X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.h;h=bbb9b588a79bfadb44fe8acc55f37d612384324c;hb=refs%2Fheads%2Fmaint-1.6;hp=84780c4de63df81dd9a6fbcf8cc1d8c537bded65;hpb=faf8717dcbc9c2e3ed1892402133b6c9663a5e7d;p=libradsec.git

diff --git a/radsecproxy.h b/radsecproxy.h
index 84780c4..bbb9b58 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -1,65 +1,104 @@
 /*
- * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
+ * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no>
+ * Copyright (C) 2010,2011,2012 NORDUnet A/S
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  */
 
-#define DEBUG_LEVEL 3
+#include <sys/time.h>
+#include <stdint.h>
+#include <pthread.h>
+#include <regex.h>
+#include "list.h"
+#include "tlv11.h"
+#include "radmsg.h"
+#include "gconfig.h"
 
-#define CONFIG_MAIN "/etc/radsecproxy.conf"
+#define DEBUG_LEVEL 2
+
+#define CONFIG_MAIN SYSCONFDIR"/radsecproxy.conf"
 
 /* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
 #define MAX_REQUESTS 256
 #define REQUEST_RETRY_INTERVAL 5
 #define REQUEST_RETRY_COUNT 2
+#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
 #define MAX_CERT_DEPTH 5
 #define STATUS_SERVER_PERIOD 25
 #define IDLE_TIMEOUT 300
+#define PTHREAD_STACK_SIZE 32768
+
+/* 27262 is vendor DANTE Ltd. */
+#define DEFAULT_TTL_ATTR "27262:1"
 
 #define RAD_UDP 0
 #define RAD_TLS 1
 #define RAD_TCP 2
 #define RAD_DTLS 3
+#define RAD_PROTOCOUNT 4
+
+enum rsp_fticks_reporting_type {
+    RSP_FTICKS_REPORTING_NONE = 0, /* Default.  */
+    RSP_FTICKS_REPORTING_BASIC,
+    RSP_FTICKS_REPORTING_FULL
+};
+
+enum rsp_fticks_mac_type {
+    RSP_FTICKS_MAC_STATIC = 0,
+    RSP_FTICKS_MAC_ORIGINAL,
+    RSP_FTICKS_MAC_VENDOR_HASHED,
+    RSP_FTICKS_MAC_VENDOR_KEY_HASHED, /* Default.  */
+    RSP_FTICKS_MAC_FULLY_HASHED,
+    RSP_FTICKS_MAC_FULLY_KEY_HASHED
+};
 
 struct options {
-    char **listenudp;
-    char **listentcp;
-    char **listentls;
-    char **listendtls;
-    char **listenaccudp;
-    char *sourceudp;
-    char *sourcetcp;
-    char *sourcetls;
-    char *sourcedtls;
+    char *pidfile;
     char *logdestination;
+    char *ftickssyslogfacility;
+    char *ttlattr;
+    uint32_t ttlattrtype[2];
+    uint8_t addttl;
     uint8_t loglevel;
     uint8_t loopprevention;
+    enum rsp_fticks_reporting_type fticks_reporting;
+    enum rsp_fticks_mac_type fticks_mac;
+    uint8_t *fticks_key;
+    uint8_t ipv4only;
+    uint8_t ipv6only;
+};
+
+struct commonprotoopts {
+    char **listenargs;
+    char *sourcearg;
 };
 
-/* requests that our client will send */
 struct request {
-    unsigned char *buf;
-    uint8_t tries;
-    uint8_t received;
-    struct timeval expiry;
+    struct timeval created;
+    uint32_t refcount;
+    uint8_t *buf, *replybuf;
+    struct radmsg *msg;
     struct client *from;
+    struct server *to;
     char *origusername;
-    uint8_t origid; /* used by servwr */
-    char origauth[16]; /* used by servwr */
-    struct sockaddr_storage fromsa; /* used by udpservwr */
-    int fromudpsock; /* used by udpservwr */
+    uint8_t rqid;
+    uint8_t rqauth[16];
+    uint8_t newid;
+    int udpsock; /* only for UDP */
+    uint16_t udpport; /* only for UDP */
 };
 
-/* replies that a server will send */
-struct reply {
-    unsigned char *buf;
-    struct sockaddr_storage tosa; /* used by udpservwr */
-    int toudpsock; /* used by udpservwr */
+/* requests that our client will send */
+struct rqout {
+    pthread_mutex_t *lock;
+    struct request *rq;
+    uint8_t tries;
+    struct timeval expiry;
 };
 
-struct queue {
+struct gqueue {
     struct list *entries;
     pthread_mutex_t mutex;
     pthread_cond_t cond;
@@ -69,8 +108,10 @@ struct clsrvconf {
     char *name;
     uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
     const struct protodefs *pdef;
-    char *host;
-    char *port;
+    char **hostsrc;
+    int hostaf;
+    char *portsrc;
+    struct list *hostports;
     char *secret;
     char *tls;
     char *matchcertattr;
@@ -84,23 +125,31 @@ struct clsrvconf {
     uint8_t statusserver;
     uint8_t retryinterval;
     uint8_t retrycount;
+    uint8_t dupinterval;
     uint8_t certnamecheck;
-    SSL_CTX *ssl_ctx;
+    uint8_t addttl;
+    uint8_t loopprevention;
     struct rewrite *rewritein;
     struct rewrite *rewriteout;
-    struct addrinfo *addrinfo;
-    uint8_t prefixlen;
+    pthread_mutex_t *lock; /* only used for updating clients so far */
+    struct tls *tlsconf;
     struct list *clients;
     struct server *servers;
+    char *fticks_viscountry;
+    char *fticks_visinst;
 };
 
+#include "tlscommon.h"
+
 struct client {
     struct clsrvconf *conf;
-    int sock; /* for tcp/dtls */
+    int sock;
     SSL *ssl;
-    struct queue *replyq;
-    struct queue *rbios; /* for dtls */
-    struct sockaddr_storage addr; /* for dtls */
+    struct request *rqs[MAX_REQUESTS];
+    struct gqueue *replyq;
+    struct gqueue *rbios; /* for dtls */
+    struct sockaddr *addr;
+    time_t expiry; /* for udp */
 };
 
 struct server {
@@ -114,14 +163,19 @@ struct server {
     struct timeval lastreply;
     uint8_t connectionok;
     uint8_t lostrqs;
+    uint8_t dynstartup;
+    uint8_t dynfailing;
+#if defined ENABLE_EXPERIMENTAL_DYNDISC
+    uint8_t in_use;
+#endif
     char *dynamiclookuparg;
     int nextid;
     struct timeval lastrcv;
-    struct request *requests;
+    struct rqout *requests;
     uint8_t newrq;
     pthread_mutex_t newrq_mutex;
     pthread_cond_t newrq_cond;
-    struct queue *rbios; /* for dtls */
+    struct gqueue *rbios; /* for dtls */
 };
 
 struct realm {
@@ -129,24 +183,14 @@ struct realm {
     char *message;
     uint8_t accresp;
     regex_t regex;
-    pthread_mutex_t subrealms_mutex;
+    uint32_t refcount;
+    pthread_mutex_t mutex;
+    struct realm *parent;
     struct list *subrealms;
     struct list *srvconfs;
     struct list *accsrvconfs;
 };
 
-struct tls {
-    char *name;
-    char *cacertfile;
-    char *cacertpath;
-    char *certfile;
-    char *certkeyfile;
-    char *certkeypwd;
-    uint8_t crlcheck;
-    SSL_CTX *tlsctx;
-    SSL_CTX *dtlsctx;
-};
-
 struct modattr {
     uint8_t t;
     char *replacement;
@@ -163,19 +207,22 @@ struct rewrite {
 struct protodefs {
     char *name;
     char *secretdefault;
-    uint8_t socktype;
+    int socktype;
     char *portdefault;
     uint8_t retrycountdefault;
     uint8_t retrycountmax;
     uint8_t retryintervaldefault;
     uint8_t retryintervalmax;
+    uint8_t duplicateintervaldefault;
+    void (*setprotoopts)(struct commonprotoopts *);
+    char **(*getlistenerargs)();
     void *(*listener)(void*);
-    char **srcaddrport;
     int (*connecter)(struct server *, struct timeval *, int, char *);
     void *(*clientconnreader)(void*);
     int (*clientradput)(struct server *, unsigned char *);
     void (*addclient)(struct client *);
     void (*addserverextra)(struct clsrvconf *);
+    void (*setsrcres)();
     void (*initextra)();
 };
 
@@ -186,23 +233,22 @@ struct protodefs {
 #define ATTRVAL(x) ((x) + 2)
 #define ATTRVALLEN(x) ((x)[1] - 2)
 
-#define SOCKADDR_SIZE(addr) ((addr).ss_family == AF_INET ? \
-                            sizeof(struct sockaddr_in) : \
-                            sizeof(struct sockaddr_in6))
-
-struct addrinfo *getsrcprotores(uint8_t type);
 struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
 struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
 struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
-struct client *addclient(struct clsrvconf *conf);
+struct client *addclient(struct clsrvconf *conf, uint8_t lock);
+void removelockedclient(struct client *client);
 void removeclient(struct client *client);
-void removeclientrqs(struct client *client);
-struct queue *newqueue();
-void removequeue(struct queue *q);
-void freebios(struct queue *q);
+struct gqueue *newqueue();
+void freebios(struct gqueue *q);
+struct request *newrequest();
+void freerq(struct request *rq);
 int radsrv(struct request *rq);
-X509 *verifytlscert(SSL *ssl);
-int verifyconfcert(X509 *cert, struct clsrvconf *conf);
-int replyh(struct server *server, unsigned char *buf);
-int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src);
-int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only);
+void replyh(struct server *server, unsigned char *buf);
+struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
+uint8_t *radattr2ascii(struct tlv *attr);
+pthread_attr_t pthread_attr;
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */