142
143
"IP-Address-Release"
146
* Internal prototypes
148
static void make_secret(unsigned char *digest, uint8_t *vector,
149
const char *secret, char *value);
147
#define AUTH_PASS_LEN (AUTH_VECTOR_LEN)
148
/*************************************************************************
150
* Function: make_secret
152
* Purpose: Build an encrypted secret value to return in a reply
153
* packet. The secret is hidden by xoring with a MD5 digest
154
* created from the shared secret and the authentication
155
* vector. We put them into MD5 in the reverse order from
156
* that used when encrypting passwords to RADIUS.
158
*************************************************************************/
159
static void make_secret(uint8_t *digest, const uint8_t *vector,
160
const char *secret, const uint8_t *value)
166
MD5Update(&context, vector, AUTH_VECTOR_LEN);
167
MD5Update(&context, secret, strlen(secret));
168
MD5Final(digest, &context);
170
for ( i = 0; i < AUTH_VECTOR_LEN; i++ ) {
171
digest[i] ^= value[i];
175
#define MAX_PASS_LEN (128)
176
static void make_passwd(uint8_t *output, int *outlen,
177
const uint8_t *input, int inlen,
178
const char *secret, const uint8_t *vector)
180
MD5_CTX context, old;
181
uint8_t digest[AUTH_VECTOR_LEN];
182
uint8_t passwd[MAX_PASS_LEN];
187
* If the length is zero, round it up.
193
else if (len > MAX_PASS_LEN) len = MAX_PASS_LEN;
195
else if ((len & 0x0f) != 0) {
201
memcpy(passwd, input, len);
202
memset(passwd + len, 0, sizeof(passwd) - len);
205
MD5Update(&context, secret, strlen(secret));
211
MD5Update(&context, vector, AUTH_PASS_LEN);
213
for (n = 0; n < len; n += AUTH_PASS_LEN) {
217
passwd + n - AUTH_PASS_LEN,
221
MD5Final(digest, &context);
222
for (i = 0; i < AUTH_PASS_LEN; i++) {
223
passwd[i + n] ^= digest[i];
227
memcpy(output, passwd, len);
230
static void make_tunnel_passwd(uint8_t *output, int *outlen,
231
const uint8_t *input, int inlen, int room,
232
const char *secret, const uint8_t *vector)
234
MD5_CTX context, old;
235
uint8_t digest[AUTH_VECTOR_LEN];
236
uint8_t passwd[MAX_STRING_LEN + AUTH_VECTOR_LEN];
241
* Account for 2 bytes of the salt, and round the room
242
* available down to the nearest multiple of 16. Then,
243
* subtract one from that to account for the length byte,
244
* and the resulting number is the upper bound on the data
247
* We could short-cut this calculation just be forcing
248
* inlen to be no more than 239. It would work for all
249
* VSA's, as we don't pack multiple VSA's into one
252
* However, this calculation is more general, if a little
253
* complex. And it will work in the future for all possible
254
* kinds of weird attribute packing.
257
room -= (room & 0x0f);
260
if (inlen > room) inlen = room;
263
* Length of the encrypted data is password length plus
264
* one byte for the length of the password.
267
if ((len & 0x0f) != 0) {
271
*outlen = len + 2; /* account for the salt */
274
* Copy the password over.
276
memcpy(passwd + 3, input, inlen);
277
memset(passwd + 3 + inlen, 0, sizeof(passwd) - 3 - inlen);
280
* Generate salt. The RFC's say:
282
* The high bit of salt[0] must be set, each salt in a
283
* packet should be unique, and they should be random
285
* So, we set the high bit, add in a counter, and then
286
* add in some CSPRNG data. should be OK..
288
passwd[0] = (0x80 | ( ((salt_offset++) & 0x0f) << 3) |
289
(lrad_rand() & 0x07));
290
passwd[1] = lrad_rand();
291
passwd[2] = inlen; /* length of the password string */
294
MD5Update(&context, secret, strlen(secret));
297
MD5Update(&context, vector, AUTH_VECTOR_LEN);
298
MD5Update(&context, &passwd[0], 2);
300
for (n = 0; n < len; n += AUTH_PASS_LEN) {
304
passwd + 2 + n - AUTH_PASS_LEN,
308
MD5Final(digest, &context);
309
for (i = 0; i < AUTH_PASS_LEN; i++) {
310
passwd[i + 2 + n] ^= digest[i];
313
memcpy(output, passwd, len + 2);
318
* Parse a data structure into a RADIUS attribute.
320
int rad_vp2attr(const RADIUS_PACKET *packet, const RADIUS_PACKET *original,
321
const char *secret, const VALUE_PAIR *vp, uint8_t *ptr)
324
int offset, len, total_length;
326
uint8_t *length_ptr, *vsa_length_ptr;
327
const uint8_t *data = NULL;
330
vendorcode = total_length = 0;
331
length_ptr = vsa_length_ptr = NULL;
334
* For interoperability, always put vendor attributes
335
* into their own VSA.
337
if ((vendorcode = VENDOR(vp->attribute)) != 0) {
339
* Build a VSA header.
341
*ptr++ = PW_VENDOR_SPECIFIC;
342
vsa_length_ptr = ptr;
344
lvalue = htonl(vendorcode);
345
memcpy(ptr, &lvalue, 4);
349
if (vendorcode == VENDORPEC_USR) {
350
lvalue = htonl(vp->attribute & 0xFFFF);
351
memcpy(ptr, &lvalue, 4);
353
length_ptr = vsa_length_ptr;
360
* We don't have two different lengths.
362
vsa_length_ptr = NULL;
364
} else if (vendorcode == VENDORPEC_LUCENT) {
366
* 16-bit attribute, 8-bit length
368
*ptr++ = ((vp->attribute >> 8) & 0xFF);
369
*ptr++ = (vp->attribute & 0xFF);
371
*vsa_length_ptr += 3;
375
} else if (vendorcode == VENDORPEC_STARENT) {
377
* 16-bit attribute, 16-bit length
378
* with the upper 8 bits of the length
381
*ptr++ = ((vp->attribute >> 8) & 0xFF);
382
*ptr++ = (vp->attribute & 0xFF);
385
*vsa_length_ptr += 4;
390
* All other VSA's are encoded the same
393
*vsa_length_ptr += 2;
399
* All other attributes are encoded as
402
*ptr++ = (vp->attribute & 0xFF);
409
if (vp->flags.has_tag) {
410
if (TAG_VALID(vp->flags.tag)) {
411
ptr[0] = vp->flags.tag & 0xff;
414
} else if (vp->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) {
416
* Tunnel passwords REQUIRE a tag, even
417
* if don't have a valid tag.
421
} /* else don't write a tag */
422
} /* else the attribute doesn't have a tag */
425
* Set up the default sources for the data.
431
* Encrypted passwords can't be very long.
432
* This check also ensures that the hashed version
433
* of the password + attribute header fits into one
436
* FIXME: Print a warning message if it's too long?
438
if (vp->flags.encrypt && (len > MAX_PASS_LEN)) {
446
case PW_TYPE_IPV6ADDR:
447
case PW_TYPE_IPV6PREFIX:
448
case PW_TYPE_ABINARY:
449
/* nothing more to do */
452
case PW_TYPE_INTEGER:
453
len = 4; /* just in case */
454
lvalue = htonl(vp->lvalue);
455
memcpy(array, &lvalue, sizeof(lvalue));
458
* Perhaps discard the first octet.
460
data = &array[offset];
465
data = (const uint8_t *) &vp->lvalue;
466
len = 4; /* just in case */
470
* There are no tagged date attributes.
473
lvalue = htonl(vp->lvalue);
474
data = (const uint8_t *) &lvalue;
475
len = 4; /* just in case */
478
default: /* unknown type: ignore it */
479
librad_log("ERROR: Unknown attribute type %d", vp->type);
484
* Bound the data to 255 bytes.
486
if (len + offset + total_length > 255) {
487
len = 255 - offset - total_length;
491
* Encrypt the various password styles
493
* Attributes with encrypted values MUST be less than
496
switch (vp->flags.encrypt) {
497
case FLAG_ENCRYPT_USER_PASSWORD:
498
make_passwd(ptr + offset, &len,
500
secret, packet->vector);
503
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
505
librad_log("ERROR: No request packet, cannot encrypt %s attribute in the vp.", vp->name);
510
* Check if 255 - offset - total_length is less
511
* than 18. If so, we can't fit the data into
512
* the available space, and we discard the
515
* This is ONLY a problem if we have multiple VSA's
516
* in one Vendor-Specific, though.
518
if ((255 - offset - total_length) < 18) return 0;
521
* Can't make the password, suppress it.
523
make_tunnel_passwd(ptr + offset, &len,
524
data, len, 255 - offset - total_length,
525
secret, original->vector);
529
* The code above ensures that this attribute
532
case FLAG_ENCRYPT_ASCEND_SECRET:
533
make_secret(ptr + offset, packet->vector,
535
len = AUTH_VECTOR_LEN;
541
* Just copy the data over
543
memcpy(ptr + offset, data, len);
545
} /* switch over encryption flags */
548
* Account for the tag (if any).
553
* RFC 2865 section 5 says that zero-length attributes
556
if (len == 0) return 0;
559
* Update the various lengths.
562
if (vsa_length_ptr) *vsa_length_ptr += len;
566
return total_length; /* of attribute */
573
int rad_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original,
576
radius_packet_t *hdr;
578
uint16_t total_length;
583
* For simplicity in the following logic, we allow
584
* the attributes to "overflow" the 4k maximum
585
* RADIUS packet size, by one attribute.
587
* It's uint32_t, for alignment purposes.
589
uint32_t data[(MAX_PACKET_LEN + 256) / 4];
592
* Double-check some things based on packet code.
594
switch (packet->code) {
595
case PW_AUTHENTICATION_ACK:
596
case PW_AUTHENTICATION_REJECT:
597
case PW_ACCESS_CHALLENGE:
599
librad_log("ERROR: Cannot sign response packet without a request packet.");
605
* These packet vectors start off as all zero.
607
case PW_ACCOUNTING_REQUEST:
608
case PW_DISCONNECT_REQUEST:
609
memset(packet->vector, 0, sizeof(packet->vector));
617
* Use memory on the stack, until we know how
618
* large the packet will be.
620
hdr = (radius_packet_t *) data;
623
* Build standard header
625
hdr->code = packet->code;
626
hdr->id = packet->id;
628
memcpy(hdr->vector, packet->vector, sizeof(hdr->vector));
630
total_length = AUTH_HDR_LEN;
631
packet->verified = 0;
634
* Load up the configuration values for the user
639
* FIXME: Loop twice over the reply list. The first time,
640
* calculate the total length of data. The second time,
641
* allocate the memory, and fill in the VP's.
643
* Hmm... this may be slower than just doing a small
648
* Loop over the reply attributes for the packet.
650
for (reply = packet->vps; reply; reply = reply->next) {
652
* Ignore non-wire attributes
654
if ((VENDOR(reply->attribute) == 0) &&
655
((reply->attribute & 0xFFFF) > 0xff)) {
660
* Check that the packet is no more than 4k in
661
* size, AFTER over-flowing the 4k boundary.
662
* Note that the 'data' buffer, above, is one
663
* attribute longer than necessary, in order to
664
* permit this overflow.
666
if (total_length > MAX_PACKET_LEN) {
667
librad_log("ERROR: Too many attributes for packet, result is larger than RFC maximum of 4k");
672
* Set the Message-Authenticator to the correct
673
* length and initial value.
675
if (reply->attribute == PW_MESSAGE_AUTHENTICATOR) {
676
reply->length = AUTH_VECTOR_LEN;
677
memset(reply->strvalue, 0, AUTH_VECTOR_LEN);
678
packet->verified = total_length; /* HACK! */
682
* Print out ONLY the attributes which
683
* we're sending over the wire, and print
684
* them out BEFORE they're encrypted.
688
len = rad_vp2attr(packet, original, secret, reply, ptr);
689
if (len < 0) return -1;
692
} /* done looping over all attributes */
695
* Fill in the rest of the fields, and copy the data over
696
* from the local stack to the newly allocated memory.
698
* Yes, all this 'memcpy' is slow, but it means
699
* that we only allocate the minimum amount of
700
* memory for a request.
702
packet->data_len = total_length;
703
packet->data = (uint8_t *) malloc(packet->data_len);
705
librad_log("Out of memory");
709
memcpy(packet->data, data, packet->data_len);
710
hdr = (radius_packet_t *) packet->data;
712
total_length = htons(total_length);
713
memcpy(hdr->length, &total_length, sizeof(total_length));
720
* Sign a previously encoded packet.
722
int rad_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original,
725
radius_packet_t *hdr = (radius_packet_t *)packet->data;
728
* It wasn't assigned an Id, this is bad!
730
if (packet->id < 0) {
731
librad_log("ERROR: RADIUS packets must be assigned an Id.");
735
if (!packet->data || (packet->data_len < AUTH_HDR_LEN) ||
736
(packet->verified < 0)) {
737
librad_log("ERROR: You must call rad_encode() before rad_sign()");
742
* If there's a Message-Authenticator, update it
743
* now, BEFORE updating the authentication vector.
747
if (packet->verified > 0) {
748
uint8_t calc_auth_vector[AUTH_VECTOR_LEN];
750
switch (packet->code) {
751
case PW_ACCOUNTING_REQUEST:
752
case PW_ACCOUNTING_RESPONSE:
753
case PW_DISCONNECT_REQUEST:
754
case PW_DISCONNECT_ACK:
755
case PW_DISCONNECT_NAK:
759
memset(hdr->vector, 0, AUTH_VECTOR_LEN);
762
case PW_AUTHENTICATION_ACK:
763
case PW_AUTHENTICATION_REJECT:
764
case PW_ACCESS_CHALLENGE:
766
librad_log("ERROR: Cannot sign response packet without a request packet.");
769
memcpy(hdr->vector, original->vector,
773
default: /* others have vector already set to zero */
779
* Set the authentication vector to zero,
780
* calculate the signature, and put it
781
* into the Message-Authenticator
784
lrad_hmac_md5(packet->data, packet->data_len,
785
secret, strlen(secret),
787
memcpy(packet->data + packet->verified + 2,
788
calc_auth_vector, AUTH_VECTOR_LEN);
791
* Copy the original request vector back
794
memcpy(hdr->vector, packet->vector, AUTH_VECTOR_LEN);
798
* Switch over the packet code, deciding how to
801
switch (packet->code) {
803
* Request packets are not signed, bur
804
* have a random authentication vector.
806
case PW_AUTHENTICATION_REQUEST:
807
case PW_STATUS_SERVER:
811
* Reply packets are signed with the
812
* authentication vector of the request.
820
MD5Update(&context, packet->data, packet->data_len);
821
MD5Update(&context, secret, strlen(secret));
822
MD5Final(digest, &context);
824
memcpy(hdr->vector, digest, AUTH_VECTOR_LEN);
825
memcpy(packet->vector, digest, AUTH_VECTOR_LEN);
828
}/* switch over packet codes */
152
834
* Reply to the request. Also attach
178
860
* First time through, allocate room for the packet
180
862
if (!packet->data) {
181
radius_packet_t *hdr;
183
uint8_t *ptr, *length_ptr, *vsa_length_ptr;
186
int vendorcode, vendorpec;
187
u_short total_length;
189
int msg_auth_offset = 0;
192
* For simplicity in the following logic, we allow
193
* the attributes to "overflow" the 4k maximum
194
* RADIUS packet size, by one attribute.
196
uint8_t data[MAX_PACKET_LEN + 256];
199
* Use memory on the stack, until we know how
200
* large the packet will be.
202
hdr = (radius_packet_t *) data;
205
* Build standard header
207
hdr->code = packet->code;
208
hdr->id = packet->id;
211
* Double-check some things based on packet code.
213
switch (packet->code) {
214
case PW_AUTHENTICATION_ACK:
215
case PW_AUTHENTICATION_REJECT:
216
case PW_ACCESS_CHALLENGE:
218
librad_log("ERROR: Cannot sign response packet without a request packet.");
224
* These packet vectors start off as all zero.
226
case PW_ACCOUNTING_REQUEST:
227
case PW_DISCONNECT_REQUEST:
228
memset(packet->vector, 0, sizeof(packet->vector));
235
memcpy(hdr->vector, packet->vector, sizeof(hdr->vector));
237
DEBUG("Sending %s of id %d to %s:%d\n",
239
ip_ntoa((char *)ip_buffer, packet->dst_ipaddr),
242
total_length = AUTH_HDR_LEN;
245
* Load up the configuration values for the user
250
vsa_length_ptr = NULL;
253
* Loop over the reply attributes for the packet.
255
for (reply = packet->vps; reply; reply = reply->next) {
257
* Ignore non-wire attributes
259
if ((VENDOR(reply->attribute) == 0) &&
260
((reply->attribute & 0xFFFF) > 0xff)) {
265
* Check that the packet is no more than
266
* 4k in size, AFTER over-flowing the 4k
267
* boundary. Note that the 'data'
268
* buffer, above, is one attribute longer
269
* than necessary, in order to permit
272
if (total_length > MAX_PACKET_LEN) {
273
librad_log("ERROR: Too many attributes for packet, result is larger than RFC maximum of 4k");
278
* Set the Message-Authenticator to the
279
* correct length and initial value.
281
if (reply->attribute == PW_MESSAGE_AUTHENTICATOR) {
282
reply->length = AUTH_VECTOR_LEN;
283
memset(reply->strvalue, 0, AUTH_VECTOR_LEN);
284
msg_auth_offset = total_length;
288
* Print out ONLY the attributes which
289
* we're sending over the wire, and print
290
* them out BEFORE they're encrypted.
295
* We have a different vendor. Re-set
298
if (vendorcode != VENDOR(reply->attribute)) {
301
vsa_length_ptr = NULL;
305
* If the Vendor-Specific attribute is getting
306
* full, then create a new VSA attribute
308
* FIXME: Multiple VSA's per Vendor-Specific
309
* SHOULD be configurable. When that's done,
310
* the (1), below, can be changed to point to
311
* a configuration variable which is set TRUE
312
* if the NAS cannot understand multiple VSA's
313
* per Vendor-Specific
315
if ((1) || /* ALWAYS create a new Vendor-Specific */
317
(reply->length + *vsa_length_ptr) >= MAX_STRING_LEN)) {
320
vsa_length_ptr = NULL;
324
* Maybe we have the start of a set of
325
* (possibly many) VSA attributes from
326
* one vendor. Set a global VSA wrapper
328
if ((vendorcode == 0) &&
329
((vendorcode = VENDOR(reply->attribute)) != 0)) {
330
vendorpec = dict_vendorpec(vendorcode);
333
* This is a potentially bad error...
334
* we can't find the vendor ID!
336
if (vendorpec == 0) {
337
/* FIXME: log an error */
342
* Build a VSA header.
344
*ptr++ = PW_VENDOR_SPECIFIC;
345
vsa_length_ptr = ptr;
347
lvalue = htonl(vendorpec);
348
memcpy(ptr, &lvalue, 4);
353
if (vendorpec == VENDORPEC_USR) {
354
lvalue = htonl(reply->attribute & 0xFFFF);
355
memcpy(ptr, &lvalue, 4);
357
length_ptr = vsa_length_ptr;
364
* Each USR-style attribute gets
365
* it's own VSA wrapper, so we
366
* re-set the vendor specific
371
vsa_length_ptr = NULL;
375
* All other attributes are as
378
*ptr++ = (reply->attribute & 0xFF);
380
if (vsa_length_ptr) *vsa_length_ptr += 2;
385
switch(reply->type) {
388
* Ascend binary attributes are
389
* stored internally in binary form.
392
case PW_TYPE_IPV6ADDR:
393
case PW_TYPE_IPV6PREFIX:
394
case PW_TYPE_ABINARY:
398
* Encrypt the various password styles
400
switch (reply->flags.encrypt) {
404
case FLAG_ENCRYPT_USER_PASSWORD:
405
rad_pwencode((char *)reply->strvalue,
407
(const char *)secret,
408
(const char *)packet->vector);
411
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
413
librad_log("ERROR: No request packet, cannot encrypt Tunnel-Password attribute in the reply.");
416
rad_tunnel_pwencode(reply->strvalue,
423
case FLAG_ENCRYPT_ASCEND_SECRET:
424
make_secret(digest, packet->vector,
425
secret, reply->strvalue);
426
memcpy(reply->strvalue, digest, AUTH_VECTOR_LEN );
427
reply->length = AUTH_VECTOR_LEN;
429
} /* switch over encryption flags */
434
* Set the TAG at the beginning
435
* of the string if tagged. If
436
* tag value is not valid for
437
* tagged attribute, make it 0x00
438
* per RFC 2868. -cparker
440
if (reply->flags.has_tag) {
441
if (TAG_VALID(reply->flags.tag)) {
443
*ptr++ = reply->flags.tag;
445
} else if (reply->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) {
455
} /* else don't write a tag */
456
} /* else the attribute doesn't have a tag */
459
* Ensure we don't go too far.
460
* The 'length' of the attribute
461
* may be 0..255, minus whatever
462
* octets are used in the attribute
466
if (vsa_length_ptr) {
467
allowed -= *vsa_length_ptr;
469
allowed -= *length_ptr;
477
if (vsa_length_ptr) *vsa_length_ptr += len;
479
* If we have tagged attributes we can't assume that
480
* len == reply->length. Use reply->length for copying
481
* the string data into the packet. Use len for the
482
* true length of the string+tags.
484
memcpy(ptr, reply->strvalue, reply->length);
485
ptr += reply->length;
489
case PW_TYPE_INTEGER:
492
if (vsa_length_ptr) *vsa_length_ptr += 4;
494
if (reply->type == PW_TYPE_INTEGER ) {
495
/* If tagged, the tag becomes the MSB of the value */
496
if(reply->flags.has_tag) {
497
/* Tag must be ( 0x01 -> 0x1F ) OR 0x00 */
498
if(!TAG_VALID(reply->flags.tag)) {
499
reply->flags.tag = 0x00;
501
lvalue = htonl((reply->lvalue & 0xffffff) |
502
((reply->flags.tag & 0xff) << 24));
504
lvalue = htonl(reply->lvalue);
508
* IP address is already in
509
* network byte order.
511
lvalue = reply->lvalue;
513
memcpy(ptr, &lvalue, 4);
519
* There are no tagged date attributes.
523
if (vsa_length_ptr) *vsa_length_ptr += 4;
525
lvalue = htonl(reply->lvalue);
526
memcpy(ptr, &lvalue, 4);
533
} /* done looping over all attributes */
536
* Fill in the rest of the fields, and copy
537
* the data over from the local stack to
538
* the newly allocated memory.
540
* Yes, all this 'memcpy' is slow, but it means
541
* that we only allocate the minimum amount of
542
* memory for a request.
544
packet->data_len = total_length;
545
packet->data = (uint8_t *) malloc(packet->data_len);
547
librad_log("Out of memory");
550
memcpy(packet->data, data, packet->data_len);
551
hdr = (radius_packet_t *) packet->data;
553
total_length = htons(total_length);
554
memcpy(hdr->length, &total_length, sizeof(u_short));
557
* If this is not an authentication request, we
558
* need to calculate the md5 hash over the entire packet
559
* and put it in the vector.
561
secretlen = strlen(secret);
564
* If there's a Message-Authenticator, update it
565
* now, BEFORE updating the authentication vector.
567
if (msg_auth_offset) {
568
uint8_t calc_auth_vector[AUTH_VECTOR_LEN];
570
switch (packet->code) {
574
case PW_ACCOUNTING_REQUEST:
575
case PW_ACCOUNTING_RESPONSE:
576
memset(hdr->vector, 0, AUTH_VECTOR_LEN);
579
case PW_AUTHENTICATION_ACK:
580
case PW_AUTHENTICATION_REJECT:
581
case PW_ACCESS_CHALLENGE:
582
/* this was checked above */
583
memcpy(hdr->vector, original->vector,
589
* Set the authentication vector to zero,
590
* calculate the signature, and put it
591
* into the Message-Authenticator
594
memset(packet->data + msg_auth_offset + 2,
596
lrad_hmac_md5(packet->data, packet->data_len,
597
secret, secretlen, calc_auth_vector);
598
memcpy(packet->data + msg_auth_offset + 2,
599
calc_auth_vector, AUTH_VECTOR_LEN);
602
* Copy the original request vector back
605
memcpy(hdr->vector, packet->vector, AUTH_VECTOR_LEN);
609
* Switch over the packet code, deciding how to
612
switch (packet->code) {
614
* Request packets are not signed, bur
615
* have a random authentication vector.
617
case PW_AUTHENTICATION_REQUEST:
618
case PW_STATUS_SERVER:
622
* Reply packets are signed with the
623
* authentication vector of the request.
629
MD5Update(&context, packet->data, packet->data_len);
630
MD5Update(&context, secret, strlen(secret));
631
MD5Final(digest, &context);
633
memcpy(hdr->vector, digest, AUTH_VECTOR_LEN);
634
memcpy(packet->vector, digest, AUTH_VECTOR_LEN);
637
} /* switch over packet codes */
641
* If packet->data points to data, then we print out
642
* the VP list again only for debugging.
863
DEBUG("Sending %s of id %d to %s port %d\n",
865
ip_ntoa(ip_buffer, packet->dst_ipaddr),
871
if (rad_encode(packet, original, secret) < 0) {
876
* Re-sign it, including updating the
877
* Message-Authenticator.
879
if (rad_sign(packet, original, secret) < 0) {
884
* If packet->data points to data, then we print out
885
* the VP list again only for debugging.
644
887
} else if (librad_debug) {
645
DEBUG("Re-sending %s of id %d to %s:%d\n", what, packet->id,
646
ip_ntoa((char *)ip_buffer, packet->dst_ipaddr),
888
DEBUG("Re-sending %s of id %d to %s port %d\n", what, packet->id,
889
ip_ntoa(ip_buffer, packet->dst_ipaddr),
647
890
packet->dst_port);
649
892
for (reply = packet->vps; reply; reply = reply->next) {
1488
* Parse a RADIUS attribute into a data structure.
1490
static VALUE_PAIR *rad_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original,
1491
const char *secret, int attribute, int length,
1492
const uint8_t *data)
1497
if ((vp = paircreate(attribute, PW_TYPE_OCTETS)) == NULL) {
1502
* If length is greater than 253, something is SERIOUSLY
1505
if (length > 253) length = 253; /* paranoia (pair-anoia?) */
1507
vp->length = length;
1508
vp->operator = T_OP_EQ;
1514
if (vp->flags.has_tag) {
1515
if (TAG_VALID(data[0]) ||
1516
(vp->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD)) {
1518
* Tunnel passwords REQUIRE a tag, even
1519
* if don't have a valid tag.
1521
vp->flags.tag = data[0];
1523
if ((vp->type == PW_TYPE_STRING) ||
1524
(vp->type == PW_TYPE_OCTETS)) offset = 1;
1529
* Copy the data to be decrypted
1531
memcpy(&vp->strvalue[0], data + offset, length - offset);
1532
vp->length -= offset;
1535
* Decrypt the attribute.
1537
switch (vp->flags.encrypt) {
1541
case FLAG_ENCRYPT_USER_PASSWORD:
1543
rad_pwdecode((char *)vp->strvalue,
1547
rad_pwdecode((char *)vp->strvalue,
1551
if (vp->attribute == PW_USER_PASSWORD) {
1552
vp->length = strlen(vp->strvalue);
1557
* Tunnel-Password's may go ONLY
1558
* in response packets.
1560
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
1561
if (!original) goto raw;
1563
if (rad_tunnel_pwdecode(vp->strvalue, &vp->length,
1564
secret, original->vector) < 0) {
1570
* Ascend-Send-Secret
1571
* Ascend-Receive-Secret
1573
case FLAG_ENCRYPT_ASCEND_SECRET:
1577
uint8_t my_digest[AUTH_VECTOR_LEN];
1578
make_secret(my_digest,
1581
memcpy(vp->strvalue, my_digest,
1583
vp->strvalue[AUTH_VECTOR_LEN] = '\0';
1584
vp->length = strlen(vp->strvalue);
1590
} /* switch over encryption flags */
1594
case PW_TYPE_STRING:
1595
case PW_TYPE_OCTETS:
1596
/* nothing more to do */
1599
case PW_TYPE_INTEGER:
1600
if (vp->length != 4) goto raw;
1602
memcpy(&vp->lvalue, vp->strvalue, 4);
1603
vp->lvalue = ntohl(vp->lvalue);
1605
if (vp->flags.has_tag) vp->lvalue &= 0x00ffffff;
1608
* Try to get named VALUEs
1612
dval = dict_valbyattr(vp->attribute,
1615
strNcpy(vp->strvalue,
1617
sizeof(vp->strvalue));
1623
if (vp->length != 4) goto raw;
1625
memcpy(&vp->lvalue, vp->strvalue, 4);
1626
vp->lvalue = ntohl(vp->lvalue);
1630
* IPv4 address. Keep it in network byte order in
1631
* vp->lvalue and put ASCII IP address in standard
1632
* dot notation into vp->strvalue.
1634
case PW_TYPE_IPADDR:
1635
if (vp->length != 4) goto raw;
1637
memcpy(&vp->lvalue, vp->strvalue, 4);
1638
ip_ntoa(vp->strvalue, vp->lvalue);
1642
* IPv6 interface ID is 8 octets long.
1645
if (vp->length != 8) goto raw;
1646
/* vp->vp_ifid == vp->strvalue */
1650
* IPv6 addresses are 16 octets long
1652
case PW_TYPE_IPV6ADDR:
1653
if (vp->length != 16) goto raw;
1654
/* vp->vp_ipv6addr == vp->strvalue */
1658
* IPv6 prefixes are 2 to 18 octets long.
1660
* RFC 3162: The first octet is unused.
1661
* The second is the length of the prefix
1662
* the rest are the prefix data.
1664
* The prefix length can have value 0 to 128.
1666
case PW_TYPE_IPV6PREFIX:
1667
if (vp->length < 2 || vp->length > 18) goto raw;
1668
if (vp->strvalue[1] > 128) goto raw;
1671
* FIXME: double-check that
1672
* (vp->strvalue[1] >> 3) matches vp->length + 2
1674
if (vp->length < 18) {
1675
memset(vp->strvalue + vp->length, 0,
1682
vp->type = PW_TYPE_OCTETS;
1683
vp->length = length;
1684
memcpy(vp->strvalue, data, length);
1688
* Ensure there's no encryption or tag stuff,
1689
* we just pass the attribute as-is.
1691
memset(&vp->flags, 0, sizeof(vp->flags));
1699
* Calculate/check digest, and decode radius attributes.
1701
int rad_decode(RADIUS_PACKET *packet, RADIUS_PACKET *original,
1705
uint32_t vendorcode;
1713
radius_packet_t *hdr;
1714
int vsa_tlen, vsa_llen;
1715
DICT_VENDOR *dv = NULL;
1717
if (rad_verify(packet, original, secret) < 0) return -1;
1267
1720
* Extract attribute-value pairs
1722
hdr = (radius_packet_t *)packet->data;
1269
1723
ptr = hdr->data;
1270
length = packet->data_len - AUTH_HDR_LEN;
1724
packet_length = packet->data_len - AUTH_HDR_LEN;
1273
1727
* There may be VP's already in the packet. Don't
1280
1734
vendorcode = 0;
1283
while (length > 0) {
1284
if (vendorlen > 0) {
1285
attribute = *ptr++ | (vendorcode << 16);
1736
vsa_tlen = vsa_llen = 1;
1739
* We have to read at least two bytes.
1741
* rad_recv() above ensures that this is OK.
1743
while (packet_length > 0) {
1748
* Normal attribute, handle it like normal.
1750
if (vendorcode == 0) {
1752
* No room to read attr/length,
1753
* or bad attribute, or attribute is
1754
* too short, or attribute is too long,
1755
* stop processing the packet.
1757
if ((packet_length < 2) ||
1758
(ptr[0] == 0) || (ptr[1] < 2) ||
1759
(ptr[1] > packet_length)) break;
1288
1761
attribute = *ptr++;
1289
1762
attrlen = *ptr++;
1767
if (attribute != PW_VENDOR_SPECIFIC) goto create_pair;
1770
* No vendor code, or ONLY vendor code.
1772
if (attrlen <= 4) goto create_pair;
1296
* This could be a Vendor-Specific attribute.
1778
* Handle Vendor-Specific
1298
if ((vendorlen <= 0) &&
1299
(attribute == PW_VENDOR_SPECIFIC)) {
1780
if (vendorlen == 0) {
1304
* attrlen was checked to be >= 6, in rad_recv
1786
* attrlen was checked above.
1306
1788
memcpy(&lvalue, ptr, 4);
1307
vendorcode = ntohl(lvalue);
1789
myvendor = ntohl(lvalue);
1792
* Zero isn't allowed.
1794
if (myvendor == 0) goto create_pair;
1310
1797
* This is an implementation issue.
1311
1798
* We currently pack vendor into the upper
1312
1799
* 16 bits of a 32-bit attribute number,
1313
1800
* so we can't handle vendor numbers larger
1314
1801
* than 16 bits.
1316
if (vendorcode > 65535) goto create_pair;
1319
* vendorcode was checked to be non-zero
1320
* above, in rad_recv.
1324
* First, check to see if the
1325
* sub-attributes fill the VSA, as
1326
* defined by the RFC. If not, then it
1327
* may be a USR-style VSA, or it may be a
1328
* vendor who packs all of the
1329
* information into one nonsense
1803
if (myvendor > 65535) goto create_pair;
1805
vsa_tlen = vsa_llen = 1;
1806
dv = dict_vendorbyvalue(myvendor);
1808
vsa_tlen = dv->type;
1809
vsa_llen = dv->length;
1813
* Sweep through the list of VSA's,
1814
* seeing if they exactly fill the
1815
* outer Vendor-Specific attribute.
1817
* If not, create a raw Vendor-Specific.
1332
1819
subptr = ptr + 4;
1333
1820
sublen = attrlen - 4;
1335
while (sublen >= 2) {
1336
if (subptr[1] < 2) { /* too short */
1340
if (subptr[1] > sublen) { /* too long */
1344
sublen -= subptr[1]; /* just right */
1345
subptr += subptr[1];
1349
* If the attribute is RFC compatible,
1350
* then allow it as an RFC style VSA.
1823
* See if we can parse it.
1354
vendorlen = attrlen - 4;
1355
attribute = *ptr++ | (vendorcode << 16);
1361
* USR-style attributes are 4 octets,
1362
* with the upper 2 octets being zero.
1364
* The upper octets may not be zero,
1365
* but that then means we won't be
1366
* able to pack the vendor & attribute
1367
* into a 32-bit number, so we can't
1371
* FIXME: Update the dictionaries so
1372
* that we key off of per-attribute
1373
* flags "4-octet", instead of hard
1374
* coding USR here. This will also
1375
* let us send packets with other
1376
* vendors having 4-octet attributes.
1378
} else if ((vendorcode == VENDORPEC_USR) &&
1379
((ptr[4] == 0) && (ptr[5] == 0)) &&
1383
da = dict_attrbyvalue((vendorcode << 16) |
1388
* See if it's in the dictionary.
1389
* If so, it's a valid USR style
1390
* attribute. If not, it's not...
1392
* Don't touch 'attribute' until
1393
* we know what to do!
1396
attribute = ((vendorcode << 16) |
1402
} /* else it's not in the dictionary */
1403
} /* else it was a stupid vendor format */
1404
} /* else it wasn't a VSA */
1829
* Don't have a type, it's bad.
1831
if (sublen < vsa_tlen) goto create_pair;
1834
* Ensure that the attribute number
1843
myattr = (subptr[0] << 8) | subptr[1];
1847
if ((subptr[0] != 0) ||
1848
(subptr[1] != 0)) goto create_pair;
1850
myattr = (subptr[2] << 8) | subptr[3];
1854
* Our dictionary is broken.
1861
* Not enough room for one more
1864
if (sublen < vsa_tlen + vsa_llen) goto create_pair;
1867
attribute = (myvendor << 16) | myattr;
1868
ptr += 4 + vsa_tlen;
1869
attrlen -= (4 + vsa_tlen);
1870
packet_length -= 4 + vsa_tlen;
1874
if (subptr[vsa_tlen] < (vsa_tlen + vsa_llen))
1877
if (subptr[vsa_tlen] > sublen)
1879
sublen -= subptr[vsa_tlen];
1880
subptr += subptr[vsa_tlen];
1884
if (subptr[vsa_tlen] != 0) goto create_pair;
1885
if (subptr[vsa_tlen + 1] < (vsa_tlen + vsa_llen))
1887
if (subptr[vsa_tlen + 1] > sublen)
1889
sublen -= subptr[vsa_tlen + 1];
1890
subptr += subptr[vsa_tlen + 1];
1894
* Our dictionaries are
1900
} while (sublen > 0);
1902
vendorcode = myvendor;
1903
vendorlen = attrlen - 4;
1910
* attrlen is the length of this attribute.
1911
* total_len is the length of the encompassing
1920
attribute = (ptr[0] << 8) | ptr[1];
1923
default: /* can't hit this. */
1926
attribute |= (vendorcode << 16);
1931
attrlen = ptr[0] - (vsa_tlen + vsa_llen);
1935
attrlen = ptr[1] - (vsa_tlen + vsa_llen);
1938
default: /* can't hit this. */
1942
vendorlen -= vsa_tlen + vsa_llen + attrlen;
1943
if (vendorlen == 0) vendorcode = 0;
1944
packet_length -= (vsa_tlen + vsa_llen);
1407
1947
* Create the attribute, setting the default type
1410
1950
* over-ride this one.
1413
if ((pair = paircreate(attribute, PW_TYPE_OCTETS)) == NULL) {
1953
pair = rad_attr2vp(packet, original, secret,
1954
attribute, attrlen, ptr);
1414
1956
pairfree(&packet->vps);
1415
1957
librad_log("out of memory");
1419
pair->length = attrlen;
1420
pair->operator = T_OP_EQ;
1423
switch (pair->type) {
1426
* The attribute may be zero length,
1427
* or it may have a tag, and then no data...
1429
case PW_TYPE_STRING:
1430
if (pair->flags.has_tag) {
1434
* If there's sufficient room for
1435
* a tag, and the tag looks valid,
1438
if ((pair->length > 0) &&
1439
TAG_VALID_ZERO(*ptr)) {
1440
pair->flags.tag = *ptr;
1445
* If the leading tag
1446
* isn't valid, then it's
1447
* ignored for the tunnel
1448
* password attribute.
1450
} else if (pair->flags.encrypt == FLAG_ENCRYPT_TUNNEL_PASSWORD) {
1452
* from RFC2868 - 3.5. Tunnel-Password
1453
* If the value of the Tag field is greater than
1454
* 0x00 and less than or equal to 0x1F, it SHOULD
1455
* be interpreted as indicating which tunnel
1456
* (of several alternatives) this attribute pertains;
1457
* otherwise, the Tag field SHOULD be ignored.
1459
pair->flags.tag = 0x00;
1460
if (pair->length > 0) pair->length--;
1463
pair->flags.tag = 0x00;
1467
* pair->length MAY be zero here.
1469
memcpy(pair->strvalue, ptr + offset,
1473
* Ascend binary attributes never have a
1474
* tag, and neither do the 'octets' type.
1476
case PW_TYPE_ABINARY:
1477
case PW_TYPE_OCTETS:
1478
/* attrlen always < MAX_STRING_LEN */
1479
memcpy(pair->strvalue, ptr, attrlen);
1480
pair->flags.tag = 0;
1484
* Decrypt passwords here.
1486
switch (pair->flags.encrypt) {
1493
case FLAG_ENCRYPT_USER_PASSWORD:
1495
rad_pwdecode((char *)pair->strvalue,
1496
pair->length, secret,
1497
(char *)original->vector);
1499
rad_pwdecode((char *)pair->strvalue,
1500
pair->length, secret,
1501
(char *)packet->vector);
1503
if (pair->attribute == PW_USER_PASSWORD) {
1504
pair->length = strlen(pair->strvalue);
1509
* Tunnel-Password's may go ONLY
1510
* in response packets.
1512
case FLAG_ENCRYPT_TUNNEL_PASSWORD:
1514
librad_log("ERROR: Tunnel-Password attribute in request: Cannot decrypt it.");
1518
if (rad_tunnel_pwdecode(pair->strvalue,
1521
(char *)original->vector) < 0) {
1528
* Ascend-Send-Secret
1529
* Ascend-Receive-Secret
1531
case FLAG_ENCRYPT_ASCEND_SECRET:
1533
librad_log("ERROR: Ascend-Send-Secret attribute in request: Cannot decrypt it.");
1537
uint8_t my_digest[AUTH_VECTOR_LEN];
1538
make_secret(my_digest,
1541
memcpy(pair->strvalue, my_digest,
1543
pair->strvalue[AUTH_VECTOR_LEN] = '\0';
1544
pair->length = strlen(pair->strvalue);
1547
} /* switch over encryption flags */
1548
break; /* from octets/string/abinary */
1550
case PW_TYPE_INTEGER:
1552
case PW_TYPE_IPADDR:
1554
* Check for RFC compliance. If the
1555
* attribute isn't compliant, turn it
1556
* into a string of raw octets.
1558
* Also set the lvalue to something
1559
* which should never match anything.
1562
pair->type = PW_TYPE_OCTETS;
1563
memcpy(pair->strvalue, ptr, attrlen);
1564
pair->lvalue = 0xbad1bad1;
1568
memcpy(&lvalue, ptr, 4);
1570
if (pair->type != PW_TYPE_IPADDR) {
1571
pair->lvalue = ntohl(lvalue);
1574
* It's an IP address, keep it in network
1575
* byte order, and put the ASCII IP
1576
* address or host name into the string
1579
pair->lvalue = lvalue;
1580
ip_ntoa(pair->strvalue, pair->lvalue);
1584
* Tagged attributes of type integer have
1585
* special treatment.
1587
if (pair->flags.has_tag &&
1588
pair->type == PW_TYPE_INTEGER) {
1589
pair->flags.tag = (pair->lvalue >> 24) & 0xff;
1590
pair->lvalue &= 0x00ffffff;
1594
* Try to get the name for integer
1597
if (pair->type == PW_TYPE_INTEGER) {
1599
dval = dict_valbyattr(pair->attribute,
1602
strNcpy(pair->strvalue,
1604
sizeof(pair->strvalue));
1610
* IPv6 interface ID is 8 octets long.
1614
pair->type = PW_TYPE_OCTETS;
1615
memcpy(pair->strvalue, ptr, attrlen);
1619
* IPv6 addresses are 16 octets long
1621
case PW_TYPE_IPV6ADDR:
1623
pair->type = PW_TYPE_OCTETS;
1624
memcpy(pair->strvalue, ptr, attrlen);
1628
* IPv6 prefixes are 2 to 18 octets long.
1630
* RFC 3162: The first octet is unused.
1631
* The second is the length of the prefix
1632
* the rest are the prefix data.
1634
* The prefix length can have value 0 to 128.
1636
case PW_TYPE_IPV6PREFIX:
1637
if (attrlen < 2 || attrlen > 18)
1638
pair->type = PW_TYPE_OCTETS;
1641
pair->type = PW_TYPE_OCTETS;
1644
* FIXME: double-check that
1645
* (ptr[1] >> 3) matches attrlen + 2
1648
memcpy(pair->strvalue, ptr, attrlen);
1652
DEBUG(" %s (Unknown Type %d)\n",
1653
pair->name, pair->type);
1665
1965
ptr += attrlen;
1667
if (vendorlen > 0) vendorlen -= (attrlen + 2);
1966
packet_length -= attrlen;
1671
1970
* Merge information from the outside world into our
1674
for (length = 0; length < AUTH_VECTOR_LEN; length++) {
1675
lrad_rand_pool.randmem[length] += packet->vector[length];
1677
lrad_rand_pool.randmem[lrad_rand_pool.randmem[0] & 0xff] += packet->id;
1678
lrad_rand_pool.randmem[lrad_rand_pool.randmem[1] & 0xff] += packet->data_len;
1973
lrad_rand_seed(packet->data, AUTH_HDR_LEN);