Added REQUEST to soh_verify() parameters

In preparation for DEBUG -> RDEBUG changes.

Also made rlm_soh return FAIL on bad SoH packets.

diff --git a/src/include/soh.h b/src/include/soh.h
index 7dc17f96d8a4cc96d523a4a926e3d757e4576ed2..27b6ad3cc1a18d18f527d89179f0fbd1e20c08f7 100644 (file)
--- a/src/include/soh.h
+++ b/src/include/soh.h
@@ -26,13 +26,11 @@
 #include <freeradius-devel/ident.h>
 RCSIDH(soh_h, "$Id$")
 
-#include <freeradius-devel/libradius.h>
-
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-int soh_verify(VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len);
+  int soh_verify(REQUEST *request, VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len);
 uint16_t soh_pull_be_16(const uint8_t *p);
 uint32_t soh_pull_be_24(const uint8_t *p);
 uint32_t soh_pull_be_32(const uint8_t *p);

diff --git a/src/main/soh.c b/src/main/soh.c
index ca4de004050649eeeb1fd9602b93f6a4562f5bf7..926faa330644a844f14c288c4eebdc29a091f0e9 100644 (file)
--- a/src/main/soh.c
+++ b/src/main/soh.c
@@ -102,7 +102,7 @@ uint32_t soh_pull_be_32(const uint8_t *p) {
  * unknown types; we need to know their length ahead of time. Therefore, we abort
  * if we find an unknown type.
  */
-static int eapsoh_mstlv(VALUE_PAIR *sohvp, const uint8_t *p, unsigned int data_len) {
+static int eapsoh_mstlv(REQUEST *request, VALUE_PAIR *sohvp, const uint8_t *p, unsigned int data_len) {
        VALUE_PAIR *vp;
        uint8_t c;
        int t;
@@ -305,7 +305,7 @@ static const char* healthclass2str(uint8_t hc) {
        return NULL;
 }
 
-int soh_verify(VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len) {
+int soh_verify(REQUEST *request, VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len) {
 
        VALUE_PAIR *vp;
        eap_soh hdr;
@@ -413,7 +413,7 @@ int soh_verify(VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len) {
                                 */
                                if (curr_shid==0x137 && curr_shid_c==0) {
                                        DEBUG("SoH MS type-value payload");
-                                       eapsoh_mstlv(sohvp, data + 4, tlv.tlv_len - 4);
+                                       eapsoh_mstlv(request, sohvp, data + 4, tlv.tlv_len - 4);
                                } else {
                                        DEBUG("SoH unhandled vendor-specific TLV %08x/component=%i %i bytes payload", curr_shid, curr_shid_c, tlv.tlv_len);
                                }

diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
index 78a04f75bae9577d12354354595b077470d24eb9..53e658c98ff146b4d5830a64bcdef2f25eb010dd 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
+++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c
@@ -194,7 +194,7 @@ static VALUE_PAIR* eapsoh_verify(REQUEST *request, const uint8_t *data, unsigned
        }
 
 
-       rv = soh_verify(vp, data, data_len - 8);
+       rv = soh_verify(request, vp, data, data_len - 8);
        if (rv<0) {
                RDEBUG("SoH - error decoding payload: %s", fr_strerror());
        } else {
@@ -702,7 +702,7 @@ static const char *peap_state(peap_tunnel_t *t)
        return "?";
 }
 
-static void print_tunneled_data(uint8_t *data, size_t data_len)
+static void print_tunneled_data(const uint8_t *data, size_t data_len)
 {
        size_t i;
 

diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c
index 027e0f6441508ca8753cd9057881b663c26fe8f0..aeb0c211852ce56db6e7b2a6e257a0ac7d64e2db 100644 (file)
--- a/src/modules/rlm_soh/rlm_soh.c
+++ b/src/modules/rlm_soh/rlm_soh.c
@@ -140,6 +140,7 @@ static int soh_instantiate(CONF_SECTION *conf, void **instance) {
 static int soh_postauth(UNUSED void * instance, REQUEST *request)
 {
 #ifdef WITH_DHCP
+       int rcode;
        VALUE_PAIR *vp;
 
        vp = pairfind(request->packet->vps, DHCP2ATTR(43));
@@ -176,7 +177,10 @@ static int soh_postauth(UNUSED void * instance, REQUEST *request)
                                        } else {
                                                RDEBUG("SoH decoding NAP from DHCP request");
                                                /* SoH payload */
-                                               soh_verify(request->packet->vps, data, vlen);
+                                               rcode = soh_verify(request, request->packet->vps, data, vlen);
+                                               if (rcode < 0) {
+                                                       return RLM_MODULE_FAIL;
+                                               }
                                        }
                                        break;
                                default:
@@ -205,7 +209,10 @@ static int soh_authorize(UNUSED void * instance, REQUEST *request)
 
        RDEBUG("SoH radius VP found");
        /* decode it */
-       rv = soh_verify(request->packet->vps, vp->vp_octets, vp->length);
+       rv = soh_verify(request, request->packet->vps, vp->vp_octets, vp->length);
+       if (rv < 0) {
+               return RLM_MODULE_FAIL;
+       }
 
        return RLM_MODULE_OK;
 }