RADIUS process module. More...

#include <freeradius-devel/protocol/freeradius/freeradius.internal.h>
#include <freeradius-devel/radius/radius.h>
#include <freeradius-devel/server/main_config.h>
#include <freeradius-devel/server/module.h>
#include <freeradius-devel/server/pair.h>
#include <freeradius-devel/server/protocol.h>
#include <freeradius-devel/server/state.h>
#include <freeradius-devel/server/rcode.h>
#include <freeradius-devel/server/log.h>
#include <freeradius-devel/unlang/xlat.h>
#include <freeradius-devel/unlang/module.h>
#include <freeradius-devel/unlang/interpret.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/pair.h>
#include <freeradius-devel/util/value.h>
#include <freeradius-devel/server/process.h>

Include dependency graph for base.c:

Go to the source code of this file.

Data Structures
struct	process_radius_auth_t

struct	process_radius_rctx_t
	Records fields from the original request so we have a known good copy. More...

struct	process_radius_sections_t

struct	process_radius_t

Functions
static int	mod_bootstrap (module_inst_ctx_t const *mctx)

static int	mod_instantiate (module_inst_ctx_t const *mctx)

static int	mod_load (void)

static unlang_action_t	mod_process (unlang_result_t p_result, module_ctx_t const mctx, request_t *request)

static void	mod_unload (void)

static void	radius_packet_debug (request_t request, fr_packet_t packet, fr_pair_list_t *list, bool received)

static void	radius_request_pairs_store (request_t request, process_radius_rctx_t rctx)
	Keep a copy of some attributes to keep them from being tamptered with.

static void	radius_request_pairs_to_reply (request_t request, process_radius_rctx_t rctx)

	RECV (access_request)

	RECV (accounting_request)
	A wrapper around recv generic which stores fields from the request.

	RECV (generic_radius_request)
	A wrapper around recv generic which stores fields from the request.

	RESUME (access_challenge)

	RESUME (access_request)

	RESUME (accounting_request)

	RESUME (acct_type)

	RESUME (auth_type)

	RESUME (generic_radius_response)
	A wrapper around send generic which restores fields.

	RESUME (protocol_error)

	RESUME_FLAG (access_accept, UNUSED,)

	RESUME_FLAG (access_reject, UNUSED,)

static xlat_action_t	xlat_func_radius_secret_verify (TALLOC_CTX ctx, fr_dcursor_t out, UNUSED xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *args)
	Validates a request against a know shared secret.

Variables
static fr_dict_attr_t const *	attr_acct_status_type

static fr_dict_attr_t const *	attr_auth_type

static fr_dict_attr_t const *	attr_error_cause

static fr_dict_attr_t const *	attr_event_timestamp

static fr_dict_attr_t const *	attr_module_failure_message

static fr_dict_attr_t const *	attr_module_success_message

static fr_dict_attr_t const *	attr_original_packet_code

static fr_dict_attr_t const *	attr_packet_type

static fr_dict_attr_t const *	attr_proxy_state

static fr_dict_attr_t const *	attr_state

static fr_dict_attr_t const *	attr_stripped_user_name

static fr_dict_attr_t const *	attr_user_name

static fr_dict_attr_t const *	attr_user_password

static const conf_parser_t	auth_config []

static virtual_server_compile_t const	compile_list []

static const conf_parser_t	config []

static fr_dict_t const *	dict_freeradius

static fr_dict_t const *	dict_radius

static fr_value_box_t const *	enum_auth_type_accept

static fr_value_box_t const *	enum_auth_type_reject

fr_process_module_t	process_radius

fr_dict_autoload_t	process_radius_dict []

fr_dict_attr_autoload_t	process_radius_dict_attr []

fr_dict_enum_autoload_t	process_radius_dict_enum []

static fr_process_state_t const	process_state []

static const conf_parser_t	session_config []

static xlat_arg_parser_t const	xlat_func_radius_secret_verify_args []

Detailed Description

RADIUS process module.

Id: b99a103327071b69596ad603b121952ad2338e75

Copyright: 2021 The FreeRADIUS server project.; 2021 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file base.c.

Data Structure Documentation

◆ process_radius_auth_t

struct process_radius_auth_t

Definition at line 135 of file base.c.

Collaboration diagram for process_radius_auth_t:

Data Fields
uint32_t	max_session	Maximum ongoing session allowed.
fr_time_delta_t	session_timeout	Maximum time between the last response and next request.
uint8_t	state_server_id	Sets a specific byte in the state to allow the authenticating server to be identified in packet captures.
fr_state_tree_t *	state_tree	State tree to link multiple requests/responses.

◆ process_radius_rctx_t

struct process_radius_rctx_t

Records fields from the original request so we have a known good copy.

Definition at line 155 of file base.c.

Collaboration diagram for process_radius_rctx_t:

Data Fields
fr_value_box_list_head_t	proxy_state	These need to be copied into the response in exactly the same order as they were added.
unlang_result_t	result

◆ process_radius_sections_t

struct process_radius_sections_t

Definition at line 106 of file base.c.

Collaboration diagram for process_radius_sections_t:

Data Fields
CONF_SECTION *	access_accept
CONF_SECTION *	access_challenge
CONF_SECTION *	access_reject
CONF_SECTION *	access_request
CONF_SECTION *	accounting_request
CONF_SECTION *	accounting_response
CONF_SECTION *	add_client
CONF_SECTION *	coa_ack
CONF_SECTION *	coa_nak
CONF_SECTION *	coa_request
CONF_SECTION *	deny_client
CONF_SECTION *	disconnect_ack
CONF_SECTION *	disconnect_nak
CONF_SECTION *	disconnect_request
CONF_SECTION *	do_not_respond
CONF_SECTION *	new_client
uint64_t	nothing
CONF_SECTION *	protocol_error
CONF_SECTION *	status_server

◆ process_radius_t

struct process_radius_t

Definition at line 146 of file base.c.

Collaboration diagram for process_radius_t:

Data Fields
process_radius_auth_t	auth	Authentication configuration.
process_radius_sections_t	sections	Pointers to various config sections we need to execute.
CONF_SECTION *	server_cs	Our virtual server.

Macro Definition Documentation

◆ FR_RADIUS_PROCESS_CODE_VALID

#define FR_RADIUS_PROCESS_CODE_VALID ( _x ) (FR_RADIUS_PACKET_CODE_VALID(_x) || (_x == FR_RADIUS_CODE_DO_NOT_RESPOND))

Definition at line 161 of file base.c.

◆ PROCESS_CODE_DO_NOT_RESPOND

#define PROCESS_CODE_DO_NOT_RESPOND FR_RADIUS_CODE_DO_NOT_RESPOND

Definition at line 165 of file base.c.

◆ PROCESS_CODE_DYNAMIC_CLIENT

#define PROCESS_CODE_DYNAMIC_CLIENT FR_RADIUS_CODE_ACCESS_ACCEPT

Definition at line 169 of file base.c.

◆ PROCESS_CODE_MAX

#define PROCESS_CODE_MAX FR_RADIUS_CODE_MAX

Definition at line 164 of file base.c.

◆ PROCESS_INST

#define PROCESS_INST process_radius_t

Definition at line 167 of file base.c.

◆ PROCESS_PACKET_CODE_VALID

#define PROCESS_PACKET_CODE_VALID FR_RADIUS_PROCESS_CODE_VALID

Definition at line 166 of file base.c.

◆ PROCESS_PACKET_TYPE

#define PROCESS_PACKET_TYPE fr_radius_packet_code_t

Definition at line 163 of file base.c.

◆ PROCESS_RCTX

#define PROCESS_RCTX process_radius_rctx_t

Definition at line 168 of file base.c.

Function Documentation

◆ mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const * mctx )

static

Definition at line 887 of file base.c.

Here is the call graph for this function:

◆ mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const * mctx )

static

Definition at line 874 of file base.c.

Here is the call graph for this function:

◆ mod_load()

static int mod_load ( void )

static

Definition at line 896 of file base.c.

Here is the call graph for this function:

◆ mod_process()

static unlang_action_t mod_process	(	unlang_result_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 786 of file base.c.

Here is the call graph for this function:

◆ mod_unload()

static void mod_unload ( void )

static

Definition at line 908 of file base.c.

Here is the call graph for this function:

◆ radius_packet_debug()

static void radius_packet_debug	(	request_t *	request,
		fr_packet_t *	packet,
		fr_pair_list_t *	list,
		bool	received
	)

static

Definition at line 196 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ radius_request_pairs_store()

static void radius_request_pairs_store	(	request_t *	request,
		process_radius_rctx_t *	rctx
	)

inlinestatic

Keep a copy of some attributes to keep them from being tamptered with.

Definition at line 239 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ radius_request_pairs_to_reply()

static void radius_request_pairs_to_reply	(	request_t *	request,
		process_radius_rctx_t *	rctx
	)

inlinestatic

Definition at line 264 of file base.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ RECV() [1/3]

RECV ( access_request )

Definition at line 322 of file base.c.

Here is the call graph for this function:

◆ RECV() [2/3]

RECV ( accounting_request )

A wrapper around recv generic which stores fields from the request.

Definition at line 608 of file base.c.

Here is the call graph for this function:

◆ RECV() [3/3]

RECV ( generic_radius_request )

A wrapper around recv generic which stores fields from the request.

Definition at line 305 of file base.c.

Here is the call graph for this function:

◆ RESUME() [1/7]

RESUME ( access_challenge )

Definition at line 585 of file base.c.

Here is the call graph for this function:

◆ RESUME() [2/7]

RESUME ( access_request )

Definition at line 340 of file base.c.

Here is the call graph for this function:

◆ RESUME() [3/7]

RESUME ( accounting_request )

Definition at line 682 of file base.c.

Here is the call graph for this function:

◆ RESUME() [4/7]

RESUME ( acct_type )

Definition at line 644 of file base.c.

◆ RESUME() [5/7]

RESUME ( auth_type )

Definition at line 446 of file base.c.

Here is the call graph for this function:

◆ RESUME() [6/7]

RESUME ( generic_radius_response )

A wrapper around send generic which restores fields.

Definition at line 315 of file base.c.

Here is the call graph for this function:

◆ RESUME() [7/7]

RESUME ( protocol_error )

Definition at line 748 of file base.c.

Here is the call graph for this function:

◆ RESUME_FLAG() [1/2]

RESUME_FLAG	(	access_accept	,
		UNUSED
	)

Definition at line 547 of file base.c.

Here is the call graph for this function:

◆ RESUME_FLAG() [2/2]

RESUME_FLAG	(	access_reject	,
		UNUSED
	)

Definition at line 574 of file base.c.

Here is the call graph for this function:

Variable Documentation

◆ attr_acct_status_type

fr_dict_attr_t const* attr_acct_status_type

static

Definition at line 61 of file base.c.

◆ attr_auth_type

fr_dict_attr_t const* attr_auth_type

static

Definition at line 56 of file base.c.

◆ attr_error_cause

fr_dict_attr_t const* attr_error_cause

static

Definition at line 68 of file base.c.

◆ attr_event_timestamp

fr_dict_attr_t const* attr_event_timestamp

static

Definition at line 69 of file base.c.

◆ attr_module_failure_message

fr_dict_attr_t const* attr_module_failure_message

static

Definition at line 57 of file base.c.

◆ attr_module_success_message

fr_dict_attr_t const* attr_module_success_message

static

Definition at line 58 of file base.c.

◆ attr_original_packet_code

fr_dict_attr_t const* attr_original_packet_code

static

Definition at line 67 of file base.c.

◆ attr_packet_type

fr_dict_attr_t const* attr_packet_type

static

Definition at line 62 of file base.c.

◆ attr_proxy_state

fr_dict_attr_t const* attr_proxy_state

static

Definition at line 63 of file base.c.

◆ attr_state

fr_dict_attr_t const* attr_state

static

Definition at line 64 of file base.c.

◆ attr_stripped_user_name

fr_dict_attr_t const* attr_stripped_user_name

static

Definition at line 59 of file base.c.

◆ attr_user_name

fr_dict_attr_t const* attr_user_name

static

Definition at line 65 of file base.c.

◆ attr_user_password

fr_dict_attr_t const* attr_user_password

static

Definition at line 66 of file base.c.

◆ auth_config

const conf_parser_t auth_config[]

static

Initial value:

= {
        { FR_CONF_POINTER("session", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) session_config },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 180 of file base.c.

◆ compile_list

virtual_server_compile_t const compile_list[]

static

Definition at line 1156 of file base.c.

◆ config

const conf_parser_t config[]

static

Initial value:

= {
        { FR_CONF_POINTER("Access-Request", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) auth_config,
          .offset = offsetof(process_radius_t, auth), },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 186 of file base.c.

◆ dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 46 of file base.c.

◆ dict_radius

fr_dict_t const* dict_radius

static

Definition at line 47 of file base.c.

◆ enum_auth_type_accept

fr_value_box_t const* enum_auth_type_accept

static

Definition at line 93 of file base.c.

◆ enum_auth_type_reject

fr_value_box_t const* enum_auth_type_reject

static

Definition at line 94 of file base.c.

◆ process_radius

fr_process_module_t process_radius

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .name           = "radius",
                .config         = config,
                MODULE_INST(process_radius_t),
                MODULE_RCTX(process_radius_rctx_t),
 
                .onload         = mod_load,
                .unload         = mod_unload,
                .bootstrap      = mod_bootstrap,
                .instantiate    = mod_instantiate
        },
        .process        = mod_process,
        .compile_list   = compile_list,
        .dict           = &dict_radius,
        .packet_type    = &attr_packet_type
}

Definition at line 1249 of file base.c.

◆ process_radius_dict

fr_dict_autoload_t process_radius_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        { .out = &dict_radius, .proto = "radius" },
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 50 of file base.c.

◆ process_radius_dict_attr

fr_dict_attr_autoload_t process_radius_dict_attr

Initial value:

= {
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_module_failure_message, .name = "Module-Failure-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_module_success_message, .name = "Module-Success-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_stripped_user_name, .name = "Stripped-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
 
        { .out = &attr_acct_status_type, .name = "Acct-Status-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_proxy_state, .name = "Proxy-State", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
        { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius },
 
        { .out = &attr_original_packet_code, .name = "Extended-Attribute-1.Original-Packet-Code", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_error_cause, .name = "Error-Cause", .type = FR_TYPE_UINT32, .dict = &dict_radius },
 
        { .out = &attr_event_timestamp, .name = "Event-Timestamp", .type = FR_TYPE_DATE, .dict = &dict_radius },
 
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 72 of file base.c.

◆ process_radius_dict_enum

fr_dict_enum_autoload_t process_radius_dict_enum

Initial value:

= {
        { .out = &enum_auth_type_accept, .name = "Accept", .attr = &attr_auth_type },
        { .out = &enum_auth_type_reject, .name = "Reject", .attr = &attr_auth_type },
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 97 of file base.c.

◆ process_state

fr_process_state_t const process_state[]

static

Definition at line 918 of file base.c.

◆ session_config

const conf_parser_t session_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("timeout", process_radius_auth_t, session_timeout), .dflt = "15" },
        { FR_CONF_OFFSET("max", process_radius_auth_t, max_session), .dflt = "4096" },
        { FR_CONF_OFFSET("state_server_id", process_radius_auth_t, state_server_id) },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 172 of file base.c.

◆ xlat_func_radius_secret_verify_args

xlat_arg_parser_t const xlat_func_radius_secret_verify_args[]

static

Initial value:

= {
        { .required = true, .single = true, .type = FR_TYPE_OCTETS },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 816 of file base.c.

Macros
#define	FR_RADIUS_PROCESS_CODE_VALID(_x) (FR_RADIUS_PACKET_CODE_VALID(_x) \|\| (_x == FR_RADIUS_CODE_DO_NOT_RESPOND))

#define	PROCESS_CODE_DO_NOT_RESPOND FR_RADIUS_CODE_DO_NOT_RESPOND

#define	PROCESS_CODE_DYNAMIC_CLIENT FR_RADIUS_CODE_ACCESS_ACCEPT

#define	PROCESS_CODE_MAX FR_RADIUS_CODE_MAX

#define	PROCESS_INST process_radius_t

#define	PROCESS_PACKET_CODE_VALID FR_RADIUS_PROCESS_CODE_VALID

#define	PROCESS_PACKET_TYPE fr_radius_packet_code_t

#define	PROCESS_RCTX process_radius_rctx_t

Data Structures

Macros

Functions

Variables

Detailed Description

Data Structure Documentation

◆ process_radius_auth_t

◆ process_radius_rctx_t

◆ process_radius_sections_t

◆ process_radius_t

Macro Definition Documentation

◆ FR_RADIUS_PROCESS_CODE_VALID

◆ PROCESS_CODE_DO_NOT_RESPOND

◆ PROCESS_CODE_DYNAMIC_CLIENT

◆ PROCESS_CODE_MAX

◆ PROCESS_INST

◆ PROCESS_PACKET_CODE_VALID

◆ PROCESS_PACKET_TYPE

◆ PROCESS_RCTX

Function Documentation

◆ mod_bootstrap()

◆ mod_instantiate()

◆ mod_load()

◆ mod_process()

◆ mod_unload()

◆ radius_packet_debug()

◆ radius_request_pairs_store()

◆ radius_request_pairs_to_reply()

◆ RECV() [1/3]

◆ RECV() [2/3]

◆ RECV() [3/3]

◆ RESUME() [1/7]

◆ RESUME() [2/7]

◆ RESUME() [3/7]

◆ RESUME() [4/7]

◆ RESUME() [5/7]

◆ RESUME() [6/7]

◆ RESUME() [7/7]

◆ RESUME_FLAG() [1/2]

◆ RESUME_FLAG() [2/2]

Variable Documentation

◆ attr_acct_status_type

◆ attr_auth_type

◆ attr_error_cause

◆ attr_event_timestamp

◆ attr_module_failure_message

◆ attr_module_success_message

◆ attr_original_packet_code

◆ attr_packet_type

◆ attr_proxy_state

◆ attr_state

◆ attr_stripped_user_name

◆ attr_user_name

◆ attr_user_password

◆ auth_config

◆ compile_list

◆ config

◆ dict_freeradius

◆ dict_radius

◆ enum_auth_type_accept

◆ enum_auth_type_reject

◆ process_radius

◆ process_radius_dict

◆ process_radius_dict_attr

◆ process_radius_dict_enum

◆ process_state

◆ session_config

◆ xlat_func_radius_secret_verify_args