#define DEFAULT_TLS_SECRET "mysecret"
#define DEFAULT_UDP_PORT "1812"
#define DEFAULT_TLS_PORT "2083"
-#define REQUEST_EXPIRY 20
-#define REQUEST_RETRIES 3
+#define REQUEST_RETRY_INTERVAL 5
+#define REQUEST_RETRY_COUNT 2
#define MAX_CERT_DEPTH 5
#define STATUS_SERVER_PERIOD 25
#define RAD_Access_Request 1
struct options {
char *listenudp;
- char *listentcp;
+ char *listentls;
char *listenaccudp;
char *sourceudp;
- char *sourcetcp;
+ char *sourcetls;
char *logdestination;
uint8_t loglevel;
uint8_t loopprevention;
char *secret;
regex_t *certcnregex;
regex_t *certuriregex;
- regex_t *rewriteattrregex;
- char *rewriteattrreplacement;
+ struct modattr *rewriteusername;
uint8_t statusserver;
+ uint8_t retryinterval;
+ uint8_t retrycount;
uint8_t certnamecheck;
- SSL_CTX *ssl_ctx;
- struct rewrite *rewrite;
+ struct rewrite *rewritein;
+ struct rewrite *rewriteout;
struct addrinfo *addrinfo;
uint8_t prefixlen;
+ struct tls *tlsconf;
struct list *clients;
struct server *servers;
};
struct clsrvconf *conf;
SSL *ssl;
struct replyq *replyq;
+ struct sockaddr *addr;
};
struct server {
struct realm {
char *name;
char *message;
+ uint8_t accresp;
regex_t regex;
struct list *srvconfs;
struct list *accsrvconfs;
struct tls {
char *name;
+ char *cacertfile;
+ char *cacertpath;
+ char *certfile;
+ char *certkeyfile;
+ char *certkeypwd;
+ uint8_t crlcheck;
+ uint32_t cacheexpiry;
+ uint32_t expiry;
SSL_CTX *ctx;
- int count;
+};
+
+struct attribute {
+ uint8_t t;
+ uint8_t l;
+ uint8_t *v;
+};
+
+struct modattr {
+ uint8_t t;
+ char *replacement;
+ regex_t *regex;
};
struct rewrite {
uint8_t *removeattrs;
uint32_t *removevendorattrs;
+ struct list *addattrs;
+ struct list *modattrs;
};
struct rewriteconf {
#define ATTRLEN(x) ((x)[1])
#define ATTRVAL(x) ((x) + 2)
#define ATTRVALLEN(x) ((x)[1] - 2)
-
-#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \
- sizeof(struct sockaddr_in) : \
- sizeof(struct sockaddr_in6))