diff options
-rw-r--r-- | dtls.c | 4 | ||||
-rw-r--r-- | hostport.c | 13 | ||||
-rw-r--r-- | hostport.h | 6 | ||||
-rw-r--r-- | radsecproxy.c | 36 | ||||
-rw-r--r-- | radsecproxy.h | 1 | ||||
-rw-r--r-- | tcp.c | 4 | ||||
-rw-r--r-- | tls.c | 4 | ||||
-rw-r--r-- | udp.c | 4 |
8 files changed, 55 insertions, 17 deletions
@@ -99,7 +99,9 @@ struct dtlsservernewparams { void dtlssetsrcres() { if (!srcres) - srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype); + srcres = + resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, + AF_UNSPEC, NULL, protodefs.socktype); } int udp2bio(int s, struct gqueue *q, int cnt) { @@ -132,12 +132,12 @@ errexit: return NULL; } -int resolvehostport(struct hostportres *hp, int socktype, uint8_t passive) { +int resolvehostport(struct hostportres *hp, int af, int socktype, uint8_t passive) { struct addrinfo hints, *res; memset(&hints, 0, sizeof(hints)); hints.ai_socktype = socktype; - hints.ai_family = AF_UNSPEC; + hints.ai_family = af; if (passive) hints.ai_flags = AI_PASSIVE; @@ -172,6 +172,7 @@ int resolvehostport(struct hostportres *hp, int socktype, uint8_t passive) { } } } + debug(DBG_DBG, "%s: %s -> %s", __func__, hp->host, addr2string(hp->addrinfo->ai_addr)); return 1; errexit: @@ -213,22 +214,22 @@ void freehostports(struct list *hostports) { list_destroy(hostports); } -int resolvehostports(struct list *hostports, int socktype) { +int resolvehostports(struct list *hostports, int af, int socktype) { struct list_node *entry; struct hostportres *hp; for (entry = list_first(hostports); entry; entry = list_next(entry)) { hp = (struct hostportres *)entry->data; - if (!hp->addrinfo && !resolvehostport(hp, socktype, 0)) + if (!hp->addrinfo && !resolvehostport(hp, af, socktype, 0)) return 0; } return 1; } -struct addrinfo *resolvepassiveaddrinfo(char *hostport, char *default_port, int socktype) { +struct addrinfo *resolvepassiveaddrinfo(char *hostport, int af, char *default_port, int socktype) { struct addrinfo *ai = NULL; struct hostportres *hp = newhostport(hostport, default_port, 0); - if (hp && resolvehostport(hp, socktype, 1)) { + if (hp && resolvehostport(hp, af, socktype, 1)) { ai = hp->addrinfo; hp->addrinfo = NULL; } @@ -17,9 +17,9 @@ struct hostportres *newhostport(char *hostport, char *default_port, uint8_t pref int addhostport(struct list **hostports, char **hostport, char *portdefault, uint8_t prefixok); void freehostport(struct hostportres *hp); void freehostports(struct list *hostports); -int resolvehostport(struct hostportres *hp, int socktype, uint8_t passive); -int resolvehostports(struct list *hostports, int socktype); -struct addrinfo *resolvepassiveaddrinfo(char *hostport, char *default_port, int socktype); +int resolvehostport(struct hostportres *hp, int af, int socktype, uint8_t passive); +int resolvehostports(struct list *hostports, int af, int socktype); +struct addrinfo *resolvepassiveaddrinfo(char *hostport, int af, char *default_port, int socktype); int addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t checkport); int connecttcphostlist(struct list *hostports, struct addrinfo *src); diff --git a/radsecproxy.c b/radsecproxy.c index 5e9b5ca..fa72fb2 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1773,7 +1773,7 @@ void *clientwr(void *arg) { /* FIXME: Is resolving not always done by compileserverconfig(), * either as part of static configuration setup or by * dynamicconfig() above? */ - if (!resolvehostports(conf->hostports, conf->pdef->socktype)) { + if (!resolvehostports(conf->hostports, conf->hostaf, conf->pdef->socktype)) { debug(DBG_WARN, "%s: resolve failed, sleeping %ds", __func__, ZZZ); sleep(ZZZ); goto errexit; @@ -1926,7 +1926,7 @@ void createlistener(uint8_t type, char *arg) { int s = -1, on = 1, *sp = NULL; struct hostportres *hp = newhostport(arg, protodefs[type]->portdefault, 0); - if (!hp || !resolvehostport(hp, protodefs[type]->socktype, 1)) + if (!hp || !resolvehostport(hp, AF_UNSPEC, protodefs[type]->socktype, 1)) debugx(1, DBG_ERR, "createlistener: failed to resolve %s", arg); for (res = hp->addrinfo; res; res = res->ai_next) { @@ -2684,10 +2684,25 @@ int mergesrvconf(struct clsrvconf *dst, struct clsrvconf *src) { return 1; } +int config_hostaf(const char *block, int ipv4only, int ipv6only, int *af) { + if (ipv4only && ipv6only) { + debug(DBG_ERR, "error in block %s, at most one of IPv4Only and " + "IPv6Only can be enabled", block); + return -1; + } + *af = AF_UNSPEC; + if (ipv4only) + *af = AF_INET; + if (ipv6only) + *af = AF_INET6; + return 0; +} + int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) { struct clsrvconf *conf; char *conftype = NULL, *rewriteinalias = NULL; long int dupinterval = LONG_MIN, addttl = LONG_MIN; + uint8_t ipv4only, ipv6only; debug(DBG_DBG, "confclient_cb called for %s", block); @@ -2701,6 +2716,8 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char cf, block, "type", CONF_STR, &conftype, "host", CONF_MSTR, &conf->hostsrc, + "IPv4Only", CONF_BLN, &ipv4only, + "IPv6Only", CONF_BLN, &ipv6only, "secret", CONF_STR, &conf->secret, #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) "tls", CONF_STR, &conf->tls, @@ -2752,6 +2769,9 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char } #endif + if (config_hostaf(block, ipv4only, ipv6only, &conf->hostaf)) + debugx(1, DBG_ERR, "error in block %s: ^", block); + if (dupinterval != LONG_MIN) { if (dupinterval < 0 || dupinterval > 255) debugx(1, DBG_ERR, "error in block %s, value of option DuplicateInterval is %d, must be 0-255", block, dupinterval); @@ -2782,7 +2802,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char } if (!addhostport(&conf->hostports, conf->hostsrc, conf->pdef->portdefault, 1) || - !resolvehostports(conf->hostports, conf->pdef->socktype)) + !resolvehostports(conf->hostports, conf->hostaf, conf->pdef->socktype)) debugx(1, DBG_ERR, "%s: resolve failed, exiting", __func__); if (!conf->secret) { @@ -2844,7 +2864,9 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { return 0; } - if (!conf->dynamiclookupcommand && !resolvehostports(conf->hostports, conf->pdef->socktype)) { + if (!conf->dynamiclookupcommand && + !resolvehostports(conf->hostports, conf->hostaf, + conf->pdef->socktype)) { debug(DBG_ERR, "%s: resolve failed", __func__); return 0; } @@ -2855,6 +2877,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char struct clsrvconf *conf, *resconf; char *conftype = NULL, *rewriteinalias = NULL; long int retryinterval = LONG_MIN, retrycount = LONG_MIN, addttl = LONG_MIN; + uint8_t ipv4only, ipv6only; debug(DBG_DBG, "confserver_cb called for %s", block); @@ -2875,6 +2898,8 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char if (!getgenericconfig(cf, block, "type", CONF_STR, &conftype, "host", CONF_MSTR, &conf->hostsrc, + "IPv4Only", CONF_BLN, &ipv4only, + "IPv6Only", CONF_BLN, &ipv6only, "port", CONF_STR, &conf->portsrc, "secret", CONF_STR, &conf->secret, #if defined(RADPROT_TLS) || defined(RADPROT_DTLS) @@ -2922,6 +2947,9 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char free(conftype); conftype = NULL; + if (config_hostaf(block, ipv4only, ipv6only, &conf->hostaf)) + goto errexit; + conf->pdef = protodefs[conf->type]; if (!conf->confrewritein) diff --git a/radsecproxy.h b/radsecproxy.h index dc09b1e..eb30afd 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -106,6 +106,7 @@ struct clsrvconf { uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */ const struct protodefs *pdef; char **hostsrc; + int hostaf; char *portsrc; struct list *hostports; char *secret; @@ -78,7 +78,9 @@ static char **getlistenerargs() { void tcpsetsrcres() { if (!srcres) - srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype); + srcres = + resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, + AF_UNSPEC, NULL, protodefs.socktype); } int tcpconnect(struct server *server, struct timeval *when, int timeout, char *text) { @@ -82,7 +82,9 @@ static char **getlistenerargs() { void tlssetsrcres() { if (!srcres) - srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype); + srcres = + resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, + AF_UNSPEC, NULL, protodefs.socktype); } int tlsconnect(struct server *server, struct timeval *when, int timeout, char *text) { @@ -86,7 +86,9 @@ static char **getlistenerargs() { void udpsetsrcres() { if (!srcres) - srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype); + srcres = + resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, + AF_UNSPEC, NULL, protodefs.socktype); } void removeudpclientfromreplyq(struct client *c) { |