From: Nick Porter Date: Tue, 17 Jun 2025 19:42:06 +0000 (+0100) Subject: Pass unlang_result_t to modules instead of rlm_rcode_t X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f8d4449d2b04a3a7fffa0ddfefdce796a021c48;p=thirdparty%2Ffreeradius-server.git Pass unlang_result_t to modules instead of rlm_rcode_t --- diff --git a/doc/antora/modules/developers/pages/coccinelle.adoc b/doc/antora/modules/developers/pages/coccinelle.adoc index 222c9e62d46..6ed41e799f5 100644 --- a/doc/antora/modules/developers/pages/coccinelle.adoc +++ b/doc/antora/modules/developers/pages/coccinelle.adoc @@ -70,7 +70,7 @@ diff --git a/src/lib/eap_aka_sim/module.c b/src/lib/eap_aka_sim/module.c index 6fff875fb3..d172db865a 100644 --- a/src/lib/eap_aka_sim/module.c +++ b/src/lib/eap_aka_sim/module.c -@@ -340,7 +340,7 @@ unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *m +@@ -340,7 +340,7 @@ unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *m goto done; } diff --git a/src/lib/eap/chbind.c b/src/lib/eap/chbind.c index 1048020a87f..e3a84135339 100644 --- a/src/lib/eap/chbind.c +++ b/src/lib/eap/chbind.c @@ -170,7 +170,7 @@ static size_t chbind_get_data(chbind_packet_t const *packet, fr_radius_packet_code_t chbind_process(request_t *request, CHBIND_REQ *chbind) { fr_radius_packet_code_t code; - rlm_rcode_t rcode; + unlang_result_t result; request_t *fake = NULL; uint8_t const *attr_data; size_t data_len = 0; @@ -240,8 +240,8 @@ fr_radius_packet_code_t chbind_process(request_t *request, CHBIND_REQ *chbind) // fake->server_cs = virtual_server_find("channel_bindings"); fake->packet->code = FR_RADIUS_CODE_ACCESS_REQUEST; - rad_virtual_server(&rcode, fake); - switch (rcode) { + rad_virtual_server(&result, fake); + switch (result.rcode) { /* If the virtual server succeeded, build a reply */ case RLM_MODULE_OK: case RLM_MODULE_HANDLED: diff --git a/src/lib/eap_aka_sim/module.c b/src/lib/eap_aka_sim/module.c index 04cba0ca926..3ed5311461a 100644 --- a/src/lib/eap_aka_sim/module.c +++ b/src/lib/eap_aka_sim/module.c @@ -39,7 +39,7 @@ RCSID("$Id$") /** Encode EAP session data from attributes * */ -static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_encode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t); eap_session_t *eap_session = eap_session_get(request->parent); @@ -258,7 +258,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct RDEBUG2("Encoding attributes"); log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->reply_pairs, NULL); - if (fr_aka_sim_encode(request, &request->reply_pairs, &encode_ctx) <= 0) RETURN_MODULE_FAIL; + if (fr_aka_sim_encode(request, &request->reply_pairs, &encode_ctx) <= 0) RETURN_UNLANG_FAIL; switch (subtype_vp->vp_uint16) { case FR_SUBTYPE_VALUE_AKA_IDENTITY: @@ -291,7 +291,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct /** Decode EAP session data into attribute * */ -unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_aka_sim_module_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_module_conf_t); eap_session_t *eap_session = eap_session_get(request->parent); @@ -305,7 +305,7 @@ unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *m switch (eap_session->this_round->response->type.num) { default: REDEBUG2("Unsupported EAP type (%u)", eap_session->this_round->response->type.num); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; case FR_EAP_METHOD_IDENTITY: case FR_EAP_METHOD_NAK: /* Peer NAK'd our original suggestion */ @@ -420,7 +420,7 @@ unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *m if (slen <= 0) { RPEDEBUG("AT_MAC calculation failed"); pair_delete_control(vp); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } break; @@ -441,7 +441,7 @@ done: if (virtual_server_push(&mod_session->virtual_server_result, request, inst->virtual_server, UNLANG_SUB_FRAME) < 0) { unlang_interpet_frame_discard(request); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return UNLANG_ACTION_PUSHED_CHILD; diff --git a/src/lib/eap_aka_sim/module.h b/src/lib/eap_aka_sim/module.h index eb446eea671..4c28a5a7cfc 100644 --- a/src/lib/eap_aka_sim/module.h +++ b/src/lib/eap_aka_sim/module.h @@ -81,7 +81,7 @@ typedef struct { fr_aka_sim_ctx_t ctx; } eap_aka_sim_mod_session_t; -unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request); +unlang_action_t eap_aka_sim_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request); #ifdef __cplusplus } diff --git a/src/lib/eap_aka_sim/state_machine.c b/src/lib/eap_aka_sim/state_machine.c index 3f6925e3433..110332a2a9e 100644 --- a/src/lib/eap_aka_sim/state_machine.c +++ b/src/lib/eap_aka_sim/state_machine.c @@ -41,30 +41,30 @@ RCSID("$Id$") # define EAP_TLS_MPPE_KEY_LEN 32 #endif -#define STATE(_x) static inline unlang_action_t state_ ## _x(rlm_rcode_t *p_result, \ +#define STATE(_x) static inline unlang_action_t state_ ## _x(unlang_result_t *p_result, \ module_ctx_t const *mctx, \ request_t *request) -#define STATE_GUARD(_x) static unlang_action_t guard_ ## _x(rlm_rcode_t *p_result, \ +#define STATE_GUARD(_x) static unlang_action_t guard_ ## _x(unlang_result_t *p_result, \ module_ctx_t const *mctx, \ request_t *request) -#define RESUME(_x) static inline unlang_action_t resume_ ## _x(rlm_rcode_t *p_result, \ +#define RESUME(_x) static inline unlang_action_t resume_ ## _x(unlang_result_t *p_result, \ module_ctx_t const *mctx, \ request_t *request) #define STATE_NO_RESULT(_x) \ - static inline unlang_action_t state_ ## _x(UNUSED rlm_rcode_t *p_result, \ + static inline unlang_action_t state_ ## _x(UNUSED unlang_result_t *p_result, \ module_ctx_t const *mctx, \ request_t *request) #define STATE_GUARD_NO_RESULT(_x) \ - static unlang_action_t guard_ ## _x(UNUSED rlm_rcode_t *p_result, \ + static unlang_action_t guard_ ## _x(UNUSED unlang_result_t *p_result, \ module_ctx_t const *mctx, \ request_t *request) #define RESUME_NO_RESULT(_x) \ - static inline unlang_action_t resume_ ## _x(UNUSED rlm_rcode_t *p_result, \ + static inline unlang_action_t resume_ ## _x(UNUSED unlang_result_t *p_result, \ module_ctx_t const *mctx, \ request_t *request) @@ -813,7 +813,7 @@ done: * @param[in] eap_aka_sim_session the EAP session * @param[in] next function to call after storing sessions and pseudonyms. */ -static unlang_action_t session_and_pseudonym_store(rlm_rcode_t *p_result, module_ctx_t const *mctx, +static unlang_action_t session_and_pseudonym_store(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t next) @@ -929,7 +929,7 @@ RESUME(clear_pseudonym) * @param[in] eap_aka_sim_session the current EAP session * @param[in] next function to call after clearing sessions and pseudonyms. */ -static unlang_action_t session_and_pseudonym_clear(rlm_rcode_t *p_result, module_ctx_t const *mctx, +static unlang_action_t session_and_pseudonym_clear(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session, module_method_t next) @@ -1023,7 +1023,7 @@ common_crypto_export(request_t *request, eap_aka_sim_session_t *eap_aka_sim_sess /** Called after 'store session { ... }' and 'store pseudonym { ... }' * */ -static unlang_action_t common_reauthentication_request_send(rlm_rcode_t *p_result, +static unlang_action_t common_reauthentication_request_send(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t); @@ -1061,13 +1061,13 @@ static unlang_action_t common_reauthentication_request_send(rlm_rcode_t *p_resul eap_aka_sim_session->keys.reauth.nonce_s, sizeof(eap_aka_sim_session->keys.reauth.nonce_s)); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /** Called after 'store session { ... }' and 'store pseudonym { ... }' * */ -static unlang_action_t aka_challenge_request_send(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t aka_challenge_request_send(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t); @@ -1091,13 +1091,13 @@ static unlang_action_t aka_challenge_request_send(rlm_rcode_t *p_result, module_ */ common_crypto_export(request, eap_aka_sim_session, NULL, 0, NULL, 0); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /** Called after 'store session { ... }' and 'store pseudonym { ... }' * */ -static unlang_action_t sim_challenge_request_send(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t sim_challenge_request_send(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t); uint8_t sres_cat[AKA_SIM_VECTOR_GSM_SRES_SIZE * 3]; @@ -1132,7 +1132,7 @@ static unlang_action_t sim_challenge_request_send(rlm_rcode_t *p_result, module_ eap_aka_sim_session->keys.gsm.nonce_mt, sizeof(eap_aka_sim_session->keys.gsm.nonce_mt), sres_cat, sizeof(sres_cat)); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /** Helper function to check for the presence and length of AT_SELECTED_VERSION and copy its value into the keys structure @@ -1225,11 +1225,11 @@ static int sim_start_nonce_mt_check(request_t *request, eap_aka_sim_session_t *e */ STATE(eap_failure) { - if (!fr_cond_assert(request && mctx && mctx->rctx)) RETURN_MODULE_FAIL; /* unused args */ + if (!fr_cond_assert(request && mctx && mctx->rctx)) RETURN_UNLANG_FAIL; /* unused args */ fr_assert(0); /* Should never actually be called */ - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /** Resume after 'send EAP-Failure { ... }' @@ -1239,13 +1239,13 @@ RESUME(send_eap_failure) { eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t); - if (!fr_cond_assert(mctx && mctx->rctx)) RETURN_MODULE_FAIL; /* unused args */ + if (!fr_cond_assert(mctx && mctx->rctx)) RETURN_UNLANG_FAIL; /* unused args */ SECTION_RCODE_IGNORED; RDEBUG2("Sending EAP-Failure"); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } /** Enter EAP-FAILURE state @@ -1329,7 +1329,7 @@ RESUME(send_common_failure_notification) eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t); - if (!fr_cond_assert(mctx)) RETURN_MODULE_FAIL; /* quiet unused warning */ + if (!fr_cond_assert(mctx)) RETURN_UNLANG_FAIL; /* quiet unused warning */ SECTION_RCODE_IGNORED; @@ -1427,7 +1427,7 @@ RESUME(send_common_failure_notification) */ common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_AKA_SIM_NOTIFICATION); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /** Enter the FAILURE-NOTIFICATION state @@ -1475,11 +1475,11 @@ STATE(eap_success) { eap_aka_sim_session_t *eap_aka_sim_session = talloc_get_type_abort(mctx->rctx, eap_aka_sim_session_t); - if (!fr_cond_assert(request && mctx && eap_aka_sim_session)) RETURN_MODULE_FAIL; /* unused args */ + if (!fr_cond_assert(request && mctx && eap_aka_sim_session)) RETURN_UNLANG_FAIL; /* unused args */ fr_assert(0); /* Should never actually be called */ - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /** Resume after 'send EAP-Success { ... }' @@ -1535,7 +1535,7 @@ RESUME(send_eap_success) p += EAP_TLS_MPPE_KEY_LEN; eap_add_reply(request->parent, attr_ms_mppe_send_key, p, EAP_TLS_MPPE_KEY_LEN); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Enter EAP-SUCCESS state @@ -1600,7 +1600,7 @@ RESUME(send_common_success_notification) SECTION_RCODE_PROCESS; - if (!fr_cond_assert(after_authentication(eap_aka_sim_session))) RETURN_MODULE_FAIL; + if (!fr_cond_assert(after_authentication(eap_aka_sim_session))) RETURN_UNLANG_FAIL; /* * If we're in this state success bit is @@ -1646,7 +1646,7 @@ RESUME(send_common_success_notification) */ common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_AKA_SIM_NOTIFICATION); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /** Enter the SUCCESS-NOTIFICATION state @@ -1800,7 +1800,7 @@ STATE(common_reauthentication) /** Send a EAP-Request/(AKA|SIM)-Reauthenticate message to the supplicant * */ -static unlang_action_t common_reauthentication_request_compose(rlm_rcode_t *p_result, +static unlang_action_t common_reauthentication_request_compose(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, eap_aka_sim_session_t *eap_aka_sim_session) @@ -2709,7 +2709,7 @@ RESUME(send_sim_challenge_request) (fr_aka_sim_vector_gsm_from_attrs(request, &request->control_pairs, 2, &eap_aka_sim_session->keys, &src) != 0)) { REDEBUG("Failed retrieving SIM vectors"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } fr_aka_sim_crypto_gsm_kdf_0(&eap_aka_sim_session->keys); @@ -2809,7 +2809,7 @@ STATE_GUARD(common_challenge) } fr_assert(0); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /** Resume after 'recv Identity-Response { ... }' or 'recv AKA-Identity { ... }' @@ -3049,7 +3049,7 @@ RESUME(send_aka_identity_request) */ common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_AKA_IDENTITY); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /** Enter the AKA-IDENTITY state @@ -3419,7 +3419,7 @@ RESUME(send_sim_start) common_reply(request, eap_aka_sim_session, FR_SUBTYPE_VALUE_SIM_START); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /** Enter the SIM-START state @@ -3466,7 +3466,7 @@ STATE_GUARD(common_identity) } fr_assert(0); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /** Resume after 'recv Identity-Response { ... }' @@ -3540,7 +3540,7 @@ RESUME(recv_common_identity_response) default: fr_assert(0); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -3705,7 +3705,7 @@ static int _eap_aka_sim_session_free(eap_aka_sim_session_t *eap_aka_sim_session) /** Resumes the state machine when receiving a new response packet * */ -unlang_action_t eap_aka_sim_state_machine_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +unlang_action_t eap_aka_sim_state_machine_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->mi->data, eap_aka_sim_process_conf_t); eap_aka_sim_session_t *eap_aka_sim_session = request_data_reference(request, @@ -3737,7 +3737,7 @@ unlang_action_t eap_aka_sim_state_machine_process(rlm_rcode_t *p_result, module_ if (unlikely(request_data_add(request, (void *)eap_aka_sim_state_machine_process, 0, eap_aka_sim_session, true, true, true) < 0)) { RPEDEBUG("Failed creating new EAP-SIM/AKA/AKA' session"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } eap_aka_sim_session->type = inst->type; @@ -3752,7 +3752,7 @@ unlang_action_t eap_aka_sim_state_machine_process(rlm_rcode_t *p_result, module_ */ our_mctx.rctx = eap_aka_sim_session; - if (!fr_cond_assert(eap_aka_sim_session->state)) RETURN_MODULE_FAIL; + if (!fr_cond_assert(eap_aka_sim_session->state)) RETURN_UNLANG_FAIL; return eap_aka_sim_session->state(p_result, &our_mctx, request); } diff --git a/src/lib/eap_aka_sim/state_machine.h b/src/lib/eap_aka_sim/state_machine.h index 233908dc92f..8e48990c1c7 100644 --- a/src/lib/eap_aka_sim/state_machine.h +++ b/src/lib/eap_aka_sim/state_machine.h @@ -210,7 +210,7 @@ typedef struct { eap_aka_sim_actions_t actions; //!< Pre-compiled virtual server sections. } eap_aka_sim_process_conf_t; -unlang_action_t eap_aka_sim_state_machine_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request); +unlang_action_t eap_aka_sim_state_machine_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request); #ifdef __cplusplus } diff --git a/src/lib/server/auth.c b/src/lib/server/auth.c index 0a05c113d96..712d65a61c6 100644 --- a/src/lib/server/auth.c +++ b/src/lib/server/auth.c @@ -41,7 +41,7 @@ RCSID("$Id$") * Run a virtual server auth and postauth * */ -unlang_action_t rad_virtual_server(rlm_rcode_t *p_result, request_t *request) +unlang_action_t rad_virtual_server(unlang_result_t *p_result, request_t *request) { RDEBUG("Virtual server %s received request NOT IMPLEMENTED", cf_section_name2(unlang_call_current(request))); log_request_pair_list(L_DBG_LVL_1, request, NULL, &request->request_pairs, NULL); @@ -52,7 +52,7 @@ unlang_action_t rad_virtual_server(rlm_rcode_t *p_result, request_t *request) * Except that the caller expects this function to be run * _synchronously_, and all of that needs to be fixed. */ - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; #if 0 { @@ -160,7 +160,7 @@ unlang_action_t rad_virtual_server(rlm_rcode_t *p_result, request_t *request) if (!request->async) { #ifdef STATIC_ANALYZER - if (!request->parent) RETURN_MODULE_FAIL; + if (!request->parent) RETURN_UNLANG_FAIL; #endif fr_assert(request->parent != NULL); @@ -178,14 +178,14 @@ unlang_action_t rad_virtual_server(rlm_rcode_t *p_result, request_t *request) if (!request->reply->code || (request->reply->code == FR_RADIUS_CODE_ACCESS_REJECT)) { - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } if (request->reply->code == FR_RADIUS_CODE_ACCESS_CHALLENGE) { - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; #endif } diff --git a/src/lib/server/auth.h b/src/lib/server/auth.h index ec3dbf4ba41..cc50c17a70b 100644 --- a/src/lib/server/auth.h +++ b/src/lib/server/auth.h @@ -29,9 +29,9 @@ extern "C" { #endif #include -#include +#include -unlang_action_t rad_virtual_server(rlm_rcode_t *p_result, request_t *request); +unlang_action_t rad_virtual_server(unlang_result_t *p_result, request_t *request); #ifdef __cplusplus } diff --git a/src/lib/server/module.h b/src/lib/server/module.h index 6832ac7bc41..4f93d3fc2c2 100644 --- a/src/lib/server/module.h +++ b/src/lib/server/module.h @@ -42,6 +42,7 @@ typedef struct module_list_s module_list_t; #include #include #include +#include DIAG_OFF(attributes) typedef enum CC_HINT(flag_enum) { @@ -65,7 +66,7 @@ DIAG_ON(attributes) * @param[in] request to process. * @return the appropriate rcode. */ -typedef unlang_action_t (*module_method_t)(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request); +typedef unlang_action_t (*module_method_t)(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request); /** Module instantiation callback * diff --git a/src/lib/server/process.h b/src/lib/server/process.h index 605250d7d8d..500e3061c30 100644 --- a/src/lib/server/process.h +++ b/src/lib/server/process.h @@ -141,11 +141,11 @@ do { \ #define UPDATE_STATE(_x) state = &process_state_ ## _x [request->_x->code] -#define RECV(_x) static inline unlang_action_t recv_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) -#define SEND(_x) static inline unlang_action_t send_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) -#define SEND_NO_RESULT(_x) static inline unlang_action_t send_ ## _x(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) -#define RESUME(_x) static inline unlang_action_t resume_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) -#define RESUME_FLAG(_x, _p_result_flag, _mctx_flag) static inline unlang_action_t resume_ ## _x(_p_result_flag rlm_rcode_t *p_result, _mctx_flag module_ctx_t const *mctx, request_t *request) +#define RECV(_x) static inline unlang_action_t recv_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) +#define SEND(_x) static inline unlang_action_t send_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) +#define SEND_NO_RESULT(_x) static inline unlang_action_t send_ ## _x(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) +#define RESUME(_x) static inline unlang_action_t resume_ ## _x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) +#define RESUME_FLAG(_x, _p_result_flag, _mctx_flag) static inline unlang_action_t resume_ ## _x(_p_result_flag unlang_result_t *p_result, _mctx_flag module_ctx_t const *mctx, request_t *request) /** Returns the current rcode then resets it for the next module call * @@ -172,7 +172,7 @@ static inline CC_HINT(always_inline) unlang_result_t *process_result_reset(unlan * @return Result of the method call. */ static inline CC_HINT(always_inline) -unlang_action_t process_with_rctx(rlm_rcode_t *p_result, module_ctx_t const *mctx, +unlang_action_t process_with_rctx(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, module_method_t method, void *rctx) { module_ctx_t our_mctx = *mctx; @@ -206,7 +206,7 @@ unlang_action_t process_with_rctx(rlm_rcode_t *p_result, module_ctx_t const *mct #define CALL_SEND_TYPE(_x) call_send_type(process_state_reply[(request->reply->code = _x)].send, p_result, mctx, request) static inline unlang_action_t call_send_type(module_method_t send, \ - rlm_rcode_t *p_result, module_ctx_t const *mctx, + unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { /* @@ -236,7 +236,7 @@ RECV(generic) } else { REDEBUG("Invalid packet type (%u)", request->packet->code); } - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } @@ -389,7 +389,7 @@ RESUME(send_generic) fr_assert(rcode < RLM_MODULE_NUMCODES); switch (state->packet_type[rcode]) { case 0: /* don't change the reply */ - *p_result = state->result_rcode; + p_result->rcode = state->result_rcode; break; default: @@ -419,7 +419,7 @@ RESUME(send_generic) cs, state->default_rcode, state->send, NULL, 0, mctx->rctx); } - *p_result = state->result_rcode; + p_result->rcode = state->result_rcode; fr_assert(!state->packet_type[rcode] || (state->packet_type[rcode] == request->reply->code)); break; @@ -435,7 +435,7 @@ RESUME(send_generic) fr_table_str_by_value(rcode_table, rcode, "")); } request->reply->code = PROCESS_CODE_DO_NOT_RESPOND; - *p_result = state->result_rcode; + p_result->rcode = state->result_rcode; break; #endif } @@ -449,7 +449,7 @@ RESUME(send_generic) */ if (request->reply->code == PROCESS_CODE_DO_NOT_RESPOND) { RDEBUG("Not sending reply to client"); - *p_result = RLM_MODULE_HANDLED; + p_result->rcode = RLM_MODULE_HANDLED; return UNLANG_ACTION_CALCULATE_RESULT; } #endif @@ -460,7 +460,7 @@ RESUME(send_generic) #ifdef PROCESS_CODE_DYNAMIC_CLIENT RESUME_FLAG(new_client_done,,UNUSED) { - *p_result = RLM_MODULE_OK; + p_result->rcode = RLM_MODULE_OK; request->reply->timestamp = fr_time(); @@ -495,7 +495,7 @@ RESUME(new_client) request->module = NULL; if (!cs) { - *p_result = RLM_MODULE_OK; + p_result->rcode = RLM_MODULE_OK; request->reply->timestamp = fr_time(); return UNLANG_ACTION_CALCULATE_RESULT; } @@ -506,7 +506,7 @@ RESUME(new_client) NULL, 0, mctx->rctx); } -static inline unlang_action_t new_client(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static inline unlang_action_t new_client(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { CONF_SECTION *cs; PROCESS_INST const *inst = mctx->mi->data; diff --git a/src/lib/server/rcode.h b/src/lib/server/rcode.h index e78e14d5d76..61505faa98f 100644 --- a/src/lib/server/rcode.h +++ b/src/lib/server/rcode.h @@ -53,18 +53,6 @@ typedef enum { //!< returned by modules). } rlm_rcode_t; -#define RETURN_MODULE_REJECT do { *p_result = RLM_MODULE_REJECT; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_FAIL do { *p_result = RLM_MODULE_FAIL; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_OK do { *p_result = RLM_MODULE_OK; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_HANDLED do { *p_result = RLM_MODULE_HANDLED; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_INVALID do { *p_result = RLM_MODULE_INVALID; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_DISALLOW do { *p_result = RLM_MODULE_DISALLOW; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_NOTFOUND do { *p_result = RLM_MODULE_NOTFOUND; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_NOOP do { *p_result = RLM_MODULE_NOOP; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_UPDATED do { *p_result = RLM_MODULE_UPDATED; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_TIMEOUT do { *p_result = RLM_MODULE_TIMEOUT; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) -#define RETURN_MODULE_RCODE(_rcode) do { *p_result = (_rcode); return UNLANG_ACTION_CALCULATE_RESULT; } while (0) - #define RETURN_UNLANG_REJECT do { p_result->rcode = RLM_MODULE_REJECT; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) #define RETURN_UNLANG_FAIL do { p_result->rcode = RLM_MODULE_FAIL; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) #define RETURN_UNLANG_OK do { p_result->rcode = RLM_MODULE_OK; return UNLANG_ACTION_CALCULATE_RESULT; } while (0) diff --git a/src/lib/unlang/module.c b/src/lib/unlang/module.c index b0356d42ab3..9bf2511d368 100644 --- a/src/lib/unlang/module.c +++ b/src/lib/unlang/module.c @@ -273,7 +273,7 @@ unlang_action_t unlang_module_yield_to_section(unlang_result_t *p_result, * the scratch result for the frame, and * _NOT_ what was passed in for p_result. */ - return resume(&frame->scratch_result.rcode, + return resume(&frame->scratch_result, MODULE_CTX(m->mmc.mi, module_thread(m->mmc.mi)->data, state->env_data, rctx), request); @@ -325,7 +325,7 @@ void unlang_module_retry_now(module_ctx_t const *mctx, request_t *request) /** Cancel the retry timer on resume * */ -static unlang_action_t unlang_module_retry_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t unlang_module_retry_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { unlang_stack_t *stack = request->stack; unlang_stack_frame_t *frame = &stack->frame[stack->depth]; @@ -600,8 +600,8 @@ static unlang_action_t unlang_module_resume(unlang_result_t *p_result, request_t * Lock is noop unless instance->mutex is set. */ safe_lock(m->mmc.mi); - ua = resume(&p_result->rcode, MODULE_CTX(m->mmc.mi, state->thread->data, - state->env_data, state->rctx), request); + ua = resume(p_result, MODULE_CTX(m->mmc.mi, state->thread->data, + state->env_data, state->rctx), request); safe_unlock(m->mmc.mi); if (request->master_state == REQUEST_STOP_PROCESSING) ua = UNLANG_ACTION_STOP_PROCESSING; @@ -872,7 +872,7 @@ static unlang_action_t unlang_module(unlang_result_t *p_result, request_t *reque request->module = m->mmc.mi->name; safe_lock(m->mmc.mi); /* Noop unless instance->mutex set */ - ua = m->mmc.mmb.method(&p_result->rcode, + ua = m->mmc.mmb.method(p_result, MODULE_CTX(m->mmc.mi, state->thread->data, state->env_data, state->rctx), request); safe_unlock(m->mmc.mi); diff --git a/src/modules/rlm_always/rlm_always.c b/src/modules/rlm_always/rlm_always.c index f954669b977..c10525084fd 100644 --- a/src/modules/rlm_always/rlm_always.c +++ b/src/modules/rlm_always/rlm_always.c @@ -127,11 +127,11 @@ done: * Just return the rcode ... this function is autz, auth, acct, and * preacct! */ -static unlang_action_t CC_HINT(nonnull) mod_always_return(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_always_return(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { rlm_always_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_always_t); - RETURN_MODULE_RCODE(inst->mutable->rcode); + RETURN_UNLANG_RCODE(inst->mutable->rcode); } static int mod_detach(module_detach_ctx_t const *mctx) diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c index 5894af5856d..bfee1e4fcb4 100644 --- a/src/modules/rlm_attr_filter/rlm_attr_filter.c +++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c @@ -186,7 +186,7 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) /* * Common attr_filter checks */ -static unlang_action_t CC_HINT(nonnull) attr_filter_common(TALLOC_CTX *ctx, rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) attr_filter_common(TALLOC_CTX *ctx, unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, fr_pair_list_t *list) { @@ -201,11 +201,11 @@ static unlang_action_t CC_HINT(nonnull) attr_filter_common(TALLOC_CTX *ctx, rlm_ slen = tmpl_expand(&keyname, buffer, sizeof(buffer), request, inst->key); if (slen < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if ((keyname == buffer) && is_truncated((size_t)slen, sizeof(buffer))) { REDEBUG("Key too long, expected < " STRINGIFY(sizeof(buffer)) " bytes, got %zi bytes", slen); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -371,7 +371,7 @@ static unlang_action_t CC_HINT(nonnull) attr_filter_common(TALLOC_CTX *ctx, rlm_ */ if (!found) { fr_assert(fr_pair_list_empty(&output)); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -380,10 +380,10 @@ static unlang_action_t CC_HINT(nonnull) attr_filter_common(TALLOC_CTX *ctx, rlm_ fr_pair_list_free(list); fr_pair_list_append(list, &output); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } -#define RLM_AF_FUNC(_x, _y) static unlang_action_t CC_HINT(nonnull) mod_##_x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) \ +#define RLM_AF_FUNC(_x, _y) static unlang_action_t CC_HINT(nonnull) mod_##_x(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) \ { \ return attr_filter_common(request->_y##_ctx, p_result, mctx, request, &request->_y##_pairs); \ } diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c index 3cd11d41d96..ed3a46e421b 100644 --- a/src/modules/rlm_cache/rlm_cache.c +++ b/src/modules/rlm_cache/rlm_cache.c @@ -22,6 +22,7 @@ * @copyright 2024 Arran Cudbard-Bell (a.cudbardb@freeradius.org) * @copyright 2012-2014 The FreeRADIUS server project */ +#include "lib/unlang/action.h" RCSID("$Id$") #define LOG_PREFIX mctx->mi->name @@ -286,7 +287,7 @@ static rlm_rcode_t cache_merge(rlm_cache_t const *inst, request_t *request, rlm_ * - #RLM_MODULE_FAIL on failure. * - #RLM_MODULE_NOTFOUND on cache miss. */ -static unlang_action_t cache_find(rlm_rcode_t *p_result, rlm_cache_entry_t **out, +static unlang_action_t cache_find(unlang_result_t *p_result, rlm_cache_entry_t **out, rlm_cache_t const *inst, request_t *request, rlm_cache_handle_t **handle, fr_value_box_t const *key) { @@ -302,17 +303,17 @@ static unlang_action_t cache_find(rlm_rcode_t *p_result, rlm_cache_entry_t **out case CACHE_RECONNECT: RDEBUG2("Reconnecting..."); if (cache_reconnect(handle, inst, request) == 0) continue; - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; case CACHE_OK: break; case CACHE_MISS: RDEBUG2("No cache entry found for \"%pV\"", key); - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } @@ -333,7 +334,7 @@ static unlang_action_t cache_find(rlm_rcode_t *p_result, rlm_cache_entry_t **out expired: inst->driver->expire(&inst->config, inst->driver_submodule->data, request, handle, key); cache_free(inst, &c); - RETURN_MODULE_NOTFOUND; /* Couldn't find a non-expired entry */ + RETURN_UNLANG_NOTFOUND; /* Couldn't find a non-expired entry */ } if (fr_unix_time_lt(c->created, fr_unix_time_from_sec(inst->config.epoch))) { @@ -346,7 +347,7 @@ static unlang_action_t cache_find(rlm_rcode_t *p_result, rlm_cache_entry_t **out c->hits++; *out = c; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Expire a cache entry (removing it from the datastore) @@ -356,7 +357,7 @@ static unlang_action_t cache_find(rlm_rcode_t *p_result, rlm_cache_entry_t **out * - #RLM_MODULE_NOTFOUND if no entry existed. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t cache_expire(rlm_rcode_t *p_result, +static unlang_action_t cache_expire(unlang_result_t *p_result, rlm_cache_t const *inst, request_t *request, rlm_cache_handle_t **handle, fr_value_box_t const *key) { @@ -367,13 +368,13 @@ static unlang_action_t cache_expire(rlm_rcode_t *p_result, FALL_THROUGH; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; case CACHE_OK: - RETURN_MODULE_OK; + RETURN_UNLANG_OK; case CACHE_MISS: - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; } } @@ -384,7 +385,7 @@ static unlang_action_t cache_expire(rlm_rcode_t *p_result, * - #RLM_MODULE_UPDATED if we merged the cache entry. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t cache_insert(rlm_rcode_t *p_result, +static unlang_action_t cache_insert(unlang_result_t *p_result, rlm_cache_t const *inst, request_t *request, rlm_cache_handle_t **handle, fr_value_box_t const *key, map_list_t const *maps, fr_time_delta_t ttl) { @@ -400,18 +401,18 @@ static unlang_action_t cache_insert(rlm_rcode_t *p_result, if ((inst->config.max_entries > 0) && inst->driver->count && (inst->driver->count(&inst->config, inst->driver_submodule->data, request, handle) > inst->config.max_entries)) { RWDEBUG("Cache is full: %d entries", inst->config.max_entries); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } c = cache_alloc(inst, request); if (!c) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } map_list_init(&c->maps); if (unlikely(fr_value_box_copy(c, &c->key, key) < 0)) { RERROR("Failed copying key"); talloc_free(c); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -509,7 +510,7 @@ static unlang_action_t cache_insert(rlm_rcode_t *p_result, REDEBUG("Failed copying attribute value"); talloc_free(pool); talloc_free(c); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } break; @@ -541,16 +542,16 @@ skip_maps: switch (ret) { case CACHE_RECONNECT: if (cache_reconnect(handle, inst, request) == 0) continue; - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; case CACHE_OK: RDEBUG2("Committed entry, TTL %pV seconds", fr_box_time_delta(ttl)); cache_free(inst, &c); - RETURN_MODULE_RCODE(merge ? RLM_MODULE_UPDATED : RLM_MODULE_OK); + RETURN_UNLANG_RCODE(merge ? RLM_MODULE_UPDATED : RLM_MODULE_OK); default: talloc_free(c); /* Failed insertion - use talloc_free not the driver free */ - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } } @@ -561,7 +562,7 @@ skip_maps: * - #RLM_MODULE_OK on success. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t cache_set_ttl(rlm_rcode_t *p_result, +static unlang_action_t cache_set_ttl(unlang_result_t *p_result, rlm_cache_t const *inst, request_t *request, rlm_cache_handle_t **handle, rlm_cache_entry_t *c) { @@ -575,14 +576,14 @@ static unlang_action_t cache_set_ttl(rlm_rcode_t *p_result, switch (ret) { case CACHE_RECONNECT: if (cache_reconnect(handle, inst, request) == 0) continue; - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; case CACHE_OK: RDEBUG2("Updated entry TTL"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } @@ -597,14 +598,14 @@ static unlang_action_t cache_set_ttl(rlm_rcode_t *p_result, switch (ret) { case CACHE_RECONNECT: if (cache_reconnect(handle, inst, request) == 0) continue; - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; case CACHE_OK: RDEBUG2("Updated entry TTL"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } } @@ -617,7 +618,7 @@ static unlang_action_t cache_set_ttl(rlm_rcode_t *p_result, * If you want to cache something different in different sections, configure * another cache module. */ -static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_cache_it(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_cache_entry_t *c = NULL; rlm_cache_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_cache_t); @@ -631,13 +632,13 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu bool merge = true, insert = true, expire = false, set_ttl = false; int exists = -1; - rlm_rcode_t rcode = RLM_MODULE_NOOP; - fr_time_delta_t ttl = inst->config.ttl; + p_result->rcode = RLM_MODULE_NOOP; + if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) { REDEBUG("Zero length key string is invalid"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -651,15 +652,15 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu REXDENT(); if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } - cache_find(&rcode, &c, inst, request, &handle, env->key); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_find(p_result, &c, inst, request, &handle, env->key); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; fr_assert(!inst->driver->acquire || handle); - rcode = c ? RLM_MODULE_OK: - RLM_MODULE_NOTFOUND; + p_result->rcode = c ? RLM_MODULE_OK: + RLM_MODULE_NOTFOUND; goto finish; } @@ -693,7 +694,7 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu RDEBUG3("ttl : %pV", fr_box_time_delta(ttl)); REXDENT(); if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -701,18 +702,18 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu * recording whether the entry existed. */ if (merge) { - cache_find(&rcode, &c, inst, request, &handle, env->key); - switch (rcode) { + cache_find(p_result, &c, inst, request, &handle, env->key); + switch (p_result->rcode) { case RLM_MODULE_FAIL: goto finish; case RLM_MODULE_OK: - rcode = cache_merge(inst, request, c); + p_result->rcode = cache_merge(inst, request, c); exists = 1; break; case RLM_MODULE_NOTFOUND: - rcode = RLM_MODULE_NOTFOUND; + p_result->rcode = RLM_MODULE_NOTFOUND; exists = 0; break; @@ -731,21 +732,21 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu */ if (expire && ((exists == -1) || (exists == 1))) { if (!insert) { - rlm_rcode_t tmp; + unlang_result_t tmp; fr_assert(!set_ttl); cache_expire(&tmp, inst, request, &handle, env->key); - switch (tmp) { + switch (tmp.rcode) { case RLM_MODULE_FAIL: - rcode = RLM_MODULE_FAIL; + p_result->rcode = RLM_MODULE_FAIL; goto finish; case RLM_MODULE_OK: - if (rcode == RLM_MODULE_NOOP) rcode = RLM_MODULE_OK; + if (p_result->rcode == RLM_MODULE_NOOP) p_result->rcode = RLM_MODULE_OK; break; case RLM_MODULE_NOTFOUND: - if (rcode == RLM_MODULE_NOOP) rcode = RLM_MODULE_NOTFOUND; + if (p_result->rcode == RLM_MODULE_NOOP) p_result->rcode = RLM_MODULE_NOTFOUND; break; default: @@ -764,17 +765,17 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu * determine that now. */ if ((exists < 0) && (insert || set_ttl)) { - rlm_rcode_t tmp; + unlang_result_t tmp; cache_find(&tmp, &c, inst, request, &handle, env->key); - switch (tmp) { + switch (tmp.rcode) { case RLM_MODULE_FAIL: - rcode = RLM_MODULE_FAIL; + p_result->rcode = RLM_MODULE_FAIL; goto finish; case RLM_MODULE_OK: exists = 1; - if (rcode != RLM_MODULE_UPDATED) rcode = RLM_MODULE_OK; + if (p_result->rcode != RLM_MODULE_UPDATED) p_result->rcode = RLM_MODULE_OK; break; case RLM_MODULE_NOTFOUND: @@ -791,21 +792,21 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu * We can only alter the TTL on an entry if it exists. */ if (set_ttl && (exists == 1)) { - rlm_rcode_t tmp; + unlang_result_t tmp; fr_assert(c); c->expires = fr_unix_time_add(fr_time_to_unix_time(request->packet->timestamp), ttl); cache_set_ttl(&tmp, inst, request, &handle, c); - switch (tmp) { + switch (tmp.rcode) { case RLM_MODULE_FAIL: - rcode = RLM_MODULE_FAIL; + p_result->rcode = RLM_MODULE_FAIL; goto finish; case RLM_MODULE_NOTFOUND: case RLM_MODULE_OK: - if (rcode != RLM_MODULE_UPDATED) rcode = RLM_MODULE_OK; + if (p_result->rcode != RLM_MODULE_UPDATED) p_result->rcode = RLM_MODULE_OK; goto finish; default: @@ -820,20 +821,20 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu * insert. */ if (insert && (exists == 0)) { - rlm_rcode_t tmp; + unlang_result_t tmp; cache_insert(&tmp, inst, request, &handle, env->key, env->maps, ttl); - switch (tmp) { + switch (tmp.rcode) { case RLM_MODULE_FAIL: - rcode = RLM_MODULE_FAIL; + p_result->rcode = RLM_MODULE_FAIL; goto finish; case RLM_MODULE_OK: - if (rcode != RLM_MODULE_UPDATED) rcode = RLM_MODULE_OK; + if (p_result->rcode != RLM_MODULE_UPDATED) p_result->rcode = RLM_MODULE_OK; break; case RLM_MODULE_UPDATED: - rcode = RLM_MODULE_UPDATED; + p_result->rcode = RLM_MODULE_UPDATED; break; default: @@ -872,7 +873,7 @@ finish: } } - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } static xlat_arg_parser_t const cache_xlat_args[] = { @@ -901,7 +902,7 @@ xlat_action_t cache_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, tmpl_t *target = NULL; map_t *map = NULL; - rlm_rcode_t rcode = RLM_MODULE_NOOP; + unlang_result_t result = { .rcode = RLM_MODULE_NOOP }; slen = tmpl_afrom_attr_substr(ctx, NULL, &target, &FR_SBUFF_IN(attr->vb_strvalue, attr->vb_length), @@ -922,8 +923,8 @@ xlat_action_t cache_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, return XLAT_ACTION_FAIL; } - cache_find(&rcode, &c, inst, request, &handle, env->key); - switch (rcode) { + cache_find(&result, &c, inst, request, &handle, env->key); + switch (result.rcode) { case RLM_MODULE_OK: /* found */ break; @@ -966,7 +967,7 @@ static xlat_action_t cache_ttl_get_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, cache_call_env_t *env = talloc_get_type_abort(xctx->env_data, cache_call_env_t); rlm_cache_handle_t *handle = NULL; - rlm_rcode_t rcode = RLM_MODULE_NOOP; + unlang_result_t result = { .rcode = RLM_MODULE_NOOP }; fr_value_box_t *vb; @@ -974,8 +975,8 @@ static xlat_action_t cache_ttl_get_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, return XLAT_ACTION_FAIL; } - cache_find(&rcode, &c, inst, request, &handle, env->key); - switch (rcode) { + cache_find(&result, &c, inst, request, &handle, env->key); + switch (result.rcode) { case RLM_MODULE_OK: /* found */ break; @@ -1040,35 +1041,36 @@ static void cache_unref(request_t *request, rlm_cache_t const *inst, rlm_cache_e * - #RLM_MODULE_NOTFOUND on cache miss. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t CC_HINT(nonnull) mod_method_status(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_method_status(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t); cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t); - rlm_rcode_t rcode = RLM_MODULE_NOOP; rlm_cache_entry_t *entry = NULL; rlm_cache_handle_t *handle = NULL; + p_result->rcode = RLM_MODULE_NOOP; + if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) { REDEBUG("Zero length key string is invalid"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Good to go? */ if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } fr_assert(!inst->driver->acquire || handle); - cache_find(&rcode, &entry, inst, request, &handle, env->key); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_find(p_result, &entry, inst, request, &handle, env->key); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; - rcode = (entry) ? RLM_MODULE_OK : RLM_MODULE_NOTFOUND; + p_result->rcode = (entry) ? RLM_MODULE_OK : RLM_MODULE_NOTFOUND; finish: cache_unref(request, inst, entry, handle); - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } /** Load the avps by ${key}. @@ -1078,39 +1080,40 @@ finish: * - #RLM_MODULE_NOTFOUND on cache miss. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t CC_HINT(nonnull) mod_method_load(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_method_load(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t); cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t); - rlm_rcode_t rcode = RLM_MODULE_NOOP; rlm_cache_entry_t *entry = NULL; rlm_cache_handle_t *handle = NULL; + p_result->rcode = RLM_MODULE_NOOP; + if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) { REDEBUG("Zero length key string is invalid"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Good to go? */ if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } - cache_find(&rcode, &entry, inst, request, &handle, env->key); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_find(p_result, &entry, inst, request, &handle, env->key); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; if (!entry) { RDEBUG2("Entry not found to load"); - rcode = RLM_MODULE_NOTFOUND; + p_result->rcode = RLM_MODULE_NOTFOUND; goto finish; } - rcode = cache_merge(inst, request, entry); + p_result->rcode = cache_merge(inst, request, entry); finish: cache_unref(request, inst, entry, handle); - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } /** Create, or update a cache entry @@ -1120,25 +1123,26 @@ finish: * - #RLM_MODULE_UPDATED if we merged the cache entry. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t CC_HINT(nonnull) mod_method_update(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_method_update(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t); cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t); - rlm_rcode_t rcode = RLM_MODULE_NOOP; fr_time_delta_t ttl; bool expire = false; rlm_cache_entry_t *entry = NULL; rlm_cache_handle_t *handle = NULL; fr_pair_t *vp; + p_result->rcode = RLM_MODULE_NOOP; + if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) { REDEBUG("Zero length key string is invalid"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Good to go? */ if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Process the TTL */ @@ -1160,18 +1164,18 @@ static unlang_action_t CC_HINT(nonnull) mod_method_update(rlm_rcode_t *p_result, /* * We can only alter the TTL on an entry if it exists. */ - cache_find(&rcode, &entry, inst, request, &handle, env->key); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_find(p_result, &entry, inst, request, &handle, env->key); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; - if (rcode == RLM_MODULE_OK) { + if (p_result->rcode == RLM_MODULE_OK) { fr_assert(entry != NULL); DEBUG3("Updating the TTL -> %pV", fr_box_time_delta(ttl)); entry->expires = fr_unix_time_add(fr_time_to_unix_time(request->packet->timestamp), ttl); - cache_set_ttl(&rcode, inst, request, &handle, entry); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_set_ttl(p_result, inst, request, &handle, entry); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; } /* @@ -1184,21 +1188,21 @@ static unlang_action_t CC_HINT(nonnull) mod_method_update(rlm_rcode_t *p_result, if (expire) { DEBUG3("Expiring cache entry"); - cache_expire(&rcode, inst, request, &handle, env->key); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_expire(p_result, inst, request, &handle, env->key); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; } /* * Inserts are upserts, so we don't care about the * entry state. */ - cache_insert(&rcode, inst, request, &handle, env->key, env->maps, ttl); - if (rcode == RLM_MODULE_OK) rcode = RLM_MODULE_UPDATED; + cache_insert(p_result, inst, request, &handle, env->key, env->maps, ttl); + if (p_result->rcode == RLM_MODULE_OK) p_result->rcode = RLM_MODULE_UPDATED; finish: cache_unref(request, inst, entry, handle); - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } /** Create, or update a cache entry @@ -1208,23 +1212,24 @@ finish: * - #RLM_MODULE_UPDATED if we inserted a cache entry. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t CC_HINT(nonnull) mod_method_store(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_method_store(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t); cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t); - rlm_rcode_t rcode = RLM_MODULE_NOOP; fr_time_delta_t ttl; rlm_cache_entry_t *entry = NULL; rlm_cache_handle_t *handle = NULL; fr_pair_t *vp; + p_result->rcode = RLM_MODULE_NOOP; + if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) { REDEBUG("Zero length key string is invalid"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Process the TTL */ @@ -1239,11 +1244,11 @@ static unlang_action_t CC_HINT(nonnull) mod_method_store(rlm_rcode_t *p_result, /* * We can only alter the TTL on an entry if it exists. */ - cache_find(&rcode, &entry, inst, request, &handle, env->key); - switch (rcode) { + cache_find(p_result, &entry, inst, request, &handle, env->key); + switch (p_result->rcode) { default: case RLM_MODULE_OK: - rcode = RLM_MODULE_NOOP; + p_result->rcode = RLM_MODULE_NOOP; goto finish; case RLM_MODULE_FAIL: @@ -1259,13 +1264,13 @@ static unlang_action_t CC_HINT(nonnull) mod_method_store(rlm_rcode_t *p_result, * setting the TTL, which precludes performing an * insert. */ - cache_insert(&rcode, inst, request, &handle, env->key, env->maps, ttl); + cache_insert(p_result, inst, request, &handle, env->key, env->maps, ttl); finish: cache_unref(request, inst, entry, handle); - if (rcode == RLM_MODULE_OK) rcode = RLM_MODULE_UPDATED; + if (p_result->rcode == RLM_MODULE_OK) p_result->rcode = RLM_MODULE_UPDATED; - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } /** Delete the entries by ${key} @@ -1275,41 +1280,42 @@ finish: * - #RLM_MODULE_NOTFOUND on cache miss. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t CC_HINT(nonnull) mod_method_clear(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_method_clear(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t); cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t); - rlm_rcode_t rcode = RLM_MODULE_NOOP; rlm_cache_entry_t *entry = NULL; rlm_cache_handle_t *handle = NULL; + p_result->rcode = RLM_MODULE_NOOP; + DEBUG3("Calling %s.clear", mctx->mi->name); if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) { REDEBUG("Zero length key string is invalid"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Good to go? */ if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } - cache_find(&rcode, &entry, inst, request, &handle, env->key); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_find(p_result, &entry, inst, request, &handle, env->key); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; if (!entry) { REDEBUG2("Entry not found to delete"); - rcode = RLM_MODULE_NOTFOUND; + p_result->rcode = RLM_MODULE_NOTFOUND; goto finish; } - cache_expire(&rcode, inst, request, &handle, env->key); + cache_expire(p_result, inst, request, &handle, env->key); finish: cache_unref(request, inst, entry, handle); - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } /** Change the TTL on an existing entry. @@ -1319,26 +1325,27 @@ finish: * - #RLM_MODULE_NOTFOUND on cache miss. * - #RLM_MODULE_FAIL on failure. */ -static unlang_action_t CC_HINT(nonnull) mod_method_ttl(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_method_ttl(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_cache_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_cache_t); cache_call_env_t *env = talloc_get_type_abort(mctx->env_data, cache_call_env_t); - rlm_rcode_t rcode = RLM_MODULE_NOOP; fr_time_delta_t ttl; rlm_cache_entry_t *entry = NULL; rlm_cache_handle_t *handle = NULL; fr_pair_t *vp; + p_result->rcode = RLM_MODULE_NOOP; + DEBUG3("Calling %s.ttl", mctx->mi->name); if (fr_type_is_variable_size(env->key->type) && (env->key->vb_length == 0)) { REDEBUG("Zero length key string is invalid"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Good to go? */ if (cache_acquire(&handle, inst, request) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Process the TTL */ @@ -1358,26 +1365,26 @@ static unlang_action_t CC_HINT(nonnull) mod_method_ttl(rlm_rcode_t *p_result, mo /* * We can only alter the TTL on an entry if it exists. */ - cache_find(&rcode, &entry, inst, request, &handle, env->key); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_find(p_result, &entry, inst, request, &handle, env->key); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; - if (rcode == RLM_MODULE_OK) { + if (p_result->rcode == RLM_MODULE_OK) { fr_assert(entry != NULL); DEBUG3("Updating the TTL -> %pV", fr_box_time_delta(ttl)); entry->expires = fr_unix_time_add(fr_time_to_unix_time(request->packet->timestamp), ttl); - cache_set_ttl(&rcode, inst, request, &handle, entry); - if (rcode == RLM_MODULE_FAIL) goto finish; + cache_set_ttl(p_result, inst, request, &handle, entry); + if (p_result->rcode == RLM_MODULE_FAIL) goto finish; - rcode = RLM_MODULE_UPDATED; + p_result->rcode = RLM_MODULE_UPDATED; } finish: cache_unref(request, inst, entry, handle); - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } /** Free any memory allocated under the instance diff --git a/src/modules/rlm_chap/rlm_chap.c b/src/modules/rlm_chap/rlm_chap.c index b1c994497db..faeabd8f39c 100644 --- a/src/modules/rlm_chap/rlm_chap.c +++ b/src/modules/rlm_chap/rlm_chap.c @@ -173,7 +173,7 @@ static xlat_action_t xlat_func_chap_password(TALLOC_CTX *ctx, fr_dcursor_t *out, return XLAT_ACTION_DONE; } -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_pair_t *vp; rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_chap_t); @@ -181,7 +181,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type) != NULL) { RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -189,7 +189,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * unless there's a CHAP-Password in the request. */ if (env_data->chap_password.type != FR_TYPE_OCTETS) { - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -209,14 +209,14 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup CHAP authentication", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) { - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* @@ -225,7 +225,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * from the database. The authentication code only needs to check * the password, the rest is done here. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_chap_t); fr_pair_t *known_good; @@ -242,23 +242,23 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (env_data->username.type != FR_TYPE_STRING) { REDEBUG("User-Name attribute is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (env_data->chap_password.type != FR_TYPE_OCTETS) { REDEBUG("You set 'control.Auth-Type = CHAP' for a request that " "does not contain a CHAP-Password attribute!"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (env_data->chap_password.vb_length == 0) { REDEBUG("request.CHAP-Password is empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (env_data->chap_password.vb_length != FR_CHAP_CHALLENGE_LENGTH + 1) { REDEBUG("request.CHAP-Password has invalid length"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -272,7 +272,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, false); if (!known_good) { REDEBUG("No \"known good\" password found for user"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -332,12 +332,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (ret != 0) { REDEBUG("Password comparison failed: password is incorrect"); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } RDEBUG2("CHAP user \"%pV\" authenticated successfully", &env_data->username); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* diff --git a/src/modules/rlm_client/rlm_client.c b/src/modules/rlm_client/rlm_client.c index 4e0a5011e5c..27cd214d430 100644 --- a/src/modules/rlm_client/rlm_client.c +++ b/src/modules/rlm_client/rlm_client.c @@ -287,7 +287,7 @@ static xlat_action_t xlat_client(TALLOC_CTX *ctx, fr_dcursor_t *out, /* * Find the client definition. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { size_t length; char const *value; @@ -302,31 +302,31 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU if ((request->packet->socket.inet.src_port != 0) || (!fr_pair_list_empty(&request->request_pairs)) || (request->parent != NULL)) { REDEBUG("Improper configuration"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } client = client_from_request(request); if (!client || !client->cs) { REDEBUG("Unknown client definition"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } cp = cf_pair_find(client->cs, "directory"); if (!cp) { REDEBUG("No directory configuration in the client"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } value = cf_pair_value(cp); if (!value) { REDEBUG("No value given for the directory entry in the client"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } length = strlen(value); if (length > (sizeof(buffer) - 256)) { REDEBUG("Directory name too long"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } memcpy(buffer, value, length + 1); @@ -335,10 +335,10 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU /* * Read the buffer and generate the client. */ - if (!client->server) RETURN_MODULE_FAIL; + if (!client->server) RETURN_UNLANG_FAIL; client = client_read(buffer, client->server_cs, true); - if (!client) RETURN_MODULE_FAIL; + if (!client) RETURN_UNLANG_FAIL; /* * Replace the client. This is more than a bit of a @@ -346,7 +346,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU */ request->client = client; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } static int mod_load(void) diff --git a/src/modules/rlm_csv/rlm_csv.c b/src/modules/rlm_csv/rlm_csv.c index dea47edc7ed..cf58efb27d8 100644 --- a/src/modules/rlm_csv/rlm_csv.c +++ b/src/modules/rlm_csv/rlm_csv.c @@ -999,14 +999,14 @@ static unlang_action_t mod_map_proc(unlang_result_t *p_result, map_ctx_t const * } -static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_csv_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_csv_t); rlm_rcode_t rcode; ssize_t slen; fr_value_box_t *key; - if (map_list_empty(&inst->map) || !inst->key) RETURN_MODULE_NOOP; + if (map_list_empty(&inst->map) || !inst->key) RETURN_UNLANG_NOOP; /* * Expand the key to whatever it is. For attributes, @@ -1015,7 +1015,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul slen = tmpl_aexpand_type(request, &key, FR_TYPE_VALUE_BOX, request, inst->key); if (slen < 0) { DEBUG("Failed expanding key '%s'", inst->key->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -1033,7 +1033,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul talloc_free(key); DEBUG("Failed casting %pV to data type '%s'", &key, fr_type_to_str(inst->key_data_type)); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } @@ -1043,7 +1043,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul REXDENT(); talloc_free(key); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } extern module_rlm_t rlm_csv; diff --git a/src/modules/rlm_delay/rlm_delay.c b/src/modules/rlm_delay/rlm_delay.c index 0e8bcd3fdee..9ea4cf657a6 100644 --- a/src/modules/rlm_delay/rlm_delay.c +++ b/src/modules/rlm_delay/rlm_delay.c @@ -123,7 +123,7 @@ static int delay_add(request_t *request, fr_time_t *resume_at, fr_time_t now, /** Called resume_at the delay is complete, and we're running from the interpreter * */ -static unlang_action_t mod_delay_return(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_delay_return(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_delay_retry_t *yielded = talloc_get_type_abort(mctx->rctx, rlm_delay_retry_t); rlm_delay_t *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_delay_t); @@ -138,10 +138,10 @@ static unlang_action_t mod_delay_return(rlm_rcode_t *p_result, module_ctx_t cons * Be transparent, don't alter the rcode */ if (inst->rcode == RLM_MODULE_NOT_SET) return UNLANG_ACTION_EXECUTE_NEXT; - RETURN_MODULE_RCODE(inst->rcode); + RETURN_UNLANG_RCODE(inst->rcode); } -static unlang_action_t CC_HINT(nonnull) mod_delay(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_delay(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_delay_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_delay_t); fr_time_delta_t delay; @@ -152,7 +152,7 @@ static unlang_action_t CC_HINT(nonnull) mod_delay(rlm_rcode_t *p_result, module_ if (tmpl_aexpand_type(request, &delay, FR_TYPE_TIME_DELTA, request, inst->delay) < 0) { RPEDEBUG("Failed parsing %s as delay time", inst->delay->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -184,7 +184,7 @@ static unlang_action_t CC_HINT(nonnull) mod_delay(rlm_rcode_t *p_result, module_ */ if (delay_add(request, &resume_at, yielded->when, delay, inst->force_reschedule, inst->relative) != 0) { - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } RDEBUG3("Current time %pVs, resume time %pVs", diff --git a/src/modules/rlm_detail/rlm_detail.c b/src/modules/rlm_detail/rlm_detail.c index 2892af8d3c4..40174d0f0d7 100644 --- a/src/modules/rlm_detail/rlm_detail.c +++ b/src/modules/rlm_detail/rlm_detail.c @@ -304,7 +304,7 @@ static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request, /* * Do detail, compatible with old accounting */ -static unlang_action_t CC_HINT(nonnull) detail_do(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, +static unlang_action_t CC_HINT(nonnull) detail_do(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, fr_packet_t *packet, fr_pair_list_t *list) { rlm_detail_env_t *env = talloc_get_type_abort(mctx->env_data, rlm_detail_env_t); @@ -318,9 +318,9 @@ static unlang_action_t CC_HINT(nonnull) detail_do(rlm_rcode_t *p_result, module_ outfd = exfile_open(inst->ef, env->filename.vb_strvalue, inst->perm, NULL); if (outfd < 0) { RPERROR("Couldn't open file %pV", &env->filename); - *p_result = RLM_MODULE_FAIL; + /* coverity[missing_unlock] */ - return UNLANG_ACTION_CALCULATE_RESULT; + RETURN_UNLANG_FAIL; } if (inst->group_is_set) { @@ -344,7 +344,7 @@ static unlang_action_t CC_HINT(nonnull) detail_do(rlm_rcode_t *p_result, module_ fail: if (outfp) fclose(outfp); exfile_close(inst->ef, outfd); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (detail_write(outfp, inst, request, &env->header, packet, list, env->ht) < 0) goto fail; @@ -358,13 +358,13 @@ static unlang_action_t CC_HINT(nonnull) detail_do(rlm_rcode_t *p_result, module_ /* * And everything is fine. */ - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Accounting - write the detail files. */ -static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { return detail_do(p_result, mctx, request, request->packet, &request->request_pairs); } @@ -372,7 +372,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo /* * Incoming Access Request - write the detail files. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { return detail_do(p_result, mctx, request, request->packet, &request->request_pairs); } @@ -380,7 +380,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod /* * Outgoing Access-Request Reply - write the detail files. */ -static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { return detail_do(p_result, mctx, request, request->reply, &request->reply_pairs); } diff --git a/src/modules/rlm_dhcpv4/rlm_dhcpv4.c b/src/modules/rlm_dhcpv4/rlm_dhcpv4.c index 211eabc8a08..86d6491cc7b 100644 --- a/src/modules/rlm_dhcpv4/rlm_dhcpv4.c +++ b/src/modules/rlm_dhcpv4/rlm_dhcpv4.c @@ -112,23 +112,23 @@ static void dhcpv4_queue_resume(bool sent, void *rctx) unlang_interpret_mark_runnable(d->request); } -static unlang_action_t dhcpv4_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t dhcpv4_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { rlm_dhcpv4_delay_t *d = talloc_get_type_abort(mctx->rctx, rlm_dhcpv4_delay_t); if (!d->sent) { talloc_free(d); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } talloc_free(d); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Send packets outbound. * */ -static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_dhcpv4_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_dhcpv4_thread_t); ssize_t data_len; @@ -147,7 +147,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_gateway_ip_address); if (!vp) { REDEBUG("Relayed packets MUST have a Gateway-IP-Address attribute"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -196,7 +196,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul vp = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_net_dst_ip); if (!vp || (vp->vp_ip.af != AF_INET)) { RDEBUG("No control.Net.Dst.IP, cannot relay packet"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -205,7 +205,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul data_len = fr_dhcpv4_encode(t->buffer, t->buffer_size, original, code, xid, &request->request_pairs); if (data_len <= 0) { RPEDEBUG("Failed encoding DHCPV4 request"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -224,7 +224,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul FR_PROTO_HEX_DUMP(t->buffer, data_len, "DHCPv4"); d = talloc_zero(request, rlm_dhcpv4_delay_t); - if (!d) RETURN_MODULE_FAIL; + if (!d) RETURN_UNLANG_FAIL; *d = (rlm_dhcpv4_delay_t) { .request = request, @@ -241,11 +241,11 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul rcode = fr_udp_queue_write(d, t->uq, t->buffer, data_len, &vp->vp_ip, port, d); if (rcode > 0) { talloc_free(d); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } if (rcode < 0) { talloc_free(d); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield(request, dhcpv4_resume, NULL, 0, d); diff --git a/src/modules/rlm_digest/rlm_digest.c b/src/modules/rlm_digest/rlm_digest.c index 30ebb53da91..1dcf53ccac3 100644 --- a/src/modules/rlm_digest/rlm_digest.c +++ b/src/modules/rlm_digest/rlm_digest.c @@ -83,7 +83,7 @@ fr_dict_attr_autoload_t rlm_digest_dict_attr[] = { { NULL } }; -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_digest_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_digest_t); fr_pair_t *vp; @@ -92,26 +92,26 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * Find the first attribute which is parented by Digest-Attributes. */ vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_digest_attributes); - if (!vp) RETURN_MODULE_NOOP; + if (!vp) RETURN_UNLANG_NOOP; if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup Digest authentication", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* * Everything's OK, add a digest authentication type. */ - if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP; + if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Perform all of the wondrous variants of digest authentication. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { size_t a1_len, a2_len, kd_len; uint8_t a1[(FR_MAX_STRING_LEN + 1) * 5]; /* can be 5 attributes */ @@ -130,20 +130,20 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (passwd) { if (passwd->vp_length != 32) { REDEBUG("Digest-Attributes.HA1 has invalid length, authentication failed"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } } else { passwd = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_cleartext_password); } if (!passwd) { REDEBUG("Password.Cleartext or Digest-Attributes.HA1 is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_digest_attributes); if (!vp) { REDEBUG("Digest-Attributes is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } list = &vp->vp_group; @@ -153,7 +153,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, nonce = fr_pair_find_by_da_nested(list, NULL, attr_digest_nonce); if (!nonce) { REDEBUG("No Digest-Attributes.Nonce: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -162,7 +162,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_user_name); if (!vp) { REDEBUG("No Digest-Attributes.User-Name: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&a1[0], vp->vp_octets, vp->vp_length); a1_len = vp->vp_length; @@ -173,7 +173,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_realm); if (!vp) { REDEBUG("No Digest-Attributes.Attributes.Realm: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&a1[a1_len], vp->vp_octets, vp->vp_length); a1_len += vp->vp_length; @@ -206,7 +206,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (fr_base16_decode(NULL, &FR_DBUFF_TMP(&a1[0], sizeof(a1)), &FR_SBUFF_IN(passwd->vp_strvalue, passwd->vp_length), false) != 16) { RDEBUG2("Invalid text in Digest-Attributes.HA1"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } } @@ -233,7 +233,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if ((nonce->vp_length & 1) != 0) { REDEBUG("Received Digest-Attributes.Nonce hex string with invalid length: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&a1[a1_len], nonce->vp_octets, nonce->vp_length); a1_len += nonce->vp_length; @@ -244,7 +244,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_cnonce); if (!vp) { REDEBUG("No Digest-Attributes.CNonce: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -252,7 +252,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if ((vp->vp_length & 1) != 0) { REDEBUG("Received Digest-Attributes.CNonce hex string with invalid length: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&a1[a1_len], vp->vp_octets, vp->vp_length); a1_len += vp->vp_length; @@ -263,7 +263,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * Anything else is an error. */ REDEBUG("%pP - Unknown Digest-Attributes.Algorithm: Cannot perform Digest authentication", vp); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -272,7 +272,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_method); if (!vp) { REDEBUG("No Digest-Attributes.Method: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&a2[0], vp->vp_octets, vp->vp_length); a2_len = vp->vp_length; @@ -283,7 +283,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_uri); if (!vp) { REDEBUG("No Digest-Attributes.URI: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&a2[a2_len], vp->vp_octets, vp->vp_length); a2_len += vp->vp_length; @@ -308,12 +308,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, body = fr_pair_find_by_da_nested(list, NULL, attr_digest_body_digest); if (!body) { REDEBUG("No Digest-Attributes.Body-Digest: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if ((a2_len + body->vp_length) > sizeof(a2)) { REDEBUG("Digest-Attributes.Body-Digest is too long"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(a2 + a2_len, body->vp_octets, body->vp_length); @@ -321,7 +321,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, } else if (strcasecmp(qop->vp_strvalue, "auth") != 0) { REDEBUG("%pP - Unknown value: Cannot perform Digest authentication", qop); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } } @@ -371,7 +371,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_nonce_count); if (!vp) { REDEBUG("No Digest-Attributes.Nonce-Count: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&kd[kd_len], vp->vp_octets, vp->vp_length); kd_len += vp->vp_length; @@ -382,7 +382,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da_nested(list, NULL, attr_digest_cnonce); if (!vp) { REDEBUG("No Digest-Attributes.CNonce: Cannot perform Digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(&kd[kd_len], vp->vp_octets, vp->vp_length); kd_len += vp->vp_length; @@ -425,13 +425,13 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_digest_response); if (!vp) { REDEBUG("No Digest-Response attribute in the request. Cannot perform digest authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (fr_base16_decode(NULL, &FR_DBUFF_TMP(&hash[0], sizeof(hash)), &FR_SBUFF_IN(vp->vp_strvalue, vp->vp_length), false) != (ssize_t)(vp->vp_length >> 1)) { RDEBUG2("Invalid text in Digest-Response"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } RDEBUG3("Comparing hashes, received: %pV, calculated: %pH", &vp->data, fr_box_octets(kd, 16)); @@ -439,10 +439,10 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * And finally, compare the digest in the packet with KD. */ - if (memcmp(&kd[0], &hash[0], 16) == 0) RETURN_MODULE_OK; + if (memcmp(&kd[0], &hash[0], 16) == 0) RETURN_UNLANG_OK; REDEBUG("FAILED authentication"); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c index 1476bd0f57e..05c2ac08f1b 100644 --- a/src/modules/rlm_eap/rlm_eap.c +++ b/src/modules/rlm_eap/rlm_eap.c @@ -117,8 +117,8 @@ fr_dict_attr_autoload_t rlm_eap_dict_attr[] = { { NULL } }; -static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull); -static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull); +static unlang_action_t mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull); +static unlang_action_t mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull); /** Loads submodules based on type = foo pairs * @@ -417,7 +417,7 @@ static void mod_authenticate_cancel(module_ctx_t const *mctx, request_t *request * @param[in] eap_session the EAP session * @param[in] submodule_result the input result from the submodule */ -static unlang_action_t mod_authenticate_result(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, +static unlang_action_t mod_authenticate_result(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request, eap_session_t *eap_session, unlang_result_t *submodule_result) { rlm_rcode_t rcode; @@ -505,7 +505,7 @@ static unlang_action_t mod_authenticate_result(rlm_rcode_t *p_result, UNUSED mod eap_session_freeze(&eap_session); finish: - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /** Call mod_authenticate_result asynchronously from the unlang interpreter @@ -515,7 +515,7 @@ finish: * @param[in] request the current request. * @return The result of this round of authentication. */ -static unlang_action_t mod_authenticate_result_async(rlm_rcode_t *p_result, module_ctx_t const *mctx, +static unlang_action_t mod_authenticate_result_async(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t); @@ -579,12 +579,12 @@ static ssize_t eap_identity_is_nai_with_realm(char const *identity) * @param[in] mctx module calling ctx. * @param[in] eap_session State data that persists over multiple rounds of EAP. * @return - * - UNLANG_ACTION_CALCULATE_RESULT + *p_result = RLM_MODULE_INVALID. + * - UNLANG_ACTION_CALCULATE_RESULT + p_result->rcode = RLM_MODULE_INVALID. * Invalid request. * - UNLANG_ACTION_PUSHED_CHILD Yield control back to the interpreter so it can * call the submodule. */ -static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t const *mctx, eap_session_t *eap_session) +static unlang_action_t eap_method_select(unlang_result_t *p_result, module_ctx_t const *mctx, eap_session_t *eap_session) { rlm_eap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_t); eap_type_data_t *type = &eap_session->this_round->response->type; @@ -607,7 +607,7 @@ static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t con REDEBUG("Peer sent EAP type number %d, which is outside known range", type->num); is_invalid: - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -735,7 +735,7 @@ static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t con TALLOC_FREE(eap_session->opaque); fr_state_discard_child(eap_session->request, eap_session, 0); next = eap_process_nak(mctx, eap_session->request, eap_session->type, type); - if (!next) RETURN_MODULE_REJECT; + if (!next) RETURN_UNLANG_REJECT; /* * Initialise the state machine for the next submodule @@ -803,7 +803,7 @@ static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t con RERROR("Failed copying parent's attribute list"); fail: TALLOC_FREE(eap_session->subrequest); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (fr_pair_list_copy(eap_session->subrequest->request_ctx, @@ -867,7 +867,7 @@ static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t con return UNLANG_ACTION_PUSHED_CHILD; } -static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_t); eap_session_t *eap_session; @@ -876,7 +876,7 @@ static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t cons if (!fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_message)) { REDEBUG("You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -887,7 +887,7 @@ static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t cons eap_packet = eap_packet_from_vp(request, &request->request_pairs); if (!eap_packet) { RPERROR("Malformed EAP Message"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -897,7 +897,7 @@ static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t cons * data. */ eap_session = eap_session_continue(inst, &eap_packet, request); - if (!eap_session) RETURN_MODULE_INVALID; /* Don't emit error here, it will mask the real issue */ + if (!eap_session) RETURN_UNLANG_INVALID; /* Don't emit error here, it will mask the real issue */ /* * Call an EAP submodule to process the request, @@ -905,7 +905,7 @@ static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t cons * process it ourselves. */ if ((ua = eap_method_select(p_result, mctx, eap_session)) != UNLANG_ACTION_CALCULATE_RESULT) return ua; - switch (*p_result) { + switch (p_result->rcode) { case RLM_MODULE_OK: case RLM_MODULE_UPDATED: eap_session_freeze(&eap_session); @@ -932,7 +932,7 @@ static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t cons * to check for user existence & get their configured values. * It Handles EAP-START Messages, User-Name initialization. */ -static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_t); int status; @@ -940,7 +940,7 @@ static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const * if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup EAP authentication", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -964,14 +964,14 @@ static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const * break; } - if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP; + if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP; - if (status == RLM_MODULE_OK) RETURN_MODULE_OK; + if (status == RLM_MODULE_OK) RETURN_UNLANG_OK; - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } -static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_pair_t *vp; eap_session_t *eap_session; @@ -998,16 +998,16 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const * * Only synthesize a failure message if something * previously rejected the request. */ - if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP; + if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_UNLANG_NOOP; if (!fr_pair_find_by_da(&request->request_pairs, NULL, attr_eap_message)) { RDEBUG3("Request didn't contain an EAP-Message, not inserting EAP-Failure"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_message)) { RDEBUG3("Reply already contained an EAP-Message, not inserting EAP-Failure"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -1018,7 +1018,7 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const * eap_session = eap_session_thaw(request); if (!eap_session) { RDEBUG3("Failed to get eap_session, probably already removed, not inserting EAP-Failure"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -1037,14 +1037,14 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const * */ if (!fr_cond_assert(eap_session->this_round) || !fr_cond_assert(eap_session->this_round->request)) { eap_session_destroy(&eap_session); /* Free the EAP session, and dissociate it from the request */ - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* * Already set to failure, assume something else * added EAP-Message with a failure code, do nothing. */ - if (eap_session->this_round->request->code == FR_EAP_CODE_FAILURE) RETURN_MODULE_NOOP; + if (eap_session->this_round->request->code == FR_EAP_CODE_FAILURE) RETURN_UNLANG_NOOP; /* * Was *NOT* an EAP-Failure, so we now need to turn it into one. @@ -1061,7 +1061,7 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const * MEM(pair_update_reply(&vp, attr_message_authenticator) >= 0); MEM(fr_pair_value_mem_alloc(vp, NULL, RADIUS_AUTH_VECTOR_LENGTH, false) == 0); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } static int mod_instantiate(module_inst_ctx_t const *mctx) diff --git a/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c b/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c index e0bf27f2f37..3b4b693574a 100644 --- a/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c +++ b/src/modules/rlm_eap/types/rlm_eap_aka/rlm_eap_aka.c @@ -45,7 +45,7 @@ static conf_parser_t submodule_config[] = { extern rlm_eap_submodule_t rlm_eap_aka; -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); eap_aka_sim_mod_session_t *mod_session; diff --git a/src/modules/rlm_eap/types/rlm_eap_aka_prime/rlm_eap_aka_prime.c b/src/modules/rlm_eap/types/rlm_eap_aka_prime/rlm_eap_aka_prime.c index 85b5a3e383b..35d53bac0dd 100644 --- a/src/modules/rlm_eap/types/rlm_eap_aka_prime/rlm_eap_aka_prime.c +++ b/src/modules/rlm_eap/types/rlm_eap_aka_prime/rlm_eap_aka_prime.c @@ -44,7 +44,7 @@ static conf_parser_t submodule_config[] = { extern rlm_eap_submodule_t rlm_eap_aka_prime; -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); eap_aka_sim_mod_session_t *mod_session; diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c index 8b44679c9b4..5bdf05b7981 100644 --- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c +++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c @@ -382,7 +382,7 @@ error: return 1; } -static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t); eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t); @@ -413,7 +413,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * do nothing. */ case EAP_TLS_HANDLED: - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; /* * Handshake is done, proceed with decoding tunneled @@ -426,7 +426,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * Anything else: fail. */ default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -441,7 +441,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t switch (eap_fast_process(request, eap_session, tls_session)) { case FR_RADIUS_CODE_ACCESS_REJECT: eap_tls_fail(request, eap_session); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; /* * Access-Challenge, continue tunneled conversation. @@ -449,13 +449,13 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t case FR_RADIUS_CODE_ACCESS_CHALLENGE: fr_tls_session_send(request, tls_session); eap_tls_request(request, eap_session); - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; /* * Success. */ case FR_RADIUS_CODE_ACCESS_ACCEPT: - if (eap_tls_success(request, eap_session, NULL) < 0) RETURN_MODULE_FAIL; + if (eap_tls_success(request, eap_session, NULL) < 0) RETURN_UNLANG_FAIL; /* * @todo - generate MPPE keys, which have their own magical deriviation. @@ -465,7 +465,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * Result is always OK, even if we fail to persist the * session data. */ - *p_result = RLM_MODULE_OK; + p_result->rcode = RLM_MODULE_OK; /* * Write the session to the session cache @@ -488,7 +488,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * will proxy it, rather than returning an EAP packet. */ case FR_RADIUS_CODE_STATUS_CLIENT: - RETURN_MODULE_OK; + RETURN_UNLANG_OK; default: break; @@ -498,13 +498,13 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * Something we don't understand: Reject it. */ eap_tls_fail(request, eap_session); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* * Do authentication, by letting EAP-TLS do most of the work. */ -static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, +static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); @@ -523,7 +523,7 @@ static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSE /* * Send an initial eap-tls request to the peer, using the libeap functions. */ -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_fast_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_eap_fast_t); rlm_eap_fast_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_eap_fast_thread_t); @@ -548,7 +548,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons } eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, thread->ssl_ctx, client_cert); - if (!eap_tls_session) RETURN_MODULE_FAIL; + if (!eap_tls_session) RETURN_UNLANG_FAIL; tls_session = eap_tls_session->tls_session; @@ -586,7 +586,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons &tls_session->clean_in, tls_session->clean_in.used, tls_session->clean_in.used) < 0) { talloc_free(tls_session); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } tls_session->record_init(&tls_session->clean_in); @@ -595,10 +595,10 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons if (!SSL_set_session_ticket_ext_cb(tls_session->ssl, _session_ticket, tls_session)) { RERROR("Failed setting SSL session ticket callback"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx) diff --git a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c index 298da8cab93..da665bd093e 100644 --- a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c +++ b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c @@ -73,7 +73,7 @@ fr_dict_attr_autoload_t rlm_eap_gtc_dict_attr[] = { { NULL } }; -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request); +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request); /** Translate a string auth_type into an enumeration value * @@ -103,7 +103,7 @@ static int auth_type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *paren /* * Keep processing the Auth-Type until it doesn't return YIELD. */ -static unlang_action_t gtc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t gtc_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_gtc_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_gtc_rctx_t); rlm_rcode_t rcode; @@ -114,17 +114,17 @@ static unlang_action_t gtc_resume(rlm_rcode_t *p_result, module_ctx_t const *mct rcode = rctx->section_result.rcode; if (rcode != RLM_MODULE_OK) { eap_round->request->code = FR_EAP_CODE_FAILURE; - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } eap_round->request->code = FR_EAP_CODE_SUCCESS; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Authenticate a previously sent challenge. */ -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_gtc_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_gtc_t); rlm_eap_gtc_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_gtc_rctx_t); @@ -146,7 +146,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (eap_round->response->length <= 4) { REDEBUG("Corrupted data"); eap_round->request->code = FR_EAP_CODE_FAILURE; - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -156,7 +156,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (eap_round->response->type.length > 128) { REDEBUG("Response is too large to understand"); eap_round->request->code = FR_EAP_CODE_FAILURE; - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -173,7 +173,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc RDEBUG2("authenticate %s { ... } sub-section not found.", inst->auth_type->name); eap_round->request->code = FR_EAP_CODE_FAILURE; - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield_to_section(&rctx->section_result, request, unlang, RLM_MODULE_FAIL, gtc_resume, NULL, 0, rctx); @@ -183,7 +183,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc /* * Initiate the EAP-GTC session by sending a challenge to the peer. */ -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); char challenge_str[1024]; @@ -192,7 +192,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons rlm_eap_gtc_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_gtc_t); if (xlat_eval(challenge_str, sizeof(challenge_str), request, inst->challenge, NULL, NULL) < 0) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } length = strlen(challenge_str); @@ -203,7 +203,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons eap_round->request->code = FR_EAP_CODE_REQUEST; eap_round->request->type.data = talloc_array(eap_round->request, uint8_t, length); - if (!eap_round->request->type.data) RETURN_MODULE_FAIL; + if (!eap_round->request->type.data) RETURN_UNLANG_FAIL; memcpy(eap_round->request->type.data, challenge_str, length); eap_round->request->type.length = length; @@ -217,7 +217,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons */ eap_session->process = mod_process; - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /* diff --git a/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c index 8aff65ee19d..7c544449ac7 100644 --- a/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c +++ b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c @@ -49,7 +49,7 @@ fr_dict_attr_autoload_t rlm_eap_md5_dict_attr[] = { /* * Authenticate a previously sent challenge. */ -static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); MD5_PACKET *packet; @@ -68,7 +68,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co false); if (!known_good) { REDEBUG("No \"known good\" password found for user"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -77,7 +77,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co packet = eap_md5_extract(request, eap_session->this_round); if (!packet) { if (ephemeral) TALLOC_FREE(known_good); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -106,13 +106,13 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co if (ephemeral) TALLOC_FREE(known_good); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Initiate the EAP-MD5 session by sending a challenge to the peer. */ -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); MD5_PACKET *reply; @@ -163,7 +163,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, UNUSED module_ctx */ eap_session->process = mod_process; - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /* diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index 54d4dda4ac7..0704a2db8c2 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -278,9 +278,9 @@ static int eap_mschapv2_compose(rlm_eap_mschapv2_t const *inst, request_t *reque } -static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request); +static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request); -static unlang_action_t mschap_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mschap_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_mschapv2_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_mschapv2_rctx_t); eap_session_t *eap_session = eap_session_get(request->parent); @@ -309,14 +309,14 @@ static unlang_action_t mschap_resume(rlm_rcode_t *p_result, module_ctx_t const * if (rcode == RLM_MODULE_OK) { if (fr_pair_list_copy_by_da(data, &response, &parent->vp_group, attr_ms_chap2_success, 0) < 0) { RPERROR("Failed copying %s", attr_ms_chap2_success->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } data->code = FR_EAP_MSCHAPV2_SUCCESS; } else if (inst->send_error) { if (fr_pair_list_copy_by_da(data, &response, &parent->vp_group, attr_ms_chap_error, 0) < 0) { RPERROR("Failed copying %s", attr_ms_chap_error->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (!fr_pair_list_empty(&response)) { int n, err, retry; @@ -346,7 +346,7 @@ static unlang_action_t mschap_resume(rlm_rcode_t *p_result, module_ctx_t const * data->code = FR_EAP_MSCHAPV2_FAILURE; } else { eap_round->request->code = FR_EAP_CODE_FAILURE; - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } /* @@ -354,7 +354,7 @@ static unlang_action_t mschap_resume(rlm_rcode_t *p_result, module_ctx_t const * */ if (fr_pair_list_empty(&response)) { REDEBUG("No %s or %s attributes were found", attr_ms_chap2_success->name, attr_ms_chap_error->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -364,13 +364,13 @@ static unlang_action_t mschap_resume(rlm_rcode_t *p_result, module_ctx_t const * eap_mschapv2_compose(eap_session->inst, request, eap_session, fr_pair_list_head(&response)); fr_pair_list_free(&response); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Authenticate a previously sent challenge. */ -static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_mschapv2_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_mschapv2_t); rlm_eap_mschapv2_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, rlm_eap_mschapv2_rctx_t); @@ -385,7 +385,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul uint8_t *p; size_t length; - if (!fr_cond_assert(eap_session->inst)) RETURN_MODULE_FAIL; + if (!fr_cond_assert(eap_session->inst)) RETURN_UNLANG_FAIL; /* * Sanity check the response. @@ -393,7 +393,7 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul if (eap_round->response->length < 6) { REDEBUG("Response too short, expected at least 6 bytes, got %zu bytes", eap_round->response->length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } ccode = eap_round->response->type.data[0]; @@ -467,12 +467,12 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul */ if (ccode != FR_EAP_MSCHAPV2_FAILURE) { REDEBUG("Sent FAILURE expecting FAILURE but got %d", ccode); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } failure: eap_round->request->code = FR_EAP_CODE_FAILURE; - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; case FR_EAP_MSCHAPV2_SUCCESS: /* @@ -504,10 +504,10 @@ failure: case FR_EAP_MSCHAPV2_ACK: MEM(fr_pair_list_copy(parent->reply_ctx, &parent->reply_pairs, &data->reply) >= 0); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } REDEBUG("Sent SUCCESS expecting SUCCESS (or ACK) but got %d", ccode); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; case FR_EAP_MSCHAPV2_CHALLENGE: if (ccode == FR_EAP_MSCHAPV2_FAILURE) goto failure; @@ -517,7 +517,7 @@ failure: */ if (ccode != FR_EAP_MSCHAPV2_RESPONSE) { REDEBUG("Sent CHALLENGE expecting RESPONSE but got %d", ccode); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* authentication happens below */ break; @@ -525,7 +525,7 @@ failure: default: /* should never happen */ REDEBUG("Unknown state %d", data->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } @@ -539,7 +539,7 @@ failure: */ if (eap_round->response->length < (4 + 1 + 1 + 1 + 2 + 1)) { REDEBUG("Response is too short"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -556,7 +556,7 @@ failure: if ((eap_round->response->type.data[4] != 49) && (eap_round->response->type.data[4] != 16)) { REDEBUG("Response is of incorrect length %d", eap_round->response->type.data[4]); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -566,7 +566,7 @@ failure: length = fr_nbo_to_uint16(eap_round->response->type.data + 2); if ((length < (5 + 49)) || (length > (256 + 5 + 49))) { REDEBUG("Response contains contradictory length %zu %d", length, 5 + 49); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -611,7 +611,7 @@ packet_ready: if (!unlang) { RDEBUG2("authenticate %s { ... } sub-section not found.", inst->auth_type->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield_to_section(&rctx->section_result, request, unlang, RLM_MODULE_FAIL, mschap_resume, NULL, 0, rctx); @@ -620,7 +620,7 @@ packet_ready: /* * Initiate the EAP-MSCHAPV2 session by sending a challenge to the peer. */ -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { request_t *parent = request->parent; eap_session_t *eap_session = eap_session_get(parent); @@ -632,13 +632,13 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons int i; bool created_auth_challenge; - if (!fr_cond_assert(mctx->mi->data)) RETURN_MODULE_FAIL; + if (!fr_cond_assert(mctx->mi->data)) RETURN_UNLANG_FAIL; /* * We're looking for attributes that should come * from the EAP-TTLS submodule. */ - if (!fr_cond_assert(parent)) RETURN_MODULE_FAIL; + if (!fr_cond_assert(parent)) RETURN_UNLANG_FAIL; /* * Keep track of the challenge and the state we are in. @@ -703,7 +703,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons */ eap_session->process = mod_process; - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /* diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c index 6af34944ba7..9fbe5cd673e 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c @@ -104,7 +104,7 @@ static peap_tunnel_t *peap_alloc(TALLOC_CTX *ctx, rlm_eap_peap_t *inst) /* * Construct the reply appropriately based on the rcode from PEAP processing. */ -static unlang_action_t process_rcode(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t process_rcode(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t); eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t); @@ -132,8 +132,8 @@ static unlang_action_t process_rcode(rlm_rcode_t *p_result, module_ctx_t const * /* * Success: Automatically return MPPE keys. */ - if (eap_tls_success(request, eap_session, &prf_label) > 0) RETURN_MODULE_FAIL; - *p_result = RLM_MODULE_OK; + if (eap_tls_success(request, eap_session, &prf_label) > 0) RETURN_UNLANG_FAIL; + p_result->rcode = RLM_MODULE_OK; /* * Write the session to the session cache @@ -164,10 +164,10 @@ static unlang_action_t process_rcode(rlm_rcode_t *p_result, module_ctx_t const * break; } - RETURN_MODULE_RCODE(eap_session->submodule_result.rcode); + RETURN_UNLANG_RCODE(eap_session->submodule_result.rcode); } -static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_peap_t *inst = talloc_get_type(mctx->mi->data, rlm_eap_peap_t); eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t); @@ -204,7 +204,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * and EAP id from the inner tunnel, and update it with * the expected EAP id! */ - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; /* * Handshake is done, proceed with decoding tunneled @@ -224,7 +224,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * Anything else: fail. */ default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -254,7 +254,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t /* * Do authentication, by letting EAP-TLS do most of the work. */ -static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, +static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); @@ -270,7 +270,7 @@ static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSE return eap_tls_process(request, eap_session); } -static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_peap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_peap_t); rlm_eap_peap_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_eap_peap_thread_t); @@ -293,7 +293,7 @@ static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx } eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, t->ssl_ctx, client_cert); - if (!eap_tls_session) RETURN_MODULE_FAIL; + if (!eap_tls_session) RETURN_UNLANG_FAIL; tls_session = eap_tls_session->tls_session; @@ -321,7 +321,7 @@ static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx */ if (eap_tls_start(request, eap_session) < 0) { talloc_free(eap_tls_session); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -332,13 +332,13 @@ static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx eap_session->process = mod_handshake_process; - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /* * Send an initial eap-tls request to the peer, using the libeap functions. */ -static unlang_action_t mod_session_init(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_peap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_peap_t); eap_session_t *eap_session = eap_session_get(request->parent); diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c index 047a13e40ec..e6e469f6bfe 100644 --- a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c +++ b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c @@ -152,7 +152,7 @@ static int send_pwd_request(request_t *request, pwd_session_t *session, eap_roun return 0; } -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_pwd_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_pwd_t); eap_session_t *eap_session = eap_session_get(request->parent); @@ -170,7 +170,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc uint8_t exch, *in, *ptr, msk[MSK_EMSK_LEN], emsk[MSK_EMSK_LEN]; uint8_t peer_confirm[SHA256_DIGEST_LENGTH]; - if (((eap_round = eap_session->this_round) == NULL) || !inst) RETURN_MODULE_FAIL; + if (((eap_round = eap_session->this_round) == NULL) || !inst) RETURN_UNLANG_FAIL; session = talloc_get_type_abort(eap_session->opaque, pwd_session_t); response = eap_session->this_round->response; @@ -181,7 +181,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc */ if (!hdr || (response->type.length < sizeof(pwd_hdr))) { REDEBUG("Packet with insufficient data"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } in = hdr->data; @@ -192,9 +192,9 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc */ if (session->out_pos) { if (in_len) REDEBUG("PWD got something more than an ACK for a fragment"); - if (send_pwd_request(request, session, eap_round) < 0) RETURN_MODULE_FAIL; + if (send_pwd_request(request, session, eap_round) < 0) RETURN_UNLANG_FAIL; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* @@ -204,18 +204,18 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (EAP_PWD_GET_LENGTH_BIT(hdr)) { if (session->in) { REDEBUG("PWD already alloced buffer for fragments"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (in_len < 2) { REDEBUG("Invalid packet: length bit set, but no length field"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } session->in_len = ntohs(in[0] * 256 | in[1]); if (!session->in_len) { DEBUG("EAP-PWD malformed packet (input length)"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } MEM(session->in = talloc_zero_array(session, uint8_t, session->in_len)); @@ -232,12 +232,12 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (EAP_PWD_GET_MORE_BIT(hdr)) { if (!session->in) { RDEBUG2("Unexpected fragment"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if ((session->in_pos + in_len) > session->in_len) { REDEBUG("Fragment overflows packet"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(session->in + session->in_pos, in, in_len); @@ -255,7 +255,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc hdr = (pwd_hdr *)eap_round->request->type.data; EAP_PWD_SET_EXCHANGE(hdr, exch); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } @@ -265,7 +265,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc */ if ((session->in_pos + in_len) > session->in_len) { REDEBUG("PWD will overflow a fragment buffer"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(session->in + session->in_pos, in, in_len); in = session->in; @@ -283,13 +283,13 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (EAP_PWD_GET_EXCHANGE(hdr) != EAP_PWD_EXCH_ID) { REDEBUG("PWD exchange is incorrect, Not ID"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } packet = (pwd_id_packet_t *) in; if (in_len < sizeof(*packet)) { REDEBUG("Packet is too small (%zd < %zd).", in_len, sizeof(*packet)); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if ((packet->prf != EAP_PWD_DEF_PRF) || @@ -298,7 +298,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc (CRYPTO_memcmp(packet->token, &session->token, 4)) || (packet->group_num != ntohs(session->group_num))) { REDEBUG("PWD ID response is malformed"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -314,7 +314,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc session->peer_id_len = in_len - sizeof(pwd_id_packet_t); if (session->peer_id_len >= sizeof(session->peer_id)) { REDEBUG("PWD ID response is malformed"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } memcpy(session->peer_id, packet->identity, session->peer_id_len); @@ -324,7 +324,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc allowed_passwords, NUM_ELEMENTS(allowed_passwords), false); if (!known_good) { REDEBUG("No \"known good\" password found for user"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } ret = compute_password_element(request, session, session->group_num, @@ -335,7 +335,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (ephemeral) TALLOC_FREE(known_good); if (ret < 0) { REDEBUG("Failed to obtain password element"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -343,7 +343,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc */ if (compute_scalar_element(request, session, inst->bnctx)) { REDEBUG("Failed to compute server's scalar and element"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } MEM(x = BN_new()); @@ -356,7 +356,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc REDEBUG("Server point assignment failed"); BN_clear_free(x); BN_clear_free(y); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -387,7 +387,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc case PWD_STATE_COMMIT: if (EAP_PWD_GET_EXCHANGE(hdr) != EAP_PWD_EXCH_COMMIT) { REDEBUG("PWD exchange is incorrect, not commit!"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -395,7 +395,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc */ if (process_peer_commit(request, session, in, in_len, inst->bnctx)) { REDEBUG("Failed processing peer's commit"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -403,7 +403,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc */ if (compute_server_confirm(request, session, session->my_confirm, inst->bnctx)) { REDEBUG("Failed computing confirm"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -422,24 +422,24 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc case PWD_STATE_CONFIRM: if (in_len < SHA256_DIGEST_LENGTH) { REDEBUG("Peer confirm is too short (%zd < %d)", in_len, SHA256_DIGEST_LENGTH); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (EAP_PWD_GET_EXCHANGE(hdr) != EAP_PWD_EXCH_CONFIRM) { REDEBUG("PWD exchange is incorrect, not commit"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (compute_peer_confirm(request, session, peer_confirm, inst->bnctx)) { REDEBUG("Cannot compute peer's confirm"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (CRYPTO_memcmp(peer_confirm, in, SHA256_DIGEST_LENGTH)) { REDEBUG("PWD exchange failed, peer confirm is incorrect"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (compute_keys(request, session, peer_confirm, msk, emsk)) { REDEBUG("Failed generating (E)MSK"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } eap_round->request->code = FR_EAP_CODE_SUCCESS; @@ -454,7 +454,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc default: REDEBUG("Unknown PWD state"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -465,7 +465,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc session->in = NULL; } - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } static int _free_pwd_session(pwd_session_t *session) @@ -484,7 +484,7 @@ static int _free_pwd_session(pwd_session_t *session) return 0; } -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_pwd_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_pwd_t); eap_session_t *eap_session = eap_session_get(request->parent); @@ -535,11 +535,11 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons packet->prep = EAP_PWD_PREP_NONE; memcpy(packet->identity, inst->server_id, session->out_len - sizeof(pwd_id_packet_t) ); - if (send_pwd_request(request, session, eap_session->this_round) < 0) RETURN_MODULE_FAIL; + if (send_pwd_request(request, session, eap_session->this_round) < 0) RETURN_UNLANG_FAIL; eap_session->process = mod_process; - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } static int mod_detach(module_detach_ctx_t const *mctx) diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c index 71bf0bb730e..920a77051d4 100644 --- a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c +++ b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c @@ -43,7 +43,7 @@ static conf_parser_t submodule_config[] = { extern rlm_eap_submodule_t rlm_eap_sim; -static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); eap_aka_sim_mod_session_t *mod_session; diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index 7b96ec3ae84..9811b835721 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -66,13 +66,13 @@ fr_dict_attr_autoload_t rlm_eap_tls_dict_attr[] = { { NULL } }; -static unlang_action_t mod_handshake_done(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, +static unlang_action_t mod_handshake_done(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request) { - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t); eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t); @@ -100,7 +100,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t "client EAP encryption", sizeof("client EAP encryption") - 1); - if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_MODULE_FAIL; + if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_UNLANG_FAIL; /* * Result is always OK, even if we fail to persist the @@ -128,7 +128,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * do nothing. */ case EAP_TLS_HANDLED: - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; /* * Handshake is done, proceed with decoding tunneled @@ -138,7 +138,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t REDEBUG("Received unexpected tunneled data after successful handshake"); eap_tls_fail(request, eap_session); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; /* * Anything else: fail. @@ -148,7 +148,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t */ default: fr_tls_cache_deny(request, tls_session); - *p_result = RLM_MODULE_REJECT; + p_result->rcode = RLM_MODULE_REJECT; /* * We'll jump back to the caller @@ -162,7 +162,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t /* * Do authentication, by letting EAP-TLS do most of the work. */ -static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, +static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); @@ -178,7 +178,7 @@ static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSE return eap_tls_process(request, eap_session); } -static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_tls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_tls_t); rlm_eap_tls_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_eap_tls_thread_t); @@ -203,7 +203,7 @@ static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx * EAP-TLS always requires a client certificate. */ eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, t->ssl_ctx, client_cert); - if (!eap_tls_session) RETURN_MODULE_FAIL; + if (!eap_tls_session) RETURN_UNLANG_FAIL; eap_tls_session->include_length = inst->include_length; @@ -213,18 +213,18 @@ static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx */ if (eap_tls_start(request, eap_session) < 0) { talloc_free(eap_tls_session); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } eap_session->process = mod_handshake_process; - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; } /* * Send an initial eap-tls request to the peer, using the libeap functions. */ -static unlang_action_t mod_session_init(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_tls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_tls_t); eap_session_t *eap_session = eap_session_get(request->parent); diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h b/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h index f38d3dd8665..cd3907f4446 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h @@ -49,5 +49,5 @@ typedef struct { /* * Process the TTLS portion of an EAP-TTLS request. */ -unlang_action_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull); -unlang_action_t eap_ttls_success(rlm_rcode_t *p_result, request_t *request, eap_session_t *eap_session); +unlang_action_t eap_ttls_process(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull); +unlang_action_t eap_ttls_success(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session); diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c index e482fe0a722..9629265110e 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c @@ -125,7 +125,7 @@ static ttls_tunnel_t *ttls_alloc(TALLOC_CTX *ctx, rlm_eap_ttls_t *inst) return t; } -static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_handshake_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t); eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t); @@ -156,7 +156,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t if (tunnel && tunnel->authenticated) return eap_ttls_success(p_result, request, eap_session); eap_tls_request(request, eap_session); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; /* * The TLS code is still working on the TLS @@ -164,7 +164,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * do nothing. */ case EAP_TLS_HANDLED: - RETURN_MODULE_HANDLED; + RETURN_UNLANG_HANDLED; /* * Handshake is done, proceed with decoding tunneled @@ -177,7 +177,7 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t * Anything else: fail. */ default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -189,13 +189,13 @@ static unlang_action_t mod_handshake_resume(rlm_rcode_t *p_result, module_ctx_t /* * Process the TTLS portion of the request. */ - return eap_ttls_process(request, eap_session, tls_session); + return eap_ttls_process(p_result, request, eap_session, tls_session); } /* * Do authentication, by letting EAP-TLS do most of the work. */ -static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, +static unlang_action_t mod_handshake_process(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = eap_session_get(request->parent); @@ -211,7 +211,7 @@ static unlang_action_t mod_handshake_process(UNUSED rlm_rcode_t *p_result, UNUSE return eap_tls_process(request, eap_session); } -static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_ttls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_ttls_t); rlm_eap_ttls_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_eap_ttls_thread_t); @@ -234,7 +234,7 @@ static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx } eap_session->opaque = eap_tls_session = eap_tls_session_init(request, eap_session, t->ssl_ctx, client_cert); - if (!eap_tls_session) RETURN_MODULE_FAIL; + if (!eap_tls_session) RETURN_UNLANG_FAIL; tls_session = eap_tls_session->tls_session; eap_tls_session->include_length = inst->include_length; @@ -245,20 +245,20 @@ static unlang_action_t mod_session_init_resume(rlm_rcode_t *p_result, module_ctx */ if (eap_tls_start(request, eap_session) < 0) { talloc_free(eap_tls_session); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } tls_session->opaque = ttls_alloc(tls_session, inst); eap_session->process = mod_handshake_process; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Send an initial eap-tls request to the peer, using the libeap functions. */ -static unlang_action_t mod_session_init(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_session_init(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_eap_ttls_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_eap_ttls_t); eap_session_t *eap_session = eap_session_get(request->parent); diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index bd03c3da7b3..57077b15c48 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -482,7 +482,7 @@ static int vp2diameter(request_t *request, fr_tls_session_t *tls_session, fr_pai /* * Use a reply packet to determine what to do. */ -static unlang_action_t process_reply(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t process_reply(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { eap_session_t *eap_session = talloc_get_type_abort(mctx->rctx, eap_session_t); eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t); @@ -544,7 +544,7 @@ static unlang_action_t process_reply(rlm_rcode_t *p_result, module_ctx_t const * case FR_RADIUS_CODE_ACCESS_REJECT: REDEBUG("Got tunneled Access-Reject"); eap_tls_fail(request, eap_session); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; /* * Handle Access-Challenge, but only if we @@ -572,7 +572,7 @@ static unlang_action_t process_reply(rlm_rcode_t *p_result, module_ctx_t const * default: REDEBUG("Unknown RADIUS packet type %d: rejecting tunneled user", reply->code); eap_tls_fail(request, eap_session); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } @@ -589,10 +589,10 @@ static unlang_action_t process_reply(rlm_rcode_t *p_result, module_ctx_t const * } eap_tls_request(request, eap_session); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -unlang_action_t eap_ttls_success(rlm_rcode_t *p_result, request_t *request, eap_session_t *eap_session) +unlang_action_t eap_ttls_success(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session) { eap_tls_session_t *eap_tls_session = talloc_get_type_abort(eap_session->opaque, eap_tls_session_t); fr_tls_session_t *tls_session = eap_tls_session->tls_session; @@ -604,13 +604,13 @@ unlang_action_t eap_ttls_success(rlm_rcode_t *p_result, request_t *request, eap_ /* * Success: Automatically return MPPE keys. */ - if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_MODULE_FAIL; + if (eap_tls_success(request, eap_session, &prf_label) < 0) RETURN_UNLANG_FAIL; /* * Result is always OK, even if we fail to persist the * session data. */ - *p_result = RLM_MODULE_OK; + p_result->rcode = RLM_MODULE_OK; /* * Write the session to the session cache @@ -631,7 +631,7 @@ unlang_action_t eap_ttls_success(rlm_rcode_t *p_result, request_t *request, eap_ /* * Process the "diameter" contents of the tunneled data. */ -unlang_action_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) +unlang_action_t eap_ttls_process(unlang_result_t *p_result, request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) { fr_pair_t *vp = NULL; ttls_tunnel_t *t; @@ -657,7 +657,7 @@ unlang_action_t eap_ttls_process(request_t *request, eap_session_t *eap_session, if (data_len == 0) { if (t->authenticated) { RDEBUG2("Got ACK, and the user was already authenticated"); - return eap_ttls_success(&request->rcode, request, eap_session); + return eap_ttls_success(p_result, request, eap_session); } /* else no session, no data, die. */ /* diff --git a/src/modules/rlm_exec/rlm_exec.c b/src/modules/rlm_exec/rlm_exec.c index cc539f4218d..e5ee3bc1e81 100644 --- a/src/modules/rlm_exec/rlm_exec.c +++ b/src/modules/rlm_exec/rlm_exec.c @@ -242,7 +242,7 @@ static rlm_rcode_t rlm_exec_status2rcode(request_t *request, fr_value_box_t *box /** Resume a request after xlat expansion. * */ -static unlang_action_t mod_exec_oneshot_nowait_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, +static unlang_action_t mod_exec_oneshot_nowait_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_exec_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_exec_t); @@ -255,16 +255,16 @@ static unlang_action_t mod_exec_oneshot_nowait_resume(rlm_rcode_t *p_result, mod if (inst->input_list) { env_pairs = tmpl_list_head(request, tmpl_list(inst->input_list)); if (!env_pairs) { - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } } if (unlikely(fr_exec_oneshot_nowait(request, args, env_pairs, inst->shell_escape, inst->env_inherit) < 0)) { RPEDEBUG("Failed executing program"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } static fr_sbuff_parse_rules_t const rhs_term = { @@ -284,7 +284,7 @@ static fr_sbuff_parse_rules_t const rhs_term = { /** Process the exit code and output of a short lived process * */ -static unlang_action_t mod_exec_oneshot_wait_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_exec_oneshot_wait_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { int status; rlm_exec_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_exec_t); @@ -372,20 +372,20 @@ static unlang_action_t mod_exec_oneshot_wait_resume(rlm_rcode_t *p_result, modul status = m->status; if (status < 0) { REDEBUG("Program exited with signal %d", -status); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* * The status rcodes aren't quite the same as the rcode * enumeration. */ - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /** Dispatch one request using a short lived process * */ -static unlang_action_t CC_HINT(nonnull) mod_exec_dispatch_oneshot(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_exec_dispatch_oneshot(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_exec_ctx_t *m; fr_pair_list_t *env_pairs = NULL; @@ -395,7 +395,7 @@ static unlang_action_t CC_HINT(nonnull) mod_exec_dispatch_oneshot(rlm_rcode_t *p if (!env_data->program) { RDEBUG("This module requires 'program' to be set."); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -425,12 +425,12 @@ static unlang_action_t CC_HINT(nonnull) mod_exec_dispatch_oneshot(rlm_rcode_t *p */ if (inst->input_list) { env_pairs = tmpl_list_head(request, tmpl_list(inst->input_list)); - if (!env_pairs) RETURN_MODULE_INVALID; + if (!env_pairs) RETURN_UNLANG_INVALID; } if (inst->output_list) { if (!tmpl_list_head(request, tmpl_list(inst->output_list))) { - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } } diff --git a/src/modules/rlm_files/rlm_files.c b/src/modules/rlm_files/rlm_files.c index cb5c9c5abd8..f950811d549 100644 --- a/src/modules/rlm_files/rlm_files.c +++ b/src/modules/rlm_files/rlm_files.c @@ -398,7 +398,7 @@ static int getrecv_filename(TALLOC_CTX *ctx, char const *filename, fr_htrie_t ** /** Lookup the expanded key value in files data. * */ -static unlang_action_t CC_HINT(nonnull) mod_files_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_files_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_files_env_t *env = talloc_get_type_abort(mctx->env_data, rlm_files_env_t); PAIR_LIST_LIST const *user_list; @@ -414,11 +414,11 @@ static unlang_action_t CC_HINT(nonnull) mod_files_resume(rlm_rcode_t *p_result, if (!key_vb) { RERROR("Missing key value"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (!tree && !default_list) { - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } RDEBUG2("%s - Looking for key \"%pV\"", env->name, key_vb); @@ -522,7 +522,7 @@ redo: RPWARN("Failed parsing map for check item %s, skipping it", map->lhs->name); fail: fr_edit_list_abort(child); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (!rcode) { @@ -616,12 +616,12 @@ redo: */ if (!found) { fr_edit_list_abort(child); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } fr_edit_list_commit(child); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Initiate a files data lookup @@ -632,7 +632,7 @@ redo: * First we push the tmpl onto the stack for evaluation, then the lookup * is done in mod_files_resume. */ -static unlang_action_t CC_HINT(nonnull) mod_files(UNUSED rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_files(UNUSED unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_files_env_t *env = talloc_get_type_abort(mctx->env_data, rlm_files_env_t); diff --git a/src/modules/rlm_imap/rlm_imap.c b/src/modules/rlm_imap/rlm_imap.c index 816e6231a0d..3c2d33f3f15 100644 --- a/src/modules/rlm_imap/rlm_imap.c +++ b/src/modules/rlm_imap/rlm_imap.c @@ -102,7 +102,7 @@ static void imap_io_module_signal(module_ctx_t const *mctx, request_t *request, * It checks if the response was CURLE_OK * If it wasn't we returns REJECT, if it was we returns OK */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, +static unlang_action_t CC_HINT(nonnull) mod_authenticate_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_imap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_imap_t); @@ -126,16 +126,16 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate_resume(rlm_rcode_t *p_r switch(result) { case CURLE_PEER_FAILED_VERIFICATION: case CURLE_LOGIN_DENIED: - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } if (tls->extract_cert_attrs) fr_curl_response_certinfo(request, randle); imap_slab_release(randle); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* @@ -149,7 +149,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate_resume(rlm_rcode_t *p_r * Then it queues the request and yields until a response is given * When it responds, mod_authenticate_resume is called. */ -static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_imap_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_imap_thread_t); @@ -162,22 +162,22 @@ static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_res if (!username) { REDEBUG("Attribute \"User-Name\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (!password) { RDEBUG2("Attribute \"User-Password\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (password->vp_length == 0) { RDEBUG2("\"User-Password\" must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } randle = imap_slab_reserve(t->slab); if (!randle){ - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } FR_CURL_REQUEST_SET_OPTION(CURLOPT_USERNAME, username->vp_strvalue); @@ -186,7 +186,7 @@ static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_res if (fr_curl_io_request_enqueue(t->mhandle, request, randle)) { error: imap_slab_release(randle); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield(request, mod_authenticate_resume, imap_io_module_signal, ~FR_SIGNAL_CANCEL, randle); diff --git a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c index e13ed06df13..c66c4ddc2cc 100644 --- a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c +++ b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c @@ -2204,32 +2204,32 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) return 0; } -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_isc_dhcp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_isc_dhcp_t); int ret; ret = apply_fixed_ip(inst, request); - if (ret < 0) RETURN_MODULE_FAIL; - if (ret == 0) RETURN_MODULE_NOOP; + if (ret < 0) RETURN_UNLANG_FAIL; + if (ret == 0) RETURN_UNLANG_NOOP; - if (ret == 2) RETURN_MODULE_UPDATED; + if (ret == 2) RETURN_UNLANG_UPDATED; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_isc_dhcp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_isc_dhcp_t); int ret; ret = apply(inst, request, inst->head); - if (ret < 0) RETURN_MODULE_FAIL; - if (ret == 0) RETURN_MODULE_NOOP; + if (ret < 0) RETURN_UNLANG_FAIL; + if (ret == 0) RETURN_UNLANG_NOOP; // @todo - check for subnet mask option. If none exists, use one from the enclosing network? - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } extern module_rlm_t rlm_isc_dhcp; diff --git a/src/modules/rlm_krb5/rlm_krb5.c b/src/modules/rlm_krb5/rlm_krb5.c index d1c0dc5534f..fcdfa6efad8 100644 --- a/src/modules/rlm_krb5/rlm_krb5.c +++ b/src/modules/rlm_krb5/rlm_krb5.c @@ -317,7 +317,7 @@ static rlm_rcode_t krb5_process_error(rlm_krb5_t const *inst, request_t *request /* * Validate user/pass (Heimdal) */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { krb5_auth_call_env_t *env = talloc_get_type_abort(mctx->env_data, krb5_auth_call_env_t); rlm_krb5_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_krb5_t); @@ -334,7 +334,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (env->password.vb_length == 0) { REDEBUG("User-Password must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -348,7 +348,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, # ifdef KRB5_IS_THREAD_SAFE conn = krb5_slab_reserve(t->slab); - if (!conn) RETURN_MODULE_FAIL; + if (!conn) RETURN_UNLANG_FAIL; # else conn = inst->conn; # endif @@ -396,7 +396,7 @@ cleanup: # ifdef KRB5_IS_THREAD_SAFE krb5_slab_release(conn); # endif - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } #else /* HEIMDAL_KRB5 */ @@ -404,7 +404,7 @@ cleanup: /* * Validate userid/passwd (MIT) */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { krb5_auth_call_env_t *env = talloc_get_type_abort(mctx->env_data, krb5_auth_call_env_t); rlm_krb5_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_krb5_t); @@ -424,7 +424,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (env->password.vb_length == 0) { REDEBUG("User-Password must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -438,7 +438,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, # ifdef KRB5_IS_THREAD_SAFE conn = krb5_slab_reserve(t->slab); - if (!conn) RETURN_MODULE_FAIL; + if (!conn) RETURN_UNLANG_FAIL; # else conn = inst->conn; # endif @@ -477,7 +477,7 @@ cleanup: # ifdef KRB5_IS_THREAD_SAFE krb5_slab_release(conn); # endif - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } #endif /* MIT_KRB5 */ diff --git a/src/modules/rlm_ldap/groups.c b/src/modules/rlm_ldap/groups.c index 74742b43772..79ae5f9aa8d 100644 --- a/src/modules/rlm_ldap/groups.c +++ b/src/modules/rlm_ldap/groups.c @@ -337,7 +337,7 @@ finish: * @param group_ctx Context used to evaluate group attributes * @return RLM_MODULE_OK */ -static unlang_action_t ldap_cacheable_userobj_store(rlm_rcode_t *p_result, request_t *request, +static unlang_action_t ldap_cacheable_userobj_store(unlang_result_t *p_result, request_t *request, ldap_group_userobj_ctx_t *group_ctx) { fr_pair_t *vp; @@ -360,7 +360,7 @@ static unlang_action_t ldap_cacheable_userobj_store(rlm_rcode_t *p_result, reque REXDENT(); talloc_free(group_ctx); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Initiate DN to name and name to DN group lookups @@ -421,7 +421,7 @@ static unlang_action_t ldap_cacheable_userobj_resolve(unlang_result_t *p_result, * Nothing left to resolve, move the resulting attributes to * the control list. */ - return ldap_cacheable_userobj_store(&p_result->rcode, request, group_ctx); + return ldap_cacheable_userobj_store(p_result, request, group_ctx); } /** Convert group membership information into attributes @@ -436,7 +436,7 @@ static unlang_action_t ldap_cacheable_userobj_resolve(unlang_result_t *p_result, * @param[in] attr membership attribute to look for in the entry. * @return One of the RLM_MODULE_* values. */ -unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx, +unlang_action_t rlm_ldap_cacheable_userobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx, char const *attr) { rlm_ldap_t const *inst = autz_ctx->inst; @@ -459,7 +459,7 @@ unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *req if (!values) { RDEBUG2("No cacheable group memberships found in user object"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } count = ldap_count_values_len(values); @@ -507,7 +507,7 @@ unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *req invalid: ldap_value_free_len(values); talloc_free(group_ctx); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } *name_p++ = fr_ldap_berval_to_string(group_ctx, values[i]); } @@ -544,10 +544,12 @@ unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *req */ if ((name_p != group_ctx->group_name) || (dn_p != group_ctx->group_dn)) { group_ctx->attrs[0] = inst->group.obj_name_attr; - if (unlang_function_push(NULL, request, ldap_cacheable_userobj_resolve, NULL, ldap_group_userobj_cancel, - ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) { + if (unlang_function_push(NULL, request, + ldap_cacheable_userobj_resolve, + NULL, + ldap_group_userobj_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) { talloc_free(group_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return UNLANG_ACTION_PUSHED_CHILD; } @@ -689,19 +691,19 @@ finish: * @param[in] autz_ctx Authentication context being processed. * @return One of the RLM_MODULE_* values. */ -unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx) +unlang_action_t rlm_ldap_cacheable_groupobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx) { rlm_ldap_t const *inst = autz_ctx->inst; ldap_group_groupobj_ctx_t *group_ctx; if (!inst->group.obj_membership_filter) { RDEBUG2("Skipping caching group objects as directive 'group.membership_filter' is not set"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } if (autz_ctx->call_env->group_base.type != FR_TYPE_STRING) { REDEBUG("Missing group base_dn"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } MEM(group_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), ldap_group_groupobj_ctx_t)); @@ -714,7 +716,7 @@ unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, request_t *re ldap_group_groupobj_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) { error: talloc_free(group_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (unlang_tmpl_push(group_ctx, &group_ctx->expanded_filter, request, autz_ctx->call_env->group_filter, NULL) < 0) goto error; @@ -773,7 +775,7 @@ static unlang_action_t ldap_check_groupobj_resume(unlang_result_t *p_result, req * @param request Current request. * @param xlat_ctx xlat context being processed. */ -unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t *request, +unlang_action_t rlm_ldap_check_groupobj_dynamic(unlang_result_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx) { rlm_ldap_t const *inst = xlat_ctx->inst; @@ -800,7 +802,7 @@ unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t "directive"); invalid: talloc_free(group_ctx); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } t_rules = (tmpl_rules_t){ @@ -837,7 +839,7 @@ unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t UNLANG_SUB_FRAME, group_ctx) < 0) { error: talloc_free(group_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (unlang_tmpl_push(group_ctx, &group_ctx->expanded_filter, request, group_ctx->filter_tmpl, NULL) < 0) goto error; @@ -1107,7 +1109,7 @@ static int userobj_dyn_free(ldap_group_userobj_dyn_ctx_t *group_ctx) * @param[in] request Current request. * @param[in] xlat_ctx Context of the xlat being evaluated. */ -unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t *request, +unlang_action_t rlm_ldap_check_userobj_dynamic(unlang_result_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx) { rlm_ldap_t const *inst = xlat_ctx->inst; @@ -1132,7 +1134,7 @@ unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t if (unlang_function_push(NULL, request, xlat_ctx->query ? NULL : ldap_check_userobj_start, ldap_check_userobj_resume, ldap_group_userobj_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, group_ctx) < 0) { talloc_free(group_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return UNLANG_ACTION_PUSHED_CHILD; @@ -1145,7 +1147,7 @@ unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t * @param[in] request Current request. * @param[in] check vb containing the group value (name or dn). */ -unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result, +unlang_action_t rlm_ldap_check_cached(unlang_result_t *p_result, rlm_ldap_t const *inst, request_t *request, fr_value_box_t const *check) { fr_pair_t *vp; @@ -1157,7 +1159,7 @@ unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result, * the caller should try a dynamic group lookup instead. */ vp = fr_pair_dcursor_by_da_init(&cursor, &request->control_pairs, inst->group.cache_da); - if (!vp) RETURN_MODULE_INVALID; + if (!vp) RETURN_UNLANG_INVALID; for (vp = fr_dcursor_current(&cursor); vp; @@ -1165,13 +1167,13 @@ unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result, ret = fr_value_box_cmp_op(T_OP_CMP_EQ, &vp->data, check); if (ret == 1) { RDEBUG2("User found. Matched cached membership"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } - if (ret < -1) RETURN_MODULE_FAIL; + if (ret < -1) RETURN_UNLANG_FAIL; } RDEBUG2("Cached membership not found"); - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; } diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index de54e370cb7..24eb781d804 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -959,7 +959,7 @@ static void ldap_group_xlat_cancel(UNUSED request_t *request, UNUSED fr_signal_t #define REPEAT_LDAP_MEMBEROF_XLAT_RESULTS \ if (unlang_function_repeat_set(request, ldap_group_xlat_results) < 0) do { \ - rcode = RLM_MODULE_FAIL; \ + result.rcode = RLM_MODULE_FAIL; \ goto finish; \ } while (0) @@ -971,7 +971,7 @@ static unlang_action_t ldap_group_xlat_results(unlang_result_t *p_result, reques { ldap_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(uctx, ldap_group_xlat_ctx_t); rlm_ldap_t const *inst = xlat_ctx->inst; - rlm_rcode_t rcode = RLM_MODULE_NOTFOUND; + unlang_result_t result = { .rcode = RLM_MODULE_NOTFOUND }; switch (xlat_ctx->status) { case GROUP_XLAT_FIND_USER: @@ -980,7 +980,7 @@ static unlang_action_t ldap_group_xlat_results(unlang_result_t *p_result, reques if (inst->group.obj_membership_filter) { REPEAT_LDAP_MEMBEROF_XLAT_RESULTS; - if (rlm_ldap_check_groupobj_dynamic(&rcode, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) { + if (rlm_ldap_check_groupobj_dynamic(&result, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) { xlat_ctx->status = GROUP_XLAT_MEMB_FILTER; return UNLANG_ACTION_PUSHED_CHILD; } @@ -989,13 +989,13 @@ static unlang_action_t ldap_group_xlat_results(unlang_result_t *p_result, reques case GROUP_XLAT_MEMB_FILTER: if (xlat_ctx->found) { - rcode = RLM_MODULE_OK; + result.rcode = RLM_MODULE_OK; goto finish; } if (inst->group.userobj_membership_attr) { REPEAT_LDAP_MEMBEROF_XLAT_RESULTS; - if (rlm_ldap_check_userobj_dynamic(&rcode, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) { + if (rlm_ldap_check_userobj_dynamic(&result, request, xlat_ctx) == UNLANG_ACTION_PUSHED_CHILD) { xlat_ctx->status = GROUP_XLAT_MEMB_ATTR; return UNLANG_ACTION_PUSHED_CHILD; } @@ -1003,12 +1003,12 @@ static unlang_action_t ldap_group_xlat_results(unlang_result_t *p_result, reques FALL_THROUGH; case GROUP_XLAT_MEMB_ATTR: - if (xlat_ctx->found) rcode = RLM_MODULE_OK; + if (xlat_ctx->found) result.rcode = RLM_MODULE_OK; break; } finish: - RETURN_UNLANG_RCODE(rcode); + RETURN_UNLANG_RCODE(result.rcode); } /** Process the results of evaluating LDAP group membership @@ -1044,7 +1044,7 @@ static xlat_action_t ldap_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ct fr_ldap_thread_t *t = talloc_get_type_abort(xctx->mctx->thread, fr_ldap_thread_t); ldap_xlat_memberof_call_env_t *env_data = talloc_get_type_abort(xctx->env_data, ldap_xlat_memberof_call_env_t); bool group_is_dn; - ldap_group_xlat_ctx_t *xlat_ctx; + ldap_group_xlat_ctx_t *xlat_ctx; RDEBUG2("Searching for user in group \"%pV\"", group_vb); @@ -1073,10 +1073,10 @@ static xlat_action_t ldap_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ct } if ((group_is_dn && inst->group.cacheable_dn) || (!group_is_dn && inst->group.cacheable_name)) { - rlm_rcode_t our_rcode; + unlang_result_t our_result; - rlm_ldap_check_cached(&our_rcode, inst, request, group_vb); - switch (our_rcode) { + rlm_ldap_check_cached(&our_result, inst, request, group_vb); + switch (our_result.rcode) { case RLM_MODULE_NOTFOUND: RDEBUG2("User is not a member of \"%pV\"", group_vb); return XLAT_ACTION_DONE; @@ -1526,7 +1526,7 @@ static unlang_action_t mod_map_proc(unlang_result_t *p_result, map_ctx_t const * map_ctx->serverctrls, NULL); } -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_ldap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_ldap_t); fr_ldap_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, fr_ldap_thread_t); @@ -1542,7 +1542,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, RWDEBUG("*********************************************"); REDEBUG("Attribute \"%s\" is required for authentication", call_env->password_tmpl->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } auth_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), ldap_auth_ctx_t); @@ -1566,7 +1566,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, attr_ldap_userdn->name); REDEBUG("You should call %s in the recv section and check its return.", inst->mi->name); talloc_free(auth_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -1592,7 +1592,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, #else RDEBUG("Configuration item 'sasl.mech' is not supported. " "The linked version of libldap does not provide ldap_sasl_bind( function"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; #endif } @@ -1615,7 +1615,7 @@ static unlang_action_t mod_authorize_start(UNUSED unlang_result_t *p_result, #define REPEAT_MOD_AUTHORIZE_RESUME \ if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) do { \ - rcode = RLM_MODULE_FAIL; \ + result.rcode = RLM_MODULE_FAIL; \ goto finish; \ } while (0) @@ -1637,7 +1637,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t rlm_ldap_t const *inst = talloc_get_type_abort_const(autz_ctx->inst, rlm_ldap_t); ldap_autz_call_env_t *call_env = talloc_get_type_abort(autz_ctx->call_env, ldap_autz_call_env_t); int ldap_errno; - rlm_rcode_t rcode = RLM_MODULE_OK; + unlang_result_t result = { .rcode = RLM_MODULE_OK }; LDAP *handle = fr_ldap_handle_thread_local(); /* @@ -1649,7 +1649,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t case RLM_MODULE_HANDLED: case RLM_MODULE_INVALID: case RLM_MODULE_DISALLOW: - rcode = p_result->rcode; + result.rcode = p_result->rcode; goto finish; default: @@ -1685,7 +1685,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t break; case LDAP_ACCESS_DISALLOWED: - rcode = RLM_MODULE_DISALLOW; + result.rcode = RLM_MODULE_DISALLOW; goto finish; } } @@ -1695,23 +1695,23 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t */ if ((inst->group.cacheable_dn || inst->group.cacheable_name) && (inst->group.userobj_membership_attr)) { REPEAT_MOD_AUTHORIZE_RESUME; - if (rlm_ldap_cacheable_userobj(&rcode, request, autz_ctx, + if (rlm_ldap_cacheable_userobj(&result, request, autz_ctx, inst->group.userobj_membership_attr) == UNLANG_ACTION_PUSHED_CHILD) { autz_ctx->status = LDAP_AUTZ_GROUP; return UNLANG_ACTION_PUSHED_CHILD; } - if (rcode != RLM_MODULE_OK) goto finish; + if (result.rcode != RLM_MODULE_OK) goto finish; } FALL_THROUGH; case LDAP_AUTZ_GROUP: if (inst->group.cacheable_dn || inst->group.cacheable_name) { REPEAT_MOD_AUTHORIZE_RESUME; - if (rlm_ldap_cacheable_groupobj(&rcode, request, autz_ctx) == UNLANG_ACTION_PUSHED_CHILD) { + if (rlm_ldap_cacheable_groupobj(&result, request, autz_ctx) == UNLANG_ACTION_PUSHED_CHILD) { autz_ctx->status = LDAP_AUTZ_POST_GROUP; return UNLANG_ACTION_PUSHED_CHILD; } - if (rcode != RLM_MODULE_OK) goto finish; + if (result.rcode != RLM_MODULE_OK) goto finish; } FALL_THROUGH; @@ -1748,7 +1748,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t if (!password) { REDEBUG("Failed to find control.Password.Cleartext"); - rcode = RLM_MODULE_FAIL; + result.rcode = RLM_MODULE_FAIL; goto finish; } @@ -1770,7 +1770,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t * Anything other than RLM_MODULE_OK is a failure. */ if (p_result->rcode != RLM_MODULE_OK) { - rcode = p_result->rcode; + result.rcode = p_result->rcode; goto finish; } @@ -1786,7 +1786,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t RDEBUG2("Processing user attributes"); RINDENT(); if (fr_ldap_map_do(request, NULL, inst->valuepair_attr, - &autz_ctx->expanded, autz_ctx->entry) > 0) rcode = RLM_MODULE_UPDATED; + &autz_ctx->expanded, autz_ctx->entry) > 0) result.rcode = RLM_MODULE_UPDATED; REXDENT(); rlm_ldap_check_reply(request, inst, autz_ctx->dlinst->name, call_env->expect_password->vb_bool, autz_ctx->ttrunk); } @@ -1804,7 +1804,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t inst->profile.obj_scope, call_env->default_profile.vb_strvalue, &autz_ctx->expanded); switch (ret) { case UNLANG_ACTION_FAIL: - rcode = RLM_MODULE_FAIL; + result.rcode = RLM_MODULE_FAIL; goto finish; case UNLANG_ACTION_PUSHED_CHILD: @@ -1822,7 +1822,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t * Did we jump back her after applying the default profile? */ if (autz_ctx->status == LDAP_AUTZ_POST_DEFAULT_PROFILE) { - rcode = RLM_MODULE_UPDATED; + result.rcode = RLM_MODULE_UPDATED; } /* * Apply a SET of user profiles. @@ -1880,7 +1880,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t */ if (autz_ctx->profile_value) { TALLOC_FREE(autz_ctx->profile_value); - rcode = RLM_MODULE_UPDATED; /* We're back here after applying a profile successfully */ + result.rcode = RLM_MODULE_UPDATED; /* We're back here after applying a profile successfully */ } if (autz_ctx->profile_values && autz_ctx->profile_values[autz_ctx->value_idx]) { @@ -1892,7 +1892,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t inst->profile.obj_scope, autz_ctx->call_env->profile_filter.vb_strvalue, &autz_ctx->expanded); switch (ret) { case UNLANG_ACTION_FAIL: - rcode = RLM_MODULE_FAIL; + result.rcode = RLM_MODULE_FAIL; goto finish; case UNLANG_ACTION_PUSHED_CHILD: @@ -1909,7 +1909,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t finish: talloc_free(autz_ctx); - RETURN_UNLANG_RCODE(rcode); + RETURN_UNLANG_RCODE(result.rcode); } /** Clear up when cancelling a mod_authorize call @@ -1932,7 +1932,7 @@ static int autz_ctx_free(ldap_autz_ctx_t *autz_ctx) return 0; } -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_ldap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_ldap_t); fr_ldap_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, fr_ldap_thread_t); @@ -1953,7 +1953,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod inst->profile.check_attr, inst->profile.fallthrough_attr) < 0) { fail: talloc_free(autz_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } autz_ctx->ttrunk = fr_thread_ldap_trunk_get(thread, inst->handle_config.server, inst->handle_config.admin_identity, @@ -1992,7 +1992,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod autz_ctx->status = LDAP_AUTZ_FIND; if (unlang_function_push(NULL, request, mod_authorize_start, mod_authorize_resume, mod_authorize_cancel, - ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, autz_ctx) < 0) RETURN_MODULE_FAIL; + ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, autz_ctx) < 0) RETURN_UNLANG_FAIL; return UNLANG_ACTION_PUSHED_CHILD; } @@ -2229,7 +2229,7 @@ static unlang_action_t user_modify_resume(unlang_result_t *p_result, * * The module method called in "accouting" and "send" sections. */ -static unlang_action_t CC_HINT(nonnull) mod_modify(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_modify(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_ldap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_ldap_t); ldap_usermod_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, ldap_usermod_call_env_t); @@ -2240,7 +2240,7 @@ static unlang_action_t CC_HINT(nonnull) mod_modify(rlm_rcode_t *p_result, module size_t num_mods = talloc_array_length(call_env->mod); - if (num_mods == 0) RETURN_MODULE_NOOP; + if (num_mods == 0) RETURN_UNLANG_NOOP; /* * Include a talloc pool allowing for one value per modification @@ -2262,7 +2262,7 @@ static unlang_action_t CC_HINT(nonnull) mod_modify(rlm_rcode_t *p_result, module if (!usermod_ctx->ttrunk) { REDEBUG("Unable to get LDAP trunk for update"); talloc_free(usermod_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } usermod_ctx->dn = rlm_find_user_dn_cached(request); @@ -2274,7 +2274,7 @@ static unlang_action_t CC_HINT(nonnull) mod_modify(rlm_rcode_t *p_result, module error: TALLOC_FREE(usermod_ctx); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /** Detach from the LDAP server and cleanup internal state. diff --git a/src/modules/rlm_ldap/rlm_ldap.h b/src/modules/rlm_ldap/rlm_ldap.h index 5304a9729ac..405cfaaa5ef 100644 --- a/src/modules/rlm_ldap/rlm_ldap.h +++ b/src/modules/rlm_ldap/rlm_ldap.h @@ -266,18 +266,18 @@ void rlm_ldap_check_reply(request_t *request, rlm_ldap_t const *inst, char const /* * groups.c - Group membership functions. */ -unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx, +unlang_action_t rlm_ldap_cacheable_userobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx, char const *attr); -unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx); +unlang_action_t rlm_ldap_cacheable_groupobj(unlang_result_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx); -unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t *request, +unlang_action_t rlm_ldap_check_groupobj_dynamic(unlang_result_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx); -unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t *request, +unlang_action_t rlm_ldap_check_userobj_dynamic(unlang_result_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx); -unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result, +unlang_action_t rlm_ldap_check_cached(unlang_result_t *p_result, rlm_ldap_t const *inst, request_t *request, fr_value_box_t const *check); unlang_action_t rlm_ldap_map_profile(fr_ldap_result_code_t *ret, int *applied, diff --git a/src/modules/rlm_linelog/rlm_linelog.c b/src/modules/rlm_linelog/rlm_linelog.c index 37075e901c6..ac086702923 100644 --- a/src/modules/rlm_linelog/rlm_linelog.c +++ b/src/modules/rlm_linelog/rlm_linelog.c @@ -620,7 +620,7 @@ typedef struct { bool with_delim; //!< Whether to add a delimiter } rlm_linelog_rctx_t; -static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_linelog_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_linelog_t); linelog_call_env_t const *call_env = talloc_get_type_abort(mctx->env_data, linelog_call_env_t); @@ -632,7 +632,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(rlm_rcode_t *p_res vector_len = fr_value_box_list_num_elements(&rctx->expanded); if (vector_len == 0) { RDEBUG2("No data to write"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -646,7 +646,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(rlm_rcode_t *p_res default: if (unlikely(fr_value_box_cast_in_place(rctx, vb, FR_TYPE_STRING, vb->enumv) < 0)) { REDEBUG("Failed casting value to string"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } FALL_THROUGH; @@ -673,7 +673,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(rlm_rcode_t *p_res } } - RETURN_MODULE_RCODE(linelog_write(inst, call_env, request, vector, vector_len, rctx->with_delim) < 0 ? RLM_MODULE_FAIL : RLM_MODULE_OK); + RETURN_UNLANG_RCODE(linelog_write(inst, call_env, request, vector, vector_len, rctx->with_delim) < 0 ? RLM_MODULE_FAIL : RLM_MODULE_OK); } /** Write a linelog message @@ -687,7 +687,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog_resume(rlm_rcode_t *p_res * @param[in] mctx module calling context. * @param[in] request The current request. */ -static unlang_action_t CC_HINT(nonnull) mod_do_linelog(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_do_linelog(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_linelog_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_linelog_t); linelog_call_env_t const *call_env = talloc_get_type_abort(mctx->env_data, linelog_call_env_t); @@ -703,7 +703,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog(rlm_rcode_t *p_result, mo if (!call_env->log_src && !call_env->log_ref) { cf_log_err(conf, "A 'format', or 'reference' configuration item must be set to call this module"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } buff[0] = '.'; /* force to be in current section (by default) */ @@ -729,7 +729,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog(rlm_rcode_t *p_result, mo */ if (buff[2] == '.') { REDEBUG("Invalid path \"%s\"", p); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } ci = cf_reference_item(NULL, inst->cs, p); @@ -740,7 +740,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog(rlm_rcode_t *p_result, mo if (!cf_item_is_pair(ci)) { REDEBUG("Path \"%s\" resolves to a section (should be a pair)", p); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } cp = cf_item_to_pair(ci); @@ -777,12 +777,12 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog(rlm_rcode_t *p_result, mo }); if (!vpt) { REMARKER(tmpl_str, -slen, "%s", fr_strerror()); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (tmpl_resolve(vpt, NULL) < 0) { RPERROR("Runtime resolution of tmpl failed"); talloc_free(vpt); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } vpt_p = vpt; } else { @@ -792,7 +792,7 @@ static unlang_action_t CC_HINT(nonnull) mod_do_linelog(rlm_rcode_t *p_result, mo */ if (!call_env->log_src) { RDEBUG2("No default message configured"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* * Use the pre-parsed format template @@ -866,7 +866,7 @@ build_vector: talloc_free(vpt); talloc_free(vector); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /* diff --git a/src/modules/rlm_logtee/rlm_logtee.c b/src/modules/rlm_logtee/rlm_logtee.c index 6893a40d066..f89b7cbbd7b 100644 --- a/src/modules/rlm_logtee/rlm_logtee.c +++ b/src/modules/rlm_logtee/rlm_logtee.c @@ -205,7 +205,7 @@ static void logtee_it(fr_log_type_t type, fr_log_lvl_t lvl, request_t *request, char const *fmt, va_list ap, void *uctx) CC_HINT(format (printf, 6, 0)) CC_HINT(nonnull (3, 6)); -static unlang_action_t mod_insert_logtee(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull); +static unlang_action_t mod_insert_logtee(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) CC_HINT(nonnull); /** Connection errored * @@ -523,19 +523,19 @@ finish: * @param[in] mctx Module calling ctx. * @param[in] request request to add our log destination to. */ -static unlang_action_t mod_insert_logtee(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_insert_logtee(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { log_dst_t *dst, **last = NULL; for (dst = request->log.dst; dst; dst = dst->next) { if (dst->uctx == mctx->thread) { - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } last = &(dst->next); } - if (!last) RETURN_MODULE_NOOP; + if (!last) RETURN_UNLANG_NOOP; dst = talloc_zero(request, log_dst_t); dst->func = logtee_it; @@ -543,7 +543,7 @@ static unlang_action_t mod_insert_logtee(rlm_rcode_t *p_result, module_ctx_t con *last = dst; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Create thread-specific connections and buffers diff --git a/src/modules/rlm_lua/lua.c b/src/modules/rlm_lua/lua.c index fc562905b56..dcb60f682a6 100644 --- a/src/modules/rlm_lua/lua.c +++ b/src/modules/rlm_lua/lua.c @@ -855,7 +855,7 @@ static void _lua_fr_request_register(lua_State *L, request_t *request) lua_rawset(L, -3); } -unlang_action_t fr_lua_run(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname) +unlang_action_t fr_lua_run(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname) { rlm_lua_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_lua_thread_t); lua_State *L = thread->interpreter; @@ -876,7 +876,7 @@ error: fr_lua_util_set_mctx(NULL); fr_lua_util_set_request(NULL); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (!lua_isfunction(L, -1)) { @@ -921,7 +921,7 @@ done: fr_lua_util_set_mctx(NULL); fr_lua_util_set_request(NULL); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /* diff --git a/src/modules/rlm_lua/lua.h b/src/modules/rlm_lua/lua.h index 52f7c803b71..0b274c6321d 100644 --- a/src/modules/rlm_lua/lua.h +++ b/src/modules/rlm_lua/lua.h @@ -63,7 +63,7 @@ typedef struct { /* lua.c */ int fr_lua_init(lua_State **out, module_inst_ctx_t const *mctx); -unlang_action_t fr_lua_run(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname); +unlang_action_t fr_lua_run(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *funcname); bool fr_lua_isjit(lua_State *L); char const *fr_lua_version(lua_State *L); int fr_lua_check_func(module_inst_ctx_t const *mctx, lua_State *L, char const *name); diff --git a/src/modules/rlm_lua/rlm_lua.c b/src/modules/rlm_lua/rlm_lua.c index 5a0ba9d9ee2..d6b3be29817 100644 --- a/src/modules/rlm_lua/rlm_lua.c +++ b/src/modules/rlm_lua/rlm_lua.c @@ -77,7 +77,7 @@ static int8_t lua_func_def_cmp(void const *one, void const *two) return CMP(ret, 0); } -static unlang_action_t mod_lua(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_lua(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { lua_call_env_t *func = talloc_get_type_abort(mctx->env_data, lua_call_env_t); return fr_lua_run(p_result, mctx, request, func->func->function_name); diff --git a/src/modules/rlm_mruby/rlm_mruby.c b/src/modules/rlm_mruby/rlm_mruby.c index 4277c5bc950..54e13111027 100644 --- a/src/modules/rlm_mruby/rlm_mruby.c +++ b/src/modules/rlm_mruby/rlm_mruby.c @@ -277,7 +277,7 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) return 0; } -static unlang_action_t CC_HINT(nonnull) mod_mruby(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_mruby(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_mruby_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_mruby_t); mruby_call_env_t *func = talloc_get_type_abort(mctx->env_data, mruby_call_env_t); @@ -318,11 +318,11 @@ DIAG_ON(DIAG_UNKNOWN_PRAGMAS) /* * The return should be a fixnum, which is converted to rlm_rcode_t */ - if (mrb_type(mruby_result) == MRB_TT_FIXNUM) RETURN_MODULE_RCODE((rlm_rcode_t)mrb_int(mrb, mruby_result)); + if (mrb_type(mruby_result) == MRB_TT_FIXNUM) RETURN_UNLANG_RCODE((rlm_rcode_t)mrb_int(mrb, mruby_result)); /* Invalid return type */ RERROR("Expected return to be a Fixnum, got %s instead", RSTRING_PTR(mrb_obj_as_string(mrb, mruby_result))); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* diff --git a/src/modules/rlm_mschap/opendir.c b/src/modules/rlm_mschap/opendir.c index e6491b74db3..a2eed99cb34 100644 --- a/src/modules/rlm_mschap/opendir.c +++ b/src/modules/rlm_mschap/opendir.c @@ -39,11 +39,11 @@ USES_APPLE_DEPRECATED_API /* * Only used by rlm_mschap.c */ -unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair, +unlang_action_t od_mschap_auth(unlang_result_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair, mschap_auth_call_env_t *call_env); -static unlang_action_t getUserNodeRef(rlm_rcode_t *p_result, request_t *request, char* inUserName, char **outUserName, +static unlang_action_t getUserNodeRef(unlang_result_t *p_result, request_t *request, char* inUserName, char **outUserName, tDirNodeReference* userNodeRef, tDirReference dsRef) { tDataBuffer *tDataBuff = NULL; @@ -69,13 +69,13 @@ static unlang_action_t getUserNodeRef(rlm_rcode_t *p_result, request_t *request, if (!inUserName) { REDEBUG("getUserNodeRef(): No username"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } tDataBuff = dsDataBufferAllocate(dsRef, 4096); if (!tDataBuff) { REDEBUG("Failed allocating buffer"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } do { @@ -219,10 +219,10 @@ static unlang_action_t getUserNodeRef(rlm_rcode_t *p_result, request_t *request, } if (nodeRef != 0) dsCloseDirNode(nodeRef); - RETURN_MODULE_RCODE(result); + RETURN_UNLANG_RCODE(result); } -unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair, +unlang_action_t od_mschap_auth(unlang_result_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair, mschap_auth_call_env_t *env_data) { rlm_rcode_t rcode = RLM_MODULE_OK; @@ -244,7 +244,7 @@ unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pai response = fr_pair_find_by_da_nested(&request->request_pairs, NULL, tmpl_attr_tail_da(env_data->chap2_response)); username_string = talloc_array(request, char, usernamepair->vp_length + 1); - if (!username_string) RETURN_MODULE_FAIL; + if (!username_string) RETURN_UNLANG_FAIL; strlcpy(username_string, usernamepair->vp_strvalue, usernamepair->vp_length + 1); @@ -252,10 +252,10 @@ unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pai if (status != eDSNoErr) { talloc_free(username_string); RERROR("Failed opening directory service"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } - getUserNodeRef(&rcode, request, username_string, &short_user_name, &userNodeRef, dsRef); + getUserNodeRef(p_result, request, username_string, &short_user_name, &userNodeRef, dsRef); if (rcode != RLM_MODULE_OK) { if (rcode != RLM_MODULE_NOOP) { RDEBUG2("od_mschap_auth: getUserNodeRef() failed"); @@ -264,7 +264,7 @@ unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pai talloc_free(username_string); if (dsRef != 0) dsCloseDirService(dsRef); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /* We got a node; fill the stepBuffer @@ -402,10 +402,10 @@ unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pai char *status_name = dsCopyDirStatusName(status); RERROR("Authentication failed - status = %s", status_name); free(status_name); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } #endif /* __APPLE__ */ diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c index dc54db09f7f..519e6b9562e 100644 --- a/src/modules/rlm_mschap/rlm_mschap.c +++ b/src/modules/rlm_mschap/rlm_mschap.c @@ -24,6 +24,7 @@ /* MPPE support from Takahiro Wagatsuma */ +#include "lib/unlang/action.h" RCSID("$Id$") #define LOG_PREFIX mctx->mi->name @@ -61,7 +62,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ #endif #ifdef __APPLE__ -unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair, +unlang_action_t od_mschap_auth(unlang_result_t *p_result, request_t *request, fr_pair_t *challenge, fr_pair_t *usernamepair, mschap_auth_call_env_t *env_data); #endif @@ -1355,7 +1356,7 @@ static void mppe_chap2_gen_keys128(uint8_t const *nt_hashhash, uint8_t const *re * it later. Add Auth-Type attribute if present in module * configuration (usually Auth-Type must be "MS-CHAP") */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_mschap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_mschap_t); mschap_autz_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, mschap_autz_call_env_t); @@ -1363,7 +1364,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod fr_pair_t *parent; challenge = fr_pair_find_by_da_nested(&request->request_pairs, NULL, tmpl_attr_tail_da(env_data->chap_challenge)); - if (!challenge) RETURN_MODULE_NOOP; + if (!challenge) RETURN_UNLANG_NOOP; /* * The responses MUST be in the same group as the challenge. @@ -1376,21 +1377,21 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod (env_data->chap2_cpw && !fr_pair_find_by_da(&parent->vp_group, NULL, tmpl_attr_tail_da(env_data->chap2_cpw)))) { RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP response or Change-Password"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup MS-CHAP authentication", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } - if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP; + if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t mschap_error(rlm_rcode_t *p_result, rlm_mschap_t const *inst, request_t *request, +static unlang_action_t mschap_error(unlang_result_t *p_result, rlm_mschap_t const *inst, request_t *request, unsigned char ident, int mschap_result, int mschap_version, fr_pair_t *smb_ctrl, mschap_auth_call_env_t *env_data) { @@ -1453,7 +1454,7 @@ static unlang_action_t mschap_error(rlm_rcode_t *p_result, rlm_mschap_t const *i rcode = RLM_MODULE_REJECT; } - if (rcode == RLM_MODULE_OK) RETURN_MODULE_OK; + if (rcode == RLM_MODULE_OK) RETURN_UNLANG_OK; switch (mschap_version) { case 1: @@ -1469,12 +1470,12 @@ static unlang_action_t mschap_error(rlm_rcode_t *p_result, rlm_mschap_t const *i break; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (env_data->chap_error) mschap_add_reply(request, ident, tmpl_attr_tail_da(env_data->chap_error), buffer, strlen(buffer)); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } @@ -1576,7 +1577,7 @@ found_password: * mschap_cpw_request_process() - do the work to handle an MS-CHAP password * change request. */ -static unlang_action_t CC_HINT(nonnull) mschap_process_cpw_request(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) mschap_process_cpw_request(unlang_result_t *p_result, rlm_mschap_t const *inst, request_t *request, mschap_auth_ctx_t *auth_ctx) @@ -1598,12 +1599,12 @@ static unlang_action_t CC_HINT(nonnull) mschap_process_cpw_request(rlm_rcode_t * tmpl_attr_tail_da(env_data->chap_error), buffer, strlen(buffer)); } - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } RDEBUG2("Password change successful"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Validate data required for change password requests. @@ -1709,7 +1710,7 @@ static int mschap_cpw_prepare(request_t *request, mschap_auth_ctx_t *auth_ctx) return 0; } -static CC_HINT(nonnull) unlang_action_t mschap_process_response(rlm_rcode_t *p_result, int *mschap_version, +static CC_HINT(nonnull) unlang_action_t mschap_process_response(unlang_result_t *p_result, int *mschap_version, uint8_t nthashhash[static NT_DIGEST_LENGTH], rlm_mschap_t const *inst, request_t *request, mschap_auth_ctx_t *auth_ctx, @@ -1728,7 +1729,7 @@ static CC_HINT(nonnull) unlang_action_t mschap_process_response(rlm_rcode_t *p_r */ if (challenge->vp_length < 8) { REDEBUG("%s has the wrong format", env_data->chap_challenge->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -1736,7 +1737,7 @@ static CC_HINT(nonnull) unlang_action_t mschap_process_response(rlm_rcode_t *p_r */ if (response->vp_length < 50) { REDEBUG("%s has the wrong format", env_data->chap_response->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -1745,7 +1746,7 @@ static CC_HINT(nonnull) unlang_action_t mschap_process_response(rlm_rcode_t *p_r */ if (!(response->vp_octets[1] & 0x01)) { REDEBUG2("Client used unsupported method LM-Password"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } offset = 26; @@ -1761,7 +1762,7 @@ static CC_HINT(nonnull) unlang_action_t mschap_process_response(rlm_rcode_t *p_r return mschap_error(p_result, inst, request, *response->vp_octets, mschap_result, *mschap_version, auth_ctx->smb_ctrl, env_data); } -static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t *p_result, int *mschap_version, +static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(unlang_result_t *p_result, int *mschap_version, uint8_t nthashhash[static NT_DIGEST_LENGTH], rlm_mschap_t const *inst, request_t *request, mschap_auth_ctx_t *auth_ctx, @@ -1773,7 +1774,6 @@ static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t * char const *username_str; size_t username_len; int mschap_result; - rlm_rcode_t rcode; char msch2resp[42]; mschap_auth_call_env_t *env_data = auth_ctx->env_data; @@ -1786,7 +1786,7 @@ static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t * */ if (challenge->vp_length < 16) { REDEBUG("%s has the wrong format", env_data->chap_challenge->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -1794,14 +1794,14 @@ static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t * */ if (response->vp_length < 50) { REDEBUG("%s has the wrong format", env_data->chap2_response->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* * We also require a User-Name */ user_name = mschap_identity_find(request, tmpl_attr_tail_da(env_data->username)); - if (!user_name) RETURN_MODULE_FAIL; + if (!user_name) RETURN_UNLANG_FAIL; /* * Check for MS-CHAP-User-Name and if found, use it @@ -1846,8 +1846,8 @@ static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t * */ if (!auth_ctx->nt_password && inst->open_directory) { RDEBUG2("No Password.NT available. Trying OpenDirectory Authentication"); - od_mschap_auth(&rcode, request, challenge, user_name, env_data); - if (rcode != RLM_MODULE_NOOP) RETURN_MODULE_RCODE(rcode); + od_mschap_auth(p_result, request, challenge, user_name, env_data); + if (p_result->rcode != RLM_MODULE_NOOP) return UNLANG_ACTION_CALCULATE_RESULT; } #endif peer_challenge = response->vp_octets + 2; @@ -1877,9 +1877,9 @@ static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t * /* * Check for errors, and add MSCHAP-Error if necessary. */ - mschap_error(&rcode, inst, request, *response->vp_octets, + mschap_error(p_result, inst, request, *response->vp_octets, mschap_result, *mschap_version, auth_ctx->smb_ctrl, env_data); - if (rcode != RLM_MODULE_OK) RETURN_MODULE_RCODE(rcode); + if (p_result->rcode != RLM_MODULE_OK) return UNLANG_ACTION_CALCULATE_RESULT; #ifdef WITH_AUTH_WINBIND if (inst->wb_retry_with_normalised_username) { @@ -1905,13 +1905,13 @@ static unlang_action_t CC_HINT(nonnull) mschap_process_v2_response(rlm_rcode_t * if (env_data->chap2_success) mschap_add_reply(request, *response->vp_octets, tmpl_attr_tail_da(env_data->chap2_success), msch2resp, 42); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Complete mschap authentication after any tmpls have been expanded. * */ -static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_authenticate_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { mschap_auth_ctx_t *auth_ctx = talloc_get_type_abort(mctx->rctx, mschap_auth_ctx_t); mschap_auth_call_env_t *env_data = talloc_get_type_abort(auth_ctx->env_data, mschap_auth_call_env_t); @@ -1921,7 +1921,8 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx fr_pair_t *parent; uint8_t nthashhash[NT_DIGEST_LENGTH]; int mschap_version = 0; - rlm_rcode_t rcode = RLM_MODULE_OK; + + p_result->rcode = RLM_MODULE_OK; if (auth_ctx->cpw) { uint8_t *p; @@ -1931,15 +1932,15 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx */ if (!auth_ctx->nt_password) { REDEBUG("Missing Password.NT - required for change password request"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (!env_data->chap_nt_enc_pw) { REDEBUG("chap_nt_enc_pw option is not set - required for change password request"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } - mschap_process_cpw_request(&rcode, inst, request, auth_ctx); - if (rcode != RLM_MODULE_OK) goto finish; + mschap_process_cpw_request(p_result, inst, request, auth_ctx); + if (p_result->rcode != RLM_MODULE_OK) goto finish; /* * Clear any expiry bit so the user can now login; @@ -1970,7 +1971,7 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx if (!challenge) { REDEBUG("control.Auth-Type = %s set for a request that does not contain %s", auth_ctx->name, env_data->chap_challenge->name); - rcode = RLM_MODULE_INVALID; + p_result->rcode = RLM_MODULE_INVALID; goto finish; } @@ -1984,23 +1985,23 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx * We also require an MS-CHAP-Response. */ if ((response = fr_pair_find_by_da(&parent->vp_group, NULL, tmpl_attr_tail_da(env_data->chap_response)))) { - mschap_process_response(&rcode, + mschap_process_response(p_result, &mschap_version, nthashhash, inst, request, auth_ctx, challenge, response); - if (rcode != RLM_MODULE_OK) goto finish; + if (p_result->rcode != RLM_MODULE_OK) goto finish; } else if ((response = fr_pair_find_by_da_nested(&parent->vp_group, NULL, tmpl_attr_tail_da(env_data->chap2_response)))) { - mschap_process_v2_response(&rcode, + mschap_process_v2_response(p_result, &mschap_version, nthashhash, inst, request, auth_ctx, challenge, response); - if (rcode != RLM_MODULE_OK) goto finish; + if (p_result->rcode != RLM_MODULE_OK) goto finish; } else { /* Neither CHAPv1 or CHAPv2 response: die */ REDEBUG("control.Auth-Type = %s set for a request that does not contain %s or %s attributes", auth_ctx->name, env_data->chap_response->name, env_data->chap2_response->name); - rcode = RLM_MODULE_INVALID; + p_result->rcode = RLM_MODULE_INVALID; goto finish; } @@ -2052,7 +2053,7 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, module_ctx } /* else we weren't asked to use MPPE */ finish: - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } #ifdef WITH_TLS @@ -2210,7 +2211,7 @@ static int mschap_new_pass_decrypt(request_t *request, mschap_auth_ctx_t *auth_c * MS-CHAP-Error for MS-CHAP or MS-CHAP v2 * If MS-CHAP2 succeeds we MUST return MS-CHAP2-Success */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_mschap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_mschap_t); #ifdef WITH_AUTH_WINBIND @@ -2269,7 +2270,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if ((auth_ctx->smb_ctrl->vp_uint32 & ACB_PWNOTREQ) != 0) { RDEBUG2("SMB-Account-Ctrl says no password is required"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } } @@ -2280,7 +2281,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * input attribute, and we're calling out to an * external password store. */ - if (nt_password_find(auth_ctx, &auth_ctx->nt_password, mctx->mi->data, request) < 0) RETURN_MODULE_FAIL; + if (nt_password_find(auth_ctx, &auth_ctx->nt_password, mctx->mi->data, request) < 0) RETURN_UNLANG_FAIL; /* * Check to see if this is a change password request, and process @@ -2294,40 +2295,40 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (!auth_ctx->nt_password) { REDEBUG("Missing Password.NT - required for change password request"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } - if (mschap_cpw_prepare(request, auth_ctx) < 0) RETURN_MODULE_FAIL; + if (mschap_cpw_prepare(request, auth_ctx) < 0) RETURN_UNLANG_FAIL; switch (auth_ctx->method) { case AUTH_INTERNAL: #ifdef WITH_TLS - if (mschap_new_pass_decrypt(request, auth_ctx) < 0) RETURN_MODULE_FAIL; + if (mschap_new_pass_decrypt(request, auth_ctx) < 0) RETURN_UNLANG_FAIL; if (unlang_module_yield(request, mod_authenticate_resume, NULL, 0, auth_ctx) != UNLANG_ACTION_YIELD) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } fr_value_box_list_init(&auth_ctx->cpw_ctx->local_cpw_result); if (unlang_tmpl_push(auth_ctx, &auth_ctx->cpw_ctx->local_cpw_result, request, - env_data->local_cpw, NULL) < 0) RETURN_MODULE_FAIL; + env_data->local_cpw, NULL) < 0) RETURN_UNLANG_FAIL; break; #else REDEBUG("Local MS-CHAPv2 password changes require OpenSSL support"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; #endif default: if (!env_data->ntlm_cpw_username) { REDEBUG("No ntlm_auth username set, passchange will definitely fail!"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* * Run the resumption function where we're done with: */ if (unlang_module_yield(request, mod_authenticate_resume, NULL, 0, auth_ctx) != UNLANG_ACTION_YIELD) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; }; /* @@ -2336,7 +2337,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (env_data->ntlm_cpw_domain) { fr_value_box_list_init(&auth_ctx->cpw_ctx->cpw_domain); if (unlang_tmpl_push(auth_ctx, &auth_ctx->cpw_ctx->cpw_domain, request, - env_data->ntlm_cpw_domain, NULL) < 0) RETURN_MODULE_FAIL; + env_data->ntlm_cpw_domain, NULL) < 0) RETURN_UNLANG_FAIL; } fr_value_box_list_init(&auth_ctx->cpw_ctx->cpw_user); @@ -2345,7 +2346,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * b) Expanding the username */ if (unlang_tmpl_push(auth_ctx, &auth_ctx->cpw_ctx->cpw_user, request, - env_data->ntlm_cpw_username, NULL) < 0) RETURN_MODULE_FAIL; + env_data->ntlm_cpw_username, NULL) < 0) RETURN_UNLANG_FAIL; break; } diff --git a/src/modules/rlm_opendirectory/rlm_opendirectory.c b/src/modules/rlm_opendirectory/rlm_opendirectory.c index dc60426abe5..12802c974b1 100644 --- a/src/modules/rlm_opendirectory/rlm_opendirectory.c +++ b/src/modules/rlm_opendirectory/rlm_opendirectory.c @@ -306,7 +306,7 @@ static long od_check_passwd(request_t *request, char const *uname, char const *p * Check the users password against the standard UNIX * password table. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { int ret; long odResult = eDSAuthFailed; @@ -321,12 +321,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (!username) { REDEBUG("Attribute \"User-Name\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (!password) { REDEBUG("Attribute \"User-Password\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -334,7 +334,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (password->vp_length == 0) { REDEBUG("User-Password must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -375,14 +375,14 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, return ret; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * member of the radius group? */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_opendirectory_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_opendirectory_t); struct passwd *userdata = NULL; @@ -403,7 +403,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name); if (!username) { RDEBUG2("OpenDirectory requires a User-Name attribute"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* resolve SACL */ @@ -415,7 +415,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod err = mbr_gid_to_uuid(gid, guid_sacl); if (err != 0) { REDEBUG("The group \"%s\" does not have a GUID", kRadiusSACLName); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } @@ -434,12 +434,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod groupdata = getgrnam(client->community); if (!groupdata) { REDEBUG("The group \"%s\" does not exist on this system", client->community); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } err = mbr_gid_to_uuid(groupdata->gr_gid, guid_nasgroup); if (err != 0) { REDEBUG("The group \"%s\" does not have a GUID", client->community); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } } @@ -473,19 +473,19 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (uuid_is_null(uuid)) { REDEBUG("Could not get the user's uuid"); - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; } if (!uuid_is_null(guid_sacl)) { err = mbr_check_service_membership(uuid, kRadiusServiceName, &ismember); if (err != 0) { REDEBUG("Failed to check group membership"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (ismember == 0) { REDEBUG("User is not authorized"); - RETURN_MODULE_DISALLOW; + RETURN_UNLANG_DISALLOW; } } @@ -493,12 +493,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod err = mbr_check_membership_refresh(uuid, guid_nasgroup, &ismember); if (err != 0) { REDEBUG("Failed to check group membership"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (ismember == 0) { REDEBUG("User is not authorized"); - RETURN_MODULE_DISALLOW; + RETURN_UNLANG_DISALLOW; } } @@ -506,12 +506,12 @@ setup_auth_type: if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup OpenDirectory authentication", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } - if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP; + if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } static int mod_instantiate(module_inst_ctx_t const *mctx) diff --git a/src/modules/rlm_pam/rlm_pam.c b/src/modules/rlm_pam/rlm_pam.c index 9686d20a9d3..2077e46e7cf 100644 --- a/src/modules/rlm_pam/rlm_pam.c +++ b/src/modules/rlm_pam/rlm_pam.c @@ -211,7 +211,7 @@ static int do_pam(request_t *request, char const *username, char const *passwd, return 0; } -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_pam_t const *data = talloc_get_type_abort_const(mctx->mi->data, rlm_pam_t); int ret; @@ -229,12 +229,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (!username) { REDEBUG("Attribute \"User-Name\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (!password) { REDEBUG("Attribute \"User-Password\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -242,7 +242,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (password->vp_length == 0) { REDEBUG("User-Password must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -262,9 +262,9 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (pair) pam_auth_string = pair->vp_strvalue; ret = do_pam(request, username->vp_strvalue, password->vp_strvalue, pam_auth_string); - if (ret < 0) RETURN_MODULE_REJECT; + if (ret < 0) RETURN_UNLANG_REJECT; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } extern module_rlm_t rlm_pam; diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index 526ab5bef53..dd98c0b278d 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -23,6 +23,7 @@ * @copyright 2012 Matthew Newton (matthew@newtoncomputing.co.uk) * @copyright 2001 Kostas Kalevras (kkalev@noc.ntua.gr) */ +#include "lib/unlang/action.h" RCSID("$Id$") USES_APPLE_DEPRECATED_API @@ -75,7 +76,7 @@ typedef struct { bool normify; } rlm_pap_t; -typedef unlang_action_t (*pap_auth_func_t)(rlm_rcode_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *); +typedef unlang_action_t (*pap_auth_func_t)(unlang_result_t *p_result, rlm_pap_t const *inst, request_t *request, fr_pair_t const *, fr_value_box_t const *); static const conf_parser_t module_config[] = { { FR_CONF_OFFSET("normalise", rlm_pap_t, normify), .dflt = "yes" }, @@ -145,37 +146,37 @@ static fr_dict_attr_t const **pap_alloweds; * This isn't strictly necessary, but it does make the * server simpler to configure. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_pap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_pap_t); pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t); if (fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type) != NULL) { RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (env_data->password.type != FR_TYPE_STRING) { RDEBUG2("No %s attribute in the request. Cannot do PAP", env_data->password_tmpl->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup PAP authentication.", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } - if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP; + if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP; - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } /* * PAP authentication functions */ -static unlang_action_t CC_HINT(nonnull) pap_auth_clear(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_clear(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -184,13 +185,13 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_clear(rlm_rcode_t *p_result, REDEBUG("Cleartext password does not match \"known good\" password"); REDEBUG3("Password : %pV", password); REDEBUG3("Expected : %pV", &known_good->data); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } #ifdef HAVE_CRYPT -static unlang_action_t CC_HINT(nonnull) pap_auth_crypt(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_crypt(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -223,14 +224,14 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_crypt(rlm_rcode_t *p_result, */ if (!crypt_out || (cmp != 0)) { REDEBUG("Crypt digest does not match \"known good\" digest"); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } #endif -static unlang_action_t CC_HINT(nonnull) pap_auth_md5(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_md5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -238,7 +239,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_md5(rlm_rcode_t *p_result, if (known_good->vp_length != MD5_DIGEST_LENGTH) { REDEBUG("\"known-good\" MD5 password has incorrect length, expected 16 got %zu", known_good->vp_length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } fr_md5_calc(digest, password->vb_octets, password->vb_length); @@ -248,14 +249,14 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_md5(rlm_rcode_t *p_result, REDEBUG3("Password : %pV", password); REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH)); REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH)); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t CC_HINT(nonnull) pap_auth_smd5(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_smd5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -264,7 +265,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_smd5(rlm_rcode_t *p_result, if (known_good->vp_length <= MD5_DIGEST_LENGTH) { REDEBUG("\"known-good\" Password.SMD5 has incorrect length, expected 16 got %zu", known_good->vp_length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } md5_ctx = fr_md5_ctx_alloc_from_list(); @@ -281,13 +282,13 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_smd5(rlm_rcode_t *p_result, REDEBUG3("Password : %pV", password); REDEBUG3("Calculated : %pH", fr_box_octets(digest, MD5_DIGEST_LENGTH)); REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, MD5_DIGEST_LENGTH)); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t CC_HINT(nonnull) pap_auth_sha1(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_sha1(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -296,7 +297,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_sha1(rlm_rcode_t *p_result, if (known_good->vp_length != SHA1_DIGEST_LENGTH) { REDEBUG("\"known-good\" Password.SHA1 has incorrect length, expected 20 got %zu", known_good->vp_length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } fr_sha1_init(&sha1_context); @@ -308,13 +309,13 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_sha1(rlm_rcode_t *p_result, REDEBUG3("Password : %pV", password); REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH)); REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH)); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t CC_HINT(nonnull) pap_auth_ssha1(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_ssha1(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -323,7 +324,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ssha1(rlm_rcode_t *p_result, if (known_good->vp_length <= SHA1_DIGEST_LENGTH) { REDEBUG("\"known-good\" Password.SSHA has incorrect length, expected > 20 got %zu", known_good->vp_length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } fr_sha1_init(&sha1_context); @@ -339,14 +340,14 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ssha1(rlm_rcode_t *p_result, known_good->vp_length - SHA1_DIGEST_LENGTH)); REDEBUG3("Calculated : %pH", fr_box_octets(digest, SHA1_DIGEST_LENGTH)); REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, SHA1_DIGEST_LENGTH)); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } #ifdef HAVE_OPENSSL_EVP_H -static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password, char const *name, EVP_MD const *md) @@ -368,13 +369,13 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md(rlm_rcode_t *p_result, REDEBUG3("Password : %pV", password); REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len)); REDEBUG3("Expected : %pH", &known_good->data); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md_salted(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md_salted(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password, char const *name, EVP_MD const *md) @@ -403,17 +404,17 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_evp_md_salted(rlm_rcode_t *p_re fr_box_octets(known_good->vp_octets + digest_len, known_good->vp_length - digest_len)); REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len)); REDEBUG3("Expected : %pH", fr_box_octets(known_good->vp_octets, digest_len)); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Define a new OpenSSL EVP based password hashing function * */ #define PAP_AUTH_EVP_MD(_func, _new_func, _name, _md) \ -static unlang_action_t CC_HINT(nonnull) _new_func(rlm_rcode_t *p_result, \ +static unlang_action_t CC_HINT(nonnull) _new_func(unlang_result_t *p_result, \ rlm_pap_t const *inst, request_t *request, \ fr_pair_t const *known_good, fr_value_box_t const *password) \ { \ @@ -453,7 +454,7 @@ PAP_AUTH_EVP_MD(pap_auth_evp_md_salted, pap_auth_ssha3_512, "SSHA3-512", EVP_sha * - RLM_MODULE_REJECT * - RLM_MODULE_OK */ -static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(rlm_rcode_t *p_result, +static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(unlang_result_t *p_result, request_t *request, const uint8_t *str, size_t len, int digest_type, char iter_sep, char salt_sep, bool iter_is_base64, fr_value_box_t const *password) @@ -663,7 +664,7 @@ static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse_digest(rlm_ finish: talloc_free(salt); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /** Validates Crypt::PBKDF2 LDAP format strings @@ -683,7 +684,7 @@ finish: * - RLM_MODULE_REJECT * - RLM_MODULE_OK */ -static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(rlm_rcode_t *p_result, +static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(unlang_result_t *p_result, request_t *request, const uint8_t *str, size_t len, fr_table_num_sorted_t const hash_names[], size_t hash_names_len, char scheme_sep, char iter_sep, char salt_sep, @@ -720,10 +721,10 @@ static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(rlm_rcode_t return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, digest_type, iter_sep, salt_sep, iter_is_base64, password); finish: - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } -static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(rlm_rcode_t *p_result, +static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) @@ -732,7 +733,7 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(rlm_rcode_t *p_re if ((end - p) < 2) { REDEBUG("Password.PBKDF2 too short"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -793,15 +794,15 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2(rlm_rcode_t *p_re REDEBUG("Can't determine format of Password.PBKDF2"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* * 389ds pbkdf2 passwords - * + * * {PBKDF2-}$$ */ -static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha1(rlm_rcode_t *p_result, +static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha1(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) @@ -810,13 +811,13 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha1(rlm_rcode_t if ((end - p) < 2) { REDEBUG("Password.With-Header {PBKDF2-SHA1} too short"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA1, '$', '$', false, password); } -static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256(rlm_rcode_t *p_result, +static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) @@ -825,13 +826,13 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256(rlm_rcode_ if ((end - p) < 2) { REDEBUG("Password.With-Header {PBKDF2-SHA256} too short"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_256, '$', '$', false, password); } -static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(rlm_rcode_t *p_result, +static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) @@ -840,7 +841,7 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(rlm_rcode_ if ((end - p) < 2) { REDEBUG("Password.With-Header {PBKDF2-SHA512} too short"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } return pap_auth_pbkdf2_parse_digest(p_result, request, p, end - p, FR_SSHA2_512, '$', '$', false, password); @@ -857,7 +858,7 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha512(rlm_rcode_ * 64 bytes salt * 256 bytes hash */ -static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(rlm_rcode_t *p_result, +static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) @@ -885,7 +886,7 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(rlm if ((end - p) != PBKDF2_SHA256_LEGACY_B64_LENGTH) { REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect size %zd instead of %d.", known_good->vp_length, PBKDF2_SHA256_LEGACY_B64_LENGTH); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } slen = fr_base64_decode(&FR_DBUFF_TMP((uint8_t *) &pbkdf2_buf, sizeof(pbkdf2_buf)), @@ -893,19 +894,19 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(rlm if (slen <= 0) { RPEDEBUG("Failed decoding Password.With-Header {PBKDF2_SHA256}: \"%.*s\"", (int)(end -p), p); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (slen != PBKDF2_SHA256_LEGACY_TOTAL_LENGTH) { REDEBUG("Password.With-Header {PBKDF2_SHA256} has incorrect decoded size %zd instead of %d.", slen, PBKDF2_SHA256_LEGACY_TOTAL_LENGTH); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } pbkdf2_buf.iterations = ntohl(pbkdf2_buf.iterations); if (pbkdf2_buf.iterations != PBKDF2_SHA256_LEGACY_ITERATIONS) { REDEBUG("Password.With-Header {PBKDF2_SHA256} has unexpected number of iterations %d instead of %d.", pbkdf2_buf.iterations, PBKDF2_SHA256_LEGACY_ITERATIONS); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (PKCS5_PBKDF2_HMAC((char const *)password->vb_octets, (int)password->vb_length, @@ -914,7 +915,7 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(rlm evp_md, (int)digest_len, (unsigned char *)digest) == 0) { fr_tls_log(request, "PBKDF2_SHA256 digest failure"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (fr_digest_cmp(digest, pbkdf2_buf.hash, (size_t)digest_len) != 0) { @@ -922,14 +923,14 @@ static inline unlang_action_t CC_HINT(nonnull) pap_auth_pbkdf2_sha256_legacy(rlm REDEBUG3("Salt : %pH", fr_box_octets(pbkdf2_buf.salt, PBKDF2_SHA256_LEGACY_SALT_LENGTH)); REDEBUG3("Calculated : %pH", fr_box_octets(digest, digest_len)); REDEBUG3("Expected : %pH", fr_box_octets(pbkdf2_buf.hash, PBKDF2_SHA256_LEGACY_HASH_LENGTH)); - RETURN_MODULE_RCODE(RLM_MODULE_REJECT); + RETURN_UNLANG_RCODE(RLM_MODULE_REJECT); } else { - RETURN_MODULE_RCODE(RLM_MODULE_OK); + RETURN_UNLANG_RCODE(RLM_MODULE_OK); } } #endif -static unlang_action_t CC_HINT(nonnull) pap_auth_nt(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_nt(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -941,14 +942,14 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_nt(rlm_rcode_t *p_result, if (known_good->vp_length != MD4_DIGEST_LENGTH) { REDEBUG("\"known good\" Password.NT has incorrect length, expected 16 got %zu", known_good->vp_length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } len = fr_utf8_to_ucs2(ucs2, sizeof(ucs2), password->vb_strvalue, password->vb_length); if (len < 0) { REDEBUG("User-Password is not in UCS2 format"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } fr_md4_calc(digest, (uint8_t *)ucs2, len); @@ -957,13 +958,13 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_nt(rlm_rcode_t *p_result, REDEBUG("NT digest does not match \"known good\" digest"); REDEBUG3("Calculated : %pH", fr_box_octets(digest, sizeof(digest))); REDEBUG3("Expected : %pH", &known_good->data); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } -static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, request_t *request, fr_pair_t const *known_good, fr_value_box_t const *password) { @@ -977,7 +978,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_resul if (known_good->vp_length != 64) { REDEBUG("\"known good\" Password.NS-MTA-MD5 has incorrect length, expected 64 got %zu", known_good->vp_length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -986,7 +987,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_resul if (fr_base16_decode(NULL, &digest_dbuff, &FR_SBUFF_IN(known_good->vp_strvalue, known_good->vp_length), false) != 16) { REDEBUG("\"known good\" Password.NS-MTA-MD5 has invalid value"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -996,7 +997,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_resul */ if (password->vb_length >= (sizeof(buff) - 2 - 2 * 32)) { REDEBUG("\"known good\" Password.NS-MTA-MD5 is too long"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -1019,20 +1020,20 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_ns_mta_md5(rlm_rcode_t *p_resul if (fr_digest_cmp(fr_dbuff_start(&digest_dbuff), buff, 16) != 0) { REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest"); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Auth func for password types that should have been normalised away * */ -static unlang_action_t CC_HINT(nonnull) pap_auth_dummy(rlm_rcode_t *p_result, +static unlang_action_t CC_HINT(nonnull) pap_auth_dummy(unlang_result_t *p_result, UNUSED rlm_pap_t const *inst, UNUSED request_t *request, UNUSED fr_pair_t const *known_good, UNUSED fr_value_box_t const *password) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /** Table of password types we can process @@ -1082,19 +1083,20 @@ static const pap_auth_func_t auth_func_table[] = { /* * Authenticate the user via one of any well-known password. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_pap_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_pap_t); fr_pair_t *known_good; - rlm_rcode_t rcode = RLM_MODULE_INVALID; pap_auth_func_t auth_func; bool ephemeral; pap_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, pap_call_env_t); + p_result->rcode = RLM_MODULE_INVALID; + if (env_data->password.type != FR_TYPE_STRING) { REDEBUG("You set 'Auth-Type = PAP' for a request that does not contain a %s attribute!", env_data->password_tmpl->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -1102,7 +1104,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (env_data->password.vb_length == 0) { REDEBUG("Password must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (RDEBUG_ENABLED3) { @@ -1123,7 +1125,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, inst->normify); if (!known_good) { REDEBUG("No \"known good\" password found for user"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } fr_assert(known_good->da->attr < NUM_ELEMENTS(auth_func_table)); @@ -1140,9 +1142,9 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * Authenticate, and return. */ - auth_func(&rcode, inst, request, known_good, &env_data->password); + auth_func(p_result, inst, request, known_good, &env_data->password); if (ephemeral) TALLOC_FREE(known_good); - switch (rcode) { + switch (p_result->rcode) { case RLM_MODULE_REJECT: REDEBUG("Password incorrect"); break; @@ -1155,7 +1157,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, break; } - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } static int mod_instantiate(module_inst_ctx_t const *mctx) diff --git a/src/modules/rlm_passwd/rlm_passwd.c b/src/modules/rlm_passwd/rlm_passwd.c index cd23bc2975f..8d2ee376a9c 100644 --- a/src/modules/rlm_passwd/rlm_passwd.c +++ b/src/modules/rlm_passwd/rlm_passwd.c @@ -560,7 +560,7 @@ static void result_add(TALLOC_CTX *ctx, rlm_passwd_t const *inst, request_t *req } } -static unlang_action_t CC_HINT(nonnull) mod_passwd_map(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_passwd_map(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_passwd_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_passwd_t); @@ -571,7 +571,7 @@ static unlang_action_t CC_HINT(nonnull) mod_passwd_map(rlm_rcode_t *p_result, mo int found = 0; key = fr_pair_find_by_da(&request->request_pairs, NULL, inst->keyattr); - if (!key) RETURN_MODULE_NOTFOUND; + if (!key) RETURN_UNLANG_NOTFOUND; for (i = fr_pair_dcursor_by_da_init(&cursor, &request->request_pairs, inst->keyattr); i; @@ -601,9 +601,9 @@ static unlang_action_t CC_HINT(nonnull) mod_passwd_map(rlm_rcode_t *p_result, mo if (!inst->allow_multiple) break; } - if (!found) RETURN_MODULE_NOTFOUND; + if (!found) RETURN_UNLANG_NOTFOUND; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } extern module_rlm_t rlm_passwd; diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c index a2274be672f..b3f65c951b4 100644 --- a/src/modules/rlm_perl/rlm_perl.c +++ b/src/modules/rlm_perl/rlm_perl.c @@ -1442,7 +1442,7 @@ static void perl_pair_list_tie(HV *parent, HV *frpair_stash, char const *name, f * Store all vps in hashes %RAD_CONFIG %RAD_REPLY %RAD_REQUEST * */ -static unlang_action_t CC_HINT(nonnull) mod_perl(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_perl(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_perl_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_perl_t); perl_call_env_t *func = talloc_get_type_abort(mctx->env_data, perl_call_env_t); @@ -1516,7 +1516,7 @@ static unlang_action_t CC_HINT(nonnull) mod_perl(rlm_rcode_t *p_result, module_c LEAVE; } - RETURN_MODULE_RCODE(ret); + RETURN_UNLANG_RCODE(ret); } DIAG_OFF(DIAG_UNKNOWN_PRAGMAS) diff --git a/src/modules/rlm_python/rlm_python.c b/src/modules/rlm_python/rlm_python.c index 2444b4c9b9a..a34634062ab 100644 --- a/src/modules/rlm_python/rlm_python.c +++ b/src/modules/rlm_python/rlm_python.c @@ -24,6 +24,7 @@ * @copyright 2000,2006,2015-2016 The FreeRADIUS server project * @copyright 2025 Network RADIUS SAS */ +#include "lib/unlang/action.h" RCSID("$Id$") #define LOG_PREFIX inst->name @@ -1184,7 +1185,7 @@ static inline CC_HINT(always_inline) PyObject *pair_list_alloc(request_t *reques return py_list; } -static unlang_action_t do_python_single(rlm_rcode_t *p_result, module_ctx_t const *mctx, +static unlang_action_t do_python_single(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, PyObject *p_func, char const *funcname) { rlm_rcode_t rcode = RLM_MODULE_OK; @@ -1200,7 +1201,7 @@ static unlang_action_t do_python_single(rlm_rcode_t *p_result, module_ctx_t cons py_request = PyObject_CallObject((PyObject *)&py_freeradius_request_def, NULL); if (unlikely(!py_request)) { python_error_log(inst, request); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } our_request = (py_freeradius_request_t *)py_request; @@ -1214,7 +1215,7 @@ static unlang_action_t do_python_single(rlm_rcode_t *p_result, module_ctx_t cons req_error: Py_DECREF(py_request); python_error_log(inst, request); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } our_request->reply = pair_list_alloc(request, request_attr_reply); @@ -1265,31 +1266,30 @@ finish: Py_XDECREF(p_ret); Py_XDECREF(py_request); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /** Thread safe call to a python function * * Will swap in thread state specific to module/thread. */ -static unlang_action_t mod_python(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_python(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_python_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_python_thread_t); python_call_env_t *func = talloc_get_type_abort(mctx->env_data, python_call_env_t); - rlm_rcode_t rcode; /* * It's a NOOP if the function wasn't defined */ - if (!func->func->function) RETURN_MODULE_NOOP; + if (!func->func->function) RETURN_UNLANG_NOOP; RDEBUG3("Using thread state %p/%p", mctx->mi->data, t->state); PyEval_RestoreThread(t->state); /* Swap in our local thread state */ - do_python_single(&rcode, mctx, request, func->func->function, func->func->function_name); + do_python_single(p_result, mctx, request, func->func->function, func->func->function_name); (void)fr_cond_assert(PyEval_SaveThread() == t->state); - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } static void python_obj_destroy(PyObject **ob) @@ -1737,10 +1737,10 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) * Call the instantiate function. */ if (inst->instantiate.function) { - rlm_rcode_t rcode; + unlang_result_t result; - do_python_single(&rcode, MODULE_CTX_FROM_INST(mctx), NULL, inst->instantiate.function, "instantiate"); - switch (rcode) { + do_python_single(&result, MODULE_CTX_FROM_INST(mctx), NULL, inst->instantiate.function, "instantiate"); + switch (result.rcode) { case RLM_MODULE_FAIL: case RLM_MODULE_REJECT: error: @@ -1784,9 +1784,9 @@ static int mod_detach(module_detach_ctx_t const *mctx) * We don't care if this fails. */ if (inst->detach.function) { - rlm_rcode_t rcode; + unlang_result_t result; - (void)do_python_single(&rcode, MODULE_CTX_FROM_INST(mctx), NULL, inst->detach.function, "detach"); + (void)do_python_single(&result, MODULE_CTX_FROM_INST(mctx), NULL, inst->detach.function, "detach"); } #define PYTHON_FUNC_DESTROY(_x) python_function_destroy(&inst->_x) diff --git a/src/modules/rlm_radius/bio.c b/src/modules/rlm_radius/bio.c index d75153102b0..b54ae9ed71d 100644 --- a/src/modules/rlm_radius/bio.c +++ b/src/modules/rlm_radius/bio.c @@ -2271,14 +2271,14 @@ static void request_complete(request_t *request, NDEBUG_UNUSED void *preq, void /** Resume execution of the request, returning the rcode set during trunk execution * */ -static unlang_action_t mod_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t mod_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { bio_request_t *u = talloc_get_type_abort(mctx->rctx, bio_request_t); rlm_rcode_t rcode = u->rcode; talloc_free(u); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } static void do_signal(rlm_radius_t const *inst, bio_request_t *u, request_t *request, fr_signal_t action); diff --git a/src/modules/rlm_radius/rlm_radius.c b/src/modules/rlm_radius/rlm_radius.c index 2352975f95d..5dabe03abe5 100644 --- a/src/modules/rlm_radius/rlm_radius.c +++ b/src/modules/rlm_radius/rlm_radius.c @@ -584,7 +584,7 @@ static int radius_fixups(rlm_radius_t const *inst, request_t *request) /** Send packets outbound. * */ -static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_radius_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_radius_t); bio_thread_t *thread = talloc_get_type_abort(mctx->thread, bio_thread_t); @@ -595,13 +595,13 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul if (!request->packet->code) { REDEBUG("You MUST specify a packet code"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if ((request->packet->code >= FR_RADIUS_CODE_MAX) || !fr_time_delta_ispos(inst->retry[request->packet->code].irt)) { /* can't be zero */ REDEBUG("Invalid packet code %u", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -611,13 +611,13 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul if ((inst->mode == RLM_RADIUS_MODE_UNCONNECTED_REPLICATE) || (inst->mode == RLM_RADIUS_MODE_XLAT_PROXY)) { REDEBUG("When using 'mode = unconnected-*', this module cannot be used in-place. Instead, it must be called via a function call"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } client = client_from_request(request); if (client && client->dynamic && !client->active) { REDEBUG("Cannot proxy packets which define dynamic clients"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -628,8 +628,8 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul * the request... */ rcode = mod_enqueue(&u, &retry_config, inst, thread->ctx.trunk, request); - if (rcode == 0) RETURN_MODULE_NOOP; - if (rcode < 0) RETURN_MODULE_FAIL; + if (rcode == 0) RETURN_UNLANG_NOOP; + if (rcode < 0) RETURN_UNLANG_FAIL; return unlang_module_yield_to_retry(request, mod_resume, mod_retry, mod_signal, 0, u, retry_config); } diff --git a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c index f1fc2786ee1..1d5c6f959f2 100644 --- a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c +++ b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c @@ -1091,14 +1091,14 @@ finish: if (env->pool_name.vb_length > IPPOOL_MAX_KEY_PREFIX_SIZE) { \ REDEBUG("Pool name too long. Expected %u bytes, got %ld bytes", \ IPPOOL_MAX_KEY_PREFIX_SIZE, env->pool_name.vb_length); \ - RETURN_MODULE_FAIL; \ + RETURN_UNLANG_FAIL; \ } \ if (env->pool_name.vb_length == 0) { \ RDEBUG2("Empty pool name. Doing nothing"); \ - RETURN_MODULE_NOOP; \ + RETURN_UNLANG_NOOP; \ } -static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_alloc(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_redis_ippool_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_redis_ippool_t); redis_ippool_alloc_call_env_t *env = talloc_get_type_abort(mctx->env_data, redis_ippool_alloc_call_env_t); @@ -1117,18 +1117,18 @@ static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ switch (redis_ippool_allocate(inst, request, env, lease_time)) { case IPPOOL_RCODE_SUCCESS: RDEBUG2("IP address lease allocated"); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; case IPPOOL_RCODE_POOL_EMPTY: RWDEBUG("Pool contains no free addresses"); - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } -static unlang_action_t CC_HINT(nonnull) mod_update(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_update(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_redis_ippool_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_redis_ippool_t); redis_ippool_update_call_env_t *env = talloc_get_type_abort(mctx->env_data, redis_ippool_update_call_env_t); @@ -1161,9 +1161,9 @@ static unlang_action_t CC_HINT(nonnull) mod_update(rlm_rcode_t *p_result, module fr_value_box_copy(NULL, &ip_rhs.data.literal, &env->requested_address); - if (map_to_request(request, &ip_map, map_to_vp, NULL) < 0) RETURN_MODULE_FAIL; + if (map_to_request(request, &ip_map, map_to_vp, NULL) < 0) RETURN_UNLANG_FAIL; } - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; /* * It's useful to be able to identify the 'not found' case @@ -1173,24 +1173,24 @@ static unlang_action_t CC_HINT(nonnull) mod_update(rlm_rcode_t *p_result, module case IPPOOL_RCODE_NOT_FOUND: REDEBUG("Requested IP address \"%pV\" is not a member of the specified pool", &env->requested_address); - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; case IPPOOL_RCODE_EXPIRED: REDEBUG("Requested IP address' \"%pV\" lease already expired at time of renewal", &env->requested_address); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; case IPPOOL_RCODE_DEVICE_MISMATCH: REDEBUG("Requested IP address' \"%pV\" lease allocated to another device", &env->requested_address); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } -static unlang_action_t CC_HINT(nonnull) mod_release(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_release(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_redis_ippool_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_redis_ippool_t); redis_ippool_release_call_env_t *env = talloc_get_type_abort(mctx->env_data, redis_ippool_release_call_env_t); @@ -1202,7 +1202,7 @@ static unlang_action_t CC_HINT(nonnull) mod_release(rlm_rcode_t *p_result, modul switch (redis_ippool_release(inst, request, &env->pool_name, &env->requested_address.datum.ip, &env->owner)) { case IPPOOL_RCODE_SUCCESS: RDEBUG2("IP address \"%pV\" released", &env->requested_address); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; /* * It's useful to be able to identify the 'not found' case @@ -1212,23 +1212,23 @@ static unlang_action_t CC_HINT(nonnull) mod_release(rlm_rcode_t *p_result, modul case IPPOOL_RCODE_NOT_FOUND: REDEBUG("Requested IP address \"%pV\" is not a member of the specified pool", &env->requested_address); - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; case IPPOOL_RCODE_DEVICE_MISMATCH: REDEBUG("Requested IP address' \"%pV\" lease allocated to another device", &env->requested_address); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } -static unlang_action_t CC_HINT(nonnull) mod_bulk_release(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, +static unlang_action_t CC_HINT(nonnull) mod_bulk_release(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { RDEBUG2("Bulk release not yet implemented"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } static int mod_instantiate(module_inst_ctx_t const *mctx) diff --git a/src/modules/rlm_rediswho/rlm_rediswho.c b/src/modules/rlm_rediswho/rlm_rediswho.c index 511cd4471a1..9d14adc7d2c 100644 --- a/src/modules/rlm_rediswho/rlm_rediswho.c +++ b/src/modules/rlm_rediswho/rlm_rediswho.c @@ -175,7 +175,7 @@ static int rediswho_command(rlm_rediswho_t const *inst, request_t *request, char return ret; } -static unlang_action_t mod_accounting_all(rlm_rcode_t *p_result, rlm_rediswho_t const *inst, request_t *request, +static unlang_action_t mod_accounting_all(unlang_result_t *p_result, rlm_rediswho_t const *inst, request_t *request, char const *insert, char const *trim, char const *expire) @@ -183,22 +183,21 @@ static unlang_action_t mod_accounting_all(rlm_rcode_t *p_result, rlm_rediswho_t int ret; ret = rediswho_command(inst, request, insert); - if (ret < 0) RETURN_MODULE_FAIL; + if (ret < 0) RETURN_UNLANG_FAIL; /* Only trim if necessary */ if (trim && (inst->trim_count >= 0) && (ret > inst->trim_count)) { - if (rediswho_command(inst, request, trim) < 0) RETURN_MODULE_FAIL; + if (rediswho_command(inst, request, trim) < 0) RETURN_UNLANG_FAIL; } - if (rediswho_command(inst, request, expire) < 0) RETURN_MODULE_FAIL; - RETURN_MODULE_OK; + if (rediswho_command(inst, request, expire) < 0) RETURN_UNLANG_FAIL; + RETURN_UNLANG_OK; } -static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rediswho_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rediswho_t); CONF_SECTION *conf = mctx->mi->conf; - rlm_rcode_t rcode; fr_pair_t *vp; fr_dict_enum_value_t const *dv; CONF_SECTION *cs; @@ -207,19 +206,19 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_acct_status_type); if (!vp) { RDEBUG2("Could not find account status type in packet"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } dv = fr_dict_enum_by_value(vp->da, &vp->data); if (!dv) { RDEBUG2("Unknown Acct-Status-Type %u", vp->vp_uint32); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } cs = cf_section_find(conf, dv->name, NULL); if (!cs) { RDEBUG2("No subsection %s", dv->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } insert = cf_pair_value(cf_pair_find(cs, "insert")); @@ -228,15 +227,15 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo if (!insert) { RDEBUG("No 'insert' query - ignoring"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (!expire) { RDEBUG("No 'expire' query - ignoring"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } - return mod_accounting_all(&rcode, inst, request, insert, trim, expire); + return mod_accounting_all(p_result, inst, request, insert, trim, expire); } static int mod_instantiate(module_inst_ctx_t const *mctx) diff --git a/src/modules/rlm_rest/rlm_rest.c b/src/modules/rlm_rest/rlm_rest.c index 81923ebf67d..7c208665c46 100644 --- a/src/modules/rlm_rest/rlm_rest.c +++ b/src/modules/rlm_rest/rlm_rest.c @@ -617,7 +617,7 @@ static xlat_action_t rest_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, return unlang_xlat_yield(request, rest_xlat_resume, rest_io_xlat_signal, ~FR_SIGNAL_CANCEL, rctx); } -static unlang_action_t mod_authorize_result(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_authorize_result(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); rlm_rest_section_t const *section = &inst->authenticate; @@ -694,7 +694,7 @@ static unlang_action_t mod_authorize_result(rlm_rcode_t *p_result, module_ctx_t finish: rest_slab_release(handle); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /* @@ -703,7 +703,7 @@ finish: * from the database. The authentication code only needs to check * the password, the rest is done here. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t); @@ -714,23 +714,23 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (!section->name) { RDEBUG2("No authorize section configured"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } handle = rest_slab_reserve(t->slab); - if (!handle) RETURN_MODULE_FAIL; + if (!handle) RETURN_UNLANG_FAIL; ret = rlm_rest_perform(mctx, section, handle, request); if (ret < 0) { rest_slab_release(handle); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield(request, mod_authorize_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle); } -static unlang_action_t mod_authenticate_result(rlm_rcode_t *p_result, +static unlang_action_t mod_authenticate_result(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); @@ -808,13 +808,13 @@ static unlang_action_t mod_authenticate_result(rlm_rcode_t *p_result, finish: rest_slab_release(handle); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /* * Authenticate the user with the given password. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t); @@ -826,7 +826,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (!section->name) { RDEBUG2("No authentication section configured"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -835,12 +835,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (!call_env->request.username) { REDEBUG("Attribute \"User-Name\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (!call_env->request.password) { REDEBUG("Attribute \"User-Password\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -848,7 +848,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (call_env->request.password->vb_length == 0) { REDEBUG("User-Password must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -861,19 +861,19 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, } handle = rest_slab_reserve(t->slab); - if (!handle) RETURN_MODULE_FAIL; + if (!handle) RETURN_UNLANG_FAIL; ret = rlm_rest_perform(mctx, section, handle, request); if (ret < 0) { rest_slab_release(handle); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield(request, mod_authenticate_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle); } -static unlang_action_t mod_accounting_result(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_accounting_result(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); rlm_rest_section_t const *section = &inst->authenticate; @@ -918,13 +918,13 @@ static unlang_action_t mod_accounting_result(rlm_rcode_t *p_result, module_ctx_t finish: rest_slab_release(handle); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /* * Send accounting info to a REST API endpoint */ -static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t); @@ -935,23 +935,23 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo if (!section->name) { RDEBUG2("No accounting section configured"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } handle = rest_slab_reserve(t->slab); - if (!handle) RETURN_MODULE_FAIL; + if (!handle) RETURN_UNLANG_FAIL; ret = rlm_rest_perform(mctx, section, handle, request); if (ret < 0) { rest_slab_release(handle); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield(request, mod_accounting_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle); } -static unlang_action_t mod_post_auth_result(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_post_auth_result(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); rlm_rest_section_t const *section = &inst->authenticate; @@ -996,13 +996,13 @@ static unlang_action_t mod_post_auth_result(rlm_rcode_t *p_result, module_ctx_t finish: rest_slab_release(handle); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /* * Send post-auth info to a REST API endpoint */ -static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_rest_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_rest_t); rlm_rest_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_rest_thread_t); @@ -1013,17 +1013,17 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod if (!section->name) { RDEBUG2("No post-auth section configured"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } handle = rest_slab_reserve(t->slab); - if (!handle) RETURN_MODULE_FAIL; + if (!handle) RETURN_UNLANG_FAIL; ret = rlm_rest_perform(mctx, section, handle, request); if (ret < 0) { rest_slab_release(handle); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield(request, mod_post_auth_result, rest_io_module_signal, ~FR_SIGNAL_CANCEL, handle); diff --git a/src/modules/rlm_securid/rlm_securid.c b/src/modules/rlm_securid/rlm_securid.c index 181157cfdff..b0373e1b273 100644 --- a/src/modules/rlm_securid/rlm_securid.c +++ b/src/modules/rlm_securid/rlm_securid.c @@ -465,7 +465,7 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) /* * Authenticate the user via one of any well-known password. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { int rcode; rlm_securid_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_securid_t); @@ -482,12 +482,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (!username) { REDEBUG("Attribute \"User-Name\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (!password) { REDEBUG("Attribute \"User-Password\" is required for authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -495,7 +495,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (password->vp_length == 0) { REDEBUG("Password should not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (RDEBUG_ENABLED3) { @@ -537,7 +537,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, MEM(pair_update_reply(&vp, attr_reply_message) >= 0); fr_pair_value_strdup(vp, buffer, false); } - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } diff --git a/src/modules/rlm_sigtran/client.c b/src/modules/rlm_sigtran/client.c index 88f05717a37..39970aaf3fb 100644 --- a/src/modules/rlm_sigtran/client.c +++ b/src/modules/rlm_sigtran/client.c @@ -277,7 +277,7 @@ static void sigtran_client_signal(module_ctx_t const *mctx, UNUSED request_t *re txn->ctx.request = NULL; /* remove the link to the (now dead) request */ } -static unlang_action_t sigtran_client_map_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t sigtran_client_map_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { sigtran_transaction_t *txn = talloc_get_type_abort(mctx->rctx, sigtran_transaction_t); rlm_rcode_t rcode; @@ -392,7 +392,7 @@ static unlang_action_t sigtran_client_map_resume(rlm_rcode_t *p_result, module_c } talloc_free(txn); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } /** Create a MAP_SEND_AUTH_INFO request @@ -403,7 +403,7 @@ static unlang_action_t sigtran_client_map_resume(rlm_rcode_t *p_result, module_c * @param conn current connection. * @param fd file descriptor on which the transaction is done */ -unlang_action_t sigtran_client_map_send_auth_info(rlm_rcode_t *p_result, rlm_sigtran_t const *inst, request_t *request, +unlang_action_t sigtran_client_map_send_auth_info(unlang_result_t *p_result, rlm_sigtran_t const *inst, request_t *request, sigtran_conn_t const *conn, int fd) { sigtran_transaction_t *txn; @@ -423,7 +423,7 @@ unlang_action_t sigtran_client_map_send_auth_info(rlm_rcode_t *p_result, rlm_sig ERROR("Failed retrieving version"); error: talloc_free(txn); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } switch (req->version) { diff --git a/src/modules/rlm_sigtran/rlm_sigtran.c b/src/modules/rlm_sigtran/rlm_sigtran.c index 9357724e282..ad16f22d9bb 100644 --- a/src/modules/rlm_sigtran/rlm_sigtran.c +++ b/src/modules/rlm_sigtran/rlm_sigtran.c @@ -197,7 +197,7 @@ fr_dict_attr_autoload_t rlm_sigtran_dict_attr[] = { { NULL } }; -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_sigtran_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sigtran_t); rlm_sigtran_thread_t const *t = talloc_get_type_abort_const(mctx->thread, rlm_sigtran_thread_t); diff --git a/src/modules/rlm_sigtran/sigtran.h b/src/modules/rlm_sigtran/sigtran.h index c8deb64a842..933f4dd63b3 100644 --- a/src/modules/rlm_sigtran/sigtran.h +++ b/src/modules/rlm_sigtran/sigtran.h @@ -257,7 +257,7 @@ int sigtran_client_link_up(sigtran_conn_t const **out, sigtran_conn_conf_t const int sigtran_client_link_down(sigtran_conn_t const **conn); -unlang_action_t sigtran_client_map_send_auth_info(rlm_rcode_t *p_result, rlm_sigtran_t const *inst, request_t *request, +unlang_action_t sigtran_client_map_send_auth_info(unlang_result_t *p_result, rlm_sigtran_t const *inst, request_t *request, sigtran_conn_t const *conn, int fd); /* diff --git a/src/modules/rlm_smtp/rlm_smtp.c b/src/modules/rlm_smtp/rlm_smtp.c index 6f5beb20285..5c845df1b67 100644 --- a/src/modules/rlm_smtp/rlm_smtp.c +++ b/src/modules/rlm_smtp/rlm_smtp.c @@ -580,7 +580,7 @@ static void smtp_io_module_signal(module_ctx_t const *mctx, request_t *request, * When responding to requests initiated by mod_mail this indicates * the mail has been queued. */ -static unlang_action_t smtp_io_module_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t smtp_io_module_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_smtp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_smtp_t); fr_curl_io_request_t *randle = talloc_get_type_abort(mctx->rctx, fr_curl_io_request_t); @@ -603,17 +603,17 @@ static unlang_action_t smtp_io_module_resume(rlm_rcode_t *p_result, module_ctx_t switch (result) { case CURLE_PEER_FAILED_VERIFICATION: case CURLE_LOGIN_DENIED: - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; default: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } } if (tls->extract_cert_attrs) fr_curl_response_certinfo(request, randle); smtp_slab_release(randle); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* @@ -630,7 +630,7 @@ static unlang_action_t smtp_io_module_resume(rlm_rcode_t *p_result, module_ctx_t * Then it queues the request and yields until a response is given * When it responds, smtp_io_module_resume is called. */ -static unlang_action_t CC_HINT(nonnull) mod_mail(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_mail(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_smtp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_smtp_t); rlm_smtp_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_smtp_thread_t); @@ -646,14 +646,14 @@ static unlang_action_t CC_HINT(nonnull) mod_mail(rlm_rcode_t *p_result, module_c /* Make sure all of the essential email components are present and possible*/ if (!smtp_body) { RDEBUG2("Attribute \"smtp-body\" is required for smtp"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (!call_env->sender_address && !inst->envelope_address) { RDEBUG2("At least one of \"sender_address\" or \"envelope_address\" in the config, or \"SMTP-Sender-Address\" in the request is needed"); error: if (randle) smtp_slab_release(randle); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -666,7 +666,7 @@ static unlang_action_t CC_HINT(nonnull) mod_mail(rlm_rcode_t *p_result, module_c smtp_slab_reserve(t->slab_persist); if (!randle) { RDEBUG2("A handle could not be allocated for the request"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* Initialize the uctx to perform the email */ @@ -732,7 +732,7 @@ skip_auth: /* Add the mime endoced elements to the curl request */ FR_CURL_REQUEST_SET_OPTION(CURLOPT_MIMEPOST, mail_ctx->mime); - if (fr_curl_io_request_enqueue(t->mhandle, request, randle)) RETURN_MODULE_INVALID; + if (fr_curl_io_request_enqueue(t->mhandle, request, randle)) RETURN_UNLANG_INVALID; return unlang_module_yield(request, smtp_io_module_resume, smtp_io_module_signal, ~FR_SIGNAL_CANCEL, randle); } @@ -746,7 +746,7 @@ skip_auth: * Then it queues the request and yields until a response is given * When it responds, smtp_io_module_resume is called. */ -static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_smtp_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_smtp_thread_t); rlm_smtp_auth_env_t *env_data = talloc_get_type_abort(mctx->env_data, rlm_smtp_auth_env_t); @@ -754,27 +754,27 @@ static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_res if (!env_data->username_tmpl) { RDEBUG("No 'username' was set for authentication - failing the request"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (!env_data->password_tmpl) { RDEBUG("No 'username' was set for authentication - failing the request"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (env_data->username.type != FR_TYPE_STRING || (env_data->username.vb_length == 0)) { RWARN("\"%s\" is required for authentication", env_data->username_tmpl->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (env_data->password.type != FR_TYPE_STRING || (env_data->password.vb_length == 0)) { RWARN("\"%s\" is required for authentication", env_data->password_tmpl->name); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } randle = smtp_slab_reserve(t->slab_onetime); if (!randle) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } FR_CURL_REQUEST_SET_OPTION(CURLOPT_USERNAME, env_data->username.vb_strvalue); @@ -783,7 +783,7 @@ static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_res if (fr_curl_io_request_enqueue(t->mhandle, request, randle) < 0) { error: smtp_slab_release(randle); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_module_yield(request, smtp_io_module_resume, smtp_io_module_signal, ~FR_SIGNAL_CANCEL, randle); diff --git a/src/modules/rlm_sometimes/rlm_sometimes.c b/src/modules/rlm_sometimes/rlm_sometimes.c index 11a46f74305..d0a6c4ba4f9 100644 --- a/src/modules/rlm_sometimes/rlm_sometimes.c +++ b/src/modules/rlm_sometimes/rlm_sometimes.c @@ -71,7 +71,7 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) /* * A lie! It always returns! */ -static unlang_action_t sometimes_return(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, +static unlang_action_t sometimes_return(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, fr_packet_t *packet, fr_packet_t *reply) { rlm_sometimes_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sometimes_t); @@ -82,12 +82,12 @@ static unlang_action_t sometimes_return(rlm_rcode_t *p_result, module_ctx_t cons /* * Set it to NOOP and the module will always do nothing */ - if (inst->rcode == RLM_MODULE_NOOP) RETURN_MODULE_RCODE(inst->rcode); + if (inst->rcode == RLM_MODULE_NOOP) RETURN_UNLANG_RCODE(inst->rcode); /* * Hash based on the given key. Usually User-Name. */ - if (tmpl_find_vp(&vp, request, inst->key) < 0) RETURN_MODULE_NOOP; + if (tmpl_find_vp(&vp, request, inst->key) < 0) RETURN_UNLANG_NOOP; switch (vp->vp_type) { case FR_TYPE_OCTETS: @@ -96,7 +96,7 @@ static unlang_action_t sometimes_return(rlm_rcode_t *p_result, module_ctx_t cons break; case FR_TYPE_STRUCTURAL: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; default: hash = fr_hash(&vp->data.datum, fr_value_box_field_sizes[vp->vp_type]); @@ -108,7 +108,7 @@ static unlang_action_t sometimes_return(rlm_rcode_t *p_result, module_ctx_t cons value /= (1 << 16); value *= 100; - if (value > inst->percentage) RETURN_MODULE_NOOP; + if (value > inst->percentage) RETURN_UNLANG_NOOP; /* * If we're returning "handled", then set the packet @@ -139,15 +139,15 @@ static unlang_action_t sometimes_return(rlm_rcode_t *p_result, module_ctx_t cons } } - RETURN_MODULE_RCODE(inst->rcode); + RETURN_UNLANG_RCODE(inst->rcode); } -static unlang_action_t CC_HINT(nonnull) mod_sometimes_packet(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_sometimes_packet(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { return sometimes_return(p_result, mctx, request, request->packet, request->reply); } -static unlang_action_t CC_HINT(nonnull) mod_sometimes_reply(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_sometimes_reply(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { return sometimes_return(p_result, mctx, request, request->reply, NULL); } diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c index 5fece5bccaa..aa9ed594cfa 100644 --- a/src/modules/rlm_sql/rlm_sql.c +++ b/src/modules/rlm_sql/rlm_sql.c @@ -1271,7 +1271,7 @@ static int sql_autz_ctx_free(sql_autz_ctx_t *to_free) * @param request Current authorization context. * @return one of the RLM_MODULE_* values. */ -static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(mctx->rctx, sql_autz_ctx_t); sql_autz_call_env_t *call_env = autz_ctx->call_env; @@ -1282,7 +1282,7 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT; fr_pair_t *vp; - switch (*p_result) { + switch (p_result->rcode) { case RLM_MODULE_USER_SECTION_REJECT: return UNLANG_ACTION_CALCULATE_RESULT; @@ -1292,7 +1292,7 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re switch(autz_ctx->status) { case SQL_AUTZ_GROUP_MEMB: - if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; MEM(autz_ctx->group_ctx = talloc(autz_ctx, sql_group_ctx_t)); *autz_ctx->group_ctx = (sql_group_ctx_t) { .inst = inst, @@ -1341,9 +1341,9 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re } if (call_env->group_check_query) { - if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, - call_env->group_check_query, NULL) < 0) RETURN_MODULE_FAIL; + call_env->group_check_query, NULL) < 0) RETURN_UNLANG_FAIL; return UNLANG_ACTION_PUSHED_CHILD; } @@ -1361,7 +1361,7 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re .query = query, }; - if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) { autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_CHECK_RESUME : SQL_AUTZ_PROFILE_CHECK_RESUME; return UNLANG_ACTION_PUSHED_CHILD; @@ -1395,9 +1395,9 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re if (call_env->group_reply_query) { group_reply_push: - if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, - call_env->group_reply_query, NULL) < 0) RETURN_MODULE_FAIL; + call_env->group_reply_query, NULL) < 0) RETURN_UNLANG_FAIL; autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY : SQL_AUTZ_PROFILE_REPLY; return UNLANG_ACTION_PUSHED_CHILD; } @@ -1417,7 +1417,7 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re .expand_rhs = true, }; - if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) { autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY_RESUME : SQL_AUTZ_PROFILE_REPLY_RESUME; return UNLANG_ACTION_PUSHED_CHILD; @@ -1452,7 +1452,7 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) { RPEDEBUG("Failed applying reply item"); REXDENT(); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } REXDENT(); map_list_talloc_free(&autz_ctx->reply_tmp); @@ -1489,9 +1489,9 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re } } - if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND; + if (!autz_ctx->user_found) RETURN_UNLANG_NOTFOUND; - RETURN_MODULE_RCODE(autz_ctx->rcode); + RETURN_UNLANG_RCODE(autz_ctx->rcode); } /** Resume function called after authorization check / reply tmpl expansion @@ -1501,7 +1501,7 @@ static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(rlm_rcode_t *p_re * @param request Current request. * @return one of the RLM_MODULE_* values. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(mctx->rctx, sql_autz_ctx_t); sql_autz_call_env_t *call_env = autz_ctx->call_env; @@ -1513,7 +1513,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_resu /* * If a previous async call returned one of the "failure" results just return. */ - switch (*p_result) { + switch (p_result->rcode) { case RLM_MODULE_USER_SECTION_REJECT: return UNLANG_ACTION_CALCULATE_RESULT; @@ -1531,7 +1531,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_resu .query = query, }; - if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){ autz_ctx->status = SQL_AUTZ_CHECK_RESUME; return UNLANG_ACTION_PUSHED_CHILD; @@ -1558,8 +1558,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_resu if (!call_env->reply_query) goto skip_reply; - if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; - if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; + if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) RETURN_UNLANG_FAIL; autz_ctx->status = SQL_AUTZ_REPLY; return UNLANG_ACTION_PUSHED_CHILD; @@ -1573,7 +1573,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_resu .expand_rhs = true, }; - if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){ autz_ctx->status = SQL_AUTZ_REPLY_RESUME; return UNLANG_ACTION_PUSHED_CHILD; @@ -1598,7 +1598,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_resu if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) { RPEDEBUG("Failed applying item"); REXDENT(); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } REXDENT(); @@ -1620,9 +1620,9 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_resu break; } - if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_MODULE_FAIL; + if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL; if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, - call_env->membership_query, NULL) < 0) RETURN_MODULE_FAIL; + call_env->membership_query, NULL) < 0) RETURN_UNLANG_FAIL; autz_ctx->status = SQL_AUTZ_GROUP_MEMB; return UNLANG_ACTION_PUSHED_CHILD; } @@ -1649,15 +1649,15 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(rlm_rcode_t *p_resu fr_assert_msg(0, "Invalid status %d in mod_authorize_resume", autz_ctx->status); } - if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND; - RETURN_MODULE_RCODE(autz_ctx->rcode); + if (!autz_ctx->user_found) RETURN_UNLANG_NOTFOUND; + RETURN_UNLANG_RCODE(autz_ctx->rcode); } /** Start of module authorize method * * Pushes the tmpl relating to the first required query for evaluation */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t); rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t); @@ -1669,7 +1669,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (!call_env->check_query && !call_env->reply_query && !(inst->config.read_groups && call_env->membership_query)) { RWDEBUG("No authorization checks configured, returning noop"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -1695,7 +1695,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod NULL, 0, autz_ctx) != UNLANG_ACTION_YIELD) { error: talloc_free(autz_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } fr_value_box_list_init(&autz_ctx->query); @@ -1735,7 +1735,7 @@ static int sql_redundant_ctx_free(sql_redundant_ctx_t *to_free) return 0; } -static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request); +static unlang_action_t mod_sql_redundant_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request); /** Resume function called after executing an SQL query in a redundant list of queries. * @@ -1744,7 +1744,7 @@ static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, module_ct * @param request Current request. * @return one of the RLM_MODULE_* values. */ -static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_sql_redundant_query_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(mctx->rctx, sql_redundant_ctx_t); sql_redundant_call_env_t *call_env = redundant_ctx->call_env; @@ -1771,13 +1771,13 @@ static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, mod * so we do not need to call fr_pool_connection_release. */ case RLM_SQL_RECONNECT: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; /* * Query was invalid, this is a terminal error. */ case RLM_SQL_QUERY_INVALID: - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; /* * Driver found an error (like a unique key constraint violation) @@ -1801,11 +1801,11 @@ static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, mod if (numaffected > 0) { if (inst->query_number_da) { fr_pair_t *vp; - if (unlikely(pair_update_control(&vp, inst->query_number_da) < 0)) RETURN_MODULE_FAIL; + if (unlikely(pair_update_control(&vp, inst->query_number_da) < 0)) RETURN_UNLANG_FAIL; vp->vp_uint32 = redundant_ctx->query_no + 1; RDEBUG2("control.%pP", vp); } - RETURN_MODULE_OK; /* A query succeeded, were done! */ + RETURN_UNLANG_OK; /* A query succeeded, were done! */ } next: /* @@ -1813,9 +1813,9 @@ next: */ talloc_free(query_ctx); redundant_ctx->query_no++; - if (redundant_ctx->query_no >= talloc_array_length(call_env->query)) RETURN_MODULE_NOOP; - if (unlang_module_yield(request, mod_sql_redundant_resume, NULL, 0, redundant_ctx) < 0) RETURN_MODULE_FAIL; - if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, call_env->query[redundant_ctx->query_no], NULL) < 0) RETURN_MODULE_FAIL; + if (redundant_ctx->query_no >= talloc_array_length(call_env->query)) RETURN_UNLANG_NOOP; + if (unlang_module_yield(request, mod_sql_redundant_resume, NULL, 0, redundant_ctx) < 0) RETURN_UNLANG_FAIL; + if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, call_env->query[redundant_ctx->query_no], NULL) < 0) RETURN_UNLANG_FAIL; RDEBUG2("Trying next query..."); @@ -1830,14 +1830,14 @@ next: * @param request Current request. * @return one of the RLM_MODULE_* values. */ -static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_sql_redundant_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(mctx->rctx, sql_redundant_ctx_t); sql_redundant_call_env_t *call_env = redundant_ctx->call_env; rlm_sql_t const *inst = redundant_ctx->inst; redundant_ctx->query_vb = fr_value_box_list_pop_head(&redundant_ctx->query); - if (!redundant_ctx->query_vb) RETURN_MODULE_FAIL; + if (!redundant_ctx->query_vb) RETURN_UNLANG_FAIL; if ((call_env->filename.type == FR_TYPE_STRING) && (call_env->filename.vb_length > 0)) { rlm_sql_query_log(inst, call_env->filename.vb_strvalue, redundant_ctx->query_vb->vb_strvalue); @@ -1855,7 +1855,7 @@ static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, module_ct * Used for `accounting` and `send` module calls * */ -static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t); rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t); @@ -1867,7 +1867,7 @@ static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(rlm_rcode_t *p_result, */ if (!call_env->query) { RWARN("No query configured"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } MEM(redundant_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_redundant_ctx_t)); diff --git a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c index 12409230d3c..5a3c481cf94 100644 --- a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c +++ b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c @@ -264,7 +264,7 @@ typedef struct { * Otherwise, optionally populate a reply attribute with the value of `limit` - `counter` and return RLM_MODULE_UPDATED. * If no reply attribute is set, return RLM_MODULE_OK. */ -static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { sqlcounter_rctx_t *rctx = talloc_get_type_abort(mctx->rctx, sqlcounter_rctx_t); rlm_sqlcounter_t *inst = rctx->inst; @@ -303,7 +303,7 @@ static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, module_ctx_t REDEBUG2("Rejecting user, %s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")", inst->limit_attr->name, limit->vp_uint64, counter); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } res = limit->vp_uint64 - counter; @@ -353,28 +353,28 @@ static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, module_ctx_t if (fr_value_box_cmp(&vb, &existing) == 1) { RDEBUG2("Leaving existing %s value of %pV" , env->reply_attr->name, &vp->data); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } } break; case -1: /* alloc failed */ REDEBUG("Error allocating attribute %s", env->reply_attr->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; default: /* request or list unavailable */ RDEBUG2("List or request context not available for %s, skipping...", env->reply_attr->name); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } fr_value_box_cast(vp, &vp->data, vp->data.type, NULL, &vb); RDEBUG2("%pP", vp); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /** Check the value of a `counter` retrieved from an SQL query with a `limit` @@ -383,7 +383,7 @@ static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, module_ctx_t * the query is tokenized as an xlat call to the relevant SQL module and then * pushed on the stack for evaluation. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_sqlcounter_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sqlcounter_t); sqlcounter_call_env_t *env = talloc_get_type_abort(mctx->env_data, sqlcounter_call_env_t); @@ -405,7 +405,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (tmpl_find_vp(&limit, request, inst->limit_attr) < 0) { RWDEBUG2("Couldn't find %s, doing nothing...", inst->limit_attr->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -413,13 +413,13 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod */ if (tmpl_find_or_add_vp(&vp, request, inst->start_attr) < 0) { REDEBUG("Couldn't create %s", inst->start_attr->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } vp->vp_uint64 = fr_time_to_sec(inst->last_reset); if (tmpl_find_or_add_vp(&vp, request, inst->end_attr) < 0) { REDEBUG2("Couldn't create %s", inst->end_attr->name); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } vp->vp_uint64 = fr_time_to_sec(inst->reset_time); @@ -433,7 +433,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, rctx) != UNLANG_ACTION_YIELD) { error: talloc_free(rctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } fr_value_box_list_init(&rctx->result); diff --git a/src/modules/rlm_sqlippool/rlm_sqlippool.c b/src/modules/rlm_sqlippool/rlm_sqlippool.c index fbce05e3b41..e87e6f555f0 100644 --- a/src/modules/rlm_sqlippool/rlm_sqlippool.c +++ b/src/modules/rlm_sqlippool/rlm_sqlippool.c @@ -225,7 +225,7 @@ static int sqlippool_alloc_ctx_free(ippool_alloc_ctx_t *to_free) return 0; } -#define REPEAT_MOD_ALLOC_RESUME if (unlang_module_yield(request, mod_alloc_resume, NULL, 0, mctx->rctx) < 0) RETURN_MODULE_FAIL +#define REPEAT_MOD_ALLOC_RESUME if (unlang_module_yield(request, mod_alloc_resume, NULL, 0, mctx->rctx) < 0) RETURN_UNLANG_FAIL #define SUBMIT_QUERY(_query_str, _new_status, _type, _function) do { \ alloc_ctx->status = _new_status; \ REPEAT_MOD_ALLOC_RESUME; \ @@ -247,7 +247,7 @@ static int sqlippool_alloc_ctx_free(ippool_alloc_ctx_t *to_free) * @param request Current request. * @return One of the UNLANG_ACTION_* values. */ -static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_alloc_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { ippool_alloc_ctx_t *alloc_ctx = talloc_get_type_abort(mctx->rctx, ippool_alloc_ctx_t); ippool_alloc_call_env_t *env = alloc_ctx->env; @@ -260,7 +260,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons /* * If a previous async call returned one of the "failure" results just return. */ - switch (*p_result) { + switch (p_result->rcode) { case RLM_MODULE_USER_SECTION_REJECT: return UNLANG_ACTION_CALCULATE_RESULT; @@ -286,7 +286,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons if (unlang_tmpl_push(alloc_ctx, &alloc_ctx->values, request, env->existing, NULL) < 0) { error: talloc_free(alloc_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return UNLANG_ACTION_PUSHED_CHILD; } @@ -369,7 +369,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons } no_address: RWDEBUG("IP address could not be allocated"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; case IPPOOL_ALLOC_MAKE_PAIR: { @@ -434,7 +434,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons * NOTFOUND */ RWDEBUG("Pool \"%pV\" appears to be full", &env->pool_name); - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; } /* @@ -445,7 +445,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons */ RWDEBUG("IP address could not be allocated as no pool exists with the name \"%pV\"", &env->pool_name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; case IPPOOL_ALLOC_UPDATE: if (query && query->vb_length) SUBMIT_QUERY(query->vb_strvalue, IPPOOL_ALLOC_UPDATE_RUN, SQL_QUERY_OTHER, query); @@ -466,7 +466,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons { rlm_rcode_t rcode = alloc_ctx->rcode; talloc_free(alloc_ctx); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } } @@ -474,7 +474,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons * All return paths are handled within the switch statement. */ fr_assert(0); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /** Initiate the allocation of an IP address from the pool. @@ -487,7 +487,7 @@ static unlang_action_t mod_alloc_resume(rlm_rcode_t *p_result, module_ctx_t cons * @param request Current request. * @return One of the UNLANG_ACTION_* values. */ -static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_alloc(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_sqlippool_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sqlippool_t); ippool_alloc_call_env_t *env = talloc_get_type_abort(mctx->env_data, ippool_alloc_call_env_t); @@ -500,12 +500,12 @@ static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ */ if (env->allocated_address.type) { RDEBUG2("%s already exists (%pV)", env->allocated_address_attr->name, &env->allocated_address); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (env->pool_name.type == FR_TYPE_NULL) { RDEBUG2("No %s defined", env->pool_name_tmpl->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } MEM(alloc_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), ippool_alloc_ctx_t)); @@ -527,7 +527,7 @@ static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ fr_value_box_list_init(&alloc_ctx->values); if (unlikely(unlang_module_yield(request, mod_alloc_resume, NULL, 0, alloc_ctx) != UNLANG_ACTION_YIELD)) { talloc_free(alloc_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if ((env->begin.type == FR_TYPE_STRING) && env->begin.vb_length) { @@ -540,14 +540,14 @@ static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ /** Resume function called after mod_common "update" query has completed */ -static unlang_action_t mod_common_update_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t mod_common_update_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { ippool_common_ctx_t *common_ctx = talloc_get_type_abort(mctx->rctx, ippool_common_ctx_t); fr_sql_query_t *query_ctx = common_ctx->query_ctx; rlm_sql_t const *sql = common_ctx->sql; int affected = 0; - switch (*p_result) { + switch (p_result->rcode) { case RLM_MODULE_USER_SECTION_REJECT: return UNLANG_ACTION_CALCULATE_RESULT; @@ -559,32 +559,32 @@ static unlang_action_t mod_common_update_resume(rlm_rcode_t *p_result, module_ct talloc_free(common_ctx); - if (affected > 0) RETURN_MODULE_UPDATED; - RETURN_MODULE_NOTFOUND; + if (affected > 0) RETURN_UNLANG_UPDATED; + RETURN_UNLANG_NOTFOUND; } /** Resume function called after mod_common "free" query has completed */ -static unlang_action_t mod_common_free_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_common_free_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { ippool_common_ctx_t *common_ctx = talloc_get_type_abort(mctx->rctx, ippool_common_ctx_t); fr_sql_query_t *query_ctx = common_ctx->query_ctx; rlm_sql_t const *sql = common_ctx->sql; - switch (*p_result) { + switch (p_result->rcode) { case RLM_MODULE_USER_SECTION_REJECT: return UNLANG_ACTION_CALCULATE_RESULT; default: break; } - if (common_ctx->env->update.type != FR_TYPE_STRING) RETURN_MODULE_NOOP; + if (common_ctx->env->update.type != FR_TYPE_STRING) RETURN_UNLANG_NOOP; sql->driver->sql_finish_query(query_ctx, &sql->config); if (unlikely(unlang_module_yield(request, mod_common_update_resume, NULL, 0, common_ctx) != UNLANG_ACTION_YIELD)) { talloc_free(common_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } common_ctx->query_ctx->query_str = common_ctx->env->update.vb_strvalue; @@ -598,7 +598,7 @@ static unlang_action_t mod_common_free_resume(rlm_rcode_t *p_result, module_ctx_ * - bulk_release * - mark */ -static unlang_action_t CC_HINT(nonnull) mod_common(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_common(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_sqlippool_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sqlippool_t); ippool_common_call_env_t *env = talloc_get_type_abort(mctx->env_data, ippool_common_call_env_t); @@ -606,7 +606,7 @@ static unlang_action_t CC_HINT(nonnull) mod_common(rlm_rcode_t *p_result, module rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(sql->mi)->data, rlm_sql_thread_t); ippool_common_ctx_t *common_ctx = NULL; - if ((env->free.type != FR_TYPE_STRING) && (env->update.type != FR_TYPE_STRING)) RETURN_MODULE_NOOP; + if ((env->free.type != FR_TYPE_STRING) && (env->update.type != FR_TYPE_STRING)) RETURN_UNLANG_NOOP; MEM(common_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), ippool_common_ctx_t)); *common_ctx = (ippool_common_ctx_t) { @@ -626,7 +626,7 @@ static unlang_action_t CC_HINT(nonnull) mod_common(rlm_rcode_t *p_result, module common_ctx->query_ctx->query_str = env->free.vb_strvalue; if (unlikely(unlang_module_yield(request, mod_common_free_resume, NULL, 0, common_ctx) != UNLANG_ACTION_YIELD)) { talloc_free(common_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_function_push(NULL, request, sql->query, NULL, NULL, 0, UNLANG_SUB_FRAME, common_ctx->query_ctx); } @@ -635,7 +635,7 @@ static unlang_action_t CC_HINT(nonnull) mod_common(rlm_rcode_t *p_result, module if (unlikely(unlang_module_yield(request, mod_common_update_resume, NULL, 0, common_ctx) != UNLANG_ACTION_YIELD)) { talloc_free(common_ctx); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } return unlang_function_push(NULL, request, sql->query, NULL, NULL, 0, UNLANG_SUB_FRAME, common_ctx->query_ctx); } diff --git a/src/modules/rlm_stats/rlm_stats.c b/src/modules/rlm_stats/rlm_stats.c index 26ae2676a71..6df195dd755 100644 --- a/src/modules/rlm_stats/rlm_stats.c +++ b/src/modules/rlm_stats/rlm_stats.c @@ -165,7 +165,7 @@ static void coalesce(uint64_t final_stats[FR_RADIUS_CODE_MAX], rlm_stats_thread_ } -static unlang_action_t CC_HINT(nonnull) mod_stats_inc(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_stats_inc(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_stats_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_stats_t); rlm_stats_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_stats_thread_t); @@ -175,7 +175,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_inc(rlm_rcode_t *p_result, mod if (request->proto_dict != dict_radius) { RWARN("%s can only be called in RADIUS virtual servers", mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } src_code = request->packet->code; @@ -230,7 +230,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_inc(rlm_rcode_t *p_result, mod */ if (fr_time_gt(fr_time_add(t->last_global_update, fr_time_delta_wrap(NSEC)), request->async->recv_time)) { - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } t->last_global_update = request->async->recv_time; @@ -242,13 +242,13 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_inc(rlm_rcode_t *p_result, mod } pthread_mutex_unlock(&inst->mutable->mutex); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } /* * Do the statistics */ -static unlang_action_t CC_HINT(nonnull) mod_stats_read(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_stats_read(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_stats_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_stats_t); rlm_stats_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_stats_thread_t); @@ -262,14 +262,14 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_read(rlm_rcode_t *p_result, mo if (request->proto_dict != dict_radius) { RWARN("%s can only be called in RADIUS virtual servers", mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* * Ignore "authenticate" and anything other than Status-Server */ if ((request->packet->code != FR_RADIUS_CODE_STATUS_SERVER)) { - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_type); @@ -306,7 +306,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_read(rlm_rcode_t *p_result, mo case FR_TYPE_VALUE_CLIENT: /* src */ vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv4_address); if (!vp) vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv6_address); - if (!vp) RETURN_MODULE_NOOP; + if (!vp) RETURN_UNLANG_NOOP; mydata.ipaddr = vp->vp_ip; coalesce(local_stats, t, offsetof(rlm_stats_thread_t, src), &mydata); @@ -315,7 +315,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_read(rlm_rcode_t *p_result, mo case FR_TYPE_VALUE_LISTENER: /* dst */ vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv4_address); if (!vp) vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_freeradius_stats4_ipv6_address); - if (!vp) RETURN_MODULE_NOOP; + if (!vp) RETURN_UNLANG_NOOP; mydata.ipaddr = vp->vp_ip; coalesce(local_stats, t, offsetof(rlm_stats_thread_t, dst), &mydata); @@ -323,7 +323,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_read(rlm_rcode_t *p_result, mo default: REDEBUG("Invalid value '%d' for FreeRADIUS-Stats4-type", stats_type); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (vp ) { @@ -345,7 +345,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats_read(rlm_rcode_t *p_result, mo vp->vp_uint64 = local_stats[i]; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } diff --git a/src/modules/rlm_tacacs/rlm_tacacs.c b/src/modules/rlm_tacacs/rlm_tacacs.c index 0eead8873f4..5263e22e8c8 100644 --- a/src/modules/rlm_tacacs/rlm_tacacs.c +++ b/src/modules/rlm_tacacs/rlm_tacacs.c @@ -21,6 +21,7 @@ * * @copyright 2023 Network RADIUS SAS (legal@networkradius.com) */ +#include "lib/unlang/action.h" RCSID("$Id$") #include @@ -149,23 +150,22 @@ static void mod_tacacs_signal(module_ctx_t const *mctx, request_t *request, fr_s /** Send packets outbound. * */ -static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_tacacs_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_tacacs_t); - rlm_rcode_t rcode; unlang_action_t ua; void *rctx = NULL; if (!FR_TACACS_PACKET_CODE_VALID(request->packet->code)) { REDEBUG("Invalid packet code %d", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if (!inst->allowed[request->packet->code]) { REDEBUG("Packet code %s is disallowed by the configuration", fr_tacacs_packet_names[request->packet->code]); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -175,11 +175,11 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul * return another code which indicates what happened to * the request... */ - ua = inst->io->enqueue(&rcode, &rctx, inst->io_submodule->data, + ua = inst->io->enqueue(p_result, &rctx, inst->io_submodule->data, module_thread(inst->io_submodule)->data, request); if (ua != UNLANG_ACTION_YIELD) { fr_assert(rctx == NULL); - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } return unlang_module_yield(request, inst->io->resume, mod_tacacs_signal, 0, rctx); diff --git a/src/modules/rlm_tacacs/rlm_tacacs.h b/src/modules/rlm_tacacs/rlm_tacacs.h index e28373dc86c..be603cad1d1 100644 --- a/src/modules/rlm_tacacs/rlm_tacacs.h +++ b/src/modules/rlm_tacacs/rlm_tacacs.h @@ -64,7 +64,7 @@ struct rlm_tacacs_s { /** Enqueue a request_t to an IO submodule * */ -typedef unlang_action_t (*rlm_tacacs_io_enqueue_t)(rlm_rcode_t *p_result, void **rctx, void *instance, void *thread, request_t *request); +typedef unlang_action_t (*rlm_tacacs_io_enqueue_t)(unlang_result_t *p_result, void **rctx, void *instance, void *thread, request_t *request); /** Public structure describing an I/O path for an outgoing socket. * diff --git a/src/modules/rlm_tacacs/rlm_tacacs_tcp.c b/src/modules/rlm_tacacs/rlm_tacacs_tcp.c index b04172ad3aa..b76307db3b5 100644 --- a/src/modules/rlm_tacacs/rlm_tacacs_tcp.c +++ b/src/modules/rlm_tacacs/rlm_tacacs_tcp.c @@ -1286,14 +1286,14 @@ static void request_free(UNUSED request_t *request, void *preq_to_free, UNUSED v /** Resume execution of the request, returning the rcode set during trunk execution * */ -static unlang_action_t mod_resume(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t mod_resume(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { udp_result_t *r = talloc_get_type_abort(mctx->rctx, udp_result_t); rlm_rcode_t rcode = r->rcode; talloc_free(r); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } static void mod_signal(module_ctx_t const *mctx, UNUSED request_t *request, fr_signal_t action) @@ -1369,7 +1369,7 @@ static int _udp_result_free(udp_result_t *r) } #endif -static unlang_action_t mod_enqueue(rlm_rcode_t *p_result, void **rctx_out, UNUSED void *instance, void *thread, request_t *request) +static unlang_action_t mod_enqueue(unlang_result_t *p_result, void **rctx_out, UNUSED void *instance, void *thread, request_t *request) { udp_thread_t *t = talloc_get_type_abort(thread, udp_thread_t); udp_result_t *r; @@ -1380,7 +1380,7 @@ static unlang_action_t mod_enqueue(rlm_rcode_t *p_result, void **rctx_out, UNUSE fr_assert(FR_TACACS_PACKET_CODE_VALID(request->packet->code)); treq = trunk_request_alloc(t->trunk, request); - if (!treq) RETURN_MODULE_FAIL; + if (!treq) RETURN_UNLANG_FAIL; MEM(r = talloc_zero(request, udp_result_t)); #ifndef NDEBUG @@ -1403,7 +1403,7 @@ static unlang_action_t mod_enqueue(rlm_rcode_t *p_result, void **rctx_out, UNUSE trunk_request_free(&treq); /* Return to the free list */ fail: talloc_free(r); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* diff --git a/src/modules/rlm_test/rlm_test.c b/src/modules/rlm_test/rlm_test.c index e1ab77060ca..b479a5d3cf3 100644 --- a/src/modules/rlm_test/rlm_test.c +++ b/src/modules/rlm_test/rlm_test.c @@ -198,7 +198,7 @@ fr_dict_attr_autoload_t rlm_test_dict_attr[] = { * from the database. The authentication code only needs to check * the password, the rest is done here. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_test_thread_t *t = mctx->thread; @@ -223,53 +223,53 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod REXDENT(); REDEBUG4("RDEBUG4 error message"); - if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL; + if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Authenticate the user with the given password. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { rlm_test_thread_t *t = mctx->thread; - if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL; + if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Massage the request before recording it or proxying it */ -static unlang_action_t CC_HINT(nonnull) mod_preacct(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_preacct(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { rlm_test_thread_t *t = mctx->thread; - if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL; + if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Write accounting information to this modules database. */ -static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_accounting(unlang_result_t *p_result, module_ctx_t const *mctx, UNUSED request_t *request) { rlm_test_thread_t *t = mctx->thread; - if (!fr_cond_assert(t->value == pthread_self())) RETURN_MODULE_FAIL; + if (!fr_cond_assert(t->value == pthread_self())) RETURN_UNLANG_FAIL; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Write accounting information to this modules database. */ -static unlang_action_t CC_HINT(nonnull) mod_return(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_return(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request) { - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } static void mod_retry_signal(module_ctx_t const *mctx, request_t *request, fr_signal_t action); @@ -277,17 +277,17 @@ static void mod_retry_signal(module_ctx_t const *mctx, request_t *request, fr_si /** Continue after marked runnable * */ -static unlang_action_t mod_retry_resume(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_retry_resume(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { RDEBUG("Test called main retry handler - that's a failure"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /** Continue after FR_SIGNAL_RETRY * */ -static unlang_action_t mod_retry_resume_retry(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_retry_resume_retry(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { RDEBUG("Test retry"); @@ -297,11 +297,11 @@ static unlang_action_t mod_retry_resume_retry(UNUSED rlm_rcode_t *p_result, UNUS /** Continue after FR_SIGNAL_TIMEOUT * */ -static unlang_action_t mod_retry_resume_timeout(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_retry_resume_timeout(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { RDEBUG("Test timed out as expected"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } static void mod_retry_signal(UNUSED module_ctx_t const *mctx, request_t *request, fr_signal_t action) @@ -331,7 +331,7 @@ static void mod_retry_signal(UNUSED module_ctx_t const *mctx, request_t *request /* * Test retries */ -static unlang_action_t CC_HINT(nonnull) mod_retry(UNUSED rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_retry(UNUSED unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { return unlang_module_yield(request, mod_retry_resume, mod_retry_signal, 0, NULL); } diff --git a/src/modules/rlm_totp/rlm_totp.c b/src/modules/rlm_totp/rlm_totp.c index 311f0aadb01..7d9a5fa0432 100644 --- a/src/modules/rlm_totp/rlm_totp.c +++ b/src/modules/rlm_totp/rlm_totp.c @@ -75,7 +75,7 @@ static const conf_parser_t module_config[] = { /* * Do the authentication */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_totp_call_env_t *env_data = talloc_get_type_abort(mctx->env_data, rlm_totp_call_env_t); rlm_totp_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_totp_t); @@ -89,16 +89,16 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, uint8_t buffer[80]; /* multiple of 5*8 characters */ time_t now; - if (fr_type_is_null(user_password->type)) RETURN_MODULE_NOOP; + if (fr_type_is_null(user_password->type)) RETURN_UNLANG_NOOP; if (user_password->vb_length == 0) { RWARN("TOTP.From-User is empty"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } if ((user_password->vb_length != 6) && (user_password->vb_length != 8)) { RWARN("TOTP.From-User has incorrect length. Expected 6 or 8, got %zu", user_password->vb_length); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } /* @@ -111,12 +111,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, } else { ssize_t len; - if (fr_type_is_null(secret->type)) RETURN_MODULE_NOOP; + if (fr_type_is_null(secret->type)) RETURN_UNLANG_NOOP; len = fr_base32_decode(&FR_DBUFF_TMP((uint8_t *) buffer, sizeof(buffer)), &FR_SBUFF_IN(secret->vb_strvalue, secret->vb_length), true, true); if (len < 0) { RERROR("TOTP.Secret cannot be decoded"); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } our_key = buffer; @@ -131,13 +131,13 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, switch (fr_totp_cmp(&inst->totp, request, now, our_key, our_keylen, user_password->vb_strvalue)) { case 0: - RETURN_MODULE_OK; + RETURN_UNLANG_OK; case -2: - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; default: - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } } diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c index 4ccdca7b06a..eacf37d3492 100644 --- a/src/modules/rlm_unix/rlm_unix.c +++ b/src/modules/rlm_unix/rlm_unix.c @@ -205,7 +205,7 @@ static int mod_bootstrap(module_inst_ctx_t const *mctx) * Pull the users password from where-ever, and add it to * the given vp list. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { char const *name; char const *encrypted_pass; @@ -224,13 +224,13 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU * a User-Name attribute. */ username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name); - if (!username) RETURN_MODULE_NOOP; + if (!username) RETURN_UNLANG_NOOP; name = username->vp_strvalue; encrypted_pass = NULL; if ((pwd = getpwnam(name)) == NULL) { - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; } encrypted_pass = pwd->pw_passwd; @@ -246,7 +246,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU */ if ((!encrypted_pass) || (strlen(encrypted_pass) < 10)) { if ((spwd = getspnam(name)) == NULL) { - RETURN_MODULE_NOTFOUND; + RETURN_UNLANG_NOTFOUND; } encrypted_pass = spwd->sp_pwdp; } @@ -258,7 +258,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU */ if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) { REDEBUG("Invalid shell", name); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } #endif @@ -276,7 +276,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU endusershell(); if (!shell) { REDEBUG("[%s]: invalid shell [%s]", name, pwd->pw_shell); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } #endif @@ -287,7 +287,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 && (fr_time_to_sec(request->packet->timestamp) / 86400) > (spwd->sp_lstchg + spwd->sp_max)) { REDEBUG("[%s]: password has expired", name); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } /* * Check if account has expired. @@ -295,7 +295,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU if (spwd && spwd->sp_expire > 0 && (fr_time_to_sec(request->packet->timestamp) / 86400) > spwd->sp_expire) { REDEBUG("[%s]: account has expired", name); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } #endif @@ -306,7 +306,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU if ((pwd->pw_expire > 0) && (fr_time_to_sec(request->packet->timestamp) > pwd->pw_expire)) { REDEBUG("[%s]: password has expired", name); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } #endif @@ -316,12 +316,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU * FIXME: Maybe add Auth-Type := Accept? */ if (encrypted_pass[0] == 0) - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; MEM(pair_update_control(&vp, attr_crypt_password) >= 0); fr_pair_value_strdup(vp, encrypted_pass, false); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } diff --git a/src/modules/rlm_utf8/rlm_utf8.c b/src/modules/rlm_utf8/rlm_utf8.c index 2b4c50b4f7f..a49f8ff9156 100644 --- a/src/modules/rlm_utf8/rlm_utf8.c +++ b/src/modules/rlm_utf8/rlm_utf8.c @@ -29,7 +29,7 @@ RCSID("$Id$") /* * Reject any non-UTF8 data. */ -static unlang_action_t CC_HINT(nonnull) mod_utf8_clean(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_utf8_clean(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { size_t i, len; @@ -38,11 +38,11 @@ static unlang_action_t CC_HINT(nonnull) mod_utf8_clean(rlm_rcode_t *p_result, UN for (i = 0; i < vp->vp_length; i += len) { len = fr_utf8_char(&vp->vp_octets[i], -1); - if (len == 0) RETURN_MODULE_FAIL; + if (len == 0) RETURN_UNLANG_FAIL; } } - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* diff --git a/src/modules/rlm_wimax/rlm_wimax.c b/src/modules/rlm_wimax/rlm_wimax.c index 856d8f7e893..671a4ba63de 100644 --- a/src/modules/rlm_wimax/rlm_wimax.c +++ b/src/modules/rlm_wimax/rlm_wimax.c @@ -116,7 +116,7 @@ fr_dict_attr_autoload_t rlm_wimax_dict_attr[] = { * from the database. The authentication code only needs to check * the password, the rest is done here. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request) { fr_pair_t *vp; @@ -144,16 +144,16 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU } DEBUG2("Fixing WiMAX binary Calling-Station-Id to %pV", &vp->data); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* * Massage the request before recording it or proxying it */ -static unlang_action_t CC_HINT(nonnull) mod_preacct(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_preacct(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { return mod_authorize(p_result, mctx, request); } @@ -161,7 +161,7 @@ static unlang_action_t CC_HINT(nonnull) mod_preacct(rlm_rcode_t *p_result, modul /* * Generate the keys after the user has been authenticated. */ -static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_post_auth(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_wimax_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_wimax_t); fr_pair_t *msk, *emsk, *vp; @@ -178,7 +178,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod emsk = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_eap_emsk); if (!msk || !emsk) { REDEBUG2("No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys"); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* @@ -440,7 +440,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod EVP_MD_CTX_free(hmac_ctx); EVP_PKEY_free(hmac_pkey); - RETURN_MODULE_UPDATED; + RETURN_UNLANG_UPDATED; } /* diff --git a/src/modules/rlm_winbind/rlm_winbind.c b/src/modules/rlm_winbind/rlm_winbind.c index 1a2041472da..f51f36fb382 100644 --- a/src/modules/rlm_winbind/rlm_winbind.c +++ b/src/modules/rlm_winbind/rlm_winbind.c @@ -397,7 +397,7 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) * @param[in] mctx Module instance data. * @param[in] request The current request. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_winbind_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_winbind_t); winbind_autz_call_env_t *env = talloc_get_type_abort(mctx->env_data, winbind_autz_call_env_t); @@ -407,18 +407,18 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (!vp) { REDEBUG2("No %s found in the request; not doing winbind authentication.", tmpl_attr_tail_da(env->password)->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup Winbind authentication", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } - if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP; + if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } @@ -428,7 +428,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * @param[in] mctx Module instance data. * @param[in] request The current request */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { winbind_auth_call_env_t *env = talloc_get_type_abort(mctx->env_data, winbind_auth_call_env_t); rlm_winbind_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_winbind_thread_t); @@ -438,7 +438,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (env->password.vb_length == 0) { REDEBUG("User-Password must not be empty"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } /* @@ -457,10 +457,10 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, */ if (do_auth_wbclient_pap(request, env, t) == 0) { RDEBUG2("User authenticated successfully using winbind"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } static const call_env_method_t winbind_autz_method_env = { diff --git a/src/modules/rlm_yubikey/decrypt.c b/src/modules/rlm_yubikey/decrypt.c index 3fd970ccc54..4c8d5eaa106 100644 --- a/src/modules/rlm_yubikey/decrypt.c +++ b/src/modules/rlm_yubikey/decrypt.c @@ -18,7 +18,7 @@ * @param[in] request The current request. * @param[in] passcode string to decrypt. */ -unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, char const *passcode) +unlang_action_t rlm_yubikey_decrypt(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *passcode) { rlm_yubikey_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_yubikey_t); uint32_t counter, timestamp; @@ -29,12 +29,12 @@ unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, module_ctx_t const *m key = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_yubikey_key); if (!key) { REDEBUG("Yubikey-Key attribute not found in control list, can't decrypt OTP data"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } if (key->vp_length != YUBIKEY_KEY_SIZE) { REDEBUG("Yubikey-Key length incorrect, expected %u got %zu", YUBIKEY_KEY_SIZE, key->vp_length); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } yubikey_parse((uint8_t const *) passcode + inst->id_len, key->vp_octets, &token); @@ -44,7 +44,7 @@ unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, module_ctx_t const *m */ if (!yubikey_crc_ok_p((uint8_t *) &token)) { REDEBUG("Decrypting OTP token data failed, rejecting"); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } RDEBUG2("Token data decrypted successfully"); @@ -91,15 +91,15 @@ unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, module_ctx_t const *m vp = fr_pair_find_by_da_nested(&request->control_pairs, NULL, attr_yubikey_counter); if (!vp) { RWDEBUG("Yubikey-Counter not found in control list, skipping replay attack checks"); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } if (counter <= vp->vp_uint32) { REDEBUG("Replay attack detected! Counter value %u, is lt or eq to last known counter value %u", counter, vp->vp_uint32); - RETURN_MODULE_REJECT; + RETURN_UNLANG_REJECT; } - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } #endif diff --git a/src/modules/rlm_yubikey/rlm_yubikey.c b/src/modules/rlm_yubikey/rlm_yubikey.c index 9de87aacb02..e2111935539 100644 --- a/src/modules/rlm_yubikey/rlm_yubikey.c +++ b/src/modules/rlm_yubikey/rlm_yubikey.c @@ -23,6 +23,8 @@ * @copyright 2013 The FreeRADIUS server project * @copyright 2013 Network RADIUS (legal@networkradius.com) */ +#include "lib/server/rcode.h" +#include "lib/unlang/action.h" RCSID("$Id$") #include @@ -275,7 +277,7 @@ static int CC_HINT(nonnull) otp_string_valid(rlm_yubikey_t const *inst, char con * from the database. The authentication code only needs to check * the password, the rest is done here. */ -static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_yubikey_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_yubikey_t); char const *passcode; @@ -298,7 +300,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod RDEBUG2("No cleartext password in the request. Can't do Yubikey authentication"); } - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } passcode = password->vp_strvalue; @@ -314,7 +316,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (len < (inst->id_len + YUBIKEY_TOKEN_LEN)) { RDEBUG2("User-Password value is not the correct length, expected at least %u bytes, got %zu bytes", inst->id_len + YUBIKEY_TOKEN_LEN, len); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } password_len = (len - (inst->id_len + YUBIKEY_TOKEN_LEN)); @@ -326,7 +328,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod } else { RDEBUG2("User-Password (aes-block) value contains non modhex chars"); } - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } /* May be a concatenation, check the last 32 bytes are modhex */ @@ -368,27 +370,28 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod if (!inst->auth_type) { WARN("No 'authenticate %s {...}' section or 'Auth-Type = %s' set. Cannot setup Yubikey authentication", mctx->mi->name, mctx->mi->name); - RETURN_MODULE_NOOP; + RETURN_UNLANG_NOOP; } - if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_MODULE_NOOP; + if (!module_rlm_section_type_set(request, attr_auth_type, inst->auth_type)) RETURN_UNLANG_NOOP; - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } /* * Authenticate the user with the given password. */ -static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { rlm_yubikey_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_yubikey_t); - rlm_rcode_t rcode = RLM_MODULE_NOOP; char const *passcode = NULL; - fr_pair_t const *vp; + fr_pair_t const *vp; size_t len; int ret; + p_result->rcode = RLM_MODULE_NOOP; + vp = fr_pair_find_by_da_nested(&request->request_pairs, NULL, attr_yubikey_otp); if (!vp) { RDEBUG2("No Yubikey-OTP attribute found, falling back to User-Password"); @@ -398,7 +401,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_password); if (!vp) { REDEBUG("No User-Password in the request. Can't do Yubikey authentication"); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } } @@ -414,7 +417,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (len != (inst->id_len + YUBIKEY_TOKEN_LEN)) { REDEBUG("%s value is not the correct length, expected bytes %u, got bytes %zu", vp->da->name, inst->id_len + YUBIKEY_TOKEN_LEN, len); - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } ret = otp_string_valid(inst, passcode, (inst->id_len + YUBIKEY_TOKEN_LEN)); @@ -424,14 +427,14 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, } else { RERROR("Passcode (aes-block) value contains non modhex chars"); } - RETURN_MODULE_INVALID; + RETURN_UNLANG_INVALID; } #ifdef HAVE_YUBIKEY if (inst->decrypt) { - rlm_yubikey_decrypt(&rcode, mctx, request, passcode); - if (rcode != RLM_MODULE_OK) RETURN_MODULE_RCODE(rcode); + rlm_yubikey_decrypt(p_result, mctx, request, passcode); + if (p_result->rcode != RLM_MODULE_OK) return UNLANG_ACTION_CALCULATE_RESULT; /* Fall-Through to doing ykclient auth in addition to local auth */ } #endif @@ -439,7 +442,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, #ifdef HAVE_YKCLIENT if (inst->validate) return rlm_yubikey_validate(p_result, mctx, request, passcode); #endif - RETURN_MODULE_RCODE(rcode); + return UNLANG_ACTION_CALCULATE_RESULT; } /* diff --git a/src/modules/rlm_yubikey/rlm_yubikey.h b/src/modules/rlm_yubikey/rlm_yubikey.h index 2b4777c8312..935ba1c8698 100644 --- a/src/modules/rlm_yubikey/rlm_yubikey.h +++ b/src/modules/rlm_yubikey/rlm_yubikey.h @@ -58,7 +58,7 @@ typedef struct { /* * decrypt.c - Decryption functions */ -unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, module_ctx_t const *mctx, +unlang_action_t rlm_yubikey_decrypt(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *passcode); /* @@ -68,7 +68,7 @@ int rlm_yubikey_ykclient_init(CONF_SECTION *conf, rlm_yubikey_t *inst); int rlm_yubikey_ykclient_detach(rlm_yubikey_t *inst); -unlang_action_t rlm_yubikey_validate(rlm_rcode_t *p_result, module_ctx_t const *mctx, +unlang_action_t rlm_yubikey_validate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *passcode); extern HIDDEN fr_dict_attr_t const *attr_auth_type; diff --git a/src/modules/rlm_yubikey/validate.c b/src/modules/rlm_yubikey/validate.c index 0f5825c50d0..acb5278c450 100644 --- a/src/modules/rlm_yubikey/validate.c +++ b/src/modules/rlm_yubikey/validate.c @@ -146,7 +146,7 @@ int rlm_yubikey_ykclient_detach(rlm_yubikey_t *inst) return 0; } -unlang_action_t rlm_yubikey_validate(rlm_rcode_t *p_result, module_ctx_t const *mctx, +unlang_action_t rlm_yubikey_validate(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request, char const *passcode) { rlm_yubikey_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_yubikey_t); @@ -155,7 +155,7 @@ unlang_action_t rlm_yubikey_validate(rlm_rcode_t *p_result, module_ctx_t const * ykclient_handle_t *yandle; yandle = fr_pool_connection_get(inst->pool, request); - if (!yandle) RETURN_MODULE_FAIL; + if (!yandle) RETURN_UNLANG_FAIL; /* * The libcurl multi-handle interface will tear down the TCP sockets for any partially completed @@ -193,6 +193,6 @@ unlang_action_t rlm_yubikey_validate(rlm_rcode_t *p_result, module_ctx_t const * fr_pool_connection_release(inst->pool, request, yandle); - RETURN_MODULE_RCODE(rcode); + RETURN_UNLANG_RCODE(rcode); } #endif diff --git a/src/process/arp/base.c b/src/process/arp/base.c index 2f502870736..0a24728fb71 100644 --- a/src/process/arp/base.c +++ b/src/process/arp/base.c @@ -185,7 +185,7 @@ static void arp_packet_debug(request_t *request, fr_packet_t const *packet, fr_p } } -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; @@ -202,7 +202,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } arp_packet_debug(request, request->packet, &request->request_pairs, true); diff --git a/src/process/bfd/base.c b/src/process/bfd/base.c index 2b17a74ac71..e4704d77bb5 100644 --- a/src/process/bfd/base.c +++ b/src/process/bfd/base.c @@ -222,7 +222,7 @@ static fr_process_state_t const process_state_reply[] = { }, }; -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; bfd_wrapper_t const *wrapper; @@ -257,7 +257,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } bfd_packet_debug(request, request->packet, &request->request_pairs, true); diff --git a/src/process/control/base.c b/src/process/control/base.c index eac9c2cae0a..0fed07a1ca2 100644 --- a/src/process/control/base.c +++ b/src/process/control/base.c @@ -44,9 +44,9 @@ fr_dict_attr_autoload_t process_control_dict_attr[] = { { NULL } }; -static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, UNUSED module_ctx_t const *mctx, UNUSED request_t *request) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } extern fr_process_module_t process_control; diff --git a/src/process/dhcpv4/base.c b/src/process/dhcpv4/base.c index 85d5eb5ef3c..3739e70a168 100644 --- a/src/process/dhcpv4/base.c +++ b/src/process/dhcpv4/base.c @@ -426,7 +426,7 @@ static fr_process_state_t const process_state[] = { }, }; -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; @@ -443,7 +443,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } dhcpv4_packet_debug(request, request->packet, &request->request_pairs, true); diff --git a/src/process/dhcpv6/base.c b/src/process/dhcpv6/base.c index 30b06c7ae0e..c4147e70659 100644 --- a/src/process/dhcpv6/base.c +++ b/src/process/dhcpv6/base.c @@ -407,7 +407,7 @@ RECV(for_any_server) PROCESS_TRACE; - if (dhcpv6_client_fields_store(request, rctx, false) < 0) RETURN_MODULE_INVALID; + if (dhcpv6_client_fields_store(request, rctx, false) < 0) RETURN_UNLANG_INVALID; UPDATE_STATE_CS(packet); @@ -441,7 +441,7 @@ RECV(for_this_server) PROCESS_TRACE; - if (dhcpv6_client_fields_store(request, rctx, true) < 0) RETURN_MODULE_INVALID; + if (dhcpv6_client_fields_store(request, rctx, true) < 0) RETURN_UNLANG_INVALID; UPDATE_STATE_CS(packet); @@ -603,7 +603,7 @@ RESUME(send_to_client) */ if (unlikely(restore_field(request, &fields->transaction_id) < 0)) { fail: - *p_result = RLM_MODULE_FAIL; + p_result->rcode = RLM_MODULE_FAIL; return CALL_RESUME(send_generic); } if (unlikely(restore_field_list(request, &fields->client_id) < 0)) goto fail; @@ -666,7 +666,7 @@ RECV(from_relay) process_dhcpv6_relay_fields_t *rctx = NULL; rctx = dhcpv6_relay_fields_store(request); - if (!rctx) RETURN_MODULE_INVALID; + if (!rctx) RETURN_UNLANG_INVALID; UPDATE_STATE_CS(packet); @@ -696,7 +696,7 @@ RESUME(send_to_relay) */ if (unlikely(restore_field(request, &fields->hop_count) < 0)) { fail: - *p_result = RLM_MODULE_FAIL; + p_result->rcode = RLM_MODULE_FAIL; return CALL_RESUME(send_generic); } if (unlikely(restore_field(request, &fields->link_address) < 0)) goto fail; @@ -711,7 +711,7 @@ RESUME(send_to_relay) /** Main dispatch function * */ -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; @@ -728,7 +728,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } dhcpv6_packet_debug(request, request->packet, &request->request_pairs, true); diff --git a/src/process/dns/base.c b/src/process/dns/base.c index e0de9ec10c7..e8127ca619c 100644 --- a/src/process/dns/base.c +++ b/src/process/dns/base.c @@ -364,7 +364,7 @@ RECV(request) PROCESS_TRACE; rctx = dns_fields_store(request); - if (!rctx) RETURN_MODULE_INVALID; + if (!rctx) RETURN_UNLANG_INVALID; return CALL_RECV_RCTX(generic, rctx); } @@ -398,7 +398,7 @@ RESUME(recv_request) dns_rcode_add(&rcode, request, state->dns_rcode[RESULT_RCODE]); #ifdef __clang_analyzer__ - if (!rcode) RETURN_MODULE_FAIL; + if (!rcode) RETURN_UNLANG_FAIL; #endif /* @@ -469,7 +469,7 @@ RESUME(send_response) /** Entry point into the state machine */ -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; @@ -486,7 +486,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } dns_packet_debug(request, request->packet, &request->request_pairs, true); diff --git a/src/process/ldap_sync/base.c b/src/process/ldap_sync/base.c index 079a5c108bd..edf289c8244 100644 --- a/src/process/ldap_sync/base.c +++ b/src/process/ldap_sync/base.c @@ -102,7 +102,7 @@ typedef struct { #include -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; diff --git a/src/process/radius/base.c b/src/process/radius/base.c index 303a3b56928..3861424eaaa 100644 --- a/src/process/radius/base.c +++ b/src/process/radius/base.c @@ -732,12 +732,12 @@ RESUME(accounting_request) // @todo - send canned responses like in v3? RECV(status_server) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } RESUME(status_server) { - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } #endif @@ -779,7 +779,7 @@ RESUME(protocol_error) return CALL_RESUME(send_generic); } -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; @@ -797,7 +797,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } radius_packet_debug(request, request->packet, &request->request_pairs, true); diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c index ab42e9b92e8..b7c4f255767 100644 --- a/src/process/tacacs/base.c +++ b/src/process/tacacs/base.c @@ -1031,7 +1031,7 @@ RESUME(accounting_request) NULL, 0, mctx->rctx); } -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; @@ -1048,7 +1048,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } // @todo - debug stuff! diff --git a/src/process/test/base.c b/src/process/test/base.c index 8b377c0ba32..f1bc54719b4 100644 --- a/src/process/test/base.c +++ b/src/process/test/base.c @@ -87,7 +87,7 @@ static fr_process_state_t const process_state[] = { }, }; -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; diff --git a/src/process/tls/base.c b/src/process/tls/base.c index 76fb0e560c5..88c3e204d80 100644 --- a/src/process/tls/base.c +++ b/src/process/tls/base.c @@ -175,7 +175,7 @@ static fr_process_state_t const process_state[] = { }, }; -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; diff --git a/src/process/ttls/base.c b/src/process/ttls/base.c index f560f759ba4..b4613156948 100644 --- a/src/process/ttls/base.c +++ b/src/process/ttls/base.c @@ -483,7 +483,7 @@ RESUME(protocol_error) return CALL_RESUME(send_generic); } -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; diff --git a/src/process/vmps/base.c b/src/process/vmps/base.c index df870a6c381..937d71ecf8e 100644 --- a/src/process/vmps/base.c +++ b/src/process/vmps/base.c @@ -208,7 +208,7 @@ static void vmps_packet_debug(request_t *request, fr_packet_t const *packet, fr_ } } -static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) +static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) { fr_process_state_t const *state; @@ -225,7 +225,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc if (!state->recv) { REDEBUG("Invalid packet type (%u)", request->packet->code); - RETURN_MODULE_FAIL; + RETURN_UNLANG_FAIL; } vmps_packet_debug(request, request->packet, &request->request_pairs, true); diff --git a/src/tests/util/radius1_test.c b/src/tests/util/radius1_test.c index 8fd3b9be6e0..d258a271a83 100644 --- a/src/tests/util/radius1_test.c +++ b/src/tests/util/radius1_test.c @@ -92,7 +92,7 @@ static NEVER_RETURNS void usage(void) static rlm_rcode_t test_process(UNUSED void const *instance, request_t *request, fr_io_action_t action) { MPRINT1("\t\tPROCESS --- request %"PRIu64" action %d\n", request->number, action); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } diff --git a/src/tests/util/radius_schedule_test.c b/src/tests/util/radius_schedule_test.c index de0c92bfd6c..f4379bc9ae6 100644 --- a/src/tests/util/radius_schedule_test.c +++ b/src/tests/util/radius_schedule_test.c @@ -63,7 +63,7 @@ static fr_test_packet_ctx_t tpc; static rlm_rcode_t test_process(UNUSED void const *instance, request_t *request, fr_io_action_t action) { MPRINT1("\t\tPROCESS --- request %"PRIu64" action %d\n", request->number, action); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } static int test_decode(void const *instance, request_t *request, uint8_t *const data, size_t data_len) diff --git a/src/tests/util/worker_test.c b/src/tests/util/worker_test.c index 3a4c481cc97..633609de8a5 100644 --- a/src/tests/util/worker_test.c +++ b/src/tests/util/worker_test.c @@ -96,7 +96,7 @@ static NEVER_RETURNS void usage(void) static rlm_rcode_t test_process(UNUSED void const *inst, request_t *request, fr_io_action_t action) { MPRINT1("\t\tPROCESS --- request %"PRIu64" action %d\n", request->number, action); - RETURN_MODULE_OK; + RETURN_UNLANG_OK; } static int test_decode(UNUSED void const *instance, request_t *request, uint8_t *const data, size_t data_len)