Signed / unsigned fixes and function prototypes

[freeradius.git] / src / main / listen.c

diff --git a/src/main/listen.c b/src/main/listen.c
index 2ff447c..57c9607 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -84,7 +84,7 @@ static rad_listen_t *listen_alloc(RAD_LISTEN_TYPE type);
 /*
  *     Find a per-socket client.
  */
-RADCLIENT *client_listener_find(const rad_listen_t *listener,
+RADCLIENT *client_listener_find(rad_listen_t *listener,
                                const fr_ipaddr_t *ipaddr, int src_port)
 {
 #ifdef WITH_DYNAMIC_CLIENTS
@@ -620,7 +620,7 @@ static int auth_tcp_accept(rad_listen_t *listener,
 /*
  *     This function is stupid and complicated.
  */
-static int socket_print(rad_listen_t *this, char *buffer, size_t bufsize)
+static int socket_print(const rad_listen_t *this, char *buffer, size_t bufsize)
 {
        size_t len;
        listen_socket_t *sock = this->data;
@@ -725,6 +725,7 @@ static int socket_print(rad_listen_t *this, char *buffer, size_t bufsize)
                return 1;
        }
 
+#ifdef WITH_PROXY
        /*
         *      Maybe it's a socket that we opened to a home server.
         */
@@ -755,7 +756,8 @@ static int socket_print(rad_listen_t *this, char *buffer, size_t bufsize)
 
                return 1;
        }
-#endif
+#endif /* WITH_PROXY */
+#endif /* WITH_TCP */
 
        ADDSTRING(" address ");
        
@@ -782,6 +784,8 @@ static int socket_print(rad_listen_t *this, char *buffer, size_t bufsize)
        return 1;
 }
 
+extern int check_config;       /* radiusd.c */
+
 
 /*
  *     Parse an authentication or accounting socket.
@@ -866,18 +870,35 @@ static int common_socket_parse(CONF_SECTION *cs, rad_listen_t *this)
                 *      TCP requires a destination IP for sockets.
                 *      UDP doesn't, so it's allowed.
                 */
+#ifdef WITH_PROXY
                if ((this->type == RAD_LISTEN_PROXY) &&
                    (sock->proto != IPPROTO_UDP)) {
                        cf_log_err(cf_sectiontoitem(cs),
                                   "Proxy listeners can only listen on proto = udp");
                        return -1;
                }
-#endif
+#endif /* WITH_PROXY */
+#endif /* WITH_TCP */
        }
 
        sock->my_ipaddr = ipaddr;
        sock->my_port = listen_port;
 
+#ifdef WITH_PROXY
+       if (check_config) {
+               if (home_server_find(&sock->my_ipaddr, sock->my_port, sock->proto)) {
+                               char buffer[128];
+                               
+                               DEBUG("ERROR: We have been asked to listen on %s port %d, which is also listed as a home server.  This can create a proxy loop.",
+                                     ip_ntoh(&sock->my_ipaddr, buffer, sizeof(buffer)),
+                                     sock->my_port);
+                               return -1;
+               }
+
+               return 0;       /* don't do anything */
+       }
+#endif
+
        /*
         *      If we can bind to interfaces, do so,
         *      else don't.
@@ -1914,7 +1935,7 @@ static int listen_bind(rad_listen_t *this)
 #endif
 
                default:
-                       radlog(L_ERR, "ERROR: Non-fatal internal sanity check failed in bind.");
+                       DEBUG("WARNING: Internal sanity check failed in binding to socket.  Ignoring problem.");
                        return -1;
                }
        }
@@ -2426,6 +2447,28 @@ static rad_listen_t *listen_parse(CONF_SECTION *cs, const char *server)
        return this;
 }
 
+#ifdef WITH_PROXY
+static int is_loopback(const fr_ipaddr_t *ipaddr)
+{
+       /*
+        *      We shouldn't proxy on loopback.
+        */
+       if ((ipaddr->af == AF_INET) &&
+           (ipaddr->ipaddr.ip4addr.s_addr == htonl(INADDR_LOOPBACK))) {
+               return 1;
+       }
+       
+#ifdef HAVE_STRUCT_SOCKADDR_IN6
+       if ((ipaddr->af == AF_INET6) &&
+           (IN6_IS_ADDR_LINKLOCAL(&ipaddr->ipaddr.ip6addr))) {
+               return 1;
+       }
+#endif
+
+       return 0;
+}
+#endif
+
 /*
  *     Generate a list of listeners.  Takes an input list of
  *     listeners, too, so we don't close sockets with waiting packets.
@@ -2652,6 +2695,15 @@ int listen_init(CONF_SECTION *config, rad_listen_t **head)
 
 add_sockets:
        /*
+        *      No sockets to receive packets, this is an error.
+        *      proxying is pointless.
+        */
+       if (!*head) {
+               radlog(L_ERR, "The server is not configured to listen on any ports.  Cannot start.");
+               return -1;
+       }
+
+       /*
         *      Print out which sockets we're listening on, and
         *      add them to the event list.
         */
@@ -2691,6 +2743,9 @@ add_sockets:
                for (this = *head; this != NULL; this = this->next) {
                        if (this->type == RAD_LISTEN_AUTH) {
                                sock = this->data;
+
+                               if (is_loopback(&sock->my_ipaddr)) continue;
+
                                if (home.src_ipaddr.af == AF_UNSPEC) {
                                        home.src_ipaddr = sock->my_ipaddr;
                                }
@@ -2700,6 +2755,9 @@ add_sockets:
 #ifdef WITH_ACCT
                        if (this->type == RAD_LISTEN_ACCT) {
                                sock = this->data;
+
+                               if (is_loopback(&sock->my_ipaddr)) continue;
+
                                if (home.src_ipaddr.af == AF_UNSPEC) {
                                        home.src_ipaddr = sock->my_ipaddr;
                                }
@@ -2759,12 +2817,12 @@ void listen_free(rad_listen_t **head)
                }
 
 #ifdef WITH_TCP
-               if ((this->type == RAD_LISTEN_AUTH) ||
+               if ((this->type == RAD_LISTEN_AUTH)
 #ifdef WITH_ACCT
-                   (this->type == RAD_LISTEN_ACCT) ||
+                   || (this->type == RAD_LISTEN_ACCT)
 #endif
 #ifdef WITH_PROXY
-                   (this->type == RAD_LISTEN_PROXY)
+                   || (this->type == RAD_LISTEN_PROXY)
 #endif
                        ) {
                        listen_socket_t *sock = this->data;
@@ -2790,8 +2848,11 @@ RADCLIENT_LIST *listener_find_client_list(const fr_ipaddr_t *ipaddr,
        for (this = mainconfig.listen; this != NULL; this = this->next) {
                listen_socket_t *sock;
 
-               if ((this->type != RAD_LISTEN_AUTH) &&
-                   (this->type != RAD_LISTEN_ACCT)) continue;
+               if ((this->type != RAD_LISTEN_AUTH)
+#ifdef WITH_ACCOUNTING
+                   && (this->type != RAD_LISTEN_ACCT)
+#endif
+                   ) continue;
                
                sock = this->data;
 
@@ -2816,8 +2877,11 @@ rad_listen_t *listener_find_byipaddr(const fr_ipaddr_t *ipaddr, int port)
                 *      FIXME: For TCP, ignore the *secondary*
                 *      listeners associated with the main socket.
                 */
-               if ((this->type != RAD_LISTEN_AUTH) &&
-                   (this->type != RAD_LISTEN_ACCT)) continue;
+               if ((this->type != RAD_LISTEN_AUTH)
+#ifdef WITH_ACCOUNTING
+                   && (this->type != RAD_LISTEN_ACCT)
+#endif
+                   ) continue;
                
                sock = this->data;
 
@@ -2827,18 +2891,9 @@ rad_listen_t *listener_find_byipaddr(const fr_ipaddr_t *ipaddr, int port)
                }
 
                if ((sock->my_port == port) &&
-                   ((sock->my_ipaddr.af == AF_INET) &&
-                    (sock->my_ipaddr.ipaddr.ip4addr.s_addr == INADDR_ANY))) {
+                   fr_inaddr_any(&sock->my_ipaddr)) {
                        return this;
                }
-
-#ifdef HAVE_STRUCT_SOCKADDR_IN6
-               if ((sock->my_port == port) &&
-                   (sock->my_ipaddr.af == AF_INET6) &&
-                   (IN6_IS_ADDR_UNSPECIFIED(&sock->my_ipaddr.ipaddr.ip6addr))) {
-                       return this;
-               }
-#endif
        }
 
        return NULL;