taclib.c revision 41120
141120Sjdp/*- 241120Sjdp * Copyright 1998 Juniper Networks, Inc. 341120Sjdp * All rights reserved. 441120Sjdp * 541120Sjdp * Redistribution and use in source and binary forms, with or without 641120Sjdp * modification, are permitted provided that the following conditions 741120Sjdp * are met: 841120Sjdp * 1. Redistributions of source code must retain the above copyright 941120Sjdp * notice, this list of conditions and the following disclaimer. 1041120Sjdp * 2. Redistributions in binary form must reproduce the above copyright 1141120Sjdp * notice, this list of conditions and the following disclaimer in the 1241120Sjdp * documentation and/or other materials provided with the distribution. 1341120Sjdp * 1441120Sjdp * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1541120Sjdp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1641120Sjdp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1741120Sjdp * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1841120Sjdp * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 1941120Sjdp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2041120Sjdp * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2141120Sjdp * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2241120Sjdp * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2341120Sjdp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2441120Sjdp * SUCH DAMAGE. 2541120Sjdp * 2641120Sjdp * $FreeBSD: cvs2svn/branches/JUNIPER/lib/libtacplus/taclib.c 41120 1998-11-13 00:54:26Z jdp $ 2741120Sjdp */ 2841120Sjdp 2941120Sjdp#include <sys/types.h> 3041120Sjdp#include <sys/socket.h> 3141120Sjdp#include <sys/time.h> 3241120Sjdp#include <netinet/in.h> 3341120Sjdp#include <arpa/inet.h> 3441120Sjdp 3541120Sjdp#include <assert.h> 3641120Sjdp#include <errno.h> 3741120Sjdp#include <fcntl.h> 3841120Sjdp#include <md5.h> 3941120Sjdp#include <netdb.h> 4041120Sjdp#include <stdarg.h> 4141120Sjdp#include <stddef.h> 4241120Sjdp#include <stdio.h> 4341120Sjdp#include <stdlib.h> 4441120Sjdp#include <string.h> 4541120Sjdp#include <unistd.h> 4641120Sjdp 4741120Sjdp#include "taclib_private.h" 4841120Sjdp 4941120Sjdpstatic int add_str_8(struct tac_handle *, u_int8_t *, 5041120Sjdp struct clnt_str *); 5141120Sjdpstatic int add_str_16(struct tac_handle *, u_int16_t *, 5241120Sjdp struct clnt_str *); 5341120Sjdpstatic int authen_version(int, int); 5441120Sjdpstatic void close_connection(struct tac_handle *); 5541120Sjdpstatic int conn_server(struct tac_handle *); 5641120Sjdpstatic void crypt_msg(struct tac_handle *, struct tac_msg *); 5741120Sjdpstatic void *dup_str(struct tac_handle *, const struct srvr_str *, 5841120Sjdp size_t *); 5941120Sjdpstatic int establish_connection(struct tac_handle *); 6041120Sjdpstatic void free_str(struct clnt_str *); 6141120Sjdpstatic void generr(struct tac_handle *, const char *, ...) 6241120Sjdp __printflike(2, 3); 6341120Sjdpstatic void gen_session_id(struct tac_msg *); 6441120Sjdpstatic int get_srvr_end(struct tac_handle *); 6541120Sjdpstatic int get_srvr_str(struct tac_handle *, struct srvr_str *, 6641120Sjdp size_t); 6741120Sjdpstatic void init_clnt_str(struct clnt_str *); 6841120Sjdpstatic void init_srvr_str(struct srvr_str *); 6941120Sjdpstatic int read_timed(struct tac_handle *, void *, size_t, 7041120Sjdp const struct timeval *); 7141120Sjdpstatic int recv_msg(struct tac_handle *); 7241120Sjdpstatic int save_str(struct tac_handle *, struct clnt_str *, 7341120Sjdp const void *, size_t); 7441120Sjdpstatic int send_msg(struct tac_handle *); 7541120Sjdpstatic int split(char *, char *[], int, char *, size_t); 7641120Sjdpstatic void *xmalloc(struct tac_handle *, size_t); 7741120Sjdpstatic char *xstrdup(struct tac_handle *, const char *); 7841120Sjdp 7941120Sjdp/* 8041120Sjdp * Append some optional data to the current request, and store its 8141120Sjdp * length into the 8-bit field referenced by "fld". Returns 0 on 8241120Sjdp * success, or -1 on failure. 8341120Sjdp * 8441120Sjdp * This function also frees the "cs" string data and initializes it 8541120Sjdp * for the next time. 8641120Sjdp */ 8741120Sjdpstatic int 8841120Sjdpadd_str_8(struct tac_handle *h, u_int8_t *fld, struct clnt_str *cs) 8941120Sjdp{ 9041120Sjdp u_int16_t len; 9141120Sjdp 9241120Sjdp if (add_str_16(h, &len, cs) == -1) 9341120Sjdp return -1; 9441120Sjdp len = ntohs(len); 9541120Sjdp if (len > 0xff) { 9641120Sjdp generr(h, "Field too long"); 9741120Sjdp return -1; 9841120Sjdp } 9941120Sjdp *fld = len; 10041120Sjdp return 0; 10141120Sjdp} 10241120Sjdp 10341120Sjdp/* 10441120Sjdp * Append some optional data to the current request, and store its 10541120Sjdp * length into the 16-bit field (network byte order) referenced by 10641120Sjdp * "fld". Returns 0 on success, or -1 on failure. 10741120Sjdp * 10841120Sjdp * This function also frees the "cs" string data and initializes it 10941120Sjdp * for the next time. 11041120Sjdp */ 11141120Sjdpstatic int 11241120Sjdpadd_str_16(struct tac_handle *h, u_int16_t *fld, struct clnt_str *cs) 11341120Sjdp{ 11441120Sjdp size_t len; 11541120Sjdp 11641120Sjdp len = cs->len; 11741120Sjdp if (cs->data == NULL) 11841120Sjdp len = 0; 11941120Sjdp if (len != 0) { 12041120Sjdp int offset; 12141120Sjdp 12241120Sjdp if (len > 0xffff) { 12341120Sjdp generr(h, "Field too long"); 12441120Sjdp return -1; 12541120Sjdp } 12641120Sjdp offset = ntohl(h->request.length); 12741120Sjdp if (offset + len > BODYSIZE) { 12841120Sjdp generr(h, "Message too long"); 12941120Sjdp return -1; 13041120Sjdp } 13141120Sjdp memcpy(h->request.u.body + offset, cs->data, len); 13241120Sjdp h->request.length = htonl(offset + len); 13341120Sjdp } 13441120Sjdp *fld = htons(len); 13541120Sjdp free_str(cs); 13641120Sjdp return 0; 13741120Sjdp} 13841120Sjdp 13941120Sjdpstatic int 14041120Sjdpauthen_version(int action, int type) 14141120Sjdp{ 14241120Sjdp int minor; 14341120Sjdp 14441120Sjdp switch (action) { 14541120Sjdp 14641120Sjdp case TAC_AUTHEN_LOGIN: 14741120Sjdp switch (type) { 14841120Sjdp 14941120Sjdp case TAC_AUTHEN_TYPE_PAP: 15041120Sjdp case TAC_AUTHEN_TYPE_CHAP: 15141120Sjdp case TAC_AUTHEN_TYPE_MSCHAP: 15241120Sjdp case TAC_AUTHEN_TYPE_ARAP: 15341120Sjdp minor = 1; 15441120Sjdp break; 15541120Sjdp 15641120Sjdp default: 15741120Sjdp minor = 0; 15841120Sjdp break; 15941120Sjdp } 16041120Sjdp break; 16141120Sjdp 16241120Sjdp case TAC_AUTHEN_SENDAUTH: 16341120Sjdp minor = 1; 16441120Sjdp break; 16541120Sjdp 16641120Sjdp default: 16741120Sjdp minor = 0; 16841120Sjdp break; 16941120Sjdp }; 17041120Sjdp 17141120Sjdp return TAC_VER_MAJOR << 4 | minor; 17241120Sjdp} 17341120Sjdp 17441120Sjdpstatic void 17541120Sjdpclose_connection(struct tac_handle *h) 17641120Sjdp{ 17741120Sjdp if (h->fd != -1) { 17841120Sjdp close(h->fd); 17941120Sjdp h->fd = -1; 18041120Sjdp } 18141120Sjdp} 18241120Sjdp 18341120Sjdpstatic int 18441120Sjdpconn_server(struct tac_handle *h) 18541120Sjdp{ 18641120Sjdp const struct tac_server *srvp = &h->servers[h->cur_server]; 18741120Sjdp int flags; 18841120Sjdp 18941120Sjdp if ((h->fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { 19041120Sjdp generr(h, "Cannot create socket: %s", strerror(errno)); 19141120Sjdp return -1; 19241120Sjdp } 19341120Sjdp if ((flags = fcntl(h->fd, F_GETFL, 0)) == -1 || 19441120Sjdp fcntl(h->fd, F_SETFL, flags | O_NONBLOCK) == -1) { 19541120Sjdp generr(h, "Cannot set non-blocking mode on socket: %s", 19641120Sjdp strerror(errno)); 19741120Sjdp close(h->fd); 19841120Sjdp h->fd = -1; 19941120Sjdp return -1; 20041120Sjdp } 20141120Sjdp if (connect(h->fd, (struct sockaddr *)&srvp->addr, 20241120Sjdp sizeof srvp->addr) == 0) 20341120Sjdp return 0; 20441120Sjdp 20541120Sjdp if (errno == EINPROGRESS) { 20641120Sjdp fd_set wfds; 20741120Sjdp struct timeval tv; 20841120Sjdp int nfds; 20941120Sjdp struct sockaddr peer; 21041120Sjdp int peerlen; 21141120Sjdp int err; 21241120Sjdp int errlen; 21341120Sjdp 21441120Sjdp /* Wait for the connection to complete. */ 21541120Sjdp FD_ZERO(&wfds); 21641120Sjdp FD_SET(h->fd, &wfds); 21741120Sjdp tv.tv_sec = srvp->timeout; 21841120Sjdp tv.tv_usec = 0; 21941120Sjdp nfds = select(h->fd + 1, NULL, &wfds, NULL, &tv); 22041120Sjdp if (nfds == -1) { 22141120Sjdp generr(h, "select: %s", strerror(errno)); 22241120Sjdp close(h->fd); 22341120Sjdp h->fd = -1; 22441120Sjdp return -1; 22541120Sjdp } 22641120Sjdp if (nfds == 0) { 22741120Sjdp generr(h, "connect: timed out"); 22841120Sjdp close(h->fd); 22941120Sjdp h->fd = -1; 23041120Sjdp return -1; 23141120Sjdp } 23241120Sjdp 23341120Sjdp /* See whether we are connected now. */ 23441120Sjdp peerlen = sizeof peer; 23541120Sjdp if (getpeername(h->fd, &peer, &peerlen) == 0) 23641120Sjdp return 0; 23741120Sjdp 23841120Sjdp if (errno != ENOTCONN) { 23941120Sjdp generr(h, "getpeername: %s", strerror(errno)); 24041120Sjdp close(h->fd); 24141120Sjdp h->fd = -1; 24241120Sjdp return -1; 24341120Sjdp } 24441120Sjdp 24541120Sjdp /* Find out why the connect failed. */ 24641120Sjdp errlen = sizeof err; 24741120Sjdp getsockopt(h->fd, SOL_SOCKET, SO_ERROR, &err, &errlen); 24841120Sjdp errno = err; 24941120Sjdp } 25041120Sjdp generr(h, "connect: %s", strerror(errno)); 25141120Sjdp close(h->fd); 25241120Sjdp h->fd = -1; 25341120Sjdp return -1; 25441120Sjdp} 25541120Sjdp 25641120Sjdp/* 25741120Sjdp * Encrypt or decrypt a message. The operations are symmetrical. 25841120Sjdp */ 25941120Sjdpstatic void 26041120Sjdpcrypt_msg(struct tac_handle *h, struct tac_msg *msg) 26141120Sjdp{ 26241120Sjdp const char *secret; 26341120Sjdp MD5_CTX base_ctx; 26441120Sjdp MD5_CTX ctx; 26541120Sjdp unsigned char md5[16]; 26641120Sjdp int chunk; 26741120Sjdp int msg_len; 26841120Sjdp 26941120Sjdp secret = h->servers[h->cur_server].secret; 27041120Sjdp if (secret[0] == '\0') 27141120Sjdp msg->flags |= TAC_UNENCRYPTED; 27241120Sjdp if (msg->flags & TAC_UNENCRYPTED) 27341120Sjdp return; 27441120Sjdp 27541120Sjdp msg_len = ntohl(msg->length); 27641120Sjdp 27741120Sjdp MD5Init(&base_ctx); 27841120Sjdp MD5Update(&base_ctx, msg->session_id, sizeof msg->session_id); 27941120Sjdp MD5Update(&base_ctx, secret, strlen(secret)); 28041120Sjdp MD5Update(&base_ctx, &msg->version, sizeof msg->version); 28141120Sjdp MD5Update(&base_ctx, &msg->seq_no, sizeof msg->seq_no); 28241120Sjdp 28341120Sjdp ctx = base_ctx; 28441120Sjdp for (chunk = 0; chunk < msg_len; chunk += sizeof md5) { 28541120Sjdp int chunk_len; 28641120Sjdp int i; 28741120Sjdp 28841120Sjdp MD5Final(md5, &ctx); 28941120Sjdp 29041120Sjdp if ((chunk_len = msg_len - chunk) > sizeof md5) 29141120Sjdp chunk_len = sizeof md5; 29241120Sjdp for (i = 0; i < chunk_len; i++) 29341120Sjdp msg->u.body[chunk + i] ^= md5[i]; 29441120Sjdp 29541120Sjdp ctx = base_ctx; 29641120Sjdp MD5Update(&ctx, md5, sizeof md5); 29741120Sjdp } 29841120Sjdp} 29941120Sjdp 30041120Sjdp/* 30141120Sjdp * Return a dynamically allocated copy of the given server string. 30241120Sjdp * The copy is null-terminated. If "len" is non-NULL, the length of 30341120Sjdp * the string (excluding the terminating null byte) is stored via it. 30441120Sjdp * Returns NULL on failure. Empty strings are still allocated even 30541120Sjdp * though they have no content. 30641120Sjdp */ 30741120Sjdpstatic void * 30841120Sjdpdup_str(struct tac_handle *h, const struct srvr_str *ss, size_t *len) 30941120Sjdp{ 31041120Sjdp unsigned char *p; 31141120Sjdp 31241120Sjdp if ((p = (unsigned char *)xmalloc(h, ss->len + 1)) == NULL) 31341120Sjdp return NULL; 31441120Sjdp if (ss->data != NULL && ss->len != 0) 31541120Sjdp memcpy(p, ss->data, ss->len); 31641120Sjdp p[ss->len] = '\0'; 31741120Sjdp if (len != NULL) 31841120Sjdp *len = ss->len; 31941120Sjdp return p; 32041120Sjdp} 32141120Sjdp 32241120Sjdpstatic int 32341120Sjdpestablish_connection(struct tac_handle *h) 32441120Sjdp{ 32541120Sjdp int i; 32641120Sjdp 32741120Sjdp if (h->fd >= 0) /* Already connected. */ 32841120Sjdp return 0; 32941120Sjdp if (h->num_servers == 0) { 33041120Sjdp generr(h, "No TACACS+ servers specified"); 33141120Sjdp return -1; 33241120Sjdp } 33341120Sjdp /* 33441120Sjdp * Try the servers round-robin. We begin with the one that 33541120Sjdp * worked for us the last time. That way, once we find a good 33641120Sjdp * server, we won't waste any more time trying the bad ones. 33741120Sjdp */ 33841120Sjdp for (i = 0; i < h->num_servers; i++) { 33941120Sjdp if (conn_server(h) == 0) { 34041120Sjdp h->single_connect = (h->servers[h->cur_server].flags & 34141120Sjdp TAC_SRVR_SINGLE_CONNECT) != 0; 34241120Sjdp return 0; 34341120Sjdp } 34441120Sjdp if (++h->cur_server >= h->num_servers) /* Wrap around */ 34541120Sjdp h->cur_server = 0; 34641120Sjdp } 34741120Sjdp /* Just return whatever error was last reported by conn_server(). */ 34841120Sjdp return -1; 34941120Sjdp} 35041120Sjdp 35141120Sjdp/* 35241120Sjdp * Free a client string, obliterating its contents first for security. 35341120Sjdp */ 35441120Sjdpstatic void 35541120Sjdpfree_str(struct clnt_str *cs) 35641120Sjdp{ 35741120Sjdp if (cs->data != NULL) { 35841120Sjdp memset(cs->data, 0, cs->len); 35941120Sjdp free(cs->data); 36041120Sjdp cs->data = NULL; 36141120Sjdp cs->len = 0; 36241120Sjdp } 36341120Sjdp} 36441120Sjdp 36541120Sjdpstatic void 36641120Sjdpgenerr(struct tac_handle *h, const char *format, ...) 36741120Sjdp{ 36841120Sjdp va_list ap; 36941120Sjdp 37041120Sjdp va_start(ap, format); 37141120Sjdp vsnprintf(h->errmsg, ERRSIZE, format, ap); 37241120Sjdp va_end(ap); 37341120Sjdp} 37441120Sjdp 37541120Sjdpstatic void 37641120Sjdpgen_session_id(struct tac_msg *msg) 37741120Sjdp{ 37841120Sjdp int r; 37941120Sjdp 38041120Sjdp r = random(); 38141120Sjdp msg->session_id[0] = r >> 8; 38241120Sjdp msg->session_id[1] = r; 38341120Sjdp r = random(); 38441120Sjdp msg->session_id[2] = r >> 8; 38541120Sjdp msg->session_id[3] = r; 38641120Sjdp} 38741120Sjdp 38841120Sjdp/* 38941120Sjdp * Verify that we are exactly at the end of the response message. 39041120Sjdp * Returns 0 on success, -1 on failure. 39141120Sjdp */ 39241120Sjdpstatic int 39341120Sjdpget_srvr_end(struct tac_handle *h) 39441120Sjdp{ 39541120Sjdp if (h->srvr_pos != ntohl(h->response.length)) { 39641120Sjdp generr(h, "Invalid length field in response from server"); 39741120Sjdp return -1; 39841120Sjdp } 39941120Sjdp return 0; 40041120Sjdp} 40141120Sjdp 40241120Sjdpstatic int 40341120Sjdpget_srvr_str(struct tac_handle *h, struct srvr_str *ss, size_t len) 40441120Sjdp{ 40541120Sjdp if (h->srvr_pos + len > ntohl(h->response.length)) { 40641120Sjdp generr(h, "Invalid length field in response from server"); 40741120Sjdp return -1; 40841120Sjdp } 40941120Sjdp ss->data = len != 0 ? h->response.u.body + h->srvr_pos : NULL; 41041120Sjdp ss->len = len; 41141120Sjdp h->srvr_pos += len; 41241120Sjdp return 0; 41341120Sjdp} 41441120Sjdp 41541120Sjdpstatic void 41641120Sjdpinit_clnt_str(struct clnt_str *cs) 41741120Sjdp{ 41841120Sjdp cs->data = NULL; 41941120Sjdp cs->len = 0; 42041120Sjdp} 42141120Sjdp 42241120Sjdpstatic void 42341120Sjdpinit_srvr_str(struct srvr_str *ss) 42441120Sjdp{ 42541120Sjdp ss->data = NULL; 42641120Sjdp ss->len = 0; 42741120Sjdp} 42841120Sjdp 42941120Sjdpstatic int 43041120Sjdpread_timed(struct tac_handle *h, void *buf, size_t len, 43141120Sjdp const struct timeval *deadline) 43241120Sjdp{ 43341120Sjdp char *ptr; 43441120Sjdp 43541120Sjdp ptr = (char *)buf; 43641120Sjdp while (len > 0) { 43741120Sjdp int n; 43841120Sjdp 43941120Sjdp n = read(h->fd, ptr, len); 44041120Sjdp if (n == -1) { 44141120Sjdp struct timeval tv; 44241120Sjdp int nfds; 44341120Sjdp 44441120Sjdp if (errno != EAGAIN) { 44541120Sjdp generr(h, "Network read error: %s", 44641120Sjdp strerror(errno)); 44741120Sjdp return -1; 44841120Sjdp } 44941120Sjdp 45041120Sjdp /* Wait until we can read more data. */ 45141120Sjdp gettimeofday(&tv, NULL); 45241120Sjdp timersub(deadline, &tv, &tv); 45341120Sjdp if (tv.tv_sec >= 0) { 45441120Sjdp fd_set rfds; 45541120Sjdp 45641120Sjdp FD_ZERO(&rfds); 45741120Sjdp FD_SET(h->fd, &rfds); 45841120Sjdp nfds = 45941120Sjdp select(h->fd + 1, &rfds, NULL, NULL, &tv); 46041120Sjdp if (nfds == -1) { 46141120Sjdp generr(h, "select: %s", 46241120Sjdp strerror(errno)); 46341120Sjdp return -1; 46441120Sjdp } 46541120Sjdp } else 46641120Sjdp nfds = 0; 46741120Sjdp if (nfds == 0) { 46841120Sjdp generr(h, "Network read timed out"); 46941120Sjdp return -1; 47041120Sjdp } 47141120Sjdp } else if (n == 0) { 47241120Sjdp generr(h, "unexpected EOF from server"); 47341120Sjdp return -1; 47441120Sjdp } else { 47541120Sjdp ptr += n; 47641120Sjdp len -= n; 47741120Sjdp } 47841120Sjdp } 47941120Sjdp return 0; 48041120Sjdp} 48141120Sjdp 48241120Sjdp/* 48341120Sjdp * Receive a response from the server and decrypt it. Returns 0 on 48441120Sjdp * success, or -1 on failure. 48541120Sjdp */ 48641120Sjdpstatic int 48741120Sjdprecv_msg(struct tac_handle *h) 48841120Sjdp{ 48941120Sjdp struct timeval deadline; 49041120Sjdp struct tac_msg *msg; 49141120Sjdp size_t len; 49241120Sjdp 49341120Sjdp msg = &h->response; 49441120Sjdp gettimeofday(&deadline, NULL); 49541120Sjdp deadline.tv_sec += h->servers[h->cur_server].timeout; 49641120Sjdp 49741120Sjdp /* Read the message header and make sure it is reasonable. */ 49841120Sjdp if (read_timed(h, msg, HDRSIZE, &deadline) == -1) 49941120Sjdp return -1; 50041120Sjdp if (memcmp(msg->session_id, h->request.session_id, 50141120Sjdp sizeof msg->session_id) != 0) { 50241120Sjdp generr(h, "Invalid session ID in received message"); 50341120Sjdp return -1; 50441120Sjdp } 50541120Sjdp if (msg->type != h->request.type) { 50641120Sjdp generr(h, "Invalid type in received message"); 50741120Sjdp return -1; 50841120Sjdp } 50941120Sjdp len = ntohl(msg->length); 51041120Sjdp if (len > BODYSIZE) { 51141120Sjdp generr(h, "Received message too large"); 51241120Sjdp return -1; 51341120Sjdp } 51441120Sjdp if (msg->seq_no != ++h->last_seq_no) { 51541120Sjdp generr(h, "Invalid sequence number in received message"); 51641120Sjdp return -1; 51741120Sjdp } 51841120Sjdp 51941120Sjdp /* Read the message body. */ 52041120Sjdp if (read_timed(h, msg->u.body, len, &deadline) == -1) 52141120Sjdp return -1; 52241120Sjdp 52341120Sjdp /* Decrypt it. */ 52441120Sjdp crypt_msg(h, msg); 52541120Sjdp 52641120Sjdp /* 52741120Sjdp * Turn off single-connection mode if the server isn't amenable 52841120Sjdp * to it. 52941120Sjdp */ 53041120Sjdp if (!(msg->flags & TAC_SINGLE_CONNECT)) 53141120Sjdp h->single_connect = 0; 53241120Sjdp return 0; 53341120Sjdp} 53441120Sjdp 53541120Sjdpstatic int 53641120Sjdpsave_str(struct tac_handle *h, struct clnt_str *cs, const void *data, 53741120Sjdp size_t len) 53841120Sjdp{ 53941120Sjdp free_str(cs); 54041120Sjdp if (data != NULL && len != 0) { 54141120Sjdp if ((cs->data = xmalloc(h, len)) == NULL) 54241120Sjdp return -1; 54341120Sjdp cs->len = len; 54441120Sjdp memcpy(cs->data, data, len); 54541120Sjdp } 54641120Sjdp return 0; 54741120Sjdp} 54841120Sjdp 54941120Sjdp/* 55041120Sjdp * Send the current request, after encrypting it. Returns 0 on success, 55141120Sjdp * or -1 on failure. 55241120Sjdp */ 55341120Sjdpstatic int 55441120Sjdpsend_msg(struct tac_handle *h) 55541120Sjdp{ 55641120Sjdp struct timeval deadline; 55741120Sjdp struct tac_msg *msg; 55841120Sjdp char *ptr; 55941120Sjdp int len; 56041120Sjdp 56141120Sjdp if (h->last_seq_no & 1) { 56241120Sjdp generr(h, "Attempt to send message out of sequence"); 56341120Sjdp return -1; 56441120Sjdp } 56541120Sjdp 56641120Sjdp msg = &h->request; 56741120Sjdp msg->seq_no = ++h->last_seq_no; 56841120Sjdp if (msg->seq_no == 1) 56941120Sjdp gen_session_id(msg); 57041120Sjdp crypt_msg(h, msg); 57141120Sjdp 57241120Sjdp if (establish_connection(h) == -1) 57341120Sjdp return -1; 57441120Sjdp 57541120Sjdp if (h->single_connect) 57641120Sjdp msg->flags |= TAC_SINGLE_CONNECT; 57741120Sjdp else 57841120Sjdp msg->flags &= ~TAC_SINGLE_CONNECT; 57941120Sjdp gettimeofday(&deadline, NULL); 58041120Sjdp deadline.tv_sec += h->servers[h->cur_server].timeout; 58141120Sjdp len = HDRSIZE + ntohl(msg->length); 58241120Sjdp ptr = (char *)msg; 58341120Sjdp while (len > 0) { 58441120Sjdp int n; 58541120Sjdp 58641120Sjdp n = write(h->fd, ptr, len); 58741120Sjdp if (n == -1) { 58841120Sjdp struct timeval tv; 58941120Sjdp int nfds; 59041120Sjdp 59141120Sjdp if (errno != EAGAIN) { 59241120Sjdp generr(h, "Network write error: %s", 59341120Sjdp strerror(errno)); 59441120Sjdp return -1; 59541120Sjdp } 59641120Sjdp 59741120Sjdp /* Wait until we can write more data. */ 59841120Sjdp gettimeofday(&tv, NULL); 59941120Sjdp timersub(&deadline, &tv, &tv); 60041120Sjdp if (tv.tv_sec >= 0) { 60141120Sjdp fd_set wfds; 60241120Sjdp 60341120Sjdp FD_ZERO(&wfds); 60441120Sjdp FD_SET(h->fd, &wfds); 60541120Sjdp nfds = 60641120Sjdp select(h->fd + 1, NULL, &wfds, NULL, &tv); 60741120Sjdp if (nfds == -1) { 60841120Sjdp generr(h, "select: %s", 60941120Sjdp strerror(errno)); 61041120Sjdp return -1; 61141120Sjdp } 61241120Sjdp } else 61341120Sjdp nfds = 0; 61441120Sjdp if (nfds == 0) { 61541120Sjdp generr(h, "Network write timed out"); 61641120Sjdp return -1; 61741120Sjdp } 61841120Sjdp } else { 61941120Sjdp ptr += n; 62041120Sjdp len -= n; 62141120Sjdp } 62241120Sjdp } 62341120Sjdp return 0; 62441120Sjdp} 62541120Sjdp 62641120Sjdp/* 62741120Sjdp * Destructively split a string into fields separated by white space. 62841120Sjdp * `#' at the beginning of a field begins a comment that extends to the 62941120Sjdp * end of the string. Fields may be quoted with `"'. Inside quoted 63041120Sjdp * strings, the backslash escapes `\"' and `\\' are honored. 63141120Sjdp * 63241120Sjdp * Pointers to up to the first maxfields fields are stored in the fields 63341120Sjdp * array. Missing fields get NULL pointers. 63441120Sjdp * 63541120Sjdp * The return value is the actual number of fields parsed, and is always 63641120Sjdp * <= maxfields. 63741120Sjdp * 63841120Sjdp * On a syntax error, places a message in the msg string, and returns -1. 63941120Sjdp */ 64041120Sjdpstatic int 64141120Sjdpsplit(char *str, char *fields[], int maxfields, char *msg, size_t msglen) 64241120Sjdp{ 64341120Sjdp char *p; 64441120Sjdp int i; 64541120Sjdp static const char ws[] = " \t"; 64641120Sjdp 64741120Sjdp for (i = 0; i < maxfields; i++) 64841120Sjdp fields[i] = NULL; 64941120Sjdp p = str; 65041120Sjdp i = 0; 65141120Sjdp while (*p != '\0') { 65241120Sjdp p += strspn(p, ws); 65341120Sjdp if (*p == '#' || *p == '\0') 65441120Sjdp break; 65541120Sjdp if (i >= maxfields) { 65641120Sjdp snprintf(msg, msglen, "line has too many fields"); 65741120Sjdp return -1; 65841120Sjdp } 65941120Sjdp if (*p == '"') { 66041120Sjdp char *dst; 66141120Sjdp 66241120Sjdp dst = ++p; 66341120Sjdp fields[i] = dst; 66441120Sjdp while (*p != '"') { 66541120Sjdp if (*p == '\\') { 66641120Sjdp p++; 66741120Sjdp if (*p != '"' && *p != '\\' && 66841120Sjdp *p != '\0') { 66941120Sjdp snprintf(msg, msglen, 67041120Sjdp "invalid `\\' escape"); 67141120Sjdp return -1; 67241120Sjdp } 67341120Sjdp } 67441120Sjdp if (*p == '\0') { 67541120Sjdp snprintf(msg, msglen, 67641120Sjdp "unterminated quoted string"); 67741120Sjdp return -1; 67841120Sjdp } 67941120Sjdp *dst++ = *p++; 68041120Sjdp } 68141120Sjdp *dst = '\0'; 68241120Sjdp p++; 68341120Sjdp if (*p != '\0' && strspn(p, ws) == 0) { 68441120Sjdp snprintf(msg, msglen, "quoted string not" 68541120Sjdp " followed by white space"); 68641120Sjdp return -1; 68741120Sjdp } 68841120Sjdp } else { 68941120Sjdp fields[i] = p; 69041120Sjdp p += strcspn(p, ws); 69141120Sjdp if (*p != '\0') 69241120Sjdp *p++ = '\0'; 69341120Sjdp } 69441120Sjdp i++; 69541120Sjdp } 69641120Sjdp return i; 69741120Sjdp} 69841120Sjdp 69941120Sjdpint 70041120Sjdptac_add_server(struct tac_handle *h, const char *host, int port, 70141120Sjdp const char *secret, int timeout, int flags) 70241120Sjdp{ 70341120Sjdp struct tac_server *srvp; 70441120Sjdp 70541120Sjdp if (h->num_servers >= MAXSERVERS) { 70641120Sjdp generr(h, "Too many RADIUS servers specified"); 70741120Sjdp return -1; 70841120Sjdp } 70941120Sjdp srvp = &h->servers[h->num_servers]; 71041120Sjdp 71141120Sjdp memset(&srvp->addr, 0, sizeof srvp->addr); 71241120Sjdp srvp->addr.sin_len = sizeof srvp->addr; 71341120Sjdp srvp->addr.sin_family = AF_INET; 71441120Sjdp if (!inet_aton(host, &srvp->addr.sin_addr)) { 71541120Sjdp struct hostent *hent; 71641120Sjdp 71741120Sjdp if ((hent = gethostbyname(host)) == NULL) { 71841120Sjdp generr(h, "%s: host not found", host); 71941120Sjdp return -1; 72041120Sjdp } 72141120Sjdp memcpy(&srvp->addr.sin_addr, hent->h_addr, 72241120Sjdp sizeof srvp->addr.sin_addr); 72341120Sjdp } 72441120Sjdp srvp->addr.sin_port = htons(port != 0 ? port : TACPLUS_PORT); 72541120Sjdp if ((srvp->secret = xstrdup(h, secret)) == NULL) 72641120Sjdp return -1; 72741120Sjdp srvp->timeout = timeout; 72841120Sjdp srvp->flags = flags; 72941120Sjdp h->num_servers++; 73041120Sjdp return 0; 73141120Sjdp} 73241120Sjdp 73341120Sjdpvoid 73441120Sjdptac_close(struct tac_handle *h) 73541120Sjdp{ 73641120Sjdp int srv; 73741120Sjdp 73841120Sjdp if (h->fd != -1) 73941120Sjdp close(h->fd); 74041120Sjdp for (srv = 0; srv < h->num_servers; srv++) { 74141120Sjdp memset(h->servers[srv].secret, 0, 74241120Sjdp strlen(h->servers[srv].secret)); 74341120Sjdp free(h->servers[srv].secret); 74441120Sjdp } 74541120Sjdp free_str(&h->user); 74641120Sjdp free_str(&h->port); 74741120Sjdp free_str(&h->rem_addr); 74841120Sjdp free_str(&h->data); 74941120Sjdp free_str(&h->user_msg); 75041120Sjdp free(h); 75141120Sjdp} 75241120Sjdp 75341120Sjdpint 75441120Sjdptac_config(struct tac_handle *h, const char *path) 75541120Sjdp{ 75641120Sjdp FILE *fp; 75741120Sjdp char buf[MAXCONFLINE]; 75841120Sjdp int linenum; 75941120Sjdp int retval; 76041120Sjdp 76141120Sjdp if (path == NULL) 76241120Sjdp path = PATH_TACPLUS_CONF; 76341120Sjdp if ((fp = fopen(path, "r")) == NULL) { 76441120Sjdp generr(h, "Cannot open \"%s\": %s", path, strerror(errno)); 76541120Sjdp return -1; 76641120Sjdp } 76741120Sjdp retval = 0; 76841120Sjdp linenum = 0; 76941120Sjdp while (fgets(buf, sizeof buf, fp) != NULL) { 77041120Sjdp int len; 77141120Sjdp char *fields[4]; 77241120Sjdp int nfields; 77341120Sjdp char msg[ERRSIZE]; 77441120Sjdp char *host; 77541120Sjdp char *port_str; 77641120Sjdp char *secret; 77741120Sjdp char *timeout_str; 77841120Sjdp char *options_str; 77941120Sjdp char *end; 78041120Sjdp unsigned long timeout; 78141120Sjdp int port; 78241120Sjdp int options; 78341120Sjdp 78441120Sjdp linenum++; 78541120Sjdp len = strlen(buf); 78641120Sjdp /* We know len > 0, else fgets would have returned NULL. */ 78741120Sjdp if (buf[len - 1] != '\n') { 78841120Sjdp if (len == sizeof buf - 1) 78941120Sjdp generr(h, "%s:%d: line too long", path, 79041120Sjdp linenum); 79141120Sjdp else 79241120Sjdp generr(h, "%s:%d: missing newline", path, 79341120Sjdp linenum); 79441120Sjdp retval = -1; 79541120Sjdp break; 79641120Sjdp } 79741120Sjdp buf[len - 1] = '\0'; 79841120Sjdp 79941120Sjdp /* Extract the fields from the line. */ 80041120Sjdp nfields = split(buf, fields, 4, msg, sizeof msg); 80141120Sjdp if (nfields == -1) { 80241120Sjdp generr(h, "%s:%d: %s", path, linenum, msg); 80341120Sjdp retval = -1; 80441120Sjdp break; 80541120Sjdp } 80641120Sjdp if (nfields == 0) 80741120Sjdp continue; 80841120Sjdp if (nfields < 2) { 80941120Sjdp generr(h, "%s:%d: missing shared secret", path, 81041120Sjdp linenum); 81141120Sjdp retval = -1; 81241120Sjdp break; 81341120Sjdp } 81441120Sjdp host = fields[0]; 81541120Sjdp secret = fields[1]; 81641120Sjdp timeout_str = fields[2]; 81741120Sjdp options_str = fields[3]; 81841120Sjdp 81941120Sjdp /* Parse and validate the fields. */ 82041120Sjdp host = strtok(host, ":"); 82141120Sjdp port_str = strtok(NULL, ":"); 82241120Sjdp if (port_str != NULL) { 82341120Sjdp port = strtoul(port_str, &end, 10); 82441120Sjdp if (port_str[0] == '\0' || *end != '\0') { 82541120Sjdp generr(h, "%s:%d: invalid port", path, 82641120Sjdp linenum); 82741120Sjdp retval = -1; 82841120Sjdp break; 82941120Sjdp } 83041120Sjdp } else 83141120Sjdp port = 0; 83241120Sjdp if (timeout_str != NULL) { 83341120Sjdp timeout = strtoul(timeout_str, &end, 10); 83441120Sjdp if (timeout_str[0] == '\0' || *end != '\0') { 83541120Sjdp generr(h, "%s:%d: invalid timeout", path, 83641120Sjdp linenum); 83741120Sjdp retval = -1; 83841120Sjdp break; 83941120Sjdp } 84041120Sjdp } else 84141120Sjdp timeout = TIMEOUT; 84241120Sjdp options = 0; 84341120Sjdp if (options_str != NULL) { 84441120Sjdp if (strcmp(options_str, "single-connection") == 0) 84541120Sjdp options |= TAC_SRVR_SINGLE_CONNECT; 84641120Sjdp else { 84741120Sjdp generr(h, "%s:%d: invalid option \"%s\"", 84841120Sjdp path, linenum, options_str); 84941120Sjdp retval = -1; 85041120Sjdp break; 85141120Sjdp } 85241120Sjdp }; 85341120Sjdp 85441120Sjdp if (tac_add_server(h, host, port, secret, timeout, 85541120Sjdp options) == -1) { 85641120Sjdp char msg[ERRSIZE]; 85741120Sjdp 85841120Sjdp strcpy(msg, h->errmsg); 85941120Sjdp generr(h, "%s:%d: %s", path, linenum, msg); 86041120Sjdp retval = -1; 86141120Sjdp break; 86241120Sjdp } 86341120Sjdp } 86441120Sjdp /* Clear out the buffer to wipe a possible copy of a shared secret */ 86541120Sjdp memset(buf, 0, sizeof buf); 86641120Sjdp fclose(fp); 86741120Sjdp return retval; 86841120Sjdp} 86941120Sjdp 87041120Sjdpint 87141120Sjdptac_create_authen(struct tac_handle *h, int action, int type, int service) 87241120Sjdp{ 87341120Sjdp struct tac_msg *msg; 87441120Sjdp struct tac_authen_start *as; 87541120Sjdp 87641120Sjdp h->last_seq_no = 0; 87741120Sjdp 87841120Sjdp msg = &h->request; 87941120Sjdp msg->type = TAC_AUTHEN; 88041120Sjdp msg->version = authen_version(action, type); 88141120Sjdp msg->flags = 0; 88241120Sjdp 88341120Sjdp as = &msg->u.authen_start; 88441120Sjdp as->action = action; 88541120Sjdp as->priv_lvl = TAC_PRIV_LVL_USER; 88641120Sjdp as->authen_type = type; 88741120Sjdp as->service = service; 88841120Sjdp 88941120Sjdp free_str(&h->user); 89041120Sjdp free_str(&h->port); 89141120Sjdp free_str(&h->rem_addr); 89241120Sjdp free_str(&h->data); 89341120Sjdp free_str(&h->user_msg); 89441120Sjdp 89541120Sjdp /* XXX - more to do */ 89641120Sjdp return 0; 89741120Sjdp} 89841120Sjdp 89941120Sjdpvoid * 90041120Sjdptac_get_data(struct tac_handle *h, size_t *len) 90141120Sjdp{ 90241120Sjdp return dup_str(h, &h->srvr_data, len); 90341120Sjdp} 90441120Sjdp 90541120Sjdpchar * 90641120Sjdptac_get_msg(struct tac_handle *h) 90741120Sjdp{ 90841120Sjdp return (char *)dup_str(h, &h->srvr_msg, NULL); 90941120Sjdp} 91041120Sjdp 91141120Sjdp/* 91241120Sjdp * Create and initialize a tac_handle structure, and return it to the 91341120Sjdp * caller. Can fail only if the necessary memory cannot be allocated. 91441120Sjdp * In that case, it returns NULL. 91541120Sjdp */ 91641120Sjdpstruct tac_handle * 91741120Sjdptac_open(void) 91841120Sjdp{ 91941120Sjdp struct tac_handle *h; 92041120Sjdp 92141120Sjdp h = (struct tac_handle *)malloc(sizeof(struct tac_handle)); 92241120Sjdp if (h != NULL) { 92341120Sjdp h->fd = -1; 92441120Sjdp h->num_servers = 0; 92541120Sjdp h->cur_server = 0; 92641120Sjdp h->errmsg[0] = '\0'; 92741120Sjdp init_clnt_str(&h->user); 92841120Sjdp init_clnt_str(&h->port); 92941120Sjdp init_clnt_str(&h->rem_addr); 93041120Sjdp init_clnt_str(&h->data); 93141120Sjdp init_clnt_str(&h->user_msg); 93241120Sjdp init_srvr_str(&h->srvr_msg); 93341120Sjdp init_srvr_str(&h->srvr_data); 93441120Sjdp srandomdev(); 93541120Sjdp } 93641120Sjdp return h; 93741120Sjdp} 93841120Sjdp 93941120Sjdpint 94041120Sjdptac_send_authen(struct tac_handle *h) 94141120Sjdp{ 94241120Sjdp struct tac_authen_reply *ar; 94341120Sjdp 94441120Sjdp if (h->last_seq_no == 0) { /* Authentication START packet */ 94541120Sjdp struct tac_authen_start *as; 94641120Sjdp 94741120Sjdp as = &h->request.u.authen_start; 94841120Sjdp h->request.length = 94941120Sjdp htonl(offsetof(struct tac_authen_start, rest[0])); 95041120Sjdp if (add_str_8(h, &as->user_len, &h->user) == -1 || 95141120Sjdp add_str_8(h, &as->port_len, &h->port) == -1 || 95241120Sjdp add_str_8(h, &as->rem_addr_len, &h->rem_addr) == -1 || 95341120Sjdp add_str_8(h, &as->data_len, &h->data) == -1) 95441120Sjdp return -1; 95541120Sjdp } else { /* Authentication CONTINUE packet */ 95641120Sjdp struct tac_authen_cont *ac; 95741120Sjdp 95841120Sjdp ac = &h->request.u.authen_cont; 95941120Sjdp ac->flags = 0; 96041120Sjdp h->request.length = 96141120Sjdp htonl(offsetof(struct tac_authen_cont, rest[0])); 96241120Sjdp if (add_str_16(h, &ac->user_msg_len, &h->user_msg) == -1 || 96341120Sjdp add_str_16(h, &ac->data_len, &h->data) == -1) 96441120Sjdp return -1; 96541120Sjdp } 96641120Sjdp 96741120Sjdp /* Send the message and retrieve the reply. */ 96841120Sjdp if (send_msg(h) == -1 || recv_msg(h) == -1) 96941120Sjdp return -1; 97041120Sjdp 97141120Sjdp /* Scan the optional fields in the reply. */ 97241120Sjdp ar = &h->response.u.authen_reply; 97341120Sjdp h->srvr_pos = offsetof(struct tac_authen_reply, rest[0]); 97441120Sjdp if (get_srvr_str(h, &h->srvr_msg, ntohs(ar->msg_len)) == -1 || 97541120Sjdp get_srvr_str(h, &h->srvr_data, ntohs(ar->data_len)) == -1 || 97641120Sjdp get_srvr_end(h) == -1) 97741120Sjdp return -1; 97841120Sjdp 97941120Sjdp if (!h->single_connect && 98041120Sjdp ar->status != TAC_AUTHEN_STATUS_GETDATA && 98141120Sjdp ar->status != TAC_AUTHEN_STATUS_GETUSER && 98241120Sjdp ar->status != TAC_AUTHEN_STATUS_GETPASS) 98341120Sjdp close_connection(h); 98441120Sjdp 98541120Sjdp return ar->flags << 8 | ar->status; 98641120Sjdp} 98741120Sjdp 98841120Sjdpint 98941120Sjdptac_set_rem_addr(struct tac_handle *h, const char *addr) 99041120Sjdp{ 99141120Sjdp return save_str(h, &h->rem_addr, addr, addr != NULL ? strlen(addr) : 0); 99241120Sjdp} 99341120Sjdp 99441120Sjdpint 99541120Sjdptac_set_data(struct tac_handle *h, const void *data, size_t data_len) 99641120Sjdp{ 99741120Sjdp return save_str(h, &h->data, data, data_len); 99841120Sjdp} 99941120Sjdp 100041120Sjdpint 100141120Sjdptac_set_msg(struct tac_handle *h, const char *msg) 100241120Sjdp{ 100341120Sjdp return save_str(h, &h->user_msg, msg, msg != NULL ? strlen(msg) : 0); 100441120Sjdp} 100541120Sjdp 100641120Sjdpint 100741120Sjdptac_set_port(struct tac_handle *h, const char *port) 100841120Sjdp{ 100941120Sjdp return save_str(h, &h->port, port, port != NULL ? strlen(port) : 0); 101041120Sjdp} 101141120Sjdp 101241120Sjdpint 101341120Sjdptac_set_priv(struct tac_handle *h, int priv) 101441120Sjdp{ 101541120Sjdp if (!(TAC_PRIV_LVL_MIN <= priv && priv <= TAC_PRIV_LVL_MAX)) { 101641120Sjdp generr(h, "Attempt to set invalid privilege level"); 101741120Sjdp return -1; 101841120Sjdp } 101941120Sjdp h->request.u.authen_start.priv_lvl = priv; 102041120Sjdp return 0; 102141120Sjdp} 102241120Sjdp 102341120Sjdpint 102441120Sjdptac_set_user(struct tac_handle *h, const char *user) 102541120Sjdp{ 102641120Sjdp return save_str(h, &h->user, user, user != NULL ? strlen(user) : 0); 102741120Sjdp} 102841120Sjdp 102941120Sjdpconst char * 103041120Sjdptac_strerror(struct tac_handle *h) 103141120Sjdp{ 103241120Sjdp return h->errmsg; 103341120Sjdp} 103441120Sjdp 103541120Sjdpstatic void * 103641120Sjdpxmalloc(struct tac_handle *h, size_t size) 103741120Sjdp{ 103841120Sjdp void *r; 103941120Sjdp 104041120Sjdp if ((r = malloc(size)) == NULL) 104141120Sjdp generr(h, "Out of memory"); 104241120Sjdp return r; 104341120Sjdp} 104441120Sjdp 104541120Sjdpstatic char * 104641120Sjdpxstrdup(struct tac_handle *h, const char *s) 104741120Sjdp{ 104841120Sjdp char *r; 104941120Sjdp 105041120Sjdp if ((r = strdup(s)) == NULL) 105141120Sjdp generr(h, "Out of memory"); 105241120Sjdp return r; 105341120Sjdp} 1054