From: Nick Porter Date: Tue, 29 Oct 2024 14:56:48 +0000 (+0000) Subject: Decode EAP ttls data to nested attributes X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e10903d5f3d35b78eda76fbfd4f7706df59f8c2d;p=thirdparty%2Ffreeradius-server.git Decode EAP ttls data to nested attributes --- diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index 3a1a9405430..e6011028af6 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -141,7 +141,7 @@ static int diameter_verify(request_t *request, uint8_t const *data, unsigned int /* * Convert diameter attributes to our fr_pair_t's */ -static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_dcursor_t *cursor, +static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dict_attr_t const *parent, uint8_t const *data, size_t data_len, void *decode_ctx) @@ -171,7 +171,7 @@ static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_dcur p - data, end - p); error: talloc_free(tmp_ctx); - fr_dcursor_free_list(cursor); + fr_pair_list_free(out); return -1; } @@ -204,8 +204,6 @@ static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_dcur value_len -= 8; /* -= 8 for AVP code (4), flags (1), AVP length (3) */ - MEM(vp = fr_pair_alloc_null(ctx)); - /* * Do we have a vendor field? */ @@ -218,7 +216,6 @@ static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_dcur if (!our_parent) { if (flags & FR_DIAMETER_AVP_FLAG_MANDATORY) { fr_strerror_printf("Mandatory bit set and no vendor %u found", vendor); - talloc_free(vp); goto error; } @@ -239,25 +236,17 @@ static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_dcur * Is the attribute known? */ da = fr_dict_attr_child_by_num(our_parent, attr); - if (da) { - goto reinit; - - } else { + if (!da) { if (flags & FR_DIAMETER_AVP_FLAG_MANDATORY) { fr_strerror_printf("Mandatory bit set and no attribute %u defined for parent %s", attr, parent->name); - talloc_free(vp); goto error; } MEM(da = fr_dict_attr_unknown_raw_afrom_num(vp, our_parent, attr)); - - reinit: - if (fr_pair_reinit_from_da(NULL, vp, da) < 0) { - talloc_free(vp); - goto error; - } } + MEM(vp =fr_pair_afrom_da_nested(ctx, out, da)); + ret = fr_value_box_from_network(vp, &vp->data, vp->vp_type, vp->da, &FR_DBUFF_TMP(p, (size_t)value_len), value_len, true); if (ret < 0) { @@ -267,7 +256,6 @@ static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_dcur */ if (flags & FR_DIAMETER_AVP_FLAG_MANDATORY) { fr_strerror_const("Mandatory bit is set and attribute is malformed"); - talloc_free(vp); goto error; } @@ -280,7 +268,6 @@ static ssize_t eap_ttls_decode_pair(request_t *request, TALLOC_CTX *ctx, fr_dcur * to the nearest 4-byte boundary. */ p += (value_len + 0x03) & ~0x03; - fr_dcursor_append(cursor, vp); if (vp->da->flags.is_unknown) continue; @@ -619,7 +606,6 @@ fr_radius_packet_code_t eap_ttls_process(request_t *request, eap_session_t *eap_ fr_radius_packet_code_t code = FR_RADIUS_CODE_ACCESS_REJECT; rlm_rcode_t rcode; fr_pair_t *vp = NULL; - fr_dcursor_t cursor; ttls_tunnel_t *t; uint8_t const *data; size_t data_len; @@ -664,8 +650,7 @@ fr_radius_packet_code_t eap_ttls_process(request_t *request, eap_session_t *eap_ /* * Add the tunneled attributes to the request request. */ - fr_pair_dcursor_init(&cursor, &request->request_pairs); - if (eap_ttls_decode_pair(request, request->request_ctx, &cursor, fr_dict_root(fr_dict_internal()), + if (eap_ttls_decode_pair(request, request->request_ctx, &request->request_pairs, fr_dict_root(fr_dict_internal()), data, data_len, tls_session->ssl) < 0) { RPEDEBUG("Decoding TTLS TLVs failed"); code = FR_RADIUS_CODE_ACCESS_REJECT;