From edb4444be43db1821427e595bdfbe58b2af3577c Mon Sep 17 00:00:00 2001 From: venaas Date: Tue, 29 May 2007 13:03:24 +0000 Subject: removed some old backwards compatible config stuff (clients.conf/servers.conf) git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@110 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.c | 55 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 15 deletions(-) diff --git a/radsecproxy.c b/radsecproxy.c index 94785ac..291d2af 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -995,14 +995,15 @@ int msmppdecrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen, return 1; } -struct server *id2server(char *id, uint8_t len) { +int id2server(struct server **server, char *id, uint8_t len) { int i; for (i = 0; i < realm_count; i++) if (!regexec(&realms[i].regex, id, 0, NULL, 0)) { debug(DBG_DBG, "found matching realm: %s, host %s", realms[i].name, realms[i].server->peer.host); - return realms[i].server; + *server = realms[i].server; + return 1; } - return NULL; + return 0; } int rqinqueue(struct server *to, struct client *from, uint8_t id) { @@ -1103,6 +1104,21 @@ void respondstatusserver(struct request *rq) { sendreply(rq->from, resp, rq->from->peer.type == 'U' ? &rq->fromsa : NULL); } +void respondreject(struct request *rq) { + unsigned char *resp; + + resp = malloc(20); + if (!resp) { + debug(DBG_ERR, "respondreject: malloc failed"); + return; + } + memcpy(resp, rq->buf, 20); + resp[0] = RAD_Access_Reject; + resp[2] = 0; + resp[3] = 20; + sendreply(rq->from, resp, rq->from->peer.type == 'U' ? &rq->fromsa : NULL); +} + void radsrv(struct request *rq) { uint8_t code, id, *auth, *attrs, *attr; uint16_t len; @@ -1144,14 +1160,13 @@ void radsrv(struct request *rq) { username[ATTRVALLEN(attr)] = '\0'; debug(DBG_DBG, "Access Request with username: %s", username); - to = id2server(username, strlen(username)); - if (!to) { + if (!id2server(&to, username, strlen(username))) { debug(DBG_INFO, "radsrv: ignoring request, don't know where to send it"); free(buf); return; } - - if (rqinqueue(to, rq->from, id)) { + + if (to && rqinqueue(to, rq->from, id)) { debug(DBG_INFO, "radsrv: already got request from host %s with id %d, ignoring", rq->from->peer.host, id); free(buf); return; @@ -1169,6 +1184,12 @@ void radsrv(struct request *rq) { respondstatusserver(rq); return; } + + if (!to) { + debug(DBG_INFO, "radsrv: sending reject to %s for %s", rq->from->peer.host, username); + respondreject(rq); + return; + } if (!RAND_bytes(newauth, 16)) { debug(DBG_WARN, "radsrv: failed to generate random auth"); @@ -1690,13 +1711,15 @@ void addrealm(char *value, char *server) { int i, n; struct realm *realm; char *s, *regex = NULL; - - for (i = 0; i < server_count; i++) - if (!strcasecmp(server, servers[i].peer.host)) - break; - if (i == server_count) - debugx(1, DBG_ERR, "addrealm failed, no server %s", server); + if (server) { + for (i = 0; i < server_count; i++) + if (!strcasecmp(server, servers[i].peer.host)) + break; + if (i == server_count) + debugx(1, DBG_ERR, "addrealm failed, no server %s", server); + } + if (*value != '/') { /* not a regexp, let us make it one */ if (*value == '*' && !value[1]) @@ -1731,7 +1754,8 @@ void addrealm(char *value, char *server) { realm->name = stringcopy(value, 0); if (!realm->name) debugx(1, DBG_ERR, "malloc failed"); - realm->server = servers + i; + if (server) + realm->server = servers + i; if (regcomp(&realm->regex, regex ? regex : value + 1, REG_ICASE | REG_NOSUB)) debugx(1, DBG_ERR, "addrealm: failed to compile regular expression %s", regex ? regex : value + 1); if (regex) @@ -2098,9 +2122,10 @@ void confrealm_cb(FILE *f, char *opt, char *val) { "server", CONF_STR, &server, NULL ); +#if 0 if (!server) debugx(1, DBG_ERR, "error in block %s, server must be specified", block); - +#endif addrealm(val, server); free(server); free(block); -- cgit v1.1