decode.c File Reference

Functions to decode RADIUS attributes. More...

#include <freeradius-devel/util/md5.h>
#include <freeradius-devel/util/struct.h>
#include <freeradius-devel/io/test_point.h>
#include <freeradius-devel/protocol/radius/freeradius.internal.h>
#include "attrs.h"
#include <freeradius-devel/protocol/radius/rfc2869.h>
#include <freeradius-devel/protocol/radius/rfc5904.h>
#include <freeradius-devel/protocol/radius/rfc6929.h>
#include <freeradius-devel/protocol/radius/rfc7268.h>

Include dependency graph for decode.c:

Go to the source code of this file.

Macros
#define	decode_value   fr_radius_decode_pair_value

Functions
static int	_test_ctx_free (fr_radius_decode_ctx_t *ctx)
static ssize_t	decode_concat (TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *parent, uint8_t const *data, uint8_t const *end)
	Convert a "concatenated" attribute to one long VP.
static ssize_t	decode_digest_attributes (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
	Decode Digest-Attributes.
static ssize_t	decode_extended (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *da, uint8_t const *data, UNUSED size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
	Fast path for most extended attributes.
static ssize_t	decode_extended_fragments (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t attr_len, fr_radius_decode_ctx_t *packet_ctx)
	Convert a fragmented extended attr to a VP.
static ssize_t	decode_nas_filter_rule (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
	Decode NAS-Filter-Rule.
static ssize_t	decode_pair (TALLOC_CTX *ctx, fr_pair_list_t *out, NDEBUG_UNUSED fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx)
static ssize_t	decode_rfc (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
	decode an RFC-format TLV
static int	decode_test_ctx (void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict)
static ssize_t	decode_tlv_trampoline (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx)
	Wrapper called by fr_struct_from_network()
static ssize_t	decode_value_trampoline (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx)
	Wrapper called by fr_struct_from_network()
static ssize_t	decode_vsa (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t attr_len, fr_radius_decode_ctx_t *packet_ctx)
	Convert a top-level VSA to one or more VPs.
static ssize_t	decode_vsa_internal (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx, fr_dict_vendor_t const *dv)
	Convert a top-level VSA to a VP.
static ssize_t	decode_wimax (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t attr_len, fr_radius_decode_ctx_t *packet_ctx)
	Convert a Vendor-Specific WIMAX to vps.
ssize_t	fr_radius_decode_foreign (TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len)
ssize_t	fr_radius_decode_pair (TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
	Create a "normal" fr_pair_t from the given data.
ssize_t	fr_radius_decode_pair_value (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const attr_len, void *decode_ctx)
	Create any kind of VP from the attribute contents.
static ssize_t	fr_radius_decode_password (char *passwd, size_t pwlen, fr_radius_decode_ctx_t *packet_ctx)
	Decode password.
static ssize_t	fr_radius_decode_proto (TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, void *proto_ctx)
ssize_t	fr_radius_decode_tlv (TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
	Convert TLVs to one or more VPs.
int	fr_radius_decode_tlv_ok (uint8_t const *data, size_t length, size_t dv_type, size_t dv_length)
	Check if a set of RADIUS formatted TLVs are OK.
static ssize_t	fr_radius_decode_tunnel_password (uint8_t *passwd, size_t *pwlen, fr_radius_decode_ctx_t *packet_ctx)
	Decode Tunnel-Password encrypted attributes.
static void	memcpy_bounded (void *restrict dst, const void *restrict src, size_t n, const void *restrict end)

Variables
fr_test_point_pair_decode_t	radius_tp_decode_pair
fr_test_point_proto_decode_t	radius_tp_decode_proto
static const char *	reason_name [DECODE_FAIL_MAX]
static const bool	special [UINT8_MAX+1]

Detailed Description

Functions to decode RADIUS attributes.

Id

57721f9365d7a61d773c582518438b7df8634559

Copyright

2000-2003,2006-2015 The FreeRADIUS server project

Definition in file decode.c.

Macro Definition Documentation

decode_value

#define decode_value   fr_radius_decode_pair_value

Definition at line 410 of file decode.c.

Function Documentation

_test_ctx_free()

static int _test_ctx_free ( fr_radius_decode_ctx_t *  ctx )

static

Definition at line 2134 of file decode.c.

decode_concat()

static ssize_t decode_concat ( TALLOC_CTX *  ctx, fr_pair_list_t *  list, fr_dict_attr_t const *  parent, uint8_t const *  data, uint8_t const *  end  )

static

Convert a "concatenated" attribute to one long VP.

Definition at line 342 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode_digest_attributes()

static ssize_t decode_digest_attributes ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t const  data_len, fr_radius_decode_ctx_t *  packet_ctx  )

static

Decode Digest-Attributes.

The VPs are nested, and consecutive Digest-Attributes attributes are decoded into the same parent.

Definition at line 597 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode_extended()

static ssize_t decode_extended ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  da, uint8_t const *  data, UNUSED size_t  data_len, fr_radius_decode_ctx_t *  packet_ctx  )

static

Fast path for most extended attributes.

data_len has already been checked by the caller, so we don't care about it here.

Definition at line 953 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode_extended_fragments()

static ssize_t decode_extended_fragments ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t  attr_len, fr_radius_decode_ctx_t *  packet_ctx  )

static

Convert a fragmented extended attr to a VP.

Format is:

attr length extended-attr flag data...

But for the first fragment, we get passed a pointer to the "extended-attr"

Definition at line 848 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode_nas_filter_rule()

static ssize_t decode_nas_filter_rule ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t const  data_len, fr_radius_decode_ctx_t *  packet_ctx  )

static

Decode NAS-Filter-Rule.

Similar to decode_concat, but contains multiple values instead of one.

Definition at line 484 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode_pair()

static ssize_t decode_pair ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, NDEBUG_UNUSED fr_dict_attr_t const *  parent, uint8_t const *  data, size_t  data_len, void *  decode_ctx  )

static

Definition at line 2221 of file decode.c.

Here is the call graph for this function:

decode_rfc()

static ssize_t decode_rfc ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t const  data_len, void *  decode_ctx  )

static

decode an RFC-format TLV

Definition at line 415 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode_test_ctx()

static int decode_test_ctx ( void **  out, TALLOC_CTX *  ctx, UNUSED fr_dict_t const *  dict  )

static

Definition at line 2141 of file decode.c.

Here is the call graph for this function:

decode_tlv_trampoline()

static ssize_t decode_tlv_trampoline ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t  data_len, void *  decode_ctx  )

static

Wrapper called by fr_struct_from_network()

Definition at line 1450 of file decode.c.

Here is the call graph for this function:

decode_value_trampoline()

static ssize_t decode_value_trampoline ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t  data_len, void *  decode_ctx  )

static

Wrapper called by fr_struct_from_network()

Because extended attributes can continue across the current value. So that function needs to know both the value length, and the packet length. But when we're decoding values inside of a struct, we're not using extended attributes.

Definition at line 1441 of file decode.c.

Here is the call graph for this function:

decode_vsa()

static ssize_t decode_vsa ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t  attr_len, fr_radius_decode_ctx_t *  packet_ctx  )

static

Convert a top-level VSA to one or more VPs.

Definition at line 1276 of file decode.c.

Here is the call graph for this function:

decode_vsa_internal()

static ssize_t decode_vsa_internal ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t  data_len, fr_radius_decode_ctx_t *  packet_ctx, fr_dict_vendor_t const *  dv  )

static

Convert a top-level VSA to a VP.

"length" can be LONGER than just this sub-vsa.

Definition at line 726 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode_wimax()

static ssize_t decode_wimax ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, fr_dict_attr_t const *  parent, uint8_t const *  data, size_t  attr_len, fr_radius_decode_ctx_t *  packet_ctx  )

static

Convert a Vendor-Specific WIMAX to vps.

Note

Called ONLY for Vendor-Specific

Definition at line 1035 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_radius_decode_foreign()

ssize_t fr_radius_decode_foreign	(	TALLOC_CTX *	ctx,
		fr_pair_list_t *	out,
		uint8_t const *	data,
		size_t	data_len
	)

Definition at line 2088 of file decode.c.

Here is the call graph for this function:

fr_radius_decode_pair()

ssize_t fr_radius_decode_pair	(	TALLOC_CTX *	ctx,
		fr_pair_list_t *	out,
		uint8_t const *	data,
		size_t	data_len,
		fr_radius_decode_ctx_t *	packet_ctx
	)

Create a "normal" fr_pair_t from the given data.

Definition at line 1983 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_radius_decode_pair_value()

ssize_t fr_radius_decode_pair_value	(	TALLOC_CTX *	ctx,
		fr_pair_list_t *	out,
		fr_dict_attr_t const *	parent,
		uint8_t const *	data,
		size_t const	attr_len,
		void *	decode_ctx
	)

Create any kind of VP from the attribute contents.

"length" is AT LEAST the length of this attribute, as we expect the caller to have verified the data with fr_packet_ok(). "length" may be up to the length of the packet.

This function will ONLY return -1 on programmer error or OOM. If there's anything wrong with the attribute, it will ALWAYS create a "raw" attribute.

Returns

• Length on success.
• -1 on failure.

Definition at line 1475 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_radius_decode_password()

static ssize_t fr_radius_decode_password ( char *  passwd, size_t  pwlen, fr_radius_decode_ctx_t *  packet_ctx  )

static

Decode password.

Definition at line 191 of file decode.c.

Here is the call graph for this function:

fr_radius_decode_proto()

static ssize_t fr_radius_decode_proto ( TALLOC_CTX *  ctx, fr_pair_list_t *  out, uint8_t const *  data, size_t  data_len, void *  proto_ctx  )

static

Definition at line 2184 of file decode.c.

Here is the call graph for this function:

fr_radius_decode_tlv()

ssize_t fr_radius_decode_tlv	(	TALLOC_CTX *	ctx,
		fr_pair_list_t *	out,
		fr_dict_attr_t const *	parent,
		uint8_t const *	data,
		size_t	data_len,
		fr_radius_decode_ctx_t *	packet_ctx
	)

Convert TLVs to one or more VPs.

Definition at line 647 of file decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

fr_radius_decode_tlv_ok()

int fr_radius_decode_tlv_ok	(	uint8_t const *	data,
		size_t	length,
		size_t	dv_type,
		size_t	dv_length
	)

Check if a set of RADIUS formatted TLVs are OK.

Definition at line 250 of file decode.c.

Here is the caller graph for this function:

fr_radius_decode_tunnel_password()

static ssize_t fr_radius_decode_tunnel_password ( uint8_t *  passwd, size_t *  pwlen, fr_radius_decode_ctx_t *  packet_ctx  )

static

Decode Tunnel-Password encrypted attributes.

Defined in RFC-2868, this uses a two char SALT along with the initial intermediate value, to differentiate it from the above.

Definition at line 70 of file decode.c.

Here is the call graph for this function:

memcpy_bounded()

static void memcpy_bounded ( void *restrict  dst, const void *restrict  src, size_t  n, const void *restrict  end  )

static

Definition at line 42 of file decode.c.

Here is the caller graph for this function:

Variable Documentation

radius_tp_decode_pair

fr_test_point_pair_decode_t radius_tp_decode_pair

Initial value:

= {
        .test_ctx       = decode_test_ctx,
        .func           = decode_pair
}

Definition at line 2237 of file decode.c.

radius_tp_decode_proto

fr_test_point_proto_decode_t radius_tp_decode_proto

Initial value:

= {
        .test_ctx       = decode_test_ctx,
        .func           = fr_radius_decode_proto
}

Definition at line 2243 of file decode.c.

reason_name

const char* reason_name[DECODE_FAIL_MAX]

static

Initial value:

= {
        [ DECODE_FAIL_NONE ] = "all OK",
        [ DECODE_FAIL_MIN_LENGTH_PACKET ] = "packet is too small",
        [ DECODE_FAIL_MAX_LENGTH_PACKET ] = "packet is too large",
        [ DECODE_FAIL_MIN_LENGTH_FIELD ] = "length field is too small",
        [ DECODE_FAIL_MIN_LENGTH_MISMATCH ] = "length mismatch",
        [ DECODE_FAIL_HEADER_OVERFLOW ] = "header overflow",
        [ DECODE_FAIL_UNKNOWN_PACKET_CODE ] = "unknown packet code",
        [ DECODE_FAIL_INVALID_ATTRIBUTE ] = "invalid attribute",
        [ DECODE_FAIL_ATTRIBUTE_TOO_SHORT ] = "attribute too short",
        [ DECODE_FAIL_ATTRIBUTE_OVERFLOW ] = "attribute overflows the packet",
        [ DECODE_FAIL_MA_INVALID_LENGTH ] = "invalid length for Message-Authenticator",
        [ DECODE_FAIL_ATTRIBUTE_UNDERFLOW ] = "attribute underflows the packet",
        [ DECODE_FAIL_TOO_MANY_ATTRIBUTES ] = "too many attributes",
        [ DECODE_FAIL_MA_MISSING ] = "Message-Authenticator is required, but missing",
        [ DECODE_FAIL_MA_INVALID ] = "Message-Authenticator is invalid",
        [ DECODE_FAIL_UNKNOWN ] = "unknown",
}

Definition at line 2165 of file decode.c.

special

const bool special[UINT8_MAX+1]

static

Initial value:

= {
        [FR_NAS_FILTER_RULE]    = true,         
        [FR_DIGEST_ATTRIBUTES]  = true,         
 
        [FR_EAP_MESSAGE]        = true,         
        [FR_PKM_SS_CERT]        = true,         
        [FR_PKM_CA_CERT]        = true,         
        [FR_EAPOL_ANNOUNCEMENT] = true,         
 
        [FR_EXTENDED_ATTRIBUTE_1] = true,
        [FR_EXTENDED_ATTRIBUTE_2] = true,
        [FR_EXTENDED_ATTRIBUTE_3] = true,
        [FR_EXTENDED_ATTRIBUTE_4] = true,
        [FR_EXTENDED_ATTRIBUTE_5] = true,
        [FR_EXTENDED_ATTRIBUTE_6] = true,
}

Definition at line 1963 of file decode.c.