自学教程：C++ DEBUG2函数代码示例

/* *	The S flag is set only within the EAP-TLS start message sent *	from the EAP server to the peer. * *	Similarly, when the EAP server receives an EAP-Response with *	the M bit set, it MUST respond with an EAP-Request with *	EAP-Type=EAP-TLS and no data. This serves as a fragment *	ACK. The EAP peer MUST wait. */static eaptls_status_t eaptls_verify(EAP_HANDLER *handler){	EAP_DS *eap_ds = handler->eap_ds;	EAP_DS *prev_eap_ds = handler->prev_eapds;	eaptls_packet_t	*eaptls_packet, *eaptls_prev = NULL;	REQUEST *request = handler->request;	/*	 *	We don't check ANY of the input parameters.  It's all	 *	code which works together, so if something is wrong,	 *	we SHOULD core dump.	 *	 *	e.g. if eap_ds is NULL, of if eap_ds->response is	 *	NULL, of if it's NOT an EAP-Response, or if the packet	 *	is too short.  See eap_validation()., in ../../eap.c	 *	 *	Also, eaptype_select() takes care of selecting the	 *	appropriate type, so we don't need to check	 *	eap_ds->response->type.type == PW_EAP_TLS, or anything	 *	else.	 */	eaptls_packet = (eaptls_packet_t *)eap_ds->response->type.data;	if (prev_eap_ds && prev_eap_ds->response)		eaptls_prev = (eaptls_packet_t *)prev_eap_ds->response->type.data;	/*	 *	check for ACK	 *	 *	If there's no TLS data, or there's 1 byte of TLS data,	 *	with the flags set to zero, then it's an ACK.	 *	 *	Find if this is a reply to the previous request sent	 */	if ((eaptls_packet == NULL) ||	    ((eap_ds->response->length == EAP_HEADER_LEN + 2) &&	     ((eaptls_packet->flags & 0xc0) == 0x00))) {#if 0		/*		 *	Un-comment this for TLS inside of TTLS/PEAP		 */		RDEBUG2("Received EAP-TLS ACK message");		return eaptls_ack_handler(handler);#else		if (prev_eap_ds &&		    (prev_eap_ds->request->id == eap_ds->response->id)) {			/*			 *	Run the ACK handler directly from here.			 */			RDEBUG2("Received TLS ACK");			return eaptls_ack_handler(handler);		} else {			radlog_request(L_ERR, 0, request, "Received Invalid TLS ACK");			return EAPTLS_INVALID;		}#endif	}	/*	 *	We send TLS_START, but do not receive it.	 */	if (TLS_START(eaptls_packet->flags)) {		RDEBUG("Received unexpected EAP-TLS Start message");		return EAPTLS_INVALID;	}	/*	 *	The L bit (length included) is set to indicate the	 *	presence of the four octet TLS Message Length field,	 *	and MUST be set for the first fragment of a fragmented	 *	TLS message or set of messages.	 *	 *	The M bit (more fragments) is set on all but the last	 *	fragment.	 *	 *	The S bit (EAP-TLS start) is set in an EAP-TLS Start	 *	message. This differentiates the EAP-TLS Start message	 *	from a fragment acknowledgement.	 */	if (TLS_LENGTH_INCLUDED(eaptls_packet->flags)) {		DEBUG2("  TLS Length %d",		       eaptls_packet->data[2] * 256 | eaptls_packet->data[3]);		if (TLS_MORE_FRAGMENTS(eaptls_packet->flags)) {			/*			 * FIRST_FRAGMENT is identified			 * 1. If there is no previous EAP-response received.			 * 2. If EAP-response received, then its M bit not set.			 * 	(It is because Last fragment will not have M bit set)			 */			if (!prev_eap_ds ||			    (prev_eap_ds->response == NULL) ||//.........这里部分代码省略.........

//.........这里部分代码省略.........		{		    Entry *c_ij, *l_is ;		    c_ij = & C [j*d] ;		    l_is = & L [0] ;#pragma ivdep		    for (i = 0 ; i < m ; i++)		    {			/* C [i+j*d]-= L [i] * U [j] */			MULT_SUB (*c_ij, *l_is, u_j) ;			c_ij++ ;			l_is++ ;		    }		}	    }	}    }    else    {	/* triangular solve to update the U block */#ifndef NBLAS	BLAS_TRSM_RIGHT (n, k, LU, nb, U, dc) ;#endif	if (!blas_ok)	{	    /* use plain C code if no BLAS at compile time, or if integer	     * overflow has occurred */	    for (s = 0 ; s < k ; s++)	    {		for (i = s+1 ; i < k ; i++)		{		    Entry l_is = LU [i+s*nb] ;		    if (IS_NONZERO (l_is))		    {			Entry *u_ij, *u_sj ;			u_ij = & U [i*dc] ;			u_sj = & U [s*dc] ;#pragma ivdep			for (j = 0 ; j < n ; j++)			{			    /* U [i*dc+j] -= LU [i+s*nb] * U [s*dc+j] ; */			    MULT_SUB (*u_ij, l_is, *u_sj) ;			    u_ij++ ;			    u_sj++ ;			}		    }		}	    }	}	/* rank-k outer product to update the C block */	/* C = C - L*U' (U is stored by rows, not columns) */#ifndef NBLAS	BLAS_GEMM (m, n, k, L, U, dc, C, d) ;#endif	if (!blas_ok)	{	    /* use plain C code if no BLAS at compile time, or if integer	     * overflow has occurred */	    for (s = 0 ; s < k ; s++)	    {		for (j = 0 ; j < n ; j++)		{		    Entry u_sj = U [j+s*dc] ;		    if (IS_NONZERO (u_sj))		    {			Entry *c_ij, *l_is ;			c_ij = & C [j*d] ;			l_is = & L [s*d] ;#pragma ivdep			for (i = 0 ; i < m ; i++)			{			    /* C [i+j*d]-= L [i+s*d] * U [s*dc+j] */			    MULT_SUB (*c_ij, *l_is, u_sj) ;			    c_ij++ ;			    l_is++ ;			}		    }		}	    }	}    }#ifndef NDEBUG    DEBUG5 (("RANK-NB UPDATE of frontal done:/n")) ;    DEBUG5 (("DGEMM : "ID" "ID" "ID"/n", k, m, n)) ;    DEBUG7 (("C  block: ")) ; UMF_dump_dense (C,  d, m, n) ;    DEBUG7 (("A  block: ")) ; UMF_dump_dense (L,  d, m, k) ;    DEBUG7 (("B' block: ")) ; UMF_dump_dense (U, dc, n, k) ;    DEBUG7 (("LU block: ")) ; UMF_dump_dense (LU, nb, k, k) ;#endif    DEBUG2 (("blas3 "ID" "ID" "ID"/n", k, Work->fnrows, Work->fncols)) ;}

GLOBAL void UMF_garbage_collection(    NumericType *Numeric,    WorkType *Work,    Int drnew,	    /* compact current front to drnew-by-dcnew */    Int dcnew,    Int do_Fcpos){    /* ---------------------------------------------------------------------- */    /* local variables */    /* ---------------------------------------------------------------------- */    Int size, e, n_row, n_col, nrows, ncols, nrowsleft, ncolsleft, prevsize,	csize, size2, i2, j2, i, j, cdeg, rdeg, *E, row, col,	*Rows, *Cols, *Rows2, *Cols2, nel, e2, *Row_tuples, *Col_tuples,	*Row_degree, *Col_degree ;    Entry *C, *C1, *C3, *C2 ;    Unit *psrc, *pdest, *p, *pnext ;    Element *epsrc, *epdest ;#ifndef NDEBUG    Int nmark ;#endif    /* ---------------------------------------------------------------------- */    /* get parameters */    /* ---------------------------------------------------------------------- */    Col_degree = Numeric->Cperm ;	/* for NON_PIVOTAL_COL macro */    Row_degree = Numeric->Rperm ;	/* for NON_PIVOTAL_ROW macro */    Row_tuples = Numeric->Uip ;    Col_tuples = Numeric->Lip ;    E = Work->E ;    n_row = Work->n_row ;    n_col = Work->n_col ;    /* note that the tuple lengths (Col_tlen and Row_tlen) are updated, but */    /* the tuple lists themselves are stale and are about to be destroyed */    /* and recreated.  Do not attempt to scan them until they are recreated. */#ifndef NDEBUG    DEBUGm1 (("::::GARBAGE COLLECTION::::/n")) ;    UMF_dump_memory (Numeric) ;#endif    Numeric->ngarbage++ ;    /* ---------------------------------------------------------------------- */    /* delete the tuple lists by marking the blocks as free */    /* ---------------------------------------------------------------------- */    /* do not modify Row_tlen and Col_tlen */    /* those are needed for UMF_build_tuples */    for (row = 0 ; row < n_row ; row++)    {	if (NON_PIVOTAL_ROW (row) && Row_tuples [row])	{	    DEBUG2 (("row "ID" tuples "ID"/n", row, Row_tuples [row])) ;	    p = Numeric->Memory + Row_tuples [row] - 1 ;	    DEBUG2 (("Freeing tuple list row "ID", p-S "ID", size "ID"/n",		row, (Int) (p-Numeric->Memory), p->header.size)) ;	    ASSERT (p->header.size > 0) ;	    ASSERT (p >= Numeric->Memory + Numeric->itail) ;	    ASSERT (p < Numeric->Memory + Numeric->size) ;	    p->header.size = -p->header.size ;	    Row_tuples [row] = 0 ;	}    }    for (col = 0 ; col < n_col ; col++)    {	if (NON_PIVOTAL_COL (col) && Col_tuples [col])	{	    DEBUG2 (("col "ID" tuples "ID"/n", col, Col_tuples [col])) ;	    p = Numeric->Memory + Col_tuples [col] - 1 ;	    DEBUG2 (("Freeing tuple list col "ID", p-S "ID", size "ID"/n",		col, (Int) (p-Numeric->Memory), p->header.size)) ;	    ASSERT (p->header.size > 0) ;	    ASSERT (p >= Numeric->Memory + Numeric->itail) ;	    ASSERT (p < Numeric->Memory + Numeric->size) ;	    p->header.size = -p->header.size ;	    Col_tuples [col] = 0 ;	}    }    /* ---------------------------------------------------------------------- */    /* mark the elements, and compress the name space */    /* ---------------------------------------------------------------------- */    nel = Work->nel ;    ASSERT (nel < Work->elen) ;#ifndef NDEBUG    nmark = 0 ;    UMF_dump_current_front (Numeric, Work, FALSE) ;    DEBUGm1 (("E [0] "ID"  /n", E [0])) ;    ASSERT (IMPLIES (E [0],		Work->Flublock == (Entry *) (Numeric->Memory + E [0]))) ;//.........这里部分代码省略.........

//.........这里部分代码省略.........			 *	Add the value of the index attribute as the next			 *	OID component.			 */			len = snprintf(p, end - p, ".%i.", vp->vp_uint32);			if (is_truncated(len, end - p)) goto oob;			p += len;			/*			 *	Set the parent to be the attribute representing			 *	the entry.			 */			parent = fr_dict_attr_child_by_num(vp->da->parent, 1);			continue;		}		/*		 *	Actual TLV attribute		 */		slen = fr_dict_print_attr_oid(p, end - p, parent, vp->da);		if (slen < 0) return -1;		/*		 *	Next attribute should be the type		 */		type_vp = fr_cursor_next(&cursor);		if (!type_vp || (type_vp->da != type)) {			fr_strerror_printf("No %s found in response, or occurred out of order", type->name);			return -1;		}		type_len = fr_pair_value_snprint(type_buff, sizeof(type_buff), type_vp, '/0');		/*		 *	Build up the vector		 *		 *	This represents output for a single varbind attribute		 */		io_vector[0].iov_base = oid_buff;		io_vector[0].iov_len = strlen(oid_buff);		io_vector[1].iov_base = newline;		io_vector[1].iov_len = 1;		io_vector[2].iov_base = type_buff;		io_vector[2].iov_len = type_len;		io_vector[3].iov_base = newline;		io_vector[3].iov_len = 1;		switch (vp->vp_type) {		case FR_TYPE_OCTETS:			memcpy(&io_vector[4].iov_base, &vp->vp_strvalue, sizeof(io_vector[4].iov_base));			io_vector[4].iov_len = vp->vp_length;			break;		case FR_TYPE_STRING:			memcpy(&io_vector[4].iov_base, &vp->vp_strvalue, sizeof(io_vector[4].iov_base));			io_vector[4].iov_len = vp->vp_length;			break;		default:			/*			 *	We call fr_value_box_snprint with a NULL da pointer			 *	because we always need return integer values not			 *	value aliases.			 */			len = fr_value_box_snprint(value_buff, sizeof(value_buff), &vp->data, '/0');			if (is_truncated(len, sizeof(value_buff))) {				fr_strerror_printf("Insufficient fixed value buffer");				return -1;			}			io_vector[4].iov_base = value_buff;			io_vector[4].iov_len = len;			break;		}		io_vector[5].iov_base = newline;		io_vector[5].iov_len = 1;		DEBUG2("said: %s", (char *)io_vector[0].iov_base);		DEBUG2("said: %s", (char *)io_vector[2].iov_base);		DEBUG2("said: %s", (char *)io_vector[4].iov_base);		if (writev(fd, io_vector, sizeof(io_vector) / sizeof(*io_vector)) < 0) {			fr_strerror_printf("Failed writing varbind result: %s", fr_syserror(errno));			return -1;		}		/*		 *	Reset in case we're encoding multiple values		 */		parent = root;		p = oid_buff;		type_buff[0] = '/0';		written++;	}	if (!written && (write(fd, "NONE/n", 5)) < 0) {		fr_strerror_printf("Failed writing get response: %s", fr_syserror(errno));		return -1;	}	return written;}

//.........这里部分代码省略.........			      (*p < ' ')) {			       *p = '/0';			       --p;		       }		       if (strlen(filesecret) < 2) {			       fprintf(stderr, "radclient: Secret in %s is too short/n", optarg);			       exit(1);		       }		       secret = filesecret;		       break;		case 'h':		default:			usage();			break;		}	}	argc -= (optind - 1);	argv += (optind - 1);	if ((argc < 3)  ||	    ((!secret) && (argc < 4))) {		usage();	}	if (!mainconfig.dictionary_dir) {		mainconfig.dictionary_dir = DICTDIR;	}	/*	 *	Read the distribution dictionaries first, then	 *	the ones in raddb.	 */	DEBUG2("including dictionary file %s/%s", mainconfig.dictionary_dir, RADIUS_DICTIONARY);	if (dict_init(mainconfig.dictionary_dir, RADIUS_DICTIONARY) != 0) {		ERROR("Errors reading dictionary: %s",		      fr_strerror());		exit(1);	}	/*	 *	It's OK if this one doesn't exist.	 */	int rcode = dict_read(radius_dir, RADIUS_DICTIONARY);	if (rcode == -1) {		ERROR("Errors reading %s/%s: %s", radius_dir, RADIUS_DICTIONARY,		      fr_strerror());		exit(1);	}	/*	 *	We print this after reading it.  That way if	 *	it doesn't exist, it's OK, and we don't print	 *	anything.	 */	if (rcode == 0) {		DEBUG2("including dictionary file %s/%s", radius_dir, RADIUS_DICTIONARY);	}	req = rad_alloc(NULL, 1);	if (!req) {		fr_perror("radclient");		exit(1);	}#if 0

//.........这里部分代码省略.........	{	    if (NON_PIVOTAL_COL (col))	    {		Cperm [col] = ONES_COMPLEMENT (k) ;		DEBUGm3 (("Singular col "ID" is k: "ID" pivot row/n", col, k)) ;		ASSERT (!NON_PIVOTAL_COL (col)) ;		Upos [col] = EMPTY ;		Lip [col] = EMPTY ;		Lilen [col] = 0 ;		k++ ;	    }	}	ASSERT (k == n_col) ;    }    if (npiv < n_inner)    {	/* finalize the diagonal of U */	DEBUGm3 (("Diag of U is zero, "ID" to "ID"/n", npiv, n_inner-1)) ;	for (k = npiv ; k < n_inner ; k++)	{	    CLEAR (D [k]) ;	}    }    /* save the pattern of the last row of U */    if (Numeric->ulen > 0)    {	DEBUGm3 (("Last row of U is not empty/n")) ;	Numeric->Upattern = Work->Upattern ;	Work->Upattern = (Int *) NULL ;    }    DEBUG2 (("Nnzpiv: "ID"  npiv "ID"/n", Numeric->nnzpiv, npiv)) ;    ASSERT (Numeric->nnzpiv <= npiv) ;    if (Numeric->nnzpiv < n_inner && !SCALAR_IS_NAN (Numeric->min_udiag))    {	/* the rest of the diagonal is zero, so min_udiag becomes 0,	 * unless it is already NaN. */	Numeric->min_udiag = 0.0 ;    }    /* ---------------------------------------------------------------------- */    /* size n_row, n_col workspaces that can be used here: */    /* ---------------------------------------------------------------------- */    Frpos = Work->Frpos ;	/* of size n_row+1 */    Fcpos = Work->Fcpos ;	/* of size n_col+1 */    Wp = Work->Wp ;		/* of size MAX(n_row,n_col)+1 */    /* Work->Upattern ;		cannot be used (in Numeric) */    Wr = Work->Lpattern ;	/* of size n_row+1 */    Wc = Work->Wrp ;		/* of size n_col+1 or bigger */    /* ---------------------------------------------------------------------- */    /* construct Rperm from inverse permutations */    /* ---------------------------------------------------------------------- */    /* use Frpos for temporary copy of inverse row permutation [ */    for (pivrow = 0 ; pivrow < n_row ; pivrow++)    {	k = Rperm [pivrow] ;	ASSERT (k < 0) ;	k = ONES_COMPLEMENT (k) ;	ASSERT (k >= 0 && k < n_row) ;	Wp [k] = pivrow ;

/* *	Parse the module config sections, and load *	and call each module's init() function. * *	Libtool makes your life a LOT easier, especially with libltdl. *	see: http://www.gnu.org/software/libtool/ */int setup_modules(void){	int comp;	CONF_SECTION *cs;	/*	 *  FIXME: This should be pulled from somewhere else.	 */	const char *filename="radiusd.conf";	/*	 *	No current list of modules: Go initialize libltdl.	 */	if (!module_list) {		/*		 *	Set the default list of preloaded symbols.		 *	This is used to initialize libltdl's list of		 *	preloaded modules. 		 *		 *	i.e. Static modules.		 */		LTDL_SET_PRELOADED_SYMBOLS();		if (lt_dlinit() != 0) {			radlog(L_ERR|L_CONS, "Failed to initialize libraries: %s/n",					lt_dlerror());			exit(1); /* FIXME */					}		/*		 *	Set the search path to ONLY our library directory.		 *	This prevents the modules from being found from		 *	any location on the disk.		 */		lt_dlsetsearchpath(radlib_dir);				DEBUG2("Module: Library search path is %s",				lt_dlgetsearchpath());		/*		 *	Initialize the components.		 */		for (comp = 0; comp < RLM_COMPONENT_COUNT; comp++) {			components[comp] = NULL;		}	} else {		detach_modules();	}	/*	 *	Create any DICT_VALUE's for the types.  See	 *	'doc/configurable_failover' for examples of 'authtype'	 *	used to create new Auth-Type values.  In order to	 *	let the user create new names, we've got to look for	 *	those names, and create DICT_VALUE's for them.	 */	for (comp = 0; section_type_value[comp].section != NULL; comp++) {		const char	*name2;		DICT_ATTR	*dattr;		DICT_VALUE	*dval;		CONF_SECTION	*sub, *next;		CONF_PAIR	*cp;		/*		 *  Big-time YUCK		 */		static int my_value = 32767;		cs = cf_section_find(section_type_value[comp].section);		if (!cs) continue;		sub = NULL;		do {			/*			 *	See if there's a sub-section by that			 *	name.			 */			next = cf_subsection_find_next(cs, sub,						      section_type_value[comp].typename);			/*			 *	Allow some old names, too.			 */			if (!next && (comp <= 4)) {								next = cf_subsection_find_next(cs, sub,							       old_section_type_value[comp].typename);			}			sub = next;//.........这里部分代码省略.........

static void process_source_stat (stats_source_t *src_stats, stats_event_t *event){    if (event->name)    {        stats_node_t *node = _find_node (src_stats->stats_tree, event->name);        if (node == NULL)        {            /* adding node */            if (event->action != STATS_EVENT_REMOVE && event->value)            {                DEBUG3 ("new node on %s /"%s/" (%s)", src_stats->source, event->name, event->value);                node = (stats_node_t *)calloc (1,sizeof(stats_node_t));                node->name = (char *)strdup (event->name);                node->value = (char *)strdup (event->value);                node->flags = event->flags;                if (src_stats->flags & STATS_HIDDEN)                    node->flags |= STATS_HIDDEN;                stats_listener_send (node->flags, "EVENT %s %s %s/n", src_stats->source, event->name, event->value);                avl_insert (src_stats->stats_tree, (void *)node);            }            return;        }        if (event->action == STATS_EVENT_REMOVE)        {            DEBUG2 ("delete node %s from %s", event->name, src_stats->source);            stats_listener_send (node->flags, "DELETE %s %s/n", src_stats->source, event->name);            avl_delete (src_stats->stats_tree, (void *)node, _free_stats);            return;        }        modify_node_event (node, event);        stats_listener_send (node->flags, "EVENT %s %s %s/n", src_stats->source, node->name, node->value);        return;    }    if (event->action == STATS_EVENT_REMOVE && event->name == NULL)    {        avl_tree_unlock (src_stats->stats_tree);        avl_tree_wlock (_stats.source_tree);        avl_tree_wlock (src_stats->stats_tree);        avl_delete (_stats.source_tree, (void *)src_stats, _free_source_stats);        avl_tree_unlock (_stats.source_tree);        return;    }    /* change source flags status */    if (event->action & STATS_EVENT_HIDDEN)    {        avl_node *node = avl_get_first (src_stats->stats_tree);        int visible = 0;        if ((event->flags&STATS_HIDDEN) == (src_stats->flags&STATS_HIDDEN))            return;        if (src_stats->flags & STATS_HIDDEN)        {            stats_node_t *ct = _find_node (src_stats->stats_tree, "server_type");            const char *type = "audio/mpeg";            if (ct)                type = ct->value;            src_stats->flags &= ~STATS_HIDDEN;            stats_listener_send (src_stats->flags, "NEW %s %s/n", type, src_stats->source);            visible = 1;        }        else        {            stats_listener_send (src_stats->flags, "DELETE %s/n", src_stats->source);            src_stats->flags |= STATS_HIDDEN;        }        while (node)        {            stats_node_t *stats = (stats_node_t*)node->key;            if (visible)            {                stats->flags &= ~STATS_HIDDEN;                stats_listener_send (stats->flags, "EVENT %s %s %s/n", src_stats->source, stats->name, stats->value);            }            else                stats->flags |= STATS_HIDDEN;            node = avl_get_next (node);        }    }}

/** Execute a program. * * @param cmd Command to execute. This is parsed into argv[] parts, * 	then each individual argv part is xlat'ed. * @param request current request. * @param exec_wait set to 1 if you want to read from or write to child * @param user_msg buffer to append plaintext (non valuepair) output. * @param msg_len length of user_msg buffer. * @param input_pairs list of value pairs - these will be put into * 	the environment variables of the child. * @param[out] output_pairs list of value pairs - child stdout will be * 	parsed and added into this list of value pairs. * @param shell_escape * @return 0 if exec_wait==0, exit code if exec_wait!=0, -1 on error. */int radius_exec_program(const char *cmd, REQUEST *request,			int exec_wait,			char *user_msg, int msg_len,			VALUE_PAIR *input_pairs,			VALUE_PAIR **output_pairs,			int shell_escape){	pid_t pid;	int from_child;#ifndef __MINGW32__	VALUE_PAIR *vp;	char *p;	pid_t child_pid;	int comma = 0;	int status;	int n, done;	char answer[4096];#endif	pid = radius_start_program(cmd, request, exec_wait, NULL, &from_child, input_pairs, shell_escape);	if (pid < 0) {		return -1;	}	if (!exec_wait)		return 0;#ifndef __MINGW32__	done = radius_readfrom_program(from_child, pid, 10, answer, sizeof(answer));	if (done < 0) {		/*		 * failure - radius_readfrom_program will		 * have called close(from_child) for us		 */		DEBUG("failed to read from child output");		return 1;	}	answer[done] = 0;	/*	 *	Make sure that the writer can't block while writing to	 *	a pipe that no one is reading from anymore.	 */	close(from_child);	DEBUG2("Exec-Program output: %s", answer);	/*	 *	Parse the output, if any.	 */	if (done) {		n = T_OP_INVALID;		if (output_pairs) {			/*			 *	For backwards compatibility, first check			 *	for plain text (user_msg).			 */			vp = NULL;			n = userparse(answer, &vp);			if (vp) {				pairfree(&vp);			}		}		if (n == T_OP_INVALID) {			DEBUG("Exec-Program-Wait: plaintext: %s", answer);			if (user_msg) {				strlcpy(user_msg, answer, msg_len);			}		} else {			/*			 *	HACK: Replace '/n' with ',' so that			 *	userparse() can parse the buffer in			 *	one go (the proper way would be to			 *	fix userparse(), but oh well).			 */			for (p = answer; *p; p++) {				if (*p == '/n') {					*p = comma ? ' ' : ',';					p++;					comma = 0;				}				if (*p == ',') comma++;//.........这里部分代码省略.........

void EventsWatcherDbOp::InsertEvent( const long serviceId, const string& correlationId, const string& sessionId,	const string& evtype, const string& machine, const string& date, const string& messageBuffer, 	const string& event_class, const string& additionalInfo, const string& innerException ){	Database* data = getData();		ParametersVector params;		string guid = Collaboration::GenerateGuid();	DEBUG2( "guidParam [" << guid << "]" );	DataParameterBase *guidParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	guidParam->setDimension( guid.size() );	guidParam->setString( guid );	params.push_back( guidParam );			DEBUG2( "serviceIdParam [" << serviceId << "]" );	DataParameterBase *serviceIdParam = m_DatabaseProvider->createParameter( DataType::LONGINT_TYPE );	serviceIdParam->setLong( serviceId );	params.push_back( serviceIdParam );	DEBUG2( "correl [" << correlationId << "]" );	DataParameterBase *correlIdParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	correlIdParam->setDimension( correlationId.size() );	correlIdParam->setString( correlationId );	params.push_back( correlIdParam );			DEBUG2( "session [" << sessionId << "]" );	DataParameterBase *sessionIdParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	sessionIdParam->setDimension( sessionId.size() );	sessionIdParam->setString( sessionId );	params.push_back( sessionIdParam );		DEBUG2( "type [" << evtype << "]" );	DataParameterBase *typeParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	typeParam->setDimension( evtype.size() );	typeParam->setString( evtype );	params.push_back( typeParam );			DEBUG2( "machine [" << machine << "]" );	DataParameterBase *machineParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	machineParam->setDimension( machine.size() );	machineParam->setString( machine );	params.push_back( machineParam );		DEBUG2( "eventdate [" << date << "]" );	DataParameterBase *dateParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	dateParam->setDimension( date.size() );	dateParam->setString( date );	params.push_back( dateParam );	DEBUG2( "message" );	DataParameterBase *messageParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	string::size_type messageBufferLength = messageBuffer.length();	if( messageBufferLength > 256 )	{		messageParam->setDimension( 256 );		messageParam->setString( messageBuffer.substr( 0, 256 ) );	}	else	{		messageParam->setDimension( messageBufferLength );		messageParam->setString( messageBuffer );	}	params.push_back( messageParam );	DEBUG2( "class [" << event_class << "]" );	DataParameterBase *classParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	classParam->setDimension( event_class.size() );	classParam->setString( event_class );	params.push_back( classParam );			DEBUG2( "addinfo [" << additionalInfo << "]" );	DataParameterBase *addInfoParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	if( ( additionalInfo.length() == 0 ) && ( messageBufferLength > 256 ) )	{		addInfoParam->setDimension( messageBufferLength );		addInfoParam->setString( messageBuffer );	}	else	{		if ( additionalInfo.length() > 2999 )		{			addInfoParam->setDimension( 2999 );			addInfoParam->setString( additionalInfo.substr( 0, 2999 ) );		}		else		{			addInfoParam->setDimension( additionalInfo.length() );			addInfoParam->setString( additionalInfo );		}	}	params.push_back( addInfoParam );		DEBUG2( "innerex [" << innerException << "]" );	DataParameterBase *innerExParam = m_DatabaseProvider->createParameter( DataType::CHAR_TYPE );	if( innerException.length() > 3499 )	{		innerExParam->setDimension( 3499 );		innerExParam->setString( innerException.substr( 0, 3499 ) );//.........这里部分代码省略.........

/* *	Replace %<whatever> in a string. * *	%P	pool_name *	%I	param *	%J	lease_duration * */static int sqlippool_expand(char * out, int outlen, char const * fmt,			    rlm_sqlippool_t *data, char * param, int param_len){	char *q;	char const *p;	char tmp[40]; /* For temporary storing of integers */	q = out;	for (p = fmt; *p ; p++) {		int freespace;		int c;		/* Calculate freespace in output */		freespace = outlen - (q - out);		if (freespace <= 1)			break;		c = *p;		if (c != '%') {			*q++ = *p;			continue;		}		if (*++p == '/0') {			break;		}		if (c == '%') {			switch (*p) {			case 'P': /* pool name */				strlcpy(q, data->pool_name, freespace);				q += strlen(q);				break;			case 'I': /* IP address */				if (param && param_len > 0) {					if (param_len > freespace) {						strlcpy(q, param, freespace);						q += strlen(q);					}					else {						memcpy(q, param, param_len);						q += param_len;					}				}				break;			case 'J': /* lease duration */				sprintf(tmp, "%d", data->lease_duration);				strlcpy(q, tmp, freespace);				q += strlen(q);				break;			default:				*q++ = '%';				*q++ = *p;				break;			}		}	}	*q = '/0';#if 0	DEBUG2("sqlippool_expand: /"%s/"", out);#endif	return strlen(out);}

/* *	Read config files. * *	This function can ONLY be called from the main server process. */int main_config_init(void){	char const *p = NULL;	CONF_SECTION *cs;	struct stat statbuf;	cached_config_t *cc;	char buffer[1024];	if (stat(radius_dir, &statbuf) < 0) {		ERROR("Errors reading %s: %s",		       radius_dir, fr_syserror(errno));		return -1;	}#ifdef S_IWOTH	if ((statbuf.st_mode & S_IWOTH) != 0) {		ERROR("Configuration directory %s is globally writable.  Refusing to start due to insecure configuration.",		       radius_dir);	  return -1;	}#endif#ifdef S_IROTH	if (0 && (statbuf.st_mode & S_IROTH) != 0) {		ERROR("Configuration directory %s is globally readable.  Refusing to start due to insecure configuration.",		       radius_dir);		return -1;	}#endif	INFO("Starting - reading configuration files ...");	/*	 *	We need to load the dictionaries before reading the	 *	configuration files.  This is because of the	 *	pre-compilation in conffile.c.  That should probably	 *	be fixed to be done as a second stage.	 */	if (!main_config.dictionary_dir) {		main_config.dictionary_dir = talloc_typed_strdup(NULL, DICTDIR);	}	/*	 *	Read the distribution dictionaries first, then	 *	the ones in raddb.	 */	DEBUG2("including dictionary file %s/%s", main_config.dictionary_dir, RADIUS_DICTIONARY);	if (dict_init(main_config.dictionary_dir, RADIUS_DICTIONARY) != 0) {		ERROR("Errors reading dictionary: %s",		      fr_strerror());		return -1;	}#define DICT_READ_OPTIONAL(_d, _n) /do {/	switch (dict_read(_d, _n)) {/	case -1:/		ERROR("Errors reading %s/%s: %s", _d, _n, fr_strerror());/		return -1;/	case 0:/		DEBUG2("including dictionary file %s/%s", _d,_n);/		break;/	default:/		break;/	}/} while (0)	/*	 *	Try to load protocol-specific dictionaries.  It's OK	 *	if they don't exist.	 */#ifdef WITH_DHCP	DICT_READ_OPTIONAL(main_config.dictionary_dir, "dictionary.dhcp");#endif#ifdef WITH_VMPS	DICT_READ_OPTIONAL(main_config.dictionary_dir, "dictionary.vqp");#endif	/*	 *	It's OK if this one doesn't exist.	 */	DICT_READ_OPTIONAL(radius_dir, RADIUS_DICTIONARY);	/* Read the configuration file */	snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",		 radius_dir, main_config.name);	if ((cs = cf_file_read(buffer)) == NULL) {		ERROR("Errors reading or parsing %s", buffer);		return -1;	}	/*	 *	If there was no log destination set on the command line,	 *	set it now.	 *///.........这里部分代码省略.........

/* * To process the TLS, *  INCOMING DATA: * 	1. EAP-TLS should get the compelete TLS data from the peer. * 	2. Store that data in a data structure with any other required info *	3. Handle that data structure to the TLS module. *	4. TLS module will perform its operations on the data and *	handle back to EAP-TLS * *  OUTGOING DATA: * 	1. EAP-TLS if necessary will fragment it and send it to the * 	destination. * *	During EAP-TLS initialization, TLS Context object will be *	initialized and stored.  For every new authentication *	requests, TLS will open a new session object and that session *	object should be maintained even after the session is *	completed for session resumption. (Probably later as a feature *	as we donot know who maintains these session objects ie, *	SSL_CTX (internally) or TLS module(explicitly). If TLS module, *	then how to let SSL API know about these sessions.) */static eaptls_status_t eaptls_operation(eaptls_status_t status,					EAP_HANDLER *handler){	tls_session_t *tls_session;	tls_session = (tls_session_t *)handler->opaque;	if ((status == EAPTLS_MORE_FRAGMENTS) ||	    (status == EAPTLS_MORE_FRAGMENTS_WITH_LENGTH) ||	    (status == EAPTLS_FIRST_FRAGMENT)) {		/*		 *	Send the ACK.		 */		eaptls_send_ack(handler->eap_ds, tls_session->peap_flag);		return EAPTLS_HANDLED;	}	/*	 *	We have the complete TLS-data or TLS-message.	 *	 *	Clean the dirty message.	 *	 *	Authenticate the user and send	 *	Success/Failure.	 *	 *	If more info	 *	is required then send another request.	 */	if (!tls_handshake_recv(tls_session)) {		DEBUG2("TLS receive handshake failed during operation");		eaptls_fail(handler, tls_session->peap_flag);		return EAPTLS_FAIL;	}	/*	 *	FIXME: return success/fail.	 *	 *	TLS proper can decide what to do, then.	 */	if (tls_session->dirty_out.used > 0) {		eaptls_request(handler->eap_ds, tls_session);		return EAPTLS_HANDLED;	}			/* 	 *	If there is no data to send i.e	 *	dirty_out.used <=0 and if the SSL	 *	handshake is finished, then return a	 *	EPTLS_SUCCESS	 */		if (SSL_is_init_finished(tls_session->ssl)) {		/*		 *	Init is finished.  The rest is		 *	application data.		 */		tls_session->info.content_type = application_data; 		return EAPTLS_SUCCESS;	}		/*	 *	Who knows what happened...	 */	DEBUG2("TLS failed during operation");	return EAPTLS_FAIL;}

//.........这里部分代码省略.........	tlspacket->flags = eap_ds->response->type.data[0];	/*	 *	A quick sanity check of the flags.  If we've been told	 *	that there's a length, and there isn't one, then stop.	 */	if (TLS_LENGTH_INCLUDED(tlspacket->flags) &&	    (tlspacket->length < 5)) { /* flags + TLS message length */		RDEBUG("Invalid EAP-TLS packet received.  (Length bit is set, but no length was found.)");		eaptls_free(&tlspacket);		return NULL;	}	/*	 *	If the final TLS packet is larger than we can handle, die	 *	now.	 *	 *	Likewise, if the EAP packet says N bytes, and the TLS	 *	packet says there's fewer bytes, it's a problem.	 *	 *	FIXME: Try to ensure that the claimed length is	 *	consistent across multiple TLS fragments.	 */	if (TLS_LENGTH_INCLUDED(tlspacket->flags)) {		memcpy(&data_len, &eap_ds->response->type.data[1], 4);		data_len = ntohl(data_len);		if (data_len > MAX_RECORD_SIZE) {			RDEBUG("The EAP-TLS packet will contain more data than we can process.");			eaptls_free(&tlspacket);			return NULL;		}#if 0		DEBUG2(" TLS: %d %d/n", data_len, tlspacket->length);		if (data_len < tlspacket->length) {			RDEBUG("EAP-TLS packet claims to be smaller than the encapsulating EAP packet.");			eaptls_free(&tlspacket);			return NULL;		}#endif	}	switch (status) {	/*	 *	The TLS Message Length field is four octets, and	 *	provides the total length of the TLS message or set of	 *	messages that is being fragmented; this simplifies	 *	buffer allocation.	 *	 *	Dynamic allocation of buffers as & when we know the	 *	length should solve the problem.	 */	case EAPTLS_FIRST_FRAGMENT:	case EAPTLS_LENGTH_INCLUDED:	case EAPTLS_MORE_FRAGMENTS_WITH_LENGTH:		if (tlspacket->length < 5) { /* flags + TLS message length */			RDEBUG("Invalid EAP-TLS packet received.  (Expected length, got none.)");			eaptls_free(&tlspacket);			return NULL;		}		/*		 *	Extract all the TLS fragments from the		 *	previous eap_ds Start appending this		 *	fragment to the above ds

/*** Description** Kill event handler loop*/voidstop_event_handler (void){  pthread_cancel(event_handler_thread);  DEBUG2("event.c: event handler stopped/n");}

void exec_trigger(REQUEST *request, CONF_SECTION *cs, const char *name){	CONF_SECTION *subcs;	CONF_ITEM *ci;	CONF_PAIR *cp;	const char *attr;	const char *value;	VALUE_PAIR *vp;	/*	 *	Use global "trigger" section if no local config is given.	 */	if (!cs) {		cs = mainconfig.config;		attr = name;	} else {		/*		 *	Try to use pair name, rather than reference.		 */		attr = strrchr(name, '.');		if (attr) {			attr++;		} else {			attr = name;		}	}	/*	 *	Find local "trigger" subsection.  If it isn't found,	 *	try using the global "trigger" section, and reset the	 *	reference to the full path, rather than the sub-path.	 */	subcs = cf_section_sub_find(cs, "trigger");	if (!subcs && (cs != mainconfig.config)) {		subcs = cf_section_sub_find(mainconfig.config, "trigger");		attr = name;	}	if (!subcs) {		DEBUG3("No trigger subsection: ignoring trigger %s", name);		return;	}	ci = cf_reference_item(subcs, mainconfig.config, attr);	if (!ci) {		DEBUG3("No such item in trigger section: %s", attr);		return;	}	if (!cf_item_is_pair(ci)) {		DEBUG2("Trigger is not a configuration variable: %s", attr);		return;	}	cp = cf_itemtopair(ci);	if (!cp) return;	value = cf_pair_value(cp);	if (!value) {		DEBUG2("Trigger has no value: %s", name);		return;	}	/*	 *	May be called for Status-Server packets.	 */	vp = NULL;	if (request && request->packet) vp = request->packet->vps;	DEBUG("Trigger %s -> %s", name, value);	radius_exec_program(value, request, 0, NULL, 0, vp, NULL, 1);}

static int mod_authenticate(UNUSED void *instance, eap_handler_t *handler){	int		rcode;	leap_session_t	*session;	leap_packet_t	*packet;	leap_packet_t	*reply;	VALUE_PAIR	*password;	if (!handler->opaque) {		radlog(L_ERR, "rlm_eap_leap: Cannot authenticate without LEAP history");		return 0;	}	session = (leap_session_t *) handler->opaque;	reply = NULL;	/*	 *	Extract the LEAP packet.	 */	if (!(packet = eapleap_extract(handler->eap_ds)))		return 0;	/*	 *	The password is never sent over the wire.	 *	Always get the configured password, for each user.	 */	password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);	if (!password) password = pairfind(handler->request->config_items, PW_NT_PASSWORD, 0, TAG_ANY);	if (!password) {		DEBUG2("rlm_eap_leap: No Cleartext-Password or NT-Password configured for this user");		talloc_free(packet);		return 0;	}	/*	 *	We've already sent the AP challenge.  This packet	 *	should contain the NtChallengeResponse	 */	switch (session->stage) {	case 4:			/* Verify NtChallengeResponse */		DEBUG2("  rlm_eap_leap: Stage 4");		rcode = eapleap_stage4(packet, password, session);		session->stage = 6;		/*		 *	We send EAP-Success or EAP-Fail, and not		 *	any LEAP packet.  So we return here.		 */		if (!rcode) {			handler->eap_ds->request->code = PW_EAP_FAILURE;			talloc_free(packet);			return 0;		}		handler->eap_ds->request->code = PW_EAP_SUCCESS;		/*		 *	Do this only for Success.		 */		handler->eap_ds->request->id = handler->eap_ds->response->id + 1;		handler->eap_ds->set_request_id = 1;		/*		 *	LEAP requires a challenge in stage 4, not		 *	an Access-Accept, which is normally returned		 *	by eap_compose() in eap.c, when the EAP reply code		 *	is EAP_SUCCESS.		 */		handler->request->reply->code = PW_ACCESS_CHALLENGE;		talloc_free(packet);		return 1;	case 6:			/* Issue session key */		DEBUG2("  rlm_eap_leap: Stage 6");		reply = eapleap_stage6(packet, handler->request,				       handler->request->username, password,				       session);		break;		/*		 *	Stages 1, 3, and 5 are requests from the AP.		 *	Stage 2 is handled by initiate()		 */	default:		radlog(L_ERR, "  rlm_eap_leap: Internal sanity check failed on stage");		break;	}	talloc_free(packet);	/*	 *	Process the packet.  We don't care about any previous	 *	EAP packets, as	 */	if (!reply) {		return 0;	}	eapleap_compose(handler->eap_ds, reply);	talloc_free(reply);	return 1;//.........这里部分代码省略.........

static int mod_process(void *arg, eap_handler_t *handler){	pwd_session_t *session;	pwd_hdr *hdr;	pwd_id_packet_t *packet;	eap_packet_t *response;	REQUEST *request, *fake;	VALUE_PAIR *pw, *vp;	EAP_DS *eap_ds;	size_t in_len;	int ret = 0;	eap_pwd_t *inst = (eap_pwd_t *)arg;	uint16_t offset;	uint8_t exch, *in, *ptr, msk[MSK_EMSK_LEN], emsk[MSK_EMSK_LEN];	uint8_t peer_confirm[SHA256_DIGEST_LENGTH];	if (((eap_ds = handler->eap_ds) == NULL) || !inst) return 0;	session = (pwd_session_t *)handler->opaque;	request = handler->request;	response = handler->eap_ds->response;	hdr = (pwd_hdr *)response->type.data;	/*	 *	The header must be at least one byte.	 */	if (!hdr || (response->type.length < sizeof(pwd_hdr))) {		RDEBUG("Packet with insufficient data");		return 0;	}	in = hdr->data;	in_len = response->type.length - sizeof(pwd_hdr);	/*	* see if we're fragmenting, if so continue until we're done	*/	if (session->out_pos) {		if (in_len) RDEBUG2("pwd got something more than an ACK for a fragment");		return send_pwd_request(session, eap_ds);	}	/*	* the first fragment will have a total length, make a	* buffer to hold all the fragments	*/	if (EAP_PWD_GET_LENGTH_BIT(hdr)) {		if (session->in) {			RDEBUG2("pwd already alloced buffer for fragments");			return 0;		}		if (in_len < 2) {			RDEBUG("Invalid packet: length bit set, but no length field");			return 0;		}		session->in_len = ntohs(in[0] * 256 | in[1]);		if ((session->in = talloc_zero_array(session, uint8_t, session->in_len)) == NULL) {			RDEBUG2("pwd cannot allocate %zd buffer to hold fragments",				session->in_len);			return 0;		}		memset(session->in, 0, session->in_len);		session->in_pos = 0;		in += sizeof(uint16_t);		in_len -= sizeof(uint16_t);	}	/*	 * all fragments, including the 1st will have the M(ore) bit set,	 * buffer those fragments!	 */	if (EAP_PWD_GET_MORE_BIT(hdr)) {		rad_assert(session->in != NULL);		if ((session->in_pos + in_len) > session->in_len) {			RDEBUG2("Fragment overflows packet.");			return 0;		}		memcpy(session->in + session->in_pos, in, in_len);		session->in_pos += in_len;		/*		 * send back an ACK for this fragment		 */		exch = EAP_PWD_GET_EXCHANGE(hdr);		eap_ds->request->code = PW_EAP_REQUEST;		eap_ds->request->type.num = PW_EAP_PWD;		eap_ds->request->type.length = sizeof(pwd_hdr);		if ((eap_ds->request->type.data = talloc_array(eap_ds->request, uint8_t, sizeof(pwd_hdr))) == NULL) {			return 0;		}		hdr = (pwd_hdr *)eap_ds->request->type.data;		EAP_PWD_SET_EXCHANGE(hdr, exch);		return 1;	}//.........这里部分代码省略.........

//.........这里部分代码省略.........	row = Work->Frows [i] ;	DEBUG6 ((ID" ", row)) ;	ASSERT (Frpos [row] == i) ;	ASSERT (NON_PIVOTAL_ROW (row)) ;    }    DEBUG6 (("/n")) ;    ASSERT (Frpos [Work->pivrow] >= 0) ;    ASSERT (Frpos [Work->pivrow] < fnrows) ;    ASSERT (Work->Flublock == (Entry *) (Numeric->Memory + E [0])) ;    ASSERT (Work->Fcblock == Work->Flublock + Work->nb *	(Work->nb + Work->fnr_curr + Work->fnc_curr)) ;#endif    Fcblock = Work->Fcblock ;    /* ---------------------------------------------------------------------- */    /* determine the largest actual frontal matrix size (for Info only) */    /* ---------------------------------------------------------------------- */    ASSERT (fnrows == Work->fnrows_new + 1) ;    ASSERT (fncols == Work->fncols_new + 1) ;    Numeric->maxnrows = MAX (Numeric->maxnrows, fnrows) ;    Numeric->maxncols = MAX (Numeric->maxncols, fncols) ;    /* this is safe from integer overflow, since the current frontal matrix     * is already allocated. */    Numeric->maxfrsize = MAX (Numeric->maxfrsize, fnrows * fncols) ;    /* ---------------------------------------------------------------------- */    /* assemble from prior elements into the current frontal matrix */    /* ---------------------------------------------------------------------- */    DEBUG2 (("New assemble start [prior_element:"ID"/n", Work->prior_element)) ;    /* Currently no rows or columns are marked.  No elements are scanned, */    /* that is, (ep->next == EMPTY) is true for all elements */    son_list = 0 ;	/* start creating son_list [ */    /* ---------------------------------------------------------------------- */    /* determine if most recent element is Lson or Uson of current front */    /* ---------------------------------------------------------------------- */    if (!Work->do_extend)    {	prior_Uson = ( Work->pivcol_in_front && !Work->pivrow_in_front) ;	prior_Lson = (!Work->pivcol_in_front &&  Work->pivrow_in_front) ;	if (prior_Uson || prior_Lson)	{	    e = Work->prior_element ;	    if (e != EMPTY)	    {		ASSERT (E [e]) ;		p = Memory + E [e] ;		ep = (Element *) p ;		ep->next = son_list ;		son_list = e ;#ifndef NDEBUG		DEBUG2 (("e "ID" is Prior son "ID" "ID"/n",		    e, prior_Uson, prior_Lson)) ;		UMF_dump_element (Numeric, Work, e, FALSE) ;#endif		ASSERT (E [e]) ;	    }	}

/* *	Check the min_spare_threads and max_spare_threads. * *	If there are too many or too few threads waiting, then we *	either create some more, or delete some. */static void thread_pool_manage(time_t now){	int spare;	int i, total;	THREAD_HANDLE *handle, *next;	int active_threads;	/*	 *	We don't need a mutex lock here, as we're reading	 *	active_threads, and not modifying it.  We want a close	 *	approximation of the number of active threads, and this	 *	is good enough.	 */	active_threads = thread_pool.active_threads;	spare = thread_pool.total_threads - active_threads;	if (debug_flag) {		static int old_total = -1;		static int old_active = -1;		if ((old_total != thread_pool.total_threads) ||				(old_active != active_threads)) {			DEBUG2("Threads: total/active/spare threads = %d/%d/%d",					thread_pool.total_threads, active_threads, spare);			old_total = thread_pool.total_threads;			old_active = active_threads;		}	}	/*	 *	If there are too few spare threads.  Go create some more.	 */	if ((thread_pool.total_threads < thread_pool.max_threads) &&	    (spare < thread_pool.min_spare_threads)) {		total = thread_pool.min_spare_threads - spare;		if ((total + thread_pool.total_threads) > thread_pool.max_threads) {			total = thread_pool.max_threads - thread_pool.total_threads;		}		DEBUG2("Threads: Spawning %d spares", total);		/*		 *	Create a number of spare threads.		 */		for (i = 0; i < total; i++) {			handle = spawn_thread(now, 1);			if (handle == NULL) {				return;			}		}		return;		/* there aren't too many spare threads */	}	/*	 *	Only delete spare threads if we haven't already done	 *	so this second.	 */	if (now == last_cleaned) {		return;	}	last_cleaned = now;	/*	 *	Loop over the thread pool, deleting exited threads.	 */	for (handle = thread_pool.head; handle; handle = next) {		next = handle->next;		/*		 *	Maybe we've asked the thread to exit, and it		 *	has agreed.		 */		if (handle->status == THREAD_EXITED) {			pthread_join(handle->pthread_id, NULL);			delete_thread(handle);		}	}	/*	 *	Only delete the spare threads if sufficient time has	 *	passed since we last created one.  This helps to minimize	 *	the amount of create/delete cycles.	 */	if ((now - thread_pool.time_last_spawned) < thread_pool.cleanup_delay) {		return;	}	/*	 *	If there are too many spare threads, delete one.	 *	 *	Note that we only delete ONE at a time, instead of	 *	wiping out many.  This allows the excess servers to	 *	be slowly reaped, just in case the load spike comes again.//.........这里部分代码省略.........

/* *	Check one terminal server to see if a user is logged in. * *	Return values: *		0 The user is off-line. *		1 The user is logged in. *		2 Some error occured. */int rad_check_ts(uint32_t nasaddr, unsigned int portnum, char const *user,		 char const *session_id){	pid_t	pid, child_pid;	int	status;	char	address[16];	char	port[11];	RADCLIENT *cl;	fr_ipaddr_t ipaddr;	ipaddr.af = AF_INET;	ipaddr.ipaddr.ip4addr.s_addr = nasaddr;	/*	 *	Find NAS type.	 */	cl = client_find_old(&ipaddr);	if (!cl) {		/*		 *  Unknown NAS, so trusting radutmp.		 */		DEBUG2("checkrad: Unknown NAS %s, not checking",		       ip_ntoa(address, nasaddr));		return 1;	}	/*	 *  No nas_type, or nas type 'other', trust radutmp.	 */	if (!cl->nas_type || (cl->nas_type[0] == '/0') ||	    (strcmp(cl->nas_type, "other") == 0)) {		DEBUG2("checkrad: No NAS type, or type /"other/" not checking");		return 1;	}	/*	 *	Fork.	 */	if ((pid = rad_fork()) < 0) { /* do wait for the fork'd result */		ERROR("Accounting: Failed in fork(): Cannot run checkrad/n");		return 2;	}	if (pid > 0) {		child_pid = rad_waitpid(pid, &status);		/*		 *	It's taking too long.  Stop waiting for it.		 *		 *	Don't bother to kill it, as we don't care what		 *	happens to it now.		 */		if (child_pid == 0) {			ERROR("Check-TS: timeout waiting for checkrad");			return 2;		}		if (child_pid < 0) {			ERROR("Check-TS: unknown error in waitpid()");			return 2;		}		return WEXITSTATUS(status);	}	/*	 *  We don't close fd's 0, 1, and 2.  If we're in debugging mode,	 *  then they should go to stdout (etc), along with the other	 *  server log messages.	 *	 *  If we're not in debugging mode, then the code in radiusd.c	 *  takes care of connecting fd's 0, 1, and 2 to /dev/null.	 */	closefrom(3);	ip_ntoa(address, nasaddr);	snprintf(port, 11, "%u", portnum);#ifdef __EMX__	/* OS/2 can't directly execute scripts then we call the command	   processor to execute checkrad	*/	execl(getenv("COMSPEC"), "", "/C","checkrad", cl->nas_type, address, port,		user, session_id, NULL);#else	execl(mainconfig.checkrad, "checkrad", cl->nas_type, address, port,		user, session_id, NULL);#endif	ERROR("Check-TS: exec %s: %s", mainconfig.checkrad, strerror(errno));	/*	 *	Exit - 2 means "some error occured".//.........这里部分代码省略.........

/* *	The main thread handler for requests. * *	Wait on the semaphore until we have it, and process the request. */static void *request_handler_thread(void *arg){	THREAD_HANDLE	  *self = (THREAD_HANDLE *) arg;	/*	 *	Loop forever, until told to exit.	 */	do {		/*		 *	Wait to be signalled.		 */		DEBUG2("Thread %d waiting to be assigned a request",		       self->thread_num);	re_wait:		if (sem_wait(&thread_pool.semaphore) != 0) {			/*			 *	Interrupted system call.  Go back to			 *	waiting, but DON'T print out any more			 *	text.			 */			if (errno == EINTR) {				DEBUG2("Re-wait %d", self->thread_num);				goto re_wait;			}			radlog(L_ERR, "Thread %d failed waiting for semaphore: %s: Exiting/n",			       self->thread_num, strerror(errno));			break;		}		DEBUG2("Thread %d got semaphore", self->thread_num);#ifdef HAVE_OPENSSL_ERR_H 		/*		 *	Clear the error queue for the current thread.		 */		ERR_clear_error ();#endif		/*		 *	The server is exiting.  Don't dequeue any		 *	requests.		 */		if (thread_pool.stop_flag) break;		/*		 *	Try to grab a request from the queue.		 *		 *	It may be empty, in which case we fail		 *	gracefully.		 */		if (!request_dequeue(&self->request)) continue;		self->request->child_pid = self->pthread_id;		self->request_count++;		DEBUG2("Thread %d handling request %d, (%d handled so far)",		       self->thread_num, self->request->number,		       self->request_count);		if ((self->request->packet->code == PW_ACCOUNTING_REQUEST) &&		    thread_pool.auto_limit_acct) {			VALUE_PAIR *vp;			REQUEST *request = self->request;			vp = radius_paircreate(request, &request->config_items,					       181, VENDORPEC_FREERADIUS,					       PW_TYPE_INTEGER);			if (vp) vp->vp_integer = thread_pool.pps_in.pps;			vp = radius_paircreate(request, &request->config_items,					       182, VENDORPEC_FREERADIUS,					       PW_TYPE_INTEGER);			if (vp) vp->vp_integer = thread_pool.pps_in.pps;						vp = radius_paircreate(request, &request->config_items,					       183, VENDORPEC_FREERADIUS,					       PW_TYPE_INTEGER);			if (vp) {				vp->vp_integer = thread_pool.max_queue_size - thread_pool.num_queued;				vp->vp_integer *= 100;				vp->vp_integer /= thread_pool.max_queue_size;			}		}		self->request->process(self->request, FR_ACTION_RUN);		self->request = NULL;		/*		 *	Update the active threads.		 */		pthread_mutex_lock(&thread_pool.queue_mutex);		rad_assert(thread_pool.active_threads > 0);		thread_pool.active_threads--;		pthread_mutex_unlock(&thread_pool.queue_mutex);	} while (self->status != THREAD_CANCELLED);//.........这里部分代码省略.........

static SECURID_AUTH_RC securidAuth(void *instance, REQUEST *request,				   const char* username, 				   const char* passcode,				   char* replyMsgBuffer,int replyMsgBufferSize){	rlm_securid_t *inst = (rlm_securid_t *) instance;	int         acmRet;	SD_PIN pinParams;	char newPin[10];	char format[30];	SECURID_SESSION *pSecurid_session=NULL;	int rc=-1;	if (!username) {		radlog(L_ERR, "SecurID username is NULL");		return RC_SECURID_AUTH_FAILURE;			}	if (!passcode) {		radlog(L_ERR, "SecurID passcode is NULL for %s user",username);		return RC_SECURID_AUTH_FAILURE;			}	*replyMsgBuffer = '/0';	pSecurid_session = securid_sessionlist_find(inst,request);	if (pSecurid_session == NULL) {		/* securid session not found */		SDI_HANDLE  sdiHandle = SDI_HANDLE_NONE;		acmRet = SD_Init(&sdiHandle);		if (acmRet != ACM_OK) {			radlog(L_ERR, "Cannot communicate with the ACE/Server");			return -1;		}		acmRet = SD_Lock(sdiHandle, (SD_CHAR*)username);		if (acmRet != ACM_OK) {			radlog(L_ERR,"SecurID: Access denied. Name [%s] lock failed.",username);			return -2;		}		acmRet = SD_Check(sdiHandle, (SD_CHAR*) passcode,				  (SD_CHAR*) username);		switch (acmRet) {		case ACM_OK:			/* we are in now */			RDEBUG("SecurID authentication successful for %s.",			       username);			SD_Close(sdiHandle);			return RC_SECURID_AUTH_SUCCESS;		case ACM_ACCESS_DENIED:         			/* not this time */			RDEBUG("SecurID Access denied for %s", username);			SD_Close(sdiHandle);			return RC_SECURID_AUTH_ACCESS_DENIED_FAILURE;		case ACM_INVALID_SERVER:			radlog(L_ERR,"SecurID: Invalid ACE server.");			return RC_SECURID_AUTH_INVALID_SERVER_FAILURE;		case ACM_NEW_PIN_REQUIRED:			RDEBUG2("SecurID new pin required for %s",				username);			/* create a new session */			pSecurid_session = securid_session_alloc();			pSecurid_session->sdiHandle = sdiHandle; /* save ACE handle for future use */			pSecurid_session->securidSessionState = NEW_PIN_REQUIRED_STATE;			pSecurid_session->identity = strdup(username);			 			/* Get PIN requirements */			acmRet = AceGetPinParams(sdiHandle, &pinParams);			 			/* If a system-generated PIN is required */			if (pinParams.Selectable == CANNOT_CHOOSE_PIN) {				/* Prompt user to accept a system generated PIN */				snprintf(replyMsgBuffer, replyMsgBufferSize,					 "/r/nAre you prepared to accept a new system-generated PIN [y/n]?");				pSecurid_session->securidSessionState = NEW_PIN_SYSTEM_ACCEPT_STATE;			} else if (pinParams.Selectable == USER_SELECTABLE) { //may be returned by AM 6.x servers.				snprintf(replyMsgBuffer, replyMsgBufferSize,					 "/r/nPress 'y' to generate a new PIN/r/nOR/r/n'n'to enter a new PIN yourself [y/n]");				pSecurid_session->securidSessionState = NEW_PIN_USER_SELECT_STATE;			} else {				if (pinParams.Alphanumeric) {					strcpy(format, "alphanumeric characters");				} else {					strcpy(format, "digits");				}				snprintf(replyMsgBuffer, replyMsgBufferSize,					 " /r/n   Enter your new PIN of %d to %d %s,/r/n                or/r/n   <Ctrl-D> to cancel the New PIN procedure:",					 pinParams.Min, pinParams.Max, format);			}			/* insert new session in the session list *///.........这里部分代码省略.........

//.........这里部分代码省略.........	}#endif#ifndef WITH_GCD	if (cf_section_parse(pool_cf, NULL, thread_config) < 0) {		return -1;	}	/*	 *	Catch corner cases.	 */	if (thread_pool.min_spare_threads < 1)		thread_pool.min_spare_threads = 1;	if (thread_pool.max_spare_threads < 1)		thread_pool.max_spare_threads = 1;	if (thread_pool.max_spare_threads < thread_pool.min_spare_threads)		thread_pool.max_spare_threads = thread_pool.min_spare_threads;	if (thread_pool.max_threads == 0)		thread_pool.max_threads = 256;	if ((thread_pool.max_queue_size < 2) || (thread_pool.max_queue_size > 1048576)) {		radlog(L_ERR, "FATAL: max_queue_size value must be in range 2-1048576");		return -1;	}#endif	/* WITH_GCD */	/*	 *	The pool has already been initialized.  Don't spawn	 *	new threads, and don't forget about forked children,	 */	if (pool_initialized) {		return 0;	}#ifndef WITH_GCD	/*	 *	Initialize the queue of requests.	 */	memset(&thread_pool.semaphore, 0, sizeof(thread_pool.semaphore));	rcode = sem_init(&thread_pool.semaphore, 0, SEMAPHORE_LOCKED);	if (rcode != 0) {		radlog(L_ERR, "FATAL: Failed to initialize semaphore: %s",		       strerror(errno));		return -1;	}	rcode = pthread_mutex_init(&thread_pool.queue_mutex,NULL);	if (rcode != 0) {		radlog(L_ERR, "FATAL: Failed to initialize queue mutex: %s",		       strerror(errno));		return -1;	}	/*	 *	Allocate multiple fifos.	 */	for (i = 0; i < RAD_LISTEN_MAX; i++) {		thread_pool.fifo[i] = fr_fifo_create(thread_pool.max_queue_size, NULL);		if (!thread_pool.fifo[i]) {			radlog(L_ERR, "FATAL: Failed to set up request fifo");			return -1;		}	}#endif#ifdef HAVE_OPENSSL_CRYPTO_H	/*	 *	If we're linking with OpenSSL too, then we need	 *	to set up the mutexes and enable the thread callbacks.	 */	if (!setup_ssl_mutexes()) {		radlog(L_ERR, "FATAL: Failed to set up SSL mutexes");		return -1;	}#endif#ifndef WITH_GCD	/*	 *	Create a number of waiting threads.	 *	 *	If we fail while creating them, do something intelligent.	 */	for (i = 0; i < thread_pool.start_threads; i++) {		if (spawn_thread(now, 0) == NULL) {			return -1;		}	}#else	thread_pool.queue = dispatch_queue_create("org.freeradius.threads", NULL);	if (!thread_pool.queue) {		radlog(L_ERR, "Failed creating dispatch queue: %s/n",		       strerror(errno));		exit(1);	}#endif	DEBUG2("Thread pool initialized");	pool_initialized = TRUE;	return 0;}

void transmit(const char* transmission, const char* jsonStr, const char* kind, const char* key,              const char* syshost, char* resultFn){  char * cmdline;  char * p_dbg        = getenv("XALT_TRACING");  int    xalt_tracing = (p_dbg && (strcmp(p_dbg,"yes")  == 0 ||				   strcmp(p_dbg,"run")  == 0 ));  if ((strcasecmp(transmission,"file")      != 0 ) &&      (strcasecmp(transmission,"syslog")    != 0 ) &&       (strcasecmp(transmission,"none")      != 0 ) &&       (strcasecmp(transmission,"syslogv1")  != 0 ))    transmission = "file";  if (strcasecmp(transmission, "file") == 0 || strcasecmp(transmission, "file_separate_dirs") == 0 )    {      if (resultFn == NULL)	{	  DEBUG0(stderr,"  resultFn is NULL, $HOME might be undefined -> No XALT output/n");	  return;	}      int err = mkpath(resultFn, 0700);      if (err)	{	  if (xalt_tracing)	    {	      perror("Error: ");	      fprintf(stderr,"  unable to mkpath(%s) -> No XALT output/n", resultFn);	    }	  return;	}      FILE* fp = fopen(resultFn,"w");      if (fp == NULL && xalt_tracing)	fprintf(stderr,"  Unable to open: %s -> No XALT output/n", resultFn);      else        {          fprintf(fp, "%s/n", jsonStr);          fclose(fp);          DEBUG2(stderr,"  Wrote json %s file : %s/n",kind, resultFn);        }    }  else if (strcasecmp(transmission, "syslogv1") == 0)    {      int   zslen;      int   b64len;      char* zs      = compress_string(jsonStr,&zslen);      char* b64     = base64_encode(zs, zslen, &b64len);            asprintf(&cmdline, "PATH=%s logger -t XALT_LOGGING_%s /"%s:%s/"/n",XALT_SYSTEM_PATH, syshost, kind, b64);      system(cmdline);      free(zs);      free(b64);      free(cmdline);          }  else if (strcasecmp(transmission, "syslog") == 0)    {      int   sz;      int   zslen;      char* zs      = compress_string(jsonStr, &zslen);      char* b64     = base64_encode(zs, zslen, &sz);            int   blkSz   = (sz < syslog_msg_sz) ? sz : syslog_msg_sz;      int   nBlks   = (sz -  1)/blkSz + 1;      int   istrt   = 0;      int   iend    = blkSz;      int   i;      for (i = 0; i < nBlks; i++)        {          asprintf(&cmdline, "PATH=%s logger -t XALT_LOGGING_%s V:2 kind:%s idx:%d nb:%d syshost:%s key:%s value:%.*s/n",                   XALT_SYSTEM_PATH, syshost, kind, i, nBlks, syshost, key, iend-istrt, &b64[istrt]);          system(cmdline);          free(cmdline);          istrt = iend;          iend  = istrt + blkSz;          if (iend > sz)            iend = sz;        }      free(b64);    }}

/* *	Authenticate a previously sent challenge. */static int eap_sim_authenticate(void *arg, EAP_HANDLER *handler){	struct eap_sim_server_state *ess;	VALUE_PAIR *vp, *vps;	enum eapsim_subtype subtype;	int success;	arg = arg; /* shut up compiler */	ess = (struct eap_sim_server_state *)handler->opaque;	/* vps is the data from the client */	vps = handler->request->packet->vps;	success= unmap_eapsim_basictypes(handler->request->packet,					 handler->eap_ds->response->type.data,					 handler->eap_ds->response->type.length);	if(!success) {	  return 0;	}	/* see what kind of message we have gotten */	if((vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0)) == NULL)	{		DEBUG2("   no subtype attribute was created, message dropped");		return 0;	}	subtype = vp->vp_integer;	/*	 *	Client error supersedes anything else.	 */	if (subtype == eapsim_client_error) {		return 0;	}	switch(ess->state) {	case eapsim_server_start:		switch(subtype) {		default:			/*			 * pretty much anything else here is illegal,			 * so we will retransmit the request.			 */			eap_sim_stateenter(handler, ess, eapsim_server_start);			return 1;		case eapsim_start:			/*			 * a response to our EAP-Sim/Request/Start!			 *			 */			return process_eap_sim_start(handler, vps);		}		break;	case eapsim_server_challenge:		switch(subtype) {		default:			/*			 * pretty much anything else here is illegal,			 * so we will retransmit the request.			 */			eap_sim_stateenter(handler, ess, eapsim_server_challenge);			return 1;		case eapsim_challenge:			/*			 * a response to our EAP-Sim/Request/Challenge!			 *			 */			return process_eap_sim_challenge(handler, vps);		}		break;	default:		/* if we get into some other state, die, as this		 * is a coding error!		 */		DEBUG2("  illegal-unknown state reached in eap_sim_authenticate/n");		rad_assert(0 == 1); 	}	return 0;}

/** * qla2300_intr_handler() - Process interrupts for the ISP23xx and ISP63xx. * @irq: * @dev_id: SCSI driver HA context * @regs: * * Called by system whenever the host adapter generates an interrupt. * * Returns handled flag. */irqreturn_tqla2300_intr_handler(int irq, void *dev_id, struct pt_regs *regs){	scsi_qla_host_t	*ha;	struct device_reg_2xxx __iomem *reg;	int		status;	unsigned long	flags;	unsigned long	iter;	uint32_t	stat;	uint16_t	hccr;	uint16_t	mb[4];	ha = (scsi_qla_host_t *) dev_id;	if (!ha) {		printk(KERN_INFO		    "%s(): NULL host pointer/n", __func__);		return (IRQ_NONE);	}	reg = &ha->iobase->isp;	status = 0;	spin_lock_irqsave(&ha->hardware_lock, flags);	for (iter = 50; iter--; ) {		stat = RD_REG_DWORD(&reg->u.isp2300.host_status);		if (stat & HSR_RISC_PAUSED) {			hccr = RD_REG_WORD(&reg->hccr);			if (hccr & (BIT_15 | BIT_13 | BIT_11 | BIT_8))				qla_printk(KERN_INFO, ha,				    "Parity error -- HCCR=%x./n", hccr);			else				qla_printk(KERN_INFO, ha,				    "RISC paused -- HCCR=%x./n", hccr);			/*			 * Issue a "HARD" reset in order for the RISC			 * interrupt bit to be cleared.  Schedule a big			 * hammmer to get out of the RISC PAUSED state.			 */			WRT_REG_WORD(&reg->hccr, HCCR_RESET_RISC);			RD_REG_WORD(&reg->hccr);			set_bit(ISP_ABORT_NEEDED, &ha->dpc_flags);			break;		} else if ((stat & HSR_RISC_INT) == 0)			break;		switch (stat & 0xff) {		case 0x1:		case 0x2:		case 0x10:		case 0x11:			qla2x00_mbx_completion(ha, MSW(stat));			status |= MBX_INTERRUPT;			/* Release mailbox registers. */			WRT_REG_WORD(&reg->semaphore, 0);			break;		case 0x12:			mb[0] = MSW(stat);			mb[1] = RD_MAILBOX_REG(ha, reg, 1);			mb[2] = RD_MAILBOX_REG(ha, reg, 2);			mb[3] = RD_MAILBOX_REG(ha, reg, 3);			qla2x00_async_event(ha, mb);			break;		case 0x13:			qla2x00_process_response_queue(ha);			break;		case 0x15:			mb[0] = MBA_CMPLT_1_16BIT;			mb[1] = MSW(stat);			qla2x00_async_event(ha, mb);			break;		case 0x16:			mb[0] = MBA_SCSI_COMPLETION;			mb[1] = MSW(stat);			mb[2] = RD_MAILBOX_REG(ha, reg, 2);			qla2x00_async_event(ha, mb);			break;		default:			DEBUG2(printk("scsi(%ld): Unrecognized interrupt type "			    "(%d)./n",			    ha->host_no, stat & 0xff));			break;		}		WRT_REG_WORD(&reg->hccr, HCCR_CLR_RISC_INT);		RD_REG_WORD_RELAXED(&reg->hccr);	}	spin_unlock_irqrestore(&ha->hardware_lock, flags);	if (test_bit(MBX_INTR_WAIT, &ha->mbx_cmd_flags) &&//.........这里部分代码省略.........

//.........这里部分代码省略.........                cf_section_free(&cs);                return -1;            }        }    }#ifdef HAVE_SETUID    /*     *	Switch users as early as possible.     */    if (!switch_users(cs)) exit(1);#endif    /*     *	Open the log file AFTER switching uid / gid.  If we     *	did switch uid/gid, then the code in switch_users()     *	took care of setting the file permissions correctly.     */    if ((mainconfig.radlog_dest == RADLOG_FILES) &&            (mainconfig.radlog_fd < 0)) {        mainconfig.radlog_fd = open(mainconfig.log_file,                                    O_WRONLY | O_APPEND | O_CREAT, 0640);        if (mainconfig.radlog_fd < 0) {            fprintf(stderr, "radiusd: Failed to open log file %s: %s/n", mainconfig.log_file, strerror(errno));            cf_section_free(&cs);            return -1;        }    }    /* Initialize the dictionary */    cp = cf_pair_find(cs, "dictionary");    if (cp) p = cf_pair_value(cp);    if (!p) p = radius_dir;    DEBUG2("including dictionary file %s/%s", p, RADIUS_DICTIONARY);    if (dict_init(p, RADIUS_DICTIONARY) != 0) {        radlog(L_ERR, "Errors reading dictionary: %s",               fr_strerror());        return -1;    }    /*     *	This allows us to figure out where, relative to     *	radiusd.conf, the other configuration files exist.     */    cf_section_parse(cs, NULL, server_config);    /*     *	Free the old configuration items, and replace them     *	with the new ones.     *     *	Note that where possible, we do atomic switch-overs,     *	to ensure that the pointers are always valid.     */    cf_section_free(&mainconfig.config);    mainconfig.config = cs;    DEBUG2("%s: #### Loading Realms and Home Servers ####", mainconfig.name);    if (!realms_init(cs)) {        return -1;    }    DEBUG2("%s: #### Loading Clients ####", mainconfig.name);    if (!clients_parse_section(cs)) {        return -1;    }