The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
base.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 95990c7207d888aacdc41dceb3c3ba4296c3d3c6 $
19 * @file src/process/dns/base.c
20 * @brief DNS processing.
21 *
22 * @copyright 2024 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23 * @copyright 2020 Network RADIUS SAS (legal@networkradius.com)
24 */
25#include "lib/server/rcode.h"
26#include <freeradius-devel/server/protocol.h>
27#include <freeradius-devel/server/pair.h>
28#include <freeradius-devel/util/debug.h>
29#include <freeradius-devel/util/pair.h>
30#include <freeradius-devel/unlang/interpret.h>
31#include <freeradius-devel/dns/dns.h>
32#include <freeradius-devel/protocol/dns/rfc1034.h>
33
34/** Update this if new rcodes are added
35 */
36#define FR_DNS_RCODE_MAX FR_RCODE_VALUE_BAD_COOKIE
37
38static fr_dict_t const *dict_dns;
39
40extern fr_dict_autoload_t process_dns_dict[];
41fr_dict_autoload_t process_dns_dict[] = {
42 { .out = &dict_dns, .proto = "dns" },
43 { NULL }
44};
45
46static fr_dict_attr_t const *attr_packet_type;
47static fr_dict_attr_t const *attr_header;
48static fr_dict_attr_t const *attr_id;
49static fr_dict_attr_t const *attr_response_bit;
50static fr_dict_attr_t const *attr_opcode;
51static fr_dict_attr_t const *attr_rcode;
52static fr_dict_attr_t const *attr_authoritative_bit;
53
54extern fr_dict_attr_autoload_t process_dns_dict_attr[];
55fr_dict_attr_autoload_t process_dns_dict_attr[] = {
56 { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_dns},
57 { .out = &attr_header, .name = "Header", .type = FR_TYPE_STRUCT, .dict = &dict_dns},
58 { .out = &attr_opcode, .name = "Header.Opcode", .type = FR_TYPE_UINT8, .dict = &dict_dns},
59 { .out = &attr_id, .name = "Header.ID", .type = FR_TYPE_UINT16, .dict = &dict_dns},
60 { .out = &attr_response_bit, .name = "Header.Query", .type = FR_TYPE_BOOL, .dict = &dict_dns},
61 { .out = &attr_rcode, .name = "Header.Rcode", .type = FR_TYPE_UINT8, .dict = &dict_dns},
62 { .out = &attr_authoritative_bit, .name = "Header.Authoritative", .type = FR_TYPE_BOOL, .dict = &dict_dns},
63 { NULL }
64};
65
66static fr_value_box_t const *enum_rcode_no_error;
67static fr_value_box_t const *enum_rcode_format_error;
68static fr_value_box_t const *enum_rcode_server_failure;
69static fr_value_box_t const *enum_rcode_name_error;
70static fr_value_box_t const *enum_rcode_refused;
71
72extern fr_dict_enum_autoload_t process_dns_dict_enum[];
73fr_dict_enum_autoload_t process_dns_dict_enum[] = {
74 { .out = &enum_rcode_no_error, .name = "No-Error", .attr = &attr_rcode }, /* ok/updated */
75 { .out = &enum_rcode_format_error, .name = "Format-Error", .attr = &attr_rcode }, /* invalid */
76 { .out = &enum_rcode_server_failure, .name = "Server-Failure", .attr = &attr_rcode }, /* fail */
77 { .out = &enum_rcode_name_error, .name = "Name-Error", .attr = &attr_rcode }, /* notfound */
78 { .out = &enum_rcode_refused, .name = "Refused", .attr = &attr_rcode }, /* reject */
79 { NULL }
80};
81
82typedef struct {
83 uint64_t nothing; // so that the next field isn't at offset 0
84
85 /** Request/response sections
86 *
87 */
88 CONF_SECTION *query;
89 CONF_SECTION *query_response;
90 CONF_SECTION *inverse_query;
91 CONF_SECTION *inverse_query_response;
92 CONF_SECTION *status;
93 CONF_SECTION *status_response;
94 CONF_SECTION *update;
95 CONF_SECTION *update_response;
96 CONF_SECTION *stateful_operation;
97 CONF_SECTION *stateful_operation_response;
98
99 /** DNS rcode error sections (not the same as rlm_rcode_t values)
100 *
101 * These are called after the `recv { ... }` section runs if rcode is non-zero
102 */
103 CONF_SECTION *rcode[FR_DNS_RCODE_MAX];
104
105 CONF_SECTION *do_not_respond;
106} process_dns_sections_t;
107
111
112/** Records fields from the original request so we have a known good copy
113 */
114typedef struct {
115 uint16_t id; //!< Identity of the request.
116 uint8_t opcode; //!< Opcode, what type of query this is.
117} process_dns_fields_t;
118
119#define PROCESS_PACKET_TYPE fr_dns_packet_code_t
120#define PROCESS_CODE_MAX FR_DNS_CODE_MAX
121#define PROCESS_CODE_DO_NOT_RESPOND FR_DNS_DO_NOT_RESPOND
122#define PROCESS_PACKET_CODE_VALID FR_DNS_PACKET_CODE_VALID
123#define PROCESS_INST process_dns_t
124
125/** Map an rlm_rcode_t to a header.rcode value
126 */
127#define PROCESS_STATE_EXTRA_FIELDS fr_value_box_t const **dns_rcode[RLM_MODULE_NUMCODES];
128
129#include <freeradius-devel/server/process.h>
130
131static const virtual_server_compile_t compile_list[] = {
132 {
133 .section = SECTION_NAME("recv", "Query"),
134 .actions = &mod_actions_authorize,
135 .offset = PROCESS_CONF_OFFSET(query),
136 },
137 {
138 .section = SECTION_NAME("send", "Query-Response"),
139 .actions = &mod_actions_postauth,
140 .offset = PROCESS_CONF_OFFSET(query_response),
141 },
142 {
143 .section = SECTION_NAME("recv", "Inverse-Query"),
144 .actions = &mod_actions_authorize,
145 .offset = PROCESS_CONF_OFFSET(inverse_query),
146 },
147 {
148 .section = SECTION_NAME("send", "Inverse-Query-Response"),
149 .actions = &mod_actions_postauth,
150 .offset = PROCESS_CONF_OFFSET(inverse_query_response),
151 },
152 {
153 .section = SECTION_NAME("recv", "Status"),
154 .actions = &mod_actions_authorize,
155 .offset = PROCESS_CONF_OFFSET(status),
156 },
157 {
158 .section = SECTION_NAME("send", "Status-Response"),
159 .actions = &mod_actions_postauth,
160 .offset = PROCESS_CONF_OFFSET(status_response),
161 },
162 {
163 .section = SECTION_NAME("recv", "Update"),
164 .actions = &mod_actions_authorize,
165 .offset = PROCESS_CONF_OFFSET(update),
166 },
167 {
168 .section = SECTION_NAME("send", "Update-Response"),
169 .actions = &mod_actions_postauth,
170 .offset = PROCESS_CONF_OFFSET(update_response),
171 },
172 {
173 .section = SECTION_NAME("recv", "Stateful-Operation"),
174 .actions = &mod_actions_authorize,
175 .offset = PROCESS_CONF_OFFSET(stateful_operation),
176 },
177 {
178 .section = SECTION_NAME("send", "Stateful-Operation-Response"),
179 .actions = &mod_actions_postauth,
180 .offset = PROCESS_CONF_OFFSET(stateful_operation_response),
181 },
182 {
183 .section = SECTION_NAME("send", "Do-Dot-Respond"),
184 .actions = &mod_actions_postauth,
185 .offset = PROCESS_CONF_OFFSET(do_not_respond),
186 },
187
188#define ERROR_SECTION(_name, _number) \
189 { \
190 .section = SECTION_NAME("error", _name), \
191 .actions = &mod_actions_postauth, \
192 .offset = PROCESS_CONF_OFFSET(rcode[_number]), \
193 }
194
195 /*
196 * Error sections that can execute after the recv { ... }
197 * section has run.
198 */
199 ERROR_SECTION("Format-Error", FR_RCODE_VALUE_FORMAT_ERROR),
200 ERROR_SECTION("Server-Failure", FR_RCODE_VALUE_SERVER_FAILURE),
201 ERROR_SECTION("Name-Error", FR_RCODE_VALUE_NAME_ERROR),
202 ERROR_SECTION("Not-Implemented", FR_RCODE_VALUE_NOT_IMPLEMENTED),
203 ERROR_SECTION("Refused", FR_RCODE_VALUE_REFUSED),
204 ERROR_SECTION("YX-Domain", FR_RCODE_VALUE_YX_DOMAIN),
205 ERROR_SECTION("YX-Resource-Record-Set", FR_RCODE_VALUE_YX_RESOURCE_RECORD_SET),
206 ERROR_SECTION("NX-Resource-Record-Set", FR_RCODE_VALUE_NX_RESOURCE_RECORD_SET),
207 ERROR_SECTION("Not-Auth", FR_RCODE_VALUE_NOT_AUTH),
208 ERROR_SECTION("Not-Zone", FR_RCODE_VALUE_NOT_ZONE),
209 ERROR_SECTION("DSO-Type-Not-Implemented", FR_RCODE_VALUE_DSO_TYPE_NOT_IMPLEMENTED),
210 ERROR_SECTION("Bad-Signature", FR_RCODE_VALUE_BAD_SIGNATURE),
211 ERROR_SECTION("Bad-Key", FR_RCODE_VALUE_BAD_KEY),
212 ERROR_SECTION("Bad-Time", FR_RCODE_VALUE_BAD_TIME),
213 ERROR_SECTION("Bad-Mode", FR_RCODE_VALUE_BAD_MODE),
214 ERROR_SECTION("Bad-Name", FR_RCODE_VALUE_BAD_NAME),
215 ERROR_SECTION("Bad-Algorithm", FR_RCODE_VALUE_BAD_ALGORITHM),
216 ERROR_SECTION("Bad-Truncation", FR_RCODE_VALUE_BAD_TRUNCATION),
217 ERROR_SECTION("Bad-Cookie", FR_RCODE_VALUE_BAD_COOKIE),
218 COMPILE_TERMINATOR
219};
220
221/*
222 * Debug the packet if requested.
223 */
224static void dns_packet_debug(request_t *request, fr_packet_t const *packet, fr_pair_list_t const *list, bool received)
225{
226 if (!packet) return;
227 if (!RDEBUG_ENABLED) return;
228
229 if ((packet->code & 0x0f) >= FR_DNS_CODE_MAX) return;
230
231 log_request(L_DBG, L_DBG_LVL_1, request, __FILE__, __LINE__, "%s %s",
232 received ? "Received" : "Sending",
233 fr_dns_packet_names[packet->code & 0x0f]);
234
235 if (received || request->parent) {
236 log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
237 } else {
238 log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
239 }
240}
241
242/** Keep a copy of header fields to prevent them being tampered with
243 *
244 */
245static inline CC_HINT(always_inline)
246process_dns_fields_t *dns_fields_store(request_t *request)
247{
248 fr_pair_t *header;
249 fr_pair_t *id;
250 fr_pair_t *opcode;
251 process_dns_fields_t *rctx;
252
253 /*
254 * We could use fr_find_by_da_nested, but it's more efficient
255 * to look up the header attribute once.
256 */
257 header = fr_pair_find_by_da(&request->request_pairs, NULL, attr_header);
258 if (!header) {
259 REDEBUG("Missing Header attribute");
260 return NULL;
261 }
262
263 id = fr_pair_find_by_da(&header->vp_group, NULL, attr_id);
264 if (!id) {
265 REDEBUG("Missing ID attribute");
266 return NULL;
267 }
268
269 opcode = fr_pair_find_by_da(&header->vp_group, NULL, attr_opcode);
270 if (!opcode) {
271 REDEBUG("Missing Opcode attribute");
272 return NULL;
273 }
274
275 MEM(rctx = talloc(unlang_interpret_frame_talloc_ctx(request), process_dns_fields_t));
276 rctx->id = id->vp_uint16;
277 rctx->opcode = opcode->vp_uint8;
278
279 return rctx;
280}
281
282/** Copy values from the request header back into the response
283 *
284 * If a value already exists in the response, don't overwrite it so the user has absolute control
285 */
286static inline CC_HINT(always_inline)
287int dns_fields_restore(request_t *request, process_dns_fields_t *rctx)
288{
289 fr_pair_t *header;
290 fr_pair_t *id;
291 fr_pair_t *response;
292 fr_pair_t *authoritative;
293 fr_pair_t *opcode;
294 int ret;
295
296 MEM(pair_update_reply(&header, attr_header) >= 0);
297
298 /*
299 * ID should always match the request
300 * but we allow overrides for testing.
301 */
302 MEM((ret = fr_pair_update_by_da_parent(header, &id, attr_id)) != -1);
303 fr_assert_msg(ret >= 0, "Failed to update header attribute %s:", fr_strerror());
304 if (ret == 0) id->vp_uint16 = rctx->id;
305
306 /*
307 * This marks the packet as a response.
308 * Save the user from having to do this manually.
309 */
310 MEM((ret = fr_pair_update_by_da_parent(header, &response, attr_response_bit)) != -1);
311 fr_assert_msg(ret >= 0, "Failed to update response_bit attribute %s:", fr_strerror());
312 if (ret == 0) response->vp_bool = true;
313
314 /*
315 * Opcode should always match the request
316 * but we allow overrides for testing.
317 */
318 MEM((ret = fr_pair_update_by_da_parent(header, &opcode, attr_opcode)) != -1);
319 fr_assert_msg(ret >= 0, "Failed to update opcode attribute %s:", fr_strerror());
320 if (ret == 0) opcode->vp_uint8 = rctx->opcode;
321
322 /*
323 * Default to setting the authoritative bit if
324 * it's not been set by something already.
325 */
326 MEM((ret = fr_pair_update_by_da_parent(header, &authoritative, attr_authoritative_bit)) != -1);
327 fr_assert_msg(ret >= 0, "Failed to update authoritative_bit attribute %s:", fr_strerror());
328 if (ret == 0) authoritative->vp_bool = true;
329
330 return 0;
331}
332
333/** Add/update the rcode attribute based on the last rlm_rcode value
334 *
335 */
336static inline CC_HINT(always_inline)
337void dns_rcode_add(fr_pair_t **rcode, request_t *request, fr_value_box_t const **code)
338{
339 fr_value_box_t const *vb;
340 int ret;
341
342 if (!code || !*code) return;
343
344 vb = *code;
345
346 /*
347 * Don't override the user status
348 * code.
349 */
350 MEM((ret = fr_pair_update_by_da_parent(request->reply_ctx, rcode, attr_rcode)) >= 0);
351 if (ret == 0) {
352 fr_value_box_copy(*rcode, &(*rcode)->data, vb);
353 (*rcode)->data.enumv = (*rcode)->da; /* Hack, boxes should have their enumv field populated */
354 }
355}
356
357/** Store basic information from the request, and jump into the correct processing section
358 *
359 */
360RECV(request)
361{
362 process_dns_fields_t *rctx;
363
364 PROCESS_TRACE;
365
366 rctx = dns_fields_store(request);
367 if (!rctx) RETURN_MODULE_INVALID;
368
369 return CALL_RECV_RCTX(generic, rctx);
370}
371
372/** Sets the DNS rcode after we get a result from the recv section
373 *
374 * Calls error processing sections as appropriate
375 */
376RESUME(recv_request)
377{
378 process_dns_t const *inst = talloc_get_type_abort_const(mctx->mi->data, process_dns_t);
379 fr_process_state_t const *state;
380 fr_pair_t *rcode = NULL;
381
382 PROCESS_TRACE;
383
384 /*
385 * Pick the next state based on the response
386 */
387 UPDATE_STATE(reply);
388
389 /*
390 * Don't bother adding VPs if we're not going
391 * be responding to the client.
392 */
393 if (state->packet_type[*p_result] == FR_DNS_DO_NOT_RESPOND) return CALL_RESUME(recv_generic);
394
395 /*
396 * Add an rcode based on the result of the `recv { ... }` section
397 */
398 dns_rcode_add(&rcode, request, state->dns_rcode[*p_result]);
399
400#ifdef __clang_analyzer__
401 if (!rcode) return UNLANG_ACTION_FAIL;
402#endif
403
404 /*
405 * Call an appropriate error section if it's been set
406 * otherwise, just call the generic recv resume
407 * which'll call an appropriate send section.
408 */
409 if ((rcode->vp_uint8 < NUM_ELEMENTS(inst->sections.rcode)) &&
410 (inst->sections.rcode[rcode->vp_uint8])) {
411 return unlang_module_yield_to_section(p_result, request,
412 inst->sections.rcode[rcode->vp_uint8],
413 RLM_MODULE_NOOP,
414 /*
415 * We ignore everything from the error section
416 * it's only there for logging.
417 *
418 * Jump straight to the send function.
419 */
420 state->send,
421 NULL, 0, mctx->rctx);
422 }
423
424 /*
425 * Use that rcode to determine the processing section
426 */
427 return CALL_RESUME(recv_generic);
428}
429
430/** Set defaults in the response and values copied from the request like opcode and id
431 *
432 */
433RESUME(send_response)
434{
435 fr_process_state_t const *state;
436 fr_pair_t *vp;
437
438 UPDATE_STATE(reply);
439
440 /*
441 * Don't bother adding VPs if we're not going
442 * be responding to the client.
443 */
444 if (state->packet_type[*p_result] == FR_DNS_DO_NOT_RESPOND) return CALL_RESUME(send_generic);
445
446 /*
447 * Add fields from the request back in,
448 * deferring to user specified values.
449 */
450 dns_fields_restore(request, talloc_get_type_abort(mctx->rctx, process_dns_fields_t));
451
452 /*
453 * Do this last, so we show everything
454 * we'll be sending back.
455 */
456 dns_packet_debug(request, request->reply, &request->reply_pairs, false);
457
458 /*
459 * Hack. This is because this stupid framework uses
460 * packet_type values to represent request and response
461 * packet types, and DNS uses the same values for
462 * both request and response packet types.
463 */
464 MEM(pair_update_reply(&vp, attr_packet_type) >= 1);
465 request->reply->code = vp->vp_uint8 = state->default_reply;
466
467 return CALL_RESUME(send_generic);
468}
469
470/** Entry point into the state machine
471 */
472static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
473{
474 fr_process_state_t const *state;
475
476 PROCESS_TRACE;
477
478 (void)talloc_get_type_abort_const(mctx->mi->data, process_dns_t);
479 fr_assert(PROCESS_PACKET_CODE_VALID(request->packet->code));
480
481 request->component = "dns";
482 request->module = NULL;
483 fr_assert(request->dict == dict_dns);
484
485 UPDATE_STATE(packet);
486
487 if (!state->recv) {
488 REDEBUG("Invalid packet type (%u)", request->packet->code);
489 RETURN_MODULE_FAIL;
490 }
491
492 dns_packet_debug(request, request->packet, &request->request_pairs, true);
493
494 return state->recv(p_result, mctx, request);
495}
496
497#define DNS_RCODE_COMMON \
498 .dns_rcode = { \
499 [RLM_MODULE_NOOP] = &enum_rcode_no_error, \
500 [RLM_MODULE_OK] = &enum_rcode_no_error, \
501 [RLM_MODULE_UPDATED] = &enum_rcode_no_error, \
502 [RLM_MODULE_HANDLED] = &enum_rcode_no_error, \
503 [RLM_MODULE_REJECT] = &enum_rcode_refused, \
504 [RLM_MODULE_FAIL] = &enum_rcode_server_failure, \
505 [RLM_MODULE_INVALID] = &enum_rcode_format_error, \
506 [RLM_MODULE_DISALLOW] = &enum_rcode_refused, \
507 [RLM_MODULE_NOTFOUND] = &enum_rcode_name_error \
508 }
509
510static fr_process_state_t const process_state[] = {
511 [ FR_DNS_QUERY ] = {
512 DNS_RCODE_COMMON,
513 .default_reply = FR_DNS_QUERY_RESPONSE,
514 .rcode = RLM_MODULE_NOOP,
515 .recv = recv_request,
516 .resume = resume_recv_request,
517 .section_offset = PROCESS_CONF_OFFSET(query),
518 },
519 [ FR_DNS_INVERSE_QUERY ] = {
520 DNS_RCODE_COMMON,
521 .default_reply = FR_DNS_INVERSE_QUERY_RESPONSE,
522 .rcode = RLM_MODULE_NOOP,
523 .recv = recv_request,
524 .resume = resume_recv_request,
525 .section_offset = PROCESS_CONF_OFFSET(inverse_query),
526 },
527 [ FR_DNS_STATUS ] = {
528 DNS_RCODE_COMMON,
529 .default_reply = FR_DNS_STATUS_RESPONSE,
530 .rcode = RLM_MODULE_NOOP,
531 .recv = recv_request,
532 .resume = resume_recv_request,
533 .section_offset = PROCESS_CONF_OFFSET(status),
534 },
535 [ FR_DNS_UPDATE ] = {
536 DNS_RCODE_COMMON,
537 .default_reply = FR_DNS_UPDATE_RESPONSE,
538 .rcode = RLM_MODULE_NOOP,
539 .recv = recv_request,
540 .resume = resume_recv_request,
541 .section_offset = PROCESS_CONF_OFFSET(update),
542 },
543 [ FR_DNS_STATEFUL_OPERATION ] = {
544 DNS_RCODE_COMMON,
545 .default_reply = FR_DNS_STATEFUL_OPERATION_RESPONSE,
546 .rcode = RLM_MODULE_NOOP,
547 .recv = recv_request,
548 .resume = resume_recv_request,
549 .section_offset = PROCESS_CONF_OFFSET(stateful_operation),
550 },
551 [ FR_DNS_QUERY_RESPONSE ] = {
552 .default_reply = FR_DNS_QUERY,
553 .rcode = RLM_MODULE_NOOP,
554 .send = send_generic,
555 .resume = resume_send_response,
556 .section_offset = PROCESS_CONF_OFFSET(query_response),
557 },
558
559 [ FR_DNS_INVERSE_QUERY_RESPONSE ] = {
560 .default_reply = FR_DNS_QUERY,
561 .rcode = RLM_MODULE_NOOP,
562 .send = send_generic,
563 .resume = resume_send_response,
564 .section_offset = PROCESS_CONF_OFFSET(inverse_query_response),
565 },
566
567 [ FR_DNS_STATUS_RESPONSE ] = {
568 .default_reply = FR_DNS_STATUS,
569 .rcode = RLM_MODULE_NOOP,
570 .send = send_generic,
571 .resume = resume_send_response,
572 .section_offset = PROCESS_CONF_OFFSET(status_response),
573 },
574
575 [ FR_DNS_UPDATE_RESPONSE ] = {
576 .default_reply = FR_DNS_UPDATE,
577 .rcode = RLM_MODULE_NOOP,
578 .send = send_generic,
579 .resume = resume_send_response,
580 .section_offset = PROCESS_CONF_OFFSET(update_response),
581 },
582
583 [ FR_DNS_STATEFUL_OPERATION_RESPONSE ] = {
584 .default_reply = FR_DNS_STATEFUL_OPERATION,
585 .rcode = RLM_MODULE_NOOP,
586 .send = send_generic,
587 .resume = resume_send_response,
588 .section_offset = PROCESS_CONF_OFFSET(stateful_operation_response),
589 },
590
591 [ FR_DNS_DO_NOT_RESPOND ] = {
592 .packet_type = {
593 [RLM_MODULE_NOOP] = FR_DNS_DO_NOT_RESPOND,
594 [RLM_MODULE_OK] = FR_DNS_DO_NOT_RESPOND,
595 [RLM_MODULE_UPDATED] = FR_DNS_DO_NOT_RESPOND,
596
597 [RLM_MODULE_REJECT] = FR_DNS_DO_NOT_RESPOND,
598 [RLM_MODULE_FAIL] = FR_DNS_DO_NOT_RESPOND,
599 [RLM_MODULE_INVALID] = FR_DNS_DO_NOT_RESPOND,
600 [RLM_MODULE_DISALLOW] = FR_DNS_DO_NOT_RESPOND,
601 [RLM_MODULE_NOTFOUND] = FR_DNS_DO_NOT_RESPOND,
602 },
603 .rcode = RLM_MODULE_NOOP,
604 .send = send_generic,
605 .resume = resume_send_response,
606 .section_offset = PROCESS_CONF_OFFSET(do_not_respond),
607 },
608};
609
610extern fr_process_module_t process_dns;
611fr_process_module_t process_dns = {
612 .common = {
613 .magic = MODULE_MAGIC_INIT,
614 .name = "dns",
615 .inst_size = sizeof(process_dns_t)
616 },
617 .process = mod_process,
618 .compile_list = compile_list,
619 .dict = &dict_dns,
620};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
UNLANG_ACTION_FAIL
@ UNLANG_ACTION_FAIL
Encountered an unexpected error.
Definition action.h:36
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:337
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
fr_assert_msg
#define fr_assert_msg(_x, _msg,...)
Calls panic_action ifndef NDEBUG, else logs error and causes the server to exit immediately with code...
Definition debug.h:210
MEM
#define MEM(x)
Definition debug.h:36
fr_dict_enum_autoload_t::out
fr_value_box_t const ** out
Enumeration value.
Definition dict.h:257
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:268
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:281
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:267
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:280
fr_dict_enum_autoload_t
Specifies a value which must be present for the module to function.
Definition dict.h:256
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
unlang_interpret_frame_talloc_ctx
TALLOC_CTX * unlang_interpret_frame_talloc_ctx(request_t *request)
Get a talloc_ctx which is valid only for this frame.
Definition interpret.c:1403
attr_packet_type
fr_dict_attr_t const * attr_packet_type
Definition base.c:93
log_request_proto_pair_list
void log_request_proto_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a list of protocol fr_pair_ts.
Definition log.c:854
log_request
void log_request(fr_log_type_t type, fr_log_lvl_t lvl, request_t *request, char const *file, int line, char const *fmt,...)
Marshal variadic log arguments into a va_list and pass to normal logging functions.
Definition log.c:612
log_request_pair_list
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition log.c:830
L_DBG_LVL_1
@ L_DBG_LVL_1
Highest priority debug messages (-x).
Definition log.h:70
L_DBG
@ L_DBG
Only displayed when debugging is enabled.
Definition log.h:59
uint16_t
unsigned short uint16_t
Definition merged_model.c:31
FR_TYPE_UINT16
@ FR_TYPE_UINT16
16 Bit unsigned integer.
Definition merged_model.c:98
FR_TYPE_UINT8
@ FR_TYPE_UINT8
8 Bit unsigned integer.
Definition merged_model.c:97
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition merged_model.c:119
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
mod_actions_authorize
unlang_mod_actions_t const mod_actions_authorize
Definition mod_action.c:44
mod_actions_postauth
unlang_mod_actions_t const mod_actions_postauth
Definition mod_action.c:88
unlang_mod_actions_t::actions
unlang_mod_action_t actions[RLM_MODULE_NUMCODES]
Definition mod_action.h:62
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:693
fr_pair_update_by_da_parent
int fr_pair_update_by_da_parent(fr_pair_t *parent, fr_pair_t **out, fr_dict_attr_t const *da)
Return the first fr_pair_t matching the fr_dict_attr_t or alloc a new fr_pair_t and its subtree (and ...
Definition pair.c:1596
mod_process
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition base.c:179
compile_list
static const virtual_server_compile_t compile_list[]
Definition base.c:205
process_state
static fr_process_state_t const process_state[]
Definition base.c:68
PROCESS_PACKET_CODE_VALID
#define PROCESS_PACKET_CODE_VALID
Definition base.c:64
RECV
RECV(for_any_server)
Validate a solicit/rebind/confirm message.
Definition base.c:401
process_dns_dict_attr
fr_dict_attr_autoload_t process_dns_dict_attr[]
Definition base.c:55
process_dns_sections_t::stateful_operation_response
CONF_SECTION * stateful_operation_response
Definition base.c:97
process_dns_dict
fr_dict_autoload_t process_dns_dict[]
Definition base.c:41
dns_packet_debug
static void dns_packet_debug(request_t *request, fr_packet_t const *packet, fr_pair_list_t const *list, bool received)
Definition base.c:224
ERROR_SECTION
#define ERROR_SECTION(_name, _number)
process_dns_sections_t::nothing
uint64_t nothing
Definition base.c:83
enum_rcode_server_failure
static fr_value_box_t const * enum_rcode_server_failure
Definition base.c:68
attr_authoritative_bit
static fr_dict_attr_t const * attr_authoritative_bit
Definition base.c:52
process_dns_sections_t::status
CONF_SECTION * status
Definition base.c:92
dns_rcode_add
static void dns_rcode_add(fr_pair_t **rcode, request_t *request, fr_value_box_t const **code)
Add/update the rcode attribute based on the last rlm_rcode value.
Definition base.c:337
process_dns_sections_t::inverse_query_response
CONF_SECTION * inverse_query_response
Definition base.c:91
process_dns_sections_t::query_response
CONF_SECTION * query_response
Definition base.c:89
process_dns_sections_t::stateful_operation
CONF_SECTION * stateful_operation
Definition base.c:96
attr_opcode
static fr_dict_attr_t const * attr_opcode
Definition base.c:50
enum_rcode_refused
static fr_value_box_t const * enum_rcode_refused
Definition base.c:70
attr_response_bit
static fr_dict_attr_t const * attr_response_bit
Definition base.c:49
enum_rcode_no_error
static fr_value_box_t const * enum_rcode_no_error
Definition base.c:66
process_dns_sections_t::query
CONF_SECTION * query
Request/response sections.
Definition base.c:88
process_dns_fields_t::opcode
uint8_t opcode
Opcode, what type of query this is.
Definition base.c:116
attr_id
static fr_dict_attr_t const * attr_id
Definition base.c:48
process_dns_sections_t::inverse_query
CONF_SECTION * inverse_query
Definition base.c:90
FR_DNS_RCODE_MAX
#define FR_DNS_RCODE_MAX
Update this if new rcodes are added.
Definition base.c:36
process_dns_dict_enum
fr_dict_enum_autoload_t process_dns_dict_enum[]
Definition base.c:73
process_dns_t::sections
process_dns_sections_t sections
Definition base.c:109
enum_rcode_name_error
static fr_value_box_t const * enum_rcode_name_error
Definition base.c:69
process_dns_fields_t::id
uint16_t id
Identity of the request.
Definition base.c:115
dns_fields_store
static process_dns_fields_t * dns_fields_store(request_t *request)
Keep a copy of header fields to prevent them being tampered with.
Definition base.c:246
DNS_RCODE_COMMON
#define DNS_RCODE_COMMON
Definition base.c:497
dict_dns
static fr_dict_t const * dict_dns
Definition base.c:38
process_dns_sections_t::update_response
CONF_SECTION * update_response
Definition base.c:95
process_dns_sections_t::update
CONF_SECTION * update
Definition base.c:94
enum_rcode_format_error
static fr_value_box_t const * enum_rcode_format_error
Definition base.c:67
attr_header
static fr_dict_attr_t const * attr_header
Definition base.c:47
process_dns_sections_t::status_response
CONF_SECTION * status_response
Definition base.c:93
dns_fields_restore
static int dns_fields_restore(request_t *request, process_dns_fields_t *rctx)
Copy values from the request header back into the response.
Definition base.c:287
process_dns_sections_t::do_not_respond
CONF_SECTION * do_not_respond
Definition base.c:105
process_dns
fr_process_module_t process_dns
Definition base.c:611
attr_rcode
static fr_dict_attr_t const * attr_rcode
Definition base.c:51
process_dns_fields_t
Records fields from the original request so we have a known good copy.
Definition base.c:114
process_dns_sections_t
Definition base.c:82
process_dns_t
Definition base.c:108
PROCESS_TRACE
#define PROCESS_TRACE
Trace each state function as it's entered.
Definition process.h:65
fr_process_module_s::common
module_t common
Common fields for all loadable modules.
Definition process.h:55
fr_process_module_s
Common public symbol definition for all process modules.
Definition process.h:54
fr_dns_packet_names
char const * fr_dns_packet_names[FR_DNS_CODE_MAX]
Definition base.c:68
FR_DNS_DO_NOT_RESPOND
@ FR_DNS_DO_NOT_RESPOND
Definition dns.h:99
FR_DNS_STATEFUL_OPERATION_RESPONSE
@ FR_DNS_STATEFUL_OPERATION_RESPONSE
Definition dns.h:97
FR_DNS_UPDATE_RESPONSE
@ FR_DNS_UPDATE_RESPONSE
Definition dns.h:96
FR_DNS_STATEFUL_OPERATION
@ FR_DNS_STATEFUL_OPERATION
Definition dns.h:89
FR_DNS_QUERY
@ FR_DNS_QUERY
Definition dns.h:84
FR_DNS_QUERY_RESPONSE
@ FR_DNS_QUERY_RESPONSE
Definition dns.h:92
FR_DNS_STATUS_RESPONSE
@ FR_DNS_STATUS_RESPONSE
Definition dns.h:94
FR_DNS_INVERSE_QUERY
@ FR_DNS_INVERSE_QUERY
Definition dns.h:85
FR_DNS_STATUS
@ FR_DNS_STATUS
Definition dns.h:86
FR_DNS_INVERSE_QUERY_RESPONSE
@ FR_DNS_INVERSE_QUERY_RESPONSE
Definition dns.h:93
FR_DNS_UPDATE
@ FR_DNS_UPDATE
Definition dns.h:88
FR_DNS_CODE_MAX
@ FR_DNS_CODE_MAX
Definition dns.h:90
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient.h:52
RDEBUG_ENABLED
#define RDEBUG_ENABLED()
Definition radclient.h:49
rcode.h
Return codes returned by modules and virtual server sections.
RETURN_MODULE_INVALID
#define RETURN_MODULE_INVALID
Definition rcode.h:59
RETURN_MODULE_FAIL
#define RETURN_MODULE_FAIL
Definition rcode.h:56
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
RLM_MODULE_INVALID
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:45
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
RLM_MODULE_DISALLOW
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition rcode.h:46
RLM_MODULE_REJECT
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:41
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:47
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:49
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:48
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
module_s::inst_size
size_t inst_size
Size of the module's instance data.
Definition module.h:203
module_instance_s::data
void * data
Module's instance data.
Definition module.h:271
pair_update_reply
#define pair_update_reply(_attr, _da)
Return or allocate a fr_pair_t in the reply list.
Definition pair.h:129
unlang_module_yield_to_section
unlang_action_t unlang_module_yield_to_section(rlm_rcode_t *p_result, request_t *request, CONF_SECTION *subcs, rlm_rcode_t default_rcode, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Definition module.c:248
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620
RESUME
#define RESUME(_x)
Definition state_machine.c:51
vp
fr_pair_t * vp
Definition state_machine.c:2262
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:282
fr_packet_t::code
unsigned int code
Packet code (type).
Definition packet.h:61
fr_packet_t
Definition packet.h:56
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:554
fr_value_box_copy
int fr_value_box_copy(TALLOC_CTX *ctx, fr_value_box_t *dst, const fr_value_box_t *src)
Copy value data verbatim duplicating any buffers.
Definition value.c:3740
COMPILE_TERMINATOR
#define COMPILE_TERMINATOR
Definition virtual_servers.h:111
virtual_server_compile_t::section
section_name_t const * section
Identifier for the section.
Definition virtual_servers.h:101
virtual_server_compile_t
Processing sections which are allowed in this virtual server.
Definition virtual_servers.h:100
Generated by   doxygen 1.9.8