The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
decode.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 0d7ae46287627fc3fce105bcd71bc836ce7c8a6c $
19 *
20 * @file protocols/radius/decode.c
21 * @brief Functions to decode RADIUS attributes
22 *
23 * @copyright 2000-2003,2006-2015 The FreeRADIUS server project
24 */
25RCSID("$Id: 0d7ae46287627fc3fce105bcd71bc836ce7c8a6c $")
26
27#include <freeradius-devel/util/md5.h>
28#include <freeradius-devel/util/struct.h>
29#include <freeradius-devel/io/test_point.h>
30#include <freeradius-devel/protocol/radius/freeradius.internal.h>
31
32#include "attrs.h"
33
34/*
35 * For all of the concat/extended attributes.
36 */
37#include <freeradius-devel/protocol/radius/rfc2869.h>
38#include <freeradius-devel/protocol/radius/rfc5904.h>
39#include <freeradius-devel/protocol/radius/rfc6929.h>
40#include <freeradius-devel/protocol/radius/rfc7268.h>
41
42static void memcpy_bounded(void * restrict dst, const void * restrict src, size_t n, const void * restrict end)
43{
44 size_t len = n;
45
46 if (!fr_cond_assert(n <= 65535)) {
47 return;
48 }
49
50 if (!fr_cond_assert(src <= end)) {
51 return;
52 }
53
54 if (len == 0) return;
55
56 if (!fr_cond_assert(((uint8_t const * restrict) src + len) <= (uint8_t const * restrict) end)) {
57 len = (uint8_t const * restrict) end - (uint8_t const * restrict) src;
58 }
59
60 memcpy(dst, src, len);
61}
62
63
64/** Decode Tunnel-Password encrypted attributes
65 *
66 * Defined in RFC-2868, this uses a two char SALT along with the
67 * initial intermediate value, to differentiate it from the
68 * above.
69 */
70static ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, fr_radius_decode_ctx_t *packet_ctx)
71{
72 fr_md5_ctx_t *md5_ctx, *md5_ctx_old;
73 uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH];
74 size_t i, n, encrypted_len, embedded_len;
75
76 encrypted_len = *pwlen;
77
78 /*
79 * We need at least a salt.
80 */
81 if (encrypted_len < 2) {
82 fr_strerror_const("Tunnel password is too short");
83 return -1;
84 }
85
86 /*
87 * There's a salt, but no password. Or, there's a salt
88 * and a 'data_len' octet. It's wrong, but at least we
89 * can figure out what it means: the password is empty.
90 *
91 * Note that this means we ignore the 'data_len' field,
92 * if the attribute length tells us that there's no
93 * more data. So the 'data_len' field may be wrong,
94 * but that's ok...
95 */
96 if (encrypted_len <= 3) {
97 passwd[0] = 0;
98 *pwlen = 0;
99 return 0;
100 }
101
102 encrypted_len -= 2; /* discount the salt */
103
104 md5_ctx = fr_md5_ctx_alloc_from_list();
105 md5_ctx_old = fr_md5_ctx_alloc_from_list();
106
107 fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length);
108 fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */
109
110 /*
111 * Set up the initial key:
112 *
113 * b(1) = MD5(secret + vector + salt)
114 */
115 fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH);
116 fr_md5_update(md5_ctx, passwd, 2);
117
118 embedded_len = 0;
119 for (n = 0; n < encrypted_len; n += AUTH_PASS_LEN) {
120 size_t base;
121 size_t block_len = AUTH_PASS_LEN;
122
123 /*
124 * Ensure we don't overflow the input on MD5
125 */
126 if ((n + 2 + AUTH_PASS_LEN) > *pwlen) {
127 block_len = *pwlen - n - 2;
128 }
129
130 if (n == 0) {
131 base = 1;
132
133 fr_md5_final(digest, md5_ctx);
134 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
135
136 /*
137 * A quick check: decrypt the first octet
138 * of the password, which is the
139 * 'data_len' field. Ensure it's sane.
140 */
141 embedded_len = passwd[2] ^ digest[0];
142 if (embedded_len > encrypted_len) {
143 fr_strerror_printf("Tunnel Password is too long for the attribute "
144 "(shared secret is probably incorrect!)");
145 fr_md5_ctx_free_from_list(&md5_ctx);
146 fr_md5_ctx_free_from_list(&md5_ctx_old);
147 return -1;
148 }
149
150 fr_md5_update(md5_ctx, passwd + 2, block_len);
151
152 } else {
153 base = 0;
154
155 fr_md5_final(digest, md5_ctx);
156
157 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
158 fr_md5_update(md5_ctx, passwd + n + 2, block_len);
159 }
160
161 for (i = base; i < block_len; i++) {
162 passwd[n + i - 1] = passwd[n + i + 2] ^ digest[i];
163 }
164 }
165
166 fr_md5_ctx_free_from_list(&md5_ctx);
167 fr_md5_ctx_free_from_list(&md5_ctx_old);
168
169 /*
170 * Check trailing bytes
171 */
172 if (packet_ctx->tunnel_password_zeros) for (i = embedded_len; i < (encrypted_len - 1); i++) { /* -1 for length field */
173 if (passwd[i] != 0) {
174 fr_strerror_printf("Trailing garbage in Tunnel Password "
175 "(shared secret is probably incorrect!)");
176
177 return -1;
178 }
179 }
180
181 *pwlen = embedded_len;
182
183 passwd[embedded_len] = '\0';
184
185 return embedded_len;
186}
187
188/** Decode password
189 *
190 */
191static ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, fr_radius_decode_ctx_t *packet_ctx)
192{
193 fr_md5_ctx_t *md5_ctx, *md5_ctx_old;
194 uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH];
195 int i;
196 size_t n;
197
198 /*
199 * The RFC's say that the maximum is 128, but where we
200 * come from, we don't need limits.
201 */
202 if (pwlen > RADIUS_MAX_PASS_LENGTH) pwlen = RADIUS_MAX_PASS_LENGTH;
203
204 /*
205 * Catch idiots.
206 */
207 if (pwlen == 0) goto done;
208
209 md5_ctx = fr_md5_ctx_alloc_from_list();
210 md5_ctx_old = fr_md5_ctx_alloc_from_list();
211
212 fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length);
213 fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */
214
215 /*
216 * The inverse of the code above.
217 */
218 for (n = 0; n < pwlen; n += AUTH_PASS_LEN) {
219 if (n == 0) {
220 fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH);
221 fr_md5_final(digest, md5_ctx);
222
223 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
224 if (pwlen > AUTH_PASS_LEN) {
225 fr_md5_update(md5_ctx, (uint8_t *) passwd, AUTH_PASS_LEN);
226 }
227 } else {
228 fr_md5_final(digest, md5_ctx);
229
230 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
231 if (pwlen > (n + AUTH_PASS_LEN)) {
232 fr_md5_update(md5_ctx, (uint8_t *) passwd + n, AUTH_PASS_LEN);
233 }
234 }
235
236 for (i = 0; i < AUTH_PASS_LEN; i++) passwd[i + n] ^= digest[i];
237 }
238
239 fr_md5_ctx_free_from_list(&md5_ctx);
240 fr_md5_ctx_free_from_list(&md5_ctx_old);
241
242 done:
243 passwd[pwlen] = '\0';
244 return strlen(passwd);
245}
246
247/** Check if a set of RADIUS formatted TLVs are OK
248 *
249 */
250int fr_radius_decode_tlv_ok(uint8_t const *data, size_t length, size_t dv_type, size_t dv_length)
251{
252 uint8_t const *end = data + length;
253
254 FR_PROTO_TRACE("Checking TLV %u/%u", (unsigned int) dv_type, (unsigned int) dv_length);
255
256 FR_PROTO_HEX_DUMP(data, length, "tlv_ok");
257
258 if ((dv_length > 2) || (dv_type == 0) || (dv_type > 4)) {
259 fr_strerror_printf("%s: Invalid arguments", __FUNCTION__);
260 return -1;
261 }
262
263 while (data < end) {
264 size_t attrlen;
265
266 if ((data + dv_type + dv_length) > end) {
267 fr_strerror_const("Attribute header overflow");
268 return -1;
269 }
270
271 switch (dv_type) {
272 case 4:
273 if ((data[0] == 0) && (data[1] == 0) &&
274 (data[2] == 0) && (data[3] == 0)) {
275 zero:
276 fr_strerror_const("Invalid attribute 0");
277 return -1;
278 }
279
280 if (data[0] != 0) {
281 fr_strerror_const("Invalid attribute > 2^24");
282 return -1;
283 }
284 break;
285
286 case 2:
287 if ((data[0] == 0) && (data[1] == 0)) goto zero;
288 break;
289
290 case 1:
291 /*
292 * Zero is allowed, because the Colubris
293 * people are dumb and use it.
294 */
295 break;
296
297 default:
298 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
299 return -1;
300 }
301
302 switch (dv_length) {
303 case 0:
304 return 0;
305
306 case 2:
307 if (data[dv_type] != 0) {
308 fr_strerror_const("Attribute is longer than 256 octets");
309 return -1;
310 }
311 FALL_THROUGH;
312 case 1:
313 attrlen = data[dv_type + dv_length - 1];
314 break;
315
316
317 default:
318 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
319 return -1;
320 }
321
322 if (attrlen < (dv_type + dv_length)) {
323 fr_strerror_const("Attribute header has invalid length");
324 return -1;
325 }
326
327 if (attrlen > length) {
328 fr_strerror_const("Attribute overflows container");
329 return -1;
330 }
331
332 data += attrlen;
333 length -= attrlen;
334 }
335
336 return 0;
337}
338
339/** Convert a "concatenated" attribute to one long VP
340 *
341 */
342static ssize_t decode_concat(TALLOC_CTX *ctx, fr_pair_list_t *list,
343 fr_dict_attr_t const *parent, uint8_t const *data,
344 uint8_t const *end)
345{
346 size_t total;
347 uint8_t attr;
348 uint8_t const *ptr = data;
349 uint8_t *p;
350 fr_pair_t *vp;
351
352 fr_assert(parent->type == FR_TYPE_OCTETS);
353
354 total = 0;
355 attr = ptr[0];
356
357 /*
358 * See how many consecutive attributes there are.
359 */
360 while (ptr < end) {
361 if ((ptr + 2) == end) break;
362 if ((ptr + 2) > end) return -1;
363 if (ptr[1] <= 2) return -1;
364 if ((ptr + ptr[1]) > end) return -1;
365
366 total += ptr[1] - 2;
367
368 ptr += ptr[1];
369
370 if (ptr == end) break;
371
372 /*
373 * Attributes MUST be consecutive.
374 */
375 if (ptr[0] != attr) break;
376 }
377
378 /*
379 * Reset the end of the data we're trying to parse
380 */
381 end = ptr;
382
383 /*
384 * If there's no data, just return that we skipped the
385 * attribute header.
386 */
387 if (!total) return 2;
388
389 vp = fr_pair_afrom_da(ctx, parent);
390 if (!vp) return -1;
391 PAIR_ALLOCED(vp);
392
393 if (fr_pair_value_mem_alloc(vp, &p, total, true) != 0) {
394 talloc_free(vp);
395 return -1;
396 }
397
398 ptr = data;
399 while (ptr < end) {
400 memcpy_bounded(p, ptr + 2, ptr[1] - 2, end);
401 p += ptr[1] - 2;
402 ptr += ptr[1];
403 }
404 fr_pair_append(list, vp);
405 return ptr - data;
406}
407
408/*
409 * Short-term hack to help clean things up.
410 */
411#define decode_value fr_radius_decode_pair_value
412
413/** decode an RFC-format TLV
414 *
415 */
416static ssize_t decode_rfc(TALLOC_CTX *ctx, fr_pair_list_t *out,
417 fr_dict_attr_t const *parent,
418 uint8_t const *data, size_t const data_len, void *decode_ctx)
419{
420 unsigned int attr;
421 size_t len;
422 ssize_t slen;
423 fr_dict_attr_t const *da;
424 fr_radius_decode_ctx_t *packet_ctx = decode_ctx;
425
426#ifdef STATIC_ANALYZER
427 if (!packet_ctx || !packet_ctx->tmp_ctx) return PAIR_DECODE_FATAL_ERROR;
428#endif
429
430 fr_assert(parent != NULL);
431
432 /*
433 * Must have at least a header.
434 */
435 if ((data_len < 2) || (data[1] < 2)) {
436 fr_strerror_printf("%s: Insufficient data", __FUNCTION__);
437 return -(data_len);
438 }
439
440 /*
441 * Empty attributes are ignored.
442 */
443 if (data[1] == 2) return 2;
444
445 attr = data[0];
446 len = data[1];
447 if (len > data_len) {
448 fr_strerror_printf("%s: Attribute overflows input. "
449 "Length must be less than %zu bytes, got %zu bytes",
450 __FUNCTION__, data_len - 2, len - 2);
451 return PAIR_DECODE_FATAL_ERROR;
452 }
453
454 da = fr_dict_attr_child_by_num(parent, attr);
455 if (!da) {
456 da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, attr);
457 if (!da) return PAIR_DECODE_FATAL_ERROR;
458 slen = fr_pair_raw_from_network(ctx, out, da, data + 2, len - 2);
459 if (slen < 0) return slen;
460 return len;
461 }
462 FR_PROTO_TRACE("decode context changed %s -> %s",da->parent->name, da->name);
463
464 if (da->flags.array) {
465 slen = fr_pair_array_from_network(ctx, out, da, data + 2, len - 2, decode_ctx, decode_value);
466
467 } else if (da->type == FR_TYPE_TLV) {
468 slen = fr_pair_tlvs_from_network(ctx, out, da, data + 2, len - 2, decode_ctx, decode_rfc, NULL, true);
469
470 } else {
471 slen = decode_value(ctx, out, da, data + 2, len - 2, decode_ctx);
472 }
473
474 if (slen < 0) return slen;
475
476 return len;
477}
478
479
480/** Decode NAS-Filter-Rule
481 *
482 * Similar to decode_concat, but contains multiple values instead of
483 * one.
484 */
485static ssize_t decode_nas_filter_rule(TALLOC_CTX *ctx, fr_pair_list_t *out,
486 fr_dict_attr_t const *parent, uint8_t const *data,
487 size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
488{
489 uint8_t const *ptr = data;
490 uint8_t const *end = data + data_len;
491 uint8_t const *decode, *decode_end;
492 uint8_t *buffer = NULL;
493 size_t total = 0;
494
495 /*
496 * Figure out how long the total length of the data is.
497 * This is so that we can do the decoding from a
498 * temporary buffer. Which means that we coalesce data
499 * across multiple attributes, separately from chopping
500 * the data at zero bytes.
501 */
502 while (ptr < end) {
503 if ((ptr + 2) == end) break;
504 if ((ptr + 2) > end) return -1;
505 if ((ptr[0] != FR_NAS_FILTER_RULE)) break;
506 if (ptr[1] <= 2) return -1;
507 if ((ptr + ptr[1]) > end) return -1;
508
509 total += ptr[1] - 2;
510 ptr += ptr[1];
511 }
512 end = ptr;
513
514 FR_PROTO_TRACE("Coalesced NAS-Filter-Rule has %lu octets", total);
515
516 /*
517 * More than one attribute, create a temporary buffer,
518 * and copy all of the data over to it.
519 */
520 if (total > RADIUS_MAX_STRING_LENGTH) {
521 uint8_t *p;
522
523 buffer = talloc_array(packet_ctx->tmp_ctx, uint8_t, total);
524 if (!buffer) return PAIR_DECODE_OOM;
525
526 p = buffer;
527 ptr = data;
528
529 /*
530 * Don't bother doing sanity checks, as they were
531 * already done above.
532 */
533 while (ptr < end) {
534 fr_assert(p < (buffer + total));
535 memcpy(p, ptr + 2, ptr[1] - 2);
536 p += ptr[1] - 2;
537 ptr += ptr[1];
538 }
539
540 decode = buffer;
541 decode_end = buffer + total;
542 } else {
543 decode = data + 2;
544 decode_end = data + data[1];
545 }
546
547 FR_PROTO_HEX_DUMP(decode, decode_end - decode, "NAS-Filter-Rule coalesced");
548
549 /*
550 * And now walk through "decode", decoding to VPs.
551 */
552 while (decode < decode_end) {
553 size_t len;
554 uint8_t const *p;
555
556 p = decode;
557
558 while (p < decode_end) {
559 if (*p == 0x00) break;
560 p++;
561 }
562
563 len = (p - decode);
564 if (len) {
565 fr_pair_t *vp;
566
567 FR_PROTO_TRACE("This NAS-Filter-Rule has %lu octets", len);
568 FR_PROTO_HEX_DUMP(decode, len, "This NAS-Filter-Rule");
569 vp = fr_pair_afrom_da(ctx, parent);
570 if (!vp) {
571 talloc_free(buffer);
572 return -1;
573 }
574 PAIR_ALLOCED(vp);
575
576 if (fr_pair_value_bstrndup(vp, (char const *) decode, len, true) != 0) {
577 talloc_free(buffer);
578 talloc_free(vp);
579 return -1;
580 }
581 fr_pair_append(out, vp);
582 }
583
584 /*
585 * Skip the zero byte
586 */
587 decode = p + 1;
588 }
589
590 talloc_free(buffer);
591 return end - data; /* end of the NAS-Filter-Rule */
592}
593
594
595/** Decode Digest-Attributes
596 *
597 * The VPs are nested, and consecutive Digest-Attributes attributes are decoded into the same parent.
598 */
599static ssize_t decode_digest_attributes(TALLOC_CTX *ctx, fr_pair_list_t *out,
600 fr_dict_attr_t const *parent, uint8_t const *data,
601 size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
602{
603 ssize_t slen;
604 fr_pair_t *vp;
605 uint8_t const *p = data;
606 uint8_t const *end = data + data_len;
607
608 fr_assert(parent->type == FR_TYPE_TLV);
609
610 vp = fr_pair_afrom_da(ctx, parent);
611 if (!vp) return PAIR_DECODE_OOM;
612 PAIR_ALLOCED(vp);
613
614redo:
615 FR_PROTO_HEX_DUMP(p, end - p, "decode_digest_attributes");
616
617 if (((size_t) (p - end) < 2) || (p[1] > (size_t) (end - p))) {
618 slen = fr_pair_raw_from_network(vp, &vp->vp_group, parent, p, end - p);
619 if (slen < 0) {
620 talloc_free(vp);
621 return slen;
622 }
623
624 goto done;
625 }
626
627 slen = fr_pair_tlvs_from_network(vp, &vp->vp_group, parent, p + 2, p[1] - 2, packet_ctx, decode_rfc, NULL, false);
628 if (slen <= 0) {
629 talloc_free(vp);
630 return slen;
631 }
632
633 /*
634 * Decode consecutive ones into the same parent.
635 */
636 p += p[1];
637 if (((p + 2) < end) && ((p[0] == FR_DIGEST_ATTRIBUTES) && (p[1] > 2))) {
638 goto redo;
639 }
640
641done:
642 fr_pair_append(out, vp);
643 return p - data;
644}
645
646
647/** Convert TLVs to one or more VPs
648 *
649 */
650ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_pair_list_t *out,
651 fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len,
652 fr_radius_decode_ctx_t *packet_ctx)
653{
654 uint8_t const *p = data, *end = data + data_len;
655 fr_dict_attr_t const *child;
656 fr_pair_list_t head;
657 fr_pair_list_t tlv_tmp;
658 fr_pair_t *vp;
659
660 fr_pair_list_init(&head);
661 if (data_len < 3) return -1; /* type, length, value */
662
663#ifdef STATIC_ANALYZER
664 if (!packet_ctx->tmp_ctx) return -1;
665#endif
666
667 FR_PROTO_HEX_DUMP(p, data_len, "tlvs");
668
669 if (fr_radius_decode_tlv_ok(p, data_len, 1, 1) < 0) return -1;
670
671 vp = fr_pair_afrom_da(ctx, parent);
672 if (!vp) return PAIR_DECODE_OOM;
673 PAIR_ALLOCED(vp);
674
675 /*
676 * Record where we were in the list when this function was called
677 * Create a temporary sub-list, so decode errors don't
678 * affect the main list.
679 */
680 fr_pair_list_init(&tlv_tmp);
681 while (p < end) {
682 ssize_t tlv_len;
683
684 child = fr_dict_attr_child_by_num(parent, p[0]);
685 if (!child) {
686 FR_PROTO_TRACE("Failed to find child %u of TLV %s", p[0], parent->name);
687
688 /*
689 * Child is unknown and not a TLV: build an unknown attr
690 */
691 if (fr_radius_decode_tlv_ok(p + 2, p[1] - 2, 1, 1) < 0) {
692 child = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, p[0]);
693 if (!child) {
694 error:
695 talloc_free(vp);
696 return -1;
697 }
698 } else {
699 /*
700 * Child is formed as a TLV, decode it as such
701 */
702 child = fr_dict_attr_unknown_typed_afrom_num(packet_ctx->tmp_ctx, parent, p[0], FR_TYPE_TLV);
703 if (!child) goto error;
704
705 FR_PROTO_TRACE("decode context changed %s -> %s", parent->name, child->name);
706 tlv_len = fr_radius_decode_tlv(vp, &tlv_tmp, child, p + 2, p[1] - 2, packet_ctx);
707 goto check;
708 }
709 }
710 FR_PROTO_TRACE("decode context changed %s -> %s", parent->name, child->name);
711
712 tlv_len = fr_radius_decode_pair_value(vp, &tlv_tmp,
713 child, p + 2, p[1] - 2,
714 packet_ctx);
715 check:
716 if (tlv_len < 0) goto error;
717 p += p[1];
718 }
719
720 fr_pair_list_append(&vp->vp_group, &tlv_tmp);
721 fr_pair_append(out, vp);
722
723 return data_len;
724}
725
726/** Convert a top-level VSA to a VP.
727 *
728 * "length" can be LONGER than just this sub-vsa.
729 */
730static ssize_t decode_vsa_internal(TALLOC_CTX *ctx, fr_pair_list_t *out,
731 fr_dict_attr_t const *parent,
732 uint8_t const *data, size_t data_len,
733 fr_radius_decode_ctx_t *packet_ctx, fr_dict_vendor_t const *dv)
734{
735 unsigned int attribute;
736 ssize_t attrlen, my_len;
737 fr_dict_attr_t const *da;
738
739#ifdef STATIC_ANALYZER
740 if (!packet_ctx->tmp_ctx) return -1;
741#endif
742
743 /*
744 * Parent must be a vendor
745 */
746 if (!fr_cond_assert(parent->type == FR_TYPE_VENDOR)) {
747 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
748 return -1;
749 }
750
751 FR_PROTO_TRACE("Length %u", (unsigned int)data_len);
752
753#ifndef NDEBUG
754 if (data_len <= (dv->type + dv->length)) {
755 fr_strerror_printf("%s: Failure to call fr_radius_decode_tlv_ok", __FUNCTION__);
756 return -1;
757 }
758#endif
759
760 switch (dv->type) {
761 case 4:
762 /* data[0] must be zero */
763 attribute = data[1] << 16;
764 attribute |= data[2] << 8;
765 attribute |= data[3];
766 break;
767
768 case 2:
769 attribute = data[0] << 8;
770 attribute |= data[1];
771 break;
772
773 case 1:
774 attribute = data[0];
775 break;
776
777 default:
778 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
779 return -1;
780 }
781
782 switch (dv->length) {
783 case 2:
784 /* data[dv->type] must be zero, from fr_radius_decode_tlv_ok() */
785 attrlen = data[dv->type + 1];
786 break;
787
788 case 1:
789 attrlen = data[dv->type];
790 break;
791
792 case 0:
793 attrlen = data_len;
794 break;
795
796 default:
797 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
798 return -1;
799 }
800
801 /*
802 * See if the VSA is known.
803 */
804 da = fr_dict_attr_child_by_num(parent, attribute);
805 if (da) {
806 decode:
807 FR_PROTO_TRACE("decode context changed %s -> %s", da->parent->name, da->name);
808
809 my_len = fr_radius_decode_pair_value(ctx, out,
810 da, data + dv->type + dv->length,
811 attrlen - (dv->type + dv->length),
812 packet_ctx);
813 if (my_len < 0) return my_len;
814
815 /*
816 * It's unknown. Let's see if we can decode it as a TLV. While this check can sometimes
817 * (rarely) decode non-TLVs as TLVs, that situation will be rare. And it's very useful
818 * to be able to decode nested unknown TLVs.
819 *
820 * Note that if the TLV length is zero, then we have no real way to tell if the TLV is
821 * well formed, so we just go create a raw VP.
822 */
823 } else if ((dv->length == 0) || (fr_radius_decode_tlv_ok(data + dv->type + dv->length, attrlen - (dv->type + dv->length), dv->type, dv->length) < 0)) {
824 da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, attribute);
825 if (!da) return -1;
826
827 goto decode;
828
829 } else {
830 da = fr_dict_attr_unknown_typed_afrom_num(packet_ctx->tmp_ctx, parent, attribute, FR_TYPE_TLV);
831 if (!da) return -1;
832
833 goto decode;
834 }
835
836 return attrlen;
837}
838
839
840/** Convert a fragmented extended attr to a VP
841 *
842 * Format is:
843 *
844 * attr
845 * length
846 * extended-attr
847 * flag
848 * data...
849 *
850 * But for the first fragment, we get passed a pointer to the "extended-attr"
851 */
852static ssize_t decode_extended_fragments(TALLOC_CTX *ctx, fr_pair_list_t *out,
853 fr_dict_attr_t const *parent,
854 uint8_t const *data, size_t attr_len,
855 fr_radius_decode_ctx_t *packet_ctx)
856{
857 ssize_t ret;
858 size_t fraglen;
859 uint8_t *head, *tail;
860 uint8_t const *frag, *end;
861 uint8_t const *attr;
862 int fragments;
863 bool last_frag;
864
865 /*
866 * data = Ext-Attr Flag ...
867 */
868
869 if (attr_len < 3) return -1;
870
871 /*
872 * No continuation, just decode the attribute in place.
873 */
874 if ((data[1] & 0x80) == 0) {
875 ret = fr_radius_decode_pair_value(ctx, out,
876 parent, data + 2, attr_len - 2, packet_ctx);
877 if (ret < 0) return -1;
878 return attr_len;
879 }
880
881 /*
882 * Calculate the length of all of the fragments. For
883 * now, they MUST be contiguous in the packet, and they
884 * MUST be all of the same TYPE and EXTENDED-TYPE
885 */
886 attr = data - 2;
887 fraglen = attr_len - 2;
888 frag = data + attr_len;
889 end = packet_ctx->end;
890 fragments = 1;
891 last_frag = false;
892
893 while (frag < end) {
894 if (last_frag || ((end - frag) < 4) ||
895 (frag[0] != attr[0]) ||
896 (frag[1] < 4) || /* too short for long_extended */
897 (frag[2] != attr[2]) ||
898 ((frag + frag[1]) > end)) { /* overflow */
899 end = frag;
900 break;
901 }
902
903 last_frag = ((frag[3] & 0x80) == 0);
904
905 fraglen += frag[1] - 4;
906 frag += frag[1];
907 fragments++;
908 }
909
910 head = tail = talloc_array(ctx, uint8_t, fraglen);
911 if (!head) return -1;
912
913 FR_PROTO_TRACE("Fragments %d, total length %d", fragments, (int) fraglen);
914
915 /*
916 * And again, but faster and looser.
917 *
918 * We copy the first fragment, followed by the rest of
919 * the fragments.
920 */
921 frag = attr;
922
923 while (fragments > 0) {
924 if (frag[1] > 4) memcpy_bounded(tail, frag + 4, frag[1] - 4, end);
925 tail += frag[1] - 4;
926 frag += frag[1];
927 fragments--;
928 }
929
930 FR_PROTO_HEX_DUMP(head, fraglen, "long_extended fragments");
931
932 /*
933 * Reset the "end" pointer, because we're not passing in
934 * the real data.
935 */
936 {
937 uint8_t const *tmp = packet_ctx->end;
938 packet_ctx->end = head + fraglen;
939
940 ret = fr_radius_decode_pair_value(ctx, out,
941 parent, head, fraglen, packet_ctx);
942
943 packet_ctx->end = tmp;
944 }
945
946 talloc_free(head);
947 if (ret < 0) return ret;
948
949 return end - data;
950}
951
952/** Fast path for most extended attributes.
953 *
954 * data_len has already been checked by the caller, so we don't care
955 * about it here.
956 */
957static ssize_t decode_extended(TALLOC_CTX *ctx, fr_pair_list_t *out,
958 fr_dict_attr_t const *da,
959 uint8_t const *data, UNUSED size_t data_len,
960 fr_radius_decode_ctx_t *packet_ctx)
961{
962 ssize_t slen;
963 fr_dict_attr_t const *child;
964 fr_pair_t *vp;
965
966 /*
967 * They MUST have one byte of Extended-Type. The
968 * case of "2" is already handled above with CUI.
969 */
970 if (data[1] == 3) {
971 slen = fr_pair_raw_from_network(ctx, out, da, data + 2, 1);
972 if (slen <= 0) return slen;
973 return 2 + slen;
974 }
975
976 /*
977 * Get a new child.
978 */
979 child = fr_dict_attr_child_by_num(da, data[2]);
980 if (!child) {
981 fr_dict_attr_t *unknown;
982 FR_PROTO_TRACE("Unknown extended attribute %u.%u", data[0], data[2]);
983 unknown = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, da, data[2]);
984 if (!unknown) return -1;
985
986 child = unknown;
987 }
988
989 /*
990 * One byte of type, and N bytes of data.
991 */
992 if (!fr_radius_flag_long_extended(da)) {
993 if (fr_pair_find_or_append_by_da(ctx, &vp, out, da) < 0) return PAIR_DECODE_OOM;
994
995 slen = fr_radius_decode_pair_value(vp, &vp->vp_group, child, data + 3, data[1] - 3, packet_ctx);
996 fr_dict_attr_unknown_free(&child);
997 if (slen < 0 ) return slen;
998
999 fr_assert(slen < (1 << 16));
1000 return 3 + slen;
1001 }
1002
1003 /*
1004 * It MUST have one byte of type, and one byte of
1005 * flags. If there's no data here, we just
1006 * ignore it, whether or not the "More" bit is
1007 * set.
1008 */
1009 if (data[1] == 4) {
1010 fr_dict_attr_unknown_free(&child);
1011 slen = fr_pair_raw_from_network(ctx, out, da, data + 2, 2);
1012 if (slen < 0) return slen;
1013 return 4;
1014 }
1015
1016 if (fr_pair_find_or_append_by_da(ctx, &vp, out, da) < 0) return PAIR_DECODE_OOM;
1017
1018 /*
1019 * No continuation - just decode as-is.
1020 */
1021 if ((data[3] & 0x80) == 0) {
1022 slen = fr_radius_decode_pair_value(vp, &vp->vp_group, child, data + 4, data[1] - 4, packet_ctx);
1023 fr_dict_attr_unknown_free(&child);
1024 if (slen < 0 ) return slen;
1025 return 4 + slen;
1026 }
1027
1028 /*
1029 * Concatenate all of the fragments together, and decode the resulting thing.
1030 */
1031 slen = decode_extended_fragments(vp, &vp->vp_group, child, data + 2, data[1] - 2, packet_ctx);
1032 fr_dict_attr_unknown_free(&child);
1033 if (slen < 0) return slen;
1034 return 2 + slen;
1035}
1036
1037/** Convert a Vendor-Specific WIMAX to vps
1038 *
1039 * @note Called ONLY for Vendor-Specific
1040 */
1041static ssize_t decode_wimax(TALLOC_CTX *ctx, fr_pair_list_t *out,
1042 fr_dict_attr_t const *parent,
1043 uint8_t const *data, size_t attr_len,
1044 fr_radius_decode_ctx_t *packet_ctx)
1045{
1046 ssize_t ret;
1047 size_t wimax_len;
1048 bool more;
1049 uint8_t *head, *tail;
1050 uint8_t const *attr, *end;
1051 fr_dict_attr_t const *da;
1052 fr_pair_t *vsa, *vendor;
1053
1054#ifdef STATIC_ANALYZER
1055 if (!packet_ctx->tmp_ctx) return -1;
1056#endif
1057
1058 fr_assert(packet_ctx->end != NULL);
1059 fr_assert((data + attr_len) <= packet_ctx->end);
1060
1061 /*
1062 * data = VID VID VID VID WiMAX-Attr WiMAX-Len Continuation ...
1063 */
1064 if (attr_len < 8) {
1065 FR_PROTO_TRACE("attribute is too small to be WiMAX");
1066 return -1;
1067 }
1068
1069 /*
1070 * WiMAX-Attr WiMAX-Len Continuation
1071 */
1072 if (data[5] < 3) {
1073 FR_PROTO_TRACE("attribute is too small to be WiMAX-Attr-WiMAX-Len Continuation");
1074 return -1;
1075 }
1076
1077 /*
1078 * The WiMAX-Len + 4 VID must exactly fill the attribute.
1079 */
1080 if (((size_t) (data[5] + 4)) != attr_len) {
1081 FR_PROTO_TRACE("WiMAX VSA does not exactly fill the attribute");
1082 return -1;
1083 }
1084
1085 if (fr_pair_find_or_append_by_da(ctx, &vsa, out, attr_vendor_specific) < 0) return PAIR_DECODE_OOM;
1086
1087 if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, parent) < 0) return PAIR_DECODE_OOM;
1088
1089 da = fr_dict_attr_child_by_num(parent, data[4]);
1090 if (!da) da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, data[4]);
1091 if (!da) return -1;
1092 FR_PROTO_TRACE("decode context changed %s -> %s", da->parent->name, da->name);
1093
1094 /*
1095 * No continuation, just decode the attribute in place.
1096 */
1097 if ((data[6] & 0x80) == 0) {
1098 FR_PROTO_TRACE("WiMAX no continuation");
1099 ret = fr_radius_decode_pair_value(vendor, &vendor->vp_group,
1100 da, data + 7, data[5] - 3, packet_ctx);
1101 if (ret < 0) return ret;
1102
1103 return attr_len;
1104 }
1105
1106 /*
1107 * Calculate the length of all of the fragments. For
1108 * now, they MUST be contiguous in the packet, and they
1109 * MUST be all of the same VSA, WiMAX, and WiMAX-attr.
1110 *
1111 * The first fragment doesn't have a RADIUS attribute
1112 * header.
1113 */
1114 wimax_len = 0;
1115 attr = data + 4;
1116 end = packet_ctx->end;
1117
1118 while (attr < end) {
1119 /*
1120 * Not enough room for Attribute + length +
1121 * continuation, it's bad.
1122 */
1123 if ((end - attr) < 3) {
1124 FR_PROTO_TRACE("end - attr < 3");
1125 return -1;
1126 }
1127
1128 /*
1129 * Must have non-zero data in the attribute.
1130 */
1131 if (attr[1] <= 3) {
1132 FR_PROTO_TRACE("attr[1] <= 3");
1133 return -1;
1134 }
1135
1136 /*
1137 * If the WiMAX attribute overflows the packet,
1138 * it's bad.
1139 */
1140 if ((attr + attr[1]) > end) {
1141 FR_PROTO_TRACE("attr + attr[1]) > end");
1142 return -1;
1143 }
1144
1145 /*
1146 * Check the continuation flag.
1147 */
1148 more = ((attr[2] & 0x80) != 0);
1149
1150 /*
1151 * Or, there's no more data, in which case we
1152 * shorten "end" to finish at this attribute.
1153 */
1154 if (!more) end = attr + attr[1];
1155
1156 /*
1157 * There's more data, but we're at the end of the
1158 * packet. The attribute is malformed!
1159 */
1160 if (more && ((attr + attr[1]) == end)) {
1161 FR_PROTO_TRACE("more && ((attr + attr[1]) == end)");
1162 return -1;
1163 }
1164
1165 /*
1166 * Add in the length of the data we need to
1167 * concatenate together.
1168 */
1169 wimax_len += attr[1] - 3;
1170
1171 /*
1172 * Go to the next attribute, and stop if there's
1173 * no more.
1174 */
1175 attr += attr[1];
1176 if (!more) break;
1177
1178 /*
1179 * data = VID VID VID VID WiMAX-Attr WimAX-Len Continuation ...
1180 *
1181 * attr = Vendor-Specific VSA-Length VID VID VID VID WiMAX-Attr WimAX-Len Continuation ...
1182 *
1183 */
1184
1185 /*
1186 * No room for Vendor-Specific + length +
1187 * Vendor(4) + attr + length + continuation + data
1188 */
1189 if ((end - attr) < 9) {
1190 FR_PROTO_TRACE("(end - attr) < 9");
1191 return -1;
1192 }
1193
1194 if (attr[0] != FR_VENDOR_SPECIFIC) {
1195 FR_PROTO_TRACE("attr[0] != FR_VENDOR_SPECIFIC");
1196 return -1;
1197 }
1198
1199 if (attr[1] < 9) {
1200 FR_PROTO_TRACE("attr[1] < 9");
1201 return -1;
1202 }
1203
1204 if ((attr + attr[1]) > end) {
1205 FR_PROTO_TRACE("(attr + attr[1]) > end");
1206 return -1;
1207 }
1208
1209 if (memcmp(data, attr + 2, 4) != 0) {
1210 FR_PROTO_TRACE("not the same vendor");
1211 return -1; /* not WiMAX Vendor ID */
1212 }
1213
1214 if (attr[1] != (attr[7] + 6)) {
1215 FR_PROTO_TRACE("attr[1] != (attr[7] + 6)");
1216 return -1; /* WiMAX attr doesn't exactly fill the VSA */
1217 }
1218
1219 if (data[4] != attr[6]) {
1220 FR_PROTO_TRACE("data[4] != attr[6]");
1221 return -1; /* different WiMAX attribute */
1222 }
1223
1224 /*
1225 * Skip over the Vendor-Specific header, and
1226 * continue with the WiMAX attributes.
1227 */
1228 attr += 6;
1229 }
1230
1231 /*
1232 * No data in the WiMAX attribute, make a "raw" one.
1233 */
1234 if (!wimax_len) {
1235 FR_PROTO_TRACE("!wimax_len");
1236 return -1;
1237 }
1238
1239 head = tail = talloc_array(ctx, uint8_t, wimax_len);
1240 if (!head) return -1;
1241
1242 /*
1243 * Copy the data over, this time trusting the attribute
1244 * contents.
1245 */
1246 attr = data;
1247 while (attr < end) {
1248 memcpy_bounded(tail, attr + 4 + 3, attr[4 + 1] - 3, end);
1249 tail += attr[4 + 1] - 3;
1250 attr += 4 + attr[4 + 1]; /* skip VID+WiMax header */
1251 attr += 2; /* skip Vendor-Specific header */
1252 }
1253
1254 FR_PROTO_HEX_DUMP(head, wimax_len, "Wimax fragments");
1255
1256 /*
1257 * Reset the "end" pointer, because we're not passing in
1258 * the real data.
1259 */
1260 {
1261 uint8_t const *tmp = packet_ctx->end;
1262 packet_ctx->end = head + wimax_len;
1263
1264 FR_PROTO_TRACE("WiMAX decode concatenated");
1265 FR_PROTO_HEX_DUMP(head, wimax_len, "%s", __FUNCTION__ );
1266 ret = fr_radius_decode_pair_value(ctx, out,
1267 da, head, wimax_len, packet_ctx);
1268
1269 packet_ctx->end = tmp;
1270 }
1271
1272 talloc_free(head);
1273 if (ret < 0) return ret;
1274
1275 return end - data;
1276}
1277
1278
1279/** Convert a top-level VSA to one or more VPs
1280 *
1281 */
1282static ssize_t CC_HINT(nonnull) decode_vsa(TALLOC_CTX *ctx, fr_pair_list_t *out,
1283 fr_dict_attr_t const *parent,
1284 uint8_t const *data, size_t attr_len,
1285 fr_radius_decode_ctx_t *packet_ctx)
1286{
1287 size_t total;
1288 ssize_t ret;
1289 uint32_t vendor_pen;
1290 fr_dict_vendor_t const *dv;
1291 fr_pair_list_t head;
1292 fr_dict_vendor_t my_dv;
1293 fr_dict_attr_t const *vendor_da;
1294 fr_pair_list_t tlv_tmp;
1295 fr_pair_t *vsa, *vendor;
1296
1297 fr_pair_list_init(&head);
1298
1299#ifdef STATIC_ANALYZER
1300 if (!packet_ctx->tmp_ctx) return -1;
1301#endif
1302
1303 /*
1304 * Container must be a VSA
1305 */
1306 if (!fr_cond_assert(parent->type == FR_TYPE_VSA)) return -1;
1307
1308 if ((data + attr_len) > packet_ctx->end) return -1;
1309 if (attr_len < 5) return -1; /* vid, value */
1310 if (data[0] != 0) return -1; /* we require 24-bit VIDs */
1311
1312 FR_PROTO_TRACE("Decoding VSA");
1313
1314 memcpy(&vendor_pen, data, 4);
1315 vendor_pen = ntohl(vendor_pen);
1316
1317 /*
1318 * Verify that the parent (which should be a VSA)
1319 * contains a fake attribute representing the vendor.
1320 *
1321 * If it doesn't then this vendor is unknown, but
1322 * (unlike DHCP) we know vendor attributes have a
1323 * standard format, so we can decode the data anyway.
1324 */
1325 vendor_da = fr_dict_attr_child_by_num(parent, vendor_pen);
1326 if (!vendor_da) {
1327 fr_dict_attr_t *n;
1328 /*
1329 * RFC format is 1 octet type, 1 octet length
1330 */
1331 if (fr_radius_decode_tlv_ok(data + 4, attr_len - 4, 1, 1) < 0) {
1332 FR_PROTO_TRACE("Unknown TLVs not OK: %s", fr_strerror());
1333 return -1;
1334 }
1335
1336 n = fr_dict_attr_unknown_vendor_afrom_num(packet_ctx->tmp_ctx, parent, vendor_pen);
1337 if (!n) return -1;
1338 vendor_da = n;
1339
1340 fr_assert(vendor_da->flags.type_size == 1);
1341
1342 /*
1343 * Create an unknown DV too...
1344 */
1345 memset(&my_dv, 0, sizeof(my_dv));
1346
1347 my_dv.pen = vendor_pen;
1348 my_dv.type = 1;
1349 my_dv.length = 1;
1350
1351 dv = &my_dv;
1352
1353 goto create_attrs;
1354 }
1355
1356 /*
1357 * We found an attribute representing the vendor
1358 * so it *MUST* exist in the vendor tree.
1359 */
1360 dv = fr_dict_vendor_by_num(dict_radius, vendor_pen);
1361 if (!fr_cond_assert(dv)) return -1;
1362 FR_PROTO_TRACE("decode context %s -> %s", parent->name, vendor_da->name);
1363
1364 /*
1365 * WiMAX craziness
1366 */
1367 if (dv->continuation) {
1368 ret = decode_wimax(ctx, out, vendor_da, data, attr_len, packet_ctx);
1369 return ret;
1370 }
1371
1372 /*
1373 * VSAs should normally be in TLV format.
1374 */
1375 if (fr_radius_decode_tlv_ok(data + 4, attr_len - 4, dv->type, dv->length) < 0) {
1376 FR_PROTO_TRACE("TLVs not OK: %s", fr_strerror());
1377 return -1;
1378 }
1379
1380 /*
1381 * There may be more than one VSA in the
1382 * Vendor-Specific. If so, loop over them all.
1383 */
1384create_attrs:
1385 if (fr_pair_find_or_append_by_da(ctx, &vsa, out, parent) < 0) return PAIR_DECODE_OOM;
1386
1387 if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, vendor_da) < 0) return PAIR_DECODE_OOM;
1388
1389 data += 4;
1390 attr_len -= 4;
1391 total = 4;
1392
1393 fr_pair_list_init(&tlv_tmp);
1394 while (attr_len > 0) {
1395 ssize_t vsa_len;
1396
1397 /*
1398 * Vendor attributes can have subattributes (if you hadn't guessed)
1399 */
1400 vsa_len = decode_vsa_internal(vendor, &tlv_tmp,
1401 vendor_da, data, attr_len, packet_ctx, dv);
1402 if (vsa_len < 0) {
1403 FR_PROTO_TRACE("TLV decode failed: %s", fr_strerror());
1404 fr_strerror_printf("%s: Internal sanity check %d", __FUNCTION__, __LINE__);
1405 fr_pair_list_free(&tlv_tmp);
1406 return -1;
1407 }
1408
1409 data += vsa_len;
1410 attr_len -= vsa_len;
1411 total += vsa_len;
1412 }
1413 fr_pair_list_append(&vendor->vp_group, &tlv_tmp);
1414
1415 /*
1416 * Hacks for tags. The tagged VSAs don't go into the
1417 * root, they go into the Tag-# attribute. But we only
1418 * know that after we've created the parents. So clean up if necessary.
1419 *
1420 * @todo - maybe cache these somewhere to avoid bouncing.
1421 */
1422 if (fr_pair_list_num_elements(&vendor->vp_group) == 0) {
1423 if (fr_pair_list_num_elements(&vsa->vp_group) == 1) { /* only the vendor */
1424 fr_pair_delete(out, vsa);
1425 } else {
1426 fr_pair_delete(&vsa->vp_group, vendor);
1427 }
1428 }
1429
1430 /*
1431 * When the unknown attributes were created by
1432 * decode_vsa_internal, the hierarchy between that unknown
1433 * attribute and first known attribute was cloned
1434 * meaning we can now free the unknown vendor.
1435 */
1436
1437 return total;
1438}
1439
1440/** Wrapper called by fr_struct_from_network()
1441 *
1442 * Because extended attributes can continue across the current value.
1443 * So that function needs to know both the value length, *and* the
1444 * packet length. But when we're decoding values inside of a struct,
1445 * we're not using extended attributes.
1446 */
1447static ssize_t decode_value_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out,
1448 fr_dict_attr_t const *parent,
1449 uint8_t const *data, size_t data_len, void *decode_ctx)
1450{
1451 return fr_radius_decode_pair_value(ctx, out, parent, data, data_len, decode_ctx);
1452}
1453
1454/** Wrapper called by fr_struct_from_network()
1455 */
1456static ssize_t decode_tlv_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out,
1457 fr_dict_attr_t const *parent,
1458 uint8_t const *data, size_t data_len, void *decode_ctx)
1459{
1460 FR_PROTO_HEX_DUMP(data, data_len, "%s", __FUNCTION__ );
1461
1462 return fr_radius_decode_tlv(ctx, out, parent, data, data_len, decode_ctx);
1463}
1464
1465
1466/** Create any kind of VP from the attribute contents
1467 *
1468 * "length" is AT LEAST the length of this attribute, as we
1469 * expect the caller to have verified the data with
1470 * fr_packet_ok(). "length" may be up to the length of the
1471 * packet.
1472 *
1473 * This function will ONLY return -1 on programmer error or OOM. If
1474 * there's anything wrong with the attribute, it will ALWAYS create a
1475 * "raw" attribute.
1476 *
1477 * @return
1478 * - Length on success.
1479 * - -1 on failure.
1480 */
1481ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out,
1482 fr_dict_attr_t const *parent,
1483 uint8_t const *data, size_t const attr_len,
1484 void *decode_ctx)
1485{
1486 int8_t tag = 0;
1487 size_t data_len;
1488 ssize_t ret;
1489 fr_dict_attr_t const *child;
1490 fr_pair_t *vp = NULL;
1491 uint8_t const *p = data;
1492 uint8_t buffer[256];
1493 fr_radius_attr_flags_encrypt_t encrypt;
1494 fr_radius_decode_ctx_t *packet_ctx = decode_ctx;
1495
1496 if (attr_len > 128 * 1024) {
1497 fr_strerror_printf("%s: packet is too large to be RADIUS", __FUNCTION__);
1498 return -1;
1499 }
1500
1501 if ((data + attr_len) > packet_ctx->end) {
1502 fr_strerror_printf("%s: input overflows packet", __FUNCTION__);
1503 return -1;
1504 }
1505
1506 FR_PROTO_HEX_DUMP(data, attr_len, "%s", __FUNCTION__ );
1507
1508 FR_PROTO_TRACE("Parent %s len %zu ... %zu", parent->name, attr_len, (size_t) (packet_ctx->end - data));
1509
1510 data_len = attr_len;
1511
1512 /*
1513 * Silently ignore zero-length attributes.
1514 */
1515 if (attr_len == 0) return 0;
1516
1517 /*
1518 * Hacks for tags.
1519 */
1520 if (fr_radius_flag_has_tag(parent)) {
1521 /*
1522 * Check for valid tags and data types.
1523 */
1524 if (parent->type == FR_TYPE_UINT32) {
1525 if ((attr_len != 4) || (p[0] >= 0x20)) {
1526 goto raw;
1527 }
1528
1529 } else if (parent->type != FR_TYPE_STRING) {
1530 goto raw;
1531 }
1532
1533 /*
1534 * Tag values MUST be less than 32.
1535 */
1536 if (p[0] < 0x20) {
1537 /*
1538 * Only "short" attributes can be encrypted.
1539 */
1540 if (data_len >= sizeof(buffer)) goto raw;
1541
1542 if (parent->type == FR_TYPE_STRING) {
1543 memcpy(buffer, p + 1, data_len - 1);
1544 tag = p[0];
1545 data_len -= 1;
1546
1547 } else if (parent->type == FR_TYPE_UINT32) {
1548 memcpy(buffer, p, attr_len);
1549 tag = buffer[0];
1550 buffer[0] = 0;
1551 }
1552
1553 p = buffer;
1554
1555 } /* else the field is >=0x20, so it's not a tag */
1556 }
1557
1558 if (tag) {
1559 fr_radius_tag_ctx_t **new_tag_ctx = NULL;
1560
1561 if (!packet_ctx->tags) {
1562 /*
1563 * This should NOT be packet_ctx.tmp_ctx,
1564 * as that is freed after decoding every
1565 * packet. We wish to aggregate the tags
1566 * across multiple attributes.
1567 */
1568 new_tag_ctx = talloc_zero_array(NULL, fr_radius_tag_ctx_t *, 32);
1569 if (unlikely(!new_tag_ctx)) return PAIR_DECODE_OOM;
1570
1571 FR_PROTO_TRACE("Allocated tag cache %p", new_tag_ctx);
1572
1573 packet_ctx->tags = new_tag_ctx;
1574 }
1575
1576 fr_assert(tag < 0x20);
1577
1578 if (!packet_ctx->tags[tag]) {
1579 fr_pair_t *group;
1580 fr_dict_attr_t const *group_da;
1581
1582 packet_ctx->tags[tag] = talloc_zero(packet_ctx->tags, fr_radius_tag_ctx_t);
1583 if (unlikely(!packet_ctx->tags[tag])) {
1584 if (new_tag_ctx) TALLOC_FREE(packet_ctx->tags);
1585 return PAIR_DECODE_OOM;
1586 }
1587
1588 group_da = fr_dict_attr_child_by_num(fr_dict_root(dict_radius), FR_TAG_BASE + tag);
1589 if (unlikely(!group_da)) {
1590 tag_alloc_error:
1591 TALLOC_FREE(packet_ctx->tags[tag]);
1592 return PAIR_DECODE_OOM;
1593 }
1594
1595 group = fr_pair_afrom_da(packet_ctx->tag_root_ctx, group_da);
1596 if (unlikely(!group)) goto tag_alloc_error;
1597 PAIR_ALLOCED(group);
1598
1599 packet_ctx->tags[tag]->parent = group;
1600
1601 FR_PROTO_TRACE("Allocated tag attribute %p (%u)", group, tag);
1602
1603 fr_pair_append(packet_ctx->tag_root, group);
1604#ifdef TALLOC_GET_TYPE_ABORT_NOOP
1605 }
1606#else
1607 } else {
1608 talloc_get_type_abort(packet_ctx->tags, fr_radius_tag_ctx_t *);
1609 talloc_get_type_abort(packet_ctx->tags[tag], fr_radius_tag_ctx_t);
1610 talloc_get_type_abort(packet_ctx->tags[tag]->parent, fr_pair_t);
1611 }
1612#endif
1613 }
1614
1615 encrypt = fr_radius_flag_encrypted(parent);
1616 /*
1617 * Decrypt the attribute.
1618 */
1619 if (encrypt) {
1620 FR_PROTO_TRACE("Decrypting type %d", encrypt);
1621 /*
1622 * Encrypted attributes can only exist for the
1623 * old-style format. Extended attributes CANNOT
1624 * be encrypted.
1625 */
1626 if (attr_len > 253) goto raw;
1627
1628 if (p == data) memcpy(buffer, p, attr_len);
1629 p = buffer;
1630
1631 switch (encrypt) { /* can't be tagged */
1632 /*
1633 * User-Password
1634 */
1635 case RADIUS_FLAG_ENCRYPT_USER_PASSWORD:
1636 if (!packet_ctx->request_authenticator) goto raw;
1637
1638 fr_radius_decode_password((char *)buffer, attr_len, packet_ctx);
1639 buffer[253] = '\0';
1640
1641 /*
1642 * MS-CHAP-MPPE-Keys are 24 octets, and
1643 * encrypted. Since it's binary, we can't
1644 * look for trailing zeros.
1645 */
1646 if (parent->flags.length) {
1647 if (data_len > parent->flags.length) {
1648 data_len = parent->flags.length;
1649 } /* else leave data_len alone */
1650 } else {
1651 /*
1652 * Take off trailing zeros from the END.
1653 * This allows passwords to have zeros in
1654 * the middle of a field.
1655 *
1656 * However, if the password has a zero at
1657 * the end, it will get mashed by this
1658 * code. There's really no way around
1659 * that.
1660 */
1661 while ((data_len > 0) && (buffer[data_len - 1] == '\0')) data_len--;
1662 }
1663 break;
1664
1665 /*
1666 * Tunnel-Password's go in response packets,
1667 * except for CoA-Requests. They can have a tag,
1668 * so data_len is not the same as attrlen.
1669 */
1670 case RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD:
1671 if (!packet_ctx->request_authenticator) goto raw;
1672
1673 if (fr_radius_decode_tunnel_password(buffer, &data_len, packet_ctx) < 0) {
1674 goto raw;
1675 }
1676 break;
1677
1678 /*
1679 * Ascend-Send-Secret
1680 * Ascend-Receive-Secret
1681 */
1682 case RADIUS_FLAG_ENCRYPT_ASCEND_SECRET:
1683 if (!packet_ctx->request_authenticator) goto raw;
1684
1685 fr_radius_ascend_secret(&FR_DBUFF_TMP(buffer, sizeof(buffer)), p, data_len,
1686 packet_ctx->common->secret, packet_ctx->request_authenticator);
1687 buffer[RADIUS_AUTH_VECTOR_LENGTH] = '\0';
1688 data_len = strlen((char *) buffer);
1689 break;
1690
1691 default:
1692 /*
1693 * Chop the attribute to its maximum length.
1694 */
1695 if ((parent->type == FR_TYPE_OCTETS) &&
1696 (parent->flags.length && (data_len > parent->flags.length))) {
1697 data_len = parent->flags.length;
1698 }
1699 break;
1700 } /* switch over encryption flags */
1701 }
1702
1703 /*
1704 * Double-check the length after decrypting the
1705 * attribute.
1706 */
1707 FR_PROTO_TRACE("Type \"%s\" (%u)", fr_type_to_str(parent->type), parent->type);
1708
1709 switch (parent->type) {
1710 case FR_TYPE_LEAF:
1711 break;
1712
1713 case FR_TYPE_VSA:
1714 /*
1715 * VSAs in the RFC space are encoded one way.
1716 * VSAs in the "extended" space are different.
1717 */
1718 if (!parent->parent || !fr_radius_flag_extended(parent->parent)) {
1719 /*
1720 * VSAs can be WiMAX, in which case they don't
1721 * fit into one attribute.
1722 */
1723 ret = decode_vsa(ctx, out, parent, p, attr_len, packet_ctx);
1724 if (ret < 0) goto raw;
1725 return ret;
1726
1727 } else {
1728 fr_dict_attr_t const *vendor_da;
1729 fr_pair_t *vsa, *vendor;
1730 uint32_t vendor_pen;
1731
1732
1733 if (data_len < 6) goto raw; /* vid, vtype, value */
1734
1735 memcpy(&vendor_pen, p, 4);
1736 vendor_pen = ntohl(vendor_pen);
1737
1738 /*
1739 * For simplicity in our attribute tree, vendors are
1740 * represented as a subtlv(ish) of an EVS or VSA
1741 * attribute.
1742 */
1743 vendor_da = fr_dict_attr_child_by_num(parent, vendor_pen);
1744 if (!vendor_da) {
1745 /*
1746 * If there's no child, it means the vendor is unknown. Create a
1747 * temporary vendor in the packet_ctx. This will be cleaned up when the
1748 * decoder exists, which is fine. Because any unknown attributes which
1749 * depend on it will copy the entire hierarchy.
1750 */
1751 vendor_da = fr_dict_attr_unknown_vendor_afrom_num(packet_ctx->tmp_ctx, parent, vendor_pen);
1752 if (!vendor_da) return PAIR_DECODE_OOM;
1753 }
1754
1755 child = fr_dict_attr_child_by_num(vendor_da, p[4]);
1756 if (!child) {
1757 /*
1758 * Vendor exists but child didn't, create an unknown child.
1759 */
1760 child = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, vendor_da, p[4]);
1761 if (!child) {
1762 fr_strerror_printf_push("decoder failed creating unknown attribute in %s",
1763 parent->name);
1764 return -1;
1765 }
1766 }
1767
1768 if (fr_pair_find_or_append_by_da(ctx, &vsa, out, parent) < 0) return PAIR_DECODE_OOM;
1769
1770 if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, vendor_da) < 0) return PAIR_DECODE_OOM;
1771
1772 /*
1773 * Everything was found in the dictionary, we can
1774 * now recurse to decode the value.
1775 */
1776 ret = fr_radius_decode_pair_value(vendor, &vendor->vp_group,
1777 child, p + 5, attr_len - 5,
1778 packet_ctx);
1779 if (ret < 0) goto raw;
1780 return attr_len;
1781 }
1782
1783 case FR_TYPE_TLV:
1784 /*
1785 * We presume that the TLVs all fit into one
1786 * attribute, OR they've already been grouped
1787 * into a contiguous memory buffer.
1788 */
1789 ret = fr_radius_decode_tlv(ctx, out, parent, p, attr_len, packet_ctx);
1790 if (ret < 0) goto raw;
1791 return attr_len;
1792
1793 case FR_TYPE_STRUCT:
1794 /*
1795 * We presume that the struct fits into one
1796 * attribute, OR it's already been grouped
1797 * into a contiguous memory buffer.
1798 */
1799 ret = fr_struct_from_network(ctx, out, parent, p, attr_len,
1800 packet_ctx, decode_value_trampoline, decode_tlv_trampoline);
1801 if (ret < 0) goto raw;
1802 return attr_len;
1803
1804 case FR_TYPE_GROUP:
1805 {
1806 fr_dict_attr_t const *ref;
1807 fr_dict_protocol_t const *proto;
1808
1809 ref = fr_dict_attr_ref(parent);
1810 if (!ref) goto raw;
1811
1812 fr_assert(ref->dict != parent->dict);
1813
1814 proto = fr_dict_protocol(ref->dict);
1815 fr_assert(proto != NULL);
1816
1817 if (!proto->decode) goto raw;
1818
1819 vp = fr_pair_afrom_da(ctx, parent);
1820 if (!vp) return -1;
1821 PAIR_ALLOCED(vp);
1822
1823 ret = proto->decode(vp, &vp->vp_group, p, attr_len);
1824 if (ret < 0) goto raw;
1825
1826 vp->vp_tainted = true;
1827
1828 fr_pair_append(out, vp);
1829 return attr_len;
1830 }
1831
1832 default:
1833 raw:
1834 if (vp) talloc_free(vp);
1835
1836 return fr_pair_raw_from_network(ctx, out, parent, data, attr_len);
1837 }
1838
1839 /*
1840 * And now that we've verified the basic type
1841 * information, decode the actual p.
1842 */
1843 if (!tag) {
1844 vp = fr_pair_afrom_da(ctx, parent);
1845 } else {
1846 fr_assert(packet_ctx->tags != NULL);
1847 fr_assert(packet_ctx->tags[tag] != NULL);
1848 vp = fr_pair_afrom_da_nested(packet_ctx->tags[tag]->parent, &packet_ctx->tags[tag]->parent->vp_group, parent);
1849 }
1850 if (!vp) return -1;
1851 PAIR_ALLOCED(vp);
1852
1853 switch (parent->type) {
1854 /*
1855 * RFC8044 IPv4 prefix
1856 *
1857 * 0 1 2 3
1858 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1859 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1860 * | Reserved | Prefix-Length | Prefix ...
1861 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1862 * ... Prefix |
1863 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1864 *
1865 * The bits outside of the prefix mask MUST be zero.
1866 */
1867 case FR_TYPE_IPV4_PREFIX:
1868 if (data_len != 6) goto raw;
1869 if (p[0] != 0) goto raw;
1870
1871 if (fr_value_box_ipaddr_from_network(&vp->data, parent->type, parent,
1872 p[1], p + 2, 4, true, true) < 0) {
1873 goto raw;
1874 }
1875 break;
1876
1877 /*
1878 * RFC8044 IPv6 prefix
1879 *
1880 * 0 1 2 3
1881 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1882 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1883 * | Type | Length | Reserved | Prefix-Length |
1884 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1885 * Prefix
1886 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1887 * Prefix
1888 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1889 * Prefix
1890 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1891 * Prefix |
1892 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1893 *
1894 * The bits outside of the prefix mask MUST be zero.
1895 */
1896 case FR_TYPE_IPV6_PREFIX:
1897 {
1898 if (data_len > 18) goto raw;
1899 if (data_len < 2) goto raw;
1900 if (p[0] != 0) goto raw; /* First byte is always 0 */
1901
1902 if (fr_value_box_ipaddr_from_network(&vp->data, parent->type, parent,
1903 p[1], p + 2, data_len - 2, false, true) < 0) {
1904 goto raw;
1905 }
1906
1907 }
1908 break;
1909
1910 case FR_TYPE_STRING:
1911 if (!fr_radius_flag_abinary(parent)) goto decode;
1912
1913 if (fr_radius_decode_abinary(vp, p, data_len) < 0) goto raw;
1914 break;
1915
1916 case FR_TYPE_OCTETS:
1917 /*
1918 * This attribute SHOULD have fixed size, but it
1919 * doesn't. Therefore it's malformed.
1920 */
1921 if (parent->flags.length && (data_len != parent->flags.length)) goto raw;
1922 FALL_THROUGH;
1923
1924 default:
1925 decode:
1926 ret = fr_value_box_from_network(vp, &vp->data, vp->vp_type, vp->da,
1927 &FR_DBUFF_TMP(p, data_len), data_len, true);
1928 if (ret < 0) {
1929 /*
1930 * Paranoid loop prevention
1931 */
1932 if (vp->da->flags.is_unknown) {
1933 talloc_free(vp);
1934 return -1;
1935 }
1936 goto raw;
1937 }
1938 break;
1939 }
1940
1941 vp->vp_tainted = true;
1942
1943 if (!tag) fr_pair_append(out, vp);
1944
1945 return attr_len;
1946}
1947
1948/*
1949 * Let's try to help the CPU as much as possible. If we have a
1950 * check on a buffer, that's less work than a series of if / then
1951 * / else conditions.
1952 */
1953static const bool special[UINT8_MAX + 1] = {
1954 [FR_NAS_FILTER_RULE] = true, /* magic rules */
1955 [FR_DIGEST_ATTRIBUTES] = true, /* magic rules */
1956
1957 [FR_EAP_MESSAGE] = true, /* concat */
1958 [FR_PKM_SS_CERT] = true, /* concat */
1959 [FR_PKM_CA_CERT] = true, /* concat */
1960 [FR_EAPOL_ANNOUNCEMENT] = true, /* concat */
1961
1962 [FR_EXTENDED_ATTRIBUTE_1] = true,
1963 [FR_EXTENDED_ATTRIBUTE_2] = true,
1964 [FR_EXTENDED_ATTRIBUTE_3] = true,
1965 [FR_EXTENDED_ATTRIBUTE_4] = true,
1966 [FR_EXTENDED_ATTRIBUTE_5] = true,
1967 [FR_EXTENDED_ATTRIBUTE_6] = true,
1968};
1969
1970/** Create a "normal" fr_pair_t from the given data
1971 *
1972 */
1973ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out,
1974 uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
1975{
1976 ssize_t ret;
1977 fr_dict_attr_t const *da;
1978
1979 if ((data_len < 2) || (data[1] < 2) || (data[1] > data_len)) {
1980 fr_strerror_printf("%s: Insufficient data", __FUNCTION__);
1981 return -1;
1982 }
1983
1984 /*
1985 * If we don't have a tag root already, then record where
1986 * we're putting the top level attributes and add the tags
1987 * there.
1988 */
1989 if (!packet_ctx->tag_root) {
1990 packet_ctx->tag_root = out;
1991 packet_ctx->tag_root_ctx = ctx;
1992 }
1993
1994 da = fr_dict_attr_child_by_num(fr_dict_root(dict_radius), data[0]);
1995 if (!da) {
1996 FR_PROTO_TRACE("Unknown attribute %u", data[0]);
1997 da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, fr_dict_root(dict_radius), data[0]);
1998 }
1999 if (!da) return -1;
2000 FR_PROTO_TRACE("decode context changed %s -> %s",da->parent->name, da->name);
2001
2002 /*
2003 * Empty attributes are silently ignored, except for CUI.
2004 */
2005 if (data[1] == 2) {
2006 fr_pair_t *vp;
2007
2008 if (data[0] != FR_CHARGEABLE_USER_IDENTITY) {
2009 return 2;
2010 }
2011
2012 /*
2013 * Hacks for CUI. The WiMAX spec says that it can be
2014 * zero length, even though this is forbidden by the
2015 * RADIUS specs. So... we make a special case for it.
2016 *
2017 * We can't create a zero length attribute,
2018 * because the talloc API won't let us. So, we
2019 * just create a fake attribute.
2020 */
2021 vp = fr_pair_afrom_da(ctx, da);
2022 if (!vp) return -1;
2023 PAIR_ALLOCED(vp);
2024
2025 /*
2026 * Ensure that it has a value.
2027 */
2028 if (fr_pair_value_memdup(vp, (uint8_t const *) "", 0, false) < 0) {
2029 talloc_free(vp);
2030 return -1;
2031 }
2032
2033 fr_pair_append(out, vp);
2034
2035 return 2;
2036 }
2037
2038 /*
2039 * A few attributes are special, but they're rare.
2040 */
2041 if (unlikely(special[data[0]])) {
2042 if (data[0] == FR_NAS_FILTER_RULE) {
2043 return decode_nas_filter_rule(ctx, out, da, data, data_len, packet_ctx);
2044 }
2045
2046 if (data[0] == FR_DIGEST_ATTRIBUTES) {
2047 return decode_digest_attributes(ctx, out, da, data, data_len, packet_ctx);
2048 }
2049
2050 /*
2051 * Concatenate consecutive top-level attributes together.
2052 */
2053 if (fr_radius_flag_concat(da)) {
2054 FR_PROTO_TRACE("Concat attribute");
2055 return decode_concat(ctx, out, da, data, packet_ctx->end);
2056 }
2057
2058 /*
2059 * Extended attributes have a horrible format.
2060 * Try to deal with that here, so that the rest
2061 * of the code doesn't have to.
2062 */
2063 if (fr_radius_flag_extended(da)) {
2064 return decode_extended(ctx, out, da, data, data_len, packet_ctx);
2065 }
2066
2067 /*
2068 * @todo - pre-concatenate WiMAX, if 26, and dv->continuation, too.
2069 */
2070 }
2071
2072 /*
2073 * Note that we pass the entire length, not just the
2074 * length of this attribute. The Extended or WiMAX
2075 * attributes may have the "continuation" bit set, and
2076 * will thus be more than one attribute in length.
2077 */
2078 ret = fr_radius_decode_pair_value(ctx, out,
2079 da, data + 2, data[1] - 2,
2080 packet_ctx);
2081 if (ret < 0) return ret;
2082
2083 fr_assert(ret < (1 << 16));
2084
2085 return 2 + ret;
2086}
2087
2088ssize_t fr_radius_decode_foreign(TALLOC_CTX *ctx, fr_pair_list_t *out,
2089 uint8_t const *data, size_t data_len)
2090{
2091 ssize_t slen;
2092 uint8_t const *attr, *end;
2093
2094 fr_radius_ctx_t common_ctx = {};
2095 fr_radius_decode_ctx_t decode_ctx = {
2096 .common = &common_ctx,
2097 .tmp_ctx = talloc(ctx, uint8_t),
2098 .end = data + data_len,
2099 };
2100
2101 fr_assert(dict_radius != NULL);
2102
2103 attr = data;
2104 end = decode_ctx.end;
2105
2106 while (attr < end) {
2107 slen = fr_radius_decode_pair(ctx, out, attr, (end - attr), &decode_ctx);
2108 if (slen < 0) {
2109// fail:
2110 talloc_free(decode_ctx.tmp_ctx);
2111 talloc_free(decode_ctx.tags);
2112 return slen;
2113 }
2114
2115#if 0
2116 /*
2117 * If slen is larger than the room in the packet,
2118 * all kinds of bad things happen.
2119 */
2120 if (!fr_cond_assert(slen <= (end - attr))) {
2121 goto fail;
2122 }
2123#endif
2124
2125 attr += slen;
2126 talloc_free_children(decode_ctx.tmp_ctx);
2127 }
2128
2129 talloc_free(decode_ctx.tmp_ctx);
2130 talloc_free(decode_ctx.tags);
2131 return data_len;
2132}
2133
2134static int _test_ctx_free(fr_radius_decode_ctx_t *ctx)
2135{
2136 TALLOC_FREE(ctx->tags);
2137
2138 return 0;
2139}
2140
2141static int decode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict,
2142 UNUSED fr_dict_attr_t const *root_da)
2143{
2144 static uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH] = {
2145 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2146 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
2147
2148 fr_radius_decode_ctx_t *test_ctx;
2149 fr_radius_ctx_t *common;
2150
2151 test_ctx = talloc_zero(ctx, fr_radius_decode_ctx_t);
2152 test_ctx->common = common = talloc_zero(test_ctx, fr_radius_ctx_t);
2153
2154 common->secret = talloc_strdup(test_ctx->common, "testing123");
2155 common->secret_length = talloc_array_length(test_ctx->common->secret) - 1;
2156
2157 test_ctx->request_authenticator = vector;
2158 test_ctx->tmp_ctx = talloc_zero(test_ctx, uint8_t);
2159 talloc_set_destructor(test_ctx, _test_ctx_free);
2160
2161 *out = test_ctx;
2162
2163 return 0;
2164}
2165
2166static const char *reason_name[DECODE_FAIL_MAX] = {
2167 [ DECODE_FAIL_NONE ] = "all OK",
2168 [ DECODE_FAIL_MIN_LENGTH_PACKET ] = "packet is too small",
2169 [ DECODE_FAIL_MAX_LENGTH_PACKET ] = "packet is too large",
2170 [ DECODE_FAIL_MIN_LENGTH_FIELD ] = "length field is too small",
2171 [ DECODE_FAIL_MIN_LENGTH_MISMATCH ] = "length mismatch",
2172 [ DECODE_FAIL_HEADER_OVERFLOW ] = "header overflow",
2173 [ DECODE_FAIL_UNKNOWN_PACKET_CODE ] = "unknown packet code",
2174 [ DECODE_FAIL_INVALID_ATTRIBUTE ] = "invalid attribute",
2175 [ DECODE_FAIL_ATTRIBUTE_TOO_SHORT ] = "attribute too short",
2176 [ DECODE_FAIL_ATTRIBUTE_OVERFLOW ] = "attribute overflows the packet",
2177 [ DECODE_FAIL_MA_INVALID_LENGTH ] = "invalid length for Message-Authenticator",
2178 [ DECODE_FAIL_ATTRIBUTE_UNDERFLOW ] = "attribute underflows the packet",
2179 [ DECODE_FAIL_TOO_MANY_ATTRIBUTES ] = "too many attributes",
2180 [ DECODE_FAIL_MA_MISSING ] = "Message-Authenticator is required, but missing",
2181 [ DECODE_FAIL_MA_INVALID ] = "Message-Authenticator is invalid",
2182 [ DECODE_FAIL_VERIFY ] = "Authenticator is invalid",
2183 [ DECODE_FAIL_UNKNOWN ] = "unknown",
2184};
2185
2186static ssize_t fr_radius_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out,
2187 uint8_t const *data, size_t data_len, void *proto_ctx)
2188{
2189 fr_radius_decode_ctx_t *test_ctx = talloc_get_type_abort(proto_ctx, fr_radius_decode_ctx_t);
2190 fr_radius_decode_fail_t reason;
2191 fr_pair_t *vp;
2192 size_t packet_len = data_len;
2193
2194 if (!fr_radius_ok(data, &packet_len, 200, false, &reason)) {
2195 fr_strerror_printf("Packet failed verification - %s", reason_name[reason]);
2196 return -1;
2197 }
2198
2199 /*
2200 * Decode the header
2201 */
2202 vp = fr_pair_afrom_da(ctx, attr_packet_type);
2203 if (!vp) {
2204 fr_strerror_const("Failed creating Packet-Type");
2205 return -1;
2206 }
2207 PAIR_ALLOCED(vp);
2208
2209 vp->vp_uint32 = data[0];
2210 fr_pair_append(out, vp);
2211
2212 vp = fr_pair_afrom_da(ctx, attr_packet_authentication_vector);
2213 if (!vp) {
2214 fr_strerror_const("Failed creating Packet-Authentication-Vector");
2215 return -1;
2216 }
2217 PAIR_ALLOCED(vp);
2218
2219 (void) fr_pair_value_memdup(vp, data + 4, 16, true);
2220 fr_pair_append(out, vp);
2221
2222 test_ctx->end = data + packet_len;
2223
2224 return fr_radius_decode(ctx, out, UNCONST(uint8_t *, data), packet_len, test_ctx);
2225}
2226
2227static ssize_t decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, NDEBUG_UNUSED fr_dict_attr_t const *parent,
2228 uint8_t const *data, size_t data_len, void *decode_ctx)
2229{
2230 fr_radius_decode_ctx_t *packet_ctx = decode_ctx;
2231
2232 fr_assert(parent == fr_dict_root(dict_radius));
2233
2234 packet_ctx->end = data + data_len;
2235 return fr_radius_decode_pair(ctx, out, data, data_len, decode_ctx);
2236}
2237
2238
2239/*
2240 * Test points
2241 */
2242extern fr_test_point_pair_decode_t radius_tp_decode_pair;
2247
2248extern fr_test_point_proto_decode_t radius_tp_decode_proto;
fr_radius_decode_abinary
ssize_t fr_radius_decode_abinary(fr_pair_t *vp, uint8_t const *data, size_t data_len)
Print an Ascend binary filter attribute to a string,.
Definition abinary.c:1316
buffer
static int const char char buffer[256]
Definition acutest.h:578
n
int n
Definition acutest.h:579
UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:167
RCSID
#define RCSID(id)
Definition build.h:485
NDEBUG_UNUSED
#define NDEBUG_UNUSED
Definition build.h:328
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
unlikely
#define unlikely(_x)
Definition build.h:383
UNUSED
#define UNUSED
Definition build.h:317
FR_DBUFF_TMP
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:524
fr_cond_assert
#define fr_cond_assert(_x)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:131
FR_DIGEST_ATTRIBUTES
#define FR_DIGEST_ATTRIBUTES
Definition defs.h:110
attr_packet_type
static fr_dict_attr_t const * attr_packet_type
Definition dhcpclient.c:89
fr_dict_vendor_t::continuation
bool continuation
we only have one flag for now, for WiMAX
Definition dict.h:272
fr_dict_vendor_t::type
size_t type
Length of type data.
Definition dict.h:273
fr_dict_protocol_t::decode
fr_dict_attr_decode_func_t decode
for decoding attributes.
Definition dict.h:488
fr_dict_attr_unknown_vendor_afrom_num
static fr_dict_attr_t * fr_dict_attr_unknown_vendor_afrom_num(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, unsigned int vendor)
Definition dict.h:609
fr_dict_protocol
fr_dict_protocol_t const * fr_dict_protocol(fr_dict_t const *dict)
Return the protocol descriptor for the dictionary.
Definition dict_util.c:5285
fr_dict_attr_unknown_raw_afrom_num
static fr_dict_attr_t * fr_dict_attr_unknown_raw_afrom_num(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, unsigned int attr)
Definition dict.h:616
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2704
fr_dict_vendor_t::pen
uint32_t pen
Private enterprise number.
Definition dict.h:271
fr_dict_attr_unknown_free
void fr_dict_attr_unknown_free(fr_dict_attr_t const **da)
Free dynamically allocated (unknown attributes)
Definition dict_unknown.c:233
fr_dict_vendor_t::length
size_t length
Length of length data.
Definition dict.h:274
fr_dict_attr_unknown_typed_afrom_num
static fr_dict_attr_t * fr_dict_attr_unknown_typed_afrom_num(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, unsigned int num, fr_type_t type)
Definition dict.h:601
fr_dict_vendor_by_num
fr_dict_vendor_t const * fr_dict_vendor_by_num(fr_dict_t const *dict, uint32_t vendor_pen)
Look up a vendor by its PEN.
Definition dict_util.c:2984
fr_dict_attr_child_by_num
fr_dict_attr_t const * fr_dict_attr_child_by_num(fr_dict_attr_t const *parent, unsigned int attr)
Check if a child attribute exists in a parent using an attribute number.
Definition dict_util.c:3632
fr_dict_protocol_t
Protocol-specific callbacks in libfreeradius-PROTOCOL.
Definition dict.h:456
fr_dict_vendor_t
Private enterprise.
Definition dict.h:270
fr_dict_attr_ref
static fr_dict_attr_t const * fr_dict_attr_ref(fr_dict_attr_t const *da)
Return the reference associated with a group type attribute.
Definition dict_ext.h:178
PAIR_DECODE_OOM
#define PAIR_DECODE_OOM
Fatal error - Out of memory.
Definition pair.h:45
PAIR_DECODE_FATAL_ERROR
#define PAIR_DECODE_FATAL_ERROR
Fatal error - Failed decoding the packet.
Definition pair.h:49
_test_ctx_free
static int _test_ctx_free(UNUSED fr_aka_sim_ctx_t *ctx)
Definition decode.c:1004
fr_pair_tlvs_from_network
ssize_t fr_pair_tlvs_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx, fr_pair_decode_value_t decode_tlv, fr_pair_tlvs_verify_t verify_tlvs, bool nested)
Decode a list of pairs from the network.
Definition decode.c:149
fr_pair_raw_from_network
ssize_t fr_pair_raw_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *da, uint8_t const *data, size_t data_len)
Create a "raw" pair from malformed network data.
Definition decode.c:79
fr_pair_array_from_network
ssize_t fr_pair_array_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx, fr_pair_decode_value_t decode_value)
Decode an array of values from the network.
Definition decode.c:41
talloc_free
talloc_free(reap)
zero
static const uint8_t * zero
Definition md4.c:357
fr_md5_ctx_free_from_list
void fr_md5_ctx_free_from_list(fr_md5_ctx_t **ctx)
Free function for MD5 digest ctx.
Definition md5.c:509
fr_md5_ctx_alloc_from_list
fr_md5_ctx_t * fr_md5_ctx_alloc_from_list(void)
Allocation function for MD5 digest context.
Definition md5.c:464
fr_md5_final
#define fr_md5_final(_out, _ctx)
Finalise the ctx, producing the digest.
Definition md5.h:93
fr_md5_ctx_copy
#define fr_md5_ctx_copy(_dst, _src)
Copy the contents of a ctx.
Definition md5.h:63
fr_md5_ctx_t
void fr_md5_ctx_t
Definition md5.h:28
fr_md5_update
#define fr_md5_update(_ctx, _in, _inlen)
Ingest plaintext into the digest.
Definition md5.h:86
fr_radius_ok
bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason)
Definition merged_model.c:253
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_IPV6_PREFIX
@ FR_TYPE_IPV6_PREFIX
IPv6 Prefix.
Definition merged_model.c:89
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition merged_model.c:119
FR_TYPE_VENDOR
@ FR_TYPE_VENDOR
Attribute that represents a vendor in the attribute tree.
Definition merged_model.c:122
FR_TYPE_IPV4_PREFIX
@ FR_TYPE_IPV4_PREFIX
IPv4 Prefix.
Definition merged_model.c:87
FR_TYPE_VSA
@ FR_TYPE_VSA
Vendor-Specific, for RADIUS attribute 26.
Definition merged_model.c:121
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
UINT8_MAX
#define UINT8_MAX
Definition merged_model.c:32
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
decode
static fr_radius_decode_fail_t decode(TALLOC_CTX *ctx, fr_pair_list_t *reply, uint8_t *response_code, bio_handle_t *h, request_t *request, bio_request_t *u, uint8_t const request_authenticator[static RADIUS_AUTH_VECTOR_LENGTH], uint8_t *data, size_t data_len)
Decode response packet data, extracting relevant information and validating the packet.
Definition bio.c:1192
RADIUS_AUTH_VECTOR_LENGTH
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89
fr_pair_value_memdup
int fr_pair_value_memdup(fr_pair_t *vp, uint8_t const *src, size_t len, bool tainted)
Copy data into an "octets" data type.
Definition pair.c:2945
fr_pair_append
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1348
fr_pair_afrom_da
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:289
fr_pair_list_init
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
Definition pair.c:46
fr_pair_value_bstrndup
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
Definition pair.c:2795
fr_pair_delete
int fr_pair_delete(fr_pair_list_t *list, fr_pair_t *vp)
Remove fr_pair_t from a list and free.
Definition pair.c:1829
fr_pair_value_mem_alloc
int fr_pair_value_mem_alloc(fr_pair_t *vp, uint8_t **out, size_t size, bool tainted)
Pre-allocate a memory buffer for a "octets" type value pair.
Definition pair.c:2894
fr_pair_afrom_da_nested
fr_pair_t * fr_pair_afrom_da_nested(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *da)
Create a pair (and all intermediate parents), and append it to the list.
Definition pair.c:474
decode_test_ctx
static int decode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict, UNUSED fr_dict_attr_t const *root_da)
Definition decode.c:102
decode_value_trampoline
static ssize_t decode_value_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
Handle arrays of DNS labels for fr_struct_from_network()
Definition decode.c:70
decode_vsa
static ssize_t decode_vsa(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
RFC 4243 Vendor Specific Suboptions.
Definition decode.c:369
decode_tlv_trampoline
static ssize_t decode_tlv_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
Definition decode.c:57
decode_pair
static ssize_t decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, NDEBUG_UNUSED fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx)
Definition decode.c:491
attr_packet_authentication_vector
HIDDEN fr_dict_attr_t const * attr_packet_authentication_vector
Definition base.c:56
fr_radius_ascend_secret
ssize_t fr_radius_ascend_secret(fr_dbuff_t *dbuff, uint8_t const *in, size_t inlen, char const *secret, uint8_t const *vector)
Do Ascend-Send / Recv-Secret calculation.
Definition base.c:251
fr_radius_decode
ssize_t fr_radius_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, fr_radius_decode_ctx_t *decode_ctx)
Definition base.c:1118
radius_tp_decode_proto
fr_test_point_proto_decode_t radius_tp_decode_proto
Definition decode.c:2249
fr_radius_decode_foreign
ssize_t fr_radius_decode_foreign(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len)
Definition decode.c:2088
decode_concat
static ssize_t decode_concat(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *parent, uint8_t const *data, uint8_t const *end)
Convert a "concatenated" attribute to one long VP.
Definition decode.c:342
decode_extended
static ssize_t decode_extended(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *da, uint8_t const *data, UNUSED size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Fast path for most extended attributes.
Definition decode.c:957
decode_digest_attributes
static ssize_t decode_digest_attributes(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
Decode Digest-Attributes.
Definition decode.c:599
decode_wimax
static ssize_t decode_wimax(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t attr_len, fr_radius_decode_ctx_t *packet_ctx)
Convert a Vendor-Specific WIMAX to vps.
Definition decode.c:1041
fr_radius_decode_tlv
ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Convert TLVs to one or more VPs.
Definition decode.c:650
reason_name
static const char * reason_name[DECODE_FAIL_MAX]
Definition decode.c:2166
radius_tp_decode_pair
fr_test_point_pair_decode_t radius_tp_decode_pair
Definition decode.c:2243
decode_value
#define decode_value
Definition decode.c:411
memcpy_bounded
static void memcpy_bounded(void *restrict dst, const void *restrict src, size_t n, const void *restrict end)
Definition decode.c:42
fr_radius_decode_password
static ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, fr_radius_decode_ctx_t *packet_ctx)
Decode password.
Definition decode.c:191
fr_radius_decode_pair_value
ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const attr_len, void *decode_ctx)
Create any kind of VP from the attribute contents.
Definition decode.c:1481
decode_extended_fragments
static ssize_t decode_extended_fragments(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t attr_len, fr_radius_decode_ctx_t *packet_ctx)
Convert a fragmented extended attr to a VP.
Definition decode.c:852
special
static const bool special[UINT8_MAX+1]
Definition decode.c:1953
fr_radius_decode_tlv_ok
int fr_radius_decode_tlv_ok(uint8_t const *data, size_t length, size_t dv_type, size_t dv_length)
Check if a set of RADIUS formatted TLVs are OK.
Definition decode.c:250
fr_radius_decode_pair
ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Create a "normal" fr_pair_t from the given data.
Definition decode.c:1973
decode_vsa_internal
static ssize_t decode_vsa_internal(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx, fr_dict_vendor_t const *dv)
Convert a top-level VSA to a VP.
Definition decode.c:730
decode_rfc
static ssize_t decode_rfc(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
decode an RFC-format TLV
Definition decode.c:416
decode_nas_filter_rule
static ssize_t decode_nas_filter_rule(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
Decode NAS-Filter-Rule.
Definition decode.c:485
fr_radius_decode_tunnel_password
static ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, fr_radius_decode_ctx_t *packet_ctx)
Decode Tunnel-Password encrypted attributes.
Definition decode.c:70
fr_radius_decode_proto
static ssize_t fr_radius_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, void *proto_ctx)
Definition decode.c:2186
attrs.h
VQP attributes.
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
dict_radius
static fr_dict_t const * dict_radius
Definition radclient-ng.c:107
done
static bool done
Definition radclient.c:83
fr_radius_tag_ctx_t::parent
fr_pair_t * parent
Definition radius.h:90
fr_radius_decode_ctx_t::tags
fr_radius_tag_ctx_t ** tags
for decoding tagged attributes
Definition radius.h:139
fr_radius_flag_concat
#define fr_radius_flag_concat(_da)
Definition radius.h:193
fr_radius_flag_has_tag
#define fr_radius_flag_has_tag(_da)
Definition radius.h:192
fr_radius_decode_ctx_t::request_authenticator
uint8_t const * request_authenticator
Definition radius.h:127
AUTH_PASS_LEN
#define AUTH_PASS_LEN
Definition radius.h:54
fr_radius_decode_fail_t
fr_radius_decode_fail_t
Failure reasons.
Definition radius.h:162
DECODE_FAIL_UNKNOWN
@ DECODE_FAIL_UNKNOWN
Definition radius.h:179
DECODE_FAIL_INVALID_ATTRIBUTE
@ DECODE_FAIL_INVALID_ATTRIBUTE
Definition radius.h:170
DECODE_FAIL_ATTRIBUTE_UNDERFLOW
@ DECODE_FAIL_ATTRIBUTE_UNDERFLOW
Definition radius.h:174
DECODE_FAIL_MIN_LENGTH_FIELD
@ DECODE_FAIL_MIN_LENGTH_FIELD
Definition radius.h:166
DECODE_FAIL_MAX_LENGTH_PACKET
@ DECODE_FAIL_MAX_LENGTH_PACKET
Definition radius.h:165
DECODE_FAIL_HEADER_OVERFLOW
@ DECODE_FAIL_HEADER_OVERFLOW
Definition radius.h:168
DECODE_FAIL_ATTRIBUTE_TOO_SHORT
@ DECODE_FAIL_ATTRIBUTE_TOO_SHORT
Definition radius.h:171
DECODE_FAIL_MA_INVALID
@ DECODE_FAIL_MA_INVALID
Definition radius.h:177
DECODE_FAIL_ATTRIBUTE_OVERFLOW
@ DECODE_FAIL_ATTRIBUTE_OVERFLOW
Definition radius.h:172
DECODE_FAIL_TOO_MANY_ATTRIBUTES
@ DECODE_FAIL_TOO_MANY_ATTRIBUTES
Definition radius.h:175
DECODE_FAIL_NONE
@ DECODE_FAIL_NONE
Definition radius.h:163
DECODE_FAIL_MIN_LENGTH_PACKET
@ DECODE_FAIL_MIN_LENGTH_PACKET
Definition radius.h:164
DECODE_FAIL_MIN_LENGTH_MISMATCH
@ DECODE_FAIL_MIN_LENGTH_MISMATCH
Definition radius.h:167
DECODE_FAIL_VERIFY
@ DECODE_FAIL_VERIFY
Definition radius.h:178
DECODE_FAIL_MA_INVALID_LENGTH
@ DECODE_FAIL_MA_INVALID_LENGTH
Definition radius.h:173
DECODE_FAIL_MAX
@ DECODE_FAIL_MAX
Definition radius.h:180
DECODE_FAIL_MA_MISSING
@ DECODE_FAIL_MA_MISSING
Definition radius.h:176
DECODE_FAIL_UNKNOWN_PACKET_CODE
@ DECODE_FAIL_UNKNOWN_PACKET_CODE
Definition radius.h:169
fr_radius_ctx_t::secret
char const * secret
Definition radius.h:95
fr_radius_decode_ctx_t::end
uint8_t const * end
end of the packet
Definition radius.h:130
RADIUS_MAX_STRING_LENGTH
#define RADIUS_MAX_STRING_LENGTH
Definition radius.h:35
fr_radius_flag_encrypted
#define fr_radius_flag_encrypted(_da)
Definition radius.h:195
fr_radius_flag_extended
static bool fr_radius_flag_extended(fr_dict_attr_t const *da)
Definition radius.h:197
fr_radius_decode_ctx_t::tag_root_ctx
TALLOC_CTX * tag_root_ctx
Where to allocate new tag attributes.
Definition radius.h:141
fr_radius_ctx_t::secret_length
size_t secret_length
Definition radius.h:96
RADIUS_MAX_PASS_LENGTH
#define RADIUS_MAX_PASS_LENGTH
Definition radius.h:39
fr_radius_decode_ctx_t::common
fr_radius_ctx_t const * common
Definition radius.h:125
fr_radius_flag_long_extended
#define fr_radius_flag_long_extended(_da)
Definition radius.h:204
fr_radius_attr_flags_encrypt_t
fr_radius_attr_flags_encrypt_t
Definition radius.h:144
RADIUS_FLAG_ENCRYPT_USER_PASSWORD
@ RADIUS_FLAG_ENCRYPT_USER_PASSWORD
Encrypt attribute RFC 2865 style.
Definition radius.h:147
RADIUS_FLAG_ENCRYPT_ASCEND_SECRET
@ RADIUS_FLAG_ENCRYPT_ASCEND_SECRET
Encrypt attribute ascend style.
Definition radius.h:149
RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD
@ RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD
Encrypt attribute RFC 2868 style.
Definition radius.h:148
fr_radius_flag_abinary
#define fr_radius_flag_abinary(_da)
Definition radius.h:194
fr_radius_decode_ctx_t::tunnel_password_zeros
bool tunnel_password_zeros
check for trailing zeros on decode
Definition radius.h:134
fr_radius_decode_ctx_t::tmp_ctx
TALLOC_CTX * tmp_ctx
for temporary things cleaned up during decoding
Definition radius.h:129
fr_radius_decode_ctx_t::tag_root
fr_pair_list_t * tag_root
Where to insert tag attributes.
Definition radius.h:140
fr_radius_ctx_t
Definition radius.h:94
fr_radius_decode_ctx_t
Definition radius.h:124
fr_radius_tag_ctx_t
Definition radius.h:89
attr_vendor_specific
static fr_dict_attr_t const * attr_vendor_specific
Definition radsnmp.c:113
vp
fr_pair_t * vp
Definition state_machine.c:2293
fr_struct_from_network
ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx, fr_pair_decode_value_t decode_value, fr_pair_decode_value_t decode_tlv)
Convert a STRUCT to one or more VPs.
Definition struct.c:32
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_test_point_pair_decode_t::test_ctx
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:86
fr_test_point_proto_decode_t::test_ctx
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:68
fr_test_point_pair_decode_t
Entry point for pair decoders.
Definition test_point.h:85
fr_test_point_proto_decode_t
Entry point for protocol decoders.
Definition test_point.h:67
head
static fr_slen_t head
Definition xlat.h:420
PAIR_ALLOCED
#define PAIR_ALLOCED(_x)
Definition pair.h:212
fr_pair_find_or_append_by_da
static int fr_pair_find_or_append_by_da(TALLOC_CTX *ctx, fr_pair_t **out, fr_pair_list_t *list, fr_dict_attr_t const *da)
Definition pair.h:541
fr_pair_list_free
void fr_pair_list_free(fr_pair_list_t *list)
Free memory used by a valuepair list.
Definition pair_inline.c:112
fr_pair_list_append
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
Definition pair_inline.c:181
fr_pair_list_num_elements
size_t fr_pair_list_num_elements(fr_pair_list_t const *list)
Get the length of a list of fr_pair_t.
Definition pair_inline.c:150
parent
static fr_slen_t parent
Definition pair.h:857
FR_PROTO_HEX_DUMP
#define FR_PROTO_HEX_DUMP(_data, _data_len, _fmt,...)
Definition proto.h:42
FR_PROTO_TRACE
#define FR_PROTO_TRACE(_fmt,...)
Definition proto.h:41
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:553
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:455
FR_TYPE_LEAF
#define FR_TYPE_LEAF
Definition types.h:318
fr_value_box_from_network
ssize_t fr_value_box_from_network(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t type, fr_dict_attr_t const *enumv, fr_dbuff_t *dbuff, size_t len, bool tainted)
Decode a fr_value_box_t from serialized binary data.
Definition value.c:1913
fr_value_box_ipaddr_from_network
ssize_t fr_value_box_ipaddr_from_network(fr_value_box_t *dst, fr_type_t type, fr_dict_attr_t const *enumv, int prefix_len, uint8_t const *data, size_t data_len, bool fixed, bool tainted)
Decode a fr_value_box_t of type IP address / prefix.
Definition value.c:2317
data
static fr_slen_t data
Definition value.h:1326
nonnull
int nonnull(2, 5))
out
static size_t char ** out
Definition value.h:1023
Generated by   doxygen 1.9.8