X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=lib%2Finclude%2Fradsec%2Fradsec-impl.h;h=0ecd631b86744e4961877bd066bf86b94d6bf5bf;hb=787ccb8ea4a0c384749338fb4665c790c42af665;hp=6e5ee836a713ea1530b53242f67f1727de39aa3a;hpb=e06796fe52596f417d74b3c3758ff0a321f67274;p=libradsec.git diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index 6e5ee83..0ecd631 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -1,10 +1,17 @@ /** @file libradsec-impl.h @brief Libraray internal header file for libradsec. */ -/* See the file COPYING for licensing information. */ +/* Copyright 2010-2013 NORDUnet A/S. All rights reserved. + See LICENSE for licensing information. */ + +#ifndef _RADSEC_RADSEC_IMPL_H_ +#define _RADSEC_RADSEC_IMPL_H_ 1 -#include #include +#include +#if defined(RS_ENABLE_TLS) +#include +#endif /* Constants. */ #define RS_HEADER_LEN 4 @@ -12,89 +19,123 @@ /* Data types. */ enum rs_cred_type { RS_CRED_NONE = 0, - RS_CRED_TLS_PSK_RSA, /* RFC 4279. */ + /* TLS pre-shared keys, RFC 4279. */ + RS_CRED_TLS_PSK, + /* RS_CRED_TLS_DH_PSK, */ + /* RS_CRED_TLS_RSA_PSK, */ }; typedef unsigned int rs_cred_type_t; -struct rs_packet; +enum rs_key_encoding { + RS_KEY_ENCODING_UTF8 = 1, + RS_KEY_ENCODING_ASCII_HEX = 2, +}; +typedef unsigned int rs_key_encoding_t; + +#if defined (__cplusplus) +extern "C" { +#endif struct rs_credentials { enum rs_cred_type type; char *identity; char *secret; + enum rs_key_encoding secret_encoding; + unsigned int secret_len; }; struct rs_error { int code; - char *msg; char buf[1024]; }; +/** Configuration object for a connection. */ struct rs_peer { struct rs_connection *conn; - struct evutil_addrinfo *addr; - int fd; /* Socket. */ - char is_connecting; /* FIXME: replace with a single state member */ - char is_connected; /* FIXME: replace with a single state member */ - char *secret; - int timeout; /* client only */ - int tries; /* client only */ + struct rs_realm *realm; + char *hostname; + char *service; + char *secret; /* RADIUS secret. */ + struct evutil_addrinfo *addr_cache; struct rs_peer *next; }; +/** Configuration object for a RADIUS realm. */ struct rs_realm { char *name; enum rs_conn_type type; + int timeout; + int retries; + char *cacertfile; + char *cacertpath; + char *certfile; + char *certkeyfile; + int disable_hostname_check; + struct rs_credentials *transport_cred; struct rs_peer *peers; struct rs_realm *next; }; -struct rs_context { +/** Top configuration object. */ +struct rs_config { struct rs_realm *realms; + cfg_t *cfg; +}; + +struct rs_context { + struct rs_config *config; struct rs_alloc_scheme alloc_scheme; struct rs_error *err; - fr_randctx fr_randctx; }; struct rs_connection { struct rs_context *ctx; - struct event_base *evb; - struct bufferevent *bev; - enum rs_conn_type type; - struct rs_credentials transport_credentials; + struct rs_realm *realm; /* Owned by ctx. */ + struct event_base *evb; /* Event base. */ + struct event *tev; /* Timeout event. */ struct rs_conn_callbacks callbacks; void *user_data; struct rs_peer *peers; struct rs_peer *active_peer; struct rs_error *err; - int nextid; - int user_dispatch_flag : 1; /* User does the dispatching. */ + struct timeval timeout; + char is_connecting; /* FIXME: replace with a single state member */ + char is_connected; /* FIXME: replace with a single state member */ + int fd; /* Socket. */ + int tryagain; /* For server failover. */ + int nextid; /* Next RADIUS packet identifier. */ + /* TCP transport specifics. */ + struct bufferevent *bev; /* Buffer event. */ + /* UDP transport specifics. */ + struct event *wev; /* Write event (for UDP). */ + struct event *rev; /* Read event (for UDP). */ + struct rs_packet *out_queue; /* Queue for outgoing UDP packets. */ +#if defined(RS_ENABLE_TLS) + /* TLS specifics. */ + SSL_CTX *tls_ctx; + SSL *tls_ssl; +#endif }; -struct rs_packet { - struct rs_connection *conn; - char hdr_read_flag; - uint8_t hdr[4]; - RADIUS_PACKET *rpkt; - struct rs_packet *original; +enum rs_packet_flags { + RS_PACKET_HEADER_READ, + RS_PACKET_RECEIVED, + RS_PACKET_SENT, }; -struct rs_attr { - struct rs_packet *pkt; - VALUE_PAIR *vp; -}; +struct radius_packet; -/* Nonpublic functions. */ -struct rs_error *_rs_resolv(struct evutil_addrinfo **addr, - rs_conn_type_t type, const char *hostname, - const char *service); -struct rs_peer *_rs_peer_create(struct rs_context *ctx, - struct rs_peer **rootp); -struct rs_error *_rs_err_create(unsigned int code, const char *file, - int line, const char *fmt, ...); -int _rs_err_conn_push_err(struct rs_connection *conn, - struct rs_error *err); +struct rs_packet { + struct rs_connection *conn; + unsigned int flags; + uint8_t hdr[RS_HEADER_LEN]; + struct radius_packet *rpkt; /* FreeRADIUS object. */ + struct rs_packet *next; /* Used for UDP output queue. */ +}; +#if defined (__cplusplus) +} +#endif /* Convenience macros. */ #define rs_calloc(h, nmemb, size) \ @@ -105,6 +146,10 @@ int _rs_err_conn_push_err(struct rs_connection *conn, (h->alloc_scheme.free ? h->alloc_scheme.free : free)(ptr) #define rs_realloc(h, realloc, ptr, size) \ (h->alloc_scheme.realloc ? h->alloc_scheme.realloc : realloc)(ptr, size) +#define min(a, b) ((a) < (b) ? (a) : (b)) +#define max(a, b) ((a) > (b) ? (a) : (b)) + +#endif /* _RADSEC_RADSEC_IMPL_H_ */ /* Local Variables: */ /* c-file-style: "stroustrup" */