'radius' and 'auth radius' support added (not tested yet)

Example:
radius secret 192.168.0.1 192.168.0.2
authcache ip,user
auth cache radius

Makefile.watcom

@@ -8,7 +8,7 @@
 
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /c
+CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /c
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no 

Makefile.win

@@ -10,7 +10,7 @@
 
 BUILDDIR = ../bin/
 CC = gcc
-CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6
+CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6 -DNORADIUS
 COUT = -o 
 LN = gcc
 LDFLAGS = -O2 -s -mthreads

Makefile.winCE

@@ -10,7 +10,7 @@
 
 BUILDDIR = ../bin/
 CC = /opt/cegcc/arm-wince-cegcc/bin/gcc
-CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -D__USE_W32_SOCKETS
+CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -DNORADIUS -D__USE_W32_SOCKETS
 COUT = -o 
 LN = /opt/cegcc/arm-wince-cegcc/bin/gcc
 LDFLAGS = -O2 -s -mthreads

src/3proxy.c

@@ -519,7 +519,7 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
   pthread_mutex_init(&tc_mutex, NULL);
   pthread_mutex_init(&pwl_mutex, NULL);
   pthread_mutex_init(&log_mutex, NULL);
-#ifdef WITHRADIUS
+#ifndef NORADIUS
   pthread_mutex_init(&rad_mutex, NULL);
 #endif
 

src/Makefile.inc

@@ -118,6 +118,9 @@ srvdnspr$(OBJSUFFICS): dnspr.c proxy.h structures.h
 auth$(OBJSUFFICS): auth.c proxy.h structures.h
 	$(CC) $(COUT)auth$(OBJSUFFICS) $(CFLAGS) auth.c
 
+authradius$(OBJSUFFICS): authradius.c proxy.h structures.h
+	$(CC) $(COUT)authradius$(OBJSUFFICS) $(CFLAGS) authradius.c
+
 conf$(OBJSUFFICS): conf.c proxy.h structures.h
 	$(CC) $(COUT)conf$(OBJSUFFICS) $(CFLAGS) conf.c
 
@@ -155,8 +158,8 @@ ntlm$(OBJSUFFICS):  ntlm.c
 stringtable$(OBJSUFFICS):  stringtable.c
 	$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
 
-$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS)
+$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS)
-	$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE)  3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
+	$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE)  3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
 
 clean:
 	@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)

src/auth.c

@@ -641,7 +641,6 @@ struct authcache {
 	struct authcache *next;
 } *authc = NULL;
 
-
 int cacheauth(struct clientparam * param){
 	struct authcache *ac, *last=NULL;
 
@@ -850,6 +849,7 @@ int strongauth(struct clientparam * param){
 	return 5;
 }
 
+int radauth(struct clientparam * param);
 
 struct auth authfuncs[] = {
 	{authfuncs+1, NULL, NULL, ""},
@@ -858,8 +858,12 @@ struct auth authfuncs[] = {
 	{authfuncs+4, dnsauth, checkACL, "dnsname"},
 	{authfuncs+5, strongauth, checkACL, "strong"},
 	{authfuncs+6, cacheauth, checkACL, "cache"},
+#ifndef NORADIUS
+	{authfuncs+7, radauth, checkACL, "radius"},
+	{authfuncs+8, NULL, NULL, "none"},
+#else
 	{authfuncs+7, NULL, NULL, "none"},
-
+#endif
 	{NULL, NULL, NULL, ""}
 };
 

src/authradius.c

@@ -6,7 +6,7 @@
 
 */
 
-
+#ifndef NORADIUS
 #include "proxy.h"
 #include "libs/md5.h"
 
@@ -166,9 +166,12 @@ struct  sockaddr_in radiuslist[MAXRADIUS];
 struct  sockaddr_in6 radiuslist[MAXRADIUS];
 #endif
 
+static int ntry;
 int nradservers = 0;
 char * radiussecret = NULL;
 
+pthread_mutex_t rad_mutex;
+
 void md5_calc(unsigned char *output, unsigned char *input,
 		     unsigned int inputlen);
 
@@ -283,17 +286,17 @@ int rad_pwencode(char *passwd, int *pwlen, const char *secret, const char *vecto
 /*
  *	Create a random vector of AUTH_VECTOR_LEN bytes.
  */
-void random_vector(uint8_t *vector)
+void random_vector(uint8_t *vector, struct clientparam *param)
 {
 	int		i;
 	static int	did_random = 0;
 	static int	counter = 0;
 
-	pthread_mutex_lock(&rad_mutex);
 	if (!did_random) {
 
+		ntry = (int)basetime;
 		for (i = 0; i < (int)sizeof(random_vector_pool); i++) {
-			random_vector_pool[i] += myrand((void *) random_vector_pool+i, 1) & 0xff;
+			random_vector_pool[i] += myrand((void *) &param->msec_start, sizeof(param->msec_start)) & 0xff;
 		}
 		did_random = 1;
 
@@ -319,26 +322,11 @@ void random_vector(uint8_t *vector)
 	md5_calc((u_char *) vector,
 			(u_char *) random_vector_pool,
 			sizeof(random_vector_pool));
-	pthread_mutex_unlock(&rad_mutex);
 }
 
 
 static float timeout = 5;
 
-static int getport(const char *name)
-{
-	struct	servent		*svp;
-
-	svp = getservbyname (name, "udp");
-	if (!svp) {
-		return 0;
-	}
-
-	return ntohs(svp->s_port);
-}
-
-
-
 typedef struct radius_packet_t {
   uint8_t       code;
   uint8_t       id;
@@ -350,7 +338,7 @@ typedef struct radius_packet_t {
 
 
 char buf[256];
-extern int ntry;
+int ntry = 0;
 
 #define RETURN(xxx) { res = xxx; goto CLEANRET; }
 
@@ -385,9 +373,11 @@ int radauth(struct clientparam * param){
 
 	memset(&packet, 0, sizeof(packet));
 
-	random_vector(packet.vector);
+	pthread_mutex_lock(&rad_mutex);
+	random_vector(packet.vector, param);
 
-	id = (((int)getpid() + ntry) & 0xff);
+	id = ((ntry++) & 0xff);
+	pthread_mutex_unlock(&rad_mutex);
 
 	packet.code = PW_AUTHENTICATION_REQUEST;
 	packet.id=id;
@@ -493,19 +483,20 @@ int radauth(struct clientparam * param){
 	for (loop = 0; loop < nradservers && loop < MAXRADIUS; loop++) {
 
 		saremote = radiuslist[loop];
-#idef NOIPV6
+		*SAPORT(&saremote) = htons(1812);
-		if(SAFAMILY(&saremote)!= AF_INET)continue;
+#ifdef NOIPV6
+		if(*SAFAMILY(&saremote)!= AF_INET)continue;
 #else
-		if(SAFAMILY(&saremote)!= AF_INET && SAFAMILY(&saremote)!= AF_INET6)continue;
+		if(*SAFAMILY(&saremote)!= AF_INET && *SAFAMILY(&saremote)!= AF_INET6)continue;
 #endif
 		packet.id++;
 		if(sockfd >= 0) so._closesocket(sockfd);
-		if ((sockfd = so._socket(SASOCK(saremote), SOCK_DGRAM, 0)) < 0) {
+		if ((sockfd = so._socket(SASOCK(&saremote), SOCK_DGRAM, 0)) < 0) {
 		    return 4;
 		}
 
-		len = so._sendto(sockfd, &packet, ntohs(packet.length), 0,
+		len = so._sendto(sockfd, (char *)&packet, ntohs(packet.length), 0,
-		      (struct sockaddr *)&saremote, sizeof(saremote);
+		      (struct sockaddr *)&saremote, sizeof(saremote));
 		if(len != ntohs(packet.length)){
 			continue;
 		}
@@ -518,7 +509,7 @@ int radauth(struct clientparam * param){
 
 		salen = sizeof(saremote);
 				
-		data_len = so._recvfrom(sockfd, &rpacket, sizeof(packet)-16,
+		data_len = so._recvfrom(sockfd, (char *)&rpacket, sizeof(packet)-16,
 			0, (struct sockaddr *)&saremote, &salen);
 
 		if (data_len < 20) {
@@ -632,3 +623,4 @@ CLEANRET:
 	return res;
 }
 
+#endif

src/conf.c

@@ -1261,6 +1261,17 @@ static int h_delimchar(int argc, unsigned char **argv){
 	return 0;
 }
 
+static int h_radius(int argc, unsigned char **argv){
+	char * rs = radiussecret;
+	radiussecret = mystrdup(argv[1]);
+	nradservers = 0;
+	memset(radiuslist, 0, sizeof(radiuslist));
+	for( ; nradservers < MAXRADIUS && nradservers < argc -2; nradservers++){
+		if( !getip46(46, argv[nradservers + 2], (struct sockaddr *)&radiuslist[nradservers])) return 1;
+	}
+	return 0;
+}
+
 static int h_authcache(int argc, unsigned char **argv){
 	conf.authcachetype = 0;
 	if(strstr((char *) *(argv + 1), "ip")) conf.authcachetype |= 1;
@@ -1422,6 +1433,9 @@ struct commands commandhandlers[]={
 	{commandhandlers+58, "stacksize", h_stacksize, 2, 2},
 	{commandhandlers+59, "force", h_force, 1, 1},
 	{commandhandlers+60, "noforce", h_noforce, 1, 1},
+#ifndef NORADIUS
+	{commandhandlers+61, "radius", h_radius, 3, 0},
+#endif
 	{specificcommands, 	 "", h_noop, 1, 0}
 };
 

src/proxy.h

@@ -333,8 +333,8 @@ extern struct  sockaddr_in radiuslist[MAXRADIUS];
 extern struct  sockaddr_in6 radiuslist[MAXRADIUS];
 #endif
 
-extern int nradservers = 0;
+extern int nradservers;
-extern char * radiussecret = NULL;
+extern char * radiussecret;
 
 #ifdef _WINCE
 char * CEToUnicode (const char *str);