git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@2 e88ac4ed-0b26-0410-9574-a7f39faa03bf

Makefile

+CFLAGS = -g -Wall -pthread
+LDFLAGS = -lssl
+
+all: radsecproxy
+
+radsecproxy: util.o
+
+clean:
+	rm -f util.o radsecproxy

radsecproxy.h

+/*
+ * Copyright (C) 2006 Stig Venaas <venaas@uninett.no>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ */
+
+#define RADLEN(x) ntohs(((uint16_t *)(x))[1])
+
+#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \
+                            sizeof(struct sockaddr_in) : \
+                            sizeof(struct sockaddr_in6))
+
+#define MAX_PEERS 256
+/* MAX_REQUESTS is 256 due to Radius' 8 bit ID field */
+#define MAX_REQUESTS 256
+#define DEFAULT_TLS_SECRET "mysecret"
+#define DEFAULT_UDP_PORT "1812"
+#define DEFAULT_TLS_PORT "2083"
+
+#define RAD_Access_Request 1
+#define RAD_Access_Accept 2
+#define RAD_Access_Reject 3
+#define RAD_Accounting_Request 4
+#define RAD_Accounting_Response 5
+#define RAD_Access_Challenge 11
+#define RAD_Status_Server 12
+#define RAD_Status_Client 13
+
+#define RAD_Attr_User_Name 1
+#define RAD_Attr_User_Password 2
+
+#define RAD_Attr_Type 0
+#define RAD_Attr_Length 1
+#define RAD_Attr_Value 2
+
+/* requests that a client will send */
+struct request {
+    unsigned char *buf;
+    uint8_t tries;
+    uint8_t received;
+    struct timeval timeout;
+    struct peer *from;
+    uint8_t origid; /* used by servwr */
+    char origauth[16]; /* used by servwr */
+    struct sockaddr_storage fromsa; /* used by udpservwr */
+};
+
+/* replies that a server will send */
+struct reply {
+    unsigned char *buf;
+    struct sockaddr_storage tosa; /* used by udpservwr */
+};
+
+struct replyq {
+    struct reply *replies;
+    int count;
+    int size;
+    pthread_mutex_t count_mutex;
+    pthread_cond_t count_cond;
+};
+
+struct peer {
+    char type; /* U for UDP, T for TLS */
+    char *host;
+    char *port;
+    char *secret;
+    SSL *sslcl, *sslsrv;
+    pthread_mutex_t lock;
+    pthread_t clientth;
+    int sockcl;
+    struct addrinfo *addrinfo;
+    /* requests and newrq* are requests passed from servers to clients */
+    struct request *requests;
+    uint8_t newrq;
+    pthread_mutex_t newrq_mutex;
+    pthread_cond_t newrq_cond;
+    /* repl* are replies passed from clients to tls servers */
+    struct replyq *replyq;
+    int replycount;
+    pthread_mutex_t replycount_mutex;
+    pthread_cond_t replycount_cond;
+};
+
+void errx(char *format, ...);
+void err(char *format, ...);
+char *addr2string(struct sockaddr *addr, socklen_t len);
+int bindport(int type, char *port);
+int connectport(int type, char *host, char *port);

util.c

+/*
+ * Copyright (C) 2006 Stig Venaas <venaas@uninett.no>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ */
+
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdarg.h>
+
+void errx(char *format, ...) {
+    extern int errno;
+
+    va_list ap;
+    va_start(ap, format);
+    vfprintf(stderr, format, ap);
+    va_end(ap);
+    if (errno) {
+        fprintf(stderr, ": ");
+        perror(NULL);
+        fprintf(stderr, "errno=%d\n", errno);
+    } else
+        fprintf(stderr, "\n");
+    exit(1);
+}
+
+void err(char *format, ...) {
+    extern int errno;
+
+    va_list ap;
+    va_start(ap, format);
+    vfprintf(stderr, format, ap);
+    va_end(ap);
+    if (errno) {
+        fprintf(stderr, ": ");
+        perror(NULL);
+        fprintf(stderr, "errno=%d\n", errno);
+    } else
+        fprintf(stderr, "\n");
+}
+
+char *addr2string(struct sockaddr *addr, socklen_t len) {
+    struct sockaddr_in6 *sa6;
+    struct sockaddr_in sa4;
+    static char addr_buf[2][INET6_ADDRSTRLEN];
+    static int i = 0;
+    i = !i;
+    if (addr->sa_family == AF_INET6) {
+	sa6 = (struct sockaddr_in6 *)addr;
+	if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
+	    memset(&sa4, 0, sizeof(sa4));
+	    sa4.sin_family = AF_INET;
+	    sa4.sin_port = sa6->sin6_port;
+	    memcpy(&sa4.sin_addr, &sa6->sin6_addr.s6_addr[12], 4);
+	    addr = (struct sockaddr *)&sa4;
+	}
+    }
+    if (getnameinfo(addr, len, addr_buf[i], sizeof(addr_buf[i]),
+                    NULL, 0, NI_NUMERICHOST)) {
+        err("getnameinfo");
+        return NULL;
+    }
+    return addr_buf[i];
+}
+
+int bindport(int type, char *port) {
+    struct addrinfo hints, *res0, *res;
+    int s;
+    
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_socktype = type;
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_flags = AI_PASSIVE;
+
+    if (getaddrinfo(NULL, port, &hints, &res0) != 0) {
+        err("bindport: can't resolve port %s", port);
+	return -1;
+    }
+    for (res = res0; res; res = res->ai_next) {
+        s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+        if (s >= 0) {
+            if (bind(s, res->ai_addr, res->ai_addrlen) == 0)
+                break;
+            close(s);
+            s = -1;
+        }
+    }
+    freeaddrinfo(res0);
+    return s;
+}
+
+int connectport(int type, char *host, char *port) {
+    struct addrinfo hints, *res0, *res;
+    int s;
+    
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_socktype = type;
+    hints.ai_family = AF_UNSPEC;
+
+    if (getaddrinfo(host, port, &hints, &res0) != 0) {
+        err("connectport: can't resolve host %s port %s", host, port);
+	return -1;
+    }
+
+    for (res = res0; res; res = res->ai_next) {
+	s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+	if (s < 0) {
+	    err("connectport: socket failed");
+	    continue;
+	}
+	if (connect(s, res->ai_addr, res->ai_addrlen) == 0)
+	    break;
+	err("connectport: connect failed");
+	close(s);
+	s = -1;
+    }
+    freeaddrinfo(res0);
+    return s;
+}