X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.h;h=0b2aebed128a02ee6c05dd78b73f3dc959ba02d0;hb=refs%2Fheads%2Fpthread_create_attr;hp=5ee7a57516ccc23e3ebf59d991d3db1277a50b99;hpb=230b3daa9734ba0c62f24e606137a3bdbc8ec340;p=radsecproxy.git

diff --git a/radsecproxy.h b/radsecproxy.h
index 5ee7a57..0b2aebe 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -1,84 +1,99 @@
-/*
- * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- */
+/* Copyright (c) 2007-2009, UNINETT AS
+ * Copyright (c) 2010-2012, NORDUnet A/S */
+/* See LICENSE for licensing information. */
 
-#define DEBUG_LEVEL 3
+#include <sys/time.h>
+#include <stdint.h>
+#include <pthread.h>
+#include <regex.h>
+#include "list.h"
+#include "tlv11.h"
+#include "radmsg.h"
+#include "gconfig.h"
 
-#define CONFIG_MAIN "/etc/radsecproxy.conf"
+#define DEBUG_LEVEL 2
+
+#define CONFIG_MAIN SYSCONFDIR"/radsecproxy.conf"
 
 /* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
 #define MAX_REQUESTS 256
 #define REQUEST_RETRY_INTERVAL 5
 #define REQUEST_RETRY_COUNT 2
+#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
 #define MAX_CERT_DEPTH 5
 #define STATUS_SERVER_PERIOD 25
 #define IDLE_TIMEOUT 300
-#define RAD_Access_Request 1
-#define RAD_Access_Accept 2
-#define RAD_Access_Reject 3
-#define RAD_Accounting_Request 4
-#define RAD_Accounting_Response 5
-#define RAD_Access_Challenge 11
-#define RAD_Status_Server 12
-#define RAD_Status_Client 13
+#define PTHREAD_STACK_SIZE 32768
+
+/* 27262 is vendor DANTE Ltd. */
+#define DEFAULT_TTL_ATTR "27262:1"
 
 #define RAD_UDP 0
 #define RAD_TLS 1
 #define RAD_TCP 2
 #define RAD_DTLS 3
+#define RAD_PROTOCOUNT 4
 
-#define RAD_Attr_User_Name 1
-#define RAD_Attr_User_Password 2
-#define RAD_Attr_Reply_Message 18
-#define RAD_Attr_Vendor_Specific 26
-#define RAD_Attr_Calling_Station_Id 31
-#define RAD_Attr_Tunnel_Password 69
-#define RAD_Attr_Message_Authenticator 80
+enum rsp_fticks_reporting_type {
+    RSP_FTICKS_REPORTING_NONE = 0, /* Default.  */
+    RSP_FTICKS_REPORTING_BASIC,
+    RSP_FTICKS_REPORTING_FULL
+};
 
-#define RAD_VS_ATTR_MS_MPPE_Send_Key 16
-#define RAD_VS_ATTR_MS_MPPE_Recv_Key 17
+enum rsp_fticks_mac_type {
+    RSP_FTICKS_MAC_STATIC = 0,
+    RSP_FTICKS_MAC_ORIGINAL,
+    RSP_FTICKS_MAC_VENDOR_HASHED,
+    RSP_FTICKS_MAC_VENDOR_KEY_HASHED, /* Default.  */
+    RSP_FTICKS_MAC_FULLY_HASHED,
+    RSP_FTICKS_MAC_FULLY_KEY_HASHED
+};
 
 struct options {
-    char **listenudp;
-    char **listentcp;
-    char **listentls;
-    char **listendtls;
-    char **listenaccudp;
-    char *sourceudp;
-    char *sourcetcp;
-    char *sourcetls;
-    char *sourcedtls;
+    char *pidfile;
     char *logdestination;
+    char *ftickssyslogfacility;
+    char *ttlattr;
+    uint32_t ttlattrtype[2];
+    uint8_t addttl;
     uint8_t loglevel;
     uint8_t loopprevention;
+    enum rsp_fticks_reporting_type fticks_reporting;
+    enum rsp_fticks_mac_type fticks_mac;
+    uint8_t *fticks_key;
+    uint8_t ipv4only;
+    uint8_t ipv6only;
+};
+
+struct commonprotoopts {
+    char **listenargs;
+    char *sourcearg;
 };
 
-/* requests that our client will send */
 struct request {
-    unsigned char *buf;
-    uint8_t tries;
-    uint8_t received;
-    struct timeval expiry;
+    struct timeval created;
+    uint32_t refcount;
+    uint8_t *buf, *replybuf;
+    struct radmsg *msg;
     struct client *from;
+    struct server *to;
     char *origusername;
-    uint8_t origid; /* used by servwr */
-    char origauth[16]; /* used by servwr */
-    struct sockaddr_storage fromsa; /* used by udpservwr */
-    int fromudpsock; /* used by udpservwr */
+    uint8_t rqid;
+    uint8_t rqauth[16];
+    uint8_t newid;
+    int udpsock; /* only for UDP */
+    uint16_t udpport; /* only for UDP */
 };
 
-/* replies that a server will send */
-struct reply {
-    unsigned char *buf;
-    struct sockaddr_storage tosa; /* used by udpservwr */
-    int toudpsock; /* used by udpservwr */
+/* requests that our client will send */
+struct rqout {
+    pthread_mutex_t *lock;
+    struct request *rq;
+    uint8_t tries;
+    struct timeval expiry;
 };
 
-struct queue {
+struct gqueue {
     struct list *entries;
     pthread_mutex_t mutex;
     pthread_cond_t cond;
@@ -88,37 +103,48 @@ struct clsrvconf {
     char *name;
     uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
     const struct protodefs *pdef;
-    char *host;
-    char *port;
+    char **hostsrc;
+    int hostaf;
+    char *portsrc;
+    struct list *hostports;
     char *secret;
     char *tls;
     char *matchcertattr;
     regex_t *certcnregex;
     regex_t *certuriregex;
-    char *confrewrite;
-    char *rewriteattr;
-    regex_t *rewriteattrregex;
-    char *rewriteattrreplacement;
+    char *confrewritein;
+    char *confrewriteout;
+    char *confrewriteusername;
+    struct modattr *rewriteusername;
     char *dynamiclookupcommand;
     uint8_t statusserver;
     uint8_t retryinterval;
     uint8_t retrycount;
+    uint8_t dupinterval;
     uint8_t certnamecheck;
-    SSL_CTX *ssl_ctx;
-    struct rewrite *rewrite;
-    struct addrinfo *addrinfo;
-    uint8_t prefixlen;
+    uint8_t addttl;
+    uint8_t loopprevention;
+    struct rewrite *rewritein;
+    struct rewrite *rewriteout;
+    pthread_mutex_t *lock; /* only used for updating clients so far */
+    struct tls *tlsconf;
     struct list *clients;
     struct server *servers;
+    char *fticks_viscountry;
+    char *fticks_visinst;
 };
 
+#include "tlscommon.h"
+
 struct client {
     struct clsrvconf *conf;
-    int sock; /* for tcp/dtls */
+    int sock;
     SSL *ssl;
-    struct queue *replyq;
-    struct queue *rbios; /* for dtls */
-    struct sockaddr_storage addr; /* for dtls */
+    struct request *rqs[MAX_REQUESTS];
+    struct gqueue *replyq;
+    struct gqueue *rbios; /* for dtls */
+    struct sockaddr *addr;
+    time_t expiry; /* for udp */
 };
 
 struct server {
@@ -132,14 +158,19 @@ struct server {
     struct timeval lastreply;
     uint8_t connectionok;
     uint8_t lostrqs;
+    uint8_t dynstartup;
+    uint8_t dynfailing;
+#if defined ENABLE_EXPERIMENTAL_DYNDISC
+    uint8_t in_use;
+#endif
     char *dynamiclookuparg;
     int nextid;
     struct timeval lastrcv;
-    struct request *requests;
+    struct rqout *requests;
     uint8_t newrq;
     pthread_mutex_t newrq_mutex;
     pthread_cond_t newrq_cond;
-    struct queue *rbios; /* for dtls */
+    struct gqueue *rbios; /* for dtls */
 };
 
 struct realm {
@@ -147,48 +178,47 @@ struct realm {
     char *message;
     uint8_t accresp;
     regex_t regex;
-    pthread_mutex_t subrealms_mutex;
+    uint32_t refcount;
+    pthread_mutex_t mutex;
+    struct realm *parent;
     struct list *subrealms;
     struct list *srvconfs;
     struct list *accsrvconfs;
 };
 
-struct tls {
-    char *name;
-    char *cacertfile;
-    char *cacertpath;
-    char *certfile;
-    char *certkeyfile;
-    char *certkeypwd;
-    uint8_t crlcheck;
-    SSL_CTX *tlsctx;
-    SSL_CTX *dtlsctx;
+struct modattr {
+    uint8_t t;
+    char *replacement;
+    regex_t *regex;
 };
 
 struct rewrite {
     uint8_t *removeattrs;
     uint32_t *removevendorattrs;
-};
-
-struct rewriteconf {
-    char *name;
-    struct rewrite *rewrite;
+    struct list *addattrs;
+    struct list *modattrs;
 };
 
 struct protodefs {
     char *name;
     char *secretdefault;
-    uint8_t socktype;
+    int socktype;
     char *portdefault;
     uint8_t retrycountdefault;
     uint8_t retrycountmax;
     uint8_t retryintervaldefault;
     uint8_t retryintervalmax;
+    uint8_t duplicateintervaldefault;
+    void (*setprotoopts)(struct commonprotoopts *);
+    char **(*getlistenerargs)();
     void *(*listener)(void*);
-    char **srcaddrport;
     int (*connecter)(struct server *, struct timeval *, int, char *);
-    void *(*clientreader)(void*);
+    void *(*clientconnreader)(void*);
     int (*clientradput)(struct server *, unsigned char *);
+    void (*addclient)(struct client *);
+    void (*addserverextra)(struct clsrvconf *);
+    void (*setsrcres)();
+    void (*initextra)();
 };
 
 #define RADLEN(x) ntohs(((uint16_t *)(x))[1])
@@ -198,16 +228,22 @@ struct protodefs {
 #define ATTRVAL(x) ((x) + 2)
 #define ATTRVALLEN(x) ((x)[1] - 2)
 
-#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \
-                            sizeof(struct sockaddr_in) : \
-                            sizeof(struct sockaddr_in6))
-
 struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
 struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
-struct client *addclient(struct clsrvconf *conf);
+struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
+struct client *addclient(struct clsrvconf *conf, uint8_t lock);
+void removelockedclient(struct client *client);
 void removeclient(struct client *client);
-void removeclientrqs(struct client *client);
+struct gqueue *newqueue();
+void freebios(struct gqueue *q);
+struct request *newrequest();
+void freerq(struct request *rq);
 int radsrv(struct request *rq);
-X509 *verifytlscert(SSL *ssl);
-int verifyconfcert(X509 *cert, struct clsrvconf *conf);
-int replyh(struct server *server, unsigned char *buf);
+void replyh(struct server *server, unsigned char *buf);
+struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
+uint8_t *radattr2ascii(struct tlv *attr);
+pthread_attr_t pthread_attr;
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */