From: Arran Cudbard-Bell Date: Sat, 29 Jun 2024 03:55:50 +0000 (-0600) Subject: Sync require_message_authenticator field names, it's called three different things... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b8bddb13c1de5ac65ada970df8575d752848e32;p=thirdparty%2Ffreeradius-server.git Sync require_message_authenticator field names, it's called three different things at different places in the server --- diff --git a/share/dictionary/freeradius/dictionary.freeradius.internal b/share/dictionary/freeradius/dictionary.freeradius.internal index ab946c43bb6..59fccb300ac 100644 --- a/share/dictionary/freeradius/dictionary.freeradius.internal +++ b/share/dictionary/freeradius/dictionary.freeradius.internal @@ -540,4 +540,3 @@ VALUE Auth-Type Accept 254 # VALUE Strip-User-Name No 0 VALUE Strip-User-Name Yes 1 - diff --git a/src/coverity-model/merged_model.c b/src/coverity-model/merged_model.c index 83199c7e77b..2657decd844 100644 --- a/src/coverity-model/merged_model.c +++ b/src/coverity-model/merged_model.c @@ -257,7 +257,7 @@ typedef struct { } decode_fail_t; bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, - uint32_t max_attributes, bool require_ma, decode_fail_t *reason) + uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason) { bool result; diff --git a/src/lib/io/master.c b/src/lib/io/master.c index 3e58afb8d99..554ca7a98b3 100644 --- a/src/lib/io/master.c +++ b/src/lib/io/master.c @@ -392,7 +392,7 @@ static fr_client_t *radclient_clone(TALLOC_CTX *ctx, fr_client_t const *parent) DUP_FIELD(server); DUP_FIELD(nas_type); - COPY_FIELD(message_authenticator); + COPY_FIELD(require_message_authenticator); /* dynamic MUST be false */ COPY_FIELD(server_cs); COPY_FIELD(cs); @@ -2459,7 +2459,7 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, fr_time_t request_ti COPY_FIELD(ipaddr); COPY_FIELD(src_ipaddr); - COPY_FIELD(message_authenticator); + COPY_FIELD(require_message_authenticator); COPY_FIELD(use_connected); // @todo - fill in other fields? diff --git a/src/lib/server/client.c b/src/lib/server/client.c index 4ce486975eb..bda94ddfc33 100644 --- a/src/lib/server/client.c +++ b/src/lib/server/client.c @@ -300,7 +300,7 @@ bool client_add(fr_client_list_t *clients, fr_client_t *client) if (namecmp(longname) && namecmp(secret) && namecmp(shortname) && namecmp(nas_type) && namecmp(server) && - (old->message_authenticator == client->message_authenticator)) { + (old->require_message_authenticator == client->require_message_authenticator)) { WARN("Ignoring duplicate client %s", client->longname); client_free(client); return true; @@ -442,7 +442,7 @@ static const conf_parser_t client_config[] = { { FR_CONF_OFFSET("track_connections", fr_client_t, use_connected) }, - { FR_CONF_OFFSET("require_message_authenticator", fr_client_t, message_authenticator) }, + { FR_CONF_OFFSET("require_message_authenticator", fr_client_t, require_message_authenticator) }, { FR_CONF_OFFSET("dedup_authenticator", fr_client_t, dedup_authenticator) }, diff --git a/src/lib/server/client.h b/src/lib/server/client.h index 93618d75b46..b8efb91faf8 100644 --- a/src/lib/server/client.h +++ b/src/lib/server/client.h @@ -72,6 +72,7 @@ typedef int (*client_value_cb_t)(char **out, CONF_PAIR const *cp, void *data); #include #include #include +#include /** Describes a host allowed to send packets to the server * @@ -88,7 +89,8 @@ struct fr_client_s { char const *secret; //!< Secret PSK. - bool message_authenticator; //!< Require RADIUS message authenticator in requests. + bool require_message_authenticator; //!< Require RADIUS message authenticator + ///< for incoming packets. bool dynamic; //!< Whether the client was dynamically defined. bool active; //!< for dynamic clients bool use_connected; //!< do we use connected sockets for this client diff --git a/src/lib/server/process.h b/src/lib/server/process.h index fbc25f14ffc..5dab45a8ae1 100644 --- a/src/lib/server/process.h +++ b/src/lib/server/process.h @@ -90,14 +90,14 @@ typedef struct { size_t section_offset; //!< Where to look in the process instance for ///< a pointer to the section we should execute. rlm_rcode_t rcode; //!< Default rcode - module_method_t resume; //!< Function to call after running a recv section. + module_method_t resume; //!< Function to call after running a recv section. /* * Each state has only one "recv" or "send". */ union { module_method_t recv; //!< Method to call when receiving this type of packet. - module_method_t send; //!< Method to call when sending this type of packet. + module_method_t send; //!< Method to call when sending this type of packet. }; PROCESS_STATE_EXTRA_FIELDS } fr_process_state_t; diff --git a/src/listen/radius/proto_radius.c b/src/listen/radius/proto_radius.c index e985a6a9425..b5fc48cfaf4 100644 --- a/src/listen/radius/proto_radius.c +++ b/src/listen/radius/proto_radius.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "proto_radius.h" extern fr_app_t proto_radius; @@ -164,11 +165,11 @@ static int transport_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM * */ static int mod_decode(UNUSED void const *instance, request_t *request, uint8_t *const data, size_t data_len) { - fr_io_track_t const *track = talloc_get_type_abort_const(request->async->packet_ctx, fr_io_track_t); - fr_io_address_t const *address = track->address; - fr_client_t const *client; - fr_radius_ctx_t common_ctx; - fr_radius_decode_ctx_t decode_ctx; + fr_io_track_t const *track = talloc_get_type_abort_const(request->async->packet_ctx, fr_io_track_t); + fr_io_address_t const *address = track->address; + fr_client_t *client = UNCONST(fr_client_t *, address->radclient); + fr_radius_ctx_t common_ctx; + fr_radius_decode_ctx_t decode_ctx; fr_assert(data[0] < FR_RADIUS_CODE_MAX); @@ -179,20 +180,20 @@ static int mod_decode(UNUSED void const *instance, request_t *request, uint8_t * */ request->dict = dict_radius; - client = address->radclient; - common_ctx = (fr_radius_ctx_t) { .secret = client->secret, .secret_length = talloc_array_length(client->secret) - 1, }; + request->packet->code = data[0]; + decode_ctx = (fr_radius_decode_ctx_t) { .common = &common_ctx, .tmp_ctx = talloc(request, uint8_t), /* decode figures out request_authenticator */ .end = data + data_len, .verify = client->active, - .require_message_authenticator = client->message_authenticator, + .require_message_authenticator = client->require_message_authenticator, }; /* @@ -200,7 +201,6 @@ static int mod_decode(UNUSED void const *instance, request_t *request, uint8_t * * * @todo - That needs to be changed. */ - request->packet->code = data[0]; request->packet->id = data[1]; request->reply->id = data[1]; memcpy(request->packet->vector, data + 4, sizeof(request->packet->vector)); @@ -223,7 +223,7 @@ static int mod_decode(UNUSED void const *instance, request_t *request, uint8_t * /* * Set the rest of the fields. */ - request->client = UNCONST(fr_client_t *, client); + request->client = client; request->packet->socket = address->socket; fr_socket_addr_swap(&request->reply->socket, &address->socket); diff --git a/src/modules/rlm_radius/rlm_radius.h b/src/modules/rlm_radius/rlm_radius.h index a39e4d58a0c..669ed978d74 100644 --- a/src/modules/rlm_radius/rlm_radius.h +++ b/src/modules/rlm_radius/rlm_radius.h @@ -60,7 +60,7 @@ struct rlm_radius_s { uint32_t *types; //!< array of allowed packet types uint32_t status_check; //!< code of status-check type map_list_t status_check_map; //!< attributes for the status-server checks - uint32_t num_answers_to_alive; //!< How many status check responses we need to + uint32_t num_answers_to_alive; //!< How many status check responses we need to ///< mark the connection as alive. bool allowed[FR_RADIUS_CODE_MAX]; diff --git a/src/modules/rlm_radius/rlm_radius_udp.c b/src/modules/rlm_radius/rlm_radius_udp.c index 089ef1bf8cb..c2b07b1f5cd 100644 --- a/src/modules/rlm_radius/rlm_radius_udp.c +++ b/src/modules/rlm_radius/rlm_radius_udp.c @@ -152,7 +152,7 @@ struct udp_request_s { uint32_t num_replies; //!< number of reply packets, sent is in retry.count bool synchronous; //!< cached from inst->parent->synchronous - bool require_ma; //!< saved from the original packet. + bool require_message_authenticator; //!< saved from the original packet. bool can_retransmit; //!< can we retransmit this packet? bool status_check; //!< is this packet a status check? @@ -1196,7 +1196,7 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_ { ssize_t packet_len; uint8_t *msg = NULL; - int message_authenticator = u->require_ma * (RADIUS_MESSAGE_AUTHENTICATOR_LENGTH + 2); + int message_authenticator = u->require_message_authenticator * (RADIUS_MESSAGE_AUTHENTICATOR_LENGTH + 2); int proxy_state = 6; fr_assert(inst->parent->allowed[u->code]); @@ -2712,7 +2712,7 @@ static unlang_action_t mod_enqueue(rlm_rcode_t *p_result, void **rctx_out, void * @todo - don't edit the input packet! */ if (fr_pair_find_by_da(&request->request_pairs, NULL, attr_message_authenticator)) { - u->require_ma = true; + u->require_message_authenticator = true; pair_delete_request(attr_message_authenticator); } diff --git a/src/process/radius/base.c b/src/process/radius/base.c index 6877a4af30b..981e4e3a304 100644 --- a/src/process/radius/base.c +++ b/src/process/radius/base.c @@ -804,7 +804,7 @@ static xlat_action_t xlat_func_radius_secret_verify(TALLOC_CTX *ctx, fr_dcursor_ { fr_value_box_t *secret, *vb; int ret; - bool require_ma = false; + bool require_message_authenticator = false; XLAT_ARGS(args, &secret); @@ -817,9 +817,9 @@ static xlat_action_t xlat_func_radius_secret_verify(TALLOC_CTX *ctx, fr_dcursor_ * All the other packet types are signed using the * authenticator field. */ - if (request->packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) require_ma = true; + if (request->packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) require_message_authenticator = true; - ret = fr_radius_verify(request->packet->data, NULL, secret->vb_octets, secret->vb_length, require_ma); + ret = fr_radius_verify(request->packet->data, NULL, secret->vb_octets, secret->vb_length, require_message_authenticator); switch (ret) { case 0: vb->vb_bool = true; diff --git a/src/protocols/radius/base.c b/src/protocols/radius/base.c index c1cdc15ed9e..9bb99b939ad 100644 --- a/src/protocols/radius/base.c +++ b/src/protocols/radius/base.c @@ -81,13 +81,13 @@ fr_dict_attr_autoload_t libfreeradius_radius_dict_attr[] = { #define FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf_push fr_table_num_sorted_t const fr_radius_request_name_table[] = { - { L("acct"), FR_RADIUS_CODE_ACCOUNTING_REQUEST }, - { L("auth"), FR_RADIUS_CODE_ACCESS_REQUEST }, - { L("auto"), FR_RADIUS_CODE_UNDEFINED }, - { L("challenge"), FR_RADIUS_CODE_ACCESS_CHALLENGE }, - { L("coa"), FR_RADIUS_CODE_COA_REQUEST }, + { L("acct"), FR_RADIUS_CODE_ACCOUNTING_REQUEST }, + { L("auth"), FR_RADIUS_CODE_ACCESS_REQUEST }, + { L("auto"), FR_RADIUS_CODE_UNDEFINED }, + { L("challenge"), FR_RADIUS_CODE_ACCESS_CHALLENGE }, + { L("coa"), FR_RADIUS_CODE_COA_REQUEST }, { L("disconnect"), FR_RADIUS_CODE_DISCONNECT_REQUEST }, - { L("status"), FR_RADIUS_CODE_STATUS_SERVER } + { L("status"), FR_RADIUS_CODE_STATUS_SERVER } }; size_t fr_radius_request_name_table_len = NUM_ELEMENTS(fr_radius_request_name_table); @@ -448,14 +448,14 @@ int fr_radius_sign(uint8_t *packet, uint8_t const *vector, * @param[in] packet to check. * @param[in,out] packet_len_p The size of the packet data. * @param[in] max_attributes to allow in the packet. - * @param[in] require_ma whether we require Message-Authenticator. + * @param[in] require_message_authenticator whether we require Message-Authenticator. * @param[in] reason if not NULL, will have the failure reason written to where it points. * @return * - True on success. * - False on failure. */ bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, - uint32_t max_attributes, bool require_ma, decode_fail_t *reason) + uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason) { uint8_t const *attr, *end; size_t totallen; @@ -501,7 +501,7 @@ bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, * Message-Authenticator is required in Status-Server * packets, otherwise they can be trivially forged. */ - if (packet[0] == FR_RADIUS_CODE_STATUS_SERVER) require_ma = true; + if (packet[0] == FR_RADIUS_CODE_STATUS_SERVER) require_message_authenticator = true; /* * Repeat the length checks. This time, instead of @@ -631,7 +631,7 @@ bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, * a Message-Authenticator. */ case FR_EAP_MESSAGE: - require_ma = true; + require_message_authenticator = true; break; case FR_MESSAGE_AUTHENTICATOR: @@ -684,7 +684,7 @@ bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, * Similarly, Status-Server packets MUST contain * Message-Authenticator attributes. */ - if (require_ma && !seen_ma) { + if (require_message_authenticator && !seen_ma) { FR_DEBUG_STRERROR_PRINTF("we require Message-Authenticator attribute, but it is not in the packet"); failure = DECODE_FAIL_MA_MISSING; goto finish; @@ -705,11 +705,11 @@ finish: * comparing the signature in the packet with the one we calculated. * If they differ, there's a problem. * - * @param[in] packet the raw RADIUS packet (request or response) - * @param[in] vector the original packet vector - * @param[in] secret the shared secret - * @param[in] secret_len the length of the secret - * @param[in] require_ma whether we require Message-Authenticator. + * @param[in] packet the raw RADIUS packet (request or response) + * @param[in] vector the original packet vector + * @param[in] secret the shared secret + * @param[in] secret_len the length of the secret + * @param[in] require_message_authenticator whether we require Message-Authenticator. * @return * - -2 if the message authenticator or request authenticator was invalid. * - -1 if we were unable to verify the shared secret, or the packet @@ -717,15 +717,15 @@ finish: * - 0 on success. */ int fr_radius_verify(uint8_t *packet, uint8_t const *vector, - uint8_t const *secret, size_t secret_len, bool require_ma) + uint8_t const *secret, size_t secret_len, bool require_message_authenticator) { - bool found_ma; - int rcode; - int code; - uint8_t *msg, *end; - size_t packet_len = fr_nbo_to_uint16(packet + 2); - uint8_t request_authenticator[RADIUS_AUTH_VECTOR_LENGTH]; - uint8_t message_authenticator[RADIUS_AUTH_VECTOR_LENGTH]; + bool found_message_authenticator; + int rcode; + int code; + uint8_t *msg, *end; + size_t packet_len = fr_nbo_to_uint16(packet + 2); + uint8_t request_authenticator[RADIUS_AUTH_VECTOR_LENGTH]; + uint8_t message_authenticator[RADIUS_AUTH_VECTOR_LENGTH]; if (packet_len < RADIUS_HEADER_LENGTH) { fr_strerror_printf("invalid packet length %zd", packet_len); @@ -747,7 +747,7 @@ int fr_radius_verify(uint8_t *packet, uint8_t const *vector, */ msg = packet + RADIUS_HEADER_LENGTH; end = packet + packet_len; - found_ma = false; + found_message_authenticator = false; while (msg < end) { if ((end - msg) < 2) goto invalid_attribute; @@ -773,12 +773,12 @@ int fr_radius_verify(uint8_t *packet, uint8_t const *vector, * Found it, save a copy. */ memcpy(message_authenticator, msg + 2, sizeof(message_authenticator)); - found_ma = true; + found_message_authenticator = true; break; } if ((packet[0] == FR_RADIUS_CODE_ACCESS_REQUEST) && - require_ma && !found_ma) { + require_message_authenticator && !found_message_authenticator) { fr_strerror_const("Access-Request is missing the required Message-Authenticator attribute"); return -1; } diff --git a/src/protocols/radius/bio.h b/src/protocols/radius/bio.h index d900b9cb747..5cbc587a0f4 100644 --- a/src/protocols/radius/bio.h +++ b/src/protocols/radius/bio.h @@ -44,4 +44,3 @@ typedef struct { fr_bio_verify_action_t fr_radius_bio_verify(fr_bio_t *bio, UNUSED void *packet_ctx, const void *data, size_t *size); fr_bio_verify_action_t fr_radius_bio_verify_datagram(fr_bio_t *bio, UNUSED void *packet_ctx, const void *data, size_t *size); - diff --git a/src/protocols/radius/client.c b/src/protocols/radius/client.c index 97dcd694d0b..573ebc70c05 100644 --- a/src/protocols/radius/client.c +++ b/src/protocols/radius/client.c @@ -124,7 +124,7 @@ fr_radius_client_fd_bio_t *fr_radius_client_fd_bio_alloc(TALLOC_CTX *ctx, size_t if (!my->retry) goto fail; my->retry->uctx = my; - + my->info.retry_info = fr_bio_retry_info(my->retry); fr_assert(my->info.retry_info != NULL); @@ -467,7 +467,7 @@ static bool radius_client_retry_response(fr_bio_t *bio, fr_bio_retry_entry_t **r * same as our previous reply: ignore it. */ if (memcmp(buffer, id_ctx->response->data, RADIUS_HEADER_LENGTH) != 0) return false; - + /* * Tell the caller that it's a duplicate reply. */ diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c index cb75f7569be..e8c26f7ab80 100644 --- a/src/protocols/radius/encode.c +++ b/src/protocols/radius/encode.c @@ -38,8 +38,8 @@ static ssize_t encode_value(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx); static ssize_t encode_child(fr_dbuff_t *dbuff, - fr_da_stack_t *da_stack, unsigned int depth, - fr_dcursor_t *cursor, void *encode_ctx); + fr_da_stack_t *da_stack, unsigned int depth, + fr_dcursor_t *cursor, void *encode_ctx); /** "encrypt" a password RADIUS style * diff --git a/src/protocols/radius/list.c b/src/protocols/radius/list.c index 88f29cf4609..ab15108eea3 100644 --- a/src/protocols/radius/list.c +++ b/src/protocols/radius/list.c @@ -669,7 +669,7 @@ int fr_packet_list_fd_set(fr_packet_list_t *pl, fd_set *set) * FIXME: Add socket.fd, if -1, do round-robin, else do socket.fd * IF in fdset. */ -fr_packet_t *fr_packet_list_recv(fr_packet_list_t *pl, fd_set *set, uint32_t max_attributes, bool require_ma) +fr_packet_t *fr_packet_list_recv(fr_packet_list_t *pl, fd_set *set, uint32_t max_attributes, bool require_message_authenticator) { int start; fr_packet_t *packet; @@ -689,7 +689,7 @@ fr_packet_t *fr_packet_list_recv(fr_packet_list_t *pl, fd_set *set, uint32_t max packet = fr_tcp_recv(pl->sockets[start].socket.fd, false); } else packet = fr_packet_recv(NULL, pl->sockets[start].socket.fd, UDP_FLAGS_NONE, - max_attributes, require_ma); + max_attributes, require_message_authenticator); if (!packet) continue; /* diff --git a/src/protocols/radius/list.h b/src/protocols/radius/list.h index e7640d9aaa5..1049161248f 100644 --- a/src/protocols/radius/list.h +++ b/src/protocols/radius/list.h @@ -55,7 +55,7 @@ bool fr_packet_list_socket_del(fr_packet_list_t *pl, int sockfd); bool fr_packet_list_socket_freeze(fr_packet_list_t *pl, int sockfd); bool fr_packet_list_socket_thaw(fr_packet_list_t *pl, int sockfd); int fr_packet_list_fd_set(fr_packet_list_t *pl, fd_set *set); -fr_packet_t *fr_packet_list_recv(fr_packet_list_t *pl, fd_set *set, uint32_t max_attributes, bool require_ma); +fr_packet_t *fr_packet_list_recv(fr_packet_list_t *pl, fd_set *set, uint32_t max_attributes, bool require_message_authenticator); uint32_t fr_packet_list_num_incoming(fr_packet_list_t *pl); uint32_t fr_packet_list_num_outgoing(fr_packet_list_t *pl); diff --git a/src/protocols/radius/packet.c b/src/protocols/radius/packet.c index 5cd515f8260..0060e033ceb 100644 --- a/src/protocols/radius/packet.c +++ b/src/protocols/radius/packet.c @@ -106,17 +106,17 @@ ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list, * * @param[in] packet to check. * @param[in] max_attributes to decode. - * @param[in] require_ma to require Message-Authenticator. + * @param[in] require_message_authenticator to require Message-Authenticator. * @param[out] reason if not NULL, will have the failure reason written to where it points. * @return * - True on success. * - False on failure. */ -bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_ma, decode_fail_t *reason) +bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason) { char host_ipaddr[INET6_ADDRSTRLEN]; - if (!fr_radius_ok(packet->data, &packet->data_len, max_attributes, require_ma, reason)) { + if (!fr_radius_ok(packet->data, &packet->data_len, max_attributes, require_message_authenticator, reason)) { FR_DEBUG_STRERROR_PRINTF("Bad packet received from host %s", inet_ntop(packet->socket.inet.src_ipaddr.af, &packet->socket.inet.src_ipaddr.addr, host_ipaddr, sizeof(host_ipaddr))); @@ -208,7 +208,7 @@ static ssize_t rad_recvfrom(int sockfd, fr_packet_t *packet, int flags) /** Receive UDP client requests, and fill in the basics of a fr_packet_t structure * */ -fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_ma) +fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator) { ssize_t data_len; fr_packet_t *packet; @@ -271,7 +271,7 @@ fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_att /* * See if it's a well-formed RADIUS packet. */ - if (!fr_packet_ok(packet, max_attributes, require_ma, NULL)) { + if (!fr_packet_ok(packet, max_attributes, require_message_authenticator, NULL)) { fr_packet_free(&packet); return NULL; } diff --git a/src/protocols/radius/radius.h b/src/protocols/radius/radius.h index bead5d6cf7b..21d0a406d5c 100644 --- a/src/protocols/radius/radius.h +++ b/src/protocols/radius/radius.h @@ -160,9 +160,9 @@ int fr_radius_allow_reply(int code, bool allowed[static FR_RADIUS_CODE_MAX]); int fr_radius_sign(uint8_t *packet, uint8_t const *vector, uint8_t const *secret, size_t secret_len) CC_HINT(nonnull (1,3)); int fr_radius_verify(uint8_t *packet, uint8_t const *vector, - uint8_t const *secret, size_t secret_len, bool require_ma) CC_HINT(nonnull (1,3)); + uint8_t const *secret, size_t secret_len, bool require_message_authenticator) CC_HINT(nonnull (1,3)); bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p, - uint32_t max_attributes, bool require_ma, decode_fail_t *reason) CC_HINT(nonnull (1,2)); + uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason) CC_HINT(nonnull (1,2)); ssize_t fr_radius_ascend_secret(fr_dbuff_t *dbuff, uint8_t const *in, size_t inlen, char const *secret, uint8_t const *vector); @@ -194,7 +194,7 @@ ssize_t fr_packet_encode(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret) CC_HINT(nonnull (1,2,4)); -bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_ma, +bool fr_packet_ok(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator, decode_fail_t *reason) CC_HINT(nonnull (1)); int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, @@ -202,7 +202,7 @@ int fr_packet_verify(fr_packet_t *packet, fr_packet_t *original, int fr_packet_sign(fr_packet_t *packet, fr_packet_t const *original, char const *secret) CC_HINT(nonnull (1,3)); -fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_ma); +fr_packet_t *fr_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_message_authenticator); int fr_packet_send(fr_packet_t *packet, fr_pair_list_t *list, fr_packet_t const *original, char const *secret) CC_HINT(nonnull (1,2,4)); diff --git a/src/protocols/radius/tcp.c b/src/protocols/radius/tcp.c index 5a4f0eddf25..c8ca250f513 100644 --- a/src/protocols/radius/tcp.c +++ b/src/protocols/radius/tcp.c @@ -57,7 +57,7 @@ fr_packet_t *fr_tcp_recv(int sockfd, int flags) * Calling this function MAY change sockfd, * if src_ipaddr.af == AF_UNSPEC. */ -int fr_tcp_read_packet(fr_packet_t *packet, uint32_t max_attributes, bool require_ma) +int fr_tcp_read_packet(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator) { ssize_t len; @@ -141,7 +141,7 @@ int fr_tcp_read_packet(fr_packet_t *packet, uint32_t max_attributes, bool requir /* * See if it's a well-formed RADIUS packet. */ - if (!fr_packet_ok(packet, max_attributes, require_ma, NULL)) { + if (!fr_packet_ok(packet, max_attributes, require_message_authenticator, NULL)) { return -1; } diff --git a/src/protocols/radius/tcp.h b/src/protocols/radius/tcp.h index 7e7ab6d7540..797a59b55b1 100644 --- a/src/protocols/radius/tcp.h +++ b/src/protocols/radius/tcp.h @@ -25,5 +25,5 @@ */ RCSIDH(tcp_h, "$Id$") -int fr_tcp_read_packet(fr_packet_t *packet, uint32_t max_attributes, bool require_ma); +int fr_tcp_read_packet(fr_packet_t *packet, uint32_t max_attributes, bool require_message_authenticator); fr_packet_t *fr_tcp_recv(int sockfd, int flags);