radiusd.c

RADIUS协议的认证计费服务

/*
 * RADIUS -- Remote Authentication Dial In User Service
 *
 *
 * Livingston Enterprises, Inc. 6920 Koll Center Parkway Pleasanton, CA   94566
 *
 * Copyright 1992 Livingston Enterprises, Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose and without fee is hereby granted, provided that this copyright
 * and permission notice appear on all copies and supporting documentation,
 * the name of Livingston Enterprises, Inc. not be used in advertising or
 * publicity pertaining to distribution of the program without specific
 * prior permission, and notice be given in supporting documentation that
 * copying and distribution is by permission of Livingston Enterprises, Inc.
 *
 * Livingston Enterprises, Inc. makes no representations about the suitability
 * of this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 *      Copyright (c) 1996 Ascend Communications, Inc.
 *      All rights reserved.
 *
 *      Permission to copy, display, distribute and make derivative works
 *      from this material in whole or in part for any purpose is granted
 *      provided that the above copyright notice and this paragraph are
 *      duplicated in all copies.  THIS SOFTWARE IS PROVIDED "AS IS" AND
 *      WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING, WITHOUT
 *      LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 *      FOR A PARTICULAR PURPOSE.
 *
 *
 * Copyright (c) 1996 U.S. Robotics, Access Corp.
 * All rights reserved.
 *
 * Permission to copy, display, distribute and make derivative works
 * from this material in whole or in part for any purpose is granted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all copies.  THIS SOFTWARE IS PROVIDED "AS IS" AND
 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING, WITHOUT
 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE.
 *
 */

/*
 * Copyright [C] The Regents of the University of Michigan and Merit Network,
 * Inc. 1992, 1993, 1994, 1995, 1996, 1997, 1998 All Rights Reserved
 *
 * Permission to use, copy, and modify this software and its documentation
 * for any purpose and without fee is hereby granted, provided:
 *
 * 1) that the above copyright notice and this permission notice appear in all
 *    copies of the software and derivative works or modified versions thereof,
 *
 * 2) that both the copyright notice and this permission and disclaimer notice
 *    appear in all supporting documentation, and
 *
 * 3) that all derivative works made from this material are returned to the
 *    Regents of the University of Michigan and Merit Network, Inc. with
 *    permission to copy, to display, to distribute, and to make derivative
 *    works from the provided material in whole or in part for any purpose.
 *
 * Users of this code are requested to notify Merit Network, Inc. of such use
 * by sending email to aaa-admin@merit.edu
 *
 * Please also use aaa-admin@merit.edu to inform Merit Network, Inc of any
 * derivative works.
 *
 * Distribution of this software or derivative works or the associated
 * documentation is not allowed without an additional license.
 *
 * Licenses for other uses are available on an individually negotiated
 * basis.  Contact aaa-license@merit.edu for more information.
 *
 * THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE REGENTS OF THE
 * UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE
 * FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR
 * THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE.  The Regents of the
 * University of Michigan and Merit Network, Inc. shall not be liable for any
 * special, indirect, incidental or consequential damages with respect to any
 * claim by Licensee or any third party arising from use of the software.
 *
 * Merit AAA Server Support
 * Merit Network, Inc.
 * 4251 Plymouth Road, Suite C.
 * Ann Arbor, Michigan, USA 48105-2785
 *
 * attn:  John Vollbrecht
 * voice: 734-764-9430
 * fax:   734-647-3185
 * email: aaa-admin@merit.edu
 *
 */

/*
 *
 * Public entry points in this file:
 *
 * build_acct_req
 * call_action
 * dump_received_packet
 * enqueue_authreq
 * queue_find
 * rad_2rad_recv
 * rad_recv
 * radius_send
 * start_fsm
 *
 */

/* N.B. don't look here for the version, run radiusd -v or look in version.c */

static char     sccsid[] =
		"@(#)radiusd.c 1.5 Copyright 1992 Livingston Enterprises Inc";

static char     rcsid[] =
		"$Id: radiusd.c,v 1.1.1.1 2001/08/10 20:49:29 bonze Exp $";

#include	<sys/types.h>
#include	<sys/stat.h>

#if !(defined(FD_SET) || defined(linux))
#include	<sys/select.h>
#endif	/* FD_SET */

#if defined(sys5)
#include	<sys/sysmacros.h>
#endif	/* sys5 */

#ifdef	SVR4
#include	<sys/systeminfo.h>
#endif	/* SVR4 */

#include	<sys/param.h>
#include	<sys/socket.h>
#include	<sys/time.h>
#include	<sys/file.h>
#include	<sys/wait.h>
#include	<net/if.h>
#include	<netinet/in.h>
#include	<arpa/inet.h>

#include	<signal.h>
#include	<stdio.h>
#include	<stdlib.h>
#include	<netdb.h>
#include	<fcntl.h>
#include	<errno.h>
#include	<memory.h>
#include	<unistd.h>
#include	<syslog.h>

#include	"radius.h"

/* Static Declarations */

#ifdef USR_CCA
int             alarm_set = 0;    /* Required by rq_req.c */
#else /* USR_CCA */
static int      alarm_set = 0;    /* Flag indicates alarm is set */
#endif	/* USR_CCA */

static int      cache_users = 1;  /* Read users file to memory (default) */
static u_char   log_forwarding = 0; /* 1 ==> packet log relaying and replying */
static int      log_forwarding_sws = 0;

#define	LFS_FWD_VECTOR	PL_FWD_VECTOR	/* These three should be in radius.h */
#define	LFS_DUMP	0x0100		/* Dump packet when forwarding. */
#define	LFS_FWD_DIGEST  0x0200		/* Dump digest when forwarding. */

static char    *progname;
static u_char   log_generated_request = 1;
static int      select_max = 0;   /* computed in main() */
static char    *debug_file = RADIUS_DEBUG;
static int      zap_debugfile = 0; /* Empty debugfile first time referenced. */
static char    *radius_fsm = RADIUS_FSM;
static char    *cur_wrk_dir = (char *) NULL; /* Initially use our parent's. */
static int      nfsm;             /* number of FSM entries */
static int      child_done = 0;   /* This child isn't done yet. */
static AATV    *child_aatv = (AATV *) NULL;
static AATV    *current_aatv = (AATV *) NULL;

#ifdef USR_CCA
FSM_ENT       **fsm;
#else
static FSM_ENT **fsm;             /* pointer to FSM table */
#endif	/* USR_CCA */

static FSM_ENT **default_fsm;
static int      avalue;
static time_t   tofmaxdelay;
static time_t   select_cur = 0;   /* recorded in main() */
static char     path[MAXPATHLEN];
static char     logversion[MAXPATHLEN];
static int      last_send_len = 0;    /* Length of last socket request sent */
static struct sockaddr_in last_send_sin; /* Socket info of last request sent */
static char     last_send_action[64]; /* Name of action sending last request */
static int      default_retry_limit = 0;
static int      default_seqch_limit = 0;
static int      rad_reply_switch = 0;	/* See RRS_xxx below */

/* All these RRS_* should be in radius.h (XXX: so why aren't they?) */
#define	RRS_ALL		0x00000001	/* Check all queue'd requests */
#define	RRS_ABORT	0x00000002	/* Abort if match fails */
#define	RRS_IGNORE	0x00000004	/* Ignore reply */
#define	RRS_VERBOSE	0x00000008	/* Dump a/v pairs into logfile */
#define	RRS_DUMP	0x00000010	/* Dump received reply packet */
#define	RRS_DROP	0x00000100	/* Drop pending request */
#define	RRS_NAK		0x00000200	/* NAK pending request */

#define	RADCHECK_QSTATS 0x0001          /* Show queue information */
#define	RADCHECK_PSTATS 0x0002          /* Show packet stats */

static int      radcheck_switch = RADCHECK_QSTATS;

/*
 *	These counters help determine how much traffic we encounter.
 *	They are arranged in the opposite order from the radcheck output.
 */

PACKET_COUNTS stat_etc_xmit =
			{
				(PACKET_COUNTS *) NULL,
				"etc_xmit",
				0,
				0,
				0
			};

PACKET_COUNTS stat_etc_resp =
			{
				&stat_etc_xmit,
				"etc_resp",
				0,
				0,
				0
			};

static PACKET_COUNTS stat_redos =
			{
				&stat_etc_resp,
				"redo",
				0,
				0,
				0
			};

static PACKET_COUNTS stat_responses =
			{
				&stat_redos,
				"resp",
				0,
				0,
				0
			};

static PACKET_COUNTS stat_transmitted =
			{
				&stat_responses,
				"xmit",
				0,
				0,
				0
			};

static PACKET_COUNTS stat_replied =
			{
				&stat_transmitted,
				"reply",
				0,
				0,
				0
			};

static PACKET_COUNTS stat_received =
			{
				&stat_replied,
				"rcvd",
				0,
				0,
				0
			};

static DICT_ATTR_LIST *reply_check_list = (DICT_ATTR_LIST *) NULL;

#ifdef USR_CCA
static char     qry_init = FALSE;
extern char     dns_done;
#endif	/* USR_CCA */

#ifdef MERIT_HUNTGROUP
time_t          save_hgtime = 0;	/* timestamp of huntgroups file */
#endif	/* MERIT_HUNTGROUP */

/* Forward Declarations */

static void     aatv_process_end PROTO((AATV *));
static int      acc_chal_action PROTO((AUTH_REQ *, int, char *));
static int      authreq_dup_check PROTO((AUTH_REQ *, AUTH_REQ *, VALUE_PAIR **,
					char **, char **));
static int      authreq_q_size PROTO((AUTH_REQ *));
/* external     build_acct_req */
/* external     call_action */
static int      check_reply PROTO((AUTH_REQ *, VALUE_PAIR *));
static void     child_end PROTO((int));
static int      cleanup_delay PROTO((int));
static int      config_initialize PROTO((void));
static void     debug_bump PROTO((int));
static void     debug_off PROTO((int));
static void     doconfig PROTO((int));
static int      done_action PROTO((AUTH_REQ *, int, char *));
static int      ev2code PROTO((AUTH_REQ *, int));
static int      fail_log_action PROTO((AUTH_REQ *, int, char *));
/* external     fatal_action */
static int      fatal_log_action PROTO((AUTH_REQ *, int, char *));
/* external     find_aatv */
static char    *find_state_name PROTO((int));
static int      fork_reply PROTO((AUTH_REQ *, int));
static void     found_waldo PROTO((EVENT_ENT *, EV *));

#if !defined(USR_CCA)
static void     free_authreq PROTO((AUTH_REQ *));
static void     free_event_list PROTO((AUTH_REQ *));
#endif	/* USR_CCA */

static void     free_authreq_final PROTO((AUTH_REQ *));

#if !defined(USR_CCA)
static void     free_event_list_final PROTO((AUTH_REQ *));
#endif	/* USR_CCA */

static void     free_event PROTO((EVENT_ENT *));
static void     free_event_final PROTO((EVENT_ENT *));
static void     free_proc_ent PROTO((PROC_ENT *));
static int      get_radrequest PROTO((int, AUTH_REQ **, struct sockaddr_in *,
					UINT4, u_int, CLIENT_ENTRY *));
static u_char   get_state PROTO((VALUE_PAIR **));
static int      handle_sysconf PROTO((int, int, char *, char *));
static int      init_aatvs PROTO((void));
static AUTH_REQ *is_dup_request PROTO((AUTH_REQ *, int *));
static int      kill_action PROTO((AUTH_REQ *, int, char *));
static void     log_queues PROTO((AUTH_REQ *, char *));
static EVENT_ENT *match_waldo PROTO((int, AUTH_REQ *, EV *, VALUE_PAIR *));
static int      nak_action PROTO((AUTH_REQ *, int, char *));
static int      null_action PROTO((AUTH_REQ *, int, char *));

static char    *packet_counts_toa PROTO((PACKET_COUNTS *));
static int      pending_action PROTO((AUTH_REQ *, int, char *));
static int      protocol_check PROTO((AUTH_REQ *, VALUE_PAIR **));
static AUTH_REQ *proxy_forwarding PROTO((int, struct sockaddr_in *, UINT4,
					u_int));
static int      pw_expired_action PROTO((AUTH_REQ *, int, char *));
/* external     rad_2rad_recv */
static void     rad_init PROTO((AATV *));
static void     rad_ipc_init PROTO((AATV *));
static AUTH_REQ *rad_ipc_recv PROTO((int, struct sockaddr_in *, UINT4, u_int,
					EV *));
/* external     rad_recv */
static int      rad_reply PROTO((AUTH_REQ *, int, char *));
static void     rad_reply_init PROTO((AATV *));
/* external     radius_send */
static void     read_sysconf PROTO((void));
static int      record_event PROTO((AUTH_REQ *, AATV *, int, int, char *));
static int      redo_action PROTO((AUTH_REQ *, int, char *));
static void     reply_timer PROTO((int));
static AUTH_REQ *response_match PROTO((AUTH_REQ *, CLIENT_ENTRY *, u_char *,
					int, int, int, u_char *, u_char *,
					int *, int *, AUTH_REQ **));
static int      retry_limit_action PROTO((AUTH_REQ *, int, char *));
static int      seqch_limit_action PROTO((AUTH_REQ *, int, char *));
static void     send_cmd_unrec PROTO((int, int, struct sockaddr_in *, int,
					int, CLIENT_ENTRY *));
static void     send_reply PROTO((int, char *, int, AUTH_REQ *, int));
static int      server_status PROTO((AUTH_REQ *, int, char *));
static void     set_debug PROTO((int));
static void     sig_fatal PROTO((int));
static void     sig_int PROTO((int));
static void     sig_quit PROTO((int));
static void     sig_term PROTO((int));
/* external     start_fsm */
static void     state_machine PROTO((EV, AUTH_REQ *));
static void     stat_files PROTO((int, int));
static void     sysconf_init PROTO((AATV *));
static int      timeout_action PROTO((AUTH_REQ *, int, char *));
static int      timer_action PROTO((AUTH_REQ *, int, char *));
static int      ttl_action PROTO((AUTH_REQ *, int, char *));
static int      ttl_slice_action PROTO((AUTH_REQ *, int, char *));
static void     usage PROTO((void));
static int      wait_action PROTO((AUTH_REQ *, int, char *));

/*************************************************************************
 *
 *	Utility AATV structures
 *
 *************************************************************************/

static AATV     any_aatv = DEF_AATV_DIRECT_CFG("*", sysconf_init, null_action,
						NULL);
static AATVPTR  rad_any_aatv = & any_aatv;

static AATV     end_aatv = DEF_AATV_DIRECT("CLEANUP", NULL);
static AATVPTR  rad_end_aatv = & end_aatv;

static AATV     acc_chal_aatv = DEF_AATV_DIRECT("ACC_CHAL", NULL);
static AATVPTR  rad_acc_chal_aatv = & acc_chal_aatv;

static AATV     done_aatv = DEF_AATV_DIRECT("DONE", done_action);
static AATVPTR  rad_done_aatv = & done_aatv;

static AATV     fail_log_aatv = DEF_AATV_DIRECT("FAIL", fail_log_action);
static AATVPTR  rad_fail_log_aatv = & fail_log_aatv;

static AATV     fatal_aatv = DEF_AATV_DIRECT("FATAL", fatal_action);
static AATVPTR  rad_fatal_aatv = & fatal_aatv;

static AATV     fatal_log_aatv = DEF_AATV_DIRECT("FATAL_LOG", fatal_log_action);
static AATVPTR  rad_fatal_log_aatv = & fatal_log_aatv;

static AATV     kill_aatv = DEF_AATV_DIRECT("KILL", kill_action);
static AATVPTR  rad_kill_aatv = & kill_aatv;

static AATV     nak_aatv = DEF_AATV_DIRECT_TYPE("NAK", AA_DENY, nak_action);
static AATVPTR  rad_nak_aatv = & nak_aatv;

static AATV     null_aatv = DEF_AATV_DIRECT_TYPE("NULL", AA_BLACKHOLE,
								null_action);
static AATVPTR  rad_null_aatv = & null_aatv;

static AATV     pending_aatv = DEF_AATV_DIRECT("PENDING", pending_action);
static AATVPTR  rad_pending_aatv = & pending_aatv;

static AATV     pw_expired_aatv = DEF_AATV_DIRECT("PW_EXPIRED",
							pw_expired_action);
static AATVPTR  rad_pw_expired_aatv = & pw_expired_aatv;

static AATV     redo_aatv = DEF_AATV_DIRECT("REDO", redo_action);
static AATVPTR  rad_redo_aatv = & redo_aatv;

static AATV     retry_limit_aatv = DEF_AATV_DIRECT("RETRY_LIMIT",
							retry_limit_action);
static AATVPTR  rad_retry_limit_aatv = & retry_limit_aatv;

static AATV     seqch_limit_aatv = DEF_AATV_DIRECT("SEQCH_LIMIT",
							seqch_limit_action);

static AATVPTR  rad_seqch_limit_aatv = & seqch_limit_aatv;

static AATV     status_aatv = DEF_AATV_DIRECT("SRV_STATUS", server_status);
static AATVPTR  rad_status_aatv = & status_aatv;

static AATV     timeout_aatv = DEF_AATV_DIRECT("TIMEOUT", timeout_action);
static AATVPTR  rad_timeout_aatv = & timeout_aatv;

static AATV     timer_aatv = DEF_AATV_DIRECT("TIMER", timer_action);
static AATVPTR  rad_timer_aatv = & timer_aatv;

static AATV     ttl_aatv = DEF_AATV_DIRECT("TTL", ttl_action);
static AATVPTR  rad_ttl_aatv = & ttl_aatv;

static AATV     ttl_slice_aatv = DEF_AATV_DIRECT("TTL_SLICE", ttl_slice_action);
static AATVPTR  rad_ttl_slice_aatv = & ttl_slice_aatv;

static AATV     wait_aatv = DEF_AATV_DIRECT("WAIT", wait_action);
static AATVPTR  rad_wait_aatv = & wait_aatv;

/*
 *	Global Variables
 */

u_short         auth_port = 0;
u_short         auth_fwd_port = 0;  /* UDP port number for relaying */
u_short         acct_port = 0;
u_short         acct_fwd_port = 0;  /* UDP port number for acct relaying */
UINT2           send_buffer_size = RAD_SEND_BUFFER_SIZE;
u_char          recv_buffer[RAD_RECV_BUFFER_SIZE];
static char     recv_buffer_backup[RAD_RECV_BUFFER_SIZE];
u_char          send_buffer[RAD_SEND_BUFFER_SIZE];
char            ourhostname[MAXHOSTNAMELEN];
UINT4           was_proxy_forwarding = 0; /* length of recv_buffer_backup[] */