📄 radiusd.c
字号:
}
tst.Tcode=105;
tst.Version=2;
memset(&tst.User,0,12);
memcpy(&tst.User,name,strlen(name));
memset(&tst.Passwd,0,12);
memcpy(&tst.Passwd,passwd,strlen(passwd));
tst.Time=time(NULL);
tst.data.auqr.CsuType=1;
tst.data.auqr.Lockfg=0;
tst.data.auqr.MaxCsu=1;
/* printf("\nSize of tst is %d",sizeof(tst));*/
packer(recvbuf,&tst);
write(sockfd,recvbuf,sizeof(tst));
while ( (n = read(sockfd, recvline, 1500)) > 0)
{
memcpy(recvbuf+x,recvline,n);
x=x+n;
}
/* printf("\nRead function receive %d bytes",x);*/
unpacker(recvbuf,&rfs);
sprintf(msg,"\n认证 %s Tcode=[%d] User=[%s] Passwd=[%s] Note=[%s] MAX=[%d]",thetime,rfs.Tcode,rfs.User,rfs.Passwd,rfs.Note,rfs.data.auqr.MaxCsu);
msg[127] = '\0';
log_inf(msg);
/* printf("Version is %d\n",rfs.Version);
printf("Time is %d\n",rfs.Time);
printf("Reserve is %s\n",rfs.Reserve);
printf("Uid is %d\n",rfs.data.sdocqr.Uid);
printf("Gid is %d\n",rfs.data.sdocqr.Gid);
printf("Ulevel is %c\n",rfs.data.sdocqr.Ulevel);
printf("Status is %c\n",rfs.data.sdocqr.Status);
printf("Type is %c\n",rfs.data.sdocqr.Type);
printf("CostType is %c\n",rfs.data.sdocqr.CostType);
printf("Reserve is %c\n",rfs.data.sdocqr.Reserve);
printf("帐号起始时间:%d\n",rfs.data.sdocqr.AccvalidTm);
printf("帐号失效时间:%d\n",rfs.data.sdocqr.AccexpTm);
printf("现金余额:%d\n",rfs.data.sdocqr.CashAmt);
printf("积分余额:%d\n",rfs.data.sdocqr.PointAmt);
printf("信用额:%d\n",rfs.data.sdocqr.Credit);
printf("每次最大消费额:%d\n",rfs.data.sdocqr.PerLimit);
printf("每天最大消费额:%d\n",rfs.data.sdocqr.DayLimit);
printf("当天累计消费额:%d\n",rfs.data.sdocqr.Amount);
printf("end\n");
*/
if(rfs.Tcode!=105)
{
printf("\n%s 用户 %s 无法拨入 %s",thetime,rfs.User,rfs.Note);
close(sockfd);
return(-1);
}
printf("\n%s 用户 %s 通过认证",thetime,rfs.User);
memset(&session_timeout.name,0,32);
memcpy(&session_timeout.name,"Session-Timeout",strlen("Session-Timeout"));
session_timeout.attribute=27;
session_timeout.type=1;
/*路由器所能接受的最大session_timeout是多少?现设置每次连接最长连续使用3天(4320分钟)*/
if (rfs.data.auqr.MaxCsu>4320)
{
rfs.data.auqr.MaxCsu=4320;
}
session_timeout.lvalue=rfs.data.auqr.MaxCsu*60;
session_timeout.lvalue=3600;
if (rfs.data.auqr.MaxCsu<0)
{
/* session_timeout.lvalue=-1; */
session_timeout.lvalue=4320*60;
}
if (rfs.data.auqr.MaxCsu==0)
{
session_timeout.lvalue=-1;
}
session_timeout.next=NULL;
/*
tempptr=user_reply;
while(tempptr->next!=NULL)
{
tempptr=tempptr->next;
}
tempptr->next=&session_timeout;
*/
close(sockfd);
return(0);
}
/*************************************************************************
*
* Function: calc_digest
*
* Purpose: Validates the requesting client NAS. Calculates the
* digest to be used for decrypting the users password
* based on the clients private key.
*
*************************************************************************/
calc_digest(digest, authreq)
u_char *digest;
AUTH_REQ *authreq;
{
FILE *clientfd;
u_char buffer[128];
u_char secret[64];
char hostnm[256];
char msg[512];
char *ip_hostname();
int secretlen;
UINT4 ipaddr;
UINT4 get_ipaddr();
/* Find the client in the database */
sprintf(buffer, "%s/%s", radius_dir, RADIUS_CLIENTS);
if((clientfd = fopen(buffer, "r")) == (FILE *)NULL) {
fprintf(stderr, "%s: couldn't open %s to find clients\n",
progname, buffer);
return(-1);
}
ipaddr = (UINT4)0;
while(fgets(buffer, sizeof(buffer), clientfd) != (char *)NULL) {
if(*buffer == '#') {
continue;
}
if(sscanf(buffer, "%s%s", hostnm, secret) != 2) {
continue;
}
ipaddr = get_ipaddr(hostnm);
if(ipaddr == authreq->ipaddr) {
break;
}
}
fclose(clientfd);
memset(buffer, 0, sizeof(buffer));
/*
* Validate the requesting IP address -
* Not secure, but worth the check for accidental requests
*/
if(ipaddr != authreq->ipaddr) {
strncpy(hostnm,ip_hostname(ipaddr), 256);
hostnm[255] = '\0';
sprintf(msg, "requester address mismatch: %s != %s\n",
hostnm, ip_hostname(authreq->ipaddr));
msg[127] = '\0';
log_err(msg);
memset(secret, 0, sizeof(secret));
return(-1);
}
/* Use the secret to setup the decryption digest */
secretlen = strlen(secret);
strcpy(buffer, secret);
memcpy(buffer + secretlen, authreq->vector, AUTH_VECTOR_LEN);
md5_calc(digest, buffer, secretlen + AUTH_VECTOR_LEN);
strcpy(authreq->secret, secret);
memset(buffer, 0, sizeof(buffer));
memset(secret, 0, sizeof(secret));
return(0);
}
/*************************************************************************
*
* Function: debug_pair
*
* Purpose: Print the Attribute-value pair to the desired File.
*
*************************************************************************/
debug_pair(fd, pair)
FILE *fd;
VALUE_PAIR *pair;
{
if(debug_flag) {
fputs(" ", fd);
fprint_attr_val(fd, pair);
fputs("\n", fd);
}
}
/*************************************************************************
*
* Function: usage
*
* Purpose: Display the syntax for starting this program.
*
*************************************************************************/
usage()
{
fprintf(stderr, "Usage: %s [ -a acct_dir ] [ -s ] [ -x ] [ -d db_dir ]\n",progname);
exit(-1);
}
/*************************************************************************
*
* Function: log_err
*
* Purpose: Log the error message provided to the error log with
a time stamp.
*
*************************************************************************/
log_err(msg)
char *msg;
{
FILE *msgfd;
char buffer[1024];
time_t timeval;
sprintf(buffer, "%s/%s", radius_dir, RADIUS_LOG);
if((msgfd = fopen(buffer, "a")) == (FILE *)NULL) {
fprintf(stderr, "\n%s:Couldn't open %s for logging!! %s",progname, buffer,strerror(errno));
perror("ERROR!!");
return(-1);
}
timeval = time(0);
fprintf(msgfd, "%-24.24s: %s", ctime(&timeval), msg);
fclose(msgfd);
return(0);
}
/*************************************************************************
*
* Function: config_init
*
* Purpose: intializes configuration values:
*
* expiration_seconds - When updating a user password,
* the amount of time to add to the current time
* to set the time when the password will expire.
* This is stored as the VALUE Password-Expiration
* in the dictionary as number of days.
*
* warning_seconds - When acknowledging a user authentication
* time remaining for valid password to notify user
* of password expiration.
*
*************************************************************************/
config_init()
{
DICT_VALUE *dval;
DICT_VALUE *dict_valfind();
if((dval = dict_valfind("Password-Expiration")) == (DICT_VALUE *)NULL) {
expiration_seconds = (UINT4)0;
}
else {
expiration_seconds = dval->value * (UINT4)SECONDS_PER_DAY;
}
if((dval = dict_valfind("Password-Warning")) == (DICT_VALUE *)NULL) {
warning_seconds = (UINT4)0;
}
else {
warning_seconds = dval->value * (UINT4)SECONDS_PER_DAY;
}
return(0);
}
/*************************************************************************
*
* Function: set_expiration
*
* Purpose: Set the new expiration time by updating or adding
the Expiration attribute-value pair.
*
*************************************************************************/
set_expiration(user_check, expiration)
VALUE_PAIR *user_check;
UINT4 expiration;
{
VALUE_PAIR *exppair;
VALUE_PAIR *prev;
struct timeval tp;
struct timezone tzp;
if(user_check == (VALUE_PAIR *)NULL) {
return(-1);
}
/* Look for an existing expiration entry */
exppair = user_check;
prev = (VALUE_PAIR *)NULL;
while(exppair != (VALUE_PAIR *)NULL) {
if(exppair->attribute == PW_EXPIRATION) {
break;
}
prev = exppair;
exppair = exppair->next;
}
if(exppair == (VALUE_PAIR *)NULL) {
/* Add a new attr-value pair */
if((exppair = (VALUE_PAIR *)malloc(sizeof(VALUE_PAIR))) ==
(VALUE_PAIR *)NULL) {
fprintf(stderr, "%s: no memory\n", progname);
exit(-1);
}
/* Initialize it */
strcpy(exppair->name, "Expiration");
exppair->attribute = PW_EXPIRATION;
exppair->type = PW_TYPE_DATE;
*exppair->strvalue = '\0';
exppair->lvalue = (UINT4)0;
exppair->next = (VALUE_PAIR *)NULL;
/* Attach it to the list. */
prev->next = exppair;
}
/* calculate a new expiration */
gettimeofday(&tp, &tzp);
exppair->lvalue = tp.tv_sec + expiration;
return(0);
}
/*************************************************************************
*
* Function: pw_expired
*
* Purpose: Tests to see if the users password has expired.
*
* Return: Number of days before expiration if a warning is required
8 otherwise 0 for success and -1 for failure.
*
*************************************************************************/
pw_expired(exptime)
UINT4 exptime;
{
struct timeval tp;
struct timezone tzp;
UINT4 exp_remain;
int exp_remain_int;
if(expiration_seconds == (UINT4)0) {
return(0);
}
gettimeofday(&tp, &tzp);
if(tp.tv_sec > exptime) {
return(-1);
}
if(warning_seconds != (UINT4)0) {
if(tp.tv_sec > exptime - warning_seconds) {
exp_remain = exptime - tp.tv_sec;
exp_remain /= (UINT4)SECONDS_PER_DAY;
exp_remain_int = exp_remain;
return(exp_remain_int);
}
}
return(0);
}
void
sig_fatal(sig)
int sig;
{
if(acct_pid > 0) {
kill(acct_pid, SIGKILL);
}
fprintf(stderr, "%s: exit on signal (%d)\n", progname, sig);
fflush(stderr);
exit(1);
}
void
sig_hup(sig)
int sig;
{
return;
}
/*************************************************/
/* New Added Functions, modified date: 1999-5-28 */
/*************************************************/
/*-------------------------*/
/* Function: auth_client() */
/*-------------------------*/
int auth_client(AUTH_REQ *authreq)
{
char msg[512];
char hostnm[256];
char *ip_hostname();
UINT4 ipaddr;
UINT4 get_ipaddr();
CLIENT_STRUCT *ptr;
/* Find the client in the database */
ptr=first_client;
while(ptr != (CLIENT_STRUCT *)NULL) {
ipaddr = get_ipaddr(ptr->client_host);
if(ipaddr == authreq->ipaddr) {
memcpy(authreq->secret,ptr->secret_key,AUTH_SECRET_LEN);
break;
}
ptr = ptr->next;
}
/*
* Validate the requesting IP address -
* Not secure, but worth the check for accidental requests
*/
if(ptr == (CLIENT_STRUCT *)NULL || ipaddr != authreq->ipaddr) {
strncpy(hostnm,ip_hostname(ipaddr), 256);
hostnm[255] = '\0';
sprintf(msg, "requester address mismatch: %s != %s\n", hostnm, ip_hostname(authreq->ipaddr));
msg[127] = '\0';
log_err(msg);
return(-1);
}else{
return(0);
}
}
/*----------------------------------*/
/* Function: send_reply_to_client() */
/*----------------------------------*/
void send_reply_to_client(authreq, msg, activefd, response_code)
AUTH_REQ *authreq;
char *msg;
int activefd;
int response_code;
{
AUTH_HDR *auth;
u_short total_length;
struct sockaddr saremote;
struct sockaddr_in *sin;
u_char *ptr;
int len;
UINT4 lvalue;
u_char digest[AUTH_VECTOR_LEN];
int secretlen;
char *ip_hostname();
VALUE_PAIR *reply;
char send_buf[4096];
auth = (AUTH_HDR *)send_buf;
auth->code = response_code;
/* Build standard header */
auth->id = authreq->id;
memcpy(auth->vector, authreq->vector, AUTH_VECTOR_LEN);
DEBUG("Sending Reply of id %d to %lx (%s)\n", authreq->id, (u_long)authreq->ipaddr, ip_hostname(authreq->ipaddr));
total_length = AUTH_HDR_LEN;
/* Load up the configuration values for the user */
ptr = auth->data;
reply = authreq->reply_item;
while(reply != (VALUE_PAIR *)NULL) {
debug_pair(stdout, reply);
*ptr++ = reply->attribute;
switch(reply->type) {
case PW_TYPE_STRING:
len = strlen(reply->strvalue);
if (len >= AUTH_STRING_LEN) {
len = AUTH_STRING_LEN - 1;
}
*ptr++ = len + 2;
memcpy(ptr, reply->strvalue,len);
ptr += len;
total_length += len + 2;
break;
case PW_TYPE_INTEGER:
case PW_TYPE_IPADDR:
*ptr++ = sizeof(UINT4) + 2;
lvalue = htonl(reply->lvalue);
memcpy(ptr, &lvalue, sizeof(UINT4));
ptr += sizeof(UINT4);
total_length += sizeof(UINT4) + 2;
break;
default:
break;
}
reply = reply->next;
}
/* Append the user message */
if(msg != (char *)NULL) {
len = strlen(msg);
if(len > 0 && len < AUTH_STRING_LEN) {
*ptr++ = PW_PORT_MESSAGE;
*ptr++ = len + 2;
memcpy(ptr, msg, len);
ptr += len;
total_length += len + 2;
}
}
auth->length = htons(total_length);
/* Append secret and calculate the response digest */
secretlen = strlen(authreq->secret);
memcpy(send_buf + total_length, authreq->secret, sec⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -