*/
typedef struct request_data_t request_data_t;
+typedef struct rad_snmp_client_entry_t rad_snmp_client_entry_t;
+
+typedef struct radclient {
+ lrad_ipaddr_t ipaddr;
+ int prefix;
+ char *longname;
+ char *secret;
+ char *shortname;
+ char *nastype;
+ char *login;
+ char *password;
+ int number; /* internal use only */
+#ifdef WITH_SNMP
+ rad_snmp_client_entry_t *auth, *acct;
+#endif
+} RADCLIENT;
+
/*
* For listening on multiple IP's and ports.
*/
VALUE_PAIR *password;
request_data_t *data;
- char secret[32];
+ RADCLIENT *client;
child_pid_t child_pid;
time_t timestamp;
int number; /* internal server number */
#define REQUEST_ACTIVE (1)
#define REQUEST_STOP_PROCESSING (2)
+#define REQUEST_COUNTED (3)
#define REQUEST_QUEUED (1)
#define REQUEST_RUNNING (2)
* Function handler for requests.
*/
typedef int (*RAD_REQUEST_FUNP)(REQUEST *);
-typedef struct rad_snmp_client_entry_t rad_snmp_client_entry_t;
-
-typedef struct radclient {
- lrad_ipaddr_t ipaddr;
- int prefix;
- char *longname;
- char *secret;
- char *shortname;
- char *nastype;
- char *login;
- char *password;
- int number; /* internal use only */
-#ifdef WITH_SNMP
- rad_snmp_client_entry_t *auth, *acct;
-#endif
-} RADCLIENT;
typedef struct radclient_list RADCLIENT_LIST;
void listen_free(rad_listen_t **head);
int listen_init(const char *filename, rad_listen_t **head);
rad_listen_t *proxy_new_listener(void);
-RADCLIENT *client_listener_find(const rad_listen_t *listener,
- const lrad_ipaddr_t *ipaddr);
/* event.c */
int radius_event_init(int spawn_flag);
}
#ifdef WITH_SNMP
-static void snmp_inc_client_responses(RADCLIENT *client,
- REQUEST *request)
+static void snmp_inc_client_responses(REQUEST *request)
{
if (!mainconfig.do_snmp) return;
case PW_AUTHENTICATION_ACK:
rad_snmp.auth.total_responses++;
rad_snmp.auth.total_access_accepts++;
- if (client) client->auth->accepts++;
+ if (request->client) request->client->auth->accepts++;
break;
case PW_AUTHENTICATION_REJECT:
rad_snmp.auth.total_responses++;
rad_snmp.auth.total_access_rejects++;
- if (client) client->auth->rejects++;
+ if (request->client) request->client->auth->rejects++;
break;
case PW_ACCESS_CHALLENGE:
rad_snmp.auth.total_responses++;
rad_snmp.auth.total_access_challenges++;
- if (client) client->auth->challenges++;
+ if (request->client) request->client->auth->challenges++;
break;
case PW_ACCOUNTING_RESPONSE:
rad_snmp.acct.total_responses++;
- if (client) client->auth->responses++;
+ if (request->client) request->client->auth->responses++;
break;
/*
case 0:
if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
rad_snmp.auth.total_bad_authenticators++;
- if (client) client->auth->bad_authenticators++;
+ if (request->client) request->client->auth->bad_authenticators++;
}
break;
#ifdef WITH_SNMP
if ((request->listener->type == RAD_LISTEN_AUTH) ||
(request->listener->type == RAD_LISTEN_ACCT)) {
- snmp_inc_client_responses(client_listener_find(request->listener,
- &request->packet->src_ipaddr),
- request);
+ snmp_inc_client_responses(request);
}
#endif
}
rad_assert(request->magic == REQUEST_MAGIC);
rad_assert(request->proxy != NULL);
- /*
- * FIXME: handle the case of RETRY from one home server
- * to another!
- *
- * Do we even have to do anything?
- */
request->when = request->proxy_when;
request->when.tv_sec += home->response_window;
if (request->proxy_reply) {
pairfree(&request->proxy_reply->vps);
}
+
+ /*
+ * We're not tracking responses from the home
+ * server, we can therefore free this memory in
+ * the child thread.
+ */
+ if (!request->in_proxy_hash) {
+ rad_free(&request->proxy);
+ rad_free(&request->proxy_reply);
+ request->home_server = NULL;
+ }
}
DEBUG2("Finished request %d state %d", request->number, child_state);
}
request->listener = listener;
+ request->client = client;
request->packet = packet;
request->packet->timestamp = request->timestamp;
request->number = request_num_counter++;
- strlcpy(request->secret, client->secret, sizeof(request->secret));
/*
* Remember the request in the list.
/*
* Find a per-socket client.
*/
-RADCLIENT *client_listener_find(const rad_listen_t *listener,
- const lrad_ipaddr_t *ipaddr)
+static RADCLIENT *client_listener_find(const rad_listen_t *listener,
+ const lrad_ipaddr_t *ipaddr)
{
const RADCLIENT_LIST *clients;
rad_assert(request->listener == listener);
rad_assert(listener->send == auth_socket_send);
- return rad_send(request->reply, request->packet, request->secret);
+ return rad_send(request->reply, request->packet,
+ request->client->secret);
}
*/
if (request->reply->code == 0) return 0;
- return rad_send(request->reply, request->packet, request->secret);
+ return rad_send(request->reply, request->packet,
+ request->client->secret);
}
{
if (!request->reply->code) return 0;
- rad_encode(request->reply, request->packet, request->secret);
- rad_sign(request->reply, request->packet, request->secret);
+ rad_encode(request->reply, request->packet,
+ request->client->secret);
+ rad_sign(request->reply, request->packet,
+ request->client->secret);
return 0;
}
static int client_socket_decode(UNUSED rad_listen_t *listener, REQUEST *request)
{
- if (rad_verify(request->packet, NULL, request->secret) < 0) {
+ if (rad_verify(request->packet, NULL,
+ request->client->secret) < 0) {
return -1;
}
- return rad_decode(request->packet, NULL, request->secret);
+ return rad_decode(request->packet, NULL,
+ request->client->secret);
}
static int proxy_socket_encode(UNUSED rad_listen_t *listener, REQUEST *request)
#ifndef NDEBUG
request->magic = 0x01020304; /* set the request to be nonsense */
- strcpy(request->secret, "REQUEST-DELETED");
#endif
+ request->client = NULL;
+ request->home_server = NULL;
free(request);
*request_ptr = NULL;
* Encrypt the session key again, using the request data.
*/
rad_tunnel_pwencode(vp->vp_strvalue + 17, &len,
- request->secret,
+ request->client->secret,
request->packet->vector);
return RLM_MODULE_UPDATED;
i = 16;
rad_tunnel_pwencode(vp->vp_strvalue + vp->length, &i,
- request->secret, request->packet->vector);
+ request->client->secret, request->packet->vector);
vp->length += i;
pairadd(reply_vps, vp);