rlm_tacacs_tcp.c File Reference

TACACS+ transport. More...

#include <freeradius-devel/io/application.h>
#include <freeradius-devel/io/listen.h>
#include <freeradius-devel/io/pair.h>
#include <freeradius-devel/missing.h>
#include <freeradius-devel/server/connection.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/heap.h>
#include <freeradius-devel/util/udp.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include "rlm_tacacs.h"

Include dependency graph for rlm_tacacs_tcp.c:

Go to the source code of this file.

Data Structures
struct	rlm_tacacs_tcp_t
	Static configuration for the module. More...
struct	tcp_buffer_t
struct	udp_handle_t
	Track the handle, which is tightly correlated with the FD. More...
struct	udp_request_s
	Connect request_t to local tracking structure. More...
struct	udp_result_t
struct	udp_thread_t

Typedefs
typedef struct udp_request_s	udp_request_t

Functions
static int	_udp_handle_free (udp_handle_t *h)
	Free a connection handle, closing associated resources.
static int	_udp_result_free (udp_result_t *r)
	Free a udp_result_t.
static bool	check_for_zombie (fr_timer_list_t *tl, trunk_connection_t *tconn, fr_time_t now, fr_time_t last_sent)
	See if the connection is zombied.
static void	conn_close (UNUSED fr_event_list_t *el, void *handle, UNUSED void *uctx)
	Shutdown/close a file descriptor.
static void	conn_error (UNUSED fr_event_list_t *el, UNUSED int fd, UNUSED int flags, int fd_errno, void *uctx)
	Connection errored.
static connection_state_t	conn_init (void **h_out, connection_t *conn, void *uctx)
	Initialise a new outbound connection.
static ssize_t	decode (TALLOC_CTX *ctx, fr_pair_list_t *reply, uint8_t *response_code, udp_handle_t *h, request_t *request, udp_request_t *u, uint8_t *data, size_t data_len)
	Decode response packet data, extracting relevant information and validating the packet.
static int	encode (udp_handle_t *h, request_t *request, udp_request_t *u)
static unlang_action_t	mod_enqueue (rlm_rcode_t *p_result, void **rctx_out, UNUSED void *instance, void *thread, request_t *request)
static int	mod_instantiate (module_inst_ctx_t const *mctx)
static unlang_action_t	mod_resume (rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
	Resume execution of the request, returning the rcode set during trunk execution.
static void	mod_signal (module_ctx_t const *mctx, UNUSED request_t *request, fr_signal_t action)
static int	mod_thread_instantiate (module_thread_inst_ctx_t const *mctx)
	Instantiate thread data for the submodule.
static void	request_cancel (connection_t *conn, void *preq_to_reset, trunk_cancel_reason_t reason, UNUSED void *uctx)
	Remove the request from any tracking structures.
static void	request_complete (request_t *request, NDEBUG_UNUSED void *preq, void *rctx, UNUSED void *uctx)
	Response has already been written to the rctx at this point.
static void	request_conn_release (connection_t *conn, void *preq_to_reset, UNUSED void *uctx)
	Clear out anything associated with the handle from the request.
static void	request_demux (UNUSED fr_event_list_t *el, trunk_connection_t *tconn, connection_t *conn, UNUSED void *uctx)
static void	request_fail (request_t *request, NDEBUG_UNUSED void *preq, void *rctx, NDEBUG_UNUSED trunk_request_state_t state, UNUSED void *uctx)
	Write out a canned failure.
static void	request_free (UNUSED request_t *request, void *preq_to_free, UNUSED void *uctx)
	Explicitly free resources associated with the protocol request.
static void	request_mux (fr_event_list_t *el, trunk_connection_t *tconn, connection_t *conn, UNUSED void *uctx)
static int8_t	request_prioritise (void const *one, void const *two)
static void	request_retry (fr_timer_list_t *tl, fr_time_t now, void *uctx)
	Handle retries.
static void	revive_timeout (UNUSED fr_timer_list_t *tl, UNUSED fr_time_t now, void *uctx)
	Revive a connection after "revive_interval".
static connection_t *	thread_conn_alloc (trunk_connection_t *tconn, fr_event_list_t *el, connection_conf_t const *conf, char const *log_prefix, void *uctx)
static void	thread_conn_notify (trunk_connection_t *tconn, connection_t *conn, fr_event_list_t *el, trunk_connection_event_t notify_on, UNUSED void *uctx)
static void	udp_request_reset (udp_handle_t *h, udp_request_t *u)
	Clear out any connection specific resources from a udp request.
static void	zombie_timeout (fr_timer_list_t *tl, fr_time_t now, void *uctx)
	Mark a connection dead after "zombie_interval".

Variables
static fr_dict_attr_t const *	attr_packet_hdr
static fr_dict_attr_t const *	attr_packet_type
static fr_dict_attr_t const *	attr_session_id
static fr_dict_t const *	dict_tacacs
static const conf_parser_t	module_config []
rlm_tacacs_io_t	rlm_tacacs_tcp
fr_dict_autoload_t	rlm_tacacs_tcp_dict []
fr_dict_attr_autoload_t	rlm_tacacs_tcp_dict_attr []

Detailed Description

TACACS+ transport.

Id

1cb71d4fc00e1cbe0b7ba79cc97061607b346d42

Copyright

2023 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file rlm_tacacs_tcp.c.

---

Data Structure Documentation

rlm_tacacs_tcp_t

struct rlm_tacacs_tcp_t

Static configuration for the module.

Definition at line 43 of file rlm_tacacs_tcp.c.

Collaboration diagram for rlm_tacacs_tcp_t:

Data Fields
CONF_SECTION *	config
fr_ipaddr_t	dst_ipaddr	IP of the home server.
uint16_t	dst_port	Port of the home server.
char const *	interface	Interface to bind to.
uint32_t	max_packet_size	Maximum packet size.
uint16_t	max_send_coalesce	Maximum number of packets to coalesce into one mmsg call.
rlm_tacacs_t *	parent	rlm_tacacs instance.
uint32_t	recv_buff	How big the kernel's receive buffer should be.
bool	recv_buff_is_set	Whether we were provided with a recv_buf.
char const *	secret	Shared secret.
size_t	secretlen	length of secret
uint32_t	send_buff	How big the kernel's send buffer should be.
bool	send_buff_is_set	Whether we were provided with a send_buf.
fr_ipaddr_t	src_ipaddr	IP we open our socket on.

tcp_buffer_t

struct tcp_buffer_t

Definition at line 81 of file rlm_tacacs_tcp.c.

Data Fields
uint8_t *	data	actual data
uint8_t *	end	end of the buffer
uint8_t *	read	where we read data from
uint8_t *	write	where we write data to

udp_handle_t

struct udp_handle_t

Track the handle, which is tightly correlated with the FD.

Definition at line 91 of file rlm_tacacs_tcp.c.

Collaboration diagram for udp_handle_t:

Data Fields
int	active	active packets
trunk_request_t **	coalesced	Outbound coalesced requests.
int	fd	File descriptor.
fr_time_t	first_sent	first time we sent a packet since going idle
int	id	starts at 1.
rlm_tacacs_tcp_t const *	inst	Our module instance.
fr_time_t	last_idle	last time we had nothing to do
fr_time_t	last_reply	When we last received a reply.
fr_time_t	last_sent	last time we sent a packet.
uint32_t	max_packet_size	Our max packet size. may be different from the parent.
char const *	module_name	the module that opened the connection
fr_time_t	mrs_time	Most recent sent time which had a reply.
char const *	name	From IP PORT to IP PORT.
tcp_buffer_t	recv	receive buffer
tcp_buffer_t	send	send buffer
size_t	send_buff_actual	What we believe the maximum SO_SNDBUF size to be. We don't try and encode more packet data than this in one go.
uint32_t	session_id	for TACACS+ "security".
fr_ipaddr_t	src_ipaddr	Source IP address. May be altered on bind to be the actual IP address packets will be sent on. This is why we can't use the inst src_ipaddr field.
uint16_t	src_port	Source port specific to this connection. Todo: not set by socket_client_tcp()
trunk_connection_t *	tconn	trunk connection
udp_thread_t *	thread
trunk_request_t *	tracking[UINT8_MAX]	all sequential!
fr_timer_t *	zombie_ev	Zombie timeout.

udp_request_s

struct udp_request_s

Connect request_t to local tracking structure.

Definition at line 139 of file rlm_tacacs_tcp.c.

Collaboration diagram for udp_request_s:

Data Fields
uint8_t	code	Packet code.
fr_timer_t *	ev	timer for retransmissions
uint8_t	id	Last ID assigned to this packet.
bool	outstanding	are we waiting for a reply?
uint8_t *	packet	Packet we write to the network.
size_t	packet_len	Length of the packet.
uint32_t	priority	copied from request->async->priority
fr_time_t	recv_time	copied from request->async->recv_time
fr_retry_t	retry	retransmission timers

udp_result_t

struct udp_result_t

Definition at line 74 of file rlm_tacacs_tcp.c.

Collaboration diagram for udp_result_t:

Data Fields
rlm_rcode_t	rcode	from the transport
trunk_request_t *	treq

udp_thread_t

struct udp_thread_t

Definition at line 65 of file rlm_tacacs_tcp.c.

Collaboration diagram for udp_thread_t:

Data Fields
fr_event_list_t *	el	Event list.
rlm_tacacs_tcp_t const *	inst	our instance
trunk_t *	trunk	trunk handler
trunk_conf_t	trunk_conf	trunk configuration

Typedef Documentation

udp_request_t

typedef struct udp_request_s udp_request_t

Definition at line 79 of file rlm_tacacs_tcp.c.

Function Documentation

_udp_handle_free()

static int _udp_handle_free ( udp_handle_t *  h )

static

Free a connection handle, closing associated resources.

Definition at line 229 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

_udp_result_free()

static int _udp_result_free ( udp_result_t *  r )

static

Free a udp_result_t.

Allows us to set break points for debugging.

Definition at line 1356 of file rlm_tacacs_tcp.c.

Here is the caller graph for this function:

check_for_zombie()

static bool check_for_zombie ( fr_timer_list_t *  tl, trunk_connection_t *  tconn, fr_time_t  now, fr_time_t  last_sent  )

static

See if the connection is zombied.

We check for zombie when major events happen:

1) request hits its final timeout
2) request timer hits, and it needs to be retransmitted
3) a DUP packet comes in, and the request needs to be retransmitted
4) we're sending a packet.

There MIGHT not be retries configured, so we MUST check for zombie when any new packet comes in. Similarly, there MIGHT not be new packets, but retries are configured, so we have to check there, too.

Also, the socket might not be writable for a while. There MIGHT be a long time between getting the timer / DUP signal, and the request finally being written to the socket. So we need to check for zombie at BOTH the timeout and the mux / write function.

Returns

• true if the connection is zombie.
• false if the connection is not zombie.

Definition at line 705 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

conn_close()

static void conn_close ( UNUSED fr_event_list_t *  el, void *  handle, UNUSED void *  uctx  )

static

Shutdown/close a file descriptor.

Definition at line 403 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

conn_error()

static void conn_error ( UNUSED fr_event_list_t *  el, UNUSED int  fd, UNUSED int  flags, int  fd_errno, void *  uctx  )

static

Connection errored.

We were signalled by the event loop that a fatal error occurred on this connection.

Parameters

[in]	el	The event list signalling.
[in]	fd	that errored.
[in]	flags	El flags.
[in]	fd_errno	The nature of the error.
[in]	uctx	The trunk connection handle (tconn).

Definition at line 453 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

conn_init()

static connection_state_t conn_init ( void **  h_out, connection_t *  conn, void *  uctx  )

static

Initialise a new outbound connection.

Parameters

[out]	h_out	Where to write the new file descriptor.
[in]	conn	to initialise.
[in]	uctx	A udp_thread_t

Definition at line 258 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode()

static ssize_t decode ( TALLOC_CTX *  ctx, fr_pair_list_t *  reply, uint8_t *  response_code, udp_handle_t *  h, request_t *  request, udp_request_t *  u, uint8_t *  data, size_t  data_len  )

static

Decode response packet data, extracting relevant information and validating the packet.

Parameters

[in]	ctx	to allocate pairs in.
[out]	reply	Pointer to head of pair list to add reply attributes to.
[out]	response_code	The type of response packet.
[in]	h	connection handle.
[in]	request	the request.
[in]	u	UDP request.
[in]	data	to decode.
[in]	data_len	Length of input data.

Returns

• <0 on error
• >0 for how many bytes were decoded

Definition at line 545 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

encode()

static int encode ( udp_handle_t *  h, request_t *  request, udp_request_t *  u  )

static

Definition at line 589 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

mod_enqueue()

static unlang_action_t mod_enqueue ( rlm_rcode_t *  p_result, void **  rctx_out, UNUSED void *  instance, void *  thread, request_t *  request  )

static

Definition at line 1372 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx )

static

Definition at line 1454 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_resume()

static unlang_action_t mod_resume ( rlm_rcode_t *  p_result, module_ctx_t const *  mctx, UNUSED request_t *  request  )

static

Resume execution of the request, returning the rcode set during trunk execution.

Definition at line 1289 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_signal()

static void mod_signal ( module_ctx_t const *  mctx, UNUSED request_t *  request, fr_signal_t  action  )

static

Definition at line 1299 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_thread_instantiate()

static int mod_thread_instantiate ( module_thread_inst_ctx_t const *  mctx )

static

Instantiate thread data for the submodule.

Definition at line 1427 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

request_cancel()

static void request_cancel ( connection_t *  conn, void *  preq_to_reset, trunk_cancel_reason_t  reason, UNUSED void *  uctx  )

static

Remove the request from any tracking structures.

Frees encoded packets if the request is being moved to a new connection

Definition at line 1195 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_complete()

static void request_complete ( request_t *  request, NDEBUG_UNUSED void *  preq, void *  rctx, UNUSED void *  uctx  )

static

Response has already been written to the rctx at this point.

Definition at line 1260 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_conn_release()

static void request_conn_release ( connection_t *  conn, void *  preq_to_reset, UNUSED void *  uctx  )

static

Clear out anything associated with the handle from the request.

Definition at line 1220 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_demux()

static void request_demux ( UNUSED fr_event_list_t *  el, trunk_connection_t *  tconn, connection_t *  conn, UNUSED void *  uctx  )

static

Definition at line 1046 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_fail()

static void request_fail ( request_t *  request, NDEBUG_UNUSED void *  preq, void *  rctx, NDEBUG_UNUSED trunk_request_state_t  state, UNUSED void *  uctx  )

static

Write out a canned failure.

Definition at line 1239 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_free()

static void request_free ( UNUSED request_t *  request, void *  preq_to_free, UNUSED void *  uctx  )

static

Explicitly free resources associated with the protocol request.

Definition at line 1277 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_mux()

static void request_mux ( fr_event_list_t *  el, trunk_connection_t *  tconn, connection_t *  conn, UNUSED void *  uctx  )

static

Definition at line 792 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_prioritise()

static int8_t request_prioritise ( void const *  one, void const *  two  )

static

Definition at line 513 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_retry()

static void request_retry ( fr_timer_list_t *  tl, fr_time_t  now, void *  uctx  )

static

Handle retries.

Note that with TCP we don't actually retry on this particular connection, but the retry timer allows us to fail over from one connection to another when a connection fails.

Definition at line 749 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

revive_timeout()

static void revive_timeout ( UNUSED fr_timer_list_t *  tl, UNUSED fr_time_t  now, void *  uctx  )

static

Revive a connection after "revive_interval".

Definition at line 645 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

thread_conn_alloc()

static connection_t * thread_conn_alloc ( trunk_connection_t *  tconn, fr_event_list_t *  el, connection_conf_t const *  conf, char const *  log_prefix, void *  uctx  )

static

Definition at line 420 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

thread_conn_notify()

static void thread_conn_notify ( trunk_connection_t *  tconn, connection_t *  conn, fr_event_list_t *  el, trunk_connection_event_t  notify_on, UNUSED void *  uctx  )

static

Definition at line 465 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

udp_request_reset()

static void udp_request_reset ( udp_handle_t *  h, udp_request_t *  u  )

static

Clear out any connection specific resources from a udp request.

Definition at line 201 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

zombie_timeout()

static void zombie_timeout ( fr_timer_list_t *  tl, fr_time_t  now, void *  uctx  )

static

Mark a connection dead after "zombie_interval".

Definition at line 657 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

attr_packet_hdr

fr_dict_attr_t const* attr_packet_hdr

static

Definition at line 187 of file rlm_tacacs_tcp.c.

attr_packet_type

fr_dict_attr_t const* attr_packet_type

static

Definition at line 186 of file rlm_tacacs_tcp.c.

attr_session_id

fr_dict_attr_t const* attr_session_id

static

Definition at line 188 of file rlm_tacacs_tcp.c.

dict_tacacs

fr_dict_t const* dict_tacacs

static

Definition at line 178 of file rlm_tacacs_tcp.c.

module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET_TYPE_FLAGS("ipaddr", FR_TYPE_COMBO_IP_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr), },
        { FR_CONF_OFFSET_TYPE_FLAGS("ipv4addr", FR_TYPE_IPV4_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr) },
        { FR_CONF_OFFSET_TYPE_FLAGS("ipv6addr", FR_TYPE_IPV6_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr) },
 
        { FR_CONF_OFFSET("port", rlm_tacacs_tcp_t, dst_port) },
 
        { FR_CONF_OFFSET("secret", rlm_tacacs_tcp_t, secret) }, 
 
        { FR_CONF_OFFSET("interface", rlm_tacacs_tcp_t, interface) },
 
        { FR_CONF_OFFSET_IS_SET("recv_buff", FR_TYPE_UINT32, 0, rlm_tacacs_tcp_t, recv_buff) },
        { FR_CONF_OFFSET_IS_SET("send_buff", FR_TYPE_UINT32, 0, rlm_tacacs_tcp_t, send_buff) },
 
        { FR_CONF_OFFSET("max_packet_size", rlm_tacacs_tcp_t, max_packet_size), .dflt = STRINGIFY(FR_MAX_PACKET_SIZE) },
        { FR_CONF_OFFSET("max_send_coalesce", rlm_tacacs_tcp_t, max_send_coalesce), .dflt = "1024" },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("src_ipaddr", FR_TYPE_COMBO_IP_ADDR, 0, rlm_tacacs_tcp_t, src_ipaddr) },
        { FR_CONF_OFFSET_TYPE_FLAGS("src_ipv4addr", FR_TYPE_IPV4_ADDR, 0, rlm_tacacs_tcp_t, src_ipaddr) },
        { FR_CONF_OFFSET_TYPE_FLAGS("src_ipv6addr", FR_TYPE_IPV6_ADDR, 0, rlm_tacacs_tcp_t, src_ipaddr) },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 154 of file rlm_tacacs_tcp.c.

rlm_tacacs_tcp

rlm_tacacs_io_t rlm_tacacs_tcp

Initial value:

= {
        .common = {
                .magic                  = MODULE_MAGIC_INIT,
                .name                   = "tacacs_tcp",
                .inst_size              = sizeof(rlm_tacacs_tcp_t),
 
                .thread_inst_size       = sizeof(udp_thread_t),
                .thread_inst_type       = "udp_thread_t",
 
                .config                 = module_config,
                .instantiate            = mod_instantiate,
                .thread_instantiate     = mod_thread_instantiate,
        },
        .enqueue                = mod_enqueue,
        .signal                 = mod_signal,
        .resume                 = mod_resume,
}

Definition at line 1539 of file rlm_tacacs_tcp.c.

rlm_tacacs_tcp_dict

fr_dict_autoload_t rlm_tacacs_tcp_dict

Initial value:

= {
        { .out = &dict_tacacs, .proto = "tacacs" },
        { NULL }
}

Definition at line 181 of file rlm_tacacs_tcp.c.

rlm_tacacs_tcp_dict_attr

fr_dict_attr_autoload_t rlm_tacacs_tcp_dict_attr

Initial value:

= {
        { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_tacacs },
        { .out = &attr_packet_hdr, .name = "Packet", .type = FR_TYPE_STRUCT, .dict = &dict_tacacs },
        { .out = &attr_session_id, .name = "Packet.Session-ID", .type = FR_TYPE_UINT32, .dict = &dict_tacacs },
        { NULL }
}

Definition at line 191 of file rlm_tacacs_tcp.c.