360 void srv_log(struct radius_session *sess, const char *fmt, ...)
363 void srv_log(struct radius_session *sess, const char *fmt, ...)  in srv_log()  argument
380 	RADIUS_DEBUG("[0x%x %s] %s", sess->sess_id, sess->nas_ip, buf);  in srv_log()
383 	if (sess->server->db) {  in srv_log()
390 				      sess->sess_id, sess->nas_ip,  in srv_log()
391 				      sess->username, buf);  in srv_log()
393 			if (sqlite3_exec(sess->server->db, sql, NULL, NULL,  in srv_log()
396 					     sqlite3_errmsg(sess->server->db));  in srv_log()
449 	struct radius_session *sess = client->sessions;  in radius_server_get_session()  local
451 	while (sess) {  in radius_server_get_session()
452 		if (sess->sess_id == sess_id) {  in radius_server_get_session()
455 		sess = sess->next;  in radius_server_get_session()
458 	return sess;  in radius_server_get_session()
463 				       struct radius_session *sess)  in radius_server_session_free()  argument
465 	eloop_cancel_timeout(radius_server_session_timeout, data, sess);  in radius_server_session_free()
466 	eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess);  in radius_server_session_free()
467 	eap_server_sm_deinit(sess->eap);  in radius_server_session_free()
468 	radius_msg_free(sess->last_msg);  in radius_server_session_free()
469 	os_free(sess->last_from_addr);  in radius_server_session_free()
470 	radius_msg_free(sess->last_reply);  in radius_server_session_free()
471 	os_free(sess->username);  in radius_server_session_free()
472 	os_free(sess->nas_ip);  in radius_server_session_free()
473 	os_free(sess);  in radius_server_session_free()
479 					 struct radius_session *sess)  in radius_server_session_remove()  argument
481 	struct radius_client *client = sess->client;  in radius_server_session_remove()
484 	eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess);  in radius_server_session_remove()
489 		if (session == sess) {  in radius_server_session_remove()
491 				client->sessions = sess->next;  in radius_server_session_remove()
493 				prev->next = sess->next;  in radius_server_session_remove()
495 			radius_server_session_free(data, sess);  in radius_server_session_remove()
508 	struct radius_session *sess = timeout_ctx;  in radius_server_session_remove_timeout()  local
509 	RADIUS_DEBUG("Removing completed session 0x%x", sess->sess_id);  in radius_server_session_remove_timeout()
510 	radius_server_session_remove(data, sess);  in radius_server_session_remove_timeout()
517 	struct radius_session *sess = timeout_ctx;  in radius_server_session_timeout()  local
519 	RADIUS_DEBUG("Timing out authentication session 0x%x", sess->sess_id);  in radius_server_session_timeout()
520 	radius_server_session_remove(data, sess);  in radius_server_session_timeout()
528 	struct radius_session *sess;  in radius_server_new_session()  local
536 	sess = os_zalloc(sizeof(*sess));  in radius_server_new_session()
537 	if (sess == NULL)  in radius_server_new_session()
540 	sess->server = data;  in radius_server_new_session()
541 	sess->client = client;  in radius_server_new_session()
542 	sess->sess_id = data->next_sess_id++;  in radius_server_new_session()
543 	sess->next = client->sessions;  in radius_server_new_session()
544 	client->sessions = sess;  in radius_server_new_session()
546 			       radius_server_session_timeout, data, sess);  in radius_server_new_session()
548 	return sess;  in radius_server_new_session()
553 static void radius_server_testing_options_tls(struct radius_session *sess,  in radius_server_testing_options_tls()  argument
561 		srv_log(sess, "TLS test - break VerifyData");  in radius_server_testing_options_tls()
565 		srv_log(sess, "TLS test - break ServerKeyExchange ServerParams hash");  in radius_server_testing_options_tls()
569 		srv_log(sess, "TLS test - break ServerKeyExchange ServerParams Signature");  in radius_server_testing_options_tls()
573 		srv_log(sess, "TLS test - RSA-DHE using a short 511-bit prime");  in radius_server_testing_options_tls()
577 		srv_log(sess, "TLS test - RSA-DHE using a short 767-bit prime");  in radius_server_testing_options_tls()
581 		srv_log(sess, "TLS test - RSA-DHE using a bogus 15 \"prime\"");  in radius_server_testing_options_tls()
585 		srv_log(sess, "TLS test - RSA-DHE using a short 58-bit prime in long container");  in radius_server_testing_options_tls()
589 		srv_log(sess, "TLS test - RSA-DHE using a non-prime");  in radius_server_testing_options_tls()
593 		srv_log(sess, "Unrecognized TLS test");  in radius_server_testing_options_tls()
599 static void radius_server_testing_options(struct radius_session *sess,  in radius_server_testing_options()  argument
605 	pos = os_strstr(sess->username, "@test-");  in radius_server_testing_options()
610 		radius_server_testing_options_tls(sess, pos + 4, eap_conf);  in radius_server_testing_options()
612 		srv_log(sess, "Unrecognized test: %s", pos);  in radius_server_testing_options()
625 	struct radius_session *sess;  in radius_server_get_new_session()  local
648 	sess = radius_server_new_session(data, client);  in radius_server_get_new_session()
649 	if (sess == NULL) {  in radius_server_get_new_session()
653 	sess->accept_attr = tmp.accept_attr;  in radius_server_get_new_session()
654 	sess->macacl = tmp.macacl;  in radius_server_get_new_session()
656 	sess->username = os_malloc(user_len * 4 + 1);  in radius_server_get_new_session()
657 	if (sess->username == NULL) {  in radius_server_get_new_session()
658 		radius_server_session_free(data, sess);  in radius_server_get_new_session()
661 	printf_encode(sess->username, user_len * 4 + 1, user, user_len);  in radius_server_get_new_session()
663 	sess->nas_ip = os_strdup(from_addr);  in radius_server_get_new_session()
664 	if (sess->nas_ip == NULL) {  in radius_server_get_new_session()
665 		radius_server_session_free(data, sess);  in radius_server_get_new_session()
669 	srv_log(sess, "New session created");  in radius_server_get_new_session()
691 	radius_server_testing_options(sess, &eap_conf);  in radius_server_get_new_session()
692 	sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,  in radius_server_get_new_session()
694 	if (sess->eap == NULL) {  in radius_server_get_new_session()
697 		radius_server_session_free(data, sess);  in radius_server_get_new_session()
700 	sess->eap_if = eap_get_interface(sess->eap);  in radius_server_get_new_session()
701 	sess->eap_if->eapRestart = TRUE;  in radius_server_get_new_session()
702 	sess->eap_if->portEnabled = TRUE;  in radius_server_get_new_session()
704 	RADIUS_DEBUG("New session 0x%x initialized", sess->sess_id);  in radius_server_get_new_session()
706 	return sess;  in radius_server_get_new_session()
713 			      struct radius_session *sess,  in radius_server_encapsulate_eap()  argument
721 	if (sess->eap_if->eapFail) {  in radius_server_encapsulate_eap()
722 		sess->eap_if->eapFail = FALSE;  in radius_server_encapsulate_eap()
724 	} else if (sess->eap_if->eapSuccess) {  in radius_server_encapsulate_eap()
725 		sess->eap_if->eapSuccess = FALSE;  in radius_server_encapsulate_eap()
728 		sess->eap_if->eapReq = FALSE;  in radius_server_encapsulate_eap()
738 	sess_id = htonl(sess->sess_id);  in radius_server_encapsulate_eap()
745 	if (sess->eap_if->eapReqData &&  in radius_server_encapsulate_eap()
746 	    !radius_msg_add_eap(msg, wpabuf_head(sess->eap_if->eapReqData),  in radius_server_encapsulate_eap()
747 				wpabuf_len(sess->eap_if->eapReqData))) {  in radius_server_encapsulate_eap()
751 	if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eap_if->eapKeyData) {  in radius_server_encapsulate_eap()
759 				len = sess->eap_if->eapKeyDataLen;  in radius_server_encapsulate_eap()
764 					sess->eap_if->eapKeyData, len);  in radius_server_encapsulate_eap()
771 		if (sess->eap_if->eapKeyDataLen > 64) {  in radius_server_encapsulate_eap()
774 			len = sess->eap_if->eapKeyDataLen / 2;  in radius_server_encapsulate_eap()
779 					      sess->eap_if->eapKeyData + len,  in radius_server_encapsulate_eap()
780 					      len, sess->eap_if->eapKeyData,  in radius_server_encapsulate_eap()
787 	if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation &&  in radius_server_encapsulate_eap()
804 	} else if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation) {  in radius_server_encapsulate_eap()
822 		for (attr = sess->accept_attr; attr; attr = attr->next) {  in radius_server_encapsulate_eap()
846 		     struct radius_session *sess,  in radius_server_macacl()  argument
866 		res = data->get_eap_user(data->conf_ctx, (u8 *) sess->username,  in radius_server_macacl()
867 					 os_strlen(sess->username), 0, &tmp);  in radius_server_macacl()
903 		for (attr = sess->accept_attr; attr; attr = attr->next) {  in radius_server_macacl()
996 	struct radius_session *sess;  in radius_server_request()  local
1001 		sess = force_sess;  in radius_server_request()
1008 			sess = radius_server_get_session(client, state);  in radius_server_request()
1010 			sess = NULL;  in radius_server_request()
1014 	if (sess) {  in radius_server_request()
1015 		RADIUS_DEBUG("Request for session 0x%x", sess->sess_id);  in radius_server_request()
1022 		sess = radius_server_get_new_session(data, client, msg,  in radius_server_request()
1024 		if (sess == NULL) {  in radius_server_request()
1032 	if (sess->last_from_port == from_port &&  in radius_server_request()
1033 	    sess->last_identifier == radius_msg_get_hdr(msg)->identifier &&  in radius_server_request()
1034 	    os_memcmp(sess->last_authenticator,  in radius_server_request()
1040 		if (sess->last_reply) {  in radius_server_request()
1042 			buf = radius_msg_get_buf(sess->last_reply);  in radius_server_request()
1059 	if (eap == NULL && sess->macacl) {  in radius_server_request()
1060 		reply = radius_server_macacl(data, client, sess, msg);  in radius_server_request()
1082 	wpabuf_free(sess->eap_if->eapRespData);  in radius_server_request()
1083 	sess->eap_if->eapRespData = eap;  in radius_server_request()
1084 	sess->eap_if->eapResp = TRUE;  in radius_server_request()
1085 	eap_server_sm_step(sess->eap);  in radius_server_request()
1087 	if ((sess->eap_if->eapReq || sess->eap_if->eapSuccess ||  in radius_server_request()
1088 	     sess->eap_if->eapFail) && sess->eap_if->eapReqData) {  in radius_server_request()
1090 			    wpabuf_head(sess->eap_if->eapReqData),  in radius_server_request()
1091 			    wpabuf_len(sess->eap_if->eapReqData));  in radius_server_request()
1092 	} else if (sess->eap_if->eapFail) {  in radius_server_request()
1095 	} else if (eap_sm_method_pending(sess->eap)) {  in radius_server_request()
1096 		radius_msg_free(sess->last_msg);  in radius_server_request()
1097 		sess->last_msg = msg;  in radius_server_request()
1098 		sess->last_from_port = from_port;  in radius_server_request()
1099 		os_free(sess->last_from_addr);  in radius_server_request()
1100 		sess->last_from_addr = os_strdup(from_addr);  in radius_server_request()
1101 		sess->last_fromlen = fromlen;  in radius_server_request()
1102 		os_memcpy(&sess->last_from, from, fromlen);  in radius_server_request()
1113 	if (sess->eap_if->eapSuccess || sess->eap_if->eapFail)  in radius_server_request()
1115 	if (sess->eap_if->eapFail)  in radius_server_request()
1116 		srv_log(sess, "EAP authentication failed");  in radius_server_request()
1117 	else if (sess->eap_if->eapSuccess)  in radius_server_request()
1118 		srv_log(sess, "EAP authentication succeeded");  in radius_server_request()
1120 	reply = radius_server_encapsulate_eap(data, client, sess, msg);  in radius_server_request()
1134 			srv_log(sess, "Sending Access-Accept");  in radius_server_request()
1139 			srv_log(sess, "Sending Access-Reject");  in radius_server_request()
1156 		radius_msg_free(sess->last_reply);  in radius_server_request()
1157 		sess->last_reply = reply;  in radius_server_request()
1158 		sess->last_from_port = from_port;  in radius_server_request()
1160 		sess->last_identifier = hdr->identifier;  in radius_server_request()
1161 		os_memcpy(sess->last_authenticator, hdr->authenticator, 16);  in radius_server_request()
1169 			     sess->sess_id);  in radius_server_request()
1171 				     data, sess);  in radius_server_request()
1174 				       data, sess);  in radius_server_request()
2029 	struct radius_session *sess = ctx;  in radius_server_get_eap_user()  local
2030 	struct radius_server_data *data = sess->server;  in radius_server_get_eap_user()
2036 		sess->accept_attr = user->accept_attr;  in radius_server_get_eap_user()
2037 		sess->remediation = user->remediation;  in radius_server_get_eap_user()
2038 		sess->macacl = user->macacl;  in radius_server_get_eap_user()
2052 	struct radius_session *sess = ctx;  in radius_server_get_eap_req_id_text()  local
2053 	struct radius_server_data *data = sess->server;  in radius_server_get_eap_req_id_text()
2061 	struct radius_session *sess = ctx;  in radius_server_log_msg()  local
2062 	srv_log(sess, "EAP: %s", msg);  in radius_server_log_msg()
2070 	struct radius_session *sess = ctx;  in radius_server_get_erp_domain()  local
2071 	struct radius_server_data *data = sess->server;  in radius_server_get_erp_domain()
2080 	struct radius_session *sess = ctx;  in radius_server_erp_get_key()  local
2081 	struct radius_server_data *data = sess->server;  in radius_server_erp_get_key()
2096 	struct radius_session *sess = ctx;  in radius_server_erp_add_key()  local
2097 	struct radius_server_data *data = sess->server;  in radius_server_erp_add_key()
2131 	struct radius_session *s, *sess = NULL;  in radius_server_eap_pending_cb()  local
2140 				sess = s;  in radius_server_eap_pending_cb()
2144 		if (sess)  in radius_server_eap_pending_cb()
2148 	if (sess == NULL) {  in radius_server_eap_pending_cb()
2153 	msg = sess->last_msg;  in radius_server_eap_pending_cb()
2154 	sess->last_msg = NULL;  in radius_server_eap_pending_cb()
2155 	eap_sm_pending_cb(sess->eap);  in radius_server_eap_pending_cb()
2157 				  (struct sockaddr *) &sess->last_from,  in radius_server_eap_pending_cb()
2158 				  sess->last_fromlen, cli,  in radius_server_eap_pending_cb()
2159 				  sess->last_from_addr,  in radius_server_eap_pending_cb()
2160 				  sess->last_from_port, sess) == -2)  in radius_server_eap_pending_cb()