rlm__eap__md5_8c_source.html

 /*

  * rlm_eap_md5.c    Handles that are called from eap

  *

  * Version:     $Id: 8aff65ee19d9605cdc242fc709bdf934bfb61dc9 $

  *

  *   This program is free software; you can redistribute it and/or modify

  *   it under the terms of the GNU General Public License as published by

  *   the Free Software Foundation; either version 2 of the License, or

  *   (at your option) any later version.

  *

  *   This program is distributed in the hope that it will be useful,

  *   but WITHOUT ANY WARRANTY; without even the implied warranty of

  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  *   GNU General Public License for more details.

  *

  *   You should have received a copy of the GNU General Public License

  *   along with this program; if not, write to the Free Software

  *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA

  *

  * @copyright 2000,2001,2006 The FreeRADIUS server project

  * @copyright 2001 hereUare Communications, Inc. (raghud@hereuare.com)

  */


 RCSID("$Id: 8aff65ee19d9605cdc242fc709bdf934bfb61dc9 $")


 #include <freeradius-devel/server/password.h>

 #include <freeradius-devel/util/debug.h>

 #include <freeradius-devel/util/md5.h>

 #include <freeradius-devel/util/rand.h>


 #include "eap_md5.h"


 static fr_dict_t const *dict_freeradius;


 extern fr_dict_autoload_t rlm_eap_md5_dict[];

 fr_dict_autoload_t rlm_eap_md5_dict[] = {

         { .out = &dict_freeradius, .proto = "freeradius" },

         { NULL }

 };


 static fr_dict_attr_t const *attr_cleartext_password;


 extern fr_dict_attr_autoload_t rlm_eap_md5_dict_attr[];

 fr_dict_attr_autoload_t rlm_eap_md5_dict_attr[] = {

         { .out = &attr_cleartext_password, .name = "Password.Cleartext", .type = FR_TYPE_STRING, .dict = &dict_freeradius },

         { NULL }

 };


 /*

  *      Authenticate a previously sent challenge.

  */

 static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)

 {

         eap_session_t           *eap_session = eap_session_get(request->parent);

         MD5_PACKET              *packet;

         MD5_PACKET              *reply;

         fr_pair_t               *known_good;

         fr_dict_attr_t  const   *allowed_passwords[] = { attr_cleartext_password };

         bool                    ephemeral;


         /*

          *      Get the Password.Cleartext for this user.

          */

         fr_assert(eap_session->request != NULL);


         known_good = password_find(&ephemeral, request, request->parent,

                                    allowed_passwords, NUM_ELEMENTS(allowed_passwords),

                                    false);

         if (!known_good) {

                 REDEBUG("No \"known good\" password found for user");

                 RETURN_MODULE_FAIL;

         }


         /*

          *      Extract the EAP-MD5 packet.

          */

         packet = eap_md5_extract(request, eap_session->this_round);

         if (!packet) {

                 if (ephemeral) TALLOC_FREE(known_good);

                 RETURN_MODULE_INVALID;

         }


         /*

          *      Create a reply, and initialize it.

          */

         MEM(reply = talloc(packet, MD5_PACKET));

         reply->id = eap_session->this_round->request->id;

         reply->length = 0;


         /*

          *      Verify the received packet against the previous packet

          *      (i.e. challenge) which we sent out.

          */

         if (eap_md5_verify(request, packet, known_good, eap_session->opaque)) {

                 reply->code = FR_MD5_SUCCESS;

         } else {

                 reply->code = FR_MD5_FAILURE;

         }


         /*

          *      Compose the EAP-MD5 packet out of the data structure,

          *      and free it.

          */

         eap_md5_compose(eap_session->this_round, reply);

         talloc_free(packet);


         if (ephemeral) TALLOC_FREE(known_good);


         RETURN_MODULE_OK;

 }


 /*

  *      Initiate the EAP-MD5 session by sending a challenge to the peer.

  */

 static unlang_action_t mod_session_init(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)

 {

         eap_session_t   *eap_session = eap_session_get(request->parent);

         MD5_PACKET      *reply;

         int             i;


         fr_assert(eap_session != NULL);


         /*

          *      Allocate an EAP-MD5 packet.

          */

         MEM(reply = talloc(eap_session, MD5_PACKET));


         /*

          *      Fill it with data.

          */

         reply->code = FR_MD5_CHALLENGE;

         reply->length = 1 + MD5_CHALLENGE_LEN; /* one byte of value size */

         reply->value_size = MD5_CHALLENGE_LEN;


         /*

          *      Allocate user data.

          */

         MEM(reply->value = talloc_array(reply, uint8_t, reply->value_size));

         /*

          *      Get a random challenge.

          */

         for (i = 0; i < reply->value_size; i++) reply->value[i] = fr_rand();

         RDEBUG2("Issuing MD5 Challenge");


         /*

          *      Keep track of the challenge.

          */

         MEM(eap_session->opaque = talloc_array(eap_session, uint8_t, reply->value_size));

         memcpy(eap_session->opaque, reply->value, reply->value_size);


         /*

          *      Compose the EAP-MD5 packet out of the data structure,

          *      and free it.

          */

         eap_md5_compose(eap_session->this_round, reply);


         /*

          *      We don't need to authorize the user at this point.

          *

          *      We also don't need to keep the challenge, as it's

          *      stored in 'eap_session->this_round', which will be given back

          *      to us...

          */

         eap_session->process = mod_process;


         RETURN_MODULE_HANDLED;

 }


 /*

  *      The module name should be the only globally exported symbol.

  *      That is, everything else should be 'static'.

  */

 extern rlm_eap_submodule_t rlm_eap_md5;

 rlm_eap_submodule_t rlm_eap_md5 = {

         .common = {

                 .magic          = MODULE_MAGIC_INIT,

                 .name           = "eap_md5"

         },

         .provides       = { FR_EAP_METHOD_MD5 },

         .session_init   = mod_session_init,     /* Initialise a new EAP session */

 };

unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35

RCSID
#define RCSID(id)
Definition: build.h:444

UNUSED
#define UNUSED
Definition: build.h:313

NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition: build.h:335

eap_packet_t::id
uint8_t id
Definition: compose.h:37

eap_round_t::request
eap_packet_t * request
Packet we will send to the peer.
Definition: compose.h:50

fr_dict_attr_autoload_t::out
fr_dict_attr_t const  ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition: dict.h:250

fr_dict_autoload_t::out
fr_dict_t const  ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition: dict.h:263

fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition: dict.h:249

fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition: dict.h:262

MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:65

FR_EAP_METHOD_MD5
@ FR_EAP_METHOD_MD5
Definition: types.h:49

eap_md5_extract
MD5_PACKET * eap_md5_extract(request_t *request, eap_round_t *eap_round)
Definition: eap_md5.c:49

eap_md5_verify
int eap_md5_verify(request_t *request, MD5_PACKET *packet, fr_pair_t *password, uint8_t *challenge)
Definition: eap_md5.c:129

eap_md5_compose
int eap_md5_compose(eap_round_t *eap_round, MD5_PACKET *reply)
Definition: eap_md5.c:179

eap_md5.h

FR_MD5_FAILURE
#define FR_MD5_FAILURE
Definition: eap_md5.h:9

MD5_PACKET::id
unsigned char id
Definition: eap_md5.h:38

MD5_CHALLENGE_LEN
#define MD5_CHALLENGE_LEN
Definition: eap_md5.h:13

MD5_PACKET::length
unsigned short length
Definition: eap_md5.h:39

MD5_PACKET::code
unsigned char code
Definition: eap_md5.h:37

MD5_PACKET::value
unsigned char * value
Definition: eap_md5.h:41

MD5_PACKET::value_size
unsigned char value_size
Definition: eap_md5.h:40

FR_MD5_SUCCESS
#define FR_MD5_SUCCESS
Definition: eap_md5.h:8

FR_MD5_CHALLENGE
#define FR_MD5_CHALLENGE
Definition: eap_md5.h:6

MD5_PACKET
Definition: eap_md5.h:36

eap_session_s::opaque
void * opaque
Opaque data used by EAP methods.
Definition: session.h:62

eap_session_s::process
module_method_t process
Callback that should be used to process the next round.
Definition: session.h:64

eap_session_s::request
request_t * request
Current request.
Definition: session.h:51

eap_session_s::this_round
eap_round_t * this_round
The EAP response we're processing, and the EAP request we're building.
Definition: session.h:59

eap_session_get
static eap_session_t * eap_session_get(request_t *request)
Definition: session.h:82

eap_session_s
Tracks the progress of a single session of any EAP method.
Definition: session.h:40

talloc_free
talloc_free(reap)

FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition: merged_model.c:83

uint8_t
unsigned char uint8_t
Definition: merged_model.c:30

fr_dict_attr_t
Definition: merged_model.c:133

fr_dict_t
Definition: merged_model.c:198

request_t
Definition: merged_model.c:210

module_ctx_t
Temporary structure to hold arguments for module calls.
Definition: module_ctx.h:41

password_find
fr_pair_t * password_find(bool *ephemeral, TALLOC_CTX *ctx, request_t *request, fr_dict_attr_t const *allowed_attrs[], size_t allowed_attrs_len, bool normify)
Find a "known good" password in the control list of a request.
Definition: password.c:963

REDEBUG
#define REDEBUG(fmt,...)
Definition: radclient.h:52

RDEBUG2
#define RDEBUG2(fmt,...)
Definition: radclient.h:54

fr_rand
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition: rand.c:106

RETURN_MODULE_HANDLED
#define RETURN_MODULE_HANDLED
Definition: rcode.h:58

RETURN_MODULE_INVALID
#define RETURN_MODULE_INVALID
Definition: rcode.h:59

RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition: rcode.h:57

rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40

rlm_eap_md5_dict
fr_dict_autoload_t rlm_eap_md5_dict[]
Definition: rlm_eap_md5.c:36

dict_freeradius
static fr_dict_t const  * dict_freeradius
Definition: rlm_eap_md5.c:33

mod_session_init
static unlang_action_t mod_session_init(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
Definition: rlm_eap_md5.c:115

rlm_eap_md5
rlm_eap_submodule_t rlm_eap_md5
Definition: rlm_eap_md5.c:174

attr_cleartext_password
static fr_dict_attr_t const  * attr_cleartext_password
Definition: rlm_eap_md5.c:41

rlm_eap_md5_dict_attr
fr_dict_attr_autoload_t rlm_eap_md5_dict_attr[]
Definition: rlm_eap_md5.c:44

mod_process
static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
Definition: rlm_eap_md5.c:52

RETURN_MODULE_FAIL
RETURN_MODULE_FAIL
Definition: state_machine.c:1220

fr_assert
fr_assert(0)

MEM
MEM(pair_append_request(&vp, attr_eap_aka_sim_identity) >=0)

value_pair_s
Stores an attribute, a value and various bits of other data.
Definition: pair.h:68

rlm_eap_submodule_t::common
module_t common
Common fields provided by all modules.
Definition: submodule.h:50

rlm_eap_submodule_t
Interface exported by EAP submodules.
Definition: submodule.h:49