/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c

Bug Summary

File:	src/usr.sbin/radiusd/radiusd/../radiusd.c
Warning:	line 969, column 7 Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name radiusd.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/radiusd/radiusd/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/usr.sbin/radiusd/radiusd/.. -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -fdebug-compilation-dir=/usr/src/usr.sbin/radiusd/radiusd/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/usr.sbin/radiusd/radiusd/../radiusd.c

1	/* $OpenBSD: radiusd.c,v 1.34 2024/01/08 04:16:48 yasuoka Exp $ */
2
3	/*
4	* Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
5	*
6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above
8	* copyright notice and this permission notice appear in all copies.
9	*
10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/
18
19	#include <sys/types.h>
20	#include <netinet/in.h>
21	#include <arpa/inet.h>
22	#include <sys/queue.h>
23	#include <sys/socket.h>
24	#include <sys/time.h>
25	#include <sys/uio.h>
26	#include <sys/wait.h>
27
28	#include <err.h>
29	#include <errno(*__errno()).h>
30	#include <event.h>
31	#include <fcntl.h>
32	#include <fnmatch.h>
33	#include <imsg.h>
34	#include <md5.h>
35	#include <netdb.h>
36	#include <pwd.h>
37	#include <signal.h>
38	#include <stdbool.h>
39	#include <stdio.h>
40	#include <stdlib.h>
41	#include <string.h>
42	#include <syslog.h>
43	#include <unistd.h>
44
45	#include <radius.h>
46
47	#include "radiusd.h"
48	#include "radiusd_local.h"
49	#include "log.h"
50	#include "util.h"
51	#include "imsg_subr.h"
52
53	static int radiusd_start(struct radiusd *);
54	static void radiusd_stop(struct radiusd *);
55	static void radiusd_free(struct radiusd *);
56	static void radiusd_listen_on_event(int, short, void *);
57	static void radiusd_on_sigterm(int, short, void *);
58	static void radiusd_on_sigint(int, short, void *);
59	static void radiusd_on_sighup(int, short, void *);
60	static void radiusd_on_sigchld(int, short, void *);
61	static void radius_query_request(struct radius_query *);
62	static void radius_query_response(struct radius_query *);
63	static const char *radius_code_string(int);
64	static int radiusd_access_response_fixup (struct radius_query *);
65
66
67
68	static void radiusd_module_reset_ev_handler(
69	struct radiusd_module *);
70	static int radiusd_module_imsg_read(struct radiusd_module *,
71	bool_Bool);
72	static void radiusd_module_imsg(struct radiusd_module *,
73	struct imsg *);
74
75	static struct radiusd_module_radpkt_arg *
76	radiusd_module_recv_radpkt(struct radiusd_module *,
77	struct imsg , uint32_t, const char );
78	static void radiusd_module_on_imsg_io(int, short, void *);
79	void radiusd_module_start(struct radiusd_module *);
80	void radiusd_module_stop(struct radiusd_module *);
81	static void radiusd_module_close(struct radiusd_module *);
82	static void radiusd_module_userpass(struct radiusd_module *,
83	struct radius_query *);
84	static void radiusd_module_access_request(struct radiusd_module *,
85	struct radius_query *);
86	static void radiusd_module_request_decoration(
87	struct radiusd_module , struct radius_query );
88	static void radiusd_module_response_decoration(
89	struct radiusd_module , struct radius_query );
90	static int imsg_compose_radius_packet(struct imsgbuf *,
91	uint32_t, u_int, RADIUS_PACKET *);
92
93	static u_int radius_query_id_seq = 0;
94	int debug = 0;
95
96	static __dead__attribute__((__noreturn__)) void
97	usage(void)
98	{
99	extern char *__progname;
100
101	fprintf(stderr(&__sF[2]), "usage: %s [-dn] [-f file]\n", __progname);
102	exit(EXIT_FAILURE1);
103	}
104
105	int
106	main(int argc, char *argv[])
107	{
108	extern char *__progname;
109	const char *conffile = CONFFILE"/etc/radiusd.conf";
110	int ch;
111	struct radiusd *radiusd;
112	bool_Bool noaction = false0;
113	struct passwd *pw;
114
115	while ((ch = getopt(argc, argv, "df:n")) != -1)
116	switch (ch) {
117	case 'd':
118	debug++;
119	break;
120
121	case 'f':
122	conffile = optarg;
123	break;
124
125	case 'n':
126	noaction = true1;
127	break;
128
129	default:
130	usage();
131	/* NOTREACHED */
132	}
133
134	argc -= optind;
135	argv += optind;
136
137	if (argc != 0)
138	usage();
139
140	if ((radiusd = calloc(1, sizeof(radiusd))) == NULL((void )0))
141	err(1, "calloc");
142	TAILQ_INIT(&radiusd->listen)do { (&radiusd->listen)->tqh_first = ((void *)0); ( &radiusd->listen)->tqh_last = &(&radiusd-> listen)->tqh_first; } while (0);
143	TAILQ_INIT(&radiusd->query)do { (&radiusd->query)->tqh_first = ((void *)0); (& radiusd->query)->tqh_last = &(&radiusd->query )->tqh_first; } while (0);
144
145	log_init(debug);
146	if (parse_config(conffile, radiusd) != 0)
147	errx(EXIT_FAILURE1, "config error");
148	if (noaction) {
149	fprintf(stderr(&__sF[2]), "configuration OK\n");
150	exit(EXIT_SUCCESS0);
151	}
152
153	if (debug == 0)
154	daemon(0, 0);
155	event_init();
156
157	if ((pw = getpwnam(RADIUSD_USER"_radiusd")) == NULL((void *)0))
158	errx(EXIT_FAILURE1, "user `%s' is not found in password "
159	"database", RADIUSD_USER"_radiusd");
160
161	if (chroot(pw->pw_dir) == -1)
162	err(EXIT_FAILURE1, "chroot");
163	if (chdir("/") == -1)
164	err(EXIT_FAILURE1, "chdir(\"/\")");
165
166	if (setgroups(1, &pw->pw_gid) \|\|
167	setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) \|\|
168	setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
169	err(EXIT_FAILURE1, "cannot drop privileges");
170
171	signal(SIGPIPE13, SIG_IGN(void (*)(int))1);
172	openlog(NULL((void *)0), LOG_PID0x01, LOG_DAEMON(3<<3));
173
174	signal_set(&radiusd->ev_sigterm, SIGTERM, radiusd_on_sigterm, radiusd)event_set(&radiusd->ev_sigterm, 15, 0x08\|0x10, radiusd_on_sigterm , radiusd);
175	signal_set(&radiusd->ev_sigint, SIGINT, radiusd_on_sigint, radiusd)event_set(&radiusd->ev_sigint, 2, 0x08\|0x10, radiusd_on_sigint , radiusd);
176	signal_set(&radiusd->ev_sighup, SIGHUP, radiusd_on_sighup, radiusd)event_set(&radiusd->ev_sighup, 1, 0x08\|0x10, radiusd_on_sighup , radiusd);
177	signal_set(&radiusd->ev_sigchld, SIGCHLD, radiusd_on_sigchld, radiusd)event_set(&radiusd->ev_sigchld, 20, 0x08\|0x10, radiusd_on_sigchld , radiusd);
178
179	if (radiusd_start(radiusd) != 0)
180	errx(EXIT_FAILURE1, "start failed");
181
182	if (pledge("stdio inet", NULL((void *)0)) == -1)
183	err(EXIT_FAILURE1, "pledge");
184
185	if (event_loop(0) < 0)
186	radiusd_stop(radiusd);
187
188	radiusd_free(radiusd);
189	event_base_free(NULL((void *)0));
190
191	exit(EXIT_SUCCESS0);
192	}
193
194	static int
195	radiusd_start(struct radiusd *radiusd)
196	{
197	struct radiusd_listen *l;
198	struct radiusd_module *module;
199	int s;
200	char hbuf[NI_MAXHOST256];
201
202	TAILQ_FOREACH(l, &radiusd->listen, next)for((l) = ((&radiusd->listen)->tqh_first); (l) != ( (void *)0); (l) = ((l)->next.tqe_next)) {
203	if (getnameinfo(
204	(struct sockaddr *)&l->addr, l->addr.ipv4.sin_len,
205	hbuf, sizeof(hbuf), NULL((void *)0), 0, NI_NUMERICHOST1) != 0) {
206	log_warn("%s: getnameinfo()", __func__);
207	goto on_error;
208	}
209	if ((s = socket(l->addr.ipv4.sin_family,
210	l->stype \| SOCK_NONBLOCK0x4000, l->sproto)) == -1) {
211	log_warn("Listen %s port %d is failed: socket()",
212	hbuf, (int)htons(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 \| ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port)));
213	goto on_error;
214	}
215	if (bind(s, (struct sockaddr *)&l->addr, l->addr.ipv4.sin_len)
216	!= 0) {
217	log_warn("Listen %s port %d is failed: bind()",
218	hbuf, (int)htons(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 \| ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port)));
219	close(s);
220	goto on_error;
221	}
222	if (l->addr.ipv4.sin_family == AF_INET2)
223	log_info("Start listening on %s:%d/udp", hbuf,
224	(int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 \| ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port)));
225	else
226	log_info("Start listening on [%s]:%d/udp", hbuf,
227	(int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 \| ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port)));
228	event_set(&l->ev, s, EV_READ0x02 \| EV_PERSIST0x10,
229	radiusd_listen_on_event, l);
230	if (event_add(&l->ev, NULL((void *)0)) != 0) {
231	log_warn("event_add() failed at %s()", __func__);
232	close(s);
233	goto on_error;
234	}
235	l->sock = s;
236	l->radiusd = radiusd;
237	}
238
239	signal_add(&radiusd->ev_sigterm, NULL)event_add(&radiusd->ev_sigterm, ((void *)0));
240	signal_add(&radiusd->ev_sigint, NULL)event_add(&radiusd->ev_sigint, ((void *)0));
241	signal_add(&radiusd->ev_sighup, NULL)event_add(&radiusd->ev_sighup, ((void *)0));
242	signal_add(&radiusd->ev_sigchld, NULL)event_add(&radiusd->ev_sigchld, ((void *)0));
243
244	TAILQ_FOREACH(module, &radiusd->module, next)for((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0); (module) = ((module)->next.tqe_next)) {
245	if (debug > 0)
246	radiusd_module_set(module, "_debug", 0, NULL((void *)0));
247	radiusd_module_start(module);
248	}
249
250	return (0);
251	on_error:
252	radiusd_stop(radiusd);
253
254	return (-1);
255	}
256
257	static void
258	radiusd_stop(struct radiusd *radiusd)
259	{
260	char hbuf[NI_MAXHOST256];
261	struct radiusd_listen *l;
262	struct radiusd_module *module;
263
264	TAILQ_FOREACH_REVERSE(l, &radiusd->listen, radiusd_listen_head, next)for((l) = ((((struct radiusd_listen_head )((&radiusd-> listen)->tqh_last))->tqh_last)); (l) != ((void )0); (l ) = ((((struct radiusd_listen_head *)((l)->next.tqe_prev) )->tqh_last))) {
265	if (l->sock >= 0) {
266	if (getnameinfo(
267	(struct sockaddr *)&l->addr, l->addr.ipv4.sin_len,
268	hbuf, sizeof(hbuf), NULL((void *)0), 0, NI_NUMERICHOST1) != 0)
269	strlcpy(hbuf, "error", sizeof(hbuf));
270	if (l->addr.ipv4.sin_family == AF_INET2)
271	log_info("Stop listening on %s:%d/udp", hbuf,
272	(int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 \| ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port)));
273	else
274	log_info("Stop listening on [%s]:%d/udp", hbuf,
275	(int)ntohs(l->addr.ipv4.sin_port)(__uint16_t)(__builtin_constant_p(l->addr.ipv4.sin_port) ? (__uint16_t)(((__uint16_t)(l->addr.ipv4.sin_port) & 0xffU ) << 8 \| ((__uint16_t)(l->addr.ipv4.sin_port) & 0xff00U ) >> 8) : __swap16md(l->addr.ipv4.sin_port)));
276	event_del(&l->ev);
277	close(l->sock);
278	}
279	l->sock = -1;
280	}
281	TAILQ_FOREACH(module, &radiusd->module, next)for((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0); (module) = ((module)->next.tqe_next)) {
282	radiusd_module_stop(module);
283	radiusd_module_close(module);
284	}
285	if (signal_pending(&radiusd->ev_sigterm, NULL)event_pending(&radiusd->ev_sigterm, 0x08, ((void *)0)))
286	signal_del(&radiusd->ev_sigterm)event_del(&radiusd->ev_sigterm);
287	if (signal_pending(&radiusd->ev_sigint, NULL)event_pending(&radiusd->ev_sigint, 0x08, ((void *)0)))
288	signal_del(&radiusd->ev_sigint)event_del(&radiusd->ev_sigint);
289	if (signal_pending(&radiusd->ev_sighup, NULL)event_pending(&radiusd->ev_sighup, 0x08, ((void *)0)))
290	signal_del(&radiusd->ev_sighup)event_del(&radiusd->ev_sighup);
291	if (signal_pending(&radiusd->ev_sigchld, NULL)event_pending(&radiusd->ev_sigchld, 0x08, ((void *)0)))
292	signal_del(&radiusd->ev_sigchld)event_del(&radiusd->ev_sigchld);
293	}
294
295	static void
296	radiusd_free(struct radiusd *radiusd)
297	{
298	int i;
299	struct radiusd_listen listn, listnt;
300	struct radiusd_client client, clientt;
301	struct radiusd_module module, modulet;
302	struct radiusd_module_ref modref, modreft;
303	struct radiusd_authentication authen, authent;
304
305	TAILQ_FOREACH_SAFE(authen, &radiusd->authen, next, authent)for ((authen) = ((&radiusd->authen)->tqh_first); (authen ) != ((void *)0) && ((authent) = ((authen)->next.tqe_next ), 1); (authen) = (authent)) {
306	TAILQ_REMOVE(&radiusd->authen, authen, next)do { if (((authen)->next.tqe_next) != ((void )0)) (authen )->next.tqe_next->next.tqe_prev = (authen)->next.tqe_prev ; else (&radiusd->authen)->tqh_last = (authen)-> next.tqe_prev; (authen)->next.tqe_prev = (authen)->next .tqe_next; ; ; } while (0);
307	free(authen->auth);
308	TAILQ_FOREACH_SAFE(modref, &authen->deco, next, modreft)for ((modref) = ((&authen->deco)->tqh_first); (modref ) != ((void *)0) && ((modreft) = ((modref)->next.tqe_next ), 1); (modref) = (modreft)) {
309	TAILQ_REMOVE(&authen->deco, modref, next)do { if (((modref)->next.tqe_next) != ((void )0)) (modref )->next.tqe_next->next.tqe_prev = (modref)->next.tqe_prev ; else (&authen->deco)->tqh_last = (modref)->next .tqe_prev; (modref)->next.tqe_prev = (modref)->next.tqe_next ; ; ; } while (0);
310	free(modref);
311	}
312	for (i = 0; authen->username[i] != NULL((void *)0); i++)
313	free(authen->username[i]);
314	free(authen->username);
315	free(authen);
316	}
317	TAILQ_FOREACH_SAFE(module, &radiusd->module, next, modulet)for ((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0) && ((modulet) = ((module)->next.tqe_next ), 1); (module) = (modulet)) {
318	TAILQ_REMOVE(&radiusd->module, module, next)do { if (((module)->next.tqe_next) != ((void )0)) (module )->next.tqe_next->next.tqe_prev = (module)->next.tqe_prev ; else (&radiusd->module)->tqh_last = (module)-> next.tqe_prev; (module)->next.tqe_prev = (module)->next .tqe_next; ; ; } while (0);
319	radiusd_module_unload(module);
320	}
321	TAILQ_FOREACH_SAFE(client, &radiusd->client, next, clientt)for ((client) = ((&radiusd->client)->tqh_first); (client ) != ((void *)0) && ((clientt) = ((client)->next.tqe_next ), 1); (client) = (clientt)) {
322	TAILQ_REMOVE(&radiusd->client, client, next)do { if (((client)->next.tqe_next) != ((void )0)) (client )->next.tqe_next->next.tqe_prev = (client)->next.tqe_prev ; else (&radiusd->client)->tqh_last = (client)-> next.tqe_prev; (client)->next.tqe_prev = (client)->next .tqe_next; ; ; } while (0);
323	explicit_bzero(client->secret, sizeof(client->secret));
324	free(client);
325	}
326	TAILQ_FOREACH_SAFE(listn, &radiusd->listen, next, listnt)for ((listn) = ((&radiusd->listen)->tqh_first); (listn ) != ((void *)0) && ((listnt) = ((listn)->next.tqe_next ), 1); (listn) = (listnt)) {
327	TAILQ_REMOVE(&radiusd->listen, listn, next)do { if (((listn)->next.tqe_next) != ((void )0)) (listn)-> next.tqe_next->next.tqe_prev = (listn)->next.tqe_prev; else (&radiusd->listen)->tqh_last = (listn)->next.tqe_prev ; (listn)->next.tqe_prev = (listn)->next.tqe_next; ; ; } while (0);
328	free(listn);
329	}
330	free(radiusd);
331	}
332
333	/***********************************************************************
334	* Network event handlers
335	***********************************************************************/
336	#define IPv4_cmp(_in, _addr, _mask)( ((_in)->s_addr & (_mask)->addr.ipv4.s_addr) == (_addr )->addr.ipv4.s_addr) ( \
337	((_in)->s_addr & (_mask)->addr.ipv4.s_addr) == \
338	(_addr)->addr.ipv4.s_addr)
339	#define s6_addr32(_in6)((uint32_t )(_in6)->__u6_addr.__u6_addr8) ((uint32_t )(_in6)->s6_addr__u6_addr.__u6_addr8)
340	#define IPv6_cmp(_in6, _addr, _mask)( ((((uint32_t )(_in6)->__u6_addr.__u6_addr8)[3] & (_mask )->addr.addr32[3]) == (_addr)->addr.addr32[3]) && ((((uint32_t )(_in6)->__u6_addr.__u6_addr8)[2] & (_mask )->addr.addr32[2]) == (_addr)->addr.addr32[2]) && ((((uint32_t )(_in6)->__u6_addr.__u6_addr8)[1] & (_mask )->addr.addr32[1]) == (_addr)->addr.addr32[1]) && ((((uint32_t )(_in6)->__u6_addr.__u6_addr8)[0] & (_mask )->addr.addr32[0]) == (_addr)->addr.addr32[0])) ( \
341	((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[3] & (_mask)->addr.addr32[3]) \
342	== (_addr)->addr.addr32[3]) && \
343	((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[2] & (_mask)->addr.addr32[2]) \
344	== (_addr)->addr.addr32[2]) && \
345	((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[1] & (_mask)->addr.addr32[1]) \
346	== (_addr)->addr.addr32[1]) && \
347	((s6_addr32(_in6)((uint32_t *)(_in6)->__u6_addr.__u6_addr8)[0] & (_mask)->addr.addr32[0]) \
348	== (_addr)->addr.addr32[0]))
349
350	static void
351	radiusd_listen_on_event(int fd, short evmask, void *ctx)
352	{
353	int i, sz, req_id, req_code;
354	struct radiusd_listen *listn = ctx;
355	static u_char buf[65535];
356	static char username[256];
357	struct sockaddr_storage peer;
358	socklen_t peersz;
359	RADIUS_PACKET packet = NULL((void )0);
360	char peerstr[NI_MAXHOST256 + NI_MAXSERV32 + 30];
361	struct radiusd_authentication *authen;
362	struct radiusd_client *client;
363	struct radius_query *q;
364	#define in(_x) (((struct sockaddr_in *)_x)->sin_addr)
365	#define in6(_x) (((struct sockaddr_in6 *)_x)->sin6_addr)
366
367	if (evmask & EV_READ0x02) {
368	peersz = sizeof(peer);
369	if ((sz = recvfrom(listn->sock, buf, sizeof(buf), 0,
370	(struct sockaddr *)&peer, &peersz)) == -1) {
371	if (errno(*__errno()) == EAGAIN35)
372	return;
373	log_warn("%s: recvfrom() failed", __func__);
374	goto on_error;
375	}
376	RADIUSD_ASSERT(peer.ss_family == AF_INET \|\|do { if (!(peer.ss_family == 2 \|\| peer.ss_family == 24)) { log_warnx ( "ASSERT(%s) failed in %s() at %s:%d", "peer.ss_family == AF_INET \|\| peer.ss_family == AF_INET6" , __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c", 377); if (debug) abort(); } } while (0 )
377	peer.ss_family == AF_INET6)do { if (!(peer.ss_family == 2 \|\| peer.ss_family == 24)) { log_warnx ( "ASSERT(%s) failed in %s() at %s:%d", "peer.ss_family == AF_INET \|\| peer.ss_family == AF_INET6" , __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c", 377); if (debug) abort(); } } while (0 );
378
379	/* prepare some information about this messages */
380	if (addrport_tostring((struct sockaddr *)&peer, peersz,
381	peerstr, sizeof(peerstr)) == NULL((void *)0)) {
382	log_warn("%s: getnameinfo() failed", __func__);
383	goto on_error;
384	}
385	if ((packet = radius_convert_packet(buf, sz)) == NULL((void *)0)) {
386	log_warn("%s: radius_convert_packet() failed",
387	__func__);
388	goto on_error;
389	}
390	req_id = radius_get_id(packet);
391	req_code = radius_get_code(packet);
392
393	/*
394	* Find a matching `client' entry
395	*/
396	TAILQ_FOREACH(client, &listn->radiusd->client, next)for((client) = ((&listn->radiusd->client)->tqh_first ); (client) != ((void *)0); (client) = ((client)->next.tqe_next )) {
397	if (client->af != peer.ss_family)
398	continue;
399	if (peer.ss_family == AF_INET2 &&
400	IPv4_cmp(&((struct sockaddr_in )&peer)->sin_addr,( ((&((struct sockaddr_in )&peer)->sin_addr)-> s_addr & (&client->mask)->addr.ipv4.s_addr) == ( &client->addr)->addr.ipv4.s_addr)
401	&client->addr, &client->mask)( ((&((struct sockaddr_in *)&peer)->sin_addr)-> s_addr & (&client->mask)->addr.ipv4.s_addr) == ( &client->addr)->addr.ipv4.s_addr))
402	break;
403	else if (peer.ss_family == AF_INET624 &&
404	IPv6_cmp(&((struct sockaddr_in6 )&peer)->sin6_addr,( ((((uint32_t )(&((struct sockaddr_in6 )&peer)-> sin6_addr)->__u6_addr.__u6_addr8)[3] & (&client-> mask)->addr.addr32[3]) == (&client->addr)->addr. addr32[3]) && ((((uint32_t )(&((struct sockaddr_in6 )&peer)->sin6_addr)->__u6_addr.__u6_addr8)[2] & (&client->mask)->addr.addr32[2]) == (&client-> addr)->addr.addr32[2]) && ((((uint32_t )(&((struct sockaddr_in6 )&peer)->sin6_addr)->__u6_addr.__u6_addr8 )[1] & (&client->mask)->addr.addr32[1]) == (& client->addr)->addr.addr32[1]) && ((((uint32_t )(&((struct sockaddr_in6 *)&peer)->sin6_addr)-> __u6_addr.__u6_addr8)[0] & (&client->mask)->addr .addr32[0]) == (&client->addr)->addr.addr32[0]))
405	&client->addr, &client->mask)( ((((uint32_t )(&((struct sockaddr_in6 )&peer)-> sin6_addr)->__u6_addr.__u6_addr8)[3] & (&client-> mask)->addr.addr32[3]) == (&client->addr)->addr. addr32[3]) && ((((uint32_t )(&((struct sockaddr_in6 )&peer)->sin6_addr)->__u6_addr.__u6_addr8)[2] & (&client->mask)->addr.addr32[2]) == (&client-> addr)->addr.addr32[2]) && ((((uint32_t )(&((struct sockaddr_in6 )&peer)->sin6_addr)->__u6_addr.__u6_addr8 )[1] & (&client->mask)->addr.addr32[1]) == (& client->addr)->addr.addr32[1]) && ((((uint32_t * )(&((struct sockaddr_in6 *)&peer)->sin6_addr)-> __u6_addr.__u6_addr8)[0] & (&client->mask)->addr .addr32[0]) == (&client->addr)->addr.addr32[0])))
406	break;
407	}
408	if (client == NULL((void *)0)) {
409	log_warnx("Received %s(code=%d) from %s id=%d: "
410	"no `client' matches", radius_code_string(req_code),
411	req_code, peerstr, req_id);
412	goto on_error;
413	}
414
415	/* Check the client's Message-Authenticator */
416	if (client->msgauth_required &&
417	!radius_has_attr(packet,
418	RADIUS_TYPE_MESSAGE_AUTHENTICATOR80)) {
419	log_warnx("Received %s(code=%d) from %s id=%d: "
420	"no message authenticator",
421	radius_code_string(req_code), req_code, peerstr,
422	req_id);
423	goto on_error;
424	}
425
426	if (radius_has_attr(packet,
427	RADIUS_TYPE_MESSAGE_AUTHENTICATOR80) &&
428	radius_check_message_authenticator(packet, client->secret)
429	!= 0) {
430	log_warnx("Received %s(code=%d) from %s id=%d: "
431	"bad message authenticator",
432	radius_code_string(req_code), req_code, peerstr,
433	req_id);
434	goto on_error;
435	}
436
437	/*
438	* Find a duplicate request. In RFC 2865, it has the same
439	* source IP address and source UDP port and Identifier.
440	*/
441	TAILQ_FOREACH(q, &listn->radiusd->query, next)for((q) = ((&listn->radiusd->query)->tqh_first); (q) != ((void *)0); (q) = ((q)->next.tqe_next)) {
442	if (peer.ss_family == q->clientaddr.ss_family &&
443	((peer.ss_family == AF_INET2 &&
444	in(&q->clientaddr).s_addr ==
445	in(&peer).s_addr) \|\|
446	(peer.ss_family == AF_INET624 &&
447	IN6_ARE_ADDR_EQUAL((memcmp(&(&in6(&q->clientaddr))->__u6_addr. __u6_addr8[0], &(&in6(&peer))->__u6_addr.__u6_addr8 [0], sizeof(struct in6_addr)) == 0)
448	&in6(&q->clientaddr), &in6(&peer))(memcmp(&(&in6(&q->clientaddr))->__u6_addr. __u6_addr8[0], &(&in6(&peer))->__u6_addr.__u6_addr8 [0], sizeof(struct in6_addr)) == 0))) &&
449	((struct sockaddr_in *)&q->clientaddr)->sin_port ==
450	((struct sockaddr_in *)&peer)->sin_port &&
451	req_id == q->req_id)
452	break; /* found it */
453	}
454	if (q != NULL((void *)0)) {
455	log_info("Received %s(code=%d) from %s id=%d: "
456	"duplicate request by q=%u",
457	radius_code_string(req_code), req_code, peerstr,
458	req_id, q->id);
459	/* XXX RFC 5080 suggests to answer the cached result */
460	goto on_error;
461	}
462
463	/* FIXME: we can support other request codes */
464	if (req_code != RADIUS_CODE_ACCESS_REQUEST1) {
465	log_info("Received %s(code=%d) from %s id=%d: %s "
466	"is not supported in this implementation",
467	radius_code_string(req_code), req_code, peerstr,
468	req_id, radius_code_string(req_code));
469	goto on_error;
470	}
471
472	/*
473	* Find a matching `authenticate' entry
474	*/
475	if (radius_get_string_attr(packet, RADIUS_TYPE_USER_NAME1,
476	username, sizeof(username)) != 0) {
477	log_info("Received %s(code=%d) from %s id=%d: "
478	"no User-Name attribute",
479	radius_code_string(req_code), req_code, peerstr,
480	req_id);
481	goto on_error;
482	}
483	TAILQ_FOREACH(authen, &listn->radiusd->authen, next)for((authen) = ((&listn->radiusd->authen)->tqh_first ); (authen) != ((void *)0); (authen) = ((authen)->next.tqe_next )) {
484	for (i = 0; authen->username[i] != NULL((void *)0); i++) {
485	if (fnmatch(authen->username[i], username, 0)
486	== 0)
487	goto found;
488	}
489	}
490	found:
491	if (authen == NULL((void *)0)) {
492	log_warnx("Received %s(code=%d) from %s id=%d "
493	"username=%s: no `authenticate' matches.",
494	radius_code_string(req_code), req_code, peerstr,
495	req_id, username);
496	goto on_error;
497	}
498	RADIUSD_ASSERT(authen->auth != NULL)do { if (!(authen->auth != ((void *)0))) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "authen->auth != NULL", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 498); if (debug) abort(); } } while (0 );
499
500	if (!MODULE_DO_USERPASS(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x1) != 0) &&
501	!MODULE_DO_ACCSREQ(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x2) != 0)) {
502	log_warnx("Received %s(code=%d) from %s id=%d "
503	"username=%s: module `%s' is not running.",
504	radius_code_string(req_code), req_code, peerstr,
505	req_id, username, authen->auth->module->name);
506	goto on_error;
507	}
508	if ((q = calloc(1, sizeof(struct radius_query))) == NULL((void *)0)) {
509	log_warn("%s: Out of memory", __func__);
510	goto on_error;
511	}
512	memcpy(&q->clientaddr, &peer, peersz);
513	strlcpy(q->username, username, sizeof(q->username));
514	q->id = ++radius_query_id_seq;
515	q->clientaddrlen = peersz;
516	q->authen = authen;
517	q->listen = listn;
518	q->req = packet;
519	q->client = client;
520	q->req_id = req_id;
521	radius_get_authenticator(packet, q->req_auth);
522
523	log_info("Received %s(code=%d) from %s id=%d username=%s "
524	"q=%u: `%s' authentication is starting",
525	radius_code_string(req_code), req_code, peerstr, q->req_id,
526	q->username, q->id, q->authen->auth->module->name);
527	TAILQ_INSERT_TAIL(&listn->radiusd->query, q, next)do { (q)->next.tqe_next = ((void )0); (q)->next.tqe_prev = (&listn->radiusd->query)->tqh_last; (&listn ->radiusd->query)->tqh_last = (q); (&listn->radiusd ->query)->tqh_last = &(q)->next.tqe_next; } while (0);
528
529	radius_query_request(q);
530
531	return;
532	}
533	on_error:
534	if (packet != NULL((void *)0))
535	radius_delete_packet(packet);
536	#undef in
537	#undef in6
538
539	return;
540	}
541
542	static void
543	radius_query_request(struct radius_query *q)
544	{
545	struct radiusd_authentication *authen = q->authen;
546
547	/* first or next request decoration */
548	for (;;) {
549	if (q->deco == NULL((void *)0))
550	q->deco = TAILQ_FIRST(&q->authen->deco)((&q->authen->deco)->tqh_first);
551	else
552	q->deco = TAILQ_NEXT(q->deco, next)((q->deco)->next.tqe_next);
553	if (q->deco == NULL((void *)0) \|\| MODULE_DO_REQDECO(q->deco->module)((q->deco->module)->fd >= 0 && ((q->deco ->module)->capabilities & 0x4) != 0))
554	break;
555	}
556
557	if (q->deco != NULL((void *)0))
558	radiusd_module_request_decoration(q->deco->module, q);
559	else {
560	RADIUSD_ASSERT(authen->auth != NULL)do { if (!(authen->auth != ((void *)0))) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "authen->auth != NULL", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 560); if (debug) abort(); } } while (0 );
561	if (MODULE_DO_ACCSREQ(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x2) != 0))
562	radiusd_module_access_request(authen->auth->module, q);
563	else if (MODULE_DO_USERPASS(authen->auth->module)((authen->auth->module)->fd >= 0 && ((authen ->auth->module)->capabilities & 0x1) != 0))
564	radiusd_module_userpass(authen->auth->module, q);
565	}
566	}
567
568	static void
569	radius_query_response(struct radius_query *q)
570	{
571	int sz, res_id, res_code;
572	char buf[NI_MAXHOST256 + NI_MAXSERV32 + 30];
573
574	/* first or next response decoration */
575	for (;;) {
576	if (q->deco == NULL((void *)0))
577	q->deco = TAILQ_FIRST(&q->authen->deco)((&q->authen->deco)->tqh_first);
578	else
579	q->deco = TAILQ_NEXT(q->deco, next)((q->deco)->next.tqe_next);
580	if (q->deco == NULL((void *)0) \|\| MODULE_DO_RESDECO(q->deco->module)((q->deco->module)->fd >= 0 && ((q->deco ->module)->capabilities & 0x8) != 0))
581	break;
582	}
583
584	if (q->deco != NULL((void *)0)) {
585	radiusd_module_response_decoration(q->deco->module, q);
586	return;
587	}
588
589	if (radiusd_access_response_fixup(q) != 0)
590	goto on_error;
591
592	res_id = radius_get_id(q->res);
593	res_code = radius_get_code(q->res);
594
595	/* Reset response/message authenticator */
596	if (radius_has_attr(q->res, RADIUS_TYPE_MESSAGE_AUTHENTICATOR80))
597	radius_del_attr_all(q->res, RADIUS_TYPE_MESSAGE_AUTHENTICATOR80);
598	radius_put_message_authenticator(q->res, q->client->secret);
599	radius_set_response_authenticator(q->res, q->client->secret);
600
601	log_info("Sending %s(code=%d) to %s id=%u q=%u",
602	radius_code_string(res_code), res_code,
603	addrport_tostring((struct sockaddr *)&q->clientaddr,
604	q->clientaddrlen, buf, sizeof(buf)), res_id, q->id);
605
606	if ((sz = sendto(q->listen->sock, radius_get_data(q->res),
607	radius_get_length(q->res), 0,
608	(struct sockaddr *)&q->clientaddr, q->clientaddrlen)) <= 0)
609	log_warn("Sending a RADIUS response failed");
610	on_error:
611	radiusd_access_request_aborted(q);
612
613	}
614
615	/***********************************************************************
616	* Callback functions from the modules
617	***********************************************************************/
618	void
619	radiusd_access_request_answer(struct radius_query *q)
620	{
621	const char *authen_secret = q->authen->auth->module->secret;
622
623	radius_set_request_packet(q->res, q->req);
624
625	if (authen_secret == NULL((void *)0)) {
626	/*
627	* The module diddn't check the authenticators
628	*/
629	if (radius_check_response_authenticator(q->res,
630	q->client->secret) != 0) {
631	log_info("Response from module has bad response "
632	"authenticator: id=%d", q->id);
633	goto on_error;
634	}
635	if (radius_has_attr(q->res,
636	RADIUS_TYPE_MESSAGE_AUTHENTICATOR80) &&
637	radius_check_message_authenticator(q->res,
638	q->client->secret) != 0) {
639	log_info("Response from module has bad message "
640	"authenticator: id=%d", q->id);
641	goto on_error;
642	}
643	}
644
645	RADIUSD_ASSERT(q->deco == NULL)do { if (!(q->deco == ((void *)0))) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "q->deco == NULL", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 645); if (debug) abort(); } } while (0 );
646	radius_query_response(q);
647
648	return;
649	on_error:
650	radiusd_access_request_aborted(q);
651	}
652
653	void
654	radiusd_access_request_aborted(struct radius_query *q)
655	{
656	if (q->req != NULL((void *)0))
657	radius_delete_packet(q->req);
658	if (q->res != NULL((void *)0))
659	radius_delete_packet(q->res);
660	TAILQ_REMOVE(&q->listen->radiusd->query, q, next)do { if (((q)->next.tqe_next) != ((void )0)) (q)->next .tqe_next->next.tqe_prev = (q)->next.tqe_prev; else (& q->listen->radiusd->query)->tqh_last = (q)->next .tqe_prev; (q)->next.tqe_prev = (q)->next.tqe_next; ; ; } while (0);
661	free(q);
662	}
663
664	/***********************************************************************
665	* Signal handlers
666	***********************************************************************/
667	static void
668	radiusd_on_sigterm(int fd, short evmask, void *ctx)
669	{
670	struct radiusd *radiusd = ctx;
671
672	log_info("Received SIGTERM");
673	radiusd_stop(radiusd);
674	}
675
676	static void
677	radiusd_on_sigint(int fd, short evmask, void *ctx)
678	{
679	struct radiusd *radiusd = ctx;
680
681	log_info("Received SIGINT");
682	radiusd_stop(radiusd);
683	}
684
685	static void
686	radiusd_on_sighup(int fd, short evmask, void *ctx)
687	{
688	log_info("Received SIGHUP");
689	}
690
691	static void
692	radiusd_on_sigchld(int fd, short evmask, void *ctx)
693	{
694	struct radiusd *radiusd = ctx;
695	struct radiusd_module *module;
696	pid_t pid;
697	int status;
698
699	log_debug("Received SIGCHLD");
700	while ((pid = wait3(&status, WNOHANG0x01, NULL((void *)0))) != 0) {
701	if (pid == -1)
702	break;
703	TAILQ_FOREACH(module, &radiusd->module, next)for((module) = ((&radiusd->module)->tqh_first); (module ) != ((void *)0); (module) = ((module)->next.tqe_next)) {
704	if (module->pid == pid) {
705	if (WIFEXITED(status)(((status) & 0177) == 0))
706	log_warnx("module `%s'(pid=%d) exited "
707	"with status %d", module->name,
708	(int)pid, WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff));
709	else
710	log_warnx("module `%s'(pid=%d) exited "
711	"by signal %d", module->name,
712	(int)pid, WTERMSIG(status)(((status) & 0177)));
713	break;
714	}
715	}
716	if (!module) {
717	if (WIFEXITED(status)(((status) & 0177) == 0))
718	log_warnx("unkown child process pid=%d exited "
719	"with status %d", (int)pid,
720	WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff));
721	else
722	log_warnx("unkown child process pid=%d exited "
723	"by signal %d", (int)pid,
724	WTERMSIG(status)(((status) & 0177)));
725	}
726	}
727	}
728
729	static const char *
730	radius_code_string(int code)
731	{
732	int i;
733	struct _codestrings {
734	int code;
735	const char *string;
736	} codestrings[] = {
737	{ RADIUS_CODE_ACCESS_REQUEST1, "Access-Request" },
738	{ RADIUS_CODE_ACCESS_ACCEPT2, "Access-Accept" },
739	{ RADIUS_CODE_ACCESS_REJECT3, "Access-Reject" },
740	{ RADIUS_CODE_ACCOUNTING_REQUEST4, "Accounting-Request" },
741	{ RADIUS_CODE_ACCOUNTING_RESPONSE5, "Accounting-Response" },
742	{ RADIUS_CODE_ACCESS_CHALLENGE11, "Access-Challenge" },
743	{ RADIUS_CODE_STATUS_SERVER12, "Status-Server" },
744	{ RADIUS_CODE_STATUS_CLIENT13, "Status-Client" },
745	{ -1, NULL((void *)0) }
746	};
747
748	for (i = 0; codestrings[i].code != -1; i++)
749	if (codestrings[i].code == code)
750	return (codestrings[i].string);
751
752	return ("Unknown");
753	}
754
755	void
756	radiusd_conf_init(struct radiusd *conf)
757	{
758
759	TAILQ_INIT(&conf->listen)do { (&conf->listen)->tqh_first = ((void *)0); (& conf->listen)->tqh_last = &(&conf->listen)-> tqh_first; } while (0);
760	TAILQ_INIT(&conf->module)do { (&conf->module)->tqh_first = ((void *)0); (& conf->module)->tqh_last = &(&conf->module)-> tqh_first; } while (0);
761	TAILQ_INIT(&conf->authen)do { (&conf->authen)->tqh_first = ((void *)0); (& conf->authen)->tqh_last = &(&conf->authen)-> tqh_first; } while (0);
762	TAILQ_INIT(&conf->client)do { (&conf->client)->tqh_first = ((void *)0); (& conf->client)->tqh_last = &(&conf->client)-> tqh_first; } while (0);
763
764	return;
765	}
766
767	/*
768	* Fix some attributes which depend the secret value.
769	*/
770	static int
771	radiusd_access_response_fixup(struct radius_query *q)
772	{
773	int res_id;
774	size_t attrlen;
775	u_char req_auth[16], attrbuf[256];
776	const char *authen_secret = q->authen->auth->module->secret;
777
778	radius_get_authenticator(q->req, req_auth);
779
780	if ((authen_secret != NULL((void *)0) &&
781	strcmp(authen_secret, q->client->secret) != 0) \|\|
782	timingsafe_bcmp(q->req_auth, req_auth, 16) != 0) {
783	const char *olds = q->client->secret;
784	const char *news = authen_secret;
785
786	if (news == NULL((void *)0))
787	news = olds;
788
789	/* RFC 2865 Tunnel-Password */
790	attrlen = sizeof(attrbuf);
791	if (radius_get_raw_attr(q->res, RADIUS_TYPE_TUNNEL_PASSWORD69,
792	attrbuf, &attrlen) == 0) {
793	radius_attr_unhide(news, req_auth,
794	attrbuf, attrbuf + 3, attrlen - 3);
795	radius_attr_hide(olds, q->req_auth,
796	attrbuf, attrbuf + 3, attrlen - 3);
797
798	radius_del_attr_all(q->res,
799	RADIUS_TYPE_TUNNEL_PASSWORD69);
800	radius_put_raw_attr(q->res,
801	RADIUS_TYPE_TUNNEL_PASSWORD69, attrbuf, attrlen);
802	}
803
804	/* RFC 2548 Microsoft MPPE-{Send,Recv}-Key */
805	attrlen = sizeof(attrbuf);
806	if (radius_get_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311,
807	RADIUS_VTYPE_MPPE_SEND_KEY16, attrbuf, &attrlen) == 0) {
808
809	/* Re-crypt the KEY */
810	radius_attr_unhide(news, req_auth,
811	attrbuf, attrbuf + 2, attrlen - 2);
812	radius_attr_hide(olds, q->req_auth,
813	attrbuf, attrbuf + 2, attrlen - 2);
814
815	radius_del_vs_attr_all(q->res, RADIUS_VENDOR_MICROSOFT311,
816	RADIUS_VTYPE_MPPE_SEND_KEY16);
817	radius_put_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311,
818	RADIUS_VTYPE_MPPE_SEND_KEY16, attrbuf, attrlen);
819	}
820	attrlen = sizeof(attrbuf);
821	if (radius_get_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311,
822	RADIUS_VTYPE_MPPE_RECV_KEY17, attrbuf, &attrlen) == 0) {
823
824	/* Re-crypt the KEY */
825	radius_attr_unhide(news, req_auth,
826	attrbuf, attrbuf + 2, attrlen - 2);
827	radius_attr_hide(olds, q->req_auth,
828	attrbuf, attrbuf + 2, attrlen - 2);
829
830	radius_del_vs_attr_all(q->res, RADIUS_VENDOR_MICROSOFT311,
831	RADIUS_VTYPE_MPPE_RECV_KEY17);
832	radius_put_vs_raw_attr(q->res, RADIUS_VENDOR_MICROSOFT311,
833	RADIUS_VTYPE_MPPE_RECV_KEY17, attrbuf, attrlen);
834	}
835	}
836
837	res_id = radius_get_id(q->res);
838	if (res_id != q->req_id) {
839	/* authentication server change the id */
840	radius_set_id(q->res, q->req_id);
841	}
842
843	return (0);
844	}
845
846	void
847	radius_attr_hide(const char secret, const char authenticator,
848	const u_char salt, u_char plain, int plainlen)
849	{
850	int i, j;
851	u_char b[16];
852	MD5_CTX md5ctx;
853
854	i = 0;
855	do {
856	MD5Init(&md5ctx);
857	MD5Update(&md5ctx, secret, strlen(secret));
858	if (i == 0) {
859	MD5Update(&md5ctx, authenticator, 16);
860	if (salt != NULL((void *)0))
861	MD5Update(&md5ctx, salt, 2);
862	} else
863	MD5Update(&md5ctx, plain + i - 16, 16);
864	MD5Final(b, &md5ctx);
865
866	for (j = 0; j < 16 && i < plainlen; i++, j++)
867	plain[i] ^= b[j];
868	} while (i < plainlen);
869	}
870
871	void
872	radius_attr_unhide(const char secret, const char authenticator,
873	const u_char salt, u_char crypt0, int crypt0len)
874	{
875	int i, j;
876	u_char b[16];
877	MD5_CTX md5ctx;
878
879	i = 16 * ((crypt0len - 1) / 16);
880	while (i >= 0) {
881	MD5Init(&md5ctx);
882	MD5Update(&md5ctx, secret, strlen(secret));
883	if (i == 0) {
884	MD5Update(&md5ctx, authenticator, 16);
885	if (salt != NULL((void *)0))
886	MD5Update(&md5ctx, salt, 2);
887	} else
888	MD5Update(&md5ctx, crypt0 + i - 16, 16);
889	MD5Final(b, &md5ctx);
890
891	for (j = 0; j < 16 && i + j < crypt0len; j++)
892	crypt0[i + j] ^= b[j];
893	i -= 16;
894	}
895	}
896
897	static struct radius_query *
898	radiusd_find_query(struct radiusd *radiusd, u_int q_id)
899	{
900	struct radius_query *q;
901
902	TAILQ_FOREACH(q, &radiusd->query, next)for((q) = ((&radiusd->query)->tqh_first); (q) != (( void *)0); (q) = ((q)->next.tqe_next)) {
903	if (q->id == q_id)
904	return (q);
905	}
906	return (NULL((void *)0));
907	}
908
909	/***********************************************************************
910	* radiusd module handling
911	***********************************************************************/
912	struct radiusd_module *
913	radiusd_module_load(struct radiusd radiusd, const char path, const char *name)
914	{
915	struct radiusd_module module = NULL((void )0);
916	pid_t pid;
917	int ival, pairsock[] = { -1, -1 };
918	const char *av[3];
919	ssize_t n;
920	struct imsg imsg;
921
922	module = calloc(1, sizeof(struct radiusd_module));
923	if (module == NULL((void *)0))
924	fatal("Out of memory");
925	module->radiusd = radiusd;
926
927	if (socketpair(AF_UNIX1, SOCK_STREAM1, PF_UNSPEC0, pairsock) == -1) {
928	log_warn("Could not load module `%s'(%s): pipe()", name, path);
929	goto on_error;
930	}
931
932	pid = fork();
933	if (pid == -1) {
934	log_warn("Could not load module `%s'(%s): fork()", name, path);
935	goto on_error;
936	}
937	if (pid == 0) {
938	setsid();
939	close(pairsock[0]);
940	av[0] = path;
941	av[1] = name;
942	av[2] = NULL((void *)0);
943	dup2(pairsock[1], STDIN_FILENO0);
944	dup2(pairsock[1], STDOUT_FILENO1);
945	close(pairsock[1]);
946	closefrom(STDERR_FILENO2 + 1);
947	execv(path, (char * const *)av);
948	log_warn("Failed to execute %s", path);
949	_exit(EXIT_FAILURE1);
950	}
951	close(pairsock[1]);
952
953	module->fd = pairsock[0];
954	if ((ival = fcntl(module->fd, F_GETFL3)) == -1) {
955	log_warn("Could not load module `%s': fcntl(F_GETFL)",
956	name);
957	goto on_error;
958	}
959	if (fcntl(module->fd, F_SETFL4, ival \| O_NONBLOCK0x0004) == -1) {
960	log_warn("Could not load module `%s': fcntl(F_SETFL,O_NONBLOCK)",
961	name);
962	goto on_error;
963	}
964	strlcpy(module->name, name, sizeof(module->name));
965	module->pid = pid;
966	imsg_init(&module->ibuf, module->fd);
967
968	if (imsg_sync_read(&module->ibuf, MODULE_IO_TIMEOUT2000) <= 0 \|\|
969	(n = imsg_get(&module->ibuf, &imsg)) <= 0) {
	Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
970	log_warnx("Could not load module `%s': module didn't "
971	"respond", name);
972	goto on_error;
973	}
974	if (imsg.hdr.type != IMSG_RADIUSD_MODULE_LOAD) {
975	imsg_free(&imsg);
976	log_warnx("Could not load module `%s': unknown imsg type=%d",
977	name, imsg.hdr.type);
978	goto on_error;
979	}
980
981	module->capabilities =
982	((struct radiusd_module_load_arg *)imsg.data)->cap;
983
984	log_debug("Loaded module `%s' successfully. pid=%d", module->name,
985	module->pid);
986	imsg_free(&imsg);
987
988	return (module);
989
990	on_error:
991	free(module);
992	if (pairsock[0] >= 0)
993	close(pairsock[0]);
994	if (pairsock[1] >= 0)
995	close(pairsock[1]);
996
997	return (NULL((void *)0));
998	}
999
1000	void
1001	radiusd_module_start(struct radiusd_module *module)
1002	{
1003	int datalen;
1004	struct imsg imsg;
1005	struct timeval tv = { 0, 0 };
1006
1007	RADIUSD_ASSERT(module->fd >= 0)do { if (!(module->fd >= 0)) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "module->fd >= 0", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 1007); if (debug) abort(); } } while (0 );
1008	imsg_compose(&module->ibuf, IMSG_RADIUSD_MODULE_START, 0, 0, -1,
1009	NULL((void *)0), 0);
1010	imsg_sync_flush(&module->ibuf, MODULE_IO_TIMEOUT2000);
1011	if (imsg_sync_read(&module->ibuf, MODULE_IO_TIMEOUT2000) <= 0 \|\|
1012	imsg_get(&module->ibuf, &imsg) <= 0) {
1013	log_warnx("Module `%s' could not start: no response",
1014	module->name);
1015	goto on_fail;
1016	}
1017
1018	datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1019	if (imsg.hdr.type != IMSG_OK) {
1020	if (imsg.hdr.type == IMSG_NG) {
1021	if (datalen > 0)
1022	log_warnx("Module `%s' could not start: %s",
1023	module->name, (char *)imsg.data);
1024	else
1025	log_warnx("Module `%s' could not start",
1026	module->name);
1027	} else
1028	log_warnx("Module `%s' could not started: module "
1029	"returned unknown message type %d", module->name,
1030	imsg.hdr.type);
1031	goto on_fail;
1032	}
1033
1034	event_set(&module->ev, module->fd, EV_READ0x02, radiusd_module_on_imsg_io,
1035	module);
1036	event_add(&module->ev, &tv);
1037	log_debug("Module `%s' started successfully", module->name);
1038
1039	return;
1040	on_fail:
1041	radiusd_module_close(module);
1042	return;
1043	}
1044
1045	void
1046	radiusd_module_stop(struct radiusd_module *module)
1047	{
1048	module->stopped = true1;
1049
1050	if (module->secret != NULL((void *)0)) {
1051	freezero(module->secret, strlen(module->secret));
1052	module->secret = NULL((void *)0);
1053	}
1054
1055	if (module->fd >= 0) {
1056	imsg_compose(&module->ibuf, IMSG_RADIUSD_MODULE_STOP, 0, 0, -1,
1057	NULL((void *)0), 0);
1058	radiusd_module_reset_ev_handler(module);
1059	}
1060	}
1061
1062	static void
1063	radiusd_module_close(struct radiusd_module *module)
1064	{
1065	if (module->fd >= 0) {
1066	event_del(&module->ev);
1067	imsg_clear(&module->ibuf);
1068	close(module->fd);
1069	module->fd = -1;
1070	}
1071	}
1072
1073	void
1074	radiusd_module_unload(struct radiusd_module *module)
1075	{
1076	free(module->radpkt);
1077	radiusd_module_close(module);
1078	free(module);
1079	}
1080
1081	static void
1082	radiusd_module_on_imsg_io(int fd, short evmask, void *ctx)
1083	{
1084	struct radiusd_module *module = ctx;
1085	int ret;
1086
1087	if (evmask & EV_WRITE0x04)
1088	module->writeready = true1;
1089
1090	if (evmask & EV_READ0x02 \|\| module->ibuf.r.wpos > IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) {
1091	if (radiusd_module_imsg_read(module,
1092	(evmask & EV_READ0x02)? true1 : false0) == -1)
1093	goto on_error;
1094	}
1095
1096	while (module->writeready && module->ibuf.w.queued) {
1097	ret = msgbuf_write(&module->ibuf.w);
1098	if (ret > 0)
1099	continue;
1100	module->writeready = false0;
1101	if (ret == 0 && errno(*__errno()) == EAGAIN35)
1102	break;
1103	log_warn("Failed to write to module `%s': msgbuf_write()",
1104	module->name);
1105	goto on_error;
1106	}
1107	radiusd_module_reset_ev_handler(module);
1108
1109	return;
1110	on_error:
1111	radiusd_module_close(module);
1112	}
1113
1114	static void
1115	radiusd_module_reset_ev_handler(struct radiusd_module *module)
1116	{
1117	short evmask;
1118	struct timeval tvp = NULL((void )0), tv = { 0, 0 };
1119
1120	RADIUSD_ASSERT(module->fd >= 0)do { if (!(module->fd >= 0)) { log_warnx( "ASSERT(%s) failed in %s() at %s:%d" , "module->fd >= 0", __func__, "/usr/src/usr.sbin/radiusd/radiusd/../radiusd.c" , 1120); if (debug) abort(); } } while (0 );
1121	event_del(&module->ev);
1122
1123	evmask = EV_READ0x02;
1124	if (module->ibuf.w.queued) {
1125	if (!module->writeready)
1126	evmask \|= EV_WRITE0x04;
1127	else
1128	tvp = &tv; /* fire immediately */
1129	} else if (module->ibuf.r.wpos > IMSG_HEADER_SIZEsizeof(struct imsg_hdr))
1130	tvp = &tv; /* fire immediately */
1131
1132	/* module stopped and no event handler is set */
1133	if (evmask & EV_WRITE0x04 && tvp == NULL((void *)0) && module->stopped) {
1134	/* stop requested and no more to write */
1135	radiusd_module_close(module);
1136	return;
1137	}
1138
1139	event_set(&module->ev, module->fd, evmask, radiusd_module_on_imsg_io,
1140	module);
1141	if (event_add(&module->ev, tvp) == -1) {
1142	log_warn("Could not set event handlers for module `%s': "
1143	"event_add()", module->name);
1144	radiusd_module_close(module);
1145	}
1146	}
1147
1148	static int
1149	radiusd_module_imsg_read(struct radiusd_module *module, bool_Bool doread)
1150	{
1151	int n;
1152	struct imsg imsg;
1153
1154	if (doread) {
1155	if ((n = imsg_read(&module->ibuf)) == -1 \|\| n == 0) {
1156	if (n == -1 && errno(*__errno()) == EAGAIN35)
1157	return (0);
1158	if (n == -1)
1159	log_warn("Receiving a message from module `%s' "
1160	"failed: imsg_read", module->name);
1161	/* else closed */
1162	radiusd_module_close(module);
1163	return (-1);
1164	}
1165	}
1166	for (;;) {
1167	if ((n = imsg_get(&module->ibuf, &imsg)) == -1) {
1168	log_warn("Receiving a message from module `%s' failed: "
1169	"imsg_get", module->name);
1170	return (-1);
1171	}
1172	if (n == 0)
1173	return (0);
1174	radiusd_module_imsg(module, &imsg);
1175	}
1176
1177	return (0);
1178	}
1179
1180	static void
1181	radiusd_module_imsg(struct radiusd_module module, struct imsg imsg)
1182	{
1183	int datalen;
1184	struct radius_query *q;
1185	u_int q_id;
1186
1187	datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1188	switch (imsg->hdr.type) {
1189	case IMSG_RADIUSD_MODULE_NOTIFY_SECRET:
1190	if (datalen > 0) {
1191	module->secret = strdup(imsg->data);
1192	if (module->secret == NULL((void *)0))
1193	log_warn("Could not handle NOTIFY_SECRET "
1194	"from `%s'", module->name);
1195	}
1196	break;
1197	case IMSG_RADIUSD_MODULE_USERPASS_OK:
1198	case IMSG_RADIUSD_MODULE_USERPASS_FAIL:
1199	{
1200	char msg = NULL((void )0);
1201	const char *msgtypestr;
1202
1203	msgtypestr = (imsg->hdr.type == IMSG_RADIUSD_MODULE_USERPASS_OK)
1204	? "USERPASS_OK" : "USERPASS_NG";
1205
1206	q_id = (u_int )imsg->data;
1207	if (datalen > (ssize_t)sizeof(u_int))
1208	msg = (char )(((u_int )imsg->data) + 1);
1209
1210	q = radiusd_find_query(module->radiusd, q_id);
1211	if (q == NULL((void *)0)) {
1212	log_warnx("Received %s from `%s', but query id=%u "
1213	"unknown", msgtypestr, module->name, q_id);
1214	break;
1215	}
1216
1217	if ((q->res = radius_new_response_packet(
1218	(imsg->hdr.type == IMSG_RADIUSD_MODULE_USERPASS_OK)
1219	? RADIUS_CODE_ACCESS_ACCEPT2 : RADIUS_CODE_ACCESS_REJECT3,
1220	q->req)) == NULL((void *)0)) {
1221	log_warn("radius_new_response_packet() failed");
1222	radiusd_access_request_aborted(q);
1223	} else {
1224	if (msg)
1225	radius_put_string_attr(q->res,
1226	RADIUS_TYPE_REPLY_MESSAGE18, msg);
1227	radius_set_response_authenticator(q->res,
1228	q->client->secret);
1229	radiusd_access_request_answer(q);
1230	}
1231	break;
1232	}
1233	case IMSG_RADIUSD_MODULE_ACCSREQ_ANSWER:
1234	case IMSG_RADIUSD_MODULE_REQDECO_DONE:
1235	case IMSG_RADIUSD_MODULE_RESDECO_DONE:
1236	{
1237	static struct radiusd_module_radpkt_arg *ans;
1238	const char *typestr = "unknown";
1239
1240	switch (imsg->hdr.type) {
1241	case IMSG_RADIUSD_MODULE_ACCSREQ_ANSWER:
1242	typestr = "ACCSREQ_ANSWER";
1243	break;
1244	case IMSG_RADIUSD_MODULE_REQDECO_DONE:
1245	typestr = "REQDECO_DONE";
1246	break;
1247	case IMSG_RADIUSD_MODULE_RESDECO_DONE:
1248	typestr = "RESDECO_DONE";
1249	break;
1250	}
1251
1252	if (datalen <
1253	(ssize_t)sizeof(struct radiusd_module_radpkt_arg)) {
1254	log_warnx("Received %s message, but length is wrong",
1255	typestr);
1256	break;
1257	}
1258	q_id = ((struct radiusd_module_radpkt_arg *)imsg->data)->q_id;
1259	q = radiusd_find_query(module->radiusd, q_id);
1260	if (q == NULL((void *)0)) {
1261	log_warnx("Received %s from %s, but query id=%u "
1262	"unknown", typestr, module->name, q_id);
1263	break;
1264	}
1265	if ((ans = radiusd_module_recv_radpkt(module, imsg,
1266	imsg->hdr.type, typestr)) != NULL((void *)0)) {
1267	RADIUS_PACKET radpkt = NULL((void )0);
1268
1269	if (module->radpktoff > 0 &&
1270	(radpkt = radius_convert_packet(
1271	module->radpkt, module->radpktoff)) == NULL((void *)0)) {
1272	log_warn("q=%u radius_convert_packet() failed",
1273	q->id);
1274	radiusd_access_request_aborted(q);
1275	break;
1276	}
1277	module->radpktoff = 0;
1278	switch (imsg->hdr.type) {
1279	case IMSG_RADIUSD_MODULE_REQDECO_DONE:
1280	if (radpkt != NULL((void *)0)) {
1281	radius_delete_packet(q->req);
1282	q->req = radpkt;
1283	}
1284	radius_query_request(q);
1285	break;
1286	case IMSG_RADIUSD_MODULE_ACCSREQ_ANSWER:
1287	if (radpkt == NULL((void *)0)) {
1288	log_warn("q=%u wrong pkt from module",
1289	q->id);
1290	radiusd_access_request_aborted(q);
1291	}
1292	q->res = radpkt;
1293	radiusd_access_request_answer(q);
1294	break;
1295	case IMSG_RADIUSD_MODULE_RESDECO_DONE:
1296	if (radpkt != NULL((void *)0)) {
1297	radius_delete_packet(q->res);
1298	radius_set_request_packet(radpkt,
1299	q->req);
1300	q->res = radpkt;
1301	}
1302	radius_query_response(q);
1303	break;
1304	}
1305	}
1306	break;
1307	}
1308	case IMSG_RADIUSD_MODULE_ACCSREQ_ABORTED:
1309	{
1310	q_id = ((u_int )imsg->data);
1311	q = radiusd_find_query(module->radiusd, q_id);
1312	if (q == NULL((void *)0)) {
1313	log_warnx("Received ACCSREQ_ABORT from %s, but query "
1314	"id=%u unknown", module->name, q_id);
1315	break;
1316	}
1317	radiusd_access_request_aborted(q);
1318	break;
1319	}
1320	default:
1321	RADIUSD_DBG(("Unhandled imsg type=%d from %s", imsg->hdr.type,
1322	module->name));
1323	}
1324	}
1325
1326	static struct radiusd_module_radpkt_arg *
1327	radiusd_module_recv_radpkt(struct radiusd_module module, struct imsg imsg,
1328	uint32_t imsg_type, const char *type_str)
1329	{
1330	struct radiusd_module_radpkt_arg *ans;
1331	int datalen, chunklen;
1332
1333	datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1334	ans = (struct radiusd_module_radpkt_arg *)imsg->data;
1335	if (module->radpktsiz < ans->pktlen) {
1336	u_char *nradpkt;
1337	if ((nradpkt = realloc(module->radpkt, ans->pktlen)) == NULL((void *)0)) {
1338	log_warn("Could not handle received %s message from "
1339	"`%s'", type_str, module->name);
1340	goto on_fail;
1341	}
1342	module->radpkt = nradpkt;
1343	module->radpktsiz = ans->pktlen;
1344	}
1345	chunklen = datalen - sizeof(struct radiusd_module_radpkt_arg);
1346	if (chunklen > module->radpktsiz - module->radpktoff) {
1347	log_warnx("Could not handle received %s message from `%s': "
1348	"received length is too big", type_str, module->name);
1349	goto on_fail;
1350	}
1351	if (chunklen > 0) {
1352	memcpy(module->radpkt + module->radpktoff,
1353	(caddr_t)(ans + 1), chunklen);
1354	module->radpktoff += chunklen;
1355	}
1356	if (!ans->final)
1357	return (NULL((void )0)); / again */
1358	if (module->radpktoff != ans->pktlen) {
1359	log_warnx("Could not handle received %s message from `%s': "
1360	"length is mismatch", type_str, module->name);
1361	goto on_fail;
1362	}
1363
1364	return (ans);
1365	on_fail:
1366	module->radpktoff = 0;
1367	return (NULL((void *)0));
1368	}
1369
1370	int
1371	radiusd_module_set(struct radiusd_module module, const char name,
1372	int argc, char * const * argv)
1373	{
1374	struct radiusd_module_set_arg arg;
1375	struct radiusd_module_object *val;
1376	int i, niov = 0;
1377	u_char buf = NULL((void )0), *buf0;
1378	ssize_t n;
1379	size_t bufsiz = 0, bufoff = 0, bufsiz0;
1380	size_t vallen, valsiz;
1381	struct iovec iov[2];
1382	struct imsg imsg;
1383
1384	memset(&arg, 0, sizeof(arg));
1385	arg.nparamval = argc;
1386	strlcpy(arg.paramname, name, sizeof(arg.paramname));
1387
1388	iov[niov].iov_base = &arg;
1389	iov[niov].iov_len = sizeof(struct radiusd_module_set_arg);
1390	niov++;
1391
1392	for (i = 0; i < argc; i++) {
1393	vallen = strlen(argv[i]) + 1;
1394	valsiz = sizeof(struct radiusd_module_object) + vallen;
1395	if (bufsiz < bufoff + valsiz) {
1396	bufsiz0 = bufoff + valsiz + 128;
1397	if ((buf0 = realloc(buf, bufsiz0)) == NULL((void *)0)) {
1398	log_warn("Failed to set config parameter to "
1399	"module `%s': realloc", module->name);
1400	goto on_error;
1401	}
1402	buf = buf0;
1403	bufsiz = bufsiz0;
1404	memset(buf + bufoff, 0, bufsiz - bufoff);
1405	}
1406	val = (struct radiusd_module_object *)(buf + bufoff);
1407	val->size = valsiz;
1408	memcpy(val + 1, argv[i], vallen);
1409
1410	bufoff += valsiz;
1411	}
1412	iov[niov].iov_base = buf;
1413	iov[niov].iov_len = bufoff;
1414	niov++;
1415
1416	if (imsg_composev(&module->ibuf, IMSG_RADIUSD_MODULE_SET_CONFIG, 0, 0,
1417	-1, iov, niov) == -1) {
1418	log_warn("Failed to set config parameter to module `%s': "
1419	"imsg_composev", module->name);
1420	goto on_error;
1421	}
1422	if (imsg_sync_flush(&module->ibuf, MODULE_IO_TIMEOUT2000) == -1) {
1423	log_warn("Failed to set config parameter to module `%s': "
1424	"imsg_flush_timeout", module->name);
1425	goto on_error;
1426	}
1427	for (;;) {
1428	if (imsg_sync_read(&module->ibuf, MODULE_IO_TIMEOUT2000) <= 0) {
1429	log_warn("Failed to get reply from module `%s': "
1430	"imsg_sync_read", module->name);
1431	goto on_error;
1432	}
1433	if ((n = imsg_get(&module->ibuf, &imsg)) > 0)
1434	break;
1435	if (n < 0) {
1436	log_warn("Failed to get reply from module `%s': "
1437	"imsg_get", module->name);
1438	goto on_error;
1439	}
1440	}
1441	if (imsg.hdr.type == IMSG_NG) {
1442	log_warnx("Could not set `%s' for module `%s': %s", name,
1443	module->name, (char *)imsg.data);
1444	goto on_error;
1445	} else if (imsg.hdr.type != IMSG_OK) {
1446	imsg_free(&imsg);
1447	log_warnx("Failed to get reply from module `%s': "
1448	"unknown imsg type=%d", module->name, imsg.hdr.type);
1449	goto on_error;
1450	}
1451	imsg_free(&imsg);
1452
1453	free(buf);
1454	return (0);
1455
1456	on_error:
1457	free(buf);
1458	return (-1);
1459	}
1460
1461	static void
1462	radiusd_module_userpass(struct radiusd_module module, struct radius_query q)
1463	{
1464	struct radiusd_module_userpass_arg userpass;
1465
1466	memset(&userpass, 0, sizeof(userpass));
1467	userpass.q_id = q->id;
1468
1469	if (radius_get_user_password_attr(q->req, userpass.pass,
1470	sizeof(userpass.pass), q->client->secret) == 0)
1471	userpass.has_pass = true1;
1472	else
1473	userpass.has_pass = false0;
1474	if (radius_get_string_attr(q->req, RADIUS_TYPE_USER_NAME1,
1475	userpass.user, sizeof(userpass.user)) != 0) {
1476	log_warnx("q=%u no User-Name attribute", q->id);
1477	goto on_error;
1478	}
1479	imsg_compose(&module->ibuf, IMSG_RADIUSD_MODULE_USERPASS, 0, 0, -1,
1480	&userpass, sizeof(userpass));
1481	radiusd_module_reset_ev_handler(module);
1482	return;
1483	on_error:
1484	radiusd_access_request_aborted(q);
1485	}
1486
1487	static void
1488	radiusd_module_access_request(struct radiusd_module *module,
1489	struct radius_query *q)
1490	{
1491	RADIUS_PACKET *radpkt;
1492	char pass[256];
1493
1494	if ((radpkt = radius_convert_packet(radius_get_data(q->req),
1495	radius_get_length(q->req))) == NULL((void *)0)) {
1496	log_warn("q=%u Could not send ACCSREQ to `%s'", q->id,
1497	module->name);
1498	radiusd_access_request_aborted(q);
1499	return;
1500	}
1501	if (q->client->secret[0] != '\0' && module->secret != NULL((void *)0) &&
1502	radius_get_user_password_attr(radpkt, pass, sizeof(pass),
1503	q->client->secret) == 0) {
1504	radius_del_attr_all(radpkt, RADIUS_TYPE_USER_PASSWORD2);
1505	(void)radius_put_raw_attr(radpkt, RADIUS_TYPE_USER_PASSWORD2,
1506	pass, strlen(pass));
1507	}
1508	if (imsg_compose_radius_packet(&module->ibuf,
1509	IMSG_RADIUSD_MODULE_ACCSREQ, q->id, radpkt) == -1) {
1510	log_warn("q=%u Could not send ACCSREQ to `%s'", q->id,
1511	module->name);
1512	radiusd_access_request_aborted(q);
1513	}
1514	radiusd_module_reset_ev_handler(module);
1515	radius_delete_packet(radpkt);
1516	}
1517
1518	static void
1519	radiusd_module_request_decoration(struct radiusd_module *module,
1520	struct radius_query *q)
1521	{
1522	if (module->fd < 0) {
1523	log_warnx("q=%u Could not send REQDECO to `%s': module is "
1524	"not running?", q->id, module->name);
1525	radiusd_access_request_aborted(q);
1526	return;
1527	}
1528	if (imsg_compose_radius_packet(&module->ibuf,
1529	IMSG_RADIUSD_MODULE_REQDECO, q->id, q->req) == -1) {
1530	log_warn("q=%u Could not send REQDECO to `%s'", q->id,
1531	module->name);
1532	radiusd_access_request_aborted(q);
1533	return;
1534	}
1535	radiusd_module_reset_ev_handler(module);
1536	}
1537
1538	static void
1539	radiusd_module_response_decoration(struct radiusd_module *module,
1540	struct radius_query *q)
1541	{
1542	if (module->fd < 0) {
1543	log_warnx("q=%u Could not send RESDECO to `%s': module is "
1544	"not running?", q->id, module->name);
1545	radiusd_access_request_aborted(q);
1546	return;
1547	}
1548	if (imsg_compose_radius_packet(&module->ibuf,
1549	IMSG_RADIUSD_MODULE_RESDECO0_REQ, q->id, q->req) == -1) {
1550	log_warn("q=%u Could not send RESDECO0_REQ to `%s'", q->id,
1551	module->name);
1552	radiusd_access_request_aborted(q);
1553	return;
1554	}
1555	if (imsg_compose_radius_packet(&module->ibuf,
1556	IMSG_RADIUSD_MODULE_RESDECO, q->id, q->res) == -1) {
1557	log_warn("q=%u Could not send RESDECO to `%s'", q->id,
1558	module->name);
1559	radiusd_access_request_aborted(q);
1560	return;
1561	}
1562	radiusd_module_reset_ev_handler(module);
1563	}
1564
1565	static int
1566	imsg_compose_radius_packet(struct imsgbuf *ibuf, uint32_t type, u_int q_id,
1567	RADIUS_PACKET *radpkt)
1568	{
1569	struct radiusd_module_radpkt_arg arg;
1570	int off = 0, len, siz;
1571	struct iovec iov[2];
1572	const u_char *pkt;
1573
1574	pkt = radius_get_data(radpkt);
1575	len = radius_get_length(radpkt);
1576	memset(&arg, 0, sizeof(arg));
1577	arg.q_id = q_id;
1578	arg.pktlen = len;
1579	while (off < len) {
1580	siz = MAX_IMSGSIZE16384 - sizeof(arg);
1581	if (len - off > siz)
1582	arg.final = false0;
1583	else {
1584	arg.final = true1;
1585	siz = len - off;
1586	}
1587	iov[0].iov_base = &arg;
1588	iov[0].iov_len = sizeof(arg);
1589	iov[1].iov_base = (caddr_t)pkt + off;
1590	iov[1].iov_len = siz;
1591	if (imsg_composev(ibuf, type, 0, 0, -1, iov, 2) == -1)
1592	return (-1);
1593	off += siz;
1594	}
1595	return (0);
1596	}