summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--radsecproxy.c55
1 files changed, 40 insertions, 15 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index 94785ac..291d2af 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -995,14 +995,15 @@ int msmppdecrypt(uint8_t *text, uint8_t len, uint8_t *shared, uint8_t sharedlen,
return 1;
}
-struct server *id2server(char *id, uint8_t len) {
+int id2server(struct server **server, char *id, uint8_t len) {
int i;
for (i = 0; i < realm_count; i++)
if (!regexec(&realms[i].regex, id, 0, NULL, 0)) {
debug(DBG_DBG, "found matching realm: %s, host %s", realms[i].name, realms[i].server->peer.host);
- return realms[i].server;
+ *server = realms[i].server;
+ return 1;
}
- return NULL;
+ return 0;
}
int rqinqueue(struct server *to, struct client *from, uint8_t id) {
@@ -1103,6 +1104,21 @@ void respondstatusserver(struct request *rq) {
sendreply(rq->from, resp, rq->from->peer.type == 'U' ? &rq->fromsa : NULL);
}
+void respondreject(struct request *rq) {
+ unsigned char *resp;
+
+ resp = malloc(20);
+ if (!resp) {
+ debug(DBG_ERR, "respondreject: malloc failed");
+ return;
+ }
+ memcpy(resp, rq->buf, 20);
+ resp[0] = RAD_Access_Reject;
+ resp[2] = 0;
+ resp[3] = 20;
+ sendreply(rq->from, resp, rq->from->peer.type == 'U' ? &rq->fromsa : NULL);
+}
+
void radsrv(struct request *rq) {
uint8_t code, id, *auth, *attrs, *attr;
uint16_t len;
@@ -1144,14 +1160,13 @@ void radsrv(struct request *rq) {
username[ATTRVALLEN(attr)] = '\0';
debug(DBG_DBG, "Access Request with username: %s", username);
- to = id2server(username, strlen(username));
- if (!to) {
+ if (!id2server(&to, username, strlen(username))) {
debug(DBG_INFO, "radsrv: ignoring request, don't know where to send it");
free(buf);
return;
}
-
- if (rqinqueue(to, rq->from, id)) {
+
+ if (to && rqinqueue(to, rq->from, id)) {
debug(DBG_INFO, "radsrv: already got request from host %s with id %d, ignoring", rq->from->peer.host, id);
free(buf);
return;
@@ -1169,6 +1184,12 @@ void radsrv(struct request *rq) {
respondstatusserver(rq);
return;
}
+
+ if (!to) {
+ debug(DBG_INFO, "radsrv: sending reject to %s for %s", rq->from->peer.host, username);
+ respondreject(rq);
+ return;
+ }
if (!RAND_bytes(newauth, 16)) {
debug(DBG_WARN, "radsrv: failed to generate random auth");
@@ -1690,13 +1711,15 @@ void addrealm(char *value, char *server) {
int i, n;
struct realm *realm;
char *s, *regex = NULL;
-
- for (i = 0; i < server_count; i++)
- if (!strcasecmp(server, servers[i].peer.host))
- break;
- if (i == server_count)
- debugx(1, DBG_ERR, "addrealm failed, no server %s", server);
+ if (server) {
+ for (i = 0; i < server_count; i++)
+ if (!strcasecmp(server, servers[i].peer.host))
+ break;
+ if (i == server_count)
+ debugx(1, DBG_ERR, "addrealm failed, no server %s", server);
+ }
+
if (*value != '/') {
/* not a regexp, let us make it one */
if (*value == '*' && !value[1])
@@ -1731,7 +1754,8 @@ void addrealm(char *value, char *server) {
realm->name = stringcopy(value, 0);
if (!realm->name)
debugx(1, DBG_ERR, "malloc failed");
- realm->server = servers + i;
+ if (server)
+ realm->server = servers + i;
if (regcomp(&realm->regex, regex ? regex : value + 1, REG_ICASE | REG_NOSUB))
debugx(1, DBG_ERR, "addrealm: failed to compile regular expression %s", regex ? regex : value + 1);
if (regex)
@@ -2098,9 +2122,10 @@ void confrealm_cb(FILE *f, char *opt, char *val) {
"server", CONF_STR, &server,
NULL
);
+#if 0
if (!server)
debugx(1, DBG_ERR, "error in block %s, server must be specified", block);
-
+#endif
addrealm(val, server);
free(server);
free(block);
generated by cgit v1.1 at 2024-10-07 23:39:13 +0000