From: Linus Nordberg Date: Tue, 22 Jan 2013 10:01:59 +0000 (+0100) Subject: Revive radsecproxy.h and hostport_types.h and move rsp_* into radsecproxy/. X-Git-Tag: libradsec-0.0.4~59 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=libradsec.git;a=commitdiff_plain;h=95c4d4a42f2b4457c64a87c45c7c170dfba6a7c4 Revive radsecproxy.h and hostport_types.h and move rsp_* into radsecproxy/. --- diff --git a/lib/Makefile.am b/lib/Makefile.am index e6f9fb2..08ace0c 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -17,7 +17,7 @@ ACLOCAL_AMFLAGS = -I m4 # library interface is _changed_. -SUBDIRS = radius . include examples +SUBDIRS = radius radsecproxy . include examples INCLUDES = -I$(srcdir)/include AM_CFLAGS = -Wall -g @@ -41,20 +41,13 @@ libradsec_la_SOURCES = \ udp.c \ util.c -libradsec_la_SOURCES += \ - rsp_debug.c \ - rsp_hash.c \ - rsp_list.c \ - rsp_util.c - if RS_ENABLE_TLS libradsec_la_SOURCES += \ - tls.c \ - rsp_tlscommon.c + tls.c endif EXTRA_DIST = HACKING LICENSE -libradsec_la_LIBADD = radius/libradsec-radius.la +libradsec_la_LIBADD = radsecproxy/libradsec-radsecproxy.la radius/libradsec-radius.la libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols radsec.sym libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT diff --git a/lib/configure.ac b/lib/configure.ac index e483b1e..e69135b 100644 --- a/lib/configure.ac +++ b/lib/configure.ac @@ -54,6 +54,7 @@ AC_TYPE_UINT8_T AC_CHECK_FUNCS([memset socket strdup strerror strrchr]) AC_CONFIG_FILES([Makefile + radsecproxy/Makefile radius/Makefile include/Makefile examples/Makefile diff --git a/lib/radsec.c b/lib/radsec.c index d14ad50..db406ae 100644 --- a/lib/radsec.c +++ b/lib/radsec.c @@ -19,11 +19,11 @@ #include #include "err.h" #include "debug.h" -#include "rsp_debug.h" +#include "radsecproxy/debug.h" #if defined (RS_ENABLE_TLS) #include -#include "rsp_list.h" -#include "../radsecproxy.h" +#include "radsecproxy/list.h" +#include "radsecproxy/radsecproxy.h" #endif /* Public functions. */ diff --git a/lib/radsecproxy/Makefile.am b/lib/radsecproxy/Makefile.am new file mode 100644 index 0000000..16b66ae --- /dev/null +++ b/lib/radsecproxy/Makefile.am @@ -0,0 +1,18 @@ +AUTOMAKE_OPTIONS = foreign +ACLOCAL_AMFLAGS = -I m4 + +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir) +AM_CFLAGS = -Wall -g + +noinst_LTLIBRARIES = libradsec-radsecproxy.la + +libradsec_radsecproxy_la_SOURCES = \ + debug.c \ + hash.c \ + list.c \ + util.c + +if RS_ENABLE_TLS +libradsec_radsecproxy_la_SOURCES += \ + tlscommon.c +endif diff --git a/lib/rsp_debug.c b/lib/radsecproxy/debug.c similarity index 99% rename from lib/rsp_debug.c rename to lib/radsecproxy/debug.c index f3a2de6..8a4881d 100644 --- a/lib/rsp_debug.c +++ b/lib/radsecproxy/debug.c @@ -15,8 +15,8 @@ #include #include #include -#include "rsp_debug.h" -#include "rsp_util.h" +#include "debug.h" +#include "util.h" static char *debug_ident = NULL; static uint8_t debug_level = DBG_INFO; diff --git a/lib/rsp_debug.h b/lib/radsecproxy/debug.h similarity index 100% rename from lib/rsp_debug.h rename to lib/radsecproxy/debug.h diff --git a/lib/radsecproxy/gconfig.h b/lib/radsecproxy/gconfig.h new file mode 100644 index 0000000..3cb34b3 --- /dev/null +++ b/lib/radsecproxy/gconfig.h @@ -0,0 +1,32 @@ +/* Copyright (c) 2007-2008, UNINETT AS */ +/* See LICENSE for licensing information. */ + +#define CONF_STR 1 +#define CONF_CBK 2 +#define CONF_MSTR 3 +#define CONF_BLN 4 +#define CONF_LINT 5 + +#include + +struct gconffile { + char *path; + FILE *file; + const char *data; + size_t datapos; +}; + +int getconfigline(struct gconffile **cf, char *block, char **opt, char **val, int *conftype); +int getgenericconfig(struct gconffile **cf, char *block, ...); +int pushgconfdata(struct gconffile **cf, const char *data); +FILE *pushgconfpath(struct gconffile **cf, const char *path); +FILE *pushgconffile(struct gconffile **cf, FILE *file, const char *description); +FILE *pushgconfpaths(struct gconffile **cf, const char *path); +int popgconf(struct gconffile **cf); +void freegconfmstr(char **mstr); +void freegconf(struct gconffile **cf); +struct gconffile *openconfigfile(const char *file); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/rsp_hash.c b/lib/radsecproxy/hash.c similarity index 98% rename from lib/rsp_hash.c rename to lib/radsecproxy/hash.c index a57ead2..ab17433 100644 --- a/lib/rsp_hash.c +++ b/lib/radsecproxy/hash.c @@ -4,8 +4,8 @@ #include #include #include -#include "rsp_list.h" -#include "rsp_hash.h" +#include "list.h" +#include "hash.h" /* allocates and initialises hash structure; returns NULL if malloc fails */ struct hash *hash_create() { diff --git a/lib/rsp_hash.h b/lib/radsecproxy/hash.h similarity index 100% rename from lib/rsp_hash.h rename to lib/radsecproxy/hash.h diff --git a/lib/radsecproxy/hostport_types.h b/lib/radsecproxy/hostport_types.h new file mode 100644 index 0000000..01fb443 --- /dev/null +++ b/lib/radsecproxy/hostport_types.h @@ -0,0 +1,6 @@ +struct hostportres { + char *host; + char *port; + uint8_t prefixlen; + struct addrinfo *addrinfo; +}; diff --git a/lib/rsp_list.c b/lib/radsecproxy/list.c similarity index 99% rename from lib/rsp_list.c rename to lib/radsecproxy/list.c index ac6924e..4cfd358 100644 --- a/lib/rsp_list.c +++ b/lib/radsecproxy/list.c @@ -7,7 +7,7 @@ #include #include -#include "rsp_list.h" +#include "list.h" /* allocates and initialises list structure; returns NULL if malloc fails */ struct list *list_create() { diff --git a/lib/rsp_list.h b/lib/radsecproxy/list.h similarity index 100% rename from lib/rsp_list.h rename to lib/radsecproxy/list.h diff --git a/lib/radsecproxy/radmsg.h b/lib/radsecproxy/radmsg.h new file mode 100644 index 0000000..1bef59b --- /dev/null +++ b/lib/radsecproxy/radmsg.h @@ -0,0 +1,40 @@ +/* Copyright (c) 2007-2008, UNINETT AS */ +/* See LICENSE for licensing information. */ + +#define RAD_Access_Request 1 +#define RAD_Access_Accept 2 +#define RAD_Access_Reject 3 +#define RAD_Accounting_Request 4 +#define RAD_Accounting_Response 5 +#define RAD_Access_Challenge 11 +#define RAD_Status_Server 12 +#define RAD_Status_Client 13 + +#define RAD_Attr_User_Name 1 +#define RAD_Attr_User_Password 2 +#define RAD_Attr_Reply_Message 18 +#define RAD_Attr_Vendor_Specific 26 +#define RAD_Attr_Calling_Station_Id 31 +#define RAD_Attr_Tunnel_Password 69 +#define RAD_Attr_Message_Authenticator 80 + +#define RAD_VS_ATTR_MS_MPPE_Send_Key 16 +#define RAD_VS_ATTR_MS_MPPE_Recv_Key 17 + +struct radmsg { + uint8_t code; + uint8_t id; + uint8_t auth[20]; + struct list *attrs; +}; + +void radmsg_free(struct radmsg *); +struct radmsg *radmsg_init(uint8_t, uint8_t, uint8_t *); +int radmsg_add(struct radmsg *, struct tlv *); +struct tlv *radmsg_gettype(struct radmsg *, uint8_t); +uint8_t *radmsg2buf(struct radmsg *msg, uint8_t *); +struct radmsg *buf2radmsg(uint8_t *, uint8_t *, uint8_t *); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy/radsecproxy.h b/lib/radsecproxy/radsecproxy.h new file mode 100644 index 0000000..7528f7f --- /dev/null +++ b/lib/radsecproxy/radsecproxy.h @@ -0,0 +1,216 @@ +/* + * Copyright (C) 2006-2009 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +#include "tlv11.h" +#include "radmsg.h" +#include "gconfig.h" + +#define DEBUG_LEVEL 2 + +#define CONFIG_MAIN "/etc/radsecproxy.conf" + +/* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */ +#define MAX_REQUESTS 256 +#define REQUEST_RETRY_INTERVAL 5 +#define REQUEST_RETRY_COUNT 2 +#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT +#define MAX_CERT_DEPTH 5 +#define STATUS_SERVER_PERIOD 25 +#define IDLE_TIMEOUT 300 + +/* 27262 is vendor DANTE Ltd. */ +#define DEFAULT_TTL_ATTR "27262:1" + +#define RAD_UDP 0 +#define RAD_TLS 1 +#define RAD_TCP 2 +#define RAD_DTLS 3 +#define RAD_PROTOCOUNT 4 + +struct options { + char *logdestination; + char *ttlattr; + uint32_t ttlattrtype[2]; + uint8_t addttl; + uint8_t loglevel; + uint8_t loopprevention; +}; + +struct commonprotoopts { + char **listenargs; + char *sourcearg; +}; + +struct request { + struct timeval created; + uint32_t refcount; + uint8_t *buf, *replybuf; + struct radmsg *msg; + struct client *from; + struct server *to; + char *origusername; + uint8_t rqid; + uint8_t rqauth[16]; + uint8_t newid; + int udpsock; /* only for UDP */ + uint16_t udpport; /* only for UDP */ +}; + +/* requests that our client will send */ +struct rqout { + pthread_mutex_t *lock; + struct request *rq; + uint8_t tries; + struct timeval expiry; +}; + +struct gqueue { + struct list *entries; + pthread_mutex_t mutex; + pthread_cond_t cond; +}; + +struct clsrvconf { + char *name; + uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */ + const struct protodefs *pdef; + char **hostsrc; + char *portsrc; + struct list *hostports; + char *secret; + char *tls; + char *matchcertattr; + regex_t *certcnregex; + regex_t *certuriregex; + char *confrewritein; + char *confrewriteout; + char *confrewriteusername; + struct modattr *rewriteusername; + char *dynamiclookupcommand; + uint8_t statusserver; + uint8_t retryinterval; + uint8_t retrycount; + uint8_t dupinterval; + uint8_t certnamecheck; + uint8_t addttl; + uint8_t loopprevention; + struct rewrite *rewritein; + struct rewrite *rewriteout; + pthread_mutex_t *lock; /* only used for updating clients so far */ + struct tls *tlsconf; + struct list *clients; + struct server *servers; +}; + +#include "tlscommon.h" + +struct client { + struct clsrvconf *conf; + int sock; + SSL *ssl; + struct request *rqs[MAX_REQUESTS]; + struct gqueue *replyq; + struct gqueue *rbios; /* for dtls */ + struct sockaddr *addr; + time_t expiry; /* for udp */ +}; + +struct server { + struct clsrvconf *conf; + int sock; + SSL *ssl; + pthread_mutex_t lock; + pthread_t clientth; + uint8_t clientrdgone; + struct timeval lastconnecttry; + struct timeval lastreply; + uint8_t connectionok; + uint8_t lostrqs; + uint8_t dynstartup; + char *dynamiclookuparg; + int nextid; + struct timeval lastrcv; + struct rqout *requests; + uint8_t newrq; + pthread_mutex_t newrq_mutex; + pthread_cond_t newrq_cond; + struct gqueue *rbios; /* for dtls */ +}; + +struct realm { + char *name; + char *message; + uint8_t accresp; + regex_t regex; + uint32_t refcount; + pthread_mutex_t mutex; + struct realm *parent; + struct list *subrealms; + struct list *srvconfs; + struct list *accsrvconfs; +}; + +struct modattr { + uint8_t t; + char *replacement; + regex_t *regex; +}; + +struct rewrite { + uint8_t *removeattrs; + uint32_t *removevendorattrs; + struct list *addattrs; + struct list *modattrs; +}; + +struct protodefs { + char *name; + char *secretdefault; + int socktype; + char *portdefault; + uint8_t retrycountdefault; + uint8_t retrycountmax; + uint8_t retryintervaldefault; + uint8_t retryintervalmax; + uint8_t duplicateintervaldefault; + void (*setprotoopts)(struct commonprotoopts *); + char **(*getlistenerargs)(); + void *(*listener)(void*); + int (*connecter)(struct server *, struct timeval *, int, char *); + void *(*clientconnreader)(void*); + int (*clientradput)(struct server *, unsigned char *); + void (*addclient)(struct client *); + void (*addserverextra)(struct clsrvconf *); + void (*setsrcres)(); + void (*initextra)(); +}; + +#define RADLEN(x) ntohs(((uint16_t *)(x))[1]) + +#define ATTRTYPE(x) ((x)[0]) +#define ATTRLEN(x) ((x)[1]) +#define ATTRVAL(x) ((x) + 2) +#define ATTRVALLEN(x) ((x)[1] - 2) + +struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); +struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); +struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur); +struct client *addclient(struct clsrvconf *conf, uint8_t lock); +void removelockedclient(struct client *client); +void removeclient(struct client *client); +struct gqueue *newqueue(); +void freebios(struct gqueue *q); +struct request *newrequest(); +void freerq(struct request *rq); +int radsrv(struct request *rq); +void replyh(struct server *server, unsigned char *buf); +struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/rsp_tlscommon.c b/lib/radsecproxy/tlscommon.c similarity index 98% rename from lib/rsp_tlscommon.c rename to lib/radsecproxy/tlscommon.c index 8ab1b13..002788d 100644 --- a/lib/rsp_tlscommon.c +++ b/lib/radsecproxy/tlscommon.c @@ -30,12 +30,12 @@ #include #include #include -#include "rsp_debug.h" -#include "rsp_list.h" -#include "rsp_hash.h" -#include "rsp_util.h" -#include "../hostport_types.h" -#include "../radsecproxy.h" +#include "debug.h" +#include "list.h" +#include "hash.h" +#include "util.h" +#include "hostport_types.h" +#include "radsecproxy.h" static struct hash *tlsconfs = NULL; diff --git a/lib/rsp_tlscommon.h b/lib/radsecproxy/tlscommon.h similarity index 100% rename from lib/rsp_tlscommon.h rename to lib/radsecproxy/tlscommon.h diff --git a/lib/radsecproxy/tlv11.h b/lib/radsecproxy/tlv11.h new file mode 100644 index 0000000..87909c0 --- /dev/null +++ b/lib/radsecproxy/tlv11.h @@ -0,0 +1,23 @@ +/* Copyright (c) 2008, UNINETT AS + * Copyright (c) 2010, NORDUnet A/S */ +/* See LICENSE for licensing information. */ + +struct tlv { + uint8_t t; + uint8_t l; + uint8_t *v; +}; + +struct tlv *maketlv(uint8_t, uint8_t, void *); +struct tlv *copytlv(struct tlv *); +void freetlv(struct tlv *); +int eqtlv(struct tlv *, struct tlv *); +struct list *copytlvlist(struct list *); +void freetlvlist(struct list *); +void rmtlv(struct list *, uint8_t); +uint8_t *tlv2str(struct tlv *tlv); +uint8_t *tlv2buf(uint8_t *, const struct tlv *tlv); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/rsp_util.c b/lib/radsecproxy/util.c similarity index 99% rename from lib/rsp_util.c rename to lib/radsecproxy/util.c index e18a978..ad974ac 100644 --- a/lib/rsp_util.c +++ b/lib/radsecproxy/util.c @@ -18,8 +18,8 @@ #include #include #include -#include "rsp_debug.h" -#include "rsp_util.h" +#include "debug.h" +#include "util.h" char *stringcopy(const char *s, int len) { char *r; diff --git a/lib/rsp_util.h b/lib/radsecproxy/util.h similarity index 100% rename from lib/rsp_util.h rename to lib/radsecproxy/util.h diff --git a/lib/tls.c b/lib/tls.c index acc2f91..a5040f4 100644 --- a/lib/tls.c +++ b/lib/tls.c @@ -14,8 +14,8 @@ #include #include -#include "rsp_list.h" -#include "../radsecproxy.h" +#include "radsecproxy/list.h" +#include "radsecproxy/radsecproxy.h" static struct tls * _get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm)