1 /* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
2 See the file COPYING for licensing information. */
4 #if defined HAVE_CONFIG_H
9 #include <event2/bufferevent.h>
10 #include <radsec/radsec.h>
11 #include <radsec/radsec-impl.h>
18 #include <sys/socket.h>
19 #include <event2/buffer.h>
23 packet_verify_response (struct rs_connection *conn,
24 struct rs_packet *response,
25 struct rs_packet *request)
28 assert (conn->active_peer);
29 assert (conn->active_peer->secret);
31 assert (response->rpkt);
33 assert (request->rpkt);
35 /* Verify header and message authenticator. */
36 if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret))
39 return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
40 "rad_verify: %s", fr_strerror ());
43 /* Decode and decrypt. */
44 if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret))
47 return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
48 "rad_decode: %s", fr_strerror ());
55 /* Badly named function for preparing a RADIUS message and queue it.
58 packet_do_send (struct rs_packet *pkt)
60 VALUE_PAIR *vp = NULL;
64 assert (pkt->conn->active_peer);
65 assert (pkt->conn->active_peer->secret);
68 /* Add a Message-Authenticator, RFC 2869, if not already present. */
69 /* FIXME: Make Message-Authenticator optional? */
70 vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
72 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
73 "paircreate: %s", fr_strerror ());
74 pairreplace (&pkt->rpkt->vps, vp);
77 if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
78 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
79 "rad_encode: %s", fr_strerror ());
81 if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
82 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
83 "rad_sign: %s", fr_strerror ());
86 char host[80], serv[80];
88 getnameinfo (pkt->conn->active_peer->addr->ai_addr,
89 pkt->conn->active_peer->addr->ai_addrlen,
90 host, sizeof(host), serv, sizeof(serv),
91 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
92 rs_debug (("%s: about to send this to %s:%s:\n", __func__, host, serv));
97 /* Put message in output buffer. */
98 if (pkt->conn->bev) /* TCP. */
100 int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
101 pkt->rpkt->data_len);
103 return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
104 "bufferevent_write: %s",
105 evutil_gai_strerror (err));
109 struct rs_packet **pp = &pkt->conn->out_queue;
111 while (*pp && (*pp)->next)
115 conn_activate_timeout (pkt->conn); /* Retransmission timer. */
121 /* Public functions. */
123 rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
130 rpkt = rad_alloc (1);
132 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
133 rpkt->id = conn->nextid++;
135 p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
139 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
141 memset (p, 0, sizeof (struct rs_packet));
150 rs_packet_create_authn_request (struct rs_connection *conn,
151 struct rs_packet **pkt_out,
152 const char *user_name, const char *user_pw)
154 struct rs_packet *pkt;
155 struct rs_attr *attr;
157 if (rs_packet_create (conn, pkt_out))
160 pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
164 if (rs_attr_create (conn, &attr, "User-Name", user_name))
166 rs_packet_add_attr (pkt, attr);
170 if (rs_attr_create (conn, &attr, "User-Password", user_pw))
172 rs_packet_add_attr (pkt, attr);
180 rs_packet_add_attr (struct rs_packet *pkt, struct rs_attr *attr)
182 pairadd (&pkt->rpkt->vps, attr->vp);
186 struct radius_packet *
187 rs_packet_frpkt (struct rs_packet *pkt)
194 rs_packet_destroy (struct rs_packet *pkt)
198 // FIXME: memory leak! TODO: free all attributes
199 rad_free (&pkt->rpkt);
200 rs_free (pkt->conn->ctx, pkt);