2 * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
14 #define CONFIG_MAIN "/etc/radsecproxy.conf"
16 /* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
17 #define MAX_REQUESTS 256
18 #define REQUEST_RETRY_INTERVAL 5
19 #define REQUEST_RETRY_COUNT 2
20 #define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
21 #define MAX_CERT_DEPTH 5
22 #define STATUS_SERVER_PERIOD 25
23 #define IDLE_TIMEOUT 300
25 /* 27262 is vendor DANTE Ltd. */
26 #define DEFAULT_TTL_ATTR "27262:1"
32 #define RAD_PROTOCOUNT 4
37 uint32_t ttlattrtype[2];
40 uint8_t loopprevention;
43 struct commonprotoopts {
49 struct timeval created;
51 uint8_t *buf, *replybuf;
59 int udpsock; /* only for UDP */
60 uint16_t udpport; /* only for UDP */
63 /* requests that our client will send */
65 pthread_mutex_t *lock;
68 struct timeval expiry;
73 pthread_mutex_t mutex;
79 uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
80 const struct protodefs *pdef;
87 regex_t *certuriregex;
90 char *confrewriteusername;
91 struct modattr *rewriteusername;
92 char *dynamiclookupcommand;
94 uint8_t retryinterval;
97 uint8_t certnamecheck;
99 struct rewrite *rewritein;
100 struct rewrite *rewriteout;
101 struct addrinfo *addrinfo;
103 pthread_mutex_t *lock; /* only used for updating clients so far */
105 struct list *clients;
106 struct server *servers;
110 struct clsrvconf *conf;
113 struct request *rqs[MAX_REQUESTS];
114 struct queue *replyq;
115 struct queue *rbios; /* for dtls */
116 struct sockaddr *addr;
117 time_t expiry; /* for udp */
121 struct clsrvconf *conf;
124 pthread_mutex_t lock;
126 uint8_t clientrdgone;
127 struct timeval lastconnecttry;
128 struct timeval lastreply;
129 uint8_t connectionok;
131 char *dynamiclookuparg;
133 struct timeval lastrcv;
134 struct rqout *requests;
136 pthread_mutex_t newrq_mutex;
137 pthread_cond_t newrq_cond;
138 struct queue *rbios; /* for dtls */
147 pthread_mutex_t mutex;
148 struct realm *parent;
149 struct list *subrealms;
150 struct list *srvconfs;
151 struct list *accsrvconfs;
161 uint8_t *removeattrs;
162 uint32_t *removevendorattrs;
163 struct list *addattrs;
164 struct list *modattrs;
172 uint8_t retrycountdefault;
173 uint8_t retrycountmax;
174 uint8_t retryintervaldefault;
175 uint8_t retryintervalmax;
176 uint8_t duplicateintervaldefault;
177 void (*setprotoopts)(struct commonprotoopts *);
178 char **(*getlistenerargs)();
179 void *(*listener)(void*);
180 int (*connecter)(struct server *, struct timeval *, int, char *);
181 void *(*clientconnreader)(void*);
182 int (*clientradput)(struct server *, unsigned char *);
183 void (*addclient)(struct client *);
184 void (*addserverextra)(struct clsrvconf *);
189 #define RADLEN(x) ntohs(((uint16_t *)(x))[1])
191 #define ATTRTYPE(x) ((x)[0])
192 #define ATTRLEN(x) ((x)[1])
193 #define ATTRVAL(x) ((x) + 2)
194 #define ATTRVALLEN(x) ((x)[1] - 2)
196 struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
197 struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
198 struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
199 struct client *addclient(struct clsrvconf *conf, uint8_t lock);
200 void removelockedclient(struct client *client);
201 void removeclient(struct client *client);
202 struct queue *newqueue();
203 void freebios(struct queue *q);
204 struct request *newrequest();
205 void freerq(struct request *rq);
206 int radsrv(struct request *rq);
207 X509 *verifytlscert(SSL *ssl);
208 int verifyconfcert(X509 *cert, struct clsrvconf *conf);
209 void replyh(struct server *server, unsigned char *buf);
210 SSL_CTX *tlsgetctx(uint8_t type, struct tls *t);
211 struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);