Skip to content

Commit

Permalink
Merge branch 'master' into statusserver-auto
Browse files Browse the repository at this point in the history
  • Loading branch information
Fabian Mauchle committed May 14, 2019
2 parents b732bdb + 524a096 commit 818d63f
Show file tree
Hide file tree
Showing 11 changed files with 124 additions and 124 deletions.
2 changes: 1 addition & 1 deletion ChangeLog
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,7 +275,7 @@ changes since 1.7.2

2008-10-07 1.2
listenTCP and sourceTCP options renamed to listenTLS and sourceTLS
Old options deprecated but available for backwards compatiblity
Old options deprecated but available for backwards compatibility
Logging reply-message attribute from Reject messages
Contribution from Arne Schwabe
Rewrite blocks have new options addAttribute and modifyAttribute
Expand Down
69 changes: 31 additions & 38 deletions dtls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
static void setprotoopts(struct commonprotoopts *opts);
static char **getlistenerargs();
void *dtlslistener(void *arg);
int dtlsconnect(struct server *server, struct timeval *when, int timeout, char *text);
int dtlsconnect(struct server *server, int timeout, char *text);
void *dtlsclientrd(void *arg);
int clientradputdtls(struct server *server, unsigned char *rad);
void addserverextradtls(struct clsrvconf *conf);
Expand Down Expand Up @@ -400,12 +400,24 @@ int getConnectionInfo(int socket, struct sockaddr *from, socklen_t fromlen, stru
if (getsockname(socket, to, &tolen))
return -1;
for (ctrlhdr = CMSG_FIRSTHDR(&msghdr); ctrlhdr; ctrlhdr = CMSG_NXTHDR(&msghdr, ctrlhdr)) {
#if defined(IP_PKTINFO)
if(ctrlhdr->cmsg_level == IPPROTO_IP && ctrlhdr->cmsg_type == IP_PKTINFO) {
debug(DBG_DBG, "udp packet to: %s", inet_ntop(AF_INET, &((struct in_pktinfo *)CMSG_DATA(ctrlhdr))->ipi_addr, tmp, sizeof(tmp)));
struct in_pktinfo *pktinfo = (struct in_pktinfo *)CMSG_DATA(ctrlhdr);
debug(DBG_DBG, "udp packet to: %s", inet_ntop(AF_INET, &(pktinfo->ipi_addr), tmp, sizeof(tmp)));

((struct sockaddr_in *)to)->sin_addr = ((struct in_pktinfo *)CMSG_DATA(ctrlhdr))->ipi_addr;
((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr;
toaddrfound = 1;
} else if(ctrlhdr->cmsg_level == IPPROTO_IPV6 && ctrlhdr->cmsg_type == IPV6_RECVPKTINFO) {
}
#elif defined(IP_RECVDSTADDR)
if(ctrlhdr->cmsg_level == IPPROTO_IP && ctrlhdr->cmsg_type == IP_RECVDSTADDR) {
struct in_addr *addr = (struct in_addr *)CMSG_DATA(ctrlhdr);
debug(DBG_DBG, "udp packet to: %s", inet_ntop(AF_INET, addr, tmp, sizeof(tmp)));

((struct sockaddr_in *)to)->sin_addr = *addr;
toaddrfound = 1;
}
#endif
if(ctrlhdr->cmsg_level == IPPROTO_IPV6 && ctrlhdr->cmsg_type == IPV6_RECVPKTINFO) {
info6 = (struct in6_pktinfo *)CMSG_DATA(ctrlhdr);
debug(DBG_DBG, "udp packet to: %x", inet_ntop(AF_INET6, &info6->ipi6_addr, tmp, sizeof(tmp)));

Expand Down Expand Up @@ -502,9 +514,10 @@ void *dtlslistener(void *arg) {
return NULL;
}

int dtlsconnect(struct server *server, struct timeval *when, int timeout, char *text) {
struct timeval socktimeout, now, start = {0,0};
int dtlsconnect(struct server *server, int timeout, char *text) {
struct timeval socktimeout, now, start;
time_t wait;
int firsttry = 1;
X509 *cert;
SSL_CTX *ctx = NULL;
struct hostportres *hp;
Expand All @@ -520,12 +533,7 @@ int dtlsconnect(struct server *server, struct timeval *when, int timeout, char *
pthread_mutex_unlock(&server->lock);

hp = (struct hostportres *)list_first(server->conf->hostports)->data;

gettimeofday(&now, NULL);
if (when && (now.tv_sec - when->tv_sec) < 30 ) {
/* last connection was less than 30s ago. Delay next attempt */
start.tv_sec = now.tv_sec + 30 - (now.tv_sec - when->tv_sec);
}
gettimeofday(&start, NULL);

for (;;) {
/* ensure previous connection is properly closed */
Expand All @@ -537,30 +545,18 @@ int dtlsconnect(struct server *server, struct timeval *when, int timeout, char *
SSL_free(server->ssl);
server->ssl = NULL;

/* no sleep at startup or at first try */
if (start.tv_sec) {
gettimeofday(&now, NULL);
wait = abs(now.tv_sec - start.tv_sec);
wait = wait > 60 ? 60 : wait;

if (timeout && (now.tv_sec - start.tv_sec) > timeout) {
debug(DBG_DBG, "tlsconnect: timeout");
return 0;
}
wait = connect_wait(start, server->connecttime, firsttry);
debug(DBG_INFO, "Next connection attempt to %s in %lds", server->conf->name, wait);
sleep(wait);
firsttry = 0;

if (wait < 1)
sleep(2);
else {
debug(DBG_INFO, "Next connection attempt to %s in %lds", server->conf->name, wait);
sleep(wait);
}
debug(DBG_INFO, "tlsconnect: retry connecting to %s", server->conf->name);
} else {
gettimeofday(&start, NULL);
gettimeofday(&now, NULL);
if (timeout && (now.tv_sec - start.tv_sec) > timeout) {
debug(DBG_DBG, "tlsconnect: timeout");
return 0;
}
/* done sleeping */

debug(DBG_WARN, "dtlsconnect: trying to open DTLS connection to %s port %s", hp->host, hp->port);
debug(DBG_INFO, "dtlsconnect: connecting to %s port %s", hp->host, hp->port);

if ((server->sock = bindtoaddr(srcres, hp->addrinfo->ai_family, 0)) < 0)
continue;
Expand Down Expand Up @@ -605,7 +601,7 @@ int dtlsconnect(struct server *server, struct timeval *when, int timeout, char *

pthread_mutex_lock(&server->lock);
server->state = RSP_SERVER_STATE_CONNECTED;
gettimeofday(&server->lastconnecttry, NULL);
gettimeofday(&server->connecttime, NULL);
pthread_mutex_unlock(&server->lock);
pthread_mutex_lock(&server->newrq_mutex);
server->conreset = 1;
Expand Down Expand Up @@ -647,19 +643,16 @@ int clientradputdtls(struct server *server, unsigned char *rad) {
void *dtlsclientrd(void *arg) {
struct server *server = (struct server *)arg;
unsigned char *buf;
struct timeval lastconnecttry;

for (;;) {
/* yes, lastconnecttry is really necessary */
lastconnecttry = server->lastconnecttry;
buf = raddtlsget(server->ssl, 5, &server->lock);
if (!buf) {
if(SSL_get_shutdown(server->ssl) || server->lostrqs) {
if (SSL_get_shutdown(server->ssl))
debug (DBG_WARN, "tlscleintrd: connection to server %s lost", server->conf->name);
else if (server->lostrqs)
debug (DBG_WARN, "dtlsclientrd: server %s did not respond, closing connection.", server->conf->name);
dtlsconnect(server, &lastconnecttry, 0, "dtlsclientrd");
dtlsconnect(server, 0, "dtlsclientrd");
server->lostrqs = 0;
}
continue;
Expand Down
7 changes: 6 additions & 1 deletion radsecproxy.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1823,7 +1823,7 @@ void *clientwr(void *arg) {
laststatsrv = server->lastreply;

if (conf->pdef->connecter) {
if (!conf->pdef->connecter(server, NULL, server->dynamiclookuparg ? 5 : 0, "clientwr")) {
if (!conf->pdef->connecter(server, server->dynamiclookuparg ? 5 : 0, "clientwr")) {
server->state = RSP_SERVER_STATE_FAILING;
if (server->dynamiclookuparg) {
debug(DBG_WARN, "%s: connect failed, sleeping %ds",
Expand Down Expand Up @@ -2009,8 +2009,13 @@ void createlistener(uint8_t type, char *arg) {
if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &on, sizeof(on)) == -1)
debugerrno(errno, DBG_WARN, "craetelistener: IPV6_RECVPKTINFO");
} else if (res->ai_family == AF_INET) {
#if defined(IP_PKTINFO)
if (setsockopt(s, IPPROTO_IP, IP_PKTINFO, &on, sizeof(on)) == -1)
debugerrno(errno, DBG_WARN, "createlistener: IP_PKTINFO");
#elif defined(IP_RECVDSTADDR)
if (setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on)) == -1)
debugerrno(errno, DBG_WARN, "createlistener: IP_RECVDSTADDR");
#endif
}
}
if (bind(s, res->ai_addr, res->ai_addrlen)) {
Expand Down
8 changes: 4 additions & 4 deletions radsecproxy.conf.5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ See \fIradsecproxy.conf\-example\fR for details.
The FTicksMAC option has the same function as LogMAC for FTicks. The default for
FTicksMAC is \fBVendorKeyHashed\fR which needs \fBFTicksKey\fR to be set.

Before chosing any of
Before choosing any of
.BR Original ,
.BR FullyHashed
or
Expand Down Expand Up @@ -466,7 +466,7 @@ Apply the operations in the specified \fIrewrite\fR block on incoming (request)
or outgoing (response) messages from this client. Rewriting incoming messages is
done before, outgoing after other processing. If the \fBRewriteIn\fR is not
configured, the rewrite blocks \fBdefaultClient\fR or \fBdefault\fR will be
applied if defined. No default blocks are appied for \fBRewriteOut\fR.
applied if defined. No default blocks are applied for \fBRewriteOut\fR.
.RE

.BI "RewriteAttribute User-Name:/" regex / replace /
Expand Down Expand Up @@ -581,7 +581,7 @@ Apply the operations in the specified \fIrewrite\fR block on outgoing (request)
or incoming (response) messages to/from this server. Rewriting outgoing messages is
done after, incoming before other processing. If the \fBRewriteIn\fR is not
configured, the rewrite blocks \fBdefaultServer\fR or \fBdefault\fR will be
applied if defined. No default blocks are appied for \fBRewriteOut\fR.
applied if defined. No default blocks are applied for \fBRewriteOut\fR.
.RE

.BR "LoopPrevention (" on | off)
Expand Down Expand Up @@ -811,7 +811,7 @@ block are:

.BI "AddAttribute " attribute \fR: value
.RS
Add an \fIattribute\fR to the radius mesage and set it to \fIvalue\fR. The
Add an \fIattribute\fR to the radius message and set it to \fIvalue\fR. The
\fIattribute\fR must be specified using the numerical attribute id. The
\fIvalue\fR can either be numerical, a string, or a hex value. See the
\fBCONFIGURATION SYNTAX\fR section for details.
Expand Down
4 changes: 2 additions & 2 deletions radsecproxy.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ struct server {
pthread_mutex_t lock;
pthread_t clientth;
uint8_t clientrdgone;
struct timeval lastconnecttry;
struct timeval connecttime;
struct timeval lastreply;
enum rsp_server_state state;
uint8_t lostrqs;
Expand Down Expand Up @@ -244,7 +244,7 @@ struct protodefs {
void (*setprotoopts)(struct commonprotoopts *);
char **(*getlistenerargs)();
void *(*listener)(void*);
int (*connecter)(struct server *, struct timeval *, int, char *);
int (*connecter)(struct server *, int, char *);
void *(*clientconnreader)(void*);
int (*clientradput)(struct server *, unsigned char *);
void (*addclient)(struct client *);
Expand Down
56 changes: 19 additions & 37 deletions tcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
static void setprotoopts(struct commonprotoopts *opts);
static char **getlistenerargs();
void *tcplistener(void *arg);
int tcpconnect(struct server *server, struct timeval *when, int timeout, char * text);
int tcpconnect(struct server *server, int timeout, char * text);
void *tcpclientrd(void *arg);
int clientradputtcp(struct server *server, unsigned char *rad);
void tcpsetsrcres();
Expand Down Expand Up @@ -79,8 +79,9 @@ void tcpsetsrcres() {
AF_UNSPEC, NULL, protodefs.socktype);
}

int tcpconnect(struct server *server, struct timeval *when, int timeout, char *text) {
struct timeval now, start = {0,0};
int tcpconnect(struct server *server, int timeout, char *text) {
struct timeval now, start;
int firsttry = 1;
time_t wait;

debug(DBG_DBG, "tcpconnect: called from %s", text);
Expand All @@ -89,51 +90,35 @@ int tcpconnect(struct server *server, struct timeval *when, int timeout, char *t
if (server->state == RSP_SERVER_STATE_CONNECTED)
server->state = RSP_SERVER_STATE_RECONNECTING;

gettimeofday(&now, NULL);
if (when && (now.tv_sec - when->tv_sec) < 30 ) {
/* last connection was less than 30s ago. Delay next attempt */
start.tv_sec = now.tv_sec + 30 - (now.tv_sec - when->tv_sec);
}
gettimeofday(&start, NULL);

for (;;) {
if (server->sock >= 0)
close(server->sock);
server->sock = -1;

/* no sleep at startup or at first try */
if (start.tv_sec) {
gettimeofday(&now, NULL);
wait = abs(now.tv_sec - start.tv_sec);
wait = wait > 60 ? 60 : wait;

if (timeout && (now.tv_sec - start.tv_sec) > timeout) {
debug(DBG_DBG, "tlsconnect: timeout");
pthread_mutex_unlock(&server->lock);
return 0;
}

/* give up lock while sleeping for next try */
pthread_mutex_unlock(&server->lock);
if (wait < 1)
sleep(2);
else {
debug(DBG_INFO, "Next connection attempt to %s in %lds", server->conf->name, wait);
sleep(wait);
}
pthread_mutex_lock(&server->lock);
debug(DBG_INFO, "tlsconnect: retry connecting to %s", server->conf->name);
} else {
gettimeofday(&start, NULL);
pthread_mutex_unlock(&server->lock);
wait = connect_wait(start, server->connecttime, firsttry);
debug(DBG_INFO, "Next connection attempt to %s in %lds", server->conf->name, wait);
sleep(wait);
firsttry = 0;

gettimeofday(&now, NULL);
if (timeout && (now.tv_sec - start.tv_sec) > timeout) {
debug(DBG_DBG, "tcpconnect: timeout");
return 0;
}
pthread_mutex_lock(&server->lock);

debug(DBG_INFO, "tcpconnect: connecting to %s", server->conf->name);
if ((server->sock = connecttcphostlist(server->conf->hostports, srcres)) < 0)
continue;
if (server->conf->keepalive)
enable_keepalive(server->sock);
break;
}
server->state = RSP_SERVER_STATE_CONNECTED;
gettimeofday(&server->lastconnecttry, NULL);
gettimeofday(&server->connecttime, NULL);
server->lostrqs = 0;
pthread_mutex_unlock(&server->lock);
pthread_mutex_lock(&server->newrq_mutex);
Expand Down Expand Up @@ -230,16 +215,13 @@ int clientradputtcp(struct server *server, unsigned char *rad) {
void *tcpclientrd(void *arg) {
struct server *server = (struct server *)arg;
unsigned char *buf;
struct timeval lastconnecttry;

for (;;) {
/* yes, lastconnecttry is really necessary */
lastconnecttry = server->lastconnecttry;
buf = radtcpget(server->sock, server->dynamiclookuparg ? IDLE_TIMEOUT : 0);
if (!buf) {
if (server->dynamiclookuparg)
break;
tcpconnect(server, &lastconnecttry, 0, "tcpclientrd");
tcpconnect(server, 0, "tcpclientrd");
continue;
}

Expand Down
Loading

0 comments on commit 818d63f

Please sign in to comment.