TACACS+ handler.
More...
#include <freeradius-devel/io/listen.h>
#include <freeradius-devel/io/master.h>
#include <freeradius-devel/server/main_config.h>
#include <freeradius-devel/server/protocol.h>
#include <freeradius-devel/server/state.h>
#include <freeradius-devel/tacacs/tacacs.h>
#include <freeradius-devel/unlang/call.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/protocol/tacacs/tacacs.h>
#include <freeradius-devel/server/process.h>
Go to the source code of this file.
|
| static int | mod_bootstrap (module_inst_ctx_t const *mctx) |
| |
| static int | mod_instantiate (module_inst_ctx_t const *mctx) |
| |
| static unlang_action_t | mod_process (rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) |
| |
| | RECV (accounting_request) |
| |
| | RECV (auth_cont) |
| |
| | RECV (auth_cont_abort) |
| |
| | RECV (auth_start) |
| |
| static uint32_t | reply_code (request_t *request, fr_dict_attr_t const *status_da, uint32_t const status2code[static UINT8_MAX+1], fr_process_state_t const *state, fr_process_rcode_t const process_rcode, rlm_rcode_t rcode) |
| | Try and determine what the response packet type should be. More...
|
| |
| | RESUME (accounting_request) |
| |
| | RESUME (acct_type) |
| |
| | RESUME (auth_cont_abort) |
| |
| | RESUME (auth_fail) |
| |
| | RESUME (auth_get) |
| |
| | RESUME (auth_pass) |
| |
| | RESUME (auth_restart) |
| |
| | RESUME (auth_start) |
| |
| | RESUME (auth_type) |
| |
| | RESUME (autz_request) |
| |
| static int | state_create (TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *request, bool reply) |
| |
TACACS+ handler.
- Id
- 6f36a73888e56e8cc0d7104edff8391b818c10e6
- Author
- Jorge Pereira jpere.nosp@m.ira@.nosp@m.freer.nosp@m.adiu.nosp@m.s.org
- Copyright
- 2020 The FreeRADIUS server project.
-
2020 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)
Definition in file base.c.
◆ process_tacacs_auth_t
| struct process_tacacs_auth_t |
Definition at line 160 of file base.c.
| Data Fields |
|---|
|
uint32_t |
max_rounds |
maximum number of authentication rounds allowed |
|
uint32_t |
max_session |
Maximum ongoing session allowed. |
|
fr_time_delta_t |
session_timeout |
Maximum time between the last response and next request. |
|
uint8_t |
state_server_id |
Sets a specific byte in the state to allow the authenticating server to be identified in packet captures. |
|
fr_state_tree_t * |
state_tree |
State tree to link multiple requests/responses. |
◆ process_tacacs_sections_t
| struct process_tacacs_sections_t |
◆ process_tacacs_session_t
| struct process_tacacs_session_t |
◆ process_tacacs_t
◆ COPY
Value: do { \
fr_pair_append(&session->list, copy); \
RDEBUG2("%pP", copy); \
} while (0)
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
fr_pair_t * fr_pair_copy(TALLOC_CTX *ctx, fr_pair_t const *vp)
Copy a single valuepair.
◆ COPY_MISSING
Value: do { \
COPY(_attr); \
} while (0)
◆ EXTRACT
Value:
fr_value_box_set_secret(&
vp->data, _attr->flags.secret); \
fr_pair_remove(&request->request_pairs, copy); \
talloc_free(copy); \
break; \
} \
RDEBUG2("Populated %pP from user_message", copy)
int fr_pair_value_copy(fr_pair_t *dst, fr_pair_t *src)
Copy the value from one pair to another.
static fr_dict_attr_t const * attr_tacacs_user_message
#define pair_append_request(_attr, _da)
Allocate and append a fr_pair_t to the request list.
◆ PROCESS_CODE_MAX
◆ PROCESS_INST
◆ PROCESS_PACKET_CODE_VALID
◆ PROCESS_PACKET_TYPE
◆ mod_bootstrap()
◆ mod_instantiate()
◆ mod_process()
◆ RECV() [1/4]
| RECV |
( |
accounting_request |
| ) |
|
◆ RECV() [2/4]
◆ RECV() [3/4]
◆ RECV() [4/4]
◆ reply_code()
Try and determine what the response packet type should be.
We check three sources:
- reply.
<status_attr>
- reply.Packet-Type
- State machine packet type assignments for the section rcode
- Parameters
-
| [in] | request | The current request. |
| [in] | status_da | Specialised status attribute. |
| [in] | status2code | Mapping table of packet status types to rcodes. |
| [in] | state | Mappings for process state machine |
| [in] | process_rcode | Mappings for Auth-Type / Acct-Type, which don't use the process state machine |
| [in] | rcode | The last section rcode. |
- Returns
- >0 if we determined a reply code.
- 0 if we couldn't - Usually indicates additional sections should be run.
Definition at line 284 of file base.c.
◆ RESUME() [1/10]
| RESUME |
( |
accounting_request |
| ) |
|
◆ RESUME() [2/10]
◆ RESUME() [3/10]
| RESUME |
( |
auth_cont_abort |
| ) |
|
◆ RESUME() [4/10]
◆ RESUME() [5/10]
◆ RESUME() [6/10]
◆ RESUME() [7/10]
◆ RESUME() [8/10]
◆ RESUME() [9/10]
◆ RESUME() [10/10]
◆ state_create()
◆ acct_flag_valid
| const bool acct_flag_valid[8] |
|
static |
Initial value:= {
false, true, true, false,
true, true, false, false,
}
Definition at line 932 of file base.c.
◆ acct_status_to_packet_code
Initial value:= {
}
@ FR_TACACS_CODE_ACCT_ERROR
@ FR_TACACS_CODE_ACCT_SUCCESS
@ FR_TAC_PLUS_ACCT_STATUS_SUCCESS
@ FR_TAC_PLUS_ACCT_STATUS_ERROR
Definition at line 892 of file base.c.
◆ attr_auth_type
◆ attr_chap_password
◆ attr_module_failure_message
◆ attr_module_success_message
◆ attr_packet_type
◆ attr_stripped_user_name
◆ attr_tacacs_accounting_flags
◆ attr_tacacs_accounting_status
◆ attr_tacacs_action
◆ attr_tacacs_authentication_action
◆ attr_tacacs_authentication_flags
◆ attr_tacacs_authentication_service
◆ attr_tacacs_authentication_status
◆ attr_tacacs_authentication_type
◆ attr_tacacs_authorization_status
◆ attr_tacacs_client_port
◆ attr_tacacs_data
◆ attr_tacacs_privilege_level
◆ attr_tacacs_remote_address
◆ attr_tacacs_sequence_number
◆ attr_tacacs_server_message
◆ attr_tacacs_session_id
◆ attr_tacacs_state
◆ attr_tacacs_user_message
◆ attr_user_name
◆ attr_user_password
◆ auth_config
Initial value:= {
}
#define CONF_PARSER_TERMINATOR
#define FR_CONF_POINTER(_name, _type, _flags, _res_p)
conf_parser_t which parses a single CONF_PAIR producing a single global result
@ CONF_FLAG_SUBSECTION
Instead of putting the information into a configuration structure, the configuration file routines MA...
static const conf_parser_t session_config[]
Definition at line 208 of file base.c.
◆ authen_status_to_packet_code
Initial value:= {
}
@ FR_TACACS_CODE_AUTH_GETDATA
@ FR_TACACS_CODE_AUTH_RESTART
@ FR_TACACS_CODE_AUTH_GETUSER
@ FR_TACACS_CODE_AUTH_GETPASS
@ FR_TACACS_CODE_AUTH_PASS
@ FR_TACACS_CODE_AUTH_FAIL
@ FR_TACACS_CODE_AUTH_ERROR
@ FR_TAC_PLUS_AUTHEN_STATUS_PASS
@ FR_TAC_PLUS_AUTHEN_STATUS_GETDATA
@ FR_TAC_PLUS_AUTHEN_STATUS_ERROR
@ FR_TAC_PLUS_AUTHEN_STATUS_GETUSER
@ FR_TAC_PLUS_AUTHEN_STATUS_FAIL
@ FR_TAC_PLUS_AUTHEN_STATUS_RESTART
@ FR_TAC_PLUS_AUTHEN_STATUS_GETPASS
Definition at line 366 of file base.c.
◆ author_status_to_packet_code
Initial value:= {
}
@ FR_TAC_PLUS_AUTHOR_STATUS_PASS_ADD
@ FR_TAC_PLUS_AUTHOR_STATUS_ERROR
@ FR_TAC_PLUS_AUTHOR_STATUS_FAIL
@ FR_TAC_PLUS_AUTHOR_STATUS_PASS_REPL
@ FR_TACACS_CODE_AUTZ_PASS_REPLACE
@ FR_TACACS_CODE_AUTZ_FAIL
@ FR_TACACS_CODE_AUTZ_PASS_ADD
@ FR_TACACS_CODE_AUTZ_ERROR
Definition at line 847 of file base.c.
◆ compile_list
◆ config
Initial value:= {
}
static const conf_parser_t auth_config[]
Definition at line 214 of file base.c.
◆ dict_freeradius
◆ dict_tacacs
◆ enum_auth_flags_noecho
◆ enum_auth_type_accept
◆ enum_auth_type_reject
◆ enum_tacacs_auth_type_ascii
◆ process_state
| fr_process_state_t const process_state[] |
|
static |
◆ process_tacacs
Initial value:= {
.common = {
.name = "tacacs",
},
}
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
static virtual_server_compile_t compile_list[]
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
static fr_dict_t const * dict_tacacs
static int mod_bootstrap(module_inst_ctx_t const *mctx)
static const conf_parser_t config[]
static int mod_instantiate(module_inst_ctx_t const *mctx)
static int instantiate(module_inst_ctx_t const *mctx)
Definition at line 1442 of file base.c.
◆ process_tacacs_dict
Initial value:= {
{ NULL }
}
fr_dict_t const * dict_freeradius
Definition at line 43 of file base.c.
◆ process_tacacs_dict_attr
◆ process_tacacs_dict_enum
Initial value:= {
{ NULL }
}
static fr_dict_attr_t const * attr_tacacs_authentication_flags
static fr_value_box_t const * enum_tacacs_auth_type_ascii
static fr_dict_attr_t const * attr_auth_type
static fr_value_box_t const * enum_auth_type_reject
static fr_value_box_t const * enum_auth_flags_noecho
static fr_value_box_t const * enum_auth_type_accept
static fr_dict_attr_t const * attr_tacacs_authentication_type
Definition at line 123 of file base.c.
◆ session_config
Initial value:= {
}
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition at line 199 of file base.c.
Include dependency graph for base.c:
1.9.1