Moved generic RADIUS protocol support to a dedicated libradius

2012-02-27 15:18:58 +01:00 · 2012-02-27 15:18:58 +01:00 · f0f94e2ce6
parent 990fda9d88
commit f0f94e2ce6
21 changed files with 101 additions and 67 deletions
--- a/Doxyfile.in
+++ b/Doxyfile.in
@ -532,6 +532,7 @@ INPUT                  = @SRC_DIR@/src/libstrongswan \
                         @SRC_DIR@/src/libcharon \
                         @SRC_DIR@/src/libsimaka \
                         @SRC_DIR@/src/libtls \
+                         @SRC_DIR@/src/libradius \
                         @SRC_DIR@/src/libtnccs \
                         @SRC_DIR@/src/libtncif \
                         @SRC_DIR@/src/libfast \
--- a/configure.in
+++ b/configure.in
@ -252,6 +252,10 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue; then
 	tls=true;
 fi

+if test x$eap_radius = xtrue; then
+	radius=true;
+fi
+
 if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
 	tnc_tnccs=true;
 fi
@ -1052,6 +1056,7 @@ AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
 AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue)
 AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
 AM_CONDITIONAL(USE_TLS, test x$tls = xtrue)
+AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue)
 AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue)
 AM_CONDITIONAL(USE_PTS, test x$pts = xtrue)
 AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
@ -1130,6 +1135,7 @@ AC_OUTPUT(
 	src/libfreeswan/Makefile
 	src/libsimaka/Makefile
 	src/libtls/Makefile
+	src/libradius/Makefile
 	src/libtncif/Makefile
 	src/libtnccs/Makefile
 	src/libpts/Makefile
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -16,6 +16,10 @@ if USE_TLS
  SUBDIRS += libtls
 endif

+if USE_RADIUS
+  SUBDIRS += libradius
+endif
+
 if USE_LIBTNCIF
  SUBDIRS += libtncif
 endif
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@ -45,6 +45,11 @@ if USE_TLS
  libs += $(DESTDIR)$(ipseclibdir)/libtls.so
 endif

+if USE_RADIUS
+  deps += $(top_builddir)/src/libradius/libradius.la
+  libs += $(DESTDIR)$(ipseclibdir)/libradius.so
+endif
+
 if USE_LIBTNCCS
  deps += $(top_builddir)/src/libtnccs/libtnccs.la
  libs += $(DESTDIR)$(ipseclibdir)/libtnccs.so
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@ -326,6 +326,13 @@ if MONOLITHIC
 endif
 endif

+if USE_RADIUS
+if MONOLITHIC
+  # otherwise this library is linked to eap_radius
+  libcharon_la_LIBADD += $(top_builddir)/src/libradius/libradius.la
+endif
+endif
+
 if USE_TNC_IFMAP
  SUBDIRS += plugins/tnc_ifmap
 if MONOLITHIC
--- a/src/libcharon/plugins/eap_radius/Makefile.am
+++ b/src/libcharon/plugins/eap_radius/Makefile.am
@ -1,12 +1,13 @@

 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-	-I$(top_srcdir)/src/libcharon
+	-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libradius

 AM_CFLAGS = -rdynamic

 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-eap-radius.la
 else
+libstrongswan_eap_radius_la_LIBADD = $(top_builddir)/src/libradius/libradius.la
 plugin_LTLIBRARIES = libstrongswan-eap-radius.la
 endif

@ -15,10 +16,6 @@ libstrongswan_eap_radius_la_SOURCES = \
 	eap_radius.h eap_radius.c \
 	eap_radius_accounting.h eap_radius_accounting.c \
 	eap_radius_dae.h eap_radius_dae.c \
-	eap_radius_forward.h eap_radius_forward.c \
-	radius_server.h radius_server.c \
-	radius_socket.h radius_socket.c \
-	radius_client.h radius_client.c \
-	radius_message.h radius_message.c
+	eap_radius_forward.h eap_radius_forward.c

 libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@ -14,10 +14,11 @@
 */

 #include "eap_radius.h"
+#include "eap_radius_plugin.h"
 #include "eap_radius_forward.h"

-#include "radius_message.h"
-#include "radius_client.h"
+#include <radius_message.h>
+#include <radius_client.h>

 #include <daemon.h>

@ -462,7 +463,7 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
 								"charon.plugins.eap-radius.filter_id", FALSE),

 	);
-	this->client = radius_client_create();
+	this->client = eap_radius_create_client();
 	if (!this->client)
 	{
 		free(this);
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@ -14,11 +14,12 @@
 */

 #include "eap_radius_accounting.h"
+#include "eap_radius_plugin.h"

 #include <time.h>

-#include "radius_message.h"
-#include "radius_client.h"
+#include <radius_message.h>
+#include <radius_client.h>
 #include <daemon.h>
 #include <utils/hashtable.h>
 #include <threading/mutex.h>
@ -125,7 +126,7 @@ static bool send_message(private_eap_radius_accounting_t *this,
 	radius_client_t *client;
 	bool ack = FALSE;

-	client = radius_client_create();
+	client = eap_radius_create_client();
 	if (client)
 	{
 		response = client->request(client, request);
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@ -15,7 +15,7 @@

 #include "eap_radius_dae.h"

-#include "radius_message.h"
+#include <radius_message.h>

 #include <sys/types.h>
 #include <sys/stat.h>
--- a/src/libcharon/plugins/eap_radius/eap_radius_forward.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.h
@ -15,13 +15,13 @@

 /**
 * @defgroup eap_radius_forward eap_radius_forward
- * @{ @ingroup
+ * @{ @ingroup eap_radius
 */

 #ifndef EAP_RADIUS_FORWARD_H_
 #define EAP_RADIUS_FORWARD_H_

-#include "radius_message.h"
+#include <radius_message.h>

 #include <bus/listeners/listener.h>

--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@ -19,8 +19,9 @@
 #include "eap_radius_accounting.h"
 #include "eap_radius_dae.h"
 #include "eap_radius_forward.h"
-#include "radius_client.h"
-#include "radius_server.h"
+
+#include <radius_client.h>
+#include <radius_server.h>

 #include <daemon.h>
 #include <threading/rwlock.h>
@ -261,15 +262,43 @@ plugin_t *eap_radius_plugin_create()
 /**
 * See header
 */
-enumerator_t *eap_radius_create_server_enumerator()
+radius_client_t *eap_radius_create_client()
 {
 	if (instance)
 	{
+		enumerator_t *enumerator;
+		radius_server_t *server, *selected = NULL;
+		int current, best = -1;
+
 		instance->lock->read_lock(instance->lock);
-		return enumerator_create_cleaner(
-					instance->servers->create_enumerator(instance->servers),
-					(void*)instance->lock->unlock, instance->lock);
+		enumerator = instance->servers->create_enumerator(instance->servers);
+		while (enumerator->enumerate(enumerator, &server))
+		{
+			current = server->get_preference(server);
+			if (current > best ||
+				/* for two with equal preference, 50-50 chance */
+				(current == best && random() % 2 == 0))
+			{
+				DBG2(DBG_CFG, "RADIUS server '%s' is candidate: %d",
+					 server->get_name(server), current);
+				best = current;
+				DESTROY_IF(selected);
+				selected = server->get_ref(server);
+			}
+			else
+			{
+				DBG2(DBG_CFG, "RADIUS server '%s' skipped: %d",
+					 server->get_name(server), current);
+			}
+		}
+		enumerator->destroy(enumerator);
+		instance->lock->unlock(instance->lock);
+
+		if (selected)
+		{
+			return radius_client_create(selected);
+		}
 	}
-	return enumerator_create_empty();
+	return NULL;
 }

--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
@ -25,7 +25,8 @@
 #define EAP_RADIUS_PLUGIN_H_

 #include <plugins/plugin.h>
-#include <utils/enumerator.h>
+
+#include <radius_client.h>

 typedef struct eap_radius_plugin_t eap_radius_plugin_t;

@ -44,10 +45,10 @@ struct eap_radius_plugin_t {
 };

 /**
- * Create an enumerator over all loaded RADIUS servers.
+ * Get a RADIUS client instance to connect to servers.
 *
- * @return			enumerator over radius_server_t
+ * @return			RADIUS client
 */
-enumerator_t *eap_radius_create_server_enumerator();
+radius_client_t *eap_radius_create_client();

 #endif /** EAP_RADIUS_PLUGIN_H_ @}*/
--- a/src/libradius/Makefile.am
+++ b/src/libradius/Makefile.am
@ -0,0 +1,9 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+ipseclib_LTLIBRARIES = libradius.la
+libradius_la_SOURCES = \
+	radius_message.h radius_message.c \
+	radius_socket.h radius_socket.c \
+	radius_client.h radius_client.c \
+	radius_server.h radius_server.c
--- a/src/libcharon/plugins/eap_radius/radius_client.c
+++ b/src/libcharon/plugins/eap_radius/radius_client.c
@ -14,8 +14,6 @@
 */

 #include "radius_client.h"
-
-#include "eap_radius_plugin.h"
 #include "radius_server.h"

 #include <unistd.h>
@ -137,12 +135,9 @@ METHOD(radius_client_t, destroy, void,
 /**
 * See header
 */
-radius_client_t *radius_client_create()
+radius_client_t *radius_client_create(radius_server_t *server)
 {
 	private_radius_client_t *this;
-	enumerator_t *enumerator;
-	radius_server_t *server;
-	int current, best = -1;

 	INIT(this,
 		.public = {
@ -150,36 +145,8 @@ radius_client_t *radius_client_create()
 			.get_msk = _get_msk,
 			.destroy = _destroy,
 		},
+		.server = server,
 	);

-	enumerator = eap_radius_create_server_enumerator();
-	while (enumerator->enumerate(enumerator, &server))
-	{
-		current = server->get_preference(server);
-		if (current > best ||
-			/* for two with equal preference, 50-50 chance */
-			(current == best && random() % 2 == 0))
-		{
-			DBG2(DBG_CFG, "RADIUS server '%s' is candidate: %d",
-				 server->get_name(server), current);
-			best = current;
-			DESTROY_IF(this->server);
-			this->server = server->get_ref(server);
-		}
-		else
-		{
-			DBG2(DBG_CFG, "RADIUS server '%s' skipped: %d",
-				 server->get_name(server), current);
-		}
-	}
-	enumerator->destroy(enumerator);
-
-	if (!this->server)
-	{
-		free(this);
-		return NULL;
-	}
-
 	return &this->public;
 }
-
--- a/src/libcharon/plugins/eap_radius/radius_client.h
+++ b/src/libcharon/plugins/eap_radius/radius_client.h
@ -15,13 +15,14 @@

 /**
 * @defgroup radius_client radius_client
- * @{ @ingroup eap_radius
+ * @{ @ingroup libradius
 */

 #ifndef RADIUS_CLIENT_H_
 #define RADIUS_CLIENT_H_

 #include "radius_message.h"
+#include "radius_server.h"

 typedef struct radius_client_t radius_client_t;

@ -59,8 +60,9 @@ struct radius_client_t {
 /**
 * Create a RADIUS client.
 *
+ * @param server	reference to a server configuration, gets owned
 * @return			radius_client_t object
 */
-radius_client_t *radius_client_create();
+radius_client_t *radius_client_create(radius_server_t *server);

 #endif /** RADIUS_CLIENT_H_ @}*/
--- a/src/libcharon/plugins/eap_radius/radius_message.c
+++ b/src/libcharon/plugins/eap_radius/radius_message.c
@ -488,4 +488,3 @@ radius_message_t *radius_message_parse(chunk_t data)
 	}
 	return &this->public;
 }
-
--- a/src/libcharon/plugins/eap_radius/radius_message.h
+++ b/src/libcharon/plugins/eap_radius/radius_message.h
@ -14,8 +14,13 @@
 */

 /**
+ * @defgroup libradius libradius
+ *
+ * @addtogroup libradius
+ * RADIUS protocol support library.
+ *
 * @defgroup radius_message radius_message
- * @{ @ingroup eap_radius
+ * @{ @ingroup libradius
 */

 #ifndef RADIUS_MESSAGE_H_
--- a/src/libcharon/plugins/eap_radius/radius_server.c
+++ b/src/libcharon/plugins/eap_radius/radius_server.c
--- a/src/libcharon/plugins/eap_radius/radius_server.h
+++ b/src/libcharon/plugins/eap_radius/radius_server.h
@ -15,7 +15,7 @@

 /**
 * @defgroup radius_server radius_server
- * @{ @ingroup eap_radius
+ * @{ @ingroup libradius
 */

 #ifndef RADIUS_SERVER_H_
--- a/src/libcharon/plugins/eap_radius/radius_socket.c
+++ b/src/libcharon/plugins/eap_radius/radius_socket.c
--- a/src/libcharon/plugins/eap_radius/radius_socket.h
+++ b/src/libcharon/plugins/eap_radius/radius_socket.h
@ -15,7 +15,7 @@

 /**
 * @defgroup radius_socket radius_socket
- * @{ @ingroup eap_radius
+ * @{ @ingroup libradius
 */

 #ifndef RADIUS_SOCKET_H_