-/*
- * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- */
+/* Copyright (c) 2006-2010, UNINETT AS
+ * Copyright (c) 2010-2012, NORDUnet A/S */
+/* See LICENSE for licensing information. */
+#ifdef SYS_SOLARIS9
+#include <sys/inttypes.h>
+#else
#include <stdint.h>
+#endif
#include <stdlib.h>
#include <string.h>
#include <arpa/inet.h>
struct radmsg *radmsg_init(uint8_t code, uint8_t id, uint8_t *auth) {
struct radmsg *msg;
-
+
msg = malloc(sizeof(struct radmsg));
if (!msg)
return NULL;
if (!msg->attrs) {
free(msg);
return NULL;
- }
+ }
msg->code = code;
msg->id = id;
if (auth)
else if (!RAND_bytes(msg->auth, 16)) {
free(msg);
return NULL;
- }
+ }
return msg;
}
static HMAC_CTX hmacctx;
unsigned int md_len;
uint8_t auth[16], hash[EVP_MAX_MD_SIZE];
-
+
pthread_mutex_lock(&lock);
if (first) {
HMAC_CTX_init(&hmacctx);
debug(DBG_WARN, "message authenticator, wrong value");
pthread_mutex_unlock(&lock);
return 0;
- }
-
+ }
+
pthread_mutex_unlock(&lock);
return 1;
}
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned int len;
int result;
-
+
pthread_mutex_lock(&lock);
if (first) {
EVP_MD_CTX_init(&mdctx);
}
len = RADLEN(rad);
-
+
result = (EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) &&
EVP_DigestUpdate(&mdctx, rad, 4) &&
EVP_DigestUpdate(&mdctx, reqauth, 16) &&
if (!authattrval)
return 1;
-
+
pthread_mutex_lock(&lock);
if (first) {
HMAC_CTX_init(&hmacctx);
buf = malloc(size);
if (!buf)
return NULL;
-
+
p = buf;
*p++ = msg->code;
*p++ = msg->id;
free(buf);
return NULL;
}
- if (secret && (msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Access_Challenge || msg->code == RAD_Accounting_Response || msg->code == RAD_Accounting_Request) && !_radsign(buf, secret)) {
- free(buf);
- return NULL;
+ if (secret) {
+ if ((msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Access_Challenge || msg->code == RAD_Accounting_Response || msg->code == RAD_Accounting_Request) && !_radsign(buf, secret)) {
+ free(buf);
+ return NULL;
+ }
+ if (msg->code == RAD_Accounting_Request)
+ memcpy(msg->auth, buf + 4, 16);
}
return buf;
}
/* if secret set we also validate message authenticator if present */
struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) {
struct radmsg *msg;
- uint8_t t, l, *v, *p, auth[16];
+ uint8_t t, l, *v = NULL, *p, auth[16];
uint16_t len;
struct tlv *attr;
-
+
len = RADLEN(buf);
if (len < 20)
return NULL;
debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply");
return NULL;
}
-
+
msg = radmsg_init(buf[0], buf[1], (uint8_t *)buf + 4);
if (!msg)
return NULL;
v = p;
p += l;
}
-
+
if (t == RAD_Attr_Message_Authenticator && secret) {
if (rqauth)
memcpy(buf + 4, rqauth, 16);
}
return msg;
}
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */