Commit a0008e2f authored by Linus Nordberg's avatar Linus Nordberg

Remove documentation on dynamic lookup since it doesn't work.

Also, add some notes about dynamic lookup esp. wrt. freeing of resources to develdoc.txt.
parent b1414bff
radsecproxy documentation for developers
1. Overall design
=================
At startup client and server configurations are read. Two lists
are created, called clconfs and srvconfs. Both contain clsrvconf
......@@ -35,7 +36,9 @@ xxxserverrd, where xxx is the transport name. The server reader
is responsible for creating a server writer thread that takes care
of sending RADIUS replies to a client.
2. RADIUS message processing
============================
In 1 we described the threads used and the high level operations.
We will now describe how RADIUS messages are processed and flow
......@@ -277,3 +280,63 @@ addresses after initial startup.
Can be defined it extra initialisation is needed for the transport.
};
3. Dynamic servers
==================
A server block can contain the 'dynamicLookupCommand' option, naming
an executable file which will be executed (fork, exec) with the realm
of the user being authenticated as its only argument. The output from
the program (read from stdout) is used as configuration text and
parsed as if it was read from a configuration file.
[XXX describe what happens when config is read -- set in
createsubrealmservers() if the server block has the
'dynamicLookupCommand' option]
[XXX describe what happens when a packet is handled -- findserver()
creating a realm object]
Dynamic freeing of resources
----------------------------
At the end of clientwr(), if server->dynamiclookuparg != NULL, the
removeserversubrealms(list, server) function is called and normally
so is freeclsrvconf(server).
removeserversubrealms() traverses the list of realms (taking a lock on
each realm) and calls _internal_removeserversubrealms(subrealm,
server) on each subrealm. If the list of subrealms is empty after
this, it's being destroyed.
The _internal_removeserversubrealms(realm list, SERVER) function
traverses the list of realms and for each realm:
- increase the refcount on the realm
- take the lock on the realm
- for srv in realm->srvconfs: if srv == SERVER: decrease ref on realm
- free all servers in realm->srvconfs matching SERVER
(list_removedata() TODO: is this function correct?)
- same thing for realm->accsrvconfs as for srvconfs
- if none of the realm->srvconfs nor the realm->accsrvonfs has a
dynamiclookupcommand:
- for each srv in realm->srvconfs: free srv and decrease ref on realm
- destroy realm->srvconfs
- same thing for realm->accsrvconfs as for srvconfs
- release the realm lock
- decrease the refcount on the realm
freeclsrvconf() performs 15 calls to free() and also invokes
freegconfmstr(), freehostports(), regfree() and
pthread_mutex_destroy().
......@@ -633,8 +633,7 @@ blocktype name {
<literal>AddTTL</literal>, <literal>rewrite</literal>,
<literal>rewriteIn</literal>, <literal>rewriteOut</literal>,
<literal>statusServer</literal>, <literal>retryCount</literal>,
<literal>retryInterval</literal>,
<literal>dynamicLookupCommand</literal> and
<literal>retryInterval</literal> and
<literal>LoopPrevention</literal>.
</para>
<para>
......@@ -668,12 +667,6 @@ blocktype name {
should wait between each retry. The defaults are 2 retries and
an interval of 5s.
</para>
<para>
The option <literal>dynamicLookupCommand</literal> can be used
to specify a command that should be executed to dynamically
configure and use a server. The use of this feature will be
documented separately/later.
</para>
<para>
Using the <literal>LoopPrevention</literal> option here
overrides any basic setting of this option. See section
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment