-/* See the file COPYING for licensing information. */
+/* Copyright 2010-2011 NORDUnet A/S. All rights reserved.
+ See LICENSE for licensing information. */
-#include <time.h>
+#if defined HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdint.h>
+#include <stdlib.h>
#include <assert.h>
+#include <sys/time.h>
#include <event2/event.h>
#include <radsec/radsec.h>
#include <radsec/radsec-impl.h>
#include <radsec/request.h>
#include <radsec/request-impl.h>
-
-static int
-_rs_decrypt_mppe(struct rs_request *request, VALUE_PAIR *vp);
+#include <radius/client.h>
+#include "debug.h"
+#include "conn.h"
+#include "tcp.h"
+#include "udp.h"
+
+/* RFC 5080 2.2.1. Retransmission Behavior. */
+#define IRT 2
+#define MRC 5
+#define MRT 16
+#define MRD 30
+#define RAND 100 /* Rand factor, milliseconds. */
int
rs_request_create (struct rs_connection *conn, struct rs_request **req_out)
{
struct rs_request *req = rs_malloc (conn->ctx, sizeof(*req));
+ assert (req_out);
if (!req)
return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL);
memset (req, 0, sizeof(*req));
}
void
-rs_request_destroy (struct rs_request *request)
+rs_request_add_reqpkt (struct rs_request *req, struct rs_packet *req_msg)
{
- rs_packet_destroy (request->req);
- rs_packet_destroy (request->resp);
- rs_free (request->conn->ctx, request);
+ assert (req);
+ req->req_msg = req_msg;
}
-#if 0
-static void
-_timer_cb(evutil_socket_t fd, short what, void *arg)
-
+int
+rs_request_create_authn (struct rs_connection *conn,
+ struct rs_request **req_out,
+ const char *user_name,
+ const char *user_pw)
{
-}
-#endif
+ struct rs_request *req = NULL;
+ assert (req_out);
-static void
-_rs_req_connected(void *user_data)
-{
- struct rs_request *request = (struct rs_request *)user_data;
-}
+ if (rs_request_create (conn, &req))
+ return -1;
-static void
-_rs_req_disconnected(void *user_data)
-{
- struct rs_request *request = (struct rs_request *)user_data;
+ if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw))
+ return -1;
+
+ if (req_out)
+ *req_out = req;
+ return RSE_OK;
}
-static void
-_rs_req_packet_received(const struct rs_packet *pkt, void *user_data)
+void
+rs_request_destroy (struct rs_request *request)
{
- struct rs_request *request = (struct rs_request *)user_data;
- int err;
- VALUE_PAIR *vp;
-
assert (request);
assert (request->conn);
- assert (request->req);
+ assert (request->conn->ctx);
- err = rad_verify(pkt->rpkt, request->req->rpkt,
- pkt->conn->active_peer->secret);
- if (err)
- return;
-
- for (vp = pkt->rpkt->vps; vp != NULL; vp = vp->next)
- {
- if (VENDOR(vp->attribute) != VENDORPEC_MS)
- continue;
-
- switch (vp->attribute & 0xffff)
- {
- case PW_MS_MPPE_SEND_KEY:
- case PW_MS_MPPE_RECV_KEY:
- err = _rs_decrypt_mppe (request, vp);
- if (err)
- return;
- break;
- default:
- break;
- }
- }
-
- request->verified = 1;
+ if (request->req_msg)
+ rs_packet_destroy (request->req_msg);
+ rs_free (request->conn->ctx, request);
}
static void
-_rs_req_packet_sent(void *user_data)
+_rand_rt (struct timeval *res, uint32_t rtprev, uint32_t factor)
{
- struct rs_request *request = (struct rs_request *)user_data;
+ uint32_t ms = rtprev * (nr_rand () % factor);
+ res->tv_sec = rtprev + ms / 1000;
+ res->tv_usec = (ms % 1000) * 1000;
}
int
-rs_request_send(struct rs_request *request, struct rs_packet *req,
- struct rs_packet **resp)
+rs_request_send (struct rs_request *request, struct rs_packet **resp_msg)
{
- int err;
- VALUE_PAIR *vp;
- struct rs_connection *conn;
-
- assert (request);
- assert (request->conn);
+ int r = 0;
+ struct rs_connection *conn = NULL;
+ int count = 0;
+ struct timeval rt = {0,0};
+ struct timeval end = {0,0};
+ struct timeval now = {0,0};
+ struct timeval tmp_tv = {0,0};
+ const struct timeval mrt_tv = {MRT,0};
+
+ if (!request || !request->conn || !request->req_msg || !resp_msg)
+ return rs_err_conn_push_fl (conn, RSE_INVAL, __FILE__, __LINE__, NULL);
conn = request->conn;
+ assert (!conn_user_dispatch_p (conn)); /* This function is high level. */
- request->req = req; /* take ownership */
- request->saved_cb = conn->callbacks;
-
- conn->callbacks.connected_cb = _rs_req_connected;
- conn->callbacks.disconnected_cb = _rs_req_disconnected;
- conn->callbacks.received_cb = _rs_req_packet_received;
- conn->callbacks.sent_cb = _rs_req_packet_sent;
-
- assert(request->verified == 0);
-
- vp = paircreate(PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
- pairadd(&request->req->rpkt->vps, vp);
-
- err = rs_packet_send(request->req, request);
- if (err)
- goto cleanup;
-
- err = rs_conn_receive_packet(request->conn, resp);
- if (err)
- goto cleanup;
-
- if (!request->verified)
+ gettimeofday (&end, NULL);
+ end.tv_sec += MRD;
+ _rand_rt (&rt, IRT, RAND);
+ while (1)
{
- err = rs_err_conn_push_fl (conn, RSE_BADAUTH, __FILE__, __LINE__, NULL);
- goto cleanup;
- }
-
-cleanup:
- conn->callbacks = request->saved_cb;
- return err;
-}
+ rs_conn_set_timeout (conn, &rt);
-/*
- * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-#include <openssl/md5.h>
-
-static int
-_rs_decrypt_mppe(struct rs_request *request, VALUE_PAIR *vp)
-{
- unsigned char *key = vp->vp_octets;
- size_t len = vp->length;
- unsigned char plain[1 + MAX_STRING_LEN], *ppos = plain, *res;
- const unsigned char *pos;
- size_t left, plen;
- unsigned char hash[MD5_DIGEST_LENGTH];
- int i, first = 1;
- const unsigned char *addr[3];
- struct rs_connection *conn;
-
- assert (request);
- assert (request->conn);
- conn = request->conn;
-
- if (vp->type != PW_TYPE_OCTETS)
- return rs_err_conn_push_fl (conn, RSE_BADAUTH, __FILE__, __LINE__, NULL);
-
- pos = key + 2;
- left = len - 2;
- if (left % 16)
- return rs_err_conn_push_fl (conn, RSE_BADAUTH, __FILE__, __LINE__, NULL);
-
- plen = left;
- if (plen > MAX_STRING_LEN)
- return rs_err_conn_push_fl (conn, RSE_BADAUTH, __FILE__, __LINE__, NULL);
-
- plain[0] = 0;
-
- while (left)
- {
- MD5_CTX md5;
-
- MD5_Init (&md5);
- MD5_Update (&md5, conn->active_peer->secret,
- strlen (conn->active_peer->secret));
- if (first)
+ r = rs_packet_send (request->req_msg, NULL);
+ if (r == RSE_OK)
{
- MD5_Update (&md5, request->req->rpkt->vector, MD5_DIGEST_LENGTH);
- MD5_Update (&md5, key, 2);
- first = 0;
+ r = rs_conn_receive_packet (request->conn,
+ request->req_msg,
+ resp_msg);
+ if (r == RSE_OK)
+ break; /* Success. */
+
+ if (r != RSE_TIMEOUT_CONN && r != RSE_TIMEOUT_IO)
+ break; /* Error. */
}
- else
+ else if (r != RSE_TIMEOUT_CONN && r != RSE_TIMEOUT_IO)
+ break; /* Error. */
+
+ gettimeofday (&now, NULL);
+ if (++count > MRC || timercmp (&now, &end, >))
{
- MD5_Update (&md5, pos - MD5_DIGEST_LENGTH, MD5_DIGEST_LENGTH);
+ r = RSE_TIMEOUT;
+ break; /* Timeout. */
}
- MD5_Final (hash, &md5);
- for (i = 0; i < MD5_DIGEST_LENGTH; i++)
- *ppos++ = *pos++ ^ hash[i];
- left -= MD5_DIGEST_LENGTH;
+ /* rt = 2 * rt + rand_rt (rt, RAND); */
+ timeradd (&rt, &rt, &rt);
+ _rand_rt (&tmp_tv, IRT, RAND);
+ timeradd (&rt, &tmp_tv, &rt);
+ if (timercmp (&rt, &mrt_tv, >))
+ _rand_rt (&rt, MRT, RAND);
}
- if (plain[0] == 0 || plain[0] > plen - 1)
- return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL);
+ timerclear (&rt);
+ rs_conn_set_timeout (conn, &rt);
- memcpy (vp->vp_octets, plain + 1, plain[0]);
- vp->length = plain[0];
+ rs_debug (("%s: returning %d\n", __func__, r));
+ return r;
+}
- return RSE_OK;
+struct rs_packet *
+rs_request_get_reqmsg (const struct rs_request *request)
+{
+ assert (request);
+ return request->req_msg;
}