From: Alan T. DeKok Date: Sat, 9 Mar 2013 18:09:42 +0000 (-0500) Subject: Add TALLOC_CTX to paircreate() X-Git-Tag: release_3_0_0_beta1~780 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00af7c58dd9ad576166dbc55e7f769a9b38d1217;p=thirdparty%2Ffreeradius-server.git Add TALLOC_CTX to paircreate() Which exposed a fair amount of repeated code. That should use radius_paircreate(). --- diff --git a/src/include/dhcp.h b/src/include/dhcp.h index 605a367397e..eab7d43c5c6 100644 --- a/src/include/dhcp.h +++ b/src/include/dhcp.h @@ -41,7 +41,8 @@ int fr_dhcp_send(RADIUS_PACKET *packet); int fr_dhcp_add_arp_entry(int fd, const char *interface, VALUE_PAIR *hwvp, VALUE_PAIR *clvp); int fr_dhcp_encode(RADIUS_PACKET *packet); -ssize_t fr_dhcp_decode_options(uint8_t *data, size_t len, VALUE_PAIR **head); +ssize_t fr_dhcp_decode_options(RADIUS_PACKET *packet, + uint8_t *data, size_t len, VALUE_PAIR **head); int fr_dhcp_decode(RADIUS_PACKET *packet); /* diff --git a/src/include/libradius.h b/src/include/libradius.h index afecdab2d34..e5612f66607 100644 --- a/src/include/libradius.h +++ b/src/include/libradius.h @@ -429,7 +429,7 @@ int rad_vp2attr(const RADIUS_PACKET *packet, /* valuepair.c */ VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, const DICT_ATTR *da); -VALUE_PAIR *paircreate(unsigned int attr, unsigned int vendor); +VALUE_PAIR *paircreate(TALLOC_CTX *ctx, unsigned int attr, unsigned int vendor); int pair2unknown(VALUE_PAIR *vp); void pairfree(VALUE_PAIR **); void pairbasicfree(VALUE_PAIR *pair); diff --git a/src/lib/dhcp.c b/src/lib/dhcp.c index f0ca90d860b..04d83a252a1 100644 --- a/src/lib/dhcp.c +++ b/src/lib/dhcp.c @@ -443,9 +443,11 @@ int fr_dhcp_send(RADIUS_PACKET *packet) #endif } -static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen); +static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, + const uint8_t *p, size_t alen); -static int decode_tlv(VALUE_PAIR *tlv, const uint8_t *data, size_t data_len) +static int decode_tlv(RADIUS_PACKET *packet, VALUE_PAIR *tlv, + const uint8_t *data, size_t data_len) { const uint8_t *p; VALUE_PAIR *head, **tail, *vp; @@ -469,13 +471,13 @@ static int decode_tlv(VALUE_PAIR *tlv, const uint8_t *data, size_t data_len) p = data; while (p < (data + data_len)) { - vp = paircreate(tlv->da->attr | (p[0] << 8), DHCP_MAGIC_VENDOR); + vp = paircreate(packet, tlv->da->attr | (p[0] << 8), DHCP_MAGIC_VENDOR); if (!vp) { pairfree(&head); goto make_tlv; } - if (fr_dhcp_attr2vp(vp, p + 2, p[1]) < 0) { + if (fr_dhcp_attr2vp(packet, vp, p + 2, p[1]) < 0) { pairfree(&head); goto make_tlv; } @@ -513,7 +515,8 @@ make_tlv: /* * Decode ONE value into a VP */ -static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen) +static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, + const uint8_t *p, size_t alen) { switch (vp->da->type) { case PW_TYPE_BYTE: @@ -561,7 +564,7 @@ static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen) break; case PW_TYPE_TLV: - return decode_tlv(vp, p, alen); + return decode_tlv(packet, vp, p, alen); default: fr_strerror_printf("Internal sanity check %d %d", vp->da->type, __LINE__); @@ -572,7 +575,8 @@ static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen) return 0; } -ssize_t fr_dhcp_decode_options(uint8_t *data, size_t len, VALUE_PAIR **head) +ssize_t fr_dhcp_decode_options(RADIUS_PACKET *packet, + uint8_t *data, size_t len, VALUE_PAIR **head) { int i; VALUE_PAIR *vp, **tail; @@ -665,7 +669,7 @@ ssize_t fr_dhcp_decode_options(uint8_t *data, size_t len, VALUE_PAIR **head) memcpy(vp->vp_octets, p + 1, 6); vp->length = alen; - } else if (fr_dhcp_attr2vp(vp, p, alen) < 0) { + } else if (fr_dhcp_attr2vp(packet, vp, p, alen) < 0) { pairfree(&vp); pairfree(head); return -1; @@ -792,7 +796,8 @@ int fr_dhcp_decode(RADIUS_PACKET *packet) * Nothing uses tail after this call, if it does in the future * it'll need to find the new tail... */ - if (fr_dhcp_decode_options(packet->data + 240, packet->data_len - 240, + if (fr_dhcp_decode_options(packet, + packet->data + 240, packet->data_len - 240, tail) < 0) { return -1; } @@ -956,7 +961,7 @@ static size_t fr_dhcp_vp2attr(VALUE_PAIR *vp, uint8_t *p, size_t room) return length; } -static VALUE_PAIR *fr_dhcp_vp2suboption(VALUE_PAIR *vps) +static VALUE_PAIR *fr_dhcp_vp2suboption(RADIUS_PACKET *packet, VALUE_PAIR *vps) { int length; unsigned int attribute; @@ -965,7 +970,7 @@ static VALUE_PAIR *fr_dhcp_vp2suboption(VALUE_PAIR *vps) attribute = vps->da->attr & 0xffff00ff; - tlv = paircreate(attribute, DHCP_MAGIC_VENDOR); + tlv = paircreate(packet, attribute, DHCP_MAGIC_VENDOR); if (!tlv) return NULL; tlv->length = 0; @@ -1433,7 +1438,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet) /* * Should NOT have been encoded yet! */ - tlv = fr_dhcp_vp2suboption(vp); + tlv = fr_dhcp_vp2suboption(packet, vp); /* * Ignore it if there's an issue diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c index b807a1c90f2..7af180bced7 100644 --- a/src/lib/valuepair.c +++ b/src/lib/valuepair.c @@ -45,7 +45,7 @@ static const char *months[] = { * * Allocates a new attribute and a new dictionary attr if no DA is provided. * - * @param[in] ctx for allocated memory, usually a pointer to the request. + * @param[in] ctx for allocated memory, usually a pointer to a RADIUS_PACKET * @param[in] da Specifies the dictionary attribute to build the VP from. * @return a new value pair or NULL if an error occurred. */ @@ -82,11 +82,12 @@ VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, const DICT_ATTR *da) * Which type of DICT_ATTR the VALUE_PAIR was created with can be determined by * checking @verbatim vp->da->flags.is_unknown @endverbatim. * + * @param[in] ctx for allocated memory, usually a pointer to a RADIUS_PACKET * @param[in] attr number. * @param[in] vendor number. * @return the new valuepair or NULL on error. */ -VALUE_PAIR *paircreate(unsigned int attr, unsigned int vendor) +VALUE_PAIR *paircreate(TALLOC_CTX *ctx, unsigned int attr, unsigned int vendor) { const DICT_ATTR *da; @@ -98,7 +99,7 @@ VALUE_PAIR *paircreate(unsigned int attr, unsigned int vendor) } } - return pairalloc(NULL, da); + return pairalloc(ctx, da); } /** Free memory used by a single valuepair. diff --git a/src/lib/vqp.c b/src/lib/vqp.c index 1b20d392dca..944af42e118 100644 --- a/src/lib/vqp.c +++ b/src/lib/vqp.c @@ -437,7 +437,7 @@ int vqp_decode(RADIUS_PACKET *packet) tail = &packet->vps; - vp = paircreate(PW_VQP_PACKET_TYPE, 0); + vp = paircreate(packet, PW_VQP_PACKET_TYPE, 0); if (!vp) { fr_strerror_printf("No memory"); return -1; @@ -448,7 +448,7 @@ int vqp_decode(RADIUS_PACKET *packet) *tail = vp; tail = &(vp->next); - vp = paircreate(PW_VQP_ERROR_CODE, 0); + vp = paircreate(packet, PW_VQP_ERROR_CODE, 0); if (!vp) { fr_strerror_printf("No memory"); return -1; @@ -459,7 +459,7 @@ int vqp_decode(RADIUS_PACKET *packet) *tail = vp; tail = &(vp->next); - vp = paircreate(PW_VQP_SEQUENCE_NUMBER, 0); + vp = paircreate(packet, PW_VQP_SEQUENCE_NUMBER, 0); if (!vp) { fr_strerror_printf("No memory"); return -1; @@ -487,7 +487,7 @@ int vqp_decode(RADIUS_PACKET *packet) * Hack to get the dictionaries to work correctly. */ attribute |= 0x2000; - vp = paircreate(attribute, 0); + vp = paircreate(packet, attribute, 0); if (!vp) { pairfree(&packet->vps); diff --git a/src/main/detail.c b/src/main/detail.c index 2f62d4b850d..73737d33d42 100644 --- a/src/main/detail.c +++ b/src/main/detail.c @@ -562,7 +562,7 @@ int detail_recv(rad_listen_t *listener) if (!strcasecmp(key, "Timestamp")) { data->timestamp = atoi(value); - vp = paircreate(PW_PACKET_ORIGINAL_TIMESTAMP, 0); + vp = paircreate(data, PW_PACKET_ORIGINAL_TIMESTAMP, 0); if (vp) { vp->vp_date = (uint32_t) data->timestamp; *tail = vp; @@ -708,7 +708,7 @@ int detail_recv(rad_listen_t *listener) */ vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY); if (!vp) { - vp = paircreate(PW_ACCT_DELAY_TIME, 0); + vp = paircreate(data, PW_ACCT_DELAY_TIME, 0); rad_assert(vp != NULL); pairadd(&packet->vps, vp); } @@ -721,7 +721,7 @@ int detail_recv(rad_listen_t *listener) */ vp = pairfind(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0, TAG_ANY); if (!vp) { - vp = paircreate(PW_PACKET_TRANSMIT_COUNTER, 0); + vp = paircreate(data, PW_PACKET_TRANSMIT_COUNTER, 0); rad_assert(vp != NULL); pairadd(&packet->vps, vp); } diff --git a/src/main/modules.c b/src/main/modules.c index 4c2b425da8a..e94381abd50 100644 --- a/src/main/modules.c +++ b/src/main/modules.c @@ -1761,7 +1761,7 @@ char *module_failure_msg(REQUEST *request, const char *fmt, ...) VALUE_PAIR *vp; va_start(ap, fmt); - vp = paircreate(PW_MODULE_FAILURE_MESSAGE, 0); + vp = paircreate(request->packet, PW_MODULE_FAILURE_MESSAGE, 0); if (!vp) { va_end(ap); return NULL; diff --git a/src/main/radclient.c b/src/main/radclient.c index 252137fe9ba..1087346a91c 100644 --- a/src/main/radclient.c +++ b/src/main/radclient.c @@ -160,13 +160,14 @@ static void radclient_free(radclient_t *radclient) free(radclient); } -static int mschapv1_encode(VALUE_PAIR **request, const char *password) +static int mschapv1_encode(RADIUS_PACKET *packet, VALUE_PAIR **request, + const char *password) { unsigned int i; VALUE_PAIR *challenge, *response; uint8_t nthash[16]; - challenge = paircreate(PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT); + challenge = paircreate(packet, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT); if (!challenge) { fprintf(stderr, "GOT IT %d!\n", __LINE__); return 0; @@ -178,7 +179,7 @@ static int mschapv1_encode(VALUE_PAIR **request, const char *password) challenge->vp_octets[i] = fr_rand(); } - response = paircreate(PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT); + response = paircreate(packet, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT); if (!response) { fprintf(stderr, "GOT IT %d!\n", __LINE__); return 0; @@ -658,7 +659,8 @@ static int send_one_packet(radclient_t *radclient) vp->length = 17; } } else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY) != NULL) { - mschapv1_encode(&radclient->request->vps, + mschapv1_encode(radclient->request, + &radclient->request->vps, radclient->password); } else if (fr_debug_flag) { printf("WARNING: No password in the request\n"); diff --git a/src/main/session.c b/src/main/session.c index d093ca5a334..6bc57871eaa 100644 --- a/src/main/session.c +++ b/src/main/session.c @@ -51,7 +51,7 @@ int session_zap(REQUEST *request, uint32_t nasaddr, unsigned int port, /* Hold your breath */ #define PAIR(n,v,e) do { \ - if(!(vp = paircreate(n, 0))) { \ + if(!(vp = paircreate(stopreq->packet,n, 0))) { \ request_free(&stopreq); \ radlog(L_ERR, "no memory"); \ pairfree(&(stopreq->packet->vps)); \ @@ -63,7 +63,7 @@ int session_zap(REQUEST *request, uint32_t nasaddr, unsigned int port, #define INTPAIR(n,v) PAIR(n,v,vp_integer) #define IPPAIR(n,v) PAIR(n,v,vp_ipaddr) #define STRINGPAIR(n,v) do { \ - if(!(vp = paircreate(n, 0))) { \ + if(!(vp = paircreate(stopreq->packet,n, 0))) { \ request_free(&stopreq); \ radlog(L_ERR, "no memory"); \ pairfree(&(stopreq->packet->vps)); \ diff --git a/src/main/valuepair.c b/src/main/valuepair.c index a66033ea1ca..adf51938ba2 100644 --- a/src/main/valuepair.c +++ b/src/main/valuepair.c @@ -820,12 +820,15 @@ void radius_xlat_move(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR **from) * @param[in] vendor number. * @return a new VLAUE_PAIR or causes server to exit on error. */ -VALUE_PAIR *radius_paircreate(UNUSED REQUEST *request, VALUE_PAIR **vps, +VALUE_PAIR *radius_paircreate(REQUEST *request, VALUE_PAIR **vps, unsigned int attribute, unsigned int vendor) { VALUE_PAIR *vp; - vp = paircreate(attribute, vendor); + /* + * FIXME: the context should ideally be the packet... + */ + vp = paircreate(request, attribute, vendor); if (!vp) { radlog(L_ERR, "No memory!"); rad_assert("No memory" == NULL); diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c index 34d9db45743..904b6e98f10 100644 --- a/src/modules/rlm_cache/rlm_cache.c +++ b/src/modules/rlm_cache/rlm_cache.c @@ -162,7 +162,7 @@ static void cache_merge(rlm_cache_t *inst, REQUEST *request, } if (inst->stats) { - vp = paircreate(PW_CACHE_ENTRY_HITS, 0); + vp = paircreate(request->packet, PW_CACHE_ENTRY_HITS, 0); rad_assert(vp != NULL); vp->vp_integer = c->hits; diff --git a/src/modules/rlm_dhcp/rlm_dhcp.c b/src/modules/rlm_dhcp/rlm_dhcp.c index 74a7c777b62..ae5f8ee5086 100644 --- a/src/modules/rlm_dhcp/rlm_dhcp.c +++ b/src/modules/rlm_dhcp/rlm_dhcp.c @@ -63,7 +63,8 @@ static size_t dhcp_options_xlat(UNUSED void *instance, REQUEST *request, return 0; } - if ((fr_dhcp_decode_options(vp->vp_octets, vp->length, &head) < 0) || + if ((fr_dhcp_decode_options(request->packet, + vp->vp_octets, vp->length, &head) < 0) || (head == NULL)) { RDEBUGW("DHCP option decoding failed"); goto fail; diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c index 8b8951b0f16..501865b0912 100644 --- a/src/modules/rlm_eap/eap.c +++ b/src/modules/rlm_eap/eap.c @@ -524,7 +524,7 @@ rlm_rcode_t eap_compose(EAP_HANDLER *handler) } eap_packet = (eap_packet_t *)reply->packet; - vp = eap_packet2vp(eap_packet); + vp = eap_packet2vp(request->reply, eap_packet); if (!vp) return RLM_MODULE_INVALID; pairadd(&(request->reply->vps), vp); @@ -537,7 +537,7 @@ rlm_rcode_t eap_compose(EAP_HANDLER *handler) */ vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { - vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0); + vp = paircreate(request->reply, PW_MESSAGE_AUTHENTICATOR, 0); memset(vp->vp_octets, 0, AUTH_VECTOR_LEN); vp->length = AUTH_VECTOR_LEN; pairadd(&(request->reply->vps), vp); @@ -702,7 +702,7 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) * Create an EAP-Type containing the EAP-type * from the packet. */ - vp = paircreate(PW_EAP_TYPE, 0); + vp = paircreate(request->packet, PW_EAP_TYPE, 0); if (vp) { vp->vp_integer = eap_msg->vp_octets[4]; pairadd(&(request->packet->vps), vp); diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index 9843d3996f6..816fc5d0d3f 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -199,7 +199,7 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag) RDEBUGW("Not adding MPPE keys because there is no PRF label"); } - eaptls_gen_eap_key(tls_session->ssl, + eaptls_gen_eap_key(handler->request->reply, tls_session->ssl, handler->eap_type, &handler->request->reply->vps); return 1; } diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h index 6913f068710..9bcb1808a47 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.h +++ b/src/modules/rlm_eap/libeap/eap_tls.h @@ -70,7 +70,7 @@ int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn); void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s, const char *prf_label); void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size); -void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE_PAIR **vps); +void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header, VALUE_PAIR **vps); #define BUFFER_SIZE 1024 diff --git a/src/modules/rlm_eap/libeap/eap_types.h b/src/modules/rlm_eap/libeap/eap_types.h index c4b24c8b995..94f8b92b200 100644 --- a/src/modules/rlm_eap/libeap/eap_types.h +++ b/src/modules/rlm_eap/libeap/eap_types.h @@ -119,7 +119,8 @@ extern int eaptype_name2type(const char *name); extern const char *eaptype_type2name(unsigned int type, char *buffer, size_t buflen); extern int eap_wireformat(EAP_PACKET *reply); extern int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply); -extern VALUE_PAIR *eap_packet2vp(const eap_packet_t *reply); +extern VALUE_PAIR *eap_packet2vp(RADIUS_PACKET *packet, + const eap_packet_t *reply); extern eap_packet_t *eap_vp2packet(VALUE_PAIR *vps); #endif /* _EAP_TYPES_H */ diff --git a/src/modules/rlm_eap/libeap/eapcommon.c b/src/modules/rlm_eap/libeap/eapcommon.c index 67f751f2d06..acbafc257a7 100644 --- a/src/modules/rlm_eap/libeap/eapcommon.c +++ b/src/modules/rlm_eap/libeap/eapcommon.c @@ -261,7 +261,7 @@ int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply) pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0, TAG_ANY); - vp = eap_packet2vp(eap_packet); + vp = eap_packet2vp(packet, eap_packet); if (!vp) return RLM_MODULE_INVALID; pairadd(&(packet->vps), vp); @@ -274,7 +274,7 @@ int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply) */ vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { - vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0); + vp = paircreate(packet, PW_MESSAGE_AUTHENTICATOR, 0); memset(vp->vp_strvalue, 0, AUTH_VECTOR_LEN); vp->length = AUTH_VECTOR_LEN; pairadd(&(packet->vps), vp); @@ -307,7 +307,7 @@ int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply) } -VALUE_PAIR *eap_packet2vp(const eap_packet_t *packet) +VALUE_PAIR *eap_packet2vp(RADIUS_PACKET *packet, const eap_packet_t *eap) { int total, size; const uint8_t *ptr; @@ -315,15 +315,15 @@ VALUE_PAIR *eap_packet2vp(const eap_packet_t *packet) VALUE_PAIR **tail = &head; VALUE_PAIR *vp; - total = packet->length[0] * 256 + packet->length[1]; + total = eap->length[0] * 256 + eap->length[1]; - ptr = (const uint8_t *) packet; + ptr = (const uint8_t *) eap; do { size = total; if (size > 253) size = 253; - vp = paircreate(PW_EAP_MESSAGE, 0); + vp = paircreate(packet, PW_EAP_MESSAGE, 0); if (!vp) { pairfree(&head); return NULL; diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c index acdbfa9666d..a509d38a6ac 100644 --- a/src/modules/rlm_eap/libeap/eapsimlib.c +++ b/src/modules/rlm_eap/libeap/eapsimlib.c @@ -328,7 +328,7 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, return 0; } - newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0); + newvp = paircreate(r, ATTRIBUTE_EAP_SIM_SUBTYPE, 0); if (!newvp) return 0; newvp->vp_integer = attr[0]; newvp->length = 1; @@ -364,7 +364,7 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, return 0; } - newvp = paircreate(eapsim_attribute+ATTRIBUTE_EAP_SIM_BASE, 0); + newvp = paircreate(r, eapsim_attribute+ATTRIBUTE_EAP_SIM_BASE, 0); memcpy(newvp->vp_strvalue, &attr[2], eapsim_len-2); newvp->length = eapsim_len-2; pairadd(&(r->vps), newvp); diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c index efc28da27a5..8ea1188cae6 100644 --- a/src/modules/rlm_eap/libeap/mppe_keys.c +++ b/src/modules/rlm_eap/libeap/mppe_keys.c @@ -197,7 +197,7 @@ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size) * Actually generates EAP-Session-Id, which is an internal server * attribute. Not all systems want to send EAP-Key-Nam */ -void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE_PAIR **vps) +void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header, VALUE_PAIR **vps) { VALUE_PAIR *vp; @@ -206,7 +206,7 @@ void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE_PAIR **vps) return; } - vp = paircreate(PW_EAP_SESSION_ID, PW_TYPE_OCTETS); + vp = paircreate(packet, PW_EAP_SESSION_ID, PW_TYPE_OCTETS); if (!vp) return; vp->vp_octets[0] = header & 0xff; diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c index 5fdb49f8de4..833b2c3b608 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c @@ -267,7 +267,8 @@ static int eapmessage_verify(REQUEST *request, /* * Convert a pseudo-EAP packet to a list of VALUE_PAIR's. */ -static VALUE_PAIR *eap2vp(REQUEST *request, EAP_DS *eap_ds, +static VALUE_PAIR *eap2vp(REQUEST *request, RADIUS_PACKET *packet, + EAP_DS *eap_ds, const uint8_t *data, size_t data_len) { size_t total; @@ -275,7 +276,7 @@ static VALUE_PAIR *eap2vp(REQUEST *request, EAP_DS *eap_ds, if (data_len > 65535) return NULL; /* paranoia */ - vp = paircreate(PW_EAP_MESSAGE, 0); + vp = paircreate(packet, PW_EAP_MESSAGE, 0); if (!vp) { RDEBUG2("Failure in creating VP"); return NULL; @@ -301,7 +302,7 @@ static VALUE_PAIR *eap2vp(REQUEST *request, EAP_DS *eap_ds, int vp_len; - vp = paircreate(PW_EAP_MESSAGE, 0); + vp = paircreate(packet, PW_EAP_MESSAGE, 0); if (!vp) { RDEBUG2("Failure in creating VP"); pairfree(&head); @@ -930,7 +931,7 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) t->status = PEAP_STATUS_PHASE2; - vp = paircreate(PW_EAP_MESSAGE, 0); + vp = paircreate(fake->packet, PW_EAP_MESSAGE, 0); vp->vp_octets[0] = PW_EAP_RESPONSE; vp->vp_octets[1] = eap_ds->response->id; @@ -954,7 +955,8 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) break; } case PEAP_STATUS_PHASE2: - fake->packet->vps = eap2vp(request, eap_ds, data, data_len); + fake->packet->vps = eap2vp(request, fake->packet, + eap_ds, data, data_len); if (!fake->packet->vps) { request_free(&fake); RDEBUG2("Unable to convert tunneled EAP packet to internal server data structures"); diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c index cb3bf0da01f..f192bc3465c 100644 --- a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c +++ b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c @@ -89,6 +89,7 @@ static int eap_sim_sendstart(EAP_HANDLER *handler) VALUE_PAIR **vps, *newvp; uint16_t *words; struct eap_sim_server_state *ess; + RADIUS_PACKET *packet; rad_assert(handler->request != NULL); rad_assert(handler->request->reply); @@ -96,16 +97,17 @@ static int eap_sim_sendstart(EAP_HANDLER *handler) ess = (struct eap_sim_server_state *)handler->opaque; /* these are the outgoing attributes */ - vps = &handler->request->reply->vps; - + packet = handler->request->reply; + vps = &packet->vps; rad_assert(vps != NULL); + /* * add appropriate TLVs for the EAP things we wish to send. */ /* the version list. We support only version 1. */ - newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0); words = (uint16_t *)newvp->vp_strvalue; newvp->length = 3*sizeof(uint16_t); words[0] = htons(1*sizeof(uint16_t)); @@ -114,7 +116,7 @@ static int eap_sim_sendstart(EAP_HANDLER *handler) pairadd(vps, newvp); /* set the EAP_ID - new value */ - newvp = paircreate(ATTRIBUTE_EAP_ID, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_ID, 0); newvp->vp_integer = ess->sim_id++; pairreplace(vps, newvp); @@ -123,14 +125,14 @@ static int eap_sim_sendstart(EAP_HANDLER *handler) memcpy(ess->keys.versionlist, words+1, ess->keys.versionlistlen); /* the ANY_ID attribute. We do not support re-auth or pseudonym */ - newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0); newvp->length = 2; newvp->vp_strvalue[0]=0; newvp->vp_strvalue[0]=1; pairadd(vps, newvp); /* the SUBTYPE, set to start. */ - newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_SUBTYPE, 0); newvp->vp_integer = eapsim_start; pairreplace(vps, newvp); @@ -208,6 +210,7 @@ static int eap_sim_sendchallenge(EAP_HANDLER *handler) { struct eap_sim_server_state *ess; VALUE_PAIR **invps, **outvps, *newvp; + RADIUS_PACKET *packet; ess = (struct eap_sim_server_state *)handler->opaque; rad_assert(handler->request != NULL); @@ -220,7 +223,8 @@ static int eap_sim_sendchallenge(EAP_HANDLER *handler) invps = &handler->request->packet->vps; /* outvps is the data to the client. */ - outvps= &handler->request->reply->vps; + packet = handler->request->reply; + outvps= &packet->vps; if ((debug_flag > 0) && fr_log_fp) { fprintf(fr_log_fp, "+++> EAP-sim decoded packet:\n"); @@ -228,7 +232,7 @@ static int eap_sim_sendchallenge(EAP_HANDLER *handler) } /* okay, we got the challenges! Put them into an attribute */ - newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0); memset(newvp->vp_strvalue, 0, 2); /* clear reserved bytes */ memcpy(newvp->vp_strvalue+2+EAPSIM_RAND_SIZE*0, ess->keys.rand[0], EAPSIM_RAND_SIZE); memcpy(newvp->vp_strvalue+2+EAPSIM_RAND_SIZE*1, ess->keys.rand[1], EAPSIM_RAND_SIZE); @@ -237,7 +241,7 @@ static int eap_sim_sendchallenge(EAP_HANDLER *handler) pairadd(outvps, newvp); /* set the EAP_ID - new value */ - newvp = paircreate(ATTRIBUTE_EAP_ID, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_ID, 0); newvp->vp_integer = ess->sim_id++; pairreplace(outvps, newvp); @@ -273,18 +277,18 @@ static int eap_sim_sendchallenge(EAP_HANDLER *handler) * will pull it out before it does the operation. */ - newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0); memcpy(newvp->vp_strvalue, ess->keys.nonce_mt, 16); newvp->length = 16; pairreplace(outvps, newvp); - newvp = paircreate(ATTRIBUTE_EAP_SIM_KEY, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_KEY, 0); memcpy(newvp->vp_strvalue, ess->keys.K_aut, 16); newvp->length = 16; pairreplace(outvps, newvp); /* the SUBTYPE, set to challenge. */ - newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_SIM_SUBTYPE, 0); newvp->vp_integer = eapsim_challenge; pairreplace(outvps, newvp); @@ -308,13 +312,15 @@ static int eap_sim_sendsuccess(EAP_HANDLER *handler) struct eap_sim_server_state *ess; VALUE_PAIR **outvps; VALUE_PAIR *newvp; + RADIUS_PACKET *packet; /* outvps is the data to the client. */ - outvps= &handler->request->reply->vps; + packet = handler->request->reply; + outvps= &packet->vps; ess = (struct eap_sim_server_state *)handler->opaque; /* set the EAP_ID - new value */ - newvp = paircreate(ATTRIBUTE_EAP_ID, 0); + newvp = paircreate(packet, ATTRIBUTE_EAP_ID, 0); newvp->vp_integer = ess->sim_id++; pairreplace(outvps, newvp); diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index 3ee5d01c68d..07b3560a0fa 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -134,7 +134,7 @@ static int diameter_verify(REQUEST *request, /* * Convert diameter attributes to our VALUE_PAIR's */ -static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl, +static VALUE_PAIR *diameter2vp(REQUEST *request, REQUEST *fake, SSL *ssl, const uint8_t *data, size_t data_len) { uint32_t attr; @@ -146,6 +146,7 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl, VALUE_PAIR *first = NULL; VALUE_PAIR **last = &first; VALUE_PAIR *vp; + RADIUS_PACKET *packet = fake->packet; /* FIXME: api issues */ while (data_left > 0) { rad_assert(data_left <= data_len); @@ -252,7 +253,7 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl, * Create it. If this fails, it's because we're OOM. */ do_octets: - vp = paircreate(attr, vendor); + vp = paircreate(packet, attr, vendor); if (!vp) { RDEBUG2("Failure in creating VP"); pairfree(&first); @@ -309,12 +310,12 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl, pairfree(&vp); return NULL; } - memcpy(&vp->vp_ipaddr, data, vp->length); + memcpy(&vp->vp_ipaddr, data, vp->length); - /* - * Stored in network byte order: don't change it. - */ - break; + /* + * Stored in network byte order: don't change it. + */ + break; case PW_TYPE_BYTE: if (size != vp->length) goto raw; @@ -367,7 +368,7 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, SSL *ssl, if (size == 0) break; - vp = paircreate(attr, vendor); + vp = paircreate(packet, attr, vendor); if (!vp) { RDEBUG2("Failure in creating VP"); pairfree(&first); @@ -1033,7 +1034,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) /* * Add the tunneled attributes to the fake request. */ - fake->packet->vps = diameter2vp(request, tls_session->ssl, data, data_len); + fake->packet->vps = diameter2vp(request, fake, tls_session->ssl, data, data_len); if (!fake->packet->vps) { request_free(&fake); return PW_AUTHENTICATION_REJECT; @@ -1094,7 +1095,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) */ if (t->default_eap_type != 0) { RDEBUG("Setting default EAP type for tunneled EAP session."); - vp = paircreate(PW_EAP_TYPE, 0); + vp = paircreate(request, PW_EAP_TYPE, 0); rad_assert(vp != NULL); vp->vp_integer = t->default_eap_type; pairadd(&fake->config_items, vp); diff --git a/src/modules/rlm_otp/rlm_otp.c b/src/modules/rlm_otp/rlm_otp.c index bb10f1fdcd2..343404a9124 100644 --- a/src/modules/rlm_otp/rlm_otp.c +++ b/src/modules/rlm_otp/rlm_otp.c @@ -248,7 +248,7 @@ static rlm_rcode_t otp_authorize(void *instance, REQUEST *request) len = otp_gen_state(gen_state, challenge, inst->challenge_len, 0, now, hmac_key); - vp = paircreate(PW_STATE, 0); + vp = paircreate(request->reply, PW_STATE, 0); if (!vp) { return RLM_MODULE_FAIL; } @@ -271,7 +271,7 @@ static rlm_rcode_t otp_authorize(void *instance, REQUEST *request) * First add the internal OTP challenge attribute to * the reply list. */ - vp = paircreate(PW_OTP_CHALLENGE, 0); + vp = paircreate(request->reply, PW_OTP_CHALLENGE, 0); if (!vp) { return RLM_MODULE_FAIL; } @@ -293,7 +293,7 @@ static rlm_rcode_t otp_authorize(void *instance, REQUEST *request) return RLM_MODULE_FAIL; } - vp = paircreate(PW_REPLY_MESSAGE, 0); + vp = paircreate(request->reply, PW_REPLY_MESSAGE, 0); if (!vp) { return RLM_MODULE_FAIL; } diff --git a/src/modules/rlm_sim_files/rlm_sim_files.c b/src/modules/rlm_sim_files/rlm_sim_files.c index 89ca101e9eb..5e3c3f0c604 100644 --- a/src/modules/rlm_sim_files/rlm_sim_files.c +++ b/src/modules/rlm_sim_files/rlm_sim_files.c @@ -186,16 +186,16 @@ static rlm_rcode_t sim_file_authorize(void *instance, REQUEST *request) } - r = paircreate(ATTRIBUTE_EAP_SIM_RAND1 + imsicount, 0); + r = paircreate(request->reply, ATTRIBUTE_EAP_SIM_RAND1 + imsicount, 0); pairparsevalue(r, chal); pairadd(reply_pairs, r); - k = paircreate(ATTRIBUTE_EAP_SIM_KC1 + imsicount, 0); + k = paircreate(request->reply, ATTRIBUTE_EAP_SIM_KC1 + imsicount, 0); pairparsevalue(k, kc); rad_assert(k != NULL); pairadd(reply_pairs, k); - s = paircreate(ATTRIBUTE_EAP_SIM_SRES1 + imsicount, 0); + s = paircreate(request->reply, ATTRIBUTE_EAP_SIM_SRES1 + imsicount, 0); pairparsevalue(s, sres); pairadd(reply_pairs, s); diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c index d04007c8373..713bcc24eb5 100644 --- a/src/modules/rlm_soh/rlm_soh.c +++ b/src/modules/rlm_soh/rlm_soh.c @@ -162,7 +162,7 @@ static rlm_rcode_t soh_postauth(UNUSED void * instance, REQUEST *request) if (vlen <= 1) { RDEBUG("SoH adding NAP marker to DHCP reply"); /* client probe; send "NAP" in the reply */ - vp = paircreate(43, DHCP_MAGIC_VENDOR); + vp = paircreate(request->reply, 43, DHCP_MAGIC_VENDOR); vp->vp_octets[0] = 220; vp->vp_octets[1] = 3; vp->vp_octets[4] = 'N';