Commit 7c62bcd0 authored by venaas's avatar venaas Committed by venaas

renamed some stuff, added client state for received rqs etc

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@379 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 52570225
......@@ -248,7 +248,8 @@ void *dtlsserverwr(void *arg) {
}
void dtlsserverrd(struct client *client) {
struct request rq;
struct request *rq;
uint8_t *buf;
pthread_t dtlsserverwrth;
debug(DBG_DBG, "dtlsserverrd: starting for %s", client->conf->host);
......@@ -259,18 +260,25 @@ void dtlsserverrd(struct client *client) {
}
for (;;) {
memset(&rq, 0, sizeof(struct request));
rq.buf = raddtlsget(client->ssl, client->rbios, IDLE_TIMEOUT);
if (!rq.buf) {
buf = raddtlsget(client->ssl, client->rbios, IDLE_TIMEOUT);
if (!buf) {
debug(DBG_ERR, "dtlsserverrd: connection from %s lost", client->conf->host);
break;
}
debug(DBG_DBG, "dtlsserverrd: got Radius message from %s", client->conf->host);
rq.from = client;
if (!radsrv(&rq)) {
rq = newrequest();
if (!rq) {
free(buf);
continue;
}
rq->buf = buf;
rq->from = client;
if (!radsrv(rq)) {
freerq(rq);
debug(DBG_ERR, "dtlsserverrd: message authentication/validation failed, closing connection from %s", client->conf->host);
break;
}
freerq(rq);
}
/* stop writer by setting ssl to NULL and give signal in case waiting for data */
......@@ -308,7 +316,7 @@ void *dtlsservernew(void *arg) {
while (conf) {
if (verifyconfcert(cert, conf)) {
X509_free(cert);
client = addclient(conf);
client = addclient(conf, 1);
if (client) {
client->sock = params->sock;
client->rbios = params->sesscache->rbios;
......
This diff is collapsed.
......@@ -17,6 +17,7 @@
#define MAX_REQUESTS 256
#define REQUEST_RETRY_INTERVAL 5
#define REQUEST_RETRY_COUNT 2
#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
#define MAX_CERT_DEPTH 5
#define STATUS_SERVER_PERIOD 25
#define IDLE_TIMEOUT 300
......@@ -41,19 +42,26 @@ struct options {
uint8_t loopprevention;
};
/* requests that our client will send */
struct request {
struct timeval created;
uint8_t refcount;
uint8_t *buf;
struct client *from;
struct sockaddr_storage fromsa; /* used by udpservwr */
int fromudpsock; /* used by udpservwr */
};
/* requests that our client will send */
struct rqout {
unsigned char *buf;
struct radmsg *msg;
uint8_t tries;
uint8_t received;
struct timeval expiry;
struct client *from;
char *origusername;
uint8_t origid; /* used by servwr */
char origauth[16]; /* used by servwr */
struct sockaddr_storage fromsa; /* used by udpservwr */
int fromudpsock; /* used by udpservwr */
struct request *rq;
};
/* replies that a server will send */
......@@ -88,12 +96,14 @@ struct clsrvconf {
uint8_t statusserver;
uint8_t retryinterval;
uint8_t retrycount;
uint8_t dupinterval;
uint8_t certnamecheck;
SSL_CTX *ssl_ctx;
struct rewrite *rewritein;
struct rewrite *rewriteout;
struct addrinfo *addrinfo;
uint8_t prefixlen;
pthread_mutex_t *lock; /* only used for updating clients so far */
struct list *clients;
struct server *servers;
};
......@@ -102,6 +112,8 @@ struct client {
struct clsrvconf *conf;
int sock; /* for tcp/dtls */
SSL *ssl;
pthread_mutex_t lock; /* used for updating rqs */
struct request *rqs[MAX_REQUESTS];
struct queue *replyq;
struct queue *rbios; /* for dtls */
struct sockaddr *addr; /* for udp */
......@@ -121,7 +133,7 @@ struct server {
char *dynamiclookuparg;
int nextid;
struct timeval lastrcv;
struct request *requests;
struct rqout *requests;
uint8_t newrq;
pthread_mutex_t newrq_mutex;
pthread_cond_t newrq_cond;
......@@ -173,6 +185,7 @@ struct protodefs {
uint8_t retrycountmax;
uint8_t retryintervaldefault;
uint8_t retryintervalmax;
uint8_t duplicateintervaldefault;
void *(*listener)(void*);
char **srcaddrport;
int (*connecter)(struct server *, struct timeval *, int, char *);
......@@ -198,12 +211,14 @@ struct addrinfo *getsrcprotores(uint8_t type);
struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
struct client *addclient(struct clsrvconf *conf);
struct client *addclient(struct clsrvconf *conf, uint8_t lock);
void removeclient(struct client *client);
void removeclientrqs(struct client *client);
struct queue *newqueue();
void removequeue(struct queue *q);
void freebios(struct queue *q);
struct request *newrequest();
void freerq(struct request *rq);
int radsrv(struct request *rq);
X509 *verifytlscert(SSL *ssl);
int verifyconfcert(X509 *cert, struct clsrvconf *conf);
......
......@@ -223,7 +223,8 @@ void *tcpserverwr(void *arg) {
}
void tcpserverrd(struct client *client) {
struct request rq;
struct request *rq;
uint8_t *buf;
pthread_t tcpserverwrth;
debug(DBG_DBG, "tcpserverrd: starting for %s", client->conf->host);
......@@ -234,18 +235,25 @@ void tcpserverrd(struct client *client) {
}
for (;;) {
memset(&rq, 0, sizeof(struct request));
rq.buf = radtcpget(client->sock, 0);
if (!rq.buf) {
buf = radtcpget(client->sock, 0);
if (!buf) {
debug(DBG_ERR, "tcpserverrd: connection from %s lost", client->conf->host);
break;
}
debug(DBG_DBG, "tcpserverrd: got Radius message from %s", client->conf->host);
rq.from = client;
if (!radsrv(&rq)) {
rq = newrequest();
if (!rq) {
free(buf);
continue;
}
rq->buf = buf;
rq->from = client;
if (!radsrv(rq)) {
freerq(rq);
debug(DBG_ERR, "tcpserverrd: message authentication/validation failed, closing connection from %s", client->conf->host);
break;
}
freerq(rq);
}
/* stop writer by setting s to -1 and give signal in case waiting for data */
......@@ -275,7 +283,7 @@ void *tcpservernew(void *arg) {
conf = find_clconf(RAD_TCP, (struct sockaddr *)&from, NULL);
if (conf) {
client = addclient(conf);
client = addclient(conf, 1);
if (client) {
client->sock = s;
tcpserverrd(client);
......
......@@ -276,7 +276,8 @@ void *tlsserverwr(void *arg) {
}
void tlsserverrd(struct client *client) {
struct request rq;
struct request *rq;
uint8_t *buf;
pthread_t tlsserverwrth;
debug(DBG_DBG, "tlsserverrd: starting for %s", client->conf->host);
......@@ -287,18 +288,25 @@ void tlsserverrd(struct client *client) {
}
for (;;) {
memset(&rq, 0, sizeof(struct request));
rq.buf = radtlsget(client->ssl, 0);
if (!rq.buf) {
buf = radtlsget(client->ssl, 0);
if (!buf) {
debug(DBG_ERR, "tlsserverrd: connection from %s lost", client->conf->host);
break;
}
debug(DBG_DBG, "tlsserverrd: got Radius message from %s", client->conf->host);
rq.from = client;
if (!radsrv(&rq)) {
rq = newrequest();
if (!rq) {
free(buf);
continue;
}
rq->buf = buf;
rq->from = client;
if (!radsrv(rq)) {
freerq(rq);
debug(DBG_ERR, "tlsserverrd: message authentication/validation failed, closing connection from %s", client->conf->host);
break;
}
freerq(rq);
}
/* stop writer by setting ssl to NULL and give signal in case waiting for data */
......@@ -349,7 +357,7 @@ void *tlsservernew(void *arg) {
while (conf) {
if (verifyconfcert(cert, conf)) {
X509_free(cert);
client = addclient(conf);
client = addclient(conf, 1);
if (client) {
client->ssl = ssl;
tlsserverrd(client);
......
......@@ -102,22 +102,28 @@ unsigned char *radudpget(int s, struct client **client, struct server **server,
debug(DBG_DBG, "radudpget: packet was padded with %d bytes", cnt - len);
if (client) {
pthread_mutex_lock(p->lock);
for (node = list_first(p->clients); node; node = list_next(node))
if (addr_equal((struct sockaddr *)&from, ((struct client *)node->data)->addr))
break;
if (node) {
*client = (struct client *)node->data;
pthread_mutex_unlock(p->lock);
break;
}
fromcopy = addr_copy((struct sockaddr *)&from);
if (!fromcopy)
if (!fromcopy) {
pthread_mutex_unlock(p->lock);
continue;
*client = addclient(p);
}
*client = addclient(p, 0);
if (!*client) {
free(fromcopy);
pthread_mutex_unlock(p->lock);
continue;
}
(*client)->addr = fromcopy;
pthread_mutex_unlock(p->lock);
} else if (server)
*server = p->servers;
break;
......@@ -178,14 +184,19 @@ void *udpclientrd(void *arg) {
}
void *udpserverrd(void *arg) {
struct request rq;
struct request *rq;
int *sp = (int *)arg;
for (;;) {
memset(&rq, 0, sizeof(struct request));
rq.buf = radudpget(*sp, &rq.from, NULL, &rq.fromsa);
rq.fromudpsock = *sp;
radsrv(&rq);
rq = newrequest();
if (!rq) {
sleep(5); /* malloc failed */
continue;
}
rq->buf = radudpget(*sp, &rq->from, NULL, &rq->fromsa);
rq->fromudpsock = *sp;
radsrv(rq);
freerq(rq);
}
free(sp);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment