The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
module.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * @file src/lib/eap_aka_sim/module.c
19 * @brief Common encode/decode functions for EAP subtype modules
20 *
21 * @author Arran Cudbard-Bell (a.cudbardb@freeradius.org)
22 *
23 * @copyright 2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
24 */
25RCSID("$Id: 3ed5311461a64d4269c419107c8cd5532f8bd34a $")
26
27#include <freeradius-devel/eap/types.h>
28#include <freeradius-devel/server/module.h>
29#include <freeradius-devel/server/pair.h>
30#include <freeradius-devel/server/virtual_servers.h>
31#include <freeradius-devel/unlang/interpret.h>
32#include <freeradius-devel/unlang/module.h>
33#include <freeradius-devel/util/rand.h>
34
35#include "attrs.h"
36#include "base.h"
37#include "module.h"
38
39/** Encode EAP session data from attributes
40 *
41 */
42static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
43{
44 eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
45 eap_session_t *eap_session = eap_session_get(request->parent);
46 eap_aka_sim_mod_session_t *mod_session = talloc_get_type_abort(eap_session->opaque, eap_aka_sim_mod_session_t);
47 fr_pair_t *subtype_vp;
48
49 static eap_code_t rcode_to_eap_code[RLM_MODULE_NUMCODES] = {
50 [RLM_MODULE_REJECT] = FR_EAP_CODE_FAILURE,
51 [RLM_MODULE_FAIL] = FR_EAP_CODE_FAILURE,
52 [RLM_MODULE_OK] = FR_EAP_CODE_SUCCESS,
53 [RLM_MODULE_HANDLED] = FR_EAP_CODE_REQUEST,
54 [RLM_MODULE_INVALID] = FR_EAP_CODE_FAILURE,
55 [RLM_MODULE_DISALLOW] = FR_EAP_CODE_FAILURE,
56 [RLM_MODULE_NOTFOUND] = FR_EAP_CODE_FAILURE,
57 [RLM_MODULE_NOOP] = FR_EAP_CODE_FAILURE,
58 [RLM_MODULE_UPDATED] = FR_EAP_CODE_FAILURE
59 };
60 eap_code_t code;
61 rlm_rcode_t rcode = mod_session->virtual_server_result.rcode;
62 fr_aka_sim_ctx_t encode_ctx;
63 uint8_t const *request_hmac_extra = NULL;
64 size_t request_hmac_extra_len = 0;
65 fr_pair_t *vp;
66
67 /*
68 * If there's no subtype vp, we look at the rcode
69 * from the virtual server to determine what kind
70 * of EAP response to send.
71 */
72 subtype_vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_subtype);
73 if (!subtype_vp) {
74 eap_session->this_round->request->code = (rcode == RLM_MODULE_OK) ?
75 FR_EAP_CODE_SUCCESS : FR_EAP_CODE_FAILURE;
76 /*
77 * RFC 3748 requires the request and response
78 * IDs to be identical for EAP-SUCCESS and
79 * EAP-FAILURE.
80 *
81 * The EAP common code will do the right thing
82 * here if we just tell it we haven't se the
83 * request ID.
84 */
85 eap_session->this_round->set_request_id = false;
86 eap_session->finished = true;
87 TALLOC_FREE(eap_session->opaque);
88
89 return UNLANG_ACTION_CALCULATE_RESULT;
90 }
91
92 fr_assert(rcode < RLM_MODULE_NUMCODES);
93
94 /*
95 * If there is a subtype vp, verify the return
96 * code allows us send EAP-SIM/AKA/AKA' data back.
97 */
98 code = rcode_to_eap_code[rcode];
99 if (code != FR_EAP_CODE_REQUEST) {
100 eap_session->this_round->request->code = code;
101 eap_session->this_round->set_request_id = false;
102 eap_session->finished = true;
103 TALLOC_FREE(eap_session->opaque);
104
105 return UNLANG_ACTION_CALCULATE_RESULT;
106 }
107
108 /*
109 * It's not an EAP-Success or an EAP-Failure
110 * it's a real EAP-SIM/AKA/AKA' response.
111 */
112 eap_session->this_round->request->type.num = inst->type;
113 eap_session->this_round->request->code = code;
114 eap_session->this_round->set_request_id = true;
115
116 /*
117 * RFC 3748 says this ID need only be different to
118 * the previous ID.
119 *
120 * We need to set the type, code, id here as the
121 * HMAC operates on the complete packet we're
122 * returning including the EAP headers, so the packet
123 * fields must be filled in before we call encode.
124 */
125 eap_session->this_round->request->id = mod_session->id++;
126
127 /*
128 * Perform different actions depending on the type
129 * of request we're sending.
130 */
131 switch (subtype_vp->vp_uint16) {
132 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
133 case FR_SUBTYPE_VALUE_SIM_START:
134 if (RDEBUG_ENABLED2) break;
135
136 /*
137 * Figure out if the state machine is
138 * requesting an ID.
139 */
140 if ((vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_any_id_req)) ||
141 (vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_fullauth_id_req)) ||
142 (vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_permanent_id_req))) {
143 RDEBUG2("Sending EAP-Request/%pV (%s)", &subtype_vp->data, vp->da->name);
144 } else {
145 RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data);
146 }
147 break;
148
149 /*
150 * Deal with sending bidding VP
151 *
152 * This can either come from policy or be set by the default
153 * virtual server.
154 *
155 * We send AT_BIDDING in our EAP-Request/AKA-Challenge message
156 * to tell the supplicant that if it has AKA' available/enabled
157 * it should have used that.
158 */
159 case FR_SUBTYPE_VALUE_AKA_CHALLENGE:
160 vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_aka_sim_bidding);
161
162 /*
163 * Explicit NO
164 */
165 if (inst->aka.send_at_bidding_prefer_prime_is_set &&
166 !inst->aka.send_at_bidding_prefer_prime) {
167 if (vp) pair_delete_reply(attr_eap_aka_sim_bidding);
168 /*
169 * Implicit or explicit YES
170 */
171 } else if (inst->aka.send_at_bidding_prefer_prime) {
172 MEM(pair_append_reply(&vp, attr_eap_aka_sim_bidding) >= 0);
173 vp->vp_uint16 = FR_BIDDING_VALUE_PREFER_AKA_PRIME;
174 }
175 FALL_THROUGH;
176
177 case FR_SUBTYPE_VALUE_SIM_CHALLENGE:
178 case FR_SUBTYPE_VALUE_AKA_SIM_REAUTHENTICATION:
179 /*
180 * Include our copy of the checkcode if we've been
181 * calculating it.
182 */
183 if (mod_session->checkcode_state) {
184 uint8_t *checkcode;
185
186 MEM(pair_update_reply(&vp, attr_eap_aka_sim_checkcode) >= 0);
187 if (fr_aka_sim_crypto_finalise_checkcode(vp, &checkcode, mod_session->checkcode_state) < 0) {
188 RPWDEBUG("Failed calculating checkcode");
189 pair_delete_reply(vp);
190 }
191 fr_pair_value_memdup_buffer_shallow(vp, checkcode, false); /* Buffer already in the correct ctx */
192 }
193
194 /*
195 * Extra data to append to the packet when signing.
196 */
197 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_hmac_extra_request);
198 if (vp) {
199 request_hmac_extra = vp->vp_octets;
200 request_hmac_extra_len = vp->vp_length;
201 }
202
203 /*
204 * Extra data to append to the response packet when
205 * validating the signature.
206 */
207 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_hmac_extra_response);
208 if (vp) {
209 /*
210 * We may attempt to challenge the supplicant
211 * twice when performing a resynchronisation.
212 *
213 * We previously asserted that the following were NULL:
214 *
215 * mod_session->response_hmac_extra
216 * mod_session->ctx.k_encr
217 * mod_session->ctx.k_aut
218 *
219 * but that is incorrect, as these fields need to be
220 * updated if new vectors are available.
221 */
222 talloc_free(mod_session->response_hmac_extra);
223 MEM(mod_session->response_hmac_extra = talloc_memdup(mod_session,
224 vp->vp_octets, vp->vp_length));
225 mod_session->response_hmac_extra_len = vp->vp_length;
226 }
227 /*
228 * Key we use for encrypting and decrypting attributes.
229 */
230 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_k_encr);
231 if (vp) {
232 talloc_const_free(mod_session->ctx.k_encr);
233 MEM(mod_session->ctx.k_encr = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
234 }
235
236 /*
237 * Key we use for signing and validating mac values.
238 */
239 vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_eap_aka_sim_k_aut);
240 if (vp) {
241 talloc_const_free(mod_session->ctx.k_aut);
242 MEM(mod_session->ctx.k_aut = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
243 mod_session->ctx.k_aut_len = vp->vp_length;
244 }
245
246 fr_assert(mod_session->ctx.k_encr && mod_session->ctx.k_aut);
247 FALL_THROUGH;
248
249 default:
250 RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data);
251 break;
252 }
253
254 encode_ctx = mod_session->ctx;
255 encode_ctx.eap_packet = eap_session->this_round->request;
256 encode_ctx.hmac_extra = request_hmac_extra;
257 encode_ctx.hmac_extra_len = request_hmac_extra_len;
258
259 RDEBUG2("Encoding attributes");
260 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->reply_pairs, NULL);
261 if (fr_aka_sim_encode(request, &request->reply_pairs, &encode_ctx) <= 0) RETURN_UNLANG_FAIL;
262
263 switch (subtype_vp->vp_uint16) {
264 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
265 /*
266 * Ingest the identity message into the checkcode
267 */
268 if (mod_session->ctx.checkcode_md) {
269 RDEBUG2("Updating checkcode");
270 if (!mod_session->checkcode_state &&
271 (fr_aka_sim_crypto_init_checkcode(mod_session, &mod_session->checkcode_state,
272 mod_session->ctx.checkcode_md) < 0)) {
273 RPWDEBUG("Failed initialising checkcode");
274 break;
275 }
276
277 if (fr_aka_sim_crypto_update_checkcode(mod_session->checkcode_state,
278 eap_session->this_round->request) < 0) {
279 RPWDEBUG("Failed updating checkcode");
280 }
281 }
282 break;
283
284 default:
285 break;
286 }
287
288 return UNLANG_ACTION_CALCULATE_RESULT; /* rcode is already correct */
289}
290
291/** Decode EAP session data into attribute
292 *
293 */
294unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
295{
296 eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
297 eap_session_t *eap_session = eap_session_get(request->parent);
298 eap_aka_sim_mod_session_t *mod_session = talloc_get_type_abort(eap_session->opaque,
299 eap_aka_sim_mod_session_t);
300 fr_pair_t *subtype_vp;
301 fr_dcursor_t cursor;
302 ssize_t ret;
303 fr_aka_sim_ctx_t decode_ctx;
304
305 switch (eap_session->this_round->response->type.num) {
306 default:
307 REDEBUG2("Unsupported EAP type (%u)", eap_session->this_round->response->type.num);
308 RETURN_UNLANG_REJECT;
309
310 case FR_EAP_METHOD_IDENTITY:
311 case FR_EAP_METHOD_NAK: /* Peer NAK'd our original suggestion */
312 break;
313
314 /*
315 * Only decode data for EAP-SIM/AKA/AKA' responses
316 */
317 case FR_EAP_METHOD_SIM:
318 case FR_EAP_METHOD_AKA:
319 case FR_EAP_METHOD_AKA_PRIME:
320 fr_pair_dcursor_init(&cursor, &request->request_pairs);
321
322 decode_ctx = mod_session->ctx;
323 decode_ctx.hmac_extra = mod_session->response_hmac_extra;
324 decode_ctx.hmac_extra_len = mod_session->response_hmac_extra_len;
325 decode_ctx.eap_packet = eap_session->this_round->response;
326
327 ret = fr_aka_sim_decode(request->request_ctx,
328 &request->request_pairs,
329 dict_eap_aka_sim,
330 eap_session->this_round->response->type.data,
331 eap_session->this_round->response->type.length,
332 &decode_ctx);
333
334 /*
335 * Only good for one response packet
336 */
337 TALLOC_FREE(mod_session->response_hmac_extra);
338 mod_session->response_hmac_extra_len = 0;
339
340 /*
341 * RFC 4187 says we *MUST* notify, not just send
342 * an EAP-Failure in this case where we cannot
343 * decode an EAP-AKA packet.
344 *
345 * We instead call the state machine and allow it
346 * to fail when it can't find the necessary
347 * attributes.
348 */
349 if (ret < 0) {
350 RPEDEBUG2("Failed decoding attributes");
351 goto done;
352 }
353
354 if (!fr_pair_list_empty(&request->request_pairs) && RDEBUG_ENABLED2) {
355 RDEBUG2("Decoded attributes");
356 log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->request_pairs, NULL);
357 }
358
359 subtype_vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_aka_sim_subtype);
360 if (!subtype_vp) {
361 REDEBUG2("Missing Sub-Type"); /* Let the state machine enter the right state */
362 break;
363 }
364
365 RDEBUG2("Received EAP-Response/%pV", &(subtype_vp)->data);
366
367 switch (subtype_vp->vp_uint16) {
368 /*
369 * Ingest the identity message into the checkcode
370 */
371 case FR_SUBTYPE_VALUE_AKA_IDENTITY:
372 if (mod_session->checkcode_state) {
373 RDEBUG2("Updating checkcode");
374 if (fr_aka_sim_crypto_update_checkcode(mod_session->checkcode_state,
375 eap_session->this_round->response) < 0) {
376 RPWDEBUG("Failed updating checkcode");
377 }
378 }
379 break;
380
381 case FR_SUBTYPE_VALUE_AKA_SIM_REAUTHENTICATION:
382 case FR_SUBTYPE_VALUE_AKA_CHALLENGE:
383 /*
384 * Include our copy of the checkcode if we've been
385 * calculating it. This is put in the control list
386 * so the state machine can check they're identical.
387 *
388 * This lets us simulate checkcode failures easily
389 * when testing the state machine.
390 */
391 if (mod_session->checkcode_state) {
392 uint8_t *checkcode;
393 fr_pair_t *vp;
394
395 MEM(pair_append_control(&vp, attr_eap_aka_sim_checkcode) >= 0);
396 if (fr_aka_sim_crypto_finalise_checkcode(vp, &checkcode, mod_session->checkcode_state) < 0) {
397 RPWDEBUG("Failed calculating checkcode");
398 pair_delete_control(vp);
399 } else {
400 fr_pair_value_memdup_buffer_shallow(vp, checkcode, false); /* Buffer already in the correct ctx */
401 }
402 }
403 FALL_THROUGH;
404
405 case FR_SUBTYPE_VALUE_SIM_CHALLENGE:
406 {
407 fr_pair_t *vp;
408 ssize_t slen;
409 uint8_t *buff;
410
411 MEM(pair_append_control(&vp, attr_eap_aka_sim_mac) >= 0);
412 MEM(fr_pair_value_mem_alloc(vp, &buff, AKA_SIM_MAC_DIGEST_SIZE, false) == 0);
413
414 slen = fr_aka_sim_crypto_sign_packet(buff, eap_session->this_round->response, true,
415 mod_session->ctx.hmac_md,
416 mod_session->ctx.k_aut,
417 mod_session->ctx.k_aut_len,
418 mod_session->response_hmac_extra,
419 mod_session->response_hmac_extra_len);
420 if (slen <= 0) {
421 RPEDEBUG("AT_MAC calculation failed");
422 pair_delete_control(vp);
423 RETURN_UNLANG_FAIL;
424 }
425 }
426 break;
427
428 default:
429 break;
430 }
431 break;
432 }
433
434done:
435 /*
436 * Setup our encode function as the resumption
437 * frame when the state machine finishes with
438 * this round.
439 */
440 (void)unlang_module_yield(request, mod_encode, NULL, 0, NULL);
441
442 if (virtual_server_push(&mod_session->virtual_server_result, request, inst->virtual_server, UNLANG_SUB_FRAME) < 0) {
443 unlang_interpet_frame_discard(request);
444 RETURN_UNLANG_FAIL;
445 }
446
447 return UNLANG_ACTION_PUSHED_CHILD;
448}
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
UNLANG_ACTION_PUSHED_CHILD
@ UNLANG_ACTION_PUSHED_CHILD
unlang_t pushed a new child onto the stack, execute it instead of continuing.
Definition action.h:39
UNLANG_ACTION_CALCULATE_RESULT
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
RCSID
#define RCSID(id)
Definition build.h:485
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
eap_packet_t::type
eap_type_data_t type
Definition compose.h:39
eap_round_t::set_request_id
bool set_request_id
Whether the EAP-Method already set the next request ID.
Definition compose.h:51
eap_round_t::response
eap_packet_t * response
Packet we received from the peer.
Definition compose.h:49
eap_packet_t::code
eap_code_t code
Definition compose.h:36
eap_packet_t::id
uint8_t id
Definition compose.h:37
eap_round_t::request
eap_packet_t * request
Packet we will send to the peer.
Definition compose.h:50
fr_dcursor_s
Definition dcursor.h:93
MEM
#define MEM(x)
Definition debug.h:36
FR_EAP_CODE_FAILURE
@ FR_EAP_CODE_FAILURE
Definition types.h:40
FR_EAP_CODE_REQUEST
@ FR_EAP_CODE_REQUEST
Definition types.h:37
FR_EAP_CODE_SUCCESS
@ FR_EAP_CODE_SUCCESS
Definition types.h:39
eap_type_data_t::num
eap_type_t num
Definition types.h:110
eap_type_data_t::length
size_t length
Definition types.h:111
eap_type_data_t::data
uint8_t * data
Definition types.h:112
eap_code_t
enum eap_code eap_code_t
FR_EAP_METHOD_SIM
@ FR_EAP_METHOD_SIM
Definition types.h:63
FR_EAP_METHOD_NAK
@ FR_EAP_METHOD_NAK
Definition types.h:48
FR_EAP_METHOD_AKA
@ FR_EAP_METHOD_AKA
Definition types.h:68
FR_EAP_METHOD_AKA_PRIME
@ FR_EAP_METHOD_AKA_PRIME
Definition types.h:96
FR_EAP_METHOD_IDENTITY
@ FR_EAP_METHOD_IDENTITY
Definition types.h:46
fr_aka_sim_ctx_t::hmac_extra_len
size_t hmac_extra_len
Definition base.h:244
fr_aka_sim_crypto_sign_packet
ssize_t fr_aka_sim_crypto_sign_packet(uint8_t out[static AKA_SIM_MAC_DIGEST_SIZE], eap_packet_t *eap_packet, bool zero_mac, EVP_MD const *md, uint8_t const *key, size_t const key_len, uint8_t const *hmac_extra, size_t const hmac_extra_len)
Calculate the digest value for a packet.
Definition crypto.c:284
fr_aka_sim_ctx_t::k_aut
uint8_t const * k_aut
The authentication key used for signing.
Definition base.h:249
fr_aka_sim_decode
int fr_aka_sim_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_t const *dict, uint8_t const *data, size_t data_len, fr_aka_sim_ctx_t *decode_ctx)
Decode SIM/AKA/AKA' specific packet data.
Definition decode.c:942
fr_aka_sim_crypto_finalise_checkcode
ssize_t fr_aka_sim_crypto_finalise_checkcode(TALLOC_CTX *ctx, uint8_t **out, fr_aka_sim_checkcode_t *checkcode)
Write out the final checkcode value.
Definition crypto.c:196
fr_aka_sim_ctx_t::hmac_md
EVP_MD const * hmac_md
HMAC digest algorithm, usually EVP_sha1().
Definition base.h:240
fr_aka_sim_ctx_t::eap_packet
eap_packet_t * eap_packet
Needed for validating AT_MAC.
Definition base.h:238
fr_aka_sim_ctx_t::checkcode_md
EVP_MD const * checkcode_md
HMAC we use for calculating the checkcode.
Definition base.h:241
fr_aka_sim_ctx_t::k_encr
uint8_t const * k_encr
The encryption key used for encrypting.
Definition base.h:246
fr_aka_sim_ctx_t::hmac_extra
uint8_t const * hmac_extra
Extra data for the HMAC function.
Definition base.h:243
AKA_SIM_MAC_DIGEST_SIZE
#define AKA_SIM_MAC_DIGEST_SIZE
Length of MAC used to prevent packet modification.
Definition base.h:42
fr_aka_sim_crypto_update_checkcode
int fr_aka_sim_crypto_update_checkcode(fr_aka_sim_checkcode_t *checkcode, eap_packet_t *eap_packet)
Digest a packet, updating the checkcode.
Definition crypto.c:152
fr_aka_sim_encode
ssize_t fr_aka_sim_encode(request_t *request, fr_pair_list_t *to_encode, void *encode_ctx)
Definition encode.c:872
fr_aka_sim_ctx_t::k_aut_len
size_t k_aut_len
Definition base.h:250
fr_aka_sim_crypto_init_checkcode
int fr_aka_sim_crypto_init_checkcode(TALLOC_CTX *ctx, fr_aka_sim_checkcode_t **checkcode, EVP_MD const *md)
Initialise checkcode message digest.
Definition crypto.c:114
fr_aka_sim_ctx_t
Encoder/decoder ctx.
Definition base.h:234
eap_aka_sim_mod_session_t::response_hmac_extra
uint8_t * response_hmac_extra
Data to concatenate to response packet before validating.
Definition module.h:74
eap_aka_sim_mod_session_t::response_hmac_extra_len
size_t response_hmac_extra_len
Definition module.h:76
eap_aka_sim_mod_session_t::ctx
fr_aka_sim_ctx_t ctx
Definition module.h:81
eap_aka_sim_mod_session_t::virtual_server_result
unlang_result_t virtual_server_result
Definition module.h:78
eap_aka_sim_mod_session_t::id
uint8_t id
Last ID used, monotonically increments.
Definition module.h:72
eap_aka_sim_mod_session_t::checkcode_state
fr_aka_sim_checkcode_t * checkcode_state
Digest of all identity packets we've seen.
Definition module.h:80
eap_aka_sim_mod_session_t
Structure used to track session state at the module level.
Definition module.h:71
eap_aka_sim_module_conf_t
Definition module.h:39
unlang_interpet_frame_discard
void unlang_interpet_frame_discard(request_t *request)
Discard the bottom most frame on the request's stack.
Definition interpret.c:1986
UNLANG_SUB_FRAME
#define UNLANG_SUB_FRAME
Definition interpret.h:37
unlang_result_t::rcode
rlm_rcode_t rcode
The current rcode, from executing the instruction or merging the result from a frame.
Definition interpret.h:134
unlang_result_t
Definition interpret.h:133
eap_session_get
static eap_session_t * eap_session_get(request_t *request)
Definition session.h:83
eap_session_s::opaque
void * opaque
Opaque data used by EAP methods.
Definition session.h:63
eap_session_s::this_round
eap_round_t * this_round
The EAP response we're processing, and the EAP request we're building.
Definition session.h:60
eap_session_s::finished
bool finished
Whether we consider this session complete.
Definition session.h:72
eap_session_s
Tracks the progress of a single session of any EAP method.
Definition session.h:41
attr_eap_aka_sim_bidding
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_bidding
Definition base.c:63
attr_eap_aka_sim_permanent_id_req
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_permanent_id_req
Definition base.c:92
attr_eap_aka_sim_k_encr
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_k_encr
Definition base.c:78
attr_eap_aka_sim_checkcode
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_checkcode
Definition base.c:64
attr_eap_aka_sim_k_aut
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_k_aut
Definition base.c:77
attr_eap_aka_sim_any_id_req
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_any_id_req
Definition base.c:60
dict_eap_aka_sim
fr_dict_t const * dict_eap_aka_sim
Definition base.c:48
attr_eap_aka_sim_mac
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_mac
Definition base.c:84
attr_eap_aka_sim_fullauth_id_req
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_fullauth_id_req
Definition base.c:70
attr_eap_aka_sim_subtype
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_subtype
Definition base.c:99
attr_eap_aka_sim_hmac_extra_request
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_hmac_extra_request
Definition base.c:71
attr_eap_aka_sim_hmac_extra_response
HIDDEN fr_dict_attr_t const * attr_eap_aka_sim_hmac_extra_response
Definition base.c:72
log_request_pair_list
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
Definition log.c:828
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition log.h:376
RPWDEBUG
#define RPWDEBUG(fmt,...)
Definition log.h:366
RPEDEBUG2
#define RPEDEBUG2(fmt,...)
Definition log.h:377
REDEBUG2
#define REDEBUG2(fmt,...)
Definition log.h:372
talloc_free
talloc_free(reap)
L_DBG_LVL_2
@ L_DBG_LVL_2
2nd highest priority debug messages (-xx | -X).
Definition log.h:71
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
request_t
Definition merged_model.c:210
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:697
fr_pair_value_mem_alloc
int fr_pair_value_mem_alloc(fr_pair_t *vp, uint8_t **out, size_t size, bool tainted)
Pre-allocate a memory buffer for a "octets" type value pair.
Definition pair.c:2885
fr_pair_value_memdup_buffer_shallow
int fr_pair_value_memdup_buffer_shallow(fr_pair_t *vp, uint8_t const *src, bool tainted)
Assign a talloced buffer to a "octets" type value pair.
Definition pair.c:3011
encode_ctx
static fr_internal_encode_ctx_t encode_ctx
Definition proto_ldap_sync.c:34
attrs.h
VQP attributes.
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
done
static bool done
Definition radclient.c:81
RDEBUG_ENABLED2
#define RDEBUG_ENABLED2()
Definition radclient.h:50
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient.h:54
RETURN_UNLANG_FAIL
#define RETURN_UNLANG_FAIL
Definition rcode.h:57
RETURN_UNLANG_REJECT
#define RETURN_UNLANG_REJECT
Definition rcode.h:56
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
RLM_MODULE_INVALID
@ RLM_MODULE_INVALID
The module considers the request invalid.
Definition rcode.h:45
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
RLM_MODULE_DISALLOW
@ RLM_MODULE_DISALLOW
Reject the request (user is locked out).
Definition rcode.h:46
RLM_MODULE_REJECT
@ RLM_MODULE_REJECT
Immediately reject the request.
Definition rcode.h:41
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:47
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:49
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:48
RLM_MODULE_NUMCODES
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:51
RLM_MODULE_HANDLED
@ RLM_MODULE_HANDLED
The module handled the request, so stop.
Definition rcode.h:44
module_instance_s::data
void * data
Module's instance data.
Definition module.h:291
pair_append_control
#define pair_append_control(_attr, _da)
Allocate and append a fr_pair_t to the control list.
Definition pair.h:57
pair_update_reply
#define pair_update_reply(_attr, _da)
Return or allocate a fr_pair_t in the reply list.
Definition pair.h:129
pair_delete_reply
#define pair_delete_reply(_pair_or_da)
Delete a fr_pair_t in the reply list.
Definition pair.h:181
pair_append_reply
#define pair_append_reply(_attr, _da)
Allocate and append a fr_pair_t to reply list.
Definition pair.h:47
pair_delete_control
#define pair_delete_control(_pair_or_da)
Delete a fr_pair_t in the control list.
Definition pair.h:190
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
mod_encode
static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Encode EAP session data from attributes.
Definition module.c:42
eap_aka_sim_process
unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Decode EAP session data into attribute.
Definition module.c:294
unlang_module_yield
unlang_action_t unlang_module_yield(request_t *request, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition module.c:434
subtype_vp
fr_pair_t * subtype_vp
Definition state_machine.c:1305
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3651
vp
fr_pair_t * vp
Definition state_machine.c:2293
eap_aka_sim_process_conf_t::type
eap_type_t type
The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.
Definition state_machine.h:191
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
talloc_const_free
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:229
module.h
Functions to allow modules to push resumption frames onto the stack and inform the interpreter about ...
base.h
Master include file to access all functions and structures in the library.
fr_pair_list_empty
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
Definition pair_inline.c:124
fr_pair_dcursor_init
#define fr_pair_dcursor_init(_cursor, _list)
Initialises a special dcursor with callbacks that will maintain the attr sublists correctly.
Definition pair.h:587
data
static fr_slen_t data
Definition value.h:1288
virtual_server_push
unlang_action_t virtual_server_push(unlang_result_t *p_result, request_t *request, CONF_SECTION *server_cs, bool top_frame)
Set the request processing function.
Definition virtual_servers.c:755
Generated by   doxygen 1.9.8