src/modules/rlm_soh/rlm_soh.c

   1 /*
   2  * rlm_soh.c
   3  *
   4  * Version:     $Id$
   5  *
   6  *   This program is free software; you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation; either version 2 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   This program is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with this program; if not, write to the Free Software
  18  *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  * Copyright 2010 Phil Mayers <p.mayers@imperial.ac.uk>
  21  */
  22
  23 #include        <freeradius-devel/ident.h>
  24 RCSID("$Id$")
  25
  26 #include        <freeradius-devel/radiusd.h>
  27 #include        <freeradius-devel/modules.h>
  28 #include        <freeradius-devel/dhcp.h>
  29 #include        <freeradius-devel/soh.h>
  30
  31
  32 typedef struct rlm_soh_t {
  33         const char *xlat_name;
  34         int dhcp;
  35 } rlm_soh_t;
  36
  37
  38 /*
  39  * Not sure how to make this useful yet...
  40  */
  41 static size_t soh_xlat(UNUSED void *instance, REQUEST *request, char *fmt, char *out, size_t outlen, UNUSED RADIUS_ESCAPE_STRING func) {
  42
  43         VALUE_PAIR* vp[6];
  44         const char *osname;
  45
  46         /* there will be no point unless SoH-Supported = yes
  47          *
  48          * FIXME: should have a #define for the attribute...
  49          * SoH-Supported == 2119 in dictionary.freeradius.internal
  50          */
  51         vp[0] = pairfind(request->packet->vps, 2119, 0);
  52         if (!vp[0])
  53                 return 0;
  54
  55
  56         if (strncasecmp(fmt, "OS", 2) == 0) {
  57                 /* OS vendor */
  58                 vp[0] = pairfind(request->packet->vps, 2100, 0);
  59                 vp[1] = pairfind(request->packet->vps, 2101, 0);
  60                 vp[2] = pairfind(request->packet->vps, 2102, 0);
  61                 vp[3] = pairfind(request->packet->vps, 2103, 0);
  62                 vp[4] = pairfind(request->packet->vps, 2104, 0);
  63                 vp[5] = pairfind(request->packet->vps, 2105, 0);
  64
  65                 if (vp[0] && vp[0]->vp_integer == 311) {
  66                         if (!vp[1]) {
  67                                 snprintf(out, outlen, "Windows unknown");
  68                         } else {
  69                                 switch (vp[1]->vp_integer) {
  70                                         case 7:
  71                                                 osname = "7";
  72                                                 break;
  73                                         case 6:
  74                                                 osname = "Vista";
  75                                                 break;
  76                                         case 5:
  77                                                 osname = "XP";
  78                                                 break;
  79                                         default:
  80                                                 osname = "Other";
  81                                                 break;
  82                                 }
  83                                 snprintf(out, outlen, "Windows %s %d.%d.%d sp %d.%d", osname, vp[1]->vp_integer,
  84                                                 vp[2] ? vp[2]->vp_integer : 0,
  85                                                 vp[3] ? vp[3]->vp_integer : 0,
  86                                                 vp[4] ? vp[4]->vp_integer : 0,
  87                                                 vp[5] ? vp[5]->vp_integer : 0
  88                                         );
  89                         }
  90                         return strlen(out);
  91                 }
  92         }
  93
  94         return 0;
  95 }
  96
  97
  98 static const CONF_PARSER module_config[] = {
  99         /*
 100          * Do SoH over DHCP?
 101          */
 102         { "dhcp",    PW_TYPE_BOOLEAN, offsetof(rlm_soh_t,dhcp), NULL, "no" },
 103
 104         { NULL, -1, 0, NULL, NULL }             /* end the list */
 105 };
 106
 107 static int soh_detach(void *instance) {
 108         rlm_soh_t       *inst = instance;
 109
 110         if (inst->xlat_name) {
 111                 xlat_unregister(inst->xlat_name, soh_xlat);
 112                 free(inst->xlat_name);
 113         }
 114         free(instance);
 115         return 0;
 116 }
 117
 118 static int soh_instantiate(CONF_SECTION *conf, void **instance) {
 119         rlm_soh_t *inst;
 120
 121         inst = *instance = rad_malloc(sizeof(*inst));
 122         if (!inst) {
 123                 return -1;
 124         }
 125         memset(inst, 0, sizeof(*inst));
 126
 127         if (cf_section_parse(conf, inst, module_config) < 0) {
 128                 free(inst);
 129                 return -1;
 130         }
 131
 132         inst->xlat_name = cf_section_name2(conf);
 133         if (!inst->xlat_name) inst->xlat_name = cf_section_name1(conf);
 134         inst->xlat_name = strdup(inst->xlat_name);
 135         xlat_register(inst->xlat_name, soh_xlat, inst);
 136
 137         return 0;
 138 }
 139
 140 static int soh_postauth(UNUSED void * instance, REQUEST *request)
 141 {
 142 #ifdef WITH_DHCP
 143         int rcode;
 144         VALUE_PAIR *vp;
 145
 146         vp = pairfind(request->packet->vps, DHCP2ATTR(43));
 147         if (vp) {
 148                 /*
 149                  * vendor-specific options contain
 150                  *
 151                  * vendor opt 220/0xdc - SoH payload, or null byte to probe, or string
 152                  * "NAP" to indicate server-side support for SoH in OFFERs
 153                  *
 154                  * vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck...
 155                  */
 156                 uint8_t vopt, vlen, *data;
 157
 158                 data = vp->vp_octets;
 159                 while (data < vp->vp_octets + vp->length) {
 160                         vopt = *data++;
 161                         vlen = *data++;
 162                         switch (vopt) {
 163                                 case 220:
 164                                         if (vlen <= 1) {
 165                                                 RDEBUG("SoH adding NAP marker to DHCP reply");
 166                                                 /* client probe; send "NAP" in the reply */
 167                                                 vp = paircreate(DHCP2ATTR(43), PW_TYPE_OCTETS);
 168                                                 vp->vp_octets[0] = 220;
 169                                                 vp->vp_octets[1] = 3;
 170                                                 vp->vp_octets[4] = 'N';
 171                                                 vp->vp_octets[3] = 'A';
 172                                                 vp->vp_octets[2] = 'P';
 173                                                 vp->length = 5;
 174
 175                                                 pairadd(&request->reply->vps, vp);
 176
 177                                         } else {
 178                                                 RDEBUG("SoH decoding NAP from DHCP request");
 179                                                 /* SoH payload */
 180                                                 rcode = soh_verify(request, request->packet->vps, data, vlen);
 181                                                 if (rcode < 0) {
 182                                                         return RLM_MODULE_FAIL;
 183                                                 }
 184                                         }
 185                                         break;
 186                                 default:
 187                                         /* nothing to do */
 188                                         break;
 189                         }
 190                         data += vlen;
 191                 }
 192                 return RLM_MODULE_OK;
 193         }
 194 #endif
 195         return RLM_MODULE_NOOP;
 196 }
 197
 198 static int soh_authorize(UNUSED void * instance, REQUEST *request)
 199 {
 200         VALUE_PAIR *vp;
 201         int rv;
 202
 203         /* try to find the MS-SoH payload */
 204         vp = pairfind(request->packet->vps, (311 | 16) | 55);
 205         if (!vp) {
 206                 RDEBUG("SoH radius VP not found");
 207                 return RLM_MODULE_NOOP;
 208         }
 209
 210         RDEBUG("SoH radius VP found");
 211         /* decode it */
 212         rv = soh_verify(request, request->packet->vps, vp->vp_octets, vp->length);
 213         if (rv < 0) {
 214                 return RLM_MODULE_FAIL;
 215         }
 216
 217         return RLM_MODULE_OK;
 218 }
 219
 220 module_t rlm_soh = {
 221         RLM_MODULE_INIT,
 222         "SoH",
 223         RLM_TYPE_THREAD_SAFE,           /* type */
 224         soh_instantiate,                /* instantiation */
 225         soh_detach,             /* detach */
 226         {
 227                 NULL,                   /* authenticate */
 228                 soh_authorize,          /* authorize */
 229                 NULL,                   /* pre-accounting */
 230                 NULL,                   /* accounting */
 231                 NULL,                   /* checksimul */
 232                 NULL,                   /* pre-proxy */
 233                 NULL,                   /* post-proxy */
 234                 soh_postauth            /* post-auth */
 235         },
 236 };