1 /* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
2 See LICENSE for licensing information. */
4 #if defined HAVE_CONFIG_H
9 #include <radius/client.h>
10 #include <event2/bufferevent.h>
11 #include <radsec/radsec.h>
12 #include <radsec/radsec-impl.h>
19 #include <sys/socket.h>
20 #include <event2/buffer.h>
24 packet_verify_response (struct rs_connection *conn,
25 struct rs_packet *response,
26 struct rs_packet *request)
31 assert (conn->active_peer);
32 assert (conn->active_peer->secret);
34 assert (response->rpkt);
36 assert (request->rpkt);
38 response->rpkt->secret = conn->active_peer->secret;
39 response->rpkt->sizeof_secret = strlen (conn->active_peer->secret);
41 /* Verify header and message authenticator. */
42 err = nr_packet_verify (response->rpkt, request->rpkt);
45 if (conn->is_connected)
46 rs_conn_disconnect(conn);
47 return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__,
51 /* Decode and decrypt. */
52 err = nr_packet_decode (response->rpkt, request->rpkt);
55 if (conn->is_connected)
56 rs_conn_disconnect(conn);
57 return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__,
65 /* Badly named function for preparing a RADIUS message and queue it.
68 packet_do_send (struct rs_packet *pkt)
74 assert (pkt->conn->active_peer);
75 assert (pkt->conn->active_peer->secret);
78 pkt->rpkt->secret = pkt->conn->active_peer->secret;
79 pkt->rpkt->sizeof_secret = strlen (pkt->rpkt->secret);
82 err = nr_packet_encode (pkt->rpkt, NULL);
84 return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__,
87 err = nr_packet_sign (pkt->rpkt, NULL);
89 return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__,
93 char host[80], serv[80];
95 getnameinfo (pkt->conn->active_peer->addr_cache->ai_addr,
96 pkt->conn->active_peer->addr_cache->ai_addrlen,
97 host, sizeof(host), serv, sizeof(serv),
98 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
99 rs_debug (("%s: about to send this to %s:%s:\n", __func__, host, serv));
100 rs_dump_packet (pkt);
104 /* Put message in output buffer. */
105 if (pkt->conn->bev) /* TCP. */
107 int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
110 return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
111 "bufferevent_write: %s",
112 evutil_gai_strerror (err));
116 struct rs_packet **pp = &pkt->conn->out_queue;
118 while (*pp && (*pp)->next)
126 /* Public functions. */
128 rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
136 rpkt = rs_malloc (conn->ctx, sizeof(*rpkt) + RS_MAX_PACKET_LEN);
138 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
140 err = nr_packet_init (rpkt, NULL, NULL,
142 rpkt + 1, RS_MAX_PACKET_LEN);
144 return rs_err_conn_push (conn, -err, __func__);
146 p = (struct rs_packet *) rs_calloc (conn->ctx, 1, sizeof (*p));
149 rs_free (conn->ctx, rpkt);
150 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
160 rs_packet_create_authn_request (struct rs_connection *conn,
161 struct rs_packet **pkt_out,
162 const char *user_name, const char *user_pw)
164 struct rs_packet *pkt;
167 if (rs_packet_create (conn, pkt_out))
171 pkt->rpkt->code = PW_ACCESS_REQUEST;
175 err = rs_packet_add_avp (pkt, PW_USER_NAME, 0, user_name,
183 err = rs_packet_add_avp (pkt, PW_USER_PASSWORD, 0, user_pw,
193 rs_packet_destroy (struct rs_packet *pkt)
197 assert (pkt->conn->ctx);
199 rs_avp_free (&pkt->rpkt->vps);
200 rs_free (pkt->conn->ctx, pkt->rpkt);
201 rs_free (pkt->conn->ctx, pkt);
205 rs_packet_add_avp (struct rs_packet *pkt,
206 unsigned int attr, unsigned int vendor,
207 const void *data, size_t data_len)
216 assert (pkt->conn->ctx);
218 da = nr_dict_attr_byvalue (attr, vendor);
220 return rs_err_conn_push (pkt->conn, RSE_ATTR_TYPE_UNKNOWN,
221 "nr_dict_attr_byvalue");
222 vp = rs_malloc (pkt->conn->ctx, sizeof(*vp));
224 return rs_err_conn_push (pkt->conn, RSE_NOMEM, NULL);
225 if (nr_vp_init (vp, da) == NULL)
228 return rs_err_conn_push (pkt->conn, RSE_INTERNAL, NULL);
230 err = nr_vp_set_data (vp, data, data_len);
234 return rs_err_conn_push (pkt->conn, -err, "nr_vp_set_data");
236 nr_vps_append (&pkt->rpkt->vps, vp);
241 /* TODO: Rename rs_packet_append_avp, indicating that encoding is
244 rs_packet_append_avp (struct rs_packet *pkt,
245 unsigned int attr, unsigned int vendor,
246 const void *data, size_t data_len)
253 da = nr_dict_attr_byvalue (attr, vendor);
255 return RSE_ATTR_TYPE_UNKNOWN;
257 err = nr_packet_attr_append (pkt->rpkt, NULL, da, data, data_len);
259 return rs_err_conn_push (pkt->conn, -err, __func__);
265 rs_packet_avps (struct rs_packet *pkt, rs_avp ***vps)
268 *vps = &pkt->rpkt->vps;
272 rs_packet_code (struct rs_packet *pkt)
275 return pkt->rpkt->code;
279 rs_packet_find_avp (struct rs_packet *pkt, unsigned int attr, unsigned int vendor)
282 return rs_avp_find_const (pkt->rpkt->vps, attr, vendor);
286 rs_packet_set_id (struct rs_packet *pkt, int id)
288 int old = pkt->rpkt->id;