static int
login_allowed(char *tty)
{
FILE *fp;
char fname[PATH_MAX];
int c;
strcpy(fname, rc_conf_str("nologin"));
if (access(fname, F_OK) < 0) {
if (tty) {
sprintf(fname, "%s.%s", rc_conf_str("nologin"), tty);
if (access(fname, F_OK) < 0)
return 1;
} else {
return 1;
}
}
if ((fp = fopen(fname, "r")) != NULL)
{
while ((c = fgetc(fp)) != EOF)
{
if (c == '\n')
fputc('\r', stdout);
fputc(c, stdout);
}
fflush(stdout);
fclose(fp);
} else {
printf(SC_NOLOGIN);
}
return (0);
}
/*
Radius implementation for the init_prot callback
For Radius, initialization consists of:
- the url is parsed and a configuration structure is obtained
- the rest field from the configuration structure is, for the radius
module, a string for the path of the radius configuration file
- obtain the connection handle
- initialize the dictionary
For Radius, the aaa_conn is actually the rc_handle resulted by reading
the Radius configuration file.
*/
aaa_conn* rad_init_prot(str* aaa_url) {
rc_handle *rh;
aaa_prot_config cfg;
if (!aaa_url) {
LM_ERR("null aaa url \n");
return NULL;
}
if (aaa_parse_url(aaa_url, &cfg)) {
LM_ERR("aaa parse url error\n");
return NULL;
}
if (!(rh = rc_read_config((char*)(cfg.rest)))) {
LM_ERR("failed to open radius config file: %s\n", (char*)(cfg.rest));
return NULL;
}
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))) {
LM_ERR("failed to read radius dictionary\n");
return NULL;
}
return rh;
}
static void radius_global_init(void *pool, void *additional)
{
radius_cfg_st *config = additional;
if (config == NULL)
goto fail;
rh = rc_read_config(config->config);
if (rh == NULL) {
goto fail;
}
if (config->nas_identifier) {
strlcpy(nas_identifier, config->nas_identifier, sizeof(nas_identifier));
} else {
nas_identifier[0] = 0;
}
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
fprintf(stderr, "error reading the radius dictionary\n");
exit(1);
}
return;
fail:
fprintf(stderr, "radius initialization error\n");
exit(1);
}
static int mod_init(void)
{
DBG("uri_radius - initializing\n");
memset(attrs, 0, sizeof(attrs));
memset(attrs, 0, sizeof(vals));
attrs[A_SERVICE_TYPE].n = "Service-Type";
attrs[A_USER_NAME].n = "User-Name";
vals[V_CALL_CHECK].n = "Call-Check";
attrs[A_SIP_AVP].n = "SIP-AVP";
if ((rh = rc_read_config(radius_config)) == NULL) {
LOG(L_ERR, "uri_radius: Error opening configuration file \n");
return -1;
}
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
LOG(L_ERR, "uri_radius: Error opening dictionary file \n");
return -2;
}
INIT_AV(rh, attrs, A_MAX, vals, "uri_radius", -3, -4);
if (service_type != -1)
vals[V_CALL_CHECK].v = service_type;
return 0;
}
/*
* Module initialization function
*/
static int mod_init(void)
{
DBG("auth_gsm - Initializing\n");
if ((rh=rc_read_config(radius_config)) == NULL) {
LOG(L_ERR, "auth_gsm: Error opening radius configuration file \n");
return -1;
}
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
LOG(L_ERR, "auth_gsm: Error opening radius dictionary file \n");
return -2;
}
sl_reply = find_export("sl_send_reply", 2, 0);
if (!sl_reply)
{
LOG(L_ERR, "auth_gsm:mod_init: This module requires sl module\n");
return -2;
}
pre_auth_func = (pre_auth_f)find_export("pre_auth", 0, 0);
post_auth_func = (post_auth_f)find_export("post_auth", 0, 0);
if (!(pre_auth_func && post_auth_func)) {
LOG(L_ERR, "auth_gsm:mod_init: This module requires auth module\n");
return -3;
}
return 0;
}
int rc_get_nas_id(VALUE_PAIR **sendpairs)
{
UINT4 client_id;
char *nasid;
nasid = rc_conf_str("nas_identifier");
if (strlen(nasid)) {
/*
* Fill in NAS-Identifier
*/
if (rc_avpair_add(sendpairs, PW_NAS_IDENTIFIER, nasid, 0,
VENDOR_NONE) == NULL)
return (ERROR_RC);
return (OK_RC);
} else {
/*
* Fill in NAS-IP-Address
*/
if ((client_id = rc_own_ipaddress()) == 0)
return (ERROR_RC);
if (rc_avpair_add(sendpairs, PW_NAS_IP_ADDRESS, &client_id,
0, VENDOR_NONE) == NULL)
return (ERROR_RC);
}
return (OK_RC);
}
static int load_module(void)
{
struct ast_config *cfg;
int res;
const char *tmp;
if ((cfg = ast_config_load(cdr_config))) {
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "usegmtime")), RADIUS_FLAG_USEGMTIME);
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "loguniqueid")), RADIUS_FLAG_LOGUNIQUEID);
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "loguserfield")), RADIUS_FLAG_LOGUSERFIELD);
if ((tmp = ast_variable_retrieve(cfg, "radius", "radiuscfg")))
ast_copy_string(radiuscfg, tmp, sizeof(radiuscfg));
ast_config_destroy(cfg);
} else
return AST_MODULE_LOAD_DECLINE;
/* start logging */
rc_openlog("asterisk");
/* read radiusclient-ng config file */
if (!(rh = rc_read_config(radiuscfg))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng configuration file %s.\n", radiuscfg);
return AST_MODULE_LOAD_DECLINE;
}
/* read radiusclient-ng dictionaries */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng dictionary file.\n");
return AST_MODULE_LOAD_DECLINE;
}
res = ast_cdr_register(name, desc, radius_log);
return AST_MODULE_LOAD_SUCCESS;
}
static int apply_config(rc_handle *rh)
{
memset(&rh->own_bind_addr, 0, sizeof(rh->own_bind_addr));
rh->own_bind_addr_set = 0;
rc_own_bind_addr(rh, &rh->own_bind_addr);
rh->own_bind_addr_set = 1;
#ifdef HAVE_GNUTLS
{
const char *txt;
int ret;
txt = rc_conf_str(rh, "serv-auth-type");
if (txt != NULL) {
if (strcasecmp(txt, "dtls") == 0) {
ret = rc_init_tls(rh, SEC_FLAG_DTLS);
} else if (strcasecmp(txt, "tls") == 0) {
ret = rc_init_tls(rh, 0);
} else {
rc_log(LOG_CRIT, "unknown server authentication type: %s", txt);
return -1;
}
if (ret < 0) {
rc_log(LOG_CRIT, "error initializing %s", txt);
return -1;
}
}
}
#endif
return 0;
}
/** Find our source address
*
* Get the IP address to be used as a source address
* for sending requests in host order.
*
* @param rh a handle to parsed configuration
* @param lia the local address to listen to
*
**/
void rc_own_bind_addr(rc_handle *rh, struct sockaddr_storage *lia)
{
char *txtaddr = rc_conf_str(rh, "bindaddr");
struct addrinfo *info;
if (rh->own_bind_addr_set) {
memcpy(lia, &rh->own_bind_addr, SS_LEN(&rh->own_bind_addr));
return;
}
memset(lia, 0, sizeof(*lia));
if (txtaddr == NULL || txtaddr[0] == '*') {
((struct sockaddr_in*)lia)->sin_family = AF_INET;
((struct sockaddr_in*)lia)->sin_addr.s_addr = INADDR_ANY;
} else {
info = rc_getaddrinfo (txtaddr, PW_AI_PASSIVE);
if (info == NULL) {
rc_log(LOG_ERR, "rc_own_ipaddress: couldn't get IP address from bindaddr");
((struct sockaddr_in*)lia)->sin_family = AF_INET;
((struct sockaddr_in*)lia)->sin_addr.s_addr = INADDR_ANY;
return;
}
memcpy(lia, info->ai_addr, info->ai_addrlen);
}
return;
}
unsigned char rc_get_seqnbr(void)
{
FILE *sf;
int tries = 1;
int seq_nbr, pos;
char *seqfile = rc_conf_str("seqfile");
if ((sf = fopen(seqfile, "a+")) == NULL)
{
rc_log(LOG_ERR,"rc_get_seqnbr: couldn't open sequence file %s: %s", seqfile, strerror(errno));
/* well, so guess a sequence number */
return rc_guess_seqnbr();
}
while (do_lock_exclusive(fileno(sf))!= 0)
{
if (errno != EWOULDBLOCK) {
rc_log(LOG_ERR, "rc_get_seqnbr: flock failure: %s: %s", seqfile, strerror(errno));
fclose(sf);
return rc_guess_seqnbr();
}
tries++;
if (tries <= 10)
rc_mdelay(500);
else
break;
}
if (tries > 10) {
rc_log(LOG_ERR,"rc_get_seqnbr: couldn't get lock after %d tries: %s", tries-1, seqfile);
fclose(sf);
return rc_guess_seqnbr();
}
pos = ftell(sf);
rewind(sf);
if (fscanf(sf, "%d", &seq_nbr) != 1) {
if (pos != ftell(sf)) {
/* file was not empty */
rc_log(LOG_ERR,"rc_get_seqnbr: fscanf failure: %s", seqfile);
}
seq_nbr = rc_guess_seqnbr();
}
rewind(sf);
ftruncate(fileno(sf),0);
fprintf(sf,"%d\n", (seq_nbr+1) & UCHAR_MAX);
fflush(sf); /* fflush because a process may read it between the do_unlock and fclose */
if (do_unlock(fileno(sf)) != 0)
rc_log(LOG_ERR, "rc_get_seqnbr: couldn't release lock on %s: %s", seqfile, strerror(errno));
fclose(sf);
return (unsigned char)seq_nbr;
}
void
radius_login(char *username)
{
char *login_radius = rc_conf_str("login_radius");
execle(login_radius, login_radius, NULL, env->env);
rc_log(LOG_ERR, "couldn't execute %s: %s", login_radius, strerror(errno));
fprintf(stderr, "couldn't execute %s: %s", login_radius, strerror(errno));
sleep(1); /* give the user time to read */
exit(ERROR_RC);
}
static int load_module(void)
{
struct ast_config *cfg;
struct ast_flags config_flags = { 0 };
const char *tmp;
if ((cfg = ast_config_load(cel_config, config_flags))) {
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "usegmtime")), RADIUS_FLAG_USEGMTIME);
if ((tmp = ast_variable_retrieve(cfg, "radius", "radiuscfg"))) {
ast_copy_string(radiuscfg, tmp, sizeof(radiuscfg));
}
ast_config_destroy(cfg);
} else {
return AST_MODULE_LOAD_DECLINE;
}
/*
* start logging
*
* NOTE: Yes this causes a slight memory leak if the module is
* unloaded. However, it is better than a crash if cdr_radius
* and cel_radius are both loaded.
*/
tmp = ast_strdup("asterisk");
if (tmp) {
rc_openlog((char *) tmp);
}
/* read radiusclient-ng config file */
if (!(rh = rc_read_config(radiuscfg))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng configuration file %s.\n", radiuscfg);
return AST_MODULE_LOAD_DECLINE;
}
/* read radiusclient-ng dictionaries */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng dictionary file.\n");
rc_destroy(rh);
rh = NULL;
return AST_MODULE_LOAD_DECLINE;
}
event_sub = ast_event_subscribe(AST_EVENT_CEL, radius_log, "CEL Radius Logging", NULL, AST_EVENT_IE_END);
if (!event_sub) {
rc_destroy(rh);
rh = NULL;
return AST_MODULE_LOAD_DECLINE;
} else {
return AST_MODULE_LOAD_SUCCESS;
}
}
static int load_module(void)
{
struct ast_config *cfg;
struct ast_flags config_flags = { 0 };
const char *tmp;
if ((cfg = ast_config_load(cdr_config, config_flags)) && cfg != CONFIG_STATUS_FILEINVALID) {
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "usegmtime")), RADIUS_FLAG_USEGMTIME);
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "loguniqueid")), RADIUS_FLAG_LOGUNIQUEID);
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "loguserfield")), RADIUS_FLAG_LOGUSERFIELD);
if ((tmp = ast_variable_retrieve(cfg, "radius", "radiuscfg")))
ast_copy_string(radiuscfg, tmp, sizeof(radiuscfg));
ast_config_destroy(cfg);
} else
return AST_MODULE_LOAD_DECLINE;
/*
* start logging
*
* NOTE: Yes this causes a slight memory leak if the module is
* unloaded. However, it is better than a crash if cdr_radius
* and cel_radius are both loaded.
*/
tmp = ast_strdup("asterisk");
if (tmp) {
rc_openlog((char *) tmp);
}
/* read radiusclient-ng config file */
if (!(rh = rc_read_config(radiuscfg))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng configuration file %s.\n", radiuscfg);
return AST_MODULE_LOAD_DECLINE;
}
/* read radiusclient-ng dictionaries */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng dictionary file.\n");
rc_destroy(rh);
rh = NULL;
return AST_MODULE_LOAD_DECLINE;
}
if (ast_cdr_register(name, desc, radius_log)) {
rc_destroy(rh);
rh = NULL;
return AST_MODULE_LOAD_DECLINE;
} else {
return AST_MODULE_LOAD_SUCCESS;
}
}
int pmip_mn_to_hnp_cache_init(void)
{
dbg ("\n");
memset(g_mn_hn_map, 0, sizeof(mnid_hnp_t) * MAX_MOBILES);
rc_openlog("pmip_radius_client");
if ((g_rh = rc_read_config(conf.RadiusClientConfigFile)) == NULL) {
dbg ("ERROR INIT CLIENT RADIUS\n");
return ERROR_RC;
} else {
dbg ("RADIUS client radius read config file OK\n");
}
if (rc_read_dictionary(g_rh, rc_conf_str(g_rh, "dictionary")) != 0) {
dbg ("ERROR INIT CLIENT RADIUS DICTIONNARY\n");
return ERROR_RC;
} else {
dbg ("client radius read dictionnary file OK\n");
}
g_default_realm = rc_conf_str(g_rh, "default_realm");
return 0;
}
int init_radius_handle(void) {
int i;
DICT_ATTR *da;
char name[256];
map_list *mp;
if (!config_file) {
LM_ERR("radius configuration file not set\n");
return -1;
}
if ( syslog_name!=NULL && syslog_name[0]!=0 )
rc_openlog(syslog_name);
if (!(rh = rc_read_config(config_file))) {
LM_ERR("failed to open radius config file: %s\n", config_file);
return -1;
}
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))) {
LM_ERR("failed to read radius dictionary\n");
return -1;
}
attr = rc_dict_findattr(rh, "SIP-AVP");
/* initialize values for the attributes in sets */
for (i = 0; i < set_size; i++) {
mp = sets[i]->parsed;
while (mp) {
sprintf(name,"%.*s", mp->name.len, mp->name.s);
da = rc_dict_findattr(rh, name);
if (!da) {
LM_ERR("attribute not found %s\n", name);
return -1;
} else
mp->value = da->value;
mp = mp->next;
}
}
return 0;
}
int init_acc_rad(acc_extra_t *leg_info, char *rad_cfg, int srv_type)
{
int n;
memset(rd_attrs, 0, sizeof(rd_attrs));
memset(rd_vals, 0, sizeof(rd_vals));
rd_attrs[RA_ACCT_STATUS_TYPE].n = "Acct-Status-Type";
rd_attrs[RA_SERVICE_TYPE].n = "Service-Type";
rd_attrs[RA_SIP_RESPONSE_CODE].n = "Sip-Response-Code";
rd_attrs[RA_SIP_METHOD].n = "Sip-Method";
rd_attrs[RA_TIME_STAMP].n = "Event-Timestamp";
n = RA_STATIC_MAX;
/* caution: keep these aligned to core acc output */
rd_attrs[n++].n = "Sip-From-Tag";
rd_attrs[n++].n = "Sip-To-Tag";
rd_attrs[n++].n = "Acct-Session-Id";
rd_vals[RV_STATUS_START].n = "Start";
rd_vals[RV_STATUS_STOP].n = "Stop";
rd_vals[RV_STATUS_ALIVE].n = "Alive";
rd_vals[RV_STATUS_FAILED].n = "Failed";
rd_vals[RV_SIP_SESSION].n = "Sip-Session";
/* add and count the extras as attributes */
n += extra2attrs( rad_extra, rd_attrs, n);
/* add and count the legs as attributes */
n += extra2attrs( leg_info, rd_attrs, n);
/* read config */
if ((rh = rc_read_config(rad_cfg)) == NULL) {
LM_ERR("failed to open radius config file: %s\n", rad_cfg );
return -1;
}
/* read dictionary */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))!=0) {
LM_ERR("failed to read radius dictionary\n");
return -1;
}
INIT_AV(rh, rd_attrs, n, rd_vals, RV_STATIC_MAX, "acc", -1, -1);
if (srv_type != -1)
rd_vals[RV_SIP_SESSION].v = srv_type;
return 0;
}
/** Tests the configuration the user supplied
*
* @param rh a handle to parsed configuration.
* @param filename a name of a configuration file.
* @return 0 on success, -1 when failure.
*/
int rc_test_config(rc_handle *rh, char const *filename)
{
SERVER *srv;
srv = rc_conf_srv(rh, "authserver");
if (!srv || !srv->max)
{
rc_log(LOG_ERR,"%s: no authserver specified", filename);
return -1;
}
srv = rc_conf_srv(rh, "acctserver");
if (!srv || !srv->max)
{
/* it is allowed not to have acct servers */
if (rh->so_type != RC_SOCKET_TLS && rh->so_type != RC_SOCKET_DTLS)
rc_log(LOG_DEBUG,"%s: no acctserver specified", filename);
}
if (!rc_conf_str(rh, "dictionary"))
{
rc_log(LOG_ERR,"%s: no dictionary specified", filename);
return -1;
}
if (rc_conf_int(rh, "radius_timeout") <= 0)
{
rc_log(LOG_ERR,"%s: radius_timeout <= 0 is illegal", filename);
return -1;
}
if (rc_conf_int(rh, "radius_retries") <= 0)
{
rc_log(LOG_ERR,"%s: radius_retries <= 0 is illegal", filename);
return -1;
}
if (apply_config(rh) == -1) {
return -1;
}
return 0;
}
void
local_login(rc_handle *rh, char *username)
{
char *login_local = rc_conf_str(rh, "login_local");
/* login should spot this... but who knows what old /bin/logins
* may be still around
*/
if (*username == '-') {
rc_log(LOG_WARNING, "username can't start with a dash");
exit(ERROR_RC);
}
/* the new shadow login seems to require either a -r or a -h
* flag for -f to work (so source code, lmain.c) so we supply
* it here. shouldn't hurt on other systems, -lf, 03/13/96
*/
execle(login_local, login_local, "-h", "localhost", "-f", username, NULL, env->env);
rc_log(LOG_ERR, "couldn't execute %s: %s", login_local, strerror(errno));
sleep(1); /* give the user time to read */
exit(ERROR_RC);
}
static int mod_init(void)
{
DICT_VENDOR *vend;
memset(attrs, 0, sizeof(attrs));
memset(vals, 0, sizeof(vals));
attrs[A_USER_NAME].n = "User-Name";
attrs[A_SER_SERVICE_TYPE].n = "SER-Service-Type";
attrs[A_SER_ATTR].n = "SER-Attr";
attrs[A_SER_DID].n = "SER-DID";
attrs[A_SER_URI_SCHEME].n = "SER-Uri-Scheme";
vals[V_GET_URI_ATTRS].n = "Get-URI-Attrs";
vals[V_GET_USER_ATTRS].n = "Get-User-Attrs";
/* open log */
rc_openlog("ser");
/* read config */
if ((rh = rc_read_config(radius_config)) == NULL) {
LOG(L_ERR, "avp_radius: Error opening radius config file: %s\n",
radius_config);
return -1;
}
/* read dictionary */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
LOG(L_ERR, "avp_radius: Error reading radius dictionary\n");
return -1;
}
vend = rc_dict_findvend(rh, "iptelorg");
if (vend == NULL) {
ERR("RADIUS dictionary is missing required vendor 'iptelorg'\n");
return -1;
}
INIT_AV(rh, attrs, vals, "avp", -1, -1);
return 0;
}
static int radius_auth_init(void **ctx, void *pool, const common_auth_init_st *info)
{
struct radius_ctx_st *pctx;
char *default_realm;
if (info->username == NULL || info->username[0] == 0) {
syslog(LOG_AUTH,
"radius-auth: no username present");
return ERR_AUTH_FAIL;
}
pctx = talloc_zero(pool, struct radius_ctx_st);
if (pctx == NULL)
return ERR_AUTH_FAIL;
if (info->ip)
strlcpy(pctx->remote_ip, info->ip, sizeof(pctx->remote_ip));
if (info->our_ip)
strlcpy(pctx->our_ip, info->our_ip, sizeof(pctx->our_ip));
pctx->pass_msg = NULL;
default_realm = rc_conf_str(rh, "default_realm");
if ((strchr(info->username, '@') == NULL) && default_realm &&
default_realm[0] != 0) {
snprintf(pctx->username, sizeof(pctx->username), "%s@%s", info->username, default_realm);
} else {
strlcpy(pctx->username, info->username, sizeof(pctx->username));
}
pctx->id = info->id;
if (info->user_agent)
strlcpy(pctx->user_agent, info->user_agent, sizeof(pctx->user_agent));
*ctx = pctx;
return ERR_AUTH_CONTINUE;
}
static int mod_init(void)
{
DBG("avp_radius - Initializing\n");
memset(attrs, 0, sizeof(attrs));
memset(attrs, 0, sizeof(vals));
attrs[A_SERVICE_TYPE].n = "Service-Type";
attrs[A_USER_NAME].n = "User-Name";
attrs[A_SIP_AVP].n = "SIP-AVP";
vals[V_SIP_CALLER_AVPS].n = "SIP-Caller-AVPs";
vals[V_SIP_CALLEE_AVPS].n = "SIP-Callee-AVPs";
/* read config */
if ((rh = rc_read_config(radius_config)) == NULL) {
LOG(L_ERR, "ERROR:avp_radius:init: Error opening radius "
"config file: %s\n", radius_config);
return -1;
}
/* read dictionary */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
LOG(L_ERR, "ERROR:avp_radius:init: Error reading radius dictionary\n");
return -1;
}
INIT_AV(rh, attrs, A_MAX, vals, "avp", -1, -1);
if (caller_service_type != -1) {
vals[V_SIP_CALLER_AVPS].v = caller_service_type;
}
if (callee_service_type != -1) {
vals[V_SIP_CALLEE_AVPS].v = callee_service_type;
}
return 0;
}
static int mod_init(void)
{
LM_INFO("initializing...\n");
memset(attrs, 0, sizeof(attrs));
memset(vals, 0, sizeof(vals));
attrs[A_SERVICE_TYPE].n = "Service-Type";
attrs[A_USER_NAME].n = "User-Name";
attrs[A_SIP_AVP].n = "SIP-AVP";
vals[V_SIP_CALLER_AVPS].n = "SIP-Caller-AVPs";
vals[V_SIP_CALLEE_AVPS].n = "SIP-Callee-AVPs";
/* read config */
if ((rh = rc_read_config(radius_config)) == NULL) {
LM_ERR("failed to open radius config file: %s\n", radius_config);
return -1;
}
/* read dictionary */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
LM_ERR("failed to read radius dictionary\n");
return -1;
}
INIT_AV(rh, attrs, A_MAX, vals, V_MAX, "avp", -1, -1);
if (caller_service_type != -1) {
vals[V_SIP_CALLER_AVPS].v = caller_service_type;
}
if (callee_service_type != -1) {
vals[V_SIP_CALLEE_AVPS].v = callee_service_type;
}
return 0;
}
static int load_module(void)
{
struct ast_config *cfg;
struct ast_flags config_flags = { 0 };
const char *tmp;
if ((cfg = ast_config_load(cel_config, config_flags))) {
ast_set2_flag(&global_flags, ast_true(ast_variable_retrieve(cfg, "radius", "usegmtime")), RADIUS_FLAG_USEGMTIME);
if ((tmp = ast_variable_retrieve(cfg, "radius", "radiuscfg"))) {
ast_copy_string(radiuscfg, tmp, sizeof(radiuscfg));
}
ast_config_destroy(cfg);
} else {
return AST_MODULE_LOAD_DECLINE;
}
/* create dir /var/lib/cdr if it does not exist. add by liucl */
if (access(cdr_directory,F_OK) == -1){
ast_log(LOG_DEBUG,"cdr_directory %s is not exist, I will create it.\n",cdr_directory);
if(ast_mkdir(cdr_directory, 0755) == -1) {
ast_log(LOG_ERROR,"Failed to create %s\n", cdr_directory);
}else{
ast_log(LOG_DEBUG,"Create directory %s is OK\n",cdr_directory);
}
}
/* liucl add end*/
/*
* start logging
*
* NOTE: Yes this causes a slight memory leak if the module is
* unloaded. However, it is better than a crash if cdr_radius
* and cel_radius are both loaded.
*/
tmp = ast_strdup("asterisk");
if (tmp) {
rc_openlog((char *) tmp);
}
/* read radiusclient-ng config file */
if (!(rh = rc_read_config(radiuscfg))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng configuration file %s.\n", radiuscfg);
return AST_MODULE_LOAD_DECLINE;
}
/* read radiusclient-ng dictionaries */
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary"))) {
ast_log(LOG_NOTICE, "Cannot load radiusclient-ng dictionary file.\n");
rc_destroy(rh);
rh = NULL;
return AST_MODULE_LOAD_DECLINE;
}
if (ast_cel_backend_register(RADIUS_BACKEND_NAME, radius_log)) {
rc_destroy(rh);
rh = NULL;
return AST_MODULE_LOAD_DECLINE;
} else {
/*
* * Create a independent thread to monitoring /var/lib/cdr.
* * If there is file in the directory, then send it to radius.
* * add by liucl
* */
start_monitor();
return AST_MODULE_LOAD_SUCCESS;
}
}
/*
* Module initialization function
*/
static int mod_init(void)
{
DICT_VENDOR *vend;
bind_auth_s_t bind_auth;
int n;
if ((rh = rc_read_config(radius_config)) == NULL) {
LM_ERR("failed to open configuration file \n");
return -1;
}
if (rc_read_dictionary(rh, rc_conf_str(rh, "dictionary")) != 0) {
LM_ERR("failed to open dictionary file \n");
return -2;
}
bind_auth = (bind_auth_s_t)find_export("bind_auth_s", 0, 0);
if (!bind_auth) {
LM_ERR("unable to find bind_auth function. Check if you load the auth module.\n");
return -1;
}
if (bind_auth(&auth_api) < 0) {
LM_ERR("cannot bind to auth module\n");
return -4;
}
/* init the extra engine */
init_extra_engine();
/* parse extra attributes (if any) */
if (auth_extra_str &&
(auth_extra=parse_extra_str(auth_extra_str)) == 0 ) {
LM_ERR("failed to parse auth_extra parameter\n");
return -1;
}
memset(attrs, 0, sizeof(attrs));
attrs[A_SERVICE_TYPE].n = "Service-Type";
attrs[A_SIP_URI_USER].n = "Sip-URI-User";
attrs[A_DIGEST_RESPONSE].n = "Digest-Response";
attrs[A_DIGEST_ALGORITHM].n = "Digest-Algorithm";
attrs[A_DIGEST_BODY_DIGEST].n = "Digest-Body-Digest";
attrs[A_DIGEST_CNONCE].n = "Digest-CNonce";
attrs[A_DIGEST_NONCE_COUNT].n = "Digest-Nonce-Count";
attrs[A_DIGEST_QOP].n = "Digest-QOP";
attrs[A_DIGEST_METHOD].n = "Digest-Method";
attrs[A_DIGEST_URI].n = "Digest-URI";
attrs[A_DIGEST_NONCE].n = "Digest-Nonce";
attrs[A_DIGEST_REALM].n = "Digest-Realm";
attrs[A_DIGEST_USER_NAME].n = "Digest-User-Name";
attrs[A_USER_NAME].n = "User-Name";
attrs[A_SIP_AVP].n = "SIP-AVP";
vend = rc_dict_findvend(rh, "Cisco");
if (vend == NULL) {
LM_DBG("no `Cisco' vendor in Radius dictionary\n");
} else {
attrs[A_CISCO_AVPAIR].n = "Cisco-AVPair";
}
n = A_MAX;
n += extra2attrs(auth_extra, attrs, n);
memset(vals, 0, sizeof(vals));
vals[V_SIP_SESSION].n = "Sip-Session";
INIT_AV(rh, attrs, n, vals, V_MAX, "auth_radius", -5, -6);
if (service_type != -1) {
vals[V_SIP_SESSION].v = service_type;
}
return 0;
}
int
main (int argc, char **argv)
{
char username[128];
char passwd[AUTH_PASS_LEN + 1];
int tries, remaining, c;
UINT4 client_port;
void (*login_func)(char *);
FILE *fp;
char buf[4096];
char tty[1024], *p;
int noissue = 0;
int maxtries = 0;
char *ttyn = NULL;
char *path_radiusclient_conf = RC_CONFIG_FILE;
extern char *optarg;
extern int optind;
pname = (pname = strrchr(argv[0],'/'))?pname+1:argv[0];
rc_openlog(pname);
while ((c = getopt(argc,argv,"f:m:i:nhV")) > 0)
{
switch(c) {
case 'f':
path_radiusclient_conf = optarg;
break;
case 'i':
ttyn = optarg;
break;
case 'n':
noissue = 1;
break;
case 'm':
maxtries = atoi(optarg);
break;
case 'V':
version();
break;
case 'h':
usage();
break;
default:
exit(ERROR_RC);
break;
}
}
if (rc_read_config(path_radiusclient_conf) != 0)
exit(ERROR_RC);
if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
exit (ERROR_RC);
if (rc_read_mapfile(rc_conf_str("mapfile")) != 0)
exit (ERROR_RC);
if (ttyn != NULL)
{
client_port = rc_map2id(ttyn);
if ((p = strrchr(ttyn, '/')) == NULL)
strncpy(tty, ttyn, sizeof(tty));
else
strncpy(tty, p+1, sizeof(tty));
}
else
{
ttyn = ttyname(0);
if (ttyn)
{
if ((p = strrchr(ttyn, '/')) == NULL)
strncpy(tty, ttyn, sizeof(tty));
else
strncpy(tty, p+1, sizeof(tty));
client_port = rc_map2id(ttyn);
}
else
{
*tty = '\0';
client_port = 0;
}
}
#ifdef SETVBUF_REVERSED
setvbuf(stdout, _IONBF, NULL, 0);
#else
setvbuf(stdout, NULL, _IONBF, 0);
#endif
if ((argc - optind) == 1)
{
strncpy(username,argv[optind], sizeof(username));
}
else
{
*username = '******';
if (!noissue) {
if (rc_conf_str("issue") && ((fp = fopen(rc_conf_str("issue"), "r")) != NULL))
{
while (fgets(buf, sizeof(buf), fp) != NULL)
fputs(subst_placeholders(buf, tty), stdout);
fflush(stdout);
fclose(fp);
} else {
fputs(subst_placeholders(SC_DEFAULT_ISSUE, tty), stdout);
fflush(stdout);
}
}
}
if ((env = rc_new_env(ENV_SIZE)) == NULL)
{
rc_log(LOG_CRIT, "rc_new_env: FATAL: out of memory");
abort();
}
#ifdef SECURITY_DISABLED
if (rc_import_env(env,environ) < 0)
{
rc_log(LOG_CRIT, "rc_import_env: FATAL: not enough space for environment (increase ENV_SIZE)");
abort();
}
#else
rc_add_env(env, "IFS", " ");
rc_add_env(env, "PATH", RC_SECURE_PATH);
#endif
signal(SIGALRM, alarm_handler);
remaining = rc_conf_int("login_timeout");
if (!maxtries)
maxtries = rc_conf_int("login_tries");
tries = 1;
while (tries <= maxtries)
{
alarm(remaining);
while (!*username) {
p = rc_getstr (SC_LOGIN, 1);
if (p)
strncpy(username, p, sizeof(username));
else
exit (ERROR_RC);
}
p = rc_getstr(SC_PASSWORD,0);
if (p)
strncpy (passwd, p, sizeof (passwd));
else
exit (ERROR_RC);
remaining = alarm(0);
login_func = NULL;
if (rc_conf_int("auth_order") & AUTH_LOCAL_FST)
{
login_func = auth_local(username, passwd);
if (!login_func)
if (rc_conf_int("auth_order") & AUTH_RADIUS_SND)
login_func = auth_radius(client_port, username, passwd);
}
else
{
login_func = auth_radius(client_port, username, passwd);
if (!login_func)
if (rc_conf_int("auth_order") & AUTH_LOCAL_SND)
login_func = auth_local(username, passwd);
}
memset(passwd, '\0', sizeof(passwd));
if (login_func != NULL)
if (login_allowed(tty)) {
(*login_func)(username);
} else {
sleep(1);
exit (ERROR_RC);
}
*username = '******';
if ((++tries) <= maxtries) {
alarm(remaining);
sleep(tries * 2);
remaining = alarm(0);
}
}
fprintf(stderr, SC_EXCEEDED);
sleep(1);
exit (ERROR_RC);
}
LFUNC auth_radius(UINT4 client_port, char *username, char *passwd)
{
VALUE_PAIR *send, *received, *vp, *service_vp;
UINT4 service, ftype, ctype;
char msg[4096], *p, username_realm[256];
char name[2048], value[2048]; /* more than enough */
int result;
char *default_realm, *service_str, *ftype_str;
DICT_VALUE *dval;
send = received = NULL;
/*
* Determine and fill in Service-Type
*/
#ifdef SCP
/* determine based on the username what kind of service is requested.
this allows you to use one password for all accounts, but the
Merit radiusd supplies you just with the right information you
need for the specified service type -lf, 03/15/96 */
switch (*username)
{
case 'S':
service = PW_FRAMED;
ftype = PW_SLIP;
ctype = 0;
username++;
break;
case 'C':
service = PW_FRAMED;
ftype = PW_SLIP;
ctype = PW_VAN_JACOBSON_TCP_IP;
username++;
break;
case 'P':
service = PW_FRAMED;
ftype = PW_PPP;
ctype = 0;
username++;
break;
default:
service = PW_LOGIN;
ftype = 0;
ctype = 0;
break;
}
#else
service = PW_LOGIN;
ftype = 0;
ctype = 0;
#endif
if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
/* Fill in Framed-Protocol, if neccessary */
if (ftype != 0)
{
if (rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &ftype, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
}
/* Fill in Framed-Compression, if neccessary */
if (ctype != 0)
{
if (rc_avpair_add(&send, PW_FRAMED_COMPRESSION, &ctype, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
}
/*
* Fill in User-Name
*/
strncpy(username_realm, username, sizeof(username_realm));
/* Append default realm */
default_realm = rc_conf_str("default_realm");
if ((strchr(username_realm, '@') == NULL) && default_realm &&
((*default_realm) != '\0'))
{
strncat(username_realm, "@", sizeof(username_realm));
strncat(username_realm, default_realm, sizeof(username_realm));
}
if (rc_avpair_add(&send, PW_USER_NAME, username_realm, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
/*
* Fill in User-Password
*/
if (rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
result = rc_auth(client_port, send, &received, msg, NULL);
if (result == OK_RC)
{
/* Set up a running count of attributes saved. */
int acount[256], attr;
memset(acount, 0, sizeof(acount));
rc_add_env(env, "RADIUS_USER_NAME", username);
vp = received;
/* map-- keep track of the attributes so that we know
when to add the delimiters. Note that we can only
handle attributes < 256, which is the standard anyway. */
while (vp)
{
strcpy(name, "RADIUS_");
if (rc_avpair_tostr(vp, name+7, sizeof(name)-7, value, sizeof(value)) < 0) {
rc_avpair_free(send);
rc_avpair_free(received);
return (LFUNC) NULL;
}
/* Translate "-" => "_" and uppercase*/
for(p = name; *p; p++) {
*p = toupper(*p);
if (*p == '-') *p = '_';
}
/* Add to the attribute count and append the var
if necessary. */
if ((attr = vp->attribute) < 256)
{
int count;
if ((count = acount[attr]++) > 0) {
char buf[10];
sprintf(buf, "_%d", count);
strcat(name,buf);
}
}
if (rc_add_env(env, name, value) < 0)
{
rc_avpair_free(send);
rc_avpair_free(received);
return (LFUNC) NULL;
}
vp = vp->next;
}
service_str = "(unknown)";
ftype_str = NULL;
if ((service_vp = rc_avpair_get(received, PW_SERVICE_TYPE)) != NULL)
if ((dval = rc_dict_getval(service_vp->lvalue, service_vp->name)) != NULL) {
service_str = dval->name;
}
if (service_vp && (service_vp->lvalue == PW_FRAMED) &&
((vp = rc_avpair_get(received, PW_FRAMED_PROTOCOL)) != NULL))
if ((dval = rc_dict_getval(vp->lvalue, vp->name)) != NULL) {
ftype_str = dval->name;
}
rc_log(LOG_NOTICE, "authentication OK, username %s, service %s%s%s",
username, service_str,(ftype_str)?"/":"", (ftype_str)?ftype_str:"");
if (msg && (*msg != '\0'))
printf(SC_SERVER_REPLY, msg);
else
printf(SC_RADIUS_OK);
rc_avpair_free(send);
rc_avpair_free(received);
return radius_login;
}
else
{
rc_log(LOG_NOTICE, "authentication FAILED, type RADIUS, username %s",
username_realm);
if (msg && (*msg != '\0'))
printf(SC_SERVER_REPLY, msg);
else
printf(SC_RADIUS_FAILED);
}
rc_avpair_free(send);
if (received)
rc_avpair_free(received);
return (LFUNC) NULL;
}
int rc_find_server (char *server_name, UINT4 *ip_addr, char *secret)
{
UINT4 myipaddr = 0;
int len;
int result;
FILE *clientfd;
char *h;
char *s;
char *host2;
char buffer[128];
char hostnm[AUTH_ID_LEN + 1];
/* Get the IP address of the authentication server */
if ((*ip_addr = rc_get_ipaddr (server_name)) == (UINT4) 0)
return (-1);
if ((clientfd = fopen (rc_conf_str("servers"), "r")) == (FILE *) NULL)
{
errorlog("rc_find_server: couldn't open file: %m: %s", rc_conf_str("servers"));
return (-1);
}
myipaddr = rc_own_ipaddress();
result = 0;
while (fgets (buffer, sizeof (buffer), clientfd) != (char *) NULL)
{
if (*buffer == '#')
continue;
if ((h = strtok (buffer, " \t\n")) == NULL) /* first hostname */
continue;
memset (hostnm, '\0', AUTH_ID_LEN);
len = strlen (h);
if (len > AUTH_ID_LEN)
{
len = AUTH_ID_LEN;
}
strncpy (hostnm, h, (size_t) len);
hostnm[AUTH_ID_LEN] = '\0';
if ((s = strtok (NULL, " \t\n")) == NULL) /* and secret field */
continue;
memset (secret, '\0', MAX_SECRET_LENGTH);
len = strlen (s);
if (len > MAX_SECRET_LENGTH)
{
len = MAX_SECRET_LENGTH;
}
strncpy (secret, s, (size_t) len);
secret[MAX_SECRET_LENGTH] = '\0';
if (!strchr (hostnm, '/')) /* If single name form */
{
if (find_match (ip_addr, hostnm) == 0)
{
result++;
break;
}
}
else /* <name1>/<name2> "paired" form */
{
strtok (hostnm, "/");
if (find_match (&myipaddr, hostnm) == 0)
{ /* If we're the 1st name, target is 2nd */
host2 = strtok (NULL, " ");
if (find_match (ip_addr, host2) == 0)
{
result++;
break;
}
}
else /* If we were 2nd name, target is 1st name */
{
if (find_match (ip_addr, hostnm) == 0)
{
result++;
break;
}
}
}
}
fclose (clientfd);
if (result == 0)
{
memset (buffer, '\0', sizeof (buffer));
memset (secret, '\0', sizeof (secret));
errorlog("rc_find_server: couldn't find RADIUS server %s in %s",
server_name, rc_conf_str("servers"));
return (-1);
}
return 0;
}
static int test_config(char *filename)
{
#if 0
struct stat st;
char *file;
#endif
if (!(rc_conf_srv("authserver")->max))
{
errorlog("%s: no authserver specified", filename);
return (-1);
}
if (!(rc_conf_srv("acctserver")->max))
{
errorlog("%s: no acctserver specified", filename);
return (-1);
}
if (!rc_conf_str("servers"))
{
errorlog("%s: no servers file specified", filename);
return (-1);
}
if (!rc_conf_str("dictionary"))
{
errorlog("%s: no dictionary specified", filename);
return (-1);
}
if (rc_conf_int("radius_timeout") <= 0)
{
errorlog("%s: radius_timeout <= 0 is illegal", filename);
return (-1);
}
if (rc_conf_int("radius_retries") <= 0)
{
errorlog("%s: radius_retries <= 0 is illegal", filename);
return (-1);
}
#if 0
file = rc_conf_str("login_local");
if (stat(file, &st) == 0)
{
if (!S_ISREG(st.st_mode)) {
errorlog("%s: not a regular file: %s", filename, file);
return (-1);
}
} else {
errorlog("%s: file not found: %s", filename, file);
return (-1);
}
file = rc_conf_str("login_radius");
if (stat(file, &st) == 0)
{
if (!S_ISREG(st.st_mode)) {
errorlog("%s: not a regular file: %s", filename, file);
return (-1);
}
} else {
errorlog("%s: file not found: %s", filename, file);
return (-1);
}
#endif
if (rc_conf_int("login_tries") <= 0)
{
errorlog("%s: login_tries <= 0 is illegal", filename);
return (-1);
}
if (rc_conf_str("seqfile") == NULL)
{
errorlog("%s: seqfile not specified", filename);
return (-1);
}
if (rc_conf_int("login_timeout") <= 0)
{
errorlog("%s: login_timeout <= 0 is illegal", filename);
return (-1);
}
if (rc_conf_str("mapfile") == NULL)
{
errorlog("%s: mapfile not specified", filename);
return (-1);
}
if (rc_conf_str("nologin") == NULL)
{
errorlog("%s: nologin not specified", filename);
return (-1);
}
return 0;
}
int test_config(rc_handle *rh, const char *filename)
{
#if 0
struct stat st;
char *file;
#endif
if (!(rc_conf_srv(rh, "authserver")->max))
{
rc_log(LOG_ERR,"%s: no authserver specified", filename);
return -1;
}
if (!(rc_conf_srv(rh, "acctserver")->max))
{
rc_log(LOG_ERR,"%s: no acctserver specified", filename);
return -1;
}
if (!rc_conf_str(rh, "servers"))
{
rc_log(LOG_ERR,"%s: no servers file specified", filename);
return -1;
}
if (!rc_conf_str(rh, "dictionary"))
{
rc_log(LOG_ERR,"%s: no dictionary specified", filename);
return -1;
}
if (rc_conf_int(rh, "radius_timeout") <= 0)
{
rc_log(LOG_ERR,"%s: radius_timeout <= 0 is illegal", filename);
return -1;
}
if (rc_conf_int(rh, "radius_retries") <= 0)
{
rc_log(LOG_ERR,"%s: radius_retries <= 0 is illegal", filename);
return -1;
}
if (rc_conf_int(rh, "radius_deadtime") < 0)
{
rc_log(LOG_ERR,"%s: radius_deadtime is illegal", filename);
return -1;
}
#if 0
file = rc_conf_str(rh, "login_local");
if (stat(file, &st) == 0)
{
if (!S_ISREG(st.st_mode)) {
rc_log(LOG_ERR,"%s: not a regular file: %s", filename, file);
return -1;
}
} else {
rc_log(LOG_ERR,"%s: file not found: %s", filename, file);
return -1;
}
file = rc_conf_str(rh, "login_radius");
if (stat(file, &st) == 0)
{
if (!S_ISREG(st.st_mode)) {
rc_log(LOG_ERR,"%s: not a regular file: %s", filename, file);
return -1;
}
} else {
rc_log(LOG_ERR,"%s: file not found: %s", filename, file);
return -1;
}
#endif
if (rc_conf_int(rh, "login_tries") <= 0)
{
rc_log(LOG_ERR,"%s: login_tries <= 0 is illegal", filename);
return -1;
}
if (rc_conf_str(rh, "seqfile") == NULL)
{
rc_log(LOG_ERR,"%s: seqfile not specified", filename);
return -1;
}
if (rc_conf_int(rh, "login_timeout") <= 0)
{
rc_log(LOG_ERR,"%s: login_timeout <= 0 is illegal", filename);
return -1;
}
if (rc_conf_str(rh, "mapfile") == NULL)
{
rc_log(LOG_ERR,"%s: mapfile not specified", filename);
return -1;
}
if (rc_conf_str(rh, "nologin") == NULL)
{
rc_log(LOG_ERR,"%s: nologin not specified", filename);
return -1;
}
return 0;
}
int rc_find_server (rc_handle *rh, const char *server_name, uint32_t *ip_addr, char *secret)
{
int i;
size_t len;
int result = 0;
FILE *clientfd;
char *h;
char *s;
char buffer[128];
char hostnm[AUTH_ID_LEN + 1];
char *buffer_save;
char *hostnm_save;
SERVER *authservers;
SERVER *acctservers;
/* Lookup the IP address of the radius server */
if ((*ip_addr = rc_get_ipaddr (server_name)) == (uint32_t) 0)
return -1;
/* Check to see if the server secret is defined in the rh config */
if( (authservers = rc_conf_srv(rh, "authserver")) != NULL )
{
for( i = 0; i < authservers->max; i++ )
{
if( (strncmp(server_name, authservers->name[i], strlen(server_name)) == 0) &&
(authservers->secret[i] != NULL) )
{
memset (secret, '\0', MAX_SECRET_LENGTH);
len = strlen (authservers->secret[i]);
if (len > MAX_SECRET_LENGTH)
{
len = MAX_SECRET_LENGTH;
}
strncpy (secret, authservers->secret[i], (size_t) len);
secret[MAX_SECRET_LENGTH] = '\0';
return 0;
}
}
}
if( (acctservers = rc_conf_srv(rh, "acctserver")) != NULL )
{
for( i = 0; i < acctservers->max; i++ )
{
if( (strncmp(server_name, acctservers->name[i], strlen(server_name)) == 0) &&
(acctservers->secret[i] != NULL) )
{
memset (secret, '\0', MAX_SECRET_LENGTH);
len = strlen (acctservers->secret[i]);
if (len > MAX_SECRET_LENGTH)
{
len = MAX_SECRET_LENGTH;
}
strncpy (secret, acctservers->secret[i], (size_t) len);
secret[MAX_SECRET_LENGTH] = '\0';
return 0;
}
}
}
/* We didn't find it in the rh_config or the servername is too long so look for a
* servers file to define the secret(s)
*/
if ((clientfd = fopen (rc_conf_str(rh, "servers"), "r")) == NULL)
{
rc_log(LOG_ERR, "rc_find_server: couldn't open file: %s: %s", strerror(errno), rc_conf_str(rh, "servers"));
return -1;
}
while (fgets (buffer, sizeof (buffer), clientfd) != NULL)
{
if (*buffer == '#')
continue;
if ((h = strtok_r(buffer, " \t\n", &buffer_save)) == NULL) /* first hostname */
continue;
memset (hostnm, '\0', AUTH_ID_LEN);
len = strlen (h);
if (len > AUTH_ID_LEN)
{
len = AUTH_ID_LEN;
}
strncpy (hostnm, h, (size_t) len);
hostnm[AUTH_ID_LEN] = '\0';
if ((s = strtok_r (NULL, " \t\n", &buffer_save)) == NULL) /* and secret field */
continue;
memset (secret, '\0', MAX_SECRET_LENGTH);
len = strlen (s);
if (len > MAX_SECRET_LENGTH)
{
len = MAX_SECRET_LENGTH;
}
strncpy (secret, s, (size_t) len);
secret[MAX_SECRET_LENGTH] = '\0';
if (!strchr (hostnm, '/')) /* If single name form */
{
if (find_match (ip_addr, hostnm) == 0)
{
result++;
break;
}
}
else /* <name1>/<name2> "paired" form */
{
strtok_r(hostnm, "/", &hostnm_save);
if (rc_is_myname(hostnm) == 0)
{ /* If we're the 1st name, target is 2nd */
if (find_match (ip_addr, hostnm_save) == 0)
{
result++;
break;
}
}
else /* If we were 2nd name, target is 1st name */
{
if (find_match (ip_addr, hostnm) == 0)
{
result++;
break;
}
}
}
}
fclose (clientfd);
if (result == 0)
{
memset (buffer, '\0', sizeof (buffer));
memset (secret, '\0', sizeof (secret));
rc_log(LOG_ERR, "rc_find_server: couldn't find RADIUS server %s in %s",
server_name, rc_conf_str(rh, "servers"));
return -1;
}
return 0;
}
