Revive radsecproxy.h and hostport_types.h and move rsp_* into radsecproxy/.

20 files changed, 357 insertions, 28 deletions

diff --git a/lib/Makefile.am b/lib/Makefile.am
index e6f9fb2..08ace0c 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -17,7 +17,7 @@ ACLOCAL_AMFLAGS = -I m4
 #     library interface is _changed_.
 
 
-SUBDIRS = radius . include examples
+SUBDIRS = radius radsecproxy . include examples
 
 INCLUDES = -I$(srcdir)/include
 AM_CFLAGS = -Wall -g
@@ -41,20 +41,13 @@ libradsec_la_SOURCES = \
 	udp.c \
 	util.c
 
-libradsec_la_SOURCES += \
-	rsp_debug.c \
-	rsp_hash.c \
-	rsp_list.c \
-	rsp_util.c
-
 if RS_ENABLE_TLS
 libradsec_la_SOURCES += \
-	tls.c \
-	rsp_tlscommon.c
+	tls.c
 endif
 
 EXTRA_DIST = HACKING LICENSE
 
-libradsec_la_LIBADD = radius/libradsec-radius.la
+libradsec_la_LIBADD = radsecproxy/libradsec-radsecproxy.la radius/libradsec-radius.la
 libradsec_la_LDFLAGS = -version-info 0:0:0 -export-symbols radsec.sym
 libradsec_la_CFLAGS = $(AM_CFLAGS) -DHAVE_CONFIG_H -Werror # -DDEBUG -DDEBUG_LEVENT 
diff --git a/lib/configure.ac b/lib/configure.ac
index e483b1e..e69135b 100644
--- a/lib/configure.ac
+++ b/lib/configure.ac
@@ -54,6 +54,7 @@ AC_TYPE_UINT8_T
 AC_CHECK_FUNCS([memset socket strdup strerror strrchr])
 
 AC_CONFIG_FILES([Makefile
+                 radsecproxy/Makefile
 		 radius/Makefile
 		 include/Makefile
                  examples/Makefile
diff --git a/lib/radsec.c b/lib/radsec.c
index d14ad50..db406ae 100644
--- a/lib/radsec.c
+++ b/lib/radsec.c
@@ -19,11 +19,11 @@
 #include <radsec/radsec-impl.h>
 #include "err.h"
 #include "debug.h"
-#include "rsp_debug.h"
+#include "radsecproxy/debug.h"
 #if defined (RS_ENABLE_TLS)
 #include <regex.h>
-#include "rsp_list.h"
-#include "../radsecproxy.h"
+#include "radsecproxy/list.h"
+#include "radsecproxy/radsecproxy.h"
 #endif
 
 /* Public functions.  */
diff --git a/lib/radsecproxy/Makefile.am b/lib/radsecproxy/Makefile.am
new file mode 100644
index 0000000..16b66ae
--- /dev/null
+++ b/lib/radsecproxy/Makefile.am
@@ -0,0 +1,18 @@
+AUTOMAKE_OPTIONS = foreign
+ACLOCAL_AMFLAGS = -I m4
+
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)
+AM_CFLAGS = -Wall -g
+
+noinst_LTLIBRARIES = libradsec-radsecproxy.la
+
+libradsec_radsecproxy_la_SOURCES = \
+	debug.c \
+	hash.c \
+	list.c \
+	util.c
+
+if RS_ENABLE_TLS
+libradsec_radsecproxy_la_SOURCES += \
+	tlscommon.c
+endif
diff --git a/lib/rsp_debug.c b/lib/radsecproxy/debug.c
index f3a2de6..8a4881d 100644
--- a/lib/rsp_debug.c
+++ b/lib/radsecproxy/debug.c
@@ -15,8 +15,8 @@
 #include <syslog.h>
 #include <errno.h>
 #include <assert.h>
-#include "rsp_debug.h"
-#include "rsp_util.h"
+#include "debug.h"
+#include "util.h"
 
 static char *debug_ident = NULL;
 static uint8_t debug_level = DBG_INFO;
diff --git a/lib/rsp_debug.h b/lib/radsecproxy/debug.h
index f9858ab..f9858ab 100644
--- a/lib/rsp_debug.h
+++ b/lib/radsecproxy/debug.h
diff --git a/lib/radsecproxy/gconfig.h b/lib/radsecproxy/gconfig.h
new file mode 100644
index 0000000..3cb34b3
--- /dev/null
+++ b/lib/radsecproxy/gconfig.h
@@ -0,0 +1,32 @@
+/* Copyright (c) 2007-2008, UNINETT AS */
+/* See LICENSE for licensing information. */
+
+#define CONF_STR 1
+#define CONF_CBK 2
+#define CONF_MSTR 3
+#define CONF_BLN 4
+#define CONF_LINT 5
+
+#include <stdio.h>
+
+struct gconffile {
+    char *path;
+    FILE *file;
+    const char *data;
+    size_t datapos;
+};
+
+int getconfigline(struct gconffile **cf, char *block, char **opt, char **val, int *conftype);
+int getgenericconfig(struct gconffile **cf, char *block, ...);
+int pushgconfdata(struct gconffile **cf, const char *data);
+FILE *pushgconfpath(struct gconffile **cf, const char *path);
+FILE *pushgconffile(struct gconffile **cf, FILE *file, const char *description);
+FILE *pushgconfpaths(struct gconffile **cf, const char *path);
+int popgconf(struct gconffile **cf);
+void freegconfmstr(char **mstr);
+void freegconf(struct gconffile **cf);
+struct gconffile *openconfigfile(const char *file);
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */
diff --git a/lib/rsp_hash.c b/lib/radsecproxy/hash.c
index a57ead2..ab17433 100644
--- a/lib/rsp_hash.c
+++ b/lib/radsecproxy/hash.c
@@ -4,8 +4,8 @@
 #include <stdlib.h>
 #include <string.h>
 #include <pthread.h>
-#include "rsp_list.h"
-#include "rsp_hash.h"
+#include "list.h"
+#include "hash.h"
 
 /* allocates and initialises hash structure; returns NULL if malloc fails */
 struct hash *hash_create() {
diff --git a/lib/rsp_hash.h b/lib/radsecproxy/hash.h
index 90ba64b..90ba64b 100644
--- a/lib/rsp_hash.h
+++ b/lib/radsecproxy/hash.h
diff --git a/lib/radsecproxy/hostport_types.h b/lib/radsecproxy/hostport_types.h
new file mode 100644
index 0000000..01fb443
--- /dev/null
+++ b/lib/radsecproxy/hostport_types.h
@@ -0,0 +1,6 @@
+struct hostportres {
+    char *host;
+    char *port;
+    uint8_t prefixlen;
+    struct addrinfo *addrinfo;
+};
diff --git a/lib/rsp_list.c b/lib/radsecproxy/list.c
index ac6924e..4cfd358 100644
--- a/lib/rsp_list.c
+++ b/lib/radsecproxy/list.c
@@ -7,7 +7,7 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include "rsp_list.h"
+#include "list.h"
 
 /* allocates and initialises list structure; returns NULL if malloc fails */
 struct list *list_create() {
diff --git a/lib/rsp_list.h b/lib/radsecproxy/list.h
index 4f4d1f9..4f4d1f9 100644
--- a/lib/rsp_list.h
+++ b/lib/radsecproxy/list.h
diff --git a/lib/radsecproxy/radmsg.h b/lib/radsecproxy/radmsg.h
new file mode 100644
index 0000000..1bef59b
--- /dev/null
+++ b/lib/radsecproxy/radmsg.h
@@ -0,0 +1,40 @@
+/* Copyright (c) 2007-2008, UNINETT AS */
+/* See LICENSE for licensing information. */
+
+#define RAD_Access_Request 1
+#define RAD_Access_Accept 2
+#define RAD_Access_Reject 3
+#define RAD_Accounting_Request 4
+#define RAD_Accounting_Response 5
+#define RAD_Access_Challenge 11
+#define RAD_Status_Server 12
+#define RAD_Status_Client 13
+
+#define RAD_Attr_User_Name 1
+#define RAD_Attr_User_Password 2
+#define RAD_Attr_Reply_Message 18
+#define RAD_Attr_Vendor_Specific 26
+#define RAD_Attr_Calling_Station_Id 31
+#define RAD_Attr_Tunnel_Password 69
+#define RAD_Attr_Message_Authenticator 80
+
+#define RAD_VS_ATTR_MS_MPPE_Send_Key 16
+#define RAD_VS_ATTR_MS_MPPE_Recv_Key 17
+
+struct radmsg {
+    uint8_t code;
+    uint8_t id;
+    uint8_t auth[20];
+    struct list *attrs;
+};
+
+void radmsg_free(struct radmsg *);
+struct radmsg *radmsg_init(uint8_t, uint8_t, uint8_t *);
+int radmsg_add(struct radmsg *, struct tlv *);
+struct tlv *radmsg_gettype(struct radmsg *, uint8_t);
+uint8_t *radmsg2buf(struct radmsg *msg, uint8_t *);
+struct radmsg *buf2radmsg(uint8_t *, uint8_t *, uint8_t *);
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */
diff --git a/lib/radsecproxy/radsecproxy.h b/lib/radsecproxy/radsecproxy.h
new file mode 100644
index 0000000..7528f7f
--- /dev/null
+++ b/lib/radsecproxy/radsecproxy.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ */
+
+#include "tlv11.h"
+#include "radmsg.h"
+#include "gconfig.h"
+
+#define DEBUG_LEVEL 2
+
+#define CONFIG_MAIN "/etc/radsecproxy.conf"
+
+/* MAX_REQUESTS must be 256 due to Radius' 8 bit ID field */
+#define MAX_REQUESTS 256
+#define REQUEST_RETRY_INTERVAL 5
+#define REQUEST_RETRY_COUNT 2
+#define DUPLICATE_INTERVAL REQUEST_RETRY_INTERVAL * REQUEST_RETRY_COUNT
+#define MAX_CERT_DEPTH 5
+#define STATUS_SERVER_PERIOD 25
+#define IDLE_TIMEOUT 300
+
+/* 27262 is vendor DANTE Ltd. */
+#define DEFAULT_TTL_ATTR "27262:1"
+
+#define RAD_UDP 0
+#define RAD_TLS 1
+#define RAD_TCP 2
+#define RAD_DTLS 3
+#define RAD_PROTOCOUNT 4
+
+struct options {
+    char *logdestination;
+    char *ttlattr;
+    uint32_t ttlattrtype[2];
+    uint8_t addttl;
+    uint8_t loglevel;
+    uint8_t loopprevention;
+};
+
+struct commonprotoopts {
+    char **listenargs;
+    char *sourcearg;
+};
+
+struct request {
+    struct timeval created;
+    uint32_t refcount;
+    uint8_t *buf, *replybuf;
+    struct radmsg *msg;
+    struct client *from;
+    struct server *to;
+    char *origusername;
+    uint8_t rqid;
+    uint8_t rqauth[16];
+    uint8_t newid;
+    int udpsock; /* only for UDP */
+    uint16_t udpport; /* only for UDP */
+};
+
+/* requests that our client will send */
+struct rqout {
+    pthread_mutex_t *lock;
+    struct request *rq;
+    uint8_t tries;
+    struct timeval expiry;
+};
+
+struct gqueue {
+    struct list *entries;
+    pthread_mutex_t mutex;
+    pthread_cond_t cond;
+};
+
+struct clsrvconf {
+    char *name;
+    uint8_t type; /* RAD_UDP/RAD_TLS/RAD_TCP */
+    const struct protodefs *pdef;
+    char **hostsrc;
+    char *portsrc;
+    struct list *hostports;
+    char *secret;
+    char *tls;
+    char *matchcertattr;
+    regex_t *certcnregex;
+    regex_t *certuriregex;
+    char *confrewritein;
+    char *confrewriteout;
+    char *confrewriteusername;
+    struct modattr *rewriteusername;
+    char *dynamiclookupcommand;
+    uint8_t statusserver;
+    uint8_t retryinterval;
+    uint8_t retrycount;
+    uint8_t dupinterval;
+    uint8_t certnamecheck;
+    uint8_t addttl;
+    uint8_t loopprevention;
+    struct rewrite *rewritein;
+    struct rewrite *rewriteout;
+    pthread_mutex_t *lock; /* only used for updating clients so far */
+    struct tls *tlsconf;
+    struct list *clients;
+    struct server *servers;
+};
+
+#include "tlscommon.h"
+
+struct client {
+    struct clsrvconf *conf;
+    int sock;
+    SSL *ssl;
+    struct request *rqs[MAX_REQUESTS];
+    struct gqueue *replyq;
+    struct gqueue *rbios; /* for dtls */
+    struct sockaddr *addr;
+    time_t expiry; /* for udp */
+};
+
+struct server {
+    struct clsrvconf *conf;
+    int sock;
+    SSL *ssl;
+    pthread_mutex_t lock;
+    pthread_t clientth;
+    uint8_t clientrdgone;
+    struct timeval lastconnecttry;
+    struct timeval lastreply;
+    uint8_t connectionok;
+    uint8_t lostrqs;
+    uint8_t dynstartup;
+    char *dynamiclookuparg;
+    int nextid;
+    struct timeval lastrcv;
+    struct rqout *requests;
+    uint8_t newrq;
+    pthread_mutex_t newrq_mutex;
+    pthread_cond_t newrq_cond;
+    struct gqueue *rbios; /* for dtls */
+};
+
+struct realm {
+    char *name;
+    char *message;
+    uint8_t accresp;
+    regex_t regex;
+    uint32_t refcount;
+    pthread_mutex_t mutex;
+    struct realm *parent;
+    struct list *subrealms;
+    struct list *srvconfs;
+    struct list *accsrvconfs;
+};
+
+struct modattr {
+    uint8_t t;
+    char *replacement;
+    regex_t *regex;
+};
+
+struct rewrite {
+    uint8_t *removeattrs;
+    uint32_t *removevendorattrs;
+    struct list *addattrs;
+    struct list *modattrs;
+};
+
+struct protodefs {
+    char *name;
+    char *secretdefault;
+    int socktype;
+    char *portdefault;
+    uint8_t retrycountdefault;
+    uint8_t retrycountmax;
+    uint8_t retryintervaldefault;
+    uint8_t retryintervalmax;
+    uint8_t duplicateintervaldefault;
+    void (*setprotoopts)(struct commonprotoopts *);
+    char **(*getlistenerargs)();
+    void *(*listener)(void*);
+    int (*connecter)(struct server *, struct timeval *, int, char *);
+    void *(*clientconnreader)(void*);
+    int (*clientradput)(struct server *, unsigned char *);
+    void (*addclient)(struct client *);
+    void (*addserverextra)(struct clsrvconf *);
+    void (*setsrcres)();
+    void (*initextra)();
+};
+
+#define RADLEN(x) ntohs(((uint16_t *)(x))[1])
+
+#define ATTRTYPE(x) ((x)[0])
+#define ATTRLEN(x) ((x)[1])
+#define ATTRVAL(x) ((x) + 2)
+#define ATTRVALLEN(x) ((x)[1] - 2)
+
+struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
+struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur);
+struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur);
+struct client *addclient(struct clsrvconf *conf, uint8_t lock);
+void removelockedclient(struct client *client);
+void removeclient(struct client *client);
+struct gqueue *newqueue();
+void freebios(struct gqueue *q);
+struct request *newrequest();
+void freerq(struct request *rq);
+int radsrv(struct request *rq);
+void replyh(struct server *server, unsigned char *buf);
+struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport);
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */
diff --git a/lib/rsp_tlscommon.c b/lib/radsecproxy/tlscommon.c
index 8ab1b13..002788d 100644
--- a/lib/rsp_tlscommon.c
+++ b/lib/radsecproxy/tlscommon.c
@@ -30,12 +30,12 @@
 #include <openssl/err.h>
 #include <openssl/md5.h>
 #include <openssl/x509v3.h>
-#include "rsp_debug.h"
-#include "rsp_list.h"
-#include "rsp_hash.h"
-#include "rsp_util.h"
-#include "../hostport_types.h"
-#include "../radsecproxy.h"
+#include "debug.h"
+#include "list.h"
+#include "hash.h"
+#include "util.h"
+#include "hostport_types.h"
+#include "radsecproxy.h"
 
 static struct hash *tlsconfs = NULL;
 
diff --git a/lib/rsp_tlscommon.h b/lib/radsecproxy/tlscommon.h
index da2092e..da2092e 100644
--- a/lib/rsp_tlscommon.h
+++ b/lib/radsecproxy/tlscommon.h
diff --git a/lib/radsecproxy/tlv11.h b/lib/radsecproxy/tlv11.h
new file mode 100644
index 0000000..87909c0
--- /dev/null
+++ b/lib/radsecproxy/tlv11.h
@@ -0,0 +1,23 @@
+/* Copyright (c) 2008, UNINETT AS
+ * Copyright (c) 2010, NORDUnet A/S */
+/* See LICENSE for licensing information. */
+
+struct tlv {
+    uint8_t t;
+    uint8_t l;
+    uint8_t *v;
+};
+
+struct tlv *maketlv(uint8_t, uint8_t, void *);
+struct tlv *copytlv(struct tlv *);
+void freetlv(struct tlv *);
+int eqtlv(struct tlv *, struct tlv *);
+struct list *copytlvlist(struct list *);
+void freetlvlist(struct list *);
+void rmtlv(struct list *, uint8_t);
+uint8_t *tlv2str(struct tlv *tlv);
+uint8_t *tlv2buf(uint8_t *, const struct tlv *tlv);
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */
diff --git a/lib/rsp_util.c b/lib/radsecproxy/util.c
index e18a978..ad974ac 100644
--- a/lib/rsp_util.c
+++ b/lib/radsecproxy/util.c
@@ -18,8 +18,8 @@
 #include <errno.h>
 #include <sys/select.h>
 #include <stdarg.h>
-#include "rsp_debug.h"
-#include "rsp_util.h"
+#include "debug.h"
+#include "util.h"
 
 char *stringcopy(const char *s, int len) {
     char *r;
diff --git a/lib/rsp_util.h b/lib/radsecproxy/util.h
index cec4673..cec4673 100644
--- a/lib/rsp_util.h
+++ b/lib/radsecproxy/util.h
diff --git a/lib/tls.c b/lib/tls.c
index acc2f91..a5040f4 100644
--- a/lib/tls.c
+++ b/lib/tls.c
@@ -14,8 +14,8 @@
 #include <radsec/radsec-impl.h>
 
 #include <regex.h>
-#include "rsp_list.h"
-#include "../radsecproxy.h"
+#include "radsecproxy/list.h"
+#include "radsecproxy/radsecproxy.h"
 
 static struct tls *
 _get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm)