1 /* Copyright 2011 NORDUnet A/S. All rights reserved.
2 See the file COPYING for licensing information. */
4 #if defined HAVE_CONFIG_H
9 #include <event2/event.h>
10 #include <event2/bufferevent.h>
11 #if defined (RS_ENABLE_TLS)
12 #include <event2/bufferevent_ssl.h>
13 #include <openssl/err.h>
15 #include <radsec/radsec.h>
16 #include <radsec/radsec-impl.h>
23 #include <event2/buffer.h>
27 _close_conn (struct rs_connection **connp)
32 r = rs_conn_destroy (*connp);
38 /* Read one RADIUS packet header. Return !0 on error. A return value
39 of 0 means that we need more data. */
41 _read_header (struct rs_packet *pkt)
45 n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN);
46 if (n == RS_HEADER_LEN)
48 pkt->hdr_read_flag = 1;
49 pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3];
50 if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096)
52 _close_conn (&pkt->conn);
53 return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT,
54 "invalid packet length: %d",
57 pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len);
60 _close_conn (&pkt->conn);
61 return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
64 memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN);
65 bufferevent_setwatermark (pkt->conn->bev, EV_READ,
66 pkt->rpkt->data_len - RS_HEADER_LEN, 0);
67 rs_debug (("%s: packet header read, total pkt len=%d\n",
68 __func__, pkt->rpkt->data_len));
72 rs_debug (("%s: buffer frozen while reading header\n", __func__));
74 else /* Error: libevent gave us less than the low watermark. */
76 _close_conn (&pkt->conn);
77 return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__,
78 "got %d octets reading header", n);
85 _read_packet (struct rs_packet *pkt)
89 rs_debug (("%s: trying to read %d octets of packet data\n", __func__,
90 pkt->rpkt->data_len - RS_HEADER_LEN));
92 n = bufferevent_read (pkt->conn->bev,
93 pkt->rpkt->data + RS_HEADER_LEN,
94 pkt->rpkt->data_len - RS_HEADER_LEN);
96 rs_debug (("%s: read %ld octets of packet data\n", __func__, n));
98 if (n == pkt->rpkt->data_len - RS_HEADER_LEN)
100 bufferevent_disable (pkt->conn->bev, EV_READ);
101 rs_debug (("%s: complete packet read\n", __func__));
102 pkt->hdr_read_flag = 0;
103 memset (pkt->hdr, 0, sizeof(*pkt->hdr));
105 /* Checks done by rad_packet_ok:
106 - lenghts (FIXME: checks really ok for tcp?)
108 - attribute lengths >= 2
109 - attribute sizes adding up correctly */
110 if (!rad_packet_ok (pkt->rpkt, 0) != 0)
112 _close_conn (&pkt->conn);
113 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
114 "invalid packet: %s", fr_strerror ());
117 /* TODO: Verify that reception of an unsolicited response packet
118 results in connection being closed. */
120 /* If we have a request to match this response against, verify
121 and decode the response. */
124 /* Verify header and message authenticator. */
125 if (rad_verify (pkt->rpkt, pkt->original->rpkt,
126 pkt->conn->active_peer->secret))
128 _close_conn (&pkt->conn);
129 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
130 "rad_verify: %s", fr_strerror ());
133 /* Decode and decrypt. */
134 if (rad_decode (pkt->rpkt, pkt->original->rpkt,
135 pkt->conn->active_peer->secret))
137 _close_conn (&pkt->conn);
138 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
139 "rad_decode: %s", fr_strerror ());
144 /* Find out what happens if there's data left in the buffer. */
147 rest = evbuffer_get_length (bufferevent_get_input (pkt->conn->bev));
149 rs_debug (("%s: returning with %d octets left in buffer\n", __func__,
154 /* Hand over message to user, changes ownership of pkt. Don't
155 touch it afterwards -- it might have been freed. */
156 if (pkt->conn->callbacks.received_cb)
157 pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data);
159 else if (n < 0) /* Buffer frozen. */
160 rs_debug (("%s: buffer frozen when reading packet\n", __func__));
161 else /* Short packet. */
162 rs_debug (("%s: waiting for another %d octets\n", __func__,
163 pkt->rpkt->data_len - RS_HEADER_LEN - n));
168 /* Read callback for TCP.
170 Read exactly one RADIUS message from BEV and store it in struct
171 rs_packet passed in CTX (hereby called 'pkt').
173 Verify the received packet against pkt->original, if !NULL.
175 Inform upper layer about successful reception of valid RADIUS
176 message by invoking conn->callbacks.recevied_cb(), if !NULL. */
178 tcp_read_cb (struct bufferevent *bev, void *user_data)
180 struct rs_packet *pkt = (struct rs_packet *) user_data;
186 pkt->rpkt->sockfd = pkt->conn->fd;
187 pkt->rpkt->vps = NULL;
189 if (!pkt->hdr_read_flag)
190 if (_read_header (pkt))
196 tcp_event_cb (struct bufferevent *bev, short events, void *user_data)
198 struct rs_packet *pkt = (struct rs_packet *) user_data;
199 struct rs_connection *conn = NULL;
200 struct rs_peer *p = NULL;
202 #if defined (RS_ENABLE_TLS)
203 unsigned long tlserr = 0;
208 assert (pkt->conn->active_peer);
210 p = conn->active_peer;
212 conn->is_connecting = 0;
213 if (events & BEV_EVENT_CONNECTED)
215 event_on_connect (conn, pkt);
217 else if (events & BEV_EVENT_EOF)
219 event_on_disconnect (conn);
221 else if (events & BEV_EVENT_TIMEOUT)
223 rs_debug (("%s: %p times out on %s\n", __func__, p,
224 (events & BEV_EVENT_READING) ? "read" : "write"));
225 rs_err_conn_push_fl (pkt->conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL);
227 else if (events & BEV_EVENT_ERROR)
229 sockerr = evutil_socket_geterror (conn->active_peer->fd);
230 if (sockerr == 0) /* FIXME: True that errno == 0 means closed? */
232 event_on_disconnect (conn);
236 rs_debug (("%s: %d: %d (%s)\n", __func__, conn->fd, sockerr,
237 evutil_socket_error_to_string (sockerr)));
238 rs_err_conn_push_fl (pkt->conn, RSE_SOCKERR, __FILE__, __LINE__,
239 "%d: %d (%s)", conn->fd, sockerr,
240 evutil_socket_error_to_string (sockerr));
242 #if defined (RS_ENABLE_TLS)
243 if (conn->tls_ssl) /* FIXME: correct check? */
245 for (tlserr = bufferevent_get_openssl_error (conn->bev);
247 tlserr = bufferevent_get_openssl_error (conn->bev))
249 rs_debug (("%s: openssl error: %s\n", __func__,
250 ERR_error_string (tlserr, NULL)));
251 rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
252 ERR_error_string (tlserr, NULL));
255 #endif /* RS_ENABLE_TLS */
256 event_loopbreak (conn);
260 if (events & BEV_EVENT_ERROR && events != BEV_EVENT_ERROR)
261 rs_debug (("%s: BEV_EVENT_ERROR and more: 0x%x\n", __func__, events));
266 tcp_write_cb (struct bufferevent *bev, void *ctx)
268 struct rs_packet *pkt = (struct rs_packet *) ctx;
273 if (pkt->conn->callbacks.sent_cb)
274 pkt->conn->callbacks.sent_cb (pkt->conn->user_data);