From 409bb858aca74bfd06dc7c01a2e7cdf7642d90d1 Mon Sep 17 00:00:00 2001 From: aland Date: Fri, 13 May 2005 23:03:34 +0000 Subject: [PATCH] Include "identity" in the listen{} section, so that you can do things like: DEFAULT Server-Identity == "foo", Proxy-To-Realm := foo.com i.e. handle the requests differently, based on which socket they came in on. It's like Packet-Dst-IP-Address, but independent of IPv4/IPv6 concerns, and you can have multiple sockets with the same identity. --- share/dictionary.freeradius.internal | 6 +----- src/include/radius.h | 1 + src/include/radiusd.h | 1 + src/main/listen.c | 28 ++++++++++++++++++++-------- src/main/xlat.c | 10 ++++++++++ 5 files changed, 33 insertions(+), 13 deletions(-) diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal index 1f219b6..7f68996 100644 --- a/share/dictionary.freeradius.internal +++ b/share/dictionary.freeradius.internal @@ -124,11 +124,7 @@ ATTRIBUTE MD5-Password 1095 octets ATTRIBUTE SMD5-Password 1096 octets ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr - -# -# Range: 1097-1199 -# unused. -# +ATTRIBUTE Server-Identity 1099 string # # Range: 1200-1279 diff --git a/src/include/radius.h b/src/include/radius.h index 2792407..0990799 100644 --- a/src/include/radius.h +++ b/src/include/radius.h @@ -205,6 +205,7 @@ #define PW_PACKET_SRC_IPV6_ADDRESS 1097 #define PW_PACKET_DST_IPV6_ADDRESS 1098 +#define PW_SERVER_IDENTITY 1099 /* * Integer Translations diff --git a/src/include/radiusd.h b/src/include/radiusd.h index b215471..e6152b2 100644 --- a/src/include/radiusd.h +++ b/src/include/radiusd.h @@ -186,6 +186,7 @@ struct rad_listen_t { */ RAD_LISTEN_TYPE type; int fd; + const char *identity; int (*recv)(rad_listen_t *, RAD_REQUEST_FUNP *, REQUEST **); diff --git a/src/main/listen.c b/src/main/listen.c index 4935652..883927f 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -978,13 +978,12 @@ static int detail_recv(rad_listen_t *listener, listener->fd = -1; listener->state = STATE_UNOPENED; - detail_open(listener); - /* - * Note that we don't open or create "detail" - * again, as we don't know what permissions to - * use. + * Try to open "detail" again. If we're on a + * busy RADIUS server, odds are that it will + * now exist. */ + detail_open(listener); return 0; } @@ -1530,13 +1529,14 @@ int listen_init(const char *filename, rad_listen_t **head) cs = cf_subsection_find_next(mainconfig.config, cs, "listen")) { int type; - char *listen_type; + char *listen_type, *identity; int listen_port; int lineno = cf_section_lineno(cs); lrad_ipaddr_t ipaddr; listen_port = 0; listen_type = NULL; + identity = NULL; rcode = cf_item_parse(cs, "type", PW_TYPE_STRING_PTR, &listen_type, ""); @@ -1548,6 +1548,14 @@ int listen_init(const char *filename, rad_listen_t **head) return -1; } + /* + * FIXME: We leak identity if we return, but who + * cares... the server will kill itself anyhow. + */ + rcode = cf_item_parse(cs, "identity", PW_TYPE_STRING_PTR, + &identity, NULL); + if (rcode < 0) return -1; + type = lrad_str2int(listen_compare, listen_type, RAD_LISTEN_NONE); if (type == RAD_LISTEN_NONE) { @@ -1571,15 +1579,17 @@ int listen_init(const char *filename, rad_listen_t **head) this = rad_malloc(sizeof(*this)); memset(this, 0, sizeof(*this)); this->type = type; + this->identity = identity; + this->fd = -1; + this->recv = detail_recv; this->send = detail_send; this->detail = detail; this->vps = NULL; - this->fd = -1; this->fp = NULL; this->state = STATE_UNOPENED; - + rcode = cf_item_parse(cs, "max_outstanding", PW_TYPE_INTEGER, &(this->max_outstanding), "0"); @@ -1626,6 +1636,8 @@ int listen_init(const char *filename, rad_listen_t **head) this = rad_malloc(sizeof(*this)); memset(this, 0, sizeof(*this)); this->type = type; + this->identity = identity; + this->ipaddr = ipaddr; this->port = listen_port; diff --git a/src/main/xlat.c b/src/main/xlat.c index d44efd9..3e40c10 100644 --- a/src/main/xlat.c +++ b/src/main/xlat.c @@ -231,6 +231,9 @@ static int xlat_packet(void *instance, REQUEST *request, /* * Some "magic" handlers, which are never in VP's, but * which are in the packet. + * + * FIXME: We should really do this in a more + * intelligent way... */ if (packet) { VALUE_PAIR localvp; @@ -317,6 +320,13 @@ static int xlat_packet(void *instance, REQUEST *request, sizeof(packet->dst_ipaddr.ipaddr.ip4addr.s_addr)); break; + case PW_SERVER_IDENTITY: + if (!request->listener->identity) return 0; + + snprintf(out, outlen, "%s", request->listener->identity); + return strlen(out); + break; + default: return 0; /* not found */ break; -- 2.1.4