X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=tls.c;h=f79529ff99c3fe5b4316adcf17ebffd375f065f1;hb=b877d7d52b0c12bc6d1f5cbcebbd054a4fb433b6;hp=5a979607cf1416f36dd9313731cc4f2cbad62cfc;hpb=be2e70adfd0793b34e86e2a7463514923d1882cd;p=radsecproxy.git diff --git a/tls.c b/tls.c index 5a97960..f79529f 100644 --- a/tls.c +++ b/tls.c @@ -1,12 +1,11 @@ /* - * Copyright (C) 2006-2008 Stig Venaas + * Copyright (C) 2006-2009 Stig Venaas * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. */ -#ifdef RADPROT_TLS #include #include #include @@ -27,11 +26,14 @@ #include #include #include -#include "debug.h" #include "list.h" -#include "util.h" +#include "hostport.h" #include "radsecproxy.h" +#ifdef RADPROT_TLS +#include "debug.h" +#include "util.h" + static void setprotoopts(struct commonprotoopts *opts); static char **getlistenerargs(); void *tlslistener(void *arg); @@ -81,8 +83,7 @@ static char **getlistenerargs() { void tlssetsrcres() { if (!srcres) - srcres = resolve_hostport_addrinfo(handle, protoopts ? protoopts->sourcearg : NULL); - + srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype); } int tlsconnect(struct server *server, struct timeval *when, int timeout, char *text) { @@ -91,7 +92,7 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t X509 *cert; SSL_CTX *ctx = NULL; unsigned long error; - + debug(DBG_DBG, "tlsconnect: called from %s", text); pthread_mutex_lock(&server->lock); if (when && memcmp(&server->lastconnecttry, when, sizeof(struct timeval))) { @@ -126,14 +127,12 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t sleep(60); } else server->lastconnecttry.tv_sec = now.tv_sec; /* no sleep at startup */ - debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->conf->host, server->conf->port); + if (server->sock >= 0) close(server->sock); - if ((server->sock = connecttcp(server->conf->addrinfo, srcres)) < 0) { - debug(DBG_ERR, "tlsconnect: connecttcp failed"); + if ((server->sock = connecttcphostlist(server->conf->hostports, srcres)) < 0) continue; - } - + SSL_free(server->ssl); server->ssl = NULL; ctx = tlsgetctx(handle, server->conf->tlsconf); @@ -158,7 +157,7 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t } X509_free(cert); } - debug(DBG_WARN, "tlsconnect: TLS connection to %s port %s up", server->conf->host, server->conf->port); + debug(DBG_WARN, "tlsconnect: TLS connection to %s up", server->conf->name); server->connectionok = 1; gettimeofday(&server->lastconnecttry, NULL); pthread_mutex_unlock(&server->lock); @@ -171,7 +170,7 @@ int sslreadtimeout(SSL *ssl, unsigned char *buf, int num, int timeout) { int s, ndesc, cnt, len; fd_set readfds, writefds; struct timeval timer; - + s = SSL_get_fd(ssl); if (s < 0) return -1; @@ -225,21 +224,21 @@ unsigned char *radtlsget(SSL *ssl, int timeout) { continue; } memcpy(rad, buf, 4); - + cnt = sslreadtimeout(ssl, rad + 4, len - 4, timeout); if (cnt < 1) { debug(DBG_DBG, cnt ? "radtlsget: connection lost" : "radtlsget: timeout"); free(rad); return NULL; } - + if (len >= 20) break; - + free(rad); debug(DBG_WARN, "radtlsget: packet smaller than minimum radius size"); } - + debug(DBG_DBG, "radtlsget: got %d bytes", len); return rad; } @@ -259,7 +258,7 @@ int clientradputtls(struct server *server, unsigned char *rad) { return 0; } - debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->host); + debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name); return 1; } @@ -267,7 +266,7 @@ void *tlsclientrd(void *arg) { struct server *server = (struct server *)arg; unsigned char *buf; struct timeval now, lastconnecttry; - + for (;;) { /* yes, lastconnecttry is really necessary */ lastconnecttry = server->lastconnecttry; @@ -298,15 +297,15 @@ void *tlsserverwr(void *arg) { int cnt; unsigned long error; struct client *client = (struct client *)arg; - struct queue *replyq; + struct gqueue *replyq; struct request *reply; - + debug(DBG_DBG, "tlsserverwr: starting for %s", addr2string(client->addr)); replyq = client->replyq; for (;;) { pthread_mutex_lock(&replyq->mutex); while (!list_first(replyq->entries)) { - if (client->ssl) { + if (client->ssl) { debug(DBG_DBG, "tlsserverwr: waiting for signal"); pthread_cond_wait(&replyq->cond, &replyq->mutex); debug(DBG_DBG, "tlsserverwr: got signal"); @@ -336,9 +335,9 @@ void tlsserverrd(struct client *client) { struct request *rq; uint8_t *buf; pthread_t tlsserverwrth; - + debug(DBG_DBG, "tlsserverrd: starting for %s", addr2string(client->addr)); - + if (pthread_create(&tlsserverwrth, NULL, tlsserverwr, (void *)client)) { debug(DBG_ERR, "tlsserverrd: pthread_create failed"); return; @@ -363,7 +362,7 @@ void tlsserverrd(struct client *client) { break; } } - + /* stop writer by setting ssl to NULL and give signal in case waiting for data */ client->ssl = NULL; pthread_mutex_lock(&client->replyq->mutex); @@ -413,7 +412,7 @@ void *tlsservernew(void *arg) { if (!cert) goto exit; } - + while (conf) { if (verifyconfcert(cert, conf)) { X509_free(cert); @@ -433,7 +432,7 @@ void *tlsservernew(void *arg) { if (cert) X509_free(cert); - exit: +exit: if (ssl) { SSL_shutdown(ssl); SSL_free(ssl); @@ -474,3 +473,7 @@ const struct protodefs *tlsinit(uint8_t h) { return NULL; } #endif + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */