The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rlm_chap.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 770156e5666917114753a2976460ecd582b8837c $
19 * @file rlm_chap.c
20 * @brief Process chap authentication requests.
21 *
22 * @copyright 2001,2006 The FreeRADIUS server project
23 */
24RCSID("$Id: 770156e5666917114753a2976460ecd582b8837c $")
25
26#define LOG_PREFIX mctx->mi->name
27
28#include <freeradius-devel/server/base.h>
29#include <freeradius-devel/server/password.h>
30#include <freeradius-devel/server/module_rlm.h>
31#include <freeradius-devel/server/cf_parse.h>
32#include <freeradius-devel/util/chap.h>
33#include <freeradius-devel/unlang/xlat_func.h>
34#include <freeradius-devel/unlang/call_env.h>
35
40
41static const conf_parser_t module_config[] = {
42 { FR_CONF_OFFSET_TYPE_FLAGS("min_challenge_len", FR_TYPE_SIZE, 0, rlm_chap_t, min_challenge_len), .dflt = "16" },
43 CONF_PARSER_TERMINATOR
44};
45
49
50static const call_env_method_t chap_xlat_method_env = { \
51 FR_CALL_ENV_METHOD_OUT(chap_xlat_call_env_t),
52 .env = (call_env_parser_t[]){
53 { FR_CALL_ENV_OFFSET("chap_challenge", FR_TYPE_OCTETS,
54 CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT,
55 chap_xlat_call_env_t,
56 chap_challenge), .pair.dflt = "&Chap-Challenge", .pair.dflt_quote = T_BARE_WORD },
57 CALL_ENV_TERMINATOR
58 }
59};
60
66
67static const call_env_method_t chap_autz_method_env = { \
68 FR_CALL_ENV_METHOD_OUT(chap_autz_call_env_t),
69 .env = (call_env_parser_t[]){
70 { FR_CALL_ENV_OFFSET("chap_password", FR_TYPE_OCTETS,
71 CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT,
72 chap_autz_call_env_t, chap_password),
73 .pair.dflt = "&Chap-Password", .pair.dflt_quote = T_BARE_WORD },
74 { FR_CALL_ENV_PARSE_OFFSET("chap_challenge", FR_TYPE_OCTETS,
75 CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT,
76 chap_autz_call_env_t, chap_challenge, chap_challenge_tmpl),
77 .pair.dflt = "&Chap-Challenge", .pair.dflt_quote = T_BARE_WORD },
78 CALL_ENV_TERMINATOR
79 }
80};
81
87
88static const call_env_method_t chap_auth_method_env = { \
89 FR_CALL_ENV_METHOD_OUT(chap_auth_call_env_t),
90 .env = (call_env_parser_t[]){
91 { FR_CALL_ENV_OFFSET("username", FR_TYPE_STRING,
92 CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_CONCAT,
93 chap_auth_call_env_t, username),
94 .pair.dflt = "&User-Name", .pair.dflt_quote = T_BARE_WORD },
95 { FR_CALL_ENV_OFFSET("chap_password", FR_TYPE_OCTETS,
96 CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT,
97 chap_auth_call_env_t, chap_password),
98 .pair.dflt = "&Chap-Password", .pair.dflt_quote = T_BARE_WORD },
99 { FR_CALL_ENV_OFFSET("chap_challenge", FR_TYPE_OCTETS,
100 CALL_ENV_FLAG_ATTRIBUTE | CALL_ENV_FLAG_REQUIRED | CALL_ENV_FLAG_NULLABLE | CALL_ENV_FLAG_CONCAT,
101 chap_auth_call_env_t, chap_challenge),
102 .pair.dflt = "&Chap-Challenge", .pair.dflt_quote = T_BARE_WORD },
103 CALL_ENV_TERMINATOR
104 }
105};
106
107static fr_dict_t const *dict_freeradius;
108
109extern fr_dict_autoload_t rlm_chap_dict[];
110fr_dict_autoload_t rlm_chap_dict[] = {
111 { .out = &dict_freeradius, .proto = "freeradius" },
112 { NULL }
113};
114
115static fr_dict_attr_t const *attr_auth_type;
116static fr_dict_attr_t const *attr_cleartext_password;
117
118extern fr_dict_attr_autoload_t rlm_chap_dict_attr[];
119fr_dict_attr_autoload_t rlm_chap_dict_attr[] = {
120 { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
121 { .out = &attr_cleartext_password, .name = "Password.Cleartext", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
122
123 { NULL }
124};
125
126static xlat_arg_parser_t const xlat_func_chap_password_args[] = {
127 { .required = true, .single = true, .type = FR_TYPE_STRING },
128 XLAT_ARG_PARSER_TERMINATOR
129};
130
131/** Produce a CHAP-Password hash value
132 *
133 * Example:
134@verbatim
135%chap.password(<password>) == 0x<id><md5_hash>
136@endverbatim
137 *
138 * @ingroup xlat_functions
139 */
140static xlat_action_t xlat_func_chap_password(TALLOC_CTX *ctx, fr_dcursor_t *out,
141 xlat_ctx_t const *xctx,
142 request_t *request, fr_value_box_list_t *in)
143{
144 rlm_chap_t const *inst = talloc_get_type_abort_const(xctx->mctx->mi->data, rlm_chap_t);
145 uint8_t chap_password[1 + FR_CHAP_CHALLENGE_LENGTH];
146 fr_value_box_t *vb;
147 uint8_t const *challenge;
148 size_t challenge_len;
149 fr_value_box_t *in_head = fr_value_box_list_head(in);
150 chap_xlat_call_env_t *env_data = talloc_get_type_abort(xctx->env_data, chap_xlat_call_env_t);
151
152 /*
153 * Use Chap-Challenge pair if present,
154 * Request Authenticator otherwise.
155 */
156 if ((env_data->chap_challenge.type == FR_TYPE_OCTETS) &&
157 (env_data->chap_challenge.vb_length >= inst->min_challenge_len)) {
158 challenge = env_data->chap_challenge.vb_octets;
159 challenge_len = env_data->chap_challenge.vb_length;
160 } else {
161 if (env_data->chap_challenge.type == FR_TYPE_OCTETS)
162 RWDEBUG("&request.CHAP-Challenge shorter than minimum length (%ld)", inst->min_challenge_len);
163 challenge = request->packet->vector;
164 challenge_len = RADIUS_AUTH_VECTOR_LENGTH;
165 }
166 fr_chap_encode(chap_password, (uint8_t)(fr_rand() & 0xff), challenge, challenge_len,
167 in_head->vb_strvalue, in_head->vb_length);
168
169 MEM(vb = fr_value_box_alloc_null(ctx));
170 fr_value_box_memdup(vb, vb, NULL, chap_password, sizeof(chap_password), false);
171 fr_dcursor_append(out, vb);
172
173 return XLAT_ACTION_DONE;
174}
175
176static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
177{
178 fr_pair_t *vp;
179 rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_chap_t);
180 chap_autz_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, chap_autz_call_env_t);
181
182 if (fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type) != NULL) {
183 RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", mctx->mi->name);
184 RETURN_MODULE_NOOP;
185 }
186
187 /*
188 * This case means the warnings below won't be printed
189 * unless there's a CHAP-Password in the request.
190 */
191 if (env_data->chap_password.type != FR_TYPE_OCTETS) {
192 RETURN_MODULE_NOOP;
193 }
194
195 /*
196 * Create the CHAP-Challenge if it wasn't already in the packet.
197 *
198 * This is so that the rest of the code does not need to
199 * understand CHAP.
200 */
201 if (env_data->chap_challenge.type != FR_TYPE_OCTETS) {
202 RDEBUG2("Creating %s from request authenticator", env_data->chap_challenge_tmpl->name);
203
204 MEM(vp = fr_pair_afrom_da(request->request_ctx, tmpl_attr_tail_da(env_data->chap_challenge_tmpl)));
205 fr_pair_value_memdup(vp, request->packet->vector, sizeof(request->packet->vector), true);
206 fr_pair_append(&request->request_pairs, vp);
207 }
208
209 if (!inst->auth_type) {
210 WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup CHAP authentication",
211 mctx->mi->name, mctx->mi->name);
212 RETURN_MODULE_NOOP;
213 }
214
215 if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) {
216 RETURN_MODULE_NOOP;
217 }
218
219 RETURN_MODULE_OK;
220}
221
222/*
223 * Find the named user in this modules database. Create the set
224 * of attribute-value pairs to check and reply with for this user
225 * from the database. The authentication code only needs to check
226 * the password, the rest is done here.
227 */
228static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
229{
230 rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_chap_t);
231 fr_pair_t *known_good;
232 uint8_t pass_str[1 + FR_CHAP_CHALLENGE_LENGTH];
233 chap_auth_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, chap_auth_call_env_t);
234
235 int ret;
236
237 fr_dict_attr_t const *allowed_passwords[] = { attr_cleartext_password };
238 bool ephemeral;
239
240 uint8_t const *challenge;
241 size_t challenge_len;
242
243 if (env_data->username.type != FR_TYPE_STRING) {
244 REDEBUG("&User-Name attribute is required for authentication");
245 RETURN_MODULE_INVALID;
246 }
247
248 if (env_data->chap_password.type != FR_TYPE_OCTETS) {
249 REDEBUG("You set '&control.Auth-Type = CHAP' for a request that "
250 "does not contain a CHAP-Password attribute!");
251 RETURN_MODULE_INVALID;
252 }
253
254 if (env_data->chap_password.vb_length == 0) {
255 REDEBUG("&request.CHAP-Password is empty");
256 RETURN_MODULE_INVALID;
257 }
258
259 if (env_data->chap_password.vb_length != FR_CHAP_CHALLENGE_LENGTH + 1) {
260 REDEBUG("&request.CHAP-Password has invalid length");
261 RETURN_MODULE_INVALID;
262 }
263
264 /*
265 * Retrieve the normalised version of
266 * the known_good password, without
267 * mangling the current password attributes
268 * in the request.
269 */
270 known_good = password_find(&ephemeral, request, request,
271 allowed_passwords, NUM_ELEMENTS(allowed_passwords),
272 false);
273 if (!known_good) {
274 REDEBUG("No \"known good\" password found for user");
275 RETURN_MODULE_FAIL;
276 }
277
278 /*
279 * Output is id + password hash
280 */
281
282 /*
283 * Use Chap-Challenge pair if present,
284 * Request Authenticator otherwise.
285 */
286 if ((env_data->chap_challenge.type == FR_TYPE_OCTETS) &&
287 (env_data->chap_challenge.vb_length >= inst->min_challenge_len)) {
288 challenge = env_data->chap_challenge.vb_octets;
289 challenge_len = env_data->chap_challenge.vb_length;
290 } else {
291 if (env_data->chap_challenge.type == FR_TYPE_OCTETS)
292 RWDEBUG("&request.CHAP-Challenge shorter than minimum length (%ld)", inst->min_challenge_len);
293 challenge = request->packet->vector;
294 challenge_len = RADIUS_AUTH_VECTOR_LENGTH;
295 }
296 fr_chap_encode(pass_str, env_data->chap_password.vb_octets[0], challenge, challenge_len,
297 known_good->vp_strvalue, known_good->vp_length);
298
299 /*
300 * The password_find function already emits
301 * a log message about the password attribute contents
302 * so we don't need to duplicate it here.
303 */
304 if (RDEBUG_ENABLED3) {
305 uint8_t const *p;
306 size_t length;
307
308 if (env_data->chap_challenge.type == FR_TYPE_OCTETS) {
309 RDEBUG2("Using challenge from &request.CHAP-Challenge");
310 p = env_data->chap_challenge.vb_octets;
311 length = env_data->chap_challenge.vb_length;
312 } else {
313 RDEBUG2("Using challenge from authenticator field");
314 p = request->packet->vector;
315 length = sizeof(request->packet->vector);
316 }
317
318 RINDENT();
319 RDEBUG3("CHAP challenge : %pH", fr_box_octets(p, length));
320 RDEBUG3("Client sent : %pH", fr_box_octets(env_data->chap_password.vb_octets + 1,
321 FR_CHAP_CHALLENGE_LENGTH));
322 RDEBUG3("We calculated : %pH", fr_box_octets(pass_str + 1, FR_CHAP_CHALLENGE_LENGTH));
323 REXDENT();
324 }
325
326 /*
327 * Skip the id field at the beginning of the
328 * password and chap response.
329 */
330 ret = fr_digest_cmp(pass_str + 1, env_data->chap_password.vb_octets + 1, FR_CHAP_CHALLENGE_LENGTH);
331 if (ephemeral) TALLOC_FREE(known_good);
332 if (ret != 0) {
333 REDEBUG("Password comparison failed: password is incorrect");
334
335 RETURN_MODULE_REJECT;
336 }
337
338 RDEBUG2("CHAP user \"%pV\" authenticated successfully", &env_data->username);
339
340 RETURN_MODULE_OK;
341}
342
343/*
344 * Create instance for our module. Allocate space for
345 * instance structure and read configuration parameters
346 */
347static int mod_instantiate(module_inst_ctx_t const *mctx)
348{
349 rlm_chap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_chap_t);
350
351 inst->auth_type = fr_dict_enum_by_name(attr_auth_type, mctx->mi->name, -1);
352 if (!inst->auth_type) {
353 WARN("Failed to find 'authenticate %s {...}' section. CHAP authentication will likely not work",
354 mctx->mi->name);
355 }
356
357 return 0;
358}
359
360static int mod_bootstrap(module_inst_ctx_t const *mctx)
361{
362 xlat_t *xlat;
363
364 if (unlikely((xlat = module_rlm_xlat_register(mctx->mi->boot, mctx, "password", xlat_func_chap_password,
365 FR_TYPE_OCTETS)) == NULL)) return -1;
366 xlat_func_args_set(xlat, xlat_func_chap_password_args);
367 xlat_func_call_env_set(xlat, &chap_xlat_method_env);
368
369 return 0;
370}
371
372/*
373 * The module name should be the only globally exported symbol.
374 * That is, everything else should be 'static'.
375 *
376 * If the module needs to temporarily modify it's instantiation
377 * data, the type should be changed to MODULE_TYPE_THREAD_UNSAFE.
378 * The server will then take care of ensuring that the module
379 * is single-threaded.
380 */
381extern module_rlm_t rlm_chap;
382module_rlm_t rlm_chap = {
383 .common = {
384 .magic = MODULE_MAGIC_INIT,
385 .name = "chap",
386 .inst_size = sizeof(rlm_chap_t),
387 .bootstrap = mod_bootstrap,
388 .config = module_config,
389 .instantiate = mod_instantiate
390 },
391 .method_group = {
392 .bindings = (module_method_binding_t[]){
393 { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate, .method_env = &chap_auth_method_env },
394 { .section = SECTION_NAME("recv", "Access-Request"), .method = mod_authorize, .method_env = &chap_autz_method_env },
395 MODULE_BINDING_TERMINATOR
396 }
397 }
398};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
RCSID
#define RCSID(id)
Definition build.h:483
unlikely
#define unlikely(_x)
Definition build.h:381
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:337
CALL_ENV_TERMINATOR
#define CALL_ENV_TERMINATOR
Definition call_env.h:231
FR_CALL_ENV_PARSE_OFFSET
#define FR_CALL_ENV_PARSE_OFFSET(_name, _cast_type, _flags, _struct, _field, _parse_field)
Specify a call_env_parser_t which writes out runtime results and the result of the parsing phase to t...
Definition call_env.h:360
call_env_method_s::env
call_env_parser_t const * env
Parsing rules for call method env.
Definition call_env.h:242
CALL_ENV_FLAG_CONCAT
@ CALL_ENV_FLAG_CONCAT
If the tmpl produced multiple boxes they should be concatenated.
Definition call_env.h:76
CALL_ENV_FLAG_ATTRIBUTE
@ CALL_ENV_FLAG_ATTRIBUTE
Tmpl must contain an attribute reference.
Definition call_env.h:86
CALL_ENV_FLAG_REQUIRED
@ CALL_ENV_FLAG_REQUIRED
Associated conf pair or section is required.
Definition call_env.h:75
CALL_ENV_FLAG_NULLABLE
@ CALL_ENV_FLAG_NULLABLE
Tmpl expansions are allowed to produce no output.
Definition call_env.h:80
FR_CALL_ENV_OFFSET
#define FR_CALL_ENV_OFFSET(_name, _cast_type, _flags, _struct, _field)
Specify a call_env_parser_t which writes out runtime results to the specified field.
Definition call_env.h:335
call_env_method_s
Definition call_env.h:239
call_env_parser_s
Per method call config.
Definition call_env.h:175
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:642
FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:241
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:579
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition cf_util.h:78
fr_chap_encode
void fr_chap_encode(uint8_t out[static 1+FR_CHAP_CHALLENGE_LENGTH], uint8_t id, uint8_t const *challenge, size_t challenge_len, char const *password, size_t password_len)
Encode a CHAP password.
Definition chap.c:34
FR_CHAP_CHALLENGE_LENGTH
#define FR_CHAP_CHALLENGE_LENGTH
Definition chap.h:33
fr_dcursor_append
static int fr_dcursor_append(fr_dcursor_t *cursor, void *v)
Insert a single item at the end of the list.
Definition dcursor.h:406
fr_dcursor_s
Definition dcursor.h:93
MEM
#define MEM(x)
Definition debug.h:36
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:268
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:281
fr_dict_enum_by_name
fr_dict_enum_value_t * fr_dict_enum_by_name(fr_dict_attr_t const *da, char const *name, ssize_t len)
Definition dict_util.c:3395
in
static fr_slen_t in
Definition dict.h:824
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:267
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:280
fr_dict_enum_value_t
Value of an enumerated attribute.
Definition dict.h:227
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
xlat_func_chap_password
static xlat_action_t xlat_func_chap_password(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Produce a CHAP-Password hash value.
Definition rlm_chap.c:140
REXDENT
#define REXDENT()
Exdent (unindent) R* messages by one level.
Definition log.h:443
RWDEBUG
#define RWDEBUG(fmt,...)
Definition log.h:361
RDEBUG_ENABLED3
#define RDEBUG_ENABLED3
True if request debug level 1-3 messages are enabled.
Definition log.h:335
RDEBUG3
#define RDEBUG3(fmt,...)
Definition log.h:343
RINDENT
#define RINDENT()
Indent R* messages by one level.
Definition log.h:430
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_SIZE
@ FR_TYPE_SIZE
Unsigned integer capable of representing any memory address on the local system.
Definition merged_model.c:115
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
tmpl_t
Definition merged_model.c:225
fr_digest_cmp
int fr_digest_cmp(uint8_t const *a, uint8_t const *b, size_t length)
Do a comparison of two authentication digests by comparing the FULL data.
Definition misc.c:472
module_ctx_t::env_data
void * env_data
Per call environment data.
Definition module_ctx.h:44
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
module_rlm_xlat_register
xlat_t * module_rlm_xlat_register(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx, char const *name, xlat_func_t func, fr_type_t return_type)
Definition module_rlm.c:257
module_rlm_section_type_set
bool module_rlm_section_type_set(request_t *request, fr_dict_attr_t const *type_da, fr_dict_enum_value_t const *enumv)
Set the next section type if it's not already set.
Definition module_rlm.c:427
module_rlm_s::common
module_t common
Common fields presented by all modules.
Definition module_rlm.h:39
module_rlm_s
Definition module_rlm.h:38
RADIUS_AUTH_VECTOR_LENGTH
#define RADIUS_AUTH_VECTOR_LENGTH
Definition net.h:89
fr_pair_value_memdup
int fr_pair_value_memdup(fr_pair_t *vp, uint8_t const *src, size_t len, bool tainted)
Copy data into an "octets" data type.
Definition pair.c:2981
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:693
fr_pair_append
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1345
fr_pair_afrom_da
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:283
password_find
fr_pair_t * password_find(bool *ephemeral, TALLOC_CTX *ctx, request_t *request, fr_dict_attr_t const *allowed_attrs[], size_t allowed_attrs_len, bool normify)
Find a "known good" password in the control list of a request.
Definition password.c:954
config
static const conf_parser_t config[]
Definition base.c:183
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient.h:52
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient.h:54
WARN
#define WARN(fmt,...)
Definition radclient.h:47
fr_rand
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
RETURN_MODULE_REJECT
#define RETURN_MODULE_REJECT
Definition rcode.h:55
RETURN_MODULE_NOOP
#define RETURN_MODULE_NOOP
Definition rcode.h:62
RETURN_MODULE_INVALID
#define RETURN_MODULE_INVALID
Definition rcode.h:59
RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition rcode.h:57
RETURN_MODULE_FAIL
#define RETURN_MODULE_FAIL
Definition rcode.h:56
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
rlm_chap_dict_attr
fr_dict_attr_autoload_t rlm_chap_dict_attr[]
Definition rlm_chap.c:119
chap_autz_method_env
static const call_env_method_t chap_autz_method_env
Definition rlm_chap.c:67
chap_auth_call_env_t::chap_password
fr_value_box_t chap_password
Definition rlm_chap.c:84
rlm_chap_t::auth_type
fr_dict_enum_value_t * auth_type
Definition rlm_chap.c:37
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition rlm_chap.c:107
chap_auth_call_env_t::chap_challenge
fr_value_box_t chap_challenge
Definition rlm_chap.c:85
rlm_chap_t::min_challenge_len
size_t min_challenge_len
Definition rlm_chap.c:38
mod_authenticate
static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_chap.c:228
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition rlm_chap.c:360
chap_autz_call_env_t::chap_password
fr_value_box_t chap_password
Definition rlm_chap.c:62
rlm_chap_dict
fr_dict_autoload_t rlm_chap_dict[]
Definition rlm_chap.c:110
chap_auth_method_env
static const call_env_method_t chap_auth_method_env
Definition rlm_chap.c:88
attr_auth_type
static fr_dict_attr_t const * attr_auth_type
Definition rlm_chap.c:115
xlat_func_chap_password_args
static xlat_arg_parser_t const xlat_func_chap_password_args[]
Definition rlm_chap.c:126
attr_cleartext_password
static fr_dict_attr_t const * attr_cleartext_password
Definition rlm_chap.c:116
mod_authorize
static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_chap.c:176
rlm_chap
module_rlm_t rlm_chap
Definition rlm_chap.c:382
chap_xlat_call_env_t::chap_challenge
fr_value_box_t chap_challenge
Definition rlm_chap.c:47
chap_xlat_method_env
static const call_env_method_t chap_xlat_method_env
Definition rlm_chap.c:50
chap_autz_call_env_t::chap_challenge_tmpl
tmpl_t * chap_challenge_tmpl
Definition rlm_chap.c:64
module_config
static const conf_parser_t module_config[]
Definition rlm_chap.c:41
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition rlm_chap.c:347
chap_auth_call_env_t::username
fr_value_box_t username
Definition rlm_chap.c:83
chap_autz_call_env_t::chap_challenge
fr_value_box_t chap_challenge
Definition rlm_chap.c:63
chap_auth_call_env_t
Definition rlm_chap.c:82
chap_autz_call_env_t
Definition rlm_chap.c:61
chap_xlat_call_env_t
Definition rlm_chap.c:46
rlm_chap_t
Definition rlm_chap.c:36
instantiate
static int instantiate(module_inst_ctx_t const *mctx)
Definition rlm_rest.c:1310
username
username
Definition rlm_securid.c:420
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
module_instance_s::name
char const * name
Instance name e.g. user_database.
Definition module.h:335
module_s::inst_size
size_t inst_size
Size of the module's instance data.
Definition module.h:203
module_instance_s::data
void * data
Module's instance data.
Definition module.h:271
module_instance_s::boot
void * boot
Data allocated during the boostrap phase.
Definition module.h:274
MODULE_BINDING_TERMINATOR
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition module.h:151
module_method_binding_s
Named methods exported by a module.
Definition module.h:173
tmpl_attr_tail_da
static fr_dict_attr_t const * tmpl_attr_tail_da(tmpl_t const *vpt)
Return the last attribute reference da.
Definition tmpl.h:812
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620
vp
fr_pair_t * vp
Definition state_machine.c:2262
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:282
T_BARE_WORD
@ T_BARE_WORD
Definition token.h:120
xlat_arg_parser_t::required
bool required
Argument must be present, and non-empty.
Definition xlat.h:148
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition xlat.h:168
xlat_action_t
xlat_action_t
Definition xlat.h:37
XLAT_ACTION_DONE
@ XLAT_ACTION_DONE
We're done evaluating this level of nesting.
Definition xlat.h:43
xlat_arg_parser_t
Definition for a single argument consumend by an xlat function.
Definition xlat.h:147
fr_value_box_memdup
int fr_value_box_memdup(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_dict_attr_t const *enumv, uint8_t const *src, size_t len, bool tainted)
Copy a buffer to a fr_value_box_t.
Definition value.c:4468
nonnull
int nonnull(2, 5))
fr_value_box_alloc_null
#define fr_value_box_alloc_null(_ctx)
Allocate a value box for later use with a value assignment function.
Definition value.h:632
out
static size_t char ** out
Definition value.h:997
fr_box_octets
#define fr_box_octets(_val, _len)
Definition value.h:288
xlat_ctx_s::env_data
void * env_data
Expanded call env data.
Definition xlat_ctx.h:53
xlat_ctx_s::mctx
module_ctx_t const * mctx
Synthesised module calling ctx.
Definition xlat_ctx.h:52
xlat_ctx_s
An xlat calling ctx.
Definition xlat_ctx.h:49
xlat_func_args_set
int xlat_func_args_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the arguments of an xlat.
Definition xlat_func.c:365
xlat_func_call_env_set
void xlat_func_call_env_set(xlat_t *x, call_env_method_t const *env_method)
Register call environment of an xlat.
Definition xlat_func.c:392
xlat_s
Definition xlat_priv.h:59
Generated by   doxygen 1.9.8