replace Packet-Authentication-Vector

It's still used for radius_tp_decode_proto, but the attribute
is no longer a virtual one

diff --git a/doc/antora/modules/installation/pages/upgrade.adoc b/doc/antora/modules/installation/pages/upgrade.adoc
index 15d5e68b1ce9794f8159e9e44c1588d7501860fe..a586dcee8e257c729a25bdc0020af9b782d9c5ce 100644 (file)
--- a/doc/antora/modules/installation/pages/upgrade.adoc
+++ b/doc/antora/modules/installation/pages/upgrade.adoc
@@ -1038,3 +1038,5 @@ Many "virtual" or "fake" attributes have been removed or renamed.
 `&Response-Packet-Type` should be replaced by `&reply.Packet-Type`.
 
 `&Virtual-Server` should be replaced by `%(interpreter:server)`.
+
+`&Packet-Authentication-Vector` should be replaced by `%{radius.packet.vector:}`.

diff --git a/src/lib/server/tmpl_eval.c b/src/lib/server/tmpl_eval.c
index 552f4700c4ba4b1bf42f75ecfbaca0d7987fdcb6..266010155dcc4e6cb02358746519ef6656b5244f 100644 (file)
--- a/src/lib/server/tmpl_eval.c
+++ b/src/lib/server/tmpl_eval.c
@@ -57,7 +57,6 @@ static fr_dict_attr_t const *attr_packet_dst_port;
 static fr_dict_attr_t const *attr_packet_src_ip_address;
 static fr_dict_attr_t const *attr_packet_src_ipv6_address;
 static fr_dict_attr_t const *attr_packet_src_port;
-static fr_dict_attr_t const *attr_packet_authentication_vector;
 
 /** Placeholder attribute for uses of unspecified attribute references
  */
@@ -71,8 +70,6 @@ static fr_dict_attr_autoload_t tmpl_dict_attr[] = {
        { .out = &attr_packet_src_ip_address, .name = "Packet-Src-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius },
        { .out = &attr_packet_src_ipv6_address, .name = "Packet-Src-IPv6-Address", .type = FR_TYPE_IPV6_ADDR, .dict = &dict_freeradius },
        { .out = &attr_packet_src_port, .name = "Packet-Src-Port", .type = FR_TYPE_UINT16, .dict = &dict_freeradius },
-
-       { .out = &attr_packet_authentication_vector, .name = "Packet-Authentication-Vector", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { NULL }
 };
 

diff --git a/src/listen/radius/proto_radius.c b/src/listen/radius/proto_radius.c
index 9d6002cf286bb429482a3766ef2cf91c2aa2fa5f..a412a230004ff8738458a56ff059ea3a2f274a10 100644 (file)
--- a/src/listen/radius/proto_radius.c
+++ b/src/listen/radius/proto_radius.c
@@ -24,6 +24,7 @@
  */
 #include <freeradius-devel/radius/radius.h>
 #include <freeradius-devel/io/listen.h>
+#include <freeradius-devel/unlang/xlat_func.h>
 #include <freeradius-devel/server/module_rlm.h>
 #include "proto_radius.h"
 
@@ -563,17 +564,51 @@ static int mod_bootstrap(module_inst_ctx_t const *mctx)
        return fr_master_app_io.common.bootstrap(MODULE_INST_CTX(inst->io.dl_inst));
 }
 
+/** Get the authentication vector.
+ *
+ *  Note that we don't allow people to get the reply vector, because
+ *  it doesn't exist until the reply is sent.
+ *
+ */
+static xlat_action_t packet_vector_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
+                                       UNUSED xlat_ctx_t const *xctx, request_t *request,
+                                       UNUSED fr_value_box_list_t *in)
+{
+       fr_value_box_t  *vb;
+
+       if (request->dict != dict_radius) return XLAT_ACTION_FAIL;
+
+       MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_OCTETS, NULL));
+       if (fr_value_box_memdup(vb, vb, NULL, request->packet->vector, sizeof(request->packet->vector), true) < 0) {
+               talloc_free(vb);
+               return XLAT_ACTION_FAIL;
+       }
+
+       fr_dcursor_append(out, vb);
+
+       return XLAT_ACTION_DONE;
+}
+
+
 static int mod_load(void)
 {
+       xlat_t  *xlat;
+
        if (fr_radius_init() < 0) {
                PERROR("Failed initialising protocol library");
                return -1;
        }
+
+
+       if (!(xlat = xlat_func_register(NULL, "radius.packet.vector", packet_vector_xlat, FR_TYPE_OCTETS))) return -1;
+
        return 0;
 }
 
 static void mod_unload(void)
 {
+       xlat_func_unregister("radius.packet.vector");
+
        fr_radius_free();
 }