The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
module.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * @file src/lib/eap_aka_sim/module.c
19 * @brief Common encode/decode functions for EAP subtype modules
20 *
21 * @author Arran Cudbard-Bell (a.cudbardb@freeradius.org)
22 *
23 * @copyright 2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
24 */
25RCSID("$Id: 3ed5311461a64d4269c419107c8cd5532f8bd34a $")
26
27#include <freeradius-devel/eap/types.h>
28#include <freeradius-devel/server/module.h>
29#include <freeradius-devel/server/pair.h>
30#include <freeradius-devel/server/virtual_servers.h>
31#include <freeradius-devel/unlang/interpret.h>
32#include <freeradius-devel/unlang/module.h>
33#include <freeradius-devel/util/rand.h>
34
35#include "attrs.h"
36#include "base.h"
37#include "module.h"
38
39/** Encode EAP session data from attributes
40 *
41 */
42static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
43{
44 eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
45 eap_session_t *eap_session = eap_session_get(request->parent);
46 eap_aka_sim_mod_session_t *mod_session = talloc_get_type_abort(eap_session->opaque, eap_aka_sim_mod_session_t);
48
49 static eap_code_t rcode_to_eap_code[RLM_MODULE_NUMCODES] = {
59 };
60 eap_code_t code;
61 rlm_rcode_t rcode = mod_session->virtual_server_result.rcode;
63 uint8_t const *request_hmac_extra = NULL;
64 size_t request_hmac_extra_len = 0;
66
67 /*
68 * If there's no subtype vp, we look at the rcode
69 * from the virtual server to determine what kind
70 * of EAP response to send.
71 */
72 subtype_vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_subtype);
73 if (!subtype_vp) {
74 eap_session->this_round->request->code = (rcode == RLM_MODULE_OK) ?
76 /*
77 * RFC 3748 requires the request and response
78 * IDs to be identical for EAP-SUCCESS and
79 * EAP-FAILURE.
80 *
81 * The EAP common code will do the right thing
82 * here if we just tell it we haven't se the
83 * request ID.
84 */
85 eap_session->this_round->set_request_id = false;
86 eap_session->finished = true;
87 TALLOC_FREE(eap_session->opaque);
88
90 }
91
93
94 /*
95 * If there is a subtype vp, verify the return
96 * code allows us send EAP-SIM/AKA/AKA' data back.
97 */
98 code = rcode_to_eap_code[rcode];
99 if (code != FR_EAP_CODE_REQUEST) {
100 eap_session->this_round->request->code = code;
101 eap_session->this_round->set_request_id = false;
102 eap_session->finished = true;
103 TALLOC_FREE(eap_session->opaque);
104
106 }
107
108 /*
109 * It's not an EAP-Success or an EAP-Failure
110 * it's a real EAP-SIM/AKA/AKA' response.
111 */
112 eap_session->this_round->request->type.num = inst->type;
113 eap_session->this_round->request->code = code;
114 eap_session->this_round->set_request_id = true;
115
116 /*
117 * RFC 3748 says this ID need only be different to
118 * the previous ID.
119 *
120 * We need to set the type, code, id here as the
121 * HMAC operates on the complete packet we're
122 * returning including the EAP headers, so the packet
123 * fields must be filled in before we call encode.
124 */
125 eap_session->this_round->request->id = mod_session->id++;
126
127 /*
128 * Perform different actions depending on the type
129 * of request we're sending.
130 */
131 switch (subtype_vp->vp_uint16) {
132 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
133 case FR_SUBTYPE_VALUE_SIM_START:
134 if (RDEBUG_ENABLED2) break;
135
136 /*
137 * Figure out if the state machine is
138 * requesting an ID.
139 */
140 if ((vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_any_id_req)) ||
141 (vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_fullauth_id_req)) ||
142 (vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_permanent_id_req))) {
143 RDEBUG2("Sending EAP-Request/%pV (%s)", &subtype_vp->data, vp->da->name);
144 } else {
145 RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data);
146 }
147 break;
148
149 /*
150 * Deal with sending bidding VP
151 *
152 * This can either come from policy or be set by the default
153 * virtual server.
154 *
155 * We send AT_BIDDING in our EAP-Request/AKA-Challenge message
156 * to tell the supplicant that if it has AKA' available/enabled
157 * it should have used that.
158 */
159 case FR_SUBTYPE_VALUE_AKA_CHALLENGE:
160 vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_bidding);
161
162 /*
163 * Explicit NO
164 */
165 if (inst->aka.send_at_bidding_prefer_prime_is_set &&
166 !inst->aka.send_at_bidding_prefer_prime) {
168 /*
169 * Implicit or explicit YES
170 */
171 } else if (inst->aka.send_at_bidding_prefer_prime) {
173 vp->vp_uint16 = FR_BIDDING_VALUE_PREFER_AKA_PRIME;
174 }
176
177 case FR_SUBTYPE_VALUE_SIM_CHALLENGE:
178 case FR_SUBTYPE_VALUE_AKA_SIM_REAUTHENTICATION:
179 /*
180 * Include our copy of the checkcode if we've been
181 * calculating it.
182 */
183 if (mod_session->checkcode_state) {
184 uint8_t *checkcode;
185
187 if (fr_aka_sim_crypto_finalise_checkcode(vp, &checkcode, mod_session->checkcode_state) < 0) {
188 RPWDEBUG("Failed calculating checkcode");
190 }
191 fr_pair_value_memdup_buffer_shallow(vp, checkcode, false); /* Buffer already in the correct ctx */
192 }
193
194 /*
195 * Extra data to append to the packet when signing.
196 */
197 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_hmac_extra_request);
198 if (vp) {
199 request_hmac_extra = vp->vp_octets;
200 request_hmac_extra_len = vp->vp_length;
201 }
202
203 /*
204 * Extra data to append to the response packet when
205 * validating the signature.
206 */
207 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_hmac_extra_response);
208 if (vp) {
209 /*
210 * We may attempt to challenge the supplicant
211 * twice when performing a resynchronisation.
212 *
213 * We previously asserted that the following were NULL:
214 *
215 * mod_session->response_hmac_extra
216 * mod_session->ctx.k_encr
217 * mod_session->ctx.k_aut
218 *
219 * but that is incorrect, as these fields need to be
220 * updated if new vectors are available.
221 */
222 talloc_free(mod_session->response_hmac_extra);
223 MEM(mod_session->response_hmac_extra = talloc_memdup(mod_session,
224 vp->vp_octets, vp->vp_length));
225 mod_session->response_hmac_extra_len = vp->vp_length;
226 }
227 /*
228 * Key we use for encrypting and decrypting attributes.
229 */
230 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_k_encr);
231 if (vp) {
232 talloc_const_free(mod_session->ctx.k_encr);
233 MEM(mod_session->ctx.k_encr = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
234 }
235
236 /*
237 * Key we use for signing and validating mac values.
238 */
239 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_k_aut);
240 if (vp) {
241 talloc_const_free(mod_session->ctx.k_aut);
242 MEM(mod_session->ctx.k_aut = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
243 mod_session->ctx.k_aut_len = vp->vp_length;
244 }
245
246 fr_assert(mod_session->ctx.k_encr && mod_session->ctx.k_aut);
248
249 default:
250 RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data);
251 break;
252 }
253
254 encode_ctx = mod_session->ctx;
255 encode_ctx.eap_packet = eap_session->this_round->request;
256 encode_ctx.hmac_extra = request_hmac_extra;
257 encode_ctx.hmac_extra_len = request_hmac_extra_len;
258
259 RDEBUG2("Encoding attributes");
260 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->reply_pairs, NULL);
261 if (fr_aka_sim_encode(request, &request->reply_pairs, &encode_ctx) <= 0) RETURN_UNLANG_FAIL;
262
263 switch (subtype_vp->vp_uint16) {
264 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
265 /*
266 * Ingest the identity message into the checkcode
267 */
268 if (mod_session->ctx.checkcode_md) {
269 RDEBUG2("Updating checkcode");
270 if (!mod_session->checkcode_state &&
271 (fr_aka_sim_crypto_init_checkcode(mod_session, &mod_session->checkcode_state,
272 mod_session->ctx.checkcode_md) < 0)) {
273 RPWDEBUG("Failed initialising checkcode");
274 break;
275 }
276
278 eap_session->this_round->request) < 0) {
279 RPWDEBUG("Failed updating checkcode");
280 }
281 }
282 break;
283
284 default:
285 break;
286 }
287
288 return UNLANG_ACTION_CALCULATE_RESULT; /* rcode is already correct */
289}
290
291/** Decode EAP session data into attribute
292 *
293 */
295{
296 eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
297 eap_session_t *eap_session = eap_session_get(request->parent);
298 eap_aka_sim_mod_session_t *mod_session = talloc_get_type_abort(eap_session->opaque,
301 fr_dcursor_t cursor;
302 ssize_t ret;
303 fr_aka_sim_ctx_t decode_ctx;
304
305 switch (eap_session->this_round->response->type.num) {
306 default:
307 REDEBUG2("Unsupported EAP type (%u)", eap_session->this_round->response->type.num);
309
311 case FR_EAP_METHOD_NAK: /* Peer NAK'd our original suggestion */
312 break;
313
314 /*
315 * Only decode data for EAP-SIM/AKA/AKA' responses
316 */
320 fr_pair_dcursor_init(&cursor, &request->request_pairs);
321
322 decode_ctx = mod_session->ctx;
323 decode_ctx.hmac_extra = mod_session->response_hmac_extra;
324 decode_ctx.hmac_extra_len = mod_session->response_hmac_extra_len;
325 decode_ctx.eap_packet = eap_session->this_round->response;
326
327 ret = fr_aka_sim_decode(request->request_ctx,
328 &request->request_pairs,
330 eap_session->this_round->response->type.data,
331 eap_session->this_round->response->type.length,
332 &decode_ctx);
333
334 /*
335 * Only good for one response packet
336 */
337 TALLOC_FREE(mod_session->response_hmac_extra);
338 mod_session->response_hmac_extra_len = 0;
339
340 /*
341 * RFC 4187 says we *MUST* notify, not just send
342 * an EAP-Failure in this case where we cannot
343 * decode an EAP-AKA packet.
344 *
345 * We instead call the state machine and allow it
346 * to fail when it can't find the necessary
347 * attributes.
348 */
349 if (ret < 0) {
350 RPEDEBUG2("Failed decoding attributes");
351 goto done;
352 }
353
354 if (!fr_pair_list_empty(&request->request_pairs) && RDEBUG_ENABLED2) {
355 RDEBUG2("Decoded attributes");
356 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->request_pairs, NULL);
357 }
358
359 subtype_vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_aka_sim_subtype);
360 if (!subtype_vp) {
361 REDEBUG2("Missing Sub-Type"); /* Let the state machine enter the right state */
362 break;
363 }
364
365 RDEBUG2("Received EAP-Response/%pV", &(subtype_vp)->data);
366
367 switch (subtype_vp->vp_uint16) {
368 /*
369 * Ingest the identity message into the checkcode
370 */
371 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
372 if (mod_session->checkcode_state) {
373 RDEBUG2("Updating checkcode");
375 eap_session->this_round->response) < 0) {
376 RPWDEBUG("Failed updating checkcode");
377 }
378 }
379 break;
380
381 case FR_SUBTYPE_VALUE_AKA_SIM_REAUTHENTICATION:
382 case FR_SUBTYPE_VALUE_AKA_CHALLENGE:
383 /*
384 * Include our copy of the checkcode if we've been
385 * calculating it. This is put in the control list
386 * so the state machine can check they're identical.
387 *
388 * This lets us simulate checkcode failures easily
389 * when testing the state machine.
390 */
391 if (mod_session->checkcode_state) {
392 uint8_t *checkcode;
393 fr_pair_t *vp;
394
396 if (fr_aka_sim_crypto_finalise_checkcode(vp, &checkcode, mod_session->checkcode_state) < 0) {
397 RPWDEBUG("Failed calculating checkcode");
399 } else {
400 fr_pair_value_memdup_buffer_shallow(vp, checkcode, false); /* Buffer already in the correct ctx */
401 }
402 }
404
405 case FR_SUBTYPE_VALUE_SIM_CHALLENGE:
406 {
407 fr_pair_t *vp;
408 ssize_t slen;
409 uint8_t *buff;
410
413
414 slen = fr_aka_sim_crypto_sign_packet(buff, eap_session->this_round->response, true,
415 mod_session->ctx.hmac_md,
416 mod_session->ctx.k_aut,
417 mod_session->ctx.k_aut_len,
418 mod_session->response_hmac_extra,
419 mod_session->response_hmac_extra_len);
420 if (slen <= 0) {
421 RPEDEBUG("AT_MAC calculation failed");
424 }
425 }
426 break;
427
428 default:
429 break;
430 }
431 break;
432 }
433
434done:
435 /*
436 * Setup our encode function as the resumption
437 * frame when the state machine finishes with
438 * this round.
439 */
440 (void)unlang_module_yield(request, mod_encode, NULL, 0, NULL);
441
442 if (virtual_server_push(&mod_session->virtual_server_result, request, inst->virtual_server, UNLANG_SUB_FRAME) < 0) {
445 }
446
448}
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
@ UNLANG_ACTION_PUSHED_CHILD
unlang_t pushed a new child onto the stack, execute it instead of continuing.
Definition action.h:39
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
#define RCSID(id)
Definition build.h:485
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
eap_type_data_t type
Definition compose.h:39
bool set_request_id
Whether the EAP-Method already set the next request ID.
Definition compose.h:51
eap_packet_t * response
Packet we received from the peer.
Definition compose.h:49
eap_code_t code
Definition compose.h:36
uint8_t id
Definition compose.h:37
eap_packet_t * request
Packet we will send to the peer.
Definition compose.h:50
#define MEM(x)
Definition debug.h:36
@ FR_EAP_CODE_FAILURE
Definition types.h:40
@ FR_EAP_CODE_REQUEST
Definition types.h:37
@ FR_EAP_CODE_SUCCESS
Definition types.h:39
eap_type_t num
Definition types.h:110
size_t length
Definition types.h:111
uint8_t * data
Definition types.h:112
enum eap_code eap_code_t
@ FR_EAP_METHOD_SIM
Definition types.h:63
@ FR_EAP_METHOD_NAK
Definition types.h:48
@ FR_EAP_METHOD_AKA
Definition types.h:68
@ FR_EAP_METHOD_AKA_PRIME
Definition types.h:96
@ FR_EAP_METHOD_IDENTITY
Definition types.h:46
size_t hmac_extra_len
Definition base.h:244
ssize_t fr_aka_sim_crypto_sign_packet(uint8_t out[static AKA_SIM_MAC_DIGEST_SIZE], eap_packet_t *eap_packet, bool zero_mac, EVP_MD const *md, uint8_t const *key, size_t const key_len, uint8_t const *hmac_extra, size_t const hmac_extra_len)
Calculate the digest value for a packet.
Definition crypto.c:284
uint8_t const * k_aut
The authentication key used for signing.
Definition base.h:249
int fr_aka_sim_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_t const *dict, uint8_t const *data, size_t data_len, fr_aka_sim_ctx_t *decode_ctx)
Decode SIM/AKA/AKA' specific packet data.
Definition decode.c:942
ssize_t fr_aka_sim_crypto_finalise_checkcode(TALLOC_CTX *ctx, uint8_t **out, fr_aka_sim_checkcode_t *checkcode)
Write out the final checkcode value.
Definition crypto.c:196
EVP_MD const * hmac_md
HMAC digest algorithm, usually EVP_sha1().
Definition base.h:240
eap_packet_t * eap_packet
Needed for validating AT_MAC.
Definition base.h:238
EVP_MD const * checkcode_md
HMAC we use for calculating the checkcode.
Definition base.h:241
uint8_t const * k_encr
The encryption key used for encrypting.
Definition base.h:246
uint8_t const * hmac_extra
Extra data for the HMAC function.
Definition base.h:243
#define AKA_SIM_MAC_DIGEST_SIZE
Length of MAC used to prevent packet modification.
Definition base.h:42
int fr_aka_sim_crypto_update_checkcode(fr_aka_sim_checkcode_t *checkcode, eap_packet_t *eap_packet)
Digest a packet, updating the checkcode.
Definition crypto.c:152
ssize_t fr_aka_sim_encode(request_t *request, fr_pair_list_t *to_encode, void *encode_ctx)
Definition encode.c:872
size_t k_aut_len
Definition base.h:250
int fr_aka_sim_crypto_init_checkcode(TALLOC_CTX *ctx, fr_aka_sim_checkcode_t **checkcode, EVP_MD const *md)
Initialise checkcode message digest.
Definition crypto.c:114
Encoder/decoder ctx.
Definition base.h:234
uint8_t * response_hmac_extra
Data to concatenate to response packet before validating.
Definition module.h:74
size_t response_hmac_extra_len
Definition module.h:76
fr_aka_sim_ctx_t ctx
Definition module.h:81
unlang_result_t virtual_server_result
Definition module.h:78
uint8_t id
Last ID used, monotonically increments.
Definition module.h:72
fr_aka_sim_checkcode_t * checkcode_state
Digest of all identity packets we've seen.
Definition module.h:80
Structure used to track session state at the module level.
Definition module.h:71
void unlang_interpet_frame_discard(request_t *request)
Discard the bottom most frame on the request's stack.
Definition interpret.c:1986
#define UNLANG_SUB_FRAME
Definition interpret.h:37
rlm_rcode_t rcode
The current rcode, from executing the instruction or merging the result from a frame.
Definition interpret.h:134
static eap_session_t * eap_session_get(request_t *request)
Definition session.h:83
void * opaque
Opaque data used by EAP methods.
Definition session.h:63
eap_round_t * this_round
The EAP response we're processing, and the EAP request we're building.
Definition session.h:60
bool finished
Whether we consider this session complete.
Definition session.h:72
Tracks the progress of a single session of any EAP method.
Definition session.h:41
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_bidding
Definition base.c:63
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_permanent_id_req
Definition base.c:92
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_k_encr
Definition base.c:78
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_checkcode
Definition base.c:64
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_k_aut
Definition base.c:77
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_any_id_req
Definition base.c:60
fr_dict_t const * dict_eap_aka_sim
Definition base.c:48
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_mac
Definition base.c:84
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_fullauth_id_req
Definition base.c:70
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_subtype
Definition base.c:99
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_hmac_extra_request
Definition base.c:71
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_hmac_extra_response
Definition base.c:72
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition log.c:828
#define RPEDEBUG(fmt,...)
Definition log.h:376
#define RPWDEBUG(fmt,...)
Definition log.h:366
#define RPEDEBUG2(fmt,...)
Definition log.h:377
#define REDEBUG2(fmt,...)
Definition log.h:372
talloc_free(reap)
@ L_DBG_LVL_2
2nd highest priority debug messages (-xx | -X).
Definition log.h:71
long int ssize_t
unsigned char uint8_t
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:697
int fr_pair_value_mem_alloc(fr_pair_t *vp, uint8_t **out, size_t size, bool tainted)
Pre-allocate a memory buffer for a "octets" type value pair.
Definition pair.c:2885
int fr_pair_value_memdup_buffer_shallow(fr_pair_t *vp, uint8_t const *src, bool tainted)
Assign a talloced buffer to a "octets" type value pair.
Definition pair.c:3011
static fr_internal_encode_ctx_t encode_ctx
VQP attributes.
#define fr_assert(_expr)
Definition rad_assert.h:38
static bool done
Definition radclient.c:81
#define RDEBUG_ENABLED2()
Definition radclient.h:50
#define RDEBUG2(fmt,...)
Definition radclient.h:54
#define RETURN_UNLANG_FAIL
Definition rcode.h:57
#define RETURN_UNLANG_REJECT
Definition rcode.h:56
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:45
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition rcode.h:46
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:41
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:47
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:49
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:48
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:51
@ RLM_MODULE_HANDLED
The module handled the request, so stop.
Definition rcode.h:44
void * data
Module's instance data.
Definition module.h:291
#define pair_append_control(_attr, _da)
Allocate and append a fr_pair_t to the control list.
Definition pair.h:57
#define pair_update_reply(_attr, _da)
Return or allocate a fr_pair_t in the reply list.
Definition pair.h:129
#define pair_delete_reply(_pair_or_da)
Delete a fr_pair_t in the reply list.
Definition pair.h:181
#define pair_append_reply(_attr, _da)
Allocate and append a fr_pair_t to reply list.
Definition pair.h:47
#define pair_delete_control(_pair_or_da)
Delete a fr_pair_t in the control list.
Definition pair.h:190
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Encode EAP session data from attributes.
Definition module.c:42
unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Decode EAP session data into attribute.
Definition module.c:294
unlang_action_t unlang_module_yield(request_t *request, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition module.c:434
fr_pair_t * subtype_vp
eap_aka_sim_process_conf_t * inst
fr_pair_t * vp
eap_type_t type
The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:229
Functions to allow modules to push resumption frames onto the stack and inform the interpreter about ...
Master include file to access all functions and structures in the library.
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
#define fr_pair_dcursor_init(_cursor, _list)
Initialises a special dcursor with callbacks that will maintain the attr sublists correctly.
Definition pair.h:587
static fr_slen_t data
Definition value.h:1288
unlang_action_t virtual_server_push(unlang_result_t *p_result, request_t *request, CONF_SECTION *server_cs, bool top_frame)
Set the request processing function.