2 * event.c Server event handling
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2007 The FreeRADIUS server project
21 * Copyright 2007 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/modules.h>
30 #include <freeradius-devel/event.h>
31 #include <freeradius-devel/radius_snmp.h>
33 #include <freeradius-devel/rad_assert.h>
35 #define USEC (1000000)
38 * Ridiculous amounts of local state.
40 static lrad_event_list_t *el = NULL;
41 static lrad_packet_list_t *pl = NULL;
42 static int request_num_counter = 0;
43 static struct timeval now;
44 static time_t start_time;
45 static int have_children;
48 static pthread_mutex_t proxy_mutex;
50 #define PTHREAD_MUTEX_LOCK if (have_children) pthread_mutex_lock
51 #define PTHREAD_MUTEX_UNLOCK if (have_children) pthread_mutex_unlock
54 * This is easier than ifdef's throughout the code.
56 #define PTHREAD_MUTEX_LOCK(_x)
57 #define PTHREAD_MUTEX_UNLOCK(_x)
60 #define INSERT_EVENT(_function, _ctx) if (!lrad_event_insert(el, _function, _ctx, &((_ctx)->when), &((_ctx)->ev))) { _rad_panic(__FILE__, __LINE__, "Failed to insert event"); }
62 static lrad_packet_list_t *proxy_list = NULL;
65 * We keep the proxy FD's here. The RADIUS Id's are marked
66 * "allocated" per Id, via a bit per proxy FD.
68 static int proxy_fds[32];
69 static rad_listen_t *proxy_listeners[32];
72 static void NEVER_RETURNS _rad_panic(const char *file, unsigned int line,
75 radlog(L_ERR, "]%s:%d] %s", file, line, msg);
79 #define rad_panic(x) _rad_panic(__FILE__, __LINE__, x)
82 static void tv_add(struct timeval *tv, int usec_delay)
84 if (usec_delay > USEC) {
85 tv->tv_sec += usec_delay / USEC;
88 tv->tv_usec += usec_delay;
90 if (tv->tv_usec > USEC) {
97 static void snmp_inc_client_responses(RADCLIENT *client,
100 if (!mainconfig.do_snmp) return;
103 * Update the SNMP statistics.
105 * Note that we do NOT do this in a child thread.
106 * Instead, we update the stats when a request is
107 * deleted, because only the main server thread calls
108 * this function, which makes it thread-safe.
110 switch (request->reply->code) {
111 case PW_AUTHENTICATION_ACK:
112 rad_snmp.auth.total_responses++;
113 rad_snmp.auth.total_access_accepts++;
114 if (client) client->auth->accepts++;
117 case PW_AUTHENTICATION_REJECT:
118 rad_snmp.auth.total_responses++;
119 rad_snmp.auth.total_access_rejects++;
120 if (client) client->auth->rejects++;
123 case PW_ACCESS_CHALLENGE:
124 rad_snmp.auth.total_responses++;
125 rad_snmp.auth.total_access_challenges++;
126 if (client) client->auth->challenges++;
129 case PW_ACCOUNTING_RESPONSE:
130 rad_snmp.acct.total_responses++;
131 if (client) client->auth->responses++;
135 * No response, it must have been a bad
139 if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
140 rad_snmp.auth.total_bad_authenticators++;
141 if (client) client->auth->bad_authenticators++;
150 #define snmp_inc_client_responses(_x, _y)
154 static void remove_from_request_hash(REQUEST *request)
156 if (!request->in_request_hash) return;
158 lrad_packet_list_yank(pl, request->packet);
159 request->in_request_hash = FALSE;
162 if ((request->listener->type == RAD_LISTEN_AUTH) ||
163 (request->listener->type == RAD_LISTEN_ACCT)) {
164 snmp_inc_client_responses(client_listener_find(request->listener,
165 &request->packet->src_ipaddr),
172 static REQUEST *lookup_in_proxy_hash(RADIUS_PACKET *reply)
174 RADIUS_PACKET **proxy_p;
177 PTHREAD_MUTEX_LOCK(&proxy_mutex);
178 proxy_p = lrad_packet_list_find_byreply(proxy_list, reply);
181 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
185 request = lrad_packet2myptr(REQUEST, proxy, proxy_p);
188 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
192 request->num_proxied_responses++;
195 * Catch the most common case of everything working
198 if (request->num_proxied_requests == request->num_proxied_responses) {
200 * FIXME: remove from the event list, too?
202 lrad_packet_list_yank(proxy_list, request->proxy);
203 lrad_packet_list_id_free(proxy_list, request->proxy);
204 request->in_proxy_hash = FALSE;
207 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
213 static void remove_from_proxy_hash(REQUEST *request)
215 if (!request->in_proxy_hash) return;
217 PTHREAD_MUTEX_LOCK(&proxy_mutex);
218 if (request->home_server->currently_outstanding) {
219 request->home_server->currently_outstanding--;
221 lrad_packet_list_yank(proxy_list, request->proxy);
222 lrad_packet_list_id_free(proxy_list, request->proxy);
223 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
225 request->in_proxy_hash = FALSE;
229 static int insert_into_proxy_hash(REQUEST *request)
234 rad_assert(request->proxy != NULL);
235 rad_assert(proxy_list != NULL);
237 request->proxy->sockfd = -1;
239 PTHREAD_MUTEX_LOCK(&proxy_mutex);
241 request->home_server->currently_outstanding++;
243 if (!lrad_packet_list_id_alloc(proxy_list, request->proxy)) {
245 rad_listen_t *proxy_listener;
248 * Allocate a new proxy fd. This function adds it
249 * into the list of listeners.
251 proxy_listener = proxy_new_listener();
252 if (!proxy_listener) {
253 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
254 DEBUG2("ERROR: Failed to create a new socket for proxying requests.");
262 proxy = proxy_listener->fd;
263 for (i = 0; i < 32; i++) {
264 DEBUG2("PROXY %d %d", i, proxy_fds[(proxy + i) & 0x1f]);
267 * Found a free entry. Save the socket,
268 * and remember where we saved it.
270 if (proxy_fds[(proxy + i) & 0x1f] == -1) {
271 found = (proxy + i) & 0x1f;
272 proxy_fds[found] = proxy;
273 proxy_listeners[found] = proxy_listener;
277 rad_assert(found >= 0);
279 if (!lrad_packet_list_socket_add(proxy_list, proxy_listener->fd)) {
280 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
281 DEBUG2("ERROR: Failed to create a new socket for proxying requests.");
282 return 0; /* leak proxy_listener */
286 if (!lrad_packet_list_id_alloc(proxy_list, request->proxy)) {
287 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
288 DEBUG2("ERROR: Failed to create a new socket for proxying requests.");
292 rad_assert(request->proxy->sockfd >= 0);
295 * FIXME: Hack until we get rid of rad_listen_t, and put
296 * the information into the packet_list.
299 for (i = 0; i < 32; i++) {
300 if (proxy_fds[i] == request->proxy->sockfd) {
307 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
308 DEBUG2("ERROR: All sockets are full.");
312 rad_assert(proxy_fds[proxy] != -1);
313 rad_assert(proxy_listeners[proxy] != NULL);
314 request->proxy_listener = proxy_listeners[proxy];
316 if (!lrad_packet_list_insert(proxy_list, &request->proxy)) {
317 /* FIXME: free id? */
318 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
319 DEBUG2("ERROR: Failed to insert entry into proxy list");
323 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
325 DEBUG3(" proxy: allocating destination %s port %d - Id %d",
326 inet_ntop(request->proxy->dst_ipaddr.af,
327 &request->proxy->dst_ipaddr.ipaddr, buf, sizeof(buf)),
328 request->proxy->dst_port,
331 request->in_proxy_hash = TRUE;
338 * Called as BOTH an event, and in-line from other functions.
340 static void wait_for_proxy_id_to_expire(void *ctx)
342 REQUEST *request = ctx;
343 home_server *home = request->home_server;
345 rad_assert(request->magic == REQUEST_MAGIC);
346 rad_assert(request->proxy != NULL);
349 * FIXME: handle the case of RETRY from one home server
352 * Do we even have to do anything?
354 request->when = request->proxy_when;
355 request->when.tv_sec += home->response_window;
357 if ((request->num_proxied_requests == request->num_proxied_responses) ||
358 timercmp(&now, &request->when, >)) {
359 if (request->packet) {
360 DEBUG2("Cleaning up request %d ID %d with timestamp +%d",
361 request->number, request->packet->id,
362 (unsigned int) (request->timestamp - start_time));
364 DEBUG2("Cleaning up request %d with timestamp +%d",
366 (unsigned int) (request->timestamp - start_time));
368 lrad_event_delete(el, &request->ev);
369 remove_from_proxy_hash(request);
370 remove_from_request_hash(request);
371 request_free(&request);
375 INSERT_EVENT(wait_for_proxy_id_to_expire, request);
379 static void wait_for_child_to_die(void *ctx)
381 REQUEST *request = ctx;
383 rad_assert(request->magic == REQUEST_MAGIC);
385 if ((request->child_state == REQUEST_QUEUED) |
386 (request->child_state == REQUEST_RUNNING)) {
387 request->delay += (request->delay >> 1);
388 tv_add(&request->when, request->delay);
390 DEBUG2("Child is still stuck for request %d", request->number);
392 INSERT_EVENT(wait_for_child_to_die, request);
396 DEBUG2("Child is finally responsive for request %d", request->number);
397 remove_from_request_hash(request);
399 if (request->proxy) {
400 wait_for_proxy_id_to_expire(request);
404 request_free(&request);
408 static void cleanup_delay(void *ctx)
410 REQUEST *request = ctx;
412 rad_assert(request->magic == REQUEST_MAGIC);
413 rad_assert((request->child_state == REQUEST_CLEANUP_DELAY) ||
414 (request->child_state == REQUEST_DONE));
416 remove_from_request_hash(request);
418 if (request->proxy &&
419 request->in_proxy_hash) {
420 wait_for_proxy_id_to_expire(request);
424 DEBUG2("Cleaning up request %d ID %d with timestamp +%d",
425 request->number, request->packet->id,
426 (unsigned int) (request->timestamp - start_time));
428 lrad_event_delete(el, &request->ev);
429 request_free(&request);
433 static void reject_delay(void *ctx)
435 REQUEST *request = ctx;
437 rad_assert(request->magic == REQUEST_MAGIC);
438 rad_assert(request->child_state == REQUEST_REJECT_DELAY);
440 DEBUG2("Sending delayed reject for request %d", request->number);
442 request->listener->send(request->listener, request);
444 request->when.tv_sec += mainconfig.cleanup_delay;
445 request->child_state = REQUEST_CLEANUP_DELAY;
447 INSERT_EVENT(cleanup_delay, request);
451 static void revive_home_server(void *ctx)
453 home_server *home = ctx;
455 home->state = HOME_STATE_ALIVE;
456 DEBUG2("Marking home server alive again... we have no idea if it really is alive or not.");
457 home->currently_outstanding = 0;
461 static void no_response_to_ping(void *ctx)
463 REQUEST *request = ctx;
464 home_server *home = request->home_server;
467 home->num_received_pings = 0;
469 DEBUG2("No response to ping %d from home server %s port %d",
471 inet_ntop(request->proxy->dst_ipaddr.af,
472 &request->proxy->dst_ipaddr.ipaddr,
473 buffer, sizeof(buffer)),
474 request->proxy->dst_port);
476 wait_for_proxy_id_to_expire(request);
480 static void received_response_to_ping(REQUEST *request)
482 home_server *home = request->home_server;
485 home->num_received_pings++;
487 DEBUG2("Received response to ping %d (%d in current sequence)",
488 request->number, home->num_received_pings);
490 if (home->num_received_pings < home->num_pings_to_alive) {
491 wait_for_proxy_id_to_expire(request);
495 DEBUG2("Marking home server %s port %d alive",
496 inet_ntop(request->proxy->dst_ipaddr.af,
497 &request->proxy->dst_ipaddr.ipaddr,
498 buffer, sizeof(buffer)),
499 request->proxy->dst_port);
501 if (!lrad_event_delete(el, &home->ev)) {
502 DEBUG2("Hmm... no event for home server, WTF?");
505 if (!lrad_event_delete(el, &request->ev)) {
506 DEBUG2("Hmm... no event for request, WTF?");
509 wait_for_proxy_id_to_expire(request);
511 home->state = HOME_STATE_ALIVE;
512 home->currently_outstanding = 0;
516 static void ping_home_server(void *ctx)
519 home_server *home = ctx;
523 if (home->state == HOME_STATE_ALIVE) {
524 radlog(L_INFO, "Suspicious proxy state... continuing");
528 request = request_alloc();
529 request->number = request_num_counter++;
531 request->proxy = rad_alloc(1);
532 rad_assert(request->proxy != NULL);
534 gettimeofday(&request->when, NULL);
535 home->when = request->when;
537 if (home->ping_check == HOME_PING_CHECK_STATUS_SERVER) {
538 request->proxy->code = PW_STATUS_SERVER;
540 vp = pairmake("Message-Authenticator", "0x00", T_OP_SET);
541 if (!vp) rad_panic("Out of memory");
542 pairadd(&request->proxy->vps, vp);
544 } else if (home->type == HOME_TYPE_AUTH) {
545 request->proxy->code = PW_AUTHENTICATION_REQUEST;
547 vp = pairmake("User-Name", home->ping_user_name, T_OP_SET);
548 if (!vp) rad_panic("Out of memory");
549 pairadd(&request->proxy->vps, vp);
551 vp = pairmake("User-Password", home->ping_user_password, T_OP_SET);
552 if (!vp) rad_panic("Out of memory");
553 pairadd(&request->proxy->vps, vp);
555 vp = pairmake("Service-Type", "Authenticate-Only", T_OP_SET);
556 if (!vp) rad_panic("Out of memory");
557 pairadd(&request->proxy->vps, vp);
559 vp = pairmake("Message-Authenticator", "0x00", T_OP_SET);
560 if (!vp) rad_panic("Out of memory");
561 pairadd(&request->proxy->vps, vp);
564 request->proxy->code = PW_ACCOUNTING_REQUEST;
566 vp = pairmake("User-Name", home->ping_user_name, T_OP_SET);
567 if (!vp) rad_panic("Out of memory");
568 pairadd(&request->proxy->vps, vp);
570 vp = pairmake("Acct-Status-Type", "Stop", T_OP_SET);
571 if (!vp) rad_panic("Out of memory");
572 pairadd(&request->proxy->vps, vp);
574 vp = pairmake("Acct-Session-Id", "00000000", T_OP_SET);
575 if (!vp) rad_panic("Out of memory");
576 pairadd(&request->proxy->vps, vp);
578 vp = pairmake("Event-Timestamp", "0", T_OP_SET);
579 if (!vp) rad_panic("Out of memory");
580 vp->vp_date = now.tv_sec;
581 pairadd(&request->proxy->vps, vp);
584 vp = pairmake("NAS-Identifier", "Ping! Are you alive?", T_OP_SET);
585 if (!vp) rad_panic("Out of memory");
586 pairadd(&request->proxy->vps, vp);
588 request->proxy->dst_ipaddr = home->ipaddr;
589 request->proxy->dst_port = home->port;
590 request->home_server = home;
592 rad_assert(request->proxy_listener == NULL);
594 if (!insert_into_proxy_hash(request)) {
595 DEBUG2("Failed inserting ping %d into proxy hash. Discarding it.",
597 request_free(&request);
600 rad_assert(request->proxy_listener != NULL);
601 request->proxy_listener->send(request->proxy_listener,
605 * FIXME: add a separate timeout for ping packets!
607 request->child_state = REQUEST_PROXIED;
608 request->when.tv_sec += mainconfig.cleanup_delay;
610 INSERT_EVENT(no_response_to_ping, request);
613 * Add +/- 2s of jitter, as suggested in RFC 3539
614 * and in the Issues and Fixes draft.
616 home->when.tv_sec += home->ping_interval - 2;
618 jitter = lrad_rand();
619 jitter ^= (jitter >> 10);
620 jitter &= ((1 << 23) - 1); /* 22 bits of 1 */
622 tv_add(&home->when, jitter);
625 INSERT_EVENT(ping_home_server, home);
629 static void check_for_zombie_home_server(REQUEST *request)
635 home = request->home_server;
637 if (home->state != HOME_STATE_ZOMBIE) return;
639 when = home->zombie_period_start;
640 when.tv_sec += home->zombie_period;
642 if (timercmp(&now, &when, <)) {
647 * It's been a zombie for too long, mark it as
650 DEBUG2("FAILURE: Home server %s port %d is dead.",
651 inet_ntop(request->proxy->dst_ipaddr.af,
652 &request->proxy->dst_ipaddr.ipaddr,
653 buffer, sizeof(buffer)),
654 request->proxy->dst_port);
655 home->state = HOME_STATE_IS_DEAD;
656 home->num_received_pings = 0;
657 home->when = request->when;
659 if (home->ping_check != HOME_PING_CHECK_NONE) {
660 rad_assert((home->ping_check == HOME_PING_CHECK_STATUS_SERVER) ||
661 (home->ping_user_name != NULL));
662 home->when.tv_sec += home->ping_interval;
664 INSERT_EVENT(ping_home_server, home);
666 home->when.tv_sec += home->revive_interval;
668 INSERT_EVENT(revive_home_server, home);
672 /* maybe check this against wait_for_proxy_id_to_expire? */
673 static void no_response_to_proxied_request(void *ctx)
675 REQUEST *request = ctx;
679 rad_assert(request->magic == REQUEST_MAGIC);
680 rad_assert(request->child_state == REQUEST_PROXIED);
682 radlog(L_ERR, "Rejecting request %d due to lack of any response from home server %s port %d",
684 inet_ntop(request->proxy->dst_ipaddr.af,
685 &request->proxy->dst_ipaddr.ipaddr,
686 buffer, sizeof(buffer)),
687 request->proxy->dst_port);
690 * FIXME: Run packets through post-proxy-type "Fail"
692 if ((request->proxy->code == PW_ACCOUNTING_REQUEST) ||
693 (request->proxy->code == PW_STATUS_SERVER)) {
694 remove_from_request_hash(request);
695 wait_for_proxy_id_to_expire(request);
698 request->reply->code = PW_AUTHENTICATION_REJECT;
700 request->listener->send(request->listener, request);
702 request->child_state = REQUEST_CLEANUP_DELAY;
703 request->when.tv_sec += mainconfig.cleanup_delay;
705 /* cleanup_delay calls wait_for_proxy_id_to_expire */
707 INSERT_EVENT(cleanup_delay, request);
710 home = request->home_server;
711 if (home->state == HOME_STATE_IS_DEAD) {
712 /* FIXME: assert that some event is set for the home server */
717 * Enable the zombie period when we notice that the home
718 * server hasn't responded. We also back-date the start
719 * of the zombie period to when the proxied request was
722 if (home->state == HOME_STATE_ALIVE) {
723 DEBUG2("WARNING: Home server %s port %d may be dead.",
724 inet_ntop(request->proxy->dst_ipaddr.af,
725 &request->proxy->dst_ipaddr.ipaddr,
726 buffer, sizeof(buffer)),
727 request->proxy->dst_port);
728 home->state = HOME_STATE_ZOMBIE;
729 home->zombie_period_start = now;
730 home->zombie_period_start.tv_sec -= home->response_window;
734 check_for_zombie_home_server(request);
738 static void wait_a_bit(void *ctx)
741 REQUEST *request = ctx;
742 lrad_event_callback_t callback = NULL;
744 rad_assert(request->magic == REQUEST_MAGIC);
746 switch (request->child_state) {
748 case REQUEST_RUNNING:
749 when = request->received;
750 when.tv_sec += mainconfig.max_request_time;
752 if (timercmp(&now, &when, <)) {
753 callback = wait_a_bit;
755 /* FIXME: kill unresponsive children? */
756 radlog(L_ERR, "WARNING: Unresponsive child (id %lu) for request %d, in module %s component %s",
757 (unsigned long)request->child_pid, request->number,
758 request->module ? request->module : "<server core>",
759 request->component ? request->component : "<server core>");
761 request->master_state = REQUEST_STOP_PROCESSING;
763 request->delay = 500000;
764 tv_add(&request->when, request->delay);
765 callback = wait_for_child_to_die;
767 request->delay += request->delay >> 1;
770 case REQUEST_REJECT_DELAY:
771 case REQUEST_CLEANUP_DELAY:
772 request->child_pid = NO_SUCH_CHILD_PID;
774 case REQUEST_PROXIED:
775 rad_assert(request->next_callback != NULL);
777 request->when = request->next_when;
778 callback = request->next_callback;
779 request->next_callback = NULL;
783 * Mark the request as no longer running,
787 request->child_pid = NO_SUCH_CHILD_PID;
788 cleanup_delay(request);
792 rad_panic("Internal sanity check failure");
796 INSERT_EVENT(callback, request);
800 static int request_pre_handler(REQUEST *request)
804 rad_assert(request->magic == REQUEST_MAGIC);
805 rad_assert(request->packet != NULL);
806 rad_assert(request->packet->dst_port != 0);
808 request->child_state = REQUEST_RUNNING;
811 * Don't decode the packet if it's an internal "fake"
812 * request. Instead, just return so that the caller can
815 if (request->packet->dst_port == 0) {
816 request->username = pairfind(request->packet->vps,
818 request->password = pairfind(request->packet->vps,
824 * Put the decoded packet into it's proper place.
826 if (request->proxy_reply != NULL) {
827 rcode = request->proxy_listener->decode(request->proxy_listener,
830 rcode = request->listener->decode(request->listener, request);
834 radlog(L_ERR, "%s Dropping packet without response.", librad_errstr);
835 request->child_state = REQUEST_DONE;
839 if (!request->proxy) {
840 request->username = pairfind(request->packet->vps,
843 int post_proxy_type = 0;
847 * Delete any reply we had accumulated until now.
849 pairfree(&request->reply->vps);
852 * Run the packet through the post-proxy stage,
853 * BEFORE playing games with the attributes.
855 vp = pairfind(request->config_items, PW_POST_PROXY_TYPE);
857 DEBUG2(" Found Post-Proxy-Type %s", vp->vp_strvalue);
858 post_proxy_type = vp->vp_integer;
860 rcode = module_post_proxy(post_proxy_type, request);
863 * Delete the Proxy-State Attributes from the reply.
864 * These include Proxy-State attributes from us and
867 pairdelete(&request->proxy_reply->vps, PW_PROXY_STATE);
870 * Add the attributes left in the proxy reply to
873 pairadd(&request->reply->vps, request->proxy_reply->vps);
874 request->proxy_reply->vps = NULL;
877 * Free proxy request pairs.
879 pairfree(&request->proxy->vps);
882 default: /* Don't Do Anything */
884 case RLM_MODULE_FAIL:
885 /* FIXME: debug print stuff */
886 request->child_state = REQUEST_DONE;
889 case RLM_MODULE_HANDLED:
890 /* FIXME: debug print stuff */
891 request->child_state = REQUEST_DONE;
901 * Return 1 if we did proxy it, or the proxy attempt failed
902 * completely. Either way, the caller doesn't touch the request
903 * any more if we return 1.
905 static int successfully_proxied_request(REQUEST *request)
908 int pre_proxy_type = 0;
909 VALUE_PAIR *realmpair;
910 VALUE_PAIR *strippedname;
919 realmpair = pairfind(request->config_items, PW_PROXY_TO_REALM);
921 (realmpair->length == 0)) {
925 realmname = (char *) realmpair->vp_strvalue;
927 realm = realm_find(realmname);
929 DEBUG2("ERROR: Cannot proxy to unknown realm %s",
933 * Failed proxying means silently discard
934 * accounting responses.
936 if (request->packet->code == PW_ACCOUNTING_REQUEST) {
937 request->child_state = REQUEST_DONE;
941 rad_assert(request->packet->code == PW_AUTHENTICATION_REQUEST);
943 request->reply->code = PW_AUTHENTICATION_REJECT;
949 * Figure out which pool to use.
951 if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
952 pool = realm->auth_pool;
954 } else if (request->packet->code == PW_ACCOUNTING_REQUEST) {
955 pool = realm->acct_pool;
958 rad_panic("Internal sanity check failed");
962 DEBUG2(" WARNING: Cancelling proxy to Realm %s, as the realm is local.",
967 home = home_server_ldb(realmname, pool, request);
970 * FIXME: Run the request through Post-Proxy-Type = Fail
972 DEBUG2("ERROR: Failed to find live home server for realm %s",
976 request->home_pool = pool;
979 * Remember that we sent the request to a Realm.
981 pairadd(&request->packet->vps,
982 pairmake("Realm", realmname, T_OP_EQ));
985 * We read the packet from a detail file, AND it came from
986 * the server we're about to send it to. Don't do that.
988 if ((request->packet->code == PW_ACCOUNTING_REQUEST) &&
989 (request->listener->type == RAD_LISTEN_DETAIL) &&
990 (home->ipaddr.af == AF_INET) &&
991 (request->packet->src_ipaddr.af == AF_INET) &&
992 (home->ipaddr.ipaddr.ip4addr.s_addr == request->packet->src_ipaddr.ipaddr.ip4addr.s_addr)) {
993 DEBUG2(" rlm_realm: Packet came from realm %s, proxy cancelled", realmname);
998 * Allocate the proxy packet, only if it wasn't already
999 * allocated by a module. This check is mainly to support
1000 * the proxying of EAP-TTLS and EAP-PEAP tunneled requests.
1002 * In those cases, the EAP module creates a "fake"
1003 * request, and recursively passes it through the
1004 * authentication stage of the server. The module then
1005 * checks if the request was supposed to be proxied, and
1006 * if so, creates a proxy packet from the TUNNELED request,
1007 * and not from the EAP request outside of the tunnel.
1009 * The proxy then works like normal, except that the response
1010 * packet is "eaten" by the EAP module, and encapsulated into
1013 if (!request->proxy) {
1014 if ((request->proxy = rad_alloc(TRUE)) == NULL) {
1015 radlog(L_ERR|L_CONS, "no memory");
1020 * Copy the request, then look up name and
1021 * plain-text password in the copy.
1023 * Note that the User-Name attribute is the
1024 * *original* as sent over by the client. The
1025 * Stripped-User-Name attribute is the one hacked
1026 * through the 'hints' file.
1028 request->proxy->vps = paircopy(request->packet->vps);
1032 * Strip the name, if told to.
1034 * Doing it here catches the case of proxied tunneled
1037 if (realm->striprealm == TRUE &&
1038 (strippedname = pairfind(request->proxy->vps, PW_STRIPPED_USER_NAME)) != NULL) {
1040 * If there's a Stripped-User-Name attribute in
1041 * the request, then use THAT as the User-Name
1042 * for the proxied request, instead of the
1045 * This is done by making a copy of the
1046 * Stripped-User-Name attribute, turning it into
1047 * a User-Name attribute, deleting the
1048 * Stripped-User-Name and User-Name attributes
1049 * from the vps list, and making the new
1050 * User-Name the head of the vps list.
1052 vp = pairfind(request->proxy->vps, PW_USER_NAME);
1054 vp = paircreate(PW_USER_NAME, PW_TYPE_STRING);
1056 radlog(L_ERR|L_CONS, "no memory");
1059 vp->next = request->proxy->vps;
1060 request->proxy->vps = vp;
1062 memcpy(vp->vp_strvalue, strippedname->vp_strvalue,
1063 sizeof(vp->vp_strvalue));
1064 vp->length = strippedname->length;
1067 * Do NOT delete Stripped-User-Name.
1072 * If there is no PW_CHAP_CHALLENGE attribute but
1073 * there is a PW_CHAP_PASSWORD we need to add it
1074 * since we can't use the request authenticator
1075 * anymore - we changed it.
1077 if (pairfind(request->proxy->vps, PW_CHAP_PASSWORD) &&
1078 pairfind(request->proxy->vps, PW_CHAP_CHALLENGE) == NULL) {
1079 vp = paircreate(PW_CHAP_CHALLENGE, PW_TYPE_STRING);
1081 radlog(L_ERR|L_CONS, "no memory");
1084 vp->length = AUTH_VECTOR_LEN;
1085 memcpy(vp->vp_strvalue, request->packet->vector, AUTH_VECTOR_LEN);
1086 pairadd(&(request->proxy->vps), vp);
1090 * The RFC's say we have to do this, but FreeRADIUS
1093 vp = paircreate(PW_PROXY_STATE, PW_TYPE_STRING);
1095 radlog(L_ERR|L_CONS, "no memory");
1098 sprintf(vp->vp_strvalue, "%d", request->packet->id);
1099 vp->length = strlen(vp->vp_strvalue);
1101 pairadd(&request->proxy->vps, vp);
1104 * Should be done BEFORE inserting into proxy hash, as
1105 * pre-proxy may use this information, or change it.
1107 request->proxy->code = request->packet->code;
1108 request->proxy->dst_ipaddr = home->ipaddr;
1109 request->proxy->dst_port = home->port;
1110 request->home_server = home;
1113 * Call the pre-proxy routines.
1115 vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE);
1117 DEBUG2(" Found Pre-Proxy-Type %s", vp->vp_strvalue);
1118 pre_proxy_type = vp->vp_integer;
1120 rcode = module_pre_proxy(pre_proxy_type, request);
1122 case RLM_MODULE_FAIL:
1123 case RLM_MODULE_INVALID:
1124 case RLM_MODULE_NOTFOUND:
1125 case RLM_MODULE_REJECT:
1126 case RLM_MODULE_USERLOCK:
1128 /* FIXME: debug print failed stuff */
1129 goto reject_request;
1131 case RLM_MODULE_HANDLED:
1135 * Only proxy the packet if the pre-proxy code succeeded.
1137 case RLM_MODULE_NOOP:
1139 case RLM_MODULE_UPDATED:
1144 * If it's a fake request, don't send the proxy
1145 * packet. The outer tunnel session will take
1146 * care of doing that.
1148 * FIXME: Update the home_server to be NULL?
1150 if (request->packet->dst_port == 0) {
1154 if (!insert_into_proxy_hash(request)) {
1155 DEBUG("ERROR: Failed to proxy request %d", request->number);
1156 goto reject_request;
1159 request->proxy_listener->encode(request->proxy_listener, request);
1161 when = request->received;
1162 when.tv_sec += mainconfig.max_request_time;
1164 gettimeofday(&request->proxy_when, NULL);
1166 request->next_when = request->proxy_when;
1167 request->next_when.tv_sec += home->response_window;
1169 rad_assert(home->response_window > 0);
1171 if (timercmp(&when, &request->next_when, <)) {
1172 request->next_when = when;
1174 request->next_callback = no_response_to_proxied_request;
1176 DEBUG2("Proxying request %d to realm %s, home server %s port %d",
1177 request->number, realmname,
1178 inet_ntop(request->proxy->dst_ipaddr.af,
1179 &request->proxy->dst_ipaddr.ipaddr,
1180 buffer, sizeof(buffer)),
1181 request->proxy->dst_port);
1184 * Note that we set proxied AFTER creating the packet,
1185 * but BEFORE actually sending it.
1187 * Once we send it, the request is tainted, as
1188 * another thread may have picked it up. Don't
1191 request->num_proxied_requests = 1;
1192 request->num_proxied_responses = 0;
1193 request->child_state = REQUEST_PROXIED;
1194 request->proxy_listener->send(request->proxy_listener,
1200 static void request_post_handler(REQUEST *request)
1202 int child_state = -1;
1203 struct timeval when;
1206 if (request->master_state == REQUEST_STOP_PROCESSING) {
1207 DEBUG2("Request %d was cancelled.", request->number);
1208 request->child_state = REQUEST_DONE;
1212 if (request->child_state != REQUEST_RUNNING) {
1213 rad_panic("Internal sanity check failed");
1216 if ((request->reply->code == 0) &&
1217 ((vp = pairfind(request->config_items, PW_AUTH_TYPE)) != NULL) &&
1218 (vp->vp_integer == PW_AUTHTYPE_REJECT)) {
1219 request->reply->code = PW_AUTHENTICATION_REJECT;
1222 if (mainconfig.proxy_requests &&
1223 (request->packet->code != PW_STATUS_SERVER) &&
1224 (request->reply->code == 0) &&
1226 successfully_proxied_request(request)) {
1231 * Fake requests don't get encoded or signed. The caller
1232 * also requires the reply VP's, so we don't free them
1235 if (request->packet->dst_port == 0) {
1236 /* FIXME: DEBUG going to the next request */
1237 request->child_state = REQUEST_DONE;
1242 * Copy Proxy-State from the request to the reply.
1244 vp = paircopy2(request->packet->vps, PW_PROXY_STATE);
1245 if (vp) pairadd(&request->reply->vps, vp);
1248 * Access-Requests get delayed or cached.
1250 if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
1251 gettimeofday(&request->next_when, NULL);
1253 if (request->reply->code == 0) {
1254 DEBUG2("There was no response configured: rejecting request %d",
1256 request->reply->code = PW_AUTHENTICATION_REJECT;
1260 * Run rejected packets through
1262 * Post-Auth-Type = Reject
1264 if (request->reply->code == PW_AUTHENTICATION_REJECT) {
1265 vp = pairmake("Post-Auth-Type", "Reject", T_OP_SET);
1267 pairdelete(&request->config_items, PW_POST_AUTH_TYPE);
1268 pairadd(&request->config_items, vp);
1269 rad_postauth(request);
1270 } /* else no Reject section defined */
1273 * If configured, delay Access-Reject packets.
1275 * If mainconfig.reject_delay = 0, we discover
1276 * that we have to send the packet now.
1278 when = request->received;
1279 when.tv_sec += mainconfig.reject_delay;
1281 if (timercmp(&when, &request->next_when, >)) {
1282 DEBUG2("Delaying reject of request %d for %d seconds",
1284 mainconfig.reject_delay);
1285 request->next_when = when;
1286 request->next_callback = reject_delay;
1287 request->child_state = REQUEST_REJECT_DELAY;
1292 request->next_when.tv_sec += mainconfig.cleanup_delay;
1293 request->next_callback = cleanup_delay;
1294 child_state = REQUEST_CLEANUP_DELAY;
1296 } else if (request->packet->code == PW_ACCOUNTING_REQUEST) {
1297 request->next_callback = NULL; /* just to be safe */
1298 child_state = REQUEST_DONE;
1301 * FIXME: Status-Server should probably not be
1304 } else if (request->packet->code == PW_STATUS_SERVER) {
1305 request->next_callback = NULL;
1306 child_state = REQUEST_DONE;
1309 rad_panic("Unknown packet type");
1313 * Encode, sign, and send. The accounting request
1314 * handler takes care of suppressing responses when
1315 * request->reply->code == 0.
1317 request->listener->send(request->listener, request);
1320 * Clean up. These are no longer needed.
1322 pairfree(&request->config_items);
1324 pairfree(&request->packet->vps);
1325 request->username = NULL;
1326 request->password = NULL;
1328 pairfree(&request->reply->vps);
1330 if (request->proxy) {
1331 pairfree(&request->proxy->vps);
1333 if (request->proxy_reply) {
1334 pairfree(&request->proxy_reply->vps);
1338 DEBUG2("Finished request %d state %d", request->number, child_state);
1340 request->child_state = child_state;
1344 static void received_retransmit(REQUEST *request, const RADCLIENT *client)
1348 RAD_SNMP_TYPE_INC(request->listener, total_dup_requests);
1349 RAD_SNMP_CLIENT_INC(request->listener, client, dup_requests);
1351 switch (request->child_state) {
1352 case REQUEST_QUEUED:
1353 case REQUEST_RUNNING:
1355 radlog(L_ERR, "Discarding duplicate request from "
1356 "client %s port %d - ID: %d due to unfinished request %d",
1358 request->packet->src_port,request->packet->id,
1362 case REQUEST_PROXIED:
1364 * We're not supposed to have duplicate
1365 * accounting packets. The other states handle
1366 * duplicates fine (discard, or send duplicate
1367 * reply). But we do NOT want to retransmit an
1368 * accounting request here, because that would
1369 * involve updating the Acct-Delay-Time, and
1370 * therefore changing the packet Id, etc.
1372 * Instead, we just discard the packet. We may
1373 * eventually respond, or the client will send a
1374 * new accounting packet.
1376 if (request->packet->code == PW_ACCOUNTING_REQUEST) {
1380 check_for_zombie_home_server(request);
1383 * If we've just discovered that the home server is
1384 * dead, send the packet to another one.
1386 if ((request->packet->dst_port != 0) &&
1387 (request->home_server->state == HOME_STATE_IS_DEAD)) {
1390 remove_from_proxy_hash(request);
1392 home = home_server_ldb(NULL, request->home_pool, request);
1394 DEBUG2("Failed to find live home server for request %d", request->number);
1397 * FIXME: Run the request through
1398 * Post-Proxy-Type = Fail
1400 * Do post-request processing,
1401 * and any insertion of necessary
1404 request->child_state = REQUEST_RUNNING;
1405 request_post_handler(request);
1406 wait_a_bit(request);
1410 request->proxy->code = request->packet->code;
1411 request->proxy->dst_ipaddr = home->ipaddr;
1412 request->proxy->dst_port = home->port;
1413 request->home_server = home;
1415 if (!insert_into_proxy_hash(request)) {
1416 DEBUG("ERROR: Failed to re-proxy request %d", request->number);
1417 goto no_home_servers;
1421 * Free the old packet, to force re-encoding
1423 free(request->proxy->data);
1424 request->proxy->data = NULL;
1425 request->proxy->data_len = 0;
1427 DEBUG2("RETRY: Proxying request %d to different home server %s port %d",
1429 inet_ntop(request->proxy->dst_ipaddr.af,
1430 &request->proxy->dst_ipaddr.ipaddr,
1431 buffer, sizeof(buffer)),
1432 request->proxy->dst_port);
1435 * Restart timers. Note that we leave
1436 * the old timeout in place, as that is a
1437 * place-holder for when the request
1440 gettimeofday(&request->proxy_when, NULL);
1441 request->num_proxied_requests = 1;
1442 request->num_proxied_responses = 0;
1443 request->child_state = REQUEST_PROXIED;
1444 request->proxy_listener->send(request->proxy_listener,
1447 } /* else the home server is still alive */
1449 DEBUG2("Sending duplicate proxied request to home server %s port %d - ID: %d",
1450 inet_ntop(request->proxy->dst_ipaddr.af,
1451 &request->proxy->dst_ipaddr.ipaddr,
1452 buffer, sizeof(buffer)),
1453 request->proxy->dst_port,
1454 request->proxy->id);
1455 request->num_proxied_requests++;
1456 request->proxy_listener->send(request->proxy_listener,
1460 case REQUEST_REJECT_DELAY:
1461 DEBUG2("Waiting to send Access-Reject "
1462 "to client %s port %d - ID: %d",
1464 request->packet->src_port, request->packet->id);
1467 case REQUEST_CLEANUP_DELAY:
1469 DEBUG2("Sending duplicate reply "
1470 "to client %s port %d - ID: %d",
1472 request->packet->src_port, request->packet->id);
1473 request->listener->send(request->listener, request);
1479 static void received_conflicting_request(REQUEST *request,
1480 const RADCLIENT *client)
1482 radlog(L_ERR, "Received conflicting packet from "
1483 "client %s port %d - ID: %d due to unfinished request %d. Giving up on old request.",
1485 request->packet->src_port, request->packet->id,
1488 switch (request->child_state) {
1489 case REQUEST_QUEUED:
1490 case REQUEST_RUNNING:
1491 request->master_state = REQUEST_STOP_PROCESSING;
1492 request->delay += request->delay >> 1;
1494 tv_add(&request->when, request->delay);
1496 INSERT_EVENT(wait_for_child_to_die, request);
1503 remove_from_request_hash(request);
1506 * The request stays in the event queue. At some point,
1507 * the child will notice, and we can then delete it.
1512 static int can_handle_new_request(RADIUS_PACKET *packet,
1516 * Count the total number of requests, to see if
1517 * there are too many. If so, return with an
1520 if (mainconfig.max_requests) {
1521 int request_count = lrad_packet_list_num_elements(pl);
1524 * This is a new request. Let's see if
1525 * it makes us go over our configured
1528 if (request_count > mainconfig.max_requests) {
1529 radlog(L_ERR, "Dropping request (%d is too many): "
1530 "from client %s port %d - ID: %d", request_count,
1532 packet->src_port, packet->id);
1533 radlog(L_INFO, "WARNING: Please check the %s file.\n"
1534 "\tThe value for 'max_requests' is probably set too low.\n", mainconfig.radiusd_conf);
1536 } /* else there were a small number of requests */
1537 } /* else there was no configured limit for requests */
1540 * FIXME: Add per-client checks. If one client is sending
1541 * too many packets, start discarding them.
1543 * We increment the counters here, and decrement them
1544 * when the response is sent... somewhere in this file.
1548 * FUTURE: Add checks for system load. If the system is
1549 * busy, start dropping requests...
1551 * We can probably keep some statistics ourselves... if
1552 * there are more requests coming in than we can handle,
1553 * start dropping some.
1560 int received_request(rad_listen_t *listener,
1561 RADIUS_PACKET *packet, REQUEST **prequest,
1564 RADIUS_PACKET **packet_p;
1565 REQUEST *request = NULL;
1567 packet_p = lrad_packet_list_find(pl, packet);
1569 request = lrad_packet2myptr(REQUEST, packet, packet_p);
1571 if (memcmp(request->packet->vector, packet->vector,
1572 sizeof(packet->vector)) == 0) {
1573 received_retransmit(request, client);
1578 * The new request is different from the old one,
1579 * but maybe the old is finished. If so, delete
1582 switch (request->child_state) {
1584 received_conflicting_request(request, client);
1588 case REQUEST_REJECT_DELAY:
1589 case REQUEST_CLEANUP_DELAY:
1590 request->child_state = REQUEST_DONE;
1592 cleanup_delay(request);
1601 * We may want to quench the new request.
1603 if (!can_handle_new_request(packet, client)) {
1608 * Create and initialize the new request.
1610 request = request_alloc(); /* never fails */
1612 if ((request->reply = rad_alloc(0)) == NULL) {
1613 radlog(L_ERR, "No memory");
1617 request->listener = listener;
1618 request->packet = packet;
1619 request->packet->timestamp = request->timestamp;
1620 request->number = request_num_counter++;
1621 strlcpy(request->secret, client->secret, sizeof(request->secret));
1624 * Remember the request in the list.
1626 if (!lrad_packet_list_insert(pl, &request->packet)) {
1627 radlog(L_ERR, "Failed to insert request %d in the list of live requests: discarding", request->number);
1628 request_free(&request);
1631 request->in_request_hash = TRUE;
1634 * The request passes many of our sanity checks.
1635 * From here on in, if anything goes wrong, we
1636 * send a reject message, instead of dropping the
1641 * Build the reply template from the request.
1644 request->reply->sockfd = request->packet->sockfd;
1645 request->reply->dst_ipaddr = request->packet->src_ipaddr;
1646 request->reply->src_ipaddr = request->packet->dst_ipaddr;
1647 request->reply->dst_port = request->packet->src_port;
1648 request->reply->src_port = request->packet->dst_port;
1649 request->reply->id = request->packet->id;
1650 request->reply->code = 0; /* UNKNOWN code */
1651 memcpy(request->reply->vector, request->packet->vector,
1652 sizeof(request->reply->vector));
1653 request->reply->vps = NULL;
1654 request->reply->data = NULL;
1655 request->reply->data_len = 0;
1657 request->master_state = REQUEST_ACTIVE;
1658 request->child_state = REQUEST_QUEUED;
1659 request->next_callback = NULL;
1661 gettimeofday(&request->received, NULL);
1662 request->when = request->received;
1663 request->delay = USEC / 10;
1665 tv_add(&request->when, request->delay);
1667 INSERT_EVENT(wait_a_bit, request);
1669 *prequest = request;
1674 REQUEST *received_proxy_response(RADIUS_PACKET *packet)
1680 if (!home_server_find(&packet->src_ipaddr, packet->src_port)) {
1681 radlog(L_ERR, "Ignoring request from unknown home server %s port %d",
1682 inet_ntop(packet->src_ipaddr.af,
1683 &packet->src_ipaddr.ipaddr,
1684 buffer, sizeof(buffer)),
1691 * Also removes from the proxy hash if responses == requests
1693 request = lookup_in_proxy_hash(packet);
1696 radlog(L_PROXY, "No outstanding request was found for proxy reply from home server %s port %d - ID %d",
1697 inet_ntop(packet->src_ipaddr.af,
1698 &packet->src_ipaddr.ipaddr,
1699 buffer, sizeof(buffer)),
1700 packet->src_port, packet->id);
1705 home = request->home_server;
1707 gettimeofday(&now, NULL);
1708 home->state = HOME_STATE_ALIVE;
1710 if (request->reply && request->reply->code != 0) {
1711 DEBUG2("We already replied to this request. Discarding response from home server.");
1717 * We had previously received a reply, so we don't need
1718 * to do anything here.
1720 if (request->proxy_reply) {
1721 if (memcmp(request->proxy_reply->vector,
1723 sizeof(request->proxy_reply->vector)) == 0) {
1724 DEBUG2("Discarding duplicate reply from home server %s port %d - ID: %d for request %d",
1725 inet_ntop(packet->src_ipaddr.af,
1726 &packet->src_ipaddr.ipaddr,
1727 buffer, sizeof(buffer)),
1728 packet->src_port, packet->id,
1732 * ? The home server gave us a new proxy
1733 * reply, which doesn't match the old
1736 DEBUG2("Ignoring conflicting proxy reply");
1739 /* assert that there's an event queued for request? */
1744 switch (request->child_state) {
1745 case REQUEST_QUEUED:
1746 case REQUEST_RUNNING:
1747 rad_panic("Internal sanity check failed for child state");
1750 case REQUEST_REJECT_DELAY:
1751 case REQUEST_CLEANUP_DELAY:
1753 radlog(L_ERR, "Reply from home server %s port %d - ID: %d arrived too late for request %d. Try increasing 'retry_delay' or 'max_request_time'",
1754 inet_ntop(packet->src_ipaddr.af,
1755 &packet->src_ipaddr.ipaddr,
1756 buffer, sizeof(buffer)),
1757 packet->src_port, packet->id,
1759 /* assert that there's an event queued for request? */
1763 case REQUEST_PROXIED:
1767 request->proxy_reply = packet;
1771 * Perform RTT calculations, as per RFC 2988 (for TCP).
1772 * Note that we do so only if we sent one request, and
1773 * received one response. If we sent two requests, we
1774 * have no idea if the response is for the first, or for
1775 * the second request/
1777 if (request->num_proxied_requests == 1) {
1779 home_server *home = request->home_server;
1781 rtt = now.tv_sec - request->proxy_when.tv_sec;
1784 rtt -= request->proxy_when.tv_usec;
1786 if (!home->has_rtt) {
1787 home->has_rtt = TRUE;
1790 home->rttvar = rtt / 2;
1793 home->rttvar -= home->rttvar >> 2;
1794 home->rttvar += (home->srtt - rtt);
1795 home->srtt -= home->srtt >> 3;
1796 home->srtt += rtt >> 3;
1799 home->rto = home->srtt;
1800 if (home->rttvar > (USEC / 4)) {
1801 home->rto += home->rttvar * 4;
1809 * There's no incoming request, so it's a proxied packet
1812 if (!request->packet) {
1813 received_response_to_ping(request);
1817 request->child_state = REQUEST_QUEUED;
1818 request->when = now;
1819 request->delay = USEC / 10;
1820 tv_add(&request->when, request->delay);
1823 * Wait a bit will take care of max_request_time
1825 INSERT_EVENT(wait_a_bit, request);
1832 * Externally-visibly functions.
1834 int radius_event_init(int spawn_flag)
1840 el = lrad_event_list_create();
1843 pl = lrad_packet_list_create(0);
1846 request_num_counter = 0;
1849 * Move all of the thread calls to this file?
1851 * It may be best for the mutexes to be in this file...
1853 have_children = spawn_flag;
1855 if (mainconfig.proxy_requests) {
1857 rad_listen_t *listener;
1860 * Create the tree for managing proxied requests and
1863 proxy_list = lrad_packet_list_create(1);
1864 if (!proxy_list) return 0;
1866 #ifdef HAVE_PTHREAD_H
1867 if (pthread_mutex_init(&proxy_mutex, NULL) != 0) {
1868 radlog(L_ERR, "FATAL: Failed to initialize proxy mutex: %s",
1875 * Mark the Fd's as unused.
1877 for (i = 0; i < 32; i++) proxy_fds[i] = -1;
1881 for (listener = mainconfig.listen;
1883 listener = listener->next) {
1884 if (listener->type == RAD_LISTEN_PROXY) {
1886 * FIXME: This works only because we
1887 * start off with one proxy socket.
1889 rad_assert(proxy_fds[listener->fd & 0x1f] == -1);
1890 rad_assert(proxy_listeners[listener->fd & 0x1f] == NULL);
1892 proxy_fds[listener->fd & 0x1f] = listener->fd;
1893 proxy_listeners[listener->fd & 0x1f] = listener;
1894 if (!lrad_packet_list_socket_add(proxy_list, listener->fd)) {
1901 if (mainconfig.proxy_requests) rad_assert(i >= 0);
1904 thread_pool_init(spawn_flag);
1910 static int request_hash_cb(void *ctx, void *data)
1912 ctx = ctx; /* -Wunused */
1913 REQUEST *request = lrad_packet2myptr(REQUEST, packet, data);
1915 rad_assert(request->in_proxy_hash == FALSE);
1917 lrad_event_delete(el, &request->ev);
1918 remove_from_request_hash(request);
1919 request_free(&request);
1925 static int proxy_hash_cb(void *ctx, void *data)
1927 ctx = ctx; /* -Wunused */
1928 REQUEST *request = lrad_packet2myptr(REQUEST, proxy, data);
1930 lrad_packet_list_yank(proxy_list, request->proxy);
1931 request->in_proxy_hash = FALSE;
1933 if (!request->in_request_hash) {
1934 lrad_event_delete(el, &request->ev);
1935 request_free(&request);
1942 void radius_event_free(void)
1945 * FIXME: Stop all threads, or at least check that
1946 * they're all waiting on the semaphore, and the queues
1951 * There are requests in the proxy hash that aren't
1952 * referenced from anywhere else. Remove them first.
1955 PTHREAD_MUTEX_LOCK(&proxy_mutex);
1956 lrad_packet_list_walk(proxy_list, NULL, proxy_hash_cb);
1957 PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
1958 lrad_packet_list_free(proxy_list);
1962 lrad_packet_list_walk(pl, NULL, request_hash_cb);
1964 lrad_packet_list_free(pl);
1967 lrad_event_list_free(el);
1970 int radius_event_process(struct timeval **pptv)
1973 struct timeval when;
1977 if (lrad_event_list_num_elements(el) == 0) {
1982 gettimeofday(&now, NULL);
1986 rcode = lrad_event_run(el, &when);
1987 } while (rcode == 1);
1989 gettimeofday(&now, NULL);
1991 if ((when.tv_sec == 0) && (when.tv_usec == 0)) {
1992 if (lrad_event_list_num_elements(el) == 0) {
1996 rad_panic("Internal sanity check failed");
1998 } else if (timercmp(&now, &when, >)) {
1999 DEBUG3("Event in the past... compensating");
2004 when.tv_sec -= now.tv_sec;
2005 when.tv_usec -= now.tv_usec;
2006 if (when.tv_usec < 0) {
2008 when.tv_usec += USEC;
2016 void radius_handle_request(REQUEST *request, RAD_REQUEST_FUNP fun)
2018 if (!request_pre_handler(request)) {
2019 DEBUG2("Going to the next request at X");
2023 rad_assert(fun != NULL);
2024 rad_assert(request != NULL);
2028 request_post_handler(request);
2029 DEBUG2("Going to the next request");