Commit 2ddf1c78 authored by venaas's avatar venaas Committed by venaas
Browse files

simplified some code

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@98 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 92938fa2
...@@ -681,7 +681,7 @@ unsigned char *attrget(unsigned char *attrs, int length, uint8_t type) { ...@@ -681,7 +681,7 @@ unsigned char *attrget(unsigned char *attrs, int length, uint8_t type) {
return NULL; return NULL;
} }
void sendrq(struct server *to, struct client *from, struct request *rq) { void sendrq(struct server *to, struct request *rq) {
int i; int i;
uint8_t *attr; uint8_t *attr;
...@@ -1086,13 +1086,14 @@ int msmppe(unsigned char *attrs, int length, uint8_t type, char *attrtxt, struct ...@@ -1086,13 +1086,14 @@ int msmppe(unsigned char *attrs, int length, uint8_t type, char *attrtxt, struct
return 1; return 1;
} }
struct server *radsrv(struct request *rq, unsigned char *buf, struct client *from) { void radsrv(struct request *rq) {
uint8_t code, id, *auth, *attrs, *attr; uint8_t code, id, *auth, *attrs, *attr;
uint16_t len; uint16_t len;
struct server *to; struct server *to;
char username[256]; char username[256];
unsigned char newauth[16]; unsigned char *buf, newauth[16];
buf = rq->buf;
code = *(uint8_t *)buf; code = *(uint8_t *)buf;
id = *(uint8_t *)(buf + 1); id = *(uint8_t *)(buf + 1);
len = RADLEN(buf); len = RADLEN(buf);
...@@ -1102,7 +1103,8 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro ...@@ -1102,7 +1103,8 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro
if (code != RAD_Access_Request) { if (code != RAD_Access_Request) {
debug(DBG_INFO, "radsrv: server currently accepts only access-requests, ignoring"); debug(DBG_INFO, "radsrv: server currently accepts only access-requests, ignoring");
return NULL; free(buf);
return;
} }
len -= 20; len -= 20;
...@@ -1110,13 +1112,15 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro ...@@ -1110,13 +1112,15 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro
if (!attrvalidate(attrs, len)) { if (!attrvalidate(attrs, len)) {
debug(DBG_WARN, "radsrv: attribute validation failed, ignoring packet"); debug(DBG_WARN, "radsrv: attribute validation failed, ignoring packet");
return NULL; free(buf);
return;
} }
attr = attrget(attrs, len, RAD_Attr_User_Name); attr = attrget(attrs, len, RAD_Attr_User_Name);
if (!attr) { if (!attr) {
debug(DBG_WARN, "radsrv: ignoring request, no username attribute"); debug(DBG_WARN, "radsrv: ignoring request, no username attribute");
return NULL; free(buf);
return;
} }
memcpy(username, ATTRVAL(attr), ATTRVALLEN(attr)); memcpy(username, ATTRVAL(attr), ATTRVALLEN(attr));
username[ATTRVALLEN(attr)] = '\0'; username[ATTRVALLEN(attr)] = '\0';
...@@ -1125,23 +1129,27 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro ...@@ -1125,23 +1129,27 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro
to = id2server(username, strlen(username)); to = id2server(username, strlen(username));
if (!to) { if (!to) {
debug(DBG_INFO, "radsrv: ignoring request, don't know where to send it"); debug(DBG_INFO, "radsrv: ignoring request, don't know where to send it");
return NULL; free(buf);
return;
} }
if (rqinqueue(to, from, id)) { if (rqinqueue(to, rq->from, id)) {
debug(DBG_INFO, "radsrv: ignoring request from host %s with id %d, already got one", from->peer.host, id); debug(DBG_INFO, "radsrv: ignoring request from host %s with id %d, already got one", rq->from->peer.host, id);
return NULL; free(buf);
return;
} }
attr = attrget(attrs, len, RAD_Attr_Message_Authenticator); attr = attrget(attrs, len, RAD_Attr_Message_Authenticator);
if (attr && (ATTRVALLEN(attr) != 16 || !checkmessageauth(buf, ATTRVAL(attr), from->peer.secret))) { if (attr && (ATTRVALLEN(attr) != 16 || !checkmessageauth(buf, ATTRVAL(attr), rq->from->peer.secret))) {
debug(DBG_WARN, "radsrv: message authentication failed"); debug(DBG_WARN, "radsrv: message authentication failed");
return NULL; free(buf);
return;
} }
if (!RAND_bytes(newauth, 16)) { if (!RAND_bytes(newauth, 16)) {
debug(DBG_WARN, "radsrv: failed to generate random auth"); debug(DBG_WARN, "radsrv: failed to generate random auth");
return NULL; free(buf);
return;
} }
#ifdef DEBUG #ifdef DEBUG
...@@ -1151,23 +1159,25 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro ...@@ -1151,23 +1159,25 @@ struct server *radsrv(struct request *rq, unsigned char *buf, struct client *fro
attr = attrget(attrs, len, RAD_Attr_User_Password); attr = attrget(attrs, len, RAD_Attr_User_Password);
if (attr) { if (attr) {
debug(DBG_DBG, "radsrv: found userpwdattr with value length %d", ATTRVALLEN(attr)); debug(DBG_DBG, "radsrv: found userpwdattr with value length %d", ATTRVALLEN(attr));
if (!pwdrecrypt(ATTRVAL(attr), ATTRVALLEN(attr), from->peer.secret, to->peer.secret, auth, newauth)) if (!pwdrecrypt(ATTRVAL(attr), ATTRVALLEN(attr), rq->from->peer.secret, to->peer.secret, auth, newauth)) {
return NULL; free(buf);
return;
}
} }
attr = attrget(attrs, len, RAD_Attr_Tunnel_Password); attr = attrget(attrs, len, RAD_Attr_Tunnel_Password);
if (attr) { if (attr) {
debug(DBG_DBG, "radsrv: found tunnelpwdattr with value length %d", ATTRVALLEN(attr)); debug(DBG_DBG, "radsrv: found tunnelpwdattr with value length %d", ATTRVALLEN(attr));
if (!pwdrecrypt(ATTRVAL(attr), ATTRVALLEN(attr), from->peer.secret, to->peer.secret, auth, newauth)) if (!pwdrecrypt(ATTRVAL(attr), ATTRVALLEN(attr), rq->from->peer.secret, to->peer.secret, auth, newauth)) {
return NULL; free(buf);
return;
}
} }
rq->buf = buf;
rq->from = from;
rq->origid = id; rq->origid = id;
memcpy(rq->origauth, auth, 16); memcpy(rq->origauth, auth, 16);
memcpy(auth, newauth, 16); memcpy(auth, newauth, 16);
return to; sendrq(to, rq);
} }
void *clientrd(void *arg) { void *clientrd(void *arg) {
...@@ -1463,7 +1473,7 @@ void *clientwr(void *arg) { ...@@ -1463,7 +1473,7 @@ void *clientwr(void *arg) {
} }
debug(DBG_DBG, "clientwr: sending status server to %s", server->peer.host); debug(DBG_DBG, "clientwr: sending status server to %s", server->peer.host);
lastsend.tv_sec = now.tv_sec; lastsend.tv_sec = now.tv_sec;
sendrq(server, NULL, &statsrvrq); sendrq(server, &statsrvrq);
} }
} }
} }
...@@ -1496,9 +1506,6 @@ void *udpserverwr(void *arg) { ...@@ -1496,9 +1506,6 @@ void *udpserverwr(void *arg) {
void *udpserverrd(void *arg) { void *udpserverrd(void *arg) {
struct request rq; struct request rq;
unsigned char *buf;
struct server *to;
struct client *fr;
pthread_t udpserverwrth; pthread_t udpserverwrth;
if ((udp_server_sock = bindtoaddr(udp_server_listen->addrinfo)) < 0) if ((udp_server_sock = bindtoaddr(udp_server_listen->addrinfo)) < 0)
...@@ -1511,16 +1518,9 @@ void *udpserverrd(void *arg) { ...@@ -1511,16 +1518,9 @@ void *udpserverrd(void *arg) {
debugx(1, DBG_ERR, "pthread_create failed"); debugx(1, DBG_ERR, "pthread_create failed");
for (;;) { for (;;) {
fr = NULL;
memset(&rq, 0, sizeof(struct request)); memset(&rq, 0, sizeof(struct request));
buf = radudpget(udp_server_sock, &fr, NULL, &rq.fromsa); rq.buf = radudpget(udp_server_sock, &rq.from, NULL, &rq.fromsa);
to = radsrv(&rq, buf, fr); radsrv(&rq);
if (!to) {
free(buf);
debug(DBG_INFO, "udpserverrd: ignoring request, no place to send it");
continue;
}
sendrq(to, fr, &rq);
} }
} }
...@@ -1565,9 +1565,7 @@ void *tlsserverwr(void *arg) { ...@@ -1565,9 +1565,7 @@ void *tlsserverwr(void *arg) {
void *tlsserverrd(void *arg) { void *tlsserverrd(void *arg) {
struct request rq; struct request rq;
char unsigned *buf;
unsigned long error; unsigned long error;
struct server *to;
int s; int s;
struct client *client = (struct client *)arg; struct client *client = (struct client *)arg;
pthread_t tlsserverwrth; pthread_t tlsserverwrth;
...@@ -1588,18 +1586,13 @@ void *tlsserverrd(void *arg) { ...@@ -1588,18 +1586,13 @@ void *tlsserverrd(void *arg) {
goto errexit; goto errexit;
} }
for (;;) { for (;;) {
buf = radtlsget(client->peer.ssl); memset(&rq, 0, sizeof(struct request));
if (!buf) rq.buf = radtlsget(client->peer.ssl);
if (!rq.buf)
break; break;
debug(DBG_DBG, "tlsserverrd: got Radius message from %s", client->peer.host); debug(DBG_DBG, "tlsserverrd: got Radius message from %s", client->peer.host);
memset(&rq, 0, sizeof(struct request)); rq.from = client;
to = radsrv(&rq, buf, client); radsrv(&rq);
if (!to) {
free(buf);
debug(DBG_INFO, "tlsserverrd: ignoring request, no place to send it");
continue;
}
sendrq(to, client, &rq);
} }
debug(DBG_ERR, "tlsserverrd: connection lost"); debug(DBG_ERR, "tlsserverrd: connection lost");
/* stop writer by setting peer.ssl to NULL and give signal in case waiting for data */ /* stop writer by setting peer.ssl to NULL and give signal in case waiting for data */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment