Commit 59e93add authored by Linus Nordberg's avatar Linus Nordberg

Move F-Ticks logging to fticks.c.

parent 6d0efe60
......@@ -7,6 +7,15 @@
#include <nettle/sha.h>
#include <nettle/hmac.h>
#include <regex.h>
#include <pthread.h>
#include <sys/time.h>
#include "list.h"
#include "radsecproxy.h"
#include "debug.h"
#include "fticks.h"
static void
format_hash(const uint8_t *hash, size_t out_len, uint8_t *out)
{
......@@ -62,6 +71,84 @@ fticks_hashmac(const uint8_t *in,
hash(in, key, out_len, out);
}
void
fticks_log(const struct options *options,
const struct client *client,
const struct radmsg *msg,
const struct rqout *rqout)
{
unsigned char *username = NULL;
unsigned char *realm = NULL;
uint8_t visinst[8+40+1+1]; /* Room for 40 octets of VISINST. */
uint8_t *macin = NULL;
uint8_t macout[2*32+1]; /* Room for ASCII representation of SHA256. */
username = radattr2ascii(radmsg_gettype(rqout->rq->msg,
RAD_Attr_User_Name));
if (username != NULL) {
realm = (unsigned char *) strrchr((char *) username, '@');
if (realm != NULL)
realm++;
else
realm = (unsigned char *) "";
}
memset(visinst, 0, sizeof(visinst));
if (options->fticks_reporting == RSP_FTICKS_REPORTING_FULL)
snprintf((char *) visinst, sizeof(visinst), "VISINST=%s#",
client->conf->name);
#define BOGUS_MAC "00:00:00:00:00:00" /* FIXME: Is there a standard
* for bogus MAC addresses? */
memset(macout, 0, sizeof(macout));
strncpy((char *) macout, BOGUS_MAC, sizeof(macout) - 1);
if (options->fticks_mac != RSP_FTICKS_MAC_STATIC) {
macin = radattr2ascii(radmsg_gettype(rqout->rq->msg,
RAD_Attr_Calling_Station_Id));
}
#if RS_TESTING || 1
if (macin == NULL)
macin = (uint8_t *) strdup(BOGUS_MAC);
#endif /* RS_TESTING */
switch (options->fticks_mac)
{
case RSP_FTICKS_MAC_STATIC:
memcpy(macout, BOGUS_MAC, sizeof(BOGUS_MAC));
break;
case RSP_FTICKS_MAC_ORIGINAL:
memcpy(macout, macin, sizeof(macout));
break;
case RSP_FTICKS_MAC_VENDOR_HASHED:
fticks_hashmac(macin + 3, NULL, sizeof(macout), macout);
break;
case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
fticks_hashmac(macin + 3, options->fticks_key, sizeof(macout),
macout);
break;
case RSP_FTICKS_MAC_FULLY_HASHED:
fticks_hashmac(macin, NULL, sizeof(macout), macout);
break;
case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
fticks_hashmac(macin, options->fticks_key, sizeof(macout), macout);
break;
default:
debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
options->fticks_mac);
}
debug(0xff,
"F-TICKS/eduroam/1.0#REALM=%s#VISCOUNTRY=%s#%sCSI=%s#RESULT=%s#",
realm,
client->conf->fticks_viscountry,
visinst,
macout,
msg->code == RAD_Access_Accept ? "OK" : "FAIL");
if (macin != NULL)
free(macin);
if (username != NULL)
free(username);
}
/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */
/* Copyright (C) 2011 NORDUnet A/S
* See LICENSE for information about licensing.
*/
int fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out);
void fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out);
void fticks_log(const struct options *options,
const struct client *client,
const struct radmsg *msg,
const struct rqout *rqout);
......@@ -1692,79 +1692,8 @@ void replyh(struct server *server, unsigned char *buf) {
debug(msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Accounting_Response ? DBG_WARN : DBG_INFO,
"replyh: passing %s to client %s (%s)", radmsgtype2string(msg->code), from->conf->name, addr2string(from->addr));
if (options.fticks_reporting && from->conf->fticks_viscountry != NULL) {
unsigned char *username = NULL;
unsigned char *realm = NULL;
uint8_t visinst[8+40+1+1]; /* Room for 40 octets of VISINST. */
uint8_t *macin = NULL;
uint8_t macout[2*32+1]; /* Room for ASCII representation of SHA256. */
username = radattr2ascii(radmsg_gettype(rqout->rq->msg,
RAD_Attr_User_Name));
if (username != NULL) {
realm = (unsigned char *) strrchr((char *) username, '@');
if (realm != NULL)
realm++;
else
realm = (unsigned char *) "";
}
memset(visinst, 0, sizeof(visinst));
if (options.fticks_reporting == RSP_FTICKS_REPORTING_FULL)
snprintf((char *) visinst, sizeof(visinst), "VISINST=%s#",
from->conf->name);
#define BOGUS_MAC "00:00:00:00:00:00" /* FIXME: Is there a standard
* for bogus MAC addresses? */
memset(macout, 0, sizeof(macout));
strncpy((char *) macout, BOGUS_MAC, sizeof(macout) - 1);
if (options.fticks_mac != RSP_FTICKS_MAC_STATIC) {
macin = radattr2ascii(radmsg_gettype(rqout->rq->msg,
RAD_Attr_Calling_Station_Id));
}
#if RS_TESTING || 1
if (macin == NULL)
macin = (uint8_t *) strdup(BOGUS_MAC);
#endif /* RS_TESTING */
switch (options.fticks_mac)
{
case RSP_FTICKS_MAC_STATIC:
memcpy(macout, BOGUS_MAC, sizeof(BOGUS_MAC));
break;
case RSP_FTICKS_MAC_ORIGINAL:
memcpy(macout, macin, sizeof(macout));
break;
case RSP_FTICKS_MAC_VENDOR_HASHED:
fticks_hashmac(macin + 3, NULL, sizeof(macout), macout);
break;
case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
fticks_hashmac(macin + 3, options.fticks_key, sizeof(macout),
macout);
break;
case RSP_FTICKS_MAC_FULLY_HASHED:
fticks_hashmac(macin, NULL, sizeof(macout), macout);
break;
case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
fticks_hashmac(macin, options.fticks_key, sizeof(macout), macout);
break;
default:
debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
options.fticks_mac);
}
debug(0xff,
"F-TICKS/eduroam/1.0#REALM=%s#VISCOUNTRY=%s#%sCSI=%s#RESULT=%s#",
realm,
from->conf->fticks_viscountry,
visinst,
macout,
msg->code == RAD_Access_Accept ? "OK" : "FAIL");
if (macin != NULL)
free(macin);
if (username != NULL)
free(username);
}
if (options.fticks_reporting && from->conf->fticks_viscountry != NULL)
fticks_log(&options, from, msg, rqout);
radmsg_free(rqout->rq->msg);
rqout->rq->msg = msg;
......
......@@ -230,6 +230,7 @@ void freerq(struct request *rq);
int radsrv(struct request *rq);
void replyh(struct server *server, unsigned char *buf);
struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
uint8_t *radattr2ascii(struct tlv *attr);
/* Local Variables: */
/* c-file-style: "stroustrup" */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment