}
-static int socket_print(rad_listen_t *this, char *buffer, size_t bufsize)
+static int socket_print(const rad_listen_t *this, char *buffer, size_t bufsize)
{
size_t len;
listen_socket_t *sock = this->data;
return 1;
}
+extern int check_config; /* radiusd.c */
+
/*
* Parse an authentication or accounting socket.
sock->ipaddr = ipaddr;
sock->port = listen_port;
+ if (check_config) {
+ if (home_server_find(&sock->ipaddr, sock->port)) {
+ char buffer[128];
+
+ DEBUG("ERROR: We have been asked to listen on %s port %d, which is also listed as a home server. This can create a proxy loop.",
+ ip_ntoh(&sock->ipaddr, buffer, sizeof(buffer)),
+ sock->port);
+ return -1;
+ }
+
+ return 0; /* don't do anything */
+ }
+
/*
* If we can bind to interfaces, do so,
* else don't.
#ifdef WITH_COMMAND_SOCKET
/* TCP command socket */
- { command_socket_parse, NULL,
+ { command_socket_parse, command_socket_free,
command_domain_accept, command_domain_send,
command_socket_print, command_socket_encode, command_socket_decode },
#endif
#endif
default:
- radlog(L_ERR, "ERROR: Non-fatal internal sanity check failed in bind.");
+ DEBUG("WARNING: Internal sanity check failed in binding to socket. Ignoring problem.");
return -1;
}
}
/*
* Not proxy, ignore it.
*/
- if (tmp->type != RAD_LISTEN_PROXY) continue;
+ if (tmp->type != RAD_LISTEN_PROXY) goto next;
sock = tmp->data;
if ((ipaddr->af != AF_UNSPEC) &&
(fr_ipaddr_cmp(&sock->ipaddr, ipaddr) != 0)) {
if (exists) return tmp;
- continue;
+ goto next;
}
if (!old) old = sock;
+ next:
last = &(tmp->next);
}
* Otherwise, don't do anything.
*/
do_proxy:
+ /*
+ * No sockets to receive packets, this is an error.
+ * proxying is pointless.
+ */
+ if (!*head) {
+ radlog(L_ERR, "The server is not configured to listen on any ports. Cannot start.");
+ return -1;
+ }
+
#ifdef WITH_PROXY
if (mainconfig.proxy_requests == TRUE) {
int port = -1;
listen_socket_t *sock = NULL;
- /*
- * No sockets to receive packets, therefore
- * proxying is pointless.
- */
- if (!*head) return -1;
-
if (defined_proxy) goto check_home_servers;
/*
for (this = *head; this != NULL; this = this->next) {
if (this->type == RAD_LISTEN_AUTH) {
sock = this->data;
+
+ /*
+ * We shouldn't proxy on loopback.
+ */
+ if ((sock->ipaddr.af == AF_INET) &&
+ (sock->ipaddr.ipaddr.ip4addr.s_addr == htonl(INADDR_LOOPBACK))) continue;
+
+
+#ifdef HAVE_STRUCT_SOCKADDR_IN6
+ if ((sock->ipaddr.af == AF_INET6) &&
+ (IN6_IS_ADDR_LINKLOCAL(&sock->ipaddr.ipaddr.ip6addr))) continue;
+#endif
+
if (server_ipaddr.af == AF_UNSPEC) {
server_ipaddr = sock->ipaddr;
}
* on their src_ipaddr.
*/
check_home_servers:
- if (home_server_create_listeners(*head) != 0) return -1;
+ if (home_server_create_listeners() != 0) return -1;
}
#endif