1 /* See the file COPYING for licensing information. */
3 #if defined HAVE_CONFIG_H
10 #include <freeradius/libradius.h>
11 #include <event2/event.h>
12 #include <event2/bufferevent.h>
13 #if defined RS_ENABLE_TLS
14 #include <event2/bufferevent_ssl.h>
15 #include <openssl/err.h>
17 #include <radsec/radsec.h>
18 #include <radsec/radsec-impl.h>
22 #include <sys/socket.h>
27 _do_send (struct rs_packet *pkt)
33 assert (!pkt->original);
35 vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
37 return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
38 "paircreate: %s", fr_strerror ());
39 pairadd (&pkt->rpkt->vps, vp);
41 if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
42 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
43 "rad_encode: %s", fr_strerror ());
44 if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
45 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
46 "rad_sign: %s", fr_strerror ());
49 char host[80], serv[80];
51 getnameinfo (pkt->conn->active_peer->addr->ai_addr,
52 pkt->conn->active_peer->addr->ai_addrlen,
53 host, sizeof(host), serv, sizeof(serv),
54 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
55 fprintf (stderr, "%s: about to send this to %s:%s:\n", __func__, host,
60 err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
63 return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
64 "bufferevent_write: %s",
65 evutil_gai_strerror(err));
70 _event_cb (struct bufferevent *bev, short events, void *ctx)
72 struct rs_packet *pkt = (struct rs_packet *)ctx;
73 struct rs_connection *conn;
75 #if defined RS_ENABLE_TLS
81 assert (pkt->conn->active_peer);
83 p = conn->active_peer;
86 if (events & BEV_EVENT_CONNECTED)
89 if (conn->callbacks.connected_cb)
90 conn->callbacks.connected_cb (conn->user_data);
92 fprintf (stderr, "%s: connected\n", __func__);
96 if (conn->callbacks.sent_cb)
97 conn->callbacks.sent_cb (conn->user_data);
98 /* Packet will be freed in write callback. */
100 else if (events & BEV_EVENT_ERROR)
102 #if defined RS_ENABLE_TLS
103 if (conn->tls_ssl) /* FIXME: correct check? */
105 for (err = bufferevent_get_openssl_error (conn->bev);
107 err = bufferevent_get_openssl_error (conn->bev))
109 fprintf (stderr, "%s: openssl error: %s\n", __func__,
110 ERR_error_string (err, NULL)); /* DEBUG, until verified that pushed errors will actually be handled */
111 rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
115 #endif /* RS_ENABLE_TLS */
116 rs_err_conn_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
117 fprintf (stderr, "%s: BEV_EVENT_ERROR\n", __func__); /* DEBUG, until verified that pushed errors will actually be handled */
122 _write_cb (struct bufferevent *bev, void *ctx)
124 struct rs_packet *pkt = (struct rs_packet *) ctx;
129 fprintf (stderr, "%s: packet written, breaking event loop\n", __func__);
131 if (event_base_loopbreak (pkt->conn->evb) < 0)
132 abort (); /* FIXME */
133 if (!pkt->conn->callbacks.sent_cb) /* Callback owns the packet now. */
134 rs_packet_destroy (pkt);
138 _read_cb (struct bufferevent *bev, void *ctx)
140 struct rs_packet *pkt = (struct rs_packet *)ctx;
146 pkt->rpkt->sockfd = pkt->conn->active_peer->fd; /* FIXME: Why? */
147 pkt->rpkt->vps = NULL; /* FIXME: Why? */
149 if (!pkt->hdr_read_flag)
151 n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN);
152 if (n == RS_HEADER_LEN)
154 pkt->hdr_read_flag = 1;
155 pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3];
156 if (pkt->rpkt->data_len < 20 /* || len > 4096 */)
157 abort (); /* FIXME: Read and discard packet. */
158 pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len);
159 if (!pkt->rpkt->data)
161 rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
163 abort (); /* FIXME: Read and discard packet. */
165 memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN);
166 bufferevent_setwatermark (pkt->conn->bev, EV_READ,
167 pkt->rpkt->data_len - RS_HEADER_LEN, 0);
169 fprintf (stderr, "%s: packet header read, total pkt len=%d\n",
170 __func__, pkt->rpkt->data_len);
174 return; /* Buffer frozen. */
176 assert (!"short header");
180 printf ("%s: trying to read %d octets of packet data\n", __func__, pkt->rpkt->data_len - RS_HEADER_LEN);
182 n = bufferevent_read (pkt->conn->bev, pkt->rpkt->data + RS_HEADER_LEN, pkt->rpkt->data_len - RS_HEADER_LEN);
184 printf ("%s: read %d octets of packet data\n", __func__, n);
186 if (n == pkt->rpkt->data_len - RS_HEADER_LEN)
188 bufferevent_disable (pkt->conn->bev, EV_READ);
189 pkt->hdr_read_flag = 0;
190 memset (pkt->hdr, 0, sizeof(*pkt->hdr));
192 fprintf (stderr, "%s: complete packet read\n", __func__);
194 if (!rad_packet_ok (pkt->rpkt, 0) != 0)
196 assert (pkt->original);
198 /* Verify header and message authenticator. */
199 if (rad_verify (pkt->rpkt, pkt->original->rpkt,
200 pkt->conn->active_peer->secret))
202 rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
203 "rad_verify: %s", fr_strerror ());
207 /* Decode and decrypt. */
208 if (rad_decode (pkt->rpkt, pkt->original->rpkt,
209 pkt->conn->active_peer->secret))
211 rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
212 "rad_decode: %s", fr_strerror ());
216 if (pkt->conn->callbacks.received_cb)
217 pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data);
219 if (event_base_loopbreak (pkt->conn->evb) < 0)
220 abort (); /* FIXME */
223 return; /* Buffer frozen. */
225 assert (!"short packet");
229 _evlog_cb (int severity, const char *msg)
234 case _EVENT_LOG_DEBUG:
235 #if !defined (DEBUG_LEVENT)
243 case _EVENT_LOG_WARN:
253 fprintf (stderr, "libevent: [%s] %s\n", sevstr, msg);
257 _init_evb (struct rs_connection *conn)
262 event_enable_debug_mode ();
264 event_set_log_callback (_evlog_cb);
265 conn->evb = event_base_new ();
267 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
274 _init_socket (struct rs_connection *conn, struct rs_peer *p)
280 p->fd = socket (p->addr->ai_family, p->addr->ai_socktype,
281 p->addr->ai_protocol);
283 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
285 if (evutil_make_socket_nonblocking (p->fd) < 0)
287 evutil_closesocket (p->fd);
288 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
294 static struct rs_peer *
295 _pick_peer (struct rs_connection *conn)
297 if (!conn->active_peer)
298 conn->active_peer = conn->peers;
299 return conn->active_peer;
303 _init_bev (struct rs_connection *conn, struct rs_peer *peer)
310 case RS_CONN_TYPE_UDP:
311 case RS_CONN_TYPE_TCP:
312 conn->bev = bufferevent_socket_new (conn->evb, peer->fd, 0);
314 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
315 "bufferevent_socket_new");
317 #if defined RS_ENABLE_TLS
318 case RS_CONN_TYPE_TLS:
319 if (rs_tls_init (conn))
321 /* Would be convenient to pass BEV_OPT_CLOSE_ON_FREE but things
322 seem to break when be_openssl_ctrl() (in libevent) calls
323 SSL_set_bio() after BIO_new_socket() with flag=1. */
325 bufferevent_openssl_socket_new (conn->evb, peer->fd, conn->tls_ssl,
326 BUFFEREVENT_SSL_CONNECTING, 0);
328 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
329 "bufferevent_openssl_socket_new");
332 case RS_CONN_TYPE_DTLS:
333 return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__,
334 "%s: NYI", __func__);
335 #endif /* RS_ENABLE_TLS */
337 return rs_err_conn_push_fl (conn, RSE_INTERNAL, __FILE__, __LINE__,
338 "%s: unknown connection type: %d", __func__,
346 _do_connect (struct rs_peer *p)
350 err = bufferevent_socket_connect (p->conn->bev, p->addr->ai_addr,
351 p->addr->ai_addrlen);
353 rs_err_conn_push_fl (p->conn, RSE_EVENT, __FILE__, __LINE__,
354 "bufferevent_socket_connect: %s",
355 evutil_gai_strerror(err));
357 p->is_connecting = 1;
361 _conn_open(struct rs_connection *conn, struct rs_packet *pkt)
365 if (_init_evb (conn))
368 p = _pick_peer (conn);
370 return rs_err_conn_push_fl (conn, RSE_NOPEER, __FILE__, __LINE__, NULL);
372 if (_init_socket (conn, p))
375 if (_init_bev (conn, p))
378 if (!p->is_connected)
379 if (!p->is_connecting)
386 _conn_is_open_p (struct rs_connection *conn)
388 return conn->active_peer && conn->active_peer->is_connected;
391 /* Public functions. */
393 rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
400 rpkt = rad_alloc (1);
402 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
403 rpkt->id = conn->nextid++;
405 p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
409 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
411 memset (p, 0, sizeof (struct rs_packet));
420 rs_packet_create_auth_request (struct rs_connection *conn,
421 struct rs_packet **pkt_out,
422 const char *user_name, const char *user_pw)
424 struct rs_packet *pkt;
425 struct rs_attr *attr;
427 if (rs_packet_create (conn, pkt_out))
430 pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
434 if (rs_attr_create (conn, &attr, "User-Name", user_name))
436 rs_packet_add_attr (pkt, attr);
440 if (rs_attr_create (conn, &attr, "User-Password", user_pw))
442 rs_packet_add_attr (pkt, attr);
450 rs_packet_send (struct rs_packet *pkt, void *user_data)
452 struct rs_connection *conn;
457 if (_conn_is_open_p (conn))
460 if (_conn_open (conn, pkt))
465 assert (conn->active_peer);
466 assert (conn->active_peer->fd >= 0);
468 conn->user_data = user_data;
469 bufferevent_setcb (conn->bev, _read_cb, _write_cb, _event_cb, pkt);
470 if (!conn->user_dispatch_flag)
471 event_base_dispatch (conn->evb);
474 fprintf (stderr, "%s: event loop done\n", __func__);
475 assert (event_base_got_break(conn->evb));
482 rs_conn_receive_packet (struct rs_connection *conn,
483 struct rs_packet *request,
484 struct rs_packet **pkt_out)
486 struct rs_packet *pkt;
490 if (rs_packet_create (conn, pkt_out))
494 pkt->original = request;
496 if (_conn_open (conn, pkt))
500 assert (conn->active_peer);
501 assert (conn->active_peer->fd >= 0);
503 bufferevent_setwatermark (conn->bev, EV_READ, RS_HEADER_LEN, 0);
504 bufferevent_enable (conn->bev, EV_READ);
505 bufferevent_setcb (conn->bev, _read_cb, _write_cb, _event_cb, pkt);
507 if (!conn->user_dispatch_flag)
509 event_base_dispatch (conn->evb);
511 fprintf (stderr, "%s: event loop done", __func__);
512 if (event_base_got_break(conn->evb))
514 fprintf (stderr, ", got this:\n");
515 rs_dump_packet (pkt);
518 fprintf (stderr, ", no reply\n");
522 pkt->original = NULL;
528 rs_packet_add_attr(struct rs_packet *pkt, struct rs_attr *attr)
530 pairadd (&pkt->rpkt->vps, attr->vp);
534 struct radius_packet *
535 rs_packet_frpkt(struct rs_packet *pkt)
542 rs_packet_destroy(struct rs_packet *pkt)
546 // FIXME: memory leak! TODO: free all attributes
547 rad_free (&pkt->rpkt);
548 rs_free (pkt->conn->ctx, pkt);