1 /* See the file COPYING for licensing information. */
3 #if defined HAVE_CONFIG_H
10 #include <freeradius/libradius.h>
11 #include <event2/event.h>
12 #include <event2/bufferevent.h>
13 #if defined RS_ENABLE_TLS
14 #include <event2/bufferevent_ssl.h>
15 #include <openssl/err.h>
17 #include <radsec/radsec.h>
18 #include <radsec/radsec-impl.h>
22 #include <sys/socket.h>
27 _packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
36 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
37 rpkt->id = conn->nextid++;
39 p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
43 return rs_err_conn_push (conn, RSE_NOMEM, __func__);
45 memset (p, 0, sizeof (struct rs_packet));
54 _do_send (struct rs_packet *pkt)
60 assert (!pkt->original);
62 vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
64 return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
65 "rad_encode: %s", fr_strerror ());
66 pairadd (&pkt->rpkt->vps, vp);
68 if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
69 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
70 "rad_encode: %s", fr_strerror ());
71 if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
72 return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
73 "rad_sign: %s", fr_strerror ());
76 char host[80], serv[80];
78 getnameinfo (pkt->conn->active_peer->addr->ai_addr,
79 pkt->conn->active_peer->addr->ai_addrlen,
80 host, sizeof(host), serv, sizeof(serv),
81 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
82 fprintf (stderr, "%s: about to send this to %s:%s:\n", __func__, host,
87 err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
90 return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
91 "bufferevent_write: %s",
92 evutil_gai_strerror(err));
97 _event_cb (struct bufferevent *bev, short events, void *ctx)
99 struct rs_packet *pkt = (struct rs_packet *)ctx;
100 struct rs_connection *conn;
102 #if defined RS_ENABLE_TLS
108 assert (pkt->conn->active_peer);
110 p = conn->active_peer;
112 p->is_connecting = 0;
113 if (events & BEV_EVENT_CONNECTED)
116 if (conn->callbacks.connected_cb)
117 conn->callbacks.connected_cb (conn->user_data);
119 fprintf (stderr, "%s: connected\n", __func__);
123 if (conn->callbacks.sent_cb)
124 conn->callbacks.sent_cb (conn->user_data);
125 /* Packet will be freed in write callback. */
127 else if (events & BEV_EVENT_ERROR)
129 #if defined RS_ENABLE_TLS
130 if (conn->tls_ssl) /* FIXME: correct check? */
132 for (err = bufferevent_get_openssl_error (conn->bev);
134 err = bufferevent_get_openssl_error (conn->bev))
136 fprintf (stderr, "%s: openssl error: %s\n", __func__,
137 ERR_error_string (err, NULL)); /* DEBUG, until verified that pushed errors will actually be handled */
138 rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__,
142 #endif /* RS_ENABLE_TLS */
143 rs_err_conn_push_fl (pkt->conn, RSE_CONNERR, __FILE__, __LINE__, NULL);
144 fprintf (stderr, "%s: BEV_EVENT_ERROR\n", __func__); /* DEBUG, until verified that pushed errors will actually be handled */
149 _write_cb (struct bufferevent *bev, void *ctx)
151 struct rs_packet *pkt = (struct rs_packet *) ctx;
156 fprintf (stderr, "%s: packet written, breaking event loop\n", __func__);
158 if (event_base_loopbreak (pkt->conn->evb) < 0)
159 abort (); /* FIXME */
160 if (!pkt->conn->callbacks.sent_cb) /* Callback owns the packet now. */
161 rs_packet_destroy (pkt);
165 _read_cb (struct bufferevent *bev, void *ctx)
167 struct rs_packet *pkt = (struct rs_packet *)ctx;
173 pkt->rpkt->sockfd = pkt->conn->active_peer->fd; /* FIXME: Why? */
174 pkt->rpkt->vps = NULL; /* FIXME: Why? */
176 if (!pkt->hdr_read_flag)
178 n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN);
179 if (n == RS_HEADER_LEN)
181 pkt->hdr_read_flag = 1;
182 pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3];
183 if (pkt->rpkt->data_len < 20 /* || len > 4096 */)
184 abort (); /* FIXME: Read and discard packet. */
185 pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len);
186 if (!pkt->rpkt->data)
188 rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__,
190 abort (); /* FIXME: Read and discard packet. */
192 memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN);
193 bufferevent_setwatermark (pkt->conn->bev, EV_READ,
194 pkt->rpkt->data_len - RS_HEADER_LEN, 0);
196 fprintf (stderr, "%s: packet header read, total pkt len=%d\n",
197 __func__, pkt->rpkt->data_len);
201 return; /* Buffer frozen. */
203 assert (!"short header");
207 printf ("%s: trying to read %d octets of packet data\n", __func__, pkt->rpkt->data_len - RS_HEADER_LEN);
209 n = bufferevent_read (pkt->conn->bev, pkt->rpkt->data + RS_HEADER_LEN, pkt->rpkt->data_len - RS_HEADER_LEN);
211 printf ("%s: read %d octets of packet data\n", __func__, n);
213 if (n == pkt->rpkt->data_len - RS_HEADER_LEN)
215 bufferevent_disable (pkt->conn->bev, EV_READ);
216 pkt->hdr_read_flag = 0;
217 memset (pkt->hdr, 0, sizeof(*pkt->hdr));
219 fprintf (stderr, "%s: complete packet read\n", __func__);
221 if (!rad_packet_ok (pkt->rpkt, 0) != 0)
223 assert (pkt->original);
225 /* Verify header and message authenticator. */
226 if (rad_verify (pkt->rpkt, pkt->original->rpkt,
227 pkt->conn->active_peer->secret))
229 rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
230 "rad_verify: %s", fr_strerror ());
234 /* Decode and decrypt. */
235 if (rad_decode (pkt->rpkt, pkt->original->rpkt,
236 pkt->conn->active_peer->secret))
238 rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
239 "rad_decode: %s", fr_strerror ());
243 if (pkt->conn->callbacks.received_cb)
244 pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data);
246 if (event_base_loopbreak (pkt->conn->evb) < 0)
247 abort (); /* FIXME */
250 return; /* Buffer frozen. */
252 assert (!"short packet");
256 _evlog_cb (int severity, const char *msg)
261 case _EVENT_LOG_DEBUG:
262 #if !defined (DEBUG_LEVENT)
270 case _EVENT_LOG_WARN:
280 fprintf (stderr, "libevent: [%s] %s\n", sevstr, msg);
284 _init_evb (struct rs_connection *conn)
289 event_enable_debug_mode ();
291 event_set_log_callback (_evlog_cb);
292 conn->evb = event_base_new ();
294 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
301 _init_socket (struct rs_connection *conn, struct rs_peer *p)
307 p->fd = socket (p->addr->ai_family, p->addr->ai_socktype,
308 p->addr->ai_protocol);
310 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
312 if (evutil_make_socket_nonblocking (p->fd) < 0)
314 evutil_closesocket (p->fd);
315 return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
321 static struct rs_peer *
322 _pick_peer (struct rs_connection *conn)
324 if (!conn->active_peer)
325 conn->active_peer = conn->peers;
326 return conn->active_peer;
330 _init_bev (struct rs_connection *conn, struct rs_peer *peer)
337 case RS_CONN_TYPE_UDP:
338 case RS_CONN_TYPE_TCP:
339 conn->bev = bufferevent_socket_new (conn->evb, peer->fd, 0);
341 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
342 "bufferevent_socket_new");
344 #if defined RS_ENABLE_TLS
345 case RS_CONN_TYPE_TLS:
346 if (rs_tls_init (conn))
348 /* Would be convenient to pass BEV_OPT_CLOSE_ON_FREE but things
349 seem to break when be_openssl_ctrl() (in libevent) calls
350 SSL_set_bio() after BIO_new_socket() with flag=1. */
352 bufferevent_openssl_socket_new (conn->evb, peer->fd, conn->tls_ssl,
353 BUFFEREVENT_SSL_CONNECTING, 0);
355 return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__,
356 "bufferevent_openssl_socket_new");
359 case RS_CONN_TYPE_DTLS:
360 return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__,
361 "%s: NYI", __func__);
362 #endif /* RS_ENABLE_TLS */
364 return rs_err_conn_push_fl (conn, RSE_INTERNAL, __FILE__, __LINE__,
365 "%s: invalid connection type: %d", __func__,
373 _do_connect (struct rs_peer *p)
377 err = bufferevent_socket_connect (p->conn->bev, p->addr->ai_addr,
378 p->addr->ai_addrlen);
380 rs_err_conn_push_fl (p->conn, RSE_EVENT, __FILE__, __LINE__,
381 "bufferevent_socket_connect: %s",
382 evutil_gai_strerror(err));
384 p->is_connecting = 1;
388 _conn_open(struct rs_connection *conn, struct rs_packet *pkt)
392 if (_init_evb (conn))
395 p = _pick_peer (conn);
397 return rs_err_conn_push_fl (conn, RSE_NOPEER, __FILE__, __LINE__, NULL);
399 if (_init_socket (conn, p))
402 if (_init_bev (conn, p))
405 if (!p->is_connected)
406 if (!p->is_connecting)
413 _conn_is_open_p (struct rs_connection *conn)
415 return conn->active_peer && conn->active_peer->is_connected;
418 /* Public functions. */
420 rs_packet_create_acc_request (struct rs_connection *conn,
421 struct rs_packet **pkt_out,
422 const char *user_name, const char *user_pw)
424 struct rs_packet *pkt;
425 struct rs_attr *attr;
427 if (_packet_create (conn, pkt_out))
430 pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
434 if (rs_attr_create (conn, &attr, "User-Name", user_name))
436 rs_packet_add_attr (pkt, attr);
440 if (rs_attr_create (conn, &attr, "User-Password", user_pw))
442 /* FIXME: need this too? rad_pwencode(user_pw, &pwlen, SECRET, reqauth) */
443 rs_packet_add_attr (pkt, attr);
451 rs_packet_send (struct rs_packet *pkt, void *user_data)
453 struct rs_connection *conn;
458 if (_conn_is_open_p (conn))
461 if (_conn_open (conn, pkt))
466 assert (conn->active_peer);
467 assert (conn->active_peer->fd >= 0);
469 conn->user_data = user_data;
470 bufferevent_setcb (conn->bev, _read_cb, _write_cb, _event_cb, pkt);
471 if (!conn->user_dispatch_flag)
472 event_base_dispatch (conn->evb);
475 fprintf (stderr, "%s: event loop done\n", __func__);
476 assert (event_base_got_break(conn->evb));
483 rs_conn_receive_packet (struct rs_connection *conn,
484 struct rs_packet *request,
485 struct rs_packet **pkt_out)
487 struct rs_packet *pkt;
491 if (_packet_create (conn, pkt_out))
495 pkt->original = request;
497 if (_conn_open (conn, pkt))
501 assert (conn->active_peer);
502 assert (conn->active_peer->fd >= 0);
504 bufferevent_setwatermark (conn->bev, EV_READ, RS_HEADER_LEN, 0);
505 bufferevent_enable (conn->bev, EV_READ);
506 bufferevent_setcb (conn->bev, _read_cb, _write_cb, _event_cb, pkt);
508 if (!conn->user_dispatch_flag)
510 event_base_dispatch (conn->evb);
512 fprintf (stderr, "%s: event loop done", __func__);
513 if (event_base_got_break(conn->evb))
515 fprintf (stderr, ", got this:\n");
516 rs_dump_packet (pkt);
519 fprintf (stderr, ", no reply\n");
523 pkt->original = NULL;
529 rs_packet_add_attr(struct rs_packet *pkt, struct rs_attr *attr)
531 pairadd (&pkt->rpkt->vps, attr->vp);
535 struct radius_packet *
536 rs_packet_frpkt(struct rs_packet *pkt)
543 rs_packet_destroy(struct rs_packet *pkt)
547 // TODO: free all attributes
548 rad_free (&pkt->rpkt);
549 rs_free (pkt->conn->ctx, pkt);