Commit 370440a8 authored by Robert Dubner's avatar Robert Dubner
Browse files

Refactoring, mainly packet nomenclature

parent 0cdafb7e
Pipeline #3570 passed with stage
in 43 minutes and 23 seconds
......@@ -108,61 +108,26 @@ get_or_create_state_string(char *state_string, RADIUS_PACKET *request)
#define DONT_INCLUDE_STATE 2
static void
build_response_postamble( RADIUS_PACKET *response,
RADIUS_PACKET *request,
const char *state_string,
const char *shared_secret,
int include_state_attribute )
server_postamble( RADIUS_PACKET *response,
RADIUS_PACKET *request,
const char *shared_secret)
{
// At this point, we set up the Message-Authenticator.
// For now we leave the 16-byte payload as zeroes; they'll get filled
// in by AdjustPacketForSending()
char state_string_[255];
char *state_string = NULL;
PACKET_CODES code = get_code(response);
uint8_t message_authenticator[MD5_DIGEST_LENGTH];
memset(message_authenticator, 0, MD5_DIGEST_LENGTH);
add_attribute_to_radius_packet( response,
RATV_Message_Authenticator,
MD5_DIGEST_LENGTH,
message_authenticator);
if( state_string )
if( code != PC_Access_Request
&& code != PC_Access_Accept
&& code != PC_Access_Reject)
{
add_attribute_to_radius_packet( response,
RATV_State,
(uint8_t)strlen(state_string),
(uint8_t *)state_string);
get_or_create_state_string(state_string_, request);
state_string = state_string_;
}
// We now know the length of the RADIUS packet:
set_length(response, response->build_loc);
// With the entire packet built, we can now polish it off by creating the
// MD5 hash and HMAC fields:
if( response )
{
// Since we are responding to something, we must be a server:
AdjustServerPacketForSending( response, request, shared_secret);
}
else
{
AdjustClientPacketForSending( response, shared_secret);
}
}
static void
server_postamble( RADIUS_PACKET *response,
RADIUS_PACKET *request,
const char *shared_secret,
int include_state_attribute )
{
char state_string[255];
get_or_create_state_string(state_string, request);
build_response_postamble( response,
request,
state_string,
shared_secret,
include_state_attribute);
build_packet_postamble( response,
request,
state_string,
shared_secret);
}
......@@ -173,7 +138,7 @@ build_md5_challenge(RADIUS_PACKET *response,
const char *shared_secret)
{
DENTER;
build_response_preamble(response, get_identifier(request));
build_packet_preamble(response, PC_Access_Challenge, get_identifier(request));
// This brings us to the attributes portion of the RADIUS packet we are building.
// The first attribute we are going to build is an EAP-MD5 challenge.
......@@ -193,7 +158,7 @@ build_md5_challenge(RADIUS_PACKET *response,
EAP_CHALLENGE_ATTRIBUTE_LENGTH,
eap_message_data);
server_postamble(response, request, shared_secret, INCLUDE_STATE);
server_postamble(response, request, shared_secret);
}
static void
......@@ -204,7 +169,7 @@ build_peap_challenge( RADIUS_PACKET *response,
{
DENTER;
build_response_preamble(response, get_identifier(request));
build_packet_preamble(response, PC_Access_Challenge, get_identifier(request));
// This brings us to the attributes portion of the RADIUS packet we are building.
// The first attribute we are going to build is an EAP-PEAP challenge.
......@@ -222,7 +187,7 @@ build_peap_challenge( RADIUS_PACKET *response,
EAP_CHALLENGE_ATTRIBUTE_LENGTH,
eap_message_data);
server_postamble(response, request, shared_secret, INCLUDE_STATE);
server_postamble(response, request, shared_secret);
}
static void
......@@ -232,7 +197,7 @@ build_ttls_challenge( RADIUS_PACKET *response,
const char *shared_secret)
{
DENTER;
build_response_preamble(response, get_identifier(request));
build_packet_preamble(response, PC_Access_Challenge, get_identifier(request));
// This brings us to the attributes portion of the RADIUS packet we are building.
// The first attribute we are going to build is an EAP-TTLS challenge.
......@@ -250,7 +215,7 @@ build_ttls_challenge( RADIUS_PACKET *response,
EAP_CHALLENGE_ATTRIBUTE_LENGTH,
eap_message_data);
server_postamble(response, request, shared_secret, INCLUDE_STATE);
server_postamble(response, request, shared_secret);
}
static int
......@@ -643,7 +608,7 @@ build_tls_response( RADIUS_PACKET *response,
// 123 bytes of EAP-TLS data, to make up the 129 bytes
int retval = NO_RESPONSE_NECESSARY;
build_response_preamble(response, get_identifier(volatiles->request));
build_packet_preamble(response, PC_Access_Challenge, get_identifier(volatiles->request));
// Figure out how many EAP-TLS bytes we'll be transferring
size_t remaining_packet_tls_bytes = state->mtu; //MAXIMUM_PEAP_BYTES_PER_RADIUS_PACKET;
......@@ -774,7 +739,7 @@ build_tls_response( RADIUS_PACKET *response,
}
// With the PEAP messages out of the way, finish up the RADIUS packet:
server_postamble(response, volatiles->request, volatiles->shared_secret, INCLUDE_STATE);
server_postamble(response, volatiles->request, volatiles->shared_secret);
Debug( LDAP_DEBUG_ARGS,
DPREFIX "Built eap_tls response with %d EAP-message attributes\n",
......@@ -795,7 +760,7 @@ encrypt_and_send_response( STATE *state,
RADIUS_PACKET response_;
RADIUS_PACKET *response = &response_;
build_response_preamble(response, get_identifier(volatiles->request));
build_packet_preamble(response, PC_Access_Challenge, get_identifier(volatiles->request));
// It's now time to encrypt the data in cleartext_out
SSL_write( state->ssl,
......@@ -861,8 +826,7 @@ encrypt_and_send_response( STATE *state,
// With the PEAP message out of the way, finish up the RADIUS packet:
server_postamble( response,
volatiles->request,
volatiles->shared_secret,
INCLUDE_STATE);
volatiles->shared_secret);
rc = SendThePacket( response,
volatiles->radius_info->udp_socket,
......@@ -1570,10 +1534,7 @@ send_access_accept(STATE *state)
RADIUS_PACKET response_;
RADIUS_PACKET *response = &response_;
build_response_preamble(response, get_identifier(volatiles->request));
// Rather ham-handedly change the packet code::
response->packet_data[0] = PC_Access_Accept;
build_packet_preamble(response, PC_Access_Accept, get_identifier(volatiles->request));
// This brings us to the attributes portion of the RADIUS packet we are building.
......@@ -1613,8 +1574,7 @@ send_access_accept(STATE *state)
server_postamble( response,
volatiles->request,
volatiles->shared_secret,
DONT_INCLUDE_STATE);
volatiles->shared_secret);
return SendThePacket( response,
volatiles->radius_info->udp_socket,
......@@ -1634,10 +1594,7 @@ send_access_reject(STATE *state)
RADIUS_PACKET response_;
RADIUS_PACKET *response = &response_;
build_response_preamble(response, get_identifier(volatiles->request));
// Rather ham-handedly change the packet code::
response->packet_data[0] = PC_Access_Reject;
build_packet_preamble(response, PC_Access_Reject, get_identifier(volatiles->request));
// This brings us to the attributes portion of the RADIUS packet we are building.
......@@ -1656,8 +1613,7 @@ send_access_reject(STATE *state)
server_postamble( response,
volatiles->request,
volatiles->shared_secret,
DONT_INCLUDE_STATE);
volatiles->shared_secret);
return SendThePacket( response,
volatiles->radius_info->udp_socket,
......
......@@ -593,12 +593,12 @@ debugging_display_of(RADIUS_PACKET *packet)
}
void
build_response_preamble(RADIUS_PACKET *response, uint8_t packet_id)
build_packet_preamble(RADIUS_PACKET *response, PACKET_CODES packet_code, uint8_t packet_id)
{
radius_packet_initialize(response);
// Indicate that we are a RADIUS access challenge:
response->packet_data[response->build_loc++] = PC_Access_Challenge;
// Establish the packet code:
response->packet_data[response->build_loc++] = packet_code;
// Establish the RADIUS identifier:
response->packet_data[response->build_loc++] = packet_id;
......@@ -612,6 +612,47 @@ build_response_preamble(RADIUS_PACKET *response, uint8_t packet_id)
response->build_loc += AUTHENTICATOR_LENGTH;
}
void
build_packet_postamble( RADIUS_PACKET *response,
RADIUS_PACKET *request,
const char *state_string,
const char *shared_secret )
{
// At this point, we set up the Message-Authenticator.
// For now we leave the 16-byte payload as zeroes; they'll get filled
// in by AdjustPacketForSending()
uint8_t message_authenticator[MD5_DIGEST_LENGTH];
memset(message_authenticator, 0, MD5_DIGEST_LENGTH);
add_attribute_to_radius_packet( response,
RATV_Message_Authenticator,
MD5_DIGEST_LENGTH,
message_authenticator);
if( state_string )
{
add_attribute_to_radius_packet( response,
RATV_State,
(uint8_t)strlen(state_string),
(uint8_t *)state_string);
}
// We now know the length of the RADIUS packet:
set_length(response, response->build_loc);
// With the entire packet built, we can now polish it off by creating the
// MD5 hash and HMAC fields:
if( request )
{
// Since we are responding to a request, we must be a server:
AdjustServerPacketForSending( response, request, shared_secret);
}
else
{
AdjustClientPacketForSending( response, shared_secret);
}
}
void
AdjustServerPacketForSending( RADIUS_PACKET *response,
RADIUS_PACKET *request,
......
......@@ -294,16 +294,28 @@ void set_length(RADIUS_PACKET *radius_packet, int length);
uint8_t *get_authenticator(RADIUS_PACKET *radius_packet);
void debugging_display_of(RADIUS_PACKET *packet);
char * radius_attribute_to_text(RADIUS_ATTRIBUTE *ra, char *buffer, size_t buf_len);
char * radius_attribute_to_text(RADIUS_ATTRIBUTE *ra,
char *buffer,
size_t buf_len);
void radius_packet_initialize( RADIUS_PACKET *radius_packet );
void build_response_preamble(RADIUS_PACKET *response, uint8_t packet_idt);
void build_packet_preamble( RADIUS_PACKET *response,
PACKET_CODES packet_code,
uint8_t packet_idt);
void build_packet_postamble( RADIUS_PACKET *response,
RADIUS_PACKET *request,
const char *state_string,
const char *shared_secret);
int radiusov_get_packet_from_request( RADIUS_PACKET *radius_packet,
uint8_t *incoming_request,
ssize_t recv_len);
RADIUS_ATTRIBUTE *fetch_attribute_from_packet(RADIUS_PACKET *radius_packet, uint8_t Type);
void add_attribute_to_radius_packet( RADIUS_PACKET *radius_packet, uint8_t Type, uint8_t DataLength, uint8_t *Data);
RADIUS_ATTRIBUTE *fetch_attribute_from_packet( RADIUS_PACKET
*radius_packet,
uint8_t Type);
void add_attribute_to_radius_packet(RADIUS_PACKET *radius_packet,
uint8_t Type,
uint8_t DataLength,
uint8_t *Data);
void AdjustServerPacketForSending( RADIUS_PACKET *response,
RADIUS_PACKET *request,
const char *shared_secret);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment