Kea 3.1.1
radius_callout.cc
Go to the documentation of this file.
1// Copyright (C) 2020-2025 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7// Functions accessed by the hooks framework use C linkage to avoid the name
8// mangling that accompanies use of the C++ compiler as well as to avoid
9// issues related to namespaces.
10
11#include <config.h>
12
13#include <asiolink/io_service_mgr.h>
14#include <cc/command_interpreter.h>
15#include <cc/simple_parser.h>
16#include <hooks/hooks.h>
17#include <dhcp/pkt4.h>
18#include <dhcp/pkt6.h>
19#include <dhcpsrv/lease.h>
20#include <dhcpsrv/subnet.h>
21#include <radius.h>
22#include <dhcpsrv/cfgmgr.h>
23#include <dhcpsrv/host_mgr.h>
24#include <process/daemon.h>
25#include <radius_log.h>
26#include <radius_parsers.h>
27#include <radius_access.h>
28#include <radius_accounting.h>
29#include <util/multi_threading_mgr.h>
30
31#include <string>
32#include <sstream>
33#include <vector>
34
35using namespace isc;
36using namespace isc::asiolink;
37using namespace isc::config;
38using namespace isc::data;
39using namespace isc::dhcp;
40using namespace isc::hooks;
41using namespace isc::process;
42using namespace isc::radius;
43using namespace isc::util;
44using namespace std;
45
46namespace {
47
52ElementPtr getConfig(LibraryHandle& handle) {
53 const vector<string> names = handle.getParameterNames();
54 const set<string> keywords = RadiusConfigParser::RADIUS_KEYWORDS;
55 ElementPtr config = Element::createMap();
56
57 for (auto const& name : names) {
58 if (keywords.count(name) == 0) {
59 isc_throw(BadValue, "unknown parameter: " << name);
60 }
61 ConstElementPtr value = handle.getParameter(name);
62 if (value) {
63 config->set(name, value);
64 }
65 }
66 return (config);
67}
68
75RadiusAuthHandlerPtr subnet4Select(CalloutHandle& handle,
76 ConstSubnet4Ptr subnet, Pkt4Ptr query) {
77 RadiusImpl& impl = RadiusImpl::instance();
78 MultiThreadingLock lock(impl.auth_->requests4_.mutex_);
79
80 RadiusAuthHandlerPtr handler;
81 uint32_t subnet_id = subnet->getID();
82 uint32_t host_subnet_id =
83 (subnet->getReservationsGlobal() ? SUBNET_ID_GLOBAL : subnet_id);
84 vector<uint8_t> id;
85 string text;
86 if (!impl.auth_->getIdentifier(*query, id, text)) {
87 // What to do?
88 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
89 return (handler);
90 }
91
92 // Ask host cache.
93 ConstHostPtr host = HostMgr::instance().get4Any(host_subnet_id,
94 impl.id_type4_,
95 &id[0], id.size());
96 // Check cached subnet reselect.
97 if (host && host->getContext() &&
98 (host->getContext()->getType() == Element::map) &&
99 host->getContext()->contains("subnet-id")) {
100 try {
101 ConstElementPtr reselected = host->getContext()->get("subnet-id");
102 subnet_id = static_cast<uint32_t>(reselected->intValue());
103 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
104 RADIUS_ACCESS_SUBNET_RESELECT)
105 .arg(subnet->getID())
106 .arg(subnet_id);
107 // Reselect to null.
108 if (subnet_id == SUBNET_ID_UNUSED) {
109 ConstSubnet4Ptr null_subnet;
110 handle.setArgument("subnet4", null_subnet);
111 return (handler);
112 }
113 // Reselect to an other subnet.
114 uint32_t new_host_subnet_id = host_subnet_id;
115 if (subnet_id != subnet->getID()) {
116 ConstSubnet4Ptr new_subnet =
117 CfgMgr::instance().getCurrentCfg()->
118 getCfgSubnets4()->getSubnet(subnet_id);
119 if (!new_subnet) {
120 isc_throw(BadValue,
121 "can't find subnet with id: " << subnet_id);
122 }
123 new_host_subnet_id =
124 (new_subnet->getReservationsGlobal() ?
125 SUBNET_ID_GLOBAL : subnet_id);
126 handle.setArgument("subnet4", new_subnet);
127 }
128 // Get again host cache.
129 if (new_host_subnet_id != host_subnet_id) {
130 host = HostMgr::instance().get4Any(new_host_subnet_id,
131 impl.id_type4_,
132 &id[0], id.size());
133 }
134 } catch (const std::exception&) {
135 // Delete bad entry from cache.
136 HostPtr bad(new Host(*host));
137 static_cast<void>(impl.cache_->remove(bad));
138 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
139 return (handler);
140 }
141 }
142
143 // Check cached RADIUS response.
144 if (host && host->getContext() &&
145 (host->getContext()->getType() == Element::map)) {
146 // Yeah! We don't need to ask the Radius server.
147 Attributes attrs =
148 Attributes::fromElement(host->getContext()->get("radius"));
149 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CACHE_GET)
150 .arg(host->toText())
151 .arg(attrs.toText());
152 // 3 cases:
153 // - ip address (is in the host).
154 // - framed pool (put in the query).
155 // - class (todo).
156 if (!host->getIPv4Reservation().isV4Zero()) {
157 // Done!
158 return (handler);
159 }
160 ConstAttributePtr framed_pool = attrs.get(PW_FRAMED_POOL);
161 if (framed_pool && (framed_pool->getValueType() == PW_TYPE_STRING)) {
162 query->addClass(framed_pool->toString());
163 // Done!
164 return (handler);
165 }
166 // todo: class.
167 ConstAttributePtr class_ = attrs.get(PW_CLASS);
168 if (class_ && (class_->getValueType() == PW_TYPE_STRING)) {
169 // todo
170 return (handler);
171 }
172 return (handler);
173 }
174
175 // Get the pending request.
176 RadiusAuthPendingRequestPtr<Pkt4Ptr> pending_request =
177 impl.auth_->requests4_.get(id);
178
179 // Conflict?
180 if (pending_request) {
181 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CONFLICT)
182 .arg(query->getLabel())
183 .arg(text);
184 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
185 return (handler);
186 }
187
188 // Too many pending requests.
189 size_t max_requests = impl.auth_->max_pending_requests_;
190 if ((max_requests > 0) && (impl.auth_->requests4_.size() >= max_requests)) {
191 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
192 RADIUS_ACCESS_MAX_PENDING_REQUESTS)
193 .arg(query->getLabel())
194 .arg(text);
195 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
196 return (handler);
197 }
198
199 // Ask the Radius server.
200 handler = impl.auth_->buildAuth(*query, subnet_id, id, text);
201 if (!handler) {
202 // Error was logged.
203 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
204 return (handler);
205 }
206
207 // Create a new pending access request.
208 impl.auth_->requests4_.set(id, query);
209
210 return (handler);
211}
212
219RadiusAuthHandlerPtr subnet6Select(CalloutHandle& handle,
220 ConstSubnet6Ptr subnet, Pkt6Ptr query) {
221 RadiusImpl& impl = RadiusImpl::instance();
222 MultiThreadingLock lock(impl.auth_->requests6_.mutex_);
223
224 RadiusAuthHandlerPtr handler;
225 uint32_t subnet_id = subnet->getID();
226 uint32_t host_subnet_id =
227 (subnet->getReservationsGlobal() ? SUBNET_ID_GLOBAL : subnet_id);
228 vector<uint8_t> id;
229 string text;
230 if (!impl.auth_->getIdentifier(*query, id, text)) {
231 // What to do?
232 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
233 return (handler);
234 }
235
236 // Ask host cache.
237 ConstHostPtr host = HostMgr::instance().get6Any(host_subnet_id,
238 impl.id_type6_,
239 &id[0], id.size());
240 // Check cached subnet reselect.
241 if (host && host->getContext() &&
242 (host->getContext()->getType() == Element::map) &&
243 host->getContext()->contains("subnet-id")) {
244 try {
245 ConstElementPtr reselected = host->getContext()->get("subnet-id");
246 subnet_id = static_cast<uint32_t>(reselected->intValue());
247 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
248 RADIUS_ACCESS_SUBNET_RESELECT)
249 .arg(subnet->getID())
250 .arg(subnet_id);
251 // Reselect to null.
252 if (subnet_id == SUBNET_ID_UNUSED) {
253 ConstSubnet6Ptr null_subnet;
254 handle.setArgument("subnet6", null_subnet);
255 return (handler);
256 }
257 // Reselect to an other subnet.
258 uint32_t new_host_subnet_id = host_subnet_id;
259 if (subnet_id != subnet->getID()) {
260 ConstSubnet6Ptr new_subnet =
261 CfgMgr::instance().getCurrentCfg()->
262 getCfgSubnets6()->getSubnet(subnet_id);
263 if (!new_subnet) {
264 isc_throw(BadValue,
265 "can't find subnet with id: " << subnet_id);
266 }
267 new_host_subnet_id =
268 (new_subnet->getReservationsGlobal() ?
269 SUBNET_ID_GLOBAL : subnet_id);
270 handle.setArgument("subnet6", new_subnet);
271 }
272 // Get again host cache.
273 if (new_host_subnet_id != host_subnet_id) {
274 host = HostMgr::instance().get6Any(new_host_subnet_id,
275 impl.id_type6_,
276 &id[0], id.size());
277 }
278 } catch (const std::exception&) {
279 // Delete bad entry from cache.
280 HostPtr bad(new Host(*host));
281 static_cast<void>(impl.cache_->remove(bad));
282 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
283 return (handler);
284 }
285 }
286
287 // Check cached RADIUS response.
288 if (host && host->getContext() &&
289 (host->getContext()->getType() == Element::map)) {
290 // Yeah! We don't need to ask the Radius server.
291 Attributes attrs =
292 Attributes::fromElement(host->getContext()->get("radius"));
293 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CACHE_GET)
294 .arg(host->toText())
295 .arg(attrs.toText());
296 // 4 cases:
297 // - ip address (is in the host).
298 // - delegated prefix (is in the host).
299 // - framed pool (put in the query).
300 // - class (todo).
301 if (host->hasIPv6Reservation()) {
302 // Done!
303 return (handler);
304 }
305 ConstAttributePtr framed_pool = attrs.get(PW_FRAMED_POOL);
306 if (framed_pool && (framed_pool->getValueType() == PW_TYPE_STRING)) {
307 query->addClass(framed_pool->toString());
308 // Done!
309 return (handler);
310 }
311 // todo: class.
312 ConstAttributePtr class_ = attrs.get(PW_CLASS);
313 if (class_ && (class_->getValueType() == PW_TYPE_STRING)) {
314 // todo
315 return (handler);
316 }
317 return (handler);
318 }
319
320 // Get the pending request.
321 RadiusAuthPendingRequestPtr<Pkt6Ptr> pending_request =
322 impl.auth_->requests6_.get(id);
323
324 // Conflict?
325 if (pending_request) {
326 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CONFLICT)
327 .arg(query->getLabel())
328 .arg(text);
329 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
330 return (handler);
331 }
332
333 // Too many pending requests.
334 size_t max_requests = impl.auth_->max_pending_requests_;
335 if ((max_requests > 0) && (impl.auth_->requests6_.size() >= max_requests)) {
336 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
337 RADIUS_ACCESS_MAX_PENDING_REQUESTS)
338 .arg(query->getLabel())
339 .arg(text);
340 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
341 return (handler);
342 }
343
344 // Ask the Radius server.
345 handler = impl.auth_->buildAuth(*query, subnet_id, id, text);
346 if (!handler) {
347 // Error was logged.
348 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
349 return (handler);
350 }
351
352 // Create a new pending access request.
353 impl.auth_->requests6_.set(id, query);
354
355 return (handler);
356}
357
358} // end of anonymous namespace
359
360extern "C" {
361
366int load(LibraryHandle& handle) {
367
368 try {
369 // Make the hook library not loadable by d2 or ca.
370 uint16_t family = CfgMgr::instance().getFamily();
371 const std::string& proc_name = Daemon::getProcName();
372 if (family == AF_INET) {
373 if (proc_name != "kea-dhcp4") {
374 isc_throw(isc::Unexpected, "Bad process name: " << proc_name
375 << ", expected kea-dhcp4");
376 }
377 } else {
378 if (proc_name != "kea-dhcp6") {
379 isc_throw(isc::Unexpected, "Bad process name: " << proc_name
380 << ", expected kea-dhcp6");
381 }
382 }
383
384 // Get and decode configuration.
385 ElementPtr config = getConfig(handle);
386 RadiusImpl& impl = RadiusImpl::instance();
387 impl.init(config);
388 } catch (const std::exception& ex) {
389 LOG_ERROR(radius_logger, RADIUS_CONFIGURATION_FAILED)
390 .arg(ex.what());
391 return (CONTROL_RESULT_ERROR);
392 }
393
394 LOG_INFO(radius_logger, RADIUS_INIT_OK);
395 return (CONTROL_RESULT_SUCCESS);
396}
397
407
411int multi_threading_compatible() {
412 return (1);
413}
414
426
438
447int subnet4_select(CalloutHandle& handle) {
448 CalloutHandle::CalloutNextStep status = handle.getStatus();
449 if (status == CalloutHandle::NEXT_STEP_DROP ||
450 status == CalloutHandle::NEXT_STEP_SKIP) {
451 return (0);
452 }
453
454 InHook in_hook;
455 RadiusImpl& impl = RadiusImpl::instance();
456 if (!impl.auth_ || !impl.checkHostBackends()) {
457 return (CONTROL_RESULT_SUCCESS);
458 }
459 Pkt4Ptr query;
460 handle.getArgument("query4", query);
461 ConstSubnet4Ptr subnet;
462 handle.getArgument("subnet4", subnet);
463 if (!query || !subnet || (subnet->getID() == 0)) {
464 return (CONTROL_RESULT_SUCCESS);
465 }
466 ParkingLotHandlePtr parking_lot = handle.getParkingLotHandlePtr();
467 parking_lot->reference(query);
468 try {
469 RadiusAuthHandlerPtr handler = subnet4Select(handle, subnet, query);
470 if (!handler) {
471 parking_lot->dereference(query);
472 return (CONTROL_RESULT_SUCCESS);
473 }
474 handler->start();
475 handle.setStatus(CalloutHandle::NEXT_STEP_PARK);
476 } catch (...) {
477 parking_lot->dereference(query);
478 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
479 }
480
481 return (CONTROL_RESULT_SUCCESS);
482}
483
492int subnet6_select(CalloutHandle& handle) {
493 CalloutHandle::CalloutNextStep status = handle.getStatus();
494 if (status == CalloutHandle::NEXT_STEP_DROP ||
495 status == CalloutHandle::NEXT_STEP_SKIP) {
496 return (CONTROL_RESULT_SUCCESS);
497 }
498
499 InHook in_hook;
500 RadiusImpl& impl = RadiusImpl::instance();
501 if (!impl.auth_ || !impl.checkHostBackends()) {
502 return (CONTROL_RESULT_SUCCESS);
503 }
504 Pkt6Ptr query;
505 handle.getArgument("query6", query);
506 ConstSubnet6Ptr subnet;
507 handle.getArgument("subnet6", subnet);
508 if (!query || !subnet || (subnet->getID() == 0)) {
509 return (CONTROL_RESULT_SUCCESS);
510 }
511 ParkingLotHandlePtr parking_lot = handle.getParkingLotHandlePtr();
512 parking_lot->reference(query);
513 try {
514 RadiusAuthHandlerPtr handler = subnet6Select(handle, subnet, query);
515 if (!handler) {
516 parking_lot->dereference(query);
517 return (CONTROL_RESULT_SUCCESS);
518 }
519 handler->start();
520 handle.setStatus(CalloutHandle::NEXT_STEP_PARK);
521 } catch (...) {
522 parking_lot->dereference(query);
523 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
524 }
525
526 return (CONTROL_RESULT_SUCCESS);
527}
528
536int lease4_select(CalloutHandle& handle) {
537 CalloutHandle::CalloutNextStep status = handle.getStatus();
538 if (status == CalloutHandle::NEXT_STEP_DROP ||
539 status == CalloutHandle::NEXT_STEP_SKIP) {
540 return (0);
541 }
542
543 InHook in_hook;
544 RadiusImpl& impl = RadiusImpl::instance();
545 if (!impl.acct_ || !impl.getIOContext()) {
546 return (CONTROL_RESULT_SUCCESS);
547 }
548
549 bool fake_allocation = false;
550 handle.getArgument("fake_allocation", fake_allocation);
551 if (fake_allocation) {
552 // If this is a discover, there's nothing to do
553 return (CONTROL_RESULT_SUCCESS);
554 }
555
556 Lease4Ptr lease;
557 handle.getArgument("lease4", lease);
558 try {
559 // Start the Accounting-Request transmission.
560 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_CREATE);
561 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
562 } catch (const std::exception& ex) {
563 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
564 .arg("lease4_select")
565 .arg(ex.what());
566 }
567 return (CONTROL_RESULT_SUCCESS);
568}
569
577int lease4_renew(CalloutHandle& handle) {
578 CalloutHandle::CalloutNextStep status = handle.getStatus();
579 if (status == CalloutHandle::NEXT_STEP_DROP ||
580 status == CalloutHandle::NEXT_STEP_SKIP) {
581 return (0);
582 }
583
584 InHook in_hook;
585 RadiusImpl& impl = RadiusImpl::instance();
586 if (!impl.acct_ || !impl.getIOContext()) {
587 return (CONTROL_RESULT_SUCCESS);
588 }
589 Lease4Ptr lease;
590 handle.getArgument("lease4", lease);
591 try {
592 // Start the Accounting-Request transmission.
593 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RENEW);
594 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
595 } catch (const std::exception& ex) {
596 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
597 .arg("lease4_renew")
598 .arg(ex.what());
599 }
600 return (CONTROL_RESULT_SUCCESS);
601}
602
610int lease4_release(CalloutHandle& handle) {
611 CalloutHandle::CalloutNextStep status = handle.getStatus();
612 if (status == CalloutHandle::NEXT_STEP_DROP ||
613 status == CalloutHandle::NEXT_STEP_SKIP) {
614 return (0);
615 }
616
617 InHook in_hook;
618 RadiusImpl& impl = RadiusImpl::instance();
619 if (!impl.acct_ || !impl.getIOContext()) {
620 return (CONTROL_RESULT_SUCCESS);
621 }
622 Lease4Ptr lease;
623 handle.getArgument("lease4", lease);
624 try {
625 // Start the Accounting-Request transmission.
626 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RELEASE);
627 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
628 } catch (const std::exception& ex) {
629 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
630 .arg("lease4_release")
631 .arg(ex.what());
632 }
633 return (CONTROL_RESULT_SUCCESS);
634}
635
643int lease4_decline(CalloutHandle& handle) {
644 CalloutHandle::CalloutNextStep status = handle.getStatus();
645 if (status == CalloutHandle::NEXT_STEP_DROP ||
646 status == CalloutHandle::NEXT_STEP_SKIP) {
647 return (0);
648 }
649
650 InHook in_hook;
651 RadiusImpl& impl = RadiusImpl::instance();
652 if (!impl.acct_ || !impl.getIOContext()) {
653 return (CONTROL_RESULT_SUCCESS);
654 }
655 Lease4Ptr lease;
656 handle.getArgument("lease4", lease);
657 try {
658 // Start the Accounting-Request transmission.
659 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_DECLINE);
660 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
661 } catch (const std::exception& ex) {
662 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
663 .arg("lease4_decline")
664 .arg(ex.what());
665 }
666 return (CONTROL_RESULT_SUCCESS);
667}
668
673int lease4_expire(CalloutHandle& handle) {
674 CalloutHandle::CalloutNextStep status = handle.getStatus();
675 if (status == CalloutHandle::NEXT_STEP_DROP ||
676 status == CalloutHandle::NEXT_STEP_SKIP) {
677 return (0);
678 }
679
680 InHook in_hook;
681 RadiusImpl& impl = RadiusImpl::instance();
682 if (!impl.acct_ || !impl.getIOContext()) {
683 return (CONTROL_RESULT_SUCCESS);
684 }
685 Lease4Ptr lease;
686 handle.getArgument("lease4", lease);
687 try {
688 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_EXPIRE);
689 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
690 } catch (const std::exception& ex) {
691 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
692 .arg("lease4_expire")
693 .arg(ex.what());
694 }
695 return (CONTROL_RESULT_SUCCESS);
696}
697
702int lease6_select(CalloutHandle& handle) {
703 CalloutHandle::CalloutNextStep status = handle.getStatus();
704 if (status == CalloutHandle::NEXT_STEP_DROP ||
705 status == CalloutHandle::NEXT_STEP_SKIP) {
706 return (0);
707 }
708
709 InHook in_hook;
710 RadiusImpl& impl = RadiusImpl::instance();
711 if (!impl.acct_ || !impl.getIOContext()) {
712 return (CONTROL_RESULT_SUCCESS);
713 }
714 bool fake_allocation;
715 handle.getArgument("fake_allocation", fake_allocation);
716 if (fake_allocation) {
717 return (CONTROL_RESULT_SUCCESS);
718 }
719 Lease6Ptr lease;
720 handle.getArgument("lease6", lease);
721 try {
722 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_CREATE);
723 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
724 } catch (const std::exception& ex) {
725 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
726 .arg("lease6_select")
727 .arg(ex.what());
728 }
729 return (CONTROL_RESULT_SUCCESS);
730}
731
736int lease6_renew(CalloutHandle& handle) {
737 CalloutHandle::CalloutNextStep status = handle.getStatus();
738 if (status == CalloutHandle::NEXT_STEP_DROP ||
739 status == CalloutHandle::NEXT_STEP_SKIP) {
740 return (0);
741 }
742
743 InHook in_hook;
744 RadiusImpl& impl = RadiusImpl::instance();
745 if (!impl.acct_ || !impl.getIOContext()) {
746 return (CONTROL_RESULT_SUCCESS);
747 }
748 Lease6Ptr lease;
749 handle.getArgument("lease6", lease);
750 try {
751 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RENEW);
752 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
753 } catch (const std::exception& ex) {
754 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
755 .arg("lease6_renew")
756 .arg(ex.what());
757 }
758 return (CONTROL_RESULT_SUCCESS);
759}
760
765int lease6_rebind(CalloutHandle& handle) {
766 CalloutHandle::CalloutNextStep status = handle.getStatus();
767 if (status == CalloutHandle::NEXT_STEP_DROP ||
768 status == CalloutHandle::NEXT_STEP_SKIP) {
769 return (0);
770 }
771
772 InHook in_hook;
773 RadiusImpl& impl = RadiusImpl::instance();
774 if (!impl.acct_ || !impl.getIOContext()) {
775 return (CONTROL_RESULT_SUCCESS);
776 }
777 Lease6Ptr lease;
778 handle.getArgument("lease6", lease);
779 try {
780 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_REBIND);
781 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
782 } catch (const std::exception& ex) {
783 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
784 .arg("lease6_rebind")
785 .arg(ex.what());
786 }
787 return (CONTROL_RESULT_SUCCESS);
788}
789
794int lease6_release(CalloutHandle& handle) {
795 CalloutHandle::CalloutNextStep status = handle.getStatus();
796 if (status == CalloutHandle::NEXT_STEP_DROP ||
797 status == CalloutHandle::NEXT_STEP_SKIP) {
798 return (0);
799 }
800
801 InHook in_hook;
802 RadiusImpl& impl = RadiusImpl::instance();
803 if (!impl.acct_ || !impl.getIOContext()) {
804 return (CONTROL_RESULT_SUCCESS);
805 }
806 Lease6Ptr lease;
807 handle.getArgument("lease6", lease);
808 try {
809 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RELEASE);
810 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
811 } catch (const std::exception& ex) {
812 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
813 .arg("lease6_release")
814 .arg(ex.what());
815 }
816 return (CONTROL_RESULT_SUCCESS);
817}
818
823int lease6_decline(CalloutHandle& handle) {
824 CalloutHandle::CalloutNextStep status = handle.getStatus();
825 if (status == CalloutHandle::NEXT_STEP_DROP ||
826 status == CalloutHandle::NEXT_STEP_SKIP) {
827 return (0);
828 }
829
830 InHook in_hook;
831 RadiusImpl& impl = RadiusImpl::instance();
832 if (!impl.acct_ || !impl.getIOContext()) {
833 return (CONTROL_RESULT_SUCCESS);
834 }
835 Lease6Ptr lease;
836 handle.getArgument("lease6", lease);
837 try {
838 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_DECLINE);
839 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
840 } catch (const std::exception& ex) {
841 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
842 .arg("lease6_decline")
843 .arg(ex.what());
844 }
845 return (CONTROL_RESULT_SUCCESS);
846}
847
852int lease6_expire(CalloutHandle& handle) {
853 CalloutHandle::CalloutNextStep status = handle.getStatus();
854 if (status == CalloutHandle::NEXT_STEP_DROP ||
855 status == CalloutHandle::NEXT_STEP_SKIP) {
856 return (0);
857 }
858
859 InHook in_hook;
860 RadiusImpl& impl = RadiusImpl::instance();
861 if (!impl.acct_ || !impl.getIOContext()) {
862 return (CONTROL_RESULT_SUCCESS);
863 }
864 Lease6Ptr lease;
865 handle.getArgument("lease6", lease);
866 try {
867 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_EXPIRE);
868 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
869 } catch (const std::exception& ex) {
870 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
871 .arg("lease6_expire")
872 .arg(ex.what());
873 }
874 return (CONTROL_RESULT_SUCCESS);
875}
876
884int command_processed(CalloutHandle& handle) {
885 InHook in_hook;
886 RadiusImpl& impl = RadiusImpl::instance();
887 if (!impl.acct_ || !impl.getIOContext()) {
888 return (CONTROL_RESULT_SUCCESS);
889 }
890 string name;
891 ConstElementPtr arguments;
892 ConstElementPtr response;
893 try {
894 handle.getArgument("name", name);
895 handle.getArgument("arguments", arguments);
896 handle.getArgument("response", response);
897 if (!arguments || !response) {
898 // "arguments" and "response" are required for all further actions.
899 // Stop here if they are not set.
900 return (CONTROL_RESULT_SUCCESS);
901 }
902
903 int result = SimpleParser::getInteger(response, "result");
904 if (result != 0) {
905 // Command has failed.
906 return (CONTROL_RESULT_SUCCESS);
907 }
908
909 // Handle peer updates?
910 const ConstElementPtr origin(arguments->get("origin"));
911 if (origin) {
912 // "origin" has a dynamic type. There are commands like ha-sync-complete-notify that set
913 // it to an integer. For simplicity, treat those cases like it is not coming from an HA
914 // partner for now and it will get filtered out by name further down below. We only care
915 // about lease updates.
916 const bool is_from_ha_partner(origin->getType() == Element::string &&
917 origin->stringValue() == "ha-partner");
918 if (!impl.acct_->peer_updates_ && is_from_ha_partner) {
919 return (CONTROL_RESULT_SUCCESS);
920 }
921 }
922
923 RadiusAcctHandlerPtr handler;
924 if (name == "lease4-add") {
925 handler = impl.acct_->buildAcct4(arguments, EVENT_ADD);
926 } else if (name == "lease4-update") {
927 handler = impl.acct_->buildAcct4(arguments, EVENT_UPDATE);
928 } else if (name== "lease4-del") {
929 handler = impl.acct_->buildAcct4(arguments, EVENT_DEL);
930 } else if (name == "lease6-add") {
931 handler = impl.acct_->buildAcct6(arguments, EVENT_ADD);
932 } else if (name == "lease6-update") {
933 handler = impl.acct_->buildAcct6(arguments, EVENT_UPDATE);
934 } else if (name== "lease6-del") {
935 handler = impl.acct_->buildAcct6(arguments, EVENT_DEL);
936 }
937 if (handler) {
938 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync,
939 handler));
940 }
941 } catch (const std::exception& ex) {
942 ostringstream ss;
943 ss << "command_processed: " << name;
944 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
945 .arg(ss.str())
946 .arg(ex.what());
947 }
948 return (CONTROL_RESULT_SUCCESS);
949}
950
951} // end extern "C"
CalloutHandle::CalloutNextStep
CalloutNextStep
Specifies allowed next steps.
Definition callout_handle.h:86
CalloutHandle::NEXT_STEP_PARK
@ NEXT_STEP_PARK
park the packet
Definition callout_handle.h:90
CalloutHandle::NEXT_STEP_DROP
@ NEXT_STEP_DROP
drop the packet
Definition callout_handle.h:89
CalloutHandle::NEXT_STEP_SKIP
@ NEXT_STEP_SKIP
skip the next processing step
Definition callout_handle.h:88
Element::map
@ map
Definition data.h:147
Element::string
@ string
Definition data.h:144
Element::createMap
static ElementPtr createMap(const Position &pos=ZERO_POSITION())
Creates an empty MapElement type ElementPtr.
Definition data.cc:304
isc::BadValue
A generic exception that is thrown if a parameter given to a method is considered invalid in that con...
Definition exceptions/exceptions.h:132
isc::Unexpected
A generic exception that is thrown when an unexpected error condition occurs.
Definition exceptions/exceptions.h:153
isc::data::SimpleParser::getInteger
static int64_t getInteger(isc::data::ConstElementPtr scope, const std::string &name)
Returns an integer parameter from a scope.
Definition lib/cc/simple_parser.cc:77
isc::dhcp::CfgMgr::getFamily
uint16_t getFamily() const
Returns address family.
Definition cfgmgr.h:246
isc::dhcp::CfgMgr::instance
static CfgMgr & instance()
returns a single instance of Configuration Manager
Definition cfgmgr.cc:29
isc::dhcp::CfgMgr::getCurrentCfg
SrvConfigPtr getCurrentCfg()
Returns a pointer to the current configuration.
Definition cfgmgr.cc:116
isc::dhcp::HostMgr::get6Any
ConstHostPtr get6Any(const SubnetID &subnet_id, const Host::IdentifierType &identifier_type, const uint8_t *identifier_begin, const size_t identifier_len, const HostMgrOperationTarget target) const
Returns any host connected to the IPv6 subnet.
Definition host_mgr.cc:590
isc::dhcp::HostMgr::get4Any
ConstHostPtr get4Any(const SubnetID &subnet_id, const Host::IdentifierType &identifier_type, const uint8_t *identifier_begin, const size_t identifier_len, const HostMgrOperationTarget target) const
Returns any host connected to the IPv4 subnet.
Definition host_mgr.cc:401
isc::dhcp::HostMgr::instance
static HostMgr & instance()
Returns a sole instance of the HostMgr.
Definition host_mgr.cc:114
isc::dhcp::Host
Represents a device with IPv4 and/or IPv6 reservations.
Definition host.h:327
isc::hooks::CalloutHandle
Per-packet callout handle.
Definition callout_handle.h:78
isc::hooks::CalloutHandle::getParkingLotHandlePtr
ParkingLotHandlePtr getParkingLotHandlePtr() const
Returns pointer to the parking lot handle for this hook point.
Definition callout_handle.cc:75
isc::hooks::CalloutHandle::getStatus
CalloutNextStep getStatus() const
Returns the next processing step.
Definition callout_handle.h:241
isc::hooks::CalloutHandle::setStatus
void setStatus(const CalloutNextStep next)
Sets the next processing step.
Definition callout_handle.h:231
isc::hooks::CalloutHandle::getArgument
void getArgument(const std::string &name, T &value) const
Get argument.
Definition callout_handle.h:164
isc::hooks::CalloutHandle::setArgument
void setArgument(const std::string &name, T value)
Set argument.
Definition callout_handle.h:147
isc::hooks::LibraryHandle::getParameter
isc::data::ConstElementPtr getParameter(const std::string &name)
Returns configuration parameter for the library.
Definition library_handle.cc:101
isc::hooks::LibraryHandle::getParameterNames
std::vector< std::string > getParameterNames()
Returns names of configuration parameters for the library.
Definition library_handle.cc:113
isc::process::Daemon::getProcName
static std::string getProcName()
returns the process name This value is used as when forming the default PID file name
Definition daemon.cc:151
isc::radius::Attributes
Collection of attributes.
Definition client_attribute.h:652
isc::radius::Attributes::toText
std::string toText(size_t indent=0) const
Returns text representation of the collection.
Definition client_attribute.cc:659
isc::radius::Attributes::get
ConstAttributePtr get(const uint8_t type) const
Get instance of the attribute in the collection.
Definition client_attribute.cc:648
isc::radius::Attributes::fromElement
static Attributes fromElement(const data::ConstElementPtr &attr_list)
Parse collection.
Definition client_attribute.cc:683
isc::radius::InHook
InHook class (RAII style).
Definition radius.h:259
isc::radius::RadiusAccounting::runAsync
static void runAsync(RadiusAcctHandlerPtr handler)
Run asynchronously.
Definition radius_accounting.cc:753
isc::radius::RadiusConfigParser::RADIUS_KEYWORDS
static const std::set< std::string > RADIUS_KEYWORDS
Keywords (aka global configuration entry names).
Definition radius_parsers.h:31
isc::radius::RadiusImpl
Radius hooks library implementation.
Definition radius.h:50
isc::radius::RadiusImpl::reset
void reset()
Reset the state as it was just created.
Definition radius.cc:124
isc::radius::RadiusImpl::startServices
void startServices()
Start the I/O mechanisms.
Definition radius.cc:155
isc::radius::RadiusImpl::instance
static RadiusImpl & instance()
RadiusImpl is a singleton class.
Definition radius.cc:37
command_interpreter.h
This file contains several functions and constants that are used for handling commands and responses ...
isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition exceptions/exceptions.h:210
host_mgr.h
io_service_mgr.h
simple_parser.h
LOG_ERROR
#define LOG_ERROR(LOGGER, MESSAGE)
Macro to conveniently test error output and log it.
Definition macros.h:32
LOG_INFO
#define LOG_INFO(LOGGER, MESSAGE)
Macro to conveniently test info output and log it.
Definition macros.h:20
LOG_DEBUG
#define LOG_DEBUG(LOGGER, LEVEL, MESSAGE)
Macro to conveniently test debug output and log it.
Definition macros.h:14
multi_threading_mgr.h
isc::config::CONTROL_RESULT_ERROR
const int CONTROL_RESULT_ERROR
Status code indicating a general failure.
Definition command_interpreter.h:45
isc::config::CONTROL_RESULT_SUCCESS
const int CONTROL_RESULT_SUCCESS
Status code indicating a successful operation.
Definition command_interpreter.h:42
isc::data::ConstElementPtr
boost::shared_ptr< const Element > ConstElementPtr
Definition data.h:29
isc::data::ElementPtr
boost::shared_ptr< Element > ElementPtr
Definition data.h:28
isc::dhcp::ConstSubnet6Ptr
boost::shared_ptr< const Subnet6 > ConstSubnet6Ptr
A const pointer to a Subnet6 object.
Definition subnet.h:623
isc::dhcp::HostPtr
boost::shared_ptr< Host > HostPtr
Pointer to the Host object.
Definition host.h:837
isc::dhcp::ConstSubnet4Ptr
boost::shared_ptr< const Subnet4 > ConstSubnet4Ptr
A const pointer to a Subnet4 object.
Definition subnet.h:458
isc::dhcp::Pkt4Ptr
boost::shared_ptr< Pkt4 > Pkt4Ptr
A pointer to Pkt4 object.
Definition pkt4.h:556
isc::dhcp::Lease6Ptr
boost::shared_ptr< Lease6 > Lease6Ptr
Pointer to a Lease6 structure.
Definition lease.h:528
isc::dhcp::ConstHostPtr
boost::shared_ptr< const Host > ConstHostPtr
Const pointer to the Host object.
Definition host.h:840
isc::dhcp::Pkt6Ptr
boost::shared_ptr< Pkt6 > Pkt6Ptr
A pointer to Pkt6 packet.
Definition pkt6.h:31
isc::dhcp::Lease4Ptr
boost::shared_ptr< Lease4 > Lease4Ptr
Pointer to a Lease4 structure.
Definition lease.h:315
isc::gss_tsig::impl
GssTsigImplPtr impl
The GSS-TSIG hook implementation object.
Definition gss_tsig_callouts.cc:34
isc::hooks::ParkingLotHandlePtr
boost::shared_ptr< ParkingLotHandle > ParkingLotHandlePtr
Pointer to the parking lot handle.
Definition parking_lots.h:381
isc::radius::RadiusAcctHandlerPtr
boost::shared_ptr< RadiusAcctHandler > RadiusAcctHandlerPtr
Type of pointers to Radius accounting communication handler.
Definition radius_accounting.h:174
isc::radius::RadiusAuthPendingRequestPtr
boost::shared_ptr< RadiusAuthPendingRequest< PktPtrType > > RadiusAuthPendingRequestPtr
Pointer to a pending Radius access request.
Definition radius_access.h:41
isc::radius::RADIUS_ACCESS_CONFLICT
const isc::log::MessageID RADIUS_ACCESS_CONFLICT
Definition radius_messages.h:14
isc::radius::RADIUS_ACCESS_MAX_PENDING_REQUESTS
const isc::log::MessageID RADIUS_ACCESS_MAX_PENDING_REQUESTS
Definition radius_messages.h:20
isc::radius::ConstAttributePtr
boost::shared_ptr< const Attribute > ConstAttributePtr
Definition client_attribute.h:37
isc::radius::RADIUS_INIT_OK
const isc::log::MessageID RADIUS_INIT_OK
Definition radius_messages.h:70
isc::radius::RADIUS_DEINIT_OK
const isc::log::MessageID RADIUS_DEINIT_OK
Definition radius_messages.h:48
isc::radius::RADIUS_DBG_TRACE
const int RADIUS_DBG_TRACE
Radius logging levels.
Definition radius_log.h:26
isc::radius::RADIUS_ACCESS_CACHE_GET
const isc::log::MessageID RADIUS_ACCESS_CACHE_GET
Definition radius_messages.h:12
isc::radius::RadiusAuthHandlerPtr
boost::shared_ptr< RadiusAuthHandler > RadiusAuthHandlerPtr
Type of pointers to Radius access communication handler.
Definition radius_access.h:161
isc::radius::radius_logger
isc::log::Logger radius_logger("radius-hooks")
Radius Logger.
Definition radius_log.h:35
isc::radius::RADIUS_ACCESS_SUBNET_RESELECT
const isc::log::MessageID RADIUS_ACCESS_SUBNET_RESELECT
Definition radius_messages.h:24
isc::radius::RADIUS_CONFIGURATION_FAILED
const isc::log::MessageID RADIUS_CONFIGURATION_FAILED
Definition radius_messages.h:46
isc::radius::RADIUS_HOOK_FAILED
const isc::log::MessageID RADIUS_HOOK_FAILED
Definition radius_messages.h:69
isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148
radius_access.h
radius_accounting.h
subnet4_select
int subnet4_select(CalloutHandle &handle)
This callout tries to retrieve host information from cache.
Definition radius_callout.cc:447
lease4_release
int lease4_release(CalloutHandle &handle)
This callout is called at the "lease4_release" hook.
Definition radius_callout.cc:610
lease4_decline
int lease4_decline(CalloutHandle &handle)
This callout is called at the "lease4_decline" hook.
Definition radius_callout.cc:643
dhcp6_srv_configured
int dhcp6_srv_configured(CalloutHandle &)
This function is called by the DHCPv6 server when it is configured.
Definition radius_callout.cc:433
dhcp4_srv_configured
int dhcp4_srv_configured(CalloutHandle &)
This function is called by the DHCPv4 server when it is configured.
Definition radius_callout.cc:421
lease6_release
int lease6_release(CalloutHandle &handle)
This callout is called at the "lease6_release" hook.
Definition radius_callout.cc:794
command_processed
int command_processed(CalloutHandle &handle)
This callout is called at the "command_processed" hook point.
Definition radius_callout.cc:884
lease6_rebind
int lease6_rebind(CalloutHandle &handle)
This callout is called at the "lease6_rebind" hook.
Definition radius_callout.cc:765
multi_threading_compatible
int multi_threading_compatible()
This function is called to retrieve the multi-threading compatibility.
Definition radius_callout.cc:411
lease4_renew
int lease4_renew(CalloutHandle &handle)
This callout is called at the "lease4_renew" hook.
Definition radius_callout.cc:577
subnet6_select
int subnet6_select(CalloutHandle &handle)
This callout tries to retrieve host information from cache.
Definition radius_callout.cc:492
lease4_select
int lease4_select(CalloutHandle &handle)
This callout is called at the "lease4_select" hook.
Definition radius_callout.cc:536
unload
int unload()
This function is called when the library is unloaded.
Definition radius_callout.cc:401
lease6_expire
int lease6_expire(CalloutHandle &handle)
This callout is called at the "lease6_expire" hook.
Definition radius_callout.cc:852
lease4_expire
int lease4_expire(CalloutHandle &handle)
This callout is called at the "lease4_expire" hook.
Definition radius_callout.cc:673
lease6_select
int lease6_select(CalloutHandle &handle)
This callout is called at the "lease6_select" hook.
Definition radius_callout.cc:702
load
int load(LibraryHandle &handle)
This function is called when the library is loaded.
Definition radius_callout.cc:366
lease6_decline
int lease6_decline(CalloutHandle &handle)
This callout is called at the "lease6_decline" hook.
Definition radius_callout.cc:823
lease6_renew
int lease6_renew(CalloutHandle &handle)
This callout is called at the "lease6_renew" hook.
Definition radius_callout.cc:736
radius_log.h
radius_parsers.h
isc::util::MultiThreadingLock
RAII lock object to protect the code in the same scope with a mutex.
Definition multi_threading_mgr.h:349