File: | src/usr.sbin/npppd/npppd/npppd_auth.c |
Warning: | line 373, column 2 Null pointer passed as 1st argument to string copy function |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: npppd_auth.c,v 1.22 2021/03/29 03:54:39 yasuoka Exp $ */ | |||
2 | ||||
3 | /*- | |||
4 | * Copyright (c) 2009 Internet Initiative Japan Inc. | |||
5 | * All rights reserved. | |||
6 | * | |||
7 | * Redistribution and use in source and binary forms, with or without | |||
8 | * modification, are permitted provided that the following conditions | |||
9 | * are met: | |||
10 | * 1. Redistributions of source code must retain the above copyright | |||
11 | * notice, this list of conditions and the following disclaimer. | |||
12 | * 2. Redistributions in binary form must reproduce the above copyright | |||
13 | * notice, this list of conditions and the following disclaimer in the | |||
14 | * documentation and/or other materials provided with the distribution. | |||
15 | * | |||
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||
17 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||
18 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||
20 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||
21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||
22 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
23 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||
24 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||
25 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||
26 | * SUCH DAMAGE. | |||
27 | */ | |||
28 | /**@file authentication realm */ | |||
29 | /* $Id: npppd_auth.c,v 1.22 2021/03/29 03:54:39 yasuoka Exp $ */ | |||
30 | #include <sys/types.h> | |||
31 | #include <sys/stat.h> | |||
32 | #include <sys/socket.h> | |||
33 | #include <netinet/in.h> | |||
34 | #include <net/if_dl.h> | |||
35 | #include <arpa/inet.h> | |||
36 | #include <stdio.h> | |||
37 | #include <syslog.h> | |||
38 | #include <string.h> | |||
39 | #include <time.h> | |||
40 | #include <event.h> | |||
41 | #include <stdarg.h> | |||
42 | #include <stdlib.h> | |||
43 | #include <netdb.h> | |||
44 | #include <errno(*__errno()).h> | |||
45 | ||||
46 | #include "debugutil.h" | |||
47 | #include "npppd_local.h" | |||
48 | #include "npppd_auth.h" | |||
49 | #include "net_utils.h" | |||
50 | ||||
51 | #include "npppd_auth_local.h" | |||
52 | ||||
53 | /** | |||
54 | * Create a npppd_auth_base object. | |||
55 | * @param auth_type the authentication type. | |||
56 | * specify {@link ::NPPPD_AUTH_TYPE_LOCAL} to authenticate by the local | |||
57 | * file, or specify {@link ::NPPPD_AUTH_TYPE_RADIUS} for RADIUS | |||
58 | * authentication. | |||
59 | * @param name the configuration name | |||
60 | * @param _npppd the parent {@link ::npppd} object | |||
61 | * @see ::NPPPD_AUTH_TYPE_LOCAL | |||
62 | * @see ::NPPPD_AUTH_TYPE_RADIUS | |||
63 | * @return The pointer to the {@link ::npppd_auth_base} object will be returned | |||
64 | * in case success otherwise NULL will be returned. | |||
65 | */ | |||
66 | npppd_auth_base * | |||
67 | npppd_auth_create(int auth_type, const char *name, void *_npppd) | |||
68 | { | |||
69 | npppd_auth_base *base; | |||
70 | ||||
71 | NPPPD_AUTH_ASSERT(name != NULL); | |||
72 | ||||
73 | switch (auth_type) { | |||
74 | case NPPPD_AUTH_TYPE_LOCAL1: | |||
75 | if ((base = calloc(1, sizeof(npppd_auth_local))) != NULL((void *)0)) { | |||
76 | base->type = NPPPD_AUTH_TYPE_LOCAL1; | |||
77 | strlcpy(base->name, name, sizeof(base->name)); | |||
78 | base->npppd = _npppd; | |||
79 | ||||
80 | return base; | |||
81 | } | |||
82 | break; | |||
83 | ||||
84 | #ifdef USE_NPPPD_RADIUS1 | |||
85 | case NPPPD_AUTH_TYPE_RADIUS2: | |||
86 | if ((base = calloc(1, sizeof(npppd_auth_radius))) != NULL((void *)0)) { | |||
87 | npppd_auth_radius *_this = (npppd_auth_radius *)base; | |||
88 | base->type = NPPPD_AUTH_TYPE_RADIUS2; | |||
89 | strlcpy(base->name, name, sizeof(base->name)); | |||
90 | base->npppd = _npppd; | |||
91 | if ((_this->rad_auth_setting = | |||
92 | radius_req_setting_create()) == NULL((void *)0)) | |||
93 | goto radius_fail; | |||
94 | if ((_this->rad_acct_setting = | |||
95 | radius_req_setting_create()) == NULL((void *)0)) | |||
96 | goto radius_fail; | |||
97 | ||||
98 | return base; | |||
99 | radius_fail: | |||
100 | if (_this->rad_auth_setting != NULL((void *)0)) | |||
101 | radius_req_setting_destroy( | |||
102 | _this->rad_auth_setting); | |||
103 | if (_this->rad_acct_setting != NULL((void *)0)) | |||
104 | radius_req_setting_destroy( | |||
105 | _this->rad_acct_setting); | |||
106 | free(base); | |||
107 | return NULL((void *)0); | |||
108 | } | |||
109 | ||||
110 | break; | |||
111 | #endif | |||
112 | ||||
113 | default: | |||
114 | NPPPD_AUTH_ASSERT(0); | |||
115 | break; | |||
116 | } | |||
117 | ||||
118 | return NULL((void *)0); | |||
119 | } | |||
120 | ||||
121 | /** | |||
122 | * Call this function to make the object unusable. | |||
123 | * <p> | |||
124 | * {@link ::npppd_auth_base} objects is referred by the {@link ::npppd_ppp} | |||
125 | * object. After this function is called, npppd will disconnect the PPP | |||
126 | * links that refers the object, it will call {@link ::npppd_auth_destroy()} | |||
127 | * when all the references to the object are released.</p> | |||
128 | */ | |||
129 | void | |||
130 | npppd_auth_dispose(npppd_auth_base *base) | |||
131 | { | |||
132 | ||||
133 | base->disposing = 1; | |||
134 | ||||
135 | return; | |||
136 | } | |||
137 | ||||
138 | /** Destroy the {@link ::npppd_auth_base} object. */ | |||
139 | void | |||
140 | npppd_auth_destroy(npppd_auth_base *base) | |||
141 | { | |||
142 | ||||
143 | if (base->disposing == 0) | |||
144 | npppd_auth_dispose(base); | |||
145 | ||||
146 | npppd_auth_base_log(base, LOG_INFO6, "Finalized"); | |||
147 | ||||
148 | switch(base->type) { | |||
149 | case NPPPD_AUTH_TYPE_LOCAL1: | |||
150 | memset(base, 0, sizeof(npppd_auth_local)); | |||
151 | break; | |||
152 | ||||
153 | #ifdef USE_NPPPD_RADIUS1 | |||
154 | case NPPPD_AUTH_TYPE_RADIUS2: | |||
155 | { | |||
156 | npppd_auth_radius *_this = (npppd_auth_radius *)base; | |||
157 | if (_this->rad_auth_setting != NULL((void *)0)) | |||
158 | radius_req_setting_destroy(_this->rad_auth_setting); | |||
159 | _this->rad_auth_setting = NULL((void *)0); | |||
160 | if (_this->rad_acct_setting != NULL((void *)0)) | |||
161 | radius_req_setting_destroy(_this->rad_acct_setting); | |||
162 | _this->rad_acct_setting = NULL((void *)0); | |||
163 | memset(base, 0, sizeof(npppd_auth_local)); | |||
164 | break; | |||
165 | } | |||
166 | #endif | |||
167 | } | |||
168 | free(base); | |||
169 | ||||
170 | return; | |||
171 | } | |||
172 | ||||
173 | /** Reload the configuration */ | |||
174 | int | |||
175 | npppd_auth_reload(npppd_auth_base *base) | |||
176 | { | |||
177 | struct authconf *auth; | |||
178 | ||||
179 | TAILQ_FOREACH(auth, &base->npppd->conf.authconfs, entry)for((auth) = ((&base->npppd->conf.authconfs)->tqh_first ); (auth) != ((void *)0); (auth) = ((auth)->entry.tqe_next )) { | |||
180 | if (strcmp(auth->name, base->name) == 0) | |||
181 | break; | |||
182 | } | |||
183 | if (auth == NULL((void *)0)) | |||
184 | return 1; | |||
185 | ||||
186 | base->pppsuffix[0] = '\0'; | |||
187 | if (auth->username_suffix != NULL((void *)0)) | |||
188 | strlcpy(base->pppsuffix, auth->username_suffix, | |||
189 | sizeof(base->pppsuffix)); | |||
190 | base->eap_capable = auth->eap_capable; | |||
191 | base->strip_nt_domain = auth->strip_nt_domain; | |||
192 | base->strip_atmark_realm = auth->strip_atmark_realm; | |||
193 | base->has_users_file = 0; | |||
194 | base->radius_ready = 0; | |||
195 | base->user_max_session = auth->user_max_session; | |||
196 | ||||
197 | if (strlen(auth->users_file_path) > 0) { | |||
198 | strlcpy(base->users_file_path, auth->users_file_path, | |||
199 | sizeof(base->users_file_path)); | |||
200 | base->has_users_file = 1; | |||
201 | } else { | |||
202 | if (base->type == NPPPD_AUTH_TYPE_LOCAL1) { | |||
203 | npppd_auth_base_log(base, | |||
204 | LOG_WARNING4, "missing users_file property."); | |||
205 | goto fail; | |||
206 | } | |||
207 | } | |||
208 | ||||
209 | switch (base->type) { | |||
210 | #ifdef USE_NPPPD_RADIUS1 | |||
211 | case NPPPD_AUTH_TYPE_RADIUS2: | |||
212 | if (npppd_auth_radius_reload(base, auth) != 0) | |||
213 | goto fail; | |||
214 | break; | |||
215 | #endif | |||
216 | } | |||
217 | base->initialized = 1; | |||
218 | ||||
219 | return 0; | |||
220 | ||||
221 | fail: | |||
222 | base->initialized = 0; | |||
223 | base->has_users_file = 0; | |||
224 | base->radius_ready = 0; | |||
225 | ||||
226 | return 1; | |||
227 | } | |||
228 | ||||
229 | /** | |||
230 | * This function gets specified user's password. The value 0 is returned | |||
231 | * if the call succeeds. | |||
232 | * | |||
233 | * @param username username which gets the password | |||
234 | * @param password buffers which stores the password | |||
235 | * Specify NULL if you want to known the length of | |||
236 | * the password only. | |||
237 | * @param lppassword pointer which indicates the length of | |||
238 | * the buffer which stores the password. | |||
239 | * @return A value 1 is returned if user is unknown. A value 2 is returned | |||
240 | * if password buffer is sufficient. A negative value is | |||
241 | * returned if other error occurred. | |||
242 | */ | |||
243 | int | |||
244 | npppd_auth_get_user_password(npppd_auth_base *base, | |||
245 | const char *username, char *password, int *plpassword) | |||
246 | { | |||
247 | int retval, sz, lpassword; | |||
248 | npppd_auth_user *user; | |||
249 | ||||
250 | NPPPD_AUTH_ASSERT(base != NULL); | |||
251 | NPPPD_AUTH_DBG((base, LOG_DEBUG, "%s(%s)", __func__, username)); | |||
252 | ||||
253 | user = NULL((void *)0); | |||
254 | retval = 0; | |||
255 | if (base->has_users_file == 0) { | |||
256 | retval = -1; | |||
257 | goto out; | |||
258 | } | |||
259 | if ((user = npppd_auth_get_user(base, username)) == NULL((void *)0)) { | |||
260 | retval = 1; | |||
261 | goto out; | |||
262 | } | |||
263 | if (password == NULL((void *)0) && plpassword == NULL((void *)0)) { | |||
264 | retval = 0; | |||
265 | goto out; | |||
266 | } | |||
267 | if (plpassword == NULL((void *)0)) { | |||
268 | retval = -1; | |||
269 | goto out; | |||
270 | } | |||
271 | lpassword = strlen(user->password) + 1; | |||
272 | sz = *plpassword; | |||
273 | *plpassword = lpassword; | |||
274 | if (password == NULL((void *)0)) { | |||
275 | retval = 0; | |||
276 | goto out; | |||
277 | } | |||
278 | if (sz < lpassword) { | |||
279 | retval = 2; | |||
280 | goto out; | |||
281 | } | |||
282 | strlcpy(password, user->password, sz); | |||
283 | out: | |||
284 | free(user); | |||
285 | ||||
286 | return retval; | |||
287 | } | |||
288 | ||||
289 | /** | |||
290 | * This function gets specified users' Framed-IP-{Address,Netmask}. | |||
291 | * The value 0 is returned if the call succeeds. | |||
292 | * <p> | |||
293 | * Because authentication database is updated at any time, the password is | |||
294 | * possible to be inconsistent if this function is not called immediately | |||
295 | * after authentication. So this function is called immediately after | |||
296 | * authentication. </p> | |||
297 | * @param username username which gets the password | |||
298 | * @param ip4address pointer which indicates struct in_addr which | |||
299 | * stores the Framed-IP-Address | |||
300 | * @param ip4netmask pointer which indicates struct in_addr which | |||
301 | * stores Framed-IP-Netmask | |||
302 | */ | |||
303 | int | |||
304 | npppd_auth_get_framed_ip(npppd_auth_base *base, const char *username, | |||
305 | struct in_addr *ip4address, struct in_addr *ip4netmask) | |||
306 | { | |||
307 | npppd_auth_user *user; | |||
308 | ||||
309 | NPPPD_AUTH_ASSERT(base != NULL); | |||
310 | NPPPD_AUTH_DBG((base, LOG_DEBUG, "%s(%s)", __func__, username)); | |||
311 | if (base->has_users_file == 0) | |||
312 | return -1; | |||
313 | ||||
314 | if ((user = npppd_auth_get_user(base, username)) == NULL((void *)0)) | |||
315 | return 1; | |||
316 | ||||
317 | if (user->framed_ip_address.s_addr != 0) { | |||
318 | *ip4address = user->framed_ip_address; | |||
319 | if (ip4netmask != NULL((void *)0)) | |||
320 | *ip4netmask = user->framed_ip_netmask; | |||
321 | ||||
322 | free(user); | |||
323 | return 0; | |||
324 | } | |||
325 | free(user); | |||
326 | ||||
327 | return 1; | |||
328 | } | |||
329 | ||||
330 | /** | |||
331 | * Retribute "Calling-Number" attribute of the user from the realm. | |||
332 | * | |||
333 | * @param username Username. | |||
334 | * @param number Pointer to the space for the Calling-Number. This | |||
335 | * can be NULL in case retributing the Calling-Number only. | |||
336 | * @param plnumber Pointer to the length of the space for the | |||
337 | * Calling-Number. | |||
338 | * @return 0 if the Calling-Number attribute is successfully retributed. | |||
339 | * 1 if the user has no Calling-Number attribute. return -1 if the realm | |||
340 | * doesn't have user attributes or other errors. return 2 if the space | |||
341 | * is not enough. | |||
342 | */ | |||
343 | int | |||
344 | npppd_auth_get_calling_number(npppd_auth_base *base, const char *username, | |||
345 | char *number, int *plnumber) | |||
346 | { | |||
347 | int retval, lcallnum, sz; | |||
348 | npppd_auth_user *user; | |||
349 | ||||
350 | user = NULL((void *)0); | |||
351 | retval = 0; | |||
352 | if (base->has_users_file == 0) | |||
| ||||
353 | return -1; | |||
354 | ||||
355 | if ((user = npppd_auth_get_user(base, username)) == NULL((void *)0)) | |||
356 | return 1; | |||
357 | ||||
358 | if (number == NULL((void *)0) && plnumber == NULL((void *)0)) { | |||
359 | retval = 0; | |||
360 | goto out; | |||
361 | } | |||
362 | if (plnumber
| |||
363 | retval = -1; | |||
364 | goto out; | |||
365 | } | |||
366 | lcallnum = strlen(user->calling_number) + 1; | |||
367 | sz = *plnumber; | |||
368 | *plnumber = lcallnum; | |||
369 | if (sz < lcallnum) { | |||
370 | retval = 2; | |||
371 | goto out; | |||
372 | } | |||
373 | strlcpy(number, user->calling_number, sz); | |||
| ||||
374 | ||||
375 | out: | |||
376 | free(user); | |||
377 | ||||
378 | return retval; | |||
379 | } | |||
380 | ||||
381 | int | |||
382 | npppd_auth_get_type(npppd_auth_base *base) | |||
383 | { | |||
384 | return base->type; | |||
385 | } | |||
386 | ||||
387 | int | |||
388 | npppd_auth_is_usable(npppd_auth_base *base) | |||
389 | { | |||
390 | return (base->initialized != 0 && base->disposing == 0)? 1 : 0; | |||
391 | } | |||
392 | ||||
393 | int | |||
394 | npppd_auth_is_ready(npppd_auth_base *base) | |||
395 | { | |||
396 | if (!npppd_auth_is_usable(base)) | |||
397 | return 0; | |||
398 | ||||
399 | switch(base->type) { | |||
400 | case NPPPD_AUTH_TYPE_LOCAL1: | |||
401 | return (base->has_users_file)? 1 : 0; | |||
402 | /* NOTREACHED */ | |||
403 | ||||
404 | case NPPPD_AUTH_TYPE_RADIUS2: | |||
405 | return (base->has_users_file != 0 || | |||
406 | base->radius_ready != 0)? 1 : 0; | |||
407 | /* NOTREACHED */ | |||
408 | } | |||
409 | NPPPD_AUTH_ASSERT(0); | |||
410 | ||||
411 | return 0; | |||
412 | } | |||
413 | ||||
414 | int | |||
415 | npppd_auth_is_disposing(npppd_auth_base *base) | |||
416 | { | |||
417 | return (base->disposing != 0)? 1 : 0; | |||
418 | } | |||
419 | ||||
420 | int | |||
421 | npppd_auth_is_eap_capable(npppd_auth_base *base) | |||
422 | { | |||
423 | return (base->eap_capable != 0)? 1 : 0; | |||
424 | } | |||
425 | ||||
426 | const char * | |||
427 | npppd_auth_get_name(npppd_auth_base *base) | |||
428 | { | |||
429 | return base->name; | |||
430 | } | |||
431 | ||||
432 | const char * | |||
433 | npppd_auth_get_suffix(npppd_auth_base *base) | |||
434 | { | |||
435 | return base->pppsuffix; | |||
436 | } | |||
437 | ||||
438 | const char * | |||
439 | npppd_auth_username_for_auth(npppd_auth_base *base, const char *username, | |||
440 | char *username_buffer) | |||
441 | { | |||
442 | const char *u0; | |||
443 | char *atmark, *u1; | |||
444 | ||||
445 | u0 = NULL((void *)0); | |||
446 | if (base->strip_nt_domain != 0) { | |||
447 | if ((u0 = strchr(username, '\\')) != NULL((void *)0)) | |||
448 | u0++; | |||
449 | } | |||
450 | if (u0 == NULL((void *)0)) | |||
451 | u0 = username; | |||
452 | u1 = username_buffer; | |||
453 | if (username_buffer != u0) | |||
454 | memmove(username_buffer, u0, MINIMUM(strlen(u0) + 1,(((strlen(u0) + 1) < (256)) ? (strlen(u0) + 1) : (256)) | |||
455 | MAX_USERNAME_LENGTH)(((strlen(u0) + 1) < (256)) ? (strlen(u0) + 1) : (256))); | |||
456 | if (base->strip_atmark_realm != 0) { | |||
457 | if ((atmark = strrchr(u1, '@')) != NULL((void *)0)) | |||
458 | *atmark = '\0'; | |||
459 | } | |||
460 | ||||
461 | return username_buffer; | |||
462 | } | |||
463 | ||||
464 | int | |||
465 | npppd_auth_user_session_unlimited(npppd_auth_base *_this) | |||
466 | { | |||
467 | return (_this->user_max_session == 0) ? 1 : 0; | |||
468 | } | |||
469 | ||||
470 | int | |||
471 | npppd_check_auth_user_max_session(npppd_auth_base *_this, int count) | |||
472 | { | |||
473 | if (!npppd_auth_user_session_unlimited(_this) && | |||
474 | _this->user_max_session <= count) | |||
475 | return 1; | |||
476 | else | |||
477 | return 0; | |||
478 | } | |||
479 | ||||
480 | /*********************************************************************** | |||
481 | * Account list related functions | |||
482 | ***********************************************************************/ | |||
483 | static npppd_auth_user * | |||
484 | npppd_auth_get_user(npppd_auth_base *base, const char *username) | |||
485 | { | |||
486 | int lsuffix, lusername; | |||
487 | const char *un; | |||
488 | char buf[MAX_USERNAME_LENGTH256]; | |||
489 | npppd_auth_user *u; | |||
490 | ||||
491 | un = username; | |||
492 | lsuffix = strlen(base->pppsuffix); | |||
493 | lusername = strlen(username); | |||
494 | if (lsuffix > 0 && lusername > lsuffix && | |||
495 | strcmp(username + lusername - lsuffix, base->pppsuffix) == 0 && | |||
496 | lusername - lsuffix < sizeof(buf)) { | |||
497 | memcpy(buf, username, lusername - lsuffix); | |||
498 | buf[lusername - lsuffix] = '\0'; | |||
499 | un = buf; | |||
500 | } | |||
501 | ||||
502 | if (priv_get_user_info(base->users_file_path, un, &u) == 0) | |||
503 | return u; | |||
504 | ||||
505 | return NULL((void *)0); | |||
506 | } | |||
507 | ||||
508 | #ifdef USE_NPPPD_RADIUS1 | |||
509 | /*********************************************************************** | |||
510 | * RADIUS | |||
511 | ***********************************************************************/ | |||
512 | /** reload the configuration of RADIUS authentication realm */ | |||
513 | static int | |||
514 | npppd_auth_radius_reload(npppd_auth_base *base, struct authconf *auth) | |||
515 | { | |||
516 | npppd_auth_radius *_this = (npppd_auth_radius *)base; | |||
517 | radius_req_setting *rad; | |||
518 | struct radserver *server; | |||
519 | int i, nauth, nacct; | |||
520 | ||||
521 | _this->rad_auth_setting->timeout = | |||
522 | (auth->data.radius.auth.timeout == 0) | |||
523 | ? DEFAULT_RADIUS_TIMEOUT9 : auth->data.radius.auth.timeout; | |||
524 | _this->rad_acct_setting->timeout = | |||
525 | (auth->data.radius.acct.timeout == 0) | |||
526 | ? DEFAULT_RADIUS_TIMEOUT9 : auth->data.radius.acct.timeout; | |||
527 | ||||
528 | ||||
529 | _this->rad_auth_setting->max_tries = | |||
530 | (auth->data.radius.auth.max_tries == 0) | |||
531 | ? DEFAULT_RADIUS_MAX_TRIES3 : auth->data.radius.auth.max_tries; | |||
532 | _this->rad_acct_setting->max_tries = | |||
533 | (auth->data.radius.acct.max_tries == 0) | |||
534 | ? DEFAULT_RADIUS_MAX_TRIES3 : auth->data.radius.acct.max_tries; | |||
535 | ||||
536 | _this->rad_auth_setting->max_failovers = | |||
537 | (auth->data.radius.auth.max_failovers == 0) | |||
538 | ? DEFAULT_RADIUS_MAX_FAILOVERS1 | |||
539 | : auth->data.radius.auth.max_failovers; | |||
540 | _this->rad_acct_setting->max_failovers = | |||
541 | (auth->data.radius.acct.max_failovers == 0) | |||
542 | ? DEFAULT_RADIUS_MAX_FAILOVERS1 | |||
543 | : auth->data.radius.acct.max_failovers; | |||
544 | ||||
545 | _this->rad_acct_setting->curr_server = | |||
546 | _this->rad_auth_setting->curr_server = 0; | |||
547 | ||||
548 | /* load configs for authentication server */ | |||
549 | rad = _this->rad_auth_setting; | |||
550 | for (i = 0; i < countof(rad->server)(sizeof(rad->server) / sizeof((rad->server)[0])); i++) | |||
551 | memset(&rad->server[i], 0, sizeof(rad->server[0])); | |||
552 | i = 0; | |||
553 | TAILQ_FOREACH(server, &auth->data.radius.auth.servers, entry)for((server) = ((&auth->data.radius.auth.servers)-> tqh_first); (server) != ((void *)0); (server) = ((server)-> entry.tqe_next)) { | |||
554 | if (i >= countof(rad->server)(sizeof(rad->server) / sizeof((rad->server)[0]))) | |||
555 | break; | |||
556 | memcpy(&rad->server[i].peer, &server->address, | |||
557 | server->address.ss_len); | |||
558 | if (((struct sockaddr_in *)&rad->server[i].peer)->sin_port | |||
559 | == 0) | |||
560 | ((struct sockaddr_in *)&rad->server[i].peer)->sin_port | |||
561 | = htons(DEFAULT_RADIUS_AUTH_PORT)(__uint16_t)(__builtin_constant_p(1812) ? (__uint16_t)(((__uint16_t )(1812) & 0xffU) << 8 | ((__uint16_t)(1812) & 0xff00U ) >> 8) : __swap16md(1812)); | |||
562 | strlcpy(rad->server[i].secret, server->secret, | |||
563 | sizeof(rad->server[i].secret)); | |||
564 | rad->server[i].enabled = 1; | |||
565 | i++; | |||
566 | } | |||
567 | nauth = i; | |||
568 | ||||
569 | /* load configs for accounting server */ | |||
570 | rad = _this->rad_acct_setting; | |||
571 | for (i = 0; i < countof(rad->server)(sizeof(rad->server) / sizeof((rad->server)[0])); i++) | |||
572 | memset(&rad->server[i], 0, sizeof(rad->server[0])); | |||
573 | i = 0; | |||
574 | TAILQ_FOREACH(server, &auth->data.radius.acct.servers, entry)for((server) = ((&auth->data.radius.acct.servers)-> tqh_first); (server) != ((void *)0); (server) = ((server)-> entry.tqe_next)) { | |||
575 | if (i >= countof(rad->server)(sizeof(rad->server) / sizeof((rad->server)[0]))) | |||
576 | break; | |||
577 | memcpy(&rad->server[i].peer, &server->address, | |||
578 | server->address.ss_len); | |||
579 | if (((struct sockaddr_in *)&rad->server[i].peer)->sin_port | |||
580 | == 0) | |||
581 | ((struct sockaddr_in *)&rad->server[i].peer)->sin_port | |||
582 | = htons(DEFAULT_RADIUS_ACCT_PORT)(__uint16_t)(__builtin_constant_p(1813) ? (__uint16_t)(((__uint16_t )(1813) & 0xffU) << 8 | ((__uint16_t)(1813) & 0xff00U ) >> 8) : __swap16md(1813)); | |||
583 | strlcpy(rad->server[i].secret, server->secret, | |||
584 | sizeof(rad->server[i].secret)); | |||
585 | rad->server[i].enabled = 1; | |||
586 | i++; | |||
587 | } | |||
588 | nacct = i; | |||
589 | ||||
590 | for (i = 0; i < countof(_this->rad_auth_setting->server)(sizeof(_this->rad_auth_setting->server) / sizeof((_this ->rad_auth_setting->server)[0])); i++) { | |||
591 | if (_this->rad_auth_setting->server[i].enabled) | |||
592 | base->radius_ready = 1; | |||
593 | } | |||
594 | ||||
595 | npppd_auth_base_log(&_this->nar_base, LOG_INFO6, | |||
596 | "Loaded configuration. %d authentication server%s, %d accounting " | |||
597 | "server%s.", | |||
598 | nauth, (nauth > 1)? "s" : "", nacct, (nacct > 1)? "s" : ""); | |||
599 | ||||
600 | return 0; | |||
601 | } | |||
602 | ||||
603 | /** | |||
604 | * Get {@link ::radius_req_setting} for RADIUS authentication of specified | |||
605 | * {@link ::npppd_auth_base} object. | |||
606 | */ | |||
607 | void * | |||
608 | npppd_auth_radius_get_radius_auth_setting(npppd_auth_radius *_this) | |||
609 | { | |||
610 | return _this->rad_auth_setting; | |||
611 | } | |||
612 | ||||
613 | /** | |||
614 | * Get {@link ::radius_req_setting} for RADIUS accounting of specified | |||
615 | * {@link ::npppd_auth_base} object. | |||
616 | */ | |||
617 | void * | |||
618 | npppd_auth_radius_get_radius_acct_setting(npppd_auth_radius *_this) | |||
619 | { | |||
620 | return _this->rad_acct_setting; | |||
621 | } | |||
622 | ||||
623 | #endif | |||
624 | ||||
625 | /*********************************************************************** | |||
626 | * Helper functions | |||
627 | ***********************************************************************/ | |||
628 | /** Log it which starts the label based on this instance. */ | |||
629 | static int | |||
630 | npppd_auth_base_log(npppd_auth_base *_this, int prio, const char *fmt, ...) | |||
631 | { | |||
632 | int status; | |||
633 | char logbuf[BUFSIZ1024]; | |||
634 | va_list ap; | |||
635 | ||||
636 | NPPPD_AUTH_ASSERT(_this != NULL); | |||
637 | va_start(ap, fmt)__builtin_va_start((ap), fmt); | |||
638 | snprintf(logbuf, sizeof(logbuf), "realm name=%s %s", | |||
639 | _this->name, fmt); | |||
640 | status = vlog_printf(prio, logbuf, ap); | |||
641 | va_end(ap)__builtin_va_end((ap)); | |||
642 | ||||
643 | return status; | |||
644 | } |