📄 pana_client.cxx
字号:
/* BEGIN_COPYRIGHT *//* *//* Open Diameter: Open-source software for the Diameter and *//* Diameter related protocols *//* *//* Copyright (C) 2002-2004 Open Diameter Project *//* *//* This library is free software; you can redistribute it and/or modify *//* it under the terms of the GNU Lesser General Public License as *//* published by the Free Software Foundation; either version 2.1 of the *//* License, or (at your option) any later version. *//* *//* This library is distributed in the hope that it will be useful, *//* but WITHOUT ANY WARRANTY; without even the implied warranty of *//* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *//* Lesser General Public License for more details. *//* *//* You should have received a copy of the GNU Lesser General Public *//* License along with this library; if not, write to the Free Software *//* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 *//* USA. *//* *//* In addition, when you copy and redistribute some or the entire part of *//* the source code of this software with or without modification, you *//* MUST include this copyright notice in each copy. *//* *//* If you make any changes that are appeared to be useful, please send *//* sources that include the changed part to *//* diameter-developers@lists.sourceforge.net so that we can reflect your *//* changes to one unified version of this software. *//* *//* END_COPYRIGHT */#include "pana_client.h"#include "pana_device_id.h"#include "pana_config_manager.h"#include "pana_pmk_bootstrap.h"PANA_Client::PANA_Client(PANA_SessionTxInterface &tp, PANA_SessionTimerInterface &tm, PANA_ClientEventInterface &ev) : PANA_Session(tp, tm, ev){ // // ------------------------------ // State: OFFLINE (Initial State) // ------------------------------ // // Initialization Action: // // SEPARATE=Set|Unset; // CARRY_DEVICE_ID=Unset; // 1ST_EAP=Unset; // RtxTimerStop(); // // Mobility Initialization Action: // // MOBILITY=Set|Unset // PANA_SA_RESUMED=Unset; // Reset(); // Local reset AuxVariables().CarryDeviceId() = false; m_Flags.p = 0;}void PANA_Client::LoadLocalAddress(){ // resolve Pac device id PANA_DeviceIdContainer &localAddrs = m_TxChannel.GetLocalAddress(); PANA_DeviceId *id = localAddrs.search(AAA_ADDR_FAMILY_802); if (id == NULL) { id = PANA_DeviceIdConverter::GetIpOnlyAddress(localAddrs, (bool)PANA_CFG_GENERAL().m_IPv6Enabled); if (id) { PANA_AddrConverter::ToAce(*id, PacIpAddress()); } } if (id) { PacDeviceId() = *id; } else { throw (PANA_Exception(PANA_Exception::FAILED, "No device ID available")); }}void PANA_Client::NotifyEapRestart(){ bool napAuth = AuxVariables().NapAuthentication(); m_Event.EapStart(napAuth);}void PANA_Client::NotifyAuthorization(){ PANA_SessionEventInterface::PANA_AuthorizationArgs args; args.m_Pac.Set(PacDeviceId()); args.m_Paa.Set(PaaDeviceId()); if (SecurityAssociation().IsSet()) { args.m_Key.Set(SecurityAssociation().Get()); // TBD: key id removed from args if (PPAC().DhcpV6() && DhcpBootstrap().Enable()) { diameter_octetstring_t dhcpKey; DhcpBootstrap().DhcpKey(SecurityAssociation().Get(), dhcpKey); args.m_DhcpKey.Set(dhcpKey); } if (PANA_CFG_GENERAL().m_WPASupport && (EpDeviceIds().size() > 0)) { PANA_DeviceIdIterator i; for (i = EpDeviceIds().begin(); i != EpDeviceIds().end(); i ++) { PANA_DeviceId *epId = (*i); PANA_PMKKey pmk(SecurityAssociation().Get(), PacDeviceId().value, epId->value); args.m_PMKKeyList().push_back(pmk.Key()); } if (EpDeviceIds().size() > 0) { args.m_PMKKeyList.IsSet() = true; } } } args.m_Lifetime.Set(SessionLifetime()); args.m_ProtectionCapability.Set(ProtectionCapability()); args.m_Ep.Set(&EpDeviceIds()); args.m_PreferedISP.Set(PreferedISP()); args.m_PreferedNAP.Set(PreferedNAP()); m_Event.Authorize(args); AuxVariables().Authorized() = true; // PaC always authorized}bool PANA_Client::IsSessionResumed(){ if (SecurityAssociation().IsSet()) { return static_cast<PANA_ClientEventInterface&>(m_Event). ResumeSession(); } return (false);}void PANA_Client::NotifyEapRequest(diameter_octetstring_t &payload){ AAAMessageBlock *block = AAAMessageBlock::Acquire(payload.size()); if (block) { block->copy((char*)payload.data(), payload.size()); block->wr_ptr(block->base()); static_cast<PANA_ClientEventInterface&> (m_Event).EapRequest(block, AuxVariables().NapAuthentication()); block->Release(); }}void PANA_Client::IspSelection(PANA_Message *psr){ // extract ISP info if any PANA_CfgProviderList ispList; PANA_CfgProviderInfo *ispInfo; PANA_CfgProviderInfo *ispChoice = NULL; AAA_GroupedAvpContainerWidget ispAvp(psr->avpList()); diameter_grouped_t *isp = ispAvp.GetAvp(PANA_AVPNAME_ISPINFO); if (isp) { for (int ndx=1; isp; ndx++) { ispInfo = new PANA_CfgProviderInfo; if (ispInfo) { PANA_ProviderInfoTool infoTool; infoTool.Extract(*isp, *ispInfo); ispList.push_back(ispInfo); } isp = ispAvp.GetAvp(PANA_AVPNAME_ISPINFO, ndx); } // ask user to choose static_cast<PANA_ClientEventInterface&>(m_Event). ChooseISP(ispList, ispChoice); } // if none chosen, select from config file if ((ispChoice == NULL) && (PANA_CFG_PAC().m_IspInfo.m_Name.size() > 0)) { ispChoice = &PANA_CFG_PAC().m_IspInfo; } if (ispChoice) { PreferedISP().m_Name = ispChoice->m_Name; PreferedISP().m_Id = ispChoice->m_Id; ACE_DEBUG((LM_INFO, "(%P|%t) Selected ISP: [id=%d] %s\n", PreferedISP().m_Id, PreferedISP().m_Name.data())); } // cleanup while (! ispList.empty()) { ispInfo = ispList.front(); ispList.pop_front(); delete ispInfo; }}void PANA_Client::RxPSR(){ /* 7.2 PANA-Start-Request (PSR) The PANA-Start-Request (PSR) message is sent by the PAA to the PaC to advertise availability of the PAA and start PANA authentication. The PAA sets the sequence number to an initial random value. PANA-Start-Request ::= < PANA-Header: 2, REQ [,SEP] > [ Nonce ] [ Cookie ] [ EAP-Payload ] [ NAP-Information ] * [ ISP-Information ] [ Protection-Capability] [ PPAC ] [ Notification ] * [ AVP ] */ std::auto_ptr<PANA_Message> cleanup(AuxVariables().RxMsgQueue().Dequeue()); PANA_Message &msg = *cleanup; if (PANA_CFG_PAC().m_PaaIpAddress.size() == 0) { PANA_DeviceId *id = PANA_DeviceIdConverter::GetIpOnlyAddress (msg.srcDevices(), (bool)PANA_CFG_GENERAL().m_IPv6Enabled); if (id) { PaaIpAddress().set_address(id->value.data(), id->value.size(), (bool)PANA_CFG_GENERAL().m_IPv6Enabled ? 0 : 1); PaaIpAddress().set_port_number(msg.srcPort()); } else { throw (PANA_Exception(PANA_Exception::FAILED, "No PAA device ID gathered")); } PaaDeviceId() = *id; } else { std::string paaIpStr = PANA_CFG_PAC().m_PaaIpAddress + ":0"; PaaIpAddress().string_to_addr(paaIpStr.data()); PANA_AddrConverter::ToAAAAddress(PaaIpAddress(), PaaDeviceId()); } ACE_DEBUG((LM_INFO, "(%P|%t) RxPSR: S-flag %d, N-flag=%d, seq=%d\n", msg.flags().separate, msg.flags().nap, msg.seq())); // update paa nonce AAA_StringAvpContainerWidget nonceAvp(msg.avpList()); diameter_octetstring_t *nonce = nonceAvp.GetAvp(PANA_AVPNAME_NONCE); if (nonce && ! SecurityAssociation().PaaNonce().IsSet()) { SecurityAssociation().PaaNonce().Set(*nonce); } // process notification ProcessNotification(msg); // update nap information AAA_GroupedAvpContainerWidget napAvp(msg.avpList()); diameter_grouped_t *nap = napAvp.GetAvp(PANA_AVPNAME_NAPINFO); if (nap) { PANA_ProviderInfoTool infoTool; infoTool.Extract(*nap, PreferedNAP()); } // update current authentication mode AuxVariables().NapAuthentication() = msg.flags().nap; // RtxTimerStop() m_Timer.CancelTxRetry(); // start eap if (! AuxVariables().SecAssociationResumed()) { NotifyEapRestart(); } // PSR.exist_avp("EAP-Payload") AAA_StringAvpContainerWidget eapAvp(msg.avpList()); diameter_octetstring_t *payload = eapAvp.GetAvp(PANA_AVPNAME_EAP); if (payload) { AuxVariables().SeparateAuthentication() = false; AuxVariables().NapAuthentication() = false; // make sure isp is choosen IspSelection(&msg); // send to eap NotifyEapRequest(*payload); return; } /* Protection-Capability and Post-PANA-Address-Configuration AVPs MAY be optionally included in the PANA-Start-Request in order to indicate required and available capabilities for the network access. These AVPs MAY be used by the PaC for assessing the capability match even before the authentication takes place. But these AVPs are provided during the insecure discovery phase, there are certain security risks involved in using the provided information. See Section 9 for further discussion on this. ... ... In networks where lower-layers are not secured prior to running PANA, the capability discovery enabled through inclusion of Protection-Capability and Post-PANA-Address-Configuration AVPs in a PANA-Start-Request message is susceptible to spoofing leading to denial-of service attacks. Therefore, usage of these AVPs during the discovery and initial handshake phase in such insecure networks is NOT RECOMMENDED. The same AVPs are delivered via an integrity-protected PANA-Bind-Request upon successful authentication. */ TxPSA(cleanup.get());}void PANA_Client::TxPSA(PANA_Message *psr){ /* 7.3 PANA-Start-Answer (PSA) The PANA-Start-Answer (PSA) message is sent by the PaC to the PAA in response to a PANA-Start-Request message. This message completes the handshake to start PANA authentication. PANA-Start-Answer ::= < PANA-Header: 2 [,SEP] > [ Nonce ] [ Cookie ] [ EAP-Payload ] [ ISP-Information ] [ Notification ] * [ AVP ] */ boost::shared_ptr<PANA_Message> msg(new PANA_Message); // Populate header msg->type() = PANA_MTYPE_PSR; msg->seq() = LastRxSeqNum().Value(); // add pac nonce if (SecurityAssociation().PaaNonce().IsSet() && ! SecurityAssociation().PacNonce().IsSet()) { // generate nouce SecurityAssociation().PacNonce().Generate(); diameter_octetstring_t &nonce = SecurityAssociation().PacNonce().Get(); AAA_StringAvpWidget nonceAvp(PANA_AVPNAME_NONCE); nonceAvp.Get().assign(nonce.data(), nonce.size()); msg->avpList().add(nonceAvp()); } if (psr == NULL) { // add eap payload PANA_MsgBlockGuard guard(AuxVariables().TxEapMessageQueue().Dequeue()); AAA_StringAvpWidget eapAvp(PANA_AVPNAME_EAP); eapAvp.Get().assign(guard()->base(), guard()->size()); msg->avpList().add(eapAvp()); // add prefered isp information if any if (PreferedISP().m_Name.size() > 0) { AAA_GroupedAvpWidget choosenIsp(PANA_AVPNAME_ISPINFO); PANA_ProviderInfoTool infoTool; infoTool.Add(choosenIsp.Get(), PreferedISP()); msg->avpList().add(choosenIsp()); } // add notification if any AddNotification(*msg); ACE_DEBUG((LM_INFO, "(%P|%t) TxPSA: S-flag %d, N-flag=%d, seq=%d\n", msg->flags().separate, msg->flags().nap, msg->seq())); SendAnsMsg(msg); return; } AAA_StringAvpContainerWidget cookieAvp(psr->avpList()); diameter_octetstring_t *cookie = cookieAvp.GetAvp(PANA_AVPNAME_COOKIE); if (cookie) { // add cookie AAA_StringAvpWidget psaCookieAvp(PANA_AVPNAME_COOKIE); psaCookieAvp.Get().assign(cookie->data(), cookie->size()); msg->avpList().add(psaCookieAvp()); } if (AuxVariables().SecAssociationResumed()) { // add session id AAA_Utf8AvpWidget sessionIdAvp(PANA_AVPNAME_SESSIONID); sessionIdAvp.Get() = SessionId(); msg->avpList().add(sessionIdAvp()); // add auth (make sure this is the last // process in this message) SecurityAssociation().AddAuthAvp(*msg);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -