Authentication for yubikey OTP tokens. More...

#include <freeradius-devel/radius/radius.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include "rlm_yubikey.h"

Include dependency graph for rlm_yubikey.c:

Go to the source code of this file.

Macros
#define	is_modhex(x) (memchr(modhextab, tolower(x), 16))

Functions
static unlang_action_t	mod_authenticate (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)

static unlang_action_t	mod_authorize (rlm_rcode_t p_result, module_ctx_t const mctx, request_t *request)

static int	mod_bootstrap (module_inst_ctx_t const *mctx)

static int	mod_instantiate (module_inst_ctx_t const *mctx)

static int	mod_load (void)

static void	mod_unload (void)

static ssize_t	modhex2hex (char const modhex, char hex, size_t len)
	Convert yubikey modhex to normal hex. More...

static xlat_action_t	modhex_to_hex_xlat (UNUSED TALLOC_CTX ctx, fr_dcursor_t out, UNUSED xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)
	Xlat to convert Yubikey modhex to standard hex. More...

static int	otp_string_valid (rlm_yubikey_t const inst, char const otp, size_t len)

Variables
fr_dict_attr_t const *	attr_auth_type

fr_dict_attr_t const *	attr_user_password

fr_dict_attr_t const *	attr_yubikey_counter

fr_dict_attr_t const *	attr_yubikey_key

fr_dict_attr_t const *	attr_yubikey_otp

fr_dict_attr_t const *	attr_yubikey_private_id

fr_dict_attr_t const *	attr_yubikey_public_id

fr_dict_attr_t const *	attr_yubikey_random

fr_dict_attr_t const *	attr_yubikey_timestamp

static fr_dict_t const *	dict_freeradius

static fr_dict_t const *	dict_radius

static char const	hextab [] = "0123456789abcdef"

static xlat_arg_parser_t const	modhex_to_hex_xlat_arg []

static char const	modhextab [] = "cbdefghijklnrtuv"

static const conf_parser_t	module_config []

module_rlm_t	rlm_yubikey

fr_dict_autoload_t	rlm_yubikey_dict []

fr_dict_attr_autoload_t	rlm_yubikey_dict_attr []

Detailed Description

Authentication for yubikey OTP tokens.

Id: 5806b080de1f9d079885f4c026342b0eb945fb8e

Author: Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@net.nosp@m.work.nosp@m.radiu.nosp@m.s.co.nosp@m.m)

Copyright: 2013 The FreeRADIUS server project; 2013 Network RADIUS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file rlm_yubikey.c.

Macro Definition Documentation

◆ is_modhex

#define is_modhex ( x ) (memchr(modhextab, tolower(x), 16))

Definition at line 88 of file rlm_yubikey.c.

Function Documentation

◆ mod_authenticate()

static unlang_action_t mod_authenticate	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 383 of file rlm_yubikey.c.

Here is the call graph for this function:

◆ mod_authorize()

static unlang_action_t mod_authorize	(	rlm_rcode_t *	p_result,
		module_ctx_t const *	mctx,
		request_t *	request
	)

static

Definition at line 278 of file rlm_yubikey.c.

Here is the call graph for this function:

◆ mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const * mctx )

static

Definition at line 195 of file rlm_yubikey.c.

◆ mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const * mctx )

static

Definition at line 217 of file rlm_yubikey.c.

Here is the call graph for this function:

◆ mod_load()

static int mod_load ( void )

static

Definition at line 166 of file rlm_yubikey.c.

Here is the call graph for this function:

◆ mod_unload()

static void mod_unload ( void )

static

Definition at line 188 of file rlm_yubikey.c.

Here is the call graph for this function:

◆ modhex2hex()

static ssize_t modhex2hex	(	char const *	modhex,
		char *	hex,
		size_t	len
	)

static

Convert yubikey modhex to normal hex.

The same buffer may be passed as modhex and hex to convert the modhex in place.

Modhex and hex must be the same size.

Parameters

[in]	modhex	data.
[in]	len	of input and output buffers.
[out]	hex	where to write the standard hexits.

Returns

The number of bytes written to the output buffer.
-1 on failure.

Definition at line 103 of file rlm_yubikey.c.

Here is the caller graph for this function:

◆ otp_string_valid()

static int otp_string_valid	(	rlm_yubikey_t const *	inst,
		char const *	otp,
		size_t	len
	)

static

Definition at line 260 of file rlm_yubikey.c.

Here is the caller graph for this function:

Variable Documentation

◆ attr_auth_type

fr_dict_attr_t const* attr_auth_type

Definition at line 61 of file rlm_yubikey.c.

◆ attr_user_password

fr_dict_attr_t const* attr_user_password

Definition at line 62 of file rlm_yubikey.c.

◆ attr_yubikey_counter

fr_dict_attr_t const* attr_yubikey_counter

Definition at line 66 of file rlm_yubikey.c.

◆ attr_yubikey_key

fr_dict_attr_t const* attr_yubikey_key

Definition at line 63 of file rlm_yubikey.c.

◆ attr_yubikey_otp

fr_dict_attr_t const* attr_yubikey_otp

Definition at line 69 of file rlm_yubikey.c.

◆ attr_yubikey_private_id

fr_dict_attr_t const* attr_yubikey_private_id

Definition at line 65 of file rlm_yubikey.c.

◆ attr_yubikey_public_id

fr_dict_attr_t const* attr_yubikey_public_id

Definition at line 64 of file rlm_yubikey.c.

◆ attr_yubikey_random

fr_dict_attr_t const* attr_yubikey_random

Definition at line 68 of file rlm_yubikey.c.

◆ attr_yubikey_timestamp

fr_dict_attr_t const* attr_yubikey_timestamp

Definition at line 67 of file rlm_yubikey.c.

◆ dict_freeradius

fr_dict_t const* dict_freeradius

static

Definition at line 51 of file rlm_yubikey.c.

◆ dict_radius

fr_dict_t const* dict_radius

static

Definition at line 52 of file rlm_yubikey.c.

◆ hextab

char const hextab[] = "0123456789abcdef"

static

Definition at line 86 of file rlm_yubikey.c.

◆ modhex_to_hex_xlat_arg

xlat_arg_parser_t const modhex_to_hex_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 130 of file rlm_yubikey.c.

◆ modhextab

char const modhextab[] = "cbdefghijklnrtuv"

static

Definition at line 85 of file rlm_yubikey.c.

◆ module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("id_length", rlm_yubikey_t, id_len), .dflt = "12" },
        { FR_CONF_OFFSET("split", rlm_yubikey_t, split), .dflt = "yes" },
        { FR_CONF_OFFSET("decrypt", rlm_yubikey_t, decrypt), .dflt = "no" },
        { FR_CONF_OFFSET("validate", rlm_yubikey_t, validate), .dflt = "no" },
 
 
 
        CONF_PARSER_TERMINATOR
}

Definition at line 40 of file rlm_yubikey.c.

◆ rlm_yubikey

module_rlm_t rlm_yubikey

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .name           = "yubikey",
                .inst_size      = sizeof(rlm_yubikey_t),
                .onload         = mod_load,
                .unload         = mod_unload,
                .config         = module_config,
 
                .bootstrap      = mod_bootstrap,
 
                .instantiate    = mod_instantiate,
 
 
 
        },
        .method_group = {
                .bindings = (module_method_binding_t[]){
                        { .section = SECTION_NAME("authenticate", CF_IDENT_ANY), .method = mod_authenticate },
                        { .section = SECTION_NAME("recv", "Access-Request"), .method = mod_authorize },
                        MODULE_BINDING_TERMINATOR
                }
        }
}

Definition at line 455 of file rlm_yubikey.c.

◆ rlm_yubikey_dict

fr_dict_autoload_t rlm_yubikey_dict

Initial value:

= {
        { .out = &dict_freeradius, .proto = "freeradius" },
        { .out = &dict_radius, .proto = "radius" },
        { NULL }
}

Definition at line 55 of file rlm_yubikey.c.

◆ rlm_yubikey_dict_attr

fr_dict_attr_autoload_t rlm_yubikey_dict_attr

Initial value:

= {
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius },
        { .out = &attr_yubikey_key, .name = "Vendor-Specific.Yubico.Yubikey-Key", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_yubikey_public_id, .name = "Vendor-Specific.Yubico.Yubikey-Public-ID", .type = FR_TYPE_STRING, .dict = &dict_radius },
        { .out = &attr_yubikey_private_id, .name = "Vendor-Specific.Yubico.Yubikey-Private-ID", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_yubikey_counter, .name = "Vendor-Specific.Yubico.Yubikey-Counter", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_yubikey_timestamp, .name = "Vendor-Specific.Yubico.Yubikey-Timestamp", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_yubikey_random, .name = "Vendor-Specific.Yubico.Yubikey-Random", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_yubikey_otp, .name = "Vendor-Specific.Yubico.Yubikey-OTP", .type = FR_TYPE_STRING, .dict = &dict_radius },
        { NULL }
}

Definition at line 72 of file rlm_yubikey.c.

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ is_modhex

Function Documentation

◆ mod_authenticate()

◆ mod_authorize()

◆ mod_bootstrap()

◆ mod_instantiate()

◆ mod_load()

◆ mod_unload()

◆ modhex2hex()

◆ otp_string_valid()

Variable Documentation

◆ attr_auth_type

◆ attr_user_password

◆ attr_yubikey_counter

◆ attr_yubikey_key

◆ attr_yubikey_otp

◆ attr_yubikey_private_id

◆ attr_yubikey_public_id

◆ attr_yubikey_random

◆ attr_yubikey_timestamp

◆ dict_freeradius

◆ dict_radius

◆ hextab

◆ modhex_to_hex_xlat_arg

◆ modhextab

◆ module_config

◆ rlm_yubikey

◆ rlm_yubikey_dict

◆ rlm_yubikey_dict_attr