1 /* See the file COPYING for licensing information. */
3 #if defined HAVE_CONFIG_H
10 #include <freeradius/libradius.h>
11 #include <event2/event.h>
12 #include <event2/bufferevent.h>
13 #if defined RS_ENABLE_TLS
14 #include <event2/bufferevent_ssl.h>
15 #include <openssl/err.h>
17 #include <radsec/radsec.h>
18 #include <radsec/radsec-impl.h>
22 #include <sys/socket.h>
27 _do_send (struct rs_packet *pkt)
33 assert (!pkt->original);
35 vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
37 return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
38 "paircreate: %s", fr_strerror ());
39 pairadd (&pkt->rpkt->vps, vp);
41 if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
42 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
43 "rad_encode: %s", fr_strerror ());
44 if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
45 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
46 "rad_sign: %s", fr_strerror ());
49 char host[80], serv[80];
51 getnameinfo (pkt->conn->active_peer->addr->ai_addr,
52 pkt->conn->active_peer->addr->ai_addrlen,
53 host, sizeof(host), serv, sizeof(serv),
54 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
55 rs_debug ("%s: about to send this to %s:%s:\n", __func__, host, serv);
60 err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
63 return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
64 "bufferevent_write: %s",
65 evutil_gai_strerror(err));
70 _event_cb (struct bufferevent *bev, short events, void *ctx)
72 struct rs_packet *pkt = (struct rs_packet *)ctx;
73 struct rs_connection *conn;
75 #if defined RS_ENABLE_TLS
81 assert (pkt->conn->active_peer);
83 p = conn->active_peer;
86 if (events & BEV_EVENT_CONNECTED)
89 if (conn->callbacks.connected_cb)
90 conn->callbacks.connected_cb (conn->user_data);
91 rs_debug ("%s: connected\n", __func__);
94 if (conn->callbacks.sent_cb)
95 conn->callbacks.sent_cb (conn->user_data);
96 /* Packet will be freed in write callback. */
98 else if (events & BEV_EVENT_ERROR)
100 #if defined RS_ENABLE_TLS
101 if (conn->tls_ssl) /* FIXME: correct check? */
103 for (err = bufferevent_get_openssl_error (conn->bev);
105 err = bufferevent_get_openssl_error (conn->bev))
107 fprintf (stderr, "%s: DEBUG: openssl error: %s\n", __func__,
108 ERR_error_string (err, NULL)); /* FIXME: DEBUG, until verified that pushed errors will actually be handled */
109 rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
113 #endif /* RS_ENABLE_TLS */
115 rs_err_conn_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
116 fprintf (stderr, "%s: DEBUG: BEV_EVENT_ERROR\n", __func__); /* FIXME: DEBUG, until verified that pushed errors will actually be handled */
121 _write_cb (struct bufferevent *bev, void *ctx)
123 struct rs_packet *pkt = (struct rs_packet *) ctx;
128 fprintf (stderr, "%s: packet written, breaking event loop\n", __func__);
130 if (event_base_loopbreak (pkt->conn->evb) < 0)
131 abort (); /* FIXME */
135 _read_cb (struct bufferevent *bev, void *ctx)
137 struct rs_packet *pkt = (struct rs_packet *)ctx;
143 pkt->rpkt->sockfd = pkt->conn->active_peer->fd; /* FIXME: Why? */
144 pkt->rpkt->vps = NULL; /* FIXME: Why? */
146 if (!pkt->hdr_read_flag)
148 n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN);
149 if (n == RS_HEADER_LEN)
151 pkt->hdr_read_flag = 1;
152 pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3];
153 if (pkt->rpkt->data_len < 20 /* || len > 4096 */)
154 abort (); /* FIXME: Read and discard packet. */
155 pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len);
156 if (!pkt->rpkt->data)
158 rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
160 abort (); /* FIXME: Read and discard packet. */
162 memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN);
163 bufferevent_setwatermark (pkt->conn->bev, EV_READ,
164 pkt->rpkt->data_len - RS_HEADER_LEN, 0);
166 fprintf (stderr, "%s: packet header read, total pkt len=%d\n",
167 __func__, pkt->rpkt->data_len);
171 return; /* Buffer frozen. */
173 assert (!"short header");
177 printf ("%s: trying to read %d octets of packet data\n", __func__, pkt->rpkt->data_len - RS_HEADER_LEN);
179 n = bufferevent_read (pkt->conn->bev, pkt->rpkt->data + RS_HEADER_LEN, pkt->rpkt->data_len - RS_HEADER_LEN);
181 printf ("%s: read %d octets of packet data\n", __func__, n);
183 if (n == pkt->rpkt->data_len - RS_HEADER_LEN)
185 bufferevent_disable (pkt->conn->bev, EV_READ);
186 pkt->hdr_read_flag = 0;
187 memset (pkt->hdr, 0, sizeof(*pkt->hdr));
189 fprintf (stderr, "%s: complete packet read\n", __func__);
191 if (!rad_packet_ok (pkt->rpkt, 0) != 0)
193 assert (pkt->original);
195 /* Verify header and message authenticator. */
196 if (rad_verify (pkt->rpkt, pkt->original->rpkt,
197 pkt->conn->active_peer->secret))
199 rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
200 "rad_verify: %s", fr_strerror ());
204 /* Decode and decrypt. */
205 if (rad_decode (pkt->rpkt, pkt->original->rpkt,
206 pkt->conn->active_peer->secret))
208 rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
209 "rad_decode: %s", fr_strerror ());
213 if (pkt->conn->callbacks.received_cb)
214 pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data);
216 if (event_base_loopbreak (pkt->conn->evb) < 0)
217 abort (); /* FIXME */
220 return; /* Buffer frozen. */
222 assert (!"short packet");
226 _evlog_cb (int severity, const char *msg)
231 case _EVENT_LOG_DEBUG:
232 #if !defined (DEBUG_LEVENT)
240 case _EVENT_LOG_WARN:
250 fprintf (stderr, "libevent: [%s] %s\n", sevstr, msg); /* FIXME: stderr? */
254 _init_evb (struct rs_connection *conn)
259 event_enable_debug_mode ();
261 event_set_log_callback (_evlog_cb);
262 conn->evb = event_base_new ();
264 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
271 _init_socket (struct rs_connection *conn, struct rs_peer *p)
277 p->fd = socket (p->addr->ai_family, p->addr->ai_socktype,
278 p->addr->ai_protocol);
280 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
282 if (evutil_make_socket_nonblocking (p->fd) < 0)
284 evutil_closesocket (p->fd);
285 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
291 static struct rs_peer *
292 _pick_peer (struct rs_connection *conn)
294 if (!conn->active_peer)
295 conn->active_peer = conn->peers;
296 return conn->active_peer;
300 _init_bev (struct rs_connection *conn, struct rs_peer *peer)
307 case RS_CONN_TYPE_UDP:
308 case RS_CONN_TYPE_TCP:
309 conn->bev = bufferevent_socket_new (conn->evb, peer->fd, 0);
311 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
312 "bufferevent_socket_new");
314 #if defined RS_ENABLE_TLS
315 case RS_CONN_TYPE_TLS:
316 if (rs_tls_init (conn))
318 /* Would be convenient to pass BEV_OPT_CLOSE_ON_FREE but things
319 seem to break when be_openssl_ctrl() (in libevent) calls
320 SSL_set_bio() after BIO_new_socket() with flag=1. */
322 bufferevent_openssl_socket_new (conn->evb, peer->fd, conn->tls_ssl,
323 BUFFEREVENT_SSL_CONNECTING, 0);
325 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
326 "bufferevent_openssl_socket_new");
329 case RS_CONN_TYPE_DTLS:
330 return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__,
331 "%s: NYI", __func__);
332 #endif /* RS_ENABLE_TLS */
334 return rs_err_conn_push_fl (conn, RSE_INTERNAL, __FILE__, __LINE__,
335 "%s: unknown connection type: %d", __func__,
343 _do_connect (struct rs_peer *p)
347 err = bufferevent_socket_connect (p->conn->bev, p->addr->ai_addr,
348 p->addr->ai_addrlen);
350 rs_err_conn_push_fl (p->conn, RSE_EVENT, __FILE__, __LINE__,
351 "bufferevent_socket_connect: %s",
352 evutil_gai_strerror(err));
354 p->is_connecting = 1;
358 _conn_open(struct rs_connection *conn, struct rs_packet *pkt)
362 if (_init_evb (conn))
365 p = _pick_peer (conn);
367 return rs_err_conn_push_fl (conn, RSE_NOPEER, __FILE__, __LINE__, NULL);
369 if (_init_socket (conn, p))
372 if (_init_bev (conn, p))
375 if (!p->is_connected)
376 if (!p->is_connecting)
383 _conn_is_open_p (struct rs_connection *conn)
385 return conn->active_peer && conn->active_peer->is_connected;
388 /* Public functions. */
390 rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
397 rpkt = rad_alloc (1);
399 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
400 rpkt->id = conn->nextid++;
402 p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
406 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
408 memset (p, 0, sizeof (struct rs_packet));
417 rs_packet_create_auth_request (struct rs_connection *conn,
418 struct rs_packet **pkt_out,
419 const char *user_name, const char *user_pw)
421 struct rs_packet *pkt;
422 struct rs_attr *attr;
424 if (rs_packet_create (conn, pkt_out))
427 pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
431 if (rs_attr_create (conn, &attr, "User-Name", user_name))
433 rs_packet_add_attr (pkt, attr);
437 if (rs_attr_create (conn, &attr, "User-Password", user_pw))
439 rs_packet_add_attr (pkt, attr);
447 rs_packet_send (struct rs_packet *pkt, void *user_data)
449 struct rs_connection *conn;
454 if (_conn_is_open_p (conn))
457 if (_conn_open (conn, pkt))
462 assert (conn->active_peer);
463 assert (conn->active_peer->fd >= 0);
465 conn->user_data = user_data;
466 bufferevent_setcb (conn->bev, _read_cb, _write_cb, _event_cb, pkt);
467 if (!conn->user_dispatch_flag)
468 event_base_dispatch (conn->evb);
471 fprintf (stderr, "%s: event loop done\n", __func__);
472 assert (event_base_got_break(conn->evb));
479 rs_conn_receive_packet (struct rs_connection *conn,
480 struct rs_packet *request,
481 struct rs_packet **pkt_out)
483 struct rs_packet *pkt;
487 if (rs_packet_create (conn, pkt_out))
491 pkt->original = request;
493 if (_conn_open (conn, pkt))
497 assert (conn->active_peer);
498 assert (conn->active_peer->fd >= 0);
500 bufferevent_setwatermark (conn->bev, EV_READ, RS_HEADER_LEN, 0);
501 bufferevent_enable (conn->bev, EV_READ);
502 bufferevent_setcb (conn->bev, _read_cb, _write_cb, _event_cb, pkt);
504 if (!conn->user_dispatch_flag)
506 event_base_dispatch (conn->evb);
508 fprintf (stderr, "%s: event loop done", __func__);
509 if (event_base_got_break(conn->evb))
511 fprintf (stderr, ", got this:\n");
512 rs_dump_packet (pkt);
515 fprintf (stderr, ", no reply\n");
519 pkt->original = NULL;
525 rs_packet_add_attr(struct rs_packet *pkt, struct rs_attr *attr)
527 pairadd (&pkt->rpkt->vps, attr->vp);
531 struct radius_packet *
532 rs_packet_frpkt(struct rs_packet *pkt)
539 rs_packet_destroy(struct rs_packet *pkt)
543 // FIXME: memory leak! TODO: free all attributes
544 rad_free (&pkt->rpkt);
545 rs_free (pkt->conn->ctx, pkt);