/* See the file COPYING for licensing information. */
+#if defined HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <freeradius/libradius.h>
#include <event2/event.h>
#include <event2/bufferevent.h>
+#if defined RS_ENABLE_TLS
+#include <event2/bufferevent_ssl.h>
+#include <openssl/err.h>
+#endif
#include <radsec/radsec.h>
#include <radsec/radsec-impl.h>
+#include "tls.h"
#if defined DEBUG
#include <netdb.h>
#include <sys/socket.h>
#endif
static int
-_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
-{
- struct rs_packet *p;
- RADIUS_PACKET *rpkt;
-
- *pkt_out = NULL;
-
- rpkt = rad_alloc (1);
- if (!rpkt)
- return rs_err_conn_push (conn, RSE_NOMEM, __func__);
- rpkt->id = conn->nextid++;
-
- p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
- if (!p)
- {
- rad_free (&rpkt);
- return rs_err_conn_push (conn, RSE_NOMEM, __func__);
- }
- memset (p, 0, sizeof (struct rs_packet));
- p->conn = conn;
- p->rpkt = rpkt;
-
- *pkt_out = p;
- return RSE_OK;
-}
-
-static int
_do_send (struct rs_packet *pkt)
{
int err;
vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
if (!vp)
return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
- "rad_encode: %s", fr_strerror ());
+ "paircreate: %s", fr_strerror ());
pairadd (&pkt->rpkt->vps, vp);
if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
struct rs_packet *pkt = (struct rs_packet *)ctx;
struct rs_connection *conn;
struct rs_peer *p;
- int err;
+#if defined RS_ENABLE_TLS
+ unsigned long err;
+#endif
assert (pkt);
assert (pkt->conn);
p->is_connected = 1;
if (conn->callbacks.connected_cb)
conn->callbacks.connected_cb (conn->user_data);
-
#if defined (DEBUG)
fprintf (stderr, "%s: connected\n", __func__);
#endif
/* Packet will be freed in write callback. */
}
else if (events & BEV_EVENT_ERROR)
- rs_err_conn_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
+ {
+#if defined RS_ENABLE_TLS
+ if (conn->tls_ssl) /* FIXME: correct check? */
+ {
+ for (err = bufferevent_get_openssl_error (conn->bev);
+ err;
+ err = bufferevent_get_openssl_error (conn->bev))
+ {
+ fprintf (stderr, "%s: openssl error: %s\n", __func__,
+ ERR_error_string (err, NULL)); /* DEBUG, until verified that pushed errors will actually be handled */
+ rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
+ "%d", err);
+ }
+ }
+#endif /* RS_ENABLE_TLS */
+ rs_err_conn_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
+ fprintf (stderr, "%s: BEV_EVENT_ERROR\n", __func__); /* DEBUG, until verified that pushed errors will actually be handled */
+ }
}
static void
static int
_init_bev (struct rs_connection *conn, struct rs_peer *peer)
{
- if (!conn->bev)
+ if (conn->bev)
+ return RSE_OK;
+
+ switch (conn->type)
{
+ case RS_CONN_TYPE_UDP:
+ case RS_CONN_TYPE_TCP:
conn->bev = bufferevent_socket_new (conn->evb, peer->fd, 0);
if (!conn->bev)
return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
"bufferevent_socket_new");
+ break;
+#if defined RS_ENABLE_TLS
+ case RS_CONN_TYPE_TLS:
+ if (rs_tls_init (conn))
+ return -1;
+ /* Would be convenient to pass BEV_OPT_CLOSE_ON_FREE but things
+ seem to break when be_openssl_ctrl() (in libevent) calls
+ SSL_set_bio() after BIO_new_socket() with flag=1. */
+ conn->bev =
+ bufferevent_openssl_socket_new (conn->evb, peer->fd, conn->tls_ssl,
+ BUFFEREVENT_SSL_CONNECTING, 0);
+ if (!conn->bev)
+ return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
+ "bufferevent_openssl_socket_new");
+
+ break;
+ case RS_CONN_TYPE_DTLS:
+ return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__,
+ "%s: NYI", __func__);
+#endif /* RS_ENABLE_TLS */
+ default:
+ return rs_err_conn_push_fl (conn, RSE_INTERNAL, __FILE__, __LINE__,
+ "%s: unknown connection type: %d", __func__,
+ conn->type);
}
+
return RSE_OK;
}
/* Public functions. */
int
-rs_packet_create_acc_request (struct rs_connection *conn,
- struct rs_packet **pkt_out,
- const char *user_name, const char *user_pw)
+rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
+{
+ struct rs_packet *p;
+ RADIUS_PACKET *rpkt;
+
+ *pkt_out = NULL;
+
+ rpkt = rad_alloc (1);
+ if (!rpkt)
+ return rs_err_conn_push (conn, RSE_NOMEM, __func__);
+ rpkt->id = conn->nextid++;
+
+ p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
+ if (!p)
+ {
+ rad_free (&rpkt);
+ return rs_err_conn_push (conn, RSE_NOMEM, __func__);
+ }
+ memset (p, 0, sizeof (struct rs_packet));
+ p->conn = conn;
+ p->rpkt = rpkt;
+
+ *pkt_out = p;
+ return RSE_OK;
+}
+
+int
+rs_packet_create_auth_request (struct rs_connection *conn,
+ struct rs_packet **pkt_out,
+ const char *user_name, const char *user_pw)
{
struct rs_packet *pkt;
struct rs_attr *attr;
- if (_packet_create (conn, pkt_out))
+ if (rs_packet_create (conn, pkt_out))
return -1;
pkt = *pkt_out;
pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
{
if (rs_attr_create (conn, &attr, "User-Password", user_pw))
return -1;
- /* FIXME: need this too? rad_pwencode(user_pw, &pwlen, SECRET, reqauth) */
rs_packet_add_attr (pkt, attr);
}
}
assert (conn);
- if (_packet_create (conn, pkt_out))
+ if (rs_packet_create (conn, pkt_out))
return -1;
pkt = *pkt_out;
pkt->conn = conn;
{
if (pkt)
{
- // TODO: free all attributes
+ // FIXME: memory leak! TODO: free all attributes
rad_free (&pkt->rpkt);
rs_free (pkt->conn->ctx, pkt);
}
projects / radsecproxy.git / blobdiff