The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
packet.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: ca50d4546c8e9efff6fb2f73a2ffbf005e9b20e7 $
19 *
20 * @file protocols/radius/packet.c
21 * @brief Functions to deal with fr_packet_t data structures.
22 *
23 * @copyright 2000-2017 The FreeRADIUS server project
24 */
25RCSID("$Id: ca50d4546c8e9efff6fb2f73a2ffbf005e9b20e7 $")
26
27#include "attrs.h"
28
29#include <freeradius-devel/util/udp.h>
30#include <freeradius-devel/util/syserror.h>
31
32#include <fcntl.h>
33
34/*
35 * Some messages get printed out only in debugging mode.
36 */
37#define FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf
38
39
40/** Encode a packet
41 *
42 */
43ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list,
44 fr_packet_t const *original, char const *secret)
45{
46 ssize_t slen;
47 fr_radius_ctx_t common = {};
48 fr_radius_encode_ctx_t packet_ctx;
49
50 /*
51 * A 4K packet, aligned on 64-bits.
52 */
53 uint8_t data[MAX_PACKET_LEN];
54
55#ifndef NDEBUG
56 if (fr_debug_lvl >= L_DBG_LVL_4) fr_packet_log_hex(&default_log, packet);
57#endif
58
59 common.secret = secret;
60 common.secret_length = talloc_array_length(secret) - 1;
61
62 packet_ctx = (fr_radius_encode_ctx_t) {
63 .common = &common,
64 .request_authenticator = original ? original->data + 4 : NULL,
65 .rand_ctx = (fr_fast_rand_t) {
66 .a = fr_rand(),
67 .b = fr_rand(),
68 },
69 .request_code = original ? original->data[0] : 0,
70 .code = packet->code,
71 .id = packet->id,
72 };
73
74 slen = fr_radius_encode(&FR_DBUFF_TMP(data, sizeof(data)), list, &packet_ctx);
75 if (slen < 0) return slen;
76
77 /*
78 * Fill in the rest of the fields, and copy the data over
79 * from the local stack to the newly allocated memory.
80 *
81 * Yes, all this 'memcpy' is slow, but it means
82 * that we only allocate the minimum amount of
83 * memory for a request.
84 */
85 packet->data_len = (size_t) slen;
86 packet->data = talloc_array(packet, uint8_t, packet->data_len);
87 if (!packet->data) {
88 fr_strerror_const("Out of memory");
89 return -1;
90 }
91
92 memcpy(packet->data, data, packet->data_len);
93
94 return 0;
95}
96
97/** See if the data pointed to by PTR is a valid RADIUS packet.
98 *
99 * Packet is not 'const * const' because we may update data_len, if there's more data
100 * in the UDP packet than in the RADIUS packet.
101 *
102 * @param[in] packet to check.
103 * @param[in] max_attributes to decode.
104 * @param[in] require_message_authenticator to require Message-Authenticator.
105 * @param[out] reason if not NULL, will have the failure reason written to where it points.
106 * @return
107 * - True on success.
108 * - False on failure.
109 */
110bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator, fr_radius_decode_fail_t *reason)
111{
112 char host_ipaddr[INET6_ADDRSTRLEN];
113
114 if (!fr_radius_ok(packet->data, &packet->data_len, max_attributes, require_message_authenticator, reason)) {
115 FR_DEBUG_STRERROR_PRINTF("Bad packet received from host %s",
116 inet_ntop(packet->socket.inet.src_ipaddr.af, &packet->socket.inet.src_ipaddr.addr,
117 host_ipaddr, sizeof(host_ipaddr)));
118 return false;
119 }
120
121 /*
122 * Fill RADIUS header fields
123 */
124 packet->code = packet->data[0];
125 packet->id = packet->data[1];
126 memcpy(packet->vector, packet->data + 4, sizeof(packet->vector));
127 return true;
128}
129
130
131/** Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet
132 *
133 */
134int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, char const *secret)
135{
136 char buffer[INET6_ADDRSTRLEN];
137
138 if (!packet->data) return -1;
139
140 if (fr_radius_verify(packet->data, original ? original->data + 4 : NULL,
141 (uint8_t const *) secret, talloc_array_length(secret) - 1, false, false) < 0) {
142 fr_strerror_printf_push("Received invalid packet from %s",
143 inet_ntop(packet->socket.inet.src_ipaddr.af, &packet->socket.inet.src_ipaddr.addr,
144 buffer, sizeof(buffer)));
145 return -1;
146 }
147
148 return 0;
149}
150
151
152/** Sign a previously encoded packet
153 *
154 */
155int fr_packet_sign(fr_packet_t *packet, fr_packet_t const *original,
156 char const *secret)
157{
158 int ret;
159
160 ret = fr_radius_sign(packet->data, original ? original->data + 4 : NULL,
161 (uint8_t const *) secret, talloc_array_length(secret) - 1);
162 if (ret < 0) return ret;
163
164 memcpy(packet->vector, packet->data + 4, RADIUS_AUTH_VECTOR_LENGTH);
165 return 0;
166}
167
168
169/** Wrapper for recvfrom, which handles recvfromto, IPv6, and all possible combinations
170 *
171 */
172static ssize_t rad_recvfrom(int sockfd, fr_packet_t *packet, int flags)
173{
174 ssize_t data_len;
175
176 data_len = fr_radius_recv_header(sockfd, &packet->socket.inet.src_ipaddr, &packet->socket.inet.src_port, &packet->code);
177 if (data_len < 0) {
178 if ((errno == EAGAIN) || (errno == EINTR)) return 0;
179 return -1;
180 }
181
182 if (data_len == 0) return -1; /* invalid packet */
183
184 packet->data = talloc_array(packet, uint8_t, data_len);
185 if (!packet->data) return -1;
186
187 packet->data_len = data_len;
188
189 return udp_recv(sockfd, flags, &packet->socket, packet->data, packet->data_len, &packet->timestamp);
190}
191
192
193/** Receive UDP client requests, and fill in the basics of a fr_packet_t structure
194 *
195 */
196fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator)
197{
198 ssize_t data_len;
199 fr_packet_t *packet;
200
201 /*
202 * Allocate the new request data structure
203 */
204 packet = fr_packet_alloc(ctx, false);
205 if (!packet) {
206 fr_strerror_const("out of memory");
207 return NULL;
208 }
209
210 data_len = rad_recvfrom(fd, packet, flags);
211 if (data_len < 0) {
212 FR_DEBUG_STRERROR_PRINTF("Error receiving packet: %s", fr_syserror(errno));
213 fr_packet_free(&packet);
214 return NULL;
215 }
216
217#ifdef WITH_VERIFY_PTR
218 /*
219 * Double-check that the fields we want are filled in.
220 */
221 if ((packet->socket.inet.src_ipaddr.af == AF_UNSPEC) ||
222 (packet->socket.inet.src_port == 0) ||
223 (packet->socket.inet.dst_ipaddr.af == AF_UNSPEC) ||
224 (packet->socket.inet.dst_port == 0)) {
225 FR_DEBUG_STRERROR_PRINTF("Error receiving packet: %s", fr_syserror(errno));
226 fr_packet_free(&packet);
227 return NULL;
228 }
229#endif
230
231 packet->data_len = data_len; /* unsigned vs signed */
232
233 /*
234 * If the packet is too big, then rad_recvfrom did NOT
235 * allocate memory. Instead, it just discarded the
236 * packet.
237 */
238 if (packet->data_len > MAX_PACKET_LEN) {
239 FR_DEBUG_STRERROR_PRINTF("Discarding packet: Larger than RFC limitation of 4096 bytes");
240 fr_packet_free(&packet);
241 return NULL;
242 }
243
244 /*
245 * Read no data. Continue.
246 * This check is AFTER the MAX_PACKET_LEN check above, because
247 * if the packet is larger than MAX_PACKET_LEN, we also have
248 * packet->data == NULL
249 */
250 if ((packet->data_len == 0) || !packet->data) {
251 FR_DEBUG_STRERROR_PRINTF("Empty packet: Socket is not ready");
252 fr_packet_free(&packet);
253 return NULL;
254 }
255
256 /*
257 * See if it's a well-formed RADIUS packet.
258 */
259 if (!fr_packet_ok(packet, max_attributes, require_message_authenticator, NULL)) {
260 fr_packet_free(&packet);
261 return NULL;
262 }
263
264 /*
265 * Remember which socket we read the packet from.
266 */
267 packet->socket.fd = fd;
268
269 /*
270 * FIXME: Do even more filtering by only permitting
271 * certain IP's. The problem is that we don't know
272 * how to do this properly for all possible clients...
273 */
274
275 return packet;
276}
277
278/** Reply to the request
279 *
280 * Also attach reply attribute value pairs and any user message provided.
281 */
282int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list,
283 fr_packet_t const *original, char const *secret)
284{
285 /*
286 * Maybe it's a fake packet. Don't send it.
287 */
288 if (packet->socket.fd < 0) {
289 return 0;
290 }
291
292 /*
293 * First time through, allocate room for the packet
294 */
295 if (!packet->data) {
296 /*
297 * Encode the packet.
298 */
299 if (fr_packet_encode(packet, list, original, secret) < 0) {
300 return -1;
301 }
302
303 /*
304 * Re-sign it, including updating the
305 * Message-Authenticator.
306 */
307 if (fr_packet_sign(packet, original, secret) < 0) {
308 return -1;
309 }
310
311 /*
312 * If packet->data points to data, then we print out
313 * the VP list again only for debugging.
314 */
315 }
316
317 /*
318 * If the socket is TCP, call write(). Calling sendto()
319 * is allowed on some platforms, but it's not nice.
320 */
321 if (packet->socket.type == SOCK_STREAM) {
322 ssize_t ret;
323
324 ret = write(packet->socket.fd, packet->data, packet->data_len);
325 if (ret >= 0) return ret;
326
327 fr_strerror_printf("sendto failed: %s", fr_syserror(errno));
328 return -1;
329 }
330
331 /*
332 * And send it on it's way.
333 *
334 * No need to call fr_socket_addr_swap as apparently
335 * the address is already inverted.
336 */
337 return udp_send(&packet->socket, 0, packet->data, packet->data_len);
338}
339
340void _fr_packet_log_hex(fr_log_t const *log, fr_packet_t const *packet, char const *file, int line)
341{
342 uint8_t const *attr, *end;
343 char buffer[1024];
344
345 if (!packet->data) return;
346
347 fr_log(log, L_DBG, file, line, " Socket : %d", packet->socket.fd);
348 fr_log(log, L_DBG, file, line, " Proto : %d", (packet->socket.type == SOCK_STREAM) ? IPPROTO_TCP : IPPROTO_UDP);
349
350 if ((packet->socket.inet.src_ipaddr.af == AF_INET) || (packet->socket.inet.src_ipaddr.af == AF_INET6)) {
351 fr_log(log, L_DBG, file, line, " Src IP : %pV", fr_box_ipaddr(packet->socket.inet.src_ipaddr));
352 fr_log(log, L_DBG, file, line, " Src Port : %u", packet->socket.inet.src_port);
353 fr_log(log, L_DBG, file, line, " Dst IP : %pV", fr_box_ipaddr(packet->socket.inet.dst_ipaddr));
354 fr_log(log, L_DBG, file, line, " Dst Port : %u", packet->socket.inet.dst_port);
355 }
356
357 if ((packet->data[0] > 0) && (packet->data[0] < FR_RADIUS_CODE_MAX)) {
358 fr_log(log, L_DBG, file, line, " Code : %s", fr_radius_packet_name[packet->data[0]]);
359 } else {
360 fr_log(log, L_DBG, file, line, " Code : %u", packet->data[0]);
361 }
362
363 fr_log(log, L_DBG, file, line, " Id : %u", packet->data[1]);
364 fr_log(log, L_DBG, file, line, " Length : %u", fr_nbo_to_uint16(packet->data + 2));
365 fr_log(log, L_DBG, file, line, " Vector : %pH", fr_box_octets(packet->data + 4, RADIUS_AUTH_VECTOR_LENGTH));
366
367 if (packet->data_len <= 20) return;
368
369 for (attr = packet->data + 20, end = packet->data + packet->data_len;
370 attr < end;
371 attr += attr[1]) {
372 int i, len, offset = 2;
373 unsigned int vendor = 0;
374 char *p;
375 char const *truncated = "";
376
377#ifndef NDEBUG
378 if (attr[1] < 2) break; /* Coverity */
379#endif
380
381 snprintf(buffer, sizeof(buffer), "%02x %02x ", attr[0], attr[1]);
382 p = buffer + strlen(buffer);
383 if ((attr[0] == FR_VENDOR_SPECIFIC) &&
384 (attr[1] > 6)) {
385 vendor = fr_nbo_to_uint32(attr + 2);
386
387 snprintf(p, buffer + sizeof(buffer) - p, "%02x%02x%02x%02x (%u) ",
388 attr[2], attr[3], attr[4], attr[5], vendor);
389 offset = 6;
390 p += strlen(p);
391 }
392
393 len = attr[1] - offset;
394 if (len > 15) {
395 len = 15;
396 truncated = "...";
397 }
398
399 for (i = 0; i < len; i++) {
400 snprintf(p, buffer + sizeof(buffer) - p, "%02x ", attr[offset + i]);
401 p += 3;
402 }
403
404 fr_log(log, L_DBG, file, line, " %s%s\n", buffer, truncated);
405 }
406}
407
408/*
409 * Debug the packet if requested.
410 */
411void fr_radius_packet_header_log(fr_log_t const *log, fr_packet_t *packet, bool received)
412{
413 char src_ipaddr[FR_IPADDR_STRLEN];
414 char dst_ipaddr[FR_IPADDR_STRLEN];
415#ifdef WITH_IFINDEX_NAME_RESOLUTION
416 char if_name[IFNAMSIZ];
417#endif
418
419 if (!log) return;
420 if (!packet) return;
421
422 /*
423 * Client-specific debugging re-prints the input
424 * packet into the client log.
425 *
426 * This really belongs in a utility library
427 */
428 if (FR_RADIUS_PACKET_CODE_VALID(packet->code)) {
429 fr_log(log, L_DBG, __FILE__, __LINE__,
430 "%s %s Id %i from %s%s%s:%i to %s%s%s:%i "
431#ifdef WITH_IFINDEX_NAME_RESOLUTION
432 "%s%s%s"
433#endif
434 "length %zu\n",
435 received ? "Received" : "Sent",
436 fr_radius_packet_name[packet->code],
437 packet->id,
438 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "[" : "",
439 fr_inet_ntop(src_ipaddr, sizeof(src_ipaddr), &packet->socket.inet.src_ipaddr),
440 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "]" : "",
441 packet->socket.inet.src_port,
442 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "[" : "",
443 fr_inet_ntop(dst_ipaddr, sizeof(dst_ipaddr), &packet->socket.inet.dst_ipaddr),
444 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "]" : "",
445 packet->socket.inet.dst_port,
446#ifdef WITH_IFINDEX_NAME_RESOLUTION
447 received ? "via " : "",
448 received ? fr_ifname_from_ifindex(if_name, packet->socket.inet.ifindex) : "",
449 received ? " " : "",
450#endif
451 packet->data_len);
452 } else {
453 fr_log(log, L_DBG, __FILE__, __LINE__,
454 "%s code %u Id %i from %s%s%s:%i to %s%s%s:%i "
455#ifdef WITH_IFINDEX_NAME_RESOLUTION
456 "%s%s%s"
457#endif
458 "length %zu\n",
459 received ? "Received" : "Sent",
460 packet->code,
461 packet->id,
462 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "[" : "",
463 fr_inet_ntop(src_ipaddr, sizeof(src_ipaddr), &packet->socket.inet.src_ipaddr),
464 packet->socket.inet.src_ipaddr.af == AF_INET6 ? "]" : "",
465 packet->socket.inet.src_port,
466 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "[" : "",
467 fr_inet_ntop(dst_ipaddr, sizeof(dst_ipaddr), &packet->socket.inet.dst_ipaddr),
468 packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "]" : "",
469 packet->socket.inet.dst_port,
470#ifdef WITH_IFINDEX_NAME_RESOLUTION
471 received ? "via " : "",
472 received ? fr_ifname_from_ifindex(if_name, packet->socket.inet.ifindex) : "",
473 received ? " " : "",
474#endif
475 packet->data_len);
476 }
477}
478
479/*
480 * Debug the packet header and all attributes. This function is only called by the client code.
481 */
482void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
483{
484 fr_radius_packet_header_log(log, packet, received);
485
486 if (!fr_debug_lvl) return;
487
488 /*
489 * If we're auto-adding Message Authenticator, then print
490 * out that we're auto-adding it.
491 */
492 if (!received) switch (packet->code) {
493 case FR_RADIUS_CODE_ACCESS_REQUEST:
494 case FR_RADIUS_CODE_STATUS_SERVER:
495 if (!fr_pair_find_by_da(list, NULL, attr_message_authenticator)) {
496 fprintf(fr_log_fp, "\tMessage-Authenticator = 0x\n");
497 }
498 break;
499
500 default:
501 break;
502 }
503
504 fr_pair_list_log(log, 4, list);
505#ifndef NDEBUG
506 if (fr_debug_lvl >= L_DBG_LVL_4) fr_packet_log_hex(log, packet);
507#endif
508}
buffer
static int const char char buffer[256]
Definition acutest.h:576
file
int const char * file
Definition acutest.h:702
line
int const char int line
Definition acutest.h:702
RCSID
#define RCSID(id)
Definition build.h:485
FR_DBUFF_TMP
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:514
FR_RADIUS_CODE_ACCESS_REQUEST
@ FR_RADIUS_CODE_ACCESS_REQUEST
RFC2865 - Access-Request.
Definition defs.h:33
FR_RADIUS_CODE_MAX
@ FR_RADIUS_CODE_MAX
Maximum possible protocol code.
Definition defs.h:53
FR_RADIUS_CODE_STATUS_SERVER
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
Definition defs.h:44
MAX_PACKET_LEN
#define MAX_PACKET_LEN
Definition defs.h:68
sockfd
static int sockfd
Definition dhcpclient.c:56
fr_inet_ntop
char * fr_inet_ntop(char out[static FR_IPADDR_STRLEN], size_t outlen, fr_ipaddr_t const *addr)
Print the address portion of a fr_ipaddr_t.
Definition inet.c:1019
FR_IPADDR_STRLEN
#define FR_IPADDR_STRLEN
Like INET6_ADDRSTRLEN but includes space for the textual Zone ID.
Definition inet.h:89
fr_debug_lvl
int fr_debug_lvl
Definition log.c:40
fr_log_fp
FILE * fr_log_fp
Definition log.c:39
default_log
fr_log_t default_log
Definition log.c:288
fr_log
void fr_log(fr_log_t const *log, fr_log_type_t type, char const *file, int line, char const *fmt,...)
Send a server log message to its destination.
Definition log.c:577
L_DBG_LVL_4
@ L_DBG_LVL_4
4th highest priority debug messages (-xxxx | -Xxx).
Definition log.h:73
L_DBG
@ L_DBG
Only displayed when debugging is enabled.
Definition log.h:59
fr_packet_alloc
fr_packet_t * fr_packet_alloc(TALLOC_CTX *ctx, bool new_vector)
Allocate a new fr_packet_t.
Definition packet.c:38
fr_packet_free
void fr_packet_free(fr_packet_t **packet_p)
Free a fr_packet_t.
Definition packet.c:89
udp_recv
ssize_t udp_recv(int sockfd, int flags, fr_socket_t *socket_out, void *data, size_t data_len, fr_time_t *when)
Read a UDP packet.
Definition udp.c:144
udp_send
int udp_send(fr_socket_t const *sock, int flags, void *data, size_t data_len)
Send a packet via a UDP socket.
Definition udp.c:42
fr_radius_ok
bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason)
Definition merged_model.c:253
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
size_t
unsigned long int size_t
Definition merged_model.c:25
inet_ntop
char const * inet_ntop(int af, void const *src, char *dst, size_t cnt)
Definition missing.c:443
fr_nbo_to_uint16
static uint16_t fr_nbo_to_uint16(uint8_t const data[static sizeof(uint16_t)])
Read an unsigned 16bit integer from wire format (big endian)
Definition nbo.h:146
fr_nbo_to_uint32
static uint32_t fr_nbo_to_uint32(uint8_t const data[static sizeof(uint32_t)])
Read an unsigned 32bit integer from wire format (big endian)
Definition nbo.h:167
RADIUS_AUTH_VECTOR_LENGTH
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:698
fr_radius_sign
int fr_radius_sign(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len)
Sign a previously encoded packet.
Definition base.c:360
fr_radius_verify
int fr_radius_verify(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len, bool require_message_authenticator, bool limit_proxy_state)
Verify a request / response packet.
Definition base.c:799
fr_radius_encode
ssize_t fr_radius_encode(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_radius_encode_ctx_t *packet_ctx)
Definition base.c:974
fr_radius_packet_name
char const * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
Definition base.c:114
fr_radius_recv_header
ssize_t fr_radius_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port, unsigned int *code)
Basic validation of RADIUS packet header.
Definition base.c:287
fr_packet_verify
int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, char const *secret)
Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet.
Definition packet.c:134
rad_recvfrom
static ssize_t rad_recvfrom(int sockfd, fr_packet_t *packet, int flags)
Wrapper for recvfrom, which handles recvfromto, IPv6, and all possible combinations.
Definition packet.c:172
fr_packet_sign
int fr_packet_sign(fr_packet_t *packet, fr_packet_t const *original, char const *secret)
Sign a previously encoded packet.
Definition packet.c:155
fr_packet_ok
bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator, fr_radius_decode_fail_t *reason)
See if the data pointed to by PTR is a valid RADIUS packet.
Definition packet.c:110
fr_radius_packet_header_log
void fr_radius_packet_header_log(fr_log_t const *log, fr_packet_t *packet, bool received)
Definition packet.c:411
_fr_packet_log_hex
void _fr_packet_log_hex(fr_log_t const *log, fr_packet_t const *packet, char const *file, int line)
Definition packet.c:340
fr_packet_encode
ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret)
Encode a packet.
Definition packet.c:43
FR_DEBUG_STRERROR_PRINTF
#define FR_DEBUG_STRERROR_PRINTF
Definition packet.c:37
fr_packet_recv
fr_packet_t * fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator)
Receive UDP client requests, and fill in the basics of a fr_packet_t structure.
Definition packet.c:196
fr_packet_send
int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret)
Reply to the request.
Definition packet.c:282
fr_radius_packet_log
void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
Definition packet.c:482
secret
static char * secret
Definition radclient-ng.c:69
fr_radius_encode_ctx_t::common
fr_radius_ctx_t const * common
Definition radius.h:104
fr_radius_decode_fail_t
fr_radius_decode_fail_t
Failure reasons.
Definition radius.h:162
fr_radius_ctx_t::secret
char const * secret
Definition radius.h:95
fr_packet_log_hex
#define fr_packet_log_hex(_log, _packet)
Definition radius.h:271
fr_radius_ctx_t::secret_length
size_t secret_length
Definition radius.h:96
FR_RADIUS_PACKET_CODE_VALID
#define FR_RADIUS_PACKET_CODE_VALID(_x)
Definition radius.h:52
fr_radius_ctx_t
Definition radius.h:94
fr_radius_encode_ctx_t
Definition radius.h:103
attr_message_authenticator
static fr_dict_attr_t const * attr_message_authenticator
Definition radsnmp.c:112
fr_rand
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
fr_fast_rand_t
Smaller fast random number generator.
Definition rand.h:54
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
fr_log_s
Definition log.h:96
pair_list_s
Definition pair.h:52
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_packet_t::code
unsigned int code
Packet code (type).
Definition packet.h:61
fr_packet_t::socket
fr_socket_t socket
This packet was received on.
Definition packet.h:57
fr_packet_t::id
int id
Packet ID (used to link requests/responses).
Definition packet.h:60
fr_packet_t::data
uint8_t * data
Packet data (body).
Definition packet.h:63
fr_packet_t::data_len
size_t data_len
Length of packet data.
Definition packet.h:64
fr_packet_t::vector
uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH]
RADIUS authentication vector.
Definition packet.h:69
fr_packet_t::timestamp
fr_time_t timestamp
When we received the packet.
Definition packet.h:58
fr_packet_t
Definition packet.h:56
fr_pair_list_log
#define fr_pair_list_log(_log, _lvl, _list)
Definition pair.h:847
fr_socket_t::af
int af
AF_INET, AF_INET6, or AF_UNIX.
Definition socket.h:78
fr_socket_t::fd
int fd
File descriptor if this is a live socket.
Definition socket.h:81
fr_socket_t::type
int type
SOCK_STREAM, SOCK_DGRAM, etc.
Definition socket.h:79
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_box_ipaddr
#define fr_box_ipaddr(_val)
Definition value.h:316
data
static fr_slen_t data
Definition value.h:1291
fr_box_octets
#define fr_box_octets(_val, _len)
Definition value.h:310
Generated by   doxygen 1.9.8