/*
- * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
+ * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*/
-#ifdef RADPROT_TLS
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <pthread.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
-#include "debug.h"
#include "list.h"
-#include "util.h"
+#include "hostport.h"
#include "radsecproxy.h"
+#ifdef RADPROT_TLS
+#include "debug.h"
+#include "util.h"
+
static void setprotoopts(struct commonprotoopts *opts);
static char **getlistenerargs();
void *tlslistener(void *arg);
void tlssetsrcres() {
if (!srcres)
- srcres = resolve_hostport_addrinfo(handle, protoopts ? protoopts->sourcearg : NULL);
-
+ srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype);
}
int tlsconnect(struct server *server, struct timeval *when, int timeout, char *text) {
X509 *cert;
SSL_CTX *ctx = NULL;
unsigned long error;
-
+
debug(DBG_DBG, "tlsconnect: called from %s", text);
pthread_mutex_lock(&server->lock);
if (when && memcmp(&server->lastconnecttry, when, sizeof(struct timeval))) {
sleep(60);
} else
server->lastconnecttry.tv_sec = now.tv_sec; /* no sleep at startup */
- debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->conf->host, server->conf->port);
+
if (server->sock >= 0)
close(server->sock);
- if ((server->sock = connecttcp(server->conf->addrinfo, srcres)) < 0) {
- debug(DBG_ERR, "tlsconnect: connecttcp failed");
+ if ((server->sock = connecttcphostlist(server->conf->hostports, srcres)) < 0)
continue;
- }
-
+
SSL_free(server->ssl);
server->ssl = NULL;
ctx = tlsgetctx(handle, server->conf->tlsconf);
}
X509_free(cert);
}
- debug(DBG_WARN, "tlsconnect: TLS connection to %s port %s up", server->conf->host, server->conf->port);
+ debug(DBG_WARN, "tlsconnect: TLS connection to %s up", server->conf->name);
server->connectionok = 1;
gettimeofday(&server->lastconnecttry, NULL);
pthread_mutex_unlock(&server->lock);
int s, ndesc, cnt, len;
fd_set readfds, writefds;
struct timeval timer;
-
+
s = SSL_get_fd(ssl);
if (s < 0)
return -1;
continue;
}
memcpy(rad, buf, 4);
-
+
cnt = sslreadtimeout(ssl, rad + 4, len - 4, timeout);
if (cnt < 1) {
debug(DBG_DBG, cnt ? "radtlsget: connection lost" : "radtlsget: timeout");
free(rad);
return NULL;
}
-
+
if (len >= 20)
break;
-
+
free(rad);
debug(DBG_WARN, "radtlsget: packet smaller than minimum radius size");
}
-
+
debug(DBG_DBG, "radtlsget: got %d bytes", len);
return rad;
}
return 0;
}
- debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->host);
+ debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name);
return 1;
}
struct server *server = (struct server *)arg;
unsigned char *buf;
struct timeval now, lastconnecttry;
-
+
for (;;) {
/* yes, lastconnecttry is really necessary */
lastconnecttry = server->lastconnecttry;
int cnt;
unsigned long error;
struct client *client = (struct client *)arg;
- struct queue *replyq;
+ struct gqueue *replyq;
struct request *reply;
-
+
debug(DBG_DBG, "tlsserverwr: starting for %s", addr2string(client->addr));
replyq = client->replyq;
for (;;) {
pthread_mutex_lock(&replyq->mutex);
while (!list_first(replyq->entries)) {
- if (client->ssl) {
+ if (client->ssl) {
debug(DBG_DBG, "tlsserverwr: waiting for signal");
pthread_cond_wait(&replyq->cond, &replyq->mutex);
debug(DBG_DBG, "tlsserverwr: got signal");
struct request *rq;
uint8_t *buf;
pthread_t tlsserverwrth;
-
+
debug(DBG_DBG, "tlsserverrd: starting for %s", addr2string(client->addr));
-
+
if (pthread_create(&tlsserverwrth, NULL, tlsserverwr, (void *)client)) {
debug(DBG_ERR, "tlsserverrd: pthread_create failed");
return;
break;
}
}
-
+
/* stop writer by setting ssl to NULL and give signal in case waiting for data */
client->ssl = NULL;
pthread_mutex_lock(&client->replyq->mutex);
if (!cert)
goto exit;
}
-
+
while (conf) {
if (verifyconfcert(cert, conf)) {
X509_free(cert);
if (cert)
X509_free(cert);
- exit:
+exit:
if (ssl) {
SSL_shutdown(ssl);
SSL_free(ssl);
return NULL;
}
#endif
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */
projects / radsecproxy.git / blobdiff