diff options
| -rw-r--r-- | radsecproxy.c | 33 | ||||
| -rw-r--r-- | radsecproxy.h | 5 | ||||
| -rw-r--r-- | util.c | 64 | ||||
| -rw-r--r-- | util.h | 11 |
4 files changed, 54 insertions, 59 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index 669f03c..924434c 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -433,6 +433,7 @@ void removeclient(struct client *client) { pthread_mutex_unlock(&client->replyq->mutex); pthread_mutex_destroy(&client->replyq->mutex); list_removedata(client->conf->clients, client); + free(client->addr); free(client); } @@ -538,7 +539,7 @@ unsigned char *radudpget(int s, struct client **client, struct server **server, p = find_conf('U', (struct sockaddr *)&from, client ? clconfs : srvconfs, NULL); if (!p) { - debug(DBG_WARN, "radudpget: got packet from wrong or unknown UDP peer %s, ignoring", addr2string((struct sockaddr *)&from, fromlen)); + debug(DBG_WARN, "radudpget: got packet from wrong or unknown UDP peer %s, ignoring", addr2string((struct sockaddr *)&from)); recv(s, buf, 4, 0); continue; } @@ -558,7 +559,7 @@ unsigned char *radudpget(int s, struct client **client, struct server **server, } cnt = recv(s, rad, len, MSG_TRUNC); - debug(DBG_DBG, "radudpget: got %d bytes from %s", cnt, addr2string((struct sockaddr *)&from, fromlen)); + debug(DBG_DBG, "radudpget: got %d bytes from %s", cnt, addr2string((struct sockaddr *)&from)); if (cnt < len) { debug(DBG_WARN, "radudpget: packet smaller than length field in radius header"); @@ -2387,7 +2388,7 @@ void *udpaccserverrd(void *arg) { listenres = resolve_hostport('U', options.listenaccudp, DEFAULT_UDP_PORT); if ((udp_accserver_sock = bindtoaddr(listenres->addrinfo, AF_UNSPEC, 1, 0)) < 0) - debugx(1, DBG_ERR, "udpserverrd: socket/bind failed"); + debugx(1, DBG_ERR, "udpaccserverrd: socket/bind failed"); debug(DBG_WARN, "udpaccserverrd: listening for UDP on %s:%s", listenres->host ? listenres->host : "*", listenres->port); @@ -2412,7 +2413,8 @@ void *tlsserverwr(void *arg) { struct replyq *replyq; struct reply *reply; - debug(DBG_DBG, "tlsserverwr starting for %s", client->conf->host); + debug(DBG_DBG, "tlsserverwr starting for %s", addr2string(client->addr)); + replyq = client->replyq; for (;;) { pthread_mutex_lock(&replyq->mutex); @@ -2434,8 +2436,8 @@ void *tlsserverwr(void *arg) { pthread_mutex_unlock(&replyq->mutex); cnt = SSL_write(client->ssl, reply->buf, RADLEN(reply->buf)); if (cnt > 0) - debug(DBG_DBG, "tlsserverwr: Sent %d bytes, Radius packet of length %d", - cnt, RADLEN(reply->buf)); + debug(DBG_DBG, "tlsserverwr: Sent %d bytes, Radius packet of length %d to %s", + cnt, RADLEN(reply->buf), addr2string(client->addr)); else while ((error = ERR_get_error())) debug(DBG_ERR, "tlsserverwr: SSL: %s", ERR_error_string(error, NULL)); @@ -2448,7 +2450,7 @@ void tlsserverrd(struct client *client) { struct request rq; pthread_t tlsserverwrth; - debug(DBG_DBG, "tlsserverrd starting for %s", client->conf->host); + debug(DBG_DBG, "tlsserverrd starting for %s", addr2string(client->addr)); if (pthread_create(&tlsserverwrth, NULL, tlsserverwr, (void *)client)) { debug(DBG_ERR, "tlsserverrd: pthread_create failed"); @@ -2460,12 +2462,12 @@ void tlsserverrd(struct client *client) { rq.buf = radtlsget(client->ssl); if (!rq.buf) break; - debug(DBG_DBG, "tlsserverrd: got Radius message from %s", client->conf->host); + debug(DBG_DBG, "tlsserverrd: got Radius message from %s", addr2string(client->addr)); rq.from = client; radsrv(&rq); } - debug(DBG_ERR, "tlsserverrd: connection lost"); + debug(DBG_ERR, "tlsserverrd: connection from %s lost", addr2string(client->addr)); /* stop writer by setting ssl to NULL and give signal in case waiting for data */ client->ssl = NULL; pthread_mutex_lock(&client->replyq->mutex); @@ -2474,7 +2476,7 @@ void tlsserverrd(struct client *client) { debug(DBG_DBG, "tlsserverrd: waiting for writer to end"); pthread_join(tlsserverwrth, NULL); removeclientrqs(client); - debug(DBG_DBG, "tlsserverrd for %s exiting", client->conf->host); + debug(DBG_DBG, "tlsserverrd for %s exiting", addr2string(client->addr)); } void *tlsservernew(void *arg) { @@ -2490,10 +2492,10 @@ void *tlsservernew(void *arg) { s = *(int *)arg; if (getpeername(s, (struct sockaddr *)&from, &fromlen)) { - debug(DBG_DBG, "tlsserverrd: getpeername failed, exiting"); + debug(DBG_DBG, "tlsservernew: getpeername failed, exiting"); goto exit; } - debug(DBG_WARN, "incoming TLS connection from %s", addr2string((struct sockaddr *)&from, fromlen)); + debug(DBG_WARN, "incoming TLS connection from %s", addr2string((struct sockaddr *)&from)); conf = find_conf('T', (struct sockaddr *)&from, clconfs, &cur); if (conf) { @@ -2502,8 +2504,8 @@ void *tlsservernew(void *arg) { if (SSL_accept(ssl) <= 0) { while ((error = ERR_get_error())) - debug(DBG_ERR, "tlsserverrd: SSL: %s", ERR_error_string(error, NULL)); - debug(DBG_ERR, "SSL_accept failed"); + debug(DBG_ERR, "tlsservernew: SSL: %s", ERR_error_string(error, NULL)); + debug(DBG_ERR, "tlsservernew: SSL_accept failed"); goto exit; } cert = verifytlscert(ssl); @@ -2517,6 +2519,7 @@ void *tlsservernew(void *arg) { client = addclient(conf); if (client) { client->ssl = ssl; + client->addr = addr_copy((struct sockaddr *)&from); tlsserverrd(client); removeclient(client); } else @@ -3427,8 +3430,6 @@ int main(int argc, char **argv) { if (!list_first(clconfs)) debugx(1, DBG_ERR, "No clients configured, nothing to do, exiting"); - if (!list_first(srvconfs)) - debugx(1, DBG_ERR, "No servers configured, nothing to do, exiting"); if (!list_first(realms)) debugx(1, DBG_ERR, "No realms configured, nothing to do, exiting"); diff --git a/radsecproxy.h b/radsecproxy.h index fcedf04..f4c468d 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -101,6 +101,7 @@ struct client { struct clsrvconf *conf; SSL *ssl; struct replyq *replyq; + struct sockaddr *addr; }; struct server { @@ -165,7 +166,3 @@ struct rewriteconf { #define ATTRLEN(x) ((x)[1]) #define ATTRVAL(x) ((x) + 2) #define ATTRVALLEN(x) ((x)[1] - 2) - -#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \ - sizeof(struct sockaddr_in) : \ - sizeof(struct sockaddr_in6)) @@ -15,40 +15,7 @@ #include <unistd.h> #include <stdarg.h> #include "debug.h" - -#if 0 -#include <errno.h> -void errx(char *format, ...) { - extern int errno; - - va_list ap; - va_start(ap, format); - vfprintf(stderr, format, ap); - va_end(ap); - if (errno) { - fprintf(stderr, ": "); - perror(NULL); - fprintf(stderr, "errno=%d\n", errno); - } else - fprintf(stderr, "\n"); - exit(1); -} - -void err(char *format, ...) { - extern int errno; - - va_list ap; - va_start(ap, format); - vfprintf(stderr, format, ap); - va_end(ap); - if (errno) { - fprintf(stderr, ": "); - perror(NULL); - fprintf(stderr, "errno=%d\n", errno); - } else - fprintf(stderr, "\n"); -} -#endif +#include "util.h" char *stringcopy(const char *s, int len) { char *r; @@ -93,7 +60,30 @@ void port_set(struct sockaddr *sa, uint16_t port) { } } -char *addr2string(struct sockaddr *addr, socklen_t len) { +struct sockaddr *addr_copy(struct sockaddr *in) { + struct sockaddr *out = NULL; + + switch (in->sa_family) { + case AF_INET: + out = malloc(sizeof(struct sockaddr_in)); + if (out) { + memset(out, 0, sizeof(struct sockaddr_in)); + ((struct sockaddr_in *)out)->sin_addr = ((struct sockaddr_in *)in)->sin_addr; + } + break; + case AF_INET6: + out = malloc(sizeof(struct sockaddr_in6)); + if (out) { + memset(out, 0, sizeof(struct sockaddr_in6)); + ((struct sockaddr_in6 *)out)->sin6_addr = ((struct sockaddr_in6 *)in)->sin6_addr; + } + break; + } + out->sa_family = in->sa_family; + return out; +} + +char *addr2string(struct sockaddr *addr) { struct sockaddr_in6 *sa6; struct sockaddr_in sa4; static char addr_buf[2][INET6_ADDRSTRLEN]; @@ -109,9 +99,7 @@ char *addr2string(struct sockaddr *addr, socklen_t len) { addr = (struct sockaddr *)&sa4; } } - len = addr->sa_family == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); - - if (getnameinfo(addr, len, addr_buf[i], sizeof(addr_buf[i]), + if (getnameinfo(addr, SOCKADDRP_SIZE(addr), addr_buf[i], sizeof(addr_buf[i]), NULL, 0, NI_NUMERICHOST)) { debug(DBG_WARN, "getnameinfo failed"); return "getnameinfo_failed"; @@ -1,8 +1,17 @@ #include <sys/socket.h> #include <netdb.h> +#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \ + sizeof(struct sockaddr_in) : \ + sizeof(struct sockaddr_in6)) + +#define SOCKADDRP_SIZE(addr) ((addr)->sa_family == AF_INET ? \ + sizeof(struct sockaddr_in) : \ + sizeof(struct sockaddr_in6)) + char *stringcopy(const char *s, int len); -char *addr2string(struct sockaddr *addr, socklen_t len); +char *addr2string(struct sockaddr *addr); +struct sockaddr *addr_copy(struct sockaddr *in); uint16_t port_get(struct sockaddr *sa); void port_set(struct sockaddr *sa, uint16_t port); |