Use radiusport number from slapd.conf

739f6062 · Robert Dubner · b0b70c01 · 739f6062 · 739f6062
Commit 739f6062 authored Sep 10, 2021 by Robert Dubner
--- a/contrib/slapd-modules/radiusov/radiusov.c
+++ b/contrib/slapd-modules/radiusov/radiusov.c
 /* radiusov.c - radius-ldap overlay for slapd */
 /* radiusov.c - radius-ldap overlay for slapd */
+/* radiusov.c - radius-ldap overlay for slapd */
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
@@ -51,18 +52,11 @@ ldap_pvt_thread_mutex_t libradius_mutex;

 static int packet_eat_count = -5;

-typedef enum radius_ports
-    {
-    RADIUS_PORT_RADIUS = 1812, // FreeRADIUS accepts information from 1812 by default.
-    RADIUS_PORT_TEST_AND_DEVELOPMENT = 18129,
-    } radius_ports;
-
 // For initial development, this is a static list.  Eventually it will
 // be established from a configuration file or database
 static search_descriptor search_descriptors[] =
    {
        {
-        RADIUS_PORT_TEST_AND_DEVELOPMENT,
        "127.0.0.1",
        TEST_AND_DEVELOPMENT,
        LDAP_SCOPE_SUBTREE,
@@ -71,7 +65,6 @@ static search_descriptor search_descriptors[] =
        "",
        },
        {
-        RADIUS_PORT_TEST_AND_DEVELOPMENT,
        "10.0.1.250",
        RADIUS_PROTOCOL,
        LDAP_SCOPE_SUBTREE,
@@ -80,8 +73,7 @@ static search_descriptor search_descriptors[] =
        "testing123",
        },
        {
-        0,  // This entry ends the list
-        NULL,
+        NULL,  // This entry ends the list
        INVALID_SEARCH_METHOD,
        0,
        NULL,
@@ -551,16 +543,16 @@ radiusov_acceptconn(void *ctx, void *arg)

    // TODO:  Ultimately this should be a map, not a linear search.
    search_descriptor *sd = search_descriptors;
-    while( sd->our_port )
+    while( sd->client_ipa )
        {
-        if( sd->our_port == our_port && strcmp(sd->client_ipa, client_ipa) == 0 )
+        if( radius_info->radius_port_number == our_port && strcmp(sd->client_ipa, client_ipa) == 0 )
            {
            // We have a match on our port number and the client's IP address
            break;
            }
        sd += 1;
        }
-    if( sd->our_port == 0 )
+    if( !sd->client_ipa )
        {
        Debug(  LDAP_DEBUG_ANY,
                "radiusov: There is no search descriptor for %s and port %d\n",
@@ -777,12 +769,37 @@ radius_config_driver(ConfigArgs *config_args)
            __func__,
            (int)config_args->op,
            (int)config_args->type);
-    // slap_overinst *on = (slap_overinst *)config_args->bi;
-    // struct log_info *li = on->on_bi.bi_private;
+
+
+    slap_overinst *radiusov = (slap_overinst *)config_args->bi;
+    RADIUS_INFO *radius_info = radiusov->on_bi.bi_private;
+
+    switch(config_args->op)
+        {
+        case SLAP_CONFIG_ADD:
+            switch(config_args->type)
+                {
+                case RADIUS_PORT:
+                    Debug(  LDAP_DEBUG_ARGS,
+                            "  radiusport is %d\n",
+                            config_args->values.v_int);
+                    radius_info->radius_port_number = config_args->values.v_int;
+                    break;
+
+                case RADIUS_HOST:
+                    Debug(  LDAP_DEBUG_ARGS,
+                            "  radiushost is %s\n",
+                            config_args->values.v_string);
+                    strncpy(radius_info->radius_port_host,
+                            config_args->values.v_string,
+                            sizeof(radius_info->radius_port_host) );
+                    radius_info->radius_port_host[sizeof(radius_info->radius_port_host)-1] = '\0';
+                    break;
+                }
+            break;
+        }
+
    int rc = 0;
-    // slap_mask_t tmask = 0;
-    // char agebuf[2*STRLENOF("ddddd+hh:mm:ss  ")];
-    // struct berval agebv, cyclebv;

    return rc;
    }
@@ -856,12 +873,7 @@ radiusov_db_open(BackendDB *be, ConfigReply *cr)
    slap_overinst *radiusov = (slap_overinst *)be->bd_info;
    RADIUS_INFO *radius_info = radiusov->on_bi.bi_private;

-    int port_number = -1;
-
-    // Assume all of the search_descriptors reference the same
-    // UDP port for listening for RADIUS packets:
-
-    port_number = search_descriptors[0].our_port;
+    int port_number = radius_info->radius_port_number;

    if( port_number <= 0 || port_number > 65535 )
        {

--- a/contrib/slapd-modules/radiusov/radiusov.h
+++ b/contrib/slapd-modules/radiusov/radiusov.h
@@ -75,7 +75,7 @@ typedef struct _STATE
    uint8_t     peer_nt_response[24];
    uint8_t     nthashhash[MD4_DIGEST_LENGTH];
    uint8_t     md5_challenge[16];  // Magic number:  Yes, an MD5 challenge random sequence is sixteen bytes.
-    time_t      birthday;          // Birthdate, in Unix epoch seconds, of this state.
+    time_t      birthday;           // Birthdate, in Unix epoch seconds, of this state.

    SSL        *ssl;
    TLS_INFO    info;
@@ -104,6 +104,11 @@ typedef struct _STATE

 typedef struct _RADIUS_INFO
    {
+    // Parameters from slapd.conf:
+    int         radius_port_number;     // From slapd.conf
+    char        radius_port_host[256];  // From slapd.conf.  Usually 127.0.0.1, but
+    // we leave room for a fully qualified domain name
+
    int radius_udp_socket;
    Connection *radius_connection;
    BackendDB *radius_db;
@@ -121,7 +126,6 @@ typedef enum _search_methods

 typedef struct _search_descriptor
    {
-    int our_port;
    char *client_ipa;
    search_methods search_method;
    int search_scope;