archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/protocol/proxy/radproxy.h

507 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) 2000, Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // radproxy.h
  8. //
  9. // SYNOPSIS
  10. //
  11. // Declares the interface into the reusable RadiusProxy engine. This should
  12. // have no IAS specific dependencies.
  13. //
  14. // MODIFICATION HISTORY
  15. //
  16. // 02/08/2000 Original version.
  17. // 05/30/2000 Eliminate QUESTIONABLE state.
  18. //
  19. ///////////////////////////////////////////////////////////////////////////////
  21. #ifndef RADPROXY_H
  22. #define RADPROXY_H
  23. #if _MSC_VER >= 1000
  24. #pragma once
  25. #endif
  27. #include <iascache.h>
  28. #include <iasobj.h>
  29. #include <radshare.h>
  30. #include <timerq.h>
  31. #include <udpsock.h>
  33. struct RadiusAttribute;
  34. struct RadiusPacket;
  35. class Request;
  36. class Session;
  38. ///////////////////////////////////////////////////////////////////////////////
  39. //
  40. // CLASS
  41. //
  42. // RemotePort
  43. //
  44. // DESCRIPTION
  45. //
  46. // Describes a remote endpoint for a RADIUS conversation.
  47. //
  48. ///////////////////////////////////////////////////////////////////////////////
  49. class RemotePort
  50. {
  51. public:
  52. // Read-only properties.
  53. const InternetAddress address;
  54. const RadiusOctets secret;
  56. RemotePort(
  57. ULONG ipAddress,
  58. USHORT port,
  59. PCSTR sharedSecret
  60. );
  61. RemotePort(const RemotePort& port);
  63. // Returns a packet identifier to use when sending a request to this port.
  64. BYTE getIdentifier() throw ()
  65. { return (BYTE)++nextIdentifier; }
  67. // Synchronizes this with the state of 'port', i.e., use the same next
  68. // identifier.
  69. void copyState(const RemotePort& port) throw ()
  70. { nextIdentifier = port.nextIdentifier; }
  72. bool operator==(const RemotePort& p) const throw ()
  73. { return address == p.address && secret == p.secret; }
  75. private:
  76. Count nextIdentifier;
  78. // Not implemented.
  79. RemotePort& operator=(RemotePort&);
  80. };
  82. ///////////////////////////////////////////////////////////////////////////////
  83. //
  84. // struct
  85. //
  86. // RemoteServerConfig
  87. //
  88. // DESCRIPTION
  89. //
  90. // Plain ol' data holding all the configuration associated with a
  91. // RemoteServer. This spares clients from having to call a monster
  92. // contructor when creating a remote server.
  93. //
  94. ///////////////////////////////////////////////////////////////////////////////
  95. struct RemoteServerConfig
  96. {
  97. GUID guid;
  98. ULONG ipAddress;
  99. USHORT authPort;
  100. USHORT acctPort;
  101. PCSTR authSecret;
  102. PCSTR acctSecret;
  103. ULONG priority;
  104. ULONG weight;
  105. ULONG timeout;
  106. ULONG maxLost;
  107. ULONG blackout;
  108. bool sendSignature;
  109. bool sendAcctOnOff;
  110. };
  112. ///////////////////////////////////////////////////////////////////////////////
  113. //
  114. // CLASS
  115. //
  116. // RemoteServer
  117. //
  118. // DESCRIPTION
  119. //
  120. // Describes a remote RADIUS server and maintains the state of that server.
  121. //
  122. ///////////////////////////////////////////////////////////////////////////////
  123. class RemoteServer
  124. {
  125. public:
  126. DECLARE_REFERENCE_COUNT();
  128. // Unique ID for this server.
  129. const GUID guid;
  131. // Authentication and accounting ports.
  132. RemotePort authPort;
  133. RemotePort acctPort;
  135. // Read-only properties for load-balancing and failover.
  136. const ULONG priority;
  137. const ULONG weight;
  139. // Read-only properties for determining server state.
  140. const ULONG timeout;
  141. const LONG maxLost;
  142. const ULONG blackout;
  144. // Should we always send a Signature attribute?
  145. const bool sendSignature;
  147. // Should we formard Accounting-On/Off requests?
  148. const bool sendAcctOnOff;
  150. RemoteServer(const RemoteServerConfig& config);
  152. // Returns the servers IP address.
  153. ULONG getAddress() const throw ()
  154. { return authPort.address.sin_addr.s_addr; }
  156. // Returns 'true' if the server is available for use.
  157. bool isAvailable() const throw ()
  158. { return state == AVAILABLE; }
  160. // Returns 'true' if the server should receive a broadcast.
  161. bool shouldBroadcast() throw ();
  163. // Notifies the RemoteServer that a valid packet has been received. Returns
  164. // true if this triggers a state change.
  165. bool onReceive() throw ();
  167. // Notfies the RemoteServer that a request has timed out. Returns true if
  168. // this triggers a state change.
  169. bool onTimeout() throw ();
  171. // Synchronize the state of this server with target.
  172. void copyState(const RemoteServer& target) throw ();
  174. bool operator==(const RemoteServer& s) const throw ();
  176. protected:
  177. // This is virtual so that RemoteServer can server as a base class.
  178. virtual ~RemoteServer() throw () { }
  180. private:
  181. // Possible states of the server.
  182. enum State
  183. {
  184. AVAILABLE, // Server is available for use.
  185. UNAVAILABLE, // Not available but may receive broadcasts.
  186. LOCKED // Locked by a thread; prevents multiple threads from
  187. // simultaneously broadcasting to a server.
  188. };
  190. // Transition the server state; returns 'true' if successful.
  191. bool changeState(State from, State to) throw ();
  193. State state; // Current state of the server.
  194. LONG lostCount; // Number of packets lost since last received.
  195. ULONG64 expiry; // Time when blackout interval expires.
  197. // Not implemented.
  198. RemoteServer& operator=(RemoteServer&);
  199. };
  201. typedef ObjectPointer<RemoteServer> RemoteServerPtr;
  202. typedef ObjectVector<RemoteServer> RemoteServers;
  204. class RequestStack;
  205. class ProxyContext;
  207. ///////////////////////////////////////////////////////////////////////////////
  208. //
  209. // CLASS
  210. //
  211. // ServerGroup
  212. //
  213. // DESCRIPTION
  214. //
  215. // Load balances requests among a group of RemoteServers.
  216. //
  217. ///////////////////////////////////////////////////////////////////////////////
  218. class ServerGroup
  219. {
  220. public:
  221. DECLARE_REFERENCE_COUNT();
  223. ServerGroup(
  224. PCWSTR groupName,
  225. RemoteServer* const* first,
  226. RemoteServer* const* last
  227. );
  229. // Returns the number of servers in the group.
  230. ULONG size() const throw ()
  231. { return servers.size(); }
  233. bool isEmpty() const throw ()
  234. { return servers.empty(); }
  236. // Name used to identify the group.
  237. PCWSTR getName() const throw ()
  238. { return name; }
  240. // Returns a collection of servers that should receive the request.
  241. void getServersForRequest(
  242. ProxyContext* context,
  243. BYTE packetCode,
  244. RequestStack& result
  245. ) const;
  247. // Methods for iterating the servers in the group.
  248. RemoteServers::iterator begin() const throw ()
  249. { return servers.begin(); }
  250. RemoteServers::iterator end() const throw ()
  251. { return servers.end(); }
  253. private:
  254. ~ServerGroup() throw () { }
  256. // Pick a server from the list. The list must not be empty, and all the
  257. // servers must have the same priority.
  258. static RemoteServer* pickServer(
  259. RemoteServers::iterator first,
  260. RemoteServers::iterator last
  261. ) throw ();
  263. // Array of servers in priority order.
  264. RemoteServers servers;
  266. // End of top priority level in array.
  267. RemoteServers::iterator endTopPriority;
  269. // Maximum number of bytes required to hold the server candidates.
  270. ULONG maxCandidatesSize;
  272. RadiusString name;
  274. static ULONG theSeed;
  276. // Not implemented.
  277. ServerGroup(const ServerGroup&);
  278. ServerGroup& operator=(const ServerGroup&);
  279. };
  281. typedef ObjectPointer<ServerGroup> ServerGroupPtr;
  282. typedef ObjectVector<ServerGroup> ServerGroups;
  284. ///////////////////////////////////////////////////////////////////////////////
  285. //
  286. // CLASS
  287. //
  288. // ServerGroupManager
  289. //
  290. // DESCRIPTION
  291. //
  292. // Manages a collection of ServerGroups.
  293. //
  294. ///////////////////////////////////////////////////////////////////////////////
  295. class ServerGroupManager
  296. {
  297. public:
  298. ServerGroupManager() throw () { }
  300. // Set the server groups to be managed.
  301. bool setServerGroups(
  302. ServerGroups::iterator begin,
  303. ServerGroups::iterator end
  304. ) throw ();
  306. // Returns a server with the given IP address.
  307. RemoteServerPtr findServer(
  308. ULONG address
  309. ) const throw ();
  311. void getServersByGroup(
  312. ProxyContext* context,
  313. BYTE packetCode,
  314. PCWSTR name,
  315. RequestStack& result
  316. ) const;
  318. void getServersForAcctOnOff(
  319. ProxyContext* context,
  320. RequestStack& result
  321. ) const;
  323. private:
  324. // Synchronize access.
  325. mutable RWLock monitor;
  327. // Server groups being managed sorted by name.
  328. ServerGroups groups;
  330. // All servers sorted by guid.
  331. RemoteServers byAddress;
  333. // All servers sorted by guid.
  334. RemoteServers byGuid;
  336. // Servers to receive Accounting-On/Off requests.
  337. RemoteServers acctServers;
  339. // Not implemented.
  340. ServerGroupManager(const ServerGroupManager&);
  341. ServerGroupManager& operator=(const ServerGroupManager&);
  342. };
  344. class RadiusProxyClient;
  346. ///////////////////////////////////////////////////////////////////////////////
  347. //
  348. // CLASS
  349. //
  350. // RadiusProxyEngine
  351. //
  352. // DESCRIPTION
  353. //
  354. // Implements a RADIUS proxy.
  355. //
  356. ///////////////////////////////////////////////////////////////////////////////
  357. class RadiusProxyEngine : PacketReceiver
  358. {
  359. public:
  361. // Final result of processing a request.
  362. enum Result
  363. {
  364. resultSuccess,
  365. resultNotEnoughMemory,
  366. resultUnknownServerGroup,
  367. resultUnknownServer,
  368. resultInvalidRequest,
  369. resultSendError,
  370. resultRequestTimeout
  371. };
  373. RadiusProxyEngine(RadiusProxyClient* source);
  374. ~RadiusProxyEngine() throw ();
  376. // Set the server groups to be used by the proxy.
  377. bool setServerGroups(
  378. ServerGroup* const* begin,
  379. ServerGroup* const* end
  380. ) throw ();
  382. // Forward a request to the given server group.
  383. void forwardRequest(
  384. PVOID context,
  385. PCWSTR serverGroup,
  386. BYTE code,
  387. const BYTE* requestAuthenticator,
  388. const RadiusAttribute* begin,
  389. const RadiusAttribute* end
  390. ) throw ();
  392. // Callback when a request context has been abandoned.
  393. static void onRequestAbandoned(
  394. PVOID context,
  395. RemoteServer* server
  396. ) throw ();
  398. // Callback when a request has timed out.
  399. static void onRequestTimeout(
  400. Request* request
  401. ) throw ();
  403. private:
  404. // Methods for associating a stateful authentication session with a
  405. // particular server.
  406. RemoteServerPtr getServerAffinity(
  407. const RadiusPacket& packet
  408. ) throw ();
  409. void setServerAffinity(
  410. const RadiusPacket& packet,
  411. RemoteServer& server
  412. ) throw ();
  414. // PacketReceiver callbacks.
  415. virtual void onReceive(
  416. UDPSocket& socket,
  417. ULONG_PTR key,
  418. const SOCKADDR_IN& remoteAddress,
  419. BYTE* buffer,
  420. ULONG bufferLength
  421. ) throw ();
  422. virtual void onReceiveError(
  423. UDPSocket& socket,
  424. ULONG_PTR key,
  425. ULONG errorCode
  426. ) throw ();
  428. // Forward a request to an individual RemoteServer.
  429. Result sendRequest(
  430. RadiusPacket& packet,
  431. Request* request
  432. );
  434. // Report an event to the client.
  435. void reportEvent(
  436. const RadiusEvent& event
  437. ) const throw ();
  438. void reportEvent(
  439. RadiusEvent& event,
  440. RadiusEventType type
  441. ) const throw ();
  443. // Callback when a timer has expired.
  444. static VOID NTAPI onTimerExpiry(PVOID context, BOOLEAN flag) throw ();
  446. // The object supplying us with requests.
  447. RadiusProxyClient* client;
  449. // The local address of the proxy. Used when forming Proxy-State.
  450. ULONG proxyAddress;
  452. // UDP sockets used for network I/O.
  453. UDPSocket authSock;
  454. UDPSocket acctSock;
  456. // Server groups used for processing groups.
  457. ServerGroupManager groups;
  459. // Table of pending requests.
  460. HashTable< LONG, Request > pending;
  462. // Queue of pending requests.
  463. TimerQueue timers;
  465. // Table of current authentication sessions.
  466. Cache< RadiusRawOctets, Session > sessions;
  468. // Global pointer to the RadiusProxyEngine. This is a hack, but it saves me
  469. // from having to give every Request and Context object a back pointer.
  470. static RadiusProxyEngine* theProxy;
  472. // Not implemented.
  473. RadiusProxyEngine(const RadiusProxyEngine&);
  474. RadiusProxyEngine& operator=(const RadiusProxyEngine&);
  475. };
  477. ///////////////////////////////////////////////////////////////////////////////
  478. //
  479. // CLASS
  480. //
  481. // RadiusProxyClient
  482. //
  483. // DESCRIPTION
  484. //
  485. // Abstract base class for clients of the RadiusProxy engine.
  486. //
  487. ///////////////////////////////////////////////////////////////////////////////
  488. class __declspec(novtable) RadiusProxyClient
  489. {
  490. public:
  491. // Invoked to report one of the above events.
  492. virtual void onEvent(
  493. const RadiusEvent& event
  494. ) throw () = 0;
  496. // Invoked exactly once for each call to RadiusProxyEngine::forwardRequest.
  497. virtual void onComplete(
  498. RadiusProxyEngine::Result result,
  499. PVOID context,
  500. RemoteServer* server,
  501. BYTE code,
  502. const RadiusAttribute* begin,
  503. const RadiusAttribute* end
  504. ) throw () = 0;
  505. };
  507. #endif // RADPROXY_H