+++ /dev/null
-/*
- * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- */
-
-#include <signal.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <string.h>
-#include <unistd.h>
-#include <limits.h>
-#ifdef SYS_SOLARIS9
-#include <fcntl.h>
-#endif
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/select.h>
-#include <ctype.h>
-#include <sys/wait.h>
-#include <arpa/inet.h>
-#include <regex.h>
-#include <pthread.h>
-#include "list.h"
-#include "hostport.h"
-#include "radsecproxy.h"
-
-#ifdef RADPROT_UDP
-#include "debug.h"
-#include "util.h"
-
-static void setprotoopts(struct commonprotoopts *opts);
-static char **getlistenerargs();
-void *udpserverrd(void *arg);
-int clientradputudp(struct server *server, unsigned char *rad);
-void addclientudp(struct client *client);
-void addserverextraudp(struct clsrvconf *conf);
-void udpsetsrcres();
-void initextraudp();
-
-static const struct protodefs protodefs = {
- "udp",
- NULL, /* secretdefault */
- SOCK_DGRAM, /* socktype */
- "1812", /* portdefault */
- REQUEST_RETRY_COUNT, /* retrycountdefault */
- 10, /* retrycountmax */
- REQUEST_RETRY_INTERVAL, /* retryintervaldefault */
- 60, /* retryintervalmax */
- DUPLICATE_INTERVAL, /* duplicateintervaldefault */
- setprotoopts, /* setprotoopts */
- getlistenerargs, /* getlistenerargs */
- udpserverrd, /* listener */
- NULL, /* connecter */
- NULL, /* clientconnreader */
- clientradputudp, /* clientradput */
- addclientudp, /* addclient */
- addserverextraudp, /* addserverextra */
- udpsetsrcres, /* setsrcres */
- initextraudp /* initextra */
-};
-
-static int client4_sock = -1;
-static int client6_sock = -1;
-static struct gqueue *server_replyq = NULL;
-
-static struct addrinfo *srcres = NULL;
-static uint8_t handle;
-static struct commonprotoopts *protoopts = NULL;
-
-const struct protodefs *udpinit(uint8_t h) {
- handle = h;
- return &protodefs;
-}
-
-static void setprotoopts(struct commonprotoopts *opts) {
- protoopts = opts;
-}
-
-static char **getlistenerargs() {
- return protoopts ? protoopts->listenargs : NULL;
-}
-
-void udpsetsrcres() {
- if (!srcres)
- srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype);
-}
-
-void removeudpclientfromreplyq(struct client *c) {
- struct list_node *n;
- struct request *r;
-
- /* lock the common queue and remove replies for this client */
- pthread_mutex_lock(&c->replyq->mutex);
- for (n = list_first(c->replyq->entries); n; n = list_next(n)) {
- r = (struct request *)n->data;
- if (r->from == c)
- r->from = NULL;
- }
- pthread_mutex_unlock(&c->replyq->mutex);
-}
-
-static int addr_equal(struct sockaddr *a, struct sockaddr *b) {
- switch (a->sa_family) {
- case AF_INET:
- return !memcmp(&((struct sockaddr_in*)a)->sin_addr,
- &((struct sockaddr_in*)b)->sin_addr,
- sizeof(struct in_addr));
- case AF_INET6:
- return IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6*)a)->sin6_addr,
- &((struct sockaddr_in6*)b)->sin6_addr);
- default:
- /* Must not reach */
- return 0;
- }
-}
-
-uint16_t port_get(struct sockaddr *sa) {
- switch (sa->sa_family) {
- case AF_INET:
- return ntohs(((struct sockaddr_in *)sa)->sin_port);
- case AF_INET6:
- return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
- }
- return 0;
-}
-
-/* exactly one of client and server must be non-NULL */
-/* return who we received from in *client or *server */
-/* return from in sa if not NULL */
-unsigned char *radudpget(int s, struct client **client, struct server **server, uint16_t *port) {
- int cnt, len;
- unsigned char buf[4], *rad = NULL;
- struct sockaddr_storage from;
- struct sockaddr *fromcopy;
- socklen_t fromlen = sizeof(from);
- struct clsrvconf *p;
- struct list_node *node;
- fd_set readfds;
- struct client *c = NULL;
- struct timeval now;
-
- for (;;) {
- if (rad) {
- free(rad);
- rad = NULL;
- }
- FD_ZERO(&readfds);
- FD_SET(s, &readfds);
- if (select(s + 1, &readfds, NULL, NULL, NULL) < 1)
- continue;
- cnt = recvfrom(s, buf, 4, MSG_PEEK | MSG_TRUNC, (struct sockaddr *)&from, &fromlen);
- if (cnt == -1) {
- debug(DBG_WARN, "radudpget: recv failed");
- continue;
- }
-
- p = client
- ? find_clconf(handle, (struct sockaddr *)&from, NULL)
- : find_srvconf(handle, (struct sockaddr *)&from, NULL);
- if (!p) {
- debug(DBG_WARN, "radudpget: got packet from wrong or unknown UDP peer %s, ignoring", addr2string((struct sockaddr *)&from));
- recv(s, buf, 4, 0);
- continue;
- }
-
- len = RADLEN(buf);
- if (len < 20) {
- debug(DBG_WARN, "radudpget: length too small");
- recv(s, buf, 4, 0);
- continue;
- }
-
- rad = malloc(len);
- if (!rad) {
- debug(DBG_ERR, "radudpget: malloc failed");
- recv(s, buf, 4, 0);
- continue;
- }
-
- cnt = recv(s, rad, len, MSG_TRUNC);
- debug(DBG_DBG, "radudpget: got %d bytes from %s", cnt, addr2string((struct sockaddr *)&from));
-
- if (cnt < len) {
- debug(DBG_WARN, "radudpget: packet smaller than length field in radius header");
- continue;
- }
- if (cnt > len)
- debug(DBG_DBG, "radudpget: packet was padded with %d bytes", cnt - len);
-
- if (client) {
- *client = NULL;
- pthread_mutex_lock(p->lock);
- for (node = list_first(p->clients); node;) {
- c = (struct client *)node->data;
- node = list_next(node);
- if (s != c->sock)
- continue;
- gettimeofday(&now, NULL);
- if (!*client && addr_equal((struct sockaddr *)&from, c->addr)) {
- c->expiry = now.tv_sec + 60;
- *client = c;
- }
- if (c->expiry >= now.tv_sec)
- continue;
-
- debug(DBG_DBG, "radudpget: removing expired client (%s)", addr2string(c->addr));
- removeudpclientfromreplyq(c);
- c->replyq = NULL; /* stop removeclient() from removing common udp replyq */
- removelockedclient(c);
- break;
- }
- if (!*client) {
- fromcopy = addr_copy((struct sockaddr *)&from);
- if (!fromcopy) {
- pthread_mutex_unlock(p->lock);
- continue;
- }
- c = addclient(p, 0);
- if (!c) {
- free(fromcopy);
- pthread_mutex_unlock(p->lock);
- continue;
- }
- c->sock = s;
- c->addr = fromcopy;
- gettimeofday(&now, NULL);
- c->expiry = now.tv_sec + 60;
- *client = c;
- }
- pthread_mutex_unlock(p->lock);
- } else if (server)
- *server = p->servers;
- break;
- }
- if (port)
- *port = port_get((struct sockaddr *)&from);
- return rad;
-}
-
-int clientradputudp(struct server *server, unsigned char *rad) {
- size_t len;
- struct clsrvconf *conf = server->conf;
- struct addrinfo *ai;
-
- len = RADLEN(rad);
- ai = ((struct hostportres *)list_first(conf->hostports)->data)->addrinfo;
- if (sendto(server->sock, rad, len, 0, ai->ai_addr, ai->ai_addrlen) >= 0) {
- debug(DBG_DBG, "clienradputudp: sent UDP of length %d to %s port %d", len, addr2string(ai->ai_addr), port_get(ai->ai_addr));
- return 1;
- }
-
- debug(DBG_WARN, "clientradputudp: send failed");
- return 0;
-}
-
-void *udpclientrd(void *arg) {
- struct server *server;
- unsigned char *buf;
- int *s = (int *)arg;
-
- for (;;) {
- server = NULL;
- buf = radudpget(*s, NULL, &server, NULL);
- replyh(server, buf);
- }
-}
-
-void *udpserverrd(void *arg) {
- struct request *rq;
- int *sp = (int *)arg;
-
- for (;;) {
- rq = newrequest();
- if (!rq) {
- sleep(5); /* malloc failed */
- continue;
- }
- rq->buf = radudpget(*sp, &rq->from, NULL, &rq->udpport);
- rq->udpsock = *sp;
- radsrv(rq);
- }
- free(sp);
- return NULL;
-}
-
-void *udpserverwr(void *arg) {
- struct gqueue *replyq = (struct gqueue *)arg;
- struct request *reply;
- struct sockaddr_storage to;
-
- for (;;) {
- pthread_mutex_lock(&replyq->mutex);
- while (!(reply = (struct request *)list_shift(replyq->entries))) {
- debug(DBG_DBG, "udp server writer, waiting for signal");
- pthread_cond_wait(&replyq->cond, &replyq->mutex);
- debug(DBG_DBG, "udp server writer, got signal");
- }
- /* do this with lock, udpserverrd may set from = NULL if from expires */
- if (reply->from)
- memcpy(&to, reply->from->addr, SOCKADDRP_SIZE(reply->from->addr));
- pthread_mutex_unlock(&replyq->mutex);
- if (reply->from) {
- port_set((struct sockaddr *)&to, reply->udpport);
- if (sendto(reply->udpsock, reply->replybuf, RADLEN(reply->replybuf), 0, (struct sockaddr *)&to, SOCKADDR_SIZE(to)) < 0)
- debug(DBG_WARN, "udpserverwr: send failed");
- }
- debug(DBG_DBG, "udpserverwr: refcount %d", reply->refcount);
- freerq(reply);
- }
-}
-
-void addclientudp(struct client *client) {
- client->replyq = server_replyq;
-}
-
-void addserverextraudp(struct clsrvconf *conf) {
- switch (((struct hostportres *)list_first(conf->hostports)->data)->addrinfo->ai_family) {
- case AF_INET:
- if (client4_sock < 0) {
- client4_sock = bindtoaddr(srcres, AF_INET, 0, 1);
- if (client4_sock < 0)
- debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name);
- }
- conf->servers->sock = client4_sock;
- break;
- case AF_INET6:
- if (client6_sock < 0) {
- client6_sock = bindtoaddr(srcres, AF_INET6, 0, 1);
- if (client6_sock < 0)
- debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name);
- }
- conf->servers->sock = client6_sock;
- break;
- default:
- debugx(1, DBG_ERR, "addserver: unsupported address family");
- }
-}
-
-void initextraudp() {
- pthread_t cl4th, cl6th, srvth;
-
- if (srcres) {
- freeaddrinfo(srcres);
- srcres = NULL;
- }
-
- if (client4_sock >= 0)
- if (pthread_create(&cl4th, NULL, udpclientrd, (void *)&client4_sock))
- debugx(1, DBG_ERR, "pthread_create failed");
- if (client6_sock >= 0)
- if (pthread_create(&cl6th, NULL, udpclientrd, (void *)&client6_sock))
- debugx(1, DBG_ERR, "pthread_create failed");
-
- if (find_clconf_type(handle, NULL)) {
- server_replyq = newqueue();
- if (pthread_create(&srvth, NULL, udpserverwr, (void *)server_replyq))
- debugx(1, DBG_ERR, "pthread_create failed");
- }
-}
-#else
-const struct protodefs *udpinit(uint8_t h) {
- return NULL;
-}
-#endif
-
-/* Local Variables: */
-/* c-file-style: "stroustrup" */
-/* End: */
projects / libradsec.git / blobdiff