/** Return an EAP-name for a particular type
*
* Resolve
*/
char const *eap_type2name(eap_type_t method)
{
fr_dict_enum_t *dv;
dv = fr_dict_enum_by_value(attr_eap_type, fr_box_uint32(method));
if (dv) return dv->alias;
return "unknown";
}
static fr_io_final_t mod_process(UNUSED void const *instance, REQUEST *request, fr_io_action_t action)
{
VALUE_PAIR *vp;
rlm_rcode_t rcode;
CONF_SECTION *unlang;
fr_dict_enum_t const *dv;
REQUEST_VERIFY(request);
/*
* Pass this through asynchronously to the module which
* is waiting for something to happen.
*/
if (action != FR_IO_ACTION_RUN) {
unlang_interpret_signal(request, (fr_state_signal_t) action);
return FR_IO_DONE;
}
switch (request->request_state) {
case REQUEST_INIT:
if (request->parent && RDEBUG_ENABLED) {
RDEBUG("Received %s ID %i", fr_packet_codes[request->packet->code], request->packet->id);
log_request_pair_list(L_DBG_LVL_1, request, request->packet->vps, "");
}
request->component = "radius";
/*
* We can run CoA-Request or Disconnect-Request sections here
*/
dv = fr_dict_enum_by_value(attr_packet_type, fr_box_uint32(request->packet->code));
if (!dv) {
REDEBUG("Failed to find value for &request:Packet-Type");
return FR_IO_FAIL;
}
unlang = cf_section_find(request->server_cs, "recv", dv->alias);
if (!unlang) {
REDEBUG("Failed to find 'recv %s' section", dv->alias);
return FR_IO_FAIL;
}
RDEBUG("Running 'recv %s' from file %s", dv->alias, cf_filename(unlang));
unlang_interpret_push_section(request, unlang, RLM_MODULE_NOOP, UNLANG_TOP_FRAME);
request->request_state = REQUEST_RECV;
/* FALL-THROUGH */
case REQUEST_RECV:
rcode = unlang_interpret_resume(request);
if (request->master_state == REQUEST_STOP_PROCESSING) return FR_IO_DONE;
if (rcode == RLM_MODULE_YIELD) return FR_IO_YIELD;
rad_assert(request->log.unlang_indent == 0);
switch (rcode) {
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
request->reply->code = request->packet->code + 1; /* ACK */
break;
case RLM_MODULE_HANDLED:
break;
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
request->reply->code = request->packet->code + 2; /* NAK */
break;
}
/*
* Allow for over-ride of reply code.
*/
vp = fr_pair_find_by_da(request->reply->vps, attr_packet_type, TAG_ANY);
if (vp) request->reply->code = vp->vp_uint32;
dv = fr_dict_enum_by_value(attr_packet_type, fr_box_uint32(request->reply->code));
unlang = NULL;
if (dv) unlang = cf_section_find(request->server_cs, "send", dv->alias);
if (!unlang) goto send_reply;
/*
* Note that for NAKs, we do NOT use
* reject_delay. This is because we're acting as
* a NAS, and we want to respond to the RADIUS
* server as quickly as possible.
*/
rerun_nak:
RDEBUG("Running 'send %s' from file %s", cf_section_name2(unlang), cf_filename(unlang));
unlang_interpret_push_section(request, unlang, RLM_MODULE_NOOP, UNLANG_TOP_FRAME);
rad_assert(request->log.unlang_indent == 0);
request->request_state = REQUEST_SEND;
/* FALL-THROUGH */
case REQUEST_SEND:
rcode = unlang_interpret_resume(request);
if (request->master_state == REQUEST_STOP_PROCESSING) return FR_IO_DONE;
if (rcode == RLM_MODULE_YIELD) return FR_IO_YIELD;
rad_assert(request->log.unlang_indent == 0);
switch (rcode) {
/*
* We need to send CoA-NAK back if Service-Type
* is Authorize-Only. Rely on the user's policy
* to do that. We're not a real NAS, so this
* restriction doesn't (ahem) apply to us.
*/
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
/*
* If we over-ride an ACK with a NAK, run
* the NAK section.
*/
if (request->reply->code == request->packet->code + 1) {
dv = fr_dict_enum_by_value(attr_packet_type, fr_box_uint32(request->reply->code));
RWDEBUG("Failed running 'send %s', trying corresponding NAK section.", dv->alias);
request->reply->code = request->packet->code + 2;
dv = fr_dict_enum_by_value(attr_packet_type, fr_box_uint32(request->reply->code));
unlang = NULL;
if (!dv) goto send_reply;
unlang = cf_section_find(request->server_cs, "send", dv->alias);
if (unlang) goto rerun_nak;
RWDEBUG("Not running 'send %s' section as it does not exist", dv->alias);
}
/*
* Else it was already a NAK or something else.
*/
break;
case RLM_MODULE_HANDLED:
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
/* reply code is already set */
break;
}
send_reply:
gettimeofday(&request->reply->timestamp, NULL);
/*
* Check for "do not respond".
*/
if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
RDEBUG("Not sending reply to client.");
break;
}
if (request->parent && RDEBUG_ENABLED) {
RDEBUG("Sending %s ID %i", fr_packet_codes[request->reply->code], request->reply->id);
log_request_pair_list(L_DBG_LVL_1, request, request->reply->vps, "");
}
break;
default:
return FR_IO_FAIL;
}
return FR_IO_REPLY;
}
static fr_io_final_t mod_process(UNUSED void const *instance, REQUEST *request)
{
rlm_rcode_t rcode;
CONF_SECTION *unlang;
fr_dict_enum_t const *dv;
VALUE_PAIR *vp;
REQUEST_VERIFY(request);
switch (request->request_state) {
case REQUEST_INIT:
if (request->parent && RDEBUG_ENABLED) {
RDEBUG("Received %s ID %i", fr_packet_codes[request->packet->code], request->packet->id);
log_request_pair_list(L_DBG_LVL_1, request, request->packet->vps, "");
}
request->component = "radius";
unlang = cf_section_find(request->server_cs, "recv", "Status-Server");
if (!unlang) {
RWDEBUG("Failed to find 'recv Status-Server' section");
request->reply->code = FR_CODE_ACCESS_REJECT;
goto send_reply;
}
RDEBUG("Running 'recv Status-Server' from file %s", cf_filename(unlang));
unlang_interpret_push_section(request, unlang, RLM_MODULE_NOOP, UNLANG_TOP_FRAME);
request->request_state = REQUEST_RECV;
/* FALL-THROUGH */
case REQUEST_RECV:
rcode = unlang_interpret_resume(request);
if (request->master_state == REQUEST_STOP_PROCESSING) return FR_IO_DONE;
if (rcode == RLM_MODULE_YIELD) return FR_IO_YIELD;
rad_assert(request->log.unlang_indent == 0);
switch (rcode) {
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
request->reply->code = FR_CODE_ACCESS_ACCEPT;
break;
case RLM_MODULE_FAIL:
case RLM_MODULE_HANDLED:
request->reply->code = 0; /* don't reply */
break;
default:
case RLM_MODULE_REJECT:
request->reply->code = FR_CODE_ACCESS_REJECT;
break;
}
/*
* Allow for over-ride of reply code.
*/
vp = fr_pair_find_by_da(request->reply->vps, attr_packet_type, TAG_ANY);
if (vp) request->reply->code = vp->vp_uint32;
dv = fr_dict_enum_by_value(attr_packet_type, fr_box_uint32(request->reply->code));
unlang = NULL;
if (dv) unlang = cf_section_find(request->server_cs, "send", dv->alias);
if (!unlang) goto send_reply;
rerun_nak:
RDEBUG("Running 'send %s' from file %s", cf_section_name2(unlang), cf_filename(unlang));
unlang_interpret_push_section(request, unlang, RLM_MODULE_NOOP, UNLANG_TOP_FRAME);
request->request_state = REQUEST_SEND;
/* FALL-THROUGH */
case REQUEST_SEND:
rcode = unlang_interpret_resume(request);
if (request->master_state == REQUEST_STOP_PROCESSING) return FR_IO_DONE;
if (rcode == RLM_MODULE_YIELD) return FR_IO_YIELD;
rad_assert(request->log.unlang_indent == 0);
switch (rcode) {
case RLM_MODULE_NOOP:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
case RLM_MODULE_HANDLED:
/* reply is already set */
break;
default:
/*
* If we over-ride an ACK with a NAK, run
* the NAK section.
*/
if (request->reply->code != FR_CODE_ACCESS_REJECT) {
dv = fr_dict_enum_by_value(attr_packet_type, fr_box_uint32(request->reply->code));
RWDEBUG("Failed running 'send %s', trying 'send Access-Reject'", dv->alias);
request->reply->code = FR_CODE_ACCESS_REJECT;
dv = fr_dict_enum_by_value(attr_packet_type, fr_box_uint32(request->reply->code));
unlang = NULL;
if (!dv) goto send_reply;
unlang = cf_section_find(request->server_cs, "send", dv->alias);
if (unlang) goto rerun_nak;
RWDEBUG("Not running 'send %s' section as it does not exist", dv->alias);
}
break;
}
send_reply:
gettimeofday(&request->reply->timestamp, NULL);
/*
* Check for "do not respond".
*/
if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
RDEBUG("Not sending reply to client.");
break;
}
if (request->parent && RDEBUG_ENABLED) {
RDEBUG("Sending %s ID %i", fr_packet_codes[request->reply->code], request->reply->id);
log_request_pair_list(L_DBG_LVL_1, request, request->reply->vps, "");
}
break;
default:
return FR_IO_FAIL;
}
return FR_IO_REPLY;
}
static fr_io_final_t mod_process(UNUSED void const *instance, REQUEST *request, fr_io_action_t action)
{
VALUE_PAIR *vp;
rlm_rcode_t rcode;
CONF_SECTION *unlang;
REQUEST_VERIFY(request);
/*
* Pass this through asynchronously to the module which
* is waiting for something to happen.
*/
if (action != FR_IO_ACTION_RUN) {
unlang_signal(request, (fr_state_signal_t) action);
return FR_IO_DONE;
}
switch (request->request_state) {
case REQUEST_INIT:
RDEBUG("Received %s ID %i",
fr_dict_enum_alias_by_value(attr_packet_type, fr_box_uint32(request->reply->code)),
request->packet->id);
log_request_pair_list(L_DBG_LVL_1, request, request->packet->vps, "");
request->component = "radius";
unlang = cf_section_find(request->server_cs, "recv", NULL);
if (!unlang) {
REDEBUG("Failed to find 'recv' section");
return FR_IO_FAIL;
}
RDEBUG("Running 'recv' from file %s", cf_filename(unlang));
unlang_push_section(request, unlang, RLM_MODULE_NOOP, UNLANG_TOP_FRAME);
request->request_state = REQUEST_RECV;
/* FALL-THROUGH */
case REQUEST_RECV:
rcode = unlang_interpret_continue(request);
if (request->master_state == REQUEST_STOP_PROCESSING) return FR_IO_DONE;
if (rcode == RLM_MODULE_YIELD) return FR_IO_YIELD;
rad_assert(request->log.unlang_indent == 0);
switch (rcode) {
/*
* The module has a number of OK return codes.
*/
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
switch (request->packet->code) {
case FR_CODE_ACCOUNTING_REQUEST:
request->reply->code = FR_CODE_ACCOUNTING_RESPONSE;
break;
case FR_CODE_COA_REQUEST:
request->reply->code = FR_CODE_COA_ACK;
break;
case FR_CODE_DISCONNECT_REQUEST:
request->reply->code = FR_CODE_DISCONNECT_ACK;
break;
default:
request->reply->code = 0;
break;
}
break;
case RLM_MODULE_HANDLED:
break;
/*
* The module failed, or said the request is
* invalid, therefore we stop here.
*/
case RLM_MODULE_NOOP:
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
request->reply->code = 0;
break;
}
/*
* Allow for over-ride of reply code.
*/
vp = fr_pair_find_by_da(request->reply->vps, attr_packet_type, TAG_ANY);
if (vp) request->reply->code = vp->vp_uint32;
if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
RWARN("Ignoring 'do_not_respond' as it does not apply to detail files");
}
unlang = cf_section_find(request->server_cs, "send", "ok");
if (!unlang) goto send_reply;
RDEBUG("Running 'send %s { ... }' from file %s", cf_section_name2(unlang), cf_filename(unlang));
unlang_push_section(request, unlang, RLM_MODULE_NOOP, UNLANG_TOP_FRAME);
request->request_state = REQUEST_SEND;
/* FALL-THROUGH */
case REQUEST_SEND:
rcode = unlang_interpret_continue(request);
if (request->master_state == REQUEST_STOP_PROCESSING) return FR_IO_DONE;
if (rcode == RLM_MODULE_YIELD) return FR_IO_YIELD;
rad_assert(request->log.unlang_indent == 0);
switch (rcode) {
case RLM_MODULE_NOOP:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
case RLM_MODULE_HANDLED:
/* reply is already set */
break;
default:
request->reply->code = 0;
break;
}
send_reply:
/*
* Failed, but we still reply with a magic code,
* so that the reader can retransmit.
*/
if (!request->reply->code) {
REDEBUG("Failed ID %i", request->reply->id);
} else {
RDEBUG("Sent %s ID %i",
fr_dict_enum_alias_by_value(attr_packet_type, fr_box_uint32(request->reply->code)),
request->reply->id);
}
log_request_proto_pair_list(L_DBG_LVL_1, request, request->reply->vps, "");
break;
default:
return FR_IO_FAIL;
}
return FR_IO_REPLY;
}
