diameter_nasreq_server_fsm.cxx

Diameter协议栈

 state_check:      
  // Validate State AVP.
  if (aaAnswer.State.IsSet()) // Non-initial state.
    {
      if (!aaRequest.State.IsSet() || 
	  !ValidateState(aaRequest.State(), aaAnswer.State()))
	{
	  AAA_LOG(LM_DEBUG, "[%N] Invalid State AVP.\n");
	  return false;
	}
      else // Try to set initial state
	{
	  SetState(aaAnswer.State);
	}
    }

  return true;
}

void 
DiameterNasreqServerStateMachine::SignalContinue
(DiameterNasreqAuthenticationInfo &authInfo)
{
  AAA_LOG(LM_ERROR, "[%N] Continue received from application.\n");
  if (authInfo.AuthenticationType() == NASREQ_AUTHENTICATION_TYPE_PAP)
    authenticationInfo = boost::shared_ptr<PAP_Info>
      (new PAP_Info((PAP_Info&)authInfo));
  else if (authInfo.AuthenticationType() == NASREQ_AUTHENTICATION_TYPE_CHAP)
    authenticationInfo = boost::shared_ptr<CHAP_Info>
      (new CHAP_Info((CHAP_Info&)authInfo));
  else if (authInfo.AuthenticationType() == NASREQ_AUTHENTICATION_TYPE_ARAP)
    authenticationInfo = boost::shared_ptr<ARAP_Info>
      (new ARAP_Info((ARAP_Info&)authInfo));
  Notify(EvRxAuthContinue);
}

void
DiameterNasreqServerStateMachine::SignalSuccess()
{
  AAA_LOG(LM_ERROR, "[%N] Success received from application.\n");
  Notify(EvRxAuthSuccess);
}

void
DiameterNasreqServerStateMachine::SignalFailure()
{
  AAA_LOG(LM_ERROR, "[%N] Failure received from application.\n");
  Notify(EvRxAuthFailure);
}

bool
DiameterNasreqServerStateMachine::Authorize()
{
  AAA_LOG(LM_DEBUG, "[%N] Authorizing AAREQUEST.\n");
  AA_AnswerData& aaAnswer = aaAnswerData;
  AA_RequestData& aaRequest = aaRequestData;
  bool r;

  // Authorization of mandatory AVPs.

  // If AuthRequestType indicates authentication only, do nothing.
  if (aaAnswer.AuthRequestType() == AUTH_REQUEST_TYPE_AUTHENTICATION_ONLY)
    {
      AAA_LOG(LM_DEBUG, "[%N] Authorization totally success.\n");
      return true;
    }
  
  if (!AuthorizeOriginHost(aaRequest.OriginHost()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize origin host.\n");
      return false;
    }

  if (!AuthorizeOriginRealm(aaRequest.OriginRealm()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize origin realm.\n");
      return false;
    }
  // Authorization of optional AVPs.

  if (!AuthorizeNasIdentifier(aaRequest.NasIdentifier()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas identifier.\n");
      return false;
    }
  if (!AuthorizeNasIpAddress(aaRequest.NasIpAddress()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas ip address.\n");
      return false;
    }
  if (!AuthorizeNasIpv6Address(aaRequest.NasIpAddress()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas ipv6 address.\n");
      return false;
    }
  if (!AuthorizeNasPort(aaRequest.NasPort()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas port.\n");
      return false;
    }
  if (!AuthorizeNasPortId(aaRequest.NasPortId()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas port id.\n");
      return false;
    }
  if (!AuthorizeNasPortType(aaRequest.NasPortType()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas port type.\n");
      return false;
    }
  if (!AuthorizeOriginStateId(aaRequest.OriginStateId()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize origin state id.\n");
      return false;
    }

  if (!AuthorizeFilterId(aaAnswer.FilterId))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize filter id.\n");
      return false;
    }

  if (aaRequest.PortLimit.IsSet())
    r = AuthorizePortLimit(aaRequest.PortLimit(), aaAnswer.PortLimit);
  else
    r = AuthorizePortLimit(aaAnswer.PortLimit);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize port limit.\n");
      return false;
    }

  if (aaRequest.ServiceType.IsSet())
    r = AuthorizeServiceType(aaRequest.ServiceType(), aaAnswer.ServiceType);
  else
    r = AuthorizeServiceType(aaAnswer.ServiceType);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize service type.\n");
      return false;
    }

  if (!AuthorizeClass(aaAnswer.Class))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize Class.\n");
      return false;
    }

  if (!AuthorizeConfigurationToken(aaAnswer.ConfigurationToken))
    {
      AAA_LOG(LM_DEBUG, 
		   "[%N] Failed to authorize configuration token.\n");
      return false;
    }

  if (!AuthorizeAcctInterimInterval(aaAnswer.AcctInterimInterval))
    {
      AAA_LOG(LM_DEBUG, 
		   "[%N] Failed to authorize acct interim interval.\n");
      return false;
    }

  if (!AuthorizeIdleTimeout(aaAnswer.IdleTimeout))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize idle timeout.\n");
      return false;
    }

  if (!AuthorizeAuthorizationLifetime(aaAnswer.AuthorizationLifetime))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize authz lifetime.\n");
      return false;
    }

  if (!AuthorizeAuthGracePeriod(aaAnswer.AuthGracePeriod))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize auth grace period.\n");
      return false;
    }

  if (!AuthorizeAuthSessionState(aaAnswer.AuthSessionState))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize auth session state.\n");
      return false;
    }

  if (!AuthorizeReAuthRequestType(aaAnswer.ReAuthRequestType))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize reauth req. type.\n");
      return false;
    }

  if (!AuthorizeSessionTimeout(aaAnswer.SessionTimeout))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize session timeout.\n");
      return false;
    }

  AuthorizeCallbackId(aaAnswer.CallbackId);

  if (aaRequest.CallbackNumber.IsSet())
    r = AuthorizeCallbackNumber
      (aaRequest.CallbackNumber(), aaAnswer.CallbackNumber);
  else
    r = AuthorizeCallbackNumber(aaAnswer.CallbackNumber);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize callback num.\n");
      return false;
    }

  if (!AuthorizeCallingStationId(aaRequest.CallingStationId()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to validate calling station id.\n");
      return false;
    }

  if (!AuthorizeCalledStationId(aaRequest.CalledStationId()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to validate called station id.\n");
      return false;
    }

  if (!AuthorizeOriginatingLineInfo(aaRequest.OriginatingLineInfo()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize orig. line info.\n");
      return false;
    }

  if (!AuthorizeConnectInfo(aaRequest.ConnectInfo()))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize connec info.\n");
      return false;
    }

  if (!AuthorizeFramedAppletalkLink(aaAnswer.FramedAppletalkLink))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize appletalk link.\n");
      return false;
    }

  if (!AuthorizeFramedAppletalkZone(aaAnswer.FramedAppletalkZone))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize appletalk zone.\n");
      return false;
    }

  if (!AuthorizeFramedAppletalkNetwork(aaAnswer.FramedAppletalkNetwork))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize appletalk network.\n");
      return false;
    }

  if (!aaRequest.FramedCompression.IsSet())
    r = AuthorizeFramedCompression
      (aaRequest.FramedCompression(), aaAnswer.FramedCompression);
  else 
    r = AuthorizeFramedCompression(aaAnswer.FramedCompression);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed compression.\n");
      return false;
    }

  if (aaRequest.FramedInterfaceId.IsSet())
    r = AuthorizeFramedInterfaceId
      (aaRequest.FramedInterfaceId(), aaAnswer.FramedInterfaceId);
  else
    r= AuthorizeFramedInterfaceId(aaAnswer.FramedInterfaceId);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ifid.\n");
      return false;
    }

  if (aaRequest.FramedIpAddress.IsSet())
    r = AuthorizeFramedIpAddress(aaRequest.FramedIpAddress(), 
				 aaAnswer.FramedIpAddress);
  else 
    r = AuthorizeFramedIpAddress(aaAnswer.FramedIpAddress);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipaddr.\n");
      return false;
    }

  if (aaRequest.FramedIpv6Prefix.IsSet())
    r = AuthorizeFramedIpv6Prefix
      (aaRequest.FramedIpv6Prefix(), aaAnswer.FramedIpv6Prefix);
  else
    r = AuthorizeFramedIpv6Prefix(aaAnswer.FramedIpv6Prefix);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipv6prx.\n");
      return false;
    }
      
  if (!AuthorizeFramedIpv6Pool(aaAnswer.FramedIpv6Pool))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipv6 pool.\n");
      return false;
    }

  if (!AuthorizeFramedPool(aaAnswer.FramedPool))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed pool.\n");
      return false;
    }

  if (!AuthorizeFramedIpv6Route(aaAnswer.FramedIpv6Route))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipv6 route.\n");
      return false;
    }

  if (!AuthorizeFramedRoute(aaAnswer.FramedRoute))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed route.\n");
      return false;
    }

  if (aaRequest.FramedIpNetmask.IsSet())
    r = AuthorizeFramedIpNetmask(aaRequest.FramedIpNetmask(), 
				 aaAnswer.FramedIpNetmask);
  else
    r = AuthorizeFramedIpNetmask(aaAnswer.FramedIpNetmask);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipmask.\n");
      return false;
    }

  if (!AuthorizeFramedIpxNetwork(aaAnswer.FramedIpxNetwork))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipx network.\n");
      return false;
    }

  if (aaRequest.FramedMtu.IsSet())
    r = AuthorizeFramedMtu(aaRequest.FramedMtu(), aaAnswer.FramedMtu);
  else
    r = AuthorizeFramedMtu(aaAnswer.FramedMtu);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed mtu.\n");
      return false;
    }

  if (aaRequest.FramedProtocol.IsSet())
    r = AuthorizeFramedProtocol
      (aaRequest.FramedProtocol(), aaAnswer.FramedProtocol);
  else
    r = AuthorizeFramedProtocol(aaAnswer.FramedProtocol);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed proto.\n");
      return false;
    }

  if (!AuthorizeFramedRouting(aaAnswer.FramedRouting))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed routing.\n");
      return false;
    }

  if (aaRequest.LoginIpHost.IsSet())
    r = AuthorizeLoginIpHost
      (aaRequest.LoginIpHost(), aaAnswer.LoginIpHost);
  else
    r = AuthorizeLoginIpHost(aaAnswer.LoginIpHost);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize login ip host.\n");
      return false;
    }

  if (aaRequest.LoginIpv6Host.IsSet())
    r = AuthorizeLoginIpv6Host
      (aaRequest.LoginIpv6Host(), aaAnswer.LoginIpv6Host);
  else
    r = AuthorizeLoginIpv6Host(aaAnswer.LoginIpv6Host);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize login ipv6 host.\n");
      return false;
    }

  if (aaRequest.LoginLatGroup.IsSet())
    r = AuthorizeLoginLatGroup
      (aaRequest.LoginLatGroup(), aaAnswer.LoginLatGroup);
  else
    r = AuthorizeLoginLatGroup(aaAnswer.LoginLatGroup);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize login lat group.\n");
      return false;
    }

  if (aaRequest.LoginLatNode.IsSet())
    r = AuthorizeLoginLatNode
      (aaRequest.LoginLatNode(), aaAnswer.LoginLatNode);
  else
    r = AuthorizeLoginLatNode(aaAnswer.LoginLatNode);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize login lat node.\n");
      return false;
    }

  if (aaRequest.LoginLatPort.IsSet())
    r = AuthorizeLoginLatPort
      (aaRequest.LoginLatPort(), aaAnswer.LoginLatPort);
  else
    r = AuthorizeLoginLatPort(aaAnswer.LoginLatPort);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize login lat port.\n");
      return false;
    }

  if (aaRequest.LoginLatService.IsSet())
    r = AuthorizeLoginLatService
      (aaRequest.LoginLatService(), aaAnswer.LoginLatService);
  else
    r = AuthorizeLoginLatService(aaAnswer.LoginLatService);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize login lat service.\n");
      return false;
    }

  if (!AuthorizeLoginTcpPort(aaAnswer.LoginTcpPort))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize login tcp port.\n");
      return false;
    }

  if (!AuthorizeNasFilterRule(aaAnswer.NasFilterRule))
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas filter rule.\n");
      return false;
    }

  if (aaRequest.Tunneling.IsSet())
    r = AuthorizeTunneling(aaRequest.Tunneling(), aaAnswer.Tunneling);
  else
    r = AuthorizeTunneling(aaAnswer.Tunneling);
  if (!r)
    {
      AAA_LOG(LM_DEBUG, "[%N] Failed to authorize tunneling.\n");
      return false;
    }

  AAA_LOG(LM_DEBUG, "[%N] Authorization totally success.\n");
  authorizationDone = true;
  return true;
}