The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
radius.h
Go to the documentation of this file.
1#pragma once
2/*
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
16 */
17
18/*
19 * $Id: 9b2ec78d5137c0d3db97818f9ce46ae6e4c6135b $
20 *
21 * @file protocols/radius/radius.h
22 * @brief Structures and prototypes for base RADIUS functionality.
23 *
24 * @copyright 1999-2017 The FreeRADIUS server project
25 */
26#include <freeradius-devel/radius/defs.h>
27#include <freeradius-devel/util/packet.h>
28#include <freeradius-devel/util/rand.h>
29#include <freeradius-devel/util/log.h>
30#include <freeradius-devel/util/dbuff.h>
31#include <freeradius-devel/io/test_point.h>
32
33#define RADIUS_AUTH_VECTOR_OFFSET 4
34#define RADIUS_HEADER_LENGTH 20
35#define RADIUS_MAX_STRING_LENGTH 253
36#define RADIUS_MAX_TUNNEL_PASSWORD_LENGTH 249
37#define RADIUS_AUTH_VECTOR_LENGTH 16
38#define RADIUS_MESSAGE_AUTHENTICATOR_LENGTH 16
39#define RADIUS_MAX_PASS_LENGTH 256
40#define RADIUS_MAX_ATTRIBUTES 255
41#define RADIUS_MAX_PACKET_SIZE 4096
42
43#define RADIUS_VENDORPEC_USR 429
44#define RADIUS_VENDORPEC_LUCENT 4846
45#define RADIUS_VENDORPEC_STARENT 8164
46
47/*
48 * protocols/radius/base.c
49 */
50
51
52#define FR_RADIUS_PACKET_CODE_VALID(_x) ((_x > 0) && (_x < FR_RADIUS_CODE_MAX))
53
54#define AUTH_PASS_LEN (RADIUS_AUTH_VECTOR_LENGTH)
55
56#define FR_TUNNEL_FR_ENC_LENGTH(_x) (2 + 1 + _x + PAD(_x + 1, 16))
57
58/** Control whether Message-Authenticator is required in Access-Requests
59 *
60 * @note Don't change the enum values. They allow efficient bistmasking.
61 */
62typedef enum {
63 FR_RADIUS_REQUIRE_MA_NO = 0x00, //!< Do not require Message-Authenticator
64 FR_RADIUS_REQUIRE_MA_YES = 0x01, //!< Require Message-Authenticator
65 FR_RADIUS_REQUIRE_MA_AUTO = 0x02, //!< Only require Message-Authenticator if we've previously
66 ///< received a packet from this client with Message-Authenticator.
67 ///< @note This isn't used by the radius protocol code, but may be used
68 ///< to drive logic in modules.
69
70} fr_radius_require_ma_t;
71
72/** Control whether Proxy-State is allowed in Access-Requests
73 *
74 * @note Don't change the enum values. They allow efficient bistmasking.
75 */
76typedef enum {
77 FR_RADIUS_LIMIT_PROXY_STATE_NO = 0x00, //!< Do not limit Proxy-State. Allow proxy-state to be sent in
78 ///< all packets.
79 FR_RADIUS_LIMIT_PROXY_STATE_YES = 0x01, //!< Limit Proxy-State. Do not allow Proxy-State to be sent in
80 ///< packets which do not have a Message-Authenticator attribute.
81
82 FR_RADIUS_LIMIT_PROXY_STATE_AUTO = 0x02, //!< Do not allow Proxy-State unless:
83 ///< - All packets received from a client have containted proxy state.
84 ///< - The client has sent a packet with a Message-Authenticator.
85 ///< @note This isn't used by the radius protocol code, but may be used
86 ///< to drive logic in modules.
87} fr_radius_limit_proxy_state_t;
88
89/** Failure reasons */
118
119extern char const *fr_radius_decode_fail_reason[FR_RADIUS_FAIL_MAX + 1];
120
125
126typedef struct {
127 char const *secret;
128 size_t secret_length;
129
130 bool secure_transport; //!< for TLS
131
132 uint64_t proxy_state;
133} fr_radius_ctx_t;
134
135typedef struct {
136 fr_radius_ctx_t const *common;
137
138 uint8_t const *request_authenticator;
139
140 fr_fast_rand_t rand_ctx; //!< for tunnel passwords
141 int salt_offset; //!< for tunnel passwords
142
143
144 uint8_t tag; //!< current tag for encoding
145
146 uint8_t request_code;
147
148 uint8_t code;
149 uint8_t id;
150
151 bool add_proxy_state; //!< do we add a Proxy-State?
152 bool seen_message_authenticator;
153#ifdef NAS_VIOLATES_RFC
154 bool allow_vulnerable_clients; //!< for vendors who violate the RFCs.
155#endif
156
157} fr_radius_encode_ctx_t;
158
159typedef struct {
160 fr_radius_ctx_t const *common;
161
162 uint8_t const *request_authenticator;
163
164 TALLOC_CTX *tmp_ctx; //!< for temporary things cleaned up during decoding
165 uint8_t const *end; //!< end of the packet
166
167 fr_radius_decode_fail_t reason; //!< reason for decode failure
168
169 uint8_t request_code; //!< original code for the request.
170
171 bool tunnel_password_zeros; //!< check for trailing zeros on decode
172 bool verify; //!< can skip verify for dynamic clients
173 bool require_message_authenticator;
174 bool limit_proxy_state; //!< Don't allow Proxy-State in requests
175
176 fr_radius_tag_ctx_t **tags; //!< for decoding tagged attributes
177 fr_pair_list_t *tag_root; //!< Where to insert tag attributes.
178 TALLOC_CTX *tag_root_ctx; //!< Where to allocate new tag attributes.
179} fr_radius_decode_ctx_t;
180
181typedef enum {
182 RADIUS_FLAG_ENCRYPT_INVALID = -1, //!< Invalid encryption flag.
183 RADIUS_FLAG_ENCRYPT_NONE = 0, //!< No encryption.
184 RADIUS_FLAG_ENCRYPT_USER_PASSWORD = 1, //!< Encrypt attribute RFC 2865 style.
185 RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD = 2, //!< Encrypt attribute RFC 2868 style.
186 RADIUS_FLAG_ENCRYPT_ASCEND_SECRET = 3, //!< Encrypt attribute ascend style.
187} fr_radius_attr_flags_encrypt_t;
188
189typedef struct {
190 unsigned int long_extended : 1; //!< Attribute is a long extended attribute
191 unsigned int extended : 1; //!< Attribute is an extended attribute
192 unsigned int concat : 1; //!< Attribute is concatenated
193 unsigned int has_tag : 1; //!< Attribute has a tag
194 unsigned int abinary : 1; //!< Attribute is in "abinary" format
195 fr_radius_attr_flags_encrypt_t encrypt; //!< Attribute is encrypted
196} fr_radius_attr_flags_t;
197
198DIAG_OFF(unused-function)
199/** Return RADIUS-specific flags for a given attribute
200 */
205
206#define fr_radius_flag_has_tag(_da) fr_radius_attr_flags(_da)->has_tag
207#define fr_radius_flag_concat(_da) fr_radius_attr_flags(_da)->concat
208#define fr_radius_flag_abinary(_da) fr_radius_attr_flags(_da)->abinary
209#define fr_radius_flag_encrypted(_da) fr_radius_attr_flags(_da)->encrypt
210
211static bool fr_radius_flag_extended(fr_dict_attr_t const *da)
212{
213 fr_radius_attr_flags_t const *flags = fr_radius_attr_flags(da);
214
215 return flags->extended || flags->long_extended;
216}
217
218#define fr_radius_flag_long_extended(_da) fr_radius_attr_flags(_da)->long_extended
219DIAG_ON(unused-function)
220
221extern fr_table_num_sorted_t const fr_radius_require_ma_table[];
222extern size_t fr_radius_require_ma_table_len;
223
224extern fr_table_num_sorted_t const fr_radius_limit_proxy_state_table[];
225extern size_t fr_radius_limit_proxy_state_table_len;
226
227extern fr_table_num_sorted_t const fr_radius_request_name_table[];
228extern size_t fr_radius_request_name_table_len;
229
230extern char const *fr_radius_packet_name[FR_RADIUS_CODE_MAX];
231
232/*
233 * protocols/radius/base.c
234 */
235int fr_radius_allow_reply(int code, bool allowed[static FR_RADIUS_CODE_MAX]);
236
237int fr_radius_sign(uint8_t *packet, uint8_t const *vector,
238 uint8_t const *secret, size_t secret_len) CC_HINT(nonnull (1,3));
239
240int fr_radius_verify(uint8_t *packet, uint8_t const *vector,
241 uint8_t const *secret, size_t secret_len,
242 bool require_message_authenticator, bool limit_proxy_state) CC_HINT(nonnull (1,3));
243
244bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p,
245 uint32_t max_attributes, bool require_message_authenticator, fr_radius_decode_fail_t *reason) CC_HINT(nonnull (1,2));
246
247ssize_t fr_radius_ascend_secret(fr_dbuff_t *dbuff, uint8_t const *in, size_t inlen,
248 char const *secret, size_t secret_len, uint8_t const *vector);
249
250ssize_t fr_radius_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port, unsigned int *code);
251
252ssize_t fr_radius_encode(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_radius_encode_ctx_t *packet_ctx) CC_HINT(nonnull);
253
254ssize_t fr_radius_decode(TALLOC_CTX *ctx, fr_pair_list_t *out,
255 uint8_t *packet, size_t packet_len,
256 fr_radius_decode_ctx_t *decode_ctx) CC_HINT(nonnull);
257
258ssize_t fr_radius_decode_simple(TALLOC_CTX *ctx, fr_pair_list_t *out,
259 uint8_t *packet, size_t packet_len,
260 uint8_t const *vector, char const *secret) CC_HINT(nonnull(1,2,3,6));
261
262int fr_radius_global_init(void);
263
264void fr_radius_global_free(void);
265
266/*
267 * protocols/radius/packet.c
268 */
269ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list,
270 fr_packet_t const *original,
271 char const *secret) CC_HINT(nonnull (1,2,4));
272
273bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator,
274 fr_radius_decode_fail_t *reason) CC_HINT(nonnull (1));
275
276int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original,
277 char const *secret) CC_HINT(nonnull (1,3));
278int fr_packet_sign(fr_packet_t *packet, fr_packet_t const *original,
279 char const *secret) CC_HINT(nonnull (1,3));
280
281fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator);
282int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list,
283 fr_packet_t const *original, char const *secret) CC_HINT(nonnull (1,2,4));
284
285#define fr_packet_log_hex(_log, _packet) _fr_packet_log_hex(_log, _packet, __FILE__, __LINE__)
286void _fr_packet_log_hex(fr_log_t const *log, fr_packet_t const *packet, char const *file, int line) CC_HINT(nonnull);
287
288/*
289 * protocols/radius/abinary.c
290 */
291ssize_t fr_radius_encode_abinary(fr_pair_t const *vp, fr_dbuff_t *dbuff);
292
293ssize_t fr_radius_decode_abinary(fr_pair_t *vp, uint8_t const *data, size_t data_len);
294
295/*
296 * protocols/radius/encode.c
297 */
298ssize_t fr_radius_encode_pair(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx);
299
300ssize_t fr_radius_encode_foreign(fr_dbuff_t *dbuff, fr_pair_list_t const *list) CC_HINT(nonnull);
301
302/*
303 * protocols/radius/decode.c
304 */
305int fr_radius_decode_tlv_ok(uint8_t const *data, size_t length, size_t dv_type, size_t dv_length);
306
307ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *list,
308 fr_dict_attr_t const *parent,
309 uint8_t const *data, size_t const attr_len,
310 void *packet_ctx) CC_HINT(nonnull);
311
312ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_pair_list_t *list,
313 fr_dict_attr_t const *parent,
314 uint8_t const *data, size_t data_len,
315 fr_radius_decode_ctx_t *packet_ctx) CC_HINT(nonnull);
316
317ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *list,
318 uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx) CC_HINT(nonnull);
319
320ssize_t fr_radius_decode_foreign(TALLOC_CTX *ctx, fr_pair_list_t *out,
321 uint8_t const *data, size_t data_len) CC_HINT(nonnull);
322
323void fr_radius_packet_header_log(fr_log_t const *log, fr_packet_t *packet, bool received);
324
325void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received);
file
int const char * file
Definition acutest.h:704
line
int const char int line
Definition acutest.h:704
DIAG_ON
#define DIAG_ON(_x)
Definition build.h:462
DIAG_OFF
#define DIAG_OFF(_x)
Definition build.h:461
fr_dcursor_s
Definition dcursor.h:93
FR_RADIUS_CODE_MAX
@ FR_RADIUS_CODE_MAX
Maximum possible protocol code.
Definition defs.h:53
sockfd
static int sockfd
Definition dhcpclient.c:56
FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC
@ FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC
Protocol specific extensions.
Definition dict.h:192
in
static fr_slen_t in
Definition dict.h:884
fr_dict_attr_ext
static void * fr_dict_attr_ext(fr_dict_attr_t const *da, fr_dict_attr_ext_t ext)
Definition dict_ext.h:121
fr_ipaddr_t
IPv4/6 prefix.
Definition merged_model.c:266
uint16_t
unsigned short uint16_t
Definition merged_model.c:31
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dbuff_t
Definition merged_model.c:41
fr_dict_attr_t
Definition merged_model.c:133
encode_ctx
static fr_internal_encode_ctx_t encode_ctx
Definition proto_ldap_sync.c:34
secret
static char * secret
Definition radclient-ng.c:71
fr_radius_attr_flags_t::has_tag
unsigned int has_tag
Attribute has a tag.
Definition radius.h:193
fr_radius_ctx_t::secure_transport
bool secure_transport
for TLS
Definition radius.h:130
fr_radius_decode_foreign
ssize_t fr_radius_decode_foreign(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len)
Definition decode.c:2087
fr_radius_tag_ctx_t::parent
fr_pair_t * parent
Definition radius.h:122
fr_radius_decode_ctx_t::tags
fr_radius_tag_ctx_t ** tags
for decoding tagged attributes
Definition radius.h:176
fr_radius_require_ma_t
fr_radius_require_ma_t
Control whether Message-Authenticator is required in Access-Requests.
Definition radius.h:62
FR_RADIUS_REQUIRE_MA_NO
@ FR_RADIUS_REQUIRE_MA_NO
Do not require Message-Authenticator.
Definition radius.h:63
FR_RADIUS_REQUIRE_MA_YES
@ FR_RADIUS_REQUIRE_MA_YES
Require Message-Authenticator.
Definition radius.h:64
FR_RADIUS_REQUIRE_MA_AUTO
@ FR_RADIUS_REQUIRE_MA_AUTO
Only require Message-Authenticator if we've previously received a packet from this client with Messag...
Definition radius.h:65
fr_radius_ascend_secret
ssize_t fr_radius_ascend_secret(fr_dbuff_t *dbuff, uint8_t const *in, size_t inlen, char const *secret, size_t secret_len, uint8_t const *vector)
Do Ascend-Send / Recv-Secret calculation.
Definition base.c:251
fr_radius_encode_ctx_t::rand_ctx
fr_fast_rand_t rand_ctx
for tunnel passwords
Definition radius.h:140
fr_radius_encode_ctx_t::common
fr_radius_ctx_t const * common
Definition radius.h:136
fr_radius_decode_pair
ssize_t fr_radius_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *list, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Create a "normal" fr_pair_t from the given data.
Definition decode.c:1972
fr_radius_decode_ctx_t::request_code
uint8_t request_code
original code for the request.
Definition radius.h:169
fr_radius_decode_abinary
ssize_t fr_radius_decode_abinary(fr_pair_t *vp, uint8_t const *data, size_t data_len)
Print an Ascend binary filter attribute to a string,.
Definition abinary.c:1316
fr_radius_decode_simple
ssize_t fr_radius_decode_simple(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, uint8_t const *vector, char const *secret))
Simple wrapper for callers who just need a shared secret.
Definition base.c:1216
fr_radius_decode_ctx_t::request_authenticator
uint8_t const * request_authenticator
Definition radius.h:162
fr_radius_attr_flags_t::abinary
unsigned int abinary
Attribute is in "abinary" format.
Definition radius.h:194
fr_packet_sign
int fr_packet_sign(fr_packet_t *packet, fr_packet_t const *original, char const *secret))
Sign a previously encoded packet.
Definition packet.c:150
fr_radius_decode
ssize_t fr_radius_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, fr_radius_decode_ctx_t *decode_ctx)
Definition base.c:1104
fr_radius_tag_ctx_t::cursor
fr_dcursor_t cursor
Definition radius.h:123
fr_radius_limit_proxy_state_table_len
size_t fr_radius_limit_proxy_state_table_len
Definition base.c:103
fr_packet_verify
int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, char const *secret))
Verify the Request/Response Authenticator (and Message-Authenticator if present) of a packet.
Definition packet.c:129
fr_radius_sign
int fr_radius_sign(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len))
Sign a previously encoded packet.
Definition base.c:362
fr_radius_decode_fail_t
fr_radius_decode_fail_t
Failure reasons.
Definition radius.h:90
FR_RADIUS_FAIL_ATTRIBUTE_DECODE
@ FR_RADIUS_FAIL_ATTRIBUTE_DECODE
Definition radius.h:106
FR_RADIUS_FAIL_UNEXPECTED_REQUEST_CODE
@ FR_RADIUS_FAIL_UNEXPECTED_REQUEST_CODE
Definition radius.h:97
FR_RADIUS_FAIL_ATTRIBUTE_OVERFLOW
@ FR_RADIUS_FAIL_ATTRIBUTE_OVERFLOW
Definition radius.h:105
FR_RADIUS_FAIL_VERIFY
@ FR_RADIUS_FAIL_VERIFY
Definition radius.h:113
FR_RADIUS_FAIL_NONE
@ FR_RADIUS_FAIL_NONE
Definition radius.h:91
FR_RADIUS_FAIL_MA_INVALID_LENGTH
@ FR_RADIUS_FAIL_MA_INVALID_LENGTH
Definition radius.h:108
FR_RADIUS_FAIL_MIN_LENGTH_FIELD
@ FR_RADIUS_FAIL_MIN_LENGTH_FIELD
Definition radius.h:94
FR_RADIUS_FAIL_INVALID_ATTRIBUTE
@ FR_RADIUS_FAIL_INVALID_ATTRIBUTE
Definition radius.h:101
FR_RADIUS_FAIL_IO_ERROR
@ FR_RADIUS_FAIL_IO_ERROR
Definition radius.h:115
FR_RADIUS_FAIL_MAX_LENGTH_PACKET
@ FR_RADIUS_FAIL_MAX_LENGTH_PACKET
Definition radius.h:93
FR_RADIUS_FAIL_MA_MISSING
@ FR_RADIUS_FAIL_MA_MISSING
Definition radius.h:109
FR_RADIUS_FAIL_TOO_MANY_ATTRIBUTES
@ FR_RADIUS_FAIL_TOO_MANY_ATTRIBUTES
Definition radius.h:99
FR_RADIUS_FAIL_UNEXPECTED_RESPONSE_CODE
@ FR_RADIUS_FAIL_UNEXPECTED_RESPONSE_CODE
Definition radius.h:98
FR_RADIUS_FAIL_UNKNOWN_PACKET_CODE
@ FR_RADIUS_FAIL_UNKNOWN_PACKET_CODE
Definition radius.h:96
FR_RADIUS_FAIL_MIN_LENGTH_MISMATCH
@ FR_RADIUS_FAIL_MIN_LENGTH_MISMATCH
Definition radius.h:95
FR_RADIUS_FAIL_NO_MATCHING_REQUEST
@ FR_RADIUS_FAIL_NO_MATCHING_REQUEST
Definition radius.h:114
FR_RADIUS_FAIL_HEADER_OVERFLOW
@ FR_RADIUS_FAIL_HEADER_OVERFLOW
Definition radius.h:103
FR_RADIUS_FAIL_PROXY_STATE_MISSING
@ FR_RADIUS_FAIL_PROXY_STATE_MISSING
Definition radius.h:111
FR_RADIUS_FAIL_MIN_LENGTH_PACKET
@ FR_RADIUS_FAIL_MIN_LENGTH_PACKET
Definition radius.h:92
FR_RADIUS_FAIL_MAX
@ FR_RADIUS_FAIL_MAX
Definition radius.h:116
FR_RADIUS_FAIL_ATTRIBUTE_TOO_SHORT
@ FR_RADIUS_FAIL_ATTRIBUTE_TOO_SHORT
Definition radius.h:104
FR_RADIUS_FAIL_MA_INVALID
@ FR_RADIUS_FAIL_MA_INVALID
Definition radius.h:110
fr_radius_ctx_t::secret
char const * secret
Definition radius.h:127
fr_radius_decode_tlv
ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, fr_radius_decode_ctx_t *packet_ctx)
Convert TLVs to one or more VPs.
Definition decode.c:648
fr_radius_decode_fail_reason
char const * fr_radius_decode_fail_reason[FR_RADIUS_FAIL_MAX+1]
Definition base.c:508
fr_radius_require_ma_table_len
size_t fr_radius_require_ma_table_len
Definition base.c:94
fr_radius_ok
bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, uint32_t max_attributes, bool require_message_authenticator, fr_radius_decode_fail_t *reason))
See if the data pointed to by PTR is a valid RADIUS packet.
Definition base.c:548
fr_radius_attr_flags_t::concat
unsigned int concat
Attribute is concatenated.
Definition radius.h:192
fr_radius_decode_ctx_t::end
uint8_t const * end
end of the packet
Definition radius.h:165
fr_radius_global_init
int fr_radius_global_init(void)
Definition base.c:1238
fr_packet_send
int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret))
Reply to the request.
Definition packet.c:277
fr_radius_decode_ctx_t::limit_proxy_state
bool limit_proxy_state
Don't allow Proxy-State in requests.
Definition radius.h:174
fr_radius_encode_pair
ssize_t fr_radius_encode_pair(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx)
Encode a data structure into a RADIUS attribute.
Definition encode.c:1537
fr_radius_packet_header_log
void fr_radius_packet_header_log(fr_log_t const *log, fr_packet_t *packet, bool received)
Definition packet.c:406
fr_radius_ctx_t::proxy_state
uint64_t proxy_state
Definition radius.h:132
fr_radius_encode_ctx_t::request_authenticator
uint8_t const * request_authenticator
Definition radius.h:138
fr_radius_flag_extended
static bool fr_radius_flag_extended(fr_dict_attr_t const *da)
Definition radius.h:211
fr_radius_encode_ctx_t::tag
uint8_t tag
current tag for encoding
Definition radius.h:144
fr_radius_attr_flags_t::extended
unsigned int extended
Attribute is an extended attribute.
Definition radius.h:191
fr_radius_attr_flags_t::encrypt
fr_radius_attr_flags_encrypt_t encrypt
Attribute is encrypted.
Definition radius.h:195
fr_radius_decode_tlv_ok
int fr_radius_decode_tlv_ok(uint8_t const *data, size_t length, size_t dv_type, size_t dv_length)
Check if a set of RADIUS formatted TLVs are OK.
Definition decode.c:246
fr_radius_decode_ctx_t::require_message_authenticator
bool require_message_authenticator
Definition radius.h:173
_fr_packet_log_hex
void _fr_packet_log_hex(fr_log_t const *log, fr_packet_t const *packet, char const *file, int line)
Definition packet.c:335
fr_radius_decode_ctx_t::tag_root_ctx
TALLOC_CTX * tag_root_ctx
Where to allocate new tag attributes.
Definition radius.h:178
fr_radius_ctx_t::secret_length
size_t secret_length
Definition radius.h:128
fr_radius_request_name_table_len
size_t fr_radius_request_name_table_len
Definition base.c:114
fr_radius_encode_foreign
ssize_t fr_radius_encode_foreign(fr_dbuff_t *dbuff, fr_pair_list_t const *list)
Definition encode.c:1702
fr_radius_decode_pair_value
ssize_t fr_radius_decode_pair_value(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *parent, uint8_t const *data, size_t const attr_len, void *packet_ctx)
Create any kind of VP from the attribute contents.
Definition decode.c:1479
fr_radius_decode_ctx_t::verify
bool verify
can skip verify for dynamic clients
Definition radius.h:172
fr_packet_recv
fr_packet_t * fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator)
Receive UDP client requests, and fill in the basics of a fr_packet_t structure.
Definition packet.c:191
fr_radius_decode_ctx_t::common
fr_radius_ctx_t const * common
Definition radius.h:160
fr_radius_verify
int fr_radius_verify(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len, bool require_message_authenticator, bool limit_proxy_state))
Verify a request / response packet.
Definition base.c:800
fr_radius_global_free
void fr_radius_global_free(void)
Definition base.c:1262
fr_radius_limit_proxy_state_t
fr_radius_limit_proxy_state_t
Control whether Proxy-State is allowed in Access-Requests.
Definition radius.h:76
FR_RADIUS_LIMIT_PROXY_STATE_NO
@ FR_RADIUS_LIMIT_PROXY_STATE_NO
Do not limit Proxy-State.
Definition radius.h:77
FR_RADIUS_LIMIT_PROXY_STATE_AUTO
@ FR_RADIUS_LIMIT_PROXY_STATE_AUTO
Do not allow Proxy-State unless:
Definition radius.h:82
FR_RADIUS_LIMIT_PROXY_STATE_YES
@ FR_RADIUS_LIMIT_PROXY_STATE_YES
Limit Proxy-State.
Definition radius.h:79
fr_radius_attr_flags_t::long_extended
unsigned int long_extended
Attribute is a long extended attribute.
Definition radius.h:190
fr_radius_limit_proxy_state_table
fr_table_num_sorted_t const fr_radius_limit_proxy_state_table[]
Definition base.c:96
fr_radius_decode_ctx_t::reason
fr_radius_decode_fail_t reason
reason for decode failure
Definition radius.h:167
fr_radius_attr_flags_encrypt_t
fr_radius_attr_flags_encrypt_t
Definition radius.h:181
RADIUS_FLAG_ENCRYPT_INVALID
@ RADIUS_FLAG_ENCRYPT_INVALID
Invalid encryption flag.
Definition radius.h:182
RADIUS_FLAG_ENCRYPT_NONE
@ RADIUS_FLAG_ENCRYPT_NONE
No encryption.
Definition radius.h:183
RADIUS_FLAG_ENCRYPT_USER_PASSWORD
@ RADIUS_FLAG_ENCRYPT_USER_PASSWORD
Encrypt attribute RFC 2865 style.
Definition radius.h:184
RADIUS_FLAG_ENCRYPT_ASCEND_SECRET
@ RADIUS_FLAG_ENCRYPT_ASCEND_SECRET
Encrypt attribute ascend style.
Definition radius.h:186
RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD
@ RADIUS_FLAG_ENCRYPT_TUNNEL_PASSWORD
Encrypt attribute RFC 2868 style.
Definition radius.h:185
fr_radius_encode_abinary
ssize_t fr_radius_encode_abinary(fr_pair_t const *vp, fr_dbuff_t *dbuff)
Encode a string to abinary.
Definition abinary.c:1192
fr_radius_request_name_table
fr_table_num_sorted_t const fr_radius_request_name_table[]
Definition base.c:105
fr_radius_require_ma_table
fr_table_num_sorted_t const fr_radius_require_ma_table[]
Definition base.c:87
fr_radius_encode_ctx_t::salt_offset
int salt_offset
for tunnel passwords
Definition radius.h:141
fr_radius_encode
ssize_t fr_radius_encode(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_radius_encode_ctx_t *packet_ctx)
Definition base.c:954
fr_packet_encode
ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret))
Encode a packet.
Definition packet.c:43
fr_radius_attr_flags
static fr_radius_attr_flags_t const * fr_radius_attr_flags(fr_dict_attr_t const *da)
Return RADIUS-specific flags for a given attribute.
Definition radius.h:201
fr_radius_decode_ctx_t::tunnel_password_zeros
bool tunnel_password_zeros
check for trailing zeros on decode
Definition radius.h:171
fr_radius_encode_ctx_t::add_proxy_state
bool add_proxy_state
do we add a Proxy-State?
Definition radius.h:151
fr_radius_encode_ctx_t::seen_message_authenticator
bool seen_message_authenticator
Definition radius.h:152
fr_radius_packet_log
void fr_radius_packet_log(fr_log_t const *log, fr_packet_t *packet, fr_pair_list_t *list, bool received)
Definition packet.c:477
fr_radius_packet_name
char const * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
Definition base.c:116
fr_radius_recv_header
ssize_t fr_radius_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, uint16_t *src_port, unsigned int *code)
Basic validation of RADIUS packet header.
Definition base.c:289
fr_radius_decode_ctx_t::tmp_ctx
TALLOC_CTX * tmp_ctx
for temporary things cleaned up during decoding
Definition radius.h:164
fr_radius_decode_ctx_t::tag_root
fr_pair_list_t * tag_root
Where to insert tag attributes.
Definition radius.h:177
fr_packet_ok
bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator, fr_radius_decode_fail_t *reason))
See if the data pointed to by PTR is a valid RADIUS packet.
Definition packet.c:110
fr_radius_allow_reply
int fr_radius_allow_reply(int code, bool allowed[static FR_RADIUS_CODE_MAX])
Definition base.c:231
fr_radius_attr_flags_t
Definition radius.h:189
fr_radius_ctx_t
Definition radius.h:126
fr_radius_decode_ctx_t
Definition radius.h:159
fr_radius_encode_ctx_t
Definition radius.h:135
fr_radius_tag_ctx_t
Definition radius.h:121
fr_fast_rand_t
Smaller fast random number generator.
Definition rand.h:54
vp
fr_pair_t * vp
Definition state_machine.c:2293
fr_log_s
Definition log.h:96
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
fr_packet_t
Definition packet.h:56
parent
static fr_slen_t parent
Definition pair.h:859
data
static fr_slen_t data
Definition value.h:1334
inlen
static size_t char fr_sbuff_t size_t inlen
Definition value.h:1024
nonnull
int nonnull(2, 5))
out
static size_t char ** out
Definition value.h:1024
Generated by   doxygen 1.9.8