![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to radsrv.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / src|
Return to radsrv.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / src |
1.1 misho 1:
2: /*
3: * radsrv.c
4: *
5: * Written by Alexander Motin <mav@FreeBSD.org>
6: */
7:
8: #include "ppp.h"
9: #include "radsrv.h"
10: #include "util.h"
11: #include <radlib.h>
12: #include <radlib_vs.h>
13:
14: #ifdef RAD_COA_REQUEST
15:
16: /*
17: * DEFINITIONS
18: */
19:
20: /* Set menu options */
21: enum {
22: SET_OPEN,
23: SET_CLOSE,
24: SET_SELF,
25: SET_PEER,
26: SET_DISABLE,
27: SET_ENABLE
28: };
29:
30:
31: /*
32: * INTERNAL FUNCTIONS
33: */
34:
35: static int RadsrvSetCommand(Context ctx, int ac, char *av[], void *arg);
36:
37: /*
38: * GLOBAL VARIABLES
39: */
40:
41: const struct cmdtab RadsrvSetCmds[] = {
42: { "open", "Open the radsrv" ,
43: RadsrvSetCommand, NULL, 2, (void *) SET_OPEN },
44: { "close", "Close the radsrv" ,
45: RadsrvSetCommand, NULL, 2, (void *) SET_CLOSE },
46: { "self {ip} [{port}]", "Set radsrv ip and port" ,
47: RadsrvSetCommand, NULL, 2, (void *) SET_SELF },
48: { "peer {ip} {secret}", "Set peer ip and secret" ,
49: RadsrvSetCommand, NULL, 2, (void *) SET_PEER },
50: { "enable [opt ...]", "Enable radsrv option" ,
51: RadsrvSetCommand, NULL, 2, (void *) SET_ENABLE },
52: { "disable [opt ...]", "Disable radsrv option" ,
53: RadsrvSetCommand, NULL, 2, (void *) SET_DISABLE },
54: { NULL },
55: };
56:
57:
58: /*
59: * INTERNAL VARIABLES
60: */
61:
62: static const struct confinfo gConfList[] = {
63: { 0, RADSRV_DISCONNECT, "disconnect" },
64: { 0, RADSRV_COA, "coa" },
65: { 0, 0, NULL },
66: };
67:
68: /*
69: * RadsrvInit()
70: */
71:
72: int
73: RadsrvInit(Radsrv w)
74: {
75: /* setup radsrv-defaults */
76: memset(w, 0, sizeof(*w));
77:
78: Enable(&w->options, RADSRV_DISCONNECT);
79: Enable(&w->options, RADSRV_COA);
80:
81: ParseAddr(DEFAULT_RADSRV_IP, &w->addr, ALLOW_IPV4);
82: w->port = DEFAULT_RADSRV_PORT;
83:
84: return (0);
85: }
86:
87: static void
88: RadsrvEvent(int type, void *cookie)
89: {
90: Radsrv w = (Radsrv)cookie;
91: const void *data;
92: size_t len;
93: int res, result, found, err, anysesid, l;
94: Bund B;
95: Link L;
96: char *tmpval;
97: char *username = NULL, *called = NULL, *calling = NULL, *sesid = NULL;
98: char *msesid = NULL, *link = NULL, *bundle = NULL, *iface = NULL;
99: int nasport = -1, serv_type = 0, ifindex = -1, i;
100: u_int session_timeout = -1, idle_timeout = -1, acct_update = -1;
101: struct in_addr ip = { -1 };
102: struct in_addr nas_ip = { -1 };
103: char buf[64];
104: u_int32_t vendor;
105: u_char *state = NULL;
106: int state_len = 0;
107: int authentic = 0;
108: #if defined(USE_NG_BPF) || defined(USE_IPFW)
109: struct acl **acls, *acls1;
110: char *acl, *acl1, *acl2, *acl3;
111: #endif
112: #ifdef USE_IPFW
113: struct acl *acl_rule = NULL; /* ipfw rules */
114: struct acl *acl_pipe = NULL; /* ipfw pipes */
115: struct acl *acl_queue = NULL; /* ipfw queues */
116: struct acl *acl_table = NULL; /* ipfw tables */
117: #endif
118: #ifdef USE_NG_BPF
119: struct acl *acl_filters[ACL_FILTERS]; /* mpd's internal bpf filters */
120: struct acl *acl_limits[ACL_DIRS]; /* traffic limits based on mpd's filters */
121: char std_acct[ACL_DIRS][ACL_NAME_LEN]; /* Names of ACL returned in standard accounting */
122:
123: bzero(acl_filters, sizeof(acl_filters));
124: bzero(acl_limits, sizeof(acl_limits));
125: bzero(std_acct, sizeof(std_acct));
126: #endif
127: result = rad_receive_request(w->handle);
128: if (result < 0) {
129: Log(LG_ERR, ("radsrv: request receive error: %d", result));
130: return;
131: }
132: switch (result) {
133: case RAD_DISCONNECT_REQUEST:
134: if (!Enabled(&w->options, RADSRV_DISCONNECT)) {
135: Log(LG_ERR, ("radsrv: DISCONNECT request, support disabled"));
136: rad_create_response(w->handle, RAD_DISCONNECT_NAK);
137: rad_put_int(w->handle, RAD_ERROR_CAUSE, 501);
138: rad_send_response(w->handle);
139: return;
140: }
141: Log(LG_ERR, ("radsrv: DISCONNECT request"));
142: break;
143: case RAD_COA_REQUEST:
144: if (!Enabled(&w->options, RADSRV_COA)) {
145: Log(LG_ERR, ("radsrv: CoA request, support disabled"));
146: rad_create_response(w->handle, RAD_COA_NAK);
147: rad_put_int(w->handle, RAD_ERROR_CAUSE, 501);
148: rad_send_response(w->handle);
149: return;
150: }
151: Log(LG_ERR, ("radsrv: CoA request"));
152: break;
153: default:
154: Log(LG_ERR, ("radsrv: unsupported request: %d", result));
155: return;
156: }
157: anysesid = 0;
158: while ((res = rad_get_attr(w->handle, &data, &len)) > 0) {
159: switch (res) {
160: case RAD_USER_NAME:
161: anysesid = 1;
162: username = rad_cvt_string(data, len);
163: Log(LG_RADIUS2, ("radsrv: Got RAD_USER_NAME: %s",
164: username));
165: break;
166: case RAD_NAS_IP_ADDRESS:
167: nas_ip = rad_cvt_addr(data);
168: Log(LG_RADIUS2, ("radsrv: Got RAD_NAS_IP_ADDRESS: %s ",
169: inet_ntoa(nas_ip)));
170: break;
171: case RAD_SERVICE_TYPE:
172: serv_type = rad_cvt_int(data);
173: Log(LG_RADIUS2, ("radsrv: Got RAD_SERVICE_TYPE: %d",
174: serv_type));
175: break;
176: case RAD_STATE:
177: tmpval = Bin2Hex(data, len);
178: Log(LG_RADIUS2, ("radsrv: Get RAD_STATE: 0x%s", tmpval));
179: Freee(tmpval);
180: state_len = len;
181: if (state != NULL)
182: Freee(state);
183: state = Mdup(MB_RADSRV, data, len);
184: break;
185: case RAD_CALLED_STATION_ID:
186: anysesid = 1;
187: called = rad_cvt_string(data, len);
188: Log(LG_RADIUS2, ("radsrv: Got RAD_CALLED_STATION_ID: %s ",
189: called));
190: break;
191: case RAD_CALLING_STATION_ID:
192: anysesid = 1;
193: calling = rad_cvt_string(data, len);
194: Log(LG_RADIUS2, ("radsrv: Got RAD_CALLING_STATION_ID: %s ",
195: calling));
196: break;
197: case RAD_ACCT_SESSION_ID:
198: anysesid = 1;
199: sesid = rad_cvt_string(data, len);
200: Log(LG_RADIUS2, ("radsrv: Got RAD_ACCT_SESSION_ID: %s ",
201: sesid));
202: break;
203: case RAD_ACCT_MULTI_SESSION_ID:
204: anysesid = 1;
205: msesid = rad_cvt_string(data, len);
206: Log(LG_RADIUS2, ("radsrv: Got RAD_ACCT_MULTI_SESSION_ID: %s ",
207: msesid));
208: break;
209: case RAD_FRAMED_IP_ADDRESS:
210: anysesid = 1;
211: ip = rad_cvt_addr(data);
212: Log(LG_RADIUS2, ("radsrv: Got RAD_FRAMED_IP_ADDRESS: %s ",
213: inet_ntoa(ip)));
214: break;
215: case RAD_NAS_PORT:
216: anysesid = 1;
217: nasport = rad_cvt_int(data);
218: Log(LG_RADIUS2, ("radsrv: Got RAD_NAS_PORT: %d ",
219: nasport));
220: break;
221: case RAD_SESSION_TIMEOUT:
222: session_timeout = rad_cvt_int(data);
223: Log(LG_RADIUS2, ("radsrv: Got RAD_SESSION_TIMEOUT: %u ",
224: session_timeout));
225: break;
226: case RAD_IDLE_TIMEOUT:
227: idle_timeout = rad_cvt_int(data);
228: Log(LG_RADIUS2, ("radsrv: Got RAD_IDLE_TIMEOUT: %u ",
229: idle_timeout));
230: break;
231: case RAD_ACCT_INTERIM_INTERVAL:
232: acct_update = rad_cvt_int(data);
233: Log(LG_RADIUS2, ("radsrv: Got RAD_ACCT_INTERIM_INTERVAL: %u ",
234: acct_update));
235: break;
236: case RAD_MESSAGE_AUTHENTIC:
237: Log(LG_RADIUS2, ("radsrv: Got RAD_MESSAGE_AUTHENTIC"));
238: authentic = 1;
239: break;
240: case RAD_VENDOR_SPECIFIC:
241: if ((res = rad_get_vendor_attr(&vendor, &data, &len)) == -1) {
242: Log(LG_RADIUS, ("radsrv: Get vendor attr failed: %s ",
243: rad_strerror(w->handle)));
244: break;
245: }
246: switch (vendor) {
247: case RAD_VENDOR_MPD:
248: if (res == RAD_MPD_LINK) {
249: if (link)
250: free(link);
251: link = rad_cvt_string(data, len);
252: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_LINK: %s",
253: link));
254: anysesid = 1;
255: break;
256: } else if (res == RAD_MPD_BUNDLE) {
257: if (bundle)
258: free(bundle);
259: bundle = rad_cvt_string(data, len);
260: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_BINDLE: %s",
261: bundle));
262: anysesid = 1;
263: break;
264: } else if (res == RAD_MPD_IFACE) {
265: if (iface)
266: free(iface);
267: iface = rad_cvt_string(data, len);
268: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_IFACE: %s",
269: iface));
270: anysesid = 1;
271: break;
272: } else if (res == RAD_MPD_IFACE_INDEX) {
273: ifindex = rad_cvt_int(data);
274: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_IFACE_INDEX: %d",
275: ifindex));
276: anysesid = 1;
277: break;
278: } else
279: #ifdef USE_IPFW
280: if (res == RAD_MPD_RULE) {
281: acl1 = acl = rad_cvt_string(data, len);
282: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_RULE: %s",
283: acl));
284: acls = &acl_rule;
285: } else if (res == RAD_MPD_PIPE) {
286: acl1 = acl = rad_cvt_string(data, len);
287: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_PIPE: %s",
288: acl));
289: acls = &acl_pipe;
290: } else if (res == RAD_MPD_QUEUE) {
291: acl1 = acl = rad_cvt_string(data, len);
292: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_QUEUE: %s",
293: acl));
294: acls = &acl_queue;
295: } else if (res == RAD_MPD_TABLE) {
296: acl1 = acl = rad_cvt_string(data, len);
297: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_TABLE: %s",
298: acl));
299: acls = &acl_table;
300: } else if (res == RAD_MPD_TABLE_STATIC) {
301: acl1 = acl = rad_cvt_string(data, len);
302: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_TABLE_STATIC: %s",
303: acl));
304: acls = &acl_table;
305: } else
306: #endif /* USE_IPFW */
307: #ifdef USE_NG_BPF
308: if (res == RAD_MPD_FILTER) {
309: acl1 = acl = rad_cvt_string(data, len);
310: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_FILTER: %s",
311: acl));
312: acl2 = strsep(&acl1, "#");
313: i = atol(acl2);
314: if (i <= 0 || i > ACL_FILTERS) {
315: Log(LG_RADIUS, ("radsrv: Wrong filter number: %i", i));
316: free(acl);
317: break;
318: }
319: acls = &(acl_filters[i - 1]);
320: } else if (res == RAD_MPD_LIMIT) {
321: acl1 = acl = rad_cvt_string(data, len);
322: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_LIMIT: %s",
323: acl));
324: acl2 = strsep(&acl1, "#");
325: if (strcasecmp(acl2, "in") == 0) {
326: i = 0;
327: } else if (strcasecmp(acl2, "out") == 0) {
328: i = 1;
329: } else {
330: Log(LG_ERR, ("radsrv: Wrong limit direction: '%s'",
331: acl2));
332: free(acl);
333: break;
334: }
335: acls = &(acl_limits[i]);
336: } else if (res == RAD_MPD_INPUT_ACCT) {
337: tmpval = rad_cvt_string(data, len);
338: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_INPUT_ACCT: %s",
339: tmpval));
340: strlcpy(std_acct[0], tmpval, sizeof(std_acct[0]));
341: free(tmpval);
342: break;
343: } else if (res == RAD_MPD_OUTPUT_ACCT) {
344: tmpval = rad_cvt_string(data, len);
345: Log(LG_RADIUS2, ("radsrv: Get RAD_MPD_OUTPUT_ACCT: %s",
346: tmpval));
347: strlcpy(std_acct[1], tmpval, sizeof(std_acct[1]));
348: free(tmpval);
349: break;
350: } else
351: #endif /* USE_NG_BPF */
352: {
353: Log(LG_RADIUS2, ("radsrv: Dropping MPD vendor specific attribute: %d",
354: res));
355: break;
356: }
357: #if defined(USE_NG_BPF) || defined(USE_IPFW)
358: if (acl1 == NULL) {
359: Log(LG_ERR, ("radsrv: Incorrect acl!"));
360: free(acl);
361: break;
362: }
363:
364: acl3 = acl1;
365: strsep(&acl3, "=");
366: acl2 = acl1;
367: strsep(&acl2, "#");
368: i = atol(acl1);
369: if (i <= 0) {
370: Log(LG_ERR, ("radsrv: Wrong acl number: %i", i));
371: free(acl);
372: break;
373: }
374: if ((acl3 == NULL) || (acl3[0] == 0)) {
375: Log(LG_ERR, ("radsrv: Wrong acl"));
376: free(acl);
377: break;
378: }
379: acls1 = Malloc(MB_AUTH, sizeof(struct acl) + strlen(acl3));
380: if (res != RAD_MPD_TABLE_STATIC) {
381: acls1->number = i;
382: acls1->real_number = 0;
383: } else {
384: acls1->number = 0;
385: acls1->real_number = i;
386: }
387: if (acl2)
388: strlcpy(acls1->name, acl2, sizeof(acls1->name));
389: strcpy(acls1->rule, acl3);
390: while ((*acls != NULL) && ((*acls)->number < acls1->number))
391: acls = &((*acls)->next);
392:
393: if (*acls == NULL) {
394: acls1->next = NULL;
395: } else if (((*acls)->number == acls1->number) &&
396: (res != RAD_MPD_TABLE) &&
397: (res != RAD_MPD_TABLE_STATIC)) {
398: Log(LG_ERR, ("radsrv: Duplicate acl"));
399: Freee(acls1);
400: free(acl);
401: break;
402: } else {
403: acls1->next = *acls;
404: }
405: *acls = acls1;
406:
407: free(acl);
408: break;
409: #endif /* USE_NG_BPF or USE_IPFW */
410:
411: default:
412: Log(LG_RADIUS2, ("radsrv: Dropping vendor %d attribute: %d ",
413: vendor, res));
414: break;
415: }
416: break;
417: default:
418: Log(LG_RADIUS2, ("radsrv: Unknown attribute: %d ",
419: res));
420: break;
421: }
422: }
423: err = 0;
424: if (w->addr.u.ip4.s_addr != 0 && nas_ip.s_addr != -1 && w->addr.u.ip4.s_addr != nas_ip.s_addr) {
425: Log(LG_ERR, ("radsrv: incorrect NAS-IP-Address"));
426: err = 403;
427: } else if (anysesid == 0) {
428: Log(LG_ERR, ("radsrv: request without session identification"));
429: err = 402;
430: } else if (serv_type != 0) {
431: Log(LG_ERR, ("radsrv: Service-Type attribute not supported"));
432: err = 405;
433: }
434: if (err) {
435: if (result == RAD_DISCONNECT_REQUEST)
436: rad_create_response(w->handle, RAD_DISCONNECT_NAK);
437: else
438: rad_create_response(w->handle, RAD_COA_NAK);
439: rad_put_int(w->handle, RAD_ERROR_CAUSE, err);
440: if (state != NULL)
441: rad_put_attr(w->handle, RAD_STATE, state, state_len);
442: if (authentic)
443: rad_put_message_authentic(w->handle);
444: rad_send_response(w->handle);
445: goto cleanup;
446: }
447: found = 0;
448: err = 503;
449: for (l = 0; l < gNumLinks; l++) {
450: if ((L = gLinks[l]) != NULL) {
451: B = L->bund;
452: if (nasport != -1 && nasport != l)
453: continue;
454: if (sesid && strcmp(sesid, L->session_id))
455: continue;
456: if (link && strcmp(link, L->name))
457: continue;
458: if (msesid && strcmp(msesid, L->msession_id))
459: continue;
460: if (username && strcmp(username, L->lcp.auth.params.authname))
461: continue;
462: if (called && !PhysGetCalledNum(L, buf, sizeof(buf)) &&
463: strcmp(called, buf))
464: continue;
465: if (calling && !PhysGetCallingNum(L, buf, sizeof(buf)) &&
466: strcmp(calling, buf))
467: continue;
468: if (bundle && (!B || strcmp(bundle, B->name)))
469: continue;
470: if (iface && (!B || strcmp(iface, B->iface.ifname)))
471: continue;
472: if (ifindex >= 0 && (!B || ifindex != B->iface.ifindex))
473: continue;
474: if (ip.s_addr != -1 && (!B ||
475: ip.s_addr != B->iface.peer_addr.u.ip4.s_addr))
476: continue;
477:
478: Log(LG_RADIUS2, ("radsrv: Matched link: %s",
479: L->name));
480: if (L->tmpl) {
481: Log(LG_ERR, ("radsrv: Impossible to affect template"));
482: err = 504;
483: continue;
484: }
485: found++;
486:
487: if (result == RAD_DISCONNECT_REQUEST) {
488: RecordLinkUpDownReason(NULL, L, 0, STR_MANUALLY, NULL);
489: LinkClose(L);
490: } else { /* CoA */
491: if (B && B->iface.up && !B->iface.dod) {
492: if (B->iface.ip_up)
493: IfaceIpIfaceDown(B);
494: if (B->iface.ipv6_up)
495: IfaceIpv6IfaceDown(B);
496: IfaceDown(B);
497: }
498: #ifdef USE_IPFW
499: ACLDestroy(L->lcp.auth.params.acl_rule);
500: ACLDestroy(L->lcp.auth.params.acl_pipe);
501: ACLDestroy(L->lcp.auth.params.acl_queue);
502: ACLDestroy(L->lcp.auth.params.acl_table);
503: L->lcp.auth.params.acl_rule = NULL;
504: L->lcp.auth.params.acl_pipe = NULL;
505: L->lcp.auth.params.acl_queue = NULL;
506: L->lcp.auth.params.acl_table = NULL;
507: ACLCopy(acl_rule, &L->lcp.auth.params.acl_rule);
508: ACLCopy(acl_pipe, &L->lcp.auth.params.acl_pipe);
509: ACLCopy(acl_queue, &L->lcp.auth.params.acl_queue);
510: ACLCopy(acl_table, &L->lcp.auth.params.acl_table);
511: #endif /* USE_IPFW */
512: #ifdef USE_NG_BPF
513: for (i = 0; i < ACL_FILTERS; i++) {
514: ACLDestroy(L->lcp.auth.params.acl_filters[i]);
515: L->lcp.auth.params.acl_filters[i] = NULL;
516: ACLCopy(acl_filters[i], &L->lcp.auth.params.acl_filters[i]);
517: }
518: for (i = 0; i < ACL_DIRS; i++) {
519: ACLDestroy(L->lcp.auth.params.acl_limits[i]);
520: L->lcp.auth.params.acl_limits[i] = NULL;
521: ACLCopy(acl_limits[i], &L->lcp.auth.params.acl_limits[i]);
522: }
523: strcpy(L->lcp.auth.params.std_acct[0], std_acct[0]);
524: strcpy(L->lcp.auth.params.std_acct[1], std_acct[1]);
525: #endif
526: if (session_timeout != -1)
527: L->lcp.auth.params.session_timeout = session_timeout;
528: if (idle_timeout != -1)
529: L->lcp.auth.params.idle_timeout = idle_timeout;
530: if (acct_update != -1) {
531: L->lcp.auth.params.acct_update = acct_update;
532: /* Stop accounting update timer if running. */
533: TimerStop(&L->lcp.auth.acct_timer);
534: if (B) {
535: /* Start accounting update timer if needed. */
536: u_int updateInterval;
537: if (L->lcp.auth.params.acct_update > 0)
538: updateInterval = L->lcp.auth.params.acct_update;
539: else
540: updateInterval = L->lcp.auth.conf.acct_update;
541: if (updateInterval > 0) {
542: TimerInit(&L->lcp.auth.acct_timer, "AuthAccountTimer",
543: updateInterval * SECONDS, AuthAccountTimeout, L);
544: TimerStartRecurring(&L->lcp.auth.acct_timer);
545: }
546: }
547: }
548: if (B && B->iface.up && !B->iface.dod) {
549: authparamsDestroy(&B->params);
550: authparamsCopy(&L->lcp.auth.params,&B->params);
551: if (B->iface.ip_up)
552: IfaceIpIfaceUp(B, 1);
553: if (B->iface.ipv6_up)
554: IfaceIpv6IfaceUp(B, 1);
555: IfaceUp(B, 1);
556: }
557: }
558: }
559: }
560: if (result == RAD_DISCONNECT_REQUEST) {
561: if (found) {
562: rad_create_response(w->handle, RAD_DISCONNECT_ACK);
563: } else {
564: rad_create_response(w->handle, RAD_DISCONNECT_NAK);
565: rad_put_int(w->handle, RAD_ERROR_CAUSE, err);
566: }
567: } else {
568: if (found) {
569: rad_create_response(w->handle, RAD_COA_ACK);
570: } else {
571: rad_create_response(w->handle, RAD_COA_NAK);
572: rad_put_int(w->handle, RAD_ERROR_CAUSE, err);
573: }
574: }
575: if (state != NULL)
576: rad_put_attr(w->handle, RAD_STATE, state, state_len);
577: if (authentic)
578: rad_put_message_authentic(w->handle);
579: rad_send_response(w->handle);
580:
581: cleanup:
582: if (username)
583: free(username);
584: if (called)
585: free(called);
586: if (calling)
587: free(calling);
588: if (sesid)
589: free(sesid);
590: if (msesid)
591: free(msesid);
592: if (link)
593: free(link);
594: if (bundle)
595: free(bundle);
596: if (iface)
597: free(iface);
598: if (state != NULL)
599: Freee(state);
600: #ifdef USE_IPFW
601: ACLDestroy(acl_rule);
602: ACLDestroy(acl_pipe);
603: ACLDestroy(acl_queue);
604: ACLDestroy(acl_table);
605: #endif /* USE_IPFW */
606: #ifdef USE_NG_BPF
607: for (i = 0; i < ACL_FILTERS; i++)
608: ACLDestroy(acl_filters[i]);
609: for (i = 0; i < ACL_DIRS; i++)
610: ACLDestroy(acl_limits[i]);
611: #endif /* USE_NG_BPF */
612: }
613:
614: /*
615: * RadsrvOpen()
616: */
617:
618: int
619: RadsrvOpen(Radsrv w)
620: {
621: char addrstr[INET6_ADDRSTRLEN];
622: struct sockaddr_in sin;
623: struct radiusclient_conf *s;
624:
625: if (w->handle) {
626: Log(LG_ERR, ("radsrv: radsrv already running"));
627: return (-1);
628: }
629:
630: if ((w->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
631: Perror("%s: Cannot create socket", __FUNCTION__);
632: return (-1);
633: }
634: memset(&sin, 0, sizeof sin);
635: sin.sin_len = sizeof sin;
636: sin.sin_family = AF_INET;
637: sin.sin_addr = w->addr.u.ip4;
638: sin.sin_port = htons(w->port);
639: if (bind(w->fd, (const struct sockaddr *)&sin,
640: sizeof sin) == -1) {
641: Log(LG_ERR, ("%s: bind: %s", __FUNCTION__, strerror(errno)));
642: close(w->fd);
643: w->fd = -1;
644: return (-1);
645: }
646:
647: if (!(w->handle = rad_server_open(w->fd))) {
648: Log(LG_ERR, ("%s: rad_server_open error", __FUNCTION__));
649: close(w->fd);
650: w->fd = -1;
651: return(-1);
652: }
653:
654: EventRegister(&w->event, EVENT_READ, w->fd,
655: EVENT_RECURRING, RadsrvEvent, w);
656:
657: s = w->clients;
658: while (s) {
659: Log(LG_RADIUS2, ("radsrv: Adding client %s", s->hostname));
660: if (rad_add_server (w->handle, s->hostname,
661: 0, s->sharedsecret, 0, 0) == -1) {
662: Log(LG_RADIUS, ("radsrv: Adding client error: %s",
663: rad_strerror(w->handle)));
664: }
665: s = s->next;
666: }
667:
668: Log(LG_ERR, ("radsrv: listening on %s %d",
669: u_addrtoa(&w->addr,addrstr,sizeof(addrstr)), w->port));
670: return (0);
671: }
672:
673: /*
674: * RadsrvClose()
675: */
676:
677: int
678: RadsrvClose(Radsrv w)
679: {
680:
681: if (!w->handle) {
682: Log(LG_ERR, ("radsrv: radsrv is not running"));
683: return (-1);
684: }
685: EventUnRegister(&w->event);
686: rad_close(w->handle);
687: w->handle = NULL;
688:
689: Log(LG_ERR, ("radsrv: stop listening"));
690: return (0);
691: }
692:
693: /*
694: * RadsrvStat()
695: */
696:
697: int
698: RadsrvStat(Context ctx, int ac, char *av[], void *arg)
699: {
700: Radsrv w = &gRadsrv;
701: char addrstr[64];
702: struct radiusclient_conf *client;
703:
704: Printf("Radsrv configuration:\r\n");
705: Printf("\tState : %s\r\n", w->handle ? "OPENED" : "CLOSED");
706: Printf("\tSelf : %s %d\r\n",
707: u_addrtoa(&w->addr,addrstr,sizeof(addrstr)), w->port);
708: Printf("\tPeer:\r\n");
709: client = w->clients;
710: while (client) {
711: Printf("\t %s ********\r\n", client->hostname);
712: client = client->next;
713: }
714: Printf("Radsrv options:\r\n");
715: OptStat(ctx, &w->options, gConfList);
716:
717: return (0);
718: }
719:
720: /*
721: * RadsrvSetCommand()
722: */
723:
724: static int
725: RadsrvSetCommand(Context ctx, int ac, char *av[], void *arg)
726: {
727: Radsrv w = &gRadsrv;
728: int port, count;
729: struct radiusclient_conf *peer, *t_peer;
730:
731: switch ((intptr_t)arg) {
732:
733: case SET_OPEN:
734: RadsrvOpen(w);
735: break;
736:
737: case SET_CLOSE:
738: RadsrvClose(w);
739: break;
740:
741: case SET_ENABLE:
742: EnableCommand(ac, av, &w->options, gConfList);
743: break;
744:
745: case SET_DISABLE:
746: DisableCommand(ac, av, &w->options, gConfList);
747: break;
748:
749: case SET_SELF:
750: if (ac < 1 || ac > 2)
751: return(-1);
752:
753: if (!ParseAddr(av[0],&w->addr, ALLOW_IPV4))
754: Error("Bogus IP address given %s", av[0]);
755:
756: if (ac == 2) {
757: port = strtol(av[1], NULL, 10);
758: if (port < 1 || port > 65535)
759: Error("Bogus port given %s", av[1]);
760: w->port=port;
761: }
762: break;
763:
764: case SET_PEER:
765: if (ac != 2)
766: return(-1);
767:
768: count = 0;
769: for ( t_peer = w->clients ; t_peer ;
770: t_peer = t_peer->next) {
771: count++;
772: }
773: if (count > RADSRV_MAX_SERVERS) {
774: Error("cannot configure more than %d peers",
775: RADSRV_MAX_SERVERS);
776: }
777: if (strlen(av[0]) > MAXHOSTNAMELEN-1)
778: Error("Hostname too long. > %d char.", MAXHOSTNAMELEN-1);
779: if (strlen(av[1]) > 127)
780: Error("Shared Secret too long. > 127 char.");
781:
782: peer = Malloc(MB_RADSRV, sizeof(*peer));
783: peer->hostname = Mstrdup(MB_RADSRV, av[0]);
784: peer->sharedsecret = Mstrdup(MB_RADSRV, av[1]);
785: peer->next = w->clients;
786: w->clients = peer;
787: break;
788:
789: default:
790: return(-1);
791:
792: }
793:
794: return 0;
795: }
796:
797: #endif