X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.h;h=09b5d6e25685db2b9c5eb1a4c8bbf28a84d15b34;hb=d4f20d38dc7b65a5d3e7fffa40c5333fdc656584;hp=8ab3455e4d5217b7606e79cc65d6de5d114538bf;hpb=3837212a51ac4ae4c6a76ee91c9301add8d18ee5;p=radsecproxy.git diff --git a/radsecproxy.h b/radsecproxy.h index 8ab3455..09b5d6e 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -1,125 +1,216 @@ /* - * Copyright (C) 2006 Stig Venaas + * Copyright (C) 2006-2009 Stig Venaas * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. */ -#define RADLEN(x) ntohs(((uint16_t *)(x))[1]) - -#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \ - sizeof(struct sockaddr_in) : \ - sizeof(struct sockaddr_in6)) +#include "tlv11.h" +#include "radmsg.h" +#include "gconfig.h" -#define DEBUG_LEVEL DBG_INFO +#define DEBUG_LEVEL 2 -#define CONFIG_MAIN "/etc/radsecproxy/radsecproxy.conf" -#define CONFIG_SERVERS "/etc/radsecproxy/servers.conf" -#define CONFIG_CLIENTS "/etc/radsecproxy/clients.conf" +#define CONFIG_MAIN "/etc/radsecproxy.conf" /* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */ #define MAX_REQUESTS 256 -#define DEFAULT_TLS_SECRET "mysecret" -#define DEFAULT_UDP_PORT "1812" -#define DEFAULT_TLS_PORT "2083" -#define REQUEST_EXPIRY 20 -#define REQUEST_RETRIES 3 +#define REQUEST_RETRY_INTERVAL 5 +#define REQUEST_RETRY_COUNT 2 +#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT #define MAX_CERT_DEPTH 5 #define STATUS_SERVER_PERIOD 25 -#define RAD_Access_Request 1 -#define RAD_Access_Accept 2 -#define RAD_Access_Reject 3 -#define RAD_Accounting_Request 4 -#define RAD_Accounting_Response 5 -#define RAD_Access_Challenge 11 -#define RAD_Status_Server 12 -#define RAD_Status_Client 13 - -#define RAD_Attr_User_Name 1 -#define RAD_Attr_User_Password 2 -#define RAD_Attr_Vendor_Specific 26 -#define RAD_Attr_Tunnel_Password 69 -#define RAD_Attr_Message_Authenticator 80 - -#define RAD_VS_ATTR_MS_MPPE_Send_Key 16 -#define RAD_VS_ATTR_MS_MPPE_Recv_Key 17 - -#define RAD_Attr_Type 0 -#define RAD_Attr_Length 1 -#define RAD_Attr_Value 2 +#define IDLE_TIMEOUT 300 + +/* 27262 is vendor DANTE Ltd. */ +#define DEFAULT_TTL_ATTR "27262:1" + +#define RAD_UDP 0 +#define RAD_TLS 1 +#define RAD_TCP 2 +#define RAD_DTLS 3 +#define RAD_PROTOCOUNT 4 struct options { - char *tlscacertificatefile; - char *tlscacertificatepath; - char *tlscertificatefile; - char *tlscertificatekeyfile; - char *tlscertificatekeypassword; - char *listenudp; - char *listentcp; - uint8_t statusserver; + char *logdestination; + char *ttlattr; + uint32_t ttlattrtype[2]; + uint8_t addttl; + uint8_t loglevel; + uint8_t loopprevention; +}; + +struct commonprotoopts { + char **listenargs; + char *sourcearg; }; -/* requests that our client will send */ struct request { - unsigned char *buf; - uint8_t tries; - uint8_t received; - struct timeval expiry; + struct timeval created; + uint32_t refcount; + uint8_t *buf, *replybuf; + struct radmsg *msg; struct client *from; - unsigned char *messageauthattrval; - uint8_t origid; /* used by servwr */ - char origauth[16]; /* used by servwr */ - struct sockaddr_storage fromsa; /* used by udpservwr */ + struct server *to; + char *origusername; + uint8_t rqid; + uint8_t rqauth[16]; + uint8_t newid; + int udpsock; /* only for UDP */ + uint16_t udpport; /* only for UDP */ }; -/* replies that a server will send */ -struct reply { - unsigned char *buf; - struct sockaddr_storage tosa; /* used by udpservwr */ +/* requests that our client will send */ +struct rqout { + pthread_mutex_t *lock; + struct request *rq; + uint8_t tries; + struct timeval expiry; }; -struct replyq { - struct reply *replies; - int count; - int size; - pthread_mutex_t count_mutex; - pthread_cond_t count_cond; +struct gqueue { + struct list *entries; + pthread_mutex_t mutex; + pthread_cond_t cond; }; -struct peer { - char type; /* U for UDP, T for TLS */ - char *host; - char *port; +struct clsrvconf { + char *name; + uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */ + const struct protodefs *pdef; + char **hostsrc; + char *portsrc; + struct list *hostports; char *secret; - SSL *ssl; - struct addrinfo *addrinfo; + char *tls; + char *matchcertattr; + regex_t *certcnregex; + regex_t *certuriregex; + char *confrewritein; + char *confrewriteout; + char *confrewriteusername; + struct modattr *rewriteusername; + char *dynamiclookupcommand; + uint8_t statusserver; + uint8_t retryinterval; + uint8_t retrycount; + uint8_t dupinterval; + uint8_t certnamecheck; + uint8_t addttl; + uint8_t loopprevention; + struct rewrite *rewritein; + struct rewrite *rewriteout; + pthread_mutex_t *lock; /* only used for updating clients so far */ + struct tls *tlsconf; + struct list *clients; + struct server *servers; }; +#include "rsp_tlscommon.h" + struct client { - struct peer peer; - struct replyq *replyq; + struct clsrvconf *conf; + int sock; + SSL *ssl; + struct request *rqs[MAX_REQUESTS]; + struct gqueue *replyq; + struct gqueue *rbios; /* for dtls */ + struct sockaddr *addr; + time_t expiry; /* for udp */ }; struct server { - struct peer peer; - char *realmdata; - char **realms; + struct clsrvconf *conf; int sock; + SSL *ssl; pthread_mutex_t lock; pthread_t clientth; + uint8_t clientrdgone; struct timeval lastconnecttry; + struct timeval lastreply; uint8_t connectionok; + uint8_t lostrqs; + uint8_t dynstartup; + char *dynamiclookuparg; int nextid; - struct request *requests; + struct timeval lastrcv; + struct rqout *requests; uint8_t newrq; pthread_mutex_t newrq_mutex; pthread_cond_t newrq_cond; + struct gqueue *rbios; /* for dtls */ +}; + +struct realm { + char *name; + char *message; + uint8_t accresp; + regex_t regex; + uint32_t refcount; + pthread_mutex_t mutex; + struct realm *parent; + struct list *subrealms; + struct list *srvconfs; + struct list *accsrvconfs; +}; + +struct modattr { + uint8_t t; + char *replacement; + regex_t *regex; +}; + +struct rewrite { + uint8_t *removeattrs; + uint32_t *removevendorattrs; + struct list *addattrs; + struct list *modattrs; }; -void errx(char *format, ...); -void err(char *format, ...); -char *stringcopy(char *s, int len); -char *addr2string(struct sockaddr *addr, socklen_t len); -int bindport(int type, char *port); -int connectport(int type, char *host, char *port); +struct protodefs { + char *name; + char *secretdefault; + int socktype; + char *portdefault; + uint8_t retrycountdefault; + uint8_t retrycountmax; + uint8_t retryintervaldefault; + uint8_t retryintervalmax; + uint8_t duplicateintervaldefault; + void (*setprotoopts)(struct commonprotoopts *); + char **(*getlistenerargs)(); + void *(*listener)(void*); + int (*connecter)(struct server *, struct timeval *, int, char *); + void *(*clientconnreader)(void*); + int (*clientradput)(struct server *, unsigned char *); + void (*addclient)(struct client *); + void (*addserverextra)(struct clsrvconf *); + void (*setsrcres)(); + void (*initextra)(); +}; + +#define RADLEN(x) ntohs(((uint16_t *)(x))[1]) + +#define ATTRTYPE(x) ((x)[0]) +#define ATTRLEN(x) ((x)[1]) +#define ATTRVAL(x) ((x) + 2) +#define ATTRVALLEN(x) ((x)[1] - 2) + +struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); +struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); +struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur); +struct client *addclient(struct clsrvconf *conf, uint8_t lock); +void removelockedclient(struct client *client); +void removeclient(struct client *client); +struct gqueue *newqueue(); +void freebios(struct gqueue *q); +struct request *newrequest(); +void freerq(struct request *rq); +int radsrv(struct request *rq); +void replyh(struct server *server, unsigned char *buf); +struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */