From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 10 May 2011 12:55:32 +0000 (+0200)
Subject: Parse TLS configuration for home servers
X-Git-Tag: release_3_0_0_beta0~862
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2905a0382df9a864a164ad51feca1f2ddddf086c;p=thirdparty%2Ffreeradius-server.git

Parse TLS configuration for home servers
---

diff --git a/src/include/realms.h b/src/include/realms.h
index 0d4cb067950..f32c51533e6 100644
--- a/src/include/realms.h
+++ b/src/include/realms.h
@@ -89,6 +89,9 @@ typedef struct home_server {
 	int			coa_mrt;
 	int			coa_mrd;
 #endif
+#ifdef WITH_TLS
+	fr_tls_server_conf_t	*tls;
+#endif
 #ifdef WITH_STATS
 	int		number;
 
diff --git a/src/main/realms.c b/src/main/realms.c
index 5d643c34c74..14cd18ce696 100644
--- a/src/main/realms.c
+++ b/src/main/realms.c
@@ -124,6 +124,18 @@ static int realm_name_cmp(const void *one, const void *two)
 
 
 #ifdef WITH_PROXY
+static void home_server_free(void *data)
+{
+	home_server *home = data;
+
+#ifdef WITH_TLS
+	tls_server_conf_free(home->tls);
+	home->tls = NULL;
+#endif
+
+	free(home);
+}
+
 static int home_server_name_cmp(const void *one, const void *two)
 {
 	const home_server *a = one;
@@ -405,6 +417,7 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs)
 	home_server *home;
 	int dual = FALSE;
 	CONF_PAIR *cp;
+	CONF_SECTION *tls;
 
 	free(hs_virtual_server); /* used only for printing during parsing */
 	hs_virtual_server = NULL;
@@ -618,6 +631,11 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs)
 		goto error;
 	}
 
+	/*
+	 *	Check the TLS configuration.
+	 */
+	tls = cf_section_sub_find(cs, "tls");
+
 	/*
 	 *	If the home is a virtual server, don't look up source IP.
 	 */
@@ -641,6 +659,30 @@ static int home_server_add(realm_config_t *rc, CONF_SECTION *cs)
 			 */
 			home->src_ipaddr.af = home->ipaddr.af;
 		}
+
+		if (tls && (home->proto != IPPROTO_TCP)) {
+			cf_log_err(cf_sectiontoitem(cs), "TLS transport is not available for UDP sockets.");
+			goto error;
+		}
+
+#ifndef WITH_TLS
+		cf_log_err(cf_sectiontoitem(cs), "TLS transport is not available in this executable.");
+		goto error;
+#else
+		/*
+		 *	Parse the SSL client configuration.
+		 */
+		if (tls) {
+			home->tls = tls_client_conf_parse(tls);
+			if (!home->tls) {
+				goto error;
+			}
+		}
+#endif
+
+	} else if (tls) {
+		cf_log_err(cf_sectiontoitem(cs), "Virtual home_servers cannot have a \"tls\" subsection");
+		goto error;
 	}
 
 	free(hs_srcipaddr);
@@ -1752,7 +1794,7 @@ int realms_init(CONF_SECTION *config)
 	}
 
 #ifdef WITH_PROXY
-	home_servers_byaddr = rbtree_create(home_server_addr_cmp, free, 0);
+	home_servers_byaddr = rbtree_create(home_server_addr_cmp, home_server_free, 0);
 	if (!home_servers_byaddr) {
 		realms_free();
 		return 0;