added subjectaltname cert checks, incl regexp uri

[radsecproxy.git] / radsecproxy.h

diff --git a/radsecproxy.h b/radsecproxy.h
index b4dcfe6..2516074 100644 (file)
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006 Stig Venaas <venaas@uninett.no>
+ * Copyright (C) 2006, 2007 Stig Venaas <venaas@uninett.no>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -8,9 +8,7 @@
 
 #define DEBUG_LEVEL 3
 
-#define CONFIG_MAIN "/etc/radsecproxy/radsecproxy.conf"
-#define CONFIG_SERVERS "/etc/radsecproxy/servers.conf"
-#define CONFIG_CLIENTS "/etc/radsecproxy/clients.conf"
+#define CONFIG_MAIN "/etc/radsecproxy.conf"
 
 /* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
 #define MAX_REQUESTS 256
@@ -32,6 +30,7 @@
 
 #define RAD_Attr_User_Name 1
 #define RAD_Attr_User_Password 2
+#define RAD_Attr_Reply_Message 18
 #define RAD_Attr_Vendor_Specific 26
 #define RAD_Attr_Tunnel_Password 69
 #define RAD_Attr_Message_Authenticator 80
@@ -43,11 +42,6 @@
 #define CONF_CBK 2
 
 struct options {
-    char *tlscacertificatefile;
-    char *tlscacertificatepath;
-    char *tlscertificatefile;
-    char *tlscertificatekeyfile;
-    char *tlscertificatekeypassword;
     char *listenudp;
     char *listentcp;
     char *logdestination;
@@ -73,36 +67,40 @@ struct reply {
 };
 
 struct replyq {
-    struct reply *replies;
-    int count;
-    int size;
-    pthread_mutex_t count_mutex;
-    pthread_cond_t count_cond;
+    struct list *replies;
+    pthread_mutex_t mutex;
+    pthread_cond_t cond;
 };
 
-struct peer {
+struct clsrvconf {
+    char *name;
     char type; /* U for UDP, T for TLS */
     char *host;
     char *port;
     char *secret;
-    SSL *ssl;
+    regex_t *certuriregex;
+    uint8_t statusserver;
+    SSL_CTX *ssl_ctx;
     struct addrinfo *addrinfo;
+    struct client *clients;
+    struct server *servers;
 };
 
 struct client {
-    struct peer peer;
+    struct clsrvconf *conf;
+    SSL *ssl;
     struct replyq *replyq;
 };
 
 struct server {
-    struct peer peer;
+    struct clsrvconf *conf;
     int sock;
+    SSL *ssl;
     pthread_mutex_t lock;
     pthread_t clientth;
     struct timeval lastconnecttry;
     uint8_t connectionok;
     int nextid;
-    uint8_t statusserver;
     struct request *requests;
     uint8_t newrq;
     pthread_mutex_t newrq_mutex;
@@ -111,8 +109,15 @@ struct server {
 
 struct realm {
     char *name;
+    char *message;
     regex_t regex;
-    struct server *server;
+    struct clsrvconf *srvconf;
+};
+
+struct tls {
+    char *name;
+    SSL_CTX *ctx;
+    int count;
 };
 
 #define RADLEN(x) ntohs(((uint16_t *)(x))[1])
@@ -126,9 +131,8 @@ struct realm {
                             sizeof(struct sockaddr_in) : \
                             sizeof(struct sockaddr_in6))
 
-void errx(char *format, ...);
-void err(char *format, ...);
 char *stringcopy(char *s, int len);
 char *addr2string(struct sockaddr *addr, socklen_t len);
+void printfchars(char *prefixfmt, char *prefix, char *charfmt, char *chars, int len);
 int bindport(int type, char *port);
 int connectport(int type, char *host, char *port);