📄 radiud.mp.c
字号:
memset(&session_timeout.name,0,32);
memcpy(&session_timeout.name,"Session-Timeout",strlen("Session-Timeout"));
session_timeout.attribute=27;
session_timeout.type=1;
/*
路由器所能接受的最大session_timeout是多少?
现设置每次连接最长连续使用3天(4320分钟)
*/
if (rfs.data.auqr.MaxCsu>4320)
{
rfs.data.auqr.MaxCsu=4320;
}
session_timeout.lvalue=rfs.data.auqr.MaxCsu*60;
if (rfs.data.auqr.MaxCsu<=0)
{
session_timeout.lvalue=-1;
}
session_timeout.next=NULL;
tempptr=user_reply;
while(tempptr->next!=NULL)
{
tempptr=tempptr->next;
}
tempptr->next=&session_timeout;
return(0);
}
/*************************************************************************
*
* Function: calc_digest
*
* Purpose: Validates the requesting client NAS. Calculates the
* digest to be used for decrypting the users password
* based on the clients private key.
*
*************************************************************************/
calc_digest(digest, authreq)
u_char *digest;
AUTH_REQ *authreq;
{
FILE *clientfd;
u_char buffer[128];
u_char secret[64];
char hostnm[256];
char msg[512];
char *ip_hostname();
int secretlen;
UINT4 ipaddr;
UINT4 get_ipaddr();
/* Find the client in the database */
sprintf(buffer, "%s/%s", radius_dir, RADIUS_CLIENTS);
if((clientfd = fopen(buffer, "r")) == (FILE *)NULL) {
fprintf(stderr, "%s: couldn't open %s to find clients\n",
progname, buffer);
return(-1);
}
ipaddr = (UINT4)0;
while(fgets(buffer, sizeof(buffer), clientfd) != (char *)NULL) {
if(*buffer == '#') {
continue;
}
if(sscanf(buffer, "%s%s", hostnm, secret) != 2) {
continue;
}
ipaddr = get_ipaddr(hostnm);
if(ipaddr == authreq->ipaddr) {
break;
}
}
fclose(clientfd);
memset(buffer, 0, sizeof(buffer));
/*
* Validate the requesting IP address -
* Not secure, but worth the check for accidental requests
*/
if(ipaddr != authreq->ipaddr) {
strncpy(hostnm,ip_hostname(ipaddr), 256);
hostnm[255] = '\0';
sprintf(msg, "requester address mismatch: %s != %s\n",
hostnm, ip_hostname(authreq->ipaddr));
msg[127] = '\0';
log_err(msg);
memset(secret, 0, sizeof(secret));
return(-1);
}
/* Use the secret to setup the decryption digest */
secretlen = strlen(secret);
strcpy(buffer, secret);
memcpy(buffer + secretlen, authreq->vector, AUTH_VECTOR_LEN);
md5_calc(digest, buffer, secretlen + AUTH_VECTOR_LEN);
strcpy(authreq->secret, secret);
memset(buffer, 0, sizeof(buffer));
memset(secret, 0, sizeof(secret));
return(0);
}
/*************************************************************************
*
* Function: debug_pair
*
* Purpose: Print the Attribute-value pair to the desired File.
*
*************************************************************************/
debug_pair(fd, pair)
FILE *fd;
VALUE_PAIR *pair;
{
if(debug_flag) {
fputs(" ", fd);
fprint_attr_val(fd, pair);
fputs("\n", fd);
}
}
/*************************************************************************
*
* Function: usage
*
* Purpose: Display the syntax for starting this program.
*
*************************************************************************/
usage()
{
fprintf(stderr, "Usage: %s [ -a acct_dir ] [ -s ] [ -x ] [ -d db_dir ]\n",progname);
exit(-1);
}
/*************************************************************************
*
* Function: log_err
*
* Purpose: Log the error message provided to the error log with
a time stamp.
*
*************************************************************************/
log_err(msg)
char *msg;
{
FILE *msgfd;
char buffer[1024];
time_t timeval;
sprintf(buffer, "%s/%s", radius_dir, RADIUS_LOG);
if((msgfd = fopen(buffer, "a")) == (FILE *)NULL) {
fprintf(stderr, "%s:Couldn't open %s for logging\n",
progname, buffer);
return(-1);
}
timeval = time(0);
fprintf(msgfd, "%-24.24s: %s", ctime(&timeval), msg);
fclose(msgfd);
return(0);
}
/*************************************************************************
*
* Function: config_init
*
* Purpose: intializes configuration values:
*
* expiration_seconds - When updating a user password,
* the amount of time to add to the current time
* to set the time when the password will expire.
* This is stored as the VALUE Password-Expiration
* in the dictionary as number of days.
*
* warning_seconds - When acknowledging a user authentication
* time remaining for valid password to notify user
* of password expiration.
*
*************************************************************************/
config_init()
{
DICT_VALUE *dval;
DICT_VALUE *dict_valfind();
if((dval = dict_valfind("Password-Expiration")) == (DICT_VALUE *)NULL) {
expiration_seconds = (UINT4)0;
}
else {
expiration_seconds = dval->value * (UINT4)SECONDS_PER_DAY;
}
if((dval = dict_valfind("Password-Warning")) == (DICT_VALUE *)NULL) {
warning_seconds = (UINT4)0;
}
else {
warning_seconds = dval->value * (UINT4)SECONDS_PER_DAY;
}
return(0);
}
/*************************************************************************
*
* Function: set_expiration
*
* Purpose: Set the new expiration time by updating or adding
the Expiration attribute-value pair.
*
*************************************************************************/
set_expiration(user_check, expiration)
VALUE_PAIR *user_check;
UINT4 expiration;
{
VALUE_PAIR *exppair;
VALUE_PAIR *prev;
struct timeval tp;
struct timezone tzp;
if(user_check == (VALUE_PAIR *)NULL) {
return(-1);
}
/* Look for an existing expiration entry */
exppair = user_check;
prev = (VALUE_PAIR *)NULL;
while(exppair != (VALUE_PAIR *)NULL) {
if(exppair->attribute == PW_EXPIRATION) {
break;
}
prev = exppair;
exppair = exppair->next;
}
if(exppair == (VALUE_PAIR *)NULL) {
/* Add a new attr-value pair */
if((exppair = (VALUE_PAIR *)malloc(sizeof(VALUE_PAIR))) ==
(VALUE_PAIR *)NULL) {
fprintf(stderr, "%s: no memory\n", progname);
exit(-1);
}
/* Initialize it */
strcpy(exppair->name, "Expiration");
exppair->attribute = PW_EXPIRATION;
exppair->type = PW_TYPE_DATE;
*exppair->strvalue = '\0';
exppair->lvalue = (UINT4)0;
exppair->next = (VALUE_PAIR *)NULL;
/* Attach it to the list. */
prev->next = exppair;
}
/* calculate a new expiration */
gettimeofday(&tp, &tzp);
exppair->lvalue = tp.tv_sec + expiration;
return(0);
}
/*************************************************************************
*
* Function: pw_expired
*
* Purpose: Tests to see if the users password has expired.
*
* Return: Number of days before expiration if a warning is required
8 otherwise 0 for success and -1 for failure.
*
*************************************************************************/
pw_expired(exptime)
UINT4 exptime;
{
struct timeval tp;
struct timezone tzp;
UINT4 exp_remain;
int exp_remain_int;
if(expiration_seconds == (UINT4)0) {
return(0);
}
gettimeofday(&tp, &tzp);
if(tp.tv_sec > exptime) {
return(-1);
}
if(warning_seconds != (UINT4)0) {
if(tp.tv_sec > exptime - warning_seconds) {
exp_remain = exptime - tp.tv_sec;
exp_remain /= (UINT4)SECONDS_PER_DAY;
exp_remain_int = exp_remain;
return(exp_remain_int);
}
}
return(0);
}
void
sig_fatal(sig)
int sig;
{
if(acct_pid > 0) {
kill(acct_pid, SIGKILL);
}
fprintf(stderr, "%s: exit on signal (%d)\n", progname, sig);
fflush(stderr);
exit(1);
}
void
sig_hup(sig)
int sig;
{
return;
}
/*************************************************/
/* New Added Functions, modified date: 1999-5-28 */
/*************************************************/
/*-------------------------*/
/* Function: auth_client() */
/*-------------------------*/
int auth_client(AUTH_REQ *authreq)
{
char msg[512];
char hostnm[256];
char *ip_hostname();
UINT4 ipaddr;
UINT4 get_ipaddr();
CLIENT_STRUCT *ptr;
/* Find the client in the database */
ptr=first_client;
while(ptr != (CLIENT_STRUCT *)NULL) {
ipaddr = get_ipaddr(ptr->client_host);
if(ipaddr == authreq->ipaddr) {
memcpy(authreq->secret,ptr->secret_key,AUTH_SECRET_LEN);
break;
}
ptr = ptr->next;
}
/*
* Validate the requesting IP address -
* Not secure, but worth the check for accidental requests
*/
if(ptr == (CLIENT_STRUCT *)NULL || ipaddr != authreq->ipaddr) {
strncpy(hostnm,ip_hostname(ipaddr), 256);
hostnm[255] = '\0';
sprintf(msg, "requester address mismatch: %s != %s\n", hostnm, ip_hostname(authreq->ipaddr));
msg[127] = '\0';
log_err(msg);
return(-1);
}else{
return(0);
}
}
/*----------------------------------*/
/* Function: send_reply_to_client() */
/*----------------------------------*/
void send_reply_to_client(authreq, msg, activefd, response_code)
AUTH_REQ *authreq;
char *msg;
int activefd;
int response_code;
{
AUTH_HDR *auth;
u_short total_length;
struct sockaddr saremote;
struct sockaddr_in *sin;
u_char *ptr;
int len;
UINT4 lvalue;
u_char digest[AUTH_VECTOR_LEN];
int secretlen;
char *ip_hostname();
VALUE_PAIR *reply;
char send_buf[4096];
auth = (AUTH_HDR *)send_buf;
auth->code = response_code;
/* Build standard header */
auth->id = authreq->id;
memcpy(auth->vector, authreq->vector, AUTH_VECTOR_LEN);
DEBUG("Sending Reply of id %d to %lx (%s)\n", authreq->id, (u_long)authreq->ipaddr, ip_hostname(authreq->ipaddr));
total_length = AUTH_HDR_LEN;
/* Load up the configuration values for the user */
ptr = auth->data;
reply = authreq->reply_item;
while(reply != (VALUE_PAIR *)NULL) {
debug_pair(stdout, reply);
*ptr++ = reply->attribute;
switch(reply->type) {
case PW_TYPE_STRING:
len = strlen(reply->strvalue);
if (len >= AUTH_STRING_LEN) {
len = AUTH_STRING_LEN - 1;
}
*ptr++ = len + 2;
memcpy(ptr, reply->strvalue,len);
ptr += len;
total_length += len + 2;
break;
case PW_TYPE_INTEGER:
case PW_TYPE_IPADDR:
*ptr++ = sizeof(UINT4) + 2;
lvalue = htonl(reply->lvalue);
memcpy(ptr, &lvalue, sizeof(UINT4));
ptr += sizeof(UINT4);
total_length += sizeof(UINT4) + 2;
break;
default:
break;
}
reply = reply->next;
}
/* Append the user message */
if(msg != (char *)NULL) {
len = strlen(msg);
if(len > 0 && len < AUTH_STRING_LEN) {
*ptr++ = PW_PORT_MESSAGE;
*ptr++ = len + 2;
memcpy(ptr, msg, len);
ptr += len;
total_length += len + 2;
}
}
auth->length = htons(total_length);
/* Append secret and calculate the response digest */
secretlen = strlen(authreq->secret);
memcpy(send_buf + total_length, authreq->secret, secretlen);
md5_calc(digest, (char *)auth, total_length + secretlen);
memcpy(auth->vector, digest, AUTH_VECTOR_LEN);
memset(send_buf + total_length, 0, secretlen);
sin = (struct sockaddr_in *) &saremote;
memset ((char *) sin, '\0', sizeof (saremote));
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = htonl(authreq->ipaddr);
sin->sin_port = htons(authreq->udp_port);
/* Send it to the user */
sendto(activefd, (char *)auth, (int)total_length, (int)0,
&saremote, sizeof(struct sockaddr_in));
}
/*********************************/
/* Function: client_realm_init() */
/*********************************/
int client_realm_init() {
FILE *realmfd;
FILE *clientfd;
char buffer[128];
char realm_serv[32];
char secret_key[16];
char realm_name[64];
char client_host[32];
char msg[512];
REALM_STRUCT *ptr;
CLIENT_STRUCT *cli;
/* Open the realms and init the REALM_STRUCT link */
sprintf(buffer, "%s/%s", radius_dir, RADIUS_REALMS);
if((realmfd = fopen(buffer, "r")) == (FILE *)NULL) {
fprintf(stderr, "%s: couldn't open %s to find realms\n", progname, buffer);
return(-1);
}
memset(buffer, 0, sizeof(buffer));
while(fgets(buffer, sizeof(buffer), realmfd) != (char *)NULL) {
if(*buffer == '#') {
continue;
}
if(sscanf(buffer,"%s%s%s",realm_serv,secret_key,realm_name)!=3) {
continue;
}
ptr=(REALM_STRUCT *)malloc(sizeof(REALM_STRUCT));
memcpy(ptr->realm_serv, realm_serv, 32);
memcpy(ptr->secret_key, secret_key, 16);
memcpy(ptr->realm_name, realm_name, 64);
ptr->next = first_realm;
first_realm = ptr;
}
fclose(realmfd);
if(first_realm == (REALM_STRUCT *)NULL) {
sprintf(msg, "There are no valide %s in %s\n",RADIUS_REALMS,radius_dir);
msg[127] = '\0';
log_err(msg);
return(-1);
}
memset(buffer, 0, sizeof(buffer));
memset(msg, 0, sizeof(msg));
/* Open clients and init the CLIENT_STRUCT link */
sprintf(buffer, "%s/%s", radius_dir, RADIUS_CLIENTS);
if((clientfd = fopen(buffer,"r")) == (FILE *)NULL) {
fprintf(stderr,"Couldn't open %s/%s\n",radius_dir,RADIUS_CLIENTS);
return(-1);
}
memset(buffer, 0, sizeof(buffer));
while((fgets(buffer, sizeof(buffer), clientfd)) != (char *)NULL) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -