diff options
| author | Sam Hartman <hartmans@painless-security.com> | 2014-03-06 08:30:39 -0500 |
|---|---|---|
| committer | Sam Hartman <hartmans@painless-security.com> | 2014-03-06 08:30:39 -0500 |
| commit | 856332bf1247ba965b6e3da1fe90cf6a3e3ebbd0 (patch) | |
| tree | 30d1d50405e8a89eb1d4fd47fa012ece558cc489 /lib | |
| parent | 07182442a6e3a194448b13a419c568bcab43d363 (diff) | |
| parent | 3d954bfd2f658ac05a0f20a1241738ed3e3fdd28 (diff) | |
Merge remote-tracking branch 'origin/master' into debian
In particular update root of tree
Diffstat (limited to 'lib')
118 files changed, 0 insertions, 18152 deletions
diff --git a/lib/CHANGES b/lib/CHANGES deleted file mode 100644 index 928dfbe..0000000 --- a/lib/CHANGES +++ /dev/null @@ -1,17 +0,0 @@ -Changes between 0.0.4 and 0.0.5 - - - When POSIX thread support is detected at configure and build time - libradsec will be more safe to use by programs that call it from - more than one thread simultaneously. - - - The initialisation of the OpenSSL PRNG has been improved. - -User visible changes between 0.0.1 and 0.0.4 - - - TLS support is now enabled by default. Use --disable-tls to - disable it. - - - Support for TLS-PSK has been added (--enable-tls-psk). - - - The RADIUS dictionaries are now compiled into the library and are - no longer read from disk. diff --git a/lib/Doxyfile b/lib/Doxyfile deleted file mode 100644 index 9c79d20..0000000 --- a/lib/Doxyfile +++ /dev/null @@ -1,1630 +0,0 @@ -# Doxyfile 1.7.1 - -# This file describes the settings to be used by the documentation system -# doxygen (www.doxygen.org) for a project -# -# All text after a hash (#) is considered a comment and will be ignored -# The format is: -# TAG = value [value, ...] -# For lists items can also be appended using: -# TAG += value [value, ...] -# Values that contain spaces should be placed between quotes (" ") - -#--------------------------------------------------------------------------- -# Project related configuration options -#--------------------------------------------------------------------------- - -# This tag specifies the encoding used for all characters in the config file -# that follow. The default is UTF-8 which is also the encoding used for all -# text before the first occurrence of this tag. Doxygen uses libiconv (or the -# iconv built into libc) for the transcoding. See -# http://www.gnu.org/software/libiconv for the list of possible encodings. - -DOXYFILE_ENCODING = UTF-8 - -# The PROJECT_NAME tag is a single word (or a sequence of words surrounded -# by quotes) that should identify the project. - -PROJECT_NAME = libradsec - -# The PROJECT_NUMBER tag can be used to enter a project or revision number. -# This could be handy for archiving the generated documentation or -# if some version control system is used. - -PROJECT_NUMBER = - -# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) -# base path where the generated documentation will be put. -# If a relative path is entered, it will be relative to the location -# where doxygen was started. If left blank the current directory will be used. - -OUTPUT_DIRECTORY = doxy - -# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create -# 4096 sub-directories (in 2 levels) under the output directory of each output -# format and will distribute the generated files over these directories. -# Enabling this option can be useful when feeding doxygen a huge amount of -# source files, where putting all generated files in the same directory would -# otherwise cause performance problems for the file system. - -CREATE_SUBDIRS = NO - -# The OUTPUT_LANGUAGE tag is used to specify the language in which all -# documentation generated by doxygen is written. Doxygen will use this -# information to generate all constant output in the proper language. -# The default language is English, other supported languages are: -# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, -# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, -# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English -# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, -# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak, -# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. - -OUTPUT_LANGUAGE = English - -# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will -# include brief member descriptions after the members that are listed in -# the file and class documentation (similar to JavaDoc). -# Set to NO to disable this. - -BRIEF_MEMBER_DESC = YES - -# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend -# the brief description of a member or function before the detailed description. -# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the -# brief descriptions will be completely suppressed. - -REPEAT_BRIEF = YES - -# This tag implements a quasi-intelligent brief description abbreviator -# that is used to form the text in various listings. Each string -# in this list, if found as the leading text of the brief description, will be -# stripped from the text and the result after processing the whole list, is -# used as the annotated text. Otherwise, the brief description is used as-is. -# If left blank, the following values are used ("$name" is automatically -# replaced with the name of the entity): "The $name class" "The $name widget" -# "The $name file" "is" "provides" "specifies" "contains" -# "represents" "a" "an" "the" - -ABBREVIATE_BRIEF = - -# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then -# Doxygen will generate a detailed section even if there is only a brief -# description. - -ALWAYS_DETAILED_SEC = NO - -# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all -# inherited members of a class in the documentation of that class as if those -# members were ordinary class members. Constructors, destructors and assignment -# operators of the base classes will not be shown. - -INLINE_INHERITED_MEMB = NO - -# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full -# path before files name in the file list and in the header files. If set -# to NO the shortest path that makes the file name unique will be used. - -FULL_PATH_NAMES = YES - -# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag -# can be used to strip a user-defined part of the path. Stripping is -# only done if one of the specified strings matches the left-hand part of -# the path. The tag can be used to show relative paths in the file list. -# If left blank the directory from which doxygen is run is used as the -# path to strip. - -STRIP_FROM_PATH = - -# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of -# the path mentioned in the documentation of a class, which tells -# the reader which header file to include in order to use a class. -# If left blank only the name of the header file containing the class -# definition is used. Otherwise one should specify the include paths that -# are normally passed to the compiler using the -I flag. - -STRIP_FROM_INC_PATH = - -# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter -# (but less readable) file names. This can be useful is your file systems -# doesn't support long names like on DOS, Mac, or CD-ROM. - -SHORT_NAMES = NO - -# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen -# will interpret the first line (until the first dot) of a JavaDoc-style -# comment as the brief description. If set to NO, the JavaDoc -# comments will behave just like regular Qt-style comments -# (thus requiring an explicit @brief command for a brief description.) - -JAVADOC_AUTOBRIEF = NO - -# If the QT_AUTOBRIEF tag is set to YES then Doxygen will -# interpret the first line (until the first dot) of a Qt-style -# comment as the brief description. If set to NO, the comments -# will behave just like regular Qt-style comments (thus requiring -# an explicit \brief command for a brief description.) - -QT_AUTOBRIEF = NO - -# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen -# treat a multi-line C++ special comment block (i.e. a block of //! or /// -# comments) as a brief description. This used to be the default behaviour. -# The new default is to treat a multi-line C++ comment block as a detailed -# description. Set this tag to YES if you prefer the old behaviour instead. - -MULTILINE_CPP_IS_BRIEF = NO - -# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented -# member inherits the documentation from any documented member that it -# re-implements. - -INHERIT_DOCS = YES - -# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce -# a new page for each member. If set to NO, the documentation of a member will -# be part of the file/class/namespace that contains it. - -SEPARATE_MEMBER_PAGES = NO - -# The TAB_SIZE tag can be used to set the number of spaces in a tab. -# Doxygen uses this value to replace tabs by spaces in code fragments. - -TAB_SIZE = 8 - -# This tag can be used to specify a number of aliases that acts -# as commands in the documentation. An alias has the form "name=value". -# For example adding "sideeffect=\par Side Effects:\n" will allow you to -# put the command \sideeffect (or @sideeffect) in the documentation, which -# will result in a user-defined paragraph with heading "Side Effects:". -# You can put \n's in the value part of an alias to insert newlines. - -ALIASES = - -# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C -# sources only. Doxygen will then generate output that is more tailored for C. -# For instance, some of the names that are used will be different. The list -# of all members will be omitted, etc. - -OPTIMIZE_OUTPUT_FOR_C = NO - -# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java -# sources only. Doxygen will then generate output that is more tailored for -# Java. For instance, namespaces will be presented as packages, qualified -# scopes will look different, etc. - -OPTIMIZE_OUTPUT_JAVA = NO - -# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran -# sources only. Doxygen will then generate output that is more tailored for -# Fortran. - -OPTIMIZE_FOR_FORTRAN = NO - -# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL -# sources. Doxygen will then generate output that is tailored for -# VHDL. - -OPTIMIZE_OUTPUT_VHDL = NO - -# Doxygen selects the parser to use depending on the extension of the files it -# parses. With this tag you can assign which parser to use for a given extension. -# Doxygen has a built-in mapping, but you can override or extend it using this -# tag. The format is ext=language, where ext is a file extension, and language -# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C, -# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make -# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C -# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions -# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. - -EXTENSION_MAPPING = - -# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want -# to include (a tag file for) the STL sources as input, then you should -# set this tag to YES in order to let doxygen match functions declarations and -# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. -# func(std::string) {}). This also make the inheritance and collaboration -# diagrams that involve STL classes more complete and accurate. - -BUILTIN_STL_SUPPORT = NO - -# If you use Microsoft's C++/CLI language, you should set this option to YES to -# enable parsing support. - -CPP_CLI_SUPPORT = NO - -# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. -# Doxygen will parse them like normal C++ but will assume all classes use public -# instead of private inheritance when no explicit protection keyword is present. - -SIP_SUPPORT = NO - -# For Microsoft's IDL there are propget and propput attributes to indicate getter -# and setter methods for a property. Setting this option to YES (the default) -# will make doxygen to replace the get and set methods by a property in the -# documentation. This will only work if the methods are indeed getting or -# setting a simple type. If this is not the case, or you want to show the -# methods anyway, you should set this option to NO. - -IDL_PROPERTY_SUPPORT = YES - -# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC -# tag is set to YES, then doxygen will reuse the documentation of the first -# member in the group (if any) for the other members of the group. By default -# all members of a group must be documented explicitly. - -DISTRIBUTE_GROUP_DOC = NO - -# Set the SUBGROUPING tag to YES (the default) to allow class member groups of -# the same type (for instance a group of public functions) to be put as a -# subgroup of that type (e.g. under the Public Functions section). Set it to -# NO to prevent subgrouping. Alternatively, this can be done per class using -# the \nosubgrouping command. - -SUBGROUPING = YES - -# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum -# is documented as struct, union, or enum with the name of the typedef. So -# typedef struct TypeS {} TypeT, will appear in the documentation as a struct -# with name TypeT. When disabled the typedef will appear as a member of a file, -# namespace, or class. And the struct will be named TypeS. This can typically -# be useful for C code in case the coding convention dictates that all compound -# types are typedef'ed and only the typedef is referenced, never the tag name. - -TYPEDEF_HIDES_STRUCT = NO - -# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to -# determine which symbols to keep in memory and which to flush to disk. -# When the cache is full, less often used symbols will be written to disk. -# For small to medium size projects (<1000 input files) the default value is -# probably good enough. For larger projects a too small cache size can cause -# doxygen to be busy swapping symbols to and from disk most of the time -# causing a significant performance penality. -# If the system has enough physical memory increasing the cache will improve the -# performance by keeping more symbols in memory. Note that the value works on -# a logarithmic scale so increasing the size by one will rougly double the -# memory usage. The cache size is given by this formula: -# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, -# corresponding to a cache size of 2^16 = 65536 symbols - -SYMBOL_CACHE_SIZE = 0 - -#--------------------------------------------------------------------------- -# Build related configuration options -#--------------------------------------------------------------------------- - -# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in -# documentation are documented, even if no documentation was available. -# Private class members and static file members will be hidden unless -# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES - -EXTRACT_ALL = NO - -# If the EXTRACT_PRIVATE tag is set to YES all private members of a class -# will be included in the documentation. - -EXTRACT_PRIVATE = NO - -# If the EXTRACT_STATIC tag is set to YES all static members of a file -# will be included in the documentation. - -EXTRACT_STATIC = NO - -# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) -# defined locally in source files will be included in the documentation. -# If set to NO only classes defined in header files are included. - -EXTRACT_LOCAL_CLASSES = YES - -# This flag is only useful for Objective-C code. When set to YES local -# methods, which are defined in the implementation section but not in -# the interface are included in the documentation. -# If set to NO (the default) only methods in the interface are included. - -EXTRACT_LOCAL_METHODS = NO - -# If this flag is set to YES, the members of anonymous namespaces will be -# extracted and appear in the documentation as a namespace called -# 'anonymous_namespace{file}', where file will be replaced with the base -# name of the file that contains the anonymous namespace. By default -# anonymous namespace are hidden. - -EXTRACT_ANON_NSPACES = NO - -# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all -# undocumented members of documented classes, files or namespaces. -# If set to NO (the default) these members will be included in the -# various overviews, but no documentation section is generated. -# This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_MEMBERS = NO - -# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all -# undocumented classes that are normally visible in the class hierarchy. -# If set to NO (the default) these classes will be included in the various -# overviews. This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_CLASSES = NO - -# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all -# friend (class|struct|union) declarations. -# If set to NO (the default) these declarations will be included in the -# documentation. - -HIDE_FRIEND_COMPOUNDS = NO - -# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any -# documentation blocks found inside the body of a function. -# If set to NO (the default) these blocks will be appended to the -# function's detailed documentation block. - -HIDE_IN_BODY_DOCS = NO - -# The INTERNAL_DOCS tag determines if documentation -# that is typed after a \internal command is included. If the tag is set -# to NO (the default) then the documentation will be excluded. -# Set it to YES to include the internal documentation. - -INTERNAL_DOCS = NO - -# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate -# file names in lower-case letters. If set to YES upper-case letters are also -# allowed. This is useful if you have classes or files whose names only differ -# in case and if your file system supports case sensitive file names. Windows -# and Mac users are advised to set this option to NO. - -CASE_SENSE_NAMES = YES - -# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen -# will show members with their full class and namespace scopes in the -# documentation. If set to YES the scope will be hidden. - -HIDE_SCOPE_NAMES = NO - -# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen -# will put a list of the files that are included by a file in the documentation -# of that file. - -SHOW_INCLUDE_FILES = YES - -# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen -# will list include files with double quotes in the documentation -# rather than with sharp brackets. - -FORCE_LOCAL_INCLUDES = NO - -# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] -# is inserted in the documentation for inline members. - -INLINE_INFO = YES - -# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen -# will sort the (detailed) documentation of file and class members -# alphabetically by member name. If set to NO the members will appear in -# declaration order. - -SORT_MEMBER_DOCS = YES - -# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the -# brief documentation of file, namespace and class members alphabetically -# by member name. If set to NO (the default) the members will appear in -# declaration order. - -SORT_BRIEF_DOCS = NO - -# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen -# will sort the (brief and detailed) documentation of class members so that -# constructors and destructors are listed first. If set to NO (the default) -# the constructors will appear in the respective orders defined by -# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. -# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO -# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. - -SORT_MEMBERS_CTORS_1ST = NO - -# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the -# hierarchy of group names into alphabetical order. If set to NO (the default) -# the group names will appear in their defined order. - -SORT_GROUP_NAMES = NO - -# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be -# sorted by fully-qualified names, including namespaces. If set to -# NO (the default), the class list will be sorted only by class name, -# not including the namespace part. -# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. -# Note: This option applies only to the class list, not to the -# alphabetical list. - -SORT_BY_SCOPE_NAME = NO - -# The GENERATE_TODOLIST tag can be used to enable (YES) or -# disable (NO) the todo list. This list is created by putting \todo -# commands in the documentation. - -GENERATE_TODOLIST = YES - -# The GENERATE_TESTLIST tag can be used to enable (YES) or -# disable (NO) the test list. This list is created by putting \test -# commands in the documentation. - -GENERATE_TESTLIST = YES - -# The GENERATE_BUGLIST tag can be used to enable (YES) or -# disable (NO) the bug list. This list is created by putting \bug -# commands in the documentation. - -GENERATE_BUGLIST = YES - -# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or -# disable (NO) the deprecated list. This list is created by putting -# \deprecated commands in the documentation. - -GENERATE_DEPRECATEDLIST= YES - -# The ENABLED_SECTIONS tag can be used to enable conditional -# documentation sections, marked by \if sectionname ... \endif. - -ENABLED_SECTIONS = - -# The MAX_INITIALIZER_LINES tag determines the maximum number of lines -# the initial value of a variable or define consists of for it to appear in -# the documentation. If the initializer consists of more lines than specified -# here it will be hidden. Use a value of 0 to hide initializers completely. -# The appearance of the initializer of individual variables and defines in the -# documentation can be controlled using \showinitializer or \hideinitializer -# command in the documentation regardless of this setting. - -MAX_INITIALIZER_LINES = 30 - -# Set the SHOW_USED_FILES tag to NO to disable the list of files generated -# at the bottom of the documentation of classes and structs. If set to YES the -# list will mention the files that were used to generate the documentation. - -SHOW_USED_FILES = YES - -# If the sources in your project are distributed over multiple directories -# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy -# in the documentation. The default is NO. - -SHOW_DIRECTORIES = NO - -# Set the SHOW_FILES tag to NO to disable the generation of the Files page. -# This will remove the Files entry from the Quick Index and from the -# Folder Tree View (if specified). The default is YES. - -SHOW_FILES = YES - -# Set the SHOW_NAMESPACES tag to NO to disable the generation of the -# Namespaces page. -# This will remove the Namespaces entry from the Quick Index -# and from the Folder Tree View (if specified). The default is YES. - -SHOW_NAMESPACES = YES - -# The FILE_VERSION_FILTER tag can be used to specify a program or script that -# doxygen should invoke to get the current version for each file (typically from -# the version control system). Doxygen will invoke the program by executing (via -# popen()) the command <command> <input-file>, where <command> is the value of -# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file -# provided by doxygen. Whatever the program writes to standard output -# is used as the file version. See the manual for examples. - -FILE_VERSION_FILTER = - -# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed -# by doxygen. The layout file controls the global structure of the generated -# output files in an output format independent way. The create the layout file -# that represents doxygen's defaults, run doxygen with the -l option. -# You can optionally specify a file name after the option, if omitted -# DoxygenLayout.xml will be used as the name of the layout file. - -LAYOUT_FILE = - -#--------------------------------------------------------------------------- -# configuration options related to warning and progress messages -#--------------------------------------------------------------------------- - -# The QUIET tag can be used to turn on/off the messages that are generated -# by doxygen. Possible values are YES and NO. If left blank NO is used. - -QUIET = NO - -# The WARNINGS tag can be used to turn on/off the warning messages that are -# generated by doxygen. Possible values are YES and NO. If left blank -# NO is used. - -WARNINGS = YES - -# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings -# for undocumented members. If EXTRACT_ALL is set to YES then this flag will -# automatically be disabled. - -WARN_IF_UNDOCUMENTED = YES - -# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for -# potential errors in the documentation, such as not documenting some -# parameters in a documented function, or documenting parameters that -# don't exist or using markup commands wrongly. - -WARN_IF_DOC_ERROR = YES - -# This WARN_NO_PARAMDOC option can be abled to get warnings for -# functions that are documented, but have no documentation for their parameters -# or return value. If set to NO (the default) doxygen will only warn about -# wrong or incomplete parameter documentation, but not about the absence of -# documentation. - -WARN_NO_PARAMDOC = NO - -# The WARN_FORMAT tag determines the format of the warning messages that -# doxygen can produce. The string should contain the $file, $line, and $text -# tags, which will be replaced by the file and line number from which the -# warning originated and the warning text. Optionally the format may contain -# $version, which will be replaced by the version of the file (if it could -# be obtained via FILE_VERSION_FILTER) - -WARN_FORMAT = "$file:$line: $text" - -# The WARN_LOGFILE tag can be used to specify a file to which warning -# and error messages should be written. If left blank the output is written -# to stderr. - -WARN_LOGFILE = - -#--------------------------------------------------------------------------- -# configuration options related to the input files -#--------------------------------------------------------------------------- - -# The INPUT tag can be used to specify the files and/or directories that contain -# documented source files. You may enter file names like "myfile.cpp" or -# directories like "/usr/src/myproject". Separate the files or directories -# with spaces. - -INPUT = include/radsec/radsec.h include/radsec/request.h - -# This tag can be used to specify the character encoding of the source files -# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is -# also the default input encoding. Doxygen uses libiconv (or the iconv built -# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for -# the list of possible encodings. - -INPUT_ENCODING = UTF-8 - -# If the value of the INPUT tag contains directories, you can use the -# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank the following patterns are tested: -# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx -# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 - -FILE_PATTERNS = *.c *.h - -# The RECURSIVE tag can be used to turn specify whether or not subdirectories -# should be searched for input files as well. Possible values are YES and NO. -# If left blank NO is used. - -RECURSIVE = NO - -# The EXCLUDE tag can be used to specify files and/or directories that should -# excluded from the INPUT source files. This way you can easily exclude a -# subdirectory from a directory tree whose root is specified with the INPUT tag. - -EXCLUDE = - -# The EXCLUDE_SYMLINKS tag can be used select whether or not files or -# directories that are symbolic links (a Unix filesystem feature) are excluded -# from the input. - -EXCLUDE_SYMLINKS = NO - -# If the value of the INPUT tag contains directories, you can use the -# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude -# certain files from those directories. Note that the wildcards are matched -# against the file with absolute path, so to exclude all test directories -# for example use the pattern */test/* - -EXCLUDE_PATTERNS = - -# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names -# (namespaces, classes, functions, etc.) that should be excluded from the -# output. The symbol name can be a fully qualified name, a word, or if the -# wildcard * is used, a substring. Examples: ANamespace, AClass, -# AClass::ANamespace, ANamespace::*Test - -EXCLUDE_SYMBOLS = - -# The EXAMPLE_PATH tag can be used to specify one or more files or -# directories that contain example code fragments that are included (see -# the \include command). - -EXAMPLE_PATH = - -# If the value of the EXAMPLE_PATH tag contains directories, you can use the -# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank all files are included. - -EXAMPLE_PATTERNS = - -# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be -# searched for input files to be used with the \include or \dontinclude -# commands irrespective of the value of the RECURSIVE tag. -# Possible values are YES and NO. If left blank NO is used. - -EXAMPLE_RECURSIVE = NO - -# The IMAGE_PATH tag can be used to specify one or more files or -# directories that contain image that are included in the documentation (see -# the \image command). - -IMAGE_PATH = - -# The INPUT_FILTER tag can be used to specify a program that doxygen should -# invoke to filter for each input file. Doxygen will invoke the filter program -# by executing (via popen()) the command <filter> <input-file>, where <filter> -# is the value of the INPUT_FILTER tag, and <input-file> is the name of an -# input file. Doxygen will then use the output that the filter program writes -# to standard output. -# If FILTER_PATTERNS is specified, this tag will be -# ignored. - -INPUT_FILTER = - -# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern -# basis. -# Doxygen will compare the file name with each pattern and apply the -# filter if there is a match. -# The filters are a list of the form: -# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further -# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER -# is applied to all files. - -FILTER_PATTERNS = - -# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using -# INPUT_FILTER) will be used to filter the input files when producing source -# files to browse (i.e. when SOURCE_BROWSER is set to YES). - -FILTER_SOURCE_FILES = NO - -#--------------------------------------------------------------------------- -# configuration options related to source browsing -#--------------------------------------------------------------------------- - -# If the SOURCE_BROWSER tag is set to YES then a list of source files will -# be generated. Documented entities will be cross-referenced with these sources. -# Note: To get rid of all source code in the generated output, make sure also -# VERBATIM_HEADERS is set to NO. - -SOURCE_BROWSER = NO - -# Setting the INLINE_SOURCES tag to YES will include the body -# of functions and classes directly in the documentation. - -INLINE_SOURCES = NO - -# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct -# doxygen to hide any special comment blocks from generated source code -# fragments. Normal C and C++ comments will always remain visible. - -STRIP_CODE_COMMENTS = YES - -# If the REFERENCED_BY_RELATION tag is set to YES -# then for each documented function all documented -# functions referencing it will be listed. - -REFERENCED_BY_RELATION = NO - -# If the REFERENCES_RELATION tag is set to YES -# then for each documented function all documented entities -# called/used by that function will be listed. - -REFERENCES_RELATION = NO - -# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) -# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from -# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will -# link to the source code. -# Otherwise they will link to the documentation. - -REFERENCES_LINK_SOURCE = YES - -# If the USE_HTAGS tag is set to YES then the references to source code -# will point to the HTML generated by the htags(1) tool instead of doxygen -# built-in source browser. The htags tool is part of GNU's global source -# tagging system (see http://www.gnu.org/software/global/global.html). You -# will need version 4.8.6 or higher. - -USE_HTAGS = NO - -# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen -# will generate a verbatim copy of the header file for each class for -# which an include is specified. Set to NO to disable this. - -VERBATIM_HEADERS = YES - -#--------------------------------------------------------------------------- -# configuration options related to the alphabetical class index -#--------------------------------------------------------------------------- - -# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index -# of all compounds will be generated. Enable this if the project -# contains a lot of classes, structs, unions or interfaces. - -ALPHABETICAL_INDEX = YES - -# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then -# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns -# in which this list will be split (can be a number in the range [1..20]) - -COLS_IN_ALPHA_INDEX = 5 - -# In case all classes in a project start with a common prefix, all -# classes will be put under the same header in the alphabetical index. -# The IGNORE_PREFIX tag can be used to specify one or more prefixes that -# should be ignored while generating the index headers. - -IGNORE_PREFIX = - -#--------------------------------------------------------------------------- -# configuration options related to the HTML output -#--------------------------------------------------------------------------- - -# If the GENERATE_HTML tag is set to YES (the default) Doxygen will -# generate HTML output. - -GENERATE_HTML = YES - -# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `html' will be used as the default path. - -HTML_OUTPUT = html - -# The HTML_FILE_EXTENSION tag can be used to specify the file extension for -# each generated HTML page (for example: .htm,.php,.asp). If it is left blank -# doxygen will generate files with .html extension. - -HTML_FILE_EXTENSION = .html - -# The HTML_HEADER tag can be used to specify a personal HTML header for -# each generated HTML page. If it is left blank doxygen will generate a -# standard header. - -HTML_HEADER = - -# The HTML_FOOTER tag can be used to specify a personal HTML footer for -# each generated HTML page. If it is left blank doxygen will generate a -# standard footer. - -HTML_FOOTER = - -# The HTML_STYLESHEET tag can be used to specify a user-defined cascading -# style sheet that is used by each HTML page. It can be used to -# fine-tune the look of the HTML output. If the tag is left blank doxygen -# will generate a default style sheet. Note that doxygen will try to copy -# the style sheet file to the HTML output directory, so don't put your own -# stylesheet in the HTML output directory as well, or it will be erased! - -HTML_STYLESHEET = - -# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. -# Doxygen will adjust the colors in the stylesheet and background images -# according to this color. Hue is specified as an angle on a colorwheel, -# see http://en.wikipedia.org/wiki/Hue for more information. -# For instance the value 0 represents red, 60 is yellow, 120 is green, -# 180 is cyan, 240 is blue, 300 purple, and 360 is red again. -# The allowed range is 0 to 359. - -HTML_COLORSTYLE_HUE = 220 - -# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of -# the colors in the HTML output. For a value of 0 the output will use -# grayscales only. A value of 255 will produce the most vivid colors. - -HTML_COLORSTYLE_SAT = 100 - -# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to -# the luminance component of the colors in the HTML output. Values below -# 100 gradually make the output lighter, whereas values above 100 make -# the output darker. The value divided by 100 is the actual gamma applied, -# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, -# and 100 does not change the gamma. - -HTML_COLORSTYLE_GAMMA = 80 - -# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML -# page will contain the date and time when the page was generated. Setting -# this to NO can help when comparing the output of multiple runs. - -HTML_TIMESTAMP = YES - -# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, -# files or namespaces will be aligned in HTML using tables. If set to -# NO a bullet list will be used. - -HTML_ALIGN_MEMBERS = YES - -# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML -# documentation will contain sections that can be hidden and shown after the -# page has loaded. For this to work a browser that supports -# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox -# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). - -HTML_DYNAMIC_SECTIONS = NO - -# If the GENERATE_DOCSET tag is set to YES, additional index files -# will be generated that can be used as input for Apple's Xcode 3 -# integrated development environment, introduced with OSX 10.5 (Leopard). -# To create a documentation set, doxygen will generate a Makefile in the -# HTML output directory. Running make will produce the docset in that -# directory and running "make install" will install the docset in -# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find -# it at startup. -# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html -# for more information. - -GENERATE_DOCSET = NO - -# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the -# feed. A documentation feed provides an umbrella under which multiple -# documentation sets from a single provider (such as a company or product suite) -# can be grouped. - -DOCSET_FEEDNAME = "Doxygen generated docs" - -# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that -# should uniquely identify the documentation set bundle. This should be a -# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen -# will append .docset to the name. - -DOCSET_BUNDLE_ID = org.doxygen.Project - -# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify -# the documentation publisher. This should be a reverse domain-name style -# string, e.g. com.mycompany.MyDocSet.documentation. - -DOCSET_PUBLISHER_ID = org.doxygen.Publisher - -# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. - -DOCSET_PUBLISHER_NAME = Publisher - -# If the GENERATE_HTMLHELP tag is set to YES, additional index files -# will be generated that can be used as input for tools like the -# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) -# of the generated HTML documentation. - -GENERATE_HTMLHELP = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can -# be used to specify the file name of the resulting .chm file. You -# can add a path in front of the file if the result should not be -# written to the html output directory. - -CHM_FILE = - -# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can -# be used to specify the location (absolute path including file name) of -# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run -# the HTML help compiler on the generated index.hhp. - -HHC_LOCATION = - -# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag -# controls if a separate .chi index file is generated (YES) or that -# it should be included in the master .chm file (NO). - -GENERATE_CHI = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING -# is used to encode HtmlHelp index (hhk), content (hhc) and project file -# content. - -CHM_INDEX_ENCODING = - -# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag -# controls whether a binary table of contents is generated (YES) or a -# normal table of contents (NO) in the .chm file. - -BINARY_TOC = NO - -# The TOC_EXPAND flag can be set to YES to add extra items for group members -# to the contents of the HTML help documentation and to the tree view. - -TOC_EXPAND = NO - -# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and -# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated -# that can be used as input for Qt's qhelpgenerator to generate a -# Qt Compressed Help (.qch) of the generated HTML documentation. - -GENERATE_QHP = NO - -# If the QHG_LOCATION tag is specified, the QCH_FILE tag can -# be used to specify the file name of the resulting .qch file. -# The path specified is relative to the HTML output folder. - -QCH_FILE = - -# The QHP_NAMESPACE tag specifies the namespace to use when generating -# Qt Help Project output. For more information please see -# http://doc.trolltech.com/qthelpproject.html#namespace - -QHP_NAMESPACE = org.doxygen.Project - -# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating -# Qt Help Project output. For more information please see -# http://doc.trolltech.com/qthelpproject.html#virtual-folders - -QHP_VIRTUAL_FOLDER = doc - -# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to -# add. For more information please see -# http://doc.trolltech.com/qthelpproject.html#custom-filters - -QHP_CUST_FILTER_NAME = - -# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the -# custom filter to add. For more information please see -# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters"> -# Qt Help Project / Custom Filters</a>. - -QHP_CUST_FILTER_ATTRS = - -# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this -# project's -# filter section matches. -# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes"> -# Qt Help Project / Filter Attributes</a>. - -QHP_SECT_FILTER_ATTRS = - -# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can -# be used to specify the location of Qt's qhelpgenerator. -# If non-empty doxygen will try to run qhelpgenerator on the generated -# .qhp file. - -QHG_LOCATION = - -# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files -# will be generated, which together with the HTML files, form an Eclipse help -# plugin. To install this plugin and make it available under the help contents -# menu in Eclipse, the contents of the directory containing the HTML and XML -# files needs to be copied into the plugins directory of eclipse. The name of -# the directory within the plugins directory should be the same as -# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before -# the help appears. - -GENERATE_ECLIPSEHELP = NO - -# A unique identifier for the eclipse help plugin. When installing the plugin -# the directory name containing the HTML and XML files should also have -# this name. - -ECLIPSE_DOC_ID = org.doxygen.Project - -# The DISABLE_INDEX tag can be used to turn on/off the condensed index at -# top of each HTML page. The value NO (the default) enables the index and -# the value YES disables it. - -DISABLE_INDEX = NO - -# This tag can be used to set the number of enum values (range [1..20]) -# that doxygen will group on one line in the generated HTML documentation. - -ENUM_VALUES_PER_LINE = 4 - -# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index -# structure should be generated to display hierarchical information. -# If the tag value is set to YES, a side panel will be generated -# containing a tree-like index structure (just like the one that -# is generated for HTML Help). For this to work a browser that supports -# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). -# Windows users are probably better off using the HTML help feature. - -GENERATE_TREEVIEW = NO - -# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, -# and Class Hierarchy pages using a tree view instead of an ordered list. - -USE_INLINE_TREES = NO - -# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be -# used to set the initial width (in pixels) of the frame in which the tree -# is shown. - -TREEVIEW_WIDTH = 250 - -# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open -# links to external symbols imported via tag files in a separate window. - -EXT_LINKS_IN_WINDOW = NO - -# Use this tag to change the font size of Latex formulas included -# as images in the HTML documentation. The default is 10. Note that -# when you change the font size after a successful doxygen run you need -# to manually remove any form_*.png images from the HTML output directory -# to force them to be regenerated. - -FORMULA_FONTSIZE = 10 - -# Use the FORMULA_TRANPARENT tag to determine whether or not the images -# generated for formulas are transparent PNGs. Transparent PNGs are -# not supported properly for IE 6.0, but are supported on all modern browsers. -# Note that when changing this option you need to delete any form_*.png files -# in the HTML output before the changes have effect. - -FORMULA_TRANSPARENT = YES - -# When the SEARCHENGINE tag is enabled doxygen will generate a search box -# for the HTML output. The underlying search engine uses javascript -# and DHTML and should work on any modern browser. Note that when using -# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets -# (GENERATE_DOCSET) there is already a search function so this one should -# typically be disabled. For large projects the javascript based search engine -# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. - -SEARCHENGINE = YES - -# When the SERVER_BASED_SEARCH tag is enabled the search engine will be -# implemented using a PHP enabled web server instead of at the web client -# using Javascript. Doxygen will generate the search PHP script and index -# file to put on the web server. The advantage of the server -# based approach is that it scales better to large projects and allows -# full text search. The disadvances is that it is more difficult to setup -# and does not have live searching capabilities. - -SERVER_BASED_SEARCH = NO - -#--------------------------------------------------------------------------- -# configuration options related to the LaTeX output -#--------------------------------------------------------------------------- - -# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will -# generate Latex output. - -GENERATE_LATEX = YES - -# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `latex' will be used as the default path. - -LATEX_OUTPUT = latex - -# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be -# invoked. If left blank `latex' will be used as the default command name. -# Note that when enabling USE_PDFLATEX this option is only used for -# generating bitmaps for formulas in the HTML output, but not in the -# Makefile that is written to the output directory. - -LATEX_CMD_NAME = latex - -# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to -# generate index for LaTeX. If left blank `makeindex' will be used as the -# default command name. - -MAKEINDEX_CMD_NAME = makeindex - -# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact -# LaTeX documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_LATEX = NO - -# The PAPER_TYPE tag can be used to set the paper type that is used -# by the printer. Possible values are: a4, a4wide, letter, legal and -# executive. If left blank a4wide will be used. - -PAPER_TYPE = a4wide - -# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX -# packages that should be included in the LaTeX output. - -EXTRA_PACKAGES = - -# The LATEX_HEADER tag can be used to specify a personal LaTeX header for -# the generated latex document. The header should contain everything until -# the first chapter. If it is left blank doxygen will generate a -# standard header. Notice: only use this tag if you know what you are doing! - -LATEX_HEADER = - -# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated -# is prepared for conversion to pdf (using ps2pdf). The pdf file will -# contain links (just like the HTML output) instead of page references -# This makes the output suitable for online browsing using a pdf viewer. - -PDF_HYPERLINKS = YES - -# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of -# plain latex in the generated Makefile. Set this option to YES to get a -# higher quality PDF documentation. - -USE_PDFLATEX = YES - -# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. -# command to the generated LaTeX files. This will instruct LaTeX to keep -# running if errors occur, instead of asking the user for help. -# This option is also used when generating formulas in HTML. - -LATEX_BATCHMODE = NO - -# If LATEX_HIDE_INDICES is set to YES then doxygen will not -# include the index chapters (such as File Index, Compound Index, etc.) -# in the output. - -LATEX_HIDE_INDICES = NO - -# If LATEX_SOURCE_CODE is set to YES then doxygen will include -# source code with syntax highlighting in the LaTeX output. -# Note that which sources are shown also depends on other settings -# such as SOURCE_BROWSER. - -LATEX_SOURCE_CODE = NO - -#--------------------------------------------------------------------------- -# configuration options related to the RTF output -#--------------------------------------------------------------------------- - -# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output -# The RTF output is optimized for Word 97 and may not look very pretty with -# other RTF readers or editors. - -GENERATE_RTF = NO - -# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `rtf' will be used as the default path. - -RTF_OUTPUT = rtf - -# If the COMPACT_RTF tag is set to YES Doxygen generates more compact -# RTF documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_RTF = NO - -# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated -# will contain hyperlink fields. The RTF file will -# contain links (just like the HTML output) instead of page references. -# This makes the output suitable for online browsing using WORD or other -# programs which support those fields. -# Note: wordpad (write) and others do not support links. - -RTF_HYPERLINKS = NO - -# Load stylesheet definitions from file. Syntax is similar to doxygen's -# config file, i.e. a series of assignments. You only have to provide -# replacements, missing definitions are set to their default value. - -RTF_STYLESHEET_FILE = - -# Set optional variables used in the generation of an rtf document. -# Syntax is similar to doxygen's config file. - -RTF_EXTENSIONS_FILE = - -#--------------------------------------------------------------------------- -# configuration options related to the man page output -#--------------------------------------------------------------------------- - -# If the GENERATE_MAN tag is set to YES (the default) Doxygen will -# generate man pages - -GENERATE_MAN = NO - -# The MAN_OUTPUT tag is used to specify where the man pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `man' will be used as the default path. - -MAN_OUTPUT = man - -# The MAN_EXTENSION tag determines the extension that is added to -# the generated man pages (default is the subroutine's section .3) - -MAN_EXTENSION = .3 - -# If the MAN_LINKS tag is set to YES and Doxygen generates man output, -# then it will generate one additional man file for each entity -# documented in the real man page(s). These additional files -# only source the real man page, but without them the man command -# would be unable to find the correct page. The default is NO. - -MAN_LINKS = NO - -#--------------------------------------------------------------------------- -# configuration options related to the XML output -#--------------------------------------------------------------------------- - -# If the GENERATE_XML tag is set to YES Doxygen will -# generate an XML file that captures the structure of -# the code including all documentation. - -GENERATE_XML = NO - -# The XML_OUTPUT tag is used to specify where the XML pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `xml' will be used as the default path. - -XML_OUTPUT = xml - -# The XML_SCHEMA tag can be used to specify an XML schema, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_SCHEMA = - -# The XML_DTD tag can be used to specify an XML DTD, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_DTD = - -# If the XML_PROGRAMLISTING tag is set to YES Doxygen will -# dump the program listings (including syntax highlighting -# and cross-referencing information) to the XML output. Note that -# enabling this will significantly increase the size of the XML output. - -XML_PROGRAMLISTING = YES - -#--------------------------------------------------------------------------- -# configuration options for the AutoGen Definitions output -#--------------------------------------------------------------------------- - -# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will -# generate an AutoGen Definitions (see autogen.sf.net) file -# that captures the structure of the code including all -# documentation. Note that this feature is still experimental -# and incomplete at the moment. - -GENERATE_AUTOGEN_DEF = NO - -#--------------------------------------------------------------------------- -# configuration options related to the Perl module output -#--------------------------------------------------------------------------- - -# If the GENERATE_PERLMOD tag is set to YES Doxygen will -# generate a Perl module file that captures the structure of -# the code including all documentation. Note that this -# feature is still experimental and incomplete at the -# moment. - -GENERATE_PERLMOD = NO - -# If the PERLMOD_LATEX tag is set to YES Doxygen will generate -# the necessary Makefile rules, Perl scripts and LaTeX code to be able -# to generate PDF and DVI output from the Perl module output. - -PERLMOD_LATEX = NO - -# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be -# nicely formatted so it can be parsed by a human reader. -# This is useful -# if you want to understand what is going on. -# On the other hand, if this -# tag is set to NO the size of the Perl module output will be much smaller -# and Perl will parse it just the same. - -PERLMOD_PRETTY = YES - -# The names of the make variables in the generated doxyrules.make file -# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. -# This is useful so different doxyrules.make files included by the same -# Makefile don't overwrite each other's variables. - -PERLMOD_MAKEVAR_PREFIX = - -#--------------------------------------------------------------------------- -# Configuration options related to the preprocessor -#--------------------------------------------------------------------------- - -# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will -# evaluate all C-preprocessor directives found in the sources and include -# files. - -ENABLE_PREPROCESSING = YES - -# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro -# names in the source code. If set to NO (the default) only conditional -# compilation will be performed. Macro expansion can be done in a controlled -# way by setting EXPAND_ONLY_PREDEF to YES. - -MACRO_EXPANSION = NO - -# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES -# then the macro expansion is limited to the macros specified with the -# PREDEFINED and EXPAND_AS_DEFINED tags. - -EXPAND_ONLY_PREDEF = NO - -# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files -# in the INCLUDE_PATH (see below) will be search if a #include is found. - -SEARCH_INCLUDES = YES - -# The INCLUDE_PATH tag can be used to specify one or more directories that -# contain include files that are not input files but should be processed by -# the preprocessor. - -INCLUDE_PATH = - -# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard -# patterns (like *.h and *.hpp) to filter out the header-files in the -# directories. If left blank, the patterns specified with FILE_PATTERNS will -# be used. - -INCLUDE_FILE_PATTERNS = - -# The PREDEFINED tag can be used to specify one or more macro names that -# are defined before the preprocessor is started (similar to the -D option of -# gcc). The argument of the tag is a list of macros of the form: name -# or name=definition (no spaces). If the definition and the = are -# omitted =1 is assumed. To prevent a macro definition from being -# undefined via #undef or recursively expanded use the := operator -# instead of the = operator. - -PREDEFINED = - -# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then -# this tag can be used to specify a list of macro names that should be expanded. -# The macro definition that is found in the sources will be used. -# Use the PREDEFINED tag if you want to use a different macro definition. - -EXPAND_AS_DEFINED = - -# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then -# doxygen's preprocessor will remove all function-like macros that are alone -# on a line, have an all uppercase name, and do not end with a semicolon. Such -# function macros are typically used for boiler-plate code, and will confuse -# the parser if not removed. - -SKIP_FUNCTION_MACROS = YES - -#--------------------------------------------------------------------------- -# Configuration::additions related to external references -#--------------------------------------------------------------------------- - -# The TAGFILES option can be used to specify one or more tagfiles. -# Optionally an initial location of the external documentation -# can be added for each tagfile. The format of a tag file without -# this location is as follows: -# -# TAGFILES = file1 file2 ... -# Adding location for the tag files is done as follows: -# -# TAGFILES = file1=loc1 "file2 = loc2" ... -# where "loc1" and "loc2" can be relative or absolute paths or -# URLs. If a location is present for each tag, the installdox tool -# does not have to be run to correct the links. -# Note that each tag file must have a unique name -# (where the name does NOT include the path) -# If a tag file is not located in the directory in which doxygen -# is run, you must also specify the path to the tagfile here. - -TAGFILES = - -# When a file name is specified after GENERATE_TAGFILE, doxygen will create -# a tag file that is based on the input files it reads. - -GENERATE_TAGFILE = - -# If the ALLEXTERNALS tag is set to YES all external classes will be listed -# in the class index. If set to NO only the inherited external classes -# will be listed. - -ALLEXTERNALS = NO - -# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed -# in the modules index. If set to NO, only the current project's groups will -# be listed. - -EXTERNAL_GROUPS = YES - -# The PERL_PATH should be the absolute path and name of the perl script -# interpreter (i.e. the result of `which perl'). - -PERL_PATH = /usr/bin/perl - -#--------------------------------------------------------------------------- -# Configuration options related to the dot tool -#--------------------------------------------------------------------------- - -# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will -# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base -# or super classes. Setting the tag to NO turns the diagrams off. Note that -# this option is superseded by the HAVE_DOT option below. This is only a -# fallback. It is recommended to install and use dot, since it yields more -# powerful graphs. - -CLASS_DIAGRAMS = YES - -# You can define message sequence charts within doxygen comments using the \msc -# command. Doxygen will then run the mscgen tool (see -# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the -# documentation. The MSCGEN_PATH tag allows you to specify the directory where -# the mscgen tool resides. If left empty the tool is assumed to be found in the -# default search path. - -MSCGEN_PATH = - -# If set to YES, the inheritance and collaboration graphs will hide -# inheritance and usage relations if the target is undocumented -# or is not a class. - -HIDE_UNDOC_RELATIONS = YES - -# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is -# available from the path. This tool is part of Graphviz, a graph visualization -# toolkit from AT&T and Lucent Bell Labs. The other options in this section -# have no effect if this option is set to NO (the default) - -HAVE_DOT = NO - -# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is -# allowed to run in parallel. When set to 0 (the default) doxygen will -# base this on the number of processors available in the system. You can set it -# explicitly to a value larger than 0 to get control over the balance -# between CPU load and processing speed. - -DOT_NUM_THREADS = 0 - -# By default doxygen will write a font called FreeSans.ttf to the output -# directory and reference it in all dot files that doxygen generates. This -# font does not include all possible unicode characters however, so when you need -# these (or just want a differently looking font) you can specify the font name -# using DOT_FONTNAME. You need need to make sure dot is able to find the font, -# which can be done by putting it in a standard location or by setting the -# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory -# containing the font. - -DOT_FONTNAME = FreeSans.ttf - -# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. -# The default size is 10pt. - -DOT_FONTSIZE = 10 - -# By default doxygen will tell dot to use the output directory to look for the -# FreeSans.ttf font (which doxygen will put there itself). If you specify a -# different font using DOT_FONTNAME you can set the path where dot -# can find it using this tag. - -DOT_FONTPATH = - -# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect inheritance relations. Setting this tag to YES will force the -# the CLASS_DIAGRAMS tag to NO. - -CLASS_GRAPH = YES - -# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect implementation dependencies (inheritance, containment, and -# class references variables) of the class with other documented classes. - -COLLABORATION_GRAPH = YES - -# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for groups, showing the direct groups dependencies - -GROUP_GRAPHS = YES - -# If the UML_LOOK tag is set to YES doxygen will generate inheritance and -# collaboration diagrams in a style similar to the OMG's Unified Modeling -# Language. - -UML_LOOK = NO - -# If set to YES, the inheritance and collaboration graphs will show the -# relations between templates and their instances. - -TEMPLATE_RELATIONS = NO - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT -# tags are set to YES then doxygen will generate a graph for each documented -# file showing the direct and indirect include dependencies of the file with -# other documented files. - -INCLUDE_GRAPH = YES - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and -# HAVE_DOT tags are set to YES then doxygen will generate a graph for each -# documented header file showing the documented files that directly or -# indirectly include this file. - -INCLUDED_BY_GRAPH = YES - -# If the CALL_GRAPH and HAVE_DOT options are set to YES then -# doxygen will generate a call dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable call graphs -# for selected functions only using the \callgraph command. - -CALL_GRAPH = NO - -# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then -# doxygen will generate a caller dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable caller -# graphs for selected functions only using the \callergraph command. - -CALLER_GRAPH = NO - -# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen -# will graphical hierarchy of all classes instead of a textual one. - -GRAPHICAL_HIERARCHY = YES - -# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES -# then doxygen will show the dependencies a directory has on other directories -# in a graphical way. The dependency relations are determined by the #include -# relations between the files in the directories. - -DIRECTORY_GRAPH = YES - -# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images -# generated by dot. Possible values are png, jpg, or gif -# If left blank png will be used. - -DOT_IMAGE_FORMAT = png - -# The tag DOT_PATH can be used to specify the path where the dot tool can be -# found. If left blank, it is assumed the dot tool can be found in the path. - -DOT_PATH = - -# The DOTFILE_DIRS tag can be used to specify one or more directories that -# contain dot files that are included in the documentation (see the -# \dotfile command). - -DOTFILE_DIRS = - -# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of -# nodes that will be shown in the graph. If the number of nodes in a graph -# becomes larger than this value, doxygen will truncate the graph, which is -# visualized by representing a node as a red box. Note that doxygen if the -# number of direct children of the root node in a graph is already larger than -# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note -# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. - -DOT_GRAPH_MAX_NODES = 50 - -# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the -# graphs generated by dot. A depth value of 3 means that only nodes reachable -# from the root by following a path via at most 3 edges will be shown. Nodes -# that lay further from the root node will be omitted. Note that setting this -# option to 1 or 2 may greatly reduce the computation time needed for large -# code bases. Also note that the size of a graph can be further restricted by -# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. - -MAX_DOT_GRAPH_DEPTH = 0 - -# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent -# background. This is disabled by default, because dot on Windows does not -# seem to support this out of the box. Warning: Depending on the platform used, -# enabling this option may lead to badly anti-aliased labels on the edges of -# a graph (i.e. they become hard to read). - -DOT_TRANSPARENT = NO - -# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output -# files in one run (i.e. multiple -o and -T options on the command line). This -# makes dot run faster, but since only newer versions of dot (>1.8.10) -# support this, this feature is disabled by default. - -DOT_MULTI_TARGETS = YES - -# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will -# generate a legend page explaining the meaning of the various boxes and -# arrows in the dot generated graphs. - -GENERATE_LEGEND = YES - -# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will -# remove the intermediate dot files that are used to generate -# the various graphs. - -DOT_CLEANUP = YES diff --git a/lib/HACKING b/lib/HACKING deleted file mode 100644 index 8278238..0000000 --- a/lib/HACKING +++ /dev/null @@ -1,91 +0,0 @@ -HACKING file for libradsec (in Emacs -*- org -*- mode). - -Status as of libradsec-0.0.5 (2014-02-03). - -* Build instructions -sh autogen.sh -./configure -make - -examples/client -r examples/client.conf blocking-tls; echo $? - -* Design of the API -- There are three usage modes: - - - Application uses blocking send and receive calls (blocking - mode). This is typically fine for a simple client. - - - Application registers callbacks with libradsec and runs the - libevent dispatch loop (a.k.a. user dispatch mode). This would - probably how to implement a server or a proxy. - - - Application runs its own event loop, using fd's for select and - performs I/O using libradsec send/receive functions - (a.k.a. on-your-own mode). Might be useful for an application - which already has an event loop that wants to add RadSec - functionality. - -- Apart from configuration and error handling, an application - shouldn't need to handle TCP and UDP connections - differently. Similarly, the use of TLS/DTLS or not shouldn't - influence the libradsec calls made by the application. - -- Configuration is done either by using the API or by pointing at a - configuration file which is parsed by libradsec. - -- Fully reentrant. - -- Application chooses allocation regime. - -Note that as of 0.0.4 libradsec suffers from way too much focus on -the behaviour of a blocking client and is totally useless as a server. -Not only does it lack most of the functions needed for writing a -server but it also contains at least one architectural mishap which -kills the server idea -- a connection timeout (TCP) or a retransmit -timeout (UDP) will result in the event loop being broken. The same -thing will happen if there's an error on a TCP connection, f.ex. a -failing certificate validation (TLS). - -* Dependencies -Details (within parentheses) apply to Debian Wheezy. - -- libconfuse (2.7-4) - sudo apt-get install libconfuse-dev libconfuse0 -- libevent2 (2.0.19-stable-3) - sudo apt-get install libevent-dev libevent-2.0-5 -- OpenSSL (1.0.1c-4) -- optional, for TLS and DTLS support - sudo apt-get install libssl-dev libssl1.0.0 - -* Functionality and quality in 0.0.x -** Not well tested -- reading config file -- [TCP] short read -- [TCP] short write -- [TLS] basic tls support -- [TLS] preshared key support -- [TLS] verification of CN - -** Known issues -- error stack is only one entry deep -- custom allocation scheme is not used in all places - -** Not implemented -- dispatch mode (planned for 0.1) -- [client] server failover / RFC3539 watchdog (planned for 0.1) -- [server] support (planned for 0.2) -- [client] TCP keepalive -- on-your-own mode -- [DTLS] support - -* Found a bug? -Please report it. That is how we improve the quality of the code. - -If possible, please build the library with DEBUG defined (CFLAGS="-g --DDEBUG") and reproduce the problem. With DEBUG defined, lots of -asserts are enabled which might give a hint about what's gone wrong. - -Running the library under gdb is another good idea. If you experience -a crash, catching the crash in gdb and providing a backtrace is highly -valuable for debugging. - -Contact: mailto:linus+libradsec@nordu.net diff --git a/lib/LICENSE b/lib/LICENSE deleted file mode 100644 index be32a9a..0000000 --- a/lib/LICENSE +++ /dev/null @@ -1,33 +0,0 @@ -* Copyright (c) 2007-2010, UNINETT AS -* Copyright (c) 2011, JANET(UK) -* Copyright (c) 2010-2013, NORDUnet A/S -* All rights reserved. -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that the following conditions are -* met: -* -* 1. Redistributions of source code must retain the above copyright -* notice, this list of conditions and the following disclaimer. -* -* 2. Redistributions in binary form must reproduce the above -* copyright notice, this list of conditions and the following -* disclaimer in the documentation and/or other materials provided -* with the distribution. -* -* 3. Neither the name of NORDUnet A/S nor the names of the -* contributors may be used to endorse or promote products -* derived from this software without specific prior written -* permission. -* -* THIS SOFTWARE IS PROVIDED BY NORDUNET A/S ``AS IS'' AND -* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NORDUNET A/S OR CONTRIBUTORS -* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/lib/Makefile.am b/lib/Makefile.am deleted file mode 100644 index 251c5b9..0000000 --- a/lib/Makefile.am +++ /dev/null @@ -1,71 +0,0 @@ -AUTOMAKE_OPTIONS = foreign -ACLOCAL_AMFLAGS = -I m4 - -# Shared library interface version, i.e. -version-info to Libtool, -# expressed as three integers CURRENT:REVISION:AGE. -# -# CURRENT is the version number of the current interface. Increment -# CURRENT when the library interface has changed or has been extended. -# -# REVISION is the version number of the _implementation_ of the -# CURRENT interface. Set REVISION to 0 when CURRENT changes, else -# increment. -# -# AGE is the number of interfaces this library implements, i.e. how -# many versions before CURRENT that are supported. Increment AGE when -# the library interface is _extended_. Set AGE to 0 when the library -# interface is _changed_. - -SUBDIRS = radius radsecproxy include . examples -DIST_SUBDIRS = $(SUBDIRS) tests - -AM_CPPFLAGS = -I$(srcdir)/include -AM_CFLAGS = -Wall -Werror -g - -lib_LTLIBRARIES = libradsec.la - -libradsec_la_SOURCES = \ - avp.c \ - compat.c \ - conf.c \ - conn.c \ - debug.c \ - err.c \ - event.c \ - packet.c \ - peer.c \ - radsec.c \ - request.c \ - send.c \ - tcp.c \ - udp.c \ - util.c - -if RS_ENABLE_TLS -libradsec_la_SOURCES += tls.c -else -libradsec_la_SOURCES += md5.c -endif - -libradsec_la_SOURCES += \ - compat.h \ - conn.h \ - debug.h \ - err.h \ - event.h \ - md5.h \ - packet.h \ - peer.h \ - radsec.h \ - tcp.h \ - tls.h \ - udp.h \ - util.h - -EXTRA_DIST = CHANGES HACKING LICENSE libradsec.spec radsec.sym -EXTRA_libradsec_la_DEPENDENCIES = radsec.sym -AM_DISTCHECK_CONFIGURE_FLAGS = --enable-tls --enable-tls-psk - -libradsec_la_LIBADD = radsecproxy/libradsec-radsecproxy.la radius/libradsec-radius.la -libradsec_la_LDFLAGS = -version-info 1:0:1 -export-symbols $(srcdir)/radsec.sym -libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT diff --git a/lib/README b/lib/README deleted file mode 100644 index 4c0d277..0000000 --- a/lib/README +++ /dev/null @@ -1,48 +0,0 @@ -Libradsec is a RADIUS library for clients doing RADIUS over UDP or -TLS. The goal is to add support for writing servers (and thus proxies) -and to add transports TCP and DTLS. - - -The canonical pickup point is -http://git.nordu.net/?p=radsecproxy.git;a=shortlog;h=refs/heads/libradsec - - -The source code is licensed under a 3-clause BSD license. See the -LICENSE file. - - -Libradsec depends on -- libconfuse -- libevent2 -- openssl (unless configured with --disable-tls) - - -To compile the library and the examples, do something like - - sh autogen.sh && ./configure && make - - -There are a couple of options that can be used when configuring. See - - ./configure --help - -for the full list. Worth mentioning here is --enable-tls-psk. - -If the preprocessor has a hard time finding some of the header files -are, try setting environment variable CPPFLAGS at configure -time. Example: - - CPPFLAGS="-I/usr/local/include" ./configure --enable-tls - -If the link editor has trouble finding any of the libraries needed, -try setting environment variable LDFLAGS at configure time. Example: - - LDFLAGS="-L/usr/local/lib" ./configure --enable-tls - - -The parts of the library which has been tested has been so on Linux -(Debian) with libconfuse (2.7), libevent (2.0.19) and OpenSSL -(1.0.1c). - -The file HACKING contains more detailed info on the state of the -various parts of the library. diff --git a/lib/autogen.sh b/lib/autogen.sh deleted file mode 100644 index d9cee9d..0000000 --- a/lib/autogen.sh +++ /dev/null @@ -1,14 +0,0 @@ -#! /bin/sh - -[ -d m4 ] || mkdir m4 -[ -d build-aux ] || mkdir build-aux - -if [ -x "`which autoreconf 2>/dev/null`" ] ; then - exec autoreconf -ivf -fi - -aclocal -I m4 && \ - autoheader && \ - libtoolize --automake -c && \ - autoconf && \ - automake --add-missing --copy diff --git a/lib/avp.c b/lib/avp.c deleted file mode 100644 index 11c56db..0000000 --- a/lib/avp.c +++ /dev/null @@ -1,540 +0,0 @@ -/* Copyright 2011 JANET(UK). All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> -#include <string.h> -#include <assert.h> - -#include <radsec/radsec.h> -#include <radius/client.h> - -#define RS_ERR(err) ((err) < 0 ? -err : RSE_OK) - -void -rs_avp_free (rs_avp **vps) -{ - nr_vp_free (vps); -} - -size_t -rs_avp_length (rs_const_avp *vp) -{ - if (vp == NULL) - return 0; - - return vp->length; -} - -rs_attr_type_t -rs_avp_typeof (rs_const_avp *vp) -{ - if (vp == NULL) - return RS_TYPE_INVALID; - - return vp->da->type; -} - -void -rs_avp_attrid (rs_const_avp *vp, - unsigned int *attr, - unsigned int *vendor) -{ - assert (vp != NULL); - - *attr = vp->da->attr; - *vendor = vp->da->vendor; -} - -const char * -rs_avp_name (rs_const_avp *vp) -{ - return (vp != NULL) ? vp->da->name : NULL; -} - -void -rs_avp_append (rs_avp **head, rs_avp *tail) -{ - nr_vps_append (head, tail); -} - -rs_avp * -rs_avp_find (rs_avp *vp, unsigned int attr, unsigned int vendor) -{ - if (vp == NULL) - return NULL; - - return nr_vps_find (vp, attr, vendor); -} - -rs_const_avp * -rs_avp_find_const (rs_const_avp *vp, - unsigned int attr, unsigned int vendor) -{ - if (vp == NULL) - return NULL; - - return nr_vps_find ((rs_avp *)vp, attr, vendor); -} - -rs_avp * -rs_avp_alloc (unsigned int attr, unsigned int vendor) -{ - const DICT_ATTR *da; - VALUE_PAIR *vp; - - da = nr_dict_attr_byvalue (attr, vendor); - if (da == NULL) { - vp = nr_vp_alloc_raw (attr, vendor); - } else { - vp = nr_vp_alloc (da); - } - - if (vp == NULL) - return NULL; - - return vp; -} - -rs_avp * -rs_avp_dup (rs_const_avp *vp) -{ - rs_avp *vp2; - - if (vp->da->flags.unknown) - vp2 = nr_vp_alloc_raw (vp->da->attr, vp->da->vendor); - else - vp2 = nr_vp_alloc (vp->da); - if (vp2 == NULL) - return NULL; - - vp2->length = vp->length; - vp2->tag = vp->tag; - vp2->next = NULL; - -#ifdef RS_TYPE_TLV - if (rs_avp_is_tlv (vp)) { - vp2->vp_tlv = malloc (vp->length); - if (vp2->vp_tlv == NULL) { - rs_avp_free (vp2); - return NULL; - } - memcpy (vp2->vp_tlv, vp->vp_tlv, vp->length); - return vp2; - } -#endif - - memcpy (vp2->vp_strvalue, vp->vp_strvalue, vp->length); - if (rs_avp_is_string (vp)) - vp2->vp_strvalue[vp->length] = '\0'; - - return vp2; -} - -rs_avp * -rs_avp_next (rs_avp *vp) -{ - return (vp != NULL) ? vp->next : NULL; -} - -rs_const_avp * -rs_avp_next_const (rs_const_avp *vp) -{ - return (vp != NULL) ? vp->next : NULL; -} - -int -rs_avp_delete (rs_avp **first, - unsigned int attr, unsigned int vendor) -{ - int found = 0; - rs_avp **p; - - for (p = first; *p != NULL; p++) { - if ((*p)->da->attr == attr && - (*p)->da->vendor == vendor) { - rs_avp *next = (*p)->next; - - (*p)->next = NULL; - rs_avp_free (p); - - *p = next; - found++; - } - } - - return found ? RSE_OK : RSE_ATTR_UNKNOWN; -} - -const char * -rs_avp_string_value (rs_const_avp *vp) -{ - if (!rs_avp_is_string (vp)) - return NULL; - - return vp->vp_strvalue; -} - -int -rs_avp_string_set (rs_avp *vp, const char *str) -{ - int err; - - if (vp == NULL) - return RSE_INVAL; - if (!rs_avp_is_string (vp)) - return RSE_ATTR_INVALID; - - err = nr_vp_set_data (vp, str, strlen (str)); - return RS_ERR(err); -} - -uint32_t -rs_avp_integer_value (rs_const_avp *vp) -{ - if (!rs_avp_is_integer (vp)) - return 0; - return vp->vp_integer; -} - -int -rs_avp_integer_set (rs_avp *vp, uint32_t val) -{ - int err; - - if (vp == NULL) - return RSE_INVAL; - if (!rs_avp_is_integer (vp)) - return RSE_ATTR_INVALID; - - err = nr_vp_set_data (vp, &val, sizeof (val)); - return RS_ERR(err); -} - -uint32_t -rs_avp_ipaddr_value (rs_const_avp *vp) -{ - if (!rs_avp_is_ipaddr (vp)) - return 0; - return vp->vp_ipaddr; -} - -int -rs_avp_ipaddr_set (rs_avp *vp, struct in_addr in) -{ - int err; - - if (vp == NULL) - return RSE_INVAL; - if (!rs_avp_is_ipaddr (vp)) - return RSE_ATTR_INVALID; - - err = nr_vp_set_data (vp, &in, sizeof (in)); - return RS_ERR(err); -} - -time_t -rs_avp_date_value (rs_const_avp *vp) -{ - if (!rs_avp_is_date (vp)) - return 0; - return vp->vp_date; -} - -int -rs_avp_date_set (rs_avp *vp, time_t date) -{ - uint32_t date32; - int err; - - if (vp == NULL) - return RSE_INVAL; - if (!rs_avp_is_date (vp)) - return RSE_ATTR_INVALID; - if (date > 0xFFFFFFFF) - return RSE_ATTR_INVALID; - - date32 = (uint32_t)date; - err = nr_vp_set_data (vp, &date32, sizeof (date32)); - - return RS_ERR(err); -} - -const unsigned char * -rs_avp_octets_value_const_ptr (rs_const_avp *vp) -{ - return rs_avp_octets_value_ptr ((rs_avp *)vp); -} - -unsigned char * -rs_avp_octets_value_ptr (rs_avp *vp) -{ - if (vp == NULL) - return NULL; - -#ifdef RS_TYPE_TLV - if (rs_avp_is_tlv (vp)) - return vp->vp_tlv; -#endif - - return vp->vp_octets; -} - -int -rs_avp_octets_value_byref (rs_avp *vp, - unsigned char **p, - size_t *len) -{ - if (vp == NULL) - return RSE_INVAL; - - *len = vp->length; - *p = (unsigned char *)rs_avp_octets_value_ptr (vp); - - return RSE_OK; -} - -int -rs_avp_octets_value (rs_const_avp *vp, - unsigned char *buf, - size_t *len) -{ - if (vp == NULL) - return RSE_INVAL; - - if (vp->length > *len) { - *len = vp->length; - return RSE_ATTR_TOO_SMALL; - } - - *len = vp->length; - -#ifdef RS_TYPE_TLV - if (rs_avp_is_tlv (vp)) - memcpy (buf, vp->vp_tlv, vp->length); - else -#endif - memcpy (buf, vp->vp_octets, vp->length); - - return RSE_OK; -} - -int -rs_avp_fragmented_value (rs_const_avp *vps, - unsigned char *buf, - size_t *len) -{ - size_t total_len = 0; - unsigned char *p; - rs_const_avp *vp; - - if (vps == NULL) - return RSE_INVAL; - - if (!rs_avp_is_octets (vps) && - !rs_avp_is_string (vps)) - return RSE_ATTR_INVALID; - - for (vp = vps; - vp != NULL; - vp = rs_avp_find_const (vp->next, vp->da->attr, vp->da->vendor)) - total_len += vp->length; - - if (*len < total_len) { - *len = total_len; - return RSE_ATTR_TOO_SMALL; - } - - for (vp = vps, p = buf; - vp != NULL; - vp = rs_avp_find_const (vp->next, vp->da->attr, vp->da->vendor)) { - memcpy (p, vp->vp_octets, vp->length); - p += vp->length; - } - - *len = total_len; - - return RSE_OK; -} - -int -rs_avp_octets_set (rs_avp *vp, - const unsigned char *buf, - size_t len) -{ - int err; - - if (!rs_avp_is_octets (vp)) - return RSE_ATTR_INVALID; - - err = nr_vp_set_data (vp, buf, len); - - return RS_ERR(err); -} - -int -rs_avp_ifid_value (rs_const_avp *vp, uint8_t val[8]) -{ - if (!rs_avp_is_ifid (vp)) - return RSE_ATTR_INVALID; - - memcpy (val, vp->vp_ifid, 8); - - return RSE_OK; -} - -int -rs_avp_ifid_set (rs_avp *vp, const uint8_t val[8]) -{ - int err; - - if (!rs_avp_is_ifid (vp)) - return RSE_ATTR_INVALID; - - err = nr_vp_set_data (vp, val, 8); - return RS_ERR(err); -} - -uint8_t -rs_avp_byte_value (rs_const_avp *vp) -{ - if (!rs_avp_is_byte (vp)) - return 0; - return vp->vp_integer; -} - -int -rs_avp_byte_set (rs_avp *vp, uint8_t val) -{ - int err; - - if (!rs_avp_is_byte (vp)) - return RSE_ATTR_INVALID; - - err = nr_vp_set_data (vp, &val, sizeof (val)); - return RS_ERR(err); -} - -uint16_t -rs_avp_short_value (rs_const_avp *vp) -{ - if (!rs_avp_is_short (vp)) - return 0; - return vp->vp_integer; -} - -int -rs_avp_short_set (rs_avp *vp, uint16_t val) -{ - int err; - - if (!rs_avp_is_short (vp)) - return RSE_ATTR_INVALID; - - err = nr_vp_set_data (vp, &val, sizeof (val)); - return RS_ERR(err); -} - -int -rs_attr_find (const char *name, - unsigned int *attr, - unsigned int *vendor) -{ - const DICT_ATTR *da; - - da = nr_dict_attr_byname (name); - if (da == NULL) - return RSE_ATTR_UNKNOWN; - - *attr = da->attr; - *vendor = da->vendor; - - return RSE_OK; -} - -int -rs_attr_display_name (unsigned int attr, - unsigned int vendor, - char *buffer, - size_t bufsize, - int canonical) -{ - const DICT_ATTR *da = NULL; - DICT_ATTR da2; - int err; - - if (!canonical) { - da = nr_dict_attr_byvalue (attr, vendor); - } - if (da == NULL) { - err = nr_dict_attr_2struct(&da2, attr, vendor, - buffer, bufsize); - if (err < 0) - return -err; - } else { - snprintf(buffer, bufsize, "%s", da->name); - } - - return RSE_OK; -} - -int -rs_attr_parse_name (const char *name, - unsigned int *attr, - unsigned int *vendor) -{ - const DICT_ATTR *da; - - if (strncmp(name, "Attr-", 5) == 0) { - char *s = (char *)&name[5]; - unsigned int tmp; - - tmp = strtoul(s, &s, 10); - if (*s == '.') { - s++; - - switch (tmp) { - case PW_VENDOR_SPECIFIC: - *vendor = strtoul(s, &s, 10); - if (*s != '.') - return RSE_ATTR_BAD_NAME; - - s++; - - *attr = strtoul(s, &s, 10); - if (*s != '\0') - return RSE_ATTR_BAD_NAME; - - break; - default: - return RSE_ATTR_BAD_NAME; - } - } else { - *attr = tmp; - *vendor = 0; - } - } else { - da = nr_dict_attr_byname (name); - if (da == NULL) - return RSE_ATTR_UNKNOWN; - - *attr = da->attr; - *vendor = da->vendor; - } - - return RSE_OK; -} - -size_t -rs_avp_display_value (rs_const_avp *vp, - char *buffer, - size_t buflen) -{ - return nr_vp_snprintf_value (buffer, buflen, vp); -} - diff --git a/lib/compat.c b/lib/compat.c deleted file mode 100644 index 7c4e346..0000000 --- a/lib/compat.c +++ /dev/null @@ -1,22 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <sys/types.h> -#include <sys/socket.h> -#include "compat.h" - -ssize_t -compat_send (int sockfd, const void *buf, size_t len, int flags) -{ - return send (sockfd, buf, len, flags); -} - -ssize_t -compat_recv (int sockfd, void *buf, size_t len, int flags) -{ - return recv (sockfd, buf, len, flags); -} diff --git a/lib/compat.h b/lib/compat.h deleted file mode 100644 index d3083e9..0000000 --- a/lib/compat.h +++ /dev/null @@ -1,5 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -ssize_t compat_send (int sockfd, const void *buf, size_t len, int flags); -ssize_t compat_recv (int sockfd, void *buf, size_t len, int flags); diff --git a/lib/conf.c b/lib/conf.c deleted file mode 100644 index 4e0df31..0000000 --- a/lib/conf.c +++ /dev/null @@ -1,255 +0,0 @@ -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <confuse.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "peer.h" -#include "util.h" -#include "debug.h" - -#if 0 - # common config options - - # common realm config options - realm STRING { - type = "UDP"|"TCP"|"TLS"|"DTLS" - timeout = INT - retries = INT - cacertfile = STRING - #cacertpath = STRING - certfile = STRING - certkeyfile = STRING - pskstr = STRING # Transport pre-shared key, UTF-8 form. - pskhexstr = STRING # Transport pre-shared key, ASCII hex form. - pskid = STRING - pskex = "PSK"|"DHE_PSK"|"RSA_PSK" - disable_hostname_check = "yes"|"no" - } - - # client specific realm config options - realm STRING { - server { - hostname = STRING - service = STRING - secret = STRING # RADIUS secret - } - } -#endif - -/* FIXME: Leaking memory in error cases. */ -int -rs_context_read_config(struct rs_context *ctx, const char *config_file) -{ - cfg_t *cfg, *cfg_realm, *cfg_server; - int err = 0; - int i, j; - const char *s; - struct rs_config *config = NULL; - - cfg_opt_t server_opts[] = - { - CFG_STR ("hostname", NULL, CFGF_NONE), - CFG_STR ("service", "2083", CFGF_NONE), - CFG_STR ("secret", "radsec", CFGF_NONE), - CFG_END () - }; - cfg_opt_t realm_opts[] = - { - CFG_STR ("type", "UDP", CFGF_NONE), - CFG_INT ("timeout", 2, CFGF_NONE), /* FIXME: Remove? */ - CFG_INT ("retries", 2, CFGF_NONE), /* FIXME: Remove? */ - CFG_STR ("cacertfile", NULL, CFGF_NONE), - /*CFG_STR ("cacertpath", NULL, CFGF_NONE),*/ - CFG_STR ("certfile", NULL, CFGF_NONE), - CFG_STR ("certkeyfile", NULL, CFGF_NONE), - CFG_STR ("pskstr", NULL, CFGF_NONE), - CFG_STR ("pskhexstr", NULL, CFGF_NONE), - CFG_STR ("pskid", NULL, CFGF_NONE), - CFG_STR ("pskex", "PSK", CFGF_NONE), - CFG_BOOL ("disable_hostname_check", cfg_false, CFGF_NONE), - CFG_SEC ("server", server_opts, CFGF_MULTI), - CFG_END () - }; - cfg_opt_t opts[] = - { - CFG_SEC ("realm", realm_opts, CFGF_TITLE | CFGF_MULTI), - CFG_END () - }; - - cfg = cfg_init (opts, CFGF_NONE); - if (cfg == NULL) - return rs_err_ctx_push (ctx, RSE_CONFIG, "unable to initialize libconfuse"); - err = cfg_parse (cfg, config_file); - switch (err) - { - case CFG_SUCCESS: - break; - case CFG_FILE_ERROR: - return rs_err_ctx_push (ctx, RSE_CONFIG, - "%s: unable to open configuration file", - config_file); - case CFG_PARSE_ERROR: - return rs_err_ctx_push (ctx, RSE_CONFIG, "%s: invalid configuration file", - config_file); - default: - return rs_err_ctx_push (ctx, RSE_CONFIG, "%s: unknown parse error", - config_file); - } - - config = rs_calloc (ctx, 1, sizeof (*config)); - if (config == NULL) - return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); - ctx->config = config; - - for (i = 0; i < cfg_size (cfg, "realm"); i++) - { - struct rs_realm *r = NULL; - const char *typestr; - char *pskstr = NULL, *pskhexstr = NULL; - - r = rs_calloc (ctx, 1, sizeof(*r)); - if (r == NULL) - return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); - if (config->realms != NULL) - { - r->next = config->realms->next; - config->realms->next = r; - } - else - { - config->realms = r; - } - cfg_realm = cfg_getnsec (cfg, "realm", i); - s = cfg_title (cfg_realm); - if (s == NULL) - return rs_err_ctx_push_fl (ctx, RSE_CONFIG, __FILE__, __LINE__, - "missing realm name"); - /* We use a copy of the return value of cfg_title() since it's const. */ - r->name = rs_strdup (ctx, s); - if (r->name == NULL) - return RSE_NOMEM; - - typestr = cfg_getstr (cfg_realm, "type"); - if (strcmp (typestr, "UDP") == 0) - r->type = RS_CONN_TYPE_UDP; - else if (strcmp (typestr, "TCP") == 0) - r->type = RS_CONN_TYPE_TCP; - else if (strcmp (typestr, "TLS") == 0) - r->type = RS_CONN_TYPE_TLS; - else if (strcmp (typestr, "DTLS") == 0) - r->type = RS_CONN_TYPE_DTLS; - else - return rs_err_ctx_push (ctx, RSE_CONFIG, - "%s: invalid connection type: %s", - r->name, typestr); - r->timeout = cfg_getint (cfg_realm, "timeout"); - r->retries = cfg_getint (cfg_realm, "retries"); - r->disable_hostname_check = cfg_getbool (cfg_realm, "disable_hostname_check"); - - r->cacertfile = cfg_getstr (cfg_realm, "cacertfile"); - /*r->cacertpath = cfg_getstr (cfg_realm, "cacertpath");*/ - r->certfile = cfg_getstr (cfg_realm, "certfile"); - r->certkeyfile = cfg_getstr (cfg_realm, "certkeyfile"); - - pskstr = cfg_getstr (cfg_realm, "pskstr"); - pskhexstr = cfg_getstr (cfg_realm, "pskhexstr"); - if (pskstr || pskhexstr) - { -#if defined RS_ENABLE_TLS_PSK - char *kex = cfg_getstr (cfg_realm, "pskex"); - rs_cred_type_t type = RS_CRED_NONE; - struct rs_credentials *cred = NULL; - assert (kex != NULL); - - if (!strcmp (kex, "PSK")) - type = RS_CRED_TLS_PSK; - else - { - /* TODO: push a warning on the error stack:*/ - /*rs_err_ctx_push (ctx, RSE_WARN, "%s: unsupported PSK key exchange" - " algorithm -- PSK not used", kex);*/ - } - - if (type != RS_CRED_NONE) - { - cred = rs_calloc (ctx, 1, sizeof (*cred)); - if (cred == NULL) - return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, - NULL); - cred->type = type; - cred->identity = cfg_getstr (cfg_realm, "pskid"); - if (pskhexstr) - { - cred->secret_encoding = RS_KEY_ENCODING_ASCII_HEX; - cred->secret = pskhexstr; - if (pskstr) - ; /* TODO: warn that we're ignoring pskstr */ - } - else - { - cred->secret_encoding = RS_KEY_ENCODING_UTF8; - cred->secret = pskstr; - } - - r->transport_cred = cred; - } -#else /* !RS_ENABLE_TLS_PSK */ - /* TODO: push a warning on the error stack: */ - /* rs_err_ctx_push (ctx, RSE_WARN, "libradsec wasn't configured with " - "support for TLS preshared keys, ignoring pskstr " - "and pskhexstr");*/ -#endif /* RS_ENABLE_TLS_PSK */ - } - - /* For TLS and DTLS realms, validate that we either have (i) CA - cert file or path or (ii) PSK. */ - if ((r->type == RS_CONN_TYPE_TLS || r->type == RS_CONN_TYPE_DTLS) - && (r->cacertfile == NULL && r->cacertpath == NULL) - && r->transport_cred == NULL) - return rs_err_ctx_push (ctx, RSE_CONFIG, - "%s: missing both CA file/path and PSK", - r->name); - - /* Add peers, one per server stanza. */ - for (j = 0; j < cfg_size (cfg_realm, "server"); j++) - { - struct rs_peer *p = peer_create (ctx, &r->peers); - if (p == NULL) - return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, - NULL); - p->realm = r; - - cfg_server = cfg_getnsec (cfg_realm, "server", j); - p->hostname = cfg_getstr (cfg_server, "hostname"); - p->service = cfg_getstr (cfg_server, "service"); - p->secret = cfg_getstr (cfg_server, "secret"); - } - } - - /* Save config object in context, for freeing in rs_context_destroy(). */ - ctx->config->cfg = cfg; - - return RSE_OK; -} - -struct rs_realm * -rs_conf_find_realm(struct rs_context *ctx, const char *name) -{ - struct rs_realm *r; - assert (ctx); - - if (ctx->config) - for (r = ctx->config->realms; r; r = r->next) - if (strcmp (r->name, name) == 0) - return r; - - return NULL; -} diff --git a/lib/configure.ac b/lib/configure.ac deleted file mode 100644 index d99bab4..0000000 --- a/lib/configure.ac +++ /dev/null @@ -1,68 +0,0 @@ -# -*- Autoconf -*- script for libradsec. - -AC_PREREQ([2.63]) -AC_INIT([libradsec], [0.0.5], [linus+libradsec@nordu.net]) -AC_CONFIG_MACRO_DIR([m4]) -AC_CONFIG_SRCDIR([radsec.c]) -AC_CONFIG_AUX_DIR([build-aux]) -AC_CONFIG_HEADERS([config.h]) -AM_INIT_AUTOMAKE -LT_INIT - -# Checks for programs. -AC_PROG_CC - -# Checks for libraries. -AC_CHECK_LIB([confuse], [cfg_init],, - AC_MSG_ERROR([required library libconfuse not found])) -AC_CHECK_LIB([event_core], [event_get_version],, - AC_MSG_ERROR([required library libevent_core not found])) -AH_TEMPLATE([HAVE_PTHREADS], [POSIX threads are available on this system]) -AC_SEARCH_LIBS([pthread_create], [pthread], AC_DEFINE([HAVE_PTHREADS])) - -# Enable-knobs. -## Enable TLS (RadSec), default on. -want_tls=yes -AH_TEMPLATE([RS_ENABLE_TLS], [TLS (RadSec) enabled]) -AH_TEMPLATE([RADPROT_TLS], []) -AC_ARG_ENABLE([tls], - AS_HELP_STRING([--disable-tls], [disable TLS (RadSec)]), - [want_tls=$enableval]) -AM_CONDITIONAL([RS_ENABLE_TLS], [test $want_tls = yes]) -if test $want_tls = yes; then - AC_CHECK_LIB([event_openssl], [bufferevent_openssl_socket_new],, - AC_MSG_ERROR([required library event_openssl not found])) - AC_DEFINE([RS_ENABLE_TLS]) - AC_DEFINE([RADPROT_TLS]) -else - # Define WITHOUT_OPENSSL for radius/client.h. - CPPFLAGS="$CPPFLAGS -DWITHOUT_OPENSSL" -fi -## Enable TLS-PSK (preshared keys). -AH_TEMPLATE([RS_ENABLE_TLS_PSK], [TLS-PSK (TLS preshared keys) enabled]) -AC_ARG_ENABLE([tls-psk], AS_HELP_STRING([--enable-tls-psk], [enable TLS-PSK (TLS preshared keys)]), - [AC_CHECK_LIB([ssl], [SSL_set_psk_client_callback],, - AC_MSG_ERROR([required library openssl with SSL_set_psk_client_callback() not found])) - AC_DEFINE([RS_ENABLE_TLS_PSK])]) -AM_CONDITIONAL([RS_ENABLE_TLS_PSK], [test "${enable_tls_psk+set}" = set]) - -# Checks for header files. -AC_CHECK_HEADERS( - [sys/time.h time.h netdb.h netinet/in.h stdint.h stdlib.h strings.h string.h \ - sys/socket.h unistd.h syslog.h sys/select.h fcntl.h arpa/inet.h pthread.h]) - -# Checks for typedefs, structures, and compiler characteristics. -AC_TYPE_SIZE_T -AC_TYPE_SSIZE_T -AC_TYPE_UINT8_T - -# Checks for library functions. -AC_CHECK_FUNCS([memset socket strdup strerror strrchr]) - -AC_CONFIG_FILES([Makefile libradsec.spec - radsecproxy/Makefile - radius/Makefile - include/Makefile - examples/Makefile - tests/Makefile]) -AC_OUTPUT diff --git a/lib/conn.c b/lib/conn.c deleted file mode 100644 index 970a071..0000000 --- a/lib/conn.c +++ /dev/null @@ -1,335 +0,0 @@ -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <string.h> -#include <stdlib.h> -#include <errno.h> -#include <assert.h> -#include <event2/event.h> -#include <event2/bufferevent.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "debug.h" -#include "conn.h" -#include "event.h" -#include "packet.h" -#include "tcp.h" - -int -conn_user_dispatch_p (const struct rs_connection *conn) -{ - assert (conn); - - return (conn->callbacks.connected_cb || - conn->callbacks.disconnected_cb || - conn->callbacks.received_cb || - conn->callbacks.sent_cb); -} - - -int -conn_activate_timeout (struct rs_connection *conn) -{ - assert (conn); - assert (conn->tev); - assert (conn->evb); - if (conn->timeout.tv_sec || conn->timeout.tv_usec) - { - rs_debug (("%s: activating timer: %d.%d\n", __func__, - conn->timeout.tv_sec, conn->timeout.tv_usec)); - if (evtimer_add (conn->tev, &conn->timeout)) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "evtimer_add: %d", errno); - } - return RSE_OK; -} - -int -conn_type_tls (const struct rs_connection *conn) -{ - return conn->realm->type == RS_CONN_TYPE_TLS - || conn->realm->type == RS_CONN_TYPE_DTLS; -} - -int -conn_cred_psk (const struct rs_connection *conn) -{ - return conn->realm->transport_cred && - conn->realm->transport_cred->type == RS_CRED_TLS_PSK; -} - - -/* Public functions. */ -int -rs_conn_create (struct rs_context *ctx, - struct rs_connection **conn, - const char *config) -{ - struct rs_connection *c; - - c = (struct rs_connection *) malloc (sizeof(struct rs_connection)); - if (!c) - return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL); - - memset (c, 0, sizeof(struct rs_connection)); - c->ctx = ctx; - c->fd = -1; - if (config) - { - struct rs_realm *r = rs_conf_find_realm (ctx, config); - if (r) - { - struct rs_peer *p; - - c->realm = r; - c->peers = r->peers; /* FIXME: Copy instead? */ - for (p = c->peers; p; p = p->next) - p->conn = c; - c->timeout.tv_sec = r->timeout; - c->tryagain = r->retries; - } - else - { - c->realm = rs_malloc (ctx, sizeof (struct rs_realm)); - if (!c->realm) - return rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, - NULL); - memset (c->realm, 0, sizeof (struct rs_realm)); - } - } - - if (conn) - *conn = c; - return RSE_OK; -} - -void -rs_conn_set_type (struct rs_connection *conn, rs_conn_type_t type) -{ - assert (conn); - assert (conn->realm); - conn->realm->type = type; -} - -int -rs_conn_add_listener (struct rs_connection *conn, - rs_conn_type_t type, - const char *hostname, - int port) -{ - return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__, NULL); -} - - -int -rs_conn_disconnect (struct rs_connection *conn) -{ - int err = 0; - - assert (conn); - - if (conn->is_connected) - event_on_disconnect (conn); - - if (conn->bev) - { - bufferevent_free (conn->bev); - conn->bev = NULL; - } - if (conn->rev) - { - event_free (conn->rev); - conn->rev = NULL; - } - if (conn->wev) - { - event_free (conn->wev); - conn->wev = NULL; - } - - err = evutil_closesocket (conn->fd); - conn->fd = -1; - return err; -} - -int -rs_conn_destroy (struct rs_connection *conn) -{ - int err = 0; - - assert (conn); - - /* NOTE: conn->realm is owned by context. */ - /* NOTE: conn->peers is owned by context. */ - - if (conn->is_connected) - err = rs_conn_disconnect (conn); - -#if defined (RS_ENABLE_TLS) - if (conn->tls_ssl) /* FIXME: Free SSL strucxt in rs_conn_disconnect? */ - SSL_free (conn->tls_ssl); - if (conn->tls_ctx) - SSL_CTX_free (conn->tls_ctx); -#endif - - if (conn->tev) - event_free (conn->tev); - if (conn->bev) - bufferevent_free (conn->bev); - if (conn->rev) - event_free (conn->rev); - if (conn->wev) - event_free (conn->wev); - if (conn->evb) - event_base_free (conn->evb); - - rs_free (conn->ctx, conn); - - return err; -} - -int -rs_conn_set_eventbase (struct rs_connection *conn, struct event_base *eb) -{ - return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__, NULL); -} - -void -rs_conn_set_callbacks (struct rs_connection *conn, struct rs_conn_callbacks *cb) -{ - assert (conn); - memcpy (&conn->callbacks, cb, sizeof (conn->callbacks)); -} - -void -rs_conn_del_callbacks (struct rs_connection *conn) -{ - assert (conn); - memset (&conn->callbacks, 0, sizeof (conn->callbacks)); -} - -struct rs_conn_callbacks * -rs_conn_get_callbacks(struct rs_connection *conn) -{ - assert (conn); - return &conn->callbacks; -} - -int -rs_conn_select_peer (struct rs_connection *conn, const char *name) -{ - return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__, NULL); -} - -int -rs_conn_get_current_peer (struct rs_connection *conn, - const char *name, - size_t buflen) -{ - return rs_err_conn_push_fl (conn, RSE_NOSYS, __FILE__, __LINE__, NULL); -} - -int rs_conn_fd (struct rs_connection *conn) -{ - assert (conn); - assert (conn->active_peer); - return conn->fd; -} - -static void -_rcb (struct rs_packet *packet, void *user_data) -{ - struct rs_packet *pkt = (struct rs_packet *) user_data; - assert (pkt); - assert (pkt->conn); - - pkt->flags |= RS_PACKET_RECEIVED; - if (pkt->conn->bev) - bufferevent_disable (pkt->conn->bev, EV_WRITE|EV_READ); - else - event_del (pkt->conn->rev); -} - -int -rs_conn_receive_packet (struct rs_connection *conn, - struct rs_packet *req_msg, - struct rs_packet **pkt_out) -{ - int err = 0; - struct rs_packet *pkt = NULL; - - assert (conn); - assert (conn->realm); - assert (!conn_user_dispatch_p (conn)); /* Blocking mode only. */ - - if (rs_packet_create (conn, &pkt)) - return -1; - - assert (conn->evb); - assert (conn->fd >= 0); - - conn->callbacks.received_cb = _rcb; - conn->user_data = pkt; - pkt->flags &= ~RS_PACKET_RECEIVED; - - if (conn->bev) /* TCP. */ - { - bufferevent_setwatermark (conn->bev, EV_READ, RS_HEADER_LEN, 0); - bufferevent_setcb (conn->bev, tcp_read_cb, NULL, tcp_event_cb, pkt); - bufferevent_enable (conn->bev, EV_READ); - } - else /* UDP. */ - { - /* Put fresh packet in user_data for the callback and enable the - read event. */ - event_assign (conn->rev, conn->evb, event_get_fd (conn->rev), - EV_READ, event_get_callback (conn->rev), pkt); - err = event_add (conn->rev, NULL); - if (err < 0) - return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__, - "event_add: %s", - evutil_gai_strerror (err)); - - /* Activate retransmission timer. */ - conn_activate_timeout (pkt->conn); - } - - rs_debug (("%s: entering event loop\n", __func__)); - err = event_base_dispatch (conn->evb); - conn->callbacks.received_cb = NULL; - if (err < 0) - return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__, - "event_base_dispatch: %s", - evutil_gai_strerror (err)); - rs_debug (("%s: event loop done\n", __func__)); - - if ((pkt->flags & RS_PACKET_RECEIVED) != 0) - { - /* If the caller passed a request, check the response. */ - if (req_msg) - err = packet_verify_response (pkt->conn, pkt, req_msg); - - /* If the response was OK and the caller wants it, hand it - over, else free it. */ - if (err == RSE_OK && pkt_out) - *pkt_out = pkt; - else - rs_packet_destroy (pkt); - } - else - err = rs_err_conn_peek_code (pkt->conn); - - return err; -} - -void -rs_conn_set_timeout(struct rs_connection *conn, struct timeval *tv) -{ - assert (conn); - assert (tv); - conn->timeout = *tv; -} diff --git a/lib/conn.h b/lib/conn.h deleted file mode 100644 index 66e15e2..0000000 --- a/lib/conn.h +++ /dev/null @@ -1,7 +0,0 @@ -/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -int conn_user_dispatch_p (const struct rs_connection *conn); -int conn_activate_timeout (struct rs_connection *conn); -int conn_type_tls (const struct rs_connection *conn); -int conn_cred_psk (const struct rs_connection *conn); diff --git a/lib/debug.c b/lib/debug.c deleted file mode 100644 index 903c793..0000000 --- a/lib/debug.c +++ /dev/null @@ -1,46 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <sys/types.h> -#include <stdio.h> -#include <assert.h> -#include <radius/client.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "debug.h" - -void -rs_dump_packet (const struct rs_packet *pkt) -{ - const RADIUS_PACKET *p = NULL; - - if (!pkt || !pkt->rpkt) - return; - p = pkt->rpkt; - - fprintf (stderr, "\tCode: %u, Identifier: %u, Lenght: %zu\n", - p->code, - p->id, - p->sizeof_data); - fflush (stderr); -} - -#if defined DEBUG -int -_rs_debug (const char *fmt, ...) -{ - int n; - va_list args; - - va_start (args, fmt); - n = vfprintf (stderr, fmt, args); - va_end (args); - fflush (stderr); - - return n; -} -#endif diff --git a/lib/debug.h b/lib/debug.h deleted file mode 100644 index ed62da1..0000000 --- a/lib/debug.h +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#define hd(p, l) { int i; \ - for (i = 1; i <= l; i++) { \ - printf ("%02x ", p[i-1]); \ - if (i % 8 == 0) printf (" "); \ - if (i % 16 == 0) printf ("\n"); } \ - printf ("\n"); } - -#if defined (__cplusplus) -extern "C" { -#endif - -struct rs_packet; -void rs_dump_packet (const struct rs_packet *pkt); -int _rs_debug (const char *fmt, ...); - -#if defined (DEBUG) -#define rs_debug(x) _rs_debug x -#else -#define rs_debug(x) do {;} while (0) -#endif - -#if defined (__cplusplus) -} -#endif diff --git a/lib/err.c b/lib/err.c deleted file mode 100644 index 0c7d5a8..0000000 --- a/lib/err.c +++ /dev/null @@ -1,276 +0,0 @@ -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> - -static const char *_errtxt[] = { - "SUCCESS", /* 0 RSE_OK */ - "out of memory", /* 1 RSE_NOMEM */ - "not yet implemented", /* 2 RSE_NOSYS */ - "invalid handle", /* 3 RSE_INVALID_CTX */ - "invalid connection", /* 4 RSE_INVALID_CONN */ - "connection type mismatch", /* 5 RSE_CONN_TYPE_MISMATCH */ - "FreeRadius error", /* 6 RSE_FR */ - "bad hostname or port", /* 7 RSE_BADADDR */ - "no peer configured", /* 8 RSE_NOPEER */ - "libevent error", /* 9 RSE_EVENT */ - "socket error", /* 10 RSE_SOCKERR */ - "invalid configuration file", /* 11 RSE_CONFIG */ - "authentication failed", /* 12 RSE_BADAUTH */ - "internal error", /* 13 RSE_INTERNAL */ - "SSL error", /* 14 RSE_SSLERR */ - "invalid packet", /* 15 RSE_INVALID_PKT */ - "connect timeout", /* 16 RSE_TIMEOUT_CONN */ - "invalid argument", /* 17 RSE_INVAL */ - "I/O timeout", /* 18 RSE_TIMEOUT_IO */ - "timeout", /* 19 RSE_TIMEOUT */ - "peer disconnected", /* 20 RSE_DISCO */ - "resource is in use", /* 21 RSE_INUSE */ - "packet is too small", /* 22 RSE_PACKET_TOO_SMALL */ - "packet is too large", /* 23 RSE_PACKET_TOO_LARGE */ - "attribute overflows packet", /* 24 RSE_ATTR_OVERFLOW */ - "attribute is too small", /* 25 RSE_ATTR_TOO_SMALL */ - "attribute is too large", /* 26 RSE_ATTR_TOO_LARGE */ - "unknown attribute", /* 27 RSE_ATTR_UNKNOWN */ - "invalid name for attribute", /* 28 RSE_ATTR_BAD_NAME */ - "invalid value for attribute", /* 29 RSE_ATTR_VALUE_MALFORMED */ - "invalid attribute", /* 30 RSE_ATTR_INVALID */ - "too many attributes in the packet", /* 31 RSE_TOO_MANY_ATTRS */ - "attribute type unknown", /* 32 RSE_ATTR_TYPE_UNKNOWN */ - "invalid message authenticator", /* 33 RSE_MSG_AUTH_LEN */ - "incorrect message authenticator", /* 34 RSE_MSG_AUTH_WRONG */ - "request is required", /* 35 RSE_REQUEST_REQUIRED */ - "invalid request code", /* 36 RSE_REQUEST_CODE_INVALID */ - "incorrect request authenticator", /* 37 RSE_AUTH_VECTOR_WRONG */ - "response code is unsupported", /* 38 RSE_INVALID_RESPONSE_CODE */ - "response ID is invalid", /* 39 RSE_INVALID_RESPONSE_ID */ - "response from the wrong source address", /* 40 RSE_INVALID_RESPONSE_SRC */ - "no packet data", /* 41 RSE_NO_PACKET_DATA */ - "vendor is unknown", /* 42 RSE_VENDOR_UNKNOWN */ - "invalid credentials", /* 43 RSE_CRED */ - "certificate validation error", /* 44 RSE_CERT */ -}; -#define ERRTXT_SIZE (sizeof(_errtxt) / sizeof(*_errtxt)) - -static struct rs_error * -_err_vcreate (unsigned int code, const char *file, int line, const char *fmt, - va_list args) -{ - struct rs_error *err = NULL; - - err = malloc (sizeof(struct rs_error)); - if (err) - { - int n; - memset (err, 0, sizeof(struct rs_error)); - err->code = code; - if (fmt) - n = vsnprintf (err->buf, sizeof(err->buf), fmt, args); - else - { - strncpy (err->buf, - err->code < ERRTXT_SIZE ? _errtxt[err->code] : "", - sizeof(err->buf)); - n = strlen (err->buf); - } - if (n >= 0 && file) - { - char *sep = strrchr (file, '/'); - if (sep) - file = sep + 1; - snprintf (err->buf + n, sizeof(err->buf) - n, " (%s:%d)", file, - line); - } - } - return err; -} - -struct rs_error * -err_create (unsigned int code, - const char *file, - int line, - const char *fmt, - ...) -{ - struct rs_error *err = NULL; - - va_list args; - va_start (args, fmt); - err = _err_vcreate (code, file, line, fmt, args); - va_end (args); - - return err; -} - -static int -_ctx_err_vpush_fl (struct rs_context *ctx, int code, const char *file, - int line, const char *fmt, va_list args) -{ - struct rs_error *err = _err_vcreate (code, file, line, fmt, args); - - if (!err) - return RSE_NOMEM; - - /* TODO: Implement a stack. */ - if (ctx->err) - rs_err_free (ctx->err); - ctx->err = err; - - return err->code; -} - -int -rs_err_ctx_push (struct rs_context *ctx, int code, const char *fmt, ...) -{ - int r = 0; - va_list args; - - va_start (args, fmt); - r = _ctx_err_vpush_fl (ctx, code, NULL, 0, fmt, args); - va_end (args); - - return r; -} - -int -rs_err_ctx_push_fl (struct rs_context *ctx, int code, const char *file, - int line, const char *fmt, ...) -{ - int r = 0; - va_list args; - - va_start (args, fmt); - r = _ctx_err_vpush_fl (ctx, code, file, line, fmt, args); - va_end (args); - - return r; -} - -int -err_conn_push_err (struct rs_connection *conn, struct rs_error *err) -{ - assert (conn); - assert (err); - - if (conn->err) - rs_err_free (conn->err); - conn->err = err; /* FIXME: use a stack */ - - return err->code; -} - -static int -_conn_err_vpush_fl (struct rs_connection *conn, int code, const char *file, - int line, const char *fmt, va_list args) -{ - struct rs_error *err = _err_vcreate (code, file, line, fmt, args); - - if (!err) - return RSE_NOMEM; - - return err_conn_push_err (conn, err); -} - -int -rs_err_conn_push (struct rs_connection *conn, int code, const char *fmt, ...) -{ - int r = 0; - - va_list args; - va_start (args, fmt); - r = _conn_err_vpush_fl (conn, code, NULL, 0, fmt, args); - va_end (args); - - return r; -} - -int -rs_err_conn_push_fl (struct rs_connection *conn, int code, const char *file, - int line, const char *fmt, ...) -{ - int r = 0; - - va_list args; - va_start (args, fmt); - r = _conn_err_vpush_fl (conn, code, file, line, fmt, args); - va_end (args); - - return r; -} - -struct rs_error * -rs_err_ctx_pop (struct rs_context *ctx) -{ - struct rs_error *err; - - if (!ctx) - return NULL; /* FIXME: RSE_INVALID_CTX. */ - err = ctx->err; - ctx->err = NULL; - - return err; -} - -struct rs_error * -rs_err_conn_pop (struct rs_connection *conn) -{ - struct rs_error *err; - - if (!conn) - return NULL; /* FIXME: RSE_INVALID_CONN */ - err = conn->err; - conn->err = NULL; - - return err; -} - -int -rs_err_conn_peek_code (struct rs_connection *conn) -{ - if (!conn) - return -1; /* FIXME: RSE_INVALID_CONN */ - if (conn->err) - return conn->err->code; - - return RSE_OK; -} - -void -rs_err_free (struct rs_error *err) -{ - assert (err); - free (err); -} - -char * -rs_err_msg (struct rs_error *err) -{ - if (!err) - return NULL; - - return err->buf; -} - -int -rs_err_code (struct rs_error *err, int dofree_flag) -{ - int code; - - if (!err) - return -1; - code = err->code; - - if (dofree_flag) - rs_err_free (err); - - return code; -} diff --git a/lib/err.h b/lib/err.h deleted file mode 100644 index ba83a53..0000000 --- a/lib/err.h +++ /dev/null @@ -1,9 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -struct rs_error *err_create (unsigned int code, - const char *file, - int line, - const char *fmt, - ...); -int err_conn_push_err (struct rs_connection *conn, struct rs_error *err); diff --git a/lib/event.c b/lib/event.c deleted file mode 100644 index a532da9..0000000 --- a/lib/event.c +++ /dev/null @@ -1,300 +0,0 @@ -/* Copyright 2011-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <assert.h> -#include <string.h> -#include <errno.h> - -#include <event2/event.h> -#include <event2/bufferevent.h> -#if defined (RS_ENABLE_TLS) -#include <event2/bufferevent_ssl.h> -#include <openssl/err.h> -#endif -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "tcp.h" -#include "udp.h" -#if defined (RS_ENABLE_TLS) -#include "tls.h" -#endif -#include "err.h" -#include "radsec.h" -#include "event.h" -#include "packet.h" -#include "conn.h" -#include "debug.h" - -#if defined (DEBUG) -extern int _event_debug_mode_on; -#endif - -static void -_evlog_cb (int severity, const char *msg) -{ - const char *sevstr; - switch (severity) - { - case _EVENT_LOG_DEBUG: -#if !defined (DEBUG_LEVENT) - return; -#endif - sevstr = "debug"; - break; - case _EVENT_LOG_MSG: - sevstr = "msg"; - break; - case _EVENT_LOG_WARN: - sevstr = "warn"; - break; - case _EVENT_LOG_ERR: - sevstr = "err"; - break; - default: - sevstr = "???"; - break; - } - fprintf (stderr, "libevent: [%s] %s\n", sevstr, msg); /* FIXME: stderr? */ -} - -void -event_conn_timeout_cb (int fd, short event, void *data) -{ - struct rs_connection *conn = NULL; - - assert (data); - conn = (struct rs_connection *) data; - - if (event & EV_TIMEOUT) - { - rs_debug (("%s: connection timeout on %p (fd %d) connecting to %p\n", - __func__, conn, conn->fd, conn->active_peer)); - conn->is_connecting = 0; - rs_err_conn_push_fl (conn, RSE_TIMEOUT_CONN, __FILE__, __LINE__, NULL); - event_loopbreak (conn); - } -} - -void -event_retransmit_timeout_cb (int fd, short event, void *data) -{ - struct rs_connection *conn = NULL; - - assert (data); - conn = (struct rs_connection *) data; - - if (event & EV_TIMEOUT) - { - rs_debug (("%s: retransmission timeout on %p (fd %d) sending to %p\n", - __func__, conn, conn->fd, conn->active_peer)); - rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL); - - /* Disable/delete read and write events. Timing out on reading - might f.ex. trigger resending of a message. It'd be - surprising to end up reading without having enabled/created a - read event in that case. */ - if (conn->bev) /* TCP. */ - bufferevent_disable (conn->bev, EV_WRITE|EV_READ); - else /* UDP. */ - { - if (conn->wev) - event_del (conn->wev); - if (conn->rev) - event_del (conn->rev); - } - - event_loopbreak (conn); - } -} - -int -event_init_socket (struct rs_connection *conn, struct rs_peer *p) -{ - if (conn->fd != -1) - return RSE_OK; - - if (p->addr_cache == NULL) - { - struct rs_error *err = - rs_resolve (&p->addr_cache, p->realm->type, p->hostname, p->service); - if (err != NULL) - return err_conn_push_err (conn, err); - } - - conn->fd = socket (p->addr_cache->ai_family, p->addr_cache->ai_socktype, - p->addr_cache->ai_protocol); - if (conn->fd < 0) - return rs_err_conn_push_fl (conn, RSE_SOCKERR, __FILE__, __LINE__, - "socket: %d (%s)", - errno, strerror (errno)); - if (evutil_make_socket_nonblocking (conn->fd) < 0) - { - evutil_closesocket (conn->fd); - conn->fd = -1; - return rs_err_conn_push_fl (conn, RSE_SOCKERR, __FILE__, __LINE__, - "evutil_make_socket_nonblocking: %d (%s)", - errno, strerror (errno)); - } - return RSE_OK; -} - -int -event_init_bufferevent (struct rs_connection *conn, struct rs_peer *peer) -{ - if (conn->bev) - return RSE_OK; - - if (conn->realm->type == RS_CONN_TYPE_TCP) - { - conn->bev = bufferevent_socket_new (conn->evb, conn->fd, 0); - if (!conn->bev) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "bufferevent_socket_new"); - } -#if defined (RS_ENABLE_TLS) - else if (conn->realm->type == RS_CONN_TYPE_TLS) - { - if (tls_init_conn (conn)) - return -1; - /* Would be convenient to pass BEV_OPT_CLOSE_ON_FREE but things - seem to break when be_openssl_ctrl() (in libevent) calls - SSL_set_bio() after BIO_new_socket() with flag=1. */ - conn->bev = - bufferevent_openssl_socket_new (conn->evb, conn->fd, conn->tls_ssl, - BUFFEREVENT_SSL_CONNECTING, 0); - if (!conn->bev) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "bufferevent_openssl_socket_new"); - } -#endif /* RS_ENABLE_TLS */ - else - { - return rs_err_conn_push_fl (conn, RSE_INTERNAL, __FILE__, __LINE__, - "%s: unknown connection type: %d", __func__, - conn->realm->type); - } - - return RSE_OK; -} - -void -event_do_connect (struct rs_connection *conn) -{ - struct rs_peer *p; - int err, sockerr; - - assert (conn); - assert (conn->active_peer); - p = conn->active_peer; - -#if defined (DEBUG) - { - char host[80], serv[80]; - - getnameinfo (p->addr_cache->ai_addr, - p->addr_cache->ai_addrlen, - host, sizeof(host), serv, sizeof(serv), - 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/); - rs_debug (("%s: connecting to %s:%s\n", __func__, host, serv)); - } -#endif - - if (p->conn->bev) /* TCP */ - { - conn_activate_timeout (conn); /* Connect timeout. */ - err = bufferevent_socket_connect (p->conn->bev, p->addr_cache->ai_addr, - p->addr_cache->ai_addrlen); - if (err < 0) - rs_err_conn_push_fl (p->conn, RSE_EVENT, __FILE__, __LINE__, - "bufferevent_socket_connect: %s", - evutil_gai_strerror (err)); - else - p->conn->is_connecting = 1; - } - else /* UDP */ - { - err = connect (p->conn->fd, - p->addr_cache->ai_addr, - p->addr_cache->ai_addrlen); - if (err < 0) - { - sockerr = evutil_socket_geterror (p->conn->fd); - rs_debug (("%s: %d: connect: %d (%s)\n", __func__, p->conn->fd, - sockerr, evutil_socket_error_to_string (sockerr))); - rs_err_conn_push_fl (p->conn, RSE_SOCKERR, __FILE__, __LINE__, - "%d: connect: %d (%s)", p->conn->fd, sockerr, - evutil_socket_error_to_string (sockerr)); - } - } -} - -int -event_loopbreak (struct rs_connection *conn) -{ - int err = event_base_loopbreak (conn->evb); - if (err < 0) - rs_err_conn_push (conn, RSE_EVENT, "event_base_loopbreak"); - return err; -} - - -void -event_on_disconnect (struct rs_connection *conn) -{ - conn->is_connecting = 0; - conn->is_connected = 0; - rs_debug (("%s: %p disconnected\n", __func__, conn->active_peer)); - if (conn->callbacks.disconnected_cb) - conn->callbacks.disconnected_cb (conn->user_data); -} - -/** Internal connect event returning 0 on success or -1 on error. */ -int -event_on_connect (struct rs_connection *conn, struct rs_packet *pkt) -{ - assert (!conn->is_connecting); - -#if defined (RS_ENABLE_TLS) - if (conn_type_tls(conn) && !conn_cred_psk(conn)) - if (tls_verify_cert (conn) != RSE_OK) - { - rs_debug (("%s: server cert verification failed\n", __func__)); - return -1; - } -#endif /* RS_ENABLE_TLS */ - - conn->is_connected = 1; - rs_debug (("%s: %p connected\n", __func__, conn->active_peer)); - - if (conn->callbacks.connected_cb) - conn->callbacks.connected_cb (conn->user_data); - - if (pkt) - packet_do_send (pkt); - - return 0; -} - -int -event_init_eventbase (struct rs_connection *conn) -{ - assert (conn); - if (conn->evb) - return RSE_OK; - -#if defined (DEBUG) - if (!_event_debug_mode_on) - event_enable_debug_mode (); -#endif - event_set_log_callback (_evlog_cb); - conn->evb = event_base_new (); - if (!conn->evb) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "event_base_new"); - - return RSE_OK; -} diff --git a/lib/event.h b/lib/event.h deleted file mode 100644 index bd9ec77..0000000 --- a/lib/event.h +++ /dev/null @@ -1,12 +0,0 @@ -/* Copyright 2011-2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -void event_on_disconnect (struct rs_connection *conn); -int event_on_connect (struct rs_connection *conn, struct rs_packet *pkt); -int event_loopbreak (struct rs_connection *conn); -int event_init_eventbase (struct rs_connection *conn); -int event_init_socket (struct rs_connection *conn, struct rs_peer *p); -int event_init_bufferevent (struct rs_connection *conn, struct rs_peer *peer); -void event_do_connect (struct rs_connection *conn); -void event_conn_timeout_cb (int fd, short event, void *data); -void event_retransmit_timeout_cb (int fd, short event, void *data); diff --git a/lib/examples/Makefile.am b/lib/examples/Makefile.am deleted file mode 100644 index fa1c835..0000000 --- a/lib/examples/Makefile.am +++ /dev/null @@ -1,8 +0,0 @@ -AUTOMAKE_OPTIONS = foreign -AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir) -AM_CFLAGS = -Wall -Werror -g - -noinst_PROGRAMS = client -client_SOURCES = client-blocking.c -client_LDADD = ../libradsec.la #-lefence -client_CFLAGS = $(AM_CFLAGS) -DUSE_CONFIG_FILE diff --git a/lib/examples/blocking.c b/lib/examples/blocking.c deleted file mode 100644 index b66eb64..0000000 --- a/lib/examples/blocking.c +++ /dev/null @@ -1,71 +0,0 @@ -/* Example usage of libradsec-base, using blocking i/o. */ - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <stdint.h> -#include "blocking.h" - -struct rs_packet * -next_packet (const struct rs_handle *ctx, int fd) -{ - uint8_t hdr[RS_HEADER_LEN]; - uint8_t *buf; - size_t len; - struct rs_packet *p; - ssize_t n; - - /* Read fixed length header. */ - n = 0; - while (n < RS_HEADER_LEN) - n += read (fd, hdr, RS_HEADER_LEN - n); - - p = rs_packet_new (ctx, hdr, &len); - fprintf (stderr, "DEBUG: got header, total packet len is %d\n", - len + RS_HEADER_LEN); - - /* Read the rest of the message. */ - if (p) - { - buf = malloc (len); - if (buf) - { - n = 0; - while (n < len) - n += read (fd, buf, len - n); - p = rs_packet_parse (ctx, &p, buf, len); - free (buf); - } - else - rs_packet_free (ctx, &p); - } - - return p; -} - -int -send_packet(const struct rs_handle *ctx, int fd, struct rs_packet *p) -{ - uint8_t *buf = NULL; - ssize_t n = -20; /* Arbitrary packet size -- a guess. */ - - while (n < 0) - { - buf = realloc (buf, -n); - if (buf == NULL) - return -1; - n = rs_packet_serialize (p, buf, -n); - } - - while (n) - { - ssize_t count = write (fd, buf, n); - if (count == -1) - return -1; - n -= count; - } - - free (buf); - rs_packet_free (ctx, &p); - return 0; -} diff --git a/lib/examples/blocking.h b/lib/examples/blocking.h deleted file mode 100644 index f91e6be..0000000 --- a/lib/examples/blocking.h +++ /dev/null @@ -1,4 +0,0 @@ -#include "libradsec-base.h" - -struct rs_packet *next_packet (const struct rs_handle *ctx, int fd); -int send_packet (const struct rs_handle *ctx, int fd, struct rs_packet *p); diff --git a/lib/examples/client-blocking.c b/lib/examples/client-blocking.c deleted file mode 100644 index a50ee8a..0000000 --- a/lib/examples/client-blocking.c +++ /dev/null @@ -1,127 +0,0 @@ -/* RADIUS/RadSec client using libradsec in blocking mode. */ - -#include <stdio.h> -#include <stdlib.h> -#include <assert.h> -#include <radsec/radsec.h> -#include <radsec/request.h> -#include "err.h" -#include "debug.h" /* For rs_dump_packet(). */ - -#define SECRET "sikrit" -#define USER_NAME "molgan@PROJECT-MOONSHOT.ORG" -#define USER_PW "password" - -struct rs_error * -blocking_client (const char *config_fn, const char *configuration, - int use_request_object_flag) -{ - struct rs_context *h = NULL; - struct rs_connection *conn = NULL; - struct rs_request *request = NULL; - struct rs_packet *req = NULL, *resp = NULL; - struct rs_error *err = NULL; - int r; - - r = rs_context_create (&h); - if (r) - { - assert (!"unable to create libradsec context"); - } - -#if !defined (USE_CONFIG_FILE) - { - struct rs_peer *server; - - if (rs_conn_create (h, &conn, NULL)) - goto cleanup; - rs_conn_set_type (conn, RS_CONN_TYPE_UDP); - if (rs_peer_create (conn, &server)) - goto cleanup; - if (rs_peer_set_address (server, av1, av2)) - goto cleanup; - rs_peer_set_timeout (server, 1); - rs_peer_set_retries (server, 3); - if (rs_peer_set_secret (server, SECRET)) - goto cleanup; - } -#else /* defined (USE_CONFIG_FILE) */ - if (rs_context_read_config (h, config_fn)) - goto cleanup; - if (rs_conn_create (h, &conn, configuration)) - goto cleanup; -#endif /* defined (USE_CONFIG_FILE) */ - - if (use_request_object_flag) - { - if (rs_request_create_authn (conn, &request, USER_NAME, USER_PW)) - goto cleanup; - if (rs_request_send (request, &resp)) - goto cleanup; - } - else - { - if (rs_packet_create_authn_request (conn, &req, USER_NAME, USER_PW)) - goto cleanup; - if (rs_packet_send (req, NULL)) - goto cleanup; - if (rs_conn_receive_packet (conn, req, &resp)) - goto cleanup; - } - - if (resp) - { - rs_dump_packet (resp); - if (rs_packet_code (resp) == PW_ACCESS_ACCEPT) - printf ("Good auth.\n"); - else - printf ("Bad auth: %d\n", rs_packet_code (resp)); - } - else - fprintf (stderr, "%s: no response\n", __func__); - - cleanup: - err = rs_err_ctx_pop (h); - if (err == RSE_OK) - err = rs_err_conn_pop (conn); - if (resp) - rs_packet_destroy (resp); - if (request) - rs_request_destroy (request); - if (conn) - rs_conn_destroy (conn); - if (h) - rs_context_destroy (h); - - return err; -} - -void -usage (int argc, char *argv[]) -{ - fprintf (stderr, "usage: %s: [-r] config-file config-name\n", argv[0]); - exit (1); -} - -int -main (int argc, char *argv[]) -{ - int use_request_object_flag = 0; - struct rs_error *err; - - if (argc > 1 && argv[1] && argv[1][0] == '-' && argv[1][1] == 'r') - { - use_request_object_flag = 1; - argc--; - argv++; - } - if (argc < 3) - usage (argc, argv); - err = blocking_client (argv[1], argv[2], use_request_object_flag); - if (err) - { - fprintf (stderr, "error: %s: %d\n", rs_err_msg (err), rs_err_code (err, 0)); - return rs_err_code (err, 1); - } - return 0; -} diff --git a/lib/examples/client-psk.conf b/lib/examples/client-psk.conf deleted file mode 100644 index 7b35e23..0000000 --- a/lib/examples/client-psk.conf +++ /dev/null @@ -1,18 +0,0 @@ -# We keep PSK configurations in a separate config file until -# --enable-tls-psk is on by default. This configuration is not valid -# without PSK support. - -realm blocking-tls-psk { - type = "TLS" - timeout = 1 - retries = 3 - #pskstr = "sikrit psk" - pskhexstr = "deadbeef4711" - pskid = "Client_identity" - pskex = "PSK" - server { - hostname = "srv1" - service = "4433" - secret = "sikrit" - } -} diff --git a/lib/examples/client.conf b/lib/examples/client.conf deleted file mode 100644 index b0b4536..0000000 --- a/lib/examples/client.conf +++ /dev/null @@ -1,24 +0,0 @@ -realm blocking-udp { - type = "UDP" - timeout = 2 - retries = 2 - server { - hostname = "127.0.0.1" - service = "1820" - secret = "sikrit" - } -} - -realm blocking-tls { - type = "TLS" - timeout = 1 - retries = 3 - cacertfile = "tests/demoCA/newcerts/01.pem" - certfile = "tests/demoCA/newcerts/03.pem" - certkeyfile = "tests/demoCA/private/cli1.key" - server { - hostname = "srv1" - service = "2083" - secret = "sikrit" - } -} diff --git a/lib/include/Makefile.am b/lib/include/Makefile.am deleted file mode 100644 index 754590c..0000000 --- a/lib/include/Makefile.am +++ /dev/null @@ -1,12 +0,0 @@ -RADSEC_EXPORT = \ - radsec/radsec.h \ - radsec/radsec-impl.h \ - radsec/request.h \ - radsec/request-impl.h \ - radsec/radius.h - -EXTRA_SRC = $(RADSEC_EXPORT) -nobase_include_HEADERS = $(RADSEC_EXPORT) - -clean-local: - rm -f radsec/radius.h diff --git a/lib/include/radsec/.gitignore b/lib/include/radsec/.gitignore deleted file mode 100644 index c20d18b..0000000 --- a/lib/include/radsec/.gitignore +++ /dev/null @@ -1 +0,0 @@ -radius.h diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h deleted file mode 100644 index 0ecd631..0000000 --- a/lib/include/radsec/radsec-impl.h +++ /dev/null @@ -1,156 +0,0 @@ -/** @file libradsec-impl.h - @brief Libraray internal header file for libradsec. */ - -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#ifndef _RADSEC_RADSEC_IMPL_H_ -#define _RADSEC_RADSEC_IMPL_H_ 1 - -#include <event2/util.h> -#include <confuse.h> -#if defined(RS_ENABLE_TLS) -#include <openssl/ssl.h> -#endif - -/* Constants. */ -#define RS_HEADER_LEN 4 - -/* Data types. */ -enum rs_cred_type { - RS_CRED_NONE = 0, - /* TLS pre-shared keys, RFC 4279. */ - RS_CRED_TLS_PSK, - /* RS_CRED_TLS_DH_PSK, */ - /* RS_CRED_TLS_RSA_PSK, */ -}; -typedef unsigned int rs_cred_type_t; - -enum rs_key_encoding { - RS_KEY_ENCODING_UTF8 = 1, - RS_KEY_ENCODING_ASCII_HEX = 2, -}; -typedef unsigned int rs_key_encoding_t; - -#if defined (__cplusplus) -extern "C" { -#endif - -struct rs_credentials { - enum rs_cred_type type; - char *identity; - char *secret; - enum rs_key_encoding secret_encoding; - unsigned int secret_len; -}; - -struct rs_error { - int code; - char buf[1024]; -}; - -/** Configuration object for a connection. */ -struct rs_peer { - struct rs_connection *conn; - struct rs_realm *realm; - char *hostname; - char *service; - char *secret; /* RADIUS secret. */ - struct evutil_addrinfo *addr_cache; - struct rs_peer *next; -}; - -/** Configuration object for a RADIUS realm. */ -struct rs_realm { - char *name; - enum rs_conn_type type; - int timeout; - int retries; - char *cacertfile; - char *cacertpath; - char *certfile; - char *certkeyfile; - int disable_hostname_check; - struct rs_credentials *transport_cred; - struct rs_peer *peers; - struct rs_realm *next; -}; - -/** Top configuration object. */ -struct rs_config { - struct rs_realm *realms; - cfg_t *cfg; -}; - -struct rs_context { - struct rs_config *config; - struct rs_alloc_scheme alloc_scheme; - struct rs_error *err; -}; - -struct rs_connection { - struct rs_context *ctx; - struct rs_realm *realm; /* Owned by ctx. */ - struct event_base *evb; /* Event base. */ - struct event *tev; /* Timeout event. */ - struct rs_conn_callbacks callbacks; - void *user_data; - struct rs_peer *peers; - struct rs_peer *active_peer; - struct rs_error *err; - struct timeval timeout; - char is_connecting; /* FIXME: replace with a single state member */ - char is_connected; /* FIXME: replace with a single state member */ - int fd; /* Socket. */ - int tryagain; /* For server failover. */ - int nextid; /* Next RADIUS packet identifier. */ - /* TCP transport specifics. */ - struct bufferevent *bev; /* Buffer event. */ - /* UDP transport specifics. */ - struct event *wev; /* Write event (for UDP). */ - struct event *rev; /* Read event (for UDP). */ - struct rs_packet *out_queue; /* Queue for outgoing UDP packets. */ -#if defined(RS_ENABLE_TLS) - /* TLS specifics. */ - SSL_CTX *tls_ctx; - SSL *tls_ssl; -#endif -}; - -enum rs_packet_flags { - RS_PACKET_HEADER_READ, - RS_PACKET_RECEIVED, - RS_PACKET_SENT, -}; - -struct radius_packet; - -struct rs_packet { - struct rs_connection *conn; - unsigned int flags; - uint8_t hdr[RS_HEADER_LEN]; - struct radius_packet *rpkt; /* FreeRADIUS object. */ - struct rs_packet *next; /* Used for UDP output queue. */ -}; - -#if defined (__cplusplus) -} -#endif - -/* Convenience macros. */ -#define rs_calloc(h, nmemb, size) \ - (h->alloc_scheme.calloc ? h->alloc_scheme.calloc : calloc)(nmemb, size) -#define rs_malloc(h, size) \ - (h->alloc_scheme.malloc ? h->alloc_scheme.malloc : malloc)(size) -#define rs_free(h, ptr) \ - (h->alloc_scheme.free ? h->alloc_scheme.free : free)(ptr) -#define rs_realloc(h, realloc, ptr, size) \ - (h->alloc_scheme.realloc ? h->alloc_scheme.realloc : realloc)(ptr, size) -#define min(a, b) ((a) < (b) ? (a) : (b)) -#define max(a, b) ((a) > (b) ? (a) : (b)) - -#endif /* _RADSEC_RADSEC_IMPL_H_ */ - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/include/radsec/radsec.h b/lib/include/radsec/radsec.h deleted file mode 100644 index 1d718a0..0000000 --- a/lib/include/radsec/radsec.h +++ /dev/null @@ -1,607 +0,0 @@ -/** \file radsec.h - \brief Public interface for libradsec. */ - -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#ifndef _RADSEC_RADSEC_H_ -#define _RADSEC_RADSEC_H_ 1 - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#ifdef HAVE_SYS_TIME_H -#include <sys/time.h> -#endif -#ifdef HAVE_ARPA_INET_H -#include <arpa/inet.h> -#endif -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#ifdef HAVE_STDINT_H -#include <stdint.h> -#endif - -enum rs_error_code { - RSE_OK = 0, - RSE_NOMEM = 1, - RSE_NOSYS = 2, - RSE_INVALID_CTX = 3, - RSE_INVALID_CONN = 4, - RSE_CONN_TYPE_MISMATCH = 5, - RSE_BADADDR = 7, - RSE_NOPEER = 8, - RSE_EVENT = 9, /* libevent error. */ - RSE_SOCKERR = 10, - RSE_CONFIG = 11, - RSE_BADAUTH = 12, - RSE_INTERNAL = 13, - RSE_SSLERR = 14, /* OpenSSL error. */ - RSE_INVALID_PKT = 15, - RSE_TIMEOUT_CONN = 16, /* Connection timeout. */ - RSE_INVAL = 17, /* Invalid argument. */ - RSE_TIMEOUT_IO = 18, /* I/O timeout. */ - RSE_TIMEOUT = 19, /* High level timeout. */ - RSE_DISCO = 20, - RSE_INUSE = 21, - RSE_PACKET_TOO_SMALL = 22, - RSE_PACKET_TOO_LARGE = 23, - RSE_ATTR_OVERFLOW = 24, - RSE_ATTR_TOO_SMALL = 25, - RSE_ATTR_TOO_LARGE = 26, - RSE_ATTR_UNKNOWN = 27, - RSE_ATTR_BAD_NAME = 28, - RSE_ATTR_VALUE_MALFORMED = 29, - RSE_ATTR_INVALID = 30, - RSE_TOO_MANY_ATTRS = 31, - RSE_ATTR_TYPE_UNKNOWN = 32, - RSE_MSG_AUTH_LEN = 33, - RSE_MSG_AUTH_WRONG = 34, - RSE_REQUEST_REQUIRED = 35, - RSE_INVALID_REQUEST_CODE = 36, - RSE_AUTH_VECTOR_WRONG = 37, - RSE_INVALID_RESPONSE_CODE = 38, - RSE_INVALID_RESPONSE_ID = 39, - RSE_INVALID_RESPONSE_SRC = 40, - RSE_NO_PACKET_DATA = 41, - RSE_VENDOR_UNKNOWN = 42, - RSE_CRED = 43, - RSE_CERT = 44, - RSE_MAX = RSE_CERT -}; - -enum rs_conn_type { - RS_CONN_TYPE_NONE = 0, - RS_CONN_TYPE_UDP, - RS_CONN_TYPE_TCP, - RS_CONN_TYPE_TLS, - RS_CONN_TYPE_DTLS, -}; -typedef unsigned int rs_conn_type_t; - -typedef enum rs_attr_type_t { - RS_TYPE_INVALID = 0, /**< Invalid data type */ - RS_TYPE_STRING, /**< printable-text */ - RS_TYPE_INTEGER, /**< a 32-bit unsigned integer */ - RS_TYPE_IPADDR, /**< an IPv4 address */ - RS_TYPE_DATE, /**< a 32-bit date, of seconds since January 1, 1970 */ - RS_TYPE_OCTETS, /**< a sequence of binary octets */ - RS_TYPE_IFID, /**< an Interface Id */ - RS_TYPE_IPV6ADDR, /**< an IPv6 address */ - RS_TYPE_IPV6PREFIX, /**< an IPv6 prefix */ - RS_TYPE_BYTE, /**< an 8-bit integer */ - RS_TYPE_SHORT, /**< a 16-bit integer */ -} rs_attr_type_t; - -#define PW_ACCESS_REQUEST 1 -#define PW_ACCESS_ACCEPT 2 -#define PW_ACCESS_REJECT 3 -#define PW_ACCOUNTING_REQUEST 4 -#define PW_ACCOUNTING_RESPONSE 5 -#define PW_ACCOUNTING_STATUS 6 -#define PW_PASSWORD_REQUEST 7 -#define PW_PASSWORD_ACK 8 -#define PW_PASSWORD_REJECT 9 -#define PW_ACCOUNTING_MESSAGE 10 -#define PW_ACCESS_CHALLENGE 11 -#define PW_STATUS_SERVER 12 -#define PW_STATUS_CLIENT 13 -#define PW_DISCONNECT_REQUEST 40 -#define PW_DISCONNECT_ACK 41 -#define PW_DISCONNECT_NAK 42 -#define PW_COA_REQUEST 43 -#define PW_COA_ACK 44 -#define PW_COA_NAK 45 - -#if defined (__cplusplus) -extern "C" { -#endif - -/* Data types. */ -struct rs_context; /* radsec-impl.h */ -struct rs_connection; /* radsec-impl.h */ -struct rs_packet; /* radsec-impl.h */ -struct rs_conn; /* radsec-impl.h */ -struct rs_error; /* radsec-impl.h */ -struct rs_peer; /* radsec-impl.h */ -struct radius_packet; /* <radius/client.h> */ -struct value_pair; /* <radius/client.h> */ -struct event_base; /* <event2/event-internal.h> */ - -typedef void *(*rs_calloc_fp) (size_t nmemb, size_t size); -typedef void *(*rs_malloc_fp) (size_t size); -typedef void (*rs_free_fp) (void *ptr); -typedef void *(*rs_realloc_fp) (void *ptr, size_t size); -struct rs_alloc_scheme { - rs_calloc_fp calloc; - rs_malloc_fp malloc; - rs_free_fp free; - rs_realloc_fp realloc; -}; - -typedef void (*rs_conn_connected_cb) (void *user_data /* FIXME: peer? */ ); -typedef void (*rs_conn_disconnected_cb) (void *user_data /* FIXME: reason? */ ); -typedef void (*rs_conn_packet_received_cb) (struct rs_packet *packet, - void *user_data); -typedef void (*rs_conn_packet_sent_cb) (void *user_data); -struct rs_conn_callbacks { - /** Callback invoked when the connection has been established. */ - rs_conn_connected_cb connected_cb; - /** Callback invoked when the connection has been torn down. */ - rs_conn_disconnected_cb disconnected_cb; - /** Callback invoked when a packet was received. */ - rs_conn_packet_received_cb received_cb; - /** Callback invoked when a packet was successfully sent. */ - rs_conn_packet_sent_cb sent_cb; -}; - -typedef struct value_pair rs_avp; -typedef const struct value_pair rs_const_avp; - -/* Function prototypes. */ - -/*************/ -/* Context. */ -/*************/ -/** Create a context. Freed by calling \a rs_context_destroy. Note - that the context must not be freed before all other libradsec - objects have been freed. - - If support for POSIX threads was detected at configure and build - time \a rs_context_create will use mutexes to protect multiple - threads from stomping on each other in OpenSSL. - - \a ctx Address of pointer to a struct rs_context. This is the - output of this function. - - \return RSE_OK (0) on success, RSE_SSLERR on TLS library - initialisation error and RSE_NOMEM on out of memory. */ -int rs_context_create(struct rs_context **ctx); - -/** Free a context. Note that the context must not be freed before - all other libradsec objects have been freed. */ -void rs_context_destroy(struct rs_context *ctx); - -/** Set allocation scheme to use. \a scheme is the allocation scheme - to use, see \a rs_alloc_scheme. \return On success, RSE_OK (0) is - returned. On error, !0 is returned and a struct \a rs_error is - pushed on the error stack for the context. The error can be - accessed using \a rs_err_ctx_pop. */ -int rs_context_set_alloc_scheme(struct rs_context *ctx, - struct rs_alloc_scheme *scheme); - -/** Read configuration file. \a config_file is the path of the - configuration file to read. \return On success, RSE_OK (0) is - returned. On error, !0 is returned and a struct \a rs_error is - pushed on the error stack for the context. The error can be - accessed using \a rs_err_ctx_pop. */ -int rs_context_read_config(struct rs_context *ctx, const char *config_file); - -/****************/ -/* Connection. */ -/****************/ -/** Create a connection. \a conn is the address of a pointer to an \a - rs_connection, the output. Free the connection using \a - rs_conn_destroy. Note that a connection must not be freed before - all packets associated with the connection have been freed. A - packet is associated with a connection when it's created (\a - rs_packet_create) or received (\a rs_conn_receive_packet). - - If \a config is not NULL it should be the name of a configuration - found in the config file read in using \a rs_context_read_config. - \return On success, RSE_OK (0) is returned. On error, !0 is - returned and a struct \a rs_error is pushed on the error stack for - the context. The error can be accessed using \a - rs_err_ctx_pop. */ -int rs_conn_create(struct rs_context *ctx, - struct rs_connection **conn, - const char *config); - -/** Not implemented. */ -int rs_conn_add_listener(struct rs_connection *conn, - rs_conn_type_t type, - const char *hostname, - int port); -/** Disconnect connection \a conn. \return RSE_OK (0) on success, !0 - * on error. On error, errno is set appropriately. */ -int rs_conn_disconnect (struct rs_connection *conn); - -/** Disconnect and free memory allocated for connection \a conn. Note - that a connection must not be freed before all packets associated - with the connection have been freed. A packet is associated with - a connection when it's created (\a rs_packet_create) or received - (\a rs_conn_receive_packet). \return RSE_OK (0) on success, !0 * - on error. On error, errno is set appropriately. */ -int rs_conn_destroy(struct rs_connection *conn); - -/** Set connection type for \a conn. */ -void rs_conn_set_type(struct rs_connection *conn, rs_conn_type_t type); - -/** Not implemented. */ -int rs_conn_set_eventbase(struct rs_connection *conn, struct event_base *eb); - -/** Register callbacks \a cb for connection \a conn. */ -void rs_conn_set_callbacks(struct rs_connection *conn, - struct rs_conn_callbacks *cb); - -/** Remove callbacks for connection \a conn. */ -void rs_conn_del_callbacks(struct rs_connection *conn); - -/** Return callbacks registered for connection \a conn. \return - Installed callbacks are returned. */ -struct rs_conn_callbacks *rs_conn_get_callbacks(struct rs_connection *conn); - -/** Not implemented. */ -int rs_conn_select_peer(struct rs_connection *conn, const char *name); - -/** Not implemented. */ -int rs_conn_get_current_peer(struct rs_connection *conn, - const char *name, - size_t buflen); - -/** Special function used in blocking mode, i.e. with no callbacks - registered. For any other use of libradsec, a \a received_cb - callback should be registered using \a rs_conn_set_callbacks. - - If \a req_msg is not NULL, a successfully received RADIUS message - is verified against it. If \a pkt_out is not NULL it will upon - return contain a pointer to an \a rs_packet containing the new - message. - - \return On error or if the connect (TCP only) or read times out, - \a pkt_out will not be changed and one or more errors are pushed - on \a conn (available through \a rs_err_conn_pop). */ -int rs_conn_receive_packet(struct rs_connection *conn, - struct rs_packet *request, - struct rs_packet **pkt_out); - -/** Get the file descriptor associated with connection \a conn. - * \return File descriptor. */ -int rs_conn_fd(struct rs_connection *conn); - -/** Set the timeout value for connection \a conn. */ -void rs_conn_set_timeout(struct rs_connection *conn, struct timeval *tv); - -/* Peer -- client and server. */ -int rs_peer_create(struct rs_connection *conn, struct rs_peer **peer_out); -int rs_peer_set_address(struct rs_peer *peer, - const char *hostname, - const char *service); -int rs_peer_set_secret(struct rs_peer *peer, const char *secret); -void rs_peer_set_timeout(struct rs_peer *peer, int timeout); -void rs_peer_set_retries(struct rs_peer *peer, int retries); - -/************/ -/* Packet. */ -/************/ -/** Create a packet associated with connection \a conn. */ -int rs_packet_create(struct rs_connection *conn, struct rs_packet **pkt_out); - -/** Free all memory allocated for packet \a pkt. */ -void rs_packet_destroy(struct rs_packet *pkt); - -/** Send packet \a pkt on the connection associated with \a pkt. - \a user_data is passed to the \a rs_conn_packet_received_cb callback - registered with the connection. If no callback is registered with - the connection, the event loop is run by \a rs_packet_send and it - blocks until the full packet has been sent. Note that sending can - fail in several ways, f.ex. if the transmission protocol in use - is connection oriented (\a RS_CONN_TYPE_TCP and \a RS_CONN_TYPE_TLS) - and the connection can not be established. Also note that no - retransmission is done, something that is required for connectionless - transport protocols (\a RS_CONN_TYPE_UDP and \a RS_CONN_TYPE_DTLS). - The "request" API with \a rs_request_send can help with this. - - \return On success, RSE_OK (0) is returned. On error, !0 is - returned and a struct \a rs_error is pushed on the error stack for - the connection. The error can be accessed using \a rs_err_conn_pop. */ -int rs_packet_send(struct rs_packet *pkt, void *user_data); - -/** Create a RADIUS authentication request packet associated with - connection \a conn. Optionally, User-Name and User-Password - attributes are added to the packet using the data in \a user_name - and \a user_pw. */ -int rs_packet_create_authn_request(struct rs_connection *conn, - struct rs_packet **pkt, - const char *user_name, - const char *user_pw); - -/** Add a new attribute-value pair to \a pkt. */ -int rs_packet_add_avp(struct rs_packet *pkt, - unsigned int attr, unsigned int vendor, - const void *data, size_t data_len); - -/** Append a new attribute to packet \a pkt. Note that this function - encodes the attribute and therefore might require the secret - shared with the thought recipient to be set in pkt->rpkt. Note - also that this function marks \a pkt as already encoded and can - not be used on packets with non-encoded value-pairs already - added. */ -int -rs_packet_append_avp(struct rs_packet *pkt, - unsigned int attribute, unsigned int vendor, - const void *data, size_t data_len); - -/*** Get pointer to \a pkt attribute value pairs. */ -void -rs_packet_avps(struct rs_packet *pkt, rs_avp ***vps); - -/*** Get RADIUS packet type of \a pkt. */ -unsigned int -rs_packet_code(struct rs_packet *pkt); - -/*** Get RADIUS AVP from \a pkt. */ -rs_const_avp * -rs_packet_find_avp(struct rs_packet *pkt, unsigned int attr, unsigned int vendor); - -/*** Set packet identifier in \a pkt; returns old identifier */ -int -rs_packet_set_id (struct rs_packet *pkt, int id); - -/************/ -/* Config. */ -/************/ -/** Find the realm named \a name in the configuration file previoiusly - read in using \a rs_context_read_config. */ -struct rs_realm *rs_conf_find_realm(struct rs_context *ctx, const char *name); - -/***********/ -/* Error. */ -/***********/ -/** Create a struct \a rs_error and push it on a FIFO associated with - context \a ctx. Note: The depth of the error stack is one (1) at - the moment. This will change in a future release. */ -int rs_err_ctx_push(struct rs_context *ctx, int code, const char *fmt, ...); -int rs_err_ctx_push_fl(struct rs_context *ctx, - int code, - const char *file, - int line, - const char *fmt, - ...); -/** Pop the first error from the error FIFO associated with context \a - ctx or NULL if there are no errors in the FIFO. */ -struct rs_error *rs_err_ctx_pop(struct rs_context *ctx); - -/** Create a struct \a rs_error and push it on a FIFO associated with - connection \a conn. Note: The depth of the error stack is one (1) - at the moment. This will change in a future release. */ -int rs_err_conn_push(struct rs_connection *conn, - int code, - const char *fmt, - ...); -int rs_err_conn_push_fl(struct rs_connection *conn, - int code, - const char *file, - int line, - const char *fmt, - ...); -/** Pop the first error from the error FIFO associated with connection - \a conn or NULL if there are no errors in the FIFO. */ -struct rs_error *rs_err_conn_pop(struct rs_connection *conn); - -int rs_err_conn_peek_code (struct rs_connection *conn); -void rs_err_free(struct rs_error *err); -char *rs_err_msg(struct rs_error *err); -int rs_err_code(struct rs_error *err, int dofree_flag); - -/************/ -/* AVPs. */ -/************/ -#define rs_avp_is_string(vp) (rs_avp_typeof(vp) == RS_TYPE_STRING) -#define rs_avp_is_integer(vp) (rs_avp_typeof(vp) == RS_TYPE_INTEGER) -#define rs_avp_is_ipaddr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPADDR) -#define rs_avp_is_date(vp) (rs_avp_typeof(vp) == RS_TYPE_DATE) -#define rs_avp_is_octets(vp) (rs_avp_typeof(vp) == RS_TYPE_OCTETS) -#define rs_avp_is_ifid(vp) (rs_avp_typeof(vp) == RS_TYPE_IFID) -#define rs_avp_is_ipv6addr(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6ADDR) -#define rs_avp_is_ipv6prefix(vp) (rs_avp_typeof(vp) == RS_TYPE_IPV6PREFIX) -#define rs_avp_is_byte(vp) (rs_avp_typeof(vp) == RS_TYPE_BYTE) -#define rs_avp_is_short(vp) (rs_avp_typeof(vp) == RS_TYPE_SHORT) -#define rs_avp_is_tlv(vp) (rs_avp_typeof(vp) == RS_TYPE_TLV) - -/** The maximum length of a RADIUS attribute. - * - * The RFCs require that a RADIUS attribute transport no more than - * 253 octets of data. We add an extra byte for a trailing NUL, so - * that the VALUE_PAIR::vp_strvalue field can be handled as a C - * string. - */ -#define RS_MAX_STRING_LEN 254 - -/** Free the AVP list \a vps */ -void -rs_avp_free(rs_avp **vps); - -/** Return the length of AVP \a vp in bytes */ -size_t -rs_avp_length(rs_const_avp *vp); - -/** Return the type of \a vp */ -rs_attr_type_t -rs_avp_typeof(rs_const_avp *vp); - -/** Retrieve the attribute and vendor ID of \a vp */ -void -rs_avp_attrid(rs_const_avp *vp, unsigned int *attr, unsigned int *vendor); - -/** Add \a vp to the list pointed to by \a head */ -void -rs_avp_append(rs_avp **head, rs_avp *vp); - -/** Find an AVP in \a vp that matches \a attr and \a vendor */ -rs_avp * -rs_avp_find(rs_avp *vp, unsigned int attr, unsigned int vendor); - -/** Find an AVP in \a vp that matches \a attr and \a vendor */ -rs_const_avp * -rs_avp_find_const(rs_const_avp *vp, unsigned int attr, unsigned int vendor); - -/** Alloc a new AVP for \a attr and \a vendor */ -rs_avp * -rs_avp_alloc(unsigned int attr, unsigned int vendor); - -/** Duplicate existing AVP \a vp */ -rs_avp * -rs_avp_dup(rs_const_avp *vp); - -/** Remove matching AVP from list \a vps */ -int -rs_avp_delete(rs_avp **vps, unsigned int attr, unsigned int vendor); - -/** Return next AVP in list */ -rs_avp * -rs_avp_next(rs_avp *vp); - -/** Return next AVP in list */ -rs_const_avp * -rs_avp_next_const(rs_const_avp *avp); - -/** Return string value of \a vp */ -const char * -rs_avp_string_value(rs_const_avp *vp); - -/** Set AVP \a vp to string \a str */ -int -rs_avp_string_set(rs_avp *vp, const char *str); - -/** Return integer value of \a vp */ -uint32_t -rs_avp_integer_value(rs_const_avp *vp); - -/** Set AVP \a vp to integer \a val */ -int -rs_avp_integer_set(rs_avp *vp, uint32_t val); - -/** Return IPv4 value of \a vp */ -uint32_t -rs_avp_ipaddr_value(rs_const_avp *vp); - -/** Set AVP \a vp to IPv4 address \a in */ -int -rs_avp_ipaddr_set(rs_avp *vp, struct in_addr in); - -/** Return POSIX time value of \a vp */ -time_t -rs_avp_date_value(rs_const_avp *vp); - -/** Set AVP \a vp to POSIX time \a date */ -int -rs_avp_date_set(rs_avp *vp, time_t date); - -/** Return constant pointer to octets in \a vp */ -const unsigned char * -rs_avp_octets_value_const_ptr(rs_const_avp *vp); - -/** Return pointer to octets in \a vp */ -unsigned char * -rs_avp_octets_value_ptr(rs_avp *vp); - -/** Retrieve octet pointer \a p and length \a len from \a vp */ -int -rs_avp_octets_value_byref(rs_avp *vp, - unsigned char **p, - size_t *len); - -/** Copy octets from \a vp into \a buf and \a len */ -int -rs_avp_octets_value(rs_const_avp *vp, - unsigned char *buf, - size_t *len); - -/** - * Copy octets possibly fragmented across multiple VPs - * into \a buf and \a len - */ -int -rs_avp_fragmented_value(rs_const_avp *vps, - unsigned char *buf, - size_t *len); - -/** Copy \a len octets in \a buf to AVP \a vp */ -int -rs_avp_octets_set(rs_avp *vp, - const unsigned char *buf, - size_t len); - -/** Return IFID value of \a vp */ -int -rs_avp_ifid_value(rs_const_avp *vp, uint8_t val[8]); - -int -rs_avp_ifid_set(rs_avp *vp, const uint8_t val[8]); - -/** Return byte value of \a vp */ -uint8_t -rs_avp_byte_value(rs_const_avp *vp); - -/** Set AVP \a vp to byte \a val */ -int -rs_avp_byte_set(rs_avp *vp, uint8_t val); - -/** Return short value of \a vp */ -uint16_t -rs_avp_short_value(rs_const_avp *vp); - -/** Set AVP \a vp to short integer \a val */ -int -rs_avp_short_set(rs_avp *vp, uint16_t val); - -/** Display possibly \a canonical attribute name into \a buffer */ -int -rs_attr_display_name (unsigned int attr, - unsigned int vendor, - char *buffer, - size_t bufsize, - int canonical); - -/** Display AVP \a vp into \a buffer */ -size_t -rs_avp_display_value(rs_const_avp *vp, - char *buffer, - size_t buflen); - -int -rs_attr_parse_name (const char *name, - unsigned int *attr, - unsigned int *vendor); - -/** Lookup attribute \a name */ -int -rs_attr_find(const char *name, - unsigned int *attr, - unsigned int *vendor); - -/** Return dictionary name for AVP \a vp */ -const char * -rs_avp_name(rs_const_avp *vp); - -#if defined (__cplusplus) -} -#endif - -#endif /* _RADSEC_RADSEC_H_ */ - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/include/radsec/request-impl.h b/lib/include/radsec/request-impl.h deleted file mode 100644 index 97335e5..0000000 --- a/lib/include/radsec/request-impl.h +++ /dev/null @@ -1,24 +0,0 @@ -/* Copyright 2010-2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#ifndef _RADSEC_REQUEST_IMPL_H_ -#define _RADSEC_REQUEST_IMPL_H_ 1 - -#if defined (__cplusplus) -extern "C" { -#endif - -struct rs_request -{ - struct rs_connection *conn; - struct event *timer; - struct rs_packet *req_msg; - struct rs_conn_callbacks saved_cb; - void *saved_user_data; -}; - -#if defined (__cplusplus) -} -#endif - -#endif /* _RADSEC_REQUEST_IMPL_H_ */ diff --git a/lib/include/radsec/request.h b/lib/include/radsec/request.h deleted file mode 100644 index d4c72b3..0000000 --- a/lib/include/radsec/request.h +++ /dev/null @@ -1,50 +0,0 @@ -/** \file request.h - \brief Public interface for libradsec request's. */ - -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#ifndef _RADSEC_REQUEST_H_ -#define _RADSEC_REQUEST_H_ 1 - -struct rs_request; - -#if defined (__cplusplus) -extern "C" { -#endif - -/** Create a request associated with connection \a conn. */ -int rs_request_create(struct rs_connection *conn, struct rs_request **req_out); - -/** Add RADIUS request message \a req_msg to request \a req. - FIXME: Rename to rs_request_add_reqmsg? */ -void rs_request_add_reqpkt(struct rs_request *req, struct rs_packet *req_msg); - -/** Create a request associated with connection \a conn containing a - newly created RADIUS authentication message, possibly with \a - user_name and \a user_pw attributes. \a user_name and _user_pw - are optional and can be NULL. */ -int rs_request_create_authn(struct rs_connection *conn, - struct rs_request **req_out, - const char *user_name, - const char *user_pw); - -/** Send request \a req and wait for a matching response. The - response is put in \a resp_msg (if not NULL). NOTE: At present, - no more than one outstanding request to a given realm is - supported. This will change in a future version. */ -int rs_request_send(struct rs_request *req, struct rs_packet **resp_msg); - -/** Free all memory allocated by request \a req including any request - packet associated with the request. Note that a request must be - freed before its associated connection can be freed. */ -void rs_request_destroy(struct rs_request *req); - -/** Return request message in request \a req. */ -struct rs_packet *rs_request_get_reqmsg(const struct rs_request *req); - -#if defined (__cplusplus) -} -#endif - -#endif /* _RADSEC_REQUEST_H_ */ diff --git a/lib/libradsec.spec.in b/lib/libradsec.spec.in deleted file mode 100644 index e301aff..0000000 --- a/lib/libradsec.spec.in +++ /dev/null @@ -1,77 +0,0 @@ -Name: @PACKAGE@ -Version: @PACKAGE_VERSION@ -Release: 1%{?dist} -Summary: RADIUS over TLS library - -Group: System Environment/Libraries -License: BSD -URL: http://software.uninett.no/radsecproxy/?page=documentation -Source0: %{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root - - - -BuildRequires: openssl-devel -BuildRequires: libconfuse-devel -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -BuildRequires: libevent-devel >= 2.0 - - - -%description - Libradsec is a RADIUS over TLS library. - - -%package devel -Summary: Development files for %{name} -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -The %{name}-devel package contains libraries and header files for -developing applications that use %{name}. - - -%prep -%setup -q - - -%build - export CPPFLAGS='-I%{_includedir}' - export LDFLAGS='-L%{_libdir}' -%configure --disable-static --enable-tls --enable-tls-psk -make %{?_smp_mflags} - - -%install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' - - -%clean -rm -rf $RPM_BUILD_ROOT - - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - - -%files -%defattr(-,root,root,-) -%doc README -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root,-) -%{_includedir}/* -%{_libdir}/*.so - - -%changelog -* Tue Sep 27 2011 <hartmans@moonbuildcentos.dev.ja.net> - %{version}-1 -- initial version - diff --git a/lib/md5.c b/lib/md5.c deleted file mode 100644 index f4ac436..0000000 --- a/lib/md5.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. - * MD5 Message-Digest Algorithm (RFC 1321). - * - * Homepage: - * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 - * - * Author: - * Alexander Peslyak, better known as Solar Designer <solar at openwall.com> - * - * This software was written by Alexander Peslyak in 2001. No copyright is - * claimed, and the software is hereby placed in the public domain. - * In case this attempt to disclaim copyright and place the software in the - * public domain is deemed null and void, then the software is - * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the - * general public under the following terms: - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted. - * - * There's ABSOLUTELY NO WARRANTY, express or implied. - * - * (This is a heavily cut-down "BSD license".) - * - * This differs from Colin Plumb's older public domain implementation in that - * no exactly 32-bit integer data type is required (any 32-bit or wider - * unsigned integer data type will do), there's no compile-time endianness - * configuration, and the function prototypes match OpenSSL's. No code from - * Colin Plumb's implementation has been reused; this comment merely compares - * the properties of the two independent implementations. - * - * The primary goals of this implementation are portability and ease of use. - * It is meant to be fast, but not as fast as possible. Some known - * optimizations are not included to reduce source code size and avoid - * compile-time configuration. - */ - -#ifndef HAVE_OPENSSL - -#include <string.h> - -#include "md5.h" - -/* - * The basic MD5 functions. - * - * F and G are optimized compared to their RFC 1321 definitions for - * architectures that lack an AND-NOT instruction, just like in Colin Plumb's - * implementation. - */ -#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) -#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | ~(z))) - -/* - * The MD5 transformation for all four rounds. - */ -#define STEP(f, a, b, c, d, x, t, s) \ - (a) += f((b), (c), (d)) + (x) + (t); \ - (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \ - (a) += (b); - -/* - * SET reads 4 input bytes in little-endian byte order and stores them - * in a properly aligned word in host byte order. - * - * The check for little-endian architectures that tolerate unaligned - * memory accesses is just an optimization. Nothing will break if it - * doesn't work. - */ -#if defined(__i386__) || defined(__x86_64__) || defined(__vax__) -#define SET(n) \ - (*(MD5_u32plus *)&ptr[(n) * 4]) -#define GET(n) \ - SET(n) -#else -#define SET(n) \ - (ctx->block[(n)] = \ - (MD5_u32plus)ptr[(n) * 4] | \ - ((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \ - ((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \ - ((MD5_u32plus)ptr[(n) * 4 + 3] << 24)) -#define GET(n) \ - (ctx->block[(n)]) -#endif - -/* - * This processes one or more 64-byte data blocks, but does NOT update - * the bit counters. There are no alignment requirements. - */ -static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) -{ - const unsigned char *ptr; - MD5_u32plus a, b, c, d; - MD5_u32plus saved_a, saved_b, saved_c, saved_d; - - ptr = data; - - a = ctx->a; - b = ctx->b; - c = ctx->c; - d = ctx->d; - - do { - saved_a = a; - saved_b = b; - saved_c = c; - saved_d = d; - -/* Round 1 */ - STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) - STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12) - STEP(F, c, d, a, b, SET(2), 0x242070db, 17) - STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22) - STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7) - STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12) - STEP(F, c, d, a, b, SET(6), 0xa8304613, 17) - STEP(F, b, c, d, a, SET(7), 0xfd469501, 22) - STEP(F, a, b, c, d, SET(8), 0x698098d8, 7) - STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12) - STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17) - STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22) - STEP(F, a, b, c, d, SET(12), 0x6b901122, 7) - STEP(F, d, a, b, c, SET(13), 0xfd987193, 12) - STEP(F, c, d, a, b, SET(14), 0xa679438e, 17) - STEP(F, b, c, d, a, SET(15), 0x49b40821, 22) - -/* Round 2 */ - STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5) - STEP(G, d, a, b, c, GET(6), 0xc040b340, 9) - STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14) - STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20) - STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5) - STEP(G, d, a, b, c, GET(10), 0x02441453, 9) - STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14) - STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20) - STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5) - STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9) - STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14) - STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20) - STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5) - STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9) - STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14) - STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20) - -/* Round 3 */ - STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4) - STEP(H, d, a, b, c, GET(8), 0x8771f681, 11) - STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16) - STEP(H, b, c, d, a, GET(14), 0xfde5380c, 23) - STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4) - STEP(H, d, a, b, c, GET(4), 0x4bdecfa9, 11) - STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16) - STEP(H, b, c, d, a, GET(10), 0xbebfbc70, 23) - STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4) - STEP(H, d, a, b, c, GET(0), 0xeaa127fa, 11) - STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16) - STEP(H, b, c, d, a, GET(6), 0x04881d05, 23) - STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4) - STEP(H, d, a, b, c, GET(12), 0xe6db99e5, 11) - STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16) - STEP(H, b, c, d, a, GET(2), 0xc4ac5665, 23) - -/* Round 4 */ - STEP(I, a, b, c, d, GET(0), 0xf4292244, 6) - STEP(I, d, a, b, c, GET(7), 0x432aff97, 10) - STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15) - STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21) - STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6) - STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10) - STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15) - STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21) - STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6) - STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10) - STEP(I, c, d, a, b, GET(6), 0xa3014314, 15) - STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21) - STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6) - STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10) - STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15) - STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21) - - a += saved_a; - b += saved_b; - c += saved_c; - d += saved_d; - - ptr += 64; - } while (size -= 64); - - ctx->a = a; - ctx->b = b; - ctx->c = c; - ctx->d = d; - - return ptr; -} - -void MD5_Init(MD5_CTX *ctx) -{ - ctx->a = 0x67452301; - ctx->b = 0xefcdab89; - ctx->c = 0x98badcfe; - ctx->d = 0x10325476; - - ctx->lo = 0; - ctx->hi = 0; -} - -void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) -{ - MD5_u32plus saved_lo; - unsigned long used, free; - - saved_lo = ctx->lo; - if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo) - ctx->hi++; - ctx->hi += size >> 29; - - used = saved_lo & 0x3f; - - if (used) { - free = 64 - used; - - if (size < free) { - memcpy(&ctx->buffer[used], data, size); - return; - } - - memcpy(&ctx->buffer[used], data, free); - data = (unsigned char *)data + free; - size -= free; - body(ctx, ctx->buffer, 64); - } - - if (size >= 64) { - data = body(ctx, data, size & ~(unsigned long)0x3f); - size &= 0x3f; - } - - memcpy(ctx->buffer, data, size); -} - -void MD5_Final(unsigned char *result, MD5_CTX *ctx) -{ - unsigned long used, free; - - used = ctx->lo & 0x3f; - - ctx->buffer[used++] = 0x80; - - free = 64 - used; - - if (free < 8) { - memset(&ctx->buffer[used], 0, free); - body(ctx, ctx->buffer, 64); - used = 0; - free = 64; - } - - memset(&ctx->buffer[used], 0, free - 8); - - ctx->lo <<= 3; - ctx->buffer[56] = ctx->lo; - ctx->buffer[57] = ctx->lo >> 8; - ctx->buffer[58] = ctx->lo >> 16; - ctx->buffer[59] = ctx->lo >> 24; - ctx->buffer[60] = ctx->hi; - ctx->buffer[61] = ctx->hi >> 8; - ctx->buffer[62] = ctx->hi >> 16; - ctx->buffer[63] = ctx->hi >> 24; - - body(ctx, ctx->buffer, 64); - - result[0] = ctx->a; - result[1] = ctx->a >> 8; - result[2] = ctx->a >> 16; - result[3] = ctx->a >> 24; - result[4] = ctx->b; - result[5] = ctx->b >> 8; - result[6] = ctx->b >> 16; - result[7] = ctx->b >> 24; - result[8] = ctx->c; - result[9] = ctx->c >> 8; - result[10] = ctx->c >> 16; - result[11] = ctx->c >> 24; - result[12] = ctx->d; - result[13] = ctx->d >> 8; - result[14] = ctx->d >> 16; - result[15] = ctx->d >> 24; - - memset(ctx, 0, sizeof(*ctx)); -} - -#endif diff --git a/lib/md5.h b/lib/md5.h deleted file mode 100644 index 2da44bf..0000000 --- a/lib/md5.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc. - * MD5 Message-Digest Algorithm (RFC 1321). - * - * Homepage: - * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 - * - * Author: - * Alexander Peslyak, better known as Solar Designer <solar at openwall.com> - * - * This software was written by Alexander Peslyak in 2001. No copyright is - * claimed, and the software is hereby placed in the public domain. - * In case this attempt to disclaim copyright and place the software in the - * public domain is deemed null and void, then the software is - * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the - * general public under the following terms: - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted. - * - * There's ABSOLUTELY NO WARRANTY, express or implied. - * - * See md5.c for more information. - */ - -#ifdef HAVE_OPENSSL -#include <openssl/md5.h> -#elif !defined(_MD5_H) -#define _MD5_H - -/* Any 32-bit or wider unsigned integer data type will do */ -typedef unsigned int MD5_u32plus; - -typedef struct { - MD5_u32plus lo, hi; - MD5_u32plus a, b, c, d; - unsigned char buffer[64]; - MD5_u32plus block[16]; -} MD5_CTX; - -extern void MD5_Init(MD5_CTX *ctx); -extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size); -extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); - -#endif diff --git a/lib/packet.c b/lib/packet.c deleted file mode 100644 index 5daad25..0000000 --- a/lib/packet.c +++ /dev/null @@ -1,294 +0,0 @@ -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdlib.h> -#include <assert.h> -#include <radius/client.h> -#include <event2/bufferevent.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "conn.h" -#include "debug.h" -#include "packet.h" - -#if defined (DEBUG) -#include <netdb.h> -#include <sys/socket.h> -#include <event2/buffer.h> -#endif - -int -packet_verify_response (struct rs_connection *conn, - struct rs_packet *response, - struct rs_packet *request) -{ - int err; - - assert (conn); - assert (conn->active_peer); - assert (conn->active_peer->secret); - assert (response); - assert (response->rpkt); - assert (request); - assert (request->rpkt); - - response->rpkt->secret = conn->active_peer->secret; - response->rpkt->sizeof_secret = strlen (conn->active_peer->secret); - - /* Verify header and message authenticator. */ - err = nr_packet_verify (response->rpkt, request->rpkt); - if (err) - { - if (conn->is_connected) - rs_conn_disconnect(conn); - return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, - "nr_packet_verify"); - } - - /* Decode and decrypt. */ - err = nr_packet_decode (response->rpkt, request->rpkt); - if (err) - { - if (conn->is_connected) - rs_conn_disconnect(conn); - return rs_err_conn_push_fl (conn, -err, __FILE__, __LINE__, - "nr_packet_decode"); - } - - return RSE_OK; -} - - -/* Badly named function for preparing a RADIUS message and queue it. - FIXME: Rename. */ -int -packet_do_send (struct rs_packet *pkt) -{ - int err; - - assert (pkt); - assert (pkt->conn); - assert (pkt->conn->active_peer); - assert (pkt->conn->active_peer->secret); - assert (pkt->rpkt); - - pkt->rpkt->secret = pkt->conn->active_peer->secret; - pkt->rpkt->sizeof_secret = strlen (pkt->rpkt->secret); - - /* Encode message. */ - err = nr_packet_encode (pkt->rpkt, NULL); - if (err < 0) - return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, - "nr_packet_encode"); - /* Sign message. */ - err = nr_packet_sign (pkt->rpkt, NULL); - if (err < 0) - return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, - "nr_packet_sign"); -#if defined (DEBUG) - { - char host[80], serv[80]; - - getnameinfo (pkt->conn->active_peer->addr_cache->ai_addr, - pkt->conn->active_peer->addr_cache->ai_addrlen, - host, sizeof(host), serv, sizeof(serv), - 0 /* NI_NUMERICHOST|NI_NUMERICSERV*/); - rs_debug (("%s: about to send this to %s:%s:\n", __func__, host, serv)); - rs_dump_packet (pkt); - } -#endif - - /* Put message in output buffer. */ - if (pkt->conn->bev) /* TCP. */ - { - int err = bufferevent_write (pkt->conn->bev, pkt->rpkt->data, - pkt->rpkt->length); - if (err < 0) - return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__, - "bufferevent_write: %s", - evutil_gai_strerror (err)); - } - else /* UDP. */ - { - struct rs_packet **pp = &pkt->conn->out_queue; - - while (*pp && (*pp)->next) - *pp = (*pp)->next; - *pp = pkt; - } - - return RSE_OK; -} - -/* Public functions. */ -int -rs_packet_create (struct rs_connection *conn, struct rs_packet **pkt_out) -{ - struct rs_packet *p; - RADIUS_PACKET *rpkt; - int err; - - *pkt_out = NULL; - - rpkt = rs_malloc (conn->ctx, sizeof(*rpkt) + RS_MAX_PACKET_LEN); - if (rpkt == NULL) - return rs_err_conn_push (conn, RSE_NOMEM, __func__); - - err = nr_packet_init (rpkt, NULL, NULL, - PW_ACCESS_REQUEST, - rpkt + 1, RS_MAX_PACKET_LEN); - if (err < 0) - return rs_err_conn_push (conn, -err, __func__); - - p = (struct rs_packet *) rs_calloc (conn->ctx, 1, sizeof (*p)); - if (p == NULL) - { - rs_free (conn->ctx, rpkt); - return rs_err_conn_push (conn, RSE_NOMEM, __func__); - } - p->conn = conn; - p->rpkt = rpkt; - - *pkt_out = p; - return RSE_OK; -} - -int -rs_packet_create_authn_request (struct rs_connection *conn, - struct rs_packet **pkt_out, - const char *user_name, const char *user_pw) -{ - struct rs_packet *pkt; - int err; - - if (rs_packet_create (conn, pkt_out)) - return -1; - - pkt = *pkt_out; - pkt->rpkt->code = PW_ACCESS_REQUEST; - - if (user_name) - { - err = rs_packet_add_avp (pkt, PW_USER_NAME, 0, user_name, - strlen (user_name)); - if (err) - return err; - } - - if (user_pw) - { - err = rs_packet_add_avp (pkt, PW_USER_PASSWORD, 0, user_pw, - strlen (user_pw)); - if (err) - return err; - } - - return RSE_OK; -} - -void -rs_packet_destroy (struct rs_packet *pkt) -{ - assert (pkt); - assert (pkt->conn); - assert (pkt->conn->ctx); - - rs_avp_free (&pkt->rpkt->vps); - rs_free (pkt->conn->ctx, pkt->rpkt); - rs_free (pkt->conn->ctx, pkt); -} - -int -rs_packet_add_avp (struct rs_packet *pkt, - unsigned int attr, unsigned int vendor, - const void *data, size_t data_len) - -{ - const DICT_ATTR *da; - VALUE_PAIR *vp; - int err; - - assert (pkt); - assert (pkt->conn); - assert (pkt->conn->ctx); - - da = nr_dict_attr_byvalue (attr, vendor); - if (da == NULL) - return rs_err_conn_push (pkt->conn, RSE_ATTR_TYPE_UNKNOWN, - "nr_dict_attr_byvalue"); - vp = rs_malloc (pkt->conn->ctx, sizeof(*vp)); - if (vp == NULL) - return rs_err_conn_push (pkt->conn, RSE_NOMEM, NULL); - if (nr_vp_init (vp, da) == NULL) - { - nr_vp_free (&vp); - return rs_err_conn_push (pkt->conn, RSE_INTERNAL, NULL); - } - err = nr_vp_set_data (vp, data, data_len); - if (err < 0) - { - nr_vp_free (&vp); - return rs_err_conn_push (pkt->conn, -err, "nr_vp_set_data"); - } - nr_vps_append (&pkt->rpkt->vps, vp); - - return RSE_OK; -} - -/* TODO: Rename rs_packet_append_avp, indicating that encoding is - being done. */ -int -rs_packet_append_avp (struct rs_packet *pkt, - unsigned int attr, unsigned int vendor, - const void *data, size_t data_len) -{ - const DICT_ATTR *da; - int err; - - assert (pkt); - - da = nr_dict_attr_byvalue (attr, vendor); - if (da == NULL) - return rs_err_conn_push (pkt->conn, RSE_ATTR_TYPE_UNKNOWN, __func__); - - err = nr_packet_attr_append (pkt->rpkt, NULL, da, data, data_len); - if (err < 0) - return rs_err_conn_push (pkt->conn, -err, __func__); - - return RSE_OK; -} - -void -rs_packet_avps (struct rs_packet *pkt, rs_avp ***vps) -{ - assert (pkt); - *vps = &pkt->rpkt->vps; -} - -unsigned int -rs_packet_code (struct rs_packet *pkt) -{ - assert (pkt); - return pkt->rpkt->code; -} - -rs_const_avp * -rs_packet_find_avp (struct rs_packet *pkt, unsigned int attr, unsigned int vendor) -{ - assert (pkt); - return rs_avp_find_const (pkt->rpkt->vps, attr, vendor); -} - -int -rs_packet_set_id (struct rs_packet *pkt, int id) -{ - int old = pkt->rpkt->id; - - pkt->rpkt->id = id; - - return old; -} diff --git a/lib/packet.h b/lib/packet.h deleted file mode 100644 index 7cdbb35..0000000 --- a/lib/packet.h +++ /dev/null @@ -1,7 +0,0 @@ -/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -int packet_do_send (struct rs_packet *pkt); -int packet_verify_response (struct rs_connection *conn, - struct rs_packet *response, - struct rs_packet *request); diff --git a/lib/peer.c b/lib/peer.c deleted file mode 100644 index decc64b..0000000 --- a/lib/peer.c +++ /dev/null @@ -1,113 +0,0 @@ -/* Copyright 2010-2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <assert.h> -#include <stdlib.h> -#include <string.h> - -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "err.h" -#include "peer.h" -#include "util.h" - -struct rs_peer * -peer_pick_peer (struct rs_connection *conn) -{ - assert (conn); - - if (conn->active_peer) - conn->active_peer = conn->active_peer->next; /* Next. */ - if (!conn->active_peer) - conn->active_peer = conn->peers; /* From the top. */ - - return conn->active_peer; -} - -struct rs_peer * -peer_create (struct rs_context *ctx, struct rs_peer **rootp) -{ - struct rs_peer *p; - - p = (struct rs_peer *) rs_malloc (ctx, sizeof(*p)); - if (p) - { - memset (p, 0, sizeof(struct rs_peer)); - if (*rootp) - { - p->next = (*rootp)->next; - (*rootp)->next = p; - } - else - *rootp = p; - } - return p; -} - -/* Public functions. */ -int -rs_peer_create (struct rs_connection *conn, struct rs_peer **peer_out) -{ - struct rs_peer *peer; - - peer = peer_create (conn->ctx, &conn->peers); - if (peer) - { - peer->conn = conn; - peer->realm->timeout = 2; /* FIXME: Why? */ - peer->realm->retries = 2; /* FIXME: Why? */ - } - else - return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - if (*peer_out) - *peer_out = peer; - return RSE_OK; -} - -int -rs_peer_set_address (struct rs_peer *peer, const char *hostname, - const char *service) -{ - assert (peer); - assert (peer->conn); - assert (peer->conn->ctx); - - peer->hostname = rs_strdup (peer->conn->ctx, hostname); - peer->service = rs_strdup (peer->conn->ctx, service); - if (peer->hostname == NULL || peer->service == NULL) - return RSE_NOMEM; - - return RSE_OK; -} - -void -rs_peer_set_timeout (struct rs_peer *peer, int timeout) -{ - assert (peer); - assert (peer->realm); - peer->realm->timeout = timeout; -} -void -rs_peer_set_retries (struct rs_peer *peer, int retries) -{ - assert (peer); - assert (peer->realm); - peer->realm->retries = retries; -} - -int -rs_peer_set_secret (struct rs_peer *peer, const char *secret) -{ - if (peer->secret) - free (peer->secret); - peer->secret = (char *) malloc (strlen(secret) + 1); - if (!peer->secret) - return rs_err_conn_push (peer->conn, RSE_NOMEM, NULL); - strcpy (peer->secret, secret); - return RSE_OK; -} - diff --git a/lib/peer.h b/lib/peer.h deleted file mode 100644 index b15395f..0000000 --- a/lib/peer.h +++ /dev/null @@ -1,5 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -struct rs_peer *peer_create (struct rs_context *ctx, struct rs_peer **rootp); -struct rs_peer *peer_pick_peer (struct rs_connection *conn); diff --git a/lib/radius/.gitignore b/lib/radius/.gitignore deleted file mode 100644 index 1af03df..0000000 --- a/lib/radius/.gitignore +++ /dev/null @@ -1 +0,0 @@ -dictionaries.c diff --git a/lib/radius/LICENSE b/lib/radius/LICENSE deleted file mode 100644 index 01dbe92..0000000 --- a/lib/radius/LICENSE +++ /dev/null @@ -1,24 +0,0 @@ -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/lib/radius/Makefile.am b/lib/radius/Makefile.am deleted file mode 100644 index ba09db0..0000000 --- a/lib/radius/Makefile.am +++ /dev/null @@ -1,44 +0,0 @@ -AUTOMAKE_OPTIONS = foreign -ACLOCAL_AMFLAGS = -I m4 - -BUILT_SOURCES = dictionaries.c -AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir) -AM_CFLAGS = -Wall -g - -noinst_LTLIBRARIES = libradsec-radius.la - -libradsec_radius_la_SOURCES = \ - attrs.c \ - crypto.c \ - custom.c \ - dict.c \ - client.h \ - id.c \ - parse.c \ - print.c \ - radpkt.c \ - static.c \ - valuepair.c - -libradsec_radius_la_SOURCES += client.h - -libradsec_radius_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H - -DICTIONARIES = \ - share/dictionary.txt \ - share/dictionary.juniper \ - share/dictionary.microsoft \ - share/dictionary.ukerna \ - share/dictionary.abfab.ietf - -EXTRA_DIST = dictionaries.c $(DICTIONARIES) common.pl convert.pl - -$(top_srcdir)/include/radsec/radius.h dictionaries.c: ${DICTIONARIES} convert.pl common.pl - $(srcdir)/convert.pl ${DICTIONARIES} - -static.$(OBJEXT): static.c dictionaries.c - -clean-local: - rm -f dictionaries.c - -$(libradsec_radius_la_SOURCES): $(top_srcdir)/include/radsec/radius.h diff --git a/lib/radius/attrs.c b/lib/radius/attrs.c deleted file mode 100644 index 21cd3f0..0000000 --- a/lib/radius/attrs.c +++ /dev/null @@ -1,1411 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file attrs.c - * \brief Attribute encoding and decoding routines. - */ - -#include "client.h" - -/* - * Encodes the data portion of an attribute. - * Returns -1 on error, or the length of the data portion. - */ -static ssize_t vp2data_any(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - int nest, - const VALUE_PAIR **pvp, - uint8_t *start, size_t room) -{ - uint32_t lvalue; - ssize_t len; - const uint8_t *data; - uint8_t *ptr = start; - uint8_t array[4]; - const VALUE_PAIR *vp = *pvp; - -#ifdef RS_TYPE_TLV - /* - * See if we need to encode a TLV. The low portion of - * the attribute has already been placed into the packer. - * If there are still attribute bytes left, then go - * encode them as TLVs. - * - * If we cared about the stack, we could unroll the loop. - */ - if ((nest > 0) && (nest <= nr_attr_max_tlv) && - ((vp->da->attr >> nr_attr_shift[nest]) != 0)) { - return vp2data_tlvs(packet, original, nest, pvp, - start, room); - } -#else - nest = nest; /* -Wunused */ -#endif - - /* - * Set up the default sources for the data. - */ - data = vp->vp_octets; - len = vp->length; - - switch(vp->da->type) { - case RS_TYPE_IPV6PREFIX: - len = sizeof(vp->vp_ipv6prefix); - break; - - case RS_TYPE_STRING: - case RS_TYPE_OCTETS: - case RS_TYPE_IFID: - case RS_TYPE_IPV6ADDR: -#ifdef RS_TYPE_ABINARY - case RS_TYPE_ABINARY: -#endif - /* nothing more to do */ - break; - - case RS_TYPE_BYTE: - len = 1; /* just in case */ - array[0] = vp->vp_integer & 0xff; - data = array; - break; - - case RS_TYPE_SHORT: - len = 2; /* just in case */ - array[0] = (vp->vp_integer >> 8) & 0xff; - array[1] = vp->vp_integer & 0xff; - data = array; - break; - - case RS_TYPE_INTEGER: - len = 4; /* just in case */ - lvalue = htonl(vp->vp_integer); - memcpy(array, &lvalue, sizeof(lvalue)); - data = array; - break; - - case RS_TYPE_IPADDR: - data = (const uint8_t *) &vp->vp_ipaddr; - len = 4; /* just in case */ - break; - - /* - * There are no tagged date attributes. - */ - case RS_TYPE_DATE: - lvalue = htonl(vp->vp_date); - data = (const uint8_t *) &lvalue; - len = 4; /* just in case */ - break; - -#ifdef VENDORPEC_WIMAX - case RS_TYPE_SIGNED: - { - int32_t slvalue; - - len = 4; /* just in case */ - slvalue = htonl(vp->vp_signed); - memcpy(array, &slvalue, sizeof(slvalue)); - break; - } -#endif - -#ifdef RS_TYPE_TLV - case RS_TYPE_TLV: - data = vp->vp_tlv; - if (!data) { - nr_debug_error("ERROR: Cannot encode NULL TLV"); - return -RSE_INVAL; - } - len = vp->length; - break; -#endif - - default: /* unknown type: ignore it */ - nr_debug_error("ERROR: Unknown attribute type %d", vp->da->type); - return -RSE_ATTR_TYPE_UNKNOWN; - } - - /* - * Bound the data to the calling size - */ - if (len > (ssize_t) room) len = room; - -#ifndef FLAG_ENCRYPT_TUNNEL_PASSWORD - original = original; /* -Wunused */ -#endif - - /* - * Encrypt the various password styles - * - * Attributes with encrypted values MUST be less than - * 128 bytes long. - */ - switch (vp->da->flags.encrypt) { - case FLAG_ENCRYPT_USER_PASSWORD: - len = nr_password_encrypt(ptr, room, data, len, - packet->secret, packet->vector); - break; - -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - case FLAG_ENCRYPT_TUNNEL_PASSWORD: - lvalue = 0; - if (vp->da->flags.has_tag) lvalue = 1; - - /* - * Check if there's enough room. If there isn't, - * we discard the attribute. - * - * This is ONLY a problem if we have multiple VSA's - * in one Vendor-Specific, though. - */ - if (room < (18 + lvalue)) { - *pvp = vp->next; - return 0; - } - - switch (packet->code) { - case PW_ACCESS_ACCEPT: - case PW_ACCESS_REJECT: - case PW_ACCESS_CHALLENGE: - default: - if (!original) { - nr_debug_error("ERROR: No request packet, cannot encrypt %s attribute in the vp.", vp->da->name); - return -RSE_REQUEST_REQUIRED; - } - - if (lvalue) ptr[0] = vp->tag; - len = nr_tunnelpw_encrypt(ptr + lvalue, - room - lvalue, data, len, - packet->secret, - original->vector); - if (len < 0) return len; - break; - case PW_ACCOUNTING_REQUEST: - case PW_DISCONNECT_REQUEST: - case PW_COA_REQUEST: - ptr[0] = vp->tag; - len = nr_tunnelpw_encrypt(ptr + 1, room, data, len - 1, - packet->secret, - packet->vector); - if (len < 0) return len; - break; - } - break; -#endif - - /* - * The code above ensures that this attribute - * always fits. - */ -#ifdef FLAG_ENCRYPT_ASCEND_SECRET - case FLAG_ENCRYPT_ASCEND_SECRET: - make_secret(ptr, packet->vector, packet->secret, data); - len = AUTH_VECTOR_LEN; - break; -#endif - - default: - if (vp->da->flags.has_tag && TAG_VALID(vp->tag)) { - if (vp->da->type == RS_TYPE_STRING) { - if (len > ((ssize_t) (room - 1))) len = room - 1; - ptr[0] = vp->tag; - ptr++; - } else if (vp->da->type == RS_TYPE_INTEGER) { - array[0] = vp->tag; - } /* else it can't be any other type */ - } - memcpy(ptr, data, len); - break; - } /* switch over encryption flags */ - - *(pvp) = vp->next; - return len + (ptr - start);; -} - - -/* - * Encode an RFC format TLV. This could be a standard attribute, - * or a TLV data type. If it's a standard attribute, then - * vp->da->attr == attribute. Otherwise, attribute may be - * something else. - */ -static ssize_t vp2attr_rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - unsigned int attribute, uint8_t *ptr, size_t room) -{ - ssize_t len; - - if (room < 2) { - *pvp = (*pvp)->next; - return 0; - } - - ptr[0] = attribute & 0xff; - ptr[1] = 2; - - if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; - - len = vp2data_any(packet, original, 0, pvp, ptr + ptr[1], room); - if (len < 0) return len; - - ptr[1] += len; - - return ptr[1]; -} - - -#ifndef WITHOUT_VSAS -/* - * Encode a VSA which is a TLV. If it's in the RFC format, call - * vp2attr_rfc. Otherwise, encode it here. - */ -static ssize_t vp2attr_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - unsigned int attribute, unsigned int vendor, - uint8_t *ptr, size_t room) -{ - ssize_t len; - const DICT_VENDOR *dv; - - /* - * Unknown vendor: RFC format. - * Known vendor and RFC format: go do that. - */ - dv = nr_dict_vendor_byvalue(vendor); - if (!dv || - ( -#ifdef RS_TYPE_TLV - !(*pvp)->flags.is_tlv && -#endif - (dv->type == 1) && (dv->length == 1))) { - return vp2attr_rfc(packet, original, pvp, - attribute, ptr, room); - } - -#ifdef RS_TYPE_TLV - if ((*pvp)->flags.is_tlv) { - return data2vp_tlvs(packet, original, 0, pvp, - ptr, room); - } -#endif - - switch (dv->type) { - default: - nr_debug_error("vp2attr_vsa: Internal sanity check failed," - " type %u", (unsigned) dv->type); - return -RSE_INTERNAL; - - case 4: - ptr[0] = 0; /* attr must be 24-bit */ - ptr[1] = (attribute >> 16) & 0xff; - ptr[2] = (attribute >> 8) & 0xff; - ptr[3] = attribute & 0xff; - break; - - case 2: - ptr[0] = (attribute >> 8) & 0xff; - ptr[1] = attribute & 0xff; - break; - - case 1: - ptr[0] = attribute & 0xff; - break; - } - - switch (dv->length) { - default: - nr_debug_error("vp2attr_vsa: Internal sanity check failed," - " length %u", (unsigned) dv->length); - return -RSE_INTERNAL; - - case 0: - break; - - case 2: - ptr[dv->type] = 0; - /* FALL-THROUGH */ - - case 1: - ptr[dv->type + dv->length - 1] = dv->type + dv->length; - break; - - } - - if (room > ((unsigned) 255 - (dv->type + dv->length))) { - room = 255 - (dv->type + dv->length); - } - - len = vp2data_any(packet, original, 0, pvp, - ptr + dv->type + dv->length, room); - if (len < 0) return len; - - if (dv->length) ptr[dv->type + dv->length - 1] += len; - - return dv->type + dv->length + len; -} - - -/* - * Encode a Vendor-Specific attribute. - */ -ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *ptr, - size_t room) -{ - ssize_t len; - uint32_t lvalue; - const VALUE_PAIR *vp = *pvp; - -#ifdef VENDORPEC_WIMAX - /* - * Double-check for WiMAX - */ - if (vp->da->vendor == VENDORPEC_WIMAX) { - return nr_vp2wimax(packet, original, pvp, - ptr, room); - } -#endif - - if (vp->da->vendor > RS_MAX_VENDOR) { - nr_debug_error("nr_vp2vsa: Invalid arguments"); - return -RSE_INVAL; - } - - /* - * Not enough room for: - * attr, len, vendor-id - */ - if (room < 6) { - *pvp = vp->next; - return 0; - } - - /* - * Build the Vendor-Specific header - */ - ptr[0] = PW_VENDOR_SPECIFIC; - ptr[1] = 6; - lvalue = htonl(vp->da->vendor); - memcpy(ptr + 2, &lvalue, 4); - - if (room > ((unsigned) 255 - ptr[1])) room = 255 - ptr[1]; - - len = vp2attr_vsa(packet, original, pvp, - vp->da->attr, vp->da->vendor, - ptr + ptr[1], room); - if (len < 0) return len; - - ptr[1] += len; - - return ptr[1]; -} -#endif - - -/* - * Encode an RFC standard attribute 1..255 - */ -ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - uint8_t *ptr, size_t room) -{ - const VALUE_PAIR *vp = *pvp; - - if (vp->da->vendor != 0) { - nr_debug_error("nr_vp2rfc called with VSA"); - return -RSE_INVAL; - } - - if ((vp->da->attr == 0) || (vp->da->attr > 255)) { - nr_debug_error("nr_vp2rfc called with non-standard attribute %u", vp->da->attr); - return -RSE_INVAL; - } - -#ifdef PW_CHARGEABLE_USER_IDENTITY - if ((vp->length == 0) && - (vp->da != RS_DA_CHARGEABLE_USER_IDENTITY)) { - *pvp = vp->next; - return 0; - } -#endif - - return vp2attr_rfc(packet, original, pvp, vp->da->attr, - ptr, room); -} - -#ifdef PW_CHAP_PASSWORD -/* - * Encode an RFC standard attribute 1..255 - */ -static ssize_t nr_chap2rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - uint8_t *ptr, size_t room) -{ - ssize_t rcode; - const VALUE_PAIR *vp = *pvp; - RS_MD5_CTX ctx; - uint8_t buffer[RS_MAX_STRING_LEN*2 + 1], *p; - VALUE_PAIR chap = { - RS_DA_CHAP_PASSWORD, - 17, - 0, - NULL, - { - .octets = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }, - }, - }; - - if ((vp->da->vendor != 0) || (vp->da != RS_DA_CHAP_PASSWORD)) { - nr_debug_error("nr_chap2rfc called with non-CHAP"); - return -RSE_INVAL; - } - - p = buffer; - *(p++) = nr_rand() & 0xff; /* id */ - - memcpy(p, vp->vp_strvalue, strlen(vp->vp_strvalue)); - p += strlen(vp->vp_strvalue); - - vp = nr_vps_find(packet->vps, PW_CHAP_CHALLENGE, 0); - if (vp) { - memcpy(p, vp->vp_octets, vp->length); - p += vp->length; - } else { - memcpy(p, packet->vector, sizeof(packet->vector)); - p += sizeof(packet->vector); - } - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, buffer, p - buffer); - RS_MD5Final(&chap.vp_octets[1], &ctx); - - chap.vp_octets[0] = buffer[0]; - vp = &chap; - - rcode = vp2attr_rfc(packet, original, &vp, chap.da->attr, - ptr, room); - if (rcode < 0) return rcode; - - *pvp = (*pvp)->next; - return rcode; -} -#endif /* PW_CHAP_PASSWORD */ - -#ifdef PW_MESSAGE_AUTHENTICATOR -/** Fake Message-Authenticator. - * - * This structure is used to replace a Message-Authenticator in the - * input list of VALUE_PAIRs when encoding a packet. If the caller - * asks us to encode a Message-Authenticator, we ignore the one given - * to us by the caller (which may have the wrong length, etc.), and - * instead use this one, which has the correct length and data. - */ -static const VALUE_PAIR fake_ma = { - RS_DA_MESSAGE_AUTHENTICATOR, - 16, - 0, - NULL, - { - .octets = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }, - } -}; -#endif /* PW_MESSAGE_AUTHENTICATOR */ - -/* - * Parse a data structure into a RADIUS attribute. - */ -ssize_t nr_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *start, - size_t room) -{ - const VALUE_PAIR *vp = *pvp; - - /* - * RFC format attributes take the fast path. - */ - if (vp->da->vendor != 0) { -#ifdef VENDORPEC_EXTENDED - if (vp->da->vendor > RS_MAX_VENDOR) { - return nr_vp2attr_extended(packet, original, - pvp, start, room); - - } -#endif - -#ifdef VENDORPEC_WIMAX - if (vp->da->vendor == VENDORPEC_WIMAX) { - return nr_vp2attr_wimax(packet, original, - pvp, start, room); - } -#endif - -#ifndef WITHOUT_VSAS - return nr_vp2vsa(packet, original, pvp, start, room); -#else - nr_debug_error("VSAs are not supported"); - return -RSE_UNSUPPORTED; -#endif - } - - /* - * Ignore non-protocol attributes. - */ - if (vp->da->attr > 255) { - *pvp = vp->next; - return 0; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - /* - * The caller wants a Message-Authenticator, but doesn't - * know how to calculate it, or what the correct values - * are. So... create one for him. - */ - if (vp->da == RS_DA_MESSAGE_AUTHENTICATOR) { - ssize_t rcode; - - vp = &fake_ma; - rcode = nr_vp2rfc(packet, original, &vp, start, room); - if (rcode <= 0) return rcode; - *pvp = (*pvp)->next; - return rcode; - } -#endif - -#ifdef PW_CHAP_PASSWORD - /* - * The caller wants a CHAP-Password, but doesn't know how - * to calculate it, or what the correct values are. To - * help, we calculate it for him. - */ - if (vp->da == RS_DA_CHAP_PASSWORD) { - int encoded = 0; - - /* - * CHAP is ID + MD5(...). If it's length is NOT - * 17, then the caller has passed us a password, - * and wants us to encode it. If the length IS - * 17, then we need to double-check if the caller - * has already encoded it. - */ - if (vp->length == 17) { - int i; - - /* - * ASCII and UTF-8 disallow values 0..31. - * If they appear, then the CHAP-Password - * has already been encoded by the - * caller. The probability of a - * CHAP-Password being all 32..256 is - * (1-32/256)^17 =~ .10 - * - * This check isn't perfect, but it - * should be pretty rare for people to - * have 17-character passwords *and* have - * them all 32..256. - */ - for (i = 0; i < 17; i++) { - if (vp->vp_octets[i] < 32) { - encoded = 1; - break; - } - } - } - - if (!encoded) { - return nr_chap2rfc(packet, original, pvp, start, room); - } - } -#endif - - return nr_vp2rfc(packet, original, pvp, - start, room); -} - - -/* - * Ignore unknown attributes, but "decoding" them into nothing. - */ -static ssize_t data2vp_raw(UNUSED const RADIUS_PACKET *packet, - UNUSED const RADIUS_PACKET *original, - unsigned int attribute, - unsigned int vendor, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - VALUE_PAIR *vp; - - if (length > sizeof(vp->vp_octets)) return -RSE_ATTR_OVERFLOW; - - vp = nr_vp_alloc_raw(attribute, vendor); - if (!vp) return -RSE_NOMEM; - - memcpy(vp->vp_octets, data, length); - vp->length = length; - - *pvp = vp; - return length; -} - -ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - - return data2vp_raw(packet, original, data[0], 0, - data + 2, data[1] - 2, pvp); -} - -/* - * Create any kind of VP from the attribute contents. - * - * Will return -1 on error, or "length". - */ -static ssize_t data2vp_any(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - int nest, - unsigned int attribute, unsigned int vendor, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - ssize_t rcode; -#endif - int data_offset = 0; - const DICT_ATTR *da; - VALUE_PAIR *vp = NULL; - - if (length == 0) { - /* - * Hacks for CUI. The WiMAX spec says that it - * can be zero length, even though this is - * forbidden by the RADIUS specs. So... we make - * a special case for it. - */ - if ((vendor == 0) && - (attribute == PW_CHARGEABLE_USER_IDENTITY)) { - data = (const uint8_t *) ""; - length = 1; - } else { - *pvp = NULL; - return 0; - } - } - - da = nr_dict_attr_byvalue(attribute, vendor); - - /* - * Unknown attribute. Create it as a "raw" attribute. - */ - if (!da) { - raw: - if (vp) nr_vp_free(&vp); - return data2vp_raw(packet, original, - attribute, vendor, data, length, pvp); - } - -#ifdef RS_TYPE_TLV - /* - * TLVs are handled first. They can't be tagged, and - * they can't be encrypted. - */ - if (da->da->type == RS_TYPE_TLV) { - return data2vp_tlvs(packet, original, - attribute, vendor, nest, - data, length, pvp); - } -#else - nest = nest; /* -Wunused */ -#endif - - /* - * The attribute is known, and well formed. We can now - * create it. The main failure from here on in is being - * out of memory. - */ - vp = nr_vp_alloc(da); - if (!vp) return -RSE_NOMEM; - - /* - * Handle tags. - */ - if (vp->da->flags.has_tag) { - if (TAG_VALID(data[0]) -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - || (vp->da->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) -#endif - ) { - /* - * Tunnel passwords REQUIRE a tag, even - * if don't have a valid tag. - */ - vp->tag = data[0]; - - if ((vp->da->type == RS_TYPE_STRING) || - (vp->da->type == RS_TYPE_OCTETS)) { - if (length == 0) goto raw; - data_offset = 1; - } - } - } - - /* - * Copy the data to be decrypted - */ - vp->length = length - data_offset; - memcpy(&vp->vp_octets[0], data + data_offset, vp->length); - - /* - * Decrypt the attribute. - */ - switch (vp->da->flags.encrypt) { - /* - * User-Password - */ - case FLAG_ENCRYPT_USER_PASSWORD: - if (original) { - rcode = nr_password_encrypt(vp->vp_octets, - sizeof(vp->vp_strvalue), - data + data_offset, vp->length, - packet->secret, - original->vector); - } else { - rcode = nr_password_encrypt(vp->vp_octets, - sizeof(vp->vp_strvalue), - data + data_offset, vp->length, - packet->secret, - packet->vector); - } - if (rcode < 0) goto raw; - vp->vp_strvalue[128] = '\0'; - vp->length = strlen(vp->vp_strvalue); - break; - - /* - * Tunnel-Password's may go ONLY - * in response packets. - */ -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD - case FLAG_ENCRYPT_TUNNEL_PASSWORD: - if (!original) goto raw; - - rcode = nr_tunnelpw_decrypt(vp->vp_octets, - sizeof(vp->vp_octets), - data + data_offset, vp->length, - packet->secret, original->vector); - if (rcode < 0) goto raw; - vp->length = rcode; - break; -#endif - - -#ifdef FLAG_ENCRYPT_ASCEND_SECRET - /* - * Ascend-Send-Secret - * Ascend-Receive-Secret - */ - case FLAG_ENCRYPT_ASCEND_SECRET: - if (!original) { - goto raw; - } else { - uint8_t my_digest[AUTH_VECTOR_LEN]; - make_secret(my_digest, - original->vector, - packet->secret, data); - memcpy(vp->vp_strvalue, my_digest, - AUTH_VECTOR_LEN ); - vp->vp_strvalue[AUTH_VECTOR_LEN] = '\0'; - vp->length = strlen(vp->vp_strvalue); - } - break; -#endif - - default: - break; - } /* switch over encryption flags */ - - /* - * Expected a certain length, but got something else. - */ - if ((vp->da->flags.length != 0) && - (vp->length != vp->da->flags.length)) { - goto raw; - } - - switch (vp->da->type) { - case RS_TYPE_STRING: - case RS_TYPE_OCTETS: -#ifdef RS_TYPE_ABINARY - case RS_TYPE_ABINARY: -#endif - /* nothing more to do */ - break; - - case RS_TYPE_BYTE: - vp->vp_integer = vp->vp_octets[0]; - break; - - - case RS_TYPE_SHORT: - vp->vp_integer = (vp->vp_octets[0] << 8) | vp->vp_octets[1]; - break; - - case RS_TYPE_INTEGER: - memcpy(&vp->vp_integer, vp->vp_octets, 4); - vp->vp_integer = ntohl(vp->vp_integer); - - if (vp->da->flags.has_tag) vp->vp_integer &= 0x00ffffff; - break; - - case RS_TYPE_DATE: - memcpy(&vp->vp_date, vp->vp_octets, 4); - vp->vp_date = ntohl(vp->vp_date); - break; - - - case RS_TYPE_IPADDR: - memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); - break; - - /* - * IPv6 interface ID is 8 octets long. - */ - case RS_TYPE_IFID: - /* vp->vp_ifid == vp->vp_octets */ - break; - - /* - * IPv6 addresses are 16 octets long - */ - case RS_TYPE_IPV6ADDR: - /* vp->vp_ipv6addr == vp->vp_octets */ - break; - - /* - * IPv6 prefixes are 2 to 18 octets long. - * - * RFC 3162: The first octet is unused. - * The second is the length of the prefix - * the rest are the prefix data. - * - * The prefix length can have value 0 to 128. - */ - case RS_TYPE_IPV6PREFIX: - if (vp->length < 2 || vp->length > 18) goto raw; - if (vp->vp_octets[1] > 128) goto raw; - - /* - * FIXME: double-check that - * (vp->vp_octets[1] >> 3) matches vp->length + 2 - */ - if (vp->length < 18) { - memset(vp->vp_octets + vp->length, 0, - 18 - vp->length); - } - break; - -#ifdef VENDORPEC_WIMAX - case RS_TYPE_SIGNED: - if (vp->length != 4) goto raw; - - /* - * Overload vp_integer for ntohl, which takes - * uint32_t, not int32_t - */ - memcpy(&vp->vp_integer, vp->vp_octets, 4); - vp->vp_integer = ntohl(vp->vp_integer); - memcpy(&vp->vp_signed, &vp->vp_integer, 4); - break; -#endif - -#ifdef RS_TYPE_TLV - case RS_TYPE_TLV: - nr_vp_free(&vp); - nr_debug_error("data2vp_any: Internal sanity check failed"); - return -RSE_ATTR_TYPE_UNKNOWN; -#endif - -#ifdef VENDORPEC_WIMAX - case RS_TYPE_COMBO_IP: - if (vp->length == 4) { - vp->da->type = RS_TYPE_IPADDR; - memcpy(&vp->vp_ipaddr, vp->vp_octets, 4); - break; - - } else if (vp->length == 16) { - vp->da->type = RS_TYPE_IPV6ADDR; - /* vp->vp_ipv6addr == vp->vp_octets */ - break; - - } - /* FALL-THROUGH */ -#endif - - default: - goto raw; - } - - *pvp = vp; - - return length; -} - - -/* - * Create a "standard" RFC VALUE_PAIR from the given data. - */ -ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - ssize_t rcode; - - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - - rcode = data2vp_any(packet, original, 0, - data[0], 0, data + 2, data[1] - 2, pvp); - if (rcode < 0) return rcode; - - return data[1]; -} - -#ifndef WITHOUT_VSAS -/* - * Check if a set of RADIUS formatted TLVs are OK. - */ -int nr_tlv_ok(const uint8_t *data, size_t length, - size_t dv_type, size_t dv_length) -{ - const uint8_t *end = data + length; - - if ((dv_length > 2) || (dv_type == 0) || (dv_type > 4)) { - nr_debug_error("nr_tlv_ok: Invalid arguments"); - return -RSE_INVAL; - } - - while (data < end) { - size_t attrlen; - - if ((data + dv_type + dv_length) > end) { - nr_debug_error("Attribute header overflow"); - return -RSE_ATTR_TOO_SMALL; - } - - switch (dv_type) { - case 4: - if ((data[0] == 0) && (data[1] == 0) && - (data[2] == 0) && (data[3] == 0)) { - zero: - nr_debug_error("Invalid attribute 0"); - return -RSE_ATTR_INVALID; - } - - if (data[0] != 0) { - nr_debug_error("Invalid attribute > 2^24"); - return -RSE_ATTR_INVALID; - } - break; - - case 2: - if ((data[1] == 0) && (data[1] == 0)) goto zero; - break; - - case 1: - if (data[0] == 0) goto zero; - break; - - default: - nr_debug_error("Internal sanity check failed"); - return -RSE_INTERNAL; - } - - switch (dv_length) { - case 0: - return 0; - - case 2: - if (data[dv_type + 1] != 0) { - nr_debug_error("Attribute is longer than 256 octets"); - return -RSE_ATTR_TOO_LARGE; - } - /* FALL-THROUGH */ - case 1: - attrlen = data[dv_type + dv_length - 1]; - break; - - - default: - nr_debug_error("Internal sanity check failed"); - return -RSE_INTERNAL; - } - - if (attrlen < (dv_type + dv_length)) { - nr_debug_error("Attribute header has invalid length"); - return -RSE_PACKET_TOO_SMALL; - } - - if (attrlen > length) { - nr_debug_error("Attribute overflows container"); - return -RSE_ATTR_OVERFLOW; - } - - data += attrlen; - length -= attrlen; - } - - return 0; -} - - -/* - * Convert a top-level VSA to a VP. - */ -static ssize_t attr2vp_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - unsigned int vendor, - size_t dv_type, size_t dv_length, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - unsigned int attribute; - ssize_t attrlen, my_len; - -#ifndef NDEBUG - if (length <= (dv_type + dv_length)) { - nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); - return -RSE_PACKET_TOO_SMALL; - } -#endif - - switch (dv_type) { - case 4: - /* data[0] must be zero */ - attribute = data[1] << 16; - attribute |= data[2] << 8; - attribute |= data[3]; - break; - - case 2: - attribute = data[0] << 8; - attribute |= data[1]; - break; - - case 1: - attribute = data[0]; - break; - - default: - nr_debug_error("attr2vp_vsa: Internal sanity check failed"); - return -RSE_INTERNAL; - } - - switch (dv_length) { - case 2: - /* data[dv_type] must be zero */ - attrlen = data[dv_type + 1]; - break; - - case 1: - attrlen = data[dv_type]; - break; - - case 0: - attrlen = length; - break; - - default: - nr_debug_error("attr2vp_vsa: Internal sanity check failed"); - return -RSE_INTERNAL; - } - -#ifndef NDEBUG - if (attrlen <= (ssize_t) (dv_type + dv_length)) { - nr_debug_error("attr2vp_vsa: Failure to call nr_tlv_ok"); - return -RSE_PACKET_TOO_SMALL; - } -#endif - - attrlen -= (dv_type + dv_length); - - my_len = data2vp_any(packet, original, 0, - attribute, vendor, - data + dv_type + dv_length, attrlen, pvp); - if (my_len < 0) return my_len; - -#ifndef NDEBUG - if (my_len != attrlen) { - nr_vp_free(pvp); - nr_debug_error("attr2vp_vsa: Incomplete decode %d != %d", - (int) my_len, (int) attrlen); - return -RSE_INTERNAL; - } -#endif - - return dv_type + dv_length + attrlen; -} - - -/* - * Create Vendor-Specifc VALUE_PAIRs from a RADIUS attribute. - */ -ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - size_t dv_type, dv_length; - ssize_t my_len; - uint32_t lvalue; - const DICT_VENDOR *dv; - - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - - if (data[0] != PW_VENDOR_SPECIFIC) { - nr_debug_error("nr_attr2vp_vsa: Invalid attribute"); - return -RSE_INVAL; - } - - /* - * Not enough room for a Vendor-Id. - * Or the high octet of the Vendor-Id is set. - */ - if ((data[1] < 6) || (data[2] != 0)) { - return nr_attr2vp_raw(packet, original, - data, length, pvp); - } - - memcpy(&lvalue, data + 2, 4); - lvalue = ntohl(lvalue); - -#ifdef VENDORPEC_WIMAX - /* - * WiMAX gets its own set of magic. - */ - if (lvalue == VENDORPEC_WIMAX) { - return nr_attr2vp_wimax(packet, original, - data, length, pvp); - } -#endif - - dv_type = dv_length = 1; - dv = nr_dict_vendor_byvalue(lvalue); - if (!dv) { - return nr_attr2vp_rfc(packet, original, - data, length, pvp); - } - - dv_type = dv->type; - dv_length = dv->length; - - /* - * Attribute is not in the correct form. - */ - if (nr_tlv_ok(data + 6, data[1] - 6, dv_type, dv_length) < 0) { - return nr_attr2vp_raw(packet, original, - data, length, pvp); - } - - my_len = attr2vp_vsa(packet, original, - lvalue, dv_type, dv_length, - data + 6, data[1] - 6, pvp); - if (my_len < 0) return my_len; - -#ifndef NDEBUG - if (my_len != (data[1] - 6)) { - nr_vp_free(pvp); - nr_debug_error("nr_attr2vp_vsa: Incomplete decode"); - return -RSE_INTERNAL; - } -#endif - - return data[1]; -} -#endif /* WITHOUT_VSAS */ - - -/* - * Create a "normal" VALUE_PAIR from the given data. - */ -ssize_t nr_attr2vp(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp) -{ - if (length < 2) return -RSE_PACKET_TOO_SMALL; - if (data[1] < 2) return -RSE_ATTR_TOO_SMALL; - if (data[1] > length) return -RSE_ATTR_OVERFLOW; - -#ifndef WITHOUT_VSAS - /* - * VSAs get their own handler. - */ - if (data[0] == PW_VENDOR_SPECIFIC) { - return nr_attr2vp_vsa(packet, original, - data, length, pvp); - } -#endif - -#ifdef VENDORPEC_EXTENDED - /* - * Extended attribute format gets their own handler. - */ - if (nr_dict_attr_byvalue(data[0], VENDORPEC_EXTENDED) != NULL) { - return nr_attr2vp_extended(packet, original, - data, length, pvp); - } -#endif - - return nr_attr2vp_rfc(packet, original, data, length, pvp); -} - -ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, - unsigned int attribute, unsigned int vendor, - const uint8_t **pdata, size_t *plength) -{ - uint8_t *data, *attr; - const uint8_t *end; - - if (!packet || !pdata || !plength) return -RSE_INVAL; - - if (!packet->data) return -RSE_INVAL; - if (packet->length < 20) return -RSE_INVAL; - - /* - * Too long or short, not good. - */ - if ((start < 0) || - ((start > 0) && (start < 20))) return -RSE_INVAL; - - if ((size_t) start >= (packet->length - 2)) return -RSE_INVAL; - - end = packet->data + packet->length; - - /* - * Loop over the packet, converting attrs to VPs. - */ - if (start == 0) { - data = packet->data + 20; - } else { - data = packet->data + start; - data += data[1]; - if (data >= end) return 0; - } - - for (attr = data; attr < end; attr += attr[1]) { - const DICT_VENDOR *dv = NULL; - -#ifndef NEBUG - /* - * This code is copied from packet_ok(). - * It could be put into a separate function. - */ - if ((attr + 2) > end) { - nr_debug_error("Attribute overflows packet"); - return -RSE_ATTR_OVERFLOW; - } - - if (attr[1] < 2) { - nr_debug_error("Attribute length is too small"); - return -RSE_ATTR_TOO_SMALL; - } - - if ((attr + attr[1]) > end) { - nr_debug_error("Attribute length is too large"); - return -RSE_ATTR_TOO_LARGE; - } -#endif - - if ((vendor == 0) && (attr[0] == attribute)) { - *pdata = attr + 2; - *plength = attr[1] - 2; - return attr - packet->data; - } - -#ifndef WITHOUT_VSAS - if (vendor != 0) { - uint32_t vendorpec; - - if (attr[0] != PW_VENDOR_SPECIFIC) continue; - - if (attr[1] < 6) continue; - - memcpy(&vendorpec, attr + 2, 4); - vendorpec = ntohl(vendorpec); - if (vendor != vendorpec) continue; - - if (!dv) { - dv = nr_dict_vendor_byvalue(vendor); - if (dv && - ((dv->type != 1) || (dv->length != 1))) { - return -RSE_VENDOR_UNKNOWN; - } - } - - /* - * No data. - */ - if (attr[1] < 9) continue; - - /* - * Malformed, or more than one VSA in - * the Vendor-Specific - */ - if (attr[7] + 6 != attr[1]) continue; - - /* - * Not the right VSA. - */ - if (attr[6] != attribute) continue; - - *pdata = attr + 8; - *plength = attr[1] - 8; - return attr - packet->data; - } -#endif - } - - return 0; /* nothing more: stop */ -} - diff --git a/lib/radius/client.h b/lib/radius/client.h deleted file mode 100644 index ab4718a..0000000 --- a/lib/radius/client.h +++ /dev/null @@ -1,1302 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file client.h - * \brief Main header file. - */ - -#ifndef _RADIUS_CLIENT_H_ -#define _RADIUS_CLIENT_H_ 1 - -/* - * System-specific header files. - */ -#include <config.h> -#include <errno.h> -#include <stdio.h> -#ifdef HAVE_STDINT_H -#include <stdint.h> -#endif -#ifdef HAVE_STDLIB_H -#include <stdlib.h> -#endif -#ifdef HAVE_STRING_H -#include <string.h> -#endif -#include <stdarg.h> -#include <sys/types.h> -#ifdef HAVE_NETDB_H -#include <netdb.h> -#endif -#ifdef HAVE_NETINET_IN_H -#include <netinet/in.h> -#endif -#ifdef HAVE_SYS_TIME_H -#include <sys/time.h> -#endif - -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include <radsec/radius.h> - -/** \defgroup build Build Helpers - * - * These definitions give the GNU C compiler more information about - * the functions being compiled. They are used to either remove - * warnings, or to enable better warnings. - **/ - -/** \defgroup custom Portability Functions - * - * These functions and definitions should be modified for your local - * system. See the individual definitions for details. - */ - -/** \defgroup error Error handling - * - * These definitions and routines manage errors. - */ - -/** \defgroup value_pair Attribute manipulation - * - * These routines manage structures which map to attributes. - */ - -/**\defgroup dict Dictionary Lookup Functions - * - * \sa doc/dictionaries.txt - * - * The RADIUS dictionaries perform name to number mappings. The names - * are used only for administrator convenience, for parsing - * configuration files, and printing humanly-readable output. The - * numbers are used when encoding data in a packet. - * - * When attributes are decoded from a packet, the numbers are used to - * look up the associated name, which is then placed into a data - * structure. - * - * When the data structures are encoded into a packet, the numbers are - * used to create RFC and VSA format attributes. - * - * \attention The definitions, structures, and functions given below - * are useful only for implementing "low level" RADIUS - * functionality. There is usually no need to refer to them in a - * client application. The library should be used at a higher level, - * which exposes a much simpler API. - */ - -/** \defgroup packet Packet manipulation - * - * These routines perform encoding and decoding of RADIUS packets. - */ - -/** \defgroup print Print / parse functions - * - * These routines convert the internal data structures to a printable - * form, or parse them. - */ - -/** \defgroup id ID allocation and freeing - * - * These routines manage RADIUS ID allocation. - */ - -/** \defgroup attr Low-level attribute encode/decoding - * - * These routines perform "low level" encoding, decoding, sending, and - * reception of RADIUS attributes. They are called by the \ref packet - * functions. - * - * \attention The structures and functions given below are useful only - * for implementing "low level" RADIUS functionality. There is usually - * no need to refer to them in a client application. The library - * should be used at a higher level, which exposes a much simpler API. - */ - -/** \defgroup internal Internal support functions. - * - * These functions are required to perform internal or "low-level" - * data manipulation. While they are exposed for completeness, they - * should not be called by any application. - */ - -#ifdef PW_EAP_MESSAGE -#ifndef PW_MESSAGE_AUTHENTICATOR -#error EAP-Message requires Message-Authenticator -#endif -#endif - -#ifdef WITHOUT_OPENSSL -#include "md5.h" -#else -#include <openssl/md5.h> -#endif - -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5_CTX MD5_CTX -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5Init MD5_Init -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5Update MD5_Update -/** Define for compile-time selection of the MD5 functions. Defaults to using the OpenSSL functions. \ingroup custom */ -#define RS_MD5Final MD5_Final - - -#ifndef RS_MAX_PACKET_LEN -/** The maximum size of a packet that the library will send or receive. \ingroup custom - * - * The RFC requirement is to handle at least 4K packets. However, if - * you expect to only do username/password authentication, this value - * can be set to a smaller value, such as 256. - * - * Be warned that any packets larger than this value will be ignored - * and silently discarded. - */ -#define RS_MAX_PACKET_LEN (4096) -#endif - -#ifndef RS_MAX_ATTRIBUTES -/** The maximum number of attributes that the library will allow in a packet. \ingroup custom - * - * Packets which contain more than ::RS_MAX_ATTRIBUTES will generate - * an error. This value is configurable because there may be a need - * to accept a large mumber of attributes. - * - * This value is ignored when packets are sent. The library will - * send as many attributes as it is told to send. - */ -#define RS_MAX_ATTRIBUTES (200) -#endif - -#undef RS_MAX_PACKET_CODE -/** The maximum RADIUS_PACKET::code which we can accept. \ingroup dict - * - * \attention This should not be changed, as it is used by other - * structures such as ::nr_packet_codes. - */ -#define RS_MAX_PACKET_CODE PW_COA_NAK - -/** The maximum vendor number which is permitted. \ingroup dict - * - * The RFCs require that the Vendor Id or Private Enterprise Number - * be encoded as 32 bits, with the upper 8 bits being zero. - */ -#define RS_MAX_VENDOR (1 << 24) - -/** Data Type Definitions. \ingroup dict - */ -#define TAG_VALID(x) ((x) < 0x20) - -/** The attribute is not encrypted. */ -#define FLAG_ENCRYPT_NONE (0) - -/** The attribute is encrypted using the RFC 2865 User-Password method */ -#define FLAG_ENCRYPT_USER_PASSWORD (1) - -/** The attribute is encrypted using the RFC 2868 Tunnel-Password method */ -#define FLAG_ENCRYPT_TUNNEL_PASSWORD (2) - -/** A set of flags which determine how the attribute should be handled. - * - * Most attributes are "normal", and do not require special handling. - * However, some require "encryption", tagging, or have other special - * formats. This structure contains the various options for the - * attribute formats. - */ -typedef struct attr_flags { - unsigned int has_tag : 1; /**< Attribute has an RFC 2868 tag */ - unsigned int unknown : 1; /**< Attribute is unknown */ -#ifdef RS_TYPE_TLV - unsigned int has_tlv : 1; /* has sub attributes */ - unsigned int is_tlv : 1; /* is a sub attribute */ -#endif - unsigned int extended : 1; /* extended attribute */ - unsigned int extended_flags : 1; /* with flag */ - unsigned int evs : 1; /* extended VSA */ - uint8_t encrypt; /**< Attribute encryption method */ - uint8_t length; /**< The expected length of the attribute */ -} ATTR_FLAGS; - - -/** Defines an dictionary mapping for an attribute. \ingroup dict - * - * The RADIUS dictionaries map humanly readable names to protocol - * numbers. The protocol numbers are used to encode/decode the - * attributes in a packet. - */ -typedef struct nr_dict_attr { - unsigned int attr; /**< Attribute number */ - rs_attr_type_t type; /**< Data type */ - unsigned int vendor; /**< Vendor-Id number */ - ATTR_FLAGS flags; - const char *name; /**< Printable name */ -} DICT_ATTR; - -/** Defines a dictionary mapping for a named enumeration. \ingroup dict - * - * This structure is currently not used. - */ -typedef struct nr_dict_value { - const DICT_ATTR *da; /**< pointer to a ::DICT_ATTR */ - int value; /**< enumerated value */ - char name[1]; /**< printable name */ -} DICT_VALUE; - -/** Defines an dictionary mapping for a vendor. \ingroup dict - * - * The RADIUS dictionaries map humanly readable vendor names to a - * Vendor-Id (or Private Enterprise Code) assigned by IANA. The - * Vendor-Id is used to encode/decode Vendor-Specific attributes in a - * packet. - */ -typedef struct nr_dict_vendor { - unsigned int vendor; /**< Vendor Private Enterprise Code */ - size_t type; /**< size of Vendor-Type field */ - size_t length; /**< size of Vendor-Length field */ - const char *name; /**< Printable name */ -} DICT_VENDOR; - -/** Union holding all possible types of data for a ::VALUE_PAIR. \ingroup value_pair - * - */ -typedef union value_pair_data { - char strvalue[RS_MAX_STRING_LEN]; /* +1 for NUL */ - uint8_t octets[253]; - struct in_addr ipaddr; - struct in6_addr ipv6addr; - uint32_t date; - uint32_t integer; -#ifdef RS_TYPE_SIGNED - int32_t sinteger; -#endif -#ifdef RS_TYPE_ABINARY - uint8_t filter[32]; -#endif - uint8_t ifid[8]; /* struct? */ - uint8_t ipv6prefix[18]; /* struct? */ -#ifdef RS_TYPE_TLV - uint8_t *tlv; -#endif -} VALUE_PAIR_DATA; - - -/** C structure version of a RADIUS attribute. \ingroup value_pair - * - * The library APIs use this structure to avoid depending on the - * details of the protocol. - */ -typedef struct value_pair { - const DICT_ATTR *da; /**< dictionary definition */ - size_t length; /**< number of octets in the data */ - int tag; /**< tag value if da->flags.has_tag */ - struct value_pair *next; /**< enables a linked list of values */ - VALUE_PAIR_DATA data; /**< the data of the attribute */ -} VALUE_PAIR; -#define vp_strvalue data.strvalue -#define vp_octets data.octets -#define vp_ipv6addr data.ipv6addr -#define vp_ifid data.ifid -#define vp_ipv6prefix data.ipv6prefix -#define vp_ipaddr data.ipaddr.s_addr -#define vp_date data.integer -#define vp_integer data.integer -#ifdef RS_TYPE_ABINARY -#define vp_filter data.filter -#endif -#ifdef RS_TYPE_ETHER -#define vp_ether data.ether -#endif -#ifdef RS_TYPE_SIGNED -#define vp_signed data.sinteger -#endif -#ifdef RS_TYPE_TLV -#define vp_tlv data.tlv -#endif - -#ifdef RS_TYPE_TLV -#define RS_ATTR_MAX_TLV (4) -extern const int nr_attr_shift[RS_ATTR_MAX_TLV]; -extern const int nr_attr_mask[RS_ATTR_MAX_TLV]; -extern const unsigned int nr_attr_max_tlv; -#endif - -/** A structure which describes a RADIUS packet. \ingroup packet - * - * In general, it should not be necessary to refererence the elements - * of this structure. - */ -typedef struct radius_packet { - int sockfd; /** The socket descriptor */ - struct sockaddr_storage src; /**< The packet source address */ - struct sockaddr_storage dst; /**< the packet destination address */ - const char *secret; /**< The shared secret */ - size_t sizeof_secret; /**< Length of the shared secret */ - unsigned int code; /**< The RADIUS Packet Code */ - int id; /**< The RADIUS Packet Id */ - size_t length; /**< The RADIUS Packet Length. This will be no larger than RADIUS_PACKET::sizeof_data */ - uint8_t vector[16]; /**< A copy of the authentication vector */ - int flags; /**< Internal flags. Do not modify this field. */ - int attempts; /**< The number of transmission attempt */ - uint8_t *data; /**< The raw packet data */ - size_t sizeof_data; /**< size of the data buffer */ - VALUE_PAIR *vps; /**< linked list of ::VALUE_PAIR */ -} RADIUS_PACKET; - -#define RS_PACKET_ENCODED (1 << 0) -#define RS_PACKET_HEADER (1 << 1) -#define RS_PACKET_SIGNED (1 << 2) -#define RS_PACKET_OK (1 << 3) -#define RS_PACKET_VERIFIED (1 << 4) -#define RS_PACKET_DECODED (1 << 5) - - -/** Track packets sent to a server. \ingroup id - * - * This data structure tracks Identifiers which are used to - * communicate with a particular destination server. The application - * should call nr_server_init() to initialize it. If necessary, the - * application should then call nr_server_set_ipv4() to open an IPv4 - * socket to the server. - * - * If the RADIUS packets are being transported over an encapsulation - * layer (e.g. RADIUS over TLS), then nr_server_set_ipv4() does not - * need to be called. The ::nr_server_t structure should instead be - * associated wih the TLS session / socket. - */ -typedef struct nr_server_t { - int sockfd; /**< socket for sending packets */ - int code; /**< default value for the Code */ - - struct sockaddr_storage src; /**< Source address of the packet */ - struct sockaddr_storage dst; /**< Destination address of the packet */ - - /** The shared secret. - * - * See also nr_packet_send() and nr_packet_recv(). - */ - const char *secret; - - /** The length of the shared secret. - * - * See also nr_packet_send() and nr_packet_recv(). - */ - size_t sizeof_secret; - - int used; /**< Number of used IDs */ - - void *free_list; /**< For managing packets */ - - RADIUS_PACKET *ids[256]; /**< Pointers to "in flight" packets */ -} nr_server_t; - - -/** Return a printable error message. \ingroup error - * - * This function returns a string describing the last error that - * occurred. These messages are intended for developers, and are not - * suitable for display to an end user. The application using this - * library should instead produce a "summary" message when an error - * occurs. e.g. "Failed to receive a response", is better than - * messages produced by this function, which contain text like - * "invalid response authentication vector". The first is - * understandable, the second is not. - * - * @param[in] error The error code (can be less than zero) - * @return A printable string describing the error. - */ -extern const char *nr_strerror(int error); - -/** Allocate a ::VALUE_PAIR which refers to a ::DICT_ATTR. \ingroup value_pair - * - * This returned ::VALUE_PAIR has no data associated with it. The - * nr_vp_set_data() function must be called before placing the - * ::VALUE_PAIR in a ::RADIUS_PACKET. - * - * @param[in] da The ::DICT_ATTR associated with the ::VALUE_PAIR - * @return The created ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da); - -/** Free a ::VALUE_PAIR. \ingroup value_pair - * - * This function frees the ::VALUE_PAIR, and sets the head pointer to NULL. - * If head refers to a ::VALUE_PAIR list, then all of the structures in the - * list are freed. - * - * @param[in,out] head The pointer to a ::VALUE_PAIR, or a ::VALUE_PAIR list. - */ -extern void nr_vp_free(VALUE_PAIR **head); - -/** Initializes a ::VALUE_PAIR from a ::DICT_ATTR \ingroup value_pair - * - * This function assumes that the ::VALUE_PAIR points to existing - * and writable memory. - * - * @param[in,out] vp The ::VALUE_PAIR to be initialized - * @param[in] da The ::DICT_ATTR used to initialize the ::VALUE_PAIR - * @return The initialized ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da); - -/** Allocate a ::VALUE_PAIR which refers to an unknown attribute. \ingroup value_pair - * - * It is used when an attribute is received, and that attribute does - * not exist in the dictionaries. - * - * The returned ::VALUE_PAIR has no data (i.e. VALUE_PAIR::length is - * zero). The nr_vp_set_data() function must be called before - * placing the ::VALUE_PAIR in a ::RADIUS_PACKET. - * - * @param[in] attr The attribute number, 0..2^16 - * @param[in] vendor The vendor number, 0..2^16 - * @return The created ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor); - -/** Set the data associated with a previously allocated ::VALUE_PAIR. \ingroup value_pair - * - * If this function succeeds, VALUE_PAIR::length is no longer zero, - * and the structure contains the data. - * - * @param[in,out] vp The ::VALUE_PAIR to update - * @param[in] data Data to set inside of the ::VALUE_PAIR - * @param[in] data_len Length of the data field - * @return <0 on error, 0 for "data was truncated" - * >0 for "data successfully added" - */ -extern int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t data_len); - -/** Create a ::VALUE_PAIR and set its data. \ingroup value_pair - * - * @param[in] attr The attribute number of the ::VALUE_PAIR to create - * @param[in] vendor The vendor number of the ::VALUE_PAIR to create - * @param[in] data Data to set inside of the ::VALUE_PAIR - * @param[in] data_len Length of the data field - * @return The created ::VALUE_PAIR, or NULL on error. - */ -extern VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, - size_t data_len); - -/** Append a ::VALUE_PAIR to the end of a ::VALUE_PAIR list. \ingroup value_pair - * - * @param[in,out] head The head of the ::VALUE_PAIR list. May not be NULL. - * @param[in] vp The ::VALUE_PAIR to append to the list. - */ -extern void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *vp); - -/** Search a ::VALUE_PAIR list for one of a given number. \ingroup value_pair - * - * @param[in] head The head of the ::VALUE_PAIR list to search. - * @param[in] attr The attribute number of the ::VALUE_PAIR to find - * @param[in] vendor The vendor number of the ::VALUE_PAIR to find - * @return The found ::VALUE_PAIR, or NULL if it was not found. - */ -extern VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, - unsigned int attr, unsigned int vendor); - -/** Look up an attribute in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the attribute, - * such as printable name, data type (ipaddr, integer, etc), and - * various other things used to encode/decode the attribute in a - * packet. - * - * \attention There is usually no need to call this function. Use - * the RS_DA_* definitions instead. - * - * @param[in] attr Value of the attribute - * @param[in] vendor Value of the vendor - * @return NULL for "not found", or a pointer to the attribute mapping. - */ -extern const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, - unsigned int vendor); - -/** Look up an attribute in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the attribute, - * such as printable name, data type (ipaddr, integer, etc), and - * various other things used to encode/decode the attribute in a - * packet. - * - * \attention There is usually no need to call this function. - * - * @param[in] name Name of the attribute - * @return NULL for "not found", or a pointer to the attribute mapping. - */ -extern const DICT_ATTR *nr_dict_attr_byname(const char *name); - -/** Converts raw data to a ::DICT_ATTR structure. \ingroup dict - * - * It is called when the library is asked to decode an attribute - * which is not in the pre-defined dictionaries. - * - * \attention There is usually no need to call this function. - * - * @param[in,out] da The ::DICT_ATTR structure to initialize - * @param[in] attr The attribute number - * @param[in] vendor The vendor number - * @param[in] buffer The buffer where the name of the attribute is stored - * @param[in] bufsize Size of the buffer - * @return <0 for error, 0 for success - */ -extern int nr_dict_attr_2struct(DICT_ATTR *da, - unsigned int attr, unsigned int vendor, - char *buffer, size_t bufsize); - -/** Unused. \ngroup dict - * - */ -extern const DICT_VALUE *nr_dict_value_byattr(unsigned int attr, - unsigned int vendor, - int value); - -/** Unused. \ngroup dict - * - */ -const DICT_VALUE *nr_dict_value_byname(unsigned int attr, - unsigned int vendor, - const char *name); - -/** Look up a vendor in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the vendor, such - * as printable name, VSA encoding method, etc. - * - * \attention There is usually no need to call this function. - * Applications do not need access to low-level RADIUS protocol - * information. - * - * @param[in] name Name of the vendor. - * @return NULL for "not found", or a pointer to the vendor mapping. - */ -extern int nr_dict_vendor_byname(const char *name); - -/** Look up an vendor in the dictionaries. \ingroup dict - * - * The dictionary mapping contains information about the vendor, such - * as printable name, VSA encoding method, etc. - * - * \attention There is usually no need to call this function. - * - * @param[in] vendor Vendor-Id (or Private Enterprise code) for the vendor. - * @return NULL for "not found", or a pointer to the vendor mapping. - */ -extern const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor); - -/** Static array of known vendors. \ingroup dict - * - * \attention This structure should only be accessed by internal RADIUS library - * functions. - */ -extern const DICT_VENDOR nr_dict_vendors[]; - -/** The number of attribute definitions in the dictionary. \ingroup dict - * - * This number is guaranteed to be at least 256, for speed. - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const int nr_dict_num_attrs; - -/** The list of attribute definitions. \ingroup dict - * - * The "standard" RFC attributes are located in the first 256 - * entries. Standard attributes without a dictionary definition are - * given an empty entry. - * - * The attributes are orderd by (vendor, attribute), in increasing - * order. This allows the dictionary lookups to find attributes by a - * binary search. - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const DICT_ATTR nr_dict_attrs[]; - -/** The number of attributes with names. \ingroup dict - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const int nr_dict_num_names; - -/** The list of attribute definitions, organized by name. \ingroup dict - * - * The attributes are orderd by name (case insensitive), in - * increasing order. This allows the dictionary lookups to find - * attributes by a binary search. - * - * \attention This variable should only be accessed by internal RADIUS library - * functions. - */ -extern const DICT_ATTR const *nr_dict_attr_names[]; - -/** Static array containing names the RADIUS_PACKET::code field. \ingroup dict - * - * The names are hard-coded and not in any dictionary because they do - * not change. - * - * The names are exported because they may be useful in your - * application. Packet codes which are not handled by the library - * have NULL for their names. - */ -extern const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1]; - -/** Verifies that a packet is "well formed". \ingroup packet - * - * This function performs basic validation to see if the packet is - * well formed. It is automatically called by nr_packet_decode(). - * - * @param[in] packet A pointer to the ::RADIUS_PACKET data. - * @return <0 means malformed, >= 0 means well-formed. - */ -extern int nr_packet_ok(RADIUS_PACKET *packet); - -/** Verifies that a packet is "well formed". \ingroup packet - * - * This function performs basic validation to see if the packet is - * well formed. You should normally use nr_packet_ok() instead of - * this function. - * - * @param[in] data A pointer to the raw packet data. - * @param[in] sizeof_data The length of the raw packet data - * @return <0 means malformed, >= 0 means well-formed. - */ -extern int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data); - -/** Encodes a packet. \ingroup packet - * - * This function encodes a packet using the fields of the - * ::RADIUS_PACKET structure. The RADIUS_PACKET::code and - * RADIUS_PACKET::id fields are used to fill in the relevant fields - * of the raw (encoded) packet. The RADIUS_PACKET::vps list is - * walked to encode the attributes. The packet is signed, if - * required. - * - * The raw packet is placed into the RADIUS_PACKET::data field, up to - * RADIUS_PACKET::sizeof_data bytes. the RADIUS_PACKET::length field - * is updated with the length of the raw packet. This field is - * always less than, or equal to, the RADIUS_PACKET::size_data field. - * If there is insufficient room to store all of the attributes, then - * some attributes are silently discarded. - * - * The RADIUS_PACKET::vector field is either calculated as part of - * the signing process, or is initialized by this function to be a - * random sequence of bytes. That field should therefore be left - * alone by the caller. - * - * When the encoding has been successful, it sets the - * RADIUS_PACKET::encoded field to non-zero. - * - * In addition, all required attribute "encryption" is performed. - * - * User-Password. The vp_strvalue field is assumed to contain the - * "clear-text" version of the password. The encrypted version is - * calculated, and placed in the packet. - * - * CHAP-Password. The vp_strvalue field is assumed to contain the - * "clear-text" version of the password. The encrypted version is - * calculated, and placed in the packet. If the RADIUS_PACKET::vps - * list contains a CHAP-Challenge attribute, it is used. Otherwise - * the RADIUS_PACKET::vector field is used a the challenge. - * - * Message-Authenticator. The contents of the Message-Authenticator - * in the RADIUS_PACKET::vps list are ignored. Instead, a - * "place-holder" is put into the packt. Tthe correct value is - * calculated and placed into the packet by nr_packet_sign(). - * - * The RADIUS_PACKET::vps list is left untouched by this function, - * even when attribute encryption or signing is performed. Any - * VALUE_PAIR structures can therefore be taken from static "const" - * variables. - * - * @param[in] packet The RADIUS packet to encode. - * @param[in] original The original request, when encoding a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); - -/** Decodes a packet. \ingroup packet - * - * This function decodes a packet from the RADIUS_PACKET::data field - * into a sequence of ::VALUE_PAIR structures in the - * RADIUS_PACKET::vps list. - * - * @param[in] packet The RADIUS packet to decode. - * @param[in] original The original request, when decoding a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original); - -/** Signs a packet so that it can be sent. \ingroup packet - * - * This function calculates the Message-Authenticator (if required), - * and signs the packet. - * - * @param[in] packet The RADIUS packet to sign. - * @param[in] original The original request, when signing a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original); - -/** Verifies that a packet is well-formed and contains the correct signature. \ingroup packet - * - * If "original" is specified, it also verifies that the packet is a - * response to the original request, and that it has the correct - * signature. - * - * @param[in] packet The RADIUS packet to verify. - * @param[in] original The original request, when verifying a response. - * @return <0 on error, >= 0 on success. - */ -extern int nr_packet_verify(RADIUS_PACKET *packet, - const RADIUS_PACKET *original); - -/** Pretty-prints a hex dump of a RADIUS packet. \ingroup packet print - * - * This function is available only in debugging builds of the - * library. It is useful during development, but should not be used - * in a production system. - * - * The packet headers are printed individually, and each attribute is - * printed as "type length data..." - * - * @param[in] packet The RADIUS packet to print - */ -extern void nr_packet_print_hex(RADIUS_PACKET *packet); - - -/** Return the given number of random bytes. \ingroup custom - * - * This function should be replaced by one that is specific to your - * system. - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @param[in] data Location where the random bytes will be stored - * @param[in] data_len Number of bytes to store - * @return <0 on error, or the total number of bytes stored. - */ -extern ssize_t nr_rand_bytes(uint8_t *data, size_t data_len); - -/** Return a random 32-bit integer. \ingroup custom - * - * This function should be replaced by one that is specific to your - * system. The version supplied here just calls nr_rand_bytes() each - * time, which is slow. - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @return An unsigned 32-bit random integer. - */ -extern uint32_t nr_rand(void); - -/** Add a time to the given ::struct timeval. \ingroup custom - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @param[in,out] t The timeval to which the time is added. - * @param[in] seconds Time in seconds to add - * @param[in] usec Time in microseconds to add - */ -extern void nr_timeval_add(struct timeval *t, unsigned int seconds, - unsigned int usec); - -/** Compare two times. \ingroup custom - * - * This is a wrapper function which enables the library to be more - * portable. - * - * @param[in] a One timeval - * @param[in] b Another one - * @return a <=> b - */ -extern int nr_timeval_cmp(const struct timeval *a, const struct timeval *b); - -/** Initializes an ::nr_server_t. \ingroup id - * - * @param[in,ut] s The ::nr_server_t to initialize - * @param[in] code The packet code used for packets sent to this server - * @param[in] secret The shared secret used for packet sent to this server - * @return <0 for error, >= 0 for success - */ -extern int nr_server_init(nr_server_t *s, int code, const char *secret); - -/** Closes an ::nr_server_t data structure. \ingroup id - * - * Ensures that all IDs are free, and closes the socket. - * - * @param[in] s The server structure to close. - * @return <0 for error, 0 for success - */ -extern int nr_server_close(const nr_server_t *s); - -/** Allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id - * - * This function allocates a RADIUS_PACKET::id from the ::nr_server_t - * structure. It also fills in the RADIUS_PACKET::sockfd, - * RADIUS_PACKET::code, and RADIUS_PACKET::dst fields. - * - * @param[in] s The server structure which tracks the ID - * @param[in] packet The packet which needs an ID - * @return <0 for error, 0 for success - */ -extern int nr_server_id_alloc(nr_server_t *id, RADIUS_PACKET *packet); - -/** Re-allocate a RADIUS_PACKET::id value for sending a packet to a server. \ingroup id - * - * It is used when retransmitting an Accounting-Request packet to a - * server, after updating the Acct-Delay-Time field. The "realloc" - * name means that the new ID is allocated, and is guaranteed to be - * different from the old one. - * - * @param[in] s The server structure which tracks the ID - * @param[in] packet The packet which needs a new ID - * @return <0 for error, 0 for success - */ -extern int nr_server_id_realloc(nr_server_t *id, RADIUS_PACKET *packet); - -/** Free a RADIUS_PACKET::id value after sending a packet to a server. \ingroup id - * - * @param[in] s The server structure which tracks the ID - * @param[in] packet The packet which has an ID, and wants to free it - * @return <0 for error, 0 for success - */ -extern int nr_server_id_free(nr_server_t *id, RADIUS_PACKET *packet); - - -/** Allocates a packet using malloc(), and initializes it. \ingroup id - * - * @param[in] s The server structure - * @param[in,out] packet_p Pointer to the ::RADIUS_PACKET to be allocated - * @return <0 for error, 0 for success - */ -extern int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p); - -/** Record a humanly readable error message. \ingroup error - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[in] fmt The format to use. - */ -extern void nr_strerror_printf(const char *fmt, ...); - -#ifndef NDEBUG -#define nr_debug_error nr_strerror_printf /** \ingroup error */ -#else -#define nr_debug_error if (0) nr_strerror_printf -#endif - -/** Encrypts or decrypts a User-Password attribute. \ingroup internal - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[out] output Buffer where the password is stored - * @param[out] outlen Size of the output buffer - * @param[in] input Input buffer with password - * @param[in] inlen Length of the input buffer - * @param[in] secret The shared secret - * @param[in] vector Authentication vector - * @return <0 on error, or the length of data in "output" - */ -extern ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector); - -/** Encrypts a Tunnel-Password attribute. \ingroup internal - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[out] output Buffer where the password is stored - * @param[out] outlen Size of the output buffer - * @param[in] input Input buffer with password - * @param[in] inlen Length of the input buffer - * @param[in] secret The shared secret - * @param[in] vector Authentication vector - * @return <0 on error, or the length of data in "output" - */ -extern ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector); - -/** Decrypts a Tunnel-Password attribute. \ingroup internal - * - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[out] output Buffer where the password is stored - * @param[out] outlen Size of the output buffer - * @param[in] input Input buffer with password - * @param[in] inlen Length of the input buffer - * @param[in] secret The shared secret - * @param[in] vector Authentication vector - * @return <0 on error, or the length of data in "output" - */ -extern ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector); - -/** Calculates an HMAC-MD5. \ingroup internal - * - * @param[in] data Data to be hashed - * @param[in] data_len Length of data to be hashed - * @param[in] key Key for the HMAC - * @param[in] key_len Length of the key - * @param[out] digest - */ -extern void nr_hmac_md5(const uint8_t *data, size_t data_len, - const uint8_t *key, size_t key_len, - uint8_t digest[16]); - -/** Checks if a TLV is properly formatted. \ingroup internal - * - * \attention This structure should only be accessed by internal - * RADIUS library functions. - * - * @param[in] data Data to check - * @param[in] length Length of the data field - * @param[in] dv_type Length of the TLV "type" field - * @param[in] dv_length Length of the TLV "length" field - * @return <0 on error, 0 for "TLV is OK" - */ -extern int nr_tlv_ok(const uint8_t *data, size_t length, - size_t dv_type, size_t dv_length); - -/** A callback function used by nr_packet_walk(). \ingroup packet - * - * The function should return 0 on success (i.e. keep walking), and - * otherwise a negative number indicating an error code - * (::nr_error_t). That negative number will be used as the return - * code for nr_packet_walk(). - */ -typedef int (*nr_packet_walk_func_t)(void *, const DICT_ATTR *, const uint8_t *, size_t); - -/** Walks over all attributes in a packet. \ingroup packet - * - * This function is an iterator which calls a user-supplied callback - * function for each attribute in the packet. It should be used - * instead of manually walking over the attributes. There are a - * number of odd corner cases when handling Vendor-Specific - * attributes, and it is easy to get those corner cases wrong. - * - * This function iterates over *all* attributes, including nested - * VSAs. That is its main value. - * - * Encrypted attributes such as User-Password are not decrypted. - * - * @param[in] packet The packet containing the data - * @param[in] ctx A user-supplied context. May be NULL - * @param[in] callback The callback function where the information is passed. - * - * @return <0 for error, - * 0 for success. - */ -extern int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, - nr_packet_walk_func_t callback); - -/** Initialize a packet - * - * If original is specified, the packet is initialized as a response - * to the original request. - * - * @param[in,out] packet The packet to initialize - * @param[in] original The original request (if any) to use as a template - * @param[in] secret Shared secret - * @param[in] code RADIUS Code field. - * @param[in] data Buffer where packets will be stored (RADIUS_PACKET::data) - * @param[in] sizeof_data Size of buffer (RADIUS_PACKET::sizeof_data) - * @return <0 on error, 0 for success. - */ -extern int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret, int code, - void *data, size_t sizeof_data); - -/** Add one attribute to the packet. - * - * This function can be used to add "raw" data to a packet. It - * allows the caller to extend the RADIUS packet without using a - * ::VALUE_PAIR data structure. - * - * Some attributes are handled specially by this function. - * - * EAP-Message. This attribute is automatically split into 253-octet - * chunks. - * - * User-Password, CHAP-Password, and Message-Authenticator. These - * attributes are automatically encrypted, as is done by - * nr_packet_encode(). - * - * @param[in] packet The packet to edit - * @param[in] original The original request (if any) - * @param[in] da Pointer to the attribute definition - * @param[in] data Data to append to the packet - * @param[in] data_len Length of data to append to the packet - * - * @return <0 for error, >= 0 for "successfully appended data" - * The function returns the number of octets appended to the packet. - */ -extern ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const DICT_ATTR *da, - const void *data, size_t data_len); - - -/** Encodes any ::VALUE_PAIR into an attribute. \ingroup attr - * - * This function can be called for any ::VALUE_PAIR. It will examine - * that structure, and call one of nr_vp2rfc() or nr_vp2vsa() as - * necessary. - * - * \attention This function should not be called. - * - * @param[in] packet Where to place the encoded attribute. - * @param[in] original The original request (optional), if "packet" is a response - * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. - * @param[in] data Where the attribute is to be encoded. - * @param[in] room How many octets are available for attribute encoding. - * - * @return <0 for error, or the number of octets used to encode the attribute. - */ -extern ssize_t nr_vp2attr(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *data, size_t room); - -/** Encodes an RFC "standard" ::VALUE_PAIR into an attribute. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet Where to place the encoded attribute. - * @param[in] original The original request (optional), if "packet" is a response - * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. - * @param[in] data Where the attribute is to be encoded. - * @param[in] room How many octets are available for attribute encoding. - * - * @return <0 for error, or the number of octets used to encode the attribute. - */ -extern ssize_t nr_vp2rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, - uint8_t *data, size_t room); - -/** Decodes any attribute into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Decodes an RFC "standard" attribute into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Decodes a Vendor-Specific attribute into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Decodes an attribute with an unexpected length into a ::VALUE_PAIR. \ingroup attr - * - * \attention This function should not be called. - * - * @param[in] packet The packet containing the attribute to be decoded. - * @param[in] original The original request (optional), if "packet" is a response - * @param[out] pvp Where to place the decoded ::VALUE_PAIR. On any return >=0, it is updated to point to the ::VALUE_PAIR which was decoded from the packet. - * @param[in] data Where the attribute is to be encoded. - * @param[in] length How many octets are available for attribute decoding. - * - * @return <0 for error, or the number of octets used to decode the attribute. - */ -extern ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const uint8_t *data, size_t length, - VALUE_PAIR **pvp); - -/** Encodes a Vendor-Specific ::VALUE_PAIR into an attribute. - * - * \attention This function should not be called. - * - * @param[in] packet Where to place the encoded attribute. - * @param[in] original The original request (optional), if "packet" is a response - * @param[in,out] pvp The ::VALUE_PAIR to encode. On any return >=0, it is updated to point to the "next" ::VALUE_PAIR which should be encoded. - * @param[in] data Where the attribute is to be encoded. - * @param[in] room How many octets are available for attribute encoding. - * - * @return <0 for error, or the number of octets used to encode the attribute. - */ -extern ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const VALUE_PAIR **pvp, uint8_t *data, - size_t room); - -/** Returns raw data from the RADIUS packet, for a given attribute. \ingroup attr - * - * This function can be called repeatedly to find all instances of a - * given attribute. The first time it is called, the "start" - * parameter should be zero. If the function returns a non-zero - * positive number, it means that there *may* be more attributes - * available. The returned value should be then passed via the - * "start" option in any subsequent calls to the function. - * - * This function should be called by an application when it wants - * access to data which is not in the pre-defined dictionaries. - * - * @param[in] packet The packet containing the attribute. - * @param[in] start Where in the packet we start searching for the attribute. - * @param[in] attr Value of the attribute to search for - * @param[in] vendor Value of the vendor (use 0 for IETF attributes) - * @param[out] pdata Pointer to the data. If no data was found, the pointer is unchanged. - * @param[out] plength Length of the data. If no data was found, the value pointed to is unchanged. - * - * @return <0 for error, - * 0 for "no attribute found, stop searching" - * >0 offset where the attribute was found. - */ -extern ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start, - unsigned int attr, unsigned int vendor, - const uint8_t **pdata, size_t *plength); - -/** Pretty-print the entire ::VALUE_PAIR \ingroup print - * - * All data is printed in ASCII format. The data type of "octets" is - * printed as a hex string (e.g. 0xabcdef01...). The data type of - * "ipaddr" is printed as a dotted-quad (e.g. 192.0.2.15). - * - * The format is "Attribute-Name = value" - * - * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored - * @param[in] bufsize size of the output buffer - * @param[in] vp ::VALUE_PAIR to print - * @return length of data in buffer - */ -extern size_t nr_vp_snprintf(char *buffer, size_t bufsize, const VALUE_PAIR *vp); - -/** Pretty-print the VALUE_PAIR::data field \ingroup print - * - * Prints the value of a ::VALUE_PAIR, without the name or "=" sign. - * - * @param[out] buffer Where the printable version of the ::VALUE_PAIR is stored - * @param[in] bufsize size of the output buffer - * @param[in] vp ::VALUE_PAIR to print - * @return length of data in buffer - */ -extern size_t nr_vp_snprintf_value(char *buffer, size_t bufsize, const VALUE_PAIR *vp); - -/** Prints a list of :VALUE_PAIR structures to the given output. \ingroup print - * - * @param[in] fp Where to print the results - * @param[in] vps Linked list of ::VALUE_PAIR to print - */ -extern void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps); - -/** Scan a string into a ::VALUE_PAIR. The counterpart to - * nr_vp_snprintf_value() \ingroup print - * - * @param[in] string Printable version of the ::VALUE_PAIR - * @param[out] pvp Newly allocated ::VALUE_PAIR - * @return <0 on error, 0 for success. - */ -extern int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp); - -/** Scan the data portion of a ::VALUE_PAIR. The counterpart to - * nr_vp_snprintf_value() \ingroup print - * - * @param[in,out] vp The ::VALUE_PAIR where the data will be stored - * @param[in] value The string version of the data to be parsed - * @return <0 on error, >=0 for the number of characters parsed in value. - */ -extern ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value); - -#if defined(__GNUC__) -# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) -# define NEVER_RETURNS __attribute__ ((noreturn)) -# define UNUSED __attribute__ ((unused)) -# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ -#else - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define PRINTF_LIKE(n) - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define NEVER_RETURNS - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define UNUSED - -/** Macro used to quiet compiler warnings inside of the library. \ingroup build - * - */ -# define BLANK_FORMAT "" -#endif - -#endif /* _RADIUS_CLIENT_H_ */ diff --git a/lib/radius/common.pl b/lib/radius/common.pl deleted file mode 100644 index 7042fe5..0000000 --- a/lib/radius/common.pl +++ /dev/null @@ -1,220 +0,0 @@ -###################################################################### -# Copyright (c) 2011, Network RADIUS SARL -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the <organization> nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -###################################################################### -our %attributes; -our %vendor; -our %vendorpec; -our $begin_vendor = 0; - -$vendorpec{'0'} = "IETF"; - -sub do_file() -{ - my $filename = shift; - my $fh; - - $dir = $filename; - $dir =~ s:/[^/]+?$::; - $lineno = 0; - - open $fh, "<$filename" or die "Failed to open $filename: $!\n"; - - while (<$fh>) { - $lineno++; - next if (/^\s*#/); - next if (/^\s*$/); - s/#.*//; - s/\s+$//; - - next if ($_ eq ""); - - # - # Remember the vendor - # - if (/^VENDOR\s+([\w-]+)\s+(\w+)(.*)/) { - my $me = $1; - - $vendor{$me}{'pec'} = $2; - $vendorpec{$2} = $me; - - $vendor{$me}{'type'} = 1; - $vendor{$me}{'length'} = 1; - - if ($3) { - $format=$3; - $format =~ s/^\s+//; - - if ($format !~ /^format=(\d+),(\d+)$/) { - die "Unknown format $format\n"; - } - $vendor{$me}{'type'} = $1; - $vendor{$me}{'length'} = $2; - } - next; - } - - # - # Remember if we did begin-vendor. - # - if (/^BEGIN-VENDOR\s+([\w-]+)/) { - if (!defined $vendor{$1}) { - die "Unknown vendor $1\n"; - } - $begin_vendor = $vendor{$1}{'pec'}; - next; - } - - # - # Remember if we did this. - # - if (/^END-VENDOR/) { - $begin_vendor = 0; - next; - } - - # - # Get attribute. - # - if (/^ATTRIBUTE\s+([\w-\/.]+)\s+(\w+)\s+(\w+)(.*)/) { - $name=$1; - $value = $2; - $type = $3; - $stuff = $4; - - $value =~ tr/[A-F]/[a-f]/; # normal form for hex - $value =~ tr/X/x/; - - if ($value =~ /^0x/) { - $index = hex $value; - } else { - $index = $value; - } - - next if (($begin_vendor == 0) && ($index > 255)); - - $index += ($begin_vendor << 16); - - $attributes{$index}{'name'} = $name; - $attributes{$index}{'value'} = $value; - if ($begin_vendor ne "") { - $attributes{$index}{'vendor'} = $begin_vendor; - } - - $type =~ tr/a-z/A-Z/; - $attributes{$index}{'type'} = "RS_TYPE_$type"; - - $stuff =~ s/^\s*//; - - if ($stuff) { - foreach $text (split /,/, $stuff) { - if ($text eq "encrypt=1") { - $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_USER_PASSWORD"; - } elsif ($text eq "encrypt=2") { - $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_TUNNEL_PASSWORD"; - - } elsif ($text eq "encrypt=3") { - $attributes{$index}{'flags'}{'encrypt'} = "FLAG_ENCRYPT_ASCEND_SECRET"; - - } elsif ($text eq "has_tag") { - $attributes{$index}{'flags'}{'has_tag'} = "1"; - - } elsif ($text =~ /\[(\d+)\]/) { - $attributes{$index}{'flags'}{'length'} = $1; - - } else { - die "$filename: $lineno - Unknown flag $text\n"; - } - } - } - - if ($type eq "BYTE") { - $attributes{$index}{'flags'}{'length'} = "1"; - - } elsif ($type eq "SHORT") { - $attributes{$index}{'flags'}{'length'} = "2"; - - } elsif ($type eq "INTEGER") { - $attributes{$index}{'flags'}{'length'} = "4"; - - } elsif ($type eq "IPADDR") { - $attributes{$index}{'flags'}{'length'} = "4"; - - } elsif ($type eq "DATE") { - $attributes{$index}{'flags'}{'length'} = "4"; - - } elsif ($type eq "IFID") { - $attributes{$index}{'flags'}{'length'} = "8"; - - } elsif ($type eq "IPV6ADDR") { - - $attributes{$index}{'flags'}{'length'} = "16"; - } - - $name2val{$name} = $index; - next; - } - - # - # Values. - # - if (/^VALUE\s+([\d\w-\/.]+)\s+([\w-\/,.+]+)\s+(\w+)(.*)/) { - next; - - $attr = $1; - $name = $2; - $value = $3; - $stuff = $d; - - $value =~ tr/[A-F]/[a-f]/; # normal form for hex - $value =~ tr/X/x/; - - if ($value =~ /^0x/) { - $index = hex $value; - } else { - $index = $value; - } - - if (!defined $name2val{$attr}) { - print "# FIXME: FORWARD REF?\nVALUE $attr $name $value$stuff\n"; - next; - } - - $values{$name2val{$attr}}{$index} = "$attr $name $value$stuff"; - next; - } - - if (/^\$INCLUDE\s+(.*)$/) { - do_file("$dir/$1"); - next; - } - - die "unknown text in line $lineno of $filename: $_\n"; - } - - close $fh; -} - -1; diff --git a/lib/radius/convert.pl b/lib/radius/convert.pl deleted file mode 100755 index 7ca424e..0000000 --- a/lib/radius/convert.pl +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/env perl -###################################################################### -# Copyright (c) 2011, Network RADIUS SARL -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the <organization> nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -###################################################################### -# -# Converts dictionaries to C structures. Does not yet do "VALUE"s. -# -# Usage: ./convert.pl dictionary ... -# -# Reads input dictionaries, and outputs "radius.h" and "dictionaries.c" -# -# $Id$ -# -require "common.pl"; - -# -# Read all of the dictionaries -# -while (@ARGV) { - $filename = shift; - do_file($filename); -} - -# -# For speed, the dictionary data structures have the first 256 -# attributes at fixed offsets in the array. If the user didn't -# define them, then we set them here to be "raw" or unknown. -# -foreach $attr_val (0..255) { - next if defined $attributes{$attr_val}; - - $attributes{$attr_val}{'raw'} = 1; -} - -if (scalar keys %attributes == 0) { - die "No attributes were defined\n"; -} - - -open DICT, ">dictionaries.c" or die "Failed creating dictionaries.c: $!\n"; - -# -# Print out the data structues for the vendors. -# -if (scalar keys %vendor > 0) { - print DICT "const DICT_VENDOR nr_dict_vendors[] = {\n"; - foreach $v (sort keys %vendor) { - print DICT " { \n"; - print DICT " " . $vendor{$v}{'pec'} . ", \n"; - print DICT " " . $vendor{$v}{'type'} . ",\n"; - print DICT " " . $vendor{$v}{'length'} . ",\n"; - print DICT " \"" . $v, "\"\n"; - print DICT " },\n"; - } - print DICT " { \n"; - print DICT " 0,\n"; - print DICT " 0,\n"; - print DICT " 0,\n"; - print DICT " NULL\n"; - print DICT " },\n"; - print DICT "};\n\n"; -} - -# needed for later. -$vendor{""}{'pec'} = 0; - -sub printAttrFlag -{ - my $tmp = $attributes{$attr_val}{'flags'}{$_[0]}; - - if (!$tmp) { - $tmp = 0; - } - - print DICT $tmp . ", "; -} - -# -# Print DICT out the attributes sorted by number. -# -my $offset = 0; -my $num_names = 0; -print DICT "const DICT_ATTR nr_dict_attrs[] = {\n"; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - print DICT " { /* $offset */ \n"; - - if (defined $attributes{$attr_val}{'raw'}) { - print DICT " 0\n", - } else { - print DICT " ", $attributes{$attr_val}{'value'}, ", \n"; - print DICT " ", $attributes{$attr_val}{'type'}, ", \n"; - print DICT " ", $attributes{$attr_val}{'vendor'}, ", \n"; - print DICT " { "; - &printAttrFlag('has_tag'); - &printAttrFlag('unknown'); -# &printAttrFlag('has_tlv'); -# &printAttrFlag('is_tlv'); - &printAttrFlag('extended'); - &printAttrFlag('extended_flags'); - &printAttrFlag('evs'); - &printAttrFlag('encrypt'); - &printAttrFlag('length'); - print DICT "},\n"; - print DICT " \"", $attributes{$attr_val}{'name'}, "\", \n"; - $num_names++; - } - - $attributes{$attr_val}{'offset'} = $offset++; - - print DICT " },\n"; - -} -print DICT "};\n\n"; - -print DICT "const int nr_dict_num_attrs = ", $offset - 1, ";\n\n"; -print DICT "const int nr_dict_num_names = ", $num_names - 1, ";\n\n"; - -my $offset = 0; -print DICT "const DICT_ATTR *nr_dict_attr_names[] = {\n"; -foreach $attr_val (sort {lc($attributes{$a}{'name'}) cmp lc($attributes{$b}{'name'})} keys %attributes) { - next if (defined $attributes{$attr_val}{'raw'}); - - print DICT " &nr_dict_attrs[", $attributes{$attr_val}{'offset'}, "], /* ", $attributes{$attr_val}{'name'}, " */\n"; -} - -print DICT "};\n\n"; -close DICT; - -open HDR, ">../include/radsec/radius.h" or die "Failed creating radius.c: $!\n"; - -print HDR "/* Automatically generated file. Do not edit */\n\n"; - -foreach $v (sort keys %vendor) { - next if ($v eq ""); - - $name = $v; - $name =~ tr/a-z/A-Z/; # uppercase - $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ - - print HDR "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; -} -print HDR "\n"; - -$begin_vendor = -1; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - next if (defined $attributes{$attr_val}{'raw'}); - - if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { - print HDR "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; - $begin_vendor = $attributes{$attr_val}{'vendor'}; - } - - $name = $attributes{$attr_val}{'name'}; - $name =~ tr/a-z/A-Z/; - $name =~ tr/A-Z0-9/_/c; - - print HDR "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; -} -print HDR "\n"; - -print HDR "/* Fixed offsets to dictionary definitions of attributes */\n"; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - next if (defined $attributes{$attr_val}{'raw'}); - - $name = $attributes{$attr_val}{'name'}; - $name =~ tr/a-z/A-Z/; - $name =~ tr/-/_/; - - print HDR "#define RS_DA_$name (&nr_dict_attrs[$attributes{$attr_val}{'offset'}])\n"; -} - -print HDR "/* Automatically generated file. Do not edit */\n"; - -close HDR; diff --git a/lib/radius/crypto.c b/lib/radius/crypto.c deleted file mode 100644 index 21cc7d0..0000000 --- a/lib/radius/crypto.c +++ /dev/null @@ -1,233 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file crypto.c - * \brief Data obfuscation and signing, using MD5. - * - * The "encryption" methods defined here are export-safe. The - * technical cryptography name for these functions is "obfuscation". - * They cannot properly be called "encryption", in the same way that - * DES or AES performs encryption. - */ - -/** \cond PRIVATE */ - -#include "client.h" - - -ssize_t nr_password_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector) -{ - size_t i, j, len; - uint8_t digest[16]; - RS_MD5_CTX ctx, secret_ctx; - - if (!output || (outlen < 16) || !input || (inlen == 0) || - !secret || !vector) { - return -RSE_INVAL; - } - - len = inlen; - if (len > 128) return -RSE_ATTR_OVERFLOW; - - len = (len + 0x0f) & ~0x0f; /* round up to 16 byte boundary */ - - if (outlen < len) return -RSE_ATTR_OVERFLOW; - - memcpy(output, input, len); - memset(output + len, 0, 128 - len); - - RS_MD5Init(&secret_ctx); - RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); - - for (j = 0; j < len; j += 16) { - ctx = secret_ctx; - - if (j == 0) { - RS_MD5Update(&ctx, vector, 16); - RS_MD5Final(digest, &ctx); - } else { - RS_MD5Update(&ctx, &output[j - 16], 16); - RS_MD5Final(digest, &ctx); - } - - for (i = 0; i < 16; i++) { - output[i + j] ^= digest[i]; - } - } - - return len; -} - -#ifdef FLAG_ENCRYPT_TUNNEL_PASSWORD -ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector) -{ - size_t i, j, len; - RS_MD5_CTX ctx, secret_ctx; - uint8_t digest[16]; - - if (!output || (outlen < 18) || !input || (inlen == 0) || - !secret || !vector) { - return -RSE_INVAL; - } - - len = ((inlen + 1) + 0x0f) & ~0x0f; - if (len > 251) return -RSE_ATTR_OVERFLOW; - - output[0] = (nr_rand() & 0xff) | 0x80; - output[1] = nr_rand() & 0xff; - output[2] = inlen; - - memcpy(output + 3, input, inlen); - memset(output + 3 + inlen, 0, len - inlen - 1); - - RS_MD5Init(&secret_ctx); - RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); - - for (j = 0; j < len; j += 16) { - ctx = secret_ctx; - - if (j == 0) { - RS_MD5Update(&ctx, vector, 16); - RS_MD5Update(&ctx, output, 2); - RS_MD5Final(digest, &ctx); - } else { - RS_MD5Update(&ctx, &output[j + 2 - 16], 16); - RS_MD5Final(digest, &ctx); - } - - for (i = 0; i < 16; i++) { - output[i + j + 2] ^= digest[i]; - } - } - - return len + 2; -} - -ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen, - const uint8_t *input, size_t inlen, - const char *secret, const uint8_t *vector) -{ - size_t i, j, len, encoded_len; - RS_MD5_CTX ctx, secret_ctx; - uint8_t digest[16]; - - if (!output || (outlen < 1) || !input || (inlen < 2) || - !secret || !vector) { - return -RSE_INVAL; - } - - if (inlen <= 3) { - output[0] = 0; - return 0; - } - - len = inlen - 2; - - if (outlen < (len - 1)) return -RSE_ATTR_OVERFLOW; - - RS_MD5Init(&secret_ctx); - RS_MD5Update(&secret_ctx, (const uint8_t *) secret, strlen(secret)); - - ctx = secret_ctx; - - RS_MD5Update(&ctx, vector, 16); /* MD5(secret + vector + salt) */ - RS_MD5Update(&ctx, input, 2); - RS_MD5Final(digest, &ctx); - - encoded_len = input[2] ^ digest[0]; - if (encoded_len >= len) { - return -RSE_ATTR_TOO_LARGE; - } - - for (i = 0; i < 15; i++) { - output[i] = input[i + 3] ^ digest[i + 1]; - } - - for (j = 16; j < len; j += 16) { - ctx = secret_ctx; - - RS_MD5Update(&ctx, input + j - 16 + 2, 16); - RS_MD5Final(digest, &ctx); - - for (i = 0; i < 16; i++) { - output[i + j - 1] = input[i + j + 2] ^ digest[i]; - } - - - } - - output[encoded_len] = '\0'; - return encoded_len; -} -#endif - -void -nr_hmac_md5(const uint8_t *data, size_t data_len, - const uint8_t *key, size_t key_len, - uint8_t digest[16]) -{ - size_t i; - uint8_t k_ipad[64]; - uint8_t k_opad[64]; - uint8_t tk[16]; - RS_MD5_CTX ctx; - - if (key_len > 64) { - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, key, key_len); - RS_MD5Final(tk, &ctx); - - key = tk; - key_len = 16; - } - - memset(k_ipad, 0, sizeof(k_ipad)); - memset(k_opad, 0, sizeof(k_opad)); - memcpy(k_ipad, key, key_len); - memcpy(k_opad, key, key_len); - - for (i = 0; i < sizeof(k_ipad); i++) { - k_ipad[i] ^= 0x36; - k_opad[i] ^= 0x5c; - } - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, k_ipad, sizeof(k_ipad)); - RS_MD5Update(&ctx, data, data_len); - RS_MD5Final(digest, &ctx); - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, k_opad, sizeof(k_opad)); - RS_MD5Update(&ctx, digest, 16); - RS_MD5Final(digest, &ctx); -} - -/** \endcond */ diff --git a/lib/radius/custom.c b/lib/radius/custom.c deleted file mode 100644 index 917939a..0000000 --- a/lib/radius/custom.c +++ /dev/null @@ -1,163 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Copyright (c) 2006 Kungliga Tekniska HAÎåÎÝgskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/** \file custom.c - * \brief Functions which should be customized for your local system. - */ - -#include "client.h" - -#include <unistd.h> -#include <fcntl.h> - -#ifdef WIN32 -#include <wincrypt.h> - -volatile static HCRYPTPROV nr_cryptprovider = 0; - -static HCRYPTPROV -nr_CryptProvider(void) -{ - BOOL rv; - HCRYPTPROV cryptprovider = 0; - - if (nr_cryptprovider != 0) - return nr_cryptprovider; - - rv = CryptAcquireContext(&cryptprovider, NULL, - MS_ENHANCED_PROV, PROV_RSA_FULL, - 0); - - if (GetLastError() == NTE_BAD_KEYSET) { - if(!rv) - rv = CryptAcquireContext(&cryptprovider, NULL, - MS_ENHANCED_PROV, PROV_RSA_FULL, - CRYPT_NEWKEYSET); - } - - if (rv && - InterlockedCompareExchangePointer((PVOID *) &nr_cryptprovider, - (PVOID) cryptprovider, 0) != 0) { - - CryptReleaseContext(cryptprovider, 0); - cryptprovider = nr_cryptprovider; - } - - return cryptprovider; -} - -ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) -{ - if (CryptGenRandom(nr_CryptProvider(), data_len, data)) - return 0; - return data_len; -} -#else -ssize_t nr_rand_bytes(uint8_t *data, size_t data_len) -{ - static int fd = -1; - - if (fd < 0) { - fd = open("/dev/urandom", O_RDONLY); - if (fd < 0) { - nr_strerror_printf("Error opening randomness: %s", - strerror(errno)); - return 0; - } - } - - return read(fd, data, data_len); -} -#endif /* WIN32 */ - -uint32_t nr_rand(void) -{ - uint32_t lvalue; - - nr_rand_bytes((void *)&lvalue, sizeof(lvalue)); - return lvalue; -} - - -#ifndef USEC -#define USEC (1000000) -#endif - -void nr_timeval_add(struct timeval *t, unsigned int seconds, unsigned int usec) -{ - t->tv_sec += seconds; - t->tv_sec += usec / USEC; - t->tv_usec += usec % USEC; - if (t->tv_usec > USEC) { - t->tv_sec++; - t->tv_usec -= USEC; - } -} - -int nr_timeval_cmp(const struct timeval *a, const struct timeval *b) -{ - if (a->tv_sec > b->tv_sec) return +1; - if (a->tv_sec < b->tv_sec) return -1; - - if (a->tv_usec > b->tv_usec) return +1; - if (a->tv_usec < b->tv_usec) return -1; - - return 0; -} - diff --git a/lib/radius/dict.c b/lib/radius/dict.c deleted file mode 100644 index fc04ee2..0000000 --- a/lib/radius/dict.c +++ /dev/null @@ -1,172 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "client.h" -#include <ctype.h> - -/** \file dict.c - * \brief Functions for name to number, and number to name mappings. - */ - -const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr, unsigned int vendor) -{ - int start, half, end; - - if (!vendor && (attr > 0) && (attr < 256)) { - if (nr_dict_attrs[attr].name) { - return &nr_dict_attrs[attr]; - } - return NULL; - } - - if (!vendor) return NULL; /* no "non-protocol" attributes */ - - start = 256; /* first 256 entries are "standard" ones */ - end = nr_dict_num_attrs; - - do { - half = (start + end) / 2; - - if ((nr_dict_attrs[half].vendor == vendor) && - (nr_dict_attrs[half].attr == attr)) { - return &nr_dict_attrs[half]; - } - - if ((vendor >= nr_dict_attrs[half].vendor) && - (attr > nr_dict_attrs[half].attr)) { - start = half + 1; - } else { - end = half - 1; - } - - } while (start <= end); - - return NULL; -} - -const DICT_ATTR *nr_dict_attr_byname(const char *name) -{ - int start, half, end; - - start = 1; - end = nr_dict_num_names; - - if (!name || !*name) return NULL; - - do { - int rcode; - - half = (start + end) / 2; - - rcode = strcasecmp(name, nr_dict_attr_names[half]->name); - if (rcode == 0) return nr_dict_attr_names[half]; - - if (rcode > 0) { - start = half + 1; - } else { - end = half - 1; - } - - - } while (start <= end); - - return NULL; -} - -int nr_dict_attr_2struct(DICT_ATTR *da, unsigned int attr, unsigned int vendor, - char *buffer, size_t bufsize) -{ - if (!da || !buffer) return -RSE_INVAL; - - if (!vendor) { - if (attr > 256) return -RSE_INVAL; - - } else if (vendor > (1 << 24)) { - return -RSE_INVAL; - } - - memset(da, 0, sizeof(*da)); - da->attr = attr; - da->flags.unknown = 1; - da->type = RS_TYPE_OCTETS; - da->vendor = vendor; - - if (da->vendor) { - snprintf(buffer, bufsize, "Attr-26.%u.%u", - vendor, attr); - } else { - snprintf(buffer, bufsize, "Attr-%u", attr); - } - da->name = buffer; - - return 0; -} - - -const DICT_VALUE *nr_dict_value_byattr(UNUSED unsigned int attr, - UNUSED unsigned int vendor, - UNUSED int value) -{ - return NULL; -} - -const DICT_VALUE *nr_dict_value_byname(UNUSED unsigned int attr, - UNUSED unsigned int vendor, - UNUSED const char *name) -{ - return NULL; -} - -int nr_dict_vendor_byname(const char *name) -{ - const DICT_VENDOR *dv; - - if (!name || !*name) return 0; - - /* - * O(n) lookup. - */ - for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { - if (strcasecmp(dv->name, name) == 0) return dv->vendor; - } - - return 0; -} - -const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor) -{ - const DICT_VENDOR *dv; - - /* - * O(n) lookup. - */ - for (dv = &nr_dict_vendors[0]; dv->name != NULL; dv++) { - if (dv->vendor == vendor) return dv; - } - - return NULL; -} diff --git a/lib/radius/doc.txt b/lib/radius/doc.txt deleted file mode 100644 index 09a8415..0000000 --- a/lib/radius/doc.txt +++ /dev/null @@ -1,41 +0,0 @@ -/** - -\file doc.txt -\brief The main documentation. - -\mainpage The Network RADIUS Client Library - -This client library is intended for use in embedded systems. It is -small with a simple API, yet has more functionality than most -commercial or Open Source products. - -\section License - -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -\ref dictionaries.txt "Dictionaries and dictionary formats" - -*/ diff --git a/lib/radius/doxygen.conf b/lib/radius/doxygen.conf deleted file mode 100644 index e310771..0000000 --- a/lib/radius/doxygen.conf +++ /dev/null @@ -1,1417 +0,0 @@ -# Doxyfile 1.5.6 - -# This file describes the settings to be used by the documentation system -# doxygen (www.doxygen.org) for a project -# -# All text after a hash (#) is considered a comment and will be ignored -# The format is: -# TAG = value [value, ...] -# For lists items can also be appended using: -# TAG += value [value, ...] -# Values that contain spaces should be placed between quotes (" ") - -#--------------------------------------------------------------------------- -# Project related configuration options -#--------------------------------------------------------------------------- - -# This tag specifies the encoding used for all characters in the config file -# that follow. The default is UTF-8 which is also the encoding used for all -# text before the first occurrence of this tag. Doxygen uses libiconv (or the -# iconv built into libc) for the transcoding. See -# http://www.gnu.org/software/libiconv for the list of possible encodings. - -DOXYFILE_ENCODING = UTF-8 - -# The PROJECT_NAME tag is a single word (or a sequence of words surrounded -# by quotes) that should identify the project. - -PROJECT_NAME = networkclient - -# The PROJECT_NUMBER tag can be used to enter a project or revision number. -# This could be handy for archiving the generated documentation or -# if some version control system is used. - -PROJECT_NUMBER = - -# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) -# base path where the generated documentation will be put. -# If a relative path is entered, it will be relative to the location -# where doxygen was started. If left blank the current directory will be used. - -OUTPUT_DIRECTORY = - -# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create -# 4096 sub-directories (in 2 levels) under the output directory of each output -# format and will distribute the generated files over these directories. -# Enabling this option can be useful when feeding doxygen a huge amount of -# source files, where putting all generated files in the same directory would -# otherwise cause performance problems for the file system. - -CREATE_SUBDIRS = NO - -# The OUTPUT_LANGUAGE tag is used to specify the language in which all -# documentation generated by doxygen is written. Doxygen will use this -# information to generate all constant output in the proper language. -# The default language is English, other supported languages are: -# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, -# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, -# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), -# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, -# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, -# and Ukrainian. - -OUTPUT_LANGUAGE = English - -# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will -# include brief member descriptions after the members that are listed in -# the file and class documentation (similar to JavaDoc). -# Set to NO to disable this. - -BRIEF_MEMBER_DESC = YES - -# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend -# the brief description of a member or function before the detailed description. -# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the -# brief descriptions will be completely suppressed. - -REPEAT_BRIEF = YES - -# This tag implements a quasi-intelligent brief description abbreviator -# that is used to form the text in various listings. Each string -# in this list, if found as the leading text of the brief description, will be -# stripped from the text and the result after processing the whole list, is -# used as the annotated text. Otherwise, the brief description is used as-is. -# If left blank, the following values are used ("$name" is automatically -# replaced with the name of the entity): "The $name class" "The $name widget" -# "The $name file" "is" "provides" "specifies" "contains" -# "represents" "a" "an" "the" - -ABBREVIATE_BRIEF = - -# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then -# Doxygen will generate a detailed section even if there is only a brief -# description. - -ALWAYS_DETAILED_SEC = NO - -# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all -# inherited members of a class in the documentation of that class as if those -# members were ordinary class members. Constructors, destructors and assignment -# operators of the base classes will not be shown. - -INLINE_INHERITED_MEMB = NO - -# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full -# path before files name in the file list and in the header files. If set -# to NO the shortest path that makes the file name unique will be used. - -FULL_PATH_NAMES = YES - -# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag -# can be used to strip a user-defined part of the path. Stripping is -# only done if one of the specified strings matches the left-hand part of -# the path. The tag can be used to show relative paths in the file list. -# If left blank the directory from which doxygen is run is used as the -# path to strip. - -STRIP_FROM_PATH = - -# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of -# the path mentioned in the documentation of a class, which tells -# the reader which header file to include in order to use a class. -# If left blank only the name of the header file containing the class -# definition is used. Otherwise one should specify the include paths that -# are normally passed to the compiler using the -I flag. - -STRIP_FROM_INC_PATH = - -# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter -# (but less readable) file names. This can be useful is your file systems -# doesn't support long names like on DOS, Mac, or CD-ROM. - -SHORT_NAMES = NO - -# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen -# will interpret the first line (until the first dot) of a JavaDoc-style -# comment as the brief description. If set to NO, the JavaDoc -# comments will behave just like regular Qt-style comments -# (thus requiring an explicit @brief command for a brief description.) - -JAVADOC_AUTOBRIEF = NO - -# If the QT_AUTOBRIEF tag is set to YES then Doxygen will -# interpret the first line (until the first dot) of a Qt-style -# comment as the brief description. If set to NO, the comments -# will behave just like regular Qt-style comments (thus requiring -# an explicit \brief command for a brief description.) - -QT_AUTOBRIEF = NO - -# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen -# treat a multi-line C++ special comment block (i.e. a block of //! or /// -# comments) as a brief description. This used to be the default behaviour. -# The new default is to treat a multi-line C++ comment block as a detailed -# description. Set this tag to YES if you prefer the old behaviour instead. - -MULTILINE_CPP_IS_BRIEF = NO - -# If the DETAILS_AT_TOP tag is set to YES then Doxygen -# will output the detailed description near the top, like JavaDoc. -# If set to NO, the detailed description appears after the member -# documentation. - -DETAILS_AT_TOP = YES - -# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented -# member inherits the documentation from any documented member that it -# re-implements. - -INHERIT_DOCS = YES - -# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce -# a new page for each member. If set to NO, the documentation of a member will -# be part of the file/class/namespace that contains it. - -SEPARATE_MEMBER_PAGES = NO - -# The TAB_SIZE tag can be used to set the number of spaces in a tab. -# Doxygen uses this value to replace tabs by spaces in code fragments. - -TAB_SIZE = 8 - -# This tag can be used to specify a number of aliases that acts -# as commands in the documentation. An alias has the form "name=value". -# For example adding "sideeffect=\par Side Effects:\n" will allow you to -# put the command \sideeffect (or @sideeffect) in the documentation, which -# will result in a user-defined paragraph with heading "Side Effects:". -# You can put \n's in the value part of an alias to insert newlines. - -ALIASES = - -# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C -# sources only. Doxygen will then generate output that is more tailored for C. -# For instance, some of the names that are used will be different. The list -# of all members will be omitted, etc. - -OPTIMIZE_OUTPUT_FOR_C = YES - -# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java -# sources only. Doxygen will then generate output that is more tailored for -# Java. For instance, namespaces will be presented as packages, qualified -# scopes will look different, etc. - -OPTIMIZE_OUTPUT_JAVA = NO - -# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran -# sources only. Doxygen will then generate output that is more tailored for -# Fortran. - -OPTIMIZE_FOR_FORTRAN = NO - -# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL -# sources. Doxygen will then generate output that is tailored for -# VHDL. - -OPTIMIZE_OUTPUT_VHDL = NO - -# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want -# to include (a tag file for) the STL sources as input, then you should -# set this tag to YES in order to let doxygen match functions declarations and -# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. -# func(std::string) {}). This also make the inheritance and collaboration -# diagrams that involve STL classes more complete and accurate. - -BUILTIN_STL_SUPPORT = NO - -# If you use Microsoft's C++/CLI language, you should set this option to YES to -# enable parsing support. - -CPP_CLI_SUPPORT = NO - -# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. -# Doxygen will parse them like normal C++ but will assume all classes use public -# instead of private inheritance when no explicit protection keyword is present. - -SIP_SUPPORT = NO - -# For Microsoft's IDL there are propget and propput attributes to indicate getter -# and setter methods for a property. Setting this option to YES (the default) -# will make doxygen to replace the get and set methods by a property in the -# documentation. This will only work if the methods are indeed getting or -# setting a simple type. If this is not the case, or you want to show the -# methods anyway, you should set this option to NO. - -IDL_PROPERTY_SUPPORT = YES - -# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC -# tag is set to YES, then doxygen will reuse the documentation of the first -# member in the group (if any) for the other members of the group. By default -# all members of a group must be documented explicitly. - -DISTRIBUTE_GROUP_DOC = NO - -# Set the SUBGROUPING tag to YES (the default) to allow class member groups of -# the same type (for instance a group of public functions) to be put as a -# subgroup of that type (e.g. under the Public Functions section). Set it to -# NO to prevent subgrouping. Alternatively, this can be done per class using -# the \nosubgrouping command. - -SUBGROUPING = YES - -# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum -# is documented as struct, union, or enum with the name of the typedef. So -# typedef struct TypeS {} TypeT, will appear in the documentation as a struct -# with name TypeT. When disabled the typedef will appear as a member of a file, -# namespace, or class. And the struct will be named TypeS. This can typically -# be useful for C code in case the coding convention dictates that all compound -# types are typedef'ed and only the typedef is referenced, never the tag name. - -TYPEDEF_HIDES_STRUCT = NO - -#--------------------------------------------------------------------------- -# Build related configuration options -#--------------------------------------------------------------------------- - -# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in -# documentation are documented, even if no documentation was available. -# Private class members and static file members will be hidden unless -# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES - -EXTRACT_ALL = YES - -# If the EXTRACT_PRIVATE tag is set to YES all private members of a class -# will be included in the documentation. - -EXTRACT_PRIVATE = NO - -# If the EXTRACT_STATIC tag is set to YES all static members of a file -# will be included in the documentation. - -EXTRACT_STATIC = NO - -# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) -# defined locally in source files will be included in the documentation. -# If set to NO only classes defined in header files are included. - -EXTRACT_LOCAL_CLASSES = YES - -# This flag is only useful for Objective-C code. When set to YES local -# methods, which are defined in the implementation section but not in -# the interface are included in the documentation. -# If set to NO (the default) only methods in the interface are included. - -EXTRACT_LOCAL_METHODS = NO - -# If this flag is set to YES, the members of anonymous namespaces will be -# extracted and appear in the documentation as a namespace called -# 'anonymous_namespace{file}', where file will be replaced with the base -# name of the file that contains the anonymous namespace. By default -# anonymous namespace are hidden. - -EXTRACT_ANON_NSPACES = NO - -# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all -# undocumented members of documented classes, files or namespaces. -# If set to NO (the default) these members will be included in the -# various overviews, but no documentation section is generated. -# This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_MEMBERS = NO - -# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all -# undocumented classes that are normally visible in the class hierarchy. -# If set to NO (the default) these classes will be included in the various -# overviews. This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_CLASSES = NO - -# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all -# friend (class|struct|union) declarations. -# If set to NO (the default) these declarations will be included in the -# documentation. - -HIDE_FRIEND_COMPOUNDS = NO - -# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any -# documentation blocks found inside the body of a function. -# If set to NO (the default) these blocks will be appended to the -# function's detailed documentation block. - -HIDE_IN_BODY_DOCS = NO - -# The INTERNAL_DOCS tag determines if documentation -# that is typed after a \internal command is included. If the tag is set -# to NO (the default) then the documentation will be excluded. -# Set it to YES to include the internal documentation. - -INTERNAL_DOCS = NO - -# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate -# file names in lower-case letters. If set to YES upper-case letters are also -# allowed. This is useful if you have classes or files whose names only differ -# in case and if your file system supports case sensitive file names. Windows -# and Mac users are advised to set this option to NO. - -CASE_SENSE_NAMES = NO - -# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen -# will show members with their full class and namespace scopes in the -# documentation. If set to YES the scope will be hidden. - -HIDE_SCOPE_NAMES = NO - -# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen -# will put a list of the files that are included by a file in the documentation -# of that file. - -SHOW_INCLUDE_FILES = YES - -# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] -# is inserted in the documentation for inline members. - -INLINE_INFO = YES - -# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen -# will sort the (detailed) documentation of file and class members -# alphabetically by member name. If set to NO the members will appear in -# declaration order. - -SORT_MEMBER_DOCS = YES - -# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the -# brief documentation of file, namespace and class members alphabetically -# by member name. If set to NO (the default) the members will appear in -# declaration order. - -SORT_BRIEF_DOCS = NO - -# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the -# hierarchy of group names into alphabetical order. If set to NO (the default) -# the group names will appear in their defined order. - -SORT_GROUP_NAMES = NO - -# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be -# sorted by fully-qualified names, including namespaces. If set to -# NO (the default), the class list will be sorted only by class name, -# not including the namespace part. -# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. -# Note: This option applies only to the class list, not to the -# alphabetical list. - -SORT_BY_SCOPE_NAME = NO - -# The GENERATE_TODOLIST tag can be used to enable (YES) or -# disable (NO) the todo list. This list is created by putting \todo -# commands in the documentation. - -GENERATE_TODOLIST = YES - -# The GENERATE_TESTLIST tag can be used to enable (YES) or -# disable (NO) the test list. This list is created by putting \test -# commands in the documentation. - -GENERATE_TESTLIST = YES - -# The GENERATE_BUGLIST tag can be used to enable (YES) or -# disable (NO) the bug list. This list is created by putting \bug -# commands in the documentation. - -GENERATE_BUGLIST = YES - -# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or -# disable (NO) the deprecated list. This list is created by putting -# \deprecated commands in the documentation. - -GENERATE_DEPRECATEDLIST= YES - -# The ENABLED_SECTIONS tag can be used to enable conditional -# documentation sections, marked by \if sectionname ... \endif. - -ENABLED_SECTIONS = - -# The MAX_INITIALIZER_LINES tag determines the maximum number of lines -# the initial value of a variable or define consists of for it to appear in -# the documentation. If the initializer consists of more lines than specified -# here it will be hidden. Use a value of 0 to hide initializers completely. -# The appearance of the initializer of individual variables and defines in the -# documentation can be controlled using \showinitializer or \hideinitializer -# command in the documentation regardless of this setting. - -MAX_INITIALIZER_LINES = 30 - -# Set the SHOW_USED_FILES tag to NO to disable the list of files generated -# at the bottom of the documentation of classes and structs. If set to YES the -# list will mention the files that were used to generate the documentation. - -SHOW_USED_FILES = YES - -# If the sources in your project are distributed over multiple directories -# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy -# in the documentation. The default is NO. - -SHOW_DIRECTORIES = NO - -# Set the SHOW_FILES tag to NO to disable the generation of the Files page. -# This will remove the Files entry from the Quick Index and from the -# Folder Tree View (if specified). The default is YES. - -SHOW_FILES = YES - -# Set the SHOW_NAMESPACES tag to NO to disable the generation of the -# Namespaces page. This will remove the Namespaces entry from the Quick Index -# and from the Folder Tree View (if specified). The default is YES. - -SHOW_NAMESPACES = YES - -# The FILE_VERSION_FILTER tag can be used to specify a program or script that -# doxygen should invoke to get the current version for each file (typically from -# the version control system). Doxygen will invoke the program by executing (via -# popen()) the command <command> <input-file>, where <command> is the value of -# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file -# provided by doxygen. Whatever the program writes to standard output -# is used as the file version. See the manual for examples. - -FILE_VERSION_FILTER = - -#--------------------------------------------------------------------------- -# configuration options related to warning and progress messages -#--------------------------------------------------------------------------- - -# The QUIET tag can be used to turn on/off the messages that are generated -# by doxygen. Possible values are YES and NO. If left blank NO is used. - -QUIET = NO - -# The WARNINGS tag can be used to turn on/off the warning messages that are -# generated by doxygen. Possible values are YES and NO. If left blank -# NO is used. - -WARNINGS = YES - -# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings -# for undocumented members. If EXTRACT_ALL is set to YES then this flag will -# automatically be disabled. - -WARN_IF_UNDOCUMENTED = YES - -# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for -# potential errors in the documentation, such as not documenting some -# parameters in a documented function, or documenting parameters that -# don't exist or using markup commands wrongly. - -WARN_IF_DOC_ERROR = YES - -# This WARN_NO_PARAMDOC option can be abled to get warnings for -# functions that are documented, but have no documentation for their parameters -# or return value. If set to NO (the default) doxygen will only warn about -# wrong or incomplete parameter documentation, but not about the absence of -# documentation. - -WARN_NO_PARAMDOC = NO - -# The WARN_FORMAT tag determines the format of the warning messages that -# doxygen can produce. The string should contain the $file, $line, and $text -# tags, which will be replaced by the file and line number from which the -# warning originated and the warning text. Optionally the format may contain -# $version, which will be replaced by the version of the file (if it could -# be obtained via FILE_VERSION_FILTER) - -WARN_FORMAT = "$file:$line: $text" - -# The WARN_LOGFILE tag can be used to specify a file to which warning -# and error messages should be written. If left blank the output is written -# to stderr. - -WARN_LOGFILE = - -#--------------------------------------------------------------------------- -# configuration options related to the input files -#--------------------------------------------------------------------------- - -# The INPUT tag can be used to specify the files and/or directories that contain -# documented source files. You may enter file names like "myfile.cpp" or -# directories like "/usr/src/myproject". Separate the files or directories -# with spaces. - -INPUT = . doc/ - -# This tag can be used to specify the character encoding of the source files -# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is -# also the default input encoding. Doxygen uses libiconv (or the iconv built -# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for -# the list of possible encodings. - -INPUT_ENCODING = UTF-8 - -# If the value of the INPUT tag contains directories, you can use the -# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank the following patterns are tested: -# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx -# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 - -FILE_PATTERNS = *.txt *.[ch] - -# The RECURSIVE tag can be used to turn specify whether or not subdirectories -# should be searched for input files as well. Possible values are YES and NO. -# If left blank NO is used. - -RECURSIVE = NO - -# The EXCLUDE tag can be used to specify files and/or directories that should -# excluded from the INPUT source files. This way you can easily exclude a -# subdirectory from a directory tree whose root is specified with the INPUT tag. - -EXCLUDE = - -# The EXCLUDE_SYMLINKS tag can be used select whether or not files or -# directories that are symbolic links (a Unix filesystem feature) are excluded -# from the input. - -EXCLUDE_SYMLINKS = NO - -# If the value of the INPUT tag contains directories, you can use the -# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude -# certain files from those directories. Note that the wildcards are matched -# against the file with absolute path, so to exclude all test directories -# for example use the pattern */test/* - -EXCLUDE_PATTERNS = - -# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names -# (namespaces, classes, functions, etc.) that should be excluded from the -# output. The symbol name can be a fully qualified name, a word, or if the -# wildcard * is used, a substring. Examples: ANamespace, AClass, -# AClass::ANamespace, ANamespace::*Test - -EXCLUDE_SYMBOLS = - -# The EXAMPLE_PATH tag can be used to specify one or more files or -# directories that contain example code fragments that are included (see -# the \include command). - -EXAMPLE_PATH = examples - -# If the value of the EXAMPLE_PATH tag contains directories, you can use the -# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank all files are included. - -EXAMPLE_PATTERNS = *.[ch] - -# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be -# searched for input files to be used with the \include or \dontinclude -# commands irrespective of the value of the RECURSIVE tag. -# Possible values are YES and NO. If left blank NO is used. - -EXAMPLE_RECURSIVE = NO - -# The IMAGE_PATH tag can be used to specify one or more files or -# directories that contain image that are included in the documentation (see -# the \image command). - -IMAGE_PATH = - -# The INPUT_FILTER tag can be used to specify a program that doxygen should -# invoke to filter for each input file. Doxygen will invoke the filter program -# by executing (via popen()) the command <filter> <input-file>, where <filter> -# is the value of the INPUT_FILTER tag, and <input-file> is the name of an -# input file. Doxygen will then use the output that the filter program writes -# to standard output. If FILTER_PATTERNS is specified, this tag will be -# ignored. - -INPUT_FILTER = - -# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern -# basis. Doxygen will compare the file name with each pattern and apply the -# filter if there is a match. The filters are a list of the form: -# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further -# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER -# is applied to all files. - -FILTER_PATTERNS = - -# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using -# INPUT_FILTER) will be used to filter the input files when producing source -# files to browse (i.e. when SOURCE_BROWSER is set to YES). - -FILTER_SOURCE_FILES = NO - -#--------------------------------------------------------------------------- -# configuration options related to source browsing -#--------------------------------------------------------------------------- - -# If the SOURCE_BROWSER tag is set to YES then a list of source files will -# be generated. Documented entities will be cross-referenced with these sources. -# Note: To get rid of all source code in the generated output, make sure also -# VERBATIM_HEADERS is set to NO. - -SOURCE_BROWSER = NO - -# Setting the INLINE_SOURCES tag to YES will include the body -# of functions and classes directly in the documentation. - -INLINE_SOURCES = NO - -# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct -# doxygen to hide any special comment blocks from generated source code -# fragments. Normal C and C++ comments will always remain visible. - -STRIP_CODE_COMMENTS = YES - -# If the REFERENCED_BY_RELATION tag is set to YES -# then for each documented function all documented -# functions referencing it will be listed. - -REFERENCED_BY_RELATION = YES - -# If the REFERENCES_RELATION tag is set to YES -# then for each documented function all documented entities -# called/used by that function will be listed. - -REFERENCES_RELATION = YES - -# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) -# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from -# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will -# link to the source code. Otherwise they will link to the documentstion. - -REFERENCES_LINK_SOURCE = NO - -# If the USE_HTAGS tag is set to YES then the references to source code -# will point to the HTML generated by the htags(1) tool instead of doxygen -# built-in source browser. The htags tool is part of GNU's global source -# tagging system (see http://www.gnu.org/software/global/global.html). You -# will need version 4.8.6 or higher. - -USE_HTAGS = NO - -# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen -# will generate a verbatim copy of the header file for each class for -# which an include is specified. Set to NO to disable this. - -VERBATIM_HEADERS = YES - -#--------------------------------------------------------------------------- -# configuration options related to the alphabetical class index -#--------------------------------------------------------------------------- - -# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index -# of all compounds will be generated. Enable this if the project -# contains a lot of classes, structs, unions or interfaces. - -ALPHABETICAL_INDEX = NO - -# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then -# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns -# in which this list will be split (can be a number in the range [1..20]) - -COLS_IN_ALPHA_INDEX = 5 - -# In case all classes in a project start with a common prefix, all -# classes will be put under the same header in the alphabetical index. -# The IGNORE_PREFIX tag can be used to specify one or more prefixes that -# should be ignored while generating the index headers. - -IGNORE_PREFIX = - -#--------------------------------------------------------------------------- -# configuration options related to the HTML output -#--------------------------------------------------------------------------- - -# If the GENERATE_HTML tag is set to YES (the default) Doxygen will -# generate HTML output. - -GENERATE_HTML = YES - -# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `html' will be used as the default path. - -HTML_OUTPUT = html - -# The HTML_FILE_EXTENSION tag can be used to specify the file extension for -# each generated HTML page (for example: .htm,.php,.asp). If it is left blank -# doxygen will generate files with .html extension. - -HTML_FILE_EXTENSION = .html - -# The HTML_HEADER tag can be used to specify a personal HTML header for -# each generated HTML page. If it is left blank doxygen will generate a -# standard header. - -HTML_HEADER = - -# The HTML_FOOTER tag can be used to specify a personal HTML footer for -# each generated HTML page. If it is left blank doxygen will generate a -# standard footer. - -HTML_FOOTER = - -# The HTML_STYLESHEET tag can be used to specify a user-defined cascading -# style sheet that is used by each HTML page. It can be used to -# fine-tune the look of the HTML output. If the tag is left blank doxygen -# will generate a default style sheet. Note that doxygen will try to copy -# the style sheet file to the HTML output directory, so don't put your own -# stylesheet in the HTML output directory as well, or it will be erased! - -HTML_STYLESHEET = - -# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, -# files or namespaces will be aligned in HTML using tables. If set to -# NO a bullet list will be used. - -HTML_ALIGN_MEMBERS = YES - -# If the GENERATE_HTMLHELP tag is set to YES, additional index files -# will be generated that can be used as input for tools like the -# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) -# of the generated HTML documentation. - -GENERATE_HTMLHELP = NO - -# If the GENERATE_DOCSET tag is set to YES, additional index files -# will be generated that can be used as input for Apple's Xcode 3 -# integrated development environment, introduced with OSX 10.5 (Leopard). -# To create a documentation set, doxygen will generate a Makefile in the -# HTML output directory. Running make will produce the docset in that -# directory and running "make install" will install the docset in -# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find -# it at startup. - -GENERATE_DOCSET = NO - -# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the -# feed. A documentation feed provides an umbrella under which multiple -# documentation sets from a single provider (such as a company or product suite) -# can be grouped. - -DOCSET_FEEDNAME = "Doxygen generated docs" - -# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that -# should uniquely identify the documentation set bundle. This should be a -# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen -# will append .docset to the name. - -DOCSET_BUNDLE_ID = org.doxygen.Project - -# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML -# documentation will contain sections that can be hidden and shown after the -# page has loaded. For this to work a browser that supports -# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox -# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). - -HTML_DYNAMIC_SECTIONS = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can -# be used to specify the file name of the resulting .chm file. You -# can add a path in front of the file if the result should not be -# written to the html output directory. - -CHM_FILE = - -# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can -# be used to specify the location (absolute path including file name) of -# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run -# the HTML help compiler on the generated index.hhp. - -HHC_LOCATION = - -# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag -# controls if a separate .chi index file is generated (YES) or that -# it should be included in the master .chm file (NO). - -GENERATE_CHI = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING -# is used to encode HtmlHelp index (hhk), content (hhc) and project file -# content. - -CHM_INDEX_ENCODING = - -# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag -# controls whether a binary table of contents is generated (YES) or a -# normal table of contents (NO) in the .chm file. - -BINARY_TOC = NO - -# The TOC_EXPAND flag can be set to YES to add extra items for group members -# to the contents of the HTML help documentation and to the tree view. - -TOC_EXPAND = NO - -# The DISABLE_INDEX tag can be used to turn on/off the condensed index at -# top of each HTML page. The value NO (the default) enables the index and -# the value YES disables it. - -DISABLE_INDEX = NO - -# This tag can be used to set the number of enum values (range [1..20]) -# that doxygen will group on one line in the generated HTML documentation. - -ENUM_VALUES_PER_LINE = 4 - -# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index -# structure should be generated to display hierarchical information. -# If the tag value is set to FRAME, a side panel will be generated -# containing a tree-like index structure (just like the one that -# is generated for HTML Help). For this to work a browser that supports -# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, -# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are -# probably better off using the HTML help feature. Other possible values -# for this tag are: HIERARCHIES, which will generate the Groups, Directories, -# and Class Hiererachy pages using a tree view instead of an ordered list; -# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which -# disables this behavior completely. For backwards compatibility with previous -# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE -# respectively. - -GENERATE_TREEVIEW = YES - -# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be -# used to set the initial width (in pixels) of the frame in which the tree -# is shown. - -TREEVIEW_WIDTH = 250 - -# Use this tag to change the font size of Latex formulas included -# as images in the HTML documentation. The default is 10. Note that -# when you change the font size after a successful doxygen run you need -# to manually remove any form_*.png images from the HTML output directory -# to force them to be regenerated. - -FORMULA_FONTSIZE = 10 - -#--------------------------------------------------------------------------- -# configuration options related to the LaTeX output -#--------------------------------------------------------------------------- - -# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will -# generate Latex output. - -GENERATE_LATEX = NO - -# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `latex' will be used as the default path. - -LATEX_OUTPUT = latex - -# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be -# invoked. If left blank `latex' will be used as the default command name. - -LATEX_CMD_NAME = latex - -# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to -# generate index for LaTeX. If left blank `makeindex' will be used as the -# default command name. - -MAKEINDEX_CMD_NAME = makeindex - -# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact -# LaTeX documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_LATEX = NO - -# The PAPER_TYPE tag can be used to set the paper type that is used -# by the printer. Possible values are: a4, a4wide, letter, legal and -# executive. If left blank a4wide will be used. - -PAPER_TYPE = a4wide - -# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX -# packages that should be included in the LaTeX output. - -EXTRA_PACKAGES = - -# The LATEX_HEADER tag can be used to specify a personal LaTeX header for -# the generated latex document. The header should contain everything until -# the first chapter. If it is left blank doxygen will generate a -# standard header. Notice: only use this tag if you know what you are doing! - -LATEX_HEADER = - -# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated -# is prepared for conversion to pdf (using ps2pdf). The pdf file will -# contain links (just like the HTML output) instead of page references -# This makes the output suitable for online browsing using a pdf viewer. - -PDF_HYPERLINKS = YES - -# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of -# plain latex in the generated Makefile. Set this option to YES to get a -# higher quality PDF documentation. - -USE_PDFLATEX = YES - -# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. -# command to the generated LaTeX files. This will instruct LaTeX to keep -# running if errors occur, instead of asking the user for help. -# This option is also used when generating formulas in HTML. - -LATEX_BATCHMODE = NO - -# If LATEX_HIDE_INDICES is set to YES then doxygen will not -# include the index chapters (such as File Index, Compound Index, etc.) -# in the output. - -LATEX_HIDE_INDICES = NO - -#--------------------------------------------------------------------------- -# configuration options related to the RTF output -#--------------------------------------------------------------------------- - -# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output -# The RTF output is optimized for Word 97 and may not look very pretty with -# other RTF readers or editors. - -GENERATE_RTF = NO - -# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `rtf' will be used as the default path. - -RTF_OUTPUT = rtf - -# If the COMPACT_RTF tag is set to YES Doxygen generates more compact -# RTF documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_RTF = NO - -# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated -# will contain hyperlink fields. The RTF file will -# contain links (just like the HTML output) instead of page references. -# This makes the output suitable for online browsing using WORD or other -# programs which support those fields. -# Note: wordpad (write) and others do not support links. - -RTF_HYPERLINKS = NO - -# Load stylesheet definitions from file. Syntax is similar to doxygen's -# config file, i.e. a series of assignments. You only have to provide -# replacements, missing definitions are set to their default value. - -RTF_STYLESHEET_FILE = - -# Set optional variables used in the generation of an rtf document. -# Syntax is similar to doxygen's config file. - -RTF_EXTENSIONS_FILE = - -#--------------------------------------------------------------------------- -# configuration options related to the man page output -#--------------------------------------------------------------------------- - -# If the GENERATE_MAN tag is set to YES (the default) Doxygen will -# generate man pages - -GENERATE_MAN = NO - -# The MAN_OUTPUT tag is used to specify where the man pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `man' will be used as the default path. - -MAN_OUTPUT = man - -# The MAN_EXTENSION tag determines the extension that is added to -# the generated man pages (default is the subroutine's section .3) - -MAN_EXTENSION = .3 - -# If the MAN_LINKS tag is set to YES and Doxygen generates man output, -# then it will generate one additional man file for each entity -# documented in the real man page(s). These additional files -# only source the real man page, but without them the man command -# would be unable to find the correct page. The default is NO. - -MAN_LINKS = NO - -#--------------------------------------------------------------------------- -# configuration options related to the XML output -#--------------------------------------------------------------------------- - -# If the GENERATE_XML tag is set to YES Doxygen will -# generate an XML file that captures the structure of -# the code including all documentation. - -GENERATE_XML = NO - -# The XML_OUTPUT tag is used to specify where the XML pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `xml' will be used as the default path. - -XML_OUTPUT = xml - -# The XML_SCHEMA tag can be used to specify an XML schema, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_SCHEMA = - -# The XML_DTD tag can be used to specify an XML DTD, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_DTD = - -# If the XML_PROGRAMLISTING tag is set to YES Doxygen will -# dump the program listings (including syntax highlighting -# and cross-referencing information) to the XML output. Note that -# enabling this will significantly increase the size of the XML output. - -XML_PROGRAMLISTING = YES - -#--------------------------------------------------------------------------- -# configuration options for the AutoGen Definitions output -#--------------------------------------------------------------------------- - -# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will -# generate an AutoGen Definitions (see autogen.sf.net) file -# that captures the structure of the code including all -# documentation. Note that this feature is still experimental -# and incomplete at the moment. - -GENERATE_AUTOGEN_DEF = NO - -#--------------------------------------------------------------------------- -# configuration options related to the Perl module output -#--------------------------------------------------------------------------- - -# If the GENERATE_PERLMOD tag is set to YES Doxygen will -# generate a Perl module file that captures the structure of -# the code including all documentation. Note that this -# feature is still experimental and incomplete at the -# moment. - -GENERATE_PERLMOD = NO - -# If the PERLMOD_LATEX tag is set to YES Doxygen will generate -# the necessary Makefile rules, Perl scripts and LaTeX code to be able -# to generate PDF and DVI output from the Perl module output. - -PERLMOD_LATEX = NO - -# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be -# nicely formatted so it can be parsed by a human reader. This is useful -# if you want to understand what is going on. On the other hand, if this -# tag is set to NO the size of the Perl module output will be much smaller -# and Perl will parse it just the same. - -PERLMOD_PRETTY = YES - -# The names of the make variables in the generated doxyrules.make file -# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. -# This is useful so different doxyrules.make files included by the same -# Makefile don't overwrite each other's variables. - -PERLMOD_MAKEVAR_PREFIX = - -#--------------------------------------------------------------------------- -# Configuration options related to the preprocessor -#--------------------------------------------------------------------------- - -# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will -# evaluate all C-preprocessor directives found in the sources and include -# files. - -ENABLE_PREPROCESSING = YES - -# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro -# names in the source code. If set to NO (the default) only conditional -# compilation will be performed. Macro expansion can be done in a controlled -# way by setting EXPAND_ONLY_PREDEF to YES. - -MACRO_EXPANSION = NO - -# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES -# then the macro expansion is limited to the macros specified with the -# PREDEFINED and EXPAND_AS_DEFINED tags. - -EXPAND_ONLY_PREDEF = NO - -# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files -# in the INCLUDE_PATH (see below) will be search if a #include is found. - -SEARCH_INCLUDES = YES - -# The INCLUDE_PATH tag can be used to specify one or more directories that -# contain include files that are not input files but should be processed by -# the preprocessor. - -INCLUDE_PATH = - -# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard -# patterns (like *.h and *.hpp) to filter out the header-files in the -# directories. If left blank, the patterns specified with FILE_PATTERNS will -# be used. - -INCLUDE_FILE_PATTERNS = - -# The PREDEFINED tag can be used to specify one or more macro names that -# are defined before the preprocessor is started (similar to the -D option of -# gcc). The argument of the tag is a list of macros of the form: name -# or name=definition (no spaces). If the definition and the = are -# omitted =1 is assumed. To prevent a macro definition from being -# undefined via #undef or recursively expanded use the := operator -# instead of the = operator. - -PREDEFINED = - -# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then -# this tag can be used to specify a list of macro names that should be expanded. -# The macro definition that is found in the sources will be used. -# Use the PREDEFINED tag if you want to use a different macro definition. - -EXPAND_AS_DEFINED = - -# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then -# doxygen's preprocessor will remove all function-like macros that are alone -# on a line, have an all uppercase name, and do not end with a semicolon. Such -# function macros are typically used for boiler-plate code, and will confuse -# the parser if not removed. - -SKIP_FUNCTION_MACROS = YES - -#--------------------------------------------------------------------------- -# Configuration::additions related to external references -#--------------------------------------------------------------------------- - -# The TAGFILES option can be used to specify one or more tagfiles. -# Optionally an initial location of the external documentation -# can be added for each tagfile. The format of a tag file without -# this location is as follows: -# TAGFILES = file1 file2 ... -# Adding location for the tag files is done as follows: -# TAGFILES = file1=loc1 "file2 = loc2" ... -# where "loc1" and "loc2" can be relative or absolute paths or -# URLs. If a location is present for each tag, the installdox tool -# does not have to be run to correct the links. -# Note that each tag file must have a unique name -# (where the name does NOT include the path) -# If a tag file is not located in the directory in which doxygen -# is run, you must also specify the path to the tagfile here. - -TAGFILES = - -# When a file name is specified after GENERATE_TAGFILE, doxygen will create -# a tag file that is based on the input files it reads. - -GENERATE_TAGFILE = - -# If the ALLEXTERNALS tag is set to YES all external classes will be listed -# in the class index. If set to NO only the inherited external classes -# will be listed. - -ALLEXTERNALS = NO - -# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed -# in the modules index. If set to NO, only the current project's groups will -# be listed. - -EXTERNAL_GROUPS = YES - -# The PERL_PATH should be the absolute path and name of the perl script -# interpreter (i.e. the result of `which perl'). - -PERL_PATH = /usr/bin/perl - -#--------------------------------------------------------------------------- -# Configuration options related to the dot tool -#--------------------------------------------------------------------------- - -# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will -# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base -# or super classes. Setting the tag to NO turns the diagrams off. Note that -# this option is superseded by the HAVE_DOT option below. This is only a -# fallback. It is recommended to install and use dot, since it yields more -# powerful graphs. - -CLASS_DIAGRAMS = YES - -# You can define message sequence charts within doxygen comments using the \msc -# command. Doxygen will then run the mscgen tool (see -# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the -# documentation. The MSCGEN_PATH tag allows you to specify the directory where -# the mscgen tool resides. If left empty the tool is assumed to be found in the -# default search path. - -MSCGEN_PATH = - -# If set to YES, the inheritance and collaboration graphs will hide -# inheritance and usage relations if the target is undocumented -# or is not a class. - -HIDE_UNDOC_RELATIONS = YES - -# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is -# available from the path. This tool is part of Graphviz, a graph visualization -# toolkit from AT&T and Lucent Bell Labs. The other options in this section -# have no effect if this option is set to NO (the default) - -HAVE_DOT = YES - -# By default doxygen will write a font called FreeSans.ttf to the output -# directory and reference it in all dot files that doxygen generates. This -# font does not include all possible unicode characters however, so when you need -# these (or just want a differently looking font) you can specify the font name -# using DOT_FONTNAME. You need need to make sure dot is able to find the font, -# which can be done by putting it in a standard location or by setting the -# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory -# containing the font. - -DOT_FONTNAME = FreeSans - -# By default doxygen will tell dot to use the output directory to look for the -# FreeSans.ttf font (which doxygen will put there itself). If you specify a -# different font using DOT_FONTNAME you can set the path where dot -# can find it using this tag. - -DOT_FONTPATH = - -# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect inheritance relations. Setting this tag to YES will force the -# the CLASS_DIAGRAMS tag to NO. - -CLASS_GRAPH = YES - -# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect implementation dependencies (inheritance, containment, and -# class references variables) of the class with other documented classes. - -COLLABORATION_GRAPH = YES - -# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for groups, showing the direct groups dependencies - -GROUP_GRAPHS = YES - -# If the UML_LOOK tag is set to YES doxygen will generate inheritance and -# collaboration diagrams in a style similar to the OMG's Unified Modeling -# Language. - -UML_LOOK = NO - -# If set to YES, the inheritance and collaboration graphs will show the -# relations between templates and their instances. - -TEMPLATE_RELATIONS = NO - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT -# tags are set to YES then doxygen will generate a graph for each documented -# file showing the direct and indirect include dependencies of the file with -# other documented files. - -INCLUDE_GRAPH = YES - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and -# HAVE_DOT tags are set to YES then doxygen will generate a graph for each -# documented header file showing the documented files that directly or -# indirectly include this file. - -INCLUDED_BY_GRAPH = YES - -# If the CALL_GRAPH and HAVE_DOT options are set to YES then -# doxygen will generate a call dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable call graphs -# for selected functions only using the \callgraph command. - -CALL_GRAPH = YES - -# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then -# doxygen will generate a caller dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable caller -# graphs for selected functions only using the \callergraph command. - -CALLER_GRAPH = NO - -# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen -# will graphical hierarchy of all classes instead of a textual one. - -GRAPHICAL_HIERARCHY = YES - -# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES -# then doxygen will show the dependencies a directory has on other directories -# in a graphical way. The dependency relations are determined by the #include -# relations between the files in the directories. - -DIRECTORY_GRAPH = YES - -# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images -# generated by dot. Possible values are png, jpg, or gif -# If left blank png will be used. - -DOT_IMAGE_FORMAT = png - -# The tag DOT_PATH can be used to specify the path where the dot tool can be -# found. If left blank, it is assumed the dot tool can be found in the path. - -DOT_PATH = - -# The DOTFILE_DIRS tag can be used to specify one or more directories that -# contain dot files that are included in the documentation (see the -# \dotfile command). - -DOTFILE_DIRS = - -# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of -# nodes that will be shown in the graph. If the number of nodes in a graph -# becomes larger than this value, doxygen will truncate the graph, which is -# visualized by representing a node as a red box. Note that doxygen if the -# number of direct children of the root node in a graph is already larger than -# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note -# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. - -DOT_GRAPH_MAX_NODES = 50 - -# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the -# graphs generated by dot. A depth value of 3 means that only nodes reachable -# from the root by following a path via at most 3 edges will be shown. Nodes -# that lay further from the root node will be omitted. Note that setting this -# option to 1 or 2 may greatly reduce the computation time needed for large -# code bases. Also note that the size of a graph can be further restricted by -# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. - -MAX_DOT_GRAPH_DEPTH = 0 - -# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent -# background. This is enabled by default, which results in a transparent -# background. Warning: Depending on the platform used, enabling this option -# may lead to badly anti-aliased labels on the edges of a graph (i.e. they -# become hard to read). - -DOT_TRANSPARENT = YES - -# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output -# files in one run (i.e. multiple -o and -T options on the command line). This -# makes dot run faster, but since only newer versions of dot (>1.8.10) -# support this, this feature is disabled by default. - -DOT_MULTI_TARGETS = NO - -# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will -# generate a legend page explaining the meaning of the various boxes and -# arrows in the dot generated graphs. - -GENERATE_LEGEND = YES - -# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will -# remove the intermediate dot files that are used to generate -# the various graphs. - -DOT_CLEANUP = YES - -#--------------------------------------------------------------------------- -# Configuration::additions related to the search engine -#--------------------------------------------------------------------------- - -# The SEARCHENGINE tag specifies whether or not a search engine should be -# used. If set to NO the values of all tags below this one will be ignored. - -SEARCHENGINE = NO diff --git a/lib/radius/examples/Makefile b/lib/radius/examples/Makefile deleted file mode 100644 index f39c343..0000000 --- a/lib/radius/examples/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# -# GNU Makefile -# -.PHONY: all clean install - -SRCS = example_1.c example_2.c example_3.c example_4.c - -OBJS := ${SRCS:.c=.o} -PROGRAMS := ${SRCS:.c=} - -all: ${PROGRAMS} - -HEADERS := ../client.h ../radius.h - -${OBJS}: ${HEADERS} - -$(info ${PROGRAMS} ${OBJS}) - -${PROGRAMS}: ../libnetworkradius-client.a - - -%.o : %.c - $(CC) $(CFLAGS) -I.. -I. -c $< - -%.o: ${HEADERS} - -LDFLAGS = -L.. -lnetworkradius-client -lcrypto -lssl -CFLAGS = -I.. - -../libnetworkradius-client.a: - @${MAKE} -C .. libnetworkradius-client.a - -radsample.o: radsample.c ${HEADERS} nr_vp_create.c nr_packet_send.c - -#radsample: radsample.o ../libnetworkradius-client.a -# ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -sample_chap.o: sample_chap.c ${HEADERS} - -sample_chap: sample_chap.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -radsample2.o: radsample2.c ${HEADERS} nr_vp_create.c - -radsample2: radsample2.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -radsample3.o: radsample3.c ${HEADERS} nr_transmit.c nr_server_t.c nr_vp_create.c - -radsample3: radsample3.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -clean: - @rm -rf *.o *.a *~ diff --git a/lib/radius/examples/example_1.c b/lib/radius/examples/example_1.c deleted file mode 100644 index 265c880..0000000 --- a/lib/radius/examples/example_1.c +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_1.c - * \brief Sample code to initialize a RADIUS packet. - * - * This example initializes a packet, and then adds User-Name and - * User-Password to it. The resulting packet is then printed to the - * standard output. - */ - -static const char *secret = "testing123"; -static uint8_t request_buffer[RS_MAX_PACKET_LEN]; -static uint8_t response_buffer[RS_MAX_PACKET_LEN]; -static RADIUS_PACKET request, response; - -int main(int argc, const char *argv[]) -{ - ssize_t rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_PASSWORD, - password, 0); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_decode(&request, NULL); - if (rcode < 0) goto error; - - nr_vp_fprintf_list(stdout, request.vps); - nr_vp_free(&request.vps); - - return 0; -} diff --git a/lib/radius/examples/example_2.c b/lib/radius/examples/example_2.c deleted file mode 100644 index 0a58523..0000000 --- a/lib/radius/examples/example_2.c +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_2.c - * \brief Sample code to initialize a RADIUS packet. - * - * This example initializes a packet, and then adds User-Name and - * CHAP-Password to it. The resulting packet is then printed to the - * standard output. - */ - -static const char *secret = "testing123"; -static uint8_t request_buffer[RS_MAX_PACKET_LEN]; -static uint8_t response_buffer[RS_MAX_PACKET_LEN]; -static RADIUS_PACKET request, response; - -int main(int argc, const char *argv[]) -{ - int rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error: %s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_CHAP_PASSWORD, - password, strlen(password)); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_decode(&request, NULL); - if (rcode < 0) goto error; - - nr_vp_fprintf_list(stdout, request.vps); - nr_vp_free(&request.vps); - - return 0; -} diff --git a/lib/radius/examples/example_3.c b/lib/radius/examples/example_3.c deleted file mode 100644 index 33fc671..0000000 --- a/lib/radius/examples/example_3.c +++ /dev/null @@ -1,123 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_3.c - * \brief Sample code to initialize a RADIUS packet and a response to it. - * - * This example initializes a packet, and then adds User-Name and - * User-Password to it. The resulting packet is then printed to the - * standard output. - * - * As a next step, it then creates the response, and prints that, - * too. - */ - -static const char *secret = "testing123"; -static uint8_t request_buffer[RS_MAX_PACKET_LEN]; -static uint8_t response_buffer[RS_MAX_PACKET_LEN]; -static RADIUS_PACKET request, response; - -int main(int argc, const char *argv[]) -{ - int rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_PASSWORD, - password, 0); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, - response_buffer, sizeof(response_buffer)); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&response, &request, - RS_DA_REPLY_MESSAGE, - "Success!", 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&response, &request, - RS_DA_TUNNEL_PASSWORD, - password, 0); - if (rcode < 0) goto error; - rcode = nr_packet_sign(&response, &request); - if (rcode < 0) goto error; - - nr_packet_print_hex(&response); - - /* - * Check that the response is well-formed. The - * nr_packet_verify() function also calls nr_packet_ok(). - * However, it is sometimes useful to separate "malformed - * packet" errors from "packet is not a response to a - * reqeust" errors. - */ - rcode = nr_packet_ok(&response); - if (rcode < 0) goto error; - - /* - * Double-check the signature of the response. - */ - rcode = nr_packet_verify(&response, &request); - if (rcode < 0) goto error; - - rcode = nr_packet_decode(&response, &request); - if (rcode < 0) goto error; - - nr_vp_fprintf_list(stdout, response.vps); - nr_vp_free(&response.vps); - - return 0; -} diff --git a/lib/radius/examples/example_4.c b/lib/radius/examples/example_4.c deleted file mode 100644 index 2dadc89..0000000 --- a/lib/radius/examples/example_4.c +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -/** \file example_4.c - * \brief Allocate and manage multiple packets. - */ - -static const char *secret = "testing123"; -static nr_server_t server; - -int main(int argc, const char *argv[]) -{ - int rcode; - const char *user = "bob"; - const char *password = "password"; - - rcode = nr_packet_init(&request, NULL, secret, PW_ACCESS_REQUEST, - request_buffer, sizeof(request_buffer)); - if (rcode < 0) { - error: - fprintf(stderr, "Error :%s\n", nr_strerror(rcode)); - return 1; - } - - if (argc > 1) user = argv[1]; - if (argc > 2) password = argv[2]; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_NAME, - user, 0); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&request, NULL, - RS_DA_USER_PASSWORD, - password, 0); - if (rcode < 0) goto error; - - /* - * ALWAYS call nr_packet_sign() before sending the packet - * to anyone else! - */ - rcode = nr_packet_sign(&request, NULL); - if (rcode < 0) goto error; - - nr_packet_print_hex(&request); - - rcode = nr_packet_init(&response, &request, secret, PW_ACCESS_ACCEPT, - response_buffer, sizeof(response_buffer)); - if (rcode < 0) goto error; - - rcode = nr_packet_attr_append(&response, &request, - RS_DA_REPLY_MESSAGE, - "Success!", 0); - if (rcode < 0) goto error; - - rcode = nr_packet_sign(&response, &request); - if (rcode < 0) goto error; - - nr_packet_print_hex(&response); - - /* - * Double-check the signature of the response. - */ - rcode = nr_packet_verify(&response, &request); - if (rcode < 0) goto error; - - return 0; -} diff --git a/lib/radius/examples/nr_vp_create.c b/lib/radius/examples/nr_vp_create.c deleted file mode 100644 index bd04f17..0000000 --- a/lib/radius/examples/nr_vp_create.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * The person or persons who have associated work with this document - * (the "Dedicator" or "Certifier") hereby either (a) certifies that, - * to the best of his knowledge, the work of authorship identified is - * in the public domain of the country from which the work is - * published, or (b) hereby dedicates whatever copyright the - * dedicators holds in the work of authorship identified below (the - * "Work") to the public domain. A certifier, moreover, dedicates any - * copyright interest he may have in the associated work, and for - * these purposes, is described as a "dedicator" below. - * - * A certifier has taken reasonable steps to verify the copyright - * status of this work. Certifier recognizes that his good faith - * efforts may not shield him from liability if in fact the work - * certified is not in the public domain. - * - * Dedicator makes this dedication for the benefit of the public at - * large and to the detriment of the Dedicator's heirs and - * successors. Dedicator intends this dedication to be an overt act of - * relinquishment in perpetuity of all present and future rights under - * copyright law, whether vested or contingent, in the Work. Dedicator - * understands that such relinquishment of all rights includes the - * relinquishment of all rights to enforce (by lawsuit or otherwise) - * those copyrights in the Work. - * - * Dedicator recognizes that, once placed in the public domain, the - * Work may be freely reproduced, distributed, transmitted, used, - * modified, built upon, or otherwise exploited by anyone for any - * purpose, commercial or non-commercial, and in any way, including by - * methods that have not yet been invented or conceived. - */ - -static VALUE_PAIR *example_nr_vp_create(void) -{ - VALUE_PAIR *vp; - VALUE_PAIR *head = NULL; - - /* - * Create the request contents. - */ - vp = nr_vp_create(PW_USER_NAME, 0, "bob", 4); - if (!vp) { - fprintf(stderr, "User-Name: %s\n", nr_strerror(0)); - exit(1); - } - nr_vps_append(&head, vp); - - /* - * The User-Password attribute is automatically encrypted - * when being placed in the packet. This version stays - * untouched, and should be "plain text". - */ - vp = nr_vp_create(PW_USER_PASSWORD, 0, "hello", 6); - if (!vp) { - fprintf(stderr, "User-Password: %s\n", nr_strerror(0)); - exit(1); - } - nr_vps_append(&head, vp); - - return head; -} diff --git a/lib/radius/header.pl b/lib/radius/header.pl deleted file mode 100755 index c366612..0000000 --- a/lib/radius/header.pl +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env perl -###################################################################### -# Copyright (c) 2011, Network RADIUS SARL -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the <organization> nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -###################################################################### -# -# Converts dictionaries to C defines. Does not yet do "VALUE"s. -# -# $Id$ -# -require "common.pl"; - -while (@ARGV) { - $filename = shift; - do_file($filename); -} - - -print "/* Automatically generated file. Do not edit */\n\n"; - -foreach $v (sort keys %vendor) { - $name = $v; - $name =~ tr/a-z/A-Z/; # uppercase - $name =~ tr/A-Z0-9/_/c; # any ELSE becomes _ - - print "#define VENDORPEC_", $name, " ", $vendor{$v}{'pec'}, "\n"; -} -print "\n"; - -$begin_vendor = -1; -foreach $attr_val (sort {$a <=> $b} keys %attributes) { - if ($attributes{$attr_val}{'vendor'} != $begin_vendor) { - print "\n/* ", $vendorpec{$attributes{$attr_val}{'vendor'}}, " */\n"; - $begin_vendor = $attributes{$attr_val}{'vendor'}; - } - - $name = $attributes{$attr_val}{'name'}; - $name =~ tr/a-z/A-Z/; - $name =~ tr/A-Z0-9/_/c; - - print "#define PW_", $name, " ", $attributes{$attr_val}{'value'}, "\n"; -} -print "\n\n"; - -print "/* Automatically generated file. Do not edit */\n"; - diff --git a/lib/radius/id.c b/lib/radius/id.c deleted file mode 100644 index 4ccd032..0000000 --- a/lib/radius/id.c +++ /dev/null @@ -1,181 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "client.h" - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -/** \file id.c - * \brief Handling of ID allocation / freeing - * - */ - -static int find_id(nr_server_t *s) -{ - int i; - uint32_t lvalue; - - if ((s->used < 0) || (s->used > 256)) return -RSE_INTERNAL; - - /* - * Ensure that the ID allocation is random. - */ - lvalue = nr_rand(); - - for (i = 0; i < 256; i++) { - int offset = (i + lvalue) & 0xff; - - if (!s->ids[offset]) return offset; - } - - nr_strerror_printf("Out of IDs for server"); - return -1; -} - -int nr_server_id_alloc(nr_server_t *s, RADIUS_PACKET *packet) -{ - int new_id; - - if (!s || !packet) return -RSE_INVAL; - - new_id = find_id(s); - if (new_id < 0) return -new_id; - - s->ids[new_id] = packet; - s->used++; - packet->sockfd = s->sockfd; - packet->code = s->code; - packet->src = s->src; - packet->dst = s->dst; - packet->id = new_id; - - return 0; -} - -int nr_server_id_free(nr_server_t *s, RADIUS_PACKET *packet) -{ - if (!s || !packet) return -RSE_INVAL; - - if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { - return -RSE_INVAL; - } - - if (s->ids[packet->id] != packet) return -RSE_INTERNAL; - - s->ids[packet->id] = NULL; - s->used--; - packet->sockfd = -1; - - return 0; -} - -int nr_server_id_realloc(nr_server_t *s, RADIUS_PACKET *packet) -{ - int new_id; - - if (!s || !packet) return -RSE_INVAL; - - if ((packet->id < 0) || (packet->id > 255) || !s->ids[packet->id]) { - return -RSE_INVAL; - } - - if (s->ids[packet->id] != packet) return -RSE_INTERNAL; - - new_id = find_id(s); - if (new_id < 0) return new_id; - - s->ids[packet->id] = NULL; - packet->id = new_id; - s->ids[packet->id] = packet; - - return 0; -} - - -int nr_server_init(nr_server_t *s, int code, const char *secret) -{ - if (!s || !secret || !*secret || - (code == 0) || (code > RS_MAX_PACKET_CODE)) { - return -RSE_INVAL; - } - - memset(s, 0, sizeof(*s)); - - s->sockfd = -1; - s->code = code; - s->secret = secret; - s->sizeof_secret = strlen(secret); - s->src.ss_family = AF_UNSPEC; - s->dst.ss_family = AF_UNSPEC; - - return 0; -} - - -int nr_server_close(const nr_server_t *s) -{ - if (!s) return -RSE_INVAL; - - if (s->used > 0) return -RSE_INUSE; - - if (s->sockfd >= 0) evutil_closesocket(s->sockfd); - - return 0; -} - -int nr_server_packet_alloc(const nr_server_t *s, RADIUS_PACKET **packet_p) -{ - int rcode; - RADIUS_PACKET *packet; - - if (!packet_p) return -RSE_INVAL; - - packet = malloc(sizeof(*packet) + RS_MAX_PACKET_LEN); - if (!packet) return -RSE_NOMEM; - - memset(packet, 0, sizeof(*packet)); - - if (!s) { - packet->data = (uint8_t *)(packet + 1); - packet->sizeof_data = RS_MAX_PACKET_LEN; - - *packet_p = packet; - return 0; - } - - rcode = nr_packet_init(packet, NULL, s->secret, s->code, - (uint8_t *)(packet + 1), RS_MAX_PACKET_LEN); - if (rcode < 0) { - free(packet); - return rcode; - } - - *packet_p = packet; - return 0; -} diff --git a/lib/radius/parse.c b/lib/radius/parse.c deleted file mode 100644 index 8446306..0000000 --- a/lib/radius/parse.c +++ /dev/null @@ -1,149 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file parse.c - * \brief Routines to parse strings into internal data structures - */ - -#include "client.h" - -#ifdef HAVE_ARPA_INET_H -#include <arpa/inet.h> -#endif - -ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value) -{ - char *end; - - switch (vp->da->type) { - case RS_TYPE_STRING: { - size_t len = strlen(value); - - if (len >= RS_MAX_STRING_LEN) - return -RSE_ATTR_TOO_LARGE; - - memcpy(vp->vp_strvalue, value, len + 1); - return (vp->length = len); - } - case RS_TYPE_DATE: - case RS_TYPE_INTEGER: - vp->vp_integer = strtoul(value, &end, 10); - if ((value == end) || (*end != '\0')) { - nr_debug_error("Invalid value"); - return -RSE_ATTR_VALUE_MALFORMED; - } - return (end - value); - - case RS_TYPE_IPADDR: - if (inet_pton(AF_INET, value, &vp->vp_ipaddr) < 0) { - return -RSE_NOSYS; - } - return strlen(value); - -#ifdef RS_TYPE_IPV6ADDR - case RS_TYPE_IPV6ADDR: - if (inet_pton(AF_INET6, value, &vp-vp>ipv6addr) < 0) { - return -RSE_NOSYS; - } - return strlen(value); -#endif - -#ifdef RS_TYPE_IFID - case RS_TYPE_IFID: - { - int i, array[8]; - - if (sscanf(value, "%02x%02x%02x%02x%02x%02x%02x%02x", - &array[0], &array[1], &array[2], &array[3], - &array[4], &array[5], &array[6], &array[7]) != 8) { - return -RSE_SYSTEM; - } - - for (i = 0; i < 8; i++) vp->vp_ifid[i] = array[i] & 0xff; - - } - break; -#endif - - default: - nr_debug_error("Invalid type"); - return -RSE_ATTR_TYPE_UNKNOWN; - } - - return 0; -} - -int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp) -{ - int rcode; - const char *p; - char *q; - const DICT_ATTR *da; - VALUE_PAIR *vp; - char buffer[256]; - - if (!string || !pvp) return -RSE_INVAL; - - p = string; - q = buffer; - while (*p && (*p != ' ') && (*p != '=')) { - *(q++) = *(p++); - } - *q = '\0'; - - if (q == buffer) { - nr_debug_error("No Attribute name"); - return -RSE_ATTR_BAD_NAME; - } - - da = nr_dict_attr_byname(buffer); - if (!da) { - nr_debug_error("Unknown attribute \"%s\"", buffer); - return -RSE_ATTR_UNKNOWN; - } - - while (*p == ' ') p++; - if (*p != '=') { - nr_debug_error("Unexpected text after attribute name"); - return -RSE_ATTR_BAD_NAME; - } - - p++; - while (*p == ' ') p++; - - vp = nr_vp_alloc(da); - if (!vp) return -RSE_NOMEM; - - rcode = nr_vp_sscanf_value(vp, p); - if (rcode < 0) { - nr_vp_free(&vp); - return rcode; - } - - *pvp = vp; - return 0; -} diff --git a/lib/radius/print.c b/lib/radius/print.c deleted file mode 100644 index 6fa06d7..0000000 --- a/lib/radius/print.c +++ /dev/null @@ -1,227 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file print.c - * \brief Functions to print things. - */ - -#include "client.h" -#include <string.h> -#ifdef RS_TYPE_IPV6ADDR -#include <arpa/inet.h> -#endif - -#ifndef NDEBUG -void nr_packet_print_hex(RADIUS_PACKET *packet) -{ - int i; - - if (!packet->data) return; - - printf(" Code:\t\t%u\n", packet->data[0]); - printf(" Id:\t\t%u\n", packet->data[1]); - printf(" Length:\t%u\n", ((packet->data[2] << 8) | - (packet->data[3]))); - printf(" Vector:\t"); - for (i = 4; i < 20; i++) { - printf("%02x", packet->data[i]); - } - printf("\n"); - if ((packet->flags & RS_PACKET_SIGNED) == 0) printf("\t\tWARNING: nr_packet_sign() was not called!\n"); - - if (packet->length > 20) { - int total; - const uint8_t *ptr; - printf(" Data:"); - - total = packet->length - 20; - ptr = packet->data + 20; - - while (total > 0) { - int attrlen; - - printf("\t\t"); - if (total < 2) { /* too short */ - printf("%02x\n", *ptr); - break; - } - - if (ptr[1] > total) { /* too long */ - for (i = 0; i < total; i++) { - printf("%02x ", ptr[i]); - } - break; - } - - printf("%02x %02x ", ptr[0], ptr[1]); - attrlen = ptr[1] - 2; - ptr += 2; - total -= 2; - - for (i = 0; i < attrlen; i++) { - if ((i > 0) && ((i & 0x0f) == 0x00)) - printf("\t\t\t"); - printf("%02x ", ptr[i]); - if ((i & 0x0f) == 0x0f) printf("\n"); - } - - if (!attrlen || ((attrlen & 0x0f) != 0x00)) printf("\n"); - - ptr += attrlen; - total -= attrlen; - } - } - printf("\n"); - fflush(stdout); -} -#endif - -size_t nr_vp_snprintf_value(char *buffer, size_t buflen, const VALUE_PAIR *vp) -{ - size_t i, len; - char *p = buffer; - - switch (vp->da->type) { - case RS_TYPE_STRING: - /* - * FIXME: escape backslash && quotes! - */ - len = snprintf(p, buflen, "%s", vp->vp_strvalue); - break; - - case RS_TYPE_DATE: - case RS_TYPE_INTEGER: - case RS_TYPE_SHORT: - case RS_TYPE_BYTE: - len = snprintf(p, buflen, "%u", vp->vp_integer); - break; - - case RS_TYPE_IPADDR: - len = snprintf(p, buflen, "%u.%u.%u.%u", - (vp->vp_ipaddr >> 24) & 0xff, - (vp->vp_ipaddr >> 16) & 0xff, - (vp->vp_ipaddr >> 8) & 0xff, - vp->vp_ipaddr & 0xff); - break; - -#ifdef RS_TYPE_IPV6ADDR - case RS_TYPE_IPV6ADDR: - if (!inet_ntop(AF_INET6, &vp->vp_ipv6addr, buffer, buflen)) { - return -RSE_SYSTEM; - } - break; -#endif - -#ifdef RS_TYPE_IFID - case RS_TYPE_IFID: - len = snprintf(p, buflen, "%02x%02x%02x%02x%02x%02x%02x%02x", - vp->vp_ifid[0], vp->vp_ifid[1], - vp->vp_ifid[2], vp->vp_ifid[3], - vp->vp_ifid[4], vp->vp_ifid[5], - vp->vp_ifid[6], vp->vp_ifid[7]); - break; -#endif - - case RS_TYPE_OCTETS: - len = snprintf(p, buflen, "0x"); - if (len >= buflen) return 0; - - p += len; - buflen -= len; - - for (i = 0; i < vp->length; i++) { - len = snprintf(p, buflen, "%02x", vp->vp_octets[i]); - if (len >= buflen) return 0; - - p += len; - buflen -= len; - } - len = 0; - break; - - default: - len = 0; - break; - } - - if (len >= buflen) return 0; - - p += len; - buflen -= len; - - return p - buffer; -} - -size_t nr_vp_snprintf(char *buffer, size_t buflen, const VALUE_PAIR *vp) -{ - size_t len; - char *p = buffer; - - len = snprintf(p, buflen, "%s = ", vp->da->name); - if (len >= buflen) return 0; - - p += len; - buflen -= len; - - len = nr_vp_snprintf_value(p, buflen, vp); - if (len == 0) return 0; - - if (len >= buflen) return 0; - - p += len; - - return p - buffer; -} - -#ifndef NDEBUG -void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps) -{ - const VALUE_PAIR *vp; - char buffer[1024]; - - for (vp = vps; vp != NULL; vp = vp->next) { - nr_vp_snprintf(buffer, sizeof(buffer), vp); - fprintf(fp, "\t%s\n", buffer); - } -} -#endif - -/** \cond PRIVATE */ -#define NR_STRERROR_BUFSIZE (1024) -static char nr_strerror_buffer[NR_STRERROR_BUFSIZE]; - -void nr_strerror_printf(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - vsnprintf(nr_strerror_buffer, sizeof(nr_strerror_buffer), fmt, ap); - va_end(ap); - - fprintf(stderr, "ERROR: %s\n", nr_strerror_buffer); -} -/** \endcond */ - diff --git a/lib/radius/radpkt.c b/lib/radius/radpkt.c deleted file mode 100644 index d9486ea..0000000 --- a/lib/radius/radpkt.c +++ /dev/null @@ -1,920 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file packet.c - * \brief Encoding and decoding packets - */ - -#include "client.h" - -#if RS_MAX_PACKET_LEN < 64 -#error RS_MAX_PACKET_LEN is too small. It should be at least 64. -#endif - -#if RS_MAX_PACKET_LEN > 16384 -#error RS_MAX_PACKET_LEN is too large. It should be smaller than 16K. -#endif - -const char *nr_packet_codes[RS_MAX_PACKET_CODE + 1] = { - NULL, - "Access-Request", - "Access-Accept", - "Access-Reject", - "Accounting-Request", - "Accounting-Response", - NULL, NULL, NULL, NULL, NULL, - "Access-Challenge", - "Status-Server", /* 12 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 19 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 20..29 */ - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 30..39 */ - "Disconnect-Request", - "Disconnect-ACK", - "Disconnect-NAK", - "CoA-Request", - "CoA-ACK", - "CoA-NAK" -}; - - -static uint64_t allowed_responses[RS_MAX_PACKET_CODE + 1] = { - 0, - (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE), - 0, 0, - 1 << PW_ACCOUNTING_RESPONSE, - 0, - 0, 0, 0, 0, 0, - 0, - (1 << PW_ACCESS_ACCEPT) | (1 << PW_ACCESS_REJECT) | (1 << PW_ACCESS_CHALLENGE) | (1 << PW_ACCOUNTING_RESPONSE), - 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 20..29 */ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 30..39 */ - (((uint64_t) 1) << PW_DISCONNECT_ACK) | (((uint64_t) 1) << PW_DISCONNECT_NAK), - 0, - 0, - (((uint64_t) 1) << PW_COA_ACK) | (((uint64_t) 1) << PW_COA_NAK), - 0, - 0 -}; - - -int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data) -{ - size_t packet_len; - const uint8_t *attr, *end; - - if (!data || (sizeof_data < 20)) { - nr_debug_error("Invalid argument"); - return -RSE_INVAL; - } - - packet_len = (data[2] << 8) | data[3]; - if (packet_len < 20) { - nr_debug_error("Packet length is too small"); - return -RSE_PACKET_TOO_SMALL; - } - - if (packet_len > sizeof_data) { - nr_debug_error("Packet length overflows received data"); - return -RSE_PACKET_TOO_LARGE; - } - - /* - * If we receive 100 bytes, and the header says it's 20 bytes, - * then it's 20 bytes. - */ - end = data + packet_len; - - for (attr = data + 20; attr < end; attr += attr[1]) { - if ((attr + 2) > end) { - nr_debug_error("Attribute overflows packet"); - return -RSE_ATTR_OVERFLOW; - } - - if (attr[1] < 2) { - nr_debug_error("Attribute length is too small"); - return -RSE_ATTR_TOO_SMALL; - } - - if ((attr + attr[1]) > end) { - nr_debug_error("Attribute length is too large"); - return -RSE_ATTR_TOO_LARGE; - } - } - - return 0; -} - -int nr_packet_ok(RADIUS_PACKET *packet) -{ - int rcode; - - if (!packet) return -RSE_INVAL; - - if ((packet->flags & RS_PACKET_OK) != 0) return 0; - - rcode = nr_packet_ok_raw(packet->data, packet->length); - if (rcode < 0) return rcode; - - packet->flags |= RS_PACKET_OK; - return 0; -} - - -/* - * Comparison function that is time-independent. Using "memcmp" - * would satisfy the "comparison" part. However, it would also - * leak information about *which* bytes are wrong. Attackers - * could use that leak to create a "correct" RADIUS packet which - * will be accepted by the client and/or server. - */ -static int digest_cmp(const uint8_t *a, const uint8_t *b, size_t length) -{ - int result = 0; - size_t i; - - for (i = 0; i < length; i++) { - result |= (a[i] ^ b[i]); - } - - return result; -} - - -#ifdef PW_MESSAGE_AUTHENTICATOR -static int msg_auth_ok(const RADIUS_PACKET *original, - uint8_t *ma, - uint8_t *data, size_t length) -{ - uint8_t packet_vector[sizeof(original->vector)]; - uint8_t msg_auth_vector[sizeof(original->vector)]; - uint8_t calc_auth_vector[sizeof(original->vector)]; - - if (ma[1] != 18) { - nr_debug_error("Message-Authenticator has invalid length"); - return -RSE_MSG_AUTH_LEN; - } - - memcpy(packet_vector, data + 4, sizeof(packet_vector)); - memcpy(msg_auth_vector, ma + 2, sizeof(msg_auth_vector)); - memset(ma + 2, 0, sizeof(msg_auth_vector)); - - switch (data[0]) { - default: - break; - - case PW_ACCOUNTING_REQUEST: - case PW_ACCOUNTING_RESPONSE: - case PW_DISCONNECT_REQUEST: - case PW_DISCONNECT_ACK: - case PW_DISCONNECT_NAK: - case PW_COA_REQUEST: - case PW_COA_ACK: - case PW_COA_NAK: - memset(data + 4, 0, sizeof(packet_vector)); - break; - - case PW_ACCESS_ACCEPT: - case PW_ACCESS_REJECT: - case PW_ACCESS_CHALLENGE: - if (!original) { - nr_debug_error("Cannot validate response without request"); - return -RSE_REQUEST_REQUIRED; - } - memcpy(data + 4, original->vector, sizeof(original->vector)); - break; - } - - nr_hmac_md5(data, length, - (const uint8_t *) original->secret, original->sizeof_secret, - calc_auth_vector); - - memcpy(ma + 2, msg_auth_vector, sizeof(msg_auth_vector)); - memcpy(data + 4, packet_vector, sizeof(packet_vector)); - - if (digest_cmp(calc_auth_vector, msg_auth_vector, - sizeof(calc_auth_vector)) != 0) { - nr_debug_error("Invalid Message-Authenticator"); - return -RSE_MSG_AUTH_WRONG; - } - - return 1; -} -#endif - -/* - * The caller ensures that the packet codes are as expected. - */ -static int packet_auth_ok(const RADIUS_PACKET *original, - uint8_t *data, size_t length) -{ - uint8_t packet_vector[sizeof(original->vector)]; - uint8_t calc_digest[sizeof(original->vector)]; - RS_MD5_CTX ctx; - - if ((data[0] == PW_ACCESS_REQUEST) || - (data[0] == PW_STATUS_SERVER)) return 1; - - memcpy(packet_vector, data + 4, sizeof(packet_vector)); - - if (!original) { - memset(data + 4, 0, sizeof(packet_vector)); - } else { - memcpy(data + 4, original->vector, sizeof(original->vector)); - } - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, data, length); - RS_MD5Update(&ctx, (const unsigned char *)original->secret, original->sizeof_secret); - RS_MD5Final(calc_digest, &ctx); - - memcpy(data + 4, packet_vector, sizeof(packet_vector)); - - if (digest_cmp(calc_digest, packet_vector, - sizeof(packet_vector)) != 0) { - nr_debug_error("Invalid authentication vector"); - return -RSE_AUTH_VECTOR_WRONG; - } - - return 0; -} - - -int nr_packet_verify(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ - int rcode; - uint8_t *attr; -#ifdef PW_MESSAGE_AUTHENTICATOR - const uint8_t *end; -#endif - - if (!packet || !packet->data || !packet->secret) { - nr_debug_error("Invalid argument"); - return -RSE_INVAL; - } - - if ((packet->flags & RS_PACKET_VERIFIED) != 0) return 0; - - /* - * Packet isn't well formed. Ignore it. - */ - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - /* - * Get rid of improper packets as early as possible. - */ - if (original) { - uint64_t mask; - - if (original->code > RS_MAX_PACKET_CODE) { - nr_debug_error("Invalid original code %u", - original->code); - return -RSE_INVALID_REQUEST_CODE; - } - - if (packet->data[1] != original->id) { - nr_debug_error("Ignoring response with wrong ID %u", - packet->data[1]); - return -RSE_INVALID_RESPONSE_CODE; - } - - mask = 1; - mask <<= packet->data[0]; - - if ((allowed_responses[original->code] & mask) == 0) { - nr_debug_error("Ignoring response with wrong code %u", - packet->data[0]); - return -RSE_INVALID_RESPONSE_CODE; - } - - if ((memcmp(&packet->src, &original->dst, sizeof(packet->src)) != 0) && - (evutil_sockaddr_cmp((struct sockaddr *)&packet->src, (struct sockaddr *)&original->dst, 1) != 0)) { - nr_debug_error("Ignoring response from wrong IP/port"); - return -RSE_INVALID_RESPONSE_SRC; - } - - } else if (allowed_responses[packet->data[0]] != 0) { - nr_debug_error("Ignoring response without original"); - return -RSE_INVALID_RESPONSE_CODE; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - end = packet->data + packet->length; - - /* - * Note that the packet MUST be well-formed here. - */ - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { - rcode = msg_auth_ok(original, attr, - packet->data, packet->length); - if (rcode < 0) return rcode; - } - } -#endif - - /* - * Verify the packet authenticator. - */ - rcode = packet_auth_ok(original, packet->data, packet->length); - if (rcode < 0) return rcode; - - packet->flags |= RS_PACKET_VERIFIED; - - return 0; -} - - -int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ - int rcode, num_attributes; - uint8_t *data, *attr; - const uint8_t *end; - VALUE_PAIR **tail, *vp; - - if (!packet) return -RSE_INVAL; - - if ((packet->flags & RS_PACKET_DECODED) != 0) return 0; - - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - data = packet->data; - end = data + packet->length; - tail = &packet->vps; - num_attributes = 0; - - /* - * Loop over the packet, converting attrs to VPs. - */ - for (attr = data + 20; attr < end; attr += attr[1]) { - rcode = nr_attr2vp(packet, original, - attr, end - attr, &vp); - if (rcode < 0) { - nr_vp_free(&packet->vps); - return -rcode; - } - - *tail = vp; - while (vp) { - num_attributes++; - tail = &(vp->next); - vp = vp->next; - } - - if (num_attributes > RS_MAX_ATTRIBUTES) { - nr_debug_error("Too many attributes"); - nr_vp_free(&packet->vps); - return -RSE_TOO_MANY_ATTRS; - } - } - - packet->code = data[0]; - packet->id = data[1]; - memcpy(packet->vector, data + 4, sizeof(packet->vector)); - - packet->flags |= RS_PACKET_DECODED; - - return 0; -} - - -int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ -#ifdef PW_MESSAGE_AUTHENTICATOR - size_t ma = 0; - const uint8_t *attr, *end; -#endif - - if ((packet->flags & RS_PACKET_SIGNED) != 0) return 0; - - if ((packet->flags & RS_PACKET_ENCODED) == 0) { - int rcode; - - rcode = nr_packet_encode(packet, original); - if (rcode < 0) return rcode; - } - - if ((packet->code == PW_ACCESS_ACCEPT) || - (packet->code == PW_ACCESS_CHALLENGE) || - (packet->code == PW_ACCESS_REJECT)) { -#ifdef PW_MESSAGE_AUTHENTICATOR - if (!original) { - nr_debug_error("Original packet is required to create the Message-Authenticator"); - return -RSE_REQUEST_REQUIRED; - } -#endif - - memcpy(packet->data + 4, original->vector, - sizeof(original->vector)); - } else { - memcpy(packet->data + 4, packet->vector, - sizeof(packet->vector)); - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - end = packet->data + packet->length; - - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - if (attr[0] == PW_MESSAGE_AUTHENTICATOR) { - ma = (attr - packet->data); - break; - } - } - - /* - * Force all Access-Request packets to have a - * Message-Authenticator. - */ - if (!ma && ((packet->length + 18) <= packet->sizeof_data) && - ((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER))) { - ma = packet->length; - - packet->data[ma]= PW_MESSAGE_AUTHENTICATOR; - packet->data[ma + 1] = 18; - memset(&packet->data[ma + 2], 0, 16); - packet->length += 18; - } - - /* - * Reset the length. - */ - packet->data[2] = (packet->length >> 8) & 0xff; - packet->data[3] = packet->length & 0xff; - - /* - * Sign the Message-Authenticator && packet. - */ - if (ma) { - nr_hmac_md5(packet->data, packet->length, - (const uint8_t *) packet->secret, packet->sizeof_secret, - packet->data + ma + 2); - } -#endif - - /* - * Calculate the signature. - */ - if (!((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER))) { - RS_MD5_CTX ctx; - - RS_MD5Init(&ctx); - RS_MD5Update(&ctx, packet->data, packet->length); - RS_MD5Update(&ctx, (const unsigned char *)packet->secret, packet->sizeof_secret); - RS_MD5Final(packet->vector, &ctx); - } - - memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); - - packet->attempts = 0; - packet->flags |= RS_PACKET_SIGNED; - - return 0; -} - - -static int can_encode_packet(RADIUS_PACKET *packet, - const RADIUS_PACKET *original) -{ - if ((packet->code == 0) || - (packet->code > RS_MAX_PACKET_CODE) || - (original && (original->code > RS_MAX_PACKET_CODE))) { - nr_debug_error("Cannot send unknown packet code"); - return -RSE_INVALID_REQUEST_CODE; - } - - if (!nr_packet_codes[packet->code]) { - nr_debug_error("Cannot handle packet code %u", - packet->code); - return -RSE_INVALID_REQUEST_CODE; - } - -#ifdef NR_NO_MALLOC - if (!packet->data) { - nr_debug_error("No place to put packet"); - return -RSE_NO_PACKET_DATA; - } -#endif - - if (packet->sizeof_data < 20) { - nr_debug_error("The buffer is too small to encode the packet"); - return -RSE_PACKET_TOO_SMALL; - } - - /* - * Enforce request / response correlation. - */ - if (original) { - uint64_t mask; - - mask = 1; - mask <<= packet->code; - - if ((allowed_responses[original->code] & mask) == 0) { - nr_debug_error("Cannot encode response %u to packet %u", - packet->code, original->code); - return -RSE_INVALID_RESPONSE_CODE; - } - packet->id = original->id; - - } else if (allowed_responses[packet->code] == 0) { - nr_debug_error("Cannot encode response %u without original", - packet->code); - return -RSE_REQUEST_REQUIRED; - } - - return 0; -} - -static void encode_header(RADIUS_PACKET *packet) -{ - if ((packet->flags & RS_PACKET_HEADER) != 0) return; - - memset(packet->data, 0, 20); - packet->data[0] = packet->code; - packet->data[1] = packet->id; - packet->data[2] = 0; - packet->data[3] = 20; - packet->length = 20; - - /* - * Calculate a random authentication vector. - */ - if ((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER)) { - nr_rand_bytes(packet->vector, sizeof(packet->vector)); - } else { - memset(packet->vector, 0, sizeof(packet->vector)); - } - - memcpy(packet->data + 4, packet->vector, sizeof(packet->vector)); - - packet->flags |= RS_PACKET_HEADER; -} - -int nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original) -{ -#ifdef PW_MESSAGE_AUTHENTICATOR - size_t ma = 0; -#endif - int rcode; - ssize_t len; - const VALUE_PAIR *vp; - uint8_t *data, *end; - - if ((packet->flags & RS_PACKET_ENCODED) != 0) return 0; - - rcode = can_encode_packet(packet, original); - if (rcode < 0) return rcode; - - data = packet->data; - end = data + packet->sizeof_data; - - encode_header(packet); - data += 20; - - /* - * Encode each VALUE_PAIR - */ - vp = packet->vps; - while (vp) { -#ifdef PW_MESSAGE_AUTHENTICATOR - if (vp->da->attr == PW_MESSAGE_AUTHENTICATOR) { - ma = (data - packet->data); - } -#endif - len = nr_vp2attr(packet, original, &vp, - data, end - data); - if (len < 0) return len; - - if (len == 0) break; /* insufficient room to encode it */ - - data += data[1]; - } - -#ifdef PW_MESSAGE_AUTHENTICATOR - /* - * Always send a Message-Authenticator. - * - * We do *not* recommend removing this code. - */ - if (((packet->code == PW_ACCESS_REQUEST) || - (packet->code == PW_STATUS_SERVER)) && - !ma && - ((data + 18) <= end)) { - ma = (data - packet->data); - data[0] = PW_MESSAGE_AUTHENTICATOR; - data[1] = 18; - memset(data + 2, 0, 16); - data += data[1]; - } -#endif - - packet->length = data - packet->data; - - packet->data[2] = (packet->length >> 8) & 0xff; - packet->data[3] = packet->length & 0xff; - - packet->flags |= RS_PACKET_ENCODED; - - return packet->length; -} - - -/* - * Ensure that the nr_data2attr_t structure is filled in - * appropriately. This includes filling in a fake DICT_ATTR - * structure, if necessary. - */ -static int do_callback(void *ctx, nr_packet_walk_func_t callback, - int attr, int vendor, - const uint8_t *data, size_t sizeof_data) - -{ - int rcode; - const DICT_ATTR *da; - DICT_ATTR myda; - char buffer[64]; - - da = nr_dict_attr_byvalue(attr, vendor); - - /* - * The attribute is supposed to have a particular length, - * but does not. It is therefore malformed. - */ - if (da && (da->flags.length != 0) && - da->flags.length != sizeof_data) { - da = NULL; - } - - if (!da) { - rcode = nr_dict_attr_2struct(&myda, attr, vendor, - buffer, sizeof(buffer)); - - if (rcode < 0) return rcode; - da = &myda; - } - - rcode = callback(ctx, da, data, sizeof_data); - if (rcode < 0) return rcode; - - return 0; -} - - -int nr_packet_walk(RADIUS_PACKET *packet, void *ctx, - nr_packet_walk_func_t callback) -{ - int rcode; - uint8_t *attr; - const uint8_t *end; - - if (!packet || !callback) return -RSE_INVAL; - - rcode = nr_packet_ok(packet); - if (rcode < 0) return rcode; - - end = packet->data + packet->length; - - for (attr = packet->data + 20; attr < end; attr += attr[1]) { - int length, value; - int dv_type, dv_length; - uint32_t vendorpec; - const uint8_t *vsa; - const DICT_VENDOR *dv = NULL; - - vendorpec = 0; - value = attr[0]; - - if (value != PW_VENDOR_SPECIFIC) { - raw: - rcode = do_callback(ctx, callback, - attr[0], 0, - attr + 2, attr[1] - 2); - if (rcode < 0) return rcode; - continue; - } - - if (attr[1] < 6) goto raw; - memcpy(&vendorpec, attr + 2, 4); - vendorpec = ntohl(vendorpec); - - if (dv && (dv->vendor != vendorpec)) dv = NULL; - - if (!dv) dv = nr_dict_vendor_byvalue(vendorpec); - - if (dv) { - dv_type = dv->type; - dv_length = dv->length; - } else { - dv_type = 1; - dv_length = 1; - } - - /* - * Malformed: it's a raw attribute. - */ - if (nr_tlv_ok(attr + 6, attr[1] - 6, dv_type, dv_length) < 0) { - goto raw; - } - - for (vsa = attr + 6; vsa < attr + attr[1]; vsa += length) { - switch (dv_type) { - case 4: - value = (vsa[2] << 8) | vsa[3]; - break; - - case 2: - value = (vsa[0] << 8) | vsa[1]; - break; - - case 1: - value = vsa[0]; - break; - - default: - return -RSE_INTERNAL; - } - - switch (dv_length) { - case 0: - length = attr[1] - 6 - dv_type; - break; - - case 2: - case 1: - length = vsa[dv_type + dv_length - 1]; - break; - - default: - return -RSE_INTERNAL; - } - - rcode = do_callback(ctx, callback, - value, vendorpec, - vsa + dv_type + dv_length, - length - dv_type - dv_length); - if (rcode < 0) return rcode; - } - } - - return 0; -} - -int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret, int code, - void *data, size_t sizeof_data) -{ - int rcode; - - if ((code < 0) || (code > RS_MAX_PACKET_CODE)) { - return -RSE_INVALID_REQUEST_CODE; - } - - if (!data || (sizeof_data < 20)) return -RSE_INVAL; - - memset(packet, 0, sizeof(*packet)); - packet->secret = secret; - packet->sizeof_secret = secret ? strlen(secret) : 0; - packet->code = code; - packet->id = 0; - packet->data = data; - packet->sizeof_data = sizeof_data; - - rcode = can_encode_packet(packet, original); - if (rcode < 0) return rcode; - - encode_header(packet); - - return 0; -} - - -static int pack_eap(RADIUS_PACKET *packet, - const void *data, size_t data_len) -{ - uint8_t *attr, *end; - const uint8_t *eap; - size_t left; - - eap = data; - left = data_len; - attr = packet->data + packet->length; - end = attr + packet->sizeof_data; - - while (left > 253) { - if ((attr + 255) > end) return -RSE_ATTR_OVERFLOW; - - attr[0] = PW_EAP_MESSAGE; - attr[1] = 255; - memcpy(attr + 2, eap, 253); - attr += attr[1]; - eap += 253; - left -= 253; - } - - if ((attr + (2 + left)) > end) return -RSE_ATTR_OVERFLOW; - - attr[0] = PW_EAP_MESSAGE; - attr[1] = 2 + left; - memcpy(attr + 2, eap, left); - attr += attr[1]; - packet->length = attr - packet->data; - - return 0; -} - -ssize_t nr_packet_attr_append(RADIUS_PACKET *packet, - const RADIUS_PACKET *original, - const DICT_ATTR *da, - const void *data, size_t data_len) -{ - ssize_t rcode; - uint8_t *attr, *end; - VALUE_PAIR my_vp; - const VALUE_PAIR *vp; - - if (!packet || !da || !data) { - return -RSE_INVAL; - } - - if (data_len == 0) { - if (da->type != RS_TYPE_STRING) return -RSE_ATTR_TOO_SMALL; - - data_len = strlen(data); - } - - /* We're going to mark the whole packet as encoded so we - better not have any unencoded value-pairs attached. */ - if (packet->vps) - return -RSE_INVAL; - packet->flags |= RS_PACKET_ENCODED; - - attr = packet->data + packet->length; - end = attr + packet->sizeof_data; - - if ((attr + 2 + data_len) > end) { - return -RSE_ATTR_OVERFLOW; - } - - if ((da->flags.length != 0) && - (data_len != da->flags.length)) { - return -RSE_ATTR_VALUE_MALFORMED; - } - -#ifdef PW_EAP_MESSAGE - /* - * automatically split EAP-Message into multiple - * attributes. - */ - if (!da->vendor && (da->attr == PW_EAP_MESSAGE) && (data_len > 253)) { - return pack_eap(packet, data, data_len); - } -#endif - - if (data_len > 253) return -RSE_ATTR_TOO_LARGE; - - vp = nr_vp_init(&my_vp, da); - rcode = nr_vp_set_data(&my_vp, data, data_len); - if (rcode < 0) return rcode; - - /* - * Note that this function packs VSAs each into their own - * Vendor-Specific attribute. If this isn't what you - * want, use the version of the library with full support - * for TLVs, WiMAX, and extended attributes. - */ - rcode = nr_vp2attr(packet, original, &vp, attr, end - attr); - if (rcode <= 0) return rcode; - - packet->length += rcode; - - return rcode; -} diff --git a/lib/radius/share/dictionary.abfab.ietf b/lib/radius/share/dictionary.abfab.ietf deleted file mode 100644 index b60702c..0000000 --- a/lib/radius/share/dictionary.abfab.ietf +++ /dev/null @@ -1,4 +0,0 @@ -ATTRIBUTE GSS-Acceptor-Service-Name 164 string -ATTRIBUTE GSS-Acceptor-Host-Name 165 string -ATTRIBUTE GSS-Acceptor-Service-Specifics 166 string -ATTRIBUTE GSS-Acceptor-Realm-Name 167 string diff --git a/lib/radius/share/dictionary.juniper b/lib/radius/share/dictionary.juniper deleted file mode 100644 index 9aa5df4..0000000 --- a/lib/radius/share/dictionary.juniper +++ /dev/null @@ -1,23 +0,0 @@ -# -*- text -*- -# -# dictionary.juniper -# -# As posted to the list by Eric Kilfoil <ekilfoil@uslec.net> -# -# Version: $Id$ -# - -VENDOR Juniper 2636 - -BEGIN-VENDOR Juniper - -ATTRIBUTE Juniper-Local-User-Name 1 string -ATTRIBUTE Juniper-Allow-Commands 2 string -ATTRIBUTE Juniper-Deny-Commands 3 string -ATTRIBUTE Juniper-Allow-Configuration 4 string -ATTRIBUTE Juniper-Deny-Configuration 5 string -ATTRIBUTE Juniper-Interactive-Command 8 string -ATTRIBUTE Juniper-Configuration-Change 9 string -ATTRIBUTE Juniper-User-Permissions 10 string - -END-VENDOR Juniper diff --git a/lib/radius/share/dictionary.microsoft b/lib/radius/share/dictionary.microsoft deleted file mode 100644 index 034e5f0..0000000 --- a/lib/radius/share/dictionary.microsoft +++ /dev/null @@ -1,17 +0,0 @@ -# A minimal dictionary for Microsoft VSAs -# -VENDOR Microsoft 311 - -BEGIN-VENDOR Microsoft -ATTRIBUTE MS-CHAP-Response 1 octets -ATTRIBUTE MS-CHAP-Error 2 string -ATTRIBUTE MS-MPPE-Encryption-Policy 7 octets -ATTRIBUTE MS-MPPE-Encryption-Types 8 octets -ATTRIBUTE MS-CHAP-Domain 10 string -ATTRIBUTE MS-CHAP-Challenge 11 octets -ATTRIBUTE MS-CHAP-MPPE-Keys 12 octets encrypt=1 -ATTRIBUTE MS-MPPE-Send-Key 16 octets encrypt=2 -ATTRIBUTE MS-MPPE-Recv-Key 17 octets encrypt=2 -ATTRIBUTE MS-CHAP2-Response 25 octets -ATTRIBUTE MS-CHAP2-Success 26 octets -END-VENDOR Microsoft diff --git a/lib/radius/share/dictionary.txt b/lib/radius/share/dictionary.txt deleted file mode 100644 index e62f8b3..0000000 --- a/lib/radius/share/dictionary.txt +++ /dev/null @@ -1,136 +0,0 @@ -ATTRIBUTE User-Name 1 string -ATTRIBUTE User-Password 2 string encrypt=1 -ATTRIBUTE CHAP-Password 3 octets -ATTRIBUTE NAS-IP-Address 4 ipaddr -ATTRIBUTE NAS-Port 5 integer -ATTRIBUTE Service-Type 6 integer -ATTRIBUTE Framed-Protocol 7 integer -ATTRIBUTE Framed-IP-Address 8 ipaddr -ATTRIBUTE Framed-IP-Netmask 9 ipaddr -ATTRIBUTE Framed-Routing 10 integer -ATTRIBUTE Filter-Id 11 string -ATTRIBUTE Framed-MTU 12 integer -ATTRIBUTE Framed-Compression 13 integer -ATTRIBUTE Login-IP-Host 14 ipaddr -ATTRIBUTE Login-Service 15 integer -ATTRIBUTE Login-TCP-Port 16 integer -ATTRIBUTE Reply-Message 18 string -ATTRIBUTE Callback-Number 19 string -ATTRIBUTE Callback-Id 20 string -ATTRIBUTE Framed-Route 22 string -ATTRIBUTE Framed-IPX-Network 23 ipaddr -ATTRIBUTE State 24 octets -ATTRIBUTE Class 25 octets -ATTRIBUTE Vendor-Specific 26 octets -ATTRIBUTE Session-Timeout 27 integer -ATTRIBUTE Idle-Timeout 28 integer -ATTRIBUTE Termination-Action 29 integer -ATTRIBUTE Called-Station-Id 30 string -ATTRIBUTE Calling-Station-Id 31 string -ATTRIBUTE NAS-Identifier 32 string -ATTRIBUTE Proxy-State 33 octets -ATTRIBUTE Login-LAT-Service 34 string -ATTRIBUTE Login-LAT-Node 35 string -ATTRIBUTE Login-LAT-Group 36 octets -ATTRIBUTE Framed-AppleTalk-Link 37 integer -ATTRIBUTE Framed-AppleTalk-Network 38 integer -ATTRIBUTE Framed-AppleTalk-Zone 39 string -ATTRIBUTE CHAP-Challenge 60 octets -ATTRIBUTE NAS-Port-Type 61 integer -ATTRIBUTE Port-Limit 62 integer -ATTRIBUTE Login-LAT-Port 63 string -ATTRIBUTE Acct-Status-Type 40 integer -ATTRIBUTE Acct-Delay-Time 41 integer -ATTRIBUTE Acct-Input-Octets 42 integer -ATTRIBUTE Acct-Output-Octets 43 integer -ATTRIBUTE Acct-Session-Id 44 string -ATTRIBUTE Acct-Authentic 45 integer -ATTRIBUTE Acct-Session-Time 46 integer -ATTRIBUTE Acct-Input-Packets 47 integer -ATTRIBUTE Acct-Output-Packets 48 integer -ATTRIBUTE Acct-Terminate-Cause 49 integer -ATTRIBUTE Acct-Multi-Session-Id 50 string -ATTRIBUTE Acct-Link-Count 51 integer -ATTRIBUTE Acct-Tunnel-Connection 68 string -ATTRIBUTE Acct-Tunnel-Packets-Lost 86 integer -ATTRIBUTE Tunnel-Type 64 integer has_tag -ATTRIBUTE Tunnel-Medium-Type 65 integer has_tag -ATTRIBUTE Tunnel-Client-Endpoint 66 string has_tag -ATTRIBUTE Tunnel-Server-Endpoint 67 string has_tag -ATTRIBUTE Tunnel-Password 69 string has_tag,encrypt=2 -ATTRIBUTE Tunnel-Private-Group-Id 81 string has_tag -ATTRIBUTE Tunnel-Assignment-Id 82 string has_tag -ATTRIBUTE Tunnel-Preference 83 integer has_tag -ATTRIBUTE Tunnel-Client-Auth-Id 90 string has_tag -ATTRIBUTE Tunnel-Server-Auth-Id 91 string has_tag -ATTRIBUTE Acct-Input-Gigawords 52 integer -ATTRIBUTE Acct-Output-Gigawords 53 integer -ATTRIBUTE Event-Timestamp 55 date -ATTRIBUTE ARAP-Password 70 octets[16] -ATTRIBUTE ARAP-Features 71 octets[14] -ATTRIBUTE ARAP-Zone-Access 72 integer -ATTRIBUTE ARAP-Security 73 integer -ATTRIBUTE ARAP-Security-Data 74 string -ATTRIBUTE Password-Retry 75 integer -ATTRIBUTE Prompt 76 integer -ATTRIBUTE Connect-Info 77 string -ATTRIBUTE Configuration-Token 78 string -ATTRIBUTE EAP-Message 79 octets -ATTRIBUTE Message-Authenticator 80 octets -ATTRIBUTE ARAP-Challenge-Response 84 octets[8] -ATTRIBUTE Acct-Interim-Interval 85 integer -ATTRIBUTE NAS-Port-Id 87 string -ATTRIBUTE Framed-Pool 88 string -ATTRIBUTE NAS-IPv6-Address 95 ipv6addr -ATTRIBUTE Framed-Interface-Id 96 ifid -ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix -ATTRIBUTE Login-IPv6-Host 98 ipv6addr -ATTRIBUTE Framed-IPv6-Route 99 string -ATTRIBUTE Framed-IPv6-Pool 100 string -ATTRIBUTE Error-Cause 101 integer -ATTRIBUTE EAP-Key-Name 102 string -ATTRIBUTE Chargeable-User-Identity 89 string -ATTRIBUTE Egress-VLANID 56 integer -ATTRIBUTE Ingress-Filters 57 integer -ATTRIBUTE Egress-VLAN-Name 58 string -ATTRIBUTE User-Priority-Table 59 octets -ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix -ATTRIBUTE NAS-Filter-Rule 92 string -ATTRIBUTE Digest-Response 103 string -ATTRIBUTE Digest-Realm 104 string -ATTRIBUTE Digest-Nonce 105 string -ATTRIBUTE Digest-Response-Auth 106 string -ATTRIBUTE Digest-Nextnonce 107 string -ATTRIBUTE Digest-Method 108 string -ATTRIBUTE Digest-URI 109 string -ATTRIBUTE Digest-Qop 110 string -ATTRIBUTE Digest-Algorithm 111 string -ATTRIBUTE Digest-Entity-Body-Hash 112 string -ATTRIBUTE Digest-CNonce 113 string -ATTRIBUTE Digest-Nonce-Count 114 string -ATTRIBUTE Digest-Username 115 string -ATTRIBUTE Digest-Opaque 116 string -ATTRIBUTE Digest-Auth-Param 117 string -ATTRIBUTE Digest-AKA-Auts 118 string -ATTRIBUTE Digest-Domain 119 string -ATTRIBUTE Digest-Stale 120 string -ATTRIBUTE Digest-HA1 121 string -ATTRIBUTE SIP-AOR 122 string -ATTRIBUTE Operator-Name 126 string -ATTRIBUTE Location-Information 127 octets -ATTRIBUTE Location-Data 128 octets -ATTRIBUTE Basic-Location-Policy-Rules 129 octets -ATTRIBUTE Extended-Location-Policy-Rules 130 octets -ATTRIBUTE Location-Capable 131 integer -ATTRIBUTE Requested-Location-Info 132 integer -ATTRIBUTE Framed-Management 133 integer -ATTRIBUTE Management-Transport-Protection 134 integer -ATTRIBUTE Management-Policy-Id 135 string -ATTRIBUTE Management-Privilege-Level 136 integer -ATTRIBUTE PKM-SS-Cert 137 octets -ATTRIBUTE PKM-CA-Cert 138 octets -ATTRIBUTE PKM-Config-Settings 139 octets -ATTRIBUTE PKM-Cryptosuite-List 140 octets -ATTRIBUTE PKM-SAID 141 short -ATTRIBUTE PKM-SA-Descriptor 142 octets -ATTRIBUTE PKM-Auth-Key 143 octets diff --git a/lib/radius/share/dictionary.ukerna b/lib/radius/share/dictionary.ukerna deleted file mode 100644 index 7d9d22d..0000000 --- a/lib/radius/share/dictionary.ukerna +++ /dev/null @@ -1,20 +0,0 @@ -# -*- text -*- -# -# GSS-EAP VSAs -# -# $Id$ -# - -VENDOR UKERNA 25622 - -BEGIN-VENDOR UKERNA - -ATTRIBUTE GSS-Acceptor-Service-Name-VS 128 string -ATTRIBUTE GSS-Acceptor-Host-Name-VS 129 string -ATTRIBUTE GSS-Acceptor-Service-Specific-VS 130 string -ATTRIBUTE GSS-Acceptor-Realm-Name-VS 131 string -ATTRIBUTE SAML-AAA-Assertion 132 string -ATTRIBUTE MS-Windows-Auth-Data 133 octets -ATTRIBUTE MS-Windows-Group-Sid 134 string - -END-VENDOR UKERNA diff --git a/lib/radius/share/dictionary.vendor b/lib/radius/share/dictionary.vendor deleted file mode 100644 index 571dbc4..0000000 --- a/lib/radius/share/dictionary.vendor +++ /dev/null @@ -1,10 +0,0 @@ -# a sample vendor-specific dictionary - -VENDOR example 65535 - -BEGIN-VENDOR example -ATTRIBUTE Example-Integer 1 integer -ATTRIBUTE Example-String 2 string -ATTRIBUTE Example-IP-Address 3 ipaddr - -END-VENDOR example diff --git a/lib/radius/static.c b/lib/radius/static.c deleted file mode 100644 index bd87272..0000000 --- a/lib/radius/static.c +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file static.c - * \brief Dummy file to include auto-generating static dictionary mappings. - */ - -#include "client.h" - -/* - * Include the dynamically generated dictionaries. - */ -#include "dictionaries.c" diff --git a/lib/radius/tests/Makefile b/lib/radius/tests/Makefile deleted file mode 100644 index b9d74ad..0000000 --- a/lib/radius/tests/Makefile +++ /dev/null @@ -1,25 +0,0 @@ -# -# GNU Makefile -# -.PHONY: all clean -all: radattr - -HEADERS := ../client.h ../radius.h -CFLAGS := -g - -%.o : %.c - $(CC) $(CFLAGS) -I.. -I. -c $< - -%.o: ${HEADERS} - -LIBS := -lcrypto -lssl -LDFLAGS = -L.. -lnetworkradius-client - -../libnetworkradius-client.a: - @${MAKE} -C .. libnetworkradius-client.a - -radattr: radattr.o ../libnetworkradius-client.a - ${CC} ${LFDLAGS} ${LIBS} -o $@ $^ - -clean: - @rm -rf *.o *.a *~ diff --git a/lib/radius/tests/radattr.c b/lib/radius/tests/radattr.c deleted file mode 100644 index d41499a..0000000 --- a/lib/radius/tests/radattr.c +++ /dev/null @@ -1,769 +0,0 @@ -/* - * Copyright (C) 2011 Network RADIUS SARL <info@networkradius.com> - * - * This software may not be redistributed in any form without the prior - * written consent of Network RADIUS. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <networkradius-devel/client.h> - -#include <ctype.h> - -#include <assert.h> - -static int packet_code = PW_ACCESS_REQUEST; -static int packet_id = 1; -static uint8_t packet_vector[16] = { 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0 }; -static char secret[256] = "testing123"; - -static int encode_tlv(char *buffer, uint8_t *output, size_t outlen); - -static const char *hextab = "0123456789abcdef"; - -static int encode_data_string(char *buffer, - uint8_t *output, size_t outlen) -{ - int length = 0; - char *p; - - p = buffer + 1; - - while (*p && (outlen > 0)) { - if (*p == '"') { - return length; - } - - if (*p != '\\') { - *(output++) = *(p++); - outlen--; - length++; - continue; - } - - switch (p[1]) { - default: - *(output++) = p[1]; - break; - - case 'n': - *(output++) = '\n'; - break; - - case 'r': - *(output++) = '\r'; - break; - - case 't': - *(output++) = '\t'; - break; - } - - outlen--; - length++; - } - - fprintf(stderr, "String is not terminated\n"); - return 0; -} - -static int encode_data_tlv(char *buffer, char **endptr, - uint8_t *output, size_t outlen) -{ - int depth = 0; - int length; - char *p; - - for (p = buffer; *p != '\0'; p++) { - if (*p == '{') depth++; - if (*p == '}') { - depth--; - if (depth == 0) break; - } - } - - if (*p != '}') { - fprintf(stderr, "No trailing '}' in string starting " - "with \"%s\"\n", - buffer); - return 0; - } - - *endptr = p + 1; - *p = '\0'; - - p = buffer + 1; - while (isspace((int) *p)) p++; - - length = encode_tlv(p, output, outlen); - if (length == 0) return 0; - - return length; -} - -static int encode_hex(char *p, uint8_t *output, size_t outlen) -{ - int length = 0; - while (*p) { - char *c1, *c2; - - while (isspace((int) *p)) p++; - - if (!*p) break; - - if(!(c1 = memchr(hextab, tolower((int) p[0]), 16)) || - !(c2 = memchr(hextab, tolower((int) p[1]), 16))) { - fprintf(stderr, "Invalid data starting at " - "\"%s\"\n", p); - return 0; - } - - *output = ((c1 - hextab) << 4) + (c2 - hextab); - output++; - length++; - p += 2; - - outlen--; - if (outlen == 0) { - fprintf(stderr, "Too much data\n"); - return 0; - } - } - - return length; -} - - -static int encode_data(char *p, uint8_t *output, size_t outlen) -{ - int length; - - if (!isspace((int) *p)) { - fprintf(stderr, "Invalid character following attribute " - "definition\n"); - return 0; - } - - while (isspace((int) *p)) p++; - - if (*p == '{') { - int sublen; - char *q; - - length = 0; - - do { - while (isspace((int) *p)) p++; - if (!*p) { - if (length == 0) { - fprintf(stderr, "No data\n"); - return 0; - } - - break; - } - - sublen = encode_data_tlv(p, &q, output, outlen); - if (sublen == 0) return 0; - - length += sublen; - output += sublen; - outlen -= sublen; - p = q; - } while (*q); - - return length; - } - - if (*p == '"') { - length = encode_data_string(p, output, outlen); - return length; - } - - length = encode_hex(p, output, outlen); - - if (length == 0) { - fprintf(stderr, "Empty string\n"); - return 0; - } - - return length; -} - -static int decode_attr(char *buffer, char **endptr) -{ - long attr; - - attr = strtol(buffer, endptr, 10); - if (*endptr == buffer) { - fprintf(stderr, "No valid number found in string " - "starting with \"%s\"\n", buffer); - return 0; - } - - if (!**endptr) { - fprintf(stderr, "Nothing follows attribute number\n"); - return 0; - } - - if ((attr <= 0) || (attr > 256)) { - fprintf(stderr, "Attribute number is out of valid " - "range\n"); - return 0; - } - - return (int) attr; -} - -static int decode_vendor(char *buffer, char **endptr) -{ - long vendor; - - if (*buffer != '.') { - fprintf(stderr, "Invalid separator before vendor id\n"); - return 0; - } - - vendor = strtol(buffer + 1, endptr, 10); - if (*endptr == (buffer + 1)) { - fprintf(stderr, "No valid vendor number found\n"); - return 0; - } - - if (!**endptr) { - fprintf(stderr, "Nothing follows vendor number\n"); - return 0; - } - - if ((vendor <= 0) || (vendor > (1 << 24))) { - fprintf(stderr, "Vendor number is out of valid range\n"); - return 0; - } - - if (**endptr != '.') { - fprintf(stderr, "Invalid data following vendor number\n"); - return 0; - } - (*endptr)++; - - return (int) vendor; -} - -static int encode_tlv(char *buffer, uint8_t *output, size_t outlen) -{ - int attr; - int length; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - output[0] = attr; - output[1] = 2; - - if (*p == '.') { - p++; - length = encode_tlv(p, output + 2, outlen - 2); - - } else { - length = encode_data(p, output + 2, outlen - 2); - } - - if (length == 0) return 0; - if (length > (255 - 2)) { - fprintf(stderr, "TLV data is too long\n"); - return 0; - } - - output[1] += length; - - return length + 2; -} - -static int encode_vsa(char *buffer, uint8_t *output, size_t outlen) -{ - int vendor; - int length; - char *p; - - vendor = decode_vendor(buffer, &p); - if (vendor == 0) return 0; - - output[0] = 0; - output[1] = (vendor >> 16) & 0xff; - output[2] = (vendor >> 8) & 0xff; - output[3] = vendor & 0xff; - - length = encode_tlv(p, output + 4, outlen - 4); - if (length == 0) return 0; - if (length > (255 - 6)) { - fprintf(stderr, "VSA data is too long\n"); - return 0; - } - - - return length + 4; -} - -static int encode_evs(char *buffer, uint8_t *output, size_t outlen) -{ - int vendor; - int attr; - int length; - char *p; - - vendor = decode_vendor(buffer, &p); - if (vendor == 0) return 0; - - attr = decode_attr(p, &p); - if (attr == 0) return 0; - - output[0] = 0; - output[1] = (vendor >> 16) & 0xff; - output[2] = (vendor >> 8) & 0xff; - output[3] = vendor & 0xff; - output[4] = attr; - - length = encode_data(p, output + 5, outlen - 5); - if (length == 0) return 0; - - return length + 5; -} - -static int encode_extended(char *buffer, - uint8_t *output, size_t outlen) -{ - int attr; - int length; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - output[0] = attr; - - if (attr == 26) { - length = encode_evs(p, output + 1, outlen - 1); - } else { - length = encode_data(p, output + 1, outlen - 1); - } - if (length == 0) return 0; - if (length > (255 - 3)) { - fprintf(stderr, "Extended Attr data is too long\n"); - return 0; - } - - return length + 1; -} - -static int encode_extended_flags(char *buffer, - uint8_t *output, size_t outlen) -{ - int attr; - int length, total; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - /* output[0] is the extended attribute */ - output[1] = 4; - output[2] = attr; - output[3] = 0; - - if (attr == 26) { - length = encode_evs(p, output + 4, outlen - 4); - if (length == 0) return 0; - - output[1] += 5; - length -= 5; - } else { - length = encode_data(p, output + 4, outlen - 4); - } - if (length == 0) return 0; - - total = 0; - while (1) { - int sublen = 255 - output[1]; - - if (length <= sublen) { - output[1] += length; - total += output[1]; - break; - } - - length -= sublen; - - memmove(output + 255 + 4, output + 255, length); - memcpy(output + 255, output, 4); - - output[1] = 255; - output[3] |= 0x80; - - output += 255; - output[1] = 4; - total += 255; - } - - return total; -} - -static int encode_rfc(char *buffer, uint8_t *output, size_t outlen) -{ - int attr; - int length, sublen; - char *p; - - attr = decode_attr(buffer, &p); - if (attr == 0) return 0; - - length = 2; - output[0] = attr; - output[1] = 2; - - if (attr == 26) { - sublen = encode_vsa(p, output + 2, outlen - 2); - - } else if ((attr < 241) || (attr > 246)) { - sublen = encode_data(p, output + 2, outlen - 2); - - } else { - if (*p != '.') { - fprintf(stderr, "Invalid data following " - "attribute number\n"); - return 0; - } - - if (attr < 245) { - sublen = encode_extended(p + 1, - output + 2, outlen - 2); - } else { - - /* - * Not like the others! - */ - return encode_extended_flags(p + 1, output, outlen); - } - } - if (sublen == 0) return 0; - if (sublen > (255 -2)) { - fprintf(stderr, "RFC Data is too long\n"); - return 0; - } - - output[1] += sublen; - return length + sublen; -} - -static int walk_callback(void *ctx, const DICT_ATTR *da, - const uint8_t *data, size_t sizeof_data) -{ - char **p = ctx; - - sprintf(*p, "v%u a%u l%ld,", - da->vendor, da->attr, sizeof_data); - - *p += strlen(*p); -} - -static void process_file(const char *filename) -{ - int lineno, rcode; - size_t i, outlen; - ssize_t len, data_len; - FILE *fp; - RADIUS_PACKET packet; - char input[8192], buffer[8192]; - char output[8192]; - uint8_t *attr, data[2048]; - - if (strcmp(filename, "-") == 0) { - fp = stdin; - filename = "<stdin>"; - - } else { - fp = fopen(filename, "r"); - if (!fp) { - fprintf(stderr, "Error opening %s: %s\n", - filename, strerror(errno)); - exit(1); - } - } - - lineno = 0; - *output = '\0'; - data_len = 0; - - while (fgets(buffer, sizeof(buffer), fp) != NULL) { - char *p = strchr(buffer, '\n'); - VALUE_PAIR *vp, *head = NULL; - VALUE_PAIR **tail = &head; - - lineno++; - - if (!p) { - if (!feof(fp)) { - fprintf(stderr, "Line %d too long in %s\n", - lineno, filename); - exit(1); - } - } else { - *p = '\0'; - } - - p = strchr(buffer, '#'); - if (p) *p = '\0'; - - p = buffer; - while (isspace((int) *p)) p++; - if (!*p) continue; - - strcpy(input, p); - - if (strncmp(p, "raw ", 4) == 0) { - outlen = encode_rfc(p + 4, data, sizeof(data)); - if (outlen == 0) { - fprintf(stderr, "Parse error in line %d of %s\n", - lineno, filename); - exit(1); - } - - print_hex: - if (outlen == 0) { - output[0] = 0; - continue; - } - - data_len = outlen; - for (i = 0; i < outlen; i++) { - snprintf(output + 3*i, sizeof(output), - "%02x ", data[i]); - } - outlen = strlen(output); - output[outlen - 1] = '\0'; - continue; - } - - if (strncmp(p, "data ", 5) == 0) { - if (strcmp(p + 5, output) != 0) { - fprintf(stderr, "Mismatch in line %d of %s, expected: %s\n", - lineno, filename, output); - exit(1); - } - continue; - } - - head = NULL; - if (strncmp(p, "encode ", 7) == 0) { - if (strcmp(p + 7, "-") == 0) { - p = output; - } else { - p += 7; - } - - rcode = nr_vp_sscanf(p, &head); - if (rcode < 0) { - strcpy(output, nr_strerror(rcode)); - continue; - } - - attr = data; - vp = head; - while (vp != NULL) { - len = nr_vp2attr(NULL, NULL, &vp, - attr, sizeof(data) - (attr - data)); - if (len < 0) { - fprintf(stderr, "Failed encoding %s: %s\n", - vp->da->name, nr_strerror(len)); - exit(1); - } - - attr += len; - if (len == 0) break; - } - - nr_vp_free(&head); - outlen = len; - goto print_hex; - } - - if (strncmp(p, "decode ", 7) == 0) { - ssize_t my_len; - - if (strcmp(p + 7, "-") == 0) { - attr = data; - len = data_len; - } else { - attr = data; - len = encode_hex(p + 7, data, sizeof(data)); - if (len == 0) { - fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); - exit(1); - } - } - - while (len > 0) { - vp = NULL; - my_len = nr_attr2vp(NULL, NULL, - attr, len, &vp); - if (my_len < 0) { - nr_vp_free(&head); - break; - } - - if (my_len > len) { - fprintf(stderr, "Internal sanity check failed at %d\n", __LINE__); - exit(1); - } - - *tail = vp; - while (vp) { - tail = &(vp->next); - vp = vp->next; - } - - attr += my_len; - len -= my_len; - } - - /* - * Output may be an error, and we ignore - * it if so. - */ - if (head) { - p = output; - for (vp = head; vp != NULL; vp = vp->next) { - nr_vp_snprintf(p, sizeof(output) - (p - output), vp); - p += strlen(p); - - if (vp->next) {strcpy(p, ", "); - p += 2; - } - } - - nr_vp_free(&head); - } else if (my_len < 0) { - strcpy(output, nr_strerror(my_len)); - - } else { /* zero-length attribute */ - *output = '\0'; - } - continue; - } - - if (strncmp(p, "walk ", 5) == 0) { - len = encode_hex(p + 5, data + 20, sizeof(data) - 20); - - if (len == 0) { - fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); - exit(1); - } - - memset(data, 0, 20); - packet.data = data; - packet.length = len + 20; - packet.data[2] = ((len + 20) >> 8) & 0xff; - packet.data[3] = (len + 20) & 0xff; - - *output = '\0'; - p = output; - - rcode = nr_packet_walk(&packet, &p, walk_callback); - if (rcode < 0) { - snprintf(output, sizeof(output), "%d", rcode); - continue; - } - - if (*output) output[strlen(output) - 1] = '\0'; - continue; - } - - if (strncmp(p, "$INCLUDE ", 9) == 0) { - p += 9; - while (isspace((int) *p)) p++; - - process_file(p); - continue; - } - - if (strncmp(p, "secret ", 7) == 0) { - strlcpy(secret, p + 7, sizeof(secret)); - strlcpy(output, secret, sizeof(output)); - continue; - } - - if (strncmp(p, "code ", 5) == 0) { - packet_code = atoi(p + 5); - snprintf(output, sizeof(output), "%u", packet_code); - continue; - } - - if (strncmp(p, "sign ", 5) == 0) { - len = encode_hex(p + 5, data + 20, sizeof(data) - 20); - if (len == 0) { - fprintf(stderr, "Failed decoding hex string at line %d of %s\n", lineno, filename); - exit(1); - } - - memset(&packet, 0, sizeof(packet)); - packet.secret = secret; - packet.sizeof_secret = strlen(secret); - packet.code = packet_code; - packet.id = packet_id; - memcpy(packet.vector, packet_vector, 16); - packet.data = data; - packet.length = len + 20; - - /* - * Hack encode the packet. - */ - packet.data[0] = packet_code; - packet.data[1] = packet_id; - packet.data[2] = ((len + 20) >> 8) & 0xff; - packet.data[3] = (len + 20) & 0xff; - memcpy(packet.data + 4, packet_vector, 16); - - rcode = nr_packet_sign(&packet, NULL); - if (rcode < 0) { - snprintf(output, sizeof(output), "%d", rcode); - continue; - } - - memcpy(data, packet.vector, sizeof(packet.vector)); - outlen = sizeof(packet.vector); - goto print_hex; - } - - fprintf(stderr, "Unknown input at line %d of %s\n", - lineno, filename); - exit(1); - } - - if (fp != stdin) fclose(fp); -} - -int main(int argc, char *argv[]) -{ - int c; - - if (argc < 2) { - process_file("-"); - - } else { - process_file(argv[1]); - } - - return 0; -} diff --git a/lib/radius/tests/rfc.txt b/lib/radius/tests/rfc.txt deleted file mode 100644 index d8bd613..0000000 --- a/lib/radius/tests/rfc.txt +++ /dev/null @@ -1,144 +0,0 @@ -# All attribute lengths are implicit, and are calculated automatically -# -# Input is of the form: -# -# WORD ... -# -# The WORD is a keyword which indicates the format of the following text. -# WORD is one of: -# -# raw - read the grammar defined below, and encode an attribute. -# The grammer supports a trivial way of describing RADIUS -# attributes, without reference to dictionaries or fancy -# parsers -# -# encode - reads "Attribute-Name = value", encodes it, and prints -# the result as text. -# use "-" to encode the output of the last command -# -# decode - reads hex, and decodes it "Attribute-Name = value" -# use "-" to decode the output of the last command -# -# data - the expected output of the previous command, in ASCII form. -# if the actual command output is different, an error message -# is produced, and the program terminates. -# -# -# The "raw" input satisfies the following grammar: -# -# Identifier = 1*DIGIT *( "." 1*DIGIT ) -# -# HEXCHAR = HEXDIG HEXDIG -# -# STRING = DQUOTE *CHAR DQUOTE -# -# TLV = "{" 1*DIGIT DATA "}" -# -# DATA = 1*HEXCHAR / 1*TLV / STRING -# -# LINE = Identifier DATA -# -# The "Identifier" is a RADIUS attribute identifier, as given in the draft. -# -# e.g. 1 for User-Name -# 26.9.1 Vendor-Specific, Cisco, Cisco-AVPAir -# 241.1 Extended Attribute, number 1 -# 241.2.3 Extended Attribute 2, data type TLV, TLV type 3 -# etc. -# -# The "DATA" portion is the contents of the RADIUS Attribute. -# -# 123456789abcdef hex string -# 12 34 56 ab with spaces for clarity -# "hello" Text string -# { 1 abcdef } TLV, TLV-Type 1, data "abcdef" -# -# TLVs can be nested: -# -# { tlv-type { tlv-type data } } { 3 { 4 01020304 } } -# -# TLVs can be concatencated -# -# {tlv-type data } { tlv-type data} { 3 040506 } { 8 aabbcc } -# -# The "raw" data is encoded without reference to dictionaries. Any -# valid string is parsed to a RADIUS attribute. The resulting RADIUS -# attribute *may not* be correctly formatted to the relevant RADIUS -# specifications. i.e. you can use this tool to create attribute 1 -# (User-Name), which is encoded as a series of TLVs. That's up to you. -# -# The purpose of the "raw" command is to have a simple way of encoding -# attributes which is independent of any dictionaries or packet processing -# routines. -# -# The output data is the hex version of the encoded attribute. -# - -encode User-Name = bob -data 01 05 62 6f 62 - -decode - -data User-Name = "bob" - -decode 01 05 62 6f 62 -data User-Name = "bob" - -# -# The Type/Length is OK, but the attribute data is of the wrong size. -# -decode 04 04 ab cd -data Attr-4 = 0xabcd - -# Zero-length attributes -decode 01 02 -data - -# don't encode zero-length attributes -#encode User-Name = "" -#data - -# except for CUI. Thank you, WiMAX! -decode 59 02 -data Chargeable-User-Identity = "" - -# Hah! Thought you had it figured out, didn't you? -#encode - -#data 59 02 - -encode NAS-Port = 10 -data 05 06 00 00 00 0a - -decode - -data NAS-Port = 10 - -walk 05 06 00 00 00 0a -data v0 a5 l4 - -walk 05 06 00 00 00 0a 02 06 00 00 00 0a -data v0 a5 l4,v0 a2 l4 - -walk 1a 0c 00 00 00 01 05 06 00 00 00 0a -data v1 a5 l4 - -walk 1a 12 00 00 00 01 05 06 00 00 00 0a 03 06 00 00 00 0a -data v1 a5 l4,v1 a3 l4 - -# Access-Request, code 1, authentication vector of zero -sign 05 06 00 00 00 0a -data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - -code 4 - -sign 05 06 00 00 00 0a -data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 - -sign 05 06 00 00 00 0a -data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 - -secret hello -sign 05 06 00 00 00 0a -data 69 20 c0 b9 e1 2f 12 54 9f 92 16 5e f4 64 9b fd - -secret testing123 -sign 05 06 00 00 00 0a -data 62 63 f1 db 80 70 a6 64 37 31 63 e4 aa 95 5a 68 diff --git a/lib/radius/valuepair.c b/lib/radius/valuepair.c deleted file mode 100644 index 6277f7d..0000000 --- a/lib/radius/valuepair.c +++ /dev/null @@ -1,191 +0,0 @@ -/* -Copyright (c) 2011, Network RADIUS SARL -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of the <organization> nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** \file valuepair.c - * \brief Functions to manipulate C structure versions of RADIUS attributes. - */ - -#include "client.h" - -void nr_vp_free(VALUE_PAIR **head) -{ - VALUE_PAIR *next, *vp; - - for (vp = *head; vp != NULL; vp = next) { - next = vp->next; - if (vp->da->flags.encrypt) { - memset(vp, 0, sizeof(vp)); - } - free(vp); - } - - *head = NULL; -} - - -VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da) -{ - memset(vp, 0, sizeof(*vp)); - - vp->da = da; - vp->length = da->flags.length; - - return vp; -} - - -VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da) -{ - VALUE_PAIR *vp = NULL; - - if (!da) { - nr_strerror_printf("Unknown attribute"); - return NULL; - } - - vp = malloc(sizeof(*vp)); - if (!vp) { - nr_strerror_printf("Out of memory"); - return NULL; - } - - return nr_vp_init(vp, da); -} - -VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor) -{ - VALUE_PAIR *vp = NULL; - DICT_ATTR *da; - - vp = malloc(sizeof(*vp) + sizeof(*da) + 64); - if (!vp) { - nr_strerror_printf("Out of memory"); - return NULL; - } - memset(vp, 0, sizeof(*vp)); - - da = (DICT_ATTR *) (vp + 1); - - if (nr_dict_attr_2struct(da, attr, vendor, (char *) (da + 1), 64) < 0) { - free(vp); - return NULL; - } - - vp->da = da; - - return vp; -} - -int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t sizeof_data) -{ - int rcode = 1; /* OK */ - - if (!vp || !data || (sizeof_data == 0)) return -RSE_INVAL; - - switch (vp->da->type) { - case RS_TYPE_BYTE: - vp->vp_integer = *(const uint8_t *) data; - break; - - case RS_TYPE_SHORT: - vp->vp_integer = *(const uint16_t *) data; - break; - - case RS_TYPE_INTEGER: - case RS_TYPE_DATE: - case RS_TYPE_IPADDR: - vp->vp_integer = *(const uint32_t *) data; - break; - - case RS_TYPE_STRING: - if (sizeof_data >= sizeof(vp->vp_strvalue)) { - sizeof_data = sizeof(vp->vp_strvalue) - 1; - rcode = 0; /* truncated */ - } - - memcpy(vp->vp_strvalue, (const char *) data, sizeof_data); - vp->vp_strvalue[sizeof_data + 1] = '\0'; - vp->length = sizeof_data; - break; - - case RS_TYPE_OCTETS: - if (sizeof_data > sizeof(vp->vp_octets)) { - sizeof_data = sizeof(vp->vp_octets); - rcode = 0; /* truncated */ - } - memcpy(vp->vp_octets, data, sizeof_data); - vp->length = sizeof_data; - break; - - default: - return -RSE_ATTR_TYPE_UNKNOWN; - } - - return rcode; -} - -VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data, size_t data_len) -{ - const DICT_ATTR *da; - VALUE_PAIR *vp; - - da = nr_dict_attr_byvalue(attr, vendor); - if (!da) return NULL; - - vp = nr_vp_alloc(da); - if (!vp) return NULL; - - if (nr_vp_set_data(vp, data, data_len) < 0) { - nr_vp_free(&vp); - return NULL; - } - - return vp; -} - -void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *tail) -{ - if (!tail) return; - - while (*head) { - head = &((*head)->next); - } - - *head = tail; -} - -VALUE_PAIR *nr_vps_find(VALUE_PAIR *head, - unsigned int attr, unsigned int vendor) -{ - while (head) { - if ((head->da->attr == attr) && - (head->da->vendor == vendor)) return head; - head = head->next; - } - - return NULL; -} diff --git a/lib/radsec.c b/lib/radsec.c deleted file mode 100644 index 83ce6c5..0000000 --- a/lib/radsec.c +++ /dev/null @@ -1,141 +0,0 @@ -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> -#include <string.h> -#include <libgen.h> -#include <assert.h> - -#include <radius/client.h> -#include <event2/event.h> -#include <event2/util.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "err.h" -#include "debug.h" -#include "radsecproxy/debug.h" -#if defined (RS_ENABLE_TLS) -#include "tls.h" -#include <regex.h> -#include "radsecproxy/list.h" -#include "radsecproxy/radsecproxy.h" -#endif - -/* Public functions. */ -int -rs_context_create (struct rs_context **ctx) -{ - struct rs_context *h; - -#if defined (RS_ENABLE_TLS) - if (tls_init ()) - return RSE_SSLERR; -#endif - - h = calloc (1, sizeof(*h)); - if (h == NULL) - return RSE_NOMEM; - - debug_init ("libradsec"); /* radsecproxy compat, FIXME: remove */ - - if (ctx != NULL) - *ctx = h; - - return RSE_OK; -} - -struct rs_error * -rs_resolve (struct evutil_addrinfo **addr, - rs_conn_type_t type, - const char *hostname, - const char *service) -{ - int err; - struct evutil_addrinfo hints, *res = NULL; - - memset (&hints, 0, sizeof(struct evutil_addrinfo)); - hints.ai_family = AF_UNSPEC; - hints.ai_flags = AI_ADDRCONFIG; - switch (type) - { - case RS_CONN_TYPE_NONE: - return err_create (RSE_INVALID_CONN, __FILE__, __LINE__, NULL, NULL); - case RS_CONN_TYPE_TCP: - /* Fall through. */ - case RS_CONN_TYPE_TLS: - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = IPPROTO_TCP; - break; - case RS_CONN_TYPE_UDP: - /* Fall through. */ - case RS_CONN_TYPE_DTLS: - hints.ai_socktype = SOCK_DGRAM; - hints.ai_protocol = IPPROTO_UDP; - break; - default: - return err_create (RSE_INVALID_CONN, __FILE__, __LINE__, NULL, NULL); - } - err = evutil_getaddrinfo (hostname, service, &hints, &res); - if (err) - return err_create (RSE_BADADDR, __FILE__, __LINE__, - "%s:%s: bad host name or service name (%s)", - hostname, service, evutil_gai_strerror(err)); - *addr = res; /* Simply use first result. */ - return NULL; -} - -void -rs_context_destroy (struct rs_context *ctx) -{ - struct rs_realm *r = NULL; - struct rs_peer *p = NULL; - - if (ctx->config) - { - for (r = ctx->config->realms; r; ) - { - struct rs_realm *tmp = r; - for (p = r->peers; p; ) - { - struct rs_peer *tmp = p; - if (p->addr_cache) - { - evutil_freeaddrinfo (p->addr_cache); - p->addr_cache = NULL; - } - p = p->next; - rs_free (ctx, tmp); - } - free (r->name); - rs_free (ctx, r->transport_cred); - r = r->next; - rs_free (ctx, tmp); - } - } - - if (ctx->config) - { - if (ctx->config->cfg) - { - cfg_free (ctx->config->cfg); - ctx->config->cfg = NULL; - } - rs_free (ctx, ctx->config); - } - - free (ctx); -} - -int -rs_context_set_alloc_scheme (struct rs_context *ctx, - struct rs_alloc_scheme *scheme) -{ - return rs_err_ctx_push_fl (ctx, RSE_NOSYS, __FILE__, __LINE__, NULL); -} - diff --git a/lib/radsec.h b/lib/radsec.h deleted file mode 100644 index 703e44b..0000000 --- a/lib/radsec.h +++ /dev/null @@ -1,7 +0,0 @@ -/* Copyright 2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -struct rs_error *rs_resolve (struct evutil_addrinfo **addr, - rs_conn_type_t type, - const char *hostname, - const char *service); diff --git a/lib/radsec.sym b/lib/radsec.sym deleted file mode 100644 index 77fcacc..0000000 --- a/lib/radsec.sym +++ /dev/null @@ -1,86 +0,0 @@ -rs_attr_display_name -rs_attr_find -rs_attr_parse_name -rs_avp_alloc -rs_avp_append -rs_avp_attrid -rs_avp_byte_set -rs_avp_byte_value -rs_avp_date_set -rs_avp_date_value -rs_avp_delete -rs_avp_display_value -rs_avp_dup -rs_avp_find -rs_avp_find_const -rs_avp_fragmented_value -rs_avp_free -rs_avp_ifid_set -rs_avp_ifid_value -rs_avp_integer_set -rs_avp_integer_value -rs_avp_ipaddr_set -rs_avp_ipaddr_value -rs_avp_length -rs_avp_name -rs_avp_next -rs_avp_next_const -rs_avp_octets_set -rs_avp_octets_value -rs_avp_octets_value_byref -rs_avp_octets_value_const_ptr -rs_avp_octets_value_ptr -rs_avp_short_set -rs_avp_short_value -rs_avp_string_set -rs_avp_string_value -rs_avp_typeof -rs_conf_find_realm -rs_conn_add_listener -rs_conn_create -rs_conn_del_callbacks -rs_conn_destroy -rs_conn_disconnect -rs_conn_fd -rs_conn_get_callbacks -rs_conn_get_current_peer -rs_conn_receive_packet -rs_conn_select_peer -rs_conn_set_callbacks -rs_conn_set_eventbase -rs_conn_set_timeout -rs_conn_set_type -rs_context_create -rs_context_destroy -rs_context_read_config -rs_context_set_alloc_scheme -rs_dump_packet -rs_err_code -rs_err_conn_peek_code -rs_err_conn_pop -rs_err_conn_push -rs_err_conn_push_fl -rs_err_ctx_pop -rs_err_ctx_push -rs_err_ctx_push_fl -rs_err_free -rs_err_msg -rs_packet_add_avp -rs_packet_append_avp -rs_packet_avps -rs_packet_code -rs_packet_create -rs_packet_create_authn_request -rs_packet_destroy -rs_packet_send -rs_peer_create -rs_peer_set_address -rs_peer_set_retries -rs_peer_set_secret -rs_peer_set_timeout -rs_request_add_reqpkt -rs_request_create -rs_request_create_authn -rs_request_destroy -rs_request_get_reqmsg -rs_request_send diff --git a/lib/radsecproxy/Makefile.am b/lib/radsecproxy/Makefile.am deleted file mode 100644 index dc5ffc4..0000000 --- a/lib/radsecproxy/Makefile.am +++ /dev/null @@ -1,23 +0,0 @@ -AUTOMAKE_OPTIONS = foreign -ACLOCAL_AMFLAGS = -I m4 - -AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir) -AM_CFLAGS = -Wall -Werror -g - -noinst_LTLIBRARIES = libradsec-radsecproxy.la - -libradsec_radsecproxy_la_SOURCES = \ - debug.c debug.h \ - gconfig.h \ - hash.c hash.h \ - hostport_types.h \ - list.c list.h \ - radmsg.h \ - radsecproxy.h \ - tlv11.h \ - util.c util.h - -if RS_ENABLE_TLS -libradsec_radsecproxy_la_SOURCES += \ - tlscommon.c tlscommon.h -endif diff --git a/lib/radsecproxy/debug.c b/lib/radsecproxy/debug.c deleted file mode 100644 index 8a4881d..0000000 --- a/lib/radsecproxy/debug.c +++ /dev/null @@ -1,213 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS - * Copyright (c) 2010-2011, NORDUnet A/S */ -/* See LICENSE for licensing information. */ - -#ifndef SYS_SOLARIS9 -#include <stdint.h> -#endif -#include <stdio.h> -#include <stdlib.h> -#include <stdarg.h> -#include <string.h> -#include <strings.h> -#include <time.h> -#include <sys/time.h> -#include <syslog.h> -#include <errno.h> -#include <assert.h> -#include "debug.h" -#include "util.h" - -static char *debug_ident = NULL; -static uint8_t debug_level = DBG_INFO; -static char *debug_filepath = NULL; -static FILE *debug_file = NULL; -static int debug_syslogfacility = 0; -static uint8_t debug_timestamp = 0; - -void debug_init(char *ident) { - debug_file = stderr; - setvbuf(debug_file, NULL, _IONBF, 0); - debug_ident = ident; -} - -void debug_set_level(uint8_t level) { - switch (level) { - case 1: - debug_level = DBG_ERR; - return; - case 2: - debug_level = DBG_WARN; - return; - case 3: - debug_level = DBG_NOTICE; - return; - case 4: - debug_level = DBG_INFO; - return; - case 5: - debug_level = DBG_DBG; - return; - } -} - -void debug_timestamp_on() { - debug_timestamp = 1; -} - -uint8_t debug_get_level() { - return debug_level; -} - -int debug_set_destination(char *dest) { - static const char *facstrings[] = { "LOG_DAEMON", "LOG_MAIL", "LOG_USER", "LOG_LOCAL0", - "LOG_LOCAL1", "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", - "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7", NULL }; - static const int facvals[] = { LOG_DAEMON, LOG_MAIL, LOG_USER, LOG_LOCAL0, - LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4, - LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7 }; - extern int errno; - int i; - - if (!strncasecmp(dest, "file:///", 8)) { - debug_filepath = stringcopy(dest + 7, 0); - debug_file = fopen(debug_filepath, "a"); - if (!debug_file) { - debug_file = stderr; - debugx(1, DBG_ERR, "Failed to open logfile %s\n%s", - debug_filepath, strerror(errno)); - } - setvbuf(debug_file, NULL, _IONBF, 0); - return 1; - } - if (!strncasecmp(dest, "x-syslog://", 11)) { - dest += 11; - if (*dest == '/') - dest++; - if (*dest) { - for (i = 0; facstrings[i]; i++) - if (!strcasecmp(dest, facstrings[i])) - break; - if (!facstrings[i]) - debugx(1, DBG_ERR, "Unknown syslog facility %s", dest); - debug_syslogfacility = facvals[i]; - } else - debug_syslogfacility = LOG_DAEMON; - openlog(debug_ident, LOG_PID, debug_syslogfacility); - return 1; - } - debug(DBG_ERR, "Unknown log destination, exiting %s", dest); - exit(1); -} - -void debug_reopen_log() { - extern int errno; - - /* not a file, noop, return success */ - if (!debug_filepath) { - debug(DBG_ERR, "skipping reopen"); - return; - } - - if (debug_file != stderr) - fclose(debug_file); - - debug_file = fopen(debug_filepath, "a"); - if (debug_file) - debug(DBG_ERR, "Reopened logfile %s", debug_filepath); - else { - debug_file = stderr; - debug(DBG_ERR, "Failed to open logfile %s, using stderr\n%s", - debug_filepath, strerror(errno)); - } - setvbuf(debug_file, NULL, _IONBF, 0); -} - -void debug_logit(uint8_t level, const char *format, va_list ap) { - struct timeval now; - char *timebuf; - int priority; - - if (debug_syslogfacility) { - switch (level) { - case DBG_DBG: - priority = LOG_DEBUG; - break; - case DBG_INFO: - priority = LOG_INFO; - break; - case DBG_NOTICE: - priority = LOG_NOTICE; - break; - case DBG_WARN: - priority = LOG_WARNING; - break; - case DBG_ERR: - priority = LOG_ERR; - break; - default: - priority = LOG_DEBUG; - } - vsyslog(priority, format, ap); - } else { - if (debug_timestamp && (timebuf = malloc(256))) { - gettimeofday(&now, NULL); - ctime_r(&now.tv_sec, timebuf); - timebuf[strlen(timebuf) - 1] = '\0'; - fprintf(debug_file, "%s: ", timebuf + 4); - free(timebuf); - } - vfprintf(debug_file, format, ap); - fprintf(debug_file, "\n"); - } -} - -void debug(uint8_t level, char *format, ...) { - va_list ap; - if (level < debug_level) - return; - va_start(ap, format); - debug_logit(level, format, ap); - va_end(ap); -} - -void debugx(int status, uint8_t level, char *format, ...) { - if (level >= debug_level) { - va_list ap; - va_start(ap, format); - debug_logit(level, format, ap); - va_end(ap); - } - exit(status); -} - -void debugerrno(int err, uint8_t level, char *format, ...) { - if (level >= debug_level) { - va_list ap; - size_t len = strlen(format); - char *tmp = malloc(len + 1024 + 2); - assert(tmp); - strcpy(tmp, format); - tmp[len++] = ':'; - tmp[len++] = ' '; - if (strerror_r(err, tmp + len, 1024)) - tmp = format; - va_start(ap, format); - debug_logit(level, tmp, ap); - va_end(ap); - } -} - -void debugerrnox(int err, uint8_t level, char *format, ...) { - if (level >= debug_level) { - va_list ap; - va_start(ap, format); - debugerrno(err, level, format, ap); - va_end(ap); - } - exit(err); -} - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/debug.h b/lib/radsecproxy/debug.h deleted file mode 100644 index f9858ab..0000000 --- a/lib/radsecproxy/debug.h +++ /dev/null @@ -1,36 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS - * Copyright (c) 2010-2011, NORDUnet A/S */ -/* See LICENSE for licensing information. */ - -#ifndef SYS_SOLARIS9 -#include <stdint.h> -#endif - -#define DBG_DBG 8 -#define DBG_INFO 16 -#define DBG_NOTICE 32 -#define DBG_WARN 64 -#define DBG_ERR 128 - -#if defined (__cplusplus) -extern "C" { -#endif - -void debug_init(char *ident); -void debug_set_level(uint8_t level); -void debug_timestamp_on(); -uint8_t debug_get_level(); -void debug(uint8_t level, char *format, ...); -void debugx(int status, uint8_t level, char *format, ...); -void debugerrno(int err, uint8_t level, char *format, ...); -void debugerrnox(int err, uint8_t level, char *format, ...); -int debug_set_destination(char *dest); -void debug_reopen_log(); - -#if defined (__cplusplus) -} -#endif - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/gconfig.h b/lib/radsecproxy/gconfig.h deleted file mode 100644 index 3cb34b3..0000000 --- a/lib/radsecproxy/gconfig.h +++ /dev/null @@ -1,32 +0,0 @@ -/* Copyright (c) 2007-2008, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#define CONF_STR 1 -#define CONF_CBK 2 -#define CONF_MSTR 3 -#define CONF_BLN 4 -#define CONF_LINT 5 - -#include <stdio.h> - -struct gconffile { - char *path; - FILE *file; - const char *data; - size_t datapos; -}; - -int getconfigline(struct gconffile **cf, char *block, char **opt, char **val, int *conftype); -int getgenericconfig(struct gconffile **cf, char *block, ...); -int pushgconfdata(struct gconffile **cf, const char *data); -FILE *pushgconfpath(struct gconffile **cf, const char *path); -FILE *pushgconffile(struct gconffile **cf, FILE *file, const char *description); -FILE *pushgconfpaths(struct gconffile **cf, const char *path); -int popgconf(struct gconffile **cf); -void freegconfmstr(char **mstr); -void freegconf(struct gconffile **cf); -struct gconffile *openconfigfile(const char *file); - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/hash.c b/lib/radsecproxy/hash.c deleted file mode 100644 index ab17433..0000000 --- a/lib/radsecproxy/hash.c +++ /dev/null @@ -1,131 +0,0 @@ -/* Copyright (c) 2008, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#include <stdlib.h> -#include <string.h> -#include <pthread.h> -#include "list.h" -#include "hash.h" - -/* allocates and initialises hash structure; returns NULL if malloc fails */ -struct hash *hash_create() { - struct hash *h = malloc(sizeof(struct hash)); - if (!h) - return NULL; - h->hashlist = list_create(); - if (!h->hashlist) { - free(h); - return NULL; - } - pthread_mutex_init(&h->mutex, NULL); - return h; -} - -/* frees all memory associated with the hash */ -void hash_destroy(struct hash *h) { - struct list_node *ln; - - if (!h) - return; - for (ln = list_first(h->hashlist); ln; ln = list_next(ln)) { - free(((struct hash_entry *)ln->data)->key); - free(((struct hash_entry *)ln->data)->data); - } - list_destroy(h->hashlist); - pthread_mutex_destroy(&h->mutex); -} - -/* insert entry in hash; returns 1 if ok, 0 if malloc fails */ -int hash_insert(struct hash *h, void *key, uint32_t keylen, void *data) { - struct hash_entry *e; - - if (!h) - return 0; - e = malloc(sizeof(struct hash_entry)); - if (!e) - return 0; - memset(e, 0, sizeof(struct hash_entry)); - e->key = malloc(keylen); - if (!e->key) { - free(e); - return 0; - } - memcpy(e->key, key, keylen); - e->keylen = keylen; - e->data = data; - pthread_mutex_lock(&h->mutex); - if (!list_push(h->hashlist, e)) { - pthread_mutex_unlock(&h->mutex); - free(e->key); - free(e); - return 0; - } - pthread_mutex_unlock(&h->mutex); - return 1; -} - -/* reads entry from hash */ -void *hash_read(struct hash *h, void *key, uint32_t keylen) { - struct list_node *ln; - struct hash_entry *e; - - if (!h) - return 0; - pthread_mutex_lock(&h->mutex); - for (ln = list_first(h->hashlist); ln; ln = list_next(ln)) { - e = (struct hash_entry *)ln->data; - if (e->keylen == keylen && !memcmp(e->key, key, keylen)) { - pthread_mutex_unlock(&h->mutex); - return e->data; - } - } - pthread_mutex_unlock(&h->mutex); - return NULL; -} - -/* extracts entry from hash */ -void *hash_extract(struct hash *h, void *key, uint32_t keylen) { - struct list_node *ln; - struct hash_entry *e; - - if (!h) - return 0; - pthread_mutex_lock(&h->mutex); - for (ln = list_first(h->hashlist); ln; ln = list_next(ln)) { - e = (struct hash_entry *)ln->data; - if (e->keylen == keylen && !memcmp(e->key, key, keylen)) { - free(e->key); - list_removedata(h->hashlist, e); - free(e); - pthread_mutex_unlock(&h->mutex); - return e->data; - } - } - pthread_mutex_unlock(&h->mutex); - return NULL; -} - -/* returns first entry */ -struct hash_entry *hash_first(struct hash *hash) { - struct list_node *ln; - struct hash_entry *e; - if (!hash || !((ln = list_first(hash->hashlist)))) - return NULL; - e = (struct hash_entry *)ln->data; - e->next = ln->next; - return e; -} - -/* returns the next node after the argument */ -struct hash_entry *hash_next(struct hash_entry *entry) { - struct hash_entry *e; - if (!entry || !entry->next) - return NULL; - e = (struct hash_entry *)entry->next->data; - e->next = (struct list_node *)entry->next->next; - return e; -} - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/hash.h b/lib/radsecproxy/hash.h deleted file mode 100644 index 90ba64b..0000000 --- a/lib/radsecproxy/hash.h +++ /dev/null @@ -1,51 +0,0 @@ -/* Copyright (c) 2008, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#ifndef SYS_SOLARIS9 -#include <stdint.h> -#endif - -#if defined (__cplusplus) -extern "C" { -#endif - -struct hash { - struct list *hashlist; - pthread_mutex_t mutex; -}; - -struct hash_entry { - void *key; - uint32_t keylen; - void *data; - struct list_node *next; /* used when walking through hash */ -}; - -/* allocates and initialises hash structure; returns NULL if malloc fails */ -struct hash *hash_create(); - -/* frees all memory associated with the hash */ -void hash_destroy(struct hash *hash); - -/* insert entry in hash; returns 1 if ok, 0 if malloc fails */ -int hash_insert(struct hash *hash, void *key, uint32_t keylen, void *data); - -/* reads entry from hash */ -void *hash_read(struct hash *hash, void *key, uint32_t keylen); - -/* extracts (read and remove) entry from hash */ -void *hash_extract(struct hash *hash, void *key, uint32_t keylen); - -/* returns first entry */ -struct hash_entry *hash_first(struct hash *hash); - -/* returns the next entry after the argument */ -struct hash_entry *hash_next(struct hash_entry *entry); - -#if defined (__cplusplus) -} -#endif - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/hostport_types.h b/lib/radsecproxy/hostport_types.h deleted file mode 100644 index 01fb443..0000000 --- a/lib/radsecproxy/hostport_types.h +++ /dev/null @@ -1,6 +0,0 @@ -struct hostportres { - char *host; - char *port; - uint8_t prefixlen; - struct addrinfo *addrinfo; -}; diff --git a/lib/radsecproxy/list.c b/lib/radsecproxy/list.c deleted file mode 100644 index 4cfd358..0000000 --- a/lib/radsecproxy/list.c +++ /dev/null @@ -1,122 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdlib.h> -#include <string.h> -#include "list.h" - -/* allocates and initialises list structure; returns NULL if malloc fails */ -struct list *list_create() { - struct list *list = malloc(sizeof(struct list)); - if (list) - memset(list, 0, sizeof(struct list)); - return list; -} - -/* frees all memory associated with the list */ -void list_destroy(struct list *list) { - struct list_node *node, *next; - - if (!list) - return; - - for (node = list->first; node; node = next) { - free(node->data); - next = node->next; - free(node); - } - free(list); -} - -/* appends entry to list; returns 1 if ok, 0 if malloc fails */ -int list_push(struct list *list, void *data) { - struct list_node *node; - - node = malloc(sizeof(struct list_node)); - if (!node) - return 0; - - node->next = NULL; - node->data = data; - - if (list->first) - list->last->next = node; - else - list->first = node; - list->last = node; - - list->count++; - return 1; -} - -/* removes first entry from list and returns data */ -void *list_shift(struct list *list) { - struct list_node *node; - void *data; - - if (!list || !list->first) - return NULL; - - node = list->first; - list->first = node->next; - if (!list->first) - list->last = NULL; - data = node->data; - free(node); - list->count--; - return data; -} - -/* removes all entries with matching data pointer */ -void list_removedata(struct list *list, void *data) { - struct list_node *node, *t; - - if (!list || !list->first) - return; - - node = list->first; - while (node->data == data) { - list->first = node->next; - free(node); - list->count--; - node = list->first; - if (!node) { - list->last = NULL; - return; - } - } - for (; node->next; node = node->next) - if (node->next->data == data) { - t = node->next; - node->next = t->next; - free(t); - list->count--; - if (!node->next) { /* we removed the last one */ - list->last = node; - return; - } - } -} - -/* returns first node */ -struct list_node *list_first(struct list *list) { - return list ? list->first : NULL; -} - -/* returns the next node after the argument */ -struct list_node *list_next(struct list_node *node) { - return node->next; -} - -/* returns number of nodes */ -uint32_t list_count(struct list *list) { - return list->count; -} - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/list.h b/lib/radsecproxy/list.h deleted file mode 100644 index 4f4d1f9..0000000 --- a/lib/radsecproxy/list.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#ifdef SYS_SOLARIS9 -#include <sys/inttypes.h> -#else -#include <stdint.h> -#endif - -#if defined (__cplusplus) -extern "C" { -#endif - -struct list_node { - struct list_node *next; - void *data; -}; - -struct list { - struct list_node *first, *last; - uint32_t count; -}; - -/* allocates and initialises list structure; returns NULL if malloc fails */ -struct list *list_create(); - -/* frees all memory associated with the list */ -void list_destroy(struct list *list); - -/* appends entry to list; returns 1 if ok, 0 if malloc fails */ -int list_push(struct list *list, void *data); - -/* removes first entry from list and returns data */ -void *list_shift(struct list *list); - -/* removes first entry with matching data pointer */ -void list_removedata(struct list *list, void *data); - -/* returns first node */ -struct list_node *list_first(struct list *list); - -/* returns the next node after the argument */ -struct list_node *list_next(struct list_node *node); - -/* returns number of nodes */ -uint32_t list_count(struct list *list); - -#if defined (__cplusplus) -} -#endif - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/radmsg.h b/lib/radsecproxy/radmsg.h deleted file mode 100644 index 1bef59b..0000000 --- a/lib/radsecproxy/radmsg.h +++ /dev/null @@ -1,40 +0,0 @@ -/* Copyright (c) 2007-2008, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#define RAD_Access_Request 1 -#define RAD_Access_Accept 2 -#define RAD_Access_Reject 3 -#define RAD_Accounting_Request 4 -#define RAD_Accounting_Response 5 -#define RAD_Access_Challenge 11 -#define RAD_Status_Server 12 -#define RAD_Status_Client 13 - -#define RAD_Attr_User_Name 1 -#define RAD_Attr_User_Password 2 -#define RAD_Attr_Reply_Message 18 -#define RAD_Attr_Vendor_Specific 26 -#define RAD_Attr_Calling_Station_Id 31 -#define RAD_Attr_Tunnel_Password 69 -#define RAD_Attr_Message_Authenticator 80 - -#define RAD_VS_ATTR_MS_MPPE_Send_Key 16 -#define RAD_VS_ATTR_MS_MPPE_Recv_Key 17 - -struct radmsg { - uint8_t code; - uint8_t id; - uint8_t auth[20]; - struct list *attrs; -}; - -void radmsg_free(struct radmsg *); -struct radmsg *radmsg_init(uint8_t, uint8_t, uint8_t *); -int radmsg_add(struct radmsg *, struct tlv *); -struct tlv *radmsg_gettype(struct radmsg *, uint8_t); -uint8_t *radmsg2buf(struct radmsg *msg, uint8_t *); -struct radmsg *buf2radmsg(uint8_t *, uint8_t *, uint8_t *); - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/radsecproxy.h b/lib/radsecproxy/radsecproxy.h deleted file mode 100644 index 7528f7f..0000000 --- a/lib/radsecproxy/radsecproxy.h +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - */ - -#include "tlv11.h" -#include "radmsg.h" -#include "gconfig.h" - -#define DEBUG_LEVEL 2 - -#define CONFIG_MAIN "/etc/radsecproxy.conf" - -/* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */ -#define MAX_REQUESTS 256 -#define REQUEST_RETRY_INTERVAL 5 -#define REQUEST_RETRY_COUNT 2 -#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT -#define MAX_CERT_DEPTH 5 -#define STATUS_SERVER_PERIOD 25 -#define IDLE_TIMEOUT 300 - -/* 27262 is vendor DANTE Ltd. */ -#define DEFAULT_TTL_ATTR "27262:1" - -#define RAD_UDP 0 -#define RAD_TLS 1 -#define RAD_TCP 2 -#define RAD_DTLS 3 -#define RAD_PROTOCOUNT 4 - -struct options { - char *logdestination; - char *ttlattr; - uint32_t ttlattrtype[2]; - uint8_t addttl; - uint8_t loglevel; - uint8_t loopprevention; -}; - -struct commonprotoopts { - char **listenargs; - char *sourcearg; -}; - -struct request { - struct timeval created; - uint32_t refcount; - uint8_t *buf, *replybuf; - struct radmsg *msg; - struct client *from; - struct server *to; - char *origusername; - uint8_t rqid; - uint8_t rqauth[16]; - uint8_t newid; - int udpsock; /* only for UDP */ - uint16_t udpport; /* only for UDP */ -}; - -/* requests that our client will send */ -struct rqout { - pthread_mutex_t *lock; - struct request *rq; - uint8_t tries; - struct timeval expiry; -}; - -struct gqueue { - struct list *entries; - pthread_mutex_t mutex; - pthread_cond_t cond; -}; - -struct clsrvconf { - char *name; - uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */ - const struct protodefs *pdef; - char **hostsrc; - char *portsrc; - struct list *hostports; - char *secret; - char *tls; - char *matchcertattr; - regex_t *certcnregex; - regex_t *certuriregex; - char *confrewritein; - char *confrewriteout; - char *confrewriteusername; - struct modattr *rewriteusername; - char *dynamiclookupcommand; - uint8_t statusserver; - uint8_t retryinterval; - uint8_t retrycount; - uint8_t dupinterval; - uint8_t certnamecheck; - uint8_t addttl; - uint8_t loopprevention; - struct rewrite *rewritein; - struct rewrite *rewriteout; - pthread_mutex_t *lock; /* only used for updating clients so far */ - struct tls *tlsconf; - struct list *clients; - struct server *servers; -}; - -#include "tlscommon.h" - -struct client { - struct clsrvconf *conf; - int sock; - SSL *ssl; - struct request *rqs[MAX_REQUESTS]; - struct gqueue *replyq; - struct gqueue *rbios; /* for dtls */ - struct sockaddr *addr; - time_t expiry; /* for udp */ -}; - -struct server { - struct clsrvconf *conf; - int sock; - SSL *ssl; - pthread_mutex_t lock; - pthread_t clientth; - uint8_t clientrdgone; - struct timeval lastconnecttry; - struct timeval lastreply; - uint8_t connectionok; - uint8_t lostrqs; - uint8_t dynstartup; - char *dynamiclookuparg; - int nextid; - struct timeval lastrcv; - struct rqout *requests; - uint8_t newrq; - pthread_mutex_t newrq_mutex; - pthread_cond_t newrq_cond; - struct gqueue *rbios; /* for dtls */ -}; - -struct realm { - char *name; - char *message; - uint8_t accresp; - regex_t regex; - uint32_t refcount; - pthread_mutex_t mutex; - struct realm *parent; - struct list *subrealms; - struct list *srvconfs; - struct list *accsrvconfs; -}; - -struct modattr { - uint8_t t; - char *replacement; - regex_t *regex; -}; - -struct rewrite { - uint8_t *removeattrs; - uint32_t *removevendorattrs; - struct list *addattrs; - struct list *modattrs; -}; - -struct protodefs { - char *name; - char *secretdefault; - int socktype; - char *portdefault; - uint8_t retrycountdefault; - uint8_t retrycountmax; - uint8_t retryintervaldefault; - uint8_t retryintervalmax; - uint8_t duplicateintervaldefault; - void (*setprotoopts)(struct commonprotoopts *); - char **(*getlistenerargs)(); - void *(*listener)(void*); - int (*connecter)(struct server *, struct timeval *, int, char *); - void *(*clientconnreader)(void*); - int (*clientradput)(struct server *, unsigned char *); - void (*addclient)(struct client *); - void (*addserverextra)(struct clsrvconf *); - void (*setsrcres)(); - void (*initextra)(); -}; - -#define RADLEN(x) ntohs(((uint16_t *)(x))[1]) - -#define ATTRTYPE(x) ((x)[0]) -#define ATTRLEN(x) ((x)[1]) -#define ATTRVAL(x) ((x) + 2) -#define ATTRVALLEN(x) ((x)[1] - 2) - -struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); -struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); -struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur); -struct client *addclient(struct clsrvconf *conf, uint8_t lock); -void removelockedclient(struct client *client); -void removeclient(struct client *client); -struct gqueue *newqueue(); -void freebios(struct gqueue *q); -struct request *newrequest(); -void freerq(struct request *rq); -int radsrv(struct request *rq); -void replyh(struct server *server, unsigned char *buf); -struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport); - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/tlscommon.c b/lib/radsecproxy/tlscommon.c deleted file mode 100644 index a31fa32..0000000 --- a/lib/radsecproxy/tlscommon.c +++ /dev/null @@ -1,455 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS - * Copyright (c) 2010-2011, NORDUnet A/S */ -/* See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <sys/types.h> -#include <signal.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netdb.h> -#include <string.h> -#include <unistd.h> -#include <limits.h> -#ifdef SYS_SOLARIS9 -#include <fcntl.h> -#endif -#include <sys/time.h> -#include <sys/select.h> -#include <ctype.h> -#include <sys/wait.h> -#include <arpa/inet.h> -#include <regex.h> -#include <libgen.h> -#include <pthread.h> -#include <openssl/ssl.h> -#include <openssl/rand.h> -#include <openssl/err.h> -#include <openssl/md5.h> -#include <openssl/x509v3.h> -#include "debug.h" -#include "list.h" -#include "hash.h" -#include "util.h" -#include "hostport_types.h" -#include "radsecproxy.h" - -static int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata) { - int pwdlen = strlen(userdata); - if (rwflag != 0 || pwdlen > size) /* not for decryption or too large */ - return 0; - memcpy(buf, userdata, pwdlen); - return pwdlen; -} - -static int verify_cb(int ok, X509_STORE_CTX *ctx) { - char *buf = NULL; - X509 *err_cert; - int err, depth; - - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - if (depth > MAX_CERT_DEPTH) { - ok = 0; - err = X509_V_ERR_CERT_CHAIN_TOO_LONG; - X509_STORE_CTX_set_error(ctx, err); - } - - if (!ok) { - if (err_cert) - buf = X509_NAME_oneline(X509_get_subject_name(err_cert), NULL, 0); - debug(DBG_WARN, "verify error: num=%d:%s:depth=%d:%s", err, X509_verify_cert_error_string(err), depth, buf ? buf : ""); - free(buf); - buf = NULL; - - switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - if (err_cert) { - buf = X509_NAME_oneline(X509_get_issuer_name(err_cert), NULL, 0); - if (buf) { - debug(DBG_WARN, "\tIssuer=%s", buf); - free(buf); - buf = NULL; - } - } - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - debug(DBG_WARN, "\tCertificate not yet valid"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - debug(DBG_WARN, "Certificate has expired"); - break; - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - debug(DBG_WARN, "Certificate no longer valid (after notAfter)"); - break; - case X509_V_ERR_NO_EXPLICIT_POLICY: - debug(DBG_WARN, "No Explicit Certificate Policy"); - break; - } - } - return ok; -} - -#ifdef DEBUG -static void ssl_info_callback(const SSL *ssl, int where, int ret) { - const char *s; - int w; - - w = where & ~SSL_ST_MASK; - - if (w & SSL_ST_CONNECT) - s = "SSL_connect"; - else if (w & SSL_ST_ACCEPT) - s = "SSL_accept"; - else - s = "undefined"; - - if (where & SSL_CB_LOOP) - debug(DBG_DBG, "%s:%s\n", s, SSL_state_string_long(ssl)); - else if (where & SSL_CB_ALERT) { - s = (where & SSL_CB_READ) ? "read" : "write"; - debug(DBG_DBG, "SSL3 alert %s:%s:%s\n", s, SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret)); - } - else if (where & SSL_CB_EXIT) { - if (ret == 0) - debug(DBG_DBG, "%s:failed in %s\n", s, SSL_state_string_long(ssl)); - else if (ret < 0) - debug(DBG_DBG, "%s:error in %s\n", s, SSL_state_string_long(ssl)); - } -} -#endif - -static X509_VERIFY_PARAM *createverifyparams(char **poids) { - X509_VERIFY_PARAM *pm; - ASN1_OBJECT *pobject; - int i; - - pm = X509_VERIFY_PARAM_new(); - if (!pm) - return NULL; - - for (i = 0; poids[i]; i++) { - pobject = OBJ_txt2obj(poids[i], 0); - if (!pobject) { - X509_VERIFY_PARAM_free(pm); - return NULL; - } - X509_VERIFY_PARAM_add0_policy(pm, pobject); - } - - X509_VERIFY_PARAM_set_flags(pm, X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY); - return pm; -} - -static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) { - STACK_OF(X509_NAME) *calist; - X509_STORE *x509_s; - unsigned long error; - - if (!SSL_CTX_load_verify_locations(ctx, conf->cacertfile, conf->cacertpath)) { - while ((error = ERR_get_error())) - debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); - debug(DBG_ERR, "tlsaddcacrl: Error updating TLS context %s", conf->name); - return 0; - } - - calist = conf->cacertfile ? SSL_load_client_CA_file(conf->cacertfile) : NULL; - - if (!conf->cacertfile || calist) { - if (conf->cacertpath) { - if (!calist) - calist = sk_X509_NAME_new_null(); - if (!SSL_add_dir_cert_subjects_to_stack(calist, conf->cacertpath)) { - sk_X509_NAME_free(calist); - calist = NULL; - } - } - } - if (!calist) { - while ((error = ERR_get_error())) - debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); - debug(DBG_ERR, "tlsaddcacrl: Error adding CA subjects in TLS context %s", conf->name); - return 0; - } - ERR_clear_error(); /* add_dir_cert_subj returns errors on success */ - SSL_CTX_set_client_CA_list(ctx, calist); - - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb); - SSL_CTX_set_verify_depth(ctx, MAX_CERT_DEPTH + 1); - - if (conf->crlcheck || conf->vpm) { - x509_s = SSL_CTX_get_cert_store(ctx); - if (conf->crlcheck) - X509_STORE_set_flags(x509_s, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); - if (conf->vpm) - X509_STORE_set1_param(x509_s, conf->vpm); - } - - debug(DBG_DBG, "tlsaddcacrl: updated TLS context %s", conf->name); - return 1; -} - -static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { - SSL_CTX *ctx = NULL; - unsigned long error; - - switch (type) { -#ifdef RADPROT_TLS - case RAD_TLS: - ctx = SSL_CTX_new(TLSv1_method()); - break; -#endif -#ifdef RADPROT_DTLS - case RAD_DTLS: - ctx = SSL_CTX_new(DTLSv1_method()); - SSL_CTX_set_read_ahead(ctx, 1); - break; -#endif - } - if (!ctx) { - debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name); - while ((error = ERR_get_error())) - debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); - return NULL; - } -#ifdef DEBUG - SSL_CTX_set_info_callback(ctx, ssl_info_callback); -#endif - - if (conf->certkeypwd) { - SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->certkeypwd); - SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb); - } - if (conf->certfile || conf->certkeyfile) { - if (!SSL_CTX_use_certificate_chain_file(ctx, conf->certfile) || - !SSL_CTX_use_PrivateKey_file(ctx, conf->certkeyfile, SSL_FILETYPE_PEM) || - !SSL_CTX_check_private_key(ctx)) { - while ((error = ERR_get_error())) - debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); - debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS (certfile issues) in TLS context %s", conf->name); - SSL_CTX_free(ctx); - return NULL; - } - } - - if (conf->policyoids) { - if (!conf->vpm) { - conf->vpm = createverifyparams(conf->policyoids); - if (!conf->vpm) { - debug(DBG_ERR, "tlscreatectx: Failed to add policyOIDs in TLS context %s", conf->name); - SSL_CTX_free(ctx); - return NULL; - } - } - } - - if (conf->cacertfile != NULL || conf->cacertpath != NULL) - if (!tlsaddcacrl(ctx, conf)) { - if (conf->vpm) { - X509_VERIFY_PARAM_free(conf->vpm); - conf->vpm = NULL; - } - SSL_CTX_free(ctx); - return NULL; - } - - debug(DBG_DBG, "tlscreatectx: created TLS context %s", conf->name); - return ctx; -} - -SSL_CTX *tlsgetctx(uint8_t type, struct tls *t) { - struct timeval now; - - if (!t) - return NULL; - gettimeofday(&now, NULL); - - switch (type) { -#ifdef RADPROT_TLS - case RAD_TLS: - if (t->tlsexpiry && t->tlsctx) { - if (t->tlsexpiry < now.tv_sec) { - t->tlsexpiry = now.tv_sec + t->cacheexpiry; - tlsaddcacrl(t->tlsctx, t); - } - } - if (!t->tlsctx) { - t->tlsctx = tlscreatectx(RAD_TLS, t); - if (t->cacheexpiry) - t->tlsexpiry = now.tv_sec + t->cacheexpiry; - } - return t->tlsctx; -#endif -#ifdef RADPROT_DTLS - case RAD_DTLS: - if (t->dtlsexpiry && t->dtlsctx) { - if (t->dtlsexpiry < now.tv_sec) { - t->dtlsexpiry = now.tv_sec + t->cacheexpiry; - tlsaddcacrl(t->dtlsctx, t); - } - } - if (!t->dtlsctx) { - t->dtlsctx = tlscreatectx(RAD_DTLS, t); - if (t->cacheexpiry) - t->dtlsexpiry = now.tv_sec + t->cacheexpiry; - } - return t->dtlsctx; -#endif - } - return NULL; -} - -X509 *verifytlscert(SSL *ssl) { - X509 *cert; - unsigned long error; - - if (SSL_get_verify_result(ssl) != X509_V_OK) { - debug(DBG_ERR, "verifytlscert: basic validation failed"); - while ((error = ERR_get_error())) - debug(DBG_ERR, "verifytlscert: TLS: %s", ERR_error_string(error, NULL)); - return NULL; - } - - cert = SSL_get_peer_certificate(ssl); - if (!cert) - debug(DBG_ERR, "verifytlscert: failed to obtain certificate"); - return cert; -} - -int subjectaltnameaddr(X509 *cert, int family, const struct in6_addr *addr) { - int loc, i, l, n, r = 0; - char *v; - X509_EXTENSION *ex; - STACK_OF(GENERAL_NAME) *alt; - GENERAL_NAME *gn; - - debug(DBG_DBG, "subjectaltnameaddr"); - - loc = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); - if (loc < 0) - return r; - - ex = X509_get_ext(cert, loc); - alt = X509V3_EXT_d2i(ex); - if (!alt) - return r; - - n = sk_GENERAL_NAME_num(alt); - for (i = 0; i < n; i++) { - gn = sk_GENERAL_NAME_value(alt, i); - if (gn->type != GEN_IPADD) - continue; - r = -1; - v = (char *)ASN1_STRING_data(gn->d.ia5); - l = ASN1_STRING_length(gn->d.ia5); - if (((family == AF_INET && l == sizeof(struct in_addr)) || (family == AF_INET6 && l == sizeof(struct in6_addr))) - && !memcmp(v, &addr, l)) { - r = 1; - break; - } - } - GENERAL_NAMES_free(alt); - return r; -} - -int subjectaltnameregexp(X509 *cert, int type, const char *exact, const regex_t *regex) { - int loc, i, l, n, r = 0; - char *s, *v; - X509_EXTENSION *ex; - STACK_OF(GENERAL_NAME) *alt; - GENERAL_NAME *gn; - - debug(DBG_DBG, "subjectaltnameregexp"); - - loc = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); - if (loc < 0) - return r; - - ex = X509_get_ext(cert, loc); - alt = X509V3_EXT_d2i(ex); - if (!alt) - return r; - - n = sk_GENERAL_NAME_num(alt); - for (i = 0; i < n; i++) { - gn = sk_GENERAL_NAME_value(alt, i); - if (gn->type != type) - continue; - r = -1; - v = (char *)ASN1_STRING_data(gn->d.ia5); - l = ASN1_STRING_length(gn->d.ia5); - if (l <= 0) - continue; -#ifdef DEBUG - printfchars(NULL, gn->type == GEN_DNS ? "dns" : "uri", NULL, v, l); -#endif - if (exact) { - if (memcmp(v, exact, l)) - continue; - } else { - s = stringcopy((char *)v, l); - if (!s) { - debug(DBG_ERR, "malloc failed"); - continue; - } - if (regexec(regex, s, 0, NULL, 0)) { - free(s); - continue; - } - free(s); - } - r = 1; - break; - } - GENERAL_NAMES_free(alt); - return r; -} - -int cnregexp(X509 *cert, const char *exact, const regex_t *regex) { - int loc, l; - char *v, *s; - X509_NAME *nm; - X509_NAME_ENTRY *e; - ASN1_STRING *t; - - nm = X509_get_subject_name(cert); - loc = -1; - for (;;) { - loc = X509_NAME_get_index_by_NID(nm, NID_commonName, loc); - if (loc == -1) - break; - e = X509_NAME_get_entry(nm, loc); - t = X509_NAME_ENTRY_get_data(e); - v = (char *) ASN1_STRING_data(t); - l = ASN1_STRING_length(t); - if (l < 0) - continue; - if (exact) { - if (l == strlen(exact) && !strncasecmp(exact, v, l)) - return 1; - } else { - s = stringcopy((char *)v, l); - if (!s) { - debug(DBG_ERR, "malloc failed"); - continue; - } - if (regexec(regex, s, 0, NULL, 0)) { - free(s); - continue; - } - free(s); - return 1; - } - } - return 0; -} - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/tlscommon.h b/lib/radsecproxy/tlscommon.h deleted file mode 100644 index 5a6d262..0000000 --- a/lib/radsecproxy/tlscommon.h +++ /dev/null @@ -1,42 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#include <netinet/in.h> -#include <openssl/ssl.h> - -#if defined (__cplusplus) -extern "C" { -#endif - -struct tls { - char *name; - char *cacertfile; - char *cacertpath; - char *certfile; - char *certkeyfile; - char *certkeypwd; - uint8_t crlcheck; - char **policyoids; - uint32_t cacheexpiry; - uint32_t tlsexpiry; - uint32_t dtlsexpiry; - X509_VERIFY_PARAM *vpm; - SSL_CTX *tlsctx; - SSL_CTX *dtlsctx; -}; - -#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) -SSL_CTX *tlsgetctx(uint8_t type, struct tls *t); -X509 *verifytlscert(SSL *ssl); -int subjectaltnameaddr(X509 *cert, int family, const struct in6_addr *addr); -int subjectaltnameregexp(X509 *cert, int type, const char *exact, const regex_t *regex); -int cnregexp(X509 *cert, const char *exact, const regex_t *regex); -#endif - -#if defined (__cplusplus) -} -#endif - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/tlv11.h b/lib/radsecproxy/tlv11.h deleted file mode 100644 index 87909c0..0000000 --- a/lib/radsecproxy/tlv11.h +++ /dev/null @@ -1,23 +0,0 @@ -/* Copyright (c) 2008, UNINETT AS - * Copyright (c) 2010, NORDUnet A/S */ -/* See LICENSE for licensing information. */ - -struct tlv { - uint8_t t; - uint8_t l; - uint8_t *v; -}; - -struct tlv *maketlv(uint8_t, uint8_t, void *); -struct tlv *copytlv(struct tlv *); -void freetlv(struct tlv *); -int eqtlv(struct tlv *, struct tlv *); -struct list *copytlvlist(struct list *); -void freetlvlist(struct list *); -void rmtlv(struct list *, uint8_t); -uint8_t *tlv2str(struct tlv *tlv); -uint8_t *tlv2buf(uint8_t *, const struct tlv *tlv); - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/util.c b/lib/radsecproxy/util.c deleted file mode 100644 index ad974ac..0000000 --- a/lib/radsecproxy/util.c +++ /dev/null @@ -1,256 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS */ -/* See LICENSE for licensing information. */ - -/* Code contributions from: - * - * Stefan Winter <stefan.winter@restena.lu> - */ - -#include <sys/socket.h> -#include <sys/types.h> -#include <netinet/in.h> -#include <netdb.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <fcntl.h> -#include <errno.h> -#include <sys/select.h> -#include <stdarg.h> -#include "debug.h" -#include "util.h" - -char *stringcopy(const char *s, int len) { - char *r; - if (!s) - return NULL; - if (!len) - len = strlen(s); - r = malloc(len + 1); - if (!r) - debug(DBG_ERR, "stringcopy: malloc failed"); - memcpy(r, s, len); - r[len] = '\0'; - return r; -} - -void printfchars(char *prefixfmt, char *prefix, char *charfmt, char *chars, int len) { - int i; - unsigned char *s = (unsigned char *)chars; - if (prefix) - printf(prefixfmt ? prefixfmt : "%s: ", prefix); - for (i = 0; i < len; i++) - printf(charfmt ? charfmt : "%c", s[i]); - printf("\n"); -} - -void port_set(struct sockaddr *sa, uint16_t port) { - switch (sa->sa_family) { - case AF_INET: - ((struct sockaddr_in *)sa)->sin_port = htons(port); - break; - case AF_INET6: - ((struct sockaddr_in6 *)sa)->sin6_port = htons(port); - break; - } -} - -struct sockaddr *addr_copy(struct sockaddr *in) { - struct sockaddr *out = NULL; - - switch (in->sa_family) { - case AF_INET: - out = malloc(sizeof(struct sockaddr_in)); - if (out) { - memset(out, 0, sizeof(struct sockaddr_in)); - ((struct sockaddr_in *)out)->sin_addr = ((struct sockaddr_in *)in)->sin_addr; - } - break; - case AF_INET6: - out = malloc(sizeof(struct sockaddr_in6)); - if (out) { - memset(out, 0, sizeof(struct sockaddr_in6)); - ((struct sockaddr_in6 *)out)->sin6_addr = ((struct sockaddr_in6 *)in)->sin6_addr; - } - break; - } - out->sa_family = in->sa_family; -#ifdef SIN6_LEN - out->sa_len = in->sa_len; -#endif - return out; -} - -char *addr2string(struct sockaddr *addr) { - union { - struct sockaddr *sa; - struct sockaddr_in *sa4; - struct sockaddr_in6 *sa6; - } u; - struct sockaddr_in sa4; - static char addr_buf[2][INET6_ADDRSTRLEN]; - static int i = 0; - i = !i; - u.sa = addr; - if (u.sa->sa_family == AF_INET6) { - if (IN6_IS_ADDR_V4MAPPED(&u.sa6->sin6_addr)) { - memset(&sa4, 0, sizeof(sa4)); - sa4.sin_family = AF_INET; - sa4.sin_port = u.sa6->sin6_port; - memcpy(&sa4.sin_addr, &u.sa6->sin6_addr.s6_addr[12], 4); - u.sa4 = &sa4; - } - } - if (getnameinfo(u.sa, SOCKADDRP_SIZE(u.sa), addr_buf[i], sizeof(addr_buf[i]), - NULL, 0, NI_NUMERICHOST)) { - debug(DBG_WARN, "getnameinfo failed"); - return "getnameinfo_failed"; - } - return addr_buf[i]; -} - -#if 0 -/* not in use */ -int connectport(int type, char *host, char *port) { - struct addrinfo hints, *res0, *res; - int s = -1; - - memset(&hints, 0, sizeof(hints)); - hints.ai_socktype = type; - hints.ai_family = AF_UNSPEC; - - if (getaddrinfo(host, port, &hints, &res0) != 0) { - debug(DBG_ERR, "connectport: can't resolve host %s port %s", host, port); - return -1; - } - - for (res = res0; res; res = res->ai_next) { - s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (s < 0) { - debug(DBG_WARN, "connectport: socket failed"); - continue; - } - if (connect(s, res->ai_addr, res->ai_addrlen) == 0) - break; - debug(DBG_WARN, "connectport: connect failed"); - close(s); - s = -1; - } - freeaddrinfo(res0); - return s; -} -#endif - -/* Disable the "Don't Fragment" bit for UDP sockets. It is set by default, which may cause an "oversized" - RADIUS packet to be discarded on first attempt (due to Path MTU discovery). -*/ - -void disable_DF_bit(int socket, struct addrinfo *res) { - if ((res->ai_family == AF_INET) && (res->ai_socktype == SOCK_DGRAM)) { -#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) - /* - * Turn off Path MTU discovery on IPv4/UDP sockets, Linux variant. - */ - int r, action; - debug(DBG_INFO, "disable_DF_bit: disabling DF bit (Linux variant)"); - action = IP_PMTUDISC_DONT; - r = setsockopt(socket, IPPROTO_IP, IP_MTU_DISCOVER, &action, sizeof(action)); - if (r == -1) - debug(DBG_WARN, "Failed to set IP_MTU_DISCOVER"); -#else - debug(DBG_INFO, "Non-Linux platform, unable to unset DF bit for UDP. You should check with tcpdump whether radsecproxy will send its UDP packets with DF bit set!"); -#endif - } -} - -int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) { - int s, on = 1; - struct addrinfo *res; - - for (res = addrinfo; res; res = res->ai_next) { - if (family != AF_UNSPEC && family != res->ai_family) - continue; - s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (s < 0) { - debug(DBG_WARN, "bindtoaddr: socket failed"); - continue; - } - - disable_DF_bit(s,res); - - if (reuse) - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); -#ifdef IPV6_V6ONLY - if (v6only) - setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)); -#endif - if (!bind(s, res->ai_addr, res->ai_addrlen)) - return s; - debug(DBG_WARN, "bindtoaddr: bind failed"); - close(s); - } - return -1; -} - -int connectnonblocking(int s, const struct sockaddr *addr, socklen_t addrlen, struct timeval *timeout) { - int origflags, error = 0, r = -1; - fd_set writefds; - socklen_t len; - - origflags = fcntl(s, F_GETFL, 0); - fcntl(s, F_SETFL, origflags | O_NONBLOCK); - if (!connect(s, addr, addrlen)) { - r = 0; - goto exit; - } - if (errno != EINPROGRESS) - goto exit; - - FD_ZERO(&writefds); - FD_SET(s, &writefds); - if (select(s + 1, NULL, &writefds, NULL, timeout) < 1) - goto exit; - - len = sizeof(error); - if (!getsockopt(s, SOL_SOCKET, SO_ERROR, (char*)&error, &len) && !error) - r = 0; - -exit: - fcntl(s, F_SETFL, origflags); - return r; -} - -int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src, uint16_t timeout) { - int s; - struct addrinfo *res; - struct timeval to; - - s = -1; - if (timeout) { - if (addrinfo && addrinfo->ai_next && timeout > 5) - timeout = 5; - to.tv_sec = timeout; - to.tv_usec = 0; - } - - for (res = addrinfo; res; res = res->ai_next) { - s = bindtoaddr(src, res->ai_family, 1, 1); - if (s < 0) { - debug(DBG_WARN, "connecttoserver: socket failed"); - continue; - } - if ((timeout - ? connectnonblocking(s, res->ai_addr, res->ai_addrlen, &to) - : connect(s, res->ai_addr, res->ai_addrlen)) == 0) - break; - debug(DBG_WARN, "connecttoserver: connect failed"); - close(s); - s = -1; - } - return s; -} - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/radsecproxy/util.h b/lib/radsecproxy/util.h deleted file mode 100644 index cec4673..0000000 --- a/lib/radsecproxy/util.h +++ /dev/null @@ -1,35 +0,0 @@ -/* Copyright (c) 2007-2009, UNINETT AS */ -/* See LICENSE for licensing information. */ - -#include <sys/socket.h> -#include <netdb.h> - -#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \ - sizeof(struct sockaddr_in) : \ - sizeof(struct sockaddr_in6)) - -#define SOCKADDRP_SIZE(addr) ((addr)->sa_family == AF_INET ? \ - sizeof(struct sockaddr_in) : \ - sizeof(struct sockaddr_in6)) - -#if defined (__cplusplus) -extern "C" { -#endif - -char *stringcopy(const char *s, int len); -char *addr2string(struct sockaddr *addr); -struct sockaddr *addr_copy(struct sockaddr *in); -void port_set(struct sockaddr *sa, uint16_t port); - -void printfchars(char *prefixfmt, char *prefix, char *charfmt, char *chars, int len); -void disable_DF_bit(int socket, struct addrinfo *res); -int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only); -int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src, uint16_t timeout); - -#if defined (__cplusplus) -} -#endif - -/* Local Variables: */ -/* c-file-style: "stroustrup" */ -/* End: */ diff --git a/lib/request.c b/lib/request.c deleted file mode 100644 index 40ac56d..0000000 --- a/lib/request.c +++ /dev/null @@ -1,158 +0,0 @@ -/* Copyright 2010-2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdint.h> -#include <stdlib.h> -#include <assert.h> -#include <sys/time.h> -#include <event2/event.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include <radsec/request.h> -#include <radsec/request-impl.h> -#include <radius/client.h> -#include "debug.h" -#include "conn.h" -#include "tcp.h" -#include "udp.h" - -/* RFC 5080 2.2.1. Retransmission Behavior. */ -#define IRT 2 -#define MRC 5 -#define MRT 16 -#define MRD 30 -#define RAND 100 /* Rand factor, milliseconds. */ - -int -rs_request_create (struct rs_connection *conn, struct rs_request **req_out) -{ - struct rs_request *req = rs_malloc (conn->ctx, sizeof(*req)); - assert (req_out); - if (!req) - return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - memset (req, 0, sizeof(*req)); - req->conn = conn; - *req_out = req; - return RSE_OK; -} - -void -rs_request_add_reqpkt (struct rs_request *req, struct rs_packet *req_msg) -{ - assert (req); - req->req_msg = req_msg; -} - -int -rs_request_create_authn (struct rs_connection *conn, - struct rs_request **req_out, - const char *user_name, - const char *user_pw) -{ - struct rs_request *req = NULL; - assert (req_out); - - if (rs_request_create (conn, &req)) - return -1; - - if (rs_packet_create_authn_request (conn, &req->req_msg, user_name, user_pw)) - return -1; - - if (req_out) - *req_out = req; - return RSE_OK; -} - -void -rs_request_destroy (struct rs_request *request) -{ - assert (request); - assert (request->conn); - assert (request->conn->ctx); - - if (request->req_msg) - rs_packet_destroy (request->req_msg); - rs_free (request->conn->ctx, request); -} - -static void -_rand_rt (struct timeval *res, uint32_t rtprev, uint32_t factor) -{ - uint32_t ms = rtprev * (nr_rand () % factor); - res->tv_sec = rtprev + ms / 1000; - res->tv_usec = (ms % 1000) * 1000; -} - -int -rs_request_send (struct rs_request *request, struct rs_packet **resp_msg) -{ - int r = 0; - struct rs_connection *conn = NULL; - int count = 0; - struct timeval rt = {0,0}; - struct timeval end = {0,0}; - struct timeval now = {0,0}; - struct timeval tmp_tv = {0,0}; - const struct timeval mrt_tv = {MRT,0}; - - if (!request || !request->conn || !request->req_msg || !resp_msg) - return rs_err_conn_push_fl (conn, RSE_INVAL, __FILE__, __LINE__, NULL); - conn = request->conn; - assert (!conn_user_dispatch_p (conn)); /* This function is high level. */ - - gettimeofday (&end, NULL); - end.tv_sec += MRD; - _rand_rt (&rt, IRT, RAND); - while (1) - { - rs_conn_set_timeout (conn, &rt); - - r = rs_packet_send (request->req_msg, NULL); - if (r == RSE_OK) - { - r = rs_conn_receive_packet (request->conn, - request->req_msg, - resp_msg); - if (r == RSE_OK) - break; /* Success. */ - } - if (r != RSE_TIMEOUT_CONN && r != RSE_TIMEOUT_IO) - break; /* Error. */ - - /* Timing out reading or writing. Pop the timeout error from the - stack and continue the loop. */ - rs_err_conn_pop (request->conn); - - gettimeofday (&now, NULL); - if (++count > MRC || timercmp (&now, &end, >)) - { - r = rs_err_conn_push_fl (request->conn, RSE_TIMEOUT, - __FILE__, __LINE__, NULL); - break; /* Timeout. */ - } - - /* rt = 2 * rt + rand_rt (rt, RAND); */ - timeradd (&rt, &rt, &rt); - _rand_rt (&tmp_tv, IRT, RAND); - timeradd (&rt, &tmp_tv, &rt); - if (timercmp (&rt, &mrt_tv, >)) - _rand_rt (&rt, MRT, RAND); - } - - timerclear (&rt); - rs_conn_set_timeout (conn, &rt); - - rs_debug (("%s: returning %d\n", __func__, r)); - return r; -} - -struct rs_packet * -rs_request_get_reqmsg (const struct rs_request *request) -{ - assert (request); - return request->req_msg; -} diff --git a/lib/send.c b/lib/send.c deleted file mode 100644 index 3161bbe..0000000 --- a/lib/send.c +++ /dev/null @@ -1,138 +0,0 @@ -/* Copyright 2011,2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <assert.h> -#include <event2/event.h> -#include <event2/bufferevent.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "debug.h" -#include "packet.h" -#include "event.h" -#include "peer.h" -#include "conn.h" -#include "tcp.h" -#include "udp.h" - -static int -_conn_open (struct rs_connection *conn, struct rs_packet *pkt) -{ - if (event_init_eventbase (conn)) - return -1; - - if (!conn->active_peer) - peer_pick_peer (conn); - if (!conn->active_peer) - return rs_err_conn_push_fl (conn, RSE_NOPEER, __FILE__, __LINE__, NULL); - - if (event_init_socket (conn, conn->active_peer)) - return -1; - - if (conn->realm->type == RS_CONN_TYPE_TCP - || conn->realm->type == RS_CONN_TYPE_TLS) - { - if (tcp_init_connect_timer (conn)) - return -1; - if (event_init_bufferevent (conn, conn->active_peer)) - return -1; - } - else - { - if (udp_init (conn, pkt)) - return -1; - if (udp_init_retransmit_timer (conn)) - return -1; - } - - if (!conn->is_connected) - if (!conn->is_connecting) - event_do_connect (conn); - - return RSE_OK; -} - -static int -_conn_is_open_p (struct rs_connection *conn) -{ - return conn->active_peer && conn->is_connected; -} - -/* User callback used when we're dispatching for user. */ -static void -_wcb (void *user_data) -{ - struct rs_packet *pkt = (struct rs_packet *) user_data; - assert (pkt); - pkt->flags |= RS_PACKET_SENT; - if (pkt->conn->bev) - bufferevent_disable (pkt->conn->bev, EV_WRITE|EV_READ); - else - event_del (pkt->conn->wev); -} - -int -rs_packet_send (struct rs_packet *pkt, void *user_data) -{ - struct rs_connection *conn = NULL; - int err = 0; - - assert (pkt); - assert (pkt->conn); - conn = pkt->conn; - - if (_conn_is_open_p (conn)) - packet_do_send (pkt); - else - if (_conn_open (conn, pkt)) - return -1; - - assert (conn->evb); - assert (conn->active_peer); - assert (conn->fd >= 0); - - conn->user_data = user_data; - - if (conn->bev) /* TCP */ - { - bufferevent_setcb (conn->bev, NULL, tcp_write_cb, tcp_event_cb, pkt); - bufferevent_enable (conn->bev, EV_WRITE); - } - else /* UDP */ - { - event_assign (conn->wev, conn->evb, event_get_fd (conn->wev), - EV_WRITE, event_get_callback (conn->wev), pkt); - err = event_add (conn->wev, NULL); - if (err < 0) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "event_add: %s", - evutil_gai_strerror (err)); - } - - /* Do dispatch, unless the user wants to do it herself. */ - if (!conn_user_dispatch_p (conn)) - { - conn->callbacks.sent_cb = _wcb; - conn->user_data = pkt; - rs_debug (("%s: entering event loop\n", __func__)); - err = event_base_dispatch (conn->evb); - if (err < 0) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "event_base_dispatch: %s", - evutil_gai_strerror (err)); - rs_debug (("%s: event loop done\n", __func__)); - conn->callbacks.sent_cb = NULL; - conn->user_data = NULL; - - if ((pkt->flags & RS_PACKET_SENT) == 0) - { - assert (rs_err_conn_peek_code (conn)); - return rs_err_conn_peek_code (conn); - } - } - - return RSE_OK; -} diff --git a/lib/tcp.c b/lib/tcp.c deleted file mode 100644 index 07bc109..0000000 --- a/lib/tcp.c +++ /dev/null @@ -1,274 +0,0 @@ -/* Copyright 2011-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <assert.h> -#include <event2/event.h> -#include <event2/bufferevent.h> -#if defined (RS_ENABLE_TLS) -#include <event2/bufferevent_ssl.h> -#include <openssl/err.h> -#endif -#include <radius/client.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "tcp.h" -#include "packet.h" -#include "conn.h" -#include "debug.h" -#include "event.h" - -#if defined (DEBUG) -#include <event2/buffer.h> -#endif - -/** Read one RADIUS packet header. Return !0 on error. */ -static int -_read_header (struct rs_packet *pkt) -{ - size_t n = 0; - - n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN); - if (n == RS_HEADER_LEN) - { - pkt->flags |= RS_PACKET_HEADER_READ; - pkt->rpkt->length = (pkt->hdr[2] << 8) + pkt->hdr[3]; - if (pkt->rpkt->length < 20 || pkt->rpkt->length > RS_MAX_PACKET_LEN) - { - rs_debug (("%s: invalid packet length: %d\n", - __func__, pkt->rpkt->length)); - rs_conn_disconnect (pkt->conn); - return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, - "invalid packet length: %d", - pkt->rpkt->length); - } - memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN); - bufferevent_setwatermark (pkt->conn->bev, EV_READ, - pkt->rpkt->length - RS_HEADER_LEN, 0); - rs_debug (("%s: packet header read, total pkt len=%d\n", - __func__, pkt->rpkt->length)); - } - else if (n < 0) - { - rs_debug (("%s: buffer frozen while reading header\n", __func__)); - } - else /* Error: libevent gave us less than the low watermark. */ - { - rs_debug (("%s: got: %d octets reading header\n", __func__, n)); - rs_conn_disconnect (pkt->conn); - return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__, - "got %d octets reading header", n); - } - - return 0; -} - -/** Read a message, check that it's valid RADIUS and hand it off to - registered user callback. - - The packet is read from the bufferevent associated with \a pkt and - the data is stored in \a pkt->rpkt. - - Return 0 on success and !0 on failure. */ -static int -_read_packet (struct rs_packet *pkt) -{ - size_t n = 0; - int err; - - rs_debug (("%s: trying to read %d octets of packet data\n", __func__, - pkt->rpkt->length - RS_HEADER_LEN)); - - n = bufferevent_read (pkt->conn->bev, - pkt->rpkt->data + RS_HEADER_LEN, - pkt->rpkt->length - RS_HEADER_LEN); - - rs_debug (("%s: read %ld octets of packet data\n", __func__, n)); - - if (n == pkt->rpkt->length - RS_HEADER_LEN) - { - bufferevent_disable (pkt->conn->bev, EV_READ); - rs_debug (("%s: complete packet read\n", __func__)); - pkt->flags &= ~RS_PACKET_HEADER_READ; - memset (pkt->hdr, 0, sizeof(*pkt->hdr)); - - /* Checks done by rad_packet_ok: - - lenghts (FIXME: checks really ok for tcp?) - - invalid code field - - attribute lengths >= 2 - - attribute sizes adding up correctly */ - err = nr_packet_ok (pkt->rpkt); - if (err != RSE_OK) - { - rs_debug (("%s: %d: invalid packet\n", __func__, -err)); - rs_conn_disconnect (pkt->conn); - return rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, - "invalid packet"); - } - -#if defined (DEBUG) - /* Find out what happens if there's data left in the buffer. */ - { - size_t rest = 0; - rest = evbuffer_get_length (bufferevent_get_input (pkt->conn->bev)); - if (rest) - rs_debug (("%s: returning with %d octets left in buffer\n", __func__, - rest)); - } -#endif - - /* Hand over message to user. This changes ownership of pkt. - Don't touch it afterwards -- it might have been freed. */ - if (pkt->conn->callbacks.received_cb) - pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data); - } - else if (n < 0) /* Buffer frozen. */ - rs_debug (("%s: buffer frozen when reading packet\n", __func__)); - else /* Short packet. */ - rs_debug (("%s: waiting for another %d octets\n", __func__, - pkt->rpkt->length - RS_HEADER_LEN - n)); - - return 0; -} - -/* The read callback for TCP. - - Read exactly one RADIUS message from BEV and store it in struct - rs_packet passed in USER_DATA. - - Inform upper layer about successful reception of received RADIUS - message by invoking conn->callbacks.recevied_cb(), if !NULL. */ -void -tcp_read_cb (struct bufferevent *bev, void *user_data) -{ - struct rs_packet *pkt = (struct rs_packet *) user_data; - - assert (pkt); - assert (pkt->conn); - assert (pkt->rpkt); - - pkt->rpkt->sockfd = pkt->conn->fd; - pkt->rpkt->vps = NULL; /* FIXME: can this be done when initializing pkt? */ - - /* Read a message header if not already read, return if that - fails. Read a message and have it dispatched to the user - registered callback. - - Room for improvement: Peek inside buffer (evbuffer_copyout()) to - avoid the extra copying. */ - if ((pkt->flags & RS_PACKET_HEADER_READ) == 0) - if (_read_header (pkt)) - return; /* Error. */ - _read_packet (pkt); -} - -void -tcp_event_cb (struct bufferevent *bev, short events, void *user_data) -{ - struct rs_packet *pkt = (struct rs_packet *) user_data; - struct rs_connection *conn = NULL; - int sockerr = 0; -#if defined (RS_ENABLE_TLS) - unsigned long tlserr = 0; -#endif -#if defined (DEBUG) - struct rs_peer *p = NULL; -#endif - - assert (pkt); - assert (pkt->conn); - conn = pkt->conn; -#if defined (DEBUG) - assert (pkt->conn->active_peer); - p = conn->active_peer; -#endif - - conn->is_connecting = 0; - if (events & BEV_EVENT_CONNECTED) - { - if (conn->tev) - evtimer_del (conn->tev); /* Cancel connect timer. */ - if (event_on_connect (conn, pkt)) - { - event_on_disconnect (conn); - event_loopbreak (conn); - } - } - else if (events & BEV_EVENT_EOF) - { - event_on_disconnect (conn); - } - else if (events & BEV_EVENT_TIMEOUT) - { - rs_debug (("%s: %p times out on %s\n", __func__, p, - (events & BEV_EVENT_READING) ? "read" : "write")); - rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL); - } - else if (events & BEV_EVENT_ERROR) - { - sockerr = evutil_socket_geterror (conn->active_peer->fd); - if (sockerr == 0) /* FIXME: True that errno == 0 means closed? */ - { - event_on_disconnect (conn); - rs_err_conn_push_fl (conn, RSE_DISCO, __FILE__, __LINE__, NULL); - } - else - { - rs_debug (("%s: %d: %d (%s)\n", __func__, conn->fd, sockerr, - evutil_socket_error_to_string (sockerr))); - rs_err_conn_push_fl (conn, RSE_SOCKERR, __FILE__, __LINE__, - "%d: %d (%s)", conn->fd, sockerr, - evutil_socket_error_to_string (sockerr)); - } -#if defined (RS_ENABLE_TLS) - if (conn->tls_ssl) /* FIXME: correct check? */ - { - for (tlserr = bufferevent_get_openssl_error (conn->bev); - tlserr; - tlserr = bufferevent_get_openssl_error (conn->bev)) - { - rs_debug (("%s: openssl error: %s\n", __func__, - ERR_error_string (tlserr, NULL))); - rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__, - ERR_error_string (tlserr, NULL)); - } - } -#endif /* RS_ENABLE_TLS */ - event_loopbreak (conn); - } - -#if defined (DEBUG) - if (events & BEV_EVENT_ERROR && events != BEV_EVENT_ERROR) - rs_debug (("%s: BEV_EVENT_ERROR and more: 0x%x\n", __func__, events)); -#endif -} - -void -tcp_write_cb (struct bufferevent *bev, void *ctx) -{ - struct rs_packet *pkt = (struct rs_packet *) ctx; - - assert (pkt); - assert (pkt->conn); - - if (pkt->conn->callbacks.sent_cb) - pkt->conn->callbacks.sent_cb (pkt->conn->user_data); -} - -int -tcp_init_connect_timer (struct rs_connection *conn) -{ - assert (conn); - - if (conn->tev) - event_free (conn->tev); - conn->tev = evtimer_new (conn->evb, event_conn_timeout_cb, conn); - if (!conn->tev) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "evtimer_new"); - - return RSE_OK; -} diff --git a/lib/tcp.h b/lib/tcp.h deleted file mode 100644 index eddc4c8..0000000 --- a/lib/tcp.h +++ /dev/null @@ -1,7 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -void tcp_event_cb (struct bufferevent *bev, short events, void *user_data); -void tcp_read_cb (struct bufferevent *bev, void *user_data); -void tcp_write_cb (struct bufferevent *bev, void *ctx); -int tcp_init_connect_timer (struct rs_connection *conn); diff --git a/lib/tests/Makefile.am b/lib/tests/Makefile.am deleted file mode 100644 index 09f9d28..0000000 --- a/lib/tests/Makefile.am +++ /dev/null @@ -1,12 +0,0 @@ -AUTOMAKE_OPTIONS = foreign -AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir) -AM_CFLAGS = -Wall -Werror -g - -TESTS = test-udp - -check_PROGRAMS = test-udp udp-server - -test_udp_SOURCES = test-udp.c udp.c udp.h -test_udp_LDADD = ../libradsec.la -lcunit -lm - -udp_server_SOURCES = udp-server.c udp.c udp.h diff --git a/lib/tests/README b/lib/tests/README deleted file mode 100644 index 33bddc1..0000000 --- a/lib/tests/README +++ /dev/null @@ -1,39 +0,0 @@ -This is the README file for the test directory of libradsec. - -Build ------ - -In order to build and run the tests, you'll need to have CUnit -installed. - -Source code: http://cunit.sourceforge.net/ -Debian package: libcunit1-dev -FreeBSD port: devel/cunit - - -Run ---- - -NOTE: To run the tests you currently need -- a RADIUS server running at localhost:1820 with the shared RADIUS - secret "sikrit" configured (or whatever "test-udp-auth" in test.conf - says) -- a user "molgan@PROJECT-MOONSHOT.ORG" with password "password" - present in the RADIUS database -These requirements will be removed in a future libradsec release. - - -Run the tests by typing - - make check - -The output should read something like - - --Run Summary: Type Total Ran Passed Failed - suites 2 2 n/a 0 - tests 2 2 2 0 - asserts 23 23 23 0 - PASS: test-udp - ============= - 1 test passed - ============= diff --git a/lib/tests/demoCA/index.txt b/lib/tests/demoCA/index.txt deleted file mode 100644 index 51f934f..0000000 --- a/lib/tests/demoCA/index.txt +++ /dev/null @@ -1,3 +0,0 @@ -V 250806115449Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ca -V 250806115457Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=srv1 -V 250806115504Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=cli1 diff --git a/lib/tests/demoCA/index.txt.attr b/lib/tests/demoCA/index.txt.attr deleted file mode 100644 index 8f7e63a..0000000 --- a/lib/tests/demoCA/index.txt.attr +++ /dev/null @@ -1 +0,0 @@ -unique_subject = yes diff --git a/lib/tests/demoCA/newcerts/01.pem b/lib/tests/demoCA/newcerts/01.pem deleted file mode 100644 index 29cb5ee..0000000 --- a/lib/tests/demoCA/newcerts/01.pem +++ /dev/null @@ -1,46 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca - Validity - Not Before: Sep 12 11:54:49 2012 GMT - Not After : Aug 6 11:54:49 2025 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (512 bit) - Modulus: - 00:eb:9e:52:bf:1a:7c:32:63:9f:96:80:71:f1:98: - 87:90:97:f1:7a:4a:81:6d:66:7e:8e:7c:50:5f:f9: - 6e:94:1a:b0:7b:46:87:b5:9e:23:48:04:ad:f3:55: - a1:f9:31:50:a1:10:ab:ca:ba:70:ac:58:95:4e:9d: - 3a:2b:52:36:df - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 - X509v3 Authority Key Identifier: - keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 15:12:3b:79:3d:61:d2:c7:d2:a8:0c:df:82:ea:66:76:26:cb: - ab:b5:83:a3:52:a0:23:1a:a9:92:8e:93:41:f7:6c:3f:8a:2c: - bd:32:3d:70:3f:b6:fd:f2:37:50:0a:66:8c:1c:44:bf:ef:50: - 24:33:bd:48:47:04:ee:8c:61:88 ------BEGIN CERTIFICATE----- -MIIB5TCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU0NDlaFw0yNTA4MDYxMTU0 -NDlaMFIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK -DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAMMAmNhMFwwDQYJKoZI -hvcNAQEBBQADSwAwSAJBAOueUr8afDJjn5aAcfGYh5CX8XpKgW1mfo58UF/5bpQa -sHtGh7WeI0gErfNVofkxUKEQq8q6cKxYlU6dOitSNt8CAwEAAaNQME4wHQYDVR0O -BBYEFBFXQAvwMy+uwtqkOgC66TSzdSAFMB8GA1UdIwQYMBaAFBFXQAvwMy+uwtqk -OgC66TSzdSAFMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADQQAVEjt5PWHS -x9KoDN+C6mZ2JsurtYOjUqAjGqmSjpNB92w/iiy9Mj1wP7b98jdQCmaMHES/71Ak -M71IRwTujGGI ------END CERTIFICATE----- diff --git a/lib/tests/demoCA/newcerts/02.pem b/lib/tests/demoCA/newcerts/02.pem deleted file mode 100644 index 2e1cccb..0000000 --- a/lib/tests/demoCA/newcerts/02.pem +++ /dev/null @@ -1,49 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca - Validity - Not Before: Sep 12 11:54:57 2012 GMT - Not After : Aug 6 11:54:57 2025 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=srv1 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (512 bit) - Modulus: - 00:ac:21:78:6f:cb:1c:10:c2:71:7b:72:03:e3:4b: - b2:c7:f6:63:3f:69:d3:d3:48:e0:90:16:0f:5a:44: - f5:9c:ed:b9:6b:72:be:11:6e:26:09:32:0c:51:25: - 10:35:fe:a0:33:fe:cf:90:9f:2c:8b:3a:c5:98:86: - c2:a9:5c:ba:a7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 08:13:6F:A0:93:47:21:31:9F:02:79:A5:CF:24:4A:D1:0B:A7:10:09 - X509v3 Authority Key Identifier: - keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 - - Signature Algorithm: sha1WithRSAEncryption - 2c:7e:61:65:48:cc:46:50:58:cc:9d:1b:b2:e7:2d:2b:72:e2: - a1:2f:2c:14:35:4d:b8:42:87:66:57:77:c4:02:17:fa:3c:db: - 83:3f:89:37:ae:f8:e9:00:fe:96:d8:4b:80:63:db:08:7a:c6: - e1:c7:59:ec:d9:76:4a:be:1a:19 ------BEGIN CERTIFICATE----- -MIICEjCCAbygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU0NTdaFw0yNTA4MDYxMTU0 -NTdaMFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK -DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBHNydjEwXDANBgkq -hkiG9w0BAQEFAANLADBIAkEArCF4b8scEMJxe3ID40uyx/ZjP2nT00jgkBYPWkT1 -nO25a3K+EW4mCTIMUSUQNf6gM/7PkJ8sizrFmIbCqVy6pwIDAQABo3sweTAJBgNV -HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp -Y2F0ZTAdBgNVHQ4EFgQUCBNvoJNHITGfAnmlzyRK0QunEAkwHwYDVR0jBBgwFoAU -EVdAC/AzL67C2qQ6ALrpNLN1IAUwDQYJKoZIhvcNAQEFBQADQQAsfmFlSMxGUFjM -nRuy5y0rcuKhLywUNU24QodmV3fEAhf6PNuDP4k3rvjpAP6W2EuAY9sIesbhx1ns -2XZKvhoZ ------END CERTIFICATE----- diff --git a/lib/tests/demoCA/newcerts/03.pem b/lib/tests/demoCA/newcerts/03.pem deleted file mode 100644 index d07be19..0000000 --- a/lib/tests/demoCA/newcerts/03.pem +++ /dev/null @@ -1,49 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=ca - Validity - Not Before: Sep 12 11:55:04 2012 GMT - Not After : Aug 6 11:55:04 2025 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=cli1 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (512 bit) - Modulus: - 00:99:7b:86:e0:46:de:f1:69:10:97:f8:4e:78:c8: - ee:c2:c8:65:64:90:72:dd:51:4f:c6:58:78:49:07: - 61:b9:ed:0a:77:7b:d2:6a:c3:49:e5:91:6c:bf:78: - d0:fc:8a:5c:80:1a:b0:03:28:b2:ea:e8:c8:a0:b6: - be:a1:42:30:5d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 10:17:90:80:D8:B0:7E:91:91:13:32:27:8C:EF:A6:DE:9F:C1:C4:A7 - X509v3 Authority Key Identifier: - keyid:11:57:40:0B:F0:33:2F:AE:C2:DA:A4:3A:00:BA:E9:34:B3:75:20:05 - - Signature Algorithm: sha1WithRSAEncryption - b1:08:87:88:7d:90:78:01:da:4a:e7:be:82:22:3f:58:07:f7: - 46:a9:9a:42:a4:88:d9:b8:6a:69:bf:cb:d0:39:2d:c9:49:06: - fa:31:80:66:17:32:cc:e8:ae:36:9c:c1:d5:ae:6d:3c:eb:72: - 77:55:92:fa:ab:f5:a3:bc:19:2d ------BEGIN CERTIFICATE----- -MIICEjCCAbygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQswCQYDVQQDDAJjYTAeFw0xMjA5MTIxMTU1MDRaFw0yNTA4MDYxMTU1 -MDRaMFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK -DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBGNsaTEwXDANBgkq -hkiG9w0BAQEFAANLADBIAkEAmXuG4Ebe8WkQl/hOeMjuwshlZJBy3VFPxlh4SQdh -ue0Kd3vSasNJ5ZFsv3jQ/IpcgBqwAyiy6ujIoLa+oUIwXQIDAQABo3sweTAJBgNV -HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp -Y2F0ZTAdBgNVHQ4EFgQUEBeQgNiwfpGREzInjO+m3p/BxKcwHwYDVR0jBBgwFoAU -EVdAC/AzL67C2qQ6ALrpNLN1IAUwDQYJKoZIhvcNAQEFBQADQQCxCIeIfZB4AdpK -576CIj9YB/dGqZpCpIjZuGppv8vQOS3JSQb6MYBmFzLM6K42nMHVrm0863J3VZL6 -q/WjvBkt ------END CERTIFICATE----- diff --git a/lib/tests/demoCA/private/cakey.pem b/lib/tests/demoCA/private/cakey.pem deleted file mode 100644 index e7df9d0..0000000 --- a/lib/tests/demoCA/private/cakey.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAOueUr8afDJjn5aAcfGYh5CX8XpKgW1mfo58UF/5bpQasHtGh7We -I0gErfNVofkxUKEQq8q6cKxYlU6dOitSNt8CAwEAAQJAR+SmQPN24/Ur88M7gUlW -TBNgtjzXoyb8BMP/zlkQmZW5Tcv1xCa1UwK33u2wSmhSNP6zA1QrC2d2pv/7XZEp -wQIhAPpf2QuEooR5BPrvDiAVPlKp31EROrZOiOV5hbV1Kzx/AiEA8OmZZrvgrdQu -3PKRLfxD11NKf0yhC+7WdVWguYZ1VaECIF99XMcyz9TcXxThRa7gy0M1vJErlAvh -yf5TKba6OEI7AiBpNctdl11G7OxOZ8zJZWsHRYO6Vm/as0KLWYromvTxIQIhAK0c -r+G23R+dHDUdNEBSi6G74dbaJqaA8LsVr9w9m5gY ------END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/cli1.key b/lib/tests/demoCA/private/cli1.key deleted file mode 100644 index 09381f1..0000000 --- a/lib/tests/demoCA/private/cli1.key +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOQIBAAJBAJl7huBG3vFpEJf4TnjI7sLIZWSQct1RT8ZYeEkHYbntCnd70mrD -SeWRbL940PyKXIAasAMosuroyKC2vqFCMF0CAwEAAQJAEozki1zle0YYlFWVnnGi -sfYokxQGXguC2dU9jI4Q2LjGut6mVx/zLIU59BS4nUq2aYHg0hxwwzOba92c0lT/ -HQIhAMp0+k7FtDdRQzIaDzeEY6MYyLhhhukhI3xpyXYVuyx7AiEAwhLQl6hYlsgh -78CzTAhAdbheAwIQWyvY7XjKzxdpGwcCIG/hr0YC2bHMNZ8laY1bmxhRpPLH6p9A -0fR6HXwlTDerAiA1y21SfHGB6huuD2Yjry3e86nrf4j1HKRWvuLIoJ6bxQIgWmyj -YOSFsaBwj9ptkY0d4H84SDHnt7GRypm0/98OSg8= ------END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/private/srv1.key b/lib/tests/demoCA/private/srv1.key deleted file mode 100644 index 284f1e1..0000000 --- a/lib/tests/demoCA/private/srv1.key +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAKwheG/LHBDCcXtyA+NLssf2Yz9p09NI4JAWD1pE9ZztuWtyvhFu -JgkyDFElEDX+oDP+z5CfLIs6xZiGwqlcuqcCAwEAAQJAbviJF7GfH2LsHISt4vyr -fuTmqTxF1wI13E6MiUrJ+eftT7Hq1Wq6B7gmlI1iJiJLlAH6o93PYhp8559Dfp+q -wQIhAOMbFp0NJPrVpycx5dQAYpM/edqXoOENQf1lMLOmOHlhAiEAwgfTbAaGNfQS -uXfzj0sx+IvoKE/MXfLKZ/uE9futCQcCIQC/mMjZMo+yNrHQdV5KHxEK3RB2hFmr -xD2aA9a0mVUnwQIgbYjHdNNWDr1DmMo7h+g2RI6Ot7scruiyFPNrgwXaEB8CICMa -8wjF27wlJ2nmhM9ZXUBtvBKgU+jspsA8n+wU+o+f ------END RSA PRIVATE KEY----- diff --git a/lib/tests/demoCA/serial b/lib/tests/demoCA/serial deleted file mode 100644 index 6496923..0000000 --- a/lib/tests/demoCA/serial +++ /dev/null @@ -1 +0,0 @@ -04 diff --git a/lib/tests/test-udp.c b/lib/tests/test-udp.c deleted file mode 100644 index ed176c0..0000000 --- a/lib/tests/test-udp.c +++ /dev/null @@ -1,153 +0,0 @@ -/* Copyright 2011,2013, NORDUnet A/S. All rights reserved. */ -/* See LICENSE for licensing information. */ - -#include <stdlib.h> -#include <assert.h> -#include <CUnit/Basic.h> -#include "radius/client.h" -#include "radsec/radsec.h" -#include "radsec/request.h" -#include "udp.h" - -static void -authenticate (struct rs_connection *conn, const char *user, const char *pw) -{ - struct rs_request *req; - struct rs_packet *msg, *resp; - - CU_ASSERT (rs_request_create (conn, &req) == 0); - CU_ASSERT (!rs_packet_create_authn_request (conn, &msg, user, pw)); - rs_request_add_reqpkt (req, msg); - CU_ASSERT (rs_request_send (req, &resp) == 0); - //printf ("%s\n", rs_err_msg (rs_err_conn_pop (conn), 1)); - CU_ASSERT (rs_packet_code(resp) == PW_ACCESS_ACCEPT); - - rs_request_destroy (req); -} - -static void -send_more_than_one_msg_in_one_packet (struct rs_connection *conn) -{ - struct rs_packet *msg0, *msg1; - - CU_ASSERT (rs_packet_create_authn_request (conn, &msg0, NULL, NULL) == 0); - CU_ASSERT (rs_packet_create_authn_request (conn, &msg1, NULL, NULL) == 0); - CU_ASSERT (rs_packet_send (msg0, NULL) == 0); - CU_ASSERT (rs_packet_send (msg1, NULL) == 0); -} - -#if 0 -static void -send_large_packet (struct rs_connection *conn) -{ - struct rs_packet *msg0; - struct radius_packet *frpkt = NULL; - char *buf; - int f; - - buf = malloc (RS_MAX_PACKET_LEN); - CU_ASSERT (buf != NULL); - memset (buf, 0, RS_MAX_PACKET_LEN); - - CU_ASSERT (rs_packet_create (conn, &msg0) == 0); - /* 16 chunks --> heap corruption in evbuffer_drain detected by free() */ - for (f = 0; f < 15; f++) - { - memset (buf, 'a' + f, 252); - //vp = pairmake ("EAP-Message", buf, T_OP_EQ); - CU_ASSERT (rs_packet_append_avp (msg0, fixme...) == RSE_OK); - } - CU_ASSERT (rs_packet_send (msg0, NULL) == 0); -} -#endif /* 0 */ - -/* ************************************************************ */ -static struct setup { - char *config_file; - char *config_name; - char *username; - char *pw; -} setup; - -static void -test_auth () -{ - struct rs_context *ctx; - struct rs_connection *conn; - - setup.config_file = "test.conf"; - setup.config_name = "test-udp-auth"; - setup.username = "molgan@PROJECT-MOONSHOT.ORG"; - setup.pw = "password"; - - CU_ASSERT (rs_context_create (&ctx) == 0); - CU_ASSERT (rs_context_read_config (ctx, setup.config_file) == 0); - CU_ASSERT (rs_conn_create (ctx, &conn, setup.config_name) == 0); - - authenticate (conn, setup.username, setup.pw); - - rs_conn_destroy (conn); - rs_context_destroy (ctx); -} - -static ssize_t -test_buffering_cb (const uint8_t *buf, ssize_t len) -{ - /* "Exactly one RADIUS packet is encapsulated in the UDP Data field" - [RFC 2865]*/ -#if 0 - hd (buf, len); -#endif - CU_ASSERT (len >= 20); - CU_ASSERT (len <= RS_MAX_PACKET_LEN); - CU_ASSERT ((buf[2] << 8) + buf[3] == len); - return len; -} - -static void -test_buffering () -{ - struct rs_context *ctx; - struct rs_connection *conn; - struct timeval timeout; - struct polldata *polldata; - - CU_ASSERT (rs_context_create (&ctx) == 0); - CU_ASSERT (rs_context_read_config (ctx, "test.conf") == 0); - CU_ASSERT (rs_conn_create (ctx, &conn, "test-udp-buffering") == 0); - - timeout.tv_sec = 0; - timeout.tv_usec = 150000; - polldata = udp_server ("11820", &timeout, test_buffering_cb); - CU_ASSERT (polldata != NULL); - - send_more_than_one_msg_in_one_packet (conn); - CU_ASSERT (udp_poll (polldata) > 0); - CU_ASSERT (udp_poll (polldata) > 0); - - - udp_free_polldata (polldata); - rs_conn_destroy (conn); - rs_context_destroy (ctx); -} - -/* ************************************************************ */ -int -main (int argc, char *argv[]) -{ - CU_pSuite s = NULL; - CU_pTest t = NULL; - unsigned int nfail; - - assert (CU_initialize_registry () == CUE_SUCCESS); - s = CU_add_suite ("auth", NULL, NULL); assert (s); - t = CU_ADD_TEST (s, test_auth); assert (t); - s = CU_add_suite ("buffering", NULL, NULL); assert (s); - t = CU_ADD_TEST (s, test_buffering); assert (t); - - assert (CU_basic_run_tests () == CUE_SUCCESS); - nfail = CU_get_number_of_failures(); - - CU_cleanup_registry (); - return nfail; -} diff --git a/lib/tests/test.conf b/lib/tests/test.conf deleted file mode 100644 index 98d0330..0000000 --- a/lib/tests/test.conf +++ /dev/null @@ -1,30 +0,0 @@ -realm test-udp-auth { - type = "UDP" - server { - hostname = "localhost" - service = "1820" - secret = "sikrit" - } -} - -realm test-udp-buffering { - type = "UDP" - server { - hostname = "localhost" - service = "11820" - secret = "sikrit" - } -} - -realm test-tls-test { - type = "TLS" - cacertfile = "/home/linus/nordberg-ca.crt" - certfile = "/home/linus/p/radsecproxy/src/maatuska.nordberg.se.crt" - certkeyfile = "/home/linus/p/radsecproxy/src/maatuska.nordberg.se.key" - - server { - hostname = "localhost" - service = "1820" - secret = "sikrit" - } -} diff --git a/lib/tests/udp-server.c b/lib/tests/udp-server.c deleted file mode 100644 index 77a35df..0000000 --- a/lib/tests/udp-server.c +++ /dev/null @@ -1,35 +0,0 @@ -/* Copyright 2011, NORDUnet A/S. All rights reserved. */ -/* See LICENSE for licensing information. */ - -#include <stdlib.h> -#include <stdio.h> -#include "udp.h" - -ssize_t -handle_data (const uint8_t *buf, ssize_t len) -{ - return hd (buf, len); -} - -int -main (int argc, char *argv[]) -{ - int n, i; - struct timeval tv; - struct polldata *data; - -#define TIMEOUT 1 /* Seconds. */ - - tv.tv_sec = TIMEOUT; - tv.tv_usec = 0; - data = udp_server (argv[1], &tv, handle_data); - - for (i = 0, n = udp_poll (data); n == 0 && i < 3; n = udp_poll (data), i++) - { - fprintf (stderr, "waiting another %ld second%s\n", - tv.tv_sec, tv.tv_sec > 1 ? "s" : ""); - } - - udp_free_polldata (data); - return (n <= 0); -} diff --git a/lib/tests/udp.c b/lib/tests/udp.c deleted file mode 100644 index 2c580da..0000000 --- a/lib/tests/udp.c +++ /dev/null @@ -1,141 +0,0 @@ -/* Copyright 2011,2013, NORDUnet A/S. All rights reserved. */ -/* See LICENSE for licensing information. */ - -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <assert.h> -#include <stdio.h> -#include <event2/event.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <sys/types.h> -#include <netdb.h> -#include <sys/select.h> -#include <sys/time.h> -#include "radius/client.h" -#include "udp.h" - -static struct addrinfo * -_resolve (const char *str) -{ - static int first = 1; - static struct addrinfo hints, *result = NULL; - struct addrinfo *rp = NULL; - int r; - - if (first) - { - first = 0; - memset (&hints, 0, sizeof (hints)); - hints.ai_family = AF_INET; /* AF_UNSPEC */ - hints.ai_socktype = SOCK_DGRAM; - r = getaddrinfo (NULL, str, &hints, &result); - if (r) - fprintf (stderr, "getaddrinfo: %s\n", gai_strerror (r)); - } - - if (result) - { - rp = result; - result = result->ai_next; - } - - return rp; -} - -void -udp_free_polldata (struct polldata *data) -{ - if (data) - { - if (data->timeout) - free (data->timeout); - free (data); - } -} - -/* @return if select() returns error or timeout, return select() - else return value from invoked callback function */ -ssize_t -udp_poll (struct polldata *data) -{ - int r; - long timeout = 0; - fd_set rfds; - ssize_t len; - uint8_t buf[RS_MAX_PACKET_LEN]; - - FD_ZERO (&rfds); - FD_SET (data->s, &rfds); - if (data->timeout) - timeout = data->timeout->tv_sec; /* Save from destruction (Linux). */ - //fprintf (stderr, "calling select with timeout %ld\n", timeout); - r = select (data->s + 1, &rfds, NULL, NULL, data->timeout); - if (data->timeout) - data->timeout->tv_sec = timeout; /* Restore. */ - //fprintf (stderr, "select returning %d\n", r); - if (r > 0) - { - len = recv (data->s, buf, sizeof (buf), 0); - if (len > 0) - return data->cb (buf, len); - } - return r; -} - -struct polldata * -udp_server (const char *bindto, struct timeval *timeout, data_cb cb) -{ - struct addrinfo *res; - int s = -1; - - for (res = _resolve (bindto); res; res = _resolve (bindto)) - { - s = socket (res->ai_family, res->ai_socktype, res->ai_protocol); - if (s >= 0) - { - if (bind (s, res->ai_addr, res->ai_addrlen) == 0) - break; /* Done. */ - else - { - close (s); - s = -1; - } - } - } - - if (s >= 0) - { - struct polldata *data = malloc (sizeof (struct polldata)); - assert (data); - memset (data, 0, sizeof (struct polldata)); - data->s = s; - data->cb = cb; - if (timeout) - { - data->timeout = malloc (sizeof (struct timeval)); - assert (data->timeout); - memcpy (data->timeout, timeout, sizeof (struct timeval)); - } - return data; - } - - return NULL; -} - -ssize_t -hd (const uint8_t *buf, ssize_t len) -{ - int i; - - printf ("# len: %ld\n", len); - for (i = 0; i < len; i++) - { - printf ("%02x%s", buf[i], (i+1) % 8 ? " " : " "); - if ((i + 1) % 16 == 0) - printf ("\n"); - } - printf ("\n"); - return len; -} diff --git a/lib/tests/udp.h b/lib/tests/udp.h deleted file mode 100644 index a8d5f23..0000000 --- a/lib/tests/udp.h +++ /dev/null @@ -1,20 +0,0 @@ -/* Copyright 2011, NORDUnet A/S. All rights reserved. */ -/* See LICENSE for licensing information. */ - -#include <stdint.h> -#include <unistd.h> -#include <sys/time.h> - -typedef ssize_t (*data_cb) (const uint8_t *buf, ssize_t len); - -struct polldata { - int s; - data_cb cb; - struct timeval *timeout; -}; - -struct polldata *udp_server (const char *bindto, struct timeval *timeout, data_cb cb); -ssize_t udp_poll (struct polldata *data); -void udp_free_polldata (struct polldata *data); - -ssize_t hd (const uint8_t *buf, ssize_t len); diff --git a/lib/tls.c b/lib/tls.c deleted file mode 100644 index ba3cab5..0000000 --- a/lib/tls.c +++ /dev/null @@ -1,372 +0,0 @@ -/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdlib.h> -#include <unistd.h> -#include <assert.h> -#include <fcntl.h> -#include <limits.h> -#if defined HAVE_PTHREAD_H -#include <pthread.h> -#endif -#include <openssl/ssl.h> -#include <openssl/err.h> -#include <openssl/bn.h> -#include <openssl/x509v3.h> -#include <openssl/rand.h> -#include <openssl/crypto.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> - -#include <regex.h> -#include "radsecproxy/list.h" -#include "radsecproxy/radsecproxy.h" - -#include "tls.h" - -static struct tls * -_get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm) -{ - struct tls *c = rs_malloc (conn->ctx, sizeof (struct tls)); - - if (c) - { - memset (c, 0, sizeof (struct tls)); - /* TODO: Make sure old radsecproxy code doesn't free these all - of a sudden, or strdup them. */ - c->name = realm->name; - c->cacertfile = realm->cacertfile; - c->cacertpath = NULL; /* NYI */ - c->certfile = realm->certfile; - c->certkeyfile = realm->certkeyfile; - c->certkeypwd = NULL; /* NYI */ - c->cacheexpiry = 0; /* NYI */ - c->crlcheck = 0; /* NYI */ - c->policyoids = (char **) NULL; /* NYI */ - } - else - rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - - return c; -} - -#if defined RS_ENABLE_TLS_PSK -static unsigned int -psk_client_cb (SSL *ssl, - const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len) -{ - struct rs_connection *conn = NULL; - struct rs_credentials *cred = NULL; - - conn = SSL_get_ex_data (ssl, 0); - assert (conn != NULL); - cred = conn->active_peer->realm->transport_cred; - assert (cred != NULL); - /* NOTE: Ignoring identity hint from server. */ - - if (strlen (cred->identity) + 1 > max_identity_len) - { - rs_err_conn_push (conn, RSE_CRED, "PSK identity longer than max %d", - max_identity_len - 1); - return 0; - } - strcpy (identity, cred->identity); - - switch (cred->secret_encoding) - { - case RS_KEY_ENCODING_UTF8: - cred->secret_len = strlen (cred->secret); - if (cred->secret_len > max_psk_len) - { - rs_err_conn_push (conn, RSE_CRED, "PSK secret longer than max %d", - max_psk_len); - return 0; - } - memcpy (psk, cred->secret, cred->secret_len); - break; - case RS_KEY_ENCODING_ASCII_HEX: - { - BIGNUM *bn = NULL; - - if (BN_hex2bn (&bn, cred->secret) == 0) - { - rs_err_conn_push (conn, RSE_CRED, "Unable to convert pskhexstr"); - if (bn != NULL) - BN_clear_free (bn); - return 0; - } - if ((unsigned int) BN_num_bytes (bn) > max_psk_len) - { - rs_err_conn_push (conn, RSE_CRED, "PSK secret longer than max %d", - max_psk_len); - BN_clear_free (bn); - return 0; - } - cred->secret_len = BN_bn2bin (bn, psk); - BN_clear_free (bn); - } - break; - default: - assert (!"unknown psk encoding"); - } - - return cred->secret_len; -} -#endif /* RS_ENABLE_TLS_PSK */ - -/** Read \a buf_len bytes from one of the random devices into \a - buf. Return 0 on success and -1 on failure. */ -static int -load_rand_ (uint8_t *buf, size_t buf_len) -{ - static const char *fns[] = {"/dev/urandom", "/dev/random", NULL}; - int i; - - if (buf_len > SSIZE_MAX) - return -1; - - for (i = 0; fns[i] != NULL; i++) - { - size_t nread = 0; - int fd = open (fns[i], O_RDONLY); - if (fd < 0) - continue; - while (nread != buf_len) - { - ssize_t r = read (fd, buf + nread, buf_len - nread); - if (r < 0) - return -1; - if (r == 0) - break; - nread += r; - } - close (fd); - if (nread != buf_len) - return -1; - return 0; - } - return -1; -} - -/** Initialise OpenSSL's PRNG by possibly invoking RAND_poll() and by - feeding RAND_seed() data from one of the random devices. If either - succeeds, we're happy and return 0. */ -static int -init_openssl_rand_ (void) -{ - long openssl_version = 0; - int openssl_random_init_flag = 0; - int our_random_init_flag = 0; - uint8_t buf[32]; - - /* Older OpenSSL has a crash bug in RAND_poll (when a file it opens - gets a file descriptor with a number higher than FD_SETSIZE) so - use it only for newer versions. */ - openssl_version = SSLeay (); - if (openssl_version >= OPENSSL_V (0,9,8,'c')) - openssl_random_init_flag = RAND_poll (); - - our_random_init_flag = !load_rand_ (buf, sizeof(buf)); - if (our_random_init_flag) - RAND_seed (buf, sizeof(buf)); - memset (buf, 0, sizeof(buf)); /* FIXME: What if memset() is optimised out? */ - - if (!openssl_random_init_flag && !our_random_init_flag) - return -1; - if (!RAND_bytes (buf, sizeof(buf))) - return -1; - return 0; -} - -#if defined HAVE_PTHREADS -/** Array of pthread_mutex_t for OpenSSL. Allocated and initialised in - \a init_locking_ and never freed. */ -static pthread_mutex_t *s_openssl_mutexes = NULL; -/** Number of pthread_mutex_t's allocated at s_openssl_mutexes. */ -static int s_openssl_mutexes_count = 0; - -/** Callback for OpenSSL when a lock is to be held or released. */ -static void -openssl_locking_cb_ (int mode, int i, const char *file, int line) -{ - if (s_openssl_mutexes == NULL || i >= s_openssl_mutexes_count) - return; - if (mode & CRYPTO_LOCK) - pthread_mutex_lock (&s_openssl_mutexes[i]); - else - pthread_mutex_unlock (&s_openssl_mutexes[i]); -} - -/** Initialise any locking needed for being thread safe. Libradsec has - all its own state in one or more struct rs_context and doesn't - need locks but libraries used by libradsec may need protection. */ -static int -init_locking_ () -{ - int i, n; - n = CRYPTO_num_locks (); - - s_openssl_mutexes = calloc (n, sizeof(pthread_mutex_t)); - if (s_openssl_mutexes == NULL) - return -RSE_NOMEM; - for (i = 0; i < n; i++) - pthread_mutex_init (&s_openssl_mutexes[i], NULL); - s_openssl_mutexes_count = n; - - return 0; -} -#endif /* HAVE_PTHREADS */ - -/** Initialise the TLS library. Return 0 on success, -1 on failure. */ -int -tls_init () -{ - SSL_load_error_strings (); -#if defined HAVE_PTHREADS - if (CRYPTO_get_locking_callback () == NULL) - { - assert (s_openssl_mutexes_count == 0); - /* Allocate and initialise mutexes. We will never free - these. FIXME: Is there a portable way of having a function - invoked when a solib is unloaded? -ln */ - if (init_locking_ ()) - return -1; - CRYPTO_set_locking_callback (openssl_locking_cb_); - } -#endif /* HAVE_PTHREADS */ - SSL_library_init (); - return init_openssl_rand_ (); -} - -int -tls_init_conn (struct rs_connection *conn) -{ - struct rs_context *ctx = NULL; - struct tls *tlsconf = NULL; - SSL_CTX *ssl_ctx = NULL; - SSL *ssl = NULL; - unsigned long sslerr = 0; - - assert (conn->ctx); - ctx = conn->ctx; - - tlsconf = _get_tlsconf (conn, conn->active_peer->realm); - if (!tlsconf) - return -1; - ssl_ctx = tlsgetctx (RAD_TLS, tlsconf); - if (!ssl_ctx) - { - for (sslerr = ERR_get_error (); sslerr; sslerr = ERR_get_error ()) - rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__, - ERR_error_string (sslerr, NULL)); - return -1; - } - ssl = SSL_new (ssl_ctx); - if (!ssl) - { - for (sslerr = ERR_get_error (); sslerr; sslerr = ERR_get_error ()) - rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__, - ERR_error_string (sslerr, NULL)); - return -1; - } - -#if defined RS_ENABLE_TLS_PSK - if (conn->active_peer->realm->transport_cred != NULL) - { - SSL_set_psk_client_callback (ssl, psk_client_cb); - SSL_set_ex_data (ssl, 0, conn); - } -#endif /* RS_ENABLE_TLS_PSK */ - - conn->tls_ctx = ssl_ctx; - conn->tls_ssl = ssl; - rs_free (ctx, tlsconf); - return RSE_OK; -} - -/* draft-ietf-radext-radsec-11.txt - - * Certificate validation MUST include the verification rules as - per [RFC5280]. - - * Implementations SHOULD indicate their acceptable Certification - Authorities as per section 7.4.4 (server side) and x.y.z - ["Trusted CA Indication"] (client side) of [RFC5246] (see - Section 3.2) - - * Implementations SHOULD allow to configure a list of acceptable - certificates, identified via certificate fingerprint. When a - fingerprint configured, the fingerprint is prepended with an - ASCII label identifying the hash function followed by a colon. - Implementations MUST support SHA-1 as the hash algorithm and - use the ASCII label "sha-1" to identify the SHA-1 algorithm. - The length of a SHA-1 hash is 20 bytes and the length of the - corresponding fingerprint string is 65 characters. An example - certificate fingerprint is: sha- - 1:E1:2D:53:2B:7C:6B:8A:29:A2:76:C8:64:36:0B:08:4B:7A:F1:9E:9D - - * Peer validation always includes a check on whether the locally - configured expected DNS name or IP address of the server that - is contacted matches its presented certificate. DNS names and - IP addresses can be contained in the Common Name (CN) or - subjectAltName entries. For verification, only one of these - entries is to be considered. The following precedence - applies: for DNS name validation, subjectAltName:DNS has - precedence over CN; for IP address validation, subjectAltName: - iPAddr has precedence over CN. - - * Implementations SHOULD allow to configure a set of acceptable - values for subjectAltName:URI. - */ -int -tls_verify_cert (struct rs_connection *conn) -{ - int err = 0; - int success = 0; - X509 *peer_cert = NULL; - struct in6_addr addr; - const char *hostname = NULL; - - assert (conn->active_peer->conn == conn); - assert (conn->active_peer->hostname != NULL); - hostname = conn->active_peer->hostname; - - /* verifytlscert() performs basic verification as described by - OpenSSL VERIFY(1), i.e. verification of the certificate chain. */ - peer_cert = verifytlscert (conn->tls_ssl); - if (peer_cert == NULL) - { - err = rs_err_conn_push (conn, RSE_SSLERR, - "basic certificate validation failed"); - goto out; - } - - if (inet_pton (AF_INET, hostname, &addr)) - success = (subjectaltnameaddr (peer_cert, AF_INET, &addr) == 1); - else if (inet_pton (AF_INET6, hostname, &addr)) - success = (subjectaltnameaddr (peer_cert, AF_INET6, &addr) == 1); - else - success = (subjectaltnameregexp (peer_cert, GEN_DNS, hostname, NULL) == 1); - - if (!success) - success = (cnregexp (peer_cert, hostname, NULL) == 1); - - if (conn->realm->disable_hostname_check) - success = 1; - if (!success) - err = rs_err_conn_push (conn, RSE_CERT, "server certificate doesn't " - "match configured hostname \"%s\"", hostname); - - out: - if (peer_cert != NULL) - X509_free (peer_cert); - return err; -} diff --git a/lib/tls.h b/lib/tls.h deleted file mode 100644 index 51f2a64..0000000 --- a/lib/tls.h +++ /dev/null @@ -1,23 +0,0 @@ -/* Copyright 2010-2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined (__cplusplus) -extern "C" { -#endif - -int tls_init (void); -int tls_init_conn (struct rs_connection *conn); -int tls_verify_cert (struct rs_connection *conn); - -#define OPENSSL_VER(a,b,c,d,e) \ - (((a)<<28) | \ - ((b)<<20) | \ - ((c)<<12) | \ - ((d)<< 4) | \ - (e)) -#define OPENSSL_V(a,b,c,d) \ - OPENSSL_VER((a),(b),(c),(d)-'a'+1,0xf) - -#if defined (__cplusplus) -} -#endif diff --git a/lib/udp.c b/lib/udp.c deleted file mode 100644 index c00f215..0000000 --- a/lib/udp.c +++ /dev/null @@ -1,177 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#if defined HAVE_CONFIG_H -#include <config.h> -#endif - -#include <assert.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <event2/event.h> -#include <radius/client.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "debug.h" -#include "event.h" -#include "compat.h" -#include "udp.h" - -/* Send one packet, the first in queue. */ -static int -_send (struct rs_connection *conn, int fd) -{ - ssize_t r = 0; - struct rs_packet *pkt = conn->out_queue; - - assert (pkt->rpkt); - assert (pkt->rpkt->data); - - /* Send. */ - r = compat_send (fd, pkt->rpkt->data, pkt->rpkt->length, 0); - if (r == -1) - { - int sockerr = evutil_socket_geterror (pkt->conn->fd); - if (sockerr != EAGAIN) - return rs_err_conn_push_fl (pkt->conn, RSE_SOCKERR, __FILE__, __LINE__, - "%d: send: %d (%s)", fd, sockerr, - evutil_socket_error_to_string (sockerr)); - } - - assert (r == pkt->rpkt->length); - /* Unlink the packet. */ - conn->out_queue = pkt->next; - - /* If there are more packets in queue, add the write event again. */ - if (pkt->conn->out_queue) - { - r = event_add (pkt->conn->wev, NULL); - if (r < 0) - return rs_err_conn_push_fl (pkt->conn, RSE_EVENT, __FILE__, __LINE__, - "event_add: %s", evutil_gai_strerror (r)); - rs_debug (("%s: re-adding the write event\n", __func__)); - } - - return RSE_OK; -} - -/* Callback for conn->wev and conn->rev. FIXME: Rename. - - USER_DATA contains connection for EV_READ and a packet for - EV_WRITE. This is because we don't have a connect/establish entry - point at the user level -- send implies connect so when we're - connected we need the packet to send. */ -static void -_evcb (evutil_socket_t fd, short what, void *user_data) -{ - int err; - struct rs_packet *pkt = (struct rs_packet *) user_data; - - rs_debug (("%s: fd=%d what =", __func__, fd)); - if (what & EV_TIMEOUT) rs_debug ((" TIMEOUT -- shouldn't happen!")); - if (what & EV_READ) rs_debug ((" READ")); - if (what & EV_WRITE) rs_debug ((" WRITE")); - rs_debug (("\n")); - - assert (pkt); - assert (pkt->conn); - if (what & EV_READ) - { - /* Read a single UDP packet and stick it in USER_DATA. */ - /* TODO: Verify that unsolicited packets are dropped. */ - ssize_t r = 0; - - assert (pkt->rpkt->data); - - r = compat_recv (fd, pkt->rpkt->data, RS_MAX_PACKET_LEN, MSG_TRUNC); - if (r == -1) - { - int sockerr = evutil_socket_geterror (pkt->conn->fd); - if (sockerr == EAGAIN) - { - /* FIXME: Really shouldn't happen since we've been told - that fd is readable! */ - rs_debug (("%s: EAGAIN reading UDP packet -- wot?\n")); - goto err_out; - } - - /* Hard error. */ - rs_err_conn_push_fl (pkt->conn, RSE_SOCKERR, __FILE__, __LINE__, - "%d: recv: %d (%s)", fd, sockerr, - evutil_socket_error_to_string (sockerr)); - event_del (pkt->conn->tev); - goto err_out; - } - event_del (pkt->conn->tev); - if (r < 20 || r > RS_MAX_PACKET_LEN) /* Short or long packet. */ - { - rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, - "invalid packet length: %d", r); - goto err_out; - } - pkt->rpkt->length = (pkt->rpkt->data[2] << 8) + pkt->rpkt->data[3]; - err = nr_packet_ok (pkt->rpkt); - if (err) - { - rs_err_conn_push_fl (pkt->conn, -err, __FILE__, __LINE__, - "invalid packet"); - goto err_out; - } - /* Hand over message to user. This changes ownership of pkt. - Don't touch it afterwards -- it might have been freed. */ - if (pkt->conn->callbacks.received_cb) - pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data); - else - rs_debug (("%s: no received-callback -- dropping packet\n", __func__)); - } - else if (what & EV_WRITE) - { - if (!pkt->conn->is_connected) - event_on_connect (pkt->conn, pkt); - - if (pkt->conn->out_queue) - if (_send (pkt->conn, fd) == RSE_OK) - if (pkt->conn->callbacks.sent_cb) - pkt->conn->callbacks.sent_cb (pkt->conn->user_data); - } - return; - - err_out: - rs_conn_disconnect (pkt->conn); -} - -int -udp_init (struct rs_connection *conn, struct rs_packet *pkt) -{ - assert (!conn->bev); - - conn->rev = event_new (conn->evb, conn->fd, EV_READ|EV_PERSIST, _evcb, NULL); - conn->wev = event_new (conn->evb, conn->fd, EV_WRITE, _evcb, NULL); - if (!conn->rev || !conn->wev) - { - if (conn->rev) - { - event_free (conn->rev); - conn->rev = NULL; - } - /* ENOMEM _or_ EINVAL but EINVAL only if we use EV_SIGNAL, at - least for now (libevent-2.0.5). */ - return rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL); - } - return RSE_OK; -} - -int -udp_init_retransmit_timer (struct rs_connection *conn) -{ - assert (conn); - - if (conn->tev) - event_free (conn->tev); - conn->tev = evtimer_new (conn->evb, event_retransmit_timeout_cb, conn); - if (!conn->tev) - return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, - "evtimer_new"); - - return RSE_OK; -} diff --git a/lib/udp.h b/lib/udp.h deleted file mode 100644 index 39d1aeb..0000000 --- a/lib/udp.h +++ /dev/null @@ -1,5 +0,0 @@ -/* Copyright 2011 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -int udp_init (struct rs_connection *conn, struct rs_packet *pkt); -int udp_init_retransmit_timer (struct rs_connection *conn); diff --git a/lib/util.c b/lib/util.c deleted file mode 100644 index 70d815c..0000000 --- a/lib/util.c +++ /dev/null @@ -1,25 +0,0 @@ -/* Copyright 2012-2013 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -#include <stdlib.h> -#include <string.h> -#include <radsec/radsec.h> -#include <radsec/radsec-impl.h> -#include "util.h" - -char * -rs_strdup (struct rs_context *ctx, const char *s) -{ - size_t len; - char *buf; - - len = strlen (s); - buf = rs_malloc (ctx, len + 1); - - if (buf != NULL) - memcpy (buf, s, len + 1); - else - rs_err_ctx_push (ctx, RSE_NOMEM, __func__); - - return buf; -} diff --git a/lib/util.h b/lib/util.h deleted file mode 100644 index f988d86..0000000 --- a/lib/util.h +++ /dev/null @@ -1,4 +0,0 @@ -/* Copyright 2012 NORDUnet A/S. All rights reserved. - See LICENSE for licensing information. */ - -char *rs_strdup (struct rs_context *ctx, const char *s); |