#include <freeradius-devel/server/cf_util.h>
#include <freeradius-devel/server/client.h>
#include <freeradius-devel/server/command.h>
-#include <freeradius-devel/server/components.h>
#include <freeradius-devel/server/connection.h>
#include <freeradius-devel/server/dependency.h>
#include <freeradius-devel/server/dl_module.h>
+++ /dev/null
-#pragma once
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/**
- * $Id$
- *
- * @file lib/server/components.h
- * @brief Module components.
- *
- * @copyright 2018 The FreeRADIUS server project
- */
-RCSIDH(components_h, "$Id$")
-
-/** The different section components of the server
- *
- * Used as indexes in the methods array in the module_t struct.
- */
-typedef enum rlm_components {
- MOD_AUTHENTICATE = 0, //!< 0 methods index for authenticate section.
- MOD_AUTHORIZE, //!< 1 methods index for authorize section.
- MOD_PREACCT, //!< 2 methods index for preacct section.
- MOD_ACCOUNTING, //!< 3 methods index for accounting section.
- MOD_POST_AUTH, //!< 7 methods index for postauth section.
- MOD_COUNT //!< 10 how many components there are.
-} rlm_components_t;
#include <freeradius-devel/unlang/action.h>
#include <freeradius-devel/unlang/compile.h>
#include <freeradius-devel/unlang/call_env.h>
+#include <freeradius-devel/unlang/mod_action.h>
#include <freeradius-devel/util/event.h>
typedef struct module_s module_t;
}
#endif
-#include <freeradius-devel/server/components.h>
#include <freeradius-devel/server/dl_module.h>
#include <freeradius-devel/server/exfile.h>
#include <freeradius-devel/server/pool.h>
rlm_rcode_t code; //!< Code module will return when 'force' has
//!< has been set to true.
- unlang_actions_t actions; //!< default actions and retries.
+ unlang_mod_actions_t actions; //!< default actions and retries.
/** @} */
/** @name Allow module instance data to be resolved by name or data, and to get back to the module list
return CMP(ret, 0);
}
-char const *section_type_value[MOD_COUNT] = {
- "authenticate",
- "authorize",
- "preacct",
- "accounting",
- "post-auth"
-};
-
/** Global module list for all backend modules
*
*/
* then any module method would match, which is
* bad.
*/
- for (j = 0; allowed_list[j].name != NULL; j++) {
+ for (j = 0; allowed_list[j].name1 != NULL; j++) {
int k;
virtual_server_method_t const *allowed = &allowed_list[j];
fr_assert(methods->name1 != CF_IDENT_ANY); /* should have been caught above */
- if (strcasecmp(methods->name1, allowed->name) != 0) continue;
+ if (strcasecmp(methods->name1, allowed->name1) != 0) continue;
/*
* The module matches "recv *",
#include <freeradius-devel/server/module.h>
-extern char const *section_type_value[MOD_COUNT];
-
typedef struct {
module_t common; //!< Common fields presented by all modules.
module_method_name_t const *method_names; //!< named methods
#define DYNAMIC_CLIENT_SECTIONS \
{ \
- .name = "new", \
+ .name1 = "new", \
.name2 = "client", \
- .component = MOD_AUTHORIZE, \
+ .actions = &mod_actions_authorize, \
.offset = PROCESS_CONF_OFFSET(new_client), \
}, \
{ \
- .name = "add", \
+ .name1 = "add", \
.name2 = "client", \
- .component = MOD_AUTHORIZE, \
+ .actions = &mod_actions_authorize, \
.offset = PROCESS_CONF_OFFSET(add_client), \
}, \
{ \
- .name = "deny", \
+ .name1 = "deny", \
.name2 = "client", \
- .component = MOD_AUTHORIZE, \
+ .actions = &mod_actions_authorize, \
.offset = PROCESS_CONF_OFFSET(deny_client), \
}
if (!compile_list) return 0;
- for (i = 0; list[i].name != NULL; i++) {
- if (list[i].name == CF_IDENT_ANY) continue;
+ for (i = 0; list[i].name1 != NULL; i++) {
+ if (list[i].name1 == CF_IDENT_ANY) continue;
if (virtual_server_section_register(&list[i]) < 0) {
cf_log_err(cs, "Failed registering processing section name %s for %s",
- list[i].name, name);
+ list[i].name1, name);
return -1;
}
}
return -1;
}
- rcode = unlang_compile(subcs, list[i].component, rules, &instruction);
+ rcode = unlang_compile(subcs, list[i].actions, rules, &instruction);
if (rcode < 0) return -1;
/*
bad = cf_section_find_next(server, subcs, list[i].name1, name2);
if (bad) goto forbidden;
- rcode = unlang_compile(subcs, list[i].component, rules, NULL);
+ rcode = unlang_compile(subcs, list[i].actions, rules, NULL);
if (rcode < 0) return -1;
/*
if (entry->methods) {
int i;
- for (i = 0; entry->methods[i].name != NULL; i++) {
- if (entry->methods[i].name == CF_IDENT_ANY) {
+ for (i = 0; entry->methods[i].name1 != NULL; i++) {
+ if (entry->methods[i].name1 == CF_IDENT_ANY) {
ERROR("Processing sections cannot allow \"*\"");
return -1;
}
if (entry->methods[i].name2 == CF_IDENT_ANY) {
ERROR("Processing sections cannot allow \"%s *\"",
- entry->methods[i].name);
+ entry->methods[i].name1);
return -1;
}
}
* @copyright 2019 The FreeRADIUS server project
*/
+
#ifdef __cplusplus
extern "C" {
#endif
#include <freeradius-devel/io/schedule.h>
#include <freeradius-devel/server/cf_parse.h>
#include <freeradius-devel/unlang/module.h>
+#include <freeradius-devel/unlang/mod_action.h>
#include <freeradius-devel/util/dict.h>
extern const conf_parser_t virtual_servers_config[];
extern const conf_parser_t virtual_servers_on_read_config[];
-
/** @name Debug functions
* @{
*/
*
*/
typedef struct {
- char const *name; //!< module method name1 which is allowed in this section
- char const *name2; //!< module method name2 which is allowed in this section
+ char const *name1; //!< module method name1 which is allowed in this section
+ char const *name2; //!< module method name2 which is allowed in this section
} virtual_server_method_t;
/** Processing sections which are allowed in this virtual server.
*
*/
typedef struct {
- char const *name1; //!< Name of the processing section, such as "recv" or "send"
- char const *name2; //!< Second name, such as "Access-Request"
- size_t offset; //!< where the CONF_SECTION pointer is written
- bool dont_cache; //!< If true, the CONF_SECTION pointer won't be written
- ///< and the offset will be ignored.
- size_t instruction; //!< where the instruction pointer is written
- virtual_server_method_t const *methods; //!< list of module methods which are allowed in this section
+ char const *name1; //!< Name of the processing section, such as "recv" or "send"
+ char const *name2; //!< Second name, such as "Access-Request"
+ size_t offset; //!< where the CONF_SECTION pointer is written
+ bool dont_cache; //!< If true, the CONF_SECTION pointer won't be written
+ ///< and the offset will be ignored.
+ size_t instruction; //!< where the instruction pointer is written
+ unlang_mod_actions_t const *actions; //!< Default actions for this section.
+ virtual_server_method_t const *methods; //!< list of module methods which are allowed in this section
} virtual_server_compile_t;
-#define COMPILE_TERMINATOR { .name = NULL, .name2 = NULL }
+#define COMPILE_TERMINATOR { .name1 = NULL, .name2 = NULL }
int virtual_server_section_register(virtual_server_compile_t const *entry) CC_HINT(nonnull);
limit.c \
load_balance.c \
map.c \
+ mod_action.c \
module.c \
parallel.c \
return.c \
#include <freeradius-devel/util/time.h>
#include <freeradius-devel/util/dict.h>
+#include "catch_priv.h"
#include "call_priv.h"
#include "caller_priv.h"
#include "condition_priv.h"
#include "limit_priv.h"
#include "transaction_priv.h"
#include "try_priv.h"
-#include "catch_priv.h"
+#include "mod_action.h"
#define UNLANG_IGNORE ((unlang_t *) -1)
};
size_t mod_rcode_table_len = NUM_ELEMENTS(mod_rcode_table);
-
-/* Some short names for debugging output */
-static char const * const comp2str[] = {
- "authenticate",
- "authorize",
- "preacct",
- "accounting",
- "post-auth"
-};
-
typedef struct {
- rlm_components_t component;
- char const *section_name1;
- char const *section_name2;
- unlang_actions_t actions;
- tmpl_rules_t const *rules;
+ char const *section_name1;
+ char const *section_name2;
+ unlang_mod_actions_t actions;
+ tmpl_rules_t const *rules;
} unlang_compile_t;
/*
* name and number, but we use the CURRENT actions.
*/
static inline CC_HINT(always_inline)
-void compile_copy_context(unlang_compile_t *dst, unlang_compile_t const *src, rlm_components_t component)
+void compile_copy_context(unlang_compile_t *dst, unlang_compile_t const *src)
{
int i;
*dst = *src;
- /*
- * Over-ride the component.
- */
- dst->component = component;
-
/*
* Ensure that none of the actions are RETRY.
*/
memset(&dst->actions.retry, 0, sizeof(dst->actions.retry)); \
}
-#define UPDATE_CTX2 compile_copy_context(&unlang_ctx2, unlang_ctx, component)
+#define UPDATE_CTX2 compile_copy_context(&unlang_ctx2, unlang_ctx)
static unlang_t *compile_empty(unlang_t *parent, unlang_compile_t *unlang_ctx, CONF_SECTION *cs, unlang_ext_t const *ext);
static char const unlang_spaces[] = " ";
-
-static const unlang_actions_t default_actions[MOD_COUNT] =
-{
- /* authenticate */
- {
- .actions = {
- MOD_ACTION_RETURN, /* reject */
- MOD_ACTION_RETURN, /* fail */
- 4, /* ok */
- MOD_ACTION_RETURN, /* handled */
- MOD_ACTION_RETURN, /* invalid */
- MOD_ACTION_RETURN, /* disallow */
- 1, /* notfound */
- 2, /* noop */
- 3 /* updated */
- },
- .retry = RETRY_INIT,
- },
- /* authorize */
- {
- .actions = {
- MOD_ACTION_RETURN, /* reject */
- MOD_ACTION_RETURN, /* fail */
- 3, /* ok */
- MOD_ACTION_RETURN, /* handled */
- MOD_ACTION_RETURN, /* invalid */
- MOD_ACTION_RETURN, /* disallow */
- 1, /* notfound */
- 2, /* noop */
- 4 /* updated */
- },
- .retry = RETRY_INIT,
- },
- /* preacct */
- {
- .actions = {
- MOD_ACTION_RETURN, /* reject */
- MOD_ACTION_RETURN, /* fail */
- 2, /* ok */
- MOD_ACTION_RETURN, /* handled */
- MOD_ACTION_RETURN, /* invalid */
- MOD_ACTION_RETURN, /* disallow */
- MOD_ACTION_RETURN, /* notfound */
- 1, /* noop */
- 3 /* updated */
- },
- .retry = RETRY_INIT,
- },
- /* accounting */
- {
- .actions = {
- MOD_ACTION_RETURN, /* reject */
- MOD_ACTION_RETURN, /* fail */
- 2, /* ok */
- MOD_ACTION_RETURN, /* handled */
- MOD_ACTION_RETURN, /* invalid */
- MOD_ACTION_RETURN, /* disallow */
- MOD_ACTION_RETURN, /* notfound */
- 1, /* noop */
- 3 /* updated */
- },
- .retry = RETRY_INIT,
- },
- /* post-auth */
- {
- .actions = {
- MOD_ACTION_RETURN, /* reject */
- MOD_ACTION_RETURN, /* fail */
- 3, /* ok */
- MOD_ACTION_RETURN, /* handled */
- MOD_ACTION_RETURN, /* invalid */
- MOD_ACTION_RETURN, /* disallow */
- 1, /* notfound */
- 2, /* noop */
- 4 /* updated */
- },
- .retry = RETRY_INIT,
- }
-};
-
static inline CC_HINT(always_inline) int unlang_attr_rules_verify(tmpl_attr_rules_t const *rules)
{
if (!fr_cond_assert_msg(rules->dict_def, "No protocol dictionary set")) return -1;
/*
* Compile action && rcode for later use.
*/
-static int compile_action_pair(unlang_actions_t *actions, CONF_PAIR *cp)
+static int compile_action_pair(unlang_mod_actions_t *actions, CONF_PAIR *cp)
{
int action;
char const *attr, *value;
return 1;
}
-static bool compile_retry_section(unlang_actions_t *actions, CONF_ITEM *ci)
+static bool compile_retry_section(unlang_mod_actions_t *actions, CONF_ITEM *ci)
{
CONF_ITEM *csi;
CONF_SECTION *cs;
return true;
}
-bool unlang_compile_actions(unlang_actions_t *actions, CONF_SECTION *action_cs, bool module_retry)
+bool unlang_compile_actions(unlang_mod_actions_t *actions, CONF_SECTION *action_cs, bool module_retry)
{
int i;
bool disallow_retry_action = false;
* Create our own compilation context which can be edited
* by a variable definition.
*/
- compile_copy_context(&unlang_ctx2, unlang_ctx_in, unlang_ctx_in->component);
+ compile_copy_context(&unlang_ctx2, unlang_ctx_in);
unlang_ctx = &unlang_ctx2;
t_rules = *unlang_ctx_in->rules;
/*
* Any failure is return, not continue.
*/
- compile_copy_context(&unlang_ctx2, unlang_ctx, unlang_ctx->component);
+ compile_copy_context(&unlang_ctx2, unlang_ctx);
unlang_ctx2.actions.actions[RLM_MODULE_REJECT] = MOD_ACTION_RETURN;
unlang_ctx2.actions.actions[RLM_MODULE_FAIL] = MOD_ACTION_RETURN;
* just to ensure that retry is handled correctly.
* i.e. reset.
*/
- compile_copy_context(&unlang_ctx2, unlang_ctx, unlang_ctx->component);
+ compile_copy_context(&unlang_ctx2, unlang_ctx);
/*
* Then over-write the new compilation context.
unlang_ctx2.section_name1 = "subrequest";
unlang_ctx2.section_name2 = name2;
unlang_ctx2.rules = &t_rules;
- unlang_ctx2.component = unlang_ctx->component;
/*
* Compile the subsection with a *different* default dictionary.
}
static unlang_t *compile_function(unlang_t *parent, unlang_compile_t *unlang_ctx, CONF_ITEM *ci,
- CONF_SECTION *subcs, rlm_components_t component,
+ CONF_SECTION *subcs,
bool policy)
{
unlang_compile_t unlang_ctx2;
* we wish to use, instead of the input component.
*
* @param[in] ci Configuration item to check
- * @param[out] pcomponent Where to write the method we found, if any.
- * If no method is specified will be set to MOD_COUNT.
* @param[in] real_name Complete name string e.g. foo.authorize.
* @param[in] virtual_name Virtual module name e.g. foo.
* @param[in] method_name Method override (may be NULL) or the method
* @param[out] policy whether or not this thing was a policy
* @return the CONF_SECTION specifying the virtual module.
*/
-static CONF_SECTION *virtual_module_find_cs(CONF_ITEM *ci, rlm_components_t *pcomponent,
- char const *real_name, char const *virtual_name, char const *method_name,
+static CONF_SECTION *virtual_module_find_cs(CONF_ITEM *ci,
+ UNUSED char const *real_name, char const *virtual_name, char const *method_name,
bool *policy)
{
CONF_SECTION *cs, *subcs, *conf_root;
CONF_ITEM *loop;
- rlm_components_t method = *pcomponent;
+#if 0
char buffer[256];
-
+#endif
*policy = false;
conf_root = cf_root(ci);
- /*
- * Turn the method name into a method enum.
- */
- if (method_name) {
- rlm_components_t i;
-
- for (i = MOD_AUTHENTICATE; i < MOD_COUNT; i++) {
- if (strcmp(comp2str[i], method_name) == 0) break;
- }
-
- if (i != MOD_COUNT) {
- method = i;
- } else {
- method_name = NULL;
- virtual_name = real_name;
- }
- }
-
/*
* Look for "foo" as a virtual server. If we find it,
* AND there's no method name, we've found the right
* Return it to the caller, with the updated method.
*/
subcs = module_rlm_by_name_virtual(virtual_name);
- if (subcs) {
- *pcomponent = method;
- goto check_for_loop;
- }
+ if (subcs) goto check_for_loop;
/*
* Look for it in "policy".
subcs = cf_section_find(cs, virtual_name, NULL);
if (!subcs) return NULL;
- *pcomponent = method;
goto check_for_loop;
}
* "foo" means "look for foo.component" first, to allow
* method overrides. If that's not found, just look for
* a policy "foo".
+ *
+ * FIXME - This has been broken since we switched to named
+ * module sections. We should take the name1/name2 from the
+ * unlang ctx and use that to form the name we search for.
*/
+#if 0
snprintf(buffer, sizeof(buffer), "%s.%s", virtual_name, comp2str[method]);
- subcs = cf_section_find(cs, buffer, NULL);
+#endif
+ subcs = cf_section_find(cs, virtual_name, NULL);
if (!subcs) subcs = cf_section_find(cs, virtual_name, NULL);
if (!subcs) return NULL;
module_instance_t *inst;
CONF_SECTION *cs, *subcs, *modules;
char const *realname;
- rlm_components_t component = unlang_ctx->component;
unlang_compile_t unlang_ctx2;
module_method_t method;
bool policy;
*/
p = strrchr(name, '.');
if (!p) {
- subcs = virtual_module_find_cs(ci, &component, name, name, NULL, &policy);
+ subcs = virtual_module_find_cs(ci, name, name, NULL, &policy);
} else {
char buffer[256];
strlcpy(buffer, name, sizeof(buffer));
buffer[p - name] = '\0';
- subcs = virtual_module_find_cs(ci, &component, name,
+ subcs = virtual_module_find_cs(ci, name,
buffer, buffer + (p - name) + 1, &policy);
}
* i.e. it refers to a a subsection in "policy".
*/
if (subcs) {
- c = compile_function(parent, unlang_ctx, ci, subcs, component, policy);
+ c = compile_function(parent, unlang_ctx, ci, subcs, policy);
goto allocate_number;
}
return NULL;
}
-int unlang_compile(CONF_SECTION *cs, rlm_components_t component, tmpl_rules_t const *rules, void **instruction)
+int unlang_compile(CONF_SECTION *cs, unlang_mod_actions_t const * actions, tmpl_rules_t const *rules, void **instruction)
{
unlang_t *c;
tmpl_rules_t my_rules;
c = compile_section(NULL,
&(unlang_compile_t){
- .component = component,
.section_name1 = cf_section_name1(cs),
.section_name2 = cf_section_name2(cs),
- .actions = default_actions[component],
+ .actions = *actions,
.rules = rules
},
cs, &group_ext);
#endif
#include <freeradius-devel/server/cf_util.h>
-#include <freeradius-devel/server/components.h>
#include <freeradius-devel/server/tmpl.h>
#include <freeradius-devel/util/retry.h>
-
-typedef struct {
- int actions[RLM_MODULE_NUMCODES];
- fr_retry_config_t retry;
-} unlang_actions_t;
+#include <freeradius-devel/unlang/mod_action.h>
void unlang_compile_init(TALLOC_CTX *ctx);
-int unlang_compile(CONF_SECTION *cs, rlm_components_t component, tmpl_rules_t const *rules, void **instruction);
+int unlang_compile(CONF_SECTION *cs, unlang_mod_actions_t const *actions, tmpl_rules_t const *rules, void **instruction);
bool unlang_compile_is_keyword(const char *name);
-bool unlang_compile_actions(unlang_actions_t *actions, CONF_SECTION *parent, bool module_retry);
+bool unlang_compile_actions(unlang_mod_actions_t *actions, CONF_SECTION *parent, bool module_retry);
#ifdef __cplusplus
}
--- /dev/null
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/**
+ * $Id$
+ *
+ * @file unlang/action.c
+ * @brief Default action sets for virtual server actions.
+ *
+ * @copyright 2024 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
+ */
+RCSID("$Id$")
+
+#include <freeradius-devel/unlang/mod_action.h>
+
+unlang_mod_actions_t const mod_actions_authenticate = {
+ .actions = {
+ [RLM_MODULE_REJECT] = MOD_ACTION_RETURN,
+ [RLM_MODULE_FAIL] = MOD_ACTION_RETURN,
+ [RLM_MODULE_OK] = 4,
+ [RLM_MODULE_HANDLED] = MOD_ACTION_RETURN,
+ [RLM_MODULE_INVALID] = MOD_ACTION_RETURN,
+ [RLM_MODULE_DISALLOW] = MOD_ACTION_RETURN,
+ [RLM_MODULE_NOTFOUND] = 1,
+ [RLM_MODULE_NOOP] = 2,
+ [RLM_MODULE_UPDATED] = 3
+ },
+ .retry = RETRY_INIT
+};
+
+unlang_mod_actions_t const mod_actions_authorize = {
+ .actions = {
+ [RLM_MODULE_REJECT] = MOD_ACTION_RETURN,
+ [RLM_MODULE_FAIL] = MOD_ACTION_RETURN,
+ [RLM_MODULE_OK] = 3,
+ [RLM_MODULE_HANDLED] = MOD_ACTION_RETURN,
+ [RLM_MODULE_INVALID] = MOD_ACTION_RETURN,
+ [RLM_MODULE_DISALLOW] = MOD_ACTION_RETURN,
+ [RLM_MODULE_NOTFOUND] = 1,
+ [RLM_MODULE_NOOP] = 2,
+ [RLM_MODULE_UPDATED] = 4
+ },
+ .retry = RETRY_INIT,
+};
+
+unlang_mod_actions_t const mod_actions_preacct = {
+ .actions = {
+ [RLM_MODULE_REJECT] = MOD_ACTION_RETURN,
+ [RLM_MODULE_FAIL] = MOD_ACTION_RETURN,
+ [RLM_MODULE_OK] = 2,
+ [RLM_MODULE_HANDLED] = MOD_ACTION_RETURN,
+ [RLM_MODULE_INVALID] = MOD_ACTION_RETURN,
+ [RLM_MODULE_DISALLOW] = MOD_ACTION_RETURN,
+ [RLM_MODULE_NOTFOUND] = MOD_ACTION_RETURN,
+ [RLM_MODULE_NOOP] = 1,
+ [RLM_MODULE_UPDATED] = 3
+ },
+ .retry = RETRY_INIT,
+};
+
+unlang_mod_actions_t const mod_actions_accounting = {
+ .actions = {
+ [RLM_MODULE_REJECT] = MOD_ACTION_RETURN,
+ [RLM_MODULE_FAIL] = MOD_ACTION_RETURN,
+ [RLM_MODULE_OK] = 2,
+ [RLM_MODULE_HANDLED] = MOD_ACTION_RETURN,
+ [RLM_MODULE_INVALID] = MOD_ACTION_RETURN,
+ [RLM_MODULE_DISALLOW] = MOD_ACTION_RETURN,
+ [RLM_MODULE_NOTFOUND] = MOD_ACTION_RETURN,
+ [RLM_MODULE_NOOP] = 1,
+ [RLM_MODULE_UPDATED] = 3
+ },
+};
+
+unlang_mod_actions_t const mod_actions_postauth = {
+ .actions = {
+ [RLM_MODULE_REJECT] = MOD_ACTION_RETURN,
+ [RLM_MODULE_FAIL] = MOD_ACTION_RETURN,
+ [RLM_MODULE_OK] = 3,
+ [RLM_MODULE_HANDLED] = MOD_ACTION_RETURN,
+ [RLM_MODULE_INVALID] = MOD_ACTION_RETURN,
+ [RLM_MODULE_DISALLOW] = MOD_ACTION_RETURN,
+ [RLM_MODULE_NOTFOUND] = 1,
+ [RLM_MODULE_NOOP] = 2,
+ [RLM_MODULE_UPDATED] = 4
+ },
+ .retry = RETRY_INIT
+};
--- /dev/null
+#pragma once
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+/**
+ * $Id$
+ *
+ * @file unlang/mod_action.h
+ * @brief Unlang module actions
+ *
+ * @copyright 2024 The FreeRADIUS server project
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <freeradius-devel/server/rcode.h>
+#include <freeradius-devel/util/retry.h>
+
+/* Actions may be a positive integer (the highest one returned in the group
+ * will be returned), or the keyword "return", represented here by
+ * MOD_ACTION_RETURN, to cause an immediate return.
+ * There's also the keyword "reject", represented here by MOD_ACTION_REJECT
+ * to cause an immediate reject. */
+typedef enum {
+ MOD_ACTION_RETURN = -1,
+ MOD_ACTION_REJECT = -2,
+ MOD_ACTION_RETRY = -3,
+ /*
+ * If ubsan or the compiled complains
+ * about the missing enum values we'll
+ * need to add them here.
+ *
+ * Defining MOD_PRIORITY_MAX ensures the
+ * enum will always be large enough.
+ */
+ MOD_PRIORITY_MAX = 64
+} unlang_mod_action_t;
+
+typedef struct {
+ unlang_mod_action_t actions[RLM_MODULE_NUMCODES];
+ fr_retry_config_t retry;
+} unlang_mod_actions_t;
+
+extern unlang_mod_actions_t const mod_actions_authenticate;
+extern unlang_mod_actions_t const mod_actions_authorize;
+extern unlang_mod_actions_t const mod_actions_preacct;
+extern unlang_mod_actions_t const mod_actions_accounting;
+extern unlang_mod_actions_t const mod_actions_postauth;
+
+#ifdef __cplusplus
+}
+#endif
#include <freeradius-devel/unlang/call_env.h>
#include "module_priv.h"
-#include "subrequest_priv.h"
#include "tmpl.h"
unlang_module_fd_event_t fd_read; //!< Function to call when FD is readable.
unlang_module_fd_event_t fd_write; //!< Function to call when FD is writable.
unlang_module_fd_event_t fd_error; //!< Function to call when FD has errored.
- module_instance_t *mi; //!< Module instance to pass to callbacks.
+ module_instance_t *mi; //!< Module instance to pass to callbacks.
///< Use mi->data to get instance data.
void *thread; //!< Thread specific module instance.
void *env_data; //!< Per call environment data.
extern "C" {
#endif
-/* Actions may be a positive integer (the highest one returned in the group
- * will be returned), or the keyword "return", represented here by
- * MOD_ACTION_RETURN, to cause an immediate return.
- * There's also the keyword "reject", represented here by MOD_ACTION_REJECT
- * to cause an immediate reject. */
-#define MOD_ACTION_RETURN (-1)
-#define MOD_ACTION_REJECT (-2)
-#define MOD_ACTION_RETRY (-3)
-#define MOD_PRIORITY_MAX (64)
-
/** Types of unlang_t nodes
*
* Here are our basic types: unlang_t, unlang_group_t, and unlang_module_t. For an
bool closed; //!< whether or not this section is closed to new statements
CONF_ITEM *ci; //!< used to generate this item
unsigned int number; //!< unique node number
- unlang_actions_t actions; //!< Priorities, etc. for the various return codes.
+ unlang_mod_actions_t actions; //!< Priorities, etc. for the various return codes.
};
/** Describes how to allocate an #unlang_group_t with additional memory keyword specific data
* @param[in] mctx rlm_ldap configuration.
* @param[in] parent of the config section.
* @param[out] config to write the sub section parameters to.
- * @param[in] comp The section name were parsing the config for.
* @return
* - 0 on success.
* - < 0 on failure.
*/
static int parse_sub_section(module_inst_ctx_t const *mctx,
CONF_SECTION *parent, ldap_acct_section_t **config,
- rlm_components_t comp)
+ char const *name)
{
rlm_ldap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_ldap_t);
CONF_SECTION *cs;
- char const *name = section_type_value[comp];
-
cs = cf_section_find(parent, name, NULL);
if (!cs) {
DEBUG2("rlm_ldap (%s) - Couldn't find configuration for %s, will return NOOP for calls "
/*
* If the configuration parameters can't be parsed, then fail.
*/
- if ((parse_sub_section(mctx, conf, &inst->accounting, MOD_ACCOUNTING) < 0) ||
- (parse_sub_section(mctx, conf, &inst->postauth, MOD_POST_AUTH) < 0)) {
+ if ((parse_sub_section(mctx, conf, &inst->accounting, "accounting") < 0) ||
+ (parse_sub_section(mctx, conf, &inst->postauth, "post-auth") < 0)) {
cf_log_err(conf, "Failed parsing configuration");
goto error;
if (
(parse_sub_section(inst, conf, xlat_config, &inst->xlat, "xlat") < 0) ||
(parse_sub_section(inst, conf, section_config, &inst->authorize,
- section_type_value[MOD_AUTHORIZE]) < 0) ||
+ "authorize") < 0) ||
(parse_sub_section(inst, conf, section_config, &inst->authenticate,
- section_type_value[MOD_AUTHENTICATE]) < 0) ||
+ "authenticate") < 0) ||
(parse_sub_section(inst, conf, section_config, &inst->accounting,
- section_type_value[MOD_ACCOUNTING]) < 0) ||
+ "accounting") < 0) ||
(parse_sub_section(inst, conf, section_config, &inst->post_auth,
- section_type_value[MOD_POST_AUTH]) < 0))
+ "post-auth") < 0))
{
return -1;
}
{
.name1 = "recv",
.name2 = "Request",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(request),
},
{
.name1 = "send",
.name2 = "Reply",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(reply),
},
{ /* we can listen for others ARP replies, too */
.name1 = "recv",
.name2 = "Reply",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_reply),
},
{
.name1 = "recv",
.name2 = "Reverse-Request",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(reverse_request),
},
{
.name1 = "send",
.name2 = "Reverse-Reply",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(reverse_reply),
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond),
},
*/
#define SEND_RECV(_x, _y) \
{ \
- .name = "recv", \
+ .name1 = "recv", \
.name2 = _x, \
- .component = MOD_POST_AUTH, \
+ .actions = &mod_actions_postauth, \
.offset = PROCESS_CONF_OFFSET(recv_ ## _y), \
}, \
{ \
- .name = "send", \
+ .name1 = "send", \
.name2 = _x, \
- .component = MOD_POST_AUTH, \
+ .actions = &mod_actions_postauth, \
.offset = PROCESS_CONF_OFFSET(send_ ## _y), \
}
{
.name1 = "recv",
.name2 = "Discover",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.methods = (const virtual_server_method_t[]) {
{
- .name = "ippool",
+ .name1 = "ippool",
.name2 = "allocate",
},
COMPILE_TERMINATOR
{
.name1 = "send",
.name2 = "Offer",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(offer),
},
{
.name1 = "recv",
.name2 = "Request",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.methods = (const virtual_server_method_t[]) {
{
- .name = "ippool",
+ .name1 = "ippool",
.name2 = "extend",
},
COMPILE_TERMINATOR
{
.name1 = "send",
.name2 = "Ack",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(ack),
},
{
.name1 = "send",
.name2 = "NAK",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(nak),
},
{
.name1 = "recv",
.name2 = "Decline",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.methods = (const virtual_server_method_t[]) {
{
- .name = "ippool",
+ .name1 = "ippool",
.name2 = "mark",
},
COMPILE_TERMINATOR
{
.name1 = "recv",
.name2 = "Release",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.methods = (const virtual_server_method_t[]) {
{
- .name = "ippool",
+ .name1 = "ippool",
.name2 = "release",
},
COMPILE_TERMINATOR
{
.name1 = "recv",
.name2 = "Inform",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(inform),
},
{
.name1 = "recv",
.name2 = "Lease-Query",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(lease_query),
},
{
.name1 = "send",
.name2 = "Lease-Unassigned",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(lease_unassigned),
},
{
.name1 = "send",
.name2 = "Lease-Unknown",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(lease_unknown),
},
{
.name1 = "send",
.name2 = "Lease-Active",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(lease_active),
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond),
},
{
.name1 = "recv",
.name2 = "Solicit",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_solicit)
},
{
.name1 = "recv",
.name2 = "Request",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_request)
},
{
.name1 = "recv",
.name2 = "Confirm",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_confirm)
},
{
.name1 = "recv",
.name2 = "Renew",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_renew)
},
{
.name1 = "recv",
.name2 = "Rebind",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_rebind)
},
{
.name1 = "recv",
.name2 = "Release",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_release)
},
{
.name1 = "recv",
.name2 = "Decline",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_decline)
},
{
.name1 = "recv",
.name2 = "Reconfigure",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_reconfigure)
},
{
.name1 = "recv",
.name2 = "Information-Request",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_information_request)
},
{
.name1 = "recv",
.name2 = "Relay-Forward",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_relay_forward)
},
{
.name1 = "send",
.name2 = "Advertise",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(send_advertise)
},
{
.name1 = "send",
.name2 = "Reply",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(send_reply)
},
{
.name1 = "send",
.name2 = "Relay-Reply",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(send_relay_reply)
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond)
},
* @copyright 2024 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
* @copyright 2020 Network RADIUS SAS (legal@networkradius.com)
*/
-#include "lib/server/components.h"
#include "lib/server/rcode.h"
#include <freeradius-devel/server/protocol.h>
#include <freeradius-devel/server/pair.h>
{
.name1 = "recv",
.name2 = "Query",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(query),
},
{
.name1 = "send",
.name2 = "Query-Response",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(query_response),
},
{
.name1 = "recv",
.name2 = "Inverse-Query",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(inverse_query),
},
{
.name1 = "send",
.name2 = "Inverse-Query-Response",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(inverse_query_response),
},
{
.name1 = "recv",
.name2 = "Status",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(status),
},
{
.name1 = "send",
.name2 = "Status-Response",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(status_response),
},
{
.name1 = "recv",
.name2 = "Update",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(update),
},
{
.name1 = "send",
.name2 = "Update-Response",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(update_response),
},
{
.name1 = "recv",
.name2 = "Stateful-Operation",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(stateful_operation),
},
{
.name1 = "send",
.name2 = "Stateful-Operation-Response",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(stateful_operation_response),
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond),
},
#define ERROR_SECTION(_name, _number) \
{ \
- .name = "error", \
+ .name1 = "error", \
.name2 = _name, \
- .component = MOD_POST_AUTH, \
+ .actions = &mod_actions_postauth, \
.offset = PROCESS_CONF_OFFSET(rcode[_number]), \
}
{
.name1 = "recv",
.name2 = "Identity-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_identity_response)
},
{
.name1 = "send",
.name2 = "Identity-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_identity_request)
},
{
.name1 = "send",
.name2 = "AKA-Identity-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_aka_identity_request)
},
{
.name1 = "recv",
.name2 = "AKA-Identity-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_identity_response)
},
{
.name1 = "send",
.name2 = "Challenge-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_aka_challenge_request)
},
{
.name1 = "recv",
.name2 = "Challenge-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_challenge_response)
},
{
.name1 = "send",
.name2 = "Reauthentication-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_reauthentication_request)
},
{
.name1 = "recv",
.name2 = "Reauthentication-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_reauthentication_response)
},
{
.name1 = "recv",
.name2 = "Client-Error",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_client_error)
},
{
.name1 = "recv",
.name2 = "Authentication-Reject",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_authentication_reject)
},
{
.name1 = "recv",
.name2 = "Synchronization-Failure",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_synchronization_failure)
},
{
.name1 = "send",
.name2 = "Failure-Notification",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_failure_notification)
},
{
.name1 = "recv",
.name2 = "Failure-Notification-ACK",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_failure_notification_ack)
},
{
.name1 = "send",
.name2 = "Success-Notification",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_success_notification)
},
{
.name1 = "recv",
.name2 = "Success-Notification-ACK",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_success_notification_ack)
},
{
.name1 = "send",
.name2 = "EAP-Success",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_success)
},
{
.name1 = "send",
.name2 = "EAP-Failure",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_failure)
},
{
.name1 = "store",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.store_session)
},
{
.name1 = "load",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.load_session)
},
{
.name1 = "clear",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_session)
},
{
.name1 = "store",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.store_pseudonym)
},
{
.name1 = "load",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.load_pseudonym)
},
{
.name1 = "clear",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_pseudonym)
},
{
.name1 = "recv",
.name2 = "Identity-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_identity_response)
},
{
.name1 = "send",
.name2 = "Identity-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_identity_request)
},
{
.name1 = "send",
.name2 = "AKA-Identity-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_aka_identity_request)
},
{
.name1 = "recv",
.name2 = "AKA-Identity-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_identity_response)
},
{
.name1 = "send",
.name2 = "Challenge-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_aka_challenge_request)
},
{
.name1 = "recv",
.name2 = "Challenge-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_challenge_response)
},
{
.name1 = "send",
.name2 = "Reauthentication-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_reauthentication_request)
},
{
.name1 = "recv",
.name2 = "Reauthentication-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_reauthentication_response)
},
{
.name1 = "recv",
.name2 = "Client-Error",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_client_error)
},
{
.name1 = "recv",
.name2 = "Authentication-Reject",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_authentication_reject)
},
{
.name1 = "recv",
.name2 = "Synchronization-Failure",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_aka_synchronization_failure)
},
{
.name1 = "send",
.name2 = "Failure-Notification",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_failure_notification)
},
{
.name1 = "recv",
.name2 = "Failure-Notification-ACK",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_failure_notification_ack)
},
{
.name1 = "send",
.name2 = "Success-Notification",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_success_notification)
},
{
.name1 = "recv",
.name2 = "Success-Notification-ACK",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_success_notification_ack)
},
{
.name1 = "send",
.name2 = "EAP-Success",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_success)
},
{
.name1 = "send",
.name2 = "EAP-Failure",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_failure)
},
{
.name1 = "store",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.store_session)
},
{
.name1 = "load",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.load_session)
},
{
.name1 = "clear",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_session)
},
{
.name1 = "store",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.store_pseudonym)
},
{
.name1 = "load",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.load_pseudonym)
},
{
.name1 = "clear",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_pseudonym)
},
{
.name1 = "recv",
.name2 = "Identity-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_identity_response)
},
{
.name1 = "send",
.name2 = "Identity-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_identity_request)
},
{
.name1 = "send",
.name2 = "Start-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_sim_start_request)
},
{
.name1 = "recv",
.name2 = "Start-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_sim_start_response)
},
{
.name1 = "send",
.name2 = "Challenge-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_sim_challenge_request)
},
{
.name1 = "recv",
.name2 = "Challenge-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_sim_challenge_response)
},
{
.name1 = "send",
.name2 = "Reauthentication-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_reauthentication_request)
},
{
.name1 = "recv",
.name2 = "Reauthentication-Response",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_reauthentication_response)
},
{
.name1 = "recv",
.name2 = "Client-Error",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_client_error)
},
{
.name1 = "send",
.name2 = "Failure-Notification",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_failure_notification)
},
{
.name1 = "recv",
.name2 = "Failure-Notification-ACK",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_failure_notification_ack)
},
{
.name1 = "send",
.name2 = "Success-Notification",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_common_success_notification)
},
{
.name1 = "recv",
.name2 = "Success-Notification-ACK",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_common_success_notification_ack)
},
{
.name1 = "send",
.name2 = "EAP-Success",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_success)
},
{
.name1 = "send",
.name2 = "EAP-Failure",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.send_eap_failure)
},
{
.name1 = "store",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.store_session)
},
{
.name1 = "load",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.load_session)
},
{
.name1 = "clear",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_session)
},
{
.name1 = "store",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.store_pseudonym)
},
{
.name1 = "load",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.load_pseudonym)
},
{
.name1 = "clear",
.name2 = "pseudonym",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = offsetof(eap_aka_sim_process_conf_t, actions.clear_pseudonym)
},
{
.name1 = "load",
.name2 = "Cookie",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(load_cookie)
},
{
.name1 = "store",
.name2 = "Cookie",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(store_cookie)
},
{
.name1 = "recv",
.name2 = "Add",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(recv_add)
},
{
.name1 = "recv",
.name2 = "Present",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(recv_present)
},
{
.name1 = "recv",
.name2 = "Delete",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(recv_delete)
},
{
.name1 = "recv",
.name2 = "Modify",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(recv_modify)
},
{
.name1 = "recv",
.name2 = "Access-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(access_request),
},
{
.name1 = "send",
.name2 = "Access-Accept",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(access_accept),
},
{
.name1 = "send",
.name2 = "Access-Challenge",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(access_challenge),
},
{
.name1 = "send",
.name2 = "Access-Reject",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(access_reject),
},
{
.name1 = "recv",
.name2 = "Accounting-Request",
- .component = MOD_PREACCT,
+ .actions = &mod_actions_preacct,
.offset = PROCESS_CONF_OFFSET(accounting_request),
},
{
.name1 = "send",
.name2 = "Accounting-Response",
- .component = MOD_ACCOUNTING,
+ .actions = &mod_actions_accounting,
.offset = PROCESS_CONF_OFFSET(accounting_response),
},
{
.name1 = "recv",
.name2 = "Status-Server",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(status_server),
},
{
.name1 = "recv",
.name2 = "CoA-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(coa_request),
},
{
.name1 = "send",
.name2 = "CoA-ACK",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(coa_ack),
},
{
.name1 = "send",.name2 = "CoA-NAK",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(coa_nak),
},
{
.name1 = "recv",
.name2 = "Disconnect-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(disconnect_request),
},
{
.name1 = "send",
.name2 = "Disconnect-ACK",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(disconnect_ack),
},
{
.name1 = "send",
.name2 = "Disconnect-NAK",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(disconnect_nak),
},
{
.name1 = "send",
.name2 = "Protocol-Error",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(protocol_error),
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond),
},
{
.name1 = "authenticate",
.name2 = CF_IDENT_ANY,
- .component = MOD_AUTHENTICATE
+ .actions = &mod_actions_authenticate
},
{
.name1 = "accounting",
.name2 = CF_IDENT_ANY,
- .component = MOD_AUTHENTICATE
+ .actions = &mod_actions_authenticate
},
DYNAMIC_CLIENT_SECTIONS,
{
.name1 = "recv",
.name2 = "Authentication-Start",
- .component = MOD_AUTHENTICATE,
+ .actions = &mod_actions_authenticate,
.offset = PROCESS_CONF_OFFSET(auth_start),
},
{
.name1 = "send",
.name2 = "Authentication-Pass",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(auth_pass),
},
{
.name1 = "send",
.name2 = "Authentication-Fail",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(auth_fail),
},
{
.name1 = "send",
.name2 = "Authentication-GetData",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(auth_getdata),
},
{
.name1 = "send",
.name2 = "Authentication-GetUser",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(auth_getuser),
},
{
.name1 = "send",
.name2 = "Authentication-GetPass",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(auth_getpass),
},
{
.name1 = "send",
.name2 = "Authentication-Restart",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(auth_restart),
},
{
.name1 = "send",
.name2 = "Authentication-Error",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(auth_error),
},
{
.name1 = "recv",
.name2 = "Authentication-Continue",
- .component = MOD_AUTHENTICATE,
+ .actions = &mod_actions_authenticate,
.offset = PROCESS_CONF_OFFSET(auth_cont),
},
{
.name1 = "recv",
.name2 = "Authentication-Continue-Abort",
- .component = MOD_AUTHENTICATE,
+ .actions = &mod_actions_authenticate,
.offset = PROCESS_CONF_OFFSET(auth_cont_abort),
},
{
.name1 = "authenticate",
.name2 = CF_IDENT_ANY,
- .component = MOD_AUTHENTICATE,
+ .actions = &mod_actions_authenticate,
},
/* authorization */
{
.name1 = "recv",
.name2 = "Authorization-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(autz_request),
},
{
.name1 = "send",
.name2 = "Authorization-Pass-Add",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(autz_pass_add),
},
{
.name1 = "send",
.name2 = "Authorization-Pass-Replace",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(autz_pass_replace),
},
{
.name1 = "send",
.name2 = "Authorization-Fail",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(autz_fail),
},
{
.name1 = "send",
.name2 = "Authorization-Error",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(autz_error),
},
{
.name1 = "recv",
.name2 = "Accounting-Request",
- .component = MOD_ACCOUNTING,
+ .actions = &mod_actions_accounting,
.offset = PROCESS_CONF_OFFSET(acct_request),
},
{
.name1 = "send",
.name2 = "Accounting-Success",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(acct_success),
},
{
.name1 = "send",
.name2 = "Accounting-Error",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(acct_error),
},
{
.name1 = "accounting",
.name2 = CF_IDENT_ANY,
- .component = MOD_ACCOUNTING,
+ .actions = &mod_actions_accounting,
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond),
},
{
.name1 = "recv",
.name2 = "Request",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(recv_request),
},
{
.name1 = "send",
.name2 = "Reply",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(send_reply),
},
{
.name1 = "store",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(store_session)
},
{
.name1 = "load",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(load_session)
},
{
.name1 = "clear",
.name2 = "session",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(clear_session)
},
{
.name1 = "verify",
.name2 = "certificate",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(verify_certificate)
},
COMPILE_TERMINATOR
{
.name1 = "recv",
.name2 = "Access-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(access_request),
},
{
.name1 = "send",
.name2 = "Access-Accept",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(access_accept),
},
{
.name1 = "send",
.name2 = "Access-Challenge",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(access_challenge),
},
{
.name1 = "send",
.name2 = "Access-Reject",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(access_reject),
},
{
.name1 = "send",
.name2 = "Protocol-Error",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(protocol_error),
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond),
},
{
.name1 = "authenticate",
.name2 = CF_IDENT_ANY,
- .component = MOD_AUTHENTICATE
+ .actions = &mod_actions_authenticate
},
COMPILE_TERMINATOR
};
{
.name1 = "recv",
.name2 = "Join-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(join_request),
},
{
.name1 = "send",
.name2 = "Join-Response",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(join_response),
},
{
.name1 = "recv",
.name2 = "Reconfirm-Request",
- .component = MOD_AUTHORIZE,
+ .actions = &mod_actions_authorize,
.offset = PROCESS_CONF_OFFSET(reconfirm_request),
},
{
.name1 = "send",
.name2 = "Reconfirm-Response",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(reconfirm_response),
},
{
.name1 = "send",
.name2 = "Do-Not-Respond",
- .component = MOD_POST_AUTH,
+ .actions = &mod_actions_postauth,
.offset = PROCESS_CONF_OFFSET(do_not_respond),
},
}
policy {
- files.authorize {
+ files {
split_username_nai
if (&Stripped-User-Name == "bob") {
&control.Password.Cleartext := "bob"
# The main problem is that conf section references
# also have dots in them...
#
-with.dots
+
+# FIXME - Doesn't currently work
+#with.dots
success
projects / thirdparty / freeradius-server.git / commitdiff
