Commit 0a919095 authored by venaas's avatar venaas Committed by venaas
Browse files

starting to generalise transport support, renamed delay to interval

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@315 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 2bf81d82
...@@ -87,6 +87,21 @@ void freerealm(struct realm *realm); ...@@ -87,6 +87,21 @@ void freerealm(struct realm *realm);
void freeclsrvconf(struct clsrvconf *conf); void freeclsrvconf(struct clsrvconf *conf);
void freerqdata(struct request *rq); void freerqdata(struct request *rq);
static const struct protodefs protodefs[] = {
{ /* UDP, assuming RAD_UDP defined as 0 */
REQUEST_RETRY_COUNT, /* retrycountdefault */
10, /* retrycountmax */
REQUEST_RETRY_INTERVAL, /* retryintervaldefault */
60 /* retryintervalmax */
},
{ /* TLS, assuming RAD_TLS defined as 1 */
0, /* retrycountdefault */
0, /* retrycountmax */
REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT, /* retryintervaldefault */
60 /* retryintervalmax */
}
};
/* callbacks for making OpenSSL thread safe */ /* callbacks for making OpenSSL thread safe */
unsigned long ssl_thread_id() { unsigned long ssl_thread_id() {
return (unsigned long)pthread_self(); return (unsigned long)pthread_self();
...@@ -2460,8 +2475,7 @@ void *clientwr(void *arg) { ...@@ -2460,8 +2475,7 @@ void *clientwr(void *arg) {
continue; continue;
} }
if (rq->tries == (*rq->buf == RAD_Status_Server || conf->type != RAD_UDP if (rq->tries == (*rq->buf == RAD_Status_Server ? 1 : conf->retrycount + 1)) {
? 1 : conf->retrycount + 1)) {
debug(DBG_DBG, "clientwr: removing expired packet from queue"); debug(DBG_DBG, "clientwr: removing expired packet from queue");
if (conf->statusserver) { if (conf->statusserver) {
if (*rq->buf == RAD_Status_Server) { if (*rq->buf == RAD_Status_Server) {
...@@ -2482,9 +2496,7 @@ void *clientwr(void *arg) { ...@@ -2482,9 +2496,7 @@ void *clientwr(void *arg) {
} }
pthread_mutex_unlock(&server->newrq_mutex); pthread_mutex_unlock(&server->newrq_mutex);
rq->expiry.tv_sec = now.tv_sec + rq->expiry.tv_sec = now.tv_sec + conf->retryinterval;
(*rq->buf == RAD_Status_Server || conf->type != RAD_UDP
? conf->retrydelay * (conf->retrycount + 1) : conf->retrydelay);
if (!timeout.tv_sec || rq->expiry.tv_sec < timeout.tv_sec) if (!timeout.tv_sec || rq->expiry.tv_sec < timeout.tv_sec)
timeout.tv_sec = rq->expiry.tv_sec; timeout.tv_sec = rq->expiry.tv_sec;
rq->tries++; rq->tries++;
...@@ -3417,8 +3429,8 @@ int mergesrvconf(struct clsrvconf *dst, struct clsrvconf *src) { ...@@ -3417,8 +3429,8 @@ int mergesrvconf(struct clsrvconf *dst, struct clsrvconf *src) {
return 0; return 0;
dst->statusserver = src->statusserver; dst->statusserver = src->statusserver;
dst->certnamecheck = src->certnamecheck; dst->certnamecheck = src->certnamecheck;
if (src->retrydelay != 255) if (src->retryinterval != 255)
dst->retrydelay = src->retrydelay; dst->retryinterval = src->retryinterval;
if (src->retrycount != 255) if (src->retrycount != 255)
dst->retrycount = src->retrycount; dst->retrycount = src->retrycount;
return 1; return 1;
...@@ -3505,10 +3517,10 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { ...@@ -3505,10 +3517,10 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) {
break; break;
} }
if (conf->retrydelay == 255) if (conf->retryinterval == 255)
conf->retrydelay = REQUEST_RETRY_DELAY; conf->retryinterval = protodefs[conf->type].retryintervaldefault;
if (conf->retrycount == 255) if (conf->retrycount == 255)
conf->retrycount = REQUEST_RETRY_COUNT; conf->retrycount = protodefs[conf->type].retrycountdefault;
conf->rewrite = conf->confrewrite ? getrewrite(conf->confrewrite, NULL) : getrewrite("defaultserver", "default"); conf->rewrite = conf->confrewrite ? getrewrite(conf->confrewrite, NULL) : getrewrite("defaultserver", "default");
if (!conf->secret) { if (!conf->secret) {
...@@ -3530,7 +3542,8 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { ...@@ -3530,7 +3542,8 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) {
int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) { int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char *val) {
struct clsrvconf *conf, *resconf; struct clsrvconf *conf, *resconf;
long int retrydelay = LONG_MIN, retrycount = LONG_MIN; const struct protodefs *pdef;
long int retryinterval = LONG_MIN, retrycount = LONG_MIN;
debug(DBG_DBG, "confserver_cb called for %s", block); debug(DBG_DBG, "confserver_cb called for %s", block);
...@@ -3556,7 +3569,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char ...@@ -3556,7 +3569,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
"MatchCertificateAttribute", CONF_STR, &conf->matchcertattr, "MatchCertificateAttribute", CONF_STR, &conf->matchcertattr,
"rewrite", CONF_STR, &conf->confrewrite, "rewrite", CONF_STR, &conf->confrewrite,
"StatusServer", CONF_BLN, &conf->statusserver, "StatusServer", CONF_BLN, &conf->statusserver,
"RetryDelay", CONF_LINT, &retrydelay, "RetryInterval", CONF_LINT, &retryinterval,
"RetryCount", CONF_LINT, &retrycount, "RetryCount", CONF_LINT, &retrycount,
"CertificateNameCheck", CONF_BLN, &conf->certnamecheck, "CertificateNameCheck", CONF_BLN, &conf->certnamecheck,
"DynamicLookupCommand", CONF_STR, &conf->dynamiclookupcommand, "DynamicLookupCommand", CONF_STR, &conf->dynamiclookupcommand,
...@@ -3579,18 +3592,28 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char ...@@ -3579,18 +3592,28 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
} }
} }
if (retrydelay != LONG_MIN) { if (conf->conftype && !strcasecmp(conf->conftype, "udp"))
if (retrydelay < 1 || retrydelay > 60) { conf->type = RAD_UDP;
debug(DBG_ERR, "error in block %s, value of option RetryDelay is %d, must be 1-60", block, retrydelay); else if (conf->conftype && !strcasecmp(conf->conftype, "tls"))
conf->type = RAD_TLS;
else {
debug(DBG_ERR, "error in block %s, type must be set to UDP or TLS", block);
goto errexit;
}
pdef = &protodefs[conf->type];
if (retryinterval != LONG_MIN) {
if (retryinterval < 1 || retryinterval > pdef->retryintervalmax) {
debug(DBG_ERR, "error in block %s, value of option RetryInterval is %d, must be 1-%d", block, retryinterval, pdef->retryintervalmax);
goto errexit; goto errexit;
} }
conf->retrydelay = (uint8_t)retrydelay; conf->retryinterval = (uint8_t)retryinterval;
} else } else
conf->retrydelay = 255; conf->retryinterval = 255;
if (retrycount != LONG_MIN) { if (retrycount != LONG_MIN) {
if (retrycount < 0 || retrycount > 10) { if (retrycount < 0 || retrycount > pdef->retrycountmax) {
debug(DBG_ERR, "error in block %s, value of option RetryCount is %d, must be 0-10", block, retrycount); debug(DBG_ERR, "error in block %s, value of option RetryCount is %d, must be 0-%d", block, pdef->retrycountmax);
goto errexit; goto errexit;
} }
conf->retrycount = (uint8_t)retrycount; conf->retrycount = (uint8_t)retrycount;
...@@ -3608,15 +3631,6 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char ...@@ -3608,15 +3631,6 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
} }
} }
if (conf->conftype && !strcasecmp(conf->conftype, "udp"))
conf->type = RAD_UDP;
else if (conf->conftype && !strcasecmp(conf->conftype, "tls"))
conf->type = RAD_TLS;
else {
debug(DBG_ERR, "error in block %s, type must be set to UDP or TLS", block);
goto errexit;
}
if (resconf || !conf->dynamiclookupcommand) { if (resconf || !conf->dynamiclookupcommand) {
if (!compileserverconfig(conf, block)) if (!compileserverconfig(conf, block))
goto errexit; goto errexit;
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
#define DEFAULT_TLS_SECRET "mysecret" #define DEFAULT_TLS_SECRET "mysecret"
#define DEFAULT_UDP_PORT "1812" #define DEFAULT_UDP_PORT "1812"
#define DEFAULT_TLS_PORT "2083" #define DEFAULT_TLS_PORT "2083"
#define REQUEST_RETRY_DELAY 5 #define REQUEST_RETRY_INTERVAL 5
#define REQUEST_RETRY_COUNT 2 #define REQUEST_RETRY_COUNT 2
#define MAX_CERT_DEPTH 5 #define MAX_CERT_DEPTH 5
#define STATUS_SERVER_PERIOD 25 #define STATUS_SERVER_PERIOD 25
...@@ -103,7 +103,7 @@ struct clsrvconf { ...@@ -103,7 +103,7 @@ struct clsrvconf {
char *rewriteattrreplacement; char *rewriteattrreplacement;
char *dynamiclookupcommand; char *dynamiclookupcommand;
uint8_t statusserver; uint8_t statusserver;
uint8_t retrydelay; uint8_t retryinterval;
uint8_t retrycount; uint8_t retrycount;
uint8_t certnamecheck; uint8_t certnamecheck;
SSL_CTX *ssl_ctx; SSL_CTX *ssl_ctx;
...@@ -165,6 +165,13 @@ struct rewriteconf { ...@@ -165,6 +165,13 @@ struct rewriteconf {
struct rewrite *rewrite; struct rewrite *rewrite;
}; };
struct protodefs {
uint8_t retrycountdefault;
uint8_t retrycountmax;
uint8_t retryintervaldefault;
uint8_t retryintervalmax;
};
#define RADLEN(x) ntohs(((uint16_t *)(x))[1]) #define RADLEN(x) ntohs(((uint16_t *)(x))[1])
#define ATTRTYPE(x) ((x)[0]) #define ATTRTYPE(x) ((x)[0])
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment