File: | src/usr.sbin/radiusd/radiusd/../radiusd.c |
Warning: | line 1292, column 12 Use of memory after it is freed |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: radiusd.c,v 1.34 2024/01/08 04:16:48 yasuoka Exp $ */ | |||
2 | ||||
3 | /* | |||
4 | * Copyright (c) 2013, 2023 Internet Initiative Japan Inc. | |||
5 | * | |||
6 | * Permission to use, copy, modify, and distribute this software for any | |||
7 | * purpose with or without fee is hereby granted, provided that the above | |||
8 | * copyright notice and this permission notice appear in all copies. | |||
9 | * | |||
10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |||
11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |||
12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |||
13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |||
14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |||
15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |||
16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |||
17 | */ | |||
18 | ||||
19 | #include <sys/types.h> | |||
20 | #include <netinet/in.h> | |||
21 | #include <arpa/inet.h> | |||
22 | #include <sys/queue.h> | |||
23 | #include <sys/socket.h> | |||
24 | #include <sys/time.h> | |||
25 | #include <sys/uio.h> | |||
26 | #include <sys/wait.h> | |||
27 | ||||
28 | #include <err.h> | |||
29 | #include <errno(*__errno()).h> | |||
30 | #include <event.h> | |||
31 | #include <fcntl.h> | |||
32 | #include <fnmatch.h> | |||
33 | #include <imsg.h> | |||
34 | #include <md5.h> | |||
35 | #include <netdb.h> | |||
36 | #include <pwd.h> | |||
37 | #include <signal.h> | |||
38 | #include <stdbool.h> | |||
39 | #include <stdio.h> | |||
40 | #include <stdlib.h> | |||
41 | #include <string.h> | |||
42 | #include <syslog.h> | |||
43 | #include <unistd.h> | |||
44 | ||||
45 | #include <radius.h> | |||
46 | ||||
47 | #include "radiusd.h" | |||
48 | #include "radiusd_local.h" | |||
49 | #include "log.h" | |||
50 | #include "util.h" | |||
51 | #include "imsg_subr.h" | |||
52 | ||||
53 | static int radiusd_start(struct radiusd *); | |||
54 | static void radiusd_stop(struct radiusd *); | |||
55 | static void radiusd_free(struct radiusd *); | |||
56 | static void radiusd_listen_on_event(int, short, void *); | |||
57 | static void radiusd_on_sigterm(int, short, void *); | |||
58 | static void radiusd_on_sigint(int, short, void *); | |||
59 | static void radiusd_on_sighup(int, short, void *); | |||
60 | static void radiusd_on_sigchld(int, short, void *); | |||
61 | static void radius_query_request(struct radius_query *); | |||
62 | static void radius_query_response(struct radius_query *); | |||
63 | static const char *radius_code_string(int); | |||
64 | static int radiusd_access_response_fixup (struct radius_query *); | |||
65 | ||||
66 | ||||
67 | ||||
68 | static void radiusd_module_reset_ev_handler( | |||
69 | struct radiusd_module *); | |||
70 | static int radiusd_module_imsg_read(struct radiusd_module *, | |||
71 | bool_Bool); | |||
72 | static void radiusd_module_imsg(struct radiusd_module *, | |||
73 | struct imsg *); | |||
74 | ||||
75 | static struct radiusd_module_radpkt_arg * | |||
76 | radiusd_module_recv_radpkt(struct radiusd_module *, | |||
77 | struct imsg *, uint32_t, const char *); | |||
78 | static void radiusd_module_on_imsg_io(int, short, void *); | |||
79 | void radiusd_module_start(struct radiusd_module *); | |||
80 | void radiusd_module_stop(struct radiusd_module *); | |||
81 | static void radiusd_module_close(struct radiusd_module *); | |||
82 | static void radiusd_module_userpass(struct radiusd_module *, | |||
83 | struct radius_query *); | |||
84 | static void radiusd_module_access_request(struct radiusd_module *, | |||
85 | struct radius_query *); | |||
86 | static void radiusd_module_request_decoration( | |||
87 | struct radiusd_module *, struct radius_query *); | |||
88 | static void radiusd_module_response_decoration( | |||
89 | struct radiusd_module *, struct radius_query *); | |||
90 | static int imsg_compose_radius_packet(struct imsgbuf *, | |||
91 | uint32_t, u_int, RADIUS_PACKET *); | |||
92 | ||||
93 | static u_int radius_query_id_seq = 0; | |||
94 | int debug = 0; | |||
95 | ||||
96 | static __dead__attribute__((__noreturn__)) void | |||
97 | usage(void) | |||
98 | { | |||
99 | extern char *__progname; | |||
100 | ||||
101 | fprintf(stderr(&__sF[2]), "usage: %s [-dn] [-f file]\n", __progname); | |||
102 | exit(EXIT_FAILURE1); | |||
103 | } | |||
104 | ||||
105 | int | |||
106 | main(int argc, char *argv[]) | |||
107 | { | |||
108 | extern char *__progname; | |||
109 | const char *conffile = CONFFILE"/etc/radiusd.conf"; | |||
110 | int ch; | |||
111 | struct radiusd *radiusd; | |||
112 | bool_Bool noaction = false0; | |||
113 | struct passwd *pw; | |||
114 | ||||
115 | while ((ch = getopt(argc, argv, "df:n")) != -1) | |||
116 | switch (ch) { | |||
117 | case 'd': | |||
118 | debug++; | |||
119 | break; | |||
120 | ||||
121 | case 'f': | |||
122 | conffile = optarg; | |||
123 | break; | |||
124 | ||||
125 | case 'n': | |||
126 | noaction = true1; | |||
127 | break; | |||
128 | ||||
129 | default: | |||
130 | usage(); | |||
131 | /* NOTREACHED */ | |||
132 | } | |||
133 | ||||
134 | argc -= optind; | |||
135 | argv += optind; | |||
136 | ||||
137 | if (argc != 0) | |||
138 | usage(); | |||
139 | ||||
140 | if ((radiusd = calloc(1, sizeof(*radiusd))) == NULL((void *)0)) | |||
141 | err(1, "calloc"); | |||
142 | TAILQ_INIT(&radiusd->listen)do { (&radiusd->listen)->tqh_first = ((void *)0); ( &radiusd->listen)->tqh_last = &(&radiusd-> listen)->tqh_first; } while (0); | |||
143 | TAILQ_INIT(&radiusd->query)do { (&radiusd->query)->tqh_first = ((void *)0); (& radiusd->query)->tqh_last = &(&radiusd->query )->tqh_first; } while (0); | |||
144 | ||||
145 | log_init(debug); | |||
146 | if (parse_config(conffile, radiusd) != 0) | |||
147 | errx(EXIT_FAILURE1, "config error"); | |||
148 | if (noaction) { | |||
149 | fprintf(stderr(&__sF[2]), "configuration OK\n"); | |||
150 | exit(EXIT_SUCCESS0); | |||
151 | } | |||
152 | ||||
153 | if (debug == 0) | |||
154 | daemon(0, 0); | |||
155 | event_init(); | |||
156 | ||||
157 | if ((pw = getpwnam(RADIUSD_USER"_radiusd")) == NULL((void *)0)) | |||
158 | errx(EXIT_FAILURE1, "user `%s' is not found in password " | |||
159 | "database", RADIUSD_USER"_radiusd"); | |||
160 | ||||
161 | if (chroot(pw->pw_dir) == -1) | |||
162 | err(EXIT_FAILURE1, "chroot"); | |||
163 | if (chdir("/") == -1) | |||
164 | err(EXIT_FAILURE1, "chdir(\"/\")"); | |||
165 | ||||
166 | if (setgroups(1, &pw->pw_gid) || | |||
167 | setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || | |||
168 | setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) | |||
169 | err(EXIT_FAILURE1, "cannot drop privileges"); | |||
170 | ||||
171 | signal(SIGPIPE13, SIG_IGN(void (*)(int))1); | |||
172 | openlog(NULL((void *)0), LOG_PID0x01, LOG_DAEMON(3<<3)); | |||
173 | ||||
174 | signal_set(&radiusd->ev_sigterm, SIGTERM, radiusd_on_sigterm, radiusd)event_set(&radiusd->ev_sigterm, 15, 0x08|0x10, radiusd_on_sigterm , radiusd); | |||
175 | signal_set(&radiusd->ev_sigint, SIGINT, radiusd_on_sigint, radiusd)event_set(&radiusd->ev_sigint, 2, 0x08|0x10, radiusd_on_sigint , radiusd); | |||
176 | signal_set(&radiusd->ev_sighup, SIGHUP, radiusd_on_sighup, radiusd)event_set(&radiusd->ev_sighup, 1, 0x08|0x10, radiusd_on_sighup , radiusd); | |||
177 | signal_set(&radiusd->ev_sigchld, SIGCHLD, radiusd_on_sigchld, radiusd)event_set(&radiusd->ev_sigchld, 20, 0x08|0x10, radiusd_on_sigchld , radiusd); | |||
178 | ||||
179 | if (radiusd_start(radiusd) != 0) | |||
180 | errx(EXIT_FAILURE1, "start failed"); | |||
181 | ||||
182 | if (pledge("stdio inet", NULL((void *)0)) == -1) | |||
183 | err(EXIT_FAILURE1, "pledge"); | |||
184 | ||||
185 | if (event_loop(0) < 0) | |||
186 | radiusd_stop(radiusd); | |||
187 | ||||
188 | radiusd_free(radiusd); | |||
189 | event_base_free(NULL((void *)0)); | |||
190 | ||||
191 | exit(EXIT_SUCCESS0); | |||
192 | } | |||
193 | ||||
194 | static int | |||
195 | radiusd_start(struct radiusd *radiusd) | |||
196 | { | |||
197 | struct radiusd_listen *l; | |||
198 | struct radiusd_module *module; | |||
199 | int s; | |||
200 | char hbuf[NI_MAXHOST256]; | |||
201 | ||||
202 | TAILQ_FOREACH(l, &radiusd->listen, next)for((l) = ((&radiusd->listen)->tqh_first); (l) != ( (void *)0); (l) = ((l)->next.tqe_next)) { | |||
203 | if (getnameinfo( | |||
204 | (struct sockaddr *)&l->addr, l->addr.ipv4.sin_len, | |||
205 | hbuf, sizeof(hbuf), NULL((void *)0), 0, NI_NUMERICHOST1) != 0) { | |||
206 | log_warn("%s: getnameinfo()", __func__); | |||
207 | goto on_error; | |||
208 | } | |||
209 | if ((s = socket(l->addr.ipv4.sin_family, | |||
210 | l->stype | SOCK_NONBLOCK0x4000, l->sproto)) == -1) { | |||
211 | log_warn("Listen %s port %d is failed: socket()", | |||
212 | hbuf, (int)htons(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 | ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port))); | |||
213 | goto on_error; | |||
214 | } | |||
215 | if (bind(s, (struct sockaddr *)&l->addr, l->addr.ipv4.sin_len) | |||
216 | != 0) { | |||
217 | log_warn("Listen %s port %d is failed: bind()", | |||
218 | hbuf, (int)htons(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 | ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port))); | |||
219 | close(s); | |||
220 | goto on_error; | |||
221 | } | |||
222 | if (l->addr.ipv4.sin_family == AF_INET2) | |||
223 | log_info("Start listening on %s:%d/udp", hbuf, | |||
224 | (int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 | ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port))); | |||
225 | else | |||
226 | log_info("Start listening on [%s]:%d/udp", hbuf, | |||
227 | (int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 | ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port))); | |||
228 | event_set(&l->ev, s, EV_READ0x02 | EV_PERSIST0x10, | |||
229 | radiusd_listen_on_event, l); | |||
230 | if (event_add(&l->ev, NULL((void *)0)) != 0) { | |||
231 | log_warn("event_add() failed at %s()", __func__); | |||
232 | close(s); | |||
233 | goto on_error; | |||
234 | } | |||
235 | l->sock = s; | |||
236 | l->radiusd = radiusd; | |||
237 | } | |||
238 | ||||
239 | signal_add(&radiusd->ev_sigterm, NULL)event_add(&radiusd->ev_sigterm, ((void *)0)); | |||
240 | signal_add(&radiusd->ev_sigint, NULL)event_add(&radiusd->ev_sigint, ((void *)0)); | |||
241 | signal_add(&radiusd->ev_sighup, NULL)event_add(&radiusd->ev_sighup, ((void *)0)); | |||
242 | signal_add(&radiusd->ev_sigchld, NULL)event_add(&radiusd->ev_sigchld, ((void *)0)); | |||
243 | ||||
244 | TAILQ_FOREACH(module, &radiusd->module, next)for((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0); (module) = ((module)->next.tqe_next)) { | |||
245 | if (debug > 0) | |||
246 | radiusd_module_set(module, "_debug", 0, NULL((void *)0)); | |||
247 | radiusd_module_start(module); | |||
248 | } | |||
249 | ||||
250 | return (0); | |||
251 | on_error: | |||
252 | radiusd_stop(radiusd); | |||
253 | ||||
254 | return (-1); | |||
255 | } | |||
256 | ||||
257 | static void | |||
258 | radiusd_stop(struct radiusd *radiusd) | |||
259 | { | |||
260 | char hbuf[NI_MAXHOST256]; | |||
261 | struct radiusd_listen *l; | |||
262 | struct radiusd_module *module; | |||
263 | ||||
264 | TAILQ_FOREACH_REVERSE(l, &radiusd->listen, radiusd_listen_head, next)for((l) = (*(((struct radiusd_listen_head *)((&radiusd-> listen)->tqh_last))->tqh_last)); (l) != ((void *)0); (l ) = (*(((struct radiusd_listen_head *)((l)->next.tqe_prev) )->tqh_last))) { | |||
265 | if (l->sock >= 0) { | |||
266 | if (getnameinfo( | |||
267 | (struct sockaddr *)&l->addr, l->addr.ipv4.sin_len, | |||
268 | hbuf, sizeof(hbuf), NULL((void *)0), 0, NI_NUMERICHOST1) != 0) | |||
269 | strlcpy(hbuf, "error", sizeof(hbuf)); | |||
270 | if (l->addr.ipv4.sin_family == AF_INET2) | |||
271 | log_info("Stop listening on %s:%d/udp", hbuf, | |||
272 | (int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 | ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port))); | |||
273 | else | |||
274 | log_info("Stop listening on [%s]:%d/udp", hbuf, | |||
275 | (int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 | ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port))); | |||
276 | event_del(&l->ev); | |||
277 | close(l->sock); | |||
278 | } | |||
279 | l->sock = -1; | |||
280 | } | |||
281 | TAILQ_FOREACH(module, &radiusd->module, next)for((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0); (module) = ((module)->next.tqe_next)) { | |||
282 | radiusd_module_stop(module); | |||
283 | radiusd_module_close(module); | |||
284 | } | |||
285 | if (signal_pending(&radiusd->ev_sigterm, NULL)event_pending(&radiusd->ev_sigterm, 0x08, ((void *)0))) | |||
286 | signal_del(&radiusd->ev_sigterm)event_del(&radiusd->ev_sigterm); | |||
287 | if (signal_pending(&radiusd->ev_sigint, NULL)event_pending(&radiusd->ev_sigint, 0x08, ((void *)0))) | |||
288 | signal_del(&radiusd->ev_sigint)event_del(&radiusd->ev_sigint); | |||
289 | if (signal_pending(&radiusd->ev_sighup, NULL)event_pending(&radiusd->ev_sighup, 0x08, ((void *)0))) | |||
290 | signal_del(&radiusd->ev_sighup)event_del(&radiusd->ev_sighup); | |||
291 | if (signal_pending(&radiusd->ev_sigchld, NULL)event_pending(&radiusd->ev_sigchld, 0x08, ((void *)0))) | |||
292 | signal_del(&radiusd->ev_sigchld)event_del(&radiusd->ev_sigchld); | |||
293 | } | |||
294 | ||||
295 | static void | |||
296 | radiusd_free(struct radiusd *radiusd) | |||
297 | { | |||
298 | int i; | |||
299 | struct radiusd_listen *listn, *listnt; | |||
300 | struct radiusd_client *client, *clientt; | |||
301 | struct radiusd_module *module, *modulet; | |||
302 | struct radiusd_module_ref *modref, *modreft; | |||
303 | struct radiusd_authentication *authen, *authent; | |||
304 | ||||
305 | TAILQ_FOREACH_SAFE(authen, &radiusd->authen, next, authent)for ((authen) = ((&radiusd->authen)->tqh_first); (authen ) != ((void *)0) && ((authent) = ((authen)->next.tqe_next ), 1); (authen) = (authent)) { | |||
306 | TAILQ_REMOVE(&radiusd->authen, authen, next)do { if (((authen)->next.tqe_next) != ((void *)0)) (authen )->next.tqe_next->next.tqe_prev = (authen)->next.tqe_prev ; else (&radiusd->authen)->tqh_last = (authen)-> next.tqe_prev; *(authen)->next.tqe_prev = (authen)->next .tqe_next; ; ; } while (0); | |||
307 | free(authen->auth); | |||
308 | TAILQ_FOREACH_SAFE(modref, &authen->deco, next, modreft)for ((modref) = ((&authen->deco)->tqh_first); (modref ) != ((void *)0) && ((modreft) = ((modref)->next.tqe_next ), 1); (modref) = (modreft)) { | |||
309 | TAILQ_REMOVE(&authen->deco, modref, next)do { if (((modref)->next.tqe_next) != ((void *)0)) (modref )->next.tqe_next->next.tqe_prev = (modref)->next.tqe_prev ; else (&authen->deco)->tqh_last = (modref)->next .tqe_prev; *(modref)->next.tqe_prev = (modref)->next.tqe_next ; ; ; } while (0); | |||
310 | free(modref); | |||
311 | } | |||
312 | for (i = 0; authen->username[i] != NULL((void *)0); i++) | |||
313 | free(authen->username[i]); | |||
314 | free(authen->username); | |||
315 | free(authen); | |||
316 | } | |||
317 | TAILQ_FOREACH_SAFE(module, &radiusd->module, next, modulet)for ((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0) && ((modulet) = ((module)->next.tqe_next ), 1); (module) = (modulet)) { | |||
318 | TAILQ_REMOVE(&radiusd->module, module, next)do { if (((module)->next.tqe_next) != ((void *)0)) (module )->next.tqe_next->next.tqe_prev = (module)->next.tqe_prev ; else (&radiusd->module)->tqh_last = (module)-> next.tqe_prev; *(module)->next.tqe_prev = (module)->next .tqe_next; ; ; } while (0); | |||
319 | radiusd_module_unload(module); | |||
320 | } | |||
321 | TAILQ_FOREACH_SAFE(client, &radiusd->client, next, clientt)for ((client) = ((&radiusd->client)->tqh_first); (client ) != ((void *)0) && ((clientt) = ((client)->next.tqe_next ), 1); (client) = (clientt)) { | |||
322 | TAILQ_REMOVE(&radiusd->client, client, next)do { if (((client)->next.tqe_next) != ((void *)0)) (client )->next.tqe_next->next.tqe_prev = (client)->next.tqe_prev ; else (&radiusd->client)->tqh_last = (client)-> next.tqe_prev; *(client)->next.tqe_prev = (client)->next .tqe_next; ; ; } while (0); | |||
323 | explicit_bzero(client->secret, sizeof(client->secret)); | |||
324 | free(client); | |||
325 | } | |||
326 | TAILQ_FOREACH_SAFE(listn, &radiusd->listen, next, listnt)for ((listn) = ((&radiusd->listen)->tqh_first); (listn ) != ((void *)0) && ((listnt) = ((listn)->next.tqe_next ), 1); (listn) = (listnt)) { | |||
327 | TAILQ_REMOVE(&radiusd->listen, listn, next)do { if (((listn)->next.tqe_next) != ((void *)0)) (listn)-> next.tqe_next->next.tqe_prev = (listn)->next.tqe_prev; else (&radiusd->listen)->tqh_last = (listn)->next.tqe_prev ; *(listn)->next.tqe_prev = (listn)->next.tqe_next; ; ; } while (0); | |||
328 | free(listn); | |||
329 | } | |||
330 | free(radiusd); | |||
331 | } | |||
332 | ||||
333 | /*********************************************************************** | |||
334 | * Network event handlers | |||
335 | ***********************************************************************/ | |||
336 | #define IPv4_cmp(_in, _addr, _mask)( ((_in)->s_addr & (_mask)->addr.ipv4.s_addr) == (_addr )->addr.ipv4.s_addr) ( \ | |||
337 | ((_in)->s_addr & (_mask)->addr.ipv4.s_addr) == \ | |||
338 | (_addr)->addr.ipv4.s_addr) | |||
339 | #define s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8) ((uint32_t *)(_in6)->s6_addr__u6_addr.__u6_addr8) | |||
340 | #define IPv6_cmp(_in6, _addr, _mask)( ((((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[3] & (_mask )->addr.addr32[3]) == (_addr)->addr.addr32[3]) && ((((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[2] & (_mask )->addr.addr32[2]) == (_addr)->addr.addr32[2]) && ((((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[1] & (_mask )->addr.addr32[1]) == (_addr)->addr.addr32[1]) && ((((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[0] & (_mask )->addr.addr32[0]) == (_addr)->addr.addr32[0])) ( \ | |||
341 | ((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[3] & (_mask)->addr.addr32[3]) \ | |||
342 | == (_addr)->addr.addr32[3]) && \ | |||
343 | ((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[2] & (_mask)->addr.addr32[2]) \ | |||
344 | == (_addr)->addr.addr32[2]) && \ | |||
345 | ((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[1] & (_mask)->addr.addr32[1]) \ | |||
346 | == (_addr)->addr.addr32[1]) && \ | |||
347 | ((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[0] & (_mask)->addr.addr32[0]) \ | |||
348 | == (_addr)->addr.addr32[0])) | |||
349 | ||||
350 | static void | |||
351 | radiusd_listen_on_event(int fd, short evmask, void *ctx) | |||
352 | { | |||
353 | int i, sz, req_id, req_code; | |||
354 | struct radiusd_listen *listn = ctx; | |||
355 | static u_char buf[65535]; | |||
356 | static char username[256]; | |||
357 | struct sockaddr_storage peer; | |||
358 | socklen_t peersz; | |||
359 | RADIUS_PACKET *packet = NULL((void *)0); | |||
360 | char peerstr[NI_MAXHOST256 + NI_MAXSERV32 + 30]; | |||
361 | struct radiusd_authentication *authen; | |||
362 | struct radiusd_client *client; | |||
363 | struct radius_query *q; | |||
364 | #define in(_x) (((struct sockaddr_in *)_x)->sin_addr) | |||
365 | #define in6(_x) (((struct sockaddr_in6 *)_x)->sin6_addr) | |||
366 | ||||
367 | if (evmask & EV_READ0x02) { | |||
368 | peersz = sizeof(peer); | |||
369 | if ((sz = recvfrom(listn->sock, buf, sizeof(buf), 0, | |||
370 | (struct sockaddr *)&peer, &peersz)) == -1) { | |||
371 | if (errno(*__errno()) == EAGAIN35) | |||
372 | return; | |||
373 | log_warn("%s: recvfrom() failed", __func__); | |||
374 | goto on_error; | |||
375 | } | |||
376 | RADIUSD_ASSERT(peer.ss_family == AF_INET ||do { if (!(peer.ss_family == 2 || peer.ss_family == 24)) { log_warnx ( "ASSERT(%s) failed in %s() at %s:%d", "peer.ss_family == AF_INET || peer.ss_family == AF_INET6" , __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c", 377); if (debug) abort(); } } while (0 ) | |||
377 | peer.ss_family == AF_INET6)do { if (!(peer.ss_family == 2 || peer.ss_family == 24)) { log_warnx ( "ASSERT(%s) failed in %s() at %s:%d", "peer.ss_family == AF_INET || peer.ss_family == AF_INET6" , __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c", 377); if (debug) abort(); } } while (0 ); | |||
378 | ||||
379 | /* prepare some information about this messages */ | |||
380 | if (addrport_tostring((struct sockaddr *)&peer, peersz, | |||
381 | peerstr, sizeof(peerstr)) == NULL((void *)0)) { | |||
382 | log_warn("%s: getnameinfo() failed", __func__); | |||
383 | goto on_error; | |||
384 | } | |||
385 | if ((packet = radius_convert_packet(buf, sz)) == NULL((void *)0)) { | |||
386 | log_warn("%s: radius_convert_packet() failed", | |||
387 | __func__); | |||
388 | goto on_error; | |||
389 | } | |||
390 | req_id = radius_get_id(packet); | |||
391 | req_code = radius_get_code(packet); | |||
392 | ||||
393 | /* | |||
394 | * Find a matching `client' entry | |||
395 | */ | |||
396 | TAILQ_FOREACH(client, &listn->radiusd->client, next)for((client) = ((&listn->radiusd->client)->tqh_first ); (client) != ((void *)0); (client) = ((client)->next.tqe_next )) { | |||
397 | if (client->af != peer.ss_family) | |||
398 | continue; | |||
399 | if (peer.ss_family == AF_INET2 && | |||
400 | IPv4_cmp(&((struct sockaddr_in *)&peer)->sin_addr,( ((&((struct sockaddr_in *)&peer)->sin_addr)-> s_addr & (&client->mask)->addr.ipv4.s_addr) == ( &client->addr)->addr.ipv4.s_addr) | |||
401 | &client->addr, &client->mask)( ((&((struct sockaddr_in *)&peer)->sin_addr)-> s_addr & (&client->mask)->addr.ipv4.s_addr) == ( &client->addr)->addr.ipv4.s_addr)) | |||
402 | break; | |||
403 | else if (peer.ss_family == AF_INET624 && | |||
404 | IPv6_cmp(&((struct sockaddr_in6 *)&peer)->sin6_addr,( ((((uint32_t *)(&((struct sockaddr_in6 *)&peer)-> sin6_addr)->__u6_addr.__u6_addr8)[3] & (&client-> mask)->addr.addr32[3]) == (&client->addr)->addr. addr32[3]) && ((((uint32_t *)(&((struct sockaddr_in6 *)&peer)->sin6_addr)->__u6_addr.__u6_addr8)[2] & (&client->mask)->addr.addr32[2]) == (&client-> addr)->addr.addr32[2]) && ((((uint32_t *)(&((struct sockaddr_in6 *)&peer)->sin6_addr)->__u6_addr.__u6_addr8 )[1] & (&client->mask)->addr.addr32[1]) == (& client->addr)->addr.addr32[1]) && ((((uint32_t * )(&((struct sockaddr_in6 *)&peer)->sin6_addr)-> __u6_addr.__u6_addr8)[0] & (&client->mask)->addr .addr32[0]) == (&client->addr)->addr.addr32[0])) | |||
405 | &client->addr, &client->mask)( ((((uint32_t *)(&((struct sockaddr_in6 *)&peer)-> sin6_addr)->__u6_addr.__u6_addr8)[3] & (&client-> mask)->addr.addr32[3]) == (&client->addr)->addr. addr32[3]) && ((((uint32_t *)(&((struct sockaddr_in6 *)&peer)->sin6_addr)->__u6_addr.__u6_addr8)[2] & (&client->mask)->addr.addr32[2]) == (&client-> addr)->addr.addr32[2]) && ((((uint32_t *)(&((struct sockaddr_in6 *)&peer)->sin6_addr)->__u6_addr.__u6_addr8 )[1] & (&client->mask)->addr.addr32[1]) == (& client->addr)->addr.addr32[1]) && ((((uint32_t * )(&((struct sockaddr_in6 *)&peer)->sin6_addr)-> __u6_addr.__u6_addr8)[0] & (&client->mask)->addr .addr32[0]) == (&client->addr)->addr.addr32[0]))) | |||
406 | break; | |||
407 | } | |||
408 | if (client == NULL((void *)0)) { | |||
409 | log_warnx("Received %s(code=%d) from %s id=%d: " | |||
410 | "no `client' matches", radius_code_string(req_code), | |||
411 | req_code, peerstr, req_id); | |||
412 | goto on_error; | |||
413 | } | |||
414 | ||||
415 | /* Check the client's Message-Authenticator */ | |||
416 | if (client->msgauth_required && | |||
417 | !radius_has_attr(packet, | |||
418 | RADIUS_TYPE_MESSAGE_AUTHENTICATOR80)) { | |||
419 | log_warnx("Received %s(code=%d) from %s id=%d: " | |||
420 | "no message authenticator", | |||
421 | radius_code_string(req_code), req_code, peerstr, | |||
422 | req_id); | |||
423 | goto on_error; | |||
424 | } | |||
425 | ||||
426 | if (radius_has_attr(packet, | |||
427 | RADIUS_TYPE_MESSAGE_AUTHENTICATOR80) && | |||
428 | radius_check_message_authenticator(packet, client->secret) | |||
429 | != 0) { | |||
430 | log_warnx("Received %s(code=%d) from %s id=%d: " | |||
431 | "bad message authenticator", | |||
432 | radius_code_string(req_code), req_code, peerstr, | |||
433 | req_id); | |||
434 | goto on_error; | |||
435 | } | |||
436 | ||||
437 | /* | |||
438 | * Find a duplicate request. In RFC 2865, it has the same | |||
439 | * source IP address and source UDP port and Identifier. | |||
440 | */ | |||
441 | TAILQ_FOREACH(q, &listn->radiusd->query, next)for((q) = ((&listn->radiusd->query)->tqh_first); (q) != ((void *)0); (q) = ((q)->next.tqe_next)) { | |||
442 | if (peer.ss_family == q->clientaddr.ss_family && | |||
443 | ((peer.ss_family == AF_INET2 && | |||
444 | in(&q->clientaddr).s_addr == | |||
445 | in(&peer).s_addr) || | |||
446 | (peer.ss_family == AF_INET624 && | |||
447 | IN6_ARE_ADDR_EQUAL((memcmp(&(&in6(&q->clientaddr))->__u6_addr. __u6_addr8[0], &(&in6(&peer))->__u6_addr.__u6_addr8 [0], sizeof(struct in6_addr)) == 0) | |||
448 | &in6(&q->clientaddr), &in6(&peer))(memcmp(&(&in6(&q->clientaddr))->__u6_addr. __u6_addr8[0], &(&in6(&peer))->__u6_addr.__u6_addr8 [0], sizeof(struct in6_addr)) == 0))) && | |||
449 | ((struct sockaddr_in *)&q->clientaddr)->sin_port == | |||
450 | ((struct sockaddr_in *)&peer)->sin_port && | |||
451 | req_id == q->req_id) | |||
452 | break; /* found it */ | |||
453 | } | |||
454 | if (q != NULL((void *)0)) { | |||
455 | log_info("Received %s(code=%d) from %s id=%d: " | |||
456 | "duplicate request by q=%u", | |||
457 | radius_code_string(req_code), req_code, peerstr, | |||
458 | req_id, q->id); | |||
459 | /* XXX RFC 5080 suggests to answer the cached result */ | |||
460 | goto on_error; | |||
461 | } | |||
462 | ||||
463 | /* FIXME: we can support other request codes */ | |||
464 | if (req_code != RADIUS_CODE_ACCESS_REQUEST1) { | |||
465 | log_info("Received %s(code=%d) from %s id=%d: %s " | |||
466 | "is not supported in this implementation", | |||
467 | radius_code_string(req_code), req_code, peerstr, | |||
468 | req_id, radius_code_string(req_code)); | |||
469 | goto on_error; | |||
470 | } | |||
471 | ||||
472 | /* | |||
473 | * Find a matching `authenticate' entry | |||
474 | */ | |||
475 | if (radius_get_string_attr(packet, RADIUS_TYPE_USER_NAME1, | |||
476 | username, sizeof(username)) != 0) { | |||
477 | log_info("Received %s(code=%d) from %s id=%d: " | |||
478 | "no User-Name attribute", | |||
479 | radius_code_string(req_code), req_code, peerstr, | |||
480 | req_id); | |||
481 | goto on_error; | |||
482 | } | |||
483 | TAILQ_FOREACH(authen, &listn->radiusd->authen, next)for((authen) = ((&listn->radiusd->authen)->tqh_first ); (authen) != ((void *)0); (authen) = ((authen)->next.tqe_next )) { | |||
484 | for (i = 0; authen->username[i] != NULL((void *)0); i++) { | |||
485 | if (fnmatch(authen->username[i], username, 0) | |||
486 | == 0) | |||
487 | goto found; | |||
488 | } | |||
489 | } | |||
490 | found: | |||
491 | if (authen == NULL((void *)0)) { | |||
492 | log_warnx("Received %s(code=%d) from %s id=%d " | |||
493 | "username=%s: no `authenticate' matches.", | |||
494 | radius_code_string(req_code), req_code, peerstr, | |||
495 | req_id, username); | |||
496 | goto on_error; | |||
497 | } | |||
498 | RADIUSD_ASSERT(authen->auth != NULL)do { if (!(authen->auth != ((void *)0))) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "authen->auth != NULL", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 498); if (debug) abort(); } } while (0 ); | |||
499 | ||||
500 | if (!MODULE_DO_USERPASS(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x1) != 0) && | |||
501 | !MODULE_DO_ACCSREQ(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x2) != 0)) { | |||
502 | log_warnx("Received %s(code=%d) from %s id=%d " | |||
503 | "username=%s: module `%s' is not running.", | |||
504 | radius_code_string(req_code), req_code, peerstr, | |||
505 | req_id, username, authen->auth->module->name); | |||
506 | goto on_error; | |||
507 | } | |||
508 | if ((q = calloc(1, sizeof(struct radius_query))) == NULL((void *)0)) { | |||
509 | log_warn("%s: Out of memory", __func__); | |||
510 | goto on_error; | |||
511 | } | |||
512 | memcpy(&q->clientaddr, &peer, peersz); | |||
513 | strlcpy(q->username, username, sizeof(q->username)); | |||
514 | q->id = ++radius_query_id_seq; | |||
515 | q->clientaddrlen = peersz; | |||
516 | q->authen = authen; | |||
517 | q->listen = listn; | |||
518 | q->req = packet; | |||
519 | q->client = client; | |||
520 | q->req_id = req_id; | |||
521 | radius_get_authenticator(packet, q->req_auth); | |||
522 | ||||
523 | log_info("Received %s(code=%d) from %s id=%d username=%s " | |||
524 | "q=%u: `%s' authentication is starting", | |||
525 | radius_code_string(req_code), req_code, peerstr, q->req_id, | |||
526 | q->username, q->id, q->authen->auth->module->name); | |||
527 | TAILQ_INSERT_TAIL(&listn->radiusd->query, q, next)do { (q)->next.tqe_next = ((void *)0); (q)->next.tqe_prev = (&listn->radiusd->query)->tqh_last; *(&listn ->radiusd->query)->tqh_last = (q); (&listn->radiusd ->query)->tqh_last = &(q)->next.tqe_next; } while (0); | |||
528 | ||||
529 | radius_query_request(q); | |||
530 | ||||
531 | return; | |||
532 | } | |||
533 | on_error: | |||
534 | if (packet != NULL((void *)0)) | |||
535 | radius_delete_packet(packet); | |||
536 | #undef in | |||
537 | #undef in6 | |||
538 | ||||
539 | return; | |||
540 | } | |||
541 | ||||
542 | static void | |||
543 | radius_query_request(struct radius_query *q) | |||
544 | { | |||
545 | struct radiusd_authentication *authen = q->authen; | |||
546 | ||||
547 | /* first or next request decoration */ | |||
548 | for (;;) { | |||
549 | if (q->deco == NULL((void *)0)) | |||
550 | q->deco = TAILQ_FIRST(&q->authen->deco)((&q->authen->deco)->tqh_first); | |||
551 | else | |||
552 | q->deco = TAILQ_NEXT(q->deco, next)((q->deco)->next.tqe_next); | |||
553 | if (q->deco == NULL((void *)0) || MODULE_DO_REQDECO(q->deco->module)((q->deco->module)->fd >= 0 && ((q->deco ->module)->capabilities & 0x4) != 0)) | |||
554 | break; | |||
555 | } | |||
556 | ||||
557 | if (q->deco != NULL((void *)0)) | |||
558 | radiusd_module_request_decoration(q->deco->module, q); | |||
559 | else { | |||
560 | RADIUSD_ASSERT(authen->auth != NULL)do { if (!(authen->auth != ((void *)0))) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "authen->auth != NULL", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 560); if (debug) abort(); } } while (0 ); | |||
561 | if (MODULE_DO_ACCSREQ(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x2) != 0)) | |||
562 | radiusd_module_access_request(authen->auth->module, q); | |||
563 | else if (MODULE_DO_USERPASS(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x1) != 0)) | |||
564 | radiusd_module_userpass(authen->auth->module, q); | |||
565 | } | |||
566 | } | |||
567 | ||||
568 | static void | |||
569 | radius_query_response(struct radius_query *q) | |||
570 | { | |||
571 | int sz, res_id, res_code; | |||
572 | char buf[NI_MAXHOST256 + NI_MAXSERV32 + 30]; | |||
573 | ||||
574 | /* first or next response decoration */ | |||
575 | for (;;) { | |||
576 | if (q->deco == NULL((void *)0)) | |||
577 | q->deco = TAILQ_FIRST(&q->authen->deco)((&q->authen->deco)->tqh_first); | |||
578 | else | |||
579 | q->deco = TAILQ_NEXT(q->deco, next)((q->deco)->next.tqe_next); | |||
580 | if (q->deco == NULL((void *)0) || MODULE_DO_RESDECO(q->deco->module)((q->deco->module)->fd >= 0 && ((q->deco ->module)->capabilities & 0x8) != 0)) | |||
581 | break; | |||
582 | } | |||
583 | ||||
584 | if (q->deco != NULL((void *)0)) { | |||
585 | radiusd_module_response_decoration(q->deco->module, q); | |||
586 | return; | |||
587 | } | |||
588 | ||||
589 | if (radiusd_access_response_fixup(q) != 0) | |||
590 | goto on_error; | |||
591 | ||||
592 | res_id = radius_get_id(q->res); | |||
593 | res_code = radius_get_code(q->res); | |||
594 | ||||
595 | /* Reset response/message authenticator */ | |||
596 | if (radius_has_attr(q->res, RADIUS_TYPE_MESSAGE_AUTHENTICATOR80)) | |||
597 | radius_del_attr_all(q->res, RADIUS_TYPE_MESSAGE_AUTHENTICATOR80); | |||
598 | radius_put_message_authenticator(q->res, q->client->secret); | |||
599 | radius_set_response_authenticator(q->res, q->client->secret); | |||
600 | ||||
601 | log_info("Sending %s(code=%d) to %s id=%u q=%u", | |||
602 | radius_code_string(res_code), res_code, | |||
603 | addrport_tostring((struct sockaddr *)&q->clientaddr, | |||
604 | q->clientaddrlen, buf, sizeof(buf)), res_id, q->id); | |||
605 | ||||
606 | if ((sz = sendto(q->listen->sock, radius_get_data(q->res), | |||
607 | radius_get_length(q->res), 0, | |||
608 | (struct sockaddr *)&q->clientaddr, q->clientaddrlen)) <= 0) | |||
609 | log_warn("Sending a RADIUS response failed"); | |||
610 | on_error: | |||
611 | radiusd_access_request_aborted(q); | |||
612 | ||||
613 | } | |||
614 | ||||
615 | /*********************************************************************** | |||
616 | * Callback functions from the modules | |||
617 | ***********************************************************************/ | |||
618 | void | |||
619 | radiusd_access_request_answer(struct radius_query *q) | |||
620 | { | |||
621 | const char *authen_secret = q->authen->auth->module->secret; | |||
622 | ||||
623 | radius_set_request_packet(q->res, q->req); | |||
624 | ||||
625 | if (authen_secret == NULL((void *)0)) { | |||
626 | /* | |||
627 | * The module diddn't check the authenticators | |||
628 | */ | |||
629 | if (radius_check_response_authenticator(q->res, | |||
630 | q->client->secret) != 0) { | |||
631 | log_info("Response from module has bad response " | |||
632 | "authenticator: id=%d", q->id); | |||
633 | goto on_error; | |||
634 | } | |||
635 | if (radius_has_attr(q->res, | |||
636 | RADIUS_TYPE_MESSAGE_AUTHENTICATOR80) && | |||
637 | radius_check_message_authenticator(q->res, | |||
638 | q->client->secret) != 0) { | |||
639 | log_info("Response from module has bad message " | |||
640 | "authenticator: id=%d", q->id); | |||
641 | goto on_error; | |||
642 | } | |||
643 | } | |||
644 | ||||
645 | RADIUSD_ASSERT(q->deco == NULL)do { if (!(q->deco == ((void *)0))) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "q->deco == NULL", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 645); if (debug) abort(); } } while (0 ); | |||
646 | radius_query_response(q); | |||
647 | ||||
648 | return; | |||
649 | on_error: | |||
650 | radiusd_access_request_aborted(q); | |||
651 | } | |||
652 | ||||
653 | void | |||
654 | radiusd_access_request_aborted(struct radius_query *q) | |||
655 | { | |||
656 | if (q->req != NULL((void *)0)) | |||
657 | radius_delete_packet(q->req); | |||
658 | if (q->res != NULL((void *)0)) | |||
659 | radius_delete_packet(q->res); | |||
660 | TAILQ_REMOVE(&q->listen->radiusd->query, q, next)do { if (((q)->next.tqe_next) != ((void *)0)) (q)->next .tqe_next->next.tqe_prev = (q)->next.tqe_prev; else (& q->listen->radiusd->query)->tqh_last = (q)->next .tqe_prev; *(q)->next.tqe_prev = (q)->next.tqe_next; ; ; } while (0); | |||
661 | free(q); | |||
662 | } | |||
663 | ||||
664 | /*********************************************************************** | |||
665 | * Signal handlers | |||
666 | ***********************************************************************/ | |||
667 | static void | |||
668 | radiusd_on_sigterm(int fd, short evmask, void *ctx) | |||
669 | { | |||
670 | struct radiusd *radiusd = ctx; | |||
671 | ||||
672 | log_info("Received SIGTERM"); | |||
673 | radiusd_stop(radiusd); | |||
674 | } | |||
675 | ||||
676 | static void | |||
677 | radiusd_on_sigint(int fd, short evmask, void *ctx) | |||
678 | { | |||
679 | struct radiusd *radiusd = ctx; | |||
680 | ||||
681 | log_info("Received SIGINT"); | |||
682 | radiusd_stop(radiusd); | |||
683 | } | |||
684 | ||||
685 | static void | |||
686 | radiusd_on_sighup(int fd, short evmask, void *ctx) | |||
687 | { | |||
688 | log_info("Received SIGHUP"); | |||
689 | } | |||
690 | ||||
691 | static void | |||
692 | radiusd_on_sigchld(int fd, short evmask, void *ctx) | |||
693 | { | |||
694 | struct radiusd *radiusd = ctx; | |||
695 | struct radiusd_module *module; | |||
696 | pid_t pid; | |||
697 | int status; | |||
698 | ||||
699 | log_debug("Received SIGCHLD"); | |||
700 | while ((pid = wait3(&status, WNOHANG0x01, NULL((void *)0))) != 0) { | |||
701 | if (pid == -1) | |||
702 | break; | |||
703 | TAILQ_FOREACH(module, &radiusd->module, next)for((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0); (module) = ((module)->next.tqe_next)) { | |||
704 | if (module->pid == pid) { | |||
705 | if (WIFEXITED(status)(((status) & 0177) == 0)) | |||
706 | log_warnx("module `%s'(pid=%d) exited " | |||
707 | "with status %d", module->name, | |||
708 | (int)pid, WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff)); | |||
709 | else | |||
710 | log_warnx("module `%s'(pid=%d) exited " | |||
711 | "by signal %d", module->name, | |||
712 | (int)pid, WTERMSIG(status)(((status) & 0177))); | |||
713 | break; | |||
714 | } | |||
715 | } | |||
716 | if (!module) { | |||
717 | if (WIFEXITED(status)(((status) & 0177) == 0)) | |||
718 | log_warnx("unkown child process pid=%d exited " | |||
719 | "with status %d", (int)pid, | |||
720 | WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff)); | |||
721 | else | |||
722 | log_warnx("unkown child process pid=%d exited " | |||
723 | "by signal %d", (int)pid, | |||
724 | WTERMSIG(status)(((status) & 0177))); | |||
725 | } | |||
726 | } | |||
727 | } | |||
728 | ||||
729 | static const char * | |||
730 | radius_code_string(int code) | |||
731 | { | |||
732 | int i; | |||
733 | struct _codestrings { | |||
734 | int code; | |||
735 | const char *string; | |||
736 | } codestrings[] = { | |||
737 | { RADIUS_CODE_ACCESS_REQUEST1, "Access-Request" }, | |||
738 | { RADIUS_CODE_ACCESS_ACCEPT2, "Access-Accept" }, | |||
739 | { RADIUS_CODE_ACCESS_REJECT3, "Access-Reject" }, | |||
740 | { RADIUS_CODE_ACCOUNTING_REQUEST4, "Accounting-Request" }, | |||
741 | { RADIUS_CODE_ACCOUNTING_RESPONSE5, "Accounting-Response" }, | |||
742 | { RADIUS_CODE_ACCESS_CHALLENGE11, "Access-Challenge" }, | |||
743 | { RADIUS_CODE_STATUS_SERVER12, "Status-Server" }, | |||
744 | { RADIUS_CODE_STATUS_CLIENT13, "Status-Client" }, | |||
745 | { -1, NULL((void *)0) } | |||
746 | }; | |||
747 | ||||
748 | for (i = 0; codestrings[i].code != -1; i++) | |||
749 | if (codestrings[i].code == code) | |||
750 | return (codestrings[i].string); | |||
751 | ||||
752 | return ("Unknown"); | |||
753 | } | |||
754 | ||||
755 | void | |||
756 | radiusd_conf_init(struct radiusd *conf) | |||
757 | { | |||
758 | ||||
759 | TAILQ_INIT(&conf->listen)do { (&conf->listen)->tqh_first = ((void *)0); (& conf->listen)->tqh_last = &(&conf->listen)-> tqh_first; } while (0); | |||
760 | TAILQ_INIT(&conf->module)do { (&conf->module)->tqh_first = ((void *)0); (& conf->module)->tqh_last = &(&conf->module)-> tqh_first; } while (0); | |||
761 | TAILQ_INIT(&conf->authen)do { (&conf->authen)->tqh_first = ((void *)0); (& conf->authen)->tqh_last = &(&conf->authen)-> tqh_first; } while (0); | |||
762 | TAILQ_INIT(&conf->client)do { (&conf->client)->tqh_first = ((void *)0); (& conf->client)->tqh_last = &(&conf->client)-> tqh_first; } while (0); | |||
763 | ||||
764 | return; | |||
765 | } | |||
766 | ||||
767 | /* | |||
768 | * Fix some attributes which depend the secret value. | |||
769 | */ | |||
770 | static int | |||
771 | radiusd_access_response_fixup(struct radius_query *q) | |||
772 | { | |||
773 | int res_id; | |||
774 | size_t attrlen; | |||
775 | u_char req_auth[16], attrbuf[256]; | |||
776 | const char *authen_secret = q->authen->auth->module->secret; | |||
777 | ||||
778 | radius_get_authenticator(q->req, req_auth); | |||
779 | ||||
780 | if ((authen_secret != NULL((void *)0) && | |||
781 | strcmp(authen_secret, q->client->secret) != 0) || | |||
782 | timingsafe_bcmp(q->req_auth, req_auth, 16) != 0) { | |||
783 | const char *olds = q->client->secret; | |||
784 | const char *news = authen_secret; | |||
785 | ||||
786 | if (news == NULL((void *)0)) | |||
787 | news = olds; | |||
788 | ||||
789 | /* RFC 2865 Tunnel-Password */ | |||
790 | attrlen = sizeof(attrbuf); | |||
791 | if (radius_get_raw_attr(q->res, RADIUS_TYPE_TUNNEL_PASSWORD69, | |||
792 | attrbuf, &attrlen) == 0) { | |||
793 | radius_attr_unhide(news, req_auth, | |||
794 | attrbuf, attrbuf + 3, attrlen - 3); | |||
795 | radius_attr_hide(olds, q->req_auth, | |||
796 | attrbuf, attrbuf + 3, attrlen - 3); | |||
797 | ||||
798 | radius_del_attr_all(q->res, | |||
799 | RADIUS_TYPE_TUNNEL_PASSWORD69); | |||
800 | radius_put_raw_attr(q->res, | |||
801 | RADIUS_TYPE_TUNNEL_PASSWORD69, attrbuf, attrlen); | |||
802 | } | |||
803 | ||||
804 | /* RFC 2548 Microsoft MPPE-{Send,Recv}-Key */ | |||
805 | attrlen = sizeof(attrbuf); | |||
806 | if (radius_get_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311, | |||
807 | RADIUS_VTYPE_MPPE_SEND_KEY16, attrbuf, &attrlen) == 0) { | |||
808 | ||||
809 | /* Re-crypt the KEY */ | |||
810 | radius_attr_unhide(news, req_auth, | |||
811 | attrbuf, attrbuf + 2, attrlen - 2); | |||
812 | radius_attr_hide(olds, q->req_auth, | |||
813 | attrbuf, attrbuf + 2, attrlen - 2); | |||
814 | ||||
815 | radius_del_vs_attr_all(q->res, RADIUS_VENDOR_MICROSOFT311, | |||
816 | RADIUS_VTYPE_MPPE_SEND_KEY16); | |||
817 | radius_put_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311, | |||
818 | RADIUS_VTYPE_MPPE_SEND_KEY16, attrbuf, attrlen); | |||
819 | } | |||
820 | attrlen = sizeof(attrbuf); | |||
821 | if (radius_get_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311, | |||
822 | RADIUS_VTYPE_MPPE_RECV_KEY17, attrbuf, &attrlen) == 0) { | |||
823 | ||||
824 | /* Re-crypt the KEY */ | |||
825 | radius_attr_unhide(news, req_auth, | |||
826 | attrbuf, attrbuf + 2, attrlen - 2); | |||
827 | radius_attr_hide(olds, q->req_auth, | |||
828 | attrbuf, attrbuf + 2, attrlen - 2); | |||
829 | ||||
830 | radius_del_vs_attr_all(q->res, RADIUS_VENDOR_MICROSOFT311, | |||
831 | RADIUS_VTYPE_MPPE_RECV_KEY17); | |||
832 | radius_put_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311, | |||
833 | RADIUS_VTYPE_MPPE_RECV_KEY17, attrbuf, attrlen); | |||
834 | } | |||
835 | } | |||
836 | ||||
837 | res_id = radius_get_id(q->res); | |||
838 | if (res_id != q->req_id) { | |||
839 | /* authentication server change the id */ | |||
840 | radius_set_id(q->res, q->req_id); | |||
841 | } | |||
842 | ||||
843 | return (0); | |||
844 | } | |||
845 | ||||
846 | void | |||
847 | radius_attr_hide(const char *secret, const char *authenticator, | |||
848 | const u_char *salt, u_char *plain, int plainlen) | |||
849 | { | |||
850 | int i, j; | |||
851 | u_char b[16]; | |||
852 | MD5_CTX md5ctx; | |||
853 | ||||
854 | i = 0; | |||
855 | do { | |||
856 | MD5Init(&md5ctx); | |||
857 | MD5Update(&md5ctx, secret, strlen(secret)); | |||
858 | if (i == 0) { | |||
859 | MD5Update(&md5ctx, authenticator, 16); | |||
860 | if (salt != NULL((void *)0)) | |||
861 | MD5Update(&md5ctx, salt, 2); | |||
862 | } else | |||
863 | MD5Update(&md5ctx, plain + i - 16, 16); | |||
864 | MD5Final(b, &md5ctx); | |||
865 | ||||
866 | for (j = 0; j < 16 && i < plainlen; i++, j++) | |||
867 | plain[i] ^= b[j]; | |||
868 | } while (i < plainlen); | |||
869 | } | |||
870 | ||||
871 | void | |||
872 | radius_attr_unhide(const char *secret, const char *authenticator, | |||
873 | const u_char *salt, u_char *crypt0, int crypt0len) | |||
874 | { | |||
875 | int i, j; | |||
876 | u_char b[16]; | |||
877 | MD5_CTX md5ctx; | |||
878 | ||||
879 | i = 16 * ((crypt0len - 1) / 16); | |||
880 | while (i >= 0) { | |||
881 | MD5Init(&md5ctx); | |||
882 | MD5Update(&md5ctx, secret, strlen(secret)); | |||
883 | if (i == 0) { | |||
884 | MD5Update(&md5ctx, authenticator, 16); | |||
885 | if (salt != NULL((void *)0)) | |||
886 | MD5Update(&md5ctx, salt, 2); | |||
887 | } else | |||
888 | MD5Update(&md5ctx, crypt0 + i - 16, 16); | |||
889 | MD5Final(b, &md5ctx); | |||
890 | ||||
891 | for (j = 0; j < 16 && i + j < crypt0len; j++) | |||
892 | crypt0[i + j] ^= b[j]; | |||
893 | i -= 16; | |||
894 | } | |||
895 | } | |||
896 | ||||
897 | static struct radius_query * | |||
898 | radiusd_find_query(struct radiusd *radiusd, u_int q_id) | |||
899 | { | |||
900 | struct radius_query *q; | |||
901 | ||||
902 | TAILQ_FOREACH(q, &radiusd->query, next)for((q) = ((&radiusd->query)->tqh_first); (q) != (( void *)0); (q) = ((q)->next.tqe_next)) { | |||
903 | if (q->id == q_id) | |||
904 | return (q); | |||
905 | } | |||
906 | return (NULL((void *)0)); | |||
907 | } | |||
908 | ||||
909 | /*********************************************************************** | |||
910 | * radiusd module handling | |||
911 | ***********************************************************************/ | |||
912 | struct radiusd_module * | |||
913 | radiusd_module_load(struct radiusd *radiusd, const char *path, const char *name) | |||
914 | { | |||
915 | struct radiusd_module *module = NULL((void *)0); | |||
916 | pid_t pid; | |||
917 | int ival, pairsock[] = { -1, -1 }; | |||
918 | const char *av[3]; | |||
919 | ssize_t n; | |||
920 | struct imsg imsg; | |||
921 | ||||
922 | module = calloc(1, sizeof(struct radiusd_module)); | |||
923 | if (module == NULL((void *)0)) | |||
924 | fatal("Out of memory"); | |||
925 | module->radiusd = radiusd; | |||
926 | ||||
927 | if (socketpair(AF_UNIX1, SOCK_STREAM1, PF_UNSPEC0, pairsock) == -1) { | |||
928 | log_warn("Could not load module `%s'(%s): pipe()", name, path); | |||
929 | goto on_error; | |||
930 | } | |||
931 | ||||
932 | pid = fork(); | |||
933 | if (pid == -1) { | |||
934 | log_warn("Could not load module `%s'(%s): fork()", name, path); | |||
935 | goto on_error; | |||
936 | } | |||
937 | if (pid == 0) { | |||
938 | setsid(); | |||
939 | close(pairsock[0]); | |||
940 | av[0] = path; | |||
941 | av[1] = name; | |||
942 | av[2] = NULL((void *)0); | |||
943 | dup2(pairsock[1], STDIN_FILENO0); | |||
944 | dup2(pairsock[1], STDOUT_FILENO1); | |||
945 | close(pairsock[1]); | |||
946 | closefrom(STDERR_FILENO2 + 1); | |||
947 | execv(path, (char * const *)av); | |||
948 | log_warn("Failed to execute %s", path); | |||
949 | _exit(EXIT_FAILURE1); | |||
950 | } | |||
951 | close(pairsock[1]); | |||
952 | ||||
953 | module->fd = pairsock[0]; | |||
954 | if ((ival = fcntl(module->fd, F_GETFL3)) == -1) { | |||
955 | log_warn("Could not load module `%s': fcntl(F_GETFL)", | |||
956 | name); | |||
957 | goto on_error; | |||
958 | } | |||
959 | if (fcntl(module->fd, F_SETFL4, ival | O_NONBLOCK0x0004) == -1) { | |||
960 | log_warn("Could not load module `%s': fcntl(F_SETFL,O_NONBLOCK)", | |||
961 | name); | |||
962 | goto on_error; | |||
963 | } | |||
964 | strlcpy(module->name, name, sizeof(module->name)); | |||
965 | module->pid = pid; | |||
966 | imsg_init(&module->ibuf, module->fd); | |||
967 | ||||
968 | if (imsg_sync_read(&module->ibuf, MODULE_IO_TIMEOUT2000) <= 0 || | |||
969 | (n = imsg_get(&module->ibuf, &imsg)) <= 0) { | |||
970 | log_warnx("Could not load module `%s': module didn't " | |||
971 | "respond", name); | |||
972 | goto on_error; | |||
973 | } | |||
974 | if (imsg.hdr.type != IMSG_RADIUSD_MODULE_LOAD) { | |||
975 | imsg_free(&imsg); | |||
976 | log_warnx("Could not load module `%s': unknown imsg type=%d", | |||
977 | name, imsg.hdr.type); | |||
978 | goto on_error; | |||
979 | } | |||
980 | ||||
981 | module->capabilities = | |||
982 | ((struct radiusd_module_load_arg *)imsg.data)->cap; | |||
983 | ||||
984 | log_debug("Loaded module `%s' successfully. pid=%d", module->name, | |||
985 | module->pid); | |||
986 | imsg_free(&imsg); | |||
987 | ||||
988 | return (module); | |||
989 | ||||
990 | on_error: | |||
991 | free(module); | |||
992 | if (pairsock[0] >= 0) | |||
993 | close(pairsock[0]); | |||
994 | if (pairsock[1] >= 0) | |||
995 | close(pairsock[1]); | |||
996 | ||||
997 | return (NULL((void *)0)); | |||
998 | } | |||
999 | ||||
1000 | void | |||
1001 | radiusd_module_start(struct radiusd_module *module) | |||
1002 | { | |||
1003 | int datalen; | |||
1004 | struct imsg imsg; | |||
1005 | struct timeval tv = { 0, 0 }; | |||
1006 | ||||
1007 | RADIUSD_ASSERT(module->fd >= 0)do { if (!(module->fd >= 0)) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "module->fd >= 0", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 1007); if (debug) abort(); } } while (0 ); | |||
1008 | imsg_compose(&module->ibuf, IMSG_RADIUSD_MODULE_START, 0, 0, -1, | |||
1009 | NULL((void *)0), 0); | |||
1010 | imsg_sync_flush(&module->ibuf, MODULE_IO_TIMEOUT2000); | |||
1011 | if (imsg_sync_read(&module->ibuf, MODULE_IO_TIMEOUT2000) <= 0 || | |||
1012 | imsg_get(&module->ibuf, &imsg) <= 0) { | |||
1013 | log_warnx("Module `%s' could not start: no response", | |||
1014 | module->name); | |||
1015 | goto on_fail; | |||
1016 | } | |||
1017 | ||||
1018 | datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); | |||
1019 | if (imsg.hdr.type != IMSG_OK) { | |||
1020 | if (imsg.hdr.type == IMSG_NG) { | |||
1021 | if (datalen > 0) | |||
1022 | log_warnx("Module `%s' could not start: %s", | |||
1023 | module->name, (char *)imsg.data); | |||
1024 | else | |||
1025 | log_warnx("Module `%s' could not start", | |||
1026 | module->name); | |||
1027 | } else | |||
1028 | log_warnx("Module `%s' could not started: module " | |||
1029 | "returned unknown message type %d", module->name, | |||
1030 | imsg.hdr.type); | |||
1031 | goto on_fail; | |||
1032 | } | |||
1033 | ||||
1034 | event_set(&module->ev, module->fd, EV_READ0x02, radiusd_module_on_imsg_io, | |||
1035 | module); | |||
1036 | event_add(&module->ev, &tv); | |||
1037 | log_debug("Module `%s' started successfully", module->name); | |||
1038 | ||||
1039 | return; | |||
1040 | on_fail: | |||
1041 | radiusd_module_close(module); | |||
1042 | return; | |||
1043 | } | |||
1044 | ||||
1045 | void | |||
1046 | radiusd_module_stop(struct radiusd_module *module) | |||
1047 | { | |||
1048 | module->stopped = true1; | |||
1049 | ||||
1050 | if (module->secret != NULL((void *)0)) { | |||
1051 | freezero(module->secret, strlen(module->secret)); | |||
1052 | module->secret = NULL((void *)0); | |||
1053 | } | |||
1054 | ||||
1055 | if (module->fd >= 0) { | |||
1056 | imsg_compose(&module->ibuf, IMSG_RADIUSD_MODULE_STOP, 0, 0, -1, | |||
1057 | NULL((void *)0), 0); | |||
1058 | radiusd_module_reset_ev_handler(module); | |||
1059 | } | |||
1060 | } | |||
1061 | ||||
1062 | static void | |||
1063 | radiusd_module_close(struct radiusd_module *module) | |||
1064 | { | |||
1065 | if (module->fd >= 0) { | |||
1066 | event_del(&module->ev); | |||
1067 | imsg_clear(&module->ibuf); | |||
1068 | close(module->fd); | |||
1069 | module->fd = -1; | |||
1070 | } | |||
1071 | } | |||
1072 | ||||
1073 | void | |||
1074 | radiusd_module_unload(struct radiusd_module *module) | |||
1075 | { | |||
1076 | free(module->radpkt); | |||
1077 | radiusd_module_close(module); | |||
1078 | free(module); | |||
1079 | } | |||
1080 | ||||
1081 | static void | |||
1082 | radiusd_module_on_imsg_io(int fd, short evmask, void *ctx) | |||
1083 | { | |||
1084 | struct radiusd_module *module = ctx; | |||
1085 | int ret; | |||
1086 | ||||
1087 | if (evmask & EV_WRITE0x04) | |||
| ||||
1088 | module->writeready = true1; | |||
1089 | ||||
1090 | if (evmask & EV_READ0x02 || module->ibuf.r.wpos > IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) { | |||
1091 | if (radiusd_module_imsg_read(module, | |||
1092 | (evmask & EV_READ0x02)? true1 : false0) == -1) | |||
1093 | goto on_error; | |||
1094 | } | |||
1095 | ||||
1096 | while (module->writeready && module->ibuf.w.queued) { | |||
1097 | ret = msgbuf_write(&module->ibuf.w); | |||
1098 | if (ret > 0) | |||
1099 | continue; | |||
1100 | module->writeready = false0; | |||
1101 | if (ret == 0 && errno(*__errno()) == EAGAIN35) | |||
1102 | break; | |||
1103 | log_warn("Failed to write to module `%s': msgbuf_write()", | |||
1104 | module->name); | |||
1105 | goto on_error; | |||
1106 | } | |||
1107 | radiusd_module_reset_ev_handler(module); | |||
1108 | ||||
1109 | return; | |||
1110 | on_error: | |||
1111 | radiusd_module_close(module); | |||
1112 | } | |||
1113 | ||||
1114 | static void | |||
1115 | radiusd_module_reset_ev_handler(struct radiusd_module *module) | |||
1116 | { | |||
1117 | short evmask; | |||
1118 | struct timeval *tvp = NULL((void *)0), tv = { 0, 0 }; | |||
1119 | ||||
1120 | RADIUSD_ASSERT(module->fd >= 0)do { if (!(module->fd >= 0)) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "module->fd >= 0", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 1120); if (debug) abort(); } } while (0 ); | |||
1121 | event_del(&module->ev); | |||
1122 | ||||
1123 | evmask = EV_READ0x02; | |||
1124 | if (module->ibuf.w.queued) { | |||
1125 | if (!module->writeready) | |||
1126 | evmask |= EV_WRITE0x04; | |||
1127 | else | |||
1128 | tvp = &tv; /* fire immediately */ | |||
1129 | } else if (module->ibuf.r.wpos > IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) | |||
1130 | tvp = &tv; /* fire immediately */ | |||
1131 | ||||
1132 | /* module stopped and no event handler is set */ | |||
1133 | if (evmask & EV_WRITE0x04 && tvp == NULL((void *)0) && module->stopped) { | |||
1134 | /* stop requested and no more to write */ | |||
1135 | radiusd_module_close(module); | |||
1136 | return; | |||
1137 | } | |||
1138 | ||||
1139 | event_set(&module->ev, module->fd, evmask, radiusd_module_on_imsg_io, | |||
1140 | module); | |||
1141 | if (event_add(&module->ev, tvp) == -1) { | |||
1142 | log_warn("Could not set event handlers for module `%s': " | |||
1143 | "event_add()", module->name); | |||
1144 | radiusd_module_close(module); | |||
1145 | } | |||
1146 | } | |||
1147 | ||||
1148 | static int | |||
1149 | radiusd_module_imsg_read(struct radiusd_module *module, bool_Bool doread) | |||
1150 | { | |||
1151 | int n; | |||
1152 | struct imsg imsg; | |||
1153 | ||||
1154 | if (doread
| |||
1155 | if ((n = imsg_read(&module->ibuf)) == -1 || n == 0) { | |||
1156 | if (n == -1 && errno(*__errno()) == EAGAIN35) | |||
1157 | return (0); | |||
1158 | if (n == -1) | |||
1159 | log_warn("Receiving a message from module `%s' " | |||
1160 | "failed: imsg_read", module->name); | |||
1161 | /* else closed */ | |||
1162 | radiusd_module_close(module); | |||
1163 | return (-1); | |||
1164 | } | |||
1165 | } | |||
1166 | for (;;) { | |||
1167 | if ((n = imsg_get(&module->ibuf, &imsg)) == -1) { | |||
1168 | log_warn("Receiving a message from module `%s' failed: " | |||
1169 | "imsg_get", module->name); | |||
1170 | return (-1); | |||
1171 | } | |||
1172 | if (n == 0) | |||
1173 | return (0); | |||
1174 | radiusd_module_imsg(module, &imsg); | |||
1175 | } | |||
1176 | ||||
1177 | return (0); | |||
1178 | } | |||
1179 | ||||
1180 | static void | |||
1181 | radiusd_module_imsg(struct radiusd_module *module, struct imsg *imsg) | |||
1182 | { | |||
1183 | int datalen; | |||
1184 | struct radius_query *q; | |||
1185 | u_int q_id; | |||
1186 | ||||
1187 | datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); | |||
1188 | switch (imsg->hdr.type) { | |||
1189 | case IMSG_RADIUSD_MODULE_NOTIFY_SECRET: | |||
1190 | if (datalen > 0) { | |||
1191 | module->secret = strdup(imsg->data); | |||
1192 | if (module->secret == NULL((void *)0)) | |||
1193 | log_warn("Could not handle NOTIFY_SECRET " | |||
1194 | "from `%s'", module->name); | |||
1195 | } | |||
1196 | break; | |||
1197 | case IMSG_RADIUSD_MODULE_USERPASS_OK: | |||
1198 | case IMSG_RADIUSD_MODULE_USERPASS_FAIL: | |||
1199 | { | |||
1200 | char *msg = NULL((void *)0); | |||
1201 | const char *msgtypestr; | |||
1202 | ||||
1203 | msgtypestr = (imsg->hdr.type == IMSG_RADIUSD_MODULE_USERPASS_OK) | |||
1204 | ? "USERPASS_OK" : "USERPASS_NG"; | |||
1205 | ||||
1206 | q_id = *(u_int *)imsg->data; | |||
1207 | if (datalen > (ssize_t)sizeof(u_int)) | |||
1208 | msg = (char *)(((u_int *)imsg->data) + 1); | |||
1209 | ||||
1210 | q = radiusd_find_query(module->radiusd, q_id); | |||
1211 | if (q == NULL((void *)0)) { | |||
1212 | log_warnx("Received %s from `%s', but query id=%u " | |||
1213 | "unknown", msgtypestr, module->name, q_id); | |||
1214 | break; | |||
1215 | } | |||
1216 | ||||
1217 | if ((q->res = radius_new_response_packet( | |||
1218 | (imsg->hdr.type == IMSG_RADIUSD_MODULE_USERPASS_OK) | |||
1219 | ? RADIUS_CODE_ACCESS_ACCEPT2 : RADIUS_CODE_ACCESS_REJECT3, | |||
1220 | q->req)) == NULL((void *)0)) { | |||
1221 | log_warn("radius_new_response_packet() failed"); | |||
1222 | radiusd_access_request_aborted(q); | |||
1223 | } else { | |||
1224 | if (msg) | |||
1225 | radius_put_string_attr(q->res, | |||
1226 | RADIUS_TYPE_REPLY_MESSAGE18, msg); | |||
1227 | radius_set_response_authenticator(q->res, | |||
1228 | q->client->secret); | |||
1229 | radiusd_access_request_answer(q); | |||
1230 | } | |||
1231 | break; | |||
1232 | } | |||
1233 | case IMSG_RADIUSD_MODULE_ACCSREQ_ANSWER: | |||
1234 | case IMSG_RADIUSD_MODULE_REQDECO_DONE: | |||
1235 | case IMSG_RADIUSD_MODULE_RESDECO_DONE: | |||
1236 | { | |||
1237 | static struct radiusd_module_radpkt_arg *ans; | |||
1238 | const char *typestr = "unknown"; | |||
1239 | ||||
1240 | switch (imsg->hdr.type) { | |||
1241 | case IMSG_RADIUSD_MODULE_ACCSREQ_ANSWER: | |||
1242 | typestr = "ACCSREQ_ANSWER"; | |||
1243 | break; | |||
1244 | case IMSG_RADIUSD_MODULE_REQDECO_DONE: | |||
1245 | typestr = "REQDECO_DONE"; | |||
1246 | break; | |||
1247 | case IMSG_RADIUSD_MODULE_RESDECO_DONE: | |||
1248 | typestr = "RESDECO_DONE"; | |||
1249 | break; | |||
1250 | } | |||
1251 | ||||
1252 | if (datalen < | |||
1253 | (ssize_t)sizeof(struct radiusd_module_radpkt_arg)) { | |||
1254 | log_warnx("Received %s message, but length is wrong", | |||
1255 | typestr); | |||
1256 | break; | |||
1257 | } | |||
1258 | q_id = ((struct radiusd_module_radpkt_arg *)imsg->data)->q_id; | |||
1259 | q = radiusd_find_query(module->radiusd, q_id); | |||
1260 | if (q == NULL((void *)0)) { | |||
1261 | log_warnx("Received %s from %s, but query id=%u " | |||
1262 | "unknown", typestr, module->name, q_id); | |||
1263 | break; | |||
1264 | } | |||
1265 | if ((ans = radiusd_module_recv_radpkt(module, imsg, | |||
1266 | imsg->hdr.type, typestr)) != NULL((void *)0)) { | |||
1267 | RADIUS_PACKET *radpkt = NULL((void *)0); | |||
1268 | ||||
1269 | if (module->radpktoff > 0 && | |||
1270 | (radpkt = radius_convert_packet( | |||
1271 | module->radpkt, module->radpktoff)) == NULL((void *)0)) { | |||
1272 | log_warn("q=%u radius_convert_packet() failed", | |||
1273 | q->id); | |||
1274 | radiusd_access_request_aborted(q); | |||
1275 | break; | |||
1276 | } | |||
1277 | module->radpktoff = 0; | |||
1278 | switch (imsg->hdr.type) { | |||
1279 | case IMSG_RADIUSD_MODULE_REQDECO_DONE: | |||
1280 | if (radpkt != NULL((void *)0)) { | |||
1281 | radius_delete_packet(q->req); | |||
1282 | q->req = radpkt; | |||
1283 | } | |||
1284 | radius_query_request(q); | |||
1285 | break; | |||
1286 | case IMSG_RADIUSD_MODULE_ACCSREQ_ANSWER: | |||
1287 | if (radpkt
| |||
1288 | log_warn("q=%u wrong pkt from module", | |||
1289 | q->id); | |||
1290 | radiusd_access_request_aborted(q); | |||
1291 | } | |||
1292 | q->res = radpkt; | |||
| ||||
1293 | radiusd_access_request_answer(q); | |||
1294 | break; | |||
1295 | case IMSG_RADIUSD_MODULE_RESDECO_DONE: | |||
1296 | if (radpkt != NULL((void *)0)) { | |||
1297 | radius_delete_packet(q->res); | |||
1298 | radius_set_request_packet(radpkt, | |||
1299 | q->req); | |||
1300 | q->res = radpkt; | |||
1301 | } | |||
1302 | radius_query_response(q); | |||
1303 | break; | |||
1304 | } | |||
1305 | } | |||
1306 | break; | |||
1307 | } | |||
1308 | case IMSG_RADIUSD_MODULE_ACCSREQ_ABORTED: | |||
1309 | { | |||
1310 | q_id = *((u_int *)imsg->data); | |||
1311 | q = radiusd_find_query(module->radiusd, q_id); | |||
1312 | if (q == NULL((void *)0)) { | |||
1313 | log_warnx("Received ACCSREQ_ABORT from %s, but query " | |||
1314 | "id=%u unknown", module->name, q_id); | |||
1315 | break; | |||
1316 | } | |||
1317 | radiusd_access_request_aborted(q); | |||
1318 | break; | |||
1319 | } | |||
1320 | default: | |||
1321 | RADIUSD_DBG(("Unhandled imsg type=%d from %s", imsg->hdr.type, | |||
1322 | module->name)); | |||
1323 | } | |||
1324 | } | |||
1325 | ||||
1326 | static struct radiusd_module_radpkt_arg * | |||
1327 | radiusd_module_recv_radpkt(struct radiusd_module *module, struct imsg *imsg, | |||
1328 | uint32_t imsg_type, const char *type_str) | |||
1329 | { | |||
1330 | struct radiusd_module_radpkt_arg *ans; | |||
1331 | int datalen, chunklen; | |||
1332 | ||||
1333 | datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); | |||
1334 | ans = (struct radiusd_module_radpkt_arg *)imsg->data; | |||
1335 | if (module->radpktsiz < ans->pktlen) { | |||
1336 | u_char *nradpkt; | |||
1337 | if ((nradpkt = realloc(module->radpkt, ans->pktlen)) == NULL((void *)0)) { | |||
1338 | log_warn("Could not handle received %s message from " | |||
1339 | "`%s'", type_str, module->name); | |||
1340 | goto on_fail; | |||
1341 | } | |||
1342 | module->radpkt = nradpkt; | |||
1343 | module->radpktsiz = ans->pktlen; | |||
1344 | } | |||
1345 | chunklen = datalen - sizeof(struct radiusd_module_radpkt_arg); | |||
1346 | if (chunklen > module->radpktsiz - module->radpktoff) { | |||
1347 | log_warnx("Could not handle received %s message from `%s': " | |||
1348 | "received length is too big", type_str, module->name); | |||
1349 | goto on_fail; | |||
1350 | } | |||
1351 | if (chunklen > 0) { | |||
1352 | memcpy(module->radpkt + module->radpktoff, | |||
1353 | (caddr_t)(ans + 1), chunklen); | |||
1354 | module->radpktoff += chunklen; | |||
1355 | } | |||
1356 | if (!ans->final) | |||
1357 | return (NULL((void *)0)); /* again */ | |||
1358 | if (module->radpktoff != ans->pktlen) { | |||
1359 | log_warnx("Could not handle received %s message from `%s': " | |||
1360 | "length is mismatch", type_str, module->name); | |||
1361 | goto on_fail; | |||
1362 | } | |||
1363 | ||||
1364 | return (ans); | |||
1365 | on_fail: | |||
1366 | module->radpktoff = 0; | |||
1367 | return (NULL((void *)0)); | |||
1368 | } | |||
1369 | ||||
1370 | int | |||
1371 | radiusd_module_set(struct radiusd_module *module, const char *name, | |||
1372 | int argc, char * const * argv) | |||
1373 | { | |||
1374 | struct radiusd_module_set_arg arg; | |||
1375 | struct radiusd_module_object *val; | |||
1376 | int i, niov = 0; | |||
1377 | u_char *buf = NULL((void *)0), *buf0; | |||
1378 | ssize_t n; | |||
1379 | size_t bufsiz = 0, bufoff = 0, bufsiz0; | |||
1380 | size_t vallen, valsiz; | |||
1381 | struct iovec iov[2]; | |||
1382 | struct imsg imsg; | |||
1383 | ||||
1384 | memset(&arg, 0, sizeof(arg)); | |||
1385 | arg.nparamval = argc; | |||
1386 | strlcpy(arg.paramname, name, sizeof(arg.paramname)); | |||
1387 | ||||
1388 | iov[niov].iov_base = &arg; | |||
1389 | iov[niov].iov_len = sizeof(struct radiusd_module_set_arg); | |||
1390 | niov++; | |||
1391 | ||||
1392 | for (i = 0; i < argc; i++) { | |||
1393 | vallen = strlen(argv[i]) + 1; | |||
1394 | valsiz = sizeof(struct radiusd_module_object) + vallen; | |||
1395 | if (bufsiz < bufoff + valsiz) { | |||
1396 | bufsiz0 = bufoff + valsiz + 128; | |||
1397 | if ((buf0 = realloc(buf, bufsiz0)) == NULL((void *)0)) { | |||
1398 | log_warn("Failed to set config parameter to " | |||
1399 | "module `%s': realloc", module->name); | |||
1400 | goto on_error; | |||
1401 | } | |||
1402 | buf = buf0; | |||
1403 | bufsiz = bufsiz0; | |||
1404 | memset(buf + bufoff, 0, bufsiz - bufoff); | |||
1405 | } | |||
1406 | val = (struct radiusd_module_object *)(buf + bufoff); | |||
1407 | val->size = valsiz; | |||
1408 | memcpy(val + 1, argv[i], vallen); | |||
1409 | ||||
1410 | bufoff += valsiz; | |||
1411 | } | |||
1412 | iov[niov].iov_base = buf; | |||
1413 | iov[niov].iov_len = bufoff; | |||
1414 | niov++; | |||
1415 | ||||
1416 | if (imsg_composev(&module->ibuf, IMSG_RADIUSD_MODULE_SET_CONFIG, 0, 0, | |||
1417 | -1, iov, niov) == -1) { | |||
1418 | log_warn("Failed to set config parameter to module `%s': " | |||
1419 | "imsg_composev", module->name); | |||
1420 | goto on_error; | |||
1421 | } | |||
1422 | if (imsg_sync_flush(&module->ibuf, MODULE_IO_TIMEOUT2000) == -1) { | |||
1423 | log_warn("Failed to set config parameter to module `%s': " | |||
1424 | "imsg_flush_timeout", module->name); | |||
1425 | goto on_error; | |||
1426 | } | |||
1427 | for (;;) { | |||
1428 | if (imsg_sync_read(&module->ibuf, MODULE_IO_TIMEOUT2000) <= 0) { | |||
1429 | log_warn("Failed to get reply from module `%s': " | |||
1430 | "imsg_sync_read", module->name); | |||
1431 | goto on_error; | |||
1432 | } | |||
1433 | if ((n = imsg_get(&module->ibuf, &imsg)) > 0) | |||
1434 | break; | |||
1435 | if (n < 0) { | |||
1436 | log_warn("Failed to get reply from module `%s': " | |||
1437 | "imsg_get", module->name); | |||
1438 | goto on_error; | |||
1439 | } | |||
1440 | } | |||
1441 | if (imsg.hdr.type == IMSG_NG) { | |||
1442 | log_warnx("Could not set `%s' for module `%s': %s", name, | |||
1443 | module->name, (char *)imsg.data); | |||
1444 | goto on_error; | |||
1445 | } else if (imsg.hdr.type != IMSG_OK) { | |||
1446 | imsg_free(&imsg); | |||
1447 | log_warnx("Failed to get reply from module `%s': " | |||
1448 | "unknown imsg type=%d", module->name, imsg.hdr.type); | |||
1449 | goto on_error; | |||
1450 | } | |||
1451 | imsg_free(&imsg); | |||
1452 | ||||
1453 | free(buf); | |||
1454 | return (0); | |||
1455 | ||||
1456 | on_error: | |||
1457 | free(buf); | |||
1458 | return (-1); | |||
1459 | } | |||
1460 | ||||
1461 | static void | |||
1462 | radiusd_module_userpass(struct radiusd_module *module, struct radius_query *q) | |||
1463 | { | |||
1464 | struct radiusd_module_userpass_arg userpass; | |||
1465 | ||||
1466 | memset(&userpass, 0, sizeof(userpass)); | |||
1467 | userpass.q_id = q->id; | |||
1468 | ||||
1469 | if (radius_get_user_password_attr(q->req, userpass.pass, | |||
1470 | sizeof(userpass.pass), q->client->secret) == 0) | |||
1471 | userpass.has_pass = true1; | |||
1472 | else | |||
1473 | userpass.has_pass = false0; | |||
1474 | if (radius_get_string_attr(q->req, RADIUS_TYPE_USER_NAME1, | |||
1475 | userpass.user, sizeof(userpass.user)) != 0) { | |||
1476 | log_warnx("q=%u no User-Name attribute", q->id); | |||
1477 | goto on_error; | |||
1478 | } | |||
1479 | imsg_compose(&module->ibuf, IMSG_RADIUSD_MODULE_USERPASS, 0, 0, -1, | |||
1480 | &userpass, sizeof(userpass)); | |||
1481 | radiusd_module_reset_ev_handler(module); | |||
1482 | return; | |||
1483 | on_error: | |||
1484 | radiusd_access_request_aborted(q); | |||
1485 | } | |||
1486 | ||||
1487 | static void | |||
1488 | radiusd_module_access_request(struct radiusd_module *module, | |||
1489 | struct radius_query *q) | |||
1490 | { | |||
1491 | RADIUS_PACKET *radpkt; | |||
1492 | char pass[256]; | |||
1493 | ||||
1494 | if ((radpkt = radius_convert_packet(radius_get_data(q->req), | |||
1495 | radius_get_length(q->req))) == NULL((void *)0)) { | |||
1496 | log_warn("q=%u Could not send ACCSREQ to `%s'", q->id, | |||
1497 | module->name); | |||
1498 | radiusd_access_request_aborted(q); | |||
1499 | return; | |||
1500 | } | |||
1501 | if (q->client->secret[0] != '\0' && module->secret != NULL((void *)0) && | |||
1502 | radius_get_user_password_attr(radpkt, pass, sizeof(pass), | |||
1503 | q->client->secret) == 0) { | |||
1504 | radius_del_attr_all(radpkt, RADIUS_TYPE_USER_PASSWORD2); | |||
1505 | (void)radius_put_raw_attr(radpkt, RADIUS_TYPE_USER_PASSWORD2, | |||
1506 | pass, strlen(pass)); | |||
1507 | } | |||
1508 | if (imsg_compose_radius_packet(&module->ibuf, | |||
1509 | IMSG_RADIUSD_MODULE_ACCSREQ, q->id, radpkt) == -1) { | |||
1510 | log_warn("q=%u Could not send ACCSREQ to `%s'", q->id, | |||
1511 | module->name); | |||
1512 | radiusd_access_request_aborted(q); | |||
1513 | } | |||
1514 | radiusd_module_reset_ev_handler(module); | |||
1515 | radius_delete_packet(radpkt); | |||
1516 | } | |||
1517 | ||||
1518 | static void | |||
1519 | radiusd_module_request_decoration(struct radiusd_module *module, | |||
1520 | struct radius_query *q) | |||
1521 | { | |||
1522 | if (module->fd < 0) { | |||
1523 | log_warnx("q=%u Could not send REQDECO to `%s': module is " | |||
1524 | "not running?", q->id, module->name); | |||
1525 | radiusd_access_request_aborted(q); | |||
1526 | return; | |||
1527 | } | |||
1528 | if (imsg_compose_radius_packet(&module->ibuf, | |||
1529 | IMSG_RADIUSD_MODULE_REQDECO, q->id, q->req) == -1) { | |||
1530 | log_warn("q=%u Could not send REQDECO to `%s'", q->id, | |||
1531 | module->name); | |||
1532 | radiusd_access_request_aborted(q); | |||
1533 | return; | |||
1534 | } | |||
1535 | radiusd_module_reset_ev_handler(module); | |||
1536 | } | |||
1537 | ||||
1538 | static void | |||
1539 | radiusd_module_response_decoration(struct radiusd_module *module, | |||
1540 | struct radius_query *q) | |||
1541 | { | |||
1542 | if (module->fd < 0) { | |||
1543 | log_warnx("q=%u Could not send RESDECO to `%s': module is " | |||
1544 | "not running?", q->id, module->name); | |||
1545 | radiusd_access_request_aborted(q); | |||
1546 | return; | |||
1547 | } | |||
1548 | if (imsg_compose_radius_packet(&module->ibuf, | |||
1549 | IMSG_RADIUSD_MODULE_RESDECO0_REQ, q->id, q->req) == -1) { | |||
1550 | log_warn("q=%u Could not send RESDECO0_REQ to `%s'", q->id, | |||
1551 | module->name); | |||
1552 | radiusd_access_request_aborted(q); | |||
1553 | return; | |||
1554 | } | |||
1555 | if (imsg_compose_radius_packet(&module->ibuf, | |||
1556 | IMSG_RADIUSD_MODULE_RESDECO, q->id, q->res) == -1) { | |||
1557 | log_warn("q=%u Could not send RESDECO to `%s'", q->id, | |||
1558 | module->name); | |||
1559 | radiusd_access_request_aborted(q); | |||
1560 | return; | |||
1561 | } | |||
1562 | radiusd_module_reset_ev_handler(module); | |||
1563 | } | |||
1564 | ||||
1565 | static int | |||
1566 | imsg_compose_radius_packet(struct imsgbuf *ibuf, uint32_t type, u_int q_id, | |||
1567 | RADIUS_PACKET *radpkt) | |||
1568 | { | |||
1569 | struct radiusd_module_radpkt_arg arg; | |||
1570 | int off = 0, len, siz; | |||
1571 | struct iovec iov[2]; | |||
1572 | const u_char *pkt; | |||
1573 | ||||
1574 | pkt = radius_get_data(radpkt); | |||
1575 | len = radius_get_length(radpkt); | |||
1576 | memset(&arg, 0, sizeof(arg)); | |||
1577 | arg.q_id = q_id; | |||
1578 | arg.pktlen = len; | |||
1579 | while (off < len) { | |||
1580 | siz = MAX_IMSGSIZE16384 - sizeof(arg); | |||
1581 | if (len - off > siz) | |||
1582 | arg.final = false0; | |||
1583 | else { | |||
1584 | arg.final = true1; | |||
1585 | siz = len - off; | |||
1586 | } | |||
1587 | iov[0].iov_base = &arg; | |||
1588 | iov[0].iov_len = sizeof(arg); | |||
1589 | iov[1].iov_base = (caddr_t)pkt + off; | |||
1590 | iov[1].iov_len = siz; | |||
1591 | if (imsg_composev(ibuf, type, 0, 0, -1, iov, 2) == -1) | |||
1592 | return (-1); | |||
1593 | off += siz; | |||
1594 | } | |||
1595 | return (0); | |||
1596 | } |