From e7433d633c1a566e86b1b00fdb883284509a45bb Mon Sep 17 00:00:00 2001 From: z3APA3A <3APA3A@3proxy.ru> Date: Tue, 20 Dec 2016 19:50:50 +0300 Subject: [PATCH] 'radius' and 'auth radius' support added (not tested yet) Example: radius secret 192.168.0.1 192.168.0.2 authcache ip,user auth cache radius --- Makefile.watcom | 2 +- Makefile.win | 2 +- Makefile.winCE | 2 +- src/3proxy.c | 2 +- src/Makefile.inc | 7 +++++-- src/auth.c | 8 ++++++-- src/authradius.c | 50 ++++++++++++++++++++---------------------------- src/conf.c | 14 ++++++++++++++ src/proxy.h | 4 ++-- 9 files changed, 52 insertions(+), 39 deletions(-) diff --git a/Makefile.watcom b/Makefile.watcom index c730892..ae5021c 100644 --- a/Makefile.watcom +++ b/Makefile.watcom @@ -8,7 +8,7 @@ BUILDDIR = ../bin/ CC = cl -CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /c +CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /c COUT = /Fo LN = link LDFLAGS = /nologo /subsystem:console /incremental:no diff --git a/Makefile.win b/Makefile.win index 19f6952..261833b 100644 --- a/Makefile.win +++ b/Makefile.win @@ -10,7 +10,7 @@ BUILDDIR = ../bin/ CC = gcc -CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6 +CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6 -DNORADIUS COUT = -o LN = gcc LDFLAGS = -O2 -s -mthreads diff --git a/Makefile.winCE b/Makefile.winCE index e08f1e0..865a2ec 100644 --- a/Makefile.winCE +++ b/Makefile.winCE @@ -10,7 +10,7 @@ BUILDDIR = ../bin/ CC = /opt/cegcc/arm-wince-cegcc/bin/gcc -CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -D__USE_W32_SOCKETS +CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -DNORADIUS -D__USE_W32_SOCKETS COUT = -o LN = /opt/cegcc/arm-wince-cegcc/bin/gcc LDFLAGS = -O2 -s -mthreads diff --git a/src/3proxy.c b/src/3proxy.c index 0807522..c46156b 100644 --- a/src/3proxy.c +++ b/src/3proxy.c @@ -519,7 +519,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int pthread_mutex_init(&tc_mutex, NULL); pthread_mutex_init(&pwl_mutex, NULL); pthread_mutex_init(&log_mutex, NULL); -#ifdef WITHRADIUS +#ifndef NORADIUS pthread_mutex_init(&rad_mutex, NULL); #endif diff --git a/src/Makefile.inc b/src/Makefile.inc index 69724fa..aba8ac3 100644 --- a/src/Makefile.inc +++ b/src/Makefile.inc @@ -118,6 +118,9 @@ srvdnspr$(OBJSUFFICS): dnspr.c proxy.h structures.h auth$(OBJSUFFICS): auth.c proxy.h structures.h $(CC) $(COUT)auth$(OBJSUFFICS) $(CFLAGS) auth.c +authradius$(OBJSUFFICS): authradius.c proxy.h structures.h + $(CC) $(COUT)authradius$(OBJSUFFICS) $(CFLAGS) authradius.c + conf$(OBJSUFFICS): conf.c proxy.h structures.h $(CC) $(COUT)conf$(OBJSUFFICS) $(CFLAGS) conf.c @@ -155,8 +158,8 @@ ntlm$(OBJSUFFICS): ntlm.c stringtable$(OBJSUFFICS): stringtable.c $(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c -$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) - $(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS) +$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) + $(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS) clean: @$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES) diff --git a/src/auth.c b/src/auth.c index ec58fff..ca1120b 100644 --- a/src/auth.c +++ b/src/auth.c @@ -641,7 +641,6 @@ struct authcache { struct authcache *next; } *authc = NULL; - int cacheauth(struct clientparam * param){ struct authcache *ac, *last=NULL; @@ -850,6 +849,7 @@ int strongauth(struct clientparam * param){ return 5; } +int radauth(struct clientparam * param); struct auth authfuncs[] = { {authfuncs+1, NULL, NULL, ""}, @@ -858,8 +858,12 @@ struct auth authfuncs[] = { {authfuncs+4, dnsauth, checkACL, "dnsname"}, {authfuncs+5, strongauth, checkACL, "strong"}, {authfuncs+6, cacheauth, checkACL, "cache"}, +#ifndef NORADIUS + {authfuncs+7, radauth, checkACL, "radius"}, + {authfuncs+8, NULL, NULL, "none"}, +#else {authfuncs+7, NULL, NULL, "none"}, - +#endif {NULL, NULL, NULL, ""} }; diff --git a/src/authradius.c b/src/authradius.c index 1390167..8a88364 100644 --- a/src/authradius.c +++ b/src/authradius.c @@ -6,7 +6,7 @@ */ - +#ifndef NORADIUS #include "proxy.h" #include "libs/md5.h" @@ -166,9 +166,12 @@ struct sockaddr_in radiuslist[MAXRADIUS]; struct sockaddr_in6 radiuslist[MAXRADIUS]; #endif +static int ntry; int nradservers = 0; char * radiussecret = NULL; +pthread_mutex_t rad_mutex; + void md5_calc(unsigned char *output, unsigned char *input, unsigned int inputlen); @@ -283,17 +286,17 @@ int rad_pwencode(char *passwd, int *pwlen, const char *secret, const char *vecto /* * Create a random vector of AUTH_VECTOR_LEN bytes. */ -void random_vector(uint8_t *vector) +void random_vector(uint8_t *vector, struct clientparam *param) { int i; static int did_random = 0; static int counter = 0; - pthread_mutex_lock(&rad_mutex); if (!did_random) { + ntry = (int)basetime; for (i = 0; i < (int)sizeof(random_vector_pool); i++) { - random_vector_pool[i] += myrand((void *) random_vector_pool+i, 1) & 0xff; + random_vector_pool[i] += myrand((void *) ¶m->msec_start, sizeof(param->msec_start)) & 0xff; } did_random = 1; @@ -319,26 +322,11 @@ void random_vector(uint8_t *vector) md5_calc((u_char *) vector, (u_char *) random_vector_pool, sizeof(random_vector_pool)); - pthread_mutex_unlock(&rad_mutex); } static float timeout = 5; -static int getport(const char *name) -{ - struct servent *svp; - - svp = getservbyname (name, "udp"); - if (!svp) { - return 0; - } - - return ntohs(svp->s_port); -} - - - typedef struct radius_packet_t { uint8_t code; uint8_t id; @@ -350,7 +338,7 @@ typedef struct radius_packet_t { char buf[256]; -extern int ntry; +int ntry = 0; #define RETURN(xxx) { res = xxx; goto CLEANRET; } @@ -385,9 +373,11 @@ int radauth(struct clientparam * param){ memset(&packet, 0, sizeof(packet)); - random_vector(packet.vector); + pthread_mutex_lock(&rad_mutex); + random_vector(packet.vector, param); - id = (((int)getpid() + ntry) & 0xff); + id = ((ntry++) & 0xff); + pthread_mutex_unlock(&rad_mutex); packet.code = PW_AUTHENTICATION_REQUEST; packet.id=id; @@ -493,19 +483,20 @@ int radauth(struct clientparam * param){ for (loop = 0; loop < nradservers && loop < MAXRADIUS; loop++) { saremote = radiuslist[loop]; -#idef NOIPV6 - if(SAFAMILY(&saremote)!= AF_INET)continue; + *SAPORT(&saremote) = htons(1812); +#ifdef NOIPV6 + if(*SAFAMILY(&saremote)!= AF_INET)continue; #else - if(SAFAMILY(&saremote)!= AF_INET && SAFAMILY(&saremote)!= AF_INET6)continue; + if(*SAFAMILY(&saremote)!= AF_INET && *SAFAMILY(&saremote)!= AF_INET6)continue; #endif packet.id++; if(sockfd >= 0) so._closesocket(sockfd); - if ((sockfd = so._socket(SASOCK(saremote), SOCK_DGRAM, 0)) < 0) { + if ((sockfd = so._socket(SASOCK(&saremote), SOCK_DGRAM, 0)) < 0) { return 4; } - len = so._sendto(sockfd, &packet, ntohs(packet.length), 0, - (struct sockaddr *)&saremote, sizeof(saremote); + len = so._sendto(sockfd, (char *)&packet, ntohs(packet.length), 0, + (struct sockaddr *)&saremote, sizeof(saremote)); if(len != ntohs(packet.length)){ continue; } @@ -518,7 +509,7 @@ int radauth(struct clientparam * param){ salen = sizeof(saremote); - data_len = so._recvfrom(sockfd, &rpacket, sizeof(packet)-16, + data_len = so._recvfrom(sockfd, (char *)&rpacket, sizeof(packet)-16, 0, (struct sockaddr *)&saremote, &salen); if (data_len < 20) { @@ -632,3 +623,4 @@ CLEANRET: return res; } +#endif \ No newline at end of file diff --git a/src/conf.c b/src/conf.c index bdde476..1108d22 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1261,6 +1261,17 @@ static int h_delimchar(int argc, unsigned char **argv){ return 0; } +static int h_radius(int argc, unsigned char **argv){ + char * rs = radiussecret; + radiussecret = mystrdup(argv[1]); + nradservers = 0; + memset(radiuslist, 0, sizeof(radiuslist)); + for( ; nradservers < MAXRADIUS && nradservers < argc -2; nradservers++){ + if( !getip46(46, argv[nradservers + 2], (struct sockaddr *)&radiuslist[nradservers])) return 1; + } + return 0; +} + static int h_authcache(int argc, unsigned char **argv){ conf.authcachetype = 0; if(strstr((char *) *(argv + 1), "ip")) conf.authcachetype |= 1; @@ -1422,6 +1433,9 @@ struct commands commandhandlers[]={ {commandhandlers+58, "stacksize", h_stacksize, 2, 2}, {commandhandlers+59, "force", h_force, 1, 1}, {commandhandlers+60, "noforce", h_noforce, 1, 1}, +#ifndef NORADIUS + {commandhandlers+61, "radius", h_radius, 3, 0}, +#endif {specificcommands, "", h_noop, 1, 0} }; diff --git a/src/proxy.h b/src/proxy.h index 227e009..3cc75d3 100644 --- a/src/proxy.h +++ b/src/proxy.h @@ -333,8 +333,8 @@ extern struct sockaddr_in radiuslist[MAXRADIUS]; extern struct sockaddr_in6 radiuslist[MAXRADIUS]; #endif -extern int nradservers = 0; -extern char * radiussecret = NULL; +extern int nradservers; +extern char * radiussecret; #ifdef _WINCE char * CEToUnicode (const char *str);