#include <regex.h>
#include <libgen.h>
#include <pthread.h>
+#include <errno.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/err.h>
goto errexit;
}
if (pthread_mutex_init(conf->servers->requests[i].lock, NULL)) {
- debug(DBG_ERR, "mutex init failed");
+ debugerrno(errno, DBG_ERR, "mutex init failed");
free(conf->servers->requests[i].lock);
conf->servers->requests[i].lock = NULL;
goto errexit;
}
}
if (pthread_mutex_init(&conf->servers->lock, NULL)) {
- debug(DBG_ERR, "mutex init failed");
+ debugerrno(errno, DBG_ERR, "mutex init failed");
goto errexit;
}
conf->servers->newrq = 0;
if (pthread_mutex_init(&conf->servers->newrq_mutex, NULL)) {
- debug(DBG_ERR, "mutex init failed");
+ debugerrno(errno, DBG_ERR, "mutex init failed");
pthread_mutex_destroy(&conf->servers->lock);
goto errexit;
}
if (pthread_cond_init(&conf->servers->newrq_cond, NULL)) {
- debug(DBG_ERR, "mutex init failed");
+ debugerrno(errno, DBG_ERR, "mutex init failed");
pthread_mutex_destroy(&conf->servers->newrq_mutex);
pthread_mutex_destroy(&conf->servers->lock);
goto errexit;
pthread_mutex_unlock(&to->replyq->mutex);
}
-int pwdencrypt(uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_t *auth) {
+int pwdcrypt(char encrypt_flag, uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_t *auth) {
static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
static unsigned char first = 1;
static EVP_MD_CTX mdctx;
}
for (i = 0; i < 16; i++)
out[offset + i] = hash[i] ^ in[offset + i];
- input = out + offset - 16;
- offset += 16;
- if (offset == len)
- break;
- }
- memcpy(in, out, len);
- pthread_mutex_unlock(&lock);
- return 1;
-}
-
-int pwddecrypt(uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_t *auth) {
- static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
- static unsigned char first = 1;
- static EVP_MD_CTX mdctx;
- unsigned char hash[EVP_MAX_MD_SIZE], *input;
- unsigned int md_len;
- uint8_t i, offset = 0, out[128];
-
- pthread_mutex_lock(&lock);
- if (first) {
- EVP_MD_CTX_init(&mdctx);
- first = 0;
- }
-
- input = auth;
- for (;;) {
- if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) ||
- !EVP_DigestUpdate(&mdctx, (uint8_t *)shared, sharedlen) ||
- !EVP_DigestUpdate(&mdctx, input, 16) ||
- !EVP_DigestFinal_ex(&mdctx, hash, &md_len) ||
- md_len != 16) {
- pthread_mutex_unlock(&lock);
- return 0;
- }
- for (i = 0; i < 16; i++)
- out[offset + i] = hash[i] ^ in[offset + i];
- input = in + offset;
+ if (encrypt_flag)
+ input = out + offset;
+ else
+ input = in + offset;
offset += 16;
if (offset == len)
break;
return 0;
}
- if (!pwddecrypt(pwd, len, oldsecret, strlen(oldsecret), oldauth)) {
+ if (!pwdcrypt(0, pwd, len, oldsecret, strlen(oldsecret), oldauth)) {
debug(DBG_WARN, "pwdrecrypt: cannot decrypt password");
return 0;
}
#ifdef DEBUG
printfchars(NULL, "pwdrecrypt: password", "%02x ", pwd, len);
#endif
- if (!pwdencrypt(pwd, len, newsecret, strlen(newsecret), newauth)) {
+ if (!pwdcrypt(1, pwd, len, newsecret, strlen(newsecret), newauth)) {
debug(DBG_WARN, "pwdrecrypt: cannot encrypt password");
return 0;
}
int dorewrite(struct radmsg *msg, struct rewrite *rewrite) {
int rv = 1; /* Success. */
- if (rewrite)
- return 1;
-
- if (rewrite->removeattrs || rewrite->removevendorattrs)
- dorewriterm(msg, rewrite->removeattrs, rewrite->removevendorattrs);
- if (rewrite->modattrs)
- if (!dorewritemod(msg, rewrite->modattrs))
- rv = 0;
- if (rewrite->addattrs)
- if (!dorewriteadd(msg, rewrite->addattrs))
- rv = 0;
-
+ if (rewrite) {
+ if (rewrite->removeattrs || rewrite->removevendorattrs)
+ dorewriterm(msg, rewrite->removeattrs, rewrite->removevendorattrs);
+ if (rewrite->modattrs)
+ if (!dorewritemod(msg, rewrite->modattrs))
+ rv = 0;
+ if (rewrite->addattrs)
+ if (!dorewriteadd(msg, rewrite->addattrs))
+ rv = 0;
+ }
return rv;
}
return 1;
}
+/** Create vendor specific tlv with ATTR. ATTR is consumed (freed) if
+ * all is well with the new tlv, i.e. if the function returns
+ * !NULL. */
static struct tlv *
-makevendortlv(uint32_t vendor, const struct tlv *attr)
+makevendortlv(uint32_t vendor, struct tlv *attr)
{
struct tlv *newtlv = NULL;
uint8_t l, *v;
+ if (!attr)
+ return NULL;
l = attr->l + 6;
v = malloc(l);
if (v) {
vendor = htonl(vendor & 0x00ffffff); /* MSB=0 according to RFC 2865. */
memcpy(v, &vendor, 4);
tlv2buf(v + 4, attr);
- v[5] += 2;
+ v[5] += 2; /* Vendor length increased for type and length fields. */
newtlv = maketlv(RAD_Attr_Vendor_Specific, l, v);
if (newtlv == NULL)
free(v);
+ else
+ freetlv(attr);
}
return newtlv;
}
+/** Ad vendor attribute with VENDOR + ATTR and push it on MSG. ATTR
+ * is consumed. */
int addvendorattr(struct radmsg *msg, uint32_t vendor, struct tlv *attr) {
struct tlv *vattr;
vattr = makevendortlv(vendor, attr);
- if (!vattr)
+ if (!vattr) {
+ freetlv(attr);
return 0;
+ }
if (!radmsg_add(msg, vattr)) {
freetlv(vattr);
return 0;
freetlv(attr);
} else {
attr = maketlv(attrtype[1], 4, ttl);
- if (attr) {
+ if (attr)
addvendorattr(msg, attrtype[0], attr);
- freetlv(attr);
- }
}
}
replymsg = radattr2ascii(radmsg_gettype(msg, RAD_Attr_Reply_Message));
if (stationid) {
if (replymsg) {
- debug(DBG_WARN, "%s for user %s stationid %s from %s (%s) to %s (%s)",
- radmsgtype2string(msg->code), username, stationid, server->conf->name, replymsg, from->conf->name, addr2string(from->addr));
+ debug(DBG_NOTICE,
+ "%s for user %s stationid %s from %s (%s) to %s (%s)",
+ radmsgtype2string(msg->code), username, stationid,
+ server->conf->name, replymsg, from->conf->name,
+ addr2string(from->addr));
free(replymsg);
} else
- debug(DBG_WARN, "%s for user %s stationid %s from %s to %s (%s)",
- radmsgtype2string(msg->code), username, stationid, server->conf->name, from->conf->name, addr2string(from->addr));
+ debug(DBG_NOTICE,
+ "%s for user %s stationid %s from %s to %s (%s)",
+ radmsgtype2string(msg->code), username, stationid,
+ server->conf->name, from->conf->name,
+ addr2string(from->addr));
free(stationid);
} else {
if (replymsg) {
- debug(DBG_WARN, "%s for user %s from %s (%s) to %s (%s)",
- radmsgtype2string(msg->code), username, server->conf->name, replymsg, from->conf->name, addr2string(from->addr));
+ debug(DBG_NOTICE, "%s for user %s from %s (%s) to %s (%s)",
+ radmsgtype2string(msg->code), username,
+ server->conf->name, replymsg, from->conf->name,
+ addr2string(from->addr));
free(replymsg);
} else
- debug(DBG_WARN, "%s for user %s from %s to %s (%s)",
- radmsgtype2string(msg->code), username, server->conf->name, from->conf->name, addr2string(from->addr));
+ debug(DBG_NOTICE, "%s for user %s from %s to %s (%s)",
+ radmsgtype2string(msg->code), username,
+ server->conf->name, from->conf->name,
+ addr2string(from->addr));
}
free(username);
}
}
server->connectionok = 1;
if (pthread_create(&clientrdth, NULL, conf->pdef->clientconnreader, (void *)server)) {
- debug(DBG_ERR, "clientwr: pthread_create failed");
+ debugerrno(errno, DBG_ERR, "clientwr: pthread_create failed");
goto errexit;
}
} else
for (res = hp->addrinfo; res; res = res->ai_next) {
s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (s < 0) {
- debug(DBG_WARN, "createlistener: socket failed");
+ debugerrno(errno, DBG_WARN, "createlistener: socket failed");
continue;
}
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on));
#endif
if (bind(s, res->ai_addr, res->ai_addrlen)) {
- debug(DBG_WARN, "createlistener: bind failed");
+ debugerrno(errno, DBG_WARN, "createlistener: bind failed");
close(s);
s = -1;
continue;
debugx(1, DBG_ERR, "malloc failed");
*sp = s;
if (pthread_create(&th, NULL, protodefs[type]->listener, (void *)sp))
- debugx(1, DBG_ERR, "pthread_create failed");
+ debugerrnox(errno, DBG_ERR, "pthread_create failed");
pthread_detach(th);
}
if (!sp)
memset(realm, 0, sizeof(struct realm));
if (pthread_mutex_init(&realm->mutex, NULL)) {
- debug(DBG_ERR, "mutex init failed");
+ debugerrno(errno, DBG_ERR, "mutex init failed");
free(realm);
realm = NULL;
goto exit;
srvconf->servers->dynamiclookuparg = stringcopy(realm->name, 0);
srvconf->servers->dynstartup = 1;
if (pthread_create(&clientth, NULL, clientwr, (void *)(srvconf->servers))) {
- debug(DBG_ERR, "pthread_create failed");
+ debugerrno(errno, DBG_ERR, "pthread_create failed");
freeserver(srvconf->servers, 1);
srvconf->servers = NULL;
} else
debug(DBG_DBG, "dynamicconfig: need dynamic server config for %s", server->dynamiclookuparg);
if (pipe(fd) > 0) {
- debug(DBG_ERR, "dynamicconfig: pipe error");
+ debugerrno(errno, DBG_ERR, "dynamicconfig: pipe error");
goto errexit;
}
pid = fork();
if (pid < 0) {
- debug(DBG_ERR, "dynamicconfig: fork error");
+ debugerrno(errno, DBG_ERR, "dynamicconfig: fork error");
close(fd[0]);
close(fd[1]);
goto errexit;
freegconf(&cf);
if (waitpid(pid, &status, 0) < 0) {
- debug(DBG_ERR, "dynamicconfig: wait error");
+ debugerrno(errno, DBG_ERR, "dynamicconfig: wait error");
goto errexit;
}
return *type < 256;
}
-/* should accept both names and numeric values, only numeric right now */
-struct tlv *extractattr(char *nameval) {
+/** Extract attributes from string NAMEVAL, create a struct tlv and
+ * return the tlv. If VENDOR_FLAG, NAMEVAL is on the form
+ * "<vendor>:<name>:<val>" and otherwise it's "<name>:<val>". Return
+ * NULL if fields are missing or if conversion fails.
+ *
+ * FIXME: Should accept both names and numeric values, only numeric
+ * right now */
+struct tlv *extractattr(char *nameval, char vendor_flag) {
int len, name = 0;
int vendor = 0; /* Vendor 0 is reserved, see RFC 1700. */
char *s, *s2;
struct tlv *a;
s = strchr(nameval, ':');
- name = atoi(nameval);
if (!s)
return NULL;
- len = strlen(s + 1);
- if (len > 253)
- return NULL;
+ name = atoi(nameval);
- s2 = strchr(s + 1, ':');
- if (s2) { /* Two ':' means we have vendor:name:val. */
+ if (vendor_flag) {
+ s2 = strchr(s + 1, ':');
+ if (!s2)
+ return NULL;
vendor = name;
- name = atoi(s2 + 1);
+ name = atoi(s + 1);
s = s2;
}
+ len = strlen(s + 1);
+ if (len > 253)
+ return NULL;
if (name < 1 || name > 255)
return NULL;
a->t = name;
a->l = len;
- if (vendor)
+ if (vendor_flag)
a = makevendortlv(vendor, a);
return a;
for (i = 0; i < n; i++)
if (!(rma[i] = attrname2val(rmattrs[i])))
- debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", rmattrs[i]);
+ debugx(1, DBG_ERR, "addrewrite: removing invalid attribute %s", rmattrs[i]);
freegconfmstr(rmattrs);
rma[i] = 0;
}
for (p = rmva, i = 0; i < n; i++, p += 2)
if (!vattrname2val(rmvattrs[i], p, p + 1))
- debugx(1, DBG_ERR, "addrewrite: invalid vendor attribute %s", rmvattrs[i]);
+ debugx(1, DBG_ERR, "addrewrite: removing invalid vendor attribute %s", rmvattrs[i]);
freegconfmstr(rmvattrs);
*p = 0;
}
if (!adda)
debugx(1, DBG_ERR, "malloc failed");
for (i = 0; addattrs[i]; i++) {
- a = extractattr(addattrs[i]);
+ a = extractattr(addattrs[i], 0);
if (!a)
- debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", addattrs[i]);
+ debugx(1, DBG_ERR, "addrewrite: adding invalid attribute %s", addattrs[i]);
if (!list_push(adda, a))
debugx(1, DBG_ERR, "malloc failed");
}
if (!adda)
debugx(1, DBG_ERR, "malloc failed");
for (i = 0; addvattrs[i]; i++) {
- a = extractattr(addvattrs[i]);
+ a = extractattr(addvattrs[i], 1);
if (!a)
- debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", addvattrs[i]);
+ debugx(1, DBG_ERR, "addrewrite: adding invalid vendor attribute %s", addvattrs[i]);
if (!list_push(adda, a))
debugx(1, DBG_ERR, "malloc failed");
}
for (i = 0; modattrs[i]; i++) {
m = extractmodattr(modattrs[i]);
if (!m)
- debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", modattrs[i]);
+ debugx(1, DBG_ERR, "addrewrite: modifying invalid attribute %s", modattrs[i]);
if (!list_push(moda, m))
debugx(1, DBG_ERR, "malloc failed");
}
debugx(1, DBG_ERR, "configuration error");
if (loglevel != LONG_MIN) {
- if (loglevel < 1 || loglevel > 4)
- debugx(1, DBG_ERR, "error in %s, value of option LogLevel is %d, must be 1, 2, 3 or 4", configfile, loglevel);
+ if (loglevel < 1 || loglevel > 5)
+ debugx(1, DBG_ERR, "error in %s, value of option LogLevel is %d, must be 1, 2, 3, 4 or 5", configfile, loglevel);
options.loglevel = (uint8_t)loglevel;
}
if (addttl != LONG_MIN) {
*configfile = optarg;
break;
case 'd':
- if (strlen(optarg) != 1 || *optarg < '1' || *optarg > '4')
- debugx(1, DBG_ERR, "Debug level must be 1, 2, 3 or 4, not %s", optarg);
+ if (strlen(optarg) != 1 || *optarg < '1' || *optarg > '5')
+ debugx(1, DBG_ERR, "Debug level must be 1, 2, 3, 4 or 5, not %s", optarg);
*loglevel = *optarg - '0';
break;
case 'f':
*pretend = 1;
break;
case 'v':
- debug(DBG_ERR, "radsecproxy revision $Rev$");
+ debug(DBG_ERR, "radsecproxy revision %s", PACKAGE_VERSION);
debug(DBG_ERR, "This binary was built with support for the following transports:");
#ifdef RADPROT_UDP
debug(DBG_ERR, " UDP");
}
int createpidfile(const char *pidfile) {
- int r;
+ int r = 0;
FILE *f = fopen(pidfile, "w");
if (f)
- r = fprintf(f, "%d\n", getpid());
+ r = fprintf(f, "%ld\n", (long) getpid());
return f && !fclose(f) && r >= 0;
}
debugx(1, DBG_ERR, "daemon() failed: %s", strerror(errno));
debug_timestamp_on();
- debug(DBG_INFO, "radsecproxy revision $Rev$ starting");
+ debug(DBG_INFO, "radsecproxy revision %s starting", PACKAGE_VERSION);
if (pidfile && !createpidfile(pidfile))
debugx(1, DBG_ERR, "failed to create pidfile %s: %s", pidfile, strerror(errno));