Kea 3.1.8
radius_callout.cc
Go to the documentation of this file.
1// Copyright (C) 2020-2026 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7// Functions accessed by the hooks framework use C linkage to avoid the name
8// mangling that accompanies use of the C++ compiler as well as to avoid
9// issues related to namespaces.
10
11#include <config.h>
12
13#include <asiolink/io_service_mgr.h>
14#include <cc/command_interpreter.h>
15#include <cc/simple_parser.h>
16#include <hooks/hooks.h>
17#include <dhcp/pkt4.h>
18#include <dhcp/pkt6.h>
19#include <dhcpsrv/lease.h>
20#include <dhcpsrv/subnet.h>
21#include <radius.h>
22#include <dhcpsrv/cfgmgr.h>
23#include <dhcpsrv/host_mgr.h>
24#include <process/daemon.h>
25#include <stats/stats_mgr.h>
26#include <radius_log.h>
27#include <radius_parsers.h>
28#include <radius_access.h>
29#include <radius_accounting.h>
30#include <util/multi_threading_mgr.h>
31
32#include <string>
33#include <sstream>
34#include <vector>
35
36using namespace isc;
37using namespace isc::asiolink;
38using namespace isc::config;
39using namespace isc::data;
40using namespace isc::dhcp;
41using namespace isc::hooks;
42using namespace isc::process;
43using namespace isc::radius;
44using namespace isc::stats;
45using namespace isc::util;
46using namespace std;
47
48namespace {
49
54ElementPtr getConfig(LibraryHandle& handle) {
55 const vector<string> names = handle.getParameterNames();
56 const set<string> keywords = RadiusConfigParser::RADIUS_KEYWORDS;
57 ElementPtr config = Element::createMap();
58
59 for (auto const& name : names) {
60 if (keywords.count(name) == 0) {
61 isc_throw(BadValue, "unknown parameter: " << name);
62 }
63 ConstElementPtr value = handle.getParameter(name);
64 if (value) {
65 config->set(name, value);
66 }
67 }
68 return (config);
69}
70
77RadiusAuthHandlerPtr subnet4Select(CalloutHandle& handle,
78 ConstSubnet4Ptr subnet, Pkt4Ptr query) {
79 RadiusImpl& impl = RadiusImpl::instance();
80 MultiThreadingLock lock(impl.auth_->requests4_.mutex_);
81
82 RadiusAuthHandlerPtr handler;
83 uint32_t subnet_id = subnet->getID();
84 uint32_t host_subnet_id =
85 (subnet->getReservationsGlobal() ? SUBNET_ID_GLOBAL : subnet_id);
86 vector<uint8_t> id;
87 string text;
88 if (!impl.auth_->getIdentifier(*query, id, text)) {
89 // What to do?
90 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
91 return (handler);
92 }
93
94 // Ask host cache.
95 ConstHostPtr host = HostMgr::instance().get4Any(host_subnet_id,
96 impl.id_type4_,
97 &id[0], id.size());
98 // Check cached subnet reselect.
99 if (host && host->getContext() &&
100 (host->getContext()->getType() == Element::map) &&
101 host->getContext()->contains("subnet-id")) {
102 try {
103 ConstElementPtr reselected = host->getContext()->get("subnet-id");
104 subnet_id = static_cast<uint32_t>(reselected->intValue());
105 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
106 RADIUS_ACCESS_SUBNET_RESELECT)
107 .arg(subnet->getID())
108 .arg(subnet_id);
109 // Reselect to null.
110 if (subnet_id == SUBNET_ID_UNUSED) {
111 ConstSubnet4Ptr null_subnet;
112 handle.setArgument("subnet4", null_subnet);
113 return (handler);
114 }
115 // Reselect to an other subnet.
116 uint32_t new_host_subnet_id = host_subnet_id;
117 if (subnet_id != subnet->getID()) {
118 ConstSubnet4Ptr new_subnet =
119 CfgMgr::instance().getCurrentCfg()->
120 getCfgSubnets4()->getSubnet(subnet_id);
121 if (!new_subnet) {
122 isc_throw(BadValue,
123 "can't find subnet with id: " << subnet_id);
124 }
125 new_host_subnet_id =
126 (new_subnet->getReservationsGlobal() ?
127 SUBNET_ID_GLOBAL : subnet_id);
128 handle.setArgument("subnet4", new_subnet);
129 }
130 // Get again host cache.
131 if (new_host_subnet_id != host_subnet_id) {
132 host = HostMgr::instance().get4Any(new_host_subnet_id,
133 impl.id_type4_,
134 &id[0], id.size());
135 }
136 } catch (const std::exception&) {
137 // Delete bad entry from cache.
138 HostPtr bad(new Host(*host));
139 static_cast<void>(impl.cache_->remove(bad));
140 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
141 return (handler);
142 }
143 }
144
145 // Check cached RADIUS response.
146 if (host && host->getContext() &&
147 (host->getContext()->getType() == Element::map)) {
148 // Yeah! We don't need to ask the Radius server.
149 Attributes attrs =
150 Attributes::fromElement(host->getContext()->get("radius"));
151 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CACHE_GET)
152 .arg(host->toText())
153 .arg(attrs.toText());
154 // 3 cases:
155 // - ip address (is in the host).
156 // - framed pool (put in the query).
157 // - class (todo).
158 if (!host->getIPv4Reservation().isV4Zero()) {
159 // Done!
160 return (handler);
161 }
162 ConstAttributePtr framed_pool = attrs.get(PW_FRAMED_POOL);
163 if (framed_pool && (framed_pool->getValueType() == PW_TYPE_STRING)) {
164 query->addClass(framed_pool->toString());
165 // Done!
166 return (handler);
167 }
168 // todo: class.
169 ConstAttributePtr class_ = attrs.get(PW_CLASS);
170 if (class_ && (class_->getValueType() == PW_TYPE_STRING)) {
171 // todo
172 return (handler);
173 }
174 return (handler);
175 }
176
177 // Get the pending request.
178 RadiusAuthPendingRequestPtr<Pkt4Ptr> pending_request =
179 impl.auth_->requests4_.get(id);
180
181 // Conflict?
182 if (pending_request) {
183 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CONFLICT)
184 .arg(query->getLabel())
185 .arg(text);
186 StatsMgr::instance().addValue("pkt4-duplicate",
187 static_cast<int64_t>(1));
188 StatsMgr::instance().addValue("pkt4-receive-drop",
189 static_cast<int64_t>(1));
190 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
191 return (handler);
192 }
193
194 // Too many pending requests.
195 size_t max_requests = impl.auth_->max_pending_requests_;
196 if ((max_requests > 0) && (impl.auth_->requests4_.size() >= max_requests)) {
197 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
198 RADIUS_ACCESS_MAX_PENDING_REQUESTS)
199 .arg(query->getLabel())
200 .arg(text);
201 StatsMgr::instance().addValue("pkt4-queue-full",
202 static_cast<int64_t>(1));
203 StatsMgr::instance().addValue("pkt4-receive-drop",
204 static_cast<int64_t>(1));
205 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
206 return (handler);
207 }
208
209 // Ask the Radius server.
210 handler = impl.auth_->buildAuth(*query, subnet_id, id, text);
211 if (!handler) {
212 // Error was logged.
213 StatsMgr::instance().addValue("pkt4-processing-failed",
214 static_cast<int64_t>(1));
215 StatsMgr::instance().addValue("pkt4-receive-drop",
216 static_cast<int64_t>(1));
217 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
218 return (handler);
219 }
220
221 // Create a new pending access request.
222 impl.auth_->requests4_.set(id, query);
223
224 return (handler);
225}
226
233RadiusAuthHandlerPtr subnet6Select(CalloutHandle& handle,
234 ConstSubnet6Ptr subnet, Pkt6Ptr query) {
235 RadiusImpl& impl = RadiusImpl::instance();
236 MultiThreadingLock lock(impl.auth_->requests6_.mutex_);
237
238 RadiusAuthHandlerPtr handler;
239 uint32_t subnet_id = subnet->getID();
240 uint32_t host_subnet_id =
241 (subnet->getReservationsGlobal() ? SUBNET_ID_GLOBAL : subnet_id);
242 vector<uint8_t> id;
243 string text;
244 if (!impl.auth_->getIdentifier(*query, id, text)) {
245 // What to do?
246 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
247 return (handler);
248 }
249
250 // Ask host cache.
251 ConstHostPtr host = HostMgr::instance().get6Any(host_subnet_id,
252 impl.id_type6_,
253 &id[0], id.size());
254 // Check cached subnet reselect.
255 if (host && host->getContext() &&
256 (host->getContext()->getType() == Element::map) &&
257 host->getContext()->contains("subnet-id")) {
258 try {
259 ConstElementPtr reselected = host->getContext()->get("subnet-id");
260 subnet_id = static_cast<uint32_t>(reselected->intValue());
261 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
262 RADIUS_ACCESS_SUBNET_RESELECT)
263 .arg(subnet->getID())
264 .arg(subnet_id);
265 // Reselect to null.
266 if (subnet_id == SUBNET_ID_UNUSED) {
267 ConstSubnet6Ptr null_subnet;
268 handle.setArgument("subnet6", null_subnet);
269 return (handler);
270 }
271 // Reselect to an other subnet.
272 uint32_t new_host_subnet_id = host_subnet_id;
273 if (subnet_id != subnet->getID()) {
274 ConstSubnet6Ptr new_subnet =
275 CfgMgr::instance().getCurrentCfg()->
276 getCfgSubnets6()->getSubnet(subnet_id);
277 if (!new_subnet) {
278 isc_throw(BadValue,
279 "can't find subnet with id: " << subnet_id);
280 }
281 new_host_subnet_id =
282 (new_subnet->getReservationsGlobal() ?
283 SUBNET_ID_GLOBAL : subnet_id);
284 handle.setArgument("subnet6", new_subnet);
285 }
286 // Get again host cache.
287 if (new_host_subnet_id != host_subnet_id) {
288 host = HostMgr::instance().get6Any(new_host_subnet_id,
289 impl.id_type6_,
290 &id[0], id.size());
291 }
292 } catch (const std::exception&) {
293 // Delete bad entry from cache.
294 HostPtr bad(new Host(*host));
295 static_cast<void>(impl.cache_->remove(bad));
296 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
297 return (handler);
298 }
299 }
300
301 // Check cached RADIUS response.
302 if (host && host->getContext() &&
303 (host->getContext()->getType() == Element::map)) {
304 // Yeah! We don't need to ask the Radius server.
305 Attributes attrs =
306 Attributes::fromElement(host->getContext()->get("radius"));
307 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CACHE_GET)
308 .arg(host->toText())
309 .arg(attrs.toText());
310 // 4 cases:
311 // - ip address (is in the host).
312 // - delegated prefix (is in the host).
313 // - framed pool (put in the query).
314 // - class (todo).
315 if (host->hasIPv6Reservation()) {
316 // Done!
317 return (handler);
318 }
319 ConstAttributePtr framed_pool = attrs.get(PW_FRAMED_POOL);
320 if (framed_pool && (framed_pool->getValueType() == PW_TYPE_STRING)) {
321 query->addClass(framed_pool->toString());
322 // Done!
323 return (handler);
324 }
325 // todo: class.
326 ConstAttributePtr class_ = attrs.get(PW_CLASS);
327 if (class_ && (class_->getValueType() == PW_TYPE_STRING)) {
328 // todo
329 return (handler);
330 }
331 return (handler);
332 }
333
334 // Get the pending request.
335 RadiusAuthPendingRequestPtr<Pkt6Ptr> pending_request =
336 impl.auth_->requests6_.get(id);
337
338 // Conflict?
339 if (pending_request) {
340 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE, RADIUS_ACCESS_CONFLICT)
341 .arg(query->getLabel())
342 .arg(text);
343 StatsMgr::instance().addValue("pkt6-duplicate",
344 static_cast<int64_t>(1));
345 StatsMgr::instance().addValue("pkt6-receive-drop",
346 static_cast<int64_t>(1));
347 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
348 return (handler);
349 }
350
351 // Too many pending requests.
352 size_t max_requests = impl.auth_->max_pending_requests_;
353 if ((max_requests > 0) && (impl.auth_->requests6_.size() >= max_requests)) {
354 LOG_DEBUG(radius_logger, RADIUS_DBG_TRACE,
355 RADIUS_ACCESS_MAX_PENDING_REQUESTS)
356 .arg(query->getLabel())
357 .arg(text);
358 StatsMgr::instance().addValue("pkt6-queue-full",
359 static_cast<int64_t>(1));
360 StatsMgr::instance().addValue("pkt6-receive-drop",
361 static_cast<int64_t>(1));
362 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
363 return (handler);
364 }
365
366 // Ask the Radius server.
367 handler = impl.auth_->buildAuth(*query, subnet_id, id, text);
368 if (!handler) {
369 // Error was logged.
370 StatsMgr::instance().addValue("pkt6-processing-failed",
371 static_cast<int64_t>(1));
372 StatsMgr::instance().addValue("pkt6-receive-drop",
373 static_cast<int64_t>(1));
374 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
375 return (handler);
376 }
377
378 // Create a new pending access request.
379 impl.auth_->requests6_.set(id, query);
380
381 return (handler);
382}
383
384} // end of anonymous namespace
385
386extern "C" {
387
392int load(LibraryHandle& handle) {
393
394 try {
395 // Make the hook library not loadable by d2 or ca.
396 uint16_t family = CfgMgr::instance().getFamily();
397 const std::string& proc_name = Daemon::getProcName();
398 if (family == AF_INET) {
399 if (proc_name != "kea-dhcp4") {
400 isc_throw(isc::Unexpected, "Bad process name: " << proc_name
401 << ", expected kea-dhcp4");
402 }
403 } else {
404 if (proc_name != "kea-dhcp6") {
405 isc_throw(isc::Unexpected, "Bad process name: " << proc_name
406 << ", expected kea-dhcp6");
407 }
408 }
409
410 // Get and decode configuration.
411 ElementPtr config = getConfig(handle);
412 RadiusImpl& impl = RadiusImpl::instance();
413 impl.init(config);
414 } catch (const std::exception& ex) {
415 LOG_ERROR(radius_logger, RADIUS_CONFIGURATION_FAILED)
416 .arg(ex.what());
417 return (CONTROL_RESULT_ERROR);
418 }
419
420 LOG_INFO(radius_logger, RADIUS_INIT_OK);
421 return (CONTROL_RESULT_SUCCESS);
422}
423
433
437int multi_threading_compatible() {
438 return (1);
439}
440
452
464
473int subnet4_select(CalloutHandle& handle) {
474 CalloutHandle::CalloutNextStep status = handle.getStatus();
475 if (status == CalloutHandle::NEXT_STEP_DROP ||
476 status == CalloutHandle::NEXT_STEP_SKIP) {
477 return (0);
478 }
479
480 InHook in_hook;
481 RadiusImpl& impl = RadiusImpl::instance();
482 if (!impl.serveAccess() || !impl.checkHostBackends()) {
483 return (CONTROL_RESULT_SUCCESS);
484 }
485 Pkt4Ptr query;
486 handle.getArgument("query4", query);
487 ConstSubnet4Ptr subnet;
488 handle.getArgument("subnet4", subnet);
489 if (!query || !subnet || (subnet->getID() == 0)) {
490 return (CONTROL_RESULT_SUCCESS);
491 }
492 ParkingLotHandlePtr parking_lot = handle.getParkingLotHandlePtr();
493 parking_lot->reference(query);
494 try {
495 RadiusAuthHandlerPtr handler = subnet4Select(handle, subnet, query);
496 if (!handler) {
497 parking_lot->dereference(query);
498 return (CONTROL_RESULT_SUCCESS);
499 }
500 handler->start();
501 handle.setStatus(CalloutHandle::NEXT_STEP_PARK);
502 } catch (...) {
503 parking_lot->dereference(query);
504 StatsMgr::instance().addValue("pkt4-processing-failed",
505 static_cast<int64_t>(1));
506 StatsMgr::instance().addValue("pkt4-receive-drop",
507 static_cast<int64_t>(1));
508 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
509 }
510
511 return (CONTROL_RESULT_SUCCESS);
512}
513
522int subnet6_select(CalloutHandle& handle) {
523 CalloutHandle::CalloutNextStep status = handle.getStatus();
524 if (status == CalloutHandle::NEXT_STEP_DROP ||
525 status == CalloutHandle::NEXT_STEP_SKIP) {
526 return (CONTROL_RESULT_SUCCESS);
527 }
528
529 InHook in_hook;
530 RadiusImpl& impl = RadiusImpl::instance();
531 if (!impl.serveAccess() || !impl.checkHostBackends()) {
532 return (CONTROL_RESULT_SUCCESS);
533 }
534 Pkt6Ptr query;
535 handle.getArgument("query6", query);
536 ConstSubnet6Ptr subnet;
537 handle.getArgument("subnet6", subnet);
538 if (!query || !subnet || (subnet->getID() == 0)) {
539 return (CONTROL_RESULT_SUCCESS);
540 }
541 ParkingLotHandlePtr parking_lot = handle.getParkingLotHandlePtr();
542 parking_lot->reference(query);
543 try {
544 RadiusAuthHandlerPtr handler = subnet6Select(handle, subnet, query);
545 if (!handler) {
546 parking_lot->dereference(query);
547 return (CONTROL_RESULT_SUCCESS);
548 }
549 handler->start();
550 handle.setStatus(CalloutHandle::NEXT_STEP_PARK);
551 } catch (...) {
552 parking_lot->dereference(query);
553 StatsMgr::instance().addValue("pkt6-processing-failed",
554 static_cast<int64_t>(1));
555 StatsMgr::instance().addValue("pkt6-receive-drop",
556 static_cast<int64_t>(1));
557 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
558 }
559
560 return (CONTROL_RESULT_SUCCESS);
561}
562
570int lease4_select(CalloutHandle& handle) {
571 CalloutHandle::CalloutNextStep status = handle.getStatus();
572 if (status == CalloutHandle::NEXT_STEP_DROP ||
573 status == CalloutHandle::NEXT_STEP_SKIP) {
574 return (0);
575 }
576
577 InHook in_hook;
578 RadiusImpl& impl = RadiusImpl::instance();
579 if (!impl.serveAccounting() || !impl.getIOContext()) {
580 return (CONTROL_RESULT_SUCCESS);
581 }
582
583 bool fake_allocation = false;
584 handle.getArgument("fake_allocation", fake_allocation);
585 if (fake_allocation) {
586 // If this is a discover, there's nothing to do
587 return (CONTROL_RESULT_SUCCESS);
588 }
589
590 Lease4Ptr lease;
591 handle.getArgument("lease4", lease);
592 try {
593 // Start the Accounting-Request transmission.
594 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_CREATE);
595 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
596 } catch (const std::exception& ex) {
597 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
598 .arg("lease4_select")
599 .arg(ex.what());
600 }
601 return (CONTROL_RESULT_SUCCESS);
602}
603
611int lease4_renew(CalloutHandle& handle) {
612 CalloutHandle::CalloutNextStep status = handle.getStatus();
613 if (status == CalloutHandle::NEXT_STEP_DROP ||
614 status == CalloutHandle::NEXT_STEP_SKIP) {
615 return (0);
616 }
617
618 InHook in_hook;
619 RadiusImpl& impl = RadiusImpl::instance();
620 if (!impl.serveAccounting() || !impl.getIOContext()) {
621 return (CONTROL_RESULT_SUCCESS);
622 }
623 Lease4Ptr lease;
624 handle.getArgument("lease4", lease);
625 try {
626 // Start the Accounting-Request transmission.
627 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RENEW);
628 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
629 } catch (const std::exception& ex) {
630 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
631 .arg("lease4_renew")
632 .arg(ex.what());
633 }
634 return (CONTROL_RESULT_SUCCESS);
635}
636
644int lease4_release(CalloutHandle& handle) {
645 CalloutHandle::CalloutNextStep status = handle.getStatus();
646 if (status == CalloutHandle::NEXT_STEP_DROP ||
647 status == CalloutHandle::NEXT_STEP_SKIP) {
648 return (0);
649 }
650
651 InHook in_hook;
652 RadiusImpl& impl = RadiusImpl::instance();
653 if (!impl.serveAccounting() || !impl.getIOContext()) {
654 return (CONTROL_RESULT_SUCCESS);
655 }
656 Lease4Ptr lease;
657 handle.getArgument("lease4", lease);
658 try {
659 // Start the Accounting-Request transmission.
660 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RELEASE);
661 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
662 } catch (const std::exception& ex) {
663 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
664 .arg("lease4_release")
665 .arg(ex.what());
666 }
667 return (CONTROL_RESULT_SUCCESS);
668}
669
677int lease4_decline(CalloutHandle& handle) {
678 CalloutHandle::CalloutNextStep status = handle.getStatus();
679 if (status == CalloutHandle::NEXT_STEP_DROP ||
680 status == CalloutHandle::NEXT_STEP_SKIP) {
681 return (0);
682 }
683
684 InHook in_hook;
685 RadiusImpl& impl = RadiusImpl::instance();
686 if (!impl.serveAccounting() || !impl.getIOContext()) {
687 return (CONTROL_RESULT_SUCCESS);
688 }
689 Lease4Ptr lease;
690 handle.getArgument("lease4", lease);
691 try {
692 // Start the Accounting-Request transmission.
693 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_DECLINE);
694 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
695 } catch (const std::exception& ex) {
696 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
697 .arg("lease4_decline")
698 .arg(ex.what());
699 }
700 return (CONTROL_RESULT_SUCCESS);
701}
702
707int lease4_expire(CalloutHandle& handle) {
708 CalloutHandle::CalloutNextStep status = handle.getStatus();
709 if (status == CalloutHandle::NEXT_STEP_DROP ||
710 status == CalloutHandle::NEXT_STEP_SKIP) {
711 return (0);
712 }
713
714 InHook in_hook;
715 RadiusImpl& impl = RadiusImpl::instance();
716 if (!impl.serveAccounting() || !impl.getIOContext()) {
717 return (CONTROL_RESULT_SUCCESS);
718 }
719 Lease4Ptr lease;
720 handle.getArgument("lease4", lease);
721 try {
722 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_EXPIRE);
723 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
724 } catch (const std::exception& ex) {
725 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
726 .arg("lease4_expire")
727 .arg(ex.what());
728 }
729 return (CONTROL_RESULT_SUCCESS);
730}
731
736int lease6_select(CalloutHandle& handle) {
737 CalloutHandle::CalloutNextStep status = handle.getStatus();
738 if (status == CalloutHandle::NEXT_STEP_DROP ||
739 status == CalloutHandle::NEXT_STEP_SKIP) {
740 return (0);
741 }
742
743 InHook in_hook;
744 RadiusImpl& impl = RadiusImpl::instance();
745 if (!impl.serveAccounting() || !impl.getIOContext()) {
746 return (CONTROL_RESULT_SUCCESS);
747 }
748 bool fake_allocation;
749 handle.getArgument("fake_allocation", fake_allocation);
750 if (fake_allocation) {
751 return (CONTROL_RESULT_SUCCESS);
752 }
753 Lease6Ptr lease;
754 handle.getArgument("lease6", lease);
755 try {
756 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_CREATE);
757 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
758 } catch (const std::exception& ex) {
759 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
760 .arg("lease6_select")
761 .arg(ex.what());
762 }
763 return (CONTROL_RESULT_SUCCESS);
764}
765
770int lease6_renew(CalloutHandle& handle) {
771 CalloutHandle::CalloutNextStep status = handle.getStatus();
772 if (status == CalloutHandle::NEXT_STEP_DROP ||
773 status == CalloutHandle::NEXT_STEP_SKIP) {
774 return (0);
775 }
776
777 InHook in_hook;
778 RadiusImpl& impl = RadiusImpl::instance();
779 if (!impl.serveAccounting() || !impl.getIOContext()) {
780 return (CONTROL_RESULT_SUCCESS);
781 }
782 Lease6Ptr lease;
783 handle.getArgument("lease6", lease);
784 try {
785 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RENEW);
786 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
787 } catch (const std::exception& ex) {
788 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
789 .arg("lease6_renew")
790 .arg(ex.what());
791 }
792 return (CONTROL_RESULT_SUCCESS);
793}
794
799int lease6_rebind(CalloutHandle& handle) {
800 CalloutHandle::CalloutNextStep status = handle.getStatus();
801 if (status == CalloutHandle::NEXT_STEP_DROP ||
802 status == CalloutHandle::NEXT_STEP_SKIP) {
803 return (0);
804 }
805
806 InHook in_hook;
807 RadiusImpl& impl = RadiusImpl::instance();
808 if (!impl.serveAccounting() || !impl.getIOContext()) {
809 return (CONTROL_RESULT_SUCCESS);
810 }
811 Lease6Ptr lease;
812 handle.getArgument("lease6", lease);
813 try {
814 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_REBIND);
815 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
816 } catch (const std::exception& ex) {
817 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
818 .arg("lease6_rebind")
819 .arg(ex.what());
820 }
821 return (CONTROL_RESULT_SUCCESS);
822}
823
828int lease6_release(CalloutHandle& handle) {
829 CalloutHandle::CalloutNextStep status = handle.getStatus();
830 if (status == CalloutHandle::NEXT_STEP_DROP ||
831 status == CalloutHandle::NEXT_STEP_SKIP) {
832 return (0);
833 }
834
835 InHook in_hook;
836 RadiusImpl& impl = RadiusImpl::instance();
837 if (!impl.serveAccounting() || !impl.getIOContext()) {
838 return (CONTROL_RESULT_SUCCESS);
839 }
840 Lease6Ptr lease;
841 handle.getArgument("lease6", lease);
842 try {
843 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_RELEASE);
844 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
845 } catch (const std::exception& ex) {
846 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
847 .arg("lease6_release")
848 .arg(ex.what());
849 }
850 return (CONTROL_RESULT_SUCCESS);
851}
852
857int lease6_decline(CalloutHandle& handle) {
858 CalloutHandle::CalloutNextStep status = handle.getStatus();
859 if (status == CalloutHandle::NEXT_STEP_DROP ||
860 status == CalloutHandle::NEXT_STEP_SKIP) {
861 return (0);
862 }
863
864 InHook in_hook;
865 RadiusImpl& impl = RadiusImpl::instance();
866 if (!impl.serveAccounting() || !impl.getIOContext()) {
867 return (CONTROL_RESULT_SUCCESS);
868 }
869 Lease6Ptr lease;
870 handle.getArgument("lease6", lease);
871 try {
872 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_DECLINE);
873 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
874 } catch (const std::exception& ex) {
875 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
876 .arg("lease6_decline")
877 .arg(ex.what());
878 }
879 return (CONTROL_RESULT_SUCCESS);
880}
881
886int lease6_expire(CalloutHandle& handle) {
887 CalloutHandle::CalloutNextStep status = handle.getStatus();
888 if (status == CalloutHandle::NEXT_STEP_DROP ||
889 status == CalloutHandle::NEXT_STEP_SKIP) {
890 return (0);
891 }
892
893 InHook in_hook;
894 RadiusImpl& impl = RadiusImpl::instance();
895 if (!impl.serveAccounting() || !impl.getIOContext()) {
896 return (CONTROL_RESULT_SUCCESS);
897 }
898 Lease6Ptr lease;
899 handle.getArgument("lease6", lease);
900 try {
901 RadiusAcctHandlerPtr handler = impl.acct_->buildAcct(lease, EVENT_EXPIRE);
902 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync, handler));
903 } catch (const std::exception& ex) {
904 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
905 .arg("lease6_expire")
906 .arg(ex.what());
907 }
908 return (CONTROL_RESULT_SUCCESS);
909}
910
918int command_processed(CalloutHandle& handle) {
919 InHook in_hook;
920 RadiusImpl& impl = RadiusImpl::instance();
921 if (!impl.serveAccounting() || !impl.getIOContext()) {
922 return (CONTROL_RESULT_SUCCESS);
923 }
924 string name;
925 ConstElementPtr arguments;
926 ConstElementPtr response;
927 try {
928 handle.getArgument("name", name);
929 handle.getArgument("arguments", arguments);
930 handle.getArgument("response", response);
931 if (!arguments || !response) {
932 // "arguments" and "response" are required for all further actions.
933 // Stop here if they are not set.
934 return (CONTROL_RESULT_SUCCESS);
935 }
936
937 int result = SimpleParser::getInteger(response, "result");
938 if (result != 0) {
939 // Command has failed.
940 return (CONTROL_RESULT_SUCCESS);
941 }
942
943 // Handle peer updates?
944 const ConstElementPtr origin(arguments->get("origin"));
945 if (origin) {
946 // "origin" has a dynamic type. There are commands like ha-sync-complete-notify that set
947 // it to an integer. For simplicity, treat those cases like it is not coming from an HA
948 // partner for now and it will get filtered out by name further down below. We only care
949 // about lease updates.
950 const bool is_from_ha_partner(origin->getType() == Element::string &&
951 origin->stringValue() == "ha-partner");
952 if (!impl.acct_->peer_updates_ && is_from_ha_partner) {
953 return (CONTROL_RESULT_SUCCESS);
954 }
955 }
956
957 RadiusAcctHandlerPtr handler;
958 if (name == "lease4-add") {
959 handler = impl.acct_->buildAcct4(arguments, EVENT_ADD);
960 } else if (name == "lease4-update") {
961 handler = impl.acct_->buildAcct4(arguments, EVENT_UPDATE);
962 } else if (name== "lease4-del") {
963 handler = impl.acct_->buildAcct4(arguments, EVENT_DEL);
964 } else if (name == "lease6-add") {
965 handler = impl.acct_->buildAcct6(arguments, EVENT_ADD);
966 } else if (name == "lease6-update") {
967 handler = impl.acct_->buildAcct6(arguments, EVENT_UPDATE);
968 } else if (name== "lease6-del") {
969 handler = impl.acct_->buildAcct6(arguments, EVENT_DEL);
970 }
971 if (handler) {
972 impl.getIOContext()->post(std::bind(&RadiusAccounting::runAsync,
973 handler));
974 }
975 } catch (const std::exception& ex) {
976 ostringstream ss;
977 ss << "command_processed: " << name;
978 LOG_ERROR(radius_logger, RADIUS_HOOK_FAILED)
979 .arg(ss.str())
980 .arg(ex.what());
981 }
982 return (CONTROL_RESULT_SUCCESS);
983}
984
985} // end extern "C"
CalloutHandle::CalloutNextStep
CalloutNextStep
Specifies allowed next steps.
Definition callout_handle.h:86
CalloutHandle::NEXT_STEP_PARK
@ NEXT_STEP_PARK
park the packet
Definition callout_handle.h:90
CalloutHandle::NEXT_STEP_DROP
@ NEXT_STEP_DROP
drop the packet
Definition callout_handle.h:89
CalloutHandle::NEXT_STEP_SKIP
@ NEXT_STEP_SKIP
skip the next processing step
Definition callout_handle.h:88
Element::map
@ map
Definition data.h:160
Element::string
@ string
Definition data.h:157
Element::createMap
static ElementPtr createMap(const Position &pos=ZERO_POSITION())
Creates an empty MapElement type ElementPtr.
Definition data.cc:354
isc::BadValue
A generic exception that is thrown if a parameter given to a method is considered invalid in that con...
Definition exceptions/exceptions.h:132
isc::Unexpected
A generic exception that is thrown when an unexpected error condition occurs.
Definition exceptions/exceptions.h:153
isc::data::SimpleParser::getInteger
static int64_t getInteger(isc::data::ConstElementPtr scope, const std::string &name)
Returns an integer parameter from a scope.
Definition lib/cc/simple_parser.cc:77
isc::dhcp::CfgMgr::getFamily
uint16_t getFamily() const
Returns address family.
Definition cfgmgr.h:246
isc::dhcp::CfgMgr::instance
static CfgMgr & instance()
returns a single instance of Configuration Manager
Definition cfgmgr.cc:29
isc::dhcp::CfgMgr::getCurrentCfg
SrvConfigPtr getCurrentCfg()
Returns a pointer to the current configuration.
Definition cfgmgr.cc:116
isc::dhcp::HostMgr::get6Any
ConstHostPtr get6Any(const SubnetID &subnet_id, const Host::IdentifierType &identifier_type, const uint8_t *identifier_begin, const size_t identifier_len, const HostMgrOperationTarget target) const
Returns any host connected to the IPv6 subnet.
Definition host_mgr.cc:590
isc::dhcp::HostMgr::get4Any
ConstHostPtr get4Any(const SubnetID &subnet_id, const Host::IdentifierType &identifier_type, const uint8_t *identifier_begin, const size_t identifier_len, const HostMgrOperationTarget target) const
Returns any host connected to the IPv4 subnet.
Definition host_mgr.cc:401
isc::dhcp::HostMgr::instance
static HostMgr & instance()
Returns a sole instance of the HostMgr.
Definition host_mgr.cc:114
isc::dhcp::Host
Represents a device with IPv4 and/or IPv6 reservations.
Definition host.h:327
isc::hooks::CalloutHandle
Per-packet callout handle.
Definition callout_handle.h:78
isc::hooks::CalloutHandle::getParkingLotHandlePtr
ParkingLotHandlePtr getParkingLotHandlePtr() const
Returns pointer to the parking lot handle for this hook point.
Definition callout_handle.cc:75
isc::hooks::CalloutHandle::getStatus
CalloutNextStep getStatus() const
Returns the next processing step.
Definition callout_handle.h:241
isc::hooks::CalloutHandle::setStatus
void setStatus(const CalloutNextStep next)
Sets the next processing step.
Definition callout_handle.h:231
isc::hooks::CalloutHandle::getArgument
void getArgument(const std::string &name, T &value) const
Get argument.
Definition callout_handle.h:164
isc::hooks::CalloutHandle::setArgument
void setArgument(const std::string &name, T value)
Set argument.
Definition callout_handle.h:147
isc::hooks::LibraryHandle::getParameter
isc::data::ConstElementPtr getParameter(const std::string &name)
Returns configuration parameter for the library.
Definition library_handle.cc:101
isc::hooks::LibraryHandle::getParameterNames
std::vector< std::string > getParameterNames()
Returns names of configuration parameters for the library.
Definition library_handle.cc:113
isc::process::Daemon::getProcName
static std::string getProcName()
returns the process name This value is used as when forming the default PID file name
Definition daemon.cc:154
isc::radius::Attributes
Collection of attributes.
Definition client_attribute.h:819
isc::radius::Attributes::toText
std::string toText(size_t indent=0) const
Returns text representation of the collection.
Definition client_attribute.cc:802
isc::radius::Attributes::get
ConstAttributePtr get(const uint8_t type) const
Get instance of the attribute in the collection.
Definition client_attribute.cc:791
isc::radius::Attributes::fromElement
static Attributes fromElement(const data::ConstElementPtr &attr_list)
Parse collection.
Definition client_attribute.cc:826
isc::radius::InHook
InHook class (RAII style).
Definition radius.h:365
isc::radius::RadiusAccounting::runAsync
static void runAsync(RadiusAcctHandlerPtr handler)
Run asynchronously.
Definition radius_accounting.cc:754
isc::radius::RadiusConfigParser::RADIUS_KEYWORDS
static const std::set< std::string > RADIUS_KEYWORDS
Keywords (aka global configuration entry names).
Definition radius_parsers.h:32
isc::radius::RadiusImpl
Radius hooks library implementation.
Definition radius.h:142
isc::radius::RadiusImpl::reset
void reset()
Reset the state as it was just created.
Definition radius.cc:263
isc::radius::RadiusImpl::startServices
void startServices()
Start the I/O mechanisms.
Definition radius.cc:295
isc::radius::RadiusImpl::instance
static RadiusImpl & instance()
RadiusImpl is a singleton class.
Definition radius.cc:163
isc::stats::StatsMgr::instance
static StatsMgr & instance()
Statistics Manager accessor method.
Definition lib/stats/stats_mgr.cc:30
command_interpreter.h
This file contains several functions and constants that are used for handling commands and responses ...
isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition exceptions/exceptions.h:210
isc::stats::StatsMgr::addValue
void addValue(const std::string &name, const int64_t value)
Records incremental integer observation.
Definition lib/stats/stats_mgr.cc:70
host_mgr.h
io_service_mgr.h
simple_parser.h
stats_mgr.h
LOG_ERROR
#define LOG_ERROR(LOGGER, MESSAGE)
Macro to conveniently test error output and log it.
Definition macros.h:32
LOG_INFO
#define LOG_INFO(LOGGER, MESSAGE)
Macro to conveniently test info output and log it.
Definition macros.h:20
LOG_DEBUG
#define LOG_DEBUG(LOGGER, LEVEL, MESSAGE)
Macro to conveniently test debug output and log it.
Definition macros.h:14
multi_threading_mgr.h
isc::config::CONTROL_RESULT_ERROR
const int CONTROL_RESULT_ERROR
Status code indicating a general failure.
Definition command_interpreter.h:45
isc::config::CONTROL_RESULT_SUCCESS
const int CONTROL_RESULT_SUCCESS
Status code indicating a successful operation.
Definition command_interpreter.h:42
isc::data::ConstElementPtr
boost::shared_ptr< const Element > ConstElementPtr
Definition data.h:30
isc::data::ElementPtr
boost::shared_ptr< Element > ElementPtr
Definition data.h:29
isc::dhcp::ConstSubnet6Ptr
boost::shared_ptr< const Subnet6 > ConstSubnet6Ptr
A const pointer to a Subnet6 object.
Definition subnet.h:623
isc::dhcp::HostPtr
boost::shared_ptr< Host > HostPtr
Pointer to the Host object.
Definition host.h:837
isc::dhcp::ConstSubnet4Ptr
boost::shared_ptr< const Subnet4 > ConstSubnet4Ptr
A const pointer to a Subnet4 object.
Definition subnet.h:458
isc::dhcp::Pkt4Ptr
boost::shared_ptr< Pkt4 > Pkt4Ptr
A pointer to Pkt4 object.
Definition pkt4.h:556
isc::dhcp::Lease6Ptr
boost::shared_ptr< Lease6 > Lease6Ptr
Pointer to a Lease6 structure.
Definition lease.h:528
isc::dhcp::ConstHostPtr
boost::shared_ptr< const Host > ConstHostPtr
Const pointer to the Host object.
Definition host.h:840
isc::dhcp::Pkt6Ptr
boost::shared_ptr< Pkt6 > Pkt6Ptr
A pointer to Pkt6 packet.
Definition pkt6.h:31
isc::dhcp::Lease4Ptr
boost::shared_ptr< Lease4 > Lease4Ptr
Pointer to a Lease4 structure.
Definition lease.h:315
isc::gss_tsig::impl
GssTsigImplPtr impl
The GSS-TSIG hook implementation object.
Definition gss_tsig_callouts.cc:34
isc::hooks::ParkingLotHandlePtr
boost::shared_ptr< ParkingLotHandle > ParkingLotHandlePtr
Pointer to the parking lot handle.
Definition parking_lots.h:381
isc::radius::RadiusAcctHandlerPtr
boost::shared_ptr< RadiusAcctHandler > RadiusAcctHandlerPtr
Type of pointers to Radius accounting communication handler.
Definition radius_accounting.h:174
isc::radius::RadiusAuthPendingRequestPtr
boost::shared_ptr< RadiusAuthPendingRequest< PktPtrType > > RadiusAuthPendingRequestPtr
Pointer to a pending Radius access request.
Definition radius_access.h:41
isc::radius::RADIUS_ACCESS_CONFLICT
const isc::log::MessageID RADIUS_ACCESS_CONFLICT
Definition radius_messages.h:14
isc::radius::RADIUS_ACCESS_MAX_PENDING_REQUESTS
const isc::log::MessageID RADIUS_ACCESS_MAX_PENDING_REQUESTS
Definition radius_messages.h:20
isc::radius::ConstAttributePtr
boost::shared_ptr< const Attribute > ConstAttributePtr
Definition client_attribute.h:40
isc::radius::RADIUS_INIT_OK
const isc::log::MessageID RADIUS_INIT_OK
Definition radius_messages.h:66
isc::radius::RADIUS_DEINIT_OK
const isc::log::MessageID RADIUS_DEINIT_OK
Definition radius_messages.h:56
isc::radius::RADIUS_DBG_TRACE
const int RADIUS_DBG_TRACE
Radius logging levels.
Definition radius_log.h:26
isc::radius::RADIUS_ACCESS_CACHE_GET
const isc::log::MessageID RADIUS_ACCESS_CACHE_GET
Definition radius_messages.h:12
isc::radius::RadiusAuthHandlerPtr
boost::shared_ptr< RadiusAuthHandler > RadiusAuthHandlerPtr
Type of pointers to Radius access communication handler.
Definition radius_access.h:161
isc::radius::radius_logger
isc::log::Logger radius_logger("radius-hooks")
Radius Logger.
Definition radius_log.h:35
isc::radius::RADIUS_ACCESS_SUBNET_RESELECT
const isc::log::MessageID RADIUS_ACCESS_SUBNET_RESELECT
Definition radius_messages.h:24
isc::radius::RADIUS_CONFIGURATION_FAILED
const isc::log::MessageID RADIUS_CONFIGURATION_FAILED
Definition radius_messages.h:54
isc::radius::RADIUS_HOOK_FAILED
const isc::log::MessageID RADIUS_HOOK_FAILED
Definition radius_messages.h:65
isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148
radius_access.h
radius_accounting.h
subnet4_select
int subnet4_select(CalloutHandle &handle)
This callout tries to retrieve host information from cache.
Definition radius_callout.cc:473
lease4_release
int lease4_release(CalloutHandle &handle)
This callout is called at the "lease4_release" hook.
Definition radius_callout.cc:644
lease4_decline
int lease4_decline(CalloutHandle &handle)
This callout is called at the "lease4_decline" hook.
Definition radius_callout.cc:677
dhcp6_srv_configured
int dhcp6_srv_configured(CalloutHandle &)
This function is called by the DHCPv6 server when it is configured.
Definition radius_callout.cc:459
dhcp4_srv_configured
int dhcp4_srv_configured(CalloutHandle &)
This function is called by the DHCPv4 server when it is configured.
Definition radius_callout.cc:447
lease6_release
int lease6_release(CalloutHandle &handle)
This callout is called at the "lease6_release" hook.
Definition radius_callout.cc:828
command_processed
int command_processed(CalloutHandle &handle)
This callout is called at the "command_processed" hook point.
Definition radius_callout.cc:918
lease6_rebind
int lease6_rebind(CalloutHandle &handle)
This callout is called at the "lease6_rebind" hook.
Definition radius_callout.cc:799
multi_threading_compatible
int multi_threading_compatible()
This function is called to retrieve the multi-threading compatibility.
Definition radius_callout.cc:437
lease4_renew
int lease4_renew(CalloutHandle &handle)
This callout is called at the "lease4_renew" hook.
Definition radius_callout.cc:611
subnet6_select
int subnet6_select(CalloutHandle &handle)
This callout tries to retrieve host information from cache.
Definition radius_callout.cc:522
lease4_select
int lease4_select(CalloutHandle &handle)
This callout is called at the "lease4_select" hook.
Definition radius_callout.cc:570
unload
int unload()
This function is called when the library is unloaded.
Definition radius_callout.cc:427
lease6_expire
int lease6_expire(CalloutHandle &handle)
This callout is called at the "lease6_expire" hook.
Definition radius_callout.cc:886
lease4_expire
int lease4_expire(CalloutHandle &handle)
This callout is called at the "lease4_expire" hook.
Definition radius_callout.cc:707
lease6_select
int lease6_select(CalloutHandle &handle)
This callout is called at the "lease6_select" hook.
Definition radius_callout.cc:736
load
int load(LibraryHandle &handle)
This function is called when the library is loaded.
Definition radius_callout.cc:392
lease6_decline
int lease6_decline(CalloutHandle &handle)
This callout is called at the "lease6_decline" hook.
Definition radius_callout.cc:857
lease6_renew
int lease6_renew(CalloutHandle &handle)
This callout is called at the "lease6_renew" hook.
Definition radius_callout.cc:770
radius_log.h
radius_parsers.h
isc::util::MultiThreadingLock
RAII lock object to protect the code in the same scope with a mutex.
Definition multi_threading_mgr.h:349