diff options
| -rw-r--r-- | debug.c | 4 | ||||
| -rw-r--r-- | dtls.c | 48 | ||||
| -rw-r--r-- | gconfig.c | 40 | ||||
| -rw-r--r-- | hash.c | 10 | ||||
| -rw-r--r-- | hostport.c | 34 | ||||
| -rw-r--r-- | list.c | 10 | ||||
| -rw-r--r-- | list.h | 2 | ||||
| -rw-r--r-- | radmsg.c | 26 | ||||
| -rw-r--r-- | radsecproxy.c | 450 | ||||
| -rw-r--r-- | tcp.c | 24 | ||||
| -rw-r--r-- | tls.c | 32 | ||||
| -rw-r--r-- | tlscommon.c | 68 | ||||
| -rw-r--r-- | udp.c | 24 | ||||
| -rw-r--r-- | util.c | 22 | ||||
| -rw-r--r-- | util.h | 12 |
15 files changed, 403 insertions, 403 deletions
@@ -68,7 +68,7 @@ int debug_set_destination(char *dest) { LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7 }; extern int errno; int i; - + if (!strncasecmp(dest, "file:///", 8)) { debug_filepath = stringcopy(dest + 7, 0); debug_file = fopen(debug_filepath, "a"); @@ -127,7 +127,7 @@ void debug_logit(uint8_t level, const char *format, va_list ap) { struct timeval now; char *timebuf; int priority; - + if (debug_syslogfacility) { switch (level) { case DBG_DBG: @@ -95,7 +95,7 @@ struct sessioncacheentry { struct dtlsservernewparams { struct sessioncacheentry *sesscache; int sock; - struct sockaddr_storage addr; + struct sockaddr_storage addr; }; void dtlssetsrcres() { @@ -109,7 +109,7 @@ int udp2bio(int s, struct gqueue *q, int cnt) { if (cnt < 1) return 0; - + buf = malloc(cnt); if (!buf) { unsigned char err; @@ -162,7 +162,7 @@ BIO *getrbio(SSL *ssl, struct gqueue *q, int timeout) { int dtlsread(SSL *ssl, struct gqueue *q, unsigned char *buf, int num, int timeout) { int len, cnt; BIO *rbio; - + for (len = 0; len < num; len += cnt) { cnt = SSL_read(ssl, buf + len, num - len); if (cnt <= 0) @@ -171,7 +171,7 @@ int dtlsread(SSL *ssl, struct gqueue *q, unsigned char *buf, int num, int timeou rbio = getrbio(ssl, q, timeout); if (!rbio) return 0; - BIO_free(ssl->rbio); + BIO_free(ssl->rbio); ssl->rbio = rbio; cnt = 0; continue; @@ -199,7 +199,7 @@ SSL *dtlsacccon(uint8_t acc, SSL_CTX *ctx, int s, struct sockaddr *addr, struct ssl = SSL_new(ctx); if (!ssl) return NULL; - + mem0bio = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(mem0bio, -1); wbio = BIO_new_dgram(s, BIO_NOCLOSE); @@ -244,21 +244,21 @@ unsigned char *raddtlsget(SSL *ssl, struct gqueue *rbios, int timeout) { continue; } memcpy(rad, buf, 4); - + cnt = dtlsread(ssl, rbios, rad + 4, len - 4, timeout); if (cnt < 1) { debug(DBG_DBG, cnt ? "raddtlsget: connection lost" : "raddtlsget: timeout"); free(rad); return NULL; } - + if (len >= 20) break; - + free(rad); debug(DBG_WARN, "raddtlsget: packet smaller than minimum radius size"); } - + debug(DBG_DBG, "raddtlsget: got %d bytes", len); return rad; } @@ -269,13 +269,13 @@ void *dtlsserverwr(void *arg) { struct client *client = (struct client *)arg; struct gqueue *replyq; struct request *reply; - + debug(DBG_DBG, "dtlsserverwr: starting for %s", addr2string(client->addr)); replyq = client->replyq; for (;;) { pthread_mutex_lock(&replyq->mutex); while (!list_first(replyq->entries)) { - if (client->ssl) { + if (client->ssl) { debug(DBG_DBG, "dtlsserverwr: waiting for signal"); pthread_cond_wait(&replyq->cond, &replyq->mutex); debug(DBG_DBG, "dtlsserverwr: got signal"); @@ -305,7 +305,7 @@ void dtlsserverrd(struct client *client) { struct request *rq; uint8_t *buf; pthread_t dtlsserverwrth; - + debug(DBG_DBG, "dtlsserverrd: starting for %s", addr2string(client->addr)); if (pthread_create(&dtlsserverwrth, NULL, dtlsserverwr, (void *)client)) { @@ -332,7 +332,7 @@ void dtlsserverrd(struct client *client) { break; } } - + /* stop writer by setting ssl to NULL and give signal in case waiting for data */ client->ssl = NULL; @@ -392,7 +392,7 @@ void *dtlsservernew(void *arg) { if (cert) X509_free(cert); - exit: +exit: if (ssl) { SSL_shutdown(ssl); SSL_free(ssl); @@ -413,7 +413,7 @@ void cacheexpire(struct hash *cache, struct timeval *last) { struct timeval now; struct hash_entry *he; struct sessioncacheentry *e; - + gettimeofday(&now, NULL); if (now.tv_sec - last->tv_sec < 19) return; @@ -448,12 +448,12 @@ void *udpdtlsserverrd(void *arg) { pthread_t dtlsserverth; struct hash *sessioncache; struct sessioncacheentry *cacheentry; - + sessioncache = hash_create(); if (!sessioncache) debugx(1, DBG_ERR, "udpdtlsserverrd: malloc failed"); gettimeofday(&lastexpiry, NULL); - + for (;;) { FD_ZERO(&readfds); FD_SET(s, &readfds); @@ -532,7 +532,7 @@ int dtlsconnect(struct server *server, struct timeval *when, int timeout, char * X509 *cert; SSL_CTX *ctx = NULL; struct hostportres *hp; - + debug(DBG_DBG, "dtlsconnect: called from %s", text); pthread_mutex_lock(&server->lock); if (when && memcmp(&server->lastconnecttry, when, sizeof(struct timeval))) { @@ -579,11 +579,11 @@ int dtlsconnect(struct server *server, struct timeval *when, int timeout, char * if (!server->ssl) continue; debug(DBG_DBG, "dtlsconnect: DTLS: ok"); - + cert = verifytlscert(server->ssl); if (!cert) continue; - + if (verifyconfcert(cert, server->conf)) break; X509_free(cert); @@ -622,7 +622,7 @@ void *udpdtlsclientrd(void *arg) { socklen_t fromlen = sizeof(from); struct clsrvconf *conf; fd_set readfds; - + for (;;) { FD_ZERO(&readfds); FD_SET(s, &readfds); @@ -633,7 +633,7 @@ void *udpdtlsclientrd(void *arg) { debug(DBG_WARN, "udpdtlsclientrd: recv failed"); continue; } - + conf = find_srvconf(handle, (struct sockaddr *)&from, NULL); if (!conf) { debug(DBG_WARN, "udpdtlsclientrd: got packet from wrong or unknown DTLS peer %s, ignoring", addr2string((struct sockaddr *)&from)); @@ -650,7 +650,7 @@ void *dtlsclientrd(void *arg) { unsigned char *buf; struct timeval lastconnecttry; int secs; - + for (;;) { /* yes, lastconnecttry is really necessary */ lastconnecttry = server->lastconnecttry; @@ -696,7 +696,7 @@ void initextradtls() { freeaddrinfo(srcres); srcres = NULL; } - + if (client4_sock >= 0) if (pthread_create(&cl4th, NULL, udpdtlsclientrd, (void *)&client4_sock)) debugx(1, DBG_ERR, "pthread_create failed"); @@ -87,7 +87,7 @@ FILE *pushgconffile(struct gconffile **cf, FILE *file, const char *description) desc = stringcopy(description, 0); if (!desc) goto errmalloc; - + if (!*cf) { newcf = malloc(sizeof(struct gconffile) * 2); if (!newcf) @@ -105,8 +105,8 @@ FILE *pushgconffile(struct gconffile **cf, FILE *file, const char *description) newcf[0].path = desc; *cf = newcf; return file; - - errmalloc: + +errmalloc: free(desc); fclose(file); debug(DBG_ERR, "malloc failed"); @@ -125,7 +125,7 @@ FILE *pushgconfpaths(struct gconffile **cf, const char *cfgpath) { FILE *f = NULL; glob_t globbuf; char *path, *curfile = NULL, *dir; - + /* if cfgpath is relative, make it relative to current config */ if (*cfgpath == '/') path = (char *)cfgpath; @@ -156,10 +156,10 @@ FILE *pushgconfpaths(struct gconffile **cf, const char *cfgpath) { f = pushgconfpath(cf, globbuf.gl_pathv[i]); if (!f) break; - } + } globfree(&globbuf); - exit: +exit: if (curfile) { free(curfile); free(path); @@ -204,7 +204,7 @@ void freegconf(struct gconffile **cf) { if (!*cf) return; - + for (i = 0; (*cf)[i].data || (*cf)[i].path; i++) { if ((*cf)[i].file) { fclose((*cf)[i].file); @@ -242,10 +242,10 @@ struct gconffile *openconfigfile(const char *file) { int getlinefromcf(struct gconffile *cf, char *line, const size_t size) { size_t i, pos; - + if (!cf) return 0; - + if (cf->file) return fgets(line, size, cf->file) ? 1 : 0; else if (cf->data) { @@ -269,11 +269,11 @@ int getconfigline(struct gconffile **cf, char *block, char **opt, char **val, in char line[1024]; char *tokens[3], *s; int tcount; - + *opt = NULL; *val = NULL; *conftype = 0; - + if (!cf || !*cf || (!(*cf)->file && !(*cf)->data)) return 1; @@ -304,7 +304,7 @@ int getconfigline(struct gconffile **cf, char *block, char **opt, char **val, in } break; } - + switch (tcount) { case 2: *opt = stringcopy(tokens[0], 0); @@ -347,13 +347,13 @@ int getconfigline(struct gconffile **cf, char *block, char **opt, char **val, in if (**val) return 1; - + debug(DBG_ERR, "configuration error, option %s needs a non-empty value", *opt); goto errexit; - errmalloc: +errmalloc: debug(DBG_ERR, "malloc failed"); - errexit: +errexit: free(*opt); *opt = NULL; free(*val); @@ -411,7 +411,7 @@ int getgenericconfig(struct gconffile **cf, char *block, ...) { free(val); continue; } - + va_start(ap, block); while ((word = va_arg(ap, char *))) { type = va_arg(ap, int); @@ -449,7 +449,7 @@ int getgenericconfig(struct gconffile **cf, char *block, ...) { break; } va_end(ap); - + if (!word) { if (block) debug(DBG_ERR, "configuration error in block %s, unknown option %s", block, opt); @@ -532,15 +532,15 @@ int getgenericconfig(struct gconffile **cf, char *block, ...) { } if (block) debug(DBG_DBG, "getgenericconfig: block %s: %s = %s", block, opt, val); - else + else debug(DBG_DBG, "getgenericconfig: %s = %s", opt, val); if (type == CONF_BLN || type == CONF_LINT) free(val); } - errparam: +errparam: debug(DBG_ERR, "getgenericconfig: internal parameter error"); - errexit: +errexit: free(opt); free(val); return 0; @@ -29,7 +29,7 @@ struct hash *hash_create() { /* frees all memory associated with the hash */ void hash_destroy(struct hash *h) { struct list_node *ln; - + if (!h) return; for (ln = list_first(h->hashlist); ln; ln = list_next(ln)) { @@ -73,15 +73,15 @@ int hash_insert(struct hash *h, void *key, uint32_t keylen, void *data) { void *hash_read(struct hash *h, void *key, uint32_t keylen) { struct list_node *ln; struct hash_entry *e; - + if (!h) return 0; pthread_mutex_lock(&h->mutex); for (ln = list_first(h->hashlist); ln; ln = list_next(ln)) { e = (struct hash_entry *)ln->data; if (e->keylen == keylen && !memcmp(e->key, key, keylen)) { - pthread_mutex_unlock(&h->mutex); - return e->data; + pthread_mutex_unlock(&h->mutex); + return e->data; } } pthread_mutex_unlock(&h->mutex); @@ -92,7 +92,7 @@ void *hash_read(struct hash *h, void *key, uint32_t keylen) { void *hash_extract(struct hash *h, void *key, uint32_t keylen) { struct list_node *ln; struct hash_entry *e; - + if (!h) return 0; pthread_mutex_lock(&h->mutex); @@ -68,24 +68,24 @@ static int parsehostport(struct hostportres *hp, char *hostport, char *default_p } } if (*p == ':') { - /* port number or service name is specified */; - field = ++p; - for (; *p && *p != ' ' && *p != '\t' && *p != '\n'; p++); - if (field == p) { - debug(DBG_ERR, "syntax error, : but no following port"); - return 0; - } - hp->port = stringcopy(field, p - field); + /* port number or service name is specified */; + field = ++p; + for (; *p && *p != ' ' && *p != '\t' && *p != '\n'; p++); + if (field == p) { + debug(DBG_ERR, "syntax error, : but no following port"); + return 0; + } + hp->port = stringcopy(field, p - field); } else hp->port = default_port ? stringcopy(default_port, 0) : NULL; return 1; } - + struct hostportres *newhostport(char *hostport, char *default_port, uint8_t prefixok) { struct hostportres *hp; char *slash, *s; int plen; - + hp = malloc(sizeof(struct hostportres)); if (!hp) { debug(DBG_ERR, "resolve_newhostport: malloc failed"); @@ -127,7 +127,7 @@ struct hostportres *newhostport(char *hostport, char *default_port, uint8_t pref hp->prefixlen = 255; return hp; - errexit: +errexit: freehostport(hp); return NULL; } @@ -140,7 +140,7 @@ int resolvehostport(struct hostportres *hp, int socktype, uint8_t passive) { hints.ai_family = AF_UNSPEC; if (passive) hints.ai_flags = AI_PASSIVE; - + if (!hp->host && !hp->port) { /* getaddrinfo() doesn't like host and port to be NULL */ if (getaddrinfo(hp->host, "1812" /* can be anything */, &hints, &hp->addrinfo)) { @@ -174,11 +174,11 @@ int resolvehostport(struct hostportres *hp, int socktype, uint8_t passive) { } return 1; - errexit: +errexit: if (hp->addrinfo) freeaddrinfo(hp->addrinfo); return 0; -} +} int addhostport(struct list **hostports, char **hostport, char *portdefault, uint8_t prefixok) { struct hostportres *hp; @@ -191,7 +191,7 @@ int addhostport(struct list **hostports, char **hostport, char *portdefault, uin return 0; } } - + for (i = 0; hostport[i]; i++) { hp = newhostport(hostport[i], portdefault, prefixok); if (!hp) @@ -216,7 +216,7 @@ void freehostports(struct list *hostports) { int resolvehostports(struct list *hostports, int socktype) { struct list_node *entry; struct hostportres *hp; - + for (entry = list_first(hostports); entry; entry = list_next(entry)) { hp = (struct hostportres *)entry->data; if (!hp->addrinfo && !resolvehostport(hp, socktype, 0)) @@ -254,7 +254,7 @@ int addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t checkp struct addrinfo *res; struct list_node *entry; struct hostportres *hp = NULL; - + if (addr->sa_family == AF_INET6) { sa6 = (struct sockaddr_in6 *)addr; if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { @@ -24,7 +24,7 @@ void list_destroy(struct list *list) { if (!list) return; - + for (node = list->first; node; node = next) { free(node->data); next = node->next; @@ -40,7 +40,7 @@ int list_push(struct list *list, void *data) { node = malloc(sizeof(struct list_node)); if (!node) return 0; - + node->next = NULL; node->data = data; @@ -58,10 +58,10 @@ int list_push(struct list *list, void *data) { void *list_shift(struct list *list) { struct list_node *node; void *data; - + if (!list || !list->first) return NULL; - + node = list->first; list->first = node->next; if (!list->first) @@ -75,7 +75,7 @@ void *list_shift(struct list *list) { /* removes all entries with matching data pointer */ void list_removedata(struct list *list, void *data) { struct list_node *node, *t; - + if (!list || !list->first) return; @@ -36,7 +36,7 @@ void *list_shift(struct list *list); /* removes first entry with matching data pointer */ void list_removedata(struct list *list, void *data); - + /* returns first node */ struct list_node *list_first(struct list *list); @@ -33,7 +33,7 @@ void radmsg_free(struct radmsg *msg) { struct radmsg *radmsg_init(uint8_t code, uint8_t id, uint8_t *auth) { struct radmsg *msg; - + msg = malloc(sizeof(struct radmsg)); if (!msg) return NULL; @@ -42,7 +42,7 @@ struct radmsg *radmsg_init(uint8_t code, uint8_t id, uint8_t *auth) { if (!msg->attrs) { free(msg); return NULL; - } + } msg->code = code; msg->id = id; if (auth) @@ -50,7 +50,7 @@ struct radmsg *radmsg_init(uint8_t code, uint8_t id, uint8_t *auth) { else if (!RAND_bytes(msg->auth, 16)) { free(msg); return NULL; - } + } return msg; } @@ -83,7 +83,7 @@ int _checkmsgauth(unsigned char *rad, uint8_t *authattr, uint8_t *secret) { static HMAC_CTX hmacctx; unsigned int md_len; uint8_t auth[16], hash[EVP_MAX_MD_SIZE]; - + pthread_mutex_lock(&lock); if (first) { HMAC_CTX_init(&hmacctx); @@ -107,8 +107,8 @@ int _checkmsgauth(unsigned char *rad, uint8_t *authattr, uint8_t *secret) { debug(DBG_WARN, "message authenticator, wrong value"); pthread_mutex_unlock(&lock); return 0; - } - + } + pthread_mutex_unlock(&lock); return 1; } @@ -120,7 +120,7 @@ int _validauth(unsigned char *rad, unsigned char *reqauth, unsigned char *sec) { unsigned char hash[EVP_MAX_MD_SIZE]; unsigned int len; int result; - + pthread_mutex_lock(&lock); if (first) { EVP_MD_CTX_init(&mdctx); @@ -128,7 +128,7 @@ int _validauth(unsigned char *rad, unsigned char *reqauth, unsigned char *sec) { } len = RADLEN(rad); - + result = (EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) && EVP_DigestUpdate(&mdctx, rad, 4) && EVP_DigestUpdate(&mdctx, reqauth, 16) && @@ -149,7 +149,7 @@ int _createmessageauth(unsigned char *rad, unsigned char *authattrval, uint8_t * if (!authattrval) return 1; - + pthread_mutex_lock(&lock); if (first) { HMAC_CTX_init(&hmacctx); @@ -208,7 +208,7 @@ uint8_t *radmsg2buf(struct radmsg *msg, uint8_t *secret) { buf = malloc(size); if (!buf) return NULL; - + p = buf; *p++ = msg->code; *p++ = msg->id; @@ -246,7 +246,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) { uint8_t t, l, *v = NULL, *p, auth[16]; uint16_t len; struct tlv *attr; - + len = RADLEN(buf); if (len < 20) return NULL; @@ -263,7 +263,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) { debug(DBG_WARN, "buf2radmsg: Invalid auth, ignoring reply"); return NULL; } - + msg = radmsg_init(buf[0], buf[1], (uint8_t *)buf + 4); if (!msg) return NULL; @@ -287,7 +287,7 @@ struct radmsg *buf2radmsg(uint8_t *buf, uint8_t *secret, uint8_t *rqauth) { v = p; p += l; } - + if (t == RAD_Attr_Message_Authenticator && secret) { if (rqauth) memcpy(buf + 4, rqauth, 16); diff --git a/radsecproxy.c b/radsecproxy.c index 9ed4d70..350fcb2 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -35,7 +35,7 @@ * This is only for connected peers * Example: With 3 UDP peers and 30 TLS peers, there will be a max of * 1 + (2 + 2 * 3) + (2 * 30) + (2 * 30) = 129 threads -*/ + */ /* Bugs: * May segfault when dtls connections go down? More testing needed @@ -108,10 +108,10 @@ uint8_t protoname2int(const char *name) { return i; return 255; } - + /* callbacks for making OpenSSL thread safe */ unsigned long ssl_thread_id() { - return (unsigned long)pthread_self(); + return (unsigned long)pthread_self(); } void ssl_locking_callback(int mode, int type, const char *file, int line) { @@ -138,7 +138,7 @@ int prefixmatch(void *a1, void *a2, uint8_t len) { struct clsrvconf *find_conf(uint8_t type, struct sockaddr *addr, struct list *confs, struct list_node **cur, uint8_t server_p) { struct list_node *entry; struct clsrvconf *conf; - + for (entry = (cur && *cur ? list_next(*cur) : list_first(confs)); entry; entry = list_next(entry)) { conf = (struct clsrvconf *)entry->data; if (conf->type == type && addressmatches(conf->hostports, addr, server_p)) { @@ -146,7 +146,7 @@ struct clsrvconf *find_conf(uint8_t type, struct sockaddr *addr, struct list *co *cur = entry; return conf; } - } + } return NULL; } @@ -162,7 +162,7 @@ struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_ struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur) { struct list_node *entry; struct clsrvconf *conf; - + for (entry = (cur && *cur ? list_next(*cur) : list_first(clconfs)); entry; entry = list_next(entry)) { conf = (struct clsrvconf *)entry->data; if (conf->type == type) { @@ -170,13 +170,13 @@ struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur) { *cur = entry; return conf; } - } + } return NULL; } struct gqueue *newqueue() { struct gqueue *q; - + q = malloc(sizeof(struct gqueue)); if (!q) debugx(1, DBG_ERR, "malloc failed"); @@ -205,7 +205,7 @@ void removequeue(struct gqueue *q) { void freebios(struct gqueue *q) { BIO *bio; - + pthread_mutex_lock(&q->mutex); while ((bio = (BIO *)list_shift(q->entries))) BIO_free(bio); @@ -215,7 +215,7 @@ void freebios(struct gqueue *q) { struct client *addclient(struct clsrvconf *conf, uint8_t lock) { struct client *new = malloc(sizeof(struct client)); - + if (!new) { debug(DBG_ERR, "malloc failed"); return NULL; @@ -232,7 +232,7 @@ struct client *addclient(struct clsrvconf *conf, uint8_t lock) { return NULL; } } - + memset(new, 0, sizeof(struct client)); new->conf = conf; if (conf->pdef->addclient) @@ -253,7 +253,7 @@ void removeclientrqs_sendrq_freeserver_lock(uint8_t wantlock) { else pthread_mutex_unlock(&lock); } - + void removeclientrqs(struct client *client) { struct request *rq; struct rqout *rqout; @@ -278,7 +278,7 @@ void removeclientrqs(struct client *client) { void removelockedclient(struct client *client) { struct clsrvconf *conf; - + conf = client->conf; if (conf->clients) { removeclientrqs(client); @@ -291,7 +291,7 @@ void removelockedclient(struct client *client) { void removeclient(struct client *client) { struct clsrvconf *conf; - + if (!client) return; @@ -335,7 +335,7 @@ void freeserver(struct server *server, uint8_t destroymutex) { int addserver(struct clsrvconf *conf) { int i; - + if (conf->servers) { debug(DBG_ERR, "addserver: currently works with just one server per conf"); return 0; @@ -348,7 +348,7 @@ int addserver(struct clsrvconf *conf) { memset(conf->servers, 0, sizeof(struct server)); conf->servers->conf = conf; -#ifdef RADPROT_DTLS +#ifdef RADPROT_DTLS if (conf->type == RAD_DTLS) conf->servers->rbios = newqueue(); #endif @@ -357,7 +357,7 @@ int addserver(struct clsrvconf *conf) { conf->servers->sock = -1; if (conf->pdef->addserverextra) conf->pdef->addserverextra(conf); - + conf->servers->requests = calloc(MAX_REQUESTS, sizeof(struct rqout)); if (!conf->servers->requests) { debug(DBG_ERR, "malloc failed"); @@ -394,8 +394,8 @@ int addserver(struct clsrvconf *conf) { } return 1; - - errexit: + +errexit: freeserver(conf->servers, 0); conf->servers = NULL; return 0; @@ -457,7 +457,7 @@ void sendrq(struct request *rq) { to = rq->to; if (!to) goto errexit; - + start = to->conf->statusserver ? 1 : 0; pthread_mutex_lock(&to->newrq_mutex); if (start && rq->msg->code == RAD_Status_Server) { @@ -503,7 +503,7 @@ void sendrq(struct request *rq) { debug(DBG_ERR, "sendrq: radmsg2buf failed"); goto errexit; } - + debug(DBG_DBG, "sendrq: inserting packet with id %d in queue for %s", i, to->conf->name); to->requests[i].rq = rq; pthread_mutex_unlock(to->requests[i].lock); @@ -520,7 +520,7 @@ void sendrq(struct request *rq) { removeclientrqs_sendrq_freeserver_lock(0); return; - errexit: +errexit: if (rq->from) rmclientrq(rq, rq->msg->id); freerq(rq); @@ -531,7 +531,7 @@ void sendrq(struct request *rq) { void sendreply(struct request *rq) { uint8_t first; struct client *to = rq->from; - + if (!rq->replybuf) rq->replybuf = radmsg2buf(rq->msg, (uint8_t *)to->conf->secret); radmsg_free(rq->msg); @@ -544,14 +544,14 @@ void sendreply(struct request *rq) { pthread_mutex_lock(&to->replyq->mutex); first = list_first(to->replyq->entries) == NULL; - + if (!list_push(to->replyq->entries, rq)) { pthread_mutex_unlock(&to->replyq->mutex); freerq(rq); debug(DBG_ERR, "sendreply: malloc failed"); return; } - + if (first) { debug(DBG_DBG, "signalling server writer"); pthread_cond_signal(&to->replyq->cond); @@ -566,7 +566,7 @@ int pwdencrypt(uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_ unsigned char hash[EVP_MAX_MD_SIZE], *input; unsigned int md_len; uint8_t i, offset = 0, out[128]; - + pthread_mutex_lock(&lock); if (first) { EVP_MD_CTX_init(&mdctx); @@ -602,7 +602,7 @@ int pwddecrypt(uint8_t *in, uint8_t len, char *shared, uint8_t sharedlen, uint8_ unsigned char hash[EVP_MAX_MD_SIZE], *input; unsigned int md_len; uint8_t i, offset = 0, out[128]; - + pthread_mutex_lock(&lock); if (first) { EVP_MD_CTX_init(&mdctx); @@ -638,7 +638,7 @@ int msmppencrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, unsigned char hash[EVP_MAX_MD_SIZE]; unsigned int md_len; uint8_t i, offset; - + pthread_mutex_lock(&lock); if (first) { EVP_MD_CTX_init(&mdctx); @@ -650,7 +650,7 @@ int msmppencrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, printfchars(NULL, "msppencrypt salt in", "%02x ", salt, 2); printfchars(NULL, "msppencrypt in", "%02x ", text, len); #endif - + if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) || !EVP_DigestUpdate(&mdctx, shared, sharedlen) || !EVP_DigestUpdate(&mdctx, auth, 16) || @@ -660,15 +660,15 @@ int msmppencrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, return 0; } -#if 0 +#if 0 printfchars(NULL, "msppencrypt hash", "%02x ", hash, 16); #endif - + for (i = 0; i < 16; i++) text[i] ^= hash[i]; - + for (offset = 16; offset < len; offset += 16) { -#if 0 +#if 0 printf("text + offset - 16 c(%d): ", offset / 16); printfchars(NULL, NULL, "%02x ", text + offset - 16, 16); #endif @@ -682,12 +682,12 @@ int msmppencrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, } #if 0 printfchars(NULL, "msppencrypt hash", "%02x ", hash, 16); -#endif - +#endif + for (i = 0; i < 16; i++) text[offset + i] ^= hash[i]; } - + #if 0 printfchars(NULL, "msppencrypt out", "%02x ", text, len); #endif @@ -704,7 +704,7 @@ int msmppdecrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, unsigned int md_len; uint8_t i, offset; char plain[255]; - + pthread_mutex_lock(&lock); if (first) { EVP_MD_CTX_init(&mdctx); @@ -716,7 +716,7 @@ int msmppdecrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, printfchars(NULL, "msppdecrypt salt in", "%02x ", salt, 2); printfchars(NULL, "msppdecrypt in", "%02x ", text, len); #endif - + if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) || !EVP_DigestUpdate(&mdctx, shared, sharedlen) || !EVP_DigestUpdate(&mdctx, auth, 16) || @@ -726,15 +726,15 @@ int msmppdecrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, return 0; } -#if 0 +#if 0 printfchars(NULL, "msppdecrypt hash", "%02x ", hash, 16); #endif - + for (i = 0; i < 16; i++) plain[i] = text[i] ^ hash[i]; - + for (offset = 16; offset < len; offset += 16) { -#if 0 +#if 0 printf("text + offset - 16 c(%d): ", offset / 16); printfchars(NULL, NULL, "%02x ", text + offset - 16, 16); #endif @@ -748,7 +748,7 @@ int msmppdecrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, } #if 0 printfchars(NULL, "msppdecrypt hash", "%02x ", hash, 16); -#endif +#endif for (i = 0; i < 16; i++) plain[offset + i] = text[offset + i] ^ hash[i]; @@ -844,7 +844,7 @@ void _internal_removeserversubrealms(struct list *realmlist, struct clsrvconf *s void removeserversubrealms(struct list *realmlist, struct clsrvconf *srv) { struct list_node *entry; struct realm *realm; - + for (entry = list_first(realmlist); entry; entry = list_next(entry)) { realm = (struct realm *)entry->data; pthread_mutex_lock(&realm->mutex); @@ -858,7 +858,7 @@ void removeserversubrealms(struct list *realmlist, struct clsrvconf *srv) { pthread_mutex_unlock(&realm->mutex); } } - + int attrvalidate(unsigned char *attrs, int length) { while (length > 1) { if (ATTRLEN(attrs) < 2) { @@ -882,14 +882,14 @@ int pwdrecrypt(uint8_t *pwd, uint8_t len, char *oldsecret, char *newsecret, uint debug(DBG_WARN, "pwdrecrypt: invalid password length"); return 0; } - + if (!pwddecrypt(pwd, len, oldsecret, strlen(oldsecret), oldauth)) { debug(DBG_WARN, "pwdrecrypt: cannot decrypt password"); return 0; } #ifdef DEBUG printfchars(NULL, "pwdrecrypt: password", "%02x ", pwd, len); -#endif +#endif if (!pwdencrypt(pwd, len, newsecret, strlen(newsecret), newauth)) { debug(DBG_WARN, "pwdrecrypt: cannot encrypt password"); return 0; @@ -914,7 +914,7 @@ int msmpprecrypt(uint8_t *msmpp, uint8_t len, char *oldsecret, char *newsecret, int msmppe(unsigned char *attrs, int length, uint8_t type, char *attrtxt, struct request *rq, char *oldsecret, char *newsecret) { unsigned char *attr; - + for (attr = attrs; (attr = attrget(attr, length - (attr - attrs), type)); attr += ATTRLEN(attr)) { debug(DBG_DBG, "msmppe: Got %s", attrtxt); if (!msmpprecrypt(ATTRVAL(attr), ATTRVALLEN(attr), oldsecret, newsecret, rq->buf + 4, rq->rqauth)) @@ -926,7 +926,7 @@ int msmppe(unsigned char *attrs, int length, uint8_t type, char *attrtxt, struct int findvendorsubattr(uint32_t *attrs, uint32_t vendor, uint32_t subattr) { if (!attrs) return 0; - + for (; attrs[0]; attrs += 2) if (attrs[0] == vendor && attrs[1] == subattr) return 1; @@ -938,7 +938,7 @@ int dovendorrewriterm(struct tlv *attr, uint32_t *removevendorattrs) { uint8_t alen, sublen; uint32_t vendor; uint8_t *subattrs; - + if (!removevendorattrs) return 0; @@ -948,13 +948,13 @@ int dovendorrewriterm(struct tlv *attr, uint32_t *removevendorattrs) { removevendorattrs += 2; if (!*removevendorattrs) return 0; - + if (findvendorsubattr(removevendorattrs, vendor, 256)) return 1; /* remove entire vendor attribute */ sublen = attr->l - 4; subattrs = attr->v + 4; - + if (!attrvalidate(subattrs, sublen)) { debug(DBG_INFO, "dovendorrewrite: vendor attribute validation failed, no rewrite"); return 0; @@ -979,23 +979,23 @@ void dorewriterm(struct radmsg *msg, uint8_t *rmattrs, uint32_t *rmvattrs) { p = NULL; n = list_first(msg->attrs); while (n) { - attr = (struct tlv *)n->data; - if ((rmattrs && strchr((char *)rmattrs, attr->t)) || - (rmvattrs && attr->t == RAD_Attr_Vendor_Specific && dovendorrewriterm(attr, rmvattrs))) { - list_removedata(msg->attrs, attr); - freetlv(attr); - n = p ? list_next(p) : list_first(msg->attrs); - } else { - p = n; - n = list_next(n); - } + attr = (struct tlv *)n->data; + if ((rmattrs && strchr((char *)rmattrs, attr->t)) || + (rmvattrs && attr->t == RAD_Attr_Vendor_Specific && dovendorrewriterm(attr, rmvattrs))) { + list_removedata(msg->attrs, attr); + freetlv(attr); + n = p ? list_next(p) : list_first(msg->attrs); + } else { + p = n; + n = list_next(n); + } } } int dorewriteadd(struct radmsg *msg, struct list *addattrs) { struct list_node *n; struct tlv *a; - + for (n = list_first(addattrs); n; n = list_next(n)) { a = copytlv((struct tlv *)n->data); if (!a) @@ -1010,7 +1010,7 @@ int dorewriteadd(struct radmsg *msg, struct list *addattrs) { int resizeattr(struct tlv *attr, uint8_t newlen) { uint8_t *newv; - + if (newlen != attr->l) { newv = realloc(attr->v, newlen); if (!newv) @@ -1030,14 +1030,14 @@ int dorewritemodattr(struct tlv *attr, struct modattr *modattr) { in = stringcopy((char *)attr->v, attr->l); if (!in) return 0; - + if (regexec(modattr->regex, in, nmatch, pmatch, 0)) { free(in); return 1; } - + out = modattr->replacement; - + for (i = start; out[i]; i++) { if (out[i] == '\\' && out[i + 1] >= '1' && out[i + 1] <= '9') { pfield = &pmatch[out[i + 1] - '0']; @@ -1141,7 +1141,7 @@ void addttlattr(struct radmsg *msg, uint32_t *attrtype, uint8_t addttl) { memset(ttl, 0, 4); ttl[3] = addttl; - + if (attrtype[1] == 256) { /* not vendor */ attr = maketlv(attrtype[0], 4, ttl); if (attr && !radmsg_add(msg, attr)) @@ -1182,7 +1182,7 @@ int checkttl(struct radmsg *msg, uint32_t *attrtype) { struct list_node *node; uint32_t vendor; int sublen; - + if (attrtype[1] == 256) { /* not vendor */ attr = radmsg_gettype(msg, attrtype[0]); if (attr) @@ -1196,7 +1196,7 @@ int checkttl(struct radmsg *msg, uint32_t *attrtype) { if (ntohl(vendor) != attrtype[0]) continue; sublen = attr->l - 4; - subattrs = attr->v + 4; + subattrs = attr->v + 4; if (!attrvalidate(subattrs, sublen)) continue; while (sublen > 1) { @@ -1209,7 +1209,7 @@ int checkttl(struct radmsg *msg, uint32_t *attrtype) { } return -1; } - + const char *radmsgtype2string(uint8_t code) { static const char *rad_msg_names[] = { "", "Access-Request", "Access-Accept", "Access-Reject", @@ -1241,7 +1241,7 @@ uint8_t *radattr2ascii(struct tlv *attr) { l += 2; if (l == attr->l) return (uint8_t *)stringcopy((char *)attr->v, attr->l); - + a = malloc(l + 1); if (!a) return NULL; @@ -1270,7 +1270,7 @@ void acclog(struct radmsg *msg, struct client *from) { username = radattr2ascii(attr); if (username) { debug(DBG_INFO, "acclog: accounting-request from client %s (%s) with username: %s", from->conf->name, addr2string(from->addr), username); - + free(username); } } @@ -1330,7 +1330,7 @@ struct server *findserver(struct realm **realm, struct tlv *username, uint8_t ac struct realm *subrealm; struct server *server = NULL; char *id = (char *)tlv2str(username); - + if (!id) return NULL; /* returns with lock on realm */ @@ -1352,7 +1352,7 @@ struct server *findserver(struct realm **realm, struct tlv *username, uint8_t ac if (srvconf) server = srvconf->servers; - exit: +exit: free(id); return server; } @@ -1375,7 +1375,7 @@ struct request *newrequest() { int addclientrq(struct request *rq) { struct request *r; struct timeval now; - + r = rq->from->rqs[rq->rqid]; if (r) { if (rq->udpport == r->udpport && !memcmp(rq->rqauth, r->rqauth, 16)) { @@ -1414,7 +1414,7 @@ int radsrv(struct request *rq) { struct server *to = NULL; struct client *from = rq->from; int ttlres; - + msg = buf2radmsg(rq->buf, (uint8_t *)from->conf->secret, NULL); free(rq->buf); rq->buf = NULL; @@ -1424,17 +1424,17 @@ int radsrv(struct request *rq) { freerq(rq); return 0; } - + rq->msg = msg; rq->rqid = msg->id; memcpy(rq->rqauth, msg->auth, 16); debug(DBG_DBG, "radsrv: code %d, id %d", msg->code, msg->id); if (msg->code != RAD_Access_Request && msg->code != RAD_Status_Server && msg->code != RAD_Accounting_Request) { - debug(DBG_INFO, "radsrv: server currently accepts only access-requests, accounting-requests and status-server, ignoring"); + debug(DBG_INFO, "radsrv: server currently accepts only access-requests, accounting-requests and status-server, ignoring"); goto exit; } - + if (!addclientrq(rq)) goto exit; @@ -1453,7 +1453,7 @@ int radsrv(struct request *rq) { debug(DBG_INFO, "radsrv: ignoring request from client %s (%s), ttl exceeded", from->conf->name, addr2string(from->addr)); goto exit; } - + attr = radmsg_gettype(msg, RAD_Attr_User_Name); if (!attr) { if (msg->code == RAD_Accounting_Request) { @@ -1463,12 +1463,12 @@ int radsrv(struct request *rq) { debug(DBG_INFO, "radsrv: ignoring access request, no username attribute"); goto exit; } - + if (from->conf->rewriteusername && !rewriteusername(rq, attr)) { debug(DBG_WARN, "radsrv: username malloc failed, ignoring request"); goto rmclrqexit; } - + userascii = radattr2ascii(attr); if (!userascii) goto rmclrqexit; @@ -1491,7 +1491,7 @@ int radsrv(struct request *rq) { } goto exit; } - + if (options.loopprevention && !strcmp(from->conf->name, to->conf->name)) { debug(DBG_INFO, "radsrv: Loop prevented, not forwarding request from client %s (%s) to server %s, discarding", from->conf->name, addr2string(from->addr), to->conf->name); @@ -1504,7 +1504,7 @@ int radsrv(struct request *rq) { debug(DBG_WARN, "radsrv: failed to generate random auth"); goto rmclrqexit; } - + #ifdef DEBUG printfchars(NULL, "auth", "%02x ", auth, 16); #endif @@ -1525,20 +1525,20 @@ int radsrv(struct request *rq) { if (to->conf->rewriteout && !dorewrite(msg, to->conf->rewriteout)) goto rmclrqexit; - + if (ttlres == -1 && (options.addttl || to->conf->addttl)) addttlattr(msg, options.ttlattrtype, to->conf->addttl ? to->conf->addttl : options.addttl); - + free(userascii); rq->to = to; sendrq(rq); pthread_mutex_unlock(&realm->mutex); freerealm(realm); return 1; - - rmclrqexit: + +rmclrqexit: rmclientrq(rq, msg->id); - exit: +exit: freerq(rq); free(userascii); if (realm) { @@ -1557,7 +1557,7 @@ void replyh(struct server *server, unsigned char *buf) { struct radmsg *msg = NULL; struct tlv *attr; struct list_node *node; - + server->connectionok = 1; server->lostrqs = 0; @@ -1569,7 +1569,7 @@ void replyh(struct server *server, unsigned char *buf) { debug(DBG_INFO, "replyh: no outstanding request with this id, ignoring reply"); goto errunlock; } - + msg = buf2radmsg(buf, (uint8_t *)server->conf->secret, rqout->rq->msg->auth); free(buf); buf = NULL; @@ -1585,7 +1585,7 @@ void replyh(struct server *server, unsigned char *buf) { debug(DBG_DBG, "got %s message with id %d", radmsgtype2string(msg->code), msg->id); gettimeofday(&server->lastrcv, NULL); - + if (rqout->rq->msg->code == RAD_Status_Server) { freerqoutdata(rqout); debug(DBG_DBG, "replyh: got status server response from %s", server->conf->name); @@ -1594,18 +1594,18 @@ void replyh(struct server *server, unsigned char *buf) { gettimeofday(&server->lastreply, NULL); from = rqout->rq->from; - + if (server->conf->rewritein && !dorewrite(msg, from->conf->rewritein)) { debug(DBG_INFO, "replyh: rewritein failed"); goto errunlock; } - + ttlres = checkttl(msg, options.ttlattrtype); - if (!ttlres) { + if (!ttlres) { debug(DBG_INFO, "replyh: ignoring reply from server %s, ttl exceeded", server->conf->name); goto errunlock; } - + /* MS MPPE */ for (node = list_first(msg->attrs); node; node = list_next(node)) { attr = (struct tlv *)node->data; @@ -1615,9 +1615,9 @@ void replyh(struct server *server, unsigned char *buf) { break; if (attr->v[0] != 0 || attr->v[1] != 0 || attr->v[2] != 1 || attr->v[3] != 55) /* 311 == MS */ continue; - + sublen = attr->l - 4; - subattrs = attr->v + 4; + subattrs = attr->v + 4; if (!attrvalidate(subattrs, sublen) || !msmppe(subattrs, sublen, RAD_VS_ATTR_MS_MPPE_Send_Key, "MS MPPE Send Key", rqout->rq, server->conf->secret, from->conf->secret) || @@ -1660,7 +1660,7 @@ void replyh(struct server *server, unsigned char *buf) { msg->id = (char)rqout->rq->rqid; memcpy(msg->auth, rqout->rq->rqauth, 16); -#ifdef DEBUG +#ifdef DEBUG printfchars(NULL, "origauth/buf+4", "%02x ", buf + 4, 16); #endif @@ -1676,12 +1676,12 @@ void replyh(struct server *server, unsigned char *buf) { debug(DBG_WARN, "replyh: rewriteout failed"); goto errunlock; } - + if (ttlres == -1 && (options.addttl || from->conf->addttl)) addttlattr(msg, options.ttlattrtype, from->conf->addttl ? from->conf->addttl : options.addttl); debug(msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Accounting_Response ? DBG_WARN : DBG_INFO, - "replyh: passing %s to client %s (%s)", radmsgtype2string(msg->code), from->conf->name, addr2string(from->addr)); + "replyh: passing %s to client %s (%s)", radmsgtype2string(msg->code), from->conf->name, addr2string(from->addr)); radmsg_free(rqout->rq->msg); rqout->rq->msg = msg; @@ -1690,7 +1690,7 @@ void replyh(struct server *server, unsigned char *buf) { pthread_mutex_unlock(rqout->lock); return; - errunlock: +errunlock: radmsg_free(msg); pthread_mutex_unlock(rqout->lock); return; @@ -1715,7 +1715,7 @@ struct request *createstatsrvrq() { } return rq; - exit: +exit: freerq(rq); return NULL; } @@ -1732,16 +1732,16 @@ void *clientwr(void *arg) { struct timespec timeout; struct request *statsrvrq; struct clsrvconf *conf; - + conf = server->conf; - + if (server->dynamiclookuparg && !dynamicconfig(server)) { dynconffail = 1; server->dynstartup = 0; sleep(900); goto errexit; } - + if (!resolvehostports(conf->hostports, conf->pdef->socktype)) { debug(DBG_WARN, "clientwr: resolve failed"); server->dynstartup = 0; @@ -1750,7 +1750,7 @@ void *clientwr(void *arg) { } memset(&timeout, 0, sizeof(struct timespec)); - + if (conf->statusserver) { gettimeofday(&server->lastrcv, NULL); gettimeofday(&laststatsrv, NULL); @@ -1772,7 +1772,7 @@ void *clientwr(void *arg) { } else server->connectionok = 1; server->dynstartup = 0; - + for (;;) { pthread_mutex_lock(&server->newrq_mutex); if (!server->newrq) { @@ -1793,7 +1793,7 @@ void *clientwr(void *arg) { #if 0 if (timeout.tv_sec > now.tv_sec) debug(DBG_DBG, "clientwr: waiting up to %ld secs for new request", timeout.tv_sec - now.tv_sec); -#endif +#endif pthread_cond_timedwait(&server->newrq_cond, &server->newrq_mutex, &timeout); timeout.tv_sec = 0; } @@ -1801,10 +1801,10 @@ void *clientwr(void *arg) { debug(DBG_DBG, "clientwr: got new request"); server->newrq = 0; } -#if 0 +#if 0 else debug(DBG_DBG, "clientwr: request timer expired, processing request queue"); -#endif +#endif pthread_mutex_unlock(&server->newrq_mutex); for (i = 0; i < MAX_REQUESTS; i++) { @@ -1822,7 +1822,7 @@ void *clientwr(void *arg) { pthread_mutex_unlock(rqout->lock); } } - + if (i == MAX_REQUESTS) break; @@ -1873,7 +1873,7 @@ void *clientwr(void *arg) { } } } - errexit: +errexit: conf->servers = NULL; if (server->dynamiclookuparg) { removeserversubrealms(realms, conf); @@ -1892,10 +1892,10 @@ void createlistener(uint8_t type, char *arg) { struct addrinfo *res; int s = -1, on = 1, *sp = NULL; struct hostportres *hp = newhostport(arg, protodefs[type]->portdefault, 0); - + if (!hp || !resolvehostport(hp, protodefs[type]->socktype, 1)) debugx(1, DBG_ERR, "createlistener: failed to resolve %s", arg); - + for (res = hp->addrinfo; res; res = res->ai_next) { s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s < 0) { @@ -1927,7 +1927,7 @@ void createlistener(uint8_t type, char *arg) { } if (!sp) debugx(1, DBG_ERR, "createlistener: socket/bind failed"); - + debug(DBG_WARN, "createlistener: listening for %s on %s:%s", protodefs[type]->name, hp->host ? hp->host : "*", hp->port); freehostport(hp); } @@ -1948,7 +1948,7 @@ void sslinit() { int i; time_t t; pid_t pid; - + ssl_locks = calloc(CRYPTO_num_locks(), sizeof(pthread_mutex_t)); ssl_lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); for (i = 0; i < CRYPTO_num_locks(); i++) { @@ -1974,10 +1974,10 @@ struct list *addsrvconfs(char *value, char **names) { int n; struct list_node *entry; struct clsrvconf *conf = NULL; - + if (!names || !*names) return NULL; - + conflist = list_create(); if (!conflist) { debug(DBG_ERR, "malloc failed"); @@ -2030,7 +2030,7 @@ struct realm *addrealm(struct list *realmlist, char *value, char **servers, char int n; struct realm *realm; char *s, *regex = NULL; - + if (*value == '/') { /* regexp, remove optional trailing / if present */ if (value[strlen(value) - 1] == '/') @@ -2069,7 +2069,7 @@ struct realm *addrealm(struct list *realmlist, char *value, char **servers, char goto exit; } memset(realm, 0, sizeof(struct realm)); - + if (pthread_mutex_init(&realm->mutex, NULL)) { debug(DBG_ERR, "mutex init failed"); free(realm); @@ -2088,18 +2088,18 @@ struct realm *addrealm(struct list *realmlist, char *value, char **servers, char } realm->message = message; realm->accresp = accresp; - + if (regcomp(&realm->regex, regex ? regex : value + 1, REG_EXTENDED | REG_ICASE | REG_NOSUB)) { debug(DBG_ERR, "addrealm: failed to compile regular expression %s", regex ? regex : value + 1); goto errexit; } - + if (servers && *servers) { realm->srvconfs = addsrvconfs(value, servers); if (!realm->srvconfs) goto errexit; } - + if (accservers && *accservers) { realm->accsrvconfs = addsrvconfs(value, accservers); if (!realm->accsrvconfs) @@ -2111,16 +2111,16 @@ struct realm *addrealm(struct list *realmlist, char *value, char **servers, char pthread_mutex_destroy(&realm->mutex); goto errexit; } - + debug(DBG_DBG, "addrealm: added realm %s", value); goto exit; - errexit: +errexit: while (list_shift(realm->srvconfs)); while (list_shift(realm->accsrvconfs)); freerealm(realm); realm = NULL; - exit: +exit: free(regex); if (servers) { if (realm) @@ -2148,7 +2148,7 @@ struct list *createsubrealmservers(struct realm *realm, struct list *srvconfs) { if (!subrealmservers) return NULL; } - + for (entry = list_first(srvconfs); entry; entry = list_next(entry)) { conf = (struct clsrvconf *)entry->data; if (!conf->servers && conf->dynamiclookupcommand) { @@ -2179,11 +2179,11 @@ struct list *createsubrealmservers(struct realm *realm, struct list *srvconfs) { } return subrealmservers; } - + struct realm *adddynamicrealmserver(struct realm *realm, char *id) { struct realm *newrealm = NULL; char *realmname, *s; - + /* create dynamic for the realm (string after last @, exit if nothing after @ */ realmname = strrchr(id, '@'); if (!realmname) @@ -2194,12 +2194,12 @@ struct realm *adddynamicrealmserver(struct realm *realm, char *id) { for (s = realmname; *s; s++) if (*s != '.' && *s != '-' && !isalnum((int)*s)) return NULL; - + if (!realm->subrealms) realm->subrealms = list_create(); if (!realm->subrealms) return NULL; - + newrealm = addrealm(realm->subrealms, realmname, NULL, NULL, stringcopy(realm->message, 0), realm->accresp); if (!newrealm) { list_destroy(realm->subrealms); @@ -2219,7 +2219,7 @@ int dynamicconfig(struct server *server) { pid_t pid; struct clsrvconf *conf = server->conf; struct gconffile *cf = NULL; - + /* for now we only learn hostname/address */ debug(DBG_DBG, "dynamicconfig: need dynamic server config for %s", server->dynamiclookuparg); @@ -2250,14 +2250,14 @@ int dynamicconfig(struct server *server) { ok = getgenericconfig(&cf, NULL, "Server", CONF_CBK, confserver_cb, (void *)conf, NULL - ); + ); freegconf(&cf); - + if (waitpid(pid, &status, 0) < 0) { debug(DBG_ERR, "dynamicconfig: wait error"); goto errexit; } - + if (status) { debug(DBG_INFO, "dynamicconfig: command exited with status %d", WEXITSTATUS(status)); goto errexit; @@ -2266,7 +2266,7 @@ int dynamicconfig(struct server *server) { if (ok) return 1; - errexit: +errexit: debug(DBG_WARN, "dynamicconfig: failed to obtain dynamic server config"); return 0; } @@ -2274,7 +2274,7 @@ int dynamicconfig(struct server *server) { /* should accept both names and numeric values, only numeric right now */ uint8_t attrname2val(char *attrname) { int val = 0; - + val = atoi(attrname); return val > 0 && val < 256 ? val : 0; } @@ -2282,7 +2282,7 @@ uint8_t attrname2val(char *attrname) { /* should accept both names and numeric values, only numeric right now */ int vattrname2val(char *attrname, uint32_t *vendor, uint32_t *type) { char *s; - + *vendor = atoi(attrname); s = strchr(attrname, ':'); if (!s) { @@ -2298,7 +2298,7 @@ struct tlv *extractattr(char *nameval) { int len, name = 0; char *s; struct tlv *a; - + s = strchr(nameval, ':'); name = atoi(nameval); if (!s || name < 1 || name > 255) @@ -2358,7 +2358,7 @@ struct modattr *extractmodattr(char *nameval) { debug(DBG_ERR, "malloc failed"); return NULL; } - + m->regex = malloc(sizeof(regex_t)); if (!m->regex) { free(m->replacement); @@ -2366,7 +2366,7 @@ struct modattr *extractmodattr(char *nameval) { debug(DBG_ERR, "malloc failed"); return NULL; } - + if (regcomp(m->regex, s, REG_ICASE | REG_EXTENDED)) { free(m->regex); free(m->replacement); @@ -2396,33 +2396,33 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c struct list *adda = NULL, *moda = NULL; struct tlv *a; struct modattr *m; - + if (rmattrs) { for (n = 0; rmattrs[n]; n++); rma = calloc(n + 1, sizeof(uint8_t)); if (!rma) debugx(1, DBG_ERR, "malloc failed"); - + for (i = 0; i < n; i++) if (!(rma[i] = attrname2val(rmattrs[i]))) debugx(1, DBG_ERR, "addrewrite: invalid attribute %s", rmattrs[i]); freegconfmstr(rmattrs); rma[i] = 0; } - + if (rmvattrs) { for (n = 0; rmvattrs[n]; n++); rmva = calloc(2 * n + 1, sizeof(uint32_t)); if (!rmva) debugx(1, DBG_ERR, "malloc failed"); - + for (p = rmva, i = 0; i < n; i++, p += 2) if (!vattrname2val(rmvattrs[i], p, p + 1)) debugx(1, DBG_ERR, "addrewrite: invalid vendor attribute %s", rmvattrs[i]); freegconfmstr(rmvattrs); *p = 0; } - + if (addattrs) { adda = list_create(); if (!adda) @@ -2450,7 +2450,7 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c } freegconfmstr(modattrs); } - + if (rma || rmva || adda || moda) { rewrite = malloc(sizeof(struct rewrite)); if (!rewrite) @@ -2460,7 +2460,7 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c rewrite->addattrs = adda; rewrite->modattrs = moda; } - + if (!hash_insert(rewriteconfs, value, strlen(value), rewrite)) debugx(1, DBG_ERR, "malloc failed"); debug(DBG_DBG, "addrewrite: added rewrite block %s", value); @@ -2468,7 +2468,7 @@ void addrewrite(char *value, char **rmattrs, char **rmvattrs, char **addattrs, c int setttlattr(struct options *opts, char *defaultattr) { char *ttlattr = opts->ttlattr ? opts->ttlattr : defaultattr; - + if (vattrname2val(ttlattr, opts->ttlattrtype, opts->ttlattrtype + 1) && (opts->ttlattrtype[1] != 256 || opts->ttlattrtype[0] < 256)) return 1; @@ -2511,7 +2511,7 @@ void freeclsrvconf(struct clsrvconf *conf) { int mergeconfstring(char **dst, char **src) { char *t; - + if (*src) { *dst = *src; *src = NULL; @@ -2531,7 +2531,7 @@ int mergeconfstring(char **dst, char **src) { char **mstringcopy(char **in) { char **out; int n; - + if (!in) return NULL; @@ -2552,7 +2552,7 @@ char **mstringcopy(char **in) { int mergeconfmstring(char ***dst, char ***src) { char **t; - + if (*src) { *dst = *src; *src = NULL; @@ -2596,7 +2596,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char struct clsrvconf *conf; char *conftype = NULL, *rewriteinalias = NULL; long int dupinterval = LONG_MIN, addttl = LONG_MIN; - + debug(DBG_DBG, "confclient_cb called for %s", block); conf = malloc(sizeof(struct clsrvconf)); @@ -2604,16 +2604,16 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char debugx(1, DBG_ERR, "malloc failed"); memset(conf, 0, sizeof(struct clsrvconf)); conf->certnamecheck = 1; - + if (!getgenericconfig(cf, block, "type", CONF_STR, &conftype, "host", CONF_MSTR, &conf->hostsrc, "secret", CONF_STR, &conf->secret, -#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) +#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) "tls", CONF_STR, &conf->tls, "matchcertificateattribute", CONF_STR, &conf->matchcertattr, "CertificateNameCheck", CONF_BLN, &conf->certnamecheck, -#endif +#endif "DuplicateInterval", CONF_LINT, &dupinterval, "addTTL", CONF_LINT, &addttl, "rewrite", CONF_STR, &rewriteinalias, @@ -2621,9 +2621,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char "rewriteOut", CONF_STR, &conf->confrewriteout, "rewriteattribute", CONF_STR, &conf->confrewriteusername, NULL - )) + )) debugx(1, DBG_ERR, "configuration error"); - + conf->name = stringcopy(val, 0); if (conf->name && !conf->hostsrc) { conf->hostsrc = malloc(2 * sizeof(char *)); @@ -2634,7 +2634,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char } if (!conf->name || !conf->hostsrc || !conf->hostsrc[0]) debugx(1, DBG_ERR, "malloc failed"); - + if (!conftype) debugx(1, DBG_ERR, "error in block %s, option type missing", block); conf->type = protoname2int(conftype); @@ -2643,7 +2643,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char free(conftype); conf->pdef = protodefs[conf->type]; -#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) +#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) if (conf->type == RAD_TLS || conf->type == RAD_DTLS) { conf->tlsconf = conf->tls ? tlsgettls(conf->tls, NULL) : tlsgettls("defaultclient", "default"); if (!conf->tlsconf) @@ -2652,20 +2652,20 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char debugx(1, DBG_ERR, "error in block %s, invalid MatchCertificateAttributeValue", block); } #endif - + if (dupinterval != LONG_MIN) { if (dupinterval < 0 || dupinterval > 255) debugx(1, DBG_ERR, "error in block %s, value of option DuplicateInterval is %d, must be 0-255", block, dupinterval); conf->dupinterval = (uint8_t)dupinterval; } else conf->dupinterval = conf->pdef->duplicateintervaldefault; - + if (addttl != LONG_MIN) { if (addttl < 1 || addttl > 255) debugx(1, DBG_ERR, "error in block %s, value of option addTTL is %d, must be 1-255", block, addttl); conf->addttl = (uint8_t)addttl; } - + if (!conf->confrewritein) conf->confrewritein = rewriteinalias; else @@ -2673,7 +2673,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char conf->rewritein = conf->confrewritein ? getrewrite(conf->confrewritein, NULL) : getrewrite("defaultclient", "default"); if (conf->confrewriteout) conf->rewriteout = getrewrite(conf->confrewriteout, NULL); - + if (conf->confrewriteusername) { conf->rewriteusername = extractmodattr(conf->confrewriteusername); if (!conf->rewriteusername) @@ -2683,7 +2683,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char if (!addhostport(&conf->hostports, conf->hostsrc, conf->pdef->portdefault, 1) || !resolvehostports(conf->hostports, conf->pdef->socktype)) debugx(1, DBG_ERR, "resolve failed, exiting"); - + if (!conf->secret) { if (!conf->pdef->secretdefault) debugx(1, DBG_ERR, "error in block %s, secret must be specified for transport type %s", block, conf->pdef->name); @@ -2703,7 +2703,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char } int compileserverconfig(struct clsrvconf *conf, const char *block) { -#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) +#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) if (conf->type == RAD_TLS || conf->type == RAD_DTLS) { conf->tlsconf = conf->tls ? tlsgettls(conf->tls, NULL) : tlsgettls("defaultserver", "default"); if (!conf->tlsconf) { @@ -2716,7 +2716,7 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { } } #endif - + if (!conf->portsrc) { conf->portsrc = stringcopy(conf->pdef->portdefault, 0); if (!conf->portsrc) { @@ -2724,16 +2724,16 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { return 0; } } - + if (conf->retryinterval == 255) conf->retryinterval = conf->pdef->retryintervaldefault; if (conf->retrycount == 255) conf->retrycount = conf->pdef->retrycountdefault; - + conf->rewritein = conf->confrewritein ? getrewrite(conf->confrewritein, NULL) : getrewrite("defaultserver", "default"); if (conf->confrewriteout) conf->rewriteout = getrewrite(conf->confrewriteout, NULL); - + if (!addhostport(&conf->hostports, conf->hostsrc, conf->portsrc, 0)) { debug(DBG_ERR, "error in block %s, failed to parse %s", block, conf->hostsrc); return 0; @@ -2745,12 +2745,12 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { } return 1; } - + int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) { struct clsrvconf *conf, *resconf; char *conftype = NULL, *rewriteinalias = NULL; long int retryinterval = LONG_MIN, retrycount = LONG_MIN, addttl = LONG_MIN; - + debug(DBG_DBG, "confserver_cb called for %s", block); conf = malloc(sizeof(struct clsrvconf)); @@ -2771,11 +2771,11 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char "host", CONF_MSTR, &conf->hostsrc, "port", CONF_STR, &conf->portsrc, "secret", CONF_STR, &conf->secret, -#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) +#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) "tls", CONF_STR, &conf->tls, "MatchCertificateAttribute", CONF_STR, &conf->matchcertattr, "CertificateNameCheck", CONF_BLN, &conf->certnamecheck, -#endif +#endif "addTTL", CONF_LINT, &addttl, "rewrite", CONF_STR, &rewriteinalias, "rewriteIn", CONF_STR, &conf->confrewritein, @@ -2785,11 +2785,11 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char "RetryCount", CONF_LINT, &retrycount, "DynamicLookupCommand", CONF_STR, &conf->dynamiclookupcommand, NULL - )) { + )) { debug(DBG_ERR, "configuration error"); goto errexit; } - + conf->name = stringcopy(val, 0); if (conf->name && !conf->hostsrc) { conf->hostsrc = malloc(2 * sizeof(char *)); @@ -2814,7 +2814,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char } free(conftype); conftype = NULL; - + conf->pdef = protodefs[conf->type]; if (!conf->confrewritein) @@ -2831,7 +2831,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char conf->retryinterval = (uint8_t)retryinterval; } else conf->retryinterval = 255; - + if (retrycount != LONG_MIN) { if (retrycount < 0 || retrycount > conf->pdef->retrycountmax) { debug(DBG_ERR, "error in block %s, value of option RetryCount is %d, must be 0-%d", block, retrycount, conf->pdef->retrycountmax); @@ -2840,7 +2840,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char conf->retrycount = (uint8_t)retrycount; } else conf->retrycount = 255; - + if (addttl != LONG_MIN) { if (addttl < 1 || addttl > 255) { debug(DBG_ERR, "error in block %s, value of option addTTL is %d, must be 1-255", block, addttl); @@ -2848,7 +2848,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char } conf->addttl = (uint8_t)addttl; } - + if (resconf) { if (!mergesrvconf(resconf, conf)) goto errexit; @@ -2864,7 +2864,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char if (!compileserverconfig(conf, block)) goto errexit; } - + if (!conf->secret) { if (!conf->pdef->secretdefault) { debug(DBG_ERR, "error in block %s, secret must be specified for transport type %s", block, conf->pdef->name); @@ -2876,7 +2876,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char return 0; } } - + if (resconf) return 1; @@ -2886,7 +2886,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char } return 1; - errexit: +errexit: free(conftype); free(rewriteinalias); freeclsrvconf(conf); @@ -2896,16 +2896,16 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char int confrealm_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) { char **servers = NULL, **accservers = NULL, *msg = NULL; uint8_t accresp = 0; - + debug(DBG_DBG, "confrealm_cb called for %s", block); - + if (!getgenericconfig(cf, block, "server", CONF_MSTR, &servers, "accountingServer", CONF_MSTR, &accservers, "ReplyMessage", CONF_STR, &msg, "AccountingResponse", CONF_BLN, &accresp, NULL - )) + )) debugx(1, DBG_ERR, "configuration error"); addrealm(realms, val, servers, accservers, msg, accresp); @@ -2914,16 +2914,16 @@ int confrealm_cb(struct gconffile **cf, void *arg, char *block, char *opt, char int confrewrite_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) { char **rmattrs = NULL, **rmvattrs = NULL, **addattrs = NULL, **modattrs = NULL; - + debug(DBG_DBG, "confrewrite_cb called for %s", block); - + if (!getgenericconfig(cf, block, "removeAttribute", CONF_MSTR, &rmattrs, "removeVendorAttribute", CONF_MSTR, &rmvattrs, "addAttribute", CONF_MSTR, &addattrs, "modifyAttribute", CONF_MSTR, &modattrs, NULL - )) + )) debugx(1, DBG_ERR, "configuration error"); addrewrite(val, rmattrs, rmvattrs, addattrs, modattrs); return 1; @@ -2948,45 +2948,45 @@ void getmainconfig(const char *configfile) { char **listenargs[RAD_PROTOCOUNT]; char *sourcearg[RAD_PROTOCOUNT]; int i; - + cfs = openconfigfile(configfile); memset(&options, 0, sizeof(options)); memset(&listenargs, 0, sizeof(listenargs)); memset(&sourcearg, 0, sizeof(sourcearg)); - + clconfs = list_create(); if (!clconfs) debugx(1, DBG_ERR, "malloc failed"); - + srvconfs = list_create(); if (!srvconfs) debugx(1, DBG_ERR, "malloc failed"); - + realms = list_create(); if (!realms) - debugx(1, DBG_ERR, "malloc failed"); - + debugx(1, DBG_ERR, "malloc failed"); + rewriteconfs = hash_create(); if (!rewriteconfs) - debugx(1, DBG_ERR, "malloc failed"); - + debugx(1, DBG_ERR, "malloc failed"); + if (!getgenericconfig(&cfs, NULL, -#ifdef RADPROT_UDP +#ifdef RADPROT_UDP "ListenUDP", CONF_MSTR, &listenargs[RAD_UDP], "SourceUDP", CONF_STR, &sourcearg[RAD_UDP], -#endif -#ifdef RADPROT_TCP +#endif +#ifdef RADPROT_TCP "ListenTCP", CONF_MSTR, &listenargs[RAD_TCP], "SourceTCP", CONF_STR, &sourcearg[RAD_TCP], -#endif +#endif #ifdef RADPROT_TLS "ListenTLS", CONF_MSTR, &listenargs[RAD_TLS], "SourceTLS", CONF_STR, &sourcearg[RAD_TLS], -#endif +#endif #ifdef RADPROT_DTLS "ListenDTLS", CONF_MSTR, &listenargs[RAD_DTLS], "SourceDTLS", CONF_STR, &sourcearg[RAD_DTLS], -#endif +#endif "TTLAttribute", CONF_STR, &options.ttlattr, "addTTL", CONF_LINT, &addttl, "LogLevel", CONF_LINT, &loglevel, @@ -2995,14 +2995,14 @@ void getmainconfig(const char *configfile) { "Client", CONF_CBK, confclient_cb, NULL, "Server", CONF_CBK, confserver_cb, NULL, "Realm", CONF_CBK, confrealm_cb, NULL, -#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) +#if defined(RADPROT_TLS) || defined(RADPROT_DTLS) "TLS", CONF_CBK, conftls_cb, NULL, -#endif +#endif "Rewrite", CONF_CBK, confrewrite_cb, NULL, NULL - )) + )) debugx(1, DBG_ERR, "configuration error"); - + if (loglevel != LONG_MIN) { if (loglevel < 1 || loglevel > 4) debugx(1, DBG_ERR, "error in %s, value of option LogLevel is %d, must be 1, 2, 3 or 4", configfile, loglevel); @@ -3044,21 +3044,21 @@ void getargs(int argc, char **argv, uint8_t *foreground, uint8_t *pretend, uint8 *pretend = 1; break; case 'v': - debug(DBG_ERR, "radsecproxy revision $Rev$"); - debug(DBG_ERR, "This binary was built with support for the following transports:"); + debug(DBG_ERR, "radsecproxy revision $Rev$"); + debug(DBG_ERR, "This binary was built with support for the following transports:"); #ifdef RADPROT_UDP - debug(DBG_ERR, " UDP"); -#endif + debug(DBG_ERR, " UDP"); +#endif #ifdef RADPROT_TCP - debug(DBG_ERR, " TCP"); -#endif + debug(DBG_ERR, " TCP"); +#endif #ifdef RADPROT_TLS - debug(DBG_ERR, " TLS"); -#endif + debug(DBG_ERR, " TLS"); +#endif #ifdef RADPROT_DTLS - debug(DBG_ERR, " DTLS"); + debug(DBG_ERR, " DTLS"); #endif - exit(0); + exit(0); default: goto usage; } @@ -3066,7 +3066,7 @@ void getargs(int argc, char **argv, uint8_t *foreground, uint8_t *pretend, uint8 if (!(argc - optind)) return; - usage: +usage: debugx(1, DBG_ERR, "Usage:\n%s [ -c configfile ] [ -d debuglevel ] [ -f ] [ -i pidfile ] [ -p ] [ -v ]", argv[0]); } @@ -3129,7 +3129,7 @@ int main(int argc, char **argv) { char *configfile = NULL, *pidfile = NULL; struct clsrvconf *srvconf; int i; - + debug_init("radsecproxy"); debug_set_level(DEBUG_LEVEL); @@ -3138,7 +3138,7 @@ int main(int argc, char **argv) { /* needed even if no TLS/DTLS transport */ sslinit(); - + getargs(argc, argv, &foreground, &pretend, &loglevel, &configfile, &pidfile); if (loglevel) debug_set_level(loglevel); @@ -3161,12 +3161,12 @@ int main(int argc, char **argv) { if (!foreground && (daemon(0, 0) < 0)) debugx(1, DBG_ERR, "daemon() failed: %s", strerror(errno)); - + debug_timestamp_on(); debug(DBG_INFO, "radsecproxy revision $Rev$ starting"); if (pidfile && !createpidfile(pidfile)) debugx(1, DBG_ERR, "failed to create pidfile %s: %s", pidfile, strerror(errno)); - + sigemptyset(&sigset); /* exit on all but SIGHUP|SIGPIPE, ignore more? */ sigaddset(&sigset, SIGHUP); @@ -3193,7 +3193,7 @@ int main(int argc, char **argv) { if (find_clconf_type(i, NULL)) createlisteners(i); } - + /* just hang around doing nothing, anything to do here? */ for (;;) sleep(1000); @@ -85,7 +85,7 @@ void tcpsetsrcres() { int tcpconnect(struct server *server, struct timeval *when, int timeout, char *text) { struct timeval now; time_t elapsed; - + debug(DBG_DBG, "tcpconnect: called from %s", text); pthread_mutex_lock(&server->lock); if (when && memcmp(&server->lastconnecttry, when, sizeof(struct timeval))) { @@ -136,7 +136,7 @@ int tcpreadtimeout(int s, unsigned char *buf, int num, int timeout) { int ndesc, cnt, len; fd_set readfds, writefds; struct timeval timer; - + if (s < 0) return -1; /* make socket non-blocking? */ @@ -178,21 +178,21 @@ unsigned char *radtcpget(int s, int timeout) { continue; } memcpy(rad, buf, 4); - + cnt = tcpreadtimeout(s, rad + 4, len - 4, timeout); if (cnt < 1) { debug(DBG_DBG, cnt ? "radtcpget: connection lost" : "radtcpget: timeout"); free(rad); return NULL; } - + if (len >= 20) break; - + free(rad); debug(DBG_WARN, "radtcpget: packet smaller than minimum radius size"); } - + debug(DBG_DBG, "radtcpget: got %d bytes", len); return rad; } @@ -217,7 +217,7 @@ void *tcpclientrd(void *arg) { struct server *server = (struct server *)arg; unsigned char *buf; struct timeval lastconnecttry; - + for (;;) { /* yes, lastconnecttry is really necessary */ lastconnecttry = server->lastconnecttry; @@ -238,13 +238,13 @@ void *tcpserverwr(void *arg) { struct client *client = (struct client *)arg; struct gqueue *replyq; struct request *reply; - + debug(DBG_DBG, "tcpserverwr: starting for %s", addr2string(client->addr)); replyq = client->replyq; for (;;) { pthread_mutex_lock(&replyq->mutex); while (!list_first(replyq->entries)) { - if (client->sock >= 0) { + if (client->sock >= 0) { debug(DBG_DBG, "tcpserverwr: waiting for signal"); pthread_cond_wait(&replyq->cond, &replyq->mutex); debug(DBG_DBG, "tcpserverwr: got signal"); @@ -272,9 +272,9 @@ void tcpserverrd(struct client *client) { struct request *rq; uint8_t *buf; pthread_t tcpserverwrth; - + debug(DBG_DBG, "tcpserverrd: starting for %s", addr2string(client->addr)); - + if (pthread_create(&tcpserverwrth, NULL, tcpserverwr, (void *)client)) { debug(DBG_ERR, "tcpserverrd: pthread_create failed"); return; @@ -336,7 +336,7 @@ void *tcpservernew(void *arg) { } else debug(DBG_WARN, "tcpservernew: ignoring request, no matching TCP client"); - exit: +exit: shutdown(s, SHUT_RDWR); close(s); pthread_exit(NULL); @@ -92,7 +92,7 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t X509 *cert; SSL_CTX *ctx = NULL; unsigned long error; - + debug(DBG_DBG, "tlsconnect: called from %s", text); pthread_mutex_lock(&server->lock); if (when && memcmp(&server->lastconnecttry, when, sizeof(struct timeval))) { @@ -127,12 +127,12 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t sleep(60); } else server->lastconnecttry.tv_sec = now.tv_sec; /* no sleep at startup */ - + if (server->sock >= 0) close(server->sock); if ((server->sock = connecttcphostlist(server->conf->hostports, srcres)) < 0) continue; - + SSL_free(server->ssl); server->ssl = NULL; ctx = tlsgetctx(handle, server->conf->tlsconf); @@ -170,7 +170,7 @@ int sslreadtimeout(SSL *ssl, unsigned char *buf, int num, int timeout) { int s, ndesc, cnt, len; fd_set readfds, writefds; struct timeval timer; - + s = SSL_get_fd(ssl); if (s < 0) return -1; @@ -224,21 +224,21 @@ unsigned char *radtlsget(SSL *ssl, int timeout) { continue; } memcpy(rad, buf, 4); - + cnt = sslreadtimeout(ssl, rad + 4, len - 4, timeout); if (cnt < 1) { debug(DBG_DBG, cnt ? "radtlsget: connection lost" : "radtlsget: timeout"); free(rad); return NULL; } - + if (len >= 20) break; - + free(rad); debug(DBG_WARN, "radtlsget: packet smaller than minimum radius size"); } - + debug(DBG_DBG, "radtlsget: got %d bytes", len); return rad; } @@ -266,7 +266,7 @@ void *tlsclientrd(void *arg) { struct server *server = (struct server *)arg; unsigned char *buf; struct timeval now, lastconnecttry; - + for (;;) { /* yes, lastconnecttry is really necessary */ lastconnecttry = server->lastconnecttry; @@ -299,13 +299,13 @@ void *tlsserverwr(void *arg) { struct client *client = (struct client *)arg; struct gqueue *replyq; struct request *reply; - + debug(DBG_DBG, "tlsserverwr: starting for %s", addr2string(client->addr)); replyq = client->replyq; for (;;) { pthread_mutex_lock(&replyq->mutex); while (!list_first(replyq->entries)) { - if (client->ssl) { + if (client->ssl) { debug(DBG_DBG, "tlsserverwr: waiting for signal"); pthread_cond_wait(&replyq->cond, &replyq->mutex); debug(DBG_DBG, "tlsserverwr: got signal"); @@ -335,9 +335,9 @@ void tlsserverrd(struct client *client) { struct request *rq; uint8_t *buf; pthread_t tlsserverwrth; - + debug(DBG_DBG, "tlsserverrd: starting for %s", addr2string(client->addr)); - + if (pthread_create(&tlsserverwrth, NULL, tlsserverwr, (void *)client)) { debug(DBG_ERR, "tlsserverrd: pthread_create failed"); return; @@ -362,7 +362,7 @@ void tlsserverrd(struct client *client) { break; } } - + /* stop writer by setting ssl to NULL and give signal in case waiting for data */ client->ssl = NULL; pthread_mutex_lock(&client->replyq->mutex); @@ -412,7 +412,7 @@ void *tlsservernew(void *arg) { if (!cert) goto exit; } - + while (conf) { if (verifyconfcert(cert, conf)) { X509_free(cert); @@ -432,7 +432,7 @@ void *tlsservernew(void *arg) { if (cert) X509_free(cert); - exit: +exit: if (ssl) { SSL_shutdown(ssl); SSL_free(ssl); diff --git a/tlscommon.c b/tlscommon.c index 6260e37..40ea180 100644 --- a/tlscommon.c +++ b/tlscommon.c @@ -69,7 +69,7 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx) { debug(DBG_WARN, "verify error: num=%d:%s:depth=%d:%s", err, X509_verify_cert_error_string(err), depth, buf ? buf : ""); free(buf); buf = NULL; - + switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: if (err_cert) { @@ -96,9 +96,9 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx) { break; } } -#ifdef DEBUG +#ifdef DEBUG printf("certificate verify returns %d\n", ok); -#endif +#endif return ok; } @@ -135,11 +135,11 @@ static X509_VERIFY_PARAM *createverifyparams(char **poids) { X509_VERIFY_PARAM *pm; ASN1_OBJECT *pobject; int i; - + pm = X509_VERIFY_PARAM_new(); if (!pm) return NULL; - + for (i = 0; poids[i]; i++) { pobject = OBJ_txt2obj(poids[i], 0); if (!pobject) { @@ -205,29 +205,29 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { unsigned long error; switch (type) { -#ifdef RADPROT_TLS +#ifdef RADPROT_TLS case RAD_TLS: ctx = SSL_CTX_new(TLSv1_method()); -#ifdef DEBUG +#ifdef DEBUG SSL_CTX_set_info_callback(ctx, ssl_info_callback); -#endif +#endif break; -#endif -#ifdef RADPROT_DTLS +#endif +#ifdef RADPROT_DTLS case RAD_DTLS: ctx = SSL_CTX_new(DTLSv1_method()); -#ifdef DEBUG +#ifdef DEBUG SSL_CTX_set_info_callback(ctx, ssl_info_callback); -#endif +#endif SSL_CTX_set_read_ahead(ctx, 1); break; -#endif +#endif } if (!ctx) { debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name); return NULL; } - + if (conf->certkeypwd) { SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->certkeypwd); SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb); @@ -277,11 +277,11 @@ struct tls *tlsgettls(char *alt1, char *alt2) { SSL_CTX *tlsgetctx(uint8_t type, struct tls *t) { struct timeval now; - + if (!t) return NULL; gettimeofday(&now, NULL); - + switch (type) { #ifdef RADPROT_TLS case RAD_TLS: @@ -320,7 +320,7 @@ SSL_CTX *tlsgetctx(uint8_t type, struct tls *t) { X509 *verifytlscert(SSL *ssl) { X509 *cert; unsigned long error; - + if (SSL_get_verify_result(ssl) != X509_V_OK) { debug(DBG_ERR, "verifytlscert: basic validation failed"); while ((error = ERR_get_error())) @@ -340,18 +340,18 @@ static int subjectaltnameaddr(X509 *cert, int family, struct in6_addr *addr) { X509_EXTENSION *ex; STACK_OF(GENERAL_NAME) *alt; GENERAL_NAME *gn; - + debug(DBG_DBG, "subjectaltnameaddr"); - + loc = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); if (loc < 0) return r; - + ex = X509_get_ext(cert, loc); alt = X509V3_EXT_d2i(ex); if (!alt) return r; - + n = sk_GENERAL_NAME_num(alt); for (i = 0; i < n; i++) { gn = sk_GENERAL_NAME_value(alt, i); @@ -376,18 +376,18 @@ static int subjectaltnameregexp(X509 *cert, int type, char *exact, regex_t *reg X509_EXTENSION *ex; STACK_OF(GENERAL_NAME) *alt; GENERAL_NAME *gn; - + debug(DBG_DBG, "subjectaltnameregexp"); - + loc = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); if (loc < 0) return r; - + ex = X509_get_ext(cert, loc); alt = X509V3_EXT_d2i(ex); if (!alt) return r; - + n = sk_GENERAL_NAME_num(alt); for (i = 0; i < n; i++) { gn = sk_GENERAL_NAME_value(alt, i); @@ -400,7 +400,7 @@ static int subjectaltnameregexp(X509 *cert, int type, char *exact, regex_t *reg continue; #ifdef DEBUG printfchars(NULL, gn->type == GEN_DNS ? "dns" : "uri", NULL, v, l); -#endif +#endif if (exact) { if (memcmp(v, exact, l)) continue; @@ -496,7 +496,7 @@ int certnamecheck(X509 *cert, struct list *hostports) { return 1; } debug(DBG_WARN, "certnamecheck: cn not matching host %s", hp->host); - } + } } return 0; } @@ -529,16 +529,16 @@ int verifyconfcert(X509 *cert, struct clsrvconf *conf) { int conftls_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) { struct tls *conf; long int expiry = LONG_MIN; - + debug(DBG_DBG, "conftls_cb called for %s", block); - + conf = malloc(sizeof(struct tls)); if (!conf) { debug(DBG_ERR, "conftls_cb: malloc failed"); return 0; } memset(conf, 0, sizeof(struct tls)); - + if (!getgenericconfig(cf, block, "CACertificateFile", CONF_STR, &conf->cacertfile, "CACertificatePath", CONF_STR, &conf->cacertpath, @@ -549,7 +549,7 @@ int conftls_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *v "CRLCheck", CONF_BLN, &conf->crlcheck, "PolicyOID", CONF_MSTR, &conf->policyoids, NULL - )) { + )) { debug(DBG_ERR, "conftls_cb: configuration error in block %s", val); goto errexit; } @@ -567,7 +567,7 @@ int conftls_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *v goto errexit; } conf->cacheexpiry = expiry; - } + } conf->name = stringcopy(val, 0); if (!conf->name) { @@ -586,7 +586,7 @@ int conftls_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *v debug(DBG_DBG, "conftls_cb: added TLS block %s", val); return 1; - errexit: +errexit: free(conf->cacertfile); free(conf->cacertpath); free(conf->certfile); @@ -600,7 +600,7 @@ int conftls_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *v int addmatchcertattr(struct clsrvconf *conf) { char *v; regex_t **r; - + if (!strncasecmp(conf->matchcertattr, "CN:/", 4)) { r = &conf->certcnregex; v = conf->matchcertattr + 4; @@ -92,7 +92,7 @@ void udpsetsrcres() { void removeudpclientfromreplyq(struct client *c) { struct list_node *n; struct request *r; - + /* lock the common queue and remove replies for this client */ pthread_mutex_lock(&c->replyq->mutex); for (n = list_first(c->replyq->entries); n; n = list_next(n)) { @@ -101,7 +101,7 @@ void removeudpclientfromreplyq(struct client *c) { r->from = NULL; } pthread_mutex_unlock(&c->replyq->mutex); -} +} static int addr_equal(struct sockaddr *a, struct sockaddr *b) { switch (a->sa_family) { @@ -142,7 +142,7 @@ unsigned char *radudpget(int s, struct client **client, struct server **server, fd_set readfds; struct client *c = NULL; struct timeval now; - + for (;;) { if (rad) { free(rad); @@ -157,7 +157,7 @@ unsigned char *radudpget(int s, struct client **client, struct server **server, debug(DBG_WARN, "radudpget: recv failed"); continue; } - + p = client ? find_clconf(handle, (struct sockaddr *)&from, NULL) : find_srvconf(handle, (struct sockaddr *)&from, NULL); @@ -166,21 +166,21 @@ unsigned char *radudpget(int s, struct client **client, struct server **server, recv(s, buf, 4, 0); continue; } - + len = RADLEN(buf); if (len < 20) { debug(DBG_WARN, "radudpget: length too small"); recv(s, buf, 4, 0); continue; } - + rad = malloc(len); if (!rad) { debug(DBG_ERR, "radudpget: malloc failed"); recv(s, buf, 4, 0); continue; } - + cnt = recv(s, rad, len, MSG_TRUNC); debug(DBG_DBG, "radudpget: got %d bytes from %s", cnt, addr2string((struct sockaddr *)&from)); @@ -206,7 +206,7 @@ unsigned char *radudpget(int s, struct client **client, struct server **server, } if (c->expiry >= now.tv_sec) continue; - + debug(DBG_DBG, "radudpget: removing expired client (%s)", addr2string(c->addr)); removeudpclientfromreplyq(c); c->replyq = NULL; /* stop removeclient() from removing common udp replyq */ @@ -261,7 +261,7 @@ void *udpclientrd(void *arg) { struct server *server; unsigned char *buf; int *s = (int *)arg; - + for (;;) { server = NULL; buf = radudpget(*s, NULL, &server, NULL); @@ -272,7 +272,7 @@ void *udpclientrd(void *arg) { void *udpserverrd(void *arg) { struct request *rq; int *sp = (int *)arg; - + for (;;) { rq = newrequest(); if (!rq) { @@ -291,7 +291,7 @@ void *udpserverwr(void *arg) { struct gqueue *replyq = (struct gqueue *)arg; struct request *reply; struct sockaddr_storage to; - + for (;;) { pthread_mutex_lock(&replyq->mutex); while (!(reply = (struct request *)list_shift(replyq->entries))) { @@ -347,7 +347,7 @@ void initextraudp() { freeaddrinfo(srcres); srcres = NULL; } - + if (client4_sock >= 0) if (pthread_create(&cl4th, NULL, udpclientrd, (void *)&client4_sock)) debugx(1, DBG_ERR, "pthread_create failed"); @@ -62,7 +62,7 @@ void port_set(struct sockaddr *sa, uint16_t port) { struct sockaddr *addr_copy(struct sockaddr *in) { struct sockaddr *out = NULL; - + switch (in->sa_family) { case AF_INET: out = malloc(sizeof(struct sockaddr_in)); @@ -115,7 +115,7 @@ char *addr2string(struct sockaddr *addr) { int connectport(int type, char *host, char *port) { struct addrinfo hints, *res0, *res; int s = -1; - + memset(&hints, 0, sizeof(hints)); hints.ai_socktype = type; hints.ai_family = AF_UNSPEC; @@ -147,7 +147,7 @@ int connectport(int type, char *host, char *port) { */ void disable_DF_bit(int socket, struct addrinfo *res) { - if ((res->ai_family == AF_INET) && (res->ai_socktype == SOCK_DGRAM)) { + if ((res->ai_family == AF_INET) && (res->ai_socktype == SOCK_DGRAM)) { #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) /* * Turn off Path MTU discovery on IPv4/UDP sockets, Linux variant. @@ -156,12 +156,12 @@ void disable_DF_bit(int socket, struct addrinfo *res) { debug(DBG_INFO, "disable_DF_bit: disabling DF bit (Linux variant)"); action = IP_PMTUDISC_DONT; r = setsockopt(socket, IPPROTO_IP, IP_MTU_DISCOVER, &action, sizeof(action)); - if (r == -1) - debug(DBG_WARN, "Failed to set IP_MTU_DISCOVER"); + if (r == -1) + debug(DBG_WARN, "Failed to set IP_MTU_DISCOVER"); #else debug(DBG_INFO, "Non-Linux platform, unable to unset DF bit for UDP. You should check with tcpdump whether radsecproxy will send its UDP packets with DF bit set!"); #endif - } + } } int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) { @@ -181,10 +181,10 @@ int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) { if (reuse) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); - #ifdef IPV6_V6ONLY +#ifdef IPV6_V6ONLY if (v6only) setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)); - #endif +#endif if (!bind(s, res->ai_addr, res->ai_addrlen)) return s; debug(DBG_WARN, "bindtoaddr: bind failed"); @@ -197,7 +197,7 @@ int connectnonblocking(int s, const struct sockaddr *addr, socklen_t addrlen, st int origflags, error = 0, r = -1; fd_set writefds; socklen_t len; - + origflags = fcntl(s, F_GETFL, 0); fcntl(s, F_SETFL, origflags | O_NONBLOCK); if (!connect(s, addr, addrlen)) { @@ -216,7 +216,7 @@ int connectnonblocking(int s, const struct sockaddr *addr, socklen_t addrlen, st if (!getsockopt(s, SOL_SOCKET, SO_ERROR, (char*)&error, &len) && !error) r = 0; - exit: +exit: fcntl(s, F_SETFL, origflags); return r; } @@ -233,7 +233,7 @@ int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src, uint16_t timeout to.tv_sec = timeout; to.tv_usec = 0; } - + for (res = addrinfo; res; res = res->ai_next) { s = bindtoaddr(src, res->ai_family, 1, 1); if (s < 0) { @@ -1,13 +1,13 @@ #include <sys/socket.h> #include <netdb.h> -#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \ - sizeof(struct sockaddr_in) : \ - sizeof(struct sockaddr_in6)) +#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \ + sizeof(struct sockaddr_in) : \ + sizeof(struct sockaddr_in6)) -#define SOCKADDRP_SIZE(addr) ((addr)->sa_family == AF_INET ? \ - sizeof(struct sockaddr_in) : \ - sizeof(struct sockaddr_in6)) +#define SOCKADDRP_SIZE(addr) ((addr)->sa_family == AF_INET ? \ + sizeof(struct sockaddr_in) : \ + sizeof(struct sockaddr_in6)) char *stringcopy(const char *s, int len); char *addr2string(struct sockaddr *addr); |