Create UDP port from slapd.conf parameters

contrib/slapd-modules/radiusov/radiusov.c

@@ -180,18 +180,18 @@ radiusov_generalized_callback(Operation *op, SlapReply *rs)
                     // We found our result last time through, so we can leave
                     break;
                     }
-                Debug(LDAP_DEBUG_TRACE, "  There is an e_attrs[] value\n");
+                //Debug(LDAP_DEBUG_TRACE, "  There is an e_attrs[] value\n");
                 for( i = 0; a->a_nvals[i].bv_val != NULL; i++ )
                     {
                     BerValue *ber_name;
                     BerValue *ber_attr;
                     ber_name = &a->a_desc[i].ad_cname;
                     ber_attr = &a->a_nvals[i];
-                    Debug(LDAP_DEBUG_TRACE, "    There is an a_nval[%d] ber_name %s\n", i, ber_name->bv_val);
+                    //Debug(LDAP_DEBUG_TRACE, "    There is an a_nval[%d] ber_name %s\n", i, ber_name->bv_val);
                     if(     ber_name->bv_len == strlen(desired_attribute->attribute_name)
                             &&  memcmp(ber_name->bv_val, desired_attribute->attribute_name, ber_name->bv_len) == 0 )
                         {
-                        Debug(LDAP_DEBUG_TRACE, "      Found you, my pretty!\n");
+                        //Debug(LDAP_DEBUG_TRACE, "      Found you, my pretty!\n");
                         size_t to_be_copied = ber_attr->bv_len;
                         if( desired_attribute->len-1 < to_be_copied )
                             {
@@ -634,13 +634,29 @@ radiusov_acceptconn(void *ctx, void *arg)
     }
 
 static void
-radiusov_create_udp_port(BackendDB *be, ConfigReply *cr, int port_number)
+radiusov_create_udp_port(   BackendDB *be,
+                            ConfigReply *cr,
+                            int port_number,
+                            const char *port_host)
     {
     Debug(  LDAP_DEBUG_TRACE,
-            "=> %s(): Will listen for RADIUS packets on UDP port %d\n",
+            "=> %s(): Will listen for RADIUS packets on UDP port %s:%d\n",
             __func__,
+            port_host,
             port_number);
 
+    // At the present time, port_host needs to be a dotted quad number.
+
+    // "0.0.0.0" is the equivalent of INADDR_ANY
+    // "127.0.0.1" is not equivalent; see man ip(7).  It is the local
+    // loopback, which means that only connections from the machine will be
+    // made.
+
+    // At some point we should see if port_host is a fully qualified domain name,
+    // and convert it to an IP address.  Dubner thinks this is a bad idea, and
+    // that even in a multi-homed server it makes sense to use explicit values.
+    // But he may not have the last word on this.
+
     slap_overinst *radiusov = (slap_overinst *)be->bd_info;
     RADIUS_INFO *radius_info = radiusov->on_bi.bi_private;
 
@@ -662,7 +678,18 @@ radiusov_create_udp_port(BackendDB *be, ConfigReply *cr, int port_number)
 
     // assign IP, PORT
     server_addr.sin_family = AF_INET;
-    server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    //server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    int rc = inet_aton(port_host, (struct in_addr *)&server_addr.sin_addr.s_addr);
+    if ( rc == 0 )
+        {
+        int saved_errno = errno;
+        Debug(  LDAP_DEBUG_ANY,
+                "%s(): inet_aton() failed: %s\n",
+                __func__,
+                AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+        exit(1);
+        }
+
     server_addr.sin_port = htons(port_number);
 
     // Binding newly created socket to given IP and verification
@@ -770,7 +797,6 @@ radius_config_driver(ConfigArgs *config_args)
             (int)config_args->op,
             (int)config_args->type);
 
-
     slap_overinst *radiusov = (slap_overinst *)config_args->bi;
     RADIUS_INFO *radius_info = radiusov->on_bi.bi_private;
 
@@ -830,6 +856,9 @@ radiusov_db_init(   BackendDB *be,
     radius_info->openssl_states = (STATE *)ch_calloc(1, sizeof(STATE) );
     memset(radius_info->openssl_states, 0, sizeof(STATE) );
 
+    radius_info->radius_port_number     = DEFAULT_RADIUS_PORT;
+    strcpy(radius_info->radius_port_host, DEFAULT_RADIUS_HOST);
+
     return 0;
     }
 
@@ -873,15 +902,14 @@ radiusov_db_open(BackendDB *be, ConfigReply *cr)
     slap_overinst *radiusov = (slap_overinst *)be->bd_info;
     RADIUS_INFO *radius_info = radiusov->on_bi.bi_private;
 
-    int port_number = radius_info->radius_port_number;
-
-    if( port_number <= 0 || port_number > 65535 )
+    if(     radius_info->radius_port_number <= 0
+            ||  radius_info->radius_port_number > 65535 )
         {
         Debug(  LDAP_DEBUG_ANY,
                 "%s(): The first search_descriptor specifies RADIUS "
                 "port %d, which makes no sense\n",
                 __func__,
-                port_number);
+                radius_info->radius_port_number);
         return 1;
         }
 
@@ -939,7 +967,8 @@ radiusov_db_open(BackendDB *be, ConfigReply *cr)
 
         radiusov_create_udp_port(   be,
                                     cr,
-                                    port_number);
+                                    radius_info->radius_port_number,
+                                    radius_info->radius_port_host);
         ldap_free_urldesc( lud );
         }
 

contrib/slapd-modules/radiusov/radiusov.h

@@ -52,6 +52,12 @@
 
 #define STATE_LIFETIME_IN_SECONDS 120
 
+#define DEFAULT_RADIUS_PORT 1812        // This is the well-known RADIUS server port
+#define DEFAULT_RADIUS_HOST "1.2.3.4"   // 0.0.0.0 is the equivalent of INADDR_ANY
+// 127.0.0.1 is *not* equivalent.  It is the
+// Loopback IP address, which means that requests
+// from outside the local server will be ignored.
+
 typedef struct _STATE_VOLATILES
     {
     void                        *ctx;