diff options
Diffstat (limited to 'radsecproxy.c')
-rw-r--r-- | radsecproxy.c | 75 |
1 files changed, 33 insertions, 42 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index fdb2838..6ac3825 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -577,7 +577,6 @@ struct client *addclient(struct clsrvconf *conf, uint8_t lock) { } memset(new, 0, sizeof(struct client)); - pthread_mutex_init(&new->lock, NULL); new->conf = conf; if (conf->pdef->addclient) conf->pdef->addclient(new); @@ -597,11 +596,8 @@ void removeclient(struct client *client) { conf = client->conf; pthread_mutex_lock(conf->lock); if (conf->clients) { - pthread_mutex_lock(&client->lock); removequeue(client->replyq); list_removedata(conf->clients, client); - pthread_mutex_unlock(&client->lock); - pthread_mutex_destroy(&client->lock); free(client->addr); free(client); } @@ -1352,14 +1348,14 @@ int pwdrecrypt(uint8_t *pwd, uint8_t len, char *oldsecret, char *newsecret, uint return 1; } -int msmpprecrypt(uint8_t *msmpp, uint8_t len, char *oldsecret, char *newsecret, unsigned char *oldauth, char *newauth) { +int msmpprecrypt(uint8_t *msmpp, uint8_t len, char *oldsecret, char *newsecret, uint8_t *oldauth, uint8_t *newauth) { if (len < 18) return 0; - if (!msmppdecrypt(msmpp + 2, len - 2, (unsigned char *)oldsecret, strlen(oldsecret), oldauth, msmpp)) { + if (!msmppdecrypt(msmpp + 2, len - 2, (uint8_t *)oldsecret, strlen(oldsecret), oldauth, msmpp)) { debug(DBG_WARN, "msmpprecrypt: failed to decrypt msppe key"); return 0; } - if (!msmppencrypt(msmpp + 2, len - 2, (unsigned char *)newsecret, strlen(newsecret), (unsigned char *)newauth, msmpp)) { + if (!msmppencrypt(msmpp + 2, len - 2, (uint8_t *)newsecret, strlen(newsecret), newauth, msmpp)) { debug(DBG_WARN, "msmpprecrypt: failed to encrypt msppe key"); return 0; } @@ -1372,7 +1368,7 @@ int msmppe(unsigned char *attrs, int length, uint8_t type, char *attrtxt, struct for (attr = attrs; (attr = attrget(attr, length - (attr - attrs), type)); attr += ATTRLEN(attr)) { debug(DBG_DBG, "msmppe: Got %s", attrtxt); - if (!msmpprecrypt(ATTRVAL(attr), ATTRVALLEN(attr), oldsecret, newsecret, rq->buf + 4, rq->origauth)) + if (!msmpprecrypt(ATTRVAL(attr), ATTRVALLEN(attr), oldsecret, newsecret, rq->buf + 4, rq->rqauth)) return 0; } return 1; @@ -1722,45 +1718,42 @@ struct request *newrequest() { return rq; } -int addclientrq(struct request *rq, uint8_t id) { +int addclientrq(struct request *rq) { struct request *r; struct timeval now; - - pthread_mutex_lock(&rq->from->lock); - gettimeofday(&now, NULL); - r = rq->from->rqs[id]; + + r = rq->from->rqs[rq->rqid]; if (r) { - if (now.tv_sec - r->created.tv_sec < r->from->conf->dupinterval) { + if (rq->udpport == r->udpport && !memcmp(rq->rqauth, r->rqauth, 16)) { + gettimeofday(&now, NULL); + if (now.tv_sec - r->created.tv_sec < r->from->conf->dupinterval) { #if 0 - later - if (r->replybuf) { - debug(DBG_INFO, "radsrv: already sent reply to request with id %d from %s, resending", id, r->from->conf->host); - r->refcount++; - sendreply(r); - } else + later + if (r->replybuf) { + debug(DBG_INFO, "radsrv: already sent reply to request with id %d from %s, resending", rq->rqid, addr2string(r->from->addr)); + r->refcount++; + sendreply(r); + } else #endif - debug(DBG_INFO, "radsrv: already got request with id %d from %s, ignoring", id, r->from->conf->host); - pthread_mutex_unlock(&rq->from->lock); - return 0; + debug(DBG_INFO, "radsrv: already got request with id %d from %s, ignoring", rq->rqid, addr2string(r->from->addr)); + return 0; + } } freerq(r); } rq->refcount++; - rq->from->rqs[id] = rq; - pthread_mutex_unlock(&rq->from->lock); + rq->from->rqs[rq->rqid] = rq; return 1; } void rmclientrq(struct request *rq, uint8_t id) { struct request *r; - pthread_mutex_lock(&rq->from->lock); r = rq->from->rqs[id]; if (r) { freerq(r); rq->from->rqs[id] = NULL; } - pthread_mutex_unlock(&rq->from->lock); } /* returns 0 if validation/authentication fails, else 1 */ @@ -1768,7 +1761,6 @@ int radsrv(struct request *rq) { struct radmsg *msg = NULL; struct tlv *attr; uint8_t *userascii = NULL; - unsigned char newauth[16]; struct realm *realm = NULL; struct server *to = NULL; struct client *from = rq->from; @@ -1784,13 +1776,16 @@ int radsrv(struct request *rq) { } rq->msg = msg; + rq->rqid = msg->id; + memcpy(rq->rqauth, msg->auth, 16); + debug(DBG_DBG, "radsrv: code %d, id %d", msg->code, msg->id); if (msg->code != RAD_Access_Request && msg->code != RAD_Status_Server && msg->code != RAD_Accounting_Request) { debug(DBG_INFO, "radsrv: server currently accepts only access-requests, accounting-requests and status-server, ignoring"); goto exit; } - if (!addclientrq(rq, msg->id)) + if (!addclientrq(rq)) goto exit; if (msg->code == RAD_Status_Server) { @@ -1846,11 +1841,11 @@ int radsrv(struct request *rq) { goto exit; } - if (msg->code != RAD_Accounting_Request) { - if (!RAND_bytes(newauth, 16)) { - debug(DBG_WARN, "radsrv: failed to generate random auth"); - goto rmclrqexit; - } + if (msg->code == RAD_Accounting_Request) + memset(msg->auth, 0, 16); + else if (!RAND_bytes(msg->auth, 16)) { + debug(DBG_WARN, "radsrv: failed to generate random auth"); + goto rmclrqexit; } #ifdef DEBUG @@ -1860,21 +1855,17 @@ int radsrv(struct request *rq) { attr = radmsg_gettype(msg, RAD_Attr_User_Password); if (attr) { debug(DBG_DBG, "radsrv: found userpwdattr with value length %d", attr->l); - if (!pwdrecrypt(attr->v, attr->l, from->conf->secret, to->conf->secret, msg->auth, newauth)) + if (!pwdrecrypt(attr->v, attr->l, from->conf->secret, to->conf->secret, rq->rqauth, msg->auth)) goto rmclrqexit; } attr = radmsg_gettype(msg, RAD_Attr_Tunnel_Password); if (attr) { debug(DBG_DBG, "radsrv: found tunnelpwdattr with value length %d", attr->l); - if (!pwdrecrypt(attr->v, attr->l, from->conf->secret, to->conf->secret, msg->auth, newauth)) + if (!pwdrecrypt(attr->v, attr->l, from->conf->secret, to->conf->secret, rq->rqauth, msg->auth)) goto rmclrqexit; } - rq->origid = msg->id; - memcpy(rq->origauth, msg->auth, 16); - memcpy(msg->auth, newauth, 16); - if (to->conf->rewriteout && !dorewrite(msg, to->conf->rewriteout)) goto rmclrqexit; @@ -1993,8 +1984,8 @@ void replyh(struct server *server, unsigned char *buf) { } } - msg->id = (char)rqout->rq->origid; - memcpy(msg->auth, rqout->rq->origauth, 16); + msg->id = (char)rqout->rq->rqid; + memcpy(msg->auth, rqout->rq->rqauth, 16); #ifdef DEBUG printfchars(NULL, "origauth/buf+4", "%02x ", buf + 4, 16); |