Multi-packet state handling. More...
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/state.h>
#include <freeradius-devel/rad_assert.h>
Go to the source code of this file.
Data Structures | |
struct | fr_state_tree_t |
struct | state_entry |
Holds a state value, and associated VALUE_PAIRs and data. More... | |
Macros | |
#define | PTHREAD_MUTEX_LOCK(_x) |
#define | PTHREAD_MUTEX_UNLOCK(_x) |
Typedefs | |
typedef struct state_entry | fr_state_entry_t |
Holds a state value, and associated VALUE_PAIRs and data. More... | |
Functions | |
static int | _state_entry_free (fr_state_entry_t *entry) |
Frees any data associated with a state. More... | |
static int | _state_tree_free (fr_state_tree_t *state) |
Free the state tree. More... | |
bool | fr_request_to_state (fr_state_tree_t *state, REQUEST *request, RADIUS_PACKET *original, RADIUS_PACKET *packet) |
Transfer ownership of the state VALUE_PAIRs and ctx, back to a state entry. More... | |
void | fr_state_discard (fr_state_tree_t *state, REQUEST *request, RADIUS_PACKET *original) |
Called when sending an Access-Accept/Access-Reject to discard state information. More... | |
uint64_t | fr_state_entries_created (fr_state_tree_t *state) |
Return number of entries created. More... | |
uint64_t | fr_state_entries_timeout (fr_state_tree_t *state) |
Return number of entries that timed out. More... | |
uint32_t | fr_state_entries_tracked (fr_state_tree_t *state) |
Return number of entries we're currently tracking. More... | |
void | fr_state_to_request (fr_state_tree_t *state, REQUEST *request, RADIUS_PACKET *packet) |
Copy a pointer to the head of the list of state VALUE_PAIRs (and their ctx) into the request. More... | |
fr_state_tree_t * | fr_state_tree_init (TALLOC_CTX *ctx, uint32_t max_sessions, uint32_t timeout) |
Initialise a new state tree. More... | |
static int | state_entry_cmp (void const *one, void const *two) |
Compare two fr_state_entry_t based on their state value i.e. More... | |
static fr_state_entry_t * | state_entry_create (fr_state_tree_t *state, RADIUS_PACKET *packet, fr_state_entry_t *old) |
Create a new state entry. More... | |
static fr_state_entry_t * | state_entry_find (fr_state_tree_t *state, RADIUS_PACKET *packet) |
Find the entry, based on the State attribute. More... | |
static void | state_entry_unlink (fr_state_tree_t *state, fr_state_entry_t *entry) |
Unlink an entry and remove if from the tree. More... | |
Variables | |
fr_state_tree_t * | global_state = NULL |
Multi-packet state handling.
For each round of a multi-round authentication method such as EAP, or a 2FA method such as OTP, a state entry will be created. The state entry holds data that should be available during the complete lifecycle of the authentication attempt.
When a request is complete, fr_request_to_state is called to transfer ownership of the state VALUE_PAIRs and state_ctx (which the VALUE_PAIRs are allocated in) to a fr_state_entry_t. This fr_state_entry_t holds the value of the State attribute, that will be send out in the response.
When the next request is received, fr_state_to_request is called to transfer the VALUE_PAIRs and state ctx to the new request.
The ownership of the state_ctx and state VALUE_PAIRs is transferred as below:
request -> state_entry -> request -> state_entry -> request -> free() \-> reply \-> reply \-> access-reject/access-accept *
Definition in file state.c.
struct fr_state_tree_t |
Data Fields | ||
---|---|---|
fr_state_entry_t * | head | |
uint64_t | id | Next ID to assign. |
uint32_t | max_sessions | Maximum number of sessions we track. |
fr_state_entry_t * | tail | Entries to expire. |
uint64_t | timed_out | Number of states that were cleaned up due to timeout. |
uint32_t | timeout | How long to wait before cleaning up state entires. |
rbtree_t * | tree | rbtree used to lookup state value. |
struct state_entry |
Data Fields | ||
---|---|---|
time_t | cleanup | When this entry should be cleaned up. |
TALLOC_CTX * | ctx | ctx to parent any data that needs to be tied to the lifetime of the request progression. |
request_data_t * | data | Persistable request data, also parented ctx. |
uint64_t | id | State ID for debugging. |
struct state_entry * | next | Next entry in the cleanup list. |
struct state_entry * | prev | Previous entry in the cleanup list. |
uint8_t | state[AUTH_VECTOR_LEN] | State value in binary. |
int | tries | |
VALUE_PAIR * | vps | session-state VALUE_PAIRs, parented by ctx. |
typedef struct state_entry fr_state_entry_t |
Holds a state value, and associated VALUE_PAIRs and data.
|
static |
|
static |
bool fr_request_to_state | ( | fr_state_tree_t * | state, |
REQUEST * | request, | ||
RADIUS_PACKET * | original, | ||
RADIUS_PACKET * | packet | ||
) |
Transfer ownership of the state VALUE_PAIRs and ctx, back to a state entry.
Put request->state into the State attribute. Put the State attribute into the vps list. Delete the original entry, if it exists
Also creates a new state entry.
Definition at line 579 of file state.c.
void fr_state_discard | ( | fr_state_tree_t * | state, |
REQUEST * | request, | ||
RADIUS_PACKET * | original | ||
) |
uint64_t fr_state_entries_created | ( | fr_state_tree_t * | state | ) |
uint64_t fr_state_entries_timeout | ( | fr_state_tree_t * | state | ) |
uint32_t fr_state_entries_tracked | ( | fr_state_tree_t * | state | ) |
void fr_state_to_request | ( | fr_state_tree_t * | state, |
REQUEST * | request, | ||
RADIUS_PACKET * | packet | ||
) |
Copy a pointer to the head of the list of state VALUE_PAIRs (and their ctx) into the request.
Definition at line 523 of file state.c.
fr_state_tree_t* fr_state_tree_init | ( | TALLOC_CTX * | ctx, |
uint32_t | max_sessions, | ||
uint32_t | timeout | ||
) |
Initialise a new state tree.
ctx | to link the lifecycle of the state tree to. |
max_sessions | we track state for. |
timeout | How long to wait before cleaning up entries. |
Definition at line 156 of file state.c.
|
static |
|
static |
|
static |
|
static |
fr_state_tree_t* global_state = NULL |