funcs.c

来自「RADIUS协议的认证计费服务」· C语言 代码 · 共 2,608 行 · 第 1/5 页

/*
 * RADIUS -- Remote Authentication Dial In User Service
 *
 *
 * Livingston Enterprises, Inc. 6920 Koll Center Parkway Pleasanton, CA   94566
 *
 * Copyright 1992 Livingston Enterprises, Inc.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose and without fee is hereby granted, provided that this copyright
 * and permission notice appear on all copies and supporting documentation,
 * the name of Livingston Enterprises, Inc. not be used in advertising or
 * publicity pertaining to distribution of the program without specific
 * prior permission, and notice be given in supporting documentation that
 * copying and distribution is by permission of Livingston Enterprises, Inc.
 *
 * Livingston Enterprises, Inc. makes no representations about the suitability
 * of this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 */

/*
 * Copyright [C] The Regents of the University of Michigan and Merit Network,
 * Inc. 1992, 1993, 1994, 1995, 1996, 1997, 1998 All Rights Reserved
 *
 * Permission to use, copy, and modify this software and its documentation
 * for any purpose and without fee is hereby granted, provided:
 *
 * 1) that the above copyright notice and this permission notice appear in all
 *    copies of the software and derivative works or modified versions thereof,
 *
 * 2) that both the copyright notice and this permission and disclaimer notice
 *    appear in all supporting documentation, and
 *
 * 3) that all derivative works made from this material are returned to the
 *    Regents of the University of Michigan and Merit Network, Inc. with
 *    permission to copy, to display, to distribute, and to make derivative
 *    works from the provided material in whole or in part for any purpose.
 *
 * Users of this code are requested to notify Merit Network, Inc. of such use
 * by sending email to aaa-admin@merit.edu
 *
 * Please also use aaa-admin@merit.edu to inform Merit Network, Inc of any
 * derivative works.
 *
 * Distribution of this software or derivative works or the associated
 * documentation is not allowed without an additional license.
 *
 * Licenses for other uses are available on an individually negotiated
 * basis.  Contact aaa-license@merit.edu for more information.
 *
 * THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE REGENTS OF THE
 * UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE
 * FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR
 * THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE.  The Regents of the
 * University of Michigan and Merit Network, Inc. shall not be liable for any
 * special, indirect, incidental or consequential damages with respect to any
 * claim by Licensee or any third party arising from use of the software.
 *
 * Merit AAA Server Support
 * Merit Network, Inc.
 * 4251 Plymouth Road, Suite C.
 * Ann Arbor, Michigan, USA 48105-2785
 *
 * attn:  John Vollbrecht
 * voice: 734-764-9430
 * fax:   734-647-3185
 * email: aaa-admin@merit.edu
 *
 */

/*
 *
 * Public entry points in this file:
 *
 * ack_action
 * add_dns_nbns
 * add_string
 * add_string_dump
 * attribute_out
 * attribute_pw_out
 * authtype_toa
 * auth_vectortoa
 * avpair_add
 * avpair_add_attr_tag
 * avpair_add_tag
 * avpair_add_vend
 * avpair_add_vend_tag
 * avpair_assign
 * avpair_assign_tag
 * avpair_comp
 * avpair_del
 * avpair_del_ci
 * avpair_dup
 * avpair_free
 * avpair_get
 * avpair_get_tag
 * avpair_get_vend
 * avpair_get_vend_tag
 * avpair_out
 * avpair_string_mod
 * avpair_vtoa
 * build_header
 * build_packet
 * build_reply_mic
 * build_request_mic
 * check_mic
 * compress_file
 * debug_list
 * debug_pair
 * dumpit
 * fdcmp
 * free_linklist
 * fprint_attr_val
 * fprint_attr_val_sws
 * gen_valpairs
 * get_errmsg
 * get_ipaddr
 * get_last_vp
 * get_last_vp_vend
 * get_memory
 * get_next_word
 * get_passwd
 * get_realm_name
 * get_vp
 * get_vp_ci
 * get_vp_vend
 * get_word_list
 * good_ipaddr
 * hex_dump
 * insert_vp
 * list_cat
 * list_copy
 * list_free
 * lockfile
 * logfmt_accounting
 * _logit
 * logit
 * mf_ent_toa
 * missing_attribute
 * missing_attribute_vend
 * new_stringn
 * packet_log
 * parse_realm
 * parse_realm2
 * prune_pairs
 * rad_fork
 * rad_ptitle
 * rad_vptitle
 * rad_sleep
 * rad_strncpy
 * _rad_strdup
 * rad_time
 * radius_dbfile
 * _reply_message
 * reply_sprintf
 * reset_attr_flag
 * reset_stderr
 * reset_vp_attr_flags_list
 * reset_vp_flag
 * reset_vp_flags_list
 * safe_free
 * set_attr_flag
 * set_vp_attr_flags_list
 * set_vp_flag
 * set_vp_flags_list
 * set_realm_name
 * setup_logfile
 * setupsock
 * switch_by_name
 * type_string
 * xget_word_list
 *
 */

static char     rcsid[] = "$Id: funcs.c,v 1.1.1.1 2001/08/10 20:49:28 bonze Exp $";

#include	<sys/types.h>
#include	<sys/param.h>

#ifdef sys5
#include	<sys/sysmacros.h>
#endif	/* sys5 */

#include	<sys/socket.h>
#include	<sys/time.h>

#if defined(aix) || defined(ultrix)
#include	<fcntl.h>
#else	/* aix */
#include	<sys/fcntl.h>
#endif	/* aix */

#include	<sys/file.h>
#include	<sys/stat.h>
#include	<sys/wait.h>
#include	<net/if.h>
#include	<netinet/in.h>
#include	<arpa/inet.h>

#include	<stdio.h>
#include	<netdb.h>
#include	<ctype.h>
#include	<errno.h>
#include	<dirent.h>
#include	<memory.h>
#include	<syslog.h>
#define _XOPEN_SOURCE
#include	<unistd.h>

#include	"radius.h"


/* Seconds from 1/1/1900 to 1/1/1970 (1900 wasn't a leap year) */
/* (((365 * 70) + (70/4)) * 24 * 60 * 60) = 2208988800 */

#ifdef __STDC__
#define	NTP_TIME_DIFF		(2208988800UL)
#else
#define	NTP_TIME_DIFF		((UINT4)2208988800)
#endif

#ifndef LIST_COPY_LIMIT
#define	LIST_COPY_LIMIT		512   /* Limit number of items we will copy. */
#endif

#ifndef AVPAIR_LIST_LENGTH_MAX
#define	AVPAIR_LIST_LENGTH_MAX	(LIST_COPY_LIMIT*40) /* Should be big enough */
#endif

extern int       debug_flag;
extern int       doing_init;
extern int       dumpcore;
extern int       file_logging;
extern int       spawn_flag;
extern int       zap_logfile;

#if !defined(__FreeBSD__) && !defined(_BSDI_VERSION) && !defined(__NetBSD__)
/* commented by bonze
extern int       sys_nerr;
extern char     *sys_errlist[];
*/
extern int       _sys_nerr;
extern __const char *__const _sys_errlist[];
#endif	/* __FreeBSD__ */

extern FILE     *ddt;
extern FILE     *msgfd;
extern char     *radius_dir;
extern AATVPTR   rad_authen_aatv;
extern time_t    birthdate;
extern char      ourhostname[MAXHOSTNAMELEN];
extern char    **environ;			/* provided by the system */

/* allow logit() function to be overridden */
static int _logit PROTO((int, int, CONST char *, ...));
int (*logit) PROTO((int, int, CONST char *, ...)) = _logit;

int	packet_log_switch = 0x03;	/*
					 * 0x00 / Don't search!
					 * 0x01 / Search original request
					 * 0x02 / Search current request
					 * 0x04 / Compare original and current
					 * 0x08 / Core dump if original doesn't
					 *		match current.
					 */

/* radius_child == 1 means we're a child and can modify process title */
int              radius_child = 0;

/* Simple linked list of similarily hased entries */
typedef struct add_string_string_struct
{
	struct add_string_string_struct *next;		/* case-sensitive */
	char                             buff[1];	/* allocated string */
} ADD_STRING_STRING;

static UINT4 add_string_news = 0;
static ADD_STRING_STRING *add_string_table[ADD_STRING_HASH_SIZE];

static int add_string_hash PROTO((char *));
static int add_string_hash_lowercase PROTO((char *));
static char * add_string_insert PROTO((char *, int, AS_CONVERT));
static int add_string_qlen PROTO((ADD_STRING_STRING *));
static UINT4 add_string_qstrlen PROTO((ADD_STRING_STRING *));
static int add_string_strlowercmp PROTO((char *, ADD_STRING_STRING *));
static int avpair_list_length PROTO((VALUE_PAIR *));
static void avpair_string_free PROTO((char *));

#ifdef BINARY_FILTERS
static char * binary_vtoa PROTO((radfilter *));
#endif	/* BINARY_FILTERS */

static int generate26 PROTO((VALUE_PAIR ***, u_char *, long, UINT4));
static int gen_wrap PROTO((int, UINT4, UINT4, int, u_char *, u_char *,
				VALUE_PAIR *, VALUE_PAIR ***, UINT4, int));
static int insert_attribute PROTO((DICT_ATTR *, AUTH_HDR *, UINT4, void *, int,
				int, VENDOR_LIST *, int));
static char *packet_log_validate PROTO((AUTH_REQ *, int, UINT4, int *, int));

static int      active_vpstrings = 0;
MF_ENT          vp_mf = { 0, 0 };		/* For value pair allocation */

char           *radius_log_fmt = RADIUS_LOG_FMT;
char          **radius_argv = (char **) NULL;	/* Original argv[] in main. */
char          **radius_envp = (char **) NULL;	/* Will hold environ pointer. */
int             radius_argc = -1;		/* Original argc in main. */
u_short         list_copy_limit = LIST_COPY_LIMIT;

/*
 *	Enable logfile switching based on time of day, etc.
 */

typedef struct
{
	struct stat	stat;			/* Result of stat() call. */
	int		errcode;		/* Zero ==> OK, else errno. */
	char		name[MAXPATHLEN];	/* Full file name. */
} logfile_info;

/*
 * Define a dummy client entry for status-servers requests from unknown clients
 */

CLIENT_ENTRY dummy_status_server_client =
{
	NULL,			/* *next */
	NULL,			/* *ipaddress */
	MGMT_POLL_SECRET,	/* *secret */
	"",			/* *prefix */
	"",			/* *hostname */
	NULL,			/* *names */
	(VENDOR_LIST *) NULL,	/* *veps */
	(EVENT_ENT *) NULL,     /* *event_q */
	0,			/* expire_time */
	0,			/* auth_port */
	0,			/* acct_port */
	IP_DNS,			/* type */
	CE_DUMMY,		/* client_type */
	CLEANUP_DELAY,		/* reply_holdtime */
	0,			/* version */
	CLIENT_NO_TS,		/* flags */

#ifdef USR_CCA
	0			/* state */
#endif	/* USR_CCA */

};


static int     backoff_logfile PROTO((logfile_info *, u_int));
static int     stat_logfile_info PROTO((logfile_info *));

static AATV     ack_aatv = DEF_AATV_DIRECT_TYPE("ACK", AA_ALLOW, ack_action);

AATVPTR  rad_ack_aatv = & ack_aatv;

/*************************************************************************
 *
 *	Function: ack_action
 *
 *	Purpose: Utility AATV which always responds positively.
 *
 *************************************************************************/

int
ack_action (authreq, value, afpar)

AUTH_REQ       *authreq;
int             value;
char           *afpar;

{
	static char     *func = "ack_action";

	dprintf(4, (LOG_DAEMON, LOG_DEBUG, "%s: entered", func));

	return EV_ACK;
} /* end of ack_action () */

#ifdef USR_CCA

/******************************************************************************
 *
 *	Function: add_dns_nbns
 *
 *	Purpose: Adds the Primary and Secondary DNS, NBNS server IP addresses
 *		 to the list of avpairs, if not already present.
 *
 *****************************************************************************/

int
add_dns_nbns (authreq, auth_ent)

AUTH_REQ      *authreq;
AUTH_ENTRY    *auth_ent;

{
	IP_ADDRESS      *pdns = (IP_ADDRESS *) NULL;
	char            *func = "add_dns_nbns";

	dprintf(4, (LOG_DAEMON, LOG_DEBUG, "%s: entered", func));

	if (auth_ent->dns_info != (IP_ADDRESS *) NULL &&
		get_vp_vend (authreq->cur_request, PW_PRIMARY_DNS_SERVER,
							VC_USR) == NULL_VP)
	{
		pdns = auth_ent->dns_info;
		if (avpair_add_vend (&authreq->cur_request,
				     PW_PRIMARY_DNS_SERVER,
				     &pdns->ipaddr.s_addr, sizeof (UINT4),
				     VC_USR) == NULL_VP)
		{
			logit (LOG_DAEMON, LOG_ERR,
				"%s: Problem adding Primary DNS Server", func);
			return 1;
		}
	}

	if (pdns != (IP_ADDRESS *) NULL &&
		get_vp_vend (authreq->cur_request, PW_SECONDARY_DNS_SERVER,
							VC_USR) == NULL_VP)
	{
		pdns = pdns->next;
		if (pdns != (IP_ADDRESS *) NULL)
		{
			if (avpair_add_vend (&authreq->cur_request,
				       PW_SECONDARY_DNS_SERVER,
				       &pdns->ipaddr.s_addr, sizeof (UINT4),
				       VC_USR) == NULL_VP)
			{
				logit (LOG_DAEMON, LOG_ERR,
				      "%s: Problem adding Secondary DNS Server",
					func);
				return 1;
			}
		}
	}

	if (auth_ent->nbns_info != (IP_ADDRESS *) NULL &&
		get_vp_vend (authreq->cur_request, PW_PRIMARY_NBNS_SERVER,
							VC_USR) == NULL_VP)
	{
		pdns = auth_ent->nbns_info;
		if (avpair_add_vend (&authreq->cur_request,
				PW_PRIMARY_NBNS_SERVER, &pdns->ipaddr.s_addr,
				sizeof (UINT4), VC_USR) == NULL_VP)
		{
			logit (LOG_DAEMON, LOG_ERR,
				"%s: Problem adding Primary NBNS Server", func);
			return 1;
		}
	}

	if (pdns != (IP_ADDRESS *) NULL &&
	get_vp_vend (authreq->cur_request, PW_SECONDARY_NBNS_SERVER, VC_USR)
								== NULL_VP)
	{
		pdns = pdns->next;
		if (pdns != (IP_ADDRESS *) NULL)
		{
			if (avpair_add_vend (&authreq->cur_request,
				PW_SECONDARY_NBNS_SERVER, &pdns->ipaddr.s_addr,
				sizeof (UINT4), VC_USR) == NULL_VP)
			{
				logit (LOG_DAEMON, LOG_ERR,
				     "%s: Problem adding Secondary NBNS Server",
					func);
				return 1;
			}
		}
	}
	return 0;
} /* end of add_dns_nbns () */

#endif /* USR_CCA */

/*************************************************************************
 *
 *	Function: add_string
 *
 *	Purpose: Maintain single copies of configuration strings.
 *
 *	Remarks: This version is implemented to maintain a hash table
 *		 for faster string lookup.
 *
 *************************************************************************/

char *
add_string (string, convert)

char          *string;
AS_CONVERT     convert;

{
	int                index;	/* hash value */
	ADD_STRING_STRING *find;	/* list we found in the hash table */
	static char       *func = "add_string";

	dprintf(5, (LOG_DAEMON, LOG_DEBUG, "%s: entered", func));

	if ((!doing_init) && (convert & (ASSTATIC | FINDONLY)) == 0)
	{
		logit (LOG_DAEMON, LOG_ALERT, "%s: FATAL Non-init time call",
			func);
		dumpcore = 1;	/* Force a core dump to find out why */
		abort ();
	}

	if (!string)
	{
		string = "";	/* Convert NULL pointer to null string */
	}

	if (convert & ASLC)	/* Do lowercase lookup. */
	{
		index = add_string_hash_lowercase (string);
		if (index < 0)
		{