The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
process.h
Go to the documentation of this file.
1#pragma once
2/*
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
16 */
17
18/**
19 * $Id: 500e3061c3050406ee666f89b59aea77ef979367 $
20 *
21 * @file src/lib/server/process.h
22 * @brief Declarations for functions which process packet state machines
23 *
24 * This is a convenience header to simplify defining packet processing state machines.
25 *
26 * The following macros must be defined before this header is included:
27 *
28 * - PROCESS_INST the type of structure that holds instance data for the process module.
29 * - PROCESS_PACKET_TYPE an enum, or generic type (uint32) that can hold
30 * all valid packet types.
31 * - PROCESS_PACKET_CODE_VALID the name of a macro or function which accepts one argument
32 * and evaluates to true if the packet code is valid.
33 *
34 * The following macros may (optionally) be defined before this header is included:
35 *
36 * - PROCESS_CODE_MAX the highest valid protocol packet code + 1.
37 * - PROCESS_CODE_DO_NOT_RESPOND The packet code that's used to indicate that no response
38 * should be sent.
39 * - PROCESS_STATE_EXTRA_FIELDS extra fields to add to the fr_process_state_t structure.
40 *
41 * @copyright 2021 The FreeRADIUS server project
42 * @copyright 2021 Network RADIUS SAS (legal@networkradius.com)
43 */
44#ifdef __cplusplus
45extern "C" {
46#endif
47
48#include <freeradius-devel/server/virtual_servers.h>
49#include <freeradius-devel/server/pair.h>
50#include <freeradius-devel/server/process_types.h>
51
52/** Trace each state function as it's entered
53 */
54#ifndef NDEBUG
55# define PROCESS_TRACE RDEBUG3("Entered state %s", __FUNCTION__)
56#else
57# define PROCESS_TRACE
58#endif
59
60/** Convenience macro for providing CONF_SECTION offsets in section compilation arrays
61 *
62 */
63#ifndef PROCESS_INST
64# error PROCESS_INST must be defined to the C type of the process instance e.g. process_bfd_t
65#endif
66
67#ifndef PROCESS_RCTX
68# define PROCESS_RCTX process_rctx_t
69#endif
70
71#if defined(PROCESS_RCTX) && defined(PROCESS_RCTX_EXTRA_FIELDS)
72# error Only one of PROCESS_RCTX (the type of the rctx struct) OR PROCESS_RCTX_EXTRA_FIELDS (extra fields for the common rctx struct) can be defined.
73#endif
74
75#ifndef PROCESS_RCTX_RESULT
76# define PROCESS_RCTX_RESULT result
77#endif
78
79#define PROCESS_CONF_OFFSET(_x) offsetof(PROCESS_INST, sections._x)
80#define RESULT_UNUSED UNUSED
81
82#if defined(PROCESS_INST) && defined(PROCESS_PACKET_TYPE) && defined(PROCESS_PACKET_CODE_VALID)
83typedef PROCESS_PACKET_TYPE fr_process_rcode_t[RLM_MODULE_NUMCODES];
84
85#ifndef PROCESS_STATE_EXTRA_FIELDS
86# define PROCESS_STATE_EXTRA_FIELDS
87#endif
88
89#ifndef PROCESS_RCTX_EXTRA_FIELDS
90# define PROCESS_RCTX_EXTRA_FIELDS
91#endif
92/*
93 * Process state machine tables for rcode to packet.
94 */
95typedef struct {
96 PROCESS_PACKET_TYPE packet_type[RLM_MODULE_NUMCODES]; //!< rcode to packet type mapping.
97 PROCESS_PACKET_TYPE default_reply; //!< if not otherwise set
98 size_t section_offset; //!< Where to look in the process instance for
99 ///< a pointer to the section we should execute.
100 rlm_rcode_t default_rcode; //!< Default rcode that's set in the frame we used to
101 ///< evaluate child sections.
102 rlm_rcode_t result_rcode; //!< Result rcode we return if the virtual server is
103 ///< being called using the `call` keyword.
104 module_method_t resume; //!< Function to call after running a recv section.
105
106 /*
107 * Each state has only one "recv" or "send".
108 */
109 union {
110 module_method_t recv; //!< Method to call when receiving this type of packet.
111 module_method_t send; //!< Method to call when sending this type of packet.
112 };
114} fr_process_state_t;
115
116typedef struct {
117 unlang_result_t result; //!< Result of the last section executed.
118 PROCESS_RCTX_EXTRA_FIELDS
119} process_rctx_t;
120
121/*
122 * Some protocols have the same packet codes for requests and replies.
123 */
124#ifndef PROCESS_SEND_RECV
125#define process_state_packet process_state
126#define process_state_reply process_state
127static fr_process_state_t const process_state[];
128#else
129static fr_process_state_t const process_state_packet[];
130static fr_process_state_t const process_state_reply[];
131#endif
132
133/*
134 * Process state machine functions
135 */
136#define UPDATE_STATE_CS(_x) \
137do { \
138 state = &process_state_ ## _x[request->_x->code]; \
139 memcpy(&cs, (CONF_SECTION * const *) (((uint8_t const *) &inst->sections) + state->section_offset), sizeof(cs)); \
140} while (0)
141
142#define UPDATE_STATE(_x) state = &process_state_ ## _x [request->_x->code]
143
144#define RECV(_x) static inline unlang_action_t recv_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
145#define SEND(_x) static inline unlang_action_t send_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
146#define SEND_NO_RESULT(_x) static inline unlang_action_t send_ ## _x(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
147#define RESUME(_x) static inline unlang_action_t resume_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
148#define RESUME_FLAG(_x, _p_result_flag, _mctx_flag) static inline unlang_action_t resume_ ## _x(_p_result_flag unlang_result_t *p_result, _mctx_flag module_ctx_t const *mctx, request_t *request)
149
150/** Returns the current rcode then resets it for the next module call
151 *
152 */
153static inline CC_HINT(always_inline) unlang_result_t *process_result_reset(unlang_result_t *p_result, fr_process_state_t const *state)
154{
155 p_result->rcode = state->default_rcode;
156 p_result->priority = MOD_ACTION_NOT_SET;
157 return p_result;
158}
159
160#define RESULT_RCODE (((PROCESS_RCTX *)mctx->rctx)->result.rcode)
161#define RESULT_P process_result_reset(&(((PROCESS_RCTX *)mctx->rctx)->result), state)
162
163/** Call a module method with a new rctx
164 *
165 * @note This should be used to add a rctxs when calling the initial recv section.
166 *
167 * @param[out] p_result Pointer to the result code.
168 * @param[in] mctx Module context.
169 * @param[in] request Request.
170 * @param[in] method Method to call.
171 * @param[in] rctx Resume context to use to override the one in the mctx.
172 * @return Result of the method call.
173 */
174static inline CC_HINT(always_inline)
175unlang_action_t process_with_rctx(unlang_result_t *p_result, module_ctx_t const *mctx,
176 request_t *request, module_method_t method, void *rctx)
177{
178 module_ctx_t our_mctx = *mctx;
179 our_mctx.rctx = rctx;
180
181 return method(p_result, &our_mctx, request);
182}
183
184/** Call a named recv function directly
185 */
186#define CALL_RECV(_x) recv_ ## _x(p_result, mctx, request)
187
188/** Call a named recv function directly with a new rctx
189 */
190#define CALL_RECV_RCTX(_x, _rctx) process_with_rctx(p_result, mctx, request, recv_ ## _x, _rctx);
191
192/** Call a named send function directly
193 */
194#define CALL_SEND(_x) send_ ## _x(p_result, mctx, request)
195
196/** Call a named resume function directly
197 */
198#define CALL_RESUME(_x) resume_ ## _x(p_result, mctx, request)
199
200/** Call the send function for the current state
201 */
202#define CALL_SEND_STATE(_state) state->send(p_result, mctx, request)
203
204/** Set the current reply code, and call the send function for that state
205 */
206#define CALL_SEND_TYPE(_x) call_send_type(process_state_reply[(request->reply->code = _x)].send, p_result, mctx, request)
207
208static inline unlang_action_t call_send_type(module_method_t send, \
209 unlang_result_t *p_result, module_ctx_t const *mctx,
210 request_t *request)
211{
212 /*
213 * Stupid hack to stop this being honoured
214 * by send_generic.
215 */
217 return send(p_result, mctx, request);
218}
219
220RECV(generic)
221{
222 CONF_SECTION *cs;
223 fr_process_state_t const *state;
224 PROCESS_INST *inst = mctx->mi->data;
225
227
228 UPDATE_STATE_CS(packet);
229
230 if (!state->recv) {
231 char const *name;
232
234 if (name) {
235 REDEBUG("Invalid packet type (%s)", name);
236 } else {
237 REDEBUG("Invalid packet type (%u)", request->packet->code);
238 }
240 }
241
242
243 if (cs) RDEBUG("Running '%s %s' from file %s", cf_section_name1(cs), cf_section_name2(cs), cf_filename(cs));
244 return unlang_module_yield_to_section(RESULT_P, request,
245 cs, state->default_rcode, state->resume,
246 NULL, 0, mctx->rctx);
247}
248
249RESUME(recv_generic)
250{
251 rlm_rcode_t rcode = RESULT_RCODE;
252 fr_process_state_t const *state;
253
255
257
258 UPDATE_STATE(packet);
259
260 request->reply->code = state->packet_type[rcode];
261 if (!request->reply->code) request->reply->code = state->default_reply;
262#ifdef PROCESS_CODE_DO_NOT_RESPOND
263 if (!request->reply->code) request->reply->code = PROCESS_CODE_DO_NOT_RESPOND;
264
265#endif
266 fr_assert(PROCESS_PACKET_CODE_VALID(request->reply->code));
267
268 UPDATE_STATE(reply);
269 fr_assert(state->send != NULL);
270 return state->send(p_result, mctx, request);
271}
272
273RESUME_FLAG(recv_no_send,UNUSED,UNUSED)
274{
275 rlm_rcode_t rcode = RESULT_RCODE;
276 fr_process_state_t const *state;
277
279
281
282 UPDATE_STATE(packet);
283
284 request->reply->code = state->packet_type[rcode];
285 if (!request->reply->code) request->reply->code = state->default_reply;
286#ifdef PROCESS_CODE_DO_NOT_RESPOND
287 if (!request->reply->code) request->reply->code = PROCESS_CODE_DO_NOT_RESPOND;
288
289#endif
290 fr_assert(request->reply->code != 0);
291
293}
294
295SEND_NO_RESULT(generic)
296{
297 fr_pair_t *vp;
298 CONF_SECTION *cs;
299 fr_process_state_t const *state;
300 PROCESS_INST *inst = mctx->mi->data;
301
303
304#ifndef NDEBUG
305 if (!(
307 (request->reply->code == PROCESS_CODE_DO_NOT_RESPOND) ||
308# endif
309 PROCESS_PACKET_CODE_VALID(request->reply->code))) fr_assert(0);
310#endif
311
312 UPDATE_STATE_CS(reply);
313
314 /*
315 * Allow for over-ride of reply code, IF it's
316 * within range, AND we've pre-compiled the
317 * unlang.
318 *
319 * Add reply->packet-type in case we're
320 * being called via the `call {}` keyword.
321 *
322 * @todo - enforce that this is an allowed reply for the
323 * request.
324 */
326 case 0: /* Does not exist */
327 update_packet_type:
328 vp->vp_uint32 = request->reply->code;
329 break;
330
331 case 1: /* Exists */
332 if (
333#ifdef PROCESS_CODE_MAX
334 (vp->vp_uint32 != PROCESS_CODE_MAX) &&
335#endif
336 PROCESS_PACKET_CODE_VALID(vp->vp_uint32) &&
337 process_state_reply[vp->vp_uint32].send) {
338 request->reply->code = vp->vp_uint32;
339 UPDATE_STATE_CS(reply);
340 break;
341 }
342
343 RWDEBUG("Ignoring invalid packet-type reply.%pP", vp);
344 goto update_packet_type;
345
346 default:
347 MEM(0);
348 }
349
350 if (cs) {
351 RDEBUG("Running '%s %s' from file %s", cf_section_name1(cs), cf_section_name2(cs), cf_filename(cs));
352 } else {
353 char const *name;
354
356 if (name) {
357 RWDEBUG("No 'send %s { ... } section was found.", name);
358 } else {
359 RWDEBUG("No 'send %u { ... } section was found.", request->reply->code);
360 }
361 }
362
363 return unlang_module_yield_to_section(RESULT_P, request,
364 cs, state->default_rcode, state->resume,
365 NULL, 0, mctx->rctx);
366}
367
368RESUME(send_generic)
369{
370 rlm_rcode_t rcode = RESULT_RCODE;
371 CONF_SECTION *cs;
372 fr_process_state_t const *state;
373 PROCESS_INST *inst = mctx->mi->data;
374
376
377#ifndef NDEBUG
378 if (!(
380 (request->reply->code == PROCESS_CODE_DO_NOT_RESPOND) ||
381# endif
382 PROCESS_PACKET_CODE_VALID(request->reply->code))) fr_assert(0);
383#endif
384 /*
385 * If they delete &reply.Packet-Type, tough for them.
386 */
387 UPDATE_STATE_CS(reply);
388
390 switch (state->packet_type[rcode]) {
391 case 0: /* don't change the reply */
392 p_result->rcode = state->result_rcode;
393 break;
394
395 default:
396 /*
397 * If we're in the "do not respond" situation,
398 * then don't change the packet code to something
399 * else. However, if we're in (say) Accept, and
400 * the code says Reject, then go do reject.
401 *
402 * The author of the state machine MUST ensure
403 * that there isn't a loop in the state machine
404 * definitions.
405 */
406 if (
408 (request->reply->code != PROCESS_CODE_DO_NOT_RESPOND) &&
409#endif
410 (state->packet_type[rcode] != request->reply->code)) {
411 char const *old = cf_section_name2(cs);
412
413 request->reply->code = state->packet_type[rcode];
414 UPDATE_STATE_CS(reply);
415
416 RWDEBUG("Failed running 'send %s', changing reply to %s", old, cf_section_name2(cs));
417
418 return unlang_module_yield_to_section(RESULT_P, request,
419 cs, state->default_rcode, state->send,
420 NULL, 0, mctx->rctx);
421 }
422 p_result->rcode = state->result_rcode;
423
424 fr_assert(!state->packet_type[rcode] || (state->packet_type[rcode] == request->reply->code));
425 break;
426
427#ifdef PROCESS_CODE_DO_NOT_RESPOND
429 /*
430 * There might not be send section defined
431 */
432 if (cs) {
433 RDEBUG("The 'send %s' section returned %s - not sending a response",
435 fr_table_str_by_value(rcode_table, rcode, "<INVALID>"));
436 }
437 request->reply->code = PROCESS_CODE_DO_NOT_RESPOND;
438 p_result->rcode = state->result_rcode;
439 break;
440#endif
441 }
442
443
444 request->reply->timestamp = fr_time();
445
446#ifdef PROCESS_CODE_DO_NOT_RESPOND
447 /*
448 * Check for "do not respond".
449 */
450 if (request->reply->code == PROCESS_CODE_DO_NOT_RESPOND) {
451 RDEBUG("Not sending reply to client");
452 p_result->rcode = RLM_MODULE_HANDLED;
454 }
455#endif
456
458}
459
460#ifdef PROCESS_CODE_DYNAMIC_CLIENT
461RESUME_FLAG(new_client_done,,UNUSED)
462{
463 p_result->rcode = RLM_MODULE_OK;
464
465 request->reply->timestamp = fr_time();
466
468}
469
470RESUME(new_client)
471{
472 rlm_rcode_t rcode = RESULT_RCODE;
473 CONF_SECTION *cs;
474 PROCESS_INST const *inst = mctx->mi->data;
475 fr_process_state_t const *state;
476
477 UPDATE_STATE(reply);
478
479 switch (rcode) {
480 case RLM_MODULE_OK:
482 RDEBUG("new client was successful.");
483 cs = inst->sections.add_client;
484 request->reply->code = PROCESS_CODE_DYNAMIC_CLIENT;
485 break;
486
487 default:
488 RDEBUG("new client was denied.");
489 cs = inst->sections.deny_client;
490 request->reply->code = PROCESS_CODE_DO_NOT_RESPOND;
491 break;
492 }
493
494 request->component = NULL;
495 request->module = NULL;
496
497 if (!cs) {
498 p_result->rcode = RLM_MODULE_OK;
499 request->reply->timestamp = fr_time();
501 }
502
503 RDEBUG("Running '%s %s' from file %s", cf_section_name1(cs), cf_section_name2(cs), cf_filename(cs));
504 return unlang_module_yield_to_section(RESULT_P, request,
505 cs, RLM_MODULE_FAIL, resume_new_client_done,
506 NULL, 0, mctx->rctx);
507}
508
509static inline unlang_action_t new_client(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
510{
511 CONF_SECTION *cs;
512 PROCESS_INST const *inst = mctx->mi->data;
513 fr_process_state_t const *state;
514
515 UPDATE_STATE(packet);
516
518 fr_assert(inst->sections.new_client != NULL);
519 cs = inst->sections.new_client;
520
521 RDEBUG("Running '%s %s' from file %s", cf_section_name1(cs), cf_section_name2(cs), cf_filename(cs));
522 return unlang_module_yield_to_section(RESULT_P, request,
523 cs, RLM_MODULE_FAIL, resume_new_client,
524 NULL, 0, mctx->rctx);
525}
526
527#define DYNAMIC_CLIENT_SECTIONS \
528 { \
529 .section = SECTION_NAME("new", "client"), \
530 .actions = &mod_actions_authorize, \
531 .offset = PROCESS_CONF_OFFSET(new_client), \
532 }, \
533 { \
534 .section = SECTION_NAME("add", "client"), \
535 .actions = &mod_actions_authorize, \
536 .offset = PROCESS_CONF_OFFSET(add_client), \
537 }, \
538 { \
539 .section = SECTION_NAME("deny", "client"), \
540 .actions = &mod_actions_authorize, \
541 .offset = PROCESS_CONF_OFFSET(deny_client), \
542 }
543
544#endif /* PROCESS_DYNAMIC_CLIENT */
545
546#endif /* defined(PROCESS_INST) && defined(PROCESS_PACKET_TYPE) && defined(PROCESS_PACKET_CODE_VALID) */
547
548#ifdef __cplusplus
549}
550#endif
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
#define UNUSED
Definition build.h:317
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1184
char const * cf_section_name1(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1170
#define cf_filename(_cf)
Definition cf_util.h:107
#define MEM(x)
Definition debug.h:36
static fr_dict_attr_t const * attr_packet_type
Definition dhcpclient.c:89
char const * fr_dict_enum_name_by_value(fr_dict_attr_t const *da, fr_value_box_t const *value)
Lookup the name of an enum value in a fr_dict_attr_t.
Definition dict_util.c:3426
unlang_mod_action_t priority
The priority or action for that rcode.
Definition interpret.h:136
rlm_rcode_t rcode
The current rcode, from executing the instruction or merging the result from a frame.
Definition interpret.h:134
#define RWDEBUG(fmt,...)
Definition log.h:361
@ MOD_ACTION_NOT_SET
Definition mod_action.h:40
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
void * rctx
Resume ctx that a module previously set.
Definition module_ctx.h:45
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
#define PROCESS_PACKET_TYPE
Definition base.c:62
#define PROCESS_CODE_MAX
Definition base.c:63
static fr_process_state_t const process_state[]
Definition base.c:69
#define PROCESS_PACKET_CODE_VALID
Definition base.c:65
#define PROCESS_INST
Definition base.c:66
#define PROCESS_CODE_DO_NOT_RESPOND
Definition base.c:64
static fr_process_state_t const process_state_reply[]
Definition base.c:195
RESUME_FLAG(recv_bfd, UNUSED,)
Definition base.c:119
static fr_process_state_t const process_state_packet[]
Definition base.c:158
#define PROCESS_CODE_DYNAMIC_CLIENT
Definition base.c:132
#define PROCESS_STATE_EXTRA_FIELDS
Definition base.c:187
RECV(for_any_server)
Validate a solicit/rebind/confirm message.
Definition base.c:401
#define PROCESS_TRACE
Trace each state function as it's entered.
Definition process.h:55
#define fr_assert(_expr)
Definition rad_assert.h:38
#define REDEBUG(fmt,...)
Definition radclient.h:52
#define RDEBUG(fmt,...)
Definition radclient.h:53
fr_table_num_sorted_t const rcode_table[]
Definition rcode.c:35
#define RETURN_UNLANG_FAIL
Definition rcode.h:57
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:49
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:51
@ RLM_MODULE_HANDLED
The module handled the request, so stop.
Definition rcode.h:44
static char const * name
void * data
Module's instance data.
Definition module.h:291
unlang_action_t(* module_method_t)(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Module section callback.
Definition module.h:69
#define pair_update_reply(_attr, _da)
Return or allocate a fr_pair_t in the reply list.
Definition pair.h:129
#define pair_delete_reply(_pair_or_da)
Delete a fr_pair_t in the reply list.
Definition pair.h:181
unlang_action_t unlang_module_yield_to_section(unlang_result_t *p_result, request_t *request, CONF_SECTION *subcs, rlm_rcode_t default_rcode, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Definition module.c:249
eap_aka_sim_process_conf_t * inst
#define RESUME(_x)
fr_pair_t * vp
#define fr_time()
Allow us to arbitrarily manipulate time.
Definition state_test.c:8
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
#define fr_box_uint32(_val)
Definition value.h:331