26 #include <freeradius-devel/server/protocol.h>
27 #include <freeradius-devel/server/pair.h>
28 #include <freeradius-devel/util/debug.h>
29 #include <freeradius-devel/util/pair.h>
30 #include <freeradius-devel/unlang/interpret.h>
31 #include <freeradius-devel/dns/dns.h>
32 #include <freeradius-devel/protocol/dns/rfc1034.h>
36 #define FR_DNS_RCODE_MAX FR_RCODE_VALUE_BAD_COOKIE
119 #define PROCESS_PACKET_TYPE fr_dns_packet_code_t
120 #define PROCESS_CODE_MAX FR_DNS_CODE_MAX
121 #define PROCESS_CODE_DO_NOT_RESPOND FR_DNS_DO_NOT_RESPOND
122 #define PROCESS_PACKET_CODE_VALID FR_DNS_PACKET_CODE_VALID
123 #define PROCESS_INST process_dns_t
127 #define PROCESS_STATE_EXTRA_FIELDS fr_value_box_t const **dns_rcode[RLM_MODULE_NUMCODES];
129 #include <freeradius-devel/server/process.h>
135 .offset = PROCESS_CONF_OFFSET(query),
140 .offset = PROCESS_CONF_OFFSET(query_response),
145 .offset = PROCESS_CONF_OFFSET(inverse_query),
148 .section =
SECTION_NAME(
"send",
"Inverse-Query-Response"),
150 .offset = PROCESS_CONF_OFFSET(inverse_query_response),
155 .offset = PROCESS_CONF_OFFSET(status),
160 .offset = PROCESS_CONF_OFFSET(status_response),
165 .offset = PROCESS_CONF_OFFSET(update),
170 .offset = PROCESS_CONF_OFFSET(update_response),
175 .offset = PROCESS_CONF_OFFSET(stateful_operation),
178 .section =
SECTION_NAME(
"send",
"Stateful-Operation-Response"),
180 .offset = PROCESS_CONF_OFFSET(stateful_operation_response),
185 .offset = PROCESS_CONF_OFFSET(do_not_respond),
188 #define ERROR_SECTION(_name, _number) \
190 .section = SECTION_NAME("error", _name), \
191 .actions = &mod_actions_postauth, \
192 .offset = PROCESS_CONF_OFFSET(rcode[_number]), \
200 ERROR_SECTION(
"Server-Failure", FR_RCODE_VALUE_SERVER_FAILURE),
202 ERROR_SECTION(
"Not-Implemented", FR_RCODE_VALUE_NOT_IMPLEMENTED),
205 ERROR_SECTION(
"YX-Resource-Record-Set", FR_RCODE_VALUE_YX_RESOURCE_RECORD_SET),
206 ERROR_SECTION(
"NX-Resource-Record-Set", FR_RCODE_VALUE_NX_RESOURCE_RECORD_SET),
209 ERROR_SECTION(
"DSO-Type-Not-Implemented", FR_RCODE_VALUE_DSO_TYPE_NOT_IMPLEMENTED),
210 ERROR_SECTION(
"Bad-Signature", FR_RCODE_VALUE_BAD_SIGNATURE),
215 ERROR_SECTION(
"Bad-Algorithm", FR_RCODE_VALUE_BAD_ALGORITHM),
216 ERROR_SECTION(
"Bad-Truncation", FR_RCODE_VALUE_BAD_TRUNCATION),
232 received ?
"Received" :
"Sending",
235 if (received || request->parent) {
245 static inline CC_HINT(always_inline)
259 REDEBUG(
"Missing Header attribute");
265 REDEBUG(
"Missing ID attribute");
271 REDEBUG(
"Missing Opcode attribute");
276 rctx->
id =
id->vp_uint16;
277 rctx->
opcode = opcode->vp_uint8;
286 static inline CC_HINT(always_inline)
304 if (ret == 0)
id->vp_uint16 = rctx->id;
312 if (ret == 0) response->vp_bool =
true;
320 if (ret == 0) opcode->vp_uint8 = rctx->opcode;
328 if (ret == 0) authoritative->vp_bool =
true;
336 static inline CC_HINT(always_inline)
342 if (!code || !*code)
return;
353 (*rcode)->data.enumv = (*rcode)->da;
369 return CALL_RECV_RCTX(
generic, rctx);
379 fr_process_state_t
const *state;
400 #ifdef __clang_analyzer__
410 (
inst->sections.rcode[rcode->vp_uint8])) {
412 inst->sections.rcode[rcode->vp_uint8],
421 NULL, 0, mctx->rctx);
427 return CALL_RESUME(recv_generic);
435 fr_process_state_t
const *state;
465 request->reply->code =
vp->vp_uint8 = state->default_reply;
467 return CALL_RESUME(send_generic);
474 fr_process_state_t
const *state;
481 request->component =
"dns";
482 request->module = NULL;
485 UPDATE_STATE(packet);
488 REDEBUG(
"Invalid packet type (%u)", request->packet->code);
494 return state->recv(p_result, mctx, request);
497 #define DNS_RCODE_COMMON \
499 [RLM_MODULE_NOOP] = &enum_rcode_no_error, \
500 [RLM_MODULE_OK] = &enum_rcode_no_error, \
501 [RLM_MODULE_UPDATED] = &enum_rcode_no_error, \
502 [RLM_MODULE_HANDLED] = &enum_rcode_no_error, \
503 [RLM_MODULE_REJECT] = &enum_rcode_refused, \
504 [RLM_MODULE_FAIL] = &enum_rcode_server_failure, \
505 [RLM_MODULE_INVALID] = &enum_rcode_format_error, \
506 [RLM_MODULE_DISALLOW] = &enum_rcode_refused, \
507 [RLM_MODULE_NOTFOUND] = &enum_rcode_name_error \
515 .recv = recv_request,
516 .resume = resume_recv_request,
517 .section_offset = PROCESS_CONF_OFFSET(query),
523 .recv = recv_request,
524 .resume = resume_recv_request,
525 .section_offset = PROCESS_CONF_OFFSET(inverse_query),
531 .recv = recv_request,
532 .resume = resume_recv_request,
533 .section_offset = PROCESS_CONF_OFFSET(status),
539 .recv = recv_request,
540 .resume = resume_recv_request,
541 .section_offset = PROCESS_CONF_OFFSET(update),
547 .recv = recv_request,
548 .resume = resume_recv_request,
549 .section_offset = PROCESS_CONF_OFFSET(stateful_operation),
554 .send = send_generic,
555 .resume = resume_send_response,
556 .section_offset = PROCESS_CONF_OFFSET(query_response),
562 .send = send_generic,
563 .resume = resume_send_response,
564 .section_offset = PROCESS_CONF_OFFSET(inverse_query_response),
570 .send = send_generic,
571 .resume = resume_send_response,
572 .section_offset = PROCESS_CONF_OFFSET(status_response),
578 .send = send_generic,
579 .resume = resume_send_response,
580 .section_offset = PROCESS_CONF_OFFSET(update_response),
586 .send = send_generic,
587 .resume = resume_send_response,
588 .section_offset = PROCESS_CONF_OFFSET(stateful_operation_response),
604 .send = send_generic,
605 .resume = resume_send_response,
606 .section_offset = PROCESS_CONF_OFFSET(do_not_respond),
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
@ UNLANG_ACTION_FAIL
Encountered an unexpected error.
A section grouping multiple CONF_PAIR.
#define fr_assert_msg(_x, _msg,...)
Calls panic_action ifndef NDEBUG, else logs error and causes the server to exit immediately with code...
fr_value_box_t const ** out
Enumeration value.
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Specifies an attribute which must be present for the module to function.
Specifies a dictionary which must be loaded/loadable for the module to function.
Specifies a value which must be present for the module to function.
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
TALLOC_CTX * unlang_interpret_frame_talloc_ctx(request_t *request)
Get a talloc_ctx which is valid only for this frame.
fr_dict_attr_t const * attr_packet_type
void log_request_proto_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a list of protocol fr_pair_ts.
void log_request(fr_log_type_t type, fr_log_lvl_t lvl, request_t *request, char const *file, int line, char const *fmt,...)
Marshal variadic log arguments into a va_list and pass to normal logging functions.
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
@ L_DBG_LVL_1
Highest priority debug messages (-x).
@ L_DBG
Only displayed when debugging is enabled.
@ FR_TYPE_UINT16
16 Bit unsigned integer.
@ FR_TYPE_UINT8
8 Bit unsigned integer.
@ FR_TYPE_UINT32
32 Bit unsigned integer.
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
@ FR_TYPE_BOOL
A truth value.
unlang_mod_actions_t const mod_actions_authorize
unlang_mod_actions_t const mod_actions_postauth
module_instance_t const * mi
Instance of the module being instantiated.
Temporary structure to hold arguments for module calls.
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
int fr_pair_update_by_da_parent(fr_pair_t *parent, fr_pair_t **out, fr_dict_attr_t const *da)
Return the first fr_pair_t matching the fr_dict_attr_t or alloc a new fr_pair_t and its subtree (and ...
RECV(for_any_server)
Validate a solicit/rebind/confirm message.
fr_dict_attr_autoload_t process_dns_dict_attr[]
CONF_SECTION * stateful_operation_response
fr_dict_autoload_t process_dns_dict[]
static void dns_packet_debug(request_t *request, fr_packet_t const *packet, fr_pair_list_t const *list, bool received)
#define ERROR_SECTION(_name, _number)
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Entry point into the state machine.
static fr_value_box_t const * enum_rcode_server_failure
static fr_dict_attr_t const * attr_authoritative_bit
static void dns_rcode_add(fr_pair_t **rcode, request_t *request, fr_value_box_t const **code)
Add/update the rcode attribute based on the last rlm_rcode value.
static process_dns_fields_t * dns_fields_store(request_t *request)
Keep a copy of header fields to prevent them being tampered with.
CONF_SECTION * inverse_query_response
CONF_SECTION * query_response
CONF_SECTION * stateful_operation
static fr_dict_attr_t const * attr_opcode
static fr_value_box_t const * enum_rcode_refused
static fr_dict_attr_t const * attr_response_bit
static fr_value_box_t const * enum_rcode_no_error
CONF_SECTION * query
Request/response sections.
uint8_t opcode
Opcode, what type of query this is.
static fr_dict_attr_t const * attr_id
static const virtual_server_compile_t compile_list[]
CONF_SECTION * inverse_query
static fr_process_state_t const process_state[]
#define FR_DNS_RCODE_MAX
Update this if new rcodes are added.
fr_dict_enum_autoload_t process_dns_dict_enum[]
process_dns_sections_t sections
static fr_value_box_t const * enum_rcode_name_error
uint16_t id
Identity of the request.
static fr_dict_t const * dict_dns
CONF_SECTION * update_response
static fr_value_box_t const * enum_rcode_format_error
static fr_dict_attr_t const * attr_header
CONF_SECTION * status_response
static int dns_fields_restore(request_t *request, process_dns_fields_t *rctx)
Copy values from the request header back into the response.
CONF_SECTION * do_not_respond
#define PROCESS_PACKET_CODE_VALID
fr_process_module_t process_dns
static fr_dict_attr_t const * attr_rcode
Records fields from the original request so we have a known good copy.
#define PROCESS_TRACE
Trace each state function as it's entered.
module_t common
Common fields for all loadable modules.
Common public symbol definition for all process modules.
char const * fr_dns_packet_names[FR_DNS_CODE_MAX]
@ FR_DNS_STATEFUL_OPERATION_RESPONSE
@ FR_DNS_STATEFUL_OPERATION
@ FR_DNS_INVERSE_QUERY_RESPONSE
Return codes returned by modules and virtual server sections.
#define RETURN_MODULE_INVALID
rlm_rcode_t
Return codes indicating the result of the module call.
@ RLM_MODULE_INVALID
The module considers the request invalid.
@ RLM_MODULE_OK
The module is OK, continue.
@ RLM_MODULE_FAIL
Module failed, don't reply.
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
@ RLM_MODULE_REJECT
Immediately reject the request.
@ RLM_MODULE_NOTFOUND
User not found.
@ RLM_MODULE_UPDATED
OK (pairs modified).
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
void * data
Module's instance data.
#define pair_update_reply(_attr, _da)
Return or allocate a fr_pair_t in the reply list.
unlang_action_t unlang_module_yield_to_section(rlm_rcode_t *p_result, request_t *request, CONF_SECTION *subcs, rlm_rcode_t default_rcode, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
MEM(pair_append_request(&vp, attr_eap_aka_sim_identity) >=0)
eap_aka_sim_process_conf_t * inst
Stores an attribute, a value and various bits of other data.
#define talloc_get_type_abort_const
unsigned int code
Packet code (type).
char const * fr_strerror(void)
Get the last library error.
int fr_value_box_copy(TALLOC_CTX *ctx, fr_value_box_t *dst, const fr_value_box_t *src)
Copy value data verbatim duplicating any buffers.
#define COMPILE_TERMINATOR
section_name_t const * section
Identifier for the section.
Processing sections which are allowed in this virtual server.
1.9.1