2 * Copyright 1998 Juniper Networks, Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/types.h>
30 #include <sys/socket.h>
32 #include <netinet/in.h>
33 #include <arpa/inet.h>
45 #include "radlib_private.h"
47 static void clear_password(struct rad_handle *);
48 static void generr(struct rad_handle *, const char *, ...)
50 static void insert_scrambled_password(struct rad_handle *, int);
51 static int is_valid_response(struct rad_handle *, int,
52 const struct sockaddr_in *);
53 static int put_password_attr(struct rad_handle *, int,
54 const void *, size_t);
55 static int put_raw_attr(struct rad_handle *, int,
56 const void *, size_t);
57 static int split(char *, char *[], int, char *, size_t);
60 clear_password(struct rad_handle *h)
62 if (h->pass_len != 0) {
63 memset(h->pass, 0, h->pass_len);
70 generr(struct rad_handle *h, const char *format, ...)
75 vsnprintf(h->errmsg, ERRSIZE, format, ap);
80 insert_scrambled_password(struct rad_handle *h, int srv)
83 unsigned char md5[16];
84 const struct rad_server *srvp;
88 srvp = &h->servers[srv];
89 padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf;
91 memcpy(md5, &h->request[POS_AUTH], LEN_AUTH);
92 for (pos = 0; pos < padded_len; pos += 16) {
95 /* Calculate the new scrambler */
97 MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
98 MD5Update(&ctx, md5, 16);
102 * Mix in the current chunk of the password, and copy
103 * the result into the right place in the request. Also
104 * modify the scrambler in place, since we will use this
105 * in calculating the scrambler for next time.
107 for (i = 0; i < 16; i++)
108 h->request[h->pass_pos + pos + i] =
109 md5[i] ^= h->pass[pos + i];
114 * Return true if the current response is valid for a request to the
118 is_valid_response(struct rad_handle *h, int srv,
119 const struct sockaddr_in *from)
122 unsigned char md5[16];
123 const struct rad_server *srvp;
126 srvp = &h->servers[srv];
128 /* Check the source address */
129 if (from->sin_family != srvp->addr.sin_family ||
130 from->sin_addr.s_addr != srvp->addr.sin_addr.s_addr ||
131 from->sin_port != srvp->addr.sin_port)
134 /* Check the message length */
135 if (h->resp_len < POS_ATTRS)
137 len = h->response[POS_LENGTH] << 8 | h->response[POS_LENGTH+1];
138 if (len > h->resp_len)
141 /* Check the response authenticator */
143 MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
144 MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH);
145 MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
146 MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
148 if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0)
155 put_password_attr(struct rad_handle *h, int type, const void *value, size_t len)
160 if (h->pass_pos != 0) {
161 generr(h, "Multiple User-Password attributes specified");
166 padded_len = len == 0 ? 16 : (len+15) & ~0xf;
167 pad_len = padded_len - len;
170 * Put in a place-holder attribute containing all zeros, and
171 * remember where it is so we can fill it in later.
174 put_raw_attr(h, type, h->pass, padded_len);
175 h->pass_pos = h->req_len - padded_len;
177 /* Save the cleartext password, padded as necessary */
178 memcpy(h->pass, value, len);
180 memset(h->pass + len, 0, pad_len);
185 put_raw_attr(struct rad_handle *h, int type, const void *value, size_t len)
188 generr(h, "Attribute too long");
191 if (h->req_len + 2 + len > MSGSIZE) {
192 generr(h, "Maximum message length exceeded");
195 h->request[h->req_len++] = type;
196 h->request[h->req_len++] = len + 2;
197 memcpy(&h->request[h->req_len], value, len);
203 rad_add_server(struct rad_handle *h, const char *host, int port,
204 const char *secret, int timeout, int tries)
206 struct rad_server *srvp;
208 if (h->num_servers >= MAXSERVERS) {
209 generr(h, "Too many RADIUS servers specified");
212 srvp = &h->servers[h->num_servers];
214 memset(&srvp->addr, 0, sizeof srvp->addr);
215 srvp->addr.sin_len = sizeof srvp->addr;
216 srvp->addr.sin_family = AF_INET;
217 if (!inet_aton(host, &srvp->addr.sin_addr)) {
218 struct hostent *hent;
220 if ((hent = gethostbyname(host)) == NULL) {
221 generr(h, "%s: host not found", host);
224 memcpy(&srvp->addr.sin_addr, hent->h_addr,
225 sizeof srvp->addr.sin_addr);
228 srvp->addr.sin_port = htons(port);
230 struct servent *sent;
232 srvp->addr.sin_port =
233 (sent = getservbyname("radius", "udp")) != NULL ?
234 sent->s_port : htons(RADIUS_PORT);
236 if ((srvp->secret = strdup(secret)) == NULL) {
237 generr(h, "Out of memory");
240 srvp->timeout = timeout;
241 srvp->max_tries = tries;
248 rad_close(struct rad_handle *h)
254 for (srv = 0; srv < h->num_servers; srv++) {
255 memset(h->servers[srv].secret, 0,
256 strlen(h->servers[srv].secret));
257 free(h->servers[srv].secret);
264 rad_config(struct rad_handle *h, const char *path)
267 char buf[MAXCONFLINE];
272 path = PATH_RADIUS_CONF;
273 if ((fp = fopen(path, "r")) == NULL) {
274 generr(h, "Cannot open \"%s\": %s", path, strerror(errno));
279 while (fgets(buf, sizeof buf, fp) != NULL) {
290 unsigned long timeout;
291 unsigned long maxtries;
296 /* We know len > 0, else fgets would have returned NULL. */
297 if (buf[len - 1] != '\n') {
298 if (len == sizeof buf - 1)
299 generr(h, "%s:%d: line too long", path,
302 generr(h, "%s:%d: missing newline", path,
309 /* Extract the fields from the line. */
310 nfields = split(buf, fields, 4, msg, sizeof msg);
312 generr(h, "%s:%d: %s", path, linenum, msg);
319 generr(h, "%s:%d: missing shared secret", path,
326 timeout_str = fields[2];
327 maxtries_str = fields[3];
329 /* Parse and validate the fields. */
330 host = strtok(host, ":");
331 port_str = strtok(NULL, ":");
332 if (port_str != NULL) {
333 port = strtoul(port_str, &end, 10);
335 generr(h, "%s:%d: invalid port", path,
342 if (timeout_str != NULL) {
343 timeout = strtoul(timeout_str, &end, 10);
345 generr(h, "%s:%d: invalid timeout", path,
352 if (maxtries_str != NULL) {
353 maxtries = strtoul(maxtries_str, &end, 10);
355 generr(h, "%s:%d: invalid maxtries", path,
363 if (rad_add_server(h, host, port, secret, timeout, maxtries) ==
365 strcpy(msg, h->errmsg);
366 generr(h, "%s:%d: %s", path, linenum, msg);
371 /* Clear out the buffer to wipe a possible copy of a shared secret */
372 memset(buf, 0, sizeof buf);
378 * rad_init_send_request() must have previously been called.
380 * 0 The application should select on *fd with a timeout of tv before
381 * calling rad_continue_send_request again.
386 rad_continue_send_request(struct rad_handle *h, int selected, int *fd,
392 struct sockaddr_in from;
395 fromlen = sizeof from;
396 h->resp_len = recvfrom(h->fd, h->response,
397 MSGSIZE, MSG_WAITALL, (struct sockaddr *)&from, &fromlen);
398 if (h->resp_len == -1) {
399 generr(h, "recvfrom: %s", strerror(errno));
402 if (is_valid_response(h, h->srv, &from)) {
403 h->resp_len = h->response[POS_LENGTH] << 8 |
404 h->response[POS_LENGTH+1];
405 h->resp_pos = POS_ATTRS;
406 return h->response[POS_CODE];
410 if (h->try == h->total_tries) {
411 generr(h, "No valid RADIUS responses received");
416 * Scan round-robin to the next server that has some
417 * tries left. There is guaranteed to be one, or we
418 * would have exited this loop by now.
420 while (h->servers[h->srv].num_tries >= h->servers[h->srv].max_tries)
421 if (++h->srv >= h->num_servers)
424 /* Insert the scrambled password into the request */
425 if (h->pass_pos != 0)
426 insert_scrambled_password(h, h->srv);
428 /* Send the request */
429 n = sendto(h->fd, h->request, h->req_len, 0,
430 (const struct sockaddr *)&h->servers[h->srv].addr,
431 sizeof h->servers[h->srv].addr);
432 if (n != h->req_len) {
434 generr(h, "sendto: %s", strerror(errno));
436 generr(h, "sendto: short write");
441 h->servers[h->srv].num_tries++;
442 tv->tv_sec = h->servers[h->srv].timeout;
450 rad_create_request(struct rad_handle *h, int code)
454 h->request[POS_CODE] = code;
455 h->request[POS_IDENT] = ++h->ident;
456 /* Create a random authenticator */
457 for (i = 0; i < LEN_AUTH; i += 2) {
460 h->request[POS_AUTH+i] = r;
461 h->request[POS_AUTH+i+1] = r >> 8;
463 h->req_len = POS_ATTRS;
469 rad_cvt_addr(const void *data)
471 struct in_addr value;
473 memcpy(&value.s_addr, data, sizeof value.s_addr);
478 rad_cvt_int(const void *data)
482 memcpy(&value, data, sizeof value);
487 rad_cvt_string(const void *data, size_t len)
493 memcpy(s, data, len);
500 * Returns the attribute type. If none are left, returns 0. On failure,
504 rad_get_attr(struct rad_handle *h, const void **value, size_t *len)
508 if (h->resp_pos >= h->resp_len)
510 if (h->resp_pos + 2 > h->resp_len) {
511 generr(h, "Malformed attribute in response");
514 type = h->response[h->resp_pos++];
515 *len = h->response[h->resp_pos++] - 2;
516 if (h->resp_pos + *len > h->resp_len) {
517 generr(h, "Malformed attribute in response");
520 *value = &h->response[h->resp_pos];
526 * Returns -1 on error, 0 to indicate no event and >0 for success
529 rad_init_send_request(struct rad_handle *h, int *fd, struct timeval *tv)
533 /* Make sure we have a socket to use */
535 struct sockaddr_in sin;
537 if ((h->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
538 generr(h, "Cannot create socket: %s", strerror(errno));
541 memset(&sin, 0, sizeof sin);
542 sin.sin_len = sizeof sin;
543 sin.sin_family = AF_INET;
544 sin.sin_addr.s_addr = INADDR_ANY;
545 sin.sin_port = htons(0);
546 if (bind(h->fd, (const struct sockaddr *)&sin,
548 generr(h, "bind: %s", strerror(errno));
555 /* Make sure the user gave us a password */
556 if (h->pass_pos == 0 && !h->chap_pass) {
557 generr(h, "No User or Chap Password attributes given");
560 if (h->pass_pos != 0 && h->chap_pass) {
561 generr(h, "Both User and Chap Password attributes given");
565 /* Fill in the length field in the message */
566 h->request[POS_LENGTH] = h->req_len >> 8;
567 h->request[POS_LENGTH+1] = h->req_len;
570 * Count the total number of tries we will make, and zero the
571 * counter for each server.
574 for (srv = 0; srv < h->num_servers; srv++) {
575 h->total_tries += h->servers[srv].max_tries;
576 h->servers[srv].num_tries = 0;
578 if (h->total_tries == 0) {
579 generr(h, "No RADIUS servers specified");
585 return rad_continue_send_request(h, 0, fd, tv);
589 * Create and initialize a rad_handle structure, and return it to the
590 * caller. Can fail only if the necessary memory cannot be allocated.
591 * In that case, it returns NULL.
596 struct rad_handle *h;
598 h = (struct rad_handle *)malloc(sizeof(struct rad_handle));
605 memset(h->pass, 0, sizeof h->pass);
614 rad_put_addr(struct rad_handle *h, int type, struct in_addr addr)
616 return rad_put_attr(h, type, &addr.s_addr, sizeof addr.s_addr);
620 rad_put_attr(struct rad_handle *h, int type, const void *value, size_t len)
624 if (type == RAD_USER_PASSWORD)
625 result = put_password_attr(h, type, value, len);
627 result = put_raw_attr(h, type, value, len);
628 if (result == 0 && type == RAD_CHAP_PASSWORD)
636 rad_put_int(struct rad_handle *h, int type, u_int32_t value)
640 nvalue = htonl(value);
641 return rad_put_attr(h, type, &nvalue, sizeof nvalue);
645 rad_put_string(struct rad_handle *h, int type, const char *str)
647 return rad_put_attr(h, type, str, strlen(str));
651 * Returns the response type code on success, or -1 on failure.
654 rad_send_request(struct rad_handle *h)
656 struct timeval timelimit;
661 n = rad_init_send_request(h, &fd, &tv);
666 gettimeofday(&timelimit, NULL);
667 timeradd(&tv, &timelimit, &timelimit);
673 FD_SET(fd, &readfds);
675 n = select(fd + 1, &readfds, NULL, NULL, &tv);
678 generr(h, "select: %s", strerror(errno));
682 if (!FD_ISSET(fd, &readfds)) {
683 /* Compute a new timeout */
684 gettimeofday(&tv, NULL);
685 timersub(&timelimit, &tv, &tv);
686 if (tv.tv_sec > 0 || (tv.tv_sec == 0 && tv.tv_usec > 0))
687 /* Continue the select */
691 n = rad_continue_send_request(h, n, &fd, &tv);
696 gettimeofday(&timelimit, NULL);
697 timeradd(&tv, &timelimit, &timelimit);
702 rad_strerror(struct rad_handle *h)
708 * Destructively split a string into fields separated by white space.
709 * `#' at the beginning of a field begins a comment that extends to the
710 * end of the string. Fields may be quoted with `"'. Inside quoted
711 * strings, the backslash escapes `\"' and `\\' are honored.
713 * Pointers to up to the first maxfields fields are stored in the fields
714 * array. Missing fields get NULL pointers.
716 * The return value is the actual number of fields parsed, and is always
719 * On a syntax error, places a message in the msg string, and returns -1.
722 split(char *str, char *fields[], int maxfields, char *msg, size_t msglen)
726 static const char ws[] = " \t";
728 for (i = 0; i < maxfields; i++)
734 if (*p == '#' || *p == '\0')
736 if (i >= maxfields) {
737 snprintf(msg, msglen, "line has too many fields");
748 if (*p != '"' && *p != '\\' &&
750 snprintf(msg, msglen,
751 "invalid `\\' escape");
756 snprintf(msg, msglen,
757 "unterminated quoted string");
764 if (*fields[i] == '\0') {
765 snprintf(msg, msglen,
766 "empty quoted string not permitted");
769 if (*p != '\0' && strspn(p, ws) == 0) {
770 snprintf(msg, msglen, "quoted string not"
771 " followed by white space");