X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.h;h=09b5d6e25685db2b9c5eb1a4c8bbf28a84d15b34;hb=e6b234bb547479f8862badeee58d1b1415a2439d;hp=c2e94258e56fe7f4eeef29cac13897f521664d99;hpb=39692c605e2f1c37efd38f675abdd22ac503b382;p=radsecproxy.git diff --git a/radsecproxy.h b/radsecproxy.h index c2e9425..09b5d6e 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -1,12 +1,16 @@ /* - * Copyright (C) 2006-2008 Stig Venaas + * Copyright (C) 2006-2009 Stig Venaas * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. */ -#define DEBUG_LEVEL 3 +#include "tlv11.h" +#include "radmsg.h" +#include "gconfig.h" + +#define DEBUG_LEVEL 2 #define CONFIG_MAIN "/etc/radsecproxy.conf" @@ -14,71 +18,58 @@ #define MAX_REQUESTS 256 #define REQUEST_RETRY_INTERVAL 5 #define REQUEST_RETRY_COUNT 2 +#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT #define MAX_CERT_DEPTH 5 #define STATUS_SERVER_PERIOD 25 #define IDLE_TIMEOUT 300 -#define RAD_Access_Request 1 -#define RAD_Access_Accept 2 -#define RAD_Access_Reject 3 -#define RAD_Accounting_Request 4 -#define RAD_Accounting_Response 5 -#define RAD_Access_Challenge 11 -#define RAD_Status_Server 12 -#define RAD_Status_Client 13 + +/* 27262 is vendor DANTE Ltd. */ +#define DEFAULT_TTL_ATTR "27262:1" #define RAD_UDP 0 #define RAD_TLS 1 #define RAD_TCP 2 #define RAD_DTLS 3 - -#define RAD_Attr_User_Name 1 -#define RAD_Attr_User_Password 2 -#define RAD_Attr_Reply_Message 18 -#define RAD_Attr_Vendor_Specific 26 -#define RAD_Attr_Calling_Station_Id 31 -#define RAD_Attr_Tunnel_Password 69 -#define RAD_Attr_Message_Authenticator 80 - -#define RAD_VS_ATTR_MS_MPPE_Send_Key 16 -#define RAD_VS_ATTR_MS_MPPE_Recv_Key 17 +#define RAD_PROTOCOUNT 4 struct options { - char **listenudp; - char **listentcp; - char **listentls; - char **listendtls; - char **listenaccudp; - char *sourceudp; - char *sourcetcp; - char *sourcetls; - char *sourcedtls; char *logdestination; + char *ttlattr; + uint32_t ttlattrtype[2]; + uint8_t addttl; uint8_t loglevel; uint8_t loopprevention; }; -/* requests that our client will send */ +struct commonprotoopts { + char **listenargs; + char *sourcearg; +}; + struct request { - unsigned char *buf; - uint8_t tries; - uint8_t received; - struct timeval expiry; + struct timeval created; + uint32_t refcount; + uint8_t *buf, *replybuf; + struct radmsg *msg; struct client *from; + struct server *to; char *origusername; - uint8_t origid; /* used by servwr */ - char origauth[16]; /* used by servwr */ - struct sockaddr_storage fromsa; /* used by udpservwr */ - int fromudpsock; /* used by udpservwr */ + uint8_t rqid; + uint8_t rqauth[16]; + uint8_t newid; + int udpsock; /* only for UDP */ + uint16_t udpport; /* only for UDP */ }; -/* replies that a server will send */ -struct reply { - unsigned char *buf; - struct sockaddr_storage tosa; /* used by udpservwr */ - int toudpsock; /* used by udpservwr */ +/* requests that our client will send */ +struct rqout { + pthread_mutex_t *lock; + struct request *rq; + uint8_t tries; + struct timeval expiry; }; -struct queue { +struct gqueue { struct list *entries; pthread_mutex_t mutex; pthread_cond_t cond; @@ -88,37 +79,45 @@ struct clsrvconf { char *name; uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */ const struct protodefs *pdef; - char *host; - char *port; + char **hostsrc; + char *portsrc; + struct list *hostports; char *secret; char *tls; char *matchcertattr; regex_t *certcnregex; regex_t *certuriregex; - char *confrewrite; - char *rewriteattr; - regex_t *rewriteattrregex; - char *rewriteattrreplacement; + char *confrewritein; + char *confrewriteout; + char *confrewriteusername; + struct modattr *rewriteusername; char *dynamiclookupcommand; uint8_t statusserver; uint8_t retryinterval; uint8_t retrycount; + uint8_t dupinterval; uint8_t certnamecheck; - SSL_CTX *ssl_ctx; - struct rewrite *rewrite; - struct addrinfo *addrinfo; - uint8_t prefixlen; + uint8_t addttl; + uint8_t loopprevention; + struct rewrite *rewritein; + struct rewrite *rewriteout; + pthread_mutex_t *lock; /* only used for updating clients so far */ + struct tls *tlsconf; struct list *clients; struct server *servers; }; +#include "rsp_tlscommon.h" + struct client { struct clsrvconf *conf; - int sock; /* for tcp/dtls */ + int sock; SSL *ssl; - struct queue *replyq; - struct queue *rbios; /* for dtls */ - struct sockaddr_storage addr; /* for dtls */ + struct request *rqs[MAX_REQUESTS]; + struct gqueue *replyq; + struct gqueue *rbios; /* for dtls */ + struct sockaddr *addr; + time_t expiry; /* for udp */ }; struct server { @@ -132,14 +131,15 @@ struct server { struct timeval lastreply; uint8_t connectionok; uint8_t lostrqs; + uint8_t dynstartup; char *dynamiclookuparg; int nextid; struct timeval lastrcv; - struct request *requests; + struct rqout *requests; uint8_t newrq; pthread_mutex_t newrq_mutex; pthread_cond_t newrq_cond; - struct queue *rbios; /* for dtls */ + struct gqueue *rbios; /* for dtls */ }; struct realm { @@ -147,48 +147,47 @@ struct realm { char *message; uint8_t accresp; regex_t regex; - pthread_mutex_t subrealms_mutex; + uint32_t refcount; + pthread_mutex_t mutex; + struct realm *parent; struct list *subrealms; struct list *srvconfs; struct list *accsrvconfs; }; -struct tls { - char *name; - char *cacertfile; - char *cacertpath; - char *certfile; - char *certkeyfile; - char *certkeypwd; - uint8_t crlcheck; - SSL_CTX *tlsctx; - SSL_CTX *dtlsctx; +struct modattr { + uint8_t t; + char *replacement; + regex_t *regex; }; struct rewrite { uint8_t *removeattrs; uint32_t *removevendorattrs; -}; - -struct rewriteconf { - char *name; - struct rewrite *rewrite; + struct list *addattrs; + struct list *modattrs; }; struct protodefs { char *name; char *secretdefault; - uint8_t socktype; + int socktype; char *portdefault; uint8_t retrycountdefault; uint8_t retrycountmax; uint8_t retryintervaldefault; uint8_t retryintervalmax; + uint8_t duplicateintervaldefault; + void (*setprotoopts)(struct commonprotoopts *); + char **(*getlistenerargs)(); void *(*listener)(void*); - char **srcaddrport; int (*connecter)(struct server *, struct timeval *, int, char *); - void *(*clientreader)(void*); + void *(*clientconnreader)(void*); int (*clientradput)(struct server *, unsigned char *); + void (*addclient)(struct client *); + void (*addserverextra)(struct clsrvconf *); + void (*setsrcres)(); + void (*initextra)(); }; #define RADLEN(x) ntohs(((uint16_t *)(x))[1]) @@ -198,18 +197,20 @@ struct protodefs { #define ATTRVAL(x) ((x) + 2) #define ATTRVALLEN(x) ((x)[1] - 2) -#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \ - sizeof(struct sockaddr_in) : \ - sizeof(struct sockaddr_in6)) - -struct addrinfo *getsrcprotores(uint8_t type); struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); -struct client *addclient(struct clsrvconf *conf); +struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur); +struct client *addclient(struct clsrvconf *conf, uint8_t lock); +void removelockedclient(struct client *client); void removeclient(struct client *client); -void removeclientrqs(struct client *client); +struct gqueue *newqueue(); +void freebios(struct gqueue *q); +struct request *newrequest(); +void freerq(struct request *rq); int radsrv(struct request *rq); -X509 *verifytlscert(SSL *ssl); -int verifyconfcert(X509 *cert, struct clsrvconf *conf); -int replyh(struct server *server, unsigned char *buf); -int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src); +void replyh(struct server *server, unsigned char *buf); +struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */