Changeset 438:e7814e24e57b in freeDiameter
- Timestamp:
- Jul 28, 2010, 3:59:39 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- Location:
- extensions/app_diameap
- Files:
-
- 20 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/app_diameap/CMakeLists.txt
r431 r438 25 25 diameap_user.h 26 26 diameap.tab.h 27 diameap_init.h28 27 diameap.tab.c 29 28 lex.diameap.c -
extensions/app_diameap/diameap.c
r425 r438 38 38 #include "diameap_common.h" 39 39 40 /* Define the entry point */ 41 EXTENSION_ENTRY("DiamEAP", diameap_main) 42 ; 40 43 41 44 42 /* DiamEAP Configuration */ … … 84 82 return; 85 83 } 84 85 /* Define the entry point */ 86 EXTENSION_ENTRY("DiamEAP", diameap_main) 87 ; -
extensions/app_diameap/diameap.h
r425 r438 71 71 extern struct diameap_conf *diameap_config; 72 72 73 /* Main function of DiamEAP extension */ 74 static int diameap_main(char * conffile); 73 /* Initialize the configuration of DiamEAP*/ 74 int diameap_init(char * conffile); 75 76 /* parser */ 77 int diameapparse(struct diameap_conf * config); 78 75 79 76 80 #endif /* DIAMEAP_H_ */ -
extensions/app_diameap/diameap.l
-
Property
exe
set to
*
r425 r438 50 50 } 51 51 52 #define YY_NO_INPUT 52 53 %} 53 54 … … 58 59 %option bison-bridge 59 60 %option bison-locations 60 61 %option nounput 61 62 62 63 %% -
Property
exe
set to
-
extensions/app_diameap/diameap_common.h
r425 r438 44 44 #include "diameap.h" 45 45 #include "diameap_plugins.h" 46 #include "diameap_init.h"47 46 #include "diameap_eap.h" 48 47 #include "diameap_server.h" -
extensions/app_diameap/diameap_eap.c
-
Property
exe
set to
*
r425 r438 38 38 #include "diameap_common.h" 39 39 40 static void diameap_ba_nextid(struct eap_state_machine * sm, int * id) 41 { 42 TRACE_ENTRY("%p %p",sm,id); 43 44 if (sm->currentId < 0) 45 { 46 *id = (u8) (255 * rand() / RAND_MAX) & 0xFFU; 47 } 48 else 49 { 50 *id = (sm->currentId++) & 0xFFU; 51 } 52 if (*id == sm->lastId) 53 { 54 *id=*id+1; 55 } 56 } 57 58 static void diameap_ba_policyupdate(struct eap_state_machine * eap_sm, 59 struct eap_packet eapPacket) 60 { 61 TRACE_ENTRY("%p %p",eap_sm, eapPacket); 62 if ((eap_sm->respMethod == TYPE_NAK)) 63 { 64 int id; 65 eap_sm->user.pmethods = 0; 66 u32 vendor; 67 eap_type type; 68 u8 *data = (u8 *) eapPacket.data; 69 data += 5; 70 id = 5; 71 while (id < eapPacket.length) 72 { 73 vendor = VENDOR_IETF; 74 type = G8(data); 75 if (diameap_plugin_exist(vendor, type) == TRUE) 76 { 77 eap_sm->user.proposedmethods[id - 5].method = type; 78 eap_sm->user.proposedmethods[id - 5].vendor = vendor; 79 eap_sm->user.pmethods++; 80 } 81 data++; 82 id++; 83 } 84 eap_sm->user.methodId = -1; 85 } 86 } 87 88 static int diameap_ba_policygetnextmethod(struct eap_state_machine * eap_sm, 89 eap_type * eaptype, u32 * vendor) 90 { 91 TRACE_ENTRY("%p %p %p",eap_sm,eaptype,vendor); 92 *vendor = 0; 93 *eaptype = TYPE_NONE; 94 eap_sm->selectedMethod = NULL; 95 96 if (eap_sm == NULL) 97 { 98 return EINVAL; 99 } 100 101 if (eap_sm->user.userid == NULL) 102 { 103 if ((eap_sm->currentMethod == TYPE_NONE)) 104 { 105 *vendor = VENDOR_IETF; 106 *eaptype = TYPE_IDENTITY; 107 if (eap_sm->selectedMethod != NULL) 108 { 109 (*eap_sm->selectedMethod->eap_method_free)(eap_sm->methodData); 110 eap_sm->methodData = NULL; 111 } 112 CHECK_FCT(diameap_plugin_get(VENDOR_IETF,TYPE_IDENTITY,&eap_sm->selectedMethod)); 113 return 0; 114 } 115 116 eap_sm->selectedMethod = NULL; 117 *vendor = 0; 118 *eaptype = TYPE_NONE; 119 return 0; 120 } 121 122 if (eap_sm->user.methodId == -1) 123 { 124 if (eap_sm->user.proposed_eap_method >= TYPE_EAP_MD5) 125 { 126 *vendor = eap_sm->user.proposed_eap_method_vendor; 127 if (*vendor == VENDOR_IETF) 128 { 129 *eaptype = eap_sm->user.proposed_eap_method; 130 } 131 else 132 { 133 *eaptype = TYPE_EXPANDED_TYPES; 134 } 135 if (eap_sm->selectedMethod != NULL) 136 { 137 (*eap_sm->selectedMethod->eap_method_free)(eap_sm->methodData); 138 eap_sm->methodData = NULL; 139 } 140 CHECK_FCT_DO(diameap_plugin_get(*vendor,*eaptype,&eap_sm->selectedMethod), 141 { TRACE_DEBUG(INFO,"%s [EAP Protocol] Invalid EAP-TYPE %d (vendor %d)",DIAMEAP_EXTENSION,*eaptype,*vendor);return 1;}); 142 143 } 144 eap_sm->user.proposed_eap_method = TYPE_NONE; 145 } 146 else 147 { 148 *vendor = eap_sm->user.proposedmethods[eap_sm->user.methodId].vendor; 149 if (eap_sm->user.proposedmethods[eap_sm->user.methodId].vendor 150 == VENDOR_IETF) 151 { 152 *eaptype 153 = eap_sm->user.proposedmethods[eap_sm->user.methodId].method; 154 } 155 else 156 { 157 *eaptype = TYPE_EXPANDED_TYPES; 158 } 159 if (eap_sm->selectedMethod != NULL) 160 { 161 (*eap_sm->selectedMethod->eap_method_free)(eap_sm->methodData); 162 eap_sm->methodData=NULL; 163 } 164 CHECK_FCT(diameap_plugin_get(eap_sm->user.proposedmethods[eap_sm->user.methodId].vendor,eap_sm->user.proposedmethods[eap_sm->user.methodId].method,&eap_sm->selectedMethod)); 165 166 eap_sm->user.methodId++; 167 } 168 169 return 0; 170 } 171 172 static int diameap_ba_policygetdecision(struct eap_state_machine * eap_sm, 173 struct diameap_eap_interface * eap_i, decision * gdecision) 174 { 175 TRACE_ENTRY("%p %p %p",eap_sm,eap_i,gdecision); 176 177 if (eap_sm->user.userid != NULL) 178 { 179 180 if (eap_sm->methodState == EAP_M_END) 181 { 182 183 if (eap_sm->respMethod == TYPE_IDENTITY) 184 { 185 186 *gdecision = DECISION_CONTINUE; 187 return 0; 188 } 189 190 if ((eap_sm->respMethod == TYPE_NAK) || ((eap_sm->respMethod 191 == TYPE_EXPANDED_TYPES) && (eap_sm->respVendor 192 == VENDOR_IETF) && (eap_sm->respVendorMethod == TYPE_NAK))) 193 { 194 goto SelectNextMethod; 195 } 196 197 if (eap_sm->user.success == TRUE) 198 { 199 200 *gdecision = DECISION_SUCCESS; 201 } 202 else 203 { 204 205 *gdecision = DECISION_FAILURE; 206 } 207 208 } 209 else 210 { 211 goto SelectNextMethod; 212 } 213 return 0; 214 215 SelectNextMethod: if ((eap_sm->user.methodId 216 == (MAXPROPOSEDMETHODS - 1)) 217 || ((eap_sm->user.proposedmethods[eap_sm->user.methodId + 1].method 218 == TYPE_NONE) 219 && (eap_sm->user.proposedmethods[eap_sm->user.methodId 220 + 1].vendor == VENDOR_IETF))) 221 { 222 TRACE_DEBUG(FULL+1, 223 "%s [EAP protocol] None of proposed EAP Methods authenticated the user.(FAILURE)",DIAMEAP_EXTENSION); 224 *gdecision = DECISION_FAILURE; 225 return 0; 226 } 227 228 eap_sm->user.methodId = 0; 229 *gdecision = DECISION_CONTINUE; 230 return 0; 231 } 232 233 if (eap_sm->currentMethod == TYPE_IDENTITY) 234 { 235 *gdecision = DECISION_FAILURE; 236 return 0; 237 } 238 239 *gdecision = DECISION_CONTINUE; 240 return 0; 241 } 242 243 static boolean diameap_ba_policydopickup(eap_type type) 244 { 245 TRACE_ENTRY("%p",type); 246 if (type == TYPE_IDENTITY) 247 { 248 return TRUE; 249 } 250 return FALSE; 251 } 252 40 253 int diameap_eap_statemachine(struct eap_state_machine * eap_sm, 41 254 struct diameap_eap_interface * eap_i, boolean * non_fatal_error) … … 375 588 } 376 589 break; 590 377 591 case EAP_END: 592 break; 593 594 case EAP_IDLE: 378 595 break; 379 596 } … … 383 600 } 384 601 385 static void diameap_ba_nextid(struct eap_state_machine * sm, int * id)386 {387 TRACE_ENTRY("%p %p",sm,id);388 389 if (sm->currentId < 0)390 {391 *id = (u8) (255 * rand() / RAND_MAX) & 0xFFU;392 }393 else394 {395 *id = (sm->currentId++) & 0xFFU;396 }397 if (*id == sm->lastId)398 {399 *id++;400 }401 }402 403 static void diameap_ba_policyupdate(struct eap_state_machine * eap_sm,404 struct eap_packet eapPacket)405 {406 TRACE_ENTRY("%p %p",eap_sm, eapPacket);407 if ((eap_sm->respMethod == TYPE_NAK))408 {409 int id;410 eap_sm->user.pmethods = 0;411 u32 vendor;412 eap_type type;413 u8 *data = (u8 *) eapPacket.data;414 data += 5;415 id = 5;416 while (id < eapPacket.length)417 {418 vendor = VENDOR_IETF;419 type = G8(data);420 if (diameap_plugin_exist(vendor, type) == TRUE)421 {422 eap_sm->user.proposedmethods[id - 5].method = type;423 eap_sm->user.proposedmethods[id - 5].vendor = vendor;424 eap_sm->user.pmethods++;425 }426 data++;427 id++;428 }429 eap_sm->user.methodId = -1;430 }431 }432 433 static int diameap_ba_policygetnextmethod(struct eap_state_machine * eap_sm,434 eap_type * eaptype, u32 * vendor)435 {436 TRACE_ENTRY("%p %p %p",eap_sm,eaptype,vendor);437 *vendor = 0;438 *eaptype = TYPE_NONE;439 eap_sm->selectedMethod = NULL;440 441 if (eap_sm == NULL)442 {443 return EINVAL;444 }445 446 if (eap_sm->user.userid == NULL)447 {448 if ((eap_sm->currentMethod == TYPE_NONE))449 {450 *vendor = VENDOR_IETF;451 *eaptype = TYPE_IDENTITY;452 if (eap_sm->selectedMethod != NULL)453 {454 (*eap_sm->selectedMethod->eap_method_free)(eap_sm->methodData);455 eap_sm->methodData = NULL;456 }457 CHECK_FCT(diameap_plugin_get(VENDOR_IETF,TYPE_IDENTITY,&eap_sm->selectedMethod));458 return 0;459 }460 461 eap_sm->selectedMethod = NULL;462 *vendor = 0;463 *eaptype = TYPE_NONE;464 return 0;465 }466 467 if (eap_sm->user.methodId == -1)468 {469 if (eap_sm->user.proposed_eap_method >= TYPE_EAP_MD5)470 {471 *vendor = eap_sm->user.proposed_eap_method_vendor;472 if (*vendor == VENDOR_IETF)473 {474 *eaptype = eap_sm->user.proposed_eap_method;475 }476 else477 {478 *eaptype = TYPE_EXPANDED_TYPES;479 }480 if (eap_sm->selectedMethod != NULL)481 {482 (*eap_sm->selectedMethod->eap_method_free)(eap_sm->methodData);483 eap_sm->methodData = NULL;484 }485 CHECK_FCT_DO(diameap_plugin_get(*vendor,*eaptype,&eap_sm->selectedMethod),486 { TRACE_DEBUG(INFO,"%s [EAP Protocol] Invalid EAP-TYPE %d (vendor %d)",DIAMEAP_EXTENSION,*eaptype,*vendor);return 1;});487 488 }489 eap_sm->user.proposed_eap_method = TYPE_NONE;490 }491 else492 {493 *vendor = eap_sm->user.proposedmethods[eap_sm->user.methodId].vendor;494 if (eap_sm->user.proposedmethods[eap_sm->user.methodId].vendor495 == VENDOR_IETF)496 {497 *eaptype498 = eap_sm->user.proposedmethods[eap_sm->user.methodId].method;499 }500 else501 {502 *eaptype = TYPE_EXPANDED_TYPES;503 }504 if (eap_sm->selectedMethod != NULL)505 {506 (*eap_sm->selectedMethod->eap_method_free)(eap_sm->methodData);507 eap_sm->methodData;508 }509 CHECK_FCT(diameap_plugin_get(eap_sm->user.proposedmethods[eap_sm->user.methodId].vendor,eap_sm->user.proposedmethods[eap_sm->user.methodId].method,&eap_sm->selectedMethod));510 511 eap_sm->user.methodId++;512 }513 514 return 0;515 }516 517 static int diameap_ba_policygetdecision(struct eap_state_machine * eap_sm,518 struct diameap_eap_interface * eap_i, decision * gdecision)519 {520 TRACE_ENTRY("%p %p %p",eap_sm,eap_i,gdecision);521 522 if (eap_sm->user.userid != NULL)523 {524 525 if (eap_sm->methodState == EAP_M_END)526 {527 528 if (eap_sm->respMethod == TYPE_IDENTITY)529 {530 531 *gdecision = DECISION_CONTINUE;532 return 0;533 }534 535 if ((eap_sm->respMethod == TYPE_NAK) || ((eap_sm->respMethod536 == TYPE_EXPANDED_TYPES) && (eap_sm->respVendor537 == VENDOR_IETF) && (eap_sm->respVendorMethod == TYPE_NAK)))538 {539 goto SelectNextMethod;540 }541 542 if (eap_sm->user.success == TRUE)543 {544 545 *gdecision = DECISION_SUCCESS;546 }547 else548 {549 550 *gdecision = DECISION_FAILURE;551 }552 553 }554 else555 {556 goto SelectNextMethod;557 }558 return 0;559 560 SelectNextMethod: if ((eap_sm->user.methodId561 == (MAXPROPOSEDMETHODS - 1))562 || ((eap_sm->user.proposedmethods[eap_sm->user.methodId + 1].method563 == TYPE_NONE)564 && (eap_sm->user.proposedmethods[eap_sm->user.methodId565 + 1].vendor == VENDOR_IETF)))566 {567 TRACE_DEBUG(FULL+1,568 "%s [EAP protocol] None of proposed EAP Methods authenticated the user.(FAILURE)",DIAMEAP_EXTENSION);569 *gdecision = DECISION_FAILURE;570 return 0;571 }572 573 eap_sm->user.methodId = 0;574 *gdecision = DECISION_CONTINUE;575 return 0;576 }577 578 if (eap_sm->currentMethod == TYPE_IDENTITY)579 {580 *gdecision = DECISION_FAILURE;581 return 0;582 }583 584 *gdecision = DECISION_CONTINUE;585 return 0;586 }587 588 static boolean diameap_ba_policydopickup(eap_type type)589 {590 TRACE_ENTRY("%p",type);591 if (type == TYPE_IDENTITY)592 {593 return TRUE;594 }595 return FALSE;596 } -
Property
exe
set to
-
extensions/app_diameap/diameap_eap.h
-
Property
exe
set to
*
r425 r438 67 67 68 68 int diameap_eap_statemachine(struct eap_state_machine * sm, struct diameap_eap_interface * eap_i, boolean * error); 69 static void diameap_ba_nextid(struct eap_state_machine * sm, int * id); 70 static void diameap_ba_policyupdate(struct eap_state_machine * sm, struct eap_packet eapPacket); 71 static int diameap_ba_policygetnextmethod(struct eap_state_machine * sm, eap_type * eaptype, u32 * vendor); 72 static int diameap_ba_policygetdecision(struct eap_state_machine * sm, struct diameap_eap_interface * eap_i, decision * gdecision); 73 static boolean diameap_ba_policydopickup(eap_type type); 69 74 70 75 71 #endif /* EAP_H_ */ -
Property
exe
set to
-
extensions/app_diameap/diameap_init.c
r425 r438 113 113 struct dict_object * dataobj_user_name = NULL; 114 114 115 int diameap_init(char * conffile) 116 { 117 TRACE_ENTRY("%p",conffile); 118 119 /* Initialize the diameap_config structure*/ 120 CHECK_FCT(diameap_init_config(conffile)); 121 122 if (diameap_config->conffile) 123 { 124 /* parse the configuration file*/ 125 CHECK_FCT(diameap_parse_conffile()); 126 127 /* Load EAP methods plug-ins */ 128 CHECK_FCT(diameap_plugin_load()); 129 130 } 131 else 132 { 133 TRACE_DEBUG(FULL,"%sNo EAP method plug-in available with a default configuration.",DIAMEAP_EXTENSION); 134 } 135 136 /* Initialize Dictionary templates */ 137 CHECK_FCT(diameap_init_obj()); 138 139 /* Initialize access to user's information Database */ 140 CHECK_FCT(diameap_mysql_connect()); 141 142 /* Dump DiamEAP extension configuration */ 143 diameap_conf_dump(); 144 145 return 0; 146 } 115 147 116 148 117 static int diameap_init_config(char * conffile) … … 389 358 } 390 359 return 0; 391 }392 393 /* Reconnecting to MySQL Database */394 int diameap_mysql_reconnect()395 {396 TRACE_ENTRY();397 CHECK_POSIX(pthread_mutex_lock( &db_cs_mutex ));398 if (db_conn == NULL)399 {400 TRACE_DEBUG(INFO,"%sReconnecting to MySQL server.",DIAMEAP_EXTENSION);401 if(diameap_mysql_connect()==0){402 TRACE_DEBUG(INFO,"%s Reconnected successfully to MySQL Server.",DIAMEAP_EXTENSION);403 }else{404 return 1;405 }406 }407 CHECK_POSIX(pthread_mutex_unlock( &db_cs_mutex ));408 return 0;409 410 360 } 411 361 … … 440 390 "-------- DiamEAP extension : Configuration parameters (End) ---------------\n"); 441 391 } 392 393 int diameap_init(char * conffile) 394 { 395 TRACE_ENTRY("%p",conffile); 396 397 /* Initialize the diameap_config structure*/ 398 CHECK_FCT(diameap_init_config(conffile)); 399 400 if (diameap_config->conffile) 401 { 402 /* parse the configuration file*/ 403 CHECK_FCT(diameap_parse_conffile()); 404 405 /* Load EAP methods plug-ins */ 406 CHECK_FCT(diameap_plugin_load()); 407 408 } 409 else 410 { 411 TRACE_DEBUG(FULL,"%sNo EAP method plug-in available with a default configuration.",DIAMEAP_EXTENSION); 412 } 413 414 /* Initialize Dictionary templates */ 415 CHECK_FCT(diameap_init_obj()); 416 417 /* Initialize access to user's information Database */ 418 CHECK_FCT(diameap_mysql_connect()); 419 420 /* Dump DiamEAP extension configuration */ 421 diameap_conf_dump(); 422 423 return 0; 424 } -
extensions/app_diameap/diameap_mysql.c
r425 r438 38 38 #include "diameap_mysql.h" 39 39 40 static pthread_mutex_t db_cs_mutex = 41 PTHREAD_MUTEX_INITIALIZER; 42 40 43 int diameap_get_eap_user(struct eap_user * user, char * username) 41 44 { … … 44 47 { 45 48 TRACE_DEBUG(INFO, "%sNot connected to the MySQL Database server.",DIAMEAP_EXTENSION); 46 if (diameap_mysql_reconnect()) 47 { 48 return EINVAL; 49 } 49 50 return EINVAL; 51 50 52 } 51 53 mysql_thread_init(); … … 67 69 CHECK_POSIX(pthread_mutex_unlock( &db_cs_mutex )); 68 70 TRACE_DEBUG(INFO, "%sQuery execution fail. %s",DIAMEAP_EXTENSION, mysql_error(db_conn)); 69 db_conn = NULL;70 diameap_mysql_reconnect();71 71 mysql_thread_end(); 72 72 free(query); … … 83 83 84 84 user->id = atoi(row[0]); 85 user->userid = strdup(row[1]);85 memcpy(user->userid,row[1],strlen(row[1])); 86 86 user->useridLength = strlen(row[1]); 87 user->password = strdup(row[2]);87 memcpy(user->password, row[2],strlen(row[2])); 88 88 user->passwordLength = strlen(row[2]); 89 89 user->proposed_eap_method = atoi(row[3]); … … 115 115 { 116 116 TRACE_DEBUG(INFO, "%sNot connected to the MySQL Database server.",DIAMEAP_EXTENSION); 117 if (diameap_mysql_reconnect()) 118 { 119 return EINVAL; 120 } 117 118 return EINVAL; 119 121 120 } 122 121 … … 138 137 CHECK_POSIX(pthread_mutex_unlock( &db_cs_mutex )); 139 138 TRACE_DEBUG(INFO, "%sQuery execution fail. %s",DIAMEAP_EXTENSION, mysql_error(db_conn)); 140 db_conn = NULL;141 diameap_mysql_reconnect();142 139 mysql_thread_end(); 143 140 free(query); … … 178 175 { 179 176 TRACE_DEBUG(INFO, "%sNot connected to the MySQL Database server.",DIAMEAP_EXTENSION); 180 if (diameap_mysql_reconnect()) 181 { 182 return EINVAL; 183 } 177 178 return EINVAL; 179 184 180 } 185 181 … … 202 198 CHECK_POSIX(pthread_mutex_unlock( &db_cs_mutex )); 203 199 TRACE_DEBUG(INFO, "%sQuery execution fail. %s",DIAMEAP_EXTENSION, mysql_error(db_conn)); 204 db_conn = NULL;205 diameap_mysql_reconnect();206 200 mysql_thread_end(); 207 201 free(query); … … 233 227 } 234 228 235 void diameap_mysql_disconnect(){ 229 void diameap_mysql_disconnect() 230 { 236 231 mysql_close(db_conn); 237 232 } -
extensions/app_diameap/diameap_mysql.h
r425 r438 43 43 #include <mysql.h> 44 44 45 46 45 /* MySQL Database connection */ 46 MYSQL *db_conn; 47 47 48 static pthread_mutex_t db_cs_mutex = PTHREAD_MUTEX_INITIALIZER;48 int diameap_get_eap_user(struct eap_user * user, char * username); 49 49 50 int diameap_get_eap_user(struct eap_user * user, char * username);50 int diameap_mysql_connect(); 51 51 52 int diameap_mysql_connect();52 int diameap_mysql_reconnect(); 53 53 54 int diameap_mysql_reconnect();54 int diameap_set_mysql_param(char * user, char * passwd, char * server, char * database); 55 55 56 int diameap_set_mysql_param(char * user, char * passwd, char * server, char * database);56 void diameap_mysql_disconnect(); 57 57 58 void diameap_mysql_disconnect(); 59 60 /**/ 61 int diameap_authentication_get_attribs(struct eap_user user, 58 /* */ 59 int diameap_authentication_get_attribs(struct eap_user user, 62 60 struct fd_list * attribute_list); 63 61 64 /**/65 62 /* */ 63 int diameap_authorization_get_attribs(struct eap_user user, 66 64 struct fd_list * attribute_list); 67 65 -
extensions/app_diameap/diameap_server.c
r425 r438 38 38 #include "diameap_common.h" 39 39 40 /* handler for DiamEAP server callback */ 41 static struct disp_hdl * handle; 42 43 /* session handler for DiamEAP sessions state machine */ 44 static struct session_handler * diameap_server_reg = NULL; 45 46 40 47 struct avp_max_occurences auth_avps[] = 41 48 { … … 76 83 { "Originating-Line-Info", 0 } }; 77 84 78 static int diameap_server_callback(struct msg ** rmsg, struct avp * ravp, 79 struct session * sess, enum disp_action * action) 80 { 81 TRACE_ENTRY("%p %p %p %p", rmsg, ravp, sess, action); 82 83 struct diameap_sess_data_sm * diameap_sess_data = NULL; 84 struct diameap_state_machine * diameap_sm = NULL; 85 struct diameap_eap_interface eap_i; 86 struct msg *req, *ans; 87 boolean non_fatal_error = FALSE; 88 89 if (rmsg == NULL) 90 return EINVAL; 91 92 req = *rmsg; 93 94 CHECK_FCT_DO(fd_sess_state_retrieve(diameap_server_reg, sess, &diameap_sess_data), 95 { TRACE_DEBUG(INFO,"%s retrieving session state failed.",DIAMEAP_EXTENSION); goto s_end;}); 96 97 CHECK_MALLOC_DO(diameap_sm = malloc(sizeof(struct diameap_state_machine)), 98 goto s_end); 99 memset(diameap_sm, 0, sizeof(struct diameap_state_machine)); 100 101 if (diameap_sess_data) 102 { 103 diameap_sm->state = DIAMEAP_RECEIVED; 104 diameap_sm->eap_sm.eap_state = EAP_IDLE; 105 } 106 else 107 { 108 diameap_sm->state = DIAMEAP_DISABLED; 109 diameap_sm->eap_sm.eap_state = EAP_INITIALIZE; 110 } 111 112 while (diameap_sm->state != DIAMEAP_IDLE && diameap_sm->state 113 != DIAMEAP_END) 114 { 115 switch (diameap_sm->state) 116 { 117 case DIAMEAP_DISABLED: 118 if (rmsg) 119 { 120 diameap_sm->state = DIAMEAP_INITIALIZE; 121 } 122 else 123 { 124 TRACE_DEBUG(INFO,"%sReceived empty Diameter EAP Request message.",DIAMEAP_EXTENSION); 125 goto s_end; 126 } 127 break; 128 129 case DIAMEAP_INITIALIZE: 130 131 CHECK_FCT_DO(diameap_initialize_diameap_sm(diameap_sm,diameap_sess_data), 132 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP state machine failed.",DIAMEAP_EXTENSION); goto s_end;}) 133 ; 134 CHECK_FCT_DO(diameap_initialize_diameap_eap_interface(&eap_i), 135 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP-EAP Interface failed.",DIAMEAP_EXTENSION); goto s_end;}) 136 ; 137 TRACE_DEBUG(FULL+1,"%sParsing AVPs",DIAMEAP_EXTENSION) 138 ; 139 CHECK_FCT_DO(diameap_parse_avps(diameap_sm, req, &eap_i), TRACE_DEBUG(INFO,"%s Unable to parse Diameter-EAP-Request AVPs.",DIAMEAP_EXTENSION)) 140 ; 141 142 if ((diameap_sm->result_code != 0)) 143 { 144 diameap_sm->state = DIAMEAP_SEND_ERROR_MSG; 145 } 146 else 147 { 148 diameap_sm->state = DIAMEAP_AUTHENTICATION_VERIFY; 149 } 150 break; 151 152 case DIAMEAP_RECEIVED: 153 154 CHECK_FCT_DO(diameap_initialize_diameap_sm(diameap_sm,diameap_sess_data), 155 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP state machine failed.",DIAMEAP_EXTENSION); goto s_end;}) 156 ; 157 CHECK_FCT_DO(diameap_initialize_diameap_eap_interface(&eap_i), 158 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP-EAP Interface failed.",DIAMEAP_EXTENSION); goto s_end;}) 159 ; 160 TRACE_DEBUG(FULL+1,"%sParsing AVPs",DIAMEAP_EXTENSION) 161 ; 162 CHECK_FCT_DO(diameap_parse_avps(diameap_sm, req, &eap_i), TRACE_DEBUG(INFO,"%s Unable to parse Diameter-EAP-Request AVPs.",DIAMEAP_EXTENSION)) 163 ; 164 165 if (diameap_sm->result_code != 0) 166 { 167 diameap_sm->state = DIAMEAP_SEND_ERROR_MSG; 168 } 169 else 170 { 171 diameap_sm->state = DIAMEAP_AUTHENTICATION_VERIFY; 172 } 173 break; 174 175 case DIAMEAP_AUTHENTICATION_VERIFY: 176 { 177 178 TRACE_DEBUG(FULL+1,"%sVerify authentication",DIAMEAP_EXTENSION); 179 CHECK_FCT_DO(diameap_eap_statemachine(&diameap_sm->eap_sm, &eap_i,&non_fatal_error), 180 { TRACE_DEBUG(INFO,"%s EAP process failed.",DIAMEAP_EXTENSION); goto s_end;}); 181 182 if (non_fatal_error == TRUE) 183 { 184 TRACE_DEBUG(FULL+1,"%sAuthentication verify finished with a non-fatal-error.",DIAMEAP_EXTENSION); 185 diameap_sm->state = DIAMEAP_SEND_ERROR_MSG; 186 } 187 else 188 { 189 diameap_sm->state = DIAMEAP_SELECT_DECISION; 190 191 } 192 } 193 break; 194 195 case DIAMEAP_SELECT_DECISION: 196 197 CHECK_FCT_DO( diameap_policy_decision(diameap_sm,eap_i), 198 goto s_end) 199 ; 200 201 if ((eap_i.aaaSuccess == TRUE) && (diameap_sm->auth_request_val 202 == AUTHORIZE_AUTHENTICATE) 203 && (diameap_sm->verify_authorization == FALSE)) 204 { 205 diameap_sm->state = DIAMEAP_AUTHORIZATION_VERIFY; 206 } 207 else 208 { 209 diameap_sm->state = DIAMEAP_DIAMETER_EAP_ANSWER; 210 } 211 break; 212 213 case DIAMEAP_AUTHORIZATION_VERIFY: 214 diameap_sm->verify_authorization = TRUE; 215 TRACE_DEBUG(FULL+1,"%sVerify authorization",DIAMEAP_EXTENSION) 216 ; 217 CHECK_FCT_DO(diameap_authorize(diameap_sm), 218 { TRACE_DEBUG(INFO,"%s Authorization check process failed.",DIAMEAP_EXTENSION); goto s_end;}) 219 ; 220 diameap_sm->state = DIAMEAP_SELECT_DECISION; 221 222 break; 223 224 case DIAMEAP_DIAMETER_EAP_ANSWER: 225 TRACE_DEBUG(FULL+1,"%screate Diameter EAP Answer",DIAMEAP_EXTENSION) 226 ; 227 CHECK_FCT_DO(fd_msg_new_answer_from_req(fd_g_config->cnf_dict, rmsg, 0), 228 goto s_end) 229 ; 230 ans = *rmsg; 231 TRACE_DEBUG(FULL+1,"%sAdding AVPs to Diameter EAP Answer.",DIAMEAP_EXTENSION) 232 ; 233 CHECK_FCT_DO( diameap_add_avps(diameap_sm, ans,req), 234 { TRACE_DEBUG(INFO,"%s Unable to add AVPs to Diameter-EAP-Answer message.",DIAMEAP_EXTENSION);goto s_end;}) 235 ; 236 if (diameap_sm->authFailure == FALSE) 237 { 238 if (diameap_sm->eap_sm.user.id != 0) 239 { 240 TRACE_DEBUG(FULL+1,"%sSelect authentication attributes.",DIAMEAP_EXTENSION); 241 CHECK_FCT_DO(diameap_authentication_get_attribs(diameap_sm->eap_sm.user, &diameap_sm->attributes), 242 { TRACE_DEBUG(INFO,"%s Unable to get user's session attributes.",DIAMEAP_EXTENSION); goto s_end;}); 243 TRACE_DEBUG(FULL+1,"%sCreate answer authentication attributes.",DIAMEAP_EXTENSION); 244 CHECK_FCT_DO(diameap_answer_avp_attributes(diameap_sm), 245 { TRACE_DEBUG(INFO,"% Unable to generate answer attributes.",DIAMEAP_EXTENSION); goto s_end;}); 246 } 247 248 if (diameap_sm->authSuccess == FALSE) 249 { 250 diameap_sm->state = DIAMEAP_SEND_REQUEST; 251 } 252 else 253 { 254 255 diameap_sm->state = DIAMEAP_SEND_SUCCESS; 256 } 257 } 258 else 259 { 260 diameap_sm->state = DIAMEAP_SEND_FAILURE; 261 } 262 break; 263 264 case DIAMEAP_SEND_REQUEST: 265 TRACE_DEBUG(FULL+1,"%sAdding Result Code AVP to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 266 ; 267 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), 268 { TRACE_DEBUG(INFO,"%s Adding Result-Code AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 269 ; 270 TRACE_DEBUG(FULL+1,"%sAdding EAP-Payload to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 271 ; 272 CHECK_FCT_DO( diameap_add_eap_payload(diameap_sm, ans,eap_i), 273 { TRACE_DEBUG(INFO,"%s Adding EAP-Payload AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 274 ; 275 TRACE_DEBUG(FULL+1,"%sStoring DiamEAP session data.",DIAMEAP_EXTENSION) 276 ; 277 CHECK_MALLOC(diameap_sess_data = malloc(sizeof(struct diameap_sess_data_sm))) 278 ; 279 memset(diameap_sess_data, 0, sizeof(struct diameap_sess_data_sm)); 280 diameap_sess_data_new(diameap_sess_data, diameap_sm); 281 282 CHECK_FCT_DO(fd_sess_state_store(diameap_server_reg, sess, &diameap_sess_data), 283 { TRACE_DEBUG(INFO,"%s Storing session state failed.",DIAMEAP_EXTENSION); goto s_end;}) 284 ; 285 286 CHECK_FCT_DO( diameap_send(rmsg), 287 goto s_end) 288 ; 289 290 diameap_sm->state = DIAMEAP_IDLE; 291 break; 292 293 case DIAMEAP_SEND_FAILURE: 294 TRACE_DEBUG(FULL+1,"%sAdding Result Code AVP to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 295 ; 296 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), 297 { TRACE_DEBUG(INFO,"%s Adding Result-Code AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 298 ; 299 TRACE_DEBUG(FULL+1,"%sAdding EAP-Payload to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 300 ; 301 CHECK_FCT_DO( diameap_add_eap_payload(diameap_sm, ans,eap_i), 302 { TRACE_DEBUG(INFO,"%s Adding EAP-Payload AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 303 ; 304 305 CHECK_FCT_DO( diameap_send(rmsg), 306 goto s_end) 307 ; 308 diameap_sm->state = DIAMEAP_END; 309 break; 310 311 case DIAMEAP_SEND_SUCCESS: 312 TRACE_DEBUG(FULL+1,"%sAdding User session AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 313 ; 314 CHECK_FCT_DO(diameap_add_user_sessions_avps(diameap_sm,ans), 315 { TRACE_DEBUG(INFO,"%s Adding user's session AVPs failed.",DIAMEAP_EXTENSION); goto s_end;}) 316 ; 317 318 if (diameap_sm->auth_request_val == AUTHORIZE_AUTHENTICATE) 319 { 320 TRACE_DEBUG(FULL+1,"%sAdding Authorization AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION); 321 CHECK_FCT_DO(diameap_add_authorization_avps(diameap_sm,ans), 322 { TRACE_DEBUG(INFO,"%s Adding Authorization AVPs failed.",DIAMEAP_EXTENSION); goto s_end;}); 323 } 324 TRACE_DEBUG(FULL+1,"%sAdding Result Code AVP to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 325 ; 326 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), 327 { TRACE_DEBUG(INFO,"%s Adding Result-Code AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 328 ; 329 TRACE_DEBUG(FULL+1,"%sAdding EAP-Payload to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 330 ; 331 CHECK_FCT_DO( diameap_add_eap_payload(diameap_sm, ans,eap_i), 332 { TRACE_DEBUG(INFO,"%s Adding EAP-Payload AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 333 ; 334 TRACE_DEBUG(FULL+1,"%sAdding EAP success AVPs AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 335 ; 336 CHECK_FCT_DO( diameap_add_eap_success_avps(diameap_sm, ans, eap_i), 337 goto s_end) 338 ; 339 TRACE_DEBUG(FULL+1,"%sAdding Accounting-EAP-Auth-Method AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 340 ; 341 CHECK_FCT_DO(diameap_add_accounting_eap_auth_method(diameap_sm, ans), 342 { TRACE_DEBUG(INFO,"%s Adding accounting AVP failed",DIAMEAP_EXTENSION); goto s_end;}) 343 ; 344 CHECK_FCT_DO( diameap_send(rmsg), 345 goto s_end) 346 ; 347 diameap_sm->state = DIAMEAP_END; 348 break; 349 350 case DIAMEAP_SEND_ERROR_MSG: 351 diameap_sm->invalid_eappackets++; 352 if (diameap_sm->invalid_eappackets 353 == diameap_config->max_invalid_eap_packet) 354 { 355 diameap_sm->result_code = 4001;//DIAMETER_AUTHENTICATION_REJECTED 356 TRACE_DEBUG(FULL,"%s Maximum permitted invalid EAP Packet reached. Diameter Authentication Rejected.",DIAMEAP_EXTENSION); 357 } 358 359 CHECK_FCT_DO(fd_msg_new_answer_from_req(fd_g_config->cnf_dict, rmsg, 0), 360 goto s_end) 361 ; 362 363 ans = *rmsg; 364 CHECK_FCT_DO( diameap_add_avps(diameap_sm, ans,req), 365 { TRACE_DEBUG(INFO,"%s Adding AVPs to Diameter-EAP-Answer message failed.",DIAMEAP_EXTENSION);goto s_end;}) 366 ; 367 if ((non_fatal_error == TRUE) && (diameap_sm->result_code == 0)) 368 { 369 diameap_sm->result_code = 1001; 370 } 371 372 if (diameap_sm->result_code == 1001) 373 { 374 CHECK_FCT_DO( diameap_add_eap_reissued_payload(ans,req), goto s_end); 375 } 376 377 if (diameap_sm->result_code == 5004) 378 { 379 CHECK_FCT_DO( fd_msg_avp_add( ans , MSG_BRW_LAST_CHILD, diameap_sm->failedavp ),goto s_end ); 380 } 381 382 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), goto s_end) 383 ; 384 385 CHECK_FCT_DO( diameap_send(rmsg), goto s_end) 386 ; 387 diameap_sm->state = DIAMEAP_IDLE; 388 break; 389 390 case DIAMEAP_END: 391 392 break; 393 } 394 } 395 396 diameap_free(diameap_sm); 397 398 s_end: return 0; 399 } 85 400 86 401 87 void diameap_cli_sess_cleanup(void * arg, char * sid) … … 630 316 } 631 317 632 static int diameap_parse_avps(struct diameap_state_machine * diameap_sm,633 struct msg * req, struct diameap_eap_interface * eap_i)634 {635 TRACE_ENTRY("%p %p %p",diameap_sm,req,eap_i);636 struct avp * avp, *avp2;637 struct avp_hdr * avpdata;638 int ret;639 int depth;640 641 /* EAP-Payload data*/642 avp = NULL;643 CHECK_FCT(fd_msg_search_avp(req, dataobj_eap_payload, &avp));644 if (avp != NULL)645 {646 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));647 CHECK_FCT(diameap_eappacket_new(&eap_i->aaaEapRespData, avpdata));648 eap_i->aaaEapResp = TRUE;649 u16 length;650 diameap_eap_get_length(eap_i->aaaEapRespData, &length);651 if (length >= 4)652 {653 eap_code code;654 CHECK_FCT(diameap_eap_get_code(eap_i->aaaEapRespData,&code));655 656 if (code != EAP_RESPONSE)657 {658 diameap_sm->result_code = 5004; /* DIAMETER_INVALID_AVP_VALUE 5004 */659 struct avp * invalidavp;660 union avp_value val;661 CHECK_FCT( fd_msg_avp_new ( dataobj_eap_payload, 0, &invalidavp));662 val.os.data = (char *) eap_i->aaaEapRespData.data;663 val.os.len = eap_i->aaaEapRespData.length;664 CHECK_FCT( fd_msg_avp_setvalue( invalidavp, &val ))665 CHECK_FCT( diameap_failed_avp(diameap_sm, invalidavp));666 TRACE_DEBUG(INFO,"%sIncorrect EAP Packet. EAP Code != Response.",DIAMEAP_EXTENSION);667 return 0;668 }669 else670 {671 CHECK_FCT(diameap_parse_eap_resp(&diameap_sm->eap_sm,eap_i->aaaEapRespData));672 if (diameap_sm->eap_sm.rxResp == FALSE)673 {674 diameap_sm->result_code = 1001; /*DIAMETER_MULTI_ROUND_AUTH*/675 eap_i->aaaEapNoReq = TRUE;676 eap_i->aaaEapResp = FALSE;677 }678 }679 }680 else681 {682 if (diameap_sm->eap_sm.currentMethod != TYPE_NONE)683 {684 diameap_sm->result_code = 5004; /* DIAMETER_INVALID_AVP_VALUE 5004 */685 CHECK_FCT(diameap_failed_avp(diameap_sm, avp));686 TRACE_DEBUG(INFO,"%sEAP packet length < Minimum EAP packet length.",DIAMEAP_EXTENSION);687 return 1;688 }689 //EAP start received690 691 }692 }693 694 /* User-Name AVP */695 avp = NULL;696 CHECK_FCT(fd_msg_search_avp(req, dataobj_user_name, &avp));697 if (avp != NULL)698 {699 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));700 struct avp_attribute * attribute;701 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));702 memset(attribute, 0, sizeof(struct avp_attribute));703 fd_list_init(&attribute->chain, attribute);704 attribute->attrib = "User-Name";705 attribute->value.os.data = avpdata->avp_value->os.data;706 attribute->value.os.len = avpdata->avp_value->os.len;707 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);708 }709 710 /* EAP-Key-Name AVP */711 712 avp = NULL;713 CHECK_FCT(fd_msg_search_avp(req, dataobj_eap_key_name, &avp));714 if (avp != NULL)715 {716 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));717 struct avp_attribute * attribute;718 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));719 memset(attribute, 0, sizeof(struct avp_attribute));720 fd_list_init(&attribute->chain, attribute);721 attribute->attrib = "EAP-Key-Name";722 attribute->value.os.data = avpdata->avp_value->os.data;723 attribute->value.os.len = avpdata->avp_value->os.len;724 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);725 }726 727 /* Auth-Request-Type AVP */728 avp = NULL;729 CHECK_FCT(fd_msg_search_avp(req, dataobj_auth_request_type, &avp));730 if (avp != NULL)731 {732 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));733 diameap_sm->auth_request_val = avpdata->avp_value->i32;734 }735 736 /* Authorization-Lifetime AVP */737 avp = NULL;738 CHECK_FCT(fd_msg_search_avp(req, dataobj_authorization_lifetime, &avp));739 if (avp != NULL)740 {741 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));742 struct avp_attribute * attribute;743 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));744 memset(attribute, 0, sizeof(struct avp_attribute));745 fd_list_init(&attribute->chain, attribute);746 attribute->attrib = "Authorization-Lifetime";747 attribute->value.u32 = avpdata->avp_value->u32;748 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);749 }750 751 /* Auth-Grace-Period AVP */752 avp = NULL;753 CHECK_FCT(fd_msg_search_avp(req, dataobj_auth_grace_period, &avp));754 if (avp != NULL)755 {756 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));757 struct avp_attribute * attribute;758 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));759 memset(attribute, 0, sizeof(struct avp_attribute));760 fd_list_init(&attribute->chain, attribute);761 attribute->attrib = "Auth-Grace-Period";762 attribute->value.u32 = avpdata->avp_value->u32;763 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);764 }765 766 /* Auth-Session-State AVP */767 avp = NULL;768 CHECK_FCT(fd_msg_search_avp(req, dataobj_auth_session_state, &avp));769 if (avp != NULL)770 {771 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));772 struct avp_attribute * attribute;773 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));774 memset(attribute, 0, sizeof(struct avp_attribute));775 fd_list_init(&attribute->chain, attribute);776 attribute->attrib = "Auth-Session-State";777 attribute->value.i32 = avpdata->avp_value->i32;778 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);779 }780 781 /* Origin-state-Id AVP */782 avp = NULL;783 CHECK_FCT(fd_msg_search_avp(req, dataobj_origin_state_id, &avp));784 if (avp != NULL)785 {786 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));787 struct avp_attribute * attribute;788 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));789 memset(attribute, 0, sizeof(struct avp_attribute));790 fd_list_init(&attribute->chain, attribute);791 attribute->attrib = "Origin-state-Id AVP";792 attribute->value.u32 = avpdata->avp_value->u32;793 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);794 }795 796 /* NAS-Port AVP*/797 avp = NULL;798 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_port, &avp));799 if (avp != NULL)800 {801 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));802 struct avp_attribute * attribute;803 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));804 memset(attribute, 0, sizeof(struct avp_attribute));805 fd_list_init(&attribute->chain, attribute);806 attribute->attrib = "NAS-Port";807 attribute->value.u32 = avpdata->avp_value->u32;808 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);809 }810 811 /* NAS-Port-Id AVP */812 avp = NULL;813 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_port_id, &avp));814 if (avp != NULL)815 {816 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));817 struct avp_attribute * attribute;818 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));819 memset(attribute, 0, sizeof(struct avp_attribute));820 fd_list_init(&attribute->chain, attribute);821 attribute->attrib = "NAS-Port-Id";822 attribute->value.os.data = avpdata->avp_value->os.data;823 attribute->value.os.len = avpdata->avp_value->os.len;824 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);825 }826 827 /* NAS-Port-Type AVP */828 avp = NULL;829 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_port_type, &avp));830 if (avp != NULL)831 {832 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));833 struct avp_attribute * attribute;834 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));835 memset(attribute, 0, sizeof(struct avp_attribute));836 fd_list_init(&attribute->chain, attribute);837 attribute->attrib = "NAS-Port-Type";838 attribute->value.u32 = avpdata->avp_value->u32;839 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);840 }841 842 /* Called-Station-Id AVP */843 avp = NULL;844 CHECK_FCT(fd_msg_search_avp(req, dataobj_called_station_id, &avp));845 if (avp != NULL)846 {847 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));848 struct avp_attribute * attribute;849 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));850 memset(attribute, 0, sizeof(struct avp_attribute));851 fd_list_init(&attribute->chain, attribute);852 attribute->attrib = "Called-Station-Id";853 attribute->value.os.data = avpdata->avp_value->os.data;854 attribute->value.os.len = avpdata->avp_value->os.len;855 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);856 }857 858 /* Calling-Station-Id AVP */859 avp = NULL;860 CHECK_FCT(fd_msg_search_avp(req, dataobj_calling_station_id, &avp));861 if (avp != NULL)862 {863 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));864 struct avp_attribute * attribute;865 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));866 memset(attribute, 0, sizeof(struct avp_attribute));867 fd_list_init(&attribute->chain, attribute);868 attribute->attrib = "Calling-Station-Id";869 attribute->value.os.data = avpdata->avp_value->os.data;870 attribute->value.os.len = avpdata->avp_value->os.len;871 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);872 }873 874 /* Connect-Info AVP */875 avp = NULL;876 CHECK_FCT(fd_msg_search_avp(req, dataobj_connect_info, &avp));877 if (avp != NULL)878 {879 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));880 struct avp_attribute * attribute;881 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));882 memset(attribute, 0, sizeof(struct avp_attribute));883 fd_list_init(&attribute->chain, attribute);884 attribute->attrib = "Connect-Info";885 attribute->value.os.data = avpdata->avp_value->os.data;886 attribute->value.os.len = avpdata->avp_value->os.len;887 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);888 }889 890 /* Originating-Line-Info AVP */891 avp = NULL;892 CHECK_FCT(fd_msg_search_avp(req, dataobj_originating_line_info, &avp));893 if (avp != NULL)894 {895 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));896 struct avp_attribute * attribute;897 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));898 memset(attribute, 0, sizeof(struct avp_attribute));899 fd_list_init(&attribute->chain, attribute);900 attribute->attrib = "Originating-Line-Info";901 attribute->value.os.data = avpdata->avp_value->os.data;902 attribute->value.os.len = avpdata->avp_value->os.len;903 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);904 }905 906 /* Service-Type AVP */907 avp = NULL;908 CHECK_FCT(fd_msg_search_avp(req, dataobj_service_type, &avp));909 if (avp != NULL)910 {911 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));912 struct avp_attribute * attribute;913 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));914 memset(attribute, 0, sizeof(struct avp_attribute));915 fd_list_init(&attribute->chain, attribute);916 attribute->attrib = "Service-Type";917 attribute->value.u32 = avpdata->avp_value->u32;918 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);919 }920 921 /* Callback-Number AVP */922 avp = NULL;923 CHECK_FCT(fd_msg_search_avp(req, dataobj_callback_number, &avp));924 if (avp != NULL)925 {926 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));927 struct avp_attribute * attribute;928 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));929 memset(attribute, 0, sizeof(struct avp_attribute));930 fd_list_init(&attribute->chain, attribute);931 attribute->attrib = "Callback-Number";932 attribute->value.os.data = avpdata->avp_value->os.data;933 attribute->value.os.len = avpdata->avp_value->os.len;934 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);935 }936 937 /* Port-Limit AVP */938 avp = NULL;939 CHECK_FCT(fd_msg_search_avp(req, dataobj_port_limit, &avp));940 if (avp != NULL)941 {942 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));943 struct avp_attribute * attribute;944 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));945 memset(attribute, 0, sizeof(struct avp_attribute));946 fd_list_init(&attribute->chain, attribute);947 attribute->attrib = "Port-Limit";948 attribute->value.u32 = avpdata->avp_value->u32;949 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);950 }951 952 /* Framed-Protocol AVP */953 avp = NULL;954 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_protocol, &avp));955 if (avp != NULL)956 {957 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));958 struct avp_attribute * attribute;959 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));960 memset(attribute, 0, sizeof(struct avp_attribute));961 fd_list_init(&attribute->chain, attribute);962 attribute->attrib = "Framed-Protocol";963 attribute->value.u32 = avpdata->avp_value->u32;964 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);965 }966 967 /* Framed-MTU AVP */968 avp = NULL;969 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_mtu, &avp));970 if (avp != NULL)971 {972 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));973 struct avp_attribute * attribute;974 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));975 memset(attribute, 0, sizeof(struct avp_attribute));976 fd_list_init(&attribute->chain, attribute);977 attribute->attrib = "Framed-MTU";978 attribute->value.u32 = avpdata->avp_value->u32;979 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);980 }981 982 /* Framed-Compression AVP */983 avp = NULL;984 avp2 = NULL;985 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_compression, &avp));986 if (avp != NULL)987 {988 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));989 u32 Pi_Code = avpdata->avp_code;990 int depth;991 do992 {993 struct avp_attribute * attribute;994 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));995 memset(attribute, 0, sizeof(struct avp_attribute));996 fd_list_init(&attribute->chain, attribute);997 attribute->attrib = "Framed-Compression";998 attribute->value.u32 = avpdata->avp_value->u32;999 fd_list_insert_before(&diameap_sm->req_attributes,1000 &attribute->chain);1001 ret = 0;1002 depth = 0;1003 ret = fd_msg_browse ( avp, MSG_BRW_NEXT, &avp2, &depth);1004 if (avp2 != NULL)1005 {1006 CHECK_FCT(fd_msg_avp_hdr(avp2, &avpdata));1007 }1008 avp = avp2;1009 } while ((avp2 != NULL) && (ret == 0) && (ret == 0)1010 && (avpdata->avp_code == Pi_Code));1011 }1012 1013 /* Framed-IP-Address AVP */1014 avp = NULL;1015 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_ip_address, &avp));1016 if (avp != NULL)1017 {1018 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1019 struct avp_attribute * attribute;1020 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1021 memset(attribute, 0, sizeof(struct avp_attribute));1022 fd_list_init(&attribute->chain, attribute);1023 attribute->attrib = "Framed-IP-Address";1024 attribute->value.os.data = avpdata->avp_value->os.data;1025 attribute->value.os.len = avpdata->avp_value->os.len;1026 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);1027 }1028 1029 /* Framed-IP-Netmask AVP */1030 avp = NULL;1031 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_ip_netmask, &avp));1032 if (avp != NULL)1033 {1034 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1035 struct avp_attribute * attribute;1036 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1037 memset(attribute, 0, sizeof(struct avp_attribute));1038 fd_list_init(&attribute->chain, attribute);1039 attribute->attrib = "Framed-IP-Netmask";1040 attribute->value.os.data = avpdata->avp_value->os.data;1041 attribute->value.os.len = avpdata->avp_value->os.len;1042 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);1043 }1044 1045 /* Framed-Interface-Id AVP */1046 avp = NULL;1047 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_interface_id, &avp));1048 if (avp != NULL)1049 {1050 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1051 struct avp_attribute * attribute;1052 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1053 memset(attribute, 0, sizeof(struct avp_attribute));1054 fd_list_init(&attribute->chain, attribute);1055 attribute->attrib = "Framed-Interface-Id";1056 attribute->value.u64 = avpdata->avp_value->u64;1057 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);1058 }1059 1060 /* Framed-IPv6-Prefix AVP */1061 avp = NULL;1062 avp2 = NULL;1063 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_ipv6_prefix, &avp));1064 if (avp != NULL)1065 {1066 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1067 u32 Pi_Code = avpdata->avp_code;1068 do1069 {1070 struct avp_attribute * attribute;1071 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1072 memset(attribute, 0, sizeof(struct avp_attribute));1073 fd_list_init(&attribute->chain, attribute);1074 attribute->attrib = "Framed-IPv6-Prefix";1075 attribute->value.u32 = avpdata->avp_value->u32;1076 fd_list_insert_before(&diameap_sm->req_attributes,1077 &attribute->chain);1078 ret = 0;1079 depth = 0;1080 ret = fd_msg_browse ( avp, MSG_BRW_NEXT, &avp2, &depth);1081 if (avp2 != NULL)1082 {1083 CHECK_FCT(fd_msg_avp_hdr(avp2, &avpdata));1084 }1085 avp = avp2;1086 } while ((avp2 != NULL) && (ret == 0) && (ret == 0)1087 && (avpdata->avp_code == Pi_Code));1088 }1089 1090 /* Tunneling AVP */1091 avp = NULL;1092 avp2 = NULL;1093 CHECK_FCT(fd_msg_search_avp(req, dataobj_tunneling, &avp));1094 if (avp != NULL)1095 {1096 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1097 u32 Pi_Code = avpdata->avp_code;1098 int depth;1099 do1100 {1101 struct avp_attribute * attribute;1102 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1103 memset(attribute, 0, sizeof(struct avp_attribute));1104 fd_list_init(&attribute->chain, attribute);1105 attribute->attrib = "Tunneling";1106 //grouped AVP1107 fd_list_insert_before(&diameap_sm->req_attributes,1108 &attribute->chain);1109 ret = 0;1110 depth = 0;1111 ret = fd_msg_browse ( avp, MSG_BRW_NEXT, &avp2, &depth);1112 if (avp2 != NULL)1113 {1114 CHECK_FCT(fd_msg_avp_hdr(avp2, &avpdata));1115 }1116 avp = avp2;1117 } while ((avp2 != NULL) && (ret == 0) && (ret == 0)1118 && (avpdata->avp_code == Pi_Code));1119 }1120 1121 /* NAS-Identifier AVP */1122 avp = NULL;1123 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_identifier, &avp));1124 if (avp != NULL)1125 {1126 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1127 struct avp_attribute * attribute;1128 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1129 memset(attribute, 0, sizeof(struct avp_attribute));1130 fd_list_init(&attribute->chain, attribute);1131 attribute->attrib = "NAS-Identifier";1132 attribute->value.os.data = avpdata->avp_value->os.data;1133 attribute->value.os.len = avpdata->avp_value->os.len;1134 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);1135 }1136 1137 /* NAS-IP-Address AVP */1138 avp = NULL;1139 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_ip_address, &avp));1140 if (avp != NULL)1141 {1142 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1143 struct avp_attribute * attribute;1144 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1145 memset(attribute, 0, sizeof(struct avp_attribute));1146 fd_list_init(&attribute->chain, attribute);1147 attribute->attrib = "NAS-IP-Address";1148 attribute->value.os.data = avpdata->avp_value->os.data;1149 attribute->value.os.len = avpdata->avp_value->os.len;1150 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);1151 }1152 1153 /* NAS-IPv6-Address AVP */1154 avp = NULL;1155 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_ipv6_address, &avp));1156 if (avp != NULL)1157 {1158 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1159 struct avp_attribute * attribute;1160 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1161 memset(attribute, 0, sizeof(struct avp_attribute));1162 fd_list_init(&attribute->chain, attribute);1163 attribute->attrib = "NAS-IPv6-Address";1164 attribute->value.os.data = avpdata->avp_value->os.data;1165 attribute->value.os.len = avpdata->avp_value->os.len;1166 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);1167 }1168 1169 /* State AVP */1170 avp = NULL;1171 CHECK_FCT(fd_msg_search_avp(req, dataobj_state, &avp));1172 if (avp != NULL)1173 {1174 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata));1175 struct avp_attribute * attribute;1176 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute)));1177 memset(attribute, 0, sizeof(struct avp_attribute));1178 fd_list_init(&attribute->chain, attribute);1179 attribute->attrib = "State";1180 attribute->value.os.data = avpdata->avp_value->os.data;1181 attribute->value.os.len = avpdata->avp_value->os.len;1182 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain);1183 }1184 1185 return 0;1186 }1187 1188 318 static int diameap_failed_avp(struct diameap_state_machine * diameap_sm, 1189 319 struct avp * invalidavp) … … 1214 344 { 1215 345 TRACE_ENTRY("%p %p",eap_sm, eappacket) 1216 1217 unsigned int len;1218 346 1219 347 eap_sm->rxResp = FALSE; … … 1286 414 { 1287 415 u8 *data = (u8 *) eappacket.data; 1288 int len = 0;1289 u32 respVendor, respVendorMethod;416 //int len = 0; 417 //u32 respVendor, respVendorMethod; 1290 418 data += 5; 1291 419 eap_sm->respVendor = G24BIGE(data); … … 1325 453 } 1326 454 455 static int diameap_parse_avps(struct diameap_state_machine * diameap_sm, 456 struct msg * req, struct diameap_eap_interface * eap_i) 457 { 458 TRACE_ENTRY("%p %p %p",diameap_sm,req,eap_i); 459 struct avp * avp, *avp2; 460 struct avp_hdr * avpdata; 461 int ret; 462 int depth; 463 464 /* EAP-Payload data*/ 465 avp = NULL; 466 CHECK_FCT(fd_msg_search_avp(req, dataobj_eap_payload, &avp)); 467 if (avp != NULL) 468 { 469 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 470 CHECK_FCT(diameap_eappacket_new(&eap_i->aaaEapRespData, avpdata)); 471 eap_i->aaaEapResp = TRUE; 472 u16 length; 473 diameap_eap_get_length(eap_i->aaaEapRespData, &length); 474 if (length >= 4) 475 { 476 eap_code code; 477 CHECK_FCT(diameap_eap_get_code(eap_i->aaaEapRespData,&code)); 478 479 if (code != EAP_RESPONSE) 480 { 481 diameap_sm->result_code = 5004; /* DIAMETER_INVALID_AVP_VALUE 5004 */ 482 struct avp * invalidavp; 483 union avp_value val; 484 CHECK_FCT( fd_msg_avp_new ( dataobj_eap_payload, 0, &invalidavp)); 485 val.os.data = eap_i->aaaEapRespData.data; 486 val.os.len = eap_i->aaaEapRespData.length; 487 CHECK_FCT( fd_msg_avp_setvalue( invalidavp, &val )) 488 CHECK_FCT( diameap_failed_avp(diameap_sm, invalidavp)); 489 TRACE_DEBUG(INFO,"%sIncorrect EAP Packet. EAP Code != Response.",DIAMEAP_EXTENSION); 490 return 0; 491 } 492 else 493 { 494 CHECK_FCT(diameap_parse_eap_resp(&diameap_sm->eap_sm,eap_i->aaaEapRespData)); 495 if (diameap_sm->eap_sm.rxResp == FALSE) 496 { 497 diameap_sm->result_code = 1001; /*DIAMETER_MULTI_ROUND_AUTH*/ 498 eap_i->aaaEapNoReq = TRUE; 499 eap_i->aaaEapResp = FALSE; 500 } 501 } 502 } 503 else 504 { 505 if (diameap_sm->eap_sm.currentMethod != TYPE_NONE) 506 { 507 diameap_sm->result_code = 5004; /* DIAMETER_INVALID_AVP_VALUE 5004 */ 508 CHECK_FCT(diameap_failed_avp(diameap_sm, avp)); 509 TRACE_DEBUG(INFO,"%sEAP packet length < Minimum EAP packet length.",DIAMEAP_EXTENSION); 510 return 1; 511 } 512 //EAP start received 513 514 } 515 } 516 517 /* User-Name AVP */ 518 avp = NULL; 519 CHECK_FCT(fd_msg_search_avp(req, dataobj_user_name, &avp)); 520 if (avp != NULL) 521 { 522 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 523 struct avp_attribute * attribute; 524 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 525 memset(attribute, 0, sizeof(struct avp_attribute)); 526 fd_list_init(&attribute->chain, attribute); 527 attribute->attrib = "User-Name"; 528 attribute->value.os.data = avpdata->avp_value->os.data; 529 attribute->value.os.len = avpdata->avp_value->os.len; 530 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 531 } 532 533 /* EAP-Key-Name AVP */ 534 535 avp = NULL; 536 CHECK_FCT(fd_msg_search_avp(req, dataobj_eap_key_name, &avp)); 537 if (avp != NULL) 538 { 539 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 540 struct avp_attribute * attribute; 541 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 542 memset(attribute, 0, sizeof(struct avp_attribute)); 543 fd_list_init(&attribute->chain, attribute); 544 attribute->attrib = "EAP-Key-Name"; 545 attribute->value.os.data = avpdata->avp_value->os.data; 546 attribute->value.os.len = avpdata->avp_value->os.len; 547 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 548 } 549 550 /* Auth-Request-Type AVP */ 551 avp = NULL; 552 CHECK_FCT(fd_msg_search_avp(req, dataobj_auth_request_type, &avp)); 553 if (avp != NULL) 554 { 555 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 556 diameap_sm->auth_request_val = avpdata->avp_value->i32; 557 } 558 559 /* Authorization-Lifetime AVP */ 560 avp = NULL; 561 CHECK_FCT(fd_msg_search_avp(req, dataobj_authorization_lifetime, &avp)); 562 if (avp != NULL) 563 { 564 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 565 struct avp_attribute * attribute; 566 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 567 memset(attribute, 0, sizeof(struct avp_attribute)); 568 fd_list_init(&attribute->chain, attribute); 569 attribute->attrib = "Authorization-Lifetime"; 570 attribute->value.u32 = avpdata->avp_value->u32; 571 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 572 } 573 574 /* Auth-Grace-Period AVP */ 575 avp = NULL; 576 CHECK_FCT(fd_msg_search_avp(req, dataobj_auth_grace_period, &avp)); 577 if (avp != NULL) 578 { 579 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 580 struct avp_attribute * attribute; 581 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 582 memset(attribute, 0, sizeof(struct avp_attribute)); 583 fd_list_init(&attribute->chain, attribute); 584 attribute->attrib = "Auth-Grace-Period"; 585 attribute->value.u32 = avpdata->avp_value->u32; 586 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 587 } 588 589 /* Auth-Session-State AVP */ 590 avp = NULL; 591 CHECK_FCT(fd_msg_search_avp(req, dataobj_auth_session_state, &avp)); 592 if (avp != NULL) 593 { 594 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 595 struct avp_attribute * attribute; 596 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 597 memset(attribute, 0, sizeof(struct avp_attribute)); 598 fd_list_init(&attribute->chain, attribute); 599 attribute->attrib = "Auth-Session-State"; 600 attribute->value.i32 = avpdata->avp_value->i32; 601 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 602 } 603 604 /* Origin-state-Id AVP */ 605 avp = NULL; 606 CHECK_FCT(fd_msg_search_avp(req, dataobj_origin_state_id, &avp)); 607 if (avp != NULL) 608 { 609 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 610 struct avp_attribute * attribute; 611 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 612 memset(attribute, 0, sizeof(struct avp_attribute)); 613 fd_list_init(&attribute->chain, attribute); 614 attribute->attrib = "Origin-state-Id AVP"; 615 attribute->value.u32 = avpdata->avp_value->u32; 616 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 617 } 618 619 /* NAS-Port AVP*/ 620 avp = NULL; 621 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_port, &avp)); 622 if (avp != NULL) 623 { 624 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 625 struct avp_attribute * attribute; 626 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 627 memset(attribute, 0, sizeof(struct avp_attribute)); 628 fd_list_init(&attribute->chain, attribute); 629 attribute->attrib = "NAS-Port"; 630 attribute->value.u32 = avpdata->avp_value->u32; 631 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 632 } 633 634 /* NAS-Port-Id AVP */ 635 avp = NULL; 636 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_port_id, &avp)); 637 if (avp != NULL) 638 { 639 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 640 struct avp_attribute * attribute; 641 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 642 memset(attribute, 0, sizeof(struct avp_attribute)); 643 fd_list_init(&attribute->chain, attribute); 644 attribute->attrib = "NAS-Port-Id"; 645 attribute->value.os.data = avpdata->avp_value->os.data; 646 attribute->value.os.len = avpdata->avp_value->os.len; 647 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 648 } 649 650 /* NAS-Port-Type AVP */ 651 avp = NULL; 652 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_port_type, &avp)); 653 if (avp != NULL) 654 { 655 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 656 struct avp_attribute * attribute; 657 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 658 memset(attribute, 0, sizeof(struct avp_attribute)); 659 fd_list_init(&attribute->chain, attribute); 660 attribute->attrib = "NAS-Port-Type"; 661 attribute->value.u32 = avpdata->avp_value->u32; 662 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 663 } 664 665 /* Called-Station-Id AVP */ 666 avp = NULL; 667 CHECK_FCT(fd_msg_search_avp(req, dataobj_called_station_id, &avp)); 668 if (avp != NULL) 669 { 670 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 671 struct avp_attribute * attribute; 672 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 673 memset(attribute, 0, sizeof(struct avp_attribute)); 674 fd_list_init(&attribute->chain, attribute); 675 attribute->attrib = "Called-Station-Id"; 676 attribute->value.os.data = avpdata->avp_value->os.data; 677 attribute->value.os.len = avpdata->avp_value->os.len; 678 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 679 } 680 681 /* Calling-Station-Id AVP */ 682 avp = NULL; 683 CHECK_FCT(fd_msg_search_avp(req, dataobj_calling_station_id, &avp)); 684 if (avp != NULL) 685 { 686 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 687 struct avp_attribute * attribute; 688 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 689 memset(attribute, 0, sizeof(struct avp_attribute)); 690 fd_list_init(&attribute->chain, attribute); 691 attribute->attrib = "Calling-Station-Id"; 692 attribute->value.os.data = avpdata->avp_value->os.data; 693 attribute->value.os.len = avpdata->avp_value->os.len; 694 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 695 } 696 697 /* Connect-Info AVP */ 698 avp = NULL; 699 CHECK_FCT(fd_msg_search_avp(req, dataobj_connect_info, &avp)); 700 if (avp != NULL) 701 { 702 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 703 struct avp_attribute * attribute; 704 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 705 memset(attribute, 0, sizeof(struct avp_attribute)); 706 fd_list_init(&attribute->chain, attribute); 707 attribute->attrib = "Connect-Info"; 708 attribute->value.os.data = avpdata->avp_value->os.data; 709 attribute->value.os.len = avpdata->avp_value->os.len; 710 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 711 } 712 713 /* Originating-Line-Info AVP */ 714 avp = NULL; 715 CHECK_FCT(fd_msg_search_avp(req, dataobj_originating_line_info, &avp)); 716 if (avp != NULL) 717 { 718 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 719 struct avp_attribute * attribute; 720 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 721 memset(attribute, 0, sizeof(struct avp_attribute)); 722 fd_list_init(&attribute->chain, attribute); 723 attribute->attrib = "Originating-Line-Info"; 724 attribute->value.os.data = avpdata->avp_value->os.data; 725 attribute->value.os.len = avpdata->avp_value->os.len; 726 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 727 } 728 729 /* Service-Type AVP */ 730 avp = NULL; 731 CHECK_FCT(fd_msg_search_avp(req, dataobj_service_type, &avp)); 732 if (avp != NULL) 733 { 734 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 735 struct avp_attribute * attribute; 736 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 737 memset(attribute, 0, sizeof(struct avp_attribute)); 738 fd_list_init(&attribute->chain, attribute); 739 attribute->attrib = "Service-Type"; 740 attribute->value.u32 = avpdata->avp_value->u32; 741 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 742 } 743 744 /* Callback-Number AVP */ 745 avp = NULL; 746 CHECK_FCT(fd_msg_search_avp(req, dataobj_callback_number, &avp)); 747 if (avp != NULL) 748 { 749 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 750 struct avp_attribute * attribute; 751 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 752 memset(attribute, 0, sizeof(struct avp_attribute)); 753 fd_list_init(&attribute->chain, attribute); 754 attribute->attrib = "Callback-Number"; 755 attribute->value.os.data = avpdata->avp_value->os.data; 756 attribute->value.os.len = avpdata->avp_value->os.len; 757 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 758 } 759 760 /* Port-Limit AVP */ 761 avp = NULL; 762 CHECK_FCT(fd_msg_search_avp(req, dataobj_port_limit, &avp)); 763 if (avp != NULL) 764 { 765 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 766 struct avp_attribute * attribute; 767 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 768 memset(attribute, 0, sizeof(struct avp_attribute)); 769 fd_list_init(&attribute->chain, attribute); 770 attribute->attrib = "Port-Limit"; 771 attribute->value.u32 = avpdata->avp_value->u32; 772 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 773 } 774 775 /* Framed-Protocol AVP */ 776 avp = NULL; 777 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_protocol, &avp)); 778 if (avp != NULL) 779 { 780 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 781 struct avp_attribute * attribute; 782 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 783 memset(attribute, 0, sizeof(struct avp_attribute)); 784 fd_list_init(&attribute->chain, attribute); 785 attribute->attrib = "Framed-Protocol"; 786 attribute->value.u32 = avpdata->avp_value->u32; 787 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 788 } 789 790 /* Framed-MTU AVP */ 791 avp = NULL; 792 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_mtu, &avp)); 793 if (avp != NULL) 794 { 795 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 796 struct avp_attribute * attribute; 797 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 798 memset(attribute, 0, sizeof(struct avp_attribute)); 799 fd_list_init(&attribute->chain, attribute); 800 attribute->attrib = "Framed-MTU"; 801 attribute->value.u32 = avpdata->avp_value->u32; 802 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 803 } 804 805 /* Framed-Compression AVP */ 806 avp = NULL; 807 avp2 = NULL; 808 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_compression, &avp)); 809 if (avp != NULL) 810 { 811 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 812 u32 Pi_Code = avpdata->avp_code; 813 int depth; 814 do 815 { 816 struct avp_attribute * attribute; 817 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 818 memset(attribute, 0, sizeof(struct avp_attribute)); 819 fd_list_init(&attribute->chain, attribute); 820 attribute->attrib = "Framed-Compression"; 821 attribute->value.u32 = avpdata->avp_value->u32; 822 fd_list_insert_before(&diameap_sm->req_attributes, 823 &attribute->chain); 824 ret = 0; 825 depth = 0; 826 ret = fd_msg_browse ( avp, MSG_BRW_NEXT, &avp2, &depth); 827 if (avp2 != NULL) 828 { 829 CHECK_FCT(fd_msg_avp_hdr(avp2, &avpdata)); 830 } 831 avp = avp2; 832 } while ((avp2 != NULL) && (ret == 0) && (ret == 0) 833 && (avpdata->avp_code == Pi_Code)); 834 } 835 836 /* Framed-IP-Address AVP */ 837 avp = NULL; 838 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_ip_address, &avp)); 839 if (avp != NULL) 840 { 841 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 842 struct avp_attribute * attribute; 843 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 844 memset(attribute, 0, sizeof(struct avp_attribute)); 845 fd_list_init(&attribute->chain, attribute); 846 attribute->attrib = "Framed-IP-Address"; 847 attribute->value.os.data = avpdata->avp_value->os.data; 848 attribute->value.os.len = avpdata->avp_value->os.len; 849 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 850 } 851 852 /* Framed-IP-Netmask AVP */ 853 avp = NULL; 854 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_ip_netmask, &avp)); 855 if (avp != NULL) 856 { 857 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 858 struct avp_attribute * attribute; 859 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 860 memset(attribute, 0, sizeof(struct avp_attribute)); 861 fd_list_init(&attribute->chain, attribute); 862 attribute->attrib = "Framed-IP-Netmask"; 863 attribute->value.os.data = avpdata->avp_value->os.data; 864 attribute->value.os.len = avpdata->avp_value->os.len; 865 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 866 } 867 868 /* Framed-Interface-Id AVP */ 869 avp = NULL; 870 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_interface_id, &avp)); 871 if (avp != NULL) 872 { 873 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 874 struct avp_attribute * attribute; 875 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 876 memset(attribute, 0, sizeof(struct avp_attribute)); 877 fd_list_init(&attribute->chain, attribute); 878 attribute->attrib = "Framed-Interface-Id"; 879 attribute->value.u64 = avpdata->avp_value->u64; 880 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 881 } 882 883 /* Framed-IPv6-Prefix AVP */ 884 avp = NULL; 885 avp2 = NULL; 886 CHECK_FCT(fd_msg_search_avp(req, dataobj_framed_ipv6_prefix, &avp)); 887 if (avp != NULL) 888 { 889 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 890 u32 Pi_Code = avpdata->avp_code; 891 do 892 { 893 struct avp_attribute * attribute; 894 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 895 memset(attribute, 0, sizeof(struct avp_attribute)); 896 fd_list_init(&attribute->chain, attribute); 897 attribute->attrib = "Framed-IPv6-Prefix"; 898 attribute->value.u32 = avpdata->avp_value->u32; 899 fd_list_insert_before(&diameap_sm->req_attributes, 900 &attribute->chain); 901 ret = 0; 902 depth = 0; 903 ret = fd_msg_browse ( avp, MSG_BRW_NEXT, &avp2, &depth); 904 if (avp2 != NULL) 905 { 906 CHECK_FCT(fd_msg_avp_hdr(avp2, &avpdata)); 907 } 908 avp = avp2; 909 } while ((avp2 != NULL) && (ret == 0) && (ret == 0) 910 && (avpdata->avp_code == Pi_Code)); 911 } 912 913 /* Tunneling AVP */ 914 avp = NULL; 915 avp2 = NULL; 916 CHECK_FCT(fd_msg_search_avp(req, dataobj_tunneling, &avp)); 917 if (avp != NULL) 918 { 919 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 920 u32 Pi_Code = avpdata->avp_code; 921 int depth; 922 do 923 { 924 struct avp_attribute * attribute; 925 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 926 memset(attribute, 0, sizeof(struct avp_attribute)); 927 fd_list_init(&attribute->chain, attribute); 928 attribute->attrib = "Tunneling"; 929 //grouped AVP 930 fd_list_insert_before(&diameap_sm->req_attributes, 931 &attribute->chain); 932 ret = 0; 933 depth = 0; 934 ret = fd_msg_browse ( avp, MSG_BRW_NEXT, &avp2, &depth); 935 if (avp2 != NULL) 936 { 937 CHECK_FCT(fd_msg_avp_hdr(avp2, &avpdata)); 938 } 939 avp = avp2; 940 } while ((avp2 != NULL) && (ret == 0) && (ret == 0) 941 && (avpdata->avp_code == Pi_Code)); 942 } 943 944 /* NAS-Identifier AVP */ 945 avp = NULL; 946 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_identifier, &avp)); 947 if (avp != NULL) 948 { 949 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 950 struct avp_attribute * attribute; 951 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 952 memset(attribute, 0, sizeof(struct avp_attribute)); 953 fd_list_init(&attribute->chain, attribute); 954 attribute->attrib = "NAS-Identifier"; 955 attribute->value.os.data = avpdata->avp_value->os.data; 956 attribute->value.os.len = avpdata->avp_value->os.len; 957 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 958 } 959 960 /* NAS-IP-Address AVP */ 961 avp = NULL; 962 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_ip_address, &avp)); 963 if (avp != NULL) 964 { 965 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 966 struct avp_attribute * attribute; 967 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 968 memset(attribute, 0, sizeof(struct avp_attribute)); 969 fd_list_init(&attribute->chain, attribute); 970 attribute->attrib = "NAS-IP-Address"; 971 attribute->value.os.data = avpdata->avp_value->os.data; 972 attribute->value.os.len = avpdata->avp_value->os.len; 973 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 974 } 975 976 /* NAS-IPv6-Address AVP */ 977 avp = NULL; 978 CHECK_FCT(fd_msg_search_avp(req, dataobj_nas_ipv6_address, &avp)); 979 if (avp != NULL) 980 { 981 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 982 struct avp_attribute * attribute; 983 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 984 memset(attribute, 0, sizeof(struct avp_attribute)); 985 fd_list_init(&attribute->chain, attribute); 986 attribute->attrib = "NAS-IPv6-Address"; 987 attribute->value.os.data = avpdata->avp_value->os.data; 988 attribute->value.os.len = avpdata->avp_value->os.len; 989 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 990 } 991 992 /* State AVP */ 993 avp = NULL; 994 CHECK_FCT(fd_msg_search_avp(req, dataobj_state, &avp)); 995 if (avp != NULL) 996 { 997 CHECK_FCT(fd_msg_avp_hdr(avp, &avpdata)); 998 struct avp_attribute * attribute; 999 CHECK_MALLOC(attribute = malloc(sizeof(struct avp_attribute))); 1000 memset(attribute, 0, sizeof(struct avp_attribute)); 1001 fd_list_init(&attribute->chain, attribute); 1002 attribute->attrib = "State"; 1003 attribute->value.os.data = avpdata->avp_value->os.data; 1004 attribute->value.os.len = avpdata->avp_value->os.len; 1005 fd_list_insert_before(&diameap_sm->req_attributes, &attribute->chain); 1006 } 1007 1008 return 0; 1009 } 1010 1011 1327 1012 static int diameap_sess_data_new( 1328 1013 struct diameap_sess_data_sm *diameap_sess_data, … … 1407 1092 } 1408 1093 1409 static void diameap_free(struct diameap_state_machine * diameap_sm) 1410 { 1411 1412 if (diameap_sm->eap_sm.user.userid != NULL) 1413 { 1414 free(diameap_sm->eap_sm.user.userid); 1415 diameap_sm->eap_sm.user.userid = NULL; 1416 } 1417 1418 if (diameap_sm->eap_sm.user.password != NULL) 1419 { 1420 free(diameap_sm->eap_sm.user.password); 1421 diameap_sm->eap_sm.user.password = NULL; 1422 } 1423 1424 diameap_sm->eap_sm.selectedMethod = NULL; 1425 1426 if (diameap_sm->eap_sm.methodData != NULL) 1427 { 1428 1429 struct plugin * cplugin; 1430 if (diameap_plugin_get(diameap_sm->eap_sm.currentVendor, 1431 diameap_sm->eap_sm.currentMethod, &cplugin)) 1432 { 1433 TRACE_DEBUG(INFO,"%sUnable to access EAP Method plugin {Type=%d, Vendor=%d}.",DIAMEAP_EXTENSION,diameap_sm->eap_sm.currentMethod,diameap_sm->eap_sm.currentVendor); 1434 } 1435 1436 if (cplugin->eap_method_free) 1437 { 1438 (*cplugin->eap_method_free)(diameap_sm->eap_sm.methodData); 1439 diameap_sm->eap_sm.methodData = NULL; 1440 } 1441 else 1442 { 1443 TRACE_DEBUG(INFO,"%s[%s plugin] datafree function not available.",DIAMEAP_EXTENSION,cplugin->methodname); 1444 if (diameap_sm->eap_sm.methodData != NULL) 1445 { 1446 free(diameap_sm->eap_sm.methodData); 1447 diameap_sm->eap_sm.methodData = NULL; 1448 } 1449 } 1450 if (diameap_sm->eap_sm.methodData) 1451 { 1452 TRACE_DEBUG(INFO,"%sSession state was not been freed correctly!!!",DIAMEAP_EXTENSION); 1453 } 1454 } 1455 1456 if (diameap_sm->failedavp != NULL) 1457 { 1458 CHECK_FCT_DO(fd_msg_free(diameap_sm->failedavp), ); 1459 } 1460 1461 if (diameap_sm->lastReqEAPavp != NULL) 1462 { 1463 CHECK_FCT_DO(fd_msg_free(diameap_sm->lastReqEAPavp), ); 1464 } 1465 1466 CHECK_FCT_DO(diameap_unlink_attributes_lists(diameap_sm), ); 1467 1468 if (diameap_sm != NULL) 1469 { 1470 free(diameap_sm); 1471 diameap_sm = NULL; 1472 } 1473 1094 static void free_attrib(struct auth_attribute * auth_attrib) 1095 { 1096 if (auth_attrib == NULL) 1097 { 1098 return; 1099 } 1100 if (auth_attrib->attrib != NULL) 1101 { 1102 free(auth_attrib->attrib); 1103 auth_attrib->attrib = NULL; 1104 } 1105 if (auth_attrib->op != NULL) 1106 { 1107 free(auth_attrib->op); 1108 auth_attrib->op = NULL; 1109 } 1110 if (auth_attrib->value != NULL) 1111 { 1112 free(auth_attrib->value); 1113 auth_attrib->value = NULL; 1114 } 1115 free(auth_attrib); 1116 auth_attrib = NULL; 1117 } 1118 1119 static void free_avp_attrib(struct avp_attribute * avp_attrib) 1120 { 1121 if(avp_attrib){ 1122 free(avp_attrib); 1123 avp_attrib = NULL; 1124 } 1125 } 1126 1127 static void free_ans_attrib(struct avp_attribute * ans_attrib) 1128 { 1129 if (ans_attrib->tofree == 1) 1130 { 1131 if(ans_attrib->value.os.data){ 1132 free(ans_attrib->value.os.data); 1133 ans_attrib->value.os.data = NULL; 1134 } 1135 } 1136 if(ans_attrib){ 1137 free(ans_attrib); 1138 ans_attrib = NULL; 1139 } 1474 1140 } 1475 1141 … … 1509 1175 } 1510 1176 1177 return 0; 1178 } 1179 1180 static void diameap_free(struct diameap_state_machine * diameap_sm) 1181 { 1182 1183 if (diameap_sm->eap_sm.user.userid != NULL) 1184 { 1185 free(diameap_sm->eap_sm.user.userid); 1186 diameap_sm->eap_sm.user.userid = NULL; 1187 } 1188 1189 if (diameap_sm->eap_sm.user.password != NULL) 1190 { 1191 free(diameap_sm->eap_sm.user.password); 1192 diameap_sm->eap_sm.user.password = NULL; 1193 } 1194 1195 diameap_sm->eap_sm.selectedMethod = NULL; 1196 1197 if (diameap_sm->eap_sm.methodData != NULL) 1198 { 1199 1200 struct plugin * cplugin; 1201 if (diameap_plugin_get(diameap_sm->eap_sm.currentVendor, 1202 diameap_sm->eap_sm.currentMethod, &cplugin)) 1203 { 1204 TRACE_DEBUG(INFO,"%sUnable to access EAP Method plugin {Type=%d, Vendor=%d}.",DIAMEAP_EXTENSION,diameap_sm->eap_sm.currentMethod,diameap_sm->eap_sm.currentVendor); 1205 } 1206 1207 if (cplugin->eap_method_free) 1208 { 1209 (*cplugin->eap_method_free)(diameap_sm->eap_sm.methodData); 1210 diameap_sm->eap_sm.methodData = NULL; 1211 } 1212 else 1213 { 1214 TRACE_DEBUG(INFO,"%s[%s plugin] datafree function not available.",DIAMEAP_EXTENSION,cplugin->methodname); 1215 if (diameap_sm->eap_sm.methodData != NULL) 1216 { 1217 free(diameap_sm->eap_sm.methodData); 1218 diameap_sm->eap_sm.methodData = NULL; 1219 } 1220 } 1221 if (diameap_sm->eap_sm.methodData) 1222 { 1223 TRACE_DEBUG(INFO,"%sSession state was not been freed correctly!!!",DIAMEAP_EXTENSION); 1224 } 1225 } 1226 1227 if (diameap_sm->failedavp != NULL) 1228 { 1229 CHECK_FCT_DO(fd_msg_free(diameap_sm->failedavp), ); 1230 } 1231 1232 if (diameap_sm->lastReqEAPavp != NULL) 1233 { 1234 CHECK_FCT_DO(fd_msg_free(diameap_sm->lastReqEAPavp), ); 1235 } 1236 1237 CHECK_FCT_DO(diameap_unlink_attributes_lists(diameap_sm), ); 1238 1239 if (diameap_sm != NULL) 1240 { 1241 free(diameap_sm); 1242 diameap_sm = NULL; 1243 } 1244 1245 } 1246 1247 static int diameap_get_avp_attribute(struct fd_list * avp_attributes, 1248 char * attribute, struct avp_attribute ** avp_attrib, int unlink, 1249 int *ret) 1250 { 1251 TRACE_ENTRY("%p %p %p %p %p", avp_attributes, attribute, avp_attrib, ret); 1252 if (avp_attributes == NULL) 1253 { 1254 return EINVAL; 1255 } 1256 if (attribute == NULL) 1257 { 1258 return EINVAL; 1259 } 1260 struct fd_list * attrib; 1261 for (attrib = avp_attributes->next; attrib != avp_attributes; attrib 1262 = attrib->next) 1263 { 1264 *avp_attrib = (struct avp_attribute *) attrib; 1265 if (strcmp((*avp_attrib)->attrib, attribute) == 0) 1266 { 1267 *ret = 0; 1268 if (unlink == 1) 1269 { 1270 fd_list_unlink(&(*avp_attrib)->chain); 1271 } 1272 return 0; 1273 } 1274 } 1275 *avp_attrib = NULL; 1276 *ret = 1; 1277 return 0; 1278 } 1279 1280 static int diameap_get_auth_attribute(struct fd_list * auth_attributes, 1281 char * attribute, struct auth_attribute ** auth_attrib, int unlink, 1282 int *ret) 1283 { 1284 1285 TRACE_ENTRY("%p %p %p %p %p", auth_attributes, attribute, auth_attrib, ret); 1286 1287 if (auth_attributes == NULL) 1288 { 1289 return EINVAL; 1290 } 1291 if (attribute == NULL) 1292 { 1293 return EINVAL; 1294 } 1295 1296 struct fd_list * attrib; 1297 1298 for (attrib = auth_attributes->next; attrib != auth_attributes; attrib 1299 = attrib->next) 1300 { 1301 *auth_attrib = (struct auth_attribute *) attrib; 1302 if (strcmp((*auth_attrib)->attrib, attribute) == 0) 1303 { 1304 *ret = 0; 1305 if (unlink == 1) 1306 { 1307 fd_list_unlink(&(*auth_attrib)->chain); 1308 } 1309 return 0; 1310 } 1311 } 1312 *auth_attrib = NULL; 1313 *ret = 1; 1314 return 0; 1315 } 1316 1317 static int diameap_get_ans_attribute(struct fd_list * ans_attributes, 1318 char * attribute, struct avp_attribute ** ans_attrib, int unlink, 1319 int *ret) 1320 { 1321 TRACE_ENTRY("%p %p %p %p %p", ans_attributes, attribute, ans_attrib, ret); 1322 if (ans_attributes == NULL) 1323 { 1324 return EINVAL; 1325 } 1326 if (attribute == NULL) 1327 { 1328 return EINVAL; 1329 } 1330 struct fd_list * attrib; 1331 for (attrib = ans_attributes->next; attrib != ans_attributes; attrib 1332 = attrib->next) 1333 { 1334 *ans_attrib = (struct avp_attribute *) attrib; 1335 if (strcmp((*ans_attrib)->attrib, attribute) == 0) 1336 { 1337 *ret = 0; 1338 if (unlink == 1) 1339 { 1340 fd_list_unlink(&(*ans_attrib)->chain); 1341 } 1342 return 0; 1343 } 1344 } 1345 *ans_attrib = NULL; 1346 *ret = 1; 1511 1347 return 0; 1512 1348 } … … 1855 1691 operator) == TRUE)) 1856 1692 { 1857 if (strcmp( A.os.data, B) == 0)1693 if (strcmp((char *)A.os.data, B) == 0) 1858 1694 return TRUE; 1859 1695 else … … 1903 1739 regex_t rule_regexp; 1904 1740 regcomp(&rule_regexp, B, REG_EXTENDED | REG_NOSUB | REG_ICASE); 1905 if (regexec(&rule_regexp, A.os.data, 0, NULL, 0) != 0)1741 if (regexec(&rule_regexp, (char *)A.os.data, 0, NULL, 0) != 0) 1906 1742 { 1907 1743 authorized = FALSE; … … 2056 1892 operator) == TRUE)) 2057 1893 { 2058 if (strcmp( A.os.data, B) != 0)1894 if (strcmp((char *)A.os.data, B) != 0) 2059 1895 return TRUE; 2060 1896 else … … 2096 1932 } 2097 1933 } 1934 return FALSE; 2098 1935 } 2099 1936 … … 2155 1992 if (datatype == AVP_TYPE_OCTETSTRING) 2156 1993 { 2157 rval->os.data = strdup(A.os.data); 2158 1994 memcpy(rval->os.data,A.os.data,A.os.len); 2159 1995 rval->os.len = A.os.len; 2160 2161 1996 *tofree = 1; 2162 1997 } … … 2174 2009 { 2175 2010 2176 rval->os.data = strdup(B); 2177 2011 memcpy(rval->os.data,B,strlen(B)); 2178 2012 rval->os.len = strlen(B); 2179 2013 … … 2333 2167 } 2334 2168 2335 static int diameap_get_avp_attribute(struct fd_list * avp_attributes, 2336 char * attribute, struct avp_attribute ** avp_attrib, int unlink, 2337 int *ret) 2338 { 2339 TRACE_ENTRY("%p %p %p %p %p", avp_attributes, attribute, avp_attrib, ret); 2340 if (avp_attributes == NULL) 2341 { 2342 return EINVAL; 2343 } 2344 if (attribute == NULL) 2345 { 2346 return EINVAL; 2347 } 2348 struct fd_list * attrib; 2349 for (attrib = avp_attributes->next; attrib != avp_attributes; attrib 2350 = attrib->next) 2351 { 2352 *avp_attrib = (struct avp_attribute *) attrib; 2353 if (strcmp((*avp_attrib)->attrib, attribute) == 0) 2354 { 2355 *ret = 0; 2356 if (unlink == 1) 2357 { 2358 fd_list_unlink(&(*avp_attrib)->chain); 2359 } 2360 return 0; 2361 } 2362 } 2363 *avp_attrib = NULL; 2364 *ret = 1; 2365 return 0; 2366 } 2367 2368 static int diameap_get_auth_attribute(struct fd_list * auth_attributes, 2369 char * attribute, struct auth_attribute ** auth_attrib, int unlink, 2370 int *ret) 2371 { 2372 2373 TRACE_ENTRY("%p %p %p %p %p", auth_attributes, attribute, auth_attrib, ret); 2374 2375 if (auth_attributes == NULL) 2376 { 2377 return EINVAL; 2378 } 2379 if (attribute == NULL) 2380 { 2381 return EINVAL; 2382 } 2383 2384 struct fd_list * attrib; 2385 2386 for (attrib = auth_attributes->next; attrib != auth_attributes; attrib 2387 = attrib->next) 2388 { 2389 *auth_attrib = (struct auth_attribute *) attrib; 2390 if (strcmp((*auth_attrib)->attrib, attribute) == 0) 2391 { 2392 *ret = 0; 2393 if (unlink == 1) 2394 { 2395 fd_list_unlink(&(*auth_attrib)->chain); 2396 } 2397 return 0; 2398 } 2399 } 2400 *auth_attrib = NULL; 2401 *ret = 1; 2402 return 0; 2403 } 2404 2405 static int diameap_get_ans_attribute(struct fd_list * ans_attributes, 2406 char * attribute, struct avp_attribute ** ans_attrib, int unlink, 2407 int *ret) 2408 { 2409 TRACE_ENTRY("%p %p %p %p %p", ans_attributes, attribute, ans_attrib, ret); 2410 if (ans_attributes == NULL) 2411 { 2412 return EINVAL; 2413 } 2414 if (attribute == NULL) 2415 { 2416 return EINVAL; 2417 } 2418 struct fd_list * attrib; 2419 for (attrib = ans_attributes->next; attrib != ans_attributes; attrib 2420 = attrib->next) 2421 { 2422 *ans_attrib = (struct avp_attribute *) attrib; 2423 if (strcmp((*ans_attrib)->attrib, attribute) == 0) 2424 { 2425 *ret = 0; 2426 if (unlink == 1) 2427 { 2428 fd_list_unlink(&(*ans_attrib)->chain); 2429 } 2430 return 0; 2431 } 2432 } 2433 *ans_attrib = NULL; 2434 *ret = 1; 2435 return 0; 2436 } 2169 2437 2170 2438 2171 static int diameap_policy_decision(struct diameap_state_machine * diameap_sm, … … 3234 2967 { 3235 2968 CHECK_FCT(fd_msg_avp_new(dataobj_eap_key_name, 0, &avp)); 3236 avp_val.os.data = " ";//3237 avp_val.os.len = 1;//2969 avp_val.os.data = NULL;// 2970 avp_val.os.len = 0;// 3238 2971 CHECK_FCT(fd_msg_avp_setvalue(avp, &avp_val)); 3239 2972 CHECK_FCT( fd_msg_avp_add( ans, MSG_BRW_LAST_CHILD, avp ) ); … … 3301 3034 CHECK_FCT( fd_msg_avp_hdr(avp, &avphdr)); 3302 3035 CHECK_FCT( fd_msg_avp_new(dataobj_eap_reissued_payload, 0, &re_avp)); 3303 avp_val.os.data = strdup(avphdr->avp_value->os.data);3036 memcpy(avp_val.os.data,avphdr->avp_value->os.data,avphdr->avp_value->os.len); 3304 3037 avp_val.os.len = avphdr->avp_value->os.len; 3305 3038 CHECK_FCT(fd_msg_avp_setvalue(re_avp, &avp_val)); … … 3315 3048 } 3316 3049 3050 3051 3052 3053 static int diameap_server_callback(struct msg ** rmsg, struct avp * ravp, 3054 struct session * sess, enum disp_action * action) 3055 { 3056 TRACE_ENTRY("%p %p %p %p", rmsg, ravp, sess, action); 3057 3058 struct diameap_sess_data_sm * diameap_sess_data = NULL; 3059 struct diameap_state_machine * diameap_sm = NULL; 3060 struct diameap_eap_interface eap_i; 3061 struct msg *req, *ans; 3062 boolean non_fatal_error = FALSE; 3063 3064 if (rmsg == NULL) 3065 return EINVAL; 3066 3067 req = *rmsg; 3068 3069 CHECK_FCT_DO(fd_sess_state_retrieve(diameap_server_reg, sess, &diameap_sess_data), 3070 { TRACE_DEBUG(INFO,"%s retrieving session state failed.",DIAMEAP_EXTENSION); goto s_end;}); 3071 3072 CHECK_MALLOC_DO(diameap_sm = malloc(sizeof(struct diameap_state_machine)), 3073 goto s_end); 3074 memset(diameap_sm, 0, sizeof(struct diameap_state_machine)); 3075 3076 if (diameap_sess_data) 3077 { 3078 diameap_sm->state = DIAMEAP_RECEIVED; 3079 diameap_sm->eap_sm.eap_state = EAP_IDLE; 3080 } 3081 else 3082 { 3083 diameap_sm->state = DIAMEAP_DISABLED; 3084 diameap_sm->eap_sm.eap_state = EAP_INITIALIZE; 3085 } 3086 3087 while (diameap_sm->state != DIAMEAP_IDLE && diameap_sm->state 3088 != DIAMEAP_END) 3089 { 3090 switch (diameap_sm->state) 3091 { 3092 case DIAMEAP_DISABLED: 3093 if (rmsg) 3094 { 3095 diameap_sm->state = DIAMEAP_INITIALIZE; 3096 } 3097 else 3098 { 3099 TRACE_DEBUG(INFO,"%sReceived empty Diameter EAP Request message.",DIAMEAP_EXTENSION); 3100 goto s_end; 3101 } 3102 break; 3103 3104 case DIAMEAP_INITIALIZE: 3105 3106 CHECK_FCT_DO(diameap_initialize_diameap_sm(diameap_sm,diameap_sess_data), 3107 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP state machine failed.",DIAMEAP_EXTENSION); goto s_end;}) 3108 ; 3109 CHECK_FCT_DO(diameap_initialize_diameap_eap_interface(&eap_i), 3110 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP-EAP Interface failed.",DIAMEAP_EXTENSION); goto s_end;}) 3111 ; 3112 TRACE_DEBUG(FULL+1,"%sParsing AVPs",DIAMEAP_EXTENSION) 3113 ; 3114 CHECK_FCT_DO(diameap_parse_avps(diameap_sm, req, &eap_i), TRACE_DEBUG(INFO,"%s Unable to parse Diameter-EAP-Request AVPs.",DIAMEAP_EXTENSION)) 3115 ; 3116 3117 if ((diameap_sm->result_code != 0)) 3118 { 3119 diameap_sm->state = DIAMEAP_SEND_ERROR_MSG; 3120 } 3121 else 3122 { 3123 diameap_sm->state = DIAMEAP_AUTHENTICATION_VERIFY; 3124 } 3125 break; 3126 3127 case DIAMEAP_RECEIVED: 3128 3129 CHECK_FCT_DO(diameap_initialize_diameap_sm(diameap_sm,diameap_sess_data), 3130 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP state machine failed.",DIAMEAP_EXTENSION); goto s_end;}) 3131 ; 3132 CHECK_FCT_DO(diameap_initialize_diameap_eap_interface(&eap_i), 3133 { TRACE_DEBUG(INFO,"%s Initializing DiamEAP-EAP Interface failed.",DIAMEAP_EXTENSION); goto s_end;}) 3134 ; 3135 TRACE_DEBUG(FULL+1,"%sParsing AVPs",DIAMEAP_EXTENSION) 3136 ; 3137 CHECK_FCT_DO(diameap_parse_avps(diameap_sm, req, &eap_i), TRACE_DEBUG(INFO,"%s Unable to parse Diameter-EAP-Request AVPs.",DIAMEAP_EXTENSION)) 3138 ; 3139 3140 if (diameap_sm->result_code != 0) 3141 { 3142 diameap_sm->state = DIAMEAP_SEND_ERROR_MSG; 3143 } 3144 else 3145 { 3146 diameap_sm->state = DIAMEAP_AUTHENTICATION_VERIFY; 3147 } 3148 break; 3149 3150 case DIAMEAP_AUTHENTICATION_VERIFY: 3151 { 3152 3153 TRACE_DEBUG(FULL+1,"%sVerify authentication",DIAMEAP_EXTENSION); 3154 CHECK_FCT_DO(diameap_eap_statemachine(&diameap_sm->eap_sm, &eap_i,&non_fatal_error), 3155 { TRACE_DEBUG(INFO,"%s EAP process failed.",DIAMEAP_EXTENSION); goto s_end;}); 3156 3157 if (non_fatal_error == TRUE) 3158 { 3159 TRACE_DEBUG(FULL+1,"%sAuthentication verify finished with a non-fatal-error.",DIAMEAP_EXTENSION); 3160 diameap_sm->state = DIAMEAP_SEND_ERROR_MSG; 3161 } 3162 else 3163 { 3164 diameap_sm->state = DIAMEAP_SELECT_DECISION; 3165 3166 } 3167 } 3168 break; 3169 3170 case DIAMEAP_SELECT_DECISION: 3171 3172 CHECK_FCT_DO( diameap_policy_decision(diameap_sm,eap_i), 3173 goto s_end) 3174 ; 3175 3176 if ((eap_i.aaaSuccess == TRUE) && (diameap_sm->auth_request_val 3177 == AUTHORIZE_AUTHENTICATE) 3178 && (diameap_sm->verify_authorization == FALSE)) 3179 { 3180 diameap_sm->state = DIAMEAP_AUTHORIZATION_VERIFY; 3181 } 3182 else 3183 { 3184 diameap_sm->state = DIAMEAP_DIAMETER_EAP_ANSWER; 3185 } 3186 break; 3187 3188 case DIAMEAP_AUTHORIZATION_VERIFY: 3189 diameap_sm->verify_authorization = TRUE; 3190 TRACE_DEBUG(FULL+1,"%sVerify authorization",DIAMEAP_EXTENSION) 3191 ; 3192 CHECK_FCT_DO(diameap_authorize(diameap_sm), 3193 { TRACE_DEBUG(INFO,"%s Authorization check process failed.",DIAMEAP_EXTENSION); goto s_end;}) 3194 ; 3195 diameap_sm->state = DIAMEAP_SELECT_DECISION; 3196 3197 break; 3198 3199 case DIAMEAP_DIAMETER_EAP_ANSWER: 3200 TRACE_DEBUG(FULL+1,"%screate Diameter EAP Answer",DIAMEAP_EXTENSION) 3201 ; 3202 CHECK_FCT_DO(fd_msg_new_answer_from_req(fd_g_config->cnf_dict, rmsg, 0), 3203 goto s_end) 3204 ; 3205 ans = *rmsg; 3206 TRACE_DEBUG(FULL+1,"%sAdding AVPs to Diameter EAP Answer.",DIAMEAP_EXTENSION) 3207 ; 3208 CHECK_FCT_DO( diameap_add_avps(diameap_sm, ans,req), 3209 { TRACE_DEBUG(INFO,"%s Unable to add AVPs to Diameter-EAP-Answer message.",DIAMEAP_EXTENSION);goto s_end;}) 3210 ; 3211 if (diameap_sm->authFailure == FALSE) 3212 { 3213 if (diameap_sm->eap_sm.user.id != 0) 3214 { 3215 TRACE_DEBUG(FULL+1,"%sSelect authentication attributes.",DIAMEAP_EXTENSION); 3216 CHECK_FCT_DO(diameap_authentication_get_attribs(diameap_sm->eap_sm.user, &diameap_sm->attributes), 3217 { TRACE_DEBUG(INFO,"%s Unable to get user's session attributes.",DIAMEAP_EXTENSION); goto s_end;}); 3218 TRACE_DEBUG(FULL+1,"%sCreate answer authentication attributes.",DIAMEAP_EXTENSION); 3219 CHECK_FCT_DO(diameap_answer_avp_attributes(diameap_sm), 3220 { TRACE_DEBUG(INFO,"% Unable to generate answer attributes.",DIAMEAP_EXTENSION); goto s_end;}); 3221 } 3222 3223 if (diameap_sm->authSuccess == FALSE) 3224 { 3225 diameap_sm->state = DIAMEAP_SEND_REQUEST; 3226 } 3227 else 3228 { 3229 3230 diameap_sm->state = DIAMEAP_SEND_SUCCESS; 3231 } 3232 } 3233 else 3234 { 3235 diameap_sm->state = DIAMEAP_SEND_FAILURE; 3236 } 3237 break; 3238 3239 case DIAMEAP_SEND_REQUEST: 3240 TRACE_DEBUG(FULL+1,"%sAdding Result Code AVP to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3241 ; 3242 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), 3243 { TRACE_DEBUG(INFO,"%s Adding Result-Code AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 3244 ; 3245 TRACE_DEBUG(FULL+1,"%sAdding EAP-Payload to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3246 ; 3247 CHECK_FCT_DO( diameap_add_eap_payload(diameap_sm, ans,eap_i), 3248 { TRACE_DEBUG(INFO,"%s Adding EAP-Payload AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 3249 ; 3250 TRACE_DEBUG(FULL+1,"%sStoring DiamEAP session data.",DIAMEAP_EXTENSION) 3251 ; 3252 CHECK_MALLOC(diameap_sess_data = malloc(sizeof(struct diameap_sess_data_sm))) 3253 ; 3254 memset(diameap_sess_data, 0, sizeof(struct diameap_sess_data_sm)); 3255 diameap_sess_data_new(diameap_sess_data, diameap_sm); 3256 3257 CHECK_FCT_DO(fd_sess_state_store(diameap_server_reg, sess, &diameap_sess_data), 3258 { TRACE_DEBUG(INFO,"%s Storing session state failed.",DIAMEAP_EXTENSION); goto s_end;}) 3259 ; 3260 3261 CHECK_FCT_DO( diameap_send(rmsg), 3262 goto s_end) 3263 ; 3264 3265 diameap_sm->state = DIAMEAP_IDLE; 3266 break; 3267 3268 case DIAMEAP_SEND_FAILURE: 3269 TRACE_DEBUG(FULL+1,"%sAdding Result Code AVP to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3270 ; 3271 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), 3272 { TRACE_DEBUG(INFO,"%s Adding Result-Code AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 3273 ; 3274 TRACE_DEBUG(FULL+1,"%sAdding EAP-Payload to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3275 ; 3276 CHECK_FCT_DO( diameap_add_eap_payload(diameap_sm, ans,eap_i), 3277 { TRACE_DEBUG(INFO,"%s Adding EAP-Payload AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 3278 ; 3279 3280 CHECK_FCT_DO( diameap_send(rmsg), 3281 goto s_end) 3282 ; 3283 diameap_sm->state = DIAMEAP_END; 3284 break; 3285 3286 case DIAMEAP_SEND_SUCCESS: 3287 TRACE_DEBUG(FULL+1,"%sAdding User session AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3288 ; 3289 CHECK_FCT_DO(diameap_add_user_sessions_avps(diameap_sm,ans), 3290 { TRACE_DEBUG(INFO,"%s Adding user's session AVPs failed.",DIAMEAP_EXTENSION); goto s_end;}) 3291 ; 3292 3293 if (diameap_sm->auth_request_val == AUTHORIZE_AUTHENTICATE) 3294 { 3295 TRACE_DEBUG(FULL+1,"%sAdding Authorization AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION); 3296 CHECK_FCT_DO(diameap_add_authorization_avps(diameap_sm,ans), 3297 { TRACE_DEBUG(INFO,"%s Adding Authorization AVPs failed.",DIAMEAP_EXTENSION); goto s_end;}); 3298 } 3299 TRACE_DEBUG(FULL+1,"%sAdding Result Code AVP to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3300 ; 3301 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), 3302 { TRACE_DEBUG(INFO,"%s Adding Result-Code AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 3303 ; 3304 TRACE_DEBUG(FULL+1,"%sAdding EAP-Payload to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3305 ; 3306 CHECK_FCT_DO( diameap_add_eap_payload(diameap_sm, ans,eap_i), 3307 { TRACE_DEBUG(INFO,"%s Adding EAP-Payload AVP failed.",DIAMEAP_EXTENSION); goto s_end;}) 3308 ; 3309 TRACE_DEBUG(FULL+1,"%sAdding EAP success AVPs AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3310 ; 3311 CHECK_FCT_DO( diameap_add_eap_success_avps(diameap_sm, ans, eap_i), 3312 goto s_end) 3313 ; 3314 TRACE_DEBUG(FULL+1,"%sAdding Accounting-EAP-Auth-Method AVPs to Diameter-EAP-Answer.",DIAMEAP_EXTENSION) 3315 ; 3316 CHECK_FCT_DO(diameap_add_accounting_eap_auth_method(diameap_sm, ans), 3317 { TRACE_DEBUG(INFO,"%s Adding accounting AVP failed",DIAMEAP_EXTENSION); goto s_end;}) 3318 ; 3319 CHECK_FCT_DO( diameap_send(rmsg), 3320 goto s_end) 3321 ; 3322 diameap_sm->state = DIAMEAP_END; 3323 break; 3324 3325 case DIAMEAP_SEND_ERROR_MSG: 3326 diameap_sm->invalid_eappackets++; 3327 if (diameap_sm->invalid_eappackets 3328 == diameap_config->max_invalid_eap_packet) 3329 { 3330 diameap_sm->result_code = 4001;//DIAMETER_AUTHENTICATION_REJECTED 3331 TRACE_DEBUG(FULL,"%s Maximum permitted invalid EAP Packet reached. Diameter Authentication Rejected.",DIAMEAP_EXTENSION); 3332 } 3333 3334 CHECK_FCT_DO(fd_msg_new_answer_from_req(fd_g_config->cnf_dict, rmsg, 0), 3335 goto s_end) 3336 ; 3337 3338 ans = *rmsg; 3339 CHECK_FCT_DO( diameap_add_avps(diameap_sm, ans,req), 3340 { TRACE_DEBUG(INFO,"%s Adding AVPs to Diameter-EAP-Answer message failed.",DIAMEAP_EXTENSION);goto s_end;}) 3341 ; 3342 if ((non_fatal_error == TRUE) && (diameap_sm->result_code == 0)) 3343 { 3344 diameap_sm->result_code = 1001; 3345 } 3346 3347 if (diameap_sm->result_code == 1001) 3348 { 3349 CHECK_FCT_DO( diameap_add_eap_reissued_payload(ans,req), goto s_end); 3350 } 3351 3352 if (diameap_sm->result_code == 5004) 3353 { 3354 CHECK_FCT_DO( fd_msg_avp_add( ans , MSG_BRW_LAST_CHILD, diameap_sm->failedavp ),goto s_end ); 3355 } 3356 3357 CHECK_FCT_DO( diameap_add_result_code(diameap_sm, ans, sess), goto s_end) 3358 ; 3359 3360 CHECK_FCT_DO( diameap_send(rmsg), goto s_end) 3361 ; 3362 diameap_sm->state = DIAMEAP_IDLE; 3363 break; 3364 3365 case DIAMEAP_END: 3366 break; 3367 3368 case DIAMEAP_IDLE: 3369 break; 3370 } 3371 } 3372 3373 diameap_free(diameap_sm); 3374 3375 s_end: return 0; 3376 } 3377 3317 3378 int diameap_start_server(void) 3318 3379 { 3319 3380 struct disp_when when; 3320 int ret; 3381 3321 3382 /*create handler for sessions */ 3322 3383 CHECK_FCT(fd_sess_handler_create(&diameap_server_reg, diameap_cli_sess_cleanup)); … … 3339 3400 } 3340 3401 3341 static void free_attrib(struct auth_attribute * auth_attrib)3342 {3343 if (auth_attrib == NULL)3344 {3345 return;3346 }3347 if (auth_attrib->attrib != NULL)3348 {3349 free(auth_attrib->attrib);3350 auth_attrib->attrib = NULL;3351 }3352 if (auth_attrib->op != NULL)3353 {3354 free(auth_attrib->op);3355 auth_attrib->op = NULL;3356 }3357 if (auth_attrib->value != NULL)3358 {3359 free(auth_attrib->value);3360 auth_attrib->value = NULL;3361 }3362 free(auth_attrib);3363 auth_attrib = NULL;3364 }3365 3366 static void free_avp_attrib(struct avp_attribute * avp_attrib)3367 {3368 free(avp_attrib);3369 avp_attrib = NULL;3370 }3371 3372 static void free_ans_attrib(struct avp_attribute * ans_attrib)3373 {3374 if (ans_attrib->tofree == 1)3375 {3376 free(ans_attrib->value.os.data);3377 ans_attrib->value.os.data = NULL;3378 }3379 free(ans_attrib);3380 ans_attrib = NULL;3381 }3382 3383 3402 int diameap_stop_server(void) 3384 3403 { -
extensions/app_diameap/diameap_server.h
r425 r438 40 40 #define DIAMEAP_SERVER_H_ 41 41 42 /* handler for DiamEAP server callback */43 static struct disp_hdl * handle;44 45 /* session handler for DiamEAP sessions state machine */46 static struct session_handler * diameap_server_reg = NULL;47 42 48 43 /* session data structure to store */ … … 120 115 int diameap_stop_server(void); 121 116 122 /* Initialize DiamEAP state machine variables */117 /* Initialize DiamEAP state machine variables 123 118 static int diameap_initialize_diameap_sm( 124 119 struct diameap_state_machine * diameap_sm, 125 120 struct diameap_sess_data_sm * diameap_sess_data); 126 121 127 /* Initialize interface between the diameap and the eap states machines */ 122 Initialize interface between the diameap and the eap states machines 128 123 static int diameap_initialize_diameap_eap_interface( 129 124 struct diameap_eap_interface * eap_i); 130 125 131 /* Parse received message */ 126 Parse received message 132 127 static int diameap_parse_avps(struct diameap_state_machine * diameap_sm, 133 128 struct msg * req, struct diameap_eap_interface * eap_i); 134 129 135 /* Add an avp to Failed_AVP AVP for answer message */ 130 Add an avp to Failed_AVP AVP for answer message 136 131 static int diameap_failed_avp(struct diameap_state_machine * diameap_sm, 137 132 struct avp * invalidavp); 138 133 139 /* Parse EAP Response */ 134 Parse EAP Response 140 135 static int diameap_parse_eap_resp(struct eap_state_machine * eap_sm, 141 136 struct eap_packet eappacket); 142 137 143 /* */ 138 144 139 static int diameap_eappacket_new(struct eap_packet * eapPacket, 145 140 struct avp_hdr * avpdata); 146 141 147 /* */ 142 148 143 static int diameap_sess_data_new( 149 144 struct diameap_sess_data_sm *diameap_sess_data, 150 145 struct diameap_state_machine *diameap_sm); 151 146 152 /* */ 147 153 148 static int diameap_unlink_attributes_lists( 154 149 struct diameap_state_machine * diameap_sm); 155 150 156 /**/ 151 157 152 static int diameap_answer_avp_attributes( 158 153 struct diameap_state_machine * diameap_sm); 159 154 160 /**/ 155 161 156 static int diameap_answer_authorization_attributes( 162 157 struct diameap_state_machine * diameap_sm); … … 166 161 static void free_ans_attrib(struct avp_attribute * ans_attrib); 167 162 168 /* */ 163 169 164 static int diameap_get_avp_attribute(struct fd_list * avp_attributes, 170 165 char * attribute, struct avp_attribute ** avp_attrib, int unlink, 171 166 int *ret); 172 167 173 /* */ 168 174 169 static int diameap_get_auth_attribute(struct fd_list * auth_attributes, 175 170 char * attribute, struct auth_attribute ** auth_attrib, int unlink, 176 171 int *ret); 177 172 178 /**/ 173 179 174 static int diameap_get_ans_attribute(struct fd_list * ans_attributes, 180 175 char * attribute, struct avp_attribute ** ans_attrib, int unlink, 181 176 int *ret); 182 177 183 /* */ 178 184 179 static int diameap_policy_decision(struct diameap_state_machine * diameap_sm, 185 180 struct diameap_eap_interface eap_i); 186 181 187 /* */ 182 188 183 static int diameap_add_avps(struct diameap_state_machine * diameap_sm, 189 184 struct msg * ans, struct msg * req); 190 185 191 /* */ 186 192 187 static int diameap_add_user_sessions_avps( 193 188 struct diameap_state_machine * diameap_sm, struct msg * ans); 194 189 195 /* */ 190 196 191 static int diameap_add_result_code(struct diameap_state_machine * diameap_sm, 197 192 struct msg * ans, struct session * sess); 198 193 199 /* */ 194 200 195 static int diameap_add_eap_payload(struct diameap_state_machine * diameap_sm, 201 196 struct msg * ans, struct diameap_eap_interface eap_i); 202 197 203 /* */ 198 204 199 static int diameap_add_authorization_avps(struct diameap_state_machine * diameap_sm, 205 200 struct msg * ans); 206 201 207 /* */ 202 208 203 static int diameap_send(struct msg ** rmsg); 209 204 210 /* */ 205 211 206 static int diameap_add_eap_success_avps( 212 207 struct diameap_state_machine * diameap_sm, struct msg * ans, 213 208 struct diameap_eap_interface eap_i); 214 209 215 /* */ 210 216 211 void diameap_cli_sess_cleanup(void * arg, char * sid); 217 212 218 /* */ 213 219 214 static void diameap_free(struct diameap_state_machine * diameap_sm); 220 215 221 /* */ 216 222 217 static void diameap_sess_data_free( 223 218 struct diameap_sess_data_sm * diameap_sess_data); 224 219 225 /* */ 220 226 221 static int diameap_add_accounting_eap_auth_method( 227 222 struct diameap_state_machine * diameap_sm, struct msg * ans); 228 223 229 /* */ 230 static int diameap_add_eap_reissued_payload(struct msg * ans,struct msg * req); 224 225 static int diameap_add_eap_reissued_payload(struct msg * ans,struct msg * req);*/ 231 226 #endif /* DIAMEAP_SERVER_H_ */ -
extensions/app_diameap/diameap_tls.c
r425 r438 39 39 #include "diameap_tls.h" 40 40 41 //GCRY_THREAD_OPTION_PTHREAD_IMPL; 42 41 43 int diameap_tls_init(struct tls_config * tls_conf) 42 44 { … … 102 104 if (text == NULL) 103 105 return; 104 msg = strdup(text);106 msg = (u8 *) strdup(text); 105 107 int i; 106 108 for (i = 0; (G8(text+i) != '\n') && (G8(text+i) != '\0'); i++) … … 170 172 size_t length) 171 173 { 172 int i;173 174 struct tls_data * data = (struct tls_data *) ptr; 174 u8 * buff;175 176 175 data->tlsReq.data = realloc(data->tlsReq.data, data->tlsReq.datalength 177 176 + length); … … 251 250 252 251 int diameap_tls_get_data(struct tls_msg tlsmsg, u8** tls_data, 253 int* data_length)252 u32 * data_length) 254 253 { 255 254 if (tlsmsg.datalength > 0) … … 332 331 333 332 if (data == NULL) 334 return ;333 return EINVAL; 335 334 int pos = 0; 336 335 diameap_tls_new(tlsmsg); -
extensions/app_diameap/diameap_tls.h
r425 r438 46 46 #include <pthread.h> 47 47 48 GCRY_THREAD_OPTION_PTHREAD_IMPL;49 48 50 49 … … 96 95 int diameap_tls_set_flags(struct tls_msg * tlsmsg, u8 flags); 97 96 98 int diameap_tls_get_data(struct tls_msg tlsmsg, u8** tls_data, int* data_length);97 int diameap_tls_get_data(struct tls_msg tlsmsg, u8** tls_data, u32 * data_length); 99 98 int diameap_tls_set_data(struct tls_msg * tlsmsg, u8* tls_data, int data_length); 100 99 -
extensions/app_diameap/plugins.h
-
Property
exe
set to
*
r425 r438 44 44 45 45 46 static struct register_plugin *registerplugin = NULL;47 46 48 static int isregistered = 0;49 47 50 48 /* Macro that define the register functions of an EAP method */ 51 49 #define REGISTER_METHOD(_methodName, _configFunction, _initFunction, _initPickUpFunction, _buildReqFunction, _getTimeoutFunction, _checkFunction, _processFunction, _isDoneFunction, _getKeyFunction, _unregisterFunction, _datafreeFunction ) \ 50 static struct register_plugin *registerplugin = NULL; \ 51 static int isregistered = 0; \ 52 52 int diameap_plugin_register() { \ 53 53 if (!isregistered){ \ -
Property
exe
set to
-
extensions/app_diameap/plugins/CMakeLists.txt
r431 r438 14 14 15 15 # EAP Identity plugin 16 OPTION(BUILD_ IDENTITY "Build EAP Identity Plugin " ON)17 IF (BUILD_ IDENTITY)16 OPTION(BUILD_EAP_IDENTITY "Build EAP Identity Plugin " ON) 17 IF (BUILD_EAP_IDENTITY) 18 18 ADD_SUBDIRECTORY(eap_identity) 19 ENDIF (BUILD_ IDENTITY)19 ENDIF (BUILD_EAP_IDENTITY) 20 20 21 21 # EAP MD5 plugin -
extensions/app_diameap/plugins/eap_identity/eap_identity.c
-
Property
exe
set to
*
r425 r438 136 136 goto end; 137 137 } 138 U8COPY( user,0,len,Respdata);138 U8COPY((u8 *)user,0,len,Respdata); 139 139 user[length-5]='\0'; 140 140 -
Property
exe
set to
-
extensions/app_diameap/plugins/eap_tls/eap_tls.h
r425 r438 47 47 int diameap_eap_tls_buildReq_data(struct tls_data * data,int id,struct eap_packet * eapPacket); 48 48 int diameap_eap_tls_parse(struct tls_msg * eaptls,struct eap_packet eapPacket); 49 int eaptlsparse(struct tls_config * conf); 49 50 50 51 #endif /* EAP_TLS_H_ */ -
extensions/app_diameap/plugins/eap_tls/eaptls.l
-
Property
exe
set to
*
r425 r438 47 47 yylloc->last_column += yyleng +1; \ 48 48 } 49 50 #define YY_NO_INPUT 49 51 %} 50 52 … … 53 55 %option bison-bridge 54 56 %option bison-locations 55 57 %option nounput 56 58 %% 57 59 /* List of patterns and actions */ -
Property
exe
set to
-
extensions/app_diameap/plugins/eap_tls/eaptls.y
-
Property
exe
set to
*
r425 r438 127 127 if (fl == NULL) { 128 128 int ret = errno; 129 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open certificate file %s for reading ",DIAMEAP_EXTENSION,certfile);129 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open certificate file %s for reading: %s",DIAMEAP_EXTENSION,certfile,strerror(ret)); 130 130 yyerror (&yylloc, config, "Error configuring certificate for EAP-TLS"); 131 131 YYERROR; … … 144 144 if (fl == NULL) { 145 145 int ret = errno; 146 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open privateKey file %s for reading ",DIAMEAP_EXTENSION,keyfile);146 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open privateKey file %s for reading: %s",DIAMEAP_EXTENSION,keyfile,strerror(ret)); 147 147 yyerror (&yylloc, config, "Error configuring privateKey for EAP-TLS"); 148 148 YYERROR; … … 179 179 if (fl == NULL) { 180 180 int ret = errno; 181 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open CA file %s for reading ",DIAMEAP_EXTENSION,cafile);181 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open CA file %s for reading: %s",DIAMEAP_EXTENSION,cafile,strerror(ret)); 182 182 yyerror (&yylloc, config, "Error configuring CA file for EAP-TLS"); 183 183 YYERROR; … … 211 211 if (fl == NULL) { 212 212 int ret = errno; 213 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open CRL file %s for reading ",DIAMEAP_EXTENSION,crlfile);213 TRACE_DEBUG(INFO,"%s[EAP TLS plugin] Unable to open CRL file %s for reading: %s",DIAMEAP_EXTENSION,crlfile,strerror(ret)); 214 214 yyerror (&yylloc, config, "Error configuring CRL file for EAP-TLS"); 215 215 YYERROR; -
Property
exe
set to
Note: See TracChangeset
for help on using the changeset viewer.