The FreeRADIUS server
$Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
|
Functions to send/receive radius packets. More...
#include <fcntl.h>
#include <ctype.h>
#include "attrs.h"
#include <freeradius-devel/io/pair.h>
#include <freeradius-devel/util/md5.h>
#include <freeradius-devel/util/net.h>
#include <freeradius-devel/util/proto.h>
#include <freeradius-devel/util/udp.h>
#include <freeradius-devel/protocol/radius/freeradius.internal.h>
Go to the source code of this file.
Macros | |
#define | FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf_push |
Functions | |
static bool | attr_valid (UNUSED fr_dict_t *dict, fr_dict_attr_t const *parent, UNUSED char const *name, UNUSED int attr, fr_type_t type, fr_dict_attr_flags_t *flags) |
int | fr_radius_allow_reply (int code, bool allowed[static FR_RADIUS_CODE_MAX]) |
ssize_t | fr_radius_ascend_secret (fr_dbuff_t *dbuff, uint8_t const *in, size_t inlen, char const *secret, uint8_t const *vector) |
Do Ascend-Send / Recv-Secret calculation. More... | |
ssize_t | fr_radius_decode (TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, fr_radius_decode_ctx_t *decode_ctx) |
ssize_t | fr_radius_decode_simple (TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, uint8_t const *vector, char const *secret) |
Simple wrapper for callers who just need a shared secret. More... | |
ssize_t | fr_radius_encode (uint8_t *packet, size_t packet_len, uint8_t const *original, char const *secret, size_t secret_len, int code, int id, fr_pair_list_t *vps) |
Encode VPS into a raw RADIUS packet. More... | |
ssize_t | fr_radius_encode_dbuff (fr_dbuff_t *dbuff, uint8_t const *original, char const *secret, size_t secret_len, int code, int id, fr_pair_list_t *vps) |
void | fr_radius_global_free (void) |
int | fr_radius_global_init (void) |
void * | fr_radius_next_encodable (fr_dlist_head_t *list, void *current, void *uctx) |
bool | fr_radius_ok (uint8_t const *packet, size_t *packet_len_p, uint32_t max_attributes, bool require_ma, decode_fail_t *reason) |
See if the data pointed to by PTR is a valid RADIUS packet. More... | |
ssize_t | fr_radius_recv_header (int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port, unsigned int *code) |
Basic validation of RADIUS packet header. More... | |
int | fr_radius_sign (uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len) |
Sign a previously encoded packet. More... | |
int | fr_radius_verify (uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len, bool require_ma) |
Verify a request / response packet. More... | |
Functions to send/receive radius packets.
Definition in file base.c.
#define FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf_push |
|
static |
int fr_radius_allow_reply | ( | int | code, |
bool | allowed[static FR_RADIUS_CODE_MAX] | ||
) |
ssize_t fr_radius_ascend_secret | ( | fr_dbuff_t * | dbuff, |
uint8_t const * | in, | ||
size_t | inlen, | ||
char const * | secret, | ||
uint8_t const * | vector | ||
) |
Do Ascend-Send / Recv-Secret calculation.
The secret is hidden by xoring with a MD5 digest created from the RADIUS shared secret and the authentication vector. We put them into MD5 in the reverse order from that used when encrypting passwords to RADIUS.
Definition at line 190 of file base.c.
ssize_t fr_radius_decode | ( | TALLOC_CTX * | ctx, |
fr_pair_list_t * | out, | ||
uint8_t * | packet, | ||
size_t | packet_len, | ||
fr_radius_decode_ctx_t * | decode_ctx | ||
) |
ssize_t fr_radius_decode_simple | ( | TALLOC_CTX * | ctx, |
fr_pair_list_t * | out, | ||
uint8_t * | packet, | ||
size_t | packet_len, | ||
uint8_t const * | vector, | ||
char const * | secret | ||
) |
ssize_t fr_radius_encode_dbuff | ( | fr_dbuff_t * | dbuff, |
uint8_t const * | original, | ||
char const * | secret, | ||
size_t | secret_len, | ||
int | code, | ||
int | id, | ||
fr_pair_list_t * | vps | ||
) |
void fr_radius_global_free | ( | void | ) |
int fr_radius_global_init | ( | void | ) |
void * fr_radius_next_encodable | ( | fr_dlist_head_t * | list, |
void * | current, | ||
void * | uctx | ||
) |
bool fr_radius_ok | ( | uint8_t const * | packet, |
size_t * | packet_len_p, | ||
uint32_t | max_attributes, | ||
bool | require_ma, | ||
decode_fail_t * | reason | ||
) |
See if the data pointed to by PTR is a valid RADIUS packet.
[in] | packet | to check. |
[in,out] | packet_len_p | The size of the packet data. |
[in] | max_attributes | to allow in the packet. |
[in] | require_ma | whether we require Message-Authenticator. |
[in] | reason | if not NULL, will have the failure reason written to where it points. |
Definition at line 457 of file base.c.
ssize_t fr_radius_recv_header | ( | int | sockfd, |
fr_ipaddr_t * | src_ipaddr, | ||
uint16_t * | src_port, | ||
unsigned int * | code | ||
) |
Basic validation of RADIUS packet header.
[in] | sockfd | we're reading from. |
[out] | src_ipaddr | of the packet. |
[out] | src_port | of the packet. |
[out] | code | Pointer to where to write the packet code. |
Definition at line 228 of file base.c.
int fr_radius_sign | ( | uint8_t * | packet, |
uint8_t const * | vector, | ||
uint8_t const * | secret, | ||
size_t | secret_len | ||
) |
Sign a previously encoded packet.
Calculates the request/response authenticator for packets which need it, and fills in the message-authenticator value if the attribute is present in the encoded packet.
[in,out] | packet | (request or response). |
[in] | vector | original packet vector to use |
[in] | secret | to sign the packet with. |
[in] | secret_len | The length of the secret. |
Definition at line 301 of file base.c.
int fr_radius_verify | ( | uint8_t * | packet, |
uint8_t const * | vector, | ||
uint8_t const * | secret, | ||
size_t | secret_len, | ||
bool | require_ma | ||
) |
Verify a request / response packet.
This function does its work by calling fr_radius_sign(), and then comparing the signature in the packet with the one we calculated. If they differ, there's a problem.
[in] | packet | the raw RADIUS packet (request or response) |
[in] | vector | the original packet vector |
[in] | secret | the shared secret |
[in] | secret_len | the length of the secret |
[in] | require_ma | whether we require Message-Authenticator. |
Definition at line 719 of file base.c.
|
static |
If we get a reply, the request must come from one of a small number of packet types.
fr_dict_attr_t const* attr_chap_challenge |
fr_dict_attr_t const* attr_chargeable_user_identity |
fr_dict_attr_t const* attr_eap_message |
fr_dict_attr_t const* attr_message_authenticator |
fr_dict_attr_t const* attr_nas_filter_rule |
fr_dict_attr_t const* attr_packet_authentication_vector |
fr_dict_attr_t const* attr_packet_type |
fr_dict_attr_t const* attr_raw_attribute |
fr_dict_attr_t const* attr_state |
fr_dict_attr_t const* attr_vendor_specific |
|
static |
char const* fr_radius_packet_name[FR_RADIUS_CODE_MAX] |
fr_table_num_sorted_t const fr_radius_request_name_table[] |
size_t fr_radius_request_name_table_len = NUM_ELEMENTS(fr_radius_request_name_table) |
fr_dict_autoload_t libfreeradius_radius_dict |
fr_dict_attr_autoload_t libfreeradius_radius_dict_attr |
fr_dict_protocol_t libfreeradius_radius_dict_protocol |
|
static |