The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
decode.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: a4198616de3533255b199fe5ac0f00b417fa5f6b $
19 *
20 * @file protocols/radius/decode.c
21 * @brief Functions to decode RADIUS attributes
22 *
23 * @copyright 2000-2003,2006-2015 The FreeRADIUS server project
24 */
25RCSID("$Id: a4198616de3533255b199fe5ac0f00b417fa5f6b $")
26
27#include <freeradius-devel/util/md5.h>
28#include <freeradius-devel/util/struct.h>
29#include <freeradius-devel/io/test_point.h>
30#include <freeradius-devel/protocol/radius/freeradius.internal.h>
31
32#include "attrs.h"
33
34/*
35 * For all of the concat/extended attributes.
36 */
37#include <freeradius-devel/protocol/radius/rfc2869.h>
38#include <freeradius-devel/protocol/radius/rfc5904.h>
39#include <freeradius-devel/protocol/radius/rfc6929.h>
40#include <freeradius-devel/protocol/radius/rfc7268.h>
41
42static void memcpy_bounded(void * restrict dst, const void * restrict src, size_t n, const void * restrict end)
43{
44 size_t len = n;
45
46 if (!fr_cond_assert(n <= 65535)) {
47 return;
48 }
49
50 if (!fr_cond_assert(src <= end)) {
51 return;
52 }
53
54 if (len == 0) return;
55
56 if (!fr_cond_assert(((uint8_t const * restrict) src + len) <= (uint8_t const * restrict) end)) {
57 len = (uint8_t const * restrict) end - (uint8_t const * restrict) src;
58 }
59
60 memcpy(dst, src, len);
61}
62
63
64/** Decode Tunnel-Password encrypted attributes
65 *
66 * Defined in RFC-2868, this uses a two char SALT along with the
67 * initial intermediate value, to differentiate it from the
68 * above.
69 */
70static ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, fr_radius_decode_ctx_t *packet_ctx)
71{
72 fr_md5_ctx_t *md5_ctx, *md5_ctx_old;
73 uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH];
74 size_t i, n, encrypted_len, embedded_len;
75
76 encrypted_len = *pwlen;
77
78 /*
79 * We need at least a salt.
80 */
81 if (encrypted_len < 2) {
82 fr_strerror_const("Tunnel password is too short");
83 return -1;
84 }
85
86 /*
87 * There's a salt, but no password. Or, there's a salt
88 * and a 'data_len' octet. It's wrong, but at least we
89 * can figure out what it means: the password is empty.
90 *
91 * Note that this means we ignore the 'data_len' field,
92 * if the attribute length tells us that there's no
93 * more data. So the 'data_len' field may be wrong,
94 * but that's ok...
95 */
96 if (encrypted_len <= 3) {
97 passwd[0] = 0;
98 *pwlen = 0;
99 return 0;
100 }
101
102 encrypted_len -= 2; /* discount the salt */
103
104 md5_ctx = fr_md5_ctx_alloc_from_list();
105 md5_ctx_old = fr_md5_ctx_alloc_from_list();
106
107 fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length);
108 fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */
109
110 /*
111 * Set up the initial key:
112 *
113 * b(1) = MD5(secret + vector + salt)
114 */
115 fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH);
116 fr_md5_update(md5_ctx, passwd, 2);
117
118 embedded_len = 0;
119 for (n = 0; n < encrypted_len; n += AUTH_PASS_LEN) {
120 size_t base;
121 size_t block_len = AUTH_PASS_LEN;
122
123 /*
124 * Ensure we don't overflow the input on MD5
125 */
126 if ((n + 2 + AUTH_PASS_LEN) > *pwlen) {
127 block_len = *pwlen - n - 2;
128 }
129
130 if (n == 0) {
131 base = 1;
132
133 fr_md5_final(digest, md5_ctx);
134 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
135
136 /*
137 * A quick check: decrypt the first octet
138 * of the password, which is the
139 * 'data_len' field. Ensure it's sane.
140 */
141 embedded_len = passwd[2] ^ digest[0];
142 if (embedded_len > encrypted_len) {
143 fr_strerror_printf("Tunnel Password is too long for the attribute "
144 "(shared secret is probably incorrect!)");
145 fr_md5_ctx_free_from_list(&md5_ctx);
146 fr_md5_ctx_free_from_list(&md5_ctx_old);
147 return -1;
148 }
149
150 fr_md5_update(md5_ctx, passwd + 2, block_len);
151
152 } else {
153 base = 0;
154
155 fr_md5_final(digest, md5_ctx);
156
157 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
158 fr_md5_update(md5_ctx, passwd + n + 2, block_len);
159 }
160
161 for (i = base; i < block_len; i++) {
162 passwd[n + i - 1] = passwd[n + i + 2] ^ digest[i];
163 }
164 }
165
166 fr_md5_ctx_free_from_list(&md5_ctx);
167 fr_md5_ctx_free_from_list(&md5_ctx_old);
168
169 /*
170 * Check trailing bytes
171 */
172 if (packet_ctx->tunnel_password_zeros) for (i = embedded_len; i < (encrypted_len - 1); i++) { /* -1 for length field */
173 if (passwd[i] != 0) {
174 fr_strerror_printf("Trailing garbage in Tunnel Password "
175 "(shared secret is probably incorrect!)");
176
177 return -1;
178 }
179 }
180
181 *pwlen = embedded_len;
182
183 passwd[embedded_len] = '\0';
184
185 return embedded_len;
186}
187
188/** Decode password
189 *
190 */
191static ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, fr_radius_decode_ctx_t *packet_ctx)
192{
193 fr_md5_ctx_t *md5_ctx, *md5_ctx_old;
194 uint8_t digest[RADIUS_AUTH_VECTOR_LENGTH];
195 int i;
196 size_t n;
197
198 fr_assert(pwlen <= RADIUS_MAX_STRING_LENGTH);
199
200 /*
201 * Catch idiots.
202 */
203 if (pwlen == 0) goto done;
204
205 md5_ctx = fr_md5_ctx_alloc_from_list();
206 md5_ctx_old = fr_md5_ctx_alloc_from_list();
207
208 fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length);
209 fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */
210
211 /*
212 * The inverse of the code above.
213 */
214 for (n = 0; n < pwlen; n += AUTH_PASS_LEN) {
215 if (n == 0) {
216 fr_md5_update(md5_ctx, packet_ctx->request_authenticator, RADIUS_AUTH_VECTOR_LENGTH);
217 fr_md5_final(digest, md5_ctx);
218
219 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
220 if (pwlen > AUTH_PASS_LEN) {
221 fr_md5_update(md5_ctx, (uint8_t *) passwd, AUTH_PASS_LEN);
222 }
223 } else {
224 fr_md5_final(digest, md5_ctx);
225
226 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
227 if (pwlen > (n + AUTH_PASS_LEN)) {
228 fr_md5_update(md5_ctx, (uint8_t *) passwd + n, AUTH_PASS_LEN);
229 }
230 }
231
232 for (i = 0; i < AUTH_PASS_LEN; i++) passwd[i + n] ^= digest[i];
233 }
234
235 fr_md5_ctx_free_from_list(&md5_ctx);
236 fr_md5_ctx_free_from_list(&md5_ctx_old);
237
238 done:
239 passwd[pwlen] = '\0';
240 return strlen(passwd);
241}
242
243/** Check if a set of RADIUS formatted TLVs are OK
244 *
245 */
246int fr_radius_decode_tlv_ok(uint8_t const *data, size_t length, size_t dv_type, size_t dv_length)
247{
248 uint8_t const *end = data + length;
249
250 FR_PROTO_TRACE("Checking TLV %u/%u", (unsigned int) dv_type, (unsigned int) dv_length);
251
252 FR_PROTO_HEX_DUMP(data, length, "tlv_ok");
253
254 if ((dv_length > 2) || (dv_type == 0) || (dv_type > 4)) {
255 fr_strerror_printf("%s: Invalid arguments", __FUNCTION__);
256 return -1;
257 }
258
259 while (data < end) {
260 size_t attrlen;
261
262 if ((data + dv_type + dv_length) > end) {
263 fr_strerror_const("Attribute header overflow");
264 return -1;
265 }
266
267 switch (dv_type) {
268 case 4:
269 if ((data[0] == 0) && (data[1] == 0) &&
270 (data[2] == 0) && (data[3] == 0)) {
271 zero:
272 fr_strerror_const("Invalid attribute 0");
273 return -1;
274 }
275
276 if (data[0] != 0) {
277 fr_strerror_const("Invalid attribute > 2^24");
278 return -1;
279 }
280 break;
281
282 case 2:
283 if ((data[0] == 0) && (data[1] == 0)) goto zero;
284 break;
285
286 case 1:
287 /*
288 * Zero is allowed, because the Colubris
289 * people are dumb and use it.
290 */
291 break;
292
293 default:
294 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
295 return -1;
296 }
297
298 switch (dv_length) {
299 case 0:
300 return 0;
301
302 case 2:
303 if (data[dv_type] != 0) {
304 fr_strerror_const("Attribute is longer than 256 octets");
305 return -1;
306 }
307 FALL_THROUGH;
308 case 1:
309 attrlen = data[dv_type + dv_length - 1];
310 break;
311
312
313 default:
314 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
315 return -1;
316 }
317
318 if (attrlen < (dv_type + dv_length)) {
319 fr_strerror_const("Attribute header has invalid length");
320 return -1;
321 }
322
323 if (attrlen > length) {
324 fr_strerror_const("Attribute overflows container");
325 return -1;
326 }
327
328 data += attrlen;
329 length -= attrlen;
330 }
331
332 return 0;
333}
334
335/** Convert a "concatenated" attribute to one long VP
336 *
337 */
338static ssize_t decode_concat(TALLOC_CTX *ctx, fr_pair_list_t *list,
339 fr_dict_attr_t const *parent, uint8_t const *data,
340 uint8_t const *end)
341{
342 size_t total;
343 uint8_t attr;
344 uint8_t const *ptr = data;
345 uint8_t *p;
346 fr_pair_t *vp;
347
348 fr_assert(parent->type == FR_TYPE_OCTETS);
349
350 total = 0;
351 attr = ptr[0];
352
353 /*
354 * See how many consecutive attributes there are.
355 */
356 while (ptr < end) {
357 if ((ptr + 2) == end) break;
358 if ((ptr + 2) > end) return -1;
359 if (ptr[1] <= 2) return -1;
360 if ((ptr + ptr[1]) > end) return -1;
361
362 total += ptr[1] - 2;
363
364 ptr += ptr[1];
365
366 if (ptr == end) break;
367
368 /*
369 * Attributes MUST be consecutive.
370 */
371 if (ptr[0] != attr) break;
372 }
373
374 /*
375 * Reset the end of the data we're trying to parse
376 */
377 end = ptr;
378
379 /*
380 * If there's no data, just return that we skipped the
381 * attribute header.
382 */
383 if (!total) return 2;
384
385 vp = fr_pair_afrom_da(ctx, parent);
386 if (!vp) return -1;
387 PAIR_ALLOCED(vp);
388
389 if (fr_pair_value_mem_alloc(vp, &p, total, true) != 0) {
390 talloc_free(vp);
391 return -1;
392 }
393
394 ptr = data;
395 while (ptr < end) {
396 memcpy_bounded(p, ptr + 2, ptr[1] - 2, end);
397 p += ptr[1] - 2;
398 ptr += ptr[1];
399 }
400 fr_pair_append(list, vp);
401 return ptr - data;
402}
403
404/*
405 * Short-term hack to help clean things up.
406 */
407#define decode_value fr_radius_decode_pair_value
408
409/** decode an RFC-format TLV
410 *
411 */
412static ssize_t decode_rfc(TALLOC_CTX *ctx, fr_pair_list_t *out,
413 fr_dict_attr_t const *parent,
414 uint8_t const *data, size_t const data_len, void *decode_ctx)
415{
416 unsigned int attr;
417 size_t len;
418 ssize_t slen;
419 fr_dict_attr_t const *da;
420 fr_radius_decode_ctx_t *packet_ctx = decode_ctx;
421
422#ifdef STATIC_ANALYZER
423 if (!packet_ctx || !packet_ctx->tmp_ctx) return PAIR_DECODE_FATAL_ERROR;
424#endif
425
426 fr_assert(parent != NULL);
427
428 /*
429 * Must have at least a header.
430 */
431 if ((data_len < 2) || (data[1] < 2)) {
432 fr_strerror_printf("%s: Insufficient data", __FUNCTION__);
433 return -(data_len);
434 }
435
436 /*
437 * Empty attributes are ignored.
438 */
439 if (data[1] == 2) return 2;
440
441 attr = data[0];
442 len = data[1];
443 if (len > data_len) {
444 fr_strerror_printf("%s: Attribute overflows input. "
445 "Length must be less than %zu bytes, got %zu bytes",
446 __FUNCTION__, data_len - 2, len - 2);
447 return PAIR_DECODE_FATAL_ERROR;
448 }
449
450 da = fr_dict_attr_child_by_num(parent, attr);
451 if (!da) {
452 da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, attr);
453 if (!da) return PAIR_DECODE_FATAL_ERROR;
454 slen = fr_pair_raw_from_network(ctx, out, da, data + 2, len - 2);
455 if (slen < 0) return slen;
456 return len;
457 }
458 FR_PROTO_TRACE("decode context changed %s -> %s",da->parent->name, da->name);
459
460 if (da->flags.array) {
461 slen = fr_pair_array_from_network(ctx, out, da, data + 2, len - 2, decode_ctx, decode_value);
462
463 } else if (da->type == FR_TYPE_TLV) {
464 slen = fr_pair_tlvs_from_network(ctx, out, da, data + 2, len - 2, decode_ctx, decode_rfc, NULL, true);
465
466 } else {
467 slen = decode_value(ctx, out, da, data + 2, len - 2, decode_ctx);
468 }
469
470 if (slen < 0) return slen;
471
472 return len;
473}
474
475
476/** Decode NAS-Filter-Rule
477 *
478 * Similar to decode_concat, but contains multiple values instead of
479 * one.
480 */
481static ssize_t decode_nas_filter_rule(TALLOC_CTX *ctx, fr_pair_list_t *out,
482 fr_dict_attr_t const *parent, uint8_t const *data,
483 size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
484{
485 uint8_t const *ptr = data;
486 uint8_t const *end = data + data_len;
487 uint8_t const *decode, *decode_end;
488 uint8_t *buffer = NULL;
489 size_t total = 0;
490 int attrs = 0;
491
492 /*
493 * Figure out how long the total length of the data is.
494 * This is so that we can do the decoding from a
495 * temporary buffer. Which means that we coalesce data
496 * across multiple attributes, separately from chopping
497 * the data at zero bytes.
498 */
499 while (ptr < end) {
500 if ((ptr + 2) == end) break;
501 if ((ptr + 2) > end) return -1;
502 if ((ptr[0] != FR_NAS_FILTER_RULE)) break;
503 if (ptr[1] <= 2) return -1;
504 if ((ptr + ptr[1]) > end) return -1;
505
506 total += ptr[1] - 2;
507 ptr += ptr[1];
508 attrs++;
509 }
510 end = ptr;
511
512 FR_PROTO_TRACE("Coalesced NAS-Filter-Rule has %lu octets", total);
513
514 /*
515 * More than one attribute, create a temporary buffer,
516 * and copy all of the data over to it.
517 */
518 if (attrs > 1) {
519 uint8_t *p;
520
521 buffer = talloc_array(packet_ctx->tmp_ctx, uint8_t, total);
522 if (!buffer) return PAIR_DECODE_OOM;
523
524 p = buffer;
525 ptr = data;
526
527 /*
528 * Don't bother doing sanity checks, as they were
529 * already done above.
530 */
531 while (ptr < end) {
532 fr_assert(p < (buffer + total));
533 memcpy(p, ptr + 2, ptr[1] - 2);
534 p += ptr[1] - 2;
535 ptr += ptr[1];
536 }
537
538 decode = buffer;
539 decode_end = buffer + total;
540 } else {
541 decode = data + 2;
542 decode_end = data + data[1];
543 }
544
545 FR_PROTO_HEX_DUMP(decode, decode_end - decode, "NAS-Filter-Rule coalesced");
546
547 /*
548 * And now walk through "decode", decoding to VPs.
549 */
550 while (decode < decode_end) {
551 size_t len;
552 uint8_t const *p;
553
554 p = decode;
555
556 while (p < decode_end) {
557 if (*p == 0x00) break;
558 p++;
559 }
560
561 len = (p - decode);
562 if (len) {
563 fr_pair_t *vp;
564
565 FR_PROTO_TRACE("This NAS-Filter-Rule has %lu octets", len);
566 FR_PROTO_HEX_DUMP(decode, len, "This NAS-Filter-Rule");
567 vp = fr_pair_afrom_da(ctx, parent);
568 if (!vp) {
569 talloc_free(buffer);
570 return -1;
571 }
572 PAIR_ALLOCED(vp);
573
574 if (fr_pair_value_bstrndup(vp, (char const *) decode, len, true) != 0) {
575 talloc_free(buffer);
576 talloc_free(vp);
577 return -1;
578 }
579 fr_pair_append(out, vp);
580 }
581
582 /*
583 * Skip the zero byte
584 */
585 decode = p + 1;
586 }
587
588 talloc_free(buffer);
589 return end - data; /* end of the NAS-Filter-Rule */
590}
591
592
593/** Decode Digest-Attributes
594 *
595 * The VPs are nested, and consecutive Digest-Attributes attributes are decoded into the same parent.
596 */
597static ssize_t decode_digest_attributes(TALLOC_CTX *ctx, fr_pair_list_t *out,
598 fr_dict_attr_t const *parent, uint8_t const *data,
599 size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
600{
601 ssize_t slen;
602 fr_pair_t *vp;
603 uint8_t const *p = data;
604 uint8_t const *end = data + data_len;
605
606 fr_assert(parent->type == FR_TYPE_TLV);
607
608 vp = fr_pair_afrom_da(ctx, parent);
609 if (!vp) return PAIR_DECODE_OOM;
610 PAIR_ALLOCED(vp);
611
612redo:
613 FR_PROTO_HEX_DUMP(p, end - p, "decode_digest_attributes");
614
615 if (((size_t) (end - p) < 2) || (p[1] > (size_t) (end - p))) {
616 slen = fr_pair_raw_from_network(vp, &vp->vp_group, parent, p, end - p);
617 if (slen < 0) {
618 talloc_free(vp);
619 return slen;
620 }
621
622 goto done;
623 }
624
625 slen = fr_pair_tlvs_from_network(vp, &vp->vp_group, parent, p + 2, p[1] - 2, packet_ctx, decode_rfc, NULL, false);
626 if (slen <= 0) {
627 talloc_free(vp);
628 return slen;
629 }
630
631 /*
632 * Decode consecutive ones into the same parent.
633 */
634 p += p[1];
635 if (((p + 2) < end) && ((p[0] == FR_DIGEST_ATTRIBUTES) && (p[1] > 2))) {
636 goto redo;
637 }
638
639done:
640 fr_pair_append(out, vp);
641 return p - data;
642}
643
644
645/** Convert TLVs to one or more VPs
646 *
647 */
648ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_pair_list_t *out,
649 fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len,
650 fr_radius_decode_ctx_t *packet_ctx)
651{
652 uint8_t const *p = data, *end = data + data_len;
653 fr_dict_attr_t const *child;
654 fr_pair_list_t head;
655 fr_pair_list_t tlv_tmp;
656 fr_pair_t *vp;
657
658 fr_pair_list_init(&head);
659 if (data_len < 3) return -1; /* type, length, value */
660
661#ifdef STATIC_ANALYZER
662 if (!packet_ctx->tmp_ctx) return -1;
663#endif
664
665 FR_PROTO_HEX_DUMP(p, data_len, "tlvs");
666
667 if (fr_radius_decode_tlv_ok(p, data_len, 1, 1) < 0) return -1;
668
669 vp = fr_pair_afrom_da(ctx, parent);
670 if (!vp) return PAIR_DECODE_OOM;
671 PAIR_ALLOCED(vp);
672
673 /*
674 * Record where we were in the list when this function was called
675 * Create a temporary sub-list, so decode errors don't
676 * affect the main list.
677 */
678 fr_pair_list_init(&tlv_tmp);
679 while (p < end) {
680 ssize_t tlv_len;
681
682 child = fr_dict_attr_child_by_num(parent, p[0]);
683 if (!child) {
684 FR_PROTO_TRACE("Failed to find child %u of TLV %s", p[0], parent->name);
685
686 /*
687 * Child is unknown and not a TLV: build an unknown attr
688 */
689 if (fr_radius_decode_tlv_ok(p + 2, p[1] - 2, 1, 1) < 0) {
690 child = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, p[0]);
691 if (!child) {
692 error:
693 talloc_free(vp);
694 return -1;
695 }
696 } else {
697 /*
698 * Child is formed as a TLV, decode it as such
699 */
700 child = fr_dict_attr_unknown_typed_afrom_num(packet_ctx->tmp_ctx, parent, p[0], FR_TYPE_TLV);
701 if (!child) goto error;
702
703 FR_PROTO_TRACE("decode context changed %s -> %s", parent->name, child->name);
704 tlv_len = fr_radius_decode_tlv(vp, &tlv_tmp, child, p + 2, p[1] - 2, packet_ctx);
705 goto check;
706 }
707 }
708 FR_PROTO_TRACE("decode context changed %s -> %s", parent->name, child->name);
709
710 tlv_len = fr_radius_decode_pair_value(vp, &tlv_tmp,
711 child, p + 2, p[1] - 2,
712 packet_ctx);
713 check:
714 if (tlv_len < 0) goto error;
715 p += p[1];
716 }
717
718 fr_pair_list_append(&vp->vp_group, &tlv_tmp);
719 fr_pair_append(out, vp);
720
721 return data_len;
722}
723
724/** Convert a top-level VSA to a VP.
725 *
726 * "length" can be LONGER than just this sub-vsa.
727 */
728static ssize_t decode_vsa_internal(TALLOC_CTX *ctx, fr_pair_list_t *out,
729 fr_dict_attr_t const *parent,
730 uint8_t const *data, size_t data_len,
731 fr_radius_decode_ctx_t *packet_ctx, fr_dict_vendor_t const *dv)
732{
733 unsigned int attribute;
734 ssize_t attrlen, my_len;
735 fr_dict_attr_t const *da;
736
737#ifdef STATIC_ANALYZER
738 if (!packet_ctx->tmp_ctx) return -1;
739#endif
740
741 /*
742 * Parent must be a vendor
743 */
744 if (!fr_cond_assert(parent->type == FR_TYPE_VENDOR)) {
745 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
746 return -1;
747 }
748
749 FR_PROTO_TRACE("Length %u", (unsigned int)data_len);
750
751#ifndef NDEBUG
752 if (data_len <= (dv->type + dv->length)) {
753 fr_strerror_printf("%s: Failure to call fr_radius_decode_tlv_ok", __FUNCTION__);
754 return -1;
755 }
756#endif
757
758 switch (dv->type) {
759 case 4:
760 /* data[0] must be zero */
761 attribute = data[1] << 16;
762 attribute |= data[2] << 8;
763 attribute |= data[3];
764 break;
765
766 case 2:
767 attribute = data[0] << 8;
768 attribute |= data[1];
769 break;
770
771 case 1:
772 attribute = data[0];
773 break;
774
775 default:
776 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
777 return -1;
778 }
779
780 switch (dv->length) {
781 case 2:
782 /* data[dv->type] must be zero, from fr_radius_decode_tlv_ok() */
783 attrlen = data[dv->type + 1];
784 break;
785
786 case 1:
787 attrlen = data[dv->type];
788 break;
789
790 case 0:
791 attrlen = data_len;
792 break;
793
794 default:
795 fr_strerror_printf("%s: Internal sanity check failed", __FUNCTION__);
796 return -1;
797 }
798
799 /*
800 * See if the VSA is known.
801 */
802 da = fr_dict_attr_child_by_num(parent, attribute);
803 if (da) {
804 decode:
805 FR_PROTO_TRACE("decode context changed %s -> %s", da->parent->name, da->name);
806
807 my_len = fr_radius_decode_pair_value(ctx, out,
808 da, data + dv->type + dv->length,
809 attrlen - (dv->type + dv->length),
810 packet_ctx);
811 if (my_len < 0) return my_len;
812
813 /*
814 * It's unknown. Let's see if we can decode it as a TLV. While this check can sometimes
815 * (rarely) decode non-TLVs as TLVs, that situation will be rare. And it's very useful
816 * to be able to decode nested unknown TLVs.
817 *
818 * Note that if the TLV length is zero, then we have no real way to tell if the TLV is
819 * well formed, so we just go create a raw VP.
820 */
821 } else if ((dv->length == 0) || (fr_radius_decode_tlv_ok(data + dv->type + dv->length, attrlen - (dv->type + dv->length), dv->type, dv->length) < 0)) {
822 da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, attribute);
823 if (!da) return -1;
824
825 goto decode;
826
827 } else {
828 da = fr_dict_attr_unknown_typed_afrom_num(packet_ctx->tmp_ctx, parent, attribute, FR_TYPE_TLV);
829 if (!da) return -1;
830
831 goto decode;
832 }
833
834 return attrlen;
835}
836
837
838/** Convert a fragmented extended attr to a VP
839 *
840 * Format is:
841 *
842 * attr
843 * length
844 * extended-attr
845 * flag
846 * data...
847 *
848 * But for the first fragment, we get passed a pointer to the "extended-attr"
849 */
850static ssize_t decode_extended_fragments(TALLOC_CTX *ctx, fr_pair_list_t *out,
851 fr_dict_attr_t const *parent,
852 uint8_t const *data, size_t attr_len,
853 fr_radius_decode_ctx_t *packet_ctx)
854{
855 ssize_t ret;
856 size_t fraglen;
857 uint8_t *head, *tail;
858 uint8_t const *frag, *end;
859 uint8_t const *attr;
860 int fragments;
861 bool last_frag;
862
863 /*
864 * data = Ext-Attr Flag ...
865 */
866
867 if (attr_len < 3) return -1;
868
869 /*
870 * No continuation, just decode the attribute in place.
871 */
872 if ((data[1] & 0x80) == 0) {
873 ret = fr_radius_decode_pair_value(ctx, out,
874 parent, data + 2, attr_len - 2, packet_ctx);
875 if (ret < 0) return -1;
876 return attr_len;
877 }
878
879 /*
880 * Calculate the length of all of the fragments. For
881 * now, they MUST be contiguous in the packet, and they
882 * MUST be all of the same TYPE and EXTENDED-TYPE
883 */
884 attr = data - 2;
885 fraglen = attr_len - 2;
886 frag = data + attr_len;
887 end = packet_ctx->end;
888 fragments = 1;
889 last_frag = false;
890
891 while (frag < end) {
892 if (last_frag || ((end - frag) < 4) ||
893 (frag[0] != attr[0]) ||
894 (frag[1] < 4) || /* too short for long_extended */
895 (frag[2] != attr[2]) ||
896 ((frag + frag[1]) > end)) { /* overflow */
897 end = frag;
898 break;
899 }
900
901 last_frag = ((frag[3] & 0x80) == 0);
902
903 fraglen += frag[1] - 4;
904 frag += frag[1];
905 fragments++;
906 }
907
908 head = tail = talloc_array(ctx, uint8_t, fraglen);
909 if (!head) return -1;
910
911 FR_PROTO_TRACE("Fragments %d, total length %d", fragments, (int) fraglen);
912
913 /*
914 * And again, but faster and looser.
915 *
916 * We copy the first fragment, followed by the rest of
917 * the fragments.
918 */
919 frag = attr;
920
921 while (fragments > 0) {
922 if (frag[1] > 4) memcpy_bounded(tail, frag + 4, frag[1] - 4, end);
923 tail += frag[1] - 4;
924 frag += frag[1];
925 fragments--;
926 }
927
928 FR_PROTO_HEX_DUMP(head, fraglen, "long_extended fragments");
929
930 /*
931 * Reset the "end" pointer, because we're not passing in
932 * the real data.
933 */
934 {
935 uint8_t const *tmp = packet_ctx->end;
936 packet_ctx->end = head + fraglen;
937
938 ret = fr_radius_decode_pair_value(ctx, out,
939 parent, head, fraglen, packet_ctx);
940
941 packet_ctx->end = tmp;
942 }
943
944 talloc_free(head);
945 if (ret < 0) return ret;
946
947 return end - data;
948}
949
950/** Fast path for most extended attributes.
951 *
952 * data_len has already been checked by the caller, so we don't care
953 * about it here.
954 */
955static ssize_t decode_extended(TALLOC_CTX *ctx, fr_pair_list_t *out,
956 fr_dict_attr_t const *da,
957 uint8_t const *data, UNUSED size_t data_len,
958 fr_radius_decode_ctx_t *packet_ctx)
959{
960 ssize_t slen;
961 fr_dict_attr_t const *child;
962 fr_pair_t *vp;
963
964 /*
965 * They MUST have one byte of Extended-Type. The
966 * case of "2" is already handled above with CUI.
967 */
968 if (data[1] == 3) {
969 slen = fr_pair_raw_from_network(ctx, out, da, data + 2, 1);
970 if (slen <= 0) return slen;
971 return 2 + slen;
972 }
973
974 /*
975 * Get a new child.
976 */
977 child = fr_dict_attr_child_by_num(da, data[2]);
978 if (!child) {
979 fr_dict_attr_t *unknown;
980 FR_PROTO_TRACE("Unknown extended attribute %u.%u", data[0], data[2]);
981 unknown = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, da, data[2]);
982 if (!unknown) return -1;
983
984 child = unknown;
985 }
986
987 /*
988 * One byte of type, and N bytes of data.
989 */
990 if (!fr_radius_flag_long_extended(da)) {
991 if (fr_pair_find_or_append_by_da(ctx, &vp, out, da) < 0) return PAIR_DECODE_OOM;
992
993 slen = fr_radius_decode_pair_value(vp, &vp->vp_group, child, data + 3, data[1] - 3, packet_ctx);
994 fr_dict_attr_unknown_free(&child);
995 if (slen < 0 ) return slen;
996
997 fr_assert(slen < (1 << 16));
998 return 3 + slen;
999 }
1000
1001 /*
1002 * It MUST have one byte of type, and one byte of
1003 * flags. If there's no data here, we just
1004 * ignore it, whether or not the "More" bit is
1005 * set.
1006 */
1007 if (data[1] == 4) {
1008 fr_dict_attr_unknown_free(&child);
1009 slen = fr_pair_raw_from_network(ctx, out, da, data + 2, 2);
1010 if (slen < 0) return slen;
1011 return 4;
1012 }
1013
1014 if (fr_pair_find_or_append_by_da(ctx, &vp, out, da) < 0) return PAIR_DECODE_OOM;
1015
1016 /*
1017 * No continuation - just decode as-is.
1018 */
1019 if ((data[3] & 0x80) == 0) {
1020 slen = fr_radius_decode_pair_value(vp, &vp->vp_group, child, data + 4, data[1] - 4, packet_ctx);
1021 fr_dict_attr_unknown_free(&child);
1022 if (slen < 0 ) return slen;
1023 return 4 + slen;
1024 }
1025
1026 /*
1027 * Concatenate all of the fragments together, and decode the resulting thing.
1028 */
1029 slen = decode_extended_fragments(vp, &vp->vp_group, child, data + 2, data[1] - 2, packet_ctx);
1030 fr_dict_attr_unknown_free(&child);
1031 if (slen < 0) return slen;
1032 return 2 + slen;
1033}
1034
1035/** Convert a Vendor-Specific WIMAX to vps
1036 *
1037 * @note Called ONLY for Vendor-Specific
1038 */
1039static ssize_t decode_wimax(TALLOC_CTX *ctx, fr_pair_list_t *out,
1040 fr_dict_attr_t const *parent,
1041 uint8_t const *data, size_t attr_len,
1042 fr_radius_decode_ctx_t *packet_ctx)
1043{
1044 ssize_t ret;
1045 size_t wimax_len;
1046 bool more;
1047 uint8_t *head, *tail;
1048 uint8_t const *attr, *end;
1049 fr_dict_attr_t const *da;
1050 fr_pair_t *vsa, *vendor;
1051
1052#ifdef STATIC_ANALYZER
1053 if (!packet_ctx->tmp_ctx) return -1;
1054#endif
1055
1056 fr_assert(packet_ctx->end != NULL);
1057 fr_assert((data + attr_len) <= packet_ctx->end);
1058
1059 /*
1060 * data = VID VID VID VID WiMAX-Attr WiMAX-Len Continuation ...
1061 */
1062 if (attr_len < 8) {
1063 FR_PROTO_TRACE("attribute is too small to be WiMAX");
1064 return -1;
1065 }
1066
1067 /*
1068 * WiMAX-Attr WiMAX-Len Continuation
1069 */
1070 if (data[5] < 3) {
1071 FR_PROTO_TRACE("attribute is too small to be WiMAX-Attr-WiMAX-Len Continuation");
1072 return -1;
1073 }
1074
1075 /*
1076 * The WiMAX-Len + 4 VID must exactly fill the attribute.
1077 */
1078 if (((size_t) (data[5] + 4)) != attr_len) {
1079 FR_PROTO_TRACE("WiMAX VSA does not exactly fill the attribute");
1080 return -1;
1081 }
1082
1083 if (fr_pair_find_or_append_by_da(ctx, &vsa, out, attr_vendor_specific) < 0) return PAIR_DECODE_OOM;
1084
1085 if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, parent) < 0) return PAIR_DECODE_OOM;
1086
1087 da = fr_dict_attr_child_by_num(parent, data[4]);
1088 if (!da) da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, parent, data[4]);
1089 if (!da) return -1;
1090 FR_PROTO_TRACE("decode context changed %s -> %s", da->parent->name, da->name);
1091
1092 /*
1093 * No continuation, just decode the attribute in place.
1094 */
1095 if ((data[6] & 0x80) == 0) {
1096 FR_PROTO_TRACE("WiMAX no continuation");
1097 ret = fr_radius_decode_pair_value(vendor, &vendor->vp_group,
1098 da, data + 7, data[5] - 3, packet_ctx);
1099 if (ret < 0) return ret;
1100
1101 return attr_len;
1102 }
1103
1104 /*
1105 * Calculate the length of all of the fragments. For
1106 * now, they MUST be contiguous in the packet, and they
1107 * MUST be all of the same VSA, WiMAX, and WiMAX-attr.
1108 *
1109 * The first fragment doesn't have a RADIUS attribute
1110 * header.
1111 */
1112 wimax_len = 0;
1113 attr = data + 4;
1114 end = packet_ctx->end;
1115
1116 while (attr < end) {
1117 /*
1118 * Not enough room for Attribute + length +
1119 * continuation, it's bad.
1120 */
1121 if ((end - attr) < 3) {
1122 FR_PROTO_TRACE("end - attr < 3");
1123 return -1;
1124 }
1125
1126 /*
1127 * Must have non-zero data in the attribute.
1128 */
1129 if (attr[1] <= 3) {
1130 FR_PROTO_TRACE("attr[1] <= 3");
1131 return -1;
1132 }
1133
1134 /*
1135 * If the WiMAX attribute overflows the packet,
1136 * it's bad.
1137 */
1138 if ((attr + attr[1]) > end) {
1139 FR_PROTO_TRACE("attr + attr[1]) > end");
1140 return -1;
1141 }
1142
1143 /*
1144 * Check the continuation flag.
1145 */
1146 more = ((attr[2] & 0x80) != 0);
1147
1148 /*
1149 * Or, there's no more data, in which case we
1150 * shorten "end" to finish at this attribute.
1151 */
1152 if (!more) end = attr + attr[1];
1153
1154 /*
1155 * There's more data, but we're at the end of the
1156 * packet. The attribute is malformed!
1157 */
1158 if (more && ((attr + attr[1]) == end)) {
1159 FR_PROTO_TRACE("more && ((attr + attr[1]) == end)");
1160 return -1;
1161 }
1162
1163 /*
1164 * Add in the length of the data we need to
1165 * concatenate together.
1166 */
1167 wimax_len += attr[1] - 3;
1168
1169 /*
1170 * Go to the next attribute, and stop if there's
1171 * no more.
1172 */
1173 attr += attr[1];
1174 if (!more) break;
1175
1176 /*
1177 * data = VID VID VID VID WiMAX-Attr WimAX-Len Continuation ...
1178 *
1179 * attr = Vendor-Specific VSA-Length VID VID VID VID WiMAX-Attr WimAX-Len Continuation ...
1180 *
1181 */
1182
1183 /*
1184 * No room for Vendor-Specific + length +
1185 * Vendor(4) + attr + length + continuation + data
1186 */
1187 if ((end - attr) < 9) {
1188 FR_PROTO_TRACE("(end - attr) < 9");
1189 return -1;
1190 }
1191
1192 if (attr[0] != FR_VENDOR_SPECIFIC) {
1193 FR_PROTO_TRACE("attr[0] != FR_VENDOR_SPECIFIC");
1194 return -1;
1195 }
1196
1197 if (attr[1] < 9) {
1198 FR_PROTO_TRACE("attr[1] < 9");
1199 return -1;
1200 }
1201
1202 if ((attr + attr[1]) > end) {
1203 FR_PROTO_TRACE("(attr + attr[1]) > end");
1204 return -1;
1205 }
1206
1207 if (memcmp(data, attr + 2, 4) != 0) {
1208 FR_PROTO_TRACE("not the same vendor");
1209 return -1; /* not WiMAX Vendor ID */
1210 }
1211
1212 if (attr[1] != (attr[7] + 6)) {
1213 FR_PROTO_TRACE("attr[1] != (attr[7] + 6)");
1214 return -1; /* WiMAX attr doesn't exactly fill the VSA */
1215 }
1216
1217 if (data[4] != attr[6]) {
1218 FR_PROTO_TRACE("data[4] != attr[6]");
1219 return -1; /* different WiMAX attribute */
1220 }
1221
1222 /*
1223 * Skip over the Vendor-Specific header, and
1224 * continue with the WiMAX attributes.
1225 */
1226 attr += 6;
1227 }
1228
1229 /*
1230 * No data in the WiMAX attribute, make a "raw" one.
1231 */
1232 if (!wimax_len) {
1233 FR_PROTO_TRACE("!wimax_len");
1234 return -1;
1235 }
1236
1237 head = tail = talloc_array(ctx, uint8_t, wimax_len);
1238 if (!head) return -1;
1239
1240 /*
1241 * Copy the data over, this time trusting the attribute
1242 * contents.
1243 */
1244 attr = data;
1245 while (attr < end) {
1246 memcpy_bounded(tail, attr + 4 + 3, attr[4 + 1] - 3, end);
1247 tail += attr[4 + 1] - 3;
1248 attr += 4 + attr[4 + 1]; /* skip VID+WiMax header */
1249 attr += 2; /* skip Vendor-Specific header */
1250 }
1251
1252 FR_PROTO_HEX_DUMP(head, wimax_len, "Wimax fragments");
1253
1254 /*
1255 * Reset the "end" pointer, because we're not passing in
1256 * the real data.
1257 */
1258 {
1259 uint8_t const *tmp = packet_ctx->end;
1260 packet_ctx->end = head + wimax_len;
1261
1262 FR_PROTO_TRACE("WiMAX decode concatenated");
1263 FR_PROTO_HEX_DUMP(head, wimax_len, "%s", __FUNCTION__ );
1264 ret = fr_radius_decode_pair_value(ctx, out,
1265 da, head, wimax_len, packet_ctx);
1266
1267 packet_ctx->end = tmp;
1268 }
1269
1270 talloc_free(head);
1271 if (ret < 0) return ret;
1272
1273 return end - data;
1274}
1275
1276
1277/** Convert a top-level VSA to one or more VPs
1278 *
1279 */
1280static ssize_t CC_HINT(nonnull) decode_vsa(TALLOC_CTX *ctx, fr_pair_list_t *out,
1281 fr_dict_attr_t const *parent,
1282 uint8_t const *data, size_t attr_len,
1283 fr_radius_decode_ctx_t *packet_ctx)
1284{
1285 size_t total;
1286 ssize_t ret;
1287 uint32_t vendor_pen;
1288 fr_dict_vendor_t const *dv;
1289 fr_pair_list_t head;
1290 fr_dict_vendor_t my_dv;
1291 fr_dict_attr_t const *vendor_da;
1292 fr_pair_list_t tlv_tmp;
1293 fr_pair_t *vsa, *vendor;
1294
1295 fr_pair_list_init(&head);
1296
1297#ifdef STATIC_ANALYZER
1298 if (!packet_ctx->tmp_ctx) return -1;
1299#endif
1300
1301 /*
1302 * Container must be a VSA
1303 */
1304 if (!fr_cond_assert(parent->type == FR_TYPE_VSA)) return -1;
1305
1306 if ((data + attr_len) > packet_ctx->end) return -1;
1307 if (attr_len < 5) return -1; /* vid, value */
1308 if (data[0] != 0) return -1; /* we require 24-bit VIDs */
1309
1310 FR_PROTO_TRACE("Decoding VSA");
1311
1312 memcpy(&vendor_pen, data, 4);
1313 vendor_pen = ntohl(vendor_pen);
1314
1315 /*
1316 * Verify that the parent (which should be a VSA)
1317 * contains a fake attribute representing the vendor.
1318 *
1319 * If it doesn't then this vendor is unknown, but
1320 * (unlike DHCP) we know vendor attributes have a
1321 * standard format, so we can decode the data anyway.
1322 */
1323 vendor_da = fr_dict_attr_child_by_num(parent, vendor_pen);
1324 if (!vendor_da) {
1325 fr_dict_attr_t *n;
1326 /*
1327 * RFC format is 1 octet type, 1 octet length
1328 */
1329 if (fr_radius_decode_tlv_ok(data + 4, attr_len - 4, 1, 1) < 0) {
1330 FR_PROTO_TRACE("Unknown TLVs not OK: %s", fr_strerror());
1331 return -1;
1332 }
1333
1334 n = fr_dict_attr_unknown_vendor_afrom_num(packet_ctx->tmp_ctx, parent, vendor_pen);
1335 if (!n) return -1;
1336 vendor_da = n;
1337
1338 fr_assert(vendor_da->flags.type_size == 1);
1339
1340 /*
1341 * Create an unknown DV too...
1342 */
1343 memset(&my_dv, 0, sizeof(my_dv));
1344
1345 my_dv.pen = vendor_pen;
1346 my_dv.type = 1;
1347 my_dv.length = 1;
1348
1349 dv = &my_dv;
1350
1351 goto create_attrs;
1352 }
1353
1354 /*
1355 * We found an attribute representing the vendor
1356 * so it *MUST* exist in the vendor tree.
1357 */
1358 dv = fr_dict_vendor_by_num(dict_radius, vendor_pen);
1359 if (!fr_cond_assert(dv)) return -1;
1360 FR_PROTO_TRACE("decode context %s -> %s", parent->name, vendor_da->name);
1361
1362 /*
1363 * WiMAX craziness
1364 */
1365 if (dv->continuation) {
1366 ret = decode_wimax(ctx, out, vendor_da, data, attr_len, packet_ctx);
1367 return ret;
1368 }
1369
1370 /*
1371 * VSAs should normally be in TLV format.
1372 */
1373 if (fr_radius_decode_tlv_ok(data + 4, attr_len - 4, dv->type, dv->length) < 0) {
1374 FR_PROTO_TRACE("TLVs not OK: %s", fr_strerror());
1375 return -1;
1376 }
1377
1378 /*
1379 * There may be more than one VSA in the
1380 * Vendor-Specific. If so, loop over them all.
1381 */
1382create_attrs:
1383 if (fr_pair_find_or_append_by_da(ctx, &vsa, out, parent) < 0) return PAIR_DECODE_OOM;
1384
1385 if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, vendor_da) < 0) return PAIR_DECODE_OOM;
1386
1387 data += 4;
1388 attr_len -= 4;
1389 total = 4;
1390
1391 fr_pair_list_init(&tlv_tmp);
1392 while (attr_len > 0) {
1393 ssize_t vsa_len;
1394
1395 /*
1396 * Vendor attributes can have subattributes (if you hadn't guessed)
1397 */
1398 vsa_len = decode_vsa_internal(vendor, &tlv_tmp,
1399 vendor_da, data, attr_len, packet_ctx, dv);
1400 if (vsa_len < 0) {
1401 FR_PROTO_TRACE("TLV decode failed: %s", fr_strerror());
1402 fr_strerror_printf("%s: Internal sanity check %d", __FUNCTION__, __LINE__);
1403 fr_pair_list_free(&tlv_tmp);
1404 return -1;
1405 }
1406
1407 data += vsa_len;
1408 attr_len -= vsa_len;
1409 total += vsa_len;
1410 }
1411 fr_pair_list_append(&vendor->vp_group, &tlv_tmp);
1412
1413 /*
1414 * Hacks for tags. The tagged VSAs don't go into the
1415 * root, they go into the Tag-# attribute. But we only
1416 * know that after we've created the parents. So clean up if necessary.
1417 *
1418 * @todo - maybe cache these somewhere to avoid bouncing.
1419 */
1420 if (fr_pair_list_num_elements(&vendor->vp_group) == 0) {
1421 if (fr_pair_list_num_elements(&vsa->vp_group) == 1) { /* only the vendor */
1422 fr_pair_delete(out, vsa);
1423 } else {
1424 fr_pair_delete(&vsa->vp_group, vendor);
1425 }
1426 }
1427
1428 /*
1429 * When the unknown attributes were created by
1430 * decode_vsa_internal, the hierarchy between that unknown
1431 * attribute and first known attribute was cloned
1432 * meaning we can now free the unknown vendor.
1433 */
1434
1435 return total;
1436}
1437
1438/** Wrapper called by fr_struct_from_network()
1439 *
1440 * Because extended attributes can continue across the current value.
1441 * So that function needs to know both the value length, *and* the
1442 * packet length. But when we're decoding values inside of a struct,
1443 * we're not using extended attributes.
1444 */
1445static ssize_t decode_value_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out,
1446 fr_dict_attr_t const *parent,
1447 uint8_t const *data, size_t data_len, void *decode_ctx)
1448{
1449 return fr_radius_decode_pair_value(ctx, out, parent, data, data_len, decode_ctx);
1450}
1451
1452/** Wrapper called by fr_struct_from_network()
1453 */
1454static ssize_t decode_tlv_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out,
1455 fr_dict_attr_t const *parent,
1456 uint8_t const *data, size_t data_len, void *decode_ctx)
1457{
1458 FR_PROTO_HEX_DUMP(data, data_len, "%s", __FUNCTION__ );
1459
1460 return fr_radius_decode_tlv(ctx, out, parent, data, data_len, decode_ctx);
1461}
1462
1463
1464/** Create any kind of VP from the attribute contents
1465 *
1466 * "length" is AT LEAST the length of this attribute, as we
1467 * expect the caller to have verified the data with
1468 * fr_packet_ok(). "length" may be up to the length of the
1469 * packet.
1470 *
1471 * This function will ONLY return -1 on programmer error or OOM. If
1472 * there's anything wrong with the attribute, it will ALWAYS create a
1473 * "raw" attribute.
1474 *
1475 * @return
1476 * - Length on success.
1477 * - -1 on failure.
1478 */
1479ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out,
1480 fr_dict_attr_t const *parent,
1481 uint8_t const *data, size_t const attr_len,
1482 void *decode_ctx)
1483{
1484 int8_t tag = 0;
1485 size_t data_len;
1486 ssize_t ret;
1487 fr_dict_attr_t const *child;
1488 fr_pair_t *vp = NULL;
1489 uint8_t const *p = data;
1490 uint8_t buffer[256]; /* must be multiple of 16 */
1491 fr_radius_attr_flags_encrypt_t encrypt;
1492 fr_radius_decode_ctx_t *packet_ctx = decode_ctx;
1493
1494 if (attr_len > 128 * 1024) {
1495 fr_strerror_printf("%s: packet is too large to be RADIUS", __FUNCTION__);
1496 return -1;
1497 }
1498
1499 if ((data + attr_len) > packet_ctx->end) {
1500 fr_strerror_printf("%s: input overflows packet", __FUNCTION__);
1501 return -1;
1502 }
1503
1504 FR_PROTO_HEX_DUMP(data, attr_len, "%s", __FUNCTION__ );
1505
1506 FR_PROTO_TRACE("Parent %s len %zu ... %zu", parent->name, attr_len, (size_t) (packet_ctx->end - data));
1507
1508 data_len = attr_len;
1509
1510 /*
1511 * Silently ignore zero-length attributes.
1512 */
1513 if (attr_len == 0) return 0;
1514
1515 /*
1516 * Hacks for tags.
1517 */
1518 if (fr_radius_flag_has_tag(parent)) {
1519 /*
1520 * Check for valid tags and data types.
1521 */
1522 if (parent->type == FR_TYPE_UINT32) {
1523 if ((attr_len != 4) || (p[0] >= 0x20)) {
1524 goto raw;
1525 }
1526
1527 } else if (parent->type != FR_TYPE_STRING) {
1528 goto raw;
1529 }
1530
1531 /*
1532 * Tag values MUST be less than 32.
1533 */
1534 if (p[0] < 0x20) {
1535 /*
1536 * Only "short" attributes can be encrypted.
1537 */
1538 if (data_len >= sizeof(buffer)) goto raw;
1539
1540 if (parent->type == FR_TYPE_STRING) {
1541 memcpy(buffer, p + 1, data_len - 1);
1542 tag = p[0];
1543 data_len -= 1;
1544
1545 } else if (parent->type == FR_TYPE_UINT32) {
1546 memcpy(buffer, p, attr_len);
1547 tag = buffer[0];
1548 buffer[0] = 0;
1549 }
1550
1551 p = buffer;
1552
1553 } /* else the field is >=0x20, so it's not a tag */
1554 }
1555
1556 if (tag) {
1557 fr_radius_tag_ctx_t **new_tag_ctx = NULL;
1558
1559 if (!packet_ctx->tags) {
1560 /*
1561 * This should NOT be packet_ctx.tmp_ctx,
1562 * as that is freed after decoding every
1563 * packet. We wish to aggregate the tags
1564 * across multiple attributes.
1565 */
1566 new_tag_ctx = talloc_zero_array(NULL, fr_radius_tag_ctx_t *, 32);
1567 if (unlikely(!new_tag_ctx)) return PAIR_DECODE_OOM;
1568
1569 FR_PROTO_TRACE("Allocated tag cache %p", new_tag_ctx);
1570
1571 packet_ctx->tags = new_tag_ctx;
1572 }
1573
1574 fr_assert(tag < 0x20);
1575
1576 if (!packet_ctx->tags[tag]) {
1577 fr_pair_t *group;
1578 fr_dict_attr_t const *group_da;
1579
1580 packet_ctx->tags[tag] = talloc_zero(packet_ctx->tags, fr_radius_tag_ctx_t);
1581 if (unlikely(!packet_ctx->tags[tag])) {
1582 if (new_tag_ctx) TALLOC_FREE(packet_ctx->tags);
1583 return PAIR_DECODE_OOM;
1584 }
1585
1586 group_da = fr_dict_attr_child_by_num(fr_dict_root(dict_radius), FR_TAG_BASE + tag);
1587 if (unlikely(!group_da)) {
1588 tag_alloc_error:
1589 TALLOC_FREE(packet_ctx->tags[tag]);
1590 return PAIR_DECODE_OOM;
1591 }
1592
1593 group = fr_pair_afrom_da(packet_ctx->tag_root_ctx, group_da);
1594 if (unlikely(!group)) goto tag_alloc_error;
1595 PAIR_ALLOCED(group);
1596
1597 packet_ctx->tags[tag]->parent = group;
1598
1599 FR_PROTO_TRACE("Allocated tag attribute %p (%u)", group, tag);
1600
1601 fr_pair_append(packet_ctx->tag_root, group);
1602#ifdef TALLOC_GET_TYPE_ABORT_NOOP
1603 }
1604#else
1605 } else {
1606 talloc_get_type_abort(packet_ctx->tags, fr_radius_tag_ctx_t *);
1607 talloc_get_type_abort(packet_ctx->tags[tag], fr_radius_tag_ctx_t);
1608 talloc_get_type_abort(packet_ctx->tags[tag]->parent, fr_pair_t);
1609 }
1610#endif
1611 }
1612
1613 encrypt = fr_radius_flag_encrypted(parent);
1614
1615 /*
1616 * Decrypt the attribute.
1617 */
1618 if (encrypt) {
1619 FR_PROTO_TRACE("Decrypting type %d", encrypt);
1620 /*
1621 * Encrypted attributes can only exist for the
1622 * old-style format. Extended attributes CANNOT
1623 * be encrypted.
1624 */
1625 if (attr_len > 253) goto raw;
1626
1627 if (p == data) memcpy(buffer, p, attr_len);
1628 p = buffer;
1629
1630 switch (encrypt) { /* can't be tagged */
1631 /*
1632 * User-Password
1633 */
1634 case RADIUS_FLAG_ENCRYPT_USER_PASSWORD:
1635 if (!packet_ctx->request_authenticator) goto raw;
1636
1637 fr_radius_decode_password((char *)buffer, attr_len, packet_ctx);
1638
1639 /*
1640 * MS-CHAP-MPPE-Keys are 24 octets, and
1641 * encrypted. Since it's binary, we can't
1642 * look for trailing zeros.
1643 */
1644 if (parent->flags.length) {
1645 if (data_len > parent->flags.length) {
1646 data_len = parent->flags.length;
1647 } /* else leave data_len alone */
1648 } else {
1649 /*
1650 * Take off trailing zeros from the END.
1651 * This allows passwords to have zeros in
1652 * the middle of a field.
1653 *
1654 * However, if the password has a zero at
1655 * the end, it will get mashed by this
1656 * code. There's really no way around
1657 * that.
1658 */
1659 while ((data_len > 0) && (buffer[data_len - 1] == '\0')) data_len--;
1660 }
1661 break;
1662
1663 /*
1664 * Tunnel-Password's go in response packets,
1665 * except for CoA-Requests. They can have a tag,
1666 * so data_len is not the same as attrlen.
1667 */
1668 case RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD:
1669 if (!packet_ctx->request_authenticator) goto raw;
1670
1671 if (fr_radius_decode_tunnel_password(buffer, &data_len, packet_ctx) < 0) {
1672 goto raw;
1673 }
1674 break;
1675
1676 /*
1677 * Ascend-Send-Secret
1678 * Ascend-Receive-Secret
1679 */
1680 case RADIUS_FLAG_ENCRYPT_ASCEND_SECRET:
1681 if (!packet_ctx->request_authenticator) goto raw;
1682
1683 fr_radius_ascend_secret(&FR_DBUFF_TMP(buffer, sizeof(buffer)), p, data_len,
1684 packet_ctx->common->secret, packet_ctx->common->secret_length,
1685 packet_ctx->request_authenticator);
1686 buffer[RADIUS_AUTH_VECTOR_LENGTH] = '\0';
1687 data_len = strlen((char *) buffer);
1688 break;
1689
1690 default:
1691 /*
1692 * Chop the attribute to its maximum length.
1693 */
1694 if ((parent->type == FR_TYPE_OCTETS) &&
1695 (parent->flags.length && (data_len > parent->flags.length))) {
1696 data_len = parent->flags.length;
1697 }
1698 break;
1699 } /* switch over encryption flags */
1700 }
1701
1702 /*
1703 * Double-check the length after decrypting the
1704 * attribute.
1705 */
1706 FR_PROTO_TRACE("Type \"%s\" (%u)", fr_type_to_str(parent->type), parent->type);
1707
1708 switch (parent->type) {
1709 case FR_TYPE_LEAF:
1710 break;
1711
1712 case FR_TYPE_VSA:
1713 /*
1714 * VSAs in the RFC space are encoded one way.
1715 * VSAs in the "extended" space are different.
1716 */
1717 if (!parent->parent || !fr_radius_flag_extended(parent->parent)) {
1718 /*
1719 * VSAs can be WiMAX, in which case they don't
1720 * fit into one attribute.
1721 */
1722 ret = decode_vsa(ctx, out, parent, p, attr_len, packet_ctx);
1723 if (ret < 0) goto raw;
1724 return ret;
1725
1726 } else {
1727 fr_dict_attr_t const *vendor_da;
1728 fr_pair_t *vsa, *vendor;
1729 uint32_t vendor_pen;
1730
1731
1732 if (data_len < 6) goto raw; /* vid, vtype, value */
1733
1734 memcpy(&vendor_pen, p, 4);
1735 vendor_pen = ntohl(vendor_pen);
1736
1737 /*
1738 * For simplicity in our attribute tree, vendors are
1739 * represented as a subtlv(ish) of an EVS or VSA
1740 * attribute.
1741 */
1742 vendor_da = fr_dict_attr_child_by_num(parent, vendor_pen);
1743 if (!vendor_da) {
1744 /*
1745 * If there's no child, it means the vendor is unknown. Create a
1746 * temporary vendor in the packet_ctx. This will be cleaned up when the
1747 * decoder exists, which is fine. Because any unknown attributes which
1748 * depend on it will copy the entire hierarchy.
1749 */
1750 vendor_da = fr_dict_attr_unknown_vendor_afrom_num(packet_ctx->tmp_ctx, parent, vendor_pen);
1751 if (!vendor_da) return PAIR_DECODE_OOM;
1752 }
1753
1754 child = fr_dict_attr_child_by_num(vendor_da, p[4]);
1755 if (!child) {
1756 /*
1757 * Vendor exists but child didn't, create an unknown child.
1758 */
1759 child = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, vendor_da, p[4]);
1760 if (!child) {
1761 fr_strerror_printf_push("decoder failed creating unknown attribute in %s",
1762 parent->name);
1763 return -1;
1764 }
1765 }
1766
1767 if (fr_pair_find_or_append_by_da(ctx, &vsa, out, parent) < 0) return PAIR_DECODE_OOM;
1768
1769 if (fr_pair_find_or_append_by_da(vsa, &vendor, &vsa->vp_group, vendor_da) < 0) return PAIR_DECODE_OOM;
1770
1771 /*
1772 * Everything was found in the dictionary, we can
1773 * now recurse to decode the value.
1774 */
1775 ret = fr_radius_decode_pair_value(vendor, &vendor->vp_group,
1776 child, p + 5, attr_len - 5,
1777 packet_ctx);
1778 if (ret < 0) goto raw;
1779 return attr_len;
1780 }
1781
1782 case FR_TYPE_TLV:
1783 /*
1784 * We presume that the TLVs all fit into one
1785 * attribute, OR they've already been grouped
1786 * into a contiguous memory buffer.
1787 */
1788 ret = fr_radius_decode_tlv(ctx, out, parent, p, attr_len, packet_ctx);
1789 if (ret < 0) goto raw;
1790 return attr_len;
1791
1792 case FR_TYPE_STRUCT:
1793 /*
1794 * We presume that the struct fits into one
1795 * attribute, OR it's already been grouped
1796 * into a contiguous memory buffer.
1797 */
1798 ret = fr_struct_from_network(ctx, out, parent, p, attr_len,
1799 packet_ctx, decode_value_trampoline, decode_tlv_trampoline);
1800 if (ret < 0) goto raw;
1801 return attr_len;
1802
1803 case FR_TYPE_GROUP:
1804 {
1805 fr_dict_attr_t const *ref;
1806 fr_dict_protocol_t const *proto;
1807
1808 ref = fr_dict_attr_ref(parent);
1809 if (!ref) goto raw;
1810
1811 fr_assert(ref->dict != parent->dict);
1812
1813 proto = fr_dict_protocol(ref->dict);
1814 fr_assert(proto != NULL);
1815
1816 if (!proto->decode) goto raw;
1817
1818 vp = fr_pair_afrom_da(ctx, parent);
1819 if (!vp) return -1;
1820 PAIR_ALLOCED(vp);
1821
1822 ret = proto->decode(vp, &vp->vp_group, p, attr_len);
1823 if (ret < 0) goto raw;
1824
1825 vp->vp_tainted = true;
1826
1827 fr_pair_append(out, vp);
1828 return attr_len;
1829 }
1830
1831 default:
1832 raw:
1833 if (vp) talloc_free(vp);
1834
1835 return fr_pair_raw_from_network(ctx, out, parent, data, attr_len);
1836 }
1837
1838 /*
1839 * And now that we've verified the basic type
1840 * information, decode the actual p.
1841 */
1842 if (!tag) {
1843 vp = fr_pair_afrom_da(ctx, parent);
1844 } else {
1845 fr_assert(packet_ctx->tags != NULL);
1846 fr_assert(packet_ctx->tags[tag] != NULL);
1847 vp = fr_pair_afrom_da_nested(packet_ctx->tags[tag]->parent, &packet_ctx->tags[tag]->parent->vp_group, parent);
1848 }
1849 if (!vp) return -1;
1850 PAIR_ALLOCED(vp);
1851
1852 switch (parent->type) {
1853 /*
1854 * RFC8044 IPv4 prefix
1855 *
1856 * 0 1 2 3
1857 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1858 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1859 * | Reserved | Prefix-Length | Prefix ...
1860 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1861 * ... Prefix |
1862 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1863 *
1864 * The bits outside of the prefix mask MUST be zero.
1865 */
1866 case FR_TYPE_IPV4_PREFIX:
1867 if (data_len != 6) goto raw;
1868 if (p[0] != 0) goto raw;
1869
1870 if (fr_value_box_ipaddr_from_network(&vp->data, parent->type, parent,
1871 p[1], p + 2, 4, true, true) < 0) {
1872 goto raw;
1873 }
1874 break;
1875
1876 /*
1877 * RFC8044 IPv6 prefix
1878 *
1879 * 0 1 2 3
1880 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1881 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1882 * | Type | Length | Reserved | Prefix-Length |
1883 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1884 * Prefix
1885 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1886 * Prefix
1887 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1888 * Prefix
1889 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1890 * Prefix |
1891 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1892 *
1893 * The bits outside of the prefix mask MUST be zero.
1894 */
1895 case FR_TYPE_IPV6_PREFIX:
1896 {
1897 if (data_len > 18) goto raw;
1898 if (data_len < 2) goto raw;
1899 if (p[0] != 0) goto raw; /* First byte is always 0 */
1900
1901 if (fr_value_box_ipaddr_from_network(&vp->data, parent->type, parent,
1902 p[1], p + 2, data_len - 2, false, true) < 0) {
1903 goto raw;
1904 }
1905
1906 }
1907 break;
1908
1909 case FR_TYPE_STRING:
1910 if (!fr_radius_flag_abinary(parent)) goto decode;
1911
1912 if (fr_radius_decode_abinary(vp, p, data_len) < 0) goto raw;
1913 break;
1914
1915 case FR_TYPE_OCTETS:
1916 /*
1917 * This attribute SHOULD have fixed size, but it
1918 * doesn't. Therefore it's malformed.
1919 */
1920 if (parent->flags.length && (data_len != parent->flags.length)) goto raw;
1921 FALL_THROUGH;
1922
1923 default:
1924 decode:
1925 ret = fr_value_box_from_network(vp, &vp->data, vp->vp_type, vp->da,
1926 &FR_DBUFF_TMP(p, data_len), data_len, true);
1927 if (ret < 0) {
1928 /*
1929 * Paranoid loop prevention
1930 */
1931 if (vp->da->flags.is_unknown) {
1932 talloc_free(vp);
1933 return -1;
1934 }
1935 goto raw;
1936 }
1937 break;
1938 }
1939
1940 vp->vp_tainted = true;
1941
1942 if (!tag) fr_pair_append(out, vp);
1943
1944 return attr_len;
1945}
1946
1947/*
1948 * Let's try to help the CPU as much as possible. If we have a
1949 * check on a buffer, that's less work than a series of if / then
1950 * / else conditions.
1951 */
1952static const bool special[UINT8_MAX + 1] = {
1953 [FR_NAS_FILTER_RULE] = true, /* magic rules */
1954 [FR_DIGEST_ATTRIBUTES] = true, /* magic rules */
1955
1956 [FR_EAP_MESSAGE] = true, /* concat */
1957 [FR_PKM_SS_CERT] = true, /* concat */
1958 [FR_PKM_CA_CERT] = true, /* concat */
1959 [FR_EAPOL_ANNOUNCEMENT] = true, /* concat */
1960
1961 [FR_EXTENDED_ATTRIBUTE_1] = true,
1962 [FR_EXTENDED_ATTRIBUTE_2] = true,
1963 [FR_EXTENDED_ATTRIBUTE_3] = true,
1964 [FR_EXTENDED_ATTRIBUTE_4] = true,
1965 [FR_EXTENDED_ATTRIBUTE_5] = true,
1966 [FR_EXTENDED_ATTRIBUTE_6] = true,
1967};
1968
1969/** Create a "normal" fr_pair_t from the given data
1970 *
1971 */
1972ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out,
1973 uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
1974{
1975 ssize_t ret;
1976 fr_dict_attr_t const *da;
1977
1978 if ((data_len < 2) || (data[1] < 2) || (data[1] > data_len)) {
1979 fr_strerror_printf("%s: Insufficient data", __FUNCTION__);
1980 return -1;
1981 }
1982
1983 /*
1984 * If we don't have a tag root already, then record where
1985 * we're putting the top level attributes and add the tags
1986 * there.
1987 */
1988 if (!packet_ctx->tag_root) {
1989 packet_ctx->tag_root = out;
1990 packet_ctx->tag_root_ctx = ctx;
1991 }
1992
1993 da = fr_dict_attr_child_by_num(fr_dict_root(dict_radius), data[0]);
1994 if (!da) {
1995 FR_PROTO_TRACE("Unknown attribute %u", data[0]);
1996 da = fr_dict_attr_unknown_raw_afrom_num(packet_ctx->tmp_ctx, fr_dict_root(dict_radius), data[0]);
1997 }
1998 if (!da) return -1;
1999 FR_PROTO_TRACE("decode context changed %s -> %s",da->parent->name, da->name);
2000
2001 /*
2002 * Empty attributes are silently ignored, except for CUI.
2003 */
2004 if (data[1] == 2) {
2005 fr_pair_t *vp;
2006
2007 if (data[0] != FR_CHARGEABLE_USER_IDENTITY) {
2008 return 2;
2009 }
2010
2011 /*
2012 * Hacks for CUI. The WiMAX spec says that it can be
2013 * zero length, even though this is forbidden by the
2014 * RADIUS specs. So... we make a special case for it.
2015 *
2016 * We can't create a zero length attribute,
2017 * because the talloc API won't let us. So, we
2018 * just create a fake attribute.
2019 */
2020 vp = fr_pair_afrom_da(ctx, da);
2021 if (!vp) return -1;
2022 PAIR_ALLOCED(vp);
2023
2024 /*
2025 * Ensure that it has a value.
2026 */
2027 if (fr_pair_value_memdup(vp, (uint8_t const *) "", 0, false) < 0) {
2028 talloc_free(vp);
2029 return -1;
2030 }
2031
2032 fr_pair_append(out, vp);
2033
2034 return 2;
2035 }
2036
2037 /*
2038 * A few attributes are special, but they're rare.
2039 */
2040 if (unlikely(special[data[0]])) {
2041 if (data[0] == FR_NAS_FILTER_RULE) {
2042 return decode_nas_filter_rule(ctx, out, da, data, data_len, packet_ctx);
2043 }
2044
2045 if (data[0] == FR_DIGEST_ATTRIBUTES) {
2046 return decode_digest_attributes(ctx, out, da, data, data_len, packet_ctx);
2047 }
2048
2049 /*
2050 * Concatenate consecutive top-level attributes together.
2051 */
2052 if (fr_radius_flag_concat(da)) {
2053 FR_PROTO_TRACE("Concat attribute");
2054 return decode_concat(ctx, out, da, data, packet_ctx->end);
2055 }
2056
2057 /*
2058 * Extended attributes have a horrible format.
2059 * Try to deal with that here, so that the rest
2060 * of the code doesn't have to.
2061 */
2062 if (fr_radius_flag_extended(da)) {
2063 return decode_extended(ctx, out, da, data, data_len, packet_ctx);
2064 }
2065
2066 /*
2067 * @todo - pre-concatenate WiMAX, if 26, and dv->continuation, too.
2068 */
2069 }
2070
2071 /*
2072 * Note that we pass the entire length, not just the
2073 * length of this attribute. The Extended or WiMAX
2074 * attributes may have the "continuation" bit set, and
2075 * will thus be more than one attribute in length.
2076 */
2077 ret = fr_radius_decode_pair_value(ctx, out,
2078 da, data + 2, data[1] - 2,
2079 packet_ctx);
2080 if (ret < 0) return ret;
2081
2082 fr_assert(ret < (1 << 16));
2083
2084 return 2 + ret;
2085}
2086
2087ssize_t fr_radius_decode_foreign(TALLOC_CTX *ctx, fr_pair_list_t *out,
2088 uint8_t const *data, size_t data_len)
2089{
2090 ssize_t slen;
2091 uint8_t const *attr, *end;
2092
2093 fr_radius_ctx_t common_ctx = {};
2094 fr_radius_decode_ctx_t decode_ctx = {
2095 .common = &common_ctx,
2096 .tmp_ctx = talloc(ctx, uint8_t),
2097 .end = data + data_len,
2098 };
2099
2100 fr_assert(dict_radius != NULL);
2101
2102 attr = data;
2103 end = decode_ctx.end;
2104
2105 while (attr < end) {
2106 slen = fr_radius_decode_pair(ctx, out, attr, (end - attr), &decode_ctx);
2107 if (slen < 0) {
2108// fail:
2109 talloc_free(decode_ctx.tmp_ctx);
2110 talloc_free(decode_ctx.tags);
2111 return slen;
2112 }
2113
2114#if 0
2115 /*
2116 * If slen is larger than the room in the packet,
2117 * all kinds of bad things happen.
2118 */
2119 if (!fr_cond_assert(slen <= (end - attr))) {
2120 goto fail;
2121 }
2122#endif
2123
2124 attr += slen;
2125 talloc_free_children(decode_ctx.tmp_ctx);
2126 }
2127
2128 talloc_free(decode_ctx.tmp_ctx);
2129 talloc_free(decode_ctx.tags);
2130 return data_len;
2131}
2132
2133static int _test_ctx_free(fr_radius_decode_ctx_t *ctx)
2134{
2135 TALLOC_FREE(ctx->tags);
2136
2137 return 0;
2138}
2139
2140static int decode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict,
2141 UNUSED fr_dict_attr_t const *root_da)
2142{
2143 static uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH] = {
2144 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2145 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
2146
2147 fr_radius_decode_ctx_t *test_ctx;
2148 fr_radius_ctx_t *common;
2149
2150 test_ctx = talloc_zero(ctx, fr_radius_decode_ctx_t);
2151 test_ctx->common = common = talloc_zero(test_ctx, fr_radius_ctx_t);
2152
2153 common->secret = talloc_strdup(test_ctx->common, "testing123");
2154 common->secret_length = talloc_array_length(test_ctx->common->secret) - 1;
2155
2156 test_ctx->request_authenticator = vector;
2157 test_ctx->tmp_ctx = talloc_zero(test_ctx, uint8_t);
2158 talloc_set_destructor(test_ctx, _test_ctx_free);
2159
2160 *out = test_ctx;
2161
2162 return 0;
2163}
2164
2165static ssize_t fr_radius_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out,
2166 uint8_t const *data, size_t data_len, void *proto_ctx)
2167{
2168 fr_radius_decode_ctx_t *test_ctx = talloc_get_type_abort(proto_ctx, fr_radius_decode_ctx_t);
2169 fr_radius_decode_fail_t reason;
2170 fr_pair_t *vp;
2171 size_t packet_len = data_len;
2172
2173 if (!fr_radius_ok(data, &packet_len, 200, false, &reason)) {
2174 fr_strerror_printf("Packet failed verification - %s", fr_radius_decode_fail_reason[reason]);
2175 return -1;
2176 }
2177
2178 /*
2179 * Decode the header
2180 */
2181 vp = fr_pair_afrom_da(ctx, attr_packet_type);
2182 if (!vp) {
2183 fr_strerror_const("Failed creating Packet-Type");
2184 return -1;
2185 }
2186 PAIR_ALLOCED(vp);
2187
2188 vp->vp_uint32 = data[0];
2189 fr_pair_append(out, vp);
2190
2191 vp = fr_pair_afrom_da(ctx, attr_packet_authentication_vector);
2192 if (!vp) {
2193 fr_strerror_const("Failed creating Packet-Authentication-Vector");
2194 return -1;
2195 }
2196 PAIR_ALLOCED(vp);
2197
2198 (void) fr_pair_value_memdup(vp, data + 4, 16, true);
2199 fr_pair_append(out, vp);
2200
2201 test_ctx->end = data + packet_len;
2202
2203 return fr_radius_decode(ctx, out, UNCONST(uint8_t *, data), packet_len, test_ctx);
2204}
2205
2206static ssize_t decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, NDEBUG_UNUSED fr_dict_attr_t const *parent,
2207 uint8_t const *data, size_t data_len, void *decode_ctx)
2208{
2209 fr_radius_decode_ctx_t *packet_ctx = decode_ctx;
2210
2211 fr_assert(parent == fr_dict_root(dict_radius));
2212
2213 packet_ctx->end = data + data_len;
2214 return fr_radius_decode_pair(ctx, out, data, data_len, decode_ctx);
2215}
2216
2217
2218/*
2219 * Test points
2220 */
2221extern fr_test_point_pair_decode_t radius_tp_decode_pair;
2226
2227extern fr_test_point_proto_decode_t radius_tp_decode_proto;
fr_radius_decode_abinary
ssize_t fr_radius_decode_abinary(fr_pair_t *vp, uint8_t const *data, size_t data_len)
Print an Ascend binary filter attribute to a string,.
Definition abinary.c:1316
buffer
static int const char char buffer[256]
Definition acutest.h:578
n
int n
Definition acutest.h:579
UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:167
RCSID
#define RCSID(id)
Definition build.h:487
NDEBUG_UNUSED
#define NDEBUG_UNUSED
Definition build.h:328
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
unlikely
#define unlikely(_x)
Definition build.h:383
UNUSED
#define UNUSED
Definition build.h:317
FR_DBUFF_TMP
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:524
fr_cond_assert
#define fr_cond_assert(_x)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:131
FR_DIGEST_ATTRIBUTES
#define FR_DIGEST_ATTRIBUTES
Definition defs.h:110
attr_packet_type
static fr_dict_attr_t const * attr_packet_type
Definition dhcpclient.c:89
fr_dict_vendor_t::continuation
bool continuation
we only have one flag for now, for WiMAX
Definition dict.h:273
fr_dict_vendor_t::type
size_t type
Length of type data.
Definition dict.h:274
fr_dict_protocol_t::decode
fr_dict_attr_decode_func_t decode
for decoding attributes.
Definition dict.h:489
fr_dict_attr_unknown_vendor_afrom_num
static fr_dict_attr_t * fr_dict_attr_unknown_vendor_afrom_num(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, unsigned int vendor)
Definition dict.h:606
fr_dict_protocol
fr_dict_protocol_t const * fr_dict_protocol(fr_dict_t const *dict)
Return the protocol descriptor for the dictionary.
Definition dict_util.c:5268
fr_dict_attr_unknown_raw_afrom_num
static fr_dict_attr_t * fr_dict_attr_unknown_raw_afrom_num(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, unsigned int attr)
Definition dict.h:613
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2672
fr_dict_vendor_t::pen
uint32_t pen
Private enterprise number.
Definition dict.h:272
fr_dict_attr_unknown_free
void fr_dict_attr_unknown_free(fr_dict_attr_t const **da)
Free dynamically allocated (unknown attributes)
Definition dict_unknown.c:233
fr_dict_vendor_t::length
size_t length
Length of length data.
Definition dict.h:275
fr_dict_attr_unknown_typed_afrom_num
static fr_dict_attr_t * fr_dict_attr_unknown_typed_afrom_num(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, unsigned int num, fr_type_t type)
Definition dict.h:598
fr_dict_vendor_by_num
fr_dict_vendor_t const * fr_dict_vendor_by_num(fr_dict_t const *dict, uint32_t vendor_pen)
Look up a vendor by its PEN.
Definition dict_util.c:2952
fr_dict_attr_child_by_num
fr_dict_attr_t const * fr_dict_attr_child_by_num(fr_dict_attr_t const *parent, unsigned int attr)
Check if a child attribute exists in a parent using an attribute number.
Definition dict_util.c:3600
fr_dict_protocol_t
Protocol-specific callbacks in libfreeradius-PROTOCOL.
Definition dict.h:457
fr_dict_vendor_t
Private enterprise.
Definition dict.h:271
fr_dict_attr_ref
static fr_dict_attr_t const * fr_dict_attr_ref(fr_dict_attr_t const *da)
Return the reference associated with a group type attribute.
Definition dict_ext.h:148
talloc_free
talloc_free(hp)
PAIR_DECODE_OOM
#define PAIR_DECODE_OOM
Fatal error - Out of memory.
Definition pair.h:45
PAIR_DECODE_FATAL_ERROR
#define PAIR_DECODE_FATAL_ERROR
Fatal error - Failed decoding the packet.
Definition pair.h:49
_test_ctx_free
static int _test_ctx_free(UNUSED fr_aka_sim_ctx_t *ctx)
Definition decode.c:1004
fr_pair_tlvs_from_network
ssize_t fr_pair_tlvs_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx, fr_pair_decode_value_t decode_tlv, fr_pair_tlvs_verify_t verify_tlvs, bool nested)
Decode a list of pairs from the network.
Definition decode.c:149
fr_pair_raw_from_network
ssize_t fr_pair_raw_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *da, uint8_t const *data, size_t data_len)
Create a "raw" pair from malformed network data.
Definition decode.c:79
fr_pair_array_from_network
ssize_t fr_pair_array_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx, fr_pair_decode_value_t decode_value)
Decode an array of values from the network.
Definition decode.c:41
zero
static const uint8_t * zero
Definition md4.c:357
fr_md5_ctx_free_from_list
void fr_md5_ctx_free_from_list(fr_md5_ctx_t **ctx)
Free function for MD5 digest ctx.
Definition md5.c:509
fr_md5_ctx_alloc_from_list
fr_md5_ctx_t * fr_md5_ctx_alloc_from_list(void)
Allocation function for MD5 digest context.
Definition md5.c:464
fr_md5_final
#define fr_md5_final(_out, _ctx)
Finalise the ctx, producing the digest.
Definition md5.h:93
fr_md5_ctx_copy
#define fr_md5_ctx_copy(_dst, _src)
Copy the contents of a ctx.
Definition md5.h:63
fr_md5_ctx_t
void fr_md5_ctx_t
Definition md5.h:28
fr_md5_update
#define fr_md5_update(_ctx, _in, _inlen)
Ingest plaintext into the digest.
Definition md5.h:86
fr_radius_ok
bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason)
Definition merged_model.c:253
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_IPV6_PREFIX
@ FR_TYPE_IPV6_PREFIX
IPv6 Prefix.
Definition merged_model.c:89
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition merged_model.c:119
FR_TYPE_VENDOR
@ FR_TYPE_VENDOR
Attribute that represents a vendor in the attribute tree.
Definition merged_model.c:122
FR_TYPE_IPV4_PREFIX
@ FR_TYPE_IPV4_PREFIX
IPv4 Prefix.
Definition merged_model.c:87
FR_TYPE_VSA
@ FR_TYPE_VSA
Vendor-Specific, for RADIUS attribute 26.
Definition merged_model.c:121
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
UINT8_MAX
#define UINT8_MAX
Definition merged_model.c:32
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
decode
static fr_radius_decode_fail_t decode(TALLOC_CTX *ctx, fr_pair_list_t *reply, uint8_t *response_code, bio_handle_t *h, request_t *request, bio_request_t *u, uint8_t const request_authenticator[static RADIUS_AUTH_VECTOR_LENGTH], uint8_t *data, size_t data_len)
Decode response packet data, extracting relevant information and validating the packet.
Definition bio.c:1192
RADIUS_AUTH_VECTOR_LENGTH
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89
fr_pair_value_memdup
int fr_pair_value_memdup(fr_pair_t *vp, uint8_t const *src, size_t len, bool tainted)
Copy data into an "octets" data type.
Definition pair.c:2945
fr_pair_append
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1349
fr_pair_afrom_da
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:290
fr_pair_list_init
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
Definition pair.c:46
fr_pair_value_bstrndup
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
Definition pair.c:2795
fr_pair_delete
int fr_pair_delete(fr_pair_list_t *list, fr_pair_t *vp)
Remove fr_pair_t from a list and free.
Definition pair.c:1830
fr_pair_value_mem_alloc
int fr_pair_value_mem_alloc(fr_pair_t *vp, uint8_t **out, size_t size, bool tainted)
Pre-allocate a memory buffer for a "octets" type value pair.
Definition pair.c:2894
fr_pair_afrom_da_nested
fr_pair_t * fr_pair_afrom_da_nested(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *da)
Create a pair (and all intermediate parents), and append it to the list.
Definition pair.c:475
decode_test_ctx
static int decode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict, UNUSED fr_dict_attr_t const *root_da)
Definition decode.c:102
decode_value_trampoline
static ssize_t decode_value_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
Handle arrays of DNS labels for fr_struct_from_network()
Definition decode.c:70
decode_vsa
static ssize_t decode_vsa(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
RFC 4243 Vendor Specific Suboptions.
Definition decode.c:369
decode_tlv_trampoline
static ssize_t decode_tlv_trampoline(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
Definition decode.c:57
decode_pair
static ssize_t decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, NDEBUG_UNUSED fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx)
Definition decode.c:491
attr_packet_authentication_vector
HIDDEN fr_dict_attr_t const * attr_packet_authentication_vector
Definition base.c:56
fr_radius_ascend_secret
ssize_t fr_radius_ascend_secret(fr_dbuff_t *dbuff, uint8_t const *in, size_t inlen, char const *secret, size_t secret_len, uint8_t const *vector)
Do Ascend-Send / Recv-Secret calculation.
Definition base.c:251
fr_radius_decode
ssize_t fr_radius_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, fr_radius_decode_ctx_t *decode_ctx)
Definition base.c:1104
fr_radius_decode_fail_reason
char const * fr_radius_decode_fail_reason[FR_RADIUS_FAIL_MAX+1]
Definition base.c:508
radius_tp_decode_proto
fr_test_point_proto_decode_t radius_tp_decode_proto
Definition decode.c:2228
fr_radius_decode_foreign
ssize_t fr_radius_decode_foreign(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len)
Definition decode.c:2087
decode_concat
static ssize_t decode_concat(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *parent, uint8_t const *data, uint8_t const *end)
Convert a "concatenated" attribute to one long VP.
Definition decode.c:338
decode_extended
static ssize_t decode_extended(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *da, uint8_t const *data, UNUSED size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Fast path for most extended attributes.
Definition decode.c:955
decode_digest_attributes
static ssize_t decode_digest_attributes(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
Decode Digest-Attributes.
Definition decode.c:597
decode_wimax
static ssize_t decode_wimax(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t attr_len, fr_radius_decode_ctx_t *packet_ctx)
Convert a Vendor-Specific WIMAX to vps.
Definition decode.c:1039
fr_radius_decode_tlv
ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Convert TLVs to one or more VPs.
Definition decode.c:648
radius_tp_decode_pair
fr_test_point_pair_decode_t radius_tp_decode_pair
Definition decode.c:2222
decode_value
#define decode_value
Definition decode.c:407
memcpy_bounded
static void memcpy_bounded(void *restrict dst, const void *restrict src, size_t n, const void *restrict end)
Definition decode.c:42
fr_radius_decode_password
static ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, fr_radius_decode_ctx_t *packet_ctx)
Decode password.
Definition decode.c:191
fr_radius_decode_pair_value
ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const attr_len, void *decode_ctx)
Create any kind of VP from the attribute contents.
Definition decode.c:1479
decode_extended_fragments
static ssize_t decode_extended_fragments(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t attr_len, fr_radius_decode_ctx_t *packet_ctx)
Convert a fragmented extended attr to a VP.
Definition decode.c:850
special
static const bool special[UINT8_MAX+1]
Definition decode.c:1952
fr_radius_decode_tlv_ok
int fr_radius_decode_tlv_ok(uint8_t const *data, size_t length, size_t dv_type, size_t dv_length)
Check if a set of RADIUS formatted TLVs are OK.
Definition decode.c:246
fr_radius_decode_pair
ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Create a "normal" fr_pair_t from the given data.
Definition decode.c:1972
decode_vsa_internal
static ssize_t decode_vsa_internal(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx, fr_dict_vendor_t const *dv)
Convert a top-level VSA to a VP.
Definition decode.c:728
decode_rfc
static ssize_t decode_rfc(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, void *decode_ctx)
decode an RFC-format TLV
Definition decode.c:412
decode_nas_filter_rule
static ssize_t decode_nas_filter_rule(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t const data_len, fr_radius_decode_ctx_t *packet_ctx)
Decode NAS-Filter-Rule.
Definition decode.c:481
fr_radius_decode_tunnel_password
static ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, fr_radius_decode_ctx_t *packet_ctx)
Decode Tunnel-Password encrypted attributes.
Definition decode.c:70
fr_radius_decode_proto
static ssize_t fr_radius_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, void *proto_ctx)
Definition decode.c:2165
attrs.h
VQP attributes.
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
dict_radius
static fr_dict_t const * dict_radius
Definition radclient-ng.c:107
done
static bool done
Definition radclient.c:83
fr_radius_tag_ctx_t::parent
fr_pair_t * parent
Definition radius.h:122
fr_radius_decode_ctx_t::tags
fr_radius_tag_ctx_t ** tags
for decoding tagged attributes
Definition radius.h:176
fr_radius_flag_concat
#define fr_radius_flag_concat(_da)
Definition radius.h:207
fr_radius_flag_has_tag
#define fr_radius_flag_has_tag(_da)
Definition radius.h:206
fr_radius_decode_ctx_t::request_authenticator
uint8_t const * request_authenticator
Definition radius.h:162
AUTH_PASS_LEN
#define AUTH_PASS_LEN
Definition radius.h:54
fr_radius_decode_fail_t
fr_radius_decode_fail_t
Failure reasons.
Definition radius.h:90
fr_radius_ctx_t::secret
char const * secret
Definition radius.h:127
fr_radius_decode_ctx_t::end
uint8_t const * end
end of the packet
Definition radius.h:165
RADIUS_MAX_STRING_LENGTH
#define RADIUS_MAX_STRING_LENGTH
Definition radius.h:35
fr_radius_flag_encrypted
#define fr_radius_flag_encrypted(_da)
Definition radius.h:209
fr_radius_flag_extended
static bool fr_radius_flag_extended(fr_dict_attr_t const *da)
Definition radius.h:211
fr_radius_decode_ctx_t::tag_root_ctx
TALLOC_CTX * tag_root_ctx
Where to allocate new tag attributes.
Definition radius.h:178
fr_radius_ctx_t::secret_length
size_t secret_length
Definition radius.h:128
fr_radius_decode_ctx_t::common
fr_radius_ctx_t const * common
Definition radius.h:160
fr_radius_flag_long_extended
#define fr_radius_flag_long_extended(_da)
Definition radius.h:218
fr_radius_attr_flags_encrypt_t
fr_radius_attr_flags_encrypt_t
Definition radius.h:181
RADIUS_FLAG_ENCRYPT_USER_PASSWORD
@ RADIUS_FLAG_ENCRYPT_USER_PASSWORD
Encrypt attribute RFC 2865 style.
Definition radius.h:184
RADIUS_FLAG_ENCRYPT_ASCEND_SECRET
@ RADIUS_FLAG_ENCRYPT_ASCEND_SECRET
Encrypt attribute ascend style.
Definition radius.h:186
RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD
@ RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD
Encrypt attribute RFC 2868 style.
Definition radius.h:185
fr_radius_flag_abinary
#define fr_radius_flag_abinary(_da)
Definition radius.h:208
fr_radius_decode_ctx_t::tunnel_password_zeros
bool tunnel_password_zeros
check for trailing zeros on decode
Definition radius.h:171
fr_radius_decode_ctx_t::tmp_ctx
TALLOC_CTX * tmp_ctx
for temporary things cleaned up during decoding
Definition radius.h:164
fr_radius_decode_ctx_t::tag_root
fr_pair_list_t * tag_root
Where to insert tag attributes.
Definition radius.h:177
fr_radius_ctx_t
Definition radius.h:126
fr_radius_decode_ctx_t
Definition radius.h:159
fr_radius_tag_ctx_t
Definition radius.h:121
attr_vendor_specific
static fr_dict_attr_t const * attr_vendor_specific
Definition radsnmp.c:115
vp
fr_pair_t * vp
Definition state_machine.c:2293
fr_struct_from_network
ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx, fr_pair_decode_value_t decode_value, fr_pair_decode_value_t decode_tlv)
Convert a STRUCT to one or more VPs.
Definition struct.c:32
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_test_point_pair_decode_t::test_ctx
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:86
fr_test_point_proto_decode_t::test_ctx
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:68
fr_test_point_pair_decode_t
Entry point for pair decoders.
Definition test_point.h:85
fr_test_point_proto_decode_t
Entry point for protocol decoders.
Definition test_point.h:67
head
static fr_slen_t head
Definition xlat.h:420
PAIR_ALLOCED
#define PAIR_ALLOCED(_x)
Definition pair.h:212
fr_pair_find_or_append_by_da
static int fr_pair_find_or_append_by_da(TALLOC_CTX *ctx, fr_pair_t **out, fr_pair_list_t *list, fr_dict_attr_t const *da)
Definition pair.h:541
fr_pair_list_free
void fr_pair_list_free(fr_pair_list_t *list)
Free memory used by a valuepair list.
Definition pair_inline.c:112
fr_pair_list_append
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
Definition pair_inline.c:181
fr_pair_list_num_elements
size_t fr_pair_list_num_elements(fr_pair_list_t const *list)
Get the length of a list of fr_pair_t.
Definition pair_inline.c:150
parent
static fr_slen_t parent
Definition pair.h:859
FR_PROTO_HEX_DUMP
#define FR_PROTO_HEX_DUMP(_data, _data_len, _fmt,...)
Definition proto.h:42
FR_PROTO_TRACE
#define FR_PROTO_TRACE(_fmt,...)
Definition proto.h:41
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:553
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:455
FR_TYPE_LEAF
#define FR_TYPE_LEAF
Definition types.h:318
fr_value_box_from_network
ssize_t fr_value_box_from_network(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t type, fr_dict_attr_t const *enumv, fr_dbuff_t *dbuff, size_t len, bool tainted)
Decode a fr_value_box_t from serialized binary data.
Definition value.c:1922
fr_value_box_ipaddr_from_network
ssize_t fr_value_box_ipaddr_from_network(fr_value_box_t *dst, fr_type_t type, fr_dict_attr_t const *enumv, int prefix_len, uint8_t const *data, size_t data_len, bool fixed, bool tainted)
Decode a fr_value_box_t of type IP address / prefix.
Definition value.c:2326
data
static fr_slen_t data
Definition value.h:1334
nonnull
int nonnull(2, 5))
out
static size_t char ** out
Definition value.h:1024
Generated by   doxygen 1.9.8