The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
encode.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 867e4b9f31da734d906127e240bea5d2bcb38342 $
19 *
20 * @file protocols/radius/encode.c
21 * @brief Functions to encode RADIUS attributes
22 *
23 * @copyright 2000-2003,2006-2015 The FreeRADIUS server project
24 */
26RCSID("$Id: 867e4b9f31da734d906127e240bea5d2bcb38342 $")
27
28#include <freeradius-devel/util/dbuff.h>
29#include <freeradius-devel/util/md5.h>
30#include <freeradius-devel/util/struct.h>
31#include <freeradius-devel/io/test_point.h>
32#include <freeradius-devel/protocol/radius/freeradius.internal.h>
33#include "attrs.h"
34
35#define TAG_VALID(x) ((x) > 0 && (x) < 0x20)
36
37static ssize_t encode_value(fr_dbuff_t *dbuff,
38 fr_da_stack_t *da_stack, unsigned int depth,
39 fr_dcursor_t *cursor, void *encode_ctx);
40
41static ssize_t encode_child(fr_dbuff_t *dbuff,
42 fr_da_stack_t *da_stack, unsigned int depth,
43 fr_dcursor_t *cursor, void *encode_ctx);
44
45/** "encrypt" a password RADIUS style
46 *
47 * Input and output buffers can be identical if in-place encryption is needed.
48 */
50{
51 fr_md5_ctx_t *md5_ctx, *md5_ctx_old;
53 uint8_t passwd[RADIUS_MAX_PASS_LENGTH] = {0};
54 size_t i, n;
55 size_t len;
56
57 /*
58 * If the length is zero, round it up.
59 */
60 len = inlen;
61
63
64 (void) fr_dbuff_out_memcpy(passwd, input, len);
65 if (len < sizeof(passwd)) memset(passwd + len, 0, sizeof(passwd) - len);
66
67 if (len == 0) len = AUTH_PASS_LEN;
68 else if ((len & 0x0f) != 0) {
69 len += 0x0f;
70 len &= ~0x0f;
71 }
72
74 md5_ctx_old = fr_md5_ctx_alloc_from_list();
75
76 fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length);
77 fr_md5_ctx_copy(md5_ctx_old, md5_ctx);
78
79 /*
80 * Do first pass.
81 */
83
84 for (n = 0; n < len; n += AUTH_PASS_LEN) {
85 if (n > 0) {
86 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
87 fr_md5_update(md5_ctx, passwd + n - AUTH_PASS_LEN, AUTH_PASS_LEN);
88 }
89
90 fr_md5_final(digest, md5_ctx);
91 for (i = 0; i < AUTH_PASS_LEN; i++) passwd[i + n] ^= digest[i];
92 }
93
95 fr_md5_ctx_free_from_list(&md5_ctx_old);
96
97 return fr_dbuff_in_memcpy(dbuff, passwd, len);
98}
99
100
102{
103 fr_md5_ctx_t *md5_ctx, *md5_ctx_old;
106 size_t i, n;
107 uint32_t r;
108 size_t output_len, encrypted_len, padding;
109 ssize_t slen;
111
112 /*
113 * Limit the maximum size of the input password. 2 bytes
114 * are taken up by the salt, and one by the encoded
115 * "length" field.
116 */
117 if (inlen > (RADIUS_MAX_STRING_LENGTH - 3)) {
118 fail:
119 fr_strerror_const("Input password is too large for tunnel password encoding");
120 return -(inlen + 3);
121 }
122
123 /*
124 * Length of the encrypted data is the clear-text
125 * password length plus one byte which encodes the length
126 * of the password. We round up to the nearest encoding
127 * block, and bound it by the size of the output buffer,
128 * while accounting for 2 bytes of salt.
129 *
130 * And also ensuring that we don't truncate the input
131 * password.
132 */
133 encrypted_len = ROUND_UP(inlen + 1, 16);
134 if (encrypted_len > (RADIUS_MAX_STRING_LENGTH - 2)) encrypted_len = (RADIUS_MAX_STRING_LENGTH - 2);
135
136 /*
137 * Get the number of padding bytes in the last block.
138 */
139 padding = encrypted_len - (inlen + 1);
140
141 output_len = encrypted_len + 2; /* account for the salt */
142
143 /*
144 * We will have up to 253 octets of data in the output
145 * buffer, some of which are padding.
146 *
147 * If we over-run the output buffer, see if we can drop
148 * some of the padding bytes. If not, we return an error
149 * instead of truncating the password.
150 *
151 * Otherwise we lower the amount of data we copy into the
152 * output buffer, because the last bit is just padding,
153 * and can be safely discarded.
154 */
155 slen = fr_dbuff_set(&work_dbuff, output_len);
156 if (slen < 0) {
157 if (((size_t) -slen) > padding) goto fail;
158
159 output_len += slen;
160 }
161 fr_dbuff_set_to_start(&work_dbuff);
162
163 /*
164 * Copy the password over, and fill the remainder with random data.
165 */
166 (void) fr_dbuff_out_memcpy(tpasswd + 3, in, inlen);
167
168 for (i = 3 + inlen; i < sizeof(tpasswd); i++) {
169 tpasswd[i] = fr_fast_rand(&packet_ctx->rand_ctx);
170 }
171
172 /*
173 * Generate salt. The RFCs say:
174 *
175 * The high bit of salt[0] must be set, each salt in a
176 * packet should be unique, and they should be random
177 *
178 * So, we set the high bit, add in a counter, and then
179 * add in some PRNG data. should be OK..
180 */
181 r = fr_fast_rand(&packet_ctx->rand_ctx);
182 tpasswd[0] = (0x80 | (((packet_ctx->salt_offset++) & 0x07) << 4) | ((r >> 8) & 0x0f));
183 tpasswd[1] = r & 0xff;
184 tpasswd[2] = inlen; /* length of the password string */
185
186 md5_ctx = fr_md5_ctx_alloc_from_list();
187 md5_ctx_old = fr_md5_ctx_alloc_from_list();
188
189 fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->common->secret, packet_ctx->common->secret_length);
190 fr_md5_ctx_copy(md5_ctx_old, md5_ctx);
191
193 fr_md5_update(md5_ctx, &tpasswd[0], 2);
194
195 /*
196 * Do various hashing, and XOR the length+password with
197 * the output of the hash blocks.
198 */
199 for (n = 0; n < encrypted_len; n += AUTH_PASS_LEN) {
200 size_t block_len;
201
202 if (n > 0) {
203 fr_md5_ctx_copy(md5_ctx, md5_ctx_old);
204 fr_md5_update(md5_ctx, tpasswd + 2 + n - AUTH_PASS_LEN, AUTH_PASS_LEN);
205 }
206 fr_md5_final(digest, md5_ctx);
207
208 block_len = encrypted_len - n;
209 if (block_len > AUTH_PASS_LEN) block_len = AUTH_PASS_LEN;
210
211#ifdef __COVERITY__
212 /*
213 * Coverity is not doing the calculations correctly - it doesn't see
214 * that setting block_len = encrypted_len - n puts a safe boundary
215 * on block_len so the access to tpasswd won't overflow.
216 */
217 if ((block_len + 2 + n) > RADIUS_MAX_STRING_LENGTH) {
218 block_len = RADIUS_MAX_STRING_LENGTH - n - 3;
219 }
220#endif
221 for (i = 0; i < block_len; i++) tpasswd[i + 2 + n] ^= digest[i];
222 }
223
225 fr_md5_ctx_free_from_list(&md5_ctx_old);
226
227 FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, tpasswd, output_len);
228
229 return fr_dbuff_set(dbuff, &work_dbuff);
230}
231
232/*
233 * Encode the contents of an attribute of type TLV.
234 */
236 fr_da_stack_t *da_stack, unsigned int depth,
237 fr_dcursor_t *cursor, void *encode_ctx)
238{
239 ssize_t slen;
240 fr_pair_t const *vp = fr_dcursor_current(cursor);
241 fr_dict_attr_t const *da = da_stack->da[depth];
243
244 for (;;) {
245 FR_PROTO_STACK_PRINT(da_stack, depth);
246
247 /*
248 * This attribute carries sub-TLVs. The sub-TLVs
249 * can only carry a total of 253 bytes of data.
250 */
251
252 /*
253 * Determine the nested type and call the appropriate encoder
254 */
255 if (!da_stack->da[depth + 1]) {
256 fr_dcursor_t child_cursor;
257
258 if (vp->da != da_stack->da[depth]) {
259 fr_strerror_printf("%s: Can't encode empty TLV", __FUNCTION__);
260 return 0;
261 }
262
263 fr_pair_dcursor_child_iter_init(&child_cursor, &vp->vp_group, cursor);
264 vp = fr_dcursor_current(&child_cursor);
265 fr_proto_da_stack_build(da_stack, vp->da);
266
267 /*
268 * Call ourselves recursively to encode children.
269 */
270 slen = encode_tlv(&work_dbuff, da_stack, depth, &child_cursor, encode_ctx);
271 if (slen < 0) return slen;
272
273 vp = fr_dcursor_next(cursor);
274 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
275
276 } else {
277 slen = encode_child(&work_dbuff, da_stack, depth + 1, cursor, encode_ctx);
278 }
279 if (slen < 0) return slen;
280
281 /*
282 * If nothing updated the attribute, stop
283 */
284 if (!fr_dcursor_current(cursor) || (vp == fr_dcursor_current(cursor))) break;
285
286 /*
287 * We can encode multiple sub TLVs, if after
288 * rebuilding the TLV Stack, the attribute
289 * at this depth is the same.
290 */
291 if ((da != da_stack->da[depth]) || (da_stack->depth < da->depth)) break;
292 vp = fr_dcursor_current(cursor);
293 }
294
295 return fr_dbuff_set(dbuff, &work_dbuff);
296}
297
298static ssize_t encode_pairs(fr_dbuff_t *dbuff, fr_pair_list_t const *vps, void *encode_ctx)
299{
300 ssize_t slen;
301 fr_pair_t const *vp;
302 fr_dcursor_t cursor;
303
304 /*
305 * Note that we skip tags inside of tags!
306 */
308 while ((vp = fr_dcursor_current(&cursor))) {
310
311 /*
312 * Encode an individual VP
313 */
314 slen = fr_radius_encode_pair(dbuff, &cursor, encode_ctx);
315 if (slen < 0) return slen;
316 }
317
318 return fr_dbuff_used(dbuff);
319}
320
321
322/** Encodes the data portion of an attribute
323 *
324 * @return
325 * > 0, Length of the data portion.
326 * = 0, we could not encode anything, skip this attribute (and don't encode the header)
327 * unless it's one of a list of exceptions.
328 * < 0, How many additional bytes we'd need as a negative integer.
329 * PAIR_ENCODE_FATAL_ERROR - Abort encoding the packet.
330 */
332 fr_da_stack_t *da_stack, unsigned int depth,
333 fr_dcursor_t *cursor, void *encode_ctx)
334{
335 ssize_t slen;
336 size_t len;
337 fr_pair_t const *vp = fr_dcursor_current(cursor);
338 fr_dict_attr_t const *da = da_stack->da[depth];
340 fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
341 fr_dbuff_t value_dbuff;
342 fr_dbuff_marker_t value_start, src, dest;
343 bool encrypted = false;
344
346 FR_PROTO_STACK_PRINT(da_stack, depth);
347
348 /*
349 * TLVs are just another type of value.
350 */
351 if (da->type == FR_TYPE_TLV) return encode_tlv(dbuff, da_stack, depth, cursor, encode_ctx);
352
353 if (da->type == FR_TYPE_GROUP) return fr_pair_ref_to_network(dbuff, da_stack, depth, cursor);
354
355 /*
356 * Catch errors early on.
357 */
358 if (fr_radius_flag_encrypted(vp->da) && !packet_ctx) {
359 fr_strerror_const("Asked to encrypt attribute, but no packet context provided");
361 }
362
363 /*
364 * This has special requirements.
365 */
366 if ((vp->vp_type == FR_TYPE_STRUCT) || (da->type == FR_TYPE_STRUCT)) {
367 slen = fr_struct_to_network(&work_dbuff, da_stack, depth, cursor, encode_ctx, encode_value, encode_child);
368 if (slen <= 0) return slen;
369
370 vp = fr_dcursor_current(cursor);
371 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
372 return fr_dbuff_set(dbuff, &work_dbuff);
373 }
374
375 /*
376 * If it's not a TLV, it should be a value type RFC
377 * attribute make sure that it is.
378 */
379 if (da_stack->da[depth + 1] != NULL) {
380 fr_strerror_printf("%s: Encoding value but not at top of stack", __FUNCTION__);
382 }
383
384 if (vp->da != da) {
385 fr_strerror_printf("%s: Top of stack does not match vp->da", __FUNCTION__);
387 }
388
389 if (fr_type_is_structural(da->type)) {
390 fr_strerror_printf("%s: Called with structural type %s", __FUNCTION__,
391 fr_type_to_str(da_stack->da[depth]->type));
393 }
394
395 /*
396 * Write tag byte
397 *
398 * The Tag field is one octet in length and is intended to provide a
399 * means of grouping attributes in the same packet which refer to the
400 * same tunnel. If the value of the Tag field is greater than 0x00
401 * and less than or equal to 0x1F, it SHOULD be interpreted as
402 * indicating which tunnel (of several alternatives) this attribute
403 * pertains. If the Tag field is greater than 0x1F, it SHOULD be
404 * interpreted as the first byte of the following String field.
405 *
406 * If the first byte of the string value looks like a
407 * tag, then we always encode a tag byte, even one that
408 * is zero.
409 */
410 if ((vp->vp_type == FR_TYPE_STRING) && fr_radius_flag_has_tag(vp->da)) {
411 if (packet_ctx->tag) {
412 FR_DBUFF_IN_RETURN(&work_dbuff, (uint8_t)packet_ctx->tag);
413 } else if (TAG_VALID(vp->vp_strvalue[0])) {
414 FR_DBUFF_IN_RETURN(&work_dbuff, (uint8_t)0x00);
415 }
416 }
417
418 /*
419 * Starting here is a value that may require encryption.
420 */
421 value_dbuff = FR_DBUFF(&work_dbuff);
422 fr_dbuff_marker(&value_start, &value_dbuff);
423 fr_dbuff_marker(&src, &value_dbuff);
424 fr_dbuff_marker(&dest, &value_dbuff);
425
426 switch (vp->vp_type) {
427 /*
428 * IPv4 addresses are normal, but IPv6 addresses are special to RADIUS.
429 */
431 if (vp->vp_ip.af == AF_INET) goto encode;
433
434 /*
435 * Common encoder might add scope byte, which we don't want.
436 */
438 FR_DBUFF_IN_MEMCPY_RETURN(&value_dbuff, vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
439 break;
440
442 if (vp->vp_ip.af == AF_INET) goto ipv4_prefix;
444
445 /*
446 * Common encoder doesn't add reserved byte
447 */
449 len = fr_bytes_from_bits(vp->vp_ip.prefix);
450 FR_DBUFF_IN_BYTES_RETURN(&value_dbuff, 0x00, vp->vp_ip.prefix);
451 /* Only copy the minimum number of address bytes required */
452 FR_DBUFF_IN_MEMCPY_RETURN(&value_dbuff, (uint8_t const *)vp->vp_ipv6addr, len);
453 break;
454
455 /*
456 * Common encoder doesn't add reserved byte
457 */
459 ipv4_prefix:
460 FR_DBUFF_IN_BYTES_RETURN(&value_dbuff, 0x00, vp->vp_ip.prefix);
461 FR_DBUFF_IN_MEMCPY_RETURN(&value_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
462 break;
463
464 /*
465 * Special handling for "abinary". Otherwise, fall
466 * through to using the common encoder.
467 */
468 case FR_TYPE_STRING:
469 if (fr_radius_flag_abinary(da)) {
470 slen = fr_radius_encode_abinary(vp, &value_dbuff);
471 if (slen <= 0) return slen;
472 break;
473 }
475
476 case FR_TYPE_OCTETS:
477
478 /*
479 * Simple data types use the common encoder.
480 */
481 default:
482 encode:
483 slen = fr_value_box_to_network(&value_dbuff, &vp->data);
484 if (slen < 0) return slen;
485 break;
486 }
487
488 /*
489 * No data: don't encode the value. The type and length should still
490 * be written.
491 */
492 if (fr_dbuff_used(&value_dbuff) == 0) {
493 return_0:
494 vp = fr_dcursor_next(cursor);
495 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
496 return 0;
497 }
498
499 /*
500 * Encrypt the various password styles
501 *
502 * Attributes with encrypted values MUST be less than
503 * 128 bytes long.
504 */
505 switch (fr_radius_flag_encrypted(da)) {
507 /*
508 * Encode the password in place
509 */
510 slen = encode_password(&work_dbuff, &value_start, fr_dbuff_used(&value_dbuff), packet_ctx);
511 if (slen < 0) return slen;
512 encrypted = true;
513 break;
514
516 {
517 bool has_tag = fr_radius_flag_has_tag(vp->da);
518
519 if (packet_ctx->disallow_tunnel_passwords) {
520 fr_strerror_const("Attributes with 'encrypt=Tunnel-Password' set cannot go into this packet.");
521 goto return_0;
522 }
523
524 /*
525 * Always encode the tag even if it's zero.
526 *
527 * The Tunnel-Password uses 2 salt fields which
528 * MAY have any value. As a result, we always
529 * encode a tag. If we would omit the tag, then
530 * perhaps one of the salt fields could be
531 * mistaken for the tag.
532 */
533 if (has_tag) fr_dbuff_advance(&work_dbuff, 1);
534
535 slen = encode_tunnel_password(&work_dbuff, &value_start, fr_dbuff_used(&value_dbuff), packet_ctx);
536 if (slen < 0) {
537 fr_strerror_printf("%s too long", vp->da->name);
538 return slen - has_tag;
539 }
540
541 /*
542 * Do this after so we don't mess up the input
543 * value.
544 */
545 if (has_tag) {
546 fr_dbuff_set_to_start(&value_start);
547 fr_dbuff_in(&value_start, (uint8_t) 0x00);
548 }
549 encrypted = true;
550 }
551 break;
552
553 /*
554 * The code above ensures that this attribute
555 * always fits.
556 */
558 /*
559 * @todo radius decoding also uses fr_radius_ascend_secret() (Vernam cipher
560 * is its own inverse). As part of converting decode, make sure the caller
561 * there can pass a marker so we can use it here, too.
562 */
563 slen = fr_radius_ascend_secret(&work_dbuff, fr_dbuff_current(&value_start), fr_dbuff_used(&value_dbuff),
564 packet_ctx->common->secret, packet_ctx->request_authenticator);
565 if (slen < 0) return slen;
566 encrypted = true;
567 break;
568
570 break;
571
573 fr_strerror_const("Invalid encryption type");
575 }
576
577 if (!encrypted) {
578 fr_dbuff_set(&work_dbuff, &value_dbuff);
579 fr_dbuff_set(&value_start, fr_dbuff_start(&value_dbuff));
580 }
581
582 /*
583 * High byte of 32bit integers gets set to the tag
584 * value.
585 *
586 * The Tag field is one octet in length and is intended to provide a
587 * means of grouping attributes in the same packet which refer to the
588 * same tunnel. Valid values for this field are 0x01 through 0x1F,
589 * inclusive. If the Tag field is unused, it MUST be zero (0x00).
590 */
591 if ((vp->vp_type == FR_TYPE_UINT32) && fr_radius_flag_has_tag(vp->da)) {
592 uint8_t msb = 0;
593 /*
594 * Only 24bit integers are allowed here
595 */
596 fr_dbuff_set(&src, &value_start);
597 (void) fr_dbuff_out(&msb, &src);
598 if (msb != 0) {
599 fr_strerror_const("Integer overflow for tagged uint32 attribute");
600 goto return_0;
601 }
602 fr_dbuff_set(&dest, &value_start);
603 fr_dbuff_in(&dest, packet_ctx->tag);
604 }
605
606 FR_PROTO_HEX_DUMP(fr_dbuff_start(&work_dbuff), fr_dbuff_used(&work_dbuff), "value %s",
607 fr_type_to_str(vp->vp_type));
608
609 /*
610 * Rebuilds the TLV stack for encoding the next attribute
611 */
612 vp = fr_dcursor_next(cursor);
613 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
614
615 return fr_dbuff_set(dbuff, &work_dbuff);
616}
617
618/** Breaks down large data into pieces, each with a header
619 *
620 * @param[out] data we're fragmenting.
621 * @param[in] data_len the amount of data in the dbuff that makes up the value we're
622 * splitting.
623 * @param[in,out] hdr marker that points at said header
624 * @param[in] hdr_len length of the headers that will be added
625 * @param[in] flag_offset offset within header of a flag byte whose MSB is set for all
626 * but the last piece.
627 * @param[in] vsa_offset if non-zero, the offset of a length field in a (sub?)-header
628 * of size 3 that also needs to be adjusted to include the number
629 * of bytes of data in the piece
630 * @return
631 * - <0 the number of bytes we would have needed to create
632 * space for another attribute header in the buffer.
633 * - 0 data was not modified.
634 * - >0 the number additional bytes we used inserting extra
635 * headers.
636 */
637static ssize_t attr_fragment(fr_dbuff_t *data, size_t data_len, fr_dbuff_marker_t *hdr, size_t hdr_len,
638 int flag_offset, int vsa_offset)
639{
640 unsigned int num_fragments, i = 0;
641 size_t max_frag_data = UINT8_MAX - hdr_len;
642 fr_dbuff_t frag_data = FR_DBUFF_ABS(hdr);
643 fr_dbuff_marker_t frag_hdr, frag_hdr_p;
644
645 if (unlikely(!data_len)) return 0; /* Shouldn't have been called */
646
647 num_fragments = ROUND_UP_DIV(data_len, max_frag_data);
648 if (num_fragments == 1) return 0; /* Nothing to do */
649
650 fr_dbuff_marker(&frag_hdr, &frag_data);
651 fr_dbuff_marker(&frag_hdr_p, &frag_data);
652
653 fr_dbuff_advance(&frag_data, hdr_len);
654
655 FR_PROTO_HEX_DUMP(fr_dbuff_current(hdr), hdr_len + data_len, "attr_fragment in");
656 for (;;) {
657 bool last = (i + 1) == num_fragments;
658 uint8_t frag_len;
659
660 /*
661 * How long is this fragment?
662 */
663 if (last) {
664 frag_len = (data_len - (max_frag_data * (num_fragments - 1)));
665 } else {
666 frag_len = max_frag_data;
667 }
668
669 /*
670 * Update the "outer" header to reflect the actual
671 * length of the fragment
672 */
673 fr_dbuff_set(&frag_hdr_p, &frag_hdr);
674 fr_dbuff_advance(&frag_hdr_p, 1);
675 fr_dbuff_in(&frag_hdr_p, (uint8_t)(hdr_len + frag_len));
676
677 /*
678 * Update the "inner" header. The length here is
679 * the inner VSA header length (3) + the fragment
680 * length.
681 */
682 if (vsa_offset) {
683 fr_dbuff_set(&frag_hdr_p, fr_dbuff_current(&frag_hdr) + vsa_offset);
684 fr_dbuff_in(&frag_hdr_p, (uint8_t)(3 + frag_len));
685 }
686
687 /*
688 * Just over-ride the flag field. Nothing else
689 * uses it.
690 */
691 if (flag_offset) {
692 fr_dbuff_set(&frag_hdr_p, fr_dbuff_current(&frag_hdr) + flag_offset);
693 fr_dbuff_in(&frag_hdr_p, (uint8_t)(!last << 7));
694 }
695
696 FR_PROTO_HEX_DUMP(fr_dbuff_current(hdr), frag_len + hdr_len,
697 "attr_fragment fragment %u/%u", i + 1, num_fragments);
698
699 fr_dbuff_advance(&frag_data, frag_len); /* Go to the start of the next fragment */
700 if (last) break;
701
702 /*
703 * There's still trailing data after this
704 * fragment. Move the trailing data to *past*
705 * the next header. And after there's room, copy
706 * the header over.
707 *
708 * This process leaves the next header in place,
709 * ready for the next iteration of the loop.
710 *
711 * Yes, moving things multiple times is less than
712 * efficient. Oh well. it's ~1K memmoved()
713 * maybe 4 times. We are nowhere near the CPU /
714 * electrical requirements of Bitcoin.
715 */
716 i++;
717
718 fr_dbuff_set(&frag_hdr, &frag_data); /* Remember where the header should be */
719 fr_dbuff_advance(&frag_data, hdr_len); /* Advance past the header */
720
721 /*
722 * Shift remaining data by hdr_len.
723 */
724 FR_DBUFF_IN_MEMCPY_RETURN(&FR_DBUFF(&frag_data), &frag_hdr, data_len - (i * max_frag_data));
725 fr_dbuff_in_memcpy(&FR_DBUFF(&frag_hdr), hdr, hdr_len); /* Copy the old header over */
726 }
727
728 return fr_dbuff_set(data, &frag_data);
729}
730
731/** Encode an "extended" attribute
732 *
733 */
735 fr_da_stack_t *da_stack, NDEBUG_UNUSED unsigned int depth,
736 fr_dcursor_t *cursor, void *encode_ctx)
737{
738 ssize_t slen;
739 uint8_t hlen;
740 size_t vendor_hdr;
741 bool extra;
742 int my_depth;
743 fr_dict_attr_t const *da;
744 fr_dbuff_marker_t hdr, length_field;
745 fr_pair_t const *vp = fr_dcursor_current(cursor);
746 fr_dbuff_t work_dbuff;
747
749 FR_PROTO_STACK_PRINT(da_stack, depth);
750
751 extra = fr_radius_flag_long_extended(da_stack->da[0]);
752
753 /*
754 * The data used here can be more than 255 bytes, but only for the
755 * "long" extended type.
756 */
757 if (extra) {
758 work_dbuff = FR_DBUFF_BIND_CURRENT(dbuff);
759 } else {
760 work_dbuff = FR_DBUFF_MAX_BIND_CURRENT(dbuff, UINT8_MAX);
761 }
762 fr_dbuff_marker(&hdr, &work_dbuff);
763
764 /*
765 * Encode the header for "short" or "long" attributes
766 */
767 hlen = 3 + extra;
768 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)da_stack->da[0]->attr);
769 fr_dbuff_marker(&length_field, &work_dbuff);
770 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, hlen); /* this gets overwritten later*/
771
772 /*
773 * Encode which extended attribute it is.
774 */
775 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)da_stack->da[1]->attr);
776
777 if (extra) FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, 0x00); /* flags start off at zero */
778
779 FR_PROTO_STACK_PRINT(da_stack, depth);
780
781 /*
782 * Handle VSA as "VENDOR + attr"
783 */
784 if (da_stack->da[1]->type == FR_TYPE_VSA) {
785 fr_assert(da_stack->da[2]);
786 fr_assert(da_stack->da[2]->type == FR_TYPE_VENDOR);
787
788 FR_DBUFF_IN_RETURN(&work_dbuff, (uint32_t) da_stack->da[2]->attr);
789
790 fr_assert(da_stack->da[3]);
791
792 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)da_stack->da[3]->attr);
793
794 hlen += 5;
795 vendor_hdr = 5;
796
797 FR_PROTO_STACK_PRINT(da_stack, depth);
798 FR_PROTO_HEX_DUMP(fr_dbuff_current(&hdr), hlen, "header extended vendor specific");
799
800 my_depth = 3;
801 } else {
802 vendor_hdr = 0;
803 FR_PROTO_HEX_DUMP(fr_dbuff_current(&hdr), hlen, "header extended");
804
805 my_depth = 1;
806 }
807
808 /*
809 * We're at the point where we need to encode something.
810 */
811 da = da_stack->da[my_depth];
812 fr_assert(vp->da == da);
813
814 if (da->type != FR_TYPE_STRUCT) {
815 slen = encode_value(&work_dbuff, da_stack, my_depth, cursor, encode_ctx);
816
817 } else {
818 slen = fr_struct_to_network(&work_dbuff, da_stack, my_depth, cursor, encode_ctx, encode_value, encode_child);
819 }
820 if (slen <= 0) return slen;
821
822 /*
823 * There may be more than 255 octets of data encoded in
824 * the attribute. If so, move the data up in the packet,
825 * and copy the existing header over. Set the "M" flag ONLY
826 * after copying the rest of the data.
827 *
828 * Note that we add "vendor_hdr" to the length of the
829 * encoded data. That 5 octet field is logically part of
830 * the data, and not part of the header.
831 */
832 if (slen > (UINT8_MAX - hlen)) {
833 slen = attr_fragment(&work_dbuff, (size_t)vendor_hdr + slen, &hdr, 4, 3, 0);
834 if (slen <= 0) return slen;
835
836 return fr_dbuff_set(dbuff, &work_dbuff);
837 }
838
839 fr_dbuff_in_bytes(&length_field, (uint8_t) fr_dbuff_used(&work_dbuff));
840 FR_PROTO_HEX_DUMP(fr_dbuff_current(&hdr), hlen, "header extended");
841
842 return fr_dbuff_set(dbuff, &work_dbuff);
843}
844
845/*
846 * The encode_extended() function expects to see the TLV or
847 * STRUCT inside of the extended attribute, in which case it
848 * creates the attribute header and calls encode_value() for the
849 * leaf type, or child TLV / struct.
850 *
851 * If we see VSA or VENDOR, then we recurse past that to a child
852 * which is either a leaf, or a TLV, or a STRUCT.
853 */
855 fr_da_stack_t *da_stack, unsigned int depth,
856 fr_dcursor_t *cursor, void *encode_ctx)
857{
858 ssize_t slen;
860 fr_dcursor_t child_cursor;
861 fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
862
863 parent = fr_dcursor_current(cursor);
865
866 (void) fr_pair_dcursor_child_iter_init(&child_cursor, &parent->vp_group, cursor);
867
868 FR_PROTO_STACK_PRINT(da_stack, depth);
869
870 while ((vp = fr_dcursor_current(&child_cursor)) != NULL) {
871 if ((vp->vp_type == FR_TYPE_VSA) || (vp->vp_type == FR_TYPE_VENDOR)) {
872 slen = encode_extended_nested(&work_dbuff, da_stack, depth + 1, &child_cursor, encode_ctx);
873
874 } else {
875 fr_proto_da_stack_build(da_stack, vp->da);
876 slen = encode_extended(&work_dbuff, da_stack, depth, &child_cursor, encode_ctx);
877 if (slen < 0) return slen;
878 }
879
880 if (slen < 0) return slen;
881 }
882
883 vp = fr_dcursor_next(cursor);
884
885 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
886
887 return fr_dbuff_set(dbuff, &work_dbuff);
888}
889
890
891/** Encode an RFC format attribute, with the "concat" flag set
892 *
893 * If there isn't enough freespace in the packet, the data is
894 * truncated to fit.
895 *
896 * The attribute is split on 253 byte boundaries, with a header
897 * prepended to each chunk.
898 */
900 fr_da_stack_t *da_stack, unsigned int depth,
901 fr_dcursor_t *cursor, UNUSED void *encode_ctx)
902{
903 uint8_t const *p;
904 size_t data_len;
905 fr_pair_t const *vp = fr_dcursor_current(cursor);
906 fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
908
909 FR_PROTO_STACK_PRINT(da_stack, depth);
910
911 p = vp->vp_octets;
912 data_len = vp->vp_length;
913 fr_dbuff_marker(&hdr, &work_dbuff);
914
915 while (data_len > 0) {
916 size_t frag_len = (data_len > RADIUS_MAX_STRING_LENGTH) ? RADIUS_MAX_STRING_LENGTH : data_len;
917
918 fr_dbuff_set(&hdr, &work_dbuff);
919 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t) da_stack->da[depth]->attr, 0x00);
920
921 FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, p, frag_len);
922
923 fr_dbuff_advance(&hdr, 1);
924 fr_dbuff_in(&hdr, (uint8_t) (2 + frag_len));
925
926 FR_PROTO_HEX_DUMP(fr_dbuff_current(&hdr) - 1, 2 + frag_len, "encode_concat fragment");
927
928 p += frag_len;
929 data_len -= frag_len;
930 }
931
932 vp = fr_dcursor_next(cursor);
933
934 /*
935 * @fixme: attributes with 'concat' MUST of type
936 * 'octets', and therefore CANNOT have any TLV data in them.
937 */
938 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
939
940 return fr_dbuff_set(dbuff, &work_dbuff);
941}
942
943/** Encode an RFC format attribute.
944 *
945 * This could be a standard attribute, or a TLV data type.
946 * If it's a standard attribute, then vp->da->attr == attribute.
947 * Otherwise, attribute may be something else.
948 */
950 fr_da_stack_t *da_stack, unsigned int depth,
951 fr_dcursor_t *cursor, void *encode_ctx)
952{
953 ssize_t slen;
954 uint8_t hlen;
956 fr_dbuff_t work_dbuff = FR_DBUFF_MAX(dbuff, UINT8_MAX);
957
958 FR_PROTO_STACK_PRINT(da_stack, depth);
959
960 fr_assert(da_stack->da[depth] != NULL);
961
962 fr_dbuff_marker(&hdr, &work_dbuff);
963
964 hlen = 2;
965 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)da_stack->da[depth]->attr, hlen);
966
967 slen = encode_value(&work_dbuff, da_stack, depth, cursor, encode_ctx);
968 if (slen <= 0) return slen;
969
970 fr_dbuff_advance(&hdr, 1);
971 fr_dbuff_in_bytes(&hdr, (uint8_t)(hlen + slen));
972
973 FR_PROTO_HEX_DUMP(fr_dbuff_start(&work_dbuff), 2, "header rfc");
974
975 return fr_dbuff_set(dbuff, &work_dbuff);
976}
977
978
979/** Encode one full Vendor-Specific + Vendor-ID + Vendor-Attr + Vendor-Length + ...
980 */
982 fr_da_stack_t *da_stack, unsigned int depth,
983 fr_dcursor_t *cursor, void *encode_ctx)
984{
985 ssize_t slen;
986 size_t hdr_len;
987 fr_dbuff_marker_t hdr, length_field, vsa_length_field;
988 fr_dict_attr_t const *da, *dv;
989 fr_dbuff_t work_dbuff;
990
991 FR_PROTO_STACK_PRINT(da_stack, depth);
992
993 dv = da_stack->da[depth++];
994
995 if (dv->type != FR_TYPE_VENDOR) {
996 fr_strerror_const("Expected Vendor");
998 }
999
1000 /*
1001 * Now we encode one vendor attribute.
1002 */
1003 da = da_stack->da[depth];
1004 fr_assert(da != NULL);
1005
1006 /*
1007 * Most VSAs get limited to the one attribute. Only refs
1008 * (e.g. DHCPv4, DHCpv6) can get fragmented.
1009 */
1010 if (da->type != FR_TYPE_GROUP) {
1011 work_dbuff = FR_DBUFF_MAX(dbuff, UINT8_MAX);
1012 } else {
1013 work_dbuff = FR_DBUFF(dbuff);
1014 }
1015
1016 fr_dbuff_marker(&hdr, &work_dbuff);
1017
1018 /*
1019 * Build the Vendor-Specific header
1020 */
1021 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_VENDOR_SPECIFIC);
1022
1023 fr_dbuff_marker(&length_field, &work_dbuff);
1024 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, 0);
1025
1026 FR_DBUFF_IN_RETURN(&work_dbuff, (uint32_t)dv->attr); /* Copy in the 32bit vendor ID */
1027
1028
1029 hdr_len = dv->flags.type_size + dv->flags.length;
1030
1031 /*
1032 * Vendors use different widths for their
1033 * attribute number fields.
1034 */
1035 switch (dv->flags.type_size) {
1036 default:
1037 fr_strerror_printf("%s: Internal sanity check failed, type %u", __FUNCTION__, (unsigned) dv->flags.type_size);
1039
1040 case 4:
1041 fr_dbuff_in(&work_dbuff, (uint32_t)da->attr);
1042 break;
1043
1044 case 2:
1045 fr_dbuff_in(&work_dbuff, (uint16_t)da->attr);
1046 break;
1047
1048 case 1:
1049 fr_dbuff_in(&work_dbuff, (uint8_t)da->attr);
1050 break;
1051 }
1052
1053 /*
1054 * The length fields will get over-written later.
1055 */
1056 switch (dv->flags.length) {
1057 default:
1058 fr_strerror_printf("%s: Internal sanity check failed, length %u", __FUNCTION__, (unsigned) dv->flags.length);
1060
1061 case 0:
1062 break;
1063
1064 case 2:
1065 fr_dbuff_in_bytes(&work_dbuff, 0);
1067
1068 case 1:
1069 /*
1070 * Length fields are set to zero, because they
1071 * will get over-ridden later.
1072 */
1073 fr_dbuff_marker(&vsa_length_field, &work_dbuff);
1074 fr_dbuff_in_bytes(&work_dbuff, 0);
1075 break;
1076 }
1077
1078 slen = encode_value(&work_dbuff, da_stack, depth, cursor, encode_ctx);
1079 if (slen <= 0) return slen;
1080
1081 /*
1082 * There may be more than 253 octets of data encoded in
1083 * the attribute. If so, move the data up in the packet,
1084 * and copy the existing header over. Set the "C" flag
1085 * ONLY after copying the rest of the data.
1086 *
1087 * Note that we do NOT check 'slen' here, as it's only
1088 * the size of the sub-sub attribute, and doesn't include
1089 * the RADIUS attribute header, or Vendor-ID.
1090 */
1091 if (fr_dbuff_used(&work_dbuff) > UINT8_MAX) {
1092 size_t length_offset = 0;
1093
1094 if (dv->flags.length) length_offset = 6 + hdr_len - 1;
1095
1096 slen = attr_fragment(&work_dbuff, (size_t)slen, &hdr, 6 + hdr_len, 0, length_offset);
1097 if (slen <= 0) return slen;
1098 } else {
1099 if (dv->flags.length) {
1100 fr_dbuff_in(&vsa_length_field, (uint8_t)(hdr_len + slen));
1101 }
1102
1103 fr_dbuff_in(&length_field, (uint8_t) fr_dbuff_used(&work_dbuff));
1104 }
1105
1106 FR_PROTO_HEX_DUMP(fr_dbuff_current(&hdr), 6 + hdr_len, "header vsa");
1107
1108 return fr_dbuff_set(dbuff, &work_dbuff);
1109}
1110
1111/** Encode a WiMAX attribute
1112 *
1113 */
1115 fr_da_stack_t *da_stack, unsigned int depth,
1116 fr_dcursor_t *cursor, void *encode_ctx)
1117{
1118 ssize_t slen;
1119 fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
1120 fr_dbuff_marker_t hdr, length_field, vsa_length_field;
1121 fr_dict_attr_t const *dv;
1122 fr_pair_t const *vp = fr_dcursor_current(cursor);
1123
1124 fr_dbuff_marker(&hdr, &work_dbuff);
1125
1126 PAIR_VERIFY(vp);
1127 FR_PROTO_STACK_PRINT(da_stack, depth);
1128
1129 dv = da_stack->da[depth++];
1130
1131 if (dv->type != FR_TYPE_VENDOR) {
1132 fr_strerror_const("Expected Vendor");
1134 }
1135
1136 FR_PROTO_STACK_PRINT(da_stack, depth);
1137
1138 /*
1139 * Build the Vendor-Specific header
1140 */
1141 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_VENDOR_SPECIFIC);
1142 fr_dbuff_marker(&length_field, &work_dbuff);
1143 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, 0x09);
1144
1145 FR_DBUFF_IN_RETURN(&work_dbuff, (uint32_t) dv->attr);
1146
1147 /*
1148 * Encode the first attribute
1149 */
1150 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)da_stack->da[depth]->attr);
1151
1152 fr_dbuff_marker(&vsa_length_field, &work_dbuff);
1153 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, 0x03, 0x00); /* length + continuation, both may be overwritten later */
1154
1155 /*
1156 * We don't bound the size of work_dbuff; it can use more than UINT8_MAX bytes
1157 * because of the "continuation" byte.
1158 */
1159 slen = encode_value(&work_dbuff, da_stack, depth, cursor, encode_ctx);
1160 if (slen <= 0) return slen;
1161
1162 /*
1163 * There may be more than 253 octets of data encoded in
1164 * the attribute. If so, move the data up in the packet,
1165 * and copy the existing header over. Set the "C" flag
1166 * ONLY after copying the rest of the data.
1167 *
1168 * Note that we do NOT check 'slen' here, as it's only
1169 * the size of the sub-sub attribute, and doesn't include
1170 * the RADIUS attribute header, or Vendor-ID.
1171 */
1172 if (fr_dbuff_used(&work_dbuff) > UINT8_MAX) {
1173 slen = attr_fragment(&work_dbuff, (size_t)slen, &hdr, 9, 8, 7);
1174 if (slen <= 0) return slen;
1175
1176 return fr_dbuff_set(dbuff, &work_dbuff);
1177 }
1178
1179 fr_dbuff_in_bytes(&vsa_length_field, (uint8_t) (fr_dbuff_used(&work_dbuff) - 6));
1180 fr_dbuff_in_bytes(&length_field, (uint8_t) fr_dbuff_used(&work_dbuff));
1181
1182 FR_PROTO_HEX_DUMP(fr_dbuff_current(&hdr), 9, "header wimax");
1183
1184 return fr_dbuff_set(dbuff, &work_dbuff);
1185}
1186
1188 fr_da_stack_t *da_stack, unsigned int depth,
1189 fr_dcursor_t *cursor, void *encode_ctx)
1190{
1191 fr_dict_attr_t const *da = da_stack->da[depth];
1192 ssize_t slen;
1193 fr_pair_t *vp;
1194 fr_dict_vendor_t const *dv;
1195 fr_dcursor_t child_cursor;
1196 fr_dbuff_t work_dbuff;
1197
1198 FR_PROTO_STACK_PRINT(da_stack, depth);
1199
1200 if (da->type != FR_TYPE_VENDOR) {
1201 fr_strerror_printf("%s: Expected type \"vendor\" got \"%s\"", __FUNCTION__,
1202 fr_type_to_str(da->type));
1204 }
1205
1206 dv = fr_dict_vendor_by_da(da_stack->da[depth]);
1207
1208 /*
1209 * Flat hierarchy, encode one attribute at a time.
1210 *
1211 * Note that there's no attempt to encode multiple VSAs
1212 * into one attribute. We can add that back as a flag,
1213 * once all of the nested attribute conversion has been
1214 * done.
1215 */
1216 if (da_stack->da[depth + 1]) {
1217 if (dv && dv->continuation) {
1218 return encode_wimax(dbuff, da_stack, depth, cursor, encode_ctx);
1219 }
1220
1221 return encode_vendor_attr(dbuff, da_stack, depth, cursor, encode_ctx);
1222 }
1223
1224 /*
1225 * Loop over the children of this attribute of type Vendor.
1226 */
1227 vp = fr_dcursor_current(cursor);
1228 fr_assert(vp->da == da);
1229 work_dbuff = FR_DBUFF(dbuff);
1230
1231 fr_pair_dcursor_child_iter_init(&child_cursor, &vp->vp_group, cursor);
1232 while ((vp = fr_dcursor_current(&child_cursor)) != NULL) {
1233 fr_proto_da_stack_build(da_stack, vp->da);
1234
1235 if (dv && dv->continuation) {
1236 slen = encode_wimax(&work_dbuff, da_stack, depth, &child_cursor, encode_ctx);
1237 } else {
1238 slen = encode_vendor_attr(&work_dbuff, da_stack, depth, &child_cursor, encode_ctx);
1239 }
1240 if (slen < 0) return slen;
1241 }
1242
1243 vp = fr_dcursor_next(cursor);
1244 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
1245
1246 return fr_dbuff_set(dbuff, &work_dbuff);
1247}
1248
1249/** Encode a Vendor-Specific attribute
1250 *
1251 */
1253 fr_da_stack_t *da_stack, unsigned int depth,
1254 fr_dcursor_t *cursor, void *encode_ctx)
1255{
1256 ssize_t slen;
1257 fr_pair_t *vp;
1258 fr_dcursor_t child_cursor;
1259 fr_dict_attr_t const *da = da_stack->da[depth];
1260 fr_dbuff_t work_dbuff;
1261
1262 FR_PROTO_STACK_PRINT(da_stack, depth);
1263
1264 if (da->type != FR_TYPE_VSA) {
1265 fr_strerror_printf("%s: Expected type \"vsa\" got \"%s\"", __FUNCTION__,
1266 fr_type_to_str(da->type));
1268 }
1269
1270 /*
1271 * Loop over the contents of Vendor-Specific, each of
1272 * which MUST be of type FR_TYPE_VENDOR.
1273 */
1274 if (da_stack->da[depth + 1]) {
1275 return encode_vendor(dbuff, da_stack, depth + 1, cursor, encode_ctx);
1276 }
1277
1278 work_dbuff = FR_DBUFF(dbuff);
1279
1280 vp = fr_dcursor_current(cursor);
1281 if (vp->da != da_stack->da[depth]) {
1282 fr_strerror_printf("%s: Can't encode empty Vendor-Specific", __FUNCTION__);
1283 return 0;
1284 }
1285
1286 /*
1287 * Loop over the children of this Vendor-Specific
1288 * attribute.
1289 */
1290 fr_pair_dcursor_child_iter_init(&child_cursor, &vp->vp_group, cursor);
1291 while ((vp = fr_dcursor_current(&child_cursor)) != NULL) {
1292 fr_proto_da_stack_build(da_stack, vp->da);
1293
1294 fr_assert(da_stack->da[depth + 1]->type == FR_TYPE_VENDOR);
1295
1296 slen = encode_vendor(&work_dbuff, da_stack, depth + 1, &child_cursor, encode_ctx);
1297 if (slen < 0) return slen;
1298 }
1299
1300 /*
1301 * Fix up the da stack, and return the data we've encoded.
1302 */
1303 vp = fr_dcursor_next(cursor);
1304 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
1305
1306 FR_PROTO_HEX_DUMP(fr_dbuff_start(&work_dbuff), 6, "header vsa");
1307
1308 return fr_dbuff_set(dbuff, &work_dbuff);
1309}
1310
1311/** Encode NAS-Filter-Rule
1312 *
1313 * Concatenating the string attributes together, separated by a 0x00 byte,
1314 */
1316 fr_da_stack_t *da_stack, NDEBUG_UNUSED unsigned int depth,
1317 fr_dcursor_t *cursor, UNUSED void *encode_ctx)
1318{
1319 fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
1320 fr_dbuff_marker_t hdr, frag_hdr;
1321 fr_pair_t *vp = fr_dcursor_current(cursor);
1322 size_t attr_len = 2;
1323
1324 FR_PROTO_STACK_PRINT(da_stack, depth);
1325
1326 fr_assert(vp);
1327 fr_assert(vp->da);
1328
1329 fr_dbuff_marker(&hdr, &work_dbuff);
1330 fr_dbuff_marker(&frag_hdr, &work_dbuff);
1331 fr_dbuff_advance(&hdr, 1);
1332 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)vp->da->attr, 0x00);
1333
1335
1336 while (true) {
1337 size_t data_len = vp->vp_length;
1338 size_t frag_len;
1339 char const *p = vp->vp_strvalue;
1340
1341 /*
1342 * Keep encoding this attribute until it's done.
1343 */
1344 while (data_len > 0) {
1345 frag_len = data_len;
1346
1347 /*
1348 * This fragment doesn't overflow the
1349 * attribute. Copy it over, update the
1350 * length, but leave the marker at the
1351 * current header.
1352 */
1353 if ((attr_len + frag_len) <= UINT8_MAX) {
1354 FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, p, frag_len);
1355 attr_len += frag_len;
1356
1357 fr_dbuff_set(&frag_hdr, &hdr);
1358 fr_dbuff_in(&frag_hdr, (uint8_t) attr_len); /* there's no fr_dbuff_in_no_advance() */
1359 break;
1360 }
1361
1362 /*
1363 * This fragment overflows the attribute.
1364 * Copy the fragment in, and create a new
1365 * attribute header.
1366 */
1367 frag_len = UINT8_MAX - attr_len;
1368 FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, p, frag_len);
1369 fr_dbuff_in(&hdr, (uint8_t) UINT8_MAX);
1370
1371 fr_dbuff_marker(&hdr, &work_dbuff);
1372 fr_dbuff_advance(&hdr, 1);
1373 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)vp->da->attr, 0x02);
1374 attr_len = 2;
1375
1376 p += frag_len;
1377 data_len -= frag_len;
1378 }
1379
1380 /*
1381 * If we have nothing more to do here, then stop.
1382 */
1383 vp = fr_dcursor_next(cursor);
1384 if (!vp || (vp->da != attr_nas_filter_rule)) {
1385 break;
1386 }
1387
1388 /*
1389 * We have to add a zero byte. If it doesn't
1390 * overflow the current attribute, then just add
1391 * it in.
1392 */
1393 if (attr_len < UINT8_MAX) {
1394 attr_len++;
1395 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, 0x00);
1396
1397 fr_dbuff_set(&frag_hdr, &hdr);
1398 fr_dbuff_in(&frag_hdr, (uint8_t) attr_len); /* there's no fr_dbuff_in_no_advance() */
1399 continue;
1400 }
1401
1402 /*
1403 * The zero byte causes the current attribute to
1404 * overflow. Create a new header with the zero
1405 * byte already populated, and keep going.
1406 */
1407 fr_dbuff_marker(&hdr, &work_dbuff);
1408 fr_dbuff_advance(&hdr, 1);
1409 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)vp->da->attr, 0x00, 0x00);
1410 attr_len = 3;
1411 }
1412
1413 vp = fr_dcursor_current(cursor);
1414 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
1415
1416 return fr_dbuff_set(dbuff, &work_dbuff);
1417}
1418
1419/** Encode an RFC standard attribute 1..255
1420 *
1421 * This function is not the same as encode_child(), because this
1422 * one treats some "top level" attributes as special. e.g.
1423 * Message-Authenticator.
1424 */
1425static ssize_t encode_rfc(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth,
1426 fr_dcursor_t *cursor, void *encode_ctx)
1427{
1428 fr_pair_t const *vp = fr_dcursor_current(cursor);
1429 fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
1430 fr_dbuff_marker_t start;
1431 fr_radius_encode_ctx_t *packet_ctx = encode_ctx;
1432
1433 fr_dbuff_marker(&start, &work_dbuff);
1434
1435 /*
1436 * Sanity checks
1437 */
1438 PAIR_VERIFY(vp);
1439 FR_PROTO_STACK_PRINT(da_stack, depth);
1440
1441 switch (da_stack->da[depth]->type) {
1442 case FR_TYPE_TLV:
1443 case FR_TYPE_VSA:
1444 case FR_TYPE_VENDOR:
1445 /* FR_TYPE_STRUCT is actually allowed... */
1446 fr_strerror_printf("%s: Expected leaf type got \"%s\"", __FUNCTION__,
1447 fr_type_to_str(da_stack->da[depth]->type));
1449
1450 default:
1451 /*
1452 * Attribute 0 is fine as a TLV leaf, or VSA, but not
1453 * in the original standards space.
1454 */
1455 if (((fr_dict_vendor_num_by_da(da_stack->da[depth]) == 0) && (da_stack->da[depth]->attr == 0)) ||
1456 (da_stack->da[depth]->attr > UINT8_MAX)) {
1457 fr_strerror_printf("%s: Called with non-standard attribute %u", __FUNCTION__, vp->da->attr);
1458 return 0;
1459 }
1460 break;
1461 }
1462
1463 /*
1464 * Only CUI is allowed to have zero length.
1465 * Thank you, WiMAX!
1466 */
1467 if ((vp->da == attr_chargeable_user_identity) && (vp->vp_length == 0)) {
1468 fr_dbuff_in_bytes(&work_dbuff, (uint8_t)vp->da->attr, 0x02);
1469
1470 FR_PROTO_HEX_DUMP(fr_dbuff_current(&start), 2, "header rfc");
1471
1472 vp = fr_dcursor_next(cursor);
1473 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
1474 return fr_dbuff_set(dbuff, &work_dbuff);
1475 }
1476
1477 /*
1478 * Message-Authenticator is hard-coded.
1479 */
1481 if (!packet_ctx->seen_message_authenticator) {
1482 FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, (uint8_t)vp->da->attr, 18);
1484
1486 "message-authenticator");
1487 FR_PROTO_HEX_DUMP(fr_dbuff_current(&start), 2, "header rfc");
1488
1489 packet_ctx->seen_message_authenticator = true;
1490 }
1491
1492 vp = fr_dcursor_next(cursor);
1493 fr_proto_da_stack_build(da_stack, vp ? vp->da : NULL);
1494 return fr_dbuff_set(dbuff, &work_dbuff);
1495 }
1496
1497 /*
1498 * NAS-Filter-Rule has a stupid format in order to save
1499 * one byte per attribute.
1500 */
1501 if (vp->da == attr_nas_filter_rule) {
1502 return encode_nas_filter_rule(dbuff, da_stack, depth, cursor, encode_ctx);
1503 }
1504
1505 /*
1506 * Once we've checked for various top-level magic, RFC attributes are just TLVs.
1507 */
1508 return encode_child(dbuff, da_stack, depth, cursor, encode_ctx);
1509}
1510
1511/** Encode a data structure into a RADIUS attribute
1512 *
1513 * This is the main entry point into the encoder. It sets up the encoder array
1514 * we use for tracking our TLV/VSA nesting and then calls the appropriate
1515 * dispatch function.
1516 *
1517 * @param[out] dbuff Where to write encoded data.
1518 * @param[in] cursor Specifying attribute to encode.
1519 * @param[in] encode_ctx Additional data such as the shared secret to use.
1520 * @return
1521 * - >0 The number of bytes written to out.
1522 * - 0 Nothing to encode (or attribute skipped).
1523 * - <0 an error occurred.
1524 */
1526{
1527 fr_pair_t const *vp;
1528 ssize_t slen;
1529 fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
1530
1531 fr_da_stack_t da_stack;
1532 fr_dict_attr_t const *da = NULL;
1533
1534 if (!cursor) return PAIR_ENCODE_FATAL_ERROR;
1535
1536 vp = fr_dcursor_current(cursor);
1537 if (!vp) return 0;
1538
1539 PAIR_VERIFY(vp);
1540
1541 if (vp->da->depth > FR_DICT_MAX_TLV_STACK) {
1542 fr_strerror_printf("%s: Attribute depth %u exceeds maximum nesting depth %i",
1543 __FUNCTION__, vp->da->depth, FR_DICT_MAX_TLV_STACK);
1545 }
1546
1547 /*
1548 * Tags are *top-level*, and are never nested.
1549 */
1550 if ((vp->vp_type == FR_TYPE_GROUP) && vp->da->flags.internal &&
1551 (vp->da->attr > FR_TAG_BASE) && (vp->da->attr < (FR_TAG_BASE + 0x20))) {
1552 fr_radius_encode_ctx_t *packet_ctx = encode_ctx;
1553
1554 packet_ctx->tag = vp->da->attr - FR_TAG_BASE;
1555 fr_assert(packet_ctx->tag > 0);
1556 fr_assert(packet_ctx->tag < 0x20);
1557
1558 // recurse to encode the children of this attribute
1559 slen = encode_pairs(&work_dbuff, &vp->vp_group, encode_ctx);
1560 packet_ctx->tag = 0;
1561 if (slen < 0) return slen;
1562
1563 fr_dcursor_next(cursor); /* skip the tag attribute */
1564 return fr_dbuff_set(dbuff, &work_dbuff);
1565 }
1566
1567 /*
1568 * Check for zero-length attributes.
1569 */
1570 switch (vp->vp_type) {
1571 default:
1572 break;
1573
1574 /*
1575 * Only variable length data types can be
1576 * variable sized. All others have fixed size.
1577 */
1578 case FR_TYPE_STRING:
1579 case FR_TYPE_OCTETS:
1580 /*
1581 * Zero-length strings are allowed for CUI
1582 * (thanks WiMAX!), and for
1583 * Message-Authenticator, because we will
1584 * automagically generate that one ourselves.
1585 */
1586 if ((vp->vp_length == 0) &&
1589 fr_dcursor_next(cursor);
1590 fr_strerror_const("Zero length string attributes not allowed");
1591 return 0;
1592 }
1593 break;
1594 }
1595
1596 /*
1597 * Nested structures of attributes can't be longer than
1598 * 255 bytes, so each call to an encode function can
1599 * only use 255 bytes of buffer space at a time.
1600 */
1601
1602 /*
1603 * Fast path for the common case.
1604 */
1605 if (vp->da->parent->flags.is_root && fr_radius_flag_encrypted(vp->da)) {
1606 switch (vp->vp_type) {
1607 case FR_TYPE_LEAF:
1608 da_stack.da[0] = vp->da;
1609 da_stack.da[1] = NULL;
1610 da_stack.depth = 1;
1611 FR_PROTO_STACK_PRINT(&da_stack, 0);
1612 slen = encode_rfc(&work_dbuff, &da_stack, 0, cursor, encode_ctx);
1613 if (slen < 0) return slen;
1614 return fr_dbuff_set(dbuff, &work_dbuff);
1615
1616 default:
1617 break;
1618 }
1619 }
1620
1621 /*
1622 * Do more work to set up the stack for the complex case.
1623 */
1624 fr_proto_da_stack_build(&da_stack, vp->da);
1625 FR_PROTO_STACK_PRINT(&da_stack, 0);
1626
1627 /*
1628 * Top-level attributes get treated specially. Things
1629 * like VSAs inside of extended attributes are handled
1630 * inside of type-specific encoders.
1631 */
1632 da = da_stack.da[0];
1633 switch (da->type) {
1634 case FR_TYPE_OCTETS:
1635 if (fr_radius_flag_concat(da)) {
1636 /*
1637 * Attributes like EAP-Message are marked as
1638 * "concat", which means that they are fragmented
1639 * using a different scheme than the "long
1640 * extended" one.
1641 */
1642 slen = encode_concat(&work_dbuff, &da_stack, 0, cursor, encode_ctx);
1643 if (slen < 0) return slen;
1644 break;
1645 }
1647
1648 default:
1649 slen = encode_rfc(&work_dbuff, &da_stack, 0, cursor, encode_ctx);
1650 if (slen < 0) return slen;
1651 break;
1652
1653 case FR_TYPE_VSA:
1654 slen = encode_vsa(&work_dbuff, &da_stack, 0, cursor, encode_ctx);
1655 if (slen < 0) return slen;
1656 break;
1657
1658 case FR_TYPE_TLV:
1659 if (!fr_radius_flag_extended(da)) {
1660 slen = encode_child(&work_dbuff, &da_stack, 0, cursor, encode_ctx);
1661
1662 } else if (vp->da != da) {
1663 fr_strerror_printf("extended attributes must be nested");
1665
1666 } else {
1667 slen = encode_extended_nested(&work_dbuff, &da_stack, 0, cursor, encode_ctx);
1668 }
1669 if (slen < 0) return slen;
1670 break;
1671
1672 case FR_TYPE_NULL:
1673 case FR_TYPE_VENDOR:
1674 case FR_TYPE_MAX:
1675 fr_strerror_printf("%s: Cannot encode attribute %s", __FUNCTION__, vp->da->name);
1677 }
1678
1679 /*
1680 * We couldn't do it, so we didn't do anything.
1681 */
1682 if (fr_dcursor_current(cursor) == vp) {
1683 fr_strerror_printf("%s: Nested attribute structure too large to encode", __FUNCTION__);
1685 }
1686
1687 return fr_dbuff_set(dbuff, &work_dbuff);
1688}
1689
1691{
1692 fr_radius_ctx_t common_ctx = {};
1694 .common = &common_ctx,
1695 };
1696
1697 /*
1698 * Just in case we need random numbers.
1699 */
1700 encode_ctx.rand_ctx.a = fr_rand();
1701 encode_ctx.rand_ctx.b = fr_rand();
1702
1703 /*
1704 * Encode the pairs.
1705 */
1706 return encode_pairs(dbuff, list, &encode_ctx);
1707}
1708
1709
1710static int encode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict)
1711{
1712 static uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH] = {
1713 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1714 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
1715
1716 fr_radius_encode_ctx_t *test_ctx;
1717 fr_radius_ctx_t *common;
1718
1719 test_ctx = talloc_zero(ctx, fr_radius_encode_ctx_t);
1720 if (!test_ctx) return -1;
1721
1722 test_ctx->common = common = talloc_zero(test_ctx, fr_radius_ctx_t);
1723
1724 common->secret = talloc_strdup(test_ctx->common, "testing123");
1725 common->secret_length = talloc_array_length(test_ctx->common->secret) - 1;
1726
1727 /*
1728 * We don't want to automatically add Message-Authenticator
1729 */
1730 common->secure_transport = true;
1731
1732 test_ctx->request_authenticator = vector;
1733 test_ctx->rand_ctx.a = 6809;
1734 test_ctx->rand_ctx.b = 2112;
1735
1736 *out = test_ctx;
1737
1738 return 0;
1739}
1740
1741static ssize_t fr_radius_encode_proto(TALLOC_CTX *ctx, fr_pair_list_t *vps, uint8_t *data, size_t data_len, void *proto_ctx)
1742{
1743 fr_radius_encode_ctx_t *packet_ctx = talloc_get_type_abort(proto_ctx, fr_radius_encode_ctx_t);
1744 int packet_type = FR_RADIUS_CODE_ACCESS_REQUEST;
1745 fr_pair_t *vp;
1746 ssize_t slen;
1747
1749 if (vp) packet_type = vp->vp_uint32;
1750
1751 /*
1752 * Force specific values for testing.
1753 */
1754 if ((packet_type == FR_RADIUS_CODE_ACCESS_REQUEST) || (packet_type == FR_RADIUS_CODE_STATUS_SERVER)) {
1756 if (!vp) {
1757 int i;
1759
1760 for (i = 0; i < RADIUS_AUTH_VECTOR_LENGTH; i++) {
1761 data[4 + i] = fr_fast_rand(&packet_ctx->rand_ctx);
1762 }
1763
1764 fr_pair_list_append_by_da_len(ctx, vp, vps, attr_packet_authentication_vector, vector, sizeof(vector), false);
1765 }
1766 }
1767
1768 packet_ctx->code = packet_type;
1769
1770 /*
1771 * @todo - pass in packet_ctx to this function, so that we
1772 * can leverage a consistent random number generator.
1773 */
1774 slen = fr_radius_encode(&FR_DBUFF_TMP(data, data_len), vps, packet_ctx);
1775 if (slen <= 0) return slen;
1776
1777 if (fr_radius_sign(data, NULL, (uint8_t const *) packet_ctx->common->secret, talloc_array_length(packet_ctx->common->secret) - 1) < 0) {
1778 return -1;
1779 }
1780
1781 return slen;
1782}
1783
1784/*
1785 * No one else should be using this.
1786 */
1787extern void *fr_radius_next_encodable(fr_dcursor_t *cursor, void *to_eval, void *uctx);
1788
1789/*
1790 * Test points
1791 */
1798
1799
ssize_t fr_radius_encode_abinary(fr_pair_t const *vp, fr_dbuff_t *dbuff)
Encode a string to abinary.
Definition abinary.c:1192
int n
Definition acutest.h:577
#define RCSID(id)
Definition build.h:485
#define NDEBUG_UNUSED
Definition build.h:328
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
#define unlikely(_x)
Definition build.h:383
#define UNUSED
Definition build.h:317
#define fr_dbuff_advance(_dbuff_or_marker, _len)
Advance 'current' position in dbuff or marker by _len bytes.
Definition dbuff.h:1072
#define fr_dbuff_used(_dbuff_or_marker)
Return the number of bytes remaining between the start of the dbuff or marker and the current positio...
Definition dbuff.h:767
#define FR_DBUFF_ABS(_dbuff_or_marker)
Create a new dbuff pointing to the same underlying buffer.
Definition dbuff.h:231
struct fr_dbuff_marker_s fr_dbuff_marker_t
A position marker associated with a dbuff.
Definition dbuff.h:81
#define fr_dbuff_current(_dbuff_or_marker)
Return the 'current' position of a dbuff or marker.
Definition dbuff.h:911
#define fr_dbuff_set(_dst, _src)
Set the 'current' position in a dbuff or marker using another dbuff or marker, a char pointer,...
Definition dbuff.h:1004
#define fr_dbuff_start(_dbuff_or_marker)
Return the 'start' position of a dbuff or marker.
Definition dbuff.h:898
#define fr_dbuff_set_to_start(_dbuff_or_marker)
Reset the 'current' position of the dbuff or marker to the 'start' of the buffer.
Definition dbuff.h:1155
#define fr_dbuff_out_memcpy(_out, _dbuff_or_marker, _outlen)
Copy exactly _outlen bytes from the dbuff.
Definition dbuff.h:1732
#define FR_DBUFF_BIND_CURRENT(_dbuff_or_marker)
Create a new dbuff pointing to the same underlying buffer.
Definition dbuff.h:240
#define FR_DBUFF_MEMSET_RETURN(_dbuff_or_marker, _c, _inlen)
Set _inlen bytes of a dbuff or marker to _c returning if there is insufficient space.
Definition dbuff.h:1508
#define fr_dbuff_in_bytes(_dbuff_or_marker,...)
Copy a byte sequence into a dbuff or marker.
Definition dbuff.h:1465
static uint8_t * fr_dbuff_marker(fr_dbuff_marker_t *m, fr_dbuff_t *dbuff)
Initialises a new marker pointing to the 'current' position of the dbuff.
Definition dbuff.h:1192
#define FR_DBUFF_IN_MEMCPY_RETURN(_dbuff_or_marker, _in, _inlen)
Copy exactly _inlen bytes into dbuff or marker returning if there's insufficient space.
Definition dbuff.h:1382
#define fr_dbuff_in_memcpy(_dbuff_or_marker, _in, _inlen)
Copy exactly _inlen bytes into a dbuff or marker.
Definition dbuff.h:1350
#define fr_dbuff_in(_dbuff_or_marker, _in)
Copy data from a fixed sized C type into a dbuff or marker.
Definition dbuff.h:1567
#define FR_DBUFF_IN_RETURN(_dbuff_or_marker, _in)
Copy data from a fixed sized C type into a dbuff returning if there is insufficient space.
Definition dbuff.h:1585
#define FR_DBUFF(_dbuff_or_marker)
Create a new dbuff pointing to the same underlying buffer.
Definition dbuff.h:222
#define FR_DBUFF_MAX(_dbuff_or_marker, _max)
Limit the maximum number of bytes available in the dbuff when passing it to another function.
Definition dbuff.h:301
#define FR_DBUFF_MAX_BIND_CURRENT(_dbuff_or_marker, _max)
Limit the maximum number of bytes available in the dbuff when passing it to another function.
Definition dbuff.h:318
#define fr_dbuff_out(_out, _dbuff_or_marker)
Copy data from a dbuff or marker to a fixed sized C type.
Definition dbuff.h:1799
#define FR_DBUFF_IN_BYTES_RETURN(_dbuff_or_marker,...)
Copy a byte sequence into a dbuff or marker returning if there's insufficient space.
Definition dbuff.h:1472
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:514
static void * fr_dcursor_next(fr_dcursor_t *cursor)
Advanced the cursor to the next item.
Definition dcursor.h:290
static void * fr_dcursor_current(fr_dcursor_t *cursor)
Return the item the cursor current points to.
Definition dcursor.h:339
@ FR_RADIUS_CODE_ACCESS_REQUEST
RFC2865 - Access-Request.
Definition defs.h:33
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
Definition defs.h:44
static fr_dict_attr_t const * attr_packet_type
Definition dhcpclient.c:89
bool continuation
we only have one flag for now, for WiMAX
Definition dict.h:266
#define FR_DICT_MAX_TLV_STACK
Maximum TLV stack size.
Definition dict.h:513
static fr_slen_t in
Definition dict.h:861
fr_dict_vendor_t const * fr_dict_vendor_by_da(fr_dict_attr_t const *da)
Look up a vendor by one of its child attributes.
Definition dict_util.c:2731
Private enterprise.
Definition dict.h:264
static uint32_t fr_dict_vendor_num_by_da(fr_dict_attr_t const *da)
Return the vendor number for an attribute.
Definition dict_ext.h:213
#define PAIR_ENCODE_FATAL_ERROR
Fatal encoding error.
Definition pair.h:36
static ssize_t encode_value(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, int depth, fr_dcursor_t *cursor, void *encode_ctx)
Encodes the data portion of an attribute.
Definition encode.c:277
static ssize_t encode_tlv(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Definition encode.c:741
static ssize_t encode_rfc(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Encode an RFC format attribute header.
Definition encode.c:592
ssize_t fr_pair_ref_to_network(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor)
Encode a foreign reference to the network.
Definition encode.c:115
#define ROUND_UP_DIV(_x, _y)
Get the ceiling value of integer division.
Definition math.h:211
#define ROUND_UP(_num, _mul)
Round up - Works in all cases, but is slower.
Definition math.h:206
void fr_md5_ctx_free_from_list(fr_md5_ctx_t **ctx)
Free function for MD5 digest ctx.
Definition md5.c:544
fr_md5_ctx_t * fr_md5_ctx_alloc_from_list(void)
Allocation function for MD5 digest context.
Definition md5.c:499
#define fr_md5_final(_out, _ctx)
Finalise the ctx, producing the digest.
Definition md5.h:93
#define fr_md5_ctx_copy(_dst, _src)
Copy the contents of a ctx.
Definition md5.h:63
void fr_md5_ctx_t
Definition md5.h:28
#define fr_md5_update(_ctx, _in, _inlen)
Ingest plaintext into the digest.
Definition md5.h:86
unsigned short uint16_t
@ FR_TYPE_TLV
Contains nested attributes.
@ FR_TYPE_IPV6_PREFIX
IPv6 Prefix.
@ FR_TYPE_STRING
String of printable characters.
@ FR_TYPE_MAX
Number of defined data types.
@ FR_TYPE_NULL
Invalid (uninitialised) attribute type.
@ FR_TYPE_COMBO_IP_PREFIX
IPv4 or IPv6 address prefix depending on length.
@ FR_TYPE_UINT32
32 Bit unsigned integer.
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
@ FR_TYPE_VENDOR
Attribute that represents a vendor in the attribute tree.
@ FR_TYPE_IPV6_ADDR
128 Bit IPv6 Address.
@ FR_TYPE_IPV4_PREFIX
IPv4 Prefix.
@ FR_TYPE_VSA
Vendor-Specific, for RADIUS attribute 26.
@ FR_TYPE_COMBO_IP_ADDR
IPv4 or IPv6 address depending on length.
@ FR_TYPE_OCTETS
Raw octets.
@ FR_TYPE_GROUP
A grouping of other attributes.
unsigned int uint32_t
long int ssize_t
unsigned char uint8_t
#define UINT8_MAX
static uint8_t depth(fr_minmax_heap_index_t i)
Definition minmax_heap.c:83
static int encode(bio_handle_t *h, request_t *request, bio_request_t *u, uint8_t id)
Definition bio.c:1259
static unsigned int fr_bytes_from_bits(unsigned int bits)
Convert bits (as in prefix length) to bytes, rounding up.
Definition nbo.h:237
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:700
void fr_proto_da_stack_build(fr_da_stack_t *stack, fr_dict_attr_t const *da)
Build a complete DA stack from the da back to the root.
Definition proto.c:118
void * fr_proto_next_encodable(fr_dcursor_t *cursor, void *current, void *uctx)
Implements the default iterator to encode pairs belonging to a specific dictionary that are not inter...
Definition proto.c:100
static fr_internal_encode_ctx_t encode_ctx
static int encode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict)
Definition encode.c:165
static ssize_t encode_child(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Definition encode.c:362
HIDDEN fr_dict_attr_t const * attr_packet_authentication_vector
Definition base.c:55
HIDDEN fr_dict_attr_t const * attr_chargeable_user_identity
Definition base.c:57
HIDDEN fr_dict_attr_t const * attr_nas_filter_rule
Definition base.c:62
ssize_t fr_radius_ascend_secret(fr_dbuff_t *dbuff, uint8_t const *in, size_t inlen, char const *secret, uint8_t const *vector)
Do Ascend-Send / Recv-Secret calculation.
Definition base.c:249
int fr_radius_sign(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len)
Sign a previously encoded packet.
Definition base.c:360
ssize_t fr_radius_encode(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_radius_encode_ctx_t *packet_ctx)
Definition base.c:974
static ssize_t encode_vsa(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Encode a Vendor-Specific attribute.
Definition encode.c:1252
static ssize_t encode_wimax(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Encode a WiMAX attribute.
Definition encode.c:1114
static ssize_t encode_pairs(fr_dbuff_t *dbuff, fr_pair_list_t const *vps, void *encode_ctx)
Definition encode.c:298
static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in, size_t inlen, fr_radius_encode_ctx_t *packet_ctx)
Definition encode.c:101
static ssize_t fr_radius_encode_proto(TALLOC_CTX *ctx, fr_pair_list_t *vps, uint8_t *data, size_t data_len, void *proto_ctx)
Definition encode.c:1741
#define TAG_VALID(x)
Definition encode.c:35
static ssize_t encode_concat(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, UNUSED void *encode_ctx)
Encode an RFC format attribute, with the "concat" flag set.
Definition encode.c:899
static ssize_t encode_extended(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, NDEBUG_UNUSED unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Encode an "extended" attribute.
Definition encode.c:734
static ssize_t encode_extended_nested(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Definition encode.c:854
ssize_t fr_radius_encode_pair(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx)
Encode a data structure into a RADIUS attribute.
Definition encode.c:1525
fr_test_point_pair_encode_t radius_tp_encode_pair
Definition encode.c:1793
fr_test_point_proto_encode_t radius_tp_encode_proto
Definition encode.c:1801
ssize_t fr_radius_encode_foreign(fr_dbuff_t *dbuff, fr_pair_list_t const *list)
Definition encode.c:1690
void * fr_radius_next_encodable(fr_dcursor_t *cursor, void *to_eval, void *uctx)
Definition base.c:936
static ssize_t encode_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *input, size_t inlen, fr_radius_encode_ctx_t *packet_ctx)
"encrypt" a password RADIUS style
Definition encode.c:49
static ssize_t attr_fragment(fr_dbuff_t *data, size_t data_len, fr_dbuff_marker_t *hdr, size_t hdr_len, int flag_offset, int vsa_offset)
Breaks down large data into pieces, each with a header.
Definition encode.c:637
static ssize_t encode_nas_filter_rule(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, NDEBUG_UNUSED unsigned int depth, fr_dcursor_t *cursor, UNUSED void *encode_ctx)
Encode NAS-Filter-Rule.
Definition encode.c:1315
static ssize_t encode_vendor(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Definition encode.c:1187
static ssize_t encode_vendor_attr(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx)
Encode one full Vendor-Specific + Vendor-ID + Vendor-Attr + Vendor-Length + ...
Definition encode.c:981
VQP attributes.
#define fr_assert(_expr)
Definition rad_assert.h:38
static fr_dict_t const * dict_radius
bool secure_transport
for TLS
Definition radius.h:98
#define fr_radius_flag_concat(_da)
Definition radius.h:193
fr_fast_rand_t rand_ctx
for tunnel passwords
Definition radius.h:108
fr_radius_ctx_t const * common
Definition radius.h:104
#define fr_radius_flag_has_tag(_da)
Definition radius.h:192
#define AUTH_PASS_LEN
Definition radius.h:54
bool disallow_tunnel_passwords
not all packets can have tunnel passwords
Definition radius.h:120
char const * secret
Definition radius.h:95
#define RADIUS_MAX_STRING_LENGTH
Definition radius.h:35
#define fr_radius_flag_encrypted(_da)
Definition radius.h:195
uint8_t const * request_authenticator
Definition radius.h:106
static bool fr_radius_flag_extended(fr_dict_attr_t const *da)
Definition radius.h:197
uint8_t tag
current tag for encoding
Definition radius.h:112
#define RADIUS_MESSAGE_AUTHENTICATOR_LENGTH
Definition radius.h:38
size_t secret_length
Definition radius.h:96
#define RADIUS_MAX_PASS_LENGTH
Definition radius.h:39
#define fr_radius_flag_long_extended(_da)
Definition radius.h:204
@ RADIUS_FLAG_ENCRYPT_INVALID
Invalid encryption flag.
Definition radius.h:145
@ RADIUS_FLAG_ENCRYPT_NONE
No encryption.
Definition radius.h:146
@ RADIUS_FLAG_ENCRYPT_USER_PASSWORD
Encrypt attribute RFC 2865 style.
Definition radius.h:147
@ RADIUS_FLAG_ENCRYPT_ASCEND_SECRET
Encrypt attribute ascend style.
Definition radius.h:149
@ RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD
Encrypt attribute RFC 2868 style.
Definition radius.h:148
int salt_offset
for tunnel passwords
Definition radius.h:109
#define fr_radius_flag_abinary(_da)
Definition radius.h:194
bool seen_message_authenticator
Definition radius.h:121
static fr_dict_attr_t const * attr_message_authenticator
Definition radsnmp.c:112
uint32_t fr_fast_rand(fr_fast_rand_t *ctx)
Definition rand.c:279
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
uint32_t b
Definition rand.h:55
uint32_t a
Definition rand.h:55
fr_pair_t * vp
ssize_t fr_struct_to_network(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *parent_cursor, void *encode_ctx, fr_encode_dbuff_t encode_value, fr_encode_dbuff_t encode_pair)
Definition struct.c:659
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:93
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:75
Entry point for pair encoders.
Definition test_point.h:92
Entry point for protocol encoders.
Definition test_point.h:74
#define fr_pair_dcursor_iter_init(_cursor, _list, _iter, _uctx)
Initialises a special dcursor with callbacks that will maintain the attr sublists correctly.
Definition pair.h:569
static fr_pair_t * fr_pair_dcursor_child_iter_init(fr_dcursor_t *cursor, fr_pair_list_t const *list, fr_dcursor_t const *parent)
Initializes a child dcursor from a parent cursor, with an iteration function.
Definition pair.h:607
#define PAIR_VERIFY(_x)
Definition pair.h:193
#define fr_pair_list_append_by_da_len(_ctx, _vp, _list, _attr, _val, _len, _tainted)
Append a pair to a list, assigning its value.
Definition pair.h:311
static fr_slen_t parent
Definition pair.h:841
#define FR_PROTO_HEX_DUMP(_data, _data_len, _fmt,...)
Definition proto.h:42
#define FR_PROTO_STACK_PRINT(_stack, _depth)
Definition proto.h:44
uint8_t depth
Deepest attribute in the stack.
Definition proto.h:56
fr_dict_attr_t const * da[FR_DICT_MAX_TLV_STACK+1]
The stack.
Definition proto.h:57
Structure for holding the stack of dictionary attributes being encoded.
Definition proto.h:55
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
#define fr_strerror_const(_msg)
Definition strerror.h:223
#define fr_type_is_structural(_x)
Definition types.h:393
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:455
#define FR_TYPE_LEAF
Definition types.h:318
ssize_t fr_value_box_to_network(fr_dbuff_t *dbuff, fr_value_box_t const *value)
Encode a single value box, serializing its contents in generic network format.
Definition value.c:1516
static fr_slen_t data
Definition value.h:1293
static size_t char fr_sbuff_t size_t inlen
Definition value.h:1023
static size_t char ** out
Definition value.h:1023