📄 diameter_eap_server_fsm.cxx
字号:
found = true; } if (!found) { AAA_LOG(LM_ERROR, "[%N] Invalid class\n."); return false; } } // UserName check if (der.UserName.IsSet()) { if (!ValidateUserName(der.UserName())) { AAA_LOG(LM_DEBUG, "[%N] Failed to validate username.\n"); return false; } dea.UserName = der.UserName; } // State check. if (dea.State.IsSet()) // Non-initial state. { if (!der.State.IsSet() || !ValidateState(der.State(), dea.State())) { AAA_LOG(LM_DEBUG, "[%N] Invalid State AVP.\n"); return false; } else // Try to set initial state { SetState(dea.State); } } return true;}void DiameterEapServerStateMachine::SignalContinue(std::string &eapMsg){ DEA_Data& dea = deaData; AAA_LOG(LM_ERROR, "[%N] EAP Request received from backend.\n"); dea.EapPayload = eapMsg; Notify(EvRxEapRequest);}voidDiameterEapServerStateMachine::SignalSuccess(std::string &eapMsg){ DEA_Data& dea = deaData; AAA_LOG(LM_ERROR, "[%N] EAP Success received from backend.\n"); dea.EapPayload = eapMsg; Notify(EvRxEapSuccess);}voidDiameterEapServerStateMachine::SignalFailure(std::string &eapMsg){ DEA_Data& dea = deaData; AAA_LOG(LM_ERROR, "[%N] EAP Failure received from backend.\n"); dea.EapPayload = eapMsg; Notify(EvRxEapFailure);}boolDiameterEapServerStateMachine::Authorize(){ AAA_LOG(LM_DEBUG, "[%N] Authorizing DER.\n"); DEA_Data& dea = deaData; DER_Data& der = derData; bool r; // Authorization of mandatory AVPs. // If AuthRequestType indicates authentication only, do nothing. if (dea.AuthRequestType() == AUTH_REQUEST_TYPE_AUTHENTICATION_ONLY) { AAA_LOG(LM_DEBUG, "[%N] Authorization totally success.\n"); return true; } if (!AuthorizeOriginHost(der.OriginHost())) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize origin host.\n"); return false; } if (!AuthorizeOriginRealm(der.OriginRealm())) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize origin realm.\n"); return false; } // Authorization of optional AVPs. if (der.Class.IsSet()) r = AuthorizeClass(der.Class(), dea.Class); else r = AuthorizeClass(dea.Class); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize Class.\n"); return false; } if (!AuthorizeConfigurationToken(dea.ConfigurationToken)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize conf. token.\n"); return false; } if (!AuthorizeAcctInterimInterval(dea.AcctInterimInterval)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize auth interim intvl.\n"); return false; } if (der.ServiceType.IsSet()) r = AuthorizeServiceType(der.ServiceType(), dea.ServiceType); else r = AuthorizeServiceType(dea.ServiceType); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize service type.\n"); return false; } if (!AuthorizeIdleTimeout(dea.IdleTimeout)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize idle timeout.\n"); return false; } if (!AuthorizeAuthorizationLifetime(dea.AuthorizationLifetime)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize authz lifetime.\n"); return false; } if (!AuthorizeAuthGracePeriod(dea.AuthGracePeriod)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize auth grace period.\n"); return false; } if (!AuthorizeAuthSessionState(dea.AuthSessionState)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize auth session state.\n"); return false; } if (!AuthorizeReAuthRequestType(dea.ReAuthRequestType)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize reauth req. type.\n"); return false; } if (!AuthorizeSessionTimeout(dea.SessionTimeout)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize session timeout.\n"); return false; } if (!AuthorizeFilterId(dea.FilterId)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize filter id.\n"); return false; } if (der.PortLimit.IsSet()) r = AuthorizePortLimit(der.PortLimit(), dea.PortLimit); else r = AuthorizePortLimit(dea.PortLimit); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize port limit.\n"); return false; } AuthorizeCallbackId(dea.CallbackId); if (der.CallbackNumber.IsSet()) AuthorizeCallbackNumber(der.CallbackNumber(), dea.CallbackNumber); else AuthorizeCallbackNumber(dea.CallbackNumber); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize callback num.\n"); return false; } if (!AuthorizeFramedAppletalkLink(dea.FramedAppletalkLink)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize appletalk link.\n"); return false; } if (!AuthorizeFramedAppletalkZone(dea.FramedAppletalkZone)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize appletalk zone.\n"); return false; } if (!AuthorizeFramedAppletalkNetwork(dea.FramedAppletalkNetwork)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize appletalk network.\n"); return false; } if (!der.FramedCompression.IsSet()) r = AuthorizeFramedCompression (der.FramedCompression, dea.FramedCompression); else r = AuthorizeFramedCompression(dea.FramedCompression); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed compression.\n"); return false; } if (der.FramedInterfaceId.IsSet()) r = AuthorizeFramedInterfaceId (der.FramedInterfaceId(), dea.FramedInterfaceId); else r= AuthorizeFramedInterfaceId(dea.FramedInterfaceId); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ifid.\n"); return false; } if (der.FramedIpAddress.IsSet()) r = AuthorizeFramedIpAddress(der.FramedIpAddress(), dea.FramedIpAddress); else AuthorizeFramedIpAddress(dea.FramedIpAddress); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipaddr.\n"); return false; } if (der.FramedIpv6Prefix.IsSet()) r = AuthorizeFramedIpv6Prefix (der.FramedIpv6Prefix(), dea.FramedIpv6Prefix); else r = AuthorizeFramedIpv6Prefix(dea.FramedIpv6Prefix); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipv6prx.\n"); return false; } if (!AuthorizeFramedIpv6Pool(dea.FramedIpv6Pool)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipv6 pool.\n"); return false; } if (!AuthorizeFramedPool(dea.FramedPool)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed pool.\n"); return false; } if (!AuthorizeFramedIpv6Route(dea.FramedIpv6Route)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipv6 route.\n"); return false; } if (!AuthorizeFramedRoute(dea.FramedRoute)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed route.\n"); return false; } if (der.FramedIpNetmask.IsSet()) r = AuthorizeFramedIpNetmask(der.FramedIpNetmask(), dea.FramedIpNetmask); else r = AuthorizeFramedIpNetmask(dea.FramedIpNetmask); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipmask.\n"); return false; } if (!AuthorizeFramedIpxNetwork(dea.FramedIpxNetwork)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed ipx network.\n"); return false; } if (der.FramedMtu.IsSet()) r = AuthorizeFramedMtu(der.FramedMtu(), dea.FramedMtu); else r = AuthorizeFramedMtu(dea.FramedMtu); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed mtu.\n"); return false; } if (der.FramedProtocol.IsSet()) r = AuthorizeFramedProtocol (der.FramedProtocol(), dea.FramedProtocol); else r = AuthorizeFramedProtocol(dea.FramedProtocol); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed proto.\n"); return false; } if (!AuthorizeFramedRouting(dea.FramedRouting)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize framed routing.\n"); return false; } if (!AuthorizeNasFilterRule(dea.NasFilterRule)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize nas filter rule.\n"); return false; } if (der.Tunneling.IsSet()) r = AuthorizeTunneling(der.Tunneling(), dea.Tunneling); else r = AuthorizeTunneling(dea.Tunneling); if (!r) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize tunneling.\n"); return false; } if (!AuthorizeEapMasterSessionKey(dea.EapMasterSessionKey)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize MSK.\n"); return false; } if (!AuthorizeAccountingEapAuthMethod(dea.AccountingEapAuthMethod)) { AAA_LOG(LM_DEBUG, "[%N] Failed to authorize acct eap method.\n"); return false; } AAA_LOG(LM_DEBUG, "[%N] Authorization totally success.\n"); authorizationDone = true; return true;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -