diameter_nasreq_client_fsm.cxx

Diameter协议栈

/* BEGIN_COPYRIGHT                                                        */
/*                                                                        */
/* Open Diameter: Open-source software for the Diameter and               */
/*                Diameter related protocols                              */
/*                                                                        */
/* Copyright (C) 2002-2004 Open Diameter Project                          */
/*                                                                        */
/* This library is free software; you can redistribute it and/or modify   */
/* it under the terms of the GNU Lesser General Public License as         */
/* published by the Free Software Foundation; either version 2.1 of the   */
/* License, or (at your option) any later version.                        */
/*                                                                        */
/* This library is distributed in the hope that it will be useful,        */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of         */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU      */
/* Lesser General Public License for more details.                        */
/*                                                                        */
/* You should have received a copy of the GNU Lesser General Public       */
/* License along with this library; if not, write to the Free Software    */
/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307    */
/* USA.                                                                   */
/*                                                                        */
/* In addition, when you copy and redistribute some or the entire part of */
/* the source code of this software with or without modification, you     */
/* MUST include this copyright notice in each copy.                       */
/*                                                                        */
/* If you make any changes that are appeared to be useful, please send    */
/* sources that include the changed part to                               */
/* diameter-developers@lists.sourceforge.net so that we can reflect your  */
/* changes to one unified version of this software.                       */
/*                                                                        */
/* END_COPYRIGHT                                                          */
// $Id: diameter_nasreq_client_fsm.cxx,v 1.8 2004/08/16 16:17:26 vfajardo Exp $

// diameter_nasreq_client_fsm.cxx:  EAP session handling
// Written by Yoshihiro Ohba
// Created May 3, 2004

#include <ace/Singleton.h>
#include <ace/Atomic_Op_T.h>
#include "diameter_nasreq_client_session.hxx"
#include "diameter_nasreq_client_fsm.hxx"
#include "diameter_nasreq_parser.hxx"
#include "diameter_nasreq_authinfo.hxx"

class DiameterNasreqClientAction 
  : public AAA_Action<DiameterNasreqClientStateMachine>
{
  virtual void operator()(DiameterNasreqClientStateMachine&)=0;
 protected:
  DiameterNasreqClientAction() {}
  ~DiameterNasreqClientAction() {}
};

/// State table used by DiameterNasreqClientStateMachine.
class DiameterNasreqClientStateTable_S 
  : public AAA_StateTable<DiameterNasreqClientStateMachine>
{
  friend class 
  ACE_Singleton<DiameterNasreqClientStateTable_S, ACE_Recursive_Thread_Mutex>;

 private:
  class AcContinueAuthentication : public DiameterNasreqClientAction 
  {
    void operator()(DiameterNasreqClientStateMachine& sm)
    {
      AA_AnswerData& aaAnswer = sm.AA_Answer();
      ARAP_Info& arapInfo = (ARAP_Info&)sm.AuthenticationInfo();
      AAA_LOG(LM_DEBUG, "[%N] passing authinfo to the application.\n");

      // If the Auth-Request-Type is AUTHORIZE_ONLY, validation
      // completes with success.
      if (aaAnswer.AuthRequestType() == 
	  AUTH_REQUEST_TYPE_AUTHORIZE_ONLY)
	goto finish;

      // Check ARAP AVPs.
      if (sm.AuthenticationInfo().AuthenticationType() != 
	  NASREQ_AUTHENTICATION_TYPE_ARAP)
	goto finish;

      // Set ARAP-specific authentication info.
      if (aaAnswer.ArapChallengeResponse.IsSet())
	arapInfo.ArapChallengeResponse() = aaAnswer.ArapChallengeResponse();
      if (aaAnswer.ArapSecurity.IsSet())
	arapInfo.ArapSecurity() = aaAnswer.ArapSecurity();
      if (aaAnswer.ArapSecurityData.IsSet())
	arapInfo.ArapSecurityData() = aaAnswer.ArapSecurityData();
      if (aaAnswer.PasswordRetry.IsSet())
	arapInfo.PasswordRetry() = aaAnswer.PasswordRetry();

    finish:
	sm.SignalContinue(sm.AuthenticationInfo());
    }
  };

  class AcSendAA_Request : public DiameterNasreqClientAction 
  {
    void operator()(DiameterNasreqClientStateMachine& sm) 
    { 
      ACE_DEBUG((LM_DEBUG, "[%N] sending AA-Request.\n"));
      AA_RequestData& aaRequest = sm.AA_Request();

      // Generate authorization AVPs.
      sm.SetDestinationRealm(aaRequest.DestinationRealm);
      if (!aaRequest.DestinationRealm.IsSet())
	{
	  AAA_LOG(LM_ERROR, "Failed to set destination realm.\n");
	  sm.Event(DiameterNasreqClientStateMachine::EvSgDisconnect);
	  return;
	}

      sm.SetDestinationHost(aaRequest.DestinationHost);

      sm.SetAuthRequestType(aaRequest.AuthRequestType);
      if (!aaRequest.AuthRequestType.IsSet())
	{
	  AAA_LOG(LM_ERROR, "Failed to set auth request type.\n");
	  sm.Event(DiameterNasreqClientStateMachine::EvSgDisconnect);
	  return;
	}

      sm.SetNasIdentifier(aaRequest.NasIdentifier);

      sm.SetNasIpAddress(aaRequest.NasIpAddress);

      sm.SetNasIpv6Address(aaRequest.NasIpv6Address);

      sm.SetNasPort(aaRequest.NasPort);

      sm.SetNasPortId(aaRequest.NasPortId);

      sm.SetNasPortType(aaRequest.NasPortType);

      sm.SetOriginStateId(aaRequest.OriginStateId);

      sm.SetPortLimit(aaRequest.PortLimit);

      sm.SetServiceType(aaRequest.ServiceType);

      sm.SetState(aaRequest.State);

      sm.SetAuthorizationLifetime(aaRequest.AuthorizationLifetime);

      sm.SetAuthGracePeriod(aaRequest.AuthGracePeriod);

      sm.SetAuthSessionState(aaRequest.AuthSessionState);

      sm.SetCallbackNumber(aaRequest.CallbackNumber);

      sm.SetCalledStationId(aaRequest.CalledStationId);

      sm.SetCallingStationId(aaRequest.CallingStationId);

      sm.SetOriginatingLineInfo(aaRequest.OriginatingLineInfo);

      sm.SetConnectInfo(aaRequest.ConnectInfo);

      sm.SetFramedCompression(aaRequest.FramedCompression);

      sm.SetFramedInterfaceId(aaRequest.FramedInterfaceId);

      sm.SetFramedIpAddress(aaRequest.FramedIpAddress);

      sm.SetFramedIpv6Prefix(aaRequest.FramedIpv6Prefix);

      sm.SetFramedIpNetmask(aaRequest.FramedIpNetmask);

      sm.SetFramedMtu(aaRequest.FramedMtu);

      sm.SetFramedProtocol(aaRequest.FramedProtocol);

      // Deal with authinfo.
      DiameterNasreqAuthenticationInfo &authInfo =sm.AuthenticationInfo();
      if (authInfo.AuthenticationType() == NASREQ_AUTHENTICATION_TYPE_NONE)
	{
	  if (aaRequest.AuthRequestType() != AUTH_REQUEST_TYPE_AUTHORIZE_ONLY)
	    {
	      AAA_LOG(LM_ERROR, "Failed to set authinfo type.\n");
	      sm.Event(DiameterNasreqClientStateMachine::EvSgDisconnect);
	      return;
	    }
	  else
	    goto next;
	}

      aaRequest.UserName = authInfo.UserName();

      if (authInfo.AuthenticationType() == NASREQ_AUTHENTICATION_TYPE_ARAP &&
	  !aaRequest.FramedProtocol.IsSet())
	goto next;
      
      if (authInfo.AuthenticationType() == NASREQ_AUTHENTICATION_TYPE_PAP)
	{
	  PAP_Info& papInfo = (PAP_Info&)authInfo;
	  aaRequest.UserPassword = papInfo.UserPassword();
	}
      else if (authInfo.AuthenticationType() == 
	       NASREQ_AUTHENTICATION_TYPE_CHAP)
	{
	  CHAP_Info& chapInfo = (CHAP_Info&)authInfo;
	  aaRequest.ChapAuth = chapInfo.ChapAuth();
	  aaRequest.ChapChallenge = chapInfo.ChapChallenge();
	}
      else if (authInfo.AuthenticationType() == 
	       NASREQ_AUTHENTICATION_TYPE_ARAP)
	{
	  ARAP_Info& arapInfo = (ARAP_Info&)authInfo;
	  if (arapInfo.IsFirst())
	    {
	      aaRequest.ArapPassword = arapInfo.ArapPassword();
	      aaRequest.ArapChallengeResponse = 
		arapInfo.ArapChallengeResponse();
	    }
	  else
	    {
	      aaRequest.ArapChallengeResponse = 
		arapInfo.ArapChallengeResponse();
	      aaRequest.ArapSecurity = arapInfo.ArapSecurity();
	      aaRequest.ArapSecurityData = arapInfo.ArapSecurityData();
	    }
	}

    next:      

      sm.SetLoginIpHost(aaRequest.LoginIpHost);

      sm.SetLoginIpHost(aaRequest.LoginIpv6Host);

      sm.SetLoginLatGroup(aaRequest.LoginLatGroup);

      sm.SetLoginLatNode(aaRequest.LoginLatNode);

      sm.SetLoginLatPort(aaRequest.LoginLatPort);

      sm.SetLoginLatService(aaRequest.LoginLatService);

      sm.SetTunneling(aaRequest.Tunneling);

      sm.SendAA_Request(); 
    }
  };

  class AcCheckAA_AnswerResultCode : public DiameterNasreqClientAction 
  {
    void operator()(DiameterNasreqClientStateMachine& sm)
    {
      AA_RequestData& aaRequest = sm.AA_Request();
      AA_AnswerData& aaAnswer = sm.AA_Answer();
      AAAResultCode resultCode = aaAnswer.ResultCode();

      // Enforce Prompt AVP attribute.
      if (aaAnswer.Prompt.IsSet())
	sm.EnforcePrompt(aaAnswer.Prompt());

      switch (resultCode)
	{
	case AAA_SUCCESS :
	  AAA_LOG(LM_DEBUG, "[%N] AAA_SUCCESS received.\n");
	  if (aaRequest.AuthRequestType() != aaAnswer.AuthRequestType())
	    {
	      AAA_LOG(LM_ERROR, "[%N] request type mismatch.\n");
	      sm.Event(DiameterNasreqClientStateTable_S::EvSgFailure);
	      break;
	    }
	  if (aaRequest.AuthRequestType() != 
	      AUTH_REQUEST_TYPE_AUTHORIZE_AUTHENTICATE && 
	      aaRequest.AuthRequestType() != AUTH_REQUEST_TYPE_AUTHORIZE_ONLY)
	    {
	      AAA_LOG(LM_ERROR, "[%N] request type invalid.\n");
	      sm.Event(DiameterNasreqClientStateTable_S::EvSgFailure);
	      break;
	    }
	  sm.Event(DiameterNasreqClientStateTable_S::EvSgSuccess);
	  break;
	case AAA_MULTI_ROUND_AUTH :
	  AAA_LOG(LM_DEBUG, "[%N] AAA_MULTI_ROUND_AUTH received.\n");
	  if (aaRequest.AuthRequestType() != aaAnswer.AuthRequestType())
	    {
	      AAA_LOG(LM_ERROR, "[%N] request type mismatch.\n");
	      sm.Event(DiameterNasreqClientStateTable_S::EvSgFailure);
	      break;
	    }
	  if (aaRequest.AuthRequestType() != 
	      AUTH_REQUEST_TYPE_AUTHORIZE_AUTHENTICATE && 
	       aaRequest.AuthRequestType() != 
	      AUTH_REQUEST_TYPE_AUTHENTICATION_ONLY)
	    {
	      AAA_LOG(LM_ERROR, "[%N] request type invalid.\n");
	      sm.Event(DiameterNasreqClientStateTable_S::EvSgFailure);
	      break;
	    }
	  if (aaAnswer.FramedProtocol.IsSet() &&
	      aaAnswer.FramedProtocol() == 3 && 
	      aaRequest.FramedProtocol() == 3 &&
	      aaRequest.ArapSecurity.IsSet() && 
	      aaRequest.ArapSecurityData.IsSet())
	    sm.Event(DiameterNasreqClientStateTable_S::EvSgContinue);
	  else
	    sm.Event(DiameterNasreqClientStateTable_S::EvSgFailure);
	  break;
	default:
	  AAA_LOG(LM_DEBUG, "[%N] Error was received.\n");
	  AAA_LOG(LM_DEBUG, "[%N]   Result-Code=%d.\n", resultCode);
	  sm.Event(DiameterNasreqClientStateTable_S::EvSgFailure);
	  break;
	}
    }
  };

  class AcAccessAccept : public DiameterNasreqClientAction 
  {
    void operator()(DiameterNasreqClientStateMachine& sm)
    {
      AA_AnswerData& aaAnswer = sm.AA_Answer();
      AA_RequestData& aaRequest = sm.AA_Request();
      sm.SignalSuccess();
      sm.Session().Update(AAASession::EVENT_AUTH_SUCCESS);  

      // Enforce authorization data.
      
      if (aaAnswer.Class.IsSet())
	sm.EnforceClass(aaAnswer.Class);

      if (aaAnswer.AcctInterimInterval.IsSet())
	sm.EnforceAcctInterimInterval(aaAnswer.AcctInterimInterval());


      if (aaAnswer.ServiceType.IsSet())
	{
	  aaRequest.ServiceType = aaAnswer.ServiceType();
	  sm.EnforceServiceType(aaAnswer.ServiceType());
	}

      if (aaAnswer.IdleTimeout.IsSet())
	sm.EnforceIdleTimeout(aaAnswer.IdleTimeout());