-#include <string.h>
+/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
+ See the file COPYING for licensing information. */
+
+#if defined HAVE_CONFIG_H
+#include <config.h>
+#endif
+
#include <assert.h>
-#include <freeradius/libradius.h>
-#include <event2/event.h>
#include <event2/bufferevent.h>
-#include "libradsec.h"
-#include "libradsec-impl.h"
-#if defined DEBUG
+#include <radsec/radsec.h>
+#include <radsec/radsec-impl.h>
+#include "conn.h"
#include "debug.h"
+#include "packet.h"
+
+#if defined (DEBUG)
+#include <netdb.h>
+#include <sys/socket.h>
+#include <event2/buffer.h>
#endif
int
-_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out,
- int code)
+packet_verify_response (struct rs_connection *conn,
+ struct rs_packet *response,
+ struct rs_packet *request)
{
- struct rs_packet *p;
- RADIUS_PACKET *rpkt;
-
- *pkt_out = NULL;
-
- rpkt = rad_alloc (1);
- if (!rpkt)
- return rs_conn_err_push (conn, RSE_NOMEM, __func__);
- rpkt->id = -1;
- rpkt->code = code;
+ assert (conn);
+ assert (conn->active_peer);
+ assert (conn->active_peer->secret);
+ assert (response);
+ assert (response->rpkt);
+ assert (request);
+ assert (request->rpkt);
+
+ /* Verify header and message authenticator. */
+ if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret))
+ {
+ conn_close (&conn);
+ return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
+ "rad_verify: %s", fr_strerror ());
+ }
- p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
- if (!p)
+ /* Decode and decrypt. */
+ if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret))
{
- rad_free (&rpkt);
- return rs_conn_err_push (conn, RSE_NOMEM, __func__);
+ conn_close (&conn);
+ return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
+ "rad_decode: %s", fr_strerror ());
}
- memset (p, 0, sizeof (struct rs_packet));
- p->conn = conn;
- p->rpkt = rpkt;
- *pkt_out = p;
return RSE_OK;
}
-int
-rs_packet_create_acc_request (struct rs_connection *conn,
- struct rs_packet **pkt_out,
- const char *user_name, const char *user_pw)
-{
- struct rs_packet *pkt;
- struct rs_attr *attr;
-
- if (_packet_create (conn, pkt_out, PW_AUTHENTICATION_REQUEST))
- return -1;
- pkt = *pkt_out;
-
- if (rs_attr_create (conn, &attr, "User-Name", user_name))
- return -1;
- rs_packet_add_attr (pkt, attr);
-
- if (rs_attr_create (conn, &attr, "User-Password", user_pw))
- return -1;
- /* FIXME: need this too? rad_pwencode(user_pw, &pwlen, SECRET, reqauth) */
- rs_packet_add_attr (pkt, attr);
-
- return RSE_OK;
-}
-static void
-_event_cb (struct bufferevent *bev, short events, void *ctx)
+/* Badly named function for preparing a RADIUS message and queue it.
+ FIXME: Rename. */
+int
+packet_do_send (struct rs_packet *pkt)
{
- struct rs_packet *pkt = (struct rs_packet *) ctx;
- struct rs_connection *conn;
- struct rs_peer *p;
+ VALUE_PAIR *vp = NULL;
assert (pkt);
assert (pkt->conn);
assert (pkt->conn->active_peer);
- conn = pkt->conn;
- p = conn->active_peer;
-
- p->is_connecting = 0;
- if (events & BEV_EVENT_CONNECTED)
- {
- p->is_connected = 1;
-#if defined (DEBUG)
- fprintf (stderr, "%s: connected\n", __func__);
-#endif
- rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret);
-#if defined (DEBUG)
- fprintf (stderr, "%s: about to send this to %s:\n", __func__, "<fixme>");
- rs_dump_packet (pkt);
-#endif
- if (bufferevent_write(bev, pkt->rpkt->data, pkt->rpkt->data_len))
- rs_conn_err_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
- "bufferevent_write");
- /* Packet will be freed in write callback. */
- }
- else if (events & BEV_EVENT_ERROR)
- rs_conn_err_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
-}
-
-void
-rs_packet_destroy(struct rs_packet *pkt)
-{
- rad_free (&pkt->rpkt);
- rs_free (pkt->conn->ctx, pkt);
-}
-
-static void
-_write_cb (struct bufferevent *bev, void *ctx)
-{
- struct rs_packet *pkt = (struct rs_packet *) ctx;
+ assert (pkt->conn->active_peer->secret);
+ assert (pkt->rpkt);
- assert (pkt);
- assert (pkt->conn);
+ /* Add a Message-Authenticator, RFC 2869, if not already present. */
+ /* FIXME: Make Message-Authenticator optional? */
+ vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
+ if (!vp)
+ return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
+ "paircreate: %s", fr_strerror ());
+ pairreplace (&pkt->rpkt->vps, vp);
+
+ /* Encode message. */
+ if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
+ return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
+ "rad_encode: %s", fr_strerror ());
+ /* Sign message. */
+ if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
+ return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
+ "rad_sign: %s", fr_strerror ());
#if defined (DEBUG)
- fprintf (stderr, "%s: packet written, breaking event loop\n", __func__);
+ {
+ char host[80], serv[80];
+
+ getnameinfo (pkt->conn->active_peer->addr_cache->ai_addr,
+ pkt->conn->active_peer->addr_cache->ai_addrlen,
+ host, sizeof(host), serv, sizeof(serv),
+ 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
+ rs_debug (("%s: about to send this to %s:%s:\n", __func__, host, serv));
+ rs_dump_packet (pkt);
+ }
#endif
- if (event_base_loopbreak (pkt->conn->evb) < 0)
- abort (); /* FIXME */
- rs_packet_destroy (pkt);
-}
-static int
-_init_evb (struct rs_connection *conn)
-{
- if (!conn->evb)
+ /* Put message in output buffer. */
+ if (pkt->conn->bev) /* TCP. */
{
-#if defined (DEBUG)
- event_enable_debug_mode ();
-#endif
- conn->evb = event_base_new ();
- if (!conn->evb)
- return rs_conn_err_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
- "event_base_new");
+ int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
+ pkt->rpkt->data_len);
+ if (err < 0)
+ return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
+ "bufferevent_write: %s",
+ evutil_gai_strerror (err));
}
- return RSE_OK;
-}
-
-static int
-_init_socket (struct rs_connection *conn, struct rs_peer *p)
-{
- if (p->s < 0)
+ else /* UDP. */
{
- assert (p->addr);
- p->s = socket (p->addr->ai_family, p->addr->ai_socktype,
- p->addr->ai_protocol);
- if (p->s < 0)
- return rs_conn_err_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
- strerror (errno));
- }
- return RSE_OK;
-}
+ struct rs_packet **pp = &pkt->conn->out_queue;
-static struct rs_peer *
-_pick_peer (struct rs_connection *conn)
-{
- if (!conn->active_peer)
- conn->active_peer = conn->peers;
- return conn->active_peer;
-}
-
-static int
-_init_bev (struct rs_connection *conn, struct rs_peer *peer,
- struct rs_packet *pkt)
-{
- if (!conn->bev)
- {
- conn->bev = bufferevent_socket_new (conn->evb, peer->s, 0);
- if (!conn->bev)
- return rs_conn_err_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
- "bufferevent_socket_new");
- bufferevent_setcb (conn->bev, NULL, _write_cb, _event_cb, pkt);
+ while (*pp && (*pp)->next)
+ *pp = (*pp)->next;
+ *pp = pkt;
}
+
return RSE_OK;
}
-static void
-_do_connect (struct rs_peer *p)
+/* Public functions. */
+int
+rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
{
- if (bufferevent_socket_connect (p->conn->bev, p->addr->ai_addr,
- p->addr->ai_addrlen) < 0)
- rs_conn_err_push_fl (p->conn, RSE_EVENT, __FILE__, __LINE__,
- "bufferevent_socket_connect");
- else
- p->is_connecting = 1;
-}
+ struct rs_packet *p;
+ RADIUS_PACKET *rpkt;
-static int
-_conn_open(struct rs_connection *conn, struct rs_packet *pkt)
-{
- struct rs_peer *p;
+ *pkt_out = NULL;
- if (_init_evb (conn))
- return -1;
+ rpkt = rad_alloc (1);
+ if (!rpkt)
+ return rs_err_conn_push (conn, RSE_NOMEM, __func__);
+ rpkt->id = conn->nextid++;
- p = _pick_peer (conn);
+ p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
if (!p)
- return rs_conn_err_push_fl (conn, RSE_NOPEER, __FILE__, __LINE__, NULL);
-
- if (_init_socket (conn, p))
- return -1;
-
- if (_init_bev (conn, p, pkt))
- return -1;
-
- if (!p->is_connected)
- if (!p->is_connecting)
- _do_connect (p);
+ {
+ rad_free (&rpkt);
+ return rs_err_conn_push (conn, RSE_NOMEM, __func__);
+ }
+ memset (p, 0, sizeof (struct rs_packet));
+ p->conn = conn;
+ p->rpkt = rpkt;
+ *pkt_out = p;
return RSE_OK;
}
int
-rs_packet_send (struct rs_connection *conn, struct rs_packet *pkt, void *data)
+rs_packet_create_authn_request (struct rs_connection *conn,
+ struct rs_packet **pkt_out,
+ const char *user_name, const char *user_pw)
{
- assert (conn);
- assert (pkt->rpkt);
- if (_conn_open (conn, pkt))
+ struct rs_packet *pkt;
+ VALUE_PAIR *vp = NULL;
+
+ if (rs_packet_create (conn, pkt_out))
return -1;
- assert (conn->evb);
- assert (conn->bev);
- assert (conn->active_peer);
- assert (conn->active_peer->s >= 0);
- event_base_dispatch (conn->evb);
-#if defined (DEBUG)
- fprintf (stderr, "%s: event loop done\n", __func__);
- assert (event_base_got_break(conn->evb));
-#endif
+ pkt = *pkt_out;
+ pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
+
+ if (user_name)
+ {
+ vp = pairmake ("User-Name", user_name, T_OP_EQ);
+ if (vp == NULL)
+ return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
+ "pairmake: %s", fr_strerror ());
+ pairadd (&pkt->rpkt->vps, vp);
+ }
+
+ if (user_pw)
+ {
+ vp = pairmake ("User-Password", user_pw, T_OP_EQ);
+ if (vp == NULL)
+ return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
+ "pairmake: %s", fr_strerror ());
+ pairadd (&pkt->rpkt->vps, vp);
+ }
return RSE_OK;
}
-int rs_packet_receive(struct rs_connection *conn, struct rs_packet **pkt)
+struct radius_packet *
+rs_packet_frpkt (struct rs_packet *pkt)
{
- //struct bufferevent *bev;
-
- //skalleper;
- //bufferevent_enable(bev, EV_READ);
- return 0; /* FIXME */
+ assert (pkt);
+ return pkt->rpkt;
}
-
void
-rs_packet_add_attr(struct rs_packet *pkt, struct rs_attr *attr)
+rs_packet_destroy (struct rs_packet *pkt)
{
- pairadd (&pkt->rpkt->vps, attr->vp);
- attr->pkt = pkt;
-}
+ assert (pkt);
+ assert (pkt->conn);
+ assert (pkt->conn->ctx);
+ rad_free (&pkt->rpkt); /* Note: This frees the VALUE_PAIR's too. */
+ rs_free (pkt->conn->ctx, pkt);
+}
projects / radsecproxy.git / blobdiff