added subjectaltname cert checks, incl regexp uri

[radsecproxy.git] / radsecproxy.h

diff --git a/radsecproxy.h b/radsecproxy.h
index 53c772a..2516074 100644 (file)
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -1,16 +1,14 @@
 /*
- * Copyright (C) 2006 Stig Venaas <venaas@uninett.no>
+ * Copyright (C) 2006, 2007 Stig Venaas <venaas@uninett.no>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  */
 
-#define RADLEN(x) ntohs(((uint16_t *)(x))[1])
+#define DEBUG_LEVEL 3
 
-#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \
-                            sizeof(struct sockaddr_in) : \
-                            sizeof(struct sockaddr_in6))
+#define CONFIG_MAIN "/etc/radsecproxy.conf"
 
 /* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
 #define MAX_REQUESTS 256
@@ -20,7 +18,7 @@
 #define REQUEST_EXPIRY 20
 #define REQUEST_RETRIES 3
 #define MAX_CERT_DEPTH 5
-
+#define STATUS_SERVER_PERIOD 25
 #define RAD_Access_Request 1
 #define RAD_Access_Accept 2
 #define RAD_Access_Reject 3
@@ -32,6 +30,7 @@
 
 #define RAD_Attr_User_Name 1
 #define RAD_Attr_User_Password 2
+#define RAD_Attr_Reply_Message 18
 #define RAD_Attr_Vendor_Specific 26
 #define RAD_Attr_Tunnel_Password 69
 #define RAD_Attr_Message_Authenticator 80
@@ -39,18 +38,16 @@
 #define RAD_VS_ATTR_MS_MPPE_Send_Key 16
 #define RAD_VS_ATTR_MS_MPPE_Recv_Key 17
 
-#define RAD_Attr_Type 0
-#define RAD_Attr_Length 1
-#define RAD_Attr_Value 2
+#define CONF_STR 1
+#define CONF_CBK 2
 
 struct options {
-    char *tlscacertificatefile;
-    char *tlscacertificatepath;
-    char *tlscertificatefile;
-    char *tlscertificatekeyfile;
-    char *udpserverport;
+    char *listenudp;
+    char *listentcp;
+    char *logdestination;
+    uint8_t loglevel;
 };
-    
+
 /* requests that our client will send */
 struct request {
     unsigned char *buf;
@@ -58,7 +55,6 @@ struct request {
     uint8_t received;
     struct timeval expiry;
     struct client *from;
-    char *messageauthattrval;
     uint8_t origid; /* used by servwr */
     char origauth[16]; /* used by servwr */
     struct sockaddr_storage fromsa; /* used by udpservwr */
@@ -71,32 +67,35 @@ struct reply {
 };
 
 struct replyq {
-    struct reply *replies;
-    int count;
-    int size;
-    pthread_mutex_t count_mutex;
-    pthread_cond_t count_cond;
+    struct list *replies;
+    pthread_mutex_t mutex;
+    pthread_cond_t cond;
 };
 
-struct peer {
+struct clsrvconf {
+    char *name;
     char type; /* U for UDP, T for TLS */
     char *host;
     char *port;
     char *secret;
-    SSL *ssl;
+    regex_t *certuriregex;
+    uint8_t statusserver;
+    SSL_CTX *ssl_ctx;
     struct addrinfo *addrinfo;
+    struct client *clients;
+    struct server *servers;
 };
 
 struct client {
-    struct peer peer;
+    struct clsrvconf *conf;
+    SSL *ssl;
     struct replyq *replyq;
 };
 
 struct server {
-    struct peer peer;
-    char *realmdata;
-    char **realms;
+    struct clsrvconf *conf;
     int sock;
+    SSL *ssl;
     pthread_mutex_t lock;
     pthread_t clientth;
     struct timeval lastconnecttry;
@@ -108,9 +107,32 @@ struct server {
     pthread_cond_t newrq_cond;
 };
 
-void errx(char *format, ...);
-void err(char *format, ...);
+struct realm {
+    char *name;
+    char *message;
+    regex_t regex;
+    struct clsrvconf *srvconf;
+};
+
+struct tls {
+    char *name;
+    SSL_CTX *ctx;
+    int count;
+};
+
+#define RADLEN(x) ntohs(((uint16_t *)(x))[1])
+
+#define ATTRTYPE(x) ((x)[0])
+#define ATTRLEN(x) ((x)[1])
+#define ATTRVAL(x) ((x) + 2)
+#define ATTRVALLEN(x) ((x)[1] - 2)
+
+#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \
+                            sizeof(struct sockaddr_in) : \
+                            sizeof(struct sockaddr_in6))
+
 char *stringcopy(char *s, int len);
 char *addr2string(struct sockaddr *addr, socklen_t len);
+void printfchars(char *prefixfmt, char *prefix, char *charfmt, char *chars, int len);
 int bindport(int type, char *port);
 int connectport(int type, char *host, char *port);