1 /* Copyright 2011 NORDUnet A/S. All rights reserved.
2 See the file COPYING for licensing information. */
4 #if defined HAVE_CONFIG_H
9 #include <event2/event.h>
10 #include <event2/bufferevent.h>
11 #if defined (RS_ENABLE_TLS)
12 #include <event2/bufferevent_ssl.h>
13 #include <openssl/err.h>
15 #include <radsec/radsec.h>
16 #include <radsec/radsec-impl.h>
23 #include <event2/buffer.h>
27 _conn_timeout_cb (int fd, short event, void *data)
29 struct rs_connection *conn;
32 conn = (struct rs_connection *) data;
34 if (event & EV_TIMEOUT)
36 rs_debug (("%s: connection timeout on %p (fd %d) connecting to %p\n",
37 __func__, conn, conn->fd, conn->active_peer));
38 conn->is_connecting = 0;
39 rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL);
40 event_loopbreak (conn);
45 _close_conn (struct rs_connection **connp)
50 r = rs_conn_destroy (*connp);
56 /* Read one RADIUS packet header. Return !0 on error. A return value
57 of 0 means that we need more data. */
59 _read_header (struct rs_packet *pkt)
63 n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN);
64 if (n == RS_HEADER_LEN)
66 pkt->hdr_read_flag = 1;
67 pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3];
68 if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096)
70 _close_conn (&pkt->conn);
71 return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT,
72 "invalid packet length: %d",
75 pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len);
78 _close_conn (&pkt->conn);
79 return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
82 memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN);
83 bufferevent_setwatermark (pkt->conn->bev, EV_READ,
84 pkt->rpkt->data_len - RS_HEADER_LEN, 0);
85 rs_debug (("%s: packet header read, total pkt len=%d\n",
86 __func__, pkt->rpkt->data_len));
90 rs_debug (("%s: buffer frozen while reading header\n", __func__));
92 else /* Error: libevent gave us less than the low watermark. */
94 _close_conn (&pkt->conn);
95 return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__,
96 "got %d octets reading header", n);
103 _read_packet (struct rs_packet *pkt)
107 rs_debug (("%s: trying to read %d octets of packet data\n", __func__,
108 pkt->rpkt->data_len - RS_HEADER_LEN));
110 n = bufferevent_read (pkt->conn->bev,
111 pkt->rpkt->data + RS_HEADER_LEN,
112 pkt->rpkt->data_len - RS_HEADER_LEN);
114 rs_debug (("%s: read %ld octets of packet data\n", __func__, n));
116 if (n == pkt->rpkt->data_len - RS_HEADER_LEN)
118 bufferevent_disable (pkt->conn->bev, EV_READ);
119 rs_debug (("%s: complete packet read\n", __func__));
120 pkt->hdr_read_flag = 0;
121 memset (pkt->hdr, 0, sizeof(*pkt->hdr));
123 /* Checks done by rad_packet_ok:
124 - lenghts (FIXME: checks really ok for tcp?)
126 - attribute lengths >= 2
127 - attribute sizes adding up correctly */
128 if (!rad_packet_ok (pkt->rpkt, 0) != 0)
130 _close_conn (&pkt->conn);
131 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
132 "invalid packet: %s", fr_strerror ());
135 /* TODO: Verify that reception of an unsolicited response packet
136 results in connection being closed. */
138 /* If we have a request to match this response against, verify
139 and decode the response. */
142 /* Verify header and message authenticator. */
143 if (rad_verify (pkt->rpkt, pkt->original->rpkt,
144 pkt->conn->active_peer->secret))
146 _close_conn (&pkt->conn);
147 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
148 "rad_verify: %s", fr_strerror ());
151 /* Decode and decrypt. */
152 if (rad_decode (pkt->rpkt, pkt->original->rpkt,
153 pkt->conn->active_peer->secret))
155 _close_conn (&pkt->conn);
156 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
157 "rad_decode: %s", fr_strerror ());
162 /* Find out what happens if there's data left in the buffer. */
165 rest = evbuffer_get_length (bufferevent_get_input (pkt->conn->bev));
167 rs_debug (("%s: returning with %d octets left in buffer\n", __func__,
172 /* Hand over message to user, changes ownership of pkt. Don't
173 touch it afterwards -- it might have been freed. */
174 if (pkt->conn->callbacks.received_cb)
175 pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data);
177 else if (n < 0) /* Buffer frozen. */
178 rs_debug (("%s: buffer frozen when reading packet\n", __func__));
179 else /* Short packet. */
180 rs_debug (("%s: waiting for another %d octets\n", __func__,
181 pkt->rpkt->data_len - RS_HEADER_LEN - n));
186 /* Read callback for TCP.
188 Read exactly one RADIUS message from BEV and store it in struct
189 rs_packet passed in CTX (hereby called 'pkt').
191 Verify the received packet against pkt->original, if !NULL.
193 Inform upper layer about successful reception of valid RADIUS
194 message by invoking conn->callbacks.recevied_cb(), if !NULL. */
196 tcp_read_cb (struct bufferevent *bev, void *user_data)
198 struct rs_packet *pkt = (struct rs_packet *) user_data;
204 pkt->rpkt->sockfd = pkt->conn->fd;
205 pkt->rpkt->vps = NULL;
207 if (!pkt->hdr_read_flag)
208 if (_read_header (pkt))
214 tcp_event_cb (struct bufferevent *bev, short events, void *user_data)
216 struct rs_packet *pkt = (struct rs_packet *) user_data;
217 struct rs_connection *conn = NULL;
218 struct rs_peer *p = NULL;
220 #if defined (RS_ENABLE_TLS)
221 unsigned long tlserr = 0;
226 assert (pkt->conn->active_peer);
228 p = conn->active_peer;
230 conn->is_connecting = 0;
231 if (events & BEV_EVENT_CONNECTED)
233 event_on_connect (conn, pkt);
235 else if (events & BEV_EVENT_EOF)
237 event_on_disconnect (conn);
239 else if (events & BEV_EVENT_TIMEOUT)
241 rs_debug (("%s: %p times out on %s\n", __func__, p,
242 (events & BEV_EVENT_READING) ? "read" : "write"));
243 rs_err_conn_push_fl (pkt->conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL);
245 else if (events & BEV_EVENT_ERROR)
247 sockerr = evutil_socket_geterror (conn->active_peer->fd);
248 if (sockerr == 0) /* FIXME: True that errno == 0 means closed? */
250 event_on_disconnect (conn);
254 rs_debug (("%s: %d: %d (%s)\n", __func__, conn->fd, sockerr,
255 evutil_socket_error_to_string (sockerr)));
256 rs_err_conn_push_fl (pkt->conn, RSE_SOCKERR, __FILE__, __LINE__,
257 "%d: %d (%s)", conn->fd, sockerr,
258 evutil_socket_error_to_string (sockerr));
260 #if defined (RS_ENABLE_TLS)
261 if (conn->tls_ssl) /* FIXME: correct check? */
263 for (tlserr = bufferevent_get_openssl_error (conn->bev);
265 tlserr = bufferevent_get_openssl_error (conn->bev))
267 rs_debug (("%s: openssl error: %s\n", __func__,
268 ERR_error_string (tlserr, NULL)));
269 rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
270 ERR_error_string (tlserr, NULL));
273 #endif /* RS_ENABLE_TLS */
274 event_loopbreak (conn);
278 if (events & BEV_EVENT_ERROR && events != BEV_EVENT_ERROR)
279 rs_debug (("%s: BEV_EVENT_ERROR and more: 0x%x\n", __func__, events));
284 tcp_write_cb (struct bufferevent *bev, void *ctx)
286 struct rs_packet *pkt = (struct rs_packet *) ctx;
291 if (pkt->conn->callbacks.sent_cb)
292 pkt->conn->callbacks.sent_cb (pkt->conn->user_data);
296 tcp_set_connect_timeout (struct rs_connection *conn)
301 conn->tev = evtimer_new (conn->evb, _conn_timeout_cb, conn);
303 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
305 tv.tv_sec = conn->realm->timeout;
307 evtimer_add (conn->tev, &tv);