2 * realms.c Realm handling code
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2007 The FreeRADIUS server project
21 * Copyright 2007 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/rad_assert.h>
35 static rbtree_t *realms_byname = NULL;
37 static rbtree_t *home_servers_byaddr = NULL;
38 static rbtree_t *home_servers_byname = NULL;
40 static rbtree_t *home_pools_byname = NULL;
42 static int realm_name_cmp(const void *one, const void *two)
47 return strcasecmp(a->name, b->name);
51 static int home_server_name_cmp(const void *one, const void *two)
53 const home_server *a = one;
54 const home_server *b = two;
56 if (a->type < b->type) return -1;
57 if (a->type > b->type) return +1;
59 return strcasecmp(a->name, b->name);
62 static int home_server_addr_cmp(const void *one, const void *two)
64 const home_server *a = one;
65 const home_server *b = two;
67 if (a->port < b->port) return -1;
68 if (a->port > b->port) return +1;
70 return lrad_ipaddr_cmp(&a->ipaddr, &b->ipaddr);
74 static int home_pool_name_cmp(const void *one, const void *two)
76 const home_pool_t *a = one;
77 const home_pool_t *b = two;
79 if (a->server_type < b->server_type) return -1;
80 if (a->server_type > b->server_type) return +1;
82 return strcasecmp(a->name, b->name);
86 void realms_free(void)
88 rbtree_free(home_servers_byname);
89 home_servers_byname = NULL;
91 rbtree_free(home_servers_byaddr);
92 home_servers_byaddr = NULL;
94 rbtree_free(home_pools_byname);
95 home_pools_byname = NULL;
97 rbtree_free(realms_byname);
102 int realms_init(CONF_SECTION *config)
106 if (realms_byname) return 1;
108 realms_byname = rbtree_create(realm_name_cmp, free, 0);
109 if (!realms_byname) {
114 home_servers_byaddr = rbtree_create(home_server_addr_cmp, free, 0);
115 if (!home_servers_byaddr) {
120 home_servers_byname = rbtree_create(home_server_name_cmp, NULL, 0);
121 if (!home_servers_byname) {
126 home_pools_byname = rbtree_create(home_pool_name_cmp, free, 0);
127 if (!home_pools_byname) {
132 for (cs = cf_subsection_find_next(config, NULL, "realm");
134 cs = cf_subsection_find_next(config, cs, "realm")) {
135 if (!realm_add(cs)) {
144 static struct in_addr hs_ip4addr;
145 static struct in6_addr hs_ip6addr;
146 static char *hs_type = NULL;
147 static char *hs_check = NULL;
149 static CONF_PARSER home_server_config[] = {
150 { "ipaddr", PW_TYPE_IPADDR,
151 0, &hs_ip4addr, NULL },
152 { "ipv6addr", PW_TYPE_IPV6ADDR,
153 0, &hs_ip6addr, NULL },
155 { "port", PW_TYPE_INTEGER,
156 offsetof(home_server,port), NULL, "0" },
158 { "type", PW_TYPE_STRING_PTR,
161 { "secret", PW_TYPE_STRING_PTR,
162 offsetof(home_server,secret), NULL, NULL},
164 { "response_window", PW_TYPE_INTEGER,
165 offsetof(home_server,response_window), NULL, "30" },
166 { "max_outstanding", PW_TYPE_INTEGER,
167 offsetof(home_server,max_outstanding), NULL, "65536" },
169 { "zombie_period", PW_TYPE_INTEGER,
170 offsetof(home_server,zombie_period), NULL, "40" },
171 { "status_check", PW_TYPE_STRING_PTR,
172 0, &hs_check, "none" },
173 { "ping_check", PW_TYPE_STRING_PTR,
174 0, &hs_check, "none" },
176 { "ping_interval", PW_TYPE_INTEGER,
177 offsetof(home_server,ping_interval), NULL, "30" },
178 { "check_interval", PW_TYPE_INTEGER,
179 offsetof(home_server,ping_interval), NULL, "30" },
180 { "num_answers_to_alive", PW_TYPE_INTEGER,
181 offsetof(home_server,num_pings_to_alive), NULL, "3" },
182 { "num_pings_to_alive", PW_TYPE_INTEGER,
183 offsetof(home_server,num_pings_to_alive), NULL, "3" },
184 { "revive_interval", PW_TYPE_INTEGER,
185 offsetof(home_server,revive_interval), NULL, "300" },
186 { "status_check_timeout", PW_TYPE_INTEGER,
187 offsetof(home_server,ping_timeout), NULL, "4" },
189 { "username", PW_TYPE_STRING_PTR,
190 offsetof(home_server,ping_user_name), NULL, NULL},
191 { "password", PW_TYPE_STRING_PTR,
192 offsetof(home_server,ping_user_password), NULL, NULL},
194 { NULL, -1, 0, NULL, NULL } /* end the list */
199 static int home_server_add(CONF_SECTION *cs, int type)
205 name2 = cf_section_name1(cs);
206 if (!name2 || (strcasecmp(name2, "home_server") != 0)) {
207 cf_log_err(cf_sectiontoitem(cs),
208 "Section is not a home_server.");
212 name2 = cf_section_name2(cs);
214 cf_log_err(cf_sectiontoitem(cs),
215 "Home server section is missing a name.");
219 home = rad_malloc(sizeof(*home));
220 memset(home, 0, sizeof(*home));
224 memset(&hs_ip4addr, 0, sizeof(hs_ip4addr));
225 memset(&hs_ip6addr, 0, sizeof(hs_ip6addr));
226 cf_section_parse(cs, home, home_server_config);
228 if ((htonl(hs_ip4addr.s_addr) == INADDR_NONE) &&
229 IN6_IS_ADDR_UNSPECIFIED(&hs_ip6addr)) {
230 cf_log_err(cf_sectiontoitem(cs),
231 "No IPv4 or IPv6 address defined for home server %s.",
242 * Figure out which one to use.
244 * FIXME: Set hostname to something?
246 if (htonl(hs_ip4addr.s_addr) != INADDR_NONE) {
247 home->ipaddr.af = AF_INET;
248 home->ipaddr.ipaddr.ip4addr = hs_ip4addr;
250 } else if (!IN6_IS_ADDR_UNSPECIFIED(&hs_ip6addr)) {
251 home->ipaddr.af = AF_INET6;
252 home->ipaddr.ipaddr.ip6addr = hs_ip6addr;
255 cf_log_err(cf_sectiontoitem(cs),
256 "Internal sanity check failed for home server %s.",
266 if (!home->port || (home->port > 65535)) {
267 cf_log_err(cf_sectiontoitem(cs),
268 "No port, or invalid port defined for home server %s.",
279 cf_log_err(cf_sectiontoitem(cs),
280 "Fatal error! Home server %s is ourselves!",
290 if (strcasecmp(hs_type, "auth") == 0) {
291 home->type = HOME_TYPE_AUTH;
292 if (type != home->type) {
293 cf_log_err(cf_sectiontoitem(cs),
294 "Server pool of \"acct\" servers cannot include home server %s of type \"auth\"",
300 } else if (strcasecmp(hs_type, "acct") == 0) {
301 home->type = HOME_TYPE_ACCT;
302 if (type != home->type) {
303 cf_log_err(cf_sectiontoitem(cs),
304 "Server pool of \"auth\" servers cannot include home server %s of type \"acct\"",
310 } else if (strcasecmp(hs_type, "auth+acct") == 0) {
311 home->type = HOME_TYPE_AUTH;
315 cf_log_err(cf_sectiontoitem(cs),
316 "Invalid type \"%s\" for home server %s.",
329 cf_log_err(cf_sectiontoitem(cs),
330 "No shared secret defined for home server %s.",
336 if (strcasecmp(hs_check, "none") == 0) {
337 home->ping_check = HOME_PING_CHECK_NONE;
339 } else if (strcasecmp(hs_check, "status-server") == 0) {
340 home->ping_check = HOME_PING_CHECK_STATUS_SERVER;
342 } else if (strcasecmp(hs_check, "request") == 0) {
343 home->ping_check = HOME_PING_CHECK_REQUEST;
346 cf_log_err(cf_sectiontoitem(cs),
347 "Invalid ping_check \"%s\" for home server %s.",
357 if ((home->ping_check != HOME_PING_CHECK_NONE) &&
358 (home->ping_check != HOME_PING_CHECK_STATUS_SERVER)) {
359 if (!home->ping_user_name) {
360 cf_log_err(cf_sectiontoitem(cs), "You must supply a user name to enable ping checks");
365 if ((home->type == HOME_TYPE_AUTH) &&
366 !home->ping_user_password) {
367 cf_log_err(cf_sectiontoitem(cs), "You must supply a password to enable ping checks");
373 if (rbtree_finddata(home_servers_byaddr, home)) {
374 DEBUG2("Ignoring duplicate home server %s.", name2);
378 if (!rbtree_insert(home_servers_byname, home)) {
379 cf_log_err(cf_sectiontoitem(cs),
380 "Internal error adding home server %s.",
386 if (!rbtree_insert(home_servers_byaddr, home)) {
387 rbtree_deletebydata(home_servers_byname, home);
388 cf_log_err(cf_sectiontoitem(cs),
389 "Internal error adding home server %s.",
395 if (home->response_window < 5) home->response_window = 5;
396 if (home->response_window > 60) home->response_window = 60;
398 if (home->max_outstanding < 8) home->max_outstanding = 8;
399 if (home->max_outstanding > 65536*16) home->max_outstanding = 65536*16;
401 if (home->ping_interval < 6) home->ping_interval = 6;
402 if (home->ping_interval > 120) home->ping_interval = 120;
404 if (home->zombie_period < 20) home->zombie_period = 20;
405 if (home->zombie_period > 120) home->zombie_period = 120;
407 if (home->zombie_period < home->response_window) {
408 home->zombie_period = home->response_window;
411 if (home->num_pings_to_alive < 3) home->num_pings_to_alive = 3;
412 if (home->num_pings_to_alive > 10) home->num_pings_to_alive = 10;
414 if (home->ping_timeout < 3) home->ping_timeout = 3;
415 if (home->ping_timeout > 10) home->ping_timeout = 10;
417 if (home->revive_interval < 60) home->revive_interval = 60;
418 if (home->revive_interval > 3600) home->revive_interval = 3600;
421 home_server *home2 = rad_malloc(sizeof(*home2));
423 memcpy(home2, home, sizeof(*home2));
425 home2->type = HOME_TYPE_ACCT;
427 home2->ping_user_password = NULL;
429 if (!rbtree_insert(home_servers_byname, home2)) {
430 cf_log_err(cf_sectiontoitem(cs),
431 "Internal error adding home server %s.",
437 if (!rbtree_insert(home_servers_byaddr, home2)) {
438 rbtree_deletebydata(home_servers_byname, home2);
439 cf_log_err(cf_sectiontoitem(cs),
440 "Internal error adding home server %s.",
451 static int server_pool_add(CONF_SECTION *cs, int server_type, int do_print)
454 home_pool_t *pool = NULL;
457 int num_home_servers;
459 name2 = cf_section_name1(cs);
460 if (!name2 || (strcasecmp(name2, "server_pool") != 0)) {
461 cf_log_err(cf_sectiontoitem(cs),
462 "Section is not a server_pool.");
466 name2 = cf_section_name2(cs);
468 cf_log_err(cf_sectiontoitem(cs),
469 "Server pool section is missing a name.");
474 * Count the home servers and initalize them.
476 num_home_servers = 0;
477 for (cp = cf_pair_find(cs, "home_server");
479 cp = cf_pair_find_next(cs, cp, "home_server")) {
480 home_server myhome, *home;
481 CONF_SECTION *server_cs;
485 value = cf_pair_value(cp);
487 cf_log_err(cf_pairtoitem(cp),
488 "No value given for home_server.");
493 myhome.type = server_type;
494 home = rbtree_finddata(home_servers_byname, &myhome);
497 server_cs = cf_section_sub_find_name2(mainconfig.config,
501 cf_log_err(cf_pairtoitem(cp),
502 "Unknown home_server \"%s\".",
507 if (!home_server_add(server_cs, server_type)) {
511 home = rbtree_finddata(home_servers_byname, &myhome);
513 radlog(L_ERR, "Internal sanity check failed %d",
519 if (num_home_servers == 0) {
520 cf_log_err(cf_sectiontoitem(cs),
521 "No home servers defined in pool %s",
526 pool = rad_malloc(sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
527 memset(pool, 0, sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
529 pool->type = HOME_POOL_FAIL_OVER;
531 pool->server_type = server_type;
533 if (do_print) DEBUG2(" server_pool %s {", name2);
535 cp = cf_pair_find(cs, "type");
537 static LRAD_NAME_NUMBER pool_types[] = {
538 { "load-balance", HOME_POOL_LOAD_BALANCE },
539 { "fail-over", HOME_POOL_FAIL_OVER },
540 { "round_robin", HOME_POOL_LOAD_BALANCE },
541 { "fail_over", HOME_POOL_FAIL_OVER },
542 { "client-balance", HOME_POOL_CLIENT_BALANCE },
543 { "client-port-balance", HOME_POOL_CLIENT_PORT_BALANCE },
544 { "keyed-balance", HOME_POOL_KEYED_BALANCE },
548 value = cf_pair_value(cp);
550 cf_log_err(cf_pairtoitem(cp),
551 "No value given for type.");
555 pool->type = lrad_str2int(pool_types, value, 0);
557 cf_log_err(cf_pairtoitem(cp),
558 "Unknown type \"%s\".",
563 if (do_print) DEBUG2("\ttype = %s", value);
566 for (cp = cf_pair_find(cs, "home_server");
568 cp = cf_pair_find_next(cs, cp, "home_server")) {
569 home_server myhome, *home;
571 value = cf_pair_value(cp);
573 cf_log_err(cf_pairtoitem(cp),
574 "No value given for home_server.");
579 myhome.type = server_type;
581 home = rbtree_finddata(home_servers_byname, &myhome);
583 DEBUG2("Internal sanity check failed");
588 DEBUG2("Warning: Duplicate home server %s in server pool %s", home->name, pool->name);
592 if (do_print) DEBUG2("\thome_server = %s", home->name);
593 pool->servers[pool->num_home_servers] = home;
594 pool->num_home_servers++;
595 } /* loop over home_server's */
597 if (!rbtree_insert(home_pools_byname, pool)) {
598 rad_assert("Internal sanity check failed");
602 if (do_print) DEBUG2(" }");
604 rad_assert(pool->server_type != 0);
609 if (do_print) DEBUG2(" }");
615 static int old_server_add(CONF_SECTION *cs, const char *realm,
616 const char *name, const char *secret,
617 home_pool_type_t ldflag, home_pool_t **pool_p,
620 int i, insert_point, num_home_servers;
621 home_server myhome, *home;
622 home_pool_t mypool, *pool;
626 * LOCAL realms get sanity checked, and nothing else happens.
628 if (strcmp(name, "LOCAL") == 0) {
630 cf_log_err(cf_sectiontoitem(cs), "Realm \"%s\" cannot be both LOCAL and remote", name);
637 mypool.server_type = type;
638 pool = rbtree_finddata(home_pools_byname, &mypool);
640 if (pool->type != ldflag) {
641 cf_log_err(cf_sectiontoitem(cs), "Inconsistent ldflag for server pool \"%s\"", name);
645 if (pool->server_type != type) {
646 cf_log_err(cf_sectiontoitem(cs), "Inconsistent home server type for server pool \"%s\"", name);
653 home = rbtree_finddata(home_servers_byname, &myhome);
655 if (strcmp(home->secret, secret) != 0) {
656 cf_log_err(cf_sectiontoitem(cs), "Inconsistent shared secret for home server \"%s\"", name);
660 if (home->type != type) {
661 cf_log_err(cf_sectiontoitem(cs), "Inconsistent type for home server \"%s\"", name);
666 * See if the home server is already listed
667 * in the pool. If so, do nothing else.
669 if (pool) for (i = 0; i < pool->num_home_servers; i++) {
670 if (pool->servers[i] == home) {
677 * If we do have a pool, check that there is room to
678 * insert the home server we've found, or the one that we
681 * Note that we insert it into the LAST available
682 * position, in order to maintain the same order as in
683 * the configuration files.
687 for (i = pool->num_home_servers - 1; i >= 0; i--) {
688 if (pool->servers[i]) break;
690 if (!pool->servers[i]) {
695 if (insert_point < 0) {
696 cf_log_err(cf_sectiontoitem(cs), "No room in pool to add home server \"%s\". Please update the realm configuration to use the new-style home servers and server pools.", name);
702 * No home server, allocate one.
708 home = rad_malloc(sizeof(*home));
709 memset(home, 0, sizeof(*home));
712 home->hostname = name;
714 home->secret = secret;
716 p = strchr(name, ':');
718 if (type == HOME_TYPE_AUTH) {
719 home->port = PW_AUTH_UDP_PORT;
721 home->port = PW_ACCT_UDP_PORT;
727 } else if (p == name) {
728 cf_log_err(cf_sectiontoitem(cs),
729 "Invalid hostname %s.",
735 home->port = atoi(p + 1);
736 if ((home->port == 0) || (home->port > 65535)) {
737 cf_log_err(cf_sectiontoitem(cs),
744 q = rad_malloc((p - name) + 1);
745 memcpy(q, name, (p - name));
750 if (ip_hton(p, AF_UNSPEC, &home->ipaddr) < 0) {
751 cf_log_err(cf_sectiontoitem(cs),
752 "Failed looking up hostname %s.",
761 * Use the old-style configuration.
763 home->max_outstanding = 65535*16;
764 home->zombie_period = mainconfig.proxy_retry_delay * mainconfig.proxy_retry_count;
765 if (home->zombie_period == 0) home->zombie_period =30;
766 home->response_window = home->zombie_period - 1;
768 home->ping_check = HOME_PING_CHECK_NONE;
770 home->revive_interval = mainconfig.proxy_dead_time;
772 if (rbtree_finddata(home_servers_byaddr, home)) {
773 cf_log_err(cf_sectiontoitem(cs), "Home server %s has the same IP address and/or port as another home server.", name);
778 if (!rbtree_insert(home_servers_byname, home)) {
779 cf_log_err(cf_sectiontoitem(cs), "Internal error adding home server %s.", name);
784 if (!rbtree_insert(home_servers_byaddr, home)) {
785 rbtree_deletebydata(home_servers_byname, home);
786 cf_log_err(cf_sectiontoitem(cs), "Internal error adding home server %s.", name);
793 * We now have a home server, see if we can insert it
794 * into pre-existing pool.
796 if (insert_point >= 0) {
797 rad_assert(pool != NULL);
798 pool->servers[insert_point] = home;
802 rad_assert(pool == NULL);
803 rad_assert(home != NULL);
806 * Count the old-style realms of this name.
808 num_home_servers = 0;
809 for (subcs = cf_subsection_find_next(cs, NULL, "realm");
811 subcs = cf_subsection_find_next(cs, subcs, "realm")) {
812 const char *this = cf_section_name2(subcs);
814 if (!this || (strcmp(this, realm) != 0)) continue;
818 pool = rad_malloc(sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
819 memset(pool, 0, sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
823 pool->server_type = type;
824 pool->num_home_servers = num_home_servers;
825 pool->servers[0] = home;
827 if (!rbtree_insert(home_pools_byname, pool)) {
828 rad_assert("Internal sanity check failed");
837 static int old_realm_config(CONF_SECTION *cs, REALM *r)
840 const char *secret = NULL;
841 home_pool_type_t ldflag;
844 cp = cf_pair_find(cs, "ldflag");
845 ldflag = HOME_POOL_FAIL_OVER;
847 host = cf_pair_value(cp);
849 cf_log_err(cf_pairtoitem(cp), "No value specified for ldflag");
853 if (strcasecmp(host, "fail_over") == 0) {
854 DEBUG2("\tldflag = fail_over");
856 } else if (strcasecmp(host, "round_robin") == 0) {
857 ldflag = HOME_POOL_LOAD_BALANCE;
858 DEBUG2("\tldflag = round_robin");
861 cf_log_err(cf_sectiontoitem(cs), "Unknown value \"%s\" for ldflag", host);
864 } /* else don't print it. */
867 * Allow old-style if it doesn't exist, or if it exists and
870 cp = cf_pair_find(cs, "authhost");
872 host = cf_pair_value(cp);
874 cf_log_err(cf_pairtoitem(cp), "No value specified for authhost");
878 if (strcmp(host, "LOCAL") != 0) {
879 cp = cf_pair_find(cs, "secret");
881 cf_log_err(cf_sectiontoitem(cs), "No shared secret supplied for realm: %s", r->name);
885 secret = cf_pair_value(cp);
887 cf_log_err(cf_pairtoitem(cp), "No value specified for secret");
892 DEBUG2("\tauthhost = %s", host);
894 if (!old_server_add(cs, r->name, host, secret, ldflag,
895 &r->auth_pool, HOME_TYPE_AUTH)) {
900 cp = cf_pair_find(cs, "accthost");
902 host = cf_pair_value(cp);
904 cf_log_err(cf_pairtoitem(cp), "No value specified for accthost");
909 * Don't look for a secret again if it was found
912 if ((strcmp(host, "LOCAL") != 0) && !secret) {
913 cp = cf_pair_find(cs, "secret");
915 cf_log_err(cf_sectiontoitem(cs), "No shared secret supplied for realm: %s", r->name);
919 secret = cf_pair_value(cp);
921 cf_log_err(cf_pairtoitem(cp), "No value specified for secret");
926 DEBUG2("\taccthost = %s", host);
928 if (!old_server_add(cs, r->name, host, secret, ldflag,
929 &r->acct_pool, HOME_TYPE_ACCT)) {
934 if (secret) DEBUG2("\tsecret = %s", secret);
941 static int add_pool_to_realm(CONF_SECTION *cs,
942 const char *name, home_pool_t **dest,
943 int server_type, int do_print)
945 home_pool_t mypool, *pool;
948 mypool.server_type = server_type;
950 pool = rbtree_finddata(home_pools_byname, &mypool);
952 CONF_SECTION *pool_cs;
954 pool_cs = cf_section_sub_find_name2(mainconfig.config,
958 cf_log_err(cf_sectiontoitem(cs), "Failed to find server_pool \"%s\"", name);
962 if (!server_pool_add(pool_cs, server_type, do_print)) {
966 pool = rbtree_finddata(home_pools_byname, &mypool);
968 radlog(L_ERR, "Internal sanity check failed in add_pool_to_realm");
973 if (pool->server_type != server_type) {
974 cf_log_err(cf_sectiontoitem(cs), "Incompatible server_pool \"%s\" (mixed auth_pool / acct_pool)", name);
983 int realm_add(CONF_SECTION *cs)
988 home_pool_t *auth_pool, *acct_pool;
989 const char *auth_pool_name, *acct_pool_name;
991 name2 = cf_section_name1(cs);
992 if (!name2 || (strcasecmp(name2, "realm") != 0)) {
993 cf_log_err(cf_sectiontoitem(cs), "Section is not a realm.");
997 name2 = cf_section_name2(cs);
999 cf_log_err(cf_sectiontoitem(cs), "Realm section is missing the realm name.");
1003 auth_pool = acct_pool = NULL;
1004 auth_pool_name = acct_pool_name = NULL;
1007 * Prefer new configuration to old one.
1009 cp = cf_pair_find(cs, "pool");
1010 if (cp) auth_pool_name = cf_pair_value(cp);
1011 if (cp && auth_pool_name) {
1012 acct_pool_name = auth_pool_name;
1013 if (!add_pool_to_realm(cs,
1014 auth_pool_name, &auth_pool,
1015 HOME_TYPE_AUTH, 1)) {
1018 if (!add_pool_to_realm(cs,
1019 auth_pool_name, &acct_pool,
1020 HOME_TYPE_ACCT, 0)) {
1025 cp = cf_pair_find(cs, "auth_pool");
1026 if (cp) auth_pool_name = cf_pair_value(cp);
1027 if (cp && auth_pool_name) {
1029 cf_log_err(cf_sectiontoitem(cs), "Cannot use \"pool\" and \"auth_pool\" at the same time.");
1032 if (!add_pool_to_realm(cs,
1033 auth_pool_name, &auth_pool,
1034 HOME_TYPE_AUTH, 1)) {
1039 cp = cf_pair_find(cs, "acct_pool");
1040 if (cp) acct_pool_name = cf_pair_value(cp);
1041 if (cp && acct_pool_name) {
1042 int do_print = TRUE;
1045 cf_log_err(cf_sectiontoitem(cs), "Cannot use \"pool\" and \"acct_pool\" at the same time.");
1050 (strcmp(auth_pool_name, acct_pool_name) != 0)) {
1054 if (!add_pool_to_realm(cs,
1055 acct_pool_name, &acct_pool,
1056 HOME_TYPE_ACCT, do_print)) {
1061 DEBUG2(" realm %s {", name2);
1064 * The realm MAY already exist if it's an old-style realm.
1065 * In that case, merge the old-style realm with this one.
1067 r = realm_find(name2);
1069 if (cf_pair_find(cs, "auth_pool") ||
1070 cf_pair_find(cs, "acct_pool")) {
1071 cf_log_err(cf_sectiontoitem(cs), "Duplicate realm \"%s\"", name2);
1075 if (!old_realm_config(cs, r)) {
1079 DEBUG2(" } # realm %s", name2);
1083 r = rad_malloc(sizeof(*r));
1084 memset(r, 0, sizeof(*r));
1087 r->auth_pool = auth_pool;
1088 r->acct_pool = acct_pool;
1091 if (auth_pool_name &&
1092 (auth_pool_name == acct_pool_name)) { /* yes, ptr comparison */
1093 DEBUG2("\tpool = %s", auth_pool_name);
1095 if (auth_pool_name) DEBUG2("\tauth_pool = %s", auth_pool_name);
1096 if (acct_pool_name) DEBUG2("\tacct_pool = %s", acct_pool_name);
1099 cp = cf_pair_find(cs, "nostrip");
1100 if (cp && (cf_pair_value(cp) == NULL)) {
1102 DEBUG2("\tnostrip");
1106 * We're a new-style realm. Complain if we see the old
1109 if (r->auth_pool || r->acct_pool) {
1110 if (((cp = cf_pair_find(cs, "authhost")) != NULL) ||
1111 ((cp = cf_pair_find(cs, "accthost")) != NULL) ||
1112 ((cp = cf_pair_find(cs, "secret")) != NULL) ||
1113 ((cp = cf_pair_find(cs, "ldflag")) != NULL)) {
1114 DEBUG2("WARNING: Ignoring old-style configuration entry \"%s\" in realm \"%s\"", cf_pair_attr(cp), r->name);
1119 * The realm MAY be an old-style realm, as there
1120 * was no auth_pool or acct_pool. Double-check
1121 * it, just to be safe.
1123 } else if (!old_realm_config(cs, r)) {
1127 if (!rbtree_insert(realms_byname, r)) {
1128 rad_assert("Internal sanity check failed");
1137 DEBUG2(" } # realm %s", name2);
1144 * Find a realm in the REALM list.
1146 REALM *realm_find(const char *name)
1150 if (!name) name = "NULL";
1152 myrealm.name = name;
1153 return rbtree_finddata(realms_byname, &myrealm);
1157 home_server *home_server_ldb(const char *realmname,
1158 home_pool_t *pool, REQUEST *request)
1162 home_server *found = NULL;
1168 * Determine how to pick choose the home server.
1170 switch (pool->type) {
1174 * For load-balancing by client IP address, we
1175 * pick a home server by hashing the client IP.
1177 * This isn't as even a load distribution as
1178 * tracking the State attribute, but it's better
1181 case HOME_POOL_CLIENT_BALANCE:
1182 switch (request->packet->src_ipaddr.af) {
1184 hash = lrad_hash(&request->packet->src_ipaddr.ipaddr.ip4addr,
1185 sizeof(request->packet->src_ipaddr.ipaddr.ip4addr));
1188 hash = lrad_hash(&request->packet->src_ipaddr.ipaddr.ip6addr,
1189 sizeof(request->packet->src_ipaddr.ipaddr.ip6addr));
1195 start = hash % pool->num_home_servers;
1198 case HOME_POOL_CLIENT_PORT_BALANCE:
1199 switch (request->packet->src_ipaddr.af) {
1201 hash = lrad_hash(&request->packet->src_ipaddr.ipaddr.ip4addr,
1202 sizeof(request->packet->src_ipaddr.ipaddr.ip4addr));
1205 hash = lrad_hash(&request->packet->src_ipaddr.ipaddr.ip6addr,
1206 sizeof(request->packet->src_ipaddr.ipaddr.ip6addr));
1212 lrad_hash_update(&request->packet->src_port,
1213 sizeof(request->packet->src_port), hash);
1214 start = hash % pool->num_home_servers;
1217 case HOME_POOL_KEYED_BALANCE:
1218 if ((vp = pairfind(request->config_items, PW_LOAD_BALANCE_KEY)) != NULL) {
1219 hash = lrad_hash(vp->vp_strvalue, vp->length);
1220 start = hash % pool->num_home_servers;
1225 case HOME_POOL_LOAD_BALANCE:
1226 found = pool->servers[0];
1234 * Starting with the home server we chose, loop through
1235 * all home servers. If the current one is dead, skip
1236 * it. If it is too busy, skip it.
1238 * Otherwise, use it.
1240 for (count = 0; count < pool->num_home_servers; count++) {
1241 home_server *home = pool->servers[(start + count) % pool->num_home_servers];
1243 if (home->state == HOME_STATE_IS_DEAD) {
1248 * This home server is too busy. Choose another one.
1250 if (home->currently_outstanding >= home->max_outstanding) {
1254 if (pool->type != HOME_POOL_LOAD_BALANCE) {
1258 DEBUG3("PROXY %s %d\t%s %d",
1259 found->name, found->currently_outstanding,
1260 home->name, home->currently_outstanding);
1263 * Prefer this server if it's less busy than the
1264 * one we previously found.
1266 if (home->currently_outstanding < found->currently_outstanding) {
1267 DEBUG3("Choosing %s: It's less busy than %s",
1268 home->name, found->name);
1274 * Ignore servers which are busier than the one
1277 if (home->currently_outstanding > found->currently_outstanding) {
1278 DEBUG3("Skipping %s: It's busier than %s",
1279 home->name, found->name);
1284 * From the list of servers which have the same
1285 * load, choose one at random.
1287 if (((count + 1) * (lrad_rand() & 0xffff)) < (uint32_t) 0x10000) {
1291 } /* loop over the home servers */
1293 if (found) return found;
1296 * No live match found, and no fallback to the "DEFAULT"
1297 * realm. We fix this by blindly marking all servers as
1298 * "live". But only do it for ones that don't support
1299 * "pings", as they will be marked live when they
1300 * actually are live.
1302 if (!mainconfig.proxy_fallback &&
1303 mainconfig.wake_all_if_all_dead) {
1304 home_server *lb = NULL;
1306 for (count = 0; count < pool->num_home_servers; count++) {
1307 home_server *home = pool->servers[count];
1309 if ((home->state == HOME_STATE_IS_DEAD) &&
1310 (home->ping_check == HOME_PING_CHECK_NONE)) {
1311 home->state = HOME_STATE_ALIVE;
1320 * Still nothing. Look up the DEFAULT realm, but only
1321 * if we weren't looking up the NULL or DEFAULT realms.
1323 if (mainconfig.proxy_fallback &&
1325 (strcmp(realmname, "NULL") != 0) &&
1326 (strcmp(realmname, "DEFAULT") != 0)) {
1327 REALM *rd = realm_find("DEFAULT");
1329 if (!rd) return NULL;
1332 if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
1333 pool = rd->auth_pool;
1335 } else if (request->packet->code == PW_ACCOUNTING_REQUEST) {
1336 pool = rd->acct_pool;
1338 if (!pool) return NULL;
1340 DEBUG2(" Realm %s has no live home servers. Falling back to the DEFAULT realm.", realmname);
1341 return home_server_ldb(rd->name, pool, request);
1345 * Still haven't found anything. Oh well.
1351 home_server *home_server_find(lrad_ipaddr_t *ipaddr, int port)
1355 myhome.ipaddr = *ipaddr;
1358 return rbtree_finddata(home_servers_byaddr, &myhome);