2 * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
14 #define CONFIG_MAIN "/etc/radsecproxy.conf"
16 /* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
17 #define MAX_REQUESTS 256
18 #define REQUEST_RETRY_INTERVAL 5
19 #define REQUEST_RETRY_COUNT 2
20 #define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
21 #define MAX_CERT_DEPTH 5
22 #define STATUS_SERVER_PERIOD 25
23 #define IDLE_TIMEOUT 300
25 /* 27262 is vendor DANTE Ltd. */
26 #define DEFAULT_TTL_ATTR "27262:1"
32 #define RAD_PROTOCOUNT 4
37 uint32_t ttlattrtype[2];
40 uint8_t loopprevention;
43 struct commonprotoopts {
49 struct timeval created;
51 uint8_t *buf, *replybuf;
59 int udpsock; /* only for UDP */
60 uint16_t udpport; /* only for UDP */
63 /* requests that our client will send */
65 pthread_mutex_t *lock;
68 struct timeval expiry;
73 pthread_mutex_t mutex;
79 uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
80 const struct protodefs *pdef;
87 regex_t *certuriregex;
90 char *confrewriteusername;
91 struct modattr *rewriteusername;
92 char *dynamiclookupcommand;
94 uint8_t retryinterval;
97 uint8_t certnamecheck;
99 struct rewrite *rewritein;
100 struct rewrite *rewriteout;
101 struct addrinfo *addrinfo;
103 pthread_mutex_t *lock; /* only used for updating clients so far */
105 struct list *clients;
106 struct server *servers;
110 struct clsrvconf *conf;
113 struct request *rqs[MAX_REQUESTS];
114 struct queue *replyq;
115 struct queue *rbios; /* for dtls */
116 struct sockaddr *addr;
117 time_t expiry; /* for udp */
121 struct clsrvconf *conf;
124 pthread_mutex_t lock;
126 uint8_t clientrdgone;
127 struct timeval lastconnecttry;
128 struct timeval lastreply;
129 uint8_t connectionok;
131 char *dynamiclookuparg;
133 struct timeval lastrcv;
134 struct rqout *requests;
136 pthread_mutex_t newrq_mutex;
137 pthread_cond_t newrq_cond;
138 struct queue *rbios; /* for dtls */
147 pthread_mutex_t mutex;
148 struct realm *parent;
149 struct list *subrealms;
150 struct list *srvconfs;
151 struct list *accsrvconfs;
163 uint32_t cacheexpiry;
166 X509_VERIFY_PARAM *vpm;
178 uint8_t *removeattrs;
179 uint32_t *removevendorattrs;
180 struct list *addattrs;
181 struct list *modattrs;
189 uint8_t retrycountdefault;
190 uint8_t retrycountmax;
191 uint8_t retryintervaldefault;
192 uint8_t retryintervalmax;
193 uint8_t duplicateintervaldefault;
194 void (*setprotoopts)(struct commonprotoopts *);
195 char **(*getlistenerargs)();
196 void *(*listener)(void*);
197 int (*connecter)(struct server *, struct timeval *, int, char *);
198 void *(*clientconnreader)(void*);
199 int (*clientradput)(struct server *, unsigned char *);
200 void (*addclient)(struct client *);
201 void (*addserverextra)(struct clsrvconf *);
206 #define RADLEN(x) ntohs(((uint16_t *)(x))[1])
208 #define ATTRTYPE(x) ((x)[0])
209 #define ATTRLEN(x) ((x)[1])
210 #define ATTRVAL(x) ((x) + 2)
211 #define ATTRVALLEN(x) ((x)[1] - 2)
213 struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
214 struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
215 struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
216 struct client *addclient(struct clsrvconf *conf, uint8_t lock);
217 void removelockedclient(struct client *client);
218 void removeclient(struct client *client);
219 struct queue *newqueue();
220 void freebios(struct queue *q);
221 struct request *newrequest();
222 void freerq(struct request *rq);
223 int radsrv(struct request *rq);
224 X509 *verifytlscert(SSL *ssl);
225 int verifyconfcert(X509 *cert, struct clsrvconf *conf);
226 void replyh(struct server *server, unsigned char *buf);
227 SSL_CTX *tlsgetctx(uint8_t type, struct tls *t);
228 struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);