rlm_eap.c File Reference

Implements the EAP framework. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/server/dl_module.h>
#include <freeradius-devel/protocol/freeradius/freeradius.internal.h>
#include <freeradius-devel/unlang/interpret.h>
#include <freeradius-devel/unlang/module.h>
#include "rlm_eap.h"

Include dependency graph for rlm_eap.c:

Go to the source code of this file.

Data Structures
struct	eap_auth_rctx_t
	Resume context for calling a submodule. More...

Macros
#define	LOG_PREFIX   mctx->mi->name

Functions
static ssize_t	eap_identity_is_nai_with_realm (char const *identity)
	Basic tests to determine if an identity is a valid NAI.
static unlang_action_t	eap_method_select (unlang_result_t *p_result, module_ctx_t const *mctx, eap_session_t *eap_session)
	Select the correct callback based on a response.
static eap_type_t	eap_process_nak (module_ctx_t const *mctx, request_t *request, eap_type_t last_type, eap_type_data_t *nak)
	Process NAK data from EAP peer.
static int	eap_type_parse (UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
	Convert EAP type strings to eap_type_t values.
static unlang_action_t	mod_authenticate (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
static void	mod_authenticate_cancel (module_ctx_t const *mctx, request_t *request, UNUSED fr_signal_t action)
	Cancel a call to a submodule.
static unlang_action_t	mod_authenticate_result (unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request, eap_session_t *eap_session, unlang_result_t *submodule_result)
	Process the result of calling a submodule.
static unlang_action_t	mod_authenticate_result_async (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
	Call mod_authenticate_result asynchronously from the unlang interpreter.
static unlang_action_t	mod_authorize (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
static int	mod_instantiate (module_inst_ctx_t const *mctx)
static int	mod_load (void)
static unlang_action_t	mod_post_auth (unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
static void	mod_unload (void)
static int	submodule_parse (TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
static int	submodule_parse (TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
	Loads submodules based on type = foo pairs.

Variables
static fr_dict_attr_t const *	attr_auth_type
static fr_dict_attr_t const *	attr_eap_identity
static fr_dict_attr_t const *	attr_eap_message
static fr_dict_attr_t const *	attr_eap_type
static fr_dict_attr_t const *	attr_message_authenticator
static fr_dict_attr_t const *	attr_module_failure_message
static fr_dict_attr_t const *	attr_state
static fr_dict_attr_t const *	attr_stripped_user_domain
static fr_dict_attr_t const *	attr_user_name
static fr_dict_t const *	dict_freeradius
static fr_dict_t const *	dict_radius
static const conf_parser_t	module_config []
static fr_table_num_sorted_t const	require_identity_realm_table []
static size_t	require_identity_realm_table_len = NUM_ELEMENTS(require_identity_realm_table)
module_rlm_t	rlm_eap
fr_dict_autoload_t	rlm_eap_dict []
fr_dict_attr_autoload_t	rlm_eap_dict_attr []

Detailed Description

Implements the EAP framework.

Id

fa78a6e47aa6b70bb853b3151840f996d053fa61

Copyright

2000-2003,2006 The FreeRADIUS server project

2001 hereUare Communications, Inc. (raghu.nosp@m.d@he.nosp@m.reuar.nosp@m.e.co.nosp@m.m)

2003 Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)

Definition in file rlm_eap.c.

---

Data Structure Documentation

eap_auth_rctx_t

struct eap_auth_rctx_t

Resume context for calling a submodule.

Definition at line 44 of file rlm_eap.c.

Collaboration diagram for eap_auth_rctx_t:

Data Fields
char const *	caller	Original caller.
eap_session_t *	eap_session	The eap_session we're continuing.
rlm_eap_t *	inst	Instance of the rlm_eap module.
rlm_rcode_t	rcode	The result of the submodule.

Macro Definition Documentation

LOG_PREFIX

#define LOG_PREFIX   mctx->mi->name

Definition at line 28 of file rlm_eap.c.

Function Documentation

eap_identity_is_nai_with_realm()

static ssize_t eap_identity_is_nai_with_realm ( char const *  identity )

static

Basic tests to determine if an identity is a valid NAI.

In this version we mostly just care about realm.

Parameters

[in]

identity

to check.

Returns

• The length of the string on success.
• <= 0 a negative offset specifying where the format error occurred.

Definition at line 535 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

eap_method_select()

static unlang_action_t eap_method_select ( unlang_result_t *  p_result, module_ctx_t const *  mctx, eap_session_t *  eap_session  )

static

Select the correct callback based on a response.

Based on the EAP response from the supplicant, and setup a call on the unlang stack to the appropriate submodule.

Default to the configured EAP-Type for all Unsupported EAP-Types.

Parameters

[out]	p_result	the result of the operation.
[in]	mctx	module calling ctx.
[in]	eap_session	State data that persists over multiple rounds of EAP.

Returns

• UNLANG_ACTION_CALCULATE_RESULT + p_result->rcode = RLM_MODULE_INVALID. Invalid request.
• UNLANG_ACTION_PUSHED_CHILD Yield control back to the interpreter so it can call the submodule.

Definition at line 587 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

eap_process_nak()

static eap_type_t eap_process_nak ( module_ctx_t const *  mctx, request_t *  request, eap_type_t  last_type, eap_type_data_t *  nak  )

static

Process NAK data from EAP peer.

Definition at line 231 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

eap_type_parse()

static int eap_type_parse ( UNUSED TALLOC_CTX *  ctx, void *  out, UNUSED void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

Convert EAP type strings to eap_type_t values.

Parameters

[in]	ctx	unused.
[out]	out	Where to write the eap_type_t value we found.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the EAP method.
[in]	rule	unused.

Returns

• 0 on success.
• -1 on failure.

Definition at line 208 of file rlm_eap.c.

Here is the call graph for this function:

mod_authenticate()

static unlang_action_t mod_authenticate ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Definition at line 870 of file rlm_eap.c.

Here is the call graph for this function:

mod_authenticate_cancel()

static void mod_authenticate_cancel ( module_ctx_t const *  mctx, request_t *  request, UNUSED fr_signal_t  action  )

static

Cancel a call to a submodule.

Parameters

[in]	mctx	module calling ctx.
[in]	request	The current request.
[in]	action	to perform.

Definition at line 390 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_authenticate_result()

static unlang_action_t mod_authenticate_result ( unlang_result_t *  p_result, UNUSED module_ctx_t const *  mctx, request_t *  request, eap_session_t *  eap_session, unlang_result_t *  submodule_result  )

static

Process the result of calling a submodule.

Parameters

[out]	p_result	Result of calling the module, one of: RLM_MODULE_INVALID if the request or EAP session state is invalid. RLM_MODULE_OK if this round succeeded. RLM_MODULE_HANDLED if we're done with this round. RLM_MODULE_REJECT if the user should be rejected.
[in]	request	The current request.
[in]	mctx	module calling ctx.
[in]	eap_session	the EAP session
[in]	submodule_result	the input result from the submodule

Definition at line 420 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_authenticate_result_async()

static unlang_action_t mod_authenticate_result_async ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Call mod_authenticate_result asynchronously from the unlang interpreter.

Parameters

[out]	p_result	The result of the operation.
[in]	mctx	module calling ctx.
[in]	request	the current request.

Returns

The result of this round of authentication.

Definition at line 518 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_authorize()

static unlang_action_t mod_authorize ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Definition at line 935 of file rlm_eap.c.

Here is the call graph for this function:

mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx )

static

Definition at line 1067 of file rlm_eap.c.

Here is the call graph for this function:

mod_load()

static int mod_load ( void  )

static

Definition at line 1185 of file rlm_eap.c.

Here is the call graph for this function:

mod_post_auth()

static unlang_action_t mod_post_auth ( unlang_result_t *  p_result, module_ctx_t const *  mctx, request_t *  request  )

static

Definition at line 974 of file rlm_eap.c.

Here is the call graph for this function:

mod_unload()

static void mod_unload ( void  )

static

Definition at line 1194 of file rlm_eap.c.

Here is the call graph for this function:

submodule_parse() [1/2]

static int submodule_parse ( TALLOC_CTX *  ctx, void *  out, UNUSED void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

submodule_parse() [2/2]

static int submodule_parse ( TALLOC_CTX *  ctx, void *  out, void *  parent, CONF_ITEM *  ci, conf_parser_t const *  rule  )

static

Loads submodules based on type = foo pairs.

Parameters

[in]	ctx	to allocate data in (instance of rlm_eap_t).
[out]	out	Where to write child conf section to.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the type module.
[in]	rule	unused.

Returns

• 0 on success.
• -1 on failure.

Definition at line 134 of file rlm_eap.c.

Here is the call graph for this function:

Variable Documentation

attr_auth_type

fr_dict_attr_t const* attr_auth_type

static

Definition at line 92 of file rlm_eap.c.

attr_eap_identity

fr_dict_attr_t const* attr_eap_identity

static

Definition at line 94 of file rlm_eap.c.

attr_eap_message

fr_dict_attr_t const* attr_eap_message

static

Definition at line 98 of file rlm_eap.c.

attr_eap_type

fr_dict_attr_t const* attr_eap_type

static

Definition at line 93 of file rlm_eap.c.

attr_message_authenticator

fr_dict_attr_t const* attr_message_authenticator

static

Definition at line 99 of file rlm_eap.c.

attr_module_failure_message

fr_dict_attr_t const* attr_module_failure_message

static

Definition at line 96 of file rlm_eap.c.

attr_state

fr_dict_attr_t const* attr_state

static

Definition at line 100 of file rlm_eap.c.

attr_stripped_user_domain

fr_dict_attr_t const* attr_stripped_user_domain

static

Definition at line 95 of file rlm_eap.c.

attr_user_name

fr_dict_attr_t const* attr_user_name

static

Definition at line 101 of file rlm_eap.c.

dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 82 of file rlm_eap.c.

dict_radius

fr_dict_t const* dict_radius

static

Definition at line 83 of file rlm_eap.c.

module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("require_identity_realm", rlm_eap_t, require_realm),
                         .func = cf_table_parse_int,
                         .uctx = &(cf_table_parse_ctx_t){ .table = require_identity_realm_table, .len = &require_identity_realm_table_len },
                         .dflt = "nai" },
 
        { FR_CONF_OFFSET_IS_SET("default_eap_type", FR_TYPE_VOID, 0, rlm_eap_t, default_method), .func = eap_type_parse },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("type", FR_TYPE_VOID, CONF_FLAG_MULTI | CONF_FLAG_NOT_EMPTY, rlm_eap_t, type_submodules), .func = submodule_parse },
 
        { FR_CONF_OFFSET("ignore_unknown_eap_types", rlm_eap_t, ignore_unknown_types), .dflt = "no" },
 
        { FR_CONF_DEPRECATED("timer_expire", rlm_eap_t, timer_limit), .dflt = "60" },
        { FR_CONF_DEPRECATED("cisco_accounting_username_bug", rlm_eap_t,
                             cisco_accounting_username_bug), .dflt = "no" },
        { FR_CONF_DEPRECATED("max_sessions", rlm_eap_t, max_sessions), .dflt = "2048" },
        CONF_PARSER_TERMINATOR
}

Definition at line 63 of file rlm_eap.c.

require_identity_realm_table

fr_table_num_sorted_t const require_identity_realm_table[]

static

Initial value:

= {
        { L("nai"),     REQUIRE_REALM_NAI       },
        { L("no"),      REQUIRE_REALM_NO        },
        { L("yes"),     REQUIRE_REALM_YES       }
}

Definition at line 56 of file rlm_eap.c.

require_identity_realm_table_len

size_t require_identity_realm_table_len = NUM_ELEMENTS(require_identity_realm_table)

static

Definition at line 61 of file rlm_eap.c.

rlm_eap

module_rlm_t rlm_eap

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .name           = "eap",
                .inst_size      = sizeof(rlm_eap_t),
                .config         = module_config,
                .onload         = mod_load,
                .unload         = mod_unload,
                .instantiate    = mod_instantiate,
        },
        .method_group = {
                .bindings = (module_method_binding_t[]){
                        { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate },
                        { .section = SECTION_NAME("recv", "Access-Request"), .method = mod_authorize },
                        { .section = SECTION_NAME("send", CF_IDENT_ANY), .method = mod_post_auth },
                        MODULE_BINDING_TERMINATOR
                }
        }
}

Definition at line 1203 of file rlm_eap.c.

rlm_eap_dict

fr_dict_autoload_t rlm_eap_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        { .out = &dict_radius, .proto = "radius" },
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 86 of file rlm_eap.c.

rlm_eap_dict_attr

fr_dict_attr_autoload_t rlm_eap_dict_attr

Initial value:

= {
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_eap_type, .name = "EAP-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_eap_identity, .name = "EAP-Identity", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_stripped_user_domain, .name = "Stripped-User-Domain", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_module_failure_message, .name = "Module-Failure-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
 
        { .out = &attr_eap_message, .name = "EAP-Message", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_message_authenticator, .name = "Message-Authenticator", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
 
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 105 of file rlm_eap.c.