The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
state.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: ccdb6204107376df20643bcc8da351c1b775d9ce $
19 *
20 * @brief Multi-packet state handling
21 * @file src/lib/server/state.c
22 *
23 * @ingroup AVP
24 *
25 * For each round of a multi-round authentication method such as EAP,
26 * or a 2FA method such as OTP, a state entry will be created. The state
27 * entry holds data that should be available during the complete lifecycle
28 * of the authentication attempt.
29 *
30 * When a request is complete, #fr_state_store is called to transfer
31 * ownership of the state fr_pair_ts and state_ctx (which the fr_pair_ts
32 * are allocated in) to a #fr_state_entry_t. This #fr_state_entry_t holds the
33 * value of the State attribute, that will be send out in the response.
34 *
35 * When the next request is received, #fr_state_restore is called to transfer
36 * the fr_pair_ts and state ctx to the new request.
37 *
38 * The ownership of the state_ctx and state fr_pair_ts is transferred as below:
39 *
40 * @verbatim
41 request -> state_entry -> request -> state_entry -> request -> free()
42 \-> reply \-> reply \-> access-reject/access-accept
43 * @endverbatim
44 *
45 * @copyright 2014 The FreeRADIUS server project
46 */
47RCSID("$Id: ccdb6204107376df20643bcc8da351c1b775d9ce $")
48
49#include <freeradius-devel/server/request.h>
50#include <freeradius-devel/server/request_data.h>
51#include <freeradius-devel/server/state.h>
52
53#include <freeradius-devel/io/listen.h>
54
55#include <freeradius-devel/util/debug.h>
56#include <freeradius-devel/util/md5.h>
57#include <freeradius-devel/util/rand.h>
58
60 { FR_CONF_OFFSET("timeout", fr_state_config_t, timeout), .dflt = "15" },
61 { FR_CONF_OFFSET("max", fr_state_config_t, max_sessions), .dflt = "4096" },
62 { FR_CONF_OFFSET("max_rounds", fr_state_config_t, max_rounds), .dflt = "50" },
63 { FR_CONF_OFFSET("state_server_id", fr_state_config_t, server_id) },
64 { FR_CONF_OFFSET("dedup_key", fr_state_config_t, dedup_key) },
65
67};
68
69
70/** Holds a state value, and associated fr_pair_ts and data
71 *
72 */
73typedef struct {
74 uint64_t id; //!< State number
75 fr_rb_node_t node; //!< Entry in the state rbtree.
76 union {
77 /** Server ID components
78 *
79 * State values should be unique to a given server
80 */
81 struct state_comp {
82 uint8_t tries; //!< Number of rounds so far in this state sequence.
83 uint8_t tx; //!< Bits changed in the tries counter for this round.
84 uint8_t r_0; //!< Random component.
85 uint8_t server_id; //!< Configured server ID. Used for debugging
86 //!< to locate authentication sessions originating
87 //!< from a particular backend authentication server.
88
89 uint32_t context_id; //!< Hash of the current virtual server, xor'd with
90 //!< r1, r2, r3, r4 after the original state value
91 //!< is sent, but before the state entry is inserted
92 //!< into the tree. The receiving virtual server
93 //!< xor's its hash with the received state before
94 //!< performing the lookup. This means one virtual
95 //!< server can't act on a state entry generated by
96 //!< another, even though the state tree is global
97 //!< to all virtual servers.
98
99 uint8_t vx_0; //!< Random component.
100 uint8_t r_1; //!< Random component.
101 uint8_t vx_1; //!< Random component.
102 uint8_t r_2; //!< Random component.
103
104 uint8_t vx_2; //!< Random component.
105 uint8_t vx_3; //!< Random component.
106 uint8_t r_3; //!< Random component.
107 uint8_t r_4; //!< Random component.
108 } state_comp;
109
110 uint8_t state[sizeof(struct state_comp)]; //!< State value in binary.
111 };
112
113 uint64_t seq_start; //!< Number of first request in this sequence.
114 fr_time_t cleanup; //!< When this entry should be cleaned up.
115
116 /*
117 * Should only even be in one at a time
118 */
119 union {
120 fr_dlist_t expire_entry; //!< Entry in the list of things to expire.
121 fr_dlist_t free_entry; //!< Entry in the list of things to free.
122 };
123
124 unsigned int tries;
125
126 fr_pair_t *ctx; //!< for all session specific data.
127
128 fr_dlist_head_t data; //!< Persistable request data, also parented by ctx.
129
130 request_t *thawed; //!< The request that thawed this entry.
131
132 fr_value_box_t const *dedup_key; //!< Key for dedup
133 fr_rb_node_t dedup_node; //!< Entry in the dedup rbtree
135
136/** A child of a fr_state_entry_t
137 *
138 * Children are tracked using the request data of parents.
139 *
140 * request data is added with identifiers that uniquely identify the
141 * subrequest it should be restored to.
142 *
143 * In this way a top level fr_state_entry_t can hold the session
144 * information for multiple children, and the children may hold
145 * state_child_entry_ts for grandchildren.
146 */
147typedef struct {
148 fr_pair_t *ctx; //!< for all session specific data.
149
150 fr_dlist_head_t data; //!< Persistable request data, also parented by ctx.
151
152 request_t *thawed; //!< The request that thawed this entry.
154
156 uint64_t id; //!< Next ID to assign.
157 uint64_t timed_out; //!< Number of states that were cleaned up due to
158 //!< timeout.
159 fr_state_config_t config; //!< a local copy
160
161 fr_rb_tree_t *tree; //!< rbtree used to lookup state value.
162 fr_rb_tree_t *dedup_tree; //!< rbtree used to do dedups
163 fr_dlist_head_t to_expire; //!< Linked list of entries to free.
164
165 pthread_mutex_t mutex; //!< Synchronisation mutex.
166
167 fr_dict_attr_t const *da; //!< Attribute where the state is stored.
168};
169
170#define PTHREAD_MUTEX_LOCK if (state->config.thread_safe) pthread_mutex_lock
171#define PTHREAD_MUTEX_UNLOCK if (state->config.thread_safe) pthread_mutex_unlock
172
173static void state_entry_unlink(fr_state_tree_t *state, fr_state_entry_t *entry);
174
175/** Compare two fr_state_entry_t based on their state value i.e. the value of the attribute
176 *
177 */
178static int8_t state_entry_cmp(void const *one, void const *two)
179{
180 fr_state_entry_t const *a = one, *b = two;
181 int ret;
182
183 ret = memcmp(a->state, b->state, sizeof(a->state));
184 return CMP(ret, 0);
185}
186
187/** Compare two fr_state_entry_t based on their dedup key
188 *
189 */
190static int8_t state_dedup_cmp(void const *one, void const *two)
191{
192 fr_state_entry_t const *a = one, *b = two;
193
194 return fr_value_box_cmp(a->dedup_key, b->dedup_key);
195}
196
197
198/** Free the state tree
199 *
200 */
202{
203 fr_state_entry_t *entry;
204
205 if (state->config.thread_safe) pthread_mutex_destroy(&state->mutex);
206
207 DEBUG4("Freeing state tree %p", state);
208
209 while ((entry = fr_dlist_head(&state->to_expire))) {
210 DEBUG4("Freeing state entry %p (%"PRIu64")", entry, entry->id);
211 state_entry_unlink(state, entry);
212 talloc_free(entry);
213 }
214
215 /*
216 * Free the rbtree
217 */
218 talloc_free(state->tree);
219
220 return 0;
221}
222
223/** Initialise a new state tree
224 *
225 * @param[in] ctx to link the lifecycle of the state tree to.
226 * @param[in] da Attribute used to store and retrieve state from.
227 * @param[in] config the configuration data
228 * @return
229 * - A new state tree.
230 * - NULL on failure.
231 */
233{
234 fr_state_tree_t *state;
235
236 /*
237 * We can only handle 'octets' types.
238 */
239 if (da->type != FR_TYPE_OCTETS) {
240 fr_strerror_printf("Input state attribute '%s' has data type %s instead of 'octets'",
241 da->name, fr_type_to_str(da->type));
242 return NULL;
243 }
244
245 state = talloc_zero(NULL, fr_state_tree_t);
246 if (!state) return 0;
247
248 state->config = *config;
249 state->da = da; /* Remember which attribute we use to load/store state */
250
251 /*
252 * Some systems may start a new session before closing
253 * out the old one. The dedup key lets us find
254 * pre-existing sessions, and close them out.
255 */
256 if (config->dedup_key) {
257 if ((!tmpl_is_attr(config->dedup_key) &&
258 !tmpl_is_xlat(config->dedup_key)) ||
259 tmpl_needs_resolving(config->dedup_key)) {
260 fr_strerror_const("Invalid value for \"dedup_key\" - it must be an attribute reference or a simple expansion");
261 return NULL;
262 }
263
264 if (tmpl_async_required(config->dedup_key)) {
265 fr_strerror_const("Invalid value for \"dedup_key\" - it must be a simple expansion, and cannot query external systems such as databases");
266 return NULL;
267 }
268 }
269
270 /*
271 * Create a break in the contexts.
272 * We still want this to be freed at the same time
273 * as the parent, but we also need it to be thread
274 * safe, and multiple threads could be using the
275 * tree.
276 */
277 talloc_link_ctx(ctx, state);
278
279 if (state->config.thread_safe && (pthread_mutex_init(&state->mutex, NULL) != 0)) {
280 talloc_free(state);
281 return NULL;
282 }
283
284 fr_dlist_talloc_init(&state->to_expire, fr_state_entry_t, free_entry);
285
286 /*
287 * We need to do controlled freeing of the
288 * rbtree, so that all the state entries
289 * are freed before it's destroyed. Hence
290 * it being parented from the NULL ctx.
291 */
293 if (!state->tree) {
294 talloc_free(state);
295 return NULL;
296 }
297 talloc_set_destructor(state, _state_tree_free);
298
299 if (config->dedup_key) {
300 state->dedup_tree = fr_rb_inline_talloc_alloc(state->tree, fr_state_entry_t, dedup_node, state_dedup_cmp, NULL);
301 if (!state->dedup_tree) {
302 talloc_free(state);
303 return NULL;
304 }
305 }
306
307 return state;
308}
309
310/** Unlink an entry and remove if from the tree
311 *
312 */
313static inline CC_HINT(always_inline)
315{
316 /*
317 * Check the memory is still valid
318 */
319 (void) talloc_get_type_abort(entry, fr_state_entry_t);
320
321 fr_dlist_remove(&state->to_expire, entry);
322 fr_rb_delete(state->tree, entry);
323 if (state->dedup_tree) fr_rb_delete(state->dedup_tree, entry);
324
325 DEBUG4("State ID %" PRIu64 " unlinked", entry->id);
326}
327
328/** Frees any data associated with a state
329 *
330 */
332{
333#ifdef WITH_VERIFY_PTR
334 fr_dcursor_t cursor;
335 fr_pair_t *vp;
336
337 /*
338 * Verify all state attributes are parented
339 * by the state context.
340 */
341 if (entry->ctx) {
342 for (vp = fr_pair_dcursor_init(&cursor, &entry->ctx->children);
343 vp;
344 vp = fr_dcursor_next(&cursor)) {
345 fr_assert(entry->ctx == talloc_parent(vp));
346 }
347 }
348
349 /*
350 * Ensure any request data is parented by us
351 * so we know it'll be cleaned up.
352 */
353 (void)fr_cond_assert(request_data_verify_parent(entry->ctx, &entry->data));
354#endif
355
356 /*
357 * Should also free any state attributes
358 */
359 if (entry->ctx) TALLOC_FREE(entry->ctx);
360
361 DEBUG4("State ID %" PRIu64 " freed", entry->id);
362
363 return 0;
364}
365
367{
368
369 uint64_t hash;
370
371 /*
372 * Use the supplied State if it's the correct size.
373 */
374 if (vb->vb_length == sizeof(entry->state)) {
375 memcpy(&entry->state, vb->vb_octets, vb->vb_length);
376 return;
377 }
378
379 /*
380 * Otherwise hash the data.
381 */
382 memset(&entry->state, 0, sizeof(entry->state));
383
384 hash = fr_hash64(vb->vb_octets, vb->vb_length);
385 memcpy(&entry->state, &hash, sizeof(hash));
386}
387
388/** Create a new state entry
389 *
390 * @note Called with the mutex held.
391 */
393 fr_pair_list_t *reply_list, fr_state_entry_t *old,
394 fr_value_box_t const *dedup_key)
395{
396 fr_time_t now = fr_time();
397 fr_pair_t *vp;
398 fr_state_entry_t *entry, *next;
399
400 uint64_t timed_out = 0;
401 bool too_many = false;
402 fr_dlist_head_t to_free;
403
404 /*
405 * If we have a previous entry, then it can't be in an
406 * expiry list, and it can't be in the list of states
407 * where we have sent a reply.
408 */
409 fr_assert(!old ||
410 (!fr_dlist_entry_in_list(&old->expire_entry) &&
412
413 /*
414 * If we have a previous entry and a dedup_tree, then we
415 * must have a dedup key, AND the entry must be in the
416 * dedup tree.
417 */
418 fr_assert(!old || !state->dedup_tree || (old->dedup_key && fr_rb_node_inline_in_tree(&old->dedup_node)));
419
420 /*
421 * If there is an old entry, we can't have a dedup_key.
422 */
423 fr_assert(!old || (old || !dedup_key));
424
425 /*
426 * We track a separate free list, as we have to check
427 * expiration with the mutex locked. But we want to free
428 * things with the mutex unlocked.
429 */
430 fr_dlist_init(&to_free, fr_state_entry_t, free_entry);
431
432 /*
433 * Clean up expired entries which have not finished. If
434 * the request fails, then the corresponding entry is
435 * discarded. So the expiration list is only for entries
436 * which have been half-started, and then (many seconds
437 * later) haven't seen a "next" packet.
438 */
439 for (entry = fr_dlist_head(&state->to_expire);
440 entry != NULL;
441 entry = next) {
442 (void)talloc_get_type_abort(entry, fr_state_entry_t); /* Allow examination */
443 next = fr_dlist_next(&state->to_expire, entry); /* Advance *before* potential unlinking */
444
445 /*
446 * It's active (and asserted so above), so it can't be in the expiry list.
447 */
448 fr_assert(entry != old);
449
450 /*
451 * Too old, we can delete it.
452 */
453 if (fr_time_lt(entry->cleanup, now)) {
454 state_entry_unlink(state, entry);
455 fr_dlist_insert_tail(&to_free, entry);
456 timed_out++;
457 continue;
458 }
459
460 break;
461 }
462
463 if (!old) {
464 /*
465 * We're inserting a new session. Limit the
466 * number of sessions based on how many are in
467 * the RB tree. If at least one session has
468 * timed out, then we can definitely add a new
469 * session.
470 *
471 * Note that sessions being processed are removed
472 * from the tree. This means that the maximum
473 * number of sessions might actually be
474 * max_session+num_workers. In practice this
475 * shouldn't be a problem.
476 */
477 too_many = (fr_rb_num_elements(state->tree) >= state->config.max_sessions) && (timed_out == 0);
478
479 /*
480 * If there is a previous session for the same dedup key, then remove the old one from
481 * the dedup tree.
482 */
483 if (dedup_key) {
484 fr_state_entry_t *unfinished;
485
486 unfinished = fr_rb_find(state->dedup_tree, &(fr_state_entry_t) { .dedup_key = dedup_key });
487 if (unfinished) {
488 state_entry_unlink(state, unfinished);
489 fr_dlist_insert_tail(&to_free, unfinished);
490 }
491 }
492 }
493
495
496 if (timed_out > 0) {
497 RWDEBUG("Cleaning up %"PRIu64" timed out state entries", timed_out);
498 state->timed_out += timed_out;
499
500 /*
501 * Now free the unlinked entries.
502 *
503 * We do it here as freeing may involve significantly more
504 * work than just freeing the data.
505 *
506 * If there's request data that was persisted it will now
507 * be freed also, and it may have complex destructors associated
508 * with it.
509 */
510 while ((entry = fr_dlist_head(&to_free)) != NULL) {
511 fr_dlist_remove(&to_free, entry);
512 talloc_free(entry);
513 }
514
515 } else if (too_many) {
516 talloc_const_free(dedup_key);
517 RERROR("Failed inserting state entry - At maximum ongoing session limit (%u)",
518 state->config.max_sessions);
519 return NULL;
520 }
521
522 /*
523 * Allocation doesn't need to occur inside the critical region
524 * and would add significantly to contention.
525 */
526 if (!old) {
527 MEM(entry = talloc_zero(NULL, fr_state_entry_t));
528 talloc_set_destructor(entry, _state_entry_free);
529
530 entry->id = state->id++;
531
532 } else {
533 fr_assert(!old->ctx);
534 entry = old;
535 }
536
538
539 /*
540 * Limit the lifetime of this entry based on how long the
541 * server takes to process a request. Doing it this way
542 * isn't perfect, but it's reasonable, and it's one less
543 * thing for an administrator to configure.
544 */
545 entry->cleanup = fr_time_add(now, state->config.timeout);
546
547 /*
548 * Some modules either create their own state, or need to
549 * synthesize it from data in a packet header. If we
550 * have such a state, then use that in preference to
551 * creating a random one.
552 */
553 vp = fr_pair_find_by_da(reply_list, NULL, state->da);
554 if (vp && vp->vp_length) {
555 state_entry_fill(entry, &vp->data);
556
557 } else {
558 if (old) {
559 /*
560 * Just re-use the old state.
561 */
562 entry->tries++;
563
564 if (entry->tries > state->config.max_rounds) {
565 RERROR("Failed tracking state entry - too many rounds (%u)", entry->tries);
566 goto fail;
567 }
568 } else {
569 size_t i;
571
572 if (dedup_key) entry->dedup_key = talloc_steal(entry, dedup_key);
573
574 /*
575 * Get a bunch of random numbers.
576 */
577 for (i = 0; i < sizeof(entry->state); i+= 4) {
578 hash = fr_rand();
579 memcpy(&entry->state[i], &hash, sizeof(hash));
580 }
581
582 /*
583 * Add in a server ID. This lets a "FreeRADIUS
584 * aware" load balancer direct the packet based
585 * on the contents of the State attribute.
586 */
587 entry->state_comp.server_id = state->config.server_id;
588
589 /*
590 * Add our own custom brand of magic.
591 */
592 entry->state_comp.vx_0 = entry->state_comp.r_0 ^
593 ((((uint32_t) HEXIFY(RADIUSD_VERSION)) >> 24) & 0xff);
594 entry->state_comp.vx_1 = entry->state_comp.r_0 ^
595 ((((uint32_t) HEXIFY(RADIUSD_VERSION)) >> 16) & 0xff);
596 entry->state_comp.vx_2 = entry->state_comp.r_0 ^
597 ((((uint32_t) HEXIFY(RADIUSD_VERSION)) >> 8) & 0xff);
598 entry->state_comp.vx_3 = entry->state_comp.r_0 ^
599 (((uint32_t) HEXIFY(RADIUSD_VERSION)) & 0xff);
600 }
601
602 /*
603 * Track the number of round trips, too.
604 */
605 entry->state_comp.tx ^= entry->tries;
606 entry->state_comp.tries = entry->tries ^ entry->state_comp.r_3;
607
608 MEM(vp = fr_pair_afrom_da(request->reply_ctx, state->da));
609 fr_pair_value_memdup(vp, entry->state, sizeof(entry->state), false);
610 fr_pair_append(reply_list, vp);
611 }
612
613 DEBUG4("State ID %" PRIu64 " created, value 0x%pH, expires %pV",
614 entry->id, &vp->data,
616
617 /*
618 * XOR the server hash with four bytes of random context
619 * ID after adding it to the reply, but before inserting
620 * it into the RB rtree. We XOR is again before looking
621 * it up in the tree, to ensure state lookups only
622 * succeed in the virtual server that created the state
623 * value.
624 */
625 entry->state_comp.context_id ^= state->config.context_id;
626
627 PTHREAD_MUTEX_LOCK(&state->mutex);
628
629 if (!fr_rb_insert(state->tree, entry)) {
630 fail_unlock:
632 RERROR("Failed inserting state entry - Insertion into state tree failed");
633 fail:
634 fr_pair_delete_by_da(reply_list, state->da);
635 talloc_free(entry);
636 return NULL;
637 }
638
639 /*
640 * Ensure that we can de-duplicate things if the supplicant is misbehaving.
641 */
642 if (state->dedup_tree && !old) {
643 if (!fr_rb_insert(state->dedup_tree, entry)) goto fail_unlock;
644 }
645
646 /*
647 * Link it to the end of the list, which is implicitly
648 * ordered by cleanup time.
649 */
650 fr_dlist_insert_tail(&state->to_expire, entry);
651
652 entry->thawed = NULL;
653
654 return entry;
655}
656
657/** Find the entry based on the State attribute and remove it from the state tree
658 *
659 */
661{
662 fr_state_entry_t *entry, my_entry;
663
664 state_entry_fill(&my_entry, vb);
665
666 /*
667 * Make it unique for different virtual servers handling the same request
668 */
669 my_entry.state_comp.context_id ^= state->config.context_id;
670
671 entry = fr_rb_remove(state->tree, &my_entry);
672 if (entry) {
673 (void) talloc_get_type_abort(entry, fr_state_entry_t);
674 fr_dlist_remove(&state->to_expire, entry);
675 }
676
677 return entry;
678}
679
680
681/** Called when sending an Access-Accept/Access-Reject to discard state information
682 *
683 */
685{
686 fr_state_entry_t *entry;
687
688 /*
689 * The caller MUST have called fr_state_restore() before
690 * calling this function. If so, there is request data
691 * that points to the state entry.
692 *
693 * This function should only be called from the "outer"
694 * request. Any child request should call
695 * fr_state_discard_child()
696 *
697 * Relying on request data also means that the user can
698 * nuke request.State, and the code will still work.
699 *
700 * Find a pointer to the entry, but leave the request
701 * data associated with the entry. That way when the
702 * request is freed, the entry will also be freed.
703 */
704 entry = request_data_reference(request, state, 0);
705 if (!entry) return;
706
707 /*
708 * Unlink the entry to shrink the state tree, and make
709 * sure that the state is never re-used.
710 *
711 * However, we don't wipe the session-state list, as the
712 * request can still be processed through a "finally"
713 * section. And we want the session state data to be
714 * usable from there.
715 */
716 PTHREAD_MUTEX_LOCK(&state->mutex);
717 state_entry_unlink(state, entry);
719
720 return;
721}
722
723/** Copy a pointer to the head of the list of state fr_pair_ts (and their ctx) into the request
724 *
725 * @note Does not copy the actual fr_pair_ts. The fr_pair_ts and their context
726 * are transferred between state entries as the conversation progresses.
727 *
728 * @note Called with the mutex free.
729 *
730 * @param[in] state tree to lookup state in.
731 * @param[in] request to restore state for.
732 * @return
733 * - 2 if the state attribute didn't match any known states.
734 * - 1 if no state attribute existed.
735 * - 0 on success (state restored)
736 * - -1 if a state entry has already been thawed by a another request.
737 */
739{
740 fr_state_entry_t *entry;
741 fr_pair_t *vp;
742
743 /*
744 * No State, don't do anything.
745 */
746 vp = fr_pair_find_by_da(&request->request_pairs, NULL, state->da);
747 if (!vp) {
748 RDEBUG3("No request.%s attribute, can't restore session-state", state->da->name);
749 if (request->seq_start == 0) request->seq_start = request->number; /* Need check for fake requests */
750 return 1;
751 }
752
753 PTHREAD_MUTEX_LOCK(&state->mutex);
754 entry = state_entry_find_and_unlink(state, &vp->data);
756 if (!entry) {
757 RDEBUG2("No state entry matching request.%pP found", vp);
758 return 2;
759 }
760
761 /* Probably impossible in the current code */
762 if (unlikely(entry->thawed && (entry->thawed != request))) {
763 RERROR("State entry has already been thawed by a request %"PRIu64, entry->thawed->number);
764 return -2;
765 }
766
767 /*
768 * Discard any existing session state, and replace it
769 * with the cached one.
770 */
771 fr_assert(entry->ctx);
772 talloc_free(request_state_replace(request, entry->ctx));
773 entry->ctx = NULL;
774
775 request->seq_start = entry->seq_start;
776
777 /*
778 * Associate old state with the request
779 *
780 * If the request is freed, it's freed immediately.
781 *
782 * Otherwise, if there's another round, we reuse
783 * the state entry and insert it back into the
784 * tree.
785 */
786 request_data_add(request, state, 0, entry, true, true, false);
787 request_data_restore(request, &entry->data);
788
789 entry->thawed = request;
790
791 if (!fr_pair_list_empty(&request->session_state_pairs)) {
792 RDEBUG2("Restored session-state");
793 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->session_state_pairs, "session-state.");
794 }
795
796 RDEBUG3("%s - restored", state->da->name);
797
798 /*
799 * Set sequence so that we can prioritize ongoing multi-packet sessions.
800 */
801 request->sequence = entry->tries;
802 REQUEST_VERIFY(request);
803 return 0;
804}
805
806
807/** Transfer ownership of the state fr_pair_ts and ctx, back to a state entry
808 *
809 * Put request->session_state_pairs into the State attribute. Put the State attribute
810 * into the vps list. Delete the original entry, if it exists
811 *
812 * Also creates a new state entry.
813 */
815{
816 fr_state_entry_t *entry, *old;
818 fr_pair_t *state_ctx;
819 fr_value_box_t *dedup_key = NULL;
820
821 old = request_data_get(request, state, 0);
823 request_data_by_persistance(&data, request, true);
824
825 if (fr_pair_list_empty(&request->session_state_pairs) && fr_dlist_empty(&data)) return 0;
826
827 if (!fr_pair_list_empty(&request->session_state_pairs)) {
828 RDEBUG2("Saving session-state");
829 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->session_state_pairs, "session-state.");
830
831#ifdef WITH_VERIFY_PTR
832 /*
833 * Double check all the session state pairs
834 * are parented correctly, else we'll get
835 * memory errors when we restore.
836 */
837 fr_pair_list_verify(__FILE__, __LINE__, request->session_state_ctx, &request->session_state_pairs, true);
838#endif
839 }
840
841 /*
842 * If there's a dedup tree, then we need to expand the
843 * key, but only if we don't already have a pre-existing state.
844 */
845 if (state->dedup_tree && !old) {
846 fr_value_box_list_t list;
847
848 fr_value_box_list_init(&list);
849
850 if (tmpl_eval(NULL, &list, request, state->config.dedup_key) < 0) {
851 REDEBUG("Failed expanding dedup_key - not doing dedup");
852 } else {
853 dedup_key = fr_value_box_list_pop_head(&list);
854 if (!dedup_key) {
855 RDEBUG("Failed expanding dedup_key - not doing dedup due to empty output");
856 }
857 fr_value_box_list_talloc_free_head(&list);
858 }
859 }
860
861 MEM(state_ctx = request_state_replace(request, NULL));
862
863 /*
864 * Reuses old if possible, and leaves the mutex unlocked on failure.
865 */
866 PTHREAD_MUTEX_LOCK(&state->mutex);
867 entry = state_entry_create(state, request, &request->reply_pairs, old, dedup_key);
868 if (!entry) {
869 talloc_free(request_state_replace(request, state_ctx));
870 request_data_restore(request, &data); /* Put it back again */
871
872#ifdef __COVERITY__
873 /*
874 * Coverity doesn't see that state_entry_create releases
875 * the lock on failure
876 */
878#endif
879 return -1;
880 }
881
882 fr_assert(entry->ctx == NULL);
883 fr_assert(request->session_state_ctx);
884
885 entry->seq_start = request->seq_start;
886 entry->ctx = state_ctx;
887 fr_dlist_move(&entry->data, &data);
889
890 RDEBUG3("%s - saved", state->da->name);
891 REQUEST_VERIFY(request);
892
893 return 0;
894}
895
896/** Free any subrequest request data if the dlist head is freed
897 *
898 */
899static int _free_child_data(state_child_entry_t *child_entry)
900{
901 fr_dlist_talloc_free(&child_entry->data);
902 talloc_free(child_entry->ctx); /* Free the child's session_state_ctx if we own it */
903
904 return 0;
905}
906
907/** Store subrequest's session-state list and persistable request data in its parent
908 *
909 * @param[in] child The child request to retrieve state from.
910 * @param[in] unique_ptr A parent may have multiple subrequests spawned
911 * by different modules. This identifies the module
912 * or other facility that spawned the subrequest.
913 * @param[in] unique_int Further identification.
914 */
915void fr_state_store_in_parent(request_t *child, void const *unique_ptr, int unique_int)
916{
917 state_child_entry_t *child_entry;
918 request_t *request = child; /* Stupid logging */
919
920 if (!fr_cond_assert_msg(child->parent,
921 "Child request must have request->parent set when storing state")) return;
922
923 RDEBUG3("Storing subrequest state in request %s", child->parent->name);
924
925 if ((request_data_by_persistance_count(request, true) > 0) ||
926 !fr_pair_list_empty(&request->session_state_pairs)) {
927 MEM(child_entry = talloc_zero(request->parent->session_state_ctx, state_child_entry_t));
928 request_data_list_init(&child_entry->data);
929 talloc_set_destructor(child_entry, _free_child_data);
930
931 child_entry->ctx = request_state_replace(child, NULL);
932
933 /*
934 * Pull everything out of the child,
935 * add it to our temporary list head...
936 *
937 * request_data_add allocs persistable
938 * request dta in the session_state_ctx
939 * which is why we don't need to copy or
940 * reparent any of this.
941 */
942 request_data_by_persistance(&child_entry->data, request, true);
943
944 /*
945 * ...and add the request_data from
946 * the child back into the parent.
947 */
948 request_data_talloc_add(request->parent, unique_ptr, unique_int,
949 state_child_entry_t, child_entry, true, false, true);
950 }
951}
952
953/** Restore subrequest data from a parent request
954 *
955 * @param[in] child The child request to restore state to.
956 * @param[in] unique_ptr A parent may have multiple subrequests spawned
957 * by different modules. This identifies the module
958 * or other facility that spawned the subrequest.
959 * @param[in] unique_int Further identification.
960 */
961void fr_state_restore_from_parent(request_t *child, void const *unique_ptr, int unique_int)
962{
963 state_child_entry_t *child_entry;
964 request_t *request = child; /* Stupid logging */
965
966 if (!fr_cond_assert_msg(child->parent,
967 "Child request must have request->parent set when restoring state")) return;
968
969
970 child_entry = request_data_get(child->parent, unique_ptr, unique_int);
971 if (!child_entry) {
972 RDEBUG3("No child state found in parent %s", child->parent->name);
973 return;
974 }
975
976 /*
977 * Shouldn't really be possible unless
978 * there's a logic bug in this API.
979 */
980 if (!fr_cond_assert_msg(!child_entry->thawed,
981 "Child state entry already thawed by %s - %p",
982 child_entry->thawed->name, child_entry->thawed)) return;
983
984 RDEBUG3("Restoring subrequest state from request %s", child->parent->name);
985
986 /*
987 * If we can restore from the parent, do so
988 */
989 fr_assert_msg(child_entry->ctx, "session child entry missing ctx");
990 talloc_free(request_state_replace(child, child_entry->ctx));
991 child_entry->ctx = NULL; /* No longer owns the ctx */
992 child_entry->thawed = child;
993
994 request_data_restore(child, &child_entry->data); /* Put all the request data back */
995
996 talloc_free(child_entry);
997}
998
999/** Remove state from a child
1000 *
1001 * This is useful for modules like EAP, where we keep a persistent eap_session
1002 * but may call multiple EAP method modules during negotiation, and need to
1003 * discard the state between each module call.
1004 *
1005 * @param[in] parent Holding the child's state.
1006 * @param[in] unique_ptr A parent may have multiple subrequests spawned
1007 * by different modules. This identifies the module
1008 * or other facility that spawned the subrequest.
1009 * @param[in] unique_int Further identification.
1010 */
1011void fr_state_discard_child(request_t *parent, void const *unique_ptr, int unique_int)
1012{
1013 state_child_entry_t *child_entry;
1014 request_t *request = parent; /* Stupid logging */
1015
1016 child_entry = request_data_get(parent, unique_ptr, unique_int);
1017 if (!child_entry) {
1018 RDEBUG3("No child state found in parent %s", parent->name);
1019 return;
1020 }
1021
1022 talloc_free(child_entry);
1023}
#define HEXIFY(b1)
Definition build.h:190
#define RCSID(id)
Definition build.h:487
#define CMP(_a, _b)
Same as CMP_PREFER_SMALLER use when you don't really care about ordering, you just want an ordering.
Definition build.h:112
#define unlikely(_x)
Definition build.h:383
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:660
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:283
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:597
static void * fr_dcursor_next(fr_dcursor_t *cursor)
Advanced the cursor to the next item.
Definition dcursor.h:290
#define fr_cond_assert(_x)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:131
#define fr_assert_msg(_x, _msg,...)
Calls panic_action ifndef NDEBUG, else logs error and causes the server to exit immediately with code...
Definition debug.h:202
#define fr_cond_assert_msg(_x, _fmt,...)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:148
#define MEM(x)
Definition debug.h:36
#define fr_dlist_init(_head, _type, _field)
Initialise the head structure of a doubly linked list.
Definition dlist.h:242
static void * fr_dlist_head(fr_dlist_head_t const *list_head)
Return the HEAD item of a list or NULL if the list is empty.
Definition dlist.h:468
static void * fr_dlist_remove(fr_dlist_head_t *list_head, void *ptr)
Remove an item from the list.
Definition dlist.h:620
static bool fr_dlist_entry_in_list(fr_dlist_t const *entry)
Check if a list entry is part of a list.
Definition dlist.h:145
static void fr_dlist_talloc_free(fr_dlist_head_t *head)
Free all items in a doubly linked list (with talloc)
Definition dlist.h:890
static bool fr_dlist_empty(fr_dlist_head_t const *list_head)
Check whether a list has any items.
Definition dlist.h:483
static int fr_dlist_insert_tail(fr_dlist_head_t *list_head, void *ptr)
Insert an item into the tail of a list.
Definition dlist.h:360
static int fr_dlist_move(fr_dlist_head_t *list_dst, fr_dlist_head_t *list_src)
Merge two lists, inserting the source at the tail of the destination.
Definition dlist.h:745
#define fr_dlist_talloc_init(_head, _type, _field)
Initialise the head structure of a doubly linked list.
Definition dlist.h:257
static void * fr_dlist_next(fr_dlist_head_t const *list_head, void const *ptr)
Get the next item in a list.
Definition dlist.h:537
Head of a doubly linked list.
Definition dlist.h:51
Entry in a doubly linked list.
Definition dlist.h:41
uint64_t fr_hash64(void const *data, size_t size)
Definition hash.c:909
talloc_free(hp)
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition log.c:820
#define RWDEBUG(fmt,...)
Definition log.h:373
#define RDEBUG3(fmt,...)
Definition log.h:355
#define RERROR(fmt,...)
Definition log.h:310
#define DEBUG4(_fmt,...)
Definition log.h:267
@ L_DBG_LVL_2
2nd highest priority debug messages (-xx | -X).
Definition log.h:71
@ FR_TYPE_OCTETS
Raw octets.
unsigned int uint32_t
unsigned char uint8_t
int fr_pair_value_memdup(fr_pair_t *vp, uint8_t const *src, size_t len, bool tainted)
Copy data into an "octets" data type.
Definition pair.c:2945
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:704
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1349
int fr_pair_delete_by_da(fr_pair_list_t *list, fr_dict_attr_t const *da)
Delete matching pairs from the specified list.
Definition pair.c:1693
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:290
static const conf_parser_t config[]
Definition base.c:172
#define fr_assert(_expr)
Definition rad_assert.h:38
#define REDEBUG(fmt,...)
Definition radclient.h:52
#define RDEBUG2(fmt,...)
Definition radclient.h:54
#define RDEBUG(fmt,...)
Definition radclient.h:53
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
uint32_t fr_rb_num_elements(fr_rb_tree_t *tree)
Return how many nodes there are in a tree.
Definition rb.c:781
void * fr_rb_remove(fr_rb_tree_t *tree, void const *data)
Remove an entry from the tree, without freeing the data.
Definition rb.c:695
void * fr_rb_find(fr_rb_tree_t const *tree, void const *data)
Find an element in the tree, returning the data, not the node.
Definition rb.c:577
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
Definition rb.c:626
bool fr_rb_delete(fr_rb_tree_t *tree, void const *data)
Remove node and free data (if a free function was specified)
Definition rb.c:741
#define fr_rb_inline_talloc_alloc(_ctx, _type, _field, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
Definition rb.h:246
static bool fr_rb_node_inline_in_tree(fr_rb_node_t const *node)
Check to see if an item is in a tree by examining its inline fr_rb_node_t.
Definition rb.h:314
The main red black tree structure.
Definition rb.h:73
fr_pair_t * request_state_replace(request_t *request, fr_pair_t *new_state)
Replace the session_state_ctx with a new one.
Definition request.c:511
#define REQUEST_VERIFY(_x)
Definition request.h:309
int request_data_by_persistance_count(request_t *request, bool persist)
Return how many request data entries exist of a given persistence.
int request_data_by_persistance(fr_dlist_head_t *out, request_t *request, bool persist)
Loop over all the request data, pulling out ones matching persist state.
void request_data_list_init(fr_dlist_head_t *data)
void request_data_restore(request_t *request, fr_dlist_head_t *in)
Add request data back to a request.
void * request_data_reference(request_t *request, void const *unique_ptr, int unique_int)
Get opaque data from a request without removing it.
void * request_data_get(request_t *request, void const *unique_ptr, int unique_int)
Get opaque data from a request.
#define request_data_talloc_add(_request, _unique_ptr, _unique_int, _type, _opaque, _free_on_replace, _free_on_parent, _persist)
Add opaque data to a request_t.
#define request_data_add(_request, _unique_ptr, _unique_int, _opaque, _free_on_replace, _free_on_parent, _persist)
Add opaque data to a request_t.
static unsigned int hash(char const *username, unsigned int tablesize)
Definition rlm_passwd.c:132
int fr_state_restore(fr_state_tree_t *state, request_t *request)
Copy a pointer to the head of the list of state fr_pair_ts (and their ctx) into the request.
Definition state.c:738
uint64_t id
State number.
Definition state.c:74
void fr_state_discard_child(request_t *parent, void const *unique_ptr, int unique_int)
Remove state from a child.
Definition state.c:1011
uint64_t seq_start
Number of first request in this sequence.
Definition state.c:113
fr_dlist_head_t data
Persistable request data, also parented by ctx.
Definition state.c:128
void fr_state_discard(fr_state_tree_t *state, request_t *request)
Called when sending an Access-Accept/Access-Reject to discard state information.
Definition state.c:684
#define PTHREAD_MUTEX_UNLOCK
Definition state.c:171
#define PTHREAD_MUTEX_LOCK
Definition state.c:170
fr_dict_attr_t const * da
Attribute where the state is stored.
Definition state.c:167
fr_dlist_head_t data
Persistable request data, also parented by ctx.
Definition state.c:150
unsigned int tries
Definition state.c:124
fr_rb_node_t node
Entry in the state rbtree.
Definition state.c:75
request_t * thawed
The request that thawed this entry.
Definition state.c:152
static int8_t state_dedup_cmp(void const *one, void const *two)
Compare two fr_state_entry_t based on their dedup key.
Definition state.c:190
fr_time_t cleanup
When this entry should be cleaned up.
Definition state.c:114
int fr_state_store(fr_state_tree_t *state, request_t *request)
Transfer ownership of the state fr_pair_ts and ctx, back to a state entry.
Definition state.c:814
static int _state_tree_free(fr_state_tree_t *state)
Free the state tree.
Definition state.c:201
static int _state_entry_free(fr_state_entry_t *entry)
Frees any data associated with a state.
Definition state.c:331
static int8_t state_entry_cmp(void const *one, void const *two)
Compare two fr_state_entry_t based on their state value i.e.
Definition state.c:178
fr_pair_t * ctx
for all session specific data.
Definition state.c:126
pthread_mutex_t mutex
Synchronisation mutex.
Definition state.c:165
static void state_entry_fill(fr_state_entry_t *entry, fr_value_box_t const *vb)
Definition state.c:366
fr_pair_t * ctx
for all session specific data.
Definition state.c:148
static void state_entry_unlink(fr_state_tree_t *state, fr_state_entry_t *entry)
Unlink an entry and remove if from the tree.
Definition state.c:314
fr_rb_tree_t * tree
rbtree used to lookup state value.
Definition state.c:161
void fr_state_restore_from_parent(request_t *child, void const *unique_ptr, int unique_int)
Restore subrequest data from a parent request.
Definition state.c:961
fr_dlist_head_t to_expire
Linked list of entries to free.
Definition state.c:163
static fr_state_entry_t * state_entry_find_and_unlink(fr_state_tree_t *state, fr_value_box_t const *vb)
Find the entry based on the State attribute and remove it from the state tree.
Definition state.c:660
const conf_parser_t state_session_config[]
Definition state.c:59
fr_rb_node_t dedup_node
Entry in the dedup rbtree.
Definition state.c:133
fr_state_tree_t * fr_state_tree_init(TALLOC_CTX *ctx, fr_dict_attr_t const *da, fr_state_config_t const *config)
Initialise a new state tree.
Definition state.c:232
static int _free_child_data(state_child_entry_t *child_entry)
Free any subrequest request data if the dlist head is freed.
Definition state.c:899
fr_value_box_t const * dedup_key
Key for dedup.
Definition state.c:132
fr_rb_tree_t * dedup_tree
rbtree used to do dedups
Definition state.c:162
uint64_t timed_out
Number of states that were cleaned up due to timeout.
Definition state.c:157
fr_state_config_t config
a local copy
Definition state.c:159
uint64_t id
Next ID to assign.
Definition state.c:156
request_t * thawed
The request that thawed this entry.
Definition state.c:130
void fr_state_store_in_parent(request_t *child, void const *unique_ptr, int unique_int)
Store subrequest's session-state list and persistable request data in its parent.
Definition state.c:915
Holds a state value, and associated fr_pair_ts and data.
Definition state.c:73
A child of a fr_state_entry_t.
Definition state.c:147
#define tmpl_is_xlat(vpt)
Definition tmpl.h:210
#define tmpl_is_attr(vpt)
Definition tmpl.h:208
bool tmpl_async_required(tmpl_t const *vpt)
Return whether or not async is required for this tmpl.
int tmpl_eval(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request, tmpl_t const *vpt)
Gets the value of a tmpl.
Definition tmpl_eval.c:1096
#define tmpl_needs_resolving(vpt)
Definition tmpl.h:223
bool thread_safe
Definition state.h:47
fr_time_delta_t timeout
idle timeout
Definition state.h:44
uint32_t max_rounds
maximum number of rounds before we give up
Definition state.h:42
uint8_t server_id
for mangling State
Definition state.h:46
tmpl_t * dedup_key
for tracking misbehaving supplicants
Definition state.h:45
uint32_t context_id
internal number to help keep state trees separate
Definition state.h:43
uint32_t max_sessions
maximum number of sessions
Definition state.h:41
fr_pair_t * vp
#define fr_time()
Allow us to arbitrarily manipulate time.
Definition state_test.c:8
static void state_entry_create(void)
Test functions that read from dbuffs.
Definition state_test.c:15
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
int talloc_link_ctx(TALLOC_CTX *parent, TALLOC_CTX *child)
Link two different parent and child contexts, so the child is freed before the parent.
Definition talloc.c:167
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:230
#define fr_time_add(_a, _b)
Add a time/time delta together.
Definition time.h:196
#define fr_time_sub(_a, _b)
Subtract one time from another.
Definition time.h:229
#define fr_time_lt(_a, _b)
Definition time.h:239
"server local" time.
Definition time.h:69
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
#define fr_pair_dcursor_init(_cursor, _list)
Initialises a special dcursor with callbacks that will maintain the attr sublists correctly.
Definition pair.h:605
static fr_slen_t parent
Definition pair.h:859
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
#define fr_strerror_const(_msg)
Definition strerror.h:223
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:455
int8_t fr_value_box_cmp(fr_value_box_t const *a, fr_value_box_t const *b)
Compare two values.
Definition value.c:749
static fr_slen_t data
Definition value.h:1334
#define fr_box_time_delta(_val)
Definition value.h:366