1 /*
2  * $Id: config.c,v 1.1 2004/11/14 07:26:26 paulus Exp $
3  *
4  * Copyright (C) 1995,1996,1997 Lars Fenneberg
5  *
6  * Copyright 1992 Livingston Enterprises, Inc.
7  *
8  * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan
9  * and Merit Network, Inc. All Rights Reserved
10  *
11  * See the file COPYRIGHT for the respective terms and conditions.
12  * If the file is missing contact me at lf@elemental.net
13  * and I'll send you a copy.
14  *
15  */
16 
17 #include <includes.h>
18 #include <radiusclient.h>
19 #include <options.h>
20 
21 static int test_config(char *);
22 
23 /*
24  * Function: find_option
25  *
26  * Purpose: find an option in the option list
27  *
28  * Returns: pointer to option on success, NULL otherwise
29  */
30 
find_option(char * optname,unsigned int type)31 static OPTION *find_option(char *optname, unsigned int type)
32 {
33 	int i;
34 
35 	/* there're so few options that a binary search seems not necessary */
36 	for (i = 0; i < num_options; i++) {
37 		if (!strcmp(config_options[i].name, optname) &&
38 		    (config_options[i].type & type))
39 			return &config_options[i];
40 	}
41 
42 	return NULL;
43 }
44 
45 /*
46  * Function: set_option_...
47  *
48  * Purpose: set a specific option doing type conversions
49  *
50  * Returns: 0 on success, -1 on failure
51  */
52 
set_option_str(char * filename,int line,OPTION * option,char * p)53 static int set_option_str(char *filename, int line, OPTION *option, char *p)
54 {
55 	if (p)
56 		option->val = (void *) strdup(p);
57 	else
58 		option->val = NULL;
59 
60 	return 0;
61 }
62 
set_option_int(char * filename,int line,OPTION * option,char * p)63 static int set_option_int(char *filename, int line, OPTION *option, char *p)
64 {
65 	int *iptr;
66 
67 	if (p == NULL) {
68 		error("%s: line %d: bogus option value", filename, line);
69 		return (-1);
70 	}
71 
72 	if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) {
73 		novm("read_config");
74 		return (-1);
75 	}
76 
77 	*iptr = atoi(p);
78 	option->val = (void *) iptr;
79 
80 	return 0;
81 }
82 
set_option_srv(char * filename,int line,OPTION * option,char * p)83 static int set_option_srv(char *filename, int line, OPTION *option, char *p)
84 {
85 	SERVER *serv;
86 	char *q;
87 	struct servent *svp;
88 	int i;
89 
90 	if (p == NULL) {
91 		error("%s: line %d: bogus option value", filename, line);
92 		return (-1);
93 	}
94 
95 	serv = (SERVER *) option->val;
96 
97 	for (i = 0; i < serv->max; i++) {
98 		free(serv->name[i]);
99 	}
100 	serv->max = 0;
101 
102 	while ((p = strtok(p, ", \t")) != NULL) {
103 
104 		if ((q = strchr(p,':')) != NULL) {
105 			*q = '\0';
106 			q++;
107 			serv->port[serv->max] = atoi(q);
108 		} else {
109 			if (!strcmp(option->name,"authserver"))
110 				if ((svp = getservbyname ("radius", "udp")) == NULL)
111 					serv->port[serv->max] = PW_AUTH_UDP_PORT;
112 				else
113 					serv->port[serv->max] = ntohs ((unsigned int) svp->s_port);
114 			else if (!strcmp(option->name, "acctserver"))
115 				if ((svp = getservbyname ("radacct", "udp")) == NULL)
116 					serv->port[serv->max] = PW_ACCT_UDP_PORT;
117 				else
118 					serv->port[serv->max] = ntohs ((unsigned int) svp->s_port);
119 			else {
120 				error("%s: line %d: no default port for %s", filename, line, option->name);
121 				return (-1);
122 			}
123 		}
124 
125 		serv->name[serv->max++] = strdup(p);
126 
127 		p = NULL;
128 	}
129 
130 	return 0;
131 }
132 
set_option_auo(char * filename,int line,OPTION * option,char * p)133 static int set_option_auo(char *filename, int line, OPTION *option, char *p)
134 {
135 	int *iptr;
136 
137 	if (p == NULL) {
138 		warn("%s: line %d: bogus option value", filename, line);
139 		return (-1);
140 	}
141 
142 	if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) {
143 			novm("read_config");
144 			return (-1);
145 	}
146 
147 	*iptr = 0;
148 	p = strtok(p, ", \t");
149 
150 	if (!strncmp(p, "local", 5))
151 			*iptr = AUTH_LOCAL_FST;
152 	else if (!strncmp(p, "radius", 6))
153 			*iptr = AUTH_RADIUS_FST;
154 	else {
155 		error("%s: auth_order: unknown keyword: %s", filename, p);
156 		return (-1);
157 	}
158 
159 	p = strtok(NULL, ", \t");
160 
161 	if (p && (*p != '\0')) {
162 		if ((*iptr & AUTH_RADIUS_FST) && !strcmp(p, "local"))
163 			*iptr = (*iptr) | AUTH_LOCAL_SND;
164 		else if ((*iptr & AUTH_LOCAL_FST) && !strcmp(p, "radius"))
165 			*iptr = (*iptr) | AUTH_RADIUS_SND;
166 		else {
167 			error("%s: auth_order: unknown or unexpected keyword: %s", filename, p);
168 			return (-1);
169 		}
170 	}
171 
172 	option->val = (void *) iptr;
173 
174 	return 0;
175 }
176 
177 
178 /*
179  * Function: rc_read_config
180  *
181  * Purpose: read the global config file
182  *
183  * Returns: 0 on success, -1 when failure
184  */
185 
rc_read_config(char * filename)186 int rc_read_config(char *filename)
187 {
188 	FILE *configfd;
189 	char buffer[512], *p;
190 	OPTION *option;
191 	int line, pos;
192 
193 	if ((configfd = fopen(filename,"r")) == NULL)
194 	{
195 		error("rc_read_config: can't open %s: %m", filename);
196 		return (-1);
197 	}
198 
199 	line = 0;
200 	while ((fgets(buffer, sizeof(buffer), configfd) != NULL))
201 	{
202 		line++;
203 		p = buffer;
204 
205 		if ((*p == '\n') || (*p == '#') || (*p == '\0'))
206 			continue;
207 
208 		p[strlen(p)-1] = '\0';
209 
210 
211 		if ((pos = strcspn(p, "\t ")) == 0) {
212 			error("%s: line %d: bogus format: %s", filename, line, p);
213 			return (-1);
214 		}
215 
216 		p[pos] = '\0';
217 
218 		if ((option = find_option(p, OT_ANY)) == NULL) {
219 			warn("%s: line %d: unrecognized keyword: %s", filename, line, p);
220 			continue;
221 		}
222 
223 		if (option->status != ST_UNDEF) {
224 			error("%s: line %d: duplicate option line: %s", filename, line, p);
225 			return (-1);
226 		}
227 
228 		p += pos+1;
229 		while (isspace(*p))
230 			p++;
231 
232 		switch (option->type) {
233 			case OT_STR:
234 				 if (set_option_str(filename, line, option, p) < 0)
235 					return (-1);
236 				break;
237 			case OT_INT:
238 				 if (set_option_int(filename, line, option, p) < 0)
239 					return (-1);
240 				break;
241 			case OT_SRV:
242 				 if (set_option_srv(filename, line, option, p) < 0)
243 					return (-1);
244 				break;
245 			case OT_AUO:
246 				 if (set_option_auo(filename, line, option, p) < 0)
247 					return (-1);
248 				break;
249 			default:
250 				fatal("rc_read_config: impossible case branch!");
251 				abort();
252 		}
253 	}
254 	fclose(configfd);
255 
256 	return test_config(filename);
257 }
258 
259 /*
260  * Function: rc_conf_str, rc_conf_int, rc_conf_src
261  *
262  * Purpose: get the value of a config option
263  *
264  * Returns: config option value
265  */
266 
rc_conf_str(char * optname)267 char *rc_conf_str(char *optname)
268 {
269 	OPTION *option;
270 
271 	option = find_option(optname, OT_STR);
272 
273 	if (option == NULL)
274 		fatal("rc_conf_str: unkown config option requested: %s", optname);
275 		return (char *)option->val;
276 }
277 
rc_conf_int(char * optname)278 int rc_conf_int(char *optname)
279 {
280 	OPTION *option;
281 
282 	option = find_option(optname, OT_INT|OT_AUO);
283 
284 	if (option == NULL)
285 		fatal("rc_conf_int: unkown config option requested: %s", optname);
286 	return *((int *)option->val);
287 }
288 
rc_conf_srv(char * optname)289 SERVER *rc_conf_srv(char *optname)
290 {
291 	OPTION *option;
292 
293 	option = find_option(optname, OT_SRV);
294 
295 	if (option == NULL)
296 		fatal("rc_conf_srv: unkown config option requested: %s", optname);
297 	return (SERVER *)option->val;
298 }
299 
300 /*
301  * Function: test_config
302  *
303  * Purpose: test the configuration the user supplied
304  *
305  * Returns: 0 on success, -1 when failure
306  */
307 
test_config(char * filename)308 static int test_config(char *filename)
309 {
310 #if 0
311 	struct stat st;
312 	char	    *file;
313 #endif
314 
315 	if (!(rc_conf_srv("authserver")->max))
316 	{
317 		error("%s: no authserver specified", filename);
318 		return (-1);
319 	}
320 	if (!(rc_conf_srv("acctserver")->max))
321 	{
322 		error("%s: no acctserver specified", filename);
323 		return (-1);
324 	}
325 	if (!rc_conf_str("servers"))
326 	{
327 		error("%s: no servers file specified", filename);
328 		return (-1);
329 	}
330 	if (!rc_conf_str("dictionary"))
331 	{
332 		error("%s: no dictionary specified", filename);
333 		return (-1);
334 	}
335 
336 	if (rc_conf_int("radius_timeout") <= 0)
337 	{
338 		error("%s: radius_timeout <= 0 is illegal", filename);
339 		return (-1);
340 	}
341 	if (rc_conf_int("radius_retries") <= 0)
342 	{
343 		error("%s: radius_retries <= 0 is illegal", filename);
344 		return (-1);
345 	}
346 
347 #if 0
348 	file = rc_conf_str("login_local");
349 	if (stat(file, &st) == 0)
350 	{
351 		if (!S_ISREG(st.st_mode)) {
352 			error("%s: not a regular file: %s", filename, file);
353 			return (-1);
354 		}
355 	} else {
356 		error("%s: file not found: %s", filename, file);
357 		return (-1);
358 	}
359 	file = rc_conf_str("login_radius");
360 	if (stat(file, &st) == 0)
361 	{
362 		if (!S_ISREG(st.st_mode)) {
363 			error("%s: not a regular file: %s", filename, file);
364 			return (-1);
365 		}
366 	} else {
367 		error("%s: file not found: %s", filename, file);
368 		return (-1);
369 	}
370 #endif
371 
372 	if (rc_conf_int("login_tries") <= 0)
373 	{
374 		error("%s: login_tries <= 0 is illegal", filename);
375 		return (-1);
376 	}
377 	if (rc_conf_str("seqfile") == NULL)
378 	{
379 		error("%s: seqfile not specified", filename);
380 		return (-1);
381 	}
382 	if (rc_conf_int("login_timeout") <= 0)
383 	{
384 		error("%s: login_timeout <= 0 is illegal", filename);
385 		return (-1);
386 	}
387 	if (rc_conf_str("mapfile") == NULL)
388 	{
389 		error("%s: mapfile not specified", filename);
390 		return (-1);
391 	}
392 	if (rc_conf_str("nologin") == NULL)
393 	{
394 		error("%s: nologin not specified", filename);
395 		return (-1);
396 	}
397 
398 	return 0;
399 }
400 
401 /*
402  * Function: rc_find_match
403  *
404  * Purpose: see if ip_addr is one of the ip addresses of hostname
405  *
406  * Returns: 0 on success, -1 when failure
407  *
408  */
409 
find_match(UINT4 * ip_addr,char * hostname)410 static int find_match (UINT4 *ip_addr, char *hostname)
411 {
412 	UINT4           addr;
413 	char          **paddr;
414 	struct hostent *hp;
415 
416 	if (rc_good_ipaddr (hostname) == 0)
417 	{
418 		if (*ip_addr == ntohl(inet_addr (hostname)))
419 		{
420 			return (0);
421 		}
422 	}
423 	else
424 	{
425 		if ((hp = gethostbyname (hostname)) == (struct hostent *) NULL)
426 		{
427 			return (-1);
428 		}
429 		for (paddr = hp->h_addr_list; *paddr; paddr++)
430 		{
431 			addr = ** (UINT4 **) paddr;
432 			if (ntohl(addr) == *ip_addr)
433 			{
434 				return (0);
435 			}
436 		}
437 	}
438 	return (-1);
439 }
440 
441 /*
442  * Function: rc_find_server
443  *
444  * Purpose: search a server in the servers file
445  *
446  * Returns: 0 on success, -1 on failure
447  *
448  */
449 
rc_find_server(char * server_name,UINT4 * ip_addr,char * secret)450 int rc_find_server (char *server_name, UINT4 *ip_addr, char *secret)
451 {
452 	UINT4	myipaddr = 0;
453 	int             len;
454 	int             result;
455 	FILE           *clientfd;
456 	char           *h;
457 	char           *s;
458 	char           *host2;
459 	char            buffer[128];
460 	char            hostnm[AUTH_ID_LEN + 1];
461 
462 	/* Get the IP address of the authentication server */
463 	if ((*ip_addr = rc_get_ipaddr (server_name)) == (UINT4) 0)
464 		return (-1);
465 
466 	if ((clientfd = fopen (rc_conf_str("servers"), "r")) == (FILE *) NULL)
467 	{
468 		error("rc_find_server: couldn't open file: %m: %s", rc_conf_str("servers"));
469 		return (-1);
470 	}
471 
472 	myipaddr = rc_own_ipaddress();
473 
474 	result = 0;
475 	while (fgets (buffer, sizeof (buffer), clientfd) != (char *) NULL)
476 	{
477 		if (*buffer == '#')
478 			continue;
479 
480 		if ((h = strtok (buffer, " \t\n")) == NULL) /* first hostname */
481 			continue;
482 
483 		memset (hostnm, '\0', AUTH_ID_LEN);
484 		len = strlen (h);
485 		if (len > AUTH_ID_LEN)
486 		{
487 			len = AUTH_ID_LEN;
488 		}
489 		strncpy (hostnm, h, (size_t) len);
490 		hostnm[AUTH_ID_LEN] = '\0';
491 
492 		if ((s = strtok (NULL, " \t\n")) == NULL) /* and secret field */
493 			continue;
494 
495 		memset (secret, '\0', MAX_SECRET_LENGTH);
496 		len = strlen (s);
497 		if (len > MAX_SECRET_LENGTH)
498 		{
499 			len = MAX_SECRET_LENGTH;
500 		}
501 		strncpy (secret, s, (size_t) len);
502 		secret[MAX_SECRET_LENGTH] = '\0';
503 
504 		if (!strchr (hostnm, '/')) /* If single name form */
505 		{
506 			if (find_match (ip_addr, hostnm) == 0)
507 			{
508 				result++;
509 				break;
510 			}
511 		}
512 		else /* <name1>/<name2> "paired" form */
513 		{
514 			strtok (hostnm, "/");
515 			if (find_match (&myipaddr, hostnm) == 0)
516 			{	     /* If we're the 1st name, target is 2nd */
517 				host2 = strtok (NULL, " ");
518 				if (find_match (ip_addr, host2) == 0)
519 				{
520 					result++;
521 					break;
522 				}
523 			}
524 			else	/* If we were 2nd name, target is 1st name */
525 			{
526 				if (find_match (ip_addr, hostnm) == 0)
527 				{
528 					result++;
529 					break;
530 				}
531 			}
532 		}
533 	}
534 	fclose (clientfd);
535 	if (result == 0)
536 	{
537 		memset (buffer, '\0', sizeof (buffer));
538 		memset (secret, '\0', sizeof (secret));
539 		error("rc_find_server: couldn't find RADIUS server %s in %s",
540 		      server_name, rc_conf_str("servers"));
541 		return (-1);
542 	}
543 	return 0;
544 }
545