Add retransmission timer support (UDP).

[radsecproxy.git] / lib / packet.c

diff --git a/lib/packet.c b/lib/packet.c
index 68adf2b..2611b46 100644 (file)
--- a/lib/packet.c
+++ b/lib/packet.c
@@ -1,15 +1,119 @@
-#include <string.h>
+/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
+   See the file COPYING for licensing information.  */
+
+#if defined HAVE_CONFIG_H
+#include <config.h>
+#endif
+
 #include <assert.h>
-#include <freeradius/libradius.h>
-#include "libradsec.h"
-#include "libradsec-impl.h"
-#if defined DEBUG
+#include <event2/bufferevent.h>
+#include <radsec/radsec.h>
+#include <radsec/radsec-impl.h>
+#include "conn.h"
 #include "debug.h"
+#include "packet.h"
+
+#if defined (DEBUG)
+#include <netdb.h>
+#include <sys/socket.h>
+#include <event2/buffer.h>
+#endif
+
+int
+packet_verify_response (struct rs_connection *conn,
+                       struct rs_packet *response,
+                       struct rs_packet *request)
+{
+  assert (conn);
+  assert (conn->active_peer);
+  assert (conn->active_peer->secret);
+  assert (response);
+  assert (response->rpkt);
+  assert (request);
+  assert (request->rpkt);
+
+  /* Verify header and message authenticator.  */
+  if (rad_verify (response->rpkt, request->rpkt, conn->active_peer->secret))
+    {
+      conn_close (&conn);
+      return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
+                                 "rad_verify: %s", fr_strerror ());
+    }
+
+  /* Decode and decrypt.  */
+  if (rad_decode (response->rpkt, request->rpkt, conn->active_peer->secret))
+    {
+      conn_close (&conn);
+      return rs_err_conn_push_fl (conn, RSE_FR, __FILE__, __LINE__,
+                                 "rad_decode: %s", fr_strerror ());
+    }
+
+  return RSE_OK;
+}
+
+
+/* Badly named function for preparing a RADIUS message and queue it.
+   FIXME: Rename.  */
+int
+packet_do_send (struct rs_packet *pkt)
+{
+  VALUE_PAIR *vp = NULL;
+
+  assert (pkt->rpkt);
+
+  /* Add Message-Authenticator, RFC 2869.  */
+  /* FIXME: Make Message-Authenticator optional?  */
+  vp = paircreate (PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
+  if (!vp)
+    return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
+                               "paircreate: %s", fr_strerror ());
+  pairadd (&pkt->rpkt->vps, vp);
+
+  if (rad_encode (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
+    return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
+                               "rad_encode: %s", fr_strerror ());
+  if (rad_sign (pkt->rpkt, NULL, pkt->conn->active_peer->secret))
+    return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__,
+                               "rad_sign: %s", fr_strerror ());
+#if defined (DEBUG)
+  {
+    char host[80], serv[80];
+
+    getnameinfo (pkt->conn->active_peer->addr->ai_addr,
+                pkt->conn->active_peer->addr->ai_addrlen,
+                host, sizeof(host), serv, sizeof(serv),
+                0 /* NI_NUMERICHOST|NI_NUMERICSERV*/);
+    rs_debug (("%s: about to send this to %s:%s:\n", __func__, host, serv));
+    rs_dump_packet (pkt);
+  }
 #endif
 
+  if (pkt->conn->bev)          /* TCP.  */
+    {
+      int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data,
+                                  pkt->rpkt->data_len);
+      if (err < 0)
+       return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__,
+                                   "bufferevent_write: %s",
+                                   evutil_gai_strerror (err));
+    }
+  else                         /* UDP.  */
+    {
+      struct rs_packet **pp = &pkt->conn->out_queue;
+
+      while (*pp && (*pp)->next)
+       *pp = (*pp)->next;
+      *pp = pkt;
+
+      conn_activate_timeout (pkt->conn); /* Retransmission timer.  */
+    }
+
+  return RSE_OK;
+}
+
+/* Public functions.  */
 int
-_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out,
-               int code)
+rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out)
 {
   struct rs_packet *p;
   RADIUS_PACKET *rpkt;
@@ -18,16 +122,17 @@ _packet_create (struct rs_connection *conn, struct rs_packet **pkt_out,
 
   rpkt = rad_alloc (1);
   if (!rpkt)
-    return rs_conn_err_push (conn, RSE_NOMEM, __func__);
-  rpkt->id = -1;
-  rpkt->code = code;
+    return rs_err_conn_push (conn, RSE_NOMEM, __func__);
+  rpkt->id = conn->nextid++;
 
   p = (struct rs_packet *) malloc (sizeof (struct rs_packet));
-  if (!p) {
-    rad_free (&rpkt);
-    return rs_conn_err_push (conn, RSE_NOMEM, __func__);
-  }
+  if (!p)
+    {
+      rad_free (&rpkt);
+      return rs_err_conn_push (conn, RSE_NOMEM, __func__);
+    }
   memset (p, 0, sizeof (struct rs_packet));
+  p->conn = conn;
   p->rpkt = rpkt;
 
   *pkt_out = p;
@@ -35,58 +140,57 @@ _packet_create (struct rs_connection *conn, struct rs_packet **pkt_out,
 }
 
 int
-rs_packet_create_acc_request (struct rs_connection *conn,
-                             struct rs_packet **pkt_out,
-                             const char *user_name, const char *user_pw)
+rs_packet_create_authn_request (struct rs_connection *conn,
+                               struct rs_packet **pkt_out,
+                               const char *user_name, const char *user_pw)
 {
   struct rs_packet *pkt;
   struct rs_attr *attr;
 
-  if (_packet_create (conn, pkt_out, PW_AUTHENTICATION_REQUEST))
+  if (rs_packet_create (conn, pkt_out))
     return -1;
   pkt = *pkt_out;
+  pkt->rpkt->code = PW_AUTHENTICATION_REQUEST;
 
-  if (rs_attr_create (conn, &attr, "User-Name", user_name))
-    return -1;
-  rs_packet_add_attr (pkt, attr);
+  if (user_name)
+    {
+      if (rs_attr_create (conn, &attr, "User-Name", user_name))
+       return -1;
+      rs_packet_add_attr (pkt, attr);
 
-  if (rs_attr_create (conn, &attr, "User-Password", user_name))
-    return -1;
-  /* FIXME: need this too? rad_pwencode(user_pw, &pwlen, SECRET, reqauth) */
-  rs_packet_add_attr (pkt, attr);
+      if (user_pw)
+       {
+         if (rs_attr_create (conn, &attr, "User-Password", user_pw))
+           return -1;
+         rs_packet_add_attr (pkt, attr);
+       }
+    }
 
   return RSE_OK;
 }
 
-int
-rs_packet_send (struct rs_connection *conn, const struct rs_packet *pkt,
-               void *user_data)
+void
+rs_packet_add_attr (struct rs_packet *pkt, struct rs_attr *attr)
 {
-  assert (pkt->rpkt);
-
-  if (!conn->active_peer)
-    {
-      int err = rs_conn_open (conn);
-      if (err)
-       return err;
-      }
-  rad_encode (pkt->rpkt, NULL, conn->active_peer->secret);
-#if defined (DEBUG)
-  fprintf (stderr, "%s: about to send this to %s", __func__, "fixme");
-  rs_dump_packet (pkt);
-#endif
-
-  return RSE_NOSYS;
+  pairadd (&pkt->rpkt->vps, attr->vp);
+  attr->pkt = pkt;
 }
 
-int rs_packet_receive(struct rs_connection *conn, struct rs_packet **pkt)
+struct radius_packet *
+rs_packet_frpkt (struct rs_packet *pkt)
 {
-  return RSE_NOSYS;
+  assert (pkt);
+  return pkt->rpkt;
 }
 
 void
-rs_packet_add_attr(struct rs_packet *pkt, struct rs_attr *attr)
+rs_packet_destroy (struct rs_packet *pkt)
 {
-  pairadd (&pkt->rpkt->vps, attr->vp);
-  attr->pkt = pkt;
+  if (pkt)
+    {
+      // FIXME: memory leak! TODO: free all attributes
+      rad_free (&pkt->rpkt);
+      rs_free (pkt->conn->ctx, pkt);
+    }
 }
+