RADCLIENT_LIST *clients_parse_section(CONF_SECTION *section, UNUSED bool tls_required)
#endif
{
bool global = false, in_server = false;
CONF_SECTION *cs;
RADCLIENT *c;
RADCLIENT_LIST *clients;
/*
* Be forgiving. If there's already a clients, return
* it. Otherwise create a new one.
*/
clients = cf_data_find(section, "clients");
if (clients) return clients;
clients = clients_init(section);
if (!clients) return NULL;
if (cf_top_section(section) == section) global = true;
if (strcmp("server", cf_section_name1(section)) == 0) in_server = true;
/*
* Associate the clients structure with the section.
*/
if (cf_data_add(section, "clients", clients, NULL) < 0) {
cf_log_err_cs(section,
"Failed to associate clients with section %s",
cf_section_name1(section));
clients_free(clients);
return NULL;
}
for (cs = cf_subsection_find_next(section, NULL, "client");
cs != NULL;
cs = cf_subsection_find_next(section, cs, "client")) {
c = client_parse(cs, in_server);
if (!c) {
return NULL;
}
#ifdef WITH_TLS
/*
* TLS clients CANNOT use non-TLS listeners.
* non-TLS clients CANNOT use TLS listeners.
*/
if (tls_required != c->tls_required) {
cf_log_err_cs(cs, "Client does not have the same TLS configuration as the listener");
client_free(c);
clients_free(clients);
return NULL;
}
#endif
/*
* FIXME: Add the client as data via cf_data_add,
* for migration issues.
*/
#ifdef WITH_DYNAMIC_CLIENTS
#ifdef HAVE_DIRENT_H
if (c->client_server) {
char const *value;
CONF_PAIR *cp;
DIR *dir;
struct dirent *dp;
struct stat stat_buf;
char buf2[2048];
/*
* Find the directory where individual
* client definitions are stored.
*/
cp = cf_pair_find(cs, "directory");
if (!cp) goto add_client;
value = cf_pair_value(cp);
if (!value) {
cf_log_err_cs(cs,
"The \"directory\" entry must not be empty");
client_free(c);
return NULL;
}
DEBUG("including dynamic clients in %s", value);
dir = opendir(value);
if (!dir) {
cf_log_err_cs(cs, "Error reading directory %s: %s", value, fr_syserror(errno));
client_free(c);
return NULL;
}
/*
* Read the directory, ignoring "." files.
*/
while ((dp = readdir(dir)) != NULL) {
char const *p;
RADCLIENT *dc;
if (dp->d_name[0] == '.') continue;
/*
* Check for valid characters
*/
for (p = dp->d_name; *p != '\0'; p++) {
if (isalpha((int)*p) ||
isdigit((int)*p) ||
(*p == ':') ||
(*p == '.')) continue;
break;
}
if (*p != '\0') continue;
snprintf(buf2, sizeof(buf2), "%s/%s",
value, dp->d_name);
if ((stat(buf2, &stat_buf) != 0) ||
S_ISDIR(stat_buf.st_mode)) continue;
dc = client_read(buf2, in_server, true);
if (!dc) {
cf_log_err_cs(cs,
"Failed reading client file \"%s\"", buf2);
client_free(c);
closedir(dir);
return NULL;
}
/*
* Validate, and add to the list.
*/
if (!client_validate(clients, c, dc)) {
client_free(c);
closedir(dir);
return NULL;
}
} /* loop over the directory */
closedir(dir);
}
#endif /* HAVE_DIRENT_H */
add_client:
#endif /* WITH_DYNAMIC_CLIENTS */
if (!client_add(clients, c)) {
cf_log_err_cs(cs,
"Failed to add client %s",
cf_section_name2(cs));
client_free(c);
return NULL;
}
}
/*
* Replace the global list of clients with the new one.
* The old one is still referenced from the original
* configuration, and will be freed when that is freed.
*/
if (global) {
root_clients = clients;
}
return clients;
}
/*
* Add a client to the tree.
*/
int client_add(RADCLIENT_LIST *clients, RADCLIENT *client)
{
RADCLIENT *old;
char buffer[INET6_ADDRSTRLEN + 3];
if (!client) {
return 0;
}
/*
* Hack to fixup wildcard clients
*/
if (is_wildcard(&client->ipaddr)) client->ipaddr.prefix = 0;
fr_ntop(buffer, sizeof(buffer), &client->ipaddr);
DEBUG3("Adding client %s (%s) to prefix tree %i", buffer, client->longname, client->ipaddr.prefix);
/*
* If "clients" is NULL, it means add to the global list.
*/
if (!clients) {
/*
* Initialize it, if not done already.
*/
if (!root_clients) {
root_clients = clients_init(NULL);
if (!root_clients) return 0;
}
clients = root_clients;
}
/*
* Create a tree for it.
*/
if (!clients->trees[client->ipaddr.prefix]) {
clients->trees[client->ipaddr.prefix] = rbtree_create(client_ipaddr_cmp, NULL, 0);
if (!clients->trees[client->ipaddr.prefix]) {
return 0;
}
}
#define namecmp(a) ((!old->a && !client->a) || (old->a && client->a && (strcmp(old->a, client->a) == 0)))
/*
* Cannot insert the same client twice.
*/
old = rbtree_finddata(clients->trees[client->ipaddr.prefix], client);
if (old) {
/*
* If it's a complete duplicate, then free the new
* one, and return "OK".
*/
if ((fr_ipaddr_cmp(&old->ipaddr, &client->ipaddr) == 0) &&
(old->ipaddr.prefix == client->ipaddr.prefix) &&
namecmp(longname) && namecmp(secret) &&
namecmp(shortname) && namecmp(nas_type) &&
namecmp(login) && namecmp(password) && namecmp(server) &&
#ifdef WITH_DYNAMIC_CLIENTS
(old->lifetime == client->lifetime) &&
namecmp(client_server) &&
#endif
#ifdef WITH_COA
namecmp(coa_name) &&
(old->coa_server == client->coa_server) &&
(old->coa_pool == client->coa_pool) &&
#endif
(old->message_authenticator == client->message_authenticator)) {
WARN("Ignoring duplicate client %s", client->longname);
client_free(client);
return 1;
}
ERROR("Failed to add duplicate client %s",
client->shortname);
return 0;
}
#undef namecmp
/*
* Other error adding client: likely is fatal.
*/
if (!rbtree_insert(clients->trees[client->ipaddr.prefix], client)) {
return 0;
}
#ifdef WITH_STATS
if (!tree_num) {
tree_num = rbtree_create(client_num_cmp, NULL, 0);
}
#ifdef WITH_DYNAMIC_CLIENTS
/*
* More catching of clients added by rlm_sql.
*
* The sql modules sets the dynamic flag BEFORE calling
* us. The client_from_request() function sets it AFTER
* calling us.
*/
if (client->dynamic && (client->lifetime == 0)) {
RADCLIENT *network;
/*
* If there IS an enclosing network,
* inherit the lifetime from it.
*/
network = client_find(clients, &client->ipaddr, client->proto);
if (network) {
client->lifetime = network->lifetime;
}
}
#endif
client->number = tree_num_max;
tree_num_max++;
if (tree_num) rbtree_insert(tree_num, client);
#endif
if (client->ipaddr.prefix < clients->min_prefix) {
clients->min_prefix = client->ipaddr.prefix;
}
(void) talloc_steal(clients, client); /* reparent it */
return 1;
}
static RADCLIENT *client_parse(CONF_SECTION *cs, int in_server)
{
RADCLIENT *c;
char const *name2;
name2 = cf_section_name2(cs);
if (!name2) {
cf_log_err_cs(cs, "Missing client name");
return NULL;
}
/*
* The size is fine.. Let's create the buffer
*/
c = talloc_zero(cs, RADCLIENT);
c->cs = cs;
memset(&cl_ipaddr, 0, sizeof(cl_ipaddr));
if (cf_section_parse(cs, c, client_config) < 0) {
cf_log_err_cs(cs, "Error parsing client section");
error:
client_free(c);
#ifdef WITH_TCP
hs_proto = NULL;
cl_srcipaddr = NULL;
#endif
return NULL;
}
/*
* Global clients can set servers to use per-server clients cannot.
*/
if (in_server && c->server) {
cf_log_err_cs(cs, "Clients inside of an server section cannot point to a server");
goto error;
}
/*
* Newer style client definitions with either ipaddr or ipaddr6
* config items.
*/
if (cf_pair_find(cs, "ipaddr") || cf_pair_find(cs, "ipv4addr") || cf_pair_find(cs, "ipv6addr")) {
char buffer[128];
/*
* Sets ipv4/ipv6 address and prefix.
*/
c->ipaddr = cl_ipaddr;
/*
* Set the long name to be the result of a reverse lookup on the IP address.
*/
ip_ntoh(&c->ipaddr, buffer, sizeof(buffer));
c->longname = talloc_typed_strdup(c, buffer);
/*
* Set the short name to the name2.
*/
if (!c->shortname) c->shortname = talloc_typed_strdup(c, name2);
/*
* No "ipaddr" or "ipv6addr", use old-style "client <ipaddr> {" syntax.
*/
} else {
ERROR("No 'ipaddr' or 'ipv4addr' or 'ipv6addr' configuration directive found in client %s", name2);
goto error;
}
c->proto = IPPROTO_UDP;
if (hs_proto) {
if (strcmp(hs_proto, "udp") == 0) {
hs_proto = NULL;
#ifdef WITH_TCP
} else if (strcmp(hs_proto, "tcp") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_TCP;
# ifdef WITH_TLS
} else if (strcmp(hs_proto, "tls") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_TCP;
c->tls_required = true;
} else if (strcmp(hs_proto, "radsec") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_TCP;
c->tls_required = true;
# endif
} else if (strcmp(hs_proto, "*") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_IP; /* fake for dual */
#endif
} else {
cf_log_err_cs(cs, "Unknown proto \"%s\".", hs_proto);
goto error;
}
}
/*
* If a src_ipaddr is specified, when we send the return packet
* we will use this address instead of the src from the
* request.
*/
if (cl_srcipaddr) {
#ifdef WITH_UDPFROMTO
switch (c->ipaddr.af) {
case AF_INET:
if (fr_pton4(&c->src_ipaddr, cl_srcipaddr, 0, true, false) < 0) {
cf_log_err_cs(cs, "Failed parsing src_ipaddr: %s", fr_strerror());
goto error;
}
break;
case AF_INET6:
if (fr_pton6(&c->src_ipaddr, cl_srcipaddr, 0, true, false) < 0) {
cf_log_err_cs(cs, "Failed parsing src_ipaddr: %s", fr_strerror());
goto error;
}
break;
default:
rad_assert(0);
}
#else
WARN("Server not built with udpfromto, ignoring client src_ipaddr");
#endif
cl_srcipaddr = NULL;
}
FR_TIMEVAL_BOUND_CHECK("response_window", &c->response_window, >=, 0, 1000);
FR_TIMEVAL_BOUND_CHECK("response_window", &c->response_window, <=, 60, 0);
FR_TIMEVAL_BOUND_CHECK("response_window", &c->response_window, <=, main_config.max_request_time, 0);
#ifdef WITH_DYNAMIC_CLIENTS
if (c->client_server) {
c->secret = talloc_typed_strdup(c, "testing123");
if (((c->ipaddr.af == AF_INET) && (c->ipaddr.prefix == 32)) ||
((c->ipaddr.af == AF_INET6) && (c->ipaddr.prefix == 128))) {
cf_log_err_cs(cs, "Dynamic clients MUST be a network, not a single IP address");
goto error;
}
return c;
}
#endif
if (!c->secret || (c->secret[0] == '\0')) {
#ifdef WITH_DHCP
char const *value = NULL;
CONF_PAIR *cp = cf_pair_find(cs, "dhcp");
if (cp) value = cf_pair_value(cp);
/*
* Secrets aren't needed for DHCP.
*/
if (value && (strcmp(value, "yes") == 0)) return c;
#endif
#ifdef WITH_TLS
/*
* If the client is TLS only, the secret can be
* omitted. When omitted, it's hard-coded to
* "radsec". See RFC 6614.
*/
if (c->tls_required) {
c->secret = talloc_typed_strdup(cs, "radsec");
} else
#endif
{
cf_log_err_cs(cs,
"secret must be at least 1 character long");
goto error;
}
}
#ifdef WITH_COA
/*
* Point the client to the home server pool, OR to the
* home server. This gets around the problem of figuring
* out which port to use.
*/
if (c->coa_name) {
c->coa_pool = home_pool_byname(c->coa_name, HOME_TYPE_COA);
if (!c->coa_pool) {
c->coa_server = home_server_byname(c->coa_name,
HOME_TYPE_COA);
}
if (!c->coa_pool && !c->coa_server) {
cf_log_err_cs(cs, "No such home_server or home_server_pool \"%s\"", c->coa_name);
goto error;
}
}
#endif
#ifdef WITH_TCP
if ((c->proto == IPPROTO_TCP) || (c->proto == IPPROTO_IP)) {
if ((c->limit.idle_timeout > 0) && (c->limit.idle_timeout < 5))
c->limit.idle_timeout = 5;
if ((c->limit.lifetime > 0) && (c->limit.lifetime < 5))
c->limit.lifetime = 5;
if ((c->limit.lifetime > 0) && (c->limit.idle_timeout > c->limit.lifetime))
c->limit.idle_timeout = 0;
}
#endif
return c;
}
/** Add a client to a RADCLIENT_LIST
*
* @param clients list to add client to, may be NULL if global client list is being used.
* @param client to add.
* @return
* - true on success.
* - false on failure.
*/
bool client_add(RADCLIENT_LIST *clients, RADCLIENT *client)
{
RADCLIENT *old;
char buffer[INET6_ADDRSTRLEN + 3];
if (!client) return false;
/*
* Hack to fixup wildcard clients
*
* If the IP is all zeros, with a 32 or 128 bit netmask
* assume the user meant to configure 0.0.0.0/0 instead
* of 0.0.0.0/32 - which would require the src IP of
* the client to be all zeros.
*/
if (fr_inaddr_any(&client->ipaddr) == 1) switch (client->ipaddr.af) {
case AF_INET:
if (client->ipaddr.prefix == 32) client->ipaddr.prefix = 0;
break;
case AF_INET6:
if (client->ipaddr.prefix == 128) client->ipaddr.prefix = 0;
break;
default:
rad_assert(0);
}
fr_ntop(buffer, sizeof(buffer), &client->ipaddr);
DEBUG3("Adding client %s (%s) to prefix tree %i", buffer, client->longname, client->ipaddr.prefix);
/*
* If the client also defines a server, do that now.
*/
if (client->defines_coa_server) if (!realm_home_server_add(client->coa_server)) return false;
/*
* If "clients" is NULL, it means add to the global list,
* unless we're trying to add it to a virtual server...
*/
if (!clients) {
if (client->server != NULL) {
CONF_SECTION *cs;
CONF_SECTION *subcs;
cs = cf_section_sub_find_name2(main_config.config, "server", client->server);
if (!cs) {
ERROR("Failed to find virtual server %s", client->server);
return false;
}
/*
* If this server has no "listen" section, add the clients
* to the global client list.
*/
subcs = cf_section_sub_find(cs, "listen");
if (!subcs) goto global_clients;
/*
* If the client list already exists, use that.
* Otherwise, create a new client list.
*/
clients = cf_data_find(cs, "clients");
if (!clients) {
clients = client_list_init(cs);
if (!clients) {
ERROR("Out of memory");
return false;
}
if (cf_data_add(cs, "clients", clients, (void (*)(void *)) client_list_free) < 0) {
ERROR("Failed to associate clients with virtual server %s", client->server);
client_list_free(clients);
return false;
}
}
} else {
global_clients:
/*
* Initialize the global list, if not done already.
*/
if (!root_clients) {
root_clients = client_list_init(NULL);
if (!root_clients) return false;
}
clients = root_clients;
}
}
/*
* Create a tree for it.
*/
if (!clients->trees[client->ipaddr.prefix]) {
clients->trees[client->ipaddr.prefix] = rbtree_create(clients, client_ipaddr_cmp, NULL, 0);
if (!clients->trees[client->ipaddr.prefix]) {
return false;
}
}
#define namecmp(a) ((!old->a && !client->a) || (old->a && client->a && (strcmp(old->a, client->a) == 0)))
/*
* Cannot insert the same client twice.
*/
old = rbtree_finddata(clients->trees[client->ipaddr.prefix], client);
if (old) {
/*
* If it's a complete duplicate, then free the new
* one, and return "OK".
*/
if ((fr_ipaddr_cmp(&old->ipaddr, &client->ipaddr) == 0) &&
(old->ipaddr.prefix == client->ipaddr.prefix) &&
namecmp(longname) && namecmp(secret) &&
namecmp(shortname) && namecmp(nas_type) &&
namecmp(login) && namecmp(password) && namecmp(server) &&
#ifdef WITH_DYNAMIC_CLIENTS
(old->lifetime == client->lifetime) &&
namecmp(client_server) &&
#endif
#ifdef WITH_COA
namecmp(coa_name) &&
(old->coa_server == client->coa_server) &&
(old->coa_pool == client->coa_pool) &&
#endif
(old->message_authenticator == client->message_authenticator)) {
WARN("Ignoring duplicate client %s", client->longname);
client_free(client);
return true;
}
ERROR("Failed to add duplicate client %s", client->shortname);
return false;
}
#undef namecmp
/*
* Other error adding client: likely is fatal.
*/
if (!rbtree_insert(clients->trees[client->ipaddr.prefix], client)) {
return false;
}
#ifdef WITH_STATS
if (!tree_num) {
tree_num = rbtree_create(clients, client_num_cmp, NULL, 0);
}
#ifdef WITH_DYNAMIC_CLIENTS
/*
* More catching of clients added by rlm_sql.
*
* The sql modules sets the dynamic flag BEFORE calling
* us. The client_afrom_request() function sets it AFTER
* calling us.
*/
if (client->dynamic && (client->lifetime == 0)) {
RADCLIENT *network;
/*
* If there IS an enclosing network,
* inherit the lifetime from it.
*/
network = client_find(clients, &client->ipaddr, client->proto);
if (network) {
client->lifetime = network->lifetime;
}
}
#endif
client->number = tree_num_max;
tree_num_max++;
if (tree_num) rbtree_insert(tree_num, client);
#endif
if (client->ipaddr.prefix < clients->min_prefix) {
clients->min_prefix = client->ipaddr.prefix;
}
(void) talloc_steal(clients, client); /* reparent it */
return true;
}
static int generate_sql_clients(SQL_INST *inst)
{
SQLSOCK *sqlsocket;
SQL_ROW row;
char querystr[MAX_QUERY_LEN];
RADCLIENT *c;
char *prefix_ptr = NULL;
unsigned int i = 0;
int numf = 0;
DEBUG("rlm_sql (%s): Processing generate_sql_clients",
inst->config->xlat_name);
/* NAS query isn't xlat'ed */
strlcpy(querystr, inst->config->nas_query, sizeof(querystr));
DEBUG("rlm_sql (%s) in generate_sql_clients: query is %s",
inst->config->xlat_name, querystr);
sqlsocket = sql_get_socket(inst);
if (sqlsocket == NULL)
return -1;
if (rlm_sql_select_query(sqlsocket,inst,querystr)){
radlog(L_ERR, "rlm_sql (%s): database query error, %s: %s",
inst->config->xlat_name,querystr,
(inst->module->sql_error)(sqlsocket, inst->config));
sql_release_socket(inst,sqlsocket);
return -1;
}
while(rlm_sql_fetch_row(sqlsocket, inst) == 0) {
i++;
row = sqlsocket->row;
if (row == NULL)
break;
/*
* The return data for each row MUST be in the following order:
*
* 0. Row ID (currently unused)
* 1. Name (or IP address)
* 2. Shortname
* 3. Type
* 4. Secret
* 5. Virtual Server (optional)
*/
if (!row[0]){
radlog(L_ERR, "rlm_sql (%s): No row id found on pass %d",inst->config->xlat_name,i);
continue;
}
if (!row[1]){
radlog(L_ERR, "rlm_sql (%s): No nasname found for row %s",inst->config->xlat_name,row[0]);
continue;
}
if (!row[2]){
radlog(L_ERR, "rlm_sql (%s): No short name found for row %s",inst->config->xlat_name,row[0]);
continue;
}
if (!row[4]){
radlog(L_ERR, "rlm_sql (%s): No secret found for row %s",inst->config->xlat_name,row[0]);
continue;
}
DEBUG("rlm_sql (%s): Read entry nasname=%s,shortname=%s,secret=%s",inst->config->xlat_name,
row[1],row[2],row[4]);
c = rad_malloc(sizeof(*c));
memset(c, 0, sizeof(*c));
#ifdef WITH_DYNAMIC_CLIENTS
c->dynamic = 1;
#endif
/*
* Look for prefixes
*/
c->prefix = -1;
prefix_ptr = strchr(row[1], '/');
if (prefix_ptr) {
c->prefix = atoi(prefix_ptr + 1);
if ((c->prefix < 0) || (c->prefix > 128)) {
radlog(L_ERR, "rlm_sql (%s): Invalid Prefix value '%s' for IP.",
inst->config->xlat_name, prefix_ptr + 1);
free(c);
continue;
}
/* Replace '/' with '\0' */
*prefix_ptr = '\0';
}
/*
* Always get the numeric representation of IP
*/
if (ip_hton(row[1], AF_UNSPEC, &c->ipaddr) < 0) {
radlog(L_CONS|L_ERR, "rlm_sql (%s): Failed to look up hostname %s: %s",
inst->config->xlat_name,
row[1], fr_strerror());
free(c);
continue;
} else {
char buffer[256];
ip_ntoh(&c->ipaddr, buffer, sizeof(buffer));
c->longname = strdup(buffer);
}
if (c->prefix < 0) switch (c->ipaddr.af) {
case AF_INET:
c->prefix = 32;
break;
case AF_INET6:
c->prefix = 128;
break;
default:
break;
}
/*
* Other values (secret, shortname, nastype, virtual_server)
*/
c->secret = strdup(row[4]);
c->shortname = strdup(row[2]);
if(row[3] != NULL)
c->nastype = strdup(row[3]);
numf = (inst->module->sql_num_fields)(sqlsocket, inst->config);
if ((numf > 5) && (row[5] != NULL) && *row[5]) c->server = strdup(row[5]);
DEBUG("rlm_sql (%s): Adding client %s (%s, server=%s) to clients list",
inst->config->xlat_name,
c->longname,c->shortname, c->server ? c->server : "<none>");
if (!client_add(NULL, c)) {
sql_release_socket(inst, sqlsocket);
DEBUG("rlm_sql (%s): Failed to add client %s (%s) to clients list. Maybe there's a duplicate?",
inst->config->xlat_name,
c->longname,c->shortname);
client_free(c);
return -1;
}
}
(inst->module->sql_finish_select_query)(sqlsocket, inst->config);
sql_release_socket(inst, sqlsocket);
return 0;
}
/** Load client entries from Couchbase client documents on startup
*
* This function executes the view defined in the module configuration and loops
* through all returned rows. The view is called with "stale=false" to ensure the
* most accurate data available when the view is called. This will force an index
* rebuild on this design document in Couchbase. However, since this function is only
* run once at sever startup this should not be a concern.
*
* @param inst The module instance.
* @param cs The client attribute configuration section.
* @return Returns 0 on success, -1 on error.
*/
int mod_load_client_documents(rlm_couchbase_t *inst, CONF_SECTION *cs)
{
void *handle = NULL; /* connection pool handle */
char vpath[256], docid[MAX_KEY_SIZE]; /* view path and document id */
char error[512]; /* view error return */
int idx = 0; /* row array index counter */
int retval = 0; /* return value */
lcb_error_t cb_error = LCB_SUCCESS; /* couchbase error holder */
json_object *json, *jval; /* json object holders */
json_object *jrows = NULL; /* json object to hold view rows */
CONF_SECTION *client; /* freeradius config section */
RADCLIENT *c; /* freeradius client */
/* get handle */
handle = fr_connection_get(inst->pool);
/* check handle */
if (!handle) return -1;
/* set handle pointer */
rlm_couchbase_handle_t *handle_t = handle;
/* set couchbase instance */
lcb_t cb_inst = handle_t->handle;
/* set cookie */
cookie_t *cookie = handle_t->cookie;
/* check cookie */
if (cookie) {
/* clear cookie */
memset(cookie, 0, sizeof(cookie_t));
} else {
/* log error */
ERROR("rlm_couchbase: cookie not usable - possibly not allocated");
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* build view path */
snprintf(vpath, sizeof(vpath), "%s?stale=false", inst->client_view);
/* init cookie error status */
cookie->jerr = json_tokener_success;
/* query view for document */
cb_error = couchbase_query_view(cb_inst, cookie, vpath, NULL);
/* check error */
if (cb_error != LCB_SUCCESS || cookie->jerr != json_tokener_success) {
/* log error */
ERROR("rlm_couchbase: failed to execute view request or parse return");
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* debugging */
DEBUG("rlm_couchbase: cookie->jobj == %s", json_object_to_json_string(cookie->jobj));
/* check cookie */
if (!cookie->jobj) {
/* log error */
ERROR("rlm_couchbase: failed to fetch view");
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* check for error in json object */
if (json_object_object_get_ex(cookie->jobj, "error", &json)) {
/* build initial error buffer */
strlcpy(error, json_object_get_string(json), sizeof(error));
/* get error reason */
if (json_object_object_get_ex(cookie->jobj, "reason", &json)) {
/* append divider */
strlcat(error, " - ", sizeof(error));
/* append reason */
strlcat(error, json_object_get_string(json), sizeof(error));
}
/* log error */
ERROR("rlm_couchbase: view request failed with error: %s", error);
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* check for document id in return */
if (!json_object_object_get_ex(cookie->jobj, "rows", &json)) {
/* log error */
ERROR("rlm_couchbase: failed to fetch rows from view payload");
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* get and hold rows */
jrows = json_object_get(json);
/* free cookie object */
json_object_put(cookie->jobj);
/* debugging */
DEBUG("rlm_couchbase: jrows == %s", json_object_to_json_string(jrows));
/* check for valid row value */
if (!json_object_is_type(jrows, json_type_array) && json_object_array_length(jrows) < 1) {
/* log error */
ERROR("rlm_couchbase: couldn't find valid rows in view return");
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* loop across all row elements */
for (idx = 0; idx < json_object_array_length(jrows); idx++) {
/* fetch current index */
json = json_object_array_get_idx(jrows, idx);
/* get document id */
if (json_object_object_get_ex(json, "id", &jval)) {
/* clear docid */
memset(docid, 0, sizeof(docid));
/* copy and check length */
if (strlcpy(docid, json_object_get_string(jval), sizeof(docid)) >= sizeof(docid)) {
ERROR("rlm_couchbase: document id from row longer than MAX_KEY_SIZE (%d)", MAX_KEY_SIZE);
continue;
}
}
/* check for valid doc id */
if (docid[0] == 0) {
WARN("rlm_couchbase: failed to fetch document id from row - skipping");
continue;
}
/* debugging */
DEBUG("rlm_couchbase: preparing to fetch docid '%s'", docid);
/* reset cookie error status */
cookie->jerr = json_tokener_success;
/* fetch document */
cb_error = couchbase_get_key(cb_inst, cookie, docid);
/* check error */
if (cb_error != LCB_SUCCESS || cookie->jerr != json_tokener_success) {
/* log error */
ERROR("rlm_couchbase: failed to execute get request or parse return");
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* debugging */
DEBUG("rlm_couchbase: cookie->jobj == %s", json_object_to_json_string(cookie->jobj));
/* allocate conf section */
client = cf_section_alloc(NULL, "client", docid);
if (mod_client_map_section(client, cs, cookie->jobj, docid) != 0) {
/* free config setion */
talloc_free(client);
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/*
* @todo These should be parented from something.
*/
c = client_afrom_cs(NULL, client, false);
if (!c) {
ERROR("rlm_couchbase: failed to allocate client");
/* free config setion */
talloc_free(client);
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/*
* Client parents the CONF_SECTION which defined it.
*/
talloc_steal(c, client);
/* attempt to add client */
if (!client_add(NULL, c)) {
ERROR("rlm_couchbase: failed to add client from %s, possible duplicate?", docid);
/* free client */
client_free(c);
/* set return */
retval = -1;
/* return */
goto free_and_return;
}
/* debugging */
DEBUG("rlm_couchbase: client '%s' added", c->longname);
/* free json object */
json_object_put(cookie->jobj);
}
free_and_return:
/* free json object */
if (cookie->jobj) {
json_object_put(cookie->jobj);
}
/* free rows */
if (jrows) {
json_object_put(jrows);
}
/* release handle */
if (handle) {
fr_connection_release(inst->pool, handle);
}
/* return */
return retval;
}
int udpclient(int argc, char *argv[])
{
list_t *clients = NULL;
list_t *conn_clients;
client_t *client;
client_t *tunnel;
client_t *client2;
char data[MSG_MAX_LEN];
char addrstr[ADDRSTRLEN];
char taddrstr[ADDRSTRLEN];
socket_t *tcp_sock = NULL;
socket_t *udp_sock = NULL;
socket_t *next_sock = NULL;
struct timeval curr_time;
struct timeval check_time;
struct timeval check_interval;
struct timeval timeout;
fd_set client_fds;
fd_set read_fds;
uint16_t tmp_id;
uint8_t tmp_type;
uint16_t tmp_len;
// uint16_t tmp_req_id;
int num_fds;
uint32_t sourceid;
int ret;
int i;
signal(SIGINT, &signal_handler);
i = 0;
lhost = (argc - i == 5) ? NULL : argv[i++];
lport = argv[i++];
rport = argv[i++];
phost = argv[i++];
pport = argv[i++];
relays = atoi(argv[i++]);
if(debug_level >= DEBUG_LEVEL1)
printf("relays need %d \n",relays);
/* Check validity of ports (can't check ip's b/c might be host names) */
ERROR_GOTO(!isnum(lport), "Invalid listen port.", done);
ERROR_GOTO(!isnum(rport), "Invalid recv port.", done);
ERROR_GOTO(!isnum(pport), "Invalid inter port.", done);
//ERROR_GOTO(!isnum(rport), "Invalid remote port.", done);
srand(inet_addr(lhost));
localid=(rand());
generate_rsakey(lhost);
if(debug_level >= DEBUG_LEVEL1)
{
printf("local id %d \n",localid);
}
next_req_id = rand() % 0xffff;
/* Create an empty list for the clients */
clients = list_create(sizeof(client_t), p_client_cmp, p_client_copy,
p_client_free, 1);
ERROR_GOTO(clients == NULL, "Error creating clients list.", done);
/* Create and empty list for the connecting clients */
conn_clients = list_create(sizeof(client_t), p_client_cmp, p_client_copy,
p_client_free, 1);
ERROR_GOTO(conn_clients == NULL, "Error creating conn_clients list.", done);
relay_clients = list_create(sizeof(client_t), p_client_cmp, p_client_copy,
p_client_free, 1);
ERROR_GOTO(relay_clients == NULL, "Error creating clients list.", done);
/* Create a TCP server socket to listen for incoming connections */
tcp_serv = sock_create(lhost, lport, ipver, SOCK_TYPE_TCP, 1, 1);
ERROR_GOTO(tcp_serv == NULL, "Error creating TCP socket.", done);
udp_serv = sock_create(lhost, rport,ipver, SOCK_TYPE_UDP, 1, 1);
ERROR_GOTO(udp_serv == NULL, "Error creating TCP socket.", done);
if(debug_level >= DEBUG_LEVEL1)
{
printf("Listening on TCP %s,UDP %s \n",
sock_get_str(tcp_serv, addrstr, sizeof(addrstr)),sock_get_str(udp_serv, taddrstr, sizeof(taddrstr)));
}
next_sock = sock_create(phost, pport, ipver, SOCK_TYPE_UDP, 0, 1);
msg_send_req(next_sock,lhost,rport,0,localid);
sock_free(next_sock);
next_sock = NULL;
FD_ZERO(&client_fds);
/* Initialize all the timers */
timerclear(&timeout);
check_interval.tv_sec = 0;
check_interval.tv_usec = 500000;
gettimeofday(&check_time, NULL);
while(running)
{
if(!timerisset(&timeout))
timeout.tv_usec = 50000;
read_fds = client_fds;
FD_SET(SOCK_FD(tcp_serv), &read_fds);
FD_SET(SOCK_FD(udp_serv), &read_fds);
ret = select(FD_SETSIZE, &read_fds, NULL, NULL, &timeout);
PERROR_GOTO(ret < 0, "select", done);
num_fds = ret;
gettimeofday(&curr_time, NULL);
/* Go through all the clients and check if didn't get an ACK for sent
data during the timeout period */
if(timercmp(&curr_time, &check_time, >))
{
for(i = 0; i < LIST_LEN(clients); i++)
{
client = list_get_at(clients, i);
ret = client_check_and_resend(client, curr_time);
if(ret == -2)
{
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds, 1);
i--;
continue;
}
ret = client_check_and_send_keepalive(client, curr_time);
if(ret == -2)
{
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds, 1);
i--;
}
}
timeradd(&curr_time, &check_interval, &check_time);
}
if(num_fds == 0)
continue;
/* Check if pending TCP connection to accept and create a new client
and UDP connection if one is ready */
if(FD_ISSET(SOCK_FD(tcp_serv), &read_fds))
{
tcp_sock = sock_accept(tcp_serv);
if(tcp_sock == NULL)
continue;
if(SelectMethod(tcp_sock->fd)==-1)
{
if(debug_level >= DEBUG_LEVEL1)
printf("socks version error\n");
return-1;
}
rhost=ParseCommand(tcp_sock->fd);
if (0<LIST_LEN(relay_clients))
{
tunnel = list_get_at(relay_clients, 0);
udp_sock =sock_copy(CLIENT_TCP_SOCK(tunnel));
SOCK_FD(udp_sock)=socket(AF_INET, SOCK_DGRAM, 0);
}
if(udp_sock == NULL)
{
sock_close(tcp_sock);
sock_free(tcp_sock);
continue;
}
client = client_create(next_req_id++, localid, tcp_sock, udp_sock, 1);
memcpy(client->rsakey,tunnel->rsakey,strlen(tunnel->rsakey));
printf("expid rsakey is %s",client->rsakey);
if(debug_level >= DEBUG_LEVEL1)
printf("create client id %d \n",CLIENT_ID(client));
if(!client || !tcp_sock || !udp_sock)
{
if(tcp_sock)
sock_close(tcp_sock);
if(udp_sock)
sock_close(udp_sock);
}
else
{
client2 = list_add(conn_clients, client, 1);
client_free(client);
client = NULL;
if(debug_level >= DEBUG_LEVEL1)
{
sock_get_str(CLIENT_TCP_SOCK(client2), addrstr,
sizeof(addrstr));
printf("tunnel(%d): local %s ",client2->sourceid, addrstr);
sock_get_str(CLIENT_UDP_SOCK(client2), addrstr,
sizeof(addrstr));
printf("to %s \n",addrstr);
}
client_send_hello(client2,rhost,CLIENT_ID(client2));
client_add_tcp_fd_to_set(client2, &client_fds);
//client_add_udp_fd_to_set(client2, &client_fds);
}
sock_free(tcp_sock);
sock_free(udp_sock);
tcp_sock = NULL;
udp_sock = NULL;
num_fds--;
}
/* Check for UDP data */
if(FD_ISSET(SOCK_FD(udp_serv), &read_fds))
{
//ret = client_recv_udp_msg(client, data, sizeof(data),
// &tmp_id, &tmp_type, &tmp_len,&sourceid);
ret = msg_recv_msg(udp_serv, data, sizeof(data),
&tmp_id, &tmp_type, &tmp_len,&sourceid);
if(debug_level >= DEBUG_LEVEL2)
printf("recv msg from %d type %d %d bytes \n ",sourceid,tmp_type,tmp_len);
if(ret == 0)
ret = handle_message(tmp_id, tmp_type,
data, tmp_len,sourceid,clients, conn_clients);
/*if(ret < 0)
{
disconnect_and_remove_client(tmp_id, clients,
&client_fds, 1);
} */
}
/* Check if data is ready from any of the clients */
for(i = 0; i < LIST_LEN(clients); i++)
{
client = list_get_at(clients, i);
/* Check for TCP data */
if(num_fds > 0 && client_tcp_fd_isset(client, &read_fds))
{
ret = client_recv_tcp_data(client);
if(ret == -1)
{
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds, 1);
i--;
continue;
}
else if(ret == -2)
{
client_mark_to_disconnect(client);
disconnect_and_remove_client(CLIENT_ID(client),
clients, &client_fds, 0);
}
num_fds--;
}
/* send any TCP data that was ready */
ret = client_send_udp_data(client);
if(ret < 0)
{
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds, 1);
i--;
}
}
/* Finally, send any udp data that's still in the queue */
for(i = 0; i < LIST_LEN(clients); i++)
{
client = list_get_at(clients, i);
ret = client_send_udp_data(client);
if(ret < 0 || client_ready_to_disconnect(client))
{
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds, 1);
i--;
}
}
}
done:
if(debug_level >= DEBUG_LEVEL1)
printf("Cleaning up...\n");
if(tcp_serv)
{
sock_close(tcp_serv);
sock_free(tcp_serv);
}
if(udp_serv)
{
sock_close(udp_serv);
sock_free(udp_serv);
}
if(clients)
list_free(clients);
if(conn_clients)
list_free(conn_clients);
if(debug_level >= DEBUG_LEVEL1)
printf("Goodbye.\n");
return 0;
}
static void peerip_clients_config(void)
{
struct client_t *c;
struct peerip_config_t *pe;
struct client_udp_t *udpclient;
char *s;
union sockaddr_u sa; /* large enough for also IPv6 address */
socklen_t addr_len = sizeof(sa);
for (pe = peerip_config; (pe); pe = pe->next) {
hlog(LOG_DEBUG, "Setting up UDP peer %s (%s)", pe->name, pe->host);
udpclient = client_udp_find(udppeers, pe->af, pe->local_port);
if (!udpclient) {
hlog(LOG_ERR, "Failed to find UDP socket on port %d for peer %s (%s)", pe->local_port, pe->name, pe->host);
continue;
}
c = client_alloc();
if (!c) {
hlog(LOG_ERR, "peerip_clients_config: client_alloc returned NULL");
abort();
}
c->fd = -1; // Right, this client will never have a socket of it's own.
c->ai_protocol = IPPROTO_UDP;
c->portnum = pe->local_port; // local port
c->state = CSTATE_COREPEER;
c->validated = VALIDATED_WEAK;
c->flags = CLFLAGS_UPLINKPORT;
c->handler_line_in = &incoming_handler;
memcpy((void *)&c->udpaddr.sa, (void *)pe->ai->ai_addr, pe->ai->ai_addrlen);
c->udpaddrlen = pe->ai->ai_addrlen;
c->udp_port = pe->remote_port; // remote port
c->addr = c->udpaddr;
c->udpclient = udpclient;
//c->portaccount = l->portaccount;
c->keepalive = tick + keepalive_interval;
c->last_read = tick; /* not simulated time */
inbound_connects_account(3, c->udpclient->portaccount); /* "3" = udp, not listening.. */
/* set up peer serverid to username */
strncpy(c->username, pe->serverid, sizeof(c->username));
c->username[sizeof(c->username)-1] = 0;
c->username_len = strlen(c->username);
/* convert client address to string */
s = strsockaddr( &c->udpaddr.sa, c->udpaddrlen );
/* text format of client's IP address + port */
strncpy(c->addr_rem, s, sizeof(c->addr_rem));
c->addr_rem[sizeof(c->addr_rem)-1] = 0;
hfree(s);
/* hex format of client's IP address + port */
s = hexsockaddr( &c->udpaddr.sa, c->udpaddrlen );
strncpy(c->addr_hex, s, sizeof(c->addr_hex));
c->addr_hex[sizeof(c->addr_hex)-1] = 0;
hfree(s);
/* text format of servers' connected IP address + port */
addr_len = sizeof(sa);
if (getsockname(c->udpclient->fd, &sa.sa, &addr_len) == 0) { /* Fails very rarely.. */
/* present my socket end address as a malloced string... */
s = strsockaddr( &sa.sa, addr_len );
} else {
hlog(LOG_ERR, "Peer config: getsockname on udpclient->fd failed: %s", strerror(errno));
s = hstrdup( "um" ); /* Server's bound IP address.. TODO: what? */
}
strncpy(c->addr_loc, s, sizeof(c->addr_loc));
c->addr_loc[sizeof(c->addr_loc)-1] = 0;
hfree(s);
/* pass the client to the first worker thread */
if (pass_client_to_worker(worker_threads, c)) {
hlog(LOG_ERR, "Failed to pass UDP peer %s (%s) to worker", pe->name, pe->host);
client_free(c);
}
}
}
static void do_accept(struct listen_t *l)
{
int fd;
struct client_t *c;
union sockaddr_u sa; /* large enough for also IPv6 address */
socklen_t addr_len = sizeof(sa);
static time_t last_EMFILE_report;
char *s;
if ((fd = accept(l->fd, (struct sockaddr*)&sa, &addr_len)) < 0) {
int e = errno;
switch (e) {
/* Errors reporting really bad internal (programming) bugs */
case EBADF:
case EINVAL:
#ifdef ENOTSOCK
case ENOTSOCK: /* Not a socket */
#endif
#ifdef EOPNOTSUPP
case EOPNOTSUPP: /* Not a SOCK_STREAM */
#endif
#ifdef ESOCKTNOSUPPORT
case ESOCKTNOSUPPORT: /* Linux errors ? */
#endif
#ifdef EPROTONOSUPPORT
case EPROTONOSUPPORT: /* Linux errors ? */
#endif
hlog(LOG_CRIT, "accept() failed: %s (giving up)", strerror(e));
exit(1); // ABORT with core-dump ??
break;
/* Too many open files -- rate limit the reporting -- every 10th second or so.. */
case EMFILE:
if (last_EMFILE_report + 10 <= tick) {
last_EMFILE_report = tick;
hlog(LOG_ERR, "accept() failed: %s (continuing)", strerror(e));
}
return;
/* Errors reporting system internal/external glitches */
default:
hlog(LOG_ERR, "accept() failed: %s (continuing)", strerror(e));
return;
}
}
/* convert client address to string */
s = strsockaddr( &sa.sa, addr_len );
/* TODO: the dropped connections here are not accounted. */
/* Limit amount of connections per port, and globally.
* Error messages written just before closing the socet may or may not get
* to the user, but at least we try.
*/
if (l->portaccount->gauge >= l->clients_max || inbound_connects.gauge >= maxclients) {
if (inbound_connects.gauge >= maxclients) {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s: MaxClients reached (%d)", l->addr_s, fd, s, inbound_connects.gauge);
/* The "if" is here only to silence a compiler warning
* about ignoring the result value. We're really
* disconnecting the client right now, so we don't care.
*/
if (write(fd, "# Server full\r\n", 15)) {};
} else {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s: Too many clients on Listener (%d)", l->addr_s, fd, s, l->portaccount->gauge);
if (write(fd, "# Port full\r\n", 13)) {};
}
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
/* match against acl... could probably have an error message to the client */
if (l->acl) {
if (!acl_check(l->acl, (struct sockaddr *)&sa, addr_len)) {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s (ACL)", l->addr_s, fd, s);
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
}
c = accept_client_for_listener(l, fd, s, &sa, addr_len);
if (!c) {
hlog(LOG_ERR, "%s - client_alloc returned NULL, too many clients. Denied client on fd %d from %s", l->addr_s, fd, s);
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
hfree(s);
c->state = CSTATE_LOGIN;
/* use the default login handler */
c->handler_line_in = &login_handler;
c->keepalive = tick + keepalive_interval;
#ifdef USE_SSL
if (l->ssl) {
if (ssl_create_connection(l->ssl, c, 0)) {
close(fd);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
}
#endif
hlog(LOG_DEBUG, "%s - Accepted client on fd %d from %s", c->addr_loc, c->fd, c->addr_rem);
/* set client socket options, return -1 on serious errors */
if (set_client_sockopt(c) != 0)
goto err;
/* ok, found it... lock the new client queue and pass the client */
if (pass_client_to_worker(pick_next_worker(), c))
goto err;
return;
err:
inbound_connects_account(0, c->portaccount); /* something failed, remove this from accounts.. */
client_free(c);
return;
}
static int accept_liveupgrade_single(cJSON *client, int *rxerr_map, int rxerr_map_len)
{
cJSON *fd, *listener_id, *username, *time_connect, *tick_connect;
cJSON *state;
cJSON *addr_loc;
cJSON *udp_port;
cJSON *app_name, *app_version;
cJSON *verified;
cJSON *obuf_q;
cJSON *bytes_rx, *bytes_tx;
cJSON *pkts_rx, *pkts_tx, *pkts_ign;
cJSON *rx_errs;
cJSON *filter;
cJSON *ibuf, *obuf;
cJSON *client_heard;
cJSON *lat, *lng;
unsigned addr_len;
union sockaddr_u sa;
char *argv[256];
int i, argc;
const char *username_s = "unknown";
/* get username first, so we can log it later */
username = accept_liveupgrade_cJSON_get(client, "username", cJSON_String, username_s);
if (username)
username_s = username->valuestring;
fd = accept_liveupgrade_cJSON_get(client, "fd", cJSON_Number, username_s);
int fd_i = -1;
if (fd)
fd_i = fd->valueint;
if (fd_i < 0) {
hlog(LOG_INFO, "Live upgrade: Client '%s' has negative fd %d, ignoring (corepeer?)", username_s, fd_i);
return -1;
}
listener_id = accept_liveupgrade_cJSON_get(client, "listener_id", cJSON_Number, username_s);
state = accept_liveupgrade_cJSON_get(client, "state", cJSON_String, username_s);
time_connect = accept_liveupgrade_cJSON_get(client, "t_connect", cJSON_Number, username_s);
addr_loc = accept_liveupgrade_cJSON_get(client, "addr_loc", cJSON_String, username_s);
app_name = accept_liveupgrade_cJSON_get(client, "app_name", cJSON_String, username_s);
app_version = accept_liveupgrade_cJSON_get(client, "app_version", cJSON_String, username_s);
verified = accept_liveupgrade_cJSON_get(client, "verified", cJSON_Number, username_s);
obuf_q = accept_liveupgrade_cJSON_get(client, "obuf_q", cJSON_Number, username_s);
bytes_rx = accept_liveupgrade_cJSON_get(client, "bytes_rx", cJSON_Number, username_s);
bytes_tx = accept_liveupgrade_cJSON_get(client, "bytes_tx", cJSON_Number, username_s);
pkts_rx = accept_liveupgrade_cJSON_get(client, "pkts_rx", cJSON_Number, username_s);
pkts_tx = accept_liveupgrade_cJSON_get(client, "pkts_tx", cJSON_Number, username_s);
pkts_ign = accept_liveupgrade_cJSON_get(client, "pkts_ign", cJSON_Number, username_s);
rx_errs = accept_liveupgrade_cJSON_get(client, "rx_errs", cJSON_Array, username_s);
filter = accept_liveupgrade_cJSON_get(client, "filter", cJSON_String, username_s);
/* optional */
tick_connect = cJSON_GetObjectItem(client, "t_connect_tick");
udp_port = cJSON_GetObjectItem(client, "udp_port");
ibuf = cJSON_GetObjectItem(client, "ibuf");
obuf = cJSON_GetObjectItem(client, "obuf");
client_heard = cJSON_GetObjectItem(client, "client_heard");
lat = cJSON_GetObjectItem(client, "lat");
lng = cJSON_GetObjectItem(client, "lng");
if (!(
(fd)
&& (listener_id)
&& (state)
&& (username)
&& (time_connect)
&& (addr_loc)
&& (app_name)
&& (app_version)
&& (verified)
&& (obuf_q)
&& (bytes_rx)
&& (bytes_tx)
&& (pkts_rx)
&& (pkts_tx)
&& (pkts_ign)
&& (rx_errs)
&& (filter)
)) {
hlog(LOG_ERR, "Live upgrade: Fields missing from client JSON, discarding client fd %d", fd_i);
if (fd_i >= 0)
close(fd_i);
return -1;
}
hlog(LOG_DEBUG, "Old client on fd %d: %s", fd->valueint, username->valuestring);
/* fetch peer address from the fd instead of parsing it from text */
addr_len = sizeof(sa);
if (getpeername(fd->valueint, &sa.sa, &addr_len) != 0) {
/* Sometimes clients disconnect during upgrade, especially on slow RPi servers... */
if (errno == ENOTCONN)
hlog(LOG_INFO, "Live upgrade: Client %s on fd %d has disconnected during upgrade (%s)",
username->valuestring, fd->valueint, strerror(errno));
else
hlog(LOG_ERR, "Live upgrade: getpeername client fd %d failed: %s", fd->valueint, strerror(errno));
close(fd->valueint);
return -1;
}
/* convert client address to string */
char *client_addr_s = strsockaddr( &sa.sa, addr_len );
/* find the right listener for this client, for configuration and accounting */
struct listen_t *l = liveupgrade_find_listener(listener_id->valueint);
if (!l) {
hlog(LOG_INFO, "Live upgrade: Listener has been removed for fd %d (%s - local %s): disconnecting %s",
fd->valueint, client_addr_s, addr_loc->valuestring, username->valuestring);
close(fd->valueint);
hfree(client_addr_s);
return -1;
}
struct client_t *c = accept_client_for_listener(l, fd->valueint, client_addr_s, &sa, addr_len);
if (!c) {
hlog(LOG_ERR, "Live upgrade - client_alloc returned NULL, too many clients. Denied client %s on fd %d from %s",
username->valuestring, fd->valueint, client_addr_s);
close(fd->valueint);
hfree(client_addr_s);
return -1;
}
hfree(client_addr_s);
if (strcmp(state->valuestring, "connected") == 0) {
c->state = CSTATE_CONNECTED;
c->handler_line_in = &incoming_handler;
strncpy(c->username, username->valuestring, sizeof(c->username));
c->username[sizeof(c->username)-1] = 0;
c->username_len = strlen(c->username);
} else if (strcmp(state->valuestring, "login") == 0) {
c->state = CSTATE_LOGIN;
c->handler_line_in = &login_handler;
} else {
hlog(LOG_ERR, "Live upgrade: Client %s is in invalid state '%s' (fd %d)", l->addr_s, state->valuestring, l->fd);
goto err;
}
/* distribute keepalive intervals for the existing old clients
* but send them rather sooner than later */
// coverity[dont_call] // squelch warning: not security sensitive use of random(): load distribution
c->keepalive = tick + (random() % (keepalive_interval/2));
/* distribute cleanup intervals over the next 2 minutes */
// coverity[dont_call] // squelch warning: not security sensitive use of random(): load distribution
c->cleanup = tick + (random() % 120);
c->connect_time = time_connect->valueint;
/* live upgrade / backward compatibility: upgrading from <= 1.8.2 requires the 'else' path' */
if (tick_connect && tick_connect->type == cJSON_Number)
c->connect_tick = tick_connect->valueint;
else /* convert to monotonic time */
c->connect_tick = tick - (now - c->connect_time);
c->validated = verified->valueint;
c->localaccount.rxbytes = bytes_rx->valuedouble;
c->localaccount.txbytes = bytes_tx->valuedouble;
c->localaccount.rxpackets = pkts_rx->valuedouble;
c->localaccount.txpackets = pkts_tx->valuedouble;
c->localaccount.rxdrops = pkts_ign->valuedouble;
login_set_app_name(c, app_name->valuestring, app_version->valuestring);
// handle client's filter setting
if (c->flags & CLFLAGS_USERFILTEROK && (filter) && (filter->valuestring) && *(filter->valuestring)) {
// archive a copy of the filters, for status display
strncpy(c->filter_s, filter->valuestring, FILTER_S_SIZE);
c->filter_s[FILTER_S_SIZE-1] = 0;
sanitize_ascii_string(c->filter_s);
char *f = hstrdup(filter->valuestring);
argc = parse_args(argv, f);
for (i = 0; i < argc; ++i) {
filter_parse(c, argv[i], 1);
}
hfree(f);
}
// set up UDP downstream if necessary
if (udp_port && udp_port->type == cJSON_Number && udp_port->valueint > 1024 && udp_port->valueint < 65536) {
if (login_setup_udp_feed(c, udp_port->valueint) != 0) {
hlog(LOG_DEBUG, "%s/%s: Requested UDP on client port with no UDP configured", c->addr_rem, c->username);
}
}
// fill up ibuf
if (ibuf && ibuf->type == cJSON_String && ibuf->valuestring) {
int l = hex_decode(c->ibuf, c->ibuf_size, ibuf->valuestring);
if (l < 0) {
hlog(LOG_ERR, "Live upgrade: %s/%s: Failed to decode ibuf: %s", c->addr_rem, c->username, ibuf->valuestring);
} else {
c->ibuf_end = l;
hlog(LOG_DEBUG, "Live upgrade: Decoded ibuf %d bytes: '%.*s'", l, l, c->ibuf);
hlog(LOG_DEBUG, "Hex: %s", ibuf->valuestring);
}
}
// fill up obuf
if (obuf && obuf->type == cJSON_String && obuf->valuestring) {
int l = hex_decode(c->obuf, c->obuf_size, obuf->valuestring);
if (l < 0) {
hlog(LOG_ERR, "Live upgrade: %s/%s: Failed to decode obuf: %s", c->addr_rem, c->username, obuf->valuestring);
} else {
c->obuf_start = 0;
c->obuf_end = l;
hlog(LOG_DEBUG, "Live upgrade: Decoded obuf %d bytes: '%.*s'", l, l, c->obuf);
hlog(LOG_DEBUG, "Hex: %s", obuf->valuestring);
}
}
/* load list of stations heard by this client, to immediately support
* messaging
*/
if (client_heard && client_heard->type == cJSON_Array)
client_heard_json_load(c, client_heard);
/* load rxerrs counters, with error name string mapping to support
* adding/reordering of error counters
*/
if (rx_errs && rx_errs->type == cJSON_Array && rxerr_map && rxerr_map_len > 0)
accept_rx_err_load(c, rx_errs, rxerr_map, rxerr_map_len);
/* set client lat/lon, if they're given
*/
if (lat && lng && lat->type == cJSON_Number && lng->type == cJSON_Number) {
c->loc_known = 1;
c->lat = lat->valuedouble;
c->lng = lng->valuedouble;
}
hlog(LOG_DEBUG, "%s - Accepted live upgrade client on fd %d from %s", c->addr_loc, c->fd, c->addr_rem);
/* set client socket options, return -1 on serious errors */
if (set_client_sockopt(c) != 0)
goto err;
/* Add the client to the client list. */
int old_fd = clientlist_add(c);
if (c->validated && old_fd != -1) {
/* TODO: If old connection is SSL validated, and this one is not, do not disconnect it. */
hlog(LOG_INFO, "fd %d: Disconnecting duplicate validated client with username '%s'", old_fd, c->username);
shutdown(old_fd, SHUT_RDWR);
}
/* ok, found it... lock the new client queue and pass the client */
if (pass_client_to_worker(pick_next_worker(), c))
goto err;
return 0;
err:
close(c->fd);
inbound_connects_account(0, c->portaccount); /* something failed, remove this from accounts.. */
client_free(c);
return -1;
}
void accept_thread(void *asdf)
{
sigset_t sigs_to_block;
int e, n;
struct pollfd *acceptpfd = NULL;
struct listen_t **acceptpl = NULL;
int listen_n = 0;
int poll_n = 0;
struct listen_t *l;
pthreads_profiling_reset("accept");
sigemptyset(&sigs_to_block);
sigaddset(&sigs_to_block, SIGALRM);
sigaddset(&sigs_to_block, SIGINT);
sigaddset(&sigs_to_block, SIGTERM);
sigaddset(&sigs_to_block, SIGQUIT);
sigaddset(&sigs_to_block, SIGHUP);
sigaddset(&sigs_to_block, SIGURG);
sigaddset(&sigs_to_block, SIGPIPE);
sigaddset(&sigs_to_block, SIGUSR1);
sigaddset(&sigs_to_block, SIGUSR2);
pthread_sigmask(SIG_BLOCK, &sigs_to_block, NULL);
/* start the accept thread, which will start server threads */
hlog(LOG_INFO, "Accept thread starting...");
/* we allocate a worker structure to be used within the accept thread
* for parsing incoming UDP packets and passing them on to the dupecheck
* thread.
*/
udp_worker = worker_alloc();
udp_worker->id = 81;
/* we also need a client structure to be used with incoming
* HTTP position uploads
*/
udp_pseudoclient = pseudoclient_setup(81);
udp_pseudoclient->flags |= CLFLAGS_UDPSUBMIT;
accept_reconfiguring = 1;
while (!accept_shutting_down) {
if (accept_reconfiguring) {
accept_reconfiguring = 0;
listen_n -= close_removed_listeners();
/* start listening on the sockets */
listen_n += open_missing_listeners();
if (listen_n < 1) {
hlog(LOG_CRIT, "Failed to listen on any ports.");
exit(2);
}
/* reconfiguration must scan old clients against ACL */
rescan_client_acls();
/* how many are we polling */
poll_n = 0;
for (l = listen_list; (l); l = l->next)
if (!l->corepeer)
poll_n++;
hlog(LOG_DEBUG, "Generating polling list for %d/%d listeners...", poll_n, listen_n);
/* array of FDs for poll() */
if (acceptpfd)
hfree(acceptpfd);
acceptpfd = hmalloc(poll_n * sizeof(*acceptpfd));
/* array of listeners */
if (acceptpl)
hfree(acceptpl);
acceptpl = hmalloc(poll_n * sizeof(*acceptpl));
n = 0;
for (l = listen_list; (l); l = l->next) {
/* The accept thread does not poll() UDP sockets for core peers.
* Worker 0 takes care of that, and processes the incoming packets.
*/
if (l->corepeer) {
hlog(LOG_DEBUG, "... %d: fd %d (%s) - not polled, is corepeer", n, (l->udp) ? l->udp->fd : l->fd, l->addr_s);
continue;
}
int fd;
if (l->udp) {
l->udp->polled = 1;
fd = l->udp->fd;
} else {
fd = l->fd;
}
hlog(LOG_DEBUG, "... %d: fd %d (%s)", n, fd, l->addr_s);
acceptpfd[n].fd = fd;
acceptpfd[n].events = POLLIN|POLLPRI|POLLERR|POLLHUP;
acceptpl[n] = l;
n++;
}
hlog(LOG_INFO, "Accept thread ready.");
/* stop the dupechecking and uplink threads while adjusting
* the amount of workers... they walk the worker list, and
* might get confused when workers are stopped or started.
*/
if (workers_running != workers_configured) {
uplink_stop();
dupecheck_stop();
workers_start();
dupecheck_start();
uplink_start();
}
/*
* generate UDP peer clients
*/
peerip_clients_close();
if (peerip_config)
peerip_clients_config();
/* accept liveupgrade clients */
if (liveupgrade_status)
accept_liveupgrade_accept();
}
/* check for new connections */
e = poll(acceptpfd, poll_n, 200);
if (e == 0)
continue;
if (e < 0) {
if (errno == EINTR)
continue;
hlog(LOG_ERR, "poll() on accept failed: %s (continuing)", strerror(errno));
continue;
}
/* now, which socket was that on? */
for (n = 0; n < poll_n; n++) {
l = acceptpl[n];
if (!(l) || (l->udp ? l->udp->fd : l->fd) != acceptpfd[n].fd) {
hlog(LOG_CRIT, "accept_thread: polling list and listener list do mot match!");
exit(1);
}
if (acceptpfd[n].revents) {
if (l->udp)
accept_udp_recv(l); /* receive UDP packets */
else
do_accept(l); /* accept a single connection */
}
}
}
if (accept_shutting_down == 2)
worker_shutdown_clients = cJSON_CreateArray();
hlog(LOG_DEBUG, "Accept thread shutting down listening sockets and worker threads...");
uplink_stop();
close_listeners();
dupecheck_stop();
http_shutting_down = 1;
workers_stop(accept_shutting_down);
hfree(acceptpfd);
hfree(acceptpl);
acceptpfd = NULL;
acceptpl = NULL;
/* free up the pseudo-client */
client_free(udp_pseudoclient);
udp_pseudoclient = NULL;
/* free up the pseudo-worker structure, after dupecheck is long dead */
worker_free_buffers(udp_worker);
hfree(udp_worker);
udp_worker = NULL;
}
void clean_up(void){
enet_host_destroy(enet_client);
client_free(tclient);
}
static void
server_stop (int sig) {
struct client *c;
struct daemon *d;
pool_destroy (slow_pool);
pool_destroy (fast_pool);
pool_destroy (clients_pool);
pool_destroy (daemons_pool);
(void) sig;
log_failure (log_file, "Ok, received a signal");
sleep (2);
sem_destroy (&clients_lock);
sem_destroy (&daemons_lock);
sem_destroy (&file_cache_lock);
sem_destroy (&downloads_lock);
if (clients) {
while (clients) {
c = clients->next;
client_free (clients);
clients = c;
}
log_success (log_file,
"%s : all clients have been freed",
__func__);
}
if (daemons) {
while (daemons) {
d = daemons->next;
daemon_send (daemons, "quit\n");
daemon_free (daemons);
daemons = d;
}
log_success (log_file,
"%s : all daemons have been freed",
__func__);
}
if (file_cache) {
file_cache_free (file_cache);
log_success (log_file,
"%s : file cache has been freed",
__func__);
}
if (unlink (prefs->lock_file) < 0)
if (log_file)
log_failure (log_file, "Could not destroy the lock file");
if (prefs) {
conf_free (prefs);
log_success (log_file,
"%s : Preferences have been freed.",
__func__);
}
if (log_file) {
log_success (log_file, "Stopping server, waiting for SIGKILL");
fclose (log_file);
}
exit (EXIT_SUCCESS);
}
/** Allocate a new client from a config section
*
* @param ctx to allocate new clients in.
* @param cs to process as a client.
* @param in_server Whether the client should belong to a specific virtual server.
* @param with_coa If true and coa_server or coa_pool aren't specified automatically,
* create a coa home_server section and add it to the client CONF_SECTION.
* @return new RADCLIENT struct.
*/
RADCLIENT *client_afrom_cs(TALLOC_CTX *ctx, CONF_SECTION *cs, bool in_server, bool with_coa)
{
RADCLIENT *c;
char const *name2;
name2 = cf_section_name2(cs);
if (!name2) {
cf_log_err_cs(cs, "Missing client name");
return NULL;
}
/*
* The size is fine.. Let's create the buffer
*/
c = talloc_zero(ctx, RADCLIENT);
c->cs = cs;
memset(&cl_ipaddr, 0, sizeof(cl_ipaddr));
if (cf_section_parse(cs, c, client_config) < 0) {
cf_log_err_cs(cs, "Error parsing client section");
error:
client_free(c);
#ifdef WITH_TCP
hs_proto = NULL;
cl_srcipaddr = NULL;
#endif
return NULL;
}
/*
* Global clients can set servers to use, per-server clients cannot.
*/
if (in_server && c->server) {
cf_log_err_cs(cs, "Clients inside of an server section cannot point to a server");
goto error;
}
/*
* Newer style client definitions with either ipaddr or ipaddr6
* config items.
*/
if (cf_pair_find(cs, "ipaddr") || cf_pair_find(cs, "ipv4addr") || cf_pair_find(cs, "ipv6addr")) {
char buffer[128];
/*
* Sets ipv4/ipv6 address and prefix.
*/
c->ipaddr = cl_ipaddr;
/*
* Set the long name to be the result of a reverse lookup on the IP address.
*/
ip_ntoh(&c->ipaddr, buffer, sizeof(buffer));
c->longname = talloc_typed_strdup(c, buffer);
/*
* Set the short name to the name2.
*/
if (!c->shortname) c->shortname = talloc_typed_strdup(c, name2);
/*
* No "ipaddr" or "ipv6addr", use old-style "client <ipaddr> {" syntax.
*/
} else {
cf_log_err_cs(cs, "No 'ipaddr' or 'ipv4addr' or 'ipv6addr' configuration "
"directive found in client %s", name2);
goto error;
}
c->proto = IPPROTO_UDP;
if (hs_proto) {
if (strcmp(hs_proto, "udp") == 0) {
hs_proto = NULL;
#ifdef WITH_TCP
} else if (strcmp(hs_proto, "tcp") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_TCP;
# ifdef WITH_TLS
} else if (strcmp(hs_proto, "tls") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_TCP;
c->tls_required = true;
} else if (strcmp(hs_proto, "radsec") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_TCP;
c->tls_required = true;
# endif
} else if (strcmp(hs_proto, "*") == 0) {
hs_proto = NULL;
c->proto = IPPROTO_IP; /* fake for dual */
#endif
} else {
cf_log_err_cs(cs, "Unknown proto \"%s\".", hs_proto);
goto error;
}
}
/*
* If a src_ipaddr is specified, when we send the return packet
* we will use this address instead of the src from the
* request.
*/
if (cl_srcipaddr) {
#ifdef WITH_UDPFROMTO
switch (c->ipaddr.af) {
case AF_INET:
if (fr_pton4(&c->src_ipaddr, cl_srcipaddr, -1, true, false) < 0) {
cf_log_err_cs(cs, "Failed parsing src_ipaddr: %s", fr_strerror());
goto error;
}
break;
case AF_INET6:
if (fr_pton6(&c->src_ipaddr, cl_srcipaddr, -1, true, false) < 0) {
cf_log_err_cs(cs, "Failed parsing src_ipaddr: %s", fr_strerror());
goto error;
}
break;
default:
rad_assert(0);
}
#else
WARN("Server not built with udpfromto, ignoring client src_ipaddr");
#endif
cl_srcipaddr = NULL;
}
/*
* A response_window of zero is OK, and means that it's
* ignored by the rest of the server timers.
*/
if (timerisset(&c->response_window)) {
FR_TIMEVAL_BOUND_CHECK("response_window", &c->response_window, >=, 0, 1000);
FR_TIMEVAL_BOUND_CHECK("response_window", &c->response_window, <=, 60, 0);
FR_TIMEVAL_BOUND_CHECK("response_window", &c->response_window, <=, main_config.max_request_time, 0);
}
RADCLIENT *client_from_request(RADCLIENT_LIST *clients, REQUEST *request)
{
int i, *pi;
char **p;
RADCLIENT *c;
char buffer[128];
if (!clients || !request) return NULL;
c = talloc_zero(clients, RADCLIENT);
c->cs = request->client->cs;
c->ipaddr.af = AF_UNSPEC;
c->src_ipaddr.af = AF_UNSPEC;
for (i = 0; dynamic_config[i].name != NULL; i++) {
DICT_ATTR const *da;
VALUE_PAIR *vp;
da = dict_attrbyname(dynamic_config[i].name);
if (!da) {
DEBUG("- Cannot add client %s: attribute \"%s\"is not in the dictionary",
ip_ntoh(&request->packet->src_ipaddr,
buffer, sizeof(buffer)),
dynamic_config[i].name);
error:
client_free(c);
return NULL;
}
vp = pairfind(request->config_items, da->attr, da->vendor, TAG_ANY);
if (!vp) {
/*
* Not required. Skip it.
*/
if (!dynamic_config[i].dflt) continue;
DEBUG("- Cannot add client %s: Required attribute \"%s\" is missing.",
ip_ntoh(&request->packet->src_ipaddr,
buffer, sizeof(buffer)),
dynamic_config[i].name);
goto error;
}
switch (dynamic_config[i].type) {
case PW_TYPE_IPV4_ADDR:
if (da->attr == PW_FREERADIUS_CLIENT_IP_ADDRESS) {
c->ipaddr.af = AF_INET;
c->ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
c->ipaddr.prefix = 32;
} else if (da->attr == PW_FREERADIUS_CLIENT_SRC_IP_ADDRESS) {
#ifdef WITH_UDPFROMTO
c->src_ipaddr.af = AF_INET;
c->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
#else
WARN("Server not built with udpfromto, ignoring FreeRADIUS-Client-Src-IP-Address");
#endif
}
break;
case PW_TYPE_IPV6_ADDR:
if (da->attr == PW_FREERADIUS_CLIENT_IPV6_ADDRESS) {
c->ipaddr.af = AF_INET6;
c->ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
c->ipaddr.prefix = 128;
} else if (da->attr == PW_FREERADIUS_CLIENT_SRC_IPV6_ADDRESS) {
#ifdef WITH_UDPFROMTO
c->src_ipaddr.af = AF_INET6;
c->src_ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
#else
WARN("Server not built with udpfromto, ignoring FreeRADIUS-Client-Src-IPv6-Address");
#endif
}
break;
case PW_TYPE_IPV4_PREFIX:
if (da->attr == PW_FREERADIUS_CLIENT_IP_PREFIX) {
c->ipaddr.af = AF_INET;
memcpy(&c->ipaddr.ipaddr.ip4addr.s_addr, &(vp->vp_ipv4prefix[2]), sizeof(c->ipaddr.ipaddr.ip4addr.s_addr));
fr_ipaddr_mask(&c->ipaddr, (vp->vp_ipv4prefix[1] & 0x3f));
}
break;
case PW_TYPE_IPV6_PREFIX:
if (da->attr == PW_FREERADIUS_CLIENT_IPV6_PREFIX) {
c->ipaddr.af = AF_INET6;
memcpy(&c->ipaddr.ipaddr.ip6addr, &(vp->vp_ipv6prefix[2]), sizeof(c->ipaddr.ipaddr.ip6addr));
fr_ipaddr_mask(&c->ipaddr, vp->vp_ipv6prefix[1]);
}
break;
case PW_TYPE_STRING:
p = (char **) ((char *) c + dynamic_config[i].offset);
if (*p) talloc_free(*p);
if (vp->vp_strvalue[0]) {
*p = talloc_typed_strdup(c->cs, vp->vp_strvalue);
} else {
*p = NULL;
}
break;
case PW_TYPE_BOOLEAN:
pi = (int *) ((bool *) ((char *) c + dynamic_config[i].offset));
*pi = vp->vp_integer;
break;
default:
goto error;
}
}
if (c->ipaddr.af == AF_UNSPEC) {
DEBUG("- Cannot add client %s: No IP address was specified.",
ip_ntoh(&request->packet->src_ipaddr,
buffer, sizeof(buffer)));
goto error;
}
{
fr_ipaddr_t addr;
/*
* Need to apply the same mask as we set for the client
* else clients created with FreeRADIUS-Client-IPv6-Prefix
* or FreeRADIUS-Client-IPv4-Prefix will fail this check.
*/
addr = request->packet->src_ipaddr;
fr_ipaddr_mask(&addr, c->ipaddr.prefix);
if (fr_ipaddr_cmp(&addr, &c->ipaddr) != 0) {
char buf2[128];
DEBUG("- Cannot add client %s: IP address %s do not match",
ip_ntoh(&request->packet->src_ipaddr, buffer, sizeof(buffer)),
ip_ntoh(&c->ipaddr, buf2, sizeof(buf2)));
goto error;
}
}
if (!c->secret || !*c->secret) {
DEBUG("- Cannot add client %s: No secret was specified.",
ip_ntoh(&request->packet->src_ipaddr,
buffer, sizeof(buffer)));
goto error;
}
if (!client_validate(clients, request->client, c)) {
return NULL;
}
if ((c->src_ipaddr.af != AF_UNSPEC) && (c->src_ipaddr.af != c->ipaddr.af)) {
DEBUG("- Cannot add client %s: Client IP and src address are different IP version.",
ip_ntoh(&request->packet->src_ipaddr,
buffer, sizeof(buffer)));
goto error;
}
return c;
}
/** Load clients from LDAP on server start
*
* @param[in] inst rlm_ldap configuration.
* @param[in] cs to load client attribute/LDAP attribute mappings from.
* @return -1 on error else 0.
*/
CC_HINT(nonnull) int rlm_ldap_client_load(ldap_instance_t const *inst, CONF_SECTION *cs)
{
int ret = 0;
ldap_rcode_t status;
ldap_handle_t *conn = NULL;
char const **attrs = NULL;
CONF_PAIR *cp;
int count = 0, idx = 0;
LDAPMessage *result = NULL;
LDAPMessage *entry;
char *dn = NULL;
RADCLIENT *c;
LDAP_DBG("Loading dynamic clients");
rad_assert(inst->clientobj_base_dn);
if (!inst->clientobj_filter) {
LDAP_ERR("Told to load clients but 'client.filter' not specified");
return -1;
}
count = cf_pair_count(cs);
count++;
/*
* Create an array of LDAP attributes to feed to rlm_ldap_search.
*/
attrs = talloc_array(inst, char const *, count);
if (rlm_ldap_client_get_attrs(attrs, &idx, cs) < 0) return -1;
conn = rlm_ldap_get_socket(inst, NULL);
if (!conn) return -1;
/*
* Perform all searches as the admin user.
*/
if (conn->rebound) {
status = rlm_ldap_bind(inst, NULL, &conn, inst->admin_dn, inst->password, true);
if (status != LDAP_PROC_SUCCESS) {
ret = -1;
goto finish;
}
rad_assert(conn);
conn->rebound = false;
}
status = rlm_ldap_search(inst, NULL, &conn, inst->clientobj_base_dn, inst->clientobj_scope,
inst->clientobj_filter, attrs, &result);
switch (status) {
case LDAP_PROC_SUCCESS:
break;
case LDAP_PROC_NO_RESULT:
LDAP_INFO("No clients were found in the directory");
ret = 0;
goto finish;
default:
ret = -1;
goto finish;
}
rad_assert(conn);
entry = ldap_first_entry(conn->handle, result);
if (!entry) {
int ldap_errno;
ldap_get_option(conn->handle, LDAP_OPT_RESULT_CODE, &ldap_errno);
LDAP_ERR("Failed retrieving entry: %s", ldap_err2string(ldap_errno));
ret = -1;
goto finish;
}
do {
CONF_SECTION *cc;
char *id;
char **value;
id = dn = ldap_get_dn(conn->handle, entry);
cp = cf_pair_find(cs, "identifier");
if (cp) {
value = ldap_get_values(conn->handle, entry, cf_pair_value(cp));
if (value) id = value[0];
}
/*
* Iterate over mapping sections
*/
cc = cf_section_alloc(NULL, "client", id);
if (rlm_ldap_client_map_section(inst, cc, cs, conn, entry) < 0) {
talloc_free(cc);
ret = -1;
goto finish;
}
/*
*@todo these should be parented from something
*/
c = client_afrom_cs(NULL, cc, false);
if (!c) {
talloc_free(cc);
ret = -1;
goto finish;
}
/*
* Client parents the CONF_SECTION which defined it
*/
talloc_steal(c, cc);
if (!client_add(NULL, c)) {
LDAP_ERR("Failed to add client \"%s\", possible duplicate?", dn);
ret = -1;
client_free(c);
goto finish;
}
LDAP_DBG("Client \"%s\" added", dn);
ldap_memfree(dn);
dn = NULL;
} while ((entry = ldap_next_entry(conn->handle, entry)));
finish:
talloc_free(attrs);
if (dn) ldap_memfree(dn);
if (result) ldap_msgfree(result);
rlm_ldap_release_socket(inst, conn);
return ret;
}
static int driver_add_match(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
struct bus_match_component *components = NULL;
Context *context = userdata;
unsigned n_components = 0;
Match *m = NULL;
Client *c = NULL;
char *arg0;
uint64_t id;
int r;
assert(bus);
assert(message);
assert(context);
r = sd_bus_message_read(message, "s", &arg0);
if (r < 0)
return r;
r = bus_kernel_parse_unique_name(message->sender, &id);
if (r < 0)
return r;
r = client_acquire(context, id, &c);
if (r == -ENOBUFS)
return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Reached limit of %u clients", CLIENTS_MAX);
if (r < 0)
return r;
if (c->n_matches >= MATCHES_MAX) {
r = sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Reached limit of %u matches per client", MATCHES_MAX);
goto fail;
}
r = bus_match_parse(arg0, &components, &n_components);
if (r < 0) {
r = sd_bus_error_setf(error, SD_BUS_ERROR_MATCH_RULE_INVALID, "Match rule \"%s\" is not valid", arg0);
goto fail;
}
r = match_new(c, components, n_components, &m);
if (r < 0)
goto fail;
r = bus_add_match_internal_kernel(bus, id, components, n_components, m->cookie);
if (r < 0)
goto fail;
bus_match_parse_free(components, n_components);
return sd_bus_reply_method_return(message, NULL);
fail:
bus_match_parse_free(components, n_components);
match_free(m);
if (c->n_matches <= 0)
client_free(c);
return r;
}
static gboolean client_cb(GIOChannel *chan, GIOCondition cond, gpointer data)
{
char buf[BT_SUGGESTED_BUFFER_SIZE];
bt_audio_msg_header_t *msghdr = (void *) buf;
struct unix_client *client = data;
int len;
const char *type, *name;
if (cond & G_IO_NVAL)
return FALSE;
if (cond & (G_IO_HUP | G_IO_ERR)) {
debug("Unix client disconnected (fd=%d)", client->sock);
goto failed;
}
memset(buf, 0, sizeof(buf));
len = recv(client->sock, buf, sizeof(buf), 0);
if (len < 0) {
error("recv: %s (%d)", strerror(errno), errno);
goto failed;
}
type = bt_audio_strtype(msghdr->type);
name = bt_audio_strname(msghdr->name);
debug("Audio API: %s <- %s", type, name);
if (msghdr->length != len) {
error("Invalid message: length mismatch");
goto failed;
}
switch (msghdr->name) {
case BT_GET_CAPABILITIES:
handle_getcapabilities_req(client,
(struct bt_get_capabilities_req *) msghdr);
break;
case BT_OPEN:
handle_open_req(client,
(struct bt_open_req *) msghdr);
break;
case BT_SET_CONFIGURATION:
handle_setconfiguration_req(client,
(struct bt_set_configuration_req *) msghdr);
break;
case BT_START_STREAM:
handle_streamstart_req(client,
(struct bt_start_stream_req *) msghdr);
break;
case BT_STOP_STREAM:
handle_streamstop_req(client,
(struct bt_stop_stream_req *) msghdr);
break;
case BT_CLOSE:
handle_close_req(client,
(struct bt_close_req *) msghdr);
break;
case BT_CONTROL:
handle_control_req(client,
(struct bt_control_req *) msghdr);
break;
default:
error("Audio API: received unexpected message name %d",
msghdr->name);
}
return TRUE;
failed:
clients = g_slist_remove(clients, client);
start_close(client->dev, client, FALSE);
client_free(client);
return FALSE;
}
int udpclient(int argc, char* argv[])
{
char* lhost, *lport, *phost, *pport, *rhost, *rport;
list_t* clients;
list_t* conn_clients;
client_t* client;
client_t* client2;
socket_t* tcp_serv = NULL;
socket_t* tcp_sock = NULL;
socket_t* udp_sock = NULL;
char data[MSG_MAX_LEN];
char addrstr[ADDRSTRLEN];
char pport_s[6];
struct timeval curr_time;
struct timeval check_time;
struct timeval check_interval;
struct timeval timeout;
fd_set client_fds;
fd_set read_fds;
uint16_t tmp_id;
uint8_t tmp_type;
uint16_t tmp_len;
uint16_t tmp_req_id;
int num_fds;
int ret;
int i;
int icmp_sock ;
int timeexc = -1;
struct sockaddr_in src, dest, rsrc;
struct hostent* hp;
uint32_t timeexc_ip;
signal(SIGINT, &signal_handler);
i = 0;
if(index(argv[i], 58) || index(argv[i], 46))
lhost = argv[i++];
else
lhost = NULL;
lport = argv[i++];
phost = argv[i++];
if(index(argv[i], 58) || index(argv[i], 46)) {
snprintf(pport_s, 5, "2222");
pport = pport_s;
} else
pport = argv[i++];
rhost = argv[i++];
rport = argv[i++];
/* Get info about localhost IP */
if(!lhost){
char szHostName[255];
gethostname(szHostName, 255);
hp = gethostbyname(szHostName);
}else{
hp = gethostbyname(lhost);
}
memset(&rsrc, 0, sizeof(struct sockaddr_in));
timeexc_ip = *(uint32_t*)hp->h_addr_list[0];
rsrc.sin_family = AF_INET;
rsrc.sin_port = 0;
rsrc.sin_addr.s_addr = timeexc_ip;
/* IP of destination */
memset(&src, 0, sizeof(struct sockaddr_in));
hp = gethostbyname(phost);
timeexc_ip = *(uint32_t*)hp->h_addr_list[0];
src.sin_family = AF_INET;
src.sin_port = 0;
src.sin_addr.s_addr = timeexc_ip;
/* IP of where the fake packet (echo request) was going */
hp = gethostbyname("3.3.3.3");
memcpy(&dest.sin_addr, hp->h_addr, hp->h_length);
inet_pton(AF_INET, "3.3.3.3", &(dest.sin_addr));
srand(time(NULL));
next_req_id = rand() % 0xffff;
/* Create an empty list for the clients */
clients = list_create(sizeof(client_t), p_client_cmp, p_client_copy,
p_client_free);
ERROR_GOTO(clients == NULL, "Error creating clients list.", done);
/* Create and empty list for the connecting clients */
conn_clients = list_create(sizeof(client_t), p_client_cmp, p_client_copy,
p_client_free);
ERROR_GOTO(conn_clients == NULL, "Error creating clients list.", done);
/* Create a TCP server socket to listen for incoming connections */
tcp_serv = sock_create(lhost, lport, ipver, SOCK_TYPE_TCP, 1, 1);
ERROR_GOTO(tcp_serv == NULL, "Error creating TCP socket.", done);
if(debug_level >= DEBUG_LEVEL1) {
printf("Listening on TCP %s\n",
sock_get_str(tcp_serv, addrstr, sizeof(addrstr)));
}
FD_ZERO(&client_fds);
/* Initialize all the timers */
timerclear(&timeout);
check_interval.tv_sec = 0;
check_interval.tv_usec = 500000;
gettimeofday(&check_time, NULL);
/* open raw socket */
create_icmp_socket(&icmp_sock);
if(icmp_sock == -1) {
printf("[main] can't open raw socket\n");
exit(1);
}
while(running) {
if(!timerisset(&timeout))
timeout.tv_usec = 50000;
if(++timeexc==100) {
timeexc=0;
/* Send ICMP TTL exceeded to penetrate remote NAT */
send_icmp(icmp_sock, &rsrc, &src, &dest, 0);
}
read_fds = client_fds;
FD_SET(SOCK_FD(tcp_serv), &read_fds);
ret = select(FD_SETSIZE, &read_fds, NULL, NULL, &timeout);
PERROR_GOTO(ret < 0, "select", done);
num_fds = ret;
gettimeofday(&curr_time, NULL);
/* Go through all the clients and check if didn't get an ACK for sent
data during the timeout period */
if(timercmp(&curr_time, &check_time, >)) {
for(i = 0; i < LIST_LEN(clients); i++) {
client = list_get_at(clients, i);
ret = client_check_and_resend(client, curr_time);
if(ret == -2) {
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds);
i--;
continue;
}
ret = client_check_and_send_keepalive(client, curr_time);
if(ret == -2) {
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds);
i--;
}
}
timeradd(&curr_time, &check_interval, &check_time);
}
if(num_fds == 0) continue;
timeexc=0;
/* Check if pending TCP connection to accept and create a new client
and UDP connection if one is ready */
if(FD_ISSET(SOCK_FD(tcp_serv), &read_fds)) {
tcp_sock = sock_accept(tcp_serv);
udp_sock = sock_create(phost, pport, ipver,
SOCK_TYPE_UDP, 0, 1);
client = client_create(next_req_id++, tcp_sock, udp_sock, 1);
if(!client || !tcp_sock || !udp_sock) {
if(tcp_sock)
sock_close(tcp_sock);
if(udp_sock)
sock_close(udp_sock);
} else {
client2 = list_add(conn_clients, client);
client_free(client);
client = NULL;
client_send_hello(client2, rhost, rport, CLIENT_ID(client2));
client_add_tcp_fd_to_set(client2, &client_fds);
client_add_udp_fd_to_set(client2, &client_fds);
}
sock_free(tcp_sock);
sock_free(udp_sock);
tcp_sock = NULL;
udp_sock = NULL;
num_fds--;
}
/* Check for pending handshakes from UDP connection */
for(i = 0; i < LIST_LEN(conn_clients) && num_fds > 0; i++) {
client = list_get_at(conn_clients, i);
if(client_udp_fd_isset(client, &read_fds)) {
num_fds--;
tmp_req_id = CLIENT_ID(client);
ret = client_recv_udp_msg(client, data, sizeof(data),
&tmp_id, &tmp_type, &tmp_len);
if(ret == 0)
ret = handle_message(client, tmp_id, tmp_type,
data, tmp_len);
if(ret < 0) {
disconnect_and_remove_client(tmp_req_id, conn_clients,
&client_fds);
i--;
} else {
client = list_add(clients, client);
list_delete_at(conn_clients, i);
client_remove_udp_fd_from_set(client, &read_fds);
i--;
}
}
}
/* Check if data is ready from any of the clients */
for(i = 0; i < LIST_LEN(clients) && num_fds > 0; i++) {
client = list_get_at(clients, i);
/* Check for UDP data */
if(client_udp_fd_isset(client, &read_fds)) {
num_fds--;
ret = client_recv_udp_msg(client, data, sizeof(data),
&tmp_id, &tmp_type, &tmp_len);
if(ret == 0)
ret = handle_message(client, tmp_id, tmp_type,
data, tmp_len);
if(ret < 0) {
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds);
i--;
continue; /* Don't go to check the TCP connection */
}
}
/* Check for TCP data */
if(client_tcp_fd_isset(client, &read_fds)) {
num_fds--;
ret = client_recv_tcp_data(client);
if(ret == 0)
ret = client_send_udp_data(client);
#if 0 /* if udptunnel is taking up 100% of cpu, try including this */
else if(ret == 1)
#ifdef _WIN32
_sleep(1);
#else
usleep(1000); /* Quick hack so doesn't use 100% of CPU if
data wasn't ready yet (waiting for ack) */
#endif /*WIN32*/
#endif /*0*/
if(ret < 0) {
disconnect_and_remove_client(CLIENT_ID(client), clients,
&client_fds);
i--;
}
}
}
}
done:
if(debug_level >= DEBUG_LEVEL1)
printf("Cleaning up...\n");
if(tcp_serv) {
sock_close(tcp_serv);
sock_free(tcp_serv);
}
if(udp_sock) {
sock_close(udp_sock);
sock_free(udp_sock);
}
if(clients)
list_free(clients);
if(debug_level >= DEBUG_LEVEL1)
printf("Goodbye.\n");
return 0;
}
static int generate_sql_clients(rlm_sql_t *inst)
{
rlm_sql_handle_t *handle;
rlm_sql_row_t row;
unsigned int i = 0;
int ret = 0;
RADCLIENT *c;
DEBUG("rlm_sql (%s): Processing generate_sql_clients",
inst->name);
DEBUG("rlm_sql (%s) in generate_sql_clients: query is %s",
inst->name, inst->config->client_query);
handle = fr_connection_get(inst->pool);
if (!handle) return -1;
if (rlm_sql_select_query(inst, NULL, &handle, inst->config->client_query) != RLM_SQL_OK) return -1;
while ((rlm_sql_fetch_row(&row, inst, NULL, &handle) == 0) && (row = handle->row)) {
char *server = NULL;
i++;
/*
* The return data for each row MUST be in the following order:
*
* 0. Row ID (currently unused)
* 1. Name (or IP address)
* 2. Shortname
* 3. Type
* 4. Secret
* 5. Virtual Server (optional)
*/
if (!row[0]){
ERROR("rlm_sql (%s): No row id found on pass %d",inst->name,i);
continue;
}
if (!row[1]){
ERROR("rlm_sql (%s): No nasname found for row %s",inst->name,row[0]);
continue;
}
if (!row[2]){
ERROR("rlm_sql (%s): No short name found for row %s",inst->name,row[0]);
continue;
}
if (!row[4]){
ERROR("rlm_sql (%s): No secret found for row %s",inst->name,row[0]);
continue;
}
if (((inst->module->sql_num_fields)(handle, inst->config) > 5) && (row[5] != NULL) && *row[5]) {
server = row[5];
}
DEBUG("rlm_sql (%s): Adding client %s (%s) to %s clients list",
inst->name,
row[1], row[2], server ? server : "global");
/* FIXME: We should really pass a proper ctx */
c = client_afrom_query(NULL,
row[1], /* identifier */
row[4], /* secret */
row[2], /* shortname */
row[3], /* type */
server, /* server */
false); /* require message authenticator */
if (!c) {
continue;
}
if (!client_add(NULL, c)) {
WARN("Failed to add client, possible duplicate?");
client_free(c);
ret = -1;
break;
}
DEBUG("rlm_sql (%s): Client \"%s\" (%s) added", c->longname, c->shortname,
inst->name);
}
(inst->module->sql_finish_select_query)(handle, inst->config);
fr_connection_release(inst->pool, handle);
return ret;
}
void closeClient()
{
client_free(client);
}
int nfs_mount(const char *pathname, const char *hostname,
uint32_t server, const char *rem_path, const char *path,
struct nfs_mount_data *data)
{
struct client *clnt = NULL;
struct sockaddr_in addr;
char mounted = 0;
int sock = -1;
int ret = 0;
int mountflags;
if (get_ports(server, data) != 0)
goto bail;
dump_params(server, rem_path, data);
if (data->flags & NFS_MOUNT_TCP)
clnt = tcp_client(server, mount_port, CLI_RESVPORT);
else
clnt = udp_client(server, mount_port, CLI_RESVPORT);
if (clnt == NULL)
goto bail;
if (data->flags & NFS_MOUNT_VER3)
ret = mount_v3(rem_path, data, clnt);
else
ret = mount_v2(rem_path, data, clnt);
if (ret == -1)
goto bail;
mounted = 1;
if (data->flags & NFS_MOUNT_TCP)
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
else
sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (sock == -1) {
perror("socket");
goto bail;
}
if (bindresvport(sock, 0) == -1) {
perror("bindresvport");
goto bail;
}
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = server;
addr.sin_port = htons(nfs_port);
memcpy(&data->addr, &addr, sizeof(data->addr));
strncpy(data->hostname, hostname, sizeof(data->hostname));
data->fd = sock;
mountflags = (data->flags & NFS_MOUNT_KLIBC_RONLY) ? MS_RDONLY : 0;
data->flags = data->flags & NFS_MOUNT_FLAGMASK;
ret = mount(pathname, path, "nfs", mountflags, data);
if (ret == -1) {
if (errno == ENODEV) {
fprintf(stderr, "mount: the kernel lacks NFS v%d "
"support\n",
(data->flags & NFS_MOUNT_VER3) ? 3 : 2);
} else {
perror("mount");
}
goto bail;
}
dprintf("Mounted %s on %s\n", pathname, path);
goto done;
bail:
if (mounted) {
if (data->flags & NFS_MOUNT_VER3)
umount_v3(path, clnt);
else
umount_v2(path, clnt);
}
ret = -1;
done:
if (clnt)
client_free(clnt);
if (sock != -1)
close(sock);
return ret;
}
