Lines Matching defs:sess
284 void srv_log(struct radius_session *sess, const char *fmt, ...)
287 void srv_log(struct radius_session *sess, const char *fmt, ...)
304 RADIUS_DEBUG("[0x%x %s] %s", sess->sess_id, sess->nas_ip, buf);
307 if (sess->server->db) {
314 sess->sess_id, sess->nas_ip,
315 sess->username, buf);
317 if (sqlite3_exec(sess->server->db, sql, NULL, NULL,
320 sqlite3_errmsg(sess->server->db));
373 struct radius_session *sess = client->sessions;
375 while (sess) {
376 if (sess->sess_id == sess_id) {
379 sess = sess->next;
382 return sess;
387 struct radius_session *sess)
389 eloop_cancel_timeout(radius_server_session_timeout, data, sess);
390 eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess);
391 eap_server_sm_deinit(sess->eap);
392 radius_msg_free(sess->last_msg);
393 os_free(sess->last_from_addr);
394 radius_msg_free(sess->last_reply);
395 os_free(sess->username);
396 os_free(sess->nas_ip);
397 os_free(sess);
403 struct radius_session *sess)
405 struct radius_client *client = sess->client;
408 eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess);
413 if (session == sess) {
415 client->sessions = sess->next;
417 prev->next = sess->next;
419 radius_server_session_free(data, sess);
432 struct radius_session *sess = timeout_ctx;
433 RADIUS_DEBUG("Removing completed session 0x%x", sess->sess_id);
434 radius_server_session_remove(data, sess);
441 struct radius_session *sess = timeout_ctx;
443 RADIUS_DEBUG("Timing out authentication session 0x%x", sess->sess_id);
444 radius_server_session_remove(data, sess);
452 struct radius_session *sess;
460 sess = os_zalloc(sizeof(*sess));
461 if (sess == NULL)
464 sess->server = data;
465 sess->client = client;
466 sess->sess_id = data->next_sess_id++;
467 sess->next = client->sessions;
468 client->sessions = sess;
470 radius_server_session_timeout, data, sess);
472 return sess;
477 static void radius_server_testing_options_tls(struct radius_session *sess,
485 srv_log(sess, "TLS test - break VerifyData");
489 srv_log(sess, "TLS test - break ServerKeyExchange ServerParams hash");
493 srv_log(sess, "TLS test - break ServerKeyExchange ServerParams Signature");
497 srv_log(sess, "TLS test - RSA-DHE using a short 511-bit prime");
501 srv_log(sess, "TLS test - RSA-DHE using a short 767-bit prime");
505 srv_log(sess, "TLS test - RSA-DHE using a bogus 15 \"prime\"");
509 srv_log(sess, "TLS test - RSA-DHE using a short 58-bit prime in long container");
513 srv_log(sess, "TLS test - RSA-DHE using a non-prime");
517 srv_log(sess, "Unrecognized TLS test");
523 static void radius_server_testing_options(struct radius_session *sess,
529 pos = os_strstr(sess->username, "@test-");
534 radius_server_testing_options_tls(sess, pos + 4, eap_conf);
536 srv_log(sess, "Unrecognized test: %s", pos);
566 struct radius_session *sess;
604 sess = radius_server_new_session(data, client);
605 if (sess == NULL) {
610 sess->accept_attr = tmp->accept_attr;
611 sess->macacl = tmp->macacl;
614 sess->username = os_malloc(user_len * 4 + 1);
615 if (sess->username == NULL) {
616 radius_server_session_remove(data, sess);
619 printf_encode(sess->username, user_len * 4 + 1, user, user_len);
621 sess->nas_ip = os_strdup(from_addr);
622 if (sess->nas_ip == NULL) {
623 radius_server_session_remove(data, sess);
635 if (hwaddr_aton2(buf, sess->mac_addr) < 0)
636 os_memset(sess->mac_addr, 0, ETH_ALEN);
639 MAC2STR(sess->mac_addr));
642 srv_log(sess, "New session created");
645 radius_server_testing_options(sess, &eap_sess);
646 sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
648 if (sess->eap == NULL) {
651 radius_server_session_remove(data, sess);
654 sess->eap_if = eap_get_interface(sess->eap);
655 sess->eap_if->eapRestart = true;
656 sess->eap_if->portEnabled = true;
658 RADIUS_DEBUG("New session 0x%x initialized", sess->sess_id);
660 return sess;
665 static void radius_srv_hs20_t_c_pending(struct radius_session *sess)
673 if (!sess->server->db || !sess->eap ||
674 is_zero_ether_addr(sess->mac_addr))
677 os_snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sess->mac_addr));
679 id = eap_get_identity(sess->eap, &id_len);
694 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) !=
697 sqlite3_errmsg(sess->server->db));
705 static void radius_server_add_session(struct radius_session *sess)
712 if (!sess->server->db)
717 MAC2STR(sess->mac_addr));
721 addr_txt, sess->username, now.sec,
722 sess->nas_ip, sess->t_c_filtering);
724 if (sqlite3_exec(sess->server->db, sql, NULL, NULL,
727 sqlite3_errmsg(sess->server->db));
735 static void db_update_last_msk(struct radius_session *sess, const char *msk)
745 if (!sess->server->db)
748 serial_num = eap_get_serial_num(sess->eap);
756 id = eap_get_identity(sess->eap, &id_len);
772 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) !=
775 sqlite3_errmsg(sess->server->db));
785 static int radius_server_is_sim_method(struct radius_session *sess)
789 name = eap_get_method(sess->eap);
842 static int radius_server_sim_provisioning_session(struct radius_session *sess,
853 if (!sess->server->db ||
854 (!db_table_exists(sess->server->db, "sim_provisioning") &&
855 db_table_create_sim_provisioning(sess->server->db) < 0))
858 imsi = eap_get_imsi(sess->eap);
862 eap_method = eap_get_method(sess->eap);
867 MAC2STR(sess->mac_addr));
877 if (sqlite3_exec(sess->server->db, sql, NULL, NULL, NULL) !=
880 sqlite3_errmsg(sess->server->db));
897 struct radius_session *sess,
906 if (sess->eap_if->eapFail) {
907 sess->eap_if->eapFail = false;
909 } else if (sess->eap_if->eapSuccess) {
910 sess->eap_if->eapSuccess = false;
913 sess->eap_if->eapReq = false;
928 sess_id = htonl(sess->sess_id);
935 if (sess->eap_if->eapReqData &&
936 !radius_msg_add_eap(msg, wpabuf_head(sess->eap_if->eapReqData),
937 wpabuf_len(sess->eap_if->eapReqData))) {
941 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eap_if->eapKeyData) {
946 len = sess->eap_if->eapKeyDataLen;
950 sess->eap_if->eapKeyData, len);
958 len = sess->eap_if->eapKeyDataLen;
963 sess->eap_if->eapKeyData, len);
970 db_update_last_msk(sess, buf);
972 if (sess->eap_if->eapKeyDataLen > 64) {
975 len = sess->eap_if->eapKeyDataLen / 2;
980 sess->eap_if->eapKeyData + len,
981 len, sess->eap_if->eapKeyData,
986 if (sess->eap_if->eapSessionId &&
988 sess->eap_if->eapSessionId,
989 sess->eap_if->eapSessionIdLen)) {
995 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation &&
1012 } else if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->remediation) {
1021 radius_server_is_sim_method(sess) &&
1035 if (radius_server_sim_provisioning_session(sess, hash) < 0) {
1063 if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->t_c_filtering) {
1102 os_snprintf(pos2, end2 - pos2, MACSTR, MAC2STR(sess->mac_addr));
1115 radius_srv_hs20_t_c_pending(sess);
1127 for (attr = sess->accept_attr; attr; attr = attr->next) {
1154 radius_server_add_session(sess);
1163 struct radius_session *sess,
1183 res = data->get_eap_user(data->conf_ctx, (u8 *) sess->username,
1184 os_strlen(sess->username), 0, &tmp);
1225 for (attr = sess->accept_attr; attr; attr = attr->next) {
1312 static void radius_server_hs20_t_c_check(struct radius_session *sess,
1349 if (sess->t_c_timestamp != WPA_GET_BE32(timestamp)) {
1351 sess->t_c_filtering = 1;
1368 struct radius_session *sess;
1373 sess = force_sess;
1380 sess = radius_server_get_session(client, state);
1382 sess = NULL;
1386 if (sess) {
1387 RADIUS_DEBUG("Request for session 0x%x", sess->sess_id);
1394 sess = radius_server_get_new_session(data, client, msg,
1396 if (sess == NULL) {
1404 if (sess->last_from_port == from_port &&
1405 sess->last_identifier == radius_msg_get_hdr(msg)->identifier &&
1406 os_memcmp(sess->last_authenticator,
1412 if (sess->last_reply) {
1414 buf = radius_msg_get_buf(sess->last_reply);
1431 if (eap == NULL && sess->macacl) {
1432 reply = radius_server_macacl(data, client, sess, msg);
1454 wpabuf_free(sess->eap_if->eapRespData);
1455 sess->eap_if->eapRespData = eap;
1456 sess->eap_if->eapResp = true;
1457 eap_server_sm_step(sess->eap);
1459 if ((sess->eap_if->eapReq || sess->eap_if->eapSuccess ||
1460 sess->eap_if->eapFail) && sess->eap_if->eapReqData) {
1462 wpabuf_head(sess->eap_if->eapReqData),
1463 wpabuf_len(sess->eap_if->eapReqData));
1464 } else if (sess->eap_if->eapFail) {
1467 } else if (eap_sm_method_pending(sess->eap)) {
1468 radius_msg_free(sess->last_msg);
1469 sess->last_msg = msg;
1470 sess->last_from_port = from_port;
1471 os_free(sess->last_from_addr);
1472 sess->last_from_addr = os_strdup(from_addr);
1473 sess->last_fromlen = fromlen;
1474 os_memcpy(&sess->last_from, from, fromlen);
1485 if (sess->eap_if->eapSuccess || sess->eap_if->eapFail)
1487 if (sess->eap_if->eapFail) {
1488 srv_log(sess, "EAP authentication failed");
1489 db_update_last_msk(sess, "FAIL");
1490 } else if (sess->eap_if->eapSuccess) {
1491 srv_log(sess, "EAP authentication succeeded");
1494 if (sess->eap_if->eapSuccess)
1495 radius_server_hs20_t_c_check(sess, msg);
1497 reply = radius_server_encapsulate_eap(data, client, sess, msg);
1511 srv_log(sess, "Sending Access-Accept");
1516 srv_log(sess, "Sending Access-Reject");
1533 radius_msg_free(sess->last_reply);
1534 sess->last_reply = reply;
1535 sess->last_from_port = from_port;
1537 sess->last_identifier = hdr->identifier;
1538 os_memcpy(sess->last_authenticator, hdr->authenticator, 16);
1546 sess->sess_id);
1548 data, sess);
1551 data, sess);
2523 struct radius_session *sess = ctx;
2524 struct radius_server_data *data = sess->server;
2530 sess->accept_attr = user->accept_attr;
2531 sess->remediation = user->remediation;
2532 sess->macacl = user->macacl;
2533 sess->t_c_timestamp = user->t_c_timestamp;
2547 struct radius_session *sess = ctx;
2548 struct radius_server_data *data = sess->server;
2556 struct radius_session *sess = ctx;
2557 srv_log(sess, "EAP: %s", msg);
2565 struct radius_session *sess = ctx;
2566 struct radius_server_data *data = sess->server;
2575 struct radius_session *sess = ctx;
2576 struct radius_server_data *data = sess->server;
2584 struct radius_session *sess = ctx;
2585 struct radius_server_data *data = sess->server;
2619 struct radius_session *s, *sess = NULL;
2628 sess = s;
2632 if (sess)
2636 if (sess == NULL) {
2641 msg = sess->last_msg;
2642 sess->last_msg = NULL;
2643 eap_sm_pending_cb(sess->eap);
2645 (struct sockaddr *) &sess->last_from,
2646 sess->last_fromlen, cli,
2647 sess->last_from_addr,
2648 sess->last_from_port, sess) == -2)