From c192f20d5cf41ac63a7408179b242640eb0158f0 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Thu, 29 Jul 2010 17:24:42 +0200 Subject: [PATCH] Check sockets against home servers for proxy loops This only works when using -C. It only prints messages with -XC --- src/main/command.c | 2 ++ src/main/detail.c | 3 +++ src/main/dhcpd.c | 2 ++ src/main/event.c | 4 ++++ src/main/listen.c | 15 +++++++++++++++ 5 files changed, 26 insertions(+) diff --git a/src/main/command.c b/src/main/command.c index 650f5cd..7db7b06 100644 --- a/src/main/command.c +++ b/src/main/command.c @@ -1852,6 +1852,8 @@ static int command_socket_parse(CONF_SECTION *cs, rad_listen_t *this) { fr_command_socket_t *sock; + if (check_config) return 0; + sock = this->data; if (cf_section_parse(cs, sock, command_config) < 0) { diff --git a/src/main/detail.c b/src/main/detail.c index 0838f37..094e17b 100644 --- a/src/main/detail.c +++ b/src/main/detail.c @@ -813,6 +813,7 @@ static const CONF_PARSER detail_config[] = { { NULL, -1, 0, NULL, NULL } /* end the list */ }; +extern int check_config; /* * Parse a detail section. @@ -824,6 +825,8 @@ int detail_parse(CONF_SECTION *cs, rad_listen_t *this) RADCLIENT *client; char buffer[2048]; + if (check_config) return 0; + if (!this->data) { this->data = rad_malloc(sizeof(*data)); memset(this->data, 0, sizeof(*data)); diff --git a/src/main/dhcpd.c b/src/main/dhcpd.c index c27259f..17064a1 100644 --- a/src/main/dhcpd.c +++ b/src/main/dhcpd.c @@ -178,6 +178,8 @@ static int dhcp_socket_parse(CONF_SECTION *cs, rad_listen_t *this) rcode = common_socket_parse(cs, this); if (rcode != 0) return rcode; + if (check_config) return 0; + sock = this->data; /* diff --git a/src/main/event.c b/src/main/event.c index 655d65f..be055ba 100644 --- a/src/main/event.c +++ b/src/main/event.c @@ -4054,6 +4054,10 @@ int radius_event_init(CONF_SECTION *cs, int spawn_flag) if (check_config) { DEBUG("%s: #### Skipping IP addresses and Ports ####", mainconfig.name); + if (listen_init(cs, &head) < 0) { + fflush(NULL); + exit(1); + } return 1; } diff --git a/src/main/listen.c b/src/main/listen.c index 2ff447c..4928b74 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -782,6 +782,8 @@ static int socket_print(rad_listen_t *this, char *buffer, size_t bufsize) return 1; } +extern int check_config; /* radiusd.c */ + /* * Parse an authentication or accounting socket. @@ -878,6 +880,19 @@ static int common_socket_parse(CONF_SECTION *cs, rad_listen_t *this) sock->my_ipaddr = ipaddr; sock->my_port = listen_port; + if (check_config) { + if (home_server_find(&sock->ipaddr, sock->port)) { + char buffer[128]; + + DEBUG("ERROR: We have been asked to listen on %s port %d, which is also listed as a home server. This can create a proxy loop.", + ip_ntoh(&sock->ipaddr, buffer, sizeof(buffer)), + sock->port); + return -1; + } + + return 0; /* don't do anything */ + } + /* * If we can bind to interfaces, do so, * else don't. -- 2.1.4