Don't decode optional attributes

Certain attributes are defined as optional, and will have zero length if
they are not present.

diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c
index f59bfd30a9b0a99f6f04e15d44358573b0e1e9e4..662c178380c5a061ae404facac28bad5bd29870f 100644 (file)
--- a/src/process/tacacs/base.c
+++ b/src/process/tacacs/base.c
@@ -563,10 +563,9 @@ RESUME(auth_start)
                        }
 
                        vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
-                       if (vp && vp->vp_length == 0) {
+                       if (!vp) {
                                RDEBUG("No User-Name, replying with Authentication-GetUser");
                                request->reply->code = FR_TACACS_CODE_AUTH_GETUSER;
-
                        } else {
                                RDEBUG("User-Name = %pV, replying with Authentication-GetPass", &vp->data);
                                request->reply->code = FR_TACACS_CODE_AUTH_GETPASS;

diff --git a/src/protocols/tacacs/decode.c b/src/protocols/tacacs/decode.c
index bc5884892ac0ddc5ffcb94acf2b81910972a9769..9d7cc98021a52be68a865efd2a9a4fa23441c738 100644 (file)
--- a/src/protocols/tacacs/decode.c
+++ b/src/protocols/tacacs/decode.c
@@ -623,12 +623,15 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t co
                        DECODE_FIELD_UINT8(attr_tacacs_authentication_service, pkt->authen_start.authen_service);
 
                        /*
-                        *      Decode 4 fields, based on their "length"
+                        *      Decode 3 fields, based on their "length"
+                        *      user and rem_addr are optional - indicated by zero length
                         */
                        p = body;
-                       DECODE_FIELD_STRING8(attr_tacacs_user_name, pkt->authen_start.user_len);
+                       if (pkt->authen_start.user_len > 0) DECODE_FIELD_STRING8(attr_tacacs_user_name,
+                                                                                pkt->authen_start.user_len);
                        DECODE_FIELD_STRING8(attr_tacacs_client_port, pkt->authen_start.port_len);
-                       DECODE_FIELD_STRING8(attr_tacacs_remote_address, pkt->authen_start.rem_addr_len);
+                       if (pkt->authen_start.rem_addr_len > 0) DECODE_FIELD_STRING8(attr_tacacs_remote_address,
+                                                                                    pkt->authen_start.rem_addr_len);
 
                        /*
                         *      Check the length on the various
@@ -862,11 +865,13 @@ ssize_t fr_tacacs_decode(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t co
 
                        /*
                         *      Decode 3 fields, based on their "length"
+                        *      rem_addr is optional - indicated by zero length
                         */
                        p = body;
                        DECODE_FIELD_STRING8(attr_tacacs_user_name, pkt->author_req.user_len);
                        DECODE_FIELD_STRING8(attr_tacacs_client_port, pkt->author_req.port_len);
-                       DECODE_FIELD_STRING8(attr_tacacs_remote_address, pkt->author_req.rem_addr_len);
+                       if (pkt->author_req.rem_addr_len > 0) DECODE_FIELD_STRING8(attr_tacacs_remote_address,
+                                                                                  pkt->author_req.rem_addr_len);
 
                        /*
                         *      Decode 'arg_N' arguments (horrible format)