radsecproxy.h 5.19 KB
Newer Older
venaas's avatar
 
venaas committed
1
/*
2
 * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
venaas's avatar
 
venaas committed
3 4 5 6 7 8
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 */

venaas's avatar
venaas committed
9 10
#include "tlv11.h"
#include "radmsg.h"
11
#include "gconfig.h"
venaas's avatar
venaas committed
12

venaas's avatar
venaas committed
13
#define DEBUG_LEVEL 3
venaas's avatar
venaas committed
14

15
#define CONFIG_MAIN "/etc/radsecproxy.conf"
venaas's avatar
venaas committed
16

venaas's avatar
venaas committed
17
/* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
venaas's avatar
 
venaas committed
18
#define MAX_REQUESTS 256
19
#define REQUEST_RETRY_INTERVAL 5
20
#define REQUEST_RETRY_COUNT 2
21
#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
22
#define MAX_CERT_DEPTH 5
23
#define STATUS_SERVER_PERIOD 25
24
#define IDLE_TIMEOUT 300
venaas's avatar
 
venaas committed
25

26 27 28
/* 27262 is vendor DANTE Ltd. */
#define DEFAULT_TTL_ATTR "27262:1"

venaas's avatar
venaas committed
29 30
#define RAD_UDP 0
#define RAD_TLS 1
venaas's avatar
venaas committed
31
#define RAD_TCP 2
venaas's avatar
venaas committed
32
#define RAD_DTLS 3
venaas's avatar
venaas committed
33
#define RAD_PROTOCOUNT 4
venaas's avatar
venaas committed
34

35
struct options {
36
    char *logdestination;
37 38 39
    char *ttlattr;
    uint32_t ttlattrtype[2];
    uint8_t addttl;
40
    uint8_t loglevel;
venaas's avatar
venaas committed
41
    uint8_t loopprevention;
42
};
venaas's avatar
venaas committed
43

venaas's avatar
venaas committed
44 45 46 47 48
struct commonprotoopts {
    char **listenargs;
    char *sourcearg;
};

venaas's avatar
 
venaas committed
49
struct request {
50
    struct timeval created;
51
    uint32_t refcount;
venaas's avatar
venaas committed
52
    uint8_t *buf, *replybuf;
venaas's avatar
venaas committed
53
    struct radmsg *msg;
54
    struct client *from;
55
    struct server *to;
venaas's avatar
venaas committed
56
    char *origusername;
57 58
    uint8_t rqid;
    uint8_t rqauth[16];
59
    uint8_t newid;
venaas's avatar
venaas committed
60 61
    int udpsock; /* only for UDP */
    uint16_t udpport; /* only for UDP */
62 63 64 65
};

/* requests that our client will send */
struct rqout {
venaas's avatar
venaas committed
66
    pthread_mutex_t *lock;
67
    struct request *rq;
venaas's avatar
 
venaas committed
68
    uint8_t tries;
69
    struct timeval expiry;
venaas's avatar
 
venaas committed
70 71
};

72 73
struct queue {
    struct list *entries;
74 75
    pthread_mutex_t mutex;
    pthread_cond_t cond;
venaas's avatar
 
venaas committed
76 77
};

venaas's avatar
venaas committed
78
struct clsrvconf {
79
    char *name;
venaas's avatar
venaas committed
80 81
    uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
    const struct protodefs *pdef;
venaas's avatar
 
venaas committed
82 83
    char *host;
    char *port;
84
    char *secret;
85 86
    char *tls;
    char *matchcertattr;
venaas's avatar
venaas committed
87
    regex_t *certcnregex;
88
    regex_t *certuriregex;
venaas's avatar
venaas committed
89 90
    char *confrewritein;
    char *confrewriteout;
91 92
    char *confrewriteusername;
    struct modattr *rewriteusername;
venaas's avatar
venaas committed
93
    char *dynamiclookupcommand;
venaas's avatar
venaas committed
94
    uint8_t statusserver;
95
    uint8_t retryinterval;
96
    uint8_t retrycount;
97
    uint8_t dupinterval;
98
    uint8_t certnamecheck;
venaas's avatar
venaas committed
99
    uint8_t addttl;
venaas's avatar
venaas committed
100 101
    struct rewrite *rewritein;
    struct rewrite *rewriteout;
102
    struct addrinfo *addrinfo;
103
    uint8_t prefixlen;
104
    pthread_mutex_t *lock; /* only used for updating clients so far */
105
    struct tls *tlsconf;
106
    struct list *clients;
venaas's avatar
venaas committed
107
    struct server *servers;
venaas's avatar
venaas committed
108 109
};

110 111
#include "tlscommon.h"

venaas's avatar
venaas committed
112
struct client {
venaas's avatar
venaas committed
113
    struct clsrvconf *conf;
114
    int sock;
venaas's avatar
venaas committed
115
    SSL *ssl;
116
    struct request *rqs[MAX_REQUESTS];
117 118
    struct queue *replyq;
    struct queue *rbios; /* for dtls */
119
    struct sockaddr *addr;
venaas's avatar
venaas committed
120
    time_t expiry; /* for udp */
121 122 123
};

struct server {
venaas's avatar
venaas committed
124
    struct clsrvconf *conf;
125
    int sock;
venaas's avatar
venaas committed
126
    SSL *ssl;
venaas's avatar
 
venaas committed
127 128
    pthread_mutex_t lock;
    pthread_t clientth;
129
    uint8_t clientrdgone;
venaas's avatar
venaas committed
130
    struct timeval lastconnecttry;
131
    struct timeval lastreply;
venaas's avatar
venaas committed
132
    uint8_t connectionok;
133
    uint8_t lostrqs;
134
    char *dynamiclookuparg;
venaas's avatar
venaas committed
135
    int nextid;
136
    struct timeval lastrcv;
137
    struct rqout *requests;
venaas's avatar
 
venaas committed
138 139 140
    uint8_t newrq;
    pthread_mutex_t newrq_mutex;
    pthread_cond_t newrq_cond;
141
    struct queue *rbios; /* for dtls */
venaas's avatar
 
venaas committed
142 143
};

144 145
struct realm {
    char *name;
venaas's avatar
venaas committed
146
    char *message;
147
    uint8_t accresp;
venaas's avatar
venaas committed
148
    regex_t regex;
149 150 151
    uint32_t refcount;
    pthread_mutex_t mutex;
    struct realm *parent;
venaas's avatar
venaas committed
152
    struct list *subrealms;
153
    struct list *srvconfs;
154
    struct list *accsrvconfs;
155 156
};

157 158 159 160 161 162
struct modattr {
    uint8_t t;
    char *replacement;
    regex_t *regex;
};

163 164
struct rewrite {
    uint8_t *removeattrs;
venaas's avatar
venaas committed
165
    uint32_t *removevendorattrs;
venaas's avatar
venaas committed
166
    struct list *addattrs;
167
    struct list *modattrs;
venaas's avatar
venaas committed
168 169
};

170
struct protodefs {
venaas's avatar
venaas committed
171 172
    char *name;
    char *secretdefault;
venaas's avatar
venaas committed
173
    int socktype;
venaas's avatar
venaas committed
174
    char *portdefault;
175 176 177 178
    uint8_t retrycountdefault;
    uint8_t retrycountmax;
    uint8_t retryintervaldefault;
    uint8_t retryintervalmax;
179
    uint8_t duplicateintervaldefault;
venaas's avatar
venaas committed
180 181
    void (*setprotoopts)(struct commonprotoopts *);
    char **(*getlistenerargs)();
182
    void *(*listener)(void*);
venaas's avatar
venaas committed
183
    int (*connecter)(struct server *, struct timeval *, int, char *);
venaas's avatar
venaas committed
184
    void *(*clientconnreader)(void*);
venaas's avatar
venaas committed
185
    int (*clientradput)(struct server *, unsigned char *);
venaas's avatar
venaas committed
186 187
    void (*addclient)(struct client *);
    void (*addserverextra)(struct clsrvconf *);
venaas's avatar
venaas committed
188
    void (*setsrcres)();
venaas's avatar
venaas committed
189
    void (*initextra)();
190 191
};

venaas's avatar
venaas committed
192 193
#define RADLEN(x) ntohs(((uint16_t *)(x))[1])

venaas's avatar
venaas committed
194 195 196 197 198
#define ATTRTYPE(x) ((x)[0])
#define ATTRLEN(x) ((x)[1])
#define ATTRVAL(x) ((x) + 2)
#define ATTRVALLEN(x) ((x)[1] - 2)

venaas's avatar
venaas committed
199 200
struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
venaas's avatar
venaas committed
201
struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
202
struct client *addclient(struct clsrvconf *conf, uint8_t lock);
venaas's avatar
venaas committed
203
void removelockedclient(struct client *client);
venaas's avatar
venaas committed
204
void removeclient(struct client *client);
venaas's avatar
venaas committed
205
struct queue *newqueue();
206
void freebios(struct queue *q);
207 208
struct request *newrequest();
void freerq(struct request *rq);
venaas's avatar
venaas committed
209
int radsrv(struct request *rq);
venaas's avatar
venaas committed
210
void replyh(struct server *server, unsigned char *buf);
venaas's avatar
venaas committed
211
struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);