|
Collaboration diagram for Nuauth Core:
|
|
Files | |
| file | auth_common.c |
| Core functions of NuAuth, contain search_and_fill() . | |
| file | auth_hash.c |
| Connections hash handling. | |
| file | check_acls.c |
| check packet contained in element against an external base | |
| file | client_mngr.c |
| Manage client related structure. | |
Data Structures | |
| struct | ip_sessions_t |
| struct | msg_addr_set |
| struct | username_counter |
| struct | acl_group |
| struct | iface_nfo_t |
| struct | connection_t |
| static void | update_connection_datas (connection_t *element, struct acl_group *datas) |
Defines | |
| #define | SEARCH_AND_FILL_CATCHALL(new, packet) |
| #define | IPHDR_REJECT_LENGTH 20 |
| #define | IP6HDR_REJECT_LENGTH 40 |
| #define | IPHDR_REJECT_LENGTH_BWORD 5 |
Enumerations | |
| enum | auth_state_t { AUTH_STATE_NONE = 0, AUTH_STATE_AUTHREQ = 1, AUTH_STATE_USERPCKT, AUTH_STATE_READY, AUTH_STATE_COMPLETING, AUTH_STATE_DONE, AUTH_STATE_HELLOMODE, AUTH_STATE_SPOOFING } |
| enum | acl_flags_t { ACL_FLAGS_NONE = 0, ACL_FLAGS_ASYNC_BIT = 0, ACL_FLAGS_ASYNC = (1 << ACL_FLAGS_ASYNC_BIT), ACL_FLAGS_NOLOG_BIT = 1, ACL_FLAGS_NOLOG = (1 << ACL_FLAGS_NOLOG_BIT), ACL_FLAGS_SYNC_BIT = 2, ACL_FLAGS_SYNC = (1 << ACL_FLAGS_SYNC_BIT), ACL_FLAGS_STRICT_BIT = 3, ACL_FLAGS_STRICT = (1 << ACL_FLAGS_STRICT_BIT) } |
| enum | auth_quality_t { AUTHQ_BYIP, AUTHQ_SASL, AUTHQ_SSL } |
Functions | |
| char * | get_rid_of_domain (const char *user_domain) |
| char * | get_rid_of_prefix_domain (const char *user_domain) |
| void | free_buffer_read (struct tls_buffer_read *datas) |
| nu_error_t | check_protocol_version (enum proto_type_t type, int version) |
| char * | int_to_str (int value) |
| void | thread_pool_push (GThreadPool *pool, gpointer data, GError **error) |
| int | nuauth_bind (char **errmsg, const char *addr, const char *port, char *context) |
| int | parse_addr_port (const char *text, const char *default_port, char **addr, char **port) |
| void | search_and_fill_catchall (connection_t *new, connection_t *packet) |
| guint32 | hash_connection (gconstpointer data) |
| gboolean | tracking_equal (const tracking_t *trck1, const tracking_t *trck2) |
| void | search_and_push (connection_t *new) |
| void | search_and_fill_complete_of_authreq (connection_t *new, connection_t *packet) |
| void | search_and_fill_complete_of_userpckt (connection_t *new, connection_t *packet) |
| void | search_and_fill_done (connection_t *new, connection_t *packet) |
| void | search_and_fill_completing (connection_t *new, connection_t *packet) |
| void | search_and_fill_ready (connection_t *new, connection_t *packet) |
| void | search_and_fill_update (connection_t *new, connection_t *packet) |
| void * | search_and_fill (GMutex *mutex) |
| void | acl_check_and_decide (gpointer userdata, gpointer data) |
| static uint32_t | hash_ipv6 (struct in6_addr *addr) |
| void | clean_session (user_session_t *c_session) |
| static void | hash_clean_session (user_session_t *c_session) |
| void | init_client_struct () |
| void | add_client (int socket, gpointer datas) |
| static ip_sessions_t * | delete_session_from_hash (ip_sessions_t *ipsessions, user_session_t *session, int destroy) |
| nu_error_t | delete_client_by_socket_ext (int socket, int use_lock) |
| nu_error_t | delete_client_by_socket (int socket) |
| user_session_t * | get_client_datas_by_socket (int socket) |
| GSList * | get_client_sockets_by_ip (struct in6_addr *ip) |
| guint | get_number_of_clients () |
| static gboolean | look_for_username_callback (gpointer key, gpointer value, gpointer user_data) |
| user_session_t * | look_for_username (const gchar *username) |
| static gboolean | count_username_callback (gpointer key, user_session_t *value, struct username_counter *count_user) |
| gboolean | test_username_count_vs_max (const gchar *username, int maxcount) |
| char | warn_clients (struct msg_addr_set *global_msg) |
| gboolean | hash_delete_client (gpointer key, gpointer value, gpointer userdata) |
| void | close_clients (int signal) |
| gboolean | is_expired_client (gpointer key, gpointer value, gpointer user_data) |
| void | kill_expired_clients_session () |
| void | foreach_session (GHFunc callback, void *data) |
| gboolean | kill_all_clients_cb (gpointer sock, user_session_t *session, gpointer data) |
| nu_error_t | kill_all_clients () |
| nu_error_t | activate_client_by_socket (int socket) |
| void | close_clients () |
| void | free_connection_callback (gpointer conn, gpointer unused) |
| void | free_connection_list (GSList *list) |
| nu_error_t | compare_iface_nfo_t (iface_nfo_t *a, iface_nfo_t *b) |
| void | free_connection (connection_t *conn) |
| void | duplicate_iface_nfo (iface_nfo_t *copy, iface_nfo_t *orig) |
| connection_t * | duplicate_connection (connection_t *element) |
| int | conn_cl_remove (gconstpointer conn) |
| int | conn_cl_delete (gconstpointer conn) |
| gboolean | get_old_conn (gpointer key, gpointer value, gpointer user_data) |
| This function is used by clean_connections_list() to check if a connection is 'old' (outdated) or not. | |
| static void | clean_connection_list_callback (gpointer key, gpointer value, gpointer data) |
| void | clean_connections_list () |
| Find old connection and delete them. | |
| static char * | decision_to_str (decision_t decision) |
| static char * | str_print_tracking_t (tracking_t *tracking) |
| nu_error_t | print_tracking_t (tracking_t *tracking) |
| gint | print_connection (gpointer data, gpointer userdata) |
| int | lock_and_free_connection (connection_t *conn) |
| in6_addr * | generate_inaddr_list (gchar *gwsrv_addr) |
| gboolean | check_inaddr_in_array (struct in6_addr *check_ip, struct in6_addr *iparray) |
| gboolean | check_string_in_array (gchar *checkstring, gchar **stringarray) |
| gchar * | string_escape (const gchar *orig) |
Variables | |
| GMutex * | client_mutex |
| GHashTable * | client_conn_hash = NULL |
| GHashTable * | client_ip_hash = NULL |
| GHashTable * | conn_list |
| GStaticMutex | insert_mutex |
| #define IP6HDR_REJECT_LENGTH 40 |
| #define IPHDR_REJECT_LENGTH 20 |
| #define IPHDR_REJECT_LENGTH_BWORD 5 |
this is IPHDR_REJECT_LENGTH / 4
Definition at line 73 of file connections.h.
Referenced by send_auth_response().
| #define SEARCH_AND_FILL_CATCHALL | ( | new, | |||
| packet | ) |
Value:
g_warning \
("%s:%d Should not have this. Please email Nufw developpers!", \
__FILE__, __LINE__); \
search_and_fill_catchall(new, packet);
Definition at line 47 of file auth_hash.c.
Referenced by search_and_fill_complete_of_authreq(), search_and_fill_complete_of_userpckt(), search_and_fill_completing(), search_and_fill_done(), search_and_fill_ready(), and search_and_fill_update().
| enum acl_flags_t |
| ACL_FLAGS_NONE | |
| ACL_FLAGS_ASYNC_BIT | |
| ACL_FLAGS_ASYNC | |
| ACL_FLAGS_NOLOG_BIT | |
| ACL_FLAGS_NOLOG | |
| ACL_FLAGS_SYNC_BIT | |
| ACL_FLAGS_SYNC | |
| ACL_FLAGS_STRICT_BIT | |
| ACL_FLAGS_STRICT |
Definition at line 51 of file connections.h.
| enum auth_quality_t |
| enum auth_state_t |
State of a connection (type connection_t) in the authentication server. See field state of a structure connection_t and function change_state().
| AUTH_STATE_NONE | Unknow state (when a connection is created) |
| AUTH_STATE_AUTHREQ | Waiting for authentication |
| AUTH_STATE_USERPCKT | Connection received from an user: see user_request() |
| AUTH_STATE_READY | (see search_and_fill_completing()) |
| AUTH_STATE_COMPLETING | State used when a connection is send to acl_checkers queue: read ACLs from cache or external source. See acl_check_and_decide(). |
| AUTH_STATE_DONE | This state is set when the connection will be only used for logging purpose |
| AUTH_STATE_HELLOMODE | This connection is treated by the HELLO authentication mode |
| AUTH_STATE_SPOOFING | This connection is a spoofed one |
Definition at line 35 of file connections.h.
| void acl_check_and_decide | ( | gpointer | userdata, | |
| gpointer | data | |||
| ) |
(acl_ckeckers function). Treat a connection from insertion to decision
We use this function when decision is ready to be taken for the connection
| userdata | a connection | |
| data | unused |
Definition at line 45 of file check_acls.c.
References nuauth_params::acl_cache, connection_t::acl_groups, AUTH_STATE_COMPLETING, AUTH_STATE_HELLOMODE, internal_message::datas, DEBUG_AREA_MAIN, DEBUG_AREA_PACKET, debug_log_message, get_acls_from_cache(), nuauth_params::hello_authentication, INSERT_MESSAGE, log_message, modules_acl_check(), nuauthconf, nuauthdatas, connection_t::state, and internal_message::type.
Referenced by start_all_thread_pools().
Here is the call graph for this function:
| nu_error_t activate_client_by_socket | ( | int | socket | ) |
Definition at line 461 of file client_mngr.c.
References client_conn_hash, client_mutex, NU_EXIT_ERROR, NU_EXIT_OK, session, and TRUE.
Referenced by tls_user_main_loop().
| void add_client | ( | int | socket, | |
| gpointer | datas | |||
| ) |
Definition at line 104 of file client_mngr.c.
References user_session_t::addr, client_conn_hash, client_ip_hash, client_mutex, user_session_t::client_version, ip_sessions_t::client_version, DEBUG_AREA_USER, format_ipv6(), log_message, ip_sessions_t::sessions, and user_session_t::user_name.
Referenced by push_worker(), and tls_sasl_connect_ok().
Here is the call graph for this function:
| gboolean check_inaddr_in_array | ( | struct in6_addr * | check_ip, | |
| struct in6_addr * | iparray | |||
| ) |
Definition at line 82 of file parsing.c.
References FALSE, ipv6_equal(), and TRUE.
Here is the call graph for this function:
| nu_error_t check_protocol_version | ( | enum proto_type_t | type, | |
| int | version | |||
| ) |
Check Protocol version agains supported one
| type | An proto_type_t used to select if we need to check against nufw or client supported protocols | |
| version | A integer coding protocol version to test |
Definition at line 140 of file auth_common.c.
References CLIENT_PROTO, DEBUG_AREA_GW, DEBUG_AREA_PACKET, log_message, NU_EXIT_ERROR, NU_EXIT_OK, NUFW_PROTO, PROTO_VERSION_NUFW_V20, PROTO_VERSION_NUFW_V22, PROTO_VERSION_NUFW_V22_2, PROTO_VERSION_V20, and PROTO_VERSION_V22.
Referenced by get_proto_version_from_packet(), and userpckt_decode().
| gboolean check_string_in_array | ( | gchar * | checkstring, | |
| gchar ** | stringarray | |||
| ) |
| static void clean_connection_list_callback | ( | gpointer | key, | |
| gpointer | value, | |||
| gpointer | data | |||
| ) | [static] |
Definition at line 286 of file connections.c.
References get_old_conn().
Referenced by clean_connections_list().
Here is the call graph for this function:
| void clean_connections_list | ( | ) |
Find old connection and delete them.
This function is called periodically by main thread to clean the connection table conn_list.
It uses get_old_conn() to check if a connection is 'old' or not.
Definition at line 304 of file connections.c.
References apply_decision(), AUTH_STATE_AUTHREQ, clean_connection_list_callback(), conn_list, DEBUG_AREA_MAIN, DECISION_DROP, DECISION_REJECT, free_connection(), insert_mutex, cache_message::key, log_message, nuauthconf, and nuauth_params::reject_after_timeout.
Referenced by main_cleanup().
Here is the call graph for this function:
| void clean_session | ( | user_session_t * | c_session | ) |
Definition at line 55 of file client_mngr.c.
References user_session_t::groups, log_user_session(), user_session_t::nussl, nussl_session_destroy(), user_session_t::release, SESSION_CLOSE, user_session_t::sysname, user_session_t::tls_lock, user_session_t::user_name, and user_session_t::version.
Referenced by delete_session_from_hash(), hash_clean_session(), policy_refuse_user(), tls_sasl_connect(), and tls_sasl_connect_ok().
Here is the call graph for this function:
| void close_clients | ( | ) |
| void close_clients | ( | int | signal | ) |
Definition at line 393 of file client_mngr.c.
References client_conn_hash, client_ip_hash, and hash_delete_client().
Referenced by stop_threads().
Here is the call graph for this function:
| nu_error_t compare_iface_nfo_t | ( | iface_nfo_t * | a, | |
| iface_nfo_t * | b | |||
| ) |
Compare non null iface value of a to value in b
Definition at line 49 of file connections.c.
References compare_iface, and NU_EXIT_OK.
Referenced by acl_check(), and compare_acls().
| int conn_cl_delete | ( | gconstpointer | conn | ) |
Remove a connection from the connection hash table (conn_list) and free its memory using free_connection().
| conn | A connection_t |
Definition at line 240 of file connections.c.
References conn_cl_remove(), and free_connection().
Referenced by take_decision().
Here is the call graph for this function:
| int conn_cl_remove | ( | gconstpointer | conn | ) |
Remove element from hash table
It only steal the connection_t from the connection hash conn_list
| conn | a pointer to a connection_t |
Definition at line 221 of file connections.c.
References conn_list, DEBUG_AREA_MAIN, and log_message.
Referenced by conn_cl_delete(), and take_decision().
| static gboolean count_username_callback | ( | gpointer | key, | |
| user_session_t * | value, | |||
| struct username_counter * | count_user | |||
| ) | [static] |
Definition at line 275 of file client_mngr.c.
References username_counter::counter, FALSE, username_counter::max, username_counter::name, TRUE, and user_session_t::user_name.
Referenced by test_username_count_vs_max().
| static char* decision_to_str | ( | decision_t | decision | ) | [static] |
Definition at line 359 of file connections.c.
References DECISION_ACCEPT, DECISION_DROP, DECISION_NODECIDE, and DECISION_REJECT.
Referenced by print_connection().
| nu_error_t delete_client_by_socket | ( | int | socket | ) |
Definition at line 219 of file client_mngr.c.
References delete_client_by_socket_ext().
Referenced by tls_user_check_activity(), tls_user_main_loop(), and user_check_and_decide().
Here is the call graph for this function:
| nu_error_t delete_client_by_socket_ext | ( | int | socket, | |
| int | use_lock | |||
| ) |
Definition at line 170 of file client_mngr.c.
References client_conn_hash, client_ip_hash, client_mutex, DEBUG_AREA_USER, delete_session_from_hash(), log_message, NU_EXIT_ERROR, NU_EXIT_OK, session, and tls_user_remove_client().
Referenced by delete_client_by_socket(), kill_all_clients_cb(), and warn_clients().
Here is the call graph for this function:
| static ip_sessions_t* delete_session_from_hash | ( | ip_sessions_t * | ipsessions, | |
| user_session_t * | session, | |||
| int | destroy | |||
| ) | [static] |
Definition at line 149 of file client_mngr.c.
References clean_session(), client_conn_hash, client_ip_hash, session, and ip_sessions_t::sessions.
Referenced by delete_client_by_socket_ext().
Here is the call graph for this function:
| connection_t * duplicate_connection | ( | connection_t * | element | ) |
Used for logging purpose only.
It does not duplicate internal data. This includes all cache datas used to take the decision
connection_t::state is switched to AUTH_STATE_DONE as the connection will be used for logging only.
| element | a pointer to a connection_t |
Definition at line 183 of file connections.c.
References connection_t::acl_groups, connection_t::app_name, AUTH_STATE_DONE, connection_t::cacheduserdatas, DEBUG_AREA_MAIN, connection_t::flags, log_message, connection_t::log_prefix, connection_t::os_release, connection_t::os_sysname, connection_t::os_version, connection_t::packet_id, connection_t::state, connection_t::user_groups, and connection_t::username.
Referenced by log_user_packet().
| void duplicate_iface_nfo | ( | iface_nfo_t * | copy, | |
| iface_nfo_t * | orig | |||
| ) |
Duplicate an iface_nfo
Do a copy of field only if it is not NULL
| copy | pointer to the target iface_nfo_t (MUST be allocated before) | |
| orig | pointer to the iface_nfo_t to copy |
Definition at line 161 of file connections.c.
References orig.
Referenced by acl_create_and_alloc_key(), acl_duplicate_key(), search_and_fill_complete_of_authreq(), and search_and_fill_complete_of_userpckt().
| void foreach_session | ( | GHFunc | callback, | |
| void * | data | |||
| ) |
Iterate on each client session using callback.
Definition at line 426 of file client_mngr.c.
References client_conn_hash, and client_mutex.
| void free_buffer_read | ( | struct tls_buffer_read * | datas | ) |
Free a tls_buffer_read buffer and all of its memory.
Definition at line 119 of file auth_common.c.
References tls_buffer_read::buffer, tls_buffer_read::groups, tls_buffer_read::os_release, tls_buffer_read::os_sysname, tls_buffer_read::os_version, and tls_buffer_read::user_name.
Referenced by treat_user_request(), and user_check_and_decide().
| void free_connection | ( | connection_t * | conn | ) |
Delete a connection and free all the memory used.
This is the output function for every connection_t::. It must be called to destroy every connection.
This includes:
May call log_user_packet() with TCP_STATE_DROP state if connection was waiting for its authentication.
| conn | Pointer to a connection |
Definition at line 84 of file connections.c.
References nuauth_datas::acl_cache, nuauth_params::acl_cache, acl_create_and_alloc_key(), connection_t::acl_groups, connection_t::app_name, AUTH_STATE_AUTHREQ, AUTH_STATE_SPOOFING, connection_t::cacheduserdatas, cache_message::datas, DEBUG_AREA_MAIN, debug_log_message, free_acl_groups(), FREE_MESSAGE, cache_message::key, log_message, connection_t::log_prefix, log_user_packet(), nuauthconf, nuauthdatas, connection_t::os_release, connection_t::os_sysname, connection_t::os_version, connection_t::packet_id, cache_class_t::queue, connection_t::state, TCP_STATE_DROP, cache_message::type, connection_t::user_groups, and connection_t::username.
Referenced by clean_connections_list(), conn_cl_delete(), decisions_queue_work(), free_connection_callback(), init_nuauthdata(), localid_insert_message(), parse_dgram(), real_log_user_packet(), search_and_fill_complete_of_authreq(), search_and_fill_complete_of_userpckt(), search_and_fill_completing(), search_and_fill_done(), search_and_fill_ready(), search_and_fill_update(), take_decision(), treat_nufw_request(), user_check_and_decide(), and user_request().
Here is the call graph for this function:
| void free_connection_callback | ( | gpointer | conn, | |
| gpointer | unused | |||
| ) |
Definition at line 31 of file connections.c.
References free_connection().
Referenced by free_connection_list().
Here is the call graph for this function:
| void free_connection_list | ( | GSList * | list | ) |
Definition at line 36 of file connections.c.
References free_connection_callback().
Referenced by user_request().
Here is the call graph for this function:
| struct in6_addr* generate_inaddr_list | ( | gchar * | gwsrv_addr | ) |
Definition at line 37 of file parsing.c.
References ipv4_to_ipv6().
Referenced by build_prenuauthconf().
Here is the call graph for this function:
| user_session_t * get_client_datas_by_socket | ( | int | socket | ) |
Definition at line 224 of file client_mngr.c.
References client_conn_hash, and client_mutex.
Referenced by tls_user_check_activity().
| GSList * get_client_sockets_by_ip | ( | struct in6_addr * | ip | ) |
Definition at line 235 of file client_mngr.c.
References client_ip_hash, client_mutex, and session.
Referenced by tls_sasl_connect().
| guint get_number_of_clients | ( | ) |
Definition at line 248 of file client_mngr.c.
References client_conn_hash.
Referenced by tls_user_accept().
| gboolean get_old_conn | ( | gpointer | key, | |
| gpointer | value, | |||
| gpointer | user_data | |||
| ) |
This function is used by clean_connections_list() to check if a connection is 'old' (outdated) or not.
It checks timeout with current timestamp (see member packet_timeout of nuauthconf) and skip connection in state AUTH_STATE_COMPLETING (because of an evil hack in search_and_fill_complete_of_userpckt() :-)). It is needed as we can't suppress an entry which is not currently proceeded by the search_and_fill() thread and its associates.
| key | Key in hash of the connection (not used in the function) | |
| value | Pointer to a connection_t | |
| user_data | Current timestamp (get by time(NULL)) |
Definition at line 269 of file connections.c.
References AUTH_STATE_COMPLETING, AUTH_STATE_READY, FALSE, nuauthconf, nuauth_params::packet_timeout, and TRUE.
Referenced by clean_connection_list_callback(), and localid_auth().
| char* get_rid_of_domain | ( | const char * | user_domain | ) |
Suppress domain from "user\@domain" string (returns "user").
Definition at line 83 of file auth_common.c.
Referenced by fill_user_by_username(), normalize_username(), and tls_sasl_connect_ok().
| char* get_rid_of_prefix_domain | ( | const char * | user_domain | ) |
Suppress domain from "DOMAIN\user" string (returns "user").
Definition at line 102 of file auth_common.c.
Referenced by user_check().
| static void hash_clean_session | ( | user_session_t * | c_session | ) | [static] |
Destroy function for client_conn_hash
Definition at line 82 of file client_mngr.c.
References clean_session(), log_user_session(), and SESSION_CLOSE.
Referenced by init_client_struct().
Here is the call graph for this function:
| guint hash_connection | ( | gconstpointer | data | ) |
Compute the key (hash) of a connection tracking.
| data | IPv4 tracking headers (of type tracking_t) of a connection |
Definition at line 58 of file auth_hash.c.
References tracking_t::saddr, and tracking_t::source.
Referenced by init_nuauthdata(), and limited_connection_handler().
| gboolean hash_delete_client | ( | gpointer | key, | |
| gpointer | value, | |||
| gpointer | userdata | |||
| ) |
Definition at line 383 of file client_mngr.c.
References ip_sessions_t::sessions, and TRUE.
Referenced by close_clients().
| static uint32_t hash_ipv6 | ( | struct in6_addr * | addr | ) | [static] |
| void init_client_struct | ( | ) |
Definition at line 89 of file client_mngr.c.
References client_conn_hash, client_ip_hash, client_mutex, hash_clean_session(), hash_ipv6(), and ipv6_equal().
Referenced by tls_user_servers_init().
Here is the call graph for this function:
| char* int_to_str | ( | int | value | ) |
Convert an integer to a string. Return NULL on error, new allocated string otherwise.
Definition at line 183 of file auth_common.c.
| gboolean is_expired_client | ( | gpointer | key, | |
| gpointer | value, | |||
| gpointer | user_data | |||
| ) |