radsecproxy · Mino5531 · May 30, 2021 · May 30, 2021 · May 30, 2021 · Jun 2, 2021
diff --git a/.gitignore b/.gitignore
diff --git a/AUTHORS b/AUTHORS
diff --git a/ChangeLog b/ChangeLog
diff --git a/INSTALL b/INSTALL
diff --git a/LICENSE b/LICENSE
diff --git a/Makefile.am b/Makefile.am
@@ -28,7 +28,8 @@ librsp_a_SOURCES = \
 	tlscommon.c tlscommon.h \
 	tlv11.c tlv11.h \
 	udp.c udp.h \
-	util.c util.h
+	util.c util.h \
+	rad-dns/rad-dns.c rad-dns/rad-dns.h 
 
 radsecproxy_conf_SOURCES = \
 	catgconf.c \

diff --git a/NEWS b/NEWS
diff --git a/README b/README
diff --git a/THANKS b/THANKS
diff --git a/acinclude.m4 b/acinclude.m4
diff --git a/catgconf.c b/catgconf.c
diff --git a/configure.ac b/configure.ac
@@ -57,7 +57,9 @@ AC_ARG_ENABLE(dtls,
 
 AC_CHECK_LIB([nettle], [nettle_sha256_init],,
     [AC_MSG_ERROR([required library nettle not found])])
-
+AC_CHECK_LIB([cares], [ares_library_init],,
+    [AC_MSG_ERROR([required library c-ares not found])])
+
 dnl Check if we're on Solaris and set CFLAGS accordingly
 AC_CANONICAL_TARGET
 case "${target_os}" in

diff --git a/debug.c b/debug.c
diff --git a/debug.h b/debug.h
diff --git a/develdoc.txt b/develdoc.txt
diff --git a/dtls.c b/dtls.c
diff --git a/dtls.h b/dtls.h
diff --git a/fticks.c b/fticks.c
diff --git a/fticks.h b/fticks.h
diff --git a/fticks_hashmac.c b/fticks_hashmac.c
diff --git a/fticks_hashmac.h b/fticks_hashmac.h
diff --git a/gconfig.c b/gconfig.c
@@ -74,10 +74,10 @@ FILE *pushgconffile(struct gconffile **cf, FILE *file, const char *description)
     char *desc;
 
     if (!file) {
-        debug(DBG_INFO, "could not read config from %s", description);
+        debug(DBG_INFO, "could not read config from %s",description);
 	return NULL;
     }
-    debug(DBG_DBG, "reading config from %s", description);
+    debug(DBG_DBG, "reading config from %s",description);
 
     desc = stringcopy(description, 0);
     if (!desc)

diff --git a/gconfig.h b/gconfig.h
diff --git a/hash.c b/hash.c
diff --git a/hash.h b/hash.h
diff --git a/hostport.c b/hostport.c
diff --git a/hostport.h b/hostport.h
diff --git a/list.c b/list.c
diff --git a/list.h b/list.h
diff --git a/main.c b/main.c
diff --git a/rad-dns/rad-dns.c b/rad-dns/rad-dns.c
@@ -0,0 +1,202 @@
+/* Copyright (c) 2021, Long Yang Paffrath <paffrath@yangnet.de>*/
+/* See LICENSE for licensing information */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <stdbool.h>
+#include "rad-dns.h"
+
+void naptr_callback(void *arg, int status, int timeouts, unsigned char *abuf, int alen)
+{
+    struct naptr_callback_data *data = (struct naptr_callback_data *)arg;
+    if (status == ARES_SUCCESS)
+    {
+        struct ares_naptr_reply *reply;
+        ares_parse_naptr_reply(abuf, alen, &reply);
+        data->ptr = reply;
+        while (reply != NULL)
+        {
+            if (!strncmp((char *)reply->service, data->service_tag, strlen(data->service_tag) + 1))
+            {
+                data->msg = (char **)reply->replacement;
+                data->empty = false;
+                return;
+            }
+            reply = reply->next;
+        }
+        return;
+    }
+}
+
+void srv_callback(void *arg, int status, int timeouts, unsigned char *abuf, int alen)
+{
+    struct srv_callback_data *data = (struct srv_callback_data *)arg;
+    int i, j;
+    unsigned short key;
+    if (status == ARES_SUCCESS)
+    {
+        struct ares_srv_reply *reply;
+        ares_parse_srv_reply(abuf, alen, &reply);
+        data->ptr = reply;
+        size_t count = 0;
+        size_t largest_string = 40;
+        struct ares_srv_reply *tmp_reply = reply;
+        while (tmp_reply != NULL)
+        {
+            count++;
+            tmp_reply = tmp_reply->next;
+        }
+        char **hosts = malloc(count * sizeof(char*));
+        unsigned short **ports = malloc(count * sizeof(char*));
+        unsigned short priority[count];
+        tmp_reply = reply;
+        for (i = 0; i < count; i++)
+        {
+            hosts[i] = tmp_reply->host;
+            ports[i] = &tmp_reply->port;
+            priority[i] = tmp_reply->weight;
+            tmp_reply = tmp_reply->next;
+        }
+        char *host_key;
+        unsigned short *ports_key;
+        for (i = 1; i < count; i++)
+        {
+            key = priority[i];
+            host_key = hosts[i];
+            ports_key = ports[i];
+            j = i - 1;
+
+            while (j >= 0 && priority[j] > key)
+            {
+                priority[j + 1] = priority[j];
+                hosts[j + 1] = hosts[j];
+                ports[j + 1] = ports[j];
+                j = j - 1;
+            }
+            priority[j + 1] = key;
+            hosts[j + 1] = host_key;
+            ports[j + 1] = ports_key;
+        }
+
+        data->msg = hosts;
+        data->ports = ports;
+        data->count = count;
+        data->str_len = largest_string;
+        data->empty = false;
+    }
+}
+
+void wait_ares(ares_channel channel)
+{
+    for (;;)
+    {
+        struct timeval *tvp, tv;
+        fd_set read_fds, write_fds;
+        int nfds;
+
+        FD_ZERO(&read_fds);
+        FD_ZERO(&write_fds);
+        nfds = ares_fds(channel, &read_fds, &write_fds);
+        if (nfds == 0)
+        {
+            break;
+        }
+        tvp = ares_timeout(channel, NULL, &tv);
+        select(nfds, &read_fds, &write_fds, NULL, tvp);
+        ares_process(channel, &read_fds, &write_fds);
+    }
+}
+
+int init_ares()
+{
+    if (ares_library_init(ARES_LIB_INIT_ALL) != 0)
+    {
+        return -1;
+    }
+    return 0;
+}
+
+int dns_main(char *host, char *servicetag, int fd1)
+{
+    int i;
+    if (ares_library_initialized() != ARES_SUCCESS)
+    {
+        return -1;
+    }
+    ares_channel channel;
+    struct ares_options options;
+    int optmask = 0;
+    options.timeout = 5;
+    optmask |= ARES_OPT_TIMEOUT;
+
+    if (ares_init_options(&channel, &options, optmask) != ARES_SUCCESS)
+    {
+        return -1;
+    }
+    struct naptr_callback_data *naptr_data = malloc(sizeof *naptr_data);
+    naptr_data->empty = true;
+    naptr_data->service_tag = servicetag;
+    struct srv_callback_data *srv_data = malloc(sizeof *srv_data);
+    srv_data->empty = true;
+    ares_query(channel, host, ns_c_in, ns_t_naptr, &naptr_callback, naptr_data);
+    wait_ares(channel);
+    if (naptr_data->empty)
+    {
+        free(naptr_data);
+        free(srv_data);
+        return -1;
+    }
+    ares_query(channel, (char *)naptr_data->msg, ns_c_in, ns_t_srv, &srv_callback, srv_data);
+    wait_ares(channel);
+    if (srv_data->empty)
+    {
+        free(naptr_data);
+        free(srv_data);
+        return -1;
+    }
+    char buffer[srv_data->count * srv_data->str_len + 255];
+    int cx = 0;
+    cx += snprintf(buffer, srv_data->count * srv_data->str_len + 255, "server dynamic_radsec.%s {\n", host);
+    for (i = 0; i < srv_data->count; i++)
+    {
+        cx += snprintf(buffer + cx, srv_data->count * srv_data->str_len + 255 - cx, "\thost %s:%hu\n", srv_data->msg[i], *srv_data->ports[i]);
+    }
+    snprintf(buffer + cx, srv_data->count * srv_data->str_len + 255 - cx, "\ttype TLS\n}\n");
+
+    if (write(fd1, buffer, strlen(buffer)) == -1)
+    {
+        free(srv_data->msg);
+        free(srv_data->ports);
+
+        ares_free_data(naptr_data->ptr);
+        ares_free_data(srv_data->ptr);
+
+        free(naptr_data);
+        free(srv_data);
+        ares_destroy(channel);
+        return -1;
+    }
+
+    //cleanup
+    free(srv_data->msg);
+    free(srv_data->ports);
+
+    ares_free_data(naptr_data->ptr);
+    ares_free_data(srv_data->ptr);
+
+    free(naptr_data);
+    free(srv_data);
+    ares_destroy(channel);
+
+    return 0;
+}
diff --git a/rad-dns/rad-dns.h b/rad-dns/rad-dns.h
@@ -0,0 +1,44 @@
+/* Copyright (c) 2021, Long Yang Paffrath <paffrath@yangnet.de>*/
+/* See LICENSE for licensing information */
+
+#ifndef _RAD_DNS_H
+#define _RAD_DNS_H
+
+#include <ares.h>
+#include <stdbool.h>
+
+struct naptr_callback_data
+{
+    /*true if there is not data to read*/
+    bool empty;
+    /*service tag to filter for*/
+    char *service_tag;
+    /*string or array of strings*/
+    char **msg;
+    /*pointer to ares object for later freeing*/
+    void *ptr;
+};
+
+struct srv_callback_data
+{
+    /*true if there is no other data to read.*/
+    bool empty;
+    /*string or array of strings*/
+    char **msg;
+    /*array of ports*/
+    unsigned short **ports;
+    /*pointer to ares object for later freeing*/
+    void *ptr;
+    /*count of array if msg is an array ignore if not*/
+    size_t count;
+    /*max len of string in msg*/
+    size_t str_len;
+};
+
+int dns_main(char *host, char *servicetag, int fd1);
+int init_ares();
+void wait_ares(ares_channel channel);
+void srv_callback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
+void naptr_callback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
+
+#endif
diff --git a/radmsg.c b/radmsg.c
diff --git a/radmsg.h b/radmsg.h
diff --git a/radsecproxy-hash.8 b/radsecproxy-hash.8
diff --git a/radsecproxy-hash.c b/radsecproxy-hash.c
diff --git a/radsecproxy.8.in b/radsecproxy.8.in