2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * @brief Decodes Microsoft's Statement of Health sub-protocol.
22 * @copyright 2010 Phil Mayers <p.mayers@imperial.ac.uk>
26 #include <freeradius-devel/radiusd.h>
27 #include <freeradius-devel/modules.h>
28 #include <freeradius-devel/dhcp.h>
29 #include <freeradius-devel/soh.h>
32 typedef struct rlm_soh_t {
33 char const *xlat_name;
39 * Not sure how to make this useful yet...
41 static ssize_t soh_xlat(UNUSED void *instance, REQUEST *request, char const *fmt, char *out, size_t outlen) {
47 * There will be no point unless SoH-Supported = yes
49 vp[0] = pairfind(request->packet->vps, PW_SOH_SUPPORTED, 0, TAG_ANY);
54 if (strncasecmp(fmt, "OS", 2) == 0) {
56 vp[0] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_VENDOR, 0, TAG_ANY);
57 vp[1] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_VERSION, 0, TAG_ANY);
58 vp[2] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_RELEASE, 0, TAG_ANY);
59 vp[3] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_BUILD, 0, TAG_ANY);
60 vp[4] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_SP_VERSION, 0, TAG_ANY);
61 vp[5] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_SP_RELEASE, 0, TAG_ANY);
63 if (vp[0] && vp[0]->vp_integer == VENDORPEC_MICROSOFT) {
65 snprintf(out, outlen, "Windows unknown");
67 switch (vp[1]->vp_integer) {
84 snprintf(out, outlen, "Windows %s %d.%d.%d sp %d.%d", osname, vp[1]->vp_integer,
85 vp[2] ? vp[2]->vp_integer : 0,
86 vp[3] ? vp[3]->vp_integer : 0,
87 vp[4] ? vp[4]->vp_integer : 0,
88 vp[5] ? vp[5]->vp_integer : 0
99 static const CONF_PARSER module_config[] = {
103 { "dhcp", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_soh_t, dhcp), "no" },
105 { NULL, -1, 0, NULL, NULL } /* end the list */
109 static int mod_instantiate(CONF_SECTION *conf, void *instance)
112 rlm_soh_t *inst = instance;
114 name = cf_section_name2(conf);
115 if (!name) name = cf_section_name1(conf);
116 inst->xlat_name = name;
117 if (!inst->xlat_name) return -1;
118 xlat_register(inst->xlat_name, soh_xlat, NULL, inst);
123 static rlm_rcode_t CC_HINT(nonnull) mod_post_auth(void *instance, REQUEST *request)
128 rlm_soh_t *inst = instance;
130 if (!inst->dhcp) return RLM_MODULE_NOOP;
132 vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR, TAG_ANY);
135 * vendor-specific options contain
137 * vendor opt 220/0xdc - SoH payload, or null byte to probe, or string
138 * "NAP" to indicate server-side support for SoH in OFFERs
140 * vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck...
145 data = vp->vp_octets;
146 while (data < vp->vp_octets + vp->vp_length) {
154 RDEBUG("SoH adding NAP marker to DHCP reply");
155 /* client probe; send "NAP" in the reply */
156 vp = paircreate(request->reply, 43, DHCP_MAGIC_VENDOR);
158 vp->vp_octets = p = talloc_array(vp, uint8_t, vp->vp_length);
166 pairadd(&request->reply->vps, vp);
169 RDEBUG("SoH decoding NAP from DHCP request");
171 rcode = soh_verify(request, data, vlen);
173 return RLM_MODULE_FAIL;
184 return RLM_MODULE_OK;
187 return RLM_MODULE_NOOP;
190 static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void * instance, REQUEST *request)
195 /* try to find the MS-SoH payload */
196 vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT, TAG_ANY);
198 RDEBUG("SoH radius VP not found");
199 return RLM_MODULE_NOOP;
202 RDEBUG("SoH radius VP found");
204 rv = soh_verify(request, vp->vp_octets, vp->vp_length);
206 return RLM_MODULE_FAIL;
209 return RLM_MODULE_OK;
212 extern module_t rlm_soh;
216 RLM_TYPE_THREAD_SAFE, /* type */
219 mod_instantiate, /* instantiation */
222 NULL, /* authenticate */
223 mod_authorize, /* authorize */
224 NULL, /* pre-accounting */
225 NULL, /* accounting */
226 NULL, /* checksimul */
227 NULL, /* pre-proxy */
228 NULL, /* post-proxy */
229 mod_post_auth /* post-auth */