Commit 7c62bcd0 authored by venaas's avatar venaas Committed by venaas
Browse files

renamed some stuff, added client state for received rqs etc

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@379 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 52570225
...@@ -248,7 +248,8 @@ void *dtlsserverwr(void *arg) { ...@@ -248,7 +248,8 @@ void *dtlsserverwr(void *arg) {
} }
void dtlsserverrd(struct client *client) { void dtlsserverrd(struct client *client) {
struct request rq; struct request *rq;
uint8_t *buf;
pthread_t dtlsserverwrth; pthread_t dtlsserverwrth;
debug(DBG_DBG, "dtlsserverrd: starting for %s", client->conf->host); debug(DBG_DBG, "dtlsserverrd: starting for %s", client->conf->host);
...@@ -259,18 +260,25 @@ void dtlsserverrd(struct client *client) { ...@@ -259,18 +260,25 @@ void dtlsserverrd(struct client *client) {
} }
for (;;) { for (;;) {
memset(&rq, 0, sizeof(struct request)); buf = raddtlsget(client->ssl, client->rbios, IDLE_TIMEOUT);
rq.buf = raddtlsget(client->ssl, client->rbios, IDLE_TIMEOUT); if (!buf) {
if (!rq.buf) {
debug(DBG_ERR, "dtlsserverrd: connection from %s lost", client->conf->host); debug(DBG_ERR, "dtlsserverrd: connection from %s lost", client->conf->host);
break; break;
} }
debug(DBG_DBG, "dtlsserverrd: got Radius message from %s", client->conf->host); debug(DBG_DBG, "dtlsserverrd: got Radius message from %s", client->conf->host);
rq.from = client; rq = newrequest();
if (!radsrv(&rq)) { if (!rq) {
free(buf);
continue;
}
rq->buf = buf;
rq->from = client;
if (!radsrv(rq)) {
freerq(rq);
debug(DBG_ERR, "dtlsserverrd: message authentication/validation failed, closing connection from %s", client->conf->host); debug(DBG_ERR, "dtlsserverrd: message authentication/validation failed, closing connection from %s", client->conf->host);
break; break;
} }
freerq(rq);
} }
/* stop writer by setting ssl to NULL and give signal in case waiting for data */ /* stop writer by setting ssl to NULL and give signal in case waiting for data */
...@@ -308,7 +316,7 @@ void *dtlsservernew(void *arg) { ...@@ -308,7 +316,7 @@ void *dtlsservernew(void *arg) {
while (conf) { while (conf) {
if (verifyconfcert(cert, conf)) { if (verifyconfcert(cert, conf)) {
X509_free(cert); X509_free(cert);
client = addclient(conf); client = addclient(conf, 1);
if (client) { if (client) {
client->sock = params->sock; client->sock = params->sock;
client->rbios = params->sesscache->rbios; client->rbios = params->sesscache->rbios;
......
This diff is collapsed.
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
#define MAX_REQUESTS 256 #define MAX_REQUESTS 256
#define REQUEST_RETRY_INTERVAL 5 #define REQUEST_RETRY_INTERVAL 5
#define REQUEST_RETRY_COUNT 2 #define REQUEST_RETRY_COUNT 2
#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
#define MAX_CERT_DEPTH 5 #define MAX_CERT_DEPTH 5
#define STATUS_SERVER_PERIOD 25 #define STATUS_SERVER_PERIOD 25
#define IDLE_TIMEOUT 300 #define IDLE_TIMEOUT 300
...@@ -41,19 +42,26 @@ struct options { ...@@ -41,19 +42,26 @@ struct options {
uint8_t loopprevention; uint8_t loopprevention;
}; };
/* requests that our client will send */
struct request { struct request {
struct timeval created;
uint8_t refcount;
uint8_t *buf;
struct client *from;
struct sockaddr_storage fromsa; /* used by udpservwr */
int fromudpsock; /* used by udpservwr */
};
/* requests that our client will send */
struct rqout {
unsigned char *buf; unsigned char *buf;
struct radmsg *msg; struct radmsg *msg;
uint8_t tries; uint8_t tries;
uint8_t received; uint8_t received;
struct timeval expiry; struct timeval expiry;
struct client *from;
char *origusername; char *origusername;
uint8_t origid; /* used by servwr */ uint8_t origid; /* used by servwr */
char origauth[16]; /* used by servwr */ char origauth[16]; /* used by servwr */
struct sockaddr_storage fromsa; /* used by udpservwr */ struct request *rq;
int fromudpsock; /* used by udpservwr */
}; };
/* replies that a server will send */ /* replies that a server will send */
...@@ -88,12 +96,14 @@ struct clsrvconf { ...@@ -88,12 +96,14 @@ struct clsrvconf {
uint8_t statusserver; uint8_t statusserver;
uint8_t retryinterval; uint8_t retryinterval;
uint8_t retrycount; uint8_t retrycount;
uint8_t dupinterval;
uint8_t certnamecheck; uint8_t certnamecheck;
SSL_CTX *ssl_ctx; SSL_CTX *ssl_ctx;
struct rewrite *rewritein; struct rewrite *rewritein;
struct rewrite *rewriteout; struct rewrite *rewriteout;
struct addrinfo *addrinfo; struct addrinfo *addrinfo;
uint8_t prefixlen; uint8_t prefixlen;
pthread_mutex_t *lock; /* only used for updating clients so far */
struct list *clients; struct list *clients;
struct server *servers; struct server *servers;
}; };
...@@ -102,6 +112,8 @@ struct client { ...@@ -102,6 +112,8 @@ struct client {
struct clsrvconf *conf; struct clsrvconf *conf;
int sock; /* for tcp/dtls */ int sock; /* for tcp/dtls */
SSL *ssl; SSL *ssl;
pthread_mutex_t lock; /* used for updating rqs */
struct request *rqs[MAX_REQUESTS];
struct queue *replyq; struct queue *replyq;
struct queue *rbios; /* for dtls */ struct queue *rbios; /* for dtls */
struct sockaddr *addr; /* for udp */ struct sockaddr *addr; /* for udp */
...@@ -121,7 +133,7 @@ struct server { ...@@ -121,7 +133,7 @@ struct server {
char *dynamiclookuparg; char *dynamiclookuparg;
int nextid; int nextid;
struct timeval lastrcv; struct timeval lastrcv;
struct request *requests; struct rqout *requests;
uint8_t newrq; uint8_t newrq;
pthread_mutex_t newrq_mutex; pthread_mutex_t newrq_mutex;
pthread_cond_t newrq_cond; pthread_cond_t newrq_cond;
...@@ -173,6 +185,7 @@ struct protodefs { ...@@ -173,6 +185,7 @@ struct protodefs {
uint8_t retrycountmax; uint8_t retrycountmax;
uint8_t retryintervaldefault; uint8_t retryintervaldefault;
uint8_t retryintervalmax; uint8_t retryintervalmax;
uint8_t duplicateintervaldefault;
void *(*listener)(void*); void *(*listener)(void*);
char **srcaddrport; char **srcaddrport;
int (*connecter)(struct server *, struct timeval *, int, char *); int (*connecter)(struct server *, struct timeval *, int, char *);
...@@ -198,12 +211,14 @@ struct addrinfo *getsrcprotores(uint8_t type); ...@@ -198,12 +211,14 @@ struct addrinfo *getsrcprotores(uint8_t type);
struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur); struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
struct client *addclient(struct clsrvconf *conf); struct client *addclient(struct clsrvconf *conf, uint8_t lock);
void removeclient(struct client *client); void removeclient(struct client *client);
void removeclientrqs(struct client *client); void removeclientrqs(struct client *client);
struct queue *newqueue(); struct queue *newqueue();
void removequeue(struct queue *q); void removequeue(struct queue *q);
void freebios(struct queue *q); void freebios(struct queue *q);
struct request *newrequest();
void freerq(struct request *rq);
int radsrv(struct request *rq); int radsrv(struct request *rq);
X509 *verifytlscert(SSL *ssl); X509 *verifytlscert(SSL *ssl);
int verifyconfcert(X509 *cert, struct clsrvconf *conf); int verifyconfcert(X509 *cert, struct clsrvconf *conf);
......
...@@ -223,7 +223,8 @@ void *tcpserverwr(void *arg) { ...@@ -223,7 +223,8 @@ void *tcpserverwr(void *arg) {
} }
void tcpserverrd(struct client *client) { void tcpserverrd(struct client *client) {
struct request rq; struct request *rq;
uint8_t *buf;
pthread_t tcpserverwrth; pthread_t tcpserverwrth;
debug(DBG_DBG, "tcpserverrd: starting for %s", client->conf->host); debug(DBG_DBG, "tcpserverrd: starting for %s", client->conf->host);
...@@ -234,18 +235,25 @@ void tcpserverrd(struct client *client) { ...@@ -234,18 +235,25 @@ void tcpserverrd(struct client *client) {
} }
for (;;) { for (;;) {
memset(&rq, 0, sizeof(struct request)); buf = radtcpget(client->sock, 0);
rq.buf = radtcpget(client->sock, 0); if (!buf) {
if (!rq.buf) {
debug(DBG_ERR, "tcpserverrd: connection from %s lost", client->conf->host); debug(DBG_ERR, "tcpserverrd: connection from %s lost", client->conf->host);
break; break;
} }
debug(DBG_DBG, "tcpserverrd: got Radius message from %s", client->conf->host); debug(DBG_DBG, "tcpserverrd: got Radius message from %s", client->conf->host);
rq.from = client; rq = newrequest();
if (!radsrv(&rq)) { if (!rq) {
free(buf);
continue;
}
rq->buf = buf;
rq->from = client;
if (!radsrv(rq)) {
freerq(rq);
debug(DBG_ERR, "tcpserverrd: message authentication/validation failed, closing connection from %s", client->conf->host); debug(DBG_ERR, "tcpserverrd: message authentication/validation failed, closing connection from %s", client->conf->host);
break; break;
} }
freerq(rq);
} }
/* stop writer by setting s to -1 and give signal in case waiting for data */ /* stop writer by setting s to -1 and give signal in case waiting for data */
...@@ -275,7 +283,7 @@ void *tcpservernew(void *arg) { ...@@ -275,7 +283,7 @@ void *tcpservernew(void *arg) {
conf = find_clconf(RAD_TCP, (struct sockaddr *)&from, NULL); conf = find_clconf(RAD_TCP, (struct sockaddr *)&from, NULL);
if (conf) { if (conf) {
client = addclient(conf); client = addclient(conf, 1);
if (client) { if (client) {
client->sock = s; client->sock = s;
tcpserverrd(client); tcpserverrd(client);
......
...@@ -276,7 +276,8 @@ void *tlsserverwr(void *arg) { ...@@ -276,7 +276,8 @@ void *tlsserverwr(void *arg) {
} }
void tlsserverrd(struct client *client) { void tlsserverrd(struct client *client) {
struct request rq; struct request *rq;
uint8_t *buf;
pthread_t tlsserverwrth; pthread_t tlsserverwrth;
debug(DBG_DBG, "tlsserverrd: starting for %s", client->conf->host); debug(DBG_DBG, "tlsserverrd: starting for %s", client->conf->host);
...@@ -287,18 +288,25 @@ void tlsserverrd(struct client *client) { ...@@ -287,18 +288,25 @@ void tlsserverrd(struct client *client) {
} }
for (;;) { for (;;) {
memset(&rq, 0, sizeof(struct request)); buf = radtlsget(client->ssl, 0);
rq.buf = radtlsget(client->ssl, 0); if (!buf) {
if (!rq.buf) {
debug(DBG_ERR, "tlsserverrd: connection from %s lost", client->conf->host); debug(DBG_ERR, "tlsserverrd: connection from %s lost", client->conf->host);
break; break;
} }
debug(DBG_DBG, "tlsserverrd: got Radius message from %s", client->conf->host); debug(DBG_DBG, "tlsserverrd: got Radius message from %s", client->conf->host);
rq.from = client; rq = newrequest();
if (!radsrv(&rq)) { if (!rq) {
free(buf);
continue;
}
rq->buf = buf;
rq->from = client;
if (!radsrv(rq)) {
freerq(rq);
debug(DBG_ERR, "tlsserverrd: message authentication/validation failed, closing connection from %s", client->conf->host); debug(DBG_ERR, "tlsserverrd: message authentication/validation failed, closing connection from %s", client->conf->host);
break; break;
} }
freerq(rq);
} }
/* stop writer by setting ssl to NULL and give signal in case waiting for data */ /* stop writer by setting ssl to NULL and give signal in case waiting for data */
...@@ -349,7 +357,7 @@ void *tlsservernew(void *arg) { ...@@ -349,7 +357,7 @@ void *tlsservernew(void *arg) {
while (conf) { while (conf) {
if (verifyconfcert(cert, conf)) { if (verifyconfcert(cert, conf)) {
X509_free(cert); X509_free(cert);
client = addclient(conf); client = addclient(conf, 1);
if (client) { if (client) {
client->ssl = ssl; client->ssl = ssl;
tlsserverrd(client); tlsserverrd(client);
......
...@@ -102,22 +102,28 @@ unsigned char *radudpget(int s, struct client **client, struct server **server, ...@@ -102,22 +102,28 @@ unsigned char *radudpget(int s, struct client **client, struct server **server,
debug(DBG_DBG, "radudpget: packet was padded with %d bytes", cnt - len); debug(DBG_DBG, "radudpget: packet was padded with %d bytes", cnt - len);
if (client) { if (client) {
pthread_mutex_lock(p->lock);
for (node = list_first(p->clients); node; node = list_next(node)) for (node = list_first(p->clients); node; node = list_next(node))
if (addr_equal((struct sockaddr *)&from, ((struct client *)node->data)->addr)) if (addr_equal((struct sockaddr *)&from, ((struct client *)node->data)->addr))
break; break;
if (node) { if (node) {
*client = (struct client *)node->data; *client = (struct client *)node->data;
pthread_mutex_unlock(p->lock);
break; break;
} }
fromcopy = addr_copy((struct sockaddr *)&from); fromcopy = addr_copy((struct sockaddr *)&from);
if (!fromcopy) if (!fromcopy) {
pthread_mutex_unlock(p->lock);
continue; continue;
*client = addclient(p); }
*client = addclient(p, 0);
if (!*client) { if (!*client) {
free(fromcopy); free(fromcopy);
pthread_mutex_unlock(p->lock);
continue; continue;
} }
(*client)->addr = fromcopy; (*client)->addr = fromcopy;
pthread_mutex_unlock(p->lock);
} else if (server) } else if (server)
*server = p->servers; *server = p->servers;
break; break;
...@@ -178,14 +184,19 @@ void *udpclientrd(void *arg) { ...@@ -178,14 +184,19 @@ void *udpclientrd(void *arg) {
} }
void *udpserverrd(void *arg) { void *udpserverrd(void *arg) {
struct request rq; struct request *rq;
int *sp = (int *)arg; int *sp = (int *)arg;
for (;;) { for (;;) {
memset(&rq, 0, sizeof(struct request)); rq = newrequest();
rq.buf = radudpget(*sp, &rq.from, NULL, &rq.fromsa); if (!rq) {
rq.fromudpsock = *sp; sleep(5); /* malloc failed */
radsrv(&rq); continue;
}
rq->buf = radudpget(*sp, &rq->from, NULL, &rq->fromsa);
rq->fromudpsock = *sp;
radsrv(rq);
freerq(rq);
} }
free(sp); free(sp);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment