static struct options options;
struct list *clconfs, *srvconfs, *realms, *tlsconfs, *rewriteconfs;
-static int client_udp_count = 0;
-static int client_tls_count = 0;
-static int server_udp_count = 0;
-static int server_tls_count = 0;
-
static struct addrinfo *srcudpres = NULL;
static struct addrinfo *srctcpres = NULL;
void freerqdata(struct request *rq);
static const struct protodefs protodefs[] = {
- { /* UDP, assuming RAD_UDP defined as 0 */
+ { "udp", /* UDP, assuming RAD_UDP defined as 0 */
+ NULL, /* secretdefault */
REQUEST_RETRY_COUNT, /* retrycountdefault */
10, /* retrycountmax */
REQUEST_RETRY_INTERVAL, /* retryintervaldefault */
60 /* retryintervalmax */
},
- { /* TLS, assuming RAD_TLS defined as 1 */
+ { "tls", /* TLS, assuming RAD_TLS defined as 1 */
+ "mysecret", /* secretdefault */
+ 0, /* retrycountdefault */
+ 0, /* retrycountmax */
+ REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT, /* retryintervaldefault */
+ 60 /* retryintervalmax */
+ },
+ { "tcp", /* TCP, assuming RAD_TCP defined as 2 */
+ NULL, /* secretdefault */
0, /* retrycountdefault */
0, /* retrycountmax */
REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT, /* retryintervaldefault */
60 /* retryintervalmax */
+ },
+ { NULL
}
};
+uint8_t protoname2int(const char *name) {
+ int i;
+
+ for (i = 0; protodefs[i].name && strcasecmp(protodefs[i].name, name); i++);
+ return i;
+}
+
/* callbacks for making OpenSSL thread safe */
unsigned long ssl_thread_id() {
return (unsigned long)pthread_self();
return NULL;
}
+/* returns next config of given type, or NULL */
+struct clsrvconf *find_conf_type(uint8_t type, struct list *confs, struct list_node **cur) {
+ struct list_node *entry;
+ struct clsrvconf *conf;
+
+ for (entry = (cur && *cur ? list_next(*cur) : list_first(confs)); entry; entry = list_next(entry)) {
+ conf = (struct clsrvconf *)entry->data;
+ if (conf->type == type) {
+ if (cur)
+ *cur = entry;
+ return conf;
+ }
+ }
+ return NULL;
+}
+
struct replyq *newreplyq() {
struct replyq *replyq;
void freeclsrvconf(struct clsrvconf *conf) {
free(conf->name);
- free(conf->conftype);
free(conf->host);
free(conf->port);
free(conf->secret);
/* assumes dst is a shallow copy */
int mergesrvconf(struct clsrvconf *dst, struct clsrvconf *src) {
if (!mergeconfstring(&dst->name, &src->name) ||
- !mergeconfstring(&dst->conftype, &src->conftype) ||
!mergeconfstring(&dst->host, &src->host) ||
!mergeconfstring(&dst->port, &src->port) ||
!mergeconfstring(&dst->secret, &src->secret) ||
!mergeconfstring(&dst->confrewrite, &src->confrewrite) ||
!mergeconfstring(&dst->dynamiclookupcommand, &src->dynamiclookupcommand))
return 0;
+ if (src->pdef)
+ dst->pdef = src->pdef;
dst->statusserver = src->statusserver;
dst->certnamecheck = src->certnamecheck;
if (src->retryinterval != 255)
dst->retrycount = src->retrycount;
return 1;
}
-
+
int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) {
struct clsrvconf *conf;
+ char *conftype = NULL;
debug(DBG_DBG, "confclient_cb called for %s", block);
conf->certnamecheck = 1;
if (!getgenericconfig(cf, block,
- "type", CONF_STR, &conf->conftype,
+ "type", CONF_STR, &conftype,
"host", CONF_STR, &conf->host,
"secret", CONF_STR, &conf->secret,
"tls", CONF_STR, &conf->tls,
conf->name = stringcopy(val, 0);
if (!conf->host)
conf->host = stringcopy(val, 0);
+
+ if (!conftype)
+ debugx(1, DBG_ERR, "error in block %s, option type missing", block);
+ conf->type = protoname2int(conftype);
+ conf->pdef = &protodefs[conf->type];
+ if (!conf->pdef->name)
+ debugx(1, DBG_ERR, "error in block %s, unknown transport %s", block, conftype);
+ free(conftype);
- if (conf->conftype && !strcasecmp(conf->conftype, "udp")) {
- conf->type = RAD_UDP;
- client_udp_count++;
- } else if (conf->conftype && !strcasecmp(conf->conftype, "tls")) {
+ if (conf->type == RAD_TLS) {
conf->ssl_ctx = conf->tls ? tlsgetctx(conf->tls, NULL) : tlsgetctx("defaultclient", "default");
if (!conf->ssl_ctx)
debugx(1, DBG_ERR, "error in block %s, no tls context defined", block);
if (conf->matchcertattr && !addmatchcertattr(conf))
debugx(1, DBG_ERR, "error in block %s, invalid MatchCertificateAttributeValue", block);
- conf->type = RAD_TLS;
- client_tls_count++;
- } else
- debugx(1, DBG_ERR, "error in block %s, type must be set to UDP or TLS", block);
+ }
conf->rewrite = conf->confrewrite ? getrewrite(conf->confrewrite, NULL) : getrewrite("defaultclient", "default");
debugx(1, DBG_ERR, "failed to resolve host %s port %s, exiting", conf->host ? conf->host : "(null)", conf->port ? conf->port : "(null)");
if (!conf->secret) {
- if (conf->type != RAD_TLS)
- debugx(1, DBG_ERR, "error in block %s, secret must be specified when not TLS", block);
- conf->secret = stringcopy(DEFAULT_TLS_SECRET, 0);
+ if (!conf->pdef->secretdefault)
+ debugx(1, DBG_ERR, "error in block %s, secret must be specified for transport type %s", block, conf->pdef->name);
+ conf->secret = stringcopy(conf->pdef->secretdefault, 0);
+ if (!conf->secret)
+ debugx(1, DBG_ERR, "malloc failed");
}
return 1;
}
conf->retrycount = protodefs[conf->type].retrycountdefault;
conf->rewrite = conf->confrewrite ? getrewrite(conf->confrewrite, NULL) : getrewrite("defaultserver", "default");
+
if (!conf->secret) {
- if (conf->type != RAD_TLS)
- debug(DBG_ERR, "error in block %s, secret must be specified when not TLS", block);
- conf->secret = stringcopy(DEFAULT_TLS_SECRET, 0);
+ if (!conf->pdef->secretdefault) {
+ debug(DBG_ERR, "error in block %s, secret must be specified for transport type %s", block, conf->pdef->name);
+ return 0;
+ }
+ conf->secret = stringcopy(conf->pdef->secretdefault, 0);
if (!conf->secret) {
debug(DBG_ERR, "malloc failed");
return 0;
int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) {
struct clsrvconf *conf, *resconf;
- const struct protodefs *pdef;
+ char *conftype = NULL;
long int retryinterval = LONG_MIN, retrycount = LONG_MIN;
debug(DBG_DBG, "confserver_cb called for %s", block);
conf->certnamecheck = 1;
if (!getgenericconfig(cf, block,
- "type", CONF_STR, &conf->conftype,
+ "type", CONF_STR, &conftype,
"host", CONF_STR, &conf->host,
"port", CONF_STR, &conf->port,
"secret", CONF_STR, &conf->secret,
goto errexit;
}
}
-
- if (conf->conftype && !strcasecmp(conf->conftype, "udp"))
- conf->type = RAD_UDP;
- else if (conf->conftype && !strcasecmp(conf->conftype, "tls"))
- conf->type = RAD_TLS;
- else {
- debug(DBG_ERR, "error in block %s, type must be set to UDP or TLS", block);
+
+ if (!conftype)
+ debugx(1, DBG_ERR, "error in block %s, option type missing", block);
+ conf->type = protoname2int(conftype);
+ conf->pdef = &protodefs[conf->type];
+ if (!conf->pdef->name) {
+ debug(DBG_ERR, "error in block %s, unknown transport %s", block, conftype);
+ free(conftype);
goto errexit;
}
- pdef = &protodefs[conf->type];
-
+ free(conftype);
+
if (retryinterval != LONG_MIN) {
- if (retryinterval < 1 || retryinterval > pdef->retryintervalmax) {
- debug(DBG_ERR, "error in block %s, value of option RetryInterval is %d, must be 1-%d", block, retryinterval, pdef->retryintervalmax);
+ if (retryinterval < 1 || retryinterval > conf->pdef->retryintervalmax) {
+ debug(DBG_ERR, "error in block %s, value of option RetryInterval is %d, must be 1-%d", block, retryinterval, conf->pdef->retryintervalmax);
goto errexit;
}
conf->retryinterval = (uint8_t)retryinterval;
conf->retryinterval = 255;
if (retrycount != LONG_MIN) {
- if (retrycount < 0 || retrycount > pdef->retrycountmax) {
- debug(DBG_ERR, "error in block %s, value of option RetryCount is %d, must be 0-%d", block, pdef->retrycountmax);
+ if (retrycount < 0 || retrycount > conf->pdef->retrycountmax) {
+ debug(DBG_ERR, "error in block %s, value of option RetryCount is %d, must be 0-%d", block, retrycount, conf->pdef->retrycountmax);
goto errexit;
}
conf->retrycount = (uint8_t)retrycount;
if (resconf)
return 1;
- switch (conf->type) {
- case RAD_UDP:
- server_udp_count++;
- break;
- case RAD_TLS:
- server_tls_count++;
- break;
- default:
- goto errexit;
- }
-
if (!list_push(srvconfs, conf)) {
debug(DBG_ERR, "malloc failed");
goto errexit;
if (!getgenericconfig(&cfs, NULL,
"ListenUDP", CONF_MSTR, &options.listenudp,
"ListenTCP", CONF_MSTR, &options.listentcp,
+ "ListenTLS", CONF_MSTR, &options.listentls,
"ListenAccountingUDP", CONF_MSTR, &options.listenaccudp,
"SourceUDP", CONF_STR, &options.sourceudp,
"SourceTCP", CONF_STR, &options.sourcetcp,
sigaddset(&sigset, SIGPIPE);
pthread_sigmask(SIG_BLOCK, &sigset, NULL);
pthread_create(&sigth, NULL, sighandler, NULL);
-
- if (client_udp_count) {
+
+ if (find_conf_type(RAD_UDP, clconfs, NULL)) {
udp_server_replyq = newreplyq();
if (pthread_create(&udpserverwrth, NULL, udpserverwr, NULL))
debugx(1, DBG_ERR, "pthread_create failed");
if (pthread_create(&udpclient6rdth, NULL, udpclientrd, (void *)&udp_client6_sock))
debugx(1, DBG_ERR, "pthread_create failed");
- if (client_tls_count)
- createlisteners(RAD_TLS, options.listentcp, 0);
+ if (find_conf_type(RAD_TLS, clconfs, NULL))
+ createlisteners(RAD_TLS, options.listentls, 0);
/* just hang around doing nothing, anything to do here? */
for (;;)
projects / libradsec.git / commitdiff