The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
module.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * @file src/lib/eap_aka_sim/module.c
19 * @brief Common encode/decode functions for EAP subtype modules
20 *
21 * @author Arran Cudbard-Bell (a.cudbardb@freeradius.org)
22 *
23 * @copyright 2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
24 */
25RCSID("$Id: 9eae67e24475ce6f36aececa77ff6ccd837a1ff9 $")
26
27#include <freeradius-devel/eap/types.h>
28#include <freeradius-devel/server/module.h>
29#include <freeradius-devel/server/pair.h>
30#include <freeradius-devel/server/virtual_servers.h>
31#include <freeradius-devel/util/rand.h>
32
33#include "attrs.h"
34#include "base.h"
35#include "module.h"
36
37/** Encode EAP session data from attributes
38 *
39 */
40static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
41{
42 eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
43 eap_session_t *eap_session = eap_session_get(request->parent);
44 eap_aka_sim_mod_session_t *mod_session = talloc_get_type_abort(eap_session->opaque, eap_aka_sim_mod_session_t);
45 fr_pair_t *subtype_vp;
46
47 static eap_code_t rcode_to_eap_code[RLM_MODULE_NUMCODES] = {
48 [RLM_MODULE_REJECT] = FR_EAP_CODE_FAILURE,
49 [RLM_MODULE_FAIL] = FR_EAP_CODE_FAILURE,
50 [RLM_MODULE_OK] = FR_EAP_CODE_SUCCESS,
51 [RLM_MODULE_HANDLED] = FR_EAP_CODE_REQUEST,
52 [RLM_MODULE_INVALID] = FR_EAP_CODE_FAILURE,
53 [RLM_MODULE_DISALLOW] = FR_EAP_CODE_FAILURE,
54 [RLM_MODULE_NOTFOUND] = FR_EAP_CODE_FAILURE,
55 [RLM_MODULE_NOOP] = FR_EAP_CODE_FAILURE,
56 [RLM_MODULE_UPDATED] = FR_EAP_CODE_FAILURE
57 };
58 eap_code_t code;
59 rlm_rcode_t rcode = mod_session->virtual_server_result.rcode;
60 fr_aka_sim_ctx_t encode_ctx;
61 uint8_t const *request_hmac_extra = NULL;
62 size_t request_hmac_extra_len = 0;
63 fr_pair_t *vp;
64
65 /*
66 * If there's no subtype vp, we look at the rcode
67 * from the virtual server to determine what kind
68 * of EAP response to send.
69 */
70 subtype_vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_subtype);
71 if (!subtype_vp) {
72 eap_session->this_round->request->code = (rcode == RLM_MODULE_OK) ?
73 FR_EAP_CODE_SUCCESS : FR_EAP_CODE_FAILURE;
74 /*
75 * RFC 3748 requires the request and response
76 * IDs to be identical for EAP-SUCCESS and
77 * EAP-FAILURE.
78 *
79 * The EAP common code will do the right thing
80 * here if we just tell it we haven't se the
81 * request ID.
82 */
83 eap_session->this_round->set_request_id = false;
84 eap_session->finished = true;
85 TALLOC_FREE(eap_session->opaque);
86
87 return UNLANG_ACTION_CALCULATE_RESULT;
88 }
89
90 fr_assert(rcode < RLM_MODULE_NUMCODES);
91
92 /*
93 * If there is a subtype vp, verify the return
94 * code allows us send EAP-SIM/AKA/AKA' data back.
95 */
96 code = rcode_to_eap_code[rcode];
97 if (code != FR_EAP_CODE_REQUEST) {
98 eap_session->this_round->request->code = code;
99 eap_session->this_round->set_request_id = false;
100 eap_session->finished = true;
101 TALLOC_FREE(eap_session->opaque);
102
103 return UNLANG_ACTION_CALCULATE_RESULT;
104 }
105
106 /*
107 * It's not an EAP-Success or an EAP-Failure
108 * it's a real EAP-SIM/AKA/AKA' response.
109 */
110 eap_session->this_round->request->type.num = inst->type;
111 eap_session->this_round->request->code = code;
112 eap_session->this_round->set_request_id = true;
113
114 /*
115 * RFC 3748 says this ID need only be different to
116 * the previous ID.
117 *
118 * We need to set the type, code, id here as the
119 * HMAC operates on the complete packet we're
120 * returning including the EAP headers, so the packet
121 * fields must be filled in before we call encode.
122 */
123 eap_session->this_round->request->id = mod_session->id++;
124
125 /*
126 * Perform different actions depending on the type
127 * of request we're sending.
128 */
129 switch (subtype_vp->vp_uint16) {
130 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
131 case FR_SUBTYPE_VALUE_SIM_START:
132 if (RDEBUG_ENABLED2) break;
133
134 /*
135 * Figure out if the state machine is
136 * requesting an ID.
137 */
138 if ((vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_any_id_req)) ||
139 (vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_fullauth_id_req)) ||
140 (vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_permanent_id_req))) {
141 RDEBUG2("Sending EAP-Request/%pV (%s)", &subtype_vp->data, vp->da->name);
142 } else {
143 RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data);
144 }
145 break;
146
147 /*
148 * Deal with sending bidding VP
149 *
150 * This can either come from policy or be set by the default
151 * virtual server.
152 *
153 * We send AT_BIDDING in our EAP-Request/AKA-Challenge message
154 * to tell the supplicant that if it has AKA' available/enabled
155 * it should have used that.
156 */
157 case FR_SUBTYPE_VALUE_AKA_CHALLENGE:
158 vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_bidding);
159
160 /*
161 * Explicit NO
162 */
163 if (inst->aka.send_at_bidding_prefer_prime_is_set &&
164 !inst->aka.send_at_bidding_prefer_prime) {
165 if (vp) pair_delete_reply(attr_eap_aka_sim_bidding);
166 /*
167 * Implicit or explicit YES
168 */
169 } else if (inst->aka.send_at_bidding_prefer_prime) {
170 MEM(pair_append_reply(&vp, attr_eap_aka_sim_bidding) >= 0);
171 vp->vp_uint16 = FR_BIDDING_VALUE_PREFER_AKA_PRIME;
172 }
173 FALL_THROUGH;
174
175 case FR_SUBTYPE_VALUE_SIM_CHALLENGE:
176 case FR_SUBTYPE_VALUE_AKA_SIM_REAUTHENTICATION:
177 /*
178 * Include our copy of the checkcode if we've been
179 * calculating it.
180 */
181 if (mod_session->checkcode_state) {
182 uint8_t *checkcode;
183
184 MEM(pair_update_reply(&vp, attr_eap_aka_sim_checkcode) >= 0);
185 if (fr_aka_sim_crypto_finalise_checkcode(vp, &checkcode, mod_session->checkcode_state) < 0) {
186 RPWDEBUG("Failed calculating checkcode");
187 pair_delete_reply(vp);
188 }
189 fr_pair_value_memdup_buffer_shallow(vp, checkcode, false); /* Buffer already in the correct ctx */
190 }
191
192 /*
193 * Extra data to append to the packet when signing.
194 */
195 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_hmac_extra_request);
196 if (vp) {
197 request_hmac_extra = vp->vp_octets;
198 request_hmac_extra_len = vp->vp_length;
199 }
200
201 /*
202 * Extra data to append to the response packet when
203 * validating the signature.
204 */
205 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_hmac_extra_response);
206 if (vp) {
207 /*
208 * We may attempt to challenge the supplicant
209 * twice when performing a resynchronisation.
210 *
211 * We previously asserted that the following were NULL:
212 *
213 * mod_session->response_hmac_extra
214 * mod_session->ctx.k_encr
215 * mod_session->ctx.k_aut
216 *
217 * but that is incorrect, as these fields need to be
218 * updated if new vectors are available.
219 */
220 talloc_free(mod_session->response_hmac_extra);
221 MEM(mod_session->response_hmac_extra = talloc_memdup(mod_session,
222 vp->vp_octets, vp->vp_length));
223 mod_session->response_hmac_extra_len = vp->vp_length;
224 }
225 /*
226 * Key we use for encrypting and decrypting attributes.
227 */
228 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_k_encr);
229 if (vp) {
230 talloc_const_free(mod_session->ctx.k_encr);
231 MEM(mod_session->ctx.k_encr = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
232 }
233
234 /*
235 * Key we use for signing and validating mac values.
236 */
237 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_k_aut);
238 if (vp) {
239 talloc_const_free(mod_session->ctx.k_aut);
240 MEM(mod_session->ctx.k_aut = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
241 mod_session->ctx.k_aut_len = vp->vp_length;
242 }
243
244 fr_assert(mod_session->ctx.k_encr && mod_session->ctx.k_aut);
245 FALL_THROUGH;
246
247 default:
248 RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data);
249 break;
250 }
251
252 encode_ctx = mod_session->ctx;
253 encode_ctx.eap_packet = eap_session->this_round->request;
254 encode_ctx.hmac_extra = request_hmac_extra;
255 encode_ctx.hmac_extra_len = request_hmac_extra_len;
256
257 RDEBUG2("Encoding attributes");
258 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->reply_pairs, NULL);
259 if (fr_aka_sim_encode(request, &request->reply_pairs, &encode_ctx) <= 0) RETURN_UNLANG_FAIL;
260
261 switch (subtype_vp->vp_uint16) {
262 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
263 /*
264 * Ingest the identity message into the checkcode
265 */
266 if (mod_session->ctx.checkcode_md) {
267 RDEBUG2("Updating checkcode");
268 if (!mod_session->checkcode_state &&
269 (fr_aka_sim_crypto_init_checkcode(mod_session, &mod_session->checkcode_state,
270 mod_session->ctx.checkcode_md) < 0)) {
271 RPWDEBUG("Failed initialising checkcode");
272 break;
273 }
274
275 if (fr_aka_sim_crypto_update_checkcode(mod_session->checkcode_state,
276 eap_session->this_round->request) < 0) {
277 RPWDEBUG("Failed updating checkcode");
278 }
279 }
280 break;
281
282 default:
283 break;
284 }
285
286 return UNLANG_ACTION_CALCULATE_RESULT; /* rcode is already correct */
287}
288
289/** Decode EAP session data into attribute
290 *
291 */
292unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
293{
294 eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
295 eap_session_t *eap_session = eap_session_get(request->parent);
296 eap_aka_sim_mod_session_t *mod_session = talloc_get_type_abort(eap_session->opaque,
297 eap_aka_sim_mod_session_t);
298 fr_pair_t *subtype_vp;
299 fr_dcursor_t cursor;
300 ssize_t ret;
301 fr_aka_sim_ctx_t decode_ctx;
302
303 switch (eap_session->this_round->response->type.num) {
304 default:
305 REDEBUG2("Unsupported EAP type (%u)", eap_session->this_round->response->type.num);
306 RETURN_UNLANG_REJECT;
307
308 case FR_EAP_METHOD_IDENTITY:
309 case FR_EAP_METHOD_NAK: /* Peer NAK'd our original suggestion */
310 break;
311
312 /*
313 * Only decode data for EAP-SIM/AKA/AKA' responses
314 */
315 case FR_EAP_METHOD_SIM:
316 case FR_EAP_METHOD_AKA:
317 case FR_EAP_METHOD_AKA_PRIME:
318 fr_pair_dcursor_init(&cursor, &request->request_pairs);
319
320 decode_ctx = mod_session->ctx;
321 decode_ctx.hmac_extra = mod_session->response_hmac_extra;
322 decode_ctx.hmac_extra_len = mod_session->response_hmac_extra_len;
323 decode_ctx.eap_packet = eap_session->this_round->response;
324
325 ret = fr_aka_sim_decode(request->request_ctx,
326 &request->request_pairs,
327 dict_eap_aka_sim,
328 eap_session->this_round->response->type.data,
329 eap_session->this_round->response->type.length,
330 &decode_ctx);
331
332 /*
333 * Only good for one response packet
334 */
335 TALLOC_FREE(mod_session->response_hmac_extra);
336 mod_session->response_hmac_extra_len = 0;
337
338 /*
339 * RFC 4187 says we *MUST* notify, not just send
340 * an EAP-Failure in this case where we cannot
341 * decode an EAP-AKA packet.
342 *
343 * We instead call the state machine and allow it
344 * to fail when it can't find the necessary
345 * attributes.
346 */
347 if (ret < 0) {
348 RPEDEBUG2("Failed decoding attributes");
349 goto done;
350 }
351
352 if (!fr_pair_list_empty(&request->request_pairs) && RDEBUG_ENABLED2) {
353 RDEBUG2("Decoded attributes");
354 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->request_pairs, NULL);
355 }
356
357 subtype_vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_aka_sim_subtype);
358 if (!subtype_vp) {
359 REDEBUG2("Missing Sub-Type"); /* Let the state machine enter the right state */
360 break;
361 }
362
363 RDEBUG2("Received EAP-Response/%pV", &(subtype_vp)->data);
364
365 switch (subtype_vp->vp_uint16) {
366 /*
367 * Ingest the identity message into the checkcode
368 */
369 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
370 if (mod_session->checkcode_state) {
371 RDEBUG2("Updating checkcode");
372 if (fr_aka_sim_crypto_update_checkcode(mod_session->checkcode_state,
373 eap_session->this_round->response) < 0) {
374 RPWDEBUG("Failed updating checkcode");
375 }
376 }
377 break;
378
379 case FR_SUBTYPE_VALUE_AKA_SIM_REAUTHENTICATION:
380 case FR_SUBTYPE_VALUE_AKA_CHALLENGE:
381 /*
382 * Include our copy of the checkcode if we've been
383 * calculating it. This is put in the control list
384 * so the state machine can check they're identical.
385 *
386 * This lets us simulate checkcode failures easily
387 * when testing the state machine.
388 */
389 if (mod_session->checkcode_state) {
390 uint8_t *checkcode;
391 fr_pair_t *vp;
392
393 MEM(pair_append_control(&vp, attr_eap_aka_sim_checkcode) >= 0);
394 if (fr_aka_sim_crypto_finalise_checkcode(vp, &checkcode, mod_session->checkcode_state) < 0) {
395 RPWDEBUG("Failed calculating checkcode");
396 pair_delete_control(vp);
397 } else {
398 fr_pair_value_memdup_buffer_shallow(vp, checkcode, false); /* Buffer already in the correct ctx */
399 }
400 }
401 FALL_THROUGH;
402
403 case FR_SUBTYPE_VALUE_SIM_CHALLENGE:
404 {
405 fr_pair_t *vp;
406 ssize_t slen;
407 uint8_t *buff;
408
409 MEM(pair_append_control(&vp, attr_eap_aka_sim_mac) >= 0);
410 MEM(fr_pair_value_mem_alloc(vp, &buff, AKA_SIM_MAC_DIGEST_SIZE, false) == 0);
411
412 slen = fr_aka_sim_crypto_sign_packet(buff, eap_session->this_round->response, true,
413 mod_session->ctx.hmac_md,
414 mod_session->ctx.k_aut,
415 mod_session->ctx.k_aut_len,
416 mod_session->response_hmac_extra,
417 mod_session->response_hmac_extra_len);
418 if (slen <= 0) {
419 RPEDEBUG("AT_MAC calculation failed");
420 pair_delete_control(vp);
421 RETURN_UNLANG_FAIL;
422 }
423 }
424 break;
425
426 default:
427 break;
428 }
429 break;
430 }
431
432done:
433 /*
434 * Setup our encode function as the resumption
435 * frame when the state machine finishes with
436 * this round.
437 */
438 (void)unlang_module_yield(request, mod_encode, NULL, 0, NULL);
439
440 if (virtual_server_push(&mod_session->virtual_server_result, request, inst->virtual_server, UNLANG_SUB_FRAME) < 0) {
441 unlang_interpet_frame_discard(request);
442 RETURN_UNLANG_FAIL;
443 }
444
445 return UNLANG_ACTION_PUSHED_CHILD;
446}
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
UNLANG_ACTION_PUSHED_CHILD
@ UNLANG_ACTION_PUSHED_CHILD
unlang_t pushed a new child onto the stack, execute it instead of continuing.
Definition action.h:39
UNLANG_ACTION_CALCULATE_RESULT
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
RCSID
#define RCSID(id)
Definition build.h:488
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:325
eap_packet_t::type
eap_type_data_t type
Definition compose.h:38
eap_round_t::set_request_id
bool set_request_id
Whether the EAP-Method already set the next request ID.
Definition compose.h:50
eap_round_t::response
eap_packet_t * response
Packet we received from the peer.
Definition compose.h:48
eap_packet_t::code
eap_code_t code
Definition compose.h:35
eap_packet_t::id
uint8_t id
Definition compose.h:36
eap_round_t::request
eap_packet_t * request
Packet we will send to the peer.
Definition compose.h:49
fr_dcursor_s
Definition dcursor.h:91
MEM
#define MEM(x)
Definition debug.h:46
FR_EAP_CODE_FAILURE
@ FR_EAP_CODE_FAILURE
Definition types.h:40
FR_EAP_CODE_REQUEST
@ FR_EAP_CODE_REQUEST
Definition types.h:37
FR_EAP_CODE_SUCCESS
@ FR_EAP_CODE_SUCCESS
Definition types.h:39
eap_type_data_t::num
eap_type_t num
Definition types.h:110
eap_type_data_t::length
size_t length
Definition types.h:111
eap_type_data_t::data
uint8_t * data
Definition types.h:112
eap_code_t
enum eap_code eap_code_t
FR_EAP_METHOD_SIM
@ FR_EAP_METHOD_SIM
Definition types.h:63
FR_EAP_METHOD_NAK
@ FR_EAP_METHOD_NAK
Definition types.h:48
FR_EAP_METHOD_AKA
@ FR_EAP_METHOD_AKA
Definition types.h:68
FR_EAP_METHOD_AKA_PRIME
@ FR_EAP_METHOD_AKA_PRIME
Definition types.h:96
FR_EAP_METHOD_IDENTITY
@ FR_EAP_METHOD_IDENTITY
Definition types.h:46
fr_aka_sim_ctx_t::hmac_extra_len
size_t hmac_extra_len
Definition base.h:244
fr_aka_sim_crypto_sign_packet
ssize_t fr_aka_sim_crypto_sign_packet(uint8_t out[static AKA_SIM_MAC_DIGEST_SIZE], eap_packet_t *eap_packet, bool zero_mac, EVP_MD const *md, uint8_t const *key, size_t const key_len, uint8_t const *hmac_extra, size_t const hmac_extra_len)
Calculate the digest value for a packet.
Definition crypto.c:289
fr_aka_sim_ctx_t::k_aut
uint8_t const * k_aut
The authentication key used for signing.
Definition base.h:249
fr_aka_sim_decode
int fr_aka_sim_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_t const *dict, uint8_t const *data, size_t data_len, fr_aka_sim_ctx_t *decode_ctx)
Decode SIM/AKA/AKA' specific packet data.
Definition decode.c:942
fr_aka_sim_crypto_finalise_checkcode
ssize_t fr_aka_sim_crypto_finalise_checkcode(TALLOC_CTX *ctx, uint8_t **out, fr_aka_sim_checkcode_t *checkcode)
Write out the final checkcode value.
Definition crypto.c:195
fr_aka_sim_ctx_t::hmac_md
EVP_MD const * hmac_md
HMAC digest algorithm, usually EVP_sha1().
Definition base.h:240
fr_aka_sim_ctx_t::eap_packet
eap_packet_t * eap_packet
Needed for validating AT_MAC.
Definition base.h:238
fr_aka_sim_ctx_t::checkcode_md
EVP_MD const * checkcode_md
HMAC we use for calculating the checkcode.
Definition base.h:241
fr_aka_sim_ctx_t::k_encr
uint8_t const * k_encr
The encryption key used for encrypting.
Definition base.h:246
fr_aka_sim_ctx_t::hmac_extra
uint8_t const * hmac_extra
Extra data for the HMAC function.
Definition base.h:243
AKA_SIM_MAC_DIGEST_SIZE
#define AKA_SIM_MAC_DIGEST_SIZE
Length of MAC used to prevent packet modification.
Definition base.h:42
fr_aka_sim_crypto_update_checkcode
int fr_aka_sim_crypto_update_checkcode(fr_aka_sim_checkcode_t *checkcode, eap_packet_t *eap_packet)
Digest a packet, updating the checkcode.
Definition crypto.c:151
fr_aka_sim_encode
ssize_t fr_aka_sim_encode(request_t *request, fr_pair_list_t *to_encode, void *encode_ctx)
Definition encode.c:872
fr_aka_sim_ctx_t::k_aut_len
size_t k_aut_len
Definition base.h:250
fr_aka_sim_crypto_init_checkcode
int fr_aka_sim_crypto_init_checkcode(TALLOC_CTX *ctx, fr_aka_sim_checkcode_t **checkcode, EVP_MD const *md)
Initialise checkcode message digest.
Definition crypto.c:113
fr_aka_sim_ctx_t
Encoder/decoder ctx.
Definition base.h:234
eap_aka_sim_mod_session_t::response_hmac_extra
uint8_t * response_hmac_extra
Data to concatenate to response packet before validating.
Definition module.h:76
eap_aka_sim_mod_session_t::response_hmac_extra_len
size_t response_hmac_extra_len
Definition module.h:78
eap_aka_sim_mod_session_t::ctx
fr_aka_sim_ctx_t ctx
Definition module.h:83
eap_aka_sim_mod_session_t::virtual_server_result
unlang_result_t virtual_server_result
Definition module.h:80
eap_aka_sim_mod_session_t::id
uint8_t id
Last ID used, monotonically increments.
Definition module.h:74
eap_aka_sim_mod_session_t::checkcode_state
fr_aka_sim_checkcode_t * checkcode_state
Digest of all identity packets we've seen.
Definition module.h:82
eap_aka_sim_mod_session_t
Structure used to track session state at the module level.
Definition module.h:73
eap_aka_sim_module_conf_t
Definition module.h:41
talloc_free
talloc_free(hp)
unlang_interpet_frame_discard
void unlang_interpet_frame_discard(request_t *request)
Discard the bottom most frame on the request's stack.
Definition interpret.c:2026
UNLANG_SUB_FRAME
#define UNLANG_SUB_FRAME
Definition interpret.h:37
unlang_result_t::rcode
rlm_rcode_t rcode
The current rcode, from executing the instruction or merging the result from a frame.
Definition interpret.h:134
unlang_result_t
Definition interpret.h:133
eap_session_get
static eap_session_t * eap_session_get(request_t *request)
Definition session.h:85
eap_session_s::opaque
void * opaque
Opaque data used by EAP methods.
Definition session.h:63
eap_session_s::this_round
eap_round_t * this_round
The EAP response we're processing, and the EAP request we're building.
Definition session.h:60
eap_session_s::finished
bool finished
Whether we consider this session complete.
Definition session.h:72
eap_session_s
Tracks the progress of a single session of any EAP method.
Definition session.h:41
attr_eap_aka_sim_bidding
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_bidding
Definition base.c:63
attr_eap_aka_sim_permanent_id_req
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_permanent_id_req
Definition base.c:92
attr_eap_aka_sim_k_encr
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_k_encr
Definition base.c:78
attr_eap_aka_sim_checkcode
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_checkcode
Definition base.c:64
attr_eap_aka_sim_k_aut
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_k_aut
Definition base.c:77
attr_eap_aka_sim_any_id_req
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_any_id_req
Definition base.c:60
dict_eap_aka_sim
fr_dict_t const * dict_eap_aka_sim
Definition base.c:48
attr_eap_aka_sim_mac
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_mac
Definition base.c:84
attr_eap_aka_sim_fullauth_id_req
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_fullauth_id_req
Definition base.c:70
attr_eap_aka_sim_subtype
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_subtype
Definition base.c:99
attr_eap_aka_sim_hmac_extra_request
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_hmac_extra_request
Definition base.c:71
attr_eap_aka_sim_hmac_extra_response
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_hmac_extra_response
Definition base.c:72
log_request_pair_list
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition log.c:831
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition log.h:388
RPWDEBUG
#define RPWDEBUG(fmt,...)
Definition log.h:378
RPEDEBUG2
#define RPEDEBUG2(fmt,...)
Definition log.h:389
REDEBUG2
#define REDEBUG2(fmt,...)
Definition log.h:384
L_DBG_LVL_2
@ L_DBG_LVL_2
2nd highest priority debug messages (-xx | -X).
Definition log.h:68
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
request_t
Definition merged_model.c:210
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:707
fr_pair_value_mem_alloc
int fr_pair_value_mem_alloc(fr_pair_t *vp, uint8_t **out, size_t size, bool tainted)
Pre-allocate a memory buffer for a "octets" type value pair.
Definition pair.c:2915
fr_pair_value_memdup_buffer_shallow
int fr_pair_value_memdup_buffer_shallow(fr_pair_t *vp, uint8_t const *src, bool tainted)
Assign a talloced buffer to a "octets" type value pair.
Definition pair.c:3041
encode_ctx
static fr_internal_encode_ctx_t encode_ctx
Definition proto_ldap_sync.c:34
attrs.h
VQP attributes.
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:37
RDEBUG_ENABLED2
#define RDEBUG_ENABLED2()
Definition radclient-ng.h:50
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient-ng.h:54
done
static bool done
Definition radclient.c:80
RETURN_UNLANG_FAIL
#define RETURN_UNLANG_FAIL
Definition rcode.h:63
RETURN_UNLANG_REJECT
#define RETURN_UNLANG_REJECT
Definition rcode.h:62
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:44
RLM_MODULE_INVALID
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:51
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:49
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:48
RLM_MODULE_DISALLOW
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition rcode.h:52
RLM_MODULE_REJECT
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:47
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:53
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:55
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:54
RLM_MODULE_NUMCODES
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:57
RLM_MODULE_HANDLED
@ RLM_MODULE_HANDLED
The module handled the request, so stop.
Definition rcode.h:50
module_instance_s::data
void * data
Module's instance data.
Definition module.h:293
pair_append_control
#define pair_append_control(_attr, _da)
Allocate and append a fr_pair_t to the control list.
Definition pair.h:57
pair_update_reply
#define pair_update_reply(_attr, _da)
Return or allocate a fr_pair_t in the reply list.
Definition pair.h:129
pair_delete_reply
#define pair_delete_reply(_pair_or_da)
Delete a fr_pair_t in the reply list.
Definition pair.h:181
pair_append_reply
#define pair_append_reply(_attr, _da)
Allocate and append a fr_pair_t to reply list.
Definition pair.h:47
pair_delete_control
#define pair_delete_control(_pair_or_da)
Delete a fr_pair_t in the control list.
Definition pair.h:190
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
mod_encode
static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Encode EAP session data from attributes.
Definition module.c:40
eap_aka_sim_process
unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Decode EAP session data into attribute.
Definition module.c:292
unlang_module_yield
unlang_action_t unlang_module_yield(request_t *request, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition module.c:431
subtype_vp
fr_pair_t * subtype_vp
Definition state_machine.c:1299
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3645
vp
fr_pair_t * vp
Definition state_machine.c:2287
eap_aka_sim_process_conf_t::type
eap_type_t type
The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.
Definition state_machine.h:191
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
talloc_const_free
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:253
module.h
Functions to allow modules to push resumption frames onto the stack and inform the interpreter about ...
base.h
Master include file to access all functions and structures in the library.
fr_pair_list_empty
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
Definition pair_inline.c:124
fr_pair_dcursor_init
#define fr_pair_dcursor_init(_cursor, _list)
Initialises a special dcursor with callbacks that will maintain the attr sublists correctly.
Definition pair.h:604
data
static fr_slen_t data
Definition value.h:1340
virtual_server_push
unlang_action_t virtual_server_push(unlang_result_t *p_result, request_t *request, virtual_server_t const *vs, bool top_frame)
Set the request processing function.
Definition virtual_servers.c:751
Generated by   doxygen 1.9.8