2 * client.c Read clients into memory.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2000,2006 The FreeRADIUS server project
21 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/radius_snmp.h>
30 #include <freeradius-devel/rad_assert.h>
37 struct radclient_list {
39 * FIXME: One set of trees for IPv4, and another for IPv6?
41 rbtree_t *trees[129]; /* for 0..128, inclusive. */
47 static rbtree_t *tree_num; /* client numbers 0..N */
48 static int tree_num_max;
50 static RADCLIENT_LIST *root_clients;
53 * Callback for freeing a client.
55 void client_free(RADCLIENT *client)
57 free(client->longname);
59 free(client->shortname);
60 free(client->nastype);
62 free(client->password);
67 #ifdef WITH_ACCOUNTING
77 * Callback for comparing two clients.
79 static int client_ipaddr_cmp(const void *one, const void *two)
81 const RADCLIENT *a = one;
82 const RADCLIENT *b = two;
84 return fr_ipaddr_cmp(&a->ipaddr, &b->ipaddr);
88 static int client_num_cmp(const void *one, const void *two)
90 const RADCLIENT *a = one;
91 const RADCLIENT *b = two;
93 return (a->number - b->number);
98 * Free a RADCLIENT list.
100 void clients_free(RADCLIENT_LIST *clients)
104 if (!clients) return;
106 for (i = 0; i <= 128; i++) {
107 if (clients->trees[i]) rbtree_free(clients->trees[i]);
108 clients->trees[i] = NULL;
111 if (clients == root_clients) {
113 if (tree_num) rbtree_free(tree_num);
124 * Return a new, initialized, set of clients.
126 RADCLIENT_LIST *clients_init(void)
128 RADCLIENT_LIST *clients = calloc(1, sizeof(RADCLIENT_LIST));
130 if (!clients) return NULL;
132 clients->min_prefix = 128;
139 * Sanity check a client.
141 static int client_sane(RADCLIENT *client)
143 switch (client->ipaddr.af) {
145 if (client->prefix > 32) {
150 * Zero out the subnet bits.
152 if (client->prefix == 0) {
153 memset(&client->ipaddr.ipaddr.ip4addr, 0,
154 sizeof(client->ipaddr.ipaddr.ip4addr));
156 } else if (client->prefix < 32) {
159 mask <<= (32 - client->prefix);
160 client->ipaddr.ipaddr.ip4addr.s_addr &= htonl(mask);
165 if (client->prefix > 128) return 0;
167 if (client->prefix == 0) {
168 memset(&client->ipaddr.ipaddr.ip6addr, 0,
169 sizeof(client->ipaddr.ipaddr.ip6addr));
171 } else if (client->prefix < 128) {
173 uint32_t mask, *addr;
175 addr = (uint32_t *) &client->ipaddr.ipaddr.ip6addr;
177 for (i = client->prefix; i < 128; i += 32) {
179 mask <<= ((128 - i) & 0x1f);
180 addr[i / 32] &= mask;
194 * Add a client to the tree.
196 int client_add(RADCLIENT_LIST *clients, RADCLIENT *client)
203 * If "clients" is NULL, it means add to the global list.
207 * Initialize it, if not done already.
210 root_clients = clients_init();
211 if (!root_clients) return 0;
213 clients = root_clients;
216 if ((client->prefix < 0) || (client->prefix > 128)) {
220 if (!client_sane(client)) return 0;
223 * Create a tree for it.
225 if (!clients->trees[client->prefix]) {
226 clients->trees[client->prefix] = rbtree_create(client_ipaddr_cmp,
227 (void *) client_free, 0);
228 if (!clients->trees[client->prefix]) {
234 * Cannot insert the same client twice.
236 if (rbtree_find(clients->trees[client->prefix], client)) {
237 radlog(L_ERR, "Failed to add duplicate client %s",
243 * Other error adding client: likely is fatal.
245 if (!rbtree_insert(clients->trees[client->prefix], client)) {
251 tree_num = rbtree_create(client_num_cmp, NULL, 0);
256 * Catch clients added by rlm_sql.
259 client->auth = rad_malloc(sizeof(*client->auth));
260 memset(client->auth, 0, sizeof(*client->auth));
263 #ifdef WITH_ACCOUNTING
265 client->acct = rad_malloc(sizeof(*client->acct));
266 memset(client->acct, 0, sizeof(*client->acct));
270 client->number = tree_num_max;
272 if (tree_num) rbtree_insert(tree_num, client);
275 if (client->prefix < clients->min_prefix) {
276 clients->min_prefix = client->prefix;
284 * Find a client in the RADCLIENTS list by number.
285 * This is a support function for the SNMP code.
287 RADCLIENT *client_findbynumber(const RADCLIENT_LIST *clients,
291 if (!clients) clients = root_clients;
293 if (!clients) return NULL;
295 if (number >= tree_num_max) return NULL;
300 myclient.number = number;
302 return rbtree_finddata(tree_num, &myclient);
305 clients = clients; /* -Wunused */
306 number = number; /* -Wunused */
313 * Find a client in the RADCLIENTS list.
315 RADCLIENT *client_find(const RADCLIENT_LIST *clients,
316 const fr_ipaddr_t *ipaddr)
321 if (!clients) clients = root_clients;
323 if (!clients || !ipaddr) return NULL;
325 switch (ipaddr->af) {
338 for (i = max_prefix; i >= clients->min_prefix; i--) {
342 myclient.ipaddr = *ipaddr;
343 client_sane(&myclient); /* clean up the ipaddress */
345 if (!clients->trees[i]) continue;
347 data = rbtree_finddata(clients->trees[i], &myclient);
358 * Old wrapper for client_find
360 RADCLIENT *client_find_old(const fr_ipaddr_t *ipaddr)
362 return client_find(root_clients, ipaddr);
365 static struct in_addr cl_ip4addr;
366 static struct in6_addr cl_ip6addr;
368 static const CONF_PARSER client_config[] = {
369 { "ipaddr", PW_TYPE_IPADDR,
370 0, &cl_ip4addr, NULL },
371 { "ipv6addr", PW_TYPE_IPV6ADDR,
372 0, &cl_ip6addr, NULL },
373 { "netmask", PW_TYPE_INTEGER,
374 offsetof(RADCLIENT, prefix), 0, NULL },
376 { "require_message_authenticator", PW_TYPE_BOOLEAN,
377 offsetof(RADCLIENT, message_authenticator), 0, "no" },
379 { "secret", PW_TYPE_STRING_PTR,
380 offsetof(RADCLIENT, secret), 0, NULL },
381 { "shortname", PW_TYPE_STRING_PTR,
382 offsetof(RADCLIENT, shortname), 0, NULL },
383 { "nastype", PW_TYPE_STRING_PTR,
384 offsetof(RADCLIENT, nastype), 0, NULL },
385 { "login", PW_TYPE_STRING_PTR,
386 offsetof(RADCLIENT, login), 0, NULL },
387 { "password", PW_TYPE_STRING_PTR,
388 offsetof(RADCLIENT, password), 0, NULL },
389 { "virtual_server", PW_TYPE_STRING_PTR,
390 offsetof(RADCLIENT, server), 0, NULL },
391 { "server", PW_TYPE_STRING_PTR, /* compatability with 2.0-pre */
392 offsetof(RADCLIENT, server), 0, NULL },
394 { NULL, -1, 0, NULL, NULL }
398 static RADCLIENT *client_parse(CONF_SECTION *cs, int in_server)
403 name2 = cf_section_name2(cs);
405 cf_log_err(cf_sectiontoitem(cs),
406 "Missing client name");
411 * The size is fine.. Let's create the buffer
413 c = rad_malloc(sizeof(*c));
414 memset(c, 0, sizeof(*c));
418 c->auth = rad_malloc(sizeof(*c->auth));
419 memset(c->auth, 0, sizeof(*c->auth));
421 #ifdef WITH_ACCOUNTING
422 c->acct = rad_malloc(sizeof(*c->acct));
423 memset(c->acct, 0, sizeof(*c->acct));
427 memset(&cl_ip4addr, 0, sizeof(cl_ip4addr));
428 memset(&cl_ip6addr, 0, sizeof(cl_ip6addr));
431 if (cf_section_parse(cs, c, client_config) < 0) {
433 cf_log_err(cf_sectiontoitem(cs),
434 "Error parsing client section.");
439 * Global clients can set servers to use,
440 * per-server clients cannot.
442 if (in_server && c->server) {
444 cf_log_err(cf_sectiontoitem(cs),
445 "Clients inside of an server section cannot point to a server.");
450 * No "ipaddr" or "ipv6addr", use old-style
451 * "client <ipaddr> {" syntax.
453 if (!cf_pair_find(cs, "ipaddr") &&
454 !cf_pair_find(cs, "ipv6addr")) {
457 prefix_ptr = strchr(name2, '/');
463 c->prefix = atoi(prefix_ptr + 1);
464 if ((c->prefix < 0) || (c->prefix > 128)) {
466 cf_log_err(cf_sectiontoitem(cs),
467 "Invalid Prefix value '%s' for IP.",
471 /* Replace '/' with '\0' */
476 * Always get the numeric representation of IP
478 if (ip_hton(name2, AF_UNSPEC, &c->ipaddr) < 0) {
480 cf_log_err(cf_sectiontoitem(cs),
481 "Failed to look up hostname %s: %s",
482 name2, librad_errstr);
486 if (prefix_ptr) *prefix_ptr = '/';
487 c->longname = strdup(name2);
489 if (!c->shortname) c->shortname = strdup(c->longname);
495 * Figure out which one to use.
497 if (cf_pair_find(cs, "ipaddr")) {
498 c->ipaddr.af = AF_INET;
499 c->ipaddr.ipaddr.ip4addr = cl_ip4addr;
501 if ((c->prefix < -1) || (c->prefix > 32)) {
503 cf_log_err(cf_sectiontoitem(cs),
504 "Netmask must be between 0 and 32");
508 } else if (cf_pair_find(cs, "ipv6addr")) {
509 c->ipaddr.af = AF_INET6;
510 c->ipaddr.ipaddr.ip6addr = cl_ip6addr;
512 if ((c->prefix < -1) || (c->prefix > 128)) {
514 cf_log_err(cf_sectiontoitem(cs),
515 "Netmask must be between 0 and 128");
519 cf_log_err(cf_sectiontoitem(cs),
520 "No IP address defined for the client");
525 ip_ntoh(&c->ipaddr, buffer, sizeof(buffer));
526 c->longname = strdup(buffer);
529 * Set the short name to the name2
531 if (!c->shortname) c->shortname = strdup(name2);
534 if (c->prefix < 0) switch (c->ipaddr.af) {
545 if (!c->secret || !*c->secret) {
547 const char *value = NULL;
548 CONF_PAIR *cp = cf_pair_find(cs, "dhcp");
550 if (cp) value = cf_pair_value(cp);
553 * Secrets aren't needed for DHCP.
555 if (value && (strcmp(value, "yes") == 0)) return c;
559 cf_log_err(cf_sectiontoitem(cs),
560 "secret must be at least 1 character long");
569 * Create the linked list of clients from the new configuration
570 * type. This way we don't have to change too much in the other
573 RADCLIENT_LIST *clients_parse_section(CONF_SECTION *section)
575 int global = FALSE, in_server = FALSE;
578 RADCLIENT_LIST *clients;
581 * Be forgiving. If there's already a clients, return
582 * it. Otherwise create a new one.
584 clients = cf_data_find(section, "clients");
585 if (clients) return clients;
587 clients = clients_init();
588 if (!clients) return NULL;
590 if (cf_top_section(section) == section) global = TRUE;
592 if (strcmp("server", cf_section_name1(section)) == 0) in_server = TRUE;
595 * Associate the clients structure with the section, where
596 * it will be freed once the section is freed.
598 if (cf_data_add(section, "clients", clients, (void *) clients_free) < 0) {
599 cf_log_err(cf_sectiontoitem(section),
600 "Failed to associate clients with section %s",
601 cf_section_name1(section));
602 clients_free(clients);
606 for (cs = cf_subsection_find_next(section, NULL, "client");
608 cs = cf_subsection_find_next(section, cs, "client")) {
609 c = client_parse(cs, in_server);
615 * FIXME: Add the client as data via cf_data_add,
616 * for migration issues.
619 if (!client_add(clients, c)) {
620 cf_log_err(cf_sectiontoitem(cs),
621 "Failed to add client %s",
622 cf_section_name2(cs));
629 * Replace the global list of clients with the new one.
630 * The old one is still referenced from the original
631 * configuration, and will be freed when that is freed.
634 root_clients = clients;