configured explicitly. This was implemented by Maja
Gorecka-Wolniewicz and Paweł Gołaszewski. (RADSECPROXY-29)
- Add config option PidFile. (RADSECPROXY-32)
+ - Preliminary support for DynamicLookupCommand. It's for TLS
+ servers only at this point. Also, beware of risks for memory
+ leaks.
Bug fixes:
- Stop the autoconfery from warning about defining variables
conditionally and unconditionally.
- Honour configure option --sysconfdir. (RADSECPROXY-31)
- Other bugs. (RADSECPROXY-26, -28, -34, -35, -39)
+ - Don't crash on failing DynamicLookupCommand scripts.
+ - When a DynamicLookupCommand script is failing, fall back to
+ other server(s) in the realm. The timeout depends on the kind of
+ failure.
2011-10-08 1.5
New features:
#include <libgen.h>
#include <pthread.h>
#include <errno.h>
+#include <assert.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/err.h>
server = (struct clsrvconf *)entry->data;
if (!server->servers)
return server;
+ if (server->servers->dynfailing)
+ continue;
if (!first)
first = server;
if (!server->servers->connectionok && !server->servers->dynstartup)
pthread_mutex_unlock(&(*realm)->mutex);
freerealm(*realm);
*realm = subrealm;
+ debug(DBG_DBG, "added realm: %s", (*realm)->name);
srvconf = choosesrvconf(acc ? (*realm)->accsrvconfs : (*realm)->srvconfs);
+ debug(DBG_DBG, "found conf for new realm: %s", srvconf->name);
}
}
- if (srvconf)
+ if (srvconf) {
+ debug(DBG_DBG, "found matching conf: %s", srvconf->name);
server = srvconf->servers;
+ }
exit:
free(id);
conf = server->conf;
+#define ZZZ 60
+
if (server->dynamiclookuparg && !dynamicconfig(server)) {
dynconffail = 1;
server->dynstartup = 0;
- sleep(900);
+ server->dynfailing = 1;
+ debug(DBG_WARN, "%s: dynamicconfig(%s) failed, sleeping %ds",
+ __func__, server->conf->name, ZZZ);
+ sleep(ZZZ);
goto errexit;
}
+ /* FIXME: Is resolving not always done by compileserverconfig(),
+ * either as part of static configuration setup or by
+ * dynamicconfig() above? */
if (!resolvehostports(conf->hostports, conf->pdef->socktype)) {
- debug(DBG_WARN, "clientwr: resolve failed");
- server->dynstartup = 0;
- sleep(900);
- goto errexit;
+ debug(DBG_WARN, "%s: resolve failed, sleeping %ds", __func__, ZZZ);
+ sleep(ZZZ);
+ goto errexit;
}
memset(&timeout, 0, sizeof(struct timespec));
if (conf->pdef->connecter) {
if (!conf->pdef->connecter(server, NULL, server->dynamiclookuparg ? 5 : 0, "clientwr")) {
if (server->dynamiclookuparg) {
- server->dynstartup = 0;
- sleep(900);
+ server->dynstartup = 0;
+ server->dynfailing = 1;
+ debug(DBG_WARN, "%s: connect failed, sleeping %ds",
+ __func__, ZZZ);
+ sleep(ZZZ);
}
goto errexit;
}
debug(DBG_ERR, "malloc failed");
continue;
}
+ debug(DBG_DBG, "%s: copying config %s", __func__, conf->name);
*srvconf = *conf;
+ /* Shallow copy -- sharing all the pointers. addserver()
+ * will take care of servers (which btw has to be NUL) but
+ * the rest of them are shared with the config found in
+ * the srvconfs list. */
if (addserver(srvconf)) {
srvconf->servers->dynamiclookuparg = stringcopy(realm->name, 0);
srvconf->servers->dynstartup = 1;
+ debug(DBG_DBG, "%s: new client writer for %s",
+ __func__, srvconf->servers->conf->name);
if (pthread_create(&clientth, NULL, clientwr, (void *)(srvconf->servers))) {
debugerrno(errno, DBG_ERR, "pthread_create failed");
freeserver(srvconf->servers, 1);
}
if (status) {
- if (WEXITSTATUS(status) == 10) {
- debug(DBG_INFO, "dynamicconfig: command signals empty config");
- }
- else {
- debug(DBG_INFO, "dynamicconfig: command exited with status %d",
- WEXITSTATUS(status));
- goto errexit;
- }
+ debug(DBG_INFO, "dynamicconfig: command exited with status %d",
+ WEXITSTATUS(status));
+ goto errexit;
}
if (ok)
}
void freeclsrvconf(struct clsrvconf *conf) {
+ assert(conf);
+ assert(conf->name);
+ debug(DBG_DBG, "%s: freeing %p (%s)", __func__, conf, conf->name);
free(conf->name);
if (conf->hostsrc)
freegconfmstr(conf->hostsrc);