From 8822124d60b47631c04f0f68d89948bc632d8930 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Wed, 27 Apr 2011 12:11:34 -0400 Subject: Don't depend on radsecproxy includes from parent directory This ends up being a problem both for Debian and RPM packaging. --- lib/Makefile.am | 2 +- lib/radsec.c | 2 +- lib/radsecproxy-includes/dtls.h | 13 ++ lib/radsecproxy-includes/gconfig.h | 29 ++++ lib/radsecproxy-includes/hostport.h | 23 ++++ lib/radsecproxy-includes/hostport_types.h | 6 + lib/radsecproxy-includes/radmsg.h | 45 +++++++ lib/radsecproxy-includes/radsecproxy.h | 216 ++++++++++++++++++++++++++++++ lib/radsecproxy-includes/tcp.h | 13 ++ lib/radsecproxy-includes/tls.h | 13 ++ lib/radsecproxy-includes/tlv11.h | 27 ++++ lib/radsecproxy-includes/udp.h | 13 ++ lib/rsp_tlscommon.c | 4 +- lib/tls.c | 2 +- 14 files changed, 403 insertions(+), 5 deletions(-) create mode 100644 lib/radsecproxy-includes/dtls.h create mode 100644 lib/radsecproxy-includes/gconfig.h create mode 100644 lib/radsecproxy-includes/hostport.h create mode 100644 lib/radsecproxy-includes/hostport_types.h create mode 100644 lib/radsecproxy-includes/radmsg.h create mode 100644 lib/radsecproxy-includes/radsecproxy.h create mode 100644 lib/radsecproxy-includes/tcp.h create mode 100644 lib/radsecproxy-includes/tls.h create mode 100644 lib/radsecproxy-includes/tlv11.h create mode 100644 lib/radsecproxy-includes/udp.h diff --git a/lib/Makefile.am b/lib/Makefile.am index 7061025..e4c15fe 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -5,7 +5,7 @@ SUBDIRS = radius include . examples DIST_SUBDIRS=tests ${SUBDIRS} -INCLUDES = -I$(srcdir)/include +INCLUDES = -I$(srcdir)/include -I$(srcdir)/radsecproxy-includes AM_CFLAGS = -Wall -g lib_LTLIBRARIES = libradsec.la diff --git a/lib/radsec.c b/lib/radsec.c index 7421755..5bdcb85 100644 --- a/lib/radsec.c +++ b/lib/radsec.c @@ -23,7 +23,7 @@ #if defined (RS_ENABLE_TLS) #include #include "rsp_list.h" -#include "../radsecproxy.h" +#include "radsecproxy.h" #endif /* Public functions. */ diff --git a/lib/radsecproxy-includes/dtls.h b/lib/radsecproxy-includes/dtls.h new file mode 100644 index 0000000..3426e63 --- /dev/null +++ b/lib/radsecproxy-includes/dtls.h @@ -0,0 +1,13 @@ +/* + * Copyright (C) 2008 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +const struct protodefs *dtlsinit(uint8_t h); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/gconfig.h b/lib/radsecproxy-includes/gconfig.h new file mode 100644 index 0000000..463ebdf --- /dev/null +++ b/lib/radsecproxy-includes/gconfig.h @@ -0,0 +1,29 @@ +#define CONF_STR 1 +#define CONF_CBK 2 +#define CONF_MSTR 3 +#define CONF_BLN 4 +#define CONF_LINT 5 + +#include + +struct gconffile { + char *path; + FILE *file; + const char *data; + size_t datapos; +}; + +int getconfigline(struct gconffile **cf, char *block, char **opt, char **val, int *conftype); +int getgenericconfig(struct gconffile **cf, char *block, ...); +int pushgconfdata(struct gconffile **cf, const char *data); +FILE *pushgconfpath(struct gconffile **cf, const char *path); +FILE *pushgconffile(struct gconffile **cf, FILE *file, const char *description); +FILE *pushgconfpaths(struct gconffile **cf, const char *path); +int popgconf(struct gconffile **cf); +void freegconfmstr(char **mstr); +void freegconf(struct gconffile **cf); +struct gconffile *openconfigfile(const char *file); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/hostport.h b/lib/radsecproxy-includes/hostport.h new file mode 100644 index 0000000..01237e2 --- /dev/null +++ b/lib/radsecproxy-includes/hostport.h @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2006-2009 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +#include "hostport_types.h" + +struct hostportres *newhostport(char *hostport, char *default_port, uint8_t prefixok); +int addhostport(struct list **hostports, char **hostport, char *portdefault, uint8_t prefixok); +void freehostport(struct hostportres *hp); +void freehostports(struct list *hostports); +int resolvehostport(struct hostportres *hp, int socktype, uint8_t passive); +int resolvehostports(struct list *hostports, int socktype); +struct addrinfo *resolvepassiveaddrinfo(char *hostport, char *default_port, int socktype); +int addressmatches(struct list *hostports, struct sockaddr *addr, uint8_t checkport); +int connecttcphostlist(struct list *hostports, struct addrinfo *src); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/hostport_types.h b/lib/radsecproxy-includes/hostport_types.h new file mode 100644 index 0000000..01fb443 --- /dev/null +++ b/lib/radsecproxy-includes/hostport_types.h @@ -0,0 +1,6 @@ +struct hostportres { + char *host; + char *port; + uint8_t prefixlen; + struct addrinfo *addrinfo; +}; diff --git a/lib/radsecproxy-includes/radmsg.h b/lib/radsecproxy-includes/radmsg.h new file mode 100644 index 0000000..8219a5c --- /dev/null +++ b/lib/radsecproxy-includes/radmsg.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2006-2008 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +#define RAD_Access_Request 1 +#define RAD_Access_Accept 2 +#define RAD_Access_Reject 3 +#define RAD_Accounting_Request 4 +#define RAD_Accounting_Response 5 +#define RAD_Access_Challenge 11 +#define RAD_Status_Server 12 +#define RAD_Status_Client 13 + +#define RAD_Attr_User_Name 1 +#define RAD_Attr_User_Password 2 +#define RAD_Attr_Reply_Message 18 +#define RAD_Attr_Vendor_Specific 26 +#define RAD_Attr_Calling_Station_Id 31 +#define RAD_Attr_Tunnel_Password 69 +#define RAD_Attr_Message_Authenticator 80 + +#define RAD_VS_ATTR_MS_MPPE_Send_Key 16 +#define RAD_VS_ATTR_MS_MPPE_Recv_Key 17 + +struct radmsg { + uint8_t code; + uint8_t id; + uint8_t auth[20]; + struct list *attrs; +}; + +void radmsg_free(struct radmsg *); +struct radmsg *radmsg_init(uint8_t, uint8_t, uint8_t *); +int radmsg_add(struct radmsg *, struct tlv *); +struct tlv *radmsg_gettype(struct radmsg *, uint8_t); +uint8_t *radmsg2buf(struct radmsg *msg, uint8_t *); +struct radmsg *buf2radmsg(uint8_t *, uint8_t *, uint8_t *); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/radsecproxy.h b/lib/radsecproxy-includes/radsecproxy.h new file mode 100644 index 0000000..09b5d6e --- /dev/null +++ b/lib/radsecproxy-includes/radsecproxy.h @@ -0,0 +1,216 @@ +/* + * Copyright (C) 2006-2009 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +#include "tlv11.h" +#include "radmsg.h" +#include "gconfig.h" + +#define DEBUG_LEVEL 2 + +#define CONFIG_MAIN "/etc/radsecproxy.conf" + +/* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */ +#define MAX_REQUESTS 256 +#define REQUEST_RETRY_INTERVAL 5 +#define REQUEST_RETRY_COUNT 2 +#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT +#define MAX_CERT_DEPTH 5 +#define STATUS_SERVER_PERIOD 25 +#define IDLE_TIMEOUT 300 + +/* 27262 is vendor DANTE Ltd. */ +#define DEFAULT_TTL_ATTR "27262:1" + +#define RAD_UDP 0 +#define RAD_TLS 1 +#define RAD_TCP 2 +#define RAD_DTLS 3 +#define RAD_PROTOCOUNT 4 + +struct options { + char *logdestination; + char *ttlattr; + uint32_t ttlattrtype[2]; + uint8_t addttl; + uint8_t loglevel; + uint8_t loopprevention; +}; + +struct commonprotoopts { + char **listenargs; + char *sourcearg; +}; + +struct request { + struct timeval created; + uint32_t refcount; + uint8_t *buf, *replybuf; + struct radmsg *msg; + struct client *from; + struct server *to; + char *origusername; + uint8_t rqid; + uint8_t rqauth[16]; + uint8_t newid; + int udpsock; /* only for UDP */ + uint16_t udpport; /* only for UDP */ +}; + +/* requests that our client will send */ +struct rqout { + pthread_mutex_t *lock; + struct request *rq; + uint8_t tries; + struct timeval expiry; +}; + +struct gqueue { + struct list *entries; + pthread_mutex_t mutex; + pthread_cond_t cond; +}; + +struct clsrvconf { + char *name; + uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */ + const struct protodefs *pdef; + char **hostsrc; + char *portsrc; + struct list *hostports; + char *secret; + char *tls; + char *matchcertattr; + regex_t *certcnregex; + regex_t *certuriregex; + char *confrewritein; + char *confrewriteout; + char *confrewriteusername; + struct modattr *rewriteusername; + char *dynamiclookupcommand; + uint8_t statusserver; + uint8_t retryinterval; + uint8_t retrycount; + uint8_t dupinterval; + uint8_t certnamecheck; + uint8_t addttl; + uint8_t loopprevention; + struct rewrite *rewritein; + struct rewrite *rewriteout; + pthread_mutex_t *lock; /* only used for updating clients so far */ + struct tls *tlsconf; + struct list *clients; + struct server *servers; +}; + +#include "rsp_tlscommon.h" + +struct client { + struct clsrvconf *conf; + int sock; + SSL *ssl; + struct request *rqs[MAX_REQUESTS]; + struct gqueue *replyq; + struct gqueue *rbios; /* for dtls */ + struct sockaddr *addr; + time_t expiry; /* for udp */ +}; + +struct server { + struct clsrvconf *conf; + int sock; + SSL *ssl; + pthread_mutex_t lock; + pthread_t clientth; + uint8_t clientrdgone; + struct timeval lastconnecttry; + struct timeval lastreply; + uint8_t connectionok; + uint8_t lostrqs; + uint8_t dynstartup; + char *dynamiclookuparg; + int nextid; + struct timeval lastrcv; + struct rqout *requests; + uint8_t newrq; + pthread_mutex_t newrq_mutex; + pthread_cond_t newrq_cond; + struct gqueue *rbios; /* for dtls */ +}; + +struct realm { + char *name; + char *message; + uint8_t accresp; + regex_t regex; + uint32_t refcount; + pthread_mutex_t mutex; + struct realm *parent; + struct list *subrealms; + struct list *srvconfs; + struct list *accsrvconfs; +}; + +struct modattr { + uint8_t t; + char *replacement; + regex_t *regex; +}; + +struct rewrite { + uint8_t *removeattrs; + uint32_t *removevendorattrs; + struct list *addattrs; + struct list *modattrs; +}; + +struct protodefs { + char *name; + char *secretdefault; + int socktype; + char *portdefault; + uint8_t retrycountdefault; + uint8_t retrycountmax; + uint8_t retryintervaldefault; + uint8_t retryintervalmax; + uint8_t duplicateintervaldefault; + void (*setprotoopts)(struct commonprotoopts *); + char **(*getlistenerargs)(); + void *(*listener)(void*); + int (*connecter)(struct server *, struct timeval *, int, char *); + void *(*clientconnreader)(void*); + int (*clientradput)(struct server *, unsigned char *); + void (*addclient)(struct client *); + void (*addserverextra)(struct clsrvconf *); + void (*setsrcres)(); + void (*initextra)(); +}; + +#define RADLEN(x) ntohs(((uint16_t *)(x))[1]) + +#define ATTRTYPE(x) ((x)[0]) +#define ATTRLEN(x) ((x)[1]) +#define ATTRVAL(x) ((x) + 2) +#define ATTRVALLEN(x) ((x)[1] - 2) + +struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); +struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); +struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur); +struct client *addclient(struct clsrvconf *conf, uint8_t lock); +void removelockedclient(struct client *client); +void removeclient(struct client *client); +struct gqueue *newqueue(); +void freebios(struct gqueue *q); +struct request *newrequest(); +void freerq(struct request *rq); +int radsrv(struct request *rq); +void replyh(struct server *server, unsigned char *buf); +struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/tcp.h b/lib/radsecproxy-includes/tcp.h new file mode 100644 index 0000000..c388895 --- /dev/null +++ b/lib/radsecproxy-includes/tcp.h @@ -0,0 +1,13 @@ +/* + * Copyright (C) 2008 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +const struct protodefs *tcpinit(uint8_t h); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/tls.h b/lib/radsecproxy-includes/tls.h new file mode 100644 index 0000000..1a8735e --- /dev/null +++ b/lib/radsecproxy-includes/tls.h @@ -0,0 +1,13 @@ +/* + * Copyright (C) 2006-2008 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +const struct protodefs *tlsinit(uint8_t h); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/tlv11.h b/lib/radsecproxy-includes/tlv11.h new file mode 100644 index 0000000..301768e --- /dev/null +++ b/lib/radsecproxy-includes/tlv11.h @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2008 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +struct tlv { + uint8_t t; + uint8_t l; + uint8_t *v; +}; + +struct tlv *maketlv(uint8_t, uint8_t, void *); +struct tlv *copytlv(struct tlv *); +void freetlv(struct tlv *); +int eqtlv(struct tlv *, struct tlv *); +struct list *copytlvlist(struct list *); +void freetlvlist(struct list *); +void rmtlv(struct list *, uint8_t); +uint8_t *tlv2str(struct tlv *tlv); +uint8_t *tlv2buf(uint8_t *, const struct tlv *tlv); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/radsecproxy-includes/udp.h b/lib/radsecproxy-includes/udp.h new file mode 100644 index 0000000..8f26e15 --- /dev/null +++ b/lib/radsecproxy-includes/udp.h @@ -0,0 +1,13 @@ +/* + * Copyright (C) 2006-2008 Stig Venaas + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + */ + +const struct protodefs *udpinit(uint8_t h); + +/* Local Variables: */ +/* c-file-style: "stroustrup" */ +/* End: */ diff --git a/lib/rsp_tlscommon.c b/lib/rsp_tlscommon.c index a34fe33..b4d5c80 100644 --- a/lib/rsp_tlscommon.c +++ b/lib/rsp_tlscommon.c @@ -39,8 +39,8 @@ #include "rsp_list.h" #include "rsp_hash.h" #include "rsp_util.h" -#include "../hostport_types.h" -#include "../radsecproxy.h" +#include "hostport_types.h" +#include "radsecproxy.h" static struct hash *tlsconfs = NULL; diff --git a/lib/tls.c b/lib/tls.c index 6fcf5a0..5dd8860 100644 --- a/lib/tls.c +++ b/lib/tls.c @@ -13,7 +13,7 @@ #include #include "rsp_list.h" -#include "../radsecproxy.h" +#include "radsecproxy.h" static struct tls * _get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm) -- cgit v1.2.3