The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
base.c
Go to the documentation of this file.
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15  */
16 
17 /**
18  * $Id: dae4e9f1aa52c43da9b6e695203765d755ff207a $
19  * @file src/process/tls/base.c
20  * @brief TLS processing.
21  *
22  * @copyright 2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23  */
24 #include <freeradius-devel/server/protocol.h>
25 #include <freeradius-devel/util/debug.h>
26 #include <freeradius-devel/protocol/tls/freeradius.h>
27 
28 static fr_dict_t const *dict_tls;
29 
30 extern fr_dict_autoload_t process_tls_dict[];
31 fr_dict_autoload_t process_tls_dict[] = {
32  { .out = &dict_tls, .proto = "tls" },
33  { NULL }
34 };
35 
36 static fr_dict_attr_t const *attr_packet_type;
37 
38 extern fr_dict_attr_autoload_t process_tls_dict_attr[];
39 fr_dict_attr_autoload_t process_tls_dict_attr[] = {
40  { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_tls},
41  { NULL }
42 };
43 
44 typedef struct {
45  CONF_SECTION *load_session;
46  CONF_SECTION *store_session;
47  CONF_SECTION *clear_session;
48  CONF_SECTION *verify_certificate;
49 } process_tls_sections_t;
50 
51 typedef struct {
52  process_tls_sections_t sections;
53 } process_tls_t;
54 
55 #define FR_TLS_PACKET_CODE_VALID(_code) (((_code) > 0) && ((_code) <= FR_PACKET_TYPE_VALUE_NOTFOUND))
56 
57 #define PROCESS_INST process_tls_t
58 #define PROCESS_PACKET_TYPE uint32_t
59 #define PROCESS_PACKET_CODE_VALID FR_TLS_PACKET_CODE_VALID
60 
61 #include <freeradius-devel/server/process.h>
62 
63 static fr_process_state_t const process_state[] = {
64  [FR_PACKET_TYPE_VALUE_LOAD_SESSION] = {
65  .packet_type = {
66  [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
67  [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
68 
69  [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_FAILURE,
70  [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
71  [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
72  [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
73  [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
74  [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
75  },
76  .rcode = RLM_MODULE_NOOP,
77  .recv = recv_generic,
78  .resume = resume_recv_no_send,
79  .section_offset = PROCESS_CONF_OFFSET(load_session),
80  },
81  [FR_PACKET_TYPE_VALUE_STORE_SESSION] = {
82  .packet_type = {
83  [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
84  [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
85 
86  [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_FAILURE,
87  [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
88  [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
89  [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
90  [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
91  [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
92  },
93  .rcode = RLM_MODULE_NOOP,
94  .recv = recv_generic,
95  .resume = resume_recv_no_send,
96  .section_offset = PROCESS_CONF_OFFSET(store_session),
97  },
98  [FR_PACKET_TYPE_VALUE_CLEAR_SESSION] = {
99  .packet_type = {
100  [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
101  [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
102 
103  [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_FAILURE,
104  [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
105  [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
106  [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
107  [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
108  [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
109  },
110  .rcode = RLM_MODULE_NOOP,
111  .recv = recv_generic,
112  .resume = resume_recv_no_send,
113  .section_offset = PROCESS_CONF_OFFSET(clear_session),
114  },
115  [FR_PACKET_TYPE_VALUE_VERIFY_CERTIFICATE] = {
116  .packet_type = {
117  [RLM_MODULE_OK] = FR_PACKET_TYPE_VALUE_SUCCESS,
118  [RLM_MODULE_UPDATED] = FR_PACKET_TYPE_VALUE_SUCCESS,
119  [RLM_MODULE_NOOP] = FR_PACKET_TYPE_VALUE_SUCCESS,
120 
121  [RLM_MODULE_REJECT] = FR_PACKET_TYPE_VALUE_FAILURE,
122  [RLM_MODULE_FAIL] = FR_PACKET_TYPE_VALUE_FAILURE,
123  [RLM_MODULE_INVALID] = FR_PACKET_TYPE_VALUE_FAILURE,
124  [RLM_MODULE_DISALLOW] = FR_PACKET_TYPE_VALUE_FAILURE,
125  [RLM_MODULE_NOTFOUND] = FR_PACKET_TYPE_VALUE_NOTFOUND,
126  },
127  .rcode = RLM_MODULE_NOOP,
128  .recv = recv_generic,
129  .resume = resume_recv_no_send,
130  .section_offset = PROCESS_CONF_OFFSET(verify_certificate),
131  },
132 };
133 
134 static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
135 {
136  fr_process_state_t const *state;
137 
138  PROCESS_TRACE;
139 
140  (void)talloc_get_type_abort_const(mctx->mi->data, process_tls_t);
141 
142  request->component = "tls";
143  request->module = NULL;
144  fr_assert(request->dict == dict_tls);
145 
146  UPDATE_STATE(packet);
147 
148  log_request_pair_list(L_DBG_LVL_1, request, NULL, &request->request_pairs, NULL);
149 
150  return state->recv(p_result, mctx, request);
151 }
152 
153 static const virtual_server_compile_t compile_list[] = {
154  {
155  .section = SECTION_NAME("store", "session"),
156  .actions = &mod_actions_authorize,
157  .offset = PROCESS_CONF_OFFSET(store_session)
158  },
159  {
160  .section = SECTION_NAME("load", "session"),
161  .actions = &mod_actions_authorize,
162  .offset = PROCESS_CONF_OFFSET(load_session)
163  },
164  {
165  .section = SECTION_NAME("clear", "session"),
166  .actions = &mod_actions_authorize,
167  .offset = PROCESS_CONF_OFFSET(clear_session)
168  },
169  {
170  .section = SECTION_NAME("verify", "certificate"),
171  .actions = &mod_actions_authorize,
172  .offset = PROCESS_CONF_OFFSET(verify_certificate)
173  },
174  COMPILE_TERMINATOR
175 };
176 
177 
178 extern fr_process_module_t process_tls;
179 fr_process_module_t process_tls = {
180  .common = {
181  .magic = MODULE_MAGIC_INIT,
182  .name = "tls",
183  .inst_size = sizeof(process_tls_t)
184  },
185  .process = mod_process,
186  .compile_list = compile_list,
187  .dict = &dict_tls,
188 };
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:101
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition: dict.h:267
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition: dict.h:280
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition: dict.h:266
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition: dict.h:279
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:63
attr_packet_type
fr_dict_attr_t const * attr_packet_type
Definition: base.c:91
log_request_pair_list
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition: log.c:830
L_DBG_LVL_1
@ L_DBG_LVL_1
Highest priority debug messages (-x).
Definition: log.h:70
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
fr_dict_attr_t
Definition: merged_model.c:133
fr_dict_t
Definition: merged_model.c:198
request_t
Definition: merged_model.c:210
mod_actions_authorize
unlang_mod_actions_t const mod_actions_authorize
Definition: mod_action.c:44
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition: module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition: module_ctx.h:41
mod_process
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: base.c:134
process_tls
fr_process_module_t process_tls
Definition: base.c:179
dict_tls
static fr_dict_t const * dict_tls
Definition: base.c:28
compile_list
static const virtual_server_compile_t compile_list[]
Definition: base.c:153
process_tls_sections_t::store_session
CONF_SECTION * store_session
Definition: base.c:46
process_state
static fr_process_state_t const process_state[]
Definition: base.c:63
process_tls_dict
fr_dict_autoload_t process_tls_dict[]
Definition: base.c:31
process_tls_sections_t::load_session
CONF_SECTION * load_session
Definition: base.c:45
process_tls_sections_t::clear_session
CONF_SECTION * clear_session
Definition: base.c:47
process_tls_dict_attr
fr_dict_attr_autoload_t process_tls_dict_attr[]
Definition: base.c:39
process_tls_sections_t::verify_certificate
CONF_SECTION * verify_certificate
Definition: base.c:48
process_tls_t::sections
process_tls_sections_t sections
Definition: base.c:52
process_tls_sections_t
Definition: base.c:44
process_tls_t
Definition: base.c:51
PROCESS_TRACE
#define PROCESS_TRACE
Trace each state function as it's entered.
Definition: process.h:65
fr_process_module_s::common
module_t common
Common fields for all loadable modules.
Definition: process.h:55
fr_process_module_s
Common public symbol definition for all process modules.
Definition: process.h:54
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40
RLM_MODULE_INVALID
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition: rcode.h:45
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition: rcode.h:43
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition: rcode.h:42
RLM_MODULE_DISALLOW
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition: rcode.h:46
RLM_MODULE_REJECT
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition: rcode.h:41
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition: rcode.h:47
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition: rcode.h:49
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition: rcode.h:48
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition: section.h:40
module_instance_s::data
void * data
Module's instance data.
Definition: module.h:271
fr_assert
fr_assert(0)
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition: talloc.h:282
COMPILE_TERMINATOR
#define COMPILE_TERMINATOR
Definition: virtual_servers.h:111
virtual_server_compile_t::section
section_name_t const * section
Identifier for the section.
Definition: virtual_servers.h:101
virtual_server_compile_t
Processing sections which are allowed in this virtual server.
Definition: virtual_servers.h:100
Generated by   doxygen 1.9.1