END_TEST
START_TEST (test_make_ports)
{
UT_string str;
utstring_init(&str);
uint16_t ports[] = {htons(53), htons(80), htons(443)};
size_t count = sizeof(ports) / sizeof(ports[0]);
zclient_rules_make_ports(&str, PROTO_TCP, ACCESS_ALLOW, ports, count);
fail_if(0 != strcmp(utstring_body(&str), "ports.allow.tcp.53.80.443"), "make ports str fail");
utstring_clear(&str);
zclient_rules_make_ports(&str, PROTO_UDP, ACCESS_ALLOW, ports, count);
fail_if(0 != strcmp(utstring_body(&str), "ports.allow.udp.53.80.443"), "make ports str fail");
utstring_clear(&str);
zclient_rules_make_ports(&str, PROTO_TCP, ACCESS_DENY, ports, count);
fail_if(0 != strcmp(utstring_body(&str), "ports.deny.tcp.53.80.443"), "make ports str fail");
utstring_clear(&str);
zclient_rules_make_ports(&str, PROTO_UDP, ACCESS_DENY, ports, count);
fail_if(0 != strcmp(utstring_body(&str), "ports.deny.udp.53.80.443"), "make ports str fail");
utstring_done(&str);
}
END_TEST
START_TEST (test_make_fwd)
{
UT_string str;
utstring_init(&str);
zfwd_rule_t rule;
rule.port = htons(80);
rule.fwd_ip = 0x04030201;
rule.fwd_port = htons(83);
zclient_rules_make_fwd(&str, PROTO_TCP, &rule);
fail_if(0 != strcmp(utstring_body(&str), "fwd.tcp.80.1.2.3.4:83"), "make fwd str fail");
utstring_clear(&str);
zclient_rules_make_fwd(&str, PROTO_UDP, &rule);
fail_if(0 != strcmp(utstring_body(&str), "fwd.udp.80.1.2.3.4:83"), "make fwd str fail");
utstring_clear(&str);
rule.fwd_port = 0;
zclient_rules_make_fwd(&str, PROTO_UDP, &rule);
fail_if(0 != strcmp(utstring_body(&str), "fwd.udp.80.1.2.3.4"), "make fwd str fail");
utstring_done(&str);
}
int main() {
int i;
UT_string *t;
UT_vector v; utvector_init(&v, utstring_mm);
UT_string s; utstring_init(&s);
for(i=0; i<16; i++) {
utstring_printf(&s, ".");
utvector_push(&v, &s);
}
dump(&v);
t = (UT_string*)utvector_head(&v);
printf("head: %s %s\n", t?"non-null":"null", t?utstring_body(t):"-");
t = (UT_string*)utvector_tail(&v);
printf("tail: %s %s\n", t?"non-null":"null", t?utstring_body(t):"-");
for(i=0; i<16; i++) {
printf("shift\n");
utvector_shift(&v);
t = (UT_string*)utvector_head(&v);
printf("len: %d, head: %s %s\n", utvector_len(&v), t?"non-null":"null", t?utstring_body(t):"-");
}
printf("extend\n");
t= (UT_string*)utvector_extend(&v);
utstring_printf(t,"extended");
t = (UT_string*)utvector_head(&v);
printf("len: %d, head: %s %s\n", utvector_len(&v), t?"non-null":"null", t?utstring_body(t):"-");
utvector_fini(&v);
utstring_done(&s);
return 0;
}
int main() {
int i;
UT_string *t;
UT_vector v; utvector_init(&v, utvector_utstring);
UT_string s; utstring_init(&s);
for(i=0; i<16; i++) {
utstring_printf(&s, ".");
utvector_push(&v, &s);
}
dump(&v);
t = (UT_string*)utvector_head(&v);
printf("head: %s %s\n", t?"non-null":"null", t?utstring_body(t):"-");
t = (UT_string*)utvector_tail(&v);
printf("tail: %s %s\n", t?"non-null":"null", t?utstring_body(t):"-");
printf("extend\n");
t = (UT_string*)utvector_extend(&v);
utstring_bincpy(t, "hello", 5);
dump(&v);
t = (UT_string*)utvector_head(&v);
printf("head: %s %s\n", t?"non-null":"null", t?utstring_body(t):"-");
t = (UT_string*)utvector_tail(&v);
printf("tail: %s %s\n", t?"non-null":"null", t?utstring_body(t):"-");
utvector_fini(&v);
utstring_done(&s);
return 0;
}
END_TEST
START_TEST (test_make_identity)
{
UT_string str;
utstring_init(&str);
zclient_rules_make_identity(&str, 31337, "ABABA");
fail_if(0 != strcmp(utstring_body(&str), "identity.31337.ABABA"), "make identity str fail");
utstring_done(&str);
}
int main() {
int i; UT_string *p;
UT_vector v; utvector_init(&v, utvector_utstring);
UT_string s; utstring_init(&s);
for(i=0; i<10; i++) {
utstring_printf(&s, ".");
utvector_push(&v, &s);
}
p=NULL;
while ( (p=(UT_string*)utvector_next(&v,p))) printf("%s\n",utstring_body(p));
utvector_fini(&v);
utstring_done(&s);
return 0;
}
END_TEST
START_TEST (test_make_bw)
{
UT_string str;
utstring_init(&str);
zclient_rules_make_bw(&str, 524288, DIR_DOWN);
fail_if(0 != strcmp(utstring_body(&str), "bw.4096KBit.down"), "make bw down str fail");
utstring_clear(&str);
zclient_rules_make_bw(&str, 524288, DIR_UP);
fail_if(0 != strcmp(utstring_body(&str), "bw.4096KBit.up"), "make bw up str fail");
utstring_done(&str);
}
END_TEST
START_TEST (test_make_p2p_policer)
{
UT_string str;
utstring_init(&str);
crules_make_p2p_policy(&str, 0);
fail_if(0 != strcmp(utstring_body(&str), "p2p_policy.0"), "make p2p_policy str fail");
utstring_clear(&str);
crules_make_p2p_policy(&str, 1);
fail_if(0 != strcmp(utstring_body(&str), "p2p_policy.1"), "make p2p_policy str fail");
utstring_done(&str);
}
/**
* Log session authorization.
* @param[in] session Session.
* @param[in] attrs Authorization reply attributes.
*/
static void zrad_auth_log(const zscope_t *scope, const zsession_t *session, const VALUE_PAIR *attrs)
{
UT_string rules_str;
utstring_init(&rules_str);
utstring_reserve(&rules_str, 1024);
for (; likely(NULL != attrs); attrs = attrs->next) {
switch (attrs->attribute) {
case PW_FILTER_ID:
utstring_printf(&rules_str, " %s", attrs->strvalue);
break;
default:
break;
}
}
zsyslog(LOG_INFO, "%s: Authenticated session %s (rules:%s)",
scope->cfg->name, session->ip_str, utstring_body(&rules_str));
utstring_done(&rules_str);
}
int main() {
int i;
UT_vector v; utvector_init(&v, utvector_utstring);
UT_vector *k;
UT_string s; utstring_init(&s);
for(i=0; i<10; i++) {
utstring_printf(&s, ".");
utvector_push(&v, &s);
}
dump(&v);
printf("clone\n");
k = utvector_clone(&v);
dump(k);
utvector_fini(&v);
utvector_free(k);
utstring_done(&s);
return 0;
}
int main() {
int i;
UT_string *t;
UT_vector v; utvector_init(&v, utvector_utstring);
UT_string s; utstring_init(&s);
for(i=0; i<16; i++) {
utstring_printf(&s, ".");
utvector_push(&v, &s);
}
dump(&v);
printf("extend\n");
t = (UT_string*)utvector_extend(&v);
utstring_bincpy(t, "hello", 5);
dump(&v);
utvector_fini(&v);
utstring_done(&s);
return 0;
}
/**
* Authenticate and set client info.
* @param[in] sess Client session.
* @return Zero on success (or one of *_RC).
*/
static int session_authenticate(struct zsession *sess)
{
int ret = OTHER_RC;
VALUE_PAIR *request_attrs = NULL, *response_attrs = NULL, *attrs = NULL;
char msg[8192]; // WARNING: libfreeradius-client has unsafe working with this buffer.
rc_handle *rh = zinst()->radh;
struct in_addr ip_addr;
char ip_str[INET_ADDRSTRLEN];
struct zcrules rules;
crules_init(&rules);
ip_addr.s_addr = htonl(sess->ip);
if (unlikely(NULL == inet_ntop(AF_INET, &ip_addr, ip_str, sizeof(ip_str)))) {
goto end;
}
if (unlikely(NULL == rc_avpair_add(rh, &request_attrs, PW_USER_NAME, ip_str, -1, 0))) {
goto end;
}
if (unlikely(NULL == rc_avpair_add(rh, &request_attrs, PW_USER_PASSWORD, "", -1, 0))) {
goto end;
}
if (unlikely(NULL == rc_avpair_add(rh, &request_attrs, PW_NAS_IDENTIFIER, zcfg()->radius_nas_identifier, -1, 0))) {
goto end;
}
if (unlikely(NULL == rc_avpair_add(rh, &request_attrs, PW_CALLING_STATION_ID, ip_str, -1, 0))) {
goto end;
}
ret = rc_auth(rh, 0, request_attrs, &response_attrs, msg);
if (OK_RC != ret) {
ZERO_LOG(LOG_ERR, "Session authentication failed for %s (code:%d)", ip_str, ret);
goto end;
}
attrs = response_attrs;
while (likely(NULL != attrs)) {
switch (attrs->attribute) {
case PW_FILTER_ID:
crules_parse(&rules, attrs->strvalue);
break;
case PW_SESSION_TIMEOUT:
atomic_store_explicit(&sess->max_duration, SEC2USEC(attrs->lvalue), memory_order_release);
break;
case PW_ACCT_INTERIM_INTERVAL:
atomic_store_explicit(&sess->acct_interval, SEC2USEC(attrs->lvalue), memory_order_release);
break;
}
attrs = attrs->next;
}
if (likely(rules.have.user_id && rules.have.login)) {
struct zclient *client = sess->client;
client_db_find_or_set_id(zinst()->client_db, rules.user_id, &client);
if (client != sess->client) {
// found
pthread_rwlock_wrlock(&sess->lock_client);
atomic_fetch_add_explicit(&client->refcnt, 1, memory_order_relaxed);
client_release(sess->client);
sess->client = client;
client_session_add(sess->client, sess);
pthread_rwlock_unlock(&sess->lock_client);
} else {
client_apply_rules(sess->client, &rules);
}
atomic_fetch_sub_explicit(&zinst()->unauth_sessions_cnt, 1, memory_order_release);
// log successful authentication
{
UT_string rules_str;
utstring_init(&rules_str);
utstring_reserve(&rules_str, 1024);
attrs = response_attrs;
while (likely(NULL != attrs)) {
switch (attrs->attribute) {
case PW_FILTER_ID:
utstring_printf(&rules_str, " %s", attrs->strvalue);
break;
default:
break;
}
attrs = attrs->next;
}
zero_syslog(LOG_INFO, "Authenticated session %s (rules:%s)", ip_str, utstring_body(&rules_str));
utstring_done(&rules_str);
}
} else {
ret = OTHER_RC;
ZERO_LOG(LOG_ERR, "Session authentication failed for %s (code:%d)", ip_str, ret);
}
end:
crules_free(&rules);
if (request_attrs) rc_avpair_free(request_attrs);
if (response_attrs) rc_avpair_free(response_attrs);
return ret;
}
void qk_free(struct qk *qk) {
utvector_fini(&qk->keys);
utstring_done(&qk->tmp);
free(qk);
}
void _utstring_fini(void *_buf, unsigned num) {
UT_string *s = (UT_string*)_buf;
while(num--) utstring_done(&s[num]);
}
static void _nbt_record_fini(void *_r, unsigned num) {
struct nbt_record *r = (struct nbt_record *)_r;
while(num--) { utstring_done(&r->fqname); r++; }
}
CX_OBJECT_FREE(cxString, cxObject)
{
utstring_done(&this->strptr);
}