Lines Matching refs:sess

284 void srv_log(struct radius_session *sess, const char *fmt, ...)
287 void srv_log(struct radius_session *sess, const char *fmt, ...) in srv_log() argument
304 RADIUS_DEBUG("[0x%x %s] %s", sess->sess_id, sess->nas_ip, buf); in srv_log()
307 if (sess->server->db) { in srv_log()
314 sess->sess_id, sess->nas_ip, in srv_log()
315 sess->username, buf); in srv_log()
317 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, in srv_log()
320 sqlite3_errmsg(sess->server->db)); in srv_log()
373 struct radius_session *sess = client->sessions; in radius_server_get_session() local
375 while (sess) { in radius_server_get_session()
376 if (sess->sess_id == sess_id) { in radius_server_get_session()
379 sess = sess->next; in radius_server_get_session()
382 return sess; in radius_server_get_session()
387 struct radius_session *sess) in radius_server_session_free() argument
389 eloop_cancel_timeout(radius_server_session_timeout, data, sess); in radius_server_session_free()
390 eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess); in radius_server_session_free()
391 eap_server_sm_deinit(sess->eap); in radius_server_session_free()
392 radius_msg_free(sess->last_msg); in radius_server_session_free()
393 os_free(sess->last_from_addr); in radius_server_session_free()
394 radius_msg_free(sess->last_reply); in radius_server_session_free()
395 os_free(sess->username); in radius_server_session_free()
396 os_free(sess->nas_ip); in radius_server_session_free()
397 os_free(sess); in radius_server_session_free()
403 struct radius_session *sess) in radius_server_session_remove() argument
405 struct radius_client *client = sess->client; in radius_server_session_remove()
408 eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess); in radius_server_session_remove()
413 if (session == sess) { in radius_server_session_remove()
415 client->sessions = sess->next; in radius_server_session_remove()
417 prev->next = sess->next; in radius_server_session_remove()
419 radius_server_session_free(data, sess); in radius_server_session_remove()
432 struct radius_session *sess = timeout_ctx; in radius_server_session_remove_timeout() local
433 RADIUS_DEBUG("Removing completed session 0x%x", sess->sess_id); in radius_server_session_remove_timeout()
434 radius_server_session_remove(data, sess); in radius_server_session_remove_timeout()
441 struct radius_session *sess = timeout_ctx; in radius_server_session_timeout() local
443 RADIUS_DEBUG("Timing out authentication session 0x%x", sess->sess_id); in radius_server_session_timeout()
444 radius_server_session_remove(data, sess); in radius_server_session_timeout()
452 struct radius_session *sess; in radius_server_new_session() local
460 sess = os_zalloc(sizeof(*sess)); in radius_server_new_session()
461 if (sess == NULL) in radius_server_new_session()
464 sess->server = data; in radius_server_new_session()
465 sess->client = client; in radius_server_new_session()
466 sess->sess_id = data->next_sess_id++; in radius_server_new_session()
467 sess->next = client->sessions; in radius_server_new_session()
468 client->sessions = sess; in radius_server_new_session()
470 radius_server_session_timeout, data, sess); in radius_server_new_session()
472 return sess; in radius_server_new_session()
477 static void radius_server_testing_options_tls(struct radius_session *sess, in radius_server_testing_options_tls() argument
485 srv_log(sess, "TLS test - break VerifyData"); in radius_server_testing_options_tls()
489 srv_log(sess, "TLS test - break ServerKeyExchange ServerParams hash"); in radius_server_testing_options_tls()
493 srv_log(sess, "TLS test - break ServerKeyExchange ServerParams Signature"); in radius_server_testing_options_tls()
497 srv_log(sess, "TLS test - RSA-DHE using a short 511-bit prime"); in radius_server_testing_options_tls()
501 srv_log(sess, "TLS test - RSA-DHE using a short 767-bit prime"); in radius_server_testing_options_tls()
505 srv_log(sess, "TLS test - RSA-DHE using a bogus 15 \"prime\""); in radius_server_testing_options_tls()
509 srv_log(sess, "TLS test - RSA-DHE using a short 58-bit prime in long container"); in radius_server_testing_options_tls()
513 srv_log(sess, "TLS test - RSA-DHE using a non-prime"); in radius_server_testing_options_tls()
517 srv_log(sess, "Unrecognized TLS test"); in radius_server_testing_options_tls()
523 static void radius_server_testing_options(struct radius_session *sess, in radius_server_testing_options() argument
529 pos = os_strstr(sess->username, "@test-"); in radius_server_testing_options()
534 radius_server_testing_options_tls(sess, pos + 4, eap_conf); in radius_server_testing_options()
536 srv_log(sess, "Unrecognized test: %s", pos); in radius_server_testing_options()
566 struct radius_session *sess; in radius_server_get_new_session() local
604 sess = radius_server_new_session(data, client); in radius_server_get_new_session()
605 if (sess == NULL) { in radius_server_get_new_session()
610 sess->accept_attr = tmp->accept_attr; in radius_server_get_new_session()
611 sess->macacl = tmp->macacl; in radius_server_get_new_session()
614 sess->username = os_malloc(user_len * 4 + 1); in radius_server_get_new_session()
615 if (sess->username == NULL) { in radius_server_get_new_session()
616 radius_server_session_remove(data, sess); in radius_server_get_new_session()
619 printf_encode(sess->username, user_len * 4 + 1, user, user_len); in radius_server_get_new_session()
621 sess->nas_ip = os_strdup(from_addr); in radius_server_get_new_session()
622 if (sess->nas_ip == NULL) { in radius_server_get_new_session()
623 radius_server_session_remove(data, sess); in radius_server_get_new_session()
635 if (hwaddr_aton2(buf, sess->mac_addr) < 0) in radius_server_get_new_session()
636 os_memset(sess->mac_addr, 0, ETH_ALEN); in radius_server_get_new_session()
639 MAC2STR(sess->mac_addr)); in radius_server_get_new_session()
642 srv_log(sess, "New session created"); in radius_server_get_new_session()
645 radius_server_testing_options(sess, &eap_sess); in radius_server_get_new_session()
646 sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb, in radius_server_get_new_session()
648 if (sess->eap == NULL) { in radius_server_get_new_session()
651 radius_server_session_remove(data, sess); in radius_server_get_new_session()
654 sess->eap_if = eap_get_interface(sess->eap); in radius_server_get_new_session()
655 sess->eap_if->eapRestart = true; in radius_server_get_new_session()
656 sess->eap_if->portEnabled = true; in radius_server_get_new_session()
658 RADIUS_DEBUG("New session 0x%x initialized", sess->sess_id); in radius_server_get_new_session()
660 return sess; in radius_server_get_new_session()
665 static void radius_srv_hs20_t_c_pending(struct radius_session *sess) in radius_srv_hs20_t_c_pending() argument
673 if (!sess->server->db || !sess->eap || in radius_srv_hs20_t_c_pending()
674 is_zero_ether_addr(sess->mac_addr)) in radius_srv_hs20_t_c_pending()
677 os_snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sess->mac_addr)); in radius_srv_hs20_t_c_pending()
679 id = eap_get_identity(sess->eap, &id_len); in radius_srv_hs20_t_c_pending()
694 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) != in radius_srv_hs20_t_c_pending()
697 sqlite3_errmsg(sess->server->db)); in radius_srv_hs20_t_c_pending()
705 static void radius_server_add_session(struct radius_session *sess) in radius_server_add_session() argument
712 if (!sess->server->db) in radius_server_add_session()
717 MAC2STR(sess->mac_addr)); in radius_server_add_session()
721 addr_txt, sess->username, now.sec, in radius_server_add_session()
722 sess->nas_ip, sess->t_c_filtering); in radius_server_add_session()
724 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, in radius_server_add_session()
727 sqlite3_errmsg(sess->server->db)); in radius_server_add_session()
735 static void db_update_last_msk(struct radius_session *sess, const char *msk) in db_update_last_msk() argument
745 if (!sess->server->db) in db_update_last_msk()
748 serial_num = eap_get_serial_num(sess->eap); in db_update_last_msk()
756 id = eap_get_identity(sess->eap, &id_len); in db_update_last_msk()
772 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) != in db_update_last_msk()
775 sqlite3_errmsg(sess->server->db)); in db_update_last_msk()
785 static int radius_server_is_sim_method(struct radius_session *sess) in radius_server_is_sim_method() argument
789 name = eap_get_method(sess->eap); in radius_server_is_sim_method()
842 static int radius_server_sim_provisioning_session(struct radius_session *sess, in radius_server_sim_provisioning_session() argument
853 if (!sess->server->db || in radius_server_sim_provisioning_session()
854 (!db_table_exists(sess->server->db, "sim_provisioning") && in radius_server_sim_provisioning_session()
855 db_table_create_sim_provisioning(sess->server->db) < 0)) in radius_server_sim_provisioning_session()
858 imsi = eap_get_imsi(sess->eap); in radius_server_sim_provisioning_session()
862 eap_method = eap_get_method(sess->eap); in radius_server_sim_provisioning_session()
867 MAC2STR(sess->mac_addr)); in radius_server_sim_provisioning_session()
877 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) != in radius_server_sim_provisioning_session()
880 sqlite3_errmsg(sess->server->db)); in radius_server_sim_provisioning_session()
897 struct radius_session *sess, in radius_server_encapsulate_eap() argument
906 if (sess->eap_if->eapFail) { in radius_server_encapsulate_eap()
907 sess->eap_if->eapFail = false; in radius_server_encapsulate_eap()
909 } else if (sess->eap_if->eapSuccess) { in radius_server_encapsulate_eap()
910 sess->eap_if->eapSuccess = false; in radius_server_encapsulate_eap()
913 sess->eap_if->eapReq = false; in radius_server_encapsulate_eap()
928 sess_id = htonl(sess->sess_id); in radius_server_encapsulate_eap()
935 if (sess->eap_if->eapReqData && in radius_server_encapsulate_eap()
936 !radius_msg_add_eap(msg, wpabuf_head(sess->eap_if->eapReqData), in radius_server_encapsulate_eap()
937 wpabuf_len(sess->eap_if->eapReqData))) { in radius_server_encapsulate_eap()
941 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eap_if->eapKeyData) { in radius_server_encapsulate_eap()
946 len = sess->eap_if->eapKeyDataLen; in radius_server_encapsulate_eap()
950 sess->eap_if->eapKeyData, len); in radius_server_encapsulate_eap()
958 len = sess->eap_if->eapKeyDataLen; in radius_server_encapsulate_eap()
963 sess->eap_if->eapKeyData, len); in radius_server_encapsulate_eap()
970 db_update_last_msk(sess, buf); in radius_server_encapsulate_eap()
972 if (sess->eap_if->eapKeyDataLen > 64) { in radius_server_encapsulate_eap()
975 len = sess->eap_if->eapKeyDataLen / 2; in radius_server_encapsulate_eap()
980 sess->eap_if->eapKeyData + len, in radius_server_encapsulate_eap()
981 len, sess->eap_if->eapKeyData, in radius_server_encapsulate_eap()
986 if (sess->eap_if->eapSessionId && in radius_server_encapsulate_eap()
988 sess->eap_if->eapSessionId, in radius_server_encapsulate_eap()
989 sess->eap_if->eapSessionIdLen)) { in radius_server_encapsulate_eap()
995 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation && in radius_server_encapsulate_eap()
1012 } else if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation) { in radius_server_encapsulate_eap()
1021 radius_server_is_sim_method(sess) && in radius_server_encapsulate_eap()
1035 if (radius_server_sim_provisioning_session(sess, hash) < 0) { in radius_server_encapsulate_eap()
1063 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->t_c_filtering) { in radius_server_encapsulate_eap()
1102 os_snprintf(pos2, end2 - pos2, MACSTR, MAC2STR(sess->mac_addr)); in radius_server_encapsulate_eap()
1115 radius_srv_hs20_t_c_pending(sess); in radius_server_encapsulate_eap()
1127 for (attr = sess->accept_attr; attr; attr = attr->next) { in radius_server_encapsulate_eap()
1154 radius_server_add_session(sess); in radius_server_encapsulate_eap()
1163 struct radius_session *sess, in radius_server_macacl() argument
1183 res = data->get_eap_user(data->conf_ctx, (u8 *) sess->username, in radius_server_macacl()
1184 os_strlen(sess->username), 0, &tmp); in radius_server_macacl()
1225 for (attr = sess->accept_attr; attr; attr = attr->next) { in radius_server_macacl()
1312 static void radius_server_hs20_t_c_check(struct radius_session *sess, in radius_server_hs20_t_c_check() argument
1349 if (sess->t_c_timestamp != WPA_GET_BE32(timestamp)) { in radius_server_hs20_t_c_check()
1351 sess->t_c_filtering = 1; in radius_server_hs20_t_c_check()
1368 struct radius_session *sess; in radius_server_request() local
1373 sess = force_sess; in radius_server_request()
1380 sess = radius_server_get_session(client, state); in radius_server_request()
1382 sess = NULL; in radius_server_request()
1386 if (sess) { in radius_server_request()
1387 RADIUS_DEBUG("Request for session 0x%x", sess->sess_id); in radius_server_request()
1394 sess = radius_server_get_new_session(data, client, msg, in radius_server_request()
1396 if (sess == NULL) { in radius_server_request()
1404 if (sess->last_from_port == from_port && in radius_server_request()
1405 sess->last_identifier == radius_msg_get_hdr(msg)->identifier && in radius_server_request()
1406 os_memcmp(sess->last_authenticator, in radius_server_request()
1412 if (sess->last_reply) { in radius_server_request()
1414 buf = radius_msg_get_buf(sess->last_reply); in radius_server_request()
1431 if (eap == NULL && sess->macacl) { in radius_server_request()
1432 reply = radius_server_macacl(data, client, sess, msg); in radius_server_request()
1454 wpabuf_free(sess->eap_if->eapRespData); in radius_server_request()
1455 sess->eap_if->eapRespData = eap; in radius_server_request()
1456 sess->eap_if->eapResp = true; in radius_server_request()
1457 eap_server_sm_step(sess->eap); in radius_server_request()
1459 if ((sess->eap_if->eapReq || sess->eap_if->eapSuccess || in radius_server_request()
1460 sess->eap_if->eapFail) && sess->eap_if->eapReqData) { in radius_server_request()
1462 wpabuf_head(sess->eap_if->eapReqData), in radius_server_request()
1463 wpabuf_len(sess->eap_if->eapReqData)); in radius_server_request()
1464 } else if (sess->eap_if->eapFail) { in radius_server_request()
1467 } else if (eap_sm_method_pending(sess->eap)) { in radius_server_request()
1468 radius_msg_free(sess->last_msg); in radius_server_request()
1469 sess->last_msg = msg; in radius_server_request()
1470 sess->last_from_port = from_port; in radius_server_request()
1471 os_free(sess->last_from_addr); in radius_server_request()
1472 sess->last_from_addr = os_strdup(from_addr); in radius_server_request()
1473 sess->last_fromlen = fromlen; in radius_server_request()
1474 os_memcpy(&sess->last_from, from, fromlen); in radius_server_request()
1485 if (sess->eap_if->eapSuccess || sess->eap_if->eapFail) in radius_server_request()
1487 if (sess->eap_if->eapFail) { in radius_server_request()
1488 srv_log(sess, "EAP authentication failed"); in radius_server_request()
1489 db_update_last_msk(sess, "FAIL"); in radius_server_request()
1490 } else if (sess->eap_if->eapSuccess) { in radius_server_request()
1491 srv_log(sess, "EAP authentication succeeded"); in radius_server_request()
1494 if (sess->eap_if->eapSuccess) in radius_server_request()
1495 radius_server_hs20_t_c_check(sess, msg); in radius_server_request()
1497 reply = radius_server_encapsulate_eap(data, client, sess, msg); in radius_server_request()
1511 srv_log(sess, "Sending Access-Accept"); in radius_server_request()
1516 srv_log(sess, "Sending Access-Reject"); in radius_server_request()
1533 radius_msg_free(sess->last_reply); in radius_server_request()
1534 sess->last_reply = reply; in radius_server_request()
1535 sess->last_from_port = from_port; in radius_server_request()
1537 sess->last_identifier = hdr->identifier; in radius_server_request()
1538 os_memcpy(sess->last_authenticator, hdr->authenticator, 16); in radius_server_request()
1546 sess->sess_id); in radius_server_request()
1548 data, sess); in radius_server_request()
1551 data, sess); in radius_server_request()
2523 struct radius_session *sess = ctx; in radius_server_get_eap_user() local
2524 struct radius_server_data *data = sess->server; in radius_server_get_eap_user()
2530 sess->accept_attr = user->accept_attr; in radius_server_get_eap_user()
2531 sess->remediation = user->remediation; in radius_server_get_eap_user()
2532 sess->macacl = user->macacl; in radius_server_get_eap_user()
2533 sess->t_c_timestamp = user->t_c_timestamp; in radius_server_get_eap_user()
2547 struct radius_session *sess = ctx; in radius_server_get_eap_req_id_text() local
2548 struct radius_server_data *data = sess->server; in radius_server_get_eap_req_id_text()
2556 struct radius_session *sess = ctx; in radius_server_log_msg() local
2557 srv_log(sess, "EAP: %s", msg); in radius_server_log_msg()
2565 struct radius_session *sess = ctx; in radius_server_get_erp_domain() local
2566 struct radius_server_data *data = sess->server; in radius_server_get_erp_domain()
2575 struct radius_session *sess = ctx; in radius_server_erp_get_key() local
2576 struct radius_server_data *data = sess->server; in radius_server_erp_get_key()
2584 struct radius_session *sess = ctx; in radius_server_erp_add_key() local
2585 struct radius_server_data *data = sess->server; in radius_server_erp_add_key()
2619 struct radius_session *s, *sess = NULL; in radius_server_eap_pending_cb() local
2628 sess = s; in radius_server_eap_pending_cb()
2632 if (sess) in radius_server_eap_pending_cb()
2636 if (sess == NULL) { in radius_server_eap_pending_cb()
2641 msg = sess->last_msg; in radius_server_eap_pending_cb()
2642 sess->last_msg = NULL; in radius_server_eap_pending_cb()
2643 eap_sm_pending_cb(sess->eap); in radius_server_eap_pending_cb()
2645 (struct sockaddr *) &sess->last_from, in radius_server_eap_pending_cb()
2646 sess->last_fromlen, cli, in radius_server_eap_pending_cb()
2647 sess->last_from_addr, in radius_server_eap_pending_cb()
2648 sess->last_from_port, sess) == -2) in radius_server_eap_pending_cb()