Functions to send/receive radius packets. More...

#include <freeradius-devel/libradius.h>
#include <freeradius-devel/md5.h>
#include <freeradius-devel/udp.h>
#include <fcntl.h>
#include <ctype.h>

Include dependency graph for radius.c:

Go to the source code of this file.

Data Structures
struct	radius_packet_t

Macros
#define	FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf

#define	MAX_PACKET_LEN 4096

Typedefs
typedef struct radius_packet_t	radius_packet_t

Functions
static int	calc_acctdigest (RADIUS_PACKET packet, char const secret)
	Validates the requesting client NAS. More...

static int	calc_replydigest (RADIUS_PACKET packet, RADIUS_PACKET original, char const *secret)
	Validates the requesting client NAS. More...

void	fr_printf_log (char const *fmt,...)

RADIUS_PACKET *	fr_radius_alloc (TALLOC_CTX *ctx, bool new_vector)
	Allocate a new RADIUS_PACKET. More...

RADIUS_PACKET *	fr_radius_alloc_reply (TALLOC_CTX ctx, RADIUS_PACKET packet)
	Allocate a new RADIUS_PACKET response. More...

RADIUS_PACKET *	fr_radius_copy (TALLOC_CTX ctx, RADIUS_PACKET const in)
	Duplicate a RADIUS_PACKET. More...

int	fr_radius_decode (RADIUS_PACKET packet, RADIUS_PACKET original, char const *secret)
	Calculate/check digest, and decode radius attributes. More...

int	fr_radius_digest_cmp (uint8_t const a, uint8_t const b, size_t length)
	Do a comparison of two authentication digests by comparing the FULL digest. More...

int	fr_radius_encode (RADIUS_PACKET packet, RADIUS_PACKET const original, char const *secret)
	Encode a packet. More...

void	fr_radius_free (RADIUS_PACKET **radius_packet_ptr)
	Free a RADIUS_PACKET. More...

ssize_t	fr_radius_len (uint8_t const *data, size_t data_len)
	See how big of a packet is in the buffer. More...

void	fr_radius_make_secret (uint8_t digest, uint8_t const vector, char const secret, uint8_t const value)
	Build an encrypted secret value to return in a reply packet. More...

bool	fr_radius_ok (RADIUS_PACKET packet, int flags, decode_fail_t reason)
	See if the data pointed to by PTR is a valid RADIUS packet. More...

void	fr_radius_print_hex (RADIUS_PACKET *packet)

RADIUS_PACKET *	fr_radius_recv (TALLOC_CTX *ctx, int fd, int flags)
	Receive UDP client requests, and fill in the basics of a RADIUS_PACKET structure. More...

ssize_t	fr_radius_recv_header (int sockfd, fr_ipaddr_t src_ipaddr, uint16_t src_port, unsigned int *code)
	Basic validation of RADIUS packet header. More...

int	fr_radius_send (RADIUS_PACKET packet, RADIUS_PACKET const original, char const *secret)
	Reply to the request. More...

int	fr_radius_sign (RADIUS_PACKET packet, RADIUS_PACKET const original, char const *secret)
	Sign a previously encoded packet. More...

int	fr_radius_verify (RADIUS_PACKET packet, RADIUS_PACKET original, char const *secret)
	Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet. More...

uint32_t	fr_rand (void)
	Return a 32-bit random number. More...

void	fr_rand_seed (void const *data, size_t size)
	Seed the random number generator. More...

static void	print_hex_data (uint8_t const *ptr, int attrlen, int depth)

static ssize_t	rad_recvfrom (int sockfd, RADIUS_PACKET *packet, int flags)
	Wrapper for recvfrom, which handles recvfromto, IPv6, and all possible combinations. More...

Variables
FILE *	fr_log_fp = NULL

uint32_t	fr_max_attributes = 0

char const *	fr_packet_codes [FR_MAX_PACKET_CODE]

static _fr_thread_local bool	fr_rand_initialized = false

static _fr_thread_local fr_randctx	fr_rand_pool
	A pool of pre-generated random integers. More...

FR_NAME_NUMBER const	fr_request_types []

Detailed Description

Functions to send/receive radius packets.

Functions to encode RADIUS attributes.

Functions to decode RADIUS attributes.

Id:: bb5ce533b6dde6e72c54a7d67756ced7ac36b4fe

Copyright: 2000-2003,2006 The FreeRADIUS server project

Id:: c87ff4b1f04cb96329c944ae24be01d04793f8da

Copyright: 2000-2003,2006-2015 The FreeRADIUS server project

Id:: f3e08bdcbf34584ff2d618ea63297caa44fdf87d

Copyright: 2000-2003,2006-2015 The FreeRADIUS server project

Definition in file radius.c.

Data Structure Documentation

struct radius_packet_t

Definition at line 40 of file radius.c.

Data Fields
uint8_t	code
uint8_t	data[1]
uint8_t	id
uint8_t	length[2]
uint8_t	vector[AUTH_VECTOR_LEN]

Macro Definition Documentation

#define FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf

Definition at line 51 of file radius.c.

#define MAX_PACKET_LEN 4096

Definition at line 67 of file radius.c.

Typedef Documentation

typedef struct radius_packet_t radius_packet_t

Function Documentation

static int calc_acctdigest	(	RADIUS_PACKET *	packet,
		char const *	secret
	)

static

Validates the requesting client NAS.

Calculates the request Authenticator based on the clients private key.

Definition at line 595 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

static int calc_replydigest	(	RADIUS_PACKET *	packet,
		RADIUS_PACKET *	original,
		char const *	secret
	)

static

Validates the requesting client NAS.

Calculates the response Authenticator based on the clients private key.

Definition at line 629 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void fr_printf_log	(	char const *	fmt,
			...
	)

Definition at line 156 of file radius.c.

RADIUS_PACKET* fr_radius_alloc	(	TALLOC_CTX *	ctx,
		bool	new_vector
	)

Allocate a new RADIUS_PACKET.

Parameters

ctx	the context in which the packet is allocated. May be NULL if the packet is not associated with a REQUEST.
new_vector	if true a new request authenticator will be generated.

Returns

New RADIUS_PACKET.
NULL on error.

Definition at line 1651 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

RADIUS_PACKET* fr_radius_alloc_reply	(	TALLOC_CTX *	ctx,
		RADIUS_PACKET *	packet
	)

Allocate a new RADIUS_PACKET response.

Parameters

ctx	the context in which the packet is allocated. May be NULL if the packet is not associated with a REQUEST.
packet	The request packet.

Returns

New RADIUS_PACKET.
NULL on error.

Definition at line 1691 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

RADIUS_PACKET* fr_radius_copy	(	TALLOC_CTX *	ctx,
		RADIUS_PACKET const *	in
	)

Duplicate a RADIUS_PACKET.

Parameters

ctx	the context in which the packet is allocated. May be NULL if the packet is not associated with a REQUEST.
in	The packet to copy

Returns

New RADIUS_PACKET.
NULL on error.

Definition at line 1751 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int fr_radius_decode	(	RADIUS_PACKET *	packet,
		RADIUS_PACKET *	original,
		char const *	secret
	)

Calculate/check digest, and decode radius attributes.

Returns

0 on success
-1 on decoding error.

Definition at line 1485 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int fr_radius_digest_cmp	(	uint8_t const *	a,
		uint8_t const *	b,
		size_t	length
	)

Do a comparison of two authentication digests by comparing the FULL digest.

Otherwise, the server can be subject to timing attacks that allow attackers find a valid message authenticator.

http://www.cs.rice.edu/~dwallach/pub/crosby-timing2009.pdf

Definition at line 578 of file radius.c.

Here is the caller graph for this function:

int fr_radius_encode	(	RADIUS_PACKET *	packet,
		RADIUS_PACKET const *	original,
		char const *	secret
	)

Encode a packet.

Definition at line 1318 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void fr_radius_free ( RADIUS_PACKET ** radius_packet_ptr )

Free a RADIUS_PACKET.

Definition at line 1727 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ssize_t fr_radius_len	(	uint8_t const *	data,
		size_t	data_len
	)

See how big of a packet is in the buffer.

Packet is not 'const * const' because we may update data_len, if there's more data in the UDP packet than in the RADIUS packet.

Parameters

data	pointer to the packet buffer
data_len	length of the packet buffer

Returns: <= 0 packet is bad. >0 how much of the data is a packet (can be larger than data_len)

Definition at line 679 of file radius.c.

void fr_radius_make_secret	(	uint8_t *	digest,
		uint8_t const *	vector,
		char const *	secret,
		uint8_t const *	value
	)

Build an encrypted secret value to return in a reply packet.

The secret is hidden by xoring with a MD5 digest created from the shared secret and the authentication vector. We put them into MD5 in the reverse order from that used when encrypting passwords to RADIUS.

Definition at line 272 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

bool fr_radius_ok	(	RADIUS_PACKET *	packet,
		int	flags,
		decode_fail_t *	reason
	)

See if the data pointed to by PTR is a valid RADIUS packet.

Packet is not 'const * const' because we may update data_len, if there's more data in the UDP packet than in the RADIUS packet.

Parameters

packet	to check
flags	to control decoding
reason	if not NULL, will have the failure reason written to where it points.

Returns

True on success.
False on failure.

Definition at line 731 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void fr_radius_print_hex ( RADIUS_PACKET * packet )

Definition at line 172 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

RADIUS_PACKET* fr_radius_recv	(	TALLOC_CTX *	ctx,
		int	fd,
		int	flags
	)

Receive UDP client requests, and fill in the basics of a RADIUS_PACKET structure.

Definition at line 1050 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

ssize_t fr_radius_recv_header	(	int	sockfd,
		fr_ipaddr_t *	src_ipaddr,
		uint16_t *	src_port,
		unsigned int *	code
	)

Basic validation of RADIUS packet header.

Note: fr_strerror errors are only available if fr_debug_lvl > 0. This is to reduce CPU time consumed when discarding malformed packet.

Parameters

[in]	sockfd	we're reading from.
[out]	src_ipaddr	of the packet.
[out]	src_port	of the packet.
[out]	code	Pointer to where to write the packet code.

Returns

-1 on failure.
1 on decode error.
>= RADIUS_HDR_LEN on success. This is the packet length as specified in the header.

Definition at line 299 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int fr_radius_send	(	RADIUS_PACKET *	packet,
		RADIUS_PACKET const *	original,
		char const *	secret
	)

Reply to the request.

Also attach reply attribute value pairs and any user message provided.

Definition at line 506 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int fr_radius_sign	(	RADIUS_PACKET *	packet,
		RADIUS_PACKET const *	original,
		char const *	secret
	)

Sign a previously encoded packet.

Definition at line 389 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int fr_radius_verify	(	RADIUS_PACKET *	packet,
		RADIUS_PACKET *	original,
		char const *	secret
	)

Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet.

Definition at line 1144 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

uint32_t fr_rand ( void )

Return a 32-bit random number.

Definition at line 1621 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void fr_rand_seed	(	void const *	data,
		size_t	size
	)

Seed the random number generator.

May be called any number of times.

Definition at line 1569 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

static void print_hex_data	(	uint8_t const *	ptr,
		int	attrlen,
		int	depth
	)

static

Definition at line 84 of file radius.c.

Here is the caller graph for this function:

static ssize_t rad_recvfrom	(	int	sockfd,
		RADIUS_PACKET *	packet,
		int	flags
	)

static

Wrapper for recvfrom, which handles recvfromto, IPv6, and all possible combinations.

Definition at line 363 of file radius.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

FILE* fr_log_fp = NULL

Definition at line 81 of file radius.c.

uint32_t fr_max_attributes = 0

Definition at line 80 of file radius.c.

char const* fr_packet_codes[FR_MAX_PACKET_CODE]

Definition at line 101 of file radius.c.

_fr_thread_local bool fr_rand_initialized = false

static

Definition at line 99 of file radius.c.

_fr_thread_local fr_randctx fr_rand_pool

static

A pool of pre-generated random integers.

Definition at line 98 of file radius.c.

FR_NAME_NUMBER const fr_request_types[]

Initial value:

= {
        { "auth",       PW_CODE_ACCESS_REQUEST },
        { "challenge",  PW_CODE_ACCESS_CHALLENGE },
        { "acct",       PW_CODE_ACCOUNTING_REQUEST },
        { "status",     PW_CODE_STATUS_SERVER },
        { "disconnect", PW_CODE_DISCONNECT_REQUEST },
        { "coa",        PW_CODE_COA_REQUEST },
        { "auto",       PW_CODE_UNDEFINED },
        { NULL, 0}
}

Definition at line 52 of file radius.c.

Data Structures

Macros

Typedefs

Functions

Variables

Detailed Description

Data Structure Documentation

Macro Definition Documentation

Typedef Documentation

Function Documentation

Variable Documentation