The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
base.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 6245bc8c65abf682d2fd76322912d36e89d41568 $
19 * @file src/process/dns/base.c
20 * @brief DNS processing.
21 *
22 * @copyright 2024 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23 * @copyright 2020 Network RADIUS SAS (legal@networkradius.com)
24 */
25#include <freeradius-devel/server/protocol.h>
26#include <freeradius-devel/server/pair.h>
27#include <freeradius-devel/server/rcode.h>
28#include <freeradius-devel/util/debug.h>
29#include <freeradius-devel/util/pair.h>
30#include <freeradius-devel/unlang/interpret.h>
31#include <freeradius-devel/dns/dns.h>
32#include <freeradius-devel/protocol/dns/rfc1034.h>
33
34/** Update this if new rcodes are added
35 */
36#define FR_DNS_RCODE_MAX FR_RCODE_VALUE_BAD_COOKIE
37
38static fr_dict_t const *dict_dns;
39
40extern fr_dict_autoload_t process_dns_dict[];
41fr_dict_autoload_t process_dns_dict[] = {
42 { .out = &dict_dns, .proto = "dns" },
43 { NULL }
44};
45
46static fr_dict_attr_t const *attr_packet_type;
47static fr_dict_attr_t const *attr_header;
48static fr_dict_attr_t const *attr_id;
49static fr_dict_attr_t const *attr_response_bit;
50static fr_dict_attr_t const *attr_opcode;
51static fr_dict_attr_t const *attr_rcode;
52static fr_dict_attr_t const *attr_authoritative_bit;
53
54extern fr_dict_attr_autoload_t process_dns_dict_attr[];
55fr_dict_attr_autoload_t process_dns_dict_attr[] = {
56 { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_dns},
57 { .out = &attr_header, .name = "Header", .type = FR_TYPE_STRUCT, .dict = &dict_dns},
58 { .out = &attr_opcode, .name = "Header.Opcode", .type = FR_TYPE_UINT8, .dict = &dict_dns},
59 { .out = &attr_id, .name = "Header.ID", .type = FR_TYPE_UINT16, .dict = &dict_dns},
60 { .out = &attr_response_bit, .name = "Header.Query", .type = FR_TYPE_BOOL, .dict = &dict_dns},
61 { .out = &attr_rcode, .name = "Header.Rcode", .type = FR_TYPE_UINT8, .dict = &dict_dns},
62 { .out = &attr_authoritative_bit, .name = "Header.Authoritative", .type = FR_TYPE_BOOL, .dict = &dict_dns},
63 { NULL }
64};
65
66static fr_value_box_t const *enum_rcode_no_error;
67static fr_value_box_t const *enum_rcode_format_error;
68static fr_value_box_t const *enum_rcode_server_failure;
69static fr_value_box_t const *enum_rcode_name_error;
70static fr_value_box_t const *enum_rcode_refused;
71
72extern fr_dict_enum_autoload_t process_dns_dict_enum[];
73fr_dict_enum_autoload_t process_dns_dict_enum[] = {
74 { .out = &enum_rcode_no_error, .name = "No-Error", .attr = &attr_rcode }, /* ok/updated */
75 { .out = &enum_rcode_format_error, .name = "Format-Error", .attr = &attr_rcode }, /* invalid */
76 { .out = &enum_rcode_server_failure, .name = "Server-Failure", .attr = &attr_rcode }, /* fail */
77 { .out = &enum_rcode_name_error, .name = "Name-Error", .attr = &attr_rcode }, /* notfound */
78 { .out = &enum_rcode_refused, .name = "Refused", .attr = &attr_rcode }, /* reject */
79 { NULL }
80};
81
82typedef struct {
83 uint64_t nothing; // so that the next field isn't at offset 0
84
85 /** Request/response sections
86 *
87 */
88 CONF_SECTION *query;
89 CONF_SECTION *query_response;
90 CONF_SECTION *inverse_query;
91 CONF_SECTION *inverse_query_response;
92 CONF_SECTION *status;
93 CONF_SECTION *status_response;
94 CONF_SECTION *update;
95 CONF_SECTION *update_response;
96 CONF_SECTION *stateful_operation;
97 CONF_SECTION *stateful_operation_response;
98
99 /** DNS rcode error sections (not the same as rlm_rcode_t values)
100 *
101 * These are called after the `recv { ... }` section runs if rcode is non-zero
102 */
103 CONF_SECTION *rcode[FR_DNS_RCODE_MAX];
104
105 CONF_SECTION *do_not_respond;
106} process_dns_sections_t;
107
111
112/** Records fields from the original request so we have a known good copy
113 */
114typedef struct {
115 uint16_t id; //!< Identity of the request.
116 uint8_t opcode; //!< Opcode, what type of query this is.
117} process_dns_fields_t;
118
119#define PROCESS_PACKET_TYPE fr_dns_packet_code_t
120#define PROCESS_CODE_MAX FR_DNS_CODE_MAX
121#define PROCESS_CODE_DO_NOT_RESPOND FR_DNS_DO_NOT_RESPOND
122#define PROCESS_PACKET_CODE_VALID FR_DNS_PACKET_CODE_VALID
123#define PROCESS_INST process_dns_t
124
125/** Map an rlm_rcode_t to a header.rcode value
126 */
127#define PROCESS_STATE_EXTRA_FIELDS fr_value_box_t const **dns_rcode[RLM_MODULE_NUMCODES];
128
129#include <freeradius-devel/server/process.h>
130
131static const virtual_server_compile_t compile_list[] = {
132 {
133 .section = SECTION_NAME("recv", "Query"),
134 .actions = &mod_actions_authorize,
135 .offset = PROCESS_CONF_OFFSET(query),
136 },
137 {
138 .section = SECTION_NAME("send", "Query-Response"),
139 .actions = &mod_actions_postauth,
140 .offset = PROCESS_CONF_OFFSET(query_response),
141 },
142 {
143 .section = SECTION_NAME("recv", "Inverse-Query"),
144 .actions = &mod_actions_authorize,
145 .offset = PROCESS_CONF_OFFSET(inverse_query),
146 },
147 {
148 .section = SECTION_NAME("send", "Inverse-Query-Response"),
149 .actions = &mod_actions_postauth,
150 .offset = PROCESS_CONF_OFFSET(inverse_query_response),
151 },
152 {
153 .section = SECTION_NAME("recv", "Status"),
154 .actions = &mod_actions_authorize,
155 .offset = PROCESS_CONF_OFFSET(status),
156 },
157 {
158 .section = SECTION_NAME("send", "Status-Response"),
159 .actions = &mod_actions_postauth,
160 .offset = PROCESS_CONF_OFFSET(status_response),
161 },
162 {
163 .section = SECTION_NAME("recv", "Update"),
164 .actions = &mod_actions_authorize,
165 .offset = PROCESS_CONF_OFFSET(update),
166 },
167 {
168 .section = SECTION_NAME("send", "Update-Response"),
169 .actions = &mod_actions_postauth,
170 .offset = PROCESS_CONF_OFFSET(update_response),
171 },
172 {
173 .section = SECTION_NAME("recv", "Stateful-Operation"),
174 .actions = &mod_actions_authorize,
175 .offset = PROCESS_CONF_OFFSET(stateful_operation),
176 },
177 {
178 .section = SECTION_NAME("send", "Stateful-Operation-Response"),
179 .actions = &mod_actions_postauth,
180 .offset = PROCESS_CONF_OFFSET(stateful_operation_response),
181 },
182 {
183 .section = SECTION_NAME("send", "Do-Dot-Respond"),
184 .actions = &mod_actions_postauth,
185 .offset = PROCESS_CONF_OFFSET(do_not_respond),
186 },
187
188#define ERROR_SECTION(_name, _number) \
189 { \
190 .section = SECTION_NAME("error", _name), \
191 .actions = &mod_actions_postauth, \
192 .offset = PROCESS_CONF_OFFSET(rcode[_number]), \
193 }
194
195 /*
196 * Error sections that can execute after the recv { ... }
197 * section has run.
198 */
199 ERROR_SECTION("Format-Error", FR_RCODE_VALUE_FORMAT_ERROR),
200 ERROR_SECTION("Server-Failure", FR_RCODE_VALUE_SERVER_FAILURE),
201 ERROR_SECTION("Name-Error", FR_RCODE_VALUE_NAME_ERROR),
202 ERROR_SECTION("Not-Implemented", FR_RCODE_VALUE_NOT_IMPLEMENTED),
203 ERROR_SECTION("Refused", FR_RCODE_VALUE_REFUSED),
204 ERROR_SECTION("YX-Domain", FR_RCODE_VALUE_YX_DOMAIN),
205 ERROR_SECTION("YX-Resource-Record-Set", FR_RCODE_VALUE_YX_RESOURCE_RECORD_SET),
206 ERROR_SECTION("NX-Resource-Record-Set", FR_RCODE_VALUE_NX_RESOURCE_RECORD_SET),
207 ERROR_SECTION("Not-Auth", FR_RCODE_VALUE_NOT_AUTH),
208 ERROR_SECTION("Not-Zone", FR_RCODE_VALUE_NOT_ZONE),
209 ERROR_SECTION("DSO-Type-Not-Implemented", FR_RCODE_VALUE_DSO_TYPE_NOT_IMPLEMENTED),
210 ERROR_SECTION("Bad-Signature", FR_RCODE_VALUE_BAD_SIGNATURE),
211 ERROR_SECTION("Bad-Key", FR_RCODE_VALUE_BAD_KEY),
212 ERROR_SECTION("Bad-Time", FR_RCODE_VALUE_BAD_TIME),
213 ERROR_SECTION("Bad-Mode", FR_RCODE_VALUE_BAD_MODE),
214 ERROR_SECTION("Bad-Name", FR_RCODE_VALUE_BAD_NAME),
215 ERROR_SECTION("Bad-Algorithm", FR_RCODE_VALUE_BAD_ALGORITHM),
216 ERROR_SECTION("Bad-Truncation", FR_RCODE_VALUE_BAD_TRUNCATION),
217 ERROR_SECTION("Bad-Cookie", FR_RCODE_VALUE_BAD_COOKIE),
218 COMPILE_TERMINATOR
219};
220
221/*
222 * Debug the packet if requested.
223 */
224static void dns_packet_debug(request_t *request, fr_packet_t const *packet, fr_pair_list_t const *list, bool received)
225{
226 if (!packet) return;
227 if (!RDEBUG_ENABLED) return;
228
229 if ((packet->code & 0x0f) >= FR_DNS_CODE_MAX) return;
230
231 log_request(L_DBG, L_DBG_LVL_1, request, __FILE__, __LINE__, "%s %s",
232 received ? "Received" : "Sending",
233 fr_dns_packet_names[packet->code & 0x0f]);
234
235 if (received || request->parent) {
236 log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
237 } else {
238 log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
239 }
240}
241
242/** Keep a copy of header fields to prevent them being tampered with
243 *
244 */
245static inline CC_HINT(always_inline)
246process_dns_fields_t *dns_fields_store(request_t *request)
247{
248 fr_pair_t *header;
249 fr_pair_t *id;
250 fr_pair_t *opcode;
251 process_dns_fields_t *rctx;
252
253 /*
254 * We could use fr_find_by_da_nested, but it's more efficient
255 * to look up the header attribute once.
256 */
257 header = fr_pair_find_by_da(&request->request_pairs, NULL, attr_header);
258 if (!header) {
259 REDEBUG("Missing Header attribute");
260 return NULL;
261 }
262
263 id = fr_pair_find_by_da(&header->vp_group, NULL, attr_id);
264 if (!id) {
265 REDEBUG("Missing ID attribute");
266 return NULL;
267 }
268
269 opcode = fr_pair_find_by_da(&header->vp_group, NULL, attr_opcode);
270 if (!opcode) {
271 REDEBUG("Missing Opcode attribute");
272 return NULL;
273 }
274
275 MEM(rctx = talloc(unlang_interpret_frame_talloc_ctx(request), process_dns_fields_t));
276 rctx->id = id->vp_uint16;
277 rctx->opcode = opcode->vp_uint8;
278
279 return rctx;
280}
281
282/** Copy values from the request header back into the response
283 *
284 * If a value already exists in the response, don't overwrite it so the user has absolute control
285 */
286static inline CC_HINT(always_inline)
287int dns_fields_restore(request_t *request, process_dns_fields_t *rctx)
288{
289 fr_pair_t *header;
290 fr_pair_t *id;
291 fr_pair_t *response;
292 fr_pair_t *authoritative;
293 fr_pair_t *opcode;
294 int ret;
295
296 MEM(pair_update_reply(&header, attr_header) >= 0);
297
298 /*
299 * ID should always match the request
300 * but we allow overrides for testing.
301 */
302 MEM((ret = fr_pair_update_by_da_parent(header, &id, attr_id)) != -1);
303 fr_assert_msg(ret >= 0, "Failed to update header attribute %s:", fr_strerror());
304 if (ret == 0) id->vp_uint16 = rctx->id;
305
306 /*
307 * This marks the packet as a response.
308 * Save the user from having to do this manually.
309 */
310 MEM((ret = fr_pair_update_by_da_parent(header, &response, attr_response_bit)) != -1);
311 fr_assert_msg(ret >= 0, "Failed to update response_bit attribute %s:", fr_strerror());
312 if (ret == 0) response->vp_bool = true;
313
314 /*
315 * Opcode should always match the request
316 * but we allow overrides for testing.
317 */
318 MEM((ret = fr_pair_update_by_da_parent(header, &opcode, attr_opcode)) != -1);
319 fr_assert_msg(ret >= 0, "Failed to update opcode attribute %s:", fr_strerror());
320 if (ret == 0) opcode->vp_uint8 = rctx->opcode;
321
322 /*
323 * Default to setting the authoritative bit if
324 * it's not been set by something already.
325 */
326 MEM((ret = fr_pair_update_by_da_parent(header, &authoritative, attr_authoritative_bit)) != -1);
327 fr_assert_msg(ret >= 0, "Failed to update authoritative_bit attribute %s:", fr_strerror());
328 if (ret == 0) authoritative->vp_bool = true;
329
330 return 0;
331}
332
333/** Add/update the rcode attribute based on the last rlm_rcode value
334 *
335 */
336static inline CC_HINT(always_inline)
337void dns_rcode_add(fr_pair_t **rcode, request_t *request, fr_value_box_t const **code)
338{
339 fr_value_box_t const *vb;
340 int ret;
341
342 if (!code || !*code) return;
343
344 vb = *code;
345
346 /*
347 * Don't override the user status
348 * code.
349 */
350 MEM((ret = fr_pair_update_by_da_parent(request->reply_ctx, rcode, attr_rcode)) >= 0);
351 if (ret == 0) {
352 if (unlikely(fr_value_box_copy(*rcode, &(*rcode)->data, vb) < 0)) {
353 RPEDEBUG("Failed copying rcode value");
354 return;
355 }
356 (*rcode)->data.enumv = (*rcode)->da; /* Hack, boxes should have their enumv field populated */
357 }
358}
359
360/** Store basic information from the request, and jump into the correct processing section
361 *
362 */
363RECV(request)
364{
365 process_dns_fields_t *rctx;
366
367 PROCESS_TRACE;
368
369 rctx = dns_fields_store(request);
370 if (!rctx) RETURN_UNLANG_INVALID;
371
372 return CALL_RECV_RCTX(generic, rctx);
373}
374
375/** Sets the DNS rcode after we get a result from the recv section
376 *
377 * Calls error processing sections as appropriate
378 */
379RESUME(recv_request)
380{
381 process_dns_t const *inst = talloc_get_type_abort_const(mctx->mi->data, process_dns_t);
382 fr_process_state_t const *state;
383 fr_pair_t *rcode = NULL;
384
385 PROCESS_TRACE;
386
387 /*
388 * Pick the next state based on the response
389 */
390 UPDATE_STATE(reply);
391
392 /*
393 * Don't bother adding VPs if we're not going
394 * be responding to the client.
395 */
396 if (state->packet_type[RESULT_RCODE] == FR_DNS_DO_NOT_RESPOND) return CALL_RESUME(recv_generic);
397
398 /*
399 * Add an rcode based on the result of the `recv { ... }` section
400 */
401 dns_rcode_add(&rcode, request, state->dns_rcode[RESULT_RCODE]);
402
403#ifdef __clang_analyzer__
404 if (!rcode) RETURN_UNLANG_FAIL;
405#endif
406
407 /*
408 * Call an appropriate error section if it's been set
409 * otherwise, just call the generic recv resume
410 * which'll call an appropriate send section.
411 */
412 if ((rcode->vp_uint8 < NUM_ELEMENTS(inst->sections.rcode)) &&
413 (inst->sections.rcode[rcode->vp_uint8])) {
414 return unlang_module_yield_to_section(RESULT_P, request,
415 inst->sections.rcode[rcode->vp_uint8],
416 RLM_MODULE_NOOP,
417 /*
418 * We ignore everything from the error section
419 * it's only there for logging.
420 *
421 * Jump straight to the send function.
422 */
423 state->send,
424 NULL, 0, mctx->rctx);
425 }
426
427 /*
428 * Use that rcode to determine the processing section
429 */
430 return CALL_RESUME(recv_generic);
431}
432
433/** Set defaults in the response and values copied from the request like opcode and id
434 *
435 */
436RESUME(send_response)
437{
438 fr_process_state_t const *state;
439 fr_pair_t *vp;
440
441 UPDATE_STATE(reply);
442
443 /*
444 * Don't bother adding VPs if we're not going
445 * be responding to the client.
446 */
447 if (state->packet_type[RESULT_RCODE] == FR_DNS_DO_NOT_RESPOND) return CALL_RESUME(send_generic);
448
449 /*
450 * Add fields from the request back in,
451 * deferring to user specified values.
452 */
453 dns_fields_restore(request, talloc_get_type_abort(mctx->rctx, process_dns_fields_t));
454
455 /*
456 * Do this last, so we show everything
457 * we'll be sending back.
458 */
459 dns_packet_debug(request, request->reply, &request->reply_pairs, false);
460
461 /*
462 * Hack. This is because this stupid framework uses
463 * packet_type values to represent request and response
464 * packet types, and DNS uses the same values for
465 * both request and response packet types.
466 */
467 MEM(pair_update_reply(&vp, attr_packet_type) >= 1);
468 request->reply->code = vp->vp_uint8 = state->default_reply;
469
470 return CALL_RESUME(send_generic);
471}
472
473/** Entry point into the state machine
474 */
475static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
476{
477 fr_process_state_t const *state;
478
479 PROCESS_TRACE;
480
481 (void)talloc_get_type_abort_const(mctx->mi->data, process_dns_t);
482 fr_assert(PROCESS_PACKET_CODE_VALID(request->packet->code));
483
484 request->component = "dns";
485 request->module = NULL;
486 fr_assert(request->proto_dict == dict_dns);
487
488 UPDATE_STATE(packet);
489
490 if (!state->recv) {
491 REDEBUG("Invalid packet type (%u)", request->packet->code);
492 RETURN_UNLANG_FAIL;
493 }
494
495 dns_packet_debug(request, request->packet, &request->request_pairs, true);
496
497 return state->recv(p_result, mctx, request);
498}
499
500#define DNS_RCODE_COMMON \
501 .dns_rcode = { \
502 [RLM_MODULE_NOOP] = &enum_rcode_no_error, \
503 [RLM_MODULE_OK] = &enum_rcode_no_error, \
504 [RLM_MODULE_UPDATED] = &enum_rcode_no_error, \
505 [RLM_MODULE_HANDLED] = &enum_rcode_no_error, \
506 [RLM_MODULE_REJECT] = &enum_rcode_refused, \
507 [RLM_MODULE_FAIL] = &enum_rcode_server_failure, \
508 [RLM_MODULE_INVALID] = &enum_rcode_format_error, \
509 [RLM_MODULE_DISALLOW] = &enum_rcode_refused, \
510 [RLM_MODULE_NOTFOUND] = &enum_rcode_name_error \
511 }
512
513static fr_process_state_t const process_state[] = {
514 [ FR_DNS_QUERY ] = {
515 DNS_RCODE_COMMON,
516 .default_reply = FR_DNS_QUERY_RESPONSE,
517 .default_rcode = RLM_MODULE_NOOP,
518 .recv = recv_request,
519 .resume = resume_recv_request,
520 .section_offset = PROCESS_CONF_OFFSET(query),
521 },
522 [ FR_DNS_INVERSE_QUERY ] = {
523 DNS_RCODE_COMMON,
524 .default_reply = FR_DNS_INVERSE_QUERY_RESPONSE,
525 .default_rcode = RLM_MODULE_NOOP,
526 .recv = recv_request,
527 .resume = resume_recv_request,
528 .section_offset = PROCESS_CONF_OFFSET(inverse_query),
529 },
530 [ FR_DNS_STATUS ] = {
531 DNS_RCODE_COMMON,
532 .default_reply = FR_DNS_STATUS_RESPONSE,
533 .default_rcode = RLM_MODULE_NOOP,
534 .recv = recv_request,
535 .resume = resume_recv_request,
536 .section_offset = PROCESS_CONF_OFFSET(status),
537 },
538 [ FR_DNS_UPDATE ] = {
539 DNS_RCODE_COMMON,
540 .default_reply = FR_DNS_UPDATE_RESPONSE,
541 .default_rcode = RLM_MODULE_NOOP,
542 .recv = recv_request,
543 .resume = resume_recv_request,
544 .section_offset = PROCESS_CONF_OFFSET(update),
545 },
546 [ FR_DNS_STATEFUL_OPERATION ] = {
547 DNS_RCODE_COMMON,
548 .default_reply = FR_DNS_STATEFUL_OPERATION_RESPONSE,
549 .default_rcode = RLM_MODULE_NOOP,
550 .recv = recv_request,
551 .resume = resume_recv_request,
552 .section_offset = PROCESS_CONF_OFFSET(stateful_operation),
553 },
554 [ FR_DNS_QUERY_RESPONSE ] = {
555 .default_reply = FR_DNS_QUERY,
556 .default_rcode = RLM_MODULE_NOOP,
557 .result_rcode = RLM_MODULE_OK,
558 .send = send_generic,
559 .resume = resume_send_response,
560 .section_offset = PROCESS_CONF_OFFSET(query_response),
561 },
562
563 [ FR_DNS_INVERSE_QUERY_RESPONSE ] = {
564 .default_reply = FR_DNS_QUERY,
565 .default_rcode = RLM_MODULE_NOOP,
566 .result_rcode = RLM_MODULE_OK,
567 .send = send_generic,
568 .resume = resume_send_response,
569 .section_offset = PROCESS_CONF_OFFSET(inverse_query_response),
570 },
571
572 [ FR_DNS_STATUS_RESPONSE ] = {
573 .default_reply = FR_DNS_STATUS,
574 .default_rcode = RLM_MODULE_NOOP,
575 .result_rcode = RLM_MODULE_OK,
576 .send = send_generic,
577 .resume = resume_send_response,
578 .section_offset = PROCESS_CONF_OFFSET(status_response),
579 },
580
581 [ FR_DNS_UPDATE_RESPONSE ] = {
582 .default_reply = FR_DNS_UPDATE,
583 .default_rcode = RLM_MODULE_NOOP,
584 .result_rcode = RLM_MODULE_OK,
585 .send = send_generic,
586 .resume = resume_send_response,
587 .section_offset = PROCESS_CONF_OFFSET(update_response),
588 },
589
590 [ FR_DNS_STATEFUL_OPERATION_RESPONSE ] = {
591 .default_reply = FR_DNS_STATEFUL_OPERATION,
592 .default_rcode = RLM_MODULE_NOOP,
593 .result_rcode = RLM_MODULE_OK,
594 .send = send_generic,
595 .resume = resume_send_response,
596 .section_offset = PROCESS_CONF_OFFSET(stateful_operation_response),
597 },
598
599 [ FR_DNS_DO_NOT_RESPOND ] = {
600 .packet_type = {
601 [RLM_MODULE_NOOP] = FR_DNS_DO_NOT_RESPOND,
602 [RLM_MODULE_OK] = FR_DNS_DO_NOT_RESPOND,
603 [RLM_MODULE_UPDATED] = FR_DNS_DO_NOT_RESPOND,
604
605 [RLM_MODULE_REJECT] = FR_DNS_DO_NOT_RESPOND,
606 [RLM_MODULE_FAIL] = FR_DNS_DO_NOT_RESPOND,
607 [RLM_MODULE_INVALID] = FR_DNS_DO_NOT_RESPOND,
608 [RLM_MODULE_DISALLOW] = FR_DNS_DO_NOT_RESPOND,
609 [RLM_MODULE_NOTFOUND] = FR_DNS_DO_NOT_RESPOND,
610 [RLM_MODULE_TIMEOUT] = FR_DNS_DO_NOT_RESPOND,
611 },
612 .default_rcode = RLM_MODULE_NOOP,
613 .result_rcode = RLM_MODULE_HANDLED,
614 .send = send_generic,
615 .resume = resume_send_response,
616 .section_offset = PROCESS_CONF_OFFSET(do_not_respond),
617 },
618};
619
620extern fr_process_module_t process_dns;
621fr_process_module_t process_dns = {
622 .common = {
623 .magic = MODULE_MAGIC_INIT,
624 .name = "dns",
625 MODULE_INST(process_dns_t),
626 MODULE_RCTX(process_rctx_t)
627 },
628 .process = mod_process,
629 .compile_list = compile_list,
630 .dict = &dict_dns,
631 .packet_type = &attr_packet_type
632};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
unlikely
#define unlikely(_x)
Definition build.h:383
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:339
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
fr_assert_msg
#define fr_assert_msg(_x, _msg,...)
Calls panic_action ifndef NDEBUG, else logs error and causes the server to exit immediately with code...
Definition debug.h:202
MEM
#define MEM(x)
Definition debug.h:36
fr_dict_enum_autoload_t::out
fr_value_box_t const ** out
Enumeration value.
Definition dict.h:263
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:274
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:287
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:273
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:286
fr_dict_enum_autoload_t
Specifies a value which must be present for the module to function.
Definition dict.h:262
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
unlang_interpret_frame_talloc_ctx
TALLOC_CTX * unlang_interpret_frame_talloc_ctx(request_t *request)
Get a talloc_ctx which is valid only for this frame.
Definition interpret.c:1665
unlang_result_t
Definition interpret.h:133
attr_packet_type
fr_dict_attr_t const * attr_packet_type
Definition base.c:93
log_request_proto_pair_list
void log_request_proto_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a list of protocol fr_pair_ts.
Definition log.c:852
log_request
void log_request(fr_log_type_t type, fr_log_lvl_t lvl, request_t *request, char const *file, int line, char const *fmt,...)
Marshal variadic log arguments into a va_list and pass to normal logging functions.
Definition log.c:610
log_request_pair_list
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition log.c:828
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition log.h:376
L_DBG_LVL_1
@ L_DBG_LVL_1
Highest priority debug messages (-x).
Definition log.h:70
L_DBG
@ L_DBG
Only displayed when debugging is enabled.
Definition log.h:59
uint16_t
unsigned short uint16_t
Definition merged_model.c:31
FR_TYPE_UINT16
@ FR_TYPE_UINT16
16 Bit unsigned integer.
Definition merged_model.c:98
FR_TYPE_UINT8
@ FR_TYPE_UINT8
8 Bit unsigned integer.
Definition merged_model.c:97
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition merged_model.c:119
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
mod_actions_authorize
unlang_mod_actions_t const mod_actions_authorize
Definition mod_action.c:46
mod_actions_postauth
unlang_mod_actions_t const mod_actions_postauth
Definition mod_action.c:93
unlang_mod_actions_t::actions
unlang_mod_action_t actions[RLM_MODULE_NUMCODES]
Definition mod_action.h:64
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:698
fr_pair_update_by_da_parent
int fr_pair_update_by_da_parent(fr_pair_t *parent, fr_pair_t **out, fr_dict_attr_t const *da)
Return the first fr_pair_t matching the fr_dict_attr_t or alloc a new fr_pair_t and its subtree (and ...
Definition pair.c:1592
mod_process
static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition base.c:188
compile_list
static const virtual_server_compile_t compile_list[]
Definition base.c:214
process_state
static fr_process_state_t const process_state[]
Definition base.c:69
PROCESS_PACKET_CODE_VALID
#define PROCESS_PACKET_CODE_VALID
Definition base.c:65
RECV
RECV(for_any_server)
Validate a solicit/rebind/confirm message.
Definition base.c:401
process_dns_dict_attr
fr_dict_attr_autoload_t process_dns_dict_attr[]
Definition base.c:55
process_dns_sections_t::stateful_operation_response
CONF_SECTION * stateful_operation_response
Definition base.c:97
process_dns_dict
fr_dict_autoload_t process_dns_dict[]
Definition base.c:41
dns_packet_debug
static void dns_packet_debug(request_t *request, fr_packet_t const *packet, fr_pair_list_t const *list, bool received)
Definition base.c:224
ERROR_SECTION
#define ERROR_SECTION(_name, _number)
process_dns_sections_t::nothing
uint64_t nothing
Definition base.c:83
enum_rcode_server_failure
static fr_value_box_t const * enum_rcode_server_failure
Definition base.c:68
attr_authoritative_bit
static fr_dict_attr_t const * attr_authoritative_bit
Definition base.c:52
process_dns_sections_t::status
CONF_SECTION * status
Definition base.c:92
dns_rcode_add
static void dns_rcode_add(fr_pair_t **rcode, request_t *request, fr_value_box_t const **code)
Add/update the rcode attribute based on the last rlm_rcode value.
Definition base.c:337
process_dns_sections_t::inverse_query_response
CONF_SECTION * inverse_query_response
Definition base.c:91
process_dns_sections_t::query_response
CONF_SECTION * query_response
Definition base.c:89
process_dns_sections_t::stateful_operation
CONF_SECTION * stateful_operation
Definition base.c:96
attr_opcode
static fr_dict_attr_t const * attr_opcode
Definition base.c:50
enum_rcode_refused
static fr_value_box_t const * enum_rcode_refused
Definition base.c:70
attr_response_bit
static fr_dict_attr_t const * attr_response_bit
Definition base.c:49
enum_rcode_no_error
static fr_value_box_t const * enum_rcode_no_error
Definition base.c:66
process_dns_sections_t::query
CONF_SECTION * query
Request/response sections.
Definition base.c:88
process_dns_fields_t::opcode
uint8_t opcode
Opcode, what type of query this is.
Definition base.c:116
attr_id
static fr_dict_attr_t const * attr_id
Definition base.c:48
process_dns_sections_t::inverse_query
CONF_SECTION * inverse_query
Definition base.c:90
FR_DNS_RCODE_MAX
#define FR_DNS_RCODE_MAX
Update this if new rcodes are added.
Definition base.c:36
process_dns_dict_enum
fr_dict_enum_autoload_t process_dns_dict_enum[]
Definition base.c:73
process_dns_t::sections
process_dns_sections_t sections
Definition base.c:109
enum_rcode_name_error
static fr_value_box_t const * enum_rcode_name_error
Definition base.c:69
process_dns_fields_t::id
uint16_t id
Identity of the request.
Definition base.c:115
dns_fields_store
static process_dns_fields_t * dns_fields_store(request_t *request)
Keep a copy of header fields to prevent them being tampered with.
Definition base.c:246
DNS_RCODE_COMMON
#define DNS_RCODE_COMMON
Definition base.c:500
dict_dns
static fr_dict_t const * dict_dns
Definition base.c:38
process_dns_sections_t::update_response
CONF_SECTION * update_response
Definition base.c:95
process_dns_sections_t::update
CONF_SECTION * update
Definition base.c:94
enum_rcode_format_error
static fr_value_box_t const * enum_rcode_format_error
Definition base.c:67
attr_header
static fr_dict_attr_t const * attr_header
Definition base.c:47
process_dns_sections_t::status_response
CONF_SECTION * status_response
Definition base.c:93
dns_fields_restore
static int dns_fields_restore(request_t *request, process_dns_fields_t *rctx)
Copy values from the request header back into the response.
Definition base.c:287
process_dns_sections_t::do_not_respond
CONF_SECTION * do_not_respond
Definition base.c:105
process_dns
fr_process_module_t process_dns
Definition base.c:621
attr_rcode
static fr_dict_attr_t const * attr_rcode
Definition base.c:51
process_dns_fields_t
Records fields from the original request so we have a known good copy.
Definition base.c:114
process_dns_sections_t
Definition base.c:82
process_dns_t
Definition base.c:108
PROCESS_TRACE
#define PROCESS_TRACE
Trace each state function as it's entered.
Definition process.h:55
PROCESS_CONF_OFFSET
#define PROCESS_CONF_OFFSET(_x)
Definition process.h:79
fr_process_module_t::common
module_t common
Common fields for all loadable modules.
Definition process_types.h:39
fr_process_module_t
Common public symbol definition for all process modules.
Definition process_types.h:38
fr_dns_packet_names
char const * fr_dns_packet_names[FR_DNS_CODE_MAX]
Definition base.c:68
FR_DNS_DO_NOT_RESPOND
@ FR_DNS_DO_NOT_RESPOND
Definition dns.h:99
FR_DNS_STATEFUL_OPERATION_RESPONSE
@ FR_DNS_STATEFUL_OPERATION_RESPONSE
Definition dns.h:97
FR_DNS_UPDATE_RESPONSE
@ FR_DNS_UPDATE_RESPONSE
Definition dns.h:96
FR_DNS_STATEFUL_OPERATION
@ FR_DNS_STATEFUL_OPERATION
Definition dns.h:89
FR_DNS_QUERY
@ FR_DNS_QUERY
Definition dns.h:84
FR_DNS_QUERY_RESPONSE
@ FR_DNS_QUERY_RESPONSE
Definition dns.h:92
FR_DNS_STATUS_RESPONSE
@ FR_DNS_STATUS_RESPONSE
Definition dns.h:94
FR_DNS_INVERSE_QUERY
@ FR_DNS_INVERSE_QUERY
Definition dns.h:85
FR_DNS_STATUS
@ FR_DNS_STATUS
Definition dns.h:86
FR_DNS_INVERSE_QUERY_RESPONSE
@ FR_DNS_INVERSE_QUERY_RESPONSE
Definition dns.h:93
FR_DNS_UPDATE
@ FR_DNS_UPDATE
Definition dns.h:88
FR_DNS_CODE_MAX
@ FR_DNS_CODE_MAX
Definition dns.h:90
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient.h:52
RDEBUG_ENABLED
#define RDEBUG_ENABLED()
Definition radclient.h:49
RETURN_UNLANG_INVALID
#define RETURN_UNLANG_INVALID
Definition rcode.h:62
RETURN_UNLANG_FAIL
#define RETURN_UNLANG_FAIL
Definition rcode.h:59
RLM_MODULE_INVALID
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:47
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:45
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:44
RLM_MODULE_DISALLOW
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition rcode.h:48
RLM_MODULE_REJECT
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:43
RLM_MODULE_TIMEOUT
@ RLM_MODULE_TIMEOUT
Module (or section) timed out.
Definition rcode.h:52
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:49
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:51
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:50
RLM_MODULE_HANDLED
@ RLM_MODULE_HANDLED
The module handled the request, so stop.
Definition rcode.h:46
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
module_instance_s::data
void * data
Module's instance data.
Definition module.h:291
MODULE_RCTX
#define MODULE_RCTX(_ctype)
Definition module.h:257
MODULE_INST
#define MODULE_INST(_ctype)
Definition module.h:255
pair_update_reply
#define pair_update_reply(_attr, _da)
Return or allocate a fr_pair_t in the reply list.
Definition pair.h:129
unlang_module_yield_to_section
unlang_action_t unlang_module_yield_to_section(unlang_result_t *p_result, request_t *request, CONF_SECTION *subcs, rlm_rcode_t default_rcode, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Definition module.c:236
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3651
RESUME
#define RESUME(_x)
Definition state_machine.c:52
vp
fr_pair_t * vp
Definition state_machine.c:2293
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:287
fr_packet_t::code
unsigned int code
Packet code (type).
Definition packet.h:61
fr_packet_t
Definition packet.h:56
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:553
fr_value_box_copy
int fr_value_box_copy(TALLOC_CTX *ctx, fr_value_box_t *dst, const fr_value_box_t *src)
Copy value data verbatim duplicating any buffers.
Definition value.c:4156
virtual_server_compile_s::section
section_name_t const * section
Identifier for the section.
Definition virtual_servers.h:133
COMPILE_TERMINATOR
#define COMPILE_TERMINATOR
Definition virtual_servers.h:143
virtual_server_compile_s
Processing sections which are allowed in this virtual server.
Definition virtual_servers.h:132
Generated by   doxygen 1.9.8