Make struct radius_msg private to radius.c

This is internal data structure for RADIUS message handling and external code should not touch it directly.
2024-11-29 02:38:22 -05:00 · 2009-12-19 17:26:57 +02:00 · 2009-12-19 17:26:57 +02:00 · 1489e11a94
commit 1489e11a94
parent aa235d2ef7
7 changed files with 112 additions and 78 deletions
--- a/hostapd/accounting.c
+++ b/hostapd/accounting.c
@ -425,7 +425,7 @@ accounting_receive(struct radius_msg *msg, struct radius_msg *req,
 		   const u8 *shared_secret, size_t shared_secret_len,
 		   void *data)
 {
-	if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
+	if (radius_msg_get_hdr(msg)->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
 		printf("Unknown RADIUS message code\n");
 		return RADIUS_RX_UNKNOWN;
 	}
--- a/hostapd/ieee802_11_auth.c
+++ b/hostapd/ieee802_11_auth.c
@ -401,11 +401,12 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
 	struct hostapd_data *hapd = data;
 	struct hostapd_acl_query_data *query, *prev;
 	struct hostapd_cached_radius_acl *cache;
 	struct radius_hdr *hdr = radius_msg_get_hdr(msg);
 	query = hapd->acl_queries;
 	prev = NULL;
 	while (query) {
-		if (query->radius_id == msg->hdr->identifier)
+		if (query->radius_id == hdr->identifier)
 			break;
 		prev = query;
 		query = query->next;
@ -422,10 +423,10 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
 		return RADIUS_RX_INVALID_AUTHENTICATOR;
 	}
-	if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+	if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
-	    msg->hdr->code != RADIUS_CODE_ACCESS_REJECT) {
+	    hdr->code != RADIUS_CODE_ACCESS_REJECT) {
 		wpa_printf(MSG_DEBUG, "Unknown RADIUS message code %d to ACL "
-			   "query", msg->hdr->code);
+			   "query", hdr->code);
 		return RADIUS_RX_UNKNOWN;
 	}
@ -437,7 +438,7 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
 	}
 	time(&cache->timestamp);
 	os_memcpy(cache->addr, query->addr, sizeof(cache->addr));
-	if (msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
+	if (hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
 		if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT,
 					      &cache->session_timeout) == 0)
 			cache->accepted = HOSTAPD_ACL_ACCEPT_TIMEOUT;
--- a/hostapd/ieee802_1x.c
+++ b/hostapd/ieee802_1x.c
@ -543,7 +543,8 @@ static void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
 	/* State attribute must be copied if and only if this packet is
 	 * Access-Request reply to the previous Access-Challenge */
-	if (sm->last_recv_radius && sm->last_recv_radius->hdr->code ==
+	if (sm->last_recv_radius &&
 	    radius_msg_get_hdr(sm->last_recv_radius)->code ==
 	    RADIUS_CODE_ACCESS_CHALLENGE) {
 		int res = radius_msg_copy_attr(msg, sm->last_recv_radius,
 					       RADIUS_ATTR_STATE);
@ -1201,8 +1202,9 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 	int session_timeout_set, old_vlanid = 0;
 	struct eapol_state_machine *sm;
 	int override_eapReq = 0;
 	struct radius_hdr *hdr = radius_msg_get_hdr(msg);
-	sm = ieee802_1x_search_radius_identifier(hapd, msg->hdr->identifier);
+	sm = ieee802_1x_search_radius_identifier(hapd, hdr->identifier);
 	if (sm == NULL) {
 		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Could not find matching "
 			   "station for this RADIUS message");
@ -1212,7 +1214,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 	/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
 	 * present when packet contains an EAP-Message attribute */
-	if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT &&
+	if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
 	    radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
 				0) < 0 &&
 	    radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
@ -1226,9 +1228,9 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 		return RADIUS_RX_INVALID_AUTHENTICATOR;
 	}
-	if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+	if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
-	    msg->hdr->code != RADIUS_CODE_ACCESS_REJECT &&
+	    hdr->code != RADIUS_CODE_ACCESS_REJECT &&
-	    msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
+	    hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
 		printf("Unknown RADIUS message code\n");
 		return RADIUS_RX_UNKNOWN;
 	}
@ -1248,7 +1250,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 		termination_action = RADIUS_TERMINATION_ACTION_DEFAULT;
 	if (hapd->conf->acct_interim_interval == 0 &&
-	    msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
+	    hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
 	    radius_msg_get_attr_int32(msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
 				      &acct_interim_interval) == 0) {
 		if (acct_interim_interval < 60) {
@ -1263,7 +1265,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 	}
-	switch (msg->hdr->code) {
+	switch (hdr->code) {
 	case RADIUS_CODE_ACCESS_ACCEPT:
 		if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
 			sta->vlan_id = 0;
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@ -21,6 +21,52 @@
 #include "radius.h"
 /**
 * struct radius_msg - RADIUS message structure for new and parsed messages
 */
 struct radius_msg {
 	/**
 	 * buf - Allocated buffer for RADIUS message
 	 */
 	struct wpabuf *buf;
 	/**
 	 * hdr - Pointer to the RADIUS header in buf
 	 */
 	struct radius_hdr *hdr;
 	/**
 	 * attr_pos - Array of indexes to attributes
 	 *
 	 * The values are number of bytes from buf to the beginning of
 	 * struct radius_attr_hdr.
 	 */
 	size_t *attr_pos;
 	/**
 	 * attr_size - Total size of the attribute pointer array
 	 */
 	size_t attr_size;
 	/**
 	 * attr_used - Total number of attributes in the array
 	 */
 	size_t attr_used;
 };
 struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg)
 {
 	return msg->hdr;
 }
 struct wpabuf * radius_msg_get_buf(struct radius_msg *msg)
 {
 	return msg->buf;
 }
 static struct radius_attr_hdr *
 radius_get_attr_hdr(struct radius_msg *msg, int idx)
 {
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@ -173,39 +173,7 @@ struct radius_ms_mppe_keys {
 };
-/**
+struct radius_msg;
 * struct radius_msg - RADIUS message structure for new and parsed messages
 */
 struct radius_msg {
 	/**
 	 * buf - Allocated buffer for RADIUS message
 	 */
 	struct wpabuf *buf;
 	/**
 	 * hdr - Pointer to the RADIUS header in buf
 	 */
 	struct radius_hdr *hdr;
 	/**
 	 * attr_pos - Array of indexes to attributes
 	 *
 	 * The values are number of bytes from buf to the beginning of
 	 * struct radius_attr_hdr.
 	 */
 	size_t *attr_pos;
 	/**
 	 * attr_size - Total size of the attribute pointer array
 	 */
 	size_t attr_size;
 	/**
 	 * attr_used - Total number of attributes in the array
 	 */
 	size_t attr_used;
 };
 /* Default size to be allocated for new RADIUS messages */
 #define RADIUS_DEFAULT_MSG_SIZE 1024
@ -220,6 +188,8 @@ struct radius_msg {
 /* MAC address ASCII format for non-802.1X use */
 #define RADIUS_ADDR_FORMAT "%02x%02x%02x%02x%02x%02x"
 struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg);
 struct wpabuf * radius_msg_get_buf(struct radius_msg *msg);
 struct radius_msg * radius_msg_new(u8 code, u8 identifier);
 void radius_msg_free(struct radius_msg *msg);
 void radius_msg_dump(struct radius_msg *msg);
--- a/src/radius/radius_client.c
+++ b/src/radius/radius_client.c
@ -330,6 +330,7 @@ static int radius_client_retransmit(struct radius_client_data *radius,
 {
 	struct hostapd_radius_servers *conf = radius->conf;
 	int s;
 	struct wpabuf *buf;
 	if (entry->msg_type == RADIUS_ACCT ||
 	    entry->msg_type == RADIUS_ACCT_INTERIM) {
@ -354,11 +355,11 @@ static int radius_client_retransmit(struct radius_client_data *radius,
 	entry->attempts++;
 	hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS,
 		       HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)",
-		       entry->msg->hdr->identifier);
+		       radius_msg_get_hdr(entry->msg)->identifier);
 	os_get_time(&entry->last_attempt);
-	if (send(s, wpabuf_head(entry->msg->buf), wpabuf_len(entry->msg->buf),
+	buf = radius_msg_get_buf(entry->msg);
-		 0) < 0)
+	if (send(s, wpabuf_head(buf), wpabuf_len(buf), 0) < 0)
 		radius_client_handle_send_error(radius, s, entry->msg_type);
 	entry->next_try = now + entry->next_wait;
@ -632,6 +633,7 @@ int radius_client_send(struct radius_client_data *radius,
 	size_t shared_secret_len;
 	char *name;
 	int s, res;
 	struct wpabuf *buf;
 	if (msg_type == RADIUS_ACCT_INTERIM) {
 		/* Remove any pending interim acct update for the same STA. */
@ -674,7 +676,8 @@ int radius_client_send(struct radius_client_data *radius,
 	if (conf->msg_dumps)
 		radius_msg_dump(msg);
-	res = send(s, wpabuf_head(msg->buf), wpabuf_len(msg->buf), 0);
+	buf = radius_msg_get_buf(msg);
 	res = send(s, wpabuf_head(buf), wpabuf_len(buf), 0);
 	if (res < 0)
 		radius_client_handle_send_error(radius, s, msg_type);
@ -693,6 +696,7 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
 	int len, roundtrip;
 	unsigned char buf[3000];
 	struct radius_msg *msg;
 	struct radius_hdr *hdr;
 	struct radius_rx_handler *handlers;
 	size_t num_handlers, i;
 	struct radius_msg_list *req, *prev_req;
@ -730,13 +734,14 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
 		rconf->malformed_responses++;
 		return;
 	}
 	hdr = radius_msg_get_hdr(msg);
 	hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
 		       HOSTAPD_LEVEL_DEBUG, "Received RADIUS message");
 	if (conf->msg_dumps)
 		radius_msg_dump(msg);
-	switch (msg->hdr->code) {
+	switch (hdr->code) {
 	case RADIUS_CODE_ACCESS_ACCEPT:
 		rconf->access_accepts++;
 		break;
@ -759,7 +764,8 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
 		if ((req->msg_type == msg_type ||
 		     (req->msg_type == RADIUS_ACCT_INTERIM &&
 		      msg_type == RADIUS_ACCT)) &&
-		    req->msg->hdr->identifier == msg->hdr->identifier)
+		    radius_msg_get_hdr(req->msg)->identifier ==
 		    hdr->identifier)
 			break;
 		prev_req = req;
@ -771,7 +777,7 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
 			       HOSTAPD_LEVEL_DEBUG,
 			       "No matching RADIUS request found (type=%d "
 			       "id=%d) - dropping packet",
-			       msg_type, msg->hdr->identifier);
+			       msg_type, hdr->identifier);
 		goto fail;
 	}
@ -820,7 +826,7 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
 	hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS,
 		       HOSTAPD_LEVEL_DEBUG, "No RADIUS RX handler found "
 		       "(type=%d code=%d id=%d)%s - dropping packet",
-		       msg_type, msg->hdr->code, msg->hdr->identifier,
+		       msg_type, hdr->code, hdr->identifier,
 		       invalid_authenticator ? " [INVALID AUTHENTICATOR]" :
 		       "");
 	radius_client_msg_free(req);
@ -848,7 +854,7 @@ u8 radius_client_get_id(struct radius_client_data *radius)
 	entry = radius->msgs;
 	prev = NULL;
 	while (entry) {
-		if (entry->msg->hdr->identifier == id) {
+		if (radius_msg_get_hdr(entry->msg)->identifier == id) {
 			hostapd_logger(radius->ctx, entry->addr,
 				       HOSTAPD_MODULE_RADIUS,
 				       HOSTAPD_LEVEL_DEBUG,
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@ -527,6 +527,7 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
 	struct radius_msg *msg;
 	int code;
 	unsigned int sess_id;
 	struct radius_hdr *hdr = radius_msg_get_hdr(request);
 	if (sess->eap_if->eapFail) {
 		sess->eap_if->eapFail = FALSE;
@ -539,7 +540,7 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
 		code = RADIUS_CODE_ACCESS_CHALLENGE;
 	}
-	msg = radius_msg_new(code, request->hdr->identifier);
+	msg = radius_msg_new(code, hdr->identifier);
 	if (msg == NULL) {
 		RADIUS_DEBUG("Failed to allocate reply message");
 		return NULL;
@ -565,7 +566,7 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
 		} else {
 			len = sess->eap_if->eapKeyDataLen / 2;
 		}
-		if (!radius_msg_add_mppe_keys(msg, request->hdr->authenticator,
+		if (!radius_msg_add_mppe_keys(msg, hdr->authenticator,
 					      (u8 *) client->shared_secret,
 					      client->shared_secret_len,
 					      sess->eap_if->eapKeyData + len,
@ -583,7 +584,7 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
 	if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
 				  client->shared_secret_len,
-				  request->hdr->authenticator) < 0) {
+				  hdr->authenticator) < 0) {
 		RADIUS_DEBUG("Failed to add Message-Authenticator attribute");
 	}
@ -600,12 +601,13 @@ static int radius_server_reject(struct radius_server_data *data,
 	struct radius_msg *msg;
 	int ret = 0;
 	struct eap_hdr eapfail;
 	struct wpabuf *buf;
 	struct radius_hdr *hdr = radius_msg_get_hdr(request);
 	RADIUS_DEBUG("Reject invalid request from %s:%d",
 		     from_addr, from_port);
-	msg = radius_msg_new(RADIUS_CODE_ACCESS_REJECT,
+	msg = radius_msg_new(RADIUS_CODE_ACCESS_REJECT, hdr->identifier);
 			     request->hdr->identifier);
 	if (msg == NULL) {
 		return -1;
 	}
@ -627,7 +629,8 @@ static int radius_server_reject(struct radius_server_data *data,
 	if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
 				  client->shared_secret_len,
-				  request->hdr->authenticator) < 0) {
+				  hdr->authenticator) <
 	    0) {
 		RADIUS_DEBUG("Failed to add Message-Authenticator attribute");
 	}
@ -637,8 +640,8 @@ static int radius_server_reject(struct radius_server_data *data,
 	data->counters.access_rejects++;
 	client->counters.access_rejects++;
-	if (sendto(data->auth_sock, wpabuf_head(msg->buf),
+	buf = radius_msg_get_buf(msg);
-		   wpabuf_len(msg->buf), 0,
+	if (sendto(data->auth_sock, wpabuf_head(buf), wpabuf_len(buf), 0,
 		   (struct sockaddr *) from, sizeof(*from)) < 0) {
 		perror("sendto[RADIUS SRV]");
 		ret = -1;
@ -698,17 +701,18 @@ static int radius_server_request(struct radius_server_data *data,
 	}
 	if (sess->last_from_port == from_port &&
-	    sess->last_identifier == msg->hdr->identifier &&
+	    sess->last_identifier == radius_msg_get_hdr(msg)->identifier &&
-	    os_memcmp(sess->last_authenticator, msg->hdr->authenticator, 16) ==
+	    os_memcmp(sess->last_authenticator,
-	    0) {
+		      radius_msg_get_hdr(msg)->authenticator, 16) == 0) {
 		RADIUS_DEBUG("Duplicate message from %s", from_addr);
 		data->counters.dup_access_requests++;
 		client->counters.dup_access_requests++;
 		if (sess->last_reply) {
-			res = sendto(data->auth_sock,
+			struct wpabuf *buf;
-				     wpabuf_head(sess->last_reply->buf),
+			buf = radius_msg_get_buf(sess->last_reply);
-				     wpabuf_len(sess->last_reply->buf), 0,
+			res = sendto(data->auth_sock, wpabuf_head(buf),
 				     wpabuf_len(buf), 0,
 				     (struct sockaddr *) from, fromlen);
 			if (res < 0) {
 				perror("sendto[RADIUS SRV]");
@ -779,12 +783,15 @@ static int radius_server_request(struct radius_server_data *data,
 	reply = radius_server_encapsulate_eap(data, client, sess, msg);
 	if (reply) {
 		struct wpabuf *buf;
 		struct radius_hdr *hdr;
 		RADIUS_DEBUG("Reply to %s:%d", from_addr, from_port);
 		if (wpa_debug_level <= MSG_MSGDUMP) {
 			radius_msg_dump(reply);
 		}
-		switch (reply->hdr->code) {
+		switch (radius_msg_get_hdr(reply)->code) {
 		case RADIUS_CODE_ACCESS_ACCEPT:
 			data->counters.access_accepts++;
 			client->counters.access_accepts++;
@ -798,8 +805,9 @@ static int radius_server_request(struct radius_server_data *data,
 			client->counters.access_challenges++;
 			break;
 		}
-		res = sendto(data->auth_sock, wpabuf_head(reply->buf),
+		buf = radius_msg_get_buf(reply);
-			     wpabuf_len(reply->buf), 0,
+		res = sendto(data->auth_sock, wpabuf_head(buf),
 			     wpabuf_len(buf), 0,
 			     (struct sockaddr *) from, fromlen);
 		if (res < 0) {
 			perror("sendto[RADIUS SRV]");
@ -807,9 +815,9 @@ static int radius_server_request(struct radius_server_data *data,
 		radius_msg_free(sess->last_reply);
 		sess->last_reply = reply;
 		sess->last_from_port = from_port;
-		sess->last_identifier = msg->hdr->identifier;
+		hdr = radius_msg_get_hdr(msg);
-		os_memcpy(sess->last_authenticator, msg->hdr->authenticator,
+		sess->last_identifier = hdr->identifier;
-			  16);
+		os_memcpy(sess->last_authenticator, hdr->authenticator, 16);
 	} else {
 		data->counters.packets_dropped++;
 		client->counters.packets_dropped++;
@ -908,8 +916,9 @@ static void radius_server_receive_auth(int sock, void *eloop_ctx,
 		radius_msg_dump(msg);
 	}
-	if (msg->hdr->code != RADIUS_CODE_ACCESS_REQUEST) {
+	if (radius_msg_get_hdr(msg)->code != RADIUS_CODE_ACCESS_REQUEST) {
-		RADIUS_DEBUG("Unexpected RADIUS code %d", msg->hdr->code);
+		RADIUS_DEBUG("Unexpected RADIUS code %d",
 			     radius_msg_get_hdr(msg)->code);
 		data->counters.unknown_types++;
 		client->counters.unknown_types++;
 		goto fail;