users.c

RADIUS协议的认证计费服务

				last_client_name = client_ent->hostname;
				break;
			}

			for (name_ent = client_ent->names;
				name_ent != (DNS_NAME *) NULL;
				name_ent = name_ent->next)
			{
				if (strcmp (name_ent->name, hostname) == 0)
				{
					break;
				}
			}

			if (name_ent != (DNS_NAME *) NULL)
			{
				break;
			}
		}
	}

	if (ud > 0)
	{
		update_clients ();
	}

	/* Don't match host-only entries (those with a null secret) */
	if (client_ent == (CLIENT_ENTRY *) NULL || *client_ent->secret == '\0')
	{
		last_client_name = (char *) NULL;
		return (-1);
	}

	if (client_ent->addrs == (IP_ADDRESS *) NULL)
	{
		last_client_name = (char *) NULL;
		*ipaddr = 0;
		return (1);
	}

	if ((*ipaddr = client_ent->addrs->ipaddr.s_addr) == -1)
	{
		last_client_name = (char *) NULL;
		return (2);
	}

	last_client_ipaddr = *ipaddr;
	last_client_found = client_ent;
	if (last_client_name == (char *) NULL)
	{
		last_client_name = name_ent->name;
	}

	*client_entry = client_ent;
	return (0);
} /* end of find_client_by_name () */

/*************************************************************************
 *
 *	Function: find_file_ent
 *
 *	Purpose: Find a FILE_LIST entry on file_list with the specified
 *		 file_pfx.  The entry should be found as find_file_ent is
 *		 only called for file_pfx's that were found in the "clients"
 *		 file at initialization time.
 *
 *************************************************************************/

#ifdef USR_CCA
FILE_LIST *
#else
static FILE_LIST *
#endif /* USR_CCA */
find_file_ent (file_pfx)

char           *file_pfx;

{
	FILE_LIST      *file_ent;
	static char    *func = "find_file_ent";

	dprintf(4, (LOG_AUTH, LOG_DEBUG, "%s: entered", func));

	if ((file_ent = file_list) == (FILE_LIST *) NULL)
	{
		logit (LOG_DAEMON, LOG_ERR,
			"%s: No users/authfile data structure", func);
		return (FILE_LIST *) NULL;
	}
	if (file_pfx && file_pfx[0])
	{
		while (strcmp (file_ent->prefix, file_pfx) != 0)
		{
			if ((file_ent = file_ent->next) == (FILE_LIST *) NULL)
			{
				logit (LOG_DAEMON, LOG_ERR,
					"%s: Couldn't match %s in FILE_LIST",
					func, file_pfx);
				return (FILE_LIST *) NULL;
			}
		}
	}
	return file_ent;
} /* end of find_file_ent () */

/*************************************************************************
 *
 *	Function: find_host_by_name
 *
 *	Purpose: Resolve the host address by looking in the client list.
 *		 Non-clients (those with a null secret) in this list
 *		 are matched as well as normal clients.
 *
 *	Returns: 0 = found host entry and resolved IP address,
 *		 1 = found host entry but unresolved IP address,	
 *		 2 = found host entry but IP address not obtained 
 *		     (unresolvable DNS name - uses address 255.255.255.255),	
 *		-1 = host not found.
 *
 *************************************************************************/

int
find_host_by_name (ipaddr, hostname)

UINT4          *ipaddr;		/* receives resultant address if found */
char           *hostname;	/* Match this name */

{
	int             ud = 0;
	char           *p;
	char           *q;
	CLIENT_ENTRY   *client_ent;
	DNS_NAME       *name_ent;
	time_t          cur_time;
	static char    *func = "find_host_by_name";

	dprintf(4, (LOG_AUTH, LOG_DEBUG, "%s: entered", func));

	if (good_ipaddr (hostname) == 0)
	{
		*ipaddr = ntohl(inet_addr (hostname));
		return 0;
	}

	if (strcmp (hostname, RADIUS_LOCALSERVER) == 0)
	{
		*ipaddr = self_ip[0];
		return 0;
	}

	/* See if it's us.  Match full name or up to "." of our name */
	for (p = hostname, q = ourhostname; *p == *q; p++, q++)
	{
		if (*p == '\0')
		{
			break;
		}
	}

	if (*p == '\0' && (*q == '\0' || *q == '.'))
	{
		*ipaddr = self_ip[0];
		return 0;
	}

	cur_time = time (0);
	for (client_ent = client_list;
		client_ent != (CLIENT_ENTRY *) NULL;
		client_ent = client_ent->next)
	{
		if (cur_time > client_ent->expire_time)
		{
			ud = 1;
		}

		if (strcmp (client_ent->hostname, hostname) == 0)
		{
			break;
		}

		for (name_ent = client_ent->names;
			name_ent != (DNS_NAME *) NULL;
			name_ent = name_ent->next)
		{
			if (strcmp (name_ent->name, hostname) == 0)
			{
				break;
			}
		}

		if (name_ent != (DNS_NAME *) NULL)
		{
			break;
		}
	}

	if (ud > 0)
	{
		update_clients ();
	}

	if (client_ent == (CLIENT_ENTRY *) NULL)
	{
		*ipaddr = 0;
		return (-1);
	}

	if (client_ent->addrs == (struct ip_address *) NULL)
	{
		*ipaddr = 0;
		return (1);
	}

	if ((*ipaddr = client_ent->addrs->ipaddr.s_addr) == -1)
	{
		return (2);
	}
	return (0);
} /* end of find_host_by_name () */

/*************************************************************************
 *
 *	Function: free_clients
 *
 *	Purpose: Toss client list entries and associated address structure.
 *
 *	Remark: Zap storage blocks to avoid leaving any secrets around.
 *
 *************************************************************************/

static void
free_clients (client_list)

CLIENT_ENTRY   *client_list;

{
	int                count;
	CLIENT_ENTRY      *client_ent;
	IP_ADDRESS        *an_address;	
	DNS_NAME          *a_name;
	static char       *func = "free_clients";

	dprintf(4, (LOG_AUTH, LOG_DEBUG, "%s: entered", func));

	for (client_ent = client_list;
		client_ent != (CLIENT_ENTRY *) NULL;
		client_ent = client_list)
	{
		client_list = client_ent->next;

		count = 0;
		for (an_address = client_ent->addrs;
			an_address != (IP_ADDRESS *) NULL;
			an_address = client_ent->addrs)
		{
			count++;
			if (count > MAX_ALIAS)
			{
				logit (LOG_AUTH, LOG_ALERT,
				"%s: FATAL: Too many addresses for client '%s'",
					func, client_ent->hostname);
				abort ();
			}

			client_ent->addrs = an_address->next;
			free (an_address);
			dns_addr_mf.f++;
		}

		count = 0;
		for (a_name = client_ent->names;
			a_name != (DNS_NAME *) NULL;
			a_name = client_ent->names)
		{
			count++;
			if (count > MAX_ALIAS)
			{
				logit (LOG_AUTH, LOG_ALERT,
				  "%s: FATAL: Too many aliases for client '%s'",
					func, client_ent->hostname);
				abort ();
			}

			client_ent->names = a_name->next;
			free (a_name);
			dns_name_mf.f++;
		}

		(void) free_vendor_list (client_ent->veps);
		client_ent->veps = (VENDOR_LIST *) NULL;
		free (client_ent);
		dns_client_mf.f++;
	}
	return;
} /* end of free_clients () */

/*************************************************************************
 *
 *	Function: free_file_lists
 *
 *	Purpose: Free all the storage for the "users" and "authfile"
 *		 memory resident data structures allocated by calling
 *		 config_files().
 *
 *************************************************************************/

static void
free_file_lists ()

{
	FILE_LIST      *file_ent;
	USER_ENTRY     *user_ent;
	AUTH_ENTRY     *auth_ent;

#ifdef USR_CCA
	ADDR_POOL      *pool_ent;
	VPN_INFO       *vpn;
	IP_ADDRESS     *pdns;
#endif	/* USR_CCA */

	static char    *func = "free_file_lists";

	dprintf(4, (LOG_AUTH, LOG_DEBUG, "%s: entered", func));

	authfile_cnt = 0;
	authfile_id[0] = '\0';
	users_cnt = 0;

	for (file_ent = file_list; file_ent; file_ent = file_list)
	{
		for (user_ent = file_ent->user_list;
			user_ent;
			user_ent = file_ent->user_list)
		{
			file_ent->user_list = user_ent->next;
			free_user_ent (user_ent);
		}
		for (auth_ent = file_ent->auth_list;
			auth_ent;
			auth_ent = file_ent->auth_list)
		{
			file_ent->auth_list = auth_ent->next;

#ifdef USR_CCA
			if (auth_ent->parent == (AUTH_ENTRY *) NULL)
			{
				if (auth_ent->vpn != (VPN_INFO *) NULL)
				{
					vpn = auth_ent->vpn;
					free_vpn_rtr (&vpn->router);
					free (vpn);
				}

				if (auth_ent->dns_info != (IP_ADDRESS *) NULL)
				{
					pdns = auth_ent->dns_info;
					while (pdns != (IP_ADDRESS *) NULL)
					{
						auth_ent->dns_info = pdns->next;
						free (pdns);
						pdns = auth_ent->dns_info;
					}
				}

				if (auth_ent->nbns_info != (IP_ADDRESS *) NULL)
				{
					pdns = auth_ent->nbns_info;
					while (pdns != (IP_ADDRESS *) NULL)
					{
						auth_ent->nbns_info =
								pdns->next;
						free (pdns);
						pdns = auth_ent->nbns_info;
					}
				}
			}
#endif	/* USR_CCA */

			free (auth_ent);
		}
#ifdef USR_CCA
		for (pool_ent = file_ent->pool_list;
			pool_ent;
			pool_ent = file_ent->pool_list)
		{
			file_ent->pool_list = pool_ent->next;
			free_pool_ent (pool_ent);
		}
#endif
		file_list = file_ent->next;
		free (file_ent);
	}

	return;
} /* end of free_file_lists () */

/*************************************************************************
 *
 *	Function: free_user_ent
 *
 *	Purpose: Free all components of a USER_ENTRY structure.  Zap
 *		 the USER_ENTRY storage.
 *
 *************************************************************************/

void
free_user_ent (user_ent)

USER_ENTRY     *user_ent;

{
	list_free (user_ent->check);
	list_free (user_ent->deny);
	list_free (user_ent->reply);
	memset ((char *) user_ent, '\0', sizeof (USER_ENTRY));
	free (user_ent);
	return;
} /* end of free_user_ent () */

/*************************************************************************
 *
 *	Function: get_client_list
 *
 *	Purpose: This function returns a pointer to the client_list.
 *
 ************************************************************************/

CLIENT_ENTRY *
get_client_list ()

{
	return client_list;

} /* end of get_client_list () */

/****************************************************************************
 *
 *	Function: get_client_type
 *
 *	Purpose: Determines the host type for given entry in the cilents file.
 *
 ***************************************************************************/
 
static int
get_client_type (line_nbr, veps)
 
int            line_nbr;
VENDOR_LIST  **veps;
 
{
	typedef struct
	{
		char    *name;
		int      val;
	} type_map_t;

	int      cli_type;
	int      i;			/* for looping over typelist[] below */
	char    *p;
	char    *type;
	char    *each;
	char    *next;

	static type_map_t typelist[] =
	{
		{ "NAS",	CE_NAS       }, /* Entry is a NAS */
		{ "PROXY",	CE_PROXY     },	/* Entry is a RADIUS server */
		{ "DAS",	CE_DAS       },	/* USR */
		{ "FRGW",	CE_FRGW      },	/* USR */
		{ "NEIGHBOR",	CE_NEIGHBOR  },	/* USR */
		{ "RAD_RFC",	CE_RAD_RFC   },	/* Entry is RFC conformant */
		{ "ACCT_RFC",	CE_ACCT_RFC  },	/* Entry is accounting RFC */
		{ "DEBUG",	CE_DEBUG     },	/* Dump packets in and out */
		{ "APPEND",	CE_APPEND    },	/* Only add new attributes */
		{ "OLDCHAP",	CE_OLDCHAP   },	/* Pre-RFC CHAP semantics */
		{ "NOENCAPS",	CE_NOENCAPS  },	/* No VSA encapsulation */
		{ "HGAS1",	CE_HGAS1     },	/* HGAS flag #1 */
		{ "HGAS2",	CE_HGAS2     },	/* HGAS flag #2 */
		{ "HGAS3",	CE_HGAS3     },	/* HGAS flag #3 */
		{ "HGAS4",	CE_HGAS4     },	/* HGAS flag #4 */
		{ "LAS1",	CE_LAS1      },	/* LAS flag #1 */
		{ "LAS2",	CE_LAS2      },	/* LAS flag #2 */
		{ "LAS3",	CE_LAS3      },	/* LAS flag #3 */
		{ "LAS4",	CE_LAS4      },	/* LAS flag #4 */
		{ "CHECK_ALL",	CE_CHECK_ALL },	/* Duplicate checking flag */
		{ "NO_CHECK",	CE_NO_CHECK  },	/* Duplicate checking flag */
		{ NULL,		0            }	/* End-of-list */
	};
	char    *func = "get_client_type";

	dprintf(2, (LOG_AUTH, LOG_DEBUG, "%s: entered", func));

	if ((p = strtok (NULL, " =\t\n")) == NULL)
	{
		logit (LOG_DAEMON, LOG_ERR,
			"%s: missing host type on line %d",
			func, line_nbr);
		return (-1);
	}
 
	if ((type = parse_for_vendor_list (p, veps)) == (char *) NULL)
	{
		logit (LOG_DAEMON, LOG_ERR,
			"%s: invalid vendor name '%s' on line %d",
			func, p, line_nbr);
		return (-1);
	}

	cli_type = 0;	/* Initial conditions. */
	
	/*
	 *	Allow for: "type=NAS", "type=NAS+ACCT_RFC", etc.
	 *	NOTE: Perhaps strpbrk (each, "+|") should be used instead.
	 */
	for (each = type, next = strchr (each, '+');
		each != NULL;
		each = next, next = strchr (each, '+'))
	{
		if (next != NULL)
		{
			*next = '\0';	/* NUL terminate string at '+' */
			next++;		/* Point past newly added NUL. */
		}

		for (i = 0; typelist[i].name != NULL; i++)
		{
			if (strcasecmp (each, typelist[i].name) == 0)
			{
				dprintf(2, (LOG_AUTH, LOG_DEBUG, 
					"%s: found type=%s, 0x%x", func,
					typelist[i].name, typelist[i].val));
				cli_type |= typelist[i].val;
				break;
			}
		}
	       
		/* Check for invalid types */
		if (typelist[i].name == NULL)
		{
			logit (LOG_DAEMON, LOG_ERR,
				"%s: unknown host type '%s' on line %d",
				func, each, line_nbr);
			return (-1);
		}

		/* short circut test above. */