2 * realms.c Realm handling code
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2000,2006 The FreeRADIUS server project
21 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/autoconf.h>
38 #include <freeradius-devel/radiusd.h>
39 #include <freeradius-devel/rad_assert.h>
41 static rbtree_t *realms_byname = NULL;
43 static rbtree_t *home_servers_byaddr = NULL;
44 static rbtree_t *home_servers_byname = NULL;
46 static rbtree_t *home_pools_byname = NULL;
48 static int realm_name_cmp(const void *one, const void *two)
53 return strcasecmp(a->name, b->name);
57 static int home_server_name_cmp(const void *one, const void *two)
59 const home_server *a = one;
60 const home_server *b = two;
62 return strcasecmp(a->name, b->name);
65 static int home_server_addr_cmp(const void *one, const void *two)
67 const home_server *a = one;
68 const home_server *b = two;
70 if (a->ipaddr.af < b->ipaddr.af) return -1;
71 if (a->ipaddr.af > b->ipaddr.af) return +1;
73 if (a->port < b->port) return -1;
74 if (a->port > b->port) return +1;
76 switch (a->ipaddr.af) {
78 return memcmp(&a->ipaddr.ipaddr.ip4addr,
79 &b->ipaddr.ipaddr.ip4addr,
80 sizeof(a->ipaddr.ipaddr.ip4addr));
83 return memcmp(&a->ipaddr.ipaddr.ip6addr,
84 &b->ipaddr.ipaddr.ip6addr,
85 sizeof(a->ipaddr.ipaddr.ip6addr));
95 static int home_pool_name_cmp(const void *one, const void *two)
97 const home_pool_t *a = one;
98 const home_pool_t *b = two;
100 return strcasecmp(a->name, b->name);
104 void realms_free(void)
106 rbtree_free(home_servers_byname);
107 home_servers_byname = NULL;
109 rbtree_free(home_servers_byaddr);
110 home_servers_byaddr = NULL;
112 rbtree_free(home_pools_byname);
113 home_pools_byname = NULL;
115 rbtree_free(realms_byname);
116 realms_byname = NULL;
120 int realms_init(const char *filename)
124 if (realms_byname) return 1;
126 realms_byname = rbtree_create(realm_name_cmp, free, 0);
127 if (!realms_byname) {
132 home_servers_byaddr = rbtree_create(home_server_addr_cmp, free, 0);
133 if (!home_servers_byaddr) {
138 home_servers_byname = rbtree_create(home_server_name_cmp, NULL, 0);
139 if (!home_servers_byname) {
144 home_pools_byname = rbtree_create(home_pool_name_cmp, free, 0);
145 if (!home_pools_byname) {
150 for (cs = cf_subsection_find_next(mainconfig.config, NULL, "realm");
152 cs = cf_subsection_find_next(mainconfig.config, cs, "realm")) {
153 if (!realm_add(filename, cs)) {
162 static struct in_addr hs_ip4addr;
163 static struct in6_addr hs_ip6addr;
164 static char *hs_type = NULL;
165 static char *hs_check = NULL;
167 static CONF_PARSER home_server_config[] = {
168 { "ipaddr", PW_TYPE_IPADDR,
169 0, &hs_ip4addr, NULL },
170 { "ipv6addr", PW_TYPE_IPV6ADDR,
171 0, &hs_ip6addr, NULL },
173 { "hostname", PW_TYPE_STRING_PTR,
174 offsetof(home_server,hostname), NULL, NULL},
175 { "port", PW_TYPE_INTEGER,
176 offsetof(home_server,port), NULL, "0" },
178 { "type", PW_TYPE_STRING_PTR,
181 { "secret", PW_TYPE_STRING_PTR,
182 offsetof(home_server,secret), NULL, NULL},
184 { "response_window", PW_TYPE_INTEGER,
185 offsetof(home_server,response_window), NULL, "30" },
186 { "max_outstanding", PW_TYPE_INTEGER,
187 offsetof(home_server,max_outstanding), NULL, "65536" },
189 { "zombie_period", PW_TYPE_INTEGER,
190 offsetof(home_server,zombie_period), NULL, "40" },
191 { "ping_check", PW_TYPE_STRING_PTR,
192 0, &hs_check, "none" },
194 { "ping_interval", PW_TYPE_INTEGER,
195 offsetof(home_server,ping_interval), NULL, "30" },
196 { "num_pings_to_alive", PW_TYPE_INTEGER,
197 offsetof(home_server,num_pings_to_alive), NULL, "3" },
198 { "revive_interval", PW_TYPE_INTEGER,
199 offsetof(home_server,revive_interval), NULL, "300" },
201 { "username", PW_TYPE_STRING_PTR,
202 offsetof(home_server,ping_user_name), NULL, NULL},
203 { "password", PW_TYPE_STRING_PTR,
204 offsetof(home_server,ping_user_password), NULL, NULL},
206 { NULL, -1, 0, NULL, NULL } /* end the list */
211 static int home_server_add(const char *filename, CONF_SECTION *cs)
216 name2 = cf_section_name1(cs);
217 if (!name2 || (strcasecmp(name2, "home_server") != 0)) {
218 radlog(L_ERR, "%s[%d]: Section is not a home_server.",
219 filename, cf_section_lineno(cs));
223 name2 = cf_section_name2(cs);
225 radlog(L_ERR, "%s[%d]: Home server section is missing a name.",
226 filename, cf_section_lineno(cs));
230 home = rad_malloc(sizeof(*home));
231 memset(home, 0, sizeof(*home));
235 memset(&hs_ip4addr, 0, sizeof(hs_ip4addr));
236 memset(&hs_ip6addr, 0, sizeof(hs_ip6addr));
237 cf_section_parse(cs, home, home_server_config);
239 if (!home->hostname && (htonl(hs_ip4addr.s_addr) == INADDR_NONE) &&
240 IN6_IS_ADDR_UNSPECIFIED(&hs_ip6addr)) {
241 radlog(L_ERR, "%s[%d]: No hostname, IPv4 address, or IPv6 address defined for home server %s.",
242 filename, cf_section_lineno(cs), name2);
252 * FIXME: Parse home->hostname!
254 * Right now, only ipaddr && ip6addr are used.
255 * The old-style parsing still allows hostnames.
257 if (htonl(hs_ip4addr.s_addr) != INADDR_NONE) {
258 home->ipaddr.af = AF_INET;
259 home->ipaddr.ipaddr.ip4addr = hs_ip4addr;
261 } else if (!IN6_IS_ADDR_UNSPECIFIED(&hs_ip6addr)) {
262 home->ipaddr.af = AF_INET6;
263 home->ipaddr.ipaddr.ip6addr = hs_ip6addr;
266 radlog(L_ERR, "%s[%d]: FIXME: parse hostname for home server %s.",
267 filename, cf_section_lineno(cs), name2);
276 if (!home->port || (home->port > 65535)) {
277 radlog(L_ERR, "%s[%d]: No port, or invalid port defined for home server %s.",
278 filename, cf_section_lineno(cs), name2);
288 radlog(L_ERR, "%s[%d]: Fatal error! Home server %s is ourselves!",
289 filename, cf_section_lineno(cs), name2);
298 if (strcasecmp(hs_type, "auth") == 0) {
299 home->type = HOME_TYPE_AUTH;
301 } else if (strcasecmp(hs_type, "acct") == 0) {
302 home->type = HOME_TYPE_ACCT;
305 radlog(L_ERR, "%s[%d]: Invalid type \"%s\" for home server %s.",
306 filename, cf_section_lineno(cs), hs_type, name2);
318 radlog(L_ERR, "%s[%d]: No shared secret defined for home server %s.",
319 filename, cf_section_lineno(cs), name2);
324 if (strcasecmp(hs_check, "none") == 0) {
325 home->ping_check = HOME_PING_CHECK_NONE;
327 } else if (strcasecmp(hs_check, "status-server") == 0) {
328 home->ping_check = HOME_PING_CHECK_STATUS_SERVER;
330 } else if (strcasecmp(hs_check, "request") == 0) {
331 home->ping_check = HOME_PING_CHECK_REQUEST;
334 radlog(L_ERR, "%s[%d]: Invalid ping_check \"%s\" for home server %s.",
335 filename, cf_section_lineno(cs), hs_check, name2);
344 if ((home->ping_check != HOME_PING_CHECK_NONE) &&
345 (home->ping_check != HOME_PING_CHECK_STATUS_SERVER)) {
346 if (!home->ping_user_name) {
347 radlog(L_INFO, "%s[%d]: You must supply a user name to enable ping checks",
348 filename, cf_section_lineno(cs));
353 if ((home->type == HOME_TYPE_AUTH) &&
354 !home->ping_user_password) {
355 radlog(L_INFO, "%s[%d]: You must supply a password to enable ping checks",
356 filename, cf_section_lineno(cs));
362 if (rbtree_finddata(home_servers_byaddr, home)) {
363 radlog(L_INFO, "%s[%d]: Ignoring duplicate home server %s.",
364 filename, cf_section_lineno(cs), name2);
368 if (!rbtree_insert(home_servers_byname, home)) {
369 radlog(L_ERR, "%s[%d]: Internal error adding home server %s.",
370 filename, cf_section_lineno(cs), name2);
375 if (!rbtree_insert(home_servers_byaddr, home)) {
376 rbtree_deletebydata(home_servers_byname, home);
377 radlog(L_ERR, "%s[%d]: Internal error adding home server %s.",
378 filename, cf_section_lineno(cs), name2);
383 if (home->response_window < 5) home->response_window = 5;
384 if (home->response_window > 60) home->response_window = 60;
386 if (home->max_outstanding < 8) home->max_outstanding = 8;
387 if (home->max_outstanding > 65536*16) home->max_outstanding = 65536*16;
389 if (home->ping_interval < 6) home->ping_interval = 6;
390 if (home->ping_interval > 120) home->ping_interval = 120;
392 if (home->zombie_period < 20) home->zombie_period = 20;
393 if (home->zombie_period > 120) home->zombie_period = 120;
395 if (home->zombie_period < home->response_window) {
396 home->zombie_period = home->response_window;
399 if (home->num_pings_to_alive < 3) home->num_pings_to_alive = 3;
400 if (home->num_pings_to_alive > 10) home->num_pings_to_alive = 10;
402 if (home->revive_interval < 60) home->revive_interval = 60;
403 if (home->revive_interval > 3600) home->revive_interval = 3600;
409 static int server_pool_add(const char *filename, CONF_SECTION *cs)
415 int num_home_servers;
417 name2 = cf_section_name1(cs);
418 if (!name2 || (strcasecmp(name2, "server_pool") != 0)) {
419 radlog(L_ERR, "%s[%d]: Section is not a server_pool.",
420 filename, cf_section_lineno(cs));
424 name2 = cf_section_name2(cs);
426 radlog(L_ERR, "%s[%d]: Server pool section is missing a name.",
427 filename, cf_section_lineno(cs));
431 num_home_servers = 0;
432 for (cp = cf_pair_find(cs, "home_server");
434 cp = cf_pair_find_next(cs, cp, "home_server")) {
438 if (num_home_servers == 0) {
439 radlog(L_ERR, "%s[%d]: No home servers defined in pool %s",
440 filename, cf_section_lineno(cs), name2);
444 pool = rad_malloc(sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
445 memset(pool, 0, sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
447 pool->type = HOME_POOL_FAIL_OVER;
450 cp = cf_pair_find(cs, "type");
452 value = cf_pair_value(cp);
454 radlog(L_ERR, "%s[%d]: No value given for type.",
455 filename, cf_pair_lineno(cp));
460 if (strcmp(value, "load-balance") == 0) {
461 pool->type = HOME_POOL_LOAD_BALANCE;
463 } else if (strcmp(value, "fail-over") == 0) {
464 pool->type = HOME_POOL_FAIL_OVER;
467 radlog(L_ERR, "%s[%d]: Unknown type \"%s\".",
468 filename, cf_pair_lineno(cp), value);
473 DEBUG2(" server_pool %s: type = %s", name2, value);
476 for (cp = cf_pair_find(cs, "home_server");
478 cp = cf_pair_find_next(cs, cp, "home_server")) {
479 home_server myhome, *home;
481 value = cf_pair_value(cp);
483 radlog(L_ERR, "%s[%d]: No value given for home_server.",
484 filename, cf_pair_lineno(cp));
491 home = rbtree_finddata(home_servers_byname, &myhome);
493 CONF_SECTION *server_cs;
495 server_cs = cf_section_sub_find_name2(NULL,
499 radlog(L_ERR, "%s[%d]: Unknown home_server \"%s\".",
500 filename, cf_pair_lineno(cp), value);
505 if (!home_server_add(filename, server_cs)) {
510 home = rbtree_finddata(home_servers_byname, &myhome);
512 rad_assert("Internal sanity check failed");
517 if (!pool->server_type) {
518 rad_assert(home->type != 0);
519 pool->server_type = home->type;
521 } else if (pool->server_type != home->type) {
522 radlog(L_ERR, "%s[%d]: Home server \"%s\" is not of the same type as previous servers in server pool %s",
523 filename, cf_pair_lineno(cp), value, pool->name);
529 DEBUG2("Warning: Duplicate home server %s in server pool %s", home->name, pool->name);
533 DEBUG2(" server_pool %s: home_server = %s", name2, home->name);
534 pool->servers[pool->num_home_servers] = home;
535 pool->num_home_servers++;
537 } /* loop over home_server's */
539 if (!rbtree_insert(home_pools_byname, pool)) {
540 rad_assert("Internal sanity check failed");
544 rad_assert(pool->server_type != 0);
550 static int old_server_add(const char *filename, int lineno,
551 const char *name, const char *secret,
552 home_pool_type_t ldflag, home_pool_t **pool_p,
555 int i, insert_point, num_home_servers;
556 home_server myhome, *home;
557 home_pool_t mypool, *pool;
561 * LOCAL realms get sanity checked, and nothing else happens.
563 if (strcmp(name, "LOCAL") == 0) {
565 radlog(L_ERR, "%s[%d]: Realm \"%s\" cannot be both LOCAL and remote", filename, lineno, name);
572 pool = rbtree_finddata(home_pools_byname, &mypool);
574 if (pool->type != ldflag) {
575 radlog(L_ERR, "%s[%d]: Inconsistent ldflag for server pool \"%s\"", filename, lineno, name);
579 if (pool->server_type != type) {
580 radlog(L_ERR, "%s[%d]: Inconsistent home server type for server pool \"%s\"", filename, lineno, name);
586 home = rbtree_finddata(home_servers_byname, &myhome);
588 if (strcmp(home->secret, secret) != 0) {
589 radlog(L_ERR, "%s[%d]: Inconsistent shared secret for home server \"%s\"", filename, lineno, name);
593 if (home->type != type) {
594 radlog(L_ERR, "%s[%d]: Inconsistent type for home server \"%s\"", filename, lineno, name);
599 * See if the home server is already listed
600 * in the pool. If so, do nothing else.
602 if (pool) for (i = 0; i < pool->num_home_servers; i++) {
603 if (pool->servers[i] == home) {
610 * If we do have a pool, check that there is room to
611 * insert the home server we've found, or the one that we
614 * Note that we insert it into the LAST available
615 * position, in order to maintain the same order as in
616 * the configuration files.
620 for (i = pool->num_home_servers - 1; i >= 0; i--) {
621 if (pool->servers[i]) break;
623 if (!pool->servers[i]) {
628 if (insert_point < 0) {
629 radlog(L_ERR, "%s[%d]: No room in pool to add home server \"%s\". Please update the realm configuration to use the new-style home servers and server pools.", filename, lineno, name);
635 * No home server, allocate one.
641 home = rad_malloc(sizeof(*home));
642 memset(home, 0, sizeof(*home));
645 home->hostname = name;
647 home->secret = secret;
649 p = strchr(name, ':');
651 if (type == HOME_TYPE_AUTH) {
652 home->port = PW_AUTH_UDP_PORT;
654 home->port = PW_ACCT_UDP_PORT;
660 } else if (p == name) {
661 radlog(L_ERR, "%s[%d]: Invalid hostname %s.",
662 filename, lineno, name);
667 home->port = atoi(p + 1);
668 if ((home->port == 0) || (home->port > 65535)) {
669 radlog(L_ERR, "%s[%d]: Invalid port %s.",
670 filename, lineno, p + 1);
675 q = rad_malloc((p - name) + 1);
676 memcpy(q, name, (p - name));
681 if (ip_hton(p, AF_UNSPEC, &home->ipaddr) < 0) {
682 radlog(L_ERR, "%s[%d]: Failed looking up hostname %s.",
683 filename, lineno, p);
691 * Use the old-style configuration.
693 home->max_outstanding = 65535*16;
694 home->zombie_period = mainconfig.proxy_retry_delay * mainconfig.proxy_retry_count;
695 if (home->zombie_period == 0) home->zombie_period =30;
696 home->response_window = home->zombie_period - 1;
698 home->ping_check = HOME_PING_CHECK_NONE;
700 home->revive_interval = mainconfig.proxy_dead_time;
702 if (rbtree_finddata(home_servers_byaddr, home)) {
703 radlog(L_ERR, "%s[%d]: Home server %s has the same IP address as another home server.",
704 filename, lineno, name);
709 if (!rbtree_insert(home_servers_byname, home)) {
710 radlog(L_ERR, "%s[%d]: Internal error adding home server %s.",
711 filename, lineno, name);
716 if (!rbtree_insert(home_servers_byaddr, home)) {
717 rbtree_deletebydata(home_servers_byname, home);
718 radlog(L_ERR, "%s[%d]: Internal error adding home server %s.",
719 filename, lineno, name);
726 * We now have a home server, see if we can insert it
727 * into pre-existing pool.
729 if (insert_point >= 0) {
730 rad_assert(pool != NULL);
731 pool->servers[insert_point] = home;
735 rad_assert(pool == NULL);
736 rad_assert(home != NULL);
739 * Count the old-style realms of this name.
741 num_home_servers = 0;
742 for (cs = cf_section_sub_find_name2(mainconfig.config, "realm", name);
744 cs = cf_section_sub_find_name2(cs, "realm", name)) {
749 pool = rad_malloc(sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
750 memset(pool, 0, sizeof(*pool) + num_home_servers * sizeof(pool->servers[0]));
754 pool->server_type = type;
755 pool->num_home_servers = num_home_servers;
756 pool->servers[0] = home;
758 if (!rbtree_insert(home_pools_byname, pool)) {
759 rad_assert("Internal sanity check failed");
768 static int old_realm_config(const char *filename, CONF_SECTION *cs, REALM *r)
772 home_pool_type_t ldflag;
774 secret = cf_section_value_find(cs, "secret");
776 host = cf_section_value_find(cs, "ldflag");
778 (strcasecmp(host, "fail_over") == 0)) {
779 ldflag = HOME_POOL_FAIL_OVER;
780 DEBUG2(" realm %s: ldflag = fail_over", r->name);
782 } else if (strcasecmp(host, "round_robin") == 0) {
783 ldflag = HOME_POOL_LOAD_BALANCE;
784 DEBUG2(" realm %s: ldflag = round_robin", r->name);
787 radlog(L_ERR, "%s[%d]: Unknown value \"%s\" for ldflag",
788 filename, cf_section_lineno(cs), host);
793 * Allow old-style if it doesn't exist, or if it exists and
796 if (((host = cf_section_value_find(cs, "authhost")) != NULL) &&
797 (strcmp(host, "LOCAL") != 0)) {
799 radlog(L_ERR, "%s[%d]: No shared secret supplied for realm: %s",
800 filename, cf_section_lineno(cs), r->name);
804 DEBUG2(" realm %s: authhost = %s", r->name, host);
806 if (!old_server_add(filename, cf_section_lineno(cs),
807 host, secret, ldflag,
808 &r->auth_pool, HOME_TYPE_AUTH)) {
813 if (((host = cf_section_value_find(cs, "accthost")) != NULL) &&
814 (strcmp(host, "LOCAL") != 0)) {
816 radlog(L_ERR, "%s[%d]: No shared secret supplied for realm: %s",
817 filename, cf_section_lineno(cs), r->name);
821 DEBUG2(" realm %s: accthost = %s", r->name, host);
823 if (!old_server_add(filename, cf_section_lineno(cs),
824 host, secret, ldflag,
825 &r->auth_pool, HOME_TYPE_ACCT)) {
830 if (secret) DEBUG2(" realm %s: secret = %s", r->name, secret);
837 static int add_pool_to_realm(const char *filename, int lineno,
838 const char *name, home_pool_t **dest,
841 home_pool_t mypool, *pool;
844 pool = rbtree_finddata(home_pools_byname, &mypool);
846 CONF_SECTION *pool_cs;
848 pool_cs = cf_section_sub_find_name2(NULL, "server_pool",
851 radlog(L_ERR, "%s[%d]: Failed to find server_pool \"%s\"",
852 filename, lineno, name);
856 if (!server_pool_add(filename, pool_cs)) {
860 pool = rbtree_finddata(home_pools_byname, &mypool);
862 rad_assert("Internal sanity check failed");
867 if (pool->server_type != server_type) {
868 radlog(L_ERR, "%s[%d]: Incompatible server_pool \"%s\" (mixed auth_pool / acct_pool)",
869 filename, lineno, name);
878 int realm_add(const char *filename, CONF_SECTION *cs)
885 name2 = cf_section_name1(cs);
886 if (!name2 || (strcasecmp(name2, "realm") != 0)) {
887 radlog(L_ERR, "%s[%d]: Section is not a realm.",
888 filename, cf_section_lineno(cs));
892 name2 = cf_section_name2(cs);
894 radlog(L_ERR, "%s[%d]: Realm section is missing the realm name.",
895 filename, cf_section_lineno(cs));
900 * The realm MAY already exist if it's an old-style realm.
901 * In that case, merge the old-style realm with this one.
903 r = realm_find(name2);
905 if (cf_pair_find(cs, "auth_pool") ||
906 cf_pair_find(cs, "acct_pool")) {
907 radlog(L_ERR, "%s[%d]: Duplicate realm \"%s\"",
908 filename, cf_section_lineno(cs), name2);
912 if (!old_realm_config(filename, cs, r)) {
919 r = rad_malloc(sizeof(*r));
920 memset(r, 0, sizeof(*r));
925 * Prefer new configuration to old one.
927 cp = cf_pair_find(cs, "auth_pool");
928 if (cp) pool = cf_pair_value(cp);
930 if (!add_pool_to_realm(filename, cf_pair_lineno(cp),
931 pool, &r->auth_pool, HOME_TYPE_AUTH)) {
935 DEBUG2(" realm %s: auth_pool = %s", name2, pool);
938 cp = cf_pair_find(cs, "acct_pool");
939 if (cp) pool = cf_pair_value(cp);
941 if (!add_pool_to_realm(filename, cf_pair_lineno(cp),
942 pool, &r->acct_pool, HOME_TYPE_ACCT)) {
946 DEBUG2(" realm %s: acct_pool = %s", name2, pool);
951 if ((cf_section_value_find(cs, "nostrip")) != NULL) {
953 DEBUG2(" realm %s: nostrip", name2);
957 * We're a new-style realm. Complain if we see the old
960 if (r->auth_pool || r->acct_pool) {
961 if (((cp = cf_pair_find(cs, "authhost")) != NULL) ||
962 ((cp = cf_pair_find(cs, "accthost")) != NULL) ||
963 ((cp = cf_pair_find(cs, "secret")) != NULL) ||
964 ((cp = cf_pair_find(cs, "ldflag")) != NULL)) {
965 DEBUG2("WARNING: Ignoring old-style configuration entry \"%s\" in realm \"%s\"", cf_pair_attr(cp), r->name);
970 * The realm MAY be an old-style realm, as there
971 * was no auth_pool or acct_pool. Double-check
972 * it, just to be safe.
974 } else if (!old_realm_config(filename, cs, r)) {
979 if (!rbtree_insert(realms_byname, r)) {
980 rad_assert("Internal sanity check failed");
990 * Find a realm in the REALM list.
992 REALM *realm_find(const char *name)
996 if (!name) name = "NULL";
999 return rbtree_finddata(realms_byname, &myrealm);
1003 home_server *home_server_ldb(REALM *r, int code)
1009 if (code == PW_AUTHENTICATION_REQUEST) {
1010 pool = r->auth_pool;
1012 } else if (code == PW_ACCOUNTING_REQUEST) {
1013 pool = r->acct_pool;
1016 rad_assert("Internal sanity check failed");
1021 rad_assert("Internal sanity check failed");
1027 for (count = 0; count < pool->num_home_servers; count++) {
1028 home_server *home = pool->servers[count];
1030 if (home->state == HOME_STATE_IS_DEAD) {
1035 * This home server is too busy. Choose another one.
1037 if (home->currently_outstanding >= home->max_outstanding) {
1042 * Fail-over, pick the first one that matches.
1044 if (pool->type == HOME_POOL_FAIL_OVER) {
1049 * FUTURE: If we're well into "zombie_period",
1050 * then we probably want to think about
1051 * load-balancing the packet somewhere else, as
1052 * the home server is probably dead.
1056 * We're doing load-balancing. Pick a random
1057 * number, which will be used to determine which
1058 * home server is chosen.
1066 * See the "camel book" for why this works.
1068 * If (rand(0..n) < 1), pick the current server.
1069 * We add a scale factor of 65536, to avoid
1072 if (((count + 1) * (lrad_rand() & 0xffff)) < (uint32_t) 0x10000) {
1075 } /* loop over the realms */
1078 * No live match found, and no fallback to the "DEFAULT"
1079 * realm. We fix this by blindly marking all servers as
1080 * "live". But only do it for ones that don't support
1081 * "pings", as they will be marked live when they
1082 * actually are live.
1085 !mainconfig.proxy_fallback &&
1086 mainconfig.wake_all_if_all_dead) {
1087 for (count = 0; count < pool->num_home_servers; count++) {
1088 home_server *home = pool->servers[count];
1090 if ((home->state == HOME_STATE_IS_DEAD) &&
1091 (home->ping_check == HOME_PING_CHECK_NONE)) {
1092 home->state = HOME_STATE_ALIVE;
1099 * Still nothing. Look up the DEFAULT realm, but only
1100 * if we weren't looking up the NULL or DEFAULT realms.
1103 mainconfig.proxy_fallback &&
1104 (strcmp(r->name, "NULL") != 0) &&
1105 (strcmp(r->name, "DEFAULT") != 0)) {
1106 REALM *rd = realm_find("DEFAULT");
1109 DEBUG2(" Realm %s has no live home servers. Falling back to the DEFAULT realm.", r->name);
1110 return home_server_ldb(rd, code);
1115 * Return the appropriate home server.
1121 home_server *home_server_find(lrad_ipaddr_t *ipaddr, int port)
1125 myhome.ipaddr = *ipaddr;
1128 return rbtree_finddata(home_servers_byaddr, &myhome);