From: Alan T. DeKok Date: Thu, 31 Aug 2023 13:17:49 +0000 (-0400) Subject: replace Packet-Authentication-Vector X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0db34cbf3b9e0a8832be2f8d50f0818bb2bd0ee5;p=thirdparty%2Ffreeradius-server.git replace Packet-Authentication-Vector It's still used for radius_tp_decode_proto, but the attribute is no longer a virtual one --- diff --git a/doc/antora/modules/installation/pages/upgrade.adoc b/doc/antora/modules/installation/pages/upgrade.adoc index 15d5e68b1ce..a586dcee8e2 100644 --- a/doc/antora/modules/installation/pages/upgrade.adoc +++ b/doc/antora/modules/installation/pages/upgrade.adoc @@ -1038,3 +1038,5 @@ Many "virtual" or "fake" attributes have been removed or renamed. `&Response-Packet-Type` should be replaced by `&reply.Packet-Type`. `&Virtual-Server` should be replaced by `%(interpreter:server)`. + +`&Packet-Authentication-Vector` should be replaced by `%{radius.packet.vector:}`. diff --git a/src/lib/server/tmpl_eval.c b/src/lib/server/tmpl_eval.c index 552f4700c4b..266010155dc 100644 --- a/src/lib/server/tmpl_eval.c +++ b/src/lib/server/tmpl_eval.c @@ -57,7 +57,6 @@ static fr_dict_attr_t const *attr_packet_dst_port; static fr_dict_attr_t const *attr_packet_src_ip_address; static fr_dict_attr_t const *attr_packet_src_ipv6_address; static fr_dict_attr_t const *attr_packet_src_port; -static fr_dict_attr_t const *attr_packet_authentication_vector; /** Placeholder attribute for uses of unspecified attribute references */ @@ -71,8 +70,6 @@ static fr_dict_attr_autoload_t tmpl_dict_attr[] = { { .out = &attr_packet_src_ip_address, .name = "Packet-Src-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius }, { .out = &attr_packet_src_ipv6_address, .name = "Packet-Src-IPv6-Address", .type = FR_TYPE_IPV6_ADDR, .dict = &dict_freeradius }, { .out = &attr_packet_src_port, .name = "Packet-Src-Port", .type = FR_TYPE_UINT16, .dict = &dict_freeradius }, - - { .out = &attr_packet_authentication_vector, .name = "Packet-Authentication-Vector", .type = FR_TYPE_OCTETS, .dict = &dict_radius }, { NULL } }; diff --git a/src/listen/radius/proto_radius.c b/src/listen/radius/proto_radius.c index 9d6002cf286..a412a230004 100644 --- a/src/listen/radius/proto_radius.c +++ b/src/listen/radius/proto_radius.c @@ -24,6 +24,7 @@ */ #include #include +#include #include #include "proto_radius.h" @@ -563,17 +564,51 @@ static int mod_bootstrap(module_inst_ctx_t const *mctx) return fr_master_app_io.common.bootstrap(MODULE_INST_CTX(inst->io.dl_inst)); } +/** Get the authentication vector. + * + * Note that we don't allow people to get the reply vector, because + * it doesn't exist until the reply is sent. + * + */ +static xlat_action_t packet_vector_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, + UNUSED xlat_ctx_t const *xctx, request_t *request, + UNUSED fr_value_box_list_t *in) +{ + fr_value_box_t *vb; + + if (request->dict != dict_radius) return XLAT_ACTION_FAIL; + + MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_OCTETS, NULL)); + if (fr_value_box_memdup(vb, vb, NULL, request->packet->vector, sizeof(request->packet->vector), true) < 0) { + talloc_free(vb); + return XLAT_ACTION_FAIL; + } + + fr_dcursor_append(out, vb); + + return XLAT_ACTION_DONE; +} + + static int mod_load(void) { + xlat_t *xlat; + if (fr_radius_init() < 0) { PERROR("Failed initialising protocol library"); return -1; } + + + if (!(xlat = xlat_func_register(NULL, "radius.packet.vector", packet_vector_xlat, FR_TYPE_OCTETS))) return -1; + return 0; } static void mod_unload(void) { + xlat_func_unregister("radius.packet.vector"); + fr_radius_free(); }