From: Luke Howard Date: Mon, 14 Nov 2011 05:59:55 +0000 (+1100) Subject: port new RADIUS library to Windows X-Git-Tag: debian/0.0.5-1~25^2~3^2~7 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=radsecproxy.git;a=commitdiff_plain;h=ac17a556bd50969c8157d50761449b702afa4af8 port new RADIUS library to Windows Conflicts: lib/configure.ac lib/include/radsec/radsec.h lib/radius/client.h --- diff --git a/lib/Makefile.am b/lib/Makefile.am index 3eb4a2b..51aebf9 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -38,4 +38,4 @@ endif libradsec_la_LIBADD = radius/libradsec-radius.la libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols radsec.sym -libradsec_la_CFLAGS = $(AM_CFLAGS) -Werror # -DDEBUG -DDEBUG_LEVENT +libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT diff --git a/lib/configure.ac b/lib/configure.ac index 086a4fe..9b1d304 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -30,7 +30,8 @@ AM_CONDITIONAL([RS_ENABLE_TLS], [test "${enable_tls+set}" = set]) # Checks for header files. AC_CHECK_HEADERS( - [netdb.h netinet/in.h stdint.h stdlib.h string.h sys/socket.h unistd.h]) + [sys/time.h time.h netdb.h netinet/in.h stdint.h stdlib.h strings.h string.h \ + sys/socket.h unistd.h syslog.h sys/select.h fcntl.h arpa/inet.h]) # Checks for typedefs, structures, and compiler characteristics. AC_TYPE_SIZE_T diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h index 4e5e426..33d7990 100644 --- a/lib/include/radsec/radsec.h +++ b/lib/include/radsec/radsec.h @@ -6,11 +6,21 @@ #ifndef _RADSEC_RADSEC_H_ #define _RADSEC_RADSEC_H_ 1 +#ifdef HAVE_CONFIG_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_UNISTD_H #include +#endif +#ifdef HAVE_STDINT_H #include - -#include -#include +#endif enum rs_error_code { RSE_OK = 0, diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am index 1b66ca6..b57ef16 100644 --- a/lib/radius/Makefile.am +++ b/lib/radius/Makefile.am @@ -12,13 +12,13 @@ libradsec_radius_la_SOURCES = \ custom.c \ dict.c \ id.c \ - packet.c \ parse.c \ print.c \ + radpkt.c \ static.c \ valuepair.c -libradsec_radius_la_CFLAGS = $(AM_CFLAGS) +libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H DICTIONARIES = \ share/dictionary.txt \ diff --git a/lib/radius/attrs.c b/lib/radius/attrs.c index d096cc2..21cd3f0 100644 --- a/lib/radius/attrs.c +++ b/lib/radius/attrs.c @@ -836,7 +836,7 @@ static ssize_t data2vp_any(const RADIUS_PACKET *packet, #endif -#ifdef FLAG_ENCRYPT_ASCEND_SECRET: +#ifdef FLAG_ENCRYPT_ASCEND_SECRET /* * Ascend-Send-Secret * Ascend-Receive-Secret diff --git a/lib/radius/client.h b/lib/radius/client.h index 6c1526d..aefb40d 100644 --- a/lib/radius/client.h +++ b/lib/radius/client.h @@ -35,21 +35,31 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. /* * System-specific header files. */ +#include #include #include +#ifdef HAVE_STDINT_H #include +#endif +#ifdef HAVE_STDLIB_H #include +#endif +#ifdef HAVE_STRING_H #include +#endif #include +#ifdef HAVE_NETDB_H #include +#endif +#ifdef HAVE_NETINET_IN_H #include +#endif +#ifdef HAVE_SYS_TIME_H #include +#endif #include - -/* - * Definitions of attributes. - */ +#include #include /** \defgroup build Build Helpers diff --git a/lib/radius/custom.c b/lib/radius/custom.c index 02e2463..917939a 100644 --- a/lib/radius/custom.c +++ b/lib/radius/custom.c @@ -24,6 +24,38 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + * Copyright (c) 2006 Kungliga Tekniska HAÎåÎÝgskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ /** \file custom.c * \brief Functions which should be customized for your local system. @@ -34,6 +66,49 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include #include +#ifdef WIN32 +#include + +volatile static HCRYPTPROV nr_cryptprovider = 0; + +static HCRYPTPROV +nr_CryptProvider(void) +{ + BOOL rv; + HCRYPTPROV cryptprovider = 0; + + if (nr_cryptprovider != 0) + return nr_cryptprovider; + + rv = CryptAcquireContext(&cryptprovider, NULL, + MS_ENHANCED_PROV, PROV_RSA_FULL, + 0); + + if (GetLastError() == NTE_BAD_KEYSET) { + if(!rv) + rv = CryptAcquireContext(&cryptprovider, NULL, + MS_ENHANCED_PROV, PROV_RSA_FULL, + CRYPT_NEWKEYSET); + } + + if (rv && + InterlockedCompareExchangePointer((PVOID *) &nr_cryptprovider, + (PVOID) cryptprovider, 0) != 0) { + + CryptReleaseContext(cryptprovider, 0); + cryptprovider = nr_cryptprovider; + } + + return cryptprovider; +} + +ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) +{ + if (CryptGenRandom(nr_CryptProvider(), data_len, data)) + return 0; + return data_len; +} +#else ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) { static int fd = -1; @@ -49,6 +124,7 @@ ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) return read(fd, data, data_len); } +#endif /* WIN32 */ uint32_t nr_rand(void) { diff --git a/lib/radius/id.c b/lib/radius/id.c index 2b956f2..4ccd032 100644 --- a/lib/radius/id.c +++ b/lib/radius/id.c @@ -26,7 +26,10 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "client.h" + +#ifdef HAVE_UNISTD_H #include +#endif /** \file id.c * \brief Handling of ID allocation / freeing @@ -141,7 +144,7 @@ int nr_server_close(const nr_server_t *s) if (s->used > 0) return -RSE_INUSE; - if (s->sockfd >= 0) close(s->sockfd); + if (s->sockfd >= 0) evutil_closesocket(s->sockfd); return 0; } diff --git a/lib/radius/parse.c b/lib/radius/parse.c index cd7491a..8446306 100644 --- a/lib/radius/parse.c +++ b/lib/radius/parse.c @@ -30,18 +30,25 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "client.h" + +#ifdef HAVE_ARPA_INET_H #include +#endif ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) { char *end; switch (vp->da->type) { - case RS_TYPE_STRING: - strlcpy(vp->vp_strvalue, value, sizeof(vp->vp_strvalue)); - vp->length = strlen(vp->vp_strvalue); - return vp->length; + case RS_TYPE_STRING: { + size_t len = strlen(value); + if (len >= RS_MAX_STRING_LEN) + return -RSE_ATTR_TOO_LARGE; + + memcpy(vp->vp_strvalue, value, len + 1); + return (vp->length = len); + } case RS_TYPE_DATE: case RS_TYPE_INTEGER: vp->vp_integer = strtoul(value, &end, 10); diff --git a/lib/radius/print.c b/lib/radius/print.c index 28dd0a6..6fa06d7 100644 --- a/lib/radius/print.c +++ b/lib/radius/print.c @@ -164,6 +164,7 @@ size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) break; default: + len = 0; break; } diff --git a/lib/radius/packet.c b/lib/radius/radpkt.c similarity index 98% rename from lib/radius/packet.c rename to lib/radius/radpkt.c index c5d3bc4..bb8f75e 100644 --- a/lib/radius/packet.c +++ b/lib/radius/radpkt.c @@ -249,7 +249,7 @@ static int packet_auth_ok(const RADIUS_PACKET *original, RS_MD5Init(&ctx); RS_MD5Update(&ctx, data, length); - RS_MD5Update(&ctx, original->secret, original->sizeof_secret); + RS_MD5Update(&ctx, (const unsigned char *)original->secret, original->sizeof_secret); RS_MD5Final(calc_digest, &ctx); memcpy(data + 4, packet_vector, sizeof(packet_vector)); @@ -313,7 +313,7 @@ int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) } if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && - (evutil_sockaddr_cmp(&(packet->src), &(original->dst)) != 0)) { + (evutil_sockaddr_cmp((struct sockaddr *)&packet->src, (struct sockaddr *)&original->dst, 1) != 0)) { nr_debug_error("Ignoring response from wrong IP/port"); return -RSE_INVALID_RESPONSE_SRC; } @@ -487,7 +487,7 @@ int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) RS_MD5Init(&ctx); RS_MD5Update(&ctx, packet->data, packet->length); - RS_MD5Update(&ctx, packet->secret, packet->sizeof_secret); + RS_MD5Update(&ctx, (const unsigned char *)packet->secret, packet->sizeof_secret); RS_MD5Final(packet->vector, &ctx); } diff --git a/lib/radius/valuepair.c b/lib/radius/valuepair.c index b374fdd..6277f7d 100644 --- a/lib/radius/valuepair.c +++ b/lib/radius/valuepair.c @@ -35,17 +35,13 @@ void nr_vp_free(VALUE_PAIR **head) { VALUE_PAIR *next, *vp; - if (!head || !*head) return; - - vp = *head; - do { - if (vp) next = vp->next; + for (vp = *head; vp != NULL; vp = next) { + next = vp->next; if (vp->da->flags.encrypt) { memset(vp, 0, sizeof(vp)); } free(vp); - vp = next; - } while (next); + } *head = NULL; }