📄 radiusd.c
字号:
int debug_flag = 0; /* Values > 0 allow various debug output */int dumpcore = 0; /* Normally 0, when > 0 causes core dump */int file_logging = 1; /* 0 => syslog, 1 => logfile, 2 => stderr */int zap_logfile = 0; /* Empty logfile first time referenced */int want_timer = 0; /* When non-zero, call timer functions */MF_ENT authreq_mf = { 0, 0 }; /* For authreq allocation */MF_ENT waldo_mf = { 0, 0 }; /* For waldo record allocation */MF_ENT redo_mf = { 0, 0 }; /* for packets */char *radius_dir;char *fsm_id = NULL; /* From %FSMID string in the FSM table */FILE *ddt = (FILE *) NULL;FILE *msgfd = (FILE *) NULL;extern AATVPTR rad_ack_aatv;extern int packet_log_switch;/* needed only by passchange.c */UINT4 expiration_seconds;UINT4 warning_seconds;int allow_pw_changing = 0;/* needed only by tokcache.c */int allow_token_caching = 0;/* needed only by authenticate.c and tokcache.c */int token_caching_auth_type[] = { AA_ACE, 0 };/* Authentication protocols which may cache tokens, must end with a zero. *//* Otherwise oreder is unimportant. Defined here, external elsewhere. *//* needed publicly only by authenticate.c, radfile.c and users.c */AATV *authtype_tv[PW_AUTH_MAX + 1]; /* AATV by authentication types *//* needed publicly only by rad.accounting.c */char *radacct_dir;u_short inetd = 0;/* needed publicly by funcs.c and las.token.c */time_t birthdate;/* this variable is declared globally and initialized in funcs.c */extern char *radius_log_fmt;
/* needed publicly only by users.c */int authfile_cnt = 0;int clients_cnt = 0;int users_cnt = 0;/* these variables are declared globally and initialized in users.c */extern int dnspid; /* PID of DNS resolver process */extern UINT4 dns_address_aging;extern UINT4 dns_address_window;extern int doing_init; /* Flag indicating initialization phase */extern int spawn_flag; /* 0 => no spawning, 1 => spawning allowed */extern int default_reply_holdtime;extern int rad_ipc_port; /* Local port number of ipc socket */extern char authfile_id[128];extern char clients_id[128];extern MF_ENT vendor_mf; /* Used in dict.c */extern MF_ENT vendor_list_mf; /* Used in dict.c *//* these variables are declared globally and initialized in dict.c */extern char *dict_id; /* From %DICTID string in the dictionary */extern char *vend_id; /* From %VENDORSID string in vendors file */#ifdef WANT_PS_NAMESextern char **environ;#endif /* WANT_PS_NAMES */#ifdef MERIT_LASextern int no_old_session;#endif /* MERIT_LAS */static AUTH_REQ_Q global_acct_q = { (AUTH_REQ_Q *) NULL, /* next */ "acct", /* q_name :: accounting */ 0, /* max */ 0, /* cur */ 0, /* cur_freed */ MAX_ACCT_REQUESTS, /* limit */ 0, /* ident */ 0, /* max_time */ 0, /* hold */ (AUTH_REQ *) NULL, /* q */ &global_acct_q.q, /* p_q_end */ (AUTH_REQ *) NULL, /* freed */ 0, /* q_ok */ 0, /* q_fail */ 0, /* q_dup */ 0, /* q_freed */ 0, /* dq_freed */ 0, /* c_free_authreq */ 0 /* c_free_authreq_final */ };/* needed publicly by rad.tacacs.c and radcount.c and the USR files */AUTH_REQ_Q global_auth_q = { &global_acct_q, /* next */ "auth", /* q_name :: authentication */ 0, /* max */ 0, /* cur */ 0, /* cur_freed */ MAX_AUTH_REQUESTS, /* limit */ 0, /* ident */ 0, /* max_time */ 0, /* hold */ (AUTH_REQ *) NULL, /* q */ &global_auth_q.q, /* p_q_end */ (AUTH_REQ *) NULL, /* freed */ 0, /* q_ok */ 0, /* q_fail */ 0, /* q_dup */ 0, /* q_freed */ 0, /* dq_freed */ 0, /* c_free_authreq */ 0 /* c_free_authreq_final */ };
static AATV server_aatv = DEF_AATV_SOCKET("RADIUS", rad_init, NULL, rad_recv);AATVPTR rad_server_aatv = & server_aatv;static AATV reply_aatv = DEF_AATV_SOCKET("REPLY", rad_reply_init, rad_reply, NULL);static AATVPTR rad_reply_aatv = & reply_aatv;extern AATVPTR rad_acct_aatv;extern AATVPTR rad_acct_switch_aatv;extern AATVPTR rad_accounting_aatv;extern AATVPTR rad_ipc_aatv;static AATVPTR *aatv_ptrs[] ={ &rad_acct_aatv, &rad_acct_switch_aatv, &rad_accounting_aatv, &rad_server_aatv, &rad_reply_aatv, &rad_ipc_aatv, AATVS, /* for all "engine external" AATVs (except ACCT) see radius.h */ &rad_acc_chal_aatv, &rad_ack_aatv, &rad_any_aatv, &rad_done_aatv, &rad_end_aatv, &rad_fail_log_aatv, &rad_fatal_aatv, &rad_fatal_log_aatv, &rad_kill_aatv, &rad_nak_aatv, &rad_null_aatv, &rad_pending_aatv, &rad_pw_expired_aatv, &rad_redo_aatv, &rad_retry_limit_aatv, &rad_seqch_limit_aatv, &rad_status_aatv, &rad_timeout_aatv, &rad_timer_aatv, &rad_ttl_aatv, &rad_ttl_slice_aatv, &rad_wait_aatv};
#define MAX_AATV (sizeof (aatv_ptrs) / sizeof (aatv_ptrs[0]))static AATV *sockfd_tv[MAX_AATV + 1];static fd_set select_mask;static int (*timer_funcs[MAX_AATV + 1]) PROTO((void));/* Keep track of the time it took to service the last 100 replies. */static u_short rad_reply_times[CLEANUP_BUCKETS];static u_short rad_reply_pos = 0; /* Start here. */
/************************************************************************* * * Function: Main RADIUS server code * * Purpose: Handle dispatching of incoming RADIUS requests on well * known socket(s) to AATV recv() function(s). * *************************************************************************/intmain (argc, argv)int argc;char **argv;{ u_short udp_port; int authtype; int dtablesize; int i; int j; int len; int maxfd; int pid; int result; int selcnt; AATV *aatv; AUTH_REQ *authreq; FILE *fp; char *ptr; struct timeval *selecttime = NULL; struct servent *svp; EV event; sigset_t signals; /* Main signal mask */ struct sigaction action; struct sockaddr_in fromsin; /* Remote socket info */ struct stat stbuf; struct timeval savetime; struct timeval timeout; fd_set readfds; char errmsg[256]; char oldpath[MAXPATHLEN]; static char *func = "main"; birthdate = time (0);#ifdef WANT_PS_NAMES /* Save these for later calls to rad_ptitle() */ radius_argv = argv; radius_argc = argc; radius_envp = environ;#endif /* WANT_PS_NAMES */ fprintf (stderr, "Merit AAA server %s, licensed software\n", verinfo (2)); fprintf (stderr,"COPYRIGHT 1992, 1993, 1994, 1995, 1996, 1997, 1998\n"); fprintf (stderr,"THE REGENTS OF THE UNIVERSITY OF MICHIGAN\n"); fprintf (stderr,"ALL RIGHTS RESERVED\n"); fprintf (stderr, "\n");#ifdef BASIC_SERVER fprintf (stderr,"PERMISSION IS GRANTED TO USE, COPY AND REDISTRIBUTE THIS VERSION OF THE MERIT\n"); fprintf (stderr,"BASIC AAA SERVER, SO LONG AS NO FEE IS CHARGED FOR THIS SOFTWARE, AND SO LONG\n"); fprintf (stderr,"AS THE COPYRIGHT NOTICE ABOVE, THIS GRANT OF PERMISSION, AND THE DISCLAIMER\n"); fprintf (stderr,"BELOW APPEAR IN ALL COPIES MADE; AND SO LONG AS THE NAME OF THE UNIVERSITY OF\n"); fprintf (stderr,"MICHIGAN OR MERIT NETWORK IS NOT USED IN ANY ADVERTISING OR PUBLICITY\n"); fprintf (stderr,"PERTAINING TO THE USE OR DISTRIBUTION OF THIS SOFTWARE WITHOUT SPECIFIC,\n"); fprintf (stderr,"WRITTEN PRIOR AUTHORIZATION.\n"); fprintf (stderr, "\n"); fprintf (stderr,"NO RIGHTS ARE GRANTED HEREUNDER FOR ANY RECIPIENT TO MODIFY, DISASSEMBLE,\n"); fprintf (stderr,"DECOMPILE, REVERSE ENGINEER OR OTHERWISE CREATE DERIVATIVE WORKS OF THIS\n"); fprintf (stderr,"SOFTWARE.\n"); fprintf (stderr, "\n"); fprintf (stderr,"THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE UNIVERSITY\n"); fprintf (stderr,"OF MICHIGAN AS TO ITS FITNESS FOR ANY PURPOSE, AND WITHOUT WARRANTY BY THE\n"); fprintf (stderr,"UNIVERSITY OF MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING\n"); fprintf (stderr,"WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"); fprintf (stderr,"A PARTICULAR PURPOSE. THE REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE\n"); fprintf (stderr,"LIABLE FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR\n"); fprintf (stderr,"CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING OUT OF OR IN\n"); fprintf (stderr,"CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF IT HAS BEEN OR IS HEREAFTER\n"); fprintf (stderr,"ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n"); fprintf (stderr, "\n"); fprintf (stderr,"FOR FURTHER INFORMATION ABOUT THE ENHANCED MERIT AAA SERVER, SEND EMAIL TO:\n"); fprintf (stderr,"aaa.license@merit OR, VISIT THE WWW SITE: www.merit.edu/aaa/\n"); fprintf (stderr, "\n");#endif /* BASIC_SERVER */#if ((defined OSF) || (defined SCO)) set_auth_parameters (argc, argv);#endif /* OSF */ file_logging = 1; progname = *argv++; argc--; radius_dir = RADIUS_DIR; radacct_dir = RADACCT_DIR; authfile_id[0] = '\0'; clients_id[0] = '\0'; timeout.tv_sec = 0; timeout.tv_usec = 0; action.sa_handler = sig_fatal; sigfillset (&action.sa_mask); action.sa_flags = 0; sigaction (SIGQUIT, &action, NULL); sigaction (SIGILL, &action, NULL); sigaction (SIGTRAP, &action, NULL); sigaction (SIGIOT, &action, NULL); /* Perhaps also known as SIGABRT ! */ sigaction (SIGFPE, &action, NULL);#ifdef _SC_OPEN_MAX if ((dtablesize = sysconf (_SC_OPEN_MAX)) == -1) { perror ("_SC_OPEN_MAX"); exit (-17); }#else /* Assume BSD */ dtablesize = getdtablesize ();#endif /* _SC_OPEN_MAX */ for (j = dtablesize; j >= 3; j--) { close (j); } /* See if anything is attached to stderr at this point */ if ((fstat (fileno(stderr), &stbuf) == -1) && (errno == EBADF)) { /* Then open system console as stderr. */ reset_stderr ("/dev/console", 1); } /* * Current options are: * * + Print usage message. * ? Print usage message. * h Print usage message. * * a Set RADIUS accounting directory. * C Allow token caching. * c Set new current working directory. * d Set RADIUS database directory. * f Specify RADIUS FSM file. * g Specify file, syslog or stderr logging. * l Specify the strftime(3) format used for RADIUS logfile. * n Specify no session table in LAS (with #ifdef MERIT_LAS). * P Allow password changing. * p Specify UDP port number for receiving RADIUS authentication. * pp Specify UDP port number for relaying RADIUS authentication. * q Specify UDP port number for receiving RADIUS accounting. * qq Specify UDP port number for relaying RADIUS accounting. * s Single-process (non-spawning) flag. * t Specify inactivity timeout value. * u Don't cache "users" files (DBM version only). * v Print version info. * x Add to the debug flag value. * z Zap logfile and debug file first time they're referenced. * (-z ignored if debugging '-x' isn't enabled) * */ while (argc) /* XXX - should use getopt here */ { if (argv[0][0] != '-') { fprintf (stderr, "%s: Invalid argument, \"%s\"\n", progname, *argv); usage (); } switch (argv[0][1]) { case '+': case 'h': case '?': usage (); break; case 'v': strcpy (errmsg, verinfo (1)); fprintf (stderr, "Use -h for help\n%s\n", errmsg); exit (-10); break; case 'x': debug_flag++; break; case 's': spawn_flag = 0; break; case 'f': if (argc <= 1) { usage (); } radius_fsm = (++argv)[0]; argc--; break; case 'l': if (argc <= 1) { usage (); } radius_log_fmt = (++argv)[0]; argc--; break; case 'a': if (argc <= 1) { usage (); } radacct_dir = (++argv)[0]; argc--; break; case 'c': if (argc <= 1) { usage (); } cur_wrk_dir = (++argv)[0]; argc--; break; case 'C': /* Allow cachine of tokens */ allow_token_caching = 1; cache_init (); break; case 'd': if (argc <= 1) { usage (); } radius_dir = (++argv)[0]; argc--; break; case 'g': if (argc <= 1) { usage (); } if (strcasecmp (*(++argv), "logfile") == 0) { file_logging = 1; } else { if (strcasecmp (*argv, "stderr") == 0) { file_logging = STDERR_FILENO; msgfd = stderr; } else { file_logging = 0;#ifdef LOG_CONS openlog ("radiusd", LOG_PID | LOG_CONS, LOG_DAEMON);#else /* LOG_CONS */ openlog ("radiusd", LOG_PID);#endif /* LOG_CONS */ msgfd = (FILE *) NULL; } } argc--; break;#ifdef MERIT_LAS⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -