rlm__eap__gtc_8c_source.html

 /*

  *   This program is free software; you can redistribute it and/or modify

  *   it under the terms of the GNU General Public License as published by

  *   the Free Software Foundation; either version 2 of the License, or (at

  *   your option) any later version.

  *

  *   This program is distributed in the hope that it will be useful,

  *   but WITHOUT ANY WARRANTY; without even the implied warranty of

  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  *   GNU General Public License for more details.

  *

  *   You should have received a copy of the GNU General Public License

  *   along with this program; if not, write to the Free Software

  *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA

  */


 /**

  * $Id: 27661cb13a6695ea2649d9a9cf047677575a6858 $

  * @file rlm_eap_gtc.c

  * @brief EAP-GTC inner authentication method.

  *

  * @copyright 2000,2006 The FreeRADIUS server project

  */

 RCSID("$Id: 27661cb13a6695ea2649d9a9cf047677575a6858 $")


 #include <freeradius-devel/eap/base.h>

 #include <freeradius-devel/util/debug.h>

 #include <freeradius-devel/server/virtual_servers.h>

 #include <freeradius-devel/server/pair.h>

 #include <freeradius-devel/unlang/call.h>

 #include <freeradius-devel/unlang/interpret.h>


 static int auth_type_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent,

                            CONF_ITEM *ci, UNUSED conf_parser_t const *rule);


 /*

  *      EAP-GTC is just ASCII data carried inside of the EAP session.

  *      The length of the data is indicated by the encapsulating EAP

  *      protocol.

  */

 typedef struct {

         char const              *challenge;

         fr_dict_enum_value_t const      *auth_type;

 } rlm_eap_gtc_t;


 static conf_parser_t submodule_config[] = {

         { FR_CONF_OFFSET("challenge", rlm_eap_gtc_t, challenge), .dflt = "Password: " },

         { FR_CONF_OFFSET_TYPE_FLAGS("auth_type", FR_TYPE_VOID, 0, rlm_eap_gtc_t, auth_type), .func = auth_type_parse,  .dflt = "pap" },

         CONF_PARSER_TERMINATOR

 };


 static fr_dict_t const *dict_freeradius;

 static fr_dict_t const *dict_radius;


 extern fr_dict_autoload_t rlm_eap_gtc_dict[];

 fr_dict_autoload_t rlm_eap_gtc_dict[] = {

         { .out = &dict_freeradius, .proto = "freeradius" },

         { .out = &dict_radius, .proto = "radius" },

         { NULL }

 };


 static fr_dict_attr_t const *attr_auth_type;

 static fr_dict_attr_t const *attr_user_password;


 extern fr_dict_attr_autoload_t rlm_eap_gtc_dict_attr[];

 fr_dict_attr_autoload_t rlm_eap_gtc_dict_attr[] = {

         { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },

         { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius },

         { NULL }

 };


 static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);


 /** Translate a string auth_type into an enumeration value

  *

  * @param[in] ctx       to allocate data.

  * @param[out] out      Where to write the auth_type we created or resolved.

  * @param[in] parent    Base structure address.

  * @param[in] ci        #CONF_PAIR specifying the name of the auth_type.

  * @param[in] rule      unused.

  * @return

  *      - 0 on success.

  *      - -1 on failure.

  */

 static int auth_type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent,

                            CONF_ITEM *ci, UNUSED conf_parser_t const *rule)

 {

         char const      *auth_type = cf_pair_value(cf_item_to_pair(ci));


         if (fr_dict_enum_add_name_next(fr_dict_attr_unconst(attr_auth_type), auth_type) < 0) {

                 cf_log_err(ci, "Failed adding %s alias", attr_auth_type->name);

                 return -1;

         }

         *((fr_dict_enum_value_t **)out) = fr_dict_enum_by_name(attr_auth_type, auth_type, -1);


         return 0;

 }


 /*

  *      Keep processing the Auth-Type until it doesn't return YIELD.

  */

 static unlang_action_t gtc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx,  request_t *request)

 {

         rlm_rcode_t     rcode;


         eap_session_t   *eap_session = mctx->rctx;

         eap_round_t     *eap_round = eap_session->this_round;


         rcode = unlang_interpret_stack_result(request);


         if (rcode != RLM_MODULE_OK) {

                 eap_round->request->code = FR_EAP_CODE_FAILURE;

                 RETURN_MODULE_RCODE(rcode);

         }


         eap_round->request->code = FR_EAP_CODE_SUCCESS;

         RETURN_MODULE_OK;

 }


 /*

  *      Authenticate a previously sent challenge.

  */

 static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)

 {

         rlm_eap_gtc_t const     *inst = talloc_get_type_abort(mctx->inst->data, rlm_eap_gtc_t);


         eap_session_t           *eap_session = eap_session_get(request->parent);

         eap_round_t             *eap_round = eap_session->this_round;


         fr_pair_t               *vp;

         CONF_SECTION            *unlang;


         /*

          *      Get the Password.Cleartext for this user.

          */


         /*

          *      Sanity check the response.  We need at least one byte

          *      of data.

          */

         if (eap_round->response->length <= 4) {

                 REDEBUG("Corrupted data");

                 eap_round->request->code = FR_EAP_CODE_FAILURE;

                 RETURN_MODULE_INVALID;

         }


         /*

          *      EAP packets can be ~64k long maximum, and

          *      we don't like that.

          */

         if (eap_round->response->type.length > 128) {

                 REDEBUG("Response is too large to understand");

                 eap_round->request->code = FR_EAP_CODE_FAILURE;

                 RETURN_MODULE_INVALID;

         }


         /*

          *      If there was a User-Password in the request,

          *      why the heck are they using EAP-GTC?

          */

         MEM(pair_update_request(&vp, attr_user_password) >= 0);

         fr_pair_value_bstrndup(vp, (char const *)eap_round->response->type.data, eap_round->response->type.length, true);

         vp->vp_tainted = true;


         unlang = cf_section_find(unlang_call_current(request), "authenticate", inst->auth_type->name);

         if (!unlang) unlang = cf_section_find(unlang_call_current(request->parent), "authenticate", inst->auth_type->name);

         if (!unlang) {

                 RDEBUG2("authenticate %s { ... } sub-section not found.",

                         inst->auth_type->name);

                 eap_round->request->code = FR_EAP_CODE_FAILURE;

                 RETURN_MODULE_FAIL;

         }


         return unlang_module_yield_to_section(p_result, request, unlang, RLM_MODULE_FAIL, gtc_resume, NULL, 0, eap_session);

 }


 /*

  *      Initiate the EAP-GTC session by sending a challenge to the peer.

  */

 static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)

 {

         eap_session_t   *eap_session = eap_session_get(request->parent);

         char            challenge_str[1024];

         int             length;

         eap_round_t     *eap_round = eap_session->this_round;

         rlm_eap_gtc_t   *inst = talloc_get_type_abort(mctx->inst->data, rlm_eap_gtc_t);


         if (xlat_eval(challenge_str, sizeof(challenge_str), request, inst->challenge, NULL, NULL) < 0) {

                 RETURN_MODULE_FAIL;

         }


         length = strlen(challenge_str);


         /*

          *      We're sending a request...

          */

         eap_round->request->code = FR_EAP_CODE_REQUEST;


         eap_round->request->type.data = talloc_array(eap_round->request, uint8_t, length);

         if (!eap_round->request->type.data) RETURN_MODULE_FAIL;


         memcpy(eap_round->request->type.data, challenge_str, length);

         eap_round->request->type.length = length;


         /*

          *      We don't need to authorize the user at this point.

          *

          *      We also don't need to keep the challenge, as it's

          *      stored in 'eap_session->this_round', which will be given back

          *      to us...

          */

         eap_session->process = mod_process;


         RETURN_MODULE_HANDLED;

 }


 /*

  *      The module name should be the only globally exported symbol.

  *      That is, everything else should be 'static'.

  */

 extern rlm_eap_submodule_t rlm_eap_gtc;

 rlm_eap_submodule_t rlm_eap_gtc = {

         .common = {

                 .magic          = MODULE_MAGIC_INIT,

                 .name           = "eap_gtc",

                 .inst_size      = sizeof(rlm_eap_gtc_t),

                 .config         = submodule_config,

         },

         .provides       = { FR_EAP_METHOD_GTC },

         .session_init   = mod_session_init,     /* Initialise a new EAP session */

         .clone_parent_lists = true              /* HACK */

 };

unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35

RCSID
#define RCSID(id)
Definition: build.h:444

UNUSED
#define UNUSED
Definition: build.h:313

unlang_call_current
CONF_SECTION * unlang_call_current(request_t *request)
Return the last virtual server that was called.
Definition: call.c:225

CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:626

FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:268

FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:241

conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition: cf_parse.h:563

cf_item
Common header for all CONF_* types.
Definition: cf_priv.h:49

cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:89

cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition: cf_util.c:629

cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition: cf_util.c:970

cf_pair_value
char const  * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition: cf_util.c:1511

cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition: cf_util.h:265

eap_packet_t::type
eap_type_data_t type
Definition: compose.h:39

eap_packet_t::length
size_t length
Definition: compose.h:38

eap_round_t::response
eap_packet_t * response
Packet we received from the peer.
Definition: compose.h:49

eap_packet_t::code
eap_code_t code
Definition: compose.h:36

eap_round_t::request
eap_packet_t * request
Packet we will send to the peer.
Definition: compose.h:50

eap_round_t
Contains a pair of request and response packets.
Definition: compose.h:48

fr_dict_attr_unconst
fr_dict_attr_t * fr_dict_attr_unconst(fr_dict_attr_t const *da)
Coerce to non-const.
Definition: dict_util.c:4191

fr_dict_attr_autoload_t::out
fr_dict_attr_t const  ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition: dict.h:250

fr_dict_autoload_t::out
fr_dict_t const  ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition: dict.h:263

fr_dict_enum_add_name_next
int fr_dict_enum_add_name_next(fr_dict_attr_t *da, char const *name)
Add an name to an integer attribute hashing the name for the integer value.
Definition: dict_util.c:1547

fr_dict_enum_by_name
fr_dict_enum_value_t * fr_dict_enum_by_name(fr_dict_attr_t const *da, char const *name, ssize_t len)
Definition: dict_util.c:2992

fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition: dict.h:249

fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition: dict.h:262

fr_dict_enum_value_t
Value of an enumerated attribute.
Definition: dict.h:209

dl_module_instance_s::data
void *_CONST data
Module instance's parsed configuration.
Definition: dl_module.h:165

MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:65

FR_EAP_CODE_FAILURE
@ FR_EAP_CODE_FAILURE
Definition: types.h:40

FR_EAP_CODE_REQUEST
@ FR_EAP_CODE_REQUEST
Definition: types.h:37

FR_EAP_CODE_SUCCESS
@ FR_EAP_CODE_SUCCESS
Definition: types.h:39

eap_type_data_t::length
size_t length
Definition: types.h:111

eap_type_data_t::data
uint8_t * data
Definition: types.h:112

FR_EAP_METHOD_GTC
@ FR_EAP_METHOD_GTC
Definition: types.h:51

unlang_interpret_stack_result
rlm_rcode_t unlang_interpret_stack_result(request_t *request)
Get the current rcode for the frame.
Definition: interpret.c:1278

eap_session_s::process
module_method_t process
Callback that should be used to process the next round.
Definition: session.h:64

eap_session_s::this_round
eap_round_t * this_round
The EAP response we're processing, and the EAP request we're building.
Definition: session.h:59

eap_session_get
static eap_session_t * eap_session_get(request_t *request)
Definition: session.h:82

eap_session_s
Tracks the progress of a single session of any EAP method.
Definition: session.h:40

FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition: merged_model.c:83

FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99

FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition: merged_model.c:127

xlat_eval
ssize_t xlat_eval(char *out, size_t outlen, request_t *request, char const *fmt, xlat_escape_legacy_t escape, void const *escape_ctx)
Definition: merged_model.c:215

uint8_t
unsigned char uint8_t
Definition: merged_model.c:30

fr_dict_attr_t
Definition: merged_model.c:133

fr_dict_t
Definition: merged_model.c:198

request_t
Definition: merged_model.c:210

module_ctx_t::rctx
void * rctx
Resume ctx that a module previously set.
Definition: module_ctx.h:45

module_ctx_t::inst
dl_module_inst_t const  * inst
Dynamic loader API handle for the module.
Definition: module_ctx.h:42

module_ctx_t
Temporary structure to hold arguments for module calls.
Definition: module_ctx.h:41

fr_pair_value_bstrndup
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
Definition: pair.c:2781

config
static const conf_parser_t config[]
Definition: base.c:188

pair_update_request
#define pair_update_request(_attr, _da)
Definition: radclient-ng.c:60

REDEBUG
#define REDEBUG(fmt,...)
Definition: radclient.h:52

RDEBUG2
#define RDEBUG2(fmt,...)
Definition: radclient.h:54

RETURN_MODULE_RCODE
#define RETURN_MODULE_RCODE(_rcode)
Definition: rcode.h:64

RETURN_MODULE_HANDLED
#define RETURN_MODULE_HANDLED
Definition: rcode.h:58

RETURN_MODULE_INVALID
#define RETURN_MODULE_INVALID
Definition: rcode.h:59

RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition: rcode.h:57

rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40

RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition: rcode.h:43

RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition: rcode.h:42

attr_user_password
static fr_dict_attr_t const  * attr_user_password
Definition: rlm_eap_gtc.c:63

mod_process
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: rlm_eap_gtc.c:123

dict_freeradius
static fr_dict_t const  * dict_freeradius
Definition: rlm_eap_gtc.c:52

auth_type_parse
static int auth_type_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)

dict_radius
static fr_dict_t const  * dict_radius
Definition: rlm_eap_gtc.c:53

rlm_eap_gtc
rlm_eap_submodule_t rlm_eap_gtc
Definition: rlm_eap_gtc.c:223

attr_auth_type
static fr_dict_attr_t const  * attr_auth_type
Definition: rlm_eap_gtc.c:62

rlm_eap_gtc_t::challenge
char const  * challenge
Definition: rlm_eap_gtc.c:42

rlm_eap_gtc_dict_attr
fr_dict_attr_autoload_t rlm_eap_gtc_dict_attr[]
Definition: rlm_eap_gtc.c:66

gtc_resume
static unlang_action_t gtc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: rlm_eap_gtc.c:102

rlm_eap_gtc_t::auth_type
fr_dict_enum_value_t const  * auth_type
Definition: rlm_eap_gtc.c:43

rlm_eap_gtc_dict
fr_dict_autoload_t rlm_eap_gtc_dict[]
Definition: rlm_eap_gtc.c:56

submodule_config
static conf_parser_t submodule_config[]
Definition: rlm_eap_gtc.c:46

mod_session_init
static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: rlm_eap_gtc.c:181

rlm_eap_gtc_t
Definition: rlm_eap_gtc.c:41

unlang_module_yield_to_section
unlang_action_t unlang_module_yield_to_section(rlm_rcode_t *p_result, request_t *request, CONF_SECTION *subcs, rlm_rcode_t default_rcode, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Definition: module.c:516

RETURN_MODULE_FAIL
RETURN_MODULE_FAIL
Definition: state_machine.c:1220

MEM
MEM(pair_append_request(&vp, attr_eap_aka_sim_identity) >=0)

inst
eap_aka_sim_process_conf_t * inst
Definition: state_machine.c:3633

vp
fr_pair_t * vp
Definition: state_machine.c:2271

value_pair_s
Stores an attribute, a value and various bits of other data.
Definition: pair.h:68

rlm_eap_submodule_t::common
module_t common
Common fields provided by all modules.
Definition: submodule.h:50

rlm_eap_submodule_t
Interface exported by EAP submodules.
Definition: submodule.h:49

parent
static fr_slen_t parent
Definition: pair.h:844

out
static size_t char ** out
Definition: value.h:984