X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Finclude%2Fradiusd.h;h=0c625b0c48be8c7e7ea3d4a8efe848885ede77f6;hb=1147ab4f2843e6deee5fd07f2b716de7cbb1675b;hp=9389e6f4c1eb328a22fde04d02f40433fdde6800;hpb=ded6b2f16658f448480e0b8368890a60beda8470;p=freeradius.git diff --git a/src/include/radiusd.h b/src/include/radiusd.h index 9389e6f..0c625b0 100644 --- a/src/include/radiusd.h +++ b/src/include/radiusd.h @@ -6,6 +6,22 @@ * * Version: $Id$ * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + * + * Copyright 1999,2000,2002,2003,2004,2005,2006,2007,2008 The FreeRADIUS server project + * */ #include @@ -19,43 +35,120 @@ RCSIDH(radiusd_h, "$Id$") typedef struct auth_req REQUEST; -#include - #ifdef HAVE_PTHREAD_H #include -typedef pthread_t child_pid_t; -#define child_kill pthread_kill -#else -typedef pid_t child_pid_t; -#define child_kill kill #endif -#define NO_SUCH_CHILD_PID (child_pid_t) (0) - #ifndef NDEBUG #define REQUEST_MAGIC (0xdeadbeef) #endif /* + * New defines for minimizing the size of the server, to strip + * out functionality. In order to ensure that people don't have + * to re-run "configure", after "cvs update", we play some + * special games with the defines. i.e. any top-level "configure" + * option should set both WITH_FOO and WITHOUT_FOO. After a few + * weeks, the WITHOUT_FOO can be deleted from the configure script. + */ +#ifndef WITHOUT_PROXY +#define WITH_PROXY (1) +#endif + +#ifndef WITHOUT_DETAIL +#define WITH_DETAIL (1) +#endif + +#ifndef WITHOUT_SESSION_MGMT +#define WITH_SESSION_MGMT (1) +#endif + +#ifndef WITHOUT_UNLANG +#define WITH_UNLANG (1) +#endif + +#ifndef WITHOUT_ACCOUNTING +#define WITH_ACCOUNTING (1) +#else +#ifdef WITH_SESSION_MGMT +#error WITH_SESSION_MGMT is defined, but WITH_ACCOUNTING is not. Session management requires accounting. +#endif +#ifdef WITH_DETAIL +#error WITH_DETAIL is defined, but WITH_ACCOUNTING is not. Detail file reading requires accounting. +#endif +#endif + +#ifndef WITHOUT_DYNAMIC_CLIENTS +#define WITH_DYNAMIC_CLIENTS (1) +#endif + +#ifndef WITHOUT_STATS +#define WITH_STATS +#endif + +#ifndef WITHOUT_COMMAND_SOCKET +#ifdef HAVE_SYS_UN_H +#define WITH_COMMAND_SOCKET (1) +#else +#define WITHOUT_COMMAND_SOCKET (1) +#endif +#endif + +#ifndef WITHOUT_COA +#define WITH_COA (1) +#ifndef WITH_PROXY +#error WITH_COA requires WITH_PROXY +#endif +#endif + +#include +#include + + +/* * See util.c */ typedef struct request_data_t request_data_t; -typedef struct rad_snmp_client_entry_t rad_snmp_client_entry_t; - typedef struct radclient { - lrad_ipaddr_t ipaddr; + fr_ipaddr_t ipaddr; int prefix; char *longname; char *secret; char *shortname; + int message_authenticator; char *nastype; char *login; char *password; char *server; int number; /* internal use only */ -#ifdef WITH_SNMP - rad_snmp_client_entry_t *auth, *acct; + const CONF_SECTION *cs; +#ifdef WITH_STATS + fr_stats_t *auth; +#ifdef WITH_ACCOUNTING + fr_stats_t *acct; +#endif +#endif + + int proto; +#ifdef WITH_TCP + int max_connections; + int num_connections; +#endif + +#ifdef WITH_DYNAMIC_CLIENTS + int lifetime; + int dynamic; /* was dynamically defined */ + time_t created; + time_t last_new_client; + char *client_server; + int rate_limit; +#endif + +#ifdef WITH_COA + char *coa_name; + home_server *coa_server; + home_pool_t *coa_pool; #endif } RADCLIENT; @@ -66,12 +159,28 @@ typedef struct radclient { */ typedef enum RAD_LISTEN_TYPE { RAD_LISTEN_NONE = 0, +#ifdef WITH_PROXY RAD_LISTEN_PROXY, +#endif RAD_LISTEN_AUTH, +#ifdef WITH_ACCOUNTING RAD_LISTEN_ACCT, +#endif +#ifdef WITH_DETAIL RAD_LISTEN_DETAIL, +#endif +#ifdef WITH_VMPS RAD_LISTEN_VQP, - RAD_LISTEN_SNMP, +#endif +#ifdef WITH_DHCP + RAD_LISTEN_DHCP, +#endif +#ifdef WITH_COMMAND_SOCKET + RAD_LISTEN_COMMAND, +#endif +#ifdef WITH_COA + RAD_LISTEN_COA, +#endif RAD_LISTEN_MAX } RAD_LISTEN_TYPE; @@ -80,6 +189,7 @@ typedef enum RAD_LISTEN_TYPE { * For listening on multiple IP's and ports. */ typedef struct rad_listen_t rad_listen_t; +typedef void (*radlog_func_t)(int, int, REQUEST *, const char *, ...); #define REQUEST_DATA_REGEX (0xadbeef00) #define REQUEST_MAX_REGEX (8) @@ -89,25 +199,38 @@ struct auth_req { uint32_t magic; /* for debugging only */ #endif RADIUS_PACKET *packet; +#ifdef WITH_PROXY RADIUS_PACKET *proxy; +#endif RADIUS_PACKET *reply; +#ifdef WITH_PROXY RADIUS_PACKET *proxy_reply; +#endif VALUE_PAIR *config_items; VALUE_PAIR *username; VALUE_PAIR *password; + struct main_config_t *root; + request_data_t *data; RADCLIENT *client; - child_pid_t child_pid; +#ifdef HAVE_PTHREAD_H + pthread_t child_pid; +#endif time_t timestamp; - int number; /* internal server number */ + unsigned int number; /* internal server number */ rad_listen_t *listener; +#ifdef WITH_PROXY rad_listen_t *proxy_listener; +#endif + - int simul_max; + int simul_max; /* see modcall.c && xlat.c */ +#ifdef WITH_SESSION_MGMT int simul_count; int simul_mpp; /* WEIRD: 1 is false, 2 is true */ +#endif int options; /* miscellanous options */ const char *module; /* for debugging unresponsive children */ @@ -121,11 +244,12 @@ struct auth_req { int child_state; RAD_LISTEN_TYPE priority; - lrad_event_t *ev; + fr_event_t *ev; struct timeval next_when; - lrad_event_callback_t next_callback; + fr_event_callback_t next_callback; int in_request_hash; +#ifdef WITH_PROXY int in_proxy_hash; home_server *home_server; @@ -135,12 +259,22 @@ struct auth_req { int num_proxied_requests; int num_proxied_responses; +#endif const char *server; REQUEST *parent; + radlog_func_t radlog; /* logging function, if set */ +#ifdef WITH_COA + REQUEST *coa; + int num_coa_requests; +#endif }; /* REQUEST typedef */ #define RAD_REQUEST_OPTION_NONE (0) +#define RAD_REQUEST_OPTION_DEBUG (1) +#define RAD_REQUEST_OPTION_DEBUG2 (2) +#define RAD_REQUEST_OPTION_DEBUG3 (3) +#define RAD_REQUEST_OPTION_DEBUG4 (4) #define REQUEST_ACTIVE (1) #define REQUEST_STOP_PROCESSING (2) @@ -161,7 +295,7 @@ typedef int (*RAD_REQUEST_FUNP)(REQUEST *); typedef struct radclient_list RADCLIENT_LIST; typedef struct pair_list { - char *name; + const char *name; VALUE_PAIR *check; VALUE_PAIR *reply; int lineno; @@ -173,7 +307,7 @@ typedef struct pair_list { typedef int (*rad_listen_recv_t)(rad_listen_t *, RAD_REQUEST_FUNP *, REQUEST **); typedef int (*rad_listen_send_t)(rad_listen_t *, REQUEST *); -typedef int (*rad_listen_print_t)(rad_listen_t *, char *, size_t); +typedef int (*rad_listen_print_t)(const rad_listen_t *, char *, size_t); typedef int (*rad_listen_encode_t)(rad_listen_t *, REQUEST *); typedef int (*rad_listen_decode_t)(rad_listen_t *, REQUEST *); @@ -186,6 +320,10 @@ struct rad_listen_t { RAD_LISTEN_TYPE type; int fd; const char *server; + int status; +#ifdef WITH_TCP + int count; +#endif rad_listen_recv_t recv; rad_listen_send_t send; @@ -194,8 +332,56 @@ struct rad_listen_t { rad_listen_print_t print; void *data; + +#ifdef WITH_STATS + fr_stats_t stats; +#endif }; +/* + * This shouldn't really be exposed... + */ +typedef struct listen_socket_t { + /* + * For normal sockets. + */ + fr_ipaddr_t my_ipaddr; + int my_port; + + const char *interface; +#ifdef SO_BROADCAST + int broadcast; +#endif + + /* for outgoing sockets */ + home_server *home; + fr_ipaddr_t other_ipaddr; + int other_port; + + int proto; + +#ifdef WITH_TCP + /* for a proxy connecting to home servers */ + time_t last_packet; + time_t opened; + fr_event_t *ev; + + /* for clients connecting to the server */ + int max_connections; + int num_connections; + struct listen_socket_t *parent; + RADCLIENT *client; + + RADIUS_PACKET *packet; /* for reading partial packets */ +#endif + RADCLIENT_LIST *clients; +} listen_socket_t; + +#define RAD_LISTEN_STATUS_INIT (0) +#define RAD_LISTEN_STATUS_KNOWN (1) +#define RAD_LISTEN_STATUS_REMOVE_FD (2) +#define RAD_LISTEN_STATUS_CLOSED (3) +#define RAD_LISTEN_STATUS_FINISH (4) typedef enum radlog_dest_t { RADLOG_STDOUT = 0, @@ -208,25 +394,17 @@ typedef enum radlog_dest_t { typedef struct main_config_t { struct main_config *next; - time_t config_dead_time; - lrad_ipaddr_t myip; /* from the command-line only */ + int refcount; + fr_ipaddr_t myip; /* from the command-line only */ int port; /* from the command-line only */ int log_auth; int log_auth_badpass; int log_auth_goodpass; -#ifdef WITH_SNMP - int do_snmp; -#endif int allow_core_dumps; int debug_level; +#ifdef WITH_PROXY int proxy_requests; - int wake_all_if_all_dead; - int proxy_synchronous; - int proxy_dead_time; - int proxy_retry_count; - int proxy_retry_delay; - int proxy_fallback; - const char *proxy_fail_type; +#endif int reject_delay; int status_server; int max_request_time; @@ -238,20 +416,32 @@ typedef struct main_config_t { char *log_file; char *checkrad; const char *pid_file; - const char *uid_name; - const char *gid_name; rad_listen_t *listen; int syslog_facility; int radlog_fd; radlog_dest_t radlog_dest; CONF_SECTION *config; - RADCLIENT_LIST *clients; - const char *radiusd_conf; + const char *name; + const char *auth_badpass_msg; + const char *auth_goodpass_msg; } MAIN_CONFIG_T; #define DEBUG if(debug_flag)log_debug #define DEBUG2 if (debug_flag > 1)log_debug #define DEBUG3 if (debug_flag > 2)log_debug +#define DEBUG4 if (debug_flag > 3)log_debug + +#if __GNUC__ >= 3 +#define RDEBUG(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 1, request, fmt, ## __VA_ARGS__) +#define RDEBUG2(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 2, request, fmt, ## __VA_ARGS__) +#define RDEBUG3(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 3, request, fmt, ## __VA_ARGS__) +#define RDEBUG4(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 4, request, fmt, ## __VA_ARGS__) +#else +#define RDEBUG DEBUG +#define RDEBUG2 DEBUG2 +#define RDEBUG3 DEBUG3 +#define RDEBUG4 DEBUG4 +#endif #define SECONDS_PER_DAY 86400 #define MAX_REQUEST_TIME 30 @@ -321,6 +511,8 @@ void radius_signal_self(int flag); #define RADIUS_SIGNAL_SELF_TERM (1 << 1) #define RADIUS_SIGNAL_SELF_EXIT (1 << 2) #define RADIUS_SIGNAL_SELF_DETAIL (1 << 3) +#define RADIUS_SIGNAL_SELF_NEW_FD (1 << 4) +#define RADIUS_SIGNAL_SELF_MAX (1 << 5) /* @@ -339,9 +531,9 @@ int session_zap(REQUEST *request, uint32_t nasaddr, char proto,int session_time); /* radiusd.c */ -#ifndef _LIBRADIUS -void debug_pair(FILE *, VALUE_PAIR *); -#endif +#undef debug_pair +void debug_pair(VALUE_PAIR *); +void debug_pair_list(VALUE_PAIR *); int log_err (char *); /* util.c */ @@ -352,6 +544,7 @@ int rad_checkfilename(const char *filename); void *rad_malloc(size_t size); /* calls exit(1) on error! */ REQUEST *request_alloc(void); REQUEST *request_alloc_fake(REQUEST *oldreq); +REQUEST *request_alloc_coa(REQUEST *request); int request_data_add(REQUEST *request, void *unique_ptr, int unique_int, void *opaque, void (*free_opaque)(void *)); @@ -362,29 +555,30 @@ void *request_data_reference(REQUEST *request, int rad_copy_string(char *dst, const char *src); int rad_copy_variable(char *dst, const char *from); -/* request_process.c */ -int rad_respond(REQUEST *request, RAD_REQUEST_FUNP fun); -void request_reject(REQUEST *request, request_fail_t reason); - /* client.c */ RADCLIENT_LIST *clients_init(void); void clients_free(RADCLIENT_LIST *clients); RADCLIENT_LIST *clients_parse_section(CONF_SECTION *section); void client_free(RADCLIENT *client); int client_add(RADCLIENT_LIST *clients, RADCLIENT *client); +#ifdef WITH_DYNAMIC_CLIENTS +void client_delete(RADCLIENT_LIST *clients, RADCLIENT *client); +RADCLIENT *client_create(RADCLIENT_LIST *clients, REQUEST *request); +#endif RADCLIENT *client_find(const RADCLIENT_LIST *clients, - const lrad_ipaddr_t *ipaddr); -const char *client_name(const RADCLIENT_LIST *clients, - const lrad_ipaddr_t *ipaddr); + const fr_ipaddr_t *ipaddr, int proto); + RADCLIENT *client_findbynumber(const RADCLIENT_LIST *clients, int number); -RADCLIENT *client_find_old(const lrad_ipaddr_t *ipaddr); -const char *client_name_old(const lrad_ipaddr_t *ipaddr); +RADCLIENT *client_find_old(const fr_ipaddr_t *ipaddr); +int client_validate(RADCLIENT_LIST *clients, RADCLIENT *master, + RADCLIENT *c); +RADCLIENT *client_read(const char *filename, int in_server, int flag); + /* files.c */ int pairlist_read(const char *file, PAIR_LIST **list, int complain); void pairlist_free(PAIR_LIST **); -int read_config_files(void); /* version.c */ void version(void); @@ -402,11 +596,11 @@ int log_debug(const char *, ...) #endif ; void vp_listdebug(VALUE_PAIR *vp); - - -/* proxy.c */ -int proxy_receive(REQUEST *request); -int proxy_send(REQUEST *request); +void radlog_request(int lvl, int priority, REQUEST *request, const char *msg, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 4, 5))) +#endif +; /* auth.c */ char *auth_name(char *buf, size_t buflen, REQUEST *request, int do_cli); @@ -435,26 +629,33 @@ int radius_compare_vps(REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *vp); int radius_callback_compare(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check, VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs); +int radius_find_compare(int attribute); VALUE_PAIR *radius_paircreate(REQUEST *request, VALUE_PAIR **vps, - int attribute, int type); + int attribute, int vendor, int type); +VALUE_PAIR *radius_pairmake(REQUEST *request, VALUE_PAIR **vps, + const char *attribute, const char *value, + int operator); /* xlat.c */ -typedef int (*RADIUS_ESCAPE_STRING)(char *out, int outlen, const char *in); +typedef size_t (*RADIUS_ESCAPE_STRING)(char *out, size_t outlen, const char *in); int radius_xlat(char * out, int outlen, const char *fmt, REQUEST * request, RADIUS_ESCAPE_STRING func); -typedef int (*RAD_XLAT_FUNC)(void *instance, REQUEST *, char *, char *, size_t, RADIUS_ESCAPE_STRING func); -int xlat_register(const char *module, RAD_XLAT_FUNC func, void *instance); +typedef size_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, char *, char *, size_t, RADIUS_ESCAPE_STRING func); +int xlat_register(const char *module, RAD_XLAT_FUNC func, + void *instance); void xlat_unregister(const char *module, RAD_XLAT_FUNC func); void xlat_free(void); /* threads.c */ -extern int thread_pool_init(int spawn_flag); -extern int thread_pool_clean(time_t now); +extern int thread_pool_init(CONF_SECTION *cs, int *spawn_flag); extern int thread_pool_addrequest(REQUEST *, RAD_REQUEST_FUNP); extern pid_t rad_fork(void); extern pid_t rad_waitpid(pid_t pid, int *status); extern int total_active_threads(void); +extern void thread_pool_lock(void); +extern void thread_pool_unlock(void); +extern void thread_pool_queue_stats(int *array); #ifndef HAVE_PTHREAD_H #define rad_fork(n) fork() @@ -467,29 +668,39 @@ extern struct main_config_t mainconfig; int read_mainconfig(int reload); int free_mainconfig(void); +void hup_mainconfig(void); +void fr_suid_down(void); +void fr_suid_up(void); +void fr_suid_down_permanent(void); /* listen.c */ void listen_free(rad_listen_t **head); int listen_init(CONF_SECTION *cs, rad_listen_t **head); -rad_listen_t *proxy_new_listener(void); +int proxy_new_listener(home_server *home, int src_port); +RADCLIENT *client_listener_find(const rad_listen_t *listener, + const fr_ipaddr_t *ipaddr, int src_port); + +#ifdef WITH_STATS +RADCLIENT_LIST *listener_find_client_list(const fr_ipaddr_t *ipaddr, + int port); +#endif +rad_listen_t *listener_find_byipaddr(const fr_ipaddr_t *ipaddr, int port); /* event.c */ -int radius_event_init(int spawn_flag); +int radius_event_init(CONF_SECTION *cs, int spawn_flag); void radius_event_free(void); -int radius_event_process(struct timeval **pptv); +int radius_event_process(void); void radius_handle_request(REQUEST *request, RAD_REQUEST_FUNP fun); int received_request(rad_listen_t *listener, RADIUS_PACKET *packet, REQUEST **prequest, RADCLIENT *client); REQUEST *received_proxy_response(RADIUS_PACKET *packet); +int event_new_fd(rad_listen_t *listener); /* evaluate.c */ int radius_evaluate_condition(REQUEST *request, int modreturn, int depth, const char **ptr, int evaluate_it, int *presult); int radius_update_attrlist(REQUEST *request, CONF_SECTION *cs, VALUE_PAIR *input_vps, const char *name); - -/* vmps.c */ -int vmps_process(REQUEST *); - +void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from); #endif /*RADIUSD_H*/