rlm_tacacs_tcp.c File Reference

TACACS+ transport. More...

#include <freeradius-devel/io/application.h>
#include <freeradius-devel/io/listen.h>
#include <freeradius-devel/io/pair.h>
#include <freeradius-devel/missing.h>
#include <freeradius-devel/server/connection.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/heap.h>
#include <freeradius-devel/util/udp.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include "rlm_tacacs.h"

Include dependency graph for rlm_tacacs_tcp.c:

Go to the source code of this file.

Data Structures
struct	rlm_tacacs_tcp_t
	Static configuration for the module. More...
struct	tcp_buffer_t
struct	udp_handle_t
	Track the handle, which is tightly correlated with the FD. More...
struct	udp_request_s
	Connect request_t to local tracking structure. More...
struct	udp_result_t
struct	udp_thread_t

Typedefs
typedef struct udp_request_s	udp_request_t

Functions
static int	_udp_handle_free (udp_handle_t *h)
	Free a connection handle, closing associated resources. More...
static int	_udp_result_free (udp_result_t *r)
	Free a udp_result_t. More...
	CC_NO_UBSAN (function)
static bool	check_for_zombie (fr_event_list_t *el, trunk_connection_t *tconn, fr_time_t now, fr_time_t last_sent)
	See if the connection is zombied. More...
static void	conn_close (UNUSED fr_event_list_t *el, void *handle, UNUSED void *uctx)
	Shutdown/close a file descriptor. More...
static void	conn_error (UNUSED fr_event_list_t *el, UNUSED int fd, UNUSED int flags, int fd_errno, void *uctx)
	Connection errored. More...
static connection_state_t	conn_init (void **h_out, connection_t *conn, void *uctx)
	Initialise a new outbound connection. More...
static ssize_t	decode (TALLOC_CTX *ctx, fr_pair_list_t *reply, uint8_t *response_code, udp_handle_t *h, request_t *request, udp_request_t *u, uint8_t *data, size_t data_len)
	Decode response packet data, extracting relevant information and validating the packet. More...
static int	encode (udp_handle_t *h, request_t *request, udp_request_t *u)
static unlang_action_t	mod_enqueue (rlm_rcode_t *p_result, void **rctx_out, UNUSED void *instance, void *thread, request_t *request)
static int	mod_instantiate (module_inst_ctx_t const *mctx)
static unlang_action_t	mod_resume (rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
	Resume execution of the request, returning the rcode set during trunk execution. More...
static void	mod_signal (module_ctx_t const *mctx, UNUSED request_t *request, fr_signal_t action)
static int	mod_thread_instantiate (module_thread_inst_ctx_t const *mctx)
	Instantiate thread data for the submodule. More...
static void	request_cancel (connection_t *conn, void *preq_to_reset, trunk_cancel_reason_t reason, UNUSED void *uctx)
	Remove the request from any tracking structures. More...
static void	request_complete (request_t *request, NDEBUG_UNUSED void *preq, void *rctx, UNUSED void *uctx)
	Response has already been written to the rctx at this point. More...
static void	request_conn_release (connection_t *conn, void *preq_to_reset, UNUSED void *uctx)
	Clear out anything associated with the handle from the request. More...
static void	request_demux (UNUSED fr_event_list_t *el, trunk_connection_t *tconn, connection_t *conn, UNUSED void *uctx)
static void	request_fail (request_t *request, NDEBUG_UNUSED void *preq, void *rctx, NDEBUG_UNUSED trunk_request_state_t state, UNUSED void *uctx)
	Write out a canned failure. More...
static void	request_free (UNUSED request_t *request, void *preq_to_free, UNUSED void *uctx)
	Explicitly free resources associated with the protocol request. More...
static int8_t	request_prioritise (void const *one, void const *two)
static void	request_retry (fr_event_list_t *el, fr_time_t now, void *uctx)
	Handle retries. More...
static void	revive_timeout (UNUSED fr_event_list_t *el, UNUSED fr_time_t now, void *uctx)
	Revive a connection after "revive_interval". More...
static void	udp_request_reset (udp_handle_t *h, udp_request_t *u)
	Clear out any connection specific resources from a udp request. More...
static void	zombie_timeout (fr_event_list_t *el, fr_time_t now, void *uctx)
	Mark a connection dead after "zombie_interval". More...

Variables
static fr_dict_attr_t const *	attr_packet_hdr
static fr_dict_attr_t const *	attr_packet_type
static fr_dict_attr_t const *	attr_session_id
static fr_dict_t const *	dict_tacacs
static const conf_parser_t	module_config []
rlm_tacacs_io_t	rlm_tacacs_tcp
fr_dict_autoload_t	rlm_tacacs_tcp_dict []
fr_dict_attr_autoload_t	rlm_tacacs_tcp_dict_attr []

Detailed Description

TACACS+ transport.

Id

bf8f14d3f7eeeb64e386faa04a6dc0d1a2e2e1d0

Copyright

2023 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file rlm_tacacs_tcp.c.

---

Data Structure Documentation

rlm_tacacs_tcp_t

struct rlm_tacacs_tcp_t

Static configuration for the module.

Definition at line 43 of file rlm_tacacs_tcp.c.

Collaboration diagram for rlm_tacacs_tcp_t:

Data Fields
CONF_SECTION *	config
fr_ipaddr_t	dst_ipaddr	IP of the home server.
uint16_t	dst_port	Port of the home server.
char const *	interface	Interface to bind to.
uint32_t	max_packet_size	Maximum packet size.
uint16_t	max_send_coalesce	Maximum number of packets to coalesce into one mmsg call.
rlm_tacacs_t *	parent	rlm_tacacs instance.
uint32_t	recv_buff	How big the kernel's receive buffer should be.
bool	recv_buff_is_set	Whether we were provided with a recv_buf.
char const *	secret	Shared secret.
size_t	secretlen	length of secret
uint32_t	send_buff	How big the kernel's send buffer should be.
bool	send_buff_is_set	Whether we were provided with a send_buf.
fr_ipaddr_t	src_ipaddr	IP we open our socket on.
trunk_conf_t *	trunk_conf	trunk configuration

tcp_buffer_t

struct tcp_buffer_t

Definition at line 82 of file rlm_tacacs_tcp.c.

Data Fields
uint8_t *	data	actual data
uint8_t *	end	end of the buffer
uint8_t *	read	where we read data from
uint8_t *	write	where we write data to

udp_handle_t

struct udp_handle_t

Track the handle, which is tightly correlated with the FD.

Definition at line 100 of file rlm_radius_udp.c.

Collaboration diagram for udp_handle_t:

Data Fields
int	active	active packets
uint8_t *	buffer	Receive buffer.
size_t	buflen	Receive buffer length.
udp_coalesced_t *	coalesced	Outbound coalesced requests.
trunk_request_t **	coalesced	Outbound coalesced requests.
int	fd	File descriptor.
fr_time_t	first_sent	first time we sent a packet since going idle
int	id	starts at 1.
rlm_radius_udp_t const *	inst	Our module instance.
rlm_tacacs_tcp_t const *	inst	Our module instance.
uint8_t	last_id	Used when replicating to ensure IDs are distributed evenly.
fr_time_t	last_idle	last time we had nothing to do
fr_time_t	last_reply	When we last received a reply.
fr_time_t	last_sent	last time we sent a packet.
uint32_t	max_packet_size	Our max packet size. may be different from the parent.
struct mmsghdr *	mmsgvec	Vector of inbound/outbound packets.
char const *	module_name	the module that opened the connection
fr_time_t	mrs_time	Most recent sent time which had a reply.
char const *	name	From IP PORT to IP PORT.
tcp_buffer_t	recv	receive buffer
tcp_buffer_t	send	send buffer
size_t	send_buff_actual	What we believe the maximum SO_SNDBUF size to be. We don't try and encode more packet data than this in one go.
uint32_t	session_id	for TACACS+ "security".
fr_ipaddr_t	src_ipaddr	Source IP address. May be altered on bind to be the actual IP address packets will be sent on. This is why we can't use the inst src_ipaddr field.
uint16_t	src_port	Source port specific to this connection. Todo: not set by socket_client_tcp()
bool	status_checking	whether we're doing status checks
udp_result_t *	status_r	for faking out status checks as real packets
request_t *	status_request
udp_request_t *	status_u	for sending status check packets
trunk_connection_t *	tconn	trunk connection
udp_thread_t *	thread
trunk_request_t *	tracking[UINT8_MAX]	all sequential!
radius_track_t *	tt	RADIUS ID tracking structure.
fr_event_timer_t const *	zombie_ev	Zombie timeout.

udp_request_s

struct udp_request_s

Connect request_t to local tracking structure.

Definition at line 150 of file rlm_radius_udp.c.

Collaboration diagram for udp_request_s:

Data Fields
uint8_t	code	Packet code.
fr_event_timer_t const *	ev	timer for retransmissions
fr_pair_list_t	extra	VPs for debugging, like Proxy-State.
uint8_t	id	Last ID assigned to this packet.
uint32_t	num_replies	number of reply packets, sent is in retry.count
bool	outstanding	are we waiting for a reply?
uint8_t *	packet	Packet we write to the network.
size_t	packet_len	Length of the packet.
uint32_t	priority	copied from request->async->priority
fr_time_t	recv_time	copied from request->async->recv_time
bool	require_message_authenticator	saved from the original packet.
fr_retry_t	retry	retransmission timers
radius_track_entry_t *	rr	ID tracking, resend count, etc.
bool	status_check	is this packet a status check?
bool	synchronous	cached from inst->parent->synchronous

udp_result_t

struct udp_result_t

Definition at line 85 of file rlm_radius_udp.c.

Collaboration diagram for udp_result_t:

Data Fields
rlm_rcode_t	rcode	from the transport
trunk_request_t *	treq

udp_thread_t

struct udp_thread_t

Definition at line 77 of file rlm_radius_udp.c.

Collaboration diagram for udp_thread_t:

Data Fields
fr_event_list_t *	el	Event list.
rlm_radius_udp_t const *	inst	our instance
rlm_tacacs_tcp_t const *	inst	our instance
trunk_t *	trunk	trunk handler

Typedef Documentation

udp_request_t

typedef struct udp_request_s udp_request_t

Definition at line 1 of file rlm_tacacs_tcp.c.

Function Documentation

_udp_handle_free()

static int _udp_handle_free ( udp_handle_t *  h )

static

Free a connection handle, closing associated resources.

Definition at line 230 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

_udp_result_free()

static int _udp_result_free ( udp_result_t *  r )

static

Free a udp_result_t.

Allows us to set break points for debugging.

Definition at line 1357 of file rlm_tacacs_tcp.c.

Here is the caller graph for this function:

CC_NO_UBSAN()

CC_NO_UBSAN

(

function

)

Definition at line 420 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

check_for_zombie()

static bool check_for_zombie ( fr_event_list_t *  el, trunk_connection_t *  tconn, fr_time_t  now, fr_time_t  last_sent  )

static

See if the connection is zombied.

We check for zombie when major events happen:

1) request hits its final timeout
2) request timer hits, and it needs to be retransmitted
3) a DUP packet comes in, and the request needs to be retransmitted
4) we're sending a packet.

There MIGHT not be retries configured, so we MUST check for zombie when any new packet comes in. Similarly, there MIGHT not be new packets, but retries are configured, so we have to check there, too.

Also, the socket might not be writable for a while. There MIGHT be a long time between getting the timer / DUP signal, and the request finally being written to the socket. So we need to check for zombie at BOTH the timeout and the mux / write function.

Returns

• true if the connection is zombie.
• false if the connection is not zombie.

Definition at line 706 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

conn_close()

static void conn_close ( UNUSED fr_event_list_t *  el, void *  handle, UNUSED void *  uctx  )

static

Shutdown/close a file descriptor.

Definition at line 404 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

conn_error()

static void conn_error ( UNUSED fr_event_list_t *  el, UNUSED int  fd, UNUSED int  flags, int  fd_errno, void *  uctx  )

static

Connection errored.

We were signalled by the event loop that a fatal error occurred on this connection.

Parameters

[in]	el	The event list signalling.
[in]	fd	that errored.
[in]	flags	El flags.
[in]	fd_errno	The nature of the error.
[in]	uctx	The trunk connection handle (tconn).

Definition at line 454 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

conn_init()

static connection_state_t conn_init ( void **  h_out, connection_t *  conn, void *  uctx  )

static

Initialise a new outbound connection.

Parameters

[out]	h_out	Where to write the new file descriptor.
[in]	conn	to initialise.
[in]	uctx	A udp_thread_t

Definition at line 259 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

decode()

static ssize_t decode ( TALLOC_CTX *  ctx, fr_pair_list_t *  reply, uint8_t *  response_code, udp_handle_t *  h, request_t *  request, udp_request_t *  u, uint8_t *  data, size_t  data_len  )

static

Decode response packet data, extracting relevant information and validating the packet.

Parameters

[in]	ctx	to allocate pairs in.
[out]	reply	Pointer to head of pair list to add reply attributes to.
[out]	response_code	The type of response packet.
[in]	h	connection handle.
[in]	request	the request.
[in]	u	UDP request.
[in]	data	to decode.
[in]	data_len	Length of input data.

Returns

• <0 on error
• >0 for how many bytes were decoded

Definition at line 546 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

encode()

static int encode ( udp_handle_t *  h, request_t *  request, udp_request_t *  u  )

static

Definition at line 590 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_enqueue()

static unlang_action_t mod_enqueue ( rlm_rcode_t *  p_result, void **  rctx_out, UNUSED void *  instance, void *  thread, request_t *  request  )

static

Definition at line 1373 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx )

static

Definition at line 1470 of file rlm_tacacs_tcp.c.

mod_resume()

static unlang_action_t mod_resume ( rlm_rcode_t *  p_result, module_ctx_t const *  mctx, UNUSED request_t *  request  )

static

Resume execution of the request, returning the rcode set during trunk execution.

Definition at line 1290 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_signal()

static void mod_signal ( module_ctx_t const *  mctx, UNUSED request_t *  request, fr_signal_t  action  )

static

Definition at line 1300 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

mod_thread_instantiate()

static int mod_thread_instantiate ( module_thread_inst_ctx_t const *  mctx )

static

Instantiate thread data for the submodule.

Definition at line 1428 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

request_cancel()

static void request_cancel ( connection_t *  conn, void *  preq_to_reset, trunk_cancel_reason_t  reason, UNUSED void *  uctx  )

static

Remove the request from any tracking structures.

Frees encoded packets if the request is being moved to a new connection

Definition at line 1196 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_complete()

static void request_complete ( request_t *  request, NDEBUG_UNUSED void *  preq, void *  rctx, UNUSED void *  uctx  )

static

Response has already been written to the rctx at this point.

Definition at line 1261 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_conn_release()

static void request_conn_release ( connection_t *  conn, void *  preq_to_reset, UNUSED void *  uctx  )

static

Clear out anything associated with the handle from the request.

Definition at line 1221 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_demux()

static void request_demux ( UNUSED fr_event_list_t *  el, trunk_connection_t *  tconn, connection_t *  conn, UNUSED void *  uctx  )

static

Definition at line 1047 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_fail()

static void request_fail ( request_t *  request, NDEBUG_UNUSED void *  preq, void *  rctx, NDEBUG_UNUSED trunk_request_state_t  state, UNUSED void *  uctx  )

static

Write out a canned failure.

Definition at line 1240 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_free()

static void request_free ( UNUSED request_t *  request, void *  preq_to_free, UNUSED void *  uctx  )

static

Explicitly free resources associated with the protocol request.

Definition at line 1278 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_prioritise()

static int8_t request_prioritise ( void const *  one, void const *  two  )

static

Definition at line 514 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

request_retry()

static void request_retry ( fr_event_list_t *  el, fr_time_t  now, void *  uctx  )

static

Handle retries.

Note that with TCP we don't actually retry on this particular connection, but the retry timer allows us to fail over from one connection to another when a connection fails.

Definition at line 750 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

revive_timeout()

static void revive_timeout ( UNUSED fr_event_list_t *  el, UNUSED fr_time_t  now, void *  uctx  )

static

Revive a connection after "revive_interval".

Definition at line 646 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

udp_request_reset()

static void udp_request_reset ( udp_handle_t *  h, udp_request_t *  u  )

static

Clear out any connection specific resources from a udp request.

Definition at line 202 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

zombie_timeout()

static void zombie_timeout ( fr_event_list_t *  el, fr_time_t  now, void *  uctx  )

static

Mark a connection dead after "zombie_interval".

Definition at line 658 of file rlm_tacacs_tcp.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

attr_packet_hdr

fr_dict_attr_t const* attr_packet_hdr

static

Definition at line 188 of file rlm_tacacs_tcp.c.

attr_packet_type

fr_dict_attr_t const* attr_packet_type

static

Definition at line 187 of file rlm_tacacs_tcp.c.

attr_session_id

fr_dict_attr_t const* attr_session_id

static

Definition at line 189 of file rlm_tacacs_tcp.c.

dict_tacacs

fr_dict_t const* dict_tacacs

static

Definition at line 179 of file rlm_tacacs_tcp.c.

module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET_TYPE_FLAGS("ipaddr", FR_TYPE_COMBO_IP_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr), },
        { FR_CONF_OFFSET_TYPE_FLAGS("ipv4addr", FR_TYPE_IPV4_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr) },
        { FR_CONF_OFFSET_TYPE_FLAGS("ipv6addr", FR_TYPE_IPV6_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr) },
 
        { FR_CONF_OFFSET("port", rlm_tacacs_tcp_t, dst_port) },
 
        { FR_CONF_OFFSET("secret", rlm_tacacs_tcp_t, secret) }, 
 
        { FR_CONF_OFFSET("interface", rlm_tacacs_tcp_t, interface) },
 
        { FR_CONF_OFFSET_IS_SET("recv_buff", FR_TYPE_UINT32, 0, rlm_tacacs_tcp_t, recv_buff) },
        { FR_CONF_OFFSET_IS_SET("send_buff", FR_TYPE_UINT32, 0, rlm_tacacs_tcp_t, send_buff) },
 
        { FR_CONF_OFFSET("max_packet_size", rlm_tacacs_tcp_t, max_packet_size), .dflt = STRINGIFY(FR_MAX_PACKET_SIZE) },
        { FR_CONF_OFFSET("max_send_coalesce", rlm_tacacs_tcp_t, max_send_coalesce), .dflt = "1024" },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("src_ipaddr", FR_TYPE_COMBO_IP_ADDR, 0, rlm_tacacs_tcp_t, src_ipaddr) },
        { FR_CONF_OFFSET_TYPE_FLAGS("src_ipv4addr", FR_TYPE_IPV4_ADDR, 0, rlm_tacacs_tcp_t, src_ipaddr) },
        { FR_CONF_OFFSET_TYPE_FLAGS("src_ipv6addr", FR_TYPE_IPV6_ADDR, 0, rlm_tacacs_tcp_t, src_ipaddr) },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 155 of file rlm_tacacs_tcp.c.

rlm_tacacs_tcp

rlm_tacacs_io_t rlm_tacacs_tcp

Initial value:

= {
        .common = {
                .magic                  = MODULE_MAGIC_INIT,
                .name                   = "tacacs_tcp",
                .inst_size              = sizeof(rlm_tacacs_tcp_t),
 
                .thread_inst_size       = sizeof(udp_thread_t),
                .thread_inst_type       = "udp_thread_t",
 
                .config                 = module_config,
                .instantiate            = mod_instantiate,
                .thread_instantiate     = mod_thread_instantiate,
        },
        .enqueue                = mod_enqueue,
        .signal                 = mod_signal,
        .resume                 = mod_resume,
}

Definition at line 1545 of file rlm_tacacs_tcp.c.

rlm_tacacs_tcp_dict

fr_dict_autoload_t rlm_tacacs_tcp_dict

Initial value:

= {
        { .out = &dict_tacacs, .proto = "tacacs" },
        { NULL }
}

Definition at line 182 of file rlm_tacacs_tcp.c.

rlm_tacacs_tcp_dict_attr

fr_dict_attr_autoload_t rlm_tacacs_tcp_dict_attr

Initial value:

= {
        { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_tacacs },
        { .out = &attr_packet_hdr, .name = "Packet", .type = FR_TYPE_STRUCT, .dict = &dict_tacacs },
        { .out = &attr_session_id, .name = "Packet.Session-ID", .type = FR_TYPE_UINT32, .dict = &dict_tacacs },
        { NULL }
}

Definition at line 192 of file rlm_tacacs_tcp.c.