The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
base.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 32385ac29a96a31bff23d5b7e5d31cf7543fca2b $
19 * @file src/process/eap_aka_prime/base.c
20 * @brief EAP-AKA' process module
21 *
22 * The state machine for EAP-SIM, EAP-AKA and EAP-AKA' is common to all methods
23 * and is in src/lib/eap_aka_sim/state_machine.c
24 *
25 * The process modules for the different EAP methods just define the sections
26 * for that EAP method, and parse different config items.
27 *
28 * @copyright 2021 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
29 */
30
31#include <freeradius-devel/eap_aka_sim/base.h>
32#include <freeradius-devel/eap_aka_sim/attrs.h>
33#include <freeradius-devel/eap_aka_sim/state_machine.h>
34#include <freeradius-devel/server/virtual_servers.h>
35#include <freeradius-devel/server/process.h>
36
37static conf_parser_t submodule_config[] = {
38 { FR_CONF_OFFSET("network_name", eap_aka_sim_process_conf_t, network_name ) },
39 { FR_CONF_OFFSET("request_identity", eap_aka_sim_process_conf_t, request_identity ),
40 .func = cf_table_parse_int,
41 .uctx = &(cf_table_parse_ctx_t){ .table = fr_aka_sim_id_request_table, .len = &fr_aka_sim_id_request_table_len }},
42 { FR_CONF_OFFSET("strip_permanent_identity_hint", eap_aka_sim_process_conf_t,
43 strip_permanent_identity_hint ), .dflt = "yes" },
44 { FR_CONF_OFFSET_TYPE_FLAGS("ephemeral_id_length", FR_TYPE_SIZE, 0, eap_aka_sim_process_conf_t, ephemeral_id_length ), .dflt = "14" }, /* 14 for compatibility */
45 { FR_CONF_OFFSET("protected_success", eap_aka_sim_process_conf_t, protected_success ), .dflt = "no" },
46
47 CONF_PARSER_TERMINATOR
48};
49
50static virtual_server_compile_t const compile_list[] = {
51 /*
52 * Identity negotiation
53 * The initial identity here is the EAP-Identity.
54 * We can then choose to request additional
55 * identities.
56 */
57 {
58 .section = SECTION_NAME("recv", "Identity-Response"),
59 .actions = &mod_actions_authorize,
60 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_identity_response)
61 },
62 {
63 .section = SECTION_NAME("send", "Identity-Request"),
64 .actions = &mod_actions_authorize,
65 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_identity_request)
66 },
67
68 /*
69 * Optional override sections if the user *really*
70 * wants to apply special policies for subsequent
71 * request/response rounds.
72 */
73 {
74 .section = SECTION_NAME("send", "AKA-Identity-Request"),
75 .actions = &mod_actions_authorize,
76 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_aka_identity_request)
77 },
78 {
79 .section = SECTION_NAME("recv", "AKA-Identity-Response"),
80 .actions = &mod_actions_authorize,
81 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_identity_response)
82 },
83
84 /*
85 * Full-Authentication
86 */
87 {
88 .section = SECTION_NAME("send", "Challenge-Request"),
89 .actions = &mod_actions_authorize,
90 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_aka_challenge_request)
91 },
92 {
93 .section = SECTION_NAME("recv", "Challenge-Response"),
94 .actions = &mod_actions_authorize,
95 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_challenge_response)
96 },
97
98 /*
99 * Fast-Re-Authentication
100 */
101 {
102 .section = SECTION_NAME("send", "Reauthentication-Request"),
103 .actions = &mod_actions_authorize,
104 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_reauthentication_request)
105 },
106 {
107 .section = SECTION_NAME("recv", "Reauthentication-Response"),
108 .actions = &mod_actions_authorize,
109 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_reauthentication_response)
110 },
111
112 /*
113 * Failures originating from the supplicant
114 */
115 {
116 .section = SECTION_NAME("recv", "Client-Error"),
117 .actions = &mod_actions_authorize,
118 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_client_error)
119 },
120 {
121 .section = SECTION_NAME("recv", "Authentication-Reject"),
122 .actions = &mod_actions_authorize,
123 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_authentication_reject)
124 },
125 {
126 .section = SECTION_NAME("recv", "Synchronization-Failure"),
127 .actions = &mod_actions_authorize,
128 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_synchronization_failure)
129 },
130
131 /*
132 * Failure originating from the server
133 */
134 {
135 .section = SECTION_NAME("send", "Failure-Notification"),
136 .actions = &mod_actions_authorize,
137 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_failure_notification)
138 },
139 {
140 .section = SECTION_NAME("recv", "Failure-Notification-ACK"),
141 .actions = &mod_actions_authorize,
142 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_failure_notification_ack)
143 },
144
145 /*
146 * Protected success indication
147 */
148 {
149 .section = SECTION_NAME("send", "Success-Notification"),
150 .actions = &mod_actions_authorize,
151 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_success_notification)
152 },
153 {
154 .section = SECTION_NAME("recv", "Success-Notification-ACK"),
155 .actions = &mod_actions_authorize,
156 .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_success_notification_ack)
157 },
158
159 /*
160 * Final EAP-Success and EAP-Failure messages
161 */
162 {
163 .section = SECTION_NAME("send", "EAP-Success"),
164 .actions = &mod_actions_authorize,
165 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_success)
166 },
167 {
168 .section = SECTION_NAME("send", "EAP-Failure"),
169 .actions = &mod_actions_authorize,
170 .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_failure)
171 },
172
173 /*
174 * Fast-Reauth vectors
175 */
176 {
177 .section = SECTION_NAME("store", "session"),
178 .actions = &mod_actions_authorize,
179 .offset = offsetof(eap_aka_sim_process_conf_t, actions.store_session)
180 },
181 {
182 .section = SECTION_NAME("load", "session"),
183 .actions = &mod_actions_authorize,
184 .offset = offsetof(eap_aka_sim_process_conf_t, actions.load_session)
185 },
186 {
187 .section = SECTION_NAME("clear", "session"),
188 .actions = &mod_actions_authorize,
189 .offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_session)
190 },
191
192 /*
193 * Pseudonym processing
194 */
195 {
196 .section = SECTION_NAME("store", "pseudonym"),
197 .actions = &mod_actions_authorize,
198 .offset = offsetof(eap_aka_sim_process_conf_t, actions.store_pseudonym)
199 },
200 {
201 .section = SECTION_NAME("load", "pseudonym"),
202 .actions = &mod_actions_authorize,
203 .offset = offsetof(eap_aka_sim_process_conf_t, actions.load_pseudonym)
204 },
205 {
206 .section = SECTION_NAME("clear", "pseudonym"),
207 .actions = &mod_actions_authorize,
208 .offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_pseudonym)
209 },
210
211 COMPILE_TERMINATOR
212};
213
214static int mod_instantiate(module_inst_ctx_t const *mctx)
215{
216 eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t);
217
218 inst->type = FR_EAP_METHOD_AKA_PRIME;
219
220 /*
221 * This isn't allowed, so just munge
222 * it to no id request.
223 */
224 if (inst->request_identity == AKA_SIM_INIT_ID_REQ) inst->request_identity = AKA_SIM_NO_ID_REQ;
225
226 return 0;
227}
228
229static int mod_load(void)
230{
231 if (unlikely(fr_aka_sim_init() < 0)) return -1;
232
233 fr_aka_sim_xlat_func_register();
234
235 return 0;
236}
237
238static void mod_unload(void)
239{
240 fr_aka_sim_xlat_func_unregister();
241
242 fr_aka_sim_free();
243}
244
245extern fr_process_module_t process_eap_aka_prime;
246fr_process_module_t process_eap_aka_prime = {
247 .common = {
248 .magic = MODULE_MAGIC_INIT,
249 .name = "eap_aka_prime",
250 .onload = mod_load,
251 .unload = mod_unload,
252 .config = submodule_config,
253 .instantiate = mod_instantiate,
254 .inst_size = sizeof(eap_aka_sim_process_conf_t),
255 .inst_type = "eap_aka_sim_process_conf_t"
256 },
257 .process = eap_aka_sim_state_machine_process,
258 .compile_list = compile_list,
259 .dict = &dict_eap_aka_sim,
260};
unlikely
#define unlikely(_x)
Definition build.h:381
cf_table_parse_int
int cf_table_parse_int(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Generic function for parsing conf pair values as int.
Definition cf_parse.c:1550
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:642
conf_parser_s::func
cf_parse_t func
Override default parsing behaviour for the specified type with a custom parsing function.
Definition cf_parse.h:596
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:268
FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:241
cf_table_parse_ctx_t
Definition cf_parse.h:637
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:579
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
FR_EAP_METHOD_AKA_PRIME
@ FR_EAP_METHOD_AKA_PRIME
Definition types.h:96
fr_aka_sim_xlat_func_register
int fr_aka_sim_xlat_func_register(void)
Definition xlat.c:497
fr_aka_sim_xlat_func_unregister
void fr_aka_sim_xlat_func_unregister(void)
Definition xlat.c:521
fr_aka_sim_free
void fr_aka_sim_free(void)
Definition base.c:315
fr_aka_sim_init
int fr_aka_sim_init(void)
Definition base.c:284
dict_eap_aka_sim
fr_dict_t const * dict_eap_aka_sim
Definition base.c:48
fr_aka_sim_id_request_table
fr_table_num_sorted_t const fr_aka_sim_id_request_table[]
Definition id.c:33
fr_aka_sim_id_request_table_len
size_t fr_aka_sim_id_request_table_len
Definition id.c:41
AKA_SIM_INIT_ID_REQ
@ AKA_SIM_INIT_ID_REQ
We've requested no ID. This is used for last_id_req.
Definition id.h:78
AKA_SIM_NO_ID_REQ
@ AKA_SIM_NO_ID_REQ
We're not requesting any ID.
Definition id.h:79
FR_TYPE_SIZE
@ FR_TYPE_SIZE
Unsigned integer capable of representing any memory address on the local system.
Definition merged_model.c:115
mod_actions_authorize
unlang_mod_actions_t const mod_actions_authorize
Definition mod_action.c:44
unlang_mod_actions_t::actions
unlang_mod_action_t actions[RLM_MODULE_NUMCODES]
Definition mod_action.h:62
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
compile_list
static const virtual_server_compile_t compile_list[]
Definition base.c:205
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition base.c:745
mod_load
static int mod_load(void)
Definition base.c:228
mod_unload
static void mod_unload(void)
Definition base.c:237
submodule_config
static conf_parser_t submodule_config[]
Definition base.c:37
process_eap_aka_prime
fr_process_module_t process_eap_aka_prime
Definition base.c:246
fr_process_module_s::common
module_t common
Common fields for all loadable modules.
Definition process.h:55
fr_process_module_s
Common public symbol definition for all process modules.
Definition process.h:54
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
module_instance_s::data
void * data
Module's instance data.
Definition module.h:271
module_s::config
conf_parser_t const * config
How to convert a CONF_SECTION to a module instance.
Definition module.h:198
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620
eap_aka_sim_state_machine_process
unlang_action_t eap_aka_sim_state_machine_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Resumes the state machine when receiving a new response packet.
Definition state_machine.c:3677
eap_aka_sim_process_conf_t::type
eap_type_t type
The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.
Definition state_machine.h:188
eap_aka_sim_process_conf_t::request_identity
fr_aka_sim_id_req_type_t request_identity
Whether we always request the identity of the subscriber.
Definition state_machine.h:192
eap_aka_sim_process_conf_t
Definition state_machine.h:187
COMPILE_TERMINATOR
#define COMPILE_TERMINATOR
Definition virtual_servers.h:111
virtual_server_compile_t::section
section_name_t const * section
Identifier for the section.
Definition virtual_servers.h:101
virtual_server_compile_t
Processing sections which are allowed in this virtual server.
Definition virtual_servers.h:100
Generated by   doxygen 1.9.8