client.h

Go to the documentation of this file.

/*
Copyright (C) 2018 Network RADIUS SARL <info@networkradius.com>

This software may not be redistributed in any form without the prior
written consent of Network RADIUS.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
 */

/*
 *  System-specific header files.
 */
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/time.h>

/*
 *  Definitions of attributes.
 */
#include <networkradius-devel/radius.h>

#ifdef PW_EAP_MESSAGE
#ifndef PW_MESSAGE_AUTHENTICATOR
#error EAP-Message requires Message-Authenticator
#endif
#endif

#ifndef HAVE_OPENSSL
#include "md5.h"
#define NR_MD5_CTX      MD5_CTX

#define nr_MD5Init      MD5_Init

#define nr_MD5Update    MD5_Update

#define nr_MD5Final     MD5_Final

#define nr_MD5Transform MD5_Transform

#else  /* WITHOUT_OPENSSL */

#include <openssl/md5.h>
#define NR_MD5_CTX      MD5_CTX

#define nr_MD5Init      MD5_Init

#define nr_MD5Update    MD5_Update

#define nr_MD5Final     MD5_Final

#define nr_MD5Transform MD5_Transform
#endif

#ifndef NR_MAX_PACKET_LEN

#define NR_MAX_PACKET_LEN (4096)
#endif

#ifndef NR_MAX_ATTRIBUTES

#define NR_MAX_ATTRIBUTES (200)
#endif

#undef NR_MAX_PACKET_CODE

#define NR_MAX_PACKET_CODE 46

#define NR_MAX_VENDOR           (1 << 24)

#define MAX_STRING_LEN          (254)

typedef enum nr_attr_type_t {
  NR_TYPE_INVALID = 0,          
  NR_TYPE_STRING,               
  NR_TYPE_INTEGER,              
  NR_TYPE_IPADDR,               
  NR_TYPE_DATE,                 
  NR_TYPE_OCTETS,                
  NR_TYPE_IFID,                 
  NR_TYPE_IPV6ADDR,             
  NR_TYPE_IPV6PREFIX,           
  NR_TYPE_BYTE,                 
  NR_TYPE_SHORT,                
  NR_TYPE_INTEGER64,            
} nr_attr_type_t;

#define PW_ACCESS_REQUEST               1
#define PW_ACCESS_ACCEPT                2
#define PW_ACCESS_REJECT                3
#define PW_ACCOUNTING_REQUEST           4
#define PW_ACCOUNTING_RESPONSE          5
#define PW_ACCOUNTING_STATUS            6
#define PW_ACCESS_CHALLENGE             11
#define PW_STATUS_SERVER                12
#define PW_DISCONNECT_REQUEST           40
#define PW_DISCONNECT_ACK               41
#define PW_DISCONNECT_NAK               42
#define PW_COA_REQUEST                  43
#define PW_COA_ACK                      44
#define PW_COA_NAK                      45

typedef enum nr_error_t {
        NR_ERR_INVALID_ARG = 1,
        NR_ERR_PACKET_TOO_SMALL,
        NR_ERR_PACKET_TOO_LARGE,
        NR_ERR_PACKET_CODE_UNKNOWN,
        NR_ERR_ATTR_OVERFLOW,
        NR_ERR_ATTR_TOO_SMALL,
        NR_ERR_ATTR_TOO_LARGE,
        NR_ERR_ATTR_UNKNOWN,
        NR_ERR_ATTR_BAD_NAME,
        NR_ERR_ATTR_VALUE_MALFORMED,
        NR_ERR_ATTR_INVALID,
        NR_ERR_TOO_MANY_ATTRS,
        NR_ERR_ATTR_TYPE_UNKNOWN,
        NR_ERR_MSG_AUTH_LEN,
        NR_ERR_MSG_AUTH_WRONG,
        NR_ERR_REQUEST_REQUIRED,
        NR_ERR_REQUEST_CODE_INVALID,
        NR_ERR_AUTH_VECTOR_WRONG,
        NR_ERR_RESPONSE_CODE_INVALID,
        NR_ERR_RESPONSE_ID_INVALID,
        NR_ERR_RESPONSE_SRC_INVALID,
        NR_ERR_SYSTEM,
        NR_ERR_NO_PACKET_DATA,
        NR_ERR_VENDOR_UNKNOWN,
        NR_ERR_INTERNAL_FAILURE,
        NR_ERR_UNSUPPORTED,
        NR_ERR_NO_FREE_ID,
        NR_ERR_NO_MEM,
        NR_ERR_IN_USE,
        NR_ERR_PACKET_UNSIGNED,
} nr_error_t;

#define TAG_VALID(x)          ((x) < 0x20)

#define FLAG_ENCRYPT_NONE            (0)

#define FLAG_ENCRYPT_USER_PASSWORD   (1)

#define FLAG_ENCRYPT_TUNNEL_PASSWORD (2)

typedef struct attr_flags {
        unsigned int            has_tag : 1; 
        unsigned int            unknown : 1; 
#ifdef NR_TYPE_TLV
        unsigned int            has_tlv : 1; /* has sub attributes */
        unsigned int            is_tlv : 1; /* is a sub attribute */
#endif
#ifdef VENDOR_EXTENDED
        unsigned int            extended : 1; /* extended attribute */
        unsigned int            extended_flags : 1; /* with flag */
        unsigned int            evs : 1;            /* extended VSA */
#endif

        uint8_t                 encrypt;      
        uint8_t                 length;       
} ATTR_FLAGS;


typedef struct nr_dict_attr {
        unsigned int            attr;           
        nr_attr_type_t          type;           
        unsigned int            vendor;         
        ATTR_FLAGS              flags;
        const char              *name;          
} DICT_ATTR;

typedef struct nr_dict_value {
        const DICT_ATTR         *da;            
        int                     value;          
        char                    name[1];        
} DICT_VALUE;

typedef struct nr_dict_vendor {
        unsigned int            vendor; 
        size_t                  type;      
        size_t                  length;    
        const char              *name;          
} DICT_VENDOR;

typedef union value_pair_data {
        char                    strvalue[MAX_STRING_LEN]; /* +1 for NUL */
        uint8_t                 octets[253];
        struct in_addr          ipaddr;
        struct in6_addr         ipv6addr;
        uint32_t                date;
        uint32_t                integer;
        uint64_t                integer64;
#ifdef NR_TYPE_SIGNED
        int32_t                 sinteger;
#endif
#ifdef NR_TYPE_ABINARY
        uint8_t                 filter[32];
#endif
        uint8_t                 ifid[8]; /* struct? */
        uint8_t                 ipv6prefix[18]; /* struct? */
#ifdef NR_TYPE_TLV
        uint8_t                 *tlv;
#endif
} VALUE_PAIR_DATA;


typedef struct value_pair {
        const DICT_ATTR         *da; 
        size_t                  length; 
        int                     tag; 
        struct value_pair       *next; 
        VALUE_PAIR_DATA         data;  
} VALUE_PAIR;
#define vp_strvalue   data.strvalue
#define vp_octets     data.octets
#define vp_ipv6addr   data.ipv6addr
#define vp_ifid       data.ifid
#define vp_ipv6prefix data.ipv6prefix
#define vp_ipaddr     data.ipaddr.s_addr
#define vp_date       data.integer
#define vp_integer    data.integer
#define vp_integer64    data.integer64
#ifdef NR_TYPE_ABINARY
#define vp_filter     data.filter
#endif
#ifdef NR_TYPE_ETHER
#define vp_ether      data.ether
#endif
#ifdef NR_TYPE_SIGNED
#define vp_signed     data.sinteger
#endif
#ifdef NR_TYPE_TLV
#define vp_tlv        data.tlv
#endif

#ifdef NR_TYPE_TLV
#define NR_ATTR_MAX_TLV (4)
extern const int nr_attr_shift[NR_ATTR_MAX_TLV];
extern const int nr_attr_mask[NR_ATTR_MAX_TLV];
extern const unsigned int nr_attr_max_tlv;
#endif

typedef enum nr_transmit_state_t {
        NR_TRANSMIT_NONE = 0,

        /*
         *      The caller sets these.
         */
        NR_TRANSMIT_INITIAL,    
        NR_TRANSMIT_TIMEOUT,    
        NR_TRANSMIT_HAVE_RESPONSE, 
        /*
         *      The (re)-transmitter sets these.
         */
        NR_TRANSMIT_SEND,       
        NR_TRANSMIT_CONTINUE,   
        NR_TRANSMIT_RESPONSE_OK, 
        NR_TRANSMIT_NO_RESPONSE, 
} nr_transmit_state_t;


typedef struct radius_packet {
        int                     sockfd; 
        struct sockaddr_storage src;    
        struct sockaddr_storage dst;    
        socklen_t               sizeof_addr; 
        const char              *secret; 
        size_t                  sizeof_secret; 
        unsigned int            code;   
        int                     id;     
        size_t                  length; 
        uint8_t                 vector[16]; 
        struct timeval          timestamp; 
        nr_transmit_state_t     state;

        int                     attempts; 
        int                     delay; 
        int                     flags; 
        uint8_t                 *data;    
        size_t                  sizeof_data; 
        VALUE_PAIR              *vps;   
} RADIUS_PACKET;

#define NR_PACKET_ENCODED  (1 << 0)
#define NR_PACKET_HEADER   (1 << 1)
#define NR_PACKET_SIGNED   (1 << 2)
#define NR_PACKET_OK       (1 << 3)
#define NR_PACKET_VERIFIED (1 << 4)
#define NR_PACKET_DECODED  (1 << 5)


typedef struct nr_retransmit_config_t {
        int             irt;

        int             mrt;    /* default 16s */

        int             mrd;    /* default 30s */

        int             mrc;    /* default 5 attempts */
} nr_retransmit_config_t;

typedef struct nr_track_id_t {
        int             sockfd;         
        int             code;           
        struct sockaddr_storage src;    
        struct sockaddr_storage dst;    
        socklen_t       sizeof_addr;    
        const char      *secret;        
        size_t          sizeof_secret;  
        int             used;           
        void            *ctx;           
        int             (*packet_send)(void *, RADIUS_PACKET *); 
        nr_retransmit_config_t timers;

        RADIUS_PACKET   *ids[256];      
} nr_track_id_t;


extern const char *nr_strerror(int error);

extern VALUE_PAIR *nr_vp_alloc(const DICT_ATTR *da);

extern void nr_vp_free(VALUE_PAIR **head);

extern VALUE_PAIR *nr_vp_init(VALUE_PAIR *vp, const DICT_ATTR *da);

extern VALUE_PAIR *nr_vp_alloc_raw(unsigned int attr, unsigned int vendor);

extern int nr_vp_set_data(VALUE_PAIR *vp, const void *data, size_t data_len);

extern int nr_vp_set_raw_data(VALUE_PAIR *vp, const void *data, size_t data_len);

extern VALUE_PAIR *nr_vp_create(int attr, int vendor, const void *data,
                              size_t data_len);

extern void nr_vps_append(VALUE_PAIR **head, VALUE_PAIR *vp);

extern VALUE_PAIR *nr_vps_find(VALUE_PAIR *head,
                            unsigned int attr, unsigned int vendor);

extern const DICT_ATTR *nr_dict_attr_byvalue(unsigned int attr,
                                         unsigned int vendor);

extern const DICT_ATTR *nr_dict_attr_byname(const char *name);

extern int nr_dict_attr_2struct(DICT_ATTR *da,
                                unsigned int attr, unsigned int vendor,
                                char *buffer, size_t bufsize);

extern const DICT_VALUE *nr_dict_value_byattr(unsigned int attr,
                                        unsigned int vendor,
                                        int value);

const DICT_VALUE *nr_dict_value_byname(unsigned int attr,
                                 unsigned int vendor,
                                 const char *name);

extern int nr_dict_vendor_byname(const char *name);

extern const DICT_VENDOR *nr_dict_vendor_byvalue(unsigned int vendor);

extern const DICT_VENDOR nr_dict_vendors[];

extern const int nr_dict_num_attrs;

extern const DICT_ATTR nr_dict_attrs[];

extern const int nr_dict_num_names;

extern DICT_ATTR const *nr_dict_attr_names[];

extern const char *nr_packet_codes[NR_MAX_PACKET_CODE + 1];

extern ssize_t nr_socket_recv(RADIUS_PACKET *packet);

extern int nr_socket_send(RADIUS_PACKET *packet);


extern ssize_t nr_socket_recv_response(RADIUS_PACKET *response,
                                  const RADIUS_PACKET *request);

extern int nr_socket_send_response(RADIUS_PACKET *packet, const RADIUS_PACKET *original);

extern int nr_packet_ok(RADIUS_PACKET *packet);

extern int nr_packet_ok_raw(const uint8_t *data, size_t sizeof_data);

extern ssize_t nr_packet_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original);

extern int nr_packet_decode(RADIUS_PACKET *packet, const RADIUS_PACKET *original);

extern int nr_packet_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original);

extern int nr_packet_verify(RADIUS_PACKET *packet,
                            const RADIUS_PACKET *original);

extern void nr_packet_print_hex(RADIUS_PACKET *packet);


extern int nr_packet_can_encode(RADIUS_PACKET *packet,
                                const RADIUS_PACKET *original);

extern int nr_transmit_init(nr_track_id_t *s, RADIUS_PACKET *request);

extern int nr_transmit(nr_track_id_t *s,  struct timeval *when,
                       RADIUS_PACKET *request, RADIUS_PACKET *response);

extern struct sockaddr_storage *nr_ipv42sockaddr(uint32_t ipaddr, int port,
                                                 struct sockaddr_storage *s);

extern int sockaddr_cmp(const struct sockaddr_storage *a,
                        const struct sockaddr_storage *b);

extern int nr_socket_open(struct sockaddr_storage *s);

extern int nr_track_id_socket(nr_track_id_t *s,
                              struct sockaddr_storage *src,
                              struct sockaddr_storage *dst);
  
extern ssize_t nr_rand_bytes(uint8_t *data, size_t data_len);

extern uint32_t nr_rand(void);

extern void nr_timeval_add(struct timeval *t, unsigned int seconds,
                           unsigned int usec);

extern int nr_timeval_cmp(const struct timeval *a, const struct timeval *b);

extern int nr_track_id_init(nr_track_id_t *s, int code, const char *secret);

extern int nr_track_id_close(const nr_track_id_t *s);

extern int nr_track_id_alloc(nr_track_id_t *s, RADIUS_PACKET *packet);

extern int nr_track_id_realloc(nr_track_id_t *s, RADIUS_PACKET *packet);

extern int nr_track_id_release(nr_track_id_t *s, RADIUS_PACKET *packet);

extern int nr_track_id_packet_alloc(nr_track_id_t *s,
                                  RADIUS_PACKET **packet_p,
                                  RADIUS_PACKET *original,
                                  size_t sizeof_data);

extern void nr_track_id_packet_free(nr_track_id_t *s, RADIUS_PACKET *packet);

extern void nr_strerror_printf(const char *fmt, ...);

#ifndef NDEBUG
#define nr_debug_error nr_strerror_printf 
#else
#define nr_debug_error if (0) nr_strerror_printf
#endif

extern ssize_t nr_password_encrypt(uint8_t *output, size_t outlen,
                                   const uint8_t *input, size_t inlen,
                                   const char *secret, const uint8_t *vector);

extern ssize_t nr_tunnelpw_encrypt(uint8_t *output, size_t outlen,
                                   const uint8_t *input, size_t inlen,
                                   const char *secret, const uint8_t *vector);

extern ssize_t nr_tunnelpw_decrypt(uint8_t *output, size_t outlen,
                                   const uint8_t *input, size_t inlen,
                                   const char *secret, const uint8_t *vector);

extern void nr_hmac_md5(const uint8_t *data, size_t data_len,
                        const uint8_t *key, size_t key_len,
                        uint8_t digest[16]);

extern int nr_tlv_ok(const uint8_t *data, size_t length,
                      size_t dv_type, size_t dv_length);

typedef int (*nr_packet_walk_func_t)(void *, const DICT_ATTR *, const uint8_t *, size_t);

extern int nr_packet_walk(RADIUS_PACKET *packet, void *ctx,
                          nr_packet_walk_func_t callback);

extern int nr_packet_init(RADIUS_PACKET *packet, const RADIUS_PACKET *original,
                          const char *secret, int code,
                          void *data, size_t sizeof_data);

extern ssize_t nr_packet_attr_append(RADIUS_PACKET *packet,
                                     const RADIUS_PACKET *original,
                                     const DICT_ATTR *da,
                                     const void *data, size_t data_len);


extern ssize_t nr_packet_vps_append(RADIUS_PACKET *packet,
                                    const RADIUS_PACKET *original,
                                    const VALUE_PAIR *vps);

extern int nr_packet_response_ok(RADIUS_PACKET const *packet, RADIUS_PACKET const *response);

extern ssize_t nr_vp2attr(const RADIUS_PACKET *packet,
                      const RADIUS_PACKET *original,
                      const VALUE_PAIR **pvp, uint8_t *data, size_t room);

extern ssize_t nr_vp2rfc(const RADIUS_PACKET *packet,
                     const RADIUS_PACKET *original,
                     const VALUE_PAIR **pvp,
                     uint8_t *data, size_t room);

extern ssize_t nr_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original,
                            const uint8_t *data, size_t length,
                            VALUE_PAIR **pvp);

extern ssize_t nr_attr2vp_rfc(const RADIUS_PACKET *packet,
                        const RADIUS_PACKET *original,
                        const uint8_t *data, size_t length,
                        VALUE_PAIR **pvp);

extern ssize_t nr_attr2vp_vsa(const RADIUS_PACKET *packet,
                        const RADIUS_PACKET *original,
                        const uint8_t *data, size_t length,
                        VALUE_PAIR **pvp);

extern ssize_t nr_attr2vp_raw(const RADIUS_PACKET *packet,
                        const RADIUS_PACKET *original,
                        const uint8_t *data, size_t length,
                        VALUE_PAIR **pvp);

extern ssize_t nr_vp2vsa(const RADIUS_PACKET *packet, const RADIUS_PACKET *original,
                     const VALUE_PAIR **pvp, uint8_t *data,
                     size_t room);

extern ssize_t nr_attr2data(const RADIUS_PACKET *packet, ssize_t start,
                             unsigned int attr, unsigned int vendor,
                             const uint8_t **pdata, size_t *plength);

extern size_t nr_vp_snprintf(char *buffer, size_t bufsize, const VALUE_PAIR *vp);

extern size_t nr_vp_snprintf_value(char *buffer, size_t bufsize, const VALUE_PAIR *vp);

extern void nr_vp_fprintf_list(FILE *fp, const VALUE_PAIR *vps);

extern int nr_vp_sscanf(const char *string, VALUE_PAIR **pvp);

extern ssize_t nr_vp_sscanf_value(VALUE_PAIR *vp, const char *value);

#if 1
#define return_NR_ERR(_x) return -(NR_ERR_ ## _x)
#else
/*
 *  Used to see exactly where and when which function returned the error.
 */
#define return_NR_ERR(_x) {fprintf(stderr, "ERROR %s[%d] %d\n", __FILE__, __LINE__, NR_ERR_ ## _x); return -(NR_ERR_ ## _x);}
#endif

#if defined(__GNUC__)
# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
# define NEVER_RETURNS __attribute__ ((noreturn))
# define UNUSED __attribute__ ((unused))
# define BLANK_FORMAT " "       /* GCC_LINT whines about empty formats */
#else

# define PRINTF_LIKE(n)

# define NEVER_RETURNS

# define UNUSED

# define BLANK_FORMAT ""
#endif