From: Alan T. DeKok Date: Wed, 19 Aug 2015 18:00:18 +0000 (-0400) Subject: When creating default proxy listener, add it to the proxy list. X-Git-Tag: release_3_0_10~207 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edfefde62e7831c9de564556dd1eb82f3af75c44;p=thirdparty%2Ffreeradius-server.git When creating default proxy listener, add it to the proxy list. And create a v6 default listener if required. --- diff --git a/src/main/listen.c b/src/main/listen.c index 86061d6f3fc..8b33e197445 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -2875,7 +2875,7 @@ rad_listen_t *proxy_new_listener(TALLOC_CTX *ctx, home_server_t *home, uint16_t this->print(this, buffer, sizeof(buffer)); } - if (rad_debug_lvl >= 2) { + if (rad_debug_lvl >= 3) { DEBUG("Opened new proxy socket '%s'", buffer); } @@ -3097,9 +3097,6 @@ int listen_init(CONF_SECTION *config, rad_listen_t **head, bool spawn_flag) rad_listen_t *this; fr_ipaddr_t server_ipaddr; uint16_t auth_port = 0; -#ifdef WITH_PROXY - bool defined_proxy = false; -#endif /* * We shouldn't be called with a pre-existing list. @@ -3316,13 +3313,6 @@ add_sockets: * add them to the event list. */ for (this = *head; this != NULL; this = this->next) { -#ifdef WITH_PROXY - if (this->type == RAD_LISTEN_PROXY) { - defined_proxy = true; - } - -#endif - #ifdef WITH_TLS if (!check_config && !spawn_flag && this->tls) { cf_log_err_cs(this->cs, "Threading must be enabled for TLS sockets to function properly"); @@ -3372,57 +3362,6 @@ add_sockets: } } -#ifdef WITH_TCP - if (!home_servers_udp) defined_proxy = true; -#endif - - /* - * If we're proxying requests, open the proxy FD. - * Otherwise, don't do anything. - */ -#ifdef WITH_PROXY - if ((main_config.proxy_requests == true) && - !check_config && - (*head != NULL) && !defined_proxy) { - uint16_t port = 0; - home_server_t home; - - memset(&home, 0, sizeof(home)); - - /* - * Open a default UDP port - */ - home.proto = IPPROTO_UDP; - home.src_ipaddr = server_ipaddr; - port = 0; - - /* - * Address is still unspecified, use IPv4. - */ - if (home.src_ipaddr.af == AF_UNSPEC) { - home.src_ipaddr.af = AF_INET; - /* everything else is already set to zero */ - } - - home.ipaddr.af = home.src_ipaddr.af; - /* everything else is already set to zero */ - - /* - * It's OK to allocate a UDP listener from the - * main config. The listener will never be - * deleted until the server stops and the config - * is freed. - */ - this = proxy_new_listener(config, &home, port); - if (!this) { - listen_free(head); - return -1; - } - - radius_update_listener(this); - } -#endif - /* * Haven't defined any sockets. Die. */ diff --git a/src/main/process.c b/src/main/process.c index 927104ec7d9..24bdeea1caf 100644 --- a/src/main/process.c +++ b/src/main/process.c @@ -4691,11 +4691,14 @@ static int event_new_fd(rad_listen_t *this) rad_assert(sock != NULL); if (just_started) { DEBUG("Listening on %s", buffer); + } else { + INFO(" ... adding new socket %s", buffer); + } #ifdef WITH_PROXY - } else if (this->type == RAD_LISTEN_PROXY) { + if (!just_started && (this->type == RAD_LISTEN_PROXY)) { home_server_t *home; - + home = sock->home; if (!home || !home->limit.max_connections) { INFO(" ... adding new socket %s", buffer); @@ -4705,8 +4708,6 @@ static int event_new_fd(rad_listen_t *this) } #endif - } else { - INFO(" ... adding new socket %s", buffer); } switch (this->type) { @@ -5176,6 +5177,119 @@ static int packet_entry_cmp(void const *one, void const *two) return fr_packet_cmp(*a, *b); } +#ifdef WITH_PROXY +/* + * They haven't defined a proxy listener. Automatically + * add one for them, with the correct address family. + */ +static void create_default_proxy_listener(int af) +{ + uint16_t port = 0; + home_server_t home; + listen_socket_t *sock; + rad_listen_t *this; + + memset(&home, 0, sizeof(home)); + + /* + * Open a default UDP port + */ + home.proto = IPPROTO_UDP; + port = 0; + + /* + * Set the address family. + */ + home.src_ipaddr.af = af; + home.ipaddr.af = af; + + /* + * Get the correct listener. + */ + this = proxy_new_listener(proxy_ctx, &home, port); + if (!this) { + fr_exit_now(1); + } + + sock = this->data; + if (!fr_packet_list_socket_add(proxy_list, this->fd, + sock->proto, + &sock->other_ipaddr, sock->other_port, + this)) { + ERROR("Failed adding proxy socket"); + fr_exit_now(1); + } + + /* + * Insert the FD into list of FDs to listen on. + */ + radius_update_listener(this); +} + +/* + * See if we automatically need to open a proxy socket. + */ +static void check_proxy(rad_listen_t *head) +{ + bool defined_proxy; + bool has_v4, has_v6; + rad_listen_t *this; + + if (check_config) return; + if (!main_config.proxy_requests) return; + if (!head) return; + if (!home_servers_udp) return; + + /* + * We passed "-i" on the command line. Use that address + * family for the proxy socket. + */ + if (main_config.myip.af != AF_UNSPEC) { + create_default_proxy_listener(main_config.myip.af); + return; + } + + defined_proxy = has_v4 = has_v6 = false; + + /* + * Figure out if we need to open a proxy socket, and if + * so, which one. + */ + for (this = head; this != NULL; this = this->next) { + listen_socket_t *sock; + + switch (this->type) { + case RAD_LISTEN_PROXY: + defined_proxy = true; + break; + + case RAD_LISTEN_AUTH: +#ifdef WITH_ACCT + case RAD_LISTEN_ACCT: +#endif +#ifdef WITH_COA + case RAD_LISTEN_COA: +#endif + sock = this->data; + if (sock->my_ipaddr.af == AF_INET) has_v4 = true; + if (sock->my_ipaddr.af == AF_INET6) has_v6 = true; + break; + + default: + break; + } + } + + /* + * Assume they know what they're doing. + */ + if (defined_proxy) return; + + if (has_v4) create_default_proxy_listener(AF_INET); + + if (has_v6) create_default_proxy_listener(AF_INET6); +} +#endif int radius_event_start(CONF_SECTION *cs, bool have_children) { @@ -5302,6 +5416,10 @@ int radius_event_start(CONF_SECTION *cs, bool have_children) main_config.listen = head; +#ifdef WITH_PROXY + check_proxy(head); +#endif + /* * At this point, no one has any business *ever* going * back to root uid.