1: /*
2: *
3: * Radius client functions.
4: * Copyright (C) 2003, 2004, 2005 Mondru AB.
5: * Copyright (c) 2006-2008 David Bird <david@coova.com>
6: *
7: * The contents of this file may be used under the terms of the GNU
8: * General Public License Version 2, provided that the above copyright
9: * notice and this permission notice is included in all copies or
10: * substantial portions of the software.
11: *
12: */
13:
14: #include "system.h"
15: #include "syserr.h"
16: #include "radius.h"
17: #include "md5.h"
18: #include "dhcp.h"
19: #include "redir.h"
20: #include "chilli.h"
21: #include "options.h"
22: #include "radius_wispr.h"
23: #include "radius_chillispot.h"
24:
25:
26: void radius_addnasip(struct radius_t *radius, struct radius_packet_t *pack) {
27: struct in_addr inaddr;
28: struct in_addr *paddr = 0;
29:
30: if (options.nasip && *options.nasip)
31: if (inet_aton(options.nasip, &inaddr))
32: paddr = &inaddr;
33:
34: if (!paddr && options.radiuslisten.s_addr != 0)
35: paddr = &options.radiuslisten;
36:
37: if (!paddr)
38: paddr = &options.uamlisten;
39:
40: radius_addattr(radius, pack, RADIUS_ATTR_NAS_IP_ADDRESS, 0, 0, ntohl(paddr->s_addr), NULL, 0);
41: }
42:
43: void radius_addcalledstation(struct radius_t *radius, struct radius_packet_t *pack) {
44: uint8_t b[24];
45: uint8_t *mac= (uint8_t*)"";
46:
47: if (options.nasmac)
48: mac = (uint8_t *)options.nasmac;
49: else
50: sprintf((char*)(mac=b), "%.2X-%.2X-%.2X-%.2X-%.2X-%.2X",
51: radius->nas_hwaddr[0],radius->nas_hwaddr[1],radius->nas_hwaddr[2],
52: radius->nas_hwaddr[3],radius->nas_hwaddr[4],radius->nas_hwaddr[5]);
53:
54: radius_addattr(radius, pack, RADIUS_ATTR_CALLED_STATION_ID, 0, 0, 0, mac, strlen((char*)mac));
55: }
56:
57: int radius_printqueue(struct radius_t *this) {
58: int n;
59: printf("next %d, first %d, last %d\n",
60: this->next, this->first, this ->last);
61:
62: for(n=0; n<256; n++) {
63: if (this->queue[n].state) {
64: printf("%3d %3d %3d %3d %8d %8d %d\n",
65: n, this->queue[n].state,
66: this->queue[n].next,
67: this->queue[n].prev,
68: (int) this->queue[n].timeout.tv_sec,
69: (int) this->queue[n].timeout.tv_usec,
70: (int) this->queue[n].retrans);
71: }
72: }
73:
74: return 0;
75: }
76:
77: /*
78: * radius_hmac_md5()
79: * Calculate HMAC MD5 on a radius packet.
80: */
81: int radius_hmac_md5(struct radius_t *this, struct radius_packet_t *pack,
82: char *secret, int secretlen, uint8_t *dst) {
83: unsigned char digest[RADIUS_MD5LEN];
84: size_t length;
85:
86: MD5_CTX context;
87:
88: uint8_t *key;
89: size_t key_len;
90:
91: unsigned char k_ipad[65];
92: unsigned char k_opad[65];
93: unsigned char tk[RADIUS_MD5LEN];
94: int i;
95:
96: if (secretlen > 64) { /* TODO: If Microsoft truncate to 64 instead */
97: MD5Init(&context);
98: MD5Update(&context, (uint8_t*)secret, secretlen);
99: MD5Final(tk, &context);
100: key = tk;
101: key_len = 16;
102: }
103: else {
104: key = (uint8_t*)secret;
105: key_len = secretlen;
106: }
107:
108: length = ntohs(pack->length);
109:
110: memset(k_ipad, 0x36, sizeof k_ipad);
111: memset(k_opad, 0x5c, sizeof k_opad);
112:
113: for (i=0; i<key_len; i++) {
114: k_ipad[i] ^= key[i];
115: k_opad[i] ^= key[i];
116: }
117:
118: /* Perform inner MD5 */
119: MD5Init(&context);
120: MD5Update(&context, k_ipad, 64);
121: MD5Update(&context, (uint8_t*) pack, length);
122: MD5Final(digest, &context);
123:
124: /* Perform outer MD5 */
125: MD5Init(&context);
126: MD5Update(&context, k_opad, 64);
127: MD5Update(&context, digest, 16);
128: MD5Final(digest, &context);
129:
130: memcpy(dst, digest, RADIUS_MD5LEN);
131:
132: return 0;
133: }
134:
135: /*
136: * radius_acctreq_authenticator()
137: * Update a packet with an accounting request authenticator
138: */
139: int radius_acctreq_authenticator(struct radius_t *this,
140: struct radius_packet_t *pack) {
141:
142: /* From RFC 2866: Authenticator is the MD5 hash of:
143: Code + Identifier + Length + 16 zero octets + request attributes +
144: shared secret */
145:
146: MD5_CTX context;
147:
148: memset(pack->authenticator, 0, RADIUS_AUTHLEN);
149:
150: /* Get MD5 hash on secret + authenticator */
151: MD5Init(&context);
152: MD5Update(&context, (void*) pack, ntohs(pack->length));
153: MD5Update(&context, (uint8_t*) this->secret, this->secretlen);
154: MD5Final(pack->authenticator, &context);
155:
156: return 0;
157: }
158:
159:
160: /*
161: * radius_authresp_authenticator()
162: * Update a packet with an authentication response authenticator
163: */
164: int radius_authresp_authenticator(struct radius_t *this,
165: struct radius_packet_t *pack,
166: uint8_t *req_auth,
167: char *secret, size_t secretlen) {
168:
169: /* From RFC 2865: Authenticator is the MD5 hash of:
170: Code + Identifier + Length + request authenticator + request attributes +
171: shared secret */
172:
173: MD5_CTX context;
174:
175: memcpy(pack->authenticator, req_auth, RADIUS_AUTHLEN);
176:
177: /* Get MD5 hash on secret + authenticator */
178: MD5Init(&context);
179: MD5Update(&context, (void*) pack, ntohs(pack->length));
180: MD5Update(&context, (uint8_t*) secret, secretlen);
181: MD5Final(pack->authenticator, &context);
182:
183: return 0;
184: }
185:
186:
187: /*
188: * radius_queue_in()
189: * Place data in queue for later retransmission.
190: */
191: int radius_queue_in(struct radius_t *this, struct radius_packet_t *pack,
192: void *cbp) {
193: struct timeval *tv;
194: struct radius_attr_t *ma = NULL; /* Message authenticator */
195:
196: if (this->debug) {
197: log_dbg("radius_queue_in");
198: radius_printqueue(this);
199: }
200:
201: if (this->queue[this->next].state == 1) {
202: log_err(0, "radius queue is full!");
203: /* Queue is not really full. It only means that the next space
204: in queue is not available, but there might be space elsewhere */
205: return -1;
206: }
207:
208: pack->id = this->next;
209:
210: /* If packet contains message authenticator: Calculate it! */
211: if (!radius_getattr(pack, &ma, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, 0,0,0)) {
212: radius_hmac_md5(this, pack, this->secret, this->secretlen, ma->v.t);
213: }
214:
215: /* If accounting request: Calculate authenticator */
216: if (pack->code == RADIUS_CODE_ACCOUNTING_REQUEST)
217: radius_acctreq_authenticator(this, pack);
218:
219: memcpy(&this->queue[this->next].p, pack, RADIUS_PACKSIZE);
220: this->queue[this->next].state = 1;
221: this->queue[this->next].cbp = cbp;
222: this->queue[this->next].retrans = 0;
223:
224: tv = &this->queue[this->next].timeout;
225: gettimeofday(tv, NULL);
226:
227: tv->tv_sec += options.radiustimeout;
228:
229: this->queue[this->next].lastsent = this->lastreply;
230:
231: /* Insert in linked list for handling timeouts */
232: this->queue[this->next].next = -1; /* Last in queue */
233: this->queue[this->next].prev = this->last; /* Link to previous */
234:
235: if (this->last != -1)
236: this->queue[this->last].next=this->next; /* Link previous to us */
237: this->last = this->next; /* End of queue */
238:
239: if (this->first == -1)
240: this->first = this->next; /* First and last */
241:
242: this->next++; /* next = next % RADIUS_QUEUESIZE */
243:
244: if (this->debug) {
245: printf("radius_queue_out end\n");
246: radius_printqueue(this);
247: }
248:
249: return 0;
250: }
251:
252:
253: /*
254: * radius_queue_in()
255: * Remove data from queue.
256: */
257: int radius_queue_out(struct radius_t *this, struct radius_packet_t *pack,
258: int id, void **cbp) {
259:
260: if (this->debug) if (this->debug) printf("radius_queue_out\n");
261:
262: if (this->queue[id].state != 1) {
263: log_err(0, "No such id in radius queue: %d!", id);
264: return -1;
265: }
266:
267: if (this->debug) {
268: log_dbg("radius_queue_out");
269: radius_printqueue(this);
270: }
271:
272: memcpy(pack, &this->queue[id].p, RADIUS_PACKSIZE);
273: *cbp = this->queue[id].cbp;
274:
275: this->queue[id].state = 0;
276:
277: /* Remove from linked list */
278: if (this->queue[id].next == -1) /* Are we the last in queue? */
279: this->last = this->queue[id].prev;
280: else
281: this->queue[this->queue[id].next].prev = this->queue[id].prev;
282:
283: if (this->queue[id].prev == -1) /* Are we the first in queue? */
284: this->first = this->queue[id].next;
285: else
286: this->queue[this->queue[id].prev].next = this->queue[id].next;
287:
288: if (this->debug) {
289: log_dbg("radius_queue_out end");
290: radius_printqueue(this);
291: }
292:
293: return 0;
294: }
295:
296: /*
297: * radius_queue_reschedule()
298: * Recalculate the timeout value of a packet in the queue.
299: */
300: int radius_queue_reschedule(struct radius_t *this, int id) {
301: struct timeval *tv;
302:
303: /* sanity check */
304: if (id < 0 || id >= RADIUS_QUEUESIZE) {
305: log_err(0, "bad id (%d)", id);
306: return -1;
307: }
308:
309: if (this->debug)
310: log_dbg("radius_queue_reschedule");
311:
312: if (this->queue[id].state != 1) {
313: log_err(0, "No such id in radius queue: %d!", id);
314: return -1;
315: }
316:
317: if (this->debug) {
318: log_dbg("radius_reschedule");
319: radius_printqueue(this);
320: }
321:
322: this->queue[id].retrans++;
323:
324: tv = &this->queue[id].timeout;
325: gettimeofday(tv, NULL);
326:
327: tv->tv_sec += options.radiustimeout;
328:
329: /* Remove from linked list */
330: if (this->queue[id].next == -1) /* Are we the last in queue? */
331: this->last = this->queue[id].prev;
332: else
333: this->queue[this->queue[id].next].prev = this->queue[id].prev;
334:
335: if (this->queue[id].prev == -1) /* Are we the first in queue? */
336: this->first = this->queue[id].next;
337: else
338: this->queue[this->queue[id].prev].next = this->queue[id].next;
339:
340: /* Insert in linked list for handling timeouts */
341: this->queue[id].next = -1; /* Last in queue */
342: this->queue[id].prev = this->last; /* Link to previous (could be -1) */
343:
344: if (this->last != -1)
345: this->queue[this->last].next=id; /* If not empty: link previous to us */
346:
347: this->last = id; /* End of queue */
348:
349: if (this->first == -1)
350: this->first = id; /* First and last */
351:
352: if (this->debug) {
353: radius_printqueue(this);
354: }
355:
356: return 0;
357: }
358:
359:
360: /*
361: * radius_cmptv()
362: * Returns an integer less than, equal to or greater than zero if tv1
363: * is found, respectively, to be less than, to match or be greater than tv2.
364: */
365: int
366: radius_cmptv(struct timeval *tv1, struct timeval *tv2)
367: {
368: struct timeval diff;
369:
370: if (0) {
371: printf("tv1 %8d %8d tv2 %8d %8d\n",
372: (int) tv1->tv_sec, (int) tv1->tv_usec,
373: (int) tv2->tv_sec, (int) tv2->tv_usec);
374: }
375:
376: /* First take the difference with |usec| < 1000000 */
377: diff.tv_sec = (tv1->tv_usec - tv2->tv_usec) / 1000000 +
378: (tv1->tv_sec - tv2->tv_sec);
379: diff.tv_usec = (tv1->tv_usec - tv2->tv_usec) % 1000000;
380:
381: if (0) {
382: printf("tv1 %8d %8d tv2 %8d %8d diff %8d %8d\n",
383: (int) tv1->tv_sec, (int) tv1->tv_usec,
384: (int) tv2->tv_sec, (int) tv2->tv_usec,
385: (int) diff.tv_sec, (int) diff.tv_usec);
386: }
387:
388: /* If sec and usec have different polarity add or subtract 1 second */
389: if ((diff.tv_sec > 0) & (diff.tv_usec < 0)) {
390: diff.tv_sec--;
391: diff.tv_usec += 1000000;
392: }
393: if ((diff.tv_sec < 0) & (diff.tv_usec > 0)) {
394: diff.tv_sec++;
395: diff.tv_usec -= 1000000;
396: }
397: if (0) {
398: printf("tv1 %8d %8d tv2 %8d %8d diff %8d %8d\n",
399: (int) tv1->tv_sec, (int) tv1->tv_usec,
400: (int) tv2->tv_sec, (int) tv2->tv_usec,
401: (int) diff.tv_sec, (int) diff.tv_usec);
402: }
403:
404: if (diff.tv_sec < 0) {if (0) printf("-1\n"); return -1; }
405: if (diff.tv_sec > 0) {if (0) printf("1\n"); return 1; }
406:
407: if (diff.tv_usec < 0) {if (0) printf("-1\n"); return -1;}
408: if (diff.tv_usec > 0) {if (0) printf("1\n"); return 1;}
409: if (0) printf("0 \n");
410: return 0;
411:
412: }
413:
414:
415: /*
416: * radius_timeleft()
417: * Determines how nuch time is left until we need to call
418: * radius_timeout().
419: * Only modifies timeout if new value is lower than current value.
420: */
421: int
422: radius_timeleft(struct radius_t *this, struct timeval *timeout)
423: {
424: struct timeval now, later, diff;
425:
426: if (this->first == -1) /* Queue is empty */
427: return 0;
428:
429: gettimeofday(&now, NULL);
430: later.tv_sec = this->queue[this->first].timeout.tv_sec;
431: later.tv_usec = this->queue[this->first].timeout.tv_usec;
432:
433: /* First take the difference with |usec| < 1000000 */
434: diff.tv_sec = (later.tv_usec - now.tv_usec) / 1000000 +
435: (later.tv_sec - now.tv_sec);
436: diff.tv_usec = (later.tv_usec - now.tv_usec) % 1000000;
437:
438: /* If sec and usec have different polarity add or subtract 1 second */
439: if ((diff.tv_sec > 0) & (diff.tv_usec < 0)) {
440: diff.tv_sec--;
441: diff.tv_usec += 1000000;
442: }
443: if ((diff.tv_sec < 0) & (diff.tv_usec > 0)) {
444: diff.tv_sec++;
445: diff.tv_usec -= 1000000;
446: }
447:
448: /* If negative set to zero */
449: if ((diff.tv_sec < 0) || (diff.tv_usec < 0)) {
450: diff.tv_sec = 0;
451: diff.tv_usec = 0;
452: }
453:
454: /* If original was smaller do nothing */
455: if (radius_cmptv(timeout, &diff) <=0)
456: return 0;
457:
458: timeout->tv_sec = diff.tv_sec;
459: timeout->tv_usec = diff.tv_usec;
460: return 0;
461: }
462:
463: /*
464: * radius_timeout()
465: * Retransmit any outstanding packets. This function should be called at
466: * regular intervals. Use radius_timeleft() to determine how much time is
467: * left before this function should be called.
468: */
469: int radius_timeout(struct radius_t *this) {
470: /* Retransmit any outstanding packets */
471: /* Remove from queue if maxretrans exceeded */
472: struct timeval now;
473: struct sockaddr_in addr;
474: struct radius_packet_t pack_req;
475: void *cbp;
476:
477: gettimeofday(&now, NULL);
478:
479: #if(1)
480: if (this->debug) {
481: log_dbg("radius_timeout %8d %8d", (int)now.tv_sec, (int)now.tv_usec);
482: radius_printqueue(this);
483: }
484: #endif
485:
486: while (this->first != -1 &&
487: radius_cmptv(&now, &this->queue[this->first].timeout) >= 0) {
488:
489: if (this->queue[this->first].retrans < options.radiusretry) {
490: memset(&addr, 0, sizeof(addr));
491: addr.sin_family = AF_INET;
492:
493: if (this->queue[this->first].retrans == (options.radiusretrysec-1)) {
494: /* Use the other server for next retransmission */
495: if (this->queue[this->first].lastsent) {
496: addr.sin_addr = this->hisaddr0;
497: this->queue[this->first].lastsent = 0;
498: }
499: else {
500: addr.sin_addr = this->hisaddr1;
501: this->queue[this->first].lastsent = 1;
502: }
503: }
504: else {
505: /* Use the same server for next retransmission */
506: if (this->queue[this->first].lastsent) {
507: addr.sin_addr = this->hisaddr1;
508: }
509: else {
510: addr.sin_addr = this->hisaddr0;
511: }
512: }
513:
514: /* Use the correct port for accounting and authentication */
515: if (this->queue[this->first].p.code == RADIUS_CODE_ACCOUNTING_REQUEST)
516: addr.sin_port = htons(this->acctport);
517: else
518: addr.sin_port = htons(this->authport);
519:
520:
521: if (sendto(this->fd, &this->queue[this->first].p,
522: ntohs(this->queue[this->first].p.length), 0,
523: (struct sockaddr *) &addr, sizeof(addr)) < 0) {
524: log_err(errno, "sendto() failed!");
525: radius_queue_reschedule(this, this->first);
526: return -1;
527: }
528:
529: radius_queue_reschedule(this, this->first);
530: }
531: else { /* Finished retrans */
532: if (radius_queue_out(this, &pack_req, this->first, &cbp)) {
533: log_warn(0, "Matching request was not found in queue: %d!", this->first);
534: return -1;
535: }
536:
537: if ((pack_req.code == RADIUS_CODE_ACCOUNTING_REQUEST) &&
538: (this->cb_acct_conf))
539: return this->cb_acct_conf(this, NULL, &pack_req, cbp);
540:
541: if ((pack_req.code == RADIUS_CODE_ACCESS_REQUEST) &&
542: (this->cb_auth_conf))
543: return this->cb_auth_conf(this, NULL, &pack_req, cbp);
544: }
545: }
546:
547: if (this->debug) {
548: printf("radius_timeout\n");
549: if (this->first > 0) {
550: printf("first %d, timeout %8d %8d\n", this->first,
551: (int) this->queue[this->first].timeout.tv_sec,
552: (int) this->queue[this->first].timeout.tv_usec);
553: }
554: radius_printqueue(this);
555: }
556:
557: return 0;
558: }
559:
560:
561:
562: /*
563: * radius_addattr()
564: * Add an attribute to a packet. The packet length is modified
565: * accordingly.
566: * If data==NULL and dlen!=0 insert null attribute.
567: */
568: int
569: radius_addattr(struct radius_t *this, struct radius_packet_t *pack,
570: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
571: uint32_t value, uint8_t *data, uint16_t dlen) {
572: struct radius_attr_t *a;
573: char passwd[RADIUS_PWSIZE];
574: uint16_t length = ntohs(pack->length);
575: uint16_t vlen;
576: size_t pwlen;
577:
578: a = (struct radius_attr_t *)((uint8_t*)pack + length);
579:
580: if (type == RADIUS_ATTR_USER_PASSWORD) {
581: radius_pwencode(this,
582: (uint8_t*) passwd, RADIUS_PWSIZE,
583: &pwlen,
584: data, dlen,
585: pack->authenticator,
586: this->secret, this->secretlen);
587: data = (uint8_t *)passwd;
588: dlen = (uint16_t)pwlen;
589: }
590:
591: if (type != RADIUS_ATTR_VENDOR_SPECIFIC) {
592: if (dlen) { /* If dlen != 0 it is a text/string attribute */
593: vlen = dlen;
594: }
595: else {
596: vlen = 4; /* address, integer or time */
597: }
598:
599: if (vlen > RADIUS_ATTR_VLEN) {
600: log_warn(0, "Truncating RADIUS attribute (type:%d/%d/%d) from %d to %d bytes [%s]",
601: type, vendor_id, vendor_type, vlen, RADIUS_ATTR_VLEN, data);
602: vlen = RADIUS_ATTR_VLEN;
603: }
604:
605: if ((length+vlen+2) > RADIUS_PACKSIZE) {
606: log_err(0, "No more space!");
607: return -1;
608: }
609:
610: length += vlen + 2;
611:
612: pack->length = htons(length);
613:
614: a->t = type;
615: a->l = vlen+2;
616:
617: if (data)
618: memcpy(a->v.t, data, vlen);
619: else if (dlen)
620: memset(a->v.t, 0, vlen);
621: else
622: a->v.i = htonl(value);
623: }
624: else { /* Vendor specific */
625: if (dlen) { /* If dlen != 0 it is a text/string attribute */
626: vlen = dlen;
627: }
628: else {
629: vlen = 4; /* address, integer or time */
630: }
631:
632: if (vlen > RADIUS_ATTR_VLEN-8) {
633: log_warn(0, "Truncating RADIUS attribute (type:%d/%d/%d) from %d to %d [%s]",
634: type, vendor_id, vendor_type, vlen, RADIUS_ATTR_VLEN-8, data);
635: vlen = RADIUS_ATTR_VLEN-8;
636: }
637:
638: if ((length+vlen+2) > RADIUS_PACKSIZE) {
639: log_err(0, "No more space!");
640: return -1;
641: }
642:
643: length += vlen + 8;
644:
645: pack->length = htons(length);
646:
647: a->t = type;
648: a->l = vlen+8;
649:
650: a->v.vv.i = htonl(vendor_id);
651: a->v.vv.t = vendor_type;
652: a->v.vv.l = vlen+2;
653:
654: if (data)
655: memcpy(((void*) a)+8, data, dlen);
656: else if (dlen)
657: memset(((void*) a)+8, 0, dlen);
658: else
659: a->v.vv.v.i = htonl(value);
660: }
661:
662: return 0;
663: }
664:
665:
666: /*
667: * radius_getattr()
668: * Search for an attribute in a packet. Returns -1 if attribute is not found.
669: * The first instance matching attributes will be skipped
670: */
671: int
672: radius_getattr(struct radius_packet_t *pack, struct radius_attr_t **attr,
673: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
674: int instance) {
675: size_t offset = 0;
676: return radius_getnextattr(pack, attr, type, vendor_id, vendor_type, instance, &offset);
677: }
678:
679: int
680: radius_getnextattr(struct radius_packet_t *pack, struct radius_attr_t **attr,
681: uint8_t type, uint32_t vendor_id, uint8_t vendor_type,
682: int instance, size_t *roffset) {
683: struct radius_attr_t *t;
684: size_t len = ntohs(pack->length) - RADIUS_HDRSIZE;
685: size_t offset = *roffset;
686: int count = 0;
687:
688: if (0) {
689: printf("radius_getattr payload(len=%d,off=%d) %.2x %.2x %.2x %.2x\n",
690: len, offset, pack->payload[0], pack->payload[1], pack->payload[2],
691: pack->payload[3]);
692: }
693:
694: while (offset < len) {
695: t = (struct radius_attr_t *)(&pack->payload[offset]);
696:
697: if (0) {
698: printf("radius_getattr %d %d %d %.2x %.2x \n", t->t, t->l,
699: ntohl(t->v.vv.i), (int) t->v.vv.t, (int) t->v.vv.l);
700: }
701:
702: offset += t->l;
703:
704: if (t->t != type)
705: continue;
706:
707: if (t->t == RADIUS_ATTR_VENDOR_SPECIFIC &&
708: (ntohl(t->v.vv.i) != vendor_id || t->v.vv.t != vendor_type))
709: continue;
710:
711: if (count == instance) {
712:
713: if (type == RADIUS_ATTR_VENDOR_SPECIFIC)
714: *attr = (struct radius_attr_t *) &t->v.vv.t;
715: else
716: *attr = t;
717:
718: if (0) printf("Found\n");
719:
720: *roffset = offset;
721: return 0;
722: }
723: else {
724: count++;
725: }
726: }
727:
728: return -1; /* Not found */
729: }
730:
731: /*
732: * radius_countattr()
733: * Count the number of instances of an attribute in a packet.
734: */
735: int
736: radius_countattr(struct radius_packet_t *pack, uint8_t type) {
737: struct radius_attr_t *t;
738: size_t offset = 0;
739: int count = 0;
740:
741: /* Need to check pack -> length */
742:
743: do {
744: t = (struct radius_attr_t*)(&pack->payload[offset]);
745: if (t->t == type) {
746: count++;
747: }
748: offset += 2 + t->l;
749: } while (offset < ntohs(pack->length));
750:
751: if (0) printf("Count %d\n", count);
752: return count;
753: }
754:
755:
756: /*
757: * radius_cmpattr()
758: * Compare two attributes to see if they are the same.
759: */
760: int
761: radius_cmpattr(struct radius_attr_t *t1, struct radius_attr_t *t2) {
762: if (t1->t != t2->t) return -1;
763: if (t1->l != t2->l) return -1;
764: if (memcmp(t1->v.t, t2->v.t, t1->l)) return -1; /* Also int/time/addr */
765: return 0;
766: }
767:
768:
769: /*
770: * radius_keydecode()
771: * Decode an MPPE key using MD5.
772: */
773: int radius_keydecode(struct radius_t *this,
774: uint8_t *dst, size_t dstsize, size_t *dstlen,
775: uint8_t *src, size_t srclen,
776: uint8_t *authenticator,
777: char *secret, size_t secretlen) {
778: MD5_CTX context;
779: unsigned char b[RADIUS_MD5LEN];
780: int blocks;
781: int i, n;
782:
783: blocks = ((int)srclen - 2) / RADIUS_MD5LEN;
784:
785: if ((blocks * RADIUS_MD5LEN + 2) != (int)srclen) {
786: log_err(0, "radius_keydecode: srclen must be 2 plus n*16");
787: return -1;
788: }
789:
790: if (blocks < 1) {
791: log_err(0, "radius_keydecode srclen must be at least 18");
792: return -1;
793: }
794:
795: /* Get MD5 hash on secret + authenticator (First 16 octets) */
796: MD5Init(&context);
797: MD5Update(&context, (uint8_t *)secret, secretlen);
798: MD5Update(&context, authenticator, RADIUS_AUTHLEN);
799: MD5Update(&context, src, 2);
800: MD5Final(b, &context);
801:
802: if ((src[2] ^ b[0]) > dstsize) {
803: log_err(0,"radius_keydecode dstsize too small");
804: return -1;
805: }
806:
807: if ((src[2] ^ b[0]) > (srclen - 3)) {
808: log_err(0,"radius_keydecode dstlen > srclen - 3");
809: return -1;
810: }
811:
812: *dstlen = (size_t)(src[2] ^ b[0]);
813:
814: for (i = 1; i < RADIUS_MD5LEN; i++)
815: if ((i-1) < (int)*dstlen)
816: dst[i-1] = src[i+2] ^ b[i];
817:
818: /* Next blocks of 16 octets */
819: for (n=1; n < blocks; n++) {
820: MD5Init(&context);
821: MD5Update(&context, (uint8_t *)secret, secretlen);
822: MD5Update(&context, &src[2 + ((n-1) * RADIUS_MD5LEN)], RADIUS_MD5LEN);
823: MD5Final(b, &context);
824: for (i = 0; i < RADIUS_MD5LEN; i++)
825: if ((i-1+n*RADIUS_MD5LEN) < (int)*dstlen)
826: dst[i-1+n*RADIUS_MD5LEN] = src[i+2+n*RADIUS_MD5LEN] ^ b[i];
827: }
828:
829: return 0;
830: }
831:
832: /*
833: * radius_keyencode()
834: * Encode an MPPE key using MD5.
835: */
836: int radius_keyencode(struct radius_t *this,
837: uint8_t *dst, size_t dstsize, size_t *dstlen,
838: uint8_t *src, size_t srclen,
839: uint8_t *authenticator,
840: char *secret, size_t secretlen) {
841: MD5_CTX context;
842: unsigned char b[RADIUS_MD5LEN];
843: int blocks;
844: int i, n;
845:
846: blocks = ((int)srclen + 1) / RADIUS_MD5LEN;
847: if ((blocks * RADIUS_MD5LEN) < ((int)srclen + 1)) blocks++;
848:
849: if (((blocks * RADIUS_MD5LEN) + 2) > (int)dstsize) {
850: log_err(0, "radius_keyencode dstsize too small");
851: return -1;
852: }
853:
854: *dstlen = (size_t)((blocks * RADIUS_MD5LEN) + 2);
855:
856: /* Read two salt octets */
857: if (fread(dst, 1, 2, this->urandom_fp) != 2) {
858: log_err(errno, "fread() failed");
859: return -1;
860: }
861:
862: /* Get MD5 hash on secret + authenticator (First 16 octets) */
863: MD5Init(&context);
864: MD5Update(&context, (uint8_t *)secret, secretlen);
865: MD5Update(&context, authenticator, RADIUS_AUTHLEN);
866: MD5Update(&context, dst, 2);
867: MD5Final(b, &context);
868: dst[2] = (uint8_t)srclen ^ b[0]; /* Length of key */
869: for (i = 1; i < RADIUS_MD5LEN; i++)
870: if ((i-1) < (int)srclen)
871: dst[i+2] = src[i-1] ^ b[i];
872: else
873: dst[i+2] = b[i];
874:
875: /* Get MD5 hash on secret + c(n-1) (Next j 16 octets) */
876: for (n=1; n < blocks; n++) {
877: MD5Init(&context);
878: MD5Update(&context, (uint8_t *)secret, secretlen);
879: MD5Update(&context, &dst[2 + ((n-1) * RADIUS_MD5LEN)], RADIUS_MD5LEN);
880: MD5Final(b, &context);
881: for (i = 0; i < RADIUS_MD5LEN; i++)
882: if ((i-1) < (int)srclen)
883: dst[i+2+n*RADIUS_MD5LEN] = src[i-1+n*RADIUS_MD5LEN] ^ b[i];
884: else
885: dst[i+2+n*RADIUS_MD5LEN] = b[i];
886: }
887:
888: return 0;
889: }
890:
891:
892: /*
893: * radius_pwdecode()
894: * Decode a password using MD5. Also used for MSCHAPv1 MPPE keys.
895: */
896: int radius_pwdecode(struct radius_t *this,
897: uint8_t *dst, size_t dstsize, size_t *dstlen,
898: uint8_t *src, size_t srclen,
899: uint8_t *authenticator,
900: char *secret, size_t secretlen) {
901: int i, n;
902: MD5_CTX context;
903: unsigned char output[RADIUS_MD5LEN];
904:
905: if (srclen > dstsize) {
906: log_err(0, "radius_pwdecode srclen larger than dstsize");
907: return -1;
908: }
909:
910: if (srclen % RADIUS_MD5LEN) {
911: log_err(0, "radius_pwdecode srclen is not multiple of 16 octets");
912: return -1;
913: }
914:
915: *dstlen = srclen;
916:
917: if (this->debug) {
918: printf("pwdecode srclen %d\n", srclen);
919: for (n=0; n< srclen; n++) {
920: printf("%.2x ", src[n]);
921: if ((n % 16) == 15)
922: printf("\n");
923: }
924: printf("\n");
925:
926: printf("pwdecode authenticator \n");
927: for (n=0; n< RADIUS_AUTHLEN; n++) {
928: printf("%.2x ", authenticator[n]);
929: if ((n % 16) == 15)
930: printf("\n");
931: }
932: printf("\n");
933:
934: printf("pwdecode secret \n");
935: for (n=0; n< secretlen; n++) {
936: printf("%.2x ", secret[n]);
937: if ((n % 16) == 15)
938: printf("\n");
939: }
940: printf("\n");
941: }
942:
943: /* Get MD5 hash on secret + authenticator */
944: MD5Init(&context);
945: MD5Update(&context, (uint8_t*) secret, secretlen);
946: MD5Update(&context, authenticator, RADIUS_AUTHLEN);
947: MD5Final(output, &context);
948:
949: /* XOR first 16 octets of passwd with MD5 hash */
950: for (i = 0; i < RADIUS_MD5LEN; i++)
951: dst[i] = src[i] ^ output[i];
952:
953: /* Continue with the remaining octets of passwd if any */
954: for (n = 0; n < 128 && n < (*dstlen - RADIUS_AUTHLEN); n += RADIUS_AUTHLEN) {
955: MD5Init(&context);
956: MD5Update(&context, (uint8_t*) secret, secretlen);
957: MD5Update(&context, src + n, RADIUS_AUTHLEN);
958: MD5Final(output, &context);
959: for (i = 0; i < RADIUS_AUTHLEN; i++)
960: dst[i + n + RADIUS_AUTHLEN] = src[i + n + RADIUS_AUTHLEN] ^ output[i];
961: }
962:
963: if (this->debug) {
964: printf("pwdecode dest \n");
965: for (n=0; n< 32; n++) {
966: printf("%.2x ", dst[n]);
967: if ((n % 16) == 15)
968: printf("\n");
969: }
970: printf("\n");
971: }
972:
973: return 0;
974: }
975:
976:
977: /*
978: * radius_pwencode()
979: * Encode a password using MD5.
980: */
981: int radius_pwencode(struct radius_t *this,
982: uint8_t *dst, size_t dstsize,
983: size_t *dstlen,
984: uint8_t *src, size_t srclen,
985: uint8_t *authenticator,
986: char *secret, size_t secretlen) {
987:
988: unsigned char output[RADIUS_MD5LEN];
989: MD5_CTX context;
990: size_t i, n;
991:
992: memset(dst, 0, dstsize);
993:
994: /* Make dstlen multiple of 16 */
995: if (srclen & 0x0f)
996: *dstlen = (srclen & 0xf0) + 0x10; /* Padding 1 to 15 zeros */
997: else
998: *dstlen = srclen; /* No padding */
999:
1000: /* Is dstsize too small ? */
1001: if (dstsize <= *dstlen) {
1002: *dstlen = 0;
1003: return -1;
1004: }
1005:
1006: /* Copy first 128 octets of src into dst */
1007: if (srclen > 128)
1008: memcpy(dst, src, 128);
1009: else
1010: memcpy(dst, src, srclen);
1011:
1012: /* Get MD5 hash on secret + authenticator */
1013: MD5Init(&context);
1014: MD5Update(&context, (uint8_t*) secret, secretlen);
1015: MD5Update(&context, authenticator, RADIUS_AUTHLEN);
1016: MD5Final(output, &context);
1017:
1018: /* XOR first 16 octets of dst with MD5 hash */
1019: for (i = 0; i < RADIUS_MD5LEN; i++)
1020: dst[i] ^= output[i];
1021:
1022: /* if (*dstlen <= RADIUS_MD5LEN) return 0; Finished */
1023:
1024: /* Continue with the remaining octets of dst if any */
1025: for (n = 0;
1026: n < 128 && n < (*dstlen - RADIUS_AUTHLEN);
1027: n += RADIUS_AUTHLEN) {
1028: MD5Init(&context);
1029: MD5Update(&context, (uint8_t*) secret, secretlen);
1030: MD5Update(&context, dst + n, RADIUS_AUTHLEN);
1031: MD5Final(output, &context);
1032: for (i = 0; i < RADIUS_AUTHLEN; i++)
1033: dst[i + n + RADIUS_AUTHLEN] ^= output[i];
1034: }
1035:
1036: return 0;
1037: }
1038:
1039:
1040: /*
1041: * radius_new()
1042: * Allocate a new radius instance.
1043: */
1044: int radius_new(struct radius_t **this,
1045: struct in_addr *listen, uint16_t port, int coanocheck,
1046: struct in_addr *proxylisten, uint16_t proxyport,
1047: struct in_addr *proxyaddr, struct in_addr *proxymask,
1048: char* proxysecret) {
1049: struct sockaddr_in addr;
1050: struct radius_t *new_radius;
1051:
1052: /* Allocate storage for instance */
1053: if (!(new_radius = calloc(sizeof(struct radius_t), 1))) {
1054: log_err(0, "calloc() failed");
1055: return -1;
1056: }
1057:
1058: new_radius->coanocheck = coanocheck;
1059:
1060: /* Radius parameters */
1061: new_radius->ouraddr.s_addr = listen->s_addr;
1062: new_radius->ourport = port;
1063:
1064: /* Proxy parameters */
1065: if (proxylisten && proxyport && proxysecret) {
1066: new_radius->proxylisten.s_addr = proxylisten->s_addr;
1067: new_radius->proxyport = proxyport;
1068:
1069: if (proxyaddr)
1070: new_radius->proxyaddr.s_addr = proxyaddr->s_addr;
1071: else
1072: new_radius->proxyaddr.s_addr = ~0;
1073:
1074: if (proxymask)
1075: new_radius->proxymask.s_addr = proxymask->s_addr;
1076: else
1077: new_radius->proxymask.s_addr = 0;
1078:
1079: if ((new_radius->proxysecretlen = strlen(proxysecret)) < RADIUS_SECRETSIZE) {
1080: memcpy(new_radius->proxysecret, proxysecret, new_radius->proxysecretlen);
1081: }
1082: }
1083:
1084: /* Initialise queue */
1085: new_radius->next = 0;
1086: new_radius->first = -1;
1087: new_radius->last = -1;
1088:
1089: if ((new_radius->urandom_fp = fopen("/dev/urandom", "r")) < 0) {
1090: log_err(errno, "fopen(/dev/urandom, r) failed");
1091: free(new_radius);
1092: return -1;
1093: }
1094:
1095: /* Initialise radius socket */
1096: if ((new_radius->fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0 ) {
1097: log_err(errno, "socket() failed!");
1098: fclose(new_radius->urandom_fp);
1099: free(new_radius);
1100: return -1;
1101: }
1102:
1103: memset(&addr, 0, sizeof(addr));
1104: addr.sin_family = AF_INET;
1105: addr.sin_addr = new_radius->ouraddr;
1106: addr.sin_port = htons(new_radius->ourport);
1107:
1108: if (bind(new_radius->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
1109: log_err(errno, "bind() failed!");
1110: fclose(new_radius->urandom_fp);
1111: close(new_radius->fd);
1112: free(new_radius);
1113: return -1;
1114: }
1115:
1116: /* Initialise proxy socket */
1117: if (proxylisten && proxyport && proxysecret) {
1118: if ((new_radius->proxyfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0 ) {
1119: log_err(errno, "socket() failed for proxyfd!");
1120: fclose(new_radius->urandom_fp);
1121: close(new_radius->fd);
1122: free(new_radius);
1123: return -1;
1124: }
1125:
1126: memset(&addr, 0, sizeof(addr));
1127: addr.sin_family = AF_INET;
1128: addr.sin_addr = new_radius->proxylisten;
1129: addr.sin_port = htons(new_radius->proxyport);
1130:
1131: if (bind(new_radius->proxyfd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
1132: log_err(errno, "bind() failed for proxylisten!");
1133: fclose(new_radius->urandom_fp);
1134: close(new_radius->fd);
1135: close(new_radius->proxyfd);
1136: free(new_radius);
1137: return -1;
1138: }
1139: }
1140: else {
1141: new_radius->proxyfd = -1; /* Indicate that proxy is not used */
1142: }
1143:
1144: *this = new_radius;
1145: return 0;
1146: }
1147:
1148:
1149: /*
1150: * radius_free()
1151: * Free a radius instance. (Undo radius_new()
1152: */
1153: int
1154: radius_free(struct radius_t *this)
1155: {
1156: if (fclose(this->urandom_fp)) {
1157: log_err(errno, "fclose() failed!");
1158: }
1159: if (close(this->fd)) {
1160: log_err(errno, "close() failed!");
1161: }
1162: free(this);
1163: return 0;
1164: }
1165:
1166: void radius_set(struct radius_t *this, unsigned char *hwaddr, int debug) {
1167: this->debug = debug;
1168:
1169: /* Remote radius server parameters */
1170: this->hisaddr0.s_addr = options.radiusserver1.s_addr;
1171: this->hisaddr1.s_addr = options.radiusserver2.s_addr;
1172:
1173: if (options.radiusauthport) {
1174: this->authport = options.radiusauthport;
1175: }
1176: else {
1177: this->authport = RADIUS_AUTHPORT;
1178: }
1179:
1180: if (options.radiusacctport) {
1181: this->acctport = options.radiusacctport;
1182: }
1183: else {
1184: this->acctport = RADIUS_ACCTPORT;
1185: }
1186:
1187: if ((this->secretlen = strlen(options.radiussecret)) > RADIUS_SECRETSIZE) {
1188: log_err(0, "Radius secret too long. Truncating to %d characters",
1189: RADIUS_SECRETSIZE);
1190: this->secretlen = RADIUS_SECRETSIZE;
1191: }
1192:
1193: if (hwaddr)
1194: memcpy(this->nas_hwaddr, hwaddr, sizeof(this->nas_hwaddr));
1195:
1196: memcpy(this->secret, options.radiussecret, this->secretlen);
1197:
1198: this->lastreply = 0; /* Start out using server 0 */
1199: return;
1200: }
1201:
1202:
1203: /*
1204: * radius_set_cb_ind()
1205: * Set callback function received requests
1206: */
1207: int radius_set_cb_ind(struct radius_t *this,
1208: int (*cb_ind) (struct radius_t *radius, struct radius_packet_t *pack,
1209: struct sockaddr_in *peer)) {
1210:
1211: this->cb_ind = cb_ind;
1212: return 0;
1213: }
1214:
1215:
1216: /*
1217: * radius_set_cb_auth_conf()
1218: * Set callback function for responses to access request
1219: */
1220: int
1221: radius_set_cb_auth_conf(struct radius_t *this,
1222: int (*cb_auth_conf) (struct radius_t *radius, struct radius_packet_t *pack,
1223: struct radius_packet_t *pack_req, void *cbp)) {
1224:
1225: this->cb_auth_conf = cb_auth_conf;
1226: return 0;
1227: }
1228:
1229: /*
1230: * radius_set_cb_acct_conf()
1231: * Set callback function for responses to accounting request
1232: */
1233: int
1234: radius_set_cb_acct_conf(struct radius_t *this,
1235: int (*cb_acct_conf) (struct radius_t *radius, struct radius_packet_t *pack,
1236: struct radius_packet_t *pack_req, void *cbp)) {
1237:
1238: this->cb_acct_conf = cb_acct_conf;
1239: return 0;
1240: }
1241:
1242: /*
1243: * radius_set_cb_coa_ind()
1244: * Set callback function for coa and disconnect request
1245: */
1246: int
1247: radius_set_cb_coa_ind(struct radius_t *this,
1248: int (*cb_coa_ind) (struct radius_t *radius, struct radius_packet_t *pack,
1249: struct sockaddr_in *peer)) {
1250:
1251: this->cb_coa_ind = cb_coa_ind;
1252: return 0;
1253: }
1254:
1255:
1256: /*
1257: * radius_req()
1258: * Send of a packet and place it in the retransmit queue
1259: */
1260: int radius_req(struct radius_t *this,
1261: struct radius_packet_t *pack,
1262: void *cbp)
1263: {
1264: struct sockaddr_in addr;
1265: size_t len = ntohs(pack->length);
1266:
1267: /* Place packet in queue */
1268: if (radius_queue_in(this, pack, cbp)) {
1269: return -1;
1270: }
1271:
1272: memset(&addr, 0, sizeof(addr));
1273: addr.sin_family = AF_INET;
1274:
1275: if (this->debug) printf("Lastreply: %d\n", this->lastreply);
1276:
1277: if (!this->lastreply) {
1278: addr.sin_addr = this->hisaddr0;
1279: }
1280: else {
1281: addr.sin_addr = this->hisaddr1;
1282: }
1283:
1284: if (pack->code == RADIUS_CODE_ACCOUNTING_REQUEST)
1285: addr.sin_port = htons(this->acctport);
1286: else
1287: addr.sin_port = htons(this->authport);
1288:
1289:
1290: if (sendto(this->fd, pack, len, 0,
1291: (struct sockaddr *) &addr, sizeof(addr)) < 0) {
1292: log_err(errno, "sendto() failed!");
1293: return -1;
1294: }
1295:
1296: return 0;
1297: }
1298:
1299:
1300: /*
1301: * radius_resp()
1302: * Send of a packet (no retransmit queue)
1303: */
1304: int radius_resp(struct radius_t *this,
1305: struct radius_packet_t *pack,
1306: struct sockaddr_in *peer, uint8_t *req_auth) {
1307:
1308: size_t len = ntohs(pack->length);
1309: struct radius_attr_t *ma = NULL; /* Message authenticator */
1310:
1311: /* Prepare for message authenticator TODO */
1312: memset(pack->authenticator, 0, RADIUS_AUTHLEN);
1313: memcpy(pack->authenticator, req_auth, RADIUS_AUTHLEN);
1314:
1315: /* If packet contains message authenticator: Calculate it! */
1316: if (!radius_getattr(pack, &ma, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, 0,0,0)) {
1317: radius_hmac_md5(this, pack, this->proxysecret, this->proxysecretlen, ma->v.t);
1318: }
1319:
1320: radius_authresp_authenticator(this, pack, req_auth,
1321: this->proxysecret,
1322: this->proxysecretlen);
1323:
1324: if (sendto(this->proxyfd, pack, len, 0,
1325: (struct sockaddr *) peer, sizeof(struct sockaddr_in)) < 0) {
1326: log_err(errno, "sendto() failed!");
1327: return -1;
1328: }
1329:
1330: return 0;
1331: }
1332:
1333: /*
1334: * radius_coaresp()
1335: * Send of a packet (no retransmit queue)
1336: */
1337: int radius_coaresp(struct radius_t *this,
1338: struct radius_packet_t *pack,
1339: struct sockaddr_in *peer, uint8_t *req_auth) {
1340:
1341: size_t len = ntohs(pack->length);
1342: struct radius_attr_t *ma = NULL; /* Message authenticator */
1343:
1344: /* Prepare for message authenticator TODO */
1345: memset(pack->authenticator, 0, RADIUS_AUTHLEN);
1346: memcpy(pack->authenticator, req_auth, RADIUS_AUTHLEN);
1347:
1348: /* If packet contains message authenticator: Calculate it! */
1349: if (!radius_getattr(pack, &ma, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, 0,0,0)) {
1350: radius_hmac_md5(this, pack, this->secret, this->secretlen, ma->v.t);
1351: }
1352:
1353: radius_authresp_authenticator(this, pack, req_auth,
1354: this->secret,
1355: this->secretlen);
1356:
1357: if (sendto(this->fd, pack, len, 0,
1358: (struct sockaddr *) peer, sizeof(struct sockaddr_in)) < 0) {
1359: log_err(errno, "sendto() failed!");
1360: return -1;
1361: }
1362:
1363: return 0;
1364: }
1365:
1366:
1367: /*
1368: * radius_default_pack()
1369: * Return an empty packet which can be used in subsequent to
1370: * radius_addattr()
1371: */
1372: int
1373: radius_default_pack(struct radius_t *this,
1374: struct radius_packet_t *pack,
1375: int code)
1376: {
1377: memset(pack, 0, RADIUS_PACKSIZE);
1378: pack->code = code;
1379: pack->id = 0; /* Let the send procedure queue the packet and assign id */
1380: pack->length = htons(RADIUS_HDRSIZE);
1381:
1382: if (fread(pack->authenticator, 1, RADIUS_AUTHLEN, this->urandom_fp) != RADIUS_AUTHLEN) {
1383: log_err(errno, "fread() failed");
1384: return -1;
1385: }
1386:
1387: /* always add the chillispot version to requests */
1388: radius_addattr(this, pack, RADIUS_ATTR_VENDOR_SPECIFIC,
1389: RADIUS_VENDOR_CHILLISPOT, RADIUS_ATTR_CHILLISPOT_VERSION,
1390: 0, (uint8_t*)VERSION, strlen(VERSION));
1391:
1392: return 0;
1393: }
1394:
1395:
1396: /*
1397: * radius_authcheck()
1398: * Check that the authenticator on a reply is correct.
1399: */
1400: int radius_authcheck(struct radius_t *this, struct radius_packet_t *pack,
1401: struct radius_packet_t *pack_req)
1402: {
1403: uint8_t auth[RADIUS_AUTHLEN];
1404: MD5_CTX context;
1405:
1406: MD5Init(&context);
1407: MD5Update(&context, (uint8_t *) pack, RADIUS_HDRSIZE-RADIUS_AUTHLEN);
1408: MD5Update(&context, pack_req->authenticator, RADIUS_AUTHLEN);
1409: MD5Update(&context, ((uint8_t *) pack) + RADIUS_HDRSIZE,
1410: ntohs(pack->length) - RADIUS_HDRSIZE);
1411: MD5Update(&context, (uint8_t *)this->secret, this->secretlen);
1412: MD5Final(auth, &context);
1413:
1414: return memcmp(pack->authenticator, auth, RADIUS_AUTHLEN);
1415: }
1416:
1417: /*
1418: * radius_acctcheck()
1419: * Check that the authenticator on an accounting request is correct.
1420: */
1421: int radius_acctcheck(struct radius_t *this, struct radius_packet_t *pack)
1422: {
1423: uint8_t auth[RADIUS_AUTHLEN];
1424: uint8_t padd[RADIUS_AUTHLEN] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
1425: MD5_CTX context;
1426:
1427: MD5Init(&context);
1428: MD5Update(&context, (uint8_t *)pack, RADIUS_HDRSIZE-RADIUS_AUTHLEN);
1429: MD5Update(&context, (uint8_t *)padd, RADIUS_AUTHLEN);
1430: MD5Update(&context, ((uint8_t *)pack) + RADIUS_HDRSIZE,
1431: ntohs(pack->length) - RADIUS_HDRSIZE);
1432: MD5Update(&context, (uint8_t *)this->secret, this->secretlen);
1433: MD5Final(auth, &context);
1434:
1435: return memcmp(pack->authenticator, auth, RADIUS_AUTHLEN);
1436: }
1437:
1438:
1439: /*
1440: * radius_decaps()
1441: * Read and process a received radius packet.
1442: */
1443: int radius_decaps(struct radius_t *this) {
1444: ssize_t status;
1445: struct radius_packet_t pack;
1446: struct radius_packet_t pack_req;
1447: void *cbp;
1448: struct sockaddr_in addr;
1449: socklen_t fromlen = sizeof(addr);
1450: int coarequest = 0;
1451:
1452: if (this->debug)
1453: log_dbg("Received radius packet");
1454:
1455: if ((status = recvfrom(this->fd, &pack, sizeof(pack), 0,
1456: (struct sockaddr *) &addr, &fromlen)) <= 0) {
1457: log_err(errno, "recvfrom() failed");
1458: return -1;
1459: }
1460:
1461: if (status < RADIUS_HDRSIZE) {
1462: log_warn(0, "Received radius packet which is too short: %d < %d!",
1463: status, RADIUS_HDRSIZE);
1464: return -1;
1465: }
1466:
1467: if (ntohs(pack.length) != (uint16_t)status) {
1468: log_warn(errno, "Received radius packet with wrong length field %d != %d!",
1469: ntohs(pack.length), status);
1470: return -1;
1471: }
1472:
1473:
1474: switch (pack.code) {
1475: case RADIUS_CODE_DISCONNECT_REQUEST:
1476: case RADIUS_CODE_COA_REQUEST:
1477: coarequest = 1;
1478: break;
1479: default:
1480: coarequest = 0;
1481: }
1482:
1483: if (!coarequest) {
1484: /* Check that reply is from correct address */
1485: if ((addr.sin_addr.s_addr != this->hisaddr0.s_addr) &&
1486: (addr.sin_addr.s_addr != this->hisaddr1.s_addr)) {
1487: log_warn(0, "Received radius reply from wrong address %.8x!",
1488: addr.sin_addr.s_addr);
1489: return -1;
1490: }
1491:
1492: /* Check that UDP source port is correct */
1493: if ((addr.sin_port != htons(this->authport)) &&
1494: (addr.sin_port != htons(this->acctport))) {
1495: log_warn(0, "Received radius packet from wrong port %.4x!",
1496: addr.sin_port);
1497: return -1;
1498: }
1499:
1500: if (radius_queue_out(this, &pack_req, pack.id, &cbp)) {
1501: log_warn(0, "Matching request was not found in queue: %d!", pack.id);
1502: return -1;
1503: }
1504:
1505: if (radius_authcheck(this, &pack, &pack_req)) {
1506: log_warn(0, "Authenticator does not match request!");
1507: return -1;
1508: }
1509:
1510: /* Set which radius server to use next */
1511: if (addr.sin_addr.s_addr == this->hisaddr0.s_addr)
1512: this->lastreply = 0;
1513: else
1514: this->lastreply = 1;
1515:
1516: }
1517: else {
1518: if (!this->coanocheck) {
1519: /* Check that request is from correct address */
1520: if ((addr.sin_addr.s_addr != this->hisaddr0.s_addr) &&
1521: (addr.sin_addr.s_addr != this->hisaddr1.s_addr)) {
1522: log_warn(0, "Received radius request from wrong address %.8x!",
1523: addr.sin_addr.s_addr);
1524: return -1;
1525: }
1526: }
1527:
1528: if (radius_acctcheck(this, &pack)) {
1529: log_warn(0, "Authenticator did not match MD5 of packet!");
1530: return -1;
1531: }
1532: }
1533:
1534: /* TODO: Check consistency of attributes vs packet length */
1535:
1536: switch (pack.code) {
1537: case RADIUS_CODE_ACCESS_ACCEPT:
1538: case RADIUS_CODE_ACCESS_REJECT:
1539: case RADIUS_CODE_ACCESS_CHALLENGE:
1540: case RADIUS_CODE_DISCONNECT_ACK:
1541: case RADIUS_CODE_DISCONNECT_NAK:
1542: case RADIUS_CODE_STATUS_ACCEPT:
1543: case RADIUS_CODE_STATUS_REJECT:
1544: if (this->cb_auth_conf)
1545: return this->cb_auth_conf(this, &pack, &pack_req, cbp);
1546: else
1547: return 0;
1548: break;
1549: case RADIUS_CODE_ACCOUNTING_RESPONSE:
1550: if (this->cb_acct_conf)
1551: return this->cb_acct_conf(this, &pack, &pack_req, cbp);
1552: else
1553: return 0;
1554: break;
1555: case RADIUS_CODE_DISCONNECT_REQUEST:
1556: case RADIUS_CODE_COA_REQUEST:
1557: if (this->cb_coa_ind)
1558: return this->cb_coa_ind(this, &pack, &addr);
1559: else
1560: return 0;
1561: break;
1562: default:
1563: log_warn(0, "Received unknown radius packet %d!", pack.code);
1564: return -1;
1565: }
1566:
1567: log_warn(0, "Received unknown radius packet %d!", pack.code);
1568: return -1;
1569: }
1570:
1571: /*
1572: * radius_proxy_ind()
1573: * Read and process a received radius packet.
1574: */
1575: int radius_proxy_ind(struct radius_t *this) {
1576: ssize_t status;
1577: struct radius_packet_t pack;
1578: struct sockaddr_in addr;
1579: socklen_t fromlen = sizeof(addr);
1580:
1581: if (this->debug)
1582: log_dbg("Received radius packet");
1583:
1584: if ((status = recvfrom(this->proxyfd, &pack, sizeof(pack), 0,
1585: (struct sockaddr *) &addr, &fromlen)) <= 0) {
1586: log_err(errno, "recvfrom() failed");
1587: return -1;
1588: }
1589:
1590: if (status < RADIUS_HDRSIZE) {
1591: log_warn(0, "Received radius packet which is too short: %d < %d!",
1592: status, RADIUS_HDRSIZE);
1593: return -1;
1594: }
1595:
1596: if (ntohs(pack.length) != (uint16_t)status) {
1597: log_err(0, "Received radius packet with wrong length field %d != %d!",
1598: ntohs(pack.length), status);
1599: return -1;
1600: }
1601:
1602: /* Is this a known request? */
1603: if ((this->cb_ind) &&
1604: ((pack.code == RADIUS_CODE_ACCESS_REQUEST) ||
1605: (pack.code == RADIUS_CODE_ACCOUNTING_REQUEST) ||
1606: (pack.code == RADIUS_CODE_DISCONNECT_REQUEST) ||
1607: (pack.code == RADIUS_CODE_STATUS_REQUEST))) {
1608:
1609: /* Check that request is from a known client */
1610: /* Any of the two servers or from one of the clients */
1611: if ((addr.sin_addr.s_addr & this->proxymask.s_addr)!=
1612: this->proxyaddr.s_addr) {
1613: log_warn(0, "Received radius request from wrong address %.8x!",
1614: addr.sin_addr.s_addr);
1615: return -1;
1616: }
1617:
1618: return this->cb_ind(this, &pack, &addr);
1619: }
1620:
1621: log_warn(0, "Received unknown radius packet %d!", pack.code);
1622: return -1;
1623: }
1624:
1625: struct app_conn_t admin_session;
1626:
1627: int chilliauth_radius(struct radius_t *radius) {
1628: struct radius_packet_t radius_pack;
1629: int ret = -1;
1630:
1631: if (radius_default_pack(radius, &radius_pack, RADIUS_CODE_ACCESS_REQUEST)) {
1632: log_err(0, "radius_default_pack() failed");
1633: return ret;
1634: }
1635:
1636: /* adminuser is required */
1637: radius_addattr(radius, &radius_pack, RADIUS_ATTR_USER_NAME, 0, 0, 0,
1638: (uint8_t *)options.adminuser, strlen(options.adminuser));
1639:
1640: if (options.adminpasswd)
1641: radius_addattr(radius, &radius_pack, RADIUS_ATTR_USER_PASSWORD, 0, 0, 0,
1642: (uint8_t *)options.adminpasswd, strlen(options.adminpasswd));
1643:
1644: radius_addattr(radius, &radius_pack, RADIUS_ATTR_SERVICE_TYPE, 0, 0,
1645: RADIUS_SERVICE_TYPE_ADMIN_USER, NULL, 0);
1646:
1647:
1648: radius_addattr(radius, &radius_pack, RADIUS_ATTR_NAS_PORT_TYPE, 0, 0,
1649: options.radiusnasporttype, NULL, 0);
1650:
1651: radius_addnasip(radius, &radius_pack);
1652:
1653: radius_addcalledstation(radius, &radius_pack);
1654:
1655: if (options.radiusnasid)
1656: radius_addattr(radius, &radius_pack, RADIUS_ATTR_NAS_IDENTIFIER, 0, 0, 0,
1657: (uint8_t *)options.radiusnasid, strlen(options.radiusnasid));
1658:
1659: if (options.radiuslocationid)
1660: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
1661: RADIUS_VENDOR_WISPR, RADIUS_ATTR_WISPR_LOCATION_ID, 0,
1662: (uint8_t *)options.radiuslocationid, strlen(options.radiuslocationid));
1663:
1664: if (options.radiuslocationname)
1665: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
1666: RADIUS_VENDOR_WISPR, RADIUS_ATTR_WISPR_LOCATION_NAME, 0,
1667: (uint8_t *)options.radiuslocationname,
1668: strlen(options.radiuslocationname));
1669:
1670: radius_addattr(radius, &radius_pack, RADIUS_ATTR_ACCT_SESSION_ID, 0, 0, 0,
1671: (uint8_t*)admin_session.s_state.sessionid, REDIR_SESSIONID_LEN-1);
1672:
1673: if (admin_session.s_state.redir.classlen) {
1674: radius_addattr(radius, &radius_pack, RADIUS_ATTR_CLASS, 0, 0, 0,
1675: admin_session.s_state.redir.classbuf,
1676: admin_session.s_state.redir.classlen);
1677: }
1678:
1679: radius_addattr(radius, &radius_pack, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
1680: 0, 0, 0, NULL, RADIUS_MD5LEN);
1681:
1682: return radius_req(radius, &radius_pack, &admin_session);
1683: }
1684:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to radius.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / coova-chilli / src