The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
base.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 88c3e204d80bbc18ccdadaee5a5acebfe7316f2f $
19 * @file src/process/tls/base.c
20 * @brief TLS processing.
21 *
22 * @copyright 2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23 */
24#include <freeradius-devel/server/protocol.h>
25#include <freeradius-devel/unlang/interpret.h>
26#include <freeradius-devel/util/debug.h>
27#include <freeradius-devel/protocol/tls/freeradius.h>
28
29static fr_dict_t const *dict_tls;
30
31extern fr_dict_autoload_t process_tls_dict[];
32fr_dict_autoload_t process_tls_dict[] = {
33 { .out = &dict_tls, .proto = "tls" },
34 { NULL }
35};
36
37static fr_dict_attr_t const *attr_packet_type;
38
39extern fr_dict_attr_autoload_t process_tls_dict_attr[];
40fr_dict_attr_autoload_t process_tls_dict_attr[] = {
41 { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_tls},
42 { NULL }
43};
44
53
57
58#define FR_TLS_PACKET_CODE_VALID(_code) (((_code) > 0) && ((_code) <= FR_PACKET_TYPE_VALUE_NOTFOUND))
59
60#define PROCESS_INST process_tls_t
61#define PROCESS_PACKET_TYPE uint32_t
62#define PROCESS_CODE_DO_NOT_RESPOND FR_PACKET_TYPE_VALUE_FAILURE
63#define PROCESS_PACKET_CODE_VALID FR_TLS_PACKET_CODE_VALID
64
65#include <freeradius-devel/server/process.h>
66
67static fr_process_state_t const process_state[] = {
68 [FR_PACKET_TYPE_VALUE_LOAD_SESSION] = {
69 .packet_type = {
70 [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
71 [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
72
73 [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_FAILURE,
74 [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
75 [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
76 [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
77 [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
78 [RLM_MODULE_TIMEOUT] = FR_PACKET_TYPE_VALUE_FAILURE,
79 [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
80 },
81 .default_rcode = RLM_MODULE_NOOP,
82 .recv = recv_generic,
83 .resume = resume_recv_no_send,
84 .section_offset = PROCESS_CONF_OFFSET(load_session),
85 },
86 [FR_PACKET_TYPE_VALUE_STORE_SESSION] = {
87 .packet_type = {
88 [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
89 [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
90
91 [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_FAILURE,
92 [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
93 [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
94 [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
95 [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
96 [RLM_MODULE_TIMEOUT] = FR_PACKET_TYPE_VALUE_FAILURE,
97 [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
98 },
99 .default_rcode = RLM_MODULE_NOOP,
100 .recv = recv_generic,
101 .resume = resume_recv_no_send,
102 .section_offset = PROCESS_CONF_OFFSET(store_session),
103 },
104 [FR_PACKET_TYPE_VALUE_CLEAR_SESSION] = {
105 .packet_type = {
106 [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
107 [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
108
109 [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_FAILURE,
110 [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
111 [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
112 [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
113 [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
114 [RLM_MODULE_TIMEOUT] = FR_PACKET_TYPE_VALUE_FAILURE,
115 [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
116 },
117 .default_rcode = RLM_MODULE_NOOP,
118 .recv = recv_generic,
119 .resume = resume_recv_no_send,
120 .section_offset = PROCESS_CONF_OFFSET(clear_session),
121 },
122 [FR_PACKET_TYPE_VALUE_VERIFY_CERTIFICATE] = {
123 .packet_type = {
124 [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
125 [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
126 [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_SUCCESS,
127
128 [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
129 [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
130 [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
131 [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
132 [RLM_MODULE_TIMEOUT] = FR_PACKET_TYPE_VALUE_FAILURE,
133 [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
134 },
135 .default_rcode = RLM_MODULE_NOOP,
136 .recv = recv_generic,
137 .resume = resume_recv_no_send,
138 .section_offset = PROCESS_CONF_OFFSET(verify_certificate),
139 },
140 [FR_PACKET_TYPE_VALUE_NEW_SESSION] = {
141 .packet_type = {
142 [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
143 [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
144 [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_SUCCESS,
145
146 [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
147 [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
148 [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
149 [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
150 [RLM_MODULE_TIMEOUT] = FR_PACKET_TYPE_VALUE_FAILURE,
151 [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
152 },
153 .default_rcode = RLM_MODULE_NOOP,
154 .recv = recv_generic,
155 .resume = resume_recv_no_send,
156 .section_offset = PROCESS_CONF_OFFSET(new_session),
157 },
158 [FR_PACKET_TYPE_VALUE_ESTABLISH_SESSION] = {
159 .packet_type = {
160 [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
161 [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
162 [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_SUCCESS,
163
164 [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
165 [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
166 [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
167 [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
168 [RLM_MODULE_TIMEOUT] = FR_PACKET_TYPE_VALUE_FAILURE,
169 [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND
170 },
171 .default_rcode = RLM_MODULE_NOOP,
172 .recv = recv_generic,
173 .resume = resume_recv_no_send,
174 .section_offset = PROCESS_CONF_OFFSET(establish_session),
175 },
176};
177
178static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
179{
180 fr_process_state_t const *state;
181
182 PROCESS_TRACE;
183
184 (void)talloc_get_type_abort_const(mctx->mi->data, process_tls_t);
185
186 request->component = "tls";
187 request->module = NULL;
188 fr_assert(request->proto_dict == dict_tls);
189
190 UPDATE_STATE(packet);
191
192 log_request_pair_list(L_DBG_LVL_1, request, NULL, &request->request_pairs, NULL);
193
194 return state->recv(p_result, mctx, request);
195}
196
197static const virtual_server_compile_t compile_list[] = {
198 {
199 .section = SECTION_NAME("store", "session"),
200 .actions = &mod_actions_authorize,
201 .offset = PROCESS_CONF_OFFSET(store_session)
202 },
203 {
204 .section = SECTION_NAME("load", "session"),
205 .actions = &mod_actions_authorize,
206 .offset = PROCESS_CONF_OFFSET(load_session)
207 },
208 {
209 .section = SECTION_NAME("clear", "session"),
210 .actions = &mod_actions_authorize,
211 .offset = PROCESS_CONF_OFFSET(clear_session)
212 },
213 {
214 .section = SECTION_NAME("verify", "certificate"),
215 .actions = &mod_actions_authorize,
216 .offset = PROCESS_CONF_OFFSET(verify_certificate)
217 },
218 {
219 .section = SECTION_NAME("new", "session"),
220 .actions = &mod_actions_authorize,
221 .offset = PROCESS_CONF_OFFSET(new_session)
222 },
223 {
224 .section = SECTION_NAME("establish", "session"),
225 .actions = &mod_actions_authorize,
226 .offset = PROCESS_CONF_OFFSET(establish_session)
227 },
228 COMPILE_TERMINATOR
229};
230
231
232extern fr_process_module_t process_tls;
233fr_process_module_t process_tls = {
234 .common = {
235 .magic = MODULE_MAGIC_INIT,
236 .name = "tls",
237 MODULE_INST(process_tls_t),
238 MODULE_RCTX(process_rctx_t)
239 },
240 .process = mod_process,
241 .compile_list = compile_list,
242 .dict = &dict_tls,
243 .packet_type = &attr_packet_type
244};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:274
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:287
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:273
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:286
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
unlang_result_t
Definition interpret.h:133
attr_packet_type
fr_dict_attr_t const * attr_packet_type
Definition base.c:93
dict_tls
fr_dict_t const * dict_tls
Definition base.c:79
log_request_pair_list
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition log.c:828
L_DBG_LVL_1
@ L_DBG_LVL_1
Highest priority debug messages (-x).
Definition log.h:70
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
request_t
Definition merged_model.c:210
mod_actions_authorize
unlang_mod_actions_t const mod_actions_authorize
Definition mod_action.c:46
unlang_mod_actions_t::actions
unlang_mod_action_t actions[RLM_MODULE_NUMCODES]
Definition mod_action.h:64
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
mod_process
static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition base.c:188
compile_list
static const virtual_server_compile_t compile_list[]
Definition base.c:214
process_state
static fr_process_state_t const process_state[]
Definition base.c:69
process_tls_sections_t::establish_session
CONF_SECTION * establish_session
Definition base.c:51
process_tls
fr_process_module_t process_tls
Definition base.c:233
process_tls_sections_t::store_session
CONF_SECTION * store_session
Definition base.c:47
process_tls_dict
fr_dict_autoload_t process_tls_dict[]
Definition base.c:32
process_tls_sections_t::load_session
CONF_SECTION * load_session
Definition base.c:46
process_tls_sections_t::clear_session
CONF_SECTION * clear_session
Definition base.c:48
process_tls_dict_attr
fr_dict_attr_autoload_t process_tls_dict_attr[]
Definition base.c:40
process_tls_sections_t::verify_certificate
CONF_SECTION * verify_certificate
Definition base.c:49
process_tls_sections_t::new_session
CONF_SECTION * new_session
Definition base.c:50
process_tls_t::sections
process_tls_sections_t sections
Definition base.c:55
process_tls_sections_t
Definition base.c:45
process_tls_t
Definition base.c:54
PROCESS_TRACE
#define PROCESS_TRACE
Trace each state function as it's entered.
Definition process.h:55
PROCESS_CONF_OFFSET
#define PROCESS_CONF_OFFSET(_x)
Definition process.h:79
fr_process_module_t::common
module_t common
Common fields for all loadable modules.
Definition process_types.h:39
fr_process_module_t
Common public symbol definition for all process modules.
Definition process_types.h:38
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
RLM_MODULE_INVALID
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:45
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
RLM_MODULE_DISALLOW
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition rcode.h:46
RLM_MODULE_REJECT
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:41
RLM_MODULE_TIMEOUT
@ RLM_MODULE_TIMEOUT
Module (or section) timed out.
Definition rcode.h:50
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:47
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:49
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:48
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
module_instance_s::data
void * data
Module's instance data.
Definition module.h:291
MODULE_RCTX
#define MODULE_RCTX(_ctype)
Definition module.h:257
MODULE_INST
#define MODULE_INST(_ctype)
Definition module.h:255
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:287
virtual_server_compile_s::section
section_name_t const * section
Identifier for the section.
Definition virtual_servers.h:103
COMPILE_TERMINATOR
#define COMPILE_TERMINATOR
Definition virtual_servers.h:113
virtual_server_compile_s
Processing sections which are allowed in this virtual server.
Definition virtual_servers.h:102
Generated by   doxygen 1.9.8