From f1258fe18abe5c6c6967ea4a6c2eab438aacbd5f Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 12 May 2010 08:12:12 +0000 Subject: Remove the tiny bit of C++ that is not realy needed so that we get a pure C application. OK yasuoka@, reyk@ --- usr.sbin/npppd/npppd/Makefile | 2 +- usr.sbin/npppd/npppd/nint.h | 189 --------- usr.sbin/npppd/npppd/radius+.c | 763 +++++++++++++++++++++++++++++++++++ usr.sbin/npppd/npppd/radius+.cc | 761 ---------------------------------- usr.sbin/npppd/npppd/radius+.h | 8 +- usr.sbin/npppd/npppd/radius+_local.h | 37 +- 6 files changed, 774 insertions(+), 986 deletions(-) delete mode 100644 usr.sbin/npppd/npppd/nint.h create mode 100644 usr.sbin/npppd/npppd/radius+.c delete mode 100644 usr.sbin/npppd/npppd/radius+.cc diff --git a/usr.sbin/npppd/npppd/Makefile b/usr.sbin/npppd/npppd/Makefile index 6083dfd8a70..e74ad9af30e 100644 --- a/usr.sbin/npppd/npppd/Makefile +++ b/usr.sbin/npppd/npppd/Makefile @@ -12,7 +12,7 @@ SRCS+= npppd.c npppd_config.c npppd_subr.c npppd_auth.c npppd_iface.c SRCS+= config_helper.c slist.c hash.c properties.c rtev_common.c SRCS+= rtev_libevent.c bytebuf.c debugutil.c csvreader.c net_utils.c SRCS+= radish.c time_utils.c npppd_pool.c addr_range.c -SRCS+= radius+.cc +SRCS+= radius+.c SRCS+= recvfromto.c SRCS+= privsep.c #SRCS+= ipsec_util.c diff --git a/usr.sbin/npppd/npppd/nint.h b/usr.sbin/npppd/npppd/nint.h deleted file mode 100644 index bc329c98d43..00000000000 --- a/usr.sbin/npppd/npppd/nint.h +++ /dev/null @@ -1,189 +0,0 @@ -/*- - * Copyright (c) 2009 Internet Initiative Japan Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -#ifndef NINT_H -#define NINT_H - -#pragma pack(1) - -class nint16 -{ -private: - int16_t value; - -public: - nint16() - { - } - - nint16(int16_t x) - { - value = htons(x); - }; - - nint16(const nint16& x) - { - value = x.value; - }; - - operator int16_t() const - { - return ntohs(value); - } - - nint16& operator +=(int16_t x) - { - value = htons(ntohs(value) + x); - return *this; - } - - void setraw(int16_t x) - { - value = x; - } - - int16_t getraw() const - { - return value; - } -}; - -class nuint16 -{ -private: - u_int16_t value; - -public: - nuint16() - { - } - - nuint16(u_int16_t x) - { - value = htons(x); - }; - - nuint16(const nuint16& x) - { - value = x.value; - }; - - nuint16& operator +=(u_int16_t x) - { - value = htons(ntohs(value) + x); - return *this; - } - - operator u_int16_t() const - { - return ntohs(value); - } - - void setraw(u_int16_t x) - { - value = x; - } - - u_int16_t getraw() const - { - return value; - } -}; - -class nint32 -{ -private: - int32_t value; - -public: - nint32() - { - } - - nint32(int32_t x) - { - value = htonl(x); - }; - - nint32(const nint32& x) - { - value = x.value; - }; - - operator int32_t() const - { - return ntohl(value); - } - - void setraw(int32_t x) - { - value = x; - } - - int32_t getraw() const - { - return value; - } -}; - -class nuint32 -{ -private: - u_int32_t value; - -public: - nuint32() - { - } - - nuint32(u_int32_t x) - { - value = htonl(x); - }; - - nuint32(const nuint32& x) - { - value = x.value; - }; - - operator u_int32_t() const - { - return ntohl(value); - } - - void setraw(u_int32_t x) - { - value = x; - } - - u_int32_t getraw() const - { - return value; - } -}; - -#pragma pack() - -#endif // NINT_H diff --git a/usr.sbin/npppd/npppd/radius+.c b/usr.sbin/npppd/npppd/radius+.c new file mode 100644 index 00000000000..35de1c72bb4 --- /dev/null +++ b/usr.sbin/npppd/npppd/radius+.c @@ -0,0 +1,763 @@ +/*- + * Copyright (c) 2009 Internet Initiative Japan Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE"AUTHOR" AND CONTRIBUTORS AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* + * radius+.cc : + * yet another RADIUS library + */ +#ifdef WITH_MPATROL +#include +#endif + +#include +#include +#include +#include +#include +#include "radius+.h" +#include "radiusconst.h" + +#include "radius+_local.h" + +u_int8_t radius_id_counter = 0; + +static int radius_check_packet_data(const RADIUS_PACKET_DATA* pdata, + size_t length) +{ + const RADIUS_ATTRIBUTE* attr; + const RADIUS_ATTRIBUTE* end; + + if(length < sizeof(RADIUS_PACKET_DATA)) + return 1; + if(length > 0xffff) + return 1; + if(length != (size_t)ntohs(pdata->length)) + return 1; + + attr = ATTRS_BEGIN(pdata); + end = ATTRS_END(pdata); + for(; attrlength < 2) + return 1; + if(attr->type == RADIUS_TYPE_VENDOR_SPECIFIC) + { + if(attr->length < 8) + return 1; + if((attr->vendor & htonl(0xff000000U)) != 0) + return 1; + if(attr->length != attr->vlength + 6) + return 1; + } + } + + if(attr != end) + return 1; + + return 0; +} + +static int radius_ensure_add_capacity(RADIUS_PACKET* packet, size_t capacity) +{ + size_t newsize; + void* newptr; + + // 最大サイズは 64KB + // 安全のため(?)、少し小さい値をリミットにしている。 + if(ntohs(packet->pdata->length) + capacity > 0xfe00) + return 1; + + if(ntohs(packet->pdata->length) + capacity > packet->capacity) + { + newsize = ntohs(packet->pdata->length) + capacity + + RADIUS_PACKET_CAPACITY_INCREMENT; + newptr = realloc(packet->pdata, newsize); + if(newptr == NULL) + return 1; + packet->capacity = newsize; + packet->pdata = (RADIUS_PACKET_DATA*)newptr; + } + + return 0; +} + +RADIUS_PACKET* radius_new_request_packet(u_int8_t code) +{ + RADIUS_PACKET* packet; + unsigned int i; + + packet = (RADIUS_PACKET*)malloc(sizeof(RADIUS_PACKET)); + if(packet == NULL) + return NULL; + packet->pdata = (RADIUS_PACKET_DATA*)malloc(RADIUS_PACKET_CAPACITY_INITIAL); + if(packet->pdata == NULL) + { + free(packet); + return NULL; + } + packet->capacity = RADIUS_PACKET_CAPACITY_INITIAL; + packet->request = NULL; + packet->pdata->code = code; + packet->pdata->id = radius_id_counter++; + packet->pdata->length = htons(sizeof(RADIUS_PACKET_DATA)); + for(i=0; ipdata->authenticator); i++) + packet->pdata->authenticator[i] = rand()&0xff; + + return packet; +} + +RADIUS_PACKET* radius_new_response_packet(u_int8_t code, + const RADIUS_PACKET* request) +{ + RADIUS_PACKET* packet; + + packet = radius_new_request_packet(code); + if(packet == NULL) + return NULL; + packet->request = request; + packet->pdata->id = request->pdata->id; + + return packet; +} + +RADIUS_PACKET* radius_convert_packet(const void* pdata, size_t length) +{ + RADIUS_PACKET* packet; + + if(radius_check_packet_data((const RADIUS_PACKET_DATA*)pdata, length) != 0) + return NULL; + packet = (RADIUS_PACKET*)malloc(sizeof(RADIUS_PACKET)); + if(packet == NULL) + return NULL; + packet->pdata = (RADIUS_PACKET_DATA*)malloc(length); + packet->capacity = length; + packet->request = NULL; + if(packet->pdata == NULL) + { + free(packet); + return NULL; + } + memcpy(packet->pdata, pdata, length); + + return packet; +} + +int radius_delete_packet(RADIUS_PACKET* packet) +{ + free(packet->pdata); + free(packet); + return 0; +} + +u_int8_t radius_get_code(const RADIUS_PACKET* packet) +{ + return packet->pdata->code; +} + +u_int8_t radius_get_id(const RADIUS_PACKET* packet) +{ + return packet->pdata->id; +} + +void radius_get_authenticator(const RADIUS_PACKET* packet, char* authenticator) +{ + memcpy(authenticator, packet->pdata->authenticator, 16); +} + +const char* radius_get_authenticator_retval(const RADIUS_PACKET* packet) +{ + return packet->pdata->authenticator; +} + +void radius_set_request_packet(RADIUS_PACKET* packet, + const RADIUS_PACKET* request) +{ + packet->request = request; +} + +int radius_check_response_authenticator(const RADIUS_PACKET* packet, + const char* secret) +{ + MD5_CTX ctx; + unsigned char authenticator0[16]; + + /* 呼び出し前に必ず radius_set_request_packet*/ + if (packet->request == NULL) + return -1; + + MD5Init(&ctx); + MD5Update(&ctx, (unsigned char*)packet->pdata, 4); + MD5Update(&ctx, (unsigned char*)packet->request->pdata->authenticator, + 16); + MD5Update(&ctx, + (unsigned char*)packet->pdata->attributes, + radius_get_length(packet) - 20); + MD5Update(&ctx, (unsigned char*)secret, strlen(secret)); + MD5Final((unsigned char *)authenticator0, &ctx); + + return memcmp(authenticator0, packet->pdata->authenticator, 16); +} + +void radius_set_response_authenticator(RADIUS_PACKET* packet, + const char* secret) +{ + MD5_CTX ctx; + + MD5Init(&ctx); + MD5Update(&ctx, (unsigned char*)packet->pdata, 4); + MD5Update(&ctx, + (unsigned char*)packet->request->pdata->authenticator, 16); + MD5Update(&ctx, + (unsigned char*)packet->pdata->attributes, + radius_get_length(packet) - 20); + MD5Update(&ctx, (unsigned char*)secret, strlen(secret)); + MD5Final((unsigned char*)packet->pdata->authenticator ,&ctx); +} + +u_int16_t radius_get_length(const RADIUS_PACKET* packet) +{ + return ntohs(packet->pdata->length); +} + + +const void* radius_get_data(const RADIUS_PACKET* packet) +{ + return packet->pdata; +} + +int radius_get_raw_attr(const RADIUS_PACKET* packet, u_int8_t type, + void* buf, u_int8_t* length) +{ + const RADIUS_ATTRIBUTE* attr; + const RADIUS_ATTRIBUTE* end; + + attr = ATTRS_BEGIN(packet->pdata); + end = ATTRS_END(packet->pdata); + + for(; attrtype != type) + continue; + *length = attr->length - 2; + memcpy(buf, attr->data, attr->length - 2); + return 0; + } + + return 1; +} + +/* + * To determine the length of the data, set the buf = NULL. + */ +int radius_get_raw_attr_all(const RADIUS_PACKET* packet, u_int8_t type, + caddr_t buf, int *length) +{ + int off; + const RADIUS_ATTRIBUTE* attr; + const RADIUS_ATTRIBUTE* end; + + attr = ATTRS_BEGIN(packet->pdata); + end = ATTRS_END(packet->pdata); + + for(off = 0; attrtype != type) + continue; + if (buf != NULL) { + if (off + attr->length - 2 <= *length) + memcpy(buf + off, attr->data, attr->length - 2); + else + return 1; + } + off += attr->length - 2; + } + *length = off; + + return 0; +} + +int radius_put_raw_attr(RADIUS_PACKET* packet, u_int8_t type, + const void* buf, u_int8_t length) +{ + RADIUS_ATTRIBUTE* newattr; + + if(length > 255-2) + return 1; + + if(radius_ensure_add_capacity(packet, length+2) != 0) + return 1; + + newattr = ATTRS_END(packet->pdata); + newattr->type = type; + newattr->length = length + 2; + memcpy(newattr->data, buf, length); + packet->pdata->length = htons(radius_get_length(packet) + length + 2); + + return 0; +} + +int radius_put_raw_attr_all(RADIUS_PACKET* packet, u_int8_t type, + caddr_t buf, int length) +{ + int off, len0; + RADIUS_ATTRIBUTE* newattr; + + off = 0; + while (off < length) { + len0 = MIN(length - off, 255-2); + + if(radius_ensure_add_capacity(packet, len0+2) != 0) + return 1; + + newattr = ATTRS_END(packet->pdata); + newattr->type = type; + newattr->length = len0 + 2; + memcpy(newattr->data, buf, len0); + packet->pdata->length = htons(radius_get_length(packet) + + len0 + 2); + + off += len0; + } + + return 0; +} + +int radius_get_vs_raw_attr(const RADIUS_PACKET* packet, u_int32_t vendor, + u_int8_t vtype, void* buf, u_int8_t* length) +{ + const RADIUS_ATTRIBUTE* attr; + const RADIUS_ATTRIBUTE* end; + + attr = ATTRS_BEGIN(packet->pdata); + end = ATTRS_END(packet->pdata); + + for(; attrtype != RADIUS_TYPE_VENDOR_SPECIFIC) + continue; + if(attr->vendor != htonl(vendor)) + continue; + if(attr->vtype != vtype) + continue; + + *length = attr->vlength - 2; + memcpy(buf, attr->vdata, attr->vlength - 2); + return 0; + } + + return 1; +} + +/* + * To determine the length of the data, set the buf = NULL. + */ +int radius_get_vs_raw_attr_all(const RADIUS_PACKET* packet, u_int32_t vendor, + u_int8_t vtype, caddr_t buf, int *length) +{ + int off; + const RADIUS_ATTRIBUTE* attr; + const RADIUS_ATTRIBUTE* end; + + attr = ATTRS_BEGIN(packet->pdata); + end = ATTRS_END(packet->pdata); + + off = 0; + for(; attrtype != RADIUS_TYPE_VENDOR_SPECIFIC) + continue; + if(attr->vendor != htonl(vendor)) + continue; + if(attr->vtype != vtype) + continue; + + if (buf != NULL) { + if (off + attr->vlength - 2 <= *length) + memcpy(off + buf, attr->vdata, + attr->vlength - 2); + else + return 1; + } + off += attr->vlength; + } + *length = off; + + return 0; +} + +int radius_get_vs_raw_attr_ptr(const RADIUS_PACKET* packet, u_int32_t vendor, + u_int8_t vtype, void** ptr, u_int8_t* length) +{ + const RADIUS_ATTRIBUTE* attr; + const RADIUS_ATTRIBUTE* end; + + attr = ATTRS_BEGIN(packet->pdata); + end = ATTRS_END(packet->pdata); + + for(; attrtype != RADIUS_TYPE_VENDOR_SPECIFIC) + continue; + if(attr->vendor != htonl(vendor)) + continue; + if(attr->vtype != vtype) + continue; + + *length = attr->vlength - 2; + *ptr = (void *)attr->vdata; + return 0; + } + + return 1; +} + +int radius_put_vs_raw_attr(RADIUS_PACKET* packet, u_int32_t vendor, + u_int8_t vtype, const void* buf, u_int8_t length) +{ + RADIUS_ATTRIBUTE* newattr; + + if(length > 255-8) + return 1; + + if(radius_ensure_add_capacity(packet, length+8) != 0) + return 1; + + newattr = ATTRS_END(packet->pdata); + newattr->type = RADIUS_TYPE_VENDOR_SPECIFIC; + newattr->length = length + 8; + newattr->vendor = htonl(vendor); + newattr->vtype = vtype; + newattr->vlength = length + 2; + memcpy(newattr->vdata, buf, length); + packet->pdata->length = htons(radius_get_length(packet) + length + 8); + + return 0; +} + +int radius_put_vs_raw_attr_all(RADIUS_PACKET* packet, u_int32_t vendor, + u_int8_t vtype, const void* buf, int length) +{ + int off, len0; + RADIUS_ATTRIBUTE* newattr; + + off = 0; + while (off < length) { + len0 = MIN(length - off, 255-8); + + if(radius_ensure_add_capacity(packet, len0+8) != 0) + return 1; + + newattr = ATTRS_END(packet->pdata); + newattr->type = RADIUS_TYPE_VENDOR_SPECIFIC; + newattr->length = len0 + 8; + newattr->vendor = htonl(vendor); + newattr->vtype = vtype; + newattr->vlength = len0 + 2; + memcpy(newattr->vdata, buf, len0); + packet->pdata->length = htons(radius_get_length(packet) + + len0 + 8); + + off += len0; + } + + return 0; +} + +int radius_get_uint32_attr(const RADIUS_PACKET* packet, u_int8_t type, + u_int32_t* val) +{ + u_int32_t nval; + u_int8_t len; + + if(radius_get_raw_attr(packet, type, &nval, &len) != 0) + return 1; + if(len != sizeof(u_int32_t)) + return 1; + *val = ntohl(nval); + return 0; +} + +u_int32_t radius_get_uint32_attr_retval(const RADIUS_PACKET* packet, + u_int8_t type) +{ + u_int32_t nval; + u_int8_t len; + + if(radius_get_raw_attr(packet, type, &nval, &len) != 0) + return 0xffffffff; + if(len != sizeof(u_int32_t)) + return 0xffffffff; + return ntohl(nval); +} + +int radius_put_uint32_attr(RADIUS_PACKET* packet, u_int8_t type, u_int32_t val) +{ + u_int32_t nval; + + nval = htonl(val); + return radius_put_raw_attr(packet, type, &nval, sizeof(u_int32_t)); +} + +int radius_get_string_attr(const RADIUS_PACKET* packet, u_int8_t type, + char* str) +{ + u_int8_t len; + + if(radius_get_raw_attr(packet, type, str, &len) != 0) + return 1; + str[len] = '\0'; + return 0; +} + +int radius_put_string_attr(RADIUS_PACKET* packet, u_int8_t type, + const char* str) +{ + return radius_put_raw_attr(packet, type, str, strlen(str)); +} + +int radius_get_vs_string_attr(const RADIUS_PACKET* packet, u_int32_t vendor, + u_int8_t vtype, char* str) +{ + u_int8_t len; + + if(radius_get_vs_raw_attr(packet, vendor, vtype, str, &len) != 0) + return 1; + str[len] = '\0'; + return 0; +} + +int radius_put_vs_string_attr(RADIUS_PACKET* packet, u_int32_t vendor, + u_int8_t vtype, const char* str) +{ + return radius_put_vs_raw_attr(packet, vendor, vtype, str, strlen(str)); +} + +int radius_get_ipv4_attr(const RADIUS_PACKET* packet, u_int8_t type, + struct in_addr* addr) +{ + struct in_addr tmp; + u_int8_t len; + + if(radius_get_raw_attr(packet, type, &tmp, &len) != 0) + return 1; + if(len != sizeof(struct in_addr)) + return 1; + *addr = tmp; + return 0; +} + +struct in_addr radius_get_ipv4_attr_retval(const RADIUS_PACKET* packet, + u_int8_t type) +{ + struct in_addr addr; + u_int8_t len; + + if(radius_get_raw_attr(packet, type, &addr, &len) != 0) + addr.s_addr = htonl(INADDR_ANY); + if(len != sizeof(struct in_addr)) + addr.s_addr = htonl(INADDR_ANY); + return addr; +} + +int radius_put_ipv4_attr(RADIUS_PACKET* packet, u_int8_t type, struct in_addr addr) +{ + return radius_put_raw_attr(packet, type, &addr, sizeof(struct in_addr)); +} + +RADIUS_PACKET* radius_recvfrom(int s, int flags, struct sockaddr* addr, socklen_t* len) +{ + char buf[0x10000]; + ssize_t n; + + n = recvfrom(s, buf, sizeof(buf), flags, addr, len); + if(n <= 0) + return NULL; + + return radius_convert_packet(buf, (size_t)n); +} + +int radius_sendto(int s, const RADIUS_PACKET* packet, + int flags, const struct sockaddr* addr, socklen_t len) +{ + ssize_t n; + + n = sendto(s, packet->pdata, radius_get_length(packet), flags, addr, len); + if(n != radius_get_length(packet)) + return 1; + return 0; +} + +/** + * Calculate keyed-hashing for message authenticaiton using md5. + * + * @param packet pointer to target RADIUS_PACKET. + * @param text_len length of data stream + * @param key pointer to authentication key + * @param key_len length of authentication key + * @param digest caller digest to be filled in + */ +static void +radius_hmac_md5(RADIUS_PACKET *packet, const char * key, int key_len, + caddr_t digest, int check) +{ + const RADIUS_ATTRIBUTE* attr; + const RADIUS_ATTRIBUTE* end; + MD5_CTX context; + u_char k_ipad[65]; /* inner padding - key XORd with ipad */ + u_char k_opad[65]; /* outer padding - key XORd with opad */ + u_char key0[64]; + int i; + u_char zero16[16]; + + /* if key is longer than 64 bytes reset it to key=MD5(key) */ + if (key_len > 64) + { + MD5_CTX tctx; + + MD5Init(&tctx); + MD5Update(&tctx, (const u_char *)key, key_len); + MD5Final((u_char *)key0, &tctx); + + key_len = 16; + } else + memcpy(key0, key, key_len); + + key = (const char *)key0; + + /* + * the HMAC_MD5 transform looks like: + * + * MD5(K XOR opad, MD5(K XOR ipad, text)) + * + * where K is an n byte key + * ipad is the byte 0x36 repeated 64 times + * opad is the byte 0x5c repeated 64 times + * and text is the data being protected + */ + + /* start out by storing key in pads */ + memset(k_ipad, 0, sizeof k_ipad); + memset(k_opad, 0, sizeof k_opad); + memcpy(k_ipad, key, key_len); + memcpy(k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i = 0; i < 64; i++) + { + k_ipad[i] ^= 0x36; + k_opad[i] ^= 0x5c; + } + + /* perform inner MD5 */ + MD5Init(&context); /* init context for 1st pass */ + MD5Update(&context, k_ipad, 64); /* start with inner pad */ + + /* + * Traverse the radius packet. + */ + if (check) + { + MD5Update(&context, (const u_char *)packet->pdata, 4); + MD5Update(&context, (unsigned char*)packet->request->pdata + ->authenticator, 16); + } + else + { + MD5Update(&context, (const u_char *)packet->pdata, + sizeof(RADIUS_PACKET_DATA)); + } + + attr = ATTRS_BEGIN(packet->pdata); + end = ATTRS_END(packet->pdata); + memset(zero16, 0, sizeof(zero16)); + + for(; attrtype == RADIUS_TYPE_MESSAGE_AUTHENTICATOR) + { + MD5Update(&context, (u_char *)attr, 2); + MD5Update(&context, (u_char *)zero16, sizeof(zero16)); + } else + MD5Update(&context, (u_char *)attr, (int)attr->length); + } + + MD5Final((u_char *)digest, &context); /* finish up 1st pass */ + /* + * perform outer MD5 + */ + MD5Init(&context); /* init context for 2nd pass */ + MD5Update(&context, k_opad, 64); /* start with outer pad */ + MD5Update(&context, (u_char *)digest, 16);/* then results of 1st hash */ + MD5Final((u_char *)digest, &context); /* finish up 2nd pass */ +} + +/* RFC 3579 */ +int radius_put_message_authenticator(RADIUS_PACKET *packet, const char *secret) +{ + int rval; + u_char md5result[16]; + RADIUS_ATTRIBUTE* attr; + RADIUS_ATTRIBUTE* end; + + if ((rval = radius_put_raw_attr(packet, + RADIUS_TYPE_MESSAGE_AUTHENTICATOR, md5result, sizeof(md5result))) + != 0) + return rval; + + radius_hmac_md5(packet, secret, strlen(secret), (caddr_t)md5result, 0); + + attr = ATTRS_BEGIN(packet->pdata); + end = ATTRS_END(packet->pdata); + + for(; attrtype == RADIUS_TYPE_MESSAGE_AUTHENTICATOR) + { + memcpy(attr->data, md5result, sizeof(md5result)); + break; + } + } + + return 0; +} + +int radius_check_message_authenticator(RADIUS_PACKET *packet, + const char *secret) +{ + int rval; + u_char len, md5result0[16], md5result1[16]; + + radius_hmac_md5(packet, secret, strlen(secret), (caddr_t)md5result0, + 1); + + if ((rval = radius_get_raw_attr(packet, + RADIUS_TYPE_MESSAGE_AUTHENTICATOR, md5result1, &len)) != 0) + return rval; + + if (len != sizeof(md5result1)) + return -1; + + return memcmp(md5result0, md5result1, sizeof(md5result1)); +} diff --git a/usr.sbin/npppd/npppd/radius+.cc b/usr.sbin/npppd/npppd/radius+.cc deleted file mode 100644 index 8c188102b0d..00000000000 --- a/usr.sbin/npppd/npppd/radius+.cc +++ /dev/null @@ -1,761 +0,0 @@ -/*- - * Copyright (c) 2009 Internet Initiative Japan Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE"AUTHOR" AND CONTRIBUTORS AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * radius+.cc : - * yet another RADIUS library - */ -#ifdef WITH_MPATROL -#include -#endif - -#include -#include -#include -#include -#include -#include "radius+.h" -#include "radiusconst.h" - -#include "radius+_local.h" - -u_int8_t radius_id_counter = 0; - -static int radius_check_packet_data(const RADIUS_PACKET_DATA* pdata, - size_t length) -{ - const RADIUS_ATTRIBUTE* attr; - const RADIUS_ATTRIBUTE* end; - - if(length < sizeof(RADIUS_PACKET_DATA)) - return 1; - if(length > 0xffff) - return 1; - if(length != (size_t)(pdata->length)) - return 1; - - attr = ATTRS_BEGIN(pdata); - end = ATTRS_END(pdata); - for(; attrlength < 2) - return 1; - if(attr->type == RADIUS_TYPE_VENDOR_SPECIFIC) - { - if(attr->length < 8) - return 1; - if((attr->vendor & 0xff000000U) != 0) - return 1; - if(attr->length != attr->vlength + 6) - return 1; - } - } - - if(attr != end) - return 1; - - return 0; -} - -static int radius_ensure_add_capacity(RADIUS_PACKET* packet, size_t capacity) -{ - size_t newsize; - void* newptr; - - // 最大サイズは 64KB - // 安全のため(?)、少し小さい値をリミットにしている。 - if(packet->pdata->length + capacity > 0xfe00) - return 1; - - if(packet->pdata->length + capacity > packet->capacity) - { - newsize = packet->pdata->length + capacity + - RADIUS_PACKET_CAPACITY_INCREMENT; - newptr = realloc(packet->pdata, newsize); - if(newptr == NULL) - return 1; - packet->capacity = newsize; - packet->pdata = (RADIUS_PACKET_DATA*)newptr; - } - - return 0; -} - -RADIUS_PACKET* radius_new_request_packet(u_int8_t code) -{ - RADIUS_PACKET* packet; - unsigned int i; - - packet = (RADIUS_PACKET*)malloc(sizeof(RADIUS_PACKET)); - if(packet == NULL) - return NULL; - packet->pdata = (RADIUS_PACKET_DATA*)malloc(RADIUS_PACKET_CAPACITY_INITIAL); - if(packet->pdata == NULL) - { - free(packet); - return NULL; - } - packet->capacity = RADIUS_PACKET_CAPACITY_INITIAL; - packet->request = NULL; - packet->pdata->code = code; - packet->pdata->id = radius_id_counter++; - packet->pdata->length = sizeof(RADIUS_PACKET_DATA); - for(i=0; ipdata->authenticator); i++) - packet->pdata->authenticator[i] = rand()&0xff; - - return packet; -} - -RADIUS_PACKET* radius_new_response_packet(u_int8_t code, - const RADIUS_PACKET* request) -{ - RADIUS_PACKET* packet; - - packet = radius_new_request_packet(code); - if(packet == NULL) - return NULL; - packet->request = request; - packet->pdata->id = request->pdata->id; - - return packet; -} - -RADIUS_PACKET* radius_convert_packet(const void* pdata, size_t length) -{ - RADIUS_PACKET* packet; - - if(radius_check_packet_data((const RADIUS_PACKET_DATA*)pdata, length) != 0) - return NULL; - packet = (RADIUS_PACKET*)malloc(sizeof(RADIUS_PACKET)); - if(packet == NULL) - return NULL; - packet->pdata = (RADIUS_PACKET_DATA*)malloc(length); - packet->capacity = length; - packet->request = NULL; - if(packet->pdata == NULL) - { - free(packet); - return NULL; - } - memcpy(packet->pdata, pdata, length); - - return packet; -} - -int radius_delete_packet(RADIUS_PACKET* packet) -{ - free(packet->pdata); - free(packet); - return 0; -} - -u_int8_t radius_get_code(const RADIUS_PACKET* packet) -{ - return packet->pdata->code; -} - -u_int8_t radius_get_id(const RADIUS_PACKET* packet) -{ - return packet->pdata->id; -} - -void radius_get_authenticator(const RADIUS_PACKET* packet, char* authenticator) -{ - memcpy(authenticator, packet->pdata->authenticator, 16); -} - -const char* radius_get_authenticator_retval(const RADIUS_PACKET* packet) -{ - return packet->pdata->authenticator; -} - -void radius_set_request_packet(RADIUS_PACKET* packet, - const RADIUS_PACKET* request) -{ - packet->request = request; -} - -int radius_check_response_authenticator(const RADIUS_PACKET* packet, - const char* secret) -{ - MD5_CTX ctx; - unsigned char authenticator0[16]; - - /* 呼び出し前に必ず radius_set_request_packet*/ - if (packet->request == NULL) - return -1; - - MD5Init(&ctx); - MD5Update(&ctx, (unsigned char*)packet->pdata, 4); - MD5Update(&ctx, (unsigned char*)packet->request->pdata->authenticator, - 16); - MD5Update(&ctx, - (unsigned char*)packet->pdata->attributes, - packet->pdata->length-20); - MD5Update(&ctx, (unsigned char*)secret, strlen(secret)); - MD5Final((unsigned char *)authenticator0, &ctx); - - return memcmp(authenticator0, packet->pdata->authenticator, 16); -} - -void radius_set_response_authenticator(RADIUS_PACKET* packet, - const char* secret) -{ - MD5_CTX ctx; - - MD5Init(&ctx); - MD5Update(&ctx, (unsigned char*)packet->pdata, 4); - MD5Update(&ctx, - (unsigned char*)packet->request->pdata->authenticator, 16); - MD5Update(&ctx, - (unsigned char*)packet->pdata->attributes, - packet->pdata->length-20); - MD5Update(&ctx, (unsigned char*)secret, strlen(secret)); - MD5Final((unsigned char*)packet->pdata->authenticator ,&ctx); -} - -u_int16_t radius_get_length(const RADIUS_PACKET* packet) -{ - return packet->pdata->length; -} - - -const void* radius_get_data(const RADIUS_PACKET* packet) -{ - return packet->pdata; -} - -int radius_get_raw_attr(const RADIUS_PACKET* packet, u_int8_t type, - void* buf, u_int8_t* length) -{ - const RADIUS_ATTRIBUTE* attr; - const RADIUS_ATTRIBUTE* end; - - attr = ATTRS_BEGIN(packet->pdata); - end = ATTRS_END(packet->pdata); - - for(; attrtype != type) - continue; - *length = attr->length - 2; - memcpy(buf, attr->data, attr->length - 2); - return 0; - } - - return 1; -} - -/* - * To determine the length of the data, set the buf = NULL. - */ -int radius_get_raw_attr_all(const RADIUS_PACKET* packet, u_int8_t type, - caddr_t buf, int *length) -{ - int off; - const RADIUS_ATTRIBUTE* attr; - const RADIUS_ATTRIBUTE* end; - - attr = ATTRS_BEGIN(packet->pdata); - end = ATTRS_END(packet->pdata); - - for(off = 0; attrtype != type) - continue; - if (buf != NULL) { - if (off + attr->length - 2 <= *length) - memcpy(buf + off, attr->data, attr->length - 2); - else - return 1; - } - off += attr->length - 2; - } - *length = off; - - return 0; -} - -int radius_put_raw_attr(RADIUS_PACKET* packet, u_int8_t type, - const void* buf, u_int8_t length) -{ - RADIUS_ATTRIBUTE* newattr; - - if(length > 255-2) - return 1; - - if(radius_ensure_add_capacity(packet, length+2) != 0) - return 1; - - newattr = ATTRS_END(packet->pdata); - newattr->type = type; - newattr->length = length + 2; - memcpy(newattr->data, buf, length); - packet->pdata->length += length + 2; - - return 0; -} - -int radius_put_raw_attr_all(RADIUS_PACKET* packet, u_int8_t type, - caddr_t buf, int length) -{ - int off, len0; - RADIUS_ATTRIBUTE* newattr; - - off = 0; - while (off < length) { - len0 = MIN(length - off, 255-2); - - if(radius_ensure_add_capacity(packet, len0+2) != 0) - return 1; - - newattr = ATTRS_END(packet->pdata); - newattr->type = type; - newattr->length = len0 + 2; - memcpy(newattr->data, buf, len0); - packet->pdata->length += len0 + 2; - - off += len0; - } - - return 0; -} - -int radius_get_vs_raw_attr(const RADIUS_PACKET* packet, u_int32_t vendor, - u_int8_t vtype, void* buf, u_int8_t* length) -{ - const RADIUS_ATTRIBUTE* attr; - const RADIUS_ATTRIBUTE* end; - - attr = ATTRS_BEGIN(packet->pdata); - end = ATTRS_END(packet->pdata); - - for(; attrtype != RADIUS_TYPE_VENDOR_SPECIFIC) - continue; - if(attr->vendor != vendor) - continue; - if(attr->vtype != vtype) - continue; - - *length = attr->vlength - 2; - memcpy(buf, attr->vdata, attr->vlength - 2); - return 0; - } - - return 1; -} - -/* - * To determine the length of the data, set the buf = NULL. - */ -int radius_get_vs_raw_attr_all(const RADIUS_PACKET* packet, u_int32_t vendor, - u_int8_t vtype, caddr_t buf, int *length) -{ - int off; - const RADIUS_ATTRIBUTE* attr; - const RADIUS_ATTRIBUTE* end; - - attr = ATTRS_BEGIN(packet->pdata); - end = ATTRS_END(packet->pdata); - - off = 0; - for(; attrtype != RADIUS_TYPE_VENDOR_SPECIFIC) - continue; - if(attr->vendor != vendor) - continue; - if(attr->vtype != vtype) - continue; - - if (buf != NULL) { - if (off + attr->vlength - 2 <= *length) - memcpy(off + buf, attr->vdata, - attr->vlength - 2); - else - return 1; - } - off += attr->vlength; - } - *length = off; - - return 0; -} - -int radius_get_vs_raw_attr_ptr(const RADIUS_PACKET* packet, u_int32_t vendor, - u_int8_t vtype, void** ptr, u_int8_t* length) -{ - const RADIUS_ATTRIBUTE* attr; - const RADIUS_ATTRIBUTE* end; - - attr = ATTRS_BEGIN(packet->pdata); - end = ATTRS_END(packet->pdata); - - for(; attrtype != RADIUS_TYPE_VENDOR_SPECIFIC) - continue; - if(attr->vendor != vendor) - continue; - if(attr->vtype != vtype) - continue; - - *length = attr->vlength - 2; - *ptr = (void *)attr->vdata; - return 0; - } - - return 1; -} - -int radius_put_vs_raw_attr(RADIUS_PACKET* packet, u_int32_t vendor, - u_int8_t vtype, const void* buf, u_int8_t length) -{ - RADIUS_ATTRIBUTE* newattr; - - if(length > 255-8) - return 1; - - if(radius_ensure_add_capacity(packet, length+8) != 0) - return 1; - - newattr = ATTRS_END(packet->pdata); - newattr->type = RADIUS_TYPE_VENDOR_SPECIFIC; - newattr->length = length + 8; - newattr->vendor = vendor; - newattr->vtype = vtype; - newattr->vlength = length + 2; - memcpy(newattr->vdata, buf, length); - packet->pdata->length += length + 8; - - return 0; -} - -int radius_put_vs_raw_attr_all(RADIUS_PACKET* packet, u_int32_t vendor, - u_int8_t vtype, const void* buf, int length) -{ - int off, len0; - RADIUS_ATTRIBUTE* newattr; - - off = 0; - while (off < length) { - len0 = MIN(length - off, 255-8); - - if(radius_ensure_add_capacity(packet, len0+8) != 0) - return 1; - - newattr = ATTRS_END(packet->pdata); - newattr->type = RADIUS_TYPE_VENDOR_SPECIFIC; - newattr->length = len0 + 8; - newattr->vendor = vendor; - newattr->vtype = vtype; - newattr->vlength = len0 + 2; - memcpy(newattr->vdata, buf, len0); - packet->pdata->length += len0 + 8; - - off += len0; - } - - return 0; -} - -int radius_get_uint32_attr(const RADIUS_PACKET* packet, u_int8_t type, - u_int32_t* val) -{ - u_int32_t nval; - u_int8_t len; - - if(radius_get_raw_attr(packet, type, &nval, &len) != 0) - return 1; - if(len != sizeof(u_int32_t)) - return 1; - *val = ntohl(nval); - return 0; -} - -u_int32_t radius_get_uint32_attr_retval(const RADIUS_PACKET* packet, - u_int8_t type) -{ - u_int32_t nval; - u_int8_t len; - - if(radius_get_raw_attr(packet, type, &nval, &len) != 0) - return 0xffffffff; - if(len != sizeof(u_int32_t)) - return 0xffffffff; - return ntohl(nval); -} - -int radius_put_uint32_attr(RADIUS_PACKET* packet, u_int8_t type, u_int32_t val) -{ - u_int32_t nval; - - nval = htonl(val); - return radius_put_raw_attr(packet, type, &nval, sizeof(u_int32_t)); -} - -int radius_get_string_attr(const RADIUS_PACKET* packet, u_int8_t type, - char* str) -{ - u_int8_t len; - - if(radius_get_raw_attr(packet, type, str, &len) != 0) - return 1; - str[len] = '\0'; - return 0; -} - -int radius_put_string_attr(RADIUS_PACKET* packet, u_int8_t type, - const char* str) -{ - return radius_put_raw_attr(packet, type, str, strlen(str)); -} - -int radius_get_vs_string_attr(const RADIUS_PACKET* packet, u_int32_t vendor, - u_int8_t vtype, char* str) -{ - u_int8_t len; - - if(radius_get_vs_raw_attr(packet, vendor, vtype, str, &len) != 0) - return 1; - str[len] = '\0'; - return 0; -} - -int radius_put_vs_string_attr(RADIUS_PACKET* packet, u_int32_t vendor, - u_int8_t vtype, const char* str) -{ - return radius_put_vs_raw_attr(packet, vendor, vtype, str, strlen(str)); -} - -int radius_get_ipv4_attr(const RADIUS_PACKET* packet, u_int8_t type, - in_addr* addr) -{ - in_addr tmp; - u_int8_t len; - - if(radius_get_raw_attr(packet, type, &tmp, &len) != 0) - return 1; - if(len != sizeof(in_addr)) - return 1; - *addr = tmp; - return 0; -} - -in_addr radius_get_ipv4_attr_retval(const RADIUS_PACKET* packet, - u_int8_t type) -{ - in_addr addr; - u_int8_t len; - - if(radius_get_raw_attr(packet, type, &addr, &len) != 0) - addr.s_addr = htonl(INADDR_ANY); - if(len != sizeof(in_addr)) - addr.s_addr = htonl(INADDR_ANY); - return addr; -} - -int radius_put_ipv4_attr(RADIUS_PACKET* packet, u_int8_t type, in_addr addr) -{ - return radius_put_raw_attr(packet, type, &addr, sizeof(in_addr)); -} - -RADIUS_PACKET* radius_recvfrom(int s, int flags, sockaddr* addr, socklen_t* len) -{ - char buf[0x10000]; - ssize_t n; - - n = recvfrom(s, buf, sizeof(buf), flags, addr, len); - if(n <= 0) - return NULL; - - return radius_convert_packet(buf, (size_t)n); -} - -int radius_sendto(int s, const RADIUS_PACKET* packet, - int flags, const sockaddr* addr, socklen_t len) -{ - ssize_t n; - - n = sendto(s, packet->pdata, packet->pdata->length, flags, addr, len); - if(n != packet->pdata->length) - return 1; - return 0; -} - -/** - * Calculate keyed-hashing for message authenticaiton using md5. - * - * @param packet pointer to target RADIUS_PACKET. - * @param text_len length of data stream - * @param key pointer to authentication key - * @param key_len length of authentication key - * @param digest caller digest to be filled in - */ -static void -radius_hmac_md5(RADIUS_PACKET *packet, const char * key, int key_len, - caddr_t digest, int check) -{ - const RADIUS_ATTRIBUTE* attr; - const RADIUS_ATTRIBUTE* end; - MD5_CTX context; - u_char k_ipad[65]; /* inner padding - key XORd with ipad */ - u_char k_opad[65]; /* outer padding - key XORd with opad */ - u_char key0[64]; - int i; - u_char zero16[16]; - - /* if key is longer than 64 bytes reset it to key=MD5(key) */ - if (key_len > 64) - { - MD5_CTX tctx; - - MD5Init(&tctx); - MD5Update(&tctx, (const u_char *)key, key_len); - MD5Final((u_char *)key0, &tctx); - - key_len = 16; - } else - memcpy(key0, key, key_len); - - key = (const char *)key0; - - /* - * the HMAC_MD5 transform looks like: - * - * MD5(K XOR opad, MD5(K XOR ipad, text)) - * - * where K is an n byte key - * ipad is the byte 0x36 repeated 64 times - * opad is the byte 0x5c repeated 64 times - * and text is the data being protected - */ - - /* start out by storing key in pads */ - memset(k_ipad, 0, sizeof k_ipad); - memset(k_opad, 0, sizeof k_opad); - memcpy(k_ipad, key, key_len); - memcpy(k_opad, key, key_len); - - /* XOR key with ipad and opad values */ - for (i = 0; i < 64; i++) - { - k_ipad[i] ^= 0x36; - k_opad[i] ^= 0x5c; - } - - /* perform inner MD5 */ - MD5Init(&context); /* init context for 1st pass */ - MD5Update(&context, k_ipad, 64); /* start with inner pad */ - - /* - * Traverse the radius packet. - */ - if (check) - { - MD5Update(&context, (const u_char *)packet->pdata, 4); - MD5Update(&context, (unsigned char*)packet->request->pdata - ->authenticator, 16); - } - else - { - MD5Update(&context, (const u_char *)packet->pdata, - sizeof(RADIUS_PACKET_DATA)); - } - - attr = ATTRS_BEGIN(packet->pdata); - end = ATTRS_END(packet->pdata); - memset(zero16, 0, sizeof(zero16)); - - for(; attrtype == RADIUS_TYPE_MESSAGE_AUTHENTICATOR) - { - MD5Update(&context, (u_char *)attr, 2); - MD5Update(&context, (u_char *)zero16, sizeof(zero16)); - } else - MD5Update(&context, (u_char *)attr, (int)attr->length); - } - - MD5Final((u_char *)digest, &context); /* finish up 1st pass */ - /* - * perform outer MD5 - */ - MD5Init(&context); /* init context for 2nd pass */ - MD5Update(&context, k_opad, 64); /* start with outer pad */ - MD5Update(&context, (u_char *)digest, 16);/* then results of 1st hash */ - MD5Final((u_char *)digest, &context); /* finish up 2nd pass */ -} - -/* RFC 3579 */ -int radius_put_message_authenticator(RADIUS_PACKET *packet, const char *secret) -{ - int rval; - u_char md5result[16]; - RADIUS_ATTRIBUTE* attr; - RADIUS_ATTRIBUTE* end; - - if ((rval = radius_put_raw_attr(packet, - RADIUS_TYPE_MESSAGE_AUTHENTICATOR, md5result, sizeof(md5result))) - != 0) - return rval; - - radius_hmac_md5(packet, secret, strlen(secret), (caddr_t)md5result, 0); - - attr = ATTRS_BEGIN(packet->pdata); - end = ATTRS_END(packet->pdata); - - for(; attrtype == RADIUS_TYPE_MESSAGE_AUTHENTICATOR) - { - memcpy(attr->data, md5result, sizeof(md5result)); - break; - } - } - - return 0; -} - -int radius_check_message_authenticator(RADIUS_PACKET *packet, - const char *secret) -{ - int rval; - u_char len, md5result0[16], md5result1[16]; - - radius_hmac_md5(packet, secret, strlen(secret), (caddr_t)md5result0, - 1); - - if ((rval = radius_get_raw_attr(packet, - RADIUS_TYPE_MESSAGE_AUTHENTICATOR, md5result1, &len)) != 0) - return rval; - - if (len != sizeof(md5result1)) - return -1; - - return memcmp(md5result0, md5result1, sizeof(md5result1)); -} diff --git a/usr.sbin/npppd/npppd/radius+.h b/usr.sbin/npppd/npppd/radius+.h index ecc5c3a5472..4699e040ec5 100644 --- a/usr.sbin/npppd/npppd/radius+.h +++ b/usr.sbin/npppd/npppd/radius+.h @@ -79,10 +79,10 @@ int radius_get_vs_raw_attr_ptr(const RADIUS_PACKET* packet, u_int32_t vendor, u_int8_t vtype, void** ptr, u_int8_t* length); int radius_put_vs_raw_attr(RADIUS_PACKET* packet, u_int32_t vendor, u_int8_t vtype, const void* buf, u_int8_t length); -int radius_get_vs_raw_attr_all(const RADIUS_PACKET* packet, u_int8_t type, - caddr_t buf, int* length); -int radius_put_vs_raw_attr_all(RADIUS_PACKET* packet, u_int8_t type, - const caddr_t buf, int length); +int radius_get_vs_raw_attr_all(const RADIUS_PACKET*, u_int32_t, u_int8_t, + caddr_t, int*); +int radius_put_vs_raw_attr_all(RADIUS_PACKET*, u_int32_t, u_int8_t, + const void *, int); /* accessors - typed attributes */ int radius_get_uint32_attr(const RADIUS_PACKET* packet, u_int8_t type, diff --git a/usr.sbin/npppd/npppd/radius+_local.h b/usr.sbin/npppd/npppd/radius+_local.h index eb977e87dd9..f79ad7c73c6 100644 --- a/usr.sbin/npppd/npppd/radius+_local.h +++ b/usr.sbin/npppd/npppd/radius+_local.h @@ -30,8 +30,6 @@ #ifndef RADIUSPLUS_LOCAL_H #define RADIUSPLUS_LOCAL_H -#include "nint.h" - #ifndef countof #define countof(x) (sizeof(x)/sizeof((x)[0])) #endif @@ -41,7 +39,7 @@ typedef struct _RADIUS_PACKET_DATA { u_int8_t code; u_int8_t id; - nuint16 length; + u_int16_t length; char authenticator[16]; char attributes[0]; } RADIUS_PACKET_DATA; @@ -51,7 +49,7 @@ typedef struct _RADIUS_ATTRIBUTE u_int8_t type; u_int8_t length; char data[0]; - nuint32 vendor; + u_int32_t vendor; u_int8_t vtype; u_int8_t vlength; char vdata[0]; @@ -70,35 +68,12 @@ struct _RADIUS_PACKET extern u_int8_t radius_id_counter; -inline void ADVANCE(RADIUS_ATTRIBUTE*& rp) -{ - rp = (RADIUS_ATTRIBUTE*)(((char*)rp) + rp->length); -} - -inline void ADVANCE(const RADIUS_ATTRIBUTE*& rp) -{ - rp = (const RADIUS_ATTRIBUTE*)(((const char*)rp) + rp->length); -} - -inline RADIUS_ATTRIBUTE* ATTRS_BEGIN(RADIUS_PACKET_DATA* pdata) -{ - return (RADIUS_ATTRIBUTE*)pdata->attributes; -} +#define ADVANCE(rp) (rp = (RADIUS_ATTRIBUTE*)(((char*)rp) + rp->length)) -inline const RADIUS_ATTRIBUTE* ATTRS_BEGIN(const RADIUS_PACKET_DATA* pdata) -{ - return (const RADIUS_ATTRIBUTE*)pdata->attributes; -} +#define ATTRS_BEGIN(pdata) ((RADIUS_ATTRIBUTE*)pdata->attributes) -inline RADIUS_ATTRIBUTE* ATTRS_END(RADIUS_PACKET_DATA* pdata) -{ - return (RADIUS_ATTRIBUTE*)(((char*)pdata) + pdata->length); -} - -inline const RADIUS_ATTRIBUTE* ATTRS_END(const RADIUS_PACKET_DATA* pdata) -{ - return (const RADIUS_ATTRIBUTE*)(((const char*)pdata) + pdata->length); -} +#define ATTRS_END(pdata) \ + ((RADIUS_ATTRIBUTE*)(((char*)pdata) + ntohs(pdata->length))) #ifndef MIN #define MIN(m,n) (((m) < (n))? (m) : (n)) -- cgit v1.2.3