Lines Matching refs:sess
427 void srv_log(struct radius_session *sess, const char *fmt, ...)
430 void srv_log(struct radius_session *sess, const char *fmt, ...) in srv_log() argument
447 RADIUS_DEBUG("[0x%x %s] %s", sess->sess_id, sess->nas_ip, buf); in srv_log()
450 if (sess->server->db) { in srv_log()
457 sess->sess_id, sess->nas_ip, in srv_log()
458 sess->username, buf); in srv_log()
460 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, in srv_log()
463 sqlite3_errmsg(sess->server->db)); in srv_log()
516 struct radius_session *sess = client->sessions; in radius_server_get_session() local
518 while (sess) { in radius_server_get_session()
519 if (sess->sess_id == sess_id) { in radius_server_get_session()
522 sess = sess->next; in radius_server_get_session()
525 return sess; in radius_server_get_session()
530 struct radius_session *sess) in radius_server_session_free() argument
532 eloop_cancel_timeout(radius_server_session_timeout, data, sess); in radius_server_session_free()
533 eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess); in radius_server_session_free()
534 eap_server_sm_deinit(sess->eap); in radius_server_session_free()
535 radius_msg_free(sess->last_msg); in radius_server_session_free()
536 os_free(sess->last_from_addr); in radius_server_session_free()
537 radius_msg_free(sess->last_reply); in radius_server_session_free()
538 os_free(sess->username); in radius_server_session_free()
539 os_free(sess->nas_ip); in radius_server_session_free()
540 os_free(sess); in radius_server_session_free()
546 struct radius_session *sess) in radius_server_session_remove() argument
548 struct radius_client *client = sess->client; in radius_server_session_remove()
551 eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess); in radius_server_session_remove()
556 if (session == sess) { in radius_server_session_remove()
558 client->sessions = sess->next; in radius_server_session_remove()
560 prev->next = sess->next; in radius_server_session_remove()
562 radius_server_session_free(data, sess); in radius_server_session_remove()
575 struct radius_session *sess = timeout_ctx; in radius_server_session_remove_timeout() local
576 RADIUS_DEBUG("Removing completed session 0x%x", sess->sess_id); in radius_server_session_remove_timeout()
577 radius_server_session_remove(data, sess); in radius_server_session_remove_timeout()
584 struct radius_session *sess = timeout_ctx; in radius_server_session_timeout() local
586 RADIUS_DEBUG("Timing out authentication session 0x%x", sess->sess_id); in radius_server_session_timeout()
587 radius_server_session_remove(data, sess); in radius_server_session_timeout()
595 struct radius_session *sess; in radius_server_new_session() local
603 sess = os_zalloc(sizeof(*sess)); in radius_server_new_session()
604 if (sess == NULL) in radius_server_new_session()
607 sess->server = data; in radius_server_new_session()
608 sess->client = client; in radius_server_new_session()
609 sess->sess_id = data->next_sess_id++; in radius_server_new_session()
610 sess->next = client->sessions; in radius_server_new_session()
611 client->sessions = sess; in radius_server_new_session()
613 radius_server_session_timeout, data, sess); in radius_server_new_session()
615 return sess; in radius_server_new_session()
620 static void radius_server_testing_options_tls(struct radius_session *sess, in radius_server_testing_options_tls() argument
628 srv_log(sess, "TLS test - break VerifyData"); in radius_server_testing_options_tls()
632 srv_log(sess, "TLS test - break ServerKeyExchange ServerParams hash"); in radius_server_testing_options_tls()
636 srv_log(sess, "TLS test - break ServerKeyExchange ServerParams Signature"); in radius_server_testing_options_tls()
640 srv_log(sess, "TLS test - RSA-DHE using a short 511-bit prime"); in radius_server_testing_options_tls()
644 srv_log(sess, "TLS test - RSA-DHE using a short 767-bit prime"); in radius_server_testing_options_tls()
648 srv_log(sess, "TLS test - RSA-DHE using a bogus 15 \"prime\""); in radius_server_testing_options_tls()
652 … srv_log(sess, "TLS test - RSA-DHE using a short 58-bit prime in long container"); in radius_server_testing_options_tls()
656 srv_log(sess, "TLS test - RSA-DHE using a non-prime"); in radius_server_testing_options_tls()
660 srv_log(sess, "Unrecognized TLS test"); in radius_server_testing_options_tls()
666 static void radius_server_testing_options(struct radius_session *sess, in radius_server_testing_options() argument
672 pos = os_strstr(sess->username, "@test-"); in radius_server_testing_options()
677 radius_server_testing_options_tls(sess, pos + 4, eap_conf); in radius_server_testing_options()
679 srv_log(sess, "Unrecognized test: %s", pos); in radius_server_testing_options()
709 struct radius_session *sess; in radius_server_get_new_session() local
747 sess = radius_server_new_session(data, client); in radius_server_get_new_session()
748 if (sess == NULL) { in radius_server_get_new_session()
753 sess->accept_attr = tmp->accept_attr; in radius_server_get_new_session()
754 sess->macacl = tmp->macacl; in radius_server_get_new_session()
757 sess->username = os_malloc(user_len * 4 + 1); in radius_server_get_new_session()
758 if (sess->username == NULL) { in radius_server_get_new_session()
759 radius_server_session_remove(data, sess); in radius_server_get_new_session()
762 printf_encode(sess->username, user_len * 4 + 1, user, user_len); in radius_server_get_new_session()
764 sess->nas_ip = os_strdup(from_addr); in radius_server_get_new_session()
765 if (sess->nas_ip == NULL) { in radius_server_get_new_session()
766 radius_server_session_remove(data, sess); in radius_server_get_new_session()
778 if (hwaddr_aton2(buf, sess->mac_addr) < 0) in radius_server_get_new_session()
779 os_memset(sess->mac_addr, 0, ETH_ALEN); in radius_server_get_new_session()
782 MAC2STR(sess->mac_addr)); in radius_server_get_new_session()
785 srv_log(sess, "New session created"); in radius_server_get_new_session()
812 radius_server_testing_options(sess, &eap_conf); in radius_server_get_new_session()
813 sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb, in radius_server_get_new_session()
815 if (sess->eap == NULL) { in radius_server_get_new_session()
818 radius_server_session_remove(data, sess); in radius_server_get_new_session()
821 sess->eap_if = eap_get_interface(sess->eap); in radius_server_get_new_session()
822 sess->eap_if->eapRestart = TRUE; in radius_server_get_new_session()
823 sess->eap_if->portEnabled = TRUE; in radius_server_get_new_session()
825 RADIUS_DEBUG("New session 0x%x initialized", sess->sess_id); in radius_server_get_new_session()
827 return sess; in radius_server_get_new_session()
832 static void radius_srv_hs20_t_c_pending(struct radius_session *sess) in radius_srv_hs20_t_c_pending() argument
840 if (!sess->server->db || !sess->eap || in radius_srv_hs20_t_c_pending()
841 is_zero_ether_addr(sess->mac_addr)) in radius_srv_hs20_t_c_pending()
844 os_snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sess->mac_addr)); in radius_srv_hs20_t_c_pending()
846 id = eap_get_identity(sess->eap, &id_len); in radius_srv_hs20_t_c_pending()
861 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) != in radius_srv_hs20_t_c_pending()
864 sqlite3_errmsg(sess->server->db)); in radius_srv_hs20_t_c_pending()
872 static void radius_server_add_session(struct radius_session *sess) in radius_server_add_session() argument
879 if (!sess->server->db) in radius_server_add_session()
884 MAC2STR(sess->mac_addr)); in radius_server_add_session()
888 addr_txt, sess->username, now.sec, in radius_server_add_session()
889 sess->nas_ip, sess->t_c_filtering); in radius_server_add_session()
891 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, in radius_server_add_session()
894 sqlite3_errmsg(sess->server->db)); in radius_server_add_session()
902 static void db_update_last_msk(struct radius_session *sess, const char *msk) in db_update_last_msk() argument
912 if (!sess->server->db) in db_update_last_msk()
915 serial_num = eap_get_serial_num(sess->eap); in db_update_last_msk()
923 id = eap_get_identity(sess->eap, &id_len); in db_update_last_msk()
939 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) != in db_update_last_msk()
942 sqlite3_errmsg(sess->server->db)); in db_update_last_msk()
952 static int radius_server_is_sim_method(struct radius_session *sess) in radius_server_is_sim_method() argument
956 name = eap_get_method(sess->eap); in radius_server_is_sim_method()
1009 static int radius_server_sim_provisioning_session(struct radius_session *sess, in radius_server_sim_provisioning_session() argument
1020 if (!sess->server->db || in radius_server_sim_provisioning_session()
1021 (!db_table_exists(sess->server->db, "sim_provisioning") && in radius_server_sim_provisioning_session()
1022 db_table_create_sim_provisioning(sess->server->db) < 0)) in radius_server_sim_provisioning_session()
1025 imsi = eap_get_imsi(sess->eap); in radius_server_sim_provisioning_session()
1029 eap_method = eap_get_method(sess->eap); in radius_server_sim_provisioning_session()
1034 MAC2STR(sess->mac_addr)); in radius_server_sim_provisioning_session()
1044 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) != in radius_server_sim_provisioning_session()
1047 sqlite3_errmsg(sess->server->db)); in radius_server_sim_provisioning_session()
1064 struct radius_session *sess, in radius_server_encapsulate_eap() argument
1073 if (sess->eap_if->eapFail) { in radius_server_encapsulate_eap()
1074 sess->eap_if->eapFail = FALSE; in radius_server_encapsulate_eap()
1076 } else if (sess->eap_if->eapSuccess) { in radius_server_encapsulate_eap()
1077 sess->eap_if->eapSuccess = FALSE; in radius_server_encapsulate_eap()
1080 sess->eap_if->eapReq = FALSE; in radius_server_encapsulate_eap()
1090 sess_id = htonl(sess->sess_id); in radius_server_encapsulate_eap()
1097 if (sess->eap_if->eapReqData && in radius_server_encapsulate_eap()
1098 !radius_msg_add_eap(msg, wpabuf_head(sess->eap_if->eapReqData), in radius_server_encapsulate_eap()
1099 wpabuf_len(sess->eap_if->eapReqData))) { in radius_server_encapsulate_eap()
1103 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eap_if->eapKeyData) { in radius_server_encapsulate_eap()
1108 len = sess->eap_if->eapKeyDataLen; in radius_server_encapsulate_eap()
1112 sess->eap_if->eapKeyData, len); in radius_server_encapsulate_eap()
1120 len = sess->eap_if->eapKeyDataLen; in radius_server_encapsulate_eap()
1125 sess->eap_if->eapKeyData, len); in radius_server_encapsulate_eap()
1132 db_update_last_msk(sess, buf); in radius_server_encapsulate_eap()
1134 if (sess->eap_if->eapKeyDataLen > 64) { in radius_server_encapsulate_eap()
1137 len = sess->eap_if->eapKeyDataLen / 2; in radius_server_encapsulate_eap()
1142 sess->eap_if->eapKeyData + len, in radius_server_encapsulate_eap()
1143 len, sess->eap_if->eapKeyData, in radius_server_encapsulate_eap()
1148 if (sess->eap_if->eapSessionId && in radius_server_encapsulate_eap()
1150 sess->eap_if->eapSessionId, in radius_server_encapsulate_eap()
1151 sess->eap_if->eapSessionIdLen)) { in radius_server_encapsulate_eap()
1157 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation && in radius_server_encapsulate_eap()
1174 } else if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation) { in radius_server_encapsulate_eap()
1183 radius_server_is_sim_method(sess) && in radius_server_encapsulate_eap()
1197 if (radius_server_sim_provisioning_session(sess, hash) < 0) { in radius_server_encapsulate_eap()
1225 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->t_c_filtering) { in radius_server_encapsulate_eap()
1264 os_snprintf(pos2, end2 - pos2, MACSTR, MAC2STR(sess->mac_addr)); in radius_server_encapsulate_eap()
1277 radius_srv_hs20_t_c_pending(sess); in radius_server_encapsulate_eap()
1289 for (attr = sess->accept_attr; attr; attr = attr->next) { in radius_server_encapsulate_eap()
1316 radius_server_add_session(sess); in radius_server_encapsulate_eap()
1325 struct radius_session *sess, in radius_server_macacl() argument
1345 res = data->get_eap_user(data->conf_ctx, (u8 *) sess->username, in radius_server_macacl()
1346 os_strlen(sess->username), 0, &tmp); in radius_server_macacl()
1382 for (attr = sess->accept_attr; attr; attr = attr->next) { in radius_server_macacl()
1464 static void radius_server_hs20_t_c_check(struct radius_session *sess, in radius_server_hs20_t_c_check() argument
1501 if (sess->t_c_timestamp != WPA_GET_BE32(timestamp)) { in radius_server_hs20_t_c_check()
1503 sess->t_c_filtering = 1; in radius_server_hs20_t_c_check()
1520 struct radius_session *sess; in radius_server_request() local
1525 sess = force_sess; in radius_server_request()
1532 sess = radius_server_get_session(client, state); in radius_server_request()
1534 sess = NULL; in radius_server_request()
1538 if (sess) { in radius_server_request()
1539 RADIUS_DEBUG("Request for session 0x%x", sess->sess_id); in radius_server_request()
1546 sess = radius_server_get_new_session(data, client, msg, in radius_server_request()
1548 if (sess == NULL) { in radius_server_request()
1556 if (sess->last_from_port == from_port && in radius_server_request()
1557 sess->last_identifier == radius_msg_get_hdr(msg)->identifier && in radius_server_request()
1558 os_memcmp(sess->last_authenticator, in radius_server_request()
1564 if (sess->last_reply) { in radius_server_request()
1566 buf = radius_msg_get_buf(sess->last_reply); in radius_server_request()
1583 if (eap == NULL && sess->macacl) { in radius_server_request()
1584 reply = radius_server_macacl(data, client, sess, msg); in radius_server_request()
1606 wpabuf_free(sess->eap_if->eapRespData); in radius_server_request()
1607 sess->eap_if->eapRespData = eap; in radius_server_request()
1608 sess->eap_if->eapResp = TRUE; in radius_server_request()
1609 eap_server_sm_step(sess->eap); in radius_server_request()
1611 if ((sess->eap_if->eapReq || sess->eap_if->eapSuccess || in radius_server_request()
1612 sess->eap_if->eapFail) && sess->eap_if->eapReqData) { in radius_server_request()
1614 wpabuf_head(sess->eap_if->eapReqData), in radius_server_request()
1615 wpabuf_len(sess->eap_if->eapReqData)); in radius_server_request()
1616 } else if (sess->eap_if->eapFail) { in radius_server_request()
1619 } else if (eap_sm_method_pending(sess->eap)) { in radius_server_request()
1620 radius_msg_free(sess->last_msg); in radius_server_request()
1621 sess->last_msg = msg; in radius_server_request()
1622 sess->last_from_port = from_port; in radius_server_request()
1623 os_free(sess->last_from_addr); in radius_server_request()
1624 sess->last_from_addr = os_strdup(from_addr); in radius_server_request()
1625 sess->last_fromlen = fromlen; in radius_server_request()
1626 os_memcpy(&sess->last_from, from, fromlen); in radius_server_request()
1637 if (sess->eap_if->eapSuccess || sess->eap_if->eapFail) in radius_server_request()
1639 if (sess->eap_if->eapFail) { in radius_server_request()
1640 srv_log(sess, "EAP authentication failed"); in radius_server_request()
1641 db_update_last_msk(sess, "FAIL"); in radius_server_request()
1642 } else if (sess->eap_if->eapSuccess) { in radius_server_request()
1643 srv_log(sess, "EAP authentication succeeded"); in radius_server_request()
1646 if (sess->eap_if->eapSuccess) in radius_server_request()
1647 radius_server_hs20_t_c_check(sess, msg); in radius_server_request()
1649 reply = radius_server_encapsulate_eap(data, client, sess, msg); in radius_server_request()
1663 srv_log(sess, "Sending Access-Accept"); in radius_server_request()
1668 srv_log(sess, "Sending Access-Reject"); in radius_server_request()
1685 radius_msg_free(sess->last_reply); in radius_server_request()
1686 sess->last_reply = reply; in radius_server_request()
1687 sess->last_from_port = from_port; in radius_server_request()
1689 sess->last_identifier = hdr->identifier; in radius_server_request()
1690 os_memcpy(sess->last_authenticator, hdr->authenticator, 16); in radius_server_request()
1698 sess->sess_id); in radius_server_request()
1700 data, sess); in radius_server_request()
1703 data, sess); in radius_server_request()
2705 struct radius_session *sess = ctx; in radius_server_get_eap_user() local
2706 struct radius_server_data *data = sess->server; in radius_server_get_eap_user()
2712 sess->accept_attr = user->accept_attr; in radius_server_get_eap_user()
2713 sess->remediation = user->remediation; in radius_server_get_eap_user()
2714 sess->macacl = user->macacl; in radius_server_get_eap_user()
2715 sess->t_c_timestamp = user->t_c_timestamp; in radius_server_get_eap_user()
2729 struct radius_session *sess = ctx; in radius_server_get_eap_req_id_text() local
2730 struct radius_server_data *data = sess->server; in radius_server_get_eap_req_id_text()
2738 struct radius_session *sess = ctx; in radius_server_log_msg() local
2739 srv_log(sess, "EAP: %s", msg); in radius_server_log_msg()
2747 struct radius_session *sess = ctx; in radius_server_get_erp_domain() local
2748 struct radius_server_data *data = sess->server; in radius_server_get_erp_domain()
2757 struct radius_session *sess = ctx; in radius_server_erp_get_key() local
2758 struct radius_server_data *data = sess->server; in radius_server_erp_get_key()
2766 struct radius_session *sess = ctx; in radius_server_erp_add_key() local
2767 struct radius_server_data *data = sess->server; in radius_server_erp_add_key()
2801 struct radius_session *s, *sess = NULL; in radius_server_eap_pending_cb() local
2810 sess = s; in radius_server_eap_pending_cb()
2814 if (sess) in radius_server_eap_pending_cb()
2818 if (sess == NULL) { in radius_server_eap_pending_cb()
2823 msg = sess->last_msg; in radius_server_eap_pending_cb()
2824 sess->last_msg = NULL; in radius_server_eap_pending_cb()
2825 eap_sm_pending_cb(sess->eap); in radius_server_eap_pending_cb()
2827 (struct sockaddr *) &sess->last_from, in radius_server_eap_pending_cb()
2828 sess->last_fromlen, cli, in radius_server_eap_pending_cb()
2829 sess->last_from_addr, in radius_server_eap_pending_cb()
2830 sess->last_from_port, sess) == -2) in radius_server_eap_pending_cb()