From f0f94e2ce6eac9893498c50e5155a0085229fe8c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 27 Feb 2012 15:18:58 +0100 Subject: [PATCH] Moved generic RADIUS protocol support to a dedicated libradius --- Doxyfile.in | 1 + configure.in | 6 +++ src/Makefile.am | 4 ++ src/checksum/Makefile.am | 5 +++ src/libcharon/Makefile.am | 7 +++ src/libcharon/plugins/eap_radius/Makefile.am | 9 ++-- src/libcharon/plugins/eap_radius/eap_radius.c | 7 +-- .../eap_radius/eap_radius_accounting.c | 7 +-- .../plugins/eap_radius/eap_radius_dae.c | 2 +- .../plugins/eap_radius/eap_radius_forward.h | 4 +- .../plugins/eap_radius/eap_radius_plugin.c | 43 ++++++++++++++++--- .../plugins/eap_radius/eap_radius_plugin.h | 9 ++-- src/libradius/Makefile.am | 9 ++++ .../eap_radius => libradius}/radius_client.c | 37 +--------------- .../eap_radius => libradius}/radius_client.h | 6 ++- .../eap_radius => libradius}/radius_message.c | 1 - .../eap_radius => libradius}/radius_message.h | 7 ++- .../eap_radius => libradius}/radius_server.c | 0 .../eap_radius => libradius}/radius_server.h | 2 +- .../eap_radius => libradius}/radius_socket.c | 0 .../eap_radius => libradius}/radius_socket.h | 2 +- 21 files changed, 101 insertions(+), 67 deletions(-) create mode 100644 src/libradius/Makefile.am rename src/{libcharon/plugins/eap_radius => libradius}/radius_client.c (81%) rename src/{libcharon/plugins/eap_radius => libradius}/radius_client.h (90%) rename src/{libcharon/plugins/eap_radius => libradius}/radius_message.c (99%) rename src/{libcharon/plugins/eap_radius => libradius}/radius_message.h (98%) rename src/{libcharon/plugins/eap_radius => libradius}/radius_server.c (100%) rename src/{libcharon/plugins/eap_radius => libradius}/radius_server.h (99%) rename src/{libcharon/plugins/eap_radius => libradius}/radius_socket.c (100%) rename src/{libcharon/plugins/eap_radius => libradius}/radius_socket.h (98%) diff --git a/Doxyfile.in b/Doxyfile.in index 524d639e0..7fb516190 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -532,6 +532,7 @@ INPUT = @SRC_DIR@/src/libstrongswan \ @SRC_DIR@/src/libcharon \ @SRC_DIR@/src/libsimaka \ @SRC_DIR@/src/libtls \ + @SRC_DIR@/src/libradius \ @SRC_DIR@/src/libtnccs \ @SRC_DIR@/src/libtncif \ @SRC_DIR@/src/libfast \ diff --git a/configure.in b/configure.in index 2b13a949f..a463c4826 100644 --- a/configure.in +++ b/configure.in @@ -252,6 +252,10 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue; then tls=true; fi +if test x$eap_radius = xtrue; then + radius=true; +fi + if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then tnc_tnccs=true; fi @@ -1052,6 +1056,7 @@ AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue) AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) AM_CONDITIONAL(USE_TLS, test x$tls = xtrue) +AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue) AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue) AM_CONDITIONAL(USE_PTS, test x$pts = xtrue) AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) @@ -1130,6 +1135,7 @@ AC_OUTPUT( src/libfreeswan/Makefile src/libsimaka/Makefile src/libtls/Makefile + src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libpts/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 041bd480f..1440de20f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -16,6 +16,10 @@ if USE_TLS SUBDIRS += libtls endif +if USE_RADIUS + SUBDIRS += libradius +endif + if USE_LIBTNCIF SUBDIRS += libtncif endif diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index a55891a29..58292a45a 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -45,6 +45,11 @@ if USE_TLS libs += $(DESTDIR)$(ipseclibdir)/libtls.so endif +if USE_RADIUS + deps += $(top_builddir)/src/libradius/libradius.la + libs += $(DESTDIR)$(ipseclibdir)/libradius.so +endif + if USE_LIBTNCCS deps += $(top_builddir)/src/libtnccs/libtnccs.la libs += $(DESTDIR)$(ipseclibdir)/libtnccs.so diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index b50ea2507..fba51c662 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -326,6 +326,13 @@ if MONOLITHIC endif endif +if USE_RADIUS +if MONOLITHIC + # otherwise this library is linked to eap_radius + libcharon_la_LIBADD += $(top_builddir)/src/libradius/libradius.la +endif +endif + if USE_TNC_IFMAP SUBDIRS += plugins/tnc_ifmap if MONOLITHIC diff --git a/src/libcharon/plugins/eap_radius/Makefile.am b/src/libcharon/plugins/eap_radius/Makefile.am index 96bfa6fcb..181497ab5 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.am +++ b/src/libcharon/plugins/eap_radius/Makefile.am @@ -1,12 +1,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libradius AM_CFLAGS = -rdynamic if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-radius.la else +libstrongswan_eap_radius_la_LIBADD = $(top_builddir)/src/libradius/libradius.la plugin_LTLIBRARIES = libstrongswan-eap-radius.la endif @@ -15,10 +16,6 @@ libstrongswan_eap_radius_la_SOURCES = \ eap_radius.h eap_radius.c \ eap_radius_accounting.h eap_radius_accounting.c \ eap_radius_dae.h eap_radius_dae.c \ - eap_radius_forward.h eap_radius_forward.c \ - radius_server.h radius_server.c \ - radius_socket.h radius_socket.c \ - radius_client.h radius_client.c \ - radius_message.h radius_message.c + eap_radius_forward.h eap_radius_forward.c libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index f2b47e3f0..051d46ecf 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -14,10 +14,11 @@ */ #include "eap_radius.h" +#include "eap_radius_plugin.h" #include "eap_radius_forward.h" -#include "radius_message.h" -#include "radius_client.h" +#include +#include #include @@ -462,7 +463,7 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer "charon.plugins.eap-radius.filter_id", FALSE), ); - this->client = radius_client_create(); + this->client = eap_radius_create_client(); if (!this->client) { free(this); diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index 25013f62d..45be22704 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -14,11 +14,12 @@ */ #include "eap_radius_accounting.h" +#include "eap_radius_plugin.h" #include -#include "radius_message.h" -#include "radius_client.h" +#include +#include #include #include #include @@ -125,7 +126,7 @@ static bool send_message(private_eap_radius_accounting_t *this, radius_client_t *client; bool ack = FALSE; - client = radius_client_create(); + client = eap_radius_create_client(); if (client) { response = client->request(client, request); diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c index 3ea587309..1cc19afaa 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c @@ -15,7 +15,7 @@ #include "eap_radius_dae.h" -#include "radius_message.h" +#include #include #include diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.h b/src/libcharon/plugins/eap_radius/eap_radius_forward.h index e1a8c4170..2c1dbf7a8 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_forward.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.h @@ -15,13 +15,13 @@ /** * @defgroup eap_radius_forward eap_radius_forward - * @{ @ingroup + * @{ @ingroup eap_radius */ #ifndef EAP_RADIUS_FORWARD_H_ #define EAP_RADIUS_FORWARD_H_ -#include "radius_message.h" +#include #include diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c index e544aaf3e..0caecc1ad 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c @@ -19,8 +19,9 @@ #include "eap_radius_accounting.h" #include "eap_radius_dae.h" #include "eap_radius_forward.h" -#include "radius_client.h" -#include "radius_server.h" + +#include +#include #include #include @@ -261,15 +262,43 @@ plugin_t *eap_radius_plugin_create() /** * See header */ -enumerator_t *eap_radius_create_server_enumerator() +radius_client_t *eap_radius_create_client() { if (instance) { + enumerator_t *enumerator; + radius_server_t *server, *selected = NULL; + int current, best = -1; + instance->lock->read_lock(instance->lock); - return enumerator_create_cleaner( - instance->servers->create_enumerator(instance->servers), - (void*)instance->lock->unlock, instance->lock); + enumerator = instance->servers->create_enumerator(instance->servers); + while (enumerator->enumerate(enumerator, &server)) + { + current = server->get_preference(server); + if (current > best || + /* for two with equal preference, 50-50 chance */ + (current == best && random() % 2 == 0)) + { + DBG2(DBG_CFG, "RADIUS server '%s' is candidate: %d", + server->get_name(server), current); + best = current; + DESTROY_IF(selected); + selected = server->get_ref(server); + } + else + { + DBG2(DBG_CFG, "RADIUS server '%s' skipped: %d", + server->get_name(server), current); + } + } + enumerator->destroy(enumerator); + instance->lock->unlock(instance->lock); + + if (selected) + { + return radius_client_create(selected); + } } - return enumerator_create_empty(); + return NULL; } diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h index cb724364a..1570bd566 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h @@ -25,7 +25,8 @@ #define EAP_RADIUS_PLUGIN_H_ #include -#include + +#include typedef struct eap_radius_plugin_t eap_radius_plugin_t; @@ -44,10 +45,10 @@ struct eap_radius_plugin_t { }; /** - * Create an enumerator over all loaded RADIUS servers. + * Get a RADIUS client instance to connect to servers. * - * @return enumerator over radius_server_t + * @return RADIUS client */ -enumerator_t *eap_radius_create_server_enumerator(); +radius_client_t *eap_radius_create_client(); #endif /** EAP_RADIUS_PLUGIN_H_ @}*/ diff --git a/src/libradius/Makefile.am b/src/libradius/Makefile.am new file mode 100644 index 000000000..8723a78e9 --- /dev/null +++ b/src/libradius/Makefile.am @@ -0,0 +1,9 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +ipseclib_LTLIBRARIES = libradius.la +libradius_la_SOURCES = \ + radius_message.h radius_message.c \ + radius_socket.h radius_socket.c \ + radius_client.h radius_client.c \ + radius_server.h radius_server.c diff --git a/src/libcharon/plugins/eap_radius/radius_client.c b/src/libradius/radius_client.c similarity index 81% rename from src/libcharon/plugins/eap_radius/radius_client.c rename to src/libradius/radius_client.c index 1a67096cb..9c12be4eb 100644 --- a/src/libcharon/plugins/eap_radius/radius_client.c +++ b/src/libradius/radius_client.c @@ -14,8 +14,6 @@ */ #include "radius_client.h" - -#include "eap_radius_plugin.h" #include "radius_server.h" #include @@ -137,12 +135,9 @@ METHOD(radius_client_t, destroy, void, /** * See header */ -radius_client_t *radius_client_create() +radius_client_t *radius_client_create(radius_server_t *server) { private_radius_client_t *this; - enumerator_t *enumerator; - radius_server_t *server; - int current, best = -1; INIT(this, .public = { @@ -150,36 +145,8 @@ radius_client_t *radius_client_create() .get_msk = _get_msk, .destroy = _destroy, }, + .server = server, ); - enumerator = eap_radius_create_server_enumerator(); - while (enumerator->enumerate(enumerator, &server)) - { - current = server->get_preference(server); - if (current > best || - /* for two with equal preference, 50-50 chance */ - (current == best && random() % 2 == 0)) - { - DBG2(DBG_CFG, "RADIUS server '%s' is candidate: %d", - server->get_name(server), current); - best = current; - DESTROY_IF(this->server); - this->server = server->get_ref(server); - } - else - { - DBG2(DBG_CFG, "RADIUS server '%s' skipped: %d", - server->get_name(server), current); - } - } - enumerator->destroy(enumerator); - - if (!this->server) - { - free(this); - return NULL; - } - return &this->public; } - diff --git a/src/libcharon/plugins/eap_radius/radius_client.h b/src/libradius/radius_client.h similarity index 90% rename from src/libcharon/plugins/eap_radius/radius_client.h rename to src/libradius/radius_client.h index e4f3a7222..4ec344be0 100644 --- a/src/libcharon/plugins/eap_radius/radius_client.h +++ b/src/libradius/radius_client.h @@ -15,13 +15,14 @@ /** * @defgroup radius_client radius_client - * @{ @ingroup eap_radius + * @{ @ingroup libradius */ #ifndef RADIUS_CLIENT_H_ #define RADIUS_CLIENT_H_ #include "radius_message.h" +#include "radius_server.h" typedef struct radius_client_t radius_client_t; @@ -59,8 +60,9 @@ struct radius_client_t { /** * Create a RADIUS client. * + * @param server reference to a server configuration, gets owned * @return radius_client_t object */ -radius_client_t *radius_client_create(); +radius_client_t *radius_client_create(radius_server_t *server); #endif /** RADIUS_CLIENT_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/radius_message.c b/src/libradius/radius_message.c similarity index 99% rename from src/libcharon/plugins/eap_radius/radius_message.c rename to src/libradius/radius_message.c index ad8875423..bd3a32f07 100644 --- a/src/libcharon/plugins/eap_radius/radius_message.c +++ b/src/libradius/radius_message.c @@ -488,4 +488,3 @@ radius_message_t *radius_message_parse(chunk_t data) } return &this->public; } - diff --git a/src/libcharon/plugins/eap_radius/radius_message.h b/src/libradius/radius_message.h similarity index 98% rename from src/libcharon/plugins/eap_radius/radius_message.h rename to src/libradius/radius_message.h index 355714505..41cfb51a3 100644 --- a/src/libcharon/plugins/eap_radius/radius_message.h +++ b/src/libradius/radius_message.h @@ -14,8 +14,13 @@ */ /** + * @defgroup libradius libradius + * + * @addtogroup libradius + * RADIUS protocol support library. + * * @defgroup radius_message radius_message - * @{ @ingroup eap_radius + * @{ @ingroup libradius */ #ifndef RADIUS_MESSAGE_H_ diff --git a/src/libcharon/plugins/eap_radius/radius_server.c b/src/libradius/radius_server.c similarity index 100% rename from src/libcharon/plugins/eap_radius/radius_server.c rename to src/libradius/radius_server.c diff --git a/src/libcharon/plugins/eap_radius/radius_server.h b/src/libradius/radius_server.h similarity index 99% rename from src/libcharon/plugins/eap_radius/radius_server.h rename to src/libradius/radius_server.h index 93b0e5d8d..2cc281cc1 100644 --- a/src/libcharon/plugins/eap_radius/radius_server.h +++ b/src/libradius/radius_server.h @@ -15,7 +15,7 @@ /** * @defgroup radius_server radius_server - * @{ @ingroup eap_radius + * @{ @ingroup libradius */ #ifndef RADIUS_SERVER_H_ diff --git a/src/libcharon/plugins/eap_radius/radius_socket.c b/src/libradius/radius_socket.c similarity index 100% rename from src/libcharon/plugins/eap_radius/radius_socket.c rename to src/libradius/radius_socket.c diff --git a/src/libcharon/plugins/eap_radius/radius_socket.h b/src/libradius/radius_socket.h similarity index 98% rename from src/libcharon/plugins/eap_radius/radius_socket.h rename to src/libradius/radius_socket.h index 0301ec6d0..07d642c08 100644 --- a/src/libcharon/plugins/eap_radius/radius_socket.h +++ b/src/libradius/radius_socket.h @@ -15,7 +15,7 @@ /** * @defgroup radius_socket radius_socket - * @{ @ingroup eap_radius + * @{ @ingroup libradius */ #ifndef RADIUS_SOCKET_H_