Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Robert Dubner
OpenLDAP
Commits
370440a8
Commit
370440a8
authored
Sep 25, 2021
by
Robert Dubner
Browse files
Refactoring, mainly packet nomenclature
parent
0cdafb7e
Pipeline
#3570
passed with stage
in 43 minutes and 23 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
contrib/slapd-modules/radiusov/radius.c
View file @
370440a8
...
...
@@ -108,61 +108,26 @@ get_or_create_state_string(char *state_string, RADIUS_PACKET *request)
#define DONT_INCLUDE_STATE 2
static
void
build_response_postamble
(
RADIUS_PACKET
*
response
,
RADIUS_PACKET
*
request
,
const
char
*
state_string
,
const
char
*
shared_secret
,
int
include_state_attribute
)
server_postamble
(
RADIUS_PACKET
*
response
,
RADIUS_PACKET
*
request
,
const
char
*
shared_secret
)
{
// At this point, we set up the Message-Authenticator.
// For now we leave the 16-byte payload as zeroes; they'll get filled
// in by AdjustPacketForSending()
char
state_string_
[
255
];
char
*
state_string
=
NULL
;
PACKET_CODES
code
=
get_code
(
response
);
uint8_t
message_authenticator
[
MD5_DIGEST_LENGTH
];
memset
(
message_authenticator
,
0
,
MD5_DIGEST_LENGTH
);
add_attribute_to_radius_packet
(
response
,
RATV_Message_Authenticator
,
MD5_DIGEST_LENGTH
,
message_authenticator
);
if
(
state_string
)
if
(
code
!=
PC_Access_Request
&&
code
!=
PC_Access_Accept
&&
code
!=
PC_Access_Reject
)
{
add_attribute_to_radius_packet
(
response
,
RATV_State
,
(
uint8_t
)
strlen
(
state_string
),
(
uint8_t
*
)
state_string
);
get_or_create_state_string
(
state_string_
,
request
);
state_string
=
state_string_
;
}
// We now know the length of the RADIUS packet:
set_length
(
response
,
response
->
build_loc
);
// With the entire packet built, we can now polish it off by creating the
// MD5 hash and HMAC fields:
if
(
response
)
{
// Since we are responding to something, we must be a server:
AdjustServerPacketForSending
(
response
,
request
,
shared_secret
);
}
else
{
AdjustClientPacketForSending
(
response
,
shared_secret
);
}
}
static
void
server_postamble
(
RADIUS_PACKET
*
response
,
RADIUS_PACKET
*
request
,
const
char
*
shared_secret
,
int
include_state_attribute
)
{
char
state_string
[
255
];
get_or_create_state_string
(
state_string
,
request
);
build_response_postamble
(
response
,
request
,
state_string
,
shared_secret
,
include_state_attribute
);
build_packet_postamble
(
response
,
request
,
state_string
,
shared_secret
);
}
...
...
@@ -173,7 +138,7 @@ build_md5_challenge(RADIUS_PACKET *response,
const
char
*
shared_secret
)
{
DENTER
;
build_
response
_preamble
(
response
,
get_identifier
(
request
));
build_
packet
_preamble
(
response
,
PC_Access_Challenge
,
get_identifier
(
request
));
// This brings us to the attributes portion of the RADIUS packet we are building.
// The first attribute we are going to build is an EAP-MD5 challenge.
...
...
@@ -193,7 +158,7 @@ build_md5_challenge(RADIUS_PACKET *response,
EAP_CHALLENGE_ATTRIBUTE_LENGTH
,
eap_message_data
);
server_postamble
(
response
,
request
,
shared_secret
,
INCLUDE_STATE
);
server_postamble
(
response
,
request
,
shared_secret
);
}
static
void
...
...
@@ -204,7 +169,7 @@ build_peap_challenge( RADIUS_PACKET *response,
{
DENTER
;
build_
response
_preamble
(
response
,
get_identifier
(
request
));
build_
packet
_preamble
(
response
,
PC_Access_Challenge
,
get_identifier
(
request
));
// This brings us to the attributes portion of the RADIUS packet we are building.
// The first attribute we are going to build is an EAP-PEAP challenge.
...
...
@@ -222,7 +187,7 @@ build_peap_challenge( RADIUS_PACKET *response,
EAP_CHALLENGE_ATTRIBUTE_LENGTH
,
eap_message_data
);
server_postamble
(
response
,
request
,
shared_secret
,
INCLUDE_STATE
);
server_postamble
(
response
,
request
,
shared_secret
);
}
static
void
...
...
@@ -232,7 +197,7 @@ build_ttls_challenge( RADIUS_PACKET *response,
const
char
*
shared_secret
)
{
DENTER
;
build_
response
_preamble
(
response
,
get_identifier
(
request
));
build_
packet
_preamble
(
response
,
PC_Access_Challenge
,
get_identifier
(
request
));
// This brings us to the attributes portion of the RADIUS packet we are building.
// The first attribute we are going to build is an EAP-TTLS challenge.
...
...
@@ -250,7 +215,7 @@ build_ttls_challenge( RADIUS_PACKET *response,
EAP_CHALLENGE_ATTRIBUTE_LENGTH
,
eap_message_data
);
server_postamble
(
response
,
request
,
shared_secret
,
INCLUDE_STATE
);
server_postamble
(
response
,
request
,
shared_secret
);
}
static
int
...
...
@@ -643,7 +608,7 @@ build_tls_response( RADIUS_PACKET *response,
// 123 bytes of EAP-TLS data, to make up the 129 bytes
int
retval
=
NO_RESPONSE_NECESSARY
;
build_
response
_preamble
(
response
,
get_identifier
(
volatiles
->
request
));
build_
packet
_preamble
(
response
,
PC_Access_Challenge
,
get_identifier
(
volatiles
->
request
));
// Figure out how many EAP-TLS bytes we'll be transferring
size_t
remaining_packet_tls_bytes
=
state
->
mtu
;
//MAXIMUM_PEAP_BYTES_PER_RADIUS_PACKET;
...
...
@@ -774,7 +739,7 @@ build_tls_response( RADIUS_PACKET *response,
}
// With the PEAP messages out of the way, finish up the RADIUS packet:
server_postamble
(
response
,
volatiles
->
request
,
volatiles
->
shared_secret
,
INCLUDE_STATE
);
server_postamble
(
response
,
volatiles
->
request
,
volatiles
->
shared_secret
);
Debug
(
LDAP_DEBUG_ARGS
,
DPREFIX
"Built eap_tls response with %d EAP-message attributes
\n
"
,
...
...
@@ -795,7 +760,7 @@ encrypt_and_send_response( STATE *state,
RADIUS_PACKET
response_
;
RADIUS_PACKET
*
response
=
&
response_
;
build_
response
_preamble
(
response
,
get_identifier
(
volatiles
->
request
));
build_
packet
_preamble
(
response
,
PC_Access_Challenge
,
get_identifier
(
volatiles
->
request
));
// It's now time to encrypt the data in cleartext_out
SSL_write
(
state
->
ssl
,
...
...
@@ -861,8 +826,7 @@ encrypt_and_send_response( STATE *state,
// With the PEAP message out of the way, finish up the RADIUS packet:
server_postamble
(
response
,
volatiles
->
request
,
volatiles
->
shared_secret
,
INCLUDE_STATE
);
volatiles
->
shared_secret
);
rc
=
SendThePacket
(
response
,
volatiles
->
radius_info
->
udp_socket
,
...
...
@@ -1570,10 +1534,7 @@ send_access_accept(STATE *state)
RADIUS_PACKET
response_
;
RADIUS_PACKET
*
response
=
&
response_
;
build_response_preamble
(
response
,
get_identifier
(
volatiles
->
request
));
// Rather ham-handedly change the packet code::
response
->
packet_data
[
0
]
=
PC_Access_Accept
;
build_packet_preamble
(
response
,
PC_Access_Accept
,
get_identifier
(
volatiles
->
request
));
// This brings us to the attributes portion of the RADIUS packet we are building.
...
...
@@ -1613,8 +1574,7 @@ send_access_accept(STATE *state)
server_postamble
(
response
,
volatiles
->
request
,
volatiles
->
shared_secret
,
DONT_INCLUDE_STATE
);
volatiles
->
shared_secret
);
return
SendThePacket
(
response
,
volatiles
->
radius_info
->
udp_socket
,
...
...
@@ -1634,10 +1594,7 @@ send_access_reject(STATE *state)
RADIUS_PACKET
response_
;
RADIUS_PACKET
*
response
=
&
response_
;
build_response_preamble
(
response
,
get_identifier
(
volatiles
->
request
));
// Rather ham-handedly change the packet code::
response
->
packet_data
[
0
]
=
PC_Access_Reject
;
build_packet_preamble
(
response
,
PC_Access_Reject
,
get_identifier
(
volatiles
->
request
));
// This brings us to the attributes portion of the RADIUS packet we are building.
...
...
@@ -1656,8 +1613,7 @@ send_access_reject(STATE *state)
server_postamble
(
response
,
volatiles
->
request
,
volatiles
->
shared_secret
,
DONT_INCLUDE_STATE
);
volatiles
->
shared_secret
);
return
SendThePacket
(
response
,
volatiles
->
radius_info
->
udp_socket
,
...
...
contrib/slapd-modules/radiusov/rpacket.c
View file @
370440a8
...
...
@@ -593,12 +593,12 @@ debugging_display_of(RADIUS_PACKET *packet)
}
void
build_
response
_preamble
(
RADIUS_PACKET
*
response
,
uint8_t
packet_id
)
build_
packet
_preamble
(
RADIUS_PACKET
*
response
,
PACKET_CODES
packet_code
,
uint8_t
packet_id
)
{
radius_packet_initialize
(
response
);
//
Indicate that we are a RADIUS access challeng
e:
response
->
packet_data
[
response
->
build_loc
++
]
=
PC_Access_Challeng
e
;
//
Establish the packet cod
e:
response
->
packet_data
[
response
->
build_loc
++
]
=
packet_cod
e
;
// Establish the RADIUS identifier:
response
->
packet_data
[
response
->
build_loc
++
]
=
packet_id
;
...
...
@@ -612,6 +612,47 @@ build_response_preamble(RADIUS_PACKET *response, uint8_t packet_id)
response
->
build_loc
+=
AUTHENTICATOR_LENGTH
;
}
void
build_packet_postamble
(
RADIUS_PACKET
*
response
,
RADIUS_PACKET
*
request
,
const
char
*
state_string
,
const
char
*
shared_secret
)
{
// At this point, we set up the Message-Authenticator.
// For now we leave the 16-byte payload as zeroes; they'll get filled
// in by AdjustPacketForSending()
uint8_t
message_authenticator
[
MD5_DIGEST_LENGTH
];
memset
(
message_authenticator
,
0
,
MD5_DIGEST_LENGTH
);
add_attribute_to_radius_packet
(
response
,
RATV_Message_Authenticator
,
MD5_DIGEST_LENGTH
,
message_authenticator
);
if
(
state_string
)
{
add_attribute_to_radius_packet
(
response
,
RATV_State
,
(
uint8_t
)
strlen
(
state_string
),
(
uint8_t
*
)
state_string
);
}
// We now know the length of the RADIUS packet:
set_length
(
response
,
response
->
build_loc
);
// With the entire packet built, we can now polish it off by creating the
// MD5 hash and HMAC fields:
if
(
request
)
{
// Since we are responding to a request, we must be a server:
AdjustServerPacketForSending
(
response
,
request
,
shared_secret
);
}
else
{
AdjustClientPacketForSending
(
response
,
shared_secret
);
}
}
void
AdjustServerPacketForSending
(
RADIUS_PACKET
*
response
,
RADIUS_PACKET
*
request
,
...
...
contrib/slapd-modules/radiusov/rpacket.h
View file @
370440a8
...
...
@@ -294,16 +294,28 @@ void set_length(RADIUS_PACKET *radius_packet, int length);
uint8_t
*
get_authenticator
(
RADIUS_PACKET
*
radius_packet
);
void
debugging_display_of
(
RADIUS_PACKET
*
packet
);
char
*
radius_attribute_to_text
(
RADIUS_ATTRIBUTE
*
ra
,
char
*
buffer
,
size_t
buf_len
);
char
*
radius_attribute_to_text
(
RADIUS_ATTRIBUTE
*
ra
,
char
*
buffer
,
size_t
buf_len
);
void
radius_packet_initialize
(
RADIUS_PACKET
*
radius_packet
);
void
build_response_preamble
(
RADIUS_PACKET
*
response
,
uint8_t
packet_idt
);
void
build_packet_preamble
(
RADIUS_PACKET
*
response
,
PACKET_CODES
packet_code
,
uint8_t
packet_idt
);
void
build_packet_postamble
(
RADIUS_PACKET
*
response
,
RADIUS_PACKET
*
request
,
const
char
*
state_string
,
const
char
*
shared_secret
);
int
radiusov_get_packet_from_request
(
RADIUS_PACKET
*
radius_packet
,
uint8_t
*
incoming_request
,
ssize_t
recv_len
);
RADIUS_ATTRIBUTE
*
fetch_attribute_from_packet
(
RADIUS_PACKET
*
radius_packet
,
uint8_t
Type
);
void
add_attribute_to_radius_packet
(
RADIUS_PACKET
*
radius_packet
,
uint8_t
Type
,
uint8_t
DataLength
,
uint8_t
*
Data
);
RADIUS_ATTRIBUTE
*
fetch_attribute_from_packet
(
RADIUS_PACKET
*
radius_packet
,
uint8_t
Type
);
void
add_attribute_to_radius_packet
(
RADIUS_PACKET
*
radius_packet
,
uint8_t
Type
,
uint8_t
DataLength
,
uint8_t
*
Data
);
void
AdjustServerPacketForSending
(
RADIUS_PACKET
*
response
,
RADIUS_PACKET
*
request
,
const
char
*
shared_secret
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment