X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.c;h=d08426e16b0bd525d4ab325d2ab6e24760220ea5;hb=d7ffa5730f6fd4fe9ac9c6e3db224d5d93ef71a5;hp=53847fb9bf1e8e5e651baf89007fe399f47a7830;hpb=40391a6afeb3bdd0e1ea91c9e0af066c4702ff47;p=libradsec.git diff --git a/radsecproxy.c b/radsecproxy.c index 53847fb..d08426e 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2006-2009 Stig Venaas + * Copyright (C) 2010, 2011 NORDUnet A/S * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -62,12 +63,12 @@ #include #include #include +#include #include #include #include #include #include "debug.h" -#include "list.h" #include "hash.h" #include "util.h" #include "hostport.h" @@ -76,6 +77,9 @@ #include "tcp.h" #include "tls.h" #include "dtls.h" +#if defined(WANT_FTICKS) +#include "fticks.h" +#endif static struct options options; static struct list *clconfs, *srvconfs; @@ -370,24 +374,24 @@ int addserver(struct clsrvconf *conf) { goto errexit; } if (pthread_mutex_init(conf->servers->requests[i].lock, NULL)) { - debug(DBG_ERR, "mutex init failed"); + debugerrno(errno, DBG_ERR, "mutex init failed"); free(conf->servers->requests[i].lock); conf->servers->requests[i].lock = NULL; goto errexit; } } if (pthread_mutex_init(&conf->servers->lock, NULL)) { - debug(DBG_ERR, "mutex init failed"); + debugerrno(errno, DBG_ERR, "mutex init failed"); goto errexit; } conf->servers->newrq = 0; if (pthread_mutex_init(&conf->servers->newrq_mutex, NULL)) { - debug(DBG_ERR, "mutex init failed"); + debugerrno(errno, DBG_ERR, "mutex init failed"); pthread_mutex_destroy(&conf->servers->lock); goto errexit; } if (pthread_cond_init(&conf->servers->newrq_cond, NULL)) { - debug(DBG_ERR, "mutex init failed"); + debugerrno(errno, DBG_ERR, "mutex init failed"); pthread_mutex_destroy(&conf->servers->newrq_mutex); pthread_mutex_destroy(&conf->servers->lock); goto errexit; @@ -559,43 +563,7 @@ void sendreply(struct request *rq) { pthread_mutex_unlock(&to->replyq->mutex); } -int pwdencrypt(uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_t *auth) { - static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; - static unsigned char first = 1; - static EVP_MD_CTX mdctx; - unsigned char hash[EVP_MAX_MD_SIZE], *input; - unsigned int md_len; - uint8_t i, offset = 0, out[128]; - - pthread_mutex_lock(&lock); - if (first) { - EVP_MD_CTX_init(&mdctx); - first = 0; - } - - input = auth; - for (;;) { - if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) || - !EVP_DigestUpdate(&mdctx, (uint8_t *)shared, sharedlen) || - !EVP_DigestUpdate(&mdctx, input, 16) || - !EVP_DigestFinal_ex(&mdctx, hash, &md_len) || - md_len != 16) { - pthread_mutex_unlock(&lock); - return 0; - } - for (i = 0; i < 16; i++) - out[offset + i] = hash[i] ^ in[offset + i]; - input = out + offset - 16; - offset += 16; - if (offset == len) - break; - } - memcpy(in, out, len); - pthread_mutex_unlock(&lock); - return 1; -} - -int pwddecrypt(uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_t *auth) { +int pwdcrypt(char encrypt_flag, uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_t *auth) { static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; static unsigned char first = 1; static EVP_MD_CTX mdctx; @@ -621,7 +589,10 @@ int pwddecrypt(uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_ } for (i = 0; i < 16; i++) out[offset + i] = hash[i] ^ in[offset + i]; - input = in + offset; + if (encrypt_flag) + input = out + offset; + else + input = in + offset; offset += 16; if (offset == len) break; @@ -883,14 +854,14 @@ int pwdrecrypt(uint8_t *pwd, uint8_t len, char *oldsecret, char *newsecret, uint return 0; } - if (!pwddecrypt(pwd, len, oldsecret, strlen(oldsecret), oldauth)) { + if (!pwdcrypt(0, pwd, len, oldsecret, strlen(oldsecret), oldauth)) { debug(DBG_WARN, "pwdrecrypt: cannot decrypt password"); return 0; } #ifdef DEBUG printfchars(NULL, "pwdrecrypt: password", "%02x ", pwd, len); #endif - if (!pwdencrypt(pwd, len, newsecret, strlen(newsecret), newauth)) { + if (!pwdcrypt(1, pwd, len, newsecret, strlen(newsecret), newauth)) { debug(DBG_WARN, "pwdrecrypt: cannot encrypt password"); return 0; } @@ -1666,26 +1637,42 @@ void replyh(struct server *server, unsigned char *buf) { replymsg = radattr2ascii(radmsg_gettype(msg, RAD_Attr_Reply_Message)); if (stationid) { if (replymsg) { - debug(DBG_WARN, "%s for user %s stationid %s from %s (%s) to %s (%s)", - radmsgtype2string(msg->code), username, stationid, server->conf->name, replymsg, from->conf->name, addr2string(from->addr)); + debug(DBG_NOTICE, + "%s for user %s stationid %s from %s (%s) to %s (%s)", + radmsgtype2string(msg->code), username, stationid, + server->conf->name, replymsg, from->conf->name, + addr2string(from->addr)); free(replymsg); } else - debug(DBG_WARN, "%s for user %s stationid %s from %s to %s (%s)", - radmsgtype2string(msg->code), username, stationid, server->conf->name, from->conf->name, addr2string(from->addr)); + debug(DBG_NOTICE, + "%s for user %s stationid %s from %s to %s (%s)", + radmsgtype2string(msg->code), username, stationid, + server->conf->name, from->conf->name, + addr2string(from->addr)); free(stationid); } else { if (replymsg) { - debug(DBG_WARN, "%s for user %s from %s (%s) to %s (%s)", - radmsgtype2string(msg->code), username, server->conf->name, replymsg, from->conf->name, addr2string(from->addr)); + debug(DBG_NOTICE, "%s for user %s from %s (%s) to %s (%s)", + radmsgtype2string(msg->code), username, + server->conf->name, replymsg, from->conf->name, + addr2string(from->addr)); free(replymsg); } else - debug(DBG_WARN, "%s for user %s from %s to %s (%s)", - radmsgtype2string(msg->code), username, server->conf->name, from->conf->name, addr2string(from->addr)); + debug(DBG_NOTICE, "%s for user %s from %s to %s (%s)", + radmsgtype2string(msg->code), username, + server->conf->name, from->conf->name, + addr2string(from->addr)); } free(username); } } +#if defined(WANT_FTICKS) + if (msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject) + if (options.fticks_reporting && from->conf->fticks_viscountry != NULL) + fticks_log(&options, from, msg, rqout); +#endif + msg->id = (char)rqout->rq->rqid; memcpy(msg->auth, rqout->rq->rqauth, 16); @@ -1795,7 +1782,7 @@ void *clientwr(void *arg) { } server->connectionok = 1; if (pthread_create(&clientrdth, NULL, conf->pdef->clientconnreader, (void *)server)) { - debug(DBG_ERR, "clientwr: pthread_create failed"); + debugerrno(errno, DBG_ERR, "clientwr: pthread_create failed"); goto errexit; } } else @@ -1928,7 +1915,7 @@ void createlistener(uint8_t type, char *arg) { for (res = hp->addrinfo; res; res = res->ai_next) { s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s < 0) { - debug(DBG_WARN, "createlistener: socket failed"); + debugerrno(errno, DBG_WARN, "createlistener: socket failed"); continue; } setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); @@ -1940,7 +1927,7 @@ void createlistener(uint8_t type, char *arg) { setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)); #endif if (bind(s, res->ai_addr, res->ai_addrlen)) { - debug(DBG_WARN, "createlistener: bind failed"); + debugerrno(errno, DBG_WARN, "createlistener: bind failed"); close(s); s = -1; continue; @@ -1951,7 +1938,7 @@ void createlistener(uint8_t type, char *arg) { debugx(1, DBG_ERR, "malloc failed"); *sp = s; if (pthread_create(&th, NULL, protodefs[type]->listener, (void *)sp)) - debugx(1, DBG_ERR, "pthread_create failed"); + debugerrnox(errno, DBG_ERR, "pthread_create failed"); pthread_detach(th); } if (!sp) @@ -2100,7 +2087,7 @@ struct realm *addrealm(struct list *realmlist, char *value, char **servers, char memset(realm, 0, sizeof(struct realm)); if (pthread_mutex_init(&realm->mutex, NULL)) { - debug(DBG_ERR, "mutex init failed"); + debugerrno(errno, DBG_ERR, "mutex init failed"); free(realm); realm = NULL; goto exit; @@ -2191,7 +2178,7 @@ struct list *createsubrealmservers(struct realm *realm, struct list *srvconfs) { srvconf->servers->dynamiclookuparg = stringcopy(realm->name, 0); srvconf->servers->dynstartup = 1; if (pthread_create(&clientth, NULL, clientwr, (void *)(srvconf->servers))) { - debug(DBG_ERR, "pthread_create failed"); + debugerrno(errno, DBG_ERR, "pthread_create failed"); freeserver(srvconf->servers, 1); srvconf->servers = NULL; } else @@ -2253,12 +2240,12 @@ int dynamicconfig(struct server *server) { debug(DBG_DBG, "dynamicconfig: need dynamic server config for %s", server->dynamiclookuparg); if (pipe(fd) > 0) { - debug(DBG_ERR, "dynamicconfig: pipe error"); + debugerrno(errno, DBG_ERR, "dynamicconfig: pipe error"); goto errexit; } pid = fork(); if (pid < 0) { - debug(DBG_ERR, "dynamicconfig: fork error"); + debugerrno(errno, DBG_ERR, "dynamicconfig: fork error"); close(fd[0]); close(fd[1]); goto errexit; @@ -2276,20 +2263,24 @@ int dynamicconfig(struct server *server) { close(fd[1]); pushgconffile(&cf, fdopen(fd[0], "r"), conf->dynamiclookupcommand); - ok = getgenericconfig(&cf, NULL, - "Server", CONF_CBK, confserver_cb, (void *)conf, - NULL - ); + ok = getgenericconfig(&cf, NULL, "Server", CONF_CBK, confserver_cb, + (void *) conf, NULL); freegconf(&cf); if (waitpid(pid, &status, 0) < 0) { - debug(DBG_ERR, "dynamicconfig: wait error"); + debugerrno(errno, DBG_ERR, "dynamicconfig: wait error"); goto errexit; } if (status) { - debug(DBG_INFO, "dynamicconfig: command exited with status %d", WEXITSTATUS(status)); - goto errexit; + if (WEXITSTATUS(status) == 10) { + debug(DBG_INFO, "dynamicconfig: command signals empty config"); + } + else { + debug(DBG_INFO, "dynamicconfig: command exited with status %d", + WEXITSTATUS(status)); + goto errexit; + } } if (ok) @@ -2327,27 +2318,35 @@ int vattrname2val(char *attrname, uint32_t *vendor, uint32_t *type) { return *type < 256; } -/* should accept both names and numeric values, only numeric right now */ -struct tlv *extractattr(char *nameval) { +/** Extract attributes from string NAMEVAL, create a struct tlv and + * return the tlv. If VENDOR_FLAG, NAMEVAL is on the form + * "::" and otherwise it's ":". Return + * NULL if fields are missing or if conversion fails. + * + * FIXME: Should accept both names and numeric values, only numeric + * right now */ +struct tlv *extractattr(char *nameval, char vendor_flag) { int len, name = 0; int vendor = 0; /* Vendor 0 is reserved, see RFC 1700. */ char *s, *s2; struct tlv *a; s = strchr(nameval, ':'); - name = atoi(nameval); if (!s) return NULL; - len = strlen(s + 1); - if (len > 253) - return NULL; + name = atoi(nameval); - s2 = strchr(s + 1, ':'); - if (s2) { /* Two ':' means we have vendor:name:val. */ + if (vendor_flag) { + s2 = strchr(s + 1, ':'); + if (!s2) + return NULL; vendor = name; - name = atoi(s2 + 1); + name = atoi(s + 1); s = s2; } + len = strlen(s + 1); + if (len > 253) + return NULL; if (name < 1 || name > 255) return NULL; @@ -2363,7 +2362,7 @@ struct tlv *extractattr(char *nameval) { a->t = name; a->l = len; - if (vendor) + if (vendor_flag) a = makevendortlv(vendor, a); return a; @@ -2431,10 +2430,12 @@ struct modattr *extractmodattr(char *nameval) { struct rewrite *getrewrite(char *alt1, char *alt2) { struct rewrite *r; - if ((r = hash_read(rewriteconfs, alt1, strlen(alt1)))) - return r; - if ((r = hash_read(rewriteconfs, alt2, strlen(alt2)))) - return r; + if (alt1) + if ((r = hash_read(rewriteconfs, alt1, strlen(alt1)))) + return r; + if (alt2) + if ((r = hash_read(rewriteconfs, alt2, strlen(alt2)))) + return r; return NULL; } @@ -2456,7 +2457,7 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c for (i = 0; i < n; i++) if (!(rma[i] = attrname2val(rmattrs[i]))) - debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", rmattrs[i]); + debugx(1, DBG_ERR, "addrewrite: removing invalid attribute %s", rmattrs[i]); freegconfmstr(rmattrs); rma[i] = 0; } @@ -2469,7 +2470,7 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c for (p = rmva, i = 0; i < n; i++, p += 2) if (!vattrname2val(rmvattrs[i], p, p + 1)) - debugx(1, DBG_ERR, "addrewrite: invalid vendor attribute %s", rmvattrs[i]); + debugx(1, DBG_ERR, "addrewrite: removing invalid vendor attribute %s", rmvattrs[i]); freegconfmstr(rmvattrs); *p = 0; } @@ -2479,9 +2480,9 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c if (!adda) debugx(1, DBG_ERR, "malloc failed"); for (i = 0; addattrs[i]; i++) { - a = extractattr(addattrs[i]); + a = extractattr(addattrs[i], 0); if (!a) - debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", addattrs[i]); + debugx(1, DBG_ERR, "addrewrite: adding invalid attribute %s", addattrs[i]); if (!list_push(adda, a)) debugx(1, DBG_ERR, "malloc failed"); } @@ -2494,9 +2495,9 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c if (!adda) debugx(1, DBG_ERR, "malloc failed"); for (i = 0; addvattrs[i]; i++) { - a = extractattr(addvattrs[i]); + a = extractattr(addvattrs[i], 1); if (!a) - debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", addvattrs[i]); + debugx(1, DBG_ERR, "addrewrite: adding invalid vendor attribute %s", addvattrs[i]); if (!list_push(adda, a)) debugx(1, DBG_ERR, "malloc failed"); } @@ -2510,7 +2511,7 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c for (i = 0; modattrs[i]; i++) { m = extractmodattr(modattrs[i]); if (!m) - debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", modattrs[i]); + debugx(1, DBG_ERR, "addrewrite: modifying invalid attribute %s", modattrs[i]); if (!list_push(moda, m)) debugx(1, DBG_ERR, "malloc failed"); } @@ -2671,22 +2672,26 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char memset(conf, 0, sizeof(struct clsrvconf)); conf->certnamecheck = 1; - if (!getgenericconfig(cf, block, - "type", CONF_STR, &conftype, - "host", CONF_MSTR, &conf->hostsrc, - "secret", CONF_STR, &conf->secret, + if (!getgenericconfig( + cf, block, + "type", CONF_STR, &conftype, + "host", CONF_MSTR, &conf->hostsrc, + "secret", CONF_STR, &conf->secret, #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) - "tls", CONF_STR, &conf->tls, - "matchcertificateattribute", CONF_STR, &conf->matchcertattr, - "CertificateNameCheck", CONF_BLN, &conf->certnamecheck, + "tls", CONF_STR, &conf->tls, + "matchcertificateattribute", CONF_STR, &conf->matchcertattr, + "CertificateNameCheck", CONF_BLN, &conf->certnamecheck, #endif - "DuplicateInterval", CONF_LINT, &dupinterval, - "addTTL", CONF_LINT, &addttl, - "rewrite", CONF_STR, &rewriteinalias, - "rewriteIn", CONF_STR, &conf->confrewritein, - "rewriteOut", CONF_STR, &conf->confrewriteout, - "rewriteattribute", CONF_STR, &conf->confrewriteusername, - NULL + "DuplicateInterval", CONF_LINT, &dupinterval, + "addTTL", CONF_LINT, &addttl, + "rewrite", CONF_STR, &rewriteinalias, + "rewriteIn", CONF_STR, &conf->confrewritein, + "rewriteOut", CONF_STR, &conf->confrewriteout, + "rewriteattribute", CONF_STR, &conf->confrewriteusername, +#if defined(WANT_FTICKS) + "fticksVISCOUNTRY", CONF_STR, &conf->fticks_viscountry, +#endif + NULL )) debugx(1, DBG_ERR, "configuration error"); @@ -2711,7 +2716,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) if (conf->type == RAD_TLS || conf->type == RAD_DTLS) { - conf->tlsconf = conf->tls ? tlsgettls(conf->tls, NULL) : tlsgettls("defaultclient", "default"); + conf->tlsconf = conf->tls + ? tlsgettls(conf->tls, NULL) + : tlsgettls("defaultClient", "default"); if (!conf->tlsconf) debugx(1, DBG_ERR, "error in block %s, no tls context defined", block); if (conf->matchcertattr && !addmatchcertattr(conf)) @@ -2736,7 +2743,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char conf->confrewritein = rewriteinalias; else free(rewriteinalias); - conf->rewritein = conf->confrewritein ? getrewrite(conf->confrewritein, NULL) : getrewrite("defaultclient", "default"); + conf->rewritein = conf->confrewritein + ? getrewrite(conf->confrewritein, NULL) + : getrewrite("defaultClient", "default"); if (conf->confrewriteout) conf->rewriteout = getrewrite(conf->confrewriteout, NULL); @@ -2771,7 +2780,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char int compileserverconfig(struct clsrvconf *conf, const char *block) { #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) if (conf->type == RAD_TLS || conf->type == RAD_DTLS) { - conf->tlsconf = conf->tls ? tlsgettls(conf->tls, NULL) : tlsgettls("defaultserver", "default"); + conf->tlsconf = conf->tls + ? tlsgettls(conf->tls, NULL) + : tlsgettls("defaultServer", "default"); if (!conf->tlsconf) { debug(DBG_ERR, "error in block %s, no tls context defined", block); return 0; @@ -2796,12 +2807,14 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { if (conf->retrycount == 255) conf->retrycount = conf->pdef->retrycountdefault; - conf->rewritein = conf->confrewritein ? getrewrite(conf->confrewritein, NULL) : getrewrite("defaultserver", "default"); + conf->rewritein = conf->confrewritein + ? getrewrite(conf->confrewritein, NULL) + : getrewrite("defaultServer", "default"); if (conf->confrewriteout) conf->rewriteout = getrewrite(conf->confrewriteout, NULL); if (!addhostport(&conf->hostports, conf->hostsrc, conf->portsrc, 0)) { - debug(DBG_ERR, "error in block %s, failed to parse %s", block, conf->hostsrc); + debug(DBG_ERR, "error in block %s, failed to parse %s", block, *conf->hostsrc); return 0; } @@ -3018,6 +3031,11 @@ void getmainconfig(const char *configfile) { struct gconffile *cfs; char **listenargs[RAD_PROTOCOUNT]; char *sourcearg[RAD_PROTOCOUNT]; +#if defined(WANT_FTICKS) + uint8_t *fticks_reporting_str = NULL; + uint8_t *fticks_mac_str = NULL; + uint8_t *fticks_key_str = NULL; +#endif int i; cfs = openconfigfile(configfile); @@ -3041,42 +3059,49 @@ void getmainconfig(const char *configfile) { if (!rewriteconfs) debugx(1, DBG_ERR, "malloc failed"); - if (!getgenericconfig(&cfs, NULL, + if (!getgenericconfig( + &cfs, NULL, #ifdef RADPROT_UDP - "ListenUDP", CONF_MSTR, &listenargs[RAD_UDP], - "SourceUDP", CONF_STR, &sourcearg[RAD_UDP], + "ListenUDP", CONF_MSTR, &listenargs[RAD_UDP], + "SourceUDP", CONF_STR, &sourcearg[RAD_UDP], #endif #ifdef RADPROT_TCP - "ListenTCP", CONF_MSTR, &listenargs[RAD_TCP], - "SourceTCP", CONF_STR, &sourcearg[RAD_TCP], + "ListenTCP", CONF_MSTR, &listenargs[RAD_TCP], + "SourceTCP", CONF_STR, &sourcearg[RAD_TCP], #endif #ifdef RADPROT_TLS - "ListenTLS", CONF_MSTR, &listenargs[RAD_TLS], - "SourceTLS", CONF_STR, &sourcearg[RAD_TLS], + "ListenTLS", CONF_MSTR, &listenargs[RAD_TLS], + "SourceTLS", CONF_STR, &sourcearg[RAD_TLS], #endif #ifdef RADPROT_DTLS - "ListenDTLS", CONF_MSTR, &listenargs[RAD_DTLS], - "SourceDTLS", CONF_STR, &sourcearg[RAD_DTLS], + "ListenDTLS", CONF_MSTR, &listenargs[RAD_DTLS], + "SourceDTLS", CONF_STR, &sourcearg[RAD_DTLS], #endif - "TTLAttribute", CONF_STR, &options.ttlattr, - "addTTL", CONF_LINT, &addttl, - "LogLevel", CONF_LINT, &loglevel, - "LogDestination", CONF_STR, &options.logdestination, - "LoopPrevention", CONF_BLN, &options.loopprevention, - "Client", CONF_CBK, confclient_cb, NULL, - "Server", CONF_CBK, confserver_cb, NULL, - "Realm", CONF_CBK, confrealm_cb, NULL, + "TTLAttribute", CONF_STR, &options.ttlattr, + "addTTL", CONF_LINT, &addttl, + "LogLevel", CONF_LINT, &loglevel, + "LogDestination", CONF_STR, &options.logdestination, + "LoopPrevention", CONF_BLN, &options.loopprevention, + "Client", CONF_CBK, confclient_cb, NULL, + "Server", CONF_CBK, confserver_cb, NULL, + "Realm", CONF_CBK, confrealm_cb, NULL, #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) - "TLS", CONF_CBK, conftls_cb, NULL, + "TLS", CONF_CBK, conftls_cb, NULL, #endif - "Rewrite", CONF_CBK, confrewrite_cb, NULL, - NULL + "Rewrite", CONF_CBK, confrewrite_cb, NULL, +#if defined(WANT_FTICKS) + "FTicksReporting", CONF_STR, &fticks_reporting_str, + "FTicksMAC", CONF_STR, &fticks_mac_str, + "FTicksKey", CONF_STR, &fticks_key_str, + "FTicksSyslogFacility", CONF_STR, &options.ftickssyslogfacility, +#endif + NULL )) debugx(1, DBG_ERR, "configuration error"); if (loglevel != LONG_MIN) { - if (loglevel < 1 || loglevel > 4) - debugx(1, DBG_ERR, "error in %s, value of option LogLevel is %d, must be 1, 2, 3 or 4", configfile, loglevel); + if (loglevel < 1 || loglevel > 5) + debugx(1, DBG_ERR, "error in %s, value of option LogLevel is %d, must be 1, 2, 3, 4 or 5", configfile, loglevel); options.loglevel = (uint8_t)loglevel; } if (addttl != LONG_MIN) { @@ -3087,6 +3112,11 @@ void getmainconfig(const char *configfile) { if (!setttlattr(&options, DEFAULT_TTL_ATTR)) debugx(1, DBG_ERR, "Failed to set TTLAttribute, exiting"); +#if defined(WANT_FTICKS) + fticks_configure(&options, &fticks_reporting_str, &fticks_mac_str, + &fticks_key_str); +#endif + for (i = 0; i < RAD_PROTOCOUNT; i++) if (listenargs[i] || sourcearg[i]) setprotoopts(i, listenargs[i], sourcearg[i]); @@ -3101,8 +3131,8 @@ void getargs(int argc, char **argv, uint8_t *foreground, uint8_t *pretend, uint8 *configfile = optarg; break; case 'd': - if (strlen(optarg) != 1 || *optarg < '1' || *optarg > '4') - debugx(1, DBG_ERR, "Debug level must be 1, 2, 3 or 4, not %s", optarg); + if (strlen(optarg) != 1 || *optarg < '1' || *optarg > '5') + debugx(1, DBG_ERR, "Debug level must be 1, 2, 3, 4 or 5, not %s", optarg); *loglevel = *optarg - '0'; break; case 'f': @@ -3115,7 +3145,7 @@ void getargs(int argc, char **argv, uint8_t *foreground, uint8_t *pretend, uint8 *pretend = 1; break; case 'v': - debug(DBG_ERR, "radsecproxy revision $Rev$"); + debug(DBG_ERR, "radsecproxy revision %s", PACKAGE_VERSION); debug(DBG_ERR, "This binary was built with support for the following transports:"); #ifdef RADPROT_UDP debug(DBG_ERR, " UDP"); @@ -3185,14 +3215,14 @@ void *sighandler(void *arg) { } int createpidfile(const char *pidfile) { - int r; + int r = 0; FILE *f = fopen(pidfile, "w"); if (f) - r = fprintf(f, "%d\n", getpid()); + r = fprintf(f, "%ld\n", (long) getpid()); return f && !fclose(f) && r >= 0; } -int main(int argc, char **argv) { +int radsecproxy_main(int argc, char **argv) { pthread_t sigth; sigset_t sigset; struct list_node *entry; @@ -3218,8 +3248,18 @@ int main(int argc, char **argv) { options.loglevel = loglevel; else if (options.loglevel) debug_set_level(options.loglevel); - if (!foreground) - debug_set_destination(options.logdestination ? options.logdestination : "x-syslog:///"); + if (!foreground) { + debug_set_destination(options.logdestination + ? options.logdestination + : "x-syslog:///", LOG_TYPE_DEBUG); +#if defined(WANT_FTICKS) + if (options.ftickssyslogfacility) { + debug_set_destination(options.ftickssyslogfacility, + LOG_TYPE_FTICKS); + free(options.ftickssyslogfacility); + } +#endif + } free(options.logdestination); if (!list_first(clconfs)) @@ -3234,7 +3274,7 @@ int main(int argc, char **argv) { debugx(1, DBG_ERR, "daemon() failed: %s", strerror(errno)); debug_timestamp_on(); - debug(DBG_INFO, "radsecproxy revision $Rev$ starting"); + debug(DBG_INFO, "radsecproxy revision %s starting", PACKAGE_VERSION); if (pidfile && !createpidfile(pidfile)) debugx(1, DBG_ERR, "failed to create pidfile %s: %s", pidfile, strerror(errno));