printf "%s\n" "$as_me: Setting additional developer CFLAGS" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the compiler flag \"-Wdeclaration-after-statement\"" >&5
+printf %s "checking for the compiler flag \"-Wdeclaration-after-statement\"... " >&6; }
+if test ${ax_cv_cc_wdeclaration_after_statement_flag+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+
+ CFLAGS_SAVED=$CFLAGS
+ CFLAGS="$CFLAGS -Werror -Wdeclaration-after-statement"
+
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ ax_cv_cc_wdeclaration_after_statement_flag="yes"
+else $as_nop
+ ax_cv_cc_wdeclaration_after_statement_flag="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ CFLAGS="$CFLAGS_SAVED"
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_cc_wdeclaration_after_statement_flag" >&5
+printf "%s\n" "$ax_cv_cc_wdeclaration_after_statement_flag" >&6; }
+
+ if test "x$ax_cv_cc_wdeclaration_after_statement_flag" = "xyes"; then
+ devcflags="$devcflags \
+ -Wdeclaration-after-statement"
+ fi
+
+
+
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the compiler flag \"-Weverything\"" >&5
printf %s "checking for the compiler flag \"-Weverything\"... " >&6; }
if test ${ax_cv_cc_weverything_flag+y}
if test "x$developer" = "xyes"; then
AC_MSG_NOTICE([Setting additional developer CFLAGS])
+ dnl #
+ dnl # -Wdeclaration-after-statement is used where possible to insist
+ dnl # on the FreeRADIUS convention of putting declarations at the start
+ dnl # of the block they occur in.
+ dnl #
+ AX_CC_WDECLARATION_AFTER_STATEMENT_FLAG
+ if test "x$ax_cv_cc_wdeclaration_after_statement_flag" = "xyes"; then
+ devcflags="$devcflags \
+ -Wdeclaration-after-statement"
+ fi
+
+
dnl #
dnl # If we have -Weverything, it really means *everything* unlike -Wall
dnl # It's so verbose we need to turn off warnings which aren't useful.
])
])
+AC_DEFUN([AX_CC_WDECLARATION_AFTER_STATEMENT_FLAG],[
+ AC_CACHE_CHECK([for the compiler flag "-Wdeclaration-after-statement"], [ax_cv_cc_wdeclaration_after_statement_flag],[
+ CFLAGS_SAVED=$CFLAGS
+ CFLAGS="$CFLAGS -Werror -Wdeclaration-after-statement"
+
+ AC_LANG_PUSH(C)
+ AC_TRY_COMPILE(
+ [],
+ [return 0;],
+ [ax_cv_cc_wdeclaration_after_statement_flag="yes"],
+ [ax_cv_cc_wdeclaration_after_statement_flag="no"])
+ AC_LANG_POP
+
+ CFLAGS="$CFLAGS_SAVED"
+ ])
+])
AC_DEFUN([AX_CC_WEVERYTHING_FLAG],[
AC_CACHE_CHECK([for the compiler flag "-Weverything"], [ax_cv_cc_weverything_flag],[
rs_stats_tmpl_t *rs_stats_collectd_init_latency(TALLOC_CTX *ctx, rs_stats_tmpl_t **out, rs_t *conf,
char const *type, rs_latency_t *stats, fr_radius_packet_code_t code)
{
- rs_stats_tmpl_t **tmpl, *last;
+ rs_stats_tmpl_t **tmpl = out, *last;
char *p;
char buffer[LCC_NAME_LEN];
- tmpl = out;
-
rs_stats_value_tmpl_t rtx[(RS_RETRANSMIT_MAX + 1) + 1 + 1]; // RTX bins + 0 bin + lost + NULL
int i;
*/
int rs_stats_collectd_close(rs_t *conf)
{
- assert(conf->stats.collectd);
-
int ret = 0;
+ assert(conf->stats.collectd);
+
if (conf->stats.handle) {
ret = lcc_disconnect(conf->stats.handle);
conf->stats.handle = NULL;
/* display offer(s) received */
if (nb_offer > 0 ) {
- DEBUG("Received %d DHCP Offer(s):", nb_offer);
int i;
+
+ DEBUG("Received %d DHCP Offer(s):", nb_offer);
for (i = 0; i < nb_reply; i++) {
char server_addr_buf[INET6_ADDRSTRLEN];
char offered_addr_buf[INET6_ADDRSTRLEN];
{
pcap_if_t *all_devices = NULL;
pcap_if_t *dev_p;
+ int i;
if (pcap_findalldevs(&all_devices, errbuf) < 0) {
ERROR("Error getting available capture devices: %s", errbuf);
goto finish;
}
- int i = 1;
+ i = 1;
for (dev_p = all_devices;
dev_p;
dev_p = dev_p->next) {
LDAPControl *our_serverctrls[LDAP_MAX_CONTROLS];
LDAPControl *our_clientctrls[LDAP_MAX_CONTROLS];
+ char **search_attrs;
+
fr_ldap_control_merge(our_serverctrls, our_clientctrls,
NUM_ELEMENTS(our_serverctrls),
NUM_ELEMENTS(our_clientctrls),
* OpenLDAP library doesn't declare attrs array as const, but
* it really should be *sigh*.
*/
- char **search_attrs;
memcpy(&search_attrs, &attrs, sizeof(attrs));
if (filter) {
#define SET_LDAP_CTRLS(_dest, _src) \
do { \
+ int i; \
if (!_src) break; \
- int i; \
for (i = 0; i < LDAP_MAX_CONTROLS; i++) { \
if (!(_src[i])) break; \
_dest[i].control = _src[i]; \
if (!c->handle) return 0; /* Don't need to do anything else if we don't yet have a handle */
- LDAPControl *our_serverctrls[LDAP_MAX_CONTROLS];
- LDAPControl *our_clientctrls[LDAP_MAX_CONTROLS];
+ {
+ LDAPControl *our_serverctrls[LDAP_MAX_CONTROLS];
+ LDAPControl *our_clientctrls[LDAP_MAX_CONTROLS];
- fr_ldap_control_merge(our_serverctrls, our_clientctrls,
- NUM_ELEMENTS(our_serverctrls),
- NUM_ELEMENTS(our_clientctrls),
- c, NULL, NULL);
+ fr_ldap_control_merge(our_serverctrls, our_clientctrls,
+ NUM_ELEMENTS(our_serverctrls),
+ NUM_ELEMENTS(our_clientctrls),
+ c, NULL, NULL);
- DEBUG3("Closing connection %p libldap handle %p", c->handle, c);
- ldap_unbind_ext(c->handle, our_serverctrls, our_clientctrls); /* Same code as ldap_unbind_ext_s */
+ DEBUG3("Closing connection %p libldap handle %p", c->handle, c);
+ ldap_unbind_ext(c->handle, our_serverctrls, our_clientctrls); /* Same code as ldap_unbind_ext_s */
+ }
c->handle = NULL;
if ((*str == '[') || (*str == '(')) {
char end;
- quote = *(str++);
int count = 0;
+ quote = *(str++);
+
if (quote == '[') {
end = ']';
} else {
} else if (syntax_string && ((*str == '[') || (*str == '('))) {
char end;
- quote = *(str++);
int count = 0;
+ quote = *(str++);
+
if (quote == '[') {
end = ']';
} else {
#define WATCH_PRE(_conn) \
do { \
if (fr_dlist_empty(&(_conn)->watch_pre[(_conn)->pub.state])) break; \
- HANDLER_BEGIN(conn, &(_conn)->watch_pre[(_conn)->pub.state]); \
- connection_watch_call((_conn), &(_conn)->watch_pre[(_conn)->pub.state]); \
- HANDLER_END(conn); \
+ { \
+ HANDLER_BEGIN(conn, &(_conn)->watch_pre[(_conn)->pub.state]); \
+ connection_watch_call((_conn), &(_conn)->watch_pre[(_conn)->pub.state]); \
+ HANDLER_END(conn); \
+ } \
} while(0)
/** Call the post handler watch functions
#define WATCH_POST(_conn) \
do { \
if (fr_dlist_empty(&(_conn)->watch_post[(_conn)->pub.state])) break; \
- HANDLER_BEGIN(conn, &(_conn)->watch_post[(_conn)->pub.state]); \
- connection_watch_call((_conn), &(_conn)->watch_post[(_conn)->pub.state]); \
- HANDLER_END(conn); \
+ { \
+ HANDLER_BEGIN(conn, &(_conn)->watch_post[(_conn)->pub.state]); \
+ connection_watch_call((_conn), &(_conn)->watch_post[(_conn)->pub.state]); \
+ HANDLER_END(conn); \
+ } \
} while(0)
/** Remove a watch function from a pre/post[state] list
switch (mutated->rhs->type) {
case TMPL_TYPE_XLAT:
{
- fr_assert(tmpl_xlat(mutated->rhs) != NULL);
fr_dcursor_t from;
fr_value_box_t *vb, *n_vb;
+ fr_assert(tmpl_xlat(mutated->rhs) != NULL);
+
assign_values:
fr_assert(tmpl_is_attr(mutated->lhs));
fr_assert(tmpl_da(mutated->lhs)); /* We need to know which attribute to create */
fr_pair_t *vp;
fr_dcursor_t from;
tmpl_dcursor_ctx_t cc;
+ int err;
TMPL_VERIFY(vpt);
- int err;
-
fr_assert(tmpl_is_attr(vpt) || tmpl_is_list(vpt));
for (vp = tmpl_dcursor_init(&err, NULL, &cc, &from, request, vpt);
fr_pair_t *vp;
fr_dcursor_t from;
tmpl_dcursor_ctx_t cc;
+ int err;
TMPL_VERIFY(vpt);
- int err;
-
fr_assert(tmpl_is_attr(vpt) || tmpl_is_list(vpt));
fr_pair_list_free(out);
EVP_MD_CTX *md_ctx;
uint8_t digest[SHA256_DIGEST_LENGTH];
- fr_assert(conf->cache.id_name);
-
static_assert(sizeof(digest) <= SSL_MAX_SSL_SESSION_ID_LENGTH,
"SSL_MAX_SSL_SESSION_ID_LENGTH must be >= SHA256_DIGEST_LENGTH");
+ fr_assert(conf->cache.id_name);
if (tmpl_aexpand(tls_session, &context_id, request, conf->cache.id_name, NULL, NULL) < 0) {
RPEDEBUG("Failed expanding session ID");
RDEBUG3("%s[%u] - Binding SSL * (%p) to request (%p)", file, line, ssl, request);
#ifndef NDEBUG
- request_t *old;
- old = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_REQUEST);
- if (old) {
- (void)talloc_get_type_abort(ssl, request_t);
- fr_assert(0);
+ {
+ request_t *old;
+ old = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_REQUEST);
+ if (old) {
+ (void)talloc_get_type_abort(ssl, request_t);
+ fr_assert(0);
+ }
}
#endif
ret = SSL_set_ex_data(ssl, FR_TLS_EX_INDEX_REQUEST, request);
xlat_action_t xa = XLAT_ACTION_DONE;
xlat_exp_t const *node;
fr_value_box_list_t result; /* tmp list so debug works correctly */
+ fr_value_box_t *value;
fr_value_box_list_init(&result);
- fr_value_box_t *value;
-
*child = NULL;
if (!*in) return XLAT_ACTION_DONE;
xlat_exp_t *node;
fr_sbuff_marker_t m_s;
+ tmpl_rules_t our_t_rules;
XLAT_DEBUG("ATTRIBUTE <-- %pV", fr_box_strvalue_len(fr_sbuff_current(in), fr_sbuff_remaining(in)));
* and instead are "virtual" attributes like
* Foreach-Variable-N.
*/
- tmpl_rules_t our_t_rules;
-
if (t_rules) {
memset(&our_t_rules, 0, sizeof(our_t_rules));
our_t_rules = *t_rules;
main(int argc, char** argv)
{
int i;
+ int index;
acutest_argv0_ = argv[0];
printf("1..%d\n", (int) acutest_count_);
}
- int index = acutest_worker_index_;
+ index = acutest_worker_index_;
for(i = 0; acutest_list_[i].func != NULL; i++) {
int run = (acutest_test_data_[i].flags & ACUTEST_FLAG_RUN_);
if (acutest_skip_mode_) /* Run all tests except those listed. */
dump_core = allow_core_dumps;
#ifdef HAVE_SYS_RESOURCE_H
- struct rlimit current;
+ {
+ struct rlimit current;
- /*
- * Reset the core limits (or disable them)
- */
- if (getrlimit(RLIMIT_CORE, ¤t) < 0) {
- fr_strerror_printf("Failed to get current core limit: %s", fr_syserror(errno));
- return -1;
- }
+ /*
+ * Reset the core limits (or disable them)
+ */
+ if (getrlimit(RLIMIT_CORE, ¤t) < 0) {
+ fr_strerror_printf("Failed to get current core limit: %s", fr_syserror(errno));
+ return -1;
+ }
- if (allow_core_dumps) {
- if ((current.rlim_cur != init_core_limit.rlim_cur) || (current.rlim_max != init_core_limit.rlim_max)) {
- if (setrlimit(RLIMIT_CORE, &init_core_limit) < 0) {
- fr_strerror_printf("Cannot update core dump limit: %s", fr_syserror(errno));
+ if (allow_core_dumps) {
+ if ((current.rlim_cur != init_core_limit.rlim_cur) ||
+ (current.rlim_max != init_core_limit.rlim_max)) {
+ if (setrlimit(RLIMIT_CORE, &init_core_limit) < 0) {
+ fr_strerror_printf("Cannot update core dump limit: %s", fr_syserror(errno));
- return -1;
+ return -1;
+ }
}
- }
- /*
- * We've been told to disable core dumping,
- * rlim_cur is not set to zero.
- *
- * Set rlim_cur to zero, but leave rlim_max
- * set to whatever the current value is.
- *
- * This is because, later, we may need to
- * re-enable core dumps to allow the debugger
- * to attach *sigh*.
- */
- } else if (current.rlim_cur != 0) {
- struct rlimit no_core;
+ /*
+ * We've been told to disable core dumping,
+ * rlim_cur is not set to zero.
+ *
+ * Set rlim_cur to zero, but leave rlim_max
+ * set to whatever the current value is.
+ *
+ * This is because, later, we may need to
+ * re-enable core dumps to allow the debugger
+ * to attach *sigh*.
+ */
+ } else if (current.rlim_cur != 0) {
+ struct rlimit no_core;
- no_core.rlim_cur = 0;
- no_core.rlim_max = current.rlim_max;
+ no_core.rlim_cur = 0;
+ no_core.rlim_max = current.rlim_max;
- if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
- fr_strerror_printf("Failed disabling core dumps: %s", fr_syserror(errno));
+ if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
+ fr_strerror_printf("Failed disabling core dumps: %s", fr_syserror(errno));
- return -1;
+ return -1;
+ }
}
}
#endif
if (strcmp(i->ifa_name, interface) != 0) continue;
#if defined(__linux__) || defined(__EMSCRIPTEN__)
- struct sockaddr_ll *ll;
+ {
+ struct sockaddr_ll *ll;
- ll = (struct sockaddr_ll *) i->ifa_addr;
- if ((ll->sll_hatype != 1) || (ll->sll_halen != 6)) continue;
-
- memcpy(ethernet->addr, ll->sll_addr, 6);
+ ll = (struct sockaddr_ll *) i->ifa_addr;
+ if ((ll->sll_hatype != 1) || (ll->sll_halen != 6)) continue;
+ memcpy(ethernet->addr, ll->sll_addr, 6);
+ }
#else
- struct sockaddr_dl *ll;
+ {
+ struct sockaddr_dl *ll;
- ll = (struct sockaddr_dl *) i->ifa_addr;
- if (ll->sdl_alen != 6) continue;
+ ll = (struct sockaddr_dl *) i->ifa_addr;
+ if (ll->sdl_alen != 6) continue;
- memcpy(ethernet->addr, LLADDR(ll), 6);
+ memcpy(ethernet->addr, LLADDR(ll), 6);
+ }
#endif
ret = 0;
break;
*/
{
lst_thing **array;
+ fr_time_t start_alloc, end_alloc, start_insert, end_insert, start_pop, end_pop, end_pop_first;
+
populate_values(values, count);
- fr_time_t start_alloc, end_alloc, start_insert, end_insert, start_pop, end_pop, end_pop_first = fr_time_wrap(0);
+ end_pop_first = fr_time_wrap(0);
start_alloc = fr_time();
array = talloc_array(NULL, lst_thing *, count);
*/
{
minmax_heap_thing **array;
+ fr_time_t start_alloc, end_alloc, start_insert, end_insert, start_pop, end_pop, end_pop_first;
+
populate_values(values, count);
- fr_time_t start_alloc, end_alloc, start_insert, end_insert, start_pop, end_pop, end_pop_first = fr_time_min();
+ end_pop_first = fr_time_min();
start_alloc = fr_time();
array = talloc_array(NULL, minmax_heap_thing *, count);
/*
* UDP header validation.
*/
- udp = (udp_header_t const *)data;
uint16_t udp_len;
ssize_t diff;
uint16_t expected;
+ udp = (udp_header_t const *)data;
udp_len = ntohs(udp->len);
diff = udp_len - remaining;
/* Truncated data */
*/
#else
- struct ifaddrs *list = NULL;
- bool bound = false;
+ {
+ struct ifaddrs *list = NULL;
+ bool bound = false;
- /*
- * Troll through all interfaces to see if there's
- */
- if (getifaddrs(&list) == 0) {
- struct ifaddrs *i;
-
- for (i = list; i != NULL; i = i->ifa_next) {
- if (i->ifa_addr && i->ifa_name && (strcmp(i->ifa_name, interface) == 0)) {
- /*
- * IPv4, and there's either no src_ip, OR src_ip is INADDR_ANY,
- * it's a match.
- *
- * We also update my_ipaddr to point to this particular IP,
- * so that we can later bind() to it. This gets us the same
- * effect as SO_BINDTODEVICE.
- */
- if ((i->ifa_addr->sa_family == AF_INET) &&
- (!src_ipaddr || fr_ipaddr_is_inaddr_any(src_ipaddr))) {
- (void) fr_ipaddr_from_sockaddr(&my_ipaddr, NULL,
- (struct sockaddr_storage *) i->ifa_addr,
- sizeof(struct sockaddr_in));
- my_ipaddr.scope_id = scope_id;
- bound = true;
- break;
+ /*
+ * Troll through all interfaces to see if there's
+ */
+ if (getifaddrs(&list) == 0) {
+ struct ifaddrs *i;
+
+ for (i = list; i != NULL; i = i->ifa_next) {
+ if (i->ifa_addr && i->ifa_name && (strcmp(i->ifa_name, interface) == 0)) {
+ /*
+ * IPv4, and there's either no src_ip, OR src_ip is INADDR_ANY,
+ * it's a match.
+ *
+ * We also update my_ipaddr to point to this particular IP,
+ * so that we can later bind() to it. This gets us the same
+ * effect as SO_BINDTODEVICE.
+ */
+ if ((i->ifa_addr->sa_family == AF_INET) &&
+ (!src_ipaddr || fr_ipaddr_is_inaddr_any(src_ipaddr))) {
+ (void) fr_ipaddr_from_sockaddr(&my_ipaddr, NULL,
+ (struct sockaddr_storage *) i->ifa_addr,
+ sizeof(struct sockaddr_in));
+ my_ipaddr.scope_id = scope_id;
+ bound = true;
+ break;
+ }
+
+ /*
+ * The caller specified a source IP, and we find a matching
+ * address family. Allow it.
+ *
+ * Note that we do NOT check for matching IPs here. If we did,
+ * then binding to an interface and the *wrong* IP would get us
+ * a "bind to device is unsupported" message.
+ *
+ * Instead we say "yes, we found a matching interface", and then
+ * allow the bind() call below to run. If that fails, we get a
+ * "Can't assign requested address" error, which is more informative.
+ */
+ if (src_ipaddr && (src_ipaddr->af == i->ifa_addr->sa_family)) {
+ my_ipaddr.scope_id = scope_id;
+ bound = true;
+ break;
+ }
}
+ }
+ freeifaddrs(list);
+
+ if (!bound) {
/*
- * The caller specified a source IP, and we find a matching
- * address family. Allow it.
- *
- * Note that we do NOT check for matching IPs here. If we did,
- * then binding to an interface and the *wrong* IP would get us
- * a "bind to device is unsupported" message.
- *
- * Instead we say "yes, we found a matching interface", and then
- * allow the bind() call below to run. If that fails, we get a
- * "Can't assign requested address" error, which is more informative.
+ * IPv4: no link local addresses,
+ * and no bind to device.
*/
- if (src_ipaddr && (src_ipaddr->af == i->ifa_addr->sa_family)) {
- my_ipaddr.scope_id = scope_id;
- bound = true;
- break;
- }
+ fr_strerror_printf_push("Bind to interface %s failed: Unable to match "
+ "interface with the given IP address.", interface);
+ return -1;
}
- }
-
- freeifaddrs(list);
-
- if (!bound) {
- /*
- * IPv4: no link local addresses,
- * and no bind to device.
- */
- fr_strerror_printf_push("Bind to interface %s failed: Unable to match interface with the given IP address.",
- interface);
+ } else {
+ fr_strerror_printf_push("Bind to interface %s failed, unable to get list of interfaces: %s",
+ interface, fr_syserror(errno));
return -1;
}
- } else {
- fr_strerror_printf_push("Bind to interface %s failed, unable to get list of interfaces: %s",
- interface, fr_syserror(errno));
- return -1;
}
#endif
} /* else no interface was passed in */
fr_type_t dst_type, fr_dict_attr_t const *dst_enumv,
fr_value_box_t const *src)
{
- fr_assert(dst_type == FR_TYPE_IPV6_ADDR);
-
static_assert((sizeof(v4_v6_map) + sizeof(src->vb_ip.addr.v4)) <=
sizeof(src->vb_ip.addr.v6), "IPv6 storage too small");
+ fr_assert(dst_type == FR_TYPE_IPV6_ADDR);
switch (src->type) {
case FR_TYPE_STRING:
default:
cast:
- if (!tmp_ctx) tmp_ctx = talloc_pool(NULL, 1024);
- fr_value_box_t tmp_vb;
+ {
+ fr_value_box_t tmp_vb;
- /*
- * Not equivalent to fr_value_box_to_network
- */
- if (fr_value_box_cast_to_octets(tmp_ctx, &tmp_vb, FR_TYPE_OCTETS, NULL, vb) < 0) {
- slen = -1;
- goto error;
- }
+ if (!tmp_ctx) tmp_ctx = talloc_pool(NULL, 1024);
+ /*
+ * Not equivalent to fr_value_box_to_network
+ */
+ if (fr_value_box_cast_to_octets(tmp_ctx, &tmp_vb, FR_TYPE_OCTETS, NULL, vb) < 0) {
+ slen = -1;
+ goto error;
+ }
- slen = fr_dbuff_in_memcpy(&our_dbuff, tmp_vb.vb_octets, tmp_vb.vb_length);
- fr_value_box_clear_value(&tmp_vb);
- break;
+ slen = fr_dbuff_in_memcpy(&our_dbuff, tmp_vb.vb_octets, tmp_vb.vb_length);
+ fr_value_box_clear_value(&tmp_vb);
+ break;
+ }
}
if (slen < 0) {
if (!eap_fast_verify(request, tls_session, data, data_len)) return FR_RADIUS_CODE_ACCESS_REJECT;
if (t->stage == EAP_FAST_TLS_SESSION_HANDSHAKE) {
+ char buf[256];
+
fr_assert(t->mode == EAP_FAST_UNKNOWN);
- char buf[256];
if (strstr(SSL_CIPHER_description(SSL_get_current_cipher(tls_session->ssl),
buf, sizeof(buf)), "Au=None")) {
/* FIXME enforce MSCHAPv2 - RFC 5422 section 3.2.2 */
*/
static int eap_peap_inner_from_pairs(request_t *request, fr_tls_session_t *tls_session, fr_pair_list_t *vps)
{
- fr_assert(!fr_pair_list_empty(vps));
fr_pair_t *this;
+ fr_assert(!fr_pair_list_empty(vps));
+
/*
* Send the EAP data in the first attribute, WITHOUT the
* header.
static int skip_spaces(rlm_isc_dhcp_tokenizer_t *state, char *p)
{
- state->ptr = p;
char *start = p;
+ state->ptr = p;
+
fr_skip_whitespace(state->ptr);
/*
*/
static void perl_parse_config(CONF_SECTION *cs, int lvl, HV *rad_hv)
{
- if (!cs || !rad_hv) return;
-
int indent_section = (lvl + 1) * 4;
int indent_item = (lvl + 2) * 4;
- DEBUG("%*s%s {", indent_section, " ", cf_section_name1(cs));
+ if (!cs || !rad_hv) return;
- CONF_ITEM *ci = NULL;
+ DEBUG("%*s%s {", indent_section, " ", cf_section_name1(cs));
- while ((ci = cf_item_next(cs, ci))) {
+ for (CONF_ITEM *ci = NULL; (ci = cf_item_next(cs, ci)); ) {
/*
* This is a section.
* Create a new HV, store it as a reference in current HV,
const char *hash_name, const char *list_name)
{
fr_pair_t *vp;
+ fr_dcursor_t cursor;
hv_undef(rad_hv);
- fr_dcursor_t cursor;
-
RINDENT();
fr_pair_list_sort(vps, fr_pair_cmp_by_da);
for (vp = fr_pair_dcursor_init(&cursor, vps);
/*
* Process VP container
*/
- json_object_object_foreach(object, name, value) {
- int i = 0, elements;
- struct json_object *element, *tmp;
- TALLOC_CTX *ctx;
-
- json_flags_t flags = {
- .op = T_OP_SET,
- .do_xlat = 1,
- .is_json = 0
- };
-
- request_t *current = request;
- fr_pair_list_t *vps;
- fr_pair_t *vp = NULL;
-
- TALLOC_FREE(dst);
-
- /*
- * Resolve attribute name to a dictionary entry and pairlist.
- */
- RDEBUG2("Parsing attribute \"%s\"", name);
-
- if (tmpl_afrom_attr_str(request, NULL, &dst, name,
- &(tmpl_rules_t){
- .attr = {
- .prefix = TMPL_ATTR_REF_PREFIX_NO,
- .dict_def = request->dict,
- .list_def = PAIR_LIST_REPLY
- }
- }) <= 0) {
- RPWDEBUG("Failed parsing attribute (skipping)");
- continue;
- }
+ {
+ json_object_object_foreach(object, name, value) {
+ int i = 0, elements;
+ struct json_object *element, *tmp;
+ TALLOC_CTX *ctx;
- if (tmpl_request_ptr(¤t, tmpl_request(dst)) < 0) {
- RWDEBUG("Attribute name refers to outer request but not in a tunnel (skipping)");
- continue;
- }
+ json_flags_t flags = {
+ .op = T_OP_SET,
+ .do_xlat = 1,
+ .is_json = 0
+ };
- vps = tmpl_list_head(current, tmpl_list(dst));
- if (!vps) {
- RWDEBUG("List not valid in this context (skipping)");
- continue;
- }
- ctx = tmpl_list_ctx(current, tmpl_list(dst));
+ request_t *current = request;
+ fr_pair_list_t *vps;
+ fr_pair_t *vp = NULL;
- /*
- * Alternative JSON structure which allows operator,
- * and other flags to be specified.
- *
- * "<name>":{
- * "do_xlat":<bool>,
- * "is_json":<bool>,
- * "op":"<op>",
- * "value":<value>
- * }
- *
- * Where value is a:
- * - [] Multivalued array
- * - {} Nested Valuepair
- * - * Integer or string value
- */
- if (json_object_is_type(value, json_type_object)) {
- /*
- * Process operator if present.
- */
- if (json_object_object_get_ex(value, "op", &tmp)) {
- flags.op = fr_table_value_by_str(fr_tokens_table, json_object_get_string(tmp), 0);
- if (!flags.op) {
- RWDEBUG("Invalid operator value \"%s\" (skipping)",
- json_object_get_string(tmp));
- continue;
- }
- }
+ TALLOC_FREE(dst);
/*
- * Process optional do_xlat bool.
+ * Resolve attribute name to a dictionary entry and pairlist.
*/
- if (json_object_object_get_ex(value, "do_xlat", &tmp)) {
- flags.do_xlat = json_object_get_boolean(tmp);
+ RDEBUG2("Parsing attribute \"%s\"", name);
+
+ if (tmpl_afrom_attr_str(request, NULL, &dst, name,
+ &(tmpl_rules_t){
+ .attr = {
+ .prefix = TMPL_ATTR_REF_PREFIX_NO,
+ .dict_def = request->dict,
+ .list_def = PAIR_LIST_REPLY
+ }
+ }) <= 0) {
+ RPWDEBUG("Failed parsing attribute (skipping)");
+ continue;
}
- /*
- * Process optional is_json bool.
- */
- if (json_object_object_get_ex(value, "is_json", &tmp)) {
- flags.is_json = json_object_get_boolean(tmp);
+ if (tmpl_request_ptr(¤t, tmpl_request(dst)) < 0) {
+ RWDEBUG("Attribute name refers to outer request but not in a tunnel (skipping)");
+ continue;
}
- /*
- * Value key must be present if were using the expanded syntax.
- */
- if (!json_object_object_get_ex(value, "value", &tmp)) {
- RWDEBUG("Value key missing (skipping)");
+ vps = tmpl_list_head(current, tmpl_list(dst));
+ if (!vps) {
+ RWDEBUG("List not valid in this context (skipping)");
continue;
}
+ ctx = tmpl_list_ctx(current, tmpl_list(dst));
/*
- * The value field now becomes the key we're operating on
+ * Alternative JSON structure which allows operator,
+ * and other flags to be specified.
+ *
+ * "<name>":{
+ * "do_xlat":<bool>,
+ * "is_json":<bool>,
+ * "op":"<op>",
+ * "value":<value>
+ * }
+ *
+ * Where value is a:
+ * - [] Multivalued array
+ * - {} Nested Valuepair
+ * - * Integer or string value
*/
- value = tmp;
- }
+ if (json_object_is_type(value, json_type_object)) {
+ /*
+ * Process operator if present.
+ */
+ if (json_object_object_get_ex(value, "op", &tmp)) {
+ flags.op = fr_table_value_by_str(fr_tokens_table, json_object_get_string(tmp), 0);
+ if (!flags.op) {
+ RWDEBUG("Invalid operator value \"%s\" (skipping)",
+ json_object_get_string(tmp));
+ continue;
+ }
+ }
- /*
- * Setup fr_pair_afrom_da / recursion loop.
- */
- if (!flags.is_json && json_object_is_type(value, json_type_array)) {
- elements = json_object_array_length(value);
- if (!elements) {
- RWDEBUG("Zero length value array (skipping)");
- continue;
- }
- element = json_object_array_get_idx(value, 0);
- } else {
- elements = 1;
- element = value;
- }
+ /*
+ * Process optional do_xlat bool.
+ */
+ if (json_object_object_get_ex(value, "do_xlat", &tmp)) {
+ flags.do_xlat = json_object_get_boolean(tmp);
+ }
- /*
- * A JSON 'value' key, may have multiple elements, iterate
- * over each of them, creating a new fr_pair_t.
- */
- do {
- if (max_attrs-- <= 0) {
- RWDEBUG("At maximum attribute limit");
- talloc_free(dst);
- return max;
+ /*
+ * Process optional is_json bool.
+ */
+ if (json_object_object_get_ex(value, "is_json", &tmp)) {
+ flags.is_json = json_object_get_boolean(tmp);
+ }
+
+ /*
+ * Value key must be present if were using the expanded syntax.
+ */
+ if (!json_object_object_get_ex(value, "value", &tmp)) {
+ RWDEBUG("Value key missing (skipping)");
+ continue;
+ }
+
+ /*
+ * The value field now becomes the key we're operating on
+ */
+ value = tmp;
}
/*
- * Automagically switch the op for multivalued attributes.
+ * Setup fr_pair_afrom_da / recursion loop.
*/
- if (((flags.op == T_OP_SET) || (flags.op == T_OP_EQ)) && (i >= 1)) {
- flags.op = T_OP_ADD_EQ;
+ if (!flags.is_json && json_object_is_type(value, json_type_array)) {
+ elements = json_object_array_length(value);
+ if (!elements) {
+ RWDEBUG("Zero length value array (skipping)");
+ continue;
+ }
+ element = json_object_array_get_idx(value, 0);
+ } else {
+ elements = 1;
+ element = value;
}
- if (json_object_is_type(element, json_type_object) && !flags.is_json) {
- /* TODO: Insert nested VP into VP structure...*/
- RWDEBUG("Found nested VP, these are not yet supported (skipping)");
+ /*
+ * A JSON 'value' key, may have multiple elements, iterate
+ * over each of them, creating a new fr_pair_t.
+ */
+ do {
+ fr_pair_list_t tmp_list;
- continue;
+ if (max_attrs-- <= 0) {
+ RWDEBUG("At maximum attribute limit");
+ talloc_free(dst);
+ return max;
+ }
/*
- vp = json_pair_alloc(instance, section,
- request, value,
- level + 1, max_attrs);*/
- } else {
- vp = json_pair_alloc_leaf(instance, section, ctx, request,
- tmpl_da(dst), &flags, element);
- if (!vp) continue;
- }
- RINDENT();
- RDEBUG2("&%s:%pP", fr_table_str_by_value(pair_list_table, tmpl_list(dst), ""), vp);
- REXDENT();
+ * Automagically switch the op for multivalued attributes.
+ */
+ if (((flags.op == T_OP_SET) || (flags.op == T_OP_EQ)) && (i >= 1)) {
+ flags.op = T_OP_ADD_EQ;
+ }
- fr_pair_list_t tmp_list;
- fr_pair_list_init(&tmp_list);
- fr_pair_append(&tmp_list, vp);
- radius_pairmove(current, vps, &tmp_list);
- /*
- * If we call json_object_array_get_idx on something that's not an array
- * the behaviour appears to be to occasionally segfault.
- */
- } while ((++i < elements) && (element = json_object_array_get_idx(value, i)));
+ if (json_object_is_type(element, json_type_object) && !flags.is_json) {
+ /* TODO: Insert nested VP into VP structure...*/
+ RWDEBUG("Found nested VP, these are not yet supported (skipping)");
+
+ continue;
+
+ /*
+ vp = json_pair_alloc(instance, section,
+ request, value,
+ level + 1, max_attrs);*/
+ } else {
+ vp = json_pair_alloc_leaf(instance, section, ctx, request,
+ tmpl_da(dst), &flags, element);
+ if (!vp) continue;
+ }
+ RINDENT();
+ RDEBUG2("&%s:%pP", fr_table_str_by_value(pair_list_table, tmpl_list(dst), ""), vp);
+ REXDENT();
+
+ fr_pair_list_init(&tmp_list);
+ fr_pair_append(&tmp_list, vp);
+ radius_pairmove(current, vps, &tmp_list);
+ /*
+ * If we call json_object_array_get_idx on something that's not an array
+ * the behaviour appears to be to occasionally segfault.
+ */
+ } while ((++i < elements) && (element = json_object_array_get_idx(value, i)));
+ }
}
talloc_free(dst);
p = info_buffer + 3;
while (*p != isc_info_end) {
p++;
- short len = (short)isc_vax_integer(p, 2);
- p += 2;
+ {
+ short len = (short)isc_vax_integer(p, 2);
+ p += 2;
- affected_rows = isc_vax_integer(p, len);
- if (affected_rows > 0) {
- break;
+ affected_rows = isc_vax_integer(p, len);
+ if (affected_rows > 0) {
+ break;
+ }
+ p += len;
}
- p += len;
}
return affected_rows;
}
uint16_t udp_dst_port;
size_t dhcp_data_len;
socklen_t sock_len;
+ uint8_t data_offset;
packet = fr_radius_packet_alloc(NULL, false);
if (!packet) {
sock_len = sizeof(struct sockaddr_ll);
data_len = recvfrom(sockfd, raw_packet, MAX_PACKET_SIZE, 0, (struct sockaddr *)link_layer, &sock_len);
- uint8_t data_offset = ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE; /* DHCP data datas after Ethernet, IP, UDP */
+ data_offset = ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE; /* DHCP data datas after Ethernet, IP, UDP */
if (data_len <= data_offset) DISCARD_RP("Payload (%d) smaller than required for layers 2+3+4", (int)data_len);
uint8_t pad[MD5_DIGEST_LENGTH];
uint8_t *buf;
int pad_offset;
+ size_t pos;
if (!secret) {
if (pkt->hdr.flags & FR_TAC_PLUS_UNENCRYPTED_FLAG)
fr_md5_calc(pad, buf, pad_offset);
- size_t pos = 0;
+ pos = 0;
do {
for (size_t i = 0; i < MD5_DIGEST_LENGTH && pos < body_len; i++, pos++)
body[pos] ^= pad[i];
projects / thirdparty / freeradius-server.git / commitdiff
