142
143
"IP-Address-Release"
146
* Internal prototypes
148
static void make_secret(unsigned char *digest, uint8_t *vector,
149
const char *secret, char *value);
147
#define AUTH_PASS_LEN (AUTH_VECTOR_LEN)
148
/*************************************************************************
150
* Function: make_secret
152
* Purpose: Build an encrypted secret value to return in a reply
153
* packet. The secret is hidden by xoring with a MD5 digest
154
* created from the shared secret and the authentication
155
* vector. We put them into MD5 in the reverse order from
156
* that used when encrypting passwords to RADIUS.
158
*************************************************************************/
159
static void make_secret(uint8_t *digest, const uint8_t *vector,
160
const char *secret, const uint8_t *value)
166
MD5Update(&context, vector, AUTH_VECTOR_LEN);
167
MD5Update(&context, secret, strlen(secret));
168
MD5Final(digest, &context);
170
for ( i = 0; i < AUTH_VECTOR_LEN; i++ ) {
171
digest[i] ^= value[i];
175
#define MAX_PASS_LEN (128)
176
static void make_passwd(uint8_t *output, int *outlen,
177
const uint8_t *input, int inlen,
178
const char *secret, const uint8_t *vector)
180
MD5_CTX context, old;
181
uint8_t digest[AUTH_VECTOR_LEN];
182
uint8_t passwd[MAX_PASS_LEN];
187
* If the length is zero, round it up.
193
else if (len > MAX_PASS_LEN) len = MAX_PASS_LEN;
195
else if ((len & 0x0f) != 0) {
201
memcpy(passwd, input, len);
202
memset(passwd + len, 0, sizeof(passwd) - len);
205
MD5Update(&context, secret, strlen(secret));
211
MD5Update(&context, vector, AUTH_PASS_LEN);
213
for (n = 0; n < len; n += AUTH_PASS_LEN) {
217
passwd + n - AUTH_PASS_LEN,
221
MD5Final(digest, &context);
222
for (i = 0; i < AUTH_PASS_LEN; i++) {
223
passwd[i + n] ^= digest[i];
227
memcpy(output, passwd, len);
230
static void make_tunnel_passwd(uint8_t *output, int *outlen,
231
const uint8_t *input, int inlen, int room,
232
const char *secret, const uint8_t *vector)
234
MD5_CTX context, old;
235
uint8_t digest[AUTH_VECTOR_LEN];
236
uint8_t passwd[MAX_STRING_LEN + AUTH_VECTOR_LEN];
241
* Account for 2 bytes of the salt, and round the room
242
* available down to the nearest multiple of 16. Then,
243
* subtract one from that to account for the length byte,
244
* and the resulting number is the upper bound on the data
247
* We could short-cut this calculation just be forcing
248
* inlen to be no more than 239. It would work for all
249
* VSA's, as we don't pack multiple VSA's into one
252
* However, this calculation is more general, if a little
253
* complex. And it will work in the future for all possible
254
* kinds of weird attribute packing.
257
room -= (room & 0x0f);
260
if (inlen > room) inlen = room;
263
* Length of the encrypted data is password length plus
264
* one byte for the length of the password.
267
if ((len & 0x0f) != 0) {
271
*outlen = len + 2; /* account for the salt */
274
* Copy the password over.
276
memcpy(passwd + 3, input, inlen);
277
memset(passwd + 3 + inlen, 0, sizeof(passwd) - 3 - inlen);
280
* Generate salt. The RFC's say:
282
* The high bit of salt[0] must be set, each salt in a
283
* packet should be unique, and they should be random
285
* So, we set the high bit, add in a counter, and then
286
* add in some CSPRNG data. should be OK..
288
passwd[0] = (0x80 | ( ((salt_offset++) & 0x0f) << 3) |
289
(lrad_rand() & 0x07));
290
passwd[1] = lrad_rand();
291
passwd[2] = inlen; /* length of the password string */
294
MD5Update(&context, secret, strlen(secret));
297
MD5Update(&context, vector, AUTH_VECTOR_LEN);
298
MD5Update(&context, &passwd[0], 2);
300
for (n = 0; n < len; n += AUTH_PASS_LEN) {
304
passwd + 2 + n - AUTH_PASS_LEN,
308
MD5Final(digest, &context);
309
for (i = 0; i < AUTH_PASS_LEN; i++) {
310
passwd[i + 2 + n] ^= digest[i];
313
memcpy(output, passwd, len + 2);
318
* Parse a data structure into a RADIUS attribute.
320
int rad_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original,
321
const char *secret, const VALUE_PAIR *vp, uint8_t *ptr)
324
int offset, len, total_length;
326
uint8_t *length_ptr, *vsa_length_ptr;
327
const uint8_t *data = NULL;
330
vendorcode = total_length = 0;
331
length_ptr = vsa_length_ptr = NULL;
334
* For interoperability, always put vendor attributes
335
* into their own VSA.
337
if ((vendorcode = VENDOR(vp->attribute)) != 0) {
339
* Build a VSA header.
341
*ptr++ = PW_VENDOR_SPECIFIC;
342
vsa_length_ptr = ptr;
344
lvalue = htonl(vendorcode);
345
memcpy(ptr, &lvalue, 4);
349
if (vendorcode == VENDORPEC_USR) {
350
lvalue = htonl(vp->attribute & 0xFFFF);
351
memcpy(ptr, &lvalue, 4);
353
length_ptr = vsa_length_ptr;
360
* We don't have two different lengths.
362
vsa_length_ptr = NULL;
364
} else if (vendorcode == VENDORPEC_LUCENT) {
366
* 16-bit attribute, 8-bit length
368
*ptr++ = ((vp->attribute >> 8) & 0xFF);
369
*ptr++ = (vp->attribute & 0xFF);
371
*vsa_length_ptr += 3;
375
} else if (vendorcode == VENDORPEC_STARENT) {
377
* 16-bit attribute, 16-bit length
378
* with the upper 8 bits of the length
381
*ptr++ = ((vp->attribute >> 8) & 0xFF);
382
*ptr++ = (vp->attribute & 0xFF);
385
*vsa_length_ptr += 4;
390
* All other VSA's are encoded the same
393
*vsa_length_ptr += 2;
399
* All other attributes are encoded as
402
*ptr++ = (vp->attribute & 0xFF);
409
if (vp->flags.has_tag) {
410
if (TAG_VALID(vp->flags.tag)) {
411
ptr[0] = vp->flags.tag & 0xff;
414
} else if (vp->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) {
416
* Tunnel passwords REQUIRE a tag, even
417
* if don't have a valid tag.
421
} /* else don't write a tag */
422
} /* else the attribute doesn't have a tag */
425
* Set up the default sources for the data.
431
* Encrypted passwords can't be very long.
432
* This check also ensures that the hashed version
433
* of the password + attribute header fits into one
436
* FIXME: Print a warning message if it's too long?
438
if (vp->flags.encrypt && (len > MAX_PASS_LEN)) {
446
case PW_TYPE_IPV6ADDR:
447
case PW_TYPE_IPV6PREFIX:
448
case PW_TYPE_ABINARY:
449
/* nothing more to do */
452
case PW_TYPE_INTEGER:
453
len = 4; /* just in case */
454
lvalue = htonl(vp->lvalue);
455
memcpy(array, &lvalue, sizeof(lvalue));
458
* Perhaps discard the first octet.
460
data = &array[offset];
465
data = (const uint8_t *) &vp->lvalue;
466
len = 4; /* just in case */
470
* There are no tagged date attributes.
473
lvalue = htonl(vp->lvalue);
474
data = (const uint8_t *) &lvalue;
475
len = 4; /* just in case */
478
default: /* unknown type: ignore it */
479
librad_log("ERROR: Unknown attribute type %d", vp->type);
484
* Bound the data to 255 bytes.
486
if (len + offset + total_length > 255) {
487
len = 255 - offset - total_length;
491
* Encrypt the various password styles
493
* Attributes with encrypted values MUST be less than
496
switch (vp->flags.encrypt) {
497
case FLAG_ENCRYPT_USER_PASSWORD:
498
make_passwd(ptr + offset, &len,
500
secret, packet->vector);
503
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
505
librad_log("ERROR: No request packet, cannot encrypt %s attribute in the vp.", vp->name);
510
* Check if 255 - offset - total_length is less
511
* than 18. If so, we can't fit the data into
512
* the available space, and we discard the
515
* This is ONLY a problem if we have multiple VSA's
516
* in one Vendor-Specific, though.
518
if ((255 - offset - total_length) < 18) return 0;
521
* Can't make the password, suppress it.
523
make_tunnel_passwd(ptr + offset, &len,
524
data, len, 255 - offset - total_length,
525
secret, original->vector);
529
* The code above ensures that this attribute
532
case FLAG_ENCRYPT_ASCEND_SECRET:
533
make_secret(ptr + offset, packet->vector,
535
len = AUTH_VECTOR_LEN;
541
* Just copy the data over
543
memcpy(ptr + offset, data, len);
545
} /* switch over encryption flags */
548
* Account for the tag (if any).
553
* RFC 2865 section 5 says that zero-length attributes
556
if (len == 0) return 0;
559
* Update the various lengths.
562
if (vsa_length_ptr) *vsa_length_ptr += len;
566
return total_length; /* of attribute */
573
int rad_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original,
576
radius_packet_t *hdr;
578
uint16_t total_length;
583
* For simplicity in the following logic, we allow
584
* the attributes to "overflow" the 4k maximum
585
* RADIUS packet size, by one attribute.
587
* It's uint32_t, for alignment purposes.
589
uint32_t data[(MAX_PACKET_LEN + 256) / 4];
592
* Double-check some things based on packet code.
594
switch (packet->code) {
595
case PW_AUTHENTICATION_ACK:
596
case PW_AUTHENTICATION_REJECT:
597
case PW_ACCESS_CHALLENGE:
599
librad_log("ERROR: Cannot sign response packet without a request packet.");
605
* These packet vectors start off as all zero.
607
case PW_ACCOUNTING_REQUEST:
608
case PW_DISCONNECT_REQUEST:
610
memset(packet->vector, 0, sizeof(packet->vector));
618
* Use memory on the stack, until we know how
619
* large the packet will be.
621
hdr = (radius_packet_t *) data;
624
* Build standard header
626
hdr->code = packet->code;
627
hdr->id = packet->id;
629
memcpy(hdr->vector, packet->vector, sizeof(hdr->vector));
631
total_length = AUTH_HDR_LEN;
632
packet->verified = 0;
635
* Load up the configuration values for the user
640
* FIXME: Loop twice over the reply list. The first time,
641
* calculate the total length of data. The second time,
642
* allocate the memory, and fill in the VP's.
644
* Hmm... this may be slower than just doing a small
649
* Loop over the reply attributes for the packet.
651
for (reply = packet->vps; reply; reply = reply->next) {
653
* Ignore non-wire attributes
655
if ((VENDOR(reply->attribute) == 0) &&
656
((reply->attribute & 0xFFFF) > 0xff)) {
661
* Check that the packet is no more than 4k in
662
* size, AFTER over-flowing the 4k boundary.
663
* Note that the 'data' buffer, above, is one
664
* attribute longer than necessary, in order to
665
* permit this overflow.
667
if (total_length > MAX_PACKET_LEN) {
668
librad_log("ERROR: Too many attributes for packet, result is larger than RFC maximum of 4k");
673
* Set the Message-Authenticator to the correct
674
* length and initial value.
676
if (reply->attribute == PW_MESSAGE_AUTHENTICATOR) {
677
reply->length = AUTH_VECTOR_LEN;
678
memset(reply->strvalue, 0, AUTH_VECTOR_LEN);
679
packet->verified = total_length; /* HACK! */
683
* Print out ONLY the attributes which
684
* we're sending over the wire, and print
685
* them out BEFORE they're encrypted.
689
len = rad_vp2attr(packet, original, secret, reply, ptr);
690
if (len < 0) return -1;
693
} /* done looping over all attributes */
696
* Fill in the rest of the fields, and copy the data over
697
* from the local stack to the newly allocated memory.
699
* Yes, all this 'memcpy' is slow, but it means
700
* that we only allocate the minimum amount of
701
* memory for a request.
703
packet->data_len = total_length;
704
packet->data = (uint8_t *) malloc(packet->data_len);
706
librad_log("Out of memory");
710
memcpy(packet->data, data, packet->data_len);
711
hdr = (radius_packet_t *) packet->data;
713
total_length = htons(total_length);
714
memcpy(hdr->length, &total_length, sizeof(total_length));
721
* Sign a previously encoded packet.
723
int rad_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original,
726
radius_packet_t *hdr = (radius_packet_t *)packet->data;
729
* It wasn't assigned an Id, this is bad!
731
if (packet->id < 0) {
732
librad_log("ERROR: RADIUS packets must be assigned an Id.");
736
if (!packet->data || (packet->data_len < AUTH_HDR_LEN) ||
737
(packet->verified < 0)) {
738
librad_log("ERROR: You must call rad_encode() before rad_sign()");
743
* If there's a Message-Authenticator, update it
744
* now, BEFORE updating the authentication vector.
748
if (packet->verified > 0) {
749
uint8_t calc_auth_vector[AUTH_VECTOR_LEN];
751
switch (packet->code) {
752
case PW_ACCOUNTING_REQUEST:
753
case PW_ACCOUNTING_RESPONSE:
754
case PW_DISCONNECT_REQUEST:
755
case PW_DISCONNECT_ACK:
756
case PW_DISCONNECT_NAK:
760
memset(hdr->vector, 0, AUTH_VECTOR_LEN);
763
case PW_AUTHENTICATION_ACK:
764
case PW_AUTHENTICATION_REJECT:
765
case PW_ACCESS_CHALLENGE:
767
librad_log("ERROR: Cannot sign response packet without a request packet.");
770
memcpy(hdr->vector, original->vector,
774
default: /* others have vector already set to zero */
780
* Set the authentication vector to zero,
781
* calculate the signature, and put it
782
* into the Message-Authenticator
785
lrad_hmac_md5(packet->data, packet->data_len,
786
secret, strlen(secret),
788
memcpy(packet->data + packet->verified + 2,
789
calc_auth_vector, AUTH_VECTOR_LEN);
792
* Copy the original request vector back
795
memcpy(hdr->vector, packet->vector, AUTH_VECTOR_LEN);
799
* Switch over the packet code, deciding how to
802
switch (packet->code) {
804
* Request packets are not signed, bur
805
* have a random authentication vector.
807
case PW_AUTHENTICATION_REQUEST:
808
case PW_STATUS_SERVER:
812
* Reply packets are signed with the
813
* authentication vector of the request.
821
MD5Update(&context, packet->data, packet->data_len);
822
MD5Update(&context, secret, strlen(secret));
823
MD5Final(digest, &context);
825
memcpy(hdr->vector, digest, AUTH_VECTOR_LEN);
826
memcpy(packet->vector, digest, AUTH_VECTOR_LEN);
829
}/* switch over packet codes */
152
835
* Reply to the request. Also attach
178
861
* First time through, allocate room for the packet
180
863
if (!packet->data) {
181
radius_packet_t *hdr;
183
uint8_t *ptr, *length_ptr, *vsa_length_ptr;
186
int vendorcode, vendorpec;
187
u_short total_length;
189
int msg_auth_offset = 0;
192
* For simplicity in the following logic, we allow
193
* the attributes to "overflow" the 4k maximum
194
* RADIUS packet size, by one attribute.
196
uint8_t data[MAX_PACKET_LEN + 256];
199
* Use memory on the stack, until we know how
200
* large the packet will be.
202
hdr = (radius_packet_t *) data;
205
* Build standard header
207
hdr->code = packet->code;
208
hdr->id = packet->id;
211
* Double-check some things based on packet code.
213
switch (packet->code) {
214
case PW_AUTHENTICATION_ACK:
215
case PW_AUTHENTICATION_REJECT:
216
case PW_ACCESS_CHALLENGE:
218
librad_log("ERROR: Cannot sign response packet without a request packet.");
224
* These packet vectors start off as all zero.
226
case PW_ACCOUNTING_REQUEST:
227
case PW_DISCONNECT_REQUEST:
228
memset(packet->vector, 0, sizeof(packet->vector));
235
memcpy(hdr->vector, packet->vector, sizeof(hdr->vector));
237
DEBUG("Sending %s of id %d to %s:%d\n",
239
ip_ntoa((char *)ip_buffer, packet->dst_ipaddr),
242
total_length = AUTH_HDR_LEN;
245
* Load up the configuration values for the user
250
vsa_length_ptr = NULL;
253
* Loop over the reply attributes for the packet.
255
for (reply = packet->vps; reply; reply = reply->next) {
257
* Ignore non-wire attributes
259
if ((VENDOR(reply->attribute) == 0) &&
260
((reply->attribute & 0xFFFF) > 0xff)) {
265
* Check that the packet is no more than
266
* 4k in size, AFTER over-flowing the 4k
267
* boundary. Note that the 'data'
268
* buffer, above, is one attribute longer
269
* than necessary, in order to permit
272
if (total_length > MAX_PACKET_LEN) {
273
librad_log("ERROR: Too many attributes for packet, result is larger than RFC maximum of 4k");
278
* Set the Message-Authenticator to the
279
* correct length and initial value.
281
if (reply->attribute == PW_MESSAGE_AUTHENTICATOR) {
282
reply->length = AUTH_VECTOR_LEN;
283
memset(reply->strvalue, 0, AUTH_VECTOR_LEN);
284
msg_auth_offset = total_length;
288
* Print out ONLY the attributes which
289
* we're sending over the wire, and print
290
* them out BEFORE they're encrypted.
295
* We have a different vendor. Re-set
298
if (vendorcode != VENDOR(reply->attribute)) {
301
vsa_length_ptr = NULL;
305
* If the Vendor-Specific attribute is getting
306
* full, then create a new VSA attribute
308
* FIXME: Multiple VSA's per Vendor-Specific
309
* SHOULD be configurable. When that's done,
310
* the (1), below, can be changed to point to
311
* a configuration variable which is set TRUE
312
* if the NAS cannot understand multiple VSA's
313
* per Vendor-Specific
315
if ((1) || /* ALWAYS create a new Vendor-Specific */
317
(reply->length + *vsa_length_ptr) >= MAX_STRING_LEN)) {
320
vsa_length_ptr = NULL;
324
* Maybe we have the start of a set of
325
* (possibly many) VSA attributes from
326
* one vendor. Set a global VSA wrapper
328
if ((vendorcode == 0) &&
329
((vendorcode = VENDOR(reply->attribute)) != 0)) {
330
vendorpec = dict_vendorpec(vendorcode);
333
* This is a potentially bad error...
334
* we can't find the vendor ID!
336
if (vendorpec == 0) {
337
/* FIXME: log an error */
342
* Build a VSA header.
344
*ptr++ = PW_VENDOR_SPECIFIC;
345
vsa_length_ptr = ptr;
347
lvalue = htonl(vendorpec);
348
memcpy(ptr, &lvalue, 4);
353
if (vendorpec == VENDORPEC_USR) {
354
lvalue = htonl(reply->attribute & 0xFFFF);
355
memcpy(ptr, &lvalue, 4);
357
length_ptr = vsa_length_ptr;
364
* Each USR-style attribute gets
365
* it's own VSA wrapper, so we
366
* re-set the vendor specific
371
vsa_length_ptr = NULL;
375
* All other attributes are as
378
*ptr++ = (reply->attribute & 0xFF);
380
if (vsa_length_ptr) *vsa_length_ptr += 2;
385
switch(reply->type) {
388
* Ascend binary attributes are
389
* stored internally in binary form.
392
case PW_TYPE_IPV6ADDR:
393
case PW_TYPE_IPV6PREFIX:
394
case PW_TYPE_ABINARY:
398
* Encrypt the various password styles
400
switch (reply->flags.encrypt) {
404
case FLAG_ENCRYPT_USER_PASSWORD:
405
rad_pwencode((char *)reply->strvalue,
407
(const char *)secret,
408
(const char *)packet->vector);
411
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
413
librad_log("ERROR: No request packet, cannot encrypt Tunnel-Password attribute in the reply.");
416
rad_tunnel_pwencode(reply->strvalue,
423
case FLAG_ENCRYPT_ASCEND_SECRET:
424
make_secret(digest, packet->vector,
425
secret, reply->strvalue);
426
memcpy(reply->strvalue, digest, AUTH_VECTOR_LEN );
427
reply->length = AUTH_VECTOR_LEN;
429
} /* switch over encryption flags */
434
* Set the TAG at the beginning
435
* of the string if tagged. If
436
* tag value is not valid for
437
* tagged attribute, make it 0x00
438
* per RFC 2868. -cparker
440
if (reply->flags.has_tag) {
441
if (TAG_VALID(reply->flags.tag)) {
443
*ptr++ = reply->flags.tag;
445
} else if (reply->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) {
455
} /* else don't write a tag */
456
} /* else the attribute doesn't have a tag */
459
* Ensure we don't go too far.
460
* The 'length' of the attribute
461
* may be 0..255, minus whatever
462
* octets are used in the attribute
466
if (vsa_length_ptr) {
467
allowed -= *vsa_length_ptr;
469
allowed -= *length_ptr;
477
if (vsa_length_ptr) *vsa_length_ptr += len;
479
* If we have tagged attributes we can't assume that
480
* len == reply->length. Use reply->length for copying
481
* the string data into the packet. Use len for the
482
* true length of the string+tags.
484
memcpy(ptr, reply->strvalue, reply->length);
485
ptr += reply->length;
489
case PW_TYPE_INTEGER:
492
if (vsa_length_ptr) *vsa_length_ptr += 4;
494
if (reply->type == PW_TYPE_INTEGER ) {
495
/* If tagged, the tag becomes the MSB of the value */
496
if(reply->flags.has_tag) {
497
/* Tag must be ( 0x01 -> 0x1F ) OR 0x00 */
498
if(!TAG_VALID(reply->flags.tag)) {
499
reply->flags.tag = 0x00;
501
lvalue = htonl((reply->lvalue & 0xffffff) |
502
((reply->flags.tag & 0xff) << 24));
504
lvalue = htonl(reply->lvalue);
508
* IP address is already in
509
* network byte order.
511
lvalue = reply->lvalue;
513
memcpy(ptr, &lvalue, 4);
519
* There are no tagged date attributes.
523
if (vsa_length_ptr) *vsa_length_ptr += 4;
525
lvalue = htonl(reply->lvalue);
526
memcpy(ptr, &lvalue, 4);
533
} /* done looping over all attributes */
536
* Fill in the rest of the fields, and copy
537
* the data over from the local stack to
538
* the newly allocated memory.
540
* Yes, all this 'memcpy' is slow, but it means
541
* that we only allocate the minimum amount of
542
* memory for a request.
544
packet->data_len = total_length;
545
packet->data = (uint8_t *) malloc(packet->data_len);
547
librad_log("Out of memory");
550
memcpy(packet->data, data, packet->data_len);
551
hdr = (radius_packet_t *) packet->data;
553
total_length = htons(total_length);
554
memcpy(hdr->length, &total_length, sizeof(u_short));
557
* If this is not an authentication request, we
558
* need to calculate the md5 hash over the entire packet
559
* and put it in the vector.
561
secretlen = strlen(secret);
564
* If there's a Message-Authenticator, update it
565
* now, BEFORE updating the authentication vector.
567
if (msg_auth_offset) {
568
uint8_t calc_auth_vector[AUTH_VECTOR_LEN];
570
switch (packet->code) {
574
case PW_AUTHENTICATION_ACK:
575
case PW_AUTHENTICATION_REJECT:
576
case PW_ACCESS_CHALLENGE:
577
/* this was checked above */
578
memcpy(hdr->vector, original->vector,
584
* Set the authentication vector to zero,
585
* calculate the signature, and put it
586
* into the Message-Authenticator
589
memset(packet->data + msg_auth_offset + 2,
591
lrad_hmac_md5(packet->data, packet->data_len,
592
secret, secretlen, calc_auth_vector);
593
memcpy(packet->data + msg_auth_offset + 2,
594
calc_auth_vector, AUTH_VECTOR_LEN);
597
* Copy the original request vector back
600
memcpy(hdr->vector, packet->vector, AUTH_VECTOR_LEN);
604
* Switch over the packet code, deciding how to
607
switch (packet->code) {
609
* Request packets are not signed, bur
610
* have a random authentication vector.
612
case PW_AUTHENTICATION_REQUEST:
613
case PW_STATUS_SERVER:
617
* Reply packets are signed with the
618
* authentication vector of the request.
624
MD5Update(&context, packet->data, packet->data_len);
625
MD5Update(&context, secret, strlen(secret));
626
MD5Final(digest, &context);
628
memcpy(hdr->vector, digest, AUTH_VECTOR_LEN);
629
memcpy(packet->vector, digest, AUTH_VECTOR_LEN);
632
} /* switch over packet codes */
636
* If packet->data points to data, then we print out
637
* the VP list again only for debugging.
864
DEBUG("Sending %s of id %d to %s port %d\n",
866
ip_ntoa(ip_buffer, packet->dst_ipaddr),
872
if (rad_encode(packet, original, secret) < 0) {
877
* Re-sign it, including updating the
878
* Message-Authenticator.
880
if (rad_sign(packet, original, secret) < 0) {
885
* If packet->data points to data, then we print out
886
* the VP list again only for debugging.
639
888
} else if (librad_debug) {
640
DEBUG("Re-sending %s of id %d to %s:%d\n", what, packet->id,
641
ip_ntoa((char *)ip_buffer, packet->dst_ipaddr),
889
DEBUG("Re-sending %s of id %d to %s port %d\n", what, packet->id,
890
ip_ntoa(ip_buffer, packet->dst_ipaddr),
642
891
packet->dst_port);
644
893
for (reply = packet->vps; reply; reply = reply->next) {
1490
* Parse a RADIUS attribute into a data structure.
1492
static VALUE_PAIR *rad_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original,
1493
const char *secret, int attribute, int length,
1494
const uint8_t *data)
1499
if ((vp = paircreate(attribute, PW_TYPE_OCTETS)) == NULL) {
1504
* If length is greater than 253, something is SERIOUSLY
1507
if (length > 253) length = 253; /* paranoia (pair-anoia?) */
1509
vp->length = length;
1510
vp->operator = T_OP_EQ;
1516
if (vp->flags.has_tag) {
1517
if (TAG_VALID(data[0]) ||
1518
(vp->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD)) {
1520
* Tunnel passwords REQUIRE a tag, even
1521
* if don't have a valid tag.
1523
vp->flags.tag = data[0];
1525
if ((vp->type == PW_TYPE_STRING) ||
1526
(vp->type == PW_TYPE_OCTETS)) offset = 1;
1531
* Copy the data to be decrypted
1533
memcpy(&vp->strvalue[0], data + offset, length - offset);
1534
vp->length -= offset;
1537
* Decrypt the attribute.
1539
switch (vp->flags.encrypt) {
1543
case FLAG_ENCRYPT_USER_PASSWORD:
1545
rad_pwdecode((char *)vp->strvalue,
1549
rad_pwdecode((char *)vp->strvalue,
1553
if (vp->attribute == PW_USER_PASSWORD) {
1554
vp->length = strlen(vp->strvalue);
1559
* Tunnel-Password's may go ONLY
1560
* in response packets.
1562
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
1563
if (!original) goto raw;
1565
if (rad_tunnel_pwdecode(vp->strvalue, &vp->length,
1566
secret, original->vector) < 0) {
1572
* Ascend-Send-Secret
1573
* Ascend-Receive-Secret
1575
case FLAG_ENCRYPT_ASCEND_SECRET:
1579
uint8_t my_digest[AUTH_VECTOR_LEN];
1580
make_secret(my_digest,
1583
memcpy(vp->strvalue, my_digest,
1585
vp->strvalue[AUTH_VECTOR_LEN] = '\0';
1586
vp->length = strlen(vp->strvalue);
1592
} /* switch over encryption flags */
1596
case PW_TYPE_STRING:
1597
case PW_TYPE_OCTETS:
1598
case PW_TYPE_ABINARY:
1599
/* nothing more to do */
1602
case PW_TYPE_INTEGER:
1603
if (vp->length != 4) goto raw;
1605
memcpy(&vp->lvalue, vp->strvalue, 4);
1606
vp->lvalue = ntohl(vp->lvalue);
1608
if (vp->flags.has_tag) vp->lvalue &= 0x00ffffff;
1611
* Try to get named VALUEs
1615
dval = dict_valbyattr(vp->attribute,
1618
strNcpy(vp->strvalue,
1620
sizeof(vp->strvalue));
1626
if (vp->length != 4) goto raw;
1628
memcpy(&vp->lvalue, vp->strvalue, 4);
1629
vp->lvalue = ntohl(vp->lvalue);
1633
* IPv4 address. Keep it in network byte order in
1634
* vp->lvalue and put ASCII IP address in standard
1635
* dot notation into vp->strvalue.
1637
case PW_TYPE_IPADDR:
1638
if (vp->length != 4) goto raw;
1640
memcpy(&vp->lvalue, vp->strvalue, 4);
1641
ip_ntoa(vp->strvalue, vp->lvalue);
1645
* IPv6 interface ID is 8 octets long.
1648
if (vp->length != 8) goto raw;
1649
/* vp->vp_ifid == vp->strvalue */
1653
* IPv6 addresses are 16 octets long
1655
case PW_TYPE_IPV6ADDR:
1656
if (vp->length != 16) goto raw;
1657
/* vp->vp_ipv6addr == vp->strvalue */
1661
* IPv6 prefixes are 2 to 18 octets long.
1663
* RFC 3162: The first octet is unused.
1664
* The second is the length of the prefix
1665
* the rest are the prefix data.
1667
* The prefix length can have value 0 to 128.
1669
case PW_TYPE_IPV6PREFIX:
1670
if (vp->length < 2 || vp->length > 18) goto raw;
1671
if (vp->strvalue[1] > 128) goto raw;
1674
* FIXME: double-check that
1675
* (vp->strvalue[1] >> 3) matches vp->length + 2
1677
if (vp->length < 18) {
1678
memset(vp->strvalue + vp->length, 0,
1685
vp->type = PW_TYPE_OCTETS;
1686
vp->length = length;
1687
memcpy(vp->strvalue, data, length);
1691
* Ensure there's no encryption or tag stuff,
1692
* we just pass the attribute as-is.
1694
memset(&vp->flags, 0, sizeof(vp->flags));
1702
* Calculate/check digest, and decode radius attributes.
1704
int rad_decode(RADIUS_PACKET *packet, RADIUS_PACKET *original,
1708
uint32_t vendorcode;
1716
radius_packet_t *hdr;
1717
int vsa_tlen, vsa_llen;
1718
DICT_VENDOR *dv = NULL;
1257
1721
* Extract attribute-value pairs
1723
hdr = (radius_packet_t *)packet->data;
1259
1724
ptr = hdr->data;
1260
length = packet->data_len - AUTH_HDR_LEN;
1725
packet_length = packet->data_len - AUTH_HDR_LEN;
1263
1728
* There may be VP's already in the packet. Don't
1270
1735
vendorcode = 0;
1273
while (length > 0) {
1274
if (vendorlen > 0) {
1275
attribute = *ptr++ | (vendorcode << 16);
1737
vsa_tlen = vsa_llen = 1;
1740
* We have to read at least two bytes.
1742
* rad_recv() above ensures that this is OK.
1744
while (packet_length > 0) {
1749
* Normal attribute, handle it like normal.
1751
if (vendorcode == 0) {
1753
* No room to read attr/length,
1754
* or bad attribute, or attribute is
1755
* too short, or attribute is too long,
1756
* stop processing the packet.
1758
if ((packet_length < 2) ||
1759
(ptr[0] == 0) || (ptr[1] < 2) ||
1760
(ptr[1] > packet_length)) break;
1278
1762
attribute = *ptr++;
1279
1763
attrlen = *ptr++;
1768
if (attribute != PW_VENDOR_SPECIFIC) goto create_pair;
1771
* No vendor code, or ONLY vendor code.
1773
if (attrlen <= 4) goto create_pair;
1286
* This could be a Vendor-Specific attribute.
1779
* Handle Vendor-Specific
1288
if ((vendorlen <= 0) &&
1289
(attribute == PW_VENDOR_SPECIFIC)) {
1781
if (vendorlen == 0) {
1294
* attrlen was checked to be >= 6, in rad_recv
1787
* attrlen was checked above.
1296
1789
memcpy(&lvalue, ptr, 4);
1297
vendorcode = ntohl(lvalue);
1790
myvendor = ntohl(lvalue);
1793
* Zero isn't allowed.
1795
if (myvendor == 0) goto create_pair;
1300
1798
* This is an implementation issue.
1301
1799
* We currently pack vendor into the upper
1302
1800
* 16 bits of a 32-bit attribute number,
1303
1801
* so we can't handle vendor numbers larger
1304
1802
* than 16 bits.
1306
if (vendorcode > 65535) goto create_pair;
1309
* vendorcode was checked to be non-zero
1310
* above, in rad_recv.
1314
* First, check to see if the
1315
* sub-attributes fill the VSA, as
1316
* defined by the RFC. If not, then it
1317
* may be a USR-style VSA, or it may be a
1318
* vendor who packs all of the
1319
* information into one nonsense
1804
if (myvendor > 65535) goto create_pair;
1806
vsa_tlen = vsa_llen = 1;
1807
dv = dict_vendorbyvalue(myvendor);
1809
vsa_tlen = dv->type;
1810
vsa_llen = dv->length;
1814
* Sweep through the list of VSA's,
1815
* seeing if they exactly fill the
1816
* outer Vendor-Specific attribute.
1818
* If not, create a raw Vendor-Specific.
1322
1820
subptr = ptr + 4;
1323
1821
sublen = attrlen - 4;
1325
while (sublen > 0) {
1326
if (subptr[1] < 2) { /* too short */
1330
if (subptr[1] > sublen) { /* too long */
1334
sublen -= subptr[1]; /* just right */
1335
subptr += subptr[1];
1339
* If the attribute is RFC compatible,
1340
* then allow it as an RFC style VSA.
1824
* See if we can parse it.
1344
vendorlen = attrlen - 4;
1345
attribute = *ptr++ | (vendorcode << 16);
1351
* USR-style attributes are 4 octets,
1352
* with the upper 2 octets being zero.
1354
* The upper octets may not be zero,
1355
* but that then means we won't be
1356
* able to pack the vendor & attribute
1357
* into a 32-bit number, so we can't
1361
* FIXME: Update the dictionaries so
1362
* that we key off of per-attribute
1363
* flags "4-octet", instead of hard
1364
* coding USR here. This will also
1365
* let us send packets with other
1366
* vendors having 4-octet attributes.
1368
} else if ((vendorcode == VENDORPEC_USR) &&
1369
((ptr[4] == 0) && (ptr[5] == 0)) &&
1373
da = dict_attrbyvalue((vendorcode << 16) |
1378
* See if it's in the dictionary.
1379
* If so, it's a valid USR style
1380
* attribute. If not, it's not...
1382
* Don't touch 'attribute' until
1383
* we know what to do!
1386
attribute = ((vendorcode << 16) |
1392
} /* else it's not in the dictionary */
1393
} /* else it was a stupid vendor format */
1394
} /* else it wasn't a VSA */
1830
* Don't have a type, it's bad.
1832
if (sublen < vsa_tlen) goto create_pair;
1835
* Ensure that the attribute number
1844
myattr = (subptr[0] << 8) | subptr[1];
1848
if ((subptr[0] != 0) ||
1849
(subptr[1] != 0)) goto create_pair;
1851
myattr = (subptr[2] << 8) | subptr[3];
1855
* Our dictionary is broken.
1862
* Not enough room for one more
1865
if (sublen < vsa_tlen + vsa_llen) goto create_pair;
1868
attribute = (myvendor << 16) | myattr;
1869
ptr += 4 + vsa_tlen;
1870
attrlen -= (4 + vsa_tlen);
1871
packet_length -= 4 + vsa_tlen;
1875
if (subptr[vsa_tlen] < (vsa_tlen + vsa_llen))
1878
if (subptr[vsa_tlen] > sublen)
1880
sublen -= subptr[vsa_tlen];
1881
subptr += subptr[vsa_tlen];
1885
if (subptr[vsa_tlen] != 0) goto create_pair;
1886
if (subptr[vsa_tlen + 1] < (vsa_tlen + vsa_llen))
1888
if (subptr[vsa_tlen + 1] > sublen)
1890
sublen -= subptr[vsa_tlen + 1];
1891
subptr += subptr[vsa_tlen + 1];
1895
* Our dictionaries are
1901
} while (sublen > 0);
1903
vendorcode = myvendor;
1904
vendorlen = attrlen - 4;
1911
* attrlen is the length of this attribute.
1912
* total_len is the length of the encompassing
1921
attribute = (ptr[0] << 8) | ptr[1];
1924
default: /* can't hit this. */
1927
attribute |= (vendorcode << 16);
1932
attrlen = ptr[0] - (vsa_tlen + vsa_llen);
1936
attrlen = ptr[1] - (vsa_tlen + vsa_llen);
1939
default: /* can't hit this. */
1943
vendorlen -= vsa_tlen + vsa_llen + attrlen;
1944
if (vendorlen == 0) vendorcode = 0;
1945
packet_length -= (vsa_tlen + vsa_llen);
1397
1948
* Create the attribute, setting the default type
1400
1951
* over-ride this one.
1403
if ((pair = paircreate(attribute, PW_TYPE_OCTETS)) == NULL) {
1954
pair = rad_attr2vp(packet, original, secret,
1955
attribute, attrlen, ptr);
1404
1957
pairfree(&packet->vps);
1405
1958
librad_log("out of memory");
1409
pair->length = attrlen;
1410
pair->operator = T_OP_EQ;
1413
switch (pair->type) {
1416
* The attribute may be zero length,
1417
* or it may have a tag, and then no data...
1419
case PW_TYPE_STRING:
1420
if (pair->flags.has_tag) {
1424
* If there's sufficient room for
1425
* a tag, and the tag looks valid,
1428
if ((pair->length > 0) &&
1429
TAG_VALID_ZERO(*ptr)) {
1430
pair->flags.tag = *ptr;
1435
* If the leading tag
1436
* isn't valid, then it's
1437
* ignored for the tunnel
1438
* password attribute.
1440
} else if (pair->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) {
1442
* from RFC2868 - 3.5. Tunnel-Password
1443
* If the value of the Tag field is greater than
1444
* 0x00 and less than or equal to 0x1F, it SHOULD
1445
* be interpreted as indicating which tunnel
1446
* (of several alternatives) this attribute pertains;
1447
* otherwise, the Tag field SHOULD be ignored.
1449
pair->flags.tag = 0x00;
1450
if (pair->length > 0) pair->length--;
1453
pair->flags.tag = 0x00;
1457
* pair->length MAY be zero here.
1459
memcpy(pair->strvalue, ptr + offset,
1463
* Ascend binary attributes never have a
1464
* tag, and neither do the 'octets' type.
1466
case PW_TYPE_ABINARY:
1467
case PW_TYPE_OCTETS:
1468
/* attrlen always < MAX_STRING_LEN */
1469
memcpy(pair->strvalue, ptr, attrlen);
1470
pair->flags.tag = 0;
1474
* Decrypt passwords here.
1476
switch (pair->flags.encrypt) {
1483
case FLAG_ENCRYPT_USER_PASSWORD:
1485
rad_pwdecode((char *)pair->strvalue,
1486
pair->length, secret,
1487
(char *)original->vector);
1489
rad_pwdecode((char *)pair->strvalue,
1490
pair->length, secret,
1491
(char *)packet->vector);
1493
if (pair->attribute == PW_USER_PASSWORD) {
1494
pair->length = strlen(pair->strvalue);
1499
* Tunnel-Password's may go ONLY
1500
* in response packets.
1502
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
1504
librad_log("ERROR: Tunnel-Password attribute in request: Cannot decrypt it.");
1508
if (rad_tunnel_pwdecode(pair->strvalue,
1511
(char *)original->vector) < 0) {
1518
* Ascend-Send-Secret
1519
* Ascend-Receive-Secret
1521
case FLAG_ENCRYPT_ASCEND_SECRET:
1523
librad_log("ERROR: Ascend-Send-Secret attribute in request: Cannot decrypt it.");
1527
uint8_t my_digest[AUTH_VECTOR_LEN];
1528
make_secret(my_digest,
1531
memcpy(pair->strvalue, my_digest,
1533
pair->strvalue[AUTH_VECTOR_LEN] = '\0';
1534
pair->length = strlen(pair->strvalue);
1537
} /* switch over encryption flags */
1538
break; /* from octets/string/abinary */
1540
case PW_TYPE_INTEGER:
1542
case PW_TYPE_IPADDR:
1544
* Check for RFC compliance. If the
1545
* attribute isn't compliant, turn it
1546
* into a string of raw octets.
1548
* Also set the lvalue to something
1549
* which should never match anything.
1552
pair->type = PW_TYPE_OCTETS;
1553
memcpy(pair->strvalue, ptr, attrlen);
1554
pair->lvalue = 0xbad1bad1;
1558
memcpy(&lvalue, ptr, 4);
1560
if (pair->type != PW_TYPE_IPADDR) {
1561
pair->lvalue = ntohl(lvalue);
1564
* It's an IP address, keep it in network
1565
* byte order, and put the ASCII IP
1566
* address or host name into the string
1569
pair->lvalue = lvalue;
1570
ip_ntoa(pair->strvalue, pair->lvalue);
1574
* Tagged attributes of type integer have
1575
* special treatment.
1577
if (pair->flags.has_tag &&
1578
pair->type == PW_TYPE_INTEGER) {
1579
pair->flags.tag = (pair->lvalue >> 24) & 0xff;
1580
pair->lvalue &= 0x00ffffff;
1584
* Try to get the name for integer
1587
if (pair->type == PW_TYPE_INTEGER) {
1589
dval = dict_valbyattr(pair->attribute,
1592
strNcpy(pair->strvalue,
1594
sizeof(pair->strvalue));
1600
* IPv6 interface ID is 8 octets long.
1604
pair->type = PW_TYPE_OCTETS;
1605
memcpy(pair->strvalue, ptr, attrlen);
1609
* IPv6 addresses are 16 octets long
1611
case PW_TYPE_IPV6ADDR:
1613
pair->type = PW_TYPE_OCTETS;
1614
memcpy(pair->strvalue, ptr, attrlen);
1618
* IPv6 prefixes are 2 to 18 octets long.
1620
* RFC 3162: The first octet is unused.
1621
* The second is the length of the prefix
1622
* the rest are the prefix data.
1624
* The prefix length can have value 0 to 128.
1626
case PW_TYPE_IPV6PREFIX:
1627
if (attrlen < 2 || attrlen > 18)
1628
pair->type = PW_TYPE_OCTETS;
1631
pair->type = PW_TYPE_OCTETS;
1634
* FIXME: double-check that
1635
* (ptr[1] >> 3) matches attrlen + 2
1638
memcpy(pair->strvalue, ptr, attrlen);
1642
DEBUG(" %s (Unknown Type %d)\n",
1643
pair->name, pair->type);
1655
1966
ptr += attrlen;
1657
if (vendorlen > 0) vendorlen -= (attrlen + 2);
1967
packet_length -= attrlen;
1661
1971
* Merge information from the outside world into our
1664
for (length = 0; length < AUTH_VECTOR_LEN; length++) {
1665
lrad_rand_pool.randmem[length] += packet->vector[length];
1667
lrad_rand_pool.randmem[lrad_rand_pool.randmem[0] & 0xff] += packet->id;
1668
lrad_rand_pool.randmem[lrad_rand_pool.randmem[1] & 0xff] += packet->data_len;
1974
lrad_rand_seed(packet->data, AUTH_HDR_LEN);