summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gconfig.c32
-rw-r--r--gconfig.h1
-rw-r--r--radsecproxy.c20
-rw-r--r--radsecproxy.h1
4 files changed, 32 insertions, 22 deletions
diff --git a/gconfig.c b/gconfig.c
index 904ad7d..af73db1 100644
--- a/gconfig.c
+++ b/gconfig.c
@@ -153,6 +153,7 @@ void getgenericconfig(struct gconffile **cf, char *block, ...) {
char line[1024];
/* initialise lots of stuff to avoid stupid compiler warnings */
char *tokens[3], *s, *opt = NULL, *val = NULL, *word, *optval, **str = NULL, ***mstr = NULL;
+ uint8_t *bln;
int type = 0, tcount, conftype = 0, n;
void (*cbk)(struct gconffile **, char *, char *, char *) = NULL;
@@ -230,6 +231,11 @@ void getgenericconfig(struct gconffile **cf, char *block, ...) {
if (!mstr)
debugx(1, DBG_ERR, "getgenericconfig: internal parameter error");
break;
+ case CONF_BLN:
+ bln = va_arg(ap, uint8_t *);
+ if (!bln)
+ debugx(1, DBG_ERR, "getgenericconfig: internal parameter error");
+ break;
case CONF_CBK:
cbk = va_arg(ap, void (*)(struct gconffile **, char *, char *, char *));
break;
@@ -247,7 +253,7 @@ void getgenericconfig(struct gconffile **cf, char *block, ...) {
debugx(1, DBG_ERR, "configuration error, unknown option %s", opt);
}
- if (((type == CONF_STR || type == CONF_MSTR) && conftype != CONF_STR) ||
+ if (((type == CONF_STR || type == CONF_MSTR || type == CONF_BLN) && conftype != CONF_STR) ||
(type == CONF_CBK && conftype != CONF_CBK)) {
if (block)
debugx(1, DBG_ERR, "configuration error in block %s, wrong syntax for option %s", block, opt);
@@ -256,10 +262,6 @@ void getgenericconfig(struct gconffile **cf, char *block, ...) {
switch (type) {
case CONF_STR:
- if (block)
- debug(DBG_DBG, "getgenericconfig: block %s: %s = %s", block, opt, val);
- else
- debug(DBG_DBG, "getgenericconfig: %s = %s", opt, val);
if (*str)
debugx(1, DBG_ERR, "configuration error, option %s already set to %s", opt, *str);
*str = stringcopy(val, 0);
@@ -267,10 +269,6 @@ void getgenericconfig(struct gconffile **cf, char *block, ...) {
debugx(1, DBG_ERR, "malloc failed");
break;
case CONF_MSTR:
- if (block)
- debug(DBG_DBG, "getgenericconfig: block %s: %s = %s", block, opt, val);
- else
- debug(DBG_DBG, "getgenericconfig: %s = %s", opt, val);
if (*mstr)
for (n = 0; (*mstr)[n]; n++);
else
@@ -281,6 +279,16 @@ void getgenericconfig(struct gconffile **cf, char *block, ...) {
(*mstr)[n] = stringcopy(val, 0);
(*mstr)[n + 1] = NULL;
break;
+ case CONF_BLN:
+ if (!strcasecmp(val, "on"))
+ *bln = 1;
+ else if (!strcasecmp(val, "off"))
+ *bln = 0;
+ else if (block)
+ debugx(1, DBG_ERR, "configuration error in block %s, value for option %s must be on or off, not %s", block, opt, val);
+ else
+ debugx(1, DBG_ERR, "configuration error, value for option %s must be on or off, not %s", opt, val);
+ break;
case CONF_CBK:
optval = malloc(strlen(opt) + strlen(val) + 2);
if (!optval)
@@ -288,9 +296,13 @@ void getgenericconfig(struct gconffile **cf, char *block, ...) {
sprintf(optval, "%s %s", opt, val);
cbk(cf, optval, opt, val);
free(optval);
- break;
+ continue;
default:
debugx(1, DBG_ERR, "getgenericconfig: internal parameter error");
}
+ if (block)
+ debug(DBG_DBG, "getgenericconfig: block %s: %s = %s", block, opt, val);
+ else
+ debug(DBG_DBG, "getgenericconfig: %s = %s", opt, val);
}
}
diff --git a/gconfig.h b/gconfig.h
index 409b1ba..be48165 100644
--- a/gconfig.h
+++ b/gconfig.h
@@ -1,6 +1,7 @@
#define CONF_STR 1
#define CONF_CBK 2
#define CONF_MSTR 3
+#define CONF_BLN 4
struct gconffile {
char *path;
diff --git a/radsecproxy.c b/radsecproxy.c
index 01d032b..3f78f5b 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -766,7 +766,7 @@ int verifyconfcert(X509 *cert, struct clsrvconf *conf) {
uint8_t type = 0; /* 0 for DNS, AF_INET for IPv4, AF_INET6 for IPv6 */
struct in6_addr addr;
- if (conf->prefixlen == 255) {
+ if (conf->certnamecheck && conf->prefixlen == 255) {
if (inet_pton(AF_INET, conf->host, &addr))
type = AF_INET;
else if (inet_pton(AF_INET6, conf->host, &addr))
@@ -2960,6 +2960,7 @@ void confclient_cb(struct gconffile **cf, char *block, char *opt, char *val) {
if (!conf || !list_push(clconfs, conf))
debugx(1, DBG_ERR, "malloc failed");
memset(conf, 0, sizeof(struct clsrvconf));
+ conf->certnamecheck = 1;
getgenericconfig(cf, block,
"type", CONF_STR, &type,
@@ -2967,6 +2968,7 @@ void confclient_cb(struct gconffile **cf, char *block, char *opt, char *val) {
"secret", CONF_STR, &conf->secret,
"tls", CONF_STR, &tls,
"matchcertificateattribute", CONF_STR, &matchcertattr,
+ "CertificateNameCheck", CONF_BLN, &conf->certnamecheck,
"rewrite", CONF_STR, &rewrite,
"rewriteattribute", CONF_STR, &rewriteattr,
NULL
@@ -3014,7 +3016,7 @@ void confclient_cb(struct gconffile **cf, char *block, char *opt, char *val) {
}
void confserver_cb(struct gconffile **cf, char *block, char *opt, char *val) {
- char *type = NULL, *tls = NULL, *matchcertattr = NULL, *statusserver = NULL, *rewrite = NULL;
+ char *type = NULL, *tls = NULL, *matchcertattr = NULL, *rewrite = NULL;
struct clsrvconf *conf;
debug(DBG_DBG, "confserver_cb called for %s", block);
@@ -3023,6 +3025,7 @@ void confserver_cb(struct gconffile **cf, char *block, char *opt, char *val) {
if (!conf || !list_push(srvconfs, conf))
debugx(1, DBG_ERR, "malloc failed");
memset(conf, 0, sizeof(struct clsrvconf));
+ conf->certnamecheck = 1;
getgenericconfig(cf, block,
"type", CONF_STR, &type,
@@ -3030,9 +3033,10 @@ void confserver_cb(struct gconffile **cf, char *block, char *opt, char *val) {
"port", CONF_STR, &conf->port,
"secret", CONF_STR, &conf->secret,
"tls", CONF_STR, &tls,
- "matchcertificateattribute", CONF_STR, &matchcertattr,
+ "MatchCertificateAttribute", CONF_STR, &matchcertattr,
"rewrite", CONF_STR, &rewrite,
- "StatusServer", CONF_STR, &statusserver,
+ "StatusServer", CONF_BLN, &conf->statusserver,
+ "CertificateNameCheck", CONF_BLN, &conf->certnamecheck,
NULL
);
@@ -3073,14 +3077,6 @@ void confserver_cb(struct gconffile **cf, char *block, char *opt, char *val) {
debugx(1, DBG_ERR, "error in block %s, secret must be specified for UDP", block);
conf->secret = stringcopy(DEFAULT_TLS_SECRET, 0);
}
-
- if (statusserver) {
- if (!strcasecmp(statusserver, "on"))
- conf->statusserver = 1;
- else if (strcasecmp(statusserver, "off"))
- debugx(1, DBG_ERR, "error in block %s, StatusServer is %s, must be on or off", block, statusserver);
- free(statusserver);
- }
}
void confrealm_cb(struct gconffile **cf, char *block, char *opt, char *val) {
diff --git a/radsecproxy.h b/radsecproxy.h
index f60d3a3..2ba6153 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -84,6 +84,7 @@ struct clsrvconf {
regex_t *rewriteattrregex;
char *rewriteattrreplacement;
uint8_t statusserver;
+ uint8_t certnamecheck;
SSL_CTX *ssl_ctx;
struct rewrite *rewrite;
struct addrinfo *addrinfo;