if (!found) found = reply;
if (reply->code == FR_DHCP_OFFER) {
- fr_pair_t *vp1 = fr_pair_find_by_da(&reply_vps, attr_dhcp_dhcp_server_identifier, 0);
- fr_pair_t *vp2 = fr_pair_find_by_da(&reply_vps, attr_dhcp_your_ip_address, 0);
+ fr_pair_t *vp1 = fr_pair_find_by_da_idx(&reply_vps, attr_dhcp_dhcp_server_identifier, 0);
+ fr_pair_t *vp2 = fr_pair_find_by_da_idx(&reply_vps, attr_dhcp_your_ip_address, 0);
if (vp1 && vp2) {
nb_offer++;
if (request->password) {
fr_pair_t *vp;
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0)) != NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0)) != NULL) {
fr_pair_value_strdup(vp, request->password->vp_strvalue, false);
- } else if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) != NULL) {
+ } else if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_password, 0)) != NULL) {
uint8_t buffer[17];
fr_pair_t *challenge;
uint8_t const *vector;
* Use Chap-Challenge pair if present,
* Request Authenticator otherwise.
*/
- challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0);
+ challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_challenge, 0);
if (challenge && (challenge->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) {
vector = challenge->vp_octets;
} else {
request->password->vp_length);
fr_pair_value_memdup(vp, buffer, sizeof(buffer), false);
- } else if (fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_password, 0) != NULL) {
+ } else if (fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_password, 0) != NULL) {
mschapv1_encode(request->packet, &request->request_pairs, request->password->vp_strvalue);
} else {
fr_pair_t *vp;
for (i = 0; i < conf->list_da_num; i++) {
- vp = fr_pair_find_by_da(list, conf->list_da[i], 0);
+ vp = fr_pair_find_by_da_idx(list, conf->list_da[i], 0);
if (vp && (vp->vp_length > 0)) {
if (conf->list_da[i]->type == FR_TYPE_STRING) {
ssize_t slen;
struct iovec io_vector[2];
char newline[] = "\n";
- vp = fr_pair_find_by_da(head, error, 0);
+ vp = fr_pair_find_by_da_idx(head, error, 0);
if (!vp) {
if (write(fd, "DONE\n", 5) < 0) {
fr_strerror_printf("Failed writing set response: %s", fr_syserror(errno));
*/
fr_pair_list_tainted(&request->request_pairs);
- vp = fr_pair_find_by_da(&request->request_pairs, attr_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_packet_type, 0);
if (!vp) {
fr_strerror_printf("Input packet does not specify a Packet-Type");
goto error;
fr_pair_t *vp;
CONF_SECTION *server_cs;
- vp = fr_pair_find_by_da(&request->control_pairs, attr_virtual_server, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_virtual_server, 0);
server_cs = vp ? virtual_server_find(vp->vp_strvalue) : virtual_server_find(virtual_server);
if (server_cs) {
* Set the response code. Default to "fail" if none was
* specified.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_chbind_response_code, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_chbind_response_code, 0);
if (vp) {
ptr[0] = vp->vp_uint32;
} else {
* Don't add a Message-Authenticator if
* it's already there.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_message_authenticator, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_message_authenticator, 0);
if (!vp) {
static uint8_t auth_vector[RADIUS_AUTH_VECTOR_LENGTH] = { 0x00 };
fr_pair_t *vp;
fr_pair_t *eap_msg;
- eap_msg = fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0);
+ eap_msg = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_message, 0);
if (!eap_msg) {
RDEBUG2("No EAP-Message, not doing EAP");
return RLM_MODULE_NOOP;
* Look for EAP-Type = None (FreeRADIUS specific attribute)
* this allows you to NOT do EAP for some users.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_type, 0);
if (vp && vp->vp_uint32 == 0) {
RDEBUG2("Found EAP-Message, but EAP-Type = None, so we're not doing EAP");
return RLM_MODULE_NOOP;
* Type-Data field of the EAP-Response/Identity in the User-Name
* attribute in every subsequent Access-Request.
*/
- user = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ user = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (!user) {
/*
* NAS did not set the User-Name
* It might be too big for putting into an
* EAP packet.
*/
- vp = fr_pair_find_by_child_num(to_encode, fr_dict_root(dict_eap_aka_sim), FR_SUBTYPE, 0);
+ vp = fr_pair_find_by_child_num_idx(to_encode, fr_dict_root(dict_eap_aka_sim), FR_SUBTYPE, 0);
if (!vp) {
REDEBUG("Missing subtype attribute");
return PAIR_ENCODE_FATAL_ERROR;
/*
* Will we need to generate a HMAC?
*/
- if (fr_pair_find_by_child_num(to_encode, fr_dict_root(dict_eap_aka_sim), FR_MAC, 0)) do_hmac = true;
+ if (fr_pair_find_by_child_num_idx(to_encode, fr_dict_root(dict_eap_aka_sim), FR_MAC, 0)) do_hmac = true;
/*
* Fast path, we just need to encode a subtype
* from the virtual server to determine what kind
* of EAP response to send.
*/
- subtype_vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) {
eap_session->this_round->request->code = (rcode == RLM_MODULE_OK) ?
FR_EAP_CODE_SUCCESS : FR_EAP_CODE_FAILURE;
* Figure out if the state machine is
* requesting an ID.
*/
- if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_any_id_req, 0)) ||
- (vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_fullauth_id_req, 0)) ||
- (vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_permanent_id_req, 0))) {
+ if ((vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_any_id_req, 0)) ||
+ (vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_fullauth_id_req, 0)) ||
+ (vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_permanent_id_req, 0))) {
RDEBUG2("Sending EAP-Request/%pV (%s)", &subtype_vp->data, vp->da->name);
} else {
RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data);
* it should have used that.
*/
case FR_SUBTYPE_VALUE_AKA_CHALLENGE:
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_bidding, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_bidding, 0);
/*
* Explicit NO
/*
* Extra data to append to the packet when signing.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_hmac_extra_request, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_hmac_extra_request, 0);
if (vp) {
request_hmac_extra = vp->vp_octets;
request_hmac_extra_len = vp->vp_length;
* Extra data to append to the response packet when
* validating the signature.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_hmac_extra_response, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_hmac_extra_response, 0);
if (vp) {
fr_assert(!mod_session->response_hmac_extra);
MEM(mod_session->response_hmac_extra = talloc_memdup(mod_session,
/*
* Key we use for encrypting and decrypting attributes.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_k_encr, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_k_encr, 0);
if (vp) {
fr_assert(!mod_session->ctx.k_encr);
MEM(mod_session->ctx.k_encr = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
/*
* Key we use for signing and validating mac values.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_k_aut, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_k_aut, 0);
if (vp) {
fr_assert(!mod_session->ctx.k_aut);
MEM(mod_session->ctx.k_aut = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length));
log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->request_pairs, NULL);
}
- subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) {
REDEBUG2("Missing Sub-Type"); /* Let the state machine enter the right state */
break;
{
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_client_error_code, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_client_error_code, 0);
if (!vp) {
REDEBUG("Peer has not supplied a AT_ERROR_CODE");
} else {
* done by the calling module, we just check
* the result.
*/
- our_checkcode = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_checkcode, 0);
+ our_checkcode = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_checkcode, 0);
if (our_checkcode) {
/*
* If the peer doesn't include a checkcode then that
* means they don't support it, and we can't validate
* their view of the identity packets.
*/
- peer_checkcode = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_checkcode, 0);
+ peer_checkcode = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_checkcode, 0);
if (peer_checkcode) {
if (fr_pair_cmp(peer_checkcode, our_checkcode) == 0) {
RDEBUG2("Received AT_CHECKCODE matches calculated AT_CHECKCODE");
* done by the calling module, we just check
* the result.
*/
- our_mac = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_mac, 0);
+ our_mac = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_mac, 0);
if (!our_mac) {
REDEBUG("Missing &control.%s", attr_eap_aka_sim_mac->name);
return -1;
* means they don't support it, and we can't validate
* their view of the identity packets.
*/
- peer_mac = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_mac, 0);
+ peer_mac = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_mac, 0);
if (!peer_mac) {
REDEBUG("Peer didn't include AT_MAC");
return -1;
* find a next_reauth_id pair in the
* reply list.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_next_reauth_id, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_next_reauth_id, 0);
if (vp) {
/*
* Generate a random fastauth string
* state increment by 1, otherwise, add the
* attribute and set to zero.
*/
- vp = fr_pair_find_by_da(&request->session_state_pairs, attr_eap_aka_sim_counter, 0);
+ vp = fr_pair_find_by_da_idx(&request->session_state_pairs, attr_eap_aka_sim_counter, 0);
if (vp) {
vp->vp_uint16++;
/*
unlang_interpret_stack_result_set(request, RLM_MODULE_NOOP); /* Needed because we may call resume functions directly */
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_next_pseudonym, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_next_pseudonym, 0);
if (vp) {
/*
* Generate a random pseudonym string
/*
* Check that we got an AT_SELECTED_VERSION
*/
- selected_version_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_selected_version, 0);
+ selected_version_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_selected_version, 0);
if (!selected_version_vp) {
REDEBUG("EAP-Response/SIM/Start does not contain AT_SELECTED_VERSION");
return -1;
/*
* Copy nonce_mt to the keying material
*/
- nonce_mt_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_nonce_mt, 0);
+ nonce_mt_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_nonce_mt, 0);
if (!nonce_mt_vp) {
REDEBUG("EAP-Response/SIM/Start does not contain AT_NONCE_MT");
return -1;
eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->instance, eap_aka_sim_process_conf_t);
fr_pair_t *subtype_vp = NULL;
- subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) goto fail;
switch (subtype_vp->vp_uint16) {
* - FR_NOTIFICATION_VALUE_NOT_SUBSCRIBED
* User has not subscribed to the requested service.
*/
- notification_vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_notification, 0);
+ notification_vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_notification, 0);
/*
* Keep Notification, but remove everything else...
* clear out reauth information and enter the
* challenge state.
*/
- if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_counter_too_small, 0)) {
+ if (fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_counter_too_small, 0)) {
RWDEBUG("Peer sent AT_COUNTER_TOO_SMALL (indicating our AT_COUNTER value (%u) wasn't fresh)",
eap_aka_sim_session->keys.reauth.counter);
* RFC 4187 Section #6.2. Result Indications
*/
if (eap_aka_sim_session->send_result_ind) {
- if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
RDEBUG("We wanted to use protected result indications, but peer does not");
eap_aka_sim_session->send_result_ind = false;
} else {
return STATE_TRANSITION(common_success_notification);
}
- } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ } else if (fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
RDEBUG("Peer wanted to use protected result indications, but we do not");
}
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
fr_pair_t *subtype_vp = NULL;
- subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) {
REDEBUG("Missing AT_SUBTYPE");
goto fail;
* Not seen any doing this for re-authentication
* but you never know...
*/
- kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0);
+ kdf_id = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0);
if (kdf_id) {
crypto_identity_set(request, eap_aka_sim_session,
(uint8_t const *)kdf_id->vp_strvalue, kdf_id->vp_length);
*
* Use our default, but allow user override too.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0);
if (vp) eap_aka_sim_session->send_result_ind = vp->vp_bool;
/*
* We couldn't generate an SQN and the user didn't provide one,
* so we need to fail.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_sim_sqn, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_sim_sqn, 0);
if (!vp) {
REDEBUG("No &control.SQN value provided after resynchronisation, cannot continue");
goto failure;
*/
if (checkcode_validate(request) < 0) goto failure;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_res, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_res, 0);
if (!vp) {
REDEBUG("AT_RES missing from challenge response");
goto failure;
* RFC 4187 Section #6.2. Result Indications
*/
if (eap_aka_sim_session->send_result_ind) {
- if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
RDEBUG("We wanted to use protected result indications, but peer does not");
eap_aka_sim_session->send_result_ind = false;
} else {
return STATE_TRANSITION(common_success_notification);
}
- } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ } else if (fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
RDEBUG("Peer wanted to use protected result indications, but we do not");
}
fr_pair_t *subtype_vp = NULL;
fr_pair_t *vp;
- subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) {
REDEBUG("Missing AT_SUBTYPE");
goto fail;
eap_aka_sim_session->allow_encrypted = false;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_auts, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_auts, 0);
if (!vp) {
REDEBUG("EAP-Response/AKA-Synchronisation-Failure missing AT_AUTS");
failure:
* implement RFC 4187 correctly and use the
* wrong identity as input the the PRF/KDF.
*/
- kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0);
+ kdf_id = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0);
if (kdf_id) {
crypto_identity_set(request, eap_aka_sim_session,
(uint8_t const *)kdf_id->vp_strvalue, kdf_id->vp_length);
* Copy the network name the user specified for
* key derivation purposes.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_kdf_input, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_kdf_input, 0);
if (vp) {
talloc_free(eap_aka_sim_session->keys.network);
eap_aka_sim_session->keys.network = talloc_memdup(eap_aka_sim_session,
*
* Use our default, but allow user override too.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0);
if (vp) eap_aka_sim_session->send_result_ind = vp->vp_bool;
/*
* and send it to the peer.
*/
if (inst->network_name &&
- !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_kdf_input, 0)) {
+ !fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_kdf_input, 0)) {
MEM(pair_append_reply(&vp, attr_eap_aka_sim_kdf_input) >= 0);
fr_pair_value_bstrdup_buffer(vp, inst->network_name, false);
}
* Set the defaults for protected result indicator
*/
if (eap_aka_sim_session->send_result_ind &&
- !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ !fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0)) {
MEM(pair_append_reply(&vp, attr_eap_aka_sim_result_ind) >= 0);
vp->vp_bool = true;
}
* notification, otherwise send a normal EAP-Success.
*/
if (eap_aka_sim_session->send_result_ind) {
- if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
RDEBUG("We wanted to use protected result indications, but peer does not");
eap_aka_sim_session->send_result_ind = false;
} else {
return STATE_TRANSITION(common_success_notification);
}
- } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ } else if (fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) {
RDEBUG("Peer wanted to use protected result indications, but we do not");
}
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
fr_pair_t *subtype_vp = NULL;
- subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) {
REDEBUG("Missing AT_SUBTYPE");
goto fail;
* implement RFC 4187 correctly and use the
* wrong identity as input the the PRF/KDF.
*/
- kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0);
+ kdf_id = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0);
if (kdf_id) {
crypto_identity_set(request, eap_aka_sim_session,
(uint8_t const *)kdf_id->vp_strvalue, kdf_id->vp_length);
*
* Use our default, but allow user override too.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0);
if (vp) eap_aka_sim_session->send_result_ind = vp->vp_bool;
/*
* Set the defaults for protected result indicator
*/
if (eap_aka_sim_session->send_result_ind &&
- !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0)) {
+ !fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0)) {
MEM(pair_append_reply(&vp, attr_eap_aka_sim_result_ind) >= 0);
vp->vp_bool = true;
}
* If the identity looks like a fast re-auth id
* run fast re-auth, otherwise do fullauth.
*/
- identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type, 0);
+ identity_type = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_identity_type, 0);
if (identity_type) switch (identity_type->vp_uint32) {
case FR_IDENTITY_TYPE_VALUE_FASTAUTH:
return STATE_TRANSITION(common_reauthentication);
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
fr_pair_t *subtype_vp = NULL;
- subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) {
REDEBUG("Missing AT_SUBTYPE");
goto fail;
fr_pair_t *id;
fr_aka_sim_id_type_t type;
- id = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity, 0);
+ id = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_identity, 0);
if (!id) {
/*
* 9.2. EAP-Response/Identity
* If the identity looks like a fast re-auth id
* run fast re-auth, otherwise do fullauth.
*/
- identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type, 0);
+ identity_type = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_identity_type, 0);
if (identity_type) switch (identity_type->vp_uint32) {
case FR_IDENTITY_TYPE_VALUE_FASTAUTH:
/*
* with a fast re-authentication identity is present for fast
* re-authentication
*/
- if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_nonce_mt, 0)) {
+ if (fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_nonce_mt, 0)) {
REDEBUG("AT_NONCE_MT is not allowed in EAP-Response/SIM-Reauthentication messages");
return STATE_TRANSITION(common_failure_notification);
}
* AT_IDENTITY attribute with a fast re-authentication identity is
* present for fast re-authentication.
*/
- if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_selected_version, 0)) {
+ if (fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_selected_version, 0)) {
REDEBUG("AT_SELECTED_VERSION is not allowed in EAP-Response/SIM-Reauthentication messages");
return STATE_TRANSITION(common_failure_notification);
}
eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t);
fr_pair_t *subtype_vp = NULL;
- subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
+ subtype_vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_subtype, 0);
if (!subtype_vp) {
REDEBUG("Missing AT_SUBTYPE");
goto fail;
fr_pair_t *id;
fr_aka_sim_id_type_t type;
- id = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity, 0);
+ id = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_identity, 0);
if (!id) {
/*
* RFC 4186 Section #9.2
* If the user provided no versions, then
* just add the default (1).
*/
- if (!(fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_version_list, 0))) {
+ if (!(fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_aka_sim_version_list, 0))) {
MEM(pair_append_reply(&vp, attr_eap_aka_sim_version_list) >= 0);
vp->vp_uint16 = EAP_SIM_VERSION;
}
* This must be done before we enter
* the submodule.
*/
- eap_type = fr_pair_find_by_da(&request->control_pairs, attr_eap_type, 0);
+ eap_type = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_type, 0);
if (eap_type) RWDEBUG("Ignoring &control.EAP-Type, this must be set *before* the EAP module is called");
- method = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_method_hint, 0);
+ method = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_method_hint, 0);
/*
* Set default configuration, we may allow these
* If the identity looks like a fast re-auth id
* run fast re-auth, otherwise do a fullauth.
*/
- identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type, 0);
+ identity_type = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_aka_sim_identity_type, 0);
if (identity_type) switch (identity_type->vp_uint32) {
case FR_IDENTITY_TYPE_VALUE_FASTAUTH:
return STATE_TRANSITION(common_reauthentication);
fr_pair_t *opc_vp;
fr_pair_t *op_vp;
- opc_vp = fr_pair_find_by_da(list, attr_sim_opc, 0);
+ opc_vp = fr_pair_find_by_da_idx(list, attr_sim_opc, 0);
if (opc_vp) {
if (opc_vp->vp_length != MILENAGE_OPC_SIZE) {
REDEBUG("&control.%s has incorrect length, expected %u bytes got %zu bytes",
return 0;
}
- op_vp = fr_pair_find_by_da(list, attr_sim_op, 0);
+ op_vp = fr_pair_find_by_da_idx(list, attr_sim_op, 0);
if (op_vp) {
if (op_vp->vp_length != MILENAGE_OP_SIZE) {
REDEBUG("&control.%s has incorrect length, expected %u bytes got %zu bytes",
/*
* Generate a new RAND value, and derive Kc and SRES from Ki
*/
- ki_vp = fr_pair_find_by_da(vps, attr_sim_ki, 0);
+ ki_vp = fr_pair_find_by_da_idx(vps, attr_sim_ki, 0);
if (!ki_vp) {
RDEBUG3("No &control.%sfound, not generating triplets locally", attr_sim_ki->name);
return 1;
* Check to see if we have a Ki for the IMSI, this allows us to generate the rest
* of the triplets.
*/
- version_vp = fr_pair_find_by_da(vps, attr_sim_algo_version, 0);
+ version_vp = fr_pair_find_by_da_idx(vps, attr_sim_algo_version, 0);
if (!version_vp) {
if (vector_opc_from_op(request, &opc_p, opc_buff, vps, ki_vp->vp_octets) < 0) return -1;
version = opc_p ? FR_SIM_ALGO_VERSION_VALUE_COMP128_4 : FR_SIM_ALGO_VERSION_VALUE_COMP128_3;
/*
* Select the algorithm (default to Milenage)
*/
- version_vp = fr_pair_find_by_da(vps, attr_sim_algo_version, 0);
+ version_vp = fr_pair_find_by_da_idx(vps, attr_sim_algo_version, 0);
if (version_vp) version = version_vp->vp_uint32;
/*
/*
* Find the Ki VP and check its length
*/
- ki_vp = fr_pair_find_by_da(vps, attr_sim_ki, 0);
+ ki_vp = fr_pair_find_by_da_idx(vps, attr_sim_ki, 0);
if (!ki_vp) {
RDEBUG3("No &control.%s found, not generating quintuplets locally", attr_sim_ki->name);
return 1;
/*
* Find the Sequence Number VP or default to SQN = 2
*/
- sqn_vp = fr_pair_find_by_da(vps, attr_sim_sqn, 0);
+ sqn_vp = fr_pair_find_by_da_idx(vps, attr_sim_sqn, 0);
keys->sqn = sqn_vp ? sqn_vp->vp_uint64 : 2; /* 2 is the lowest valid SQN on our side */
/*
* Check if we have an AMF value
*/
- amf_vp = fr_pair_find_by_da(vps, attr_sim_amf, 0);
+ amf_vp = fr_pair_find_by_da_idx(vps, attr_sim_amf, 0);
if (amf_vp) {
if (amf_vp->vp_length != amf_size) {
REDEBUG("&control.%s has incorrect length, expected %zu bytes got %zu bytes",
/*
* Fetch AUTN
*/
- autn_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_autn, 0);
+ autn_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_autn, 0);
if (!autn_vp) {
RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_autn->name);
return 1;
/*
* Fetch CK
*/
- ck_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ck, 0);
+ ck_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_ck, 0);
if (!ck_vp) {
RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_ck->name);
return 1;
/*
* Fetch IK
*/
- ik_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ik, 0);
+ ik_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_ik, 0);
if (!ik_vp) {
RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_ik->name);
return 1;
/*
* Fetch RAND
*/
- rand_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_rand, 0);
+ rand_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_rand, 0);
if (!rand_vp) {
RDEBUG3("No &control.%s attribute found, not using quintuplet derivation", attr_eap_aka_sim_rand->name);
return 1;
/*
* Fetch XRES
*/
- xres_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_xres, 0);
+ xres_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_xres, 0);
if (!xres_vp) {
RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_xres->name);
return 1;
/*
* Fetch (optional) AK
*/
- ak_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ak, 0);
+ ak_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_ak, 0);
if (ak_vp && (ak_vp->vp_length != MILENAGE_AK_SIZE)) {
REDEBUG("&control.%s incorrect length. Expected "
STRINGIFY(MILENAGE_AK_SIZE) " bytes, got %zu bytes",
/*
* Fetch (optional) SQN
*/
- sqn_vp = fr_pair_find_by_da(vps, attr_sim_sqn, 0);
+ sqn_vp = fr_pair_find_by_da_idx(vps, attr_sim_sqn, 0);
if (sqn_vp && (sqn_vp->vp_length != MILENAGE_SQN_SIZE)) {
REDEBUG("&control.%s incorrect length. Expected "
STRINGIFY(MILENAGE_AK_SIZE) " bytes, got %zu bytes",
* This is the *old* counter value increment
* by 1 to get the *new* counter value
*/
- counter_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_counter, 0);
+ counter_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_counter, 0);
if (!counter_vp) {
RDEBUG2("No &session-state.%s attribute found, can't calculate re-auth keys",
attr_eap_aka_sim_counter->name);
}
counter_vp->vp_uint16++;
- mk_vp = fr_pair_find_by_da(vps, attr_session_data, 0);
- if (!mk_vp) mk_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_mk, 0);
+ mk_vp = fr_pair_find_by_da_idx(vps, attr_session_data, 0);
+ if (!mk_vp) mk_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_mk, 0);
if (!mk_vp) {
RDEBUG2("Neither &session-state.%s or &session-state.%s attributes found, "
"can't calculate re-auth keys", attr_session_data->name, attr_eap_aka_sim_mk->name);
* This is the *old* counter value increment
* by 1 to get the *new* counter value
*/
- counter_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_counter, 0);
+ counter_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_counter, 0);
if (!counter_vp) {
RDEBUG2("No &session-state.%s attribute found, can't calculate re-auth keys",
attr_eap_aka_sim_counter->name);
}
counter_vp->vp_uint16++;
- mk_vp = fr_pair_find_by_da(vps, attr_session_data, 0);
- if (!mk_vp) mk_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_mk, 0);
+ mk_vp = fr_pair_find_by_da_idx(vps, attr_session_data, 0);
+ if (!mk_vp) mk_vp = fr_pair_find_by_da_idx(vps, attr_eap_aka_sim_mk, 0);
if (!mk_vp) {
RDEBUG2("Neither &session-state.%s or &session-sate:%s attributes found, "
"can't calculate re-auth keys", attr_session_data->name, attr_eap_aka_sim_mk->name);
/*
* Figure out what tag we should add to the permanent id
*/
- eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type, 0);
+ eap_type = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_type, 0);
if (eap_type) {
if (eap_type->vp_uint32 == enum_eap_type_sim->vb_uint32) {
out_tag = ID_TAG_SIM_PERMANENT;
} else if ((id_len >= AKA_SIM_IMSI_MIN_LEN) && (id_len <= AKA_SIM_IMSI_MAX_LEN)) {
fr_pair_t *eap_type;
- eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type, 0);
+ eap_type = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_type, 0);
if (!eap_type) {
REDEBUG("ID does not contain method hint, and no &request.EAP-Type found. "
"Don't know what tag to prepend to encrypted identity");
vp->vp_uint32 = 112233;
TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 112233)");
- TEST_CHECK((vp = fr_pair_find_by_da(&request->request_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&request->request_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
vp->vp_uint32 = 3333;
TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 3333)");
- TEST_CHECK((vp = fr_pair_find_by_da(&request->reply_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&request->reply_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
vp->vp_uint32 = 44444;
TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 44444)");
- TEST_CHECK((vp = fr_pair_find_by_da(&request->control_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&request->control_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
vp->vp_uint32 = 7890;
TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 7890)");
- TEST_CHECK((vp = fr_pair_find_by_da(&request->session_state_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&request->session_state_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(pair_delete_request(fr_dict_attr_test_uint32) > 0);
TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->request_pairs'");
- TEST_CHECK(fr_pair_find_by_da(&request->request_pairs, fr_dict_attr_test_uint32, 0) == NULL);
+ TEST_CHECK(fr_pair_find_by_da_idx(&request->request_pairs, fr_dict_attr_test_uint32, 0) == NULL);
TEST_CHECK_RET(talloc_free(request), 0);
}
TEST_CHECK(pair_delete_reply(fr_dict_attr_test_uint32) > 0);
TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->reply_pairs'");
- TEST_CHECK(fr_pair_find_by_da(&request->reply_pairs, fr_dict_attr_test_uint32, 0) == NULL);
+ TEST_CHECK(fr_pair_find_by_da_idx(&request->reply_pairs, fr_dict_attr_test_uint32, 0) == NULL);
TEST_CHECK_RET(talloc_free(request), 0);
}
TEST_CHECK(pair_delete_control(fr_dict_attr_test_uint32) > 0);
TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->control_pairs'");
- TEST_CHECK(fr_pair_find_by_da(&request->control_pairs, fr_dict_attr_test_uint32, 0) == NULL);
+ TEST_CHECK(fr_pair_find_by_da_idx(&request->control_pairs, fr_dict_attr_test_uint32, 0) == NULL);
TEST_CHECK_RET(talloc_free(request), 0);
}
TEST_CHECK(pair_delete_session_state(fr_dict_attr_test_uint32) > 0);
TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->state'");
- TEST_CHECK(fr_pair_find_by_da(&request->session_state_pairs, fr_dict_attr_test_uint32, 0) == NULL);
+ TEST_CHECK(fr_pair_find_by_da_idx(&request->session_state_pairs, fr_dict_attr_test_uint32, 0) == NULL);
TEST_CHECK_RET(talloc_free(request), 0);
}
WARN("Are you sure you don't mean Password.Cleartext?");
WARN("See \"man rlm_pap\" for more information");
}
- if (fr_pair_find_by_da(request_list, attr_user_password, 0) == NULL) continue;
+ if (fr_pair_find_by_da_idx(request_list, attr_user_password, 0) == NULL) continue;
}
/*
* int the reply, we use that in preference to the
* old state.
*/
- vp = fr_pair_find_by_da(reply_list, state->da, 0);
+ vp = fr_pair_find_by_da_idx(reply_list, state->da, 0);
if (vp) {
if (DEBUG_ENABLED && (vp->vp_length > sizeof(entry->state))) {
WARN("State too long, will be truncated. Expected <= %zd bytes, got %zu bytes",
fr_state_entry_t *entry;
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->request_pairs, state->da, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, state->da, 0);
if (!vp) return;
PTHREAD_MUTEX_LOCK(&state->mutex);
/*
* No State, don't do anything.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, state->da, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, state->da, 0);
if (!vp) {
RDEBUG3("No &request.%s attribute, can't restore &session-state", state->da->name);
if (request->seq_start == 0) request->seq_start = request->number; /* Need check for fake requests */
return XLAT_ACTION_FAIL;
}
- vp = fr_pair_find_by_da(head, da, 0);
+ vp = fr_pair_find_by_da_idx(head, da, 0);
if (!vp) {
ERROR("Attribute \"%pV\" is not valid for this trigger", in_head);
return XLAT_ACTION_FAIL;
char const *auth_name;
rlm_rcode_t rcode = RLM_MODULE_NOOP;
- vp = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0);
if (!vp) {
RDEBUG2("No &control.Auth-Type found");
fail:
uint8_t const *q, **p;
SSL_SESSION *sess;
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_tls_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_tls_packet_type, 0);
if (!vp || (vp->vp_uint32 != enum_tls_packet_type_success->vb_uint32)) {
RWDEBUG("Failed acquiring session data");
error:
return UNLANG_ACTION_CALCULATE_RESULT;
}
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_tls_session_data, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_tls_session_data, 0);
if (!vp) {
RWDEBUG("No cached session found");
goto error;
tls_cache_store_state_reset(tls_cache);
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_tls_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_tls_packet_type, 0);
if (vp && (vp->vp_uint32 == enum_tls_packet_type_success->vb_uint32)) {
tls_cache->store.state = FR_TLS_CACHE_STORE_PERSISTED; /* Avoid spurious clear calls */
} else {
tls_cache_clear_state_reset(tls_cache);
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_tls_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_tls_packet_type, 0);
if (vp &&
((vp->vp_uint32 == enum_tls_packet_type_success->vb_uint32) ||
(vp->vp_uint32 == enum_tls_packet_type_notfound->vb_uint32))) {
goto disable;
}
- vp = fr_pair_find_by_da(&request->control_pairs, attr_allow_session_resumption, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_allow_session_resumption, 0);
if (vp && (vp->vp_uint32 == 0)) {
RDEBUG2("&control.Allow-Session-Resumption == no, denying session resumption");
disable:
/*
* Add the session certificate to the session.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_session_cert_file, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_tls_session_cert_file, 0);
if (vp) {
RDEBUG2("Loading TLS session certificate \"%pV\"", &vp->data);
* This is mainly used for testing in environments where we can't
* get test credentials for the host.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_session_require_client_cert, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_tls_session_require_client_cert, 0);
if (vp) client_cert = vp->vp_bool;
/*
* just too much.
*/
tls_session->mtu = conf->fragment_size;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_framed_mtu, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_framed_mtu, 0);
if (vp && (vp->vp_uint32 > 100) && (vp->vp_uint32 < tls_session->mtu)) {
RDEBUG2("Setting fragment_len to %u from &Framed-MTU", vp->vp_uint32);
tls_session->mtu = vp->vp_uint32;
}
if (verify_applies(conf->verify.attribute_mode, depth, untrusted) &&
- (!(container = fr_pair_find_by_da(&request->session_state_pairs, attr_tls_certificate, depth)) ||
+ (!(container = fr_pair_find_by_da_idx(&request->session_state_pairs, attr_tls_certificate, depth)) ||
fr_pair_list_empty(&container->vp_group))) {
if (!container) {
unsigned int i;
fr_assert(tls_session->validate.state == FR_TLS_VALIDATION_REQUESTED);
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_tls_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_tls_packet_type, 0);
if (!vp || (vp->vp_uint32 != enum_tls_packet_type_success->vb_uint32)) {
REDEBUG("Failed (re-)validating certificates");
tls_session->validate.state = FR_TLS_VALIDATION_FAILED;
*/
type_enum = fr_dict_enum_by_value(gext->attr_packet_type, fr_box_uint32(request->packet->code));
if (!type_enum) {
- packet_type_vp = fr_pair_find_by_da(&request->request_pairs, gext->attr_packet_type, 0);
+ packet_type_vp = fr_pair_find_by_da_idx(&request->request_pairs, gext->attr_packet_type, 0);
if (!packet_type_vp) {
bad_packet_type:
REDEBUG("No such value '%d' of attribute 'Packet-Type' for server %s",
/*
* Set Request Lifetime
*/
- vp = fr_pair_find_by_da(&request->control_pairs, request_attr_request_lifetime, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, request_attr_request_lifetime, 0);
if (!vp || (vp->vp_uint32 > 0)) {
fr_time_delta_t when = fr_time_delta_wrap(0);
const fr_event_timer_t **ev_p;
* it doesn't already exist.
*/
case T_OP_EQ:
- found = fr_pair_find_by_da(to, i->da);
+ found = fr_pair_find_by_da_idx(to, i->da);
if (!found) goto do_add;
i = fr_pair_list_next(from, i);
* of the same vendor/attr which already exists.
*/
case T_OP_SET:
- found = fr_pair_find_by_da(to, i->da);
+ found = fr_pair_find_by_da_idx(to, i->da);
if (!found) goto do_add;
/*
return count;
}
-/** Find a pair with a matching da
+/** Find a pair with a matching da at a given index
+ *
+ * @param[in] list to search in.
+ * @param[in] prev the previous attribute in the list.
+ * @param[in] da the next da to find.
+ * @return
+ * - first matching fr_pair_t.
+ * - NULL if no fr_pair_ts match.
+ *
+ * @hidecallergraph
+ */
+fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
+{
+ fr_pair_t *vp = UNCONST(fr_pair_t *, prev);
+
+ if (fr_dlist_empty(&list->order)) return NULL;
+
+ PAIR_LIST_VERIFY(list);
+
+ while ((vp = fr_pair_list_next(list, vp))) if (da == vp->da) return vp;
+
+ return NULL;
+}
+
+/** Find a pair with a matching da at a given index
*
* @param[in] list to search in.
* @param[in] da to look for in the list.
- * @param[in] n Instance of the attribute to return.
+ * @param[in] idx Instance of the attribute to return.
* @return
* - first matching fr_pair_t.
* - NULL if no fr_pair_ts match.
*
* @hidecallergraph
*/
-fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list, fr_dict_attr_t const *da, unsigned int n)
+fr_pair_t *fr_pair_find_by_da_idx(fr_pair_list_t const *list, fr_dict_attr_t const *da, unsigned int idx)
{
- fr_pair_t *vp = NULL;
+ fr_pair_t *vp = NULL;
if (fr_dlist_empty(&list->order)) return NULL;
PAIR_LIST_VERIFY(list);
while ((vp = fr_pair_list_next(list, vp))) {
- if (da == vp->da) {
- if (n == 0) return vp;
- n--;
- }
+ if (da != vp->da) continue;
+
+ if (idx == 0) return vp;
+
+ idx--;
}
return NULL;
}
/** Find a pair which has the specified ancestor
*
* @param[in] list to search in.
- * @param[in] prev where to start the search from.
+ * @param[in] prev attribute to start search from.
* @param[in] ancestor to look for in the list.
* @return
* - first matching fr_pair_t.
*
* @hidecallergraph
*/
-fr_pair_t *fr_pair_find_by_ancestor(fr_pair_list_t const *list,
- fr_pair_t const *prev, fr_dict_attr_t const *ancestor)
+fr_pair_t *fr_pair_find_by_ancestor(fr_pair_list_t const *list, fr_pair_t const *prev,
+ fr_dict_attr_t const *ancestor)
{
- fr_pair_t *vp = UNCONST(fr_pair_t *, prev);
+ fr_pair_t *vp = UNCONST(fr_pair_t *, prev);
while ((vp = fr_pair_list_next(list, vp))) {
if (!fr_dict_attr_common_parent(ancestor, vp->da, true)) continue;
return NULL;
}
+/** Find a pair which has the specified ancestor at a given index
+ *
+ * @param[in] list to search in.
+ * @param[in] ancestor to look for in the list.
+ * @param[in] idx Instance of the attribute to return.
+ * @return
+ * - first matching fr_pair_t.
+ * - NULL if no fr_pair_ts match.
+ *
+ * @hidecallergraph
+ */
+fr_pair_t *fr_pair_find_by_ancestor_idx(fr_pair_list_t const *list,
+ fr_dict_attr_t const *ancestor, unsigned int idx)
+{
+ fr_pair_t *vp = NULL;
+
+ while ((vp = fr_pair_list_next(list, vp))) {
+ if (!fr_dict_attr_common_parent(ancestor, vp->da, true)) continue;
+
+ if (idx == 0) return vp;
+ idx--;
+ }
+
+ return NULL;
+}
+
/** Find the pair with the matching child attribute
+ *
+ * @param[in] list in which to search.
+ * @param[in] prev attribute to start search from.
+ * @param[in] parent attribute in which to lookup child.
+ * @param[in] attr id of child.
+ * @return
+ * - first matching value pair.
+ * - NULL if no pair found.
+ */
+fr_pair_t *fr_pair_find_by_child_num(fr_pair_list_t const *list, fr_pair_t const *prev,
+ fr_dict_attr_t const *parent, unsigned int attr)
+{
+ fr_dict_attr_t const *da;
+
+ /* List head may be NULL if it contains no VPs */
+ if (fr_dlist_empty(&list->order)) return NULL;
+
+ PAIR_LIST_VERIFY(list);
+
+ da = fr_dict_attr_child_by_num(parent, attr);
+ if (!da) return NULL;
+
+ return fr_pair_find_by_da(list, prev, da);
+}
+
+/** Find the pair with the matching child attribute at a given index
*
* @param[in] list in which to search.
* @param[in] parent attribute in which to lookup child.
* @param[in] attr id of child.
- * @param[in] n Instance of the attribute to return.
+ * @param[in] idx Instance of the attribute to return.
* @return
* - first matching value pair.
* - NULL if no pair found.
*/
-fr_pair_t *fr_pair_find_by_child_num(fr_pair_list_t *list,
- fr_dict_attr_t const *parent, unsigned int attr, unsigned int n)
+fr_pair_t *fr_pair_find_by_child_num_idx(fr_pair_list_t const *list,
+ fr_dict_attr_t const *parent, unsigned int attr, unsigned int idx)
{
fr_dict_attr_t const *da;
da = fr_dict_attr_child_by_num(parent, attr);
if (!da) return NULL;
- return fr_pair_find_by_da(list, da, n);
+ return fr_pair_find_by_da_idx(list, da, idx);
}
/** Return a pointer to the pair list
{
fr_pair_t *vp;
- vp = fr_pair_find_by_da(list, da, n);
+ vp = fr_pair_find_by_da_idx(list, da, n);
if (vp) {
PAIR_VERIFY(vp);
if (out) *out = vp;
CC_HINT(nonnull);
fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list,
- fr_dict_attr_t const *da, unsigned int n) CC_HINT(nonnull);
+ fr_pair_t const *prev, fr_dict_attr_t const *da) CC_HINT(nonnull(1,3));
+
+fr_pair_t *fr_pair_find_by_da_idx(fr_pair_list_t const *list,
+ fr_dict_attr_t const *da, unsigned int idx) CC_HINT(nonnull);
fr_pair_t *fr_pair_find_by_ancestor(fr_pair_list_t const *list, fr_pair_t const *prev,
fr_dict_attr_t const *ancestor) CC_HINT(nonnull(1,3));
-fr_pair_t *fr_pair_find_by_child_num(fr_pair_list_t *list,
- fr_dict_attr_t const *parent, unsigned int attr,
- unsigned int n) CC_HINT(nonnull);
+fr_pair_t *fr_pair_find_by_ancestor_idx(fr_pair_list_t const *list,
+ fr_dict_attr_t const *ancestor, unsigned int idx) CC_HINT(nonnull);
+
+fr_pair_t *fr_pair_find_by_child_num(fr_pair_list_t const *list, fr_pair_t const *prev,
+ fr_dict_attr_t const *parent, unsigned int attr) CC_HINT(nonnull(1,3));
+
+fr_pair_t *fr_pair_find_by_child_num_idx(fr_pair_list_t const *list,
+ fr_dict_attr_t const *parent, unsigned int attr,
+ unsigned int idx) CC_HINT(nonnull);
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *vp) CC_HINT(nonnull);
* it doesn't already exist.
*/
case T_OP_EQ:
- found = fr_pair_find_by_da(to, i->da, 0);
+ found = fr_pair_find_by_da_idx(to, i->da, 0);
if (!found) goto do_add;
i = fr_pair_list_next(from, i);
* of the same vendor/attr which already exists.
*/
case T_OP_SET:
- found = fr_pair_find_by_da(to, i->da, 0);
+ found = fr_pair_find_by_da_idx(to, i->da, 0);
if (!found) goto do_add;
/*
fr_pair_t *vp;
TEST_CASE("Find 'Test-String-0'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(fr_pair_list_afrom_str(autofree, test_dict, buffer, strlen(buffer), &list) == T_EOL);
TEST_CASE("Looking for Test-Uint32-0");
- TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&list, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(vp && vp->vp_uint32 == 123);
TEST_CASE("Looking for Test-String-0");
- TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&list, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(fr_pair_list_afrom_file(autofree, test_dict, &list, fp, &pfiledone) == 0);
TEST_CASE("Looking for Test-Uint32-0");
- TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&list, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(vp && vp->vp_uint32 == 123);
TEST_CASE("Looking for Test-String-0");
- TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&list, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_pair_list_move(&new_list, &old_list, T_OP_ADD);
TEST_CASE("Looking for Test-Uint32-0");
- TEST_CHECK((vp = fr_pair_find_by_da(&new_list, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&new_list, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(vp && vp->vp_uint32 == 123);
TEST_CASE("Looking for Test-String-0");
- TEST_CHECK((vp = fr_pair_find_by_da(&new_list, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&new_list, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_MSG_ALWAYS("per_sec=%0.0lf", (reps * len)/(fr_time_delta_unwrap(used) / (double)NSEC));
}
-static void do_test_fr_pair_find_by_da(unsigned int len, unsigned int perc, unsigned int reps, fr_pair_t *source_vps[])
+static void do_test_fr_pair_find_by_da_idx(unsigned int len, unsigned int perc, unsigned int reps, fr_pair_t *source_vps[])
{
fr_pair_list_t test_vps;
unsigned int i, j;
int idx = rand() % input_count;
da = source_vps[idx]->da;
start = fr_time();
- (void) fr_pair_find_by_da(&test_vps, da, 0);
+ (void) fr_pair_find_by_da_idx(&test_vps, da, 0);
end = fr_time();
used = fr_time_delta_add(used, fr_time_sub(end, start));
}
da = source_vps[idx]->da;
start = fr_time();
- (void) fr_pair_find_by_da(&test_vps, da, nth_item);
+ (void) fr_pair_find_by_da_idx(&test_vps, da, nth_item);
end = fr_time();
used = fr_time_delta_add(used, fr_time_sub(end, start));
}
test_funcs(_func, 100)
all_test_funcs(fr_pair_append)
-all_test_funcs(fr_pair_find_by_da)
+all_test_funcs(fr_pair_find_by_da_idx)
all_test_funcs(find_nth)
all_test_funcs(fr_pair_list_free)
TEST_LIST = {
all_repetition_tests(fr_pair_append)
- all_repetition_tests(fr_pair_find_by_da)
+ all_repetition_tests(fr_pair_find_by_da_idx)
all_repetition_tests(find_nth)
all_repetition_tests(fr_pair_list_free)
TEST_CHECK(needle && needle->da == fr_dict_attr_test_tlv_string);
}
-static void test_fr_pair_find_by_da(void)
+static void test_fr_pair_find_by_da_idx(void)
{
fr_pair_t *vp;
- TEST_CASE("Search for fr_dict_attr_test_tlv_string using fr_pair_find_by_da()");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_tlv_string, 0)) != NULL);
+ TEST_CASE("Search for fr_dict_attr_test_tlv_string using fr_pair_find_by_da_idx()");
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_tlv_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(vp && vp->da == fr_dict_attr_test_tlv_string);
}
-static void test_fr_pair_find_by_child_num(void)
+static void test_fr_pair_find_by_child_num_idx(void)
{
fr_pair_t *vp;
- TEST_CASE("Search for FR_TEST_ATTR_STRING using fr_pair_find_by_child_num()");
- TEST_CHECK((vp = fr_pair_find_by_child_num(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0)) != NULL);
+ TEST_CASE("Search for FR_TEST_ATTR_STRING using fr_pair_find_by_child_num_idx()");
+ TEST_CHECK((vp = fr_pair_find_by_child_num_idx(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_pair_delete_by_child_num(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING);
TEST_CASE("The fr_dict_attr_test_string shouldn't exist in 'test_pairs'");
- TEST_CHECK(fr_pair_find_by_child_num(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0) == NULL);
+ TEST_CHECK(fr_pair_find_by_child_num_idx(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0) == NULL);
TEST_CASE("Add fr_dict_attr_test_string back into 'test_pairs'");
TEST_CHECK(fr_pair_prepend_by_da(autofree, NULL, &test_pairs, fr_dict_attr_test_string) == 0);
vp->vp_uint32 = 54321;
TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 54321)");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
TEST_CHECK(fr_pair_delete_by_da(&test_pairs, fr_dict_attr_test_string) == 1);
TEST_CASE("The fr_dict_attr_test_string shouldn't exist in 'test_pairs'");
- TEST_CHECK(fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0) == NULL);
+ TEST_CHECK(fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0) == NULL);
TEST_CASE("Add fr_dict_attr_test_string back into 'test_pairs'");
TEST_CHECK(fr_pair_prepend_by_da(autofree, NULL, &test_pairs, fr_dict_attr_test_string) == 0);
fr_pair_t *vp;
TEST_CASE("Delete fr_dict_attr_test_string using fr_pair_delete()");
- TEST_CHECK((vp = fr_pair_find_by_child_num(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_child_num_idx(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0)) != NULL);
fr_pair_delete(&test_pairs, vp);
TEST_CASE("The fr_dict_attr_test_string shouldn't exist in 'test_pairs'");
- TEST_CHECK((vp = fr_pair_find_by_child_num(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0)) == NULL);
+ TEST_CHECK((vp = fr_pair_find_by_child_num_idx(&test_pairs, fr_dict_root(test_dict), FR_TEST_ATTR_STRING, 0)) == NULL);
TEST_CASE("Add fr_dict_attr_test_string back into 'test_pairs'");
TEST_CHECK(fr_pair_prepend_by_da(autofree, NULL, &test_pairs, fr_dict_attr_test_string) == 0);
fr_pair_t *vp1, vp2;
TEST_CASE("Create 'vp1' with Test-Integer = 123");
- TEST_CHECK((vp1 = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
+ TEST_CHECK((vp1 = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_uint32, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp1);
fr_pair_t *vp;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_pair_t *vp;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *copy_test_string;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_pair_t *vp;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
snprintf(fmt_test, sizeof(fmt_test), "Now is %"PRId64, fr_time_unwrap(now));
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *out = NULL;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *out = NULL;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_pair_t *vp;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *copy_test_string;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *copy_test_string;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *copy_test_string;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *copy_test_string;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char *copy_test_string;
TEST_CASE("Find 'Test-String'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_string, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
uint8_t *out;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
uint8_t *out;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_pair_t *vp;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
uint8_t *copy_test_octets;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
uint8_t *copy_test_octets;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
uint8_t *copy_test_octets;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_pair_t *vp;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
uint8_t *copy_test_octets;
TEST_CASE("Find 'Test-Octets'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
char buf[20];
TEST_CASE("Find 'Test-Values'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_enum, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_enum, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
fr_value_box_t const *vb;
TEST_CASE("Find 'Test-Values'");
- TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_enum, 0)) != NULL);
+ TEST_CHECK((vp = fr_pair_find_by_da_idx(&test_pairs, fr_dict_attr_test_enum, 0)) != NULL);
TEST_CASE("Validating PAIR_VERIFY()");
PAIR_VERIFY(vp);
{ "fr_dcursor_iter_by_da_init", test_fr_pair_dcursor_by_da_init },
{ "fr_pair_dcursor_by_ancestor_init", test_fr_pair_dcursor_by_ancestor_init },
{ "fr_pair_to_unknown", test_fr_pair_to_unknown },
- { "fr_pair_find_by_da", test_fr_pair_find_by_da },
- { "fr_pair_find_by_child_num", test_fr_pair_find_by_child_num },
+ { "fr_pair_find_by_da_idx", test_fr_pair_find_by_da_idx },
+ { "fr_pair_find_by_child_num_idx", test_fr_pair_find_by_child_num_idx },
{ "fr_pair_append", test_fr_pair_append },
{ "fr_pair_prepend_by_da", test_fr_pair_prepend_by_da },
{ "fr_pair_delete_by_child_num", test_fr_pair_delete_by_child_num },
fclose(fp);
- vp = fr_pair_find_by_da(&inst->pair_list, inst->parent->attr_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&inst->pair_list, inst->parent->attr_packet_type, 0);
if (vp) inst->code = vp->vp_uint32;
return 0;
fclose(fp);
}
- vp = fr_pair_find_by_da(&inst->pair_list, inst->parent->attr_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&inst->pair_list, inst->parent->attr_packet_type, 0);
if (vp) inst->code = vp->vp_uint32;
return 0;
* number.
*/
if ((request->packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) &&
- fr_pair_find_by_da(&request->request_pairs, attr_state, 0)) {
+ fr_pair_find_by_da_idx(&request->request_pairs, attr_state, 0)) {
request->async->sequence = 1;
}
if (client->active &&
((pkt->hdr.flags & FR_FLAGS_VALUE_UNENCRYPTED) == 0) &&
RDEBUG_ENABLED2 &&
- ((vp = fr_pair_find_by_da(&request->request_pairs, attr_tacacs_user_name, 0)) != NULL) &&
+ ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_tacacs_user_name, 0)) != NULL) &&
(fr_utf8_str((uint8_t const *) vp->vp_strvalue, vp->vp_length) < 0)) {
RWDEBUG("Unprintable characters in the %s. "
"Double-check the shared secret on the server "
{
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_ldap_sync_cookie, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_ldap_sync_cookie, 0);
if (!vp) {
if (config->allow_refresh) RDEBUG2("No &reply.Cookie attribute found. All entries matching "
"sync configuration will be returned");
/*
* Check to see if we need to merge the entry into the request
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_merge_new, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_cache_merge_new, 0);
if (vp && vp->vp_bool) merge = true;
if (merge) cache_merge(inst, request, c);
* If Cache-Status-Only == yes, only return whether we found a
* valid cache entry
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_status_only, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_cache_status_only, 0);
if (vp && vp->vp_bool) {
RINDENT();
RDEBUG3("status-only: yes");
/*
* Figure out what operation we're doing
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_allow_merge, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_cache_allow_merge, 0);
if (vp) merge = vp->vp_bool;
- vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_allow_insert, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_cache_allow_insert, 0);
if (vp) insert = vp->vp_bool;
- vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_ttl, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_cache_ttl, 0);
if (vp) {
if (vp->vp_int32 == 0) {
expire = true;
/* Process the TTL */
ttl = inst->config.ttl; /* Set the default value from cache { ttl=... } */
- vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_ttl, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_cache_ttl, 0);
if (vp) {
if (vp->vp_int32 == 0) {
expire = true;
/* Process the TTL */
ttl = inst->config.ttl; /* Set the default value from cache { ttl=... } */
- vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_ttl, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_cache_ttl, 0);
if (vp) {
if (vp->vp_int32 < 0) {
ttl = fr_time_delta_from_sec(-(vp->vp_int32));
* Use Chap-Challenge pair if present,
* Request Authenticator otherwise.
*/
- challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0);
+ challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_challenge, 0);
if (challenge && (challenge->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) {
vector = challenge->vp_octets;
} else {
fr_pair_t *vp;
rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_chap_t);
- if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0) != NULL) {
+ if (fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0) != NULL) {
RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", inst->name);
RETURN_MODULE_NOOP;
}
* This case means the warnings below won't be printed
* unless there's a CHAP-Password in the request.
*/
- if (!fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_password, 0)) {
RETURN_MODULE_NOOP;
}
* This is so that the rest of the code does not need to
* understand CHAP.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_challenge, 0);
if (!vp) {
RDEBUG2("Creating &%s from request authenticator", attr_chap_challenge->name);
fr_pair_t *challenge;
uint8_t const *vector;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (!username) {
REDEBUG("&User-Name attribute is required for authentication");
RETURN_MODULE_INVALID;
}
- chap = fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0);
+ chap = fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_password, 0);
if (!chap) {
REDEBUG("You set '&control.Auth-Type = CHAP' for a request that "
"does not contain a CHAP-Password attribute!");
* Use Chap-Challenge pair if present,
* Request Authenticator otherwise.
*/
- challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0);
+ challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_challenge, 0);
if (challenge && (challenge->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) {
vector = challenge->vp_octets;
} else {
size_t length;
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_challenge, 0);
if (vp) {
RDEBUG2("Using challenge from &request.CHAP-Challenge");
p = vp->vp_octets;
}
/* get current event timestamp */
- if ((vp = fr_pair_find_by_da(vps, attr_event_timestamp, 0)) != NULL) {
+ if ((vp = fr_pair_find_by_da_idx(vps, attr_event_timestamp, 0)) != NULL) {
/* get seconds value from attribute */
ts = fr_time_to_sec(vp->vp_date);
} else {
memset(value, 0, sizeof(value));
/* get elapsed session time */
- if ((vp = fr_pair_find_by_da(vps, attr_acct_session_time, 0)) != NULL) {
+ if ((vp = fr_pair_find_by_da_idx(vps, attr_acct_session_time, 0)) != NULL) {
/* calculate diff */
ts = (ts - vp->vp_uint32);
/* calculate start time */
fr_assert(request->packet != NULL);
/* sanity check */
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) == NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0)) == NULL) {
/* log debug */
RDEBUG2("could not find status type in packet");
/* return */
switch (status) {
case FR_STATUS_START:
/* add start time */
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) != NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0)) != NULL) {
/* add to json object */
json_object_object_add_ex(cookie->jobj, "startTimestamp",
mod_value_pair_to_json_object(request, vp),
case FR_STATUS_STOP:
/* add stop time */
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp, 0)) != NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_event_timestamp, 0)) != NULL) {
/* add to json object */
json_object_object_add_ex(cookie->jobj, "stopTimestamp",
mod_value_pair_to_json_object(request, vp),
/*
* We can only send relayed packets, which have a gateway IP
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_gateway_ip_address, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_gateway_ip_address, 0);
if (!vp) {
REDEBUG("Relayed packets MUST have a Gateway-IP-Address attribute");
RETURN_MODULE_FAIL;
/*
* Get the transaction ID.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_transaction_id, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_transaction_id, 0);
if (vp) {
xid = vp->vp_uint32;
*
* @todo - make sure it's a client type.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_packet_type, 0);
if (vp) {
code = vp->vp_uint32;
- } else if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_message_type, 0)) != NULL) {
+ } else if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_message_type, 0)) != NULL) {
code = vp->vp_uint8;
} else {
/*
* Set the destination port, defaulting to 67
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_packet_dst_port, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_packet_dst_port, 0);
if (vp) {
port = vp->vp_uint16;
} else {
/*
* Get the destination address / port, and unicast it there.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_packet_dst_ip_address, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_packet_dst_ip_address, 0);
if (!vp) {
RDEBUG("No Packet-Dst-IP-Address, cannot relay packet");
RETURN_MODULE_NOOP;
/*
* Find the first attribute which is parented by Digest-Attributes.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_attributes, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_digest_attributes, 0);
if (!vp) RETURN_MODULE_NOOP;
if (!inst->auth_type) {
* We require access to the plain-text password, or to the
* Digest-Attributes.HA1 parameter.
*/
- passwd = fr_pair_find_by_da(&request->control_pairs, attr_digest_ha1, 0);
+ passwd = fr_pair_find_by_da_idx(&request->control_pairs, attr_digest_ha1, 0);
if (passwd) {
if (passwd->vp_length != 32) {
REDEBUG("Digest-Attributes.HA1 has invalid length, authentication failed");
RETURN_MODULE_INVALID;
}
} else {
- passwd = fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password, 0);
+ passwd = fr_pair_find_by_da_idx(&request->control_pairs, attr_cleartext_password, 0);
}
if (!passwd) {
REDEBUG("Password.Cleartext or Digest-Attributes.HA1 is required for authentication");
RETURN_MODULE_INVALID;
}
- vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_attributes, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_digest_attributes, 0);
if (!vp) {
REDEBUG("Digest-Attributes is required for authentication");
RETURN_MODULE_INVALID;
/*
* We require access to the Digest-Attributes.Nonce
*/
- nonce = fr_pair_find_by_da(list, attr_digest_nonce, 0);
+ nonce = fr_pair_find_by_da_idx(list, attr_digest_nonce, 0);
if (!nonce) {
REDEBUG("No Digest-Attributes.Nonce: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
/*
* A1 = Digest-Attributes.User-Name ":" Realm ":" Password
*/
- vp = fr_pair_find_by_da(list, attr_digest_user_name, 0);
+ vp = fr_pair_find_by_da_idx(list, attr_digest_user_name, 0);
if (!vp) {
REDEBUG("No Digest-Attributes.User-Name: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
a1[a1_len] = ':';
a1_len++;
- vp = fr_pair_find_by_da(list, attr_digest_realm, 0);
+ vp = fr_pair_find_by_da_idx(list, attr_digest_realm, 0);
if (!vp) {
REDEBUG("No Digest-Attributes.Attributes.Realm: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
* See which variant we calculate.
* Assume MD5 if no Digest-Algorithm attribute received
*/
- algo = fr_pair_find_by_da(list, attr_digest_algorithm, 0);
+ algo = fr_pair_find_by_da_idx(list, attr_digest_algorithm, 0);
if ((!algo) ||
(strcasecmp(algo->vp_strvalue, "MD5") == 0)) {
/*
a1[a1_len] = ':';
a1_len++;
- vp = fr_pair_find_by_da(list, attr_digest_cnonce, 0);
+ vp = fr_pair_find_by_da_idx(list, attr_digest_cnonce, 0);
if (!vp) {
REDEBUG("No Digest-Attributes.CNonce: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
/*
* A2 = Digest-Attributes.Method ":" Digest-Attributes.URI
*/
- vp = fr_pair_find_by_da(list, attr_digest_method, 0);
+ vp = fr_pair_find_by_da_idx(list, attr_digest_method, 0);
if (!vp) {
REDEBUG("No Digest-Attributes.Method: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
a2[a2_len] = ':';
a2_len++;
- vp = fr_pair_find_by_da(list, attr_digest_uri, 0);
+ vp = fr_pair_find_by_da_idx(list, attr_digest_uri, 0);
if (!vp) {
REDEBUG("No Digest-Attributes.URI: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
/*
* QOP is "auth-int", tack on ": Digest-Attributes.Body-Digest"
*/
- qop = fr_pair_find_by_da(list, attr_digest_qop, 0);
+ qop = fr_pair_find_by_da_idx(list, attr_digest_qop, 0);
if (qop) {
if (strcasecmp(qop->vp_strvalue, "auth-int") == 0) {
fr_pair_t *body;
/*
* Must be a hex representation of an MD5 digest.
*/
- body = fr_pair_find_by_da(list, attr_digest_body_digest, 0);
+ body = fr_pair_find_by_da_idx(list, attr_digest_body_digest, 0);
if (!body) {
REDEBUG("No Digest-Attributes.Body-Digest: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
kd[kd_len] = ':';
kd_len++;
- vp = fr_pair_find_by_da(list, attr_digest_nonce_count, 0);
+ vp = fr_pair_find_by_da_idx(list, attr_digest_nonce_count, 0);
if (!vp) {
REDEBUG("No Digest-Attributes.Nonce-Count: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
kd[kd_len] = ':';
kd_len++;
- vp = fr_pair_find_by_da(list, attr_digest_cnonce, 0);
+ vp = fr_pair_find_by_da_idx(list, attr_digest_cnonce, 0);
if (!vp) {
REDEBUG("No Digest-Attributes.CNonce: Cannot perform Digest authentication");
RETURN_MODULE_INVALID;
* Get the binary value of Digest-Response. This isn't
* inside of the Digest-Attributes group.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_response, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_digest_response, 0);
if (!vp) {
REDEBUG("No Digest-Response attribute in the request. Cannot perform digest authentication");
RETURN_MODULE_INVALID;
* Pick one type out of the one they asked for,
* as they may have asked for many.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_type, 0);
for (i = 0; i < nak->length; i++) {
/*
* Type 0 is valid, and means there are no
* If it's not an NAI with a realm, check
* to see if the user has set Stripped-User-domain.
*/
- stripped_user_domain = fr_pair_find_by_da(&eap_session->request->request_pairs,
+ stripped_user_domain = fr_pair_find_by_da_idx(&eap_session->request->request_pairs,
attr_stripped_user_domain, 0);
if (!stripped_user_domain) goto bad_id;
}
/*
* Allow per-user configuration of EAP types.
*/
- vp = fr_pair_find_by_da(&eap_session->request->control_pairs, attr_eap_type, 0);
+ vp = fr_pair_find_by_da_idx(&eap_session->request->control_pairs, attr_eap_type, 0);
if (vp) {
RDEBUG2("Using method from &control.EAP-Type");
next = vp->vp_uint32;
eap_packet_raw_t *eap_packet;
unlang_action_t ua;
- if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_message, 0)) {
REDEBUG("You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!");
RETURN_MODULE_INVALID;
}
* says that we MUST include a User-Name attribute in the
* Access-Accept.
*/
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if ((request->reply->code == FR_RADIUS_CODE_ACCESS_ACCEPT) && username) {
/*
* Doesn't exist, add it in.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_user_name, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_user_name, 0);
if (!vp) {
vp = fr_pair_copy(request->reply_ctx, username);
fr_pair_append(&request->reply_pairs, vp);
*/
if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP;
- if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_message, 0)) {
RDEBUG3("Request didn't contain an EAP-Message, not inserting EAP-Failure");
RETURN_MODULE_NOOP;
}
- if (fr_pair_find_by_da(&request->reply_pairs, attr_eap_message, 0)) {
+ if (fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_message, 0)) {
RDEBUG3("Reply already contained an EAP-Message, not inserting EAP-Failure");
RETURN_MODULE_NOOP;
}
switch (fake->reply->code) {
case 0: /* No reply code, must be proxied... */
#ifdef WITH_PROXY
- vp = fr_pair_find_by_da(&fake->control, attr_proxy_to_realm, 0);
+ vp = fr_pair_find_by_da_idx(&fake->control, attr_proxy_to_realm, 0);
if (vp) {
int ret;
eap_tunnel_data_t *tunnel;
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
if (vp) {
client_cert = vp->vp_uint32 ? true : false;
} else {
* in the user name, THEN discard the user name.
*/
if (inst->with_ntdomain_hack &&
- ((auth_challenge = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0)) != NULL) &&
+ ((auth_challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0)) != NULL) &&
((username = memchr(auth_challenge->vp_octets, '\\', auth_challenge->vp_length)) != NULL)) {
/*
* Wipe out the NT domain.
*/
if (!fr_cond_assert(parent)) RETURN_MODULE_FAIL;
- auth_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_challenge, 0);
+ auth_challenge = fr_pair_find_by_da_idx(&parent->control_pairs, attr_ms_chap_challenge, 0);
if (auth_challenge && (auth_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) {
RWDEBUG("&parent.control.MS-CHAP-Challenge is incorrect length. Ignoring it");
auth_challenge = NULL;
}
- peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge, 0);
+ peer_challenge = fr_pair_find_by_da_idx(&parent->control_pairs, attr_ms_chap_peer_challenge, 0);
if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) {
RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it");
peer_challenge = NULL;
if (auth_challenge) {
created_auth_challenge = false;
- peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge, 0);
+ peer_challenge = fr_pair_find_by_da_idx(&parent->control_pairs, attr_ms_chap_peer_challenge, 0);
if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) {
RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it");
peer_challenge = NULL;
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
if (vp) {
client_cert = vp->vp_uint32 ? true : false;
} else {
* The admin can dynamically change the MTU.
*/
session->mtu = inst->fragment_size;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_framed_mtu, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_framed_mtu, 0);
/*
* session->mtu is *our* MTU. We need to subtract off the EAP
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
if (vp) {
client_cert = vp->vp_uint32 ? true : false;
} else {
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_eap_tls_require_client_cert, 0);
if (vp) {
client_cert = vp->vp_uint32 ? true : false;
} else {
/*
* No User-Name, try to create one from stored data.
*/
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (!username) {
/*
* No User-Name in the stored data, look for
* an EAP-Identity, and pull it out of there.
*/
if (!t->username) {
- vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_message, 0);
if (vp &&
(vp->vp_length >= EAP_HEADER_LEN + 2) &&
(vp->vp_strvalue[0] == FR_EAP_CODE_RESPONSE) &&
RETURN_MODULE_FAIL;
}
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!username) {
REDEBUG("Attribute \"User-Name\" is required for authentication");
/*
* The 'host' entry might not have a client identifier option.
*/
- vp = fr_pair_find_by_da(&info->options, attr_client_identifier, 0);
+ vp = fr_pair_find_by_da_idx(&info->options, attr_client_identifier, 0);
if (vp) {
my_uid = talloc_zero(info, isc_host_uid_t);
my_uid->client = &vp->data;
* If that doesn't match, use client hardware
* address.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_client_identifier, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_client_identifier, 0);
if (vp) {
isc_host_uid_t *client, my_client;
}
- vp = fr_pair_find_by_da(&request->request_pairs, attr_client_hardware_address, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_client_hardware_address, 0);
if (!vp) return NULL;
memcpy(&my_ether.ether, vp->vp_ether, sizeof(my_ether.ether));
/*
* If there's already a fixed IP, don't do anything
*/
- yiaddr = fr_pair_find_by_da(&request->reply_pairs, attr_your_ip_address, 0);
+ yiaddr = fr_pair_find_by_da_idx(&request->reply_pairs, attr_your_ip_address, 0);
if (yiaddr) return 0;
host = get_host(request, inst->hosts_by_ether, inst->hosts_by_uid);
fr_pair_t *yiaddr;
ret = 0;
- yiaddr = fr_pair_find_by_da(&request->reply_pairs, attr_your_ip_address, 0);
+ yiaddr = fr_pair_find_by_da_idx(&request->reply_pairs, attr_your_ip_address, 0);
/*
* First, apply any "host" options
vp = fr_pair_list_next(&head->options, vp)) {
fr_pair_t *reply;
- reply = fr_pair_find_by_da(&request->reply_pairs, vp->da, 0);
+ reply = fr_pair_find_by_da_idx(&request->reply_pairs, vp->da, 0);
if (reply) continue;
/*
char *princ_name;
fr_pair_t *username;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
/*
* We can only authenticate user requests which HAVE
krb5_principal client = NULL;
fr_pair_t *password;
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!password) {
REDEBUG("Attribute \"User-Password\" is required for authentication");
krb5_creds init_creds;
fr_pair_t *password;
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!password) {
REDEBUG("Attribute \"User-Password\" is required for authentication");
fr_ldap_sasl_t sasl;
fr_pair_t *username, *password;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
/*
* We can only authenticate user requests which HAVE
/*
* We already have a Password.Cleartext. Skip edir.
*/
- if (fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password, 0)) goto skip_edir;
+ if (fr_pair_find_by_da_idx(&request->control_pairs, attr_cleartext_password, 0)) goto skip_edir;
/*
* Retrieve Universal Password if we use eDirectory
* If the caller isn't looking for the result we can just return the current userdn value.
*/
if (!force) {
- vp = fr_pair_find_by_da(&request->control_pairs, attr_ldap_userdn, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_ldap_userdn, 0);
if (vp) {
RDEBUG2("Using user DN from request \"%pV\"", &vp->data);
*rcode = RLM_MODULE_OK;
*/
if (!inst->expect_password || !RDEBUG_ENABLED2) return;
- if (!fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password, 0) &&
- !fr_pair_find_by_da(&request->control_pairs, attr_nt_password, 0) &&
- !fr_pair_find_by_da(&request->control_pairs, attr_user_password, 0) &&
- !fr_pair_find_by_da(&request->control_pairs, attr_password_with_header, 0) &&
- !fr_pair_find_by_da(&request->control_pairs, attr_crypt_password, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->control_pairs, attr_cleartext_password, 0) &&
+ !fr_pair_find_by_da_idx(&request->control_pairs, attr_nt_password, 0) &&
+ !fr_pair_find_by_da_idx(&request->control_pairs, attr_user_password, 0) &&
+ !fr_pair_find_by_da_idx(&request->control_pairs, attr_password_with_header, 0) &&
+ !fr_pair_find_by_da_idx(&request->control_pairs, attr_crypt_password, 0)) {
switch (ttrunk->directory->type) {
case FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY:
RWDEBUG2("!!! Found map between LDAP attribute and a FreeRADIUS password attribute");
fr_pair_t *ends, *vp;
fr_time_delta_t left;
- ends = fr_pair_find_by_da(&request->control_pairs, attr_login_time, 0);
+ ends = fr_pair_find_by_da_idx(&request->control_pairs, attr_login_time, 0);
if (!ends) RETURN_MODULE_NOOP;
/*
fr_box_strvalue_buffer(normalised_username));
/* Recalculate hash */
- vp_challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0);
+ vp_challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_challenge, 0);
if (!vp_challenge) {
RERROR("Unable to get MS-CHAP-Challenge");
goto release;
}
- vp_response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0);
+ vp_response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_response, 0);
if (!vp_response) {
RERROR("Unable to get MS-CHAP2-Response");
goto release;
unsigned int t;
#endif
- response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0);
+ response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_response, 0);
username_string = talloc_array(request, char, usernamepair->vp_length + 1);
if (!username_string) RETURN_MODULE_FAIL;
{
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (vp) return vp;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_identity, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_eap_identity, 0);
if (vp) return vp;
REDEBUG("No user identity found in current request");
* hash of MS-CHAPv2 challenge, and peer challenge.
*/
if (strncasecmp(arg->vb_strvalue, "Challenge", 9) == 0) {
- chap_challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0);
+ chap_challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_challenge, 0);
if (!chap_challenge) {
REDEBUG("No MS-CHAP-Challenge in the request");
return XLAT_ACTION_FAIL;
char const *username_str;
size_t username_len;
- response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0);
+ response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_response, 0);
if (!response) {
REDEBUG("Vendor-Specific.Microsoft.CHAP2-Response is required to calculate MS-CHAPv1 challenge");
return XLAT_ACTION_FAIL;
* We prefer this to the User-Name in the
* packet.
*/
- response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name, 0);
+ response_name = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_user_name, 0);
name_vp = response_name ? response_name : user_name;
/*
* response.
*/
} else if (strncasecmp(arg->vb_strvalue, "NT-Response", 11) == 0) {
- response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0);
- if (!response) response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0);
+ response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_response, 0);
+ if (!response) response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_response, 0);
if (!response) {
REDEBUG("No MS-CHAP-Response or MS-CHAP2-Response was found in the request");
return XLAT_ACTION_FAIL;
* in MS-CHAPv1, and not often there.
*/
} else if (strncasecmp(arg->vb_strvalue, "LM-Response", 11) == 0) {
- response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0);
+ response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_response, 0);
if (!response) {
REDEBUG("No MS-CHAP-Response was found in the request");
return XLAT_ACTION_FAIL;
rlm_mschap_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_mschap_t);
fr_pair_t *challenge = NULL;
- challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0);
+ challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_challenge, 0);
if (!challenge) RETURN_MODULE_NOOP;
- if (!fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0) &&
- !fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0) &&
- !fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_cpw, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_response, 0) &&
+ !fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_response, 0) &&
+ !fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_cpw, 0)) {
RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP response or Change-Password");
RETURN_MODULE_NOOP;
}
* We prefer this to the User-Name in the
* packet.
*/
- response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name, 0);
+ response_name = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_user_name, 0);
name_vp = response_name ? response_name : user_name;
/*
#endif
peer_challenge = response->vp_octets + 2;
- peer_challenge_attr = fr_pair_find_by_da(&request->control_pairs, attr_ms_chap_peer_challenge, 0);
+ peer_challenge_attr = fr_pair_find_by_da_idx(&request->control_pairs, attr_ms_chap_peer_challenge, 0);
if (peer_challenge_attr) {
RDEBUG2("Overriding peer challenge");
peer_challenge = peer_challenge_attr->vp_octets;
#ifdef WITH_AUTH_WINBIND
if (inst->wb_retry_with_normalised_username) {
- response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name, 0);
+ response_name = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_user_name, 0);
if (response_name) {
if (strcmp(username_str, response_name->vp_strvalue)) {
RDEBUG2("Normalising username %pV -> %pV",
* want to suppress it.
*/
if (method != AUTH_INTERNAL) {
- fr_pair_t *vp = fr_pair_find_by_da(&request->control_pairs, attr_ms_chap_use_ntlm_auth, 0);
+ fr_pair_t *vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_ms_chap_use_ntlm_auth, 0);
if (vp && vp->vp_bool == false) method = AUTH_INTERNAL;
}
* Find the SMB-Account-Ctrl attribute, or the
* SMB-Account-Ctrl-Text attribute.
*/
- smb_ctrl = fr_pair_find_by_da(&request->control_pairs, attr_smb_account_ctrl, 0);
+ smb_ctrl = fr_pair_find_by_da_idx(&request->control_pairs, attr_smb_account_ctrl, 0);
if (!smb_ctrl) {
fr_pair_t *smb_account_ctrl_text;
- smb_account_ctrl_text = fr_pair_find_by_da(&request->control_pairs, attr_smb_account_ctrl_text, 0);
+ smb_account_ctrl_text = fr_pair_find_by_da_idx(&request->control_pairs, attr_smb_account_ctrl_text, 0);
if (smb_account_ctrl_text) {
MEM(pair_append_control(&smb_ctrl, attr_smb_account_ctrl) >= 0);
smb_ctrl->vp_uint32 = pdb_decode_acct_ctrl(smb_account_ctrl_text->vp_strvalue);
* Check to see if this is a change password request, and process
* it accordingly if so.
*/
- cpw = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_cpw, 0);
+ cpw = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_cpw, 0);
if (cpw) {
uint8_t *p;
memcpy(p + 2, cpw->vp_octets + 18, 48);
}
- challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0);
+ challenge = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_challenge, 0);
if (!challenge) {
REDEBUG("&control.Auth-Type = %s set for a request that does not contain &%s",
inst->name, attr_ms_chap_challenge->name);
/*
* We also require an MS-CHAP-Response.
*/
- if ((response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0))) {
+ if ((response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap_response, 0))) {
mschap_process_response(&rcode,
&mschap_version, nthashhash,
inst, request,
challenge, response,
method);
if (rcode != RLM_MODULE_OK) goto finish;
- } else if ((response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0))) {
+ } else if ((response = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_chap2_response, 0))) {
mschap_process_v2_response(&rcode,
&mschap_version, nthashhash,
inst, request,
/*
* Allow us to cache the OCSP verified state externally
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_ocsp_cert_valid, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_tls_ocsp_cert_valid, 0);
if (vp) switch (vp->vp_uint32) {
case 0: /* no */
RDEBUG2("Found &control.TLS-OCSP-Cert-Valid = no, forcing OCSP failure");
* we need to run the full OCSP check.
*/
if (staple_response) {
- vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_ocsp_response, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_tls_ocsp_response, 0);
if (!vp) {
RDEBUG2("No &control.TLS-OCSP-Response attribute found, performing full OCSP check");
break;
long odResult = eDSAuthFailed;
fr_pair_t *username, *password;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
/*
* We can only authenticate user requests which HAVE
* We can only authenticate user requests which HAVE
* a User-Name attribute.
*/
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (!username) {
RDEBUG2("OpenDirectory requires a User-Name attribute");
RETURN_MODULE_NOOP;
char const *pam_auth_string = data->pam_auth_name;
fr_pair_t *username, *password;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
/*
* We can only authenticate user requests which HAVE
* Let control list over-ride the PAM auth name string,
* for backwards compatibility.
*/
- pair = fr_pair_find_by_da(&request->control_pairs, attr_pam_auth, 0);
+ pair = fr_pair_find_by_da_idx(&request->control_pairs, attr_pam_auth, 0);
if (pair) pam_auth_string = pair->vp_strvalue;
ret = do_pam(request, username->vp_strvalue, password->vp_strvalue, pam_auth_string);
rlm_pap_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_pap_t);
fr_pair_t *password;
- if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0) != NULL) {
+ if (fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0) != NULL) {
RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", inst->name);
RETURN_MODULE_NOOP;
}
- password = fr_pair_find_by_da(&request->request_pairs, attr_user, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user, 0);
if (!password) {
RDEBUG2("No %s attribute in the request. Cannot do PAP", attr_user->name);
RETURN_MODULE_NOOP;
pap_auth_func_t auth_func;
bool ephemeral;
- password = fr_pair_find_by_da(&request->request_pairs, attr_user, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user, 0);
if (!password) {
REDEBUG("You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!");
RETURN_MODULE_INVALID;
fr_dcursor_t cursor;
int found = 0;
- key = fr_pair_find_by_da(&request->request_pairs, inst->keyattr, 0);
+ key = fr_pair_find_by_da_idx(&request->request_pairs, inst->keyattr, 0);
if (!key) RETURN_MODULE_NOTFOUND;
for (i = fr_pair_dcursor_by_da_init(&cursor, &request->request_pairs, inst->keyattr);
int acct_status_type = 0;
char const *func;
- pair = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0);
+ pair = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0);
if (pair != NULL) {
acct_status_type = pair->vp_uint32;
} else {
if (request->packet->code != FR_RADIUS_CODE_ACCESS_REQUEST) return;
- if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0) &&
- !fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0)) {
+ if (fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_password, 0) &&
+ !fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_challenge, 0)) {
MEM(pair_append_request(&vp, attr_chap_challenge) >= 0);
fr_pair_value_memdup(vp, request->packet->vector, sizeof(request->packet->vector), true);
}
* Ensure that there's a NAS-Identifier, if one wasn't
* already added.
*/
- if (!fr_pair_find_by_da(&request->request_pairs, attr_nas_identifier, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_nas_identifier, 0)) {
fr_pair_t *vp;
MEM(pair_append_request(&vp, attr_nas_identifier) >= 0);
* at which the first packet is sent. Or for
* Status-Server, the time of the current packet.
*/
- if (!fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_event_timestamp, 0)) {
MEM(pair_append_request(NULL, attr_event_timestamp) >= 0);
}
fr_pair_t *vp;
proxy_state = 0;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_event_timestamp, 0);
if (vp) vp->vp_date = fr_time_to_unix_time(u->retry.updated);
if (u->code == FR_RADIUS_CODE_STATUS_SERVER) u->can_retransmit = false;
* received the request.
*/
if ((u->code == FR_RADIUS_CODE_ACCOUNTING_REQUEST) &&
- (fr_pair_find_by_da(&request->request_pairs, attr_acct_delay_time, 0) != NULL)) {
+ (fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_delay_time, 0) != NULL)) {
uint8_t *attr, *end;
uint32_t delay;
fr_time_t now;
if ((u->code == FR_RADIUS_CODE_ACCESS_REQUEST) && (code == FR_RADIUS_CODE_ACCESS_CHALLENGE)) {
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_packet_type, 0);
if (!vp) {
MEM(vp = fr_pair_afrom_da(request->reply_ctx, attr_packet_type));
vp->vp_uint32 = FR_RADIUS_CODE_ACCESS_CHALLENGE;
* reply.Message-Authenticator attribute, so that
* it ends up in our reply.
*/
- if (fr_pair_find_by_da(&reply, attr_message_authenticator, 0)) {
+ if (fr_pair_find_by_da_idx(&reply, attr_message_authenticator, 0)) {
fr_pair_t *vp;
fr_pair_delete_by_da(&reply, attr_message_authenticator);
*
* @todo - don't edit the input packet!
*/
- if (fr_pair_find_by_da(&request->request_pairs, attr_message_authenticator, 0)) {
+ if (fr_pair_find_by_da_idx(&request->request_pairs, attr_message_authenticator, 0)) {
u->require_ma = true;
pair_delete_request(attr_message_authenticator);
}
/*
* Which type is this.
*/
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) == NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0)) == NULL) {
RDEBUG2("No Accounting-Status-Type record");
RETURN_MODULE_NOOP;
}
int check1 = 0;
int check2 = 0;
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_session_time, 0))
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_session_time, 0))
== NULL || vp->vp_uint32 == 0)
check1 = 1;
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_session_id, 0))
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_session_id, 0))
!= NULL && vp->vp_length == 8 &&
memcmp(vp->vp_strvalue, "00000000", 8) == 0)
check2 = 1;
/*
* IP-Pool.Action override
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_pool_action, 0);
if (vp) return mod_action(p_result, inst, request, vp->vp_uint32);
/*
* Otherwise, guess the action by Acct-Status-Type
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0);
if (!vp) {
RDEBUG2("Couldn't find &request.Acct-Status-Type or &control.IP-Pool.Action, doing nothing...");
RETURN_MODULE_NOOP;
* Unless it's overridden the default action is to allocate
* when called in Post-Auth.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_pool_action, 0);
return mod_action(p_result, inst, request, vp ? vp->vp_uint32 : POOL_ACTION_ALLOCATE);
}
* Unless it's overridden the default action is to allocate
* when called in Post-Auth.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_pool_action, 0);
if (vp) {
if ((vp->vp_uint32 > 0) && (vp->vp_uint32 <= POOL_ACTION_BULK_RELEASE)) {
action = vp->vp_uint32;
}
} else if (request->dict == dict_dhcpv4) {
- vp = fr_pair_find_by_da(&request->control_pairs, attr_message_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_message_type, 0);
if (!vp) goto run;
if (vp->vp_uint8 == FR_DHCP_REQUEST) action = POOL_ACTION_UPDATE;
* when called by DHCP request
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_pool_action, 0);
return mod_action(p_result, inst, request, vp ? vp->vp_uint32 : POOL_ACTION_UPDATE);
}
* when called by DHCP release
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_pool_action, 0);
return mod_action(p_result, inst, request, vp ? vp->vp_uint32 : POOL_ACTION_RELEASE);
}
CONF_SECTION *cs;
char const *insert, *trim, *expire;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0);
if (!vp) {
RDEBUG2("Could not find account status type in packet");
RETURN_MODULE_NOOP;
if (!section->name) RETURN_MODULE_NOOP;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
/*
* We can only authenticate user requests which HAVE
/*
* We key the sessions off of the 'state' attribute
*/
- state = fr_pair_find_by_da(&request->request_pairs, attr_state, 0);
+ state = fr_pair_find_by_da_idx(&request->request_pairs, attr_state, 0);
if (!state) {
return NULL;
}
fr_pair_t *username, *password;
fr_pair_t *vp;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
/*
* We can only authenticate user requests which HAVE
fr_pair_t const *smtp_body, *username, *password;
- if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0) != NULL) {
+ if (fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0) != NULL) {
RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", inst->name);
RETURN_MODULE_NOOP;
}
/* Elements provided by the request */
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
- smtp_body = fr_pair_find_by_da(&request->request_pairs, attr_smtp_body, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
+ smtp_body = fr_pair_find_by_da_idx(&request->request_pairs, attr_smtp_body, 0);
/* Make sure all of the essential email components are present and possible*/
if(!smtp_body) {
RETURN_MODULE_FAIL;
}
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
/* Make sure we have a user-name and user-password, and that they are possible */
if (!username) {
/*
* There will be no point unless SoH-Supported = yes
*/
- vp[0] = fr_pair_find_by_da(&request->request_pairs, attr_soh_supported, 0);
+ vp[0] = fr_pair_find_by_da_idx(&request->request_pairs, attr_soh_supported, 0);
if (!vp[0])
return XLAT_ACTION_FAIL;
if (strncasecmp(in_head->vb_strvalue, "OS", 2) == 0) {
/* OS vendor */
- vp[0] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_vendor, 0);
- vp[1] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_version, 0);
- vp[2] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_release, 0);
- vp[3] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_build, 0);
- vp[4] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_sp_version, 0);
- vp[5] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_sp_release, 0);
+ vp[0] = fr_pair_find_by_da_idx(&request->request_pairs, attr_soh_ms_machine_os_vendor, 0);
+ vp[1] = fr_pair_find_by_da_idx(&request->request_pairs, attr_soh_ms_machine_os_version, 0);
+ vp[2] = fr_pair_find_by_da_idx(&request->request_pairs, attr_soh_ms_machine_os_release, 0);
+ vp[3] = fr_pair_find_by_da_idx(&request->request_pairs, attr_soh_ms_machine_os_build, 0);
+ vp[4] = fr_pair_find_by_da_idx(&request->request_pairs, attr_soh_ms_machine_sp_version, 0);
+ vp[5] = fr_pair_find_by_da_idx(&request->request_pairs, attr_soh_ms_machine_sp_release, 0);
if (vp[0] && vp[0]->vp_uint32 == attr_ms_vendor->attr) {
MEM(vb=fr_value_box_alloc_null(ctx));
if (!inst->dhcp) RETURN_MODULE_NOOP;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_dhcp_vendor, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_dhcp_vendor, 0);
if (vp) {
/*
* vendor-specific options contain
int rv;
/* try to find the MS-SoH payload */
- vp = fr_pair_find_by_da(&request->request_pairs, attr_ms_quarantine_soh, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_ms_quarantine_soh, 0);
if (!vp) {
RDEBUG2("SoH radius VP not found");
RETURN_MODULE_NOOP;
static sql_fall_through_t fall_through(fr_pair_list_t *vps)
{
fr_pair_t *tmp;
- tmp = fr_pair_find_by_da(vps, attr_fall_through, 0);
+ tmp = fr_pair_find_by_da_idx(vps, attr_fall_through, 0);
return tmp ? tmp->vp_uint32 : FALL_THROUGH_DEFAULT;
}
* Check for a default_profile or for a User-Profile.
*/
RDEBUG3("... falling-through to profile processing");
- user_profile = fr_pair_find_by_da(&request->control_pairs, attr_user_profile, 0);
+ user_profile = fr_pair_find_by_da_idx(&request->control_pairs, attr_user_profile, 0);
profile = user_profile ?
user_profile->vp_strvalue :
/*
* If there is a Framed-IP-Address attribute in the reply do nothing
*/
- if (fr_pair_find_by_da(&request->reply_pairs, inst->allocated_address_da, 0) != NULL) {
+ if (fr_pair_find_by_da_idx(&request->reply_pairs, inst->allocated_address_da, 0) != NULL) {
RDEBUG2("%s already exists", inst->allocated_address_da->name);
return do_logging(p_result, inst, request, inst->log_exists, RLM_MODULE_NOOP);
}
- if (fr_pair_find_by_da(&request->control_pairs, attr_pool_name, 0) == NULL) {
+ if (fr_pair_find_by_da_idx(&request->control_pairs, attr_pool_name, 0) == NULL) {
RDEBUG2("No %s defined", attr_pool_name->name);
return do_logging(p_result, inst, request, inst->log_nopool, RLM_MODULE_NOOP);
int acct_status_type;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0);
if (!vp) {
RDEBUG2("Could not find account status type in packet");
RETURN_MODULE_NOOP;
RETURN_MODULE_NOOP;
}
- vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_freeradius_stats4_type, 0);
if (!vp) {
stats_type = FR_STATS4_TYPE_VALUE_GLOBAL;
} else {
break;
case FR_STATS4_TYPE_VALUE_CLIENT: /* src */
- vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv4_address, 0);
- if (!vp) vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv6_address, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_freeradius_stats4_ipv4_address, 0);
+ if (!vp) vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_freeradius_stats4_ipv6_address, 0);
if (!vp) RETURN_MODULE_NOOP;
mydata.ipaddr = vp->vp_ip;
break;
case FR_STATS4_TYPE_VALUE_LISTENER: /* dst */
- vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv4_address, 0);
- if (!vp) vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv6_address, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_freeradius_stats4_ipv4_address, 0);
+ if (!vp) vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_freeradius_stats4_ipv6_address, 0);
if (!vp) RETURN_MODULE_NOOP;
mydata.ipaddr = vp->vp_ip;
uint8_t buffer[80]; /* multiple of 5*8 characters */
- password = fr_pair_find_by_da(&request->request_pairs, attr_totp_user_password, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_totp_user_password, 0);
if (!password) RETURN_MODULE_NOOP;
if (password->vp_length != 6) {
/*
* Look for the raw key first.
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_totp_key, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_totp_key, 0);
if (vp) {
key = vp->vp_octets;
keylen = vp->vp_length;
} else {
ssize_t len;
- vp = fr_pair_find_by_da(&request->control_pairs, attr_totp_secret, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_totp_secret, 0);
if (!vp) RETURN_MODULE_NOOP;
len = base32_decode(buffer, sizeof(buffer), vp->vp_strvalue);
/*
* No user name, can't compare.
*/
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (!username) return -1;
if (fr_perm_getpwnam(request, &pwd, username->vp_strvalue) < 0) {
* We can only authenticate user requests which HAVE
* a User-Name attribute.
*/
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (!username) RETURN_MODULE_NOOP;
name = username->vp_strvalue;
/*
* Which type is this.
*/
- if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) == NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0)) == NULL) {
RDEBUG2("no Accounting-Status-Type attribute in request");
RETURN_MODULE_NOOP;
}
* We're only interested in accounting messages
* with a username in it.
*/
- if (fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0) == NULL)
+ if (fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0) == NULL)
RETURN_MODULE_NOOP;
t = fr_time_to_sec(request->packet->timestamp);
/*
* Fix Calling-Station-Id. Damn you, WiMAX!
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_calling_station_id, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_calling_station_id, 0);
if (vp && (vp->vp_length == 6)) {
int i;
char *p;
uint8_t mip_rk_1[EVP_MAX_MD_SIZE], mip_rk_2[EVP_MAX_MD_SIZE];
uint8_t mip_rk[2 * EVP_MAX_MD_SIZE];
- msk = fr_pair_find_by_da(&request->reply_pairs, attr_eap_msk, 0);
- emsk = fr_pair_find_by_da(&request->reply_pairs, attr_eap_emsk, 0);
+ msk = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_msk, 0);
+ emsk = fr_pair_find_by_da_idx(&request->reply_pairs, attr_eap_emsk, 0);
if (!msk || !emsk) {
REDEBUG2("No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys");
RETURN_MODULE_NOOP;
/*
* Calculate mobility keys
*/
- mn_nai = fr_pair_find_by_da(&request->request_pairs, attr_wimax_mn_nai, 0);
- if (!mn_nai) mn_nai = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_mn_nai, 0);
+ mn_nai = fr_pair_find_by_da_idx(&request->request_pairs, attr_wimax_mn_nai, 0);
+ if (!mn_nai) mn_nai = fr_pair_find_by_da_idx(&request->reply_pairs, attr_wimax_mn_nai, 0);
if (!mn_nai) {
RWDEBUG("%s was not found in the request or in the reply", attr_wimax_mn_nai->name);
RWDEBUG("We cannot calculate MN-HA keys");
* WiMAX-IP-Technology
*/
vp = NULL;
- if (mn_nai) vp = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_ip_technology, 0);
+ if (mn_nai) vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_wimax_ip_technology, 0);
if (!vp) {
RWDEBUG("%s not found in reply", attr_wimax_ip_technology->name);
RWDEBUG("Not calculating MN-HA keys");
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip4, 0);
+ ip = fr_pair_find_by_da_idx(&request->reply_pairs, attr_wimax_hha_ip_mip4, 0);
if (!ip) {
RWDEBUG("%s not found. Cannot calculate MN-HA-PMIP4 key", attr_wimax_hha_ip_mip4->name);
break;
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip4, 0);
+ ip = fr_pair_find_by_da_idx(&request->reply_pairs, attr_wimax_hha_ip_mip4, 0);
if (!ip) {
RWDEBUG("%s not found. Cannot calculate MN-HA-CMIP4 key", attr_wimax_hha_ip_mip4->name);
break;
/*
* Look for WiMAX-hHA-IP-MIP6
*/
- ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip6, 0);
+ ip = fr_pair_find_by_da_idx(&request->reply_pairs, attr_wimax_hha_ip_mip6, 0);
if (!ip) {
RWDEBUG("%s not found. Cannot calculate MN-HA-CMIP6 key", attr_wimax_hha_ip_mip6->name);
break;
*
* FA-RK= H(MIP-RK, "FA-RK")
*/
- fa_rk = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_fa_rk_key, 0);
+ fa_rk = fr_pair_find_by_da_idx(&request->reply_pairs, attr_wimax_fa_rk_key, 0);
if (fa_rk && (fa_rk->vp_length <= 1)) {
EVP_MD_CTX_reset(hmac_ctx);
EVP_DigestSignInit(hmac_ctx, NULL, EVP_sha1(), NULL, hmac_pkey);
*
* WiMAX-RRQ-MN-HA-SPI
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_wimax_rrq_mn_ha_spi, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_wimax_rrq_mn_ha_spi, 0);
if (vp) {
REDEBUG2("Client requested MN-HA key: Should use SPI to look up key from storage");
if (!mn_nai) {
/*
* WiMAX-RRQ-HA-IP
*/
- if (!fr_pair_find_by_da(&request->request_pairs, attr_wimax_rrq_ha_ip, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->request_pairs, attr_wimax_rrq_ha_ip, 0)) {
RWDEBUG("HA-IP was not found!");
}
/*
* WiMAX-HA-RK-Key-Requested
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_wimax_ha_rk_key_requested, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_wimax_ha_rk_key_requested, 0);
if (vp && (vp->vp_uint32 == 1)) {
REDEBUG2("Client requested HA-RK: Should use IP to look it up from storage");
}
ssize_t slen;
size_t backslash = 0;
- vp_username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ vp_username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
if (!vp_username) return -1;
RINDENT();
rlm_winbind_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_winbind_t);
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!vp) {
REDEBUG2("No User-Password found in the request; not doing winbind authentication.");
RETURN_MODULE_NOOP;
rlm_winbind_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_winbind_t);
fr_pair_t *username, *password;
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
/*
* We can only authenticate user requests which HAVE
fr_pair_t *key, *vp;
- key = fr_pair_find_by_da(&request->control_pairs, attr_yubikey_key, 0);
+ key = fr_pair_find_by_da_idx(&request->control_pairs, attr_yubikey_key, 0);
if (!key) {
REDEBUG("Yubikey-Key attribute not found in control list, can't decrypt OTP data");
RETURN_MODULE_INVALID;
/*
* Now we check for replay attacks
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_yubikey_counter, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_yubikey_counter, 0);
if (!vp) {
RWDEBUG("Yubikey-Counter not found in control list, skipping replay attack checks");
RETURN_MODULE_OK;
/*
* Can't do yubikey auth if there's no password.
*/
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!password) {
/*
* Don't print out debugging messages if we know
size_t len;
int ret;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_yubikey_otp, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_yubikey_otp, 0);
if (!vp) {
RDEBUG2("No Yubikey-OTP attribute found, falling back to User-Password");
/*
* Can't do yubikey auth if there's no password.
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!vp) {
REDEBUG("No User-Password in the request. Can't do Yubikey authentication");
RETURN_MODULE_INVALID;
if (!*dhcp_header_attrs[i]) continue;
- vp = fr_pair_find_by_da(list, *dhcp_header_attrs[i], 0);
+ vp = fr_pair_find_by_da_idx(list, *dhcp_header_attrs[i], 0);
if (!vp) continue;
RDEBUGX(L_DBG_LVL_1, "%pP", vp);
}
{
fr_pair_t *vp;
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_yiaddr, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_yiaddr, 0);
if (!vp) {
REDEBUG("%s packet does not have YIADDR. The client will not receive an IP address.",
dhcp_message_types[request->reply->code]);
fr_pair_t *transaction_id, *client_id, *server_id;
process_dhcpv6_client_fields_t *rctx;
- transaction_id = fr_pair_find_by_da(&request->request_pairs, attr_transaction_id, 0);
+ transaction_id = fr_pair_find_by_da_idx(&request->request_pairs, attr_transaction_id, 0);
if (!transaction_id) {
REDEBUG("Missing Transaction-ID");
return NULL;
PAIR_VERIFY(*to_restore);
- vp = fr_pair_find_by_da(&request->reply_pairs, (*to_restore)->da, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, (*to_restore)->da, 0);
if (vp) {
if (fr_pair_cmp(vp, *to_restore) != 0) {
RWDEBUG("&reply.%pP does not match &request.%pP", vp, *to_restore);
fr_pair_t *hop_count, *link_address, *peer_address, *interface_id;
process_dhcpv6_relay_fields_t *rctx;
- hop_count = fr_pair_find_by_da(&request->request_pairs, attr_hop_count, 0);
+ hop_count = fr_pair_find_by_da_idx(&request->request_pairs, attr_hop_count, 0);
if (!hop_count) {
REDEBUG("Missing Hop-Count");
return NULL;
}
- link_address = fr_pair_find_by_da(&request->request_pairs, attr_relay_link_address, 0);
+ link_address = fr_pair_find_by_da_idx(&request->request_pairs, attr_relay_link_address, 0);
if (!link_address) {
REDEBUG("Missing Link-Address");
return NULL;
}
- peer_address = fr_pair_find_by_da(&request->request_pairs, attr_relay_peer_address, 0);
+ peer_address = fr_pair_find_by_da_idx(&request->request_pairs, attr_relay_peer_address, 0);
if (!peer_address) {
REDEBUG("Missing Peer-Address");
return NULL;
}
- interface_id = fr_pair_find_by_da(&request->request_pairs, attr_interface_id, 0);
+ interface_id = fr_pair_find_by_da_idx(&request->request_pairs, attr_interface_id, 0);
/*
* Remember the relay fields
char const *tls = "";
RADCLIENT *client = client_from_request(request);
- cli = fr_pair_find_by_da(&request->request_pairs, attr_calling_station_id, 0);
+ cli = fr_pair_find_by_da_idx(&request->request_pairs, attr_calling_station_id, 0);
- pair = fr_pair_find_by_da(&request->request_pairs, attr_nas_port, 0);
+ pair = fr_pair_find_by_da_idx(&request->request_pairs, attr_nas_port, 0);
if (pair != NULL) port = pair->vp_uint32;
if (request->packet->socket.inet.dst_port == 0) tls = " via proxy to virtual server";
* Get the correct username based on the configured value
*/
if (!inst->log_stripped_names) {
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
} else {
- username = fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name, 0);
- if (!username) username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_stripped_user_name, 0);
+ if (!username) username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
}
/*
* Clean up the password
*/
if (inst->log_auth_badpass || inst->log_auth_goodpass) {
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!password) {
fr_pair_t *auth_type;
- auth_type = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0);
+ auth_type = fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0);
if (auth_type) {
snprintf(password_buff, sizeof(password_buff), "<via Auth-Type = %s>",
fr_dict_enum_name_by_value(auth_type->da, &auth_type->data));
} else {
password_str = "<no User-Password attribute>";
}
- } else if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) {
+ } else if (fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_password, 0)) {
password_str = "<CHAP-Password>";
}
}
/*
* Run authenticate foo { ... }
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0);
if (!vp) goto send_reply;
dv = fr_dict_enum_by_value(vp->da, &vp->data);
/*
* Maybe the shared secret is wrong?
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (vp) {
if (RDEBUG_ENABLED2) {
uint8_t const *p;
* section.
*/
case FR_RADIUS_CODE_ACCESS_CHALLENGE:
- if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_state, 0)) != NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_state, 0)) != NULL) {
uint8_t buffer[16];
fr_rand_buffer(buffer, sizeof(buffer));
PROCESS_TRACE;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_module_success_message, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_module_success_message, 0);
if (vp) {
auth_message(&inst->auth, request, true, "Login OK (%pV)", &vp->data);
} else {
* (mostly) unique to that user.
*/
if (!request->parent &&
- ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0)) != NULL) &&
+ ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0)) != NULL) &&
(vp->vp_strvalue[0] == '@') &&
- !fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name, 0)) {
+ !fr_pair_find_by_da_idx(&request->request_pairs, attr_stripped_user_name, 0)) {
RWDEBUG("User-Name is anonymized, and no Stripped-User-Name exists.");
RWDEBUG("It may be difficult or impossible to identify the user.");
RWDEBUG("Please update Stripped-User-Name with information which identifies the user.");
PROCESS_TRACE;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_module_failure_message, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_module_failure_message, 0);
if (vp) {
auth_message(&inst->auth, request, false, "Login incorrect (%pV)", &vp->data);
} else {
/*
* Run accounting foo { ... }
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_acct_status_type, 0);
if (!vp) goto send_reply;
dv = fr_dict_enum_by_value(vp->da, &vp->data);
/*
* https://tools.ietf.org/html/rfc7930#section-4
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_original_packet_code, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_original_packet_code, 0);
if (!vp) {
vp = fr_pair_afrom_da(request->reply_ctx, attr_original_packet_code);
if (vp) {
/*
* If there's no Error-Cause, then include a generic 404.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_error_cause, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_error_cause, 0);
if (!vp) {
vp = fr_pair_afrom_da(request->reply_ctx, attr_error_cause);
if (vp) {
/*
* Set the server reply message. Note that we do not tell the user *why* they failed authentication.
*/
- if (!fr_pair_find_by_da(&request->reply_pairs, attr_tacacs_server_message, 0)) {
+ if (!fr_pair_find_by_da_idx(&request->reply_pairs, attr_tacacs_server_message, 0)) {
MEM(pair_update_reply(&vp, attr_tacacs_server_message) >= 0);
fr_pair_value_strdup(vp, msg, false);
}
fr_dict_enum_value_t const *dv;
CONF_SECTION *subcs;
- vp = fr_pair_find_by_da(&request->request_pairs, *state->attr_process, 0);
- if (!vp) vp = fr_pair_find_by_da(&request->control_pairs, *state->attr_process, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, *state->attr_process, 0);
+ if (!vp) vp = fr_pair_find_by_da_idx(&request->control_pairs, *state->attr_process, 0);
if (!vp) {
RDEBUG2("No attribute found for &request.%s - proceeding to 'send'", (*state->attr_process)->name);
break;
* Save the state
*/
if (!request->parent &&
- (fr_pair_find_by_da(&request->request_pairs, attr_tacacs_state, 0) != NULL)) {
+ (fr_pair_find_by_da_idx(&request->request_pairs, attr_tacacs_state, 0) != NULL)) {
fr_tacacs_packet_hdr_t const *pkt = (fr_tacacs_packet_hdr_t const *) request->packet->data;
/*
char const *tls = "";
RADCLIENT *client = client_from_request(request);
- cli = fr_pair_find_by_da(&request->request_pairs, attr_calling_station_id, 0);
+ cli = fr_pair_find_by_da_idx(&request->request_pairs, attr_calling_station_id, 0);
- pair = fr_pair_find_by_da(&request->request_pairs, attr_nas_port, 0);
+ pair = fr_pair_find_by_da_idx(&request->request_pairs, attr_nas_port, 0);
if (pair != NULL) port = pair->vp_uint32;
if (request->packet->socket.inet.dst_port == 0) tls = " via proxy to virtual server";
* Get the correct username based on the configured value
*/
if (!inst->log_stripped_names) {
- username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
} else {
- username = fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name, 0);
- if (!username) username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0);
+ username = fr_pair_find_by_da_idx(&request->request_pairs, attr_stripped_user_name, 0);
+ if (!username) username = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0);
}
/*
* Clean up the password
*/
if (inst->log_auth_badpass || inst->log_auth_goodpass) {
- password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ password = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (!password) {
fr_pair_t *auth_type;
- auth_type = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0);
+ auth_type = fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0);
if (auth_type) {
snprintf(password_buff, sizeof(password_buff), "<via Auth-Type = %s>",
fr_dict_enum_name_by_value(auth_type->da, &auth_type->data));
} else {
password_str = "<no User-Password attribute>";
}
- } else if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) {
+ } else if (fr_pair_find_by_da_idx(&request->request_pairs, attr_chap_password, 0)) {
password_str = "<CHAP-Password>";
}
}
/*
* Run authenticate foo { ... }
*/
- vp = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0);
+ vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0);
if (!vp) goto send_reply;
dv = fr_dict_enum_by_value(vp->da, &vp->data);
/*
* Maybe the shared secret is wrong?
*/
- vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_password, 0);
if (vp) {
if (RDEBUG_ENABLED2) {
uint8_t const *p;
* section.
*/
case FR_RADIUS_CODE_ACCESS_CHALLENGE:
- if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_state, 0)) != NULL) {
+ if ((vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_state, 0)) != NULL) {
uint8_t buffer[16];
fr_rand_buffer(buffer, sizeof(buffer));
PROCESS_TRACE;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_module_success_message, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_module_success_message, 0);
if (vp) {
auth_message(&inst->auth, request, true, "Login OK (%pV)", &vp->data);
} else {
* (mostly) unique to that user.
*/
if (!request->parent &&
- ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0)) != NULL) &&
+ ((vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_user_name, 0)) != NULL) &&
(vp->vp_strvalue[0] == '@') &&
- !fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name, 0)) {
+ !fr_pair_find_by_da_idx(&request->request_pairs, attr_stripped_user_name, 0)) {
RWDEBUG("User-Name is anonymized, and no Stripped-User-Name exists.");
RWDEBUG("It may be difficult or impossible to identify the user.");
RWDEBUG("Please update Stripped-User-Name with information which identifies the user.");
PROCESS_TRACE;
- vp = fr_pair_find_by_da(&request->request_pairs, attr_module_failure_message, 0);
+ vp = fr_pair_find_by_da_idx(&request->request_pairs, attr_module_failure_message, 0);
if (vp) {
auth_message(&inst->auth, request, false, "Login incorrect (%pV)", &vp->data);
} else {
/*
* https://tools.ietf.org/html/rfc7930#section-4
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_original_packet_code, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_original_packet_code, 0);
if (!vp) {
vp = fr_pair_afrom_da(request->reply_ctx, attr_original_packet_code);
if (vp) {
/*
* If there's no Error-Cause, then include a generic 404.
*/
- vp = fr_pair_find_by_da(&request->reply_pairs, attr_error_cause, 0);
+ vp = fr_pair_find_by_da_idx(&request->reply_pairs, attr_error_cause, 0);
if (!vp) {
vp = fr_pair_afrom_da(request->reply_ctx, attr_error_cause);
if (vp) {
*/
/* Maximum-Msg-Size */
- vp = fr_pair_find_by_da(vps, attr_dhcp_dhcp_maximum_msg_size, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_dhcp_maximum_msg_size, 0);
if (vp && (vp->vp_uint32 > mms)) {
mms = vp->vp_uint32;
}
#endif
- vp = fr_pair_find_by_da(vps, attr_dhcp_opcode, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_opcode, 0);
if (vp) {
FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8);
} else {
}
/* Hardware-Type */
- vp = fr_pair_find_by_da(vps, attr_dhcp_hardware_type, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_hardware_type, 0);
if (vp) {
FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8);
}
/* Hardware-Address-len */
- vp = fr_pair_find_by_da(vps, attr_dhcp_hardware_address_length, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_hardware_address_length, 0);
if (vp) {
FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8);
}
/* Hop-Count */
- vp = fr_pair_find_by_da(vps, attr_dhcp_hop_count, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_hop_count, 0);
if (vp) {
FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8);
FR_DBUFF_IN_RETURN(&work_dbuff, xid);
/* Number-of-Seconds */
- vp = fr_pair_find_by_da(vps, attr_dhcp_number_of_seconds, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_number_of_seconds, 0);
if (vp) {
FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint16);
} else {
}
/* Flags */
- vp = fr_pair_find_by_da(vps, attr_dhcp_flags, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_flags, 0);
if (vp) {
FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint16);
} else {
}
/* Client-IP-Address */
- vp = fr_pair_find_by_da(vps, attr_dhcp_client_ip_address, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_client_ip_address, 0);
if (vp) {
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
} else {
}
/* Your-IP-address */
- vp = fr_pair_find_by_da(vps, attr_dhcp_your_ip_address, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_your_ip_address, 0);
if (vp) {
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
} else {
}
/* Server-IP-Address */
- vp = fr_pair_find_by_da(vps, attr_dhcp_server_ip_address, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_server_ip_address, 0);
if (vp) {
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
} else {
/*
* Gateway-IP-Address
*/
- vp = fr_pair_find_by_da(vps, attr_dhcp_gateway_ip_address, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_dhcp_gateway_ip_address, 0);
if (vp) {
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
}
/* Client-Hardware-Address */
- if ((vp = fr_pair_find_by_da(vps, attr_dhcp_client_hardware_address, 0))) {
+ if ((vp = fr_pair_find_by_da_idx(vps, attr_dhcp_client_hardware_address, 0))) {
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)vp->vp_ether, sizeof(vp->vp_ether));
FR_DBUFF_MEMSET_RETURN(&work_dbuff, 0, DHCP_CHADDR_LEN - sizeof(vp->vp_ether));
}
/* Server-Host-Name */
- if ((vp = fr_pair_find_by_da(vps, attr_dhcp_server_host_name, 0))) {
+ if ((vp = fr_pair_find_by_da_idx(vps, attr_dhcp_server_host_name, 0))) {
if (vp->vp_length > DHCP_SNAME_LEN) {
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vp->vp_strvalue, DHCP_SNAME_LEN);
} else {
*/
/* Boot-Filename */
- if ((vp = fr_pair_find_by_da(vps, attr_dhcp_boot_filename, 0))) {
+ if ((vp = fr_pair_find_by_da_idx(vps, attr_dhcp_boot_filename, 0))) {
if (vp->vp_length > DHCP_FILE_LEN) {
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vp->vp_strvalue, DHCP_FILE_LEN);
} else {
/* DHCP magic number */
FR_DBUFF_IN_RETURN(&work_dbuff, (uint32_t) DHCP_OPTION_MAGIC_NUMBER);
- if ((vp = fr_pair_find_by_da(vps, attr_dhcp_message_type, 0))) {
+ if ((vp = fr_pair_find_by_da_idx(vps, attr_dhcp_message_type, 0))) {
FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_MESSAGE_TYPE, 0x01, vp->vp_uint8);
} else {
FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_MESSAGE_TYPE, 0x01, (uint8_t)code);
}
if (code) {
- vp = fr_pair_find_by_da(&tmp, attr_dhcp_message_type, 0);
+ vp = fr_pair_find_by_da_idx(&tmp, attr_dhcp_message_type, 0);
if (vp) {
*code = vp->vp_uint8;
}
* If option Overload is present in the 'options' field, then fields 'file' and/or 'sname'
* are used to hold more options. They are partitioned and must be interpreted in sequence.
*/
- vp = fr_pair_find_by_da(&tmp, attr_dhcp_overload, 0);
+ vp = fr_pair_find_by_da_idx(&tmp, attr_dhcp_overload, 0);
if (vp) {
if ((vp->vp_uint8 & 1) == 1) {
/*
/*
* DHCP Opcode is request
*/
- vp = fr_pair_find_by_da(&tmp, attr_dhcp_opcode, 0);
+ vp = fr_pair_find_by_da_idx(&tmp, attr_dhcp_opcode, 0);
if (vp && vp->vp_uint8 == 1) {
/*
* Vendor is "MSFT 98"
*/
- vp = fr_pair_find_by_da(&tmp, attr_dhcp_vendor_class_identifier, 0);
+ vp = fr_pair_find_by_da_idx(&tmp, attr_dhcp_vendor_class_identifier, 0);
if (vp && (vp->vp_length == 7) && (memcmp(vp->vp_strvalue, "MSFT 98", 7) == 0)) {
- vp = fr_pair_find_by_da(&tmp, attr_dhcp_flags, 0);
+ vp = fr_pair_find_by_da_idx(&tmp, attr_dhcp_flags, 0);
/*
* Reply should be broadcast.
/*
* First look for Relay-Link-Selection
*/
- netaddr = fr_pair_find_by_da(&tmp, attr_dhcp_relay_link_selection, 0);
+ netaddr = fr_pair_find_by_da_idx(&tmp, attr_dhcp_relay_link_selection, 0);
if (!netaddr) {
/*
* Next try Subnet-Selection-Option
*/
- netaddr = fr_pair_find_by_da(&tmp, attr_dhcp_subnet_selection_option, 0);
+ netaddr = fr_pair_find_by_da_idx(&tmp, attr_dhcp_subnet_selection_option, 0);
}
if (netaddr) {
* Client can request a LARGER size, but not a smaller
* one. They also cannot request a size larger than MTU.
*/
- maxms = fr_pair_find_by_da(&tmp, attr_dhcp_dhcp_maximum_msg_size, 0);
- mtu = fr_pair_find_by_da(&tmp, attr_dhcp_interface_mtu_size, 0);
+ maxms = fr_pair_find_by_da_idx(&tmp, attr_dhcp_dhcp_maximum_msg_size, 0);
+ mtu = fr_pair_find_by_da_idx(&tmp, attr_dhcp_interface_mtu_size, 0);
if (mtu && (mtu->vp_uint16 < DEFAULT_PACKET_SIZE)) {
fr_strerror_const("Client says MTU is smaller than minimum permitted by the specification");
if (packet->code == 0) packet->code = FR_DHCP_NAK;
/* store xid */
- if ((vp = fr_pair_find_by_da(list, attr_dhcp_transaction_id, 0))) {
+ if ((vp = fr_pair_find_by_da_idx(list, attr_dhcp_transaction_id, 0))) {
packet->id = vp->vp_uint32;
} else {
packet->id = fr_rand();
/* set ethernet source address to our MAC address (Client-Hardware-Address). */
uint8_t dhmac[ETH_ADDR_LEN] = { 0 };
- if ((vp = fr_pair_find_by_da(list, attr_dhcp_client_hardware_address, 0))) {
+ if ((vp = fr_pair_find_by_da_idx(list, attr_dhcp_client_hardware_address, 0))) {
if (vp->vp_type == FR_TYPE_ETHERNET) memcpy(dhmac, vp->vp_ether, sizeof(vp->vp_ether));
}
* Check if it matches the source HW address used (Client-Hardware-Address = 267)
*/
if ((memcmp(ð_bcast, ð_hdr->dst_addr, ETH_ADDR_LEN) != 0) &&
- (vp = fr_pair_find_by_da(list, attr_dhcp_client_hardware_address, 0)) &&
+ (vp = fr_pair_find_by_da_idx(list, attr_dhcp_client_hardware_address, 0)) &&
((vp->vp_type == FR_TYPE_ETHERNET) && (memcmp(vp->vp_ether, ð_hdr->dst_addr, ETH_ADDR_LEN) != 0))) {
/* No match. */
root = fr_dict_root(dict_dhcpv6);
if (!msg_type) {
- vp = fr_pair_find_by_da(vps, attr_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_packet_type, 0);
if (vp) msg_type = vp->vp_uint32;
}
switch (msg_type) {
case FR_DHCPV6_RELAY_REPLY:
case FR_DHCPV6_RELAY_FORWARD:
- vp = fr_pair_find_by_da(vps, attr_hop_count, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_hop_count, 0);
if (likely(vp != NULL)) {
FR_VALUE_BOX_TO_NETWORK_RETURN(&frame_dbuff, &vp->data);
} else {
FR_DBUFF_MEMSET_RETURN(&frame_dbuff, 0, DHCPV6_HOP_COUNT_LEN);
}
- vp = fr_pair_find_by_da(vps, attr_relay_link_address, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_relay_link_address, 0);
if (likely(vp != NULL)) {
FR_VALUE_BOX_TO_NETWORK_RETURN(&frame_dbuff, &vp->data);
} else {
FR_DBUFF_MEMSET_RETURN(&frame_dbuff, 0, DHCPV6_LINK_ADDRESS_LEN);
}
- vp = fr_pair_find_by_da(vps, attr_relay_peer_address, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_relay_peer_address, 0);
if (likely(vp != NULL)) {
FR_VALUE_BOX_TO_NETWORK_RETURN(&frame_dbuff, &vp->data);
} else {
/*
* We can set an XID, or we can pick a random one.
*/
- vp = fr_pair_find_by_da(vps, attr_transaction_id, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_transaction_id, 0);
if (vp && (vp->vp_length >= DHCPV6_TRANSACTION_ID_LEN)) {
FR_DBUFF_IN_MEMCPY_RETURN(&frame_dbuff, vp->vp_octets, DHCPV6_TRANSACTION_ID_LEN);
} else {
* We don't have a "pair find in out"
*/
if (flag_concat(&parent->flags)) {
- vp = fr_pair_find_by_da(out, parent, 0);
+ vp = fr_pair_find_by_da_idx(out, parent, 0);
concat = (vp != NULL);
} else {
vp = NULL;
fr_pair_t *vp;
ssize_t slen;
- vp = fr_pair_find_by_da(vps, attr_packet_type, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_packet_type, 0);
if (vp) packet_type = vp->vp_uint32;
if ((packet_type == FR_RADIUS_CODE_ACCESS_REQUEST) || (packet_type == FR_RADIUS_CODE_STATUS_SERVER)) {
- vp = fr_pair_find_by_da(vps, attr_packet_authentication_vector, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_packet_authentication_vector, 0);
if (vp && (vp->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) {
memcpy(data + 4, vp->vp_octets, RADIUS_AUTH_VECTOR_LENGTH);
} else {
fr_pair_t *vp;
fr_dbuff_t work_dbuff = FR_DBUFF(dbuff);
- vp = fr_pair_find_by_da(vps, da, 0);
+ vp = fr_pair_find_by_da_idx(vps, da, 0);
if (!vp || !vp->vp_length || (vp->vp_length > max_len)) return 0;
if (da->type == FR_TYPE_STRING) {
* doesn't specify them, then they don't get encoded.
*/
#define ENCODE_FIELD_UINT8(_field, _da) do { \
- vp = fr_pair_find_by_da(vps, _da, 0); \
+ vp = fr_pair_find_by_da_idx(vps, _da, 0); \
_field = (vp) ? vp->vp_uint8 : 0; \
} while (0)
/*
* If the caller didn't set a session ID, use a random one.
*/
- if (!fr_pair_find_by_da(vps, attr_tacacs_session_id, 0)) {
+ if (!fr_pair_find_by_da_idx(vps, attr_tacacs_session_id, 0)) {
packet->hdr.session_id = fr_rand();
}
uint16_t opcode;
char const *buf;
- vp = fr_pair_find_by_da(vps, attr_tftp_opcode, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_opcode, 0);
if (!vp) {
fr_strerror_printf("Cannot send TFTP packet without %s", attr_tftp_opcode->name);
return -1;
*/
/* <Filename> */
- vp = fr_pair_find_by_da(vps, attr_tftp_filename, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_filename, 0);
if (!vp) {
fr_strerror_printf("Invalid TFTP packet without %s", attr_tftp_filename->name);
return -1;
fr_dbuff_in_bytes(&work_dbuff, '\0');
/* <mode> */
- vp = fr_pair_find_by_da(vps, attr_tftp_mode, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_mode, 0);
if (!vp) {
fr_strerror_printf("Invalid TFTP packet without %s", attr_tftp_mode->name);
return -1;
fr_dbuff_in_bytes(&work_dbuff, '\0');
/* <blksize> is optional */
- vp = fr_pair_find_by_da(vps, attr_tftp_block_size, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_block_size, 0);
if (vp) {
char tmp[5+1]; /* max: 65535 */
*/
/* <Block> */
- vp = fr_pair_find_by_da(vps, attr_tftp_block, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_block, 0);
if (!vp) {
fr_strerror_printf("Invalid TFTP packet without %s", attr_tftp_block->name);
return -1;
if (opcode != FR_OPCODE_VALUE_DATA) goto done;
/* <Data> */
- vp = fr_pair_find_by_da(vps, attr_tftp_data, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_data, 0);
if (!vp) {
fr_strerror_printf("Invalid TFTP packet without %s", attr_tftp_data->name);
return -1;
size_t error_msg_len;
/* <ErroCode> */
- vp = fr_pair_find_by_da(vps, attr_tftp_error_code, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_error_code, 0);
if (!vp) {
fr_strerror_printf("Invalid TFTP packet without %s", attr_tftp_error_code->name);
return -1;
fr_dbuff_in(&work_dbuff, error_code);
/* <ErrMsg> */
- vp = fr_pair_find_by_da(vps, attr_tftp_error_message, 0);
+ vp = fr_pair_find_by_da_idx(vps, attr_tftp_error_message, 0);
if (vp) {
error_msg = vp->vp_strvalue;
error_msg_len = vp->vp_length;
projects / thirdparty / freeradius-server.git / commitdiff
