From 7e765c3b7cce6fbee1f6ac971fc4b88c272416e1 Mon Sep 17 00:00:00 2001 From: venaas Date: Wed, 10 Oct 2007 09:06:50 +0000 Subject: split out most of clientrd into a replyh function git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@181 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.c | 306 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 153 insertions(+), 153 deletions(-) diff --git a/radsecproxy.c b/radsecproxy.c index ce7099a..7e5fbc7 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -1570,191 +1570,191 @@ void radsrv(struct request *rq) { sendrq(to, rq); } -void *clientrd(void *arg) { - struct server *server = (struct server *)arg; +int replyh(struct server *server, unsigned char *buf) { struct client *from; struct request *rq; int i, len, sublen; - unsigned char *buf, *messageauth, *subattrs, *attrs, *attr, *username; + unsigned char *messageauth, *subattrs, *attrs, *attr, *username; struct sockaddr_storage fromsa; - struct timeval lastconnecttry; char tmp[256]; - for (;;) { - lastconnecttry = server->lastconnecttry; - buf = (server->conf->type == 'U' ? radudpget(server->sock, NULL, &server, NULL) : radtlsget(server->ssl)); - if (!buf && server->conf->type == 'T') { - tlsconnect(server, &lastconnecttry, "clientrd"); - continue; - } - - server->connectionok = 1; - server->loststatsrv = 0; + server->connectionok = 1; + server->loststatsrv = 0; - i = buf[1]; /* i is the id */ + i = buf[1]; /* i is the id */ - switch (*buf) { - case RAD_Access_Accept: - debug(DBG_DBG, "got Access Accept with id %d", i); - break; - case RAD_Access_Reject: - debug(DBG_DBG, "got Access Reject with id %d", i); - break; - case RAD_Access_Challenge: - debug(DBG_DBG, "got Access Challenge with id %d", i); - break; - default: - free(buf); - debug(DBG_INFO, "clientrd: discarding, only accept access accept, access reject and access challenge messages"); - continue; - } + switch (*buf) { + case RAD_Access_Accept: + debug(DBG_DBG, "got Access Accept with id %d", i); + break; + case RAD_Access_Reject: + debug(DBG_DBG, "got Access Reject with id %d", i); + break; + case RAD_Access_Challenge: + debug(DBG_DBG, "got Access Challenge with id %d", i); + break; + default: + debug(DBG_INFO, "replyh: discarding, only accept access accept, access reject and access challenge messages"); + return 0; + } - rq = server->requests + i; + rq = server->requests + i; - pthread_mutex_lock(&server->newrq_mutex); - if (!rq->buf || !rq->tries) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_INFO, "clientrd: no matching request sent with this id, ignoring"); - continue; - } + pthread_mutex_lock(&server->newrq_mutex); + if (!rq->buf || !rq->tries) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_INFO, "replyh: no matching request sent with this id, ignoring reply"); + return 0; + } - if (rq->received) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_INFO, "clientrd: already received, ignoring"); - continue; - } + if (rq->received) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_INFO, "replyh: already received, ignoring reply"); + return 0; + } - if (!validauth(buf, rq->buf + 4, (unsigned char *)server->conf->secret)) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_WARN, "clientrd: invalid auth, ignoring"); - continue; - } + if (!validauth(buf, rq->buf + 4, (unsigned char *)server->conf->secret)) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_WARN, "replyh: invalid auth, ignoring reply"); + return 0; + } - from = rq->from; - len = RADLEN(buf) - 20; - attrs = buf + 20; + from = rq->from; + len = RADLEN(buf) - 20; + attrs = buf + 20; - if (!attrvalidate(attrs, len)) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_WARN, "clientrd: attribute validation failed, ignoring packet"); - continue; - } + if (!attrvalidate(attrs, len)) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_WARN, "replyh: attribute validation failed, ignoring reply"); + return 0; + } - /* Message Authenticator */ - messageauth = attrget(attrs, len, RAD_Attr_Message_Authenticator); - if (messageauth) { - if (ATTRVALLEN(messageauth) != 16) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_WARN, "clientrd: illegal message auth attribute length, ignoring packet"); - continue; - } - memcpy(tmp, buf + 4, 16); - memcpy(buf + 4, rq->buf + 4, 16); - if (!checkmessageauth(buf, ATTRVAL(messageauth), server->conf->secret)) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_WARN, "clientrd: message authentication failed"); - continue; - } - memcpy(buf + 4, tmp, 16); - debug(DBG_DBG, "clientrd: message auth ok"); + /* Message Authenticator */ + messageauth = attrget(attrs, len, RAD_Attr_Message_Authenticator); + if (messageauth) { + if (ATTRVALLEN(messageauth) != 16) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_WARN, "replyh: illegal message auth attribute length, ignoring reply"); + return 0; } - - if (*rq->buf == RAD_Status_Server) { - rq->received = 1; + memcpy(tmp, buf + 4, 16); + memcpy(buf + 4, rq->buf + 4, 16); + if (!checkmessageauth(buf, ATTRVAL(messageauth), server->conf->secret)) { pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_INFO, "clientrd: got status server response from %s", server->conf->host); - continue; + debug(DBG_WARN, "replyh: message authentication failed, ignoring reply"); + return 0; } + memcpy(buf + 4, tmp, 16); + debug(DBG_DBG, "replyh: message auth ok"); + } + + if (*rq->buf == RAD_Status_Server) { + rq->received = 1; + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_INFO, "replyh: got status server response from %s", server->conf->host); + return 0; + } - /* MS MPPE */ - for (attr = attrs; (attr = attrget(attr, len - (attr - attrs), RAD_Attr_Vendor_Specific)); attr += ATTRLEN(attr)) { - if (ATTRVALLEN(attr) <= 4) - break; - - if (attr[2] != 0 || attr[3] != 0 || attr[4] != 1 || attr[5] != 55) /* 311 == MS */ - continue; + /* MS MPPE */ + for (attr = attrs; (attr = attrget(attr, len - (attr - attrs), RAD_Attr_Vendor_Specific)); attr += ATTRLEN(attr)) { + if (ATTRVALLEN(attr) <= 4) + break; - sublen = ATTRVALLEN(attr) - 4; - subattrs = ATTRVAL(attr) + 4; - if (!attrvalidate(subattrs, sublen) || - !msmppe(subattrs, sublen, RAD_VS_ATTR_MS_MPPE_Send_Key, "MS MPPE Send Key", - rq, server->conf->secret, from->conf->secret) || - !msmppe(subattrs, sublen, RAD_VS_ATTR_MS_MPPE_Recv_Key, "MS MPPE Recv Key", - rq, server->conf->secret, from->conf->secret)) - break; - } - if (attr) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - debug(DBG_WARN, "clientrd: MS attribute handling failed, ignoring packet"); + if (attr[2] != 0 || attr[3] != 0 || attr[4] != 1 || attr[5] != 55) /* 311 == MS */ continue; - } + + sublen = ATTRVALLEN(attr) - 4; + subattrs = ATTRVAL(attr) + 4; + if (!attrvalidate(subattrs, sublen) || + !msmppe(subattrs, sublen, RAD_VS_ATTR_MS_MPPE_Send_Key, "MS MPPE Send Key", + rq, server->conf->secret, from->conf->secret) || + !msmppe(subattrs, sublen, RAD_VS_ATTR_MS_MPPE_Recv_Key, "MS MPPE Recv Key", + rq, server->conf->secret, from->conf->secret)) + break; + } + if (attr) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_WARN, "replyh: MS attribute handling failed, ignoring reply"); + return 0; + } - if (*buf == RAD_Access_Accept || *buf == RAD_Access_Reject) { - attr = attrget(rq->buf + 20, RADLEN(rq->buf) - 20, RAD_Attr_User_Name); - /* we know the attribute exists */ - memcpy(tmp, ATTRVAL(attr), ATTRVALLEN(attr)); - tmp[ATTRVALLEN(attr)] = '\0'; - switch (*buf) { - case RAD_Access_Accept: - if (rq->origusername) - debug(DBG_INFO, "Access Accept for %s (originally %s) from %s", tmp, rq->origusername, server->conf->host); - else - debug(DBG_INFO, "Access Accept for %s from %s", tmp, server->conf->host); - break; - case RAD_Access_Reject: - if (rq->origusername) - debug(DBG_INFO, "Access Reject for %s (originally %s) from %s", tmp, rq->origusername, server->conf->host); - else - debug(DBG_INFO, "Access Reject for %s from %s", tmp, server->conf->host); - break; - } + if (*buf == RAD_Access_Accept || *buf == RAD_Access_Reject) { + attr = attrget(rq->buf + 20, RADLEN(rq->buf) - 20, RAD_Attr_User_Name); + /* we know the attribute exists */ + memcpy(tmp, ATTRVAL(attr), ATTRVALLEN(attr)); + tmp[ATTRVALLEN(attr)] = '\0'; + switch (*buf) { + case RAD_Access_Accept: + if (rq->origusername) + debug(DBG_INFO, "Access Accept for %s (originally %s) from %s", tmp, rq->origusername, server->conf->host); + else + debug(DBG_INFO, "Access Accept for %s from %s", tmp, server->conf->host); + break; + case RAD_Access_Reject: + if (rq->origusername) + debug(DBG_INFO, "Access Reject for %s (originally %s) from %s", tmp, rq->origusername, server->conf->host); + else + debug(DBG_INFO, "Access Reject for %s from %s", tmp, server->conf->host); + break; } + } - /* once we set received = 1, rq may be reused */ - buf[1] = (char)rq->origid; - memcpy(buf + 4, rq->origauth, 16); + buf[1] = (char)rq->origid; + memcpy(buf + 4, rq->origauth, 16); #ifdef DEBUG - printfchars(NULL, "origauth/buf+4", "%02x ", buf + 4, 16); + printfchars(NULL, "origauth/buf+4", "%02x ", buf + 4, 16); #endif - if (rq->origusername) { - username = resizeattr(&buf, strlen(rq->origusername), RAD_Attr_User_Name); - if (!username) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - continue; - } - memcpy(username, rq->origusername, strlen(rq->origusername)); - len = RADLEN(buf) - 20; - attrs = buf + 20; - if (messageauth) - messageauth = attrget(attrs, len, RAD_Attr_Message_Authenticator); + if (rq->origusername) { + username = resizeattr(&buf, strlen(rq->origusername), RAD_Attr_User_Name); + if (!username) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_WARN, "replyh: malloc failed, ignoring reply"); + return 0; } + memcpy(username, rq->origusername, strlen(rq->origusername)); + len = RADLEN(buf) - 20; + attrs = buf + 20; + if (messageauth) + messageauth = attrget(attrs, len, RAD_Attr_Message_Authenticator); + } - if (messageauth) { - if (!createmessageauth(buf, ATTRVAL(messageauth), from->conf->secret)) { - pthread_mutex_unlock(&server->newrq_mutex); - free(buf); - continue; - } - debug(DBG_DBG, "clientrd: computed messageauthattr"); + if (messageauth) { + if (!createmessageauth(buf, ATTRVAL(messageauth), from->conf->secret)) { + pthread_mutex_unlock(&server->newrq_mutex); + debug(DBG_WARN, "replyh: failed to create authenticator, malloc failed?, ignoring reply"); + return 0; } + debug(DBG_DBG, "replyh: computed messageauthattr"); + } - if (from->conf->type == 'U') - fromsa = rq->fromsa; - rq->received = 1; - pthread_mutex_unlock(&server->newrq_mutex); + if (from->conf->type == 'U') + fromsa = rq->fromsa; + /* once we set received = 1, rq may be reused */ + rq->received = 1; + pthread_mutex_unlock(&server->newrq_mutex); - debug(DBG_DBG, "clientrd: giving packet back to where it came from"); - sendreply(from, buf, from->conf->type == 'U' ? &fromsa : NULL); + debug(DBG_DBG, "replyh: giving packet back to where it came from"); + sendreply(from, buf, from->conf->type == 'U' ? &fromsa : NULL); + return 1; +} + +void *clientrd(void *arg) { + struct server *server = (struct server *)arg; + unsigned char *buf; + struct timeval lastconnecttry; + + for (;;) { + /* yes, lastconnecttry is really necessary */ + lastconnecttry = server->lastconnecttry; + buf = (server->conf->type == 'U' ? radudpget(server->sock, NULL, &server, NULL) : radtlsget(server->ssl)); + if (!buf && server->conf->type == 'T') { + tlsconnect(server, &lastconnecttry, "clientrd"); + continue; + } + + if (!replyh(server, buf)) + free(buf); } } -- cgit v1.1