X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.c;h=d08426e16b0bd525d4ab325d2ab6e24760220ea5;hb=d7ffa5730f6fd4fe9ac9c6e3db224d5d93ef71a5;hp=2227193ee3edd66739b7c2cba9b45905feb04749;hpb=59e93add209b19fd1c29209930397a20a9d9c932;p=libradsec.git diff --git a/radsecproxy.c b/radsecproxy.c index 2227193..d08426e 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -69,7 +69,6 @@ #include #include #include "debug.h" -#include "list.h" #include "hash.h" #include "util.h" #include "hostport.h" @@ -78,7 +77,9 @@ #include "tcp.h" #include "tls.h" #include "dtls.h" +#if defined(WANT_FTICKS) #include "fticks.h" +#endif static struct options options; static struct list *clconfs, *srvconfs; @@ -1666,6 +1667,12 @@ void replyh(struct server *server, unsigned char *buf) { } } +#if defined(WANT_FTICKS) + if (msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject) + if (options.fticks_reporting && from->conf->fticks_viscountry != NULL) + fticks_log(&options, from, msg, rqout); +#endif + msg->id = (char)rqout->rq->rqid; memcpy(msg->auth, rqout->rq->rqauth, 16); @@ -1692,9 +1699,6 @@ void replyh(struct server *server, unsigned char *buf) { debug(msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Accounting_Response ? DBG_WARN : DBG_INFO, "replyh: passing %s to client %s (%s)", radmsgtype2string(msg->code), from->conf->name, addr2string(from->addr)); - if (options.fticks_reporting && from->conf->fticks_viscountry != NULL) - fticks_log(&options, from, msg, rqout); - radmsg_free(rqout->rq->msg); rqout->rq->msg = msg; sendreply(newrqref(rqout->rq)); @@ -2259,10 +2263,8 @@ int dynamicconfig(struct server *server) { close(fd[1]); pushgconffile(&cf, fdopen(fd[0], "r"), conf->dynamiclookupcommand); - ok = getgenericconfig(&cf, NULL, - "Server", CONF_CBK, confserver_cb, (void *)conf, - NULL - ); + ok = getgenericconfig(&cf, NULL, "Server", CONF_CBK, confserver_cb, + (void *) conf, NULL); freegconf(&cf); if (waitpid(pid, &status, 0) < 0) { @@ -2271,8 +2273,14 @@ int dynamicconfig(struct server *server) { } if (status) { - debug(DBG_INFO, "dynamicconfig: command exited with status %d", WEXITSTATUS(status)); - goto errexit; + if (WEXITSTATUS(status) == 10) { + debug(DBG_INFO, "dynamicconfig: command signals empty config"); + } + else { + debug(DBG_INFO, "dynamicconfig: command exited with status %d", + WEXITSTATUS(status)); + goto errexit; + } } if (ok) @@ -2680,7 +2688,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char "rewriteIn", CONF_STR, &conf->confrewritein, "rewriteOut", CONF_STR, &conf->confrewriteout, "rewriteattribute", CONF_STR, &conf->confrewriteusername, +#if defined(WANT_FTICKS) "fticksVISCOUNTRY", CONF_STR, &conf->fticks_viscountry, +#endif NULL )) debugx(1, DBG_ERR, "configuration error"); @@ -2706,7 +2716,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) if (conf->type == RAD_TLS || conf->type == RAD_DTLS) { - conf->tlsconf = conf->tls ? tlsgettls(conf->tls, NULL) : tlsgettls("defaultclient", "default"); + conf->tlsconf = conf->tls + ? tlsgettls(conf->tls, NULL) + : tlsgettls("defaultClient", "default"); if (!conf->tlsconf) debugx(1, DBG_ERR, "error in block %s, no tls context defined", block); if (conf->matchcertattr && !addmatchcertattr(conf)) @@ -2731,7 +2743,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char conf->confrewritein = rewriteinalias; else free(rewriteinalias); - conf->rewritein = conf->confrewritein ? getrewrite(conf->confrewritein, NULL) : getrewrite("defaultclient", "default"); + conf->rewritein = conf->confrewritein + ? getrewrite(conf->confrewritein, NULL) + : getrewrite("defaultClient", "default"); if (conf->confrewriteout) conf->rewriteout = getrewrite(conf->confrewriteout, NULL); @@ -2766,7 +2780,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char int compileserverconfig(struct clsrvconf *conf, const char *block) { #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) if (conf->type == RAD_TLS || conf->type == RAD_DTLS) { - conf->tlsconf = conf->tls ? tlsgettls(conf->tls, NULL) : tlsgettls("defaultserver", "default"); + conf->tlsconf = conf->tls + ? tlsgettls(conf->tls, NULL) + : tlsgettls("defaultServer", "default"); if (!conf->tlsconf) { debug(DBG_ERR, "error in block %s, no tls context defined", block); return 0; @@ -2791,12 +2807,14 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { if (conf->retrycount == 255) conf->retrycount = conf->pdef->retrycountdefault; - conf->rewritein = conf->confrewritein ? getrewrite(conf->confrewritein, NULL) : getrewrite("defaultserver", "default"); + conf->rewritein = conf->confrewritein + ? getrewrite(conf->confrewritein, NULL) + : getrewrite("defaultServer", "default"); if (conf->confrewriteout) conf->rewriteout = getrewrite(conf->confrewriteout, NULL); if (!addhostport(&conf->hostports, conf->hostsrc, conf->portsrc, 0)) { - debug(DBG_ERR, "error in block %s, failed to parse %s", block, conf->hostsrc); + debug(DBG_ERR, "error in block %s, failed to parse %s", block, *conf->hostsrc); return 0; } @@ -3008,79 +3026,16 @@ int setprotoopts(uint8_t type, char **listenargs, char *sourcearg) { return 1; } -/* FIXME: Move to fticks.c. */ -int configure_fticks(uint8_t **reportingp, uint8_t **macp, uint8_t **keyp) { - int r = 0; - const char *reporting = (const char *) *reportingp; - const char *mac = (const char *) *macp; - - if (reporting == NULL) - goto out; - - if (strcasecmp(reporting, "None") == 0) - options.fticks_reporting = RSP_FTICKS_REPORTING_NONE; - else if (strcasecmp(reporting, "Basic") == 0) - options.fticks_reporting = RSP_FTICKS_REPORTING_BASIC; - else if (strcasecmp(reporting, "Full") == 0) - options.fticks_reporting = RSP_FTICKS_REPORTING_FULL; - else { - debugx(1, DBG_ERR, "config error: invalid FTicksReporting value: %s", - reporting); - r = 1; - goto out; - } - - if (strcasecmp(mac, "Static") == 0) - options.fticks_mac = RSP_FTICKS_MAC_STATIC; - else if (strcasecmp(mac, "Original") == 0) - options.fticks_mac = RSP_FTICKS_MAC_ORIGINAL; - else if (strcasecmp(mac, "VendorHashed") == 0) - options.fticks_mac = RSP_FTICKS_MAC_VENDOR_HASHED; - else if (strcasecmp(mac, "VendorKeyHashed") == 0) - options.fticks_mac = RSP_FTICKS_MAC_VENDOR_KEY_HASHED; - else if (strcasecmp(mac, "FullyHashed") == 0) - options.fticks_mac = RSP_FTICKS_MAC_FULLY_HASHED; - else if (strcasecmp(mac, "FullyKeyHashed") == 0) - options.fticks_mac = RSP_FTICKS_MAC_FULLY_KEY_HASHED; - else { - debugx(1, DBG_ERR, "config error: invalid FTicksMAC value: %s", mac); - r = 1; - goto out; - } - - if (*keyp == NULL - && (options.fticks_mac == RSP_FTICKS_MAC_VENDOR_KEY_HASHED - || options.fticks_mac == RSP_FTICKS_MAC_FULLY_KEY_HASHED)) { - debugx(1, DBG_ERR, - "config error: FTicksMAC %s requires an FTicksKey", mac); - options.fticks_mac = RSP_FTICKS_MAC_STATIC; - r = 1; - goto out; - } - - if (*keyp != NULL) - options.fticks_key = *keyp; - -out: - if (*reportingp != NULL) { - free(*reportingp); - *reportingp = NULL; - } - if (*macp != NULL) { - free(*macp); - *macp = NULL; - } - return r; -} - void getmainconfig(const char *configfile) { long int addttl = LONG_MIN, loglevel = LONG_MIN; struct gconffile *cfs; char **listenargs[RAD_PROTOCOUNT]; char *sourcearg[RAD_PROTOCOUNT]; +#if defined(WANT_FTICKS) uint8_t *fticks_reporting_str = NULL; uint8_t *fticks_mac_str = NULL; uint8_t *fticks_key_str = NULL; +#endif int i; cfs = openconfigfile(configfile); @@ -3134,9 +3089,12 @@ void getmainconfig(const char *configfile) { "TLS", CONF_CBK, conftls_cb, NULL, #endif "Rewrite", CONF_CBK, confrewrite_cb, NULL, +#if defined(WANT_FTICKS) "FTicksReporting", CONF_STR, &fticks_reporting_str, "FTicksMAC", CONF_STR, &fticks_mac_str, "FTicksKey", CONF_STR, &fticks_key_str, + "FTicksSyslogFacility", CONF_STR, &options.ftickssyslogfacility, +#endif NULL )) debugx(1, DBG_ERR, "configuration error"); @@ -3154,7 +3112,10 @@ void getmainconfig(const char *configfile) { if (!setttlattr(&options, DEFAULT_TTL_ATTR)) debugx(1, DBG_ERR, "Failed to set TTLAttribute, exiting"); - configure_fticks(&fticks_reporting_str, &fticks_mac_str, &fticks_key_str); +#if defined(WANT_FTICKS) + fticks_configure(&options, &fticks_reporting_str, &fticks_mac_str, + &fticks_key_str); +#endif for (i = 0; i < RAD_PROTOCOUNT; i++) if (listenargs[i] || sourcearg[i]) @@ -3261,7 +3222,7 @@ int createpidfile(const char *pidfile) { return f && !fclose(f) && r >= 0; } -int main(int argc, char **argv) { +int radsecproxy_main(int argc, char **argv) { pthread_t sigth; sigset_t sigset; struct list_node *entry; @@ -3287,8 +3248,18 @@ int main(int argc, char **argv) { options.loglevel = loglevel; else if (options.loglevel) debug_set_level(options.loglevel); - if (!foreground) - debug_set_destination(options.logdestination ? options.logdestination : "x-syslog:///"); + if (!foreground) { + debug_set_destination(options.logdestination + ? options.logdestination + : "x-syslog:///", LOG_TYPE_DEBUG); +#if defined(WANT_FTICKS) + if (options.ftickssyslogfacility) { + debug_set_destination(options.ftickssyslogfacility, + LOG_TYPE_FTICKS); + free(options.ftickssyslogfacility); + } +#endif + } free(options.logdestination); if (!list_first(clconfs))