static int proxy_socket_encode(UNUSED rad_listen_t *listener, REQUEST *request)
{
rad_encode(request->proxy, NULL, request->home_server->secret);
rad_sign(request->proxy, NULL, request->home_server->secret);
return 0;
}
/*
* Send a response packet
*/
int dual_tls_send(rad_listen_t *listener, REQUEST *request)
{
listen_socket_t *sock = listener->data;
rad_assert(request->listener == listener);
rad_assert(listener->send == dual_tls_send);
/*
* Accounting reject's are silently dropped.
*
* We do it here to avoid polluting the rest of the
* code with this knowledge
*/
if (request->reply->code == 0) return 0;
/*
* Pack the VPs
*/
if (rad_encode(request->reply, request->packet,
request->client->secret) < 0) {
RDEBUG("Failed encoding packet: %s", fr_strerror());
return 0;
}
/*
* Sign the packet.
*/
if (rad_sign(request->reply, request->packet,
request->client->secret) < 0) {
RDEBUG("Failed signing packet: %s", fr_strerror());
return 0;
}
PTHREAD_MUTEX_LOCK(&sock->mutex);
/*
* Write the packet to the SSL buffers.
*/
sock->ssn->record_plus(&sock->ssn->clean_in,
request->reply->data, request->reply->data_len);
/*
* Do SSL magic to get encrypted data.
*/
tls_handshake_send(request, sock->ssn);
/*
* And finally write the data to the socket.
*/
if (sock->ssn->dirty_out.used > 0) {
dump_hex("WRITE TO SSL", sock->ssn->dirty_out.data, sock->ssn->dirty_out.used);
tls_socket_write(listener, request);
}
PTHREAD_MUTEX_UNLOCK(&sock->mutex);
return 0;
}
static int status_socket_encode(UNUSED rad_listen_t *listener, REQUEST *request)
{
if (!request->reply->code) return 0;
rad_encode(request->reply, request->packet,
request->client->secret);
rad_sign(request->reply, request->packet,
request->client->secret);
return 0;
}
/*
* Send a response packet
*/
int dual_tls_send(rad_listen_t *listener, REQUEST *request)
{
listen_socket_t *sock = listener->data;
VERIFY_REQUEST(request);
rad_assert(request->listener == listener);
rad_assert(listener->send == dual_tls_send);
if (listener->status != RAD_LISTEN_STATUS_KNOWN) return 0;
/*
* Accounting reject's are silently dropped.
*
* We do it here to avoid polluting the rest of the
* code with this knowledge
*/
if (request->reply->code == 0) return 0;
/*
* Pack the VPs
*/
if (rad_encode(request->reply, request->packet,
request->client->secret) < 0) {
RERROR("Failed encoding packet: %s", fr_strerror());
return 0;
}
if (request->reply->data_len > (MAX_PACKET_LEN - 100)) {
RWARN("Packet is large, and possibly truncated - %zd vs max %d",
request->reply->data_len, MAX_PACKET_LEN);
}
/*
* Sign the packet.
*/
if (rad_sign(request->reply, request->packet,
request->client->secret) < 0) {
RERROR("Failed signing packet: %s", fr_strerror());
return 0;
}
PTHREAD_MUTEX_LOCK(&sock->mutex);
/*
* Write the packet to the SSL buffers.
*/
sock->ssn->record_plus(&sock->ssn->clean_in,
request->reply->data, request->reply->data_len);
dump_hex("TUNNELED DATA < ", sock->ssn->clean_in.data, sock->ssn->clean_in.used);
/*
* Do SSL magic to get encrypted data.
*/
tls_handshake_send(request, sock->ssn);
/*
* And finally write the data to the socket.
*/
if (sock->ssn->dirty_out.used > 0) {
dump_hex("WRITE TO SSL", sock->ssn->dirty_out.data, sock->ssn->dirty_out.used);
tls_socket_write(listener, request);
}
PTHREAD_MUTEX_UNLOCK(&sock->mutex);
return 0;
}
