1 /*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17 /**
18 * $Id: 98e36339065893caa4be4168f4355a40aa9421f4 $
19 *
20 * @file process.c
21 * @brief Defines the state machines that control how requests are processed.
22 *
23 * @copyright 2012 The FreeRADIUS server project
24 * @copyright 2012 Alan DeKok <aland@deployingradius.com>
25 */
26
27 RCSID("$Id: 98e36339065893caa4be4168f4355a40aa9421f4 $")
28
29 #include <freeradius-devel/radiusd.h>
30 #include <freeradius-devel/process.h>
31 #include <freeradius-devel/modules.h>
32 #include <freeradius-devel/state.h>
33
34 #include <freeradius-devel/rad_assert.h>
35
36 #ifdef WITH_DETAIL
37 #include <freeradius-devel/detail.h>
38 #endif
39
40 #include <signal.h>
41 #include <fcntl.h>
42
43 #ifdef HAVE_SYS_WAIT_H
44 # include <sys/wait.h>
45 #endif
46
47 #ifdef HAVE_SYSTEMD_WATCHDOG
48 # include <systemd/sd-daemon.h>
49 #endif
50
51 extern pid_t radius_pid;
52 extern fr_cond_t *debug_condition;
53
54 #ifdef HAVE_SYSTEMD_WATCHDOG
55 struct timeval sd_watchdog_interval;
56 static fr_event_t *sd_watchdog_ev;
57 #endif
58
59 static bool spawn_flag = false;
60 static bool just_started = true;
61 time_t fr_start_time = (time_t)-1;
62 static rbtree_t *pl = NULL;
63 static fr_event_list_t *el = NULL;
64
radius_event_list_corral(UNUSED event_corral_t hint)65 fr_event_list_t *radius_event_list_corral(UNUSED event_corral_t hint) {
66 /* Currently we do not run a second event loop for modules. */
67 return el;
68 }
69
70 static char const *action_codes[] = {
71 "INVALID",
72 "run",
73 "done",
74 "dup",
75 "timer",
76 #ifdef WITH_PROXY
77 "proxy-reply"
78 #endif
79 };
80
81 #ifdef DEBUG_STATE_MACHINE
82 # define TRACE_STATE_MACHINE \
83 if (rad_debug_lvl) do { \
84 struct timeval debug_tv; \
85 gettimeofday(&debug_tv, NULL); \
86 debug_tv.tv_sec -= fr_start_time; \
87 printf("(%u) %d.%06d ********\tSTATE %s action %s live M-%s C-%s\t********\n",\
88 request->number, (int) debug_tv.tv_sec, (int) debug_tv.tv_usec, \
89 __FUNCTION__, action_codes[action], master_state_names[request->master_state], \
90 child_state_names[request->child_state]); \
91 } while (0)
92
93 static char const *master_state_names[REQUEST_MASTER_NUM_STATES] = {
94 "?",
95 "active",
96 "stop-processing",
97 "counted"
98 };
99
100 static char const *child_state_names[REQUEST_CHILD_NUM_STATES] = {
101 "?",
102 "queued",
103 "running",
104 "proxied",
105 "reject-delay",
106 "cleanup-delay",
107 "done"
108 };
109
110 #else
111 # define TRACE_STATE_MACHINE {}
112 #endif
113
_rad_panic(char const * file,unsigned int line,char const * msg)114 static NEVER_RETURNS void _rad_panic(char const *file, unsigned int line, char const *msg)
115 {
116 ERROR("%s[%u]: %s", file, line, msg);
117 fr_exit_now(1);
118 }
119
120 #define rad_panic(x) _rad_panic(__FILE__, __LINE__, x)
121
122 /** Declare a state in the state machine
123 *
124 * Expands to the start of a function definition for a given state.
125 *
126 * @param _x the name of the state.
127 */
128 #define STATE_MACHINE_DECL(_x) static void _x(REQUEST *request, int action)
129
130 static void request_timer(void *ctx);
131
132 /** Insert #REQUEST back into the event heap, to continue executing at a future time
133 *
134 * @param file the state machine timer call occurred in.
135 * @param line the state machine timer call occurred on.
136 * @param request to set add the timer event for.
137 * @param when the event should fine.
138 * @param action to perform when we resume processing the request.
139 */
state_machine_timer(char const * file,int line,REQUEST * request,struct timeval * when,fr_state_action_t action)140 static inline void state_machine_timer(char const *file, int line, REQUEST *request,
141 struct timeval *when, fr_state_action_t action)
142 {
143 request->timer_action = action;
144 if (!fr_event_insert(el, request_timer, request, when, &request->ev)) {
145 _rad_panic(file, line, "Failed to insert event");
146 }
147 }
148
149 /** @copybrief state_machine_timer
150 *
151 * @param _x the action to perform when we resume processing the request.
152 */
153 #define STATE_MACHINE_TIMER(_x) state_machine_timer(__FILE__, __LINE__, request, &when, _x)
154
155 /*
156 * We need a different VERIFY_REQUEST macro in process.c
157 * To avoid the race conditions with the master thread
158 * checking the REQUEST whilst it's being worked on by
159 * the child.
160 */
161 #if defined(WITH_VERIFY_PTR) && defined(HAVE_PTHREAD_H)
162 # undef VERIFY_REQUEST
163 # define VERIFY_REQUEST(_x) if (pthread_equal(pthread_self(), _x->child_pid) != 0) verify_request(__FILE__, __LINE__, _x)
164 #endif
165
166 /**
167 * @section request_timeline
168 *
169 * Time sequence of a request
170 * @code
171 *
172 * RQ-----------------P=============================Y-J-C
173 * ::::::::::::::::::::::::::::::::::::::::::::::::::::::::M
174 * @endcode
175 *
176 * - R: received. Duplicate detection is done, and request is
177 * cached.
178 *
179 * - Q: Request is placed onto a queue for child threads to pick up.
180 * If there are no child threads, the request goes immediately
181 * to P.
182 *
183 * - P: Processing the request through the modules.
184 *
185 * - Y: Reply is ready. Rejects MAY be delayed here. All other
186 * replies are sent immediately.
187 *
188 * - J: Reject is sent "response_delay" after the reply is ready.
189 *
190 * - C: For Access-Requests, After "cleanup_delay", the request is
191 * deleted. Accounting-Request packets go directly from Y to C.
192 *
193 * - M: Max request time. If the request hits this timer, it is
194 * forcibly stopped.
195 *
196 * Other considerations include duplicate and conflicting
197 * packets. When a dupicate packet is received, it is ignored
198 * until we've reached Y, as no response is ready. If the reply
199 * is a reject, duplicates are ignored until J, when we're ready
200 * to send the reply. In between the reply being sent (Y or J),
201 * and C, the server responds to duplicates by sending the cached
202 * reply.
203 *
204 * Conflicting packets are sent in 2 situations.
205 *
206 * The first is in between R and Y. In that case, we consider
207 * it as a hint that we're taking too long, and the NAS has given
208 * up on the request. We then behave just as if the M timer was
209 * reached, and we discard the current request. This allows us
210 * to process the new one.
211 *
212 * The second case is when we're at Y, but we haven't yet
213 * finished processing the request. This is a race condition in
214 * the threading code (avoiding locks is faster). It means that
215 * a thread has actually encoded and sent the reply, and that the
216 * NAS has responded with a new packet. The server can then
217 * safely mark the current request as "OK to delete", and behaves
218 * just as if the M timer was reached. This usually happens only
219 * in high-load situations.
220 *
221 * Duplicate packets are sent when the NAS thinks we're taking
222 * too long, and wants a reply. From R-Y, duplicates are
223 * ignored. From Y-J (for Access-Rejects), duplicates are also
224 * ignored. From Y-C, duplicates get a duplicate reply. *And*,
225 * they cause the "cleanup_delay" time to be extended. This
226 * extension means that we're more likely to send a duplicate
227 * reply (if we have one), or to suppress processing the packet
228 * twice if we didn't reply to it.
229 *
230 * All functions in this file should be thread-safe, and should
231 * assume thet the REQUEST structure is being accessed
232 * simultaneously by the main thread, and by the child worker
233 * threads. This means that timers, etc. cannot be updated in
234 * the child thread.
235 *
236 * Instead, the master thread periodically calls request->process
237 * with action TIMER. It's up to the individual functions to
238 * determine how to handle that. They need to check if they're
239 * being called from a child thread or the master, and then do
240 * different things based on that.
241 */
242 #ifdef WITH_PROXY
243 static fr_packet_list_t *proxy_list = NULL;
244 static TALLOC_CTX *proxy_ctx = NULL;
245 #endif
246
247 #ifdef HAVE_PTHREAD_H
248 # ifdef WITH_PROXY
249 static pthread_mutex_t proxy_mutex;
250 static bool proxy_no_new_sockets = false;
251 # endif
252
253 # define PTHREAD_MUTEX_LOCK if (spawn_flag) pthread_mutex_lock
254 # define PTHREAD_MUTEX_UNLOCK if (spawn_flag) pthread_mutex_unlock
255
256 static pthread_t NO_SUCH_CHILD_PID;
257 # define NO_CHILD_THREAD request->child_pid = NO_SUCH_CHILD_PID
258
259 #else
260 /*
261 * This is easier than ifdef's throughout the code.
262 */
263 # define PTHREAD_MUTEX_LOCK(_x)
264 # define PTHREAD_MUTEX_UNLOCK(_x)
265 # define NO_CHILD_THREAD
266 #endif
267
268 #ifdef HAVE_PTHREAD_H
we_are_master(void)269 static bool we_are_master(void)
270 {
271 if (spawn_flag &&
272 (pthread_equal(pthread_self(), NO_SUCH_CHILD_PID) == 0)) {
273 return false;
274 }
275
276 return true;
277 }
278
279 /*
280 * Assertions are debug checks.
281 */
282 # ifndef NDEBUG
283 # define ASSERT_MASTER if (!we_are_master()) rad_panic("We are not master")
284 # endif
285 #else
286
287 /*
288 * No threads: we're always master.
289 */
290 # define we_are_master(_x) (1)
291 #endif /* HAVE_PTHREAD_H */
292
293 #ifndef ASSERT_MASTER
294 # define ASSERT_MASTER
295 #endif
296
297 /*
298 * Make state transitions simpler.
299 */
300 #define FINAL_STATE(_x) NO_CHILD_THREAD; request->component = "<" #_x ">"; request->module = ""; request->child_state = _x
301
302
303 static void event_new_fd(rad_listen_t *this);
304
305 /*
306 * We need mutexes around the event FD list *only* in certain
307 * cases.
308 */
309 #if defined (HAVE_PTHREAD_H) && (defined(WITH_PROXY) || defined(WITH_TCP))
310 static rad_listen_t *new_listeners = NULL;
311
312 static pthread_mutex_t fd_mutex;
313 # define FD_MUTEX_LOCK if (spawn_flag) pthread_mutex_lock
314 # define FD_MUTEX_UNLOCK if (spawn_flag) pthread_mutex_unlock
315
radius_update_listener(rad_listen_t * this)316 void radius_update_listener(rad_listen_t *this)
317 {
318 /*
319 * Just do it ourselves.
320 */
321 if (we_are_master()) {
322 event_new_fd(this);
323 return;
324 }
325
326 FD_MUTEX_LOCK(&fd_mutex);
327
328 /*
329 * If it's already in the list, don't add it again.
330 */
331 if (this->next) {
332 FD_MUTEX_UNLOCK(&fd_mutex);
333 return;
334 }
335
336 /*
337 * Otherwise, add it to the list
338 */
339 this->next = new_listeners;
340 new_listeners = this;
341 FD_MUTEX_UNLOCK(&fd_mutex);
342 radius_signal_self(RADIUS_SIGNAL_SELF_NEW_FD);
343 }
344 #else
radius_update_listener(rad_listen_t * this)345 void radius_update_listener(rad_listen_t *this)
346 {
347 /*
348 * No threads. Just insert it.
349 */
350 event_new_fd(this);
351 }
352 /*
353 * This is easier than ifdef's throughout the code.
354 */
355 # define FD_MUTEX_LOCK(_x)
356 # define FD_MUTEX_UNLOCK(_x)
357 #endif
358
359 /*
360 * Emit a systemd watchdog notification and reschedule the event.
361 */
362 #ifdef HAVE_SYSTEMD_WATCHDOG
363 typedef struct {
364 fr_event_list_t *el;
365 struct timeval when;
366 } sd_watchdog_data_t;
367
368 static sd_watchdog_data_t sdwd;
369
sd_watchdog_event(void * ctx)370 static void sd_watchdog_event(void *ctx)
371 {
372 sd_watchdog_data_t *s = (sd_watchdog_data_t *)ctx;
373
374 DEBUG("Emitting systemd watchdog notification");
375 sd_notify(0, "WATCHDOG=1");
376
377 timeradd(&s->when, &sd_watchdog_interval, &s->when);
378 if (!fr_event_insert(s->el, sd_watchdog_event, ctx, &s->when, &sd_watchdog_ev)) {
379 rad_panic("Failed to insert event");
380 }
381 }
382 #endif
383
384 static int request_num_counter = 1;
385 #ifdef WITH_PROXY
386 static int request_will_proxy(REQUEST *request) CC_HINT(nonnull);
387 static int request_proxy(REQUEST *request) CC_HINT(nonnull);
388 STATE_MACHINE_DECL(request_ping) CC_HINT(nonnull);
389
390 STATE_MACHINE_DECL(request_response_delay) CC_HINT(nonnull);
391 STATE_MACHINE_DECL(request_cleanup_delay) CC_HINT(nonnull);
392 STATE_MACHINE_DECL(request_running) CC_HINT(nonnull);
393 STATE_MACHINE_DECL(request_done) CC_HINT(nonnull);
394
395 STATE_MACHINE_DECL(proxy_no_reply) CC_HINT(nonnull);
396 STATE_MACHINE_DECL(proxy_running) CC_HINT(nonnull);
397 STATE_MACHINE_DECL(proxy_wait_for_reply) CC_HINT(nonnull);
398
399 static int process_proxy_reply(REQUEST *request, RADIUS_PACKET *reply) CC_HINT(nonnull (1));
400 static void remove_from_proxy_hash(REQUEST *request) CC_HINT(nonnull);
401 static void remove_from_proxy_hash_nl(REQUEST *request, bool yank) CC_HINT(nonnull);
402 static int insert_into_proxy_hash(REQUEST *request) CC_HINT(nonnull);
403 static int setup_post_proxy_fail(REQUEST *request);
404 #endif
405
406 static REQUEST *request_setup(TALLOC_CTX *ctx, rad_listen_t *listener, RADIUS_PACKET *packet,
407 RADCLIENT *client, RAD_REQUEST_FUNP fun);
408 static int request_pre_handler(REQUEST *request, UNUSED int action) CC_HINT(nonnull);
409
410 #ifdef WITH_COA
411 static void request_coa_originate(REQUEST *request) CC_HINT(nonnull);
412 STATE_MACHINE_DECL(coa_wait_for_reply) CC_HINT(nonnull);
413 STATE_MACHINE_DECL(coa_no_reply) CC_HINT(nonnull);
414 STATE_MACHINE_DECL(coa_running) CC_HINT(nonnull);
415 static void coa_separate(REQUEST *request, bool retransmit) CC_HINT(nonnull);
416 # define COA_SEPARATE if (request->coa) coa_separate(request->coa, true);
417 #else
418 # define COA_SEPARATE
419 #endif
420
421 #define CHECK_FOR_STOP do { if (request->master_state == REQUEST_STOP_PROCESSING) {request_done(request, FR_ACTION_CANCELLED);return;}} while (0)
422
423 #undef USEC
424 #define USEC (1000000)
425
426 #define INSERT_EVENT(_function, _ctx) if (!fr_event_insert(el, _function, _ctx, &((_ctx)->when), &((_ctx)->ev))) { _rad_panic(__FILE__, __LINE__, "Failed to insert event"); }
427
tv_add(struct timeval * tv,int usec_delay)428 static void tv_add(struct timeval *tv, int usec_delay)
429 {
430 if (usec_delay >= USEC) {
431 tv->tv_sec += usec_delay / USEC;
432 usec_delay %= USEC;
433 }
434 tv->tv_usec += usec_delay;
435
436 if (tv->tv_usec >= USEC) {
437 tv->tv_sec += tv->tv_usec / USEC;
438 tv->tv_usec %= USEC;
439 }
440 }
441
442 /*
443 * Debug the packet if requested.
444 */
debug_packet(REQUEST * request,RADIUS_PACKET * packet,bool received)445 static void debug_packet(REQUEST *request, RADIUS_PACKET *packet, bool received)
446 {
447 char src_ipaddr[128];
448 char dst_ipaddr[128];
449
450 if (!packet) return;
451 if (!RDEBUG_ENABLED) return;
452
453 #ifdef WITH_DETAIL
454 /*
455 * Don't print IP addresses for detail files.
456 */
457 if (request->listener &&
458 (request->listener->type == RAD_LISTEN_DETAIL)) return;
459
460 #endif
461 /*
462 * Client-specific debugging re-prints the input
463 * packet into the client log.
464 *
465 * This really belongs in a utility library
466 */
467 if (is_radius_code(packet->code)) {
468 RDEBUG("%s %s Id %u from %s%s%s:%i to %s%s%s:%i length %zu",
469 received ? "Received" : "Sent",
470 fr_packet_codes[packet->code],
471 packet->id,
472 packet->src_ipaddr.af == AF_INET6 ? "[" : "",
473 inet_ntop(packet->src_ipaddr.af,
474 &packet->src_ipaddr.ipaddr,
475 src_ipaddr, sizeof(src_ipaddr)),
476 packet->src_ipaddr.af == AF_INET6 ? "]" : "",
477 packet->src_port,
478 packet->dst_ipaddr.af == AF_INET6 ? "[" : "",
479 inet_ntop(packet->dst_ipaddr.af,
480 &packet->dst_ipaddr.ipaddr,
481 dst_ipaddr, sizeof(dst_ipaddr)),
482 packet->dst_ipaddr.af == AF_INET6 ? "]" : "",
483 packet->dst_port,
484 packet->data_len);
485 } else {
486 RDEBUG("%s code %u Id %u from %s%s%s:%i to %s%s%s:%i length %zu\n",
487 received ? "Received" : "Sent",
488 packet->code,
489 packet->id,
490 packet->src_ipaddr.af == AF_INET6 ? "[" : "",
491 inet_ntop(packet->src_ipaddr.af,
492 &packet->src_ipaddr.ipaddr,
493 src_ipaddr, sizeof(src_ipaddr)),
494 packet->src_ipaddr.af == AF_INET6 ? "]" : "",
495 packet->src_port,
496 packet->dst_ipaddr.af == AF_INET6 ? "[" : "",
497 inet_ntop(packet->dst_ipaddr.af,
498 &packet->dst_ipaddr.ipaddr,
499 dst_ipaddr, sizeof(dst_ipaddr)),
500 packet->dst_ipaddr.af == AF_INET6 ? "]" : "",
501 packet->dst_port,
502 packet->data_len);
503 }
504
505 if (received) {
506 rdebug_pair_list(L_DBG_LVL_1, request, packet->vps, NULL);
507 } else {
508 rdebug_proto_pair_list(L_DBG_LVL_1, request, packet->vps);
509 }
510 }
511
512
513 /***********************************************************************
514 *
515 * Start of RADIUS server state machine.
516 *
517 ***********************************************************************/
518
request_response_window(REQUEST * request)519 static struct timeval *request_response_window(REQUEST *request)
520 {
521 VERIFY_REQUEST(request);
522
523 rad_assert(request->home_server != NULL);
524
525 if (request->client) {
526 /*
527 * The client hasn't set the response window. Return
528 * either the home server one, if set, or the global one.
529 */
530 if (!timerisset(&request->client->response_window)) {
531 return &request->home_server->response_window;
532 }
533
534 if (timercmp(&request->client->response_window,
535 &request->home_server->response_window, <)) {
536 return &request->client->response_window;
537 }
538 }
539
540 return &request->home_server->response_window;
541 }
542
543 /*
544 * Determine initial request processing delay.
545 */
request_init_delay(REQUEST * request)546 static int request_init_delay(REQUEST *request)
547 {
548 struct timeval half_response_window;
549
550 VERIFY_REQUEST(request);
551
552 /* Allow client response window to lower initial delay */
553 if (timerisset(&request->client->response_window)) {
554 half_response_window.tv_sec = request->client->response_window.tv_sec >> 1;
555 half_response_window.tv_usec =
556 ((request->client->response_window.tv_sec & 1) * USEC +
557 request->client->response_window.tv_usec) >> 1;
558 if (timercmp(&half_response_window, &request->root->init_delay, <))
559 return (int)half_response_window.tv_sec * USEC +
560 (int)half_response_window.tv_usec;
561 }
562
563 return (int)request->root->init_delay.tv_sec * USEC +
564 (int)request->root->init_delay.tv_usec;
565 }
566
567 /*
568 * Callback for ALL timer events related to the request.
569 */
request_timer(void * ctx)570 static void request_timer(void *ctx)
571 {
572 REQUEST *request = talloc_get_type_abort(ctx, REQUEST);
573 int action;
574
575 action = request->timer_action;
576
577 TRACE_STATE_MACHINE;
578
579 request->process(request, action);
580 }
581
582 /*
583 * Wrapper for talloc pools. If there's no parent, just free the
584 * request. If there is a parent, free the parent INSTEAD of the
585 * request.
586 */
request_free(REQUEST * request)587 static void request_free(REQUEST *request)
588 {
589 void *ptr;
590
591 rad_assert(request->ev == NULL);
592 rad_assert(!request->in_request_hash);
593 rad_assert(!request->in_proxy_hash);
594
595 if ((request->options & RAD_REQUEST_OPTION_CTX) == 0) {
596 talloc_free(request);
597 return;
598 }
599
600 ptr = talloc_parent(request);
601 rad_assert(ptr != NULL);
602 talloc_free(ptr);
603 }
604
605
606 #ifdef WITH_PROXY
proxy_reply_too_late(REQUEST * request)607 static void proxy_reply_too_late(REQUEST *request)
608 {
609 char buffer[128];
610
611 RDEBUG2("Reply from home server %s port %d - ID: %d arrived too late. Try increasing 'retry_delay' or 'max_request_time'",
612 inet_ntop(request->proxy->dst_ipaddr.af,
613 &request->proxy->dst_ipaddr.ipaddr,
614 buffer, sizeof(buffer)),
615 request->proxy->dst_port, request->proxy->id);
616 }
617 #endif
618
619
620 /** Mark a request DONE and clean it up.
621 *
622 * When a request is DONE, it can have ties to a number of other
623 * portions of the server. The request hash, proxy hash, events,
624 * child threads, etc. This function takes care of either cleaning
625 * up the request, or managing the timers to wait for the ties to be
626 * removed.
627 *
628 * \dot
629 * digraph done {
630 * stopped -> done
631 * done -> done [ label = "still running" ];
632 * }
633 * \enddot
634 */
request_done(REQUEST * request,int action)635 static void request_done(REQUEST *request, int action)
636 {
637 struct timeval now, when;
638
639 VERIFY_REQUEST(request);
640
641 TRACE_STATE_MACHINE;
642
643 /*
644 * Force this no matter what.
645 */
646 request->process = request_done;
647
648 #ifdef WITH_DETAIL
649 /*
650 * Tell the detail listener that we're done.
651 */
652 if (request->listener &&
653 (request->listener->type == RAD_LISTEN_DETAIL) &&
654 (request->simul_max != 1)) {
655 request->simul_max = 1;
656 request->listener->send(request->listener,
657 request);
658 }
659 #endif
660
661 #ifdef HAVE_PTHREAD_H
662 /*
663 * If called from a child thread, mark ourselves as done,
664 * and wait for the master thread timer to clean us up.
665 */
666 if (!we_are_master()) {
667 FINAL_STATE(REQUEST_DONE);
668 return;
669 }
670 #endif
671
672 /*
673 * Mark the request as STOP.
674 */
675 request->master_state = REQUEST_STOP_PROCESSING;
676
677 #ifdef WITH_PROXY
678 /*
679 * Walk through the server pool to see if we need to mark
680 * connections as dead.
681 */
682 if (request->home_pool) {
683 fr_event_now(el, &now);
684 if (request->home_pool->last_serviced < now.tv_sec) {
685 int i;
686
687 request->home_pool->last_serviced = now.tv_sec;
688
689 for (i = 0; i < request->home_pool->num_home_servers; i++) {
690 home_server_t *home = request->home_pool->servers[i];
691
692 if (home->state == HOME_STATE_CONNECTION_FAIL) {
693 mark_home_server_dead(home, &now, false);
694 }
695 }
696 }
697 }
698 #endif
699
700 /*
701 * If it was administratively canceled, then it's done.
702 */
703 if (action == FR_ACTION_CANCELLED) {
704 action = FR_ACTION_DONE;
705
706 #ifdef WITH_COA
707 /*
708 * Don't touch request->coa, it's in the middle
709 * of being processed...
710 */
711 } else {
712 /*
713 * Move the CoA request to its own handler, but
714 * only if the request finished normally, and was
715 * not administratively canceled.
716 */
717 if (request->coa) {
718 coa_separate(request->coa, true);
719 } else if (request->parent && (request->parent->coa == request)) {
720 coa_separate(request, true);
721 }
722 #endif
723 }
724
725 /*
726 * It doesn't hurt to send duplicate replies. All other
727 * signals are ignored, as the request will be cleaned up
728 * soon anyways.
729 */
730 switch (action) {
731 case FR_ACTION_DUP:
732 #ifdef WITH_DETAIL
733 rad_assert(request->listener != NULL);
734 #endif
735 if (request->reply->code != 0) {
736 request->listener->send(request->listener, request);
737 return;
738 } else {
739 RDEBUG("No reply. Ignoring retransmit");
740 }
741 break;
742
743 /*
744 * Mark the request as done.
745 */
746 case FR_ACTION_DONE:
747 #ifdef HAVE_PTHREAD_H
748 /*
749 * If the child is still running, leave it alone.
750 */
751 if (spawn_flag && (request->child_state <= REQUEST_RUNNING)) {
752 break;
753 }
754 #endif
755
756 #ifdef DEBUG_STATE_MACHINE
757 if (rad_debug_lvl) printf("(%u) ********\tSTATE %s C-%s -> C-%s\t********\n",
758 request->number, __FUNCTION__,
759 child_state_names[request->child_state],
760 child_state_names[REQUEST_DONE]);
761 #endif
762 request->child_state = REQUEST_DONE;
763 break;
764
765 /*
766 * Called when the child is taking too long to
767 * finish. We've already marked it "please
768 * stop", so we don't complain any more.
769 */
770 case FR_ACTION_TIMER:
771 break;
772
773 #ifdef WITH_PROXY
774 case FR_ACTION_PROXY_REPLY:
775 proxy_reply_too_late(request);
776 break;
777 #endif
778
779 default:
780 break;
781 }
782
783 /*
784 * Remove it from the request hash.
785 */
786 if (request->in_request_hash) {
787 if (!rbtree_deletebydata(pl, &request->packet)) {
788 rad_assert(0 == 1);
789 }
790 request->in_request_hash = false;
791 }
792
793 #ifdef WITH_PROXY
794 /*
795 * Wait for the proxy ID to expire. This allows us to
796 * avoid re-use of proxy IDs for a while.
797 */
798 if (request->in_proxy_hash) {
799 rad_assert(request->proxy != NULL);
800
801 fr_event_now(el, &now);
802 when = request->proxy->timestamp;
803
804 #ifdef WITH_COA
805 if (((request->proxy->code == PW_CODE_COA_REQUEST) ||
806 (request->proxy->code == PW_CODE_DISCONNECT_REQUEST)) &&
807 (request->packet->code != request->proxy->code)) {
808 when.tv_sec += request->home_server->coa_mrd;
809 } else
810 #endif
811 timeradd(&when, request_response_window(request), &when);
812
813 /*
814 * We haven't received all responses, AND there's still
815 * time to wait. Do so.
816 */
817 if ((request->num_proxied_requests > request->num_proxied_responses) &&
818 #ifdef WITH_TCP
819 (request->home_server->proto != IPPROTO_TCP) &&
820 #endif
821 timercmp(&now, &when, <)) {
822 RDEBUG("Waiting for more responses from the home server");
823 goto wait_some_more;
824 }
825
826 /*
827 * Time to remove it.
828 */
829 remove_from_proxy_hash(request);
830 }
831 #endif
832
833 #ifdef HAVE_PTHREAD_H
834 /*
835 * If there's no children, we can mark the request as done.
836 */
837 if (!spawn_flag) request->child_state = REQUEST_DONE;
838 #endif
839
840 /*
841 * If the child is still running, wait for it to be finished.
842 */
843 if (request->child_state <= REQUEST_RUNNING) {
844 gettimeofday(&now, NULL);
845 #ifdef WITH_PROXY
846 wait_some_more:
847 #endif
848 when = now;
849 if (request->delay < (USEC / 3)) request->delay = USEC / 3;
850 tv_add(&when, request->delay);
851 request->delay += request->delay >> 1;
852 if (request->delay > (10 * USEC)) request->delay = 10 * USEC;
853
854 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
855 return;
856 }
857
858 #ifdef HAVE_PTHREAD_H
859 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
860 #endif
861
862 #ifdef WITH_COA
863 /*
864 * Now that the child is done, free the CoA packet. If
865 * the CoA is running, it's already been separated.
866 */
867 if (request->coa) TALLOC_FREE(request->coa);
868 #endif
869
870
871 /*
872 * @todo: do final states for TCP sockets, too?
873 */
874 request_stats_final(request);
875 #ifdef WITH_TCP
876 if (request->listener) {
877 request->listener->count--;
878
879 /*
880 * If we're the last one, remove the listener now.
881 */
882 if ((request->listener->count == 0) &&
883 (request->listener->status >= RAD_LISTEN_STATUS_FROZEN)) {
884 event_new_fd(request->listener);
885 }
886 }
887 #endif
888
889 if (request->packet) {
890 RDEBUG2("Cleaning up request packet ID %u with timestamp +%d",
891 request->packet->id,
892 (unsigned int) (request->timestamp - fr_start_time));
893 } /* else don't print anything */
894
895 ASSERT_MASTER;
896 fr_event_delete(el, &request->ev);
897 request_free(request);
898 }
899
900
request_cleanup_delay_init(REQUEST * request)901 static void request_cleanup_delay_init(REQUEST *request)
902 {
903 struct timeval now, when;
904
905 VERIFY_REQUEST(request);
906
907 /*
908 * Do cleanup delay ONLY for RADIUS packets from a real
909 * client. Everything else just gets cleaned up
910 * immediately.
911 */
912 if (request->packet->dst_port == 0) goto done;
913
914 /*
915 * Accounting packets shouldn't be retransmitted. They
916 * should always be updated with Acct-Delay-Time.
917 */
918 #ifdef WITH_ACCOUNTING
919 if (request->packet->code == PW_CODE_ACCOUNTING_REQUEST) goto done;
920 #endif
921
922 #ifdef WITH_DHCP
923 if (request->listener->type == RAD_LISTEN_DHCP) goto done;
924 #endif
925
926 #ifdef WITH_VMPS
927 if (request->listener->type == RAD_LISTEN_VQP) goto done;
928 #endif
929
930 if (!request->root->cleanup_delay) goto done;
931
932 gettimeofday(&now, NULL);
933
934 rad_assert(request->reply->timestamp.tv_sec != 0);
935 when = request->reply->timestamp;
936
937 request->delay = request->root->cleanup_delay;
938 when.tv_sec += request->delay;
939
940 /*
941 * Set timer for when we need to clean it up.
942 */
943 if (timercmp(&when, &now, >)) {
944 #ifdef DEBUG_STATE_MACHINE
945 if (rad_debug_lvl) printf("(%u) ********\tNEXT-STATE %s -> %s\n", request->number, __FUNCTION__, "request_cleanup_delay");
946 #endif
947 request->process = request_cleanup_delay;
948
949 if (!we_are_master()) {
950 FINAL_STATE(REQUEST_CLEANUP_DELAY);
951 return;
952 }
953
954 /*
955 * Update this if we can, otherwise let the timers pick it up.
956 */
957 request->child_state = REQUEST_CLEANUP_DELAY;
958 #ifdef HAVE_PTHREAD_H
959 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
960 #endif
961 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
962 return;
963 }
964
965 /*
966 * Otherwise just clean it up.
967 */
968 done:
969 request_done(request, FR_ACTION_DONE);
970 }
971
972
973 /*
974 * Enforce max_request_time.
975 */
request_max_time(REQUEST * request)976 static bool request_max_time(REQUEST *request)
977 {
978 struct timeval now, when;
979 rad_assert(request->magic == REQUEST_MAGIC);
980 #ifdef DEBUG_STATE_MACHINE
981 int action = FR_ACTION_TIMER;
982 #endif
983
984 VERIFY_REQUEST(request);
985
986 TRACE_STATE_MACHINE;
987 ASSERT_MASTER;
988
989 /*
990 * The child thread has acknowledged it's done.
991 * Transition to the DONE state.
992 *
993 * If the request was marked STOP, then the "check for
994 * stop" macro already took care of it.
995 */
996 if (request->child_state == REQUEST_DONE) {
997 done:
998 request_done(request, FR_ACTION_CANCELLED);
999 return true;
1000 }
1001
1002 /*
1003 * The request is still running. Enforce max_request_time.
1004 */
1005 fr_event_now(el, &now);
1006 when = request->packet->timestamp;
1007 when.tv_sec += request->root->max_request_time;
1008
1009 /*
1010 * Taking too long: tell it to die.
1011 */
1012 if (timercmp(&now, &when, >=)) {
1013 #ifdef HAVE_PTHREAD_H
1014 /*
1015 * If there's a child thread processing it,
1016 * complain.
1017 */
1018 if (spawn_flag &&
1019 (pthread_equal(request->child_pid, NO_SUCH_CHILD_PID) == 0)) {
1020 ERROR("Unresponsive child for request %u, in component %s module %s",
1021 request->number,
1022 request->component ? request->component : "<core>",
1023 request->module ? request->module : "<core>");
1024 exec_trigger(request, NULL, "server.thread.unresponsive", true);
1025 }
1026 #endif
1027 /*
1028 * Tell the request that it's done.
1029 */
1030 goto done;
1031 }
1032
1033 /*
1034 * Sleep for some more. We HOPE that the child will
1035 * become responsive at some point in the future. We do
1036 * this by adding 50% to the current timer.
1037 */
1038 when = now;
1039 tv_add(&when, request->delay);
1040 request->delay += request->delay >> 1;
1041 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
1042 return false;
1043 }
1044
request_queue_or_run(REQUEST * request,fr_request_process_t process)1045 static void request_queue_or_run(REQUEST *request,
1046 fr_request_process_t process)
1047 {
1048 #ifdef DEBUG_STATE_MACHINE
1049 int action = FR_ACTION_TIMER;
1050 #endif
1051
1052 VERIFY_REQUEST(request);
1053
1054 TRACE_STATE_MACHINE;
1055
1056 /*
1057 * Do this here so that fewer other functions need to do
1058 * it.
1059 */
1060 if (request->master_state == REQUEST_STOP_PROCESSING) {
1061 #ifdef DEBUG_STATE_MACHINE
1062 if (rad_debug_lvl) printf("(%u) ********\tSTATE %s M-%s causes C-%s-> C-%s\t********\n",
1063 request->number, __FUNCTION__,
1064 master_state_names[request->master_state],
1065 child_state_names[request->child_state],
1066 child_state_names[REQUEST_DONE]);
1067 #endif
1068 request_done(request, FR_ACTION_CANCELLED);
1069 return;
1070 }
1071
1072 request->process = process;
1073
1074 if (we_are_master()) {
1075 struct timeval when;
1076
1077 /*
1078 * (re) set the initial delay.
1079 */
1080 request->delay = request_init_delay(request);
1081 if (request->delay > USEC) request->delay = USEC;
1082 gettimeofday(&when, NULL);
1083 tv_add(&when, request->delay);
1084 request->delay += request->delay >> 1;
1085
1086 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
1087
1088 #ifdef HAVE_PTHREAD_H
1089 if (spawn_flag) {
1090 /*
1091 * A child thread will eventually pick it up.
1092 */
1093 if (request_enqueue(request)) return;
1094
1095 /*
1096 * Otherwise we're not going to do anything with
1097 * it...
1098 */
1099 request_done(request, FR_ACTION_CANCELLED);
1100 return;
1101 }
1102 #endif
1103 }
1104
1105 request->child_state = REQUEST_RUNNING;
1106 request->process(request, FR_ACTION_RUN);
1107
1108 #ifdef WNOHANG
1109 /*
1110 * Requests that care about child process exit
1111 * codes have already either called
1112 * rad_waitpid(), or they've given up.
1113 */
1114 while (waitpid(-1, NULL, WNOHANG) > 0);
1115 #endif
1116 }
1117
request_inject(REQUEST * request)1118 void request_inject(REQUEST *request)
1119 {
1120 request_queue_or_run(request, request_running);
1121 }
1122
1123
request_dup(REQUEST * request)1124 static void request_dup(REQUEST *request)
1125 {
1126 ERROR("(%u) Ignoring duplicate packet from "
1127 "client %s port %d - ID: %u due to unfinished request "
1128 "in component %s module %s",
1129 request->number, request->client->shortname,
1130 request->packet->src_port,request->packet->id,
1131 request->component, request->module);
1132 }
1133
1134
1135 /** Sit on a request until it's time to clean it up.
1136 *
1137 * A NAS may not see a response from the server. When the NAS
1138 * retransmits, we want to be able to send a cached reply back. The
1139 * alternative is to re-process the packet, which does bad things for
1140 * EAP, among others.
1141 *
1142 * IF we do see a NAS retransmit, we extend the cleanup delay,
1143 * because the NAS might miss our cached reply.
1144 *
1145 * Otherwise, once we reach cleanup_delay, we transition to DONE.
1146 *
1147 * \dot
1148 * digraph cleanup_delay {
1149 * cleanup_delay;
1150 * send_reply [ label = "send_reply\nincrease cleanup delay" ];
1151 *
1152 * cleanup_delay -> send_reply [ label = "DUP" ];
1153 * send_reply -> cleanup_delay;
1154 * cleanup_delay -> proxy_reply_too_late [ label = "PROXY_REPLY", arrowhead = "none" ];
1155 * cleanup_delay -> cleanup_delay [ label = "TIMER < timeout" ];
1156 * cleanup_delay -> done [ label = "TIMER >= timeout" ];
1157 * }
1158 * \enddot
1159 */
request_cleanup_delay(REQUEST * request,int action)1160 static void request_cleanup_delay(REQUEST *request, int action)
1161 {
1162 struct timeval when, now;
1163
1164 VERIFY_REQUEST(request);
1165
1166 TRACE_STATE_MACHINE;
1167 ASSERT_MASTER;
1168 COA_SEPARATE;
1169 CHECK_FOR_STOP;
1170
1171 switch (action) {
1172 case FR_ACTION_DUP:
1173 if (request->reply->code != 0) {
1174 DEBUG("(%u) Sending duplicate reply to "
1175 "client %s port %d - ID: %u",
1176 request->number, request->client->shortname,
1177 request->packet->src_port,request->packet->id);
1178 request->listener->send(request->listener, request);
1179 } else {
1180 RDEBUG("No reply. Ignoring retransmit");
1181 }
1182
1183 /*
1184 * Double the cleanup_delay to catch retransmits.
1185 */
1186 when = request->reply->timestamp;
1187 request->delay += request->delay;
1188 when.tv_sec += request->delay;
1189
1190 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
1191 break;
1192
1193 #ifdef WITH_PROXY
1194 case FR_ACTION_PROXY_REPLY:
1195 proxy_reply_too_late(request);
1196 break;
1197 #endif
1198
1199 case FR_ACTION_TIMER:
1200 fr_event_now(el, &now);
1201
1202 rad_assert(request->root->cleanup_delay > 0);
1203
1204 when = request->reply->timestamp;
1205 when.tv_sec += request->root->cleanup_delay;
1206
1207 if (timercmp(&when, &now, >)) {
1208 #ifdef DEBUG_STATE_MACHINE
1209 if (rad_debug_lvl) printf("(%u) ********\tNEXT-STATE %s -> %s\n", request->number, __FUNCTION__, "request_cleanup_delay");
1210 #endif
1211 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
1212 return;
1213 } /* else it's time to clean up */
1214
1215 request_done(request, FR_ACTION_DONE);
1216 break;
1217
1218 default:
1219 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
1220 break;
1221 }
1222 }
1223
1224
1225 /** Sit on a request until it's time to respond to it.
1226 *
1227 * For security reasons, rejects (and maybe some other) packets are
1228 * delayed for a while before we respond. This delay means that
1229 * badly behaved NASes don't hammer the server with authentication
1230 * attempts.
1231 *
1232 * Otherwise, once we reach response_delay, we send the reply, and
1233 * transition to cleanup_delay.
1234 *
1235 * \dot
1236 * digraph response_delay {
1237 * response_delay -> proxy_reply_too_late [ label = "PROXY_REPLY", arrowhead = "none" ];
1238 * response_delay -> response_delay [ label = "DUP, TIMER < timeout" ];
1239 * response_delay -> send_reply [ label = "TIMER >= timeout" ];
1240 * send_reply -> cleanup_delay;
1241 * }
1242 * \enddot
1243 */
request_response_delay(REQUEST * request,int action)1244 static void request_response_delay(REQUEST *request, int action)
1245 {
1246 struct timeval when, now;
1247
1248 VERIFY_REQUEST(request);
1249
1250 TRACE_STATE_MACHINE;
1251 ASSERT_MASTER;
1252 COA_SEPARATE;
1253 CHECK_FOR_STOP;
1254
1255 switch (action) {
1256 case FR_ACTION_DUP:
1257 RDEBUG("(%u) Discarding duplicate request from "
1258 "client %s port %d - ID: %u due to delayed response",
1259 request->number, request->client->shortname,
1260 request->packet->src_port,request->packet->id);
1261 break;
1262
1263 #ifdef WITH_PROXY
1264 case FR_ACTION_PROXY_REPLY:
1265 proxy_reply_too_late(request);
1266 break;
1267 #endif
1268
1269 case FR_ACTION_TIMER:
1270 fr_event_now(el, &now);
1271
1272 /*
1273 * See if it's time to send the reply. If not,
1274 * we wait some more.
1275 */
1276 when = request->reply->timestamp;
1277
1278 tv_add(&when, request->response_delay.tv_sec * USEC);
1279 tv_add(&when, request->response_delay.tv_usec);
1280
1281 if (timercmp(&when, &now, >)) {
1282 #ifdef DEBUG_STATE_MACHINE
1283 if (rad_debug_lvl) printf("(%u) ********\tNEXT-STATE %s -> %s\n", request->number, __FUNCTION__, "request_response_delay");
1284 #endif
1285 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
1286 return;
1287 } /* else it's time to send the reject */
1288
1289 RDEBUG2("Sending delayed response");
1290 request->listener->encode(request->listener, request);
1291 debug_packet(request, request->reply, false);
1292 request->listener->send(request->listener, request);
1293
1294 /*
1295 * Clean up the request.
1296 */
1297 request_cleanup_delay_init(request);
1298 break;
1299
1300 default:
1301 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
1302 break;
1303 }
1304 }
1305
1306
request_pre_handler(REQUEST * request,UNUSED int action)1307 static int request_pre_handler(REQUEST *request, UNUSED int action)
1308 {
1309 int rcode;
1310
1311 VERIFY_REQUEST(request);
1312
1313 TRACE_STATE_MACHINE;
1314
1315 if (request->master_state == REQUEST_STOP_PROCESSING) return 0;
1316
1317 /*
1318 * Don't decode the packet if it's an internal "fake"
1319 * request. Instead, just return so that the caller can
1320 * process it.
1321 */
1322 if (request->packet->dst_port == 0) {
1323 request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
1324 request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
1325 return 1;
1326 }
1327
1328 if (!request->packet->vps) { /* FIXME: check for correct state */
1329 rcode = request->listener->decode(request->listener, request);
1330
1331 #ifdef WITH_UNLANG
1332 if (debug_condition) {
1333 /*
1334 * Ignore parse errors.
1335 */
1336 if (radius_evaluate_cond(request, RLM_MODULE_OK, 0, debug_condition)) {
1337 request->log.lvl = L_DBG_LVL_2;
1338 request->log.func = vradlog_request;
1339 }
1340 }
1341 #endif
1342
1343 debug_packet(request, request->packet, true);
1344 } else {
1345 rcode = 0;
1346 }
1347
1348 if (rcode < 0) {
1349 RATE_LIMIT(INFO("Dropping packet without response because of error: %s", fr_strerror()));
1350 request->reply->offset = -2; /* bad authenticator */
1351 return 0;
1352 }
1353
1354 if (!request->username) {
1355 request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
1356 }
1357
1358 return 1;
1359 }
1360
1361
1362 /** Do the final processing of a request before we reply to the NAS.
1363 *
1364 * Various cleanups, suppress responses, copy Proxy-State, and set
1365 * response_delay or cleanup_delay;
1366 */
request_finish(REQUEST * request,int action)1367 static void request_finish(REQUEST *request, int action)
1368 {
1369 VALUE_PAIR *vp;
1370
1371 VERIFY_REQUEST(request);
1372
1373 TRACE_STATE_MACHINE;
1374 CHECK_FOR_STOP;
1375
1376 (void) action; /* -Wunused */
1377
1378 #ifdef WITH_COA
1379 /*
1380 * Don't do post-auth if we're a CoA request originated
1381 * from an Access-Request. See request_alloc_coa() for
1382 * details.
1383 */
1384 if ((request->options & RAD_REQUEST_OPTION_COA) != 0) goto done;
1385 #endif
1386
1387 /*
1388 * Override the response code if a control:Response-Packet-Type attribute is present.
1389 */
1390 vp = fr_pair_find_by_num(request->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
1391 if (vp) {
1392 if (vp->vp_integer == 256) {
1393 RDEBUG2("Not responding to request");
1394 fr_pair_delete_by_num(&request->reply->vps, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
1395 request->reply->code = 0;
1396 } else {
1397 request->reply->code = vp->vp_integer;
1398 }
1399 }
1400 /*
1401 * Catch Auth-Type := Reject BEFORE proxying the packet.
1402 */
1403 else if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
1404 if (request->reply->code == 0) {
1405 vp = fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
1406 if (!vp || (vp->vp_integer != 5)) {
1407 RDEBUG2("There was no response configured: "
1408 "rejecting request");
1409 }
1410
1411 request->reply->code = PW_CODE_ACCESS_REJECT;
1412 }
1413 }
1414
1415 /*
1416 * Copy Proxy-State from the request to the reply.
1417 */
1418 vp = fr_pair_list_copy_by_num(request->reply, request->packet->vps,
1419 PW_PROXY_STATE, 0, TAG_ANY);
1420 if (vp) fr_pair_add(&request->reply->vps, vp);
1421
1422 /*
1423 * Call Post-Auth for Access-Request packets.
1424 */
1425 if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
1426 rad_postauth(request);
1427
1428 vp = fr_pair_find_by_num(request->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
1429 if (vp && (vp->vp_integer == 256)) {
1430 RDEBUG2("Not responding to request");
1431 request->reply->code = 0;
1432 }
1433 }
1434
1435 #ifdef WITH_COA
1436 /*
1437 * Maybe originate a CoA request.
1438 */
1439 if ((action == FR_ACTION_RUN) && !request->proxy && request->coa) {
1440 request_coa_originate(request);
1441 }
1442 #endif
1443
1444 /*
1445 * Clean up. These are no longer needed.
1446 */
1447 gettimeofday(&request->reply->timestamp, NULL);
1448
1449 /*
1450 * Fake packets get marked as "done", and have the
1451 * proxy-reply section deal with the reply attributes.
1452 * We therefore don't free the reply attributes.
1453 */
1454 if (request->packet->dst_port == 0) {
1455 RDEBUG("Finished internally proxied request.");
1456 FINAL_STATE(REQUEST_DONE);
1457 return;
1458 }
1459
1460 #ifdef WITH_DETAIL
1461 /*
1462 * Always send the reply to the detail listener.
1463 */
1464 if (request->listener->type == RAD_LISTEN_DETAIL) {
1465 request->simul_max = 1;
1466
1467 /*
1468 * But only print the reply if there is one.
1469 */
1470 if (request->reply->code != 0) {
1471 debug_packet(request, request->reply, false);
1472 }
1473
1474 request->listener->send(request->listener, request);
1475 goto done;
1476 }
1477 #endif
1478
1479 /*
1480 * Ignore all "do not respond" packets.
1481 * Except for the detail ones, which need to ping
1482 * the detail file reader so that it will retransmit.
1483 */
1484 if (!request->reply->code) {
1485 RDEBUG("Not sending reply to client.");
1486 goto done;
1487 }
1488
1489 /*
1490 * If it's not in the request hash, we MIGHT not want to
1491 * send a reply.
1492 *
1493 * If duplicate packets are allowed, then then only
1494 * reason to NOT be in the request hash is because we
1495 * don't want to send a reply.
1496 *
1497 * FIXME: this is crap. The rest of the state handling
1498 * should use a different field so that we don't have two
1499 * meanings for it.
1500 *
1501 * Otherwise duplicates are forbidden, and the request is
1502 * SUPPOSED to avoid the request hash.
1503 *
1504 * In that case, we need to send a reply.
1505 */
1506 if (!request->in_request_hash &&
1507 !request->listener->nodup) {
1508 RDEBUG("Suppressing reply to client.");
1509 goto done;
1510 }
1511
1512 /*
1513 * See if we need to delay an Access-Reject packet.
1514 */
1515 if ((request->packet->code == PW_CODE_ACCESS_REQUEST) &&
1516 (request->reply->code == PW_CODE_ACCESS_REJECT) &&
1517 (request->root->reject_delay.tv_sec > 0)) {
1518 request->response_delay = request->root->reject_delay;
1519
1520 vp = fr_pair_find_by_num(request->reply->vps, PW_FREERADIUS_RESPONSE_DELAY, 0, TAG_ANY);
1521 if (vp) {
1522 if (vp->vp_integer <= 10) {
1523 request->response_delay.tv_sec = vp->vp_integer;
1524 } else {
1525 request->response_delay.tv_sec = 10;
1526 }
1527 request->response_delay.tv_usec = 0;
1528 } else {
1529 vp = fr_pair_find_by_num(request->reply->vps, PW_FREERADIUS_RESPONSE_DELAY_USEC, 0, TAG_ANY);
1530 if (vp) {
1531 if (vp->vp_integer <= 10 * USEC) {
1532 request->response_delay.tv_sec = vp->vp_integer / USEC;
1533 request->response_delay.tv_usec = vp->vp_integer % USEC;
1534 } else {
1535 request->response_delay.tv_sec = 10;
1536 request->response_delay.tv_usec = 0;
1537 }
1538 }
1539 }
1540
1541 #ifdef WITH_PROXY
1542 /*
1543 * If we timed out a proxy packet, don't delay
1544 * the reject any more.
1545 */
1546 if (request->proxy && !request->proxy_reply) {
1547 request->response_delay.tv_sec = 0;
1548 request->response_delay.tv_usec = 0;
1549 }
1550 #endif
1551 }
1552
1553 /*
1554 * Send the reply.
1555 */
1556 if ((request->response_delay.tv_sec == 0) &&
1557 (request->response_delay.tv_usec == 0)) {
1558
1559 /*
1560 * Don't print a reply if there's none to send.
1561 */
1562 if (request->reply->code != 0) {
1563 if (rad_debug_lvl && request->state &&
1564 (request->reply->code == PW_CODE_ACCESS_ACCEPT)) {
1565 if (!fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY)) {
1566 RWDEBUG2("Unused attributes found in &session-state:");
1567 }
1568 }
1569
1570 request->listener->encode(request->listener, request);
1571 debug_packet(request, request->reply, false);
1572 request->listener->send(request->listener, request);
1573 }
1574
1575 done:
1576 RDEBUG2("Finished request");
1577 request_cleanup_delay_init(request);
1578
1579 } else {
1580 /*
1581 * Encode and sign it here, so that the master
1582 * thread can just send the encoded data, which
1583 * means it does less work.
1584 */
1585 RDEBUG2("Delaying response for %d.%06d seconds",
1586 (int) request->response_delay.tv_sec, (int) request->response_delay.tv_usec);
1587 request->listener->encode(request->listener, request);
1588 request->process = request_response_delay;
1589
1590 FINAL_STATE(REQUEST_RESPONSE_DELAY);
1591 }
1592 }
1593
1594 /** Process a request from a client.
1595 *
1596 * The outcome might be that the request is proxied.
1597 *
1598 * \dot
1599 * digraph running {
1600 * running -> running [ label = "TIMER < max_request_time" ];
1601 * running -> done [ label = "TIMER >= max_request_time" ];
1602 * running -> proxy [ label = "proxied" ];
1603 * running -> dup [ label = "DUP", arrowhead = "none" ];
1604 * }
1605 * \enddot
1606 */
request_running(REQUEST * request,int action)1607 static void request_running(REQUEST *request, int action)
1608 {
1609 int rcode;
1610
1611 VERIFY_REQUEST(request);
1612
1613 TRACE_STATE_MACHINE;
1614 CHECK_FOR_STOP;
1615
1616 switch (action) {
1617 case FR_ACTION_TIMER:
1618 (void) request_max_time(request);
1619 break;
1620
1621 case FR_ACTION_DUP:
1622 request_dup(request);
1623 break;
1624
1625 case FR_ACTION_RUN:
1626 if (!request_pre_handler(request, action)) {
1627 #ifdef DEBUG_STATE_MACHINE
1628 if (rad_debug_lvl) printf("(%u) ********\tSTATE %s failed in pre-handler C-%s -> C-%s\t********\n",
1629 request->number, __FUNCTION__,
1630 child_state_names[request->child_state],
1631 child_state_names[REQUEST_DONE]);
1632 #endif
1633 FINAL_STATE(REQUEST_DONE);
1634 break;
1635 }
1636
1637 rad_assert(request->handle != NULL);
1638 request->handle(request);
1639
1640 #ifdef WITH_PROXY
1641 /*
1642 * We may need to send a proxied request.
1643 */
1644 rcode = request_will_proxy(request);
1645 if (rcode == 1) {
1646 #ifdef DEBUG_STATE_MACHINE
1647 if (rad_debug_lvl) printf("(%u) ********\tWill Proxy\t********\n", request->number);
1648 #endif
1649 /*
1650 * If this fails, it
1651 * takes care of setting
1652 * up the post proxy fail
1653 * handler.
1654 */
1655 retry_proxy:
1656 if (request_proxy(request) < 0) {
1657 if (request->home_server && request->home_server->virtual_server) goto req_finished;
1658
1659 if (request->home_pool && request->home_server &&
1660 (request->home_server->state >= HOME_STATE_IS_DEAD)) {
1661 VALUE_PAIR *vp;
1662 REALM *realm = NULL;
1663 home_server_t *home = NULL;
1664
1665 vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
1666 if (vp) realm = realm_find2(vp->vp_strvalue);
1667
1668 /*
1669 * Since request->home_server is dead,
1670 * this function won't pick the same home server as before.
1671 */
1672 if (realm) home = home_server_ldb(vp->vp_strvalue, request->home_pool, request);
1673 if (home) {
1674 home_server_update_request(home, request);
1675 goto retry_proxy;
1676 }
1677 }
1678
1679 (void) setup_post_proxy_fail(request);
1680 process_proxy_reply(request, NULL);
1681 goto req_finished;
1682 }
1683
1684 } else if (rcode < 0) {
1685 /*
1686 * No live home servers, run Post-Proxy-Type Fail.
1687 */
1688 (void) setup_post_proxy_fail(request);
1689 process_proxy_reply(request, NULL);
1690 goto req_finished;
1691 } else
1692 #endif
1693 {
1694 #ifdef DEBUG_STATE_MACHINE
1695 if (rad_debug_lvl) printf("(%u) ********\tFinished\t********\n", request->number);
1696 #endif
1697
1698 #ifdef WITH_PROXY
1699 req_finished:
1700 #endif
1701 request_finish(request, action);
1702 }
1703 break;
1704
1705 default:
1706 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
1707 break;
1708 }
1709 }
1710
request_receive(TALLOC_CTX * ctx,rad_listen_t * listener,RADIUS_PACKET * packet,RADCLIENT * client,RAD_REQUEST_FUNP fun)1711 int request_receive(TALLOC_CTX *ctx, rad_listen_t *listener, RADIUS_PACKET *packet,
1712 RADCLIENT *client, RAD_REQUEST_FUNP fun)
1713 {
1714 uint32_t count;
1715 RADIUS_PACKET **packet_p;
1716 REQUEST *request = NULL;
1717 struct timeval now;
1718 listen_socket_t *sock = NULL;
1719
1720 VERIFY_PACKET(packet);
1721
1722 /*
1723 * Set the last packet received.
1724 */
1725 gettimeofday(&now, NULL);
1726
1727 packet->timestamp = now;
1728
1729 #ifdef WITH_ACCOUNTING
1730 if (listener->type != RAD_LISTEN_DETAIL)
1731 #endif
1732
1733 #ifdef WITH_TCP
1734 {
1735 sock = listener->data;
1736 sock->last_packet = now.tv_sec;
1737
1738 packet->proto = sock->proto;
1739 }
1740 #endif
1741
1742 /*
1743 * Skip everything if required.
1744 */
1745 if (listener->nodup) goto skip_dup;
1746
1747 packet_p = rbtree_finddata(pl, &packet);
1748 if (packet_p) {
1749 rad_child_state_t child_state;
1750 char const *old_module;
1751
1752 request = fr_packet2myptr(REQUEST, packet, packet_p);
1753 rad_assert(request->in_request_hash);
1754 child_state = request->child_state;
1755 old_module = request->module;
1756
1757 /*
1758 * Same src/dst ip/port, length, and
1759 * authentication vector: must be a duplicate.
1760 */
1761 if ((request->packet->data_len == packet->data_len) &&
1762 (memcmp(request->packet->vector, packet->vector,
1763 sizeof(packet->vector)) == 0)) {
1764
1765 #ifdef WITH_STATS
1766 switch (packet->code) {
1767 case PW_CODE_ACCESS_REQUEST:
1768 FR_STATS_INC(auth, total_dup_requests);
1769 break;
1770
1771 #ifdef WITH_ACCOUNTING
1772 case PW_CODE_ACCOUNTING_REQUEST:
1773 FR_STATS_INC(acct, total_dup_requests);
1774 break;
1775 #endif
1776 #ifdef WITH_COA
1777 case PW_CODE_COA_REQUEST:
1778 FR_STATS_INC(coa, total_dup_requests);
1779 break;
1780
1781 case PW_CODE_DISCONNECT_REQUEST:
1782 FR_STATS_INC(dsc, total_dup_requests);
1783 break;
1784 #endif
1785
1786 default:
1787 break;
1788 }
1789 #endif /* WITH_STATS */
1790
1791 /*
1792 * Tell the state machine that there's a
1793 * duplicate request.
1794 */
1795 request->process(request, FR_ACTION_DUP);
1796 return 0; /* duplicate of live request */
1797 }
1798
1799 /*
1800 * Mark the request as done ASAP, and before we
1801 * log anything. The child may stop processing
1802 * the request just as we're logging the
1803 * complaint.
1804 */
1805 request_done(request, FR_ACTION_CANCELLED);
1806 request = NULL;
1807
1808 /*
1809 * It's a new request, not a duplicate. If the
1810 * old one is done, then we can clean it up.
1811 */
1812 if (child_state <= REQUEST_RUNNING) {
1813 /*
1814 * The request is still QUEUED or RUNNING. That's a problem.
1815 */
1816 ERROR("Received conflicting packet from "
1817 "client %s port %d - ID: %u due to "
1818 "unfinished request in module %s. Giving up on old request.",
1819 client->shortname,
1820 packet->src_port, packet->id,
1821 old_module);
1822 }
1823
1824 /*
1825 * Mark the old request as done. If there's no
1826 * child, the request will be cleaned up
1827 * immediately. If there is a child, we'll set a
1828 * timer to go clean up the request.
1829 */
1830 } /* else the new packet is unique */
1831
1832 /*
1833 * Quench maximum number of outstanding requests.
1834 */
1835 if (main_config.max_requests &&
1836 ((count = rbtree_num_elements(pl)) > main_config.max_requests)) {
1837 RATE_LIMIT(ERROR("Dropping request (%d is too many): from client %s port %d - ID: %d", count,
1838 client->shortname,
1839 packet->src_port, packet->id);
1840 WARN("Please check the configuration file.\n"
1841 "\tThe value for 'max_requests' is probably set too low.\n"));
1842
1843 exec_trigger(NULL, NULL, "server.max_requests", true);
1844 return 0;
1845 }
1846
1847 skip_dup:
1848 /*
1849 * Rate-limit the incoming packets
1850 */
1851 if (sock && sock->max_rate) {
1852 uint32_t pps;
1853
1854 pps = rad_pps(&sock->rate_pps_old, &sock->rate_pps_now, &sock->rate_time, &now);
1855 if (pps > sock->max_rate) {
1856 DEBUG("Dropping request due to rate limiting");
1857 return 0;
1858 }
1859 sock->rate_pps_now++;
1860 }
1861
1862 /*
1863 * Allocate a pool for the request.
1864 */
1865 if (!ctx) {
1866 ctx = talloc_pool(NULL, main_config.talloc_pool_size);
1867 if (!ctx) return 0;
1868 talloc_set_name_const(ctx, "request_receive_pool");
1869
1870 /*
1871 * The packet is still allocated from a different
1872 * context, but oh well.
1873 */
1874 (void) talloc_steal(ctx, packet);
1875 }
1876
1877 request = request_setup(ctx, listener, packet, client, fun);
1878 if (!request) {
1879 talloc_free(ctx);
1880 return 1;
1881 }
1882
1883 /*
1884 * Mark it as a "real" request with a context.
1885 */
1886 request->options |= RAD_REQUEST_OPTION_CTX;
1887
1888 /*
1889 * Remember the request in the list.
1890 */
1891 if (!listener->nodup) {
1892 if (!rbtree_insert(pl, &request->packet)) {
1893 RERROR("Failed to insert request in the list of live requests: discarding it");
1894 request_done(request, FR_ACTION_CANCELLED);
1895 return 1;
1896 }
1897
1898 request->in_request_hash = true;
1899 }
1900
1901 /*
1902 * Process it. Send a response, and free it.
1903 */
1904 if (listener->synchronous) {
1905 #ifdef WITH_DETAIL
1906 rad_assert(listener->type != RAD_LISTEN_DETAIL);
1907 #endif
1908
1909 request->listener->decode(request->listener, request);
1910 request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
1911 request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
1912
1913 fun(request);
1914
1915 if (request->reply->code != 0) {
1916 request->listener->send(request->listener, request);
1917 } else {
1918 RDEBUG("Not sending reply");
1919 }
1920
1921 /*
1922 * Don't do delayed reject. Oh well.
1923 */
1924 request_free(request);
1925 return 1;
1926 }
1927
1928 /*
1929 * Otherwise, insert it into the state machine.
1930 * The child threads will take care of processing it.
1931 */
1932 request_queue_or_run(request, request_running);
1933
1934 return 1;
1935 }
1936
1937
request_setup(TALLOC_CTX * ctx,rad_listen_t * listener,RADIUS_PACKET * packet,RADCLIENT * client,RAD_REQUEST_FUNP fun)1938 static REQUEST *request_setup(TALLOC_CTX *ctx, rad_listen_t *listener, RADIUS_PACKET *packet,
1939 RADCLIENT *client, RAD_REQUEST_FUNP fun)
1940 {
1941 REQUEST *request;
1942
1943 /*
1944 * Create and initialize the new request.
1945 */
1946 request = request_alloc(ctx);
1947 if (!request) {
1948 ERROR("No memory");
1949 return NULL;
1950 }
1951 request->reply = rad_alloc_reply(request, packet);
1952 if (!request->reply) {
1953 ERROR("No memory");
1954 talloc_free(request);
1955 return NULL;
1956 }
1957
1958 request->listener = listener;
1959 request->client = client;
1960 request->packet = talloc_steal(request, packet);
1961 request->number = request_num_counter++;
1962 request->priority = listener->type;
1963 request->master_state = REQUEST_ACTIVE;
1964 request->child_state = REQUEST_RUNNING;
1965 #ifdef DEBUG_STATE_MACHINE
1966 if (rad_debug_lvl) printf("(%u) ********\tSTATE %s C-%s -> C-%s\t********\n",
1967 request->number, __FUNCTION__,
1968 child_state_names[request->child_state],
1969 child_state_names[REQUEST_RUNNING]);
1970 #endif
1971 request->handle = fun;
1972 NO_CHILD_THREAD;
1973
1974 #ifdef WITH_STATS
1975 request->listener->stats.last_packet = request->packet->timestamp.tv_sec;
1976 if (packet->code == PW_CODE_ACCESS_REQUEST) {
1977 request->client->auth.last_packet = request->packet->timestamp.tv_sec;
1978 radius_auth_stats.last_packet = request->packet->timestamp.tv_sec;
1979 #ifdef WITH_ACCOUNTING
1980 } else if (packet->code == PW_CODE_ACCOUNTING_REQUEST) {
1981 request->client->acct.last_packet = request->packet->timestamp.tv_sec;
1982 radius_acct_stats.last_packet = request->packet->timestamp.tv_sec;
1983 #endif
1984 }
1985 #endif /* WITH_STATS */
1986
1987 /*
1988 * Status-Server packets go to the head of the queue.
1989 */
1990 if (request->packet->code == PW_CODE_STATUS_SERVER) request->priority = 0;
1991
1992 /*
1993 * Set virtual server identity
1994 */
1995 if (client->server) {
1996 request->server = client->server;
1997 } else if (listener->server) {
1998 request->server = listener->server;
1999 } else {
2000 request->server = NULL;
2001 }
2002
2003 request->root = &main_config;
2004 #ifdef WITH_TCP
2005 request->listener->count++;
2006 #endif
2007
2008 /*
2009 * The request passes many of our sanity checks.
2010 * From here on in, if anything goes wrong, we
2011 * send a reject message, instead of dropping the
2012 * packet.
2013 */
2014
2015 /*
2016 * Build the reply template from the request.
2017 */
2018
2019 request->reply->sockfd = request->packet->sockfd;
2020 request->reply->dst_ipaddr = request->packet->src_ipaddr;
2021 request->reply->src_ipaddr = request->packet->dst_ipaddr;
2022 request->reply->dst_port = request->packet->src_port;
2023 request->reply->src_port = request->packet->dst_port;
2024 request->reply->id = request->packet->id;
2025 request->reply->code = 0; /* UNKNOWN code */
2026 memcpy(request->reply->vector, request->packet->vector,
2027 sizeof(request->reply->vector));
2028 request->reply->vps = NULL;
2029 request->reply->data = NULL;
2030 request->reply->data_len = 0;
2031
2032 return request;
2033 }
2034
2035 #ifdef WITH_TCP
2036 /***********************************************************************
2037 *
2038 * TCP Handlers.
2039 *
2040 ***********************************************************************/
2041
2042 /*
2043 * Timer function for all TCP sockets.
2044 */
tcp_socket_timer(void * ctx)2045 static void tcp_socket_timer(void *ctx)
2046 {
2047 rad_listen_t *listener = talloc_get_type_abort(ctx, rad_listen_t);
2048 listen_socket_t *sock = listener->data;
2049 struct timeval end, now;
2050 char buffer[256];
2051 fr_socket_limit_t *limit;
2052
2053 ASSERT_MASTER;
2054
2055 if (listener->status != RAD_LISTEN_STATUS_KNOWN) return;
2056
2057 fr_event_now(el, &now);
2058
2059 switch (listener->type) {
2060 #ifdef WITH_PROXY
2061 case RAD_LISTEN_PROXY:
2062 limit = &sock->home->limit;
2063 break;
2064 #endif
2065
2066 case RAD_LISTEN_AUTH:
2067 #ifdef WITH_ACCOUNTING
2068 case RAD_LISTEN_ACCT:
2069 #endif
2070 limit = &sock->limit;
2071 break;
2072
2073 default:
2074 return;
2075 }
2076
2077 /*
2078 * If we enforce a lifetime, do it now.
2079 */
2080 if (limit->lifetime > 0) {
2081 end.tv_sec = sock->opened + limit->lifetime;
2082 end.tv_usec = 0;
2083
2084 if (timercmp(&end, &now, <=)) {
2085 listener->print(listener, buffer, sizeof(buffer));
2086 DEBUG("Reached maximum lifetime on socket %s", buffer);
2087
2088 do_close:
2089
2090 #ifdef WITH_PROXY
2091 /*
2092 * Proxy sockets get frozen, so that we don't use
2093 * them for new requests. But we do keep them
2094 * open to listen for replies to requests we had
2095 * previously sent.
2096 */
2097 if (listener->type == RAD_LISTEN_PROXY
2098 #ifdef WITH_COA_TUNNEL
2099 || listener->send_coa
2100 #endif
2101 ) {
2102 PTHREAD_MUTEX_LOCK(&proxy_mutex);
2103 if (!fr_packet_list_socket_freeze(proxy_list,
2104 listener->fd)) {
2105 ERROR("Fatal error freezing socket: %s", fr_strerror());
2106 fr_exit(1);
2107 }
2108 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2109 }
2110 #endif
2111
2112 /*
2113 * Mark the socket as "don't use if at all possible".
2114 */
2115 listener->status = RAD_LISTEN_STATUS_FROZEN;
2116 event_new_fd(listener);
2117 return;
2118 }
2119 } else {
2120 end = now;
2121 end.tv_sec += 3600;
2122 }
2123
2124 /*
2125 * Enforce an idle timeout.
2126 */
2127 if (limit->idle_timeout > 0) {
2128 struct timeval idle;
2129
2130 rad_assert(sock->last_packet != 0);
2131 idle.tv_sec = sock->last_packet + limit->idle_timeout;
2132 idle.tv_usec = 0;
2133
2134 if (timercmp(&idle, &now, <=)) {
2135 listener->print(listener, buffer, sizeof(buffer));
2136 DEBUG("Reached idle timeout on socket %s", buffer);
2137 goto do_close;
2138 }
2139
2140 /*
2141 * Enforce the minimum of idle timeout or lifetime.
2142 */
2143 if (timercmp(&idle, &end, <)) {
2144 end = idle;
2145 }
2146 }
2147
2148 /*
2149 * Wake up at t + 0.5s. The code above checks if the timers
2150 * are <= t. This addition gives us a bit of leeway.
2151 */
2152 end.tv_usec = USEC / 2;
2153
2154 ASSERT_MASTER;
2155 if (!fr_event_insert(el, tcp_socket_timer, listener, &end, &sock->ev)) {
2156 rad_panic("Failed to insert event");
2157 }
2158 }
2159
2160
2161 #ifdef WITH_PROXY
2162 /*
2163 * Called by socket_del to remove requests with this socket
2164 */
eol_proxy_listener(void * ctx,void * data)2165 static int eol_proxy_listener(void *ctx, void *data)
2166 {
2167 rad_listen_t *this = talloc_get_type_abort(ctx, rad_listen_t);
2168 RADIUS_PACKET **proxy_p = data;
2169 REQUEST *request;
2170
2171 request = fr_packet2myptr(REQUEST, proxy, proxy_p);
2172 if (request->proxy_listener != this) return 0;
2173
2174 /*
2175 * The normal "remove_from_proxy_hash" tries to grab the
2176 * proxy mutex. We already have it held, so grabbing it
2177 * again will cause a deadlock. Instead, call the "no
2178 * lock" version of the function.
2179 */
2180 rad_assert(request->in_proxy_hash == true);
2181 remove_from_proxy_hash_nl(request, false);
2182
2183 /*
2184 * Don't mark it as DONE. The client can retransmit, and
2185 * the packet SHOULD be re-proxied somewhere else.
2186 *
2187 * Return "2" means that the rbtree code will remove it
2188 * from the tree, and we don't need to do it ourselves.
2189 */
2190 return 2;
2191 }
2192 #endif /* WITH_PROXY */
2193
eol_listener(void * ctx,void * data)2194 static int eol_listener(void *ctx, void *data)
2195 {
2196 rad_listen_t *this = talloc_get_type_abort(ctx, rad_listen_t);
2197 RADIUS_PACKET **packet_p = data;
2198 REQUEST *request;
2199
2200 request = fr_packet2myptr(REQUEST, packet, packet_p);
2201 if (request->listener != this) return 0;
2202
2203 request->master_state = REQUEST_STOP_PROCESSING;
2204 request->process = request_done;
2205
2206 return 0;
2207 }
2208 #endif /* WITH_TCP */
2209
2210 #ifdef WITH_PROXY
2211 /***********************************************************************
2212 *
2213 * Proxy handlers for the state machine.
2214 *
2215 ***********************************************************************/
2216
2217 /*
2218 * Called with the proxy mutex held
2219 */
remove_from_proxy_hash_nl(REQUEST * request,bool yank)2220 static void remove_from_proxy_hash_nl(REQUEST *request, bool yank)
2221 {
2222 VERIFY_REQUEST(request);
2223
2224 if (!request->in_proxy_hash) return;
2225
2226 #ifdef COA_TUNNEL
2227 /*
2228 * Track how many IDs are used. This information
2229 * helps the listen_coa_find() function get a
2230 * listener which has free IDs.
2231 */
2232 rad_assert(request->proxy_listener->num_ids_used > 0);
2233 request->proxy_listener->num_ids_used--;
2234 #endif
2235
2236 fr_packet_list_id_free(proxy_list, request->proxy, yank);
2237 request->in_proxy_hash = false;
2238
2239 /*
2240 * On the FIRST reply, decrement the count of outstanding
2241 * requests. Note that this is NOT the count of sent
2242 * packets, but whether or not the home server has
2243 * responded at all.
2244 */
2245 if (request->home_server &&
2246 request->home_server->currently_outstanding) {
2247 request->home_server->currently_outstanding--;
2248
2249 /*
2250 * If we're NOT sending it packets, AND it's been
2251 * a while since we got a response, then we don't
2252 * know if it's alive or dead.
2253 */
2254 if ((request->home_server->currently_outstanding == 0) &&
2255 (request->home_server->state == HOME_STATE_ALIVE)) {
2256 struct timeval when, now;
2257
2258 when.tv_sec = request->home_server->last_packet_recv ;
2259 when.tv_usec = 0;
2260
2261 timeradd(&when, request_response_window(request), &when);
2262 gettimeofday(&now, NULL);
2263
2264 /*
2265 * last_packet + response_window
2266 *
2267 * We *administratively* mark the home
2268 * server as "unknown" state, because we
2269 * haven't seen a packet for a while.
2270 */
2271 if (timercmp(&now, &when, >)) {
2272 request->home_server->state = HOME_STATE_UNKNOWN;
2273 request->home_server->last_packet_sent = 0;
2274 request->home_server->last_packet_recv = 0;
2275 }
2276 }
2277 }
2278
2279 #ifdef WITH_TCP
2280 if (request->proxy_listener) {
2281 request->proxy_listener->count--;
2282 }
2283 #endif
2284 request->proxy_listener = NULL;
2285
2286 /*
2287 * Got from YES in hash, to NO, not in hash while we hold
2288 * the mutex. This guarantees that when another thread
2289 * grabs the mutex, the "not in hash" flag is correct.
2290 */
2291 }
2292
remove_from_proxy_hash(REQUEST * request)2293 static void remove_from_proxy_hash(REQUEST *request)
2294 {
2295 VERIFY_REQUEST(request);
2296
2297 /*
2298 * Check this without grabbing the mutex because it's a
2299 * lot faster that way.
2300 */
2301 if (!request->in_proxy_hash) return;
2302
2303 #ifdef WITH_TCP
2304 /*
2305 * Status-Server packets aren't removed from the proxy hash. They're reused.
2306 *
2307 * Unless we're tearing down the listener.
2308 */
2309 if ((request->proxy->proto == IPPROTO_TCP) && (request->proxy->code == PW_CODE_STATUS_SERVER) &&
2310 request->proxy_listener && (request->proxy_listener->status < RAD_LISTEN_STATUS_EOL)) {
2311 return;
2312 }
2313 #endif
2314
2315 /*
2316 * The "not in hash" flag is definitive. However, if the
2317 * flag says that it IS in the hash, there might still be
2318 * a race condition where it isn't.
2319 */
2320 PTHREAD_MUTEX_LOCK(&proxy_mutex);
2321
2322 if (!request->in_proxy_hash) {
2323 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2324 return;
2325 }
2326
2327 remove_from_proxy_hash_nl(request, true);
2328
2329 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2330 }
2331
insert_into_proxy_hash(REQUEST * request)2332 static int insert_into_proxy_hash(REQUEST *request)
2333 {
2334 char buf[128];
2335 int tries;
2336 bool success = false;
2337 void *proxy_listener;
2338 #ifdef WITH_COA_TUNNEL
2339 bool reverse_coa = request->proxy_listener && (request->proxy_listener->type != RAD_LISTEN_PROXY);
2340 #endif
2341
2342 VERIFY_REQUEST(request);
2343
2344 rad_assert(request->proxy != NULL);
2345 rad_assert(request->home_server != NULL);
2346 rad_assert(proxy_list != NULL);
2347
2348
2349 PTHREAD_MUTEX_LOCK(&proxy_mutex);
2350 proxy_listener = request->proxy_listener; /* may or may not be NULL */
2351 request->num_proxied_requests = 1;
2352 request->num_proxied_responses = 0;
2353
2354 for (tries = 0; tries < 2; tries++) {
2355 rad_listen_t *this;
2356 listen_socket_t *sock;
2357
2358 RDEBUG3("proxy: Trying to allocate ID (%d/2)", tries);
2359 success = fr_packet_list_id_alloc(proxy_list,
2360 request->home_server->proto,
2361 &request->proxy, &proxy_listener);
2362 if (success) break;
2363
2364 #ifdef WITH_COA_TUNNEL
2365 /*
2366 * Can't allocate an ID here, try to grab another
2367 * listener by key.
2368 */
2369 if (reverse_coa) {
2370 int rcode;
2371 VALUE_PAIR *vp;
2372
2373 /*
2374 * Find the Originating-Realm key, which
2375 * might not be the same as
2376 * proxy_listener->key.
2377 */
2378 vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_ORIGINATING_REALM, 0, TAG_ANY);
2379 if (!vp) break;
2380
2381 /*
2382 * We don't want to hold multiple mutexes
2383 * at the same time.
2384 */
2385 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2386 rcode = listen_coa_find(request, vp->vp_strvalue);
2387 PTHREAD_MUTEX_LOCK(&proxy_mutex);
2388 if (rcode < 0) continue;
2389 break;
2390 }
2391 #endif
2392
2393 if (tries > 0) continue; /* try opening new socket only once */
2394
2395 #ifdef HAVE_PTHREAD_H
2396 if (proxy_no_new_sockets) break;
2397 #endif
2398
2399 RDEBUG3("proxy: Trying to open a new listener to the home server");
2400 this = proxy_new_listener(proxy_ctx, request->home_server, 0);
2401 if (!this) {
2402 request->home_server->state = HOME_STATE_CONNECTION_FAIL;
2403 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2404 goto fail;
2405 }
2406
2407 request->proxy->src_port = 0; /* Use any new socket */
2408 proxy_listener = this;
2409
2410 sock = this->data;
2411 if (!fr_packet_list_socket_add(proxy_list, this->fd,
2412 sock->proto,
2413 &sock->other_ipaddr, sock->other_port,
2414 this)) {
2415
2416 #ifdef HAVE_PTHREAD_H
2417 proxy_no_new_sockets = true;
2418 #endif
2419 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2420
2421 /*
2422 * This is bad. However, the
2423 * packet list now supports 256
2424 * open sockets, which should
2425 * minimize this problem.
2426 */
2427 ERROR("Failed adding proxy socket: %s",
2428 fr_strerror());
2429 goto fail;
2430 }
2431
2432 #ifdef COA_TUNNEL
2433 /*
2434 * Track how many IDs are used. This information
2435 * helps the listen_coa_find() function get a
2436 * listener which has free IDs.
2437 */
2438 request->proxy_listener->num_ids_used++;
2439 #endif
2440
2441 /*
2442 * Add it to the event loop. Ensure that we have
2443 * only one mutex locked at a time.
2444 */
2445 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2446 radius_update_listener(this);
2447 PTHREAD_MUTEX_LOCK(&proxy_mutex);
2448 }
2449
2450 if (!proxy_listener || !success) {
2451 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2452 REDEBUG2("proxy: Failed allocating Id for proxied request");
2453 fail:
2454 request->proxy_listener = NULL;
2455 request->in_proxy_hash = false;
2456 return 0;
2457 }
2458
2459 rad_assert(request->proxy->id >= 0);
2460
2461 request->proxy_listener = proxy_listener;
2462 request->in_proxy_hash = true;
2463 RDEBUG3("proxy: request is now in proxy hash");
2464
2465 /*
2466 * Keep track of maximum outstanding requests to a
2467 * particular home server. 'max_outstanding' is
2468 * enforced in home_server_ldb(), in realms.c.
2469 */
2470 request->home_server->currently_outstanding++;
2471
2472 #ifdef WITH_TCP
2473 request->proxy_listener->count++;
2474 #endif
2475
2476 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2477
2478 RDEBUG3("proxy: allocating destination %s port %d - Id %d",
2479 inet_ntop(request->proxy->dst_ipaddr.af,
2480 &request->proxy->dst_ipaddr.ipaddr, buf, sizeof(buf)),
2481 request->proxy->dst_port,
2482 request->proxy->id);
2483
2484 return 1;
2485 }
2486
process_proxy_reply(REQUEST * request,RADIUS_PACKET * reply)2487 static int process_proxy_reply(REQUEST *request, RADIUS_PACKET *reply)
2488 {
2489 int rcode;
2490 int post_proxy_type = 0;
2491 VALUE_PAIR *vp;
2492 char const *old_server;
2493 #ifdef WITH_COA_TUNNEL
2494 bool reverse_coa = false;
2495 #endif
2496
2497 VERIFY_REQUEST(request);
2498
2499 /*
2500 * There may be a proxy reply, but it may be too late.
2501 */
2502 if ((request->home_server && !request->home_server->virtual_server) && !request->proxy_listener) return 0;
2503
2504 /*
2505 * Delete any reply we had accumulated until now.
2506 */
2507 RDEBUG2("Clearing existing &reply: attributes");
2508 fr_pair_list_free(&request->reply->vps);
2509
2510 /*
2511 * Run the packet through the post-proxy stage,
2512 * BEFORE playing games with the attributes.
2513 */
2514 vp = fr_pair_find_by_num(request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
2515 if (vp) {
2516 post_proxy_type = vp->vp_integer;
2517 /*
2518 * If we have a proxy_reply, and it was a reject, or a NAK
2519 * setup Post-Proxy <type>.
2520 *
2521 * If the <type> doesn't have a section, then the Post-Proxy
2522 * section is ignored.
2523 */
2524 } else if (reply) {
2525 DICT_VALUE *dval = NULL;
2526
2527 switch (reply->code) {
2528 case PW_CODE_ACCESS_REJECT:
2529 dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, "Reject");
2530 if (dval) post_proxy_type = dval->value;
2531 break;
2532
2533 case PW_CODE_DISCONNECT_NAK:
2534 dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, fr_packet_codes[reply->code]);
2535 if (dval) post_proxy_type = dval->value;
2536 break;
2537
2538 case PW_CODE_COA_NAK:
2539 dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, fr_packet_codes[reply->code]);
2540 if (dval) post_proxy_type = dval->value;
2541 break;
2542
2543 default:
2544 break;
2545 }
2546
2547 /*
2548 * Create config:Post-Proxy-Type
2549 */
2550 if (dval) {
2551 vp = radius_pair_create(request, &request->config, PW_POST_PROXY_TYPE, 0);
2552 vp->vp_integer = dval->value;
2553 }
2554 }
2555
2556 if (post_proxy_type > 0) RDEBUG2("Found Post-Proxy-Type %s",
2557 dict_valnamebyattr(PW_POST_PROXY_TYPE, 0, post_proxy_type));
2558
2559 #ifdef WITH_COA_TUNNEL
2560 /*
2561 * Cache this, as request->proxy_listener will be
2562 * NULL after removing the request from the proxy
2563 * hash.
2564 */
2565 if (request->proxy_listener) reverse_coa = request->proxy_listener->type != RAD_LISTEN_PROXY;
2566 #endif
2567
2568 if (reply) {
2569 VERIFY_PACKET(reply);
2570
2571 /*
2572 * Decode the packet if required.
2573 */
2574 if (request->proxy_listener) {
2575 rcode = request->proxy_listener->proxy_decode(request->proxy_listener, request);
2576 debug_packet(request, reply, true);
2577
2578 /*
2579 * Pro-actively remove it from the proxy hash.
2580 * This is later than in 2.1.x, but it means that
2581 * the replies are authenticated before being
2582 * removed from the hash.
2583 */
2584 if ((rcode == 0) &&
2585 (request->num_proxied_requests <= request->num_proxied_responses)) {
2586 remove_from_proxy_hash(request);
2587 }
2588 } else {
2589 rad_assert(!request->in_proxy_hash);
2590 }
2591 } else if (request->in_proxy_hash) {
2592 remove_from_proxy_hash(request);
2593 }
2594
2595
2596 /*
2597 * Run the request through the virtual server for the
2598 * home server, OR through the virtual server for the
2599 * home server pool.
2600 */
2601 old_server = request->server;
2602 if (request->home_server && request->home_server->virtual_server) {
2603 request->server = request->home_server->virtual_server;
2604
2605 #ifdef WITH_COA_TUNNEL
2606 } else if (reverse_coa) {
2607 rad_assert((request->proxy->code == PW_CODE_COA_REQUEST) ||
2608 (request->proxy->code == PW_CODE_DISCONNECT_REQUEST));
2609 rad_assert(request->home_server != NULL);
2610 rad_assert(request->home_server->recv_coa_server != NULL);
2611 request->server = request->home_server->recv_coa_server;
2612 #endif
2613
2614 } else if (request->home_pool && request->home_pool->virtual_server) {
2615 request->server = request->home_pool->virtual_server;
2616 }
2617
2618 /*
2619 * Run the request through the given virtual server.
2620 */
2621 RDEBUG2("server %s {", request->server);
2622 RINDENT();
2623 rcode = process_post_proxy(post_proxy_type, request);
2624 REXDENT();
2625 RDEBUG2("}");
2626 request->server = old_server;
2627
2628 #ifdef WITH_COA
2629 if (request->proxy && request->packet->code == request->proxy->code) {
2630 /*
2631 * Don't run the next bit if we originated a CoA
2632 * packet, after receiving an Access-Request or
2633 * Accounting-Request.
2634 */
2635 #endif
2636
2637 /*
2638 * There may NOT be a proxy reply, as we may be
2639 * running Post-Proxy-Type = Fail.
2640 */
2641 if (reply) {
2642 fr_pair_add(&request->reply->vps, fr_pair_list_copy(request->reply, reply->vps));
2643
2644 /*
2645 * Delete the Proxy-State Attributes from
2646 * the reply. These include Proxy-State
2647 * attributes from us and remote server.
2648 */
2649 fr_pair_delete_by_num(&request->reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
2650
2651 } else {
2652 vp = fr_pair_find_by_num(request->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
2653 if (vp && (vp->vp_integer != 256)) {
2654 request->proxy_reply = rad_alloc_reply(request, request->proxy);
2655 request->proxy_reply->code = vp->vp_integer;
2656 }
2657 }
2658 #ifdef WITH_COA
2659 }
2660 #endif
2661 switch (rcode) {
2662 default: /* Don't do anything */
2663 break;
2664 case RLM_MODULE_FAIL:
2665 return 0;
2666
2667 case RLM_MODULE_HANDLED:
2668 return 0;
2669 }
2670
2671 return 1;
2672 }
2673
mark_home_server_alive(REQUEST * request,home_server_t * home)2674 static void mark_home_server_alive(REQUEST *request, home_server_t *home)
2675 {
2676 char buffer[128];
2677
2678 home->state = HOME_STATE_ALIVE;
2679 home->response_timeouts = 0;
2680 exec_trigger(request, home->cs, "home_server.alive", false);
2681 home->currently_outstanding = 0;
2682 home->num_sent_pings = 0;
2683 home->num_received_pings = 0;
2684 gettimeofday(&home->revive_time, NULL);
2685
2686 fr_event_delete(el, &home->ev);
2687
2688 RPROXY("Marking home server %s port %d alive",
2689 inet_ntop(request->proxy->dst_ipaddr.af,
2690 &request->proxy->dst_ipaddr.ipaddr,
2691 buffer, sizeof(buffer)),
2692 request->proxy->dst_port);
2693 }
2694
2695
request_proxy_reply(RADIUS_PACKET * packet)2696 int request_proxy_reply(RADIUS_PACKET *packet)
2697 {
2698 RADIUS_PACKET **proxy_p;
2699 REQUEST *request;
2700 struct timeval now;
2701 char buffer[128];
2702
2703 VERIFY_PACKET(packet);
2704
2705 PTHREAD_MUTEX_LOCK(&proxy_mutex);
2706 proxy_p = fr_packet_list_find_byreply(proxy_list, packet);
2707
2708 if (!proxy_p) {
2709 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2710 PROXY("No outstanding request was found for %s packet from host %s port %d - ID %u",
2711 fr_packet_codes[packet->code],
2712 inet_ntop(packet->src_ipaddr.af,
2713 &packet->src_ipaddr.ipaddr,
2714 buffer, sizeof(buffer)),
2715 packet->src_port, packet->id);
2716 return 0;
2717 }
2718
2719 request = fr_packet2myptr(REQUEST, proxy, proxy_p);
2720
2721 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
2722
2723 /*
2724 * No reply, BUT the current packet fails verification:
2725 * ignore it. This does the MD5 calculations in the
2726 * server core, but I guess we can fix that later.
2727 */
2728 if (!request->proxy_reply &&
2729 (rad_verify(packet, request->proxy,
2730 request->home_server->secret) != 0)) {
2731 DEBUG("Ignoring spoofed proxy reply. Signature is invalid");
2732 return 0;
2733 }
2734
2735 /*
2736 * The home server sent us a packet which doesn't match
2737 * something we have: ignore it. This is done only to
2738 * catch the case of broken systems.
2739 */
2740 if (request->proxy_reply &&
2741 (memcmp(request->proxy_reply->vector,
2742 packet->vector,
2743 sizeof(request->proxy_reply->vector)) != 0)) {
2744 RDEBUG2("Ignoring conflicting proxy reply");
2745 return 0;
2746 }
2747
2748 /*
2749 * This shouldn't happen, but threads and race
2750 * conditions.
2751 */
2752 if (!request->proxy_listener || !request->proxy_listener->data) {
2753 proxy_reply_too_late(request);
2754 return 0;
2755 }
2756
2757 gettimeofday(&now, NULL);
2758
2759 /*
2760 * Status-Server packets don't count as real packets.
2761 */
2762 if (request->proxy->code != PW_CODE_STATUS_SERVER) {
2763 #ifdef WITH_TCP
2764 listen_socket_t *sock = request->proxy_listener->data;
2765
2766 sock->last_packet = now.tv_sec;
2767 #endif
2768 request->home_server->last_packet_recv = now.tv_sec;
2769 }
2770
2771 request->num_proxied_responses++;
2772
2773 /*
2774 * If we have previously seen a reply, ignore the
2775 * duplicate.
2776 */
2777 if (request->proxy_reply) {
2778 RDEBUG2("Discarding duplicate reply from host %s port %d - ID: %d",
2779 inet_ntop(packet->src_ipaddr.af,
2780 &packet->src_ipaddr.ipaddr,
2781 buffer, sizeof(buffer)),
2782 packet->src_port, packet->id);
2783 return 0;
2784 }
2785
2786 /*
2787 * Call the state machine to do something useful with the
2788 * request.
2789 */
2790 request->proxy_reply = talloc_steal(request, packet);
2791 packet->timestamp = now;
2792 request->priority = RAD_LISTEN_PROXY;
2793
2794 #ifdef WITH_STATS
2795 /*
2796 * Update the proxy listener stats here, because only one
2797 * thread accesses that at a time. The home_server and
2798 * main proxy_*_stats structures are updated once the
2799 * request is cleaned up.
2800 */
2801 request->proxy_listener->stats.total_responses++;
2802
2803 request->home_server->stats.last_packet = packet->timestamp.tv_sec;
2804 request->proxy_listener->stats.last_packet = packet->timestamp.tv_sec;
2805
2806 switch (request->proxy->code) {
2807 case PW_CODE_ACCESS_REQUEST:
2808 proxy_auth_stats.last_packet = packet->timestamp.tv_sec;
2809
2810 if (request->proxy_reply->code == PW_CODE_ACCESS_ACCEPT) {
2811 request->proxy_listener->stats.total_access_accepts++;
2812
2813 } else if (request->proxy_reply->code == PW_CODE_ACCESS_REJECT) {
2814 request->proxy_listener->stats.total_access_rejects++;
2815
2816 } else if (request->proxy_reply->code == PW_CODE_ACCESS_CHALLENGE) {
2817 request->proxy_listener->stats.total_access_challenges++;
2818 }
2819 break;
2820
2821 #ifdef WITH_ACCOUNTING
2822 case PW_CODE_ACCOUNTING_REQUEST:
2823 request->proxy_listener->stats.total_responses++;
2824 proxy_acct_stats.last_packet = packet->timestamp.tv_sec;
2825 break;
2826
2827 #endif
2828
2829 #ifdef WITH_COA
2830 case PW_CODE_COA_REQUEST:
2831 request->proxy_listener->stats.total_responses++;
2832 proxy_coa_stats.last_packet = packet->timestamp.tv_sec;
2833 break;
2834
2835 case PW_CODE_DISCONNECT_REQUEST:
2836 request->proxy_listener->stats.total_responses++;
2837 proxy_dsc_stats.last_packet = packet->timestamp.tv_sec;
2838 break;
2839
2840 #endif
2841 default:
2842 break;
2843 }
2844 #endif
2845
2846 /*
2847 * If we hadn't been sending the home server packets for
2848 * a while, just mark it alive. Or, if it was zombie,
2849 * it's now responded, and is therefore alive.
2850 */
2851 if ((request->home_server->state == HOME_STATE_UNKNOWN) ||
2852 (request->home_server->state == HOME_STATE_ZOMBIE)) {
2853 mark_home_server_alive(request, request->home_server);
2854 }
2855
2856 /*
2857 * Tell the request state machine that we have a proxy
2858 * reply. Depending on the function, this should either
2859 * ignore it, or process it.
2860 */
2861 request->process(request, FR_ACTION_PROXY_REPLY);
2862
2863 return 1;
2864 }
2865
2866
setup_post_proxy_fail(REQUEST * request)2867 static int setup_post_proxy_fail(REQUEST *request)
2868 {
2869 DICT_VALUE const *dval = NULL;
2870 VALUE_PAIR *vp;
2871 RADIUS_PACKET *packet;
2872
2873 VERIFY_REQUEST(request);
2874
2875 packet = request->proxy ? request->proxy : request->packet;
2876
2877 if (packet->code == PW_CODE_ACCESS_REQUEST) {
2878 dval = dict_valbyname(PW_POST_PROXY_TYPE, 0,
2879 "Fail-Authentication");
2880 #ifdef WITH_ACCOUNTING
2881 } else if (packet->code == PW_CODE_ACCOUNTING_REQUEST) {
2882 dval = dict_valbyname(PW_POST_PROXY_TYPE, 0,
2883 "Fail-Accounting");
2884 #endif
2885
2886 #ifdef WITH_COA
2887 } else if (packet->code == PW_CODE_COA_REQUEST) {
2888 dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, "Fail-CoA");
2889
2890 } else if (packet->code == PW_CODE_DISCONNECT_REQUEST) {
2891 dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, "Fail-Disconnect");
2892 #endif
2893 } else {
2894 WARN("Unknown packet type in Post-Proxy-Type Fail: ignoring");
2895 return 0;
2896 }
2897
2898 if (!dval) dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, "Fail");
2899
2900 if (!dval) {
2901 fr_pair_delete_by_num(&request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
2902 return 0;
2903 }
2904
2905 vp = fr_pair_find_by_num(request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
2906 if (!vp) vp = radius_pair_create(request, &request->config,
2907 PW_POST_PROXY_TYPE, 0);
2908 vp->vp_integer = dval->value;
2909
2910 return 1;
2911 }
2912
2913
2914 /** Process a request after the proxy has timed out.
2915 *
2916 * Run the packet through Post-Proxy-Type Fail
2917 *
2918 * \dot
2919 * digraph proxy_no_reply {
2920 * proxy_no_reply;
2921 *
2922 * proxy_no_reply -> dup [ label = "DUP", arrowhead = "none" ];
2923 * proxy_no_reply -> timer [ label = "TIMER < max_request_time" ];
2924 * proxy_no_reply -> proxy_reply_too_late [ label = "PROXY_REPLY" arrowhead = "none"];
2925 * proxy_no_reply -> process_proxy_reply [ label = "RUN" ];
2926 * proxy_no_reply -> done [ label = "TIMER >= timeout" ];
2927 * }
2928 * \enddot
2929 */
proxy_no_reply(REQUEST * request,int action)2930 static void proxy_no_reply(REQUEST *request, int action)
2931 {
2932 VERIFY_REQUEST(request);
2933
2934 TRACE_STATE_MACHINE;
2935 CHECK_FOR_STOP;
2936
2937 switch (action) {
2938 case FR_ACTION_DUP:
2939 request_dup(request);
2940 break;
2941
2942 case FR_ACTION_TIMER:
2943 (void) request_max_time(request);
2944 break;
2945
2946 case FR_ACTION_PROXY_REPLY:
2947 proxy_reply_too_late(request);
2948 break;
2949
2950 case FR_ACTION_RUN:
2951 if (process_proxy_reply(request, NULL)) {
2952 request->handle(request);
2953 }
2954 request_finish(request, action);
2955 break;
2956
2957 default:
2958 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
2959 break;
2960 }
2961 }
2962
2963 /** Process the request after receiving a proxy reply.
2964 *
2965 * Throught the post-proxy section, and the through the handler
2966 * function.
2967 *
2968 * \dot
2969 * digraph proxy_running {
2970 * proxy_running;
2971 *
2972 * proxy_running -> dup [ label = "DUP", arrowhead = "none" ];
2973 * proxy_running -> timer [ label = "TIMER < max_request_time" ];
2974 * proxy_running -> process_proxy_reply [ label = "RUN" ];
2975 * proxy_running -> done [ label = "TIMER >= timeout" ];
2976 * }
2977 * \enddot
2978 */
proxy_running(REQUEST * request,int action)2979 static void proxy_running(REQUEST *request, int action)
2980 {
2981 VERIFY_REQUEST(request);
2982
2983 TRACE_STATE_MACHINE;
2984 CHECK_FOR_STOP;
2985
2986 switch (action) {
2987 case FR_ACTION_DUP:
2988 request_dup(request);
2989 break;
2990
2991 case FR_ACTION_TIMER:
2992 (void) request_max_time(request);
2993 break;
2994
2995 case FR_ACTION_RUN:
2996 if (process_proxy_reply(request, request->proxy_reply)) {
2997 request->handle(request);
2998 }
2999 request_finish(request, action);
3000 break;
3001
3002 default: /* duplicate proxy replies are suppressed */
3003 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
3004 break;
3005 }
3006 }
3007
3008 /** Determine if a #REQUEST needs to be proxied, and perform pre-proxy operations
3009 *
3010 * Whether a request will be proxied is determined by the attributes present
3011 * in request->config. If any of the following attributes are found, the
3012 * request may be proxied.
3013 *
3014 * The key attributes are:
3015 * - PW_PROXY_TO_REALM - Specifies a realm the request should be proxied to.
3016 * - PW_HOME_SERVER_POOL - Specifies a specific home server pool to proxy to.
3017 * - PW_HOME_SERVER_NAME - Specifies a home server by name
3018 * - PW_PACKET_DST_IP_ADDRESS - Specifies a home server by IPv4 address
3019 * - PW_PACKET_DST_IPV6_ADDRESS - Specifies a home server by IPv5 address
3020 *
3021 * Certain packet types such as #PW_CODE_STATUS_SERVER will never be proxied.
3022 *
3023 * If request should be proxied, will:
3024 * - Add request:Proxy-State
3025 * - Strip the current username value of its realm (depending on config)
3026 * - Create a CHAP-Challenge from the original request vector, if one doesn't already
3027 * exist.
3028 * - Call the pre-process section in the current server, or in the virtual server
3029 * associated with the home server pool we're proxying to.
3030 *
3031 * @todo A lot of this logic is RADIUS specific, and should be moved out into a protocol
3032 * specific function.
3033 *
3034 * @param request The #REQUEST to evaluate for proxying.
3035 * @return 0 if not proxying, 1 if request should be proxied, -1 on error.
3036 */
request_will_proxy(REQUEST * request)3037 static int request_will_proxy(REQUEST *request)
3038 {
3039 int rcode, pre_proxy_type = 0;
3040 char const *realmname = NULL;
3041 VALUE_PAIR *vp, *strippedname;
3042 home_server_t *home;
3043 REALM *realm = NULL;
3044 home_pool_t *pool = NULL;
3045 char const *old_server;
3046
3047 VERIFY_REQUEST(request);
3048
3049 if (!request->root->proxy_requests) {
3050 REDEBUG3("Cannot proxy packets unless 'proxy_requests = yes'");
3051 return 0;
3052 }
3053 if (request->packet->dst_port == 0) return 0;
3054 if (request->packet->code == PW_CODE_STATUS_SERVER) return 0;
3055 if (request->in_proxy_hash) return 0;
3056
3057 /*
3058 * FIXME: for 3.0, allow this only for rejects?
3059 */
3060 if (request->reply->code != 0) return 0;
3061
3062 vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
3063 if (vp) {
3064 realm = realm_find2(vp->vp_strvalue);
3065 if (!realm) {
3066 REDEBUG2("Cannot proxy to unknown realm %s",
3067 vp->vp_strvalue);
3068 return 0;
3069 }
3070
3071 realmname = vp->vp_strvalue;
3072
3073 /*
3074 * Figure out which pool to use.
3075 */
3076 if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
3077 DEBUG3("Using home pool auth for realm %s", realm->name);
3078 pool = realm->auth_pool;
3079
3080 #ifdef WITH_ACCOUNTING
3081 } else if (request->packet->code == PW_CODE_ACCOUNTING_REQUEST) {
3082 DEBUG3("Using home pool acct for realm %s", realm->name);
3083 pool = realm->acct_pool;
3084 #endif
3085
3086 #ifdef WITH_COA
3087 } else if ((request->packet->code == PW_CODE_COA_REQUEST) ||
3088 (request->packet->code == PW_CODE_DISCONNECT_REQUEST)) {
3089 DEBUG3("Using home pool coa for realm %s", realm->name);
3090 pool = realm->coa_pool;
3091 #endif
3092
3093 } else {
3094 return 0;
3095 }
3096
3097 } else if ((vp = fr_pair_find_by_num(request->config, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) {
3098 int pool_type;
3099
3100 DEBUG3("Using Home-Server-Pool %s", vp->vp_strvalue);
3101
3102 switch (request->packet->code) {
3103 case PW_CODE_ACCESS_REQUEST:
3104 pool_type = HOME_TYPE_AUTH;
3105 break;
3106
3107 #ifdef WITH_ACCOUNTING
3108 case PW_CODE_ACCOUNTING_REQUEST:
3109 pool_type = HOME_TYPE_ACCT;
3110 break;
3111 #endif
3112
3113 #ifdef WITH_COA
3114 case PW_CODE_COA_REQUEST:
3115 case PW_CODE_DISCONNECT_REQUEST:
3116 pool_type = HOME_TYPE_COA;
3117 break;
3118 #endif
3119
3120 default:
3121 return 0;
3122 }
3123
3124 pool = home_pool_byname(vp->vp_strvalue, pool_type);
3125
3126 /*
3127 * Send it directly to a home server (i.e. NAS)
3128 */
3129 } else if (((vp = fr_pair_find_by_num(request->config, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY)) != NULL) ||
3130 ((vp = fr_pair_find_by_num(request->config, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL)) {
3131 uint16_t dst_port;
3132 fr_ipaddr_t dst_ipaddr;
3133
3134 memset(&dst_ipaddr, 0, sizeof(dst_ipaddr));
3135
3136 if (vp->da->attr == PW_PACKET_DST_IP_ADDRESS) {
3137 dst_ipaddr.af = AF_INET;
3138 dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
3139 dst_ipaddr.prefix = 32;
3140 } else {
3141 dst_ipaddr.af = AF_INET6;
3142 memcpy(&dst_ipaddr.ipaddr.ip6addr, &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
3143 dst_ipaddr.prefix = 128;
3144 }
3145
3146 vp = fr_pair_find_by_num(request->config, PW_PACKET_DST_PORT, 0, TAG_ANY);
3147 if (!vp) {
3148 if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
3149 dst_port = PW_AUTH_UDP_PORT;
3150
3151 #ifdef WITH_ACCOUNTING
3152 } else if (request->packet->code == PW_CODE_ACCOUNTING_REQUEST) {
3153 dst_port = PW_ACCT_UDP_PORT;
3154 #endif
3155
3156 #ifdef WITH_COA
3157 } else if ((request->packet->code == PW_CODE_COA_REQUEST) ||
3158 (request->packet->code == PW_CODE_DISCONNECT_REQUEST)) {
3159 dst_port = PW_COA_UDP_PORT;
3160 #endif
3161 } else { /* shouldn't happen for RADIUS... */
3162 return 0;
3163 }
3164
3165 } else {
3166 dst_port = vp->vp_integer;
3167 }
3168
3169 /*
3170 * Nothing does CoA over TCP.
3171 */
3172 home = home_server_find(&dst_ipaddr, dst_port, IPPROTO_UDP);
3173 if (!home) {
3174 char buffer[256];
3175
3176 RWDEBUG("No such home server %s port %u",
3177 inet_ntop(dst_ipaddr.af, &dst_ipaddr.ipaddr, buffer, sizeof(buffer)),
3178 (unsigned int) dst_port);
3179 return 0;
3180 }
3181
3182 /*
3183 * The home server is alive (or may be alive).
3184 * Send the packet to the IP.
3185 */
3186 if (home->state < HOME_STATE_IS_DEAD) goto do_home;
3187
3188 /*
3189 * The home server is dead. If you wanted
3190 * fail-over, you should have proxied to a pool.
3191 * Sucks to be you.
3192 */
3193
3194 return 0;
3195
3196 } else if ((vp = fr_pair_find_by_num(request->config, PW_HOME_SERVER_NAME, 0, TAG_ANY)) != NULL) {
3197 int type;
3198
3199 switch (request->packet->code) {
3200 case PW_CODE_ACCESS_REQUEST:
3201 type = HOME_TYPE_AUTH;
3202 break;
3203
3204 #ifdef WITH_ACCOUNTING
3205 case PW_CODE_ACCOUNTING_REQUEST:
3206 type = HOME_TYPE_ACCT;
3207 break;
3208 #endif
3209
3210 #ifdef WITH_COA
3211 case PW_CODE_COA_REQUEST:
3212 case PW_CODE_DISCONNECT_REQUEST:
3213 type = HOME_TYPE_COA;
3214 break;
3215 #endif
3216
3217 default:
3218 return 0;
3219 }
3220
3221 /*
3222 * Find the home server by name.
3223 */
3224 home = home_server_byname(vp->vp_strvalue, type);
3225 if (!home) {
3226 RWDEBUG("No such home server %s", vp->vp_strvalue);
3227 return 0;
3228 }
3229
3230 /*
3231 * The home server is alive (or may be alive).
3232 * Send the packet to the IP.
3233 */
3234 if (home->state < HOME_STATE_IS_DEAD) goto do_home;
3235
3236 /*
3237 * The home server is dead. If you wanted
3238 * fail-over, you should have proxied to a pool.
3239 * Sucks to be you.
3240 */
3241
3242 return 0;
3243
3244 #ifdef WITH_COA_TUNNEL
3245 } else if (((request->packet->code == PW_CODE_COA_REQUEST) ||
3246 (request->packet->code == PW_CODE_DISCONNECT_REQUEST)) &&
3247 ((vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_ORIGINATING_REALM, 0, TAG_ANY)) != NULL)) {
3248
3249 /*
3250 * This function will set request->home_server,
3251 * and also request->proxy_listener.
3252 */
3253 if (listen_coa_find(request, vp->vp_strvalue) < 0) {
3254 vp_cursor_t cursor;
3255
3256 (void) fr_cursor_init(&cursor, &request->config); /* already checked it above */
3257
3258 while ((vp = fr_cursor_next(&cursor)) != NULL) {
3259 if (listen_coa_find(request, vp->vp_strvalue) == 0) break;
3260 }
3261
3262 /*
3263 * Not found.
3264 */
3265 return 0;
3266 }
3267
3268 /*
3269 * Initialise request->proxy, and copy VPs over.
3270 */
3271 home_server_update_request(request->home_server, request);
3272 goto add_proxy_state;
3273 #endif
3274 } else {
3275
3276 return 0;
3277 }
3278
3279 if (!pool) {
3280 RWDEBUG2("Cancelling proxy as no home pool exists");
3281 return 0;
3282 }
3283
3284 if (request->listener->synchronous) {
3285 WARN("Cannot proxy a request which is from a 'synchronous' socket");
3286 return 0;
3287 }
3288
3289 request->home_pool = pool;
3290
3291 home = home_server_ldb(realmname, pool, request);
3292
3293 if (!home) {
3294 REDEBUG2("Failed to find live home server: Cancelling proxy");
3295 return -1;
3296 }
3297
3298 do_home:
3299 home_server_update_request(home, request);
3300
3301 #ifdef WITH_COA
3302 /*
3303 * Once we've decided to proxy a request, we cannot send
3304 * a CoA packet. So we free up any CoA packet here.
3305 */
3306 if (request->coa) request_done(request->coa, FR_ACTION_CANCELLED);
3307 #endif
3308
3309 /*
3310 * Remember that we sent the request to a Realm.
3311 */
3312 if (realmname) pair_make_request("Realm", realmname, T_OP_EQ);
3313
3314 /*
3315 * Strip the name, if told to.
3316 *
3317 * Doing it here catches the case of proxied tunneled
3318 * requests.
3319 */
3320 if (realm && (realm->strip_realm == true) &&
3321 (strippedname = fr_pair_find_by_num(request->proxy->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY)) != NULL) {
3322 /*
3323 * If there's a Stripped-User-Name attribute in
3324 * the request, then use THAT as the User-Name
3325 * for the proxied request, instead of the
3326 * original name.
3327 *
3328 * This is done by making a copy of the
3329 * Stripped-User-Name attribute, turning it into
3330 * a User-Name attribute, deleting the
3331 * Stripped-User-Name and User-Name attributes
3332 * from the vps list, and making the new
3333 * User-Name the head of the vps list.
3334 */
3335 vp = fr_pair_find_by_num(request->proxy->vps, PW_USER_NAME, 0, TAG_ANY);
3336 if (!vp) {
3337 vp_cursor_t cursor;
3338 vp = radius_pair_create(NULL, NULL,
3339 PW_USER_NAME, 0);
3340 rad_assert(vp != NULL); /* handled by above function */
3341 /* Insert at the START of the list */
3342 /* FIXME: Can't make assumptions about ordering */
3343 fr_cursor_init(&cursor, &vp);
3344 fr_cursor_merge(&cursor, request->proxy->vps);
3345 request->proxy->vps = vp;
3346 }
3347 fr_pair_value_strcpy(vp, strippedname->vp_strvalue);
3348
3349 /*
3350 * Do NOT delete Stripped-User-Name.
3351 */
3352 }
3353
3354 /*
3355 * If there is no PW_CHAP_CHALLENGE attribute but
3356 * there is a PW_CHAP_PASSWORD we need to add it
3357 * since we can't use the request authenticator
3358 * anymore - we changed it.
3359 */
3360 if ((request->packet->code == PW_CODE_ACCESS_REQUEST) &&
3361 fr_pair_find_by_num(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
3362 fr_pair_find_by_num(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
3363 vp = radius_pair_create(request->proxy, &request->proxy->vps, PW_CHAP_CHALLENGE, 0);
3364 fr_pair_value_memcpy(vp, request->packet->vector, sizeof(request->packet->vector));
3365 }
3366
3367 /*
3368 * The RFC's say we have to do this, but FreeRADIUS
3369 * doesn't need it.
3370 */
3371 #ifdef WITH_COA_TUNNEL
3372 add_proxy_state:
3373 #endif
3374
3375 vp = radius_pair_create(request->proxy, &request->proxy->vps, PW_PROXY_STATE, 0);
3376 fr_pair_value_sprintf(vp, "%u", request->packet->id);
3377
3378 /*
3379 * Should be done BEFORE inserting into proxy hash, as
3380 * pre-proxy may use this information, or change it.
3381 */
3382 request->proxy->code = request->packet->code;
3383
3384 /*
3385 * Call the pre-proxy routines.
3386 */
3387 vp = fr_pair_find_by_num(request->config, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
3388 if (vp) {
3389 DICT_VALUE const *dval = dict_valbyattr(vp->da->attr, vp->da->vendor, vp->vp_integer);
3390 /* Must be a validation issue */
3391 rad_assert(dval);
3392 RDEBUG2("Found Pre-Proxy-Type %s", dval->name);
3393 pre_proxy_type = vp->vp_integer;
3394 }
3395
3396 /*
3397 * Run the request through the virtual server for the
3398 * home server, OR through the virtual server for the
3399 * home server pool.
3400 */
3401 old_server = request->server;
3402 if (request->home_server && request->home_server->virtual_server) {
3403 request->server = request->home_server->virtual_server;
3404
3405 #ifdef WITH_COA_TUNNEL
3406 } else if (request->proxy_listener && (request->proxy_listener->type != RAD_LISTEN_PROXY)) {
3407 rad_assert((request->packet->code == PW_CODE_COA_REQUEST) ||
3408 (request->packet->code == PW_CODE_DISCONNECT_REQUEST));
3409 rad_assert(request->home_server != NULL);
3410 rad_assert(request->home_server->recv_coa_server != NULL);
3411 request->server = request->home_server->recv_coa_server;
3412 #endif
3413
3414 } else {
3415 char buffer[128];
3416
3417 RDEBUG2("Starting proxy to home server %s port %d",
3418 inet_ntop(request->proxy->dst_ipaddr.af,
3419 &request->proxy->dst_ipaddr.ipaddr,
3420 buffer, sizeof(buffer)),
3421 request->proxy->dst_port);
3422
3423 if (request->home_pool && request->home_pool->virtual_server) {
3424 request->server = request->home_pool->virtual_server;
3425 }
3426 }
3427
3428 /*
3429 * Run the request through the given virtual server.
3430 */
3431 RDEBUG2("server %s {", request->server);
3432 RINDENT();
3433 rcode = process_pre_proxy(pre_proxy_type, request);
3434 REXDENT();
3435 RDEBUG2("}");
3436 request->server = old_server;
3437
3438 switch (rcode) {
3439 case RLM_MODULE_FAIL:
3440 case RLM_MODULE_INVALID:
3441 case RLM_MODULE_NOTFOUND:
3442 case RLM_MODULE_USERLOCK:
3443 default:
3444 /* FIXME: debug print failed stuff */
3445 return -1;
3446
3447 case RLM_MODULE_REJECT:
3448 case RLM_MODULE_HANDLED:
3449 return 0;
3450
3451 /*
3452 * Only proxy the packet if the pre-proxy code succeeded.
3453 */
3454 case RLM_MODULE_NOOP:
3455 case RLM_MODULE_OK:
3456 case RLM_MODULE_UPDATED:
3457 return 1;
3458 }
3459 }
3460
proxy_to_virtual_server(REQUEST * request)3461 static int proxy_to_virtual_server(REQUEST *request)
3462 {
3463 REQUEST *fake;
3464
3465 if (request->packet->dst_port == 0) {
3466 WARN("Cannot proxy an internal request");
3467 return 0;
3468 }
3469
3470 DEBUG("Proxying to virtual server %s",
3471 request->home_server->virtual_server);
3472
3473 /*
3474 * Packets to virtual servers don't get
3475 * retransmissions sent to them. And the virtual
3476 * server is run ONLY if we have no child
3477 * threads, or we're running in a child thread.
3478 */
3479 rad_assert(!spawn_flag || !we_are_master());
3480
3481 fake = request_alloc_fake(request);
3482
3483 fake->packet->vps = fr_pair_list_copy(fake->packet, request->packet->vps);
3484 talloc_free(request->proxy);
3485
3486 fake->server = request->home_server->virtual_server;
3487 fake->handle = request->handle;
3488 fake->process = NULL; /* should never be run for anything */
3489
3490 /*
3491 * Run the virtual server.
3492 */
3493 request_running(fake, FR_ACTION_RUN);
3494
3495 request->proxy = talloc_steal(request, fake->packet);
3496 fake->packet = NULL;
3497 request->proxy_reply = talloc_steal(request, fake->reply);
3498 fake->reply = NULL;
3499
3500 talloc_free(fake);
3501
3502 /*
3503 * No reply code, toss the reply we have,
3504 * and do post-proxy-type Fail.
3505 */
3506 if (!request->proxy_reply->code) {
3507 TALLOC_FREE(request->proxy_reply);
3508 setup_post_proxy_fail(request);
3509 }
3510
3511 /*
3512 * Do the proxy reply (if any)
3513 */
3514 if (process_proxy_reply(request, request->proxy_reply)) {
3515 request->handle(request);
3516 }
3517
3518 return -1; /* so we call request_finish */
3519 }
3520
3521
request_proxy(REQUEST * request)3522 static int request_proxy(REQUEST *request)
3523 {
3524 char buffer[128];
3525
3526 VERIFY_REQUEST(request);
3527
3528 rad_assert(request->parent == NULL);
3529
3530 if (request->master_state == REQUEST_STOP_PROCESSING) return 0;
3531
3532 #ifdef WITH_COA
3533 if (request->coa) {
3534 RWDEBUG("Cannot proxy and originate CoA packets at the same time. Cancelling CoA request");
3535 request_done(request->coa, FR_ACTION_CANCELLED);
3536 }
3537 #endif
3538
3539 if (!request->home_server) {
3540 RWDEBUG("No home server selected");
3541 return -1;
3542 }
3543
3544 /*
3545 * The request may need sending to a virtual server.
3546 * This code is more than a little screwed up. The rest
3547 * of the state machine doesn't handle parent / child
3548 * relationships well. i.e. if the child request takes
3549 * too long, the core will mark the *parent* as "stop
3550 * processing". And the child will continue without
3551 * knowing anything...
3552 *
3553 * So, we have some horrible hacks to get around that.
3554 */
3555 if (request->home_server->virtual_server) return proxy_to_virtual_server(request);
3556
3557 /*
3558 * We're actually sending a proxied packet. Do that now.
3559 */
3560 if (!request->in_proxy_hash && !insert_into_proxy_hash(request)) {
3561 RPROXY("Failed to insert request into the proxy list");
3562 return -1;
3563 }
3564
3565 rad_assert(request->proxy->id >= 0);
3566
3567 if (rad_debug_lvl) {
3568 struct timeval *response_window;
3569
3570 response_window = request_response_window(request);
3571
3572 #ifdef WITH_TLS
3573 if (request->home_server->tls) {
3574 RDEBUG2("Proxying request to home server %s port %d (TLS) timeout %d.%06d",
3575 inet_ntop(request->proxy->dst_ipaddr.af,
3576 &request->proxy->dst_ipaddr.ipaddr,
3577 buffer, sizeof(buffer)),
3578 request->proxy->dst_port,
3579 (int) response_window->tv_sec, (int) response_window->tv_usec);
3580 } else
3581 #endif
3582 RDEBUG2("Proxying request to home server %s port %d timeout %d.%06d",
3583 inet_ntop(request->proxy->dst_ipaddr.af,
3584 &request->proxy->dst_ipaddr.ipaddr,
3585 buffer, sizeof(buffer)),
3586 request->proxy->dst_port,
3587 (int) response_window->tv_sec, (int) response_window->tv_usec);
3588
3589
3590 }
3591
3592 gettimeofday(&request->proxy->timestamp, NULL);
3593 request->home_server->last_packet_sent = request->proxy->timestamp.tv_sec;
3594
3595 /*
3596 * Encode the packet before we do anything else.
3597 */
3598 request->proxy_listener->proxy_encode(request->proxy_listener, request);
3599 debug_packet(request, request->proxy, false);
3600
3601 /*
3602 * Set the state function, then the state, no child, and
3603 * send the packet.
3604 *
3605 * The order here is different from other state changes
3606 * due to race conditions with replies from the home
3607 * server.
3608 */
3609 request->process = proxy_wait_for_reply;
3610 request->child_state = REQUEST_PROXIED;
3611 request->component = "<REQUEST_PROXIED>";
3612 request->module = "";
3613 NO_CHILD_THREAD;
3614
3615 /*
3616 * And send the packet.
3617 */
3618 request->proxy_listener->proxy_send(request->proxy_listener, request);
3619 return 1;
3620 }
3621
3622 /*
3623 * Proxy the packet as if it was new.
3624 */
request_proxy_anew(REQUEST * request)3625 static int request_proxy_anew(REQUEST *request)
3626 {
3627 home_server_t *home;
3628
3629 VERIFY_REQUEST(request);
3630
3631 /*
3632 * Delete the request from the proxy list.
3633 *
3634 * The packet list code takes care of ensuring that IDs
3635 * aren't reused until all 256 IDs have been used. So
3636 * there's a 1/256 chance of re-using the same ID when
3637 * we're sending to the same home server. Which is
3638 * acceptable.
3639 */
3640 remove_from_proxy_hash(request);
3641
3642 /*
3643 * Find a live home server for the request.
3644 */
3645 home = home_server_ldb(NULL, request->home_pool, request);
3646 if (!home) {
3647 REDEBUG2("Failed to find live home server for request");
3648 post_proxy_fail:
3649 if (setup_post_proxy_fail(request)) {
3650 request_queue_or_run(request, proxy_running);
3651 } else {
3652 gettimeofday(&request->reply->timestamp, NULL);
3653 request_cleanup_delay_init(request);
3654 }
3655 return 0;
3656 }
3657
3658 #ifdef WITH_ACCOUNTING
3659 /*
3660 * Update the Acct-Delay-Time attribute, since the LAST
3661 * time we tried to retransmit this packet.
3662 */
3663 if (request->packet->code == PW_CODE_ACCOUNTING_REQUEST) {
3664 VALUE_PAIR *vp;
3665
3666 vp = fr_pair_find_by_num(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
3667 if (!vp) vp = radius_pair_create(request->proxy,
3668 &request->proxy->vps,
3669 PW_ACCT_DELAY_TIME, 0);
3670 if (vp) {
3671 struct timeval now;
3672
3673 gettimeofday(&now, NULL);
3674 vp->vp_integer += now.tv_sec - request->proxy->timestamp.tv_sec;
3675 }
3676 }
3677 #endif
3678
3679 /*
3680 * May have failed over to a "fallback" virtual server.
3681 * If so, run that instead of doing proxying to a real
3682 * server.
3683 */
3684 if (home->virtual_server) {
3685 request->home_server = home;
3686 TALLOC_FREE(request->proxy);
3687
3688 (void) proxy_to_virtual_server(request);
3689 return 0;
3690 }
3691
3692 home_server_update_request(home, request);
3693
3694 if (!insert_into_proxy_hash(request)) {
3695 RPROXY("Failed to insert retransmission into the proxy list");
3696 goto post_proxy_fail;
3697 }
3698
3699 /*
3700 * Free the old packet, to force re-encoding
3701 */
3702 talloc_free(request->proxy->data);
3703 request->proxy->data = NULL;
3704 request->proxy->data_len = 0;
3705
3706 if (request_proxy(request) != 1) goto post_proxy_fail;
3707
3708 return 1;
3709 }
3710
3711
3712 /** Ping a home server.
3713 *
3714 */
request_ping(REQUEST * request,int action)3715 static void request_ping(REQUEST *request, int action)
3716 {
3717 home_server_t *home = request->home_server;
3718 char buffer[128];
3719
3720 VERIFY_REQUEST(request);
3721
3722 TRACE_STATE_MACHINE;
3723 ASSERT_MASTER;
3724
3725 switch (action) {
3726 case FR_ACTION_TIMER:
3727 ERROR("No response to status check %d ID %u for home server %s port %d",
3728 request->number,
3729 request->proxy->id,
3730 inet_ntop(request->proxy->dst_ipaddr.af,
3731 &request->proxy->dst_ipaddr.ipaddr,
3732 buffer, sizeof(buffer)),
3733 request->proxy->dst_port);
3734 remove_from_proxy_hash(request);
3735 break;
3736
3737 case FR_ACTION_PROXY_REPLY:
3738 rad_assert(request->in_proxy_hash);
3739
3740 request->home_server->num_received_pings++;
3741 RPROXY("Received response to status check %d ID %u (%d in current sequence)",
3742 request->number, request->proxy->id, home->num_received_pings);
3743
3744 /*
3745 * Remove the request from any hashes
3746 */
3747 fr_event_delete(el, &request->ev);
3748 remove_from_proxy_hash(request);
3749
3750 /*
3751 * The control socket may have marked the home server as
3752 * alive. OR, it may have suddenly started responding to
3753 * requests again. If so, don't re-do the "make alive"
3754 * work.
3755 */
3756 if (home->state == HOME_STATE_ALIVE) break;
3757
3758 /*
3759 * It's dead, and we haven't received enough ping
3760 * responses to mark it "alive". Wait a bit.
3761 *
3762 * If it's zombie, we mark it alive immediately.
3763 */
3764 if ((home->state >= HOME_STATE_IS_DEAD) &&
3765 (home->num_received_pings < home->num_pings_to_alive)) {
3766 return;
3767 }
3768
3769 /*
3770 * Mark it alive and delete any outstanding
3771 * pings.
3772 */
3773 mark_home_server_alive(request, home);
3774 break;
3775
3776 default:
3777 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
3778 break;
3779 }
3780
3781 rad_assert(!request->in_request_hash);
3782 rad_assert(!request->in_proxy_hash);
3783 rad_assert(request->ev == NULL);
3784 NO_CHILD_THREAD;
3785 request_done(request, FR_ACTION_DONE);
3786 }
3787
3788 /*
3789 * Add +/- 2s of jitter, as suggested in RFC 3539
3790 * and in RFC 5080.
3791 */
add_jitter(struct timeval * when)3792 static void add_jitter(struct timeval *when)
3793 {
3794 uint32_t jitter;
3795
3796 when->tv_sec -= 2;
3797
3798 jitter = fr_rand();
3799 jitter ^= (jitter >> 10);
3800 jitter &= ((1 << 22) - 1); /* 22 bits of 1 */
3801
3802 /*
3803 * Add in ~ (4 * USEC) of jitter.
3804 */
3805 tv_add(when, jitter);
3806 }
3807
3808 /*
3809 * Called from start of zombie period, OR after control socket
3810 * marks the home server dead.
3811 */
ping_home_server(void * ctx)3812 static void ping_home_server(void *ctx)
3813 {
3814 home_server_t *home = talloc_get_type_abort(ctx, home_server_t);
3815 REQUEST *request;
3816 VALUE_PAIR *vp;
3817 struct timeval when, now;
3818
3819 if ((home->state == HOME_STATE_ALIVE) ||
3820 (home->ev != NULL)) {
3821 return;
3822 }
3823
3824 gettimeofday(&now, NULL);
3825 ASSERT_MASTER;
3826
3827 /*
3828 * We've run out of zombie time. Mark it dead.
3829 */
3830 if (home->state == HOME_STATE_ZOMBIE) {
3831 when = home->zombie_period_start;
3832 when.tv_sec += home->zombie_period;
3833
3834 if (timercmp(&when, &now, <)) {
3835 DEBUG("PING: Zombie period is over for home server %s", home->log_name);
3836 mark_home_server_dead(home, &now, false);
3837 }
3838 }
3839
3840 /*
3841 * We're not supposed to be pinging it. Just wake up
3842 * when we're supposed to mark it dead.
3843 */
3844 if (home->ping_check == HOME_PING_CHECK_NONE) {
3845 if (home->state == HOME_STATE_ZOMBIE) {
3846 home->when = home->zombie_period_start;
3847 home->when.tv_sec += home->zombie_period;
3848 INSERT_EVENT(ping_home_server, home);
3849 }
3850
3851 /*
3852 * Else mark_home_server_dead will set a timer
3853 * for revive_interval.
3854 */
3855 return;
3856 }
3857
3858
3859 request = request_alloc(NULL);
3860 if (!request) return;
3861 request->number = request_num_counter++;
3862 NO_CHILD_THREAD;
3863
3864 request->proxy = rad_alloc(request, true);
3865 request->root = &main_config;
3866 rad_assert(request->proxy != NULL);
3867
3868 if (home->ping_check == HOME_PING_CHECK_STATUS_SERVER) {
3869 request->proxy->code = PW_CODE_STATUS_SERVER;
3870
3871 fr_pair_make(request->proxy, &request->proxy->vps,
3872 "Message-Authenticator", "0x00", T_OP_SET);
3873
3874 } else if ((home->type == HOME_TYPE_AUTH) ||
3875 (home->type == HOME_TYPE_AUTH_ACCT)) {
3876 request->proxy->code = PW_CODE_ACCESS_REQUEST;
3877
3878 fr_pair_make(request->proxy, &request->proxy->vps,
3879 "User-Name", home->ping_user_name, T_OP_SET);
3880 fr_pair_make(request->proxy, &request->proxy->vps,
3881 "User-Password", home->ping_user_password, T_OP_SET);
3882 fr_pair_make(request->proxy, &request->proxy->vps,
3883 "Service-Type", "Authenticate-Only", T_OP_SET);
3884 fr_pair_make(request->proxy, &request->proxy->vps,
3885 "Message-Authenticator", "0x00", T_OP_SET);
3886
3887 #ifdef WITH_ACCOUNTING
3888 } else if (home->type == HOME_TYPE_ACCT) {
3889 request->proxy->code = PW_CODE_ACCOUNTING_REQUEST;
3890
3891 fr_pair_make(request->proxy, &request->proxy->vps,
3892 "User-Name", home->ping_user_name, T_OP_SET);
3893 fr_pair_make(request->proxy, &request->proxy->vps,
3894 "Acct-Status-Type", "Stop", T_OP_SET);
3895 fr_pair_make(request->proxy, &request->proxy->vps,
3896 "Acct-Session-Id", "00000000", T_OP_SET);
3897 vp = fr_pair_make(request->proxy, &request->proxy->vps,
3898 "Event-Timestamp", "0", T_OP_SET);
3899 vp->vp_date = now.tv_sec;
3900 #endif
3901
3902 } else {
3903 /*
3904 * Unkown home server type.
3905 */
3906 talloc_free(request);
3907 return;
3908 }
3909
3910 vp = fr_pair_make(request->proxy, &request->proxy->vps,
3911 "NAS-Identifier", "", T_OP_SET);
3912 if (vp) {
3913 fr_pair_value_sprintf(vp, "Status Check %u. Are you alive?",
3914 home->num_sent_pings);
3915 }
3916
3917 #ifdef WITH_TCP
3918 request->proxy->proto = home->proto;
3919 #endif
3920 request->proxy->src_ipaddr = home->src_ipaddr;
3921 request->proxy->dst_ipaddr = home->ipaddr;
3922 request->proxy->dst_port = home->port;
3923 request->home_server = home;
3924 #ifdef DEBUG_STATE_MACHINE
3925 if (rad_debug_lvl) printf("(%u) ********\tSTATE %s C-%s -> C-%s\t********\n", request->number, __FUNCTION__,
3926 child_state_names[request->child_state],
3927 child_state_names[REQUEST_DONE]);
3928 if (rad_debug_lvl) printf("(%u) ********\tNEXT-STATE %s -> %s\n", request->number, __FUNCTION__, "request_ping");
3929 #endif
3930 #ifdef HAVE_PTHREAD_H
3931 rad_assert(request->child_pid == NO_SUCH_CHILD_PID);
3932 #endif
3933 request->child_state = REQUEST_PROXIED;
3934 request->process = request_ping;
3935
3936 rad_assert(request->proxy_listener == NULL);
3937
3938 if (!insert_into_proxy_hash(request)) {
3939 RPROXY("Failed to insert status check %d into proxy list. Discarding it.",
3940 request->number);
3941
3942 rad_assert(!request->in_request_hash);
3943 rad_assert(!request->in_proxy_hash);
3944 rad_assert(request->ev == NULL);
3945 talloc_free(request);
3946 return;
3947 }
3948
3949 /*
3950 * Set up the timer callback.
3951 */
3952 when = now;
3953 when.tv_sec += home->ping_timeout;
3954
3955 DEBUG("PING: Waiting %u seconds for response to ping",
3956 home->ping_timeout);
3957
3958 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
3959 home->num_sent_pings++;
3960
3961 rad_assert(request->proxy_listener != NULL);
3962 request->proxy_listener->proxy_encode(request->proxy_listener, request);
3963 debug_packet(request, request->proxy, false);
3964 request->proxy_listener->send(request->proxy_listener,
3965 request);
3966
3967 /*
3968 * Add +/- 2s of jitter, as suggested in RFC 3539
3969 * and in the Issues and Fixes draft.
3970 */
3971 home->when = now;
3972 home->when.tv_sec += home->ping_interval;
3973
3974 add_jitter(&home->when);
3975
3976 DEBUG("PING: Next status packet in %u seconds", home->ping_interval);
3977 INSERT_EVENT(ping_home_server, home);
3978 }
3979
home_trigger(home_server_t * home,char const * trigger)3980 static void home_trigger(home_server_t *home, char const *trigger)
3981 {
3982 REQUEST *my_request;
3983 RADIUS_PACKET *my_packet;
3984
3985 my_request = talloc_zero(NULL, REQUEST);
3986 my_packet = talloc_zero(my_request, RADIUS_PACKET);
3987 my_request->proxy = my_packet;
3988 my_packet->dst_ipaddr = home->ipaddr;
3989 my_packet->src_ipaddr = home->src_ipaddr;
3990
3991 exec_trigger(my_request, home->cs, trigger, false);
3992 talloc_free(my_request);
3993 }
3994
mark_home_server_zombie(home_server_t * home,struct timeval * now,struct timeval * response_window)3995 static void mark_home_server_zombie(home_server_t *home, struct timeval *now, struct timeval *response_window)
3996 {
3997 time_t start;
3998 char buffer[128];
3999
4000 ASSERT_MASTER;
4001
4002 rad_assert((home->state == HOME_STATE_ALIVE) ||
4003 (home->state == HOME_STATE_UNKNOWN));
4004
4005 /*
4006 * We've received a real packet recently. Don't mark the
4007 * server as zombie until we've received NO packets for a
4008 * while. The "1/4" of zombie period was chosen rather
4009 * arbitrarily. It's a balance between too short, which
4010 * gives quick fail-over and fail-back, or too long,
4011 * where the proxy still sends packets to an unresponsive
4012 * home server.
4013 */
4014 start = now->tv_sec - ((home->zombie_period + 3) / 4);
4015 if (home->last_packet_recv >= start) {
4016 DEBUG("Received reply from home server %d seconds ago. Might not be zombie.",
4017 (int) (now->tv_sec - home->last_packet_recv));
4018 return;
4019 }
4020
4021 home->state = HOME_STATE_ZOMBIE;
4022 home_trigger(home, "home_server.zombie");
4023
4024 /*
4025 * Set the home server to "zombie", as of the time
4026 * calculated above.
4027 */
4028 home->zombie_period_start.tv_sec = start;
4029 home->zombie_period_start.tv_usec = USEC / 2;
4030
4031 fr_event_delete(el, &home->ev);
4032
4033 home->num_sent_pings = 0;
4034 home->num_received_pings = 0;
4035
4036 PROXY( "Marking home server %s port %d as zombie (it has not responded in %d.%06d seconds).",
4037 inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
4038 buffer, sizeof(buffer)),
4039 home->port, (int) response_window->tv_sec, (int) response_window->tv_usec);
4040
4041 ping_home_server(home);
4042 }
4043
4044
revive_home_server(void * ctx)4045 void revive_home_server(void *ctx)
4046 {
4047 home_server_t *home = talloc_get_type_abort(ctx, home_server_t);
4048 char buffer[128];
4049
4050 home->state = HOME_STATE_ALIVE;
4051 home->response_timeouts = 0;
4052 home_trigger(home, "home_server.alive");
4053 home->currently_outstanding = 0;
4054 gettimeofday(&home->revive_time, NULL);
4055
4056 /*
4057 * Delete any outstanding events.
4058 */
4059 ASSERT_MASTER;
4060 if (home->ev) fr_event_delete(el, &home->ev);
4061
4062 PROXY( "Marking home server %s port %d alive again... we have no idea if it really is alive or not.",
4063 inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
4064 buffer, sizeof(buffer)),
4065 home->port);
4066 }
4067
mark_home_server_dead(home_server_t * home,struct timeval * when,bool down)4068 void mark_home_server_dead(home_server_t *home, struct timeval *when, bool down)
4069 {
4070 int previous_state = home->state;
4071 char buffer[128];
4072
4073 PROXY( "Marking home server %s port %d as dead.",
4074 inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
4075 buffer, sizeof(buffer)),
4076 home->port);
4077
4078 home->state = HOME_STATE_IS_DEAD;
4079 home_trigger(home, "home_server.dead");
4080
4081 /*
4082 * Administratively down - don't do anything to bring it
4083 * up.
4084 */
4085 if (down) {
4086 home->state = HOME_STATE_ADMIN_DOWN;
4087 return;
4088 }
4089
4090 /*
4091 * Ping it if configured, AND we can ping it.
4092 */
4093 if ((home->ping_check != HOME_PING_CHECK_NONE) &&
4094 (previous_state != HOME_STATE_CONNECTION_FAIL)) {
4095 /*
4096 * If the control socket marks us dead, start
4097 * pinging. Otherwise, we already started
4098 * pinging when it was marked "zombie".
4099 */
4100 if (previous_state == HOME_STATE_ALIVE) {
4101 ping_home_server(home);
4102 } else {
4103 DEBUG("PING: Already pinging home server %s", home->log_name);
4104 }
4105
4106 } else {
4107 /*
4108 * Revive it after a fixed period of time. This
4109 * is very, very, bad.
4110 */
4111 home->when = *when;
4112 home->when.tv_sec += home->revive_interval;
4113
4114 DEBUG("PING: Reviving home server %s in %u seconds", home->log_name, home->revive_interval);
4115 ASSERT_MASTER;
4116 INSERT_EVENT(revive_home_server, home);
4117 }
4118 }
4119
4120 /** Wait for a reply after proxying a request.
4121 *
4122 * Retransmit the proxied packet, or time out and go to
4123 * proxy_no_reply. Mark the home server unresponsive, etc.
4124 *
4125 * If we do receive a reply, we transition to proxy_running.
4126 *
4127 * \dot
4128 * digraph proxy_wait_for_reply {
4129 * proxy_wait_for_reply;
4130 *
4131 * proxy_wait_for_reply -> retransmit_proxied_request [ label = "DUP", arrowhead = "none" ];
4132 * proxy_wait_for_reply -> proxy_no_reply [ label = "TIMER >= response_window" ];
4133 * proxy_wait_for_reply -> timer [ label = "TIMER < max_request_time" ];
4134 * proxy_wait_for_reply -> proxy_running [ label = "PROXY_REPLY" arrowhead = "none"];
4135 * proxy_wait_for_reply -> done [ label = "TIMER >= max_request_time" ];
4136 * }
4137 * \enddot
4138 */
proxy_wait_for_reply(REQUEST * request,int action)4139 static void proxy_wait_for_reply(REQUEST *request, int action)
4140 {
4141 struct timeval now, when;
4142 struct timeval *response_window = NULL;
4143 home_server_t *home = request->home_server;
4144 char buffer[128];
4145
4146 VERIFY_REQUEST(request);
4147
4148 TRACE_STATE_MACHINE;
4149 CHECK_FOR_STOP;
4150
4151 rad_assert(request->packet->code != PW_CODE_STATUS_SERVER);
4152 rad_assert(request->home_server != NULL);
4153
4154 gettimeofday(&now, NULL);
4155
4156 switch (action) {
4157 case FR_ACTION_DUP:
4158 /*
4159 * The request was proxied to a virtual server.
4160 * Ignore the retransmit.
4161 */
4162 if (request->home_server->virtual_server) return;
4163
4164 /*
4165 * Failed connections get the home server marked
4166 * as dead.
4167 */
4168 if (home->state == HOME_STATE_CONNECTION_FAIL) {
4169 mark_home_server_dead(home, &now, false);
4170 }
4171
4172 /*
4173 * We have a reply, ignore the retransmit.
4174 */
4175 if (request->proxy_reply) return;
4176
4177 /*
4178 * Use a new connection when the home server is
4179 * dead, or when there's no proxy listener, or
4180 * when the listener is failed or dead.
4181 *
4182 * If the listener is known or frozen, use it for
4183 * retransmits.
4184 */
4185 if ((home->state >= HOME_STATE_IS_DEAD) ||
4186 !request->proxy_listener ||
4187 (request->proxy_listener->status >= RAD_LISTEN_STATUS_EOL)) {
4188 request_proxy_anew(request);
4189 return;
4190 }
4191
4192 #ifdef WITH_TCP
4193 /*
4194 * The home server is still alive, but TCP. We
4195 * rely on TCP to get the request and reply back.
4196 * So there's no need to retransmit.
4197 */
4198 if (home->proto == IPPROTO_TCP) {
4199 DEBUG2("Suppressing duplicate proxied request (tcp) to home server %s port %d proto TCP - ID: %d",
4200 inet_ntop(request->proxy->dst_ipaddr.af,
4201 &request->proxy->dst_ipaddr.ipaddr,
4202 buffer, sizeof(buffer)),
4203 request->proxy->dst_port,
4204 request->proxy->id);
4205 return;
4206 }
4207 #endif
4208
4209 /*
4210 * More than one retransmit a second is stupid,
4211 * and should be suppressed by the proxy.
4212 */
4213 when = request->proxy->timestamp;
4214 when.tv_sec++;
4215
4216 if (timercmp(&now, &when, <)) {
4217 DEBUG2("Suppressing duplicate proxied request (too fast) to home server %s port %d proto TCP - ID: %d",
4218 inet_ntop(request->proxy->dst_ipaddr.af,
4219 &request->proxy->dst_ipaddr.ipaddr,
4220 buffer, sizeof(buffer)),
4221 request->proxy->dst_port,
4222 request->proxy->id);
4223 return;
4224 }
4225
4226 #ifdef WITH_ACCOUNTING
4227 /*
4228 * If we update the Acct-Delay-Time, we need to
4229 * get a new ID.
4230 */
4231 if ((request->packet->code == PW_CODE_ACCOUNTING_REQUEST) &&
4232 fr_pair_find_by_num(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY)) {
4233 request_proxy_anew(request);
4234 return;
4235 }
4236 #endif
4237
4238 RDEBUG2("Sending duplicate proxied request to home server %s port %d - ID: %d",
4239 inet_ntop(request->proxy->dst_ipaddr.af,
4240 &request->proxy->dst_ipaddr.ipaddr,
4241 buffer, sizeof(buffer)),
4242 request->proxy->dst_port,
4243 request->proxy->id);
4244 request->num_proxied_requests++;
4245
4246 rad_assert(request->proxy_listener != NULL);
4247 FR_STATS_TYPE_INC(home->stats.total_requests);
4248 home->last_packet_sent = now.tv_sec;
4249 request->proxy->timestamp = now;
4250 debug_packet(request, request->proxy, false);
4251 request->proxy_listener->send(request->proxy_listener, request);
4252 break;
4253
4254 case FR_ACTION_TIMER:
4255 /*
4256 * Failed connections get the home server marked
4257 * as dead.
4258 */
4259 if (home->state == HOME_STATE_CONNECTION_FAIL) {
4260 mark_home_server_dead(home, &now, false);
4261 }
4262
4263 response_window = request_response_window(request);
4264
4265 #ifdef WITH_TCP
4266 if (!request->proxy_listener ||
4267 (request->proxy_listener->status >= RAD_LISTEN_STATUS_EOL)) {
4268 remove_from_proxy_hash(request);
4269
4270 when = request->packet->timestamp;
4271 when.tv_sec += request->root->max_request_time;
4272
4273 if (timercmp(&when, &now, >)) {
4274 RDEBUG("Waiting for client retransmission in order to do a proxy retransmit");
4275 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
4276 return;
4277 }
4278 } else
4279 #endif
4280 {
4281 /*
4282 * Wake up "response_window" time in the future.
4283 * i.e. when MY packet hasn't received a response.
4284 *
4285 * Note that we DO NOT mark the home server as
4286 * zombie if it doesn't respond to us. It may be
4287 * responding to other (better looking) packets.
4288 */
4289 when = request->proxy->timestamp;
4290 timeradd(&when, response_window, &when);
4291
4292 /*
4293 * Not at the response window. Set the timer for
4294 * that.
4295 */
4296 if (timercmp(&when, &now, >)) {
4297 struct timeval diff;
4298 timersub(&when, &now, &diff);
4299
4300 RDEBUG("Expecting proxy response no later than %d.%06d seconds from now",
4301 (int) diff.tv_sec, (int) diff.tv_usec);
4302 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
4303 return;
4304 }
4305 }
4306
4307 RDEBUG("No proxy response, giving up on request and marking it done");
4308
4309 /*
4310 * If we haven't received any packets for
4311 * "response_window", then mark the home server
4312 * as zombie.
4313 *
4314 * This check should really be part of a home
4315 * server state machine.
4316 */
4317 if ((home->state == HOME_STATE_ALIVE) ||
4318 (home->state == HOME_STATE_UNKNOWN)) {
4319 home->response_timeouts++;
4320 if (home->response_timeouts >= home->max_response_timeouts)
4321 mark_home_server_zombie(home, &now, response_window);
4322 }
4323
4324 FR_STATS_TYPE_INC(home->stats.total_timeouts);
4325 if (home->type == HOME_TYPE_AUTH) {
4326 if (request->proxy_listener) FR_STATS_TYPE_INC(request->proxy_listener->stats.total_timeouts);
4327 FR_STATS_TYPE_INC(proxy_auth_stats.total_timeouts);
4328 }
4329 #ifdef WITH_ACCT
4330 else if (home->type == HOME_TYPE_ACCT) {
4331 if (request->proxy_listener) FR_STATS_TYPE_INC(request->proxy_listener->stats.total_timeouts);
4332 FR_STATS_TYPE_INC(proxy_acct_stats.total_timeouts);
4333 }
4334 #endif
4335 #ifdef WITH_COA
4336 else if (home->type == HOME_TYPE_COA) {
4337 if (request->proxy_listener) FR_STATS_TYPE_INC(request->proxy_listener->stats.total_timeouts);
4338
4339 if (request->packet->code == PW_CODE_COA_REQUEST) {
4340 FR_STATS_TYPE_INC(proxy_coa_stats.total_timeouts);
4341 } else {
4342 FR_STATS_TYPE_INC(proxy_dsc_stats.total_timeouts);
4343 }
4344 }
4345 #endif
4346
4347 /*
4348 * There was no response within the window. Stop
4349 * the request. If the client retransmitted, it
4350 * may have failed over to another home server.
4351 * But that one may be dead, too.
4352 *
4353 * The extra verbose message if we have a username,
4354 * is extremely useful if the proxy is part of a chain
4355 * and the final home server, is not the one we're
4356 * proxying to.
4357 */
4358 if (request->username) {
4359 RERROR("Failing proxied request for user \"%s\", due to lack of any response from home "
4360 "server %s port %d",
4361 request->username->vp_strvalue,
4362 inet_ntop(request->proxy->dst_ipaddr.af,
4363 &request->proxy->dst_ipaddr.ipaddr,
4364 buffer, sizeof(buffer)),
4365 request->proxy->dst_port);
4366 } else {
4367 RERROR("Failing proxied request, due to lack of any response from home server %s port %d",
4368 inet_ntop(request->proxy->dst_ipaddr.af,
4369 &request->proxy->dst_ipaddr.ipaddr,
4370 buffer, sizeof(buffer)),
4371 request->proxy->dst_port);
4372 }
4373
4374 if (setup_post_proxy_fail(request)) {
4375 request_queue_or_run(request, proxy_no_reply);
4376 } else {
4377 gettimeofday(&request->reply->timestamp, NULL);
4378 request_cleanup_delay_init(request);
4379 }
4380 break;
4381
4382 /*
4383 * We received a new reply. Go process it.
4384 */
4385 case FR_ACTION_PROXY_REPLY:
4386 request_queue_or_run(request, proxy_running);
4387 break;
4388
4389 default:
4390 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
4391 break;
4392 }
4393 }
4394 #endif /* WITH_PROXY */
4395
4396
4397 /***********************************************************************
4398 *
4399 * CoA code
4400 *
4401 ***********************************************************************/
4402 #ifdef WITH_COA
4403 /*
4404 * See if we need to originate a CoA request.
4405 */
request_coa_originate(REQUEST * request)4406 static void request_coa_originate(REQUEST *request)
4407 {
4408 int rcode, pre_proxy_type = 0;
4409 VALUE_PAIR *vp;
4410 REQUEST *coa;
4411 fr_ipaddr_t ipaddr;
4412 char const *old_server;
4413 char buffer[256];
4414
4415 VERIFY_REQUEST(request);
4416
4417 rad_assert(request->coa != NULL);
4418 rad_assert(request->proxy == NULL);
4419 rad_assert(!request->in_proxy_hash);
4420 rad_assert(request->proxy_reply == NULL);
4421
4422 /*
4423 * Check whether we want to originate one, or cancel one.
4424 */
4425 vp = fr_pair_find_by_num(request->config, PW_SEND_COA_REQUEST, 0, TAG_ANY);
4426 if (!vp) {
4427 vp = fr_pair_find_by_num(request->coa->proxy->vps, PW_SEND_COA_REQUEST, 0, TAG_ANY);
4428 }
4429
4430 if (vp) {
4431 if (vp->vp_integer == 0) {
4432 fail:
4433 TALLOC_FREE(request->coa);
4434 return;
4435 }
4436 }
4437
4438 if (!main_config.proxy_requests) {
4439 RWDEBUG("Cannot originate CoA packets unless 'proxy_requests = yes'");
4440 TALLOC_FREE(request->coa);
4441 return;
4442 }
4443
4444 coa = request->coa;
4445 coa->listener = NULL; /* copied here by request_alloc_fake(), but not needed */
4446
4447 #ifdef WITH_COA_TUNNEL
4448 /*
4449 * Proxy-To-Originating-Realm is preferred to any other
4450 * method of originating CoA requests.
4451 */
4452 vp = fr_pair_find_by_num(coa->proxy->vps, PW_PROXY_TO_ORIGINATING_REALM, 0, TAG_ANY);
4453 if (vp) {
4454 /*
4455 * This function will set request->home_server,
4456 * and also request->proxy_listener.
4457 */
4458 if (listen_coa_find(coa, vp->vp_strvalue) < 0) {
4459 RWDEBUG("Unknown Originating realm '%s'", vp->vp_strvalue);
4460 return;
4461 }
4462
4463 goto set_packet_type;
4464 }
4465 #endif
4466
4467 /*
4468 * src_ipaddr will be set up in proxy_encode.
4469 */
4470 memset(&ipaddr, 0, sizeof(ipaddr));
4471 vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
4472 if (vp) {
4473 ipaddr.af = AF_INET;
4474 ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
4475 ipaddr.prefix = 32;
4476 } else if ((vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL) {
4477 ipaddr.af = AF_INET6;
4478 ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
4479 ipaddr.prefix = 128;
4480 } else if ((vp = fr_pair_find_by_num(coa->proxy->vps, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) {
4481 coa->home_pool = home_pool_byname(vp->vp_strvalue,
4482 HOME_TYPE_COA);
4483 if (!coa->home_pool) {
4484 RWDEBUG2("No such home_server_pool %s",
4485 vp->vp_strvalue);
4486 goto fail;
4487 }
4488
4489 /*
4490 * Prefer the pool to one server
4491 */
4492 } else if (request->client->coa_home_pool) {
4493 coa->home_pool = request->client->coa_home_pool;
4494
4495 } else if (request->client->coa_home_server) {
4496 coa->home_server = request->client->coa_home_server;
4497
4498 } else {
4499 /*
4500 * If all else fails, send it to the client that
4501 * originated this request.
4502 */
4503 memcpy(&ipaddr, &request->packet->src_ipaddr, sizeof(ipaddr));
4504 }
4505
4506 /*
4507 * Use the pool, if it exists.
4508 */
4509 if (coa->home_pool) {
4510 coa->home_server = home_server_ldb(NULL, coa->home_pool, coa);
4511 if (!coa->home_server) {
4512 RWDEBUG("No live home server for home_server_pool %s", coa->home_pool->name);
4513 goto fail;
4514 }
4515 home_server_update_request(coa->home_server, coa);
4516
4517 } else if (!coa->home_server) {
4518 uint16_t port = PW_COA_UDP_PORT;
4519
4520 vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_DST_PORT, 0, TAG_ANY);
4521 if (vp) port = vp->vp_integer;
4522
4523 coa->home_server = home_server_find(&ipaddr, port, IPPROTO_UDP);
4524 if (!coa->home_server) {
4525 RWDEBUG2("Unknown destination %s:%d for CoA request.",
4526 inet_ntop(ipaddr.af, &ipaddr.ipaddr,
4527 buffer, sizeof(buffer)), port);
4528 goto fail;
4529 }
4530 }
4531
4532 #ifdef WITH_COA_TUNNEL
4533 set_packet_type:
4534 #endif
4535 vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_TYPE, 0, TAG_ANY);
4536 if (vp) {
4537 switch (vp->vp_integer) {
4538 case PW_CODE_COA_REQUEST:
4539 case PW_CODE_DISCONNECT_REQUEST:
4540 coa->proxy->code = vp->vp_integer;
4541 break;
4542
4543 default:
4544 DEBUG("Cannot set CoA Packet-Type to code %d",
4545 vp->vp_integer);
4546 goto fail;
4547 }
4548 }
4549
4550 if (!coa->proxy->code) coa->proxy->code = PW_CODE_COA_REQUEST;
4551
4552 /*
4553 * The rest of the server code assumes that
4554 * request->packet && request->reply exist. Copy them
4555 * from the original request.
4556 */
4557 rad_assert(coa->packet != NULL);
4558 rad_assert(coa->packet->vps == NULL);
4559
4560 coa->packet = rad_copy_packet(coa, request->packet);
4561 coa->reply = rad_copy_packet(coa, request->reply);
4562
4563 coa->config = fr_pair_list_copy(coa, request->config);
4564 coa->num_coa_requests = 0;
4565 coa->number = request->number; /* it's associated with the same request */
4566
4567 /*
4568 * Call the pre-proxy routines.
4569 */
4570 vp = fr_pair_find_by_num(request->config, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
4571 if (vp) {
4572 DICT_VALUE const *dval = dict_valbyattr(vp->da->attr, vp->da->vendor, vp->vp_integer);
4573 /* Must be a validation issue */
4574 rad_assert(dval);
4575 RDEBUG2("Found Pre-Proxy-Type %s", dval->name);
4576 pre_proxy_type = vp->vp_integer;
4577 }
4578
4579 /*
4580 * Run the request through the virtual server for the
4581 * home server, OR through the virtual server for the
4582 * home server pool.
4583 */
4584 old_server = request->server;
4585 if (coa->home_server && coa->home_server->virtual_server) {
4586 coa->server = coa->home_server->virtual_server;
4587
4588 #ifdef WITH_COA_TUNNEL
4589 } else if (coa->proxy_listener && (coa->proxy_listener->type != RAD_LISTEN_PROXY)) {
4590 rad_assert((coa->proxy->code == PW_CODE_COA_REQUEST) ||
4591 (coa->proxy->code == PW_CODE_DISCONNECT_REQUEST));
4592 rad_assert(coa->home_server != NULL);
4593 rad_assert(coa->home_server->recv_coa_server != NULL);
4594 coa->server = coa->home_server->recv_coa_server;
4595 #endif
4596
4597 } else if (coa->home_pool && coa->home_pool->virtual_server) {
4598 coa->server = coa->home_pool->virtual_server;
4599 }
4600
4601 RDEBUG2("server %s {", coa->server);
4602 RINDENT();
4603 rcode = process_pre_proxy(pre_proxy_type, coa);
4604 REXDENT();
4605 RDEBUG2("}");
4606 coa->server = old_server;
4607
4608 switch (rcode) {
4609 default:
4610 goto fail;
4611
4612 /*
4613 * Only send the CoA packet if the pre-proxy code succeeded.
4614 */
4615 case RLM_MODULE_NOOP:
4616 case RLM_MODULE_OK:
4617 case RLM_MODULE_UPDATED:
4618 break;
4619 }
4620
4621 /*
4622 * Source IP / port is set when the proxy socket
4623 * is chosen.
4624 */
4625 coa->proxy->dst_ipaddr = coa->home_server->ipaddr;
4626 coa->proxy->dst_port = coa->home_server->port;
4627
4628 if (!insert_into_proxy_hash(coa)) {
4629 radlog_request(L_PROXY, 0, coa, "Failed to insert CoA request into proxy list");
4630 goto fail;
4631 }
4632
4633 /*
4634 * We CANNOT divorce the CoA request from the parent
4635 * request. This function is running in a child thread,
4636 * and we need access to the main event loop in order to
4637 * to add the timers for the CoA packet.
4638 *
4639 * Instead, we wait for the timer on the parent request
4640 * to fire.
4641 */
4642 gettimeofday(&coa->proxy->timestamp, NULL);
4643 coa->packet->timestamp = coa->proxy->timestamp; /* for max_request_time */
4644 coa->home_server->last_packet_sent = coa->proxy->timestamp.tv_sec;
4645 coa->delay = 0; /* need to calculate a new delay */
4646
4647 /*
4648 * If requested, put a State attribute into the packet,
4649 * and cache the VPS.
4650 */
4651 fr_state_put_vps(coa, NULL, coa->packet);
4652
4653 /*
4654 * Encode the packet before we do anything else.
4655 */
4656 coa->proxy_listener->proxy_encode(coa->proxy_listener, coa);
4657 debug_packet(coa, coa->proxy, false);
4658
4659 #ifdef DEBUG_STATE_MACHINE
4660 if (rad_debug_lvl) printf("(%u) ********\tSTATE %s C-%s -> C-%s\t********\n", request->number, __FUNCTION__,
4661 child_state_names[request->child_state],
4662 child_state_names[REQUEST_PROXIED]);
4663 #endif
4664
4665 /*
4666 * Set the state function, then the state, no child, and
4667 * send the packet.
4668 */
4669 coa->process = coa_wait_for_reply;
4670 coa->child_state = REQUEST_PROXIED;
4671
4672 #ifdef HAVE_PTHREAD_H
4673 coa->child_pid = NO_SUCH_CHILD_PID;
4674 #endif
4675
4676 if (we_are_master()) coa_separate(request->coa, true);
4677
4678 /*
4679 * And send the packet.
4680 */
4681 coa->proxy_listener->proxy_send(coa->proxy_listener, coa);
4682 }
4683
4684
coa_retransmit(REQUEST * request)4685 static void coa_retransmit(REQUEST *request)
4686 {
4687 uint32_t delay, frac;
4688 struct timeval now, when, mrd;
4689 char buffer[128];
4690
4691 VERIFY_REQUEST(request);
4692
4693 /*
4694 * Don't do fail-over. This is a 3.1 feature.
4695 */
4696 if (!request->home_server ||
4697 (request->home_server->state >= HOME_STATE_IS_DEAD) ||
4698 request->proxy_reply ||
4699 !request->proxy_listener ||
4700 (request->proxy_listener->status >= RAD_LISTEN_STATUS_EOL)) {
4701 request_done(request, FR_ACTION_CANCELLED);
4702 return;
4703 }
4704
4705 fr_event_now(el, &now);
4706
4707 /*
4708 * Home server has gone away. The request is done.
4709 */
4710 if (!request->home_server) {
4711 RDEBUG("No home server for CoA packet. Failing it.");
4712 goto fail;
4713 }
4714
4715 if (request->delay == 0) {
4716 /*
4717 * Implement re-transmit algorithm as per RFC 5080
4718 * Section 2.2.1.
4719 *
4720 * We want IRT + RAND*IRT
4721 * or 0.9 IRT + rand(0,.2) IRT
4722 *
4723 * 2^20 ~ USEC, and we want 2.
4724 * rand(0,0.2) USEC ~ (rand(0,2^21) / 10)
4725 */
4726 delay = (fr_rand() & ((1 << 22) - 1)) / 10;
4727 request->delay = delay * request->home_server->coa_irt;
4728 delay = request->home_server->coa_irt * USEC;
4729 delay -= delay / 10;
4730 delay += request->delay;
4731 request->delay = delay;
4732
4733 when = request->proxy->timestamp;
4734 tv_add(&when, delay);
4735
4736 if (timercmp(&when, &now, >)) {
4737 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
4738 return;
4739 }
4740 }
4741
4742 /*
4743 * Retransmit CoA request.
4744 */
4745
4746 /*
4747 * Cap count at MRC, if it is non-zero.
4748 */
4749 if (request->home_server->coa_mrc &&
4750 (request->num_coa_requests >= request->home_server->coa_mrc)) {
4751 RERROR("Failing request - originate-coa ID %u, due to lack of any response from coa server %s port %d",
4752 request->proxy->id,
4753 inet_ntop(request->proxy->dst_ipaddr.af,
4754 &request->proxy->dst_ipaddr.ipaddr,
4755 buffer, sizeof(buffer)),
4756 request->proxy->dst_port);
4757
4758 fail:
4759 if (setup_post_proxy_fail(request)) {
4760 request_queue_or_run(request, coa_no_reply);
4761 } else {
4762 request_done(request, FR_ACTION_DONE);
4763 }
4764 return;
4765 }
4766
4767 /*
4768 * RFC 5080 Section 2.2.1
4769 *
4770 * RT = 2*RTprev + RAND*RTprev
4771 * = 1.9 * RTprev + rand(0,.2) * RTprev
4772 * = 1.9 * RTprev + rand(0,1) * (RTprev / 5)
4773 */
4774 delay = fr_rand();
4775 delay ^= (delay >> 16);
4776 delay &= 0xffff;
4777 frac = request->delay / 5;
4778 delay = ((frac >> 16) * delay) + (((frac & 0xffff) * delay) >> 16);
4779
4780 delay += (2 * request->delay) - (request->delay / 10);
4781
4782 /*
4783 * Cap delay at MRT, if MRT is non-zero.
4784 */
4785 if (request->home_server->coa_mrt &&
4786 (delay > (request->home_server->coa_mrt * USEC))) {
4787 int mrt_usec = request->home_server->coa_mrt * USEC;
4788
4789 /*
4790 * delay = MRT + RAND * MRT
4791 * = 0.9 MRT + rand(0,.2) * MRT
4792 */
4793 delay = fr_rand();
4794 delay ^= (delay >> 15);
4795 delay &= 0x1ffff;
4796 delay = ((mrt_usec >> 16) * delay) + (((mrt_usec & 0xffff) * delay) >> 16);
4797 delay += mrt_usec - (mrt_usec / 10);
4798 }
4799
4800 request->delay = delay;
4801 when = now;
4802 tv_add(&when, request->delay);
4803 mrd = request->proxy->timestamp;
4804 mrd.tv_sec += request->home_server->coa_mrd;
4805
4806 /*
4807 * Cap duration at MRD.
4808 */
4809 if (timercmp(&mrd, &when, <)) {
4810 when = mrd;
4811 }
4812 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
4813
4814 request->num_coa_requests++; /* is NOT reset by code 3 lines above! */
4815
4816 FR_STATS_TYPE_INC(request->home_server->stats.total_requests);
4817
4818 RDEBUG2("Sending duplicate CoA request to home server %s port %d - ID: %d",
4819 inet_ntop(request->proxy->dst_ipaddr.af,
4820 &request->proxy->dst_ipaddr.ipaddr,
4821 buffer, sizeof(buffer)),
4822 request->proxy->dst_port,
4823 request->proxy->id);
4824
4825 request->proxy_listener->proxy_send(request->proxy_listener,
4826 request);
4827 }
4828
4829
4830 /*
4831 * Enforce maximum time for CoA packets
4832 */
coa_max_time(REQUEST * request)4833 static bool coa_max_time(REQUEST *request)
4834 {
4835 struct timeval now, when;
4836 rad_assert(request->magic == REQUEST_MAGIC);
4837 #ifdef DEBUG_STATE_MACHINE
4838 int action = FR_ACTION_TIMER;
4839 #endif
4840 int mrd;
4841
4842 VERIFY_REQUEST(request);
4843
4844 TRACE_STATE_MACHINE;
4845 ASSERT_MASTER;
4846
4847 /*
4848 * The child thread has acknowledged it's done.
4849 * Transition to the DONE state.
4850 *
4851 * If the request was marked STOP, then the "check for
4852 * stop" macro already took care of it.
4853 */
4854 if (request->child_state == REQUEST_DONE) {
4855 done:
4856 request_done(request, FR_ACTION_CANCELLED);
4857 return true;
4858 }
4859
4860 /*
4861 * The request is still running. Enforce max_request_time.
4862 *
4863 * Note that the *proxy* timestamp is the one we use, as
4864 * that's when the CoA packet was sent.
4865 *
4866 * Note also that if there's an error, the home server
4867 * may not exist.
4868 */
4869 fr_event_now(el, &now);
4870 when = request->proxy->timestamp;
4871 if (request->home_server && (request->process != coa_running)) {
4872 mrd = request->home_server->coa_mrd;
4873 } else {
4874 mrd = request->root->max_request_time;
4875 }
4876 when.tv_sec += mrd;
4877
4878 /*
4879 * Taking too long: tell it to die.
4880 */
4881 if (timercmp(&now, &when, >=)) {
4882 char buffer[256];
4883
4884 if (request->process != coa_running) {
4885 RERROR("Failing request - originate-coa ID %u, due to lack of any response from coa server %s port %d within %d seconds",
4886 request->proxy->id,
4887 inet_ntop(request->proxy->dst_ipaddr.af,
4888 &request->proxy->dst_ipaddr.ipaddr,
4889 buffer, sizeof(buffer)),
4890 request->proxy->dst_port,
4891 mrd);
4892 goto done;
4893 }
4894
4895 #ifdef HAVE_PTHREAD_H
4896 /*
4897 * If there's a child thread processing it,
4898 * complain.
4899 */
4900 if (spawn_flag &&
4901 (pthread_equal(request->child_pid, NO_SUCH_CHILD_PID) == 0)) {
4902 RERROR("Unresponsive child for originate-coa, in component %s module %s",
4903 request->component ? request->component : "<core>",
4904 request->module ? request->module : "<core>");
4905 exec_trigger(request, NULL, "server.thread.unresponsive", true);
4906 } else
4907 #endif
4908 {
4909 RERROR("originate-coa hit max_request_time. Cancelling it.");
4910 }
4911
4912 /*
4913 * Tell the request that it's done.
4914 */
4915 goto done;
4916 }
4917
4918 /*
4919 * Let coa_retransmit() handle the retransmission timers.
4920 */
4921 if (request->process != coa_running) return false;
4922
4923 /*
4924 * Sleep for some more. We HOPE that the child will
4925 * become responsive at some point in the future. We do
4926 * this by adding 50% to the current timer.
4927 */
4928 when = now;
4929 tv_add(&when, request->delay);
4930 request->delay += request->delay >> 1;
4931 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
4932 return false;
4933 }
4934
4935
4936 /** Wait for a reply after originating a CoA a request.
4937 *
4938 * Retransmit the proxied packet, or time out and go to
4939 * coa_no_reply. Mark the home server unresponsive, etc.
4940 *
4941 * If we do receive a reply, we transition to coa_running.
4942 *
4943 * \dot
4944 * digraph coa_wait_for_reply {
4945 * coa_wait_for_reply;
4946 *
4947 * coa_wait_for_reply -> coa_no_reply [ label = "TIMER >= response_window" ];
4948 * coa_wait_for_reply -> timer [ label = "TIMER < max_request_time" ];
4949 * coa_wait_for_reply -> coa_running [ label = "PROXY_REPLY" arrowhead = "none"];
4950 * coa_wait_for_reply -> done [ label = "TIMER >= max_request_time" ];
4951 * }
4952 * \enddot
4953 */
coa_wait_for_reply(REQUEST * request,int action)4954 static void coa_wait_for_reply(REQUEST *request, int action)
4955 {
4956 VERIFY_REQUEST(request);
4957
4958 TRACE_STATE_MACHINE;
4959 ASSERT_MASTER;
4960 CHECK_FOR_STOP;
4961
4962 if (request->parent) coa_separate(request, false);
4963
4964 switch (action) {
4965 case FR_ACTION_TIMER:
4966 if (coa_max_time(request)) break;
4967
4968 coa_retransmit(request);
4969 break;
4970
4971 case FR_ACTION_PROXY_REPLY:
4972 /*
4973 * Reset the initial delay for checking if we
4974 * should still run.
4975 */
4976 request->delay = (int)request->root->init_delay.tv_sec * USEC +
4977 (int)request->root->init_delay.tv_usec;
4978
4979 request_queue_or_run(request, coa_running);
4980 break;
4981
4982 default:
4983 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
4984 break;
4985 }
4986 }
4987
coa_separate(REQUEST * request,bool retransmit)4988 static void coa_separate(REQUEST *request, bool retransmit)
4989 {
4990 VERIFY_REQUEST(request);
4991 #ifdef DEBUG_STATE_MACHINE
4992 int action = FR_ACTION_TIMER;
4993 #endif
4994
4995 TRACE_STATE_MACHINE;
4996 ASSERT_MASTER;
4997
4998 rad_assert(request->parent != NULL);
4999 rad_assert(request->parent->coa == request);
5000 rad_assert(request->ev == NULL);
5001 rad_assert(!request->in_request_hash);
5002 rad_assert(request->coa == NULL);
5003
5004 (void) talloc_steal(NULL, request);
5005 request->parent->coa = NULL;
5006 request->parent = NULL;
5007
5008 if (retransmit && (request->delay == 0) && !request->proxy_reply) {
5009 coa_retransmit(request);
5010 }
5011 }
5012
5013
5014 /** Process a request after the CoA has timed out.
5015 *
5016 * Run the packet through Post-Proxy-Type Fail
5017 *
5018 * \dot
5019 * digraph coa_no_reply {
5020 * coa_no_reply;
5021 *
5022 * coa_no_reply -> dup [ label = "DUP", arrowhead = "none" ];
5023 * coa_no_reply -> timer [ label = "TIMER < max_request_time" ];
5024 * coa_no_reply -> coa_reply_too_late [ label = "PROXY_REPLY" arrowhead = "none"];
5025 * coa_no_reply -> process_proxy_reply [ label = "RUN" ];
5026 * coa_no_reply -> done [ label = "TIMER >= timeout" ];
5027 * }
5028 * \enddot
5029 */
coa_no_reply(REQUEST * request,int action)5030 static void coa_no_reply(REQUEST *request, int action)
5031 {
5032 char buffer[128];
5033
5034 VERIFY_REQUEST(request);
5035
5036 TRACE_STATE_MACHINE;
5037 CHECK_FOR_STOP;
5038
5039 switch (action) {
5040 case FR_ACTION_TIMER:
5041 (void) coa_max_time(request);
5042 break;
5043
5044 case FR_ACTION_PROXY_REPLY: /* too late! */
5045 RDEBUG2("Reply from CoA server %s port %d - ID: %d arrived too late.",
5046 inet_ntop(request->proxy->src_ipaddr.af,
5047 &request->proxy->src_ipaddr.ipaddr,
5048 buffer, sizeof(buffer)),
5049 request->proxy->dst_port, request->proxy->id);
5050 break;
5051
5052 case FR_ACTION_RUN:
5053 if (process_proxy_reply(request, NULL)) {
5054 request->handle(request);
5055 }
5056 request_done(request, FR_ACTION_DONE);
5057 break;
5058
5059 default:
5060 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
5061 break;
5062 }
5063 }
5064
5065
5066 /** Process the request after receiving a coa reply.
5067 *
5068 * Throught the post-proxy section, and the through the handler
5069 * function.
5070 *
5071 * \dot
5072 * digraph coa_running {
5073 * coa_running;
5074 *
5075 * coa_running -> timer [ label = "TIMER < max_request_time" ];
5076 * coa_running -> process_proxy_reply [ label = "RUN" ];
5077 * coa_running -> done [ label = "TIMER >= timeout" ];
5078 * }
5079 * \enddot
5080 */
coa_running(REQUEST * request,int action)5081 static void coa_running(REQUEST *request, int action)
5082 {
5083 VERIFY_REQUEST(request);
5084
5085 TRACE_STATE_MACHINE;
5086 CHECK_FOR_STOP;
5087
5088 switch (action) {
5089 case FR_ACTION_TIMER:
5090 (void) coa_max_time(request);
5091 break;
5092
5093 case FR_ACTION_RUN:
5094 if (process_proxy_reply(request, request->proxy_reply)) {
5095 request->handle(request);
5096 }
5097 request_done(request, FR_ACTION_DONE);
5098 break;
5099
5100 default:
5101 RDEBUG3("%s: Ignoring action %s", __FUNCTION__, action_codes[action]);
5102 break;
5103 }
5104 }
5105 #endif /* WITH_COA */
5106
5107 /***********************************************************************
5108 *
5109 * End of the State machine. Start of additional helper code.
5110 *
5111 ***********************************************************************/
5112
5113 /***********************************************************************
5114 *
5115 * Event handlers.
5116 *
5117 ***********************************************************************/
event_socket_handler(fr_event_list_t * xel,UNUSED int fd,void * ctx)5118 static void event_socket_handler(fr_event_list_t *xel, UNUSED int fd, void *ctx)
5119 {
5120 rad_listen_t *listener = talloc_get_type_abort(ctx, rad_listen_t);
5121
5122 rad_assert(xel == el);
5123
5124 if ((listener->fd < 0)
5125 #ifdef WITH_DETAIL
5126 #ifndef WITH_DETAIL_THREAD
5127 && (listener->type != RAD_LISTEN_DETAIL)
5128 #endif
5129 #endif
5130 ) {
5131 char buffer[256];
5132
5133 listener->print(listener, buffer, sizeof(buffer));
5134 ERROR("FATAL: Asked to read from closed socket: %s",
5135 buffer);
5136
5137 rad_panic("Socket was closed on us!");
5138 fr_exit_now(1);
5139 }
5140
5141 listener->recv(listener);
5142 }
5143
5144 #ifdef WITH_DETAIL
5145 #ifdef WITH_DETAIL_THREAD
5146 #else
5147 /*
5148 * This function is called periodically to see if this detail
5149 * file is available for reading.
5150 */
event_poll_detail(void * ctx)5151 static void event_poll_detail(void *ctx)
5152 {
5153 int delay;
5154 rad_listen_t *this = talloc_get_type_abort(ctx, rad_listen_t);
5155 struct timeval when, now;
5156 listen_detail_t *detail = this->data;
5157
5158 rad_assert(this->type == RAD_LISTEN_DETAIL);
5159
5160 redo:
5161 event_socket_handler(el, this->fd, this);
5162
5163 fr_event_now(el, &now);
5164 when = now;
5165
5166 /*
5167 * Backdoor API to get the delay until the next poll
5168 * time.
5169 */
5170 delay = this->encode(this, NULL);
5171 if (delay == 0) goto redo;
5172
5173 tv_add(&when, delay);
5174
5175 ASSERT_MASTER;
5176 if (!fr_event_insert(el, event_poll_detail, this,
5177 &when, &detail->ev)) {
5178 ERROR("Failed creating handler");
5179 fr_exit(1);
5180 }
5181 }
5182 #endif /* WITH_DETAIL_THREAD */
5183 #endif /* WITH_DETAIL */
5184
event_status(struct timeval * wake)5185 static void event_status(struct timeval *wake)
5186 {
5187 if (rad_debug_lvl == 0) {
5188 if (just_started) {
5189 INFO("Ready to process requests");
5190 just_started = false;
5191 }
5192 return;
5193 }
5194
5195 if (!wake) {
5196 INFO("Ready to process requests");
5197
5198 } else if ((wake->tv_sec != 0) ||
5199 (wake->tv_usec >= 100000)) {
5200 DEBUG("Waking up in %d.%01u seconds.",
5201 (int) wake->tv_sec, (unsigned int) wake->tv_usec / 100000);
5202 }
5203
5204
5205 /*
5206 * FIXME: Put this somewhere else, where it isn't called
5207 * all of the time...
5208 */
5209
5210 if (!spawn_flag) {
5211 int argval;
5212
5213 /*
5214 * If there are no child threads, then there may
5215 * be child processes. In that case, wait for
5216 * their exit status, and throw that exit status
5217 * away. This helps get rid of zxombie children.
5218 */
5219 while (waitpid(-1, &argval, WNOHANG) > 0) {
5220 /* do nothing */
5221 }
5222 }
5223 }
5224
5225 #ifdef WITH_TCP
listener_free_cb(void * ctx)5226 static void listener_free_cb(void *ctx)
5227 {
5228 rad_listen_t *this = talloc_get_type_abort(ctx, rad_listen_t);
5229 char buffer[1024];
5230
5231 if (this->count > 0) {
5232 struct timeval when;
5233 listen_socket_t *sock = this->data;
5234
5235 fr_event_now(el, &when);
5236 when.tv_sec += 3;
5237
5238 ASSERT_MASTER;
5239 if (!fr_event_insert(el, listener_free_cb, this, &when,
5240 &(sock->ev))) {
5241 rad_panic("Failed to insert event");
5242 }
5243
5244 return;
5245 }
5246
5247 /*
5248 * It's all free, close the socket.
5249 */
5250
5251 this->print(this, buffer, sizeof(buffer));
5252 DEBUG("... cleaning up socket %s", buffer);
5253 rad_assert(this->next == NULL);
5254 talloc_free(this);
5255 }
5256
5257 #ifdef WITH_PROXY
proxy_eol_cb(void * ctx,void * data)5258 static int proxy_eol_cb(void *ctx, void *data)
5259 {
5260 struct timeval when;
5261 REQUEST *request = fr_packet2myptr(REQUEST, proxy, data);
5262
5263 if (request->proxy_listener != ctx) return 0;
5264
5265 /*
5266 * We don't care if it's being processed in a child thread.
5267 */
5268
5269 #ifdef WITH_ACCOUNTING
5270 /*
5271 * Accounting packets should be deleted immediately.
5272 * They will never be retransmitted by the client.
5273 */
5274 if (request->proxy->code == PW_CODE_ACCOUNTING_REQUEST) {
5275 RDEBUG("Stopping request due to failed connection to home server");
5276 request->master_state = REQUEST_STOP_PROCESSING;
5277 }
5278 #endif
5279
5280 /*
5281 * Reset the timer to be now, so that the request is
5282 * quickly updated. But spread the requests randomly
5283 * over the next second, so that we don't overload the
5284 * server.
5285 */
5286 fr_event_now(el, &when);
5287 tv_add(&when, fr_rand() % USEC);
5288 STATE_MACHINE_TIMER(FR_ACTION_TIMER);
5289
5290 /*
5291 * Don't delete it from the list.
5292 */
5293 return 0;
5294 }
5295 #endif /* WITH_PROXY */
5296 #endif /* WITH_TCP */
5297
event_new_fd(rad_listen_t * this)5298 static void event_new_fd(rad_listen_t *this)
5299 {
5300 char buffer[1024];
5301
5302 ASSERT_MASTER;
5303
5304 if (this->status == RAD_LISTEN_STATUS_KNOWN) return;
5305
5306 this->print(this, buffer, sizeof(buffer));
5307
5308 if (this->status == RAD_LISTEN_STATUS_INIT) {
5309 listen_socket_t *sock = this->data;
5310
5311 rad_assert(sock != NULL);
5312 if (just_started) {
5313 DEBUG("Listening on %s", buffer);
5314 } else {
5315 INFO(" ... adding new socket %s", buffer);
5316 }
5317
5318 #ifdef WITH_PROXY
5319 if (!just_started && (this->type == RAD_LISTEN_PROXY)) {
5320 home_server_t *home;
5321
5322 home = sock->home;
5323 if (!home || !home->limit.max_connections) {
5324 INFO(" ... adding new socket %s", buffer);
5325 } else {
5326 INFO(" ... adding new socket %s (%u of %u)", buffer,
5327 home->limit.num_connections, home->limit.max_connections);
5328 }
5329
5330 #endif
5331 }
5332
5333 switch (this->type) {
5334 #ifdef WITH_DETAIL
5335 /*
5336 * Detail files are always known, and aren't
5337 * put into the socket event loop.
5338 */
5339 case RAD_LISTEN_DETAIL:
5340 this->status = RAD_LISTEN_STATUS_KNOWN;
5341
5342 #ifndef WITH_DETAIL_THREAD
5343 /*
5344 * Set up the first poll interval.
5345 */
5346 event_poll_detail(this);
5347 return;
5348 #else
5349 break; /* add the FD to the list */
5350 #endif
5351 #endif /* WITH_DETAIL */
5352
5353 #ifdef WITH_PROXY
5354 /*
5355 * Add it to the list of sockets we can use.
5356 * Server sockets (i.e. auth/acct) are never
5357 * added to the packet list.
5358 */
5359 case RAD_LISTEN_PROXY:
5360 #ifdef WITH_TCP
5361 rad_assert((sock->proto == IPPROTO_UDP) || (sock->home != NULL));
5362
5363 /*
5364 * Add timers to outgoing child sockets, if necessary.
5365 */
5366 if (sock->proto == IPPROTO_TCP && sock->opened &&
5367 (sock->home->limit.lifetime || sock->home->limit.idle_timeout)) {
5368 struct timeval when;
5369
5370 when.tv_sec = sock->opened + 1;
5371 when.tv_usec = 0;
5372
5373 ASSERT_MASTER;
5374 if (!fr_event_insert(el, tcp_socket_timer, this, &when,
5375 &(sock->ev))) {
5376 rad_panic("Failed to insert event");
5377 }
5378 }
5379
5380 /*
5381 * Run a callback to do any specific
5382 * signalling on "connection up".
5383 *
5384 * For TLS sockets and WITH_COA_TUNNEL,
5385 * this function should be similar to
5386 * ping_home_server(), except that it
5387 * should send a Status-Server packet,
5388 * with Originating-Realm-Key as a VSA.
5389 */
5390 // process_listener_up(this);
5391
5392 #endif /* WITH_TCP */
5393 break;
5394 #endif /* WITH_PROXY */
5395
5396 /*
5397 * FIXME: put idle timers on command sockets.
5398 */
5399
5400 default:
5401 #ifdef WITH_TCP
5402 /*
5403 * Add timers to incoming child sockets, if necessary.
5404 */
5405 if (sock->proto == IPPROTO_TCP && sock->opened &&
5406 (sock->limit.lifetime || sock->limit.idle_timeout)) {
5407 struct timeval when;
5408
5409 when.tv_sec = sock->opened + 1;
5410 when.tv_usec = 0;
5411
5412 ASSERT_MASTER;
5413 if (!fr_event_insert(el, tcp_socket_timer, this, &when,
5414 &(sock->ev))) {
5415 ERROR("Failed adding timer for socket: %s", fr_strerror());
5416 fr_exit(1);
5417 }
5418 }
5419
5420 #ifdef WITH_COA_TUNNEL
5421 /*
5422 * If we're allowed to send CoA requests
5423 * back down this incoming socket, then
5424 * add the socket to the proxy listener
5425 * list. We need to check for "parent",
5426 * as the main incoming listener has
5427 * "send_coa" set, but it just calls
5428 * accept(), and doesn't actually send
5429 * any packets.
5430 */
5431 if (this->send_coa && this->parent) {
5432 PTHREAD_MUTEX_LOCK(&proxy_mutex);
5433 if (!fr_packet_list_socket_add(proxy_list, this->fd,
5434 sock->proto,
5435 &sock->other_ipaddr, sock->other_port,
5436 this)) {
5437 ERROR("Failed adding coa proxy socket");
5438 fr_exit_now(1);
5439 }
5440 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
5441 }
5442 #endif /* WITH_COA_TUNNEL */
5443
5444 #endif /* WITH_TCP */
5445 break;
5446 } /* switch over listener types */
5447
5448 /*
5449 * All sockets: add the FD to the event handler.
5450 */
5451 insert_fd:
5452 if (fr_event_fd_insert(el, 0, this->fd,
5453 event_socket_handler, this)) {
5454 this->status = RAD_LISTEN_STATUS_KNOWN;
5455 return;
5456 }
5457
5458 ERROR("Failed adding event handler for socket: %s", fr_strerror());
5459 this->status = RAD_LISTEN_STATUS_REMOVE_NOW;
5460 } /* end of INIT */
5461
5462 if (this->status == RAD_LISTEN_STATUS_PAUSE) {
5463 fr_event_fd_delete(el, 0, this->fd);
5464 return;
5465 }
5466
5467 if (this->status == RAD_LISTEN_STATUS_RESUME) goto insert_fd;
5468
5469 #ifdef WITH_TCP
5470 /*
5471 * The socket has reached a timeout. Try to close it.
5472 */
5473 if (this->status == RAD_LISTEN_STATUS_FROZEN) {
5474 /*
5475 * Requests are still using the socket. Wait for
5476 * them to finish.
5477 */
5478 if (this->count > 0) {
5479 struct timeval when;
5480 listen_socket_t *sock = this->data;
5481
5482 /*
5483 * Try again to clean up the socket in 30
5484 * seconds.
5485 */
5486 gettimeofday(&when, NULL);
5487 when.tv_sec += 30;
5488
5489 ASSERT_MASTER;
5490 if (!fr_event_insert(el,
5491 (fr_event_callback_t) event_new_fd,
5492 this, &when, &sock->ev)) {
5493 rad_panic("Failed to insert event");
5494 }
5495
5496 return;
5497 }
5498
5499 fr_event_fd_delete(el, 0, this->fd);
5500 this->status = RAD_LISTEN_STATUS_REMOVE_NOW;
5501 }
5502
5503 /*
5504 * The socket has had a catastrophic error. Close it.
5505 */
5506 if (this->status == RAD_LISTEN_STATUS_EOL) {
5507 /*
5508 * Remove it from the list of live FD's.
5509 */
5510 fr_event_fd_delete(el, 0, this->fd);
5511
5512 #ifdef WITH_PROXY
5513 /*
5514 * Tell all requests using this socket that the socket is dead.
5515 */
5516 if (this->type == RAD_LISTEN_PROXY
5517 #ifdef WITH_COA_TUNNEL
5518 || (this->send_coa && this->parent)
5519 #endif
5520 ) {
5521 PTHREAD_MUTEX_LOCK(&proxy_mutex);
5522 if (!fr_packet_list_socket_freeze(proxy_list,
5523 this->fd)) {
5524 ERROR("Fatal error freezing socket: %s", fr_strerror());
5525 fr_exit(1);
5526 }
5527
5528 if (this->count > 0) {
5529 fr_packet_list_walk(proxy_list, this, proxy_eol_cb);
5530 }
5531 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
5532 }
5533 #endif /* WITH_PROXY */
5534
5535 /*
5536 * Requests are still using the socket. Wait for
5537 * them to finish.
5538 */
5539 if (this->count > 0) {
5540 struct timeval when;
5541 listen_socket_t *sock = this->data;
5542
5543 /*
5544 * Try again to clean up the socket in 30
5545 * seconds.
5546 */
5547 gettimeofday(&when, NULL);
5548 when.tv_sec += 30;
5549
5550 ASSERT_MASTER;
5551 if (!fr_event_insert(el,
5552 (fr_event_callback_t) event_new_fd,
5553 this, &when, &sock->ev)) {
5554 rad_panic("Failed to insert event");
5555 }
5556
5557 return;
5558 }
5559
5560 /*
5561 * No one is using the socket. We can remove it now.
5562 */
5563 this->status = RAD_LISTEN_STATUS_REMOVE_NOW;
5564 } /* socket is at EOL */
5565 #endif /* WITH_TCP */
5566
5567 /*
5568 * Nuke the socket.
5569 */
5570 if (this->status == RAD_LISTEN_STATUS_REMOVE_NOW) {
5571 int devnull;
5572 #ifdef WITH_TCP
5573 listen_socket_t *sock = this->data;
5574 struct timeval when;
5575 #endif
5576
5577 /*
5578 * Re-open the socket, pointing it to /dev/null.
5579 * This means that all writes proceed without
5580 * blocking, and all reads return "no data".
5581 *
5582 * This leaves the socket active, so any child
5583 * threads won't go insane. But it means that
5584 * they cannot send or receive any packets.
5585 *
5586 * This is EXTRA work in the normal case, when
5587 * sockets are closed without error. But it lets
5588 * us have one simple processing method for all
5589 * sockets.
5590 */
5591 devnull = open("/dev/null", O_RDWR);
5592 if (devnull < 0) {
5593 ERROR("FATAL failure opening /dev/null: %s",
5594 fr_syserror(errno));
5595 fr_exit(1);
5596 }
5597 if (dup2(devnull, this->fd) < 0) {
5598 ERROR("FATAL failure closing socket: %s",
5599 fr_syserror(errno));
5600 fr_exit(1);
5601 }
5602 close(devnull);
5603
5604 #ifdef WITH_DETAIL
5605 rad_assert(this->type != RAD_LISTEN_DETAIL);
5606 #endif
5607
5608 #ifdef WITH_TCP
5609 #ifdef WITH_PROXY
5610 /*
5611 * The socket is dead. Force all proxied packets
5612 * to stop using it. And then remove it from the
5613 * list of outgoing sockets.
5614 */
5615 if (this->type == RAD_LISTEN_PROXY
5616 #ifdef WITH_COA_TUNNEL
5617 || (this->send_coa && this->parent)
5618 #endif
5619 ) {
5620 home_server_t *home;
5621
5622 home = sock->home;
5623 if (!home || !home->limit.max_connections) {
5624 INFO(" ... shutting down socket %s", buffer);
5625 } else {
5626 INFO(" ... shutting down socket %s (%u of %u)", buffer,
5627 home->limit.num_connections, home->limit.max_connections);
5628 }
5629
5630 PTHREAD_MUTEX_LOCK(&proxy_mutex);
5631 fr_packet_list_walk(proxy_list, this, eol_proxy_listener);
5632
5633 if (!fr_packet_list_socket_del(proxy_list, this->fd)) {
5634 ERROR("Fatal error removing socket %s: %s",
5635 buffer, fr_strerror());
5636 fr_exit(1);
5637 }
5638 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
5639
5640 #ifdef WITH_COA_TUNNEL
5641 /*
5642 * Clean up the proxied packets AND the
5643 * normal one.
5644 */
5645 if (this->send_coa && this->parent) goto shutdown;
5646 #endif
5647
5648 } else
5649 #endif /* WITH_PROXY */
5650 {
5651 #ifdef WITH_COA_TUNNEL
5652 shutdown:
5653 #endif
5654 INFO(" ... shutting down socket %s", buffer);
5655
5656 /*
5657 * EOL all requests using this socket.
5658 */
5659 rbtree_walk(pl, RBTREE_DELETE_ORDER, eol_listener, this);
5660
5661 #ifdef WITH_COA_TUNNEL
5662 /*
5663 * Delete the listener from the set of
5664 * listeners by key. This is done early,
5665 * so that it won't be used while the
5666 * cleanup timers are being run.
5667 */
5668 if (this->tls) this->dead = true;
5669 #endif
5670 }
5671
5672 /*
5673 * No child threads, clean it up now.
5674 */
5675 if (!spawn_flag) {
5676 ASSERT_MASTER;
5677 if (sock->ev) fr_event_delete(el, &sock->ev);
5678 listen_free(&this);
5679 return;
5680 }
5681
5682 /*
5683 * Wait until all requests using this socket are done.
5684 */
5685 gettimeofday(&when, NULL);
5686 when.tv_sec += 3;
5687
5688 ASSERT_MASTER;
5689 if (!fr_event_insert(el, listener_free_cb, this, &when,
5690 &(sock->ev))) {
5691 rad_panic("Failed to insert event");
5692 }
5693 #endif /* WITH_TCP */
5694 }
5695
5696 return;
5697 }
5698
5699 /***********************************************************************
5700 *
5701 * Signal handlers.
5702 *
5703 ***********************************************************************/
5704
handle_signal_self(int flag)5705 static void handle_signal_self(int flag)
5706 {
5707 ASSERT_MASTER;
5708
5709 if ((flag & (RADIUS_SIGNAL_SELF_EXIT | RADIUS_SIGNAL_SELF_TERM)) != 0) {
5710 if ((flag & RADIUS_SIGNAL_SELF_EXIT) != 0) {
5711 INFO("Signalled to exit");
5712 fr_event_loop_exit(el, 1);
5713 } else {
5714 INFO("Signalled to terminate");
5715 fr_event_loop_exit(el, 2);
5716 }
5717
5718 return;
5719 } /* else exit/term flags weren't set */
5720
5721 /*
5722 * Tell the even loop to stop processing.
5723 */
5724 if ((flag & RADIUS_SIGNAL_SELF_HUP) != 0) {
5725 time_t when;
5726 static time_t last_hup = 0;
5727
5728 when = time(NULL);
5729 if ((int) (when - last_hup) < 5) {
5730 INFO("Ignoring HUP (less than 5s since last one)");
5731 return;
5732 }
5733
5734 INFO("Received HUP signal");
5735
5736 last_hup = when;
5737
5738 exec_trigger(NULL, NULL, "server.signal.hup", true);
5739 fr_event_loop_exit(el, 0x80);
5740 }
5741
5742 #if defined(WITH_DETAIL) && !defined(WITH_DETAIL_THREAD)
5743 if ((flag & RADIUS_SIGNAL_SELF_DETAIL) != 0) {
5744 rad_listen_t *this;
5745
5746 /*
5747 * FIXME: O(N) loops suck.
5748 */
5749 for (this = main_config.listen;
5750 this != NULL;
5751 this = this->next) {
5752 if (this->type != RAD_LISTEN_DETAIL) continue;
5753
5754 /*
5755 * This one didn't send the signal, skip
5756 * it.
5757 */
5758 if (!this->decode(this, NULL)) continue;
5759
5760 /*
5761 * Go service the interrupt.
5762 */
5763 event_poll_detail(this);
5764 }
5765 }
5766 #endif
5767
5768 #if defined(WITH_PROXY) && defined(HAVE_PTHREAD_H)
5769 /*
5770 * There are new listeners in the list. Run
5771 * event_new_fd() on them.
5772 */
5773 if ((flag & RADIUS_SIGNAL_SELF_NEW_FD) != 0) {
5774 rad_listen_t *this, *next;
5775
5776 FD_MUTEX_LOCK(&fd_mutex);
5777
5778 /*
5779 * FIXME: unlock the mutex before calling
5780 * event_new_fd()?
5781 */
5782 for (this = new_listeners; this != NULL; this = next) {
5783 next = this->next;
5784 this->next = NULL;
5785
5786 event_new_fd(this);
5787 }
5788
5789 new_listeners = NULL;
5790 FD_MUTEX_UNLOCK(&fd_mutex);
5791 }
5792 #endif
5793 }
5794
5795 #ifndef HAVE_PTHREAD_H
radius_signal_self(int flag)5796 void radius_signal_self(int flag)
5797 {
5798 if (flag == RADIUS_SIGNAL_SELF_TERM) {
5799 main_config.exiting = true;
5800 }
5801
5802 return handle_signal_self(flag);
5803 }
5804
5805 #else
5806 static int self_pipe[2] = { -1, -1 };
5807
5808 /*
5809 * Inform ourselves that we received a signal.
5810 */
radius_signal_self(int flag)5811 void radius_signal_self(int flag)
5812 {
5813 ssize_t rcode;
5814 uint8_t buffer[16];
5815
5816 if (flag == RADIUS_SIGNAL_SELF_TERM) {
5817 main_config.exiting = true;
5818 }
5819
5820 /*
5821 * The read MUST be non-blocking for this to work.
5822 */
5823 rcode = read(self_pipe[0], buffer, sizeof(buffer));
5824 if (rcode > 0) {
5825 ssize_t i;
5826
5827 for (i = 0; i < rcode; i++) {
5828 buffer[0] |= buffer[i];
5829 }
5830 } else {
5831 buffer[0] = 0;
5832 }
5833
5834 buffer[0] |= flag;
5835
5836 if (write(self_pipe[1], buffer, 1) < 0) fr_exit(0);
5837 }
5838
5839
event_signal_handler(UNUSED fr_event_list_t * xel,UNUSED int fd,UNUSED void * ctx)5840 static void event_signal_handler(UNUSED fr_event_list_t *xel,
5841 UNUSED int fd, UNUSED void *ctx)
5842 {
5843 ssize_t i, rcode;
5844 uint8_t buffer[32];
5845
5846 rcode = read(self_pipe[0], buffer, sizeof(buffer));
5847 if (rcode <= 0) return;
5848
5849 /*
5850 * Merge pending signals.
5851 */
5852 for (i = 0; i < rcode; i++) {
5853 buffer[0] |= buffer[i];
5854 }
5855
5856 handle_signal_self(buffer[0]);
5857 }
5858 #endif /* HAVE_PTHREAD_H */
5859
5860 /***********************************************************************
5861 *
5862 * Bootstrapping code.
5863 *
5864 ***********************************************************************/
5865
5866 /*
5867 * Externally-visibly functions.
5868 */
radius_event_init(TALLOC_CTX * ctx)5869 int radius_event_init(TALLOC_CTX *ctx) {
5870 el = fr_event_list_create(ctx, event_status);
5871 if (!el) return 0;
5872
5873 #ifdef HAVE_SYSTEMD_WATCHDOG
5874 if (sd_watchdog_interval.tv_sec || sd_watchdog_interval.tv_usec) {
5875 struct timeval now;
5876
5877 fr_event_now(el, &now);
5878
5879 sdwd.when = now;
5880 sdwd.el = el;
5881
5882 sd_watchdog_event(&sdwd);
5883 }
5884 #endif
5885
5886 return 1;
5887 }
5888
packet_entry_cmp(void const * one,void const * two)5889 static int packet_entry_cmp(void const *one, void const *two)
5890 {
5891 RADIUS_PACKET const * const *a = one;
5892 RADIUS_PACKET const * const *b = two;
5893
5894 return fr_packet_cmp(*a, *b);
5895 }
5896
5897 #ifdef WITH_PROXY
5898 /*
5899 * They haven't defined a proxy listener. Automatically
5900 * add one for them, with the correct address family.
5901 */
create_default_proxy_listener(int af)5902 static void create_default_proxy_listener(int af)
5903 {
5904 uint16_t port = 0;
5905 home_server_t home;
5906 listen_socket_t *sock;
5907 rad_listen_t *this;
5908
5909 memset(&home, 0, sizeof(home));
5910
5911 /*
5912 * Open a default UDP port
5913 */
5914 home.proto = IPPROTO_UDP;
5915 port = 0;
5916
5917 /*
5918 * Set the address family.
5919 */
5920 home.src_ipaddr.af = af;
5921 home.ipaddr.af = af;
5922
5923 /*
5924 * Get the correct listener.
5925 */
5926 this = proxy_new_listener(proxy_ctx, &home, port);
5927 if (!this) {
5928 fr_exit_now(1);
5929 }
5930
5931 sock = this->data;
5932 if (!fr_packet_list_socket_add(proxy_list, this->fd,
5933 sock->proto,
5934 &sock->other_ipaddr, sock->other_port,
5935 this)) {
5936 ERROR("Failed adding proxy socket");
5937 fr_exit_now(1);
5938 }
5939
5940 /*
5941 * Insert the FD into list of FDs to listen on.
5942 */
5943 radius_update_listener(this);
5944 }
5945
5946 /*
5947 * See if we automatically need to open a proxy socket.
5948 */
check_proxy(rad_listen_t * head)5949 static void check_proxy(rad_listen_t *head)
5950 {
5951 bool defined_proxy;
5952 bool has_v4, has_v6;
5953 rad_listen_t *this;
5954
5955 if (check_config) return;
5956 if (!main_config.proxy_requests) {
5957 DEBUG3("Cannot proxy packets unless 'proxy_requests = yes'");
5958 return;
5959 }
5960 if (!head) return;
5961 #ifdef WITH_TCP
5962 if (!home_servers_udp) return;
5963 #endif
5964
5965 /*
5966 * We passed "-i" on the command line. Use that address
5967 * family for the proxy socket.
5968 */
5969 if (main_config.myip.af != AF_UNSPEC) {
5970 create_default_proxy_listener(main_config.myip.af);
5971 return;
5972 }
5973
5974 defined_proxy = has_v4 = has_v6 = false;
5975
5976 /*
5977 * Figure out if we need to open a proxy socket, and if
5978 * so, which one.
5979 */
5980 for (this = head; this != NULL; this = this->next) {
5981 listen_socket_t *sock;
5982
5983 switch (this->type) {
5984 case RAD_LISTEN_PROXY:
5985 defined_proxy = true;
5986 break;
5987
5988 case RAD_LISTEN_AUTH:
5989 #ifdef WITH_ACCT
5990 case RAD_LISTEN_ACCT:
5991 #endif
5992 #ifdef WITH_COA
5993 case RAD_LISTEN_COA:
5994 #endif
5995 sock = this->data;
5996 if (sock->my_ipaddr.af == AF_INET) has_v4 = true;
5997 if (sock->my_ipaddr.af == AF_INET6) has_v6 = true;
5998 break;
5999
6000 default:
6001 break;
6002 }
6003 }
6004
6005 /*
6006 * Assume they know what they're doing.
6007 */
6008 if (defined_proxy) return;
6009
6010 if (has_v4) create_default_proxy_listener(AF_INET);
6011
6012 if (has_v6) create_default_proxy_listener(AF_INET6);
6013 }
6014 #endif
6015
radius_event_start(CONF_SECTION * cs,bool have_children)6016 int radius_event_start(CONF_SECTION *cs, bool have_children)
6017 {
6018 rad_listen_t *head = NULL;
6019
6020 if (fr_start_time != (time_t)-1) return 0;
6021
6022 time(&fr_start_time);
6023
6024 if (!check_config) {
6025 /*
6026 * radius_event_init() must be called first
6027 */
6028 rad_assert(el);
6029
6030 pl = rbtree_create(NULL, packet_entry_cmp, NULL, 0);
6031 if (!pl) return 0; /* leak el */
6032 }
6033
6034 request_num_counter = 0;
6035
6036 #ifdef WITH_PROXY
6037 if (main_config.proxy_requests && !check_config) {
6038 /*
6039 * Create the tree for managing proxied requests and
6040 * responses.
6041 */
6042 proxy_list = fr_packet_list_create(1);
6043 if (!proxy_list) return 0;
6044
6045 #ifdef HAVE_PTHREAD_H
6046 if (pthread_mutex_init(&proxy_mutex, NULL) != 0) {
6047 ERROR("FATAL: Failed to initialize proxy mutex: %s",
6048 fr_syserror(errno));
6049 fr_exit(1);
6050 }
6051 #endif
6052
6053 /*
6054 * The "init_delay" is set to "response_window".
6055 * Reset it to half of "response_window" in order
6056 * to give the event loop enough time to service
6057 * the event before hitting "response_window".
6058 */
6059 main_config.init_delay.tv_usec += (main_config.init_delay.tv_sec & 0x01) * USEC;
6060 main_config.init_delay.tv_usec >>= 1;
6061 main_config.init_delay.tv_sec >>= 1;
6062
6063 proxy_ctx = talloc_init("proxy");
6064 }
6065 #endif
6066
6067 /*
6068 * Move all of the thread calls to this file?
6069 *
6070 * It may be best for the mutexes to be in this file...
6071 */
6072 spawn_flag = have_children;
6073
6074 #ifdef HAVE_PTHREAD_H
6075 NO_SUCH_CHILD_PID = pthread_self(); /* not a child thread */
6076
6077 /*
6078 * Initialize the threads ONLY if we're spawning, AND
6079 * we're running normally.
6080 */
6081 if (have_children && !check_config &&
6082 (thread_pool_init(cs, &spawn_flag) < 0)) {
6083 fr_exit(1);
6084 }
6085 #endif
6086
6087 if (check_config) {
6088 DEBUG("%s: #### Skipping IP addresses and Ports ####",
6089 main_config.name);
6090 if (listen_init(cs, &head, spawn_flag) < 0) {
6091 fflush(NULL);
6092 fr_exit(1);
6093 }
6094 return 1;
6095 }
6096
6097 #ifdef HAVE_PTHREAD_H
6098 /*
6099 * Child threads need a pipe to signal us, as do the
6100 * signal handlers.
6101 */
6102 if (pipe(self_pipe) < 0) {
6103 ERROR("Error opening internal pipe: %s", fr_syserror(errno));
6104 fr_exit(1);
6105 }
6106 if ((fcntl(self_pipe[0], F_SETFL, O_NONBLOCK) < 0) ||
6107 (fcntl(self_pipe[0], F_SETFD, FD_CLOEXEC) < 0)) {
6108 ERROR("Error setting internal flags: %s", fr_syserror(errno));
6109 fr_exit(1);
6110 }
6111 if ((fcntl(self_pipe[1], F_SETFL, O_NONBLOCK) < 0) ||
6112 (fcntl(self_pipe[1], F_SETFD, FD_CLOEXEC) < 0)) {
6113 ERROR("Error setting internal flags: %s", fr_syserror(errno));
6114 fr_exit(1);
6115 }
6116 DEBUG4("Created signal pipe. Read end FD %i, write end FD %i", self_pipe[0], self_pipe[1]);
6117
6118 if (!fr_event_fd_insert(el, 0, self_pipe[0], event_signal_handler, el)) {
6119 ERROR("Failed creating signal pipe handler: %s", fr_strerror());
6120 fr_exit(1);
6121 }
6122 #endif
6123
6124 DEBUG("%s: #### Opening IP addresses and Ports ####", main_config.name);
6125
6126 /*
6127 * The server temporarily switches to an unprivileged
6128 * user very early in the bootstrapping process.
6129 * However, some sockets MAY require privileged access
6130 * (bind to device, or to port < 1024, or to raw
6131 * sockets). Those sockets need to call suid up/down
6132 * themselves around the functions that need a privileged
6133 * uid.
6134 */
6135 if (listen_init(cs, &head, spawn_flag) < 0) {
6136 fr_exit_now(1);
6137 }
6138
6139 main_config.listen = head;
6140
6141 #ifdef WITH_PROXY
6142 check_proxy(head);
6143 #endif
6144
6145 /*
6146 * At this point, no one has any business *ever* going
6147 * back to root uid.
6148 */
6149 rad_suid_down_permanent();
6150
6151 return 1;
6152 }
6153
6154
6155 #ifdef WITH_PROXY
proxy_delete_cb(UNUSED void * ctx,void * data)6156 static int proxy_delete_cb(UNUSED void *ctx, void *data)
6157 {
6158 REQUEST *request = fr_packet2myptr(REQUEST, proxy, data);
6159
6160 VERIFY_REQUEST(request);
6161
6162 request->master_state = REQUEST_STOP_PROCESSING;
6163
6164 #ifdef HAVE_PTHREAD_H
6165 if (pthread_equal(request->child_pid, NO_SUCH_CHILD_PID) == 0) return 0;
6166 #endif
6167
6168 /*
6169 * If it's queued we can't delete it from the queue.
6170 *
6171 * Otherwise, it's OK to delete it. Even RUNNING, because
6172 * that will get caught by the check above.
6173 */
6174 if (request->child_state == REQUEST_QUEUED) return 0;
6175
6176 request->in_proxy_hash = false;
6177
6178 if (!request->in_request_hash) {
6179 request_done(request, FR_ACTION_CANCELLED);
6180 }
6181
6182 /*
6183 * Delete it from the list.
6184 */
6185 return 2;
6186 }
6187 #endif
6188
6189
request_delete_cb(UNUSED void * ctx,void * data)6190 static int request_delete_cb(UNUSED void *ctx, void *data)
6191 {
6192 REQUEST *request = fr_packet2myptr(REQUEST, packet, data);
6193
6194 VERIFY_REQUEST(request);
6195
6196 request->master_state = REQUEST_STOP_PROCESSING;
6197
6198 /*
6199 * Not done, or the child thread is still processing it.
6200 */
6201 if (request->child_state < REQUEST_RESPONSE_DELAY) return 0; /* continue */
6202
6203 #ifdef HAVE_PTHREAD_H
6204 if (pthread_equal(request->child_pid, NO_SUCH_CHILD_PID) == 0) return 0;
6205 #endif
6206
6207 #ifdef WITH_PROXY
6208 rad_assert(request->in_proxy_hash == false);
6209 #endif
6210
6211 request->in_request_hash = false;
6212 ASSERT_MASTER;
6213 if (request->ev) fr_event_delete(el, &request->ev);
6214
6215 if (main_config.memory_report) {
6216 RDEBUG2("Cleaning up request packet ID %u with timestamp +%d",
6217 request->packet->id,
6218 (unsigned int) (request->timestamp - fr_start_time));
6219 }
6220
6221 #ifdef WITH_COA
6222 if (request->coa) {
6223 rad_assert(!request->coa->in_proxy_hash);
6224 }
6225 #endif
6226
6227 request_free(request);
6228
6229 /*
6230 * Delete it from the list, and continue;
6231 */
6232 return 2;
6233 }
6234
6235
radius_event_free(void)6236 void radius_event_free(void)
6237 {
6238 ASSERT_MASTER;
6239
6240 #ifdef WITH_PROXY
6241 /*
6242 * There are requests in the proxy hash that aren't
6243 * referenced from anywhere else. Remove them first.
6244 */
6245 if (proxy_list) {
6246 fr_packet_list_walk(proxy_list, NULL, proxy_delete_cb);
6247 }
6248 #endif
6249
6250 rbtree_walk(pl, RBTREE_DELETE_ORDER, request_delete_cb, NULL);
6251
6252 if (spawn_flag) {
6253 /*
6254 * Now that all requests have been marked "please stop",
6255 * ensure that all of the threads have exited.
6256 */
6257 #ifdef HAVE_PTHREAD_H
6258 thread_pool_stop();
6259 #endif
6260
6261 /*
6262 * Walk the lists again, ensuring that all
6263 * requests are done.
6264 */
6265 if (main_config.memory_report) {
6266 int num;
6267
6268 #ifdef WITH_PROXY
6269 if (proxy_list) {
6270 fr_packet_list_walk(proxy_list, NULL, proxy_delete_cb);
6271 num = fr_packet_list_num_elements(proxy_list);
6272 if (num > 0) {
6273 ERROR("Proxy list has %d requests still in it.", num);
6274 }
6275 }
6276 #endif
6277
6278 rbtree_walk(pl, RBTREE_DELETE_ORDER, request_delete_cb, NULL);
6279 num = rbtree_num_elements(pl);
6280 if (num > 0) {
6281 ERROR("Request list has %d requests still in it.", num);
6282 }
6283 }
6284 }
6285
6286 rbtree_free(pl);
6287 pl = NULL;
6288
6289 #ifdef WITH_PROXY
6290 fr_packet_list_free(proxy_list);
6291 proxy_list = NULL;
6292
6293 if (proxy_ctx) talloc_free(proxy_ctx);
6294 #endif
6295
6296 TALLOC_FREE(el);
6297
6298 if (debug_condition) talloc_free(debug_condition);
6299 }
6300
radius_event_process(void)6301 int radius_event_process(void)
6302 {
6303 if (!el) return 0;
6304
6305 return fr_event_loop(el);
6306 }
6307