radsecproxy.h 6.04 KB
Newer Older
venaas's avatar
 
venaas committed
1
/*
2
 * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no>
Linus Nordberg's avatar
Linus Nordberg committed
3
 * Copyright (C) 2010,2011 NORDUnet A/S
venaas's avatar
 
venaas committed
4
5
6
7
8
9
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 */

10
11
12
13
14
#include <sys/time.h>
#include <stdint.h>
#include <pthread.h>
#include <regex.h>
#include "list.h"
venaas's avatar
venaas committed
15
16
#include "tlv11.h"
#include "radmsg.h"
17
#include "gconfig.h"
venaas's avatar
venaas committed
18

19
#define DEBUG_LEVEL 2
venaas's avatar
venaas committed
20

21
#define CONFIG_MAIN "/etc/radsecproxy.conf"
venaas's avatar
venaas committed
22

venaas's avatar
venaas committed
23
/* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
venaas's avatar
 
venaas committed
24
#define MAX_REQUESTS 256
25
#define REQUEST_RETRY_INTERVAL 5
26
#define REQUEST_RETRY_COUNT 2
27
#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
28
#define MAX_CERT_DEPTH 5
29
#define STATUS_SERVER_PERIOD 25
30
#define IDLE_TIMEOUT 300
venaas's avatar
 
venaas committed
31

32
33
34
/* 27262 is vendor DANTE Ltd. */
#define DEFAULT_TTL_ATTR "27262:1"

venaas's avatar
venaas committed
35
36
#define RAD_UDP 0
#define RAD_TLS 1
venaas's avatar
venaas committed
37
#define RAD_TCP 2
venaas's avatar
venaas committed
38
#define RAD_DTLS 3
venaas's avatar
venaas committed
39
#define RAD_PROTOCOUNT 4
venaas's avatar
venaas committed
40

41
42
43
44
45
46
47
enum rsp_fticks_reporting_type {
    RSP_FTICKS_REPORTING_NONE = 0, /* Default.  */
    RSP_FTICKS_REPORTING_BASIC,
    RSP_FTICKS_REPORTING_FULL
};

enum rsp_fticks_mac_type {
48
    RSP_FTICKS_MAC_STATIC = 0,
49
50
    RSP_FTICKS_MAC_ORIGINAL,
    RSP_FTICKS_MAC_VENDOR_HASHED,
51
    RSP_FTICKS_MAC_VENDOR_KEY_HASHED, /* Default.  */
52
53
54
55
    RSP_FTICKS_MAC_FULLY_HASHED,
    RSP_FTICKS_MAC_FULLY_KEY_HASHED
};

56
struct options {
57
    char *logdestination;
58
    char *ftickssyslogfacility;
59
60
61
    char *ttlattr;
    uint32_t ttlattrtype[2];
    uint8_t addttl;
62
    uint8_t loglevel;
venaas's avatar
venaas committed
63
    uint8_t loopprevention;
64
65
    enum rsp_fticks_reporting_type fticks_reporting;
    enum rsp_fticks_mac_type fticks_mac;
Linus Nordberg's avatar
Linus Nordberg committed
66
    uint8_t *fticks_key;
67
};
venaas's avatar
venaas committed
68

venaas's avatar
venaas committed
69
70
71
72
73
struct commonprotoopts {
    char **listenargs;
    char *sourcearg;
};

venaas's avatar
 
venaas committed
74
struct request {
75
    struct timeval created;
76
    uint32_t refcount;
venaas's avatar
venaas committed
77
    uint8_t *buf, *replybuf;
venaas's avatar
venaas committed
78
    struct radmsg *msg;
79
    struct client *from;
80
    struct server *to;
venaas's avatar
venaas committed
81
    char *origusername;
82
83
    uint8_t rqid;
    uint8_t rqauth[16];
84
    uint8_t newid;
venaas's avatar
venaas committed
85
86
    int udpsock; /* only for UDP */
    uint16_t udpport; /* only for UDP */
87
88
89
90
};

/* requests that our client will send */
struct rqout {
venaas's avatar
venaas committed
91
    pthread_mutex_t *lock;
92
    struct request *rq;
venaas's avatar
 
venaas committed
93
    uint8_t tries;
94
    struct timeval expiry;
venaas's avatar
 
venaas committed
95
96
};

97
struct gqueue {
98
    struct list *entries;
99
100
    pthread_mutex_t mutex;
    pthread_cond_t cond;
venaas's avatar
 
venaas committed
101
102
};

venaas's avatar
venaas committed
103
struct clsrvconf {
104
    char *name;
venaas's avatar
venaas committed
105
106
    uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
    const struct protodefs *pdef;
107
    char **hostsrc;
108
109
    char *portsrc;
    struct list *hostports;
110
    char *secret;
111
112
    char *tls;
    char *matchcertattr;
venaas's avatar
venaas committed
113
    regex_t *certcnregex;
114
    regex_t *certuriregex;
venaas's avatar
venaas committed
115
116
    char *confrewritein;
    char *confrewriteout;
117
118
    char *confrewriteusername;
    struct modattr *rewriteusername;
venaas's avatar
venaas committed
119
    char *dynamiclookupcommand;
venaas's avatar
venaas committed
120
    uint8_t statusserver;
121
    uint8_t retryinterval;
122
    uint8_t retrycount;
123
    uint8_t dupinterval;
124
    uint8_t certnamecheck;
venaas's avatar
venaas committed
125
    uint8_t addttl;
126
    uint8_t loopprevention;
venaas's avatar
venaas committed
127
128
    struct rewrite *rewritein;
    struct rewrite *rewriteout;
129
    pthread_mutex_t *lock; /* only used for updating clients so far */
130
    struct tls *tlsconf;
131
    struct list *clients;
venaas's avatar
venaas committed
132
    struct server *servers;
133
    char *fticks_viscountry;
venaas's avatar
venaas committed
134
135
};

136
137
#include "tlscommon.h"

venaas's avatar
venaas committed
138
struct client {
venaas's avatar
venaas committed
139
    struct clsrvconf *conf;
140
    int sock;
venaas's avatar
venaas committed
141
    SSL *ssl;
142
    struct request *rqs[MAX_REQUESTS];
143
144
    struct gqueue *replyq;
    struct gqueue *rbios; /* for dtls */
145
    struct sockaddr *addr;
venaas's avatar
venaas committed
146
    time_t expiry; /* for udp */
147
148
149
};

struct server {
venaas's avatar
venaas committed
150
    struct clsrvconf *conf;
151
    int sock;
venaas's avatar
venaas committed
152
    SSL *ssl;
venaas's avatar
 
venaas committed
153
154
    pthread_mutex_t lock;
    pthread_t clientth;
155
    uint8_t clientrdgone;
venaas's avatar
venaas committed
156
    struct timeval lastconnecttry;
157
    struct timeval lastreply;
venaas's avatar
venaas committed
158
    uint8_t connectionok;
159
    uint8_t lostrqs;
160
    uint8_t dynstartup;
161
    char *dynamiclookuparg;
venaas's avatar
venaas committed
162
    int nextid;
163
    struct timeval lastrcv;
164
    struct rqout *requests;
venaas's avatar
 
venaas committed
165
166
167
    uint8_t newrq;
    pthread_mutex_t newrq_mutex;
    pthread_cond_t newrq_cond;
168
    struct gqueue *rbios; /* for dtls */
venaas's avatar
 
venaas committed
169
170
};

171
172
struct realm {
    char *name;
venaas's avatar
venaas committed
173
    char *message;
174
    uint8_t accresp;
venaas's avatar
venaas committed
175
    regex_t regex;
176
177
178
    uint32_t refcount;
    pthread_mutex_t mutex;
    struct realm *parent;
venaas's avatar
venaas committed
179
    struct list *subrealms;
180
    struct list *srvconfs;
181
    struct list *accsrvconfs;
182
183
};

184
185
186
187
188
189
struct modattr {
    uint8_t t;
    char *replacement;
    regex_t *regex;
};

190
191
struct rewrite {
    uint8_t *removeattrs;
venaas's avatar
venaas committed
192
    uint32_t *removevendorattrs;
venaas's avatar
venaas committed
193
    struct list *addattrs;
194
    struct list *modattrs;
venaas's avatar
venaas committed
195
196
};

197
struct protodefs {
venaas's avatar
venaas committed
198
199
    char *name;
    char *secretdefault;
venaas's avatar
venaas committed
200
    int socktype;
venaas's avatar
venaas committed
201
    char *portdefault;
202
203
204
205
    uint8_t retrycountdefault;
    uint8_t retrycountmax;
    uint8_t retryintervaldefault;
    uint8_t retryintervalmax;
206
    uint8_t duplicateintervaldefault;
venaas's avatar
venaas committed
207
208
    void (*setprotoopts)(struct commonprotoopts *);
    char **(*getlistenerargs)();
209
    void *(*listener)(void*);
venaas's avatar
venaas committed
210
    int (*connecter)(struct server *, struct timeval *, int, char *);
venaas's avatar
venaas committed
211
    void *(*clientconnreader)(void*);
venaas's avatar
venaas committed
212
    int (*clientradput)(struct server *, unsigned char *);
venaas's avatar
venaas committed
213
214
    void (*addclient)(struct client *);
    void (*addserverextra)(struct clsrvconf *);
venaas's avatar
venaas committed
215
    void (*setsrcres)();
venaas's avatar
venaas committed
216
    void (*initextra)();
217
218
};

venaas's avatar
venaas committed
219
220
#define RADLEN(x) ntohs(((uint16_t *)(x))[1])

venaas's avatar
venaas committed
221
222
223
224
225
#define ATTRTYPE(x) ((x)[0])
#define ATTRLEN(x) ((x)[1])
#define ATTRVAL(x) ((x) + 2)
#define ATTRVALLEN(x) ((x)[1] - 2)

venaas's avatar
venaas committed
226
227
struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
venaas's avatar
venaas committed
228
struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
229
struct client *addclient(struct clsrvconf *conf, uint8_t lock);
venaas's avatar
venaas committed
230
void removelockedclient(struct client *client);
venaas's avatar
venaas committed
231
void removeclient(struct client *client);
232
233
struct gqueue *newqueue();
void freebios(struct gqueue *q);
234
235
struct request *newrequest();
void freerq(struct request *rq);
venaas's avatar
venaas committed
236
int radsrv(struct request *rq);
venaas's avatar
venaas committed
237
void replyh(struct server *server, unsigned char *buf);
venaas's avatar
venaas committed
238
struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
239
uint8_t *radattr2ascii(struct tlv *attr);
240
241
242
243

/* Local Variables: */
/* c-file-style: "stroustrup" */
/* End: */