(calc_auth_vector)) != 0) { + nr_debug_error("Invalid Message-Authenticator"); + return -NR_ERR_MSG_AUTH_WRONG; + } + + return 1; +} +#endif + +/* + * The caller ensures that the packet codes are as expected. + */ +static int packet_auth_ok(const RADIUS_PACKET *original, + uint8_t *data, size_t length) +{ + uint8_t packet_vector[sizeof(original->vector)]; + uint8_t calc_digest[sizeof(original->vector)]; + NR_MD5_CTX ctx; + + if ((data[0] == PW_ACCESS_REQUEST) || + (data[0] == PW_STATUS_SERVER)) return 1; + + memcpy(packet_vector, data + 4, sizeof(packet_vector)); + + if (!original) { + memset(data + 4, 0, sizeof(packet_vector)); + } else { + memcpy(data + 4, original->vector, sizeof(original->vector)); + } + + nr_MD5Init(&ctx); + nr_MD5Update(&ctx, data, length); + nr_MD5Update(&ctx, original->secret, original->sizeof_secret); + nr_MD5Final(calc_digest, &ctx); + + memcpy(data + 4, packet_vector, sizeof(packet_vector)); + + if (digest_cmp(calc_digest, packet_vector, + sizeof(packet_vector)) != 0) { + nr_debug_error("Invalid authentication vector"); + return -NR_ERR_AUTH_VECTOR_WRONG; + } + + return 0; +} + + +int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ + int rcode; + uint8_t *attr; +#ifdef PW_MESSAGE_AUTHENTICATOR + const uint8_t *end; +#endif + + if (!packet || !packet->data || !packet->secret) { + nr_debug_error("Invalid argument"); + return -NR_ERR_INVALID_ARG; + } + + if ((packet->flags & NR_PACKET_VERIFIED) != 0) return 0; + + /* + * Packet isn't well formed. Ignore it. + */ + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + /* + * Get rid of improper packets as early as possible. + */ + if (original) { + uint64_t mask; + + if (original->code > NR_MAX_PACKET_CODE) { + nr_debug_error("Invalid original code %u", + original->code); + return -NR_ERR_REQUEST_CODE_INVALID; + } + + if (packet->data[1] != original->id) { + nr_debug_error("Ignoring response with wrong ID %u", + packet->data[1]); + return -NR_ERR_RESPONSE_ID_INVALID; + } + + mask = 1; + mask <<= packet->data[0]; + + if ((allowed_responses[original->code] & mask) == 0) { + nr_debug_error("Ignoring response with wrong code %u", + packet->data[0]); + return -NR_ERR_RESPONSE_CODE_INVALID; + } + + if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && + (sockaddr_cmp(&(packet->src), &(original->dst)) != 0)) { + nr_debug_error("Ignoring response from wrong IP/port"); + return -NR_ERR_RESPONSE_SRC_INVALID; + } + + } else if (allowed_responses[packet->data[0]] != 0) { + nr_debug_error("Ignoring response without original"); + return -NR_ERR_RESPONSE_CODE_INVALID; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + end = packet->data + packet->length; + + /* + * Note that the packet MUST be well-formed here. + */ + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { + rcode = msg_auth_ok(original, attr, + packet->data, packet->length); + if (rcode < 0) return rcode; + } + } +#endif + + /* + * Verify the packet authenticator. + */ + rcode = packet_auth_ok(original, packet->data, packet->length); + if (rcode < 0) return rcode; + + packet->flags |= NR_PACKET_VERIFIED; + + return 0; +} + + +int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ + int rcode, num_attributes; + uint8_t *data, *attr; + const uint8_t *end; + VALUE_PAIR **tail, *vp; + + if (!packet) return -NR_ERR_INVALID_ARG; + + if ((packet->flags & NR_PACKET_DECODED) != 0) return 0; + + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + data = packet->data; + end = data + packet->length; + tail = &packet->vps; + num_attributes = 0; + + /* + * Loop over the packet, converting attrs to VPs. + */ + for (attr = data + 20; attr < end; attr += attr[1]) { + rcode = nr_attr2vp(packet, original, + attr, end - attr, &vp); + if (rcode < 0) { + nr_vp_free(&packet->vps); + return -rcode; + } + + *tail = vp; + while (vp) { + num_attributes++; + tail = &(vp->next); + vp = vp->next; + } + + if (num_attributes > NR_MAX_ATTRIBUTES) { + nr_debug_error("Too many attributes"); + nr_vp_free(&packet->vps); + return -NR_ERR_TOO_MANY_ATTRS; + } + } + + packet->code = data[0]; + packet->id = data[1]; + memcpy(packet->vector, data + 4, sizeof(packet->vector)); + + packet->flags |= NR_PACKET_DECODED; + + return 0; +} + + +int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ +#ifdef PW_MESSAGE_AUTHENTICATOR + size_t ma = 0; + const uint8_t *attr, *end; +#endif + + if ((packet->flags & NR_PACKET_SIGNED) != 0) return 0; + + if ((packet->flags & NR_PACKET_ENCODED) == 0) { + int rcode; + + rcode = nr_packet_encode(packet, original); + if (rcode < 0) return rcode; + } + + if ((packet->code == PW_ACCESS_ACCEPT) || + (packet->code == PW_ACCESS_CHALLENGE) || + (packet->code == PW_ACCESS_REJECT)) { +#ifdef PW_MESSAGE_AUTHENTICATOR + if (!original) { + nr_debug_error("Original packet is required to create the Message-Authenticator"); + return -NR_ERR_REQUEST_REQUIRED; + } +#endif + + memcpy(packet->data + 4, original->vector, + sizeof(original->vector)); + } else { + memcpy(packet->data + 4, packet->vector, + sizeof(packet->vector)); + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + end = packet->data + packet->length; + + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { + ma = (attr - packet->data); + break; + } + } + + /* + * Force all Access-Request packets to have a + * Message-Authenticator. + */ + if (!ma && ((packet->length + 18) <= packet->sizeof_data) && + ((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER))) { + ma = packet->length; + + packet->data[ma]= PW_MESSAGE_AUTHENTICATOR; + packet->data[ma + 1] = 18; + memset(&packet->data[ma + 2], 0, 16); + packet->length += 18; + } + + /* + * Reset the length. + */ + packet->data[2] = (packet->length >> 8) & 0xff; + packet->data[3] = packet->length & 0xff; + + /* + * Sign the Message-Authenticator && packet. + */ + if (ma) { + nr_hmac_md5(packet->data, packet->length, + (const uint8_t *) packet->secret, packet->sizeof_secret, + packet->data + ma + 2); + } +#endif + + /* + * Calculate the signature. + */ + if (!((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER))) { + NR_MD5_CTX ctx; + + nr_MD5Init(&ctx); + nr_MD5Update(&ctx, packet->data, packet->length); + nr_MD5Update(&ctx, packet->secret, packet->sizeof_secret); + nr_MD5Final(packet->vector, &ctx); + } + + memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); + + packet->attempts = 0; + packet->flags |= NR_PACKET_SIGNED; + + return 0; +} + + +static int can_encode_packet(RADIUS_PACKET *packet, + const RADIUS_PACKET *original) +{ + if ((packet->code == 0) || + (packet->code > NR_MAX_PACKET_CODE) || + (original && (original->code > NR_MAX_PACKET_CODE))) { + nr_debug_error("Cannot send unknown packet code"); + return -NR_ERR_REQUEST_CODE_INVALID; + } + + if (!nr_packet_codes[packet->code]) { + nr_debug_error("Cannot handle packet code %u", + packet->code); + return -NR_ERR_REQUEST_CODE_INVALID; + } + +#ifdef NR_NO_MALLOC + if (!packet->data) { + nr_debug_error("No place to put packet"); + return -NR_ERR_NO_PACKET_DATA; + } +#endif + + if (packet->sizeof_data < 20) { + nr_debug_error("The buffer is too small to encode the packet"); + return -NR_ERR_PACKET_TOO_SMALL; + } + + /* + * Enforce request / response correlation. + */ + if (original) { + uint64_t mask; + + mask = 1; + mask <<= packet->code; + + if ((allowed_responses[original->code] & mask) == 0) { + nr_debug_error("Cannot encode response %u to packet %u", + packet->code, original->code); + return -NR_ERR_RESPONSE_CODE_INVALID; + } + packet->id = original->id; + + } else if (allowed_responses[packet->code] == 0) { + nr_debug_error("Cannot encode response %u without original", + packet->code); + return -NR_ERR_REQUEST_REQUIRED; + } + + return 0; +} + +static void encode_header(RADIUS_PACKET *packet) +{ + if ((packet->flags & NR_PACKET_HEADER) != 0) return; + + memset(packet->data, 0, 20); + packet->data[0] = packet->code; + packet->data[1] = packet->id; + packet->data[2] = 0; + packet->data[3] = 20; + packet->length = 20; + + /* + * Calculate a random authentication vector. + */ + if ((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER)) { + nr_rand_bytes(packet->vector, sizeof(packet->vector)); + } else { + memset(packet->vector, 0, sizeof(packet->vector)); + } + + memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); + + packet->flags |= NR_PACKET_HEADER; +} + +int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ +#ifdef PW_MESSAGE_AUTHENTICATOR + size_t ma = 0; +#endif + int rcode; + ssize_t len; + const VALUE_PAIR *vp; + uint8_t *data, *end; + + if ((packet->flags & NR_PACKET_ENCODED) != 0) return 0; + + rcode = can_encode_packet(packet, original); + if (rcode < 0) return rcode; + + data = packet->data; + end = data + packet->sizeof_data; + + encode_header(packet); + data += 20; + + /* + * Encode each VALUE_PAIR + */ + vp = packet->vps; + while (vp) { +#ifdef PW_MESSAGE_AUTHENTICATOR + if (vp->da->attr == PW_MESSAGE_AUTHENTICATOR) { + ma = (data - packet->data); + } +#endif + len = nr_vp2attr(packet, original, &vp, + data, end - data); + if (len < 0) return len; + + if (len == 0) break; /* insufficient room to encode it */ + + data += data[1]; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + /* + * Always send a Message-Authenticator. + * + * We do *not* recommend removing this code. + */ + if (((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER)) && + !ma && + ((data + 18) <= end)) { + ma = (data - packet->data); + data[0] = PW_MESSAGE_AUTHENTICATOR; + data[1] = 18; + memset(data + 2, 0, 16); + data += data[1]; + } +#endif + + packet->length = data - packet->data; + + packet->data[2] = (packet->length >> 8) & 0xff; + packet->data[3] = packet->length & 0xff; + + packet->flags |= NR_PACKET_ENCODED; + + return packet->length; +} + + +/* + * Ensure that the nr_data2attr_t structure is filled in + * appropriately. This includes filling in a fake DICT_ATTR + * structure, if necessary. + */ +static int do_callback(void *ctx, nr_packet_walk_func_t callback, + int attr, int vendor, + const uint8_t *data, size_t sizeof_data) + +{ + int rcode; + const DICT_ATTR *da; + DICT_ATTR myda; + char buffer[64]; + + da = nr_dict_attr_byvalue(attr, vendor); + + /* + * The attribute is supposed to have a particular length, + * but does not. It is therefore malformed. + */ + if (da && (da->flags.length != 0) && + da->flags.length != sizeof_data) { + da = NULL; + } + + if (!da) { + rcode = nr_dict_attr_2struct(&myda, attr, vendor, + buffer, sizeof(buffer)); + + if (rcode < 0) return rcode; + da = &myda; + } + + rcode = callback(ctx, da, data, sizeof_data); + if (rcode < 0) return rcode; + + return 0; +} + + +int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, + nr_packet_walk_func_t callback) +{ + int rcode; + uint8_t *attr; + const uint8_t *end; + + if (!packet || !callback) return -NR_ERR_INVALID_ARG; + + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + end = packet->data + packet->length; + + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + int length, value; + int dv_type, dv_length; + uint32_t vendorpec; + const uint8_t *vsa; + const DICT_VENDOR *dv = NULL; + + vendorpec = 0; + value = attr[0]; + + if (value != PW_VENDOR_SPECIFIC) { + raw: + rcode = do_callback(ctx, callback, + attr[0], 0, + attr + 2, attr[1] - 2); + if (rcode < 0) return rcode; + continue; + } + + if (attr[1] < 6) goto raw; + memcpy(&vendorpec, attr + 2, 4); + vendorpec = ntohl(vendorpec); + + if (dv && (dv->vendor != vendorpec)) dv = NULL; + + if (!dv) dv = nr_dict_vendor_byvalue(vendorpec); + + if (dv) { + dv_type = dv->type; + dv_length = dv->length; + } else { + dv_type = 1; + dv_length = 1; + } + + /* + * Malformed: it's a raw attribute. + */ + if (nr_tlv_ok(attr + 6, attr[1] - 6, dv_type, dv_length) < 0) { + goto raw; + } + + for (vsa = attr + 6; vsa < attr + attr[1]; vsa += length) { + switch (dv_type) { + case 4: + value = (vsa[2] << 8) | vsa[3]; + break; + + case 2: + value = (vsa[0] << 8) | vsa[1]; + break; + + case 1: + value = vsa[0]; + break; + + default: + return -NR_ERR_INTERNAL_FAILURE; + } + + switch (dv_length) { + case 0: + length = attr[1] - 6 - dv_type; + break; + + case 2: + case 1: + length = vsa[dv_type + dv_length - 1]; + break; + + default: + return -NR_ERR_INTERNAL_FAILURE; + } + + rcode = do_callback(ctx, callback, + value, vendorpec, + vsa + dv_type + dv_length, + length - dv_type - dv_length); + if (rcode < 0) return rcode; + } + } + + return 0; +} + +int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const char *secret, int code, + void *data, size_t sizeof_data) +{ + int rcode; + + if ((code < 0) || (code > NR_MAX_PACKET_CODE)) { + return -NR_ERR_REQUEST_CODE_INVALID; + } + + if (!data || (sizeof_data < 20)) return -NR_ERR_INVALID_ARG; + + if (!secret || !*secret) return -NR_ERR_INVALID_ARG; + + memset(packet, 0, sizeof(*packet)); + packet->secret = secret; + packet->sizeof_secret = strlen(secret); + packet->code = code; + packet->id = 0; + packet->data = data; + packet->sizeof_data = sizeof_data; + + rcode = can_encode_packet(packet, original); + if (rcode < 0) return rcode; + + encode_header(packet); + + return 0; +} + + +static int pack_eap(RADIUS_PACKET *packet, + const void *data, size_t data_len) +{ + uint8_t *attr, *end; + const uint8_t *eap; + size_t left; + + eap = data; + left = data_len; + attr = packet->data + packet->length; + end = attr + packet->sizeof_data; + + while (left > 253) { + if ((attr + 255) > end) return -NR_ERR_ATTR_OVERFLOW; + + attr[0] = PW_EAP_MESSAGE; + attr[1] = 255; + memcpy(attr + 2, eap, 253); + attr += attr[1]; + eap += 253; + left -= 253; + } + + if ((attr + (2 + left)) > end) return -NR_ERR_ATTR_OVERFLOW; + + attr[0] = PW_EAP_MESSAGE; + attr[1] = 2 + left; + memcpy(attr + 2, eap, left); + attr += attr[1]; + packet->length = attr - packet->data; + + return 0; +} + +ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const DICT_ATTR *da, + const void *data, size_t data_len) +{ + ssize_t rcode; + uint8_t *attr, *end; + VALUE_PAIR my_vp; + const VALUE_PAIR *vp; + + if (!packet || !da || !data) { + return -NR_ERR_INVALID_ARG; + } + + if (data_len == 0) { + if (da->type != NR_TYPE_STRING) return -NR_ERR_ATTR_TOO_SMALL; + + data_len = strlen(data); + } + + packet->flags |= NR_PACKET_ENCODED; /* ignore any VPs */ + + attr = packet->data + packet->length; + end = attr + packet->sizeof_data; + + if ((attr + 2 + data_len) > end) { + return -NR_ERR_ATTR_OVERFLOW; + } + + if ((da->flags.length != 0) && + (data_len != da->flags.length)) { + return -NR_ERR_ATTR_VALUE_MALFORMED; + } + +#ifdef PW_EAP_MESSAGE + /* + * automatically split EAP-Message into multiple + * attributes. + */ + if (!da->vendor && (da->attr == PW_EAP_MESSAGE) && (data_len > 253)) { + return pack_eap(packet, data, data_len); + } +#endif + + if (data_len > 253) return -NR_ERR_ATTR_TOO_LARGE; + + vp = nr_vp_init(&my_vp, da); + rcode = nr_vp_set_data(&my_vp, data, data_len); + if (rcode < 0) return rcode; + + /* + * Note that this function packs VSAs each into their own + * Vendor-Specific attribute. If this isn't what you + * want, use the version of the library with full support + * for TLVs, WiMAX, and extended attributes. + */ + rcode = nr_vp2attr(packet, original, &vp, attr, end - attr); + if (rcode <= 0) return rcode; + + packet->length += rcode; + + return rcode; +} diff --git a/lib/radius/parse.c b/lib/radius/parse.c new file mode 100644 index 0000000..6b593a8 --- /dev/null +++ b/lib/radius/parse.c @@ -0,0 +1,142 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file parse.c + * \brief Routines to parse strings into internal data structures + */ + +#include +#include + +ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) +{ + char *end; + + switch (vp->da->type) { + case NR_TYPE_STRING: + strlcpy(vp->vp_strvalue, value, sizeof(vp->vp_strvalue)); + vp->length = strlen(vp->vp_strvalue); + return vp->length; + + case NR_TYPE_DATE: + case NR_TYPE_INTEGER: + vp->vp_integer = strtoul(value, &end, 10); + if ((value == end) || (*end != '\0')) { + nr_debug_error("Invalid value"); + return -NR_ERR_ATTR_VALUE_MALFORMED; + } + return (end - value); + + case NR_TYPE_IPADDR: + if (inet_pton(AF_INET, value, &vp->vp_ipaddr) < 0) { + return -NR_ERR_SYSTEM; + } + return strlen(value); + +#ifdef NR_TYPE_IPV6ADDR + case NR_TYPE_IPV6ADDR: + if (inet_pton(AF_INET6, value, &vp-vp>ipv6addr) < 0) { + return -NR_ERR_SYSTEM; + } + return strlen(value); +#endif + +#ifdef NR_TYPE_IFID + case NR_TYPE_IFID: + { + int i, array[8]; + + if (sscanf(value, "%02x%02x%02x%02x%02x%02x%02x%02x", + &array[0], &array[1], &array[2], &array[3], + &array[4], &array[5], &array[6], &array[7]) != 8) { + return -NR_ERR_SYSTEM; + } + + for (i = 0; i < 8; i++) vp->vp_ifid[i] = array[i] & 0xff; + + } + break; +#endif + + default: + nr_debug_error("Invalid type"); + return -NR_ERR_ATTR_TYPE_UNKNOWN; + } + + return 0; +} + +int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp) +{ + int rcode; + const char *p; + char *q; + const DICT_ATTR *da; + VALUE_PAIR *vp; + char buffer[256]; + + if (!string || !pvp) return -NR_ERR_INVALID_ARG; + + p = string; + q = buffer; + while (*p && (*p != ' ') && (*p != '=')) { + *(q++) = *(p++); + } + *q = '\0'; + + if (q == buffer) { + nr_debug_error("No Attribute name"); + return -NR_ERR_ATTR_BAD_NAME; + } + + da = nr_dict_attr_byname(buffer); + if (!da) { + nr_debug_error("Unknown attribute \"%s\"", buffer); + return -NR_ERR_ATTR_UNKNOWN; + } + + while (*p == ' ') p++; + if (*p != '=') { + nr_debug_error("Unexpected text after attribute name"); + return -NR_ERR_ATTR_BAD_NAME; + } + + p++; + while (*p == ' ') p++; + + vp = nr_vp_alloc(da); + if (!vp) return -NR_ERR_NO_MEM; + + rcode = nr_vp_sscanf_value(vp, p); + if (rcode < 0) { + nr_vp_free(&vp); + return rcode; + } + + *pvp = vp; + return 0; +} diff --git a/lib/radius/print.c b/lib/radius/print.c new file mode 100644 index 0000000..abe4255 --- /dev/null +++ b/lib/radius/print.c @@ -0,0 +1,265 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file print.c + * \brief Functions to print things. + */ + +#include +#include +#ifdef NR_TYPE_IPV6ADDR +#include +#endif + +#ifndef NDEBUG +void nr_packet_print_hex(RADIUS_PACKET *packet) +{ + int i; + + if (!packet->data) return; + + printf(" Code:\t\t%u\n", packet->data[0]); + printf(" Id:\t\t%u\n", packet->data[1]); + printf(" Length:\t%u\n", ((packet->data[2] << 8) | + (packet->data[3]))); + printf(" Vector:\t"); + for (i = 4; i < 20; i++) { + printf("%02x", packet->data[i]); + } + printf("\n"); + if ((packet->flags & NR_PACKET_SIGNED) == 0) printf("\t\tWARNING: nr_packet_sign() was not called!\n"); + + if (packet->length > 20) { + int total; + const uint8_t *ptr; + printf(" Data:"); + + total = packet->length - 20; + ptr = packet->data + 20; + + while (total > 0) { + int attrlen; + + printf("\t\t"); + if (total < 2) { /* too short */ + printf("%02x\n", *ptr); + break; + } + + if (ptr[1] > total) { /* too long */ + for (i = 0; i < total; i++) { + printf("%02x ", ptr[i]); + } + break; + } + + printf("%02x %02x ", ptr[0], ptr[1]); + attrlen = ptr[1] - 2; + ptr += 2; + total -= 2; + + for (i = 0; i < attrlen; i++) { + if ((i > 0) && ((i & 0x0f) == 0x00)) + printf("\t\t\t"); + printf("%02x ", ptr[i]); + if ((i & 0x0f) == 0x0f) printf("\n"); + } + + if (!attrlen || ((attrlen & 0x0f) != 0x00)) printf("\n"); + + ptr += attrlen; + total -= attrlen; + } + } + printf("\n"); + fflush(stdout); +} +#endif + +size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) +{ + size_t i, len; + char *p = buffer; + + switch (vp->da->type) { + case NR_TYPE_STRING: + /* + * FIXME: escape backslash && quotes! + */ + len = snprintf(p, buflen, "\"%s\"", vp->vp_strvalue); + break; + + case NR_TYPE_DATE: + case NR_TYPE_INTEGER: + case NR_TYPE_SHORT: + case NR_TYPE_BYTE: + len = snprintf(p, buflen, "%u", vp->vp_integer); + break; + + case NR_TYPE_IPADDR: + len = snprintf(p, buflen, "%u.%u.%u.%u", + (vp->vp_ipaddr >> 24) & 0xff, + (vp->vp_ipaddr >> 16) & 0xff, + (vp->vp_ipaddr >> 8) & 0xff, + vp->vp_ipaddr & 0xff); + break; + +#ifdef NR_TYPE_IPV6ADDR + case NR_TYPE_IPV6ADDR: + if (!inet_ntop(AF_INET6, &vp->vp_ipv6addr, buffer, buflen)) { + return -NR_ERR_SYSTEM; + } + break; +#endif + +#ifdef NR_TYPE_IFID + case NR_TYPE_IFID: + len = snprintf(p, buflen, "%02x%02x%02x%02x%02x%02x%02x%02x", + vp->vp_ifid[0], vp->vp_ifid[1], + vp->vp_ifid[2], vp->vp_ifid[3], + vp->vp_ifid[4], vp->vp_ifid[5], + vp->vp_ifid[6], vp->vp_ifid[7]); + break; +#endif + + case NR_TYPE_OCTETS: + len = snprintf(p, buflen, "0x"); + if (len >= buflen) return 0; + + p += len; + buflen -= len; + + for (i = 0; i < vp->length; i++) { + len = snprintf(p, buflen, "%02x", vp->vp_octets[i]); + if (len >= buflen) return 0; + + p += len; + buflen -= len; + } + len = 0; + break; + + default: + break; + } + + if (len >= buflen) return 0; + + p += len; + buflen -= len; + + return p - buffer; +} + +size_t nr_vp_snprintf(char *buffer, size_t buflen, const VALUE_PAIR *vp) +{ + size_t len; + char *p = buffer; + + len = snprintf(p, buflen, "%s = ", vp->da->name); + if (len >= buflen) return 0; + + p += len; + buflen -= len; + + len = nr_vp_snprintf_value(p, buflen, vp); + if (len == 0) return 0; + + if (len >= buflen) return 0; + + p += len; + + return p - buffer; +} + +#ifndef NDEBUG +void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps) +{ + const VALUE_PAIR *vp; + char buffer[1024]; + + for (vp = vps; vp != NULL; vp = vp->next) { + nr_vp_snprintf(buffer, sizeof(buffer), vp); + fprintf(fp, "\t%s\n", buffer); + } +} +#endif + +/** \cond PRIVATE */ +#define NR_STRERROR_BUFSIZE (1024) +static char nr_strerror_buffer[NR_STRERROR_BUFSIZE]; + +void nr_strerror_printf(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vsnprintf(nr_strerror_buffer, sizeof(nr_strerror_buffer), fmt, ap); + va_end(ap); + + fprintf(stderr, "ERROR: %s\n", nr_strerror_buffer); +} +/** \endcond */ + +const char *nr_strerror(int error) +{ + if (error == 0) return nr_strerror_buffer; + + if (error < 0) error = -error; + + switch (error) { + default: return "Unknown error"; + case NR_ERR_SYSTEM: return strerror(errno); + + case NR_ERR_INVALID_ARG: return "Invalid argument"; + case NR_ERR_PACKET_TOO_SMALL: return "Packet is too small"; + case NR_ERR_PACKET_TOO_LARGE: return "Packet is too large"; + case NR_ERR_ATTR_OVERFLOW: return "Attribute overflows packet"; + case NR_ERR_ATTR_TOO_SMALL: return "Attribute is too small"; + case NR_ERR_ATTR_TOO_LARGE: return "Attribute is too large"; + case NR_ERR_ATTR_UNKNOWN: return "Unknown attribute"; + case NR_ERR_ATTR_BAD_NAME: return "Invalid name for attribute"; + case NR_ERR_ATTR_VALUE_MALFORMED: return "Invalid value for attribute"; + case NR_ERR_ATTR_INVALID: return "Invalid attribute"; + case NR_ERR_TOO_MANY_ATTRS: return "Too many attributes in the packet"; + case NR_ERR_ATTR_TYPE_UNKNOWN: return "Attribute type unknown"; + case NR_ERR_MSG_AUTH_LEN: return "Invalid Message-Authenticator"; + case NR_ERR_MSG_AUTH_WRONG: return "Incorrect Message-Authenticator"; + case NR_ERR_REQUEST_REQUIRED: return "Request is required"; + case NR_ERR_REQUEST_CODE_INVALID: return "Invalid request code"; + case NR_ERR_AUTH_VECTOR_WRONG: return "Incorrect Request Authenticator"; + case NR_ERR_RESPONSE_CODE_INVALID: return "Response code is unsupported"; + case NR_ERR_RESPONSE_ID_INVALID: return "Response ID is invalid"; + case NR_ERR_RESPONSE_SRC_INVALID: return "Response from the wrong src ip/port"; + case NR_ERR_NO_PACKET_DATA: return "Cannot encode the packet"; + case NR_ERR_VENDOR_UNKNOWN: return "Vendor is unknown"; + case NR_ERR_INTERNAL_FAILURE: return "Internal failure"; + case NR_ERR_UNSUPPORTED: return "Unsupported feature"; + case NR_ERR_NO_MEM: return "Out of memory"; + case NR_ERR_IN_USE: return "Resource is in use"; + + } +} diff --git a/lib/radius/radius.h b/lib/radius/radius.h new file mode 100644 index 0000000..cfc16b7 --- /dev/null +++ b/lib/radius/radius.h @@ -0,0 +1,314 @@ +/* Automatically generated file. Do not edit */ + +#define VENDORPEC_MICROSOFT 311 +#define VENDORPEC_EXAMPLE 65535 + + +/* IETF */ +#define PW_USER_NAME 1 +#define PW_USER_PASSWORD 2 +#define PW_CHAP_PASSWORD 3 +#define PW_NAS_IP_ADDRESS 4 +#define PW_NAS_PORT 5 +#define PW_SERVICE_TYPE 6 +#define PW_FRAMED_PROTOCOL 7 +#define PW_FRAMED_IP_ADDRESS 8 +#define PW_FRAMED_IP_NETMASK 9 +#define PW_FRAMED_ROUTING 10 +#define PW_FILTER_ID 11 +#define PW_FRAMED_MTU 12 +#define PW_FRAMED_COMPRESSION 13 +#define PW_LOGIN_IP_HOST 14 +#define PW_LOGIN_SERVICE 15 +#define PW_LOGIN_TCP_PORT 16 +#define PW_REPLY_MESSAGE 18 +#define PW_CALLBACK_NUMBER 19 +#define PW_CALLBACK_ID 20 +#define PW_FRAMED_ROUTE 22 +#define PW_FRAMED_IPX_NETWORK 23 +#define PW_STATE 24 +#define PW_CLASS 25 +#define PW_VENDOR_SPECIFIC 26 +#define PW_SESSION_TIMEOUT 27 +#define PW_IDLE_TIMEOUT 28 +#define PW_TERMINATION_ACTION 29 +#define PW_CALLED_STATION_ID 30 +#define PW_CALLING_STATION_ID 31 +#define PW_NAS_IDENTIFIER 32 +#define PW_PROXY_STATE 33 +#define PW_LOGIN_LAT_SERVICE 34 +#define PW_LOGIN_LAT_NODE 35 +#define PW_LOGIN_LAT_GROUP 36 +#define PW_FRAMED_APPLETALK_LINK 37 +#define PW_FRAMED_APPLETALK_NETWORK 38 +#define PW_FRAMED_APPLETALK_ZONE 39 +#define PW_ACCT_STATUS_TYPE 40 +#define PW_ACCT_DELAY_TIME 41 +#define PW_ACCT_INPUT_OCTETS 42 +#define PW_ACCT_OUTPUT_OCTETS 43 +#define PW_ACCT_SESSION_ID 44 +#define PW_ACCT_AUTHENTIC 45 +#define PW_ACCT_SESSION_TIME 46 +#define PW_ACCT_INPUT_PACKETS 47 +#define PW_ACCT_OUTPUT_PACKETS 48 +#define PW_ACCT_TERMINATE_CAUSE 49 +#define PW_ACCT_MULTI_SESSION_ID 50 +#define PW_ACCT_LINK_COUNT 51 +#define PW_ACCT_INPUT_GIGAWORDS 52 +#define PW_ACCT_OUTPUT_GIGAWORDS 53 +#define PW_EVENT_TIMESTAMP 55 +#define PW_EGRESS_VLANID 56 +#define PW_INGRESS_FILTERS 57 +#define PW_EGRESS_VLAN_NAME 58 +#define PW_USER_PRIORITY_TABLE 59 +#define PW_CHAP_CHALLENGE 60 +#define PW_NAS_PORT_TYPE 61 +#define PW_PORT_LIMIT 62 +#define PW_LOGIN_LAT_PORT 63 +#define PW_TUNNEL_TYPE 64 +#define PW_TUNNEL_MEDIUM_TYPE 65 +#define PW_TUNNEL_CLIENT_ENDPOINT 66 +#define PW_TUNNEL_SERVER_ENDPOINT 67 +#define PW_ACCT_TUNNEL_CONNECTION 68 +#define PW_TUNNEL_PASSWORD 69 +#define PW_ARAP_PASSWORD 70 +#define PW_ARAP_FEATURES 71 +#define PW_ARAP_ZONE_ACCESS 72 +#define PW_ARAP_SECURITY 73 +#define PW_ARAP_SECURITY_DATA 74 +#define PW_PASSWORD_RETRY 75 +#define PW_PROMPT 76 +#define PW_CONNECT_INFO 77 +#define PW_CONFIGURATION_TOKEN 78 +#define PW_EAP_MESSAGE 79 +#define PW_MESSAGE_AUTHENTICATOR 80 +#define PW_TUNNEL_PRIVATE_GROUP_ID 81 +#define PW_TUNNEL_ASSIGNMENT_ID 82 +#define PW_TUNNEL_PREFERENCE 83 +#define PW_ARAP_CHALLENGE_RESPONSE 84 +#define PW_ACCT_INTERIM_INTERVAL 85 +#define PW_ACCT_TUNNEL_PACKETS_LOST 86 +#define PW_NAS_PORT_ID 87 +#define PW_FRAMED_POOL 88 +#define PW_CHARGEABLE_USER_IDENTITY 89 +#define PW_TUNNEL_CLIENT_AUTH_ID 90 +#define PW_TUNNEL_SERVER_AUTH_ID 91 +#define PW_NAS_FILTER_RULE 92 +#define PW_NAS_IPV6_ADDRESS 95 +#define PW_FRAMED_INTERFACE_ID 96 +#define PW_FRAMED_IPV6_PREFIX 97 +#define PW_LOGIN_IPV6_HOST 98 +#define PW_FRAMED_IPV6_ROUTE 99 +#define PW_FRAMED_IPV6_POOL 100 +#define PW_ERROR_CAUSE 101 +#define PW_EAP_KEY_NAME 102 +#define PW_DIGEST_RESPONSE 103 +#define PW_DIGEST_REALM 104 +#define PW_DIGEST_NONCE 105 +#define PW_DIGEST_RESPONSE_AUTH 106 +#define PW_DIGEST_NEXTNONCE 107 +#define PW_DIGEST_METHOD 108 +#define PW_DIGEST_URI 109 +#define PW_DIGEST_QOP 110 +#define PW_DIGEST_ALGORITHM 111 +#define PW_DIGEST_ENTITY_BODY_HASH 112 +#define PW_DIGEST_CNONCE 113 +#define PW_DIGEST_NONCE_COUNT 114 +#define PW_DIGEST_USERNAME 115 +#define PW_DIGEST_OPAQUE 116 +#define PW_DIGEST_AUTH_PARAM 117 +#define PW_DIGEST_AKA_AUTS 118 +#define PW_DIGEST_DOMAIN 119 +#define PW_DIGEST_STALE 120 +#define PW_DIGEST_HA1 121 +#define PW_SIP_AOR 122 +#define PW_DELEGATED_IPV6_PREFIX 123 +#define PW_OPERATOR_NAME 126 +#define PW_LOCATION_INFORMATION 127 +#define PW_LOCATION_DATA 128 +#define PW_BASIC_LOCATION_POLICY_RULES 129 +#define PW_EXTENDED_LOCATION_POLICY_RULES 130 +#define PW_LOCATION_CAPABLE 131 +#define PW_REQUESTED_LOCATION_INFO 132 +#define PW_FRAMED_MANAGEMENT 133 +#define PW_MANAGEMENT_TRANSPORT_PROTECTION 134 +#define PW_MANAGEMENT_POLICY_ID 135 +#define PW_MANAGEMENT_PRIVILEGE_LEVEL 136 +#define PW_PKM_SS_CERT 137 +#define PW_PKM_CA_CERT 138 +#define PW_PKM_CONFIG_SETTINGS 139 +#define PW_PKM_CRYPTOSUITE_LIST 140 +#define PW_PKM_SAID 141 +#define PW_PKM_SA_DESCRIPTOR 142 +#define PW_PKM_AUTH_KEY 143 + +/* Microsoft */ +#define PW_MS_CHAP_RESPONSE 1 +#define PW_MS_CHAP_ERROR 2 +#define PW_MS_MPPE_ENCRYPTION_POLICY 7 +#define PW_MS_MPPE_ENCRYPTION_TYPES 8 +#define PW_MS_CHAP_DOMAIN 10 +#define PW_MS_CHAP_CHALLENGE 11 +#define PW_MS_CHAP_MPPE_KEYS 12 +#define PW_MS_MPPE_SEND_KEY 16 +#define PW_MS_MPPE_RECV_KEY 17 +#define PW_MS_CHAP2_RESPONSE 25 +#define PW_MS_CHAP2_SUCCESS 26 + +/* example */ +#define PW_EXAMPLE_INTEGER 1 +#define PW_EXAMPLE_STRING 2 +#define PW_EXAMPLE_IP_ADDRESS 3 + +/* Fixed offsets to dictionary definitions of attributes */ +#define NR_DA_USER_NAME (&nr_dict_attrs[1]) +#define NR_DA_USER_PASSWORD (&nr_dict_attrs[2]) +#define NR_DA_CHAP_PASSWORD (&nr_dict_attrs[3]) +#define NR_DA_NAS_IP_ADDRESS (&nr_dict_attrs[4]) +#define NR_DA_NAS_PORT (&nr_dict_attrs[5]) +#define NR_DA_SERVICE_TYPE (&nr_dict_attrs[6]) +#define NR_DA_FRAMED_PROTOCOL (&nr_dict_attrs[7]) +#define NR_DA_FRAMED_IP_ADDRESS (&nr_dict_attrs[8]) +#define NR_DA_FRAMED_IP_NETMASK (&nr_dict_attrs[9]) +#define NR_DA_FRAMED_ROUTING (&nr_dict_attrs[10]) +#define NR_DA_FILTER_ID (&nr_dict_attrs[11]) +#define NR_DA_FRAMED_MTU (&nr_dict_attrs[12]) +#define NR_DA_FRAMED_COMPRESSION (&nr_dict_attrs[13]) +#define NR_DA_LOGIN_IP_HOST (&nr_dict_attrs[14]) +#define NR_DA_LOGIN_SERVICE (&nr_dict_attrs[15]) +#define NR_DA_LOGIN_TCP_PORT (&nr_dict_attrs[16]) +#define NR_DA_REPLY_MESSAGE (&nr_dict_attrs[18]) +#define NR_DA_CALLBACK_NUMBER (&nr_dict_attrs[19]) +#define NR_DA_CALLBACK_ID (&nr_dict_attrs[20]) +#define NR_DA_FRAMED_ROUTE (&nr_dict_attrs[22]) +#define NR_DA_FRAMED_IPX_NETWORK (&nr_dict_attrs[23]) +#define NR_DA_STATE (&nr_dict_attrs[24]) +#define NR_DA_CLASS (&nr_dict_attrs[25]) +#define NR_DA_VENDOR_SPECIFIC (&nr_dict_attrs[26]) +#define NR_DA_SESSION_TIMEOUT (&nr_dict_attrs[27]) +#define NR_DA_IDLE_TIMEOUT (&nr_dict_attrs[28]) +#define NR_DA_TERMINATION_ACTION (&nr_dict_attrs[29]) +#define NR_DA_CALLED_STATION_ID (&nr_dict_attrs[30]) +#define NR_DA_CALLING_STATION_ID (&nr_dict_attrs[31]) +#define NR_DA_NAS_IDENTIFIER (&nr_dict_attrs[32]) +#define NR_DA_PROXY_STATE (&nr_dict_attrs[33]) +#define NR_DA_LOGIN_LAT_SERVICE (&nr_dict_attrs[34]) +#define NR_DA_LOGIN_LAT_NODE (&nr_dict_attrs[35]) +#define NR_DA_LOGIN_LAT_GROUP (&nr_dict_attrs[36]) +#define NR_DA_FRAMED_APPLETALK_LINK (&nr_dict_attrs[37]) +#define NR_DA_FRAMED_APPLETALK_NETWORK (&nr_dict_attrs[38]) +#define NR_DA_FRAMED_APPLETALK_ZONE (&nr_dict_attrs[39]) +#define NR_DA_ACCT_STATUS_TYPE (&nr_dict_attrs[40]) +#define NR_DA_ACCT_DELAY_TIME (&nr_dict_attrs[41]) +#define NR_DA_ACCT_INPUT_OCTETS (&nr_dict_attrs[42]) +#define NR_DA_ACCT_OUTPUT_OCTETS (&nr_dict_attrs[43]) +#define NR_DA_ACCT_SESSION_ID (&nr_dict_attrs[44]) +#define NR_DA_ACCT_AUTHENTIC (&nr_dict_attrs[45]) +#define NR_DA_ACCT_SESSION_TIME (&nr_dict_attrs[46]) +#define NR_DA_ACCT_INPUT_PACKETS (&nr_dict_attrs[47]) +#define NR_DA_ACCT_OUTPUT_PACKETS (&nr_dict_attrs[48]) +#define NR_DA_ACCT_TERMINATE_CAUSE (&nr_dict_attrs[49]) +#define NR_DA_ACCT_MULTI_SESSION_ID (&nr_dict_attrs[50]) +#define NR_DA_ACCT_LINK_COUNT (&nr_dict_attrs[51]) +#define NR_DA_ACCT_INPUT_GIGAWORDS (&nr_dict_attrs[52]) +#define NR_DA_ACCT_OUTPUT_GIGAWORDS (&nr_dict_attrs[53]) +#define NR_DA_EVENT_TIMESTAMP (&nr_dict_attrs[55]) +#define NR_DA_EGRESS_VLANID (&nr_dict_attrs[56]) +#define NR_DA_INGRESS_FILTERS (&nr_dict_attrs[57]) +#define NR_DA_EGRESS_VLAN_NAME (&nr_dict_attrs[58]) +#define NR_DA_USER_PRIORITY_TABLE (&nr_dict_attrs[59]) +#define NR_DA_CHAP_CHALLENGE (&nr_dict_attrs[60]) +#define NR_DA_NAS_PORT_TYPE (&nr_dict_attrs[61]) +#define NR_DA_PORT_LIMIT (&nr_dict_attrs[62]) +#define NR_DA_LOGIN_LAT_PORT (&nr_dict_attrs[63]) +#define NR_DA_TUNNEL_TYPE (&nr_dict_attrs[64]) +#define NR_DA_TUNNEL_MEDIUM_TYPE (&nr_dict_attrs[65]) +#define NR_DA_TUNNEL_CLIENT_ENDPOINT (&nr_dict_attrs[66]) +#define NR_DA_TUNNEL_SERVER_ENDPOINT (&nr_dict_attrs[67]) +#define NR_DA_ACCT_TUNNEL_CONNECTION (&nr_dict_attrs[68]) +#define NR_DA_TUNNEL_PASSWORD (&nr_dict_attrs[69]) +#define NR_DA_ARAP_PASSWORD (&nr_dict_attrs[70]) +#define NR_DA_ARAP_FEATURES (&nr_dict_attrs[71]) +#define NR_DA_ARAP_ZONE_ACCESS (&nr_dict_attrs[72]) +#define NR_DA_ARAP_SECURITY (&nr_dict_attrs[73]) +#define NR_DA_ARAP_SECURITY_DATA (&nr_dict_attrs[74]) +#define NR_DA_PASSWORD_RETRY (&nr_dict_attrs[75]) +#define NR_DA_PROMPT (&nr_dict_attrs[76]) +#define NR_DA_CONNECT_INFO (&nr_dict_attrs[77]) +#define NR_DA_CONFIGURATION_TOKEN (&nr_dict_attrs[78]) +#define NR_DA_EAP_MESSAGE (&nr_dict_attrs[79]) +#define NR_DA_MESSAGE_AUTHENTICATOR (&nr_dict_attrs[80]) +#define NR_DA_TUNNEL_PRIVATE_GROUP_ID (&nr_dict_attrs[81]) +#define NR_DA_TUNNEL_ASSIGNMENT_ID (&nr_dict_attrs[82]) +#define NR_DA_TUNNEL_PREFERENCE (&nr_dict_attrs[83]) +#define NR_DA_ARAP_CHALLENGE_RESPONSE (&nr_dict_attrs[84]) +#define NR_DA_ACCT_INTERIM_INTERVAL (&nr_dict_attrs[85]) +#define NR_DA_ACCT_TUNNEL_PACKETS_LOST (&nr_dict_attrs[86]) +#define NR_DA_NAS_PORT_ID (&nr_dict_attrs[87]) +#define NR_DA_FRAMED_POOL (&nr_dict_attrs[88]) +#define NR_DA_CHARGEABLE_USER_IDENTITY (&nr_dict_attrs[89]) +#define NR_DA_TUNNEL_CLIENT_AUTH_ID (&nr_dict_attrs[90]) +#define NR_DA_TUNNEL_SERVER_AUTH_ID (&nr_dict_attrs[91]) +#define NR_DA_NAS_FILTER_RULE (&nr_dict_attrs[92]) +#define NR_DA_NAS_IPV6_ADDRESS (&nr_dict_attrs[95]) +#define NR_DA_FRAMED_INTERFACE_ID (&nr_dict_attrs[96]) +#define NR_DA_FRAMED_IPV6_PREFIX (&nr_dict_attrs[97]) +#define NR_DA_LOGIN_IPV6_HOST (&nr_dict_attrs[98]) +#define NR_DA_FRAMED_IPV6_ROUTE (&nr_dict_attrs[99]) +#define NR_DA_FRAMED_IPV6_POOL (&nr_dict_attrs[100]) +#define NR_DA_ERROR_CAUSE (&nr_dict_attrs[101]) +#define NR_DA_EAP_KEY_NAME (&nr_dict_attrs[102]) +#define NR_DA_DIGEST_RESPONSE (&nr_dict_attrs[103]) +#define NR_DA_DIGEST_REALM (&nr_dict_attrs[104]) +#define NR_DA_DIGEST_NONCE (&nr_dict_attrs[105]) +#define NR_DA_DIGEST_RESPONSE_AUTH (&nr_dict_attrs[106]) +#define NR_DA_DIGEST_NEXTNONCE (&nr_dict_attrs[107]) +#define NR_DA_DIGEST_METHOD (&nr_dict_attrs[108]) +#define NR_DA_DIGEST_URI (&nr_dict_attrs[109]) +#define NR_DA_DIGEST_QOP (&nr_dict_attrs[110]) +#define NR_DA_DIGEST_ALGORITHM (&nr_dict_attrs[111]) +#define NR_DA_DIGEST_ENTITY_BODY_HASH (&nr_dict_attrs[112]) +#define NR_DA_DIGEST_CNONCE (&nr_dict_attrs[113]) +#define NR_DA_DIGEST_NONCE_COUNT (&nr_dict_attrs[114]) +#define NR_DA_DIGEST_USERNAME (&nr_dict_attrs[115]) +#define NR_DA_DIGEST_OPAQUE (&nr_dict_attrs[116]) +#define NR_DA_DIGEST_AUTH_PARAM (&nr_dict_attrs[117]) +#define NR_DA_DIGEST_AKA_AUTS (&nr_dict_attrs[118]) +#define NR_DA_DIGEST_DOMAIN (&nr_dict_attrs[119]) +#define NR_DA_DIGEST_STALE (&nr_dict_attrs[120]) +#define NR_DA_DIGEST_HA1 (&nr_dict_attrs[121]) +#define NR_DA_SIP_AOR (&nr_dict_attrs[122]) +#define NR_DA_DELEGATED_IPV6_PREFIX (&nr_dict_attrs[123]) +#define NR_DA_OPERATOR_NAME (&nr_dict_attrs[126]) +#define NR_DA_LOCATION_INFORMATION (&nr_dict_attrs[127]) +#define NR_DA_LOCATION_DATA (&nr_dict_attrs[128]) +#define NR_DA_BASIC_LOCATION_POLICY_RULES (&nr_dict_attrs[129]) +#define NR_DA_EXTENDED_LOCATION_POLICY_RULES (&nr_dict_attrs[130]) +#define NR_DA_LOCATION_CAPABLE (&nr_dict_attrs[131]) +#define NR_DA_REQUESTED_LOCATION_INFO (&nr_dict_attrs[132]) +#define NR_DA_FRAMED_MANAGEMENT (&nr_dict_attrs[133]) +#define NR_DA_MANAGEMENT_TRANSPORT_PROTECTION (&nr_dict_attrs[134]) +#define NR_DA_MANAGEMENT_POLICY_ID (&nr_dict_attrs[135]) +#define NR_DA_MANAGEMENT_PRIVILEGE_LEVEL (&nr_dict_attrs[136]) +#define NR_DA_PKM_SS_CERT (&nr_dict_attrs[137]) +#define NR_DA_PKM_CA_CERT (&nr_dict_attrs[138]) +#define NR_DA_PKM_CONFIG_SETTINGS (&nr_dict_attrs[139]) +#define NR_DA_PKM_CRYPTOSUITE_LIST (&nr_dict_attrs[140]) +#define NR_DA_PKM_SAID (&nr_dict_attrs[141]) +#define NR_DA_PKM_SA_DESCRIPTOR (&nr_dict_attrs[142]) +#define NR_DA_PKM_AUTH_KEY (&nr_dict_attrs[143]) +#define NR_DA_MS_CHAP_RESPONSE (&nr_dict_attrs[256]) +#define NR_DA_MS_CHAP_ERROR (&nr_dict_attrs[257]) +#define NR_DA_MS_MPPE_ENCRYPTION_POLICY (&nr_dict_attrs[258]) +#define NR_DA_MS_MPPE_ENCRYPTION_TYPES (&nr_dict_attrs[259]) +#define NR_DA_MS_CHAP_DOMAIN (&nr_dict_attrs[260]) +#define NR_DA_MS_CHAP_CHALLENGE (&nr_dict_attrs[261]) +#define NR_DA_MS_CHAP_MPPE_KEYS (&nr_dict_attrs[262]) +#define NR_DA_MS_MPPE_SEND_KEY (&nr_dict_attrs[263]) +#define NR_DA_MS_MPPE_RECV_KEY (&nr_dict_attrs[264]) +#define NR_DA_MS_CHAP2_RESPONSE (&nr_dict_attrs[265]) +#define NR_DA_MS_CHAP2_SUCCESS (&nr_dict_attrs[266]) +#define NR_DA_EXAMPLE_INTEGER (&nr_dict_attrs[267]) +#define NR_DA_EXAMPLE_STRING (&nr_dict_attrs[268]) +#define NR_DA_EXAMPLE_IP_ADDRESS (&nr_dict_attrs[269]) +/* Automatically generated file. Do not edit */ diff --git a/lib/radius/share/dictionary.microsoft b/lib/radius/share/dictionary.microsoft new file mode 100644 index 0000000..034e5f0 --- /dev/null +++ b/lib/radius/share/dictionary.microsoft @@ -0,0 +1,17 @@ +# A minimal dictionary for Microsoft VSAs +# +VENDOR Microsoft 311 + +BEGIN-VENDOR Microsoft +ATTRIBUTE MS-CHAP-Response 1 octets +ATTRIBUTE MS-CHAP-Error 2 string +ATTRIBUTE MS-MPPE-Encryption-Policy 7 octets +ATTRIBUTE MS-MPPE-Encryption-Types 8 octets +ATTRIBUTE MS-CHAP-Domain 10 string +ATTRIBUTE MS-CHAP-Challenge 11 octets +ATTRIBUTE MS-CHAP-MPPE-Keys 12 octets encrypt=1 +ATTRIBUTE MS-MPPE-Send-Key 16 octets encrypt=2 +ATTRIBUTE MS-MPPE-Recv-Key 17 octets encrypt=2 +ATTRIBUTE MS-CHAP2-Response 25 octets +ATTRIBUTE MS-CHAP2-Success 26 octets +END-VENDOR Microsoft diff --git a/lib/radius/share/dictionary.txt b/lib/radius/share/dictionary.txt new file mode 100644 index 0000000..e62f8b3 --- /dev/null +++ b/lib/radius/share/dictionary.txt @@ -0,0 +1,136 @@ +ATTRIBUTE User-Name 1 string +ATTRIBUTE User-Password 2 string encrypt=1 +ATTRIBUTE CHAP-Password 3 octets +ATTRIBUTE NAS-IP-Address 4 ipaddr +ATTRIBUTE NAS-Port 5 integer +ATTRIBUTE Service-Type 6 integer +ATTRIBUTE Framed-Protocol 7 integer +ATTRIBUTE Framed-IP-Address 8 ipaddr +ATTRIBUTE Framed-IP-Netmask 9 ipaddr +ATTRIBUTE Framed-Routing 10 integer +ATTRIBUTE Filter-Id 11 string +ATTRIBUTE Framed-MTU 12 integer +ATTRIBUTE Framed-Compression 13 integer +ATTRIBUTE Login-IP-Host 14 ipaddr +ATTRIBUTE Login-Service 15 integer +ATTRIBUTE Login-TCP-Port 16 integer +ATTRIBUTE Reply-Message 18 string +ATTRIBUTE Callback-Number 19 string +ATTRIBUTE Callback-Id 20 string +ATTRIBUTE Framed-Route 22 string +ATTRIBUTE Framed-IPX-Network 23 ipaddr +ATTRIBUTE State 24 octets +ATTRIBUTE Class 25 octets +ATTRIBUTE Vendor-Specific 26 octets +ATTRIBUTE Session-Timeout 27 integer +ATTRIBUTE Idle-Timeout 28 integer +ATTRIBUTE Termination-Action 29 integer +ATTRIBUTE Called-Station-Id 30 string +ATTRIBUTE Calling-Station-Id 31 string +ATTRIBUTE NAS-Identifier 32 string +ATTRIBUTE Proxy-State 33 octets +ATTRIBUTE Login-LAT-Service 34 string +ATTRIBUTE Login-LAT-Node 35 string +ATTRIBUTE Login-LAT-Group 36 octets +ATTRIBUTE Framed-AppleTalk-Link 37 integer +ATTRIBUTE Framed-AppleTalk-Network 38 integer +ATTRIBUTE Framed-AppleTalk-Zone 39 string +ATTRIBUTE CHAP-Challenge 60 octets +ATTRIBUTE NAS-Port-Type 61 integer +ATTRIBUTE Port-Limit 62 integer +ATTRIBUTE Login-LAT-Port 63 string +ATTRIBUTE Acct-Status-Type 40 integer +ATTRIBUTE Acct-Delay-Time 41 integer +ATTRIBUTE Acct-Input-Octets 42 integer +ATTRIBUTE Acct-Output-Octets 43 integer +ATTRIBUTE Acct-Session-Id 44 string +ATTRIBUTE Acct-Authentic 45 integer +ATTRIBUTE Acct-Session-Time 46 integer +ATTRIBUTE Acct-Input-Packets 47 integer +ATTRIBUTE Acct-Output-Packets 48 integer +ATTRIBUTE Acct-Terminate-Cause 49 integer +ATTRIBUTE Acct-Multi-Session-Id 50 string +ATTRIBUTE Acct-Link-Count 51 integer +ATTRIBUTE Acct-Tunnel-Connection 68 string +ATTRIBUTE Acct-Tunnel-Packets-Lost 86 integer +ATTRIBUTE Tunnel-Type 64 integer has_tag +ATTRIBUTE Tunnel-Medium-Type 65 integer has_tag +ATTRIBUTE Tunnel-Client-Endpoint 66 string has_tag +ATTRIBUTE Tunnel-Server-Endpoint 67 string has_tag +ATTRIBUTE Tunnel-Password 69 string has_tag,encrypt=2 +ATTRIBUTE Tunnel-Private-Group-Id 81 string has_tag +ATTRIBUTE Tunnel-Assignment-Id 82 string has_tag +ATTRIBUTE Tunnel-Preference 83 integer has_tag +ATTRIBUTE Tunnel-Client-Auth-Id 90 string has_tag +ATTRIBUTE Tunnel-Server-Auth-Id 91 string has_tag +ATTRIBUTE Acct-Input-Gigawords 52 integer +ATTRIBUTE Acct-Output-Gigawords 53 integer +ATTRIBUTE Event-Timestamp 55 date +ATTRIBUTE ARAP-Password 70 octets[16] +ATTRIBUTE ARAP-Features 71 octets[14] +ATTRIBUTE ARAP-Zone-Access 72 integer +ATTRIBUTE ARAP-Security 73 integer +ATTRIBUTE ARAP-Security-Data 74 string +ATTRIBUTE Password-Retry 75 integer +ATTRIBUTE Prompt 76 integer +ATTRIBUTE Connect-Info 77 string +ATTRIBUTE Configuration-Token 78 string +ATTRIBUTE EAP-Message 79 octets +ATTRIBUTE Message-Authenticator 80 octets +ATTRIBUTE ARAP-Challenge-Response 84 octets[8] +ATTRIBUTE Acct-Interim-Interval 85 integer +ATTRIBUTE NAS-Port-Id 87 string +ATTRIBUTE Framed-Pool 88 string +ATTRIBUTE NAS-IPv6-Address 95 ipv6addr +ATTRIBUTE Framed-Interface-Id 96 ifid +ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix +ATTRIBUTE Login-IPv6-Host 98 ipv6addr +ATTRIBUTE Framed-IPv6-Route 99 string +ATTRIBUTE Framed-IPv6-Pool 100 string +ATTRIBUTE Error-Cause 101 integer +ATTRIBUTE EAP-Key-Name 102 string +ATTRIBUTE Chargeable-User-Identity 89 string +ATTRIBUTE Egress-VLANID 56 integer +ATTRIBUTE Ingress-Filters 57 integer +ATTRIBUTE Egress-VLAN-Name 58 string +ATTRIBUTE User-Priority-Table 59 octets +ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix +ATTRIBUTE NAS-Filter-Rule 92 string +ATTRIBUTE Digest-Response 103 string +ATTRIBUTE Digest-Realm 104 string +ATTRIBUTE Digest-Nonce 105 string +ATTRIBUTE Digest-Response-Auth 106 string +ATTRIBUTE Digest-Nextnonce 107 string +ATTRIBUTE Digest-Method 108 string +ATTRIBUTE Digest-URI 109 string +ATTRIBUTE Digest-Qop 110 string +ATTRIBUTE Digest-Algorithm 111 string +ATTRIBUTE Digest-Entity-Body-Hash 112 string +ATTRIBUTE Digest-CNonce 113 string +ATTRIBUTE Digest-Nonce-Count 114 string +ATTRIBUTE Digest-Username 115 string +ATTRIBUTE Digest-Opaque 116 string +ATTRIBUTE Digest-Auth-Param 117 string +ATTRIBUTE Digest-AKA-Auts 118 string +ATTRIBUTE Digest-Domain 119 string +ATTRIBUTE Digest-Stale 120 string +ATTRIBUTE Digest-HA1 121 string +ATTRIBUTE SIP-AOR 122 string +ATTRIBUTE Operator-Name 126 string +ATTRIBUTE Location-Information 127 octets +ATTRIBUTE Location-Data 128 octets +ATTRIBUTE Basic-Location-Policy-Rules 129 octets +ATTRIBUTE Extended-Location-Policy-Rules 130 octets +ATTRIBUTE Location-Capable 131 integer +ATTRIBUTE Requested-Location-Info 132 integer +ATTRIBUTE Framed-Management 133 integer +ATTRIBUTE Management-Transport-Protection 134 integer +ATTRIBUTE Management-Policy-Id 135 string +ATTRIBUTE Management-Privilege-Level 136 integer +ATTRIBUTE PKM-SS-Cert 137 octets +ATTRIBUTE PKM-CA-Cert 138 octets +ATTRIBUTE PKM-Config-Settings 139 octets +ATTRIBUTE PKM-Cryptosuite-List 140 octets +ATTRIBUTE PKM-SAID 141 short +ATTRIBUTE PKM-SA-Descriptor 142 octets +ATTRIBUTE PKM-Auth-Key 143 octets diff --git a/lib/radius/share/dictionary.vendor b/lib/radius/share/dictionary.vendor new file mode 100644 index 0000000..571dbc4 --- /dev/null +++ b/lib/radius/share/dictionary.vendor @@ -0,0 +1,10 @@ +# a sample vendor-specific dictionary + +VENDOR example 65535 + +BEGIN-VENDOR example +ATTRIBUTE Example-Integer 1 integer +ATTRIBUTE Example-String 2 string +ATTRIBUTE Example-IP-Address 3 ipaddr + +END-VENDOR example diff --git a/lib/radius/static.c b/lib/radius/static.c new file mode 100644 index 0000000..d633e5b --- /dev/null +++ b/lib/radius/static.c @@ -0,0 +1,37 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file static.c + * \brief Dummy file to include auto-generating static dictionary mappings. + */ + +#include + +/* + * Include the dynamically generated dictionaries. + */ +#include "dictionaries.c" diff --git a/lib/radius/tests/Makefile b/lib/radius/tests/Makefile new file mode 100644 index 0000000..b9d74ad --- /dev/null +++ b/lib/radius/tests/Makefile @@ -0,0 +1,25 @@ +# +# GNU Makefile +# +.PHONY: all clean +all: radattr + +HEADERS := ../client.h ../radius.h +CFLAGS := -g + +%.o : %.c + $(CC) $(CFLAGS) -I.. -I. -c $< + +%.o: ${HEADERS} + +LIBS := -lcrypto -lssl +LDFLAGS = -L.. -lnetworkradius-client + +../libnetworkradius-client.a: + @${MAKE} -C .. libnetworkradius-client.a + +radattr: radattr.o ../libnetworkradius-client.a + ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ + +clean: + @rm -rf *.o *.a *~ diff --git a/lib/radius/tests/radattr.c b/lib/radius/tests/radattr.c new file mode 100644 index 0000000..d41499a --- /dev/null +++ b/lib/radius/tests/radattr.c @@ -0,0 +1,769 @@ +/* + * Copyright (C) 2011 Network RADIUS SARL + * + * This software may not be redistributed in any form without the prior + * written consent of Network RADIUS. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include + +#include + +static int packet_code = PW_ACCESS_REQUEST; +static int packet_id = 1; +static uint8_t packet_vector[16] = { 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 }; +static char secret[256] = "testing123"; + +static int encode_tlv(char *buffer, uint8_t *output, size_t outlen); + +static const char *hextab = "0123456789abcdef"; + +static int encode_data_string(char *buffer, + uint8_t *output, size_t outlen) +{ + int length = 0; + char *p; + + p = buffer + 1; + + while (*p && (outlen > 0)) { + if (*p == '"') { + return length; + } + + if (*p != '\\') { + *(output++) = *(p++); + outlen--; + length++; + continue; + } + + switch (p[1]) { + default: + *(output++) = p[1]; + break; + + case 'n': + *(output++) = '\n'; + break; + + case 'r': + *(output++) = '\r'; + break; + + case 't': + *(output++) = '\t'; + break; + } + + outlen--; + length++; + } + + fprintf(stderr, "String is not terminated\n"); + return 0; +} + +static int encode_data_tlv(char *buffer, char **endptr, + uint8_t *output, size_t outlen) +{ + int depth = 0; + int length; + char *p; + + for (p = buffer; *p != '\0'; p++) { + if (*p == '{') depth++; + if (*p == '}') { + depth--; + if (depth == 0) break; + } + } + + if (*p != '}') { + fprintf(stderr, "No trailing '}' in string starting " + "with \"%s\"\n", + buffer); + return 0; + } + + *endptr = p + 1; + *p = '\0'; + + p = buffer + 1; + while (isspace((int) *p)) p++; + + length = encode_tlv(p, output, outlen); + if (length == 0) return 0; + + return length; +} + +static int encode_hex(char *p, uint8_t *output, size_t outlen) +{ + int length = 0; + while (*p) { + char *c1, *c2; + + while (isspace((int) *p)) p++; + + if (!*p) break; + + if(!(c1 = memchr(hextab, tolower((int) p[0]), 16)) || + !(c2 = memchr(hextab, tolower((int) p[1]), 16))) { + fprintf(stderr, "Invalid data starting at " + "\"%s\"\n", p); + return 0; + } + + *output = ((c1 - hextab) << 4) + (c2 - hextab); + output++; + length++; + p += 2; + + outlen--; + if (outlen == 0) { + fprintf(stderr, "Too much data\n"); + return 0; + } + } + + return length; +} + + +static int encode_data(char *p, uint8_t *output, size_t outlen) +{ + int length; + + if (!isspace((int) *p)) { + fprintf(stderr, "Invalid character following attribute " + "definition\n"); + return 0; + } + + while (isspace((int) *p)) p++; + + if (*p == '{') { + int sublen; + char *q; + + length = 0; + + do { + while (isspace((int) *p)) p++; + if (!*p) { + if (length == 0) { + fprintf(stderr, "No data\n"); + return 0; + } + + break; + } + + sublen = encode_data_tlv(p, &q, output, outlen); + if (sublen == 0) return 0; + + length += sublen; + output += sublen; + outlen -= sublen; + p = q; + } while (*q); + + return length; + } + + if (*p == '"') { + length = encode_data_string(p, output, outlen); + return length; + } + + length = encode_hex(p, output, outlen); + + if (length == 0) { + fprintf(stderr, "Empty string\n"); + return 0; + } + + return length; +} + +static int decode_attr(char *buffer, char **endptr) +{ + long attr; + + attr = strtol(buffer, endptr, 10); + if (*endptr == buffer) { + fprintf(stderr, "No valid number found in string " + "starting with \"%s\"\n", buffer); + return 0; + } + + if (!**endptr) { + fprintf(stderr, "Nothing follows attribute number\n"); + return 0; + } + + if ((attr <= 0) || (attr > 256)) { + fprintf(stderr, "Attribute number is out of valid " + "range\n"); + return 0; + } + + return (int) attr; +} + +static int decode_vendor(char *buffer, char **endptr) +{ + long vendor; + + if (*buffer != '.') { + fprintf(stderr, "Invalid separator before vendor id\n"); + return 0; + } + + vendor = strtol(buffer + 1, endptr, 10); + if (*endptr == (buffer + 1)) { + fprintf(stderr, "No valid vendor number found\n"); + return 0; + } + + if (!**endptr) { + fprintf(stderr, "Nothing follows vendor number\n"); + return 0; + } + + if ((vendor <= 0) || (vendor > (1 << 24))) { + fprintf(stderr, "Vendor number is out of valid range\n"); + return 0; + } + + if (**endptr != '.') { + fprintf(stderr, "Invalid data following vendor number\n"); + return 0; + } + (*endptr)++; + + return (int) vendor; +} + +static int encode_tlv(char *buffer, uint8_t *output, size_t outlen) +{ + int attr; + int length; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + output[0] = attr; + output[1] = 2; + + if (*p == '.') { + p++; + length = encode_tlv(p, output + 2, outlen - 2); + + } else { + length = encode_data(p, output + 2, outlen - 2); + } + + if (length == 0) return 0; + if (length > (255 - 2)) { + fprintf(stderr, "TLV data is too long\n"); + return 0; + } + + output[1] += length; + + return length + 2; +} + +static int encode_vsa(char *buffer, uint8_t *output, size_t outlen) +{ + int vendor; + int length; + char *p; + + vendor = decode_vendor(buffer, &p); + if (vendor == 0) return 0; + + output[0] = 0; + output[1] = (vendor >> 16) & 0xff; + output[2] = (vendor >> 8) & 0xff; + output[3] = vendor & 0xff; + + length = encode_tlv(p, output + 4, outlen - 4); + if (length == 0) return 0; + if (length > (255 - 6)) { + fprintf(stderr, "VSA data is too long\n"); + return 0; + } + + + return length + 4; +} + +static int encode_evs(char *buffer, uint8_t *output, size_t outlen) +{ + int vendor; + int attr; + int length; + char *p; + + vendor = decode_vendor(buffer, &p); + if (vendor == 0) return 0; + + attr = decode_attr(p, &p); + if (attr == 0) return 0; + + output[0] = 0; + output[1] = (vendor >> 16) & 0xff; + output[2] = (vendor >> 8) & 0xff; + output[3] = vendor & 0xff; + output[4] = attr; + + length = encode_data(p, output + 5, outlen - 5); + if (length == 0) return 0; + + return length + 5; +} + +static int encode_extended(char *buffer, + uint8_t *output, size_t outlen) +{ + int attr; + int length; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + output[0] = attr; + + if (attr == 26) { + length = encode_evs(p, output + 1, outlen - 1); + } else { + length = encode_data(p, output + 1, outlen - 1); + } + if (length == 0) return 0; + if (length > (255 - 3)) { + fprintf(stderr, "Extended Attr data is too long\n"); + return 0; + } + + return length + 1; +} + +static int encode_extended_flags(char *buffer, + uint8_t *output, size_t outlen) +{ + int attr; + int length, total; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + /* output[0] is the extended attribute */ + output[1] = 4; + output[2] = attr; + output[3] = 0; + + if (attr == 26) { + length = encode_evs(p, output + 4, outlen - 4); + if (length == 0) return 0; + + output[1] += 5; + length -= 5; + } else { + length = encode_data(p, output + 4, outlen - 4); + } + if (length == 0) return 0; + + total = 0; + while (1) { + int sublen = 255 - output[1]; + + if (length <= sublen) { + output[1] += length; + total += output[1]; + break; + } + + length -= sublen; + + memmove(output + 255 + 4, output + 255, length); + memcpy(output + 255, output, 4); + + output[1] = 255; + output[3] |= 0x80; + + output += 255; + output[1] = 4; + total += 255; + } + + return total; +} + +static int encode_rfc(char *buffer, uint8_t *output, size_t outlen) +{ + int attr; + int length, sublen; + char *p; + + attr = decode_attr(buffer, &p); + if (attr == 0) return 0; + + length = 2; + output[0] = attr; + output[1] = 2; + + if (attr == 26) { + sublen = encode_vsa(p, output + 2, outlen - 2); + + } else if ((attr < 241) || (attr > 246)) { + sublen = encode_data(p, output + 2, outlen - 2); + + } else { + if (*p != '.') { + fprintf(stderr, "Invalid data following " + "attribute number\n"); + return 0; + } + + if (attr < 245) { + sublen = encode_extended(p + 1, + output + 2, outlen - 2); + } else { + + /* + * Not like the others! + */ + return encode_extended_flags(p + 1, output, outlen); + } + } + if (sublen == 0) return 0; + if (sublen > (255 -2)) { + fprintf(stderr, "RFC Data is too long\n"); + return 0; + } + + output[1] += sublen; + return length + sublen; +} + +static int walk_callback(void *ctx, const DICT_ATTR *da, + const uint8_t *data, size_t sizeof_data) +{ + char **p = ctx; + + sprintf(*p, "v%u a%u l%ld,", + da->vendor, da->attr, sizeof_data); + + *p += strlen(*p); +} + +static void process_file(const char *filename) +{ + int lineno, rcode; + size_t i, outlen; + ssize_t len, data_len; + FILE *fp; + RADIUS_PACKET packet; + char input[8192], buffer[8192]; + char output[8192]; + uint8_t *attr, data[2048]; + + if (strcmp(filename, "-") == 0) { + fp = stdin; + filename = ""; + + } else { + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Error opening %s: %s\n", + filename, strerror(errno)); + exit(1); + } + } + + lineno = 0; + *output = '\0'; + data_len = 0; + + while (fgets(buffer, sizeof(buffer), fp) != NULL) { + char *p = strchr(buffer, '\n'); + VALUE_PAIR *vp, *head = NULL; + VALUE_PAIR **tail = &head; + + lineno++; + + if (!p) { + if (!feof(fp)) { + fprintf(stderr, "Line %d too long in %s\n", + lineno, filename); + exit(1); + } + } else { + *p = '\0'; + } + + p = strchr(buffer, '#'); + if (p) *p = '\0'; + + p = buffer; + while (isspace((int) *p)) p++; + if (!*p) continue; + + strcpy(input, p); + + if (strncmp(p, "raw ", 4) == 0) { + outlen = encode_rfc(p + 4, data, sizeof(data)); + if (outlen == 0) { + fprintf(stderr, "Parse error in line %d of %s\n", + lineno, filename); + exit(1); + } + + print_hex: + if (outlen == 0) { + output[0] = 0; + continue; + } + + data_len = outlen; + for (i = 0; i < outlen; i++) { + snprintf(output + 3*i, sizeof(output), + "%02x ", data[i]); + } + outlen = strlen(output); + output[outlen - 1] = '\0'; + continue; + } + + if (strncmp(p, "data ", 5) == 0) { + if (strcmp(p + 5, output) != 0) { + fprintf(stderr, "Mismatch in line %d of %s, expected: %s\n", + lineno, filename, output); + exit(1); + } + continue; + } + + head = NULL; + if (strncmp(p, "encode ", 7) == 0) { + if (strcmp(p + 7, "-") == 0) { + p = output; + } else { + p += 7; + } + + rcode = nr_vp_sscanf(p, &head); + if (rcode < 0) { + strcpy(output, nr_strerror(rcode)); + continue; + } + + attr = data; + vp = head; + while (vp != NULL) { + len = nr_vp2attr(NULL, NULL, &vp, + attr, sizeof(data) - (attr - data)); + if (len < 0) { + fprintf(stderr, "Failed encoding %s: %s\n", + vp->da->name, nr_strerror(len)); + exit(1); + } + + attr += len; + if (len == 0) break; + } + + nr_vp_free(&head); + outlen = len; + goto print_hex; + } + + if (strncmp(p, "decode ", 7) == 0) { + ssize_t my_len; + + if (strcmp(p + 7, "-") == 0) { + attr = data; + len = data_len; + } else { + attr = data; + len = encode_hex(p + 7, data, sizeof(data)); + if (len == 0) { + fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); + exit(1); + } + } + + while (len > 0) { + vp = NULL; + my_len = nr_attr2vp(NULL, NULL, + attr, len, &vp); + if (my_len < 0) { + nr_vp_free(&head); + break; + } + + if (my_len > len) { + fprintf(stderr, "Internal sanity check failed at %d\n", __LINE__); + exit(1); + } + + *tail = vp; + while (vp) { + tail = &(vp->next); + vp = vp->next; + } + + attr += my_len; + len -= my_len; + } + + /* + * Output may be an error, and we ignore + * it if so. + */ + if (head) { + p = output; + for (vp = head; vp != NULL; vp = vp->next) { + nr_vp_snprintf(p, sizeof(output) - (p - output), vp); + p += strlen(p); + + if (vp->next) {strcpy(p, ", "); + p += 2; + } + } + + nr_vp_free(&head); + } else if (my_len < 0) { + strcpy(output, nr_strerror(my_len)); + + } else { /* zero-length attribute */ + *output = '\0'; + } + continue; + } + + if (strncmp(p, "walk ", 5) == 0) { + len = encode_hex(p + 5, data + 20, sizeof(data) - 20); + + if (len == 0) { + fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); + exit(1); + } + + memset(data, 0, 20); + packet.data = data; + packet.length = len + 20; + packet.data[2] = ((len + 20) >> 8) & 0xff; + packet.data[3] = (len + 20) & 0xff; + + *output = '\0'; + p = output; + + rcode = nr_packet_walk(&packet, &p, walk_callback); + if (rcode < 0) { + snprintf(output, sizeof(output), "%d", rcode); + continue; + } + + if (*output) output[strlen(output) - 1] = '\0'; + continue; + } + + if (strncmp(p, "$INCLUDE ", 9) == 0) { + p += 9; + while (isspace((int) *p)) p++; + + process_file(p); + continue; + } + + if (strncmp(p, "secret ", 7) == 0) { + strlcpy(secret, p + 7, sizeof(secret)); + strlcpy(output, secret, sizeof(output)); + continue; + } + + if (strncmp(p, "code ", 5) == 0) { + packet_code = atoi(p + 5); + snprintf(output, sizeof(output), "%u", packet_code); + continue; + } + + if (strncmp(p, "sign ", 5) == 0) { + len = encode_hex(p + 5, data + 20, sizeof(data) - 20); + if (len == 0) { + fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); + exit(1); + } + + memset(&packet, 0, sizeof(packet)); + packet.secret = secret; + packet.sizeof_secret = strlen(secret); + packet.code = packet_code; + packet.id = packet_id; + memcpy(packet.vector, packet_vector, 16); + packet.data = data; + packet.length = len + 20; + + /* + * Hack encode the packet. + */ + packet.data[0] = packet_code; + packet.data[1] = packet_id; + packet.data[2] = ((len + 20) >> 8) & 0xff; + packet.data[3] = (len + 20) & 0xff; + memcpy(packet.data + 4, packet_vector, 16); + + rcode = nr_packet_sign(&packet, NULL); + if (rcode < 0) { + snprintf(output, sizeof(output), "%d", rcode); + continue; + } + + memcpy(data, packet.vector, sizeof(packet.vector)); + outlen = sizeof(packet.vector); + goto print_hex; + } + + fprintf(stderr, "Unknown input at line %d of %s\n", + lineno, filename); + exit(1); + } + + if (fp != stdin) fclose(fp); +} + +int main(int argc, char *argv[]) +{ + int c; + + if (argc < 2) { + process_file("-"); + + } else { + process_file(argv[1]); + } + + return 0; +} diff --git a/lib/radius/tests/rfc.txt b/lib/radius/tests/rfc.txt new file mode 100644 index 0000000..d8bd613 --- /dev/null +++ b/lib/radius/tests/rfc.txt @@ -0,0 +1,144 @@ +# All attribute lengths are implicit, and are calculated automatically +# +# Input is of the form: +# +# WORD ... +# +# The WORD is a keyword which indicates the format of the following text. +# WORD is one of: +# +# raw - read the grammar defined below, and encode an attribute. +# The grammer supports a trivial way of describing RADIUS +# attributes, without reference to dictionaries or fancy +# parsers +# +# encode - reads "Attribute-Name = value", encodes it, and prints +# the result as text. +# use "-" to encode the output of the last command +# +# decode - reads hex, and decodes it "Attribute-Name = value" +# use "-" to decode the output of the last command +# +# data - the expected output of the previous command, in ASCII form. +# if the actual command output is different, an error message +# is produced, and the program terminates. +# +# +# The "raw" input satisfies the following grammar: +# +# Identifier = 1*DIGIT *( "." 1*DIGIT ) +# +# HEXCHAR = HEXDIG HEXDIG +# +# STRING = DQUOTE *CHAR DQUOTE +# +# TLV = "{" 1*DIGIT DATA "}" +# +# DATA = 1*HEXCHAR / 1*TLV / STRING +# +# LINE = Identifier DATA +# +# The "Identifier" is a RADIUS attribute identifier, as given in the draft. +# +# e.g. 1 for User-Name +# 26.9.1 Vendor-Specific, Cisco, Cisco-AVPAir +# 241.1 Extended Attribute, number 1 +# 241.2.3 Extended Attribute 2, data type TLV, TLV type 3 +# etc. +# +# The "DATA" portion is the contents of the RADIUS Attribute. +# +# 123456789abcdef hex string +# 12 34 56 ab with spaces for clarity +# "hello" Text string +# { 1 abcdef } TLV, TLV-Type 1, data "abcdef" +# +# TLVs can be nested: +# +# { tlv-type { tlv-type data } } { 3 { 4 01020304 } } +# +# TLVs can be concatencated +# +# {tlv-type data } { tlv-type data} { 3 040506 } { 8 aabbcc } +# +# The "raw" data is encoded without reference to dictionaries. Any +# valid string is parsed to a RADIUS attribute. The resulting RADIUS +# attribute *may not* be correctly formatted to the relevant RADIUS +# specifications. i.e. you can use this tool to create attribute 1 +# (User-Name), which is encoded as a series of TLVs. That's up to you. +# +# The purpose of the "raw" command is to have a simple way of encoding +# attributes which is independent of any dictionaries or packet processing +# routines. +# +# The output data is the hex version of the encoded attribute. +# + +encode User-Name = bob +data 01 05 62 6f 62 + +decode - +data User-Name = "bob" + +decode 01 05 62 6f 62 +data User-Name = "bob" + +# +# The Type/Length is OK, but the attribute data is of the wrong size. +# +decode 04 04 ab cd +data Attr-4 = 0xabcd + +# Zero-length attributes +decode 01 02 +data + +# don't encode zero-length attributes +#encode User-Name = "" +#data + +# except for CUI. Thank you, WiMAX! +decode 59 02 +data Chargeable-User-Identity = "" + +# Hah! Thought you had it figured out, didn't you? +#encode - +#data 59 02 + +encode NAS-Port = 10 +data 05 06 00 00 00 0a + +decode - +data NAS-Port = 10 + +walk 05 06 00 00 00 0a +data v0 a5 l4 + +walk 05 06 00 00 00 0a 02 06 00 00 00 0a +data v0 a5 l4,v0 a2 l4 + +walk 1a 0c 00 00 00 01 05 06 00 00 00 0a +data v1 a5 l4 + +walk 1a 12 00 00 00 01 05 06 00 00 00 0a 03 06 00 00 00 0a +data v1 a5 l4,v1 a3 l4 + +# Access-Request, code 1, authentication vector of zero +sign 05 06 00 00 00 0a +data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + +code 4 + +sign 05 06 00 00 00 0a +data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 + +sign 05 06 00 00 00 0a +data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 + +secret hello +sign 05 06 00 00 00 0a +data 69 20 c0 b9 e1 2f 12 54 9f 92 16 5e f4 64 9b fd + +secret testing123 +sign 05 06 00 00 00 0a +data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 diff --git a/lib/radius/valuepair.c b/lib/radius/valuepair.c new file mode 100644 index 0000000..603a970 --- /dev/null +++ b/lib/radius/valuepair.c @@ -0,0 +1,199 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file valuepair.c + * \brief Functions to manipulate C structure versions of RADIUS attributes. + */ + +#include + +void nr_vp_free(VALUE_PAIR **head) +{ + VALUE_PAIR *next, *vp; + + if (!head || !*head) return; + + vp = *head; + do { + if (vp) next = vp->next; + if (vp->da->flags.encrypt) { + memset(vp, 0, sizeof(vp)); + } + free(vp); + vp = next; + } while (next); + + *head = NULL; +} + + +VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da) +{ + memset(vp, 0, sizeof(*vp)); + + vp->da = da; + vp->length = da->flags.length; + + return vp; +} + + +VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da) +{ + VALUE_PAIR *vp = NULL; + + if (!da) { + nr_strerror_printf("Unknown attribute"); + return NULL; + } + +#ifndef NR_NO_MALLOC + vp = malloc(sizeof(*vp)); +#endif + if (!vp) { + nr_strerror_printf("Out of memory"); + return NULL; + } + + return nr_vp_init(vp, da); +} + +VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor) +{ + VALUE_PAIR *vp = NULL; + DICT_ATTR *da; + +#ifndef NR_NO_MALLOC + vp = malloc(sizeof(*vp) + sizeof(*da) + 64); +#endif + if (!vp) { + nr_strerror_printf("Out of memory"); + return NULL; + } + memset(vp, 0, sizeof(*vp)); + + da = (DICT_ATTR *) (vp + 1); + + if (nr_dict_attr_2struct(da, attr, vendor, (char *) (da + 1), 64) < 0) { + free(vp); + return NULL; + } + + vp->da = da; + + return vp; +} + +int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t sizeof_data) +{ + int rcode = 1; /* OK */ + + if (!vp || !data || (sizeof_data == 0)) return -NR_ERR_INVALID_ARG; + + switch (vp->da->type) { + case NR_TYPE_BYTE: + vp->vp_integer = *(const uint8_t *) data; + break; + + case NR_TYPE_SHORT: + vp->vp_integer = *(const uint16_t *) data; + break; + + case NR_TYPE_INTEGER: + case NR_TYPE_DATE: + case NR_TYPE_IPADDR: + vp->vp_integer = *(const uint32_t *) data; + break; + + case NR_TYPE_STRING: + if (sizeof_data >= sizeof(vp->vp_strvalue)) { + sizeof_data = sizeof(vp->vp_strvalue) - 1; + rcode = 0; /* truncated */ + } + + memcpy(vp->vp_strvalue, (const char *) data, sizeof_data); + vp->vp_strvalue[sizeof_data + 1] = '\0'; + vp->length = sizeof_data; + break; + + case NR_TYPE_OCTETS: + if (sizeof_data > sizeof(vp->vp_octets)) { + sizeof_data = sizeof(vp->vp_octets); + rcode = 0; /* truncated */ + } + memcpy(vp->vp_octets, data, sizeof_data); + vp->length = sizeof_data; + break; + + default: + return -NR_ERR_ATTR_TYPE_UNKNOWN; + } + + return rcode; +} + +VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, size_t data_len) +{ + const DICT_ATTR *da; + VALUE_PAIR *vp; + + da = nr_dict_attr_byvalue(attr, vendor); + if (!da) return NULL; + + vp = nr_vp_alloc(da); + if (!vp) return NULL; + + if (nr_vp_set_data(vp, data, data_len) < 0) { + nr_vp_free(&vp); + return NULL; + } + + return vp; +} + +void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *tail) +{ + if (!tail) return; + + while (*head) { + head = &((*head)->next); + } + + *head = tail; +} + +VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, + unsigned int attr, unsigned int vendor) +{ + while (head) { + if ((head->da->attr == attr) && + (head->da->vendor == vendor)) return head; + head = head->next; + } + + return NULL; +} -- cgit v1.1 From a13cddc1331aa1f5e7dca7d1b44482951d2757bf Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sun, 13 Nov 2011 17:16:14 +1100 Subject: port to new RADIUS client library --- lib/HACKING | 3 - lib/Makefile.am | 4 +- lib/attr.c | 2 +- lib/avp.c | 457 ++++++++++ lib/build-aux/config.guess | 9 +- lib/build-aux/config.sub | 19 +- lib/build-aux/depcomp | 4 +- lib/build-aux/ltmain.sh | 1774 +++++++++++++++++++++--------------- lib/build-aux/missing | 4 +- lib/conf.c | 1 + lib/configure.ac | 3 +- lib/conn.c | 2 + lib/debug.c | 6 +- lib/err.c | 65 +- lib/event.c | 3 + lib/examples/client-blocking.c | 3 +- lib/include/Makefile.am | 7 +- lib/include/radsec/.gitignore | 1 + lib/include/radsec/radsec-impl.h | 15 +- lib/include/radsec/radsec.h | 246 ++++- lib/include/radsec/request-impl.h | 5 + lib/include/radsec/request.h | 5 + lib/m4/libtool.m4 | 1012 ++++++++++---------- lib/m4/ltoptions.m4 | 13 +- lib/m4/ltversion.m4 | 10 +- lib/m4/lt~obsolete.m4 | 12 +- lib/packet.c | 158 +++- lib/peer.c | 3 + lib/radius/.gitignore | 1 + lib/radius/Makefile | 68 -- lib/radius/Makefile.am | 37 + lib/radius/attrs.c | 214 ++--- lib/radius/client.h | 202 ++-- lib/radius/common.pl | 2 +- lib/radius/convert.pl | 4 +- lib/radius/crypto.c | 88 +- lib/radius/custom.c | 2 +- lib/radius/dict.c | 12 +- lib/radius/dictionaries.c | 1515 ------------------------------ lib/radius/examples/example_1.c | 8 +- lib/radius/examples/example_2.c | 8 +- lib/radius/examples/example_3.c | 12 +- lib/radius/examples/example_4.c | 6 +- lib/radius/id.c | 36 +- lib/radius/packet.c | 154 ++-- lib/radius/parse.c | 38 +- lib/radius/print.c | 71 +- lib/radius/radius.h | 314 ------- lib/radius/share/dictionary.ukerna | 19 + lib/radius/static.c | 2 +- lib/radius/valuepair.c | 24 +- lib/radsec.c | 20 +- lib/radsec.sym | 38 + lib/request.c | 4 +- lib/tcp.c | 34 +- lib/tests/test-udp.c | 14 +- lib/tests/udp.c | 2 +- lib/udp.c | 29 +- 58 files changed, 3028 insertions(+), 3796 deletions(-) create mode 100644 lib/avp.c create mode 100644 lib/include/radsec/.gitignore create mode 100644 lib/radius/.gitignore delete mode 100644 lib/radius/Makefile create mode 100644 lib/radius/Makefile.am delete mode 100644 lib/radius/dictionaries.c delete mode 100644 lib/radius/radius.h create mode 100644 lib/radius/share/dictionary.ukerna (limited to 'lib') diff --git a/lib/HACKING b/lib/HACKING index 7b1f298..1494941 100644 --- a/lib/HACKING +++ b/lib/HACKING @@ -18,14 +18,11 @@ examples/client -r examples/client.conf blocking-tls; echo $? - Application runs its own event loop, using fd's for select and performs I/O using the libradsec send/receive calls (a.k.a. on-your-own mode) -- Fully reentrant (FIXME: issues with libfreeradius-radius?) - User chooses allocation regime * Dependencies Details apply to Ubuntu 10.10. -- libfreeradius-radius (2.1.9+dfsg-1ubuntu1) - sudo apt-get install libfreeradius-dev libfreeradius2 - libconfuse (2.7-1) sudo apt-get install libconfuse-dev libconfuse0 - libevent from source (release-2.0.10-stable) diff --git a/lib/Makefile.am b/lib/Makefile.am index a26750d..3eb4a2b 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,7 +1,7 @@ AUTOMAKE_OPTIONS = foreign ACLOCAL_AMFLAGS = -I m4 -SUBDIRS = . examples include +SUBDIRS = radius . include examples INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -g @@ -9,6 +9,7 @@ AM_CFLAGS = -Wall -g lib_LTLIBRARIES = libradsec.la libradsec_la_SOURCES = \ + avp.c \ compat.c \ conf.c \ conn.c \ @@ -35,5 +36,6 @@ libradsec_la_SOURCES += \ rsp_tlscommon.c endif +libradsec_la_LIBADD = radius/libradsec-radius.la libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols radsec.sym libradsec_la_CFLAGS = $(AM_CFLAGS) -Werror # -DDEBUG -DDEBUG_LEVENT diff --git a/lib/attr.c b/lib/attr.c index 16a6d39..9b11cf6 100644 --- a/lib/attr.c +++ b/lib/attr.c @@ -7,7 +7,7 @@ #include #endif -#include +#include #include #include diff --git a/lib/avp.c b/lib/avp.c new file mode 100644 index 0000000..1bc1128 --- /dev/null +++ b/lib/avp.c @@ -0,0 +1,457 @@ +/* Copyright 2011 PADL Software Pty Ltd. All rights reserved. + See the file COPYING for licensing information. */ + +#if defined HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include +#include + +#define RS_ERR(err) ((err) < 0 ? -err : RSE_OK) + +void +rs_avp_free (rs_avp **vps) +{ + nr_vp_free (vps); +} + +size_t +rs_avp_length (rs_const_avp *vp) +{ + assert (vp != NULL); + return vp->length; +} + +rs_attr_type_t +rs_avp_typeof (rs_const_avp *vp) +{ + return vp ? vp->da->type : RS_TYPE_INVALID; +} + +void +rs_avp_attrid (rs_const_avp *vp, + unsigned int *attr, + unsigned int *vendor) +{ + *attr = vp->da->attr; + *vendor = vp->da->vendor; +} + +const char * +rs_avp_name (rs_const_avp *vp) +{ + return vp ? vp->da->name : NULL; +} + +void +rs_avp_append (rs_avp **head, rs_avp *tail) +{ + return nr_vps_append (head, tail); +} + +rs_avp * +rs_avp_find (rs_avp *vp, unsigned int attr, unsigned int vendor) +{ + if (vp == NULL) + return NULL; + + return nr_vps_find (vp, attr, vendor); +} + +rs_const_avp * +rs_avp_find_const (rs_const_avp *vp, + unsigned int attr, unsigned int vendor) +{ + if (vp == NULL) + return NULL; + + return nr_vps_find ((rs_avp *)vp, attr, vendor); +} + +rs_avp * +rs_avp_alloc (unsigned int attr, unsigned int vendor) +{ + const DICT_ATTR *da; + VALUE_PAIR *vp; + + da = nr_dict_attr_byvalue (attr, vendor); + if (da == NULL) { + vp = nr_vp_alloc_raw (attr, vendor); + } else { + vp = nr_vp_alloc (da); + } + + if (vp == NULL) + return NULL; + + return vp; +} + +rs_avp * +rs_avp_dup (rs_const_avp *vp) +{ + rs_avp *vp2; + + vp2 = nr_vp_alloc (vp->da); + if (vp2 == NULL) + return NULL; + + vp2->length = vp->length; + vp2->tag = vp->tag; + vp2->next = NULL; + +#ifdef RS_TYPE_TLV + if (rs_avp_is_tlv (vp)) { + vp2->vp_tlv = malloc (vp->length); + if (vp2->vp_tlv == NULL) { + rs_avp_free (vp2); + return NULL; + } + memcpy (vp2->vp_tlv, vp->vp_tlv, vp->length); + return vp2; + } +#endif + + memcpy (vp2->vp_strvalue, vp->vp_strvalue, vp->length); + if (rs_avp_is_string (vp)) + vp2->vp_strvalue[vp->length] = '\0'; + + return vp2; +} + +rs_avp * +rs_avp_next (rs_avp *avp) +{ + return avp ? avp->next : NULL; +} + +rs_const_avp * +rs_avp_next_const (rs_const_avp *avp) +{ + return avp ? avp->next : NULL; +} + +int +rs_avp_delete (rs_avp **first, + unsigned int attr, unsigned int vendor) +{ + int found = 0; + rs_avp **p; + + for (p = first; *p != NULL; p++) { + if ((*p)->da->attr == attr && + (*p)->da->vendor == vendor) { + rs_avp *next = (*p)->next; + + (*p)->next = NULL; + rs_avp_free (p); + + *p = next; + found++; + } + } + + return found ? RSE_OK : RSE_ATTR_UNKNOWN; +} + +const char * +rs_avp_string_value (rs_const_avp *vp) +{ + if (!rs_avp_is_string (vp)) + return NULL; + + return vp->vp_strvalue; +} + +int +rs_avp_string_set (rs_avp *vp, const char *str) +{ + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_string (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, str, strlen (str)); + return RS_ERR(err); +} + +uint32_t +rs_avp_integer_value (rs_const_avp *vp) +{ + if (!rs_avp_is_integer (vp)) + return 0; + return vp->vp_integer; +} + +int +rs_avp_integer_set (rs_avp *vp, uint32_t val) +{ + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_integer (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &val, sizeof (val)); + return RS_ERR(err); +} + +uint32_t +rs_avp_ipaddr_value (rs_const_avp *vp) +{ + if (!rs_avp_is_ipaddr (vp)) + return 0; + return vp->vp_ipaddr; +} + +int +rs_avp_ipaddr_set (rs_avp *vp, struct in_addr in) +{ + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_ipaddr (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &in, sizeof (in)); + return RS_ERR(err); +} + +time_t +rs_avp_date_value (rs_const_avp *vp) +{ + if (!rs_avp_is_date (vp)) + return 0; + return vp->vp_date; +} + +int +rs_avp_date_set (rs_avp *vp, time_t date) +{ + uint32_t date32; + int err; + + if (vp == NULL) + return RSE_INVAL; + if (!rs_avp_is_date (vp)) + return RSE_ATTR_INVALID; + if (date > 0xFFFFFFFF) + return RSE_ATTR_INVALID; + + date32 = (uint32_t)date; + err = nr_vp_set_data (vp, &date32, sizeof (date32)); + + return RS_ERR(err); +} + +const unsigned char * +rs_avp_octets_value_const_ptr (rs_const_avp *vp) +{ + return rs_avp_octets_value_ptr ((rs_avp *)vp); +} + +unsigned char * +rs_avp_octets_value_ptr (rs_avp *vp) +{ + if (vp == NULL) + return NULL; + +#ifdef RS_TYPE_TLV + if (rs_avp_is_tlv (vp)) + return vp->vp_tlv; +#endif + + return vp->vp_octets; +} + +int +rs_avp_octets_value_byref (rs_avp *vp, + unsigned char **p, + size_t *len) +{ + if (vp == NULL) + return RSE_INVAL; + + *len = vp->length; + *p = (unsigned char *)rs_avp_octets_value_ptr (vp); + + return RSE_OK; +} + +int +rs_avp_octets_value (rs_const_avp *vp, + unsigned char *buf, + size_t *len) +{ + if (vp == NULL) + return RSE_INVAL; + + if (vp->length > *len) { + *len = vp->length; + return RSE_ATTR_TOO_SMALL; + } + + *len = vp->length; + +#ifdef RS_TYPE_TLV + if (rs_avp_is_tlv (vp)) + memcpy (buf, vp->vp_tlv, vp->length); + else +#endif + memcpy (buf, vp->vp_octets, vp->length); + + return RSE_OK; +} + +int +rs_avp_fragmented_value (rs_const_avp *vps, + unsigned char *buf, + size_t *len) +{ + size_t total_len = 0; + unsigned char *p; + rs_const_avp *vp; + + if (vps == NULL) + return RSE_INVAL; + + if (!rs_avp_is_octets (vps) && + !rs_avp_is_string (vps)) + return RSE_ATTR_INVALID; + + for (vp = vps; + vp != NULL; + vp = rs_avp_find_const (vp->next, vp->da->attr, vp->da->vendor)) + total_len += vp->length; + + if (*len < total_len) { + *len = total_len; + return RSE_ATTR_TOO_SMALL; + } + + for (vp = vps, p = buf; + vp != NULL; + vp = rs_avp_find_const (vp->next, vp->da->attr, vp->da->vendor)) { + memcpy (p, vp->vp_octets, vp->length); + p += vp->length; + } + + *len = total_len; + + return RSE_OK; +} + +int +rs_avp_octets_set (rs_avp *vp, + const unsigned char *buf, + size_t len) +{ + int err; + + if (!rs_avp_is_octets (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, buf, len); + + return RS_ERR(err); +} + +int +rs_avp_ifid_value (rs_const_avp *vp, uint8_t val[8]) +{ + if (!rs_avp_is_ifid (vp)) + return RSE_ATTR_INVALID; + + memcpy (val, vp->vp_ifid, 8); + + return RSE_OK; +} + +int +rs_avp_ifid_set (rs_avp *vp, const uint8_t val[8]) +{ + int err; + + if (!rs_avp_is_ifid (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, val, 8); + return RS_ERR(err); +} + +uint8_t +rs_avp_byte_value (rs_const_avp *vp) +{ + if (!rs_avp_is_byte (vp)) + return 0; + return vp->vp_integer; +} + +int +rs_avp_byte_set (rs_avp *vp, uint8_t val) +{ + int err; + + if (!rs_avp_is_byte (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &val, sizeof (val)); + return RS_ERR(err); +} + +uint16_t +rs_avp_short_value (rs_const_avp *vp) +{ + if (!rs_avp_is_short (vp)) + return 0; + return vp->vp_integer; +} + +int +rs_avp_short_set (rs_avp *vp, uint16_t val) +{ + int err; + + if (!rs_avp_is_short (vp)) + return RSE_ATTR_INVALID; + + err = nr_vp_set_data (vp, &val, sizeof (val)); + return RS_ERR(err); +} + +int +rs_attr_find (const char *name, + unsigned int *attr, + unsigned int *vendor) +{ + const DICT_ATTR *da; + + da = nr_dict_attr_byname (name); + if (da == NULL) + return RSE_ATTR_UNKNOWN; + + *attr = da->attr; + *vendor = da->vendor; + + return RSE_OK; +} + +size_t +rs_avp_display_value (rs_const_avp *vp, + char *buffer, + size_t buflen) +{ + return nr_vp_snprintf_value (buffer, buflen, vp); +} diff --git a/lib/build-aux/config.guess b/lib/build-aux/config.guess index c2246a4..dc84c68 100755 --- a/lib/build-aux/config.guess +++ b/lib/build-aux/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # Free Software Foundation, Inc. -timestamp='2009-12-30' +timestamp='2009-11-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -56,9 +56,8 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." diff --git a/lib/build-aux/config.sub b/lib/build-aux/config.sub index c2d1257..2a55a50 100755 --- a/lib/build-aux/config.sub +++ b/lib/build-aux/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # Free Software Foundation, Inc. -timestamp='2010-01-22' +timestamp='2009-11-20' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -75,9 +75,8 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -381,8 +380,7 @@ case $basic_machine in | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile-* | tilegx-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | vax-* \ @@ -1087,11 +1085,6 @@ case $basic_machine in basic_machine=tic6x-unknown os=-coff ;; - # This must be matched before tile*. - tilegx*) - basic_machine=tilegx-unknown - os=-linux-gnu - ;; tile*) basic_machine=tile-unknown os=-linux-gnu @@ -1442,8 +1435,6 @@ case $os in -dicos*) os=-dicos ;; - -nacl*) - ;; -none) ;; *) diff --git a/lib/build-aux/depcomp b/lib/build-aux/depcomp index df8eea7..aeba4e8 100755 --- a/lib/build-aux/depcomp +++ b/lib/build-aux/depcomp @@ -17,7 +17,9 @@ scriptversion=2009-04-28.21; # UTC # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a diff --git a/lib/build-aux/ltmain.sh b/lib/build-aux/ltmain.sh index 7ed280b..04eaea4 100755 --- a/lib/build-aux/ltmain.sh +++ b/lib/build-aux/ltmain.sh @@ -1,9 +1,10 @@ # Generated from ltmain.m4sh. -# ltmain.sh (GNU libtool) 2.2.6b +# libtool (GNU libtool) 2.2.10 # Written by Gordon Matzigkeit , 1996 -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, +# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -32,50 +33,54 @@ # # Provide generalized library-building support services. # -# --config show all configuration variables -# --debug enable verbose shell tracing -# -n, --dry-run display commands without modifying any files -# --features display basic configuration information and exit -# --mode=MODE use operation mode MODE -# --preserve-dup-deps don't remove duplicate dependency libraries -# --quiet, --silent don't print informational messages -# --tag=TAG use configuration variables from tag TAG -# -v, --verbose print informational messages (default) -# --version print version information -# -h, --help print short or long help message +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --no-quiet, --no-silent +# print informational messages (default) +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print more informational messages than default +# --no-verbose don't print the extra informational messages +# --version print version information +# -h, --help, --help-all print short, long, or detailed help message # # MODE must be one of the following: # -# clean remove files from the build directory -# compile compile a source file into a libtool object -# execute automatically set library path, then run a program -# finish complete the installation of libtool libraries -# install install libraries or executables -# link create a library or an executable -# uninstall remove libraries from an installed directory +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory # -# MODE-ARGS vary depending on the MODE. +# MODE-ARGS vary depending on the MODE. When passed as first option, +# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. # Try `$progname --help --mode=MODE' for a more detailed description of MODE. # # When reporting a bug, please describe a test case to reproduce it and # include the following information: # -# host-triplet: $host -# shell: $SHELL -# compiler: $LTCC -# compiler flags: $LTCFLAGS -# linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2ubuntu1 -# automake: $automake_version -# autoconf: $autoconf_version +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.2.10 +# automake: $automake_version +# autoconf: $autoconf_version # # Report bugs to . -PROGRAM=ltmain.sh +PROGRAM=libtool PACKAGE=libtool -VERSION="2.2.6b Debian-2.2.6b-2ubuntu1" +VERSION=2.2.10 TIMESTAMP="" -package_revision=1.3017 +package_revision=1.3175 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then @@ -91,10 +96,15 @@ fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + # NLS nuisances: We save the old values to restore during execute mode. -# Only set LANG and LC_ALL to C if already set. -# These must not be set unconditionally because not all systems understand -# e.g. LANG=C (notably SCO). lt_user_locale= lt_safe_locale= for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES @@ -107,24 +117,33 @@ do lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" fi" done +LC_ALL=C +LANGUAGE=C +export LANGUAGE LC_ALL $lt_unset CDPATH +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath="$0" : ${CP="cp -f"} -: ${ECHO="echo"} -: ${EGREP="/bin/grep -E"} -: ${FGREP="/bin/grep -F"} -: ${GREP="/bin/grep"} +test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} +: ${EGREP="grep -E"} +: ${FGREP="grep -F"} +: ${GREP="grep"} : ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} -: ${SED="/bin/sed"} +: ${SED="sed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} @@ -159,32 +178,168 @@ basename="s,^.*/,," func_dirname_and_basename () { # Extract subdirectory from the argument. - func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi - func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` + func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` } # Generated shell functions inserted here. -# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh -# is ksh but when the shell is invoked as "sh" and the current value of -# the _XPG environment variable is not equal to 1 (one), the special -# positional parameter $0, within a function call, is the name of the -# function. -progpath="$0" +# These SED scripts presuppose an absolute path with a trailing slash. +pathcar='s,^/\([^/]*\).*$,\1,' +pathcdr='s,^/[^/]*,,' +removedotparts=':dotsl + s@/\./@/@g + t dotsl + s,/\.$,/,' +collapseslashes='s@/\{1,\}@/@g' +finalslash='s,/*$,/,' + +# func_normal_abspath PATH +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +# value returned in "$func_normal_abspath_result" +func_normal_abspath () +{ + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` + while :; do + # Processed it all yet? + if test "$func_normal_abspath_tpath" = / ; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result" ; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + +# func_relative_path SRCDIR DSTDIR +# generates a relative path from SRCDIR to DSTDIR, with a trailing +# slash if non-empty, suitable for immediately appending a filename +# without needing to append a separator. +# value returned in "$func_relative_path_result" +func_relative_path () +{ + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=${func_dirname_result} + if test "x$func_relative_path_tlibdir" = x ; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test "x$func_stripname_result" != x ; then + func_relative_path_result=${func_relative_path_result}/${func_stripname_result} + fi + + # Normalisation. If bindir is libdir, return empty string, + # else relative path ending with a slash; either way, target + # file name can be directly appended. + if test ! -z "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result/" + func_relative_path_result=$func_stripname_result + fi +} # The name of this program: -# In the unlikely event $progname began with a '-', it would play havoc with -# func_echo (imagine progname=-n), so we prepend ./ in that case: func_dirname_and_basename "$progpath" progname=$func_basename_result -case $progname in - -*) progname=./$progname ;; -esac # Make sure we have an absolute path for reexecution: case $progpath in @@ -258,6 +413,13 @@ func_verbose () : } +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + # func_error arg... # Echo program name prefixed message to standard error. func_error () @@ -326,9 +488,9 @@ func_mkdir_p () case $my_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop - my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"` + my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` done - my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'` + my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` save_mkdir_p_IFS="$IFS"; IFS=':' for my_dir in $my_dir_list; do @@ -378,7 +540,7 @@ func_mktempdir () func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi - $ECHO "X$my_tmpdir" | $Xsed + $ECHO "$my_tmpdir" } @@ -392,7 +554,7 @@ func_quote_for_eval () { case $1 in *[\\\`\"\$]*) - func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;; + func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; *) func_quote_for_eval_unquoted_result="$1" ;; esac @@ -419,7 +581,7 @@ func_quote_for_expand () { case $1 in *[\\\`\"]*) - my_arg=`$ECHO "X$1" | $Xsed \ + my_arg=`$ECHO "$1" | $SED \ -e "$double_quote_subst" -e "$sed_double_backslash"` ;; *) my_arg="$1" ;; @@ -489,14 +651,19 @@ func_show_eval_locale () } - - - # func_version # Echo version message to standard output and exit. func_version () { - $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / { + $SED -n '/(C)/!b go + :more + /\./!{ + N + s/\n# / / + b more + } + :go + /^# '$PROGRAM' (GNU /,/# warranty; / { s/^# // s/^# *$// s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ @@ -509,19 +676,20 @@ func_version () # Echo short help message to standard output and exit. func_usage () { - $SED -n '/^# Usage:/,/# -h/ { + $SED -n '/^# Usage:/,/^# *.*--help/ { s/^# // s/^# *$// s/\$progname/'$progname'/ p }' < "$progpath" - $ECHO + echo $ECHO "run \`$progname --help | more' for full usage" exit $? } -# func_help -# Echo long help message to standard output and exit. +# func_help [NOEXIT] +# Echo long help message to standard output and exit, +# unless 'noexit' is passed as argument. func_help () { $SED -n '/^# Usage:/,/# Report bugs to/ { @@ -538,7 +706,10 @@ func_help () s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ p }' < "$progpath" - exit $? + ret=$? + if test -z "$1"; then + exit $ret + fi } # func_missing_arg argname @@ -546,7 +717,7 @@ func_help () # exit_cmd. func_missing_arg () { - func_error "missing argument for $1" + func_error "missing argument for $1." exit_cmd=exit } @@ -556,29 +727,6 @@ exit_cmd=: -# Check that we have a working $ECHO. -if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X$1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then - # Yippee, $ECHO works! - : -else - # Restart under the correct shell, and then maybe $ECHO will work. - exec $SHELL "$progpath" --no-reexec ${1+"$@"} -fi - -if test "X$1" = X--fallback-echo; then - # used as fallback echo - shift - cat </dev/null; then + case $nonopt in *shtool*) :;; *) false;; esac; then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " @@ -1867,6 +2067,11 @@ func_mode_install () # Aesthetically quote it. func_quote_for_eval "$arg" install_prog="$install_prog$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac # We need to accept at least all the BSD install flags. dest= @@ -1876,8 +2081,10 @@ func_mode_install () install_type= isdir=no stripme= + no_mode=: for arg do + arg2= if test -n "$dest"; then files="$files $dest" dest=$arg @@ -1887,10 +2094,9 @@ func_mode_install () case $arg in -d) isdir=yes ;; -f) - case " $install_prog " in - *[\\\ /]cp\ *) ;; - *) prev=$arg ;; - esac + if $install_cp; then :; else + prev=$arg + fi ;; -g | -m | -o) prev=$arg @@ -1904,6 +2110,10 @@ func_mode_install () *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then + if test "x$prev" = x-m && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi prev= else dest=$arg @@ -1915,6 +2125,10 @@ func_mode_install () # Aesthetically quote the argument. func_quote_for_eval "$arg" install_prog="$install_prog $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + install_shared_prog="$install_shared_prog $func_quote_for_eval_result" done test -z "$install_prog" && \ @@ -1923,6 +2137,13 @@ func_mode_install () test -n "$prev" && \ func_fatal_help "the \`$prev' option requires an argument" + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + install_shared_prog="$install_shared_prog -m $func_quote_for_eval_result" + fi + fi + if test -z "$files"; then if test -z "$dest"; then func_fatal_help "no file or destination specified" @@ -2010,7 +2231,7 @@ func_mode_install () if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. - inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"` + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that @@ -2023,9 +2244,9 @@ func_mode_install () if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. - relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else - relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"` + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi func_warning "relinking \`$file'" @@ -2043,7 +2264,7 @@ func_mode_install () test -n "$relink_command" && srcname="$realname"T # Install the shared library and build the symlinks. - func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \ + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' tstripme="$stripme" case $host_os in @@ -2183,7 +2404,7 @@ func_mode_install () if test -f "$lib"; then func_source "$lib" fi - libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test + libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test if test -n "$libdir" && test ! -f "$libfile"; then func_warning "\`$lib' has not been installed in \`$libdir'" finalize=no @@ -2202,7 +2423,7 @@ func_mode_install () file="$func_basename_result" outputname="$tmpdir/$file" # Replace the output file specification. - relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_silent || { func_quote_for_expand "$relink_command" @@ -2221,7 +2442,7 @@ func_mode_install () } else # Install the binary that we compiled earlier. - file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` fi fi @@ -2323,6 +2544,10 @@ func_generate_dlsyms () extern \"C\" { #endif +#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + /* External symbol declarations for the compiler. */\ " @@ -2332,7 +2557,7 @@ extern \"C\" { $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. - progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_verbose "extracting global C symbols from \`$progfile'" $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'" @@ -2371,7 +2596,7 @@ extern \"C\" { eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in - *cygwin | *mingw* | *cegcc* ) + *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; @@ -2415,10 +2640,10 @@ extern \"C\" { if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' else - $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms" + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ typedef struct { @@ -2428,7 +2653,7 @@ typedef struct { " case $host in *cygwin* | *mingw* | *cegcc* ) - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */" @@ -2441,7 +2666,7 @@ typedef struct { lt_dlsym_const=const ;; esac - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ extern $lt_dlsym_const lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[]; $lt_dlsym_const lt_dlsymlist @@ -2457,7 +2682,7 @@ lt_${my_prefix}_LTX_preloaded_symbols[] = eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac - $ECHO >> "$output_objdir/$my_dlsyms" "\ + echo >> "$output_objdir/$my_dlsyms" "\ {0, (void *) 0} }; @@ -2515,16 +2740,16 @@ static const void *lt_preloaded_setup() { case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` else - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` fi ;; *) - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` ;; esac ;; @@ -2538,8 +2763,8 @@ static const void *lt_preloaded_setup() { # really was required. # Nullify the symbol file. - compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` - finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` fi } @@ -2549,6 +2774,7 @@ static const void *lt_preloaded_setup() { # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. func_win32_libid () { $opt_debug @@ -2559,8 +2785,9 @@ func_win32_libid () win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | - $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then win32_nmres=`eval $NM -f posix -A $1 | $SED -n -e ' 1,100{ @@ -2598,7 +2825,18 @@ func_extract_an_archive () $opt_debug f_ex_an_ar_dir="$1"; shift f_ex_an_ar_oldlib="$1" - func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?' + if test "$lock_old_archive_extraction" = yes; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test "$lock_old_archive_extraction" = yes; then + $opt_dry_run || rm -f "$lockfile" + fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else @@ -2669,7 +2907,7 @@ func_extract_archives () darwin_file= darwin_files= for darwin_file in $darwin_filelist; do - darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` $LIPO -create -output "$darwin_file" $darwin_files done # $darwin_filelist $RM -rf unfat-$$ @@ -2684,25 +2922,30 @@ func_extract_archives () func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac - my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done func_extract_archives_result="$my_oldobjs" } - -# func_emit_wrapper_part1 [arg=no] +# func_emit_wrapper [arg=no] # -# Emit the first part of a libtool wrapper script on stdout. -# For more information, see the description associated with -# func_emit_wrapper(), below. -func_emit_wrapper_part1 () +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory in which it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () { - func_emit_wrapper_part1_arg1=no - if test -n "$1" ; then - func_emit_wrapper_part1_arg1=$1 - fi + func_emit_wrapper_arg1=${1-no} $ECHO "\ #! $SHELL @@ -2718,7 +2961,6 @@ func_emit_wrapper_part1 () # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. -Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' # Be Bourne compatible @@ -2749,31 +2991,132 @@ if test \"\$libtool_install_magic\" = \"$magic\"; then else # When we are sourced in execute mode, \$file and \$ECHO are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then - ECHO=\"$qecho\" - file=\"\$0\" - # Make sure echo works. - if test \"X\$1\" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift - elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then - # Yippee, \$ECHO works! - : - else - # Restart under the correct shell, and then maybe \$ECHO will work. - exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} - fi - fi\ + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ which is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options which match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ " - $ECHO "\ + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} # Find the directory that this script lives in. - thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. - file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\` + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` while test -n \"\$file\"; do - destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then @@ -2783,30 +3126,13 @@ else esac fi - file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\` - file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\` + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` done -" -} -# end: func_emit_wrapper_part1 - -# func_emit_wrapper_part2 [arg=no] -# -# Emit the second part of a libtool wrapper script on stdout. -# For more information, see the description associated with -# func_emit_wrapper(), below. -func_emit_wrapper_part2 () -{ - func_emit_wrapper_part2_arg1=no - if test -n "$1" ; then - func_emit_wrapper_part2_arg1=$1 - fi - - $ECHO "\ # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. - WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1 + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then # special case for '.' if test \"\$thisdir\" = \".\"; then @@ -2814,7 +3140,7 @@ func_emit_wrapper_part2 () fi # remove .libs from thisdir case \"\$thisdir\" in - *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;; + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; $objdir ) thisdir=. ;; esac fi @@ -2877,7 +3203,7 @@ func_emit_wrapper_part2 () # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed - $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` export $shlibpath_var " @@ -2894,64 +3220,18 @@ func_emit_wrapper_part2 () $ECHO "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. -" - case $host in - # Backslashes separate directories on plain windows - *-*-mingw | *-*-os2* | *-cegcc*) - $ECHO "\ - exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} -" - ;; - - *) - $ECHO "\ - exec \"\$progdir/\$program\" \${1+\"\$@\"} -" - ;; - esac - $ECHO "\ - \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 - exit 1 + func_exec_program \${1+\"\$@\"} fi else # The program doesn't exist. \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 - $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " } -# end: func_emit_wrapper_part2 - - -# func_emit_wrapper [arg=no] -# -# Emit a libtool wrapper script on stdout. -# Don't directly open a file because we may want to -# incorporate the script contents within a cygwin/mingw -# wrapper executable. Must ONLY be called from within -# func_mode_link because it depends on a number of variables -# set therein. -# -# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR -# variable will take. If 'yes', then the emitted script -# will assume that the directory in which it is stored is -# the $objdir directory. This is a cygwin/mingw-specific -# behavior. -func_emit_wrapper () -{ - func_emit_wrapper_arg1=no - if test -n "$1" ; then - func_emit_wrapper_arg1=$1 - fi - - # split this up so that func_emit_cwrapperexe_src - # can call each part independently. - func_emit_wrapper_part1 "${func_emit_wrapper_arg1}" - func_emit_wrapper_part2 "${func_emit_wrapper_arg1}" -} # func_to_host_path arg @@ -2978,23 +3258,19 @@ func_emit_wrapper () func_to_host_path () { func_to_host_path_result="$1" - if test -n "$1" ; then + if test -n "$1"; then case $host in *mingw* ) lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' case $build in *mingw* ) # actually, msys # awkward: cmd appends spaces to result - lt_sed_strip_trailing_spaces="s/[ ]*\$//" - func_to_host_path_tmp1=`( cmd //c echo "$1" |\ - $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` - func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ - $SED -e "$lt_sed_naive_backslashify"` + func_to_host_path_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` ;; *cygwin* ) - func_to_host_path_tmp1=`cygpath -w "$1"` - func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ - $SED -e "$lt_sed_naive_backslashify"` + func_to_host_path_result=`cygpath -w "$1" | + $SED -e "$lt_sed_naive_backslashify"` ;; * ) # Unfortunately, winepath does not exit with a non-zero @@ -3006,17 +3282,17 @@ func_to_host_path () # the odd construction: func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null` if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then - func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ + func_to_host_path_result=`$ECHO "$func_to_host_path_tmp1" | $SED -e "$lt_sed_naive_backslashify"` else # Allow warning below. - func_to_host_path_result="" + func_to_host_path_result= fi ;; esac if test -z "$func_to_host_path_result" ; then func_error "Could not determine host path corresponding to" - func_error " '$1'" + func_error " \`$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: func_to_host_path_result="$1" @@ -3049,30 +3325,24 @@ func_to_host_path () func_to_host_pathlist () { func_to_host_pathlist_result="$1" - if test -n "$1" ; then + if test -n "$1"; then case $host in *mingw* ) lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them # into '.;' and ';.', and winepath ignores them completely. - func_to_host_pathlist_tmp2="$1" - # Once set for this call, this variable should not be - # reassigned. It is used in tha fallback case. - func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\ - $SED -e 's|^:*||' -e 's|:*$||'` + func_stripname : : "$1" + func_to_host_pathlist_tmp1=$func_stripname_result case $build in *mingw* ) # Actually, msys. # Awkward: cmd appends spaces to result. - lt_sed_strip_trailing_spaces="s/[ ]*\$//" - func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\ - $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` - func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ - $SED -e "$lt_sed_naive_backslashify"` + func_to_host_pathlist_result=` + ( cmd //c echo "$func_to_host_pathlist_tmp1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` ;; *cygwin* ) - func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"` - func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ + func_to_host_pathlist_result=`cygpath -w -p "$func_to_host_pathlist_tmp1" | $SED -e "$lt_sed_naive_backslashify"` ;; * ) @@ -3088,18 +3358,17 @@ func_to_host_pathlist () if test -z "$func_to_host_pathlist_result" ; then func_to_host_pathlist_result="$func_to_host_path_result" else - func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result" + func_append func_to_host_pathlist_result ";$func_to_host_path_result" fi fi fi - IFS=: done IFS=$func_to_host_pathlist_oldIFS ;; esac - if test -z "$func_to_host_pathlist_result" ; then + if test -z "$func_to_host_pathlist_result"; then func_error "Could not determine the host path(s) corresponding to" - func_error " '$1'" + func_error " \`$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This may break if $1 contains DOS-style drive # specifications. The fix is not to complicate the expression @@ -3116,7 +3385,7 @@ func_to_host_pathlist () ;; esac case "$1" in - *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;" + *: ) func_append func_to_host_pathlist_result ";" ;; esac ;; @@ -3141,31 +3410,23 @@ func_emit_cwrapperexe_src () This wrapper executable should never be moved out of the build directory. If it is, it will not operate correctly. - - Currently, it simply execs the wrapper *script* "$SHELL $output", - but could eventually absorb all of the scripts functionality and - exec $objdir/$outputname directly. */ EOF cat <<"EOF" +#ifdef _MSC_VER +# define _CRT_SECURE_NO_DEPRECATE 1 +#endif #include #include #ifdef _MSC_VER # include # include # include -# define setmode _setmode #else # include # include # ifdef __CYGWIN__ # include -# define HAVE_SETENV -# ifdef __STRICT_ANSI__ -char *realpath (const char *, char *); -int putenv (char *); -int setenv (const char *, const char *, int); -# endif # endif #endif #include @@ -3177,6 +3438,44 @@ int setenv (const char *, const char *, int); #include #include +/* declarations of non-ANSI functions */ +#if defined(__MINGW32__) +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined(__CYGWIN__) +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined (other platforms) ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined(_MSC_VER) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +# ifndef _INTPTR_T_DEFINED +# define _INTPTR_T_DEFINED +# define intptr_t int +# endif +#elif defined(__MINGW32__) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined(__CYGWIN__) +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined (other platforms) ... */ +#endif + #if defined(PATH_MAX) # define LT_PATHMAX PATH_MAX #elif defined(MAXPATHLEN) @@ -3192,14 +3491,7 @@ int setenv (const char *, const char *, int); # define S_IXGRP 0 #endif -#ifdef _MSC_VER -# define S_IXUSR _S_IEXEC -# define stat _stat -# ifndef _INTPTR_T_DEFINED -# define intptr_t int -# endif -#endif - +/* path handling portability macros */ #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' @@ -3230,10 +3522,6 @@ int setenv (const char *, const char *, int); # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ -#ifdef __CYGWIN__ -# define FOPEN_WB "wb" -#endif - #ifndef FOPEN_WB # define FOPEN_WB "w" #endif @@ -3246,22 +3534,13 @@ int setenv (const char *, const char *, int); if (stale) { free ((void *) stale); stale = 0; } \ } while (0) -#undef LTWRAPPER_DEBUGPRINTF -#if defined DEBUGWRAPPER -# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args -static void -ltwrapper_debugprintf (const char *fmt, ...) -{ - va_list args; - va_start (args, fmt); - (void) vfprintf (stderr, fmt, args); - va_end (args); -} +#if defined(LT_DEBUGWRAPPER) +static int lt_debug = 1; #else -# define LTWRAPPER_DEBUGPRINTF(args) +static int lt_debug = 0; #endif -const char *program_name = NULL; +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ void *xmalloc (size_t num); char *xstrdup (const char *string); @@ -3271,31 +3550,17 @@ char *chase_symlinks (const char *pathspec); int make_executable (const char *path); int check_executable (const char *path); char *strendzap (char *str, const char *pat); -void lt_fatal (const char *message, ...); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); void lt_setenv (const char *name, const char *value); char *lt_extend_str (const char *orig_value, const char *add, int to_end); -void lt_opt_process_env_set (const char *arg); -void lt_opt_process_env_prepend (const char *arg); -void lt_opt_process_env_append (const char *arg); -int lt_split_name_value (const char *arg, char** name, char** value); void lt_update_exe_path (const char *name, const char *value); void lt_update_lib_path (const char *name, const char *value); - -static const char *script_text_part1 = -EOF - - func_emit_wrapper_part1 yes | - $SED -e 's/\([\\"]\)/\\\1/g' \ - -e 's/^/ "/' -e 's/$/\\n"/' - echo ";" - cat <"))); + lt_debugprintf (__FILE__, __LINE__, "(main) lt_argv_zero: %s\n", + nonnull (lt_argv_zero)); for (i = 0; i < newargc; i++) { - LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : ""))); + lt_debugprintf (__FILE__, __LINE__, "(main) newargz[%d]: %s\n", + i, nonnull (newargz[i])); } EOF @@ -3560,11 +3782,14 @@ EOF mingw*) cat <<"EOF" /* execv doesn't actually work on mingw as expected on unix */ + newargz = prepare_spawn (newargz); rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz); if (rval == -1) { /* failed to start process */ - LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno)); + lt_debugprintf (__FILE__, __LINE__, + "(main) failed to launch target \"%s\": %s\n", + lt_argv_zero, nonnull (strerror (errno))); return 127; } return rval; @@ -3586,7 +3811,7 @@ xmalloc (size_t num) { void *p = (void *) malloc (num); if (!p) - lt_fatal ("Memory exhausted"); + lt_fatal (__FILE__, __LINE__, "memory exhausted"); return p; } @@ -3620,8 +3845,8 @@ check_executable (const char *path) { struct stat st; - LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n", - path ? (*path ? path : "EMPTY!") : "NULL!")); + lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n", + nonempty (path)); if ((!path) || (!*path)) return 0; @@ -3638,8 +3863,8 @@ make_executable (const char *path) int rval = 0; struct stat st; - LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n", - path ? (*path ? path : "EMPTY!") : "NULL!")); + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); if ((!path) || (!*path)) return 0; @@ -3665,8 +3890,8 @@ find_executable (const char *wrapper) int tmp_len; char *concat_name; - LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n", - wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!")); + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; @@ -3719,7 +3944,8 @@ find_executable (const char *wrapper) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal ("getcwd failed"); + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); @@ -3744,7 +3970,8 @@ find_executable (const char *wrapper) } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) - lt_fatal ("getcwd failed"); + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); @@ -3770,8 +3997,9 @@ chase_symlinks (const char *pathspec) int has_symlinks = 0; while (strlen (tmp_pathspec) && !has_symlinks) { - LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n", - tmp_pathspec)); + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); if (lstat (tmp_pathspec, &s) == 0) { if (S_ISLNK (s.st_mode) != 0) @@ -3793,8 +4021,9 @@ chase_symlinks (const char *pathspec) } else { - char *errstr = strerror (errno); - lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr); + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); } } XFREE (tmp_pathspec); @@ -3807,7 +4036,8 @@ chase_symlinks (const char *pathspec) tmp_pathspec = realpath (pathspec, buf); if (tmp_pathspec == 0) { - lt_fatal ("Could not follow symlinks for %s", pathspec); + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); } return xstrdup (tmp_pathspec); #endif @@ -3833,11 +4063,25 @@ strendzap (char *str, const char *pat) return str; } +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + static void -lt_error_core (int exit_status, const char *mode, +lt_error_core (int exit_status, const char *file, + int line, const char *mode, const char *message, va_list ap) { - fprintf (stderr, "%s: %s: ", program_name, mode); + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); @@ -3846,20 +4090,32 @@ lt_error_core (int exit_status, const char *mode, } void -lt_fatal (const char *message, ...) +lt_fatal (const char *file, int line, const char *message, ...) { va_list ap; va_start (ap, message); - lt_error_core (EXIT_FAILURE, "FATAL", message, ap); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); va_end (ap); } +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + void lt_setenv (const char *name, const char *value) { - LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n", - (name ? name : ""), - (value ? value : ""))); + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); { #ifdef HAVE_SETENV /* always make a copy, for consistency with !HAVE_SETENV */ @@ -3904,95 +4160,12 @@ lt_extend_str (const char *orig_value, const char *add, int to_end) return new_value; } -int -lt_split_name_value (const char *arg, char** name, char** value) -{ - const char *p; - int len; - if (!arg || !*arg) - return 1; - - p = strchr (arg, (int)'='); - - if (!p) - return 1; - - *value = xstrdup (++p); - - len = strlen (arg) - strlen (*value); - *name = XMALLOC (char, len); - strncpy (*name, arg, len-1); - (*name)[len - 1] = '\0'; - - return 0; -} - -void -lt_opt_process_env_set (const char *arg) -{ - char *name = NULL; - char *value = NULL; - - if (lt_split_name_value (arg, &name, &value) != 0) - { - XFREE (name); - XFREE (value); - lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg); - } - - lt_setenv (name, value); - XFREE (name); - XFREE (value); -} - -void -lt_opt_process_env_prepend (const char *arg) -{ - char *name = NULL; - char *value = NULL; - char *new_value = NULL; - - if (lt_split_name_value (arg, &name, &value) != 0) - { - XFREE (name); - XFREE (value); - lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg); - } - - new_value = lt_extend_str (getenv (name), value, 0); - lt_setenv (name, new_value); - XFREE (new_value); - XFREE (name); - XFREE (value); -} - -void -lt_opt_process_env_append (const char *arg) -{ - char *name = NULL; - char *value = NULL; - char *new_value = NULL; - - if (lt_split_name_value (arg, &name, &value) != 0) - { - XFREE (name); - XFREE (value); - lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg); - } - - new_value = lt_extend_str (getenv (name), value, 1); - lt_setenv (name, new_value); - XFREE (new_value); - XFREE (name); - XFREE (value); -} - void lt_update_exe_path (const char *name, const char *value) { - LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n", - (name ? name : ""), - (value ? value : ""))); + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); if (name && *name && value && *value) { @@ -4011,9 +4184,9 @@ lt_update_exe_path (const char *name, const char *value) void lt_update_lib_path (const char *name, const char *value) { - LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n", - (name ? name : ""), - (value ? value : ""))); + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); if (name && *name && value && *value) { @@ -4023,11 +4196,152 @@ lt_update_lib_path (const char *name, const char *value) } } +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -e 's/\([\\"]\)/\\\1/g' \ + -e 's/^/ fputs ("/' -e 's/$/\\n", f);/' + cat <<"EOF" +} EOF } # end: func_emit_cwrapperexe_src +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $opt_debug + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + # func_mode_link arg... func_mode_link () { @@ -4072,6 +4386,7 @@ func_mode_link () new_inherited_linker_flags= avoid_version=no + bindir= dlfiles= dlprefiles= dlself=no @@ -4164,6 +4479,11 @@ func_mode_link () esac case $prev in + bindir) + bindir="$arg" + prev= + continue + ;; dlfiles|dlprefiles) if test "$preload" = no; then # Add the symbol object into the linking commands. @@ -4425,6 +4745,11 @@ func_mode_link () continue ;; + -bindir) + prev=bindir + continue + ;; + -dlopen) prev=dlfiles continue @@ -4503,7 +4828,7 @@ func_mode_link () esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'` + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; ::) dllsearchpath=$dir;; @@ -4522,7 +4847,7 @@ func_mode_link () -l*) if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*) + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) continue ;; @@ -4708,7 +5033,7 @@ func_mode_link () for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" - arg="$arg $wl$func_quote_for_eval_result" + arg="$arg $func_quote_for_eval_result" compiler_flags="$compiler_flags $func_quote_for_eval_result" done IFS="$save_ifs" @@ -4754,18 +5079,19 @@ func_mode_link () arg="$func_quote_for_eval_result" ;; - # -64, -mips[0-9] enable 64-bit mode on the SGI compiler - # -r[0-9][0-9]* specifies the processor on the SGI compiler - # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler - # +DA*, +DD* enable 64-bit mode on the HP compiler - # -q* pass through compiler args for the IBM compiler - # -m*, -t[45]*, -txscale* pass through architecture-specific - # compiler args for GCC - # -F/path gives path to uninstalled frameworks, gcc on darwin - # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC - # @file GCC response files + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ - -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*) + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" func_append compile_command " $arg" @@ -4925,7 +5251,7 @@ func_mode_link () if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var - eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\` + eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi @@ -5033,10 +5359,7 @@ func_mode_link () case $pass in dlopen) libs="$dlfiles" ;; dlpreopen) libs="$dlprefiles" ;; - link) - libs="$deplibs %DEPLIBS%" - test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" - ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; esac fi if test "$linkmode,$pass" = "lib,dlpreopen"; then @@ -5051,7 +5374,8 @@ func_mode_link () # Collect preopened libtool deplibs, except any this library # has declared as weak libs for deplib in $dependency_libs; do - deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"` + func_basename "$deplib" + deplib_base=$func_basename_result case " $weak_libs " in *" $deplib_base "*) ;; *) deplibs="$deplibs $deplib" ;; @@ -5230,7 +5554,7 @@ func_mode_link () match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` - if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \ + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=yes fi @@ -5240,15 +5564,15 @@ func_mode_link () ;; esac if test "$valid_a_lib" != yes; then - $ECHO + echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because the file extensions .$libext of this argument makes me believe" - $ECHO "*** that it is just a static archive that I should not use here." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." else - $ECHO + echo $ECHO "*** Warning: Linking the shared library $output against the" $ECHO "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" @@ -5321,7 +5645,7 @@ func_mode_link () # Convert "-framework foo" to "foo.ltframework" if test -n "$inherited_linker_flags"; then - tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'` + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do case " $new_inherited_linker_flags " in *" $tmp_inherited_linker_flag "*) ;; @@ -5329,7 +5653,7 @@ func_mode_link () esac done fi - dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan" || { test "$linkmode" != prog && test "$linkmode" != lib; }; then @@ -5347,19 +5671,19 @@ func_mode_link () # It is a libtool convenience library, so add in its objects. convenience="$convenience $ladir/$objdir/$old_library" old_convenience="$old_convenience $ladir/$objdir/$old_library" - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if $opt_duplicate_deps ; then - case "$tmp_libs " in - *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; - esac - fi - tmp_libs="$tmp_libs $deplib" - done elif test "$linkmode" != prog && test "$linkmode" != lib; then func_fatal_error "\`$lib' is not a convenience library" fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_duplicate_deps ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done continue fi # $pass = conv @@ -5583,7 +5907,7 @@ func_mode_link () fi done if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then - $ECHO + echo if test "$linkmode" = prog; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else @@ -5686,9 +6010,9 @@ func_mode_link () if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" if test -z "$old_library" ; then - $ECHO - $ECHO "*** And there doesn't seem to be a static archive available" - $ECHO "*** The link will probably fail, sorry" + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" else add="$dir/$old_library" fi @@ -5828,21 +6152,21 @@ func_mode_link () # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. - $ECHO + echo $ECHO "*** Warning: This system can not link to static lib archive $lib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." if test "$module" = yes; then - $ECHO "*** But as you try to build a module library, libtool will still create " - $ECHO "*** a static module, that should work as long as the dlopening application" - $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime." + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then - $ECHO - $ECHO "*** However, this would only work if libtool was able to extract symbol" - $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" - $ECHO "*** not find such a program. So, this module is probably useless." - $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then build_libtool_libs=module @@ -5962,7 +6286,7 @@ func_mode_link () compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else - compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi dependency_libs="$newdependency_libs" @@ -6130,7 +6454,7 @@ func_mode_link () if test "$deplibs_check_method" != pass_all; then func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" else - $ECHO + echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" $ECHO "*** objects $objs is not portable!" libobjs="$libobjs $objs" @@ -6198,7 +6522,7 @@ func_mode_link () age="$number_minor" revision="$number_revision" ;; - freebsd-aout|freebsd-elf|sunos) + freebsd-aout|freebsd-elf|qnx|sunos) current="$number_major" revision="$number_minor" age="0" @@ -6210,9 +6534,6 @@ func_mode_link () revision="$number_minor" lt_irix_increment=no ;; - *) - func_fatal_configuration "$modename: unknown library version type \`$version_type'" - ;; esac ;; no) @@ -6435,14 +6756,14 @@ func_mode_link () oldlibs="$oldlibs $output_objdir/$libname.$libext" # Transform .lo files to .o files. - oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do - # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"` - # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"` - # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"` + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` #done if test -n "$xrpath"; then @@ -6483,7 +6804,7 @@ func_mode_link () if test "$build_libtool_libs" = yes; then if test -n "$rpath"; then case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*) + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) @@ -6568,13 +6889,13 @@ EOF newdeplibs="$newdeplibs $i" else droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: dynamic linker does not accept needed library $i." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which I believe you do not have" - $ECHO "*** because a test_compile did reveal that the linker did not use it for" - $ECHO "*** its dynamic dependency list that programs get resolved with at runtime." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which I believe you do not have" + echo "*** because a test_compile did reveal that the linker did not use it for" + echo "*** its dynamic dependency list that programs get resolved with at runtime." fi fi ;; @@ -6611,22 +6932,22 @@ EOF newdeplibs="$newdeplibs $i" else droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: dynamic linker does not accept needed library $i." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because a test_compile did reveal that the linker did not use this one" - $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because a test_compile did reveal that the linker did not use this one" + echo "*** as a dynamic dependency that programs can get resolved with at runtime." fi fi else droppeddeps=yes - $ECHO + echo $ECHO "*** Warning! Library $i is needed by this library but I was not able to" - $ECHO "*** make it link in! You will probably need to install it or some" - $ECHO "*** library that it depends on before this library will be fully" - $ECHO "*** functional. Installing it before continuing would be even better." + echo "*** make it link in! You will probably need to install it or some" + echo "*** library that it depends on before this library will be fully" + echo "*** functional. Installing it before continuing would be even better." fi ;; *) @@ -6672,7 +6993,7 @@ EOF potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; - *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; + *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | @@ -6687,12 +7008,12 @@ EOF fi if test -n "$a_deplib" ; then droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because I did check the linker path looking for a file starting" + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else @@ -6730,7 +7051,7 @@ EOF potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib="$potent_lib" # see symlink-check above in file_magic test - if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \ + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then newdeplibs="$newdeplibs $a_deplib" a_deplib="" @@ -6741,12 +7062,12 @@ EOF fi if test -n "$a_deplib" ; then droppeddeps=yes - $ECHO + echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." - $ECHO "*** I have the capability to make that library automatically link in when" - $ECHO "*** you link to this library. But I can only do this if you have a" - $ECHO "*** shared version of the library, which you do not appear to have" - $ECHO "*** because I did check the linker path looking for a file starting" + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else @@ -6764,25 +7085,25 @@ EOF ;; none | unknown | *) newdeplibs="" - tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \ - -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'` + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then for i in $predeps $postdeps ; do # can't use Xsed below, because $i might contain '/' - tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"` + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` done fi - if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' | - $GREP . >/dev/null; then - $ECHO + case $tmp_deplibs in + *[!\ \ ]*) + echo if test "X$deplibs_check_method" = "Xnone"; then - $ECHO "*** Warning: inter-library dependencies are not supported in this platform." + echo "*** Warning: inter-library dependencies are not supported in this platform." else - $ECHO "*** Warning: inter-library dependencies are not known to be supported." + echo "*** Warning: inter-library dependencies are not known to be supported." fi - $ECHO "*** All declared inter-library dependencies are being dropped." + echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes - fi + ;; + esac ;; esac versuffix=$versuffix_save @@ -6794,23 +7115,23 @@ EOF case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library with the System framework - newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'` + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac if test "$droppeddeps" = yes; then if test "$module" = yes; then - $ECHO - $ECHO "*** Warning: libtool could not satisfy all declared inter-library" + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" - $ECHO "*** a static module, that should work as long as the dlopening" - $ECHO "*** application is linked with the -dlopen flag." + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then - $ECHO - $ECHO "*** However, this would only work if libtool was able to extract symbol" - $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" - $ECHO "*** not find such a program. So, this module is probably useless." - $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" @@ -6820,16 +7141,16 @@ EOF build_libtool_libs=no fi else - $ECHO "*** The inter-library dependencies that have been dropped here will be" - $ECHO "*** automatically added whenever a program is linked with this library" - $ECHO "*** or is declared to -dlopen it." + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." if test "$allow_undefined" = no; then - $ECHO - $ECHO "*** Since this library must not contain undefined symbols," - $ECHO "*** because either the platform does not support them or" - $ECHO "*** it was explicitly requested with -no-undefined," - $ECHO "*** libtool will only create a static version of it." + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module @@ -6846,9 +7167,9 @@ EOF # Time to change all our "foo.ltframework" stuff back to "-framework foo" case $host in *-*-darwin*) - newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` - new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` - deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac @@ -6970,7 +7291,7 @@ EOF done # Use standard objects if they are pic - test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` test "X$libobjs" = "X " && libobjs= delfiles= @@ -7036,7 +7357,7 @@ EOF if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" - $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then @@ -7137,7 +7458,8 @@ EOF save_libobjs=$libobjs fi save_output=$output - output_la=`$ECHO "X$output" | $Xsed -e "$basename"` + func_basename "$output" + output_la=$func_basename_result # Clear the reloadable object creation command queue and # initialize k to one. @@ -7150,12 +7472,12 @@ EOF if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then output=${output_objdir}/${output_la}.lnkscript func_verbose "creating GNU ld script: $output" - $ECHO 'INPUT (' > $output + echo 'INPUT (' > $output for obj in $save_libobjs do $ECHO "$obj" >> $output done - $ECHO ')' >> $output + echo ')' >> $output delfiles="$delfiles $output" elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then output=${output_objdir}/${output_la}.lnk @@ -7197,17 +7519,19 @@ EOF # command to the queue. if test "$k" -eq 1 ; then # The first file doesn't have a previous command to add. - eval concat_cmds=\"$reload_cmds $objlist $last_robj\" + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" else # All subsequent reloadable object files will link in # the last one created. - eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\" + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi last_robj=$output_objdir/$output_la-${k}.$objext func_arith $k + 1 k=$func_arith_result output=$output_objdir/$output_la-${k}.$objext - objlist=$obj + objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result len=$func_arith_result @@ -7217,7 +7541,8 @@ EOF # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\" + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\${concat_cmds}$reload_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" fi @@ -7276,7 +7601,7 @@ EOF if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" - $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then @@ -7441,7 +7766,7 @@ EOF if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` + reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` else gentop="$output_objdir/${obj}x" generated="$generated $gentop" @@ -7452,7 +7777,7 @@ EOF fi # Create the old-style object. - reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test output="$obj" func_execute_cmds "$reload_cmds" 'exit $?' @@ -7512,8 +7837,8 @@ EOF case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework - compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` - finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac @@ -7530,8 +7855,8 @@ EOF esac fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" - compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` - finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac @@ -7668,8 +7993,8 @@ EOF if test -n "$libobjs" && test "$build_old_libs" = yes; then # Transform all the library objects into standard objects. - compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` - finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi func_generate_dlsyms "$outputname" "@PROGRAM@" "no" @@ -7681,15 +8006,15 @@ EOF wrappers_required=yes case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=no + ;; *cygwin* | *mingw* ) if test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; - *cegcc) - # Disable wrappers for cegcc, we are cross compiling anyway. - wrappers_required=no - ;; *) if test "$need_relink" = no || test "$build_libtool_libs" != yes; then wrappers_required=no @@ -7698,7 +8023,7 @@ EOF esac if test "$wrappers_required" = no; then # Replace the output file specification. - compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. @@ -7745,7 +8070,7 @@ EOF # We don't need to create a wrapper script. link_command="$compile_var$compile_command$compile_rpath" # Replace the output file specification. - link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $opt_dry_run || $RM $output # Link the executable and exit @@ -7764,7 +8089,7 @@ EOF if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then - relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= @@ -7776,7 +8101,7 @@ EOF fi # Replace the output file specification. - link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname @@ -7800,18 +8125,7 @@ EOF fi done relink_command="(cd `pwd`; $relink_command)" - relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` - fi - - # Quote $ECHO for shipping. - if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then - case $progpath in - [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";; - *) qecho="$SHELL `pwd`/$progpath --fallback-echo";; - esac - qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"` - else - qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"` + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` fi # Only actually do things if not in dry run mode. @@ -7932,7 +8246,7 @@ EOF done | sort | sort -uc >/dev/null 2>&1); then : else - $ECHO "copying selected object files to avoid basename conflicts..." + echo "copying selected object files to avoid basename conflicts..." gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_mkdir_p "$gentop" @@ -8043,7 +8357,7 @@ EOF done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" - relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi @@ -8128,9 +8442,27 @@ EOF fi $RM $output # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. tdlname=$dlname case $host,$output,$installed,$module,$dlname in - *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;; + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test "x$bindir" != x ; + then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; esac $ECHO > $output "\ # $outputname - a libtool library file diff --git a/lib/build-aux/missing b/lib/build-aux/missing index 28055d2..ac3d51c 100755 --- a/lib/build-aux/missing +++ b/lib/build-aux/missing @@ -18,7 +18,9 @@ scriptversion=2009-04-28.21; # UTC # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a diff --git a/lib/conf.c b/lib/conf.c index 83c2e4b..f5d1b2b 100644 --- a/lib/conf.c +++ b/lib/conf.c @@ -6,6 +6,7 @@ #endif #include +#include #include #include #include diff --git a/lib/configure.ac b/lib/configure.ac index 9a618f8..086a4fe 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -17,8 +17,6 @@ AC_CHECK_LIB([confuse], [cfg_init],, AC_MSG_ERROR([required library libconfuse not found])) AC_CHECK_LIB([event_core], [event_get_version],, AC_MSG_ERROR([required library libevent_core not found])) -AC_CHECK_LIB([freeradius-radius], [rad_alloc],, - AC_MSG_ERROR([required library libfreeradius-radius not found])) # Enable-knobs. AH_TEMPLATE([RS_ENABLE_TLS], [TLS (RadSec) enabled]) @@ -43,6 +41,7 @@ AC_TYPE_UINT8_T AC_CHECK_FUNCS([memset socket strdup strerror strrchr]) AC_CONFIG_FILES([Makefile + radius/Makefile include/Makefile examples/Makefile tests/Makefile]) diff --git a/lib/conn.c b/lib/conn.c index 36893bc..7d0a794 100644 --- a/lib/conn.c +++ b/lib/conn.c @@ -6,6 +6,8 @@ #endif #include +#include +#include #include #include #include diff --git a/lib/debug.c b/lib/debug.c index 3d3a2b9..2c399a1 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -7,7 +7,7 @@ #include #include -#include +#include #include #include #include "debug.h" @@ -21,10 +21,10 @@ rs_dump_packet (const struct rs_packet *pkt) return; p = pkt->rpkt; - fprintf (stderr, "\tCode: %u, Identifier: %u, Lenght: %u\n", + fprintf (stderr, "\tCode: %u, Identifier: %u, Lenght: %zu\n", p->code, p->id, - p->data_len); + p->sizeof_data); fflush (stderr); } diff --git a/lib/err.c b/lib/err.c index 4a90019..e318047 100644 --- a/lib/err.c +++ b/lib/err.c @@ -6,33 +6,56 @@ #endif #include +#include #include #include #include #include static const char *_errtxt[] = { - "SUCCESS", /* 0 RSE_OK */ - "out of memory", /* 1 RSE_NOMEM */ - "not yet implemented", /* 2 RSE_NOSYS */ - "invalid handle", /* 3 RSE_INVALID_CTX */ - "invalid connection", /* 4 RSE_INVALID_CONN */ - "connection type mismatch", /* 5 RSE_CONN_TYPE_MISMATCH */ - "FreeRadius error", /* 6 RSE_FR */ - "bad hostname or port", /* 7 RSE_BADADDR */ - "no peer configured", /* 8 RSE_NOPEER */ - "libevent error", /* 9 RSE_EVENT */ - "socket error", /* 10 RSE_SOCKERR */ - "invalid configuration file", /* 11 RSE_CONFIG */ - "authentication failed", /* 12 RSE_BADAUTH */ - "internal error", /* 13 RSE_INTERNAL */ - "SSL error", /* 14 RSE_SSLERR */ - "invalid packet", /* 15 RSE_INVALID_PKT */ - "connect timeout", /* 16 RSE_TIMEOUT_CONN */ - "invalid argument", /* 17 RSE_INVAL */ - "I/O timeout", /* 18 RSE_TIMEOUT_IO */ - "timeout", /* 19 RSE_TIMEOUT */ - "peer disconnected", /* 20 RSE_DISCO */ + "SUCCESS", /* 0 RSE_OK */ + "out of memory", /* 1 RSE_NOMEM */ + "not yet implemented", /* 2 RSE_NOSYS */ + "invalid handle", /* 3 RSE_INVALID_CTX */ + "invalid connection", /* 4 RSE_INVALID_CONN */ + "connection type mismatch", /* 5 RSE_CONN_TYPE_MISMATCH */ + "FreeRadius error", /* 6 RSE_FR */ + "bad hostname or port", /* 7 RSE_BADADDR */ + "no peer configured", /* 8 RSE_NOPEER */ + "libevent error", /* 9 RSE_EVENT */ + "socket error", /* 10 RSE_SOCKERR */ + "invalid configuration file", /* 11 RSE_CONFIG */ + "authentication failed", /* 12 RSE_BADAUTH */ + "internal error", /* 13 RSE_INTERNAL */ + "SSL error", /* 14 RSE_SSLERR */ + "invalid packet", /* 15 RSE_INVALID_PKT */ + "connect timeout", /* 16 RSE_TIMEOUT_CONN */ + "invalid argument", /* 17 RSE_INVAL */ + "I/O timeout", /* 18 RSE_TIMEOUT_IO */ + "timeout", /* 19 RSE_TIMEOUT */ + "peer disconnected", /* 20 RSE_DISCO */ + "resource is in use", /* 21 RSE_INUSE */ + "packet is too small", /* 22 RSE_PACKET_TOO_SMALL */ + "packet is too large", /* 23 RSE_PACKET_TOO_LARGE */ + "attribute overflows packet", /* 24 RSE_ATTR_OVERFLOW */ + "attribute is too small", /* 25 RSE_ATTR_TOO_SMALL */ + "attribute is too large", /* 26 RSE_ATTR_TOO_LARGE */ + "unknown attribute", /* 27 RSE_ATTR_UNKNOWN */ + "invalid name for attribute", /* 28 RSE_ATTR_BAD_NAME */ + "invalid value for attribute", /* 29 RSE_ATTR_VALUE_MALFORMED */ + "invalid attribute", /* 30 RSE_ATTR_INVALID */ + "too many attributes in the packet", /* 31 RSE_TOO_MANY_ATTRS */ + "attribute type unknown", /* 32 RSE_ATTR_TYPE_UNKNOWN */ + "invalid message authenticator", /* 33 RSE_MSG_AUTH_LEN */ + "incorrect message authenticator", /* 34 RSE_MSG_AUTH_WRONG */ + "request is required", /* 35 RSE_REQUEST_REQUIRED */ + "invalid request code", /* 36 RSE_REQUEST_CODE_INVALID */ + "incorrect request authenticator", /* 37 RSE_AUTH_VECTOR_WRONG */ + "response code is unsupported", /* 38 RSE_INVALID_RESPONSE_CODE */ + "response ID is invalid", /* 39 RSE_INVALID_RESPONSE_ID */ + "response from the wrong source address", /* 40 RSE_INVALID_RESPONSE_SRC */ + "no packet data", /* 41 RSE_NO_PACKET_DATA */ + "vendor is unknown", /* 42 RSE_VENDOR_UNKNOWN */ }; #define ERRTXT_SIZE (sizeof(_errtxt) / sizeof(*_errtxt)) diff --git a/lib/event.c b/lib/event.c index ff05012..b2096bc 100644 --- a/lib/event.c +++ b/lib/event.c @@ -6,6 +6,9 @@ #endif #include +#include +#include + #include #include #if defined (RS_ENABLE_TLS) diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c index 23cd674..419be8c 100644 --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include "debug.h" /* For rs_dump_packet(). */ @@ -73,7 +74,7 @@ blocking_client (const char *av1, const char *av2, int use_request_object_flag) if (resp) { rs_dump_packet (resp); - if (rs_packet_frpkt (resp)->code == PW_AUTHENTICATION_ACK) + if (rs_packet_frpkt (resp)->code == PW_ACCESS_ACCEPT) printf ("Good auth.\n"); else printf ("Bad auth: %d\n", rs_packet_frpkt (resp)->code); diff --git a/lib/include/Makefile.am b/lib/include/Makefile.am index 5b02eb2..33b898c 100644 --- a/lib/include/Makefile.am +++ b/lib/include/Makefile.am @@ -2,6 +2,11 @@ RADSEC_EXPORT = \ radsec/radsec.h \ radsec/radsec-impl.h \ radsec/request.h \ - radsec/request-impl.h + radsec/request-impl.h \ + radsec/radius.h EXTRA_SRC = $(RADSEC_EXPORT) nobase_include_HEADERS = $(RADSEC_EXPORT) + +clean-local: + rm -f radsec/radius.h + diff --git a/lib/include/radsec/.gitignore b/lib/include/radsec/.gitignore new file mode 100644 index 0000000..c20d18b --- /dev/null +++ b/lib/include/radsec/.gitignore @@ -0,0 +1 @@ +radius.h diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index f8891ee..2df632a 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -3,7 +3,9 @@ /* See the file COPYING for licensing information. */ -#include +#ifndef _RADSEC_RADSEC_IMPL_H_ +#define _RADSEC_RADSEC_IMPL_H_ 1 + #include #include #if defined(RS_ENABLE_TLS) @@ -69,7 +71,6 @@ struct rs_context { struct rs_config *config; struct rs_alloc_scheme alloc_scheme; struct rs_error *err; - fr_randctx fr_randctx; }; struct rs_connection { @@ -108,11 +109,13 @@ enum rs_packet_flags { rs_packet_sent_flag, }; +struct radius_packet; + struct rs_packet { struct rs_connection *conn; unsigned int flags; uint8_t hdr[RS_HEADER_LEN]; - RADIUS_PACKET *rpkt; /* FreeRADIUS object. */ + struct radius_packet *rpkt; /* FreeRADIUS object. */ struct rs_packet *next; /* Used for UDP output queue. */ }; @@ -121,6 +124,10 @@ struct rs_error *rs_resolv (struct evutil_addrinfo **addr, rs_conn_type_t type, const char *hostname, const char *service); + +/** Return the internal packet associated with packet \a pkt. */ +struct radius_packet *rs_packet_frpkt(struct rs_packet *pkt); + #if defined (__cplusplus) } #endif @@ -137,6 +144,8 @@ struct rs_error *rs_resolv (struct evutil_addrinfo **addr, #define min(a, b) ((a) < (b) ? (a) : (b)) #define max(a, b) ((a) > (b) ? (a) : (b)) +#endif /* _RADSEC_RADSEC_IMPL_H_ */ + /* Local Variables: */ /* c-file-style: "stroustrup" */ /* End: */ diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 2744cd2..1aef6bb 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -3,14 +3,14 @@ /* See the file COPYING for licensing information. */ +#ifndef _RADSEC_RADSEC_H_ +#define _RADSEC_RADSEC_H_ 1 + #include -#include +#include -#ifdef SYSCONFDIR -#define RS_FREERADIUS_DICT SYSCONFDIR "/raddb/dictionary" -#else /* !SYSCONFDIR */ -#define RS_FREERADIUS_DICT "/usr/local/raddb/dictionary" -#endif /* !SYSCONFDIR */ +#include +#include enum rs_error_code { RSE_OK = 0, @@ -19,7 +19,7 @@ enum rs_error_code { RSE_INVALID_CTX = 3, RSE_INVALID_CONN = 4, RSE_CONN_TYPE_MISMATCH = 5, - RSE_FR = 6, /* FreeRADIUS error. */ + RSE_FR = 6, RSE_BADADDR = 7, RSE_NOPEER = 8, RSE_EVENT = 9, /* libevent error. */ @@ -32,8 +32,31 @@ enum rs_error_code { RSE_TIMEOUT_CONN = 16, /* Connection timeout. */ RSE_INVAL = 17, /* Invalid argument. */ RSE_TIMEOUT_IO = 18, /* I/O timeout. */ - RSE_TIMEOUT = 19, /* High level timeout. */ + RSE_TIMEOUT= 19, /* High level timeout. */ RSE_DISCO = 20, + RSE_INUSE = 21, + RSE_PACKET_TOO_SMALL = 22, + RSE_PACKET_TOO_LARGE = 23, + RSE_ATTR_OVERFLOW = 24, + RSE_ATTR_TOO_SMALL = 25, + RSE_ATTR_TOO_LARGE = 26, + RSE_ATTR_UNKNOWN = 27, + RSE_ATTR_BAD_NAME = 28, + RSE_ATTR_VALUE_MALFORMED = 29, + RSE_ATTR_INVALID = 30, + RSE_TOO_MANY_ATTRS = 31, + RSE_ATTR_TYPE_UNKNOWN = 32, + RSE_MSG_AUTH_LEN = 33, + RSE_MSG_AUTH_WRONG = 34, + RSE_REQUEST_REQUIRED = 35, + RSE_INVALID_REQUEST_CODE = 36, + RSE_AUTH_VECTOR_WRONG = 37, + RSE_INVALID_RESPONSE_CODE = 38, + RSE_INVALID_RESPONSE_ID = 39, + RSE_INVALID_RESPONSE_SRC = 40, + RSE_NO_PACKET_DATA = 41, + RSE_VENDOR_UNKNOWN = 42, + RSE_MAX = RSE_VENDOR_UNKNOWN }; enum rs_conn_type { @@ -45,6 +68,39 @@ enum rs_conn_type { }; typedef unsigned int rs_conn_type_t; +typedef enum rs_attr_type_t { + RS_TYPE_INVALID = 0, /**< Invalid data type */ + RS_TYPE_STRING, /**< printable-text */ + RS_TYPE_INTEGER, /**< a 32-bit unsigned integer */ + RS_TYPE_IPADDR, /**< an IPv4 address */ + RS_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */ + RS_TYPE_OCTETS, /**< a sequence of binary octets */ + RS_TYPE_IFID, /**< an Interface Id */ + RS_TYPE_IPV6ADDR, /**< an IPv6 address */ + RS_TYPE_IPV6PREFIX, /**< an IPv6 prefix */ + RS_TYPE_BYTE, /**< an 8-bit integer */ + RS_TYPE_SHORT, /**< a 16-bit integer */ +} rs_attr_type_t; + +#define PW_ACCESS_REQUEST 1 +#define PW_ACCESS_ACCEPT 2 +#define PW_ACCESS_REJECT 3 +#define PW_ACCOUNTING_REQUEST 4 +#define PW_ACCOUNTING_RESPONSE 5 +#define PW_ACCOUNTING_STATUS 6 +#define PW_PASSWORD_REQUEST 7 +#define PW_PASSWORD_ACK 8 +#define PW_PASSWORD_REJECT 9 +#define PW_ACCOUNTING_MESSAGE 10 +#define PW_ACCESS_CHALLENGE 11 +#define PW_STATUS_SERVER 12 +#define PW_STATUS_CLIENT 13 +#define PW_DISCONNECT_REQUEST 40 +#define PW_DISCONNECT_ACK 41 +#define PW_DISCONNECT_NAK 42 +#define PW_COA_REQUEST 43 +#define PW_COA_ACK 44 +#define PW_COA_NAK 45 #if defined (__cplusplus) extern "C" { @@ -57,7 +113,8 @@ struct rs_packet; /* radsec-impl.h */ struct rs_conn; /* radsec-impl.h */ struct rs_error; /* radsec-impl.h */ struct rs_peer; /* radsec-impl.h */ -struct radius_packet; /* */ +struct radius_packet; /* */ +struct value_pair; /* */ struct event_base; /* */ typedef void *(*rs_calloc_fp) (size_t nmemb, size_t size); @@ -87,6 +144,8 @@ struct rs_conn_callbacks { rs_conn_packet_sent_cb sent_cb; }; +typedef struct value_pair rs_avp; +typedef const struct value_pair rs_const_avp; /* Function prototypes. */ @@ -251,9 +310,6 @@ void rs_packet_destroy(struct rs_packet *pkt); rs_err_conn_pop. */ int rs_packet_send(struct rs_packet *pkt, void *user_data); -/** Return the FreeRADIUS packet associated with packet \a pkt. */ -struct radius_packet *rs_packet_frpkt(struct rs_packet *pkt); - /** Create a RADIUS authentication request packet associated with connection \a conn. Optionally, User-Name and User-Password attributes are added to the packet using the data in \a user_name @@ -263,6 +319,28 @@ int rs_packet_create_authn_request(struct rs_connection *conn, const char *user_name, const char *user_pw); +/*** Append \a tail to packet \a pkt. */ +int +rs_packet_append_avp(struct rs_packet *pkt, + unsigned int attribute, unsigned int vendor, + const void *data, size_t data_len); + +/*** Get pointer to \a pkt attribute value pairs. */ +void +rs_packet_avps(struct rs_packet *pkt, rs_avp ***vps); + +/*** Get RADIUS packet type of \a pkt. */ +unsigned int +rs_packet_code(struct rs_packet *pkt); + +/*** Get RADIUS AVP from \a pkt. */ +rs_const_avp * +rs_packet_find_avp(struct rs_packet *pkt, unsigned int attr, unsigned int vendor); + +/*** Set packet identifier in \a pkt; returns old identifier */ +int +rs_packet_set_id (struct rs_packet *pkt, int id); + /************/ /* Config. */ /************/ @@ -309,10 +387,154 @@ void rs_err_free(struct rs_error *err); char *rs_err_msg(struct rs_error *err); int rs_err_code(struct rs_error *err, int dofree_flag); +/************/ +/* AVPs. */ +/************/ +#define rs_avp_is_string(vp) (rs_avp_typeof(vp) == RS_TYPE_STRING) +#define rs_avp_is_integer(vp) (rs_avp_typeof(vp) == RS_TYPE_INTEGER) +#define rs_avp_is_ipaddr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPADDR) +#define rs_avp_is_date(vp) (rs_avp_typeof(vp) == RS_TYPE_DATE) +#define rs_avp_is_octets(vp) (rs_avp_typeof(vp) == RS_TYPE_OCTETS) +#define rs_avp_is_ifid(vp) (rs_avp_typeof(vp) == RS_TYPE_IFID) +#define rs_avp_is_ipv6addr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6ADDR) +#define rs_avp_is_ipv6prefix(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6PREFIX) +#define rs_avp_is_byte(vp) (rs_avp_typeof(vp) == RS_TYPE_BYTE) +#define rs_avp_is_short(vp) (rs_avp_typeof(vp) == RS_TYPE_SHORT) +#define rs_avp_is_tlv(vp) (rs_avp_typeof(vp) == RS_TYPE_TLV) + +/** The maximum length of a RADIUS attribute. + * + * The RFCs require that a RADIUS attribute transport no more than + * 253 octets of data. We add an extra byte for a trailing NUL, so + * that the VALUE_PAIR::vp_strvalue field can be handled as a C + * string. + */ +#define RS_MAX_STRING_LEN 254 + +void +rs_avp_free(rs_avp **vps); + +size_t +rs_avp_length(rs_const_avp *vp); + +rs_attr_type_t +rs_avp_typeof(rs_const_avp *vp); + +void +rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor); + + +void +rs_avp_append(rs_avp **head, rs_avp *tail); + +rs_avp * +rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor); + +rs_const_avp * +rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor); + +rs_avp * +rs_avp_alloc(unsigned int attr, unsigned int vendor); + +rs_avp * +rs_avp_dup(rs_const_avp *vp); + +int +rs_avp_delete(rs_avp **first, unsigned int attr, unsigned int vendor); + +rs_avp * +rs_avp_next(rs_avp *avp); + +rs_const_avp * +rs_avp_next_const(rs_const_avp *avp); + +const char * +rs_avp_string_value(rs_const_avp *vp); + +int +rs_avp_string_set(rs_avp *vp, const char *str); + +uint32_t +rs_avp_integer_value(rs_const_avp *vp); + +int +rs_avp_integer_set(rs_avp *vp, uint32_t val); + +uint32_t +rs_avp_ipaddr_value(rs_const_avp *vp); + +int +rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in); + +time_t +rs_avp_date_value(rs_const_avp *vp); + +int +rs_avp_date_set(rs_avp *vp, time_t date); + +const unsigned char * +rs_avp_octets_value_const_ptr(rs_const_avp *vp); + +unsigned char * +rs_avp_octets_value_ptr(rs_avp *vp); + +int +rs_avp_octets_value_byref(rs_avp *vp, + unsigned char **p, + size_t *len); + +int +rs_avp_octets_value(rs_const_avp *vp, + unsigned char *buf, + size_t *len); + +int +rs_avp_fragmented_value(rs_const_avp *vps, + unsigned char *buf, + size_t *len); + +int +rs_avp_octets_set(rs_avp *vp, + const unsigned char *buf, + size_t len); + +int +rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]); + +int +rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]); + +uint8_t +rs_avp_byte_value(rs_const_avp *vp); + +int +rs_avp_byte_set(rs_avp *vp, uint8_t val); + +uint16_t +rs_avp_short_value(rs_const_avp *vp); + +int +rs_avp_short_set(rs_avp *vp, uint16_t val); + +size_t +rs_avp_display_value(rs_const_avp *vp, + char *buffer, + size_t buflen); + +int +rs_attr_find(const char *name, + unsigned int *attr, + unsigned int *vendor); + +const char * +rs_avp_name(rs_const_avp *vp); + #if defined (__cplusplus) } #endif +#endif /* _RADSEC_RADSEC_H_ */ + /* Local Variables: */ /* c-file-style: "stroustrup" */ /* End: */ diff --git a/lib/include/radsec/request-impl.h b/lib/include/radsec/request-impl.h index 8bcac60..d2c14dd 100644 --- a/lib/include/radsec/request-impl.h +++ b/lib/include/radsec/request-impl.h @@ -1,5 +1,8 @@ /* See the file COPYING for licensing information. */ +#ifndef _RADSEC_REQUEST_IMPL_H_ +#define _RADSEC_REQUEST_IMPL_H_ 1 + #if defined (__cplusplus) extern "C" { #endif @@ -16,3 +19,5 @@ struct rs_request #if defined (__cplusplus) } #endif + +#endif /* _RADSEC_REQUEST_IMPL_H_ */ diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h index e914164..f124373 100644 --- a/lib/include/radsec/request.h +++ b/lib/include/radsec/request.h @@ -3,6 +3,9 @@ /* See the file COPYING for licensing information. */ +#ifndef _RADSEC_REQUEST_H_ +#define _RADSEC_REQUEST_H_ 1 + struct rs_request; #if defined (__cplusplus) @@ -42,3 +45,5 @@ struct rs_packet *rs_request_get_reqmsg(const struct rs_request *req); #if defined (__cplusplus) } #endif + +#endif /* _RADSEC_REQUEST_H_ */ diff --git a/lib/m4/libtool.m4 b/lib/m4/libtool.m4 index a3fee53..22924a8 100644 --- a/lib/m4/libtool.m4 +++ b/lib/m4/libtool.m4 @@ -1,7 +1,8 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008 Free Software Foundation, Inc. +# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, +# Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -10,7 +11,8 @@ m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008 Free Software Foundation, Inc. +# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, +# Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. @@ -37,7 +39,7 @@ m4_define([_LT_COPYING], [dnl # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ]) -# serial 56 LT_INIT +# serial 57 LT_INIT # LT_PREREQ(VERSION) @@ -66,6 +68,7 @@ esac # ------------------ AC_DEFUN([LT_INIT], [AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl AC_BEFORE([$0], [LTDL_INIT])dnl @@ -82,6 +85,8 @@ AC_REQUIRE([LTVERSION_VERSION])dnl AC_REQUIRE([LTOBSOLETE_VERSION])dnl m4_require([_LT_PROG_LTMAIN])dnl +_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) + dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) @@ -118,7 +123,7 @@ m4_defun([_LT_CC_BASENAME], *) break;; esac done -cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` +cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` ]) @@ -138,6 +143,9 @@ m4_defun([_LT_FILEUTILS_DEFAULTS], m4_defun([_LT_SETUP], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl + _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl @@ -179,7 +187,6 @@ fi _LT_CHECK_OBJDIR m4_require([_LT_TAG_COMPILER])dnl -_LT_PROG_ECHO_BACKSLASH case $host_os in aix3*) @@ -193,23 +200,6 @@ aix3*) ;; esac -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\([["`\\]]\)/\\\1/g' - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# Sed substitution to delay expansion of an escaped single quote. -delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' - -# Sed substitution to avoid accidental globbing in evaled expressions -no_glob_subst='s/\*/\\\*/g' - # Global variables: ofile=libtool can_build_shared=yes @@ -250,6 +240,28 @@ _LT_CONFIG_COMMANDS ])# _LT_SETUP +# _LT_PREPARE_SED_QUOTE_VARS +# -------------------------- +# Define a few sed substitution that help us do robust quoting. +m4_defun([_LT_PREPARE_SED_QUOTE_VARS], +[# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' +]) + # _LT_PROG_LTMAIN # --------------- # Note that this code is called both from `configure', and `config.status' @@ -408,7 +420,7 @@ m4_define([_lt_decl_all_varnames], # declaration there will have the same value as in `configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], -[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`']) +[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) # _LT_CONFIG_STATUS_DECLARATIONS @@ -418,7 +430,7 @@ m4_define([_LT_CONFIG_STATUS_DECLARE], # embedded single quotes properly. In configure, this macro expands # each variable declared with _LT_DECL (and _LT_TAGDECL) into: # -# ='`$ECHO "X$" | $Xsed -e "$delay_single_quote_subst"`' +# ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], [m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) @@ -517,12 +529,20 @@ LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$[]1 +_LTECHO_EOF' +} + # Quote evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do - case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -533,9 +553,9 @@ done # Double-quote double-evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do - case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -543,16 +563,38 @@ for var in lt_decl_all_varnames([[ \ esac done -# Fix-up fallback echo if it was mangled by the above quoting rules. -case \$lt_ECHO in -*'\\\[$]0 --fallback-echo"')dnl " - lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\` - ;; -esac - _LT_OUTPUT_LIBTOOL_INIT ]) +# _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) +# ------------------------------------ +# Generate a child script FILE with all initialization necessary to +# reuse the environment learned by the parent script, and make the +# file executable. If COMMENT is supplied, it is inserted after the +# `#!' sequence but before initialization text begins. After this +# macro, additional text can be appended to FILE to form the body of +# the child script. The macro ends with non-zero status if the +# file could not be fully written (such as if the disk is full). +m4_ifdef([AS_INIT_GENERATED], +[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], +[m4_defun([_LT_GENERATED_FILE_INIT], +[m4_require([AS_PREPARE])]dnl +[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl +[lt_write_fail=0 +cat >$1 <<_ASEOF || lt_write_fail=1 +#! $SHELL +# Generated by $as_me. +$2 +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$1 <<\_ASEOF || lt_write_fail=1 +AS_SHELL_SANITIZE +_AS_PREPARE +exec AS_MESSAGE_FD>&1 +_ASEOF +test $lt_write_fail = 0 && chmod +x $1[]dnl +m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT # --------- @@ -562,20 +604,11 @@ _LT_OUTPUT_LIBTOOL_INIT AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt} AC_MSG_NOTICE([creating $CONFIG_LT]) -cat >"$CONFIG_LT" <<_LTEOF -#! $SHELL -# Generated by $as_me. -# Run this file to recreate a libtool stub with the current configuration. - -lt_cl_silent=false -SHELL=\${CONFIG_SHELL-$SHELL} -_LTEOF +_LT_GENERATED_FILE_INIT(["$CONFIG_LT"], +[# Run this file to recreate a libtool stub with the current configuration.]) cat >>"$CONFIG_LT" <<\_LTEOF -AS_SHELL_SANITIZE -_AS_PREPARE - -exec AS_MESSAGE_FD>&1 +lt_cl_silent=false exec AS_MESSAGE_LOG_FD>>config.log { echo @@ -601,7 +634,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. -Copyright (C) 2008 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." @@ -646,15 +679,13 @@ chmod +x "$CONFIG_LT" # appending to config.log, which fails on DOS, as config.log is still kept # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. -if test "$no_create" != yes; then - lt_cl_success=: - test "$silent" = yes && - lt_config_lt_args="$lt_config_lt_args --quiet" - exec AS_MESSAGE_LOG_FD>/dev/null - $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false - exec AS_MESSAGE_LOG_FD>>config.log - $lt_cl_success || AS_EXIT(1) -fi +lt_cl_success=: +test "$silent" = yes && + lt_config_lt_args="$lt_config_lt_args --quiet" +exec AS_MESSAGE_LOG_FD>/dev/null +$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false +exec AS_MESSAGE_LOG_FD>>config.log +$lt_cl_success || AS_EXIT(1) ])# LT_OUTPUT @@ -831,11 +862,13 @@ AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_CXX], []) dnl AC_DEFUN([AC_LIBTOOL_F77], []) dnl AC_DEFUN([AC_LIBTOOL_FC], []) dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) +dnl AC_DEFUN([AC_LIBTOOL_RC], []) # _LT_TAG_COMPILER @@ -940,6 +973,31 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], + [lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD + echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD + $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + ]) case $host_os in rhapsody* | darwin1.[[012]]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; @@ -967,7 +1025,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi - if test "$DSYMUTIL" != ":"; then + if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= @@ -987,7 +1045,11 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_TAGVAR(whole_archive_flag_spec, $1)='' + if test "$lt_cv_ld_force_load" = "yes"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + fi _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" case $cc_basename in @@ -995,7 +1057,7 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then - output_verbose_link_cmd=echo + output_verbose_link_cmd=func_echo_all _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" @@ -1041,170 +1103,65 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi # _LT_SHELL_INIT(ARG) # ------------------- m4_define([_LT_SHELL_INIT], -[ifdef([AC_DIVERSION_NOTICE], - [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], - [AC_DIVERT_PUSH(NOTICE)]) -$1 -AC_DIVERT_POP -])# _LT_SHELL_INIT +[m4_divert_text([M4SH-INIT], [$1 +])])# _LT_SHELL_INIT + # _LT_PROG_ECHO_BACKSLASH # ----------------------- -# Add some code to the start of the generated configure script which -# will find an echo command which doesn't interpret backslashes. +# Find how we can fake an echo command that does not interpret backslash. +# In particular, with Autoconf 2.60 or later we add some code to the start +# of the generated configure script which will find a shell with a builtin +# printf (which we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], -[_LT_SHELL_INIT([ -# Check that we are running under the correct shell. -SHELL=${CONFIG_SHELL-/bin/sh} - -case X$lt_ECHO in -X*--fallback-echo) - # Remove one level of quotation (which was required for Make). - ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` - ;; -esac - -ECHO=${lt_ECHO-echo} -if test "X[$]1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X[$]1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then - # Yippee, $ECHO works! - : +[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +AC_MSG_CHECKING([how to print strings]) +# Test print first, because it will be a builtin if present. +if test "X`print -r -- -n 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' else - # Restart under the correct shell. - exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} -fi - -if test "X[$]1" = X--fallback-echo; then - # used as fallback echo - shift - cat <<_LT_EOF -[$]* -_LT_EOF - exit 0 + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$[]1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' fi -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -if test -z "$lt_ECHO"; then - if test "X${echo_test_string+set}" != Xset; then - # find a string as large as possible, as long as the shell can cope with it - for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do - # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... - if { echo_test_string=`eval $cmd`; } 2>/dev/null && - { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null - then - break - fi - done - fi - - if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - : - else - # The Solaris, AIX, and Digital Unix default echo programs unquote - # backslashes. This makes it impossible to quote backslashes using - # echo "$something" | sed 's/\\/\\\\/g' - # - # So, first we look for a working echo in the user's PATH. - - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for dir in $PATH /usr/ucb; do - IFS="$lt_save_ifs" - if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && - test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - ECHO="$dir/echo" - break - fi - done - IFS="$lt_save_ifs" - - if test "X$ECHO" = Xecho; then - # We didn't find a better echo, so look for alternatives. - if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # This shell has a builtin print -r that does the trick. - ECHO='print -r' - elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && - test "X$CONFIG_SHELL" != X/bin/ksh; then - # If we have ksh, try running configure again with it. - ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} - export ORIGINAL_CONFIG_SHELL - CONFIG_SHELL=/bin/ksh - export CONFIG_SHELL - exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} - else - # Try using printf. - ECHO='printf %s\n' - if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # Cool, printf works - : - elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL - export CONFIG_SHELL - SHELL="$CONFIG_SHELL" - export SHELL - ECHO="$CONFIG_SHELL [$]0 --fallback-echo" - elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - ECHO="$CONFIG_SHELL [$]0 --fallback-echo" - else - # maybe with a smaller string... - prev=: - - for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do - if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null - then - break - fi - prev="$cmd" - done +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} - if test "$prev" != 'sed 50q "[$]0"'; then - echo_test_string=`eval $prev` - export echo_test_string - exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} - else - # Oops. We lost completely, so just stick with echo. - ECHO=echo - fi - fi - fi - fi - fi -fi +case "$ECHO" in + printf*) AC_MSG_RESULT([printf]) ;; + print*) AC_MSG_RESULT([print -r]) ;; + *) AC_MSG_RESULT([cat]) ;; +esac -# Copy echo and quote the copy suitably for passing to libtool from -# the Makefile, instead of quoting the original, which is used later. -lt_ECHO=$ECHO -if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then - lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" -fi +m4_ifdef([_AS_DETECT_SUGGESTED], +[_AS_DETECT_SUGGESTED([ + test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test "X`printf %s $ECHO`" = "X$ECHO" \ + || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) -AC_SUBST(lt_ECHO) -]) _LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) -_LT_DECL([], [ECHO], [1], - [An echo program that does not interpret backslashes]) +_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) ])# _LT_PROG_ECHO_BACKSLASH @@ -1236,7 +1193,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '[#]line __oline__ "configure"' > conftest.$ac_ext + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in @@ -1388,10 +1345,19 @@ if test -n "$RANLIB"; then esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac _LT_DECL([], [old_postinstall_cmds], [2]) _LT_DECL([], [old_postuninstall_cmds], [2]) _LT_TAGDECL([], [old_archive_cmds], [2], [Commands used to build an old-style archive]) +_LT_DECL([], [lock_old_archive_extraction], [0], + [Whether to use a lock for old archive extraction]) ])# _LT_CMD_OLD_ARCHIVE @@ -1416,15 +1382,15 @@ AC_CACHE_CHECK([$1], [$2], -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. - $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes @@ -1464,7 +1430,7 @@ AC_CACHE_CHECK([$1], [$2], if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD - $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes @@ -1527,6 +1493,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl lt_cv_sys_max_cmd_len=8192; ;; + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. @@ -1591,8 +1562,8 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ - = "XX$teststring$teststring"; } >/dev/null 2>&1 && + while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` @@ -1643,7 +1614,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -[#line __oline__ "configure" +[#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -1684,7 +1655,13 @@ else # endif #endif -void fnord() { int i=42;} +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +void fnord () __attribute__((visibility("default"))); +#endif + +void fnord () { int i=42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); @@ -1693,7 +1670,11 @@ int main () if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } /* dlclose (self); */ } else @@ -1869,16 +1850,16 @@ AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings - $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes @@ -2037,6 +2018,7 @@ m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ @@ -2045,16 +2027,23 @@ if test "$GCC" = yes; then darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac - lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; + *) lt_sed_strip_eq="s,=/,/,g" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` - else - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= @@ -2067,7 +2056,7 @@ if test "$GCC" = yes; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done - lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; @@ -2087,7 +2076,13 @@ BEGIN {RS=" "; FS="/|\n";} { if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` - sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) @@ -2175,7 +2170,7 @@ amigaos*) m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; @@ -2228,23 +2223,12 @@ cygwin* | mingw* | pw32* | cegcc*) cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' @@ -2344,6 +2328,19 @@ gnu*) hardcode_into_libs=yes ;; +haiku*) + version_type=linux + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. @@ -2386,8 +2383,10 @@ hpux9* | hpux10* | hpux11*) soname_spec='${libname}${release}${shared_ext}$major' ;; esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 ;; interix[[3-9]]*) @@ -2454,16 +2453,21 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no + # Some binutils ld are patched to set DT_RUNPATH - save_LDFLAGS=$LDFLAGS - save_libdir=$libdir - eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ - LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" - AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], - [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], - [shlibpath_overrides_runpath=yes])]) - LDFLAGS=$save_LDFLAGS - libdir=$save_libdir + AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], + [lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [lt_cv_shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + ]) + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install @@ -2472,7 +2476,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi @@ -2485,18 +2489,6 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) dynamic_linker='GNU/Linux ld.so' ;; -netbsdelf*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='NetBSD ld.elf_so' - ;; - netbsd*) version_type=sunos need_lib_prefix=no @@ -2717,6 +2709,8 @@ _LT_DECL([], [library_names_spec], [1], The last name is the one that the linker finds with -lNAME]]) _LT_DECL([], [soname_spec], [1], [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [install_override_mode], [1], + [Permission mode override for installation of shared libraries]) _LT_DECL([], [postinstall_cmds], [2], [Command to use after installation of a shared archive]) _LT_DECL([], [postuninstall_cmds], [2], @@ -2829,6 +2823,7 @@ AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], @@ -2958,8 +2953,8 @@ case $host_os in fi ;; esac -_LT_DECL([], [reload_flag], [1], [How to create reloadable object files])dnl -_LT_DECL([], [reload_cmds], [2])dnl +_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl +_LT_TAGDECL([], [reload_cmds], [2])dnl ])# _LT_CMD_RELOAD @@ -3011,16 +3006,18 @@ mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. - if ( file / ) >/dev/null 2>&1; then + # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. + if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else - lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; -cegcc) +cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' @@ -3050,6 +3047,10 @@ gnu*) lt_cv_deplibs_check_method=pass_all ;; +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in @@ -3058,11 +3059,11 @@ hpux10.20* | hpux11*) lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) - [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac @@ -3088,7 +3089,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; -netbsd* | netbsdelf*-gnu) +netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else @@ -3226,7 +3227,19 @@ if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. - AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :) + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) + case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols" + ;; + *) + DUMPBIN=: + ;; + esac + fi AC_SUBST([DUMPBIN]) if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" @@ -3239,13 +3252,13 @@ _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], [lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD) + (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) cat conftest.out >&AS_MESSAGE_LOG_FD if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -3268,7 +3281,7 @@ AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in -*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) +*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) @@ -3296,7 +3309,12 @@ m4_defun([_LT_COMPILER_NO_RTTI], _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test "$GCC" = yes; then - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + case $cc_basename in + nvcc*) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; + *) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; + esac _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, @@ -3313,6 +3331,7 @@ _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], m4_defun([_LT_CMD_GLOBAL_SYMBOLS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([LT_PATH_NM])dnl AC_REQUIRE([LT_PATH_LD])dnl m4_require([_LT_DECL_SED])dnl @@ -3438,7 +3457,7 @@ _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then + if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -3600,6 +3619,11 @@ m4_if([$1], [CXX], [ # DJGPP does not support shared libraries at all _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. @@ -3738,8 +3762,8 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; - xlc* | xlC*) - # IBM XL 8.0 on PPC + xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' @@ -3769,7 +3793,7 @@ m4_if([$1], [CXX], [ ;; esac ;; - netbsd* | netbsdelf*-gnu) + netbsd*) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -3801,7 +3825,7 @@ m4_if([$1], [CXX], [ ;; solaris*) case $cc_basename in - CC*) + CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' @@ -3905,6 +3929,12 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag @@ -3947,6 +3977,13 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC' + ;; + esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in @@ -4010,7 +4047,7 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' ;; - pgcc* | pgf77* | pgf90* | pgf95*) + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' @@ -4022,25 +4059,25 @@ m4_if([$1], [CXX], [ # All Alpha code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; - xl*) - # IBM XL C 8.0/Fortran 10.1 on PPC + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C 5.9 + *Sun\ F* | *Sun*Fortran*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; - *Sun\ F*) - # Sun Fortran 8.3 passes all unrecognized flags to the linker + *Sun\ C*) + # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; esac ;; @@ -4072,7 +4109,7 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in - f77* | f90* | f95*) + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; @@ -4182,8 +4219,10 @@ m4_if([$1], [CXX], [ aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global defined + # symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi @@ -4194,9 +4233,6 @@ m4_if([$1], [CXX], [ cygwin* | mingw* | cegcc*) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' ;; - linux* | k*bsd*-gnu) - _LT_TAGVAR(link_all_deplibs, $1)=no - ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -4261,13 +4297,36 @@ dnl Note also adjust exclude_expsyms for C++ above. openbsd*) with_gnu_ld=no ;; - linux* | k*bsd*-gnu) - _LT_TAGVAR(link_all_deplibs, $1)=no - ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; + *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' @@ -4301,11 +4360,12 @@ dnl Note also adjust exclude_expsyms for C++ above. _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 -*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to modify your PATH -*** so that a non-GNU linker is found, and then restart. +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. _LT_EOF fi @@ -4341,6 +4401,7 @@ _LT_EOF # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -4362,6 +4423,11 @@ _LT_EOF fi ;; + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no @@ -4391,11 +4457,12 @@ _LT_EOF tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; - pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; @@ -4406,13 +4473,17 @@ _LT_EOF lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; - xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 @@ -4428,17 +4499,17 @@ _LT_EOF fi case $cc_basename in - xlf*) + xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' - _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac @@ -4447,7 +4518,7 @@ _LT_EOF fi ;; - netbsd* | netbsdelf*-gnu) + netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -4559,8 +4630,10 @@ _LT_EOF else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global + # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi @@ -4622,7 +4695,6 @@ _LT_EOF if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi - _LT_TAGVAR(link_all_deplibs, $1)=no else # not using gcc if test "$host_cpu" = ia64; then @@ -4650,7 +4722,7 @@ _LT_EOF # empty executable. _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' @@ -4665,8 +4737,13 @@ _LT_EOF # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' @@ -4705,7 +4782,7 @@ _LT_EOF # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. @@ -4772,7 +4849,7 @@ _LT_EOF ;; hpux10*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then + if test "$GCC" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' @@ -4791,7 +4868,7 @@ _LT_EOF ;; hpux11*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then + if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' @@ -4812,7 +4889,14 @@ _LT_EOF _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + m4_if($1, [], [ + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + _LT_LINKER_OPTION([if $CC understands -b], + _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi @@ -4840,19 +4924,19 @@ _LT_EOF irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" AC_LINK_IFELSE(int foo(void) {}, - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' ) LDFLAGS="$save_LDFLAGS" else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' @@ -4861,7 +4945,7 @@ _LT_EOF _LT_TAGVAR(link_all_deplibs, $1)=yes ;; - netbsd* | netbsdelf*-gnu) + netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -4914,17 +4998,17 @@ _LT_EOF _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' @@ -4934,13 +5018,13 @@ _LT_EOF osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' @@ -5131,36 +5215,38 @@ x|xyes) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. - AC_MSG_CHECKING([whether -lc should be explicitly linked in]) - $RM conftest* - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - if AC_TRY_EVAL(ac_compile) 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) - pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) - _LT_TAGVAR(allow_undefined_flag, $1)= - if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) - then - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - else - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - fi - _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $RM conftest* - AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)]) + AC_CACHE_CHECK([whether -lc should be explicitly linked in], + [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), + [$RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + ]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) ;; esac fi @@ -5330,37 +5416,21 @@ CC="$lt_save_CC" ])# _LT_LANG_C_CONFIG -# _LT_PROG_CXX -# ------------ -# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++ -# compiler, we have our own version here. -m4_defun([_LT_PROG_CXX], -[ -pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes]) -AC_PROG_CXX -if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then - AC_PROG_CXXCPP -else - _lt_caught_CXX_error=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_CXX - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_CXX], []) - - # _LT_LANG_CXX_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_CXX_CONFIG], -[AC_REQUIRE([_LT_PROG_CXX])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi AC_LANG_PUSH(C++) _LT_TAGVAR(archive_cmds_need_lc, $1)=no @@ -5382,6 +5452,8 @@ _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no @@ -5484,7 +5556,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else GXX=no @@ -5596,7 +5668,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' @@ -5611,8 +5683,13 @@ if test "$_lt_caught_CXX_error" != yes; then # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared # libraries. @@ -5645,6 +5722,7 @@ if test "$_lt_caught_CXX_error" != yes; then # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -5705,6 +5783,11 @@ if test "$_lt_caught_CXX_error" != yes; then gnu*) ;; + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + hpux9*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: @@ -5729,7 +5812,7 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then @@ -5794,7 +5877,7 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then @@ -5837,7 +5920,7 @@ if test "$_lt_caught_CXX_error" != yes; then case $cc_basename in CC*) # SGI C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is @@ -5848,9 +5931,9 @@ if test "$_lt_caught_CXX_error" != yes; then *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes @@ -5879,7 +5962,7 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' @@ -5916,26 +5999,26 @@ if test "$_lt_caught_CXX_error" != yes; then pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in - *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*) + *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ - compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ - $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; - *) # Version 6 will use weak symbols + *) # Version 6 and above use weak symbols _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; @@ -5943,7 +6026,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ @@ -5962,9 +6045,9 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; - xl*) + xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' @@ -5984,13 +6067,13 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. - output_verbose_link_cmd='echo' + output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is @@ -6059,7 +6142,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi - output_verbose_link_cmd=echo + output_verbose_link_cmd=func_echo_all else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -6094,15 +6177,15 @@ if test "$_lt_caught_CXX_error" != yes; then case $host in osf3*) _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; @@ -6118,17 +6201,17 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' case $host in osf3*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; esac @@ -6138,7 +6221,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # FIXME: insert proper C++ library support @@ -6174,7 +6257,7 @@ if test "$_lt_caught_CXX_error" != yes; then solaris*) case $cc_basename in - CC*) + CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' @@ -6195,7 +6278,7 @@ if test "$_lt_caught_CXX_error" != yes; then esac _LT_TAGVAR(link_all_deplibs, $1)=yes - output_verbose_link_cmd='echo' + output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is @@ -6222,7 +6305,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. @@ -6233,7 +6316,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' @@ -6287,6 +6370,10 @@ if test "$_lt_caught_CXX_error" != yes; then CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ + '"$_LT_TAGVAR(old_archive_cmds, $1)" + _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ + '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' @@ -6533,7 +6620,7 @@ linux*) solaris*) case $cc_basename in - CC*) + CC* | sunCC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as @@ -6577,32 +6664,16 @@ _LT_TAGDECL([], [compiler_lib_search_path], [1], ])# _LT_SYS_HIDDEN_LIBDEPS -# _LT_PROG_F77 -# ------------ -# Since AC_PROG_F77 is broken, in that it returns the empty string -# if there is no fortran compiler, we have our own version here. -m4_defun([_LT_PROG_F77], -[ -pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes]) -AC_PROG_F77 -if test -z "$F77" || test "X$F77" = "Xno"; then - _lt_disable_F77=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_F77 - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_F77], []) - - # _LT_LANG_F77_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_F77_CONFIG], -[AC_REQUIRE([_LT_PROG_F77])dnl -AC_LANG_PUSH(Fortran 77) +[AC_LANG_PUSH(Fortran 77) +if test -z "$F77" || test "X$F77" = "Xno"; then + _lt_disable_F77=yes +fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= @@ -6621,6 +6692,8 @@ _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no @@ -6720,32 +6793,17 @@ AC_LANG_POP ])# _LT_LANG_F77_CONFIG -# _LT_PROG_FC -# ----------- -# Since AC_PROG_FC is broken, in that it returns the empty string -# if there is no fortran compiler, we have our own version here. -m4_defun([_LT_PROG_FC], -[ -pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes]) -AC_PROG_FC -if test -z "$FC" || test "X$FC" = "Xno"; then - _lt_disable_FC=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_FC - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_FC], []) - - # _LT_LANG_FC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_FC_CONFIG], -[AC_REQUIRE([_LT_PROG_FC])dnl -AC_LANG_PUSH(Fortran) +[AC_LANG_PUSH(Fortran) + +if test -z "$FC" || test "X$FC" = "Xno"; then + _lt_disable_FC=yes +fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= @@ -6764,6 +6822,8 @@ _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no @@ -6909,6 +6969,8 @@ _LT_CC_BASENAME([$compiler]) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -7276,7 +7338,7 @@ _LT_EOF func_dirname () { # Extract subdirectory from the argument. - func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else @@ -7287,7 +7349,7 @@ func_dirname () # func_basename file func_basename () { - func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` + func_basename_result=`$ECHO "${1}" | $SED "$basename"` } dnl func_dirname_and_basename @@ -7303,10 +7365,8 @@ dnl so there is no need for it here. func_stripname () { case ${2} in - .*) func_stripname_result=`$ECHO "X${3}" \ - | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; - *) func_stripname_result=`$ECHO "X${3}" \ - | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; + .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; esac } @@ -7317,20 +7377,20 @@ my_sed_long_arg='1s/^-[[^=]]*=//' # func_opt_split func_opt_split () { - func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` - func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` + func_opt_split_opt=`$ECHO "${1}" | $SED "$my_sed_long_opt"` + func_opt_split_arg=`$ECHO "${1}" | $SED "$my_sed_long_arg"` } # func_lo2o object func_lo2o () { - func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` + func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` } # func_xform libobj-or-source func_xform () { - func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'` + func_xform_result=`$ECHO "${1}" | $SED 's/\.[[^.]]*$/.lo/'` } # func_arith arithmetic-term... diff --git a/lib/m4/ltoptions.m4 b/lib/m4/ltoptions.m4 index 34151a3..17cfd51 100644 --- a/lib/m4/ltoptions.m4 +++ b/lib/m4/ltoptions.m4 @@ -1,13 +1,14 @@ # Helper functions for option handling. -*- Autoconf -*- # -# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, +# Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. -# serial 6 ltoptions.m4 +# serial 7 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) @@ -125,7 +126,7 @@ LT_OPTION_DEFINE([LT_INIT], [win32-dll], [enable_win32_dll=yes case $host in -*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*) +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) @@ -133,13 +134,13 @@ case $host in esac test -z "$AS" && AS=as -_LT_DECL([], [AS], [0], [Assembler program])dnl +_LT_DECL([], [AS], [1], [Assembler program])dnl test -z "$DLLTOOL" && DLLTOOL=dlltool -_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl +_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl test -z "$OBJDUMP" && OBJDUMP=objdump -_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl +_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl ])# win32-dll AU_DEFUN([AC_LIBTOOL_WIN32_DLL], diff --git a/lib/m4/ltversion.m4 b/lib/m4/ltversion.m4 index f3c5309..93fc771 100644 --- a/lib/m4/ltversion.m4 +++ b/lib/m4/ltversion.m4 @@ -9,15 +9,15 @@ # Generated from ltversion.in. -# serial 3017 ltversion.m4 +# serial 3175 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.2.6b]) -m4_define([LT_PACKAGE_REVISION], [1.3017]) +m4_define([LT_PACKAGE_VERSION], [2.2.10]) +m4_define([LT_PACKAGE_REVISION], [1.3175]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.2.6b' -macro_revision='1.3017' +[macro_version='2.2.10' +macro_revision='1.3175' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff --git a/lib/m4/lt~obsolete.m4 b/lib/m4/lt~obsolete.m4 index 637bb20..c573da9 100644 --- a/lib/m4/lt~obsolete.m4 +++ b/lib/m4/lt~obsolete.m4 @@ -1,13 +1,13 @@ # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # -# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. +# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. -# serial 4 lt~obsolete.m4 +# serial 5 lt~obsolete.m4 # These exist entirely to fool aclocal when bootstrapping libtool. # @@ -77,7 +77,6 @@ m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) -m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])]) m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) @@ -90,3 +89,10 @@ m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) +m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) +m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) +m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) +m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) +m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) +m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) diff --git a/lib/packet.c b/lib/packet.c index a7e09f6..4a29b5f 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -6,6 +6,7 @@ #endif #include +#include #include #include #include @@ -24,6 +25,8 @@ packet_verify_response (struct rs_connection *conn, struct rs_packet *response, struct rs_packet *request) { + int err; + assert (conn); assert (conn->active_peer); assert (conn->active_peer->secret); @@ -32,20 +35,27 @@ packet_verify_response (struct rs_connection *conn, assert (request); assert (request->rpkt); + response->rpkt->secret = conn->active_peer->secret; + response->rpkt->sizeof_secret = strlen (conn->active_peer->secret); + /* Verify header and message authenticator. */ - if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret)) + err = nr_packet_verify (response->rpkt, request->rpkt); + if (err) { - conn_close (&conn); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "rad_verify: %s", fr_strerror ()); + if (conn->is_connected) + rs_conn_disconnect(conn); + return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, + "nr_packet_verify"); } /* Decode and decrypt. */ - if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret)) + err = nr_packet_decode (response->rpkt, request->rpkt); + if (err) { - conn_close (&conn); - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "rad_decode: %s", fr_strerror ()); + if (conn->is_connected) + rs_conn_disconnect(conn); + return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, + "nr_packet_decode"); } return RSE_OK; @@ -57,7 +67,7 @@ packet_verify_response (struct rs_connection *conn, int packet_do_send (struct rs_packet *pkt) { - VALUE_PAIR *vp = NULL; + int err; assert (pkt); assert (pkt->conn); @@ -65,22 +75,19 @@ packet_do_send (struct rs_packet *pkt) assert (pkt->conn->active_peer->secret); assert (pkt->rpkt); - /* Add a Message-Authenticator, RFC 2869, if not already present. */ - /* FIXME: Make Message-Authenticator optional? */ - vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS); - if (!vp) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "paircreate: %s", fr_strerror ()); - pairreplace (&pkt->rpkt->vps, vp); + pkt->rpkt->secret = pkt->conn->active_peer->secret; + pkt->rpkt->sizeof_secret = strlen (pkt->rpkt->secret); /* Encode message. */ - if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret)) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_encode: %s", fr_strerror ()); + err = nr_packet_encode (pkt->rpkt, NULL); + if (err < 0) + return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, + "nr_packet_encode"); /* Sign message. */ - if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret)) - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_sign: %s", fr_strerror ()); + err = nr_packet_sign (pkt->rpkt, NULL); + if (err < 0) + return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, + "nr_packet_sign"); #if defined (DEBUG) { char host[80], serv[80]; @@ -98,7 +105,7 @@ packet_do_send (struct rs_packet *pkt) if (pkt->conn->bev) /* TCP. */ { int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data, - pkt->rpkt->data_len); + pkt->rpkt->length); if (err < 0) return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__, "bufferevent_write: %s", @@ -122,21 +129,36 @@ rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) { struct rs_packet *p; RADIUS_PACKET *rpkt; + int err; *pkt_out = NULL; - rpkt = rad_alloc (1); - if (!rpkt) + rpkt = rs_malloc (conn->ctx, sizeof(*rpkt) + RS_MAX_PACKET_LEN); + if (rpkt == NULL) return rs_err_conn_push (conn, RSE_NOMEM, __func__); - rpkt->id = conn->nextid++; - p = (struct rs_packet *) malloc (sizeof (struct rs_packet)); - if (!p) + /* + * This doesn't make sense; the packet identifier is constant for + * an entire conversation. A separate API should be provided to + * allow the application to set the packet ID, or a conversation + * object should group related packets together. + */ +#if 0 + rpkt->id = conn->nextid++ +#endif + + err = nr_packet_init (rpkt, NULL, NULL, + PW_ACCESS_REQUEST, + rpkt + 1, RS_MAX_PACKET_LEN); + if (err < 0) + return rs_err_conn_push (conn, -err, __func__); + + p = (struct rs_packet *) rs_calloc (conn->ctx, 1, sizeof (*p)); + if (p == NULL) { - rad_free (&rpkt); + rs_free (conn->ctx, rpkt); return rs_err_conn_push (conn, RSE_NOMEM, __func__); } - memset (p, 0, sizeof (struct rs_packet)); p->conn = conn; p->rpkt = rpkt; @@ -150,29 +172,26 @@ rs_packet_create_authn_request (struct rs_connection *conn, const char *user_name, const char *user_pw) { struct rs_packet *pkt; - VALUE_PAIR *vp = NULL; + int err; if (rs_packet_create (conn, pkt_out)) return -1; + pkt = *pkt_out; - pkt->rpkt->code = PW_AUTHENTICATION_REQUEST; + pkt->rpkt->code = PW_ACCESS_REQUEST; if (user_name) { - vp = pairmake ("User-Name", user_name, T_OP_EQ); - if (vp == NULL) - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - pairadd (&pkt->rpkt->vps, vp); + err = rs_packet_append_avp (pkt, PW_USER_NAME, 0, user_name, 0); + if (err) + return err; } if (user_pw) { - vp = pairmake ("User-Password", user_pw, T_OP_EQ); - if (vp == NULL) - return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__, - "pairmake: %s", fr_strerror ()); - pairadd (&pkt->rpkt->vps, vp); + err = rs_packet_append_avp (pkt, PW_USER_PASSWORD, 0, user_pw, 0); + if (err) + return err; } return RSE_OK; @@ -192,6 +211,59 @@ rs_packet_destroy (struct rs_packet *pkt) assert (pkt->conn); assert (pkt->conn->ctx); - rad_free (&pkt->rpkt); /* Note: This frees the VALUE_PAIR's too. */ + rs_avp_free (&pkt->rpkt->vps); + rs_free (pkt->conn->ctx, pkt->rpkt); rs_free (pkt->conn->ctx, pkt); } + +int +rs_packet_append_avp (struct rs_packet *pkt, + unsigned int attr, unsigned int vendor, + const void *data, size_t data_len) +{ + const DICT_ATTR *da; + int err; + + assert (pkt); + + da = nr_dict_attr_byvalue (attr, vendor); + if (da == NULL) + return RSE_ATTR_TYPE_UNKNOWN; + + err = nr_packet_attr_append (pkt->rpkt, NULL, da, data, data_len); + if (err < 0) + return rs_err_conn_push (pkt->conn, -err, __func__); + + return RSE_OK; +} + +void +rs_packet_avps (struct rs_packet *pkt, rs_avp ***vps) +{ + assert (pkt); + *vps = &pkt->rpkt->vps; +} + +unsigned int +rs_packet_code (struct rs_packet *pkt) +{ + assert (pkt); + return pkt->rpkt->code; +} + +rs_const_avp * +rs_packet_find_avp (struct rs_packet *pkt, unsigned int attr, unsigned int vendor) +{ + assert (pkt); + return rs_avp_find_const (pkt->rpkt->vps, attr, vendor); +} + +int +rs_packet_set_id (struct rs_packet *pkt, int id) +{ + int old = pkt->rpkt->id; + + pkt->rpkt->id = id; + + return old; +} diff --git a/lib/peer.c b/lib/peer.c index bcd5c97..256ff76 100644 --- a/lib/peer.c +++ b/lib/peer.c @@ -6,6 +6,9 @@ #endif #include +#include +#include + #include #include #include "err.h" diff --git a/lib/radius/.gitignore b/lib/radius/.gitignore new file mode 100644 index 0000000..1af03df --- /dev/null +++ b/lib/radius/.gitignore @@ -0,0 +1 @@ +dictionaries.c diff --git a/lib/radius/Makefile b/lib/radius/Makefile deleted file mode 100644 index 63eff89..0000000 --- a/lib/radius/Makefile +++ /dev/null @@ -1,68 +0,0 @@ -# -# GNU Makefile -# -.PHONY: all clean install -all: libnetworkradius-client.a - -SRCS := dict.c attrs.c packet.c valuepair.c static.c id.c \ - crypto.c custom.c print.c parse.c - -OBJS := ${SRCS:.c=.o} - -HEADERS := client.h radius.h - -CFLAGS := -I. -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef - -VERSION := 1.0 -NAME := networkradius-client-$(VERSION) - - -# -# The DICTIONARIES variable can be used to point to the FreeRADIUS -# dictionaries. -# -ifeq "${DICTIONARIES}" "" -DICTIONARIES := $(filter-out %~,$(wildcard share/dictionary*)) -endif - -${OBJS}: ${HEADERS} - -radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl - ./convert.pl ${DICTIONARIES} - -static.o: static.c dictionaries.c - -%.o : %.c - $(CC) $(CFLAGS) -c $< - -%.o: ${HEADERS} - -.PHONY: networkradius-devel -networkradius-devel: - @[ -e $@ ] || ln -s . $@ - -libnetworkradius-client.a: ${OBJS} - ${AR} ${ARFLAGS} $@ $^ - -LIBS := -lcrypto -lssl -LDFLAGS = -L. -lnetworkradius-client - -.PHONY: html -html: - doxygen doxygen.conf - -clean: - @rm -rf *.o *.a *~ html - -install: libnetworkradius-client.a - -.PHONY: publish -publish: - @scp -r html/* networkradius.com@liberty:www.new/site/clientapi/ - -$(NAME).tar.gz: $(wildcard Makefile *.pl *.txt *.[ch] \ - examples/*.[ch] doc/*.txt share/dictionary*) - git archive --format=tar --prefix=$(NAME)/ bsd | gzip > $@ - -.PHONY: tar -tar: $(NAME).tar.gz diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am new file mode 100644 index 0000000..1b66ca6 --- /dev/null +++ b/lib/radius/Makefile.am @@ -0,0 +1,37 @@ +AUTOMAKE_OPTIONS = foreign +ACLOCAL_AMFLAGS = -I m4 + +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir) +AM_CFLAGS = -Wall -g + +noinst_LTLIBRARIES = libradsec-radius.la + +libradsec_radius_la_SOURCES = \ + attrs.c \ + crypto.c \ + custom.c \ + dict.c \ + id.c \ + packet.c \ + parse.c \ + print.c \ + static.c \ + valuepair.c + +libradsec_radius_la_CFLAGS = $(AM_CFLAGS) + +DICTIONARIES = \ + share/dictionary.txt \ + share/dictionary.microsoft \ + share/dictionary.ukerna + +$(top_srcdir)/include/radsec/radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl + $(srcdir)/convert.pl ${DICTIONARIES} + +static.$(OBJEXT): static.c dictionaries.c + +clean-local: + rm -f dictionaries.c + +$(libradsec_radius_la_SOURCES): $(top_srcdir)/include/radsec/radius.h + diff --git a/lib/radius/attrs.c b/lib/radius/attrs.c index 4fd2bf4..d096cc2 100644 --- a/lib/radius/attrs.c +++ b/lib/radius/attrs.c @@ -29,7 +29,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Attribute encoding and decoding routines. */ -#include +#include "client.h" /* * Encodes the data portion of an attribute. @@ -48,7 +48,7 @@ static ssize_t vp2data_any(const RADIUS_PACKET *packet, uint8_t array[4]; const VALUE_PAIR *vp = *pvp; -#ifdef NR_TYPE_TLV +#ifdef RS_TYPE_TLV /* * See if we need to encode a TLV. The low portion of * the attribute has already been placed into the packer. @@ -73,41 +73,41 @@ static ssize_t vp2data_any(const RADIUS_PACKET *packet, len = vp->length; switch(vp->da->type) { - case NR_TYPE_IPV6PREFIX: + case RS_TYPE_IPV6PREFIX: len = sizeof(vp->vp_ipv6prefix); break; - case NR_TYPE_STRING: - case NR_TYPE_OCTETS: - case NR_TYPE_IFID: - case NR_TYPE_IPV6ADDR: -#ifdef NR_TYPE_ABINARY - case NR_TYPE_ABINARY: + case RS_TYPE_STRING: + case RS_TYPE_OCTETS: + case RS_TYPE_IFID: + case RS_TYPE_IPV6ADDR: +#ifdef RS_TYPE_ABINARY + case RS_TYPE_ABINARY: #endif /* nothing more to do */ break; - case NR_TYPE_BYTE: + case RS_TYPE_BYTE: len = 1; /* just in case */ array[0] = vp->vp_integer & 0xff; data = array; break; - case NR_TYPE_SHORT: + case RS_TYPE_SHORT: len = 2; /* just in case */ array[0] = (vp->vp_integer >> 8) & 0xff; array[1] = vp->vp_integer & 0xff; data = array; break; - case NR_TYPE_INTEGER: + case RS_TYPE_INTEGER: len = 4; /* just in case */ lvalue = htonl(vp->vp_integer); memcpy(array, &lvalue, sizeof(lvalue)); data = array; break; - case NR_TYPE_IPADDR: + case RS_TYPE_IPADDR: data = (const uint8_t *) &vp->vp_ipaddr; len = 4; /* just in case */ break; @@ -115,14 +115,14 @@ static ssize_t vp2data_any(const RADIUS_PACKET *packet, /* * There are no tagged date attributes. */ - case NR_TYPE_DATE: + case RS_TYPE_DATE: lvalue = htonl(vp->vp_date); data = (const uint8_t *) &lvalue; len = 4; /* just in case */ break; #ifdef VENDORPEC_WIMAX - case NR_TYPE_SIGNED: + case RS_TYPE_SIGNED: { int32_t slvalue; @@ -133,12 +133,12 @@ static ssize_t vp2data_any(const RADIUS_PACKET *packet, } #endif -#ifdef NR_TYPE_TLV - case NR_TYPE_TLV: +#ifdef RS_TYPE_TLV + case RS_TYPE_TLV: data = vp->vp_tlv; if (!data) { nr_debug_error("ERROR: Cannot encode NULL TLV"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } len = vp->length; break; @@ -146,7 +146,7 @@ static ssize_t vp2data_any(const RADIUS_PACKET *packet, default: /* unknown type: ignore it */ nr_debug_error("ERROR: Unknown attribute type %d", vp->da->type); - return -NR_ERR_ATTR_TYPE_UNKNOWN; + return -RSE_ATTR_TYPE_UNKNOWN; } /* @@ -194,7 +194,7 @@ static ssize_t vp2data_any(const RADIUS_PACKET *packet, default: if (!original) { nr_debug_error("ERROR: No request packet, cannot encrypt %s attribute in the vp.", vp->da->name); - return -NR_ERR_REQUEST_REQUIRED; + return -RSE_REQUEST_REQUIRED; } if (lvalue) ptr[0] = vp->tag; @@ -230,11 +230,11 @@ static ssize_t vp2data_any(const RADIUS_PACKET *packet, default: if (vp->da->flags.has_tag && TAG_VALID(vp->tag)) { - if (vp->da->type == NR_TYPE_STRING) { + if (vp->da->type == RS_TYPE_STRING) { if (len > ((ssize_t) (room - 1))) len = room - 1; ptr[0] = vp->tag; ptr++; - } else if (vp->da->type == NR_TYPE_INTEGER) { + } else if (vp->da->type == RS_TYPE_INTEGER) { array[0] = vp->tag; } /* else it can't be any other type */ } @@ -300,7 +300,7 @@ static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, dv = nr_dict_vendor_byvalue(vendor); if (!dv || ( -#ifdef NR_TYPE_TLV +#ifdef RS_TYPE_TLV !(*pvp)->flags.is_tlv && #endif (dv->type == 1) && (dv->length == 1))) { @@ -308,7 +308,7 @@ static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, attribute, ptr, room); } -#ifdef NR_TYPE_TLV +#ifdef RS_TYPE_TLV if ((*pvp)->flags.is_tlv) { return data2vp_tlvs(packet, original, 0, pvp, ptr, room); @@ -319,7 +319,7 @@ static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, default: nr_debug_error("vp2attr_vsa: Internal sanity check failed," " type %u", (unsigned) dv->type); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; case 4: ptr[0] = 0; /* attr must be 24-bit */ @@ -342,7 +342,7 @@ static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, default: nr_debug_error("vp2attr_vsa: Internal sanity check failed," " length %u", (unsigned) dv->length); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; case 0: break; @@ -392,9 +392,9 @@ ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, } #endif - if (vp->da->vendor > NR_MAX_VENDOR) { + if (vp->da->vendor > RS_MAX_VENDOR) { nr_debug_error("nr_vp2vsa: Invalid arguments"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } /* @@ -440,17 +440,17 @@ ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, if (vp->da->vendor != 0) { nr_debug_error("nr_vp2rfc called with VSA"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } if ((vp->da->attr == 0) || (vp->da->attr > 255)) { nr_debug_error("nr_vp2rfc called with non-standard attribute %u", vp->da->attr); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } #ifdef PW_CHARGEABLE_USER_IDENTITY if ((vp->length == 0) && - (vp->da != NR_DA_CHARGEABLE_USER_IDENTITY)) { + (vp->da != RS_DA_CHARGEABLE_USER_IDENTITY)) { *pvp = vp->next; return 0; } @@ -471,10 +471,10 @@ static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, { ssize_t rcode; const VALUE_PAIR *vp = *pvp; - NR_MD5_CTX ctx; - uint8_t buffer[MAX_STRING_LEN*2 + 1], *p; + RS_MD5_CTX ctx; + uint8_t buffer[RS_MAX_STRING_LEN*2 + 1], *p; VALUE_PAIR chap = { - NR_DA_CHAP_PASSWORD, + RS_DA_CHAP_PASSWORD, 17, 0, NULL, @@ -485,9 +485,9 @@ static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, }, }; - if ((vp->da->vendor != 0) || (vp->da != NR_DA_CHAP_PASSWORD)) { + if ((vp->da->vendor != 0) || (vp->da != RS_DA_CHAP_PASSWORD)) { nr_debug_error("nr_chap2rfc called with non-CHAP"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } p = buffer; @@ -505,9 +505,9 @@ static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, p += sizeof(packet->vector); } - nr_MD5Init(&ctx); - nr_MD5Update(&ctx, buffer, p - buffer); - nr_MD5Final(&chap.vp_octets[1], &ctx); + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, buffer, p - buffer); + RS_MD5Final(&chap.vp_octets[1], &ctx); chap.vp_octets[0] = buffer[0]; vp = &chap; @@ -531,7 +531,7 @@ static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, * instead use this one, which has the correct length and data. */ static const VALUE_PAIR fake_ma = { - NR_DA_MESSAGE_AUTHENTICATOR, + RS_DA_MESSAGE_AUTHENTICATOR, 16, 0, NULL, @@ -557,7 +557,7 @@ ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, */ if (vp->da->vendor != 0) { #ifdef VENDORPEC_EXTENDED - if (vp->da->vendor > NR_MAX_VENDOR) { + if (vp->da->vendor > RS_MAX_VENDOR) { return nr_vp2attr_extended(packet, original, pvp, start, room); @@ -575,7 +575,7 @@ ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, return nr_vp2vsa(packet, original, pvp, start, room); #else nr_debug_error("VSAs are not supported"); - return -NR_ERR_UNSUPPORTED; + return -RSE_UNSUPPORTED; #endif } @@ -593,7 +593,7 @@ ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, * know how to calculate it, or what the correct values * are. So... create one for him. */ - if (vp->da == NR_DA_MESSAGE_AUTHENTICATOR) { + if (vp->da == RS_DA_MESSAGE_AUTHENTICATOR) { ssize_t rcode; vp = &fake_ma; @@ -610,7 +610,7 @@ ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, * to calculate it, or what the correct values are. To * help, we calculate it for him. */ - if (vp->da == NR_DA_CHAP_PASSWORD) { + if (vp->da == RS_DA_CHAP_PASSWORD) { int encoded = 0; /* @@ -667,10 +667,10 @@ static ssize_t data2vp_raw(UNUSED const RADIUS_PACKET *packet, { VALUE_PAIR *vp; - if (length > sizeof(vp->vp_octets)) return -NR_ERR_ATTR_OVERFLOW; + if (length > sizeof(vp->vp_octets)) return -RSE_ATTR_OVERFLOW; vp = nr_vp_alloc_raw(attribute, vendor); - if (!vp) return -NR_ERR_NO_MEM; + if (!vp) return -RSE_NOMEM; memcpy(vp->vp_octets, data, length); vp->length = length; @@ -685,9 +685,9 @@ ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, VALUE_PAIR **pvp) { - if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; - if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; - if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; return data2vp_raw(packet, original, data[0], 0, data + 2, data[1] - 2, pvp); @@ -741,12 +741,12 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, attribute, vendor, data, length, pvp); } -#ifdef NR_TYPE_TLV +#ifdef RS_TYPE_TLV /* * TLVs are handled first. They can't be tagged, and * they can't be encrypted. */ - if (da->da->type == NR_TYPE_TLV) { + if (da->da->type == RS_TYPE_TLV) { return data2vp_tlvs(packet, original, attribute, vendor, nest, data, length, pvp); @@ -761,7 +761,7 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, * out of memory. */ vp = nr_vp_alloc(da); - if (!vp) return -NR_ERR_NO_MEM; + if (!vp) return -RSE_NOMEM; /* * Handle tags. @@ -778,8 +778,8 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, */ vp->tag = data[0]; - if ((vp->da->type == NR_TYPE_STRING) || - (vp->da->type == NR_TYPE_OCTETS)) { + if ((vp->da->type == RS_TYPE_STRING) || + (vp->da->type == RS_TYPE_OCTETS)) { if (length == 0) goto raw; data_offset = 1; } @@ -870,51 +870,51 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, } switch (vp->da->type) { - case NR_TYPE_STRING: - case NR_TYPE_OCTETS: -#ifdef NR_TYPE_ABINARY - case NR_TYPE_ABINARY: + case RS_TYPE_STRING: + case RS_TYPE_OCTETS: +#ifdef RS_TYPE_ABINARY + case RS_TYPE_ABINARY: #endif /* nothing more to do */ break; - case NR_TYPE_BYTE: + case RS_TYPE_BYTE: vp->vp_integer = vp->vp_octets[0]; break; - case NR_TYPE_SHORT: + case RS_TYPE_SHORT: vp->vp_integer = (vp->vp_octets[0] << 8) | vp->vp_octets[1]; break; - case NR_TYPE_INTEGER: + case RS_TYPE_INTEGER: memcpy(&vp->vp_integer, vp->vp_octets, 4); vp->vp_integer = ntohl(vp->vp_integer); if (vp->da->flags.has_tag) vp->vp_integer &= 0x00ffffff; break; - case NR_TYPE_DATE: + case RS_TYPE_DATE: memcpy(&vp->vp_date, vp->vp_octets, 4); vp->vp_date = ntohl(vp->vp_date); break; - case NR_TYPE_IPADDR: + case RS_TYPE_IPADDR: memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); break; /* * IPv6 interface ID is 8 octets long. */ - case NR_TYPE_IFID: + case RS_TYPE_IFID: /* vp->vp_ifid == vp->vp_octets */ break; /* * IPv6 addresses are 16 octets long */ - case NR_TYPE_IPV6ADDR: + case RS_TYPE_IPV6ADDR: /* vp->vp_ipv6addr == vp->vp_octets */ break; @@ -927,7 +927,7 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, * * The prefix length can have value 0 to 128. */ - case NR_TYPE_IPV6PREFIX: + case RS_TYPE_IPV6PREFIX: if (vp->length < 2 || vp->length > 18) goto raw; if (vp->vp_octets[1] > 128) goto raw; @@ -942,7 +942,7 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, break; #ifdef VENDORPEC_WIMAX - case NR_TYPE_SIGNED: + case RS_TYPE_SIGNED: if (vp->length != 4) goto raw; /* @@ -955,22 +955,22 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, break; #endif -#ifdef NR_TYPE_TLV - case NR_TYPE_TLV: +#ifdef RS_TYPE_TLV + case RS_TYPE_TLV: nr_vp_free(&vp); nr_debug_error("data2vp_any: Internal sanity check failed"); - return -NR_ERR_ATTR_TYPE_UNKNOWN; + return -RSE_ATTR_TYPE_UNKNOWN; #endif #ifdef VENDORPEC_WIMAX - case NR_TYPE_COMBO_IP: + case RS_TYPE_COMBO_IP: if (vp->length == 4) { - vp->da->type = NR_TYPE_IPADDR; + vp->da->type = RS_TYPE_IPADDR; memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); break; } else if (vp->length == 16) { - vp->da->type = NR_TYPE_IPV6ADDR; + vp->da->type = RS_TYPE_IPV6ADDR; /* vp->vp_ipv6addr == vp->vp_octets */ break; @@ -998,9 +998,9 @@ ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, { ssize_t rcode; - if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; - if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; - if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; rcode = data2vp_any(packet, original, 0, data[0], 0, data + 2, data[1] - 2, pvp); @@ -1020,7 +1020,7 @@ int nr_tlv_ok(const uint8_t *data, size_t length, if ((dv_length > 2) || (dv_type == 0) || (dv_type > 4)) { nr_debug_error("nr_tlv_ok: Invalid arguments"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } while (data < end) { @@ -1028,7 +1028,7 @@ int nr_tlv_ok(const uint8_t *data, size_t length, if ((data + dv_type + dv_length) > end) { nr_debug_error("Attribute header overflow"); - return -NR_ERR_ATTR_TOO_SMALL; + return -RSE_ATTR_TOO_SMALL; } switch (dv_type) { @@ -1037,12 +1037,12 @@ int nr_tlv_ok(const uint8_t *data, size_t length, (data[2] == 0) && (data[3] == 0)) { zero: nr_debug_error("Invalid attribute 0"); - return -NR_ERR_ATTR_INVALID; + return -RSE_ATTR_INVALID; } if (data[0] != 0) { nr_debug_error("Invalid attribute > 2^24"); - return -NR_ERR_ATTR_INVALID; + return -RSE_ATTR_INVALID; } break; @@ -1056,7 +1056,7 @@ int nr_tlv_ok(const uint8_t *data, size_t length, default: nr_debug_error("Internal sanity check failed"); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } switch (dv_length) { @@ -1066,7 +1066,7 @@ int nr_tlv_ok(const uint8_t *data, size_t length, case 2: if (data[dv_type + 1] != 0) { nr_debug_error("Attribute is longer than 256 octets"); - return -NR_ERR_ATTR_TOO_LARGE; + return -RSE_ATTR_TOO_LARGE; } /* FALL-THROUGH */ case 1: @@ -1076,17 +1076,17 @@ int nr_tlv_ok(const uint8_t *data, size_t length, default: nr_debug_error("Internal sanity check failed"); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } if (attrlen < (dv_type + dv_length)) { nr_debug_error("Attribute header has invalid length"); - return -NR_ERR_PACKET_TOO_SMALL; + return -RSE_PACKET_TOO_SMALL; } if (attrlen > length) { nr_debug_error("Attribute overflows container"); - return -NR_ERR_ATTR_OVERFLOW; + return -RSE_ATTR_OVERFLOW; } data += attrlen; @@ -1113,7 +1113,7 @@ static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, #ifndef NDEBUG if (length <= (dv_type + dv_length)) { nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); - return -NR_ERR_PACKET_TOO_SMALL; + return -RSE_PACKET_TOO_SMALL; } #endif @@ -1136,7 +1136,7 @@ static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, default: nr_debug_error("attr2vp_vsa: Internal sanity check failed"); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } switch (dv_length) { @@ -1155,13 +1155,13 @@ static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, default: nr_debug_error("attr2vp_vsa: Internal sanity check failed"); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } #ifndef NDEBUG if (attrlen <= (ssize_t) (dv_type + dv_length)) { nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); - return -NR_ERR_PACKET_TOO_SMALL; + return -RSE_PACKET_TOO_SMALL; } #endif @@ -1177,7 +1177,7 @@ static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, nr_vp_free(pvp); nr_debug_error("attr2vp_vsa: Incomplete decode %d != %d", (int) my_len, (int) attrlen); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } #endif @@ -1198,13 +1198,13 @@ ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, uint32_t lvalue; const DICT_VENDOR *dv; - if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; - if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; - if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; if (data[0] != PW_VENDOR_SPECIFIC) { nr_debug_error("nr_attr2vp_vsa: Invalid attribute"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } /* @@ -1256,7 +1256,7 @@ ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, if (my_len != (data[1] - 6)) { nr_vp_free(pvp); nr_debug_error("nr_attr2vp_vsa: Incomplete decode"); - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } #endif @@ -1273,9 +1273,9 @@ ssize_t nr_attr2vp(const RADIUS_PACKET *packet, const uint8_t *data, size_t length, VALUE_PAIR **pvp) { - if (length < 2) return -NR_ERR_PACKET_TOO_SMALL; - if (data[1] < 2) return -NR_ERR_ATTR_TOO_SMALL; - if (data[1] > length) return -NR_ERR_ATTR_OVERFLOW; + if (length < 2) return -RSE_PACKET_TOO_SMALL; + if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; + if (data[1] > length) return -RSE_ATTR_OVERFLOW; #ifndef WITHOUT_VSAS /* @@ -1307,18 +1307,18 @@ ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, uint8_t *data, *attr; const uint8_t *end; - if (!packet || !pdata || !plength) return -NR_ERR_INVALID_ARG; + if (!packet || !pdata || !plength) return -RSE_INVAL; - if (!packet->data) return -NR_ERR_INVALID_ARG; - if (packet->length < 20) return -NR_ERR_INVALID_ARG; + if (!packet->data) return -RSE_INVAL; + if (packet->length < 20) return -RSE_INVAL; /* * Too long or short, not good. */ if ((start < 0) || - ((start > 0) && (start < 20))) return -NR_ERR_INVALID_ARG; + ((start > 0) && (start < 20))) return -RSE_INVAL; - if ((size_t) start >= (packet->length - 2)) return -NR_ERR_INVALID_ARG; + if ((size_t) start >= (packet->length - 2)) return -RSE_INVAL; end = packet->data + packet->length; @@ -1343,17 +1343,17 @@ ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, */ if ((attr + 2) > end) { nr_debug_error("Attribute overflows packet"); - return -NR_ERR_ATTR_OVERFLOW; + return -RSE_ATTR_OVERFLOW; } if (attr[1] < 2) { nr_debug_error("Attribute length is too small"); - return -NR_ERR_ATTR_TOO_SMALL; + return -RSE_ATTR_TOO_SMALL; } if ((attr + attr[1]) > end) { nr_debug_error("Attribute length is too large"); - return -NR_ERR_ATTR_TOO_LARGE; + return -RSE_ATTR_TOO_LARGE; } #endif @@ -1379,7 +1379,7 @@ ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, dv = nr_dict_vendor_byvalue(vendor); if (dv && ((dv->type != 1) || (dv->length != 1))) { - return -NR_ERR_VENDOR_UNKNOWN; + return -RSE_VENDOR_UNKNOWN; } } diff --git a/lib/radius/client.h b/lib/radius/client.h index 591884f..df9f834 100644 --- a/lib/radius/client.h +++ b/lib/radius/client.h @@ -29,6 +29,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Main header file. */ +#ifndef _RADIUS_CLIENT_H_ +#define _RADIUS_CLIENT_H_ 1 + /* * System-specific header files. */ @@ -42,10 +45,12 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include #include +#include + /* * Definitions of attributes. */ -#include +#include /** \defgroup build Build Helpers * @@ -135,38 +140,38 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #endif #ifdef WITHOUT_OPENSSL -#ifndef NR_MD5_CTX -#error NR_MD5_CTX must be defined +#ifndef RS_MD5_CTX +#error RS_MD5_CTX must be defined #endif -#ifndef nr_MD5Init +#ifndef RS_MD5Init #error n_rMD5Init must be defined #endif -#ifndef nr_MD5Update -#error nr_MD5Updyae must be defined +#ifndef RS_MD5Update +#error RS_MD5Updyae must be defined #endif -#ifndef nr_MD5Final -#error nr_MD5Final must be defined +#ifndef RS_MD5Final +#error RS_MD5Final must be defined #endif -#ifndef nr_MD5Transform -#error nr_MD5Transform must be defined +#ifndef RS_MD5Transform +#error RS_MD5Transform must be defined #endif #else /* WITHOUT_OPENSSL */ #include /** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define NR_MD5_CTX MD5_CTX +#define RS_MD5_CTX MD5_CTX /** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define nr_MD5Init MD5_Init +#define RS_MD5Init MD5_Init /** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define nr_MD5Update MD5_Update +#define RS_MD5Update MD5_Update /** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define nr_MD5Final MD5_Final +#define RS_MD5Final MD5_Final /** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define nr_MD5Transform MD5_Transform +#define RS_MD5Transform MD5_Transform #endif -#ifndef NR_MAX_PACKET_LEN +#ifndef RS_MAX_PACKET_LEN /** The maximum size of a packet that the library will send or receive. \ingroup custom * * The RFC requirement is to handle at least 4K packets. However, if @@ -176,144 +181,39 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * Be warned that any packets larger than this value will be ignored * and silently discarded. */ -#define NR_MAX_PACKET_LEN (4096) +#define RS_MAX_PACKET_LEN (4096) #endif -#ifndef NR_MAX_ATTRIBUTES +#ifndef RS_MAX_ATTRIBUTES /** The maximum number of attributes that the library will allow in a packet. \ingroup custom * - * Packets which contain more than ::NR_MAX_ATTRIBUTES will generate + * Packets which contain more than ::RS_MAX_ATTRIBUTES will generate * an error. This value is configurable because there may be a need * to accept a large mumber of attributes. * * This value is ignored when packets are sent. The library will * send as many attributes as it is told to send. */ -#define NR_MAX_ATTRIBUTES (200) +#define RS_MAX_ATTRIBUTES (200) #endif -#undef NR_MAX_PACKET_CODE +#undef RS_MAX_PACKET_CODE /** The maximum RADIUS_PACKET::code which we can accept. \ingroup dict * * \attention This should not be changed, as it is used by other * structures such as ::nr_packet_codes. */ -#define NR_MAX_PACKET_CODE PW_COA_NAK +#define RS_MAX_PACKET_CODE PW_COA_NAK /** The maximum vendor number which is permitted. \ingroup dict * * The RFCs require that the Vendor Id or Private Enterprise Number * be encoded as 32 bits, with the upper 8 bits being zero. */ -#define NR_MAX_VENDOR (1 << 24) - -/** The maximum length of a RADIUS attribute. - * - * The RFCs require that a RADIUS attribute transport no more than - * 253 octets of data. We add an extra byte for a trailing NUL, so - * that the VALUE_PAIR::vp_strvalue field can be handled as a C - * string. - */ -#define MAX_STRING_LEN (254) +#define RS_MAX_VENDOR (1 << 24) /** Data Type Definitions. \ingroup dict */ -typedef enum nr_attr_type_t { - NR_TYPE_INVALID = 0, /**< Invalid data type */ - NR_TYPE_STRING, /**< printable-text */ - NR_TYPE_INTEGER, /**< a 32-bit unsigned integer */ - NR_TYPE_IPADDR, /**< an IPv4 address */ - NR_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */ - NR_TYPE_OCTETS, /**< a sequence of binary octets */ - NR_TYPE_IFID, /**< an Interface Id */ - NR_TYPE_IPV6ADDR, /**< an IPv6 address */ - NR_TYPE_IPV6PREFIX, /**< an IPv6 prefix */ - NR_TYPE_BYTE, /**< an 8-bit integer */ - NR_TYPE_SHORT, /**< a 16-bit integer */ -} nr_attr_type_t; - -#define PW_ACCESS_REQUEST 1 -#define PW_ACCESS_ACCEPT 2 -#define PW_ACCESS_REJECT 3 -#define PW_ACCOUNTING_REQUEST 4 -#define PW_ACCOUNTING_RESPONSE 5 -#define PW_ACCOUNTING_STATUS 6 -#define PW_PASSWORD_REQUEST 7 -#define PW_PASSWORD_ACK 8 -#define PW_PASSWORD_REJECT 9 -#define PW_ACCOUNTING_MESSAGE 10 -#define PW_ACCESS_CHALLENGE 11 -#define PW_STATUS_SERVER 12 -#define PW_STATUS_CLIENT 13 -#define PW_DISCONNECT_REQUEST 40 -#define PW_DISCONNECT_ACK 41 -#define PW_DISCONNECT_NAK 42 -#define PW_COA_REQUEST 43 -#define PW_COA_ACK 44 -#define PW_COA_NAK 45 - -/** Error codes \ingroup error - * - * The numerical value of these definitions may change from version - * to version of the library. - */ -typedef enum nr_error_t { - /** Invalid argument */ - NR_ERR_INVALID_ARG = 1, - /** Insufficient data to decode the packet */ - NR_ERR_PACKET_TOO_SMALL, - /** The packet header says it is larger than the received data */ - NR_ERR_PACKET_TOO_LARGE, - /** the attribute overflows the packet */ - NR_ERR_ATTR_OVERFLOW, - /** the attribute header "length" field is too small */ - NR_ERR_ATTR_TOO_SMALL, - /** the attribute is more than 256 octets long */ - NR_ERR_ATTR_TOO_LARGE, - /** the attribute is unknown */ - NR_ERR_ATTR_UNKNOWN, - /** the attribute name is improperly formatted */ - NR_ERR_ATTR_BAD_NAME, - /** the attribute value could not be parsed */ - NR_ERR_ATTR_VALUE_MALFORMED, - /** the attribute "type" is invalid */ - NR_ERR_ATTR_INVALID, - /** the packet has too many attributes */ - NR_ERR_TOO_MANY_ATTRS, - /** the attribute has an unsupported data type */ - NR_ERR_ATTR_TYPE_UNKNOWN, - /** the Message-Authenticator has the wrong length */ - NR_ERR_MSG_AUTH_LEN, - /** the Message-Authenticator is wrong */ - NR_ERR_MSG_AUTH_WRONG, - /** we need a request packet to calculate something in the response */ - NR_ERR_REQUEST_REQUIRED, - /** the request code is unsupported */ - NR_ERR_REQUEST_CODE_INVALID, - /** the Authentication Vector is wrong */ - NR_ERR_AUTH_VECTOR_WRONG, - /** the response code is unsupported */ - NR_ERR_RESPONSE_CODE_INVALID, - /** the response ID field is invalid */ - NR_ERR_RESPONSE_ID_INVALID, - /** the response is not from the correct source IP/port */ - NR_ERR_RESPONSE_SRC_INVALID, - /** Look at "errno" for the error */ - NR_ERR_SYSTEM, - /** We cannot encode the packet because of invalid arguments */ - NR_ERR_NO_PACKET_DATA, - /** the vendor is unknown */ - NR_ERR_VENDOR_UNKNOWN, - /** an internal sanity check failed */ - NR_ERR_INTERNAL_FAILURE, - /** the caller requested an unsupported featuer */ - NR_ERR_UNSUPPORTED, - /** we were unable to allocate memory */ - NR_ERR_NO_MEM, - /** Resource is in use */ - NR_ERR_IN_USE, -} nr_error_t; - #define TAG_VALID(x) ((x) < 0x20) /** The attribute is not encrypted. */ @@ -335,7 +235,7 @@ typedef enum nr_error_t { typedef struct attr_flags { unsigned int has_tag : 1; /**< Attribute has an RFC 2868 tag */ unsigned int unknown : 1; /**< Attribute is unknown */ -#ifdef NR_TYPE_TLV +#ifdef RS_TYPE_TLV unsigned int has_tlv : 1; /* has sub attributes */ unsigned int is_tlv : 1; /* is a sub attribute */ #endif @@ -358,7 +258,7 @@ typedef struct attr_flags { */ typedef struct nr_dict_attr { unsigned int attr; /**< Attribute number */ - nr_attr_type_t type; /**< Data type */ + rs_attr_type_t type; /**< Data type */ unsigned int vendor; /**< Vendor-Id number */ ATTR_FLAGS flags; const char *name; /**< Printable name */ @@ -392,21 +292,21 @@ typedef struct nr_dict_vendor { * */ typedef union value_pair_data { - char strvalue[MAX_STRING_LEN]; /* +1 for NUL */ + char strvalue[RS_MAX_STRING_LEN]; /* +1 for NUL */ uint8_t octets[253]; struct in_addr ipaddr; struct in6_addr ipv6addr; uint32_t date; uint32_t integer; -#ifdef NR_TYPE_SIGNED +#ifdef RS_TYPE_SIGNED int32_t sinteger; #endif -#ifdef NR_TYPE_ABINARY +#ifdef RS_TYPE_ABINARY uint8_t filter[32]; #endif uint8_t ifid[8]; /* struct? */ uint8_t ipv6prefix[18]; /* struct? */ -#ifdef NR_TYPE_TLV +#ifdef RS_TYPE_TLV uint8_t *tlv; #endif } VALUE_PAIR_DATA; @@ -432,23 +332,23 @@ typedef struct value_pair { #define vp_ipaddr data.ipaddr.s_addr #define vp_date data.integer #define vp_integer data.integer -#ifdef NR_TYPE_ABINARY +#ifdef RS_TYPE_ABINARY #define vp_filter data.filter #endif -#ifdef NR_TYPE_ETHER +#ifdef RS_TYPE_ETHER #define vp_ether data.ether #endif -#ifdef NR_TYPE_SIGNED +#ifdef RS_TYPE_SIGNED #define vp_signed data.sinteger #endif -#ifdef NR_TYPE_TLV +#ifdef RS_TYPE_TLV #define vp_tlv data.tlv #endif -#ifdef NR_TYPE_TLV -#define NR_ATTR_MAX_TLV (4) -extern const int nr_attr_shift[NR_ATTR_MAX_TLV]; -extern const int nr_attr_mask[NR_ATTR_MAX_TLV]; +#ifdef RS_TYPE_TLV +#define RS_ATTR_MAX_TLV (4) +extern const int nr_attr_shift[RS_ATTR_MAX_TLV]; +extern const int nr_attr_mask[RS_ATTR_MAX_TLV]; extern const unsigned int nr_attr_max_tlv; #endif @@ -474,12 +374,12 @@ typedef struct radius_packet { VALUE_PAIR *vps; /**< linked list of ::VALUE_PAIR */ } RADIUS_PACKET; -#define NR_PACKET_ENCODED (1 << 0) -#define NR_PACKET_HEADER (1 << 1) -#define NR_PACKET_SIGNED (1 << 2) -#define NR_PACKET_OK (1 << 3) -#define NR_PACKET_VERIFIED (1 << 4) -#define NR_PACKET_DECODED (1 << 5) +#define RS_PACKET_ENCODED (1 << 0) +#define RS_PACKET_HEADER (1 << 1) +#define RS_PACKET_SIGNED (1 << 2) +#define RS_PACKET_OK (1 << 3) +#define RS_PACKET_VERIFIED (1 << 4) +#define RS_PACKET_DECODED (1 << 5) /** Track packets sent to a server. \ingroup id @@ -634,7 +534,7 @@ extern VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, * packet. * * \attention There is usually no need to call this function. Use - * the NR_DA_* definitions instead. + * the RS_DA_* definitions instead. * * @param[in] attr Value of the attribute * @param[in] vendor Value of the vendor @@ -773,7 +673,7 @@ extern const DICT_ATTR const *nr_dict_attr_names[]; * application. Packet codes which are not handled by the library * have NULL for their names. */ -extern const char *nr_packet_codes[NR_MAX_PACKET_CODE + 1]; +extern const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1]; /** Verifies that a packet is "well formed". \ingroup packet * @@ -1406,3 +1306,5 @@ extern ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value); */ # define BLANK_FORMAT "" #endif + +#endif /* _RADIUS_CLIENT_H_ */ diff --git a/lib/radius/common.pl b/lib/radius/common.pl index c08489a..7042fe5 100644 --- a/lib/radius/common.pl +++ b/lib/radius/common.pl @@ -124,7 +124,7 @@ sub do_file() } $type =~ tr/a-z/A-Z/; - $attributes{$index}{'type'} = "NR_TYPE_$type"; + $attributes{$index}{'type'} = "RS_TYPE_$type"; $stuff =~ s/^\s*//; diff --git a/lib/radius/convert.pl b/lib/radius/convert.pl index ce7cccd..9cf8731 100755 --- a/lib/radius/convert.pl +++ b/lib/radius/convert.pl @@ -134,7 +134,7 @@ foreach $attr_val (sort {lc($attributes{$a}{'name'}) cmp lc($attributes{$b}{'nam print DICT "};\n\n"; close DICT; -open HDR, ">radius.h" or die "Failed creating radius.c: $!\n"; +open HDR, ">../include/radsec/radius.h" or die "Failed creating radius.c: $!\n"; print HDR "/* Automatically generated file. Do not edit */\n\n"; @@ -174,7 +174,7 @@ foreach $attr_val (sort {$a <=> $b} keys %attributes) { $name =~ tr/a-z/A-Z/; $name =~ tr/-/_/; - print HDR "#define NR_DA_$name (&nr_dict_attrs[$attributes{$attr_val}{'offset'}])\n"; + print HDR "#define RS_DA_$name (&nr_dict_attrs[$attributes{$attr_val}{'offset'}])\n"; } print HDR "/* Automatically generated file. Do not edit */\n"; diff --git a/lib/radius/crypto.c b/lib/radius/crypto.c index 02a223d..21cc7d0 100644 --- a/lib/radius/crypto.c +++ b/lib/radius/crypto.c @@ -36,7 +36,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. /** \cond PRIVATE */ -#include +#include "client.h" ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, @@ -45,35 +45,35 @@ ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, { size_t i, j, len; uint8_t digest[16]; - NR_MD5_CTX ctx, secret_ctx; + RS_MD5_CTX ctx, secret_ctx; if (!output || (outlen < 16) || !input || (inlen == 0) || !secret || !vector) { - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } len = inlen; - if (len > 128) return -NR_ERR_ATTR_OVERFLOW; + if (len > 128) return -RSE_ATTR_OVERFLOW; len = (len + 0x0f) & ~0x0f; /* round up to 16 byte boundary */ - if (outlen < len) return -NR_ERR_ATTR_OVERFLOW; + if (outlen < len) return -RSE_ATTR_OVERFLOW; memcpy(output, input, len); memset(output + len, 0, 128 - len); - nr_MD5Init(&secret_ctx); - nr_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + RS_MD5Init(&secret_ctx); + RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); for (j = 0; j < len; j += 16) { ctx = secret_ctx; if (j == 0) { - nr_MD5Update(&ctx, vector, 16); - nr_MD5Final(digest, &ctx); + RS_MD5Update(&ctx, vector, 16); + RS_MD5Final(digest, &ctx); } else { - nr_MD5Update(&ctx, &output[j - 16], 16); - nr_MD5Final(digest, &ctx); + RS_MD5Update(&ctx, &output[j - 16], 16); + RS_MD5Final(digest, &ctx); } for (i = 0; i < 16; i++) { @@ -90,16 +90,16 @@ ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, const char *secret, const uint8_t *vector) { size_t i, j, len; - NR_MD5_CTX ctx, secret_ctx; + RS_MD5_CTX ctx, secret_ctx; uint8_t digest[16]; if (!output || (outlen < 18) || !input || (inlen == 0) || !secret || !vector) { - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } len = ((inlen + 1) + 0x0f) & ~0x0f; - if (len > 251) return -NR_ERR_ATTR_OVERFLOW; + if (len > 251) return -RSE_ATTR_OVERFLOW; output[0] = (nr_rand() & 0xff) | 0x80; output[1] = nr_rand() & 0xff; @@ -108,19 +108,19 @@ ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, memcpy(output + 3, input, inlen); memset(output + 3 + inlen, 0, len - inlen - 1); - nr_MD5Init(&secret_ctx); - nr_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + RS_MD5Init(&secret_ctx); + RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); for (j = 0; j < len; j += 16) { ctx = secret_ctx; if (j == 0) { - nr_MD5Update(&ctx, vector, 16); - nr_MD5Update(&ctx, output, 2); - nr_MD5Final(digest, &ctx); + RS_MD5Update(&ctx, vector, 16); + RS_MD5Update(&ctx, output, 2); + RS_MD5Final(digest, &ctx); } else { - nr_MD5Update(&ctx, &output[j + 2 - 16], 16); - nr_MD5Final(digest, &ctx); + RS_MD5Update(&ctx, &output[j + 2 - 16], 16); + RS_MD5Final(digest, &ctx); } for (i = 0; i < 16; i++) { @@ -136,12 +136,12 @@ ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, const char *secret, const uint8_t *vector) { size_t i, j, len, encoded_len; - NR_MD5_CTX ctx, secret_ctx; + RS_MD5_CTX ctx, secret_ctx; uint8_t digest[16]; if (!output || (outlen < 1) || !input || (inlen < 2) || !secret || !vector) { - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } if (inlen <= 3) { @@ -151,20 +151,20 @@ ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, len = inlen - 2; - if (outlen < (len - 1)) return -NR_ERR_ATTR_OVERFLOW; + if (outlen < (len - 1)) return -RSE_ATTR_OVERFLOW; - nr_MD5Init(&secret_ctx); - nr_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); + RS_MD5Init(&secret_ctx); + RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); ctx = secret_ctx; - nr_MD5Update(&ctx, vector, 16); /* MD5(secret + vector + salt) */ - nr_MD5Update(&ctx, input, 2); - nr_MD5Final(digest, &ctx); + RS_MD5Update(&ctx, vector, 16); /* MD5(secret + vector + salt) */ + RS_MD5Update(&ctx, input, 2); + RS_MD5Final(digest, &ctx); encoded_len = input[2] ^ digest[0]; if (encoded_len >= len) { - return -NR_ERR_ATTR_TOO_LARGE; + return -RSE_ATTR_TOO_LARGE; } for (i = 0; i < 15; i++) { @@ -174,8 +174,8 @@ ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, for (j = 16; j < len; j += 16) { ctx = secret_ctx; - nr_MD5Update(&ctx, input + j - 16 + 2, 16); - nr_MD5Final(digest, &ctx); + RS_MD5Update(&ctx, input + j - 16 + 2, 16); + RS_MD5Final(digest, &ctx); for (i = 0; i < 16; i++) { output[i + j - 1] = input[i + j + 2] ^ digest[i]; @@ -198,12 +198,12 @@ nr_hmac_md5(const uint8_t *data, size_t data_len, uint8_t k_ipad[64]; uint8_t k_opad[64]; uint8_t tk[16]; - NR_MD5_CTX ctx; + RS_MD5_CTX ctx; if (key_len > 64) { - nr_MD5Init(&ctx); - nr_MD5Update(&ctx, key, key_len); - nr_MD5Final(tk, &ctx); + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, key, key_len); + RS_MD5Final(tk, &ctx); key = tk; key_len = 16; @@ -219,15 +219,15 @@ nr_hmac_md5(const uint8_t *data, size_t data_len, k_opad[i] ^= 0x5c; } - nr_MD5Init(&ctx); - nr_MD5Update(&ctx, k_ipad, sizeof(k_ipad)); - nr_MD5Update(&ctx, data, data_len); - nr_MD5Final(digest, &ctx); + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, k_ipad, sizeof(k_ipad)); + RS_MD5Update(&ctx, data, data_len); + RS_MD5Final(digest, &ctx); - nr_MD5Init(&ctx); - nr_MD5Update(&ctx, k_opad, sizeof(k_opad)); - nr_MD5Update(&ctx, digest, 16); - nr_MD5Final(digest, &ctx); + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, k_opad, sizeof(k_opad)); + RS_MD5Update(&ctx, digest, 16); + RS_MD5Final(digest, &ctx); } /** \endcond */ diff --git a/lib/radius/custom.c b/lib/radius/custom.c index e33cf5a..02e2463 100644 --- a/lib/radius/custom.c +++ b/lib/radius/custom.c @@ -29,7 +29,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Functions which should be customized for your local system. */ -#include +#include "client.h" #include #include diff --git a/lib/radius/dict.c b/lib/radius/dict.c index 26fe7d0..fc04ee2 100644 --- a/lib/radius/dict.c +++ b/lib/radius/dict.c @@ -25,7 +25,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include +#include "client.h" #include /** \file dict.c @@ -56,7 +56,7 @@ const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, unsigned int vendor) return &nr_dict_attrs[half]; } - if ((vendor > nr_dict_attrs[half].vendor) && + if ((vendor >= nr_dict_attrs[half].vendor) && (attr > nr_dict_attrs[half].attr)) { start = half + 1; } else { @@ -100,19 +100,19 @@ const DICT_ATTR *nr_dict_attr_byname(const char *name) int nr_dict_attr_2struct(DICT_ATTR *da, unsigned int attr, unsigned int vendor, char *buffer, size_t bufsize) { - if (!da || !buffer) return -NR_ERR_INVALID_ARG; + if (!da || !buffer) return -RSE_INVAL; if (!vendor) { - if (attr > 256) return -NR_ERR_INVALID_ARG; + if (attr > 256) return -RSE_INVAL; } else if (vendor > (1 << 24)) { - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } memset(da, 0, sizeof(*da)); da->attr = attr; da->flags.unknown = 1; - da->type = NR_TYPE_OCTETS; + da->type = RS_TYPE_OCTETS; da->vendor = vendor; if (da->vendor) { diff --git a/lib/radius/dictionaries.c b/lib/radius/dictionaries.c deleted file mode 100644 index d1f4b6f..0000000 --- a/lib/radius/dictionaries.c +++ /dev/null @@ -1,1515 +0,0 @@ -const DICT_VENDOR nr_dict_vendors[] = { - { - .name = "Microsoft", - .vendor = 311, - .type = 1, - .length = 1, - }, - { - .name = "example", - .vendor = 65535, - .type = 1, - .length = 1, - }, - - { .name = NULL, } -}; - -const DICT_ATTR nr_dict_attrs[] = { - { /* 0 */ - .name = NULL, - }, - { /* 1 */ - .name = "User-Name", - .attr = 1, - .type = NR_TYPE_STRING, - }, - { /* 2 */ - .name = "User-Password", - .attr = 2, - .type = NR_TYPE_STRING, - .flags = { - .encrypt = FLAG_ENCRYPT_USER_PASSWORD, - }, - }, - { /* 3 */ - .name = "CHAP-Password", - .attr = 3, - .type = NR_TYPE_OCTETS, - }, - { /* 4 */ - .name = "NAS-IP-Address", - .attr = 4, - .type = NR_TYPE_IPADDR, - .flags = { - .length = 4, - }, - }, - { /* 5 */ - .name = "NAS-Port", - .attr = 5, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 6 */ - .name = "Service-Type", - .attr = 6, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 7 */ - .name = "Framed-Protocol", - .attr = 7, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 8 */ - .name = "Framed-IP-Address", - .attr = 8, - .type = NR_TYPE_IPADDR, - .flags = { - .length = 4, - }, - }, - { /* 9 */ - .name = "Framed-IP-Netmask", - .attr = 9, - .type = NR_TYPE_IPADDR, - .flags = { - .length = 4, - }, - }, - { /* 10 */ - .name = "Framed-Routing", - .attr = 10, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 11 */ - .name = "Filter-Id", - .attr = 11, - .type = NR_TYPE_STRING, - }, - { /* 12 */ - .name = "Framed-MTU", - .attr = 12, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 13 */ - .name = "Framed-Compression", - .attr = 13, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 14 */ - .name = "Login-IP-Host", - .attr = 14, - .type = NR_TYPE_IPADDR, - .flags = { - .length = 4, - }, - }, - { /* 15 */ - .name = "Login-Service", - .attr = 15, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 16 */ - .name = "Login-TCP-Port", - .attr = 16, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 17 */ - .name = NULL, - }, - { /* 18 */ - .name = "Reply-Message", - .attr = 18, - .type = NR_TYPE_STRING, - }, - { /* 19 */ - .name = "Callback-Number", - .attr = 19, - .type = NR_TYPE_STRING, - }, - { /* 20 */ - .name = "Callback-Id", - .attr = 20, - .type = NR_TYPE_STRING, - }, - { /* 21 */ - .name = NULL, - }, - { /* 22 */ - .name = "Framed-Route", - .attr = 22, - .type = NR_TYPE_STRING, - }, - { /* 23 */ - .name = "Framed-IPX-Network", - .attr = 23, - .type = NR_TYPE_IPADDR, - .flags = { - .length = 4, - }, - }, - { /* 24 */ - .name = "State", - .attr = 24, - .type = NR_TYPE_OCTETS, - }, - { /* 25 */ - .name = "Class", - .attr = 25, - .type = NR_TYPE_OCTETS, - }, - { /* 26 */ - .name = "Vendor-Specific", - .attr = 26, - .type = NR_TYPE_OCTETS, - }, - { /* 27 */ - .name = "Session-Timeout", - .attr = 27, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 28 */ - .name = "Idle-Timeout", - .attr = 28, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 29 */ - .name = "Termination-Action", - .attr = 29, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 30 */ - .name = "Called-Station-Id", - .attr = 30, - .type = NR_TYPE_STRING, - }, - { /* 31 */ - .name = "Calling-Station-Id", - .attr = 31, - .type = NR_TYPE_STRING, - }, - { /* 32 */ - .name = "NAS-Identifier", - .attr = 32, - .type = NR_TYPE_STRING, - }, - { /* 33 */ - .name = "Proxy-State", - .attr = 33, - .type = NR_TYPE_OCTETS, - }, - { /* 34 */ - .name = "Login-LAT-Service", - .attr = 34, - .type = NR_TYPE_STRING, - }, - { /* 35 */ - .name = "Login-LAT-Node", - .attr = 35, - .type = NR_TYPE_STRING, - }, - { /* 36 */ - .name = "Login-LAT-Group", - .attr = 36, - .type = NR_TYPE_OCTETS, - }, - { /* 37 */ - .name = "Framed-AppleTalk-Link", - .attr = 37, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 38 */ - .name = "Framed-AppleTalk-Network", - .attr = 38, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 39 */ - .name = "Framed-AppleTalk-Zone", - .attr = 39, - .type = NR_TYPE_STRING, - }, - { /* 40 */ - .name = "Acct-Status-Type", - .attr = 40, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 41 */ - .name = "Acct-Delay-Time", - .attr = 41, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 42 */ - .name = "Acct-Input-Octets", - .attr = 42, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 43 */ - .name = "Acct-Output-Octets", - .attr = 43, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 44 */ - .name = "Acct-Session-Id", - .attr = 44, - .type = NR_TYPE_STRING, - }, - { /* 45 */ - .name = "Acct-Authentic", - .attr = 45, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 46 */ - .name = "Acct-Session-Time", - .attr = 46, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 47 */ - .name = "Acct-Input-Packets", - .attr = 47, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 48 */ - .name = "Acct-Output-Packets", - .attr = 48, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 49 */ - .name = "Acct-Terminate-Cause", - .attr = 49, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 50 */ - .name = "Acct-Multi-Session-Id", - .attr = 50, - .type = NR_TYPE_STRING, - }, - { /* 51 */ - .name = "Acct-Link-Count", - .attr = 51, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 52 */ - .name = "Acct-Input-Gigawords", - .attr = 52, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 53 */ - .name = "Acct-Output-Gigawords", - .attr = 53, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 54 */ - .name = NULL, - }, - { /* 55 */ - .name = "Event-Timestamp", - .attr = 55, - .type = NR_TYPE_DATE, - .flags = { - .length = 4, - }, - }, - { /* 56 */ - .name = "Egress-VLANID", - .attr = 56, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 57 */ - .name = "Ingress-Filters", - .attr = 57, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 58 */ - .name = "Egress-VLAN-Name", - .attr = 58, - .type = NR_TYPE_STRING, - }, - { /* 59 */ - .name = "User-Priority-Table", - .attr = 59, - .type = NR_TYPE_OCTETS, - }, - { /* 60 */ - .name = "CHAP-Challenge", - .attr = 60, - .type = NR_TYPE_OCTETS, - }, - { /* 61 */ - .name = "NAS-Port-Type", - .attr = 61, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 62 */ - .name = "Port-Limit", - .attr = 62, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 63 */ - .name = "Login-LAT-Port", - .attr = 63, - .type = NR_TYPE_STRING, - }, - { /* 64 */ - .name = "Tunnel-Type", - .attr = 64, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - .has_tag = 1, - }, - }, - { /* 65 */ - .name = "Tunnel-Medium-Type", - .attr = 65, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - .has_tag = 1, - }, - }, - { /* 66 */ - .name = "Tunnel-Client-Endpoint", - .attr = 66, - .type = NR_TYPE_STRING, - .flags = { - .has_tag = 1, - }, - }, - { /* 67 */ - .name = "Tunnel-Server-Endpoint", - .attr = 67, - .type = NR_TYPE_STRING, - .flags = { - .has_tag = 1, - }, - }, - { /* 68 */ - .name = "Acct-Tunnel-Connection", - .attr = 68, - .type = NR_TYPE_STRING, - }, - { /* 69 */ - .name = "Tunnel-Password", - .attr = 69, - .type = NR_TYPE_STRING, - .flags = { - .encrypt = FLAG_ENCRYPT_TUNNEL_PASSWORD, - .has_tag = 1, - }, - }, - { /* 70 */ - .name = "ARAP-Password", - .attr = 70, - .type = NR_TYPE_OCTETS, - .flags = { - .length = 16, - }, - }, - { /* 71 */ - .name = "ARAP-Features", - .attr = 71, - .type = NR_TYPE_OCTETS, - .flags = { - .length = 14, - }, - }, - { /* 72 */ - .name = "ARAP-Zone-Access", - .attr = 72, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 73 */ - .name = "ARAP-Security", - .attr = 73, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 74 */ - .name = "ARAP-Security-Data", - .attr = 74, - .type = NR_TYPE_STRING, - }, - { /* 75 */ - .name = "Password-Retry", - .attr = 75, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 76 */ - .name = "Prompt", - .attr = 76, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 77 */ - .name = "Connect-Info", - .attr = 77, - .type = NR_TYPE_STRING, - }, - { /* 78 */ - .name = "Configuration-Token", - .attr = 78, - .type = NR_TYPE_STRING, - }, - { /* 79 */ - .name = "EAP-Message", - .attr = 79, - .type = NR_TYPE_OCTETS, - }, - { /* 80 */ - .name = "Message-Authenticator", - .attr = 80, - .type = NR_TYPE_OCTETS, - }, - { /* 81 */ - .name = "Tunnel-Private-Group-Id", - .attr = 81, - .type = NR_TYPE_STRING, - .flags = { - .has_tag = 1, - }, - }, - { /* 82 */ - .name = "Tunnel-Assignment-Id", - .attr = 82, - .type = NR_TYPE_STRING, - .flags = { - .has_tag = 1, - }, - }, - { /* 83 */ - .name = "Tunnel-Preference", - .attr = 83, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - .has_tag = 1, - }, - }, - { /* 84 */ - .name = "ARAP-Challenge-Response", - .attr = 84, - .type = NR_TYPE_OCTETS, - .flags = { - .length = 8, - }, - }, - { /* 85 */ - .name = "Acct-Interim-Interval", - .attr = 85, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 86 */ - .name = "Acct-Tunnel-Packets-Lost", - .attr = 86, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 87 */ - .name = "NAS-Port-Id", - .attr = 87, - .type = NR_TYPE_STRING, - }, - { /* 88 */ - .name = "Framed-Pool", - .attr = 88, - .type = NR_TYPE_STRING, - }, - { /* 89 */ - .name = "Chargeable-User-Identity", - .attr = 89, - .type = NR_TYPE_STRING, - }, - { /* 90 */ - .name = "Tunnel-Client-Auth-Id", - .attr = 90, - .type = NR_TYPE_STRING, - .flags = { - .has_tag = 1, - }, - }, - { /* 91 */ - .name = "Tunnel-Server-Auth-Id", - .attr = 91, - .type = NR_TYPE_STRING, - .flags = { - .has_tag = 1, - }, - }, - { /* 92 */ - .name = "NAS-Filter-Rule", - .attr = 92, - .type = NR_TYPE_STRING, - }, - { /* 93 */ - .name = NULL, - }, - { /* 94 */ - .name = NULL, - }, - { /* 95 */ - .name = "NAS-IPv6-Address", - .attr = 95, - .type = NR_TYPE_IPV6ADDR, - .flags = { - .length = 16, - }, - }, - { /* 96 */ - .name = "Framed-Interface-Id", - .attr = 96, - .type = NR_TYPE_IFID, - .flags = { - .length = 8, - }, - }, - { /* 97 */ - .name = "Framed-IPv6-Prefix", - .attr = 97, - .type = NR_TYPE_IPV6PREFIX, - }, - { /* 98 */ - .name = "Login-IPv6-Host", - .attr = 98, - .type = NR_TYPE_IPV6ADDR, - .flags = { - .length = 16, - }, - }, - { /* 99 */ - .name = "Framed-IPv6-Route", - .attr = 99, - .type = NR_TYPE_STRING, - }, - { /* 100 */ - .name = "Framed-IPv6-Pool", - .attr = 100, - .type = NR_TYPE_STRING, - }, - { /* 101 */ - .name = "Error-Cause", - .attr = 101, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 102 */ - .name = "EAP-Key-Name", - .attr = 102, - .type = NR_TYPE_STRING, - }, - { /* 103 */ - .name = "Digest-Response", - .attr = 103, - .type = NR_TYPE_STRING, - }, - { /* 104 */ - .name = "Digest-Realm", - .attr = 104, - .type = NR_TYPE_STRING, - }, - { /* 105 */ - .name = "Digest-Nonce", - .attr = 105, - .type = NR_TYPE_STRING, - }, - { /* 106 */ - .name = "Digest-Response-Auth", - .attr = 106, - .type = NR_TYPE_STRING, - }, - { /* 107 */ - .name = "Digest-Nextnonce", - .attr = 107, - .type = NR_TYPE_STRING, - }, - { /* 108 */ - .name = "Digest-Method", - .attr = 108, - .type = NR_TYPE_STRING, - }, - { /* 109 */ - .name = "Digest-URI", - .attr = 109, - .type = NR_TYPE_STRING, - }, - { /* 110 */ - .name = "Digest-Qop", - .attr = 110, - .type = NR_TYPE_STRING, - }, - { /* 111 */ - .name = "Digest-Algorithm", - .attr = 111, - .type = NR_TYPE_STRING, - }, - { /* 112 */ - .name = "Digest-Entity-Body-Hash", - .attr = 112, - .type = NR_TYPE_STRING, - }, - { /* 113 */ - .name = "Digest-CNonce", - .attr = 113, - .type = NR_TYPE_STRING, - }, - { /* 114 */ - .name = "Digest-Nonce-Count", - .attr = 114, - .type = NR_TYPE_STRING, - }, - { /* 115 */ - .name = "Digest-Username", - .attr = 115, - .type = NR_TYPE_STRING, - }, - { /* 116 */ - .name = "Digest-Opaque", - .attr = 116, - .type = NR_TYPE_STRING, - }, - { /* 117 */ - .name = "Digest-Auth-Param", - .attr = 117, - .type = NR_TYPE_STRING, - }, - { /* 118 */ - .name = "Digest-AKA-Auts", - .attr = 118, - .type = NR_TYPE_STRING, - }, - { /* 119 */ - .name = "Digest-Domain", - .attr = 119, - .type = NR_TYPE_STRING, - }, - { /* 120 */ - .name = "Digest-Stale", - .attr = 120, - .type = NR_TYPE_STRING, - }, - { /* 121 */ - .name = "Digest-HA1", - .attr = 121, - .type = NR_TYPE_STRING, - }, - { /* 122 */ - .name = "SIP-AOR", - .attr = 122, - .type = NR_TYPE_STRING, - }, - { /* 123 */ - .name = "Delegated-IPv6-Prefix", - .attr = 123, - .type = NR_TYPE_IPV6PREFIX, - }, - { /* 124 */ - .name = NULL, - }, - { /* 125 */ - .name = NULL, - }, - { /* 126 */ - .name = "Operator-Name", - .attr = 126, - .type = NR_TYPE_STRING, - }, - { /* 127 */ - .name = "Location-Information", - .attr = 127, - .type = NR_TYPE_OCTETS, - }, - { /* 128 */ - .name = "Location-Data", - .attr = 128, - .type = NR_TYPE_OCTETS, - }, - { /* 129 */ - .name = "Basic-Location-Policy-Rules", - .attr = 129, - .type = NR_TYPE_OCTETS, - }, - { /* 130 */ - .name = "Extended-Location-Policy-Rules", - .attr = 130, - .type = NR_TYPE_OCTETS, - }, - { /* 131 */ - .name = "Location-Capable", - .attr = 131, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 132 */ - .name = "Requested-Location-Info", - .attr = 132, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 133 */ - .name = "Framed-Management", - .attr = 133, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 134 */ - .name = "Management-Transport-Protection", - .attr = 134, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 135 */ - .name = "Management-Policy-Id", - .attr = 135, - .type = NR_TYPE_STRING, - }, - { /* 136 */ - .name = "Management-Privilege-Level", - .attr = 136, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 137 */ - .name = "PKM-SS-Cert", - .attr = 137, - .type = NR_TYPE_OCTETS, - }, - { /* 138 */ - .name = "PKM-CA-Cert", - .attr = 138, - .type = NR_TYPE_OCTETS, - }, - { /* 139 */ - .name = "PKM-Config-Settings", - .attr = 139, - .type = NR_TYPE_OCTETS, - }, - { /* 140 */ - .name = "PKM-Cryptosuite-List", - .attr = 140, - .type = NR_TYPE_OCTETS, - }, - { /* 141 */ - .name = "PKM-SAID", - .attr = 141, - .type = NR_TYPE_SHORT, - .flags = { - .length = 2, - }, - }, - { /* 142 */ - .name = "PKM-SA-Descriptor", - .attr = 142, - .type = NR_TYPE_OCTETS, - }, - { /* 143 */ - .name = "PKM-Auth-Key", - .attr = 143, - .type = NR_TYPE_OCTETS, - }, - { /* 144 */ - .name = NULL, - }, - { /* 145 */ - .name = NULL, - }, - { /* 146 */ - .name = NULL, - }, - { /* 147 */ - .name = NULL, - }, - { /* 148 */ - .name = NULL, - }, - { /* 149 */ - .name = NULL, - }, - { /* 150 */ - .name = NULL, - }, - { /* 151 */ - .name = NULL, - }, - { /* 152 */ - .name = NULL, - }, - { /* 153 */ - .name = NULL, - }, - { /* 154 */ - .name = NULL, - }, - { /* 155 */ - .name = NULL, - }, - { /* 156 */ - .name = NULL, - }, - { /* 157 */ - .name = NULL, - }, - { /* 158 */ - .name = NULL, - }, - { /* 159 */ - .name = NULL, - }, - { /* 160 */ - .name = NULL, - }, - { /* 161 */ - .name = NULL, - }, - { /* 162 */ - .name = NULL, - }, - { /* 163 */ - .name = NULL, - }, - { /* 164 */ - .name = NULL, - }, - { /* 165 */ - .name = NULL, - }, - { /* 166 */ - .name = NULL, - }, - { /* 167 */ - .name = NULL, - }, - { /* 168 */ - .name = NULL, - }, - { /* 169 */ - .name = NULL, - }, - { /* 170 */ - .name = NULL, - }, - { /* 171 */ - .name = NULL, - }, - { /* 172 */ - .name = NULL, - }, - { /* 173 */ - .name = NULL, - }, - { /* 174 */ - .name = NULL, - }, - { /* 175 */ - .name = NULL, - }, - { /* 176 */ - .name = NULL, - }, - { /* 177 */ - .name = NULL, - }, - { /* 178 */ - .name = NULL, - }, - { /* 179 */ - .name = NULL, - }, - { /* 180 */ - .name = NULL, - }, - { /* 181 */ - .name = NULL, - }, - { /* 182 */ - .name = NULL, - }, - { /* 183 */ - .name = NULL, - }, - { /* 184 */ - .name = NULL, - }, - { /* 185 */ - .name = NULL, - }, - { /* 186 */ - .name = NULL, - }, - { /* 187 */ - .name = NULL, - }, - { /* 188 */ - .name = NULL, - }, - { /* 189 */ - .name = NULL, - }, - { /* 190 */ - .name = NULL, - }, - { /* 191 */ - .name = NULL, - }, - { /* 192 */ - .name = NULL, - }, - { /* 193 */ - .name = NULL, - }, - { /* 194 */ - .name = NULL, - }, - { /* 195 */ - .name = NULL, - }, - { /* 196 */ - .name = NULL, - }, - { /* 197 */ - .name = NULL, - }, - { /* 198 */ - .name = NULL, - }, - { /* 199 */ - .name = NULL, - }, - { /* 200 */ - .name = NULL, - }, - { /* 201 */ - .name = NULL, - }, - { /* 202 */ - .name = NULL, - }, - { /* 203 */ - .name = NULL, - }, - { /* 204 */ - .name = NULL, - }, - { /* 205 */ - .name = NULL, - }, - { /* 206 */ - .name = NULL, - }, - { /* 207 */ - .name = NULL, - }, - { /* 208 */ - .name = NULL, - }, - { /* 209 */ - .name = NULL, - }, - { /* 210 */ - .name = NULL, - }, - { /* 211 */ - .name = NULL, - }, - { /* 212 */ - .name = NULL, - }, - { /* 213 */ - .name = NULL, - }, - { /* 214 */ - .name = NULL, - }, - { /* 215 */ - .name = NULL, - }, - { /* 216 */ - .name = NULL, - }, - { /* 217 */ - .name = NULL, - }, - { /* 218 */ - .name = NULL, - }, - { /* 219 */ - .name = NULL, - }, - { /* 220 */ - .name = NULL, - }, - { /* 221 */ - .name = NULL, - }, - { /* 222 */ - .name = NULL, - }, - { /* 223 */ - .name = NULL, - }, - { /* 224 */ - .name = NULL, - }, - { /* 225 */ - .name = NULL, - }, - { /* 226 */ - .name = NULL, - }, - { /* 227 */ - .name = NULL, - }, - { /* 228 */ - .name = NULL, - }, - { /* 229 */ - .name = NULL, - }, - { /* 230 */ - .name = NULL, - }, - { /* 231 */ - .name = NULL, - }, - { /* 232 */ - .name = NULL, - }, - { /* 233 */ - .name = NULL, - }, - { /* 234 */ - .name = NULL, - }, - { /* 235 */ - .name = NULL, - }, - { /* 236 */ - .name = NULL, - }, - { /* 237 */ - .name = NULL, - }, - { /* 238 */ - .name = NULL, - }, - { /* 239 */ - .name = NULL, - }, - { /* 240 */ - .name = NULL, - }, - { /* 241 */ - .name = NULL, - }, - { /* 242 */ - .name = NULL, - }, - { /* 243 */ - .name = NULL, - }, - { /* 244 */ - .name = NULL, - }, - { /* 245 */ - .name = NULL, - }, - { /* 246 */ - .name = NULL, - }, - { /* 247 */ - .name = NULL, - }, - { /* 248 */ - .name = NULL, - }, - { /* 249 */ - .name = NULL, - }, - { /* 250 */ - .name = NULL, - }, - { /* 251 */ - .name = NULL, - }, - { /* 252 */ - .name = NULL, - }, - { /* 253 */ - .name = NULL, - }, - { /* 254 */ - .name = NULL, - }, - { /* 255 */ - .name = NULL, - }, - { /* 256 */ - .name = "MS-CHAP-Response", - .vendor = 311, - .attr = 1, - .type = NR_TYPE_OCTETS, - }, - { /* 257 */ - .name = "MS-CHAP-Error", - .vendor = 311, - .attr = 2, - .type = NR_TYPE_STRING, - }, - { /* 258 */ - .name = "MS-MPPE-Encryption-Policy", - .vendor = 311, - .attr = 7, - .type = NR_TYPE_OCTETS, - }, - { /* 259 */ - .name = "MS-MPPE-Encryption-Types", - .vendor = 311, - .attr = 8, - .type = NR_TYPE_OCTETS, - }, - { /* 260 */ - .name = "MS-CHAP-Domain", - .vendor = 311, - .attr = 10, - .type = NR_TYPE_STRING, - }, - { /* 261 */ - .name = "MS-CHAP-Challenge", - .vendor = 311, - .attr = 11, - .type = NR_TYPE_OCTETS, - }, - { /* 262 */ - .name = "MS-CHAP-MPPE-Keys", - .vendor = 311, - .attr = 12, - .type = NR_TYPE_OCTETS, - .flags = { - .encrypt = FLAG_ENCRYPT_USER_PASSWORD, - }, - }, - { /* 263 */ - .name = "MS-MPPE-Send-Key", - .vendor = 311, - .attr = 16, - .type = NR_TYPE_OCTETS, - .flags = { - .encrypt = FLAG_ENCRYPT_TUNNEL_PASSWORD, - }, - }, - { /* 264 */ - .name = "MS-MPPE-Recv-Key", - .vendor = 311, - .attr = 17, - .type = NR_TYPE_OCTETS, - .flags = { - .encrypt = FLAG_ENCRYPT_TUNNEL_PASSWORD, - }, - }, - { /* 265 */ - .name = "MS-CHAP2-Response", - .vendor = 311, - .attr = 25, - .type = NR_TYPE_OCTETS, - }, - { /* 266 */ - .name = "MS-CHAP2-Success", - .vendor = 311, - .attr = 26, - .type = NR_TYPE_OCTETS, - }, - { /* 267 */ - .name = "Example-Integer", - .vendor = 65535, - .attr = 1, - .type = NR_TYPE_INTEGER, - .flags = { - .length = 4, - }, - }, - { /* 268 */ - .name = "Example-String", - .vendor = 65535, - .attr = 2, - .type = NR_TYPE_STRING, - }, - { /* 269 */ - .name = "Example-IP-Address", - .vendor = 65535, - .attr = 3, - .type = NR_TYPE_IPADDR, - .flags = { - .length = 4, - }, - }, -}; - -const int nr_dict_num_attrs = 269; - -const int nr_dict_num_names = 149; - -const DICT_ATTR *nr_dict_attr_names[] = { - &nr_dict_attrs[45], /* Acct-Authentic */ - &nr_dict_attrs[41], /* Acct-Delay-Time */ - &nr_dict_attrs[52], /* Acct-Input-Gigawords */ - &nr_dict_attrs[42], /* Acct-Input-Octets */ - &nr_dict_attrs[47], /* Acct-Input-Packets */ - &nr_dict_attrs[85], /* Acct-Interim-Interval */ - &nr_dict_attrs[51], /* Acct-Link-Count */ - &nr_dict_attrs[50], /* Acct-Multi-Session-Id */ - &nr_dict_attrs[53], /* Acct-Output-Gigawords */ - &nr_dict_attrs[43], /* Acct-Output-Octets */ - &nr_dict_attrs[48], /* Acct-Output-Packets */ - &nr_dict_attrs[44], /* Acct-Session-Id */ - &nr_dict_attrs[46], /* Acct-Session-Time */ - &nr_dict_attrs[40], /* Acct-Status-Type */ - &nr_dict_attrs[49], /* Acct-Terminate-Cause */ - &nr_dict_attrs[68], /* Acct-Tunnel-Connection */ - &nr_dict_attrs[86], /* Acct-Tunnel-Packets-Lost */ - &nr_dict_attrs[84], /* ARAP-Challenge-Response */ - &nr_dict_attrs[71], /* ARAP-Features */ - &nr_dict_attrs[70], /* ARAP-Password */ - &nr_dict_attrs[73], /* ARAP-Security */ - &nr_dict_attrs[74], /* ARAP-Security-Data */ - &nr_dict_attrs[72], /* ARAP-Zone-Access */ - &nr_dict_attrs[129], /* Basic-Location-Policy-Rules */ - &nr_dict_attrs[20], /* Callback-Id */ - &nr_dict_attrs[19], /* Callback-Number */ - &nr_dict_attrs[30], /* Called-Station-Id */ - &nr_dict_attrs[31], /* Calling-Station-Id */ - &nr_dict_attrs[60], /* CHAP-Challenge */ - &nr_dict_attrs[3], /* CHAP-Password */ - &nr_dict_attrs[89], /* Chargeable-User-Identity */ - &nr_dict_attrs[25], /* Class */ - &nr_dict_attrs[78], /* Configuration-Token */ - &nr_dict_attrs[77], /* Connect-Info */ - &nr_dict_attrs[123], /* Delegated-IPv6-Prefix */ - &nr_dict_attrs[118], /* Digest-AKA-Auts */ - &nr_dict_attrs[111], /* Digest-Algorithm */ - &nr_dict_attrs[117], /* Digest-Auth-Param */ - &nr_dict_attrs[113], /* Digest-CNonce */ - &nr_dict_attrs[119], /* Digest-Domain */ - &nr_dict_attrs[112], /* Digest-Entity-Body-Hash */ - &nr_dict_attrs[121], /* Digest-HA1 */ - &nr_dict_attrs[108], /* Digest-Method */ - &nr_dict_attrs[107], /* Digest-Nextnonce */ - &nr_dict_attrs[105], /* Digest-Nonce */ - &nr_dict_attrs[114], /* Digest-Nonce-Count */ - &nr_dict_attrs[116], /* Digest-Opaque */ - &nr_dict_attrs[110], /* Digest-Qop */ - &nr_dict_attrs[104], /* Digest-Realm */ - &nr_dict_attrs[103], /* Digest-Response */ - &nr_dict_attrs[106], /* Digest-Response-Auth */ - &nr_dict_attrs[120], /* Digest-Stale */ - &nr_dict_attrs[109], /* Digest-URI */ - &nr_dict_attrs[115], /* Digest-Username */ - &nr_dict_attrs[102], /* EAP-Key-Name */ - &nr_dict_attrs[79], /* EAP-Message */ - &nr_dict_attrs[58], /* Egress-VLAN-Name */ - &nr_dict_attrs[56], /* Egress-VLANID */ - &nr_dict_attrs[101], /* Error-Cause */ - &nr_dict_attrs[55], /* Event-Timestamp */ - &nr_dict_attrs[267], /* Example-Integer */ - &nr_dict_attrs[269], /* Example-IP-Address */ - &nr_dict_attrs[268], /* Example-String */ - &nr_dict_attrs[130], /* Extended-Location-Policy-Rules */ - &nr_dict_attrs[11], /* Filter-Id */ - &nr_dict_attrs[37], /* Framed-AppleTalk-Link */ - &nr_dict_attrs[38], /* Framed-AppleTalk-Network */ - &nr_dict_attrs[39], /* Framed-AppleTalk-Zone */ - &nr_dict_attrs[13], /* Framed-Compression */ - &nr_dict_attrs[96], /* Framed-Interface-Id */ - &nr_dict_attrs[8], /* Framed-IP-Address */ - &nr_dict_attrs[9], /* Framed-IP-Netmask */ - &nr_dict_attrs[100], /* Framed-IPv6-Pool */ - &nr_dict_attrs[97], /* Framed-IPv6-Prefix */ - &nr_dict_attrs[99], /* Framed-IPv6-Route */ - &nr_dict_attrs[23], /* Framed-IPX-Network */ - &nr_dict_attrs[133], /* Framed-Management */ - &nr_dict_attrs[12], /* Framed-MTU */ - &nr_dict_attrs[88], /* Framed-Pool */ - &nr_dict_attrs[7], /* Framed-Protocol */ - &nr_dict_attrs[22], /* Framed-Route */ - &nr_dict_attrs[10], /* Framed-Routing */ - &nr_dict_attrs[28], /* Idle-Timeout */ - &nr_dict_attrs[57], /* Ingress-Filters */ - &nr_dict_attrs[131], /* Location-Capable */ - &nr_dict_attrs[128], /* Location-Data */ - &nr_dict_attrs[127], /* Location-Information */ - &nr_dict_attrs[14], /* Login-IP-Host */ - &nr_dict_attrs[98], /* Login-IPv6-Host */ - &nr_dict_attrs[36], /* Login-LAT-Group */ - &nr_dict_attrs[35], /* Login-LAT-Node */ - &nr_dict_attrs[63], /* Login-LAT-Port */ - &nr_dict_attrs[34], /* Login-LAT-Service */ - &nr_dict_attrs[15], /* Login-Service */ - &nr_dict_attrs[16], /* Login-TCP-Port */ - &nr_dict_attrs[135], /* Management-Policy-Id */ - &nr_dict_attrs[136], /* Management-Privilege-Level */ - &nr_dict_attrs[134], /* Management-Transport-Protection */ - &nr_dict_attrs[80], /* Message-Authenticator */ - &nr_dict_attrs[261], /* MS-CHAP-Challenge */ - &nr_dict_attrs[260], /* MS-CHAP-Domain */ - &nr_dict_attrs[257], /* MS-CHAP-Error */ - &nr_dict_attrs[262], /* MS-CHAP-MPPE-Keys */ - &nr_dict_attrs[256], /* MS-CHAP-Response */ - &nr_dict_attrs[265], /* MS-CHAP2-Response */ - &nr_dict_attrs[266], /* MS-CHAP2-Success */ - &nr_dict_attrs[258], /* MS-MPPE-Encryption-Policy */ - &nr_dict_attrs[259], /* MS-MPPE-Encryption-Types */ - &nr_dict_attrs[264], /* MS-MPPE-Recv-Key */ - &nr_dict_attrs[263], /* MS-MPPE-Send-Key */ - &nr_dict_attrs[92], /* NAS-Filter-Rule */ - &nr_dict_attrs[32], /* NAS-Identifier */ - &nr_dict_attrs[4], /* NAS-IP-Address */ - &nr_dict_attrs[95], /* NAS-IPv6-Address */ - &nr_dict_attrs[5], /* NAS-Port */ - &nr_dict_attrs[87], /* NAS-Port-Id */ - &nr_dict_attrs[61], /* NAS-Port-Type */ - &nr_dict_attrs[126], /* Operator-Name */ - &nr_dict_attrs[75], /* Password-Retry */ - &nr_dict_attrs[143], /* PKM-Auth-Key */ - &nr_dict_attrs[138], /* PKM-CA-Cert */ - &nr_dict_attrs[139], /* PKM-Config-Settings */ - &nr_dict_attrs[140], /* PKM-Cryptosuite-List */ - &nr_dict_attrs[142], /* PKM-SA-Descriptor */ - &nr_dict_attrs[141], /* PKM-SAID */ - &nr_dict_attrs[137], /* PKM-SS-Cert */ - &nr_dict_attrs[62], /* Port-Limit */ - &nr_dict_attrs[76], /* Prompt */ - &nr_dict_attrs[33], /* Proxy-State */ - &nr_dict_attrs[18], /* Reply-Message */ - &nr_dict_attrs[132], /* Requested-Location-Info */ - &nr_dict_attrs[6], /* Service-Type */ - &nr_dict_attrs[27], /* Session-Timeout */ - &nr_dict_attrs[122], /* SIP-AOR */ - &nr_dict_attrs[24], /* State */ - &nr_dict_attrs[29], /* Termination-Action */ - &nr_dict_attrs[82], /* Tunnel-Assignment-Id */ - &nr_dict_attrs[90], /* Tunnel-Client-Auth-Id */ - &nr_dict_attrs[66], /* Tunnel-Client-Endpoint */ - &nr_dict_attrs[65], /* Tunnel-Medium-Type */ - &nr_dict_attrs[69], /* Tunnel-Password */ - &nr_dict_attrs[83], /* Tunnel-Preference */ - &nr_dict_attrs[81], /* Tunnel-Private-Group-Id */ - &nr_dict_attrs[91], /* Tunnel-Server-Auth-Id */ - &nr_dict_attrs[67], /* Tunnel-Server-Endpoint */ - &nr_dict_attrs[64], /* Tunnel-Type */ - &nr_dict_attrs[1], /* User-Name */ - &nr_dict_attrs[2], /* User-Password */ - &nr_dict_attrs[59], /* User-Priority-Table */ - &nr_dict_attrs[26], /* Vendor-Specific */ -}; - diff --git a/lib/radius/examples/example_1.c b/lib/radius/examples/example_1.c index 503d927..265c880 100644 --- a/lib/radius/examples/example_1.c +++ b/lib/radius/examples/example_1.c @@ -36,8 +36,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ static const char *secret = "testing123"; -static uint8_t request_buffer[NR_MAX_PACKET_LEN]; -static uint8_t response_buffer[NR_MAX_PACKET_LEN]; +static uint8_t request_buffer[RS_MAX_PACKET_LEN]; +static uint8_t response_buffer[RS_MAX_PACKET_LEN]; static RADIUS_PACKET request, response; int main(int argc, const char *argv[]) @@ -58,12 +58,12 @@ int main(int argc, const char *argv[]) if (argc > 2) password = argv[2]; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_USER_NAME, + RS_DA_USER_NAME, user, 0); if (rcode < 0) goto error; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_USER_PASSWORD, + RS_DA_USER_PASSWORD, password, 0); if (rcode < 0) goto error; diff --git a/lib/radius/examples/example_2.c b/lib/radius/examples/example_2.c index 1065c8e..0a58523 100644 --- a/lib/radius/examples/example_2.c +++ b/lib/radius/examples/example_2.c @@ -36,8 +36,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ static const char *secret = "testing123"; -static uint8_t request_buffer[NR_MAX_PACKET_LEN]; -static uint8_t response_buffer[NR_MAX_PACKET_LEN]; +static uint8_t request_buffer[RS_MAX_PACKET_LEN]; +static uint8_t response_buffer[RS_MAX_PACKET_LEN]; static RADIUS_PACKET request, response; int main(int argc, const char *argv[]) @@ -58,12 +58,12 @@ int main(int argc, const char *argv[]) if (argc > 2) password = argv[2]; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_USER_NAME, + RS_DA_USER_NAME, user, 0); if (rcode < 0) goto error; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_CHAP_PASSWORD, + RS_DA_CHAP_PASSWORD, password, strlen(password)); if (rcode < 0) goto error; diff --git a/lib/radius/examples/example_3.c b/lib/radius/examples/example_3.c index 6104f6f..33fc671 100644 --- a/lib/radius/examples/example_3.c +++ b/lib/radius/examples/example_3.c @@ -39,8 +39,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ static const char *secret = "testing123"; -static uint8_t request_buffer[NR_MAX_PACKET_LEN]; -static uint8_t response_buffer[NR_MAX_PACKET_LEN]; +static uint8_t request_buffer[RS_MAX_PACKET_LEN]; +static uint8_t response_buffer[RS_MAX_PACKET_LEN]; static RADIUS_PACKET request, response; int main(int argc, const char *argv[]) @@ -61,12 +61,12 @@ int main(int argc, const char *argv[]) if (argc > 2) password = argv[2]; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_USER_NAME, + RS_DA_USER_NAME, user, 0); if (rcode < 0) goto error; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_USER_PASSWORD, + RS_DA_USER_PASSWORD, password, 0); if (rcode < 0) goto error; @@ -84,12 +84,12 @@ int main(int argc, const char *argv[]) if (rcode < 0) goto error; rcode = nr_packet_attr_append(&response, &request, - NR_DA_REPLY_MESSAGE, + RS_DA_REPLY_MESSAGE, "Success!", 0); if (rcode < 0) goto error; rcode = nr_packet_attr_append(&response, &request, - NR_DA_TUNNEL_PASSWORD, + RS_DA_TUNNEL_PASSWORD, password, 0); if (rcode < 0) goto error; rcode = nr_packet_sign(&response, &request); diff --git a/lib/radius/examples/example_4.c b/lib/radius/examples/example_4.c index f93764c..2dadc89 100644 --- a/lib/radius/examples/example_4.c +++ b/lib/radius/examples/example_4.c @@ -52,12 +52,12 @@ int main(int argc, const char *argv[]) if (argc > 2) password = argv[2]; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_USER_NAME, + RS_DA_USER_NAME, user, 0); if (rcode < 0) goto error; rcode = nr_packet_attr_append(&request, NULL, - NR_DA_USER_PASSWORD, + RS_DA_USER_PASSWORD, password, 0); if (rcode < 0) goto error; @@ -75,7 +75,7 @@ int main(int argc, const char *argv[]) if (rcode < 0) goto error; rcode = nr_packet_attr_append(&response, &request, - NR_DA_REPLY_MESSAGE, + RS_DA_REPLY_MESSAGE, "Success!", 0); if (rcode < 0) goto error; diff --git a/lib/radius/id.c b/lib/radius/id.c index 4fbe631..2b956f2 100644 --- a/lib/radius/id.c +++ b/lib/radius/id.c @@ -25,7 +25,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include +#include "client.h" #include /** \file id.c @@ -38,7 +38,7 @@ static int find_id(nr_server_t *s) int i; uint32_t lvalue; - if ((s->used < 0) || (s->used > 256)) return -NR_ERR_INTERNAL_FAILURE; + if ((s->used < 0) || (s->used > 256)) return -RSE_INTERNAL; /* * Ensure that the ID allocation is random. @@ -59,7 +59,7 @@ int nr_server_id_alloc(nr_server_t *s, RADIUS_PACKET *packet) { int new_id; - if (!s || !packet) return -NR_ERR_INVALID_ARG; + if (!s || !packet) return -RSE_INVAL; new_id = find_id(s); if (new_id < 0) return -new_id; @@ -77,13 +77,13 @@ int nr_server_id_alloc(nr_server_t *s, RADIUS_PACKET *packet) int nr_server_id_free(nr_server_t *s, RADIUS_PACKET *packet) { - if (!s || !packet) return -NR_ERR_INVALID_ARG; + if (!s || !packet) return -RSE_INVAL; if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } - if (s->ids[packet->id] != packet) return -NR_ERR_INTERNAL_FAILURE; + if (s->ids[packet->id] != packet) return -RSE_INTERNAL; s->ids[packet->id] = NULL; s->used--; @@ -96,13 +96,13 @@ int nr_server_id_realloc(nr_server_t *s, RADIUS_PACKET *packet) { int new_id; - if (!s || !packet) return -NR_ERR_INVALID_ARG; + if (!s || !packet) return -RSE_INVAL; if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } - if (s->ids[packet->id] != packet) return -NR_ERR_INTERNAL_FAILURE; + if (s->ids[packet->id] != packet) return -RSE_INTERNAL; new_id = find_id(s); if (new_id < 0) return new_id; @@ -118,8 +118,8 @@ int nr_server_id_realloc(nr_server_t *s, RADIUS_PACKET *packet) int nr_server_init(nr_server_t *s, int code, const char *secret) { if (!s || !secret || !*secret || - (code == 0) || (code > NR_MAX_PACKET_CODE)) { - return -NR_ERR_INVALID_ARG; + (code == 0) || (code > RS_MAX_PACKET_CODE)) { + return -RSE_INVAL; } memset(s, 0, sizeof(*s)); @@ -137,9 +137,9 @@ int nr_server_init(nr_server_t *s, int code, const char *secret) int nr_server_close(const nr_server_t *s) { - if (!s) return -NR_ERR_INVALID_ARG; + if (!s) return -RSE_INVAL; - if (s->used > 0) return -NR_ERR_IN_USE; + if (s->used > 0) return -RSE_INUSE; if (s->sockfd >= 0) close(s->sockfd); @@ -151,23 +151,23 @@ int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p) int rcode; RADIUS_PACKET *packet; - if (!packet_p) return -NR_ERR_INVALID_ARG; + if (!packet_p) return -RSE_INVAL; - packet = malloc(sizeof(*packet) + NR_MAX_PACKET_LEN); - if (!packet) return -NR_ERR_NO_MEM; + packet = malloc(sizeof(*packet) + RS_MAX_PACKET_LEN); + if (!packet) return -RSE_NOMEM; memset(packet, 0, sizeof(*packet)); if (!s) { packet->data = (uint8_t *)(packet + 1); - packet->sizeof_data = NR_MAX_PACKET_LEN; + packet->sizeof_data = RS_MAX_PACKET_LEN; *packet_p = packet; return 0; } rcode = nr_packet_init(packet, NULL, s->secret, s->code, - (uint8_t *)(packet + 1), NR_MAX_PACKET_LEN); + (uint8_t *)(packet + 1), RS_MAX_PACKET_LEN); if (rcode < 0) { free(packet); return rcode; diff --git a/lib/radius/packet.c b/lib/radius/packet.c index 77e3d14..c5d3bc4 100644 --- a/lib/radius/packet.c +++ b/lib/radius/packet.c @@ -29,17 +29,17 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Encoding and decoding packets */ -#include +#include "client.h" -#if NR_MAX_PACKET_LEN < 64 -#error NR_MAX_PACKET_LEN is too small. It should be at least 64. +#if RS_MAX_PACKET_LEN < 64 +#error RS_MAX_PACKET_LEN is too small. It should be at least 64. #endif -#if NR_MAX_PACKET_LEN > 16384 -#error NR_MAX_PACKET_LEN is too large. It should be smaller than 16K. +#if RS_MAX_PACKET_LEN > 16384 +#error RS_MAX_PACKET_LEN is too large. It should be smaller than 16K. #endif -const char *nr_packet_codes[NR_MAX_PACKET_CODE + 1] = { +const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1] = { NULL, "Access-Request", "Access-Accept", @@ -61,7 +61,7 @@ const char *nr_packet_codes[NR_MAX_PACKET_CODE + 1] = { }; -static uint64_t allowed_responses[NR_MAX_PACKET_CODE + 1] = { +static uint64_t allowed_responses[RS_MAX_PACKET_CODE + 1] = { 0, (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE), 0, 0, @@ -89,18 +89,18 @@ int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) if (!data || (sizeof_data < 20)) { nr_debug_error("Invalid argument"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } packet_len = (data[2] << 8) | data[3]; if (packet_len < 20) { nr_debug_error("Packet length is too small"); - return -NR_ERR_PACKET_TOO_SMALL; + return -RSE_PACKET_TOO_SMALL; } if (packet_len > sizeof_data) { nr_debug_error("Packet length overflows received data"); - return -NR_ERR_PACKET_TOO_LARGE; + return -RSE_PACKET_TOO_LARGE; } /* @@ -112,17 +112,17 @@ int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) for (attr = data + 20; attr < end; attr += attr[1]) { if ((attr + 2) > end) { nr_debug_error("Attribute overflows packet"); - return -NR_ERR_ATTR_OVERFLOW; + return -RSE_ATTR_OVERFLOW; } if (attr[1] < 2) { nr_debug_error("Attribute length is too small"); - return -NR_ERR_ATTR_TOO_SMALL; + return -RSE_ATTR_TOO_SMALL; } if ((attr + attr[1]) > end) { nr_debug_error("Attribute length is too large"); - return -NR_ERR_ATTR_TOO_LARGE; + return -RSE_ATTR_TOO_LARGE; } } @@ -133,14 +133,14 @@ int nr_packet_ok(RADIUS_PACKET *packet) { int rcode; - if (!packet) return -NR_ERR_INVALID_ARG; + if (!packet) return -RSE_INVAL; - if ((packet->flags & NR_PACKET_OK) != 0) return 0; + if ((packet->flags & RS_PACKET_OK) != 0) return 0; rcode = nr_packet_ok_raw(packet->data, packet->length); if (rcode < 0) return rcode; - packet->flags |= NR_PACKET_OK; + packet->flags |= RS_PACKET_OK; return 0; } @@ -176,7 +176,7 @@ static int msg_auth_ok(const RADIUS_PACKET *original, if (ma[1] != 18) { nr_debug_error("Message-Authenticator has invalid length"); - return -NR_ERR_MSG_AUTH_LEN; + return -RSE_MSG_AUTH_LEN; } memcpy(packet_vector, data + 4, sizeof(packet_vector)); @@ -203,7 +203,7 @@ static int msg_auth_ok(const RADIUS_PACKET *original, case PW_ACCESS_CHALLENGE: if (!original) { nr_debug_error("Cannot validate response without request"); - return -NR_ERR_REQUEST_REQUIRED; + return -RSE_REQUEST_REQUIRED; } memcpy(data + 4, original->vector, sizeof(original->vector)); break; @@ -219,7 +219,7 @@ static int msg_auth_ok(const RADIUS_PACKET *original, if (digest_cmp(calc_auth_vector, msg_auth_vector, sizeof(calc_auth_vector)) != 0) { nr_debug_error("Invalid Message-Authenticator"); - return -NR_ERR_MSG_AUTH_WRONG; + return -RSE_MSG_AUTH_WRONG; } return 1; @@ -234,7 +234,7 @@ static int packet_auth_ok(const RADIUS_PACKET *original, { uint8_t packet_vector[sizeof(original->vector)]; uint8_t calc_digest[sizeof(original->vector)]; - NR_MD5_CTX ctx; + RS_MD5_CTX ctx; if ((data[0] == PW_ACCESS_REQUEST) || (data[0] == PW_STATUS_SERVER)) return 1; @@ -247,17 +247,17 @@ static int packet_auth_ok(const RADIUS_PACKET *original, memcpy(data + 4, original->vector, sizeof(original->vector)); } - nr_MD5Init(&ctx); - nr_MD5Update(&ctx, data, length); - nr_MD5Update(&ctx, original->secret, original->sizeof_secret); - nr_MD5Final(calc_digest, &ctx); + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, data, length); + RS_MD5Update(&ctx, original->secret, original->sizeof_secret); + RS_MD5Final(calc_digest, &ctx); memcpy(data + 4, packet_vector, sizeof(packet_vector)); if (digest_cmp(calc_digest, packet_vector, sizeof(packet_vector)) != 0) { nr_debug_error("Invalid authentication vector"); - return -NR_ERR_AUTH_VECTOR_WRONG; + return -RSE_AUTH_VECTOR_WRONG; } return 0; @@ -274,10 +274,10 @@ int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) if (!packet || !packet->data || !packet->secret) { nr_debug_error("Invalid argument"); - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } - if ((packet->flags & NR_PACKET_VERIFIED) != 0) return 0; + if ((packet->flags & RS_PACKET_VERIFIED) != 0) return 0; /* * Packet isn't well formed. Ignore it. @@ -291,16 +291,16 @@ int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) if (original) { uint64_t mask; - if (original->code > NR_MAX_PACKET_CODE) { + if (original->code > RS_MAX_PACKET_CODE) { nr_debug_error("Invalid original code %u", original->code); - return -NR_ERR_REQUEST_CODE_INVALID; + return -RSE_INVALID_REQUEST_CODE; } if (packet->data[1] != original->id) { nr_debug_error("Ignoring response with wrong ID %u", packet->data[1]); - return -NR_ERR_RESPONSE_ID_INVALID; + return -RSE_INVALID_RESPONSE_CODE; } mask = 1; @@ -309,18 +309,18 @@ int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) if ((allowed_responses[original->code] & mask) == 0) { nr_debug_error("Ignoring response with wrong code %u", packet->data[0]); - return -NR_ERR_RESPONSE_CODE_INVALID; + return -RSE_INVALID_RESPONSE_CODE; } if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && - (sockaddr_cmp(&(packet->src), &(original->dst)) != 0)) { + (evutil_sockaddr_cmp(&(packet->src), &(original->dst)) != 0)) { nr_debug_error("Ignoring response from wrong IP/port"); - return -NR_ERR_RESPONSE_SRC_INVALID; + return -RSE_INVALID_RESPONSE_SRC; } } else if (allowed_responses[packet->data[0]] != 0) { nr_debug_error("Ignoring response without original"); - return -NR_ERR_RESPONSE_CODE_INVALID; + return -RSE_INVALID_RESPONSE_CODE; } #ifdef PW_MESSAGE_AUTHENTICATOR @@ -344,7 +344,7 @@ int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) rcode = packet_auth_ok(original, packet->data, packet->length); if (rcode < 0) return rcode; - packet->flags |= NR_PACKET_VERIFIED; + packet->flags |= RS_PACKET_VERIFIED; return 0; } @@ -357,9 +357,9 @@ int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) const uint8_t *end; VALUE_PAIR **tail, *vp; - if (!packet) return -NR_ERR_INVALID_ARG; + if (!packet) return -RSE_INVAL; - if ((packet->flags & NR_PACKET_DECODED) != 0) return 0; + if ((packet->flags & RS_PACKET_DECODED) != 0) return 0; rcode = nr_packet_ok(packet); if (rcode < 0) return rcode; @@ -387,10 +387,10 @@ int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) vp = vp->next; } - if (num_attributes > NR_MAX_ATTRIBUTES) { + if (num_attributes > RS_MAX_ATTRIBUTES) { nr_debug_error("Too many attributes"); nr_vp_free(&packet->vps); - return -NR_ERR_TOO_MANY_ATTRS; + return -RSE_TOO_MANY_ATTRS; } } @@ -398,7 +398,7 @@ int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) packet->id = data[1]; memcpy(packet->vector, data + 4, sizeof(packet->vector)); - packet->flags |= NR_PACKET_DECODED; + packet->flags |= RS_PACKET_DECODED; return 0; } @@ -411,9 +411,9 @@ int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) const uint8_t *attr, *end; #endif - if ((packet->flags & NR_PACKET_SIGNED) != 0) return 0; + if ((packet->flags & RS_PACKET_SIGNED) != 0) return 0; - if ((packet->flags & NR_PACKET_ENCODED) == 0) { + if ((packet->flags & RS_PACKET_ENCODED) == 0) { int rcode; rcode = nr_packet_encode(packet, original); @@ -426,7 +426,7 @@ int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) #ifdef PW_MESSAGE_AUTHENTICATOR if (!original) { nr_debug_error("Original packet is required to create the Message-Authenticator"); - return -NR_ERR_REQUEST_REQUIRED; + return -RSE_REQUEST_REQUIRED; } #endif @@ -483,18 +483,18 @@ int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) */ if (!((packet->code == PW_ACCESS_REQUEST) || (packet->code == PW_STATUS_SERVER))) { - NR_MD5_CTX ctx; + RS_MD5_CTX ctx; - nr_MD5Init(&ctx); - nr_MD5Update(&ctx, packet->data, packet->length); - nr_MD5Update(&ctx, packet->secret, packet->sizeof_secret); - nr_MD5Final(packet->vector, &ctx); + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, packet->data, packet->length); + RS_MD5Update(&ctx, packet->secret, packet->sizeof_secret); + RS_MD5Final(packet->vector, &ctx); } memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); packet->attempts = 0; - packet->flags |= NR_PACKET_SIGNED; + packet->flags |= RS_PACKET_SIGNED; return 0; } @@ -504,28 +504,28 @@ static int can_encode_packet(RADIUS_PACKET *packet, const RADIUS_PACKET *original) { if ((packet->code == 0) || - (packet->code > NR_MAX_PACKET_CODE) || - (original && (original->code > NR_MAX_PACKET_CODE))) { + (packet->code > RS_MAX_PACKET_CODE) || + (original && (original->code > RS_MAX_PACKET_CODE))) { nr_debug_error("Cannot send unknown packet code"); - return -NR_ERR_REQUEST_CODE_INVALID; + return -RSE_INVALID_REQUEST_CODE; } if (!nr_packet_codes[packet->code]) { nr_debug_error("Cannot handle packet code %u", packet->code); - return -NR_ERR_REQUEST_CODE_INVALID; + return -RSE_INVALID_REQUEST_CODE; } #ifdef NR_NO_MALLOC if (!packet->data) { nr_debug_error("No place to put packet"); - return -NR_ERR_NO_PACKET_DATA; + return -RSE_NO_PACKET_DATA; } #endif if (packet->sizeof_data < 20) { nr_debug_error("The buffer is too small to encode the packet"); - return -NR_ERR_PACKET_TOO_SMALL; + return -RSE_PACKET_TOO_SMALL; } /* @@ -540,14 +540,14 @@ static int can_encode_packet(RADIUS_PACKET *packet, if ((allowed_responses[original->code] & mask) == 0) { nr_debug_error("Cannot encode response %u to packet %u", packet->code, original->code); - return -NR_ERR_RESPONSE_CODE_INVALID; + return -RSE_INVALID_RESPONSE_CODE; } packet->id = original->id; } else if (allowed_responses[packet->code] == 0) { nr_debug_error("Cannot encode response %u without original", packet->code); - return -NR_ERR_REQUEST_REQUIRED; + return -RSE_REQUEST_REQUIRED; } return 0; @@ -555,7 +555,7 @@ static int can_encode_packet(RADIUS_PACKET *packet, static void encode_header(RADIUS_PACKET *packet) { - if ((packet->flags & NR_PACKET_HEADER) != 0) return; + if ((packet->flags & RS_PACKET_HEADER) != 0) return; memset(packet->data, 0, 20); packet->data[0] = packet->code; @@ -576,7 +576,7 @@ static void encode_header(RADIUS_PACKET *packet) memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); - packet->flags |= NR_PACKET_HEADER; + packet->flags |= RS_PACKET_HEADER; } int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) @@ -589,7 +589,7 @@ int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) const VALUE_PAIR *vp; uint8_t *data, *end; - if ((packet->flags & NR_PACKET_ENCODED) != 0) return 0; + if ((packet->flags & RS_PACKET_ENCODED) != 0) return 0; rcode = can_encode_packet(packet, original); if (rcode < 0) return rcode; @@ -642,7 +642,7 @@ int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) packet->data[2] = (packet->length >> 8) & 0xff; packet->data[3] = packet->length & 0xff; - packet->flags |= NR_PACKET_ENCODED; + packet->flags |= RS_PACKET_ENCODED; return packet->length; } @@ -696,7 +696,7 @@ int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, uint8_t *attr; const uint8_t *end; - if (!packet || !callback) return -NR_ERR_INVALID_ARG; + if (!packet || !callback) return -RSE_INVAL; rcode = nr_packet_ok(packet); if (rcode < 0) return rcode; @@ -760,7 +760,7 @@ int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, break; default: - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } switch (dv_length) { @@ -774,7 +774,7 @@ int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, break; default: - return -NR_ERR_INTERNAL_FAILURE; + return -RSE_INTERNAL; } rcode = do_callback(ctx, callback, @@ -794,17 +794,15 @@ int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, { int rcode; - if ((code < 0) || (code > NR_MAX_PACKET_CODE)) { - return -NR_ERR_REQUEST_CODE_INVALID; + if ((code < 0) || (code > RS_MAX_PACKET_CODE)) { + return -RSE_INVALID_REQUEST_CODE; } - if (!data || (sizeof_data < 20)) return -NR_ERR_INVALID_ARG; - - if (!secret || !*secret) return -NR_ERR_INVALID_ARG; + if (!data || (sizeof_data < 20)) return -RSE_INVAL; memset(packet, 0, sizeof(*packet)); packet->secret = secret; - packet->sizeof_secret = strlen(secret); + packet->sizeof_secret = secret ? strlen(secret) : 0; packet->code = code; packet->id = 0; packet->data = data; @@ -832,7 +830,7 @@ static int pack_eap(RADIUS_PACKET *packet, end = attr + packet->sizeof_data; while (left > 253) { - if ((attr + 255) > end) return -NR_ERR_ATTR_OVERFLOW; + if ((attr + 255) > end) return -RSE_ATTR_OVERFLOW; attr[0] = PW_EAP_MESSAGE; attr[1] = 255; @@ -842,7 +840,7 @@ static int pack_eap(RADIUS_PACKET *packet, left -= 253; } - if ((attr + (2 + left)) > end) return -NR_ERR_ATTR_OVERFLOW; + if ((attr + (2 + left)) > end) return -RSE_ATTR_OVERFLOW; attr[0] = PW_EAP_MESSAGE; attr[1] = 2 + left; @@ -864,27 +862,27 @@ ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, const VALUE_PAIR *vp; if (!packet || !da || !data) { - return -NR_ERR_INVALID_ARG; + return -RSE_INVAL; } if (data_len == 0) { - if (da->type != NR_TYPE_STRING) return -NR_ERR_ATTR_TOO_SMALL; + if (da->type != RS_TYPE_STRING) return -RSE_ATTR_TOO_SMALL; data_len = strlen(data); } - packet->flags |= NR_PACKET_ENCODED; /* ignore any VPs */ + packet->flags |= RS_PACKET_ENCODED; /* ignore any VPs */ attr = packet->data + packet->length; end = attr + packet->sizeof_data; if ((attr + 2 + data_len) > end) { - return -NR_ERR_ATTR_OVERFLOW; + return -RSE_ATTR_OVERFLOW; } if ((da->flags.length != 0) && (data_len != da->flags.length)) { - return -NR_ERR_ATTR_VALUE_MALFORMED; + return -RSE_ATTR_VALUE_MALFORMED; } #ifdef PW_EAP_MESSAGE @@ -897,7 +895,7 @@ ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, } #endif - if (data_len > 253) return -NR_ERR_ATTR_TOO_LARGE; + if (data_len > 253) return -RSE_ATTR_TOO_LARGE; vp = nr_vp_init(&my_vp, da); rcode = nr_vp_set_data(&my_vp, data, data_len); diff --git a/lib/radius/parse.c b/lib/radius/parse.c index 6b593a8..cd7491a 100644 --- a/lib/radius/parse.c +++ b/lib/radius/parse.c @@ -29,7 +29,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Routines to parse strings into internal data structures */ -#include +#include "client.h" #include ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) @@ -37,43 +37,43 @@ ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) char *end; switch (vp->da->type) { - case NR_TYPE_STRING: + case RS_TYPE_STRING: strlcpy(vp->vp_strvalue, value, sizeof(vp->vp_strvalue)); vp->length = strlen(vp->vp_strvalue); return vp->length; - case NR_TYPE_DATE: - case NR_TYPE_INTEGER: + case RS_TYPE_DATE: + case RS_TYPE_INTEGER: vp->vp_integer = strtoul(value, &end, 10); if ((value == end) || (*end != '\0')) { nr_debug_error("Invalid value"); - return -NR_ERR_ATTR_VALUE_MALFORMED; + return -RSE_ATTR_VALUE_MALFORMED; } return (end - value); - case NR_TYPE_IPADDR: + case RS_TYPE_IPADDR: if (inet_pton(AF_INET, value, &vp->vp_ipaddr) < 0) { - return -NR_ERR_SYSTEM; + return -RSE_NOSYS; } return strlen(value); -#ifdef NR_TYPE_IPV6ADDR - case NR_TYPE_IPV6ADDR: +#ifdef RS_TYPE_IPV6ADDR + case RS_TYPE_IPV6ADDR: if (inet_pton(AF_INET6, value, &vp-vp>ipv6addr) < 0) { - return -NR_ERR_SYSTEM; + return -RSE_NOSYS; } return strlen(value); #endif -#ifdef NR_TYPE_IFID - case NR_TYPE_IFID: +#ifdef RS_TYPE_IFID + case RS_TYPE_IFID: { int i, array[8]; if (sscanf(value, "%02x%02x%02x%02x%02x%02x%02x%02x", &array[0], &array[1], &array[2], &array[3], &array[4], &array[5], &array[6], &array[7]) != 8) { - return -NR_ERR_SYSTEM; + return -RSE_SYSTEM; } for (i = 0; i < 8; i++) vp->vp_ifid[i] = array[i] & 0xff; @@ -84,7 +84,7 @@ ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) default: nr_debug_error("Invalid type"); - return -NR_ERR_ATTR_TYPE_UNKNOWN; + return -RSE_ATTR_TYPE_UNKNOWN; } return 0; @@ -99,7 +99,7 @@ int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp) VALUE_PAIR *vp; char buffer[256]; - if (!string || !pvp) return -NR_ERR_INVALID_ARG; + if (!string || !pvp) return -RSE_INVAL; p = string; q = buffer; @@ -110,26 +110,26 @@ int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp) if (q == buffer) { nr_debug_error("No Attribute name"); - return -NR_ERR_ATTR_BAD_NAME; + return -RSE_ATTR_BAD_NAME; } da = nr_dict_attr_byname(buffer); if (!da) { nr_debug_error("Unknown attribute \"%s\"", buffer); - return -NR_ERR_ATTR_UNKNOWN; + return -RSE_ATTR_UNKNOWN; } while (*p == ' ') p++; if (*p != '=') { nr_debug_error("Unexpected text after attribute name"); - return -NR_ERR_ATTR_BAD_NAME; + return -RSE_ATTR_BAD_NAME; } p++; while (*p == ' ') p++; vp = nr_vp_alloc(da); - if (!vp) return -NR_ERR_NO_MEM; + if (!vp) return -RSE_NOMEM; rcode = nr_vp_sscanf_value(vp, p); if (rcode < 0) { diff --git a/lib/radius/print.c b/lib/radius/print.c index abe4255..28dd0a6 100644 --- a/lib/radius/print.c +++ b/lib/radius/print.c @@ -29,9 +29,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Functions to print things. */ -#include +#include "client.h" #include -#ifdef NR_TYPE_IPV6ADDR +#ifdef RS_TYPE_IPV6ADDR #include #endif @@ -51,7 +51,7 @@ void nr_packet_print_hex(RADIUS_PACKET *packet) printf("%02x", packet->data[i]); } printf("\n"); - if ((packet->flags & NR_PACKET_SIGNED) == 0) printf("\t\tWARNING: nr_packet_sign() was not called!\n"); + if ((packet->flags & RS_PACKET_SIGNED) == 0) printf("\t\tWARNING: nr_packet_sign() was not called!\n"); if (packet->length > 20) { int total; @@ -106,21 +106,21 @@ size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) char *p = buffer; switch (vp->da->type) { - case NR_TYPE_STRING: + case RS_TYPE_STRING: /* * FIXME: escape backslash && quotes! */ - len = snprintf(p, buflen, "\"%s\"", vp->vp_strvalue); + len = snprintf(p, buflen, "%s", vp->vp_strvalue); break; - case NR_TYPE_DATE: - case NR_TYPE_INTEGER: - case NR_TYPE_SHORT: - case NR_TYPE_BYTE: + case RS_TYPE_DATE: + case RS_TYPE_INTEGER: + case RS_TYPE_SHORT: + case RS_TYPE_BYTE: len = snprintf(p, buflen, "%u", vp->vp_integer); break; - case NR_TYPE_IPADDR: + case RS_TYPE_IPADDR: len = snprintf(p, buflen, "%u.%u.%u.%u", (vp->vp_ipaddr >> 24) & 0xff, (vp->vp_ipaddr >> 16) & 0xff, @@ -128,16 +128,16 @@ size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) vp->vp_ipaddr & 0xff); break; -#ifdef NR_TYPE_IPV6ADDR - case NR_TYPE_IPV6ADDR: +#ifdef RS_TYPE_IPV6ADDR + case RS_TYPE_IPV6ADDR: if (!inet_ntop(AF_INET6, &vp->vp_ipv6addr, buffer, buflen)) { - return -NR_ERR_SYSTEM; + return -RSE_SYSTEM; } break; #endif -#ifdef NR_TYPE_IFID - case NR_TYPE_IFID: +#ifdef RS_TYPE_IFID + case RS_TYPE_IFID: len = snprintf(p, buflen, "%02x%02x%02x%02x%02x%02x%02x%02x", vp->vp_ifid[0], vp->vp_ifid[1], vp->vp_ifid[2], vp->vp_ifid[3], @@ -146,7 +146,7 @@ size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) break; #endif - case NR_TYPE_OCTETS: + case RS_TYPE_OCTETS: len = snprintf(p, buflen, "0x"); if (len >= buflen) return 0; @@ -224,42 +224,3 @@ void nr_strerror_printf(const char *fmt, ...) } /** \endcond */ -const char *nr_strerror(int error) -{ - if (error == 0) return nr_strerror_buffer; - - if (error < 0) error = -error; - - switch (error) { - default: return "Unknown error"; - case NR_ERR_SYSTEM: return strerror(errno); - - case NR_ERR_INVALID_ARG: return "Invalid argument"; - case NR_ERR_PACKET_TOO_SMALL: return "Packet is too small"; - case NR_ERR_PACKET_TOO_LARGE: return "Packet is too large"; - case NR_ERR_ATTR_OVERFLOW: return "Attribute overflows packet"; - case NR_ERR_ATTR_TOO_SMALL: return "Attribute is too small"; - case NR_ERR_ATTR_TOO_LARGE: return "Attribute is too large"; - case NR_ERR_ATTR_UNKNOWN: return "Unknown attribute"; - case NR_ERR_ATTR_BAD_NAME: return "Invalid name for attribute"; - case NR_ERR_ATTR_VALUE_MALFORMED: return "Invalid value for attribute"; - case NR_ERR_ATTR_INVALID: return "Invalid attribute"; - case NR_ERR_TOO_MANY_ATTRS: return "Too many attributes in the packet"; - case NR_ERR_ATTR_TYPE_UNKNOWN: return "Attribute type unknown"; - case NR_ERR_MSG_AUTH_LEN: return "Invalid Message-Authenticator"; - case NR_ERR_MSG_AUTH_WRONG: return "Incorrect Message-Authenticator"; - case NR_ERR_REQUEST_REQUIRED: return "Request is required"; - case NR_ERR_REQUEST_CODE_INVALID: return "Invalid request code"; - case NR_ERR_AUTH_VECTOR_WRONG: return "Incorrect Request Authenticator"; - case NR_ERR_RESPONSE_CODE_INVALID: return "Response code is unsupported"; - case NR_ERR_RESPONSE_ID_INVALID: return "Response ID is invalid"; - case NR_ERR_RESPONSE_SRC_INVALID: return "Response from the wrong src ip/port"; - case NR_ERR_NO_PACKET_DATA: return "Cannot encode the packet"; - case NR_ERR_VENDOR_UNKNOWN: return "Vendor is unknown"; - case NR_ERR_INTERNAL_FAILURE: return "Internal failure"; - case NR_ERR_UNSUPPORTED: return "Unsupported feature"; - case NR_ERR_NO_MEM: return "Out of memory"; - case NR_ERR_IN_USE: return "Resource is in use"; - - } -} diff --git a/lib/radius/radius.h b/lib/radius/radius.h deleted file mode 100644 index cfc16b7..0000000 --- a/lib/radius/radius.h +++ /dev/null @@ -1,314 +0,0 @@ -/* Automatically generated file. Do not edit */ - -#define VENDORPEC_MICROSOFT 311 -#define VENDORPEC_EXAMPLE 65535 - - -/* IETF */ -#define PW_USER_NAME 1 -#define PW_USER_PASSWORD 2 -#define PW_CHAP_PASSWORD 3 -#define PW_NAS_IP_ADDRESS 4 -#define PW_NAS_PORT 5 -#define PW_SERVICE_TYPE 6 -#define PW_FRAMED_PROTOCOL 7 -#define PW_FRAMED_IP_ADDRESS 8 -#define PW_FRAMED_IP_NETMASK 9 -#define PW_FRAMED_ROUTING 10 -#define PW_FILTER_ID 11 -#define PW_FRAMED_MTU 12 -#define PW_FRAMED_COMPRESSION 13 -#define PW_LOGIN_IP_HOST 14 -#define PW_LOGIN_SERVICE 15 -#define PW_LOGIN_TCP_PORT 16 -#define PW_REPLY_MESSAGE 18 -#define PW_CALLBACK_NUMBER 19 -#define PW_CALLBACK_ID 20 -#define PW_FRAMED_ROUTE 22 -#define PW_FRAMED_IPX_NETWORK 23 -#define PW_STATE 24 -#define PW_CLASS 25 -#define PW_VENDOR_SPECIFIC 26 -#define PW_SESSION_TIMEOUT 27 -#define PW_IDLE_TIMEOUT 28 -#define PW_TERMINATION_ACTION 29 -#define PW_CALLED_STATION_ID 30 -#define PW_CALLING_STATION_ID 31 -#define PW_NAS_IDENTIFIER 32 -#define PW_PROXY_STATE 33 -#define PW_LOGIN_LAT_SERVICE 34 -#define PW_LOGIN_LAT_NODE 35 -#define PW_LOGIN_LAT_GROUP 36 -#define PW_FRAMED_APPLETALK_LINK 37 -#define PW_FRAMED_APPLETALK_NETWORK 38 -#define PW_FRAMED_APPLETALK_ZONE 39 -#define PW_ACCT_STATUS_TYPE 40 -#define PW_ACCT_DELAY_TIME 41 -#define PW_ACCT_INPUT_OCTETS 42 -#define PW_ACCT_OUTPUT_OCTETS 43 -#define PW_ACCT_SESSION_ID 44 -#define PW_ACCT_AUTHENTIC 45 -#define PW_ACCT_SESSION_TIME 46 -#define PW_ACCT_INPUT_PACKETS 47 -#define PW_ACCT_OUTPUT_PACKETS 48 -#define PW_ACCT_TERMINATE_CAUSE 49 -#define PW_ACCT_MULTI_SESSION_ID 50 -#define PW_ACCT_LINK_COUNT 51 -#define PW_ACCT_INPUT_GIGAWORDS 52 -#define PW_ACCT_OUTPUT_GIGAWORDS 53 -#define PW_EVENT_TIMESTAMP 55 -#define PW_EGRESS_VLANID 56 -#define PW_INGRESS_FILTERS 57 -#define PW_EGRESS_VLAN_NAME 58 -#define PW_USER_PRIORITY_TABLE 59 -#define PW_CHAP_CHALLENGE 60 -#define PW_NAS_PORT_TYPE 61 -#define PW_PORT_LIMIT 62 -#define PW_LOGIN_LAT_PORT 63 -#define PW_TUNNEL_TYPE 64 -#define PW_TUNNEL_MEDIUM_TYPE 65 -#define PW_TUNNEL_CLIENT_ENDPOINT 66 -#define PW_TUNNEL_SERVER_ENDPOINT 67 -#define PW_ACCT_TUNNEL_CONNECTION 68 -#define PW_TUNNEL_PASSWORD 69 -#define PW_ARAP_PASSWORD 70 -#define PW_ARAP_FEATURES 71 -#define PW_ARAP_ZONE_ACCESS 72 -#define PW_ARAP_SECURITY 73 -#define PW_ARAP_SECURITY_DATA 74 -#define PW_PASSWORD_RETRY 75 -#define PW_PROMPT 76 -#define PW_CONNECT_INFO 77 -#define PW_CONFIGURATION_TOKEN 78 -#define PW_EAP_MESSAGE 79 -#define PW_MESSAGE_AUTHENTICATOR 80 -#define PW_TUNNEL_PRIVATE_GROUP_ID 81 -#define PW_TUNNEL_ASSIGNMENT_ID 82 -#define PW_TUNNEL_PREFERENCE 83 -#define PW_ARAP_CHALLENGE_RESPONSE 84 -#define PW_ACCT_INTERIM_INTERVAL 85 -#define PW_ACCT_TUNNEL_PACKETS_LOST 86 -#define PW_NAS_PORT_ID 87 -#define PW_FRAMED_POOL 88 -#define PW_CHARGEABLE_USER_IDENTITY 89 -#define PW_TUNNEL_CLIENT_AUTH_ID 90 -#define PW_TUNNEL_SERVER_AUTH_ID 91 -#define PW_NAS_FILTER_RULE 92 -#define PW_NAS_IPV6_ADDRESS 95 -#define PW_FRAMED_INTERFACE_ID 96 -#define PW_FRAMED_IPV6_PREFIX 97 -#define PW_LOGIN_IPV6_HOST 98 -#define PW_FRAMED_IPV6_ROUTE 99 -#define PW_FRAMED_IPV6_POOL 100 -#define PW_ERROR_CAUSE 101 -#define PW_EAP_KEY_NAME 102 -#define PW_DIGEST_RESPONSE 103 -#define PW_DIGEST_REALM 104 -#define PW_DIGEST_NONCE 105 -#define PW_DIGEST_RESPONSE_AUTH 106 -#define PW_DIGEST_NEXTNONCE 107 -#define PW_DIGEST_METHOD 108 -#define PW_DIGEST_URI 109 -#define PW_DIGEST_QOP 110 -#define PW_DIGEST_ALGORITHM 111 -#define PW_DIGEST_ENTITY_BODY_HASH 112 -#define PW_DIGEST_CNONCE 113 -#define PW_DIGEST_NONCE_COUNT 114 -#define PW_DIGEST_USERNAME 115 -#define PW_DIGEST_OPAQUE 116 -#define PW_DIGEST_AUTH_PARAM 117 -#define PW_DIGEST_AKA_AUTS 118 -#define PW_DIGEST_DOMAIN 119 -#define PW_DIGEST_STALE 120 -#define PW_DIGEST_HA1 121 -#define PW_SIP_AOR 122 -#define PW_DELEGATED_IPV6_PREFIX 123 -#define PW_OPERATOR_NAME 126 -#define PW_LOCATION_INFORMATION 127 -#define PW_LOCATION_DATA 128 -#define PW_BASIC_LOCATION_POLICY_RULES 129 -#define PW_EXTENDED_LOCATION_POLICY_RULES 130 -#define PW_LOCATION_CAPABLE 131 -#define PW_REQUESTED_LOCATION_INFO 132 -#define PW_FRAMED_MANAGEMENT 133 -#define PW_MANAGEMENT_TRANSPORT_PROTECTION 134 -#define PW_MANAGEMENT_POLICY_ID 135 -#define PW_MANAGEMENT_PRIVILEGE_LEVEL 136 -#define PW_PKM_SS_CERT 137 -#define PW_PKM_CA_CERT 138 -#define PW_PKM_CONFIG_SETTINGS 139 -#define PW_PKM_CRYPTOSUITE_LIST 140 -#define PW_PKM_SAID 141 -#define PW_PKM_SA_DESCRIPTOR 142 -#define PW_PKM_AUTH_KEY 143 - -/* Microsoft */ -#define PW_MS_CHAP_RESPONSE 1 -#define PW_MS_CHAP_ERROR 2 -#define PW_MS_MPPE_ENCRYPTION_POLICY 7 -#define PW_MS_MPPE_ENCRYPTION_TYPES 8 -#define PW_MS_CHAP_DOMAIN 10 -#define PW_MS_CHAP_CHALLENGE 11 -#define PW_MS_CHAP_MPPE_KEYS 12 -#define PW_MS_MPPE_SEND_KEY 16 -#define PW_MS_MPPE_RECV_KEY 17 -#define PW_MS_CHAP2_RESPONSE 25 -#define PW_MS_CHAP2_SUCCESS 26 - -/* example */ -#define PW_EXAMPLE_INTEGER 1 -#define PW_EXAMPLE_STRING 2 -#define PW_EXAMPLE_IP_ADDRESS 3 - -/* Fixed offsets to dictionary definitions of attributes */ -#define NR_DA_USER_NAME (&nr_dict_attrs[1]) -#define NR_DA_USER_PASSWORD (&nr_dict_attrs[2]) -#define NR_DA_CHAP_PASSWORD (&nr_dict_attrs[3]) -#define NR_DA_NAS_IP_ADDRESS (&nr_dict_attrs[4]) -#define NR_DA_NAS_PORT (&nr_dict_attrs[5]) -#define NR_DA_SERVICE_TYPE (&nr_dict_attrs[6]) -#define NR_DA_FRAMED_PROTOCOL (&nr_dict_attrs[7]) -#define NR_DA_FRAMED_IP_ADDRESS (&nr_dict_attrs[8]) -#define NR_DA_FRAMED_IP_NETMASK (&nr_dict_attrs[9]) -#define NR_DA_FRAMED_ROUTING (&nr_dict_attrs[10]) -#define NR_DA_FILTER_ID (&nr_dict_attrs[11]) -#define NR_DA_FRAMED_MTU (&nr_dict_attrs[12]) -#define NR_DA_FRAMED_COMPRESSION (&nr_dict_attrs[13]) -#define NR_DA_LOGIN_IP_HOST (&nr_dict_attrs[14]) -#define NR_DA_LOGIN_SERVICE (&nr_dict_attrs[15]) -#define NR_DA_LOGIN_TCP_PORT (&nr_dict_attrs[16]) -#define NR_DA_REPLY_MESSAGE (&nr_dict_attrs[18]) -#define NR_DA_CALLBACK_NUMBER (&nr_dict_attrs[19]) -#define NR_DA_CALLBACK_ID (&nr_dict_attrs[20]) -#define NR_DA_FRAMED_ROUTE (&nr_dict_attrs[22]) -#define NR_DA_FRAMED_IPX_NETWORK (&nr_dict_attrs[23]) -#define NR_DA_STATE (&nr_dict_attrs[24]) -#define NR_DA_CLASS (&nr_dict_attrs[25]) -#define NR_DA_VENDOR_SPECIFIC (&nr_dict_attrs[26]) -#define NR_DA_SESSION_TIMEOUT (&nr_dict_attrs[27]) -#define NR_DA_IDLE_TIMEOUT (&nr_dict_attrs[28]) -#define NR_DA_TERMINATION_ACTION (&nr_dict_attrs[29]) -#define NR_DA_CALLED_STATION_ID (&nr_dict_attrs[30]) -#define NR_DA_CALLING_STATION_ID (&nr_dict_attrs[31]) -#define NR_DA_NAS_IDENTIFIER (&nr_dict_attrs[32]) -#define NR_DA_PROXY_STATE (&nr_dict_attrs[33]) -#define NR_DA_LOGIN_LAT_SERVICE (&nr_dict_attrs[34]) -#define NR_DA_LOGIN_LAT_NODE (&nr_dict_attrs[35]) -#define NR_DA_LOGIN_LAT_GROUP (&nr_dict_attrs[36]) -#define NR_DA_FRAMED_APPLETALK_LINK (&nr_dict_attrs[37]) -#define NR_DA_FRAMED_APPLETALK_NETWORK (&nr_dict_attrs[38]) -#define NR_DA_FRAMED_APPLETALK_ZONE (&nr_dict_attrs[39]) -#define NR_DA_ACCT_STATUS_TYPE (&nr_dict_attrs[40]) -#define NR_DA_ACCT_DELAY_TIME (&nr_dict_attrs[41]) -#define NR_DA_ACCT_INPUT_OCTETS (&nr_dict_attrs[42]) -#define NR_DA_ACCT_OUTPUT_OCTETS (&nr_dict_attrs[43]) -#define NR_DA_ACCT_SESSION_ID (&nr_dict_attrs[44]) -#define NR_DA_ACCT_AUTHENTIC (&nr_dict_attrs[45]) -#define NR_DA_ACCT_SESSION_TIME (&nr_dict_attrs[46]) -#define NR_DA_ACCT_INPUT_PACKETS (&nr_dict_attrs[47]) -#define NR_DA_ACCT_OUTPUT_PACKETS (&nr_dict_attrs[48]) -#define NR_DA_ACCT_TERMINATE_CAUSE (&nr_dict_attrs[49]) -#define NR_DA_ACCT_MULTI_SESSION_ID (&nr_dict_attrs[50]) -#define NR_DA_ACCT_LINK_COUNT (&nr_dict_attrs[51]) -#define NR_DA_ACCT_INPUT_GIGAWORDS (&nr_dict_attrs[52]) -#define NR_DA_ACCT_OUTPUT_GIGAWORDS (&nr_dict_attrs[53]) -#define NR_DA_EVENT_TIMESTAMP (&nr_dict_attrs[55]) -#define NR_DA_EGRESS_VLANID (&nr_dict_attrs[56]) -#define NR_DA_INGRESS_FILTERS (&nr_dict_attrs[57]) -#define NR_DA_EGRESS_VLAN_NAME (&nr_dict_attrs[58]) -#define NR_DA_USER_PRIORITY_TABLE (&nr_dict_attrs[59]) -#define NR_DA_CHAP_CHALLENGE (&nr_dict_attrs[60]) -#define NR_DA_NAS_PORT_TYPE (&nr_dict_attrs[61]) -#define NR_DA_PORT_LIMIT (&nr_dict_attrs[62]) -#define NR_DA_LOGIN_LAT_PORT (&nr_dict_attrs[63]) -#define NR_DA_TUNNEL_TYPE (&nr_dict_attrs[64]) -#define NR_DA_TUNNEL_MEDIUM_TYPE (&nr_dict_attrs[65]) -#define NR_DA_TUNNEL_CLIENT_ENDPOINT (&nr_dict_attrs[66]) -#define NR_DA_TUNNEL_SERVER_ENDPOINT (&nr_dict_attrs[67]) -#define NR_DA_ACCT_TUNNEL_CONNECTION (&nr_dict_attrs[68]) -#define NR_DA_TUNNEL_PASSWORD (&nr_dict_attrs[69]) -#define NR_DA_ARAP_PASSWORD (&nr_dict_attrs[70]) -#define NR_DA_ARAP_FEATURES (&nr_dict_attrs[71]) -#define NR_DA_ARAP_ZONE_ACCESS (&nr_dict_attrs[72]) -#define NR_DA_ARAP_SECURITY (&nr_dict_attrs[73]) -#define NR_DA_ARAP_SECURITY_DATA (&nr_dict_attrs[74]) -#define NR_DA_PASSWORD_RETRY (&nr_dict_attrs[75]) -#define NR_DA_PROMPT (&nr_dict_attrs[76]) -#define NR_DA_CONNECT_INFO (&nr_dict_attrs[77]) -#define NR_DA_CONFIGURATION_TOKEN (&nr_dict_attrs[78]) -#define NR_DA_EAP_MESSAGE (&nr_dict_attrs[79]) -#define NR_DA_MESSAGE_AUTHENTICATOR (&nr_dict_attrs[80]) -#define NR_DA_TUNNEL_PRIVATE_GROUP_ID (&nr_dict_attrs[81]) -#define NR_DA_TUNNEL_ASSIGNMENT_ID (&nr_dict_attrs[82]) -#define NR_DA_TUNNEL_PREFERENCE (&nr_dict_attrs[83]) -#define NR_DA_ARAP_CHALLENGE_RESPONSE (&nr_dict_attrs[84]) -#define NR_DA_ACCT_INTERIM_INTERVAL (&nr_dict_attrs[85]) -#define NR_DA_ACCT_TUNNEL_PACKETS_LOST (&nr_dict_attrs[86]) -#define NR_DA_NAS_PORT_ID (&nr_dict_attrs[87]) -#define NR_DA_FRAMED_POOL (&nr_dict_attrs[88]) -#define NR_DA_CHARGEABLE_USER_IDENTITY (&nr_dict_attrs[89]) -#define NR_DA_TUNNEL_CLIENT_AUTH_ID (&nr_dict_attrs[90]) -#define NR_DA_TUNNEL_SERVER_AUTH_ID (&nr_dict_attrs[91]) -#define NR_DA_NAS_FILTER_RULE (&nr_dict_attrs[92]) -#define NR_DA_NAS_IPV6_ADDRESS (&nr_dict_attrs[95]) -#define NR_DA_FRAMED_INTERFACE_ID (&nr_dict_attrs[96]) -#define NR_DA_FRAMED_IPV6_PREFIX (&nr_dict_attrs[97]) -#define NR_DA_LOGIN_IPV6_HOST (&nr_dict_attrs[98]) -#define NR_DA_FRAMED_IPV6_ROUTE (&nr_dict_attrs[99]) -#define NR_DA_FRAMED_IPV6_POOL (&nr_dict_attrs[100]) -#define NR_DA_ERROR_CAUSE (&nr_dict_attrs[101]) -#define NR_DA_EAP_KEY_NAME (&nr_dict_attrs[102]) -#define NR_DA_DIGEST_RESPONSE (&nr_dict_attrs[103]) -#define NR_DA_DIGEST_REALM (&nr_dict_attrs[104]) -#define NR_DA_DIGEST_NONCE (&nr_dict_attrs[105]) -#define NR_DA_DIGEST_RESPONSE_AUTH (&nr_dict_attrs[106]) -#define NR_DA_DIGEST_NEXTNONCE (&nr_dict_attrs[107]) -#define NR_DA_DIGEST_METHOD (&nr_dict_attrs[108]) -#define NR_DA_DIGEST_URI (&nr_dict_attrs[109]) -#define NR_DA_DIGEST_QOP (&nr_dict_attrs[110]) -#define NR_DA_DIGEST_ALGORITHM (&nr_dict_attrs[111]) -#define NR_DA_DIGEST_ENTITY_BODY_HASH (&nr_dict_attrs[112]) -#define NR_DA_DIGEST_CNONCE (&nr_dict_attrs[113]) -#define NR_DA_DIGEST_NONCE_COUNT (&nr_dict_attrs[114]) -#define NR_DA_DIGEST_USERNAME (&nr_dict_attrs[115]) -#define NR_DA_DIGEST_OPAQUE (&nr_dict_attrs[116]) -#define NR_DA_DIGEST_AUTH_PARAM (&nr_dict_attrs[117]) -#define NR_DA_DIGEST_AKA_AUTS (&nr_dict_attrs[118]) -#define NR_DA_DIGEST_DOMAIN (&nr_dict_attrs[119]) -#define NR_DA_DIGEST_STALE (&nr_dict_attrs[120]) -#define NR_DA_DIGEST_HA1 (&nr_dict_attrs[121]) -#define NR_DA_SIP_AOR (&nr_dict_attrs[122]) -#define NR_DA_DELEGATED_IPV6_PREFIX (&nr_dict_attrs[123]) -#define NR_DA_OPERATOR_NAME (&nr_dict_attrs[126]) -#define NR_DA_LOCATION_INFORMATION (&nr_dict_attrs[127]) -#define NR_DA_LOCATION_DATA (&nr_dict_attrs[128]) -#define NR_DA_BASIC_LOCATION_POLICY_RULES (&nr_dict_attrs[129]) -#define NR_DA_EXTENDED_LOCATION_POLICY_RULES (&nr_dict_attrs[130]) -#define NR_DA_LOCATION_CAPABLE (&nr_dict_attrs[131]) -#define NR_DA_REQUESTED_LOCATION_INFO (&nr_dict_attrs[132]) -#define NR_DA_FRAMED_MANAGEMENT (&nr_dict_attrs[133]) -#define NR_DA_MANAGEMENT_TRANSPORT_PROTECTION (&nr_dict_attrs[134]) -#define NR_DA_MANAGEMENT_POLICY_ID (&nr_dict_attrs[135]) -#define NR_DA_MANAGEMENT_PRIVILEGE_LEVEL (&nr_dict_attrs[136]) -#define NR_DA_PKM_SS_CERT (&nr_dict_attrs[137]) -#define NR_DA_PKM_CA_CERT (&nr_dict_attrs[138]) -#define NR_DA_PKM_CONFIG_SETTINGS (&nr_dict_attrs[139]) -#define NR_DA_PKM_CRYPTOSUITE_LIST (&nr_dict_attrs[140]) -#define NR_DA_PKM_SAID (&nr_dict_attrs[141]) -#define NR_DA_PKM_SA_DESCRIPTOR (&nr_dict_attrs[142]) -#define NR_DA_PKM_AUTH_KEY (&nr_dict_attrs[143]) -#define NR_DA_MS_CHAP_RESPONSE (&nr_dict_attrs[256]) -#define NR_DA_MS_CHAP_ERROR (&nr_dict_attrs[257]) -#define NR_DA_MS_MPPE_ENCRYPTION_POLICY (&nr_dict_attrs[258]) -#define NR_DA_MS_MPPE_ENCRYPTION_TYPES (&nr_dict_attrs[259]) -#define NR_DA_MS_CHAP_DOMAIN (&nr_dict_attrs[260]) -#define NR_DA_MS_CHAP_CHALLENGE (&nr_dict_attrs[261]) -#define NR_DA_MS_CHAP_MPPE_KEYS (&nr_dict_attrs[262]) -#define NR_DA_MS_MPPE_SEND_KEY (&nr_dict_attrs[263]) -#define NR_DA_MS_MPPE_RECV_KEY (&nr_dict_attrs[264]) -#define NR_DA_MS_CHAP2_RESPONSE (&nr_dict_attrs[265]) -#define NR_DA_MS_CHAP2_SUCCESS (&nr_dict_attrs[266]) -#define NR_DA_EXAMPLE_INTEGER (&nr_dict_attrs[267]) -#define NR_DA_EXAMPLE_STRING (&nr_dict_attrs[268]) -#define NR_DA_EXAMPLE_IP_ADDRESS (&nr_dict_attrs[269]) -/* Automatically generated file. Do not edit */ diff --git a/lib/radius/share/dictionary.ukerna b/lib/radius/share/dictionary.ukerna new file mode 100644 index 0000000..1694566 --- /dev/null +++ b/lib/radius/share/dictionary.ukerna @@ -0,0 +1,19 @@ +# -*- text -*- +# +# GSS-EAP VSAs +# +# $Id$ +# + +VENDOR UKERNA 25622 + +BEGIN-VENDOR UKERNA + +ATTRIBUTE GSS-Acceptor-Service-Name 128 string +ATTRIBUTE GSS-Acceptor-Host-Name 129 string +ATTRIBUTE GSS-Acceptor-Service-Specific 130 string +ATTRIBUTE GSS-Acceptor-Realm-Name 131 string +ATTRIBUTE SAML-AAA-Assertion 132 string +ATTRIBUTE MS-Windows-Auth-Data 133 octets + +END-VENDOR UKERNA diff --git a/lib/radius/static.c b/lib/radius/static.c index d633e5b..bd87272 100644 --- a/lib/radius/static.c +++ b/lib/radius/static.c @@ -29,7 +29,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Dummy file to include auto-generating static dictionary mappings. */ -#include +#include "client.h" /* * Include the dynamically generated dictionaries. diff --git a/lib/radius/valuepair.c b/lib/radius/valuepair.c index 603a970..b374fdd 100644 --- a/lib/radius/valuepair.c +++ b/lib/radius/valuepair.c @@ -29,7 +29,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * \brief Functions to manipulate C structure versions of RADIUS attributes. */ -#include +#include "client.h" void nr_vp_free(VALUE_PAIR **head) { @@ -71,9 +71,7 @@ VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da) return NULL; } -#ifndef NR_NO_MALLOC vp = malloc(sizeof(*vp)); -#endif if (!vp) { nr_strerror_printf("Out of memory"); return NULL; @@ -87,9 +85,7 @@ VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor) VALUE_PAIR *vp = NULL; DICT_ATTR *da; -#ifndef NR_NO_MALLOC vp = malloc(sizeof(*vp) + sizeof(*da) + 64); -#endif if (!vp) { nr_strerror_printf("Out of memory"); return NULL; @@ -112,24 +108,24 @@ int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t sizeof_data) { int rcode = 1; /* OK */ - if (!vp || !data || (sizeof_data == 0)) return -NR_ERR_INVALID_ARG; + if (!vp || !data || (sizeof_data == 0)) return -RSE_INVAL; switch (vp->da->type) { - case NR_TYPE_BYTE: + case RS_TYPE_BYTE: vp->vp_integer = *(const uint8_t *) data; break; - case NR_TYPE_SHORT: + case RS_TYPE_SHORT: vp->vp_integer = *(const uint16_t *) data; break; - case NR_TYPE_INTEGER: - case NR_TYPE_DATE: - case NR_TYPE_IPADDR: + case RS_TYPE_INTEGER: + case RS_TYPE_DATE: + case RS_TYPE_IPADDR: vp->vp_integer = *(const uint32_t *) data; break; - case NR_TYPE_STRING: + case RS_TYPE_STRING: if (sizeof_data >= sizeof(vp->vp_strvalue)) { sizeof_data = sizeof(vp->vp_strvalue) - 1; rcode = 0; /* truncated */ @@ -140,7 +136,7 @@ int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t sizeof_data) vp->length = sizeof_data; break; - case NR_TYPE_OCTETS: + case RS_TYPE_OCTETS: if (sizeof_data > sizeof(vp->vp_octets)) { sizeof_data = sizeof(vp->vp_octets); rcode = 0; /* truncated */ @@ -150,7 +146,7 @@ int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t sizeof_data) break; default: - return -NR_ERR_ATTR_TYPE_UNKNOWN; + return -RSE_ATTR_TYPE_UNKNOWN; } return rcode; diff --git a/lib/radsec.c b/lib/radsec.c index d4c0a09..70a968e 100644 --- a/lib/radsec.c +++ b/lib/radsec.c @@ -12,7 +12,7 @@ #include #include -#include +#include #include #include #include @@ -39,14 +39,8 @@ rs_context_create (struct rs_context **ctx) #if defined (RS_ENABLE_TLS) ssl_init (); #endif -#if defined (DEBUG) - fr_log_fp = stderr; - fr_debug_flag = 1; -#endif - debug_init ("libradsec"); /* radsecproxy compat, FIXME: remove */ - fr_randinit (&h->fr_randctx, 0); - fr_rand_seed (NULL, 0); + debug_init ("libradsec"); /* radsecproxy compat, FIXME: remove */ if (ctx != NULL) *ctx = h; @@ -67,9 +61,6 @@ rs_context_init_freeradius_dict (struct rs_context *ctx, const char *dict) if (ctx->config != NULL && ctx->config->dictionary) dict = ctx->config->dictionary; - if (dict == NULL) - dict = RS_FREERADIUS_DICT; - dictlen = strlen (dict); dir = rs_calloc (ctx, 1, dictlen + 1); fn = rs_calloc (ctx, 1, dictlen + 1); @@ -81,13 +72,6 @@ rs_context_init_freeradius_dict (struct rs_context *ctx, const char *dict) strncpy (dir, dict, dictlen); strncpy (fn, dict, dictlen); - if (dict_init (dirname (dir), basename (fn)) < 0) - { - r = rs_err_ctx_push_fl (ctx, RSE_FR, __FILE__, __LINE__, - "failing dict_init(\"%s\")", dict); - goto out; - } - out: if (dir) rs_free (ctx, dir); diff --git a/lib/radsec.sym b/lib/radsec.sym index fe17f07..aec17cd 100644 --- a/lib/radsec.sym +++ b/lib/radsec.sym @@ -1,3 +1,38 @@ +rs_attr_find +rs_avp_alloc +rs_avp_append +rs_avp_attrid +rs_avp_byte_set +rs_avp_byte_value +rs_avp_date_set +rs_avp_date_value +rs_avp_delete +rs_avp_display_value +rs_avp_dup +rs_avp_find +rs_avp_find_const +rs_avp_fragmented_value +rs_avp_free +rs_avp_ifid_set +rs_avp_ifid_value +rs_avp_integer_set +rs_avp_integer_value +rs_avp_ipaddr_set +rs_avp_ipaddr_value +rs_avp_length +rs_avp_name +rs_avp_next +rs_avp_next_const +rs_avp_octets_set +rs_avp_octets_value +rs_avp_octets_value_byref +rs_avp_octets_value_const_ptr +rs_avp_octets_value_ptr +rs_avp_short_set +rs_avp_short_value +rs_avp_string_set +rs_avp_string_value +rs_avp_typeof rs_conf_find_realm rs_conn_add_listener rs_conn_create @@ -29,6 +64,9 @@ rs_err_ctx_push rs_err_ctx_push_fl rs_err_free rs_err_msg +rs_packet_append_avp +rs_packet_avps +rs_packet_code rs_packet_create rs_packet_create_authn_request rs_packet_destroy diff --git a/lib/request.c b/lib/request.c index 3831773..b964bea 100644 --- a/lib/request.c +++ b/lib/request.c @@ -14,7 +14,7 @@ #include #include #include -#include +#include #include "debug.h" #include "conn.h" #include "tcp.h" @@ -82,7 +82,7 @@ rs_request_destroy (struct rs_request *request) static void _rand_rt (struct timeval *res, uint32_t rtprev, uint32_t factor) { - uint32_t ms = rtprev * (fr_rand () % factor); + uint32_t ms = rtprev * (nr_rand () % factor); res->tv_sec = rtprev + ms / 1000; res->tv_usec = (ms % 1000) * 1000; } diff --git a/lib/tcp.c b/lib/tcp.c index ce071cd..3a59d6f 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -12,6 +12,7 @@ #include #include #endif +#include #include #include #include "tcp.h" @@ -35,26 +36,19 @@ _read_header (struct rs_packet *pkt) if (n == RS_HEADER_LEN) { pkt->flags |= rs_packet_hdr_read_flag; - pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3]; - if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096) + pkt->rpkt->length = (pkt->hdr[2] << 8) + pkt->hdr[3]; + if (pkt->rpkt->length < 20 || pkt->rpkt->length > RS_MAX_PACKET_LEN) { conn_close (&pkt->conn); return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, "invalid packet length: %d", - pkt->rpkt->data_len); - } - pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len); - if (!pkt->rpkt->data) - { - conn_close (&pkt->conn); - return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__, - NULL); + pkt->rpkt->length); } memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN); bufferevent_setwatermark (pkt->conn->bev, EV_READ, - pkt->rpkt->data_len - RS_HEADER_LEN, 0); + pkt->rpkt->length - RS_HEADER_LEN, 0); rs_debug (("%s: packet header read, total pkt len=%d\n", - __func__, pkt->rpkt->data_len)); + __func__, pkt->rpkt->length)); } else if (n < 0) { @@ -74,17 +68,18 @@ static int _read_packet (struct rs_packet *pkt) { size_t n = 0; + int err; rs_debug (("%s: trying to read %d octets of packet data\n", __func__, - pkt->rpkt->data_len - RS_HEADER_LEN)); + pkt->rpkt->length - RS_HEADER_LEN)); n = bufferevent_read (pkt->conn->bev, pkt->rpkt->data + RS_HEADER_LEN, - pkt->rpkt->data_len - RS_HEADER_LEN); + pkt->rpkt->length - RS_HEADER_LEN); rs_debug (("%s: read %ld octets of packet data\n", __func__, n)); - if (n == pkt->rpkt->data_len - RS_HEADER_LEN) + if (n == pkt->rpkt->length - RS_HEADER_LEN) { bufferevent_disable (pkt->conn->bev, EV_READ); rs_debug (("%s: complete packet read\n", __func__)); @@ -96,11 +91,12 @@ _read_packet (struct rs_packet *pkt) - invalid code field - attribute lengths >= 2 - attribute sizes adding up correctly */ - if (!rad_packet_ok (pkt->rpkt, 0)) + err = nr_packet_ok (pkt->rpkt); + if (err != RSE_OK) { conn_close (&pkt->conn); - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "invalid packet: %s", fr_strerror ()); + return rs_err_conn_push_fl (pkt->conn, err, __FILE__, __LINE__, + "invalid packet"); } #if defined (DEBUG) @@ -123,7 +119,7 @@ _read_packet (struct rs_packet *pkt) rs_debug (("%s: buffer frozen when reading packet\n", __func__)); else /* Short packet. */ rs_debug (("%s: waiting for another %d octets\n", __func__, - pkt->rpkt->data_len - RS_HEADER_LEN - n)); + pkt->rpkt->length - RS_HEADER_LEN - n)); return 0; } diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c index f264a51..e51531c 100644 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@ -8,8 +8,6 @@ #define true 1 /* FIXME: Bug report cgreen. */ #define false 0 -#define FREERADIUS_DICT "/usr/share/freeradius/dictionary" - static void authenticate (struct rs_connection *conn, const char *user, const char *pw) { @@ -21,7 +19,7 @@ authenticate (struct rs_connection *conn, const char *user, const char *pw) rs_request_add_reqpkt (req, msg); assert_true (rs_request_send (req, &resp) == 0); //printf ("%s\n", rs_err_msg (rs_err_conn_pop (conn), 1)); - assert_true (rs_packet_frpkt (resp)->code == PW_AUTHENTICATION_ACK); + assert_true (rs_packet_frpkt (resp)->code == PW_ACCESS_ACCEPT); rs_request_destroy (req); } @@ -45,9 +43,9 @@ send_large_packet (struct rs_connection *conn) char *buf; int f; - buf = malloc (4096); + buf = malloc (RS_MAX_PACKET_LEN); assert_true (buf != NULL); - memset (buf, 0, 4096); + memset (buf, 0, RS_MAX_PACKET_LEN); assert_true (rs_packet_create (conn, &msg0) == 0); /* 16 chunks --> heap corruption in evbuffer_drain detected by free() */ @@ -79,7 +77,7 @@ test_auth () setup.username = "molgan"; setup.pw = "password"; - assert_true (rs_context_create (&ctx, FREERADIUS_DICT) == 0); + assert_true (rs_context_create (&ctx, NULL) == 0); assert_true (rs_context_read_config (ctx, setup.config_file) == 0); assert_true (rs_conn_create (ctx, &conn, setup.config_name) == 0); @@ -98,7 +96,7 @@ test_buffering_cb (const uint8_t *buf, ssize_t len) hd (buf, len); #endif assert_true (len >= 20); - assert_true (len <= 4096); + assert_true (len <= RS_MAX_PACKET_LEN); assert_true ((buf[2] << 8) + buf[3] == len); return len; } @@ -111,7 +109,7 @@ test_buffering () struct timeval timeout; struct polldata *polldata; - assert_true (rs_context_create (&ctx, FREERADIUS_DICT) == 0); + assert_true (rs_context_create (&ctx, NULL) == 0); assert_true (rs_context_read_config (ctx, "test.conf") == 0); assert_true (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); diff --git a/lib/tests/udp.c b/lib/tests/udp.c index a29880a..47ea595 100644 --- a/lib/tests/udp.c +++ b/lib/tests/udp.c @@ -60,7 +60,7 @@ udp_poll (struct polldata *data) long timeout; fd_set rfds; ssize_t len; - uint8_t buf[4096]; + uint8_t buf[RS_MAX_PACKET_LEN]; FD_ZERO (&rfds); FD_SET (data->s, &rfds); diff --git a/lib/udp.c b/lib/udp.c index c04821d..1bab537 100644 --- a/lib/udp.c +++ b/lib/udp.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include "debug.h" @@ -27,7 +28,7 @@ _send (struct rs_connection *conn, int fd) assert (pkt->rpkt->data); /* Send. */ - r = compat_send (fd, pkt->rpkt->data, pkt->rpkt->data_len, 0); + r = compat_send (fd, pkt->rpkt->data, pkt->rpkt->length, 0); if (r == -1) { int sockerr = evutil_socket_geterror (pkt->conn->fd); @@ -37,7 +38,7 @@ _send (struct rs_connection *conn, int fd) evutil_socket_error_to_string (sockerr)); } - assert (r == pkt->rpkt->data_len); + assert (r == pkt->rpkt->length); /* Unlink the packet. */ conn->out_queue = pkt->next; @@ -63,6 +64,8 @@ _send (struct rs_connection *conn, int fd) static void _evcb (evutil_socket_t fd, short what, void *user_data) { + int err; + rs_debug (("%s: fd=%d what =", __func__, fd)); if (what & EV_TIMEOUT) rs_debug ((" TIMEOUT")); if (what & EV_READ) rs_debug ((" READ")); @@ -78,14 +81,9 @@ _evcb (evutil_socket_t fd, short what, void *user_data) assert (pkt); assert (pkt->conn); + assert (pkt->rpkt->data); - pkt->rpkt->data = rs_malloc (pkt->conn->ctx, 4096); - if (pkt->rpkt->data == NULL) - { - rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - return; - } - r = compat_recv (fd, pkt->rpkt->data, 4096, MSG_TRUNC); + r = compat_recv (fd, pkt->rpkt->data, RS_MAX_PACKET_LEN, MSG_TRUNC); if (r == -1) { int sockerr = evutil_socket_geterror (pkt->conn->fd); @@ -105,18 +103,19 @@ _evcb (evutil_socket_t fd, short what, void *user_data) return; } event_del (pkt->conn->tev); - if (r < 20 || r > 4096) /* Short or long packet. */ + if (r < 20 || r > RS_MAX_PACKET_LEN) /* Short or long packet. */ { rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, "invalid packet length: %d", - pkt->rpkt->data_len); + pkt->rpkt->length); return; } - pkt->rpkt->data_len = (pkt->rpkt->data[2] << 8) + pkt->rpkt->data[3]; - if (!rad_packet_ok (pkt->rpkt, 0)) + pkt->rpkt->length = (pkt->rpkt->data[2] << 8) + pkt->rpkt->data[3]; + err = nr_packet_ok (pkt->rpkt); + if (err) { - rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "invalid packet: %s", fr_strerror ()); + rs_err_conn_push_fl (pkt->conn, err, __FILE__, __LINE__, + "invalid packet"); return; } /* Hand over message to user. This changes ownership of pkt. -- cgit v1.1 From 3fd136cdbc85ddff5ed0a5953ee1827b9a948748 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 12:43:48 +1100 Subject: remove rs_context_init_freeradius_dict --- lib/examples/client-blocking.c | 4 ---- lib/include/radsec/radsec.h | 14 -------------- lib/radsec.c | 32 -------------------------------- lib/radsec.sym | 1 - 4 files changed, 51 deletions(-) (limited to 'lib') diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c index 419be8c..509e68a 100644 --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@ -31,8 +31,6 @@ blocking_client (const char *av1, const char *av2, int use_request_object_flag) { struct rs_peer *server; - if (rs_context_init_freeradius_dict (h, "/usr/share/freeradius/dictionary")) - goto cleanup; if (rs_conn_create (h, &conn, NULL)) goto cleanup; rs_conn_set_type (conn, RS_CONN_TYPE_UDP); @@ -48,8 +46,6 @@ blocking_client (const char *av1, const char *av2, int use_request_object_flag) #else /* defined (USE_CONFIG_FILE) */ if (rs_context_read_config (h, av1)) goto cleanup; - if (rs_context_init_freeradius_dict (h, NULL)) - goto cleanup; if (rs_conn_create (h, &conn, av2)) goto cleanup; #endif /* defined (USE_CONFIG_FILE) */ diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 1aef6bb..4e5e426 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -166,20 +166,6 @@ int rs_context_create(struct rs_context **ctx); all other libradsec objects have been freed. */ void rs_context_destroy(struct rs_context *ctx); -/** Initialize FreeRADIUS dictionary needed for creating packets. - - \a ctx Context. - - \a dict Optional string with full path to FreeRADIUS dictionary. - If \a dict is NULL the path to the dictionary file is taken from - the "dictionary" configuration directive. Note that the - configuration file must be read prior to using this option (see \a - rs_context_read_config). - - \return RSE_OK (0) on success, RSE_NOMEM on memory allocation - error and RSE_FR on FreeRADIUS error. */ -int rs_context_init_freeradius_dict(struct rs_context *ctx, const char *dict); - /** Set allocation scheme to use. \a scheme is the allocation scheme to use, see \a rs_alloc_scheme. \return On success, RSE_OK (0) is returned. On error, !0 is returned and a struct \a rs_error is diff --git a/lib/radsec.c b/lib/radsec.c index 70a968e..7421755 100644 --- a/lib/radsec.c +++ b/lib/radsec.c @@ -48,38 +48,6 @@ rs_context_create (struct rs_context **ctx) return RSE_OK; } -/** Initialize freeradius dictionary. */ -int -rs_context_init_freeradius_dict (struct rs_context *ctx, const char *dict) -{ - int r = RSE_OK; - size_t dictlen; - char *dir = NULL; - char *fn = NULL; - - if (dict == NULL) - if (ctx->config != NULL && ctx->config->dictionary) - dict = ctx->config->dictionary; - - dictlen = strlen (dict); - dir = rs_calloc (ctx, 1, dictlen + 1); - fn = rs_calloc (ctx, 1, dictlen + 1); - if (dir == NULL || fn == NULL) - { - r = rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); - goto out; - } - strncpy (dir, dict, dictlen); - strncpy (fn, dict, dictlen); - - out: - if (dir) - rs_free (ctx, dir); - if (fn) - rs_free (ctx, fn); - return r; -} - struct rs_error * rs_resolv (struct evutil_addrinfo **addr, rs_conn_type_t type, diff --git a/lib/radsec.sym b/lib/radsec.sym index aec17cd..c5890a9 100644 --- a/lib/radsec.sym +++ b/lib/radsec.sym @@ -50,7 +50,6 @@ rs_conn_set_timeout rs_conn_set_type rs_context_create rs_context_destroy -rs_context_init_freeradius_dict rs_context_read_config rs_context_set_alloc_scheme rs_dump_packet -- cgit v1.1 From 718bb36ae58944ea6eaa86a3df646e0797ce615c Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 13:42:10 +1100 Subject: don't use GCC extensions in generated code --- lib/radius/client.h | 3 --- lib/radius/convert.pl | 59 ++++++++++++++++++++++++++++++++------------------- 2 files changed, 37 insertions(+), 25 deletions(-) (limited to 'lib') diff --git a/lib/radius/client.h b/lib/radius/client.h index df9f834..6c1526d 100644 --- a/lib/radius/client.h +++ b/lib/radius/client.h @@ -239,12 +239,9 @@ typedef struct attr_flags { unsigned int has_tlv : 1; /* has sub attributes */ unsigned int is_tlv : 1; /* is a sub attribute */ #endif -#ifdef VENDOR_EXTENDED unsigned int extended : 1; /* extended attribute */ unsigned int extended_flags : 1; /* with flag */ unsigned int evs : 1; /* extended VSA */ -#endif - uint8_t encrypt; /**< Attribute encryption method */ uint8_t length; /**< The expected length of the attribute */ } ATTR_FLAGS; diff --git a/lib/radius/convert.pl b/lib/radius/convert.pl index 9cf8731..7ca424e 100755 --- a/lib/radius/convert.pl +++ b/lib/radius/convert.pl @@ -69,19 +69,35 @@ if (scalar keys %vendor > 0) { print DICT "const DICT_VENDOR nr_dict_vendors[] = {\n"; foreach $v (sort keys %vendor) { print DICT " { \n"; - print DICT " .name = \"", $v, "\", \n"; - print DICT " .vendor = ", $vendor{$v}{'pec'}, ", \n"; - print DICT " .type = ", $vendor{$v}{'type'}, ",\n"; - print DICT " .length = ", $vendor{$v}{'length'}, ",\n"; + print DICT " " . $vendor{$v}{'pec'} . ", \n"; + print DICT " " . $vendor{$v}{'type'} . ",\n"; + print DICT " " . $vendor{$v}{'length'} . ",\n"; + print DICT " \"" . $v, "\"\n"; print DICT " },\n"; } - print DICT "\n { .name = NULL, }\n"; + print DICT " { \n"; + print DICT " 0,\n"; + print DICT " 0,\n"; + print DICT " 0,\n"; + print DICT " NULL\n"; + print DICT " },\n"; print DICT "};\n\n"; } # needed for later. $vendor{""}{'pec'} = 0; +sub printAttrFlag +{ + my $tmp = $attributes{$attr_val}{'flags'}{$_[0]}; + + if (!$tmp) { + $tmp = 0; + } + + print DICT $tmp . ", "; +} + # # Print DICT out the attributes sorted by number. # @@ -92,24 +108,23 @@ foreach $attr_val (sort {$a <=> $b} keys %attributes) { print DICT " { /* $offset */ \n"; if (defined $attributes{$attr_val}{'raw'}) { - print DICT " .name = NULL, \n"; + print DICT " 0\n", } else { - print DICT " .name = \"", $attributes{$attr_val}{'name'}, "\", \n"; - if ($attributes{$attr_val}{'vendor'}) { - print DICT " .vendor = ", $attributes{$attr_val}{'vendor'}, ", \n"; - } - - print DICT " .attr = ", $attributes{$attr_val}{'value'}, ", \n"; - print DICT " .type = ", $attributes{$attr_val}{'type'}, ", \n"; - - if ($attributes{$attr_val}{'flags'}) { - print DICT " .flags = {\n"; - foreach $flag (keys %{$attributes{$attr_val}{'flags'}}) { - print DICT " .$flag = $attributes{$attr_val}{'flags'}{$flag},\n"; - } - print DICT " },\n"; - } - + print DICT " ", $attributes{$attr_val}{'value'}, ", \n"; + print DICT " ", $attributes{$attr_val}{'type'}, ", \n"; + print DICT " ", $attributes{$attr_val}{'vendor'}, ", \n"; + print DICT " { "; + &printAttrFlag('has_tag'); + &printAttrFlag('unknown'); +# &printAttrFlag('has_tlv'); +# &printAttrFlag('is_tlv'); + &printAttrFlag('extended'); + &printAttrFlag('extended_flags'); + &printAttrFlag('evs'); + &printAttrFlag('encrypt'); + &printAttrFlag('length'); + print DICT "},\n"; + print DICT " \"", $attributes{$attr_val}{'name'}, "\", \n"; $num_names++; } -- cgit v1.1 From 90b5bec53a28b05fb48ecac956310b6a27145090 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 14:43:24 +1100 Subject: don't return in void function --- lib/avp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/avp.c b/lib/avp.c index 1bc1128..4489f66 100644 --- a/lib/avp.c +++ b/lib/avp.c @@ -54,7 +54,7 @@ rs_avp_name (rs_const_avp *vp) void rs_avp_append (rs_avp **head, rs_avp *tail) { - return nr_vps_append (head, tail); + nr_vps_append (head, tail); } rs_avp * -- cgit v1.1 From d6e790ddd52c0aa09af6e515d79d3a676c01fdad Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 16:51:25 +1100 Subject: don't return in void function Conflicts: lib/NTMakefile --- lib/avp.c | 1 - 1 file changed, 1 deletion(-) (limited to 'lib') diff --git a/lib/avp.c b/lib/avp.c index 4489f66..0de72b1 100644 --- a/lib/avp.c +++ b/lib/avp.c @@ -9,7 +9,6 @@ #include #include #include -#include #include #include -- cgit v1.1 From ac17a556bd50969c8157d50761449b702afa4af8 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 16:59:55 +1100 Subject: port new RADIUS library to Windows Conflicts: lib/configure.ac lib/include/radsec/radsec.h lib/radius/client.h --- lib/Makefile.am | 2 +- lib/configure.ac | 3 +- lib/include/radsec/radsec.h | 16 +- lib/radius/Makefile.am | 4 +- lib/radius/attrs.c | 2 +- lib/radius/client.h | 18 +- lib/radius/custom.c | 76 ++++ lib/radius/id.c | 5 +- lib/radius/packet.c | 916 -------------------------------------------- lib/radius/parse.c | 15 +- lib/radius/print.c | 1 + lib/radius/radpkt.c | 916 ++++++++++++++++++++++++++++++++++++++++++++ lib/radius/valuepair.c | 10 +- 13 files changed, 1044 insertions(+), 940 deletions(-) delete mode 100644 lib/radius/packet.c create mode 100644 lib/radius/radpkt.c (limited to 'lib') diff --git a/lib/Makefile.am b/lib/Makefile.am index 3eb4a2b..51aebf9 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -38,4 +38,4 @@ endif libradsec_la_LIBADD = radius/libradsec-radius.la libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols radsec.sym -libradsec_la_CFLAGS = $(AM_CFLAGS) -Werror # -DDEBUG -DDEBUG_LEVENT +libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT diff --git a/lib/configure.ac b/lib/configure.ac index 086a4fe..9b1d304 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -30,7 +30,8 @@ AM_CONDITIONAL([RS_ENABLE_TLS], [test "${enable_tls+set}" = set]) # Checks for header files. AC_CHECK_HEADERS( - [netdb.h netinet/in.h stdint.h stdlib.h string.h sys/socket.h unistd.h]) + [sys/time.h time.h netdb.h netinet/in.h stdint.h stdlib.h strings.h string.h \ + sys/socket.h unistd.h syslog.h sys/select.h fcntl.h arpa/inet.h]) # Checks for typedefs, structures, and compiler characteristics. AC_TYPE_SIZE_T diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 4e5e426..33d7990 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -6,11 +6,21 @@ #ifndef _RADSEC_RADSEC_H_ #define _RADSEC_RADSEC_H_ 1 +#ifdef HAVE_CONFIG_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_UNISTD_H #include +#endif +#ifdef HAVE_STDINT_H #include - -#include -#include +#endif enum rs_error_code { RSE_OK = 0, diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am index 1b66ca6..b57ef16 100644 --- a/lib/radius/Makefile.am +++ b/lib/radius/Makefile.am @@ -12,13 +12,13 @@ libradsec_radius_la_SOURCES = \ custom.c \ dict.c \ id.c \ - packet.c \ parse.c \ print.c \ + radpkt.c \ static.c \ valuepair.c -libradsec_radius_la_CFLAGS = $(AM_CFLAGS) +libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H DICTIONARIES = \ share/dictionary.txt \ diff --git a/lib/radius/attrs.c b/lib/radius/attrs.c index d096cc2..21cd3f0 100644 --- a/lib/radius/attrs.c +++ b/lib/radius/attrs.c @@ -836,7 +836,7 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, #endif -#ifdef FLAG_ENCRYPT_ASCEND_SECRET: +#ifdef FLAG_ENCRYPT_ASCEND_SECRET /* * Ascend-Send-Secret * Ascend-Receive-Secret diff --git a/lib/radius/client.h b/lib/radius/client.h index 6c1526d..aefb40d 100644 --- a/lib/radius/client.h +++ b/lib/radius/client.h @@ -35,21 +35,31 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. /* * System-specific header files. */ +#include #include #include +#ifdef HAVE_STDINT_H #include +#endif +#ifdef HAVE_STDLIB_H #include +#endif +#ifdef HAVE_STRING_H #include +#endif #include +#ifdef HAVE_NETDB_H #include +#endif +#ifdef HAVE_NETINET_IN_H #include +#endif +#ifdef HAVE_SYS_TIME_H #include +#endif #include - -/* - * Definitions of attributes. - */ +#include #include /** \defgroup build Build Helpers diff --git a/lib/radius/custom.c b/lib/radius/custom.c index 02e2463..917939a 100644 --- a/lib/radius/custom.c +++ b/lib/radius/custom.c @@ -24,6 +24,38 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + * Copyright (c) 2006 Kungliga Tekniska HAÎåÎÝgskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ /** \file custom.c * \brief Functions which should be customized for your local system. @@ -34,6 +66,49 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include #include +#ifdef WIN32 +#include + +volatile static HCRYPTPROV nr_cryptprovider = 0; + +static HCRYPTPROV +nr_CryptProvider(void) +{ + BOOL rv; + HCRYPTPROV cryptprovider = 0; + + if (nr_cryptprovider != 0) + return nr_cryptprovider; + + rv = CryptAcquireContext(&cryptprovider, NULL, + MS_ENHANCED_PROV, PROV_RSA_FULL, + 0); + + if (GetLastError() == NTE_BAD_KEYSET) { + if(!rv) + rv = CryptAcquireContext(&cryptprovider, NULL, + MS_ENHANCED_PROV, PROV_RSA_FULL, + CRYPT_NEWKEYSET); + } + + if (rv && + InterlockedCompareExchangePointer((PVOID *) &nr_cryptprovider, + (PVOID) cryptprovider, 0) != 0) { + + CryptReleaseContext(cryptprovider, 0); + cryptprovider = nr_cryptprovider; + } + + return cryptprovider; +} + +ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) +{ + if (CryptGenRandom(nr_CryptProvider(), data_len, data)) + return 0; + return data_len; +} +#else ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) { static int fd = -1; @@ -49,6 +124,7 @@ ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) return read(fd, data, data_len); } +#endif /* WIN32 */ uint32_t nr_rand(void) { diff --git a/lib/radius/id.c b/lib/radius/id.c index 2b956f2..4ccd032 100644 --- a/lib/radius/id.c +++ b/lib/radius/id.c @@ -26,7 +26,10 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "client.h" + +#ifdef HAVE_UNISTD_H #include +#endif /** \file id.c * \brief Handling of ID allocation / freeing @@ -141,7 +144,7 @@ int nr_server_close(const nr_server_t *s) if (s->used > 0) return -RSE_INUSE; - if (s->sockfd >= 0) close(s->sockfd); + if (s->sockfd >= 0) evutil_closesocket(s->sockfd); return 0; } diff --git a/lib/radius/packet.c b/lib/radius/packet.c deleted file mode 100644 index c5d3bc4..0000000 --- a/lib/radius/packet.c +++ /dev/null @@ -1,916 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file packet.c - * \brief Encoding and decoding packets - */ - -#include "client.h" - -#if RS_MAX_PACKET_LEN < 64 -#error RS_MAX_PACKET_LEN is too small. It should be at least 64. -#endif - -#if RS_MAX_PACKET_LEN > 16384 -#error RS_MAX_PACKET_LEN is too large. It should be smaller than 16K. -#endif - -const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1] = { - NULL, - "Access-Request", - "Access-Accept", - "Access-Reject", - "Accounting-Request", - "Accounting-Response", - NULL, NULL, NULL, NULL, NULL, - "Access-Challenge", - "Status-Server", /* 12 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 19 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 20..29 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 30..39 */ - "Disconnect-Request", - "Disconnect-ACK", - "Disconnect-NAK", - "CoA-Request", - "CoA-ACK", - "CoA-NAK" -}; - - -static uint64_t allowed_responses[RS_MAX_PACKET_CODE + 1] = { - 0, - (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE), - 0, 0, - 1 << PW_ACCOUNTING_RESPONSE, - 0, - 0, 0, 0, 0, 0, - 0, - (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE) | (1 << PW_ACCOUNTING_RESPONSE), - 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20..29 */ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30..39 */ - (((uint64_t) 1) << PW_DISCONNECT_ACK) | (((uint64_t) 1) << PW_DISCONNECT_NAK), - 0, - 0, - (((uint64_t) 1) << PW_COA_ACK) | (((uint64_t) 1) << PW_COA_NAK), - 0, - 0 -}; - - -int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) -{ - size_t packet_len; - const uint8_t *attr, *end; - - if (!data || (sizeof_data < 20)) { - nr_debug_error("Invalid argument"); - return -RSE_INVAL; - } - - packet_len = (data[2] << 8) | data[3]; - if (packet_len < 20) { - nr_debug_error("Packet length is too small"); - return -RSE_PACKET_TOO_SMALL; - } - - if (packet_len > sizeof_data) { - nr_debug_error("Packet length overflows received data"); - return -RSE_PACKET_TOO_LARGE; - } - - /* - * If we receive 100 bytes, and the header says it's 20 bytes, - * then it's 20 bytes. - */ - end = data + packet_len; - - for (attr = data + 20; attr < end; attr += attr[1]) { - if ((attr + 2) > end) { - nr_debug_error("Attribute overflows packet"); - return -RSE_ATTR_OVERFLOW; - } - - if (attr[1] < 2) { - nr_debug_error("Attribute length is too small"); - return -RSE_ATTR_TOO_SMALL; - } - - if ((attr + attr[1]) > end) { - nr_debug_error("Attribute length is too large"); - return -RSE_ATTR_TOO_LARGE; - } - } - - return 0; -} - -int nr_packet_ok(RADIUS_PACKET *packet) -{ - int rcode; - - if (!packet) return -RSE_INVAL; - - if ((packet->flags & RS_PACKET_OK) != 0) return 0; - - rcode = nr_packet_ok_raw(packet->data, packet->length); - if (rcode < 0) return rcode; - - packet->flags |= RS_PACKET_OK; - return 0; -} - - -/* - * Comparison function that is time-independent. Using "memcmp" - * would satisfy the "comparison" part. However, it would also - * leak information about *which* bytes are wrong. Attackers - * could use that leak to create a "correct" RADIUS packet which - * will be accepted by the client and/or server. - */ -static int digest_cmp(const uint8_t *a, const uint8_t *b, size_t length) -{ - int result = 0; - size_t i; - - for (i = 0; i < length; i++) { - result |= (a[i] ^ b[i]); - } - - return result; -} - - -#ifdef PW_MESSAGE_AUTHENTICATOR -static int msg_auth_ok(const RADIUS_PACKET *original, - uint8_t *ma, - uint8_t *data, size_t length) -{ - uint8_t packet_vector[sizeof(original->vector)]; - uint8_t msg_auth_vector[sizeof(original->vector)]; - uint8_t calc_auth_vector[sizeof(original->vector)]; - - if (ma[1] != 18) { - nr_debug_error("Message-Authenticator has invalid length"); - return -RSE_MSG_AUTH_LEN; - } - - memcpy(packet_vector, data + 4, sizeof(packet_vector)); - memcpy(msg_auth_vector, ma + 2, sizeof(msg_auth_vector)); - memset(ma + 2, 0, sizeof(msg_auth_vector)); - - switch (data[0]) { - default: - break; - - case PW_ACCOUNTING_REQUEST: - case PW_ACCOUNTING_RESPONSE: - case PW_DISCONNECT_REQUEST: - case PW_DISCONNECT_ACK: - case PW_DISCONNECT_NAK: - case PW_COA_REQUEST: - case PW_COA_ACK: - case PW_COA_NAK: - memset(data + 4, 0, sizeof(packet_vector)); - break; - - case PW_ACCESS_ACCEPT: - case PW_ACCESS_REJECT: - case PW_ACCESS_CHALLENGE: - if (!original) { - nr_debug_error("Cannot validate response without request"); - return -RSE_REQUEST_REQUIRED; - } - memcpy(data + 4, original->vector, sizeof(original->vector)); - break; - } - - nr_hmac_md5(data, length, - (const uint8_t *) original->secret, original->sizeof_secret, - calc_auth_vector); - - memcpy(ma + 2, msg_auth_vector, sizeof(msg_auth_vector)); - memcpy(data + 4, packet_vector, sizeof(packet_vector)); - - if (digest_cmp(calc_auth_vector, msg_auth_vector, - sizeof(calc_auth_vector)) != 0) { - nr_debug_error("Invalid Message-Authenticator"); - return -RSE_MSG_AUTH_WRONG; - } - - return 1; -} -#endif - -/* - * The caller ensures that the packet codes are as expected. - */ -static int packet_auth_ok(const RADIUS_PACKET *original, - uint8_t *data, size_t length) -{ - uint8_t packet_vector[sizeof(original->vector)]; - uint8_t calc_digest[sizeof(original->vector)]; - RS_MD5_CTX ctx; - - if ((data[0] == PW_ACCESS_REQUEST) || - (data[0] == PW_STATUS_SERVER)) return 1; - - memcpy(packet_vector, data + 4, sizeof(packet_vector)); - - if (!original) { - memset(data + 4, 0, sizeof(packet_vector)); - } else { - memcpy(data + 4, original->vector, sizeof(original->vector)); - } - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, data, length); - RS_MD5Update(&ctx, original->secret, original->sizeof_secret); - RS_MD5Final(calc_digest, &ctx); - - memcpy(data + 4, packet_vector, sizeof(packet_vector)); - - if (digest_cmp(calc_digest, packet_vector, - sizeof(packet_vector)) != 0) { - nr_debug_error("Invalid authentication vector"); - return -RSE_AUTH_VECTOR_WRONG; - } - - return 0; -} - - -int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ - int rcode; - uint8_t *attr; -#ifdef PW_MESSAGE_AUTHENTICATOR - const uint8_t *end; -#endif - - if (!packet || !packet->data || !packet->secret) { - nr_debug_error("Invalid argument"); - return -RSE_INVAL; - } - - if ((packet->flags & RS_PACKET_VERIFIED) != 0) return 0; - - /* - * Packet isn't well formed. Ignore it. - */ - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - /* - * Get rid of improper packets as early as possible. - */ - if (original) { - uint64_t mask; - - if (original->code > RS_MAX_PACKET_CODE) { - nr_debug_error("Invalid original code %u", - original->code); - return -RSE_INVALID_REQUEST_CODE; - } - - if (packet->data[1] != original->id) { - nr_debug_error("Ignoring response with wrong ID %u", - packet->data[1]); - return -RSE_INVALID_RESPONSE_CODE; - } - - mask = 1; - mask <<= packet->data[0]; - - if ((allowed_responses[original->code] & mask) == 0) { - nr_debug_error("Ignoring response with wrong code %u", - packet->data[0]); - return -RSE_INVALID_RESPONSE_CODE; - } - - if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && - (evutil_sockaddr_cmp(&(packet->src), &(original->dst)) != 0)) { - nr_debug_error("Ignoring response from wrong IP/port"); - return -RSE_INVALID_RESPONSE_SRC; - } - - } else if (allowed_responses[packet->data[0]] != 0) { - nr_debug_error("Ignoring response without original"); - return -RSE_INVALID_RESPONSE_CODE; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - end = packet->data + packet->length; - - /* - * Note that the packet MUST be well-formed here. - */ - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { - rcode = msg_auth_ok(original, attr, - packet->data, packet->length); - if (rcode < 0) return rcode; - } - } -#endif - - /* - * Verify the packet authenticator. - */ - rcode = packet_auth_ok(original, packet->data, packet->length); - if (rcode < 0) return rcode; - - packet->flags |= RS_PACKET_VERIFIED; - - return 0; -} - - -int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ - int rcode, num_attributes; - uint8_t *data, *attr; - const uint8_t *end; - VALUE_PAIR **tail, *vp; - - if (!packet) return -RSE_INVAL; - - if ((packet->flags & RS_PACKET_DECODED) != 0) return 0; - - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - data = packet->data; - end = data + packet->length; - tail = &packet->vps; - num_attributes = 0; - - /* - * Loop over the packet, converting attrs to VPs. - */ - for (attr = data + 20; attr < end; attr += attr[1]) { - rcode = nr_attr2vp(packet, original, - attr, end - attr, &vp); - if (rcode < 0) { - nr_vp_free(&packet->vps); - return -rcode; - } - - *tail = vp; - while (vp) { - num_attributes++; - tail = &(vp->next); - vp = vp->next; - } - - if (num_attributes > RS_MAX_ATTRIBUTES) { - nr_debug_error("Too many attributes"); - nr_vp_free(&packet->vps); - return -RSE_TOO_MANY_ATTRS; - } - } - - packet->code = data[0]; - packet->id = data[1]; - memcpy(packet->vector, data + 4, sizeof(packet->vector)); - - packet->flags |= RS_PACKET_DECODED; - - return 0; -} - - -int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ -#ifdef PW_MESSAGE_AUTHENTICATOR - size_t ma = 0; - const uint8_t *attr, *end; -#endif - - if ((packet->flags & RS_PACKET_SIGNED) != 0) return 0; - - if ((packet->flags & RS_PACKET_ENCODED) == 0) { - int rcode; - - rcode = nr_packet_encode(packet, original); - if (rcode < 0) return rcode; - } - - if ((packet->code == PW_ACCESS_ACCEPT) || - (packet->code == PW_ACCESS_CHALLENGE) || - (packet->code == PW_ACCESS_REJECT)) { -#ifdef PW_MESSAGE_AUTHENTICATOR - if (!original) { - nr_debug_error("Original packet is required to create the Message-Authenticator"); - return -RSE_REQUEST_REQUIRED; - } -#endif - - memcpy(packet->data + 4, original->vector, - sizeof(original->vector)); - } else { - memcpy(packet->data + 4, packet->vector, - sizeof(packet->vector)); - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - end = packet->data + packet->length; - - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { - ma = (attr - packet->data); - break; - } - } - - /* - * Force all Access-Request packets to have a - * Message-Authenticator. - */ - if (!ma && ((packet->length + 18) <= packet->sizeof_data) && - ((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER))) { - ma = packet->length; - - packet->data[ma]= PW_MESSAGE_AUTHENTICATOR; - packet->data[ma + 1] = 18; - memset(&packet->data[ma + 2], 0, 16); - packet->length += 18; - } - - /* - * Reset the length. - */ - packet->data[2] = (packet->length >> 8) & 0xff; - packet->data[3] = packet->length & 0xff; - - /* - * Sign the Message-Authenticator && packet. - */ - if (ma) { - nr_hmac_md5(packet->data, packet->length, - (const uint8_t *) packet->secret, packet->sizeof_secret, - packet->data + ma + 2); - } -#endif - - /* - * Calculate the signature. - */ - if (!((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER))) { - RS_MD5_CTX ctx; - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, packet->data, packet->length); - RS_MD5Update(&ctx, packet->secret, packet->sizeof_secret); - RS_MD5Final(packet->vector, &ctx); - } - - memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); - - packet->attempts = 0; - packet->flags |= RS_PACKET_SIGNED; - - return 0; -} - - -static int can_encode_packet(RADIUS_PACKET *packet, - const RADIUS_PACKET *original) -{ - if ((packet->code == 0) || - (packet->code > RS_MAX_PACKET_CODE) || - (original && (original->code > RS_MAX_PACKET_CODE))) { - nr_debug_error("Cannot send unknown packet code"); - return -RSE_INVALID_REQUEST_CODE; - } - - if (!nr_packet_codes[packet->code]) { - nr_debug_error("Cannot handle packet code %u", - packet->code); - return -RSE_INVALID_REQUEST_CODE; - } - -#ifdef NR_NO_MALLOC - if (!packet->data) { - nr_debug_error("No place to put packet"); - return -RSE_NO_PACKET_DATA; - } -#endif - - if (packet->sizeof_data < 20) { - nr_debug_error("The buffer is too small to encode the packet"); - return -RSE_PACKET_TOO_SMALL; - } - - /* - * Enforce request / response correlation. - */ - if (original) { - uint64_t mask; - - mask = 1; - mask <<= packet->code; - - if ((allowed_responses[original->code] & mask) == 0) { - nr_debug_error("Cannot encode response %u to packet %u", - packet->code, original->code); - return -RSE_INVALID_RESPONSE_CODE; - } - packet->id = original->id; - - } else if (allowed_responses[packet->code] == 0) { - nr_debug_error("Cannot encode response %u without original", - packet->code); - return -RSE_REQUEST_REQUIRED; - } - - return 0; -} - -static void encode_header(RADIUS_PACKET *packet) -{ - if ((packet->flags & RS_PACKET_HEADER) != 0) return; - - memset(packet->data, 0, 20); - packet->data[0] = packet->code; - packet->data[1] = packet->id; - packet->data[2] = 0; - packet->data[3] = 20; - packet->length = 20; - - /* - * Calculate a random authentication vector. - */ - if ((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER)) { - nr_rand_bytes(packet->vector, sizeof(packet->vector)); - } else { - memset(packet->vector, 0, sizeof(packet->vector)); - } - - memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); - - packet->flags |= RS_PACKET_HEADER; -} - -int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ -#ifdef PW_MESSAGE_AUTHENTICATOR - size_t ma = 0; -#endif - int rcode; - ssize_t len; - const VALUE_PAIR *vp; - uint8_t *data, *end; - - if ((packet->flags & RS_PACKET_ENCODED) != 0) return 0; - - rcode = can_encode_packet(packet, original); - if (rcode < 0) return rcode; - - data = packet->data; - end = data + packet->sizeof_data; - - encode_header(packet); - data += 20; - - /* - * Encode each VALUE_PAIR - */ - vp = packet->vps; - while (vp) { -#ifdef PW_MESSAGE_AUTHENTICATOR - if (vp->da->attr == PW_MESSAGE_AUTHENTICATOR) { - ma = (data - packet->data); - } -#endif - len = nr_vp2attr(packet, original, &vp, - data, end - data); - if (len < 0) return len; - - if (len == 0) break; /* insufficient room to encode it */ - - data += data[1]; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - /* - * Always send a Message-Authenticator. - * - * We do *not* recommend removing this code. - */ - if (((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER)) && - !ma && - ((data + 18) <= end)) { - ma = (data - packet->data); - data[0] = PW_MESSAGE_AUTHENTICATOR; - data[1] = 18; - memset(data + 2, 0, 16); - data += data[1]; - } -#endif - - packet->length = data - packet->data; - - packet->data[2] = (packet->length >> 8) & 0xff; - packet->data[3] = packet->length & 0xff; - - packet->flags |= RS_PACKET_ENCODED; - - return packet->length; -} - - -/* - * Ensure that the nr_data2attr_t structure is filled in - * appropriately. This includes filling in a fake DICT_ATTR - * structure, if necessary. - */ -static int do_callback(void *ctx, nr_packet_walk_func_t callback, - int attr, int vendor, - const uint8_t *data, size_t sizeof_data) - -{ - int rcode; - const DICT_ATTR *da; - DICT_ATTR myda; - char buffer[64]; - - da = nr_dict_attr_byvalue(attr, vendor); - - /* - * The attribute is supposed to have a particular length, - * but does not. It is therefore malformed. - */ - if (da && (da->flags.length != 0) && - da->flags.length != sizeof_data) { - da = NULL; - } - - if (!da) { - rcode = nr_dict_attr_2struct(&myda, attr, vendor, - buffer, sizeof(buffer)); - - if (rcode < 0) return rcode; - da = &myda; - } - - rcode = callback(ctx, da, data, sizeof_data); - if (rcode < 0) return rcode; - - return 0; -} - - -int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, - nr_packet_walk_func_t callback) -{ - int rcode; - uint8_t *attr; - const uint8_t *end; - - if (!packet || !callback) return -RSE_INVAL; - - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - end = packet->data + packet->length; - - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - int length, value; - int dv_type, dv_length; - uint32_t vendorpec; - const uint8_t *vsa; - const DICT_VENDOR *dv = NULL; - - vendorpec = 0; - value = attr[0]; - - if (value != PW_VENDOR_SPECIFIC) { - raw: - rcode = do_callback(ctx, callback, - attr[0], 0, - attr + 2, attr[1] - 2); - if (rcode < 0) return rcode; - continue; - } - - if (attr[1] < 6) goto raw; - memcpy(&vendorpec, attr + 2, 4); - vendorpec = ntohl(vendorpec); - - if (dv && (dv->vendor != vendorpec)) dv = NULL; - - if (!dv) dv = nr_dict_vendor_byvalue(vendorpec); - - if (dv) { - dv_type = dv->type; - dv_length = dv->length; - } else { - dv_type = 1; - dv_length = 1; - } - - /* - * Malformed: it's a raw attribute. - */ - if (nr_tlv_ok(attr + 6, attr[1] - 6, dv_type, dv_length) < 0) { - goto raw; - } - - for (vsa = attr + 6; vsa < attr + attr[1]; vsa += length) { - switch (dv_type) { - case 4: - value = (vsa[2] << 8) | vsa[3]; - break; - - case 2: - value = (vsa[0] << 8) | vsa[1]; - break; - - case 1: - value = vsa[0]; - break; - - default: - return -RSE_INTERNAL; - } - - switch (dv_length) { - case 0: - length = attr[1] - 6 - dv_type; - break; - - case 2: - case 1: - length = vsa[dv_type + dv_length - 1]; - break; - - default: - return -RSE_INTERNAL; - } - - rcode = do_callback(ctx, callback, - value, vendorpec, - vsa + dv_type + dv_length, - length - dv_type - dv_length); - if (rcode < 0) return rcode; - } - } - - return 0; -} - -int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret, int code, - void *data, size_t sizeof_data) -{ - int rcode; - - if ((code < 0) || (code > RS_MAX_PACKET_CODE)) { - return -RSE_INVALID_REQUEST_CODE; - } - - if (!data || (sizeof_data < 20)) return -RSE_INVAL; - - memset(packet, 0, sizeof(*packet)); - packet->secret = secret; - packet->sizeof_secret = secret ? strlen(secret) : 0; - packet->code = code; - packet->id = 0; - packet->data = data; - packet->sizeof_data = sizeof_data; - - rcode = can_encode_packet(packet, original); - if (rcode < 0) return rcode; - - encode_header(packet); - - return 0; -} - - -static int pack_eap(RADIUS_PACKET *packet, - const void *data, size_t data_len) -{ - uint8_t *attr, *end; - const uint8_t *eap; - size_t left; - - eap = data; - left = data_len; - attr = packet->data + packet->length; - end = attr + packet->sizeof_data; - - while (left > 253) { - if ((attr + 255) > end) return -RSE_ATTR_OVERFLOW; - - attr[0] = PW_EAP_MESSAGE; - attr[1] = 255; - memcpy(attr + 2, eap, 253); - attr += attr[1]; - eap += 253; - left -= 253; - } - - if ((attr + (2 + left)) > end) return -RSE_ATTR_OVERFLOW; - - attr[0] = PW_EAP_MESSAGE; - attr[1] = 2 + left; - memcpy(attr + 2, eap, left); - attr += attr[1]; - packet->length = attr - packet->data; - - return 0; -} - -ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const DICT_ATTR *da, - const void *data, size_t data_len) -{ - ssize_t rcode; - uint8_t *attr, *end; - VALUE_PAIR my_vp; - const VALUE_PAIR *vp; - - if (!packet || !da || !data) { - return -RSE_INVAL; - } - - if (data_len == 0) { - if (da->type != RS_TYPE_STRING) return -RSE_ATTR_TOO_SMALL; - - data_len = strlen(data); - } - - packet->flags |= RS_PACKET_ENCODED; /* ignore any VPs */ - - attr = packet->data + packet->length; - end = attr + packet->sizeof_data; - - if ((attr + 2 + data_len) > end) { - return -RSE_ATTR_OVERFLOW; - } - - if ((da->flags.length != 0) && - (data_len != da->flags.length)) { - return -RSE_ATTR_VALUE_MALFORMED; - } - -#ifdef PW_EAP_MESSAGE - /* - * automatically split EAP-Message into multiple - * attributes. - */ - if (!da->vendor && (da->attr == PW_EAP_MESSAGE) && (data_len > 253)) { - return pack_eap(packet, data, data_len); - } -#endif - - if (data_len > 253) return -RSE_ATTR_TOO_LARGE; - - vp = nr_vp_init(&my_vp, da); - rcode = nr_vp_set_data(&my_vp, data, data_len); - if (rcode < 0) return rcode; - - /* - * Note that this function packs VSAs each into their own - * Vendor-Specific attribute. If this isn't what you - * want, use the version of the library with full support - * for TLVs, WiMAX, and extended attributes. - */ - rcode = nr_vp2attr(packet, original, &vp, attr, end - attr); - if (rcode <= 0) return rcode; - - packet->length += rcode; - - return rcode; -} diff --git a/lib/radius/parse.c b/lib/radius/parse.c index cd7491a..8446306 100644 --- a/lib/radius/parse.c +++ b/lib/radius/parse.c @@ -30,18 +30,25 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "client.h" + +#ifdef HAVE_ARPA_INET_H #include +#endif ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) { char *end; switch (vp->da->type) { - case RS_TYPE_STRING: - strlcpy(vp->vp_strvalue, value, sizeof(vp->vp_strvalue)); - vp->length = strlen(vp->vp_strvalue); - return vp->length; + case RS_TYPE_STRING: { + size_t len = strlen(value); + if (len >= RS_MAX_STRING_LEN) + return -RSE_ATTR_TOO_LARGE; + + memcpy(vp->vp_strvalue, value, len + 1); + return (vp->length = len); + } case RS_TYPE_DATE: case RS_TYPE_INTEGER: vp->vp_integer = strtoul(value, &end, 10); diff --git a/lib/radius/print.c b/lib/radius/print.c index 28dd0a6..6fa06d7 100644 --- a/lib/radius/print.c +++ b/lib/radius/print.c @@ -164,6 +164,7 @@ size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) break; default: + len = 0; break; } diff --git a/lib/radius/radpkt.c b/lib/radius/radpkt.c new file mode 100644 index 0000000..bb8f75e --- /dev/null +++ b/lib/radius/radpkt.c @@ -0,0 +1,916 @@ +/* +Copyright (c) 2011, Network RADIUS SARL +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** \file packet.c + * \brief Encoding and decoding packets + */ + +#include "client.h" + +#if RS_MAX_PACKET_LEN < 64 +#error RS_MAX_PACKET_LEN is too small. It should be at least 64. +#endif + +#if RS_MAX_PACKET_LEN > 16384 +#error RS_MAX_PACKET_LEN is too large. It should be smaller than 16K. +#endif + +const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1] = { + NULL, + "Access-Request", + "Access-Accept", + "Access-Reject", + "Accounting-Request", + "Accounting-Response", + NULL, NULL, NULL, NULL, NULL, + "Access-Challenge", + "Status-Server", /* 12 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 19 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 20..29 */ + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 30..39 */ + "Disconnect-Request", + "Disconnect-ACK", + "Disconnect-NAK", + "CoA-Request", + "CoA-ACK", + "CoA-NAK" +}; + + +static uint64_t allowed_responses[RS_MAX_PACKET_CODE + 1] = { + 0, + (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE), + 0, 0, + 1 << PW_ACCOUNTING_RESPONSE, + 0, + 0, 0, 0, 0, 0, + 0, + (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE) | (1 << PW_ACCOUNTING_RESPONSE), + 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20..29 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30..39 */ + (((uint64_t) 1) << PW_DISCONNECT_ACK) | (((uint64_t) 1) << PW_DISCONNECT_NAK), + 0, + 0, + (((uint64_t) 1) << PW_COA_ACK) | (((uint64_t) 1) << PW_COA_NAK), + 0, + 0 +}; + + +int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) +{ + size_t packet_len; + const uint8_t *attr, *end; + + if (!data || (sizeof_data < 20)) { + nr_debug_error("Invalid argument"); + return -RSE_INVAL; + } + + packet_len = (data[2] << 8) | data[3]; + if (packet_len < 20) { + nr_debug_error("Packet length is too small"); + return -RSE_PACKET_TOO_SMALL; + } + + if (packet_len > sizeof_data) { + nr_debug_error("Packet length overflows received data"); + return -RSE_PACKET_TOO_LARGE; + } + + /* + * If we receive 100 bytes, and the header says it's 20 bytes, + * then it's 20 bytes. + */ + end = data + packet_len; + + for (attr = data + 20; attr < end; attr += attr[1]) { + if ((attr + 2) > end) { + nr_debug_error("Attribute overflows packet"); + return -RSE_ATTR_OVERFLOW; + } + + if (attr[1] < 2) { + nr_debug_error("Attribute length is too small"); + return -RSE_ATTR_TOO_SMALL; + } + + if ((attr + attr[1]) > end) { + nr_debug_error("Attribute length is too large"); + return -RSE_ATTR_TOO_LARGE; + } + } + + return 0; +} + +int nr_packet_ok(RADIUS_PACKET *packet) +{ + int rcode; + + if (!packet) return -RSE_INVAL; + + if ((packet->flags & RS_PACKET_OK) != 0) return 0; + + rcode = nr_packet_ok_raw(packet->data, packet->length); + if (rcode < 0) return rcode; + + packet->flags |= RS_PACKET_OK; + return 0; +} + + +/* + * Comparison function that is time-independent. Using "memcmp" + * would satisfy the "comparison" part. However, it would also + * leak information about *which* bytes are wrong. Attackers + * could use that leak to create a "correct" RADIUS packet which + * will be accepted by the client and/or server. + */ +static int digest_cmp(const uint8_t *a, const uint8_t *b, size_t length) +{ + int result = 0; + size_t i; + + for (i = 0; i < length; i++) { + result |= (a[i] ^ b[i]); + } + + return result; +} + + +#ifdef PW_MESSAGE_AUTHENTICATOR +static int msg_auth_ok(const RADIUS_PACKET *original, + uint8_t *ma, + uint8_t *data, size_t length) +{ + uint8_t packet_vector[sizeof(original->vector)]; + uint8_t msg_auth_vector[sizeof(original->vector)]; + uint8_t calc_auth_vector[sizeof(original->vector)]; + + if (ma[1] != 18) { + nr_debug_error("Message-Authenticator has invalid length"); + return -RSE_MSG_AUTH_LEN; + } + + memcpy(packet_vector, data + 4, sizeof(packet_vector)); + memcpy(msg_auth_vector, ma + 2, sizeof(msg_auth_vector)); + memset(ma + 2, 0, sizeof(msg_auth_vector)); + + switch (data[0]) { + default: + break; + + case PW_ACCOUNTING_REQUEST: + case PW_ACCOUNTING_RESPONSE: + case PW_DISCONNECT_REQUEST: + case PW_DISCONNECT_ACK: + case PW_DISCONNECT_NAK: + case PW_COA_REQUEST: + case PW_COA_ACK: + case PW_COA_NAK: + memset(data + 4, 0, sizeof(packet_vector)); + break; + + case PW_ACCESS_ACCEPT: + case PW_ACCESS_REJECT: + case PW_ACCESS_CHALLENGE: + if (!original) { + nr_debug_error("Cannot validate response without request"); + return -RSE_REQUEST_REQUIRED; + } + memcpy(data + 4, original->vector, sizeof(original->vector)); + break; + } + + nr_hmac_md5(data, length, + (const uint8_t *) original->secret, original->sizeof_secret, + calc_auth_vector); + + memcpy(ma + 2, msg_auth_vector, sizeof(msg_auth_vector)); + memcpy(data + 4, packet_vector, sizeof(packet_vector)); + + if (digest_cmp(calc_auth_vector, msg_auth_vector, + sizeof(calc_auth_vector)) != 0) { + nr_debug_error("Invalid Message-Authenticator"); + return -RSE_MSG_AUTH_WRONG; + } + + return 1; +} +#endif + +/* + * The caller ensures that the packet codes are as expected. + */ +static int packet_auth_ok(const RADIUS_PACKET *original, + uint8_t *data, size_t length) +{ + uint8_t packet_vector[sizeof(original->vector)]; + uint8_t calc_digest[sizeof(original->vector)]; + RS_MD5_CTX ctx; + + if ((data[0] == PW_ACCESS_REQUEST) || + (data[0] == PW_STATUS_SERVER)) return 1; + + memcpy(packet_vector, data + 4, sizeof(packet_vector)); + + if (!original) { + memset(data + 4, 0, sizeof(packet_vector)); + } else { + memcpy(data + 4, original->vector, sizeof(original->vector)); + } + + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, data, length); + RS_MD5Update(&ctx, (const unsigned char *)original->secret, original->sizeof_secret); + RS_MD5Final(calc_digest, &ctx); + + memcpy(data + 4, packet_vector, sizeof(packet_vector)); + + if (digest_cmp(calc_digest, packet_vector, + sizeof(packet_vector)) != 0) { + nr_debug_error("Invalid authentication vector"); + return -RSE_AUTH_VECTOR_WRONG; + } + + return 0; +} + + +int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ + int rcode; + uint8_t *attr; +#ifdef PW_MESSAGE_AUTHENTICATOR + const uint8_t *end; +#endif + + if (!packet || !packet->data || !packet->secret) { + nr_debug_error("Invalid argument"); + return -RSE_INVAL; + } + + if ((packet->flags & RS_PACKET_VERIFIED) != 0) return 0; + + /* + * Packet isn't well formed. Ignore it. + */ + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + /* + * Get rid of improper packets as early as possible. + */ + if (original) { + uint64_t mask; + + if (original->code > RS_MAX_PACKET_CODE) { + nr_debug_error("Invalid original code %u", + original->code); + return -RSE_INVALID_REQUEST_CODE; + } + + if (packet->data[1] != original->id) { + nr_debug_error("Ignoring response with wrong ID %u", + packet->data[1]); + return -RSE_INVALID_RESPONSE_CODE; + } + + mask = 1; + mask <<= packet->data[0]; + + if ((allowed_responses[original->code] & mask) == 0) { + nr_debug_error("Ignoring response with wrong code %u", + packet->data[0]); + return -RSE_INVALID_RESPONSE_CODE; + } + + if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && + (evutil_sockaddr_cmp((struct sockaddr *)&packet->src, (struct sockaddr *)&original->dst, 1) != 0)) { + nr_debug_error("Ignoring response from wrong IP/port"); + return -RSE_INVALID_RESPONSE_SRC; + } + + } else if (allowed_responses[packet->data[0]] != 0) { + nr_debug_error("Ignoring response without original"); + return -RSE_INVALID_RESPONSE_CODE; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + end = packet->data + packet->length; + + /* + * Note that the packet MUST be well-formed here. + */ + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { + rcode = msg_auth_ok(original, attr, + packet->data, packet->length); + if (rcode < 0) return rcode; + } + } +#endif + + /* + * Verify the packet authenticator. + */ + rcode = packet_auth_ok(original, packet->data, packet->length); + if (rcode < 0) return rcode; + + packet->flags |= RS_PACKET_VERIFIED; + + return 0; +} + + +int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ + int rcode, num_attributes; + uint8_t *data, *attr; + const uint8_t *end; + VALUE_PAIR **tail, *vp; + + if (!packet) return -RSE_INVAL; + + if ((packet->flags & RS_PACKET_DECODED) != 0) return 0; + + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + data = packet->data; + end = data + packet->length; + tail = &packet->vps; + num_attributes = 0; + + /* + * Loop over the packet, converting attrs to VPs. + */ + for (attr = data + 20; attr < end; attr += attr[1]) { + rcode = nr_attr2vp(packet, original, + attr, end - attr, &vp); + if (rcode < 0) { + nr_vp_free(&packet->vps); + return -rcode; + } + + *tail = vp; + while (vp) { + num_attributes++; + tail = &(vp->next); + vp = vp->next; + } + + if (num_attributes > RS_MAX_ATTRIBUTES) { + nr_debug_error("Too many attributes"); + nr_vp_free(&packet->vps); + return -RSE_TOO_MANY_ATTRS; + } + } + + packet->code = data[0]; + packet->id = data[1]; + memcpy(packet->vector, data + 4, sizeof(packet->vector)); + + packet->flags |= RS_PACKET_DECODED; + + return 0; +} + + +int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ +#ifdef PW_MESSAGE_AUTHENTICATOR + size_t ma = 0; + const uint8_t *attr, *end; +#endif + + if ((packet->flags & RS_PACKET_SIGNED) != 0) return 0; + + if ((packet->flags & RS_PACKET_ENCODED) == 0) { + int rcode; + + rcode = nr_packet_encode(packet, original); + if (rcode < 0) return rcode; + } + + if ((packet->code == PW_ACCESS_ACCEPT) || + (packet->code == PW_ACCESS_CHALLENGE) || + (packet->code == PW_ACCESS_REJECT)) { +#ifdef PW_MESSAGE_AUTHENTICATOR + if (!original) { + nr_debug_error("Original packet is required to create the Message-Authenticator"); + return -RSE_REQUEST_REQUIRED; + } +#endif + + memcpy(packet->data + 4, original->vector, + sizeof(original->vector)); + } else { + memcpy(packet->data + 4, packet->vector, + sizeof(packet->vector)); + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + end = packet->data + packet->length; + + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { + ma = (attr - packet->data); + break; + } + } + + /* + * Force all Access-Request packets to have a + * Message-Authenticator. + */ + if (!ma && ((packet->length + 18) <= packet->sizeof_data) && + ((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER))) { + ma = packet->length; + + packet->data[ma]= PW_MESSAGE_AUTHENTICATOR; + packet->data[ma + 1] = 18; + memset(&packet->data[ma + 2], 0, 16); + packet->length += 18; + } + + /* + * Reset the length. + */ + packet->data[2] = (packet->length >> 8) & 0xff; + packet->data[3] = packet->length & 0xff; + + /* + * Sign the Message-Authenticator && packet. + */ + if (ma) { + nr_hmac_md5(packet->data, packet->length, + (const uint8_t *) packet->secret, packet->sizeof_secret, + packet->data + ma + 2); + } +#endif + + /* + * Calculate the signature. + */ + if (!((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER))) { + RS_MD5_CTX ctx; + + RS_MD5Init(&ctx); + RS_MD5Update(&ctx, packet->data, packet->length); + RS_MD5Update(&ctx, (const unsigned char *)packet->secret, packet->sizeof_secret); + RS_MD5Final(packet->vector, &ctx); + } + + memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); + + packet->attempts = 0; + packet->flags |= RS_PACKET_SIGNED; + + return 0; +} + + +static int can_encode_packet(RADIUS_PACKET *packet, + const RADIUS_PACKET *original) +{ + if ((packet->code == 0) || + (packet->code > RS_MAX_PACKET_CODE) || + (original && (original->code > RS_MAX_PACKET_CODE))) { + nr_debug_error("Cannot send unknown packet code"); + return -RSE_INVALID_REQUEST_CODE; + } + + if (!nr_packet_codes[packet->code]) { + nr_debug_error("Cannot handle packet code %u", + packet->code); + return -RSE_INVALID_REQUEST_CODE; + } + +#ifdef NR_NO_MALLOC + if (!packet->data) { + nr_debug_error("No place to put packet"); + return -RSE_NO_PACKET_DATA; + } +#endif + + if (packet->sizeof_data < 20) { + nr_debug_error("The buffer is too small to encode the packet"); + return -RSE_PACKET_TOO_SMALL; + } + + /* + * Enforce request / response correlation. + */ + if (original) { + uint64_t mask; + + mask = 1; + mask <<= packet->code; + + if ((allowed_responses[original->code] & mask) == 0) { + nr_debug_error("Cannot encode response %u to packet %u", + packet->code, original->code); + return -RSE_INVALID_RESPONSE_CODE; + } + packet->id = original->id; + + } else if (allowed_responses[packet->code] == 0) { + nr_debug_error("Cannot encode response %u without original", + packet->code); + return -RSE_REQUEST_REQUIRED; + } + + return 0; +} + +static void encode_header(RADIUS_PACKET *packet) +{ + if ((packet->flags & RS_PACKET_HEADER) != 0) return; + + memset(packet->data, 0, 20); + packet->data[0] = packet->code; + packet->data[1] = packet->id; + packet->data[2] = 0; + packet->data[3] = 20; + packet->length = 20; + + /* + * Calculate a random authentication vector. + */ + if ((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER)) { + nr_rand_bytes(packet->vector, sizeof(packet->vector)); + } else { + memset(packet->vector, 0, sizeof(packet->vector)); + } + + memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); + + packet->flags |= RS_PACKET_HEADER; +} + +int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) +{ +#ifdef PW_MESSAGE_AUTHENTICATOR + size_t ma = 0; +#endif + int rcode; + ssize_t len; + const VALUE_PAIR *vp; + uint8_t *data, *end; + + if ((packet->flags & RS_PACKET_ENCODED) != 0) return 0; + + rcode = can_encode_packet(packet, original); + if (rcode < 0) return rcode; + + data = packet->data; + end = data + packet->sizeof_data; + + encode_header(packet); + data += 20; + + /* + * Encode each VALUE_PAIR + */ + vp = packet->vps; + while (vp) { +#ifdef PW_MESSAGE_AUTHENTICATOR + if (vp->da->attr == PW_MESSAGE_AUTHENTICATOR) { + ma = (data - packet->data); + } +#endif + len = nr_vp2attr(packet, original, &vp, + data, end - data); + if (len < 0) return len; + + if (len == 0) break; /* insufficient room to encode it */ + + data += data[1]; + } + +#ifdef PW_MESSAGE_AUTHENTICATOR + /* + * Always send a Message-Authenticator. + * + * We do *not* recommend removing this code. + */ + if (((packet->code == PW_ACCESS_REQUEST) || + (packet->code == PW_STATUS_SERVER)) && + !ma && + ((data + 18) <= end)) { + ma = (data - packet->data); + data[0] = PW_MESSAGE_AUTHENTICATOR; + data[1] = 18; + memset(data + 2, 0, 16); + data += data[1]; + } +#endif + + packet->length = data - packet->data; + + packet->data[2] = (packet->length >> 8) & 0xff; + packet->data[3] = packet->length & 0xff; + + packet->flags |= RS_PACKET_ENCODED; + + return packet->length; +} + + +/* + * Ensure that the nr_data2attr_t structure is filled in + * appropriately. This includes filling in a fake DICT_ATTR + * structure, if necessary. + */ +static int do_callback(void *ctx, nr_packet_walk_func_t callback, + int attr, int vendor, + const uint8_t *data, size_t sizeof_data) + +{ + int rcode; + const DICT_ATTR *da; + DICT_ATTR myda; + char buffer[64]; + + da = nr_dict_attr_byvalue(attr, vendor); + + /* + * The attribute is supposed to have a particular length, + * but does not. It is therefore malformed. + */ + if (da && (da->flags.length != 0) && + da->flags.length != sizeof_data) { + da = NULL; + } + + if (!da) { + rcode = nr_dict_attr_2struct(&myda, attr, vendor, + buffer, sizeof(buffer)); + + if (rcode < 0) return rcode; + da = &myda; + } + + rcode = callback(ctx, da, data, sizeof_data); + if (rcode < 0) return rcode; + + return 0; +} + + +int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, + nr_packet_walk_func_t callback) +{ + int rcode; + uint8_t *attr; + const uint8_t *end; + + if (!packet || !callback) return -RSE_INVAL; + + rcode = nr_packet_ok(packet); + if (rcode < 0) return rcode; + + end = packet->data + packet->length; + + for (attr = packet->data + 20; attr < end; attr += attr[1]) { + int length, value; + int dv_type, dv_length; + uint32_t vendorpec; + const uint8_t *vsa; + const DICT_VENDOR *dv = NULL; + + vendorpec = 0; + value = attr[0]; + + if (value != PW_VENDOR_SPECIFIC) { + raw: + rcode = do_callback(ctx, callback, + attr[0], 0, + attr + 2, attr[1] - 2); + if (rcode < 0) return rcode; + continue; + } + + if (attr[1] < 6) goto raw; + memcpy(&vendorpec, attr + 2, 4); + vendorpec = ntohl(vendorpec); + + if (dv && (dv->vendor != vendorpec)) dv = NULL; + + if (!dv) dv = nr_dict_vendor_byvalue(vendorpec); + + if (dv) { + dv_type = dv->type; + dv_length = dv->length; + } else { + dv_type = 1; + dv_length = 1; + } + + /* + * Malformed: it's a raw attribute. + */ + if (nr_tlv_ok(attr + 6, attr[1] - 6, dv_type, dv_length) < 0) { + goto raw; + } + + for (vsa = attr + 6; vsa < attr + attr[1]; vsa += length) { + switch (dv_type) { + case 4: + value = (vsa[2] << 8) | vsa[3]; + break; + + case 2: + value = (vsa[0] << 8) | vsa[1]; + break; + + case 1: + value = vsa[0]; + break; + + default: + return -RSE_INTERNAL; + } + + switch (dv_length) { + case 0: + length = attr[1] - 6 - dv_type; + break; + + case 2: + case 1: + length = vsa[dv_type + dv_length - 1]; + break; + + default: + return -RSE_INTERNAL; + } + + rcode = do_callback(ctx, callback, + value, vendorpec, + vsa + dv_type + dv_length, + length - dv_type - dv_length); + if (rcode < 0) return rcode; + } + } + + return 0; +} + +int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, + const char *secret, int code, + void *data, size_t sizeof_data) +{ + int rcode; + + if ((code < 0) || (code > RS_MAX_PACKET_CODE)) { + return -RSE_INVALID_REQUEST_CODE; + } + + if (!data || (sizeof_data < 20)) return -RSE_INVAL; + + memset(packet, 0, sizeof(*packet)); + packet->secret = secret; + packet->sizeof_secret = secret ? strlen(secret) : 0; + packet->code = code; + packet->id = 0; + packet->data = data; + packet->sizeof_data = sizeof_data; + + rcode = can_encode_packet(packet, original); + if (rcode < 0) return rcode; + + encode_header(packet); + + return 0; +} + + +static int pack_eap(RADIUS_PACKET *packet, + const void *data, size_t data_len) +{ + uint8_t *attr, *end; + const uint8_t *eap; + size_t left; + + eap = data; + left = data_len; + attr = packet->data + packet->length; + end = attr + packet->sizeof_data; + + while (left > 253) { + if ((attr + 255) > end) return -RSE_ATTR_OVERFLOW; + + attr[0] = PW_EAP_MESSAGE; + attr[1] = 255; + memcpy(attr + 2, eap, 253); + attr += attr[1]; + eap += 253; + left -= 253; + } + + if ((attr + (2 + left)) > end) return -RSE_ATTR_OVERFLOW; + + attr[0] = PW_EAP_MESSAGE; + attr[1] = 2 + left; + memcpy(attr + 2, eap, left); + attr += attr[1]; + packet->length = attr - packet->data; + + return 0; +} + +ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, + const RADIUS_PACKET *original, + const DICT_ATTR *da, + const void *data, size_t data_len) +{ + ssize_t rcode; + uint8_t *attr, *end; + VALUE_PAIR my_vp; + const VALUE_PAIR *vp; + + if (!packet || !da || !data) { + return -RSE_INVAL; + } + + if (data_len == 0) { + if (da->type != RS_TYPE_STRING) return -RSE_ATTR_TOO_SMALL; + + data_len = strlen(data); + } + + packet->flags |= RS_PACKET_ENCODED; /* ignore any VPs */ + + attr = packet->data + packet->length; + end = attr + packet->sizeof_data; + + if ((attr + 2 + data_len) > end) { + return -RSE_ATTR_OVERFLOW; + } + + if ((da->flags.length != 0) && + (data_len != da->flags.length)) { + return -RSE_ATTR_VALUE_MALFORMED; + } + +#ifdef PW_EAP_MESSAGE + /* + * automatically split EAP-Message into multiple + * attributes. + */ + if (!da->vendor && (da->attr == PW_EAP_MESSAGE) && (data_len > 253)) { + return pack_eap(packet, data, data_len); + } +#endif + + if (data_len > 253) return -RSE_ATTR_TOO_LARGE; + + vp = nr_vp_init(&my_vp, da); + rcode = nr_vp_set_data(&my_vp, data, data_len); + if (rcode < 0) return rcode; + + /* + * Note that this function packs VSAs each into their own + * Vendor-Specific attribute. If this isn't what you + * want, use the version of the library with full support + * for TLVs, WiMAX, and extended attributes. + */ + rcode = nr_vp2attr(packet, original, &vp, attr, end - attr); + if (rcode <= 0) return rcode; + + packet->length += rcode; + + return rcode; +} diff --git a/lib/radius/valuepair.c b/lib/radius/valuepair.c index b374fdd..6277f7d 100644 --- a/lib/radius/valuepair.c +++ b/lib/radius/valuepair.c @@ -35,17 +35,13 @@ void nr_vp_free(VALUE_PAIR **head) { VALUE_PAIR *next, *vp; - if (!head || !*head) return; - - vp = *head; - do { - if (vp) next = vp->next; + for (vp = *head; vp != NULL; vp = next) { + next = vp->next; if (vp->da->flags.encrypt) { memset(vp, 0, sizeof(vp)); } free(vp); - vp = next; - } while (next); + } *head = NULL; } -- cgit v1.1 From 34747348ee53e02bb6faa6a6e26c1440e327ff60 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 17:05:17 +1100 Subject: remove rs_packet_frpkt --- lib/examples/client-blocking.c | 5 ++--- lib/include/radsec/radsec-impl.h | 3 --- lib/packet.c | 7 ------- lib/radsec.sym | 1 - lib/tests/test-udp.c | 3 +-- 5 files changed, 3 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c index 509e68a..2cfd617 100644 --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@ -5,7 +5,6 @@ #include #include #include -#include #include #include #include @@ -70,10 +69,10 @@ blocking_client (const char *av1, const char *av2, int use_request_object_flag) if (resp) { rs_dump_packet (resp); - if (rs_packet_frpkt (resp)->code == PW_ACCESS_ACCEPT) + if (rs_packet_code (resp) == PW_ACCESS_ACCEPT) printf ("Good auth.\n"); else - printf ("Bad auth: %d\n", rs_packet_frpkt (resp)->code); + printf ("Bad auth: %d\n", rs_packet_code (resp)); } else fprintf (stderr, "%s: no response\n", __func__); diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index 2df632a..da4e99c 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -125,9 +125,6 @@ struct rs_error *rs_resolv (struct evutil_addrinfo **addr, const char *hostname, const char *service); -/** Return the internal packet associated with packet \a pkt. */ -struct radius_packet *rs_packet_frpkt(struct rs_packet *pkt); - #if defined (__cplusplus) } #endif diff --git a/lib/packet.c b/lib/packet.c index 4a29b5f..86a16c3 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -197,13 +197,6 @@ rs_packet_create_authn_request (struct rs_connection *conn, return RSE_OK; } -struct radius_packet * -rs_packet_frpkt (struct rs_packet *pkt) -{ - assert (pkt); - return pkt->rpkt; -} - void rs_packet_destroy (struct rs_packet *pkt) { diff --git a/lib/radsec.sym b/lib/radsec.sym index c5890a9..5382409 100644 --- a/lib/radsec.sym +++ b/lib/radsec.sym @@ -69,7 +69,6 @@ rs_packet_code rs_packet_create rs_packet_create_authn_request rs_packet_destroy -rs_packet_frpkt rs_packet_send rs_peer_create rs_peer_set_address diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c index e51531c..f66eebd 100644 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@ -1,6 +1,5 @@ #include #include -#include #include "radsec/radsec.h" #include "radsec/request.h" #include "udp.h" @@ -19,7 +18,7 @@ authenticate (struct rs_connection *conn, const char *user, const char *pw) rs_request_add_reqpkt (req, msg); assert_true (rs_request_send (req, &resp) == 0); //printf ("%s\n", rs_err_msg (rs_err_conn_pop (conn), 1)); - assert_true (rs_packet_frpkt (resp)->code == PW_ACCESS_ACCEPT); + assert_true (rs_packet_code(resp) == PW_ACCESS_ACCEPT); rs_request_destroy (req); } -- cgit v1.1 From f780ff204e39420aabf94a7fab4e2c37790b658f Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 17:05:55 +1100 Subject: remove dictionary configuration parameter --- lib/conf.c | 3 --- lib/examples/client.conf | 2 -- lib/include/radsec/radsec-impl.h | 1 - 3 files changed, 6 deletions(-) (limited to 'lib') diff --git a/lib/conf.c b/lib/conf.c index f5d1b2b..84bd1a8 100644 --- a/lib/conf.c +++ b/lib/conf.c @@ -15,7 +15,6 @@ #if 0 # common config options - dictionary = STRING # common realm config options realm NAME { @@ -69,7 +68,6 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) }; cfg_opt_t opts[] = { - CFG_STR ("dictionary", NULL, CFGF_NONE), CFG_SEC ("realm", realm_opts, CFGF_TITLE | CFGF_MULTI), CFG_END () }; @@ -98,7 +96,6 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) if (config == NULL) return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); ctx->config = config; - config->dictionary = cfg_getstr (cfg, "dictionary"); for (i = 0; i < cfg_size (cfg, "realm"); i++) { diff --git a/lib/examples/client.conf b/lib/examples/client.conf index 07486c6..47528c8 100644 --- a/lib/examples/client.conf +++ b/lib/examples/client.conf @@ -1,5 +1,3 @@ -dictionary = "/usr/share/freeradius/dictionary" - realm blocking-udp { type = "UDP" timeout = 2 diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index da4e99c..2274a99 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -62,7 +62,6 @@ struct rs_realm { /** Top configuration object. */ struct rs_config { - char *dictionary; struct rs_realm *realms; cfg_t *cfg; }; -- cgit v1.1 From d9ae6534eed05639403584b7b2733ec36c08f1a4 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 18:54:44 +1100 Subject: add rs_attr_display_name/rs_attr_parse_name --- lib/avp.c | 74 +++++++++++++++++++++++++++++++++++++ lib/include/radsec/radsec.h | 57 ++++++++++++++++++++++++++-- lib/radius/Makefile.am | 1 + lib/radius/share/dictionary.juniper | 23 ++++++++++++ lib/radsec.sym | 2 + 5 files changed, 153 insertions(+), 4 deletions(-) create mode 100644 lib/radius/share/dictionary.juniper (limited to 'lib') diff --git a/lib/avp.c b/lib/avp.c index 0de72b1..5af6129 100644 --- a/lib/avp.c +++ b/lib/avp.c @@ -447,6 +447,79 @@ rs_attr_find (const char *name, return RSE_OK; } +int +rs_attr_display_name (unsigned int attr, + unsigned int vendor, + char *buffer, + size_t bufsize, + int canonical) +{ + const DICT_ATTR *da = NULL; + DICT_ATTR da2; + int err; + + if (!canonical) { + da = nr_dict_attr_byvalue (attr, vendor); + } + if (da == NULL) { + err = nr_dict_attr_2struct(&da2, attr, vendor, + buffer, bufsize); + if (err < 0) + return -err; + } else { + snprintf(buffer, bufsize, "%s", da->name); + } + + return RSE_OK; +} + +int +rs_attr_parse_name (const char *name, + unsigned int *attr, + unsigned int *vendor) +{ + const DICT_ATTR *da; + + if (strncmp(name, "Attr-", 5) == 0) { + char *s = (char *)&name[5]; + unsigned int tmp; + + tmp = strtoul(s, &s, 10); + if (*s == '.') { + s++; + + switch (tmp) { + case PW_VENDOR_SPECIFIC: + *vendor = strtoul(s, &s, 10); + if (*s != '.') + return RSE_ATTR_BAD_NAME; + + s++; + + *attr = strtoul(s, &s, 10); + if (*s != '\0') + return RSE_ATTR_BAD_NAME; + + break; + default: + return RSE_ATTR_BAD_NAME; + } + } else { + *attr = tmp; + *vendor = 0; + } + } else { + da = nr_dict_attr_byname (name); + if (da == NULL) + return RSE_ATTR_UNKNOWN; + + *attr = da->attr; + *vendor = da->vendor; + } + + return RSE_OK; +} + size_t rs_avp_display_value (rs_const_avp *vp, char *buffer, @@ -454,3 +527,4 @@ rs_avp_display_value (rs_const_avp *vp, { return nr_vp_snprintf_value (buffer, buflen, vp); } + diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 33d7990..6e967af 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -407,121 +407,170 @@ int rs_err_code(struct rs_error *err, int dofree_flag); */ #define RS_MAX_STRING_LEN 254 +/** Free the AVP list \a vps */ void rs_avp_free(rs_avp **vps); +/** Return the length of AVP \a vp in bytes */ size_t rs_avp_length(rs_const_avp *vp); +/** Return the type of \a vp */ rs_attr_type_t rs_avp_typeof(rs_const_avp *vp); +/** Retrieve the attribute and vendor ID of \a vp */ void rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor); - +/** Add \a vp to the list pointed to by \a head */ void -rs_avp_append(rs_avp **head, rs_avp *tail); +rs_avp_append(rs_avp **head, rs_avp *vp); +/** Find an AVP in \a vp that matches \a attr and \a vendor */ rs_avp * rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor); +/** Find an AVP in \a vp that matches \a attr and \a vendor */ rs_const_avp * rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor); +/** Alloc a new AVP for \a attr and \a vendor */ rs_avp * rs_avp_alloc(unsigned int attr, unsigned int vendor); +/** Duplicate existing AVP \a vp */ rs_avp * rs_avp_dup(rs_const_avp *vp); +/** Remove matching AVP from list \a vps */ int -rs_avp_delete(rs_avp **first, unsigned int attr, unsigned int vendor); +rs_avp_delete(rs_avp **vps, unsigned int attr, unsigned int vendor); +/** Return next AVP in list */ rs_avp * -rs_avp_next(rs_avp *avp); +rs_avp_next(rs_avp *vp); +/** Return next AVP in list */ rs_const_avp * rs_avp_next_const(rs_const_avp *avp); +/** Return string value of \a vp */ const char * rs_avp_string_value(rs_const_avp *vp); +/** Set AVP \a vp to string \a str */ int rs_avp_string_set(rs_avp *vp, const char *str); +/** Return integer value of \a vp */ uint32_t rs_avp_integer_value(rs_const_avp *vp); +/** Set AVP \a vp to integer \a val */ int rs_avp_integer_set(rs_avp *vp, uint32_t val); +/** Return IPv4 value of \a vp */ uint32_t rs_avp_ipaddr_value(rs_const_avp *vp); +/** Set AVP \a vp to IPv4 address \a in */ int rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in); +/** Return POSIX time value of \a vp */ time_t rs_avp_date_value(rs_const_avp *vp); +/** Set AVP \a vp to POSIX time \a date */ int rs_avp_date_set(rs_avp *vp, time_t date); +/** Return constant pointer to octets in \a vp */ const unsigned char * rs_avp_octets_value_const_ptr(rs_const_avp *vp); +/** Return pointer to octets in \a vp */ unsigned char * rs_avp_octets_value_ptr(rs_avp *vp); +/** Retrieve octet pointer \a p and length \a len from \a vp */ int rs_avp_octets_value_byref(rs_avp *vp, unsigned char **p, size_t *len); +/** Copy octets from \a vp into \a buf and \a len */ int rs_avp_octets_value(rs_const_avp *vp, unsigned char *buf, size_t *len); +/** + * Copy octets possibly fragmented across multiple VPs + * into \a buf and \a len + */ int rs_avp_fragmented_value(rs_const_avp *vps, unsigned char *buf, size_t *len); +/** Copy \a len octets in \a buf to AVP \a vp */ int rs_avp_octets_set(rs_avp *vp, const unsigned char *buf, size_t len); +/** Return IFID value of \a vp */ int rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]); int rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]); +/** Return byte value of \a vp */ uint8_t rs_avp_byte_value(rs_const_avp *vp); +/** Set AVP \a vp to byte \a val */ int rs_avp_byte_set(rs_avp *vp, uint8_t val); +/** Return short value of \a vp */ uint16_t rs_avp_short_value(rs_const_avp *vp); +/** Set AVP \a vp to short integer \a val */ int rs_avp_short_set(rs_avp *vp, uint16_t val); +/** Display possibly \a canonical attribute name into \a buffer */ +int +rs_attr_display_name (unsigned int attr, + unsigned int vendor, + char *buffer, + size_t bufsize, + int canonical); + +/** Display AVP \a vp into \a buffer */ size_t rs_avp_display_value(rs_const_avp *vp, char *buffer, size_t buflen); int +rs_attr_parse_name (const char *name, + unsigned int *attr, + unsigned int *vendor); + +/** Lookup attribute \a name */ +int rs_attr_find(const char *name, unsigned int *attr, unsigned int *vendor); +/** Return dictionary name for AVP \a vp */ const char * rs_avp_name(rs_const_avp *vp); diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am index b57ef16..92a12cf 100644 --- a/lib/radius/Makefile.am +++ b/lib/radius/Makefile.am @@ -22,6 +22,7 @@ libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H DICTIONARIES = \ share/dictionary.txt \ + share/dictionary.juniper \ share/dictionary.microsoft \ share/dictionary.ukerna diff --git a/lib/radius/share/dictionary.juniper b/lib/radius/share/dictionary.juniper new file mode 100644 index 0000000..9aa5df4 --- /dev/null +++ b/lib/radius/share/dictionary.juniper @@ -0,0 +1,23 @@ +# -*- text -*- +# +# dictionary.juniper +# +# As posted to the list by Eric Kilfoil +# +# Version: $Id$ +# + +VENDOR Juniper 2636 + +BEGIN-VENDOR Juniper + +ATTRIBUTE Juniper-Local-User-Name 1 string +ATTRIBUTE Juniper-Allow-Commands 2 string +ATTRIBUTE Juniper-Deny-Commands 3 string +ATTRIBUTE Juniper-Allow-Configuration 4 string +ATTRIBUTE Juniper-Deny-Configuration 5 string +ATTRIBUTE Juniper-Interactive-Command 8 string +ATTRIBUTE Juniper-Configuration-Change 9 string +ATTRIBUTE Juniper-User-Permissions 10 string + +END-VENDOR Juniper diff --git a/lib/radsec.sym b/lib/radsec.sym index 5382409..f234082 100644 --- a/lib/radsec.sym +++ b/lib/radsec.sym @@ -1,4 +1,6 @@ +rs_attr_display_name rs_attr_find +rs_attr_parse_name rs_avp_alloc rs_avp_append rs_avp_attrid -- cgit v1.1 From 53dc68c8a5a3edb904ca937dada67380701f18b0 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 14 Nov 2011 22:58:53 +1100 Subject: small cleanups --- lib/avp.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/avp.c b/lib/avp.c index 5af6129..6f30d4c 100644 --- a/lib/avp.c +++ b/lib/avp.c @@ -25,14 +25,19 @@ rs_avp_free (rs_avp **vps) size_t rs_avp_length (rs_const_avp *vp) { - assert (vp != NULL); + if (vp == NULL) + return 0; + return vp->length; } rs_attr_type_t rs_avp_typeof (rs_const_avp *vp) { - return vp ? vp->da->type : RS_TYPE_INVALID; + if (vp == NULL) + return RS_TYPE_INVALID; + + return vp->da->type; } void @@ -40,6 +45,8 @@ rs_avp_attrid (rs_const_avp *vp, unsigned int *attr, unsigned int *vendor) { + assert (vp != NULL); + *attr = vp->da->attr; *vendor = vp->da->vendor; } @@ -47,7 +54,7 @@ rs_avp_attrid (rs_const_avp *vp, const char * rs_avp_name (rs_const_avp *vp) { - return vp ? vp->da->name : NULL; + return (vp != NULL) ? vp->da->name : NULL; } void @@ -127,15 +134,15 @@ rs_avp_dup (rs_const_avp *vp) } rs_avp * -rs_avp_next (rs_avp *avp) +rs_avp_next (rs_avp *vp) { - return avp ? avp->next : NULL; + return (vp != NULL) ? vp->next : NULL; } rs_const_avp * -rs_avp_next_const (rs_const_avp *avp) +rs_avp_next_const (rs_const_avp *vp) { - return avp ? avp->next : NULL; + return (vp != NULL) ? vp->next : NULL; } int -- cgit v1.1 From 42ec70d2b6c2a8a63250111e4a81b75ca554ddfa Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 1 Dec 2011 14:19:46 +1100 Subject: add MS-Windows-Group-Sid --- lib/radius/share/dictionary.ukerna | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/radius/share/dictionary.ukerna b/lib/radius/share/dictionary.ukerna index 1694566..0e35d43 100644 --- a/lib/radius/share/dictionary.ukerna +++ b/lib/radius/share/dictionary.ukerna @@ -15,5 +15,6 @@ ATTRIBUTE GSS-Acceptor-Service-Specific 130 string ATTRIBUTE GSS-Acceptor-Realm-Name 131 string ATTRIBUTE SAML-AAA-Assertion 132 string ATTRIBUTE MS-Windows-Auth-Data 133 octets +ATTRIBUTE MS-Windows-Group-Sid 134 string END-VENDOR UKERNA -- cgit v1.1 From b86f31fd4a8ee9394146d8da969c727de819df3b Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Thu, 1 Dec 2011 17:44:10 +1100 Subject: fix dangling reference to dictionary pointer --- lib/avp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/avp.c b/lib/avp.c index 6f30d4c..bdc6216 100644 --- a/lib/avp.c +++ b/lib/avp.c @@ -106,7 +106,10 @@ rs_avp_dup (rs_const_avp *vp) { rs_avp *vp2; - vp2 = nr_vp_alloc (vp->da); + if (vp->da->flags.unknown) + vp2 = nr_vp_alloc_raw (vp->da->attr, vp->da->vendor); + else + vp2 = nr_vp_alloc (vp->da); if (vp2 == NULL) return NULL; -- cgit v1.1 From efb18a601811888127be69499cf10891aa3a4c37 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 31 Mar 2012 09:22:53 +1100 Subject: Update copyright to JANET(UK) --- lib/avp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/avp.c b/lib/avp.c index bdc6216..80c6a9d 100644 --- a/lib/avp.c +++ b/lib/avp.c @@ -1,4 +1,4 @@ -/* Copyright 2011 PADL Software Pty Ltd. All rights reserved. +/* Copyright 2011 JANET(UK). All rights reserved. See the file COPYING for licensing information. */ #if defined HAVE_CONFIG_H -- cgit v1.1