Ejemplo n.º 1
0
int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
		      size_t secret_len)
{
	if (secret) {
		u8 auth[MD5_MAC_LEN];
		struct radius_attr_hdr *attr;

		os_memset(auth, 0, MD5_MAC_LEN);
		attr = radius_msg_add_attr(msg,
					   RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
					   auth, MD5_MAC_LEN);
		if (attr == NULL) {
			fd_log_debug("WARNING: Could not add Message-Authenticator");
			return -1;
		}
		msg->hdr->length = htons(msg->buf_used);
		hmac_md5(secret, secret_len, msg->buf, msg->buf_used,
			 (u8 *) (attr + 1));
	} else
		msg->hdr->length = htons(msg->buf_used);

	if (msg->buf_used > 0xffff) {
		fd_log_debug("WARNING: too long RADIUS message (%lu)",
		       (unsigned long) msg->buf_used);
		return -1;
	}
	return 0;
}
Ejemplo n.º 2
0
int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
		      size_t secret_len, struct radius_msg *sent_msg, int auth)
{
	const u8 *addr[4];
	size_t len[4];
	u8 hash[MD5_MAC_LEN];

	if (sent_msg == NULL) {
		fd_log_debug("No matching Access-Request message found");
		return 1;
	}

	if (auth &&
	    radius_msg_verify_msg_auth(msg, secret, secret_len,
				       sent_msg->hdr->authenticator)) {
		return 1;
	}

	/* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
	addr[0] = (u8 *) msg->hdr;
	len[0] = 1 + 1 + 2;
	addr[1] = sent_msg->hdr->authenticator;
	len[1] = MD5_MAC_LEN;
	addr[2] = (u8 *) (msg->hdr + 1);
	len[2] = msg->buf_used - sizeof(*msg->hdr);
	addr[3] = secret;
	len[3] = secret_len;
	md5_vector(4, addr, len, hash);
	if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
		fd_log_debug("Response Authenticator invalid!");
		return 1;
	}

	return 0;
}
Ejemplo n.º 3
0
/* Dump a message  */
void rgw_msg_dump(struct rgw_radius_msg_meta * msg, int has_meta)
{
	unsigned char *auth;
	char buf[256];
	size_t i;
	if (! TRACE_BOOL(FULL) )
		return;
	
	auth =  &(msg->radius.hdr->authenticator[0]);
	
	fd_log_debug("------ RADIUS msg dump -------");
	fd_log_debug(" id  : 0x%02hhx, code : %hhd (%s), length : %d", msg->radius.hdr->identifier, msg->radius.hdr->code, rgw_msg_code_str(msg->radius.hdr->code), ntohs(msg->radius.hdr->length));
	fd_log_debug(" auth: %02hhx %02hhx %02hhx %02hhx  %02hhx %02hhx %02hhx %02hhx",
			auth[0], auth[1], auth[2], auth[3], auth[4], auth[5], auth[6], auth[7]);
	fd_log_debug("       %02hhx %02hhx %02hhx %02hhx  %02hhx %02hhx %02hhx %02hhx",
			auth[8],  auth[9],  auth[10], auth[11], auth[12], auth[13], auth[14], auth[15]);
	for (i = 0; i < msg->radius.attr_used; i++) {
		struct radius_attr_hdr *attr = (struct radius_attr_hdr *)(msg->radius.buf + msg->radius.attr_pos[i]);
		fd_log_debug("    - Type: 0x%02hhx (%s)       Len: %-3hhu", attr->type, rgw_msg_attrtype_str(attr->type), attr->length);
		fd_log_debug("%s", radius_msg_dump_attr_val(attr, buf, sizeof(buf)));
	}
	if (has_meta && msg->ps_nb) {
		fd_log_debug("---- hidden attributes:");
		for (i = msg->ps_first; i < msg->ps_first + msg->ps_nb; i++) {
			struct radius_attr_hdr *attr = (struct radius_attr_hdr *)(msg->radius.buf + msg->radius.attr_pos[i]);
			fd_log_debug("    - Type: 0x%02hhx (%s)       Len: %-3hhu", attr->type, rgw_msg_attrtype_str(attr->type), attr->length);
			fd_log_debug("%s", radius_msg_dump_attr_val(attr, buf, sizeof(buf)));
		}
	}
	fd_log_debug("-----------------------------");
}
Ejemplo n.º 4
0
/* Function called when a new RADIUS message is being converted to Diameter */
static int debug_rad_req( struct rgwp_config * cs, struct radius_msg * rad_req, struct radius_msg ** rad_ans, struct msg ** diam_fw, struct rgw_client * cli )
{
	TRACE_ENTRY("%p %p %p %p %p", cs, rad_req, rad_ans, diam_fw, cli);
	
	fd_log_debug("------------- RADIUS/Diameter Request Debug%s%s%s -------------", cs ? " [" : "", cs ? (char *)cs : "", cs ? "]" : "");
	
	if (!rad_req) {
		fd_log_debug(" RADIUS request: NULL pointer");
	} else {
		fd_log_debug(" RADIUS request (%p) DUMP:", rad_req);
		debug_dump_radius(rad_req);
	}
	
	if (!rad_ans || ! *rad_ans) {
		fd_log_debug(" RADIUS answer: NULL pointer");
	} else {
		fd_log_debug(" RADIUS answer (%p) DUMP:", *rad_ans);
		debug_dump_radius(*rad_ans);
	}
	
	if (!diam_fw || ! *diam_fw) {
		fd_log_debug(" Diameter message: NULL pointer");
	} else {
		char * buf = NULL; size_t buflen;
		CHECK_MALLOC( fd_msg_dump_treeview(&buf, &buflen, NULL, *diam_fw, NULL, 0, 1) );
		fd_log_debug(" Diameter message (%p) DUMP: %s", *diam_fw, buf);
		free(buf);
	}
	
	fd_log_debug("===========  Debug%s%s%s complete =============", cs ? " [" : "", cs ? (char *)cs : "", cs ? "]" : "");
	
	return 0;
}
Ejemplo n.º 5
0
static void ta_conf_dump(void)
{
	if (!TRACE_BOOL(INFO))
		return;
	fd_log_debug( "------- app_test configuration dump: ---------");
	fd_log_debug( " Vendor Id .......... : %u", ta_conf->vendor_id);
	fd_log_debug( " Application Id ..... : %u", ta_conf->appli_id);
	fd_log_debug( " Command Id ......... : %u", ta_conf->cmd_id);
	fd_log_debug( " AVP Id ............. : %u", ta_conf->avp_id);
	fd_log_debug( " Long AVP Id ........ : %u", ta_conf->long_avp_id);
	fd_log_debug( " Long AVP len ....... : %zu", ta_conf->long_avp_len);
	fd_log_debug( " Mode ............... : %s%s%s", ta_conf->mode & MODE_SERV ? "Serv" : "", ta_conf->mode & MODE_CLI ? "Cli" : "",  ta_conf->mode & MODE_BENCH ? " (Benchmark)" : "");
	fd_log_debug( " Destination Realm .. : %s", ta_conf->dest_realm ?: "- none -");
	fd_log_debug( " Destination Host ... : %s", ta_conf->dest_host ?: "- none -");
	fd_log_debug( " Signal ............. : %i", ta_conf->signal);
	fd_log_debug( "------- /app_test configuration dump ---------");
}
Ejemplo n.º 6
0
int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
			       size_t secret_len, const u8 *req_auth)
{
	u8 auth[MD5_MAC_LEN], orig[MD5_MAC_LEN];
	u8 orig_authenticator[16];
	struct radius_attr_hdr *attr = NULL, *tmp;
	size_t i;

	for (i = 0; i < msg->attr_used; i++) {
		tmp = radius_get_attr_hdr(msg, i);
		if (tmp->type == RADIUS_ATTR_MESSAGE_AUTHENTICATOR) {
			if (attr != NULL) {
				fd_log_debug("Multiple Message-Authenticator attributes in RADIUS message");
				return 1;
			}
			attr = tmp;
		}
	}

	if (attr == NULL) {
		fd_log_debug("No Message-Authenticator attribute found");
		return 1;
	}

	os_memcpy(orig, attr + 1, MD5_MAC_LEN);
	os_memset(attr + 1, 0, MD5_MAC_LEN);
	if (req_auth) {
		os_memcpy(orig_authenticator, msg->hdr->authenticator,
			  sizeof(orig_authenticator));
		os_memcpy(msg->hdr->authenticator, req_auth,
			  sizeof(msg->hdr->authenticator));
	}
	hmac_md5(secret, secret_len, msg->buf, msg->buf_used, auth);
	os_memcpy(attr + 1, orig, MD5_MAC_LEN);
	if (req_auth) {
		os_memcpy(msg->hdr->authenticator, orig_authenticator,
			  sizeof(orig_authenticator));
	}

	if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) {
		fd_log_debug("Invalid Message-Authenticator!");
		return 1;
	}

	return 0;
}
Ejemplo n.º 7
0
/* Default callback for the application. */
static int ta_fb_cb( struct msg ** msg, struct avp * avp, struct session * sess, void * opaque, enum disp_action * act)
{
	/* This CB should never be called */
	TRACE_ENTRY("%p %p %p %p", msg, avp, sess, act);
	
	fd_log_debug("Unexpected message received!");
	
	return ENOTSUP;
}
Ejemplo n.º 8
0
/* Function to display the content of a RADIUS message (more friendly way than radius_msg_dump) */
static void debug_dump_radius(struct radius_msg *msg)
{
	unsigned char *auth;
	size_t i;
	
	auth =  &(msg->hdr->authenticator[0]);
	fd_log_debug(" id  : 0x%02hhx, code: %hhd (%s)", msg->hdr->identifier, msg->hdr->code, rgw_msg_code_str(msg->hdr->code));
	fd_log_debug(" auth: %02hhx %02hhx %02hhx %02hhx  %02hhx %02hhx %02hhx %02hhx",
			auth[0], auth[1], auth[2], auth[3], 
			auth[4], auth[5], auth[6], auth[7]);
	fd_log_debug("       %02hhx %02hhx %02hhx %02hhx  %02hhx %02hhx %02hhx %02hhx",
			auth[8],  auth[9],  auth[10], auth[11], 
			auth[12], auth[13], auth[14], auth[15]);
	for (i = 0; i < msg->attr_used; i++) {
		struct radius_attr_hdr *attr = (struct radius_attr_hdr *)(msg->buf + msg->attr_pos[i]);
		fd_log_debug("  - len:%3hhu, type:0x%02hhx (%s)", attr->length, attr->type, rgw_msg_attrtype_str(attr->type));
		/* If we need to dump the value, it's better to call directly radius_msg_dump instead... */
	}
}
Ejemplo n.º 9
0
int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
			  size_t secret_len, const u8 *req_authenticator)
{
	u8 auth[MD5_MAC_LEN];
	struct radius_attr_hdr *attr;
	const u8 *addr[4];
	size_t len[4];

	if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
	    os_memset(auth, 0, MD5_MAC_LEN);
	    attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
				       auth, MD5_MAC_LEN);
	    if (attr == NULL) {
		    fd_log_debug("WARNING: Could not add Message-Authenticator");
		    return -1;
	    }
	    msg->hdr->length = htons(msg->buf_used);
	    os_memcpy(msg->hdr->authenticator, req_authenticator,
		      sizeof(msg->hdr->authenticator));
	    hmac_md5(secret, secret_len, msg->buf, msg->buf_used,
		     (u8 *) (attr + 1));
	} else {
	    msg->hdr->length = htons(msg->buf_used);
	}

	/* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
	addr[0] = (u8 *) msg->hdr;
	len[0] = 1 + 1 + 2;
	addr[1] = req_authenticator;
	len[1] = MD5_MAC_LEN;
	addr[2] = (u8 *) (msg->hdr + 1);
	len[2] = msg->buf_used - sizeof(*msg->hdr);
	addr[3] = secret;
	len[3] = secret_len;
	md5_vector(4, addr, len, msg->hdr->authenticator);

	if (msg->buf_used > 0xffff) {
		fd_log_debug("WARNING: too long RADIUS message (%lu)",
		       (unsigned long) msg->buf_used);
		return -1;
	}
	return 0;
}
Ejemplo n.º 10
0
struct radius_attr_hdr *radius_msg_add_attr(struct radius_msg *msg, u8 type,
					    const u8 *data, size_t data_len)
{
	size_t buf_needed;
	struct radius_attr_hdr *attr;

	if (data_len > RADIUS_MAX_ATTR_LEN) {
		fd_log_debug("radius_msg_add_attr: too long attribute (%lu bytes)",
		       (unsigned long) data_len);
		return NULL;
	}

	buf_needed = msg->buf_used + sizeof(*attr) + data_len;

	if (msg->buf_size < buf_needed) {
		/* allocate more space for message buffer */
		unsigned char *nbuf;
		size_t nlen = msg->buf_size;

		while (nlen < buf_needed)
			nlen *= 2;
		nbuf = os_realloc(msg->buf, nlen);
		if (nbuf == NULL)
			return NULL;
		msg->buf = nbuf;
		msg->hdr = (struct radius_hdr *) msg->buf;
		os_memset(msg->buf + msg->buf_size, 0, nlen - msg->buf_size);
		msg->buf_size = nlen;
	}

	attr = (struct radius_attr_hdr *) (msg->buf + msg->buf_used);
	attr->type = type;
	attr->length = sizeof(*attr) + data_len;
	if (data_len > 0)
		os_memcpy(attr + 1, data, data_len);

	msg->buf_used += sizeof(*attr) + data_len;

	if (radius_msg_add_attr_to_array(msg, attr))
		return NULL;

	return attr;
}
Ejemplo n.º 11
0
void radius_msg_finish_acct(struct radius_msg *msg, const u8 *secret,
			    size_t secret_len)
{
	const u8 *addr[2];
	size_t len[2];

	msg->hdr->length = htons(msg->buf_used);
	os_memset(msg->hdr->authenticator, 0, MD5_MAC_LEN);
	addr[0] = msg->buf;
	len[0] = msg->buf_used;
	addr[1] = secret;
	len[1] = secret_len;
	md5_vector(2, addr, len, msg->hdr->authenticator);

	if (msg->buf_used > 0xffff) {
		fd_log_debug("WARNING: too long RADIUS messages (%lu)",
		       (unsigned long) msg->buf_used);
	}
}
Ejemplo n.º 12
0
/* Main test routine */
int main(int argc, char *argv[])
{
	/* First, initialize the daemon modules */
	INIT_FD();
	
	/* Create 4 peers with these ids */
	{
		int i;
		struct peer_info inf;
		char locid[255];
		memset(&inf, 0, sizeof(inf));
		inf.pi_diamid = (char *)locid;
		for (i=0; i < sizeof(ids) / sizeof(ids[0]); i++) {
			snprintf(locid, sizeof(locid), "%s." DomainName, ids[i]);
			CHECK( 0, fd_peer_add(&inf, __FILE__, NULL, NULL));
		}
	}
	fd_log_debug("%s", fd_peer_dump_list(FD_DUMP_TEST_PARAMS, 0));
	/* Check we are able to find again any of these */
	{
		int i;
		char locid[255];
		struct peer_hdr *p;
		for (i=0; i < sizeof(ids) / sizeof(ids[0]); i++) {
			snprintf(locid, sizeof(locid), "%s." DomainName, ids[i]);
			CHECK( 0, fd_peer_getbyid((DiamId_t)locid, strlen((char *)locid), 0, &p));
			CHECK( 0, strcmp((char *)locid, p->info.pi_diamid));
			CHECK( 0, fd_peer_getbyid((DiamId_t)locid, strlen((char *)locid), 1, &p));
			CHECK( 0, strcmp((char *)locid, p->info.pi_diamid));
		}
	}
	
	
	/* That's all for the tests yet */
	PASSTEST();
}
Ejemplo n.º 13
0
/* Function to display statistics periodically */
static void * ta_stats(void * arg) {

	struct timespec start, now;
	struct ta_stats copy;
	
	/* Get the start time */
	CHECK_SYS_DO( clock_gettime(CLOCK_REALTIME, &start), );
	
	/* Now, loop until canceled */
	while (1) {
		/* Display statistics every XX seconds */
		sleep(ta_conf->bench_duration + 3);
		
		/* Now, get the current stats */
		CHECK_POSIX_DO( pthread_mutex_lock(&ta_conf->stats_lock), );
		memcpy(&copy, &ta_conf->stats, sizeof(struct ta_stats));
		CHECK_POSIX_DO( pthread_mutex_unlock(&ta_conf->stats_lock), );
		
		/* Get the current execution time */
		CHECK_SYS_DO( clock_gettime(CLOCK_REALTIME, &now), );
		
		/* Now, display everything */
		fd_log_debug( "------- app_test statistics ---------");
		if (now.tv_nsec >= start.tv_nsec) {
			fd_log_debug( " Executing for: %d.%06ld sec",
					(int)(now.tv_sec - start.tv_sec),
					(long)(now.tv_nsec - start.tv_nsec) / 1000);
		} else {
			fd_log_debug( " Executing for: %d.%06ld sec",
					(int)(now.tv_sec - 1 - start.tv_sec),
					(long)(now.tv_nsec + 1000000000 - start.tv_nsec) / 1000);
		}
		
		if (ta_conf->mode & MODE_SERV) {
			fd_log_debug( " Server: %llu message(s) echoed", copy.nb_echoed);
		}
		if (ta_conf->mode & MODE_CLI) {
			fd_log_debug( " Client:");
			fd_log_debug( "   %llu message(s) sent", copy.nb_sent);
			fd_log_debug( "   %llu error(s) received", copy.nb_errs);
			fd_log_debug( "   %llu answer(s) received", copy.nb_recv);
			fd_log_debug( "     fastest: %ld.%06ld sec.", copy.shortest / 1000000, copy.shortest % 1000000);
			fd_log_debug( "     slowest: %ld.%06ld sec.", copy.longest / 1000000, copy.longest % 1000000);
			fd_log_debug( "     Average: %ld.%06ld sec.", copy.avg / 1000000, copy.avg % 1000000);
		}
		fd_log_debug( "-------------------------------------");
	}
	
	return NULL; /* never called */
}
Ejemplo n.º 14
0
/* Main test routine */
int main(int argc, char *argv[])
{
	/* First, initialize the daemon modules */
	INIT_FD();
	
	/* Test creating and searching all types of objects */
	{
		struct dict_object * obj1 = NULL;
		struct dict_object * obj2 = NULL;
		struct dict_object * obj3 = NULL;

		vendor_id_t vendor_id = 735671;
		struct dict_vendor_data vendor1_data = { 735671, "Vendor test 1" };
		struct dict_vendor_data vendor2_data = { 735672, "Vendor test 2" };
		struct dict_application_data app1_data = { 735674, "Application test 1" };
		
		
		/* Create two vendors */
		CHECK( 0, fd_dict_new ( fd_g_config->cnf_dict, DICT_VENDOR, &vendor1_data , NULL, &obj1 ) );
		CHECK( 0, fd_dict_new ( fd_g_config->cnf_dict, DICT_VENDOR, &vendor2_data , NULL, NULL ) );
		
		/* Check we always retrieve the correct vendor object */
		CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_ID, &vendor_id, &obj2, ENOENT ) );
		CHECK( obj1, obj2);
		CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_NAME, "Vendor test 1", &obj2, ENOENT ) );
		CHECK( obj1, obj2);
		
		/* Check the error conditions */
		CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_ID, &vendor_id, NULL, ENOENT ) );
		
		vendor_id = 735673; /* Not defined */
		CHECK( ENOENT, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_ID, &vendor_id, NULL, ENOENT ) );
		CHECK( ENOENT, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_NAME, "Vendor test 3", NULL, ENOENT ) );
		CHECK( ENOENT, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_ID, &vendor_id, &obj2, ENOENT ) );
		CHECK( ENOENT, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_NAME, "Vendor test 3", &obj2, ENOENT ) );
		CHECK( ENOTSUP, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_NAME, "Vendor test 3", &obj2, ENOTSUP ) );
		
		/* Check the get_* functions */
		CHECK( 0, fd_dict_getval ( obj1, &vendor1_data ) );
		CHECK( 735671, vendor1_data.vendor_id );
		CHECK( 0, strcmp(vendor1_data.vendor_name, "Vendor test 1") );
		/* error conditions */
		CHECK( EINVAL, fd_dict_getval ( (struct dict_object *)"not an object", &vendor1_data ) );
		
		/* Create the application with vendor1 as parent */
		CHECK( EINVAL, fd_dict_new ( fd_g_config->cnf_dict, DICT_APPLICATION, &app1_data , (struct dict_object *)"bad object", &obj2 ) );
		CHECK( 0, fd_dict_new ( fd_g_config->cnf_dict, DICT_APPLICATION, &app1_data , obj1, &obj2 ) );
		
		CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_OF_APPLICATION, obj2, &obj3, ENOENT ) );
		CHECK( obj1, obj3);
		
		/* Creating and searching the other objects is already done in dictionary initialization */
	}

	/* Test creation of the "Example-AVP" grouped AVP from the RFC */
	{
		int nbr = 0;
		struct dict_object * origin_host_avp = NULL;
		struct dict_object * session_id_avp = NULL;
		struct dict_object * example_avp_avp = NULL;
		struct dict_rule_data rule_data = { NULL, RULE_REQUIRED, -1, -1 };
		struct dict_avp_data example_avp_data = { 999999, 0, "Example-AVP", AVP_FLAG_VENDOR , 0, AVP_TYPE_GROUPED };

		CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_AVP, AVP_BY_NAME, "Origin-Host", &origin_host_avp, ENOENT ) );
		CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_AVP, AVP_BY_NAME, "Session-Id", &session_id_avp, ENOENT ) );
		
		CHECK( 0, fd_dict_new ( fd_g_config->cnf_dict, DICT_AVP, &example_avp_data , NULL, &example_avp_avp ) );
		
		rule_data.rule_avp = origin_host_avp;
		rule_data.rule_min = 1;
		rule_data.rule_max = 1;
		CHECK( 0, fd_dict_new ( fd_g_config->cnf_dict, DICT_RULE, &rule_data, example_avp_avp, NULL ) );
		
		rule_data.rule_avp = session_id_avp;
		rule_data.rule_min = 1;
		rule_data.rule_max = -1;
		CHECK( 0, fd_dict_new ( fd_g_config->cnf_dict, DICT_RULE, &rule_data, example_avp_avp, NULL ) );
		
		CHECK( 0, fd_dict_iterate_rules ( example_avp_avp, &nbr, iter_test) );
		CHECK( 2, nbr );
	}
	
	/* Test list function */
	{
		struct fd_list * li = NULL;
		struct fd_list * sentinel = NULL;
		enum dict_object_type	type;
		struct dict_object * defvnd=NULL;
		vendor_id_t vid = 0;
		int first = 1;
		
		CHECK( 0, fd_dict_getlistof(VENDOR_BY_ID, fd_g_config->cnf_dict, &sentinel));
		
		for (li = sentinel; (li != sentinel) || (first != 0); li = li->next) {
			first = 0;
			CHECK(0, fd_dict_gettype(li->o, &type));
			CHECK(DICT_VENDOR, type);
#if 0
			struct dict_vendor_data data;
			CHECK( 0, fd_dict_getval(li->o, &data) );
			printf("%d : %s\n", data.vendor_id, data.vendor_name);
#endif
		}
		
		CHECK( 0, fd_dict_search(fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_ID, &vid, &defvnd, ENOENT) );
		
		CHECK( 0, fd_dict_getlistof(AVP_BY_NAME, defvnd, &sentinel));
		for (li = sentinel->next; li != sentinel; li = li->next) {
			CHECK(0, fd_dict_gettype(li->o, &type));
			CHECK(DICT_AVP, type);
#if 0
			struct dict_avp_data data;
			CHECK( 0, fd_dict_getval(li->o, &data) );
			printf("%d : %s\n", data.avp_code, data.avp_name);
#endif
		}
	}

	/* Test delete function */
	{
		struct fd_list * li = NULL;
		struct fd_list * sentinel = NULL;
		struct dict_object * obj=NULL;
		vendor_id_t vid = 0;
		int count = 0, cntbkp;
		
		CHECK( 0, fd_dict_search(fd_g_config->cnf_dict, DICT_VENDOR, VENDOR_BY_ID, &vid, &obj, ENOENT) );
		
		CHECK( EINVAL, fd_dict_delete(obj) );
			
		
		CHECK( 0, fd_dict_getlistof(AVP_BY_NAME, obj, &sentinel));
		obj = NULL;
		
		for (li = sentinel->next; li != sentinel; li = li->next) {
			struct dict_avp_data data;
			CHECK( 0, fd_dict_getval(li->o, &data) );
			count++;
			if (data.avp_basetype != AVP_TYPE_GROUPED)
				obj = li->o;
		}
		
		CHECK(1, obj ? 1 : 0 );
#if 1
		fd_log_debug("%s", fd_dict_dump_object(FD_DUMP_TEST_PARAMS, obj));
#endif
		CHECK( 0, fd_dict_delete(obj) );
		cntbkp = count;
		count = 0;
		for (li = sentinel->next; li != sentinel; li = li->next) {
			count++;
		}
		CHECK( 1, cntbkp - count );
		
	}
	
	LOG_D( "Dictionary at the end of %s: %s", __FILE__, fd_dict_dump(FD_DUMP_TEST_PARAMS, fd_g_config->cnf_dict) ?: "error");
	
	/* That's all for the tests yet */
	PASSTEST();
}
Ejemplo n.º 15
0
static u8 * decrypt_ms_key(const u8 *key, size_t len,
			   const u8 *req_authenticator,
			   const u8 *secret, size_t secret_len, size_t *reslen)
{
	u8 *plain, *ppos, *res;
	const u8 *pos;
	size_t left, plen;
	u8 hash[MD5_MAC_LEN];
	int i, first = 1;
	const u8 *addr[3];
	size_t elen[3];

	/* key: 16-bit salt followed by encrypted key info */

	if (len < 2 + 16)
		return NULL;

	pos = key + 2;
	left = len - 2;
	if (left % 16) {
		fd_log_debug("Invalid ms key len %lu", (unsigned long) left);
		return NULL;
	}

	plen = left;
	ppos = plain = os_malloc(plen);
	if (plain == NULL)
		return NULL;
	plain[0] = 0;

	while (left > 0) {
		/* b(1) = MD5(Secret + Request-Authenticator + Salt)
		 * b(i) = MD5(Secret + c(i - 1)) for i > 1 */

		addr[0] = secret;
		elen[0] = secret_len;
		if (first) {
			addr[1] = req_authenticator;
			elen[1] = MD5_MAC_LEN;
			addr[2] = key;
			elen[2] = 2; /* Salt */
		} else {
			addr[1] = pos - MD5_MAC_LEN;
			elen[1] = MD5_MAC_LEN;
		}
		md5_vector(first ? 3 : 2, addr, elen, hash);
		first = 0;

		for (i = 0; i < MD5_MAC_LEN; i++)
			*ppos++ = *pos++ ^ hash[i];
		left -= MD5_MAC_LEN;
	}

	if (plain[0] == 0 || plain[0] > plen - 1) {
		fd_log_debug("Failed to decrypt MPPE key");
		os_free(plain);
		return NULL;
	}

	res = os_malloc(plain[0]);
	if (res == NULL) {
		os_free(plain);
		return NULL;
	}
	os_memcpy(res, plain + 1, plain[0]);
	if (reslen)
		*reslen = plain[0];
	os_free(plain);
	return res;
}
Ejemplo n.º 16
0
/* gnutls debug */
static void fd_gnutls_debug(int level, const char * str) {
	fd_log_debug(" [gnutls:%d] %s", level, str);
}