radlib.c (228730) | radlib.c (243956) |
---|---|
1/*- 2 * Copyright 1998 Juniper Networks, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright 1998 Juniper Networks, Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
28__FBSDID("$FreeBSD: head/lib/libradius/radlib.c 228730 2011-12-20 11:13:44Z melifaro $"); | 28__FBSDID("$FreeBSD: head/lib/libradius/radlib.c 243956 2012-12-06 19:00:37Z sem $"); |
29 30#include <sys/types.h> 31#include <sys/socket.h> 32#include <sys/time.h> 33#include <netinet/in.h> 34#include <arpa/inet.h> 35#ifdef WITH_SSL 36#include <openssl/hmac.h> 37#include <openssl/md5.h> 38#define MD5Init MD5_Init 39#define MD5Update MD5_Update 40#define MD5Final MD5_Final 41#else 42#define MD5_DIGEST_LENGTH 16 43#include <md5.h> 44#endif 45 | 29 30#include <sys/types.h> 31#include <sys/socket.h> 32#include <sys/time.h> 33#include <netinet/in.h> 34#include <arpa/inet.h> 35#ifdef WITH_SSL 36#include <openssl/hmac.h> 37#include <openssl/md5.h> 38#define MD5Init MD5_Init 39#define MD5Update MD5_Update 40#define MD5Final MD5_Final 41#else 42#define MD5_DIGEST_LENGTH 16 43#include <md5.h> 44#endif 45 |
46#define MAX_FIELDS 7 47 |
|
46/* We need the MPPE_KEY_LEN define */ 47#include <netgraph/ng_mppc.h> 48 49#include <errno.h> 50#include <netdb.h> 51#include <stdarg.h> 52#include <stddef.h> 53#include <stdio.h> --- 320 unchanged lines hidden (view full) --- 374 h->out_len += len; 375 return 0; 376} 377 378int 379rad_add_server(struct rad_handle *h, const char *host, int port, 380 const char *secret, int timeout, int tries) 381{ | 48/* We need the MPPE_KEY_LEN define */ 49#include <netgraph/ng_mppc.h> 50 51#include <errno.h> 52#include <netdb.h> 53#include <stdarg.h> 54#include <stddef.h> 55#include <stdio.h> --- 320 unchanged lines hidden (view full) --- 376 h->out_len += len; 377 return 0; 378} 379 380int 381rad_add_server(struct rad_handle *h, const char *host, int port, 382 const char *secret, int timeout, int tries) 383{ |
384 struct in_addr bindto; 385 bindto.s_addr = INADDR_ANY; 386 387 return rad_add_server_ex(h, host, port, secret, timeout, tries, 388 DEAD_TIME, &bindto); 389} 390 391int 392rad_add_server_ex(struct rad_handle *h, const char *host, int port, 393 const char *secret, int timeout, int tries, int dead_time, 394 struct in_addr *bindto) 395{ |
|
382 struct rad_server *srvp; 383 384 if (h->num_servers >= MAXSERVERS) { 385 generr(h, "Too many RADIUS servers specified"); 386 return -1; 387 } 388 srvp = &h->servers[h->num_servers]; 389 --- 26 unchanged lines hidden (view full) --- 416 } 417 if ((srvp->secret = strdup(secret)) == NULL) { 418 generr(h, "Out of memory"); 419 return -1; 420 } 421 srvp->timeout = timeout; 422 srvp->max_tries = tries; 423 srvp->num_tries = 0; | 396 struct rad_server *srvp; 397 398 if (h->num_servers >= MAXSERVERS) { 399 generr(h, "Too many RADIUS servers specified"); 400 return -1; 401 } 402 srvp = &h->servers[h->num_servers]; 403 --- 26 unchanged lines hidden (view full) --- 430 } 431 if ((srvp->secret = strdup(secret)) == NULL) { 432 generr(h, "Out of memory"); 433 return -1; 434 } 435 srvp->timeout = timeout; 436 srvp->max_tries = tries; 437 srvp->num_tries = 0; |
438 srvp->is_dead = 0; 439 srvp->dead_time = dead_time; 440 srvp->next_probe = 0; 441 srvp->bindto = bindto->s_addr; |
|
424 h->num_servers++; 425 return 0; 426} 427 428void 429rad_close(struct rad_handle *h) 430{ 431 int srv; --- 4 unchanged lines hidden (view full) --- 436 memset(h->servers[srv].secret, 0, 437 strlen(h->servers[srv].secret)); 438 free(h->servers[srv].secret); 439 } 440 clear_password(h); 441 free(h); 442} 443 | 442 h->num_servers++; 443 return 0; 444} 445 446void 447rad_close(struct rad_handle *h) 448{ 449 int srv; --- 4 unchanged lines hidden (view full) --- 454 memset(h->servers[srv].secret, 0, 455 strlen(h->servers[srv].secret)); 456 free(h->servers[srv].secret); 457 } 458 clear_password(h); 459 free(h); 460} 461 |
462void 463rad_bind_to(struct rad_handle *h, in_addr_t addr) 464{ 465 466 h->bindto = addr; 467} 468 |
|
444int 445rad_config(struct rad_handle *h, const char *path) 446{ 447 FILE *fp; 448 char buf[MAXCONFLINE]; 449 int linenum; 450 int retval; 451 --- 11 unchanged lines hidden (view full) --- 463 int nfields; 464 char msg[ERRSIZE]; 465 char *type; 466 char *host, *res; 467 char *port_str; 468 char *secret; 469 char *timeout_str; 470 char *maxtries_str; | 469int 470rad_config(struct rad_handle *h, const char *path) 471{ 472 FILE *fp; 473 char buf[MAXCONFLINE]; 474 int linenum; 475 int retval; 476 --- 11 unchanged lines hidden (view full) --- 488 int nfields; 489 char msg[ERRSIZE]; 490 char *type; 491 char *host, *res; 492 char *port_str; 493 char *secret; 494 char *timeout_str; 495 char *maxtries_str; |
496 char *dead_time_str; 497 char *bindto_str; |
|
471 char *end; 472 char *wanttype; 473 unsigned long timeout; 474 unsigned long maxtries; | 498 char *end; 499 char *wanttype; 500 unsigned long timeout; 501 unsigned long maxtries; |
502 unsigned long dead_time; |
|
475 int port; | 503 int port; |
504 struct in_addr bindto; |
|
476 int i; 477 478 linenum++; 479 len = strlen(buf); 480 /* We know len > 0, else fgets would have returned NULL. */ 481 if (buf[len - 1] != '\n') { 482 if (len == sizeof buf - 1) 483 generr(h, "%s:%d: line too long", path, 484 linenum); 485 else 486 generr(h, "%s:%d: missing newline", path, 487 linenum); 488 retval = -1; 489 break; 490 } 491 buf[len - 1] = '\0'; 492 493 /* Extract the fields from the line. */ | 505 int i; 506 507 linenum++; 508 len = strlen(buf); 509 /* We know len > 0, else fgets would have returned NULL. */ 510 if (buf[len - 1] != '\n') { 511 if (len == sizeof buf - 1) 512 generr(h, "%s:%d: line too long", path, 513 linenum); 514 else 515 generr(h, "%s:%d: missing newline", path, 516 linenum); 517 retval = -1; 518 break; 519 } 520 buf[len - 1] = '\0'; 521 522 /* Extract the fields from the line. */ |
494 nfields = split(buf, fields, 5, msg, sizeof msg); | 523 nfields = split(buf, fields, MAX_FIELDS, msg, sizeof msg); |
495 if (nfields == -1) { 496 generr(h, "%s:%d: %s", path, linenum, msg); 497 retval = -1; 498 break; 499 } 500 if (nfields == 0) 501 continue; 502 /* 503 * The first field should contain "auth" or "acct" for 504 * authentication or accounting, respectively. But older 505 * versions of the file didn't have that field. Default 506 * it to "auth" for backward compatibility. 507 */ 508 if (strcmp(fields[0], "auth") != 0 && 509 strcmp(fields[0], "acct") != 0) { | 524 if (nfields == -1) { 525 generr(h, "%s:%d: %s", path, linenum, msg); 526 retval = -1; 527 break; 528 } 529 if (nfields == 0) 530 continue; 531 /* 532 * The first field should contain "auth" or "acct" for 533 * authentication or accounting, respectively. But older 534 * versions of the file didn't have that field. Default 535 * it to "auth" for backward compatibility. 536 */ 537 if (strcmp(fields[0], "auth") != 0 && 538 strcmp(fields[0], "acct") != 0) { |
510 if (nfields >= 5) { | 539 if (nfields >= MAX_FIELDS) { |
511 generr(h, "%s:%d: invalid service type", path, 512 linenum); 513 retval = -1; 514 break; 515 } 516 nfields++; 517 for (i = nfields; --i > 0; ) 518 fields[i] = fields[i - 1]; --- 5 unchanged lines hidden (view full) --- 524 retval = -1; 525 break; 526 } 527 type = fields[0]; 528 host = fields[1]; 529 secret = fields[2]; 530 timeout_str = fields[3]; 531 maxtries_str = fields[4]; | 540 generr(h, "%s:%d: invalid service type", path, 541 linenum); 542 retval = -1; 543 break; 544 } 545 nfields++; 546 for (i = nfields; --i > 0; ) 547 fields[i] = fields[i - 1]; --- 5 unchanged lines hidden (view full) --- 553 retval = -1; 554 break; 555 } 556 type = fields[0]; 557 host = fields[1]; 558 secret = fields[2]; 559 timeout_str = fields[3]; 560 maxtries_str = fields[4]; |
561 dead_time_str = fields[5]; 562 bindto_str = fields[6]; |
|
532 533 /* Ignore the line if it is for the wrong service type. */ 534 wanttype = h->type == RADIUS_AUTH ? "auth" : "acct"; 535 if (strcmp(type, wanttype) != 0) 536 continue; 537 538 /* Parse and validate the fields. */ 539 res = host; --- 25 unchanged lines hidden (view full) --- 565 generr(h, "%s:%d: invalid maxtries", path, 566 linenum); 567 retval = -1; 568 break; 569 } 570 } else 571 maxtries = MAXTRIES; 572 | 563 564 /* Ignore the line if it is for the wrong service type. */ 565 wanttype = h->type == RADIUS_AUTH ? "auth" : "acct"; 566 if (strcmp(type, wanttype) != 0) 567 continue; 568 569 /* Parse and validate the fields. */ 570 res = host; --- 25 unchanged lines hidden (view full) --- 596 generr(h, "%s:%d: invalid maxtries", path, 597 linenum); 598 retval = -1; 599 break; 600 } 601 } else 602 maxtries = MAXTRIES; 603 |
573 if (rad_add_server(h, host, port, secret, timeout, maxtries) == 574 -1) { | 604 if (dead_time_str != NULL) { 605 dead_time = strtoul(dead_time_str, &end, 10); 606 if (*end != '\0') { 607 generr(h, "%s:%d: invalid dead_time", path, 608 linenum); 609 retval = -1; 610 break; 611 } 612 } else 613 dead_time = DEAD_TIME; 614 615 if (bindto_str != NULL) { 616 bindto.s_addr = inet_addr(bindto_str); 617 if (bindto.s_addr == INADDR_NONE) { 618 generr(h, "%s:%d: invalid bindto", path, 619 linenum); 620 retval = -1; 621 break; 622 } 623 } else 624 bindto.s_addr = INADDR_ANY; 625 626 if (rad_add_server_ex(h, host, port, secret, timeout, maxtries, 627 dead_time, &bindto) == -1) { |
575 strcpy(msg, h->errmsg); 576 generr(h, "%s:%d: %s", path, linenum, msg); 577 retval = -1; 578 break; 579 } 580 } 581 /* Clear out the buffer to wipe a possible copy of a shared secret */ 582 memset(buf, 0, sizeof buf); --- 8 unchanged lines hidden (view full) --- 591 * calling rad_continue_send_request again. 592 * < 0 Failure 593 * > 0 Success 594 */ 595int 596rad_continue_send_request(struct rad_handle *h, int selected, int *fd, 597 struct timeval *tv) 598{ | 628 strcpy(msg, h->errmsg); 629 generr(h, "%s:%d: %s", path, linenum, msg); 630 retval = -1; 631 break; 632 } 633 } 634 /* Clear out the buffer to wipe a possible copy of a shared secret */ 635 memset(buf, 0, sizeof buf); --- 8 unchanged lines hidden (view full) --- 644 * calling rad_continue_send_request again. 645 * < 0 Failure 646 * > 0 Success 647 */ 648int 649rad_continue_send_request(struct rad_handle *h, int selected, int *fd, 650 struct timeval *tv) 651{ |
599 int n; | 652 int n, cur_srv; 653 time_t now; 654 struct sockaddr_in sin; |
600 601 if (h->type == RADIUS_SERVER) { 602 generr(h, "denied function call"); 603 return (-1); 604 } 605 if (selected) { 606 struct sockaddr_in from; 607 socklen_t fromlen; --- 8 unchanged lines hidden (view full) --- 616 if (is_valid_response(h, h->srv, &from)) { 617 h->in_len = h->in[POS_LENGTH] << 8 | 618 h->in[POS_LENGTH+1]; 619 h->in_pos = POS_ATTRS; 620 return h->in[POS_CODE]; 621 } 622 } 623 | 655 656 if (h->type == RADIUS_SERVER) { 657 generr(h, "denied function call"); 658 return (-1); 659 } 660 if (selected) { 661 struct sockaddr_in from; 662 socklen_t fromlen; --- 8 unchanged lines hidden (view full) --- 671 if (is_valid_response(h, h->srv, &from)) { 672 h->in_len = h->in[POS_LENGTH] << 8 | 673 h->in[POS_LENGTH+1]; 674 h->in_pos = POS_ATTRS; 675 return h->in[POS_CODE]; 676 } 677 } 678 |
624 if (h->try == h->total_tries) { 625 generr(h, "No valid RADIUS responses received"); 626 return -1; 627 } 628 | |
629 /* 630 * Scan round-robin to the next server that has some 631 * tries left. There is guaranteed to be one, or we 632 * would have exited this loop by now. 633 */ | 679 /* 680 * Scan round-robin to the next server that has some 681 * tries left. There is guaranteed to be one, or we 682 * would have exited this loop by now. 683 */ |
634 while (h->servers[h->srv].num_tries >= h->servers[h->srv].max_tries) 635 if (++h->srv >= h->num_servers) 636 h->srv = 0; | 684 cur_srv = h->srv; 685 now = time(NULL); 686 if (h->servers[h->srv].num_tries >= h->servers[h->srv].max_tries) { 687 /* Set next probe time for this server */ 688 if (h->servers[h->srv].dead_time) { 689 h->servers[h->srv].is_dead = 1; 690 h->servers[h->srv].next_probe = now + 691 h->servers[h->srv].dead_time; 692 } 693 do { 694 h->srv++; 695 if (h->srv >= h->num_servers) 696 h->srv = 0; 697 if (h->servers[h->srv].is_dead == 0) 698 break; 699 if (h->servers[h->srv].dead_time && 700 h->servers[h->srv].next_probe <= now) { 701 h->servers[h->srv].is_dead = 0; 702 h->servers[h->srv].num_tries = 0; 703 break; 704 } 705 } while (h->srv != cur_srv); |
637 | 706 |
707 if (h->srv == cur_srv) { 708 generr(h, "No valid RADIUS responses received"); 709 return (-1); 710 } 711 } 712 713 /* Rebind */ 714 if (h->bindto != h->servers[h->srv].bindto) { 715 h->bindto = h->servers[h->srv].bindto; 716 close(h->fd); 717 if ((h->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { 718 generr(h, "Cannot create socket: %s", strerror(errno)); 719 return -1; 720 } 721 memset(&sin, 0, sizeof sin); 722 sin.sin_len = sizeof sin; 723 sin.sin_family = AF_INET; 724 sin.sin_addr.s_addr = h->bindto; 725 sin.sin_port = 0; 726 if (bind(h->fd, (const struct sockaddr *)&sin, 727 sizeof sin) == -1) { 728 generr(h, "bind: %s", strerror(errno)); 729 close(h->fd); 730 h->fd = -1; 731 return (-1); 732 } 733 } 734 |
|
638 if (h->out[POS_CODE] == RAD_ACCESS_REQUEST) { 639 /* Insert the scrambled password into the request */ 640 if (h->pass_pos != 0) 641 insert_scrambled_password(h, h->srv); 642 } 643 insert_message_authenticator(h, 0); | 735 if (h->out[POS_CODE] == RAD_ACCESS_REQUEST) { 736 /* Insert the scrambled password into the request */ 737 if (h->pass_pos != 0) 738 insert_scrambled_password(h, h->srv); 739 } 740 insert_message_authenticator(h, 0); |
741 |
|
644 if (h->out[POS_CODE] != RAD_ACCESS_REQUEST) { 645 /* Insert the request authenticator into the request */ | 742 if (h->out[POS_CODE] != RAD_ACCESS_REQUEST) { 743 /* Insert the request authenticator into the request */ |
646 insert_request_authenticator(h, h->srv); | 744 memset(&h->out[POS_AUTH], 0, LEN_AUTH); 745 insert_request_authenticator(h, 0); |
647 } 648 649 /* Send the request */ 650 n = sendto(h->fd, h->out, h->out_len, 0, 651 (const struct sockaddr *)&h->servers[h->srv].addr, 652 sizeof h->servers[h->srv].addr); 653 if (n != h->out_len) 654 tv->tv_sec = 1; /* Do not wait full timeout if send failed. */ 655 else 656 tv->tv_sec = h->servers[h->srv].timeout; | 746 } 747 748 /* Send the request */ 749 n = sendto(h->fd, h->out, h->out_len, 0, 750 (const struct sockaddr *)&h->servers[h->srv].addr, 751 sizeof h->servers[h->srv].addr); 752 if (n != h->out_len) 753 tv->tv_sec = 1; /* Do not wait full timeout if send failed. */ 754 else 755 tv->tv_sec = h->servers[h->srv].timeout; |
657 h->try++; | |
658 h->servers[h->srv].num_tries++; 659 tv->tv_usec = 0; 660 *fd = h->fd; 661 662 return 0; 663} 664 665int --- 69 unchanged lines hidden (view full) --- 735rad_create_request(struct rad_handle *h, int code) 736{ 737 int i; 738 739 if (h->type == RADIUS_SERVER) { 740 generr(h, "denied function call"); 741 return (-1); 742 } | 756 h->servers[h->srv].num_tries++; 757 tv->tv_usec = 0; 758 *fd = h->fd; 759 760 return 0; 761} 762 763int --- 69 unchanged lines hidden (view full) --- 833rad_create_request(struct rad_handle *h, int code) 834{ 835 int i; 836 837 if (h->type == RADIUS_SERVER) { 838 generr(h, "denied function call"); 839 return (-1); 840 } |
841 if (h->num_servers == 0) { 842 generr(h, "No RADIUS servers specified"); 843 return (-1); 844 } |
|
743 h->out[POS_CODE] = code; 744 h->out[POS_IDENT] = ++h->ident; 745 if (code == RAD_ACCESS_REQUEST) { 746 /* Create a random authenticator */ 747 for (i = 0; i < LEN_AUTH; i += 2) { 748 long r; 749 r = random(); 750 h->out[POS_AUTH+i] = (u_char)r; 751 h->out[POS_AUTH+i+1] = (u_char)(r >> 8); 752 } 753 } else 754 memset(&h->out[POS_AUTH], 0, LEN_AUTH); 755 h->out_len = POS_ATTRS; 756 clear_password(h); 757 h->authentic_pos = 0; 758 h->out_created = 1; | 845 h->out[POS_CODE] = code; 846 h->out[POS_IDENT] = ++h->ident; 847 if (code == RAD_ACCESS_REQUEST) { 848 /* Create a random authenticator */ 849 for (i = 0; i < LEN_AUTH; i += 2) { 850 long r; 851 r = random(); 852 h->out[POS_AUTH+i] = (u_char)r; 853 h->out[POS_AUTH+i+1] = (u_char)(r >> 8); 854 } 855 } else 856 memset(&h->out[POS_AUTH], 0, LEN_AUTH); 857 h->out_len = POS_ATTRS; 858 clear_password(h); 859 h->authentic_pos = 0; 860 h->out_created = 1; |
759 h->bindto = INADDR_ANY; | |
760 return 0; 761} 762 | 861 return 0; 862} 863 |
763void 764rad_bind_to(struct rad_handle *h, in_addr_t addr) 765{ 766 h->bindto = addr; 767} 768 | |
769int 770rad_create_response(struct rad_handle *h, int code) 771{ 772 773 if (h->type != RADIUS_SERVER) { 774 generr(h, "denied function call"); 775 return (-1); 776 } --- 11 unchanged lines hidden (view full) --- 788rad_cvt_addr(const void *data) 789{ 790 struct in_addr value; 791 792 memcpy(&value.s_addr, data, sizeof value.s_addr); 793 return value; 794} 795 | 864int 865rad_create_response(struct rad_handle *h, int code) 866{ 867 868 if (h->type != RADIUS_SERVER) { 869 generr(h, "denied function call"); 870 return (-1); 871 } --- 11 unchanged lines hidden (view full) --- 883rad_cvt_addr(const void *data) 884{ 885 struct in_addr value; 886 887 memcpy(&value.s_addr, data, sizeof value.s_addr); 888 return value; 889} 890 |
891struct in6_addr 892rad_cvt_addr6(const void *data) 893{ 894 struct in6_addr value; 895 896 memcpy(&value.s6_addr, data, sizeof value.s6_addr); 897 return value; 898} 899 |
|
796u_int32_t 797rad_cvt_int(const void *data) 798{ 799 u_int32_t value; 800 801 memcpy(&value, data, sizeof value); 802 return ntohl(value); 803} --- 39 unchanged lines hidden (view full) --- 843 844/* 845 * Returns -1 on error, 0 to indicate no event and >0 for success 846 */ 847int 848rad_init_send_request(struct rad_handle *h, int *fd, struct timeval *tv) 849{ 850 int srv; | 900u_int32_t 901rad_cvt_int(const void *data) 902{ 903 u_int32_t value; 904 905 memcpy(&value, data, sizeof value); 906 return ntohl(value); 907} --- 39 unchanged lines hidden (view full) --- 947 948/* 949 * Returns -1 on error, 0 to indicate no event and >0 for success 950 */ 951int 952rad_init_send_request(struct rad_handle *h, int *fd, struct timeval *tv) 953{ 954 int srv; |
955 time_t now; 956 struct sockaddr_in sin; |
|
851 852 if (h->type == RADIUS_SERVER) { 853 generr(h, "denied function call"); 854 return (-1); 855 } 856 /* Make sure we have a socket to use */ 857 if (h->fd == -1) { | 957 958 if (h->type == RADIUS_SERVER) { 959 generr(h, "denied function call"); 960 return (-1); 961 } 962 /* Make sure we have a socket to use */ 963 if (h->fd == -1) { |
858 struct sockaddr_in sin; 859 | |
860 if ((h->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { 861 generr(h, "Cannot create socket: %s", strerror(errno)); 862 return -1; 863 } 864 memset(&sin, 0, sizeof sin); 865 sin.sin_len = sizeof sin; 866 sin.sin_family = AF_INET; 867 sin.sin_addr.s_addr = h->bindto; --- 29 unchanged lines hidden (view full) --- 897 } 898 } 899 } 900 901 /* Fill in the length field in the message */ 902 h->out[POS_LENGTH] = h->out_len >> 8; 903 h->out[POS_LENGTH+1] = h->out_len; 904 | 964 if ((h->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { 965 generr(h, "Cannot create socket: %s", strerror(errno)); 966 return -1; 967 } 968 memset(&sin, 0, sizeof sin); 969 sin.sin_len = sizeof sin; 970 sin.sin_family = AF_INET; 971 sin.sin_addr.s_addr = h->bindto; --- 29 unchanged lines hidden (view full) --- 1001 } 1002 } 1003 } 1004 1005 /* Fill in the length field in the message */ 1006 h->out[POS_LENGTH] = h->out_len >> 8; 1007 h->out[POS_LENGTH+1] = h->out_len; 1008 |
905 /* 906 * Count the total number of tries we will make, and zero the 907 * counter for each server. 908 */ 909 h->total_tries = 0; 910 for (srv = 0; srv < h->num_servers; srv++) { 911 h->total_tries += h->servers[srv].max_tries; | 1009 h->srv = 0; 1010 now = time(NULL); 1011 for (srv = 0; srv < h->num_servers; srv++) |
912 h->servers[srv].num_tries = 0; | 1012 h->servers[srv].num_tries = 0; |
1013 /* Find a first good server. */ 1014 for (srv = 0; srv < h->num_servers; srv++) { 1015 if (h->servers[srv].is_dead == 0) 1016 break; 1017 if (h->servers[srv].dead_time && 1018 h->servers[srv].next_probe <= now) { 1019 h->servers[srv].is_dead = 0; 1020 break; 1021 } 1022 h->srv++; |
|
913 } | 1023 } |
914 if (h->total_tries == 0) { 915 generr(h, "No RADIUS servers specified"); 916 return -1; | 1024 1025 /* If all servers was dead on the last probe, try from beginning */ 1026 if (h->srv == h->num_servers) { 1027 for (srv = 0; srv < h->num_servers; srv++) { 1028 h->servers[srv].is_dead = 0; 1029 h->servers[srv].next_probe = 0; 1030 } 1031 h->srv = 0; |
917 } 918 | 1032 } 1033 |
919 h->try = h->srv = 0; 920 | |
921 return rad_continue_send_request(h, 0, fd, tv); 922} 923 924/* 925 * Create and initialize a rad_handle structure, and return it to the 926 * caller. Can fail only if the necessary memory cannot be allocated. 927 * In that case, it returns NULL. 928 */ --- 12 unchanged lines hidden (view full) --- 941 memset(h->pass, 0, sizeof h->pass); 942 h->pass_len = 0; 943 h->pass_pos = 0; 944 h->chap_pass = 0; 945 h->authentic_pos = 0; 946 h->type = RADIUS_AUTH; 947 h->out_created = 0; 948 h->eap_msg = 0; | 1034 return rad_continue_send_request(h, 0, fd, tv); 1035} 1036 1037/* 1038 * Create and initialize a rad_handle structure, and return it to the 1039 * caller. Can fail only if the necessary memory cannot be allocated. 1040 * In that case, it returns NULL. 1041 */ --- 12 unchanged lines hidden (view full) --- 1054 memset(h->pass, 0, sizeof h->pass); 1055 h->pass_len = 0; 1056 h->pass_pos = 0; 1057 h->chap_pass = 0; 1058 h->authentic_pos = 0; 1059 h->type = RADIUS_AUTH; 1060 h->out_created = 0; 1061 h->eap_msg = 0; |
1062 h->bindto = INADDR_ANY; |
|
949 } 950 return h; 951} 952 953struct rad_handle * 954rad_acct_open(void) 955{ 956 struct rad_handle *h; --- 25 unchanged lines hidden (view full) --- 982 983int 984rad_put_addr(struct rad_handle *h, int type, struct in_addr addr) 985{ 986 return rad_put_attr(h, type, &addr.s_addr, sizeof addr.s_addr); 987} 988 989int | 1063 } 1064 return h; 1065} 1066 1067struct rad_handle * 1068rad_acct_open(void) 1069{ 1070 struct rad_handle *h; --- 25 unchanged lines hidden (view full) --- 1096 1097int 1098rad_put_addr(struct rad_handle *h, int type, struct in_addr addr) 1099{ 1100 return rad_put_attr(h, type, &addr.s_addr, sizeof addr.s_addr); 1101} 1102 1103int |
1104rad_put_addr6(struct rad_handle *h, int type, struct in6_addr addr) 1105{ 1106 1107 return rad_put_attr(h, type, &addr.s6_addr, sizeof addr.s6_addr); 1108} 1109 1110int |
|
990rad_put_attr(struct rad_handle *h, int type, const void *value, size_t len) 991{ 992 int result; 993 994 if (!h->out_created) { 995 generr(h, "Please call rad_create_request()" 996 " before putting attributes"); 997 return -1; --- 226 unchanged lines hidden (view full) --- 1224rad_put_vendor_addr(struct rad_handle *h, int vendor, int type, 1225 struct in_addr addr) 1226{ 1227 return (rad_put_vendor_attr(h, vendor, type, &addr.s_addr, 1228 sizeof addr.s_addr)); 1229} 1230 1231int | 1111rad_put_attr(struct rad_handle *h, int type, const void *value, size_t len) 1112{ 1113 int result; 1114 1115 if (!h->out_created) { 1116 generr(h, "Please call rad_create_request()" 1117 " before putting attributes"); 1118 return -1; --- 226 unchanged lines hidden (view full) --- 1345rad_put_vendor_addr(struct rad_handle *h, int vendor, int type, 1346 struct in_addr addr) 1347{ 1348 return (rad_put_vendor_attr(h, vendor, type, &addr.s_addr, 1349 sizeof addr.s_addr)); 1350} 1351 1352int |
1353rad_put_vendor_addr6(struct rad_handle *h, int vendor, int type, 1354 struct in6_addr addr) 1355{ 1356 1357 return (rad_put_vendor_attr(h, vendor, type, &addr.s6_addr, 1358 sizeof addr.s6_addr)); 1359} 1360 1361int |
|
1232rad_put_vendor_attr(struct rad_handle *h, int vendor, int type, 1233 const void *value, size_t len) 1234{ 1235 struct vendor_attribute *attr; 1236 int res; 1237 1238 if (!h->out_created) { 1239 generr(h, "Please call rad_create_request()" --- 188 unchanged lines hidden --- | 1362rad_put_vendor_attr(struct rad_handle *h, int vendor, int type, 1363 const void *value, size_t len) 1364{ 1365 struct vendor_attribute *attr; 1366 int res; 1367 1368 if (!h->out_created) { 1369 generr(h, "Please call rad_create_request()" --- 188 unchanged lines hidden --- |