rlm__eap__gtc_8c_source.html

/*

 *   This program is free software; you can redistribute it and/or modify

 *   it under the terms of the GNU General Public License as published by

 *   the Free Software Foundation; either version 2 of the License, or (at

 *   your option) any later version.

 *

 *   This program is distributed in the hope that it will be useful,

 *   but WITHOUT ANY WARRANTY; without even the implied warranty of

 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *   GNU General Public License for more details.

 *

 *   You should have received a copy of the GNU General Public License

 *   along with this program; if not, write to the Free Software

 *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA

 */


/**

 * $Id: ac51afa4f7bf1e3207400f372aa5009d3d2063cc $

 * @file rlm_eap_gtc.c

 * @brief EAP-GTC inner authentication method.

 *

 * @copyright 2000,2006 The FreeRADIUS server project

 */

RCSID("$Id: ac51afa4f7bf1e3207400f372aa5009d3d2063cc $")


#include <freeradius-devel/eap/base.h>

#include <freeradius-devel/util/debug.h>

#include <freeradius-devel/server/virtual_servers.h>

#include <freeradius-devel/server/pair.h>

#include <freeradius-devel/unlang/call.h>

#include <freeradius-devel/unlang/interpret.h>


static int auth_type_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent,

                           CONF_ITEM *ci, UNUSED conf_parser_t const *rule);


/*

 *      EAP-GTC is just ASCII data carried inside of the EAP session.

 *      The length of the data is indicated by the encapsulating EAP

 *      protocol.

 */


typedef struct {

        char const              *challenge;

        fr_dict_enum_value_t const      *auth_type;

} rlm_eap_gtc_t;


static conf_parser_t submodule_config[] = {

        { FR_CONF_OFFSET("challenge", rlm_eap_gtc_t, challenge), .dflt = "Password: " },

        { FR_CONF_OFFSET_TYPE_FLAGS("auth_type", FR_TYPE_VOID, 0, rlm_eap_gtc_t, auth_type), .func = auth_type_parse,  .dflt = "pap" },

        CONF_PARSER_TERMINATOR

};


static fr_dict_t const *dict_freeradius;

static fr_dict_t const *dict_radius;


extern fr_dict_autoload_t rlm_eap_gtc_dict[];


fr_dict_autoload_t rlm_eap_gtc_dict[] = {

        { .out = &dict_freeradius, .proto = "freeradius" },

        { .out = &dict_radius, .proto = "radius" },

        { NULL }

};


static fr_dict_attr_t const *attr_auth_type;

static fr_dict_attr_t const *attr_user_password;


extern fr_dict_attr_autoload_t rlm_eap_gtc_dict_attr[];


fr_dict_attr_autoload_t rlm_eap_gtc_dict_attr[] = {

        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },

        { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius },

        { NULL }

};


static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);


/** Translate a string auth_type into an enumeration value

 *

 * @param[in] ctx       to allocate data.

 * @param[out] out      Where to write the auth_type we created or resolved.

 * @param[in] parent    Base structure address.

 * @param[in] ci        #CONF_PAIR specifying the name of the auth_type.

 * @param[in] rule      unused.

 * @return

 *      - 0 on success.

 *      - -1 on failure.

 */


static int auth_type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent,

                           CONF_ITEM *ci, UNUSED conf_parser_t const *rule)

{

        char const      *auth_type = cf_pair_value(cf_item_to_pair(ci));


        if (fr_dict_enum_add_name_next(fr_dict_attr_unconst(attr_auth_type), auth_type) < 0) {

                cf_log_err(ci, "Failed adding %s alias", attr_auth_type->name);

                return -1;

        }

        *((fr_dict_enum_value_t **)out) = fr_dict_enum_by_name(attr_auth_type, auth_type, -1);


        return 0;

}


/*

 *      Keep processing the Auth-Type until it doesn't return YIELD.

 */


static unlang_action_t gtc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx,  request_t *request)

{

        rlm_rcode_t     rcode;


        eap_session_t   *eap_session = mctx->rctx;

        eap_round_t     *eap_round = eap_session->this_round;


        rcode = unlang_interpret_stack_result(request);


        if (rcode != RLM_MODULE_OK) {

                eap_round->request->code = FR_EAP_CODE_FAILURE;

                RETURN_MODULE_RCODE(rcode);

        }


        eap_round->request->code = FR_EAP_CODE_SUCCESS;

        RETURN_MODULE_OK;

}


/*

 *      Authenticate a previously sent challenge.

 */


static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)

{

        rlm_eap_gtc_t const     *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_gtc_t);


        eap_session_t           *eap_session = eap_session_get(request->parent);

        eap_round_t             *eap_round = eap_session->this_round;


        fr_pair_t               *vp;

        CONF_SECTION            *unlang;


        /*

         *      Get the Password.Cleartext for this user.

         */


        /*

         *      Sanity check the response.  We need at least one byte

         *      of data.

         */

        if (eap_round->response->length <= 4) {

                REDEBUG("Corrupted data");

                eap_round->request->code = FR_EAP_CODE_FAILURE;

                RETURN_MODULE_INVALID;

        }


        /*

         *      EAP packets can be ~64k long maximum, and

         *      we don't like that.

         */

        if (eap_round->response->type.length > 128) {

                REDEBUG("Response is too large to understand");

                eap_round->request->code = FR_EAP_CODE_FAILURE;

                RETURN_MODULE_INVALID;

        }


        /*

         *      If there was a User-Password in the request,

         *      why the heck are they using EAP-GTC?

         */

        MEM(pair_update_request(&vp, attr_user_password) >= 0);

        fr_pair_value_bstrndup(vp, (char const *)eap_round->response->type.data, eap_round->response->type.length, true);

        vp->vp_tainted = true;


        unlang = cf_section_find(unlang_call_current(request), "authenticate", inst->auth_type->name);

        if (!unlang) unlang = cf_section_find(unlang_call_current(request->parent), "authenticate", inst->auth_type->name);

        if (!unlang) {

                RDEBUG2("authenticate %s { ... } sub-section not found.",

                        inst->auth_type->name);

                eap_round->request->code = FR_EAP_CODE_FAILURE;

                RETURN_MODULE_FAIL;

        }


        return unlang_module_yield_to_section(p_result, request, unlang, RLM_MODULE_FAIL, gtc_resume, NULL, 0, eap_session);

}


/*

 *      Initiate the EAP-GTC session by sending a challenge to the peer.

 */


static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)

{

        eap_session_t   *eap_session = eap_session_get(request->parent);

        char            challenge_str[1024];

        int             length;

        eap_round_t     *eap_round = eap_session->this_round;

        rlm_eap_gtc_t   *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_gtc_t);


        if (xlat_eval(challenge_str, sizeof(challenge_str), request, inst->challenge, NULL, NULL) < 0) {

                RETURN_MODULE_FAIL;

        }


        length = strlen(challenge_str);


        /*

         *      We're sending a request...

         */

        eap_round->request->code = FR_EAP_CODE_REQUEST;


        eap_round->request->type.data = talloc_array(eap_round->request, uint8_t, length);

        if (!eap_round->request->type.data) RETURN_MODULE_FAIL;


        memcpy(eap_round->request->type.data, challenge_str, length);

        eap_round->request->type.length = length;


        /*

         *      We don't need to authorize the user at this point.

         *

         *      We also don't need to keep the challenge, as it's

         *      stored in 'eap_session->this_round', which will be given back

         *      to us...

         */

        eap_session->process = mod_process;


        RETURN_MODULE_HANDLED;

}


/*

 *      The module name should be the only globally exported symbol.

 *      That is, everything else should be 'static'.

 */

extern rlm_eap_submodule_t rlm_eap_gtc;


rlm_eap_submodule_t rlm_eap_gtc = {

        .common = {

                .magic          = MODULE_MAGIC_INIT,

                .name           = "eap_gtc",

                .inst_size      = sizeof(rlm_eap_gtc_t),

                .config         = submodule_config,

        },

        .provides       = { FR_EAP_METHOD_GTC },

        .session_init   = mod_session_init,     /* Initialise a new EAP session */

        .clone_parent_lists = true              /* HACK */

};


unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35

RCSID
#define RCSID(id)
Definition build.h:483

UNUSED
#define UNUSED
Definition build.h:315

unlang_call_current
CONF_SECTION * unlang_call_current(request_t *request)
Return the last virtual server that was called.
Definition call.c:225

CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:658

conf_parser_s::func
cf_parse_t func
Override default parsing behaviour for the specified type with a custom parsing function.
Definition cf_parse.h:612

FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:284

FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:241

conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:595

cf_item
Common header for all CONF_* types.
Definition cf_priv.h:49

cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101

cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1028

cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:664

cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1594

cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:289

eap_packet_t::type
eap_type_data_t type
Definition compose.h:39

eap_packet_t::length
size_t length
Definition compose.h:38

eap_round_t::response
eap_packet_t * response
Packet we received from the peer.
Definition compose.h:49

eap_packet_t::code
eap_code_t code
Definition compose.h:36

eap_round_t::request
eap_packet_t * request
Packet we will send to the peer.
Definition compose.h:50

eap_round_t
Contains a pair of request and response packets.
Definition compose.h:48

MEM
#define MEM(x)
Definition debug.h:36

fr_dict_attr_unconst
fr_dict_attr_t * fr_dict_attr_unconst(fr_dict_attr_t const *da)
Coerce to non-const.
Definition dict_util.c:4601

fr_dict_attr_autoload_t::out
fr_dict_attr_t const  ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:268

fr_dict_autoload_t::out
fr_dict_t const  ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:281

fr_dict_enum_by_name
fr_dict_enum_value_t * fr_dict_enum_by_name(fr_dict_attr_t const *da, char const *name, ssize_t len)
Definition dict_util.c:3399

fr_dict_enum_add_name_next
int fr_dict_enum_add_name_next(fr_dict_attr_t *da, char const *name)
Add an name to an integer attribute hashing the name for the integer value.
Definition dict_util.c:1957

fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:267

fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:280

fr_dict_enum_value_t
Value of an enumerated attribute.
Definition dict.h:227

MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63

FR_EAP_CODE_FAILURE
@ FR_EAP_CODE_FAILURE
Definition types.h:40

FR_EAP_CODE_REQUEST
@ FR_EAP_CODE_REQUEST
Definition types.h:37

FR_EAP_CODE_SUCCESS
@ FR_EAP_CODE_SUCCESS
Definition types.h:39

eap_type_data_t::length
size_t length
Definition types.h:111

eap_type_data_t::data
uint8_t * data
Definition types.h:112

FR_EAP_METHOD_GTC
@ FR_EAP_METHOD_GTC
Definition types.h:51

unlang_interpret_stack_result
rlm_rcode_t unlang_interpret_stack_result(request_t *request)
Get the current rcode for the frame.
Definition interpret.c:1294

eap_session_get
static eap_session_t * eap_session_get(request_t *request)
Definition session.h:82

eap_session_s::process
module_method_t process
Callback that should be used to process the next round.
Definition session.h:64

eap_session_s::this_round
eap_round_t * this_round
The EAP response we're processing, and the EAP request we're building.
Definition session.h:59

eap_session_s
Tracks the progress of a single session of any EAP method.
Definition session.h:40

FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83

FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99

FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127

xlat_eval
ssize_t xlat_eval(char *out, size_t outlen, request_t *request, char const *fmt, xlat_escape_legacy_t escape, void const *escape_ctx)
Definition merged_model.c:215

uint8_t
unsigned char uint8_t
Definition merged_model.c:30

fr_dict_attr_t
Definition merged_model.c:133

fr_dict_t
Definition merged_model.c:198

request_t
Definition merged_model.c:210

module_ctx_t::mi
module_instance_t const  * mi
Instance of the module being instantiated.
Definition module_ctx.h:42

module_ctx_t::rctx
void * rctx
Resume ctx that a module previously set.
Definition module_ctx.h:45

module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41

fr_pair_value_bstrndup
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
Definition pair.c:2784

config
static const conf_parser_t config[]
Definition base.c:183

pair_update_request
#define pair_update_request(_attr, _da)
Definition radclient-ng.c:60

REDEBUG
#define REDEBUG(fmt,...)
Definition radclient.h:52

RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient.h:54

RETURN_MODULE_RCODE
#define RETURN_MODULE_RCODE(_rcode)
Definition rcode.h:64

RETURN_MODULE_HANDLED
#define RETURN_MODULE_HANDLED
Definition rcode.h:58

RETURN_MODULE_INVALID
#define RETURN_MODULE_INVALID
Definition rcode.h:59

RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition rcode.h:57

RETURN_MODULE_FAIL
#define RETURN_MODULE_FAIL
Definition rcode.h:56

rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40

RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43

RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42

attr_user_password
static fr_dict_attr_t const  * attr_user_password
Definition rlm_eap_gtc.c:63

mod_process
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_eap_gtc.c:123

dict_freeradius
static fr_dict_t const  * dict_freeradius
Definition rlm_eap_gtc.c:52

auth_type_parse
static int auth_type_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)

dict_radius
static fr_dict_t const  * dict_radius
Definition rlm_eap_gtc.c:53

rlm_eap_gtc
rlm_eap_submodule_t rlm_eap_gtc
Definition rlm_eap_gtc.c:223

attr_auth_type
static fr_dict_attr_t const  * attr_auth_type
Definition rlm_eap_gtc.c:62

rlm_eap_gtc_t::challenge
char const  * challenge
Definition rlm_eap_gtc.c:42

rlm_eap_gtc_dict_attr
fr_dict_attr_autoload_t rlm_eap_gtc_dict_attr[]
Definition rlm_eap_gtc.c:66

gtc_resume
static unlang_action_t gtc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_eap_gtc.c:102

rlm_eap_gtc_t::auth_type
fr_dict_enum_value_t const  * auth_type
Definition rlm_eap_gtc.c:43

rlm_eap_gtc_dict
fr_dict_autoload_t rlm_eap_gtc_dict[]
Definition rlm_eap_gtc.c:56

submodule_config
static conf_parser_t submodule_config[]
Definition rlm_eap_gtc.c:46

mod_session_init
static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_eap_gtc.c:181

rlm_eap_gtc_t
Definition rlm_eap_gtc.c:41

module_s::inst_size
size_t inst_size
Size of the module's instance data.
Definition module.h:203

module_instance_s::data
void * data
Module's instance data.
Definition module.h:271

unlang_module_yield_to_section
unlang_action_t unlang_module_yield_to_section(rlm_rcode_t *p_result, request_t *request, CONF_SECTION *subcs, rlm_rcode_t default_rcode, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Definition module.c:248

inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620

vp
fr_pair_t * vp
Definition state_machine.c:2262

value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68

rlm_eap_submodule_t::common
module_t common
Common fields provided by all modules.
Definition submodule.h:50

rlm_eap_submodule_t
Interface exported by EAP submodules.
Definition submodule.h:49

parent
static fr_slen_t parent
Definition pair.h:851

out
static size_t char ** out
Definition value.h:997