The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
rlm_securid.h
Go to the documentation of this file.
1 #pragma once
2 #include <freeradius-devel/server/base.h>
3 #include <freeradius-devel/server/module_rlm.h>
4 #include <freeradius-devel/util/debug.h>
5 
6 #include "acexport.h"
7 
8 #define SAFE_STR(s) s==NULL?"EMPTY":s
9 
10 typedef enum {
11  INITIAL_STATE = 0,
12  NEXT_CODE_REQUIRED_STATE = 100,
13  NEW_PIN_REQUIRED_STATE = 200,
14  NEW_PIN_USER_CONFIRM_STATE = 201,
15  NEW_PIN_AUTH_VALIDATE_STATE = 202,
16  NEW_PIN_SYSTEM_ACCEPT_STATE = 203,
17  NEW_PIN_SYSTEM_CONFIRM_STATE = 204,
18  NEW_PIN_USER_SELECT_STATE = 205,
19 } SECURID_SESSION_STATE;
20 
21 /*
22  * SECURID_SESSION is used to identify existing securID sessions
23  * to continue Next-Token code and New-Pin conversations with a client
24  *
25  * next = pointer to next
26  * state = state attribute from the reply we sent
27  * state_len = length of data in the state attribute.
28  * src_ipaddr = client which sent us the RADIUS request containing
29  * this SecurID conversation.
30  * timestamp = timestamp when this handler was last used.
31  * trips = number of trips
32  * identity = Identity of the user
33  * request = RADIUS request data structure
34  */
35 
36 #define SECURID_STATE_LEN 32
37 typedef struct {
38  struct _securid_session_t *prev, *next;
39  fr_rb_node_t node;
40  SDI_HANDLE sdiHandle;
41  SECURID_SESSION_STATE securidSessionState;
42 
43  char state[SECURID_STATE_LEN];
44 
45  fr_ipaddr_t src_ipaddr;
46  time_t timestamp;
47  unsigned int session_id;
48  uint32_t trips;
49 
50  char *pin; /* previous pin if user entered it during NEW-PIN mode process */
51  char *identity; /* save user's identity name for future use */
52 
53 } SECURID_SESSION;
54 
55 
56 /*
57  * Define a structure for our module configuration.
58  *
59  * These variables do not need to be in a structure, but it's
60  * a lot cleaner to do so, and a pointer to the structure can
61  * be used as the instance handle.
62  * sessions = remembered sessions, in a tree for speed.
63  * mutex = ensure only one thread is updating the sessions list
64  */
65 typedef struct {
66  pthread_mutex_t session_mutex;
67  fr_rb_tree_t* session_tree;
68  SECURID_SESSION *session_head, *session_tail;
69 
70  unsigned int last_session_id;
71 
72  /*
73  * Configuration items.
74  */
75  uint32_t timer_limit;
76  uint32_t max_sessions;
77  uint32_t max_trips_per_session;
78 } rlm_securid_t;
79 
80 extern HIDDEN fr_dict_attr_t const *attr_prompt;
81 extern HIDDEN fr_dict_attr_t const *attr_reply_message;
82 extern HIDDEN fr_dict_attr_t const *attr_state;
83 extern HIDDEN fr_dict_attr_t const *attr_user_password;
84 
85 /* Memory Management */
86 SECURID_SESSION* securid_session_alloc(void);
87 void securid_session_free(rlm_securid_t *inst, request_t *request,SECURID_SESSION *session)
88  CC_HINT(nonnull);
89 
90 void securid_sessionlist_free(rlm_securid_t *inst,request_t *request) CC_HINT(nonnull);
91 
92 int securid_sessionlist_add(rlm_securid_t *inst, request_t *request, SECURID_SESSION *session)
93  CC_HINT(nonnull);
94 SECURID_SESSION *securid_sessionlist_find(rlm_securid_t *inst, request_t *request) CC_HINT(nonnull);
HIDDEN
#define HIDDEN
Definition: build.h:312
fr_ipaddr_t
IPv4/6 prefix.
Definition: merged_model.c:272
uint32_t
unsigned int uint32_t
Definition: merged_model.c:33
fr_dict_attr_t
Definition: merged_model.c:133
request_t
Definition: merged_model.c:210
pthread_mutex_t
Definition: merged_model.c:27
fr_rb_node_s
Definition: rb.h:42
fr_rb_tree_s
The main red black tree structure.
Definition: rb.h:73
securid_sessionlist_add
int securid_sessionlist_add(rlm_securid_t *inst, request_t *request, SECURID_SESSION *session)
Definition: mem.c:83
SECURID_SESSION::pin
char * pin
Definition: rlm_securid.h:50
rlm_securid_t::session_head
SECURID_SESSION * session_head
Definition: rlm_securid.h:68
SECURID_SESSION::session_id
unsigned int session_id
Definition: rlm_securid.h:47
rlm_securid_t::max_sessions
uint32_t max_sessions
Definition: rlm_securid.h:76
SECURID_SESSION::trips
uint32_t trips
Definition: rlm_securid.h:48
rlm_securid_t::timer_limit
uint32_t timer_limit
Definition: rlm_securid.h:75
SECURID_SESSION::src_ipaddr
fr_ipaddr_t src_ipaddr
Definition: rlm_securid.h:45
attr_state
HIDDEN fr_dict_attr_t const * attr_state
Definition: base.c:96
rlm_securid_t::session_tree
fr_rb_tree_t * session_tree
Definition: rlm_securid.h:67
SECURID_SESSION::sdiHandle
SDI_HANDLE sdiHandle
Definition: rlm_securid.h:40
rlm_securid_t::last_session_id
unsigned int last_session_id
Definition: rlm_securid.h:70
attr_user_password
HIDDEN fr_dict_attr_t const * attr_user_password
Definition: rlm_eap_fast.c:106
SECURID_SESSION::node
fr_rb_node_t node
Definition: rlm_securid.h:39
securid_session_alloc
SECURID_SESSION * securid_session_alloc(void)
Definition: mem.c:32
attr_reply_message
HIDDEN fr_dict_attr_t const * attr_reply_message
Definition: rlm_eap_ttls.c:94
securid_session_free
void securid_session_free(rlm_securid_t *inst, request_t *request, SECURID_SESSION *session)
SECURID_SESSION::next
struct _securid_session_t * next
Definition: rlm_securid.h:38
securid_sessionlist_find
SECURID_SESSION * securid_sessionlist_find(rlm_securid_t *inst, request_t *request)
Definition: mem.c:172
SECURID_SESSION::securidSessionState
SECURID_SESSION_STATE securidSessionState
Definition: rlm_securid.h:41
rlm_securid_t::session_mutex
pthread_mutex_t session_mutex
Definition: rlm_securid.h:66
SECURID_SESSION_STATE
SECURID_SESSION_STATE
Definition: rlm_securid.h:10
INITIAL_STATE
@ INITIAL_STATE
Definition: rlm_securid.h:11
NEW_PIN_SYSTEM_CONFIRM_STATE
@ NEW_PIN_SYSTEM_CONFIRM_STATE
Definition: rlm_securid.h:17
NEW_PIN_REQUIRED_STATE
@ NEW_PIN_REQUIRED_STATE
Definition: rlm_securid.h:13
NEW_PIN_USER_SELECT_STATE
@ NEW_PIN_USER_SELECT_STATE
Definition: rlm_securid.h:18
NEW_PIN_AUTH_VALIDATE_STATE
@ NEW_PIN_AUTH_VALIDATE_STATE
Definition: rlm_securid.h:15
NEW_PIN_SYSTEM_ACCEPT_STATE
@ NEW_PIN_SYSTEM_ACCEPT_STATE
Definition: rlm_securid.h:16
NEXT_CODE_REQUIRED_STATE
@ NEXT_CODE_REQUIRED_STATE
Definition: rlm_securid.h:12
NEW_PIN_USER_CONFIRM_STATE
@ NEW_PIN_USER_CONFIRM_STATE
Definition: rlm_securid.h:14
attr_prompt
HIDDEN fr_dict_attr_t const * attr_prompt
securid_sessionlist_free
void securid_sessionlist_free(rlm_securid_t *inst, request_t *request)
Definition: mem.c:59
SECURID_STATE_LEN
#define SECURID_STATE_LEN
Definition: rlm_securid.h:36
SECURID_SESSION::timestamp
time_t timestamp
Definition: rlm_securid.h:46
SECURID_SESSION::identity
char * identity
Definition: rlm_securid.h:51
rlm_securid_t::max_trips_per_session
uint32_t max_trips_per_session
Definition: rlm_securid.h:77
SECURID_SESSION
Definition: rlm_securid.h:37
rlm_securid_t
Definition: rlm_securid.h:65
inst
eap_aka_sim_process_conf_t * inst
Definition: state_machine.c:3633
nonnull
int nonnull(2, 5))
Generated by   doxygen 1.9.1