X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fradius%2Fradiusclient%2Flib%2Fconfig.c;fp=pppd%2Fplugins%2Fradius%2Fradiusclient%2Flib%2Fconfig.c;h=0b78c862074f49862eb126bd64639857886ffec3;hb=d95598c16f6a3feb4846db669601856bad15bb74;hp=0000000000000000000000000000000000000000;hpb=14768a012e45353cde5b60896ccc6b7528d90c69;p=ppp.git diff --git a/pppd/plugins/radius/radiusclient/lib/config.c b/pppd/plugins/radius/radiusclient/lib/config.c new file mode 100644 index 0000000..0b78c86 --- /dev/null +++ b/pppd/plugins/radius/radiusclient/lib/config.c @@ -0,0 +1,555 @@ +/* + * $Id: config.c,v 1.1 2002/01/22 16:03:02 dfs Exp $ + * + * Copyright (C) 1995,1996,1997 Lars Fenneberg + * + * Copyright 1992 Livingston Enterprises, Inc. + * + * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan + * and Merit Network, Inc. All Rights Reserved + * + * See the file COPYRIGHT for the respective terms and conditions. + * If the file is missing contact me at lf@elemental.net + * and I'll send you a copy. + * + */ + +#include +#include +#include +#include + +static int test_config(char *); + +/* + * Function: find_option + * + * Purpose: find an option in the option list + * + * Returns: pointer to option on success, NULL otherwise + */ + +static OPTION *find_option(char *optname, unsigned int type) +{ + int i; + + /* there're so few options that a binary search seems not necessary */ + for (i = 0; i < num_options; i++) { + if (!strcmp(config_options[i].name, optname) && + (config_options[i].type & type)) + return &config_options[i]; + } + + return NULL; +} + +/* + * Function: set_option_... + * + * Purpose: set a specific option doing type conversions + * + * Returns: 0 on success, -1 on failure + */ + +static int set_option_str(char *filename, int line, OPTION *option, char *p) +{ + if (p) + option->val = (void *) strdup(p); + else + option->val = NULL; + + return 0; +} + +static int set_option_int(char *filename, int line, OPTION *option, char *p) +{ + int *iptr; + + if (p == NULL) { + rc_log(LOG_ERR, "%s: line %d: bogus option value", filename, line); + return (-1); + } + + if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) { + rc_log(LOG_CRIT, "read_config: out of memory"); + return (-1); + } + + *iptr = atoi(p); + option->val = (void *) iptr; + + return 0; +} + +static int set_option_srv(char *filename, int line, OPTION *option, char *p) +{ + SERVER *serv; + char *q; + struct servent *svp; + int i; + + if (p == NULL) { + rc_log(LOG_ERR, "%s: line %d: bogus option value", filename, line); + return (-1); + } + + serv = (SERVER *) option->val; + + for (i = 0; i < serv->max; i++) { + free(serv->name[i]); + } + serv->max = 0; + + while ((p = strtok(p, ", \t")) != NULL) { + + if ((q = strchr(p,':')) != NULL) { + *q = '\0'; + q++; + serv->port[serv->max] = atoi(q); + } else { + if (!strcmp(option->name,"authserver")) + if ((svp = getservbyname ("radius", "udp")) == NULL) + serv->port[serv->max] = PW_AUTH_UDP_PORT; + else + serv->port[serv->max] = ntohs ((unsigned int) svp->s_port); + else if (!strcmp(option->name, "acctserver")) + if ((svp = getservbyname ("radacct", "udp")) == NULL) + serv->port[serv->max] = PW_ACCT_UDP_PORT; + else + serv->port[serv->max] = ntohs ((unsigned int) svp->s_port); + else { + rc_log(LOG_ERR, "%s: line %d: no default port for %s", filename, line, option->name); + return (-1); + } + } + + serv->name[serv->max++] = strdup(p); + + p = NULL; + } + + return 0; +} + +static int set_option_auo(char *filename, int line, OPTION *option, char *p) +{ + int *iptr; + + if (p == NULL) { + rc_log(LOG_WARNING, "%s: line %d: bogus option value", filename, line); + return (-1); + } + + if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) { + rc_log(LOG_CRIT, "read_config: out of memory"); + return (-1); + } + + *iptr = 0; + p = strtok(p, ", \t"); + + if (!strncmp(p, "local", 5)) + *iptr = AUTH_LOCAL_FST; + else if (!strncmp(p, "radius", 6)) + *iptr = AUTH_RADIUS_FST; + else { + rc_log(LOG_ERR,"%s: auth_order: unknown keyword: %s", filename, p); + return (-1); + } + + p = strtok(NULL, ", \t"); + + if (p && (*p != '\0')) { + if ((*iptr & AUTH_RADIUS_FST) && !strcmp(p, "local")) + *iptr = (*iptr) | AUTH_LOCAL_SND; + else if ((*iptr & AUTH_LOCAL_FST) && !strcmp(p, "radius")) + *iptr = (*iptr) | AUTH_RADIUS_SND; + else { + rc_log(LOG_ERR,"%s: auth_order: unknown or unexpected keyword: %s", filename, p); + return (-1); + } + } + + option->val = (void *) iptr; + + return 0; +} + + +/* + * Function: rc_read_config + * + * Purpose: read the global config file + * + * Returns: 0 on success, -1 when failure + */ + +int rc_read_config(char *filename) +{ + FILE *configfd; + char buffer[512], *p; + OPTION *option; + int line, pos; + + if ((configfd = fopen(filename,"r")) == NULL) + { + rc_log(LOG_ERR,"rc_read_config: can't open %s: %s", filename, strerror(errno)); + return (-1); + } + + line = 0; + while ((fgets(buffer, sizeof(buffer), configfd) != NULL)) + { + line++; + p = buffer; + + if ((*p == '\n') || (*p == '#') || (*p == '\0')) + continue; + + p[strlen(p)-1] = '\0'; + + + if ((pos = strcspn(p, "\t ")) == 0) { + rc_log(LOG_ERR, "%s: line %d: bogus format: %s", filename, line, p); + return (-1); + } + + p[pos] = '\0'; + + if ((option = find_option(p, OT_ANY)) == NULL) { + rc_log(LOG_ERR, "%s: line %d: unrecognized keyword: %s", filename, line, p); + return (-1); + } + + if (option->status != ST_UNDEF) { + rc_log(LOG_ERR, "%s: line %d: duplicate option line: %s", filename, line, p); + return (-1); + } + + p += pos+1; + while (isspace(*p)) + p++; + + switch (option->type) { + case OT_STR: + if (set_option_str(filename, line, option, p) < 0) + return (-1); + break; + case OT_INT: + if (set_option_int(filename, line, option, p) < 0) + return (-1); + break; + case OT_SRV: + if (set_option_srv(filename, line, option, p) < 0) + return (-1); + break; + case OT_AUO: + if (set_option_auo(filename, line, option, p) < 0) + return (-1); + break; + default: + rc_log(LOG_CRIT, "rc_read_config: impossible case branch!"); + abort(); + } + } + fclose(configfd); + + return test_config(filename); +} + +/* + * Function: rc_conf_str, rc_conf_int, rc_conf_src + * + * Purpose: get the value of a config option + * + * Returns: config option value + */ + +char *rc_conf_str(char *optname) +{ + OPTION *option; + + option = find_option(optname, OT_STR); + + if (option != NULL) { + return (char *)option->val; + } else { + rc_log(LOG_CRIT, "rc_conf_str: unkown config option requested: %s", optname); + abort(); + } +} + +int rc_conf_int(char *optname) +{ + OPTION *option; + + option = find_option(optname, OT_INT|OT_AUO); + + if (option != NULL) { + return *((int *)option->val); + } else { + rc_log(LOG_CRIT, "rc_conf_int: unkown config option requested: %s", optname); + abort(); + } +} + +SERVER *rc_conf_srv(char *optname) +{ + OPTION *option; + + option = find_option(optname, OT_SRV); + + if (option != NULL) { + return (SERVER *)option->val; + } else { + rc_log(LOG_CRIT, "rc_conf_srv: unkown config option requested: %s", optname); + abort(); + } +} + +/* + * Function: test_config + * + * Purpose: test the configuration the user supplied + * + * Returns: 0 on success, -1 when failure + */ + +static int test_config(char *filename) +{ +#if 0 + struct stat st; + char *file; +#endif + + if (!(rc_conf_srv("authserver")->max)) + { + rc_log(LOG_ERR,"%s: no authserver specified", filename); + return (-1); + } + if (!(rc_conf_srv("acctserver")->max)) + { + rc_log(LOG_ERR,"%s: no acctserver specified", filename); + return (-1); + } + if (!rc_conf_str("servers")) + { + rc_log(LOG_ERR,"%s: no servers file specified", filename); + return (-1); + } + if (!rc_conf_str("dictionary")) + { + rc_log(LOG_ERR,"%s: no dictionary specified", filename); + return (-1); + } + + if (rc_conf_int("radius_timeout") <= 0) + { + rc_log(LOG_ERR,"%s: radius_timeout <= 0 is illegal", filename); + return (-1); + } + if (rc_conf_int("radius_retries") <= 0) + { + rc_log(LOG_ERR,"%s: radius_retries <= 0 is illegal", filename); + return (-1); + } + +#if 0 + file = rc_conf_str("login_local"); + if (stat(file, &st) == 0) + { + if (!S_ISREG(st.st_mode)) { + rc_log(LOG_ERR,"%s: not a regular file: %s", filename, file); + return (-1); + } + } else { + rc_log(LOG_ERR,"%s: file not found: %s", filename, file); + return (-1); + } + file = rc_conf_str("login_radius"); + if (stat(file, &st) == 0) + { + if (!S_ISREG(st.st_mode)) { + rc_log(LOG_ERR,"%s: not a regular file: %s", filename, file); + return (-1); + } + } else { + rc_log(LOG_ERR,"%s: file not found: %s", filename, file); + return (-1); + } +#endif + + if (rc_conf_int("login_tries") <= 0) + { + rc_log(LOG_ERR,"%s: login_tries <= 0 is illegal", filename); + return (-1); + } + if (rc_conf_str("seqfile") == NULL) + { + rc_log(LOG_ERR,"%s: seqfile not specified", filename); + return (-1); + } + if (rc_conf_int("login_timeout") <= 0) + { + rc_log(LOG_ERR,"%s: login_timeout <= 0 is illegal", filename); + return (-1); + } + if (rc_conf_str("mapfile") == NULL) + { + rc_log(LOG_ERR,"%s: mapfile not specified", filename); + return (-1); + } + if (rc_conf_str("nologin") == NULL) + { + rc_log(LOG_ERR,"%s: nologin not specified", filename); + return (-1); + } + + return 0; +} + +/* + * Function: rc_find_match + * + * Purpose: see if ip_addr is one of the ip addresses of hostname + * + * Returns: 0 on success, -1 when failure + * + */ + +static int find_match (UINT4 *ip_addr, char *hostname) +{ + UINT4 addr; + char **paddr; + struct hostent *hp; + + if (rc_good_ipaddr (hostname) == 0) + { + if (*ip_addr == ntohl(inet_addr (hostname))) + { + return (0); + } + } + else + { + if ((hp = gethostbyname (hostname)) == (struct hostent *) NULL) + { + return (-1); + } + for (paddr = hp->h_addr_list; *paddr; paddr++) + { + addr = ** (UINT4 **) paddr; + if (ntohl(addr) == *ip_addr) + { + return (0); + } + } + } + return (-1); +} + +/* + * Function: rc_find_server + * + * Purpose: search a server in the servers file + * + * Returns: 0 on success, -1 on failure + * + */ + +int rc_find_server (char *server_name, UINT4 *ip_addr, char *secret) +{ + UINT4 myipaddr = 0; + int len; + int result; + FILE *clientfd; + char *h; + char *s; + char *host2; + char buffer[128]; + char hostnm[AUTH_ID_LEN + 1]; + + /* Get the IP address of the authentication server */ + if ((*ip_addr = rc_get_ipaddr (server_name)) == (UINT4) 0) + return (-1); + + if ((clientfd = fopen (rc_conf_str("servers"), "r")) == (FILE *) NULL) + { + rc_log(LOG_ERR, "rc_find_server: couldn't open file: %s: %s", strerror(errno), rc_conf_str("servers")); + return (-1); + } + + if ((myipaddr = rc_own_ipaddress()) == 0) + return (-1); + + result = 0; + while (fgets (buffer, sizeof (buffer), clientfd) != (char *) NULL) + { + if (*buffer == '#') + continue; + + if ((h = strtok (buffer, " \t\n")) == NULL) /* first hostname */ + continue; + + memset (hostnm, '\0', AUTH_ID_LEN); + len = strlen (h); + if (len > AUTH_ID_LEN) + { + len = AUTH_ID_LEN; + } + strncpy (hostnm, h, (size_t) len); + hostnm[AUTH_ID_LEN] = '\0'; + + if ((s = strtok (NULL, " \t\n")) == NULL) /* and secret field */ + continue; + + memset (secret, '\0', MAX_SECRET_LENGTH); + len = strlen (s); + if (len > MAX_SECRET_LENGTH) + { + len = MAX_SECRET_LENGTH; + } + strncpy (secret, s, (size_t) len); + secret[MAX_SECRET_LENGTH] = '\0'; + + if (!strchr (hostnm, '/')) /* If single name form */ + { + if (find_match (ip_addr, hostnm) == 0) + { + result++; + break; + } + } + else /* / "paired" form */ + { + strtok (hostnm, "/"); + if (find_match (&myipaddr, hostnm) == 0) + { /* If we're the 1st name, target is 2nd */ + host2 = strtok (NULL, " "); + if (find_match (ip_addr, host2) == 0) + { + result++; + break; + } + } + else /* If we were 2nd name, target is 1st name */ + { + if (find_match (ip_addr, hostnm) == 0) + { + result++; + break; + } + } + } + } + fclose (clientfd); + if (result == 0) + { + memset (buffer, '\0', sizeof (buffer)); + memset (secret, '\0', sizeof (secret)); + rc_log(LOG_ERR, "rc_find_server: couldn't find RADIUS server %s in %s", + server_name, rc_conf_str("servers")); + return (-1); + } + return 0; +}