#include <openssl/x509v3.h>
#include "debug.h"
#include "list.h"
+#include "hash.h"
#include "util.h"
#include "gconfig.h"
#include "radsecproxy.h"
static struct options options;
static struct list *clconfs, *srvconfs;
-struct list *realms, *tlsconfs, *rewriteconfs;
+struct list *realms;
+struct hash *tlsconfs, *rewriteconfs;
static struct addrinfo *srcprotores[4] = { NULL, NULL, NULL, NULL };
-static pthread_mutex_t tlsconfs_lock;
static pthread_mutex_t *ssl_locks = NULL;
static long *ssl_lock_count;
extern int optind;
free(res);
}
+int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) {
+ int s, on = 1;
+ struct addrinfo *res;
+
+ for (res = addrinfo; res; res = res->ai_next) {
+ if (family != AF_UNSPEC && family != res->ai_family)
+ continue;
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s < 0) {
+ debug(DBG_WARN, "bindtoaddr: socket failed");
+ continue;
+ }
+ if (reuse)
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+#ifdef IPV6_V6ONLY
+ if (v6only)
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on));
+#endif
+ if (!bind(s, res->ai_addr, res->ai_addrlen))
+ return s;
+ debug(DBG_WARN, "bindtoaddr: bind failed");
+ close(s);
+ }
+ return -1;
+}
+
int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src) {
int s;
struct addrinfo *res;
}
SSL_CTX *tlsgetctx(uint8_t type, char *alt1, char *alt2) {
- struct list_node *entry;
- struct tls *t, *t1 = NULL, *t2 = NULL;
- SSL_CTX *ctx = NULL;
-
- pthread_mutex_lock(&tlsconfs_lock);
-
- for (entry = list_first(tlsconfs); entry; entry = list_next(entry)) {
- t = (struct tls *)entry->data;
- if (!strcasecmp(t->name, alt1)) {
- t1 = t;
- break;
- }
- if (!t2 && alt2 && !strcasecmp(t->name, alt2))
- t2 = t;
- }
+ struct tls *t;
- t = (t1 ? t1 : t2);
- if (!t)
- goto exit;
+ t = hash_read(tlsconfs, alt1, strlen(alt1));
+ if (!t) {
+ t = hash_read(tlsconfs, alt2, strlen(alt2));
+ if (!t)
+ return NULL;
+ }
switch (type) {
case RAD_TLS:
if (!t->tlsctx)
t->tlsctx = tlscreatectx(RAD_TLS, t);
- ctx = t->tlsctx;
- break;
+ return t->tlsctx;
case RAD_DTLS:
if (!t->dtlsctx)
t->dtlsctx = tlscreatectx(RAD_DTLS, t);
- ctx = t->dtlsctx;
- break;
+ return t->dtlsctx;
}
-
- exit:
- pthread_mutex_unlock(&tlsconfs_lock);
- return ctx;
+ return NULL;
}
struct list *addsrvconfs(char *value, char **names) {
}
struct rewrite *getrewrite(char *alt1, char *alt2) {
- struct list_node *entry;
- struct rewriteconf *r, *r1 = NULL, *r2 = NULL;
-
- for (entry = list_first(rewriteconfs); entry; entry = list_next(entry)) {
- r = (struct rewriteconf *)entry->data;
- if (!strcasecmp(r->name, alt1)) {
- r1 = r;
- break;
- }
- if (!r2 && alt2 && !strcasecmp(r->name, alt2))
- r2 = r;
- }
+ struct rewrite *r;
- r = (r1 ? r1 : r2);
- if (!r)
- return NULL;
- return r->rewrite;
+ if ((r = hash_read(rewriteconfs, alt1, strlen(alt1))))
+ return r;
+ if ((r = hash_read(rewriteconfs, alt2, strlen(alt2))))
+ return r;
+ return NULL;
}
void addrewrite(char *value, char **attrs, char **vattrs) {
- struct rewriteconf *new;
struct rewrite *rewrite = NULL;
int i, n;
uint8_t *a = NULL;
rewrite->removevendorattrs = va;
}
- new = malloc(sizeof(struct rewriteconf));
- if (!new || !list_push(rewriteconfs, new))
+ if (!hash_insert(rewriteconfs, value, strlen(value), rewrite))
debugx(1, DBG_ERR, "malloc failed");
-
- memset(new, 0, sizeof(struct rewriteconf));
- new->name = stringcopy(value, 0);
- if (!new->name)
- debugx(1, DBG_ERR, "malloc failed");
-
- new->rewrite = rewrite;
debug(DBG_DBG, "addrewrite: added rewrite block %s", value);
}
debug(DBG_ERR, "conftls_cb: malloc failed");
goto errexit;
}
-
- pthread_mutex_lock(&tlsconfs_lock);
- if (!list_push(tlsconfs, conf)) {
+
+ if (!hash_insert(tlsconfs, val, strlen(val), conf)) {
debug(DBG_ERR, "conftls_cb: malloc failed");
- pthread_mutex_unlock(&tlsconfs_lock);
goto errexit;
}
- pthread_mutex_unlock(&tlsconfs_lock);
debug(DBG_DBG, "conftls_cb: added TLS block %s", val);
return 1;
if (!realms)
debugx(1, DBG_ERR, "malloc failed");
- tlsconfs = list_create();
+ tlsconfs = hash_create();
if (!tlsconfs)
debugx(1, DBG_ERR, "malloc failed");
- rewriteconfs = list_create();
+ rewriteconfs = hash_create();
if (!rewriteconfs)
debugx(1, DBG_ERR, "malloc failed");
debug_init("radsecproxy");
debug_set_level(DEBUG_LEVEL);
- pthread_mutex_init(&tlsconfs_lock, NULL);
getargs(argc, argv, &foreground, &pretend, &loglevel, &configfile);
if (loglevel)