src_2protocols_2radius_2client_8c_source.html

/*

 *   This library is free software; you can redistribute it and/or

 *   modify it under the terms of the GNU Lesser General Public

 *   License as published by the Free Software Foundation; either

 *   version 2.1 of the License, or (at your option) any later version.

 *

 *   This library is distributed in the hope that it will be useful,

 *   but WITHOUT ANY WARRANTY; without even the implied warranty of

 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

 *   Lesser General Public License for more details.

 *

 *   You should have received a copy of the GNU Lesser General Public

 *   License along with this library; if not, write to the Free Software

 *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA

 */


/**

 * $Id: 79bc5c373527cf9b27a64a3eafccb2e47d479c28 $

 *

 * @file protocols/radius/client.c

 * @brief Functions to support RADIUS bio handlers for client sockets

 *

 * @copyright 2024 Network RADIUS SAS (legal@networkradius.com)

 */

RCSID("$Id: 79bc5c373527cf9b27a64a3eafccb2e47d479c28 $")


#include <freeradius-devel/radius/client.h>

#include <freeradius-devel/radius/client_udp.h>

#include <freeradius-devel/radius/client_tcp.h>

#include <freeradius-devel/radius/client_priv.h>


#include <freeradius-devel/protocol/radius/rfc2865.h>

#include <freeradius-devel/protocol/radius/rfc2866.h>


typedef struct {

        uint32_t        initial;        //!< initial value

        uint32_t        start;          //!< Unix time we started sending this packet


        size_t          offset;         //!< offset to Acct-Delay-Time value

} fr_radius_client_bio_retry_t;


static void radius_client_retry_sent(fr_bio_t *bio, void *packet_ctx, const void *buffer, UNUSED size_t size,

                                     fr_bio_retry_entry_t *retry_ctx);

static bool radius_client_retry_response(fr_bio_t *bio, fr_bio_retry_entry_t **retry_ctx_p, UNUSED void *packet_ctx, const void *buffer, UNUSED size_t size);

static void radius_client_retry_release(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, UNUSED fr_bio_retry_release_reason_t reason);

static ssize_t radius_client_retry(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, UNUSED const void *buffer, NDEBUG_UNUSED size_t size);


static void fr_radius_client_bio_connect_timer(fr_timer_list_t *tl, fr_time_t now, void *uctx);


fr_bio_packet_t *fr_radius_client_bio_alloc(TALLOC_CTX *ctx, fr_radius_client_config_t *cfg, fr_bio_fd_config_t const *fd_cfg)

{

        fr_assert(fd_cfg->type == FR_BIO_FD_CONNECTED);


        if (fd_cfg->path || fd_cfg->filename) {

                fr_strerror_const("Domain sockets and files are not supported");

                return NULL;

        }


        if (fd_cfg->socket_type == SOCK_DGRAM) return fr_radius_client_udp_bio_alloc(ctx, cfg, fd_cfg);


        return fr_radius_client_tcp_bio_alloc(ctx, cfg, fd_cfg);

}


static int _radius_client_fd_bio_free(fr_radius_client_fd_bio_t *my)

{

        if (fr_bio_shutdown(my->common.bio) < 0) return -1;


        if (fr_bio_free(my->common.bio) < 0) return -1;


        return 0;

}


fr_radius_client_fd_bio_t *fr_radius_client_fd_bio_alloc(TALLOC_CTX *ctx, size_t read_size, fr_radius_client_config_t *cfg, fr_bio_fd_config_t const *fd_cfg)

{

        int i;

        fr_radius_client_fd_bio_t *my;

        fr_bio_retry_rewrite_t rewrite = NULL;


        fr_assert(fd_cfg->type == FR_BIO_FD_CONNECTED);


        my = talloc_zero(ctx, fr_radius_client_fd_bio_t);

        if (!my) return NULL;


        /*

         *      Allocate tracking for all of the packets.

         */

        for (i = 1; i < FR_RADIUS_CODE_MAX; i++) {

                if (!cfg->outgoing[i]) continue;


                my->codes[i] = fr_radius_id_alloc(my);

                if (!my->codes[i]) goto fail;

        }


        my->fd = fr_bio_fd_alloc(my, fd_cfg, 0);

        if (!my->fd) {

        fail:

                talloc_free(my);

                return NULL;

        }


        /*

         *      So that read / write pause / resume callbacks can find us

         */

        my->fd->uctx = my;


        my->info.fd_info = fr_bio_fd_info(my->fd);

        fr_assert(my->info.fd_info != NULL);


        my->reply_socket = my->info.fd_info->socket;

        if ((my->reply_socket.af == AF_INET) || (my->reply_socket.af == AF_INET6)) {

                fr_socket_addr_swap(&my->reply_socket, &my->info.fd_info->socket);

        }


        my->mem = fr_bio_mem_alloc(my, read_size, 2 * 4096, my->fd);

        if (!my->mem) goto fail;


        my->mem->uctx = my;


        if (cfg->packet_cb_cfg.retry) rewrite = radius_client_retry;


        /*

         *      We allocate a retry BIO even for TCP, as we want to be able to timeout the packets.

         */

        if (cfg->retry_cfg.el) {

                my->retry = fr_bio_retry_alloc(my, 256, radius_client_retry_sent, radius_client_retry_response,

                                               rewrite, radius_client_retry_release, &cfg->retry_cfg, my->mem);

                if (!my->retry) goto fail;


                my->retry->uctx = my;


                my->info.retry_info = fr_bio_retry_info(my->retry);

                fr_assert(my->info.retry_info != NULL);


                my->common.bio = my->retry;


        } else {

                /*

                 *      No timers for retries, we just use a memory buffer for outbound packets.

                 */

                my->common.bio = my->mem;

        }


        my->cfg = *cfg;


        /*

         *      Inform the packet BIO about our application callbacks.

         */

        my->common.cb = cfg->packet_cb_cfg;


        /*

         *      Initialize the packet handlers in each BIO.

         */

        fr_bio_packet_init(&my->common);


        talloc_set_destructor(my, _radius_client_fd_bio_free);


        /*

         *      Set up the connected status.

         */

        my->info.connected = false;


        /*

         *      If we're supposed to be connected (but aren't), then ensure that we don't keep trying to

         *      connect forever.

         */

        if ((my->info.fd_info->type == FR_BIO_FD_CONNECTED) && !my->info.connected &&

            fr_time_delta_ispos(cfg->connection_timeout) && cfg->retry_cfg.el) {

                if (fr_timer_in(my, cfg->el->tl, &my->common.ev, cfg->connection_timeout, false,

                                fr_radius_client_bio_connect_timer, my) < 0) {

                        talloc_free(my);

                        return NULL;

                }

        }


        my->proto_ctx = (fr_radius_ctx_t) {

                .secret = (char const *) my->cfg.verify.secret,

                .secret_length = my->cfg.verify.secret_len,

                .secure_transport = false,

                .proxy_state = my->cfg.proxy_state,

        };


        my->info.last_idle = fr_time();


        return my;

}


int fr_radius_client_fd_bio_write(fr_radius_client_fd_bio_t *my, void *pctx, fr_packet_t *packet, fr_pair_list_t *list)

{

        ssize_t slen;

        fr_radius_id_ctx_t *id_ctx;


        fr_assert(!packet->data);


        fr_assert(packet->code > 0);

        fr_assert(packet->code < FR_RADIUS_CODE_MAX);

        fr_assert(!my->common.write_blocked);


        if (!my->codes[packet->code]) {

                fr_strerror_printf("Outgoing packet code %s is disallowed by the configuration",

                                   fr_radius_packet_name[packet->code]);

                return fr_bio_error(GENERIC);

        }


        id_ctx = fr_radius_code_id_pop(my->codes, packet);

        if (!id_ctx) {

                /*

                 *      Try to cancel the oldest one.

                 */

                if (!my->retry || fr_bio_retry_entry_cancel(my->retry, NULL) < 1) {

                all_ids_used:

                        my->all_ids_used = true;


                        /*

                         *      Tell the application to stop writing data to the BIO.

                         */

                        if (my->common.cb.write_blocked) my->common.cb.write_blocked(&my->common);


                        fr_strerror_const("All IDs are in use");

                        return fr_bio_error(GENERIC);

                }


                id_ctx = fr_radius_code_id_pop(my->codes, packet);

                if (!id_ctx) goto all_ids_used;

        }

        id_ctx->request_ctx = pctx;

        fr_assert(id_ctx->packet == packet);


        /*

         *      @todo - just create the random auth vector here?

         */

        if ((packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) ||

            (packet->code == FR_RADIUS_CODE_STATUS_SERVER)) {

                memcpy(my->buffer + 4, packet->vector, sizeof(packet->vector));

        }


        /*

         *      Encode the packet.

         */

        slen = fr_radius_encode(&FR_DBUFF_TMP(my->buffer, sizeof(my->buffer)), list, &(fr_radius_encode_ctx_t) {

                        .common = &my->proto_ctx,

                        .request_authenticator = NULL,

                        .rand_ctx = (fr_fast_rand_t) {

                                .a = fr_rand(),

                                .b = fr_rand(),

                        },

                        .code = packet->code,

                        .id = packet->id,

                        .add_proxy_state = my->cfg.add_proxy_state,

                });

        if (slen < 0) {

        fail:

                fr_radius_code_id_push(my->codes, packet);

                return fr_bio_error(GENERIC);

        }


        fr_assert(slen >= RADIUS_HEADER_LENGTH);

        packet->data_len = slen;


        slen = fr_radius_sign(my->buffer, NULL,

                                (uint8_t const *) my->cfg.verify.secret, my->cfg.verify.secret_len);

        if (slen < 0) goto fail;


        /*

         *      The other BIOs will take care of calling fr_radius_client_bio_write_blocked() when the write

         *      is blocked.

         *

         *      The "next" BIO is a memory one, which can store the entire packet.  So write() never returns a

         *      partial packet.

         */

        slen = fr_bio_write(my->common.bio, &packet->socket, my->buffer, packet->data_len);

        if (slen < 0) {

                fr_assert((slen != fr_bio_error(IO_WOULD_BLOCK)) || my->common.write_blocked);


                fr_radius_code_id_push(my->codes, packet);

                return slen;

        }


        fr_assert((size_t) slen == packet->data_len);


        /*

         *      We only allocate packet data after writing it to the socket.  If the write fails, we avoid a

         *      memory alloc / free.

         */

        packet->data = talloc_array(packet, uint8_t, packet->data_len);

        if (!packet->data) goto fail;


        /*

         *      Only after successful write do we copy the data back to the packet structure.

         */

        memcpy(packet->data, my->buffer, packet->data_len);

        memcpy(packet->vector, packet->data + 4, RADIUS_AUTH_VECTOR_LENGTH);


        return 0;

}


static const fr_radius_packet_code_t allowed_replies[FR_RADIUS_CODE_MAX] = {

        [FR_RADIUS_CODE_ACCESS_ACCEPT]          = FR_RADIUS_CODE_ACCESS_REQUEST,

        [FR_RADIUS_CODE_ACCESS_CHALLENGE]       = FR_RADIUS_CODE_ACCESS_REQUEST,

        [FR_RADIUS_CODE_ACCESS_REJECT]          = FR_RADIUS_CODE_ACCESS_REQUEST,


        [FR_RADIUS_CODE_ACCOUNTING_RESPONSE]    = FR_RADIUS_CODE_ACCOUNTING_REQUEST,


        [FR_RADIUS_CODE_COA_ACK]                = FR_RADIUS_CODE_COA_REQUEST,

        [FR_RADIUS_CODE_COA_NAK]                = FR_RADIUS_CODE_COA_REQUEST,


        [FR_RADIUS_CODE_DISCONNECT_ACK]         = FR_RADIUS_CODE_DISCONNECT_REQUEST,

        [FR_RADIUS_CODE_DISCONNECT_NAK]         = FR_RADIUS_CODE_DISCONNECT_REQUEST,


        [FR_RADIUS_CODE_PROTOCOL_ERROR]         = FR_RADIUS_CODE_PROTOCOL_ERROR,        /* Any */

};


static ssize_t radius_client_retry(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, UNUSED const void *buffer, NDEBUG_UNUSED size_t size)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio->uctx, fr_radius_client_fd_bio_t);

        fr_radius_id_ctx_t *id_ctx = retry_ctx->uctx;

        fr_packet_t *packet = id_ctx->packet;


        fr_assert(packet->data_len == size);


        fr_assert(my->cfg.packet_cb_cfg.retry);


        my->cfg.packet_cb_cfg.retry(&my->common, id_ctx->packet);


        /*

         *      Note do do NOT ball fr_bio_write(), because that will treat the packet as a new one!

         */

        return fr_bio_retry_rewrite(bio, retry_ctx, packet->data, packet->data_len);

}


static ssize_t radius_client_rewrite_acct(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, UNUSED const void *buffer, NDEBUG_UNUSED size_t size)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio->uctx, fr_radius_client_fd_bio_t);

        fr_radius_client_bio_retry_t *acct = retry_ctx->rewrite_ctx;

        fr_radius_id_ctx_t *id_ctx = retry_ctx->uctx;

        fr_radius_id_ctx_t my_id_ctx = *id_ctx;

        fr_packet_t *packet = id_ctx->packet;

        uint8_t *ptr = packet->data + acct->offset;

        uint32_t now, delay;


        fr_assert(packet->data_len == size);


        /*

         *      Change IDs, since we're changing the value of Acct-Delay-Time

         */

        fr_radius_code_id_push(my->codes, packet);


        id_ctx = fr_radius_code_id_pop(my->codes, packet);

        if (!id_ctx) return fr_bio_error(GENERIC); /* at the minimum, we should get the ID we just pushed */


        /*

         *      Update the ID context, and tell the retry context that the ID context has changed.

         */

        id_ctx->request_ctx = my_id_ctx.request_ctx;

        retry_ctx->uctx = id_ctx;


        now = fr_time_to_sec(retry_ctx->retry.updated);

        fr_assert(now >= acct->start);

        fr_assert((now - acct->start) < (1 << 20)); /* just for pairanoia */


        delay = acct->initial + (now - acct->start);


        fr_nbo_from_uint32(ptr, delay);


        /*

         *      Sign the updated packet.

         */

        (void) fr_radius_sign(packet->data, NULL,

                              (uint8_t const *) my->cfg.verify.secret, my->cfg.verify.secret_len);


        /*

         *      Signal that the packet has been retried.

         */

        if (my->cfg.packet_cb_cfg.retry) my->cfg.packet_cb_cfg.retry(&my->common, id_ctx->packet);


        /*

         *      Note do do NOT ball fr_bio_write(), because that will treat the packet as a new one!

         */

        return fr_bio_retry_rewrite(bio, retry_ctx, packet->data, packet->data_len);

}


static void radius_client_retry_sent(fr_bio_t *bio, void *packet_ctx, const void *buffer, size_t size,

                                     fr_bio_retry_entry_t *retry_ctx)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio->uctx, fr_radius_client_fd_bio_t);

        fr_radius_id_ctx_t *id_ctx;

        uint8_t const *data = buffer;

        uint8_t const *end;

        fr_radius_client_bio_retry_t *acct;


        id_ctx = fr_radius_code_id_find(my->codes, data[0], data[1]);

        fr_assert(id_ctx != NULL);


        id_ctx->packet = packet_ctx;

        id_ctx->retry_ctx = retry_ctx;


        retry_ctx->uctx = id_ctx;


        (void) fr_bio_retry_entry_init(bio, retry_ctx, &my->cfg.retry[data[0]]);


        my->info.outstanding++;

        my->info.last_sent = retry_ctx->retry.start;

        if (fr_time_lteq(my->info.first_sent, my->info.last_idle)) my->info.first_sent = my->info.last_sent;


        /*

         *      For Accounting-Request packets which have Acct-Delay-Time, we need to track where the

         *      Acct-Delay-Time is in the packet, along with its original value, and then we can use the

         *      #fr_retry_t to discover how many seconds to add to Acct-Delay-Time.

         */

        retry_ctx->rewrite = NULL;


        if ((data[0] != FR_RADIUS_CODE_ACCOUNTING_REQUEST) || (my->cfg.retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrc == 1)) return;


        end = data + size;

        data += RADIUS_HEADER_LENGTH;


        /*

         *      Find the Acct-Delay-Time attribute.  If it doesn't exist, we don't update it on retransmits.

         *

         *      @todo - maybe if it doesn't exist, we look for Event-Timestamp?  And add one if necessary?

         */

        while (data < end) {

                if (data[0] == FR_ACCT_DELAY_TIME) break;


                data += data[1];

        }


        if ((data == end) || (data[1] != 6)) return;


        acct = retry_ctx->rewrite_ctx = talloc_zero(my, fr_radius_client_bio_retry_t);

        if (!acct) return;


        /*

         *      Set up the retry handler with initial data.

         */

        retry_ctx->rewrite = radius_client_rewrite_acct;


        data += 2;


        acct->initial = fr_nbo_to_uint32(data);

        acct->start = fr_time_to_sec(retry_ctx->retry.start);

        acct->offset = (size_t) (data - (uint8_t const *) buffer);

}


static bool radius_client_retry_response(fr_bio_t *bio, fr_bio_retry_entry_t **retry_ctx_p, void *packet_ctx, const void *buffer, UNUSED size_t size)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio->uctx, fr_radius_client_fd_bio_t);

        unsigned int code;

        uint8_t *data = UNCONST(uint8_t *, buffer); /* @todo - for verify() */

        fr_radius_id_ctx_t *id_ctx;

        fr_packet_t *response = packet_ctx;


        /*

         *      We now have a complete packet in our buffer.  Check if it is one we expect.

         */

        fr_assert(data[0] > 0);

        fr_assert(data[0] < FR_RADIUS_CODE_MAX);


        /*

         *      Is the code an allowed reply code?

         */

        code = allowed_replies[data[0]];

        if (!code) return false;


        /*

         *      It's a reply, but not a permitted reply to a particular request.

         *

         *      @todo - Status-Server.  And for protocol error, look up original packet code

         */

        id_ctx = fr_radius_code_id_find(my->codes, code, data[1]);

        if (!id_ctx) return false;


        /*

         *      No reply yet, verify the response packet, and save it for later.

         */

        if (!id_ctx->response) {

                fr_bio_retry_entry_t *retry;


                if (fr_radius_verify(data, id_ctx->packet->data + 4,

                                     my->cfg.verify.secret, my->cfg.verify.secret_len,

                                     my->cfg.verify.require_message_authenticator,

                                     my->cfg.verify.limit_proxy_state) < 0) {

                        return false;

                }


                retry = *retry_ctx_p = id_ctx->retry_ctx;


                if (fr_time_gt(retry->retry.start, my->info.mrs_time)) my->info.mrs_time = retry->retry.start;

                my->info.last_reply = fr_time(); /* @todo - cache this so read() doesn't call time? */


                *retry_ctx_p = id_ctx->retry_ctx;

                response->uctx = id_ctx->packet;

                return true;

        }


        /*

         *      The reply has the correct ID / Code, but it's not the

         *      same as our previous reply: ignore it.

         */

        if (memcmp(buffer, id_ctx->response->data, RADIUS_HEADER_LENGTH) != 0) return false;


        /*

         *      Tell the caller that it's a duplicate reply.

         */

        *retry_ctx_p = id_ctx->retry_ctx;

        my->info.last_reply = fr_time(); /* @todo - cache this so read() doesn't call time? */

        return false;

}


static void radius_client_retry_release(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, fr_bio_retry_release_reason_t reason)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio->uctx, fr_radius_client_fd_bio_t);

        fr_radius_id_ctx_t *id_ctx = retry_ctx->uctx;

        fr_packet_t *packet = id_ctx->packet;


        fr_assert(id_ctx->packet == retry_ctx->packet_ctx);


        fr_radius_code_id_push(my->codes, id_ctx->packet);


        /*

         *      Free any pending rewrite CTX.

         */

        TALLOC_FREE(retry_ctx->rewrite_ctx);


        /*

         *      We're no longer retrying this packet.

         *

         *      However, we leave id_ctx->request_ctx and id_ctx->packet around, because the other code still

         *      needs it.

         */

        id_ctx->request_ctx = NULL;

        id_ctx->retry_ctx = NULL;


        /*

         *      Tell the application that this packet did not see a reply/

         */

        if (my->cfg.packet_cb_cfg.release && (reason == FR_BIO_RETRY_NO_REPLY)) my->cfg.packet_cb_cfg.release(&my->common, packet);


        fr_assert(my->info.outstanding > 0);

        my->info.outstanding--;


        /*

         *      IO was blocked due to IDs.  We now have a free ID, so we resume the normal write process.

         */

        if (my->all_ids_used) {

                my->all_ids_used = false;


                /*

                 *      Tell the application to resume writing to the BIO.

                 */

                if (my->common.cb.write_resume) my->common.cb.write_resume(&my->common);


        } else if (!my->info.outstanding) {

                my->info.last_idle = fr_time();

        }

}


/** Cancel one packet.

 *

 *  The packet can have a reply, or not.  It doesn't matter.

 *

 *  This also frees any IDs associated with the packet.

 */


int fr_radius_client_fd_bio_cancel(fr_bio_packet_t *bio, fr_packet_t *packet)

{

        fr_radius_id_ctx_t *id_ctx;

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio, fr_radius_client_fd_bio_t);


        id_ctx = fr_radius_code_id_find(my->codes, packet->code, packet->id);


        if (!id_ctx || !id_ctx->retry_ctx) return 0;

        fr_assert(id_ctx->packet == packet);


        if (!my->retry) goto done;


        if (fr_bio_retry_entry_cancel(my->retry, id_ctx->retry_ctx) < 0) return -1;


done:

        id_ctx->retry_ctx = NULL;

        id_ctx->packet = NULL;


        return 0;

}


int fr_radius_client_fd_bio_read(fr_bio_packet_t *bio, void **pctx_p, fr_packet_t **packet_p,

                                 UNUSED TALLOC_CTX *out_ctx, fr_pair_list_t *out)

{

        ssize_t slen;

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio, fr_radius_client_fd_bio_t);

        fr_packet_t *reply, *original;


        /*

         *      We don't need to set up response.socket for connected bios.

         */

        fr_packet_t response = {};


        /*

         *      We read the response packet ctx into our local structure.  If we have a real response, we will

         *      swap to using the request context, and not the response context.

         */

        slen = fr_bio_read(my->common.bio, &response, &my->buffer, sizeof(my->buffer));

        if (!slen) return 0;


        if (slen < 0) {

                fr_assert(slen != fr_bio_error(IO_WOULD_BLOCK));

                return slen;

        }


        original = response.uctx;


        /*

         *      Allocate the new request data structure

         */

        reply = fr_packet_alloc(original, false);

        if (!reply) return -1;


        /*

         *      This is for connected sockets.

         */

        reply->socket = my->reply_socket;

        reply->timestamp = fr_time();


        reply->data = talloc_memdup(reply, my->buffer, slen);

        if (!reply->data) {

                talloc_free(reply);

                return -1;

        }

        reply->data_len = slen;


        reply->code = reply->data[0];

        reply->id = reply->data[1];

        memcpy(reply->vector, reply->data + 4, sizeof(reply->vector));


        /*

         *      If this fails, we're out of memory.

         */

        if (fr_radius_decode_simple(original, out, reply->data, reply->data_len,

                                    original->vector, (char const *) my->cfg.verify.secret) < 0) {

                talloc_free(reply);

                return -1;

        }


        *pctx_p = original->uctx;

        *packet_p = reply;


        return 1;

}


size_t fr_radius_client_bio_outstanding(fr_bio_packet_t *bio)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio, fr_radius_client_fd_bio_t);


        /*

         *      @todo - add API for ID allocation to track this.

         */

        if (!my->retry) return 0;


        return fr_bio_retry_outstanding(my->retry);

}


fr_radius_client_bio_info_t const *fr_radius_client_bio_info(fr_bio_packet_t *bio)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio, fr_radius_client_fd_bio_t);


        return &my->info;

}


int fr_radius_client_bio_force_id(fr_bio_packet_t *bio, int code, int id)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(bio, fr_radius_client_fd_bio_t);


        if (!code || (code >= FR_RADIUS_CODE_MAX)) {

                fr_strerror_const("Invalid packet code");

                return -1;

        }


        if ((id < 0) || (id > 256)) {

                fr_strerror_const("Invalid ID");

                return -1;

        }


        return fr_radius_code_id_force(my->codes, code, id);

}


/** We failed to connect in the given timeout, the connection is dead.

 *

 */


static void fr_radius_client_bio_connect_timer(NDEBUG_UNUSED fr_timer_list_t *tl, UNUSED fr_time_t now, void *uctx)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(uctx, fr_radius_client_fd_bio_t);


        fr_assert(!my->retry || (my->info.retry_info->el->tl == tl));


        if (my->common.cb.failed) my->common.cb.failed(&my->common);

}


void fr_radius_client_bio_connect(NDEBUG_UNUSED fr_event_list_t *el, NDEBUG_UNUSED int fd, UNUSED int flags, void *uctx)

{

        fr_radius_client_fd_bio_t *my = talloc_get_type_abort(uctx, fr_radius_client_fd_bio_t);


        fr_assert(my->common.cb.connected);

        fr_assert(!my->retry || (my->info.retry_info->el == el));

        fr_assert(my->info.fd_info->socket.fd == fd);


        /*

         *      The socket is already connected, tell the application.  This happens when the FD bio opens an

         *      unconnected socket.  It calls our connected routine before the application has a chance to

         *      call our connect routine.

         */

        if (my->info.connected) return;


        /*

         *      We don't pass the callbacks to fr_bio_fd_alloc(), so it can't call our connected routine.

         *      As a result, we have to check if the FD is open, and then call it ourselves.

         */

        if (my->info.fd_info->state == FR_BIO_FD_STATE_OPEN) {

                fr_bio_packet_connected(my->fd);

                return;

        }


        fr_assert(my->info.fd_info->type == FR_BIO_FD_CONNECTED);

        fr_assert(my->info.fd_info->state == FR_BIO_FD_STATE_CONNECTING);


        /*

         *      Try to connect it.  Any magic handling is done in the callbacks.

         */

        (void) fr_bio_fd_connect(my->fd);

}


buffer
static int const char char buffer[256]
Definition acutest.h:576

fr_bio_write
static ssize_t fr_bio_write(fr_bio_t *bio, void *packet_ctx, void const *buffer, size_t size)
Write raw data to a bio.
Definition base.h:172

fr_bio_read
static ssize_t fr_bio_read(fr_bio_t *bio, void *packet_ctx, void *buffer, size_t size)
Read raw data from a bio.
Definition base.h:149

fr_bio_s::uctx
void * uctx
user ctx, caller can manually set it.
Definition base.h:113

fr_bio_error
#define fr_bio_error(_x)
Definition base.h:192

fr_bio_s
Definition base.h:112

fr_bio_packet_cb_funcs_t::retry
fr_bio_packet_signal_t retry
Definition packet.h:82

fr_bio_packet_s
Definition packet.h:86

fr_bio_retry_entry_init
int fr_bio_retry_entry_init(UNUSED fr_bio_t *bio, fr_bio_retry_entry_t *item, fr_retry_config_t const *cfg)
Set a per-packet retry config.
Definition retry.c:1025

fr_bio_retry_alloc
fr_bio_t * fr_bio_retry_alloc(TALLOC_CTX *ctx, size_t max_saved, fr_bio_retry_sent_t sent, fr_bio_retry_response_t response, fr_bio_retry_rewrite_t rewrite, fr_bio_retry_release_t release, fr_bio_retry_config_t const *cfg, fr_bio_t *next)
Allocate a fr_bio_retry_t.
Definition retry.c:1087

fr_bio_retry_outstanding
size_t fr_bio_retry_outstanding(fr_bio_t *bio)
Definition retry.c:1165

fr_bio_retry_entry_cancel
int fr_bio_retry_entry_cancel(fr_bio_t *bio, fr_bio_retry_entry_t *item)
Cancel one item.
Definition retry.c:993

fr_bio_retry_rewrite
ssize_t fr_bio_retry_rewrite(fr_bio_t *bio, fr_bio_retry_entry_t *item, const void *buffer, size_t size)
Resend a packet.
Definition retry.c:554

fr_bio_retry_info
fr_bio_retry_info_t const * fr_bio_retry_info(fr_bio_t *bio)
Definition retry.c:1158

fr_bio_retry_entry_s::rewrite_ctx
void * rewrite_ctx
context specifically for rewriting this packet
Definition retry.c:68

fr_bio_retry_entry_s::retry
fr_retry_t retry
retry timers and counters
Definition retry.c:70

fr_bio_retry_release_reason_t
fr_bio_retry_release_reason_t
Definition retry.h:79

FR_BIO_RETRY_NO_REPLY
@ FR_BIO_RETRY_NO_REPLY
Definition retry.h:81

fr_bio_retry_rewrite_t
ssize_t(* fr_bio_retry_rewrite_t)(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, const void *buffer, size_t size)
Definition retry.h:66

fr_bio_retry_config_t::el
fr_event_list_t * el
event list
Definition retry.h:45

fr_bio_retry_entry_s::packet_ctx
void * packet_ctx
packet_ctx from the write() call
Definition retry.c:66

fr_bio_retry_entry_s::rewrite
fr_bio_retry_rewrite_t rewrite
per-packet rewrite callback
Definition retry.c:67

fr_bio_retry_entry_s::uctx
void * uctx
user-writable context
Definition retry.c:65

fr_bio_retry_entry_s
Definition retry.c:64

UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:167

RCSID
#define RCSID(id)
Definition build.h:485

NDEBUG_UNUSED
#define NDEBUG_UNUSED
Definition build.h:328

UNUSED
#define UNUSED
Definition build.h:317

fr_radius_client_fd_bio_t
Definition client_priv.h:34

fr_radius_client_tcp_bio_alloc
fr_bio_packet_t * fr_radius_client_tcp_bio_alloc(TALLOC_CTX *ctx, fr_radius_client_config_t *cfg, fr_bio_fd_config_t const *fd_cfg)
Allocate a RADIUS bio for writing client packets.
Definition client_tcp.c:50

fr_radius_client_udp_bio_alloc
fr_bio_packet_t * fr_radius_client_udp_bio_alloc(TALLOC_CTX *ctx, fr_radius_client_config_t *cfg, fr_bio_fd_config_t const *fd_cfg)
Allocate a RADIUS bio for writing client packets.
Definition client_udp.c:51

FR_DBUFF_TMP
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
Definition dbuff.h:514

fr_radius_packet_code_t
fr_radius_packet_code_t
RADIUS packet codes.
Definition defs.h:31

FR_RADIUS_CODE_ACCESS_CHALLENGE
@ FR_RADIUS_CODE_ACCESS_CHALLENGE
RFC2865 - Access-Challenge.
Definition defs.h:43

FR_RADIUS_CODE_ACCESS_REQUEST
@ FR_RADIUS_CODE_ACCESS_REQUEST
RFC2865 - Access-Request.
Definition defs.h:33

FR_RADIUS_CODE_DISCONNECT_REQUEST
@ FR_RADIUS_CODE_DISCONNECT_REQUEST
RFC3575/RFC5176 - Disconnect-Request.
Definition defs.h:46

FR_RADIUS_CODE_MAX
@ FR_RADIUS_CODE_MAX
Maximum possible protocol code.
Definition defs.h:53

FR_RADIUS_CODE_DISCONNECT_ACK
@ FR_RADIUS_CODE_DISCONNECT_ACK
RFC3575/RFC5176 - Disconnect-Ack (positive)
Definition defs.h:47

FR_RADIUS_CODE_STATUS_SERVER
@ FR_RADIUS_CODE_STATUS_SERVER
RFC2865/RFC5997 - Status Server (request)
Definition defs.h:44

FR_RADIUS_CODE_COA_REQUEST
@ FR_RADIUS_CODE_COA_REQUEST
RFC3575/RFC5176 - CoA-Request.
Definition defs.h:49

FR_RADIUS_CODE_ACCESS_ACCEPT
@ FR_RADIUS_CODE_ACCESS_ACCEPT
RFC2865 - Access-Accept.
Definition defs.h:34

FR_RADIUS_CODE_ACCOUNTING_RESPONSE
@ FR_RADIUS_CODE_ACCOUNTING_RESPONSE
RFC2866 - Accounting-Response.
Definition defs.h:37

FR_RADIUS_CODE_COA_NAK
@ FR_RADIUS_CODE_COA_NAK
RFC3575/RFC5176 - CoA-Nak (not willing to perform)
Definition defs.h:51

FR_RADIUS_CODE_COA_ACK
@ FR_RADIUS_CODE_COA_ACK
RFC3575/RFC5176 - CoA-Ack (positive)
Definition defs.h:50

FR_RADIUS_CODE_DISCONNECT_NAK
@ FR_RADIUS_CODE_DISCONNECT_NAK
RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
Definition defs.h:48

FR_RADIUS_CODE_PROTOCOL_ERROR
@ FR_RADIUS_CODE_PROTOCOL_ERROR
RFC7930 - Protocol-Error (generic NAK)
Definition defs.h:52

FR_RADIUS_CODE_ACCOUNTING_REQUEST
@ FR_RADIUS_CODE_ACCOUNTING_REQUEST
RFC2866 - Accounting-Request.
Definition defs.h:36

FR_RADIUS_CODE_ACCESS_REJECT
@ FR_RADIUS_CODE_ACCESS_REJECT
RFC2865 - Access-Reject.
Definition defs.h:35

fr_bio_fd_alloc
fr_bio_t * fr_bio_fd_alloc(TALLOC_CTX *ctx, fr_bio_fd_config_t const *cfg, size_t offset)
Allocate a FD bio.
Definition fd.c:1026

fr_bio_fd_info
fr_bio_fd_info_t const * fr_bio_fd_info(fr_bio_t *bio)
Returns a pointer to the bio-specific information.
Definition fd.c:1343

FR_BIO_FD_CONNECTED
@ FR_BIO_FD_CONNECTED
connected client sockets (UDP or TCP)
Definition fd.h:68

FR_BIO_FD_STATE_CONNECTING
@ FR_BIO_FD_STATE_CONNECTING
Definition fd.h:60

FR_BIO_FD_STATE_OPEN
@ FR_BIO_FD_STATE_OPEN
error states must be before this
Definition fd.h:59

fr_bio_fd_config_t::type
fr_bio_fd_type_t type
accept, connected, unconnected, etc.
Definition fd.h:82

fr_bio_fd_config_t::path
char const  * path
for Unix domain sockets
Definition fd.h:103

fr_bio_fd_config_t::filename
char const  * filename
for files
Definition fd.h:109

fr_bio_fd_connect
#define fr_bio_fd_connect(_x)
Definition fd.h:154

fr_bio_fd_config_t::socket_type
int socket_type
SOCK_STREAM or SOCK_DGRAM.
Definition fd.h:84

fr_bio_fd_config_t
Configuration for sockets.
Definition fd.h:81

my
fr_bio_shutdown & my
Definition fd_errno.h:69

fr_bio_free
int fr_bio_free(fr_bio_t *bio)
Free this bio, and everything it calls.
Definition base.c:105

fr_bio_shutdown
int fr_bio_shutdown(fr_bio_t *bio)
Shut down a set of BIOs.
Definition base.c:141

fr_bio_mem_alloc
fr_bio_t * fr_bio_mem_alloc(TALLOC_CTX *ctx, size_t read_size, size_t write_size, fr_bio_t *next)
Allocate a memory buffer bio.
Definition mem.c:727

fr_bio_packet_init
void fr_bio_packet_init(fr_bio_packet_t *my)
Definition packet.c:177

fr_bio_packet_connected
void fr_bio_packet_connected(fr_bio_t *bio)
Called when a particular BIO is connected.
Definition packet.c:116

talloc_free
talloc_free(reap)

fr_event_list_s
Stores all information relating to an event list.
Definition event.c:377

fr_packet_alloc
fr_packet_t * fr_packet_alloc(TALLOC_CTX *ctx, bool new_vector)
Allocate a new fr_packet_t.
Definition packet.c:38

uint32_t
unsigned int uint32_t
Definition merged_model.c:33

ssize_t
long int ssize_t
Definition merged_model.c:24

uint8_t
unsigned char uint8_t
Definition merged_model.c:30

size_t
unsigned long int size_t
Definition merged_model.c:25

fr_nbo_to_uint32
static uint32_t fr_nbo_to_uint32(uint8_t const data[static sizeof(uint32_t)])
Read an unsigned 32bit integer from wire format (big endian)
Definition nbo.h:167

fr_nbo_from_uint32
static void fr_nbo_from_uint32(uint8_t out[static sizeof(uint32_t)], uint32_t num)
Write out an unsigned 32bit integer in wire format (big endian)
Definition nbo.h:61

RADIUS_HEADER_LENGTH
#define RADIUS_HEADER_LENGTH
Definition net.h:80

RADIUS_AUTH_VECTOR_LENGTH
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89

fr_radius_sign
int fr_radius_sign(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len)
Sign a previously encoded packet.
Definition base.c:358

fr_radius_verify
int fr_radius_verify(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len, bool require_message_authenticator, bool limit_proxy_state)
Verify a request / response packet.
Definition base.c:776

fr_radius_decode_simple
ssize_t fr_radius_decode_simple(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t *packet, size_t packet_len, uint8_t const *vector, char const *secret)
Simple wrapper for callers who just need a shared secret.
Definition base.c:1190

fr_radius_encode
ssize_t fr_radius_encode(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_radius_encode_ctx_t *packet_ctx)
Definition base.c:951

fr_radius_packet_name
char const  * fr_radius_packet_name[FR_RADIUS_CODE_MAX]
Definition base.c:112

fr_radius_client_config_t::el
fr_event_list_t * el
Definition client.h:35

fr_radius_client_config_t::retry_cfg
fr_bio_retry_config_t retry_cfg
Definition client.h:40

fr_radius_client_config_t::packet_cb_cfg
fr_bio_packet_cb_funcs_t packet_cb_cfg
Definition client.h:42

fr_radius_client_config_t::outgoing
bool outgoing[FR_RADIUS_CODE_MAX]
allowed outgoing packet types
Definition client.h:49

fr_radius_client_config_t::connection_timeout
fr_time_delta_t connection_timeout
Definition client.h:44

fr_radius_client_bio_info_t
Definition client.h:54

fr_radius_client_config_t
Definition client.h:34

fr_radius_id_alloc
fr_radius_id_t * fr_radius_id_alloc(TALLOC_CTX *ctx)
Allocate a tracking structure for one packet code.
Definition id.c:45

fr_radius_code_id_push
static void fr_radius_code_id_push(fr_radius_code_id_t codes, fr_packet_t const *packet)
Definition id.h:74

fr_radius_id_ctx_t::retry_ctx
void * retry_ctx
to find the retry information
Definition id.h:38

fr_radius_id_ctx_t::request_ctx
void * request_ctx
for the application to track
Definition id.h:35

fr_radius_id_ctx_t::packet
fr_packet_t * packet
outgoing packet
Definition id.h:36

fr_radius_id_ctx_t::response
fr_packet_t * response
response to outgoing packet
Definition id.h:37

fr_radius_code_id_pop
static fr_radius_id_ctx_t * fr_radius_code_id_pop(fr_radius_code_id_t codes, fr_packet_t *packet)
Definition id.h:64

fr_radius_code_id_find
static fr_radius_id_ctx_t * fr_radius_code_id_find(fr_radius_code_id_t codes, int code, int id)
Definition id.h:84

fr_radius_code_id_force
static int fr_radius_code_id_force(fr_radius_code_id_t codes, int code, int id)
Definition id.h:94

fr_radius_id_ctx_t
Definition id.h:34

fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38

done
static bool done
Definition radclient.c:81

fr_radius_ctx_t
Definition radius.h:94

fr_radius_encode_ctx_t
Definition radius.h:103

_radius_client_fd_bio_free
static int _radius_client_fd_bio_free(fr_radius_client_fd_bio_t *my)
Definition client.c:64

radius_client_retry_release
static void radius_client_retry_release(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, UNUSED fr_bio_retry_release_reason_t reason)

radius_client_retry
static ssize_t radius_client_retry(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, UNUSED const void *buffer, NDEBUG_UNUSED size_t size)
Definition client.c:313

radius_client_retry_response
static bool radius_client_retry_response(fr_bio_t *bio, fr_bio_retry_entry_t **retry_ctx_p, UNUSED void *packet_ctx, const void *buffer, UNUSED size_t size)

radius_client_retry_sent
static void radius_client_retry_sent(fr_bio_t *bio, void *packet_ctx, const void *buffer, UNUSED size_t size, fr_bio_retry_entry_t *retry_ctx)

fr_radius_client_bio_connect
void fr_radius_client_bio_connect(NDEBUG_UNUSED fr_event_list_t *el, NDEBUG_UNUSED int fd, UNUSED int flags, void *uctx)
Definition client.c:702

radius_client_rewrite_acct
static ssize_t radius_client_rewrite_acct(fr_bio_t *bio, fr_bio_retry_entry_t *retry_ctx, UNUSED const void *buffer, NDEBUG_UNUSED size_t size)
Definition client.c:332

allowed_replies
static const fr_radius_packet_code_t allowed_replies[FR_RADIUS_CODE_MAX]
Definition client.c:297

fr_radius_client_fd_bio_cancel
int fr_radius_client_fd_bio_cancel(fr_bio_packet_t *bio, fr_packet_t *packet)
Cancel one packet.
Definition client.c:567

fr_radius_client_bio_retry_t::offset
size_t offset
offset to Acct-Delay-Time value
Definition client.c:39

fr_radius_client_bio_alloc
fr_bio_packet_t * fr_radius_client_bio_alloc(TALLOC_CTX *ctx, fr_radius_client_config_t *cfg, fr_bio_fd_config_t const *fd_cfg)
Definition client.c:50

fr_radius_client_bio_connect_timer
static void fr_radius_client_bio_connect_timer(fr_timer_list_t *tl, fr_time_t now, void *uctx)

fr_radius_client_bio_force_id
int fr_radius_client_bio_force_id(fr_bio_packet_t *bio, int code, int id)
Definition client.c:672

fr_radius_client_bio_retry_t::initial
uint32_t initial
initial value
Definition client.c:36

fr_radius_client_fd_bio_read
int fr_radius_client_fd_bio_read(fr_bio_packet_t *bio, void **pctx_p, fr_packet_t **packet_p, UNUSED TALLOC_CTX *out_ctx, fr_pair_list_t *out)
Definition client.c:588

fr_radius_client_bio_outstanding
size_t fr_radius_client_bio_outstanding(fr_bio_packet_t *bio)
Definition client.c:652

fr_radius_client_bio_info
fr_radius_client_bio_info_t const * fr_radius_client_bio_info(fr_bio_packet_t *bio)
Definition client.c:664

fr_radius_client_bio_retry_t::start
uint32_t start
Unix time we started sending this packet.
Definition client.c:37

fr_radius_client_fd_bio_write
int fr_radius_client_fd_bio_write(fr_radius_client_fd_bio_t *my, void *pctx, fr_packet_t *packet, fr_pair_list_t *list)
Definition client.c:188

fr_radius_client_fd_bio_alloc
fr_radius_client_fd_bio_t * fr_radius_client_fd_bio_alloc(TALLOC_CTX *ctx, size_t read_size, fr_radius_client_config_t *cfg, fr_bio_fd_config_t const *fd_cfg)
Definition client.c:74

fr_radius_client_bio_retry_t
Definition client.c:35

fr_time
#define fr_time()
Allow us to arbitrarily manipulate time.
Definition state_test.c:8

pair_list_s
Definition pair.h:52

fr_time_to_sec
static int64_t fr_time_to_sec(fr_time_t when)
Convert an fr_time_t (internal time) to number of sec since the unix epoch (wallclock time)
Definition time.h:731

fr_time_lteq
#define fr_time_lteq(_a, _b)
Definition time.h:240

fr_time_delta_ispos
#define fr_time_delta_ispos(_a)
Definition time.h:290

fr_time_gt
#define fr_time_gt(_a, _b)
Definition time.h:237

fr_time_s
"server local" time.
Definition time.h:69

fr_timer_list_s
An event timer list.
Definition timer.c:49

fr_timer_in
#define fr_timer_in(...)
Definition timer.h:86

el
static fr_event_list_t * el
Definition unit_test_attribute.c:279

fr_packet_t::uctx
void * uctx
Definition packet.h:79

fr_packet_t::code
unsigned int code
Packet code (type).
Definition packet.h:61

fr_packet_t::socket
fr_socket_t socket
This packet was received on.
Definition packet.h:57

fr_packet_t::id
int id
Packet ID (used to link requests/responses).
Definition packet.h:60

fr_packet_t::data
uint8_t * data
Packet data (body).
Definition packet.h:63

fr_packet_t::data_len
size_t data_len
Length of packet data.
Definition packet.h:64

fr_packet_t::vector
uint8_t vector[RADIUS_AUTH_VECTOR_LENGTH]
RADIUS authentication vector.
Definition packet.h:69

fr_packet_t::timestamp
fr_time_t timestamp
When we received the packet.
Definition packet.h:58

fr_packet_t
Definition packet.h:56

fr_retry_t::start
fr_time_t start
when we started the retransmission
Definition retry.h:53

fr_retry_t::updated
fr_time_t updated
last update, really a cached "now".
Definition retry.h:56

fr_socket_addr_swap
static void fr_socket_addr_swap(fr_socket_t *dst, fr_socket_t const *src)
Swap src/dst information of a fr_socket_t.
Definition socket.h:121

fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64

fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223

data
static fr_slen_t data
Definition value.h:1274

out
static size_t char ** out
Definition value.h:1012