src/modules/rlm_securid/rlm_securid.h

   1 #ifndef _RLM_SECURID_H
   2 #define _RLM_SECURID_H
   3
   4 #include <freeradius-devel/ident.h>
   5 #include <freeradius-devel/radiusd.h>
   6 #include <freeradius-devel/modules.h>
   7 #include <freeradius-devel/rad_assert.h>
   8
   9 #include "acexport.h"
  10
  11 #define SAFE_STR(s) s==NULL?"EMPTY":s
  12
  13 typedef enum {
  14         INITIAL_STATE = 0,
  15         NEXT_CODE_REQUIRED_STATE = 100,
  16         NEW_PIN_REQUIRED_STATE = 200,
  17         NEW_PIN_USER_CONFIRM_STATE = 201,
  18         NEW_PIN_AUTH_VALIDATE_STATE = 202
  19 }
  20 SECURID_SESSION_STATE;
  21
  22 /*
  23  * SECURID_SESSION is used to identify existing securID sessions
  24  * to continue Next-Token code and New-Pin conversations with a client
  25  *
  26  * next = pointer to next
  27  * state = state attribute from the reply we sent
  28  * state_len = length of data in the state attribute.
  29  * src_ipaddr = client which sent us the RADIUS request containing
  30  *              this SecurID conversation.
  31  * timestamp  = timestamp when this handler was last used.
  32  * trips = number of trips
  33  * identity = Identity of the user
  34  * request = RADIUS request data structure
  35  */
  36
  37 #define SECURID_STATE_LEN 32
  38 typedef struct _securid_session_t {
  39         struct _securid_session_t *prev, *next;
  40         SDI_HANDLE                sdiHandle;
  41         SECURID_SESSION_STATE     securidSessionState;
  42
  43         uint8_t                   state[SECURID_STATE_LEN];
  44
  45         fr_ipaddr_t               src_ipaddr;
  46         time_t                    timestamp;
  47         unsigned int              session_id;
  48         int                       trips;
  49
  50         char                      *pin;      /* previous pin if user entered it during NEW-PIN mode process */
  51         char                      *identity; /* save user's identity name for future use */
  52
  53 } SECURID_SESSION;
  54
  55
  56 /*
  57  *      Define a structure for our module configuration.
  58  *
  59  *      These variables do not need to be in a structure, but it's
  60  *      a lot cleaner to do so, and a pointer to the structure can
  61  *      be used as the instance handle.
  62  *      sessions = remembered sessions, in a tree for speed.
  63  *      mutex = ensure only one thread is updating the sessions list
  64  */
  65 typedef struct rlm_securid_t {
  66         pthread_mutex_t session_mutex;
  67         rbtree_t*       session_tree;
  68         SECURID_SESSION *session_head, *session_tail;
  69
  70         unsigned int     last_session_id;
  71
  72         /*
  73          *      Configuration items.
  74          */
  75         int             timer_limit;
  76         int             max_sessions;
  77         int             max_trips_per_session;
  78 } rlm_securid_t;
  79
  80 /* Memory Management */
  81 SECURID_SESSION*     securid_session_alloc(void);
  82 void                 securid_session_free(rlm_securid_t *inst, REQUEST *request,SECURID_SESSION *session);
  83
  84 void                 securid_sessionlist_free(rlm_securid_t *inst,REQUEST *request);
  85
  86 int                  securid_sessionlist_add(rlm_securid_t *inst, REQUEST *request, SECURID_SESSION *session);
  87 SECURID_SESSION*     securid_sessionlist_find(rlm_securid_t *inst, REQUEST *request);
  88
  89
  90 #endif