/* Copyright 2011 NORDUnet A/S. All rights reserved.
- See the file COPYING for licensing information. */
+ See LICENSE for licensing information. */
#if defined HAVE_CONFIG_H
#include <config.h>
#include <event2/bufferevent_ssl.h>
#include <openssl/err.h>
#endif
+#include <radius/client.h>
#include <radsec/radsec.h>
#include <radsec/radsec-impl.h>
#include "tcp.h"
-#include "packet.h"
+#include "message.h"
+#include "conn.h"
#include "debug.h"
#include "event.h"
#include <event2/buffer.h>
#endif
-static void
-_conn_timeout_cb (int fd, short event, void *data)
-{
- struct rs_connection *conn;
-
- assert (data);
- conn = (struct rs_connection *) data;
-
- if (event & EV_TIMEOUT)
- {
- rs_debug (("%s: connection timeout on %p (fd %d) connecting to %p\n",
- __func__, conn, conn->fd, conn->active_peer));
- conn->is_connecting = 0;
- rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL);
- event_loopbreak (conn);
- }
-}
-
+/** Read one RADIUS message header. Return !0 on error. */
static int
-_close_conn (struct rs_connection **connp)
-{
- int r;
- assert (connp);
- assert (*connp);
- r = rs_conn_destroy (*connp);
- if (!r)
- *connp = NULL;
- return r;
-}
-
-/* Read one RADIUS packet header. Return !0 on error. A return value
- of 0 means that we need more data. */
-static int
-_read_header (struct rs_packet *pkt)
+_read_header (struct rs_message *msg)
{
size_t n = 0;
- n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN);
+ n = bufferevent_read (msg->conn->bev, msg->hdr, RS_HEADER_LEN);
if (n == RS_HEADER_LEN)
{
- pkt->hdr_read_flag = 1;
- pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3];
- if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096)
+ msg->flags |= RS_MESSAGE_HEADER_READ;
+ msg->rpkt->length = (msg->hdr[2] << 8) + msg->hdr[3];
+ if (msg->rpkt->length < 20 || msg->rpkt->length > RS_MAX_PACKET_LEN)
{
- _close_conn (&pkt->conn);
- return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT,
- "invalid packet length: %d",
- pkt->rpkt->data_len);
+ conn_close (&msg->conn);
+ return rs_err_conn_push (msg->conn, RSE_INVALID_MSG,
+ "invalid message length: %d",
+ msg->rpkt->length);
}
- pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len);
- if (!pkt->rpkt->data)
- {
- _close_conn (&pkt->conn);
- return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
- NULL);
- }
- memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN);
- bufferevent_setwatermark (pkt->conn->bev, EV_READ,
- pkt->rpkt->data_len - RS_HEADER_LEN, 0);
- rs_debug (("%s: packet header read, total pkt len=%d\n",
- __func__, pkt->rpkt->data_len));
+ memcpy (msg->rpkt->data, msg->hdr, RS_HEADER_LEN);
+ bufferevent_setwatermark (msg->conn->bev, EV_READ,
+ msg->rpkt->length - RS_HEADER_LEN, 0);
+ rs_debug (("%s: message header read, total msg len=%d\n",
+ __func__, msg->rpkt->length));
}
else if (n < 0)
{
}
else /* Error: libevent gave us less than the low watermark. */
{
- _close_conn (&pkt->conn);
- return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__,
+ conn_close (&msg->conn);
+ return rs_err_conn_push_fl (msg->conn, RSE_INTERNAL, __FILE__, __LINE__,
"got %d octets reading header", n);
}
return 0;
}
+/** Read a message, check that it's valid RADIUS and hand it off to
+ registered user callback.
+
+ The message is read from the bufferevent associated with \a msg and
+ the data is stored in \a msg->rpkt.
+
+ Return 0 on success and !0 on failure. */
static int
-_read_packet (struct rs_packet *pkt)
+_read_message (struct rs_message *msg)
{
size_t n = 0;
+ int err;
- rs_debug (("%s: trying to read %d octets of packet data\n", __func__,
- pkt->rpkt->data_len - RS_HEADER_LEN));
+ rs_debug (("%s: trying to read %d octets of message data\n", __func__,
+ msg->rpkt->length - RS_HEADER_LEN));
- n = bufferevent_read (pkt->conn->bev,
- pkt->rpkt->data + RS_HEADER_LEN,
- pkt->rpkt->data_len - RS_HEADER_LEN);
+ n = bufferevent_read (msg->conn->bev,
+ msg->rpkt->data + RS_HEADER_LEN,
+ msg->rpkt->length - RS_HEADER_LEN);
- rs_debug (("%s: read %ld octets of packet data\n", __func__, n));
+ rs_debug (("%s: read %ld octets of message data\n", __func__, n));
- if (n == pkt->rpkt->data_len - RS_HEADER_LEN)
+ if (n == msg->rpkt->length - RS_HEADER_LEN)
{
- bufferevent_disable (pkt->conn->bev, EV_READ);
- rs_debug (("%s: complete packet read\n", __func__));
- pkt->hdr_read_flag = 0;
- memset (pkt->hdr, 0, sizeof(*pkt->hdr));
+ bufferevent_disable (msg->conn->bev, EV_READ);
+ rs_debug (("%s: complete message read\n", __func__));
+ msg->flags &= ~RS_MESSAGE_HEADER_READ;
+ memset (msg->hdr, 0, sizeof(*msg->hdr));
- /* Checks done by rad_packet_ok:
+ /* Checks done by nr_packet_ok:
- lenghts (FIXME: checks really ok for tcp?)
- invalid code field
- attribute lengths >= 2
- attribute sizes adding up correctly */
- if (!rad_packet_ok (pkt->rpkt, 0) != 0)
- {
- _close_conn (&pkt->conn);
- return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
- "invalid packet: %s", fr_strerror ());
- }
-
- /* TODO: Verify that reception of an unsolicited response packet
- results in connection being closed. */
-
- /* If we have a request to match this response against, verify
- and decode the response. */
- if (pkt->original)
+ err = nr_packet_ok (msg->rpkt);
+ if (err != RSE_OK)
{
- /* Verify header and message authenticator. */
- if (rad_verify (pkt->rpkt, pkt->original->rpkt,
- pkt->conn->active_peer->secret))
- {
- _close_conn (&pkt->conn);
- return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
- "rad_verify: %s", fr_strerror ());
- }
-
- /* Decode and decrypt. */
- if (rad_decode (pkt->rpkt, pkt->original->rpkt,
- pkt->conn->active_peer->secret))
- {
- _close_conn (&pkt->conn);
- return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
- "rad_decode: %s", fr_strerror ());
- }
+ conn_close (&msg->conn);
+ return rs_err_conn_push_fl (msg->conn, err, __FILE__, __LINE__,
+ "invalid message");
}
#if defined (DEBUG)
/* Find out what happens if there's data left in the buffer. */
{
size_t rest = 0;
- rest = evbuffer_get_length (bufferevent_get_input (pkt->conn->bev));
+ rest = evbuffer_get_length (bufferevent_get_input (msg->conn->bev));
if (rest)
rs_debug (("%s: returning with %d octets left in buffer\n", __func__,
rest));
}
#endif
- /* Hand over message to user, changes ownership of pkt. Don't
- touch it afterwards -- it might have been freed. */
- if (pkt->conn->callbacks.received_cb)
- pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data);
+ /* Hand over message to user. This changes ownership of msg.
+ Don't touch it afterwards -- it might have been freed. */
+ if (msg->conn->callbacks.received_cb)
+ msg->conn->callbacks.received_cb (msg, msg->conn->user_data);
}
else if (n < 0) /* Buffer frozen. */
- rs_debug (("%s: buffer frozen when reading packet\n", __func__));
- else /* Short packet. */
+ rs_debug (("%s: buffer frozen when reading message\n", __func__));
+ else /* Short message. */
rs_debug (("%s: waiting for another %d octets\n", __func__,
- pkt->rpkt->data_len - RS_HEADER_LEN - n));
+ msg->rpkt->length - RS_HEADER_LEN - n));
return 0;
}
-/* Read callback for TCP.
+/* The read callback for TCP.
Read exactly one RADIUS message from BEV and store it in struct
- rs_packet passed in CTX (hereby called 'pkt').
-
- Verify the received packet against pkt->original, if !NULL.
+ rs_message passed in USER_DATA.
- Inform upper layer about successful reception of valid RADIUS
+ Inform upper layer about successful reception of received RADIUS
message by invoking conn->callbacks.recevied_cb(), if !NULL. */
void
tcp_read_cb (struct bufferevent *bev, void *user_data)
{
- struct rs_packet *pkt = (struct rs_packet *) user_data;
+ struct rs_message *msg = (struct rs_message *) user_data;
- assert (pkt);
- assert (pkt->conn);
- assert (pkt->rpkt);
+ assert (msg);
+ assert (msg->conn);
+ assert (msg->rpkt);
- pkt->rpkt->sockfd = pkt->conn->fd;
- pkt->rpkt->vps = NULL;
+ msg->rpkt->sockfd = msg->conn->fd;
+ msg->rpkt->vps = NULL; /* FIXME: can this be done when initializing msg? */
- if (!pkt->hdr_read_flag)
- if (_read_header (pkt))
- return;
- _read_packet (pkt);
+ /* Read a message header if not already read, return if that
+ fails. Read a message and have it dispatched to the user
+ registered callback.
+
+ Room for improvement: Peek inside buffer (evbuffer_copyout()) to
+ avoid the extra copying. */
+ if ((msg->flags & RS_MESSAGE_HEADER_READ) == 0)
+ if (_read_header (msg))
+ return; /* Error. */
+ _read_message (msg);
}
void
tcp_event_cb (struct bufferevent *bev, short events, void *user_data)
{
- struct rs_packet *pkt = (struct rs_packet *) user_data;
+ struct rs_message *msg = (struct rs_message *) user_data;
struct rs_connection *conn = NULL;
- struct rs_peer *p = NULL;
int sockerr = 0;
#if defined (RS_ENABLE_TLS)
unsigned long tlserr = 0;
#endif
+#if defined (DEBUG)
+ struct rs_peer *p = NULL;
+#endif
- assert (pkt);
- assert (pkt->conn);
- assert (pkt->conn->active_peer);
- conn = pkt->conn;
+ assert (msg);
+ assert (msg->conn);
+ conn = msg->conn;
+#if defined (DEBUG)
+ assert (msg->conn->active_peer);
p = conn->active_peer;
+#endif
conn->is_connecting = 0;
if (events & BEV_EVENT_CONNECTED)
{
- event_on_connect (conn, pkt);
+ if (conn->tev)
+ evtimer_del (conn->tev); /* Cancel connect timer. */
+ if (event_on_connect (conn, msg))
+ {
+ event_on_disconnect (conn);
+ event_loopbreak (conn);
+ }
}
else if (events & BEV_EVENT_EOF)
{
{
rs_debug (("%s: %p times out on %s\n", __func__, p,
(events & BEV_EVENT_READING) ? "read" : "write"));
- rs_err_conn_push_fl (pkt->conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL);
+ rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL);
}
else if (events & BEV_EVENT_ERROR)
{
if (sockerr == 0) /* FIXME: True that errno == 0 means closed? */
{
event_on_disconnect (conn);
+ rs_err_conn_push_fl (conn, RSE_DISCO, __FILE__, __LINE__, NULL);
}
else
{
rs_debug (("%s: %d: %d (%s)\n", __func__, conn->fd, sockerr,
evutil_socket_error_to_string (sockerr)));
- rs_err_conn_push_fl (pkt->conn, RSE_SOCKERR, __FILE__, __LINE__,
+ rs_err_conn_push_fl (conn, RSE_SOCKERR, __FILE__, __LINE__,
"%d: %d (%s)", conn->fd, sockerr,
evutil_socket_error_to_string (sockerr));
}
{
rs_debug (("%s: openssl error: %s\n", __func__,
ERR_error_string (tlserr, NULL)));
- rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
+ rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__,
ERR_error_string (tlserr, NULL));
}
}
void
tcp_write_cb (struct bufferevent *bev, void *ctx)
{
- struct rs_packet *pkt = (struct rs_packet *) ctx;
+ struct rs_message *msg = (struct rs_message *) ctx;
- assert (pkt);
- assert (pkt->conn);
+ assert (msg);
+ assert (msg->conn);
- if (pkt->conn->callbacks.sent_cb)
- pkt->conn->callbacks.sent_cb (pkt->conn->user_data);
+ if (msg->conn->callbacks.sent_cb)
+ msg->conn->callbacks.sent_cb (msg->conn->user_data);
}
int
-tcp_set_connect_timeout (struct rs_connection *conn)
+tcp_init_connect_timer (struct rs_connection *conn)
{
- struct timeval tv;
+ assert (conn);
- if (!conn->tev)
- conn->tev = evtimer_new (conn->evb, _conn_timeout_cb, conn);
+ if (conn->tev)
+ event_free (conn->tev);
+ conn->tev = evtimer_new (conn->evb, event_conn_timeout_cb, conn);
if (!conn->tev)
return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
"evtimer_new");
- tv.tv_sec = conn->realm->timeout;
- tv.tv_usec = 0;
- evtimer_add (conn->tev, &tv);
return RSE_OK;
}