return 0;
}
-/**
- */
-unlang_action_t process_authenticate(rlm_rcode_t *p_result, int auth_type, request_t *request, CONF_SECTION *server_cs)
-{
- rlm_rcode_t rcode;
- char const *module;
- char const *component;
- fr_dict_attr_t const *da;
- fr_dict_enum_value_t const *dv;
- CONF_SECTION *subcs;
- fr_dict_t const *dict_internal;
-
- /*
- * Figure out which section to run.
- */
- if (!auth_type) {
- RERROR("An 'Auth-Type' MUST be specified");
- RETURN_MODULE_REJECT;
- }
-
- dict_internal = fr_dict_internal();
- da = fr_dict_attr_child_by_num(fr_dict_root(dict_internal), FR_AUTH_TYPE);
- if (!da) RETURN_MODULE_FAIL;
-
- dv = fr_dict_enum_by_value(da, fr_box_uint32((uint32_t) auth_type));
- if (!dv) RETURN_MODULE_FAIL;
-
- subcs = cf_section_find(server_cs, "authenticate", dv->name);
- if (!subcs) {
- RDEBUG2("%s %s sub-section not found. Using default return values.",
- da->name, dv->name);
- RETURN_MODULE_REJECT;
- }
-
- RDEBUG("Running %s %s from file %s",
- da->name, dv->name, cf_filename(subcs));
-
- /*
- * Cache and restore these, as they're re-set when
- * looping back from inside a module like eap-gtc.
- */
- module = request->module;
- component = request->component;
-
- request->module = NULL;
- request->component = "authenticate";
-
- if (unlang_interpret_push_section(request, subcs, RLM_MODULE_REJECT, UNLANG_TOP_FRAME) < 0) {
- RETURN_MODULE_FAIL;
- }
- rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request);
-
- request->component = component;
- request->module = module;
-
- RETURN_MODULE_RCODE(rcode);
-}
-
-rlm_rcode_t virtual_server_process_auth(request_t *request, CONF_SECTION *virtual_server,
- rlm_rcode_t default_rcode,
- unlang_module_resume_t resume,
- unlang_module_signal_t signal, void *rctx)
-{
- fr_pair_t *vp;
- CONF_SECTION *auth_cs = NULL;
- char const *auth_name;
- rlm_rcode_t rcode = RLM_MODULE_NOOP;
-
- vp = fr_pair_find_by_da_idx(&request->control_pairs, attr_auth_type, 0);
- if (!vp) {
- RDEBUG2("No &control.Auth-Type found");
- fail:
- request->rcode = RLM_MODULE_FAIL;
- unlang_module_yield_to_section(&rcode, request, NULL, RLM_MODULE_FAIL, resume, signal, rctx);
- return rcode;
- }
-
- auth_name = fr_dict_enum_name_by_value(attr_auth_type, &vp->data);
- if (!auth_name) {
- REDEBUG2("Invalid %pP value", vp);
- goto fail;
- }
-
- auth_cs = cf_section_find(virtual_server, "authenticate", auth_name);
- if (!auth_cs) {
- REDEBUG2("No authenticate %s { ... } section found in virtual server \"%s\"",
- auth_name, cf_section_name2(virtual_server));
- goto fail;
- }
-
- unlang_module_yield_to_section(&rcode, request, auth_cs, default_rcode, resume, signal, rctx);
- return rcode;
-}
-
/** Compile sections for a virtual server.
*
* When the "proto_foo" module calls fr_app_process_instantiate(), it
int virtual_server_cf_parse(TALLOC_CTX *ctx, void *out, void *parent,
CONF_ITEM *ci, CONF_PARSER const *rule) CC_HINT(nonnull(2,4));
/** @} */
-unlang_action_t process_authenticate(rlm_rcode_t *p_result, int auth_type,
- request_t *request, CONF_SECTION *server_cs) CC_HINT(nonnull);
-
-rlm_rcode_t virtual_server_process_auth(request_t *request, CONF_SECTION *virtual_server,
- rlm_rcode_t default_rcode,
- unlang_module_resume_t resume,
- unlang_module_signal_t signal, void *rctx) CC_HINT(nonnull);
fr_listen_t * listen_find_any(fr_listen_t *li) CC_HINT(nonnull);
bool listen_record(fr_listen_t *li) CC_HINT(nonnull);
/*
* Keep processing the Auth-Type until it doesn't return YIELD.
*/
-static unlang_action_t mod_process_auth_type(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
+static unlang_action_t gtc_resume(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
{
rlm_rcode_t rcode;
- eap_session_t *eap_session = eap_session_get(request->parent);
+ eap_session_t *eap_session = mctx->rctx;
eap_round_t *eap_round = eap_session->this_round;
- rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request);
-
- if (request->master_state == REQUEST_STOP_PROCESSING) return UNLANG_ACTION_STOP_PROCESSING;
+ rcode = unlang_interpret_stack_result(request);
if (rcode != RLM_MODULE_OK) {
eap_round->request->code = FR_EAP_CODE_FAILURE;
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
{
rlm_eap_gtc_t const *inst = talloc_get_type_abort(mctx->inst->data, rlm_eap_gtc_t);
- rlm_rcode_t rcode;
eap_session_t *eap_session = eap_session_get(request->parent);
eap_round_t *eap_round = eap_session->this_round;
vp->vp_tainted = true;
unlang = cf_section_find(unlang_call_current(request), "authenticate", inst->auth_type->name);
+ if (!unlang) unlang = cf_section_find(unlang_call_current(request->parent), "authenticate", inst->auth_type->name);
if (!unlang) {
- /*
- * Call the authenticate section of the *current* virtual server.
- */
- process_authenticate(&rcode, inst->auth_type->value->vb_uint32,
- request, unlang_call_current(request->parent));
- if (rcode != RLM_MODULE_OK) {
- eap_round->request->code = FR_EAP_CODE_FAILURE;
- RETURN_MODULE_RCODE(rcode);
- }
-
- eap_round->request->code = FR_EAP_CODE_SUCCESS;
- RETURN_MODULE_OK;
- }
-
- if (unlang_interpret_push_section(request, unlang, RLM_MODULE_FAIL, UNLANG_TOP_FRAME) < 0) {
+ RDEBUG2("authenticate %s { ... } sub-section not found.",
+ inst->auth_type->name);
+ eap_round->request->code = FR_EAP_CODE_FAILURE;
RETURN_MODULE_FAIL;
}
- eap_session->process = mod_process_auth_type;
-
- return eap_session->process(p_result, mctx, request);
+ return unlang_module_yield_to_section(p_result, request, unlang, RLM_MODULE_FAIL, gtc_resume, NULL, eap_session);
}
#endif
-static unlang_action_t mschap_finalize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request,
- eap_session_t *eap_session, rlm_rcode_t rcode)
+static unlang_action_t mschap_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
{
+ eap_session_t *eap_session = mctx->rctx;
mschapv2_opaque_t *data = talloc_get_type_abort(eap_session->opaque, mschapv2_opaque_t);
eap_round_t *eap_round = eap_session->this_round;
fr_pair_list_t response;
rlm_eap_mschapv2_t const *inst = mctx->inst->data;
+ rlm_rcode_t rcode;
fr_pair_list_init(&response);
+
+ rcode = unlang_interpret_stack_result(request);
+
/*
* Delete MPPE keys & encryption policy. We don't
* want these here.
RETURN_MODULE_OK;
}
-#if 0
-/*
- * Keep processing the Auth-Type until it doesn't return YIELD.
- */
-static unlang_action_t mod_process_auth_type(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
-{
- rlm_rcode_t rcode;
- eap_session_t *eap_session = eap_session_get(request->parent);
-
- rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request);
-
- if (request->master_state == REQUEST_STOP_PROCESSING) return UNLANG_ACTION_STOP_PROCESSING;
-
- return mschap_finalize(p_result, mctx, request, eap_session, rcode);
-}
-#endif
-
/*
* Authenticate a previously sent challenge.
*/
fr_pair_t *auth_challenge, *response, *name;
CONF_SECTION *unlang;
- rlm_rcode_t rcode;
int ccode;
uint8_t *p;
size_t length;
#endif
/*
- * This is a wild & crazy hack.
+ * Look for "authenticate foo" in the current virtual
+ * server. If not there, then in the parent one.
*/
- unlang = cf_section_find(unlang_call_current(request), "authenticate", inst->auth_type->name);
+ RDEBUG("Looking for authenticate %s { ... }", inst->auth_type->name);
+ unlang = cf_section_find(unlang_call_current(parent), "authenticate", inst->auth_type->name);
+ if (!unlang) unlang = cf_section_find(unlang_call_current(request->parent), "authenticate", inst->auth_type->name);
if (!unlang) {
- process_authenticate(&rcode, inst->auth_type->value->vb_uint32,
- request, unlang_call_current(request->parent));
- } else {
- if (unlang_interpret_push_section(request, unlang, RLM_MODULE_FAIL, UNLANG_TOP_FRAME) < 0) {
- RETURN_MODULE_FAIL;
- }
- rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request);
+ RDEBUG2("authenticate %s { ... } sub-section not found.",
+ inst->auth_type->name);
+ RETURN_MODULE_FAIL;
}
- return mschap_finalize(p_result, mctx, request, eap_session, rcode);
+ return unlang_module_yield_to_section(p_result, request, unlang, RLM_MODULE_FAIL, mschap_resume, NULL, eap_session);
}
/*
projects / thirdparty / freeradius-server.git / commitdiff
