From: Linus Nordberg Date: Fri, 27 Apr 2012 15:00:17 +0000 (+0200) Subject: Merge libradsec-new-client. X-Git-Tag: libradsec-0.0.4~61^2~17 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=radsecproxy.git;a=commitdiff_plain;h=4b0ff99282a91bba93eec9db37831be73b8134e4 Merge libradsec-new-client. --- 4b0ff99282a91bba93eec9db37831be73b8134e4 diff --cc lib/HACKING index 793ac72,1494941..824cb77 --- a/lib/HACKING +++ b/lib/HACKING @@@ -18,17 -18,8 +18,16 @@@ examples/client -r examples/client.con - Application runs its own event loop, using fd's for select and performs I/O using the libradsec send/receive calls (a.k.a. on-your-own mode) - - Fully reentrant (FIXME: issues with libfreeradius-radius?) - User chooses allocation regime +Note that as of 0.0.2.dev libradsec suffers from way too much focus on +the behaviour of a blocking client and is totally useless as a server. +Not only does it lack most of the functions needed for writing a +server but it also contains at least one architectural mishap which +kills the server idea. A connection timeout (TCP) or a retransmit +timeout (UDP) will result in the event loop being broken. The same is +thing will happen if there's an error on a TCP connection, f.ex. a +failing certificate validation (TLS). * Dependencies Details apply to Ubuntu 10.10. diff --cc lib/Makefile.am index 6b31435,51aebf9..9a74a7f --- a/lib/Makefile.am +++ b/lib/Makefile.am @@@ -1,23 -1,7 +1,23 @@@ AUTOMAKE_OPTIONS = foreign ACLOCAL_AMFLAGS = -I m4 +# Shared library interface version, i.e. -version-info to Libtool, +# expressed as three integers CURRENT:REVISION:AGE. + +# CURRENT is the version number of the current interface. Increment +# CURRENT when the library interface changes. + +# REVISION is the version number of the _implementation_ of the +# CURRENT interface. Set REVISION to 0 when CURRENT changes, +# else increment. + +# AGE is the number of interfaces this library implements, i.e. how +# many versions before CURRENT that are supported. Increment AGE +# when the library interface is _extended_. Set AGE to 0 when the +# library interface is _changed_. + + - SUBDIRS = . examples include + SUBDIRS = radius . include examples INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -g diff --cc lib/conf.c index 90fa256,84bd1a8..1cb7049 --- a/lib/conf.c +++ b/lib/conf.c @@@ -6,8 -6,8 +6,9 @@@ #endif #include + #include #include +#include #include #include #include "peer.h" diff --cc lib/configure.ac index 3339352,9b1d304..bb71a6a --- a/lib/configure.ac +++ b/lib/configure.ac @@@ -17,13 -17,10 +17,11 @@@ AC_CHECK_LIB([confuse], [cfg_init], AC_MSG_ERROR([required library libconfuse not found])) AC_CHECK_LIB([event_core], [event_get_version],, AC_MSG_ERROR([required library libevent_core not found])) - AC_CHECK_LIB([freeradius-radius], [rad_alloc],, - AC_MSG_ERROR([required library libfreeradius-radius not found])) # Enable-knobs. +## Enable TLS (RadSec). AH_TEMPLATE([RS_ENABLE_TLS], [TLS (RadSec) enabled]) -AH_TEMPLATE([RADPROT_TLS], []) +AH_TEMPLATE([RADPROT_TLS], []) dnl Legacy. AC_ARG_ENABLE([tls], AS_HELP_STRING([--enable-tls], [enable TLS (RadSec)]), [AC_CHECK_LIB([event_openssl], [bufferevent_openssl_socket_new],, AC_MSG_ERROR([required library event_openssl not found])) diff --cc lib/err.c index 875a3f4,e318047..60ef82f --- a/lib/err.c +++ b/lib/err.c @@@ -12,29 -13,49 +13,51 @@@ #include static const char *_errtxt[] = { - "SUCCESS", /* 0 RSE_OK */ - "out of memory", /* 1 RSE_NOMEM */ - "not yet implemented", /* 2 RSE_NOSYS */ - "invalid handle", /* 3 RSE_INVALID_CTX */ - "invalid connection", /* 4 RSE_INVALID_CONN */ - "connection type mismatch", /* 5 RSE_CONN_TYPE_MISMATCH */ - "FreeRadius error", /* 6 RSE_FR */ - "bad hostname or port", /* 7 RSE_BADADDR */ - "no peer configured", /* 8 RSE_NOPEER */ - "libevent error", /* 9 RSE_EVENT */ - "socket error", /* 10 RSE_SOCKERR */ - "invalid configuration file", /* 11 RSE_CONFIG */ - "authentication failed", /* 12 RSE_BADAUTH */ - "internal error", /* 13 RSE_INTERNAL */ - "SSL error", /* 14 RSE_SSLERR */ - "invalid packet", /* 15 RSE_INVALID_PKT */ - "connect timeout", /* 16 RSE_TIMEOUT_CONN */ - "invalid argument", /* 17 RSE_INVAL */ - "I/O timeout", /* 18 RSE_TIMEOUT_IO */ - "timeout", /* 19 RSE_TIMEOUT */ - "peer disconnected", /* 20 RSE_DISCO */ - "invalid credentials", /* 21 RSE_CRED */ - "certificate validation error", /* 22 RSE_CERT */ + "SUCCESS", /* 0 RSE_OK */ + "out of memory", /* 1 RSE_NOMEM */ + "not yet implemented", /* 2 RSE_NOSYS */ + "invalid handle", /* 3 RSE_INVALID_CTX */ + "invalid connection", /* 4 RSE_INVALID_CONN */ + "connection type mismatch", /* 5 RSE_CONN_TYPE_MISMATCH */ + "FreeRadius error", /* 6 RSE_FR */ + "bad hostname or port", /* 7 RSE_BADADDR */ + "no peer configured", /* 8 RSE_NOPEER */ + "libevent error", /* 9 RSE_EVENT */ + "socket error", /* 10 RSE_SOCKERR */ + "invalid configuration file", /* 11 RSE_CONFIG */ + "authentication failed", /* 12 RSE_BADAUTH */ + "internal error", /* 13 RSE_INTERNAL */ + "SSL error", /* 14 RSE_SSLERR */ + "invalid packet", /* 15 RSE_INVALID_PKT */ + "connect timeout", /* 16 RSE_TIMEOUT_CONN */ + "invalid argument", /* 17 RSE_INVAL */ + "I/O timeout", /* 18 RSE_TIMEOUT_IO */ + "timeout", /* 19 RSE_TIMEOUT */ + "peer disconnected", /* 20 RSE_DISCO */ + "resource is in use", /* 21 RSE_INUSE */ + "packet is too small", /* 22 RSE_PACKET_TOO_SMALL */ + "packet is too large", /* 23 RSE_PACKET_TOO_LARGE */ + "attribute overflows packet", /* 24 RSE_ATTR_OVERFLOW */ + "attribute is too small", /* 25 RSE_ATTR_TOO_SMALL */ + "attribute is too large", /* 26 RSE_ATTR_TOO_LARGE */ + "unknown attribute", /* 27 RSE_ATTR_UNKNOWN */ + "invalid name for attribute", /* 28 RSE_ATTR_BAD_NAME */ + "invalid value for attribute", /* 29 RSE_ATTR_VALUE_MALFORMED */ + "invalid attribute", /* 30 RSE_ATTR_INVALID */ + "too many attributes in the packet", /* 31 RSE_TOO_MANY_ATTRS */ + "attribute type unknown", /* 32 RSE_ATTR_TYPE_UNKNOWN */ + "invalid message authenticator", /* 33 RSE_MSG_AUTH_LEN */ + "incorrect message authenticator", /* 34 RSE_MSG_AUTH_WRONG */ + "request is required", /* 35 RSE_REQUEST_REQUIRED */ + "invalid request code", /* 36 RSE_REQUEST_CODE_INVALID */ + "incorrect request authenticator", /* 37 RSE_AUTH_VECTOR_WRONG */ + "response code is unsupported", /* 38 RSE_INVALID_RESPONSE_CODE */ + "response ID is invalid", /* 39 RSE_INVALID_RESPONSE_ID */ + "response from the wrong source address", /* 40 RSE_INVALID_RESPONSE_SRC */ + "no packet data", /* 41 RSE_NO_PACKET_DATA */ + "vendor is unknown", /* 42 RSE_VENDOR_UNKNOWN */ ++ "invalid credentials", /* 43 RSE_CRED */ ++ "certificate validation error", /* 44 RSE_CERT */ }; #define ERRTXT_SIZE (sizeof(_errtxt) / sizeof(*_errtxt)) diff --cc lib/examples/client-blocking.c index f26cd6c,2cfd617..7d3869a --- a/lib/examples/client-blocking.c +++ b/lib/examples/client-blocking.c @@@ -4,12 -4,10 +4,12 @@@ #include #include #include +#include #include - #include #include + #include #include +#include "err.h" #include "debug.h" /* For rs_dump_packet(). */ #define SECRET "sikrit" @@@ -52,11 -43,9 +50,9 @@@ blocking_client (const char *config_fn goto cleanup; } #else /* defined (USE_CONFIG_FILE) */ - if (rs_context_read_config (h, av1)) + if (rs_context_read_config (h, config_fn)) goto cleanup; - if (rs_context_init_freeradius_dict (h, NULL)) - goto cleanup; - if (rs_conn_create (h, &conn, av2)) + if (rs_conn_create (h, &conn, configuration)) goto cleanup; #endif /* defined (USE_CONFIG_FILE) */ diff --cc lib/include/radsec/radsec.h index e62986e,6e967af..6c4f6a7 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@@ -32,10 -42,31 +42,33 @@@ enum rs_error_code RSE_TIMEOUT_CONN = 16, /* Connection timeout. */ RSE_INVAL = 17, /* Invalid argument. */ RSE_TIMEOUT_IO = 18, /* I/O timeout. */ - RSE_TIMEOUT= 19, /* High level timeout. */ + RSE_TIMEOUT = 19, /* High level timeout. */ RSE_DISCO = 20, - RSE_CRED = 21, /* Credentials. */ - RSE_CERT = 22, /* Cert validation. */ + RSE_INUSE = 21, + RSE_PACKET_TOO_SMALL = 22, + RSE_PACKET_TOO_LARGE = 23, + RSE_ATTR_OVERFLOW = 24, + RSE_ATTR_TOO_SMALL = 25, + RSE_ATTR_TOO_LARGE = 26, + RSE_ATTR_UNKNOWN = 27, + RSE_ATTR_BAD_NAME = 28, + RSE_ATTR_VALUE_MALFORMED = 29, + RSE_ATTR_INVALID = 30, + RSE_TOO_MANY_ATTRS = 31, + RSE_ATTR_TYPE_UNKNOWN = 32, + RSE_MSG_AUTH_LEN = 33, + RSE_MSG_AUTH_WRONG = 34, + RSE_REQUEST_REQUIRED = 35, + RSE_INVALID_REQUEST_CODE = 36, + RSE_AUTH_VECTOR_WRONG = 37, + RSE_INVALID_RESPONSE_CODE = 38, + RSE_INVALID_RESPONSE_ID = 39, + RSE_INVALID_RESPONSE_SRC = 40, + RSE_NO_PACKET_DATA = 41, + RSE_VENDOR_UNKNOWN = 42, - RSE_MAX = RSE_VENDOR_UNKNOWN ++ RSE_CRED = 43, ++ RSE_CERT = 44, ++ RSE_MAX = RSE_CERT }; enum rs_conn_type { diff --cc lib/radsec.c index e176b6d,7421755..347a48b --- a/lib/radsec.c +++ b/lib/radsec.c @@@ -54,53 -48,11 +48,11 @@@ rs_context_create (struct rs_context ** return RSE_OK; } - /** Initialize freeradius dictionary. */ - int - rs_context_init_freeradius_dict (struct rs_context *ctx, const char *dict) - { - int r = RSE_OK; - size_t dictlen; - char *dir = NULL; - char *fn = NULL; - - if (dict == NULL) - if (ctx->config != NULL && ctx->config->dictionary) - dict = ctx->config->dictionary; - - if (dict == NULL) - dict = RS_FREERADIUS_DICT; - - dictlen = strlen (dict); - dir = rs_calloc (ctx, 1, dictlen + 1); - fn = rs_calloc (ctx, 1, dictlen + 1); - if (dir == NULL || fn == NULL) - { - r = rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); - goto out; - } - strncpy (dir, dict, dictlen); - strncpy (fn, dict, dictlen); - - if (dict_init (dirname (dir), basename (fn)) < 0) - { - r = rs_err_ctx_push_fl (ctx, RSE_FR, __FILE__, __LINE__, - "failing dict_init(\"%s\")", dict); - goto out; - } - - out: - if (dir) - rs_free (ctx, dir); - if (fn) - rs_free (ctx, fn); - return r; - } - struct rs_error * -rs_resolv (struct evutil_addrinfo **addr, - rs_conn_type_t type, - const char *hostname, - const char *service) +rs_resolve (struct evutil_addrinfo **addr, + rs_conn_type_t type, + const char *hostname, + const char *service) { int err; struct evutil_addrinfo hints, *res = NULL; diff --cc lib/rsp_tlscommon.h index 0470aa7,6819cd0..d96f553 --- a/lib/rsp_tlscommon.h +++ b/lib/rsp_tlscommon.h @@@ -6,6 -6,6 +6,7 @@@ * copyright notice and this permission notice appear in all copies. */ ++#include #include #if defined (__cplusplus) diff --cc lib/tests/test-udp.c index 13d6979,f66eebd..ccad607 --- a/lib/tests/test-udp.c +++ b/lib/tests/test-udp.c @@@ -35,6 -34,6 +34,7 @@@ send_more_than_one_msg_in_one_packet (s assert_true (rs_packet_send (msg1, NULL) == 0); } ++#if 0 static void send_large_packet (struct rs_connection *conn) { @@@ -51,16 -50,12 +51,13 @@@ /* 16 chunks --> heap corruption in evbuffer_drain detected by free() */ for (f = 0; f < 15; f++) { - VALUE_PAIR *vp = NULL; memset (buf, 'a' + f, 252); - vp = pairmake ("EAP-Message", buf, T_OP_EQ); - assert_true (vp != NULL); - pairadd (&frpkt->vps, vp); - rs_attr_create (conn, &attr_x, "EAP-Message", buf); - rs_packet_add_attr (msg0, attr_x); ++ //vp = pairmake ("EAP-Message", buf, T_OP_EQ); ++ assert_true (rs_packet_append_avp (msg0, fixme...) == RSE_OK); } assert_true (rs_packet_send (msg0, NULL) == 0); } ++#endif /* 0 */ /* ************************************************************ */ static struct setup { @@@ -114,9 -108,8 +111,8 @@@ test_buffering ( struct timeval timeout; struct polldata *polldata; - assert_true (rs_context_create (&ctx, NULL) == 0); + assert_true (rs_context_create (&ctx) == 0); assert_true (rs_context_read_config (ctx, "test.conf") == 0); - assert_true (rs_context_init_freeradius_dict (ctx, NULL) == 0); assert_true (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); timeout.tv_sec = 0;