Implements the EAP framework. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/server/dl_module.h>
#include <freeradius-devel/protocol/freeradius/freeradius.internal.h>
#include <freeradius-devel/unlang/interpret.h>
#include <freeradius-devel/unlang/module.h>
#include "rlm_eap.h"

Include dependency graph for rlm_eap.c:

Go to the source code of this file.

Data Structures
struct	eap_auth_rctx_t
	Resume context for calling a submodule. More...

Macros
#define	LOG_PREFIX mctx->mi->name

Functions
static ssize_t	eap_identity_is_nai_with_realm (char const *identity)
	Basic tests to determine if an identity is a valid NAI. More...

static unlang_action_t	eap_method_select (rlm_rcode_t p_result, module_ctx_t const mctx, eap_session_t *eap_session)
	Select the correct callback based on a response. More...

static eap_type_t	eap_process_nak (module_ctx_t const mctx, request_t request, eap_type_t last_type, eap_type_data_t *nak)
	Process NAK data from EAP peer. More...

static int	eap_type_parse (UNUSED TALLOC_CTX ctx, void out, UNUSED void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)
	Convert EAP type strings to eap_type_t values. More...

static unlang_action_t	mod_authenticate (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)

static void	mod_authenticate_cancel (module_ctx_t const mctx, request_t request, UNUSED fr_signal_t action)
	Cancel a call to a submodule. More...

static unlang_action_t	mod_authenticate_result (rlm_rcode_t p_result, UNUSED module_ctx_t const mctx, request_t request, eap_session_t eap_session, rlm_rcode_t result)
	Process the result of calling a submodule. More...

static unlang_action_t	mod_authenticate_result_async (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)
	Call mod_authenticate_result asynchronously from the unlang interpreter. More...

static unlang_action_t	mod_authorize (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)

static int	mod_instantiate (module_inst_ctx_t const *mctx)

static int	mod_load (void)

static unlang_action_t	mod_post_auth (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)

static void	mod_unload (void)

static int	submodule_parse (TALLOC_CTX ctx, void out, UNUSED void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)

static int	submodule_parse (TALLOC_CTX ctx, void out, void parent, CONF_ITEM ci, conf_parser_t const *rule)
	Loads submodules based on type = foo pairs. More...

Variables
static fr_dict_attr_t const *	attr_auth_type

static fr_dict_attr_t const *	attr_eap_identity

static fr_dict_attr_t const *	attr_eap_message

static fr_dict_attr_t const *	attr_eap_type

static fr_dict_attr_t const *	attr_message_authenticator

static fr_dict_attr_t const *	attr_state

static fr_dict_attr_t const *	attr_stripped_user_domain

static fr_dict_attr_t const *	attr_user_name

static fr_dict_t const *	dict_freeradius

static fr_dict_t const *	dict_radius

static const conf_parser_t	module_config []

static fr_table_num_sorted_t const	require_identity_realm_table []

static size_t	require_identity_realm_table_len = NUM_ELEMENTS(require_identity_realm_table)

module_rlm_t	rlm_eap

fr_dict_autoload_t	rlm_eap_dict []

fr_dict_attr_autoload_t	rlm_eap_dict_attr []

Detailed Description

Implements the EAP framework.

Id: bad43ddfa90e68ffb181637404a768fd50ac2412

Copyright: 2000-2003,2006 The FreeRADIUS server project; 2001 hereUare Communications, Inc. (raghu.nosp@m.d@he.nosp@m.reuar.nosp@m.e.co.nosp@m.m); 2003 Alan DeKok (aland.nosp@m.@fre.nosp@m.eradi.nosp@m.us.o.nosp@m.rg)

Definition in file rlm_eap.c.

Data Structure Documentation

◆ eap_auth_rctx_t

struct eap_auth_rctx_t

Resume context for calling a submodule.

Definition at line 44 of file rlm_eap.c.

Collaboration diagram for eap_auth_rctx_t:

Data Fields
char const *	caller	Original caller.
eap_session_t *	eap_session	The eap_session we're continuing.
rlm_eap_t *	inst	Instance of the rlm_eap module.
rlm_rcode_t	rcode	The result of the submodule.

Macro Definition Documentation

◆ LOG_PREFIX

#define LOG_PREFIX mctx->mi->name

Definition at line 28 of file rlm_eap.c.

Function Documentation

◆ eap_identity_is_nai_with_realm()

static ssize_t eap_identity_is_nai_with_realm ( char const * identity )

static

Basic tests to determine if an identity is a valid NAI.

In this version we mostly just care about realm.

Parameters

[in] identity to check.

Returns

The length of the string on success.
<= 0 a negative offset specifying where the format error occurred.

Definition at line 521 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ eap_method_select()

static unlang_action_t eap_method_select	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		eap_session_t *	eap_session
	)

static

Select the correct callback based on a response.

Based on the EAP response from the supplicant, and setup a call on the unlang stack to the appropriate submodule.

Default to the configured EAP-Type for all Unsupported EAP-Types.

Parameters

[out]	p_result	the result of the operation.
[in]	mctx	module calling ctx.
[in]	eap_session	State data that persists over multiple rounds of EAP.

Returns

UNLANG_ACTION_CALCULATE_RESULT + *p_result = RLM_MODULE_INVALID. Invalid request.
UNLANG_ACTION_PUSHED_CHILD Yield control back to the interpreter so it can call the submodule.

Definition at line 573 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ eap_process_nak()

static eap_type_t eap_process_nak	(	module_ctx_t const *	mctx,
		request_t *	request,
		eap_type_t	last_type,
		eap_type_data_t *	nak
	)

static

Process NAK data from EAP peer.

Definition at line 230 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ eap_type_parse()

static int eap_type_parse	(	UNUSED TALLOC_CTX *	ctx,
		void *	out,
		UNUSED void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

Convert EAP type strings to eap_type_t values.

Parameters

[in]	ctx	unused.
[out]	out	Where to write the eap_type_t value we found.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the EAP method.
[in]	rule	unused.

Returns

0 on success.
-1 on failure.

Definition at line 207 of file rlm_eap.c.

Here is the call graph for this function:

◆ mod_authenticate()

static unlang_action_t mod_authenticate	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 856 of file rlm_eap.c.

Here is the call graph for this function:

◆ mod_authenticate_cancel()

static void mod_authenticate_cancel	(	module_ctx_t const *	mctx,
		request_t *	request,
		UNUSED fr_signal_t	action
	)

static

Cancel a call to a submodule.

Parameters

[in]	mctx	module calling ctx.
[in]	request	The current request.
[in]	action	to perform.

Definition at line 389 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mod_authenticate_result()

static unlang_action_t mod_authenticate_result	(	rlm_rcode_t *	p_result,
		UNUSED module_ctx_t const *	mctx,
		request_t *	request,
		eap_session_t *	eap_session,
		rlm_rcode_t	result
	)

static

Process the result of calling a submodule.

Parameters

[out]	p_result	Result of calling the module, one of: RLM_MODULE_INVALID if the request or EAP session state is invalid. RLM_MODULE_OK if this round succeeded. RLM_MODULE_HANDLED if we're done with this round. RLM_MODULE_REJECT if the user should be rejected.
[in]	request	The current request.
[in]	mctx	module calling ctx.
[in]	eap_session	the EAP session
[in]	result	the input result from the submodule

Definition at line 419 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mod_authenticate_result_async()

static unlang_action_t mod_authenticate_result_async	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Call mod_authenticate_result asynchronously from the unlang interpreter.

Parameters

[out]	p_result	The result of the operation.
[in]	mctx	module calling ctx.
[in]	request	the current request.

Returns: The result of this round of authentication.

Definition at line 504 of file rlm_eap.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mod_authorize()

static unlang_action_t mod_authorize	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 921 of file rlm_eap.c.

Here is the call graph for this function:

◆ mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const * mctx )

static

Definition at line 1044 of file rlm_eap.c.

Here is the call graph for this function:

◆ mod_load()

static int mod_load ( void )

static

Definition at line 1162 of file rlm_eap.c.

Here is the call graph for this function:

◆ mod_post_auth()

static unlang_action_t mod_post_auth	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 960 of file rlm_eap.c.

Here is the call graph for this function:

◆ mod_unload()

static void mod_unload ( void )

static

Definition at line 1171 of file rlm_eap.c.

Here is the call graph for this function:

◆ submodule_parse() [1/2]

static int submodule_parse	(	TALLOC_CTX *	ctx,
		void *	out,
		UNUSED void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

◆ submodule_parse() [2/2]

static int submodule_parse	(	TALLOC_CTX *	ctx,
		void *	out,
		void *	parent,
		CONF_ITEM *	ci,
		conf_parser_t const *	rule
	)

static

Loads submodules based on type = foo pairs.

Parameters

[in]	ctx	to allocate data in (instance of rlm_eap_t).
[out]	out	Where to write child conf section to.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the type module.
[in]	rule	unused.

Returns

0 on success.
-1 on failure.

Definition at line 132 of file rlm_eap.c.

Here is the call graph for this function:

Variable Documentation

◆ attr_auth_type

fr_dict_attr_t const* attr_auth_type

static

Definition at line 92 of file rlm_eap.c.

◆ attr_eap_identity

fr_dict_attr_t const* attr_eap_identity

static

Definition at line 94 of file rlm_eap.c.

◆ attr_eap_message

fr_dict_attr_t const* attr_eap_message

static

Definition at line 97 of file rlm_eap.c.

◆ attr_eap_type

fr_dict_attr_t const* attr_eap_type

static

Definition at line 93 of file rlm_eap.c.

◆ attr_message_authenticator

fr_dict_attr_t const* attr_message_authenticator

static

Definition at line 98 of file rlm_eap.c.

◆ attr_state

fr_dict_attr_t const* attr_state

static

Definition at line 99 of file rlm_eap.c.

◆ attr_stripped_user_domain

fr_dict_attr_t const* attr_stripped_user_domain

static

Definition at line 95 of file rlm_eap.c.

◆ attr_user_name

fr_dict_attr_t const* attr_user_name

static

Definition at line 100 of file rlm_eap.c.

◆ dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 82 of file rlm_eap.c.

◆ dict_radius

fr_dict_t const* dict_radius

static

Definition at line 83 of file rlm_eap.c.

◆ module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("require_identity_realm", rlm_eap_t, require_realm),
                         .func = cf_table_parse_int,
                         .uctx = &(cf_table_parse_ctx_t){ .table = require_identity_realm_table, .len = &require_identity_realm_table_len },
                         .dflt = "nai" },
 
        { FR_CONF_OFFSET_IS_SET("default_eap_type", FR_TYPE_VOID, 0, rlm_eap_t, default_method), .func = eap_type_parse },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("type", FR_TYPE_VOID, CONF_FLAG_MULTI | CONF_FLAG_NOT_EMPTY, rlm_eap_t, type_submodules), .func = submodule_parse },
 
        { FR_CONF_OFFSET("ignore_unknown_eap_types", rlm_eap_t, ignore_unknown_types), .dflt = "no" },
 
        { FR_CONF_DEPRECATED("timer_expire", rlm_eap_t, timer_limit), .dflt = "60" },
        { FR_CONF_DEPRECATED("cisco_accounting_username_bug", rlm_eap_t,
                             cisco_accounting_username_bug), .dflt = "no" },
        { FR_CONF_DEPRECATED("max_sessions", rlm_eap_t, max_sessions), .dflt = "2048" },
        CONF_PARSER_TERMINATOR
}

Definition at line 63 of file rlm_eap.c.

◆ require_identity_realm_table

fr_table_num_sorted_t const require_identity_realm_table[]

static

Initial value:

= {
        { L("nai"),     REQUIRE_REALM_NAI       },
        { L("no"),      REQUIRE_REALM_NO        },
        { L("yes"),     REQUIRE_REALM_YES       }
}

Definition at line 56 of file rlm_eap.c.

◆ require_identity_realm_table_len

size_t require_identity_realm_table_len = NUM_ELEMENTS(require_identity_realm_table)

static

Definition at line 61 of file rlm_eap.c.

◆ rlm_eap

module_rlm_t rlm_eap

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .name           = "eap",
                .inst_size      = sizeof(rlm_eap_t),
                .config         = module_config,
                .onload         = mod_load,
                .unload         = mod_unload,
                .instantiate    = mod_instantiate,
        },
        .method_group = {
                .bindings = (module_method_binding_t[]){
                        { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate },
                        { .section = SECTION_NAME("recv", "Access-Request"), .method = mod_authorize },
                        { .section = SECTION_NAME("send", CF_IDENT_ANY), .method = mod_post_auth },
                        MODULE_BINDING_TERMINATOR
                }
        }
}

Definition at line 1180 of file rlm_eap.c.

◆ rlm_eap_dict

fr_dict_autoload_t rlm_eap_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        { .out = &dict_radius, .proto = "radius" },
        { NULL }
}

Definition at line 86 of file rlm_eap.c.

◆ rlm_eap_dict_attr

fr_dict_attr_autoload_t rlm_eap_dict_attr

Initial value:

= {
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_eap_type, .name = "EAP-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_eap_identity, .name = "EAP-Identity", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_stripped_user_domain, .name = "Stripped-User-Domain", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
 
        { .out = &attr_eap_message, .name = "EAP-Message", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_message_authenticator, .name = "Message-Authenticator", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
 
        { NULL }
}

Definition at line 104 of file rlm_eap.c.

Data Structures

Macros

Functions

Variables

Detailed Description

Data Structure Documentation

◆ eap_auth_rctx_t

Macro Definition Documentation

◆ LOG_PREFIX

Function Documentation

◆ eap_identity_is_nai_with_realm()

◆ eap_method_select()

◆ eap_process_nak()

◆ eap_type_parse()

◆ mod_authenticate()

◆ mod_authenticate_cancel()

◆ mod_authenticate_result()

◆ mod_authenticate_result_async()

◆ mod_authorize()

◆ mod_instantiate()

◆ mod_load()

◆ mod_post_auth()

◆ mod_unload()

◆ submodule_parse() [1/2]

◆ submodule_parse() [2/2]

Variable Documentation

◆ attr_auth_type

◆ attr_eap_identity

◆ attr_eap_message

◆ attr_eap_type

◆ attr_message_authenticator

◆ attr_state

◆ attr_stripped_user_domain

◆ attr_user_name

◆ dict_freeradius

◆ dict_radius

◆ module_config

◆ require_identity_realm_table

◆ require_identity_realm_table_len

◆ rlm_eap

◆ rlm_eap_dict

◆ rlm_eap_dict_attr