1 /* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
2 See the file COPYING for licensing information. */
4 #if defined HAVE_CONFIG_H
9 #include <event2/bufferevent.h>
10 #include <radsec/radsec.h>
11 #include <radsec/radsec-impl.h>
18 #include <sys/socket.h>
19 #include <event2/buffer.h>
23 packet_verify_response (struct rs_connection *conn,
24 struct rs_packet *response,
25 struct rs_packet *request)
28 assert (conn->active_peer);
29 assert (conn->active_peer->secret);
31 assert (response->rpkt);
33 assert (request->rpkt);
35 /* Verify header and message authenticator. */
36 if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret))
39 return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
40 "rad_verify: %s", fr_strerror ());
43 /* Decode and decrypt. */
44 if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret))
47 return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
48 "rad_decode: %s", fr_strerror ());
55 /* Badly named function for preparing a RADIUS message and queue it.
58 packet_do_send (struct rs_packet *pkt)
60 VALUE_PAIR *vp = NULL;
64 assert (pkt->conn->active_peer);
65 assert (pkt->conn->active_peer->secret);
68 /* Add a Message-Authenticator, RFC 2869, if not already present. */
69 /* FIXME: Make Message-Authenticator optional? */
70 vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
72 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
73 "paircreate: %s", fr_strerror ());
74 pairreplace (&pkt->rpkt->vps, vp);
77 if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
78 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
79 "rad_encode: %s", fr_strerror ());
81 if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
82 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
83 "rad_sign: %s", fr_strerror ());
86 char host[80], serv[80];
88 getnameinfo (pkt->conn->active_peer->addr_cache->ai_addr,
89 pkt->conn->active_peer->addr_cache->ai_addrlen,
90 host, sizeof(host), serv, sizeof(serv),
91 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
92 rs_debug (("%s: about to send this to %s:%s:\n", __func__, host, serv));
97 /* Put message in output buffer. */
98 if (pkt->conn->bev) /* TCP. */
100 int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
101 pkt->rpkt->data_len);
103 return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
104 "bufferevent_write: %s",
105 evutil_gai_strerror (err));
109 struct rs_packet **pp = &pkt->conn->out_queue;
111 while (*pp && (*pp)->next)
119 /* Public functions. */
121 rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
128 rpkt = rad_alloc (1);
130 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
131 rpkt->id = conn->nextid++;
133 p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
137 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
139 memset (p, 0, sizeof (struct rs_packet));
148 rs_packet_create_authn_request (struct rs_connection *conn,
149 struct rs_packet **pkt_out,
150 const char *user_name, const char *user_pw)
152 struct rs_packet *pkt;
153 VALUE_PAIR *vp = NULL;
155 if (rs_packet_create (conn, pkt_out))
158 pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
162 vp = pairmake ("User-Name", user_name, T_OP_EQ);
164 return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
165 "pairmake: %s", fr_strerror ());
166 pairadd (&pkt->rpkt->vps, vp);
171 vp = pairmake ("User-Password", user_pw, T_OP_EQ);
173 return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
174 "pairmake: %s", fr_strerror ());
175 pairadd (&pkt->rpkt->vps, vp);
181 struct radius_packet *
182 rs_packet_frpkt (struct rs_packet *pkt)
189 rs_packet_destroy (struct rs_packet *pkt)
193 assert (pkt->conn->ctx);
195 rad_free (&pkt->rpkt); /* Note: This frees the VALUE_PAIR's too. */
196 rs_free (pkt->conn->ctx, pkt);