Skip to content

Commit

Permalink
Merge branch 'master' into statusserver-auto
Browse files Browse the repository at this point in the history
Fabian Mauchle committed Nov 10, 2018
2 parents 719094b + e129df4 commit dd01731
Showing 9 changed files with 912 additions and 1,108 deletions.
1 change: 0 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -22,7 +22,6 @@ TAGS
radsecproxy
radsecproxy-conf
radsecproxy-hash
radsecproxy.conf.5
tests/t_fticks
tests/*.log
tests/*.trs
5 changes: 5 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
changes since 1.7.2
Misc:
- No longer require docbook2x tools, but include plain manpages
- Fail on startup if overlapping clients with different tls blocks

2018-09-03 1.7.2
Misc:
- Always copy proxy-state attributes in own responses
9 changes: 0 additions & 9 deletions Makefile.am
Original file line number Diff line number Diff line change
@@ -4,10 +4,6 @@

AUTOMAKE_OPTIONS = foreign

if HAVE_DOCBOOK2X_MAN
GENMANPAGES = radsecproxy.conf.5
endif

SUBDIRS = tests

sbin_PROGRAMS = radsecproxy
@@ -59,15 +55,10 @@ EXTRA_DIST = \
tools/README tools/naptr-eduroam.sh tools/radsec-dynsrv.sh

####################
radsecproxy.conf.5: $(srcdir)/radsecproxy.conf.5.xml
$(DOCBOOK2X_MAN) $<

html: radsecproxy.html radsecproxy-hash.html radsecproxy.conf.html

%.html: %.1
groff -mandoc -Thtml $< >$@
%.html: %.5
groff -mandoc -Thtml $< >$@

clean-local:
-rm $(GENMANPAGES)
7 changes: 0 additions & 7 deletions configure.ac
Original file line number Diff line number Diff line change
@@ -90,13 +90,6 @@ if test "x$dtls" = "xyes" ; then
TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_DTLS"
fi

AC_ARG_VAR([DOCBOOK2X_MAN], [docbook2x-man program to use])
if test -z "$DOCBOOK2X_MAN" ; then
AC_SUBST([DOCBOOK2X_MAN], [docbook2x-man])
fi
AC_CHECK_PROG([DOCBOOK2X_MAN_PROG], [$DOCBOOK2X_MAN], [yes])
AM_CONDITIONAL(HAVE_DOCBOOK2X_MAN, test "$DOCBOOK2X_MAN_PROG" = "yes")

AC_SUBST(TARGET_CFLAGS)
AC_SUBST(TARGET_LDFLAGS)
AX_CHECK_SSL
72 changes: 48 additions & 24 deletions hostport.c
Original file line number Diff line number Diff line change
@@ -244,7 +244,7 @@ static int prefixmatch(void *a1, void *a2, uint8_t len) {
return (((uint8_t *)a1)[l] & mask[r]) == (((uint8_t *)a2)[l] & mask[r]);
}

int addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t checkport) {
int _internal_addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t prefixlen, uint8_t checkport) {
struct sockaddr_in6 *sa6 = NULL;
struct in_addr *a4 = NULL;
struct addrinfo *res;
@@ -255,36 +255,60 @@ int addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t checkp
sa6 = (struct sockaddr_in6 *)addr;
if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
a4 = (struct in_addr *)&sa6->sin6_addr.s6_addr[12];
sa6 = NULL;
}
sa6 = NULL;
}
} else
a4 = &((struct sockaddr_in *)addr)->sin_addr;
a4 = &((struct sockaddr_in *)addr)->sin_addr;

for (entry = list_first(hostports); entry; entry = list_next(entry)) {
hp = (struct hostportres *)entry->data;
for (res = hp->addrinfo; res; res = res->ai_next)
if (hp->prefixlen == 255) {
if ((a4 && res->ai_family == AF_INET &&
!memcmp(a4, &((struct sockaddr_in *)res->ai_addr)->sin_addr, 4) &&
(!checkport || ((struct sockaddr_in *)res->ai_addr)->sin_port ==
((struct sockaddr_in *)addr)->sin_port)) ||
(sa6 && res->ai_family == AF_INET6 &&
!memcmp(&sa6->sin6_addr,
&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, 16) &&
(!checkport || ((struct sockaddr_in6 *)res->ai_addr)->sin6_port ==
((struct sockaddr_in6 *)addr)->sin6_port)))
return 1;
} else {
if ((a4 && res->ai_family == AF_INET &&
prefixmatch(a4, &((struct sockaddr_in *)res->ai_addr)->sin_addr, hp->prefixlen)) ||
(sa6 && res->ai_family == AF_INET6 &&
prefixmatch(&sa6->sin6_addr, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, hp->prefixlen)))
return 1;
}
hp = (struct hostportres *)entry->data;
for (res = hp->addrinfo; res; res = res->ai_next) {
if (hp->prefixlen >= (res->ai_family == AF_INET ? 32 : 128) && prefixlen >= (a4 ? 32 : 128)) {
if ((a4 && res->ai_family == AF_INET &&
!memcmp(a4, &((struct sockaddr_in *)res->ai_addr)->sin_addr, 4) &&
(!checkport || ((struct sockaddr_in *)res->ai_addr)->sin_port ==
((struct sockaddr_in *)addr)->sin_port)) ||

(sa6 && res->ai_family == AF_INET6 &&
!memcmp(&sa6->sin6_addr,
&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, 16) &&
(!checkport || ((struct sockaddr_in6 *)res->ai_addr)->sin6_port ==
((struct sockaddr_in6 *)addr)->sin6_port)))

return 1;
} else if (hp->prefixlen <= prefixlen) {
if ((a4 && res->ai_family == AF_INET &&
prefixmatch(a4, &((struct sockaddr_in *)res->ai_addr)->sin_addr, hp->prefixlen)) ||
(sa6 && res->ai_family == AF_INET6 &&
prefixmatch(&sa6->sin6_addr, &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr, hp->prefixlen)))

return 1;
}
}
}
return 0;
}

int hostportmatches(struct list *hostports, struct list *matchhostports, uint8_t checkport) {
struct list_node *entry;
struct hostportres *match;
struct addrinfo *res;

for (entry = list_first(matchhostports); entry; entry = list_next(entry)) {
match = (struct hostportres *)entry->data;

for (res = match->addrinfo; res; res = res->ai_next) {
if (_internal_addressmatches(hostports, res->ai_addr, match->prefixlen, checkport))
return 1;
}
}
return 0;
}

int addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t checkport) {
return _internal_addressmatches(hostports, addr, 255, checkport);
}

int connecttcphostlist(struct list *hostports, struct addrinfo *src) {
int s;
struct list_node *entry;
1 change: 1 addition & 0 deletions hostport.h
Original file line number Diff line number Diff line change
@@ -16,6 +16,7 @@ void freehostports(struct list *hostports);
int resolvehostport(struct hostportres *hp, int af, int socktype, uint8_t passive);
int resolvehostports(struct list *hostports, int af, int socktype);
struct addrinfo *resolvepassiveaddrinfo(char *hostport, int af, char *default_port, int socktype);
int hostportmatches(struct list *hostports, struct list *matchhostports, uint8_t checkport);
int addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t checkport);
int connecttcphostlist(struct list *hostports, struct addrinfo *src);

16 changes: 15 additions & 1 deletion radsecproxy.c
Original file line number Diff line number Diff line change
@@ -2770,10 +2770,11 @@ int config_hostaf(const char *desc, int ipv4only, int ipv6only, int *af) {
}

int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) {
struct clsrvconf *conf;
struct clsrvconf *conf, *existing;
char *conftype = NULL, *rewriteinalias = NULL;
long int dupinterval = LONG_MIN, addttl = LONG_MIN;
uint8_t ipv4only = 0, ipv6only = 0;
struct list_node *entry;

debug(DBG_DBG, "confclient_cb called for %s", block);

@@ -2886,6 +2887,19 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
debugx(1, DBG_ERR, "malloc failed");
}

if (conf->tlsconf) {
for (entry = list_first(clconfs); entry; entry = list_next(entry)) {
existing = (struct clsrvconf *)entry->data;

if (existing->type == conf->type &&
existing->tlsconf != conf->tlsconf &&
hostportmatches(existing->hostports, conf->hostports, 0)) {

debugx(1, DBG_ERR, "error in block %s, overlapping clients must reference the same tls block", block);
}
}
}

conf->lock = malloc(sizeof(pthread_mutex_t));
if (!conf->lock)
debugx(1, DBG_ERR, "malloc failed");
843 changes: 843 additions & 0 deletions radsecproxy.conf.5

Large diffs are not rendered by default.

1,066 changes: 0 additions & 1,066 deletions radsecproxy.conf.5.xml

This file was deleted.

0 comments on commit dd01731

Please sign in to comment.