2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 * @brief Structures, prototypes and global variables for the FreeRADIUS server.
24 * @copyright 1999-2000,2002-2008 The FreeRADIUS server project
27 RCSIDH(radiusd_h, "$Id$")
29 #include <freeradius-devel/libradius.h>
30 #include <freeradius-devel/radpaths.h>
31 #include <freeradius-devel/conf.h>
32 #include <freeradius-devel/conffile.h>
33 #include <freeradius-devel/event.h>
34 #include <freeradius-devel/connection.h>
35 #include <freeradius-devel/map.h>
37 typedef struct request REQUEST;
39 #include <freeradius-devel/log.h>
45 #ifdef HAVE_PCREPOSIX_H
46 #include <pcreposix.h>
52 * For POSIX Regular expressions.
53 * (0) Means no extended regular expressions.
54 * REG_EXTENDED means use extended regular expressions.
57 #define REG_EXTENDED (0)
67 #define REQUEST_MAGIC (0xdeadbeef)
71 * WITH_VMPS is handled by src/include/features.h
78 #include <freeradius-devel/tls.h>
81 #include <freeradius-devel/stats.h>
82 #include <freeradius-devel/realms.h>
84 #ifdef WITH_COMMAND_SOCKET
85 #define PW_RADMIN_PORT 18120
95 typedef struct request_data_t request_data_t;
97 typedef struct radclient {
99 fr_ipaddr_t src_ipaddr;
101 char const *longname;
103 char const *shortname;
104 int message_authenticator;
109 int number; /* internal use only */
110 CONF_SECTION const *cs;
113 #ifdef WITH_ACCOUNTING
124 fr_socket_limit_t limit;
130 #ifdef WITH_DYNAMIC_CLIENTS
132 int dynamic; /* was dynamically defined */
134 time_t last_new_client;
141 home_server *coa_server;
142 home_pool_t *coa_pool;
147 * Types of listeners.
149 * Ordered by priority!
151 typedef enum RAD_LISTEN_TYPE {
157 #ifdef WITH_ACCOUNTING
169 #ifdef WITH_COMMAND_SOCKET
180 * For listening on multiple IP's and ports.
182 typedef struct rad_listen_t rad_listen_t;
184 typedef void (*fr_request_process_t)(REQUEST *, int);
186 * Function handler for requests.
188 typedef int (*RAD_REQUEST_FUNP)(REQUEST *);
190 #define REQUEST_DATA_REGEX (0xadbeef00)
191 #define REQUEST_MAX_REGEX (8)
193 #if defined(WITH_VERIFY_PTR)
194 #define VERIFY_REQUEST(_x) (void) talloc_get_type_abort(_x, REQUEST)
196 #define VERIFY_REQUEST(_x)
201 uint32_t magic; //!< Magic number used to
202 //!< detect memory corruption,
203 //!< or request structs that
204 //!< have not been properly
207 RADIUS_PACKET *packet; //!< Incoming request.
209 RADIUS_PACKET *proxy; //!< Outgoing request.
211 RADIUS_PACKET *reply; //!< Outgoing response.
213 RADIUS_PACKET *proxy_reply; //!< Incoming response.
215 VALUE_PAIR *config_items; //!< VALUE_PAIR s used to set
216 //!< per request parameters for
217 //!< modules and the server
218 //!< core at runtime.
219 VALUE_PAIR *username; //!< Cached username VALUE_PAIR.
220 VALUE_PAIR *password; //!< Cached password VALUE_PAIR.
222 fr_request_process_t process; //!< The function to call to
223 //!< move the request through
224 //!< the state machine.
226 RAD_REQUEST_FUNP handle; //!< The function to call to
227 //!< move the request through
228 //!< the various server
229 //!< configuration sections.
231 struct main_config_t *root; //!< Pointer to the main config
232 //!< hack to try and deal with
235 request_data_t *data; //!< Request metadata.
237 RADCLIENT *client; //!< The client that originally
238 //!< sent us the request.
240 #ifdef HAVE_PTHREAD_H
241 pthread_t child_pid; //!< Current thread handling
244 time_t timestamp; //!< When the request was
246 unsigned int number; //!< Monotonically increasing
247 //!< request number. Reset on
250 rad_listen_t *listener; //!< The listener that received
253 rad_listen_t *proxy_listener;//!< Listener for outgoing
258 int simul_max; //!< Maximum number of
259 //!< concurrent sessions for
261 #ifdef WITH_SESSION_MGMT
262 int simul_count; //!< The current number of
263 //!< sessions for this user.
264 int simul_mpp; //!< WEIRD: 1 is false,
268 log_debug_t options; //!< Request options, currently
269 //!< just holds the debug level
270 //!< for the request.
272 char const *module; //!< Module the request is
273 //!< currently being processed
275 char const *component; //!< Section the request is
282 RAD_LISTEN_TYPE priority;
291 home_server *home_server;
292 home_pool_t *home_pool; /* for dynamic failover */
294 struct timeval proxy_retransmit;
296 int num_proxied_requests;
297 int num_proxied_responses;
302 radlog_func_t radlog; //!< Function to call to output
303 //!< log messages about this
306 REQUEST *coa; //!< CoA request originated
307 //!< by this request.
308 int num_coa_requests;//!< Counter for number of
309 //!< requests sent including
312 }; /* REQUEST typedef */
314 #define RAD_REQUEST_OPTION_NONE (0)
315 #define RAD_REQUEST_OPTION_DEBUG (1)
316 #define RAD_REQUEST_OPTION_DEBUG2 (2)
317 #define RAD_REQUEST_OPTION_DEBUG3 (3)
318 #define RAD_REQUEST_OPTION_DEBUG4 (4)
320 #define REQUEST_ACTIVE (1)
321 #define REQUEST_STOP_PROCESSING (2)
322 #define REQUEST_COUNTED (3)
324 #define REQUEST_QUEUED (1)
325 #define REQUEST_RUNNING (2)
326 #define REQUEST_PROXIED (3)
327 #define REQUEST_REJECT_DELAY (4)
328 #define REQUEST_CLEANUP_DELAY (5)
329 #define REQUEST_DONE (6)
331 typedef struct radclient_list RADCLIENT_LIST;
333 typedef int (*rad_listen_recv_t)(rad_listen_t *);
334 typedef int (*rad_listen_send_t)(rad_listen_t *, REQUEST *);
335 typedef int (*rad_listen_print_t)(rad_listen_t const *, char *, size_t);
336 typedef int (*rad_listen_encode_t)(rad_listen_t *, REQUEST *);
337 typedef int (*rad_listen_decode_t)(rad_listen_t *, REQUEST *);
339 struct rad_listen_t {
340 struct rad_listen_t *next; /* should be rbtree stuff */
343 * For normal sockets.
345 RAD_LISTEN_TYPE type;
357 fr_tls_server_conf_t *tls;
360 rad_listen_recv_t recv;
361 rad_listen_send_t send;
362 rad_listen_encode_t encode;
363 rad_listen_decode_t decode;
364 rad_listen_print_t print;
366 CONF_SECTION const *cs;
375 * This shouldn't really be exposed...
377 typedef struct listen_socket_t {
379 * For normal sockets.
381 fr_ipaddr_t my_ipaddr;
384 char const *interface;
393 /* for outgoing sockets */
395 fr_ipaddr_t other_ipaddr;
401 /* for a proxy connecting to home servers */
406 fr_socket_limit_t limit;
408 struct listen_socket_t *parent;
411 RADIUS_PACKET *packet; /* for reading partial packets */
416 REQUEST *request; /* horrible hacks */
418 pthread_mutex_t mutex;
422 RADCLIENT_LIST *clients;
425 #define RAD_LISTEN_STATUS_INIT (0)
426 #define RAD_LISTEN_STATUS_KNOWN (1)
427 #define RAD_LISTEN_STATUS_EOL (2)
428 #define RAD_LISTEN_STATUS_REMOVE_NOW (3)
430 typedef struct main_config_t {
431 struct main_config *next;
432 fr_ipaddr_t myip; /* from the command-line only */
433 int port; /* from the command-line only */
435 int log_auth_badpass;
436 int log_auth_goodpass;
437 int allow_core_dumps;
444 int max_request_time;
447 #ifdef DELETE_BLOCKED_REQUESTS
448 int kill_unresponsive_children;
451 char const *dictionary_dir;
453 char const *pid_file;
454 rad_listen_t *listen;
456 CONF_SECTION *config;
458 char const *auth_badpass_msg;
459 char const *auth_goodpass_msg;
463 #define SECONDS_PER_DAY 86400
464 #define MAX_REQUEST_TIME 30
465 #define CLEANUP_DELAY 5
466 #define MAX_REQUESTS 256
467 #define RETRY_DELAY 5
468 #define RETRY_COUNT 3
469 #define DEAD_TIME 120
471 /* for paircompare_register */
472 typedef int (*RAD_COMPARE_FUNC)(void *instance, REQUEST *,VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR **);
474 typedef enum request_fail {
475 REQUEST_FAIL_UNKNOWN = 0,
476 REQUEST_FAIL_NO_THREADS, //!< No threads to handle it.
477 REQUEST_FAIL_DECODE, //!< Rad_decode didn't like it.
478 REQUEST_FAIL_PROXY, //!< Call to proxy modules failed.
479 REQUEST_FAIL_PROXY_SEND, //!< Proxy_send didn't like it.
480 REQUEST_FAIL_NO_RESPONSE, //!< We weren't told to respond,
482 REQUEST_FAIL_HOME_SERVER, //!< The home server didn't respond.
483 REQUEST_FAIL_HOME_SERVER2, //!< Another case of the above.
484 REQUEST_FAIL_HOME_SERVER3, //!< Another case of the above.
485 REQUEST_FAIL_NORMAL_REJECT, //!< Authentication failure.
486 REQUEST_FAIL_SERVER_TIMEOUT //!< The server took too long to
487 //!< process the request.
493 * We really shouldn't have this many.
495 extern char const *progname;
496 extern log_debug_t debug_flag;
497 extern char const *radacct_dir;
498 extern char const *radlog_dir;
499 extern char const *radlib_dir;
500 extern char const *radius_dir;
501 extern char const *radius_libdir;
502 extern uint32_t expiration_seconds;
503 extern int log_stripped_names;
504 extern int log_auth_detail;
505 extern char const *radiusd_version;
506 void radius_signal_self(int flag);
508 #define RADIUS_SIGNAL_SELF_NONE (0)
509 #define RADIUS_SIGNAL_SELF_HUP (1 << 0)
510 #define RADIUS_SIGNAL_SELF_TERM (1 << 1)
511 #define RADIUS_SIGNAL_SELF_EXIT (1 << 2)
512 #define RADIUS_SIGNAL_SELF_DETAIL (1 << 3)
513 #define RADIUS_SIGNAL_SELF_NEW_FD (1 << 4)
514 #define RADIUS_SIGNAL_SELF_MAX (1 << 5)
517 * Function prototypes.
521 int rad_accounting(REQUEST *);
524 int rad_check_ts(uint32_t nasaddr, unsigned int port, char const *user,
525 char const *sessionid);
526 int session_zap(REQUEST *request, uint32_t nasaddr,
527 unsigned int port, char const *user,
528 char const *sessionid, uint32_t cliaddr,
529 char proto,int session_time);
533 void debug_pair(VALUE_PAIR *);
534 void debug_pair_list(VALUE_PAIR *);
535 void rdebug_pair_list(int, REQUEST *, VALUE_PAIR *);
536 int log_err (char *);
539 #define MEM(x) if (!(x)) { ERROR("Out of memory"); exit(1); }
540 void (*reset_signal(int signo, void (*func)(int)))(int);
541 void request_free(REQUEST **request);
542 int request_opaque_free(REQUEST *request);
543 int rad_mkdir(char *directory, mode_t mode);
544 int rad_checkfilename(char const *filename);
545 int rad_file_exists(char const *filename);
546 void *rad_malloc(size_t size); /* calls exit(1) on error! */
547 void *rad_calloc(size_t size); /* calls exit(1) on error! */
548 void rad_const_free(void const *ptr);
549 REQUEST *request_alloc(TALLOC_CTX *ctx);
550 REQUEST *request_alloc_fake(REQUEST *oldreq);
551 REQUEST *request_alloc_coa(REQUEST *request);
552 int request_data_add(REQUEST *request,
553 void *unique_ptr, int unique_int,
554 void *opaque, bool free_opaque);
555 void *request_data_get(REQUEST *request,
556 void *unique_ptr, int unique_int);
557 void *request_data_reference(REQUEST *request,
558 void *unique_ptr, int unique_int);
559 int rad_copy_string(char *dst, char const *src);
560 int rad_copy_string_bare(char *dst, char const *src);
561 int rad_copy_variable(char *dst, char const *from);
562 int rad_pps(int *past, int *present, time_t *then,
563 struct timeval *now);
564 int rad_expand_xlat(REQUEST *request, char const *cmd,
565 int max_argc, char *argv[], bool can_fail,
566 size_t argv_buflen, char *argv_buf);
567 void rad_regcapture(REQUEST *request, int compare, char const *value,
568 regmatch_t rxmatch[]);
571 RADCLIENT_LIST *clients_init(CONF_SECTION *cs);
572 void clients_free(RADCLIENT_LIST *clients);
573 RADCLIENT_LIST *clients_parse_section(CONF_SECTION *section, bool tls_required);
574 void client_free(RADCLIENT *client);
575 int client_add(RADCLIENT_LIST *clients, RADCLIENT *client);
576 #ifdef WITH_DYNAMIC_CLIENTS
577 void client_delete(RADCLIENT_LIST *clients, RADCLIENT *client);
578 RADCLIENT *client_from_query(TALLOC_CTX *ctx, char const *identifier, char const *secret, char const *shortname,
579 char const *type, char const *server, bool require_ma);
580 RADCLIENT *client_from_request(RADCLIENT_LIST *clients, REQUEST *request);
582 RADCLIENT *client_find(RADCLIENT_LIST const *clients,
583 fr_ipaddr_t const *ipaddr, int proto);
585 RADCLIENT *client_findbynumber(RADCLIENT_LIST const *clients,
587 RADCLIENT *client_find_old(fr_ipaddr_t const *ipaddr);
588 bool client_validate(RADCLIENT_LIST *clients, RADCLIENT *master, RADCLIENT *c);
589 RADCLIENT *client_read(char const *filename, int in_server, int flag);
593 int pairlist_read(TALLOC_CTX *ctx, char const *file, PAIR_LIST **list, int complain);
594 void pairlist_free(PAIR_LIST **);
597 int ssl_check_version(void);
598 char const *ssl_version(void);
602 char *auth_name(char *buf, size_t buflen, REQUEST *request, int do_cli);
603 int rad_authenticate (REQUEST *);
604 int rad_postauth(REQUEST *);
605 int rad_virtual_server(REQUEST *);
608 pid_t radius_start_program(char const *cmd, REQUEST *request,
612 VALUE_PAIR *input_pairs,
614 int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
615 char *answer, int left);
616 int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
617 char *user_msg, size_t msg_len,
618 VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs);
619 void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quench);
622 int paircompare_register(DICT_ATTR const *attribute, DICT_ATTR const *from,
623 bool first_only, RAD_COMPARE_FUNC func, void *instance);
624 void paircompare_unregister(DICT_ATTR const *attr, RAD_COMPARE_FUNC func);
625 void paircompare_unregister_instance(void *instance);
626 int paircompare(REQUEST *request, VALUE_PAIR *req_list,
627 VALUE_PAIR *check, VALUE_PAIR **rep_list);
628 int radius_xlat_do(REQUEST *request, VALUE_PAIR *vp);
629 void radius_xlat_move(REQUEST *, VALUE_PAIR **to, VALUE_PAIR **from);
630 int radius_compare_vps(REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *vp);
631 int radius_callback_compare(REQUEST *request, VALUE_PAIR *req,
632 VALUE_PAIR *check, VALUE_PAIR *check_pairs,
633 VALUE_PAIR **reply_pairs);
634 int radius_find_compare(DICT_ATTR const *attribute);
635 VALUE_PAIR *radius_paircreate(REQUEST *request, VALUE_PAIR **vps,
636 unsigned int attribute, unsigned int vendor);
637 void module_failure_msg(REQUEST *request, char const *fmt, ...)
639 __attribute__ ((format (printf, 2, 3)))
644 * Less code == less bugs
646 #define pairmake_packet(_a, _b, _c) pairmake(request->packet, &request->packet->vps, _a, _b, _c)
647 #define pairmake_reply(_a, _b, _c) pairmake(request->reply, &request->reply->vps, _a, _b, _c)
648 #define pairmake_config(_a, _b, _c) pairmake(request, &request->config_items, _a, _b, _c)
652 typedef size_t (*RADIUS_ESCAPE_STRING)(REQUEST *, char *out, size_t outlen, char const *in, void *arg);
654 ssize_t radius_xlat(char *out, size_t outlen, REQUEST *request, char const *fmt, RADIUS_ESCAPE_STRING escape,
657 ssize_t radius_axlat(char **out, REQUEST *request, char const *fmt, RADIUS_ESCAPE_STRING escape,
660 typedef ssize_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, char const *, char *, size_t);
661 int xlat_register(char const *module, RAD_XLAT_FUNC func, RADIUS_ESCAPE_STRING escape,
663 void xlat_unregister(char const *module, RAD_XLAT_FUNC func,
665 void xlat_free(void);
668 extern int thread_pool_init(CONF_SECTION *cs, int *spawn_flag);
669 extern void thread_pool_stop(void);
670 extern int thread_pool_addrequest(REQUEST *, RAD_REQUEST_FUNP);
671 extern pid_t rad_fork(void);
672 extern pid_t rad_waitpid(pid_t pid, int *status);
673 extern int total_active_threads(void);
674 extern void thread_pool_lock(void);
675 extern void thread_pool_unlock(void);
676 extern void thread_pool_queue_stats(int array[RAD_LISTEN_MAX], int pps[2]);
678 #ifndef HAVE_PTHREAD_H
679 #define rad_fork(n) fork()
680 #define rad_waitpid(a,b) waitpid(a,b, 0)
684 /* Define a global config structure */
685 extern struct main_config_t mainconfig;
687 int read_mainconfig(int reload);
688 int free_mainconfig(void);
689 void hup_mainconfig(void);
690 void hup_logfile(void);
691 void fr_suid_down(void);
692 void fr_suid_up(void);
693 void fr_suid_down_permanent(void);
696 void listen_free(rad_listen_t **head);
697 int listen_init(CONF_SECTION *cs, rad_listen_t **head, int spawn_flag);
698 rad_listen_t *proxy_new_listener(home_server *home, int src_port);
699 RADCLIENT *client_listener_find(rad_listen_t *listener,
700 fr_ipaddr_t const *ipaddr, int src_port);
703 RADCLIENT_LIST *listener_find_client_list(fr_ipaddr_t const *ipaddr,
706 rad_listen_t *listener_find_byipaddr(fr_ipaddr_t const *ipaddr, int port,
708 int rad_status_server(REQUEST *request);
711 int radius_event_init(CONF_SECTION *cs, int spawn_flag);
712 void radius_event_free(void);
713 int radius_event_process(void);
714 int event_new_fd(rad_listen_t *listener);
715 void revive_home_server(void *ctx);
716 void mark_home_server_dead(home_server *home, struct timeval *when);
719 typedef struct fr_cond_t fr_cond_t;
720 typedef int (*radius_tmpl_getvalue_t)(VALUE_PAIR **out, REQUEST *request, value_pair_map_t const *map, void *ctx);
722 int radius_evaluate_tmpl(REQUEST *request, int modreturn, int depth,
723 value_pair_tmpl_t const *vpt);
724 int radius_evaluate_map(REQUEST *request, int modreturn, int depth,
726 int radius_evaluate_cond(REQUEST *request, int modreturn, int depth,
728 void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from);
730 VALUE_PAIR **radius_list(REQUEST *request, pair_lists_t list);
731 pair_lists_t radius_list_name(char const **name, pair_lists_t unknown);
732 int radius_request(REQUEST **request, request_refs_t name);
733 request_refs_t radius_request_name(char const **name, request_refs_t unknown);
735 int radius_mapexec(VALUE_PAIR **out, REQUEST *request, value_pair_map_t const *map);
736 int radius_map2vp(VALUE_PAIR **out, REQUEST *request, value_pair_map_t const *map, void *ctx);
737 int radius_map2request(REQUEST *request, value_pair_map_t const *map,
738 char const *src, radius_tmpl_getvalue_t func, void *ctx);
740 int radius_str2vp(REQUEST *request, char const *str, request_refs_t request_def, pair_lists_t list_def);
741 VALUE_PAIR *radius_vpt_get_vp(REQUEST *request, value_pair_tmpl_t const *vpt);
742 int radius_get_vp(REQUEST *request, char const *name, VALUE_PAIR **vp_p);
746 * For run-time patching of which function handles which socket.
748 int dual_tls_recv(rad_listen_t *listener);
749 int dual_tls_send(rad_listen_t *listener, REQUEST *request);
750 int proxy_tls_recv(rad_listen_t *listener);
751 int proxy_tls_send(rad_listen_t *listener, REQUEST *request);