/*
* Compare two handlers.
*/
static int eap_handler_cmp(const void *a, const void *b)
{
int rcode;
const eap_handler_t *one = a;
const eap_handler_t *two = b;
if (one->eap_id < two->eap_id) return -1;
if (one->eap_id > two->eap_id) return +1;
rcode = memcmp(one->state, two->state, sizeof(one->state));
if (rcode != 0) return rcode;
/*
* As of 2.1.8, we don't key off of source IP. This
* a NAS to send packets load-balanced (or fail-over)
* across multiple intermediate proxies, and still have
* EAP work.
*/
if (fr_ipaddr_cmp(&one->src_ipaddr, &two->src_ipaddr) != 0) {
DEBUGW("EAP packets are arriving from two different upstream "
"servers. Has there been a proxy fail-over?");
}
return 0;
}
/*查看共享内存信息*/
void webauth_show_user_shm(void)
{
s32 i;
online_usrinfo_s * head_ptr = NULL;
/*初始化共享内存*/
(void)webauth_shm_sem_init(SEC_WEBAUTH_SHM_INIT_N);
/*获取共享内存所用用户信息*/
head_ptr = webauth_shm_get_usrinfo_all ();
for (i = 0; head_ptr!= NULL && i < head_ptr[0].next; i++)
{
DEBUGW("user_name = %-15s user_ip = %s hot_flag = %d online_time= %ld expire_time = %ld\n", head_ptr[i].user_name,
netaddr_ntoa(head_ptr[i].usr_ip), head_ptr[i].hotb_flag, head_ptr[i].online_t, head_ptr[i].expire_t);
}
}
static int sql_socket_destructor(void *c)
{
rlm_sql_firebird_conn_t *conn = c;
int i;
DEBUG2("rlm_sql_firebird: socket destructor called, closing socket");
fb_commit(conn);
if (conn->dbh) {
fb_free_statement(conn);
mod_detach_database(conn->status, &(conn->dbh));
if (fb_lasterror(conn)) {
DEBUGW("rlm_sql_firebird: Got error "
"when closing socket: %s", conn->lasterror);
}
}
#ifdef _PTHREAD_H
pthread_mutex_destroy (&conn->mut);
#endif
for (i=0; i < conn->row_fcount; i++) {
free(conn->row[i]);
}
free(conn->row);
free(conn->row_sizes);
fb_free_sqlda(conn->sqlda_out);
free(conn->sqlda_out);
free(conn->tpb);
free(conn->dpb);
if (conn->lasterror) {
free(conn->lasterror);
}
return 0;
}
static void check_handler(void *data)
{
int do_warning = FALSE;
uint8_t state[8];
check_handler_t *check = data;
if (!check) return;
if (!check->inst || !check->handler) {
free(check);
return;
}
if (!check->inst->handler_tree) goto done;
PTHREAD_MUTEX_LOCK(&(check->inst->handler_mutex));
if (!rbtree_finddata(check->inst->handler_tree, check->handler)) {
goto done;
}
/*
* The session has continued *after* this packet.
* Don't do a warning.
*/
if (check->handler->trips > check->trips) {
goto done;
}
/*
* No TLS means no warnings.
*/
if (!check->handler->tls) goto done;
/*
* If we're being deleted early, it's likely because we
* received a transmit from the client that re-uses the
* same RADIUS Id, which forces the current packet to be
* deleted. In that case, ignore the error.
*/
if (time(NULL) < (check->handler->timestamp + 3)) goto done;
if (!check->handler->finished) {
do_warning = TRUE;
memcpy(state, check->handler->state, sizeof(state));
}
done:
PTHREAD_MUTEX_UNLOCK(&(check->inst->handler_mutex));
free(check);
if (do_warning) {
DEBUGW("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
DEBUGW("!! EAP session with state 0x%02x%02x%02x%02x%02x%02x%02x%02x did not finish! !!",
state[0], state[1],
state[2], state[3],
state[4], state[5],
state[6], state[7]);
DEBUGW("!! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility !!");
DEBUGW("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
}
}
/*
* Per-instance initialization
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_otp_t *inst = instance;
/* Onetime initialization. */
if (!ninstance) {
/* Generate a random key, used to protect the State attribute. */
otp_get_random(inst->hmac_key, sizeof(inst->hmac_key));
/* Initialize the passcode encoding/checking functions. */
otp_pwe_init();
/*
* Don't do this again.
* Only the main thread instantiates and detaches instances,
* so this does not need mutex protection.
*/
ninstance++;
}
/* Verify ranges for those vars that are limited. */
if ((inst->challenge_len < 5) ||
(inst->challenge_len > OTP_MAX_CHALLENGE_LEN)) {
inst->challenge_len = 6;
DEBUGW("invalid challenge_length %d, "
"range 5-%d, using default of 6",
inst->challenge_len, OTP_MAX_CHALLENGE_LEN);
}
if (!inst->allow_sync && !inst->allow_async) {
cf_log_err_cs(conf, "at least one of {allow_async, "
"allow_sync} must be set");
return -1;
}
if ((inst->mschapv2_mppe_policy > 2) ||
(inst->mschapv2_mppe_policy < 0)) {
inst->mschapv2_mppe_policy = 2;
DEBUGW("Invalid value for mschapv2_mppe, "
"using default of 2");
}
if ((inst->mschapv2_mppe_types > 2) || (inst->mschapv2_mppe_types < 0)) {
inst->mschapv2_mppe_types = 2;
DEBUGW("Invalid value for "
"mschapv2_mppe_bits, using default of 2");
}
if ((inst->mschap_mppe_policy > 2) || (inst->mschap_mppe_policy < 0)) {
inst->mschap_mppe_policy = 2;
DEBUGW("Invalid value for mschap_mppe, "
"using default of 2");
}
if (inst->mschap_mppe_types != 2) {
inst->mschap_mppe_types = 2;
DEBUGW("Invalid value for "
"mschap_mppe_bits, using default of 2");
}
/* set the instance name (for use with authorize()) */
inst->name = cf_section_name2(conf);
if (!inst->name) inst->name = cf_section_name1(conf);
return 0;
}
