radsecproxy.h 6.33 KB
Newer Older
venaas's avatar
 
venaas committed
1
/*
2
 * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no>
Linus Nordberg's avatar
Linus Nordberg committed
3
 * Copyright (C) 2010,2011,2012 NORDUnet A/S
venaas's avatar
 
venaas committed
4 5 6 7 8 9
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 */

10 11 12 13 14
#include <sys/time.h>
#include <stdint.h>
#include <pthread.h>
#include <regex.h>
#include "list.h"
venaas's avatar
venaas committed
15 16
#include "tlv11.h"
#include "radmsg.h"
17
#include "gconfig.h"
venaas's avatar
venaas committed
18

19
#define DEBUG_LEVEL 2
venaas's avatar
venaas committed
20

21
#define CONFIG_MAIN SYSCONFDIR"/radsecproxy.conf"
venaas's avatar
venaas committed
22

venaas's avatar
venaas committed
23
/* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
venaas's avatar
 
venaas committed
24
#define MAX_REQUESTS 256
25
#define REQUEST_RETRY_INTERVAL 5
26
#define REQUEST_RETRY_COUNT 2
27
#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
28
#define MAX_CERT_DEPTH 5
29
#define STATUS_SERVER_PERIOD 25
30
#define IDLE_TIMEOUT 300
31
#define PTHREAD_STACK_SIZE 32768
venaas's avatar
 
venaas committed
32

33 34 35
/* 27262 is vendor DANTE Ltd. */
#define DEFAULT_TTL_ATTR "27262:1"

venaas's avatar
venaas committed
36 37
#define RAD_UDP 0
#define RAD_TLS 1
38
#define RAD_TCP 2
venaas's avatar
venaas committed
39
#define RAD_DTLS 3
venaas's avatar
venaas committed
40
#define RAD_PROTOCOUNT 4
venaas's avatar
venaas committed
41

42 43 44 45 46 47 48
enum rsp_fticks_reporting_type {
    RSP_FTICKS_REPORTING_NONE = 0, /* Default.  */
    RSP_FTICKS_REPORTING_BASIC,
    RSP_FTICKS_REPORTING_FULL
};

enum rsp_fticks_mac_type {
49
    RSP_FTICKS_MAC_STATIC = 0,
50 51
    RSP_FTICKS_MAC_ORIGINAL,
    RSP_FTICKS_MAC_VENDOR_HASHED,
52
    RSP_FTICKS_MAC_VENDOR_KEY_HASHED, /* Default.  */
53 54 55 56
    RSP_FTICKS_MAC_FULLY_HASHED,
    RSP_FTICKS_MAC_FULLY_KEY_HASHED
};

57
struct options {
Linus Nordberg's avatar
Linus Nordberg committed
58
    char *pidfile;
59
    char *logdestination;
60
    char *ftickssyslogfacility;
61 62 63
    char *ttlattr;
    uint32_t ttlattrtype[2];
    uint8_t addttl;
64
    uint8_t loglevel;
venaas's avatar
venaas committed
65
    uint8_t loopprevention;
66 67
    enum rsp_fticks_reporting_type fticks_reporting;
    enum rsp_fticks_mac_type fticks_mac;
68
    uint8_t *fticks_key;
69 70
    uint8_t ipv4only;
    uint8_t ipv6only;
71
};
venaas's avatar
venaas committed
72

venaas's avatar
venaas committed
73 74 75 76 77
struct commonprotoopts {
    char **listenargs;
    char *sourcearg;
};

venaas's avatar
 
venaas committed
78
struct request {
79
    struct timeval created;
80
    uint32_t refcount;
venaas's avatar
venaas committed
81
    uint8_t *buf, *replybuf;
venaas's avatar
venaas committed
82
    struct radmsg *msg;
83
    struct client *from;
84
    struct server *to;
venaas's avatar
venaas committed
85
    char *origusername;
86 87
    uint8_t rqid;
    uint8_t rqauth[16];
88
    uint8_t newid;
venaas's avatar
venaas committed
89 90
    int udpsock; /* only for UDP */
    uint16_t udpport; /* only for UDP */
91 92 93 94
};

/* requests that our client will send */
struct rqout {
venaas's avatar
venaas committed
95
    pthread_mutex_t *lock;
96
    struct request *rq;
venaas's avatar
 
venaas committed
97
    uint8_t tries;
98
    struct timeval expiry;
venaas's avatar
 
venaas committed
99 100
};

101
struct gqueue {
102
    struct list *entries;
103 104
    pthread_mutex_t mutex;
    pthread_cond_t cond;
venaas's avatar
 
venaas committed
105 106
};

107
struct clsrvconf {
108
    char *name;
109 110
    uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
    const struct protodefs *pdef;
111
    char **hostsrc;
112
    int hostaf;
113 114
    char *portsrc;
    struct list *hostports;
115
    char *secret;
116 117
    char *tls;
    char *matchcertattr;
venaas's avatar
venaas committed
118
    regex_t *certcnregex;
119
    regex_t *certuriregex;
venaas's avatar
venaas committed
120 121
    char *confrewritein;
    char *confrewriteout;
122 123
    char *confrewriteusername;
    struct modattr *rewriteusername;
124
    char *dynamiclookupcommand;
125
    uint8_t statusserver;
126
    uint8_t retryinterval;
127
    uint8_t retrycount;
128
    uint8_t dupinterval;
129
    uint8_t certnamecheck;
venaas's avatar
venaas committed
130
    uint8_t addttl;
131
    uint8_t loopprevention;
venaas's avatar
venaas committed
132 133
    struct rewrite *rewritein;
    struct rewrite *rewriteout;
134
    pthread_mutex_t *lock; /* only used for updating clients so far */
135
    struct tls *tlsconf;
136
    struct list *clients;
137
    struct server *servers;
138
    char *fticks_viscountry;
139
    char *fticks_visinst;
venaas's avatar
venaas committed
140 141
};

142 143
#include "tlscommon.h"

venaas's avatar
venaas committed
144
struct client {
145
    struct clsrvconf *conf;
146
    int sock;
147
    SSL *ssl;
148
    struct request *rqs[MAX_REQUESTS];
149 150
    struct gqueue *replyq;
    struct gqueue *rbios; /* for dtls */
151
    struct sockaddr *addr;
venaas's avatar
venaas committed
152
    time_t expiry; /* for udp */
153 154 155
};

struct server {
156
    struct clsrvconf *conf;
157
    int sock;
158
    SSL *ssl;
venaas's avatar
 
venaas committed
159 160
    pthread_mutex_t lock;
    pthread_t clientth;
161
    uint8_t clientrdgone;
venaas's avatar
venaas committed
162
    struct timeval lastconnecttry;
163
    struct timeval lastreply;
venaas's avatar
venaas committed
164
    uint8_t connectionok;
165
    uint8_t lostrqs;
166
    uint8_t dynstartup;
167
    uint8_t dynfailing;
168 169 170
#if defined ENABLE_EXPERIMENTAL_DYNDISC
    uint8_t in_use;
#endif
171
    char *dynamiclookuparg;
venaas's avatar
venaas committed
172
    int nextid;
173
    struct timeval lastrcv;
174
    struct rqout *requests;
venaas's avatar
 
venaas committed
175 176 177
    uint8_t newrq;
    pthread_mutex_t newrq_mutex;
    pthread_cond_t newrq_cond;
178
    struct gqueue *rbios; /* for dtls */
venaas's avatar
 
venaas committed
179 180
};

181 182
struct realm {
    char *name;
venaas's avatar
venaas committed
183
    char *message;
184
    uint8_t accresp;
venaas's avatar
venaas committed
185
    regex_t regex;
186
    uint32_t refcount;
187
    pthread_mutex_t refmutex;
188 189
    pthread_mutex_t mutex;
    struct realm *parent;
190
    struct list *subrealms;
191
    struct list *srvconfs;
192
    struct list *accsrvconfs;
193 194
};

195 196 197 198 199 200
struct modattr {
    uint8_t t;
    char *replacement;
    regex_t *regex;
};

201 202
struct rewrite {
    uint8_t *removeattrs;
venaas's avatar
venaas committed
203
    uint32_t *removevendorattrs;
204
    struct list *addattrs;
205
    struct list *modattrs;
venaas's avatar
venaas committed
206 207
};

208
struct protodefs {
209 210
    char *name;
    char *secretdefault;
venaas's avatar
venaas committed
211
    int socktype;
venaas's avatar
venaas committed
212
    char *portdefault;
213 214 215 216
    uint8_t retrycountdefault;
    uint8_t retrycountmax;
    uint8_t retryintervaldefault;
    uint8_t retryintervalmax;
217
    uint8_t duplicateintervaldefault;
venaas's avatar
venaas committed
218 219
    void (*setprotoopts)(struct commonprotoopts *);
    char **(*getlistenerargs)();
220
    void *(*listener)(void*);
venaas's avatar
venaas committed
221
    int (*connecter)(struct server *, struct timeval *, int, char *);
venaas's avatar
venaas committed
222
    void *(*clientconnreader)(void*);
venaas's avatar
venaas committed
223
    int (*clientradput)(struct server *, unsigned char *);
venaas's avatar
venaas committed
224 225
    void (*addclient)(struct client *);
    void (*addserverextra)(struct clsrvconf *);
venaas's avatar
venaas committed
226
    void (*setsrcres)();
venaas's avatar
venaas committed
227
    void (*initextra)();
228 229
};

venaas's avatar
venaas committed
230 231
#define RADLEN(x) ntohs(((uint16_t *)(x))[1])

232 233 234 235 236
#define ATTRTYPE(x) ((x)[0])
#define ATTRLEN(x) ((x)[1])
#define ATTRVAL(x) ((x) + 2)
#define ATTRVALLEN(x) ((x)[1] - 2)

venaas's avatar
venaas committed
237 238
struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
venaas's avatar
venaas committed
239
struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
240
struct client *addclient(struct clsrvconf *conf, uint8_t lock);
venaas's avatar
venaas committed
241
void removelockedclient(struct client *client);
venaas's avatar
venaas committed
242
void removeclient(struct client *client);
243 244
struct gqueue *newqueue();
void freebios(struct gqueue *q);
245 246
struct request *newrequest();
void freerq(struct request *rq);
venaas's avatar
venaas committed
247
int radsrv(struct request *rq);
venaas's avatar
venaas committed
248
void replyh(struct server *server, unsigned char *buf);
venaas's avatar
venaas committed
249
struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
250
uint8_t *radattr2ascii(struct tlv *attr);
251
pthread_attr_t pthread_attr;
252 253 254 255

/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */