rlm__securid_8h_source.html

#pragma once

#include <freeradius-devel/server/base.h>

#include <freeradius-devel/server/module_rlm.h>

#include <freeradius-devel/util/debug.h>


#include "acexport.h"


#define SAFE_STR(s) s==NULL?"EMPTY":s


typedef enum {

        INITIAL_STATE = 0,

        NEXT_CODE_REQUIRED_STATE = 100,

        NEW_PIN_REQUIRED_STATE = 200,

        NEW_PIN_USER_CONFIRM_STATE = 201,

        NEW_PIN_AUTH_VALIDATE_STATE = 202,

        NEW_PIN_SYSTEM_ACCEPT_STATE = 203,

        NEW_PIN_SYSTEM_CONFIRM_STATE = 204,

        NEW_PIN_USER_SELECT_STATE = 205,

} SECURID_SESSION_STATE;


/*

 * SECURID_SESSION is used to identify existing securID sessions

 * to continue Next-Token code and New-Pin conversations with a client

 *

 * next = pointer to next

 * state = state attribute from the reply we sent

 * state_len = length of data in the state attribute.

 * src_ipaddr = client which sent us the RADIUS request containing

 *            this SecurID conversation.

 * timestamp  = timestamp when this handler was last used.

 * trips = number of trips

 * identity = Identity of the user

 * request = RADIUS request data structure

 */


#define SECURID_STATE_LEN 32


typedef struct {

        struct _securid_session_t       *prev, *next;

        fr_rb_node_t                    node;

        SDI_HANDLE                       sdiHandle;

        SECURID_SESSION_STATE           securidSessionState;


        char                            state[SECURID_STATE_LEN];


        fr_ipaddr_t                     src_ipaddr;

        time_t                          timestamp;

        unsigned int                    session_id;

        uint32_t                        trips;


        char                            *pin;        /* previous pin if user entered it during NEW-PIN mode process */

        char                             *identity; /* save user's identity name for future use */


} SECURID_SESSION;


/*

 *      Define a structure for our module configuration.

 *

 *      These variables do not need to be in a structure, but it's

 *      a lot cleaner to do so, and a pointer to the structure can

 *      be used as the instance handle.

 *      sessions = remembered sessions, in a tree for speed.

 *      mutex = ensure only one thread is updating the sessions list

 */


typedef struct {

        pthread_mutex_t session_mutex;

        fr_rb_tree_t*   session_tree;

        SECURID_SESSION *session_head, *session_tail;


        unsigned int     last_session_id;


        /*

         *      Configuration items.

         */

        uint32_t        timer_limit;

        uint32_t        max_sessions;

        uint32_t        max_trips_per_session;

} rlm_securid_t;


extern HIDDEN fr_dict_attr_t const *attr_prompt;

extern HIDDEN fr_dict_attr_t const *attr_reply_message;

extern HIDDEN fr_dict_attr_t const *attr_state;

extern HIDDEN fr_dict_attr_t const *attr_user_password;


/* Memory Management */

SECURID_SESSION*     securid_session_alloc(void);

void                 securid_session_free(rlm_securid_t *inst, request_t *request,SECURID_SESSION *session)

                     CC_HINT(nonnull);


void                 securid_sessionlist_free(rlm_securid_t *inst,request_t *request) CC_HINT(nonnull);


int                  securid_sessionlist_add(rlm_securid_t *inst, request_t *request, SECURID_SESSION *session)

                     CC_HINT(nonnull);

SECURID_SESSION      *securid_sessionlist_find(rlm_securid_t *inst, request_t *request) CC_HINT(nonnull);

HIDDEN
#define HIDDEN
Definition build.h:314

fr_ipaddr_t
IPv4/6 prefix.
Definition merged_model.c:272

uint32_t
unsigned int uint32_t
Definition merged_model.c:33

fr_dict_attr_t
Definition merged_model.c:133

request_t
Definition merged_model.c:210

pthread_mutex_t
Definition merged_model.c:27

fr_rb_node_s
Definition rb.h:42

fr_rb_tree_s
The main red black tree structure.
Definition rb.h:73

securid_sessionlist_find
SECURID_SESSION * securid_sessionlist_find(rlm_securid_t *inst, request_t *request)
Definition mem.c:172

securid_sessionlist_add
int securid_sessionlist_add(rlm_securid_t *inst, request_t *request, SECURID_SESSION *session)
Definition mem.c:83

SECURID_SESSION::pin
char * pin
Definition rlm_securid.h:50

securid_session_alloc
SECURID_SESSION * securid_session_alloc(void)
Definition mem.c:32

rlm_securid_t::session_head
SECURID_SESSION * session_head
Definition rlm_securid.h:68

SECURID_SESSION::session_id
unsigned int session_id
Definition rlm_securid.h:47

rlm_securid_t::max_sessions
uint32_t max_sessions
Definition rlm_securid.h:76

SECURID_SESSION::trips
uint32_t trips
Definition rlm_securid.h:48

rlm_securid_t::timer_limit
uint32_t timer_limit
Definition rlm_securid.h:75

SECURID_SESSION::src_ipaddr
fr_ipaddr_t src_ipaddr
Definition rlm_securid.h:45

attr_state
HIDDEN fr_dict_attr_t const  * attr_state
Definition base.c:103

rlm_securid_t::session_tree
fr_rb_tree_t * session_tree
Definition rlm_securid.h:67

SECURID_SESSION::sdiHandle
SDI_HANDLE sdiHandle
Definition rlm_securid.h:40

rlm_securid_t::last_session_id
unsigned int last_session_id
Definition rlm_securid.h:70

attr_user_password
HIDDEN fr_dict_attr_t const  * attr_user_password
Definition rlm_eap_fast.c:107

SECURID_SESSION::node
fr_rb_node_t node
Definition rlm_securid.h:39

attr_reply_message
HIDDEN fr_dict_attr_t const  * attr_reply_message
Definition rlm_eap_ttls.c:93

securid_session_free
void securid_session_free(rlm_securid_t *inst, request_t *request, SECURID_SESSION *session)

SECURID_SESSION::next
struct _securid_session_t * next
Definition rlm_securid.h:38

SECURID_SESSION::securidSessionState
SECURID_SESSION_STATE securidSessionState
Definition rlm_securid.h:41

rlm_securid_t::session_mutex
pthread_mutex_t session_mutex
Definition rlm_securid.h:66

SECURID_SESSION_STATE
SECURID_SESSION_STATE
Definition rlm_securid.h:10

INITIAL_STATE
@ INITIAL_STATE
Definition rlm_securid.h:11

NEW_PIN_SYSTEM_CONFIRM_STATE
@ NEW_PIN_SYSTEM_CONFIRM_STATE
Definition rlm_securid.h:17

NEW_PIN_REQUIRED_STATE
@ NEW_PIN_REQUIRED_STATE
Definition rlm_securid.h:13

NEW_PIN_USER_SELECT_STATE
@ NEW_PIN_USER_SELECT_STATE
Definition rlm_securid.h:18

NEW_PIN_AUTH_VALIDATE_STATE
@ NEW_PIN_AUTH_VALIDATE_STATE
Definition rlm_securid.h:15

NEW_PIN_SYSTEM_ACCEPT_STATE
@ NEW_PIN_SYSTEM_ACCEPT_STATE
Definition rlm_securid.h:16

NEXT_CODE_REQUIRED_STATE
@ NEXT_CODE_REQUIRED_STATE
Definition rlm_securid.h:12

NEW_PIN_USER_CONFIRM_STATE
@ NEW_PIN_USER_CONFIRM_STATE
Definition rlm_securid.h:14

attr_prompt
HIDDEN fr_dict_attr_t const  * attr_prompt

securid_sessionlist_free
void securid_sessionlist_free(rlm_securid_t *inst, request_t *request)
Definition mem.c:59

SECURID_STATE_LEN
#define SECURID_STATE_LEN
Definition rlm_securid.h:36

SECURID_SESSION::timestamp
time_t timestamp
Definition rlm_securid.h:46

SECURID_SESSION::identity
char * identity
Definition rlm_securid.h:51

rlm_securid_t::max_trips_per_session
uint32_t max_trips_per_session
Definition rlm_securid.h:77

SECURID_SESSION
Definition rlm_securid.h:37

rlm_securid_t
Definition rlm_securid.h:65

inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620

nonnull
int nonnull(2, 5))