pana_paa.cxx

Diameter协议栈

        ! SecurityAssociation().PacNonce().IsSet()) {
        SecurityAssociation().PacNonce().Set(*nonce);
    }
    
    // process notification
    ProcessNotification(msg);

    m_Timer.CancelTxRetry();

    // update ISP info
    AAA_GroupedAvpContainerWidget ispAvp(msg.avpList());
    diameter_grouped_t *isp = ispAvp.GetAvp(PANA_AVPNAME_ISPINFO);
    if (isp) {
        PANA_ProviderInfoTool infoTool;
        infoTool.Extract(*isp, PreferedISP());
        ACE_DEBUG((LM_INFO, "(%P|%t) ISP INFO: id=%d, name=%s\n",
                   PreferedISP().m_Id, PreferedISP().m_Name.data()));
    }

    AAA_Utf8AvpContainerWidget sidAvp(msg.avpList());
    diameter_utf8string_t *sid = sidAvp.GetAvp(PANA_AVPNAME_SESSIONID);
    if (sid && PANA_CFG_GENERAL().m_MobilityEnabled) {
        // mobility support
        AuxVariables().SecAssociationResumed() = true;
        TxPBR(PANA_SUCCESS, EAP_SUCCESS);
    }
    else {
        if (AuxVariables().SeparateAuthentication() &&
            (msg.flags().separate == false)) {
             AuxVariables().SeparateAuthentication() = false;
        }
        if (AuxVariables().SeparateAuthentication()) {
           SecurityAssociation().Type() = PANA_SecurityAssociation::DOUBLE;
        }

        AAA_StringAvpContainerWidget eapAvp(msg.avpList());
        diameter_octetstring_t *payload = eapAvp.GetAvp(PANA_AVPNAME_EAP);
        if (payload) {
            NotifyEapResponse(*payload);
        }
        else {
            bool napAuth = false;
            m_Event.EapStart(napAuth);
            if (AuxVariables().SeparateAuthentication()) {
                AuxVariables().NapAuthentication() = napAuth;
            }
        }
    }
}

void PANA_Paa::TxPAR()
{
    /*
     7.4  PANA-Auth-Request (PAR)

      The PANA-Auth-Request (PAR) message is either sent by the PAA or the
      PaC.  Its main task is to carry an EAP-Payload AVP.

       PANA-Auth-Request ::= < PANA-Header: 3, REQ [,SEP] [,NAP] >
                             < Session-Id >
                             < EAP-Payload >
                             [ Nonce ]
                             [ Notification ]
                          *  [ AVP ]
                          0*1 < AUTH >
     */

    boost::shared_ptr<PANA_Message> msg(new PANA_Message);

    // Populate header
    msg->type() = PANA_MTYPE_PAR;
    msg->flags().request = true;

    // adjust serial num
    ++ LastTxSeqNum();
    msg->seq() = LastTxSeqNum().Value();

    // resolve flags
    if (AuxVariables().SeparateAuthentication()) {
        msg->flags().separate = true;
        msg->flags().nap = AuxVariables().NapAuthentication();
    }

    // add session id
    AAA_Utf8AvpWidget sessionIdAvp(PANA_AVPNAME_SESSIONID);
    sessionIdAvp.Get() = SessionId();
    msg->avpList().add(sessionIdAvp());

    // add eap payload
    if (AuxVariables().TxEapMessageQueue().Empty()) {
        throw (PANA_Exception(PANA_Exception::MISSING_EAP_PAYLOAD, 
               "No EAP payload on TxPAR"));
    }

    PANA_MsgBlockGuard eapPkt(AuxVariables().TxEapMessageQueue().Dequeue());
    AAA_StringAvpWidget eapAvp(PANA_AVPNAME_EAP);
    eapAvp.Get().assign(eapPkt()->base(), eapPkt()->size());
    msg->avpList().add(eapAvp());

    // add paa nonce
    if (! SecurityAssociation().PaaNonce().IsSet()) {
        // generate nouce
        SecurityAssociation().PaaNonce().Generate();
        
        diameter_octetstring_t &nonce = SecurityAssociation().PaaNonce().Get();
        AAA_StringAvpWidget nonceAvp(PANA_AVPNAME_NONCE);
        nonceAvp.Get().assign(nonce.data(), nonce.size());
        msg->avpList().add(nonceAvp());
    }

    // add notification if any       
    AddNotification(*msg);

    // auth avp if any
    if (SecurityAssociation().IsSet()) {
        SecurityAssociation().AddAuthAvp(*msg);
    }

    ACE_DEBUG((LM_INFO, "(%P|%t) TxPAR: S-flag %d, N-flag=%d, seq=%d\n",
               msg->flags().separate, msg->flags().nap, msg->seq()));

    SendReqMsg(msg);
}

void PANA_Paa::TxPBR(diameter_unsigned32_t rcode,
                     EAP_EVENT ev)
{
    /*
     7.8  PANA-Bind-Request (PBR)

       The PANA-Bind-Request (PBR) message is sent by the PAA to the PaC to
       deliver the result of PANA authentication.

       PANA-Bind-Request ::= < PANA-Header: 5, REQ [,SEP] [,NAP] >
                             < Session-Id >
                             { Result-Code }
                             [ PPAC ]
                             [ EAP-Payload ]
                             [ Session-Lifetime ]
                             [ Protection-Capability ]
                             [ Algorith ]
                             [ Key-Id ]
                          *  [ Device-Id ]
                             [ Notification ]
                          *  [ AVP ]
                         0*1 < AUTH >
     */

    boost::shared_ptr<PANA_Message> msg(new PANA_Message);

    // Populate header
    msg->type() = PANA_MTYPE_PBR;
    msg->flags().request = true;
    msg->flags().nap = AuxVariables().NapAuthentication();

    // adjust serial num
    ++ LastTxSeqNum();
    msg->seq() = LastTxSeqNum().Value();

    // add session id
    AAA_Utf8AvpWidget sessionIdAvp(PANA_AVPNAME_SESSIONID);
    sessionIdAvp.Get() = SessionId();
    msg->avpList().add(sessionIdAvp());

    // add result-code
    AAA_UInt32AvpWidget rcodeAvp(PANA_AVPNAME_RESULTCODE);
    rcodeAvp.Get() = ACE_HTONL(rcode);
    msg->avpList().add(rcodeAvp());

    // add ppac
    if (PANA_CFG_GENERAL().m_PPAC() > 0) {
        AAA_UInt32AvpWidget ppacAvp(PANA_AVPNAME_PPAC);
        ppacAvp.Get() = ACE_HTONL(PANA_CFG_GENERAL().m_PPAC());
        msg->avpList().add(ppacAvp());
    }

    bool AddBindingAvp = false;

    if (AuxVariables().SecAssociationResumed()) {
        AddBindingAvp = true;
    }
    else {
        PANA_MsgBlockGuard eapPkt(AuxVariables().TxEapMessageQueue().Dequeue());
        if (eapPkt() && (ev != EAP_TIMEOUT)) {
            // add eap payload
            AAA_StringAvpWidget eapAvp(PANA_AVPNAME_EAP);
            eapAvp.Get().assign(eapPkt()->base(), eapPkt()->size());
            msg->avpList().add(eapAvp());
        }

        if (AuxVariables().SeparateAuthentication()) {
            // setup flags
            msg->flags().separate = AuxVariables().SeparateAuthentication();
            msg->flags().nap = AuxVariables().NapAuthentication();

            // validation
            if (AuxVariables().FirstEapResult() == 0) {
                throw (PANA_Exception(PANA_Exception::FAILED, 
                  "Sending PBR during separate auth with 1st EAP unset"));
            }
            if ((ev == EAP_FAILURE) || (ev == EAP_TIMEOUT)) {
                if (PANA_RCODE_SUCCESS(AuxVariables().FirstEapResult())) {
                    AddBindingAvp = AuxVariables().Authorized() ? true : false;
		}
	    }
            else if (ev == EAP_SUCCESS) {
                AddBindingAvp = AuxVariables().Authorized() ? true : false;
	    }
        }
        else if (ev == EAP_SUCCESS) {
	    AddBindingAvp = AuxVariables().Authorized() ? true : false;
        }
    }

    if (AddBindingAvp) {
        if (SessionLifetime() > 0) {
            // add session lifetime
            AAA_UInt32AvpWidget lifetimeAvp(PANA_AVPNAME_SESSIONLIFETIME);
            lifetimeAvp.Get() = ACE_HTONL(SessionLifetime());
            msg->avpList().add(lifetimeAvp());
        }

        // add protection capability
        if (SupportFlags().i.CarryPcapInPBR) {
            AAA_UInt32AvpWidget pcapAvp(PANA_AVPNAME_PROTECTIONCAP);
            pcapAvp.Get() = ACE_HTONL(PANA_CFG_GENERAL().m_ProtectionCap);
            msg->avpList().add(pcapAvp());
        }

        // add EP device id
        if (AuxVariables().CarryDeviceId()) {
            PANA_DeviceIdIterator i = PANA_CFG_PAA().m_EpIdList.begin();
            AAA_AddressAvpWidget deviceAvp(PANA_AVPNAME_DEVICEID);
            for (; i != PANA_CFG_PAA().m_EpIdList.end(); i++) {
                deviceAvp.Get() = **i;
            }
            msg->avpList().add(deviceAvp());
        }

        // add Dhcp-AVP
        if (PPAC().DhcpV6() && SecurityAssociation().IsSet() &&
            DhcpBootstrap().Enable()) {
            DhcpBootstrap().AffixToPBR(*msg);
        }
    }

    // update the aaa key's
    if ((ev == EAP_SUCCESS) && (! AuxVariables().SecAssociationResumed())) {
        diameter_octetstring_t newKey;
        if (m_Event.IsKeyAvailable(newKey)) {
            if (AuxVariables().SeparateAuthentication() == false) {
                SecurityAssociation().UpdateAAAKey(newKey);
            }
            else {
                SecurityAssociation().UpdateAAAKey2(newKey);
            }

            if (! AuxVariables().AlgorithmIsSet()) {
                // add algorithm
                // TBD: need to make sure algo value is ok
                AAA_UInt32AvpWidget algoAvp(PANA_AVPNAME_ALGORITHM);
                algoAvp.Get() = ACE_HTONL(PANA_AUTH_ALGORITHM());
                msg->avpList().add(algoAvp());   
                AuxVariables().AlgorithmIsSet() = true;
            }
            SecurityAssociation().AddKeyIdAvp(*msg);
            SecurityAssociation().GenerateAuthKey(SessionId());
        }
    }

    // add notification if any       
    AddNotification(*msg);

    // add key from existing SA
    if (SecurityAssociation().IsSet()) {
        // key id avp if any
        if (AuxVariables().SecAssociationResumed()) {
            SecurityAssociation().AddKeyIdAvp(*msg);
        }

        // add existing auth first before generating a new one
        SecurityAssociation().AddAuthAvp(*msg);
    }

    ACE_DEBUG((LM_INFO, "(%P|%t) TxPBR: S-flag %d, N-flag=%d, seq=%d\n",
               msg->flags().separate, msg->flags().nap, msg->seq()));

    SendReqMsg(msg);
}

void PANA_Paa::TxPFER(diameter_unsigned32_t rcode,
                      EAP_EVENT ev)
{
    /*
     7.16  PANA-FirstAuth-End-Request (PFER)

      The PANA-FirstAuth-End-Request (PFER) message is sent by the PAA to
      the PaC to signal the result of the first EAP authentication method
      when separate NAP and ISP authentication is performed.

       PANA-FirstAuth-End-Request ::= < PANA-Header: 9, REQ [,SEP] [,NAP] >
                                      < Session-Id >
                                      { Result-Code }
                                      [ EAP-Payload ]
                                      [ Algorithm ]
                                      [ Key-Id ]
                                      [ Notification ]
                                   *  [ AVP ]
                                  0*1 < AUTH >
     */

    boost::shared_ptr<PANA_Message> msg(new PANA_Message);

    // Populate header
    msg->type() = PANA_MTYPE_PFER;
    msg->flags().request = true;

    // adjust serial num
    ++ LastTxSeqNum();
    msg->seq() = LastTxSeqNum().Value();

    // add session id
    AAA_Utf8AvpWidget sessionIdAvp(PANA_AVPNAME_SESSIONID);
    sessionIdAvp.Get() = SessionId();
    msg->avpList().add(sessionIdAvp());

    // add result-code
    AAA_UInt32AvpWidget rcodeAvp(PANA_AVPNAME_RESULTCODE);
    rcodeAvp.Get() = ACE_HTONL(rcode);
    msg->avpList().add(rcodeAvp());

    if (AuxVariables().SeparateAuthentication()) {
        if (AuxVariables().FirstEapResult() == 0) {

            AuxVariables().FirstEapResult() = rcode;
            msg->flags().nap = AuxVariables().NapAuthentication();

            if (ev != EAP_TIMEOUT) {
                // add eap payload
                PANA_MsgBlockGuard eapPkt(AuxVariables().
                               TxEapMessageQueue().Dequeue());
                AAA_StringAvpWidget eapAvp(PANA_AVPNAME_EAP);
                eapAvp.Get().assign(eapPkt()->base(), eapPkt()->size());
                msg->avpList().add(eapAvp());
            }

            if (ev == EAP_SUCCESS) {
                // update aaa key if any make sure
                // key id is added for new keys