X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/33ceecfd2f8fc5f12942c9e6996173424cf5bcac..94366a69b0ea80c2e85aa89f7b7f30d7f335bd76:/print-radius.c diff --git a/print-radius.c b/print-radius.c index 8c33438f..e26ba567 100644 --- a/print-radius.c +++ b/print-radius.c @@ -104,7 +104,7 @@ #define PRINT_HEX(bytes_len, ptr_data) \ while(bytes_len) \ { \ - ND_PRINT("%02X", *ptr_data ); \ + ND_PRINT("%02X", GET_U_1(ptr_data)); \ ptr_data++; \ bytes_len--; \ } @@ -112,38 +112,38 @@ /* Radius packet codes */ /* https://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-27 */ -#define RADCMD_ACCESS_REQ 1 /* Access-Request */ -#define RADCMD_ACCESS_ACC 2 /* Access-Accept */ -#define RADCMD_ACCESS_REJ 3 /* Access-Reject */ -#define RADCMD_ACCOUN_REQ 4 /* Accounting-Request */ -#define RADCMD_ACCOUN_RES 5 /* Accounting-Response */ -#define RADCMD_ACCESS_CHA 11 /* Access-Challenge */ -#define RADCMD_STATUS_SER 12 /* Status-Server */ -#define RADCMD_STATUS_CLI 13 /* Status-Client */ -#define RADCMD_DISCON_REQ 40 /* Disconnect-Request */ -#define RADCMD_DISCON_ACK 41 /* Disconnect-ACK */ -#define RADCMD_DISCON_NAK 42 /* Disconnect-NAK */ -#define RADCMD_COA_REQ 43 /* CoA-Request */ -#define RADCMD_COA_ACK 44 /* CoA-ACK */ -#define RADCMD_COA_NAK 45 /* CoA-NAK */ -#define RADCMD_RESERVED 255 /* Reserved */ +#define RADCMD_ACCESS_REQ 1 /* Access-Request */ +#define RADCMD_ACCESS_ACC 2 /* Access-Accept */ +#define RADCMD_ACCESS_REJ 3 /* Access-Reject */ +#define RADCMD_ACCOUNT_REQ 4 /* Accounting-Request */ +#define RADCMD_ACCOUNT_RES 5 /* Accounting-Response */ +#define RADCMD_ACCESS_CHA 11 /* Access-Challenge */ +#define RADCMD_STATUS_SER 12 /* Status-Server */ +#define RADCMD_STATUS_CLI 13 /* Status-Client */ +#define RADCMD_DISCON_REQ 40 /* Disconnect-Request */ +#define RADCMD_DISCON_ACK 41 /* Disconnect-ACK */ +#define RADCMD_DISCON_NAK 42 /* Disconnect-NAK */ +#define RADCMD_COA_REQ 43 /* CoA-Request */ +#define RADCMD_COA_ACK 44 /* CoA-ACK */ +#define RADCMD_COA_NAK 45 /* CoA-NAK */ +#define RADCMD_RESERVED 255 /* Reserved */ static const struct tok radius_command_values[] = { - { RADCMD_ACCESS_REQ, "Access-Request" }, - { RADCMD_ACCESS_ACC, "Access-Accept" }, - { RADCMD_ACCESS_REJ, "Access-Reject" }, - { RADCMD_ACCOUN_REQ, "Accounting-Request" }, - { RADCMD_ACCOUN_RES, "Accounting-Response" }, - { RADCMD_ACCESS_CHA, "Access-Challenge" }, - { RADCMD_STATUS_SER, "Status-Server" }, - { RADCMD_STATUS_CLI, "Status-Client" }, - { RADCMD_DISCON_REQ, "Disconnect-Request" }, - { RADCMD_DISCON_ACK, "Disconnect-ACK" }, - { RADCMD_DISCON_NAK, "Disconnect-NAK" }, - { RADCMD_COA_REQ, "CoA-Request" }, - { RADCMD_COA_ACK, "CoA-ACK" }, - { RADCMD_COA_NAK, "CoA-NAK" }, - { RADCMD_RESERVED, "Reserved" }, + { RADCMD_ACCESS_REQ, "Access-Request" }, + { RADCMD_ACCESS_ACC, "Access-Accept" }, + { RADCMD_ACCESS_REJ, "Access-Reject" }, + { RADCMD_ACCOUNT_REQ, "Accounting-Request" }, + { RADCMD_ACCOUNT_RES, "Accounting-Response" }, + { RADCMD_ACCESS_CHA, "Access-Challenge" }, + { RADCMD_STATUS_SER, "Status-Server" }, + { RADCMD_STATUS_CLI, "Status-Client" }, + { RADCMD_DISCON_REQ, "Disconnect-Request" }, + { RADCMD_DISCON_ACK, "Disconnect-ACK" }, + { RADCMD_DISCON_NAK, "Disconnect-NAK" }, + { RADCMD_COA_REQ, "CoA-Request" }, + { RADCMD_COA_ACK, "CoA-ACK" }, + { RADCMD_COA_NAK, "CoA-NAK" }, + { RADCMD_RESERVED, "Reserved" }, { 0, NULL} }; @@ -214,7 +214,7 @@ static void print_attr_location_information(netdissect_options *, const u_char * static void print_attr_location_data(netdissect_options *, const u_char *, u_int, u_short); static void print_basic_location_policy_rules(netdissect_options *, const u_char *, u_int, u_short); static void print_attr_time(netdissect_options *, const u_char *, u_int, u_short); -static void print_attr_vector64(netdissect_options *, register const u_char *, u_int, u_short); +static void print_attr_vector64(netdissect_options *, const u_char *, u_int, u_short); static void print_attr_strange(netdissect_options *, const u_char *, u_int, u_short); @@ -773,8 +773,7 @@ print_attr_string(netdissect_options *ndo, ND_TCHECK_LEN(data, length); - switch(attr_code) - { + switch(attr_code) { case TUNNEL_PASS: if (length < 3) goto trunc; @@ -794,8 +793,7 @@ print_attr_string(netdissect_options *ndo, case TUNNEL_ASSIGN_ID: case TUNNEL_CLIENT_AUTH: case TUNNEL_SERVER_AUTH: - if (GET_U_1(data) <= 0x1F) - { + if (GET_U_1(data) <= 0x1F) { if (length < 1) goto trunc; if (GET_U_1(data)) @@ -845,7 +843,6 @@ print_vendor_attr(netdissect_options *ndo, if (length < 4) goto trunc; - ND_TCHECK_4(data); vendor_id = GET_BE_U_4(data); data+=4; length-=4; @@ -855,20 +852,16 @@ print_vendor_attr(netdissect_options *ndo, vendor_id); while (length >= 2) { - ND_TCHECK_2(data); - vendor_type = GET_U_1(data); vendor_length = GET_U_1(data + 1); - if (vendor_length < 2) - { + if (vendor_length < 2) { ND_PRINT("\n\t Vendor Attribute: %u, Length: %u (bogus, must be >= 2)", vendor_type, vendor_length); return; } - if (vendor_length > length) - { + if (vendor_length > length) { ND_PRINT("\n\t Vendor Attribute: %u, Length: %u (bogus, goes past end of vendor-specific attribute)", vendor_type, vendor_length); @@ -905,31 +898,25 @@ print_attr_num(netdissect_options *ndo, { uint32_t timeout; - if (length != 4) - { + if (length != 4) { ND_PRINT("ERROR: length %u != 4", length); return; } - ND_TCHECK_4(data); /* This attribute has standard values */ - if (attr_type[attr_code].siz_subtypes) - { + if (attr_type[attr_code].siz_subtypes) { static const char **table; uint32_t data_value; table = attr_type[attr_code].subtypes; - if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) ) - { + if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) ) { if (!GET_U_1(data)) ND_PRINT("Tag[Unused] "); else ND_PRINT("Tag[%u] ", GET_U_1(data)); data++; data_value = GET_BE_U_3(data); - } - else - { + } else { data_value = GET_BE_U_4(data); } if ( data_value <= (uint32_t)(attr_type[attr_code].siz_subtypes - 1 + @@ -938,9 +925,7 @@ print_attr_num(netdissect_options *ndo, ND_PRINT("%s", table[data_value]); else ND_PRINT("#%u", data_value); - } - else - { + } else { switch(attr_code) /* Be aware of special cases... */ { case FRM_IPX: @@ -958,8 +943,7 @@ print_attr_num(netdissect_options *ndo, timeout = GET_BE_U_4(data); if ( timeout < 60 ) ND_PRINT("%02d secs", timeout); - else - { + else { if ( timeout < 3600 ) ND_PRINT("%02d:%02d min", timeout / 60, timeout % 60); @@ -1008,11 +992,6 @@ print_attr_num(netdissect_options *ndo, } /* switch */ } /* if-else */ - - return; - - trunc: - nd_print_trunc(ndo); } /*****************************/ @@ -1026,16 +1005,12 @@ static void print_attr_address(netdissect_options *ndo, const u_char *data, u_int length, u_short attr_code) { - if (length != 4) - { + if (length != 4) { ND_PRINT("ERROR: length %u != 4", length); return; } - ND_TCHECK_4(data); - - switch(attr_code) - { + switch(attr_code) { case FRM_IPADDR: case LOG_IPHOST: if (GET_BE_U_4(data) == 0xFFFFFFFF ) @@ -1051,11 +1026,6 @@ print_attr_address(netdissect_options *ndo, ND_PRINT("%s", GET_IPADDR_STRING(data)); break; } - - return; - - trunc: - nd_print_trunc(ndo); } /*****************************/ @@ -1069,20 +1039,12 @@ static void print_attr_address6(netdissect_options *ndo, const u_char *data, u_int length, u_short attr_code _U_) { - if (length != 16) - { + if (length != 16) { ND_PRINT("ERROR: length %u != 16", length); return; } - ND_TCHECK_16(data); - ND_PRINT("%s", GET_IP6ADDR_STRING(data)); - - return; - - trunc: - nd_print_trunc(ndo); } static void @@ -1091,14 +1053,12 @@ print_attr_netmask6(netdissect_options *ndo, { u_char data2[16]; - if (length < 2 || length > 18) - { + if (length < 2 || length > 18) { ND_PRINT("ERROR: length %u not in range (2..18)", length); return; } ND_TCHECK_LEN(data, length); - if (GET_U_1(data + 1) > 128) - { + if (GET_U_1(data + 1) > 128) { ND_PRINT("ERROR: netmask %u not in range (0..128)", GET_U_1(data + 1)); return; } @@ -1107,7 +1067,7 @@ print_attr_netmask6(netdissect_options *ndo, if (length > 2) memcpy(data2, data+2, length-2); - ND_PRINT("%s/%u", ip6addr_string(ndo, data2), GET_U_1(data + 1)); + ND_PRINT("%s/%u", ip6addr_string(ndo, data2), GET_U_1(data + 1)); /* local buffer, not packet data; don't use GET_IP6ADDR_STRING() */ if (GET_U_1(data + 1) > 8 * (length - 2)) ND_PRINT(" (inconsistent prefix length)"); @@ -1122,14 +1082,12 @@ static void print_attr_mip6_home_link_prefix(netdissect_options *ndo, const u_char *data, u_int length, u_short attr_code _U_) { - if (length != 17) - { + if (length != 17) { ND_PRINT("ERROR: length %u != 17", length); return; } ND_TCHECK_LEN(data, length); - if (GET_U_1(data) > 128) - { + if (GET_U_1(data) > 128) { ND_PRINT("ERROR: netmask %u not in range (0..128)", GET_U_1(data)); return; } @@ -1149,8 +1107,7 @@ print_attr_operator_name(netdissect_options *ndo, u_int namespace_value; ND_TCHECK_LEN(data, length); - if (length < 2) - { + if (length < 2) { ND_PRINT("ERROR: length %u < 2", length); return; } @@ -1158,7 +1115,7 @@ print_attr_operator_name(netdissect_options *ndo, data++; ND_PRINT("[%s] ", tok2str(operator_name_vector, "unknown namespace %u", namespace_value)); - nd_printn(ndo, data, length - 1, NULL); + (void)nd_printn(ndo, data, length - 1, NULL); return; @@ -1174,8 +1131,7 @@ print_attr_location_information(netdissect_options *ndo, uint8_t code, entity; ND_TCHECK_LEN(data, length); - if (length < 21) - { + if (length < 21) { ND_PRINT("ERROR: length %u < 21", length); return; } @@ -1206,7 +1162,7 @@ print_attr_location_information(netdissect_options *ndo, data += 8; ND_PRINT("method \""); - nd_printn(ndo, data, length - 20, NULL); + (void)nd_printn(ndo, data, length - 20, NULL); ND_PRINT("\""); return; @@ -1222,8 +1178,7 @@ print_attr_location_data(netdissect_options *ndo, uint16_t index; ND_TCHECK_LEN(data, length); - if (length < 3) - { + if (length < 3) { ND_PRINT("ERROR: length %u < 3", length); return; } @@ -1254,8 +1209,7 @@ print_basic_location_policy_rules(netdissect_options *ndo, uint16_t flags; ND_TCHECK_LEN(data, length); - if (length < 10) - { + if (length < 10) { ND_PRINT("ERROR: length %u < 10", length); return; } @@ -1270,7 +1224,7 @@ print_basic_location_policy_rules(netdissect_options *ndo, if (length > 10) { ND_PRINT(", note well \""); - nd_printn(ndo, data, length - 10, NULL); + (void)nd_printn(ndo, data, length - 10, NULL); ND_PRINT("\""); } @@ -1296,34 +1250,26 @@ print_attr_time(netdissect_options *ndo, time_t attr_time; char string[26]; - if (length != 4) - { + if (length != 4) { ND_PRINT("ERROR: length %u != 4", length); return; } - ND_TCHECK_4(data); - attr_time = GET_BE_U_4(data); strlcpy(string, ctime(&attr_time), sizeof(string)); /* Get rid of the newline */ string[24] = '\0'; ND_PRINT("%.24s", string); - return; - - trunc: - nd_print_trunc(ndo); } static void print_attr_vector64(netdissect_options *ndo, - register const u_char *data, u_int length, u_short attr_code _U_) + const u_char *data, u_int length, u_short attr_code _U_) { uint64_t data_value, i; const char *sep = ""; - if (length != 8) - { + if (length != 8) { ND_PRINT("ERROR: length %u != 8", length); return; } @@ -1343,8 +1289,6 @@ print_attr_vector64(netdissect_options *ndo, } ND_PRINT("]"); - - return; } /***********************************/ @@ -1361,81 +1305,64 @@ print_attr_strange(netdissect_options *ndo, u_short len_data; u_int error_cause_value; - switch(attr_code) - { + switch(attr_code) { case ARAP_PASS: - if (length != 16) - { + if (length != 16) { ND_PRINT("ERROR: length %u != 16", length); return; } ND_PRINT("User_challenge ("); - ND_TCHECK_8(data); len_data = 8; PRINT_HEX(len_data, data); ND_PRINT(") User_resp("); - ND_TCHECK_8(data); len_data = 8; PRINT_HEX(len_data, data); ND_PRINT(")"); break; case ARAP_FEATURES: - if (length != 14) - { + if (length != 14) { ND_PRINT("ERROR: length %u != 14", length); return; } - ND_TCHECK_1(data); if (GET_U_1(data)) ND_PRINT("User can change password"); else ND_PRINT("User cannot change password"); data++; - ND_TCHECK_1(data); ND_PRINT(", Min password length: %u", GET_U_1(data)); data++; ND_PRINT(", created at: "); - ND_TCHECK_4(data); len_data = 4; PRINT_HEX(len_data, data); ND_PRINT(", expires in: "); - ND_TCHECK_4(data); len_data = 4; PRINT_HEX(len_data, data); ND_PRINT(", Current Time: "); - ND_TCHECK_4(data); len_data = 4; PRINT_HEX(len_data, data); break; case ARAP_CHALLENGE_RESP: - if (length < 8) - { + if (length < 8) { ND_PRINT("ERROR: length %u != 8", length); return; } - ND_TCHECK_8(data); len_data = 8; PRINT_HEX(len_data, data); break; case ERROR_CAUSE: - if (length != 4) - { + if (length != 4) { ND_PRINT("Error: length %u != 4", length); return; } - ND_TCHECK_4(data); error_cause_value = GET_BE_U_4(data); ND_PRINT("Error cause %u: %s", error_cause_value, tok2str(errorcausetype, "Error-Cause %u not known", error_cause_value)); break; } return; - - trunc: - nd_print_trunc(ndo); } static void @@ -1446,8 +1373,7 @@ radius_attrs_print(netdissect_options *ndo, const char *attr_string; uint8_t type, len; - while (length > 0) - { + while (length > 0) { if (length < 2) goto trunc; ND_TCHECK_SIZE(rad_attr); @@ -1463,22 +1389,18 @@ radius_attrs_print(netdissect_options *ndo, attr_string, type, len); - if (len < 2) - { + if (len < 2) { ND_PRINT(" (bogus, must be >= 2)"); return; } - if (len > length) - { + if (len > length) { ND_PRINT(" (bogus, goes past end of packet)"); return; } ND_PRINT(", Value: "); - if (type < TAM_SIZE(attr_type)) - { - if (len > 2) - { + if (type < TAM_SIZE(attr_type)) { + if (len > 2) { if ( attr_type[type].print_func ) (*attr_type[type].print_func)( ndo, ((const u_char *)(rad_attr+1)), @@ -1510,8 +1432,7 @@ radius_print(netdissect_options *ndo, rad = (const struct radius_hdr *)dat; len = GET_BE_U_2(rad->len); - if (len < MIN_RADIUS_LEN) - { + if (len < MIN_RADIUS_LEN) { nd_print_trunc(ndo); return; } @@ -1526,8 +1447,7 @@ radius_print(netdissect_options *ndo, GET_U_1(rad->id), len); return; - } - else { + } else { ND_PRINT("RADIUS, length: %u\n\t%s (%u), id: 0x%02x, Authenticator: ", len, tok2str(radius_command_values,"Unknown Command",GET_U_1(rad->code)),