offsetof(home_server,response_window), NULL, "30" },
{ "max_outstanding", PW_TYPE_INTEGER,
offsetof(home_server,max_outstanding), NULL, "65536" },
- { "require_message_authenticator", PW_TYPE_BOOLEAN,
- offsetof(home_server, message_authenticator), 0, NULL },
{ "zombie_period", PW_TYPE_INTEGER,
offsetof(home_server,zombie_period), NULL, "40" },
{
}
+
+int realms_home_server_add(home_server *home, CONF_SECTION *cs, int dual)
+{
+ CONF_SECTION *parent = NULL;
+ const char * name2 = home->name;
+
+ /*
+ * Make sure that this is set.
+ */
+ if (home->src_ipaddr.af == AF_UNSPEC) {
+ home->src_ipaddr.af = home->ipaddr.af;
+ }
+
+ hs_srcipaddr = NULL;
+
+ if (rbtree_finddata(home_servers_byname, home) != NULL) {
+ cf_log_err(cf_sectiontoitem(cs),
+ "Duplicate home server name %s.", name2);
+ goto error;
+ }
+
+ if (!home->server &&
+ (rbtree_finddata(home_servers_byaddr, home) != NULL)) {
+ cf_log_err(cf_sectiontoitem(cs),
+ "Duplicate home server IP %s.", name2);
+ goto error;
+ }
+
+ if (!rbtree_insert(home_servers_byname, home)) {
+ cf_log_err(cf_sectiontoitem(cs),
+ "Internal error %d adding home server %s.",
+ __LINE__, name2);
+ goto error;
+ }
+
+ if (!home->server &&
+ !rbtree_insert(home_servers_byaddr, home)) {
+ rbtree_deletebydata(home_servers_byname, home);
+ cf_log_err(cf_sectiontoitem(cs),
+ "Internal error %d adding home server %s.",
+ __LINE__, name2);
+ goto error;
+ }
+
+#ifdef WITH_STATS
+ home->number = home_server_max_number++;
+ if (!rbtree_insert(home_servers_bynumber, home)) {
+ rbtree_deletebydata(home_servers_byname, home);
+ if (home->ipaddr.af != AF_UNSPEC) {
+ rbtree_deletebydata(home_servers_byname, home);
+ }
+ cf_log_err(cf_sectiontoitem(cs),
+ "Internal error %d adding home server %s.",
+ __LINE__, name2);
+ goto error;
+ }
+#endif
+
+ if (home->max_outstanding < 8) home->max_outstanding = 8;
+ if (home->max_outstanding > 65536*16) home->max_outstanding = 65536*16;
+
+ if (home->ping_interval < 6) home->ping_interval = 6;
+ if (home->ping_interval > 120) home->ping_interval = 120;
+
+ if (home->response_window < 1) home->response_window = 1;
+ if (home->response_window > 60) home->response_window = 60;
+ if (home->response_window > mainconfig.max_request_time) home->response_window = mainconfig.max_request_time;
+
+ if (home->zombie_period < 1) home->zombie_period = 1;
+ if (home->zombie_period > 120) home->zombie_period = 120;
+
+ if (home->zombie_period < home->response_window) {
+ home->zombie_period = home->response_window;
+ }
+
+ if (home->num_pings_to_alive < 3) home->num_pings_to_alive = 3;
+ if (home->num_pings_to_alive > 10) home->num_pings_to_alive = 10;
+
+ if (home->ping_timeout < 3) home->ping_timeout = 3;
+ if (home->ping_timeout > 10) home->ping_timeout = 10;
+
+ if (home->revive_interval < 60) home->revive_interval = 60;
+ if (home->revive_interval > 3600) home->revive_interval = 3600;
+
+#ifdef WITH_COA
+ if (home->coa_irt < 1) home->coa_irt = 1;
+ if (home->coa_irt > 5) home->coa_irt = 5;
+
+ if (home->coa_mrc < 0) home->coa_mrc = 0;
+ if (home->coa_mrc > 20 ) home->coa_mrc = 20;
+
+ if (home->coa_mrt < 0) home->coa_mrt = 0;
+ if (home->coa_mrt > 30 ) home->coa_mrt = 30;
+
+ if (home->coa_mrd < 5) home->coa_mrd = 5;
+ if (home->coa_mrd > 60 ) home->coa_mrd = 60;
+#endif
+
+ if (home->limit.max_connections > 1024) home->limit.max_connections = 1024;
+
+#ifdef WITH_TCP
+ /*
+ * UDP sockets can't be connection limited.
+ */
+ if (home->proto != IPPROTO_TCP) home->limit.max_connections = 0;
+#endif
+
+ if ((home->limit.idle_timeout > 0) && (home->limit.idle_timeout < 5))
+ home->limit.idle_timeout = 5;
+ if ((home->limit.lifetime > 0) && (home->limit.lifetime < 5))
+ home->limit.lifetime = 5;
+ if ((home->limit.lifetime > 0) && (home->limit.idle_timeout > home->limit.lifetime))
+ home->limit.idle_timeout = 0;
+
+
+ if (cs) {
+ parent = cf_item_parent(cf_sectiontoitem(cs));
+ if (strcmp(cf_section_name1(parent), "server") == 0) {
+ home->parent_server = cf_section_name2(parent);
+ }
+ }
+
+ if (dual) {
+ home_server *home2 = rad_malloc(sizeof(*home2));
+
+ memcpy(home2, home, sizeof(*home2));
+
+ home2->type = HOME_TYPE_ACCT;
+ home2->port++;
+ home2->ping_user_password = NULL;
+ home2->cs = cs;
+ home2->parent_server = home->parent_server;
+
+ if (!rbtree_insert(home_servers_byname, home2)) {
+ cf_log_err(cf_sectiontoitem(cs),
+ "Internal error %d adding home server %s.",
+ __LINE__, name2);
+ free(home2);
+ return 0;
+ }
+
+ if (!home->server &&
+ !rbtree_insert(home_servers_byaddr, home2)) {
+ rbtree_deletebydata(home_servers_byname, home2);
+ cf_log_err(cf_sectiontoitem(cs),
+ "Internal error %d adding home server %s.",
+ __LINE__, name2);
+ free(home2);
+ return 0;
+ }
+
+#ifdef WITH_STATS
+ home2->number = home_server_max_number++;
+ if (!rbtree_insert(home_servers_bynumber, home2)) {
+ rbtree_deletebydata(home_servers_byname, home2);
+ if (!home2->server) {
+ rbtree_deletebydata(home_servers_byname, home2);
+ }
+ cf_log_err(cf_sectiontoitem(cs),
+ "Internal error %d adding home server %s.",
+ __LINE__, name2);
+ free(home2);
+ return 0;
+ }
+#endif
+ }
+
+ return 1;
+ error:
+ return 0;
+}
+
+
static int home_server_add(realm_config_t *rc, CONF_SECTION *cs)
{
const char *name2;
CONF_PAIR *cp;
CONF_SECTION *tls;
- free(hs_virtual_server); /* used only for printing during parsing */
hs_virtual_server = NULL;
name2 = cf_section_name2(cs);
"No ipaddr, ipv6addr, or virtual_server defined for home server \"%s\".",
name2);
error:
- free(home);
- free(hs_type);
+ talloc_free(hs_type);
hs_type = NULL;
- free(hs_check);
hs_check = NULL;
- free(hs_srcipaddr);
hs_srcipaddr = NULL;
#ifdef WITH_TCP
- free(hs_proto);
hs_proto = NULL;
#endif
return 0;
* Use a reasonable default.
*/
skip_port:
- if (!hs_type) hs_type = strdup("auth+acct");
+ if (!hs_type) hs_type = talloc_strdup(cs, "auth+acct");
if (strcasecmp(hs_type, "auth") == 0) {
home->type = HOME_TYPE_AUTH;
hs_type, name2);
goto error;
}
- free(hs_type);
+ if (hs_type) talloc_free(hs_type);
hs_type = NULL;
if (!hs_check || (strcasecmp(hs_check, "none") == 0)) {
hs_check, name2);
goto error;
}
- free(hs_check);
hs_check = NULL;
if ((home->ping_check != HOME_PING_CHECK_NONE) &&
#ifdef WITH_TCP
if (hs_proto) {
if (strcmp(hs_proto, "udp") == 0) {
- free(hs_proto);
hs_proto = NULL;
} else if (strcmp(hs_proto, "tcp") == 0) {
- free(hs_proto);
hs_proto = NULL;
home->proto = IPPROTO_TCP;
goto error;
}
- /*
- * Make sure that this is set.
- */
- if (home->src_ipaddr.af == AF_UNSPEC) {
- home->src_ipaddr.af = home->ipaddr.af;
- }
-
- free(hs_srcipaddr);
- hs_srcipaddr = NULL;
-
- if (rbtree_finddata(home_servers_byname, home) != NULL) {
- cf_log_err(cf_sectiontoitem(cs),
- "Duplicate home server name %s.", name2);
- goto error;
- }
-
- if (!home->server &&
- (rbtree_finddata(home_servers_byaddr, home) != NULL)) {
- cf_log_err(cf_sectiontoitem(cs),
- "Duplicate home server IP %s.", name2);
- goto error;
- }
-
- if (!rbtree_insert(home_servers_byname, home)) {
- cf_log_err(cf_sectiontoitem(cs),
- "Internal error %d adding home server %s.",
- __LINE__, name2);
- goto error;
- }
-
- if (!home->server &&
- !rbtree_insert(home_servers_byaddr, home)) {
- rbtree_deletebydata(home_servers_byname, home);
- cf_log_err(cf_sectiontoitem(cs),
- "Internal error %d adding home server %s.",
- __LINE__, name2);
+ if ( !realms_home_server_add( home, cs, dual))
goto error;
- }
-
-#ifdef WITH_STATS
- home->number = home_server_max_number++;
- if (!rbtree_insert(home_servers_bynumber, home)) {
- rbtree_deletebydata(home_servers_byname, home);
- if (home->ipaddr.af != AF_UNSPEC) {
- rbtree_deletebydata(home_servers_byname, home);
- }
- cf_log_err(cf_sectiontoitem(cs),
- "Internal error %d adding home server %s.",
- __LINE__, name2);
- goto error;
- }
-#endif
-
- if (home->max_outstanding < 8) home->max_outstanding = 8;
- if (home->max_outstanding > 65536*16) home->max_outstanding = 65536*16;
-
- if (home->ping_interval < 6) home->ping_interval = 6;
- if (home->ping_interval > 120) home->ping_interval = 120;
-
- if (home->response_window < 1) home->response_window = 1;
- if (home->response_window > 60) home->response_window = 60;
- if (home->response_window > mainconfig.max_request_time) home->response_window = mainconfig.max_request_time;
-
- if (home->zombie_period < 1) home->zombie_period = 1;
- if (home->zombie_period > 120) home->zombie_period = 120;
-
- if (home->zombie_period < home->response_window) {
- home->zombie_period = home->response_window;
- }
-
- if (home->num_pings_to_alive < 3) home->num_pings_to_alive = 3;
- if (home->num_pings_to_alive > 10) home->num_pings_to_alive = 10;
-
- if (home->ping_timeout < 3) home->ping_timeout = 3;
- if (home->ping_timeout > 10) home->ping_timeout = 10;
-
- if (home->revive_interval < 60) home->revive_interval = 60;
- if (home->revive_interval > 3600) home->revive_interval = 3600;
-
-#ifdef WITH_COA
- if (home->coa_irt < 1) home->coa_irt = 1;
- if (home->coa_irt > 5) home->coa_irt = 5;
-
- if (home->coa_mrc < 0) home->coa_mrc = 0;
- if (home->coa_mrc > 20 ) home->coa_mrc = 20;
-
- if (home->coa_mrt < 0) home->coa_mrt = 0;
- if (home->coa_mrt > 30 ) home->coa_mrt = 30;
-
- if (home->coa_mrd < 5) home->coa_mrd = 5;
- if (home->coa_mrd > 60 ) home->coa_mrd = 60;
-#endif
-
- if (home->limit.max_connections > 1024) home->limit.max_connections = 1024;
-
-#ifdef WITH_TCP
- /*
- * UDP sockets can't be connection limited.
- */
- if (home->proto != IPPROTO_TCP) home->limit.max_connections = 0;
-#endif
-
- if ((home->limit.idle_timeout > 0) && (home->limit.idle_timeout < 5))
- home->limit.idle_timeout = 5;
- if ((home->limit.lifetime > 0) && (home->limit.lifetime < 5))
- home->limit.lifetime = 5;
- if ((home->limit.lifetime > 0) && (home->limit.idle_timeout > home->limit.lifetime))
- home->limit.idle_timeout = 0;
-
- tls = cf_item_parent(cf_sectiontoitem(cs));
- if (strcmp(cf_section_name1(tls), "server") == 0) {
- home->parent_server = cf_section_name2(tls);
- }
-
- if (dual) {
- home_server *home2 = rad_malloc(sizeof(*home2));
-
- memcpy(home2, home, sizeof(*home2));
-
- home2->type = HOME_TYPE_ACCT;
- home2->port++;
- home2->ping_user_password = NULL;
- home2->cs = cs;
- home2->parent_server = home->parent_server;
-
- if (!rbtree_insert(home_servers_byname, home2)) {
- cf_log_err(cf_sectiontoitem(cs),
- "Internal error %d adding home server %s.",
- __LINE__, name2);
- free(home2);
- return 0;
- }
-
- if (!home->server &&
- !rbtree_insert(home_servers_byaddr, home2)) {
- rbtree_deletebydata(home_servers_byname, home2);
- cf_log_err(cf_sectiontoitem(cs),
- "Internal error %d adding home server %s.",
- __LINE__, name2);
- free(home2);
- return 0;
- }
-
-#ifdef WITH_STATS
- home2->number = home_server_max_number++;
- if (!rbtree_insert(home_servers_bynumber, home2)) {
- rbtree_deletebydata(home_servers_byname, home2);
- if (!home2->server) {
- rbtree_deletebydata(home_servers_byname, home2);
- }
- cf_log_err(cf_sectiontoitem(cs),
- "Internal error %d adding home server %s.",
- __LINE__, name2);
- free(home2);
- return 0;
- }
-#endif
- }
/*
* Mark it as already processed
}
+int realms_pool_add( home_pool_t *pool, UNUSED CONF_SECTION *cs)
+{
+ if (!rbtree_insert(home_pools_byname, pool)) {
+ rad_assert("Internal sanity check failed");
+ return 0;
+ }
+ return 1;
+}
+
+
static int server_pool_add(realm_config_t *rc,
CONF_SECTION *cs, int server_type, int do_print)
{
cf_log_info(cs, "\tfallback = %s", pool->fallback->name);
}
- if (!rbtree_insert(home_pools_byname, pool)) {
- rad_assert("Internal sanity check failed");
+ if (! realms_pool_add(pool, cs)) {
goto error;
}
#endif
+int realms_realm_add (REALM *r, CONF_SECTION *cs)
+{
+ #ifdef HAVE_REGEX_H
+ /*
+ * It's a regex. Add it to a separate list.
+ */
+ if (r->name[0] == '~') {
+ realm_regex_t *rr, **last;
+
+ rr = rad_malloc(sizeof(*rr));
+
+ last = &realms_regex;
+ while (*last) last = &((*last)->next); /* O(N^2)... sue me. */
+
+ rr->realm = r;
+ rr->next = NULL;
+
+ *last = rr;
+
+ return 1;
+ }
+#endif
+
+ if (!rbtree_insert(realms_byname, r)) {
+ rad_assert("Internal sanity check failed");
+ return 0;
+ }
+
+ return 1;
+}
+
+
static int realm_add(realm_config_t *rc, CONF_SECTION *cs)
{
const char *name2;
((cp = cf_pair_find(cs, "accthost")) != NULL) ||
((cp = cf_pair_find(cs, "secret")) != NULL) ||
((cp = cf_pair_find(cs, "ldflag")) != NULL)) {
- DEBUG2("WARNING: Ignoring old-style configuration entry \"%s\" in realm \"%s\"", cf_pair_attr(cp), r->name);
+ DEBUG2W("Ignoring old-style configuration entry \"%s\" in realm \"%s\"", cf_pair_attr(cp), r->name);
}
goto error;
}
-#ifdef HAVE_REGEX_H
- /*
- * It's a regex. Add it to a separate list.
- */
- if (name2[0] == '~') {
- realm_regex_t *rr, **last;
-
- rr = rad_malloc(sizeof(*rr));
-
- last = &realms_regex;
- while (*last) last = &((*last)->next); /* O(N^2)... sue me. */
-
- r->name = name2;
- rr->realm = r;
- rr->next = NULL;
-
- *last = rr;
+ if ( !realms_realm_add(r, cs))
+ goto error;
cf_log_info(cs, " }");
return 1;
- }
-#endif
-
- if (!rbtree_insert(realms_byname, r)) {
- rad_assert("Internal sanity check failed");
- goto error;
- }
-
- cf_log_info(cs, " }");
-
- return 1;
-
+
error:
cf_log_info(cs, " } # realm %s", name2);
free(r);
#ifdef WITH_PROXY
cs = cf_subsection_find_next(config, NULL, "proxy");
if (cs) {
- cf_section_parse(cs, rc, proxy_config);
+ if (cf_section_parse(cs, rc, proxy_config) < 0) {
+ radlog(L_ERR, "Failed parsing proxy section");
+
+ free(rc);
+ realms_free();
+ return 0;
+ }
} else {
rc->dead_time = DEAD_TIME;
rc->retry_count = RETRY_COUNT;
* module, and encapsulated into an EAP packet.
*/
if (!request->proxy) {
- if ((request->proxy = rad_alloc(TRUE)) == NULL) {
- radlog(L_ERR|L_CONS, "no memory");
+ request->proxy = rad_alloc(request, TRUE);
+ if (!request->proxy) {
+ radlog(L_ERR, "no memory");
exit(1);
}
request->home_server = home;
/*
- * We're supposed to add a Message-Authenticator
- * if it doesn't exist, and it doesn't exist.
+ * Access-Requests have a Message-Authenticator added,
+ * unless one already exists.
*/
- if (home->message_authenticator &&
- (request->packet->code == PW_AUTHENTICATION_REQUEST) &&
+ if ((request->packet->code == PW_AUTHENTICATION_REQUEST) &&
!pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY)) {
radius_pairmake(request, &request->proxy->vps,
"Message-Authenticator", "0x00",
if (!found && pool->fallback) {
found = pool->fallback;
- DEBUG("WARNING: Home server pool %s failing over to fallback %s",
+ DEBUGW("Home server pool %s failing over to fallback %s",
pool->name, found->server);
if (pool->in_fallback) goto update_and_return;