index 6fff875fb3..d172db865a 100644
--- a/src/lib/eap_aka_sim/module.c
+++ b/src/lib/eap_aka_sim/module.c
-@@ -340,7 +340,7 @@ unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *m
+@@ -340,7 +340,7 @@ unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *m
goto done;
}
fr_radius_packet_code_t chbind_process(request_t *request, CHBIND_REQ *chbind)
{
fr_radius_packet_code_t code;
- rlm_rcode_t rcode;
+ unlang_result_t result;
request_t *fake = NULL;
uint8_t const *attr_data;
size_t data_len = 0;
// fake->server_cs = virtual_server_find("channel_bindings");
fake->packet->code = FR_RADIUS_CODE_ACCESS_REQUEST;
- rad_virtual_server(&rcode, fake);
- switch (rcode) {
+ rad_virtual_server(&result, fake);
+ switch (result.rcode) {
/* If the virtual server succeeded, build a reply */
case RLM_MODULE_OK:
case RLM_MODULE_HANDLED:
/** Encode EAP session data from attributes
*
*/
-static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
eap_session_t *eap_session = eap_session_get(request->parent);
RDEBUG2("Encoding attributes");
log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->reply_pairs, NULL);
- if (fr_aka_sim_encode(request, &request->reply_pairs, &encode_ctx) <= 0) RETURN_MODULE_FAIL;
+ if (fr_aka_sim_encode(request, &request->reply_pairs, &encode_ctx) <= 0) RETURN_UNLANG_FAIL;
switch (subtype_vp->vp_uint16) {
case FR_SUBTYPE_VALUE_AKA_IDENTITY:
/** Decode EAP session data into attribute
*
*/
-unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t);
eap_session_t *eap_session = eap_session_get(request->parent);
switch (eap_session->this_round->response->type.num) {
default:
REDEBUG2("Unsupported EAP type (%u)", eap_session->this_round->response->type.num);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
case FR_EAP_METHOD_IDENTITY:
case FR_EAP_METHOD_NAK: /* Peer NAK'd our original suggestion */
if (slen <= 0) {
RPEDEBUG("AT_MAC calculation failed");
pair_delete_control(vp);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
break;
if (virtual_server_push(&mod_session->virtual_server_result, request, inst->virtual_server, UNLANG_SUB_FRAME) < 0) {
unlang_interpet_frame_discard(request);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return UNLANG_ACTION_PUSHED_CHILD;
fr_aka_sim_ctx_t ctx;
} eap_aka_sim_mod_session_t;
-unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);
+unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request);
#ifdef __cplusplus
}
# define EAP_TLS_MPPE_KEY_LEN 32
#endif
-#define STATE(_x) static inline unlang_action_t state_ ## _x(rlm_rcode_t *p_result, \
+#define STATE(_x) static inline unlang_action_t state_ ## _x(unlang_result_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)
-#define STATE_GUARD(_x) static unlang_action_t guard_ ## _x(rlm_rcode_t *p_result, \
+#define STATE_GUARD(_x) static unlang_action_t guard_ ## _x(unlang_result_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)
-#define RESUME(_x) static inline unlang_action_t resume_ ## _x(rlm_rcode_t *p_result, \
+#define RESUME(_x) static inline unlang_action_t resume_ ## _x(unlang_result_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)
#define STATE_NO_RESULT(_x) \
- static inline unlang_action_t state_ ## _x(UNUSED rlm_rcode_t *p_result, \
+ static inline unlang_action_t state_ ## _x(UNUSED unlang_result_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)
#define STATE_GUARD_NO_RESULT(_x) \
- static unlang_action_t guard_ ## _x(UNUSED rlm_rcode_t *p_result, \
+ static unlang_action_t guard_ ## _x(UNUSED unlang_result_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)
#define RESUME_NO_RESULT(_x) \
- static inline unlang_action_t resume_ ## _x(UNUSED rlm_rcode_t *p_result, \
+ static inline unlang_action_t resume_ ## _x(UNUSED unlang_result_t *p_result, \
module_ctx_t const *mctx, \
request_t *request)
* @param[in] eap_aka_sim_session the EAP session
* @param[in] next function to call after storing sessions and pseudonyms.
*/
-static unlang_action_t session_and_pseudonym_store(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+static unlang_action_t session_and_pseudonym_store(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request,
eap_aka_sim_session_t *eap_aka_sim_session,
module_method_t next)
* @param[in] eap_aka_sim_session the current EAP session
* @param[in] next function to call after clearing sessions and pseudonyms.
*/
-static unlang_action_t session_and_pseudonym_clear(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+static unlang_action_t session_and_pseudonym_clear(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request,
eap_aka_sim_session_t *eap_aka_sim_session,
module_method_t next)
/** Called after 'store session { ... }' and 'store pseudonym { ... }'
*
*/
-static unlang_action_t common_reauthentication_request_send(rlm_rcode_t *p_result,
+static unlang_action_t common_reauthentication_request_send(unlang_result_t *p_result,
module_ctx_t const *mctx, request_t *request)
{
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
eap_aka_sim_session->keys.reauth.nonce_s,
sizeof(eap_aka_sim_session->keys.reauth.nonce_s));
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/** Called after 'store session { ... }' and 'store pseudonym { ... }'
*
*/
-static unlang_action_t aka_challenge_request_send(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t aka_challenge_request_send(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
*/
common_crypto_export(request, eap_aka_sim_session, NULL, 0, NULL, 0);
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/** Called after 'store session { ... }' and 'store pseudonym { ... }'
*
*/
-static unlang_action_t sim_challenge_request_send(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t sim_challenge_request_send(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
uint8_t sres_cat[AKA_SIM_VECTOR_GSM_SRES_SIZE * 3];
eap_aka_sim_session->keys.gsm.nonce_mt, sizeof(eap_aka_sim_session->keys.gsm.nonce_mt),
sres_cat, sizeof(sres_cat));
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/** Helper function to check for the presence and length of AT_SELECTED_VERSION and copy its value into the keys structure
*/
STATE(eap_failure)
{
- if (!fr_cond_assert(request && mctx && mctx->rctx)) RETURN_MODULE_FAIL; /* unused args */
+ if (!fr_cond_assert(request && mctx && mctx->rctx)) RETURN_UNLANG_FAIL; /* unused args */
fr_assert(0); /* Should never actually be called */
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/** Resume after 'send EAP-Failure { ... }'
{
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
- if (!fr_cond_assert(mctx && mctx->rctx)) RETURN_MODULE_FAIL; /* unused args */
+ if (!fr_cond_assert(mctx && mctx->rctx)) RETURN_UNLANG_FAIL; /* unused args */
SECTION_RCODE_IGNORED;
RDEBUG2("Sending EAP-Failure");
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
/** Enter EAP-FAILURE state
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx,
eap_aka_sim_session_t);
- if (!fr_cond_assert(mctx)) RETURN_MODULE_FAIL; /* quiet unused warning */
+ if (!fr_cond_assert(mctx)) RETURN_UNLANG_FAIL; /* quiet unused warning */
SECTION_RCODE_IGNORED;
*/
common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_AKA_SIM_NOTIFICATION);
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/** Enter the FAILURE-NOTIFICATION state
{
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
- if (!fr_cond_assert(request && mctx && eap_aka_sim_session)) RETURN_MODULE_FAIL; /* unused args */
+ if (!fr_cond_assert(request && mctx && eap_aka_sim_session)) RETURN_UNLANG_FAIL; /* unused args */
fr_assert(0); /* Should never actually be called */
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/** Resume after 'send EAP-Success { ... }'
p += EAP_TLS_MPPE_KEY_LEN;
eap_add_reply(request->parent, attr_ms_mppe_send_key, p, EAP_TLS_MPPE_KEY_LEN);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Enter EAP-SUCCESS state
SECTION_RCODE_PROCESS;
- if (!fr_cond_assert(after_authentication(eap_aka_sim_session))) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(after_authentication(eap_aka_sim_session))) RETURN_UNLANG_FAIL;
/*
* If we're in this state success bit is
*/
common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_AKA_SIM_NOTIFICATION);
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/** Enter the SUCCESS-NOTIFICATION state
/** Send a EAP-Request/(AKA|SIM)-Reauthenticate message to the supplicant
*
*/
-static unlang_action_t common_reauthentication_request_compose(rlm_rcode_t *p_result,
+static unlang_action_t common_reauthentication_request_compose(unlang_result_t *p_result,
module_ctx_t const *mctx,
request_t *request,
eap_aka_sim_session_t *eap_aka_sim_session)
(fr_aka_sim_vector_gsm_from_attrs(request, &request->control_pairs, 2,
&eap_aka_sim_session->keys, &src) != 0)) {
REDEBUG("Failed retrieving SIM vectors");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
fr_aka_sim_crypto_gsm_kdf_0(&eap_aka_sim_session->keys);
}
fr_assert(0);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/** Resume after 'recv Identity-Response { ... }' or 'recv AKA-Identity { ... }'
*/
common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_AKA_IDENTITY);
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/** Enter the AKA-IDENTITY state
common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_SIM_START);
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/** Enter the SIM-START state
}
fr_assert(0);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/** Resume after 'recv Identity-Response { ... }'
default:
fr_assert(0);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
/** Resumes the state machine when receiving a new response packet
*
*/
-unlang_action_t eap_aka_sim_state_machine_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+unlang_action_t eap_aka_sim_state_machine_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t);
eap_aka_sim_session_t *eap_aka_sim_session = request_data_reference(request,
if (unlikely(request_data_add(request, (void *)eap_aka_sim_state_machine_process, 0,
eap_aka_sim_session, true, true, true) < 0)) {
RPEDEBUG("Failed creating new EAP-SIM/AKA/AKA' session");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
eap_aka_sim_session->type = inst->type;
*/
our_mctx.rctx = eap_aka_sim_session;
- if (!fr_cond_assert(eap_aka_sim_session->state)) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(eap_aka_sim_session->state)) RETURN_UNLANG_FAIL;
return eap_aka_sim_session->state(p_result, &our_mctx, request);
}
eap_aka_sim_actions_t actions; //!< Pre-compiled virtual server sections.
} eap_aka_sim_process_conf_t;
-unlang_action_t eap_aka_sim_state_machine_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);
+unlang_action_t eap_aka_sim_state_machine_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request);
#ifdef __cplusplus
}
* Run a virtual server auth and postauth
*
*/
-unlang_action_t rad_virtual_server(rlm_rcode_t *p_result, request_t *request)
+unlang_action_t rad_virtual_server(unlang_result_t *p_result, request_t *request)
{
RDEBUG("Virtual server %s received request NOT IMPLEMENTED", cf_section_name2(unlang_call_current(request)));
log_request_pair_list(L_DBG_LVL_1, request, NULL, &request->request_pairs, NULL);
* Except that the caller expects this function to be run
* _synchronously_, and all of that needs to be fixed.
*/
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
#if 0
{
if (!request->async) {
#ifdef STATIC_ANALYZER
- if (!request->parent) RETURN_MODULE_FAIL;
+ if (!request->parent) RETURN_UNLANG_FAIL;
#endif
fr_assert(request->parent != NULL);
if (!request->reply->code ||
(request->reply->code == FR_RADIUS_CODE_ACCESS_REJECT)) {
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
if (request->reply->code == FR_RADIUS_CODE_ACCESS_CHALLENGE) {
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
#endif
}
#endif
#include <freeradius-devel/server/request.h>
-#include <freeradius-devel/server/rcode.h>
+#include <freeradius-devel/unlang/interpret.h>
-unlang_action_t rad_virtual_server(rlm_rcode_t *p_result, request_t *request);
+unlang_action_t rad_virtual_server(unlang_result_t *p_result, request_t *request);
#ifdef __cplusplus
}
#include <freeradius-devel/server/module_ctx.h>
#include <freeradius-devel/server/rcode.h>
#include <freeradius-devel/server/request.h>
+#include <freeradius-devel/unlang/interpret.h>
DIAG_OFF(attributes)
typedef enum CC_HINT(flag_enum) {
* @param[in] request to process.
* @return the appropriate rcode.
*/
-typedef unlang_action_t (*module_method_t)(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);
+typedef unlang_action_t (*module_method_t)(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request);
/** Module instantiation callback
*
#define UPDATE_STATE(_x) state = &process_state_ ## _x [request->_x->code]
-#define RECV(_x) static inline unlang_action_t recv_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
-#define SEND(_x) static inline unlang_action_t send_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
-#define SEND_NO_RESULT(_x) static inline unlang_action_t send_ ## _x(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
-#define RESUME(_x) static inline unlang_action_t resume_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
-#define RESUME_FLAG(_x, _p_result_flag, _mctx_flag) static inline unlang_action_t resume_ ## _x(_p_result_flag rlm_rcode_t *p_result, _mctx_flag module_ctx_t const *mctx, request_t *request)
+#define RECV(_x) static inline unlang_action_t recv_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
+#define SEND(_x) static inline unlang_action_t send_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
+#define SEND_NO_RESULT(_x) static inline unlang_action_t send_ ## _x(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
+#define RESUME(_x) static inline unlang_action_t resume_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
+#define RESUME_FLAG(_x, _p_result_flag, _mctx_flag) static inline unlang_action_t resume_ ## _x(_p_result_flag unlang_result_t *p_result, _mctx_flag module_ctx_t const *mctx, request_t *request)
/** Returns the current rcode then resets it for the next module call
*
* @return Result of the method call.
*/
static inline CC_HINT(always_inline)
-unlang_action_t process_with_rctx(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+unlang_action_t process_with_rctx(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request, module_method_t method, void *rctx)
{
module_ctx_t our_mctx = *mctx;
#define CALL_SEND_TYPE(_x) call_send_type(process_state_reply[(request->reply->code = _x)].send, p_result, mctx, request)
static inline unlang_action_t call_send_type(module_method_t send, \
- rlm_rcode_t *p_result, module_ctx_t const *mctx,
+ unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request)
{
/*
} else {
REDEBUG("Invalid packet type (%u)", request->packet->code);
}
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
fr_assert(rcode < RLM_MODULE_NUMCODES);
switch (state->packet_type[rcode]) {
case 0: /* don't change the reply */
- *p_result = state->result_rcode;
+ p_result->rcode = state->result_rcode;
break;
default:
cs, state->default_rcode, state->send,
NULL, 0, mctx->rctx);
}
- *p_result = state->result_rcode;
+ p_result->rcode = state->result_rcode;
fr_assert(!state->packet_type[rcode] || (state->packet_type[rcode] == request->reply->code));
break;
fr_table_str_by_value(rcode_table, rcode, "<INVALID>"));
}
request->reply->code = PROCESS_CODE_DO_NOT_RESPOND;
- *p_result = state->result_rcode;
+ p_result->rcode = state->result_rcode;
break;
#endif
}
*/
if (request->reply->code == PROCESS_CODE_DO_NOT_RESPOND) {
RDEBUG("Not sending reply to client");
- *p_result = RLM_MODULE_HANDLED;
+ p_result->rcode = RLM_MODULE_HANDLED;
return UNLANG_ACTION_CALCULATE_RESULT;
}
#endif
#ifdef PROCESS_CODE_DYNAMIC_CLIENT
RESUME_FLAG(new_client_done,,UNUSED)
{
- *p_result = RLM_MODULE_OK;
+ p_result->rcode = RLM_MODULE_OK;
request->reply->timestamp = fr_time();
request->module = NULL;
if (!cs) {
- *p_result = RLM_MODULE_OK;
+ p_result->rcode = RLM_MODULE_OK;
request->reply->timestamp = fr_time();
return UNLANG_ACTION_CALCULATE_RESULT;
}
NULL, 0, mctx->rctx);
}
-static inline unlang_action_t new_client(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static inline unlang_action_t new_client(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
CONF_SECTION *cs;
PROCESS_INST const *inst = mctx->mi->data;
//!< returned by modules).
} rlm_rcode_t;
-#define RETURN_MODULE_REJECT do { *p_result = RLM_MODULE_REJECT; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_FAIL do { *p_result = RLM_MODULE_FAIL; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_OK do { *p_result = RLM_MODULE_OK; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_HANDLED do { *p_result = RLM_MODULE_HANDLED; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_INVALID do { *p_result = RLM_MODULE_INVALID; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_DISALLOW do { *p_result = RLM_MODULE_DISALLOW; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_NOTFOUND do { *p_result = RLM_MODULE_NOTFOUND; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_NOOP do { *p_result = RLM_MODULE_NOOP; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_UPDATED do { *p_result = RLM_MODULE_UPDATED; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_TIMEOUT do { *p_result = RLM_MODULE_TIMEOUT; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-#define RETURN_MODULE_RCODE(_rcode) do { *p_result = (_rcode); return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
-
#define RETURN_UNLANG_REJECT do { p_result->rcode = RLM_MODULE_REJECT; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
#define RETURN_UNLANG_FAIL do { p_result->rcode = RLM_MODULE_FAIL; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
#define RETURN_UNLANG_OK do { p_result->rcode = RLM_MODULE_OK; return UNLANG_ACTION_CALCULATE_RESULT; } while (0)
* the scratch result for the frame, and
* _NOT_ what was passed in for p_result.
*/
- return resume(&frame->scratch_result.rcode,
+ return resume(&frame->scratch_result,
MODULE_CTX(m->mmc.mi, module_thread(m->mmc.mi)->data,
state->env_data, rctx),
request);
/** Cancel the retry timer on resume
*
*/
-static unlang_action_t unlang_module_retry_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t unlang_module_retry_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
unlang_stack_t *stack = request->stack;
unlang_stack_frame_t *frame = &stack->frame[stack->depth];
* Lock is noop unless instance->mutex is set.
*/
safe_lock(m->mmc.mi);
- ua = resume(&p_result->rcode, MODULE_CTX(m->mmc.mi, state->thread->data,
- state->env_data, state->rctx), request);
+ ua = resume(p_result, MODULE_CTX(m->mmc.mi, state->thread->data,
+ state->env_data, state->rctx), request);
safe_unlock(m->mmc.mi);
if (request->master_state == REQUEST_STOP_PROCESSING) ua = UNLANG_ACTION_STOP_PROCESSING;
request->module = m->mmc.mi->name;
safe_lock(m->mmc.mi); /* Noop unless instance->mutex set */
- ua = m->mmc.mmb.method(&p_result->rcode,
+ ua = m->mmc.mmb.method(p_result,
MODULE_CTX(m->mmc.mi, state->thread->data, state->env_data, state->rctx),
request);
safe_unlock(m->mmc.mi);
* Just return the rcode ... this function is autz, auth, acct, and
* preacct!
*/
-static unlang_action_t CC_HINT(nonnull) mod_always_return(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_always_return(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
rlm_always_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_always_t);
- RETURN_MODULE_RCODE(inst->mutable->rcode);
+ RETURN_UNLANG_RCODE(inst->mutable->rcode);
}
static int mod_detach(module_detach_ctx_t const *mctx)
/*
* Common attr_filter checks
*/
-static unlang_action_t CC_HINT(nonnull) attr_filter_common(TALLOC_CTX *ctx, rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) attr_filter_common(TALLOC_CTX *ctx, unlang_result_t *p_result,
module_ctx_t const *mctx, request_t *request,
fr_pair_list_t *list)
{
slen = tmpl_expand(&keyname, buffer, sizeof(buffer), request, inst->key);
if (slen < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if ((keyname == buffer) && is_truncated((size_t)slen, sizeof(buffer))) {
REDEBUG("Key too long, expected < " STRINGIFY(sizeof(buffer)) " bytes, got %zi bytes", slen);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
*/
if (!found) {
fr_assert(fr_pair_list_empty(&output));
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
fr_pair_list_free(list);
fr_pair_list_append(list, &output);
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
-#define RLM_AF_FUNC(_x, _y) static unlang_action_t CC_HINT(nonnull) mod_##_x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) \
+#define RLM_AF_FUNC(_x, _y) static unlang_action_t CC_HINT(nonnull) mod_##_x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) \
{ \
return attr_filter_common(request->_y##_ctx, p_result, mctx, request, &request->_y##_pairs); \
}
* @copyright 2024 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
* @copyright 2012-2014 The FreeRADIUS server project
*/
+#include "lib/unlang/action.h"
RCSID("$Id$")
#define LOG_PREFIX mctx->mi->name
* - #RLM_MODULE_FAIL on failure.
* - #RLM_MODULE_NOTFOUND on cache miss.
*/
-static unlang_action_t cache_find(rlm_rcode_t *p_result, rlm_cache_entry_t **out,
+static unlang_action_t cache_find(unlang_result_t *p_result, rlm_cache_entry_t **out,
rlm_cache_t const *inst, request_t *request,
rlm_cache_handle_t **handle, fr_value_box_t const *key)
{
case CACHE_RECONNECT:
RDEBUG2("Reconnecting...");
if (cache_reconnect(handle, inst, request) == 0) continue;
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
case CACHE_OK:
break;
case CACHE_MISS:
RDEBUG2("No cache entry found for \"%pV\"", key);
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
expired:
inst->driver->expire(&inst->config, inst->driver_submodule->data, request, handle, key);
cache_free(inst, &c);
- RETURN_MODULE_NOTFOUND; /* Couldn't find a non-expired entry */
+ RETURN_UNLANG_NOTFOUND; /* Couldn't find a non-expired entry */
}
if (fr_unix_time_lt(c->created, fr_unix_time_from_sec(inst->config.epoch))) {
c->hits++;
*out = c;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Expire a cache entry (removing it from the datastore)
* - #RLM_MODULE_NOTFOUND if no entry existed.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t cache_expire(rlm_rcode_t *p_result,
+static unlang_action_t cache_expire(unlang_result_t *p_result,
rlm_cache_t const *inst, request_t *request,
rlm_cache_handle_t **handle, fr_value_box_t const *key)
{
FALL_THROUGH;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
case CACHE_OK:
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
case CACHE_MISS:
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
}
}
* - #RLM_MODULE_UPDATED if we merged the cache entry.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t cache_insert(rlm_rcode_t *p_result,
+static unlang_action_t cache_insert(unlang_result_t *p_result,
rlm_cache_t const *inst, request_t *request, rlm_cache_handle_t **handle,
fr_value_box_t const *key, map_list_t const *maps, fr_time_delta_t ttl)
{
if ((inst->config.max_entries > 0) && inst->driver->count &&
(inst->driver->count(&inst->config, inst->driver_submodule->data, request, handle) > inst->config.max_entries)) {
RWDEBUG("Cache is full: %d entries", inst->config.max_entries);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
c = cache_alloc(inst, request);
if (!c) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
map_list_init(&c->maps);
if (unlikely(fr_value_box_copy(c, &c->key, key) < 0)) {
RERROR("Failed copying key");
talloc_free(c);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
REDEBUG("Failed copying attribute value");
talloc_free(pool);
talloc_free(c);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
break;
switch (ret) {
case CACHE_RECONNECT:
if (cache_reconnect(handle, inst, request) == 0) continue;
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
case CACHE_OK:
RDEBUG2("Committed entry, TTL %pV seconds", fr_box_time_delta(ttl));
cache_free(inst, &c);
- RETURN_MODULE_RCODE(merge ? RLM_MODULE_UPDATED : RLM_MODULE_OK);
+ RETURN_UNLANG_RCODE(merge ? RLM_MODULE_UPDATED : RLM_MODULE_OK);
default:
talloc_free(c); /* Failed insertion - use talloc_free not the driver free */
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
}
* - #RLM_MODULE_OK on success.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t cache_set_ttl(rlm_rcode_t *p_result,
+static unlang_action_t cache_set_ttl(unlang_result_t *p_result,
rlm_cache_t const *inst, request_t *request,
rlm_cache_handle_t **handle, rlm_cache_entry_t *c)
{
switch (ret) {
case CACHE_RECONNECT:
if (cache_reconnect(handle, inst, request) == 0) continue;
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
case CACHE_OK:
RDEBUG2("Updated entry TTL");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
switch (ret) {
case CACHE_RECONNECT:
if (cache_reconnect(handle, inst, request) == 0) continue;
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
case CACHE_OK:
RDEBUG2("Updated entry TTL");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
}
* If you want to cache something different in different sections, configure
* another cache module.
*/
-static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_cache_it(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_cache_entry_t *c = NULL;
rlm_cache_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_cache_t);
bool merge = true, insert = true, expire = false, set_ttl = false;
int exists = -1;
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
-
fr_time_delta_t ttl = inst->config.ttl;
+ p_result->rcode = RLM_MODULE_NOOP;
+
if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) {
REDEBUG("Zero length key string is invalid");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
REXDENT();
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
- cache_find(&rcode, &c, inst, request, &handle, env->key);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_find(p_result, &c, inst, request, &handle, env->key);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
fr_assert(!inst->driver->acquire || handle);
- rcode = c ? RLM_MODULE_OK:
- RLM_MODULE_NOTFOUND;
+ p_result->rcode = c ? RLM_MODULE_OK:
+ RLM_MODULE_NOTFOUND;
goto finish;
}
RDEBUG3("ttl : %pV", fr_box_time_delta(ttl));
REXDENT();
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* recording whether the entry existed.
*/
if (merge) {
- cache_find(&rcode, &c, inst, request, &handle, env->key);
- switch (rcode) {
+ cache_find(p_result, &c, inst, request, &handle, env->key);
+ switch (p_result->rcode) {
case RLM_MODULE_FAIL:
goto finish;
case RLM_MODULE_OK:
- rcode = cache_merge(inst, request, c);
+ p_result->rcode = cache_merge(inst, request, c);
exists = 1;
break;
case RLM_MODULE_NOTFOUND:
- rcode = RLM_MODULE_NOTFOUND;
+ p_result->rcode = RLM_MODULE_NOTFOUND;
exists = 0;
break;
*/
if (expire && ((exists == -1) || (exists == 1))) {
if (!insert) {
- rlm_rcode_t tmp;
+ unlang_result_t tmp;
fr_assert(!set_ttl);
cache_expire(&tmp, inst, request, &handle, env->key);
- switch (tmp) {
+ switch (tmp.rcode) {
case RLM_MODULE_FAIL:
- rcode = RLM_MODULE_FAIL;
+ p_result->rcode = RLM_MODULE_FAIL;
goto finish;
case RLM_MODULE_OK:
- if (rcode == RLM_MODULE_NOOP) rcode = RLM_MODULE_OK;
+ if (p_result->rcode == RLM_MODULE_NOOP) p_result->rcode = RLM_MODULE_OK;
break;
case RLM_MODULE_NOTFOUND:
- if (rcode == RLM_MODULE_NOOP) rcode = RLM_MODULE_NOTFOUND;
+ if (p_result->rcode == RLM_MODULE_NOOP) p_result->rcode = RLM_MODULE_NOTFOUND;
break;
default:
* determine that now.
*/
if ((exists < 0) && (insert || set_ttl)) {
- rlm_rcode_t tmp;
+ unlang_result_t tmp;
cache_find(&tmp, &c, inst, request, &handle, env->key);
- switch (tmp) {
+ switch (tmp.rcode) {
case RLM_MODULE_FAIL:
- rcode = RLM_MODULE_FAIL;
+ p_result->rcode = RLM_MODULE_FAIL;
goto finish;
case RLM_MODULE_OK:
exists = 1;
- if (rcode != RLM_MODULE_UPDATED) rcode = RLM_MODULE_OK;
+ if (p_result->rcode != RLM_MODULE_UPDATED) p_result->rcode = RLM_MODULE_OK;
break;
case RLM_MODULE_NOTFOUND:
* We can only alter the TTL on an entry if it exists.
*/
if (set_ttl && (exists == 1)) {
- rlm_rcode_t tmp;
+ unlang_result_t tmp;
fr_assert(c);
c->expires = fr_unix_time_add(fr_time_to_unix_time(request->packet->timestamp), ttl);
cache_set_ttl(&tmp, inst, request, &handle, c);
- switch (tmp) {
+ switch (tmp.rcode) {
case RLM_MODULE_FAIL:
- rcode = RLM_MODULE_FAIL;
+ p_result->rcode = RLM_MODULE_FAIL;
goto finish;
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
- if (rcode != RLM_MODULE_UPDATED) rcode = RLM_MODULE_OK;
+ if (p_result->rcode != RLM_MODULE_UPDATED) p_result->rcode = RLM_MODULE_OK;
goto finish;
default:
* insert.
*/
if (insert && (exists == 0)) {
- rlm_rcode_t tmp;
+ unlang_result_t tmp;
cache_insert(&tmp, inst, request, &handle, env->key, env->maps, ttl);
- switch (tmp) {
+ switch (tmp.rcode) {
case RLM_MODULE_FAIL:
- rcode = RLM_MODULE_FAIL;
+ p_result->rcode = RLM_MODULE_FAIL;
goto finish;
case RLM_MODULE_OK:
- if (rcode != RLM_MODULE_UPDATED) rcode = RLM_MODULE_OK;
+ if (p_result->rcode != RLM_MODULE_UPDATED) p_result->rcode = RLM_MODULE_OK;
break;
case RLM_MODULE_UPDATED:
- rcode = RLM_MODULE_UPDATED;
+ p_result->rcode = RLM_MODULE_UPDATED;
break;
default:
}
}
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
static xlat_arg_parser_t const cache_xlat_args[] = {
tmpl_t *target = NULL;
map_t *map = NULL;
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
+ unlang_result_t result = { .rcode = RLM_MODULE_NOOP };
slen = tmpl_afrom_attr_substr(ctx, NULL, &target,
&FR_SBUFF_IN(attr->vb_strvalue, attr->vb_length),
return XLAT_ACTION_FAIL;
}
- cache_find(&rcode, &c, inst, request, &handle, env->key);
- switch (rcode) {
+ cache_find(&result, &c, inst, request, &handle, env->key);
+ switch (result.rcode) {
case RLM_MODULE_OK: /* found */
break;
cache_call_env_t *env = talloc_get_type_abort(xctx->env_data, cache_call_env_t);
rlm_cache_handle_t *handle = NULL;
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
+ unlang_result_t result = { .rcode = RLM_MODULE_NOOP };
fr_value_box_t *vb;
return XLAT_ACTION_FAIL;
}
- cache_find(&rcode, &c, inst, request, &handle, env->key);
- switch (rcode) {
+ cache_find(&result, &c, inst, request, &handle, env->key);
+ switch (result.rcode) {
case RLM_MODULE_OK: /* found */
break;
* - #RLM_MODULE_NOTFOUND on cache miss.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t CC_HINT(nonnull) mod_method_status(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_method_status(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t);
cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t);
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
rlm_cache_entry_t *entry = NULL;
rlm_cache_handle_t *handle = NULL;
+ p_result->rcode = RLM_MODULE_NOOP;
+
if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) {
REDEBUG("Zero length key string is invalid");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Good to go? */
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
fr_assert(!inst->driver->acquire || handle);
- cache_find(&rcode, &entry, inst, request, &handle, env->key);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_find(p_result, &entry, inst, request, &handle, env->key);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
- rcode = (entry) ? RLM_MODULE_OK : RLM_MODULE_NOTFOUND;
+ p_result->rcode = (entry) ? RLM_MODULE_OK : RLM_MODULE_NOTFOUND;
finish:
cache_unref(request, inst, entry, handle);
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
/** Load the avps by ${key}.
* - #RLM_MODULE_NOTFOUND on cache miss.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t CC_HINT(nonnull) mod_method_load(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_method_load(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t);
cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t);
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
rlm_cache_entry_t *entry = NULL;
rlm_cache_handle_t *handle = NULL;
+ p_result->rcode = RLM_MODULE_NOOP;
+
if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) {
REDEBUG("Zero length key string is invalid");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Good to go? */
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
- cache_find(&rcode, &entry, inst, request, &handle, env->key);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_find(p_result, &entry, inst, request, &handle, env->key);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
if (!entry) {
RDEBUG2("Entry not found to load");
- rcode = RLM_MODULE_NOTFOUND;
+ p_result->rcode = RLM_MODULE_NOTFOUND;
goto finish;
}
- rcode = cache_merge(inst, request, entry);
+ p_result->rcode = cache_merge(inst, request, entry);
finish:
cache_unref(request, inst, entry, handle);
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
/** Create, or update a cache entry
* - #RLM_MODULE_UPDATED if we merged the cache entry.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t CC_HINT(nonnull) mod_method_update(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_method_update(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t);
cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t);
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
fr_time_delta_t ttl;
bool expire = false;
rlm_cache_entry_t *entry = NULL;
rlm_cache_handle_t *handle = NULL;
fr_pair_t *vp;
+ p_result->rcode = RLM_MODULE_NOOP;
+
if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) {
REDEBUG("Zero length key string is invalid");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Good to go? */
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Process the TTL */
/*
* We can only alter the TTL on an entry if it exists.
*/
- cache_find(&rcode, &entry, inst, request, &handle, env->key);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_find(p_result, &entry, inst, request, &handle, env->key);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
- if (rcode == RLM_MODULE_OK) {
+ if (p_result->rcode == RLM_MODULE_OK) {
fr_assert(entry != NULL);
DEBUG3("Updating the TTL -> %pV", fr_box_time_delta(ttl));
entry->expires = fr_unix_time_add(fr_time_to_unix_time(request->packet->timestamp), ttl);
- cache_set_ttl(&rcode, inst, request, &handle, entry);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_set_ttl(p_result, inst, request, &handle, entry);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
}
/*
if (expire) {
DEBUG3("Expiring cache entry");
- cache_expire(&rcode, inst, request, &handle, env->key);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_expire(p_result, inst, request, &handle, env->key);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
}
/*
* Inserts are upserts, so we don't care about the
* entry state.
*/
- cache_insert(&rcode, inst, request, &handle, env->key, env->maps, ttl);
- if (rcode == RLM_MODULE_OK) rcode = RLM_MODULE_UPDATED;
+ cache_insert(p_result, inst, request, &handle, env->key, env->maps, ttl);
+ if (p_result->rcode == RLM_MODULE_OK) p_result->rcode = RLM_MODULE_UPDATED;
finish:
cache_unref(request, inst, entry, handle);
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
/** Create, or update a cache entry
* - #RLM_MODULE_UPDATED if we inserted a cache entry.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t CC_HINT(nonnull) mod_method_store(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_method_store(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t);
cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t);
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
fr_time_delta_t ttl;
rlm_cache_entry_t *entry = NULL;
rlm_cache_handle_t *handle = NULL;
fr_pair_t *vp;
+ p_result->rcode = RLM_MODULE_NOOP;
+
if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) {
REDEBUG("Zero length key string is invalid");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Process the TTL */
/*
* We can only alter the TTL on an entry if it exists.
*/
- cache_find(&rcode, &entry, inst, request, &handle, env->key);
- switch (rcode) {
+ cache_find(p_result, &entry, inst, request, &handle, env->key);
+ switch (p_result->rcode) {
default:
case RLM_MODULE_OK:
- rcode = RLM_MODULE_NOOP;
+ p_result->rcode = RLM_MODULE_NOOP;
goto finish;
case RLM_MODULE_FAIL:
* setting the TTL, which precludes performing an
* insert.
*/
- cache_insert(&rcode, inst, request, &handle, env->key, env->maps, ttl);
+ cache_insert(p_result, inst, request, &handle, env->key, env->maps, ttl);
finish:
cache_unref(request, inst, entry, handle);
- if (rcode == RLM_MODULE_OK) rcode = RLM_MODULE_UPDATED;
+ if (p_result->rcode == RLM_MODULE_OK) p_result->rcode = RLM_MODULE_UPDATED;
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
/** Delete the entries by ${key}
* - #RLM_MODULE_NOTFOUND on cache miss.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t CC_HINT(nonnull) mod_method_clear(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_method_clear(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t);
cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t);
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
rlm_cache_entry_t *entry = NULL;
rlm_cache_handle_t *handle = NULL;
+ p_result->rcode = RLM_MODULE_NOOP;
+
DEBUG3("Calling %s.clear", mctx->mi->name);
if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) {
REDEBUG("Zero length key string is invalid");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Good to go? */
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
- cache_find(&rcode, &entry, inst, request, &handle, env->key);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_find(p_result, &entry, inst, request, &handle, env->key);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
if (!entry) {
REDEBUG2("Entry not found to delete");
- rcode = RLM_MODULE_NOTFOUND;
+ p_result->rcode = RLM_MODULE_NOTFOUND;
goto finish;
}
- cache_expire(&rcode, inst, request, &handle, env->key);
+ cache_expire(p_result, inst, request, &handle, env->key);
finish:
cache_unref(request, inst, entry, handle);
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
/** Change the TTL on an existing entry.
* - #RLM_MODULE_NOTFOUND on cache miss.
* - #RLM_MODULE_FAIL on failure.
*/
-static unlang_action_t CC_HINT(nonnull) mod_method_ttl(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_method_ttl(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t);
cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t);
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
fr_time_delta_t ttl;
rlm_cache_entry_t *entry = NULL;
rlm_cache_handle_t *handle = NULL;
fr_pair_t *vp;
+ p_result->rcode = RLM_MODULE_NOOP;
+
DEBUG3("Calling %s.ttl", mctx->mi->name);
if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) {
REDEBUG("Zero length key string is invalid");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Good to go? */
if (cache_acquire(&handle, inst, request) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Process the TTL */
/*
* We can only alter the TTL on an entry if it exists.
*/
- cache_find(&rcode, &entry, inst, request, &handle, env->key);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_find(p_result, &entry, inst, request, &handle, env->key);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
- if (rcode == RLM_MODULE_OK) {
+ if (p_result->rcode == RLM_MODULE_OK) {
fr_assert(entry != NULL);
DEBUG3("Updating the TTL -> %pV", fr_box_time_delta(ttl));
entry->expires = fr_unix_time_add(fr_time_to_unix_time(request->packet->timestamp), ttl);
- cache_set_ttl(&rcode, inst, request, &handle, entry);
- if (rcode == RLM_MODULE_FAIL) goto finish;
+ cache_set_ttl(p_result, inst, request, &handle, entry);
+ if (p_result->rcode == RLM_MODULE_FAIL) goto finish;
- rcode = RLM_MODULE_UPDATED;
+ p_result->rcode = RLM_MODULE_UPDATED;
}
finish:
cache_unref(request, inst, entry, handle);
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
/** Free any memory allocated under the instance
return XLAT_ACTION_DONE;
}
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_pair_t *vp;
rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_chap_t);
if (fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type) != NULL) {
RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
* unless there's a CHAP-Password in the request.
*/
if (env_data->chap_password.type != FR_TYPE_OCTETS) {
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup CHAP authentication",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) {
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_chap_t);
fr_pair_t *known_good;
if (env_data->username.type != FR_TYPE_STRING) {
REDEBUG("User-Name attribute is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (env_data->chap_password.type != FR_TYPE_OCTETS) {
REDEBUG("You set 'control.Auth-Type = CHAP' for a request that "
"does not contain a CHAP-Password attribute!");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (env_data->chap_password.vb_length == 0) {
REDEBUG("request.CHAP-Password is empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (env_data->chap_password.vb_length != FR_CHAP_CHALLENGE_LENGTH + 1) {
REDEBUG("request.CHAP-Password has invalid length");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
false);
if (!known_good) {
REDEBUG("No \"known good\" password found for user");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
if (ret != 0) {
REDEBUG("Password comparison failed: password is incorrect");
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
RDEBUG2("CHAP user \"%pV\" authenticated successfully", &env_data->username);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
/*
* Find the client definition.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
size_t length;
char const *value;
if ((request->packet->socket.inet.src_port != 0) || (!fr_pair_list_empty(&request->request_pairs)) ||
(request->parent != NULL)) {
REDEBUG("Improper configuration");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
client = client_from_request(request);
if (!client || !client->cs) {
REDEBUG("Unknown client definition");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
cp = cf_pair_find(client->cs, "directory");
if (!cp) {
REDEBUG("No directory configuration in the client");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
value = cf_pair_value(cp);
if (!value) {
REDEBUG("No value given for the directory entry in the client");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
length = strlen(value);
if (length > (sizeof(buffer) - 256)) {
REDEBUG("Directory name too long");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
memcpy(buffer, value, length + 1);
/*
* Read the buffer and generate the client.
*/
- if (!client->server) RETURN_MODULE_FAIL;
+ if (!client->server) RETURN_UNLANG_FAIL;
client = client_read(buffer, client->server_cs, true);
- if (!client) RETURN_MODULE_FAIL;
+ if (!client) RETURN_UNLANG_FAIL;
/*
* Replace the client. This is more than a bit of a
*/
request->client = client;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static int mod_load(void)
}
-static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_csv_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_csv_t);
rlm_rcode_t rcode;
ssize_t slen;
fr_value_box_t *key;
- if (map_list_empty(&inst->map) || !inst->key) RETURN_MODULE_NOOP;
+ if (map_list_empty(&inst->map) || !inst->key) RETURN_UNLANG_NOOP;
/*
* Expand the key to whatever it is. For attributes,
slen = tmpl_aexpand_type(request, &key, FR_TYPE_VALUE_BOX, request, inst->key);
if (slen < 0) {
DEBUG("Failed expanding key '%s'", inst->key->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
talloc_free(key);
DEBUG("Failed casting %pV to data type '%s'",
&key, fr_type_to_str(inst->key_data_type));
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
REXDENT();
talloc_free(key);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
extern module_rlm_t rlm_csv;
/** Called resume_at the delay is complete, and we're running from the interpreter
*
*/
-static unlang_action_t mod_delay_return(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_delay_return(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_delay_retry_t *yielded = talloc_get_type_abort(mctx->rctx, rlm_delay_retry_t);
rlm_delay_t *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_delay_t);
* Be transparent, don't alter the rcode
*/
if (inst->rcode == RLM_MODULE_NOT_SET) return UNLANG_ACTION_EXECUTE_NEXT;
- RETURN_MODULE_RCODE(inst->rcode);
+ RETURN_UNLANG_RCODE(inst->rcode);
}
-static unlang_action_t CC_HINT(nonnull) mod_delay(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_delay(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_delay_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_delay_t);
fr_time_delta_t delay;
if (tmpl_aexpand_type(request, &delay, FR_TYPE_TIME_DELTA,
request, inst->delay) < 0) {
RPEDEBUG("Failed parsing %s as delay time", inst->delay->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
*/
if (delay_add(request, &resume_at, yielded->when, delay,
inst->force_reschedule, inst->relative) != 0) {
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
RDEBUG3("Current time %pVs, resume time %pVs",
/*
* Do detail, compatible with old accounting
*/
-static unlang_action_t CC_HINT(nonnull) detail_do(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request,
+static unlang_action_t CC_HINT(nonnull) detail_do(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request,
fr_packet_t *packet, fr_pair_list_t *list)
{
rlm_detail_env_t *env = talloc_get_type_abort(mctx->env_data, rlm_detail_env_t);
outfd = exfile_open(inst->ef, env->filename.vb_strvalue, inst->perm, NULL);
if (outfd < 0) {
RPERROR("Couldn't open file %pV", &env->filename);
- *p_result = RLM_MODULE_FAIL;
+
/* coverity[missing_unlock] */
- return UNLANG_ACTION_CALCULATE_RESULT;
+ RETURN_UNLANG_FAIL;
}
if (inst->group_is_set) {
fail:
if (outfp) fclose(outfp);
exfile_close(inst->ef, outfd);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (detail_write(outfp, inst, request, &env->header, packet, list, env->ht) < 0) goto fail;
/*
* And everything is fine.
*/
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Accounting - write the detail files.
*/
-static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
return detail_do(p_result, mctx, request, request->packet, &request->request_pairs);
}
/*
* Incoming Access Request - write the detail files.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
return detail_do(p_result, mctx, request, request->packet, &request->request_pairs);
}
/*
* Outgoing Access-Request Reply - write the detail files.
*/
-static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
return detail_do(p_result, mctx, request, request->reply, &request->reply_pairs);
}
unlang_interpret_mark_runnable(d->request);
}
-static unlang_action_t dhcpv4_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t dhcpv4_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
rlm_dhcpv4_delay_t *d = talloc_get_type_abort(mctx->rctx, rlm_dhcpv4_delay_t);
if (!d->sent) {
talloc_free(d);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
talloc_free(d);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Send packets outbound.
*
*/
-static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_dhcpv4_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_dhcpv4_thread_t);
ssize_t data_len;
vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_gateway_ip_address);
if (!vp) {
REDEBUG("Relayed packets MUST have a Gateway-IP-Address attribute");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
vp = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_net_dst_ip);
if (!vp || (vp->vp_ip.af != AF_INET)) {
RDEBUG("No control.Net.Dst.IP, cannot relay packet");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
data_len = fr_dhcpv4_encode(t->buffer, t->buffer_size, original, code, xid, &request->request_pairs);
if (data_len <= 0) {
RPEDEBUG("Failed encoding DHCPV4 request");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
FR_PROTO_HEX_DUMP(t->buffer, data_len, "DHCPv4");
d = talloc_zero(request, rlm_dhcpv4_delay_t);
- if (!d) RETURN_MODULE_FAIL;
+ if (!d) RETURN_UNLANG_FAIL;
*d = (rlm_dhcpv4_delay_t) {
.request = request,
rcode = fr_udp_queue_write(d, t->uq, t->buffer, data_len, &vp->vp_ip, port, d);
if (rcode > 0) {
talloc_free(d);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
if (rcode < 0) {
talloc_free(d);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield(request, dhcpv4_resume, NULL, 0, d);
{ NULL }
};
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_digest_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_digest_t);
fr_pair_t *vp;
* Find the first attribute which is parented by Digest-Attributes.
*/
vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_digest_attributes);
- if (!vp) RETURN_MODULE_NOOP;
+ if (!vp) RETURN_UNLANG_NOOP;
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup Digest authentication",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
* Everything's OK, add a digest authentication type.
*/
- if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP;
+ if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Perform all of the wondrous variants of digest authentication.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
size_t a1_len, a2_len, kd_len;
uint8_t a1[(FR_MAX_STRING_LEN + 1) * 5]; /* can be 5 attributes */
if (passwd) {
if (passwd->vp_length != 32) {
REDEBUG("Digest-Attributes.HA1 has invalid length, authentication failed");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
} else {
passwd = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_cleartext_password);
}
if (!passwd) {
REDEBUG("Password.Cleartext or Digest-Attributes.HA1 is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_digest_attributes);
if (!vp) {
REDEBUG("Digest-Attributes is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
list = &vp->vp_group;
nonce = fr_pair_find_by_da_nested(list, NULL, attr_digest_nonce);
if (!nonce) {
REDEBUG("No Digest-Attributes.Nonce: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_user_name);
if (!vp) {
REDEBUG("No Digest-Attributes.User-Name: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&a1[0], vp->vp_octets, vp->vp_length);
a1_len = vp->vp_length;
vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_realm);
if (!vp) {
REDEBUG("No Digest-Attributes.Attributes.Realm: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&a1[a1_len], vp->vp_octets, vp->vp_length);
a1_len += vp->vp_length;
if (fr_base16_decode(NULL, &FR_DBUFF_TMP(&a1[0], sizeof(a1)),
&FR_SBUFF_IN(passwd->vp_strvalue, passwd->vp_length), false) != 16) {
RDEBUG2("Invalid text in Digest-Attributes.HA1");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
}
*/
if ((nonce->vp_length & 1) != 0) {
REDEBUG("Received Digest-Attributes.Nonce hex string with invalid length: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&a1[a1_len], nonce->vp_octets, nonce->vp_length);
a1_len += nonce->vp_length;
vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_cnonce);
if (!vp) {
REDEBUG("No Digest-Attributes.CNonce: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if ((vp->vp_length & 1) != 0) {
REDEBUG("Received Digest-Attributes.CNonce hex string with invalid length: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&a1[a1_len], vp->vp_octets, vp->vp_length);
a1_len += vp->vp_length;
* Anything else is an error.
*/
REDEBUG("%pP - Unknown Digest-Attributes.Algorithm: Cannot perform Digest authentication", vp);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_method);
if (!vp) {
REDEBUG("No Digest-Attributes.Method: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&a2[0], vp->vp_octets, vp->vp_length);
a2_len = vp->vp_length;
vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_uri);
if (!vp) {
REDEBUG("No Digest-Attributes.URI: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&a2[a2_len], vp->vp_octets, vp->vp_length);
a2_len += vp->vp_length;
body = fr_pair_find_by_da_nested(list, NULL, attr_digest_body_digest);
if (!body) {
REDEBUG("No Digest-Attributes.Body-Digest: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if ((a2_len + body->vp_length) > sizeof(a2)) {
REDEBUG("Digest-Attributes.Body-Digest is too long");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(a2 + a2_len, body->vp_octets, body->vp_length);
} else if (strcasecmp(qop->vp_strvalue, "auth") != 0) {
REDEBUG("%pP - Unknown value: Cannot perform Digest authentication", qop);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
}
vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_nonce_count);
if (!vp) {
REDEBUG("No Digest-Attributes.Nonce-Count: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&kd[kd_len], vp->vp_octets, vp->vp_length);
kd_len += vp->vp_length;
vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_cnonce);
if (!vp) {
REDEBUG("No Digest-Attributes.CNonce: Cannot perform Digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(&kd[kd_len], vp->vp_octets, vp->vp_length);
kd_len += vp->vp_length;
vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_digest_response);
if (!vp) {
REDEBUG("No Digest-Response attribute in the request. Cannot perform digest authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (fr_base16_decode(NULL, &FR_DBUFF_TMP(&hash[0], sizeof(hash)),
&FR_SBUFF_IN(vp->vp_strvalue, vp->vp_length), false) != (ssize_t)(vp->vp_length >> 1)) {
RDEBUG2("Invalid text in Digest-Response");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
RDEBUG3("Comparing hashes, received: %pV, calculated: %pH", &vp->data, fr_box_octets(kd, 16));
/*
* And finally, compare the digest in the packet with KD.
*/
- if (memcmp(&kd[0], &hash[0], 16) == 0) RETURN_MODULE_OK;
+ if (memcmp(&kd[0], &hash[0], 16) == 0) RETURN_UNLANG_OK;
REDEBUG("FAILED authentication");
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
{ NULL }
};
-static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull);
-static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull);
+static unlang_action_t mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull);
+static unlang_action_t mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull);
/** Loads submodules based on type = foo pairs
*
* @param[in] eap_session the EAP session
* @param[in] submodule_result the input result from the submodule
*/
-static unlang_action_t mod_authenticate_result(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx,
+static unlang_action_t mod_authenticate_result(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx,
request_t *request, eap_session_t *eap_session, unlang_result_t *submodule_result)
{
rlm_rcode_t rcode;
eap_session_freeze(&eap_session);
finish:
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/** Call mod_authenticate_result asynchronously from the unlang interpreter
* @param[in] request the current request.
* @return The result of this round of authentication.
*/
-static unlang_action_t mod_authenticate_result_async(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+static unlang_action_t mod_authenticate_result_async(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request)
{
eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t);
* @param[in] mctx module calling ctx.
* @param[in] eap_session State data that persists over multiple rounds of EAP.
* @return
- * - UNLANG_ACTION_CALCULATE_RESULT + *p_result = RLM_MODULE_INVALID.
+ * - UNLANG_ACTION_CALCULATE_RESULT + p_result->rcode = RLM_MODULE_INVALID.
* Invalid request.
* - UNLANG_ACTION_PUSHED_CHILD Yield control back to the interpreter so it can
* call the submodule.
*/
-static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t const *mctx, eap_session_t *eap_session)
+static unlang_action_t eap_method_select(unlang_result_t *p_result, module_ctx_t const *mctx, eap_session_t *eap_session)
{
rlm_eap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_t);
eap_type_data_t *type = &eap_session->this_round->response->type;
REDEBUG("Peer sent EAP type number %d, which is outside known range", type->num);
is_invalid:
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
TALLOC_FREE(eap_session->opaque);
fr_state_discard_child(eap_session->request, eap_session, 0);
next = eap_process_nak(mctx, eap_session->request, eap_session->type, type);
- if (!next) RETURN_MODULE_REJECT;
+ if (!next) RETURN_UNLANG_REJECT;
/*
* Initialise the state machine for the next submodule
RERROR("Failed copying parent's attribute list");
fail:
TALLOC_FREE(eap_session->subrequest);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (fr_pair_list_copy(eap_session->subrequest->request_ctx,
return UNLANG_ACTION_PUSHED_CHILD;
}
-static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_t);
eap_session_t *eap_session;
if (!fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_message)) {
REDEBUG("You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
eap_packet = eap_packet_from_vp(request, &request->request_pairs);
if (!eap_packet) {
RPERROR("Malformed EAP Message");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* data.
*/
eap_session = eap_session_continue(inst, &eap_packet, request);
- if (!eap_session) RETURN_MODULE_INVALID; /* Don't emit error here, it will mask the real issue */
+ if (!eap_session) RETURN_UNLANG_INVALID; /* Don't emit error here, it will mask the real issue */
/*
* Call an EAP submodule to process the request,
* process it ourselves.
*/
if ((ua = eap_method_select(p_result, mctx, eap_session)) != UNLANG_ACTION_CALCULATE_RESULT) return ua;
- switch (*p_result) {
+ switch (p_result->rcode) {
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
eap_session_freeze(&eap_session);
* to check for user existence & get their configured values.
* It Handles EAP-START Messages, User-Name initialization.
*/
-static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_t);
int status;
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup EAP authentication",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
break;
}
- if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP;
+ if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP;
- if (status == RLM_MODULE_OK) RETURN_MODULE_OK;
+ if (status == RLM_MODULE_OK) RETURN_UNLANG_OK;
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
-static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_pair_t *vp;
eap_session_t *eap_session;
* Only synthesize a failure message if something
* previously rejected the request.
*/
- if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP;
+ if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_UNLANG_NOOP;
if (!fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_message)) {
RDEBUG3("Request didn't contain an EAP-Message, not inserting EAP-Failure");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_message)) {
RDEBUG3("Reply already contained an EAP-Message, not inserting EAP-Failure");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
eap_session = eap_session_thaw(request);
if (!eap_session) {
RDEBUG3("Failed to get eap_session, probably already removed, not inserting EAP-Failure");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
*/
if (!fr_cond_assert(eap_session->this_round) || !fr_cond_assert(eap_session->this_round->request)) {
eap_session_destroy(&eap_session); /* Free the EAP session, and dissociate it from the request */
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* Already set to failure, assume something else
* added EAP-Message with a failure code, do nothing.
*/
- if (eap_session->this_round->request->code == FR_EAP_CODE_FAILURE) RETURN_MODULE_NOOP;
+ if (eap_session->this_round->request->code == FR_EAP_CODE_FAILURE) RETURN_UNLANG_NOOP;
/*
* Was *NOT* an EAP-Failure, so we now need to turn it into one.
MEM(pair_update_reply(&vp, attr_message_authenticator) >= 0);
MEM(fr_pair_value_mem_alloc(vp, NULL, RADIUS_AUTH_VECTOR_LENGTH, false) == 0);
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
static int mod_instantiate(module_inst_ctx_t const *mctx)
extern rlm_eap_submodule_t rlm_eap_aka;
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
eap_aka_sim_mod_session_t *mod_session;
extern rlm_eap_submodule_t rlm_eap_aka_prime;
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
eap_aka_sim_mod_session_t *mod_session;
return 1;
}
-static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t);
eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t);
* do nothing.
*/
case EAP_TLS_HANDLED:
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
/*
* Handshake is done, proceed with decoding tunneled
* Anything else: fail.
*/
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
switch (eap_fast_process(request, eap_session, tls_session)) {
case FR_RADIUS_CODE_ACCESS_REJECT:
eap_tls_fail(request, eap_session);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
/*
* Access-Challenge, continue tunneled conversation.
case FR_RADIUS_CODE_ACCESS_CHALLENGE:
fr_tls_session_send(request, tls_session);
eap_tls_request(request, eap_session);
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
/*
* Success.
*/
case FR_RADIUS_CODE_ACCESS_ACCEPT:
- if (eap_tls_success(request, eap_session, NULL) < 0) RETURN_MODULE_FAIL;
+ if (eap_tls_success(request, eap_session, NULL) < 0) RETURN_UNLANG_FAIL;
/*
* @todo - generate MPPE keys, which have their own magical deriviation.
* Result is always OK, even if we fail to persist the
* session data.
*/
- *p_result = RLM_MODULE_OK;
+ p_result->rcode = RLM_MODULE_OK;
/*
* Write the session to the session cache
* will proxy it, rather than returning an EAP packet.
*/
case FR_RADIUS_CODE_STATUS_CLIENT:
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
default:
break;
* Something we don't understand: Reject it.
*/
eap_tls_fail(request, eap_session);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* Do authentication, by letting EAP-TLS do most of the work.
*/
-static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx,
+static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx,
request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
/*
* Send an initial eap-tls request to the peer, using the libeap functions.
*/
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_fast_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_fast_t);
rlm_eap_fast_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_eap_fast_thread_t);
}
eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, thread->ssl_ctx, client_cert);
- if (!eap_tls_session) RETURN_MODULE_FAIL;
+ if (!eap_tls_session) RETURN_UNLANG_FAIL;
tls_session = eap_tls_session->tls_session;
&tls_session->clean_in, tls_session->clean_in.used,
tls_session->clean_in.used) < 0) {
talloc_free(tls_session);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
tls_session->record_init(&tls_session->clean_in);
if (!SSL_set_session_ticket_ext_cb(tls_session->ssl, _session_ticket, tls_session)) {
RERROR("Failed setting SSL session ticket callback");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
{ NULL }
};
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request);
/** Translate a string auth_type into an enumeration value
*
/*
* Keep processing the Auth-Type until it doesn't return YIELD.
*/
-static unlang_action_t gtc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t gtc_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_gtc_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_gtc_rctx_t);
rlm_rcode_t rcode;
rcode = rctx->section_result.rcode;
if (rcode != RLM_MODULE_OK) {
eap_round->request->code = FR_EAP_CODE_FAILURE;
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
eap_round->request->code = FR_EAP_CODE_SUCCESS;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Authenticate a previously sent challenge.
*/
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_gtc_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_gtc_t);
rlm_eap_gtc_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_gtc_rctx_t);
if (eap_round->response->length <= 4) {
REDEBUG("Corrupted data");
eap_round->request->code = FR_EAP_CODE_FAILURE;
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
if (eap_round->response->type.length > 128) {
REDEBUG("Response is too large to understand");
eap_round->request->code = FR_EAP_CODE_FAILURE;
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
RDEBUG2("authenticate %s { ... } sub-section not found.",
inst->auth_type->name);
eap_round->request->code = FR_EAP_CODE_FAILURE;
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield_to_section(&rctx->section_result, request, unlang, RLM_MODULE_FAIL, gtc_resume, NULL, 0, rctx);
/*
* Initiate the EAP-GTC session by sending a challenge to the peer.
*/
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
char challenge_str[1024];
rlm_eap_gtc_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_gtc_t);
if (xlat_eval(challenge_str, sizeof(challenge_str), request, inst->challenge, NULL, NULL) < 0) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
length = strlen(challenge_str);
eap_round->request->code = FR_EAP_CODE_REQUEST;
eap_round->request->type.data = talloc_array(eap_round->request, uint8_t, length);
- if (!eap_round->request->type.data) RETURN_MODULE_FAIL;
+ if (!eap_round->request->type.data) RETURN_UNLANG_FAIL;
memcpy(eap_round->request->type.data, challenge_str, length);
eap_round->request->type.length = length;
*/
eap_session->process = mod_process;
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/*
/*
* Authenticate a previously sent challenge.
*/
-static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
MD5_PACKET *packet;
false);
if (!known_good) {
REDEBUG("No \"known good\" password found for user");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
packet = eap_md5_extract(request, eap_session->this_round);
if (!packet) {
if (ephemeral) TALLOC_FREE(known_good);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
if (ephemeral) TALLOC_FREE(known_good);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Initiate the EAP-MD5 session by sending a challenge to the peer.
*/
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
MD5_PACKET *reply;
*/
eap_session->process = mod_process;
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/*
}
-static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);
+static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request);
-static unlang_action_t mschap_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mschap_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_mschapv2_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_mschapv2_rctx_t);
eap_session_t *eap_session = eap_session_get(request->parent);
if (rcode == RLM_MODULE_OK) {
if (fr_pair_list_copy_by_da(data, &response, &parent->vp_group, attr_ms_chap2_success, 0) < 0) {
RPERROR("Failed copying %s", attr_ms_chap2_success->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
data->code = FR_EAP_MSCHAPV2_SUCCESS;
} else if (inst->send_error) {
if (fr_pair_list_copy_by_da(data, &response, &parent->vp_group, attr_ms_chap_error, 0) < 0) {
RPERROR("Failed copying %s", attr_ms_chap_error->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (!fr_pair_list_empty(&response)) {
int n, err, retry;
data->code = FR_EAP_MSCHAPV2_FAILURE;
} else {
eap_round->request->code = FR_EAP_CODE_FAILURE;
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
/*
*/
if (fr_pair_list_empty(&response)) {
REDEBUG("No %s or %s attributes were found", attr_ms_chap2_success->name, attr_ms_chap_error->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
eap_mschapv2_compose(eap_session->inst, request, eap_session, fr_pair_list_head(&response));
fr_pair_list_free(&response);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Authenticate a previously sent challenge.
*/
-static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_mschapv2_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_mschapv2_t);
rlm_eap_mschapv2_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_mschapv2_rctx_t);
uint8_t *p;
size_t length;
- if (!fr_cond_assert(eap_session->inst)) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(eap_session->inst)) RETURN_UNLANG_FAIL;
/*
* Sanity check the response.
if (eap_round->response->length < 6) {
REDEBUG("Response too short, expected at least 6 bytes, got %zu bytes",
eap_round->response->length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
ccode = eap_round->response->type.data[0];
*/
if (ccode != FR_EAP_MSCHAPV2_FAILURE) {
REDEBUG("Sent FAILURE expecting FAILURE but got %d", ccode);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
failure:
eap_round->request->code = FR_EAP_CODE_FAILURE;
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
case FR_EAP_MSCHAPV2_SUCCESS:
/*
case FR_EAP_MSCHAPV2_ACK:
MEM(fr_pair_list_copy(parent->reply_ctx, &parent->reply_pairs, &data->reply) >= 0);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
REDEBUG("Sent SUCCESS expecting SUCCESS (or ACK) but got %d", ccode);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
case FR_EAP_MSCHAPV2_CHALLENGE:
if (ccode == FR_EAP_MSCHAPV2_FAILURE) goto failure;
*/
if (ccode != FR_EAP_MSCHAPV2_RESPONSE) {
REDEBUG("Sent CHALLENGE expecting RESPONSE but got %d", ccode);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/* authentication happens below */
break;
default:
/* should never happen */
REDEBUG("Unknown state %d", data->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
*/
if (eap_round->response->length < (4 + 1 + 1 + 1 + 2 + 1)) {
REDEBUG("Response is too short");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
if ((eap_round->response->type.data[4] != 49) &&
(eap_round->response->type.data[4] != 16)) {
REDEBUG("Response is of incorrect length %d", eap_round->response->type.data[4]);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
length = fr_nbo_to_uint16(eap_round->response->type.data + 2);
if ((length < (5 + 49)) || (length > (256 + 5 + 49))) {
REDEBUG("Response contains contradictory length %zu %d", length, 5 + 49);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
if (!unlang) {
RDEBUG2("authenticate %s { ... } sub-section not found.",
inst->auth_type->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield_to_section(&rctx->section_result, request, unlang, RLM_MODULE_FAIL, mschap_resume, NULL, 0, rctx);
/*
* Initiate the EAP-MSCHAPV2 session by sending a challenge to the peer.
*/
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
request_t *parent = request->parent;
eap_session_t *eap_session = eap_session_get(parent);
int i;
bool created_auth_challenge;
- if (!fr_cond_assert(mctx->mi->data)) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(mctx->mi->data)) RETURN_UNLANG_FAIL;
/*
* We're looking for attributes that should come
* from the EAP-TTLS submodule.
*/
- if (!fr_cond_assert(parent)) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(parent)) RETURN_UNLANG_FAIL;
/*
* Keep track of the challenge and the state we are in.
*/
eap_session->process = mod_process;
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/*
/*
* Construct the reply appropriately based on the rcode from PEAP processing.
*/
-static unlang_action_t process_rcode(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t process_rcode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t);
eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t);
/*
* Success: Automatically return MPPE keys.
*/
- if (eap_tls_success(request, eap_session, &prf_label) > 0) RETURN_MODULE_FAIL;
- *p_result = RLM_MODULE_OK;
+ if (eap_tls_success(request, eap_session, &prf_label) > 0) RETURN_UNLANG_FAIL;
+ p_result->rcode = RLM_MODULE_OK;
/*
* Write the session to the session cache
break;
}
- RETURN_MODULE_RCODE(eap_session->submodule_result.rcode);
+ RETURN_UNLANG_RCODE(eap_session->submodule_result.rcode);
}
-static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_peap_t *inst = talloc_get_type(mctx->mi->data, rlm_eap_peap_t);
eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t);
* and EAP id from the inner tunnel, and update it with
* the expected EAP id!
*/
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
/*
* Handshake is done, proceed with decoding tunneled
* Anything else: fail.
*/
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
/*
* Do authentication, by letting EAP-TLS do most of the work.
*/
-static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx,
+static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx,
request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
return eap_tls_process(request, eap_session);
}
-static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_peap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_peap_t);
rlm_eap_peap_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_eap_peap_thread_t);
}
eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, t->ssl_ctx, client_cert);
- if (!eap_tls_session) RETURN_MODULE_FAIL;
+ if (!eap_tls_session) RETURN_UNLANG_FAIL;
tls_session = eap_tls_session->tls_session;
*/
if (eap_tls_start(request, eap_session) < 0) {
talloc_free(eap_tls_session);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
eap_session->process = mod_handshake_process;
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/*
* Send an initial eap-tls request to the peer, using the libeap functions.
*/
-static unlang_action_t mod_session_init(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_peap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_peap_t);
eap_session_t *eap_session = eap_session_get(request->parent);
return 0;
}
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_pwd_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_pwd_t);
eap_session_t *eap_session = eap_session_get(request->parent);
uint8_t exch, *in, *ptr, msk[MSK_EMSK_LEN], emsk[MSK_EMSK_LEN];
uint8_t peer_confirm[SHA256_DIGEST_LENGTH];
- if (((eap_round = eap_session->this_round) == NULL) || !inst) RETURN_MODULE_FAIL;
+ if (((eap_round = eap_session->this_round) == NULL) || !inst) RETURN_UNLANG_FAIL;
session = talloc_get_type_abort(eap_session->opaque, pwd_session_t);
response = eap_session->this_round->response;
*/
if (!hdr || (response->type.length < sizeof(pwd_hdr))) {
REDEBUG("Packet with insufficient data");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
in = hdr->data;
*/
if (session->out_pos) {
if (in_len) REDEBUG("PWD got something more than an ACK for a fragment");
- if (send_pwd_request(request, session, eap_round) < 0) RETURN_MODULE_FAIL;
+ if (send_pwd_request(request, session, eap_round) < 0) RETURN_UNLANG_FAIL;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
if (EAP_PWD_GET_LENGTH_BIT(hdr)) {
if (session->in) {
REDEBUG("PWD already alloced buffer for fragments");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (in_len < 2) {
REDEBUG("Invalid packet: length bit set, but no length field");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
session->in_len = ntohs(in[0] * 256 | in[1]);
if (!session->in_len) {
DEBUG("EAP-PWD malformed packet (input length)");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
MEM(session->in = talloc_zero_array(session, uint8_t, session->in_len));
if (EAP_PWD_GET_MORE_BIT(hdr)) {
if (!session->in) {
RDEBUG2("Unexpected fragment");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if ((session->in_pos + in_len) > session->in_len) {
REDEBUG("Fragment overflows packet");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(session->in + session->in_pos, in, in_len);
hdr = (pwd_hdr *)eap_round->request->type.data;
EAP_PWD_SET_EXCHANGE(hdr, exch);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
*/
if ((session->in_pos + in_len) > session->in_len) {
REDEBUG("PWD will overflow a fragment buffer");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(session->in + session->in_pos, in, in_len);
in = session->in;
if (EAP_PWD_GET_EXCHANGE(hdr) != EAP_PWD_EXCH_ID) {
REDEBUG("PWD exchange is incorrect, Not ID");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
packet = (pwd_id_packet_t *) in;
if (in_len < sizeof(*packet)) {
REDEBUG("Packet is too small (%zd < %zd).", in_len, sizeof(*packet));
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if ((packet->prf != EAP_PWD_DEF_PRF) ||
(CRYPTO_memcmp(packet->token, &session->token, 4)) ||
(packet->group_num != ntohs(session->group_num))) {
REDEBUG("PWD ID response is malformed");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
session->peer_id_len = in_len - sizeof(pwd_id_packet_t);
if (session->peer_id_len >= sizeof(session->peer_id)) {
REDEBUG("PWD ID response is malformed");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
memcpy(session->peer_id, packet->identity, session->peer_id_len);
allowed_passwords, NUM_ELEMENTS(allowed_passwords), false);
if (!known_good) {
REDEBUG("No \"known good\" password found for user");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
ret = compute_password_element(request, session, session->group_num,
if (ephemeral) TALLOC_FREE(known_good);
if (ret < 0) {
REDEBUG("Failed to obtain password element");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
*/
if (compute_scalar_element(request, session, inst->bnctx)) {
REDEBUG("Failed to compute server's scalar and element");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
MEM(x = BN_new());
REDEBUG("Server point assignment failed");
BN_clear_free(x);
BN_clear_free(y);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
case PWD_STATE_COMMIT:
if (EAP_PWD_GET_EXCHANGE(hdr) != EAP_PWD_EXCH_COMMIT) {
REDEBUG("PWD exchange is incorrect, not commit!");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (process_peer_commit(request, session, in, in_len, inst->bnctx)) {
REDEBUG("Failed processing peer's commit");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
*/
if (compute_server_confirm(request, session, session->my_confirm, inst->bnctx)) {
REDEBUG("Failed computing confirm");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
case PWD_STATE_CONFIRM:
if (in_len < SHA256_DIGEST_LENGTH) {
REDEBUG("Peer confirm is too short (%zd < %d)", in_len, SHA256_DIGEST_LENGTH);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (EAP_PWD_GET_EXCHANGE(hdr) != EAP_PWD_EXCH_CONFIRM) {
REDEBUG("PWD exchange is incorrect, not commit");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (compute_peer_confirm(request, session, peer_confirm, inst->bnctx)) {
REDEBUG("Cannot compute peer's confirm");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (CRYPTO_memcmp(peer_confirm, in, SHA256_DIGEST_LENGTH)) {
REDEBUG("PWD exchange failed, peer confirm is incorrect");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (compute_keys(request, session, peer_confirm, msk, emsk)) {
REDEBUG("Failed generating (E)MSK");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
eap_round->request->code = FR_EAP_CODE_SUCCESS;
default:
REDEBUG("Unknown PWD state");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
session->in = NULL;
}
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
static int _free_pwd_session(pwd_session_t *session)
return 0;
}
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_pwd_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_pwd_t);
eap_session_t *eap_session = eap_session_get(request->parent);
packet->prep = EAP_PWD_PREP_NONE;
memcpy(packet->identity, inst->server_id, session->out_len - sizeof(pwd_id_packet_t) );
- if (send_pwd_request(request, session, eap_session->this_round) < 0) RETURN_MODULE_FAIL;
+ if (send_pwd_request(request, session, eap_session->this_round) < 0) RETURN_UNLANG_FAIL;
eap_session->process = mod_process;
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
static int mod_detach(module_detach_ctx_t const *mctx)
extern rlm_eap_submodule_t rlm_eap_sim;
-static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
eap_aka_sim_mod_session_t *mod_session;
{ NULL }
};
-static unlang_action_t mod_handshake_done(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx,
+static unlang_action_t mod_handshake_done(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx,
UNUSED request_t *request)
{
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t);
eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t);
"client EAP encryption",
sizeof("client EAP encryption") - 1);
- if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_MODULE_FAIL;
+ if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_UNLANG_FAIL;
/*
* Result is always OK, even if we fail to persist the
* do nothing.
*/
case EAP_TLS_HANDLED:
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
/*
* Handshake is done, proceed with decoding tunneled
REDEBUG("Received unexpected tunneled data after successful handshake");
eap_tls_fail(request, eap_session);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
/*
* Anything else: fail.
*/
default:
fr_tls_cache_deny(request, tls_session);
- *p_result = RLM_MODULE_REJECT;
+ p_result->rcode = RLM_MODULE_REJECT;
/*
* We'll jump back to the caller
/*
* Do authentication, by letting EAP-TLS do most of the work.
*/
-static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx,
+static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx,
request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
return eap_tls_process(request, eap_session);
}
-static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_tls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_tls_t);
rlm_eap_tls_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_eap_tls_thread_t);
* EAP-TLS always requires a client certificate.
*/
eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, t->ssl_ctx, client_cert);
- if (!eap_tls_session) RETURN_MODULE_FAIL;
+ if (!eap_tls_session) RETURN_UNLANG_FAIL;
eap_tls_session->include_length = inst->include_length;
*/
if (eap_tls_start(request, eap_session) < 0) {
talloc_free(eap_tls_session);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
eap_session->process = mod_handshake_process;
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
}
/*
* Send an initial eap-tls request to the peer, using the libeap functions.
*/
-static unlang_action_t mod_session_init(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_tls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_tls_t);
eap_session_t *eap_session = eap_session_get(request->parent);
/*
* Process the TTLS portion of an EAP-TTLS request.
*/
-unlang_action_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
-unlang_action_t eap_ttls_success(rlm_rcode_t *p_result, request_t *request, eap_session_t *eap_session);
+unlang_action_t eap_ttls_process(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
+unlang_action_t eap_ttls_success(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session);
return t;
}
-static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t);
eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t);
if (tunnel && tunnel->authenticated) return eap_ttls_success(p_result, request, eap_session);
eap_tls_request(request, eap_session);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
/*
* The TLS code is still working on the TLS
* do nothing.
*/
case EAP_TLS_HANDLED:
- RETURN_MODULE_HANDLED;
+ RETURN_UNLANG_HANDLED;
/*
* Handshake is done, proceed with decoding tunneled
* Anything else: fail.
*/
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
/*
* Process the TTLS portion of the request.
*/
- return eap_ttls_process(request, eap_session, tls_session);
+ return eap_ttls_process(p_result, request, eap_session, tls_session);
}
/*
* Do authentication, by letting EAP-TLS do most of the work.
*/
-static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx,
+static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx,
request_t *request)
{
eap_session_t *eap_session = eap_session_get(request->parent);
return eap_tls_process(request, eap_session);
}
-static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_ttls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_ttls_t);
rlm_eap_ttls_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_eap_ttls_thread_t);
}
eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, t->ssl_ctx, client_cert);
- if (!eap_tls_session) RETURN_MODULE_FAIL;
+ if (!eap_tls_session) RETURN_UNLANG_FAIL;
tls_session = eap_tls_session->tls_session;
eap_tls_session->include_length = inst->include_length;
*/
if (eap_tls_start(request, eap_session) < 0) {
talloc_free(eap_tls_session);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
tls_session->opaque = ttls_alloc(tls_session, inst);
eap_session->process = mod_handshake_process;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Send an initial eap-tls request to the peer, using the libeap functions.
*/
-static unlang_action_t mod_session_init(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_session_init(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_ttls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_ttls_t);
eap_session_t *eap_session = eap_session_get(request->parent);
/*
* Use a reply packet to determine what to do.
*/
-static unlang_action_t process_reply(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t process_reply(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t);
eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t);
case FR_RADIUS_CODE_ACCESS_REJECT:
REDEBUG("Got tunneled Access-Reject");
eap_tls_fail(request, eap_session);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
/*
* Handle Access-Challenge, but only if we
default:
REDEBUG("Unknown RADIUS packet type %d: rejecting tunneled user", reply->code);
eap_tls_fail(request, eap_session);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
}
eap_tls_request(request, eap_session);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-unlang_action_t eap_ttls_success(rlm_rcode_t *p_result, request_t *request, eap_session_t *eap_session)
+unlang_action_t eap_ttls_success(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session)
{
eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t);
fr_tls_session_t *tls_session = eap_tls_session->tls_session;
/*
* Success: Automatically return MPPE keys.
*/
- if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_MODULE_FAIL;
+ if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_UNLANG_FAIL;
/*
* Result is always OK, even if we fail to persist the
* session data.
*/
- *p_result = RLM_MODULE_OK;
+ p_result->rcode = RLM_MODULE_OK;
/*
* Write the session to the session cache
/*
* Process the "diameter" contents of the tunneled data.
*/
-unlang_action_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
+unlang_action_t eap_ttls_process(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
{
fr_pair_t *vp = NULL;
ttls_tunnel_t *t;
if (data_len == 0) {
if (t->authenticated) {
RDEBUG2("Got ACK, and the user was already authenticated");
- return eap_ttls_success(&request->rcode, request, eap_session);
+ return eap_ttls_success(p_result, request, eap_session);
} /* else no session, no data, die. */
/*
/** Resume a request after xlat expansion.
*
*/
-static unlang_action_t mod_exec_oneshot_nowait_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+static unlang_action_t mod_exec_oneshot_nowait_resume(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request)
{
rlm_exec_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_exec_t);
if (inst->input_list) {
env_pairs = tmpl_list_head(request, tmpl_list(inst->input_list));
if (!env_pairs) {
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
}
if (unlikely(fr_exec_oneshot_nowait(request, args, env_pairs, inst->shell_escape, inst->env_inherit) < 0)) {
RPEDEBUG("Failed executing program");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static fr_sbuff_parse_rules_t const rhs_term = {
/** Process the exit code and output of a short lived process
*
*/
-static unlang_action_t mod_exec_oneshot_wait_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_exec_oneshot_wait_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
int status;
rlm_exec_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_exec_t);
status = m->status;
if (status < 0) {
REDEBUG("Program exited with signal %d", -status);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* The status rcodes aren't quite the same as the rcode
* enumeration.
*/
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/** Dispatch one request using a short lived process
*
*/
-static unlang_action_t CC_HINT(nonnull) mod_exec_dispatch_oneshot(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_exec_dispatch_oneshot(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_exec_ctx_t *m;
fr_pair_list_t *env_pairs = NULL;
if (!env_data->program) {
RDEBUG("This module requires 'program' to be set.");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
*/
if (inst->input_list) {
env_pairs = tmpl_list_head(request, tmpl_list(inst->input_list));
- if (!env_pairs) RETURN_MODULE_INVALID;
+ if (!env_pairs) RETURN_UNLANG_INVALID;
}
if (inst->output_list) {
if (!tmpl_list_head(request, tmpl_list(inst->output_list))) {
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
}
/** Lookup the expanded key value in files data.
*
*/
-static unlang_action_t CC_HINT(nonnull) mod_files_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_files_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_files_env_t *env = talloc_get_type_abort(mctx->env_data, rlm_files_env_t);
PAIR_LIST_LIST const *user_list;
if (!key_vb) {
RERROR("Missing key value");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (!tree && !default_list) {
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
RDEBUG2("%s - Looking for key \"%pV\"", env->name, key_vb);
RPWARN("Failed parsing map for check item %s, skipping it", map->lhs->name);
fail:
fr_edit_list_abort(child);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (!rcode) {
*/
if (!found) {
fr_edit_list_abort(child);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
fr_edit_list_commit(child);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Initiate a files data lookup
* First we push the tmpl onto the stack for evaluation, then the lookup
* is done in mod_files_resume.
*/
-static unlang_action_t CC_HINT(nonnull) mod_files(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_files(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_files_env_t *env = talloc_get_type_abort(mctx->env_data, rlm_files_env_t);
* It checks if the response was CURLE_OK
* If it wasn't we returns REJECT, if it was we returns OK
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+static unlang_action_t CC_HINT(nonnull) mod_authenticate_resume(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request)
{
rlm_imap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_imap_t);
switch(result) {
case CURLE_PEER_FAILED_VERIFICATION:
case CURLE_LOGIN_DENIED:
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
if (tls->extract_cert_attrs) fr_curl_response_certinfo(request, randle);
imap_slab_release(randle);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Then it queues the request and yields until a response is given
* When it responds, mod_authenticate_resume is called.
*/
-static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_imap_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_imap_thread_t);
if (!username) {
REDEBUG("Attribute \"User-Name\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (!password) {
RDEBUG2("Attribute \"User-Password\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (password->vp_length == 0) {
RDEBUG2("\"User-Password\" must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
randle = imap_slab_reserve(t->slab);
if (!randle){
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
FR_CURL_REQUEST_SET_OPTION(CURLOPT_USERNAME, username->vp_strvalue);
if (fr_curl_io_request_enqueue(t->mhandle, request, randle)) {
error:
imap_slab_release(randle);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield(request, mod_authenticate_resume, imap_io_module_signal, ~FR_SIGNAL_CANCEL, randle);
return 0;
}
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_isc_dhcp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_isc_dhcp_t);
int ret;
ret = apply_fixed_ip(inst, request);
- if (ret < 0) RETURN_MODULE_FAIL;
- if (ret == 0) RETURN_MODULE_NOOP;
+ if (ret < 0) RETURN_UNLANG_FAIL;
+ if (ret == 0) RETURN_UNLANG_NOOP;
- if (ret == 2) RETURN_MODULE_UPDATED;
+ if (ret == 2) RETURN_UNLANG_UPDATED;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_isc_dhcp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_isc_dhcp_t);
int ret;
ret = apply(inst, request, inst->head);
- if (ret < 0) RETURN_MODULE_FAIL;
- if (ret == 0) RETURN_MODULE_NOOP;
+ if (ret < 0) RETURN_UNLANG_FAIL;
+ if (ret == 0) RETURN_UNLANG_NOOP;
// @todo - check for subnet mask option. If none exists, use one from the enclosing network?
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
extern module_rlm_t rlm_isc_dhcp;
/*
* Validate user/pass (Heimdal)
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
krb5_auth_call_env_t *env = talloc_get_type_abort(mctx->env_data, krb5_auth_call_env_t);
rlm_krb5_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_krb5_t);
*/
if (env->password.vb_length == 0) {
REDEBUG("User-Password must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
# ifdef KRB5_IS_THREAD_SAFE
conn = krb5_slab_reserve(t->slab);
- if (!conn) RETURN_MODULE_FAIL;
+ if (!conn) RETURN_UNLANG_FAIL;
# else
conn = inst->conn;
# endif
# ifdef KRB5_IS_THREAD_SAFE
krb5_slab_release(conn);
# endif
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
#else /* HEIMDAL_KRB5 */
/*
* Validate userid/passwd (MIT)
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
krb5_auth_call_env_t *env = talloc_get_type_abort(mctx->env_data, krb5_auth_call_env_t);
rlm_krb5_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_krb5_t);
*/
if (env->password.vb_length == 0) {
REDEBUG("User-Password must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
# ifdef KRB5_IS_THREAD_SAFE
conn = krb5_slab_reserve(t->slab);
- if (!conn) RETURN_MODULE_FAIL;
+ if (!conn) RETURN_UNLANG_FAIL;
# else
conn = inst->conn;
# endif
# ifdef KRB5_IS_THREAD_SAFE
krb5_slab_release(conn);
# endif
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
#endif /* MIT_KRB5 */
* @param group_ctx Context used to evaluate group attributes
* @return RLM_MODULE_OK
*/
-static unlang_action_t ldap_cacheable_userobj_store(rlm_rcode_t *p_result, request_t *request,
+static unlang_action_t ldap_cacheable_userobj_store(unlang_result_t *p_result, request_t *request,
ldap_group_userobj_ctx_t *group_ctx)
{
fr_pair_t *vp;
REXDENT();
talloc_free(group_ctx);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Initiate DN to name and name to DN group lookups
* Nothing left to resolve, move the resulting attributes to
* the control list.
*/
- return ldap_cacheable_userobj_store(&p_result->rcode, request, group_ctx);
+ return ldap_cacheable_userobj_store(p_result, request, group_ctx);
}
/** Convert group membership information into attributes
* @param[in] attr membership attribute to look for in the entry.
* @return One of the RLM_MODULE_* values.
*/
-unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx,
+unlang_action_t rlm_ldap_cacheable_userobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx,
char const *attr)
{
rlm_ldap_t const *inst = autz_ctx->inst;
if (!values) {
RDEBUG2("No cacheable group memberships found in user object");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
count = ldap_count_values_len(values);
invalid:
ldap_value_free_len(values);
talloc_free(group_ctx);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
*name_p++ = fr_ldap_berval_to_string(group_ctx, values[i]);
}
*/
if ((name_p != group_ctx->group_name) || (dn_p != group_ctx->group_dn)) {
group_ctx->attrs[0] = inst->group.obj_name_attr;
- if (unlang_function_push(NULL, request, ldap_cacheable_userobj_resolve, NULL, ldap_group_userobj_cancel,
- ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) {
+ if (unlang_function_push(NULL, request,
+ ldap_cacheable_userobj_resolve,
+ NULL,
+ ldap_group_userobj_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) {
talloc_free(group_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return UNLANG_ACTION_PUSHED_CHILD;
}
* @param[in] autz_ctx Authentication context being processed.
* @return One of the RLM_MODULE_* values.
*/
-unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx)
+unlang_action_t rlm_ldap_cacheable_groupobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx)
{
rlm_ldap_t const *inst = autz_ctx->inst;
ldap_group_groupobj_ctx_t *group_ctx;
if (!inst->group.obj_membership_filter) {
RDEBUG2("Skipping caching group objects as directive 'group.membership_filter' is not set");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
if (autz_ctx->call_env->group_base.type != FR_TYPE_STRING) {
REDEBUG("Missing group base_dn");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
MEM(group_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), ldap_group_groupobj_ctx_t));
ldap_group_groupobj_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) {
error:
talloc_free(group_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (unlang_tmpl_push(group_ctx, &group_ctx->expanded_filter, request, autz_ctx->call_env->group_filter, NULL) < 0) goto error;
* @param request Current request.
* @param xlat_ctx xlat context being processed.
*/
-unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t *request,
+unlang_action_t rlm_ldap_check_groupobj_dynamic(unlang_result_t *p_result, request_t *request,
ldap_group_xlat_ctx_t *xlat_ctx)
{
rlm_ldap_t const *inst = xlat_ctx->inst;
"directive");
invalid:
talloc_free(group_ctx);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
t_rules = (tmpl_rules_t){
UNLANG_SUB_FRAME, group_ctx) < 0) {
error:
talloc_free(group_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (unlang_tmpl_push(group_ctx, &group_ctx->expanded_filter, request, group_ctx->filter_tmpl, NULL) < 0) goto error;
* @param[in] request Current request.
* @param[in] xlat_ctx Context of the xlat being evaluated.
*/
-unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t *request,
+unlang_action_t rlm_ldap_check_userobj_dynamic(unlang_result_t *p_result, request_t *request,
ldap_group_xlat_ctx_t *xlat_ctx)
{
rlm_ldap_t const *inst = xlat_ctx->inst;
if (unlang_function_push(NULL, request, xlat_ctx->query ? NULL : ldap_check_userobj_start, ldap_check_userobj_resume,
ldap_group_userobj_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) {
talloc_free(group_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return UNLANG_ACTION_PUSHED_CHILD;
* @param[in] request Current request.
* @param[in] check vb containing the group value (name or dn).
*/
-unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result,
+unlang_action_t rlm_ldap_check_cached(unlang_result_t *p_result,
rlm_ldap_t const *inst, request_t *request, fr_value_box_t const *check)
{
fr_pair_t *vp;
* the caller should try a dynamic group lookup instead.
*/
vp = fr_pair_dcursor_by_da_init(&cursor, &request->control_pairs, inst->group.cache_da);
- if (!vp) RETURN_MODULE_INVALID;
+ if (!vp) RETURN_UNLANG_INVALID;
for (vp = fr_dcursor_current(&cursor);
vp;
ret = fr_value_box_cmp_op(T_OP_CMP_EQ, &vp->data, check);
if (ret == 1) {
RDEBUG2("User found. Matched cached membership");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
- if (ret < -1) RETURN_MODULE_FAIL;
+ if (ret < -1) RETURN_UNLANG_FAIL;
}
RDEBUG2("Cached membership not found");
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
}
#define REPEAT_LDAP_MEMBEROF_XLAT_RESULTS \
if (unlang_function_repeat_set(request, ldap_group_xlat_results) < 0) do { \
- rcode = RLM_MODULE_FAIL; \
+ result.rcode = RLM_MODULE_FAIL; \
goto finish; \
} while (0)
{
ldap_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(uctx, ldap_group_xlat_ctx_t);
rlm_ldap_t const *inst = xlat_ctx->inst;
- rlm_rcode_t rcode = RLM_MODULE_NOTFOUND;
+ unlang_result_t result = { .rcode = RLM_MODULE_NOTFOUND };
switch (xlat_ctx->status) {
case GROUP_XLAT_FIND_USER:
if (inst->group.obj_membership_filter) {
REPEAT_LDAP_MEMBEROF_XLAT_RESULTS;
- if (rlm_ldap_check_groupobj_dynamic(&rcode, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
+ if (rlm_ldap_check_groupobj_dynamic(&result, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
xlat_ctx->status = GROUP_XLAT_MEMB_FILTER;
return UNLANG_ACTION_PUSHED_CHILD;
}
case GROUP_XLAT_MEMB_FILTER:
if (xlat_ctx->found) {
- rcode = RLM_MODULE_OK;
+ result.rcode = RLM_MODULE_OK;
goto finish;
}
if (inst->group.userobj_membership_attr) {
REPEAT_LDAP_MEMBEROF_XLAT_RESULTS;
- if (rlm_ldap_check_userobj_dynamic(&rcode, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
+ if (rlm_ldap_check_userobj_dynamic(&result, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
xlat_ctx->status = GROUP_XLAT_MEMB_ATTR;
return UNLANG_ACTION_PUSHED_CHILD;
}
FALL_THROUGH;
case GROUP_XLAT_MEMB_ATTR:
- if (xlat_ctx->found) rcode = RLM_MODULE_OK;
+ if (xlat_ctx->found) result.rcode = RLM_MODULE_OK;
break;
}
finish:
- RETURN_UNLANG_RCODE(rcode);
+ RETURN_UNLANG_RCODE(result.rcode);
}
/** Process the results of evaluating LDAP group membership
fr_ldap_thread_t *t = talloc_get_type_abort(xctx->mctx->thread, fr_ldap_thread_t);
ldap_xlat_memberof_call_env_t *env_data = talloc_get_type_abort(xctx->env_data, ldap_xlat_memberof_call_env_t);
bool group_is_dn;
- ldap_group_xlat_ctx_t *xlat_ctx;
+ ldap_group_xlat_ctx_t *xlat_ctx;
RDEBUG2("Searching for user in group \"%pV\"", group_vb);
}
if ((group_is_dn && inst->group.cacheable_dn) || (!group_is_dn && inst->group.cacheable_name)) {
- rlm_rcode_t our_rcode;
+ unlang_result_t our_result;
- rlm_ldap_check_cached(&our_rcode, inst, request, group_vb);
- switch (our_rcode) {
+ rlm_ldap_check_cached(&our_result, inst, request, group_vb);
+ switch (our_result.rcode) {
case RLM_MODULE_NOTFOUND:
RDEBUG2("User is not a member of \"%pV\"", group_vb);
return XLAT_ACTION_DONE;
map_ctx->serverctrls, NULL);
}
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_ldap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_ldap_t);
fr_ldap_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, fr_ldap_thread_t);
RWDEBUG("*********************************************");
REDEBUG("Attribute \"%s\" is required for authentication", call_env->password_tmpl->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
auth_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), ldap_auth_ctx_t);
attr_ldap_userdn->name);
REDEBUG("You should call %s in the recv section and check its return.", inst->mi->name);
talloc_free(auth_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
#else
RDEBUG("Configuration item 'sasl.mech' is not supported. "
"The linked version of libldap does not provide ldap_sasl_bind( function");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
#endif
}
#define REPEAT_MOD_AUTHORIZE_RESUME \
if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) do { \
- rcode = RLM_MODULE_FAIL; \
+ result.rcode = RLM_MODULE_FAIL; \
goto finish; \
} while (0)
rlm_ldap_t const *inst = talloc_get_type_abort_const(autz_ctx->inst, rlm_ldap_t);
ldap_autz_call_env_t *call_env = talloc_get_type_abort(autz_ctx->call_env, ldap_autz_call_env_t);
int ldap_errno;
- rlm_rcode_t rcode = RLM_MODULE_OK;
+ unlang_result_t result = { .rcode = RLM_MODULE_OK };
LDAP *handle = fr_ldap_handle_thread_local();
/*
case RLM_MODULE_HANDLED:
case RLM_MODULE_INVALID:
case RLM_MODULE_DISALLOW:
- rcode = p_result->rcode;
+ result.rcode = p_result->rcode;
goto finish;
default:
break;
case LDAP_ACCESS_DISALLOWED:
- rcode = RLM_MODULE_DISALLOW;
+ result.rcode = RLM_MODULE_DISALLOW;
goto finish;
}
}
*/
if ((inst->group.cacheable_dn || inst->group.cacheable_name) && (inst->group.userobj_membership_attr)) {
REPEAT_MOD_AUTHORIZE_RESUME;
- if (rlm_ldap_cacheable_userobj(&rcode, request, autz_ctx,
+ if (rlm_ldap_cacheable_userobj(&result, request, autz_ctx,
inst->group.userobj_membership_attr) == UNLANG_ACTION_PUSHED_CHILD) {
autz_ctx->status = LDAP_AUTZ_GROUP;
return UNLANG_ACTION_PUSHED_CHILD;
}
- if (rcode != RLM_MODULE_OK) goto finish;
+ if (result.rcode != RLM_MODULE_OK) goto finish;
}
FALL_THROUGH;
case LDAP_AUTZ_GROUP:
if (inst->group.cacheable_dn || inst->group.cacheable_name) {
REPEAT_MOD_AUTHORIZE_RESUME;
- if (rlm_ldap_cacheable_groupobj(&rcode, request, autz_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
+ if (rlm_ldap_cacheable_groupobj(&result, request, autz_ctx) == UNLANG_ACTION_PUSHED_CHILD) {
autz_ctx->status = LDAP_AUTZ_POST_GROUP;
return UNLANG_ACTION_PUSHED_CHILD;
}
- if (rcode != RLM_MODULE_OK) goto finish;
+ if (result.rcode != RLM_MODULE_OK) goto finish;
}
FALL_THROUGH;
if (!password) {
REDEBUG("Failed to find control.Password.Cleartext");
- rcode = RLM_MODULE_FAIL;
+ result.rcode = RLM_MODULE_FAIL;
goto finish;
}
* Anything other than RLM_MODULE_OK is a failure.
*/
if (p_result->rcode != RLM_MODULE_OK) {
- rcode = p_result->rcode;
+ result.rcode = p_result->rcode;
goto finish;
}
RDEBUG2("Processing user attributes");
RINDENT();
if (fr_ldap_map_do(request, NULL, inst->valuepair_attr,
- &autz_ctx->expanded, autz_ctx->entry) > 0) rcode = RLM_MODULE_UPDATED;
+ &autz_ctx->expanded, autz_ctx->entry) > 0) result.rcode = RLM_MODULE_UPDATED;
REXDENT();
rlm_ldap_check_reply(request, inst, autz_ctx->dlinst->name, call_env->expect_password->vb_bool, autz_ctx->ttrunk);
}
inst->profile.obj_scope, call_env->default_profile.vb_strvalue, &autz_ctx->expanded);
switch (ret) {
case UNLANG_ACTION_FAIL:
- rcode = RLM_MODULE_FAIL;
+ result.rcode = RLM_MODULE_FAIL;
goto finish;
case UNLANG_ACTION_PUSHED_CHILD:
* Did we jump back her after applying the default profile?
*/
if (autz_ctx->status == LDAP_AUTZ_POST_DEFAULT_PROFILE) {
- rcode = RLM_MODULE_UPDATED;
+ result.rcode = RLM_MODULE_UPDATED;
}
/*
* Apply a SET of user profiles.
*/
if (autz_ctx->profile_value) {
TALLOC_FREE(autz_ctx->profile_value);
- rcode = RLM_MODULE_UPDATED; /* We're back here after applying a profile successfully */
+ result.rcode = RLM_MODULE_UPDATED; /* We're back here after applying a profile successfully */
}
if (autz_ctx->profile_values && autz_ctx->profile_values[autz_ctx->value_idx]) {
inst->profile.obj_scope, autz_ctx->call_env->profile_filter.vb_strvalue, &autz_ctx->expanded);
switch (ret) {
case UNLANG_ACTION_FAIL:
- rcode = RLM_MODULE_FAIL;
+ result.rcode = RLM_MODULE_FAIL;
goto finish;
case UNLANG_ACTION_PUSHED_CHILD:
finish:
talloc_free(autz_ctx);
- RETURN_UNLANG_RCODE(rcode);
+ RETURN_UNLANG_RCODE(result.rcode);
}
/** Clear up when cancelling a mod_authorize call
return 0;
}
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_ldap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_ldap_t);
fr_ldap_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, fr_ldap_thread_t);
inst->profile.check_attr, inst->profile.fallthrough_attr) < 0) {
fail:
talloc_free(autz_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
autz_ctx->ttrunk = fr_thread_ldap_trunk_get(thread, inst->handle_config.server, inst->handle_config.admin_identity,
autz_ctx->status = LDAP_AUTZ_FIND;
if (unlang_function_push(NULL, request, mod_authorize_start, mod_authorize_resume, mod_authorize_cancel,
- ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, autz_ctx) < 0) RETURN_MODULE_FAIL;
+ ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, autz_ctx) < 0) RETURN_UNLANG_FAIL;
return UNLANG_ACTION_PUSHED_CHILD;
}
*
* The module method called in "accouting" and "send" sections.
*/
-static unlang_action_t CC_HINT(nonnull) mod_modify(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_modify(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_ldap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_ldap_t);
ldap_usermod_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, ldap_usermod_call_env_t);
size_t num_mods = talloc_array_length(call_env->mod);
- if (num_mods == 0) RETURN_MODULE_NOOP;
+ if (num_mods == 0) RETURN_UNLANG_NOOP;
/*
* Include a talloc pool allowing for one value per modification
if (!usermod_ctx->ttrunk) {
REDEBUG("Unable to get LDAP trunk for update");
talloc_free(usermod_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
usermod_ctx->dn = rlm_find_user_dn_cached(request);
error:
TALLOC_FREE(usermod_ctx);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/** Detach from the LDAP server and cleanup internal state.
/*
* groups.c - Group membership functions.
*/
-unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx,
+unlang_action_t rlm_ldap_cacheable_userobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx,
char const *attr);
-unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx);
+unlang_action_t rlm_ldap_cacheable_groupobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx);
-unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t *request,
+unlang_action_t rlm_ldap_check_groupobj_dynamic(unlang_result_t *p_result, request_t *request,
ldap_group_xlat_ctx_t *xlat_ctx);
-unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t *request,
+unlang_action_t rlm_ldap_check_userobj_dynamic(unlang_result_t *p_result, request_t *request,
ldap_group_xlat_ctx_t *xlat_ctx);
-unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result,
+unlang_action_t rlm_ldap_check_cached(unlang_result_t *p_result,
rlm_ldap_t const *inst, request_t *request, fr_value_box_t const *check);
unlang_action_t rlm_ldap_map_profile(fr_ldap_result_code_t *ret, int *applied,
bool with_delim; //!< Whether to add a delimiter
} rlm_linelog_rctx_t;
-static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_linelog_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_linelog_t);
linelog_call_env_t const *call_env = talloc_get_type_abort(mctx->env_data, linelog_call_env_t);
vector_len = fr_value_box_list_num_elements(&rctx->expanded);
if (vector_len == 0) {
RDEBUG2("No data to write");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
default:
if (unlikely(fr_value_box_cast_in_place(rctx, vb, FR_TYPE_STRING, vb->enumv) < 0)) {
REDEBUG("Failed casting value to string");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
FALL_THROUGH;
}
}
- RETURN_MODULE_RCODE(linelog_write(inst, call_env, request, vector, vector_len, rctx->with_delim) < 0 ? RLM_MODULE_FAIL : RLM_MODULE_OK);
+ RETURN_UNLANG_RCODE(linelog_write(inst, call_env, request, vector, vector_len, rctx->with_delim) < 0 ? RLM_MODULE_FAIL : RLM_MODULE_OK);
}
/** Write a linelog message
* @param[in] mctx module calling context.
* @param[in] request The current request.
*/
-static unlang_action_t CC_HINT(nonnull) mod_do_linelog(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_do_linelog(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_linelog_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_linelog_t);
linelog_call_env_t const *call_env = talloc_get_type_abort(mctx->env_data, linelog_call_env_t);
if (!call_env->log_src && !call_env->log_ref) {
cf_log_err(conf, "A 'format', or 'reference' configuration item must be set to call this module");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
buff[0] = '.'; /* force to be in current section (by default) */
*/
if (buff[2] == '.') {
REDEBUG("Invalid path \"%s\"", p);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
ci = cf_reference_item(NULL, inst->cs, p);
if (!cf_item_is_pair(ci)) {
REDEBUG("Path \"%s\" resolves to a section (should be a pair)", p);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
cp = cf_item_to_pair(ci);
});
if (!vpt) {
REMARKER(tmpl_str, -slen, "%s", fr_strerror());
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (tmpl_resolve(vpt, NULL) < 0) {
RPERROR("Runtime resolution of tmpl failed");
talloc_free(vpt);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
vpt_p = vpt;
} else {
*/
if (!call_env->log_src) {
RDEBUG2("No default message configured");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
* Use the pre-parsed format template
talloc_free(vpt);
talloc_free(vector);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/*
char const *fmt, va_list ap, void *uctx)
CC_HINT(format (printf, 6, 0)) CC_HINT(nonnull (3, 6));
-static unlang_action_t mod_insert_logtee(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull);
+static unlang_action_t mod_insert_logtee(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull);
/** Connection errored
*
* @param[in] mctx Module calling ctx.
* @param[in] request request to add our log destination to.
*/
-static unlang_action_t mod_insert_logtee(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_insert_logtee(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
log_dst_t *dst, **last = NULL;
for (dst = request->log.dst; dst; dst = dst->next) {
if (dst->uctx == mctx->thread) {
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
last = &(dst->next);
}
- if (!last) RETURN_MODULE_NOOP;
+ if (!last) RETURN_UNLANG_NOOP;
dst = talloc_zero(request, log_dst_t);
dst->func = logtee_it;
*last = dst;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Create thread-specific connections and buffers
lua_rawset(L, -3);
}
-unlang_action_t fr_lua_run(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname)
+unlang_action_t fr_lua_run(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname)
{
rlm_lua_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_lua_thread_t);
lua_State *L = thread->interpreter;
fr_lua_util_set_mctx(NULL);
fr_lua_util_set_request(NULL);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (!lua_isfunction(L, -1)) {
fr_lua_util_set_mctx(NULL);
fr_lua_util_set_request(NULL);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/*
/* lua.c */
int fr_lua_init(lua_State **out, module_inst_ctx_t const *mctx);
-unlang_action_t fr_lua_run(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname);
+unlang_action_t fr_lua_run(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname);
bool fr_lua_isjit(lua_State *L);
char const *fr_lua_version(lua_State *L);
int fr_lua_check_func(module_inst_ctx_t const *mctx, lua_State *L, char const *name);
return CMP(ret, 0);
}
-static unlang_action_t mod_lua(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_lua(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
lua_call_env_t *func = talloc_get_type_abort(mctx->env_data, lua_call_env_t);
return fr_lua_run(p_result, mctx, request, func->func->function_name);
return 0;
}
-static unlang_action_t CC_HINT(nonnull) mod_mruby(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_mruby(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_mruby_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_mruby_t);
mruby_call_env_t *func = talloc_get_type_abort(mctx->env_data, mruby_call_env_t);
/*
* The return should be a fixnum, which is converted to rlm_rcode_t
*/
- if (mrb_type(mruby_result) == MRB_TT_FIXNUM) RETURN_MODULE_RCODE((rlm_rcode_t)mrb_int(mrb, mruby_result));
+ if (mrb_type(mruby_result) == MRB_TT_FIXNUM) RETURN_UNLANG_RCODE((rlm_rcode_t)mrb_int(mrb, mruby_result));
/* Invalid return type */
RERROR("Expected return to be a Fixnum, got %s instead", RSTRING_PTR(mrb_obj_as_string(mrb, mruby_result)));
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
/*
* Only used by rlm_mschap.c
*/
-unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair,
+unlang_action_t od_mschap_auth(unlang_result_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair,
mschap_auth_call_env_t *call_env);
-static unlang_action_t getUserNodeRef(rlm_rcode_t *p_result, request_t *request, char* inUserName, char **outUserName,
+static unlang_action_t getUserNodeRef(unlang_result_t *p_result, request_t *request, char* inUserName, char **outUserName,
tDirNodeReference* userNodeRef, tDirReference dsRef)
{
tDataBuffer *tDataBuff = NULL;
if (!inUserName) {
REDEBUG("getUserNodeRef(): No username");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
tDataBuff = dsDataBufferAllocate(dsRef, 4096);
if (!tDataBuff) {
REDEBUG("Failed allocating buffer");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
do {
}
if (nodeRef != 0) dsCloseDirNode(nodeRef);
- RETURN_MODULE_RCODE(result);
+ RETURN_UNLANG_RCODE(result);
}
-unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair,
+unlang_action_t od_mschap_auth(unlang_result_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair,
mschap_auth_call_env_t *env_data)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
response = fr_pair_find_by_da_nested(&request->request_pairs, NULL, tmpl_attr_tail_da(env_data->chap2_response));
username_string = talloc_array(request, char, usernamepair->vp_length + 1);
- if (!username_string) RETURN_MODULE_FAIL;
+ if (!username_string) RETURN_UNLANG_FAIL;
strlcpy(username_string, usernamepair->vp_strvalue, usernamepair->vp_length + 1);
if (status != eDSNoErr) {
talloc_free(username_string);
RERROR("Failed opening directory service");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
- getUserNodeRef(&rcode, request, username_string, &short_user_name, &userNodeRef, dsRef);
+ getUserNodeRef(p_result, request, username_string, &short_user_name, &userNodeRef, dsRef);
if (rcode != RLM_MODULE_OK) {
if (rcode != RLM_MODULE_NOOP) {
RDEBUG2("od_mschap_auth: getUserNodeRef() failed");
talloc_free(username_string);
if (dsRef != 0)
dsCloseDirService(dsRef);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/* We got a node; fill the stepBuffer
char *status_name = dsCopyDirStatusName(status);
RERROR("Authentication failed - status = %s", status_name);
free(status_name);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
#endif /* __APPLE__ */
/* MPPE support from Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp> */
+#include "lib/unlang/action.h"
RCSID("$Id$")
#define LOG_PREFIX mctx->mi->name
#endif
#ifdef __APPLE__
-unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair,
+unlang_action_t od_mschap_auth(unlang_result_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair,
mschap_auth_call_env_t *env_data);
#endif
* it later. Add Auth-Type attribute if present in module
* configuration (usually Auth-Type must be "MS-CHAP")
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_mschap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_mschap_t);
mschap_autz_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, mschap_autz_call_env_t);
fr_pair_t *parent;
challenge = fr_pair_find_by_da_nested(&request->request_pairs, NULL, tmpl_attr_tail_da(env_data->chap_challenge));
- if (!challenge) RETURN_MODULE_NOOP;
+ if (!challenge) RETURN_UNLANG_NOOP;
/*
* The responses MUST be in the same group as the challenge.
(env_data->chap2_cpw &&
!fr_pair_find_by_da(&parent->vp_group, NULL, tmpl_attr_tail_da(env_data->chap2_cpw)))) {
RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP response or Change-Password");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup MS-CHAP authentication",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
- if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP;
+ if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t mschap_error(rlm_rcode_t *p_result, rlm_mschap_t const *inst, request_t *request,
+static unlang_action_t mschap_error(unlang_result_t *p_result, rlm_mschap_t const *inst, request_t *request,
unsigned char ident, int mschap_result, int mschap_version, fr_pair_t *smb_ctrl,
mschap_auth_call_env_t *env_data)
{
rcode = RLM_MODULE_REJECT;
}
- if (rcode == RLM_MODULE_OK) RETURN_MODULE_OK;
+ if (rcode == RLM_MODULE_OK) RETURN_UNLANG_OK;
switch (mschap_version) {
case 1:
break;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (env_data->chap_error) mschap_add_reply(request, ident, tmpl_attr_tail_da(env_data->chap_error),
buffer, strlen(buffer));
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
* mschap_cpw_request_process() - do the work to handle an MS-CHAP password
* change request.
*/
-static unlang_action_t CC_HINT(nonnull) mschap_process_cpw_request(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) mschap_process_cpw_request(unlang_result_t *p_result,
rlm_mschap_t const *inst,
request_t *request,
mschap_auth_ctx_t *auth_ctx)
tmpl_attr_tail_da(env_data->chap_error), buffer, strlen(buffer));
}
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
RDEBUG2("Password change successful");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Validate data required for change password requests.
return 0;
}
-static CC_HINT(nonnull) unlang_action_t mschap_process_response(rlm_rcode_t *p_result, int *mschap_version,
+static CC_HINT(nonnull) unlang_action_t mschap_process_response(unlang_result_t *p_result, int *mschap_version,
uint8_t nthashhash[static NT_DIGEST_LENGTH],
rlm_mschap_t const *inst, request_t *request,
mschap_auth_ctx_t *auth_ctx,
*/
if (challenge->vp_length < 8) {
REDEBUG("%s has the wrong format", env_data->chap_challenge->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (response->vp_length < 50) {
REDEBUG("%s has the wrong format", env_data->chap_response->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (!(response->vp_octets[1] & 0x01)) {
REDEBUG2("Client used unsupported method LM-Password");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
offset = 26;
return mschap_error(p_result, inst, request, *response->vp_octets, mschap_result, *mschap_version, auth_ctx->smb_ctrl, env_data);
}
-static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t *p_result, int *mschap_version,
+static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(unlang_result_t *p_result, int *mschap_version,
uint8_t nthashhash[static NT_DIGEST_LENGTH],
rlm_mschap_t const *inst, request_t *request,
mschap_auth_ctx_t *auth_ctx,
char const *username_str;
size_t username_len;
int mschap_result;
- rlm_rcode_t rcode;
char msch2resp[42];
mschap_auth_call_env_t *env_data = auth_ctx->env_data;
*/
if (challenge->vp_length < 16) {
REDEBUG("%s has the wrong format", env_data->chap_challenge->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (response->vp_length < 50) {
REDEBUG("%s has the wrong format", env_data->chap2_response->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
* We also require a User-Name
*/
user_name = mschap_identity_find(request, tmpl_attr_tail_da(env_data->username));
- if (!user_name) RETURN_MODULE_FAIL;
+ if (!user_name) RETURN_UNLANG_FAIL;
/*
* Check for MS-CHAP-User-Name and if found, use it
*/
if (!auth_ctx->nt_password && inst->open_directory) {
RDEBUG2("No Password.NT available. Trying OpenDirectory Authentication");
- od_mschap_auth(&rcode, request, challenge, user_name, env_data);
- if (rcode != RLM_MODULE_NOOP) RETURN_MODULE_RCODE(rcode);
+ od_mschap_auth(p_result, request, challenge, user_name, env_data);
+ if (p_result->rcode != RLM_MODULE_NOOP) return UNLANG_ACTION_CALCULATE_RESULT;
}
#endif
peer_challenge = response->vp_octets + 2;
/*
* Check for errors, and add MSCHAP-Error if necessary.
*/
- mschap_error(&rcode, inst, request, *response->vp_octets,
+ mschap_error(p_result, inst, request, *response->vp_octets,
mschap_result, *mschap_version, auth_ctx->smb_ctrl, env_data);
- if (rcode != RLM_MODULE_OK) RETURN_MODULE_RCODE(rcode);
+ if (p_result->rcode != RLM_MODULE_OK) return UNLANG_ACTION_CALCULATE_RESULT;
#ifdef WITH_AUTH_WINBIND
if (inst->wb_retry_with_normalised_username) {
if (env_data->chap2_success) mschap_add_reply(request, *response->vp_octets,
tmpl_attr_tail_da(env_data->chap2_success), msch2resp, 42);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Complete mschap authentication after any tmpls have been expanded.
*
*/
-static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_authenticate_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
mschap_auth_ctx_t *auth_ctx = talloc_get_type_abort(mctx->rctx, mschap_auth_ctx_t);
mschap_auth_call_env_t *env_data = talloc_get_type_abort(auth_ctx->env_data, mschap_auth_call_env_t);
fr_pair_t *parent;
uint8_t nthashhash[NT_DIGEST_LENGTH];
int mschap_version = 0;
- rlm_rcode_t rcode = RLM_MODULE_OK;
+
+ p_result->rcode = RLM_MODULE_OK;
if (auth_ctx->cpw) {
uint8_t *p;
*/
if (!auth_ctx->nt_password) {
REDEBUG("Missing Password.NT - required for change password request");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (!env_data->chap_nt_enc_pw) {
REDEBUG("chap_nt_enc_pw option is not set - required for change password request");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
- mschap_process_cpw_request(&rcode, inst, request, auth_ctx);
- if (rcode != RLM_MODULE_OK) goto finish;
+ mschap_process_cpw_request(p_result, inst, request, auth_ctx);
+ if (p_result->rcode != RLM_MODULE_OK) goto finish;
/*
* Clear any expiry bit so the user can now login;
if (!challenge) {
REDEBUG("control.Auth-Type = %s set for a request that does not contain %s",
auth_ctx->name, env_data->chap_challenge->name);
- rcode = RLM_MODULE_INVALID;
+ p_result->rcode = RLM_MODULE_INVALID;
goto finish;
}
* We also require an MS-CHAP-Response.
*/
if ((response = fr_pair_find_by_da(&parent->vp_group, NULL, tmpl_attr_tail_da(env_data->chap_response)))) {
- mschap_process_response(&rcode,
+ mschap_process_response(p_result,
&mschap_version, nthashhash,
inst, request,
auth_ctx,
challenge, response);
- if (rcode != RLM_MODULE_OK) goto finish;
+ if (p_result->rcode != RLM_MODULE_OK) goto finish;
} else if ((response = fr_pair_find_by_da_nested(&parent->vp_group, NULL, tmpl_attr_tail_da(env_data->chap2_response)))) {
- mschap_process_v2_response(&rcode,
+ mschap_process_v2_response(p_result,
&mschap_version, nthashhash,
inst, request,
auth_ctx,
challenge, response);
- if (rcode != RLM_MODULE_OK) goto finish;
+ if (p_result->rcode != RLM_MODULE_OK) goto finish;
} else { /* Neither CHAPv1 or CHAPv2 response: die */
REDEBUG("control.Auth-Type = %s set for a request that does not contain %s or %s attributes",
auth_ctx->name, env_data->chap_response->name, env_data->chap2_response->name);
- rcode = RLM_MODULE_INVALID;
+ p_result->rcode = RLM_MODULE_INVALID;
goto finish;
}
} /* else we weren't asked to use MPPE */
finish:
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
#ifdef WITH_TLS
* MS-CHAP-Error for MS-CHAP or MS-CHAP v2
* If MS-CHAP2 succeeds we MUST return MS-CHAP2-Success
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_mschap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_mschap_t);
#ifdef WITH_AUTH_WINBIND
*/
if ((auth_ctx->smb_ctrl->vp_uint32 & ACB_PWNOTREQ) != 0) {
RDEBUG2("SMB-Account-Ctrl says no password is required");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
}
* input attribute, and we're calling out to an
* external password store.
*/
- if (nt_password_find(auth_ctx, &auth_ctx->nt_password, mctx->mi->data, request) < 0) RETURN_MODULE_FAIL;
+ if (nt_password_find(auth_ctx, &auth_ctx->nt_password, mctx->mi->data, request) < 0) RETURN_UNLANG_FAIL;
/*
* Check to see if this is a change password request, and process
*/
if (!auth_ctx->nt_password) {
REDEBUG("Missing Password.NT - required for change password request");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
- if (mschap_cpw_prepare(request, auth_ctx) < 0) RETURN_MODULE_FAIL;
+ if (mschap_cpw_prepare(request, auth_ctx) < 0) RETURN_UNLANG_FAIL;
switch (auth_ctx->method) {
case AUTH_INTERNAL:
#ifdef WITH_TLS
- if (mschap_new_pass_decrypt(request, auth_ctx) < 0) RETURN_MODULE_FAIL;
+ if (mschap_new_pass_decrypt(request, auth_ctx) < 0) RETURN_UNLANG_FAIL;
if (unlang_module_yield(request, mod_authenticate_resume, NULL, 0, auth_ctx) != UNLANG_ACTION_YIELD) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
fr_value_box_list_init(&auth_ctx->cpw_ctx->local_cpw_result);
if (unlang_tmpl_push(auth_ctx, &auth_ctx->cpw_ctx->local_cpw_result, request,
- env_data->local_cpw, NULL) < 0) RETURN_MODULE_FAIL;
+ env_data->local_cpw, NULL) < 0) RETURN_UNLANG_FAIL;
break;
#else
REDEBUG("Local MS-CHAPv2 password changes require OpenSSL support");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
#endif
default:
if (!env_data->ntlm_cpw_username) {
REDEBUG("No ntlm_auth username set, passchange will definitely fail!");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* Run the resumption function where we're done with:
*/
if (unlang_module_yield(request, mod_authenticate_resume, NULL, 0, auth_ctx) != UNLANG_ACTION_YIELD) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
};
/*
if (env_data->ntlm_cpw_domain) {
fr_value_box_list_init(&auth_ctx->cpw_ctx->cpw_domain);
if (unlang_tmpl_push(auth_ctx, &auth_ctx->cpw_ctx->cpw_domain, request,
- env_data->ntlm_cpw_domain, NULL) < 0) RETURN_MODULE_FAIL;
+ env_data->ntlm_cpw_domain, NULL) < 0) RETURN_UNLANG_FAIL;
}
fr_value_box_list_init(&auth_ctx->cpw_ctx->cpw_user);
* b) Expanding the username
*/
if (unlang_tmpl_push(auth_ctx, &auth_ctx->cpw_ctx->cpw_user, request,
- env_data->ntlm_cpw_username, NULL) < 0) RETURN_MODULE_FAIL;
+ env_data->ntlm_cpw_username, NULL) < 0) RETURN_UNLANG_FAIL;
break;
}
* Check the users password against the standard UNIX
* password table.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
int ret;
long odResult = eDSAuthFailed;
*/
if (!username) {
REDEBUG("Attribute \"User-Name\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (!password) {
REDEBUG("Attribute \"User-Password\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (password->vp_length == 0) {
REDEBUG("User-Password must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
return ret;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* member of the radius group?
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_opendirectory_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_opendirectory_t);
struct passwd *userdata = NULL;
username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
if (!username) {
RDEBUG2("OpenDirectory requires a User-Name attribute");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/* resolve SACL */
err = mbr_gid_to_uuid(gid, guid_sacl);
if (err != 0) {
REDEBUG("The group \"%s\" does not have a GUID", kRadiusSACLName);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
groupdata = getgrnam(client->community);
if (!groupdata) {
REDEBUG("The group \"%s\" does not exist on this system", client->community);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
err = mbr_gid_to_uuid(groupdata->gr_gid, guid_nasgroup);
if (err != 0) {
REDEBUG("The group \"%s\" does not have a GUID", client->community);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
}
if (uuid_is_null(uuid)) {
REDEBUG("Could not get the user's uuid");
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
}
if (!uuid_is_null(guid_sacl)) {
err = mbr_check_service_membership(uuid, kRadiusServiceName, &ismember);
if (err != 0) {
REDEBUG("Failed to check group membership");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (ismember == 0) {
REDEBUG("User is not authorized");
- RETURN_MODULE_DISALLOW;
+ RETURN_UNLANG_DISALLOW;
}
}
err = mbr_check_membership_refresh(uuid, guid_nasgroup, &ismember);
if (err != 0) {
REDEBUG("Failed to check group membership");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (ismember == 0) {
REDEBUG("User is not authorized");
- RETURN_MODULE_DISALLOW;
+ RETURN_UNLANG_DISALLOW;
}
}
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup OpenDirectory authentication",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
- if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP;
+ if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static int mod_instantiate(module_inst_ctx_t const *mctx)
return 0;
}
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_pam_t const *data = talloc_get_type_abort_const(mctx->mi->data, rlm_pam_t);
int ret;
*/
if (!username) {
REDEBUG("Attribute \"User-Name\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (!password) {
REDEBUG("Attribute \"User-Password\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (password->vp_length == 0) {
REDEBUG("User-Password must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
if (pair) pam_auth_string = pair->vp_strvalue;
ret = do_pam(request, username->vp_strvalue, password->vp_strvalue, pam_auth_string);
- if (ret < 0) RETURN_MODULE_REJECT;
+ if (ret < 0) RETURN_UNLANG_REJECT;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
extern module_rlm_t rlm_pam;
* @copyright 2012 Matthew Newton (matthew@newtoncomputing.co.uk)
* @copyright 2001 Kostas Kalevras (kkalev@noc.ntua.gr)
*/
+#include "lib/unlang/action.h"
RCSID("$Id$")
USES_APPLE_DEPRECATED_API
bool normify;
} rlm_pap_t;
-typedef unlang_action_t (*pap_auth_func_t)(rlm_rcode_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *);
+typedef unlang_action_t (*pap_auth_func_t)(unlang_result_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *);
static const conf_parser_t module_config[] = {
{ FR_CONF_OFFSET("normalise", rlm_pap_t, normify), .dflt = "yes" },
* This isn't strictly necessary, but it does make the
* server simpler to configure.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_pap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_pap_t);
pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t);
if (fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type) != NULL) {
RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (env_data->password.type != FR_TYPE_STRING) {
RDEBUG2("No %s attribute in the request. Cannot do PAP", env_data->password_tmpl->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup PAP authentication.",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
- if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP;
+ if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP;
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
/*
* PAP authentication functions
*/
-static unlang_action_t CC_HINT(nonnull) pap_auth_clear(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_clear(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
REDEBUG("Cleartext password does not match \"known good\" password");
REDEBUG3("Password : %pV", password);
REDEBUG3("Expected : %pV", &known_good->data);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
#ifdef HAVE_CRYPT
-static unlang_action_t CC_HINT(nonnull) pap_auth_crypt(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_crypt(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
*/
if (!crypt_out || (cmp != 0)) {
REDEBUG("Crypt digest does not match \"known good\" digest");
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
#endif
-static unlang_action_t CC_HINT(nonnull) pap_auth_md5(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_md5(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
if (known_good->vp_length != MD5_DIGEST_LENGTH) {
REDEBUG("\"known-good\" MD5 password has incorrect length, expected 16 got %zu", known_good->vp_length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
fr_md5_calc(digest, password->vb_octets, password->vb_length);
REDEBUG3("Password : %pV", password);
REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH));
REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH));
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t CC_HINT(nonnull) pap_auth_smd5(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_smd5(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
if (known_good->vp_length <= MD5_DIGEST_LENGTH) {
REDEBUG("\"known-good\" Password.SMD5 has incorrect length, expected 16 got %zu", known_good->vp_length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
md5_ctx = fr_md5_ctx_alloc_from_list();
REDEBUG3("Password : %pV", password);
REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH));
REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH));
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t CC_HINT(nonnull) pap_auth_sha1(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_sha1(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
if (known_good->vp_length != SHA1_DIGEST_LENGTH) {
REDEBUG("\"known-good\" Password.SHA1 has incorrect length, expected 20 got %zu", known_good->vp_length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
fr_sha1_init(&sha1_context);
REDEBUG3("Password : %pV", password);
REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH));
REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH));
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t CC_HINT(nonnull) pap_auth_ssha1(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_ssha1(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
if (known_good->vp_length <= SHA1_DIGEST_LENGTH) {
REDEBUG("\"known-good\" Password.SSHA has incorrect length, expected > 20 got %zu", known_good->vp_length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
fr_sha1_init(&sha1_context);
known_good->vp_length - SHA1_DIGEST_LENGTH));
REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH));
REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH));
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
#ifdef HAVE_OPENSSL_EVP_H
-static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password,
char const *name, EVP_MD const *md)
REDEBUG3("Password : %pV", password);
REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
REDEBUG3("Expected : %pH", &known_good->data);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md_salted(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md_salted(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password,
char const *name, EVP_MD const *md)
fr_box_octets(known_good->vp_octets + digest_len, known_good->vp_length - digest_len));
REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, digest_len));
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Define a new OpenSSL EVP based password hashing function
*
*/
#define PAP_AUTH_EVP_MD(_func, _new_func, _name, _md) \
-static unlang_action_t CC_HINT(nonnull) _new_func(rlm_rcode_t *p_result, \
+static unlang_action_t CC_HINT(nonnull) _new_func(unlang_result_t *p_result, \
rlm_pap_t const *inst, request_t *request, \
fr_pair_t const *known_good, fr_value_box_t const *password) \
{ \
* - RLM_MODULE_REJECT
* - RLM_MODULE_OK
*/
-static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(rlm_rcode_t *p_result,
+static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(unlang_result_t *p_result,
request_t *request, const uint8_t *str, size_t len,
int digest_type, char iter_sep, char salt_sep,
bool iter_is_base64, fr_value_box_t const *password)
finish:
talloc_free(salt);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/** Validates Crypt::PBKDF2 LDAP format strings
* - RLM_MODULE_REJECT
* - RLM_MODULE_OK
*/
-static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(rlm_rcode_t *p_result,
+static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(unlang_result_t *p_result,
request_t *request, const uint8_t *str, size_t len,
fr_table_num_sorted_t const hash_names[], size_t hash_names_len,
char scheme_sep, char iter_sep, char salt_sep,
return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, digest_type, iter_sep, salt_sep, iter_is_base64, password);
finish:
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
-static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(rlm_rcode_t *p_result,
+static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst,
request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
if ((end - p) < 2) {
REDEBUG("Password.PBKDF2 too short");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
REDEBUG("Can't determine format of Password.PBKDF2");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
* 389ds pbkdf2 passwords
- *
+ *
* {PBKDF2-<digest>}<rounds>$<b64_salt>$<b64_hash>
*/
-static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha1(rlm_rcode_t *p_result,
+static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha1(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst,
request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
if ((end - p) < 2) {
REDEBUG("Password.With-Header {PBKDF2-SHA1} too short");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA1, '$', '$', false, password);
}
-static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256(rlm_rcode_t *p_result,
+static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst,
request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
if ((end - p) < 2) {
REDEBUG("Password.With-Header {PBKDF2-SHA256} too short");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_256, '$', '$', false, password);
}
-static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(rlm_rcode_t *p_result,
+static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst,
request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
if ((end - p) < 2) {
REDEBUG("Password.With-Header {PBKDF2-SHA512} too short");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_512, '$', '$', false, password);
* 64 bytes salt
* 256 bytes hash
*/
-static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(rlm_rcode_t *p_result,
+static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst,
request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
if ((end - p) != PBKDF2_SHA256_LEGACY_B64_LENGTH) {
REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect size %zd instead of %d.", known_good->vp_length, PBKDF2_SHA256_LEGACY_B64_LENGTH);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
slen = fr_base64_decode(&FR_DBUFF_TMP((uint8_t *) &pbkdf2_buf, sizeof(pbkdf2_buf)),
if (slen <= 0) {
RPEDEBUG("Failed decoding Password.With-Header {PBKDF2_SHA256}: \"%.*s\"", (int)(end -p), p);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (slen != PBKDF2_SHA256_LEGACY_TOTAL_LENGTH) {
REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect decoded size %zd instead of %d.", slen, PBKDF2_SHA256_LEGACY_TOTAL_LENGTH);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
pbkdf2_buf.iterations = ntohl(pbkdf2_buf.iterations);
if (pbkdf2_buf.iterations != PBKDF2_SHA256_LEGACY_ITERATIONS) {
REDEBUG("Password.With-Header {PBKDF2_SHA256} has unexpected number of iterations %d instead of %d.", pbkdf2_buf.iterations, PBKDF2_SHA256_LEGACY_ITERATIONS);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (PKCS5_PBKDF2_HMAC((char const *)password->vb_octets, (int)password->vb_length,
evp_md,
(int)digest_len, (unsigned char *)digest) == 0) {
fr_tls_log(request, "PBKDF2_SHA256 digest failure");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (fr_digest_cmp(digest, pbkdf2_buf.hash, (size_t)digest_len) != 0) {
REDEBUG3("Salt : %pH", fr_box_octets(pbkdf2_buf.salt, PBKDF2_SHA256_LEGACY_SALT_LENGTH));
REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len));
REDEBUG3("Expected : %pH", fr_box_octets(pbkdf2_buf.hash, PBKDF2_SHA256_LEGACY_HASH_LENGTH));
- RETURN_MODULE_RCODE(RLM_MODULE_REJECT);
+ RETURN_UNLANG_RCODE(RLM_MODULE_REJECT);
} else {
- RETURN_MODULE_RCODE(RLM_MODULE_OK);
+ RETURN_UNLANG_RCODE(RLM_MODULE_OK);
}
}
#endif
-static unlang_action_t CC_HINT(nonnull) pap_auth_nt(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_nt(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
if (known_good->vp_length != MD4_DIGEST_LENGTH) {
REDEBUG("\"known good\" Password.NT has incorrect length, expected 16 got %zu", known_good->vp_length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
len = fr_utf8_to_ucs2(ucs2, sizeof(ucs2),
password->vb_strvalue, password->vb_length);
if (len < 0) {
REDEBUG("User-Password is not in UCS2 format");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
fr_md4_calc(digest, (uint8_t *)ucs2, len);
REDEBUG("NT digest does not match \"known good\" digest");
REDEBUG3("Calculated : %pH", fr_box_octets(digest, sizeof(digest)));
REDEBUG3("Expected : %pH", &known_good->data);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, request_t *request,
fr_pair_t const *known_good, fr_value_box_t const *password)
{
if (known_good->vp_length != 64) {
REDEBUG("\"known good\" Password.NS-MTA-MD5 has incorrect length, expected 64 got %zu",
known_good->vp_length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
if (fr_base16_decode(NULL, &digest_dbuff,
&FR_SBUFF_IN(known_good->vp_strvalue, known_good->vp_length), false) != 16) {
REDEBUG("\"known good\" Password.NS-MTA-MD5 has invalid value");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (password->vb_length >= (sizeof(buff) - 2 - 2 * 32)) {
REDEBUG("\"known good\" Password.NS-MTA-MD5 is too long");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
if (fr_digest_cmp(fr_dbuff_start(&digest_dbuff), buff, 16) != 0) {
REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Auth func for password types that should have been normalised away
*
*/
-static unlang_action_t CC_HINT(nonnull) pap_auth_dummy(rlm_rcode_t *p_result,
+static unlang_action_t CC_HINT(nonnull) pap_auth_dummy(unlang_result_t *p_result,
UNUSED rlm_pap_t const *inst, UNUSED request_t *request,
UNUSED fr_pair_t const *known_good, UNUSED fr_value_box_t const *password)
{
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/** Table of password types we can process
/*
* Authenticate the user via one of any well-known password.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_pap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_pap_t);
fr_pair_t *known_good;
- rlm_rcode_t rcode = RLM_MODULE_INVALID;
pap_auth_func_t auth_func;
bool ephemeral;
pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t);
+ p_result->rcode = RLM_MODULE_INVALID;
+
if (env_data->password.type != FR_TYPE_STRING) {
REDEBUG("You set 'Auth-Type = PAP' for a request that does not contain a %s attribute!",
env_data->password_tmpl->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (env_data->password.vb_length == 0) {
REDEBUG("Password must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (RDEBUG_ENABLED3) {
inst->normify);
if (!known_good) {
REDEBUG("No \"known good\" password found for user");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
fr_assert(known_good->da->attr < NUM_ELEMENTS(auth_func_table));
/*
* Authenticate, and return.
*/
- auth_func(&rcode, inst, request, known_good, &env_data->password);
+ auth_func(p_result, inst, request, known_good, &env_data->password);
if (ephemeral) TALLOC_FREE(known_good);
- switch (rcode) {
+ switch (p_result->rcode) {
case RLM_MODULE_REJECT:
REDEBUG("Password incorrect");
break;
break;
}
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
static int mod_instantiate(module_inst_ctx_t const *mctx)
}
}
-static unlang_action_t CC_HINT(nonnull) mod_passwd_map(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_passwd_map(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_passwd_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_passwd_t);
int found = 0;
key = fr_pair_find_by_da(&request->request_pairs, NULL, inst->keyattr);
- if (!key) RETURN_MODULE_NOTFOUND;
+ if (!key) RETURN_UNLANG_NOTFOUND;
for (i = fr_pair_dcursor_by_da_init(&cursor, &request->request_pairs, inst->keyattr);
i;
if (!inst->allow_multiple) break;
}
- if (!found) RETURN_MODULE_NOTFOUND;
+ if (!found) RETURN_UNLANG_NOTFOUND;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
extern module_rlm_t rlm_passwd;
* Store all vps in hashes %RAD_CONFIG %RAD_REPLY %RAD_REQUEST
*
*/
-static unlang_action_t CC_HINT(nonnull) mod_perl(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_perl(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_perl_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_perl_t);
perl_call_env_t *func = talloc_get_type_abort(mctx->env_data, perl_call_env_t);
LEAVE;
}
- RETURN_MODULE_RCODE(ret);
+ RETURN_UNLANG_RCODE(ret);
}
DIAG_OFF(DIAG_UNKNOWN_PRAGMAS)
* @copyright 2000,2006,2015-2016 The FreeRADIUS server project
* @copyright 2025 Network RADIUS SAS
*/
+#include "lib/unlang/action.h"
RCSID("$Id$")
#define LOG_PREFIX inst->name
return py_list;
}
-static unlang_action_t do_python_single(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+static unlang_action_t do_python_single(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request, PyObject *p_func, char const *funcname)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
py_request = PyObject_CallObject((PyObject *)&py_freeradius_request_def, NULL);
if (unlikely(!py_request)) {
python_error_log(inst, request);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
our_request = (py_freeradius_request_t *)py_request;
req_error:
Py_DECREF(py_request);
python_error_log(inst, request);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
our_request->reply = pair_list_alloc(request, request_attr_reply);
Py_XDECREF(p_ret);
Py_XDECREF(py_request);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/** Thread safe call to a python function
*
* Will swap in thread state specific to module/thread.
*/
-static unlang_action_t mod_python(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_python(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_python_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_python_thread_t);
python_call_env_t *func = talloc_get_type_abort(mctx->env_data, python_call_env_t);
- rlm_rcode_t rcode;
/*
* It's a NOOP if the function wasn't defined
*/
- if (!func->func->function) RETURN_MODULE_NOOP;
+ if (!func->func->function) RETURN_UNLANG_NOOP;
RDEBUG3("Using thread state %p/%p", mctx->mi->data, t->state);
PyEval_RestoreThread(t->state); /* Swap in our local thread state */
- do_python_single(&rcode, mctx, request, func->func->function, func->func->function_name);
+ do_python_single(p_result, mctx, request, func->func->function, func->func->function_name);
(void)fr_cond_assert(PyEval_SaveThread() == t->state);
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
static void python_obj_destroy(PyObject **ob)
* Call the instantiate function.
*/
if (inst->instantiate.function) {
- rlm_rcode_t rcode;
+ unlang_result_t result;
- do_python_single(&rcode, MODULE_CTX_FROM_INST(mctx), NULL, inst->instantiate.function, "instantiate");
- switch (rcode) {
+ do_python_single(&result, MODULE_CTX_FROM_INST(mctx), NULL, inst->instantiate.function, "instantiate");
+ switch (result.rcode) {
case RLM_MODULE_FAIL:
case RLM_MODULE_REJECT:
error:
* We don't care if this fails.
*/
if (inst->detach.function) {
- rlm_rcode_t rcode;
+ unlang_result_t result;
- (void)do_python_single(&rcode, MODULE_CTX_FROM_INST(mctx), NULL, inst->detach.function, "detach");
+ (void)do_python_single(&result, MODULE_CTX_FROM_INST(mctx), NULL, inst->detach.function, "detach");
}
#define PYTHON_FUNC_DESTROY(_x) python_function_destroy(&inst->_x)
/** Resume execution of the request, returning the rcode set during trunk execution
*
*/
-static unlang_action_t mod_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t mod_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
bio_request_t *u = talloc_get_type_abort(mctx->rctx, bio_request_t);
rlm_rcode_t rcode = u->rcode;
talloc_free(u);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
static void do_signal(rlm_radius_t const *inst, bio_request_t *u, request_t *request, fr_signal_t action);
/** Send packets outbound.
*
*/
-static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_radius_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_radius_t);
bio_thread_t *thread = talloc_get_type_abort(mctx->thread, bio_thread_t);
if (!request->packet->code) {
REDEBUG("You MUST specify a packet code");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if ((request->packet->code >= FR_RADIUS_CODE_MAX) ||
!fr_time_delta_ispos(inst->retry[request->packet->code].irt)) { /* can't be zero */
REDEBUG("Invalid packet code %u", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
if ((inst->mode == RLM_RADIUS_MODE_UNCONNECTED_REPLICATE) ||
(inst->mode == RLM_RADIUS_MODE_XLAT_PROXY)) {
REDEBUG("When using 'mode = unconnected-*', this module cannot be used in-place. Instead, it must be called via a function call");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
client = client_from_request(request);
if (client && client->dynamic && !client->active) {
REDEBUG("Cannot proxy packets which define dynamic clients");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* the request...
*/
rcode = mod_enqueue(&u, &retry_config, inst, thread->ctx.trunk, request);
- if (rcode == 0) RETURN_MODULE_NOOP;
- if (rcode < 0) RETURN_MODULE_FAIL;
+ if (rcode == 0) RETURN_UNLANG_NOOP;
+ if (rcode < 0) RETURN_UNLANG_FAIL;
return unlang_module_yield_to_retry(request, mod_resume, mod_retry, mod_signal, 0, u, retry_config);
}
if (env->pool_name.vb_length > IPPOOL_MAX_KEY_PREFIX_SIZE) { \
REDEBUG("Pool name too long. Expected %u bytes, got %ld bytes", \
IPPOOL_MAX_KEY_PREFIX_SIZE, env->pool_name.vb_length); \
- RETURN_MODULE_FAIL; \
+ RETURN_UNLANG_FAIL; \
} \
if (env->pool_name.vb_length == 0) { \
RDEBUG2("Empty pool name. Doing nothing"); \
- RETURN_MODULE_NOOP; \
+ RETURN_UNLANG_NOOP; \
}
-static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_alloc(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_redis_ippool_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_redis_ippool_t);
redis_ippool_alloc_call_env_t *env = talloc_get_type_abort(mctx->env_data, redis_ippool_alloc_call_env_t);
switch (redis_ippool_allocate(inst, request, env, lease_time)) {
case IPPOOL_RCODE_SUCCESS:
RDEBUG2("IP address lease allocated");
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
case IPPOOL_RCODE_POOL_EMPTY:
RWDEBUG("Pool contains no free addresses");
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
-static unlang_action_t CC_HINT(nonnull) mod_update(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_update(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_redis_ippool_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_redis_ippool_t);
redis_ippool_update_call_env_t *env = talloc_get_type_abort(mctx->env_data, redis_ippool_update_call_env_t);
fr_value_box_copy(NULL, &ip_rhs.data.literal, &env->requested_address);
- if (map_to_request(request, &ip_map, map_to_vp, NULL) < 0) RETURN_MODULE_FAIL;
+ if (map_to_request(request, &ip_map, map_to_vp, NULL) < 0) RETURN_UNLANG_FAIL;
}
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
/*
* It's useful to be able to identify the 'not found' case
case IPPOOL_RCODE_NOT_FOUND:
REDEBUG("Requested IP address \"%pV\" is not a member of the specified pool",
&env->requested_address);
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
case IPPOOL_RCODE_EXPIRED:
REDEBUG("Requested IP address' \"%pV\" lease already expired at time of renewal",
&env->requested_address);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
case IPPOOL_RCODE_DEVICE_MISMATCH:
REDEBUG("Requested IP address' \"%pV\" lease allocated to another device",
&env->requested_address);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
-static unlang_action_t CC_HINT(nonnull) mod_release(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_release(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_redis_ippool_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_redis_ippool_t);
redis_ippool_release_call_env_t *env = talloc_get_type_abort(mctx->env_data, redis_ippool_release_call_env_t);
switch (redis_ippool_release(inst, request, &env->pool_name, &env->requested_address.datum.ip, &env->owner)) {
case IPPOOL_RCODE_SUCCESS:
RDEBUG2("IP address \"%pV\" released", &env->requested_address);
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
/*
* It's useful to be able to identify the 'not found' case
case IPPOOL_RCODE_NOT_FOUND:
REDEBUG("Requested IP address \"%pV\" is not a member of the specified pool",
&env->requested_address);
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
case IPPOOL_RCODE_DEVICE_MISMATCH:
REDEBUG("Requested IP address' \"%pV\" lease allocated to another device",
&env->requested_address);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
-static unlang_action_t CC_HINT(nonnull) mod_bulk_release(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx,
+static unlang_action_t CC_HINT(nonnull) mod_bulk_release(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx,
request_t *request)
{
RDEBUG2("Bulk release not yet implemented");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
static int mod_instantiate(module_inst_ctx_t const *mctx)
return ret;
}
-static unlang_action_t mod_accounting_all(rlm_rcode_t *p_result, rlm_rediswho_t const *inst, request_t *request,
+static unlang_action_t mod_accounting_all(unlang_result_t *p_result, rlm_rediswho_t const *inst, request_t *request,
char const *insert,
char const *trim,
char const *expire)
int ret;
ret = rediswho_command(inst, request, insert);
- if (ret < 0) RETURN_MODULE_FAIL;
+ if (ret < 0) RETURN_UNLANG_FAIL;
/* Only trim if necessary */
if (trim && (inst->trim_count >= 0) && (ret > inst->trim_count)) {
- if (rediswho_command(inst, request, trim) < 0) RETURN_MODULE_FAIL;
+ if (rediswho_command(inst, request, trim) < 0) RETURN_UNLANG_FAIL;
}
- if (rediswho_command(inst, request, expire) < 0) RETURN_MODULE_FAIL;
- RETURN_MODULE_OK;
+ if (rediswho_command(inst, request, expire) < 0) RETURN_UNLANG_FAIL;
+ RETURN_UNLANG_OK;
}
-static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rediswho_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rediswho_t);
CONF_SECTION *conf = mctx->mi->conf;
- rlm_rcode_t rcode;
fr_pair_t *vp;
fr_dict_enum_value_t const *dv;
CONF_SECTION *cs;
vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_acct_status_type);
if (!vp) {
RDEBUG2("Could not find account status type in packet");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
dv = fr_dict_enum_by_value(vp->da, &vp->data);
if (!dv) {
RDEBUG2("Unknown Acct-Status-Type %u", vp->vp_uint32);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
cs = cf_section_find(conf, dv->name, NULL);
if (!cs) {
RDEBUG2("No subsection %s", dv->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
insert = cf_pair_value(cf_pair_find(cs, "insert"));
if (!insert) {
RDEBUG("No 'insert' query - ignoring");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (!expire) {
RDEBUG("No 'expire' query - ignoring");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
- return mod_accounting_all(&rcode, inst, request, insert, trim, expire);
+ return mod_accounting_all(p_result, inst, request, insert, trim, expire);
}
static int mod_instantiate(module_inst_ctx_t const *mctx)
return unlang_xlat_yield(request, rest_xlat_resume, rest_io_xlat_signal, ~FR_SIGNAL_CANCEL, rctx);
}
-static unlang_action_t mod_authorize_result(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_authorize_result(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
rlm_rest_section_t const *section = &inst->authenticate;
finish:
rest_slab_release(handle);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/*
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t);
if (!section->name) {
RDEBUG2("No authorize section configured");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
handle = rest_slab_reserve(t->slab);
- if (!handle) RETURN_MODULE_FAIL;
+ if (!handle) RETURN_UNLANG_FAIL;
ret = rlm_rest_perform(mctx, section, handle, request);
if (ret < 0) {
rest_slab_release(handle);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield(request, mod_authorize_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle);
}
-static unlang_action_t mod_authenticate_result(rlm_rcode_t *p_result,
+static unlang_action_t mod_authenticate_result(unlang_result_t *p_result,
module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
finish:
rest_slab_release(handle);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/*
* Authenticate the user with the given password.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t);
if (!section->name) {
RDEBUG2("No authentication section configured");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
*/
if (!call_env->request.username) {
REDEBUG("Attribute \"User-Name\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (!call_env->request.password) {
REDEBUG("Attribute \"User-Password\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (call_env->request.password->vb_length == 0) {
REDEBUG("User-Password must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
}
handle = rest_slab_reserve(t->slab);
- if (!handle) RETURN_MODULE_FAIL;
+ if (!handle) RETURN_UNLANG_FAIL;
ret = rlm_rest_perform(mctx, section, handle, request);
if (ret < 0) {
rest_slab_release(handle);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield(request, mod_authenticate_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle);
}
-static unlang_action_t mod_accounting_result(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_accounting_result(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
rlm_rest_section_t const *section = &inst->authenticate;
finish:
rest_slab_release(handle);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/*
* Send accounting info to a REST API endpoint
*/
-static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t);
if (!section->name) {
RDEBUG2("No accounting section configured");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
handle = rest_slab_reserve(t->slab);
- if (!handle) RETURN_MODULE_FAIL;
+ if (!handle) RETURN_UNLANG_FAIL;
ret = rlm_rest_perform(mctx, section, handle, request);
if (ret < 0) {
rest_slab_release(handle);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield(request, mod_accounting_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle);
}
-static unlang_action_t mod_post_auth_result(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_post_auth_result(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
rlm_rest_section_t const *section = &inst->authenticate;
finish:
rest_slab_release(handle);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/*
* Send post-auth info to a REST API endpoint
*/
-static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t);
rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t);
if (!section->name) {
RDEBUG2("No post-auth section configured");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
handle = rest_slab_reserve(t->slab);
- if (!handle) RETURN_MODULE_FAIL;
+ if (!handle) RETURN_UNLANG_FAIL;
ret = rlm_rest_perform(mctx, section, handle, request);
if (ret < 0) {
rest_slab_release(handle);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield(request, mod_post_auth_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle);
/*
* Authenticate the user via one of any well-known password.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
int rcode;
rlm_securid_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_securid_t);
*/
if (!username) {
REDEBUG("Attribute \"User-Name\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (!password) {
REDEBUG("Attribute \"User-Password\" is required for authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (password->vp_length == 0) {
REDEBUG("Password should not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (RDEBUG_ENABLED3) {
MEM(pair_update_reply(&vp, attr_reply_message) >= 0);
fr_pair_value_strdup(vp, buffer, false);
}
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
txn->ctx.request = NULL; /* remove the link to the (now dead) request */
}
-static unlang_action_t sigtran_client_map_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t sigtran_client_map_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
sigtran_transaction_t *txn = talloc_get_type_abort(mctx->rctx, sigtran_transaction_t);
rlm_rcode_t rcode;
}
talloc_free(txn);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
/** Create a MAP_SEND_AUTH_INFO request
* @param conn current connection.
* @param fd file descriptor on which the transaction is done
*/
-unlang_action_t sigtran_client_map_send_auth_info(rlm_rcode_t *p_result, rlm_sigtran_t const *inst, request_t *request,
+unlang_action_t sigtran_client_map_send_auth_info(unlang_result_t *p_result, rlm_sigtran_t const *inst, request_t *request,
sigtran_conn_t const *conn, int fd)
{
sigtran_transaction_t *txn;
ERROR("Failed retrieving version");
error:
talloc_free(txn);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
switch (req->version) {
{ NULL }
};
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_sigtran_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sigtran_t);
rlm_sigtran_thread_t const *t = talloc_get_type_abort_const(mctx->thread, rlm_sigtran_thread_t);
int sigtran_client_link_down(sigtran_conn_t const **conn);
-unlang_action_t sigtran_client_map_send_auth_info(rlm_rcode_t *p_result, rlm_sigtran_t const *inst, request_t *request,
+unlang_action_t sigtran_client_map_send_auth_info(unlang_result_t *p_result, rlm_sigtran_t const *inst, request_t *request,
sigtran_conn_t const *conn, int fd);
/*
* When responding to requests initiated by mod_mail this indicates
* the mail has been queued.
*/
-static unlang_action_t smtp_io_module_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t smtp_io_module_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_smtp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_smtp_t);
fr_curl_io_request_t *randle = talloc_get_type_abort(mctx->rctx, fr_curl_io_request_t);
switch (result) {
case CURLE_PEER_FAILED_VERIFICATION:
case CURLE_LOGIN_DENIED:
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
default:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
}
if (tls->extract_cert_attrs) fr_curl_response_certinfo(request, randle);
smtp_slab_release(randle);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Then it queues the request and yields until a response is given
* When it responds, smtp_io_module_resume is called.
*/
-static unlang_action_t CC_HINT(nonnull) mod_mail(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_mail(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_smtp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_smtp_t);
rlm_smtp_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_smtp_thread_t);
/* Make sure all of the essential email components are present and possible*/
if (!smtp_body) {
RDEBUG2("Attribute \"smtp-body\" is required for smtp");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (!call_env->sender_address && !inst->envelope_address) {
RDEBUG2("At least one of \"sender_address\" or \"envelope_address\" in the config, or \"SMTP-Sender-Address\" in the request is needed");
error:
if (randle) smtp_slab_release(randle);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
smtp_slab_reserve(t->slab_persist);
if (!randle) {
RDEBUG2("A handle could not be allocated for the request");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/* Initialize the uctx to perform the email */
/* Add the mime endoced elements to the curl request */
FR_CURL_REQUEST_SET_OPTION(CURLOPT_MIMEPOST, mail_ctx->mime);
- if (fr_curl_io_request_enqueue(t->mhandle, request, randle)) RETURN_MODULE_INVALID;
+ if (fr_curl_io_request_enqueue(t->mhandle, request, randle)) RETURN_UNLANG_INVALID;
return unlang_module_yield(request, smtp_io_module_resume, smtp_io_module_signal, ~FR_SIGNAL_CANCEL, randle);
}
* Then it queues the request and yields until a response is given
* When it responds, smtp_io_module_resume is called.
*/
-static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_smtp_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_smtp_thread_t);
rlm_smtp_auth_env_t *env_data = talloc_get_type_abort(mctx->env_data, rlm_smtp_auth_env_t);
if (!env_data->username_tmpl) {
RDEBUG("No 'username' was set for authentication - failing the request");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (!env_data->password_tmpl) {
RDEBUG("No 'username' was set for authentication - failing the request");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (env_data->username.type != FR_TYPE_STRING || (env_data->username.vb_length == 0)) {
RWARN("\"%s\" is required for authentication", env_data->username_tmpl->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (env_data->password.type != FR_TYPE_STRING || (env_data->password.vb_length == 0)) {
RWARN("\"%s\" is required for authentication", env_data->password_tmpl->name);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
randle = smtp_slab_reserve(t->slab_onetime);
if (!randle) {
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
FR_CURL_REQUEST_SET_OPTION(CURLOPT_USERNAME, env_data->username.vb_strvalue);
if (fr_curl_io_request_enqueue(t->mhandle, request, randle) < 0) {
error:
smtp_slab_release(randle);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_module_yield(request, smtp_io_module_resume, smtp_io_module_signal, ~FR_SIGNAL_CANCEL, randle);
/*
* A lie! It always returns!
*/
-static unlang_action_t sometimes_return(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request,
+static unlang_action_t sometimes_return(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request,
fr_packet_t *packet, fr_packet_t *reply)
{
rlm_sometimes_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sometimes_t);
/*
* Set it to NOOP and the module will always do nothing
*/
- if (inst->rcode == RLM_MODULE_NOOP) RETURN_MODULE_RCODE(inst->rcode);
+ if (inst->rcode == RLM_MODULE_NOOP) RETURN_UNLANG_RCODE(inst->rcode);
/*
* Hash based on the given key. Usually User-Name.
*/
- if (tmpl_find_vp(&vp, request, inst->key) < 0) RETURN_MODULE_NOOP;
+ if (tmpl_find_vp(&vp, request, inst->key) < 0) RETURN_UNLANG_NOOP;
switch (vp->vp_type) {
case FR_TYPE_OCTETS:
break;
case FR_TYPE_STRUCTURAL:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
default:
hash = fr_hash(&vp->data.datum, fr_value_box_field_sizes[vp->vp_type]);
value /= (1 << 16);
value *= 100;
- if (value > inst->percentage) RETURN_MODULE_NOOP;
+ if (value > inst->percentage) RETURN_UNLANG_NOOP;
/*
* If we're returning "handled", then set the packet
}
}
- RETURN_MODULE_RCODE(inst->rcode);
+ RETURN_UNLANG_RCODE(inst->rcode);
}
-static unlang_action_t CC_HINT(nonnull) mod_sometimes_packet(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_sometimes_packet(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
return sometimes_return(p_result, mctx, request, request->packet, request->reply);
}
-static unlang_action_t CC_HINT(nonnull) mod_sometimes_reply(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_sometimes_reply(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
return sometimes_return(p_result, mctx, request, request->reply, NULL);
}
* @param request Current authorization context.
* @return one of the RLM_MODULE_* values.
*/
-static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(mctx->rctx, sql_autz_ctx_t);
sql_autz_call_env_t *call_env = autz_ctx->call_env;
sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
fr_pair_t *vp;
- switch (*p_result) {
+ switch (p_result->rcode) {
case RLM_MODULE_USER_SECTION_REJECT:
return UNLANG_ACTION_CALCULATE_RESULT;
switch(autz_ctx->status) {
case SQL_AUTZ_GROUP_MEMB:
- if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
MEM(autz_ctx->group_ctx = talloc(autz_ctx, sql_group_ctx_t));
*autz_ctx->group_ctx = (sql_group_ctx_t) {
.inst = inst,
}
if (call_env->group_check_query) {
- if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
- call_env->group_check_query, NULL) < 0) RETURN_MODULE_FAIL;
+ call_env->group_check_query, NULL) < 0) RETURN_UNLANG_FAIL;
return UNLANG_ACTION_PUSHED_CHILD;
}
.query = query,
};
- if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_CHECK_RESUME : SQL_AUTZ_PROFILE_CHECK_RESUME;
return UNLANG_ACTION_PUSHED_CHILD;
if (call_env->group_reply_query) {
group_reply_push:
- if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
- call_env->group_reply_query, NULL) < 0) RETURN_MODULE_FAIL;
+ call_env->group_reply_query, NULL) < 0) RETURN_UNLANG_FAIL;
autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY : SQL_AUTZ_PROFILE_REPLY;
return UNLANG_ACTION_PUSHED_CHILD;
}
.expand_rhs = true,
};
- if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY_RESUME : SQL_AUTZ_PROFILE_REPLY_RESUME;
return UNLANG_ACTION_PUSHED_CHILD;
if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
RPEDEBUG("Failed applying reply item");
REXDENT();
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
REXDENT();
map_list_talloc_free(&autz_ctx->reply_tmp);
}
}
- if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND;
+ if (!autz_ctx->user_found) RETURN_UNLANG_NOTFOUND;
- RETURN_MODULE_RCODE(autz_ctx->rcode);
+ RETURN_UNLANG_RCODE(autz_ctx->rcode);
}
/** Resume function called after authorization check / reply tmpl expansion
* @param request Current request.
* @return one of the RLM_MODULE_* values.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(mctx->rctx, sql_autz_ctx_t);
sql_autz_call_env_t *call_env = autz_ctx->call_env;
/*
* If a previous async call returned one of the "failure" results just return.
*/
- switch (*p_result) {
+ switch (p_result->rcode) {
case RLM_MODULE_USER_SECTION_REJECT:
return UNLANG_ACTION_CALCULATE_RESULT;
.query = query,
};
- if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
autz_ctx->status = SQL_AUTZ_CHECK_RESUME;
return UNLANG_ACTION_PUSHED_CHILD;
if (!call_env->reply_query) goto skip_reply;
- if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
- if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
+ if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) RETURN_UNLANG_FAIL;
autz_ctx->status = SQL_AUTZ_REPLY;
return UNLANG_ACTION_PUSHED_CHILD;
.expand_rhs = true,
};
- if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
autz_ctx->status = SQL_AUTZ_REPLY_RESUME;
return UNLANG_ACTION_PUSHED_CHILD;
if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
RPEDEBUG("Failed applying item");
REXDENT();
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
REXDENT();
break;
}
- if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL;
+ if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
- call_env->membership_query, NULL) < 0) RETURN_MODULE_FAIL;
+ call_env->membership_query, NULL) < 0) RETURN_UNLANG_FAIL;
autz_ctx->status = SQL_AUTZ_GROUP_MEMB;
return UNLANG_ACTION_PUSHED_CHILD;
}
fr_assert_msg(0, "Invalid status %d in mod_authorize_resume", autz_ctx->status);
}
- if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND;
- RETURN_MODULE_RCODE(autz_ctx->rcode);
+ if (!autz_ctx->user_found) RETURN_UNLANG_NOTFOUND;
+ RETURN_UNLANG_RCODE(autz_ctx->rcode);
}
/** Start of module authorize method
*
* Pushes the tmpl relating to the first required query for evaluation
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
if (!call_env->check_query && !call_env->reply_query && !(inst->config.read_groups && call_env->membership_query)) {
RWDEBUG("No authorization checks configured, returning noop");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) {
error:
talloc_free(autz_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
fr_value_box_list_init(&autz_ctx->query);
return 0;
}
-static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request);
+static unlang_action_t mod_sql_redundant_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request);
/** Resume function called after executing an SQL query in a redundant list of queries.
*
* @param request Current request.
* @return one of the RLM_MODULE_* values.
*/
-static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_sql_redundant_query_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(mctx->rctx, sql_redundant_ctx_t);
sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
* so we do not need to call fr_pool_connection_release.
*/
case RLM_SQL_RECONNECT:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
/*
* Query was invalid, this is a terminal error.
*/
case RLM_SQL_QUERY_INVALID:
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
/*
* Driver found an error (like a unique key constraint violation)
if (numaffected > 0) {
if (inst->query_number_da) {
fr_pair_t *vp;
- if (unlikely(pair_update_control(&vp, inst->query_number_da) < 0)) RETURN_MODULE_FAIL;
+ if (unlikely(pair_update_control(&vp, inst->query_number_da) < 0)) RETURN_UNLANG_FAIL;
vp->vp_uint32 = redundant_ctx->query_no + 1;
RDEBUG2("control.%pP", vp);
}
- RETURN_MODULE_OK; /* A query succeeded, were done! */
+ RETURN_UNLANG_OK; /* A query succeeded, were done! */
}
next:
/*
*/
talloc_free(query_ctx);
redundant_ctx->query_no++;
- if (redundant_ctx->query_no >= talloc_array_length(call_env->query)) RETURN_MODULE_NOOP;
- if (unlang_module_yield(request, mod_sql_redundant_resume, NULL, 0, redundant_ctx) < 0) RETURN_MODULE_FAIL;
- if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, call_env->query[redundant_ctx->query_no], NULL) < 0) RETURN_MODULE_FAIL;
+ if (redundant_ctx->query_no >= talloc_array_length(call_env->query)) RETURN_UNLANG_NOOP;
+ if (unlang_module_yield(request, mod_sql_redundant_resume, NULL, 0, redundant_ctx) < 0) RETURN_UNLANG_FAIL;
+ if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, call_env->query[redundant_ctx->query_no], NULL) < 0) RETURN_UNLANG_FAIL;
RDEBUG2("Trying next query...");
* @param request Current request.
* @return one of the RLM_MODULE_* values.
*/
-static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_sql_redundant_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(mctx->rctx, sql_redundant_ctx_t);
sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
rlm_sql_t const *inst = redundant_ctx->inst;
redundant_ctx->query_vb = fr_value_box_list_pop_head(&redundant_ctx->query);
- if (!redundant_ctx->query_vb) RETURN_MODULE_FAIL;
+ if (!redundant_ctx->query_vb) RETURN_UNLANG_FAIL;
if ((call_env->filename.type == FR_TYPE_STRING) && (call_env->filename.vb_length > 0)) {
rlm_sql_query_log(inst, call_env->filename.vb_strvalue, redundant_ctx->query_vb->vb_strvalue);
* Used for `accounting` and `send` module calls
*
*/
-static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
*/
if (!call_env->query) {
RWARN("No query configured");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
MEM(redundant_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_redundant_ctx_t));
* Otherwise, optionally populate a reply attribute with the value of `limit` - `counter` and return RLM_MODULE_UPDATED.
* If no reply attribute is set, return RLM_MODULE_OK.
*/
-static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
sqlcounter_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, sqlcounter_rctx_t);
rlm_sqlcounter_t *inst = rctx->inst;
REDEBUG2("Rejecting user, %s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")",
inst->limit_attr->name, limit->vp_uint64, counter);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
res = limit->vp_uint64 - counter;
if (fr_value_box_cmp(&vb, &existing) == 1) {
RDEBUG2("Leaving existing %s value of %pV" , env->reply_attr->name,
&vp->data);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
}
break;
case -1: /* alloc failed */
REDEBUG("Error allocating attribute %s", env->reply_attr->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
default: /* request or list unavailable */
RDEBUG2("List or request context not available for %s, skipping...", env->reply_attr->name);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
fr_value_box_cast(vp, &vp->data, vp->data.type, NULL, &vb);
RDEBUG2("%pP", vp);
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/** Check the value of a `counter` retrieved from an SQL query with a `limit`
* the query is tokenized as an xlat call to the relevant SQL module and then
* pushed on the stack for evaluation.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_sqlcounter_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sqlcounter_t);
sqlcounter_call_env_t *env = talloc_get_type_abort(mctx->env_data, sqlcounter_call_env_t);
if (tmpl_find_vp(&limit, request, inst->limit_attr) < 0) {
RWDEBUG2("Couldn't find %s, doing nothing...", inst->limit_attr->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
*/
if (tmpl_find_or_add_vp(&vp, request, inst->start_attr) < 0) {
REDEBUG("Couldn't create %s", inst->start_attr->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
vp->vp_uint64 = fr_time_to_sec(inst->last_reset);
if (tmpl_find_or_add_vp(&vp, request, inst->end_attr) < 0) {
REDEBUG2("Couldn't create %s", inst->end_attr->name);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
vp->vp_uint64 = fr_time_to_sec(inst->reset_time);
if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, rctx) != UNLANG_ACTION_YIELD) {
error:
talloc_free(rctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
fr_value_box_list_init(&rctx->result);
return 0;
}
-#define REPEAT_MOD_ALLOC_RESUME if (unlang_module_yield(request, mod_alloc_resume, NULL, 0, mctx->rctx) < 0) RETURN_MODULE_FAIL
+#define REPEAT_MOD_ALLOC_RESUME if (unlang_module_yield(request, mod_alloc_resume, NULL, 0, mctx->rctx) < 0) RETURN_UNLANG_FAIL
#define SUBMIT_QUERY(_query_str, _new_status, _type, _function) do { \
alloc_ctx->status = _new_status; \
REPEAT_MOD_ALLOC_RESUME; \
* @param request Current request.
* @return One of the UNLANG_ACTION_* values.
*/
-static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_alloc_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
ippool_alloc_ctx_t *alloc_ctx = talloc_get_type_abort(mctx->rctx, ippool_alloc_ctx_t);
ippool_alloc_call_env_t *env = alloc_ctx->env;
/*
* If a previous async call returned one of the "failure" results just return.
*/
- switch (*p_result) {
+ switch (p_result->rcode) {
case RLM_MODULE_USER_SECTION_REJECT:
return UNLANG_ACTION_CALCULATE_RESULT;
if (unlang_tmpl_push(alloc_ctx, &alloc_ctx->values, request, env->existing, NULL) < 0) {
error:
talloc_free(alloc_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return UNLANG_ACTION_PUSHED_CHILD;
}
}
no_address:
RWDEBUG("IP address could not be allocated");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
case IPPOOL_ALLOC_MAKE_PAIR:
{
* NOTFOUND
*/
RWDEBUG("Pool \"%pV\" appears to be full", &env->pool_name);
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
}
/*
*/
RWDEBUG("IP address could not be allocated as no pool exists with the name \"%pV\"",
&env->pool_name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
case IPPOOL_ALLOC_UPDATE:
if (query && query->vb_length) SUBMIT_QUERY(query->vb_strvalue, IPPOOL_ALLOC_UPDATE_RUN, SQL_QUERY_OTHER, query);
{
rlm_rcode_t rcode = alloc_ctx->rcode;
talloc_free(alloc_ctx);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
}
* All return paths are handled within the switch statement.
*/
fr_assert(0);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/** Initiate the allocation of an IP address from the pool.
* @param request Current request.
* @return One of the UNLANG_ACTION_* values.
*/
-static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_alloc(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_sqlippool_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sqlippool_t);
ippool_alloc_call_env_t *env = talloc_get_type_abort(mctx->env_data, ippool_alloc_call_env_t);
*/
if (env->allocated_address.type) {
RDEBUG2("%s already exists (%pV)", env->allocated_address_attr->name, &env->allocated_address);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (env->pool_name.type == FR_TYPE_NULL) {
RDEBUG2("No %s defined", env->pool_name_tmpl->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
MEM(alloc_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), ippool_alloc_ctx_t));
fr_value_box_list_init(&alloc_ctx->values);
if (unlikely(unlang_module_yield(request, mod_alloc_resume, NULL, 0, alloc_ctx) != UNLANG_ACTION_YIELD)) {
talloc_free(alloc_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if ((env->begin.type == FR_TYPE_STRING) && env->begin.vb_length) {
/** Resume function called after mod_common "update" query has completed
*/
-static unlang_action_t mod_common_update_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t mod_common_update_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
ippool_common_ctx_t *common_ctx = talloc_get_type_abort(mctx->rctx, ippool_common_ctx_t);
fr_sql_query_t *query_ctx = common_ctx->query_ctx;
rlm_sql_t const *sql = common_ctx->sql;
int affected = 0;
- switch (*p_result) {
+ switch (p_result->rcode) {
case RLM_MODULE_USER_SECTION_REJECT:
return UNLANG_ACTION_CALCULATE_RESULT;
talloc_free(common_ctx);
- if (affected > 0) RETURN_MODULE_UPDATED;
- RETURN_MODULE_NOTFOUND;
+ if (affected > 0) RETURN_UNLANG_UPDATED;
+ RETURN_UNLANG_NOTFOUND;
}
/** Resume function called after mod_common "free" query has completed
*/
-static unlang_action_t mod_common_free_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_common_free_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
ippool_common_ctx_t *common_ctx = talloc_get_type_abort(mctx->rctx, ippool_common_ctx_t);
fr_sql_query_t *query_ctx = common_ctx->query_ctx;
rlm_sql_t const *sql = common_ctx->sql;
- switch (*p_result) {
+ switch (p_result->rcode) {
case RLM_MODULE_USER_SECTION_REJECT:
return UNLANG_ACTION_CALCULATE_RESULT;
default:
break;
}
- if (common_ctx->env->update.type != FR_TYPE_STRING) RETURN_MODULE_NOOP;
+ if (common_ctx->env->update.type != FR_TYPE_STRING) RETURN_UNLANG_NOOP;
sql->driver->sql_finish_query(query_ctx, &sql->config);
if (unlikely(unlang_module_yield(request, mod_common_update_resume, NULL, 0, common_ctx) != UNLANG_ACTION_YIELD)) {
talloc_free(common_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
common_ctx->query_ctx->query_str = common_ctx->env->update.vb_strvalue;
* - bulk_release
* - mark
*/
-static unlang_action_t CC_HINT(nonnull) mod_common(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_common(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_sqlippool_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sqlippool_t);
ippool_common_call_env_t *env = talloc_get_type_abort(mctx->env_data, ippool_common_call_env_t);
rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(sql->mi)->data, rlm_sql_thread_t);
ippool_common_ctx_t *common_ctx = NULL;
- if ((env->free.type != FR_TYPE_STRING) && (env->update.type != FR_TYPE_STRING)) RETURN_MODULE_NOOP;
+ if ((env->free.type != FR_TYPE_STRING) && (env->update.type != FR_TYPE_STRING)) RETURN_UNLANG_NOOP;
MEM(common_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), ippool_common_ctx_t));
*common_ctx = (ippool_common_ctx_t) {
common_ctx->query_ctx->query_str = env->free.vb_strvalue;
if (unlikely(unlang_module_yield(request, mod_common_free_resume, NULL, 0, common_ctx) != UNLANG_ACTION_YIELD)) {
talloc_free(common_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_function_push(NULL, request, sql->query, NULL, NULL, 0, UNLANG_SUB_FRAME, common_ctx->query_ctx);
}
if (unlikely(unlang_module_yield(request, mod_common_update_resume, NULL, 0, common_ctx) != UNLANG_ACTION_YIELD)) {
talloc_free(common_ctx);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
return unlang_function_push(NULL, request, sql->query, NULL, NULL, 0, UNLANG_SUB_FRAME, common_ctx->query_ctx);
}
}
-static unlang_action_t CC_HINT(nonnull) mod_stats_inc(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_stats_inc(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_stats_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_stats_t);
rlm_stats_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_stats_thread_t);
if (request->proto_dict != dict_radius) {
RWARN("%s can only be called in RADIUS virtual servers", mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
src_code = request->packet->code;
*/
if (fr_time_gt(fr_time_add(t->last_global_update, fr_time_delta_wrap(NSEC)), request->async->recv_time)) {
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
t->last_global_update = request->async->recv_time;
}
pthread_mutex_unlock(&inst->mutable->mutex);
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
/*
* Do the statistics
*/
-static unlang_action_t CC_HINT(nonnull) mod_stats_read(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_stats_read(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_stats_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_stats_t);
rlm_stats_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_stats_thread_t);
if (request->proto_dict != dict_radius) {
RWARN("%s can only be called in RADIUS virtual servers", mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
* Ignore "authenticate" and anything other than Status-Server
*/
if ((request->packet->code != FR_RADIUS_CODE_STATUS_SERVER)) {
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_type);
case FR_TYPE_VALUE_CLIENT: /* src */
vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv4_address);
if (!vp) vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv6_address);
- if (!vp) RETURN_MODULE_NOOP;
+ if (!vp) RETURN_UNLANG_NOOP;
mydata.ipaddr = vp->vp_ip;
coalesce(local_stats, t, offsetof(rlm_stats_thread_t, src), &mydata);
case FR_TYPE_VALUE_LISTENER: /* dst */
vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv4_address);
if (!vp) vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv6_address);
- if (!vp) RETURN_MODULE_NOOP;
+ if (!vp) RETURN_UNLANG_NOOP;
mydata.ipaddr = vp->vp_ip;
coalesce(local_stats, t, offsetof(rlm_stats_thread_t, dst), &mydata);
default:
REDEBUG("Invalid value '%d' for FreeRADIUS-Stats4-type", stats_type);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (vp ) {
vp->vp_uint64 = local_stats[i];
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
*
* @copyright 2023 Network RADIUS SAS (legal@networkradius.com)
*/
+#include "lib/unlang/action.h"
RCSID("$Id$")
#include <freeradius-devel/io/application.h>
/** Send packets outbound.
*
*/
-static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_tacacs_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_tacacs_t);
- rlm_rcode_t rcode;
unlang_action_t ua;
void *rctx = NULL;
if (!FR_TACACS_PACKET_CODE_VALID(request->packet->code)) {
REDEBUG("Invalid packet code %d", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if (!inst->allowed[request->packet->code]) {
REDEBUG("Packet code %s is disallowed by the configuration",
fr_tacacs_packet_names[request->packet->code]);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* return another code which indicates what happened to
* the request...
*/
- ua = inst->io->enqueue(&rcode, &rctx, inst->io_submodule->data,
+ ua = inst->io->enqueue(p_result, &rctx, inst->io_submodule->data,
module_thread(inst->io_submodule)->data, request);
if (ua != UNLANG_ACTION_YIELD) {
fr_assert(rctx == NULL);
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
return unlang_module_yield(request, inst->io->resume, mod_tacacs_signal, 0, rctx);
/** Enqueue a request_t to an IO submodule
*
*/
-typedef unlang_action_t (*rlm_tacacs_io_enqueue_t)(rlm_rcode_t *p_result, void **rctx, void *instance, void *thread, request_t *request);
+typedef unlang_action_t (*rlm_tacacs_io_enqueue_t)(unlang_result_t *p_result, void **rctx, void *instance, void *thread, request_t *request);
/** Public structure describing an I/O path for an outgoing socket.
*
/** Resume execution of the request, returning the rcode set during trunk execution
*
*/
-static unlang_action_t mod_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t mod_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
udp_result_t *r = talloc_get_type_abort(mctx->rctx, udp_result_t);
rlm_rcode_t rcode = r->rcode;
talloc_free(r);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
static void mod_signal(module_ctx_t const *mctx, UNUSED request_t *request, fr_signal_t action)
}
#endif
-static unlang_action_t mod_enqueue(rlm_rcode_t *p_result, void **rctx_out, UNUSED void *instance, void *thread, request_t *request)
+static unlang_action_t mod_enqueue(unlang_result_t *p_result, void **rctx_out, UNUSED void *instance, void *thread, request_t *request)
{
udp_thread_t *t = talloc_get_type_abort(thread, udp_thread_t);
udp_result_t *r;
fr_assert(FR_TACACS_PACKET_CODE_VALID(request->packet->code));
treq = trunk_request_alloc(t->trunk, request);
- if (!treq) RETURN_MODULE_FAIL;
+ if (!treq) RETURN_UNLANG_FAIL;
MEM(r = talloc_zero(request, udp_result_t));
#ifndef NDEBUG
trunk_request_free(&treq); /* Return to the free list */
fail:
talloc_free(r);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_test_thread_t *t = mctx->thread;
REXDENT();
REDEBUG4("RDEBUG4 error message");
- if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Authenticate the user with the given password.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
rlm_test_thread_t *t = mctx->thread;
- if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Massage the request before recording it or proxying it
*/
-static unlang_action_t CC_HINT(nonnull) mod_preacct(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_preacct(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
rlm_test_thread_t *t = mctx->thread;
- if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Write accounting information to this modules database.
*/
-static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request)
{
rlm_test_thread_t *t = mctx->thread;
- if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL;
+ if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Write accounting information to this modules database.
*/
-static unlang_action_t CC_HINT(nonnull) mod_return(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_return(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request)
{
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static void mod_retry_signal(module_ctx_t const *mctx, request_t *request, fr_signal_t action);
/** Continue after marked runnable
*
*/
-static unlang_action_t mod_retry_resume(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_retry_resume(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
RDEBUG("Test called main retry handler - that's a failure");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/** Continue after FR_SIGNAL_RETRY
*
*/
-static unlang_action_t mod_retry_resume_retry(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_retry_resume_retry(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
RDEBUG("Test retry");
/** Continue after FR_SIGNAL_TIMEOUT
*
*/
-static unlang_action_t mod_retry_resume_timeout(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_retry_resume_timeout(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
RDEBUG("Test timed out as expected");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static void mod_retry_signal(UNUSED module_ctx_t const *mctx, request_t *request, fr_signal_t action)
/*
* Test retries
*/
-static unlang_action_t CC_HINT(nonnull) mod_retry(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_retry(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
return unlang_module_yield(request, mod_retry_resume, mod_retry_signal, 0, NULL);
}
/*
* Do the authentication
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_totp_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, rlm_totp_call_env_t);
rlm_totp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_totp_t);
uint8_t buffer[80]; /* multiple of 5*8 characters */
time_t now;
- if (fr_type_is_null(user_password->type)) RETURN_MODULE_NOOP;
+ if (fr_type_is_null(user_password->type)) RETURN_UNLANG_NOOP;
if (user_password->vb_length == 0) {
RWARN("TOTP.From-User is empty");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
if ((user_password->vb_length != 6) && (user_password->vb_length != 8)) {
RWARN("TOTP.From-User has incorrect length. Expected 6 or 8, got %zu", user_password->vb_length);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
/*
} else {
ssize_t len;
- if (fr_type_is_null(secret->type)) RETURN_MODULE_NOOP;
+ if (fr_type_is_null(secret->type)) RETURN_UNLANG_NOOP;
len = fr_base32_decode(&FR_DBUFF_TMP((uint8_t *) buffer, sizeof(buffer)), &FR_SBUFF_IN(secret->vb_strvalue, secret->vb_length), true, true);
if (len < 0) {
RERROR("TOTP.Secret cannot be decoded");
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
our_key = buffer;
switch (fr_totp_cmp(&inst->totp, request, now, our_key, our_keylen, user_password->vb_strvalue)) {
case 0:
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
case -2:
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
default:
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
}
* Pull the users password from where-ever, and add it to
* the given vp list.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
char const *name;
char const *encrypted_pass;
* a User-Name attribute.
*/
username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
- if (!username) RETURN_MODULE_NOOP;
+ if (!username) RETURN_UNLANG_NOOP;
name = username->vp_strvalue;
encrypted_pass = NULL;
if ((pwd = getpwnam(name)) == NULL) {
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
}
encrypted_pass = pwd->pw_passwd;
*/
if ((!encrypted_pass) || (strlen(encrypted_pass) < 10)) {
if ((spwd = getspnam(name)) == NULL) {
- RETURN_MODULE_NOTFOUND;
+ RETURN_UNLANG_NOTFOUND;
}
encrypted_pass = spwd->sp_pwdp;
}
*/
if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) {
REDEBUG("Invalid shell", name);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
#endif
endusershell();
if (!shell) {
REDEBUG("[%s]: invalid shell [%s]", name, pwd->pw_shell);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
#endif
if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
(fr_time_to_sec(request->packet->timestamp) / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
REDEBUG("[%s]: password has expired", name);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
/*
* Check if account has expired.
if (spwd && spwd->sp_expire > 0 &&
(fr_time_to_sec(request->packet->timestamp) / 86400) > spwd->sp_expire) {
REDEBUG("[%s]: account has expired", name);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
#endif
if ((pwd->pw_expire > 0) &&
(fr_time_to_sec(request->packet->timestamp) > pwd->pw_expire)) {
REDEBUG("[%s]: password has expired", name);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
#endif
* FIXME: Maybe add Auth-Type := Accept?
*/
if (encrypted_pass[0] == 0)
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
MEM(pair_update_control(&vp, attr_crypt_password) >= 0);
fr_pair_value_strdup(vp, encrypted_pass, false);
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
/*
* Reject any non-UTF8 data.
*/
-static unlang_action_t CC_HINT(nonnull) mod_utf8_clean(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_utf8_clean(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
size_t i, len;
for (i = 0; i < vp->vp_length; i += len) {
len = fr_utf8_char(&vp->vp_octets[i], -1);
- if (len == 0) RETURN_MODULE_FAIL;
+ if (len == 0) RETURN_UNLANG_FAIL;
}
}
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
fr_pair_t *vp;
}
DEBUG2("Fixing WiMAX binary Calling-Station-Id to %pV", &vp->data);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
* Massage the request before recording it or proxying it
*/
-static unlang_action_t CC_HINT(nonnull) mod_preacct(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_preacct(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
return mod_authorize(p_result, mctx, request);
}
/*
* Generate the keys after the user has been authenticated.
*/
-static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_wimax_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_wimax_t);
fr_pair_t *msk, *emsk, *vp;
emsk = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_emsk);
if (!msk || !emsk) {
REDEBUG2("No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys");
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/*
EVP_MD_CTX_free(hmac_ctx);
EVP_PKEY_free(hmac_pkey);
- RETURN_MODULE_UPDATED;
+ RETURN_UNLANG_UPDATED;
}
/*
* @param[in] mctx Module instance data.
* @param[in] request The current request.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_winbind_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_winbind_t);
winbind_autz_call_env_t *env = talloc_get_type_abort(mctx->env_data, winbind_autz_call_env_t);
if (!vp) {
REDEBUG2("No %s found in the request; not doing winbind authentication.",
tmpl_attr_tail_da(env->password)->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup Winbind authentication",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
- if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP;
+ if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
* @param[in] mctx Module instance data.
* @param[in] request The current request
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
winbind_auth_call_env_t *env = talloc_get_type_abort(mctx->env_data, winbind_auth_call_env_t);
rlm_winbind_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_winbind_thread_t);
*/
if (env->password.vb_length == 0) {
REDEBUG("User-Password must not be empty");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
/*
*/
if (do_auth_wbclient_pap(request, env, t) == 0) {
RDEBUG2("User authenticated successfully using winbind");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
static const call_env_method_t winbind_autz_method_env = {
* @param[in] request The current request.
* @param[in] passcode string to decrypt.
*/
-unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, char const *passcode)
+unlang_action_t rlm_yubikey_decrypt(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *passcode)
{
rlm_yubikey_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_yubikey_t);
uint32_t counter, timestamp;
key = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_yubikey_key);
if (!key) {
REDEBUG("Yubikey-Key attribute not found in control list, can't decrypt OTP data");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
if (key->vp_length != YUBIKEY_KEY_SIZE) {
REDEBUG("Yubikey-Key length incorrect, expected %u got %zu", YUBIKEY_KEY_SIZE, key->vp_length);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
yubikey_parse((uint8_t const *) passcode + inst->id_len, key->vp_octets, &token);
*/
if (!yubikey_crc_ok_p((uint8_t *) &token)) {
REDEBUG("Decrypting OTP token data failed, rejecting");
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
RDEBUG2("Token data decrypted successfully");
vp = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_yubikey_counter);
if (!vp) {
RWDEBUG("Yubikey-Counter not found in control list, skipping replay attack checks");
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
if (counter <= vp->vp_uint32) {
REDEBUG("Replay attack detected! Counter value %u, is lt or eq to last known counter value %u",
counter, vp->vp_uint32);
- RETURN_MODULE_REJECT;
+ RETURN_UNLANG_REJECT;
}
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
#endif
* @copyright 2013 The FreeRADIUS server project
* @copyright 2013 Network RADIUS (legal@networkradius.com)
*/
+#include "lib/server/rcode.h"
+#include "lib/unlang/action.h"
RCSID("$Id$")
#include <freeradius-devel/radius/radius.h>
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_yubikey_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_yubikey_t);
char const *passcode;
RDEBUG2("No cleartext password in the request. Can't do Yubikey authentication");
}
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
passcode = password->vp_strvalue;
if (len < (inst->id_len + YUBIKEY_TOKEN_LEN)) {
RDEBUG2("User-Password value is not the correct length, expected at least %u bytes, got %zu bytes",
inst->id_len + YUBIKEY_TOKEN_LEN, len);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
password_len = (len - (inst->id_len + YUBIKEY_TOKEN_LEN));
} else {
RDEBUG2("User-Password (aes-block) value contains non modhex chars");
}
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
/* May be a concatenation, check the last 32 bytes are modhex */
if (!inst->auth_type) {
WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup Yubikey authentication",
mctx->mi->name, mctx->mi->name);
- RETURN_MODULE_NOOP;
+ RETURN_UNLANG_NOOP;
}
- if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP;
+ if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP;
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
/*
* Authenticate the user with the given password.
*/
-static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_yubikey_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_yubikey_t);
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
char const *passcode = NULL;
- fr_pair_t const *vp;
+ fr_pair_t const *vp;
size_t len;
int ret;
+ p_result->rcode = RLM_MODULE_NOOP;
+
vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_yubikey_otp);
if (!vp) {
RDEBUG2("No Yubikey-OTP attribute found, falling back to User-Password");
vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_password);
if (!vp) {
REDEBUG("No User-Password in the request. Can't do Yubikey authentication");
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
}
if (len != (inst->id_len + YUBIKEY_TOKEN_LEN)) {
REDEBUG("%s value is not the correct length, expected bytes %u, got bytes %zu",
vp->da->name, inst->id_len + YUBIKEY_TOKEN_LEN, len);
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
ret = otp_string_valid(inst, passcode, (inst->id_len + YUBIKEY_TOKEN_LEN));
} else {
RERROR("Passcode (aes-block) value contains non modhex chars");
}
- RETURN_MODULE_INVALID;
+ RETURN_UNLANG_INVALID;
}
#ifdef HAVE_YUBIKEY
if (inst->decrypt) {
- rlm_yubikey_decrypt(&rcode, mctx, request, passcode);
- if (rcode != RLM_MODULE_OK) RETURN_MODULE_RCODE(rcode);
+ rlm_yubikey_decrypt(p_result, mctx, request, passcode);
+ if (p_result->rcode != RLM_MODULE_OK) return UNLANG_ACTION_CALCULATE_RESULT;
/* Fall-Through to doing ykclient auth in addition to local auth */
}
#endif
#ifdef HAVE_YKCLIENT
if (inst->validate) return rlm_yubikey_validate(p_result, mctx, request, passcode);
#endif
- RETURN_MODULE_RCODE(rcode);
+ return UNLANG_ACTION_CALCULATE_RESULT;
}
/*
/*
* decrypt.c - Decryption functions
*/
-unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+unlang_action_t rlm_yubikey_decrypt(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request, char const *passcode);
/*
int rlm_yubikey_ykclient_detach(rlm_yubikey_t *inst);
-unlang_action_t rlm_yubikey_validate(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+unlang_action_t rlm_yubikey_validate(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request, char const *passcode);
extern HIDDEN fr_dict_attr_t const *attr_auth_type;
return 0;
}
-unlang_action_t rlm_yubikey_validate(rlm_rcode_t *p_result, module_ctx_t const *mctx,
+unlang_action_t rlm_yubikey_validate(unlang_result_t *p_result, module_ctx_t const *mctx,
request_t *request, char const *passcode)
{
rlm_yubikey_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_yubikey_t);
ykclient_handle_t *yandle;
yandle = fr_pool_connection_get(inst->pool, request);
- if (!yandle) RETURN_MODULE_FAIL;
+ if (!yandle) RETURN_UNLANG_FAIL;
/*
* The libcurl multi-handle interface will tear down the TCP sockets for any partially completed
fr_pool_connection_release(inst->pool, request, yandle);
- RETURN_MODULE_RCODE(rcode);
+ RETURN_UNLANG_RCODE(rcode);
}
#endif
}
}
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
arp_packet_debug(request, request->packet, &request->request_pairs, true);
},
};
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
bfd_wrapper_t const *wrapper;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
bfd_packet_debug(request, request->packet, &request->request_pairs, true);
{ NULL }
};
-static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request)
{
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
extern fr_process_module_t process_control;
},
};
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
dhcpv4_packet_debug(request, request->packet, &request->request_pairs, true);
PROCESS_TRACE;
- if (dhcpv6_client_fields_store(request, rctx, false) < 0) RETURN_MODULE_INVALID;
+ if (dhcpv6_client_fields_store(request, rctx, false) < 0) RETURN_UNLANG_INVALID;
UPDATE_STATE_CS(packet);
PROCESS_TRACE;
- if (dhcpv6_client_fields_store(request, rctx, true) < 0) RETURN_MODULE_INVALID;
+ if (dhcpv6_client_fields_store(request, rctx, true) < 0) RETURN_UNLANG_INVALID;
UPDATE_STATE_CS(packet);
*/
if (unlikely(restore_field(request, &fields->transaction_id) < 0)) {
fail:
- *p_result = RLM_MODULE_FAIL;
+ p_result->rcode = RLM_MODULE_FAIL;
return CALL_RESUME(send_generic);
}
if (unlikely(restore_field_list(request, &fields->client_id) < 0)) goto fail;
process_dhcpv6_relay_fields_t *rctx = NULL;
rctx = dhcpv6_relay_fields_store(request);
- if (!rctx) RETURN_MODULE_INVALID;
+ if (!rctx) RETURN_UNLANG_INVALID;
UPDATE_STATE_CS(packet);
*/
if (unlikely(restore_field(request, &fields->hop_count) < 0)) {
fail:
- *p_result = RLM_MODULE_FAIL;
+ p_result->rcode = RLM_MODULE_FAIL;
return CALL_RESUME(send_generic);
}
if (unlikely(restore_field(request, &fields->link_address) < 0)) goto fail;
/** Main dispatch function
*
*/
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
dhcpv6_packet_debug(request, request->packet, &request->request_pairs, true);
PROCESS_TRACE;
rctx = dns_fields_store(request);
- if (!rctx) RETURN_MODULE_INVALID;
+ if (!rctx) RETURN_UNLANG_INVALID;
return CALL_RECV_RCTX(generic, rctx);
}
dns_rcode_add(&rcode, request, state->dns_rcode[RESULT_RCODE]);
#ifdef __clang_analyzer__
- if (!rcode) RETURN_MODULE_FAIL;
+ if (!rcode) RETURN_UNLANG_FAIL;
#endif
/*
/** Entry point into the state machine
*/
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
dns_packet_debug(request, request->packet, &request->request_pairs, true);
#include <freeradius-devel/server/process.h>
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
// @todo - send canned responses like in v3?
RECV(status_server)
{
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
RESUME(status_server)
{
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
#endif
return CALL_RESUME(send_generic);
}
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
radius_packet_debug(request, request->packet, &request->request_pairs, true);
NULL, 0, mctx->rctx);
}
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
// @todo - debug stuff!
},
};
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
},
};
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
return CALL_RESUME(send_generic);
}
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
}
}
-static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
+static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
{
fr_process_state_t const *state;
if (!state->recv) {
REDEBUG("Invalid packet type (%u)", request->packet->code);
- RETURN_MODULE_FAIL;
+ RETURN_UNLANG_FAIL;
}
vmps_packet_debug(request, request->packet, &request->request_pairs, true);
static rlm_rcode_t test_process(UNUSED void const *instance, request_t *request, fr_io_action_t action)
{
MPRINT1("\t\tPROCESS --- request %"PRIu64" action %d\n", request->number, action);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static rlm_rcode_t test_process(UNUSED void const *instance, request_t *request, fr_io_action_t action)
{
MPRINT1("\t\tPROCESS --- request %"PRIu64" action %d\n", request->number, action);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static int test_decode(void const *instance, request_t *request, uint8_t *const data, size_t data_len)
static rlm_rcode_t test_process(UNUSED void const *inst, request_t *request, fr_io_action_t action)
{
MPRINT1("\t\tPROCESS --- request %"PRIu64" action %d\n", request->number, action);
- RETURN_MODULE_OK;
+ RETURN_UNLANG_OK;
}
static int test_decode(UNUSED void const *instance, request_t *request, uint8_t *const data, size_t data_len)
projects / thirdparty / freeradius-server.git / commitdiff
