]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
Fixup RADIUS enums/macros and radius_process type names
authorArran Cudbard-Bell <a.cudbardb@freeradius.org>
Sun, 21 Mar 2021 15:57:38 +0000 (15:57 +0000)
committerArran Cudbard-Bell <a.cudbardb@freeradius.org>
Wed, 31 Mar 2021 15:07:00 +0000 (16:07 +0100)
43 files changed:
src/bin/collectd.c
src/bin/radclient.c
src/bin/radclient.h
src/bin/radsniff.c
src/bin/radsniff.h
src/lib/eap/chbind.c
src/lib/eap/chbind.h
src/lib/eap/compose.c
src/lib/server/auth.c
src/lib/server/process.h
src/lib/server/request.c
src/lib/server/stats.c
src/listen/radius/proto_radius.c
src/listen/radius/proto_radius.h
src/listen/radius/proto_radius_load.c
src/listen/radius/proto_radius_tcp.c
src/listen/radius/proto_radius_udp.c
src/listen/vmps/proto_vmps.c
src/modules/rlm_eap/rlm_eap.c
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.h
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c
src/modules/rlm_eap/types/rlm_eap_peap/peap.c
src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h
src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
src/modules/rlm_radius/rlm_radius.c
src/modules/rlm_radius/rlm_radius.h
src/modules/rlm_radius/rlm_radius_udp.c
src/modules/rlm_securid/rlm_securid.c
src/modules/rlm_sometimes/rlm_sometimes.c
src/modules/rlm_stats/rlm_stats.c
src/modules/rlm_yubikey/rlm_yubikey.c
src/process/radius/base.c
src/protocols/radius/base.c
src/protocols/radius/defs.h
src/protocols/radius/encode.c
src/protocols/radius/packet.c
src/protocols/radius/radius.h
src/protocols/vmps/vmps.h
src/tests/util/radius1_test.c
src/tests/util/radius_schedule_test.c

index adc0c6f6448a670c537a4f8deddaf49270dd62b0..b38f9d13279d11b6f69a1f09628f7174654ef652 100644 (file)
@@ -237,7 +237,7 @@ error:
  *
  */
 rs_stats_tmpl_t *rs_stats_collectd_init_latency(TALLOC_CTX *ctx, rs_stats_tmpl_t **out, rs_t *conf,
-                                               char const *type, rs_latency_t *stats, FR_CODE code)
+                                               char const *type, rs_latency_t *stats, fr_radius_packet_code_t code)
 {
        rs_stats_tmpl_t **tmpl, *last;
        char *p;
index 91b09b169920ed62dd73734820d64d5f7b7c28c7..3f552e604d2e6821e6391b1643b9926490b39111 100644 (file)
@@ -59,7 +59,7 @@ static bool do_output = true;
 static rc_stats_t stats;
 
 static uint16_t server_port = 0;
-static int packet_code = FR_CODE_UNDEFINED;
+static int packet_code = FR_RADIUS_CODE_UNDEFINED;
 static fr_ipaddr_t server_ipaddr;
 static int resend_count = 1;
 static bool done = true;
@@ -241,31 +241,31 @@ static int getport(char const *name)
 /*
  *     Set a port from the request type if we don't already have one
  */
-static void radclient_get_port(FR_CODE type, uint16_t *port)
+static void radclient_get_port(fr_radius_packet_code_t type, uint16_t *port)
 {
        switch (type) {
        default:
-       case FR_CODE_ACCESS_REQUEST:
-       case FR_CODE_ACCESS_CHALLENGE:
-       case FR_CODE_STATUS_SERVER:
+       case FR_RADIUS_CODE_ACCESS_REQUEST:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_STATUS_SERVER:
                if (*port == 0) *port = getport("radius");
                if (*port == 0) *port = FR_AUTH_UDP_PORT;
                return;
 
-       case FR_CODE_ACCOUNTING_REQUEST:
+       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
                if (*port == 0) *port = getport("radacct");
                if (*port == 0) *port = FR_ACCT_UDP_PORT;
                return;
 
-       case FR_CODE_DISCONNECT_REQUEST:
+       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
                if (*port == 0) *port = FR_POD_UDP_PORT;
                return;
 
-       case FR_CODE_COA_REQUEST:
+       case FR_RADIUS_CODE_COA_REQUEST:
                if (*port == 0) *port = FR_COA_UDP_PORT;
                return;
 
-       case FR_CODE_UNDEFINED:
+       case FR_RADIUS_CODE_UNDEFINED:
                if (*port == 0) *port = 0;
                return;
        }
@@ -274,24 +274,24 @@ static void radclient_get_port(FR_CODE type, uint16_t *port)
 /*
  *     Resolve a port to a request type
  */
-static FR_CODE radclient_get_code(uint16_t port)
+static fr_radius_packet_code_t radclient_get_code(uint16_t port)
 {
        /*
         *      getport returns 0 if the service doesn't exist
         *      so we need to return early, to avoid incorrect
         *      codes.
         */
-       if (port == 0) return FR_CODE_UNDEFINED;
+       if (port == 0) return FR_RADIUS_CODE_UNDEFINED;
 
        if ((port == getport("radius")) || (port == FR_AUTH_UDP_PORT) || (port == FR_AUTH_UDP_PORT_ALT)) {
-               return FR_CODE_ACCESS_REQUEST;
+               return FR_RADIUS_CODE_ACCESS_REQUEST;
        }
        if ((port == getport("radacct")) || (port == FR_ACCT_UDP_PORT) || (port == FR_ACCT_UDP_PORT_ALT)) {
-               return FR_CODE_ACCOUNTING_REQUEST;
+               return FR_RADIUS_CODE_ACCOUNTING_REQUEST;
        }
-       if (port == FR_COA_UDP_PORT) return FR_CODE_COA_REQUEST;
+       if (port == FR_COA_UDP_PORT) return FR_RADIUS_CODE_COA_REQUEST;
 
-       return FR_CODE_UNDEFINED;
+       return FR_RADIUS_CODE_UNDEFINED;
 }
 
 
@@ -550,7 +550,7 @@ static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
                /*
                 *      Use the default set on the command line
                 */
-               if (request->packet->code == FR_CODE_UNDEFINED) request->packet->code = packet_code;
+               if (request->packet->code == FR_RADIUS_CODE_UNDEFINED) request->packet->code = packet_code;
 
                /*
                 *      Default to the filename
@@ -561,41 +561,41 @@ static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
                 *      Automatically set the response code from the request code
                 *      (if one wasn't already set).
                 */
-               if (request->filter_code == FR_CODE_UNDEFINED) {
+               if (request->filter_code == FR_RADIUS_CODE_UNDEFINED) {
                        switch (request->packet->code) {
-                       case FR_CODE_ACCESS_REQUEST:
-                               request->filter_code = FR_CODE_ACCESS_ACCEPT;
+                       case FR_RADIUS_CODE_ACCESS_REQUEST:
+                               request->filter_code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                                break;
 
-                       case FR_CODE_ACCOUNTING_REQUEST:
-                               request->filter_code = FR_CODE_ACCOUNTING_RESPONSE;
+                       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+                               request->filter_code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
                                break;
 
-                       case FR_CODE_COA_REQUEST:
-                               request->filter_code = FR_CODE_COA_ACK;
+                       case FR_RADIUS_CODE_COA_REQUEST:
+                               request->filter_code = FR_RADIUS_CODE_COA_ACK;
                                break;
 
-                       case FR_CODE_DISCONNECT_REQUEST:
-                               request->filter_code = FR_CODE_DISCONNECT_ACK;
+                       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+                               request->filter_code = FR_RADIUS_CODE_DISCONNECT_ACK;
                                break;
 
-                       case FR_CODE_STATUS_SERVER:
+                       case FR_RADIUS_CODE_STATUS_SERVER:
                                switch (radclient_get_code(request->packet->socket.inet.dst_port)) {
-                               case FR_CODE_ACCESS_REQUEST:
-                                       request->filter_code = FR_CODE_ACCESS_ACCEPT;
+                               case FR_RADIUS_CODE_ACCESS_REQUEST:
+                                       request->filter_code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                                        break;
 
-                               case FR_CODE_ACCOUNTING_REQUEST:
-                                       request->filter_code = FR_CODE_ACCOUNTING_RESPONSE;
+                               case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+                                       request->filter_code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
                                        break;
 
                                default:
-                                       request->filter_code = FR_CODE_UNDEFINED;
+                                       request->filter_code = FR_RADIUS_CODE_UNDEFINED;
                                        break;
                                }
                                break;
 
-                       case FR_CODE_UNDEFINED:
+                       case FR_RADIUS_CODE_UNDEFINED:
                                REDEBUG("Packet-Type must be defined,"
                                        "or a well known RADIUS port");
                                goto error;
@@ -609,25 +609,25 @@ static int radclient_init(TALLOC_CTX *ctx, rc_file_pair_t *files)
                 *      Automatically set the request code from the response code
                 *      (if one wasn't already set).
                 */
-               } else if (request->packet->code == FR_CODE_UNDEFINED) {
+               } else if (request->packet->code == FR_RADIUS_CODE_UNDEFINED) {
                        switch (request->filter_code) {
-                       case FR_CODE_ACCESS_ACCEPT:
-                       case FR_CODE_ACCESS_REJECT:
-                               request->packet->code = FR_CODE_ACCESS_REQUEST;
+                       case FR_RADIUS_CODE_ACCESS_ACCEPT:
+                       case FR_RADIUS_CODE_ACCESS_REJECT:
+                               request->packet->code = FR_RADIUS_CODE_ACCESS_REQUEST;
                                break;
 
-                       case FR_CODE_ACCOUNTING_RESPONSE:
-                               request->packet->code = FR_CODE_ACCOUNTING_REQUEST;
+                       case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+                               request->packet->code = FR_RADIUS_CODE_ACCOUNTING_REQUEST;
                                break;
 
-                       case FR_CODE_DISCONNECT_ACK:
-                       case FR_CODE_DISCONNECT_NAK:
-                               request->packet->code = FR_CODE_DISCONNECT_REQUEST;
+                       case FR_RADIUS_CODE_DISCONNECT_ACK:
+                       case FR_RADIUS_CODE_DISCONNECT_NAK:
+                               request->packet->code = FR_RADIUS_CODE_DISCONNECT_REQUEST;
                                break;
 
-                       case FR_CODE_COA_ACK:
-                       case FR_CODE_COA_NAK:
-                               request->packet->code = FR_CODE_COA_REQUEST;
+                       case FR_RADIUS_CODE_COA_ACK:
+                       case FR_RADIUS_CODE_COA_NAK:
+                               request->packet->code = FR_RADIUS_CODE_COA_REQUEST;
                                break;
 
                        default:
@@ -1050,14 +1050,14 @@ static int recv_one_packet(fr_time_t wait_time)
         *      Increment counters...
         */
        switch (request->reply->code) {
-       case FR_CODE_ACCESS_ACCEPT:
-       case FR_CODE_ACCOUNTING_RESPONSE:
-       case FR_CODE_COA_ACK:
-       case FR_CODE_DISCONNECT_ACK:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+       case FR_RADIUS_CODE_COA_ACK:
+       case FR_RADIUS_CODE_DISCONNECT_ACK:
                stats.accepted++;
                break;
 
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                break;
 
        default:
@@ -1070,7 +1070,7 @@ static int recv_one_packet(fr_time_t wait_time)
         *      If we had an expected response code, check to see if the
         *      packet matched that.
         */
-       if ((request->filter_code != FR_CODE_UNDEFINED) && (request->reply->code != request->filter_code)) {
+       if ((request->filter_code != FR_RADIUS_CODE_UNDEFINED) && (request->reply->code != request->filter_code)) {
                if (is_radius_code(request->reply->code)) {
                        REDEBUG("%s: Expected %s got %s", request->name, fr_packet_codes[request->filter_code],
                                fr_packet_codes[request->reply->code]);
@@ -1391,7 +1391,7 @@ int main(int argc, char **argv)
                /*
                 *      Work backwards from the port to determine the packet type
                 */
-               if (packet_code == FR_CODE_UNDEFINED) packet_code = radclient_get_code(server_port);
+               if (packet_code == FR_RADIUS_CODE_UNDEFINED) packet_code = radclient_get_code(server_port);
        }
        radclient_get_port(packet_code, &server_port);
 
index 44ccc57fd24cc25b57f2acd5322ef78c00dfbee4..45f3f967e7c1711acd0702dcb61e7a562965c1ce 100644 (file)
@@ -85,7 +85,7 @@ struct rc_request {
        fr_pair_list_t          reply_list;
 
        fr_pair_list_t          filter;         //!< If the reply passes the filter, then the request passes.
-       FR_CODE                 filter_code;    //!< Expected code of the response packet.
+       fr_radius_packet_code_t filter_code;    //!< Expected code of the response packet.
 
        int                     resend;
        int                     tries;
index e2f4c70b74c044f65d4da36a56bea1643a5e04e6..a07fcd38ceedc7e206f924c24abd7e351acc8d46 100644 (file)
@@ -62,20 +62,20 @@ typedef int (*rbcmp)(void const *, void const *);
 static char const *radsniff_version = RADIUSD_VERSION_STRING_BUILD("radsniff");
 
 static int rs_useful_codes[] = {
-       FR_CODE_ACCESS_REQUEST,                 //!< RFC2865 - Authentication request
-       FR_CODE_ACCESS_ACCEPT,                  //!< RFC2865 - Access-Accept
-       FR_CODE_ACCESS_REJECT,                  //!< RFC2865 - Access-Reject
-       FR_CODE_ACCOUNTING_REQUEST,             //!< RFC2866 - Accounting-Request
-       FR_CODE_ACCOUNTING_RESPONSE,            //!< RFC2866 - Accounting-Response
-       FR_CODE_ACCESS_CHALLENGE,               //!< RFC2865 - Access-Challenge
-       FR_CODE_STATUS_SERVER,                  //!< RFC2865/RFC5997 - Status Server (request)
-       FR_CODE_STATUS_CLIENT,                  //!< RFC2865/RFC5997 - Status Server (response)
-       FR_CODE_DISCONNECT_REQUEST,             //!< RFC3575/RFC5176 - Disconnect-Request
-       FR_CODE_DISCONNECT_ACK,                 //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
-       FR_CODE_DISCONNECT_NAK,                 //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
-       FR_CODE_COA_REQUEST,                    //!< RFC3575/RFC5176 - CoA-Request
-       FR_CODE_COA_ACK,                        //!< RFC3575/RFC5176 - CoA-Ack (positive)
-       FR_CODE_COA_NAK,                        //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
+       FR_RADIUS_CODE_ACCESS_REQUEST,                  //!< RFC2865 - Authentication request
+       FR_RADIUS_CODE_ACCESS_ACCEPT,                   //!< RFC2865 - Access-Accept
+       FR_RADIUS_CODE_ACCESS_REJECT,                   //!< RFC2865 - Access-Reject
+       FR_RADIUS_CODE_ACCOUNTING_REQUEST,              //!< RFC2866 - Accounting-Request
+       FR_RADIUS_CODE_ACCOUNTING_RESPONSE,             //!< RFC2866 - Accounting-Response
+       FR_RADIUS_CODE_ACCESS_CHALLENGE,                //!< RFC2865 - Access-Challenge
+       FR_RADIUS_CODE_STATUS_SERVER,                   //!< RFC2865/RFC5997 - Status Server (request)
+       FR_RADIUS_CODE_STATUS_CLIENT,                   //!< RFC2865/RFC5997 - Status Server (response)
+       FR_RADIUS_CODE_DISCONNECT_REQUEST,              //!< RFC3575/RFC5176 - Disconnect-Request
+       FR_RADIUS_CODE_DISCONNECT_ACK,                  //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
+       FR_RADIUS_CODE_DISCONNECT_NAK,                  //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
+       FR_RADIUS_CODE_COA_REQUEST,                     //!< RFC3575/RFC5176 - CoA-Request
+       FR_RADIUS_CODE_COA_ACK,                 //!< RFC3575/RFC5176 - CoA-Ack (positive)
+       FR_RADIUS_CODE_COA_NAK,                 //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
 };
 
 static fr_table_num_sorted_t const rs_events[] = {
@@ -578,7 +578,7 @@ static void rs_stats_process_counters(rs_latency_t *stats)
        }
 }
 
-static void rs_stats_print_code_fancy(rs_latency_t *stats, FR_CODE code)
+static void rs_stats_print_code_fancy(rs_latency_t *stats, fr_radius_packet_code_t code)
 {
        int i;
        bool have_rt = false;
@@ -1378,15 +1378,15 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt
        }
 
        switch (packet->code) {
-       case FR_CODE_ACCOUNTING_RESPONSE:
-       case FR_CODE_ACCESS_REJECT:
-       case FR_CODE_ACCESS_ACCEPT:
-       case FR_CODE_ACCESS_CHALLENGE:
-       case FR_CODE_COA_NAK:
-       case FR_CODE_COA_ACK:
-       case FR_CODE_DISCONNECT_NAK:
-       case FR_CODE_DISCONNECT_ACK:
-       case FR_CODE_STATUS_CLIENT:
+       case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_COA_NAK:
+       case FR_RADIUS_CODE_COA_ACK:
+       case FR_RADIUS_CODE_DISCONNECT_NAK:
+       case FR_RADIUS_CODE_DISCONNECT_ACK:
+       case FR_RADIUS_CODE_STATUS_CLIENT:
        {
                /* look for a matching request and use it for decoding */
                search.expect = packet;
@@ -1512,11 +1512,11 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt
                break;
        }
 
-       case FR_CODE_ACCOUNTING_REQUEST:
-       case FR_CODE_ACCESS_REQUEST:
-       case FR_CODE_COA_REQUEST:
-       case FR_CODE_DISCONNECT_REQUEST:
-       case FR_CODE_STATUS_SERVER:
+       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+       case FR_RADIUS_CODE_ACCESS_REQUEST:
+       case FR_RADIUS_CODE_COA_REQUEST:
+       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+       case FR_RADIUS_CODE_STATUS_SERVER:
        {
                /*
                 *      Verify this code is allowed
@@ -1532,9 +1532,9 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt
 
                if (conf->verify_radius_authenticator) {
                        switch (packet->code) {
-                       case FR_CODE_ACCOUNTING_REQUEST:
-                       case FR_CODE_COA_REQUEST:
-                       case FR_CODE_DISCONNECT_REQUEST:
+                       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+                       case FR_RADIUS_CODE_COA_REQUEST:
+                       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
                        {
                                int ret;
                                FILE *log_fp = fr_log_fp;
@@ -1783,7 +1783,7 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt
                 *      CoA and Disconnect Messages, as we get the average latency across both
                 *      response types.
                 *
-                *      It also justifies allocating FR_CODE_RADIUS_MAX instances of rs_latency_t.
+                *      It also justifies allocating FR_RADIUS_CODE_MAXinstances of rs_latency_t.
                 */
                rs_stats_update_latency(&stats->exchange[packet->code], &latency);
                rs_stats_update_latency(&stats->exchange[original->expect->code], &latency);
index b53db01e5283afa1739d2782ef10a3bcd8871a1e..aeba308320948cf6c254e7af4f8b19a30faabbc1 100644 (file)
@@ -95,7 +95,7 @@ typedef struct rs_stats_value_tmpl rs_stats_value_tmpl_t;
 #endif
 
 typedef struct {
-       uint64_t type[FR_CODE_RADIUS_MAX + 1];
+       uint64_t type[FR_RADIUS_CODE_MAX+ 1];
 } rs_counters_t;
 
 typedef struct CC_HINT(__packed__) {
@@ -163,7 +163,7 @@ typedef struct {
 typedef struct {
        int                     intervals;              //!< Number of stats intervals.
 
-       rs_latency_t            exchange[FR_CODE_RADIUS_MAX + 1];  //!< We end up allocating ~16K, but memory is cheap so
+       rs_latency_t            exchange[FR_RADIUS_CODE_MAX+ 1];  //!< We end up allocating ~16K, but memory is cheap so
                                                        //!< what the hell.  This is required because instances of
                                                        //!< FreeRADIUS delay Access-Rejects, which would artificially
                                                        //!< increase latency stats for Access-Requests.
@@ -294,8 +294,8 @@ struct rs {
 
        fr_pair_list_t          filter_request_vps;     //!< Sorted filter vps.
        fr_pair_list_t          filter_response_vps;    //!< Sorted filter vps.
-       FR_CODE                 filter_request_code;    //!< Filter request packets by code.
-       FR_CODE                 filter_response_code;   //!< Filter response packets by code.
+       fr_radius_packet_code_t                 filter_request_code;    //!< Filter request packets by code.
+       fr_radius_packet_code_t                 filter_response_code;   //!< Filter response packets by code.
 
        rs_status_t             event_flags;            //!< Events we log and capture on.
        rs_packet_logger_t      logger;                 //!< Packet logger
@@ -350,7 +350,7 @@ struct rs_stats_tmpl
  *     collectd.c - Registration and processing functions
  */
 rs_stats_tmpl_t *rs_stats_collectd_init_latency(TALLOC_CTX *ctx, rs_stats_tmpl_t **out, rs_t *conf,
-                                               char const *type, rs_latency_t *stats, FR_CODE code);
+                                               char const *type, rs_latency_t *stats, fr_radius_packet_code_t code);
 void rs_stats_collectd_do_stats(rs_t *conf, rs_stats_tmpl_t *tmpls, struct timeval *now);
 int rs_stats_collectd_open(rs_t *conf);
 int rs_stats_collectd_close(rs_t *conf);
index 708a6e560eb4947d9b329033f6adab0c7908d07e..6d489cbf302531d7cc7274fc24793e0968a80b98 100644 (file)
@@ -168,9 +168,9 @@ static size_t chbind_get_data(chbind_packet_t const *packet,
 }
 
 
-FR_CODE chbind_process(request_t *request, CHBIND_REQ *chbind)
+fr_radius_packet_code_t chbind_process(request_t *request, CHBIND_REQ *chbind)
 {
-       FR_CODE         code;
+       fr_radius_packet_code_t         code;
        rlm_rcode_t     rcode;
        request_t       *fake = NULL;
        uint8_t const   *attr_data;
@@ -223,7 +223,7 @@ FR_CODE chbind_process(request_t *request, CHBIND_REQ *chbind)
                                talloc_free(packet_ctx.tmp_ctx);
                                talloc_free(packet_ctx.tags);
 
-                               return FR_CODE_ACCESS_ACCEPT;
+                               return FR_RADIUS_CODE_ACCESS_ACCEPT;
                        }
                        attr_data += attr_len;
                        data_len -= attr_len;
@@ -239,7 +239,7 @@ FR_CODE chbind_process(request_t *request, CHBIND_REQ *chbind)
         *      bindings, this is hard-coded for now.
         */
        fake->server_cs = virtual_server_find("channel_bindings");
-       fake->packet->code = FR_CODE_ACCESS_REQUEST;
+       fake->packet->code = FR_RADIUS_CODE_ACCESS_REQUEST;
 
        rad_virtual_server(&rcode, fake);
        switch (rcode) {
@@ -247,14 +247,14 @@ FR_CODE chbind_process(request_t *request, CHBIND_REQ *chbind)
        case RLM_MODULE_OK:
        case RLM_MODULE_HANDLED:
                if (chbind_build_response(fake, chbind)) {
-                       code = FR_CODE_ACCESS_ACCEPT;
+                       code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                        break;
                }
                FALL_THROUGH;
 
                /* If we got any other response from the virtual server, it maps to a reject */
        default:
-               code = FR_CODE_ACCESS_REJECT;
+               code = FR_RADIUS_CODE_ACCESS_REJECT;
                break;
        }
 
index e1a958c19571deb6d34c6aedf78a0dad0ed4c435..484a2f4687926e8b05e5232f937dcb7251242edd 100644 (file)
@@ -57,7 +57,7 @@ typedef struct {
 #define CHBIND_CODE_FAILURE             3
 
 /* Channel binding function prototypes */
-FR_CODE chbind_process(request_t *request, CHBIND_REQ *chbind_req);
+fr_radius_packet_code_t chbind_process(request_t *request, CHBIND_REQ *chbind_req);
 
 fr_pair_t *eap_chbind_packet2vp(TALLOC_CTX *ctx, chbind_packet_t *chbind);
 chbind_packet_t *eap_chbind_vp2packet(TALLOC_CTX *ctx, fr_pair_list_t *vps);
index 5bda31422510604cbc575745ac05095bac9df5db..f5497aae55e3d142e8d6412a26bc21354c1a1d8f 100644 (file)
@@ -251,22 +251,22 @@ rlm_rcode_t eap_compose(eap_session_t *eap_session)
        rcode = RLM_MODULE_OK;
        if (!request->reply->code) switch (reply->code) {
        case FR_EAP_CODE_RESPONSE:
-               request->reply->code = FR_CODE_ACCESS_ACCEPT;
+               request->reply->code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                rcode = RLM_MODULE_HANDLED;
                break;
 
        case FR_EAP_CODE_SUCCESS:
-               request->reply->code = FR_CODE_ACCESS_ACCEPT;
+               request->reply->code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                rcode = RLM_MODULE_OK;
                break;
 
        case FR_EAP_CODE_FAILURE:
-               request->reply->code = FR_CODE_ACCESS_REJECT;
+               request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT;
                rcode = RLM_MODULE_REJECT;
                break;
 
        case FR_EAP_CODE_REQUEST:
-               request->reply->code = FR_CODE_ACCESS_CHALLENGE;
+               request->reply->code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                rcode = RLM_MODULE_HANDLED;
                break;
 
@@ -280,7 +280,7 @@ rlm_rcode_t eap_compose(eap_session_t *eap_session)
 
                /* Should never enter here */
                REDEBUG("Reply code %d is unknown, rejecting the request", reply->code);
-               request->reply->code = FR_CODE_ACCESS_REJECT;
+               request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT;
                reply->code = FR_EAP_CODE_FAILURE;
                rcode = RLM_MODULE_REJECT;
                break;
index 8d5c138d581304dcd09da98776d8e242641906d8..e61534197ca0aba0fd0afb01d0b5d7fb1e2af454 100644 (file)
@@ -169,11 +169,11 @@ runit:
        fr_cond_assert(final == RLM_MODULE_OK);
 
        if (!request->reply->code ||
-           (request->reply->code == FR_CODE_ACCESS_REJECT)) {
+           (request->reply->code == FR_RADIUS_CODE_ACCESS_REJECT)) {
                RETURN_MODULE_REJECT;
        }
 
-       if (request->reply->code == FR_CODE_ACCESS_CHALLENGE) {
+       if (request->reply->code == FR_RADIUS_CODE_ACCESS_CHALLENGE) {
                RETURN_MODULE_HANDLED;
        }
 
index 9e3503ee968b98b2f95820d78f67c1eec93c556f..c0e252a20193b42522b94087e8ce35f2bed9132f 100644 (file)
@@ -43,6 +43,12 @@ typedef struct fr_process_module_s {
        fr_dict_t const                 **dict;                 //!< pointer to local fr_dict_t *
 } fr_process_module_t;
 
+#ifndef NDEBUG
+#  define PROCESS_TRACE        RDEBUG3("Entered state %s", __FUNCTION__)
+#else
+#  define PROCESS_TRACE
+#endif
+
 #ifdef __cplusplus
 }
 #endif
index cc4f909d3901fbf446a305b37e13169c0dbb63e4..eecbb4dfe123312be1a694529b36284008269f9d 100644 (file)
@@ -656,7 +656,7 @@ void request_verify(char const *file, int line, request_t const *request)
                 *      @todo - a multi-protocol server shouldn't have
                 *      hard-coded RADIUS.
                 */
-               if ((request->packet->code == FR_CODE_ACCESS_REQUEST) &&
+               if ((request->packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) &&
                    (request->reply && !request->reply->code)) {
                        fr_assert(request->session_state_ctx != NULL);
                }
index 240c93ea2761e1493aa405e7e6f08f186d8cc884..8a55b0f6cea8e6d1804184cb1033c11d6606c867 100644 (file)
@@ -61,7 +61,7 @@ void request_stats_final(request_t *request)
            (request->listener->type != RAD_LISTEN_AUTH)) return;
 #endif
        /* don't count statistic requests */
-       if (request->packet->code == FR_CODE_STATUS_SERVER)
+       if (request->packet->code == FR_RADIUS_CODE_STATUS_SERVER)
                return;
 
 #undef INC_AUTH
@@ -78,8 +78,8 @@ void request_stats_final(request_t *request)
         *      deleted, because only the main server thread calls
         *      this function, which makes it thread-safe.
         */
-       if (request->reply && (request->packet->code != FR_CODE_STATUS_SERVER)) switch (request->reply->code) {
-       case FR_CODE_ACCESS_ACCEPT:
+       if (request->reply && (request->packet->code != FR_RADIUS_CODE_STATUS_SERVER)) switch (request->reply->code) {
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
                INC_AUTH(total_access_accepts);
 
                auth_stats:
@@ -96,15 +96,15 @@ void request_stats_final(request_t *request)
                              request->reply->timestamp);
                break;
 
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                INC_AUTH(total_access_rejects);
                goto auth_stats;
 
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                INC_AUTH(total_access_challenges);
                goto auth_stats;
 
-       case FR_CODE_ACCOUNTING_RESPONSE:
+       case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
                INC_ACCT(total_responses);
                fr_stats_bins(&radius_acct_stats,
                              request->packet->timestamp,
@@ -117,7 +117,7 @@ void request_stats_final(request_t *request)
                 */
        case 0:
                switch (request->packet->code) {
-               case FR_CODE_ACCESS_REQUEST:
+               case FR_RADIUS_CODE_ACCESS_REQUEST:
                        if (request->reply->id == -1) {
                                INC_AUTH(total_bad_authenticators);
                        } else {
@@ -126,7 +126,7 @@ void request_stats_final(request_t *request)
                        break;
 
 
-               case FR_CODE_ACCOUNTING_REQUEST:
+               case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
                        if (request->reply->id == -1) {
                                INC_ACCT(total_bad_authenticators);
                        } else {
index 0d1c5e6438d96124d67f989c6ada1464fe7e84e4..321bcfc89083d931d8d7ea7018478d8fab73fe10 100644 (file)
@@ -54,15 +54,15 @@ static CONF_PARSER const limit_config[] = {
 };
 
 static const CONF_PARSER priority_config[] = {
-       { FR_CONF_OFFSET("Access-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_ACCESS_REQUEST]),
+       { FR_CONF_OFFSET("Access-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_ACCESS_REQUEST]),
          .func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "high" },
-       { FR_CONF_OFFSET("Accounting-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_ACCOUNTING_REQUEST]),
+       { FR_CONF_OFFSET("Accounting-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_ACCOUNTING_REQUEST]),
          .func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "low" },
-       { FR_CONF_OFFSET("CoA-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_COA_REQUEST]),
+       { FR_CONF_OFFSET("CoA-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_COA_REQUEST]),
          .func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "normal" },
-       { FR_CONF_OFFSET("Disconnect-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_DISCONNECT_REQUEST]),
+       { FR_CONF_OFFSET("Disconnect-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_DISCONNECT_REQUEST]),
          .func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "low" },
-       { FR_CONF_OFFSET("Status-Server", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_STATUS_SERVER]),
+       { FR_CONF_OFFSET("Status-Server", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_STATUS_SERVER]),
          .func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "now" },
 
        CONF_PARSER_TERMINATOR
@@ -132,7 +132,7 @@ static int type_parse(UNUSED TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM
        value = cf_pair_value(cp);
 
        dv = fr_dict_enum_by_name(attr_packet_type, value, -1);
-       if (!dv || (dv->value->vb_uint32 >= FR_RADIUS_MAX_PACKET_CODE)) {
+       if (!dv || (dv->value->vb_uint32 >= FR_RADIUS_CODE_MAX)) {
                cf_log_err(ci, "Unknown RADIUS packet type '%s'", value);
                return -1;
        }
@@ -197,7 +197,7 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d
        RADCLIENT const         *client;
        fr_dcursor_t            cursor;
 
-       fr_assert(data[0] < FR_RADIUS_MAX_PACKET_CODE);
+       fr_assert(data[0] < FR_RADIUS_CODE_MAX);
 
        /*
         *      Set the request dictionary so that we can do
@@ -315,8 +315,8 @@ static ssize_t mod_encode(void const *instance, request_t *request, uint8_t *buf
         *      Process layer NAK, or "Do not respond".
         */
        if ((buffer_len == 1) ||
-           (request->reply->code == FR_CODE_DO_NOT_RESPOND) ||
-           (request->reply->code == 0) || (request->reply->code >= FR_RADIUS_MAX_PACKET_CODE)) {
+           (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) ||
+           (request->reply->code == 0) || (request->reply->code >= FR_RADIUS_CODE_MAX)) {
                track->do_not_respond = true;
                return 1;
        }
@@ -336,7 +336,7 @@ static ssize_t mod_encode(void const *instance, request_t *request, uint8_t *buf
                 *      We don't accept the new client, so don't do
                 *      anything.
                 */
-               if (request->reply->code != FR_CODE_ACCESS_ACCEPT) {
+               if (request->reply->code != FR_RADIUS_CODE_ACCESS_ACCEPT) {
                        *buffer = true;
                        return 1;
                }
@@ -417,7 +417,7 @@ static int mod_priority_set(void const *instance, uint8_t const *buffer, UNUSED
        proto_radius_t const *inst = talloc_get_type_abort_const(instance, proto_radius_t);
 
        fr_assert(buffer[0] > 0);
-       fr_assert(buffer[0] < FR_RADIUS_MAX_PACKET_CODE);
+       fr_assert(buffer[0] < FR_RADIUS_CODE_MAX);
 
        /*
         *      Disallowed packet
@@ -542,7 +542,7 @@ static int mod_bootstrap(void *instance, CONF_SECTION *conf)
        /*
         *      No Access-Request packets, then no cleanup delay.
         */
-       if (!inst->allowed[FR_CODE_ACCESS_REQUEST]) {
+       if (!inst->allowed[FR_RADIUS_CODE_ACCESS_REQUEST]) {
                inst->io.cleanup_delay = 0;
        }
 #endif
index 90cbb1e2f2fb53e28a6ef50652602ba725c048f3..d48ca8f44a5389405dd3434b8ed858801326f068 100644 (file)
@@ -37,9 +37,9 @@ typedef struct {
 
        bool                            tunnel_password_zeros;          //!< check for trailing zeroes in Tunnel-Password.
 
-       uint32_t                        priorities[FR_RADIUS_MAX_PACKET_CODE];  //!< priorities for individual packets
+       uint32_t                        priorities[FR_RADIUS_CODE_MAX]; //!< priorities for individual packets
 
        char                            **allowed_types;                //!< names for for 'type = ...'
-       bool                            allowed[FR_RADIUS_MAX_PACKET_CODE];
+       bool                            allowed[FR_RADIUS_CODE_MAX];
 } proto_radius_t;
 
index a869fa403be9941b3ed0cd24f69e5fcf2089ae79..b0adc0ff53e3f82f7d5be530c96efa9348717312 100644 (file)
@@ -375,7 +375,7 @@ static int mod_instantiate(void *instance, CONF_SECTION *cs)
        fr_pair_t               *vp;
        fr_pair_list_t          vps;
        ssize_t                 packet_len;
-       int                     code = FR_CODE_ACCESS_REQUEST;
+       int                     code = FR_RADIUS_CODE_ACCESS_REQUEST;
 
        fr_pair_list_init(&vps);
        inst->client = client = talloc_zero(inst, RADCLIENT);
index 4d27a9c8dd64259e8c982533ad78715322eea962..f36193797f8de3eb3f6dfe9118b2e5d659a009e8 100644 (file)
@@ -135,7 +135,7 @@ static ssize_t mod_read(fr_listen_t *li, UNUSED void **packet_ctx, fr_time_t *re
        /*
         *      We MUST always start with a known RADIUS packet.
         */
-       if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_MAX_PACKET_CODE)) {
+       if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_CODE_MAX)) {
                DEBUG("proto_radius_tcp got invalid packet code %d", buffer[0]);
                thread->stats.total_unknown_types++;
                return -1;
@@ -253,7 +253,7 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, UNUSED fr_time_t req
         *      connection-level negotiation data, but only the first
         *      time the packet is being written.
         */
-       if ((written == 0) && (track->packet[0] == FR_CODE_STATUS_SERVER)) {
+       if ((written == 0) && (track->packet[0] == FR_RADIUS_CODE_STATUS_SERVER)) {
 //             status_check_reply(inst, buffer, buffer_len);
        }
 
index 033d6569c7f5ab7b50c82fbd00feb08d487212b6..bd648f45b7d8097f8b612d33643e7338e5ac239b 100644 (file)
@@ -159,7 +159,7 @@ static ssize_t mod_read(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time
                return 0;
        }
 
-       if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_MAX_PACKET_CODE)) {
+       if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_CODE_MAX)) {
                DEBUG("proto_radius_udp got invalid packet code %d", buffer[0]);
                thread->stats.total_unknown_types++;
                return 0;
@@ -261,7 +261,7 @@ static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, UNUSED fr_time_t req
         *      Root through the reply to determine any
         *      connection-level negotiation data.
         */
-       if (track->packet[0] == FR_CODE_STATUS_SERVER) {
+       if (track->packet[0] == FR_RADIUS_CODE_STATUS_SERVER) {
 //             status_check_reply(inst, buffer, buffer_len);
        }
 
index 04077c11876c4c3bbfdc20caf2f76a5e7012b8b9..04844826aecbd4bc1f362416909f443d00893327 100644 (file)
@@ -247,7 +247,7 @@ static ssize_t mod_encode(void const *instance, request_t *request, uint8_t *buf
         *      Process layer NAK, never respond, or "Do not respond".
         */
        if ((buffer_len == 1) ||
-           (request->reply->code == FR_CODE_DO_NOT_RESPOND) ||
+           (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) ||
            (request->reply->code >= FR_VQP_MAX_CODE)) {
                track->do_not_respond = true;
                return 1;
index 4dacb49372c51bcef27285cdf050c729d660cbaf..1c07b96624580f5882ee5e33f805a50dde739880 100644 (file)
@@ -868,7 +868,7 @@ static unlang_action_t mod_post_proxy(rlm_rcode_t *p_result, module_ctx_t const
                 *      says that we MUST include a User-Name attribute in the
                 *      Access-Accept.
                 */
-               if ((request->reply->code == FR_CODE_ACCESS_ACCEPT) && username) {
+               if ((request->reply->code == FR_RADIUS_CODE_ACCESS_ACCEPT) && username) {
                        MEM(pair_update_reply(&vp, attr_user_name) >= 0);
                        fr_pair_value_copy(vp, username);
                }
@@ -900,7 +900,7 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *
         *      Access-Accept.
         */
        username = fr_pair_find_by_da(&request->request_pairs, attr_user_name);
-       if ((request->reply->code == FR_CODE_ACCESS_ACCEPT) && username) {
+       if ((request->reply->code == FR_RADIUS_CODE_ACCESS_ACCEPT) && username) {
                /*
                 *      Doesn't exist, add it in.
                 */
@@ -927,7 +927,7 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *
         *      Only synthesize a failure message if something
         *      previously rejected the request.
         */
-       if (request->reply->code != FR_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP;
+       if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP;
 
        if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message)) {
                RDEBUG3("Request didn't contain an EAP-Message, not inserting EAP-Failure");
index de38b890c49cc54967f305b0abaf3f99bc2aeb5a..b69f42cc3c67d4ea204c1d4e893cdef1b1889205 100644 (file)
@@ -122,7 +122,7 @@ static void eap_fast_send_error(fr_tls_session_t *tls_session, int error)
        eap_fast_tlv_append(tls_session, attr_eap_fast_error, true, sizeof(value), &value);
 }
 
-static void eap_fast_append_result(fr_tls_session_t *tls_session, FR_CODE code)
+static void eap_fast_append_result(fr_tls_session_t *tls_session, fr_radius_packet_code_t code)
 {
        eap_fast_tunnel_t       *t = talloc_get_type_abort(tls_session->opaque, eap_fast_tunnel_t);
        uint16_t                state;
@@ -130,7 +130,7 @@ static void eap_fast_append_result(fr_tls_session_t *tls_session, FR_CODE code)
 
 
        da = (t->result_final) ? attr_eap_fast_result : attr_eap_fast_intermediate_result;
-       state = htons((code == FR_CODE_ACCESS_REJECT) ? EAP_FAST_TLV_RESULT_FAILURE : EAP_FAST_TLV_RESULT_SUCCESS);
+       state = htons((code == FR_RADIUS_CODE_ACCESS_REJECT) ? EAP_FAST_TLV_RESULT_FAILURE : EAP_FAST_TLV_RESULT_SUCCESS);
 
        eap_fast_tlv_append(tls_session, da, true, sizeof(state), &state);
 }
@@ -491,7 +491,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(UNUSED eap_session_t *eap_sess
         * NOT 'eap start', so we should check for that....
         */
        switch (reply->code) {
-       case FR_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
                RDEBUG2("Got tunneled Access-Accept");
 
                rcode = RLM_MODULE_OK;
@@ -535,12 +535,12 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(UNUSED eap_session_t *eap_sess
                RHEXDUMP3((uint8_t *)&t->isk, 2 * RADIUS_CHAP_CHALLENGE_LENGTH, "ISK[j]"); /* FIXME (part of above) */
                break;
 
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                REDEBUG("Got tunneled Access-Reject");
                rcode = RLM_MODULE_REJECT;
                break;
 
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                RDEBUG2("Got tunneled Access-Challenge");
 
                /*
@@ -565,10 +565,10 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(UNUSED eap_session_t *eap_sess
        return rcode;
 }
 
-static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_session,
+static fr_radius_packet_code_t eap_fast_eap_payload(request_t *request, eap_session_t *eap_session,
                                    fr_tls_session_t *tls_session, fr_pair_t *tlv_eap_payload)
 {
-       FR_CODE                 code = FR_CODE_ACCESS_REJECT;
+       fr_radius_packet_code_t                 code = FR_RADIUS_CODE_ACCESS_REJECT;
        rlm_rcode_t             rcode;
        fr_pair_t               *vp;
        eap_fast_tunnel_t       *t;
@@ -732,13 +732,13 @@ static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_sessi
                        /*
                         *      Didn't authenticate the packet, but we're proxying it.
                         */
-                       code = FR_CODE_STATUS_CLIENT;
+                       code = FR_RADIUS_CODE_STATUS_CLIENT;
 
                } else
 #endif /* WITH_PROXY */
                  {
                          REDEBUG("No tunneled reply was found, and the request was not proxied: rejecting the user");
-                         code = FR_CODE_ACCESS_REJECT;
+                         code = FR_RADIUS_CODE_ACCESS_REJECT;
                  }
                break;
 
@@ -749,19 +749,19 @@ static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_sessi
                rcode = process_reply(eap_session, tls_session, request, fake->reply, &fake->reply_pairs);
                switch (rcode) {
                case RLM_MODULE_REJECT:
-                       code = FR_CODE_ACCESS_REJECT;
+                       code = FR_RADIUS_CODE_ACCESS_REJECT;
                        break;
 
                case RLM_MODULE_HANDLED:
-                       code = FR_CODE_ACCESS_CHALLENGE;
+                       code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                        break;
 
                case RLM_MODULE_OK:
-                       code = FR_CODE_ACCESS_ACCEPT;
+                       code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                        break;
 
                default:
-                       code = FR_CODE_ACCESS_REJECT;
+                       code = FR_RADIUS_CODE_ACCESS_REJECT;
                        break;
                }
                break;
@@ -772,7 +772,7 @@ static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_sessi
        return code;
 }
 
-static FR_CODE eap_fast_crypto_binding(request_t *request, UNUSED eap_session_t *eap_session,
+static fr_radius_packet_code_t eap_fast_crypto_binding(request_t *request, UNUSED eap_session_t *eap_session,
                                       fr_tls_session_t *tls_session, eap_tlv_crypto_binding_tlv_t *binding)
 {
        uint8_t                 cmac[sizeof(binding->compound_mac)];
@@ -789,13 +789,13 @@ static FR_CODE eap_fast_crypto_binding(request_t *request, UNUSED eap_session_t
                RDEBUG2("Crypto-Binding TLV mis-match");
                RHEXDUMP3((uint8_t const *) binding->compound_mac,
                 sizeof(binding->compound_mac), "Calculated Compound MAC");
-               return FR_CODE_ACCESS_REJECT;
+               return FR_RADIUS_CODE_ACCESS_REJECT;
        }
 
-       return FR_CODE_ACCESS_ACCEPT;
+       return FR_RADIUS_CODE_ACCESS_ACCEPT;
 }
 
-static FR_CODE eap_fast_process_tlvs(request_t *request, eap_session_t *eap_session,
+static fr_radius_packet_code_t eap_fast_process_tlvs(request_t *request, eap_session_t *eap_session,
                                     fr_tls_session_t *tls_session, fr_pair_list_t *fast_vps)
 {
        eap_fast_tunnel_t               *t = talloc_get_type_abort(tls_session->opaque, eap_fast_tunnel_t);
@@ -807,14 +807,14 @@ static FR_CODE eap_fast_process_tlvs(request_t *request, eap_session_t *eap_sess
        for (vp = fr_pair_list_head(fast_vps);
             vp;
             vp = fr_pair_list_next(fast_vps, vp)) {
-               FR_CODE code = FR_CODE_ACCESS_REJECT;
+               fr_radius_packet_code_t code = FR_RADIUS_CODE_ACCESS_REJECT;
                if (vp->da->parent == attr_eap_fast_tlv) {
                        if (vp->da == attr_eap_fast_eap_payload) {
                                code = eap_fast_eap_payload(request, eap_session, tls_session, vp);
-                               if (code == FR_CODE_ACCESS_ACCEPT) t->stage = EAP_FAST_CRYPTOBIND_CHECK;
+                               if (code == FR_RADIUS_CODE_ACCESS_ACCEPT) t->stage = EAP_FAST_CRYPTOBIND_CHECK;
                        } else if ((vp->da == attr_eap_fast_result) ||
                                   (vp->da == attr_eap_fast_intermediate_result)) {
-                               code = FR_CODE_ACCESS_ACCEPT;
+                               code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                                t->stage = EAP_FAST_PROVISIONING;
                        } else {
                                RDEBUG2("ignoring unknown %pP", vp);
@@ -854,7 +854,7 @@ static FR_CODE eap_fast_process_tlvs(request_t *request, eap_session_t *eap_sess
                } else if (vp->da->parent == attr_eap_fast_pac_tlv) {
                        if (vp->da == attr_eap_fast_pac_acknowledge) {
                                if (vp->vp_uint32 == EAP_FAST_TLV_RESULT_SUCCESS) {
-                                       code = FR_CODE_ACCESS_ACCEPT;
+                                       code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                                        t->pac.expires = UINT32_MAX;
                                        t->pac.expired = false;
                                        t->stage = EAP_FAST_COMPLETE;
@@ -875,27 +875,27 @@ static FR_CODE eap_fast_process_tlvs(request_t *request, eap_session_t *eap_sess
                        continue;
                }
 
-               if (code == FR_CODE_ACCESS_REJECT) return FR_CODE_ACCESS_REJECT;
+               if (code == FR_RADIUS_CODE_ACCESS_REJECT) return FR_RADIUS_CODE_ACCESS_REJECT;
        }
 
        if (binding) {
-               FR_CODE code = eap_fast_crypto_binding(request, eap_session, tls_session, binding);
-               if (code == FR_CODE_ACCESS_ACCEPT) {
+               fr_radius_packet_code_t code = eap_fast_crypto_binding(request, eap_session, tls_session, binding);
+               if (code == FR_RADIUS_CODE_ACCESS_ACCEPT) {
                        t->stage = EAP_FAST_PROVISIONING;
                }
                return code;
        }
 
-       return FR_CODE_ACCESS_ACCEPT;
+       return FR_RADIUS_CODE_ACCESS_ACCEPT;
 }
 
 
 /*
  * Process the inner tunnel data
  */
-FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
+fr_radius_packet_code_t eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
 {
-       FR_CODE                 code;
+       fr_radius_packet_code_t                 code;
        fr_pair_list_t          fast_vps;
        uint8_t const           *data;
        size_t                  data_len;
@@ -915,7 +915,7 @@ FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_
        /*
         * See if the tunneled data is well formed.
         */
-       if (!eap_fast_verify(request, tls_session, data, data_len)) return FR_CODE_ACCESS_REJECT;
+       if (!eap_fast_verify(request, tls_session, data, data_len)) return FR_RADIUS_CODE_ACCESS_REJECT;
 
        if (t->stage == EAP_FAST_TLS_SESSION_HANDSHAKE) {
                fr_assert(t->mode == EAP_FAST_UNKNOWN);
@@ -946,22 +946,22 @@ FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_
                eap_fast_send_identity_request(request, tls_session, eap_session);
 
                t->stage = EAP_FAST_AUTHENTICATION;
-               return FR_CODE_ACCESS_CHALLENGE;
+               return FR_RADIUS_CODE_ACCESS_CHALLENGE;
        }
 
        if (eap_fast_decode_pair(request, &fast_vps, attr_eap_fast_tlv,
-                                data, data_len, NULL) < 0) return FR_CODE_ACCESS_REJECT;
+                                data, data_len, NULL) < 0) return FR_RADIUS_CODE_ACCESS_REJECT;
 
        RDEBUG2("Got Tunneled FAST TLVs");
        log_request_pair_list(L_DBG_LVL_1, request, NULL, &fast_vps, NULL);
        code = eap_fast_process_tlvs(request, eap_session, tls_session, &fast_vps);
        fr_pair_list_free(&fast_vps);
 
-       if (code == FR_CODE_ACCESS_REJECT) return FR_CODE_ACCESS_REJECT;
+       if (code == FR_RADIUS_CODE_ACCESS_REJECT) return FR_RADIUS_CODE_ACCESS_REJECT;
 
        switch (t->stage) {
        case EAP_FAST_AUTHENTICATION:
-               code = FR_CODE_ACCESS_CHALLENGE;
+               code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                break;
 
        case EAP_FAST_CRYPTOBIND_CHECK:
@@ -974,7 +974,7 @@ FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_
                eap_fast_update_icmk(request, tls_session, (uint8_t *)&t->isk);
                eap_fast_append_crypto_binding(request, tls_session);
 
-               code = FR_CODE_ACCESS_CHALLENGE;
+               code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                break;
        }
        case EAP_FAST_PROVISIONING:
@@ -985,7 +985,7 @@ FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_
                if (t->pac.send) {
                        RDEBUG2("Peer requires new PAC");
                        eap_fast_send_pac_tunnel(request, tls_session);
-                       code = FR_CODE_ACCESS_CHALLENGE;
+                       code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                        break;
                }
 
@@ -998,13 +998,13 @@ FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_
                 */
                if (t->pac.type && t->pac.expired) {
                        REDEBUG("Rejecting expired PAC.");
-                       code = FR_CODE_ACCESS_REJECT;
+                       code = FR_RADIUS_CODE_ACCESS_REJECT;
                        break;
                }
 
                if (t->mode == EAP_FAST_PROVISIONING_ANON) {
                        REDEBUG("Rejecting unauthenticated provisioning");
-                       code = FR_CODE_ACCESS_REJECT;
+                       code = FR_RADIUS_CODE_ACCESS_REJECT;
                        break;
                }
 
@@ -1022,7 +1022,7 @@ FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_
 
        default:
                RERROR("Internal sanity check failed in EAP-FAST at %d", t->stage);
-               code = FR_CODE_ACCESS_REJECT;
+               code = FR_RADIUS_CODE_ACCESS_REJECT;
        }
 
        return code;
index 06f09398db24cfb2a2c6a2c50f7cb77cf5111cc7..d94d1a5883d46498eb28e559210e20ddcaa47162 100644 (file)
@@ -253,7 +253,7 @@ extern fr_dict_attr_t const *attr_eap_fast_vendor_specific;
  */
 void eap_fast_tlv_append(fr_tls_session_t *tls_session, fr_dict_attr_t const *da, bool mandatory,
                         int length, const void *data) CC_HINT(nonnull);
-FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
+fr_radius_packet_code_t eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
 
 /*
  *     A bunch of EAP-FAST helper functions.
index 2f02cae6eb1840a7aa07cf6972e207adf6ef26dc..51c8c749d53507a9fd41dd808cbf999c6cff8de7 100644 (file)
@@ -517,14 +517,14 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc
         *      Process the FAST portion of the request.
         */
        switch (eap_fast_process(request, eap_session, tls_session)) {
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                eap_tls_fail(request, eap_session);
                RETURN_MODULE_FAIL;
 
                /*
                 *      Access-Challenge, continue tunneled conversation.
                 */
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                fr_tls_session_send(request, tls_session);
                eap_tls_request(request, eap_session);
                RETURN_MODULE_HANDLED;
@@ -532,7 +532,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc
                /*
                 *      Success: Automatically return MPPE keys.
                 */
-       case FR_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
                if (eap_tls_success(request, eap_session, NULL, 0, NULL, 0) < 0) RETURN_MODULE_FAIL;
                RETURN_MODULE_OK;
 
@@ -542,7 +542,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc
                 *      that the request now has a "proxy" packet, and
                 *      will proxy it, rather than returning an EAP packet.
                 */
-       case FR_CODE_STATUS_CLIENT:
+       case FR_RADIUS_CODE_STATUS_CLIENT:
                RETURN_MODULE_OK;
 
        default:
index 53559644ff85c4347b4552ef89dec8a955f63316..5f0e5f77cce5482d062412b9062d061070275fcf 100644 (file)
@@ -286,7 +286,7 @@ static int CC_HINT(nonnull) mschap_postproxy(eap_session_t *eap_session, UNUSED
         *      There is only a limited number of possibilities.
         */
        switch (request->reply->code) {
-       case FR_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
                RDEBUG2("Proxied authentication succeeded");
 
                /*
@@ -297,7 +297,7 @@ static int CC_HINT(nonnull) mschap_postproxy(eap_session_t *eap_session, UNUSED
                break;
 
        default:
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                REDEBUG("Proxied authentication was rejected");
                RETURN_MODULE_REJECT;
        }
@@ -336,7 +336,7 @@ static int CC_HINT(nonnull) mschap_postproxy(eap_session_t *eap_session, UNUSED
         *      And we need to challenge the user, not ack/reject them,
         *      so we re-write the ACK to a challenge.  Yuck.
         */
-       request->reply->code = FR_CODE_ACCESS_CHALLENGE;
+       request->reply->code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
        fr_pair_list_free(&response);
 
        RETURN_MODULE_HANDLED;
index 1f4ad9b85970ac3ed1eaae37ab50b72cdba80d3f..59c108ff2c06c8b9a3ca1ce749ce4a9e6a269c46 100644 (file)
@@ -386,21 +386,21 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_session_t *eap_session, fr
        }
 
        switch (reply->code) {
-       case FR_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
                RDEBUG2("Tunneled authentication was successful");
                t->status = PEAP_STATUS_SENT_TLV_SUCCESS;
                eap_peap_success(request, eap_session, tls_session);
                rcode = RLM_MODULE_HANDLED;
                break;
 
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                RDEBUG2("Tunneled authentication was rejected");
                t->status = PEAP_STATUS_SENT_TLV_FAILURE;
                eap_peap_failure(request, eap_session, tls_session);
                rcode = RLM_MODULE_HANDLED;
                break;
 
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                RDEBUG2("Got tunneled Access-Challenge");
 
                /*
@@ -559,7 +559,7 @@ unlang_action_t eap_peap_process(rlm_rcode_t *p_result, request_t *request,
                       fake->server_cs ? cf_section_name2(fake->server_cs) : "NULL");
                rad_virtual_server(&rcode, fake);
 
-               if (fake->reply->code != FR_CODE_ACCESS_ACCEPT) {
+               if (fake->reply->code != FR_RADIUS_CODE_ACCESS_ACCEPT) {
                        RDEBUG2("SoH was rejected");
                        TALLOC_FREE(fake);
                        t->status = PEAP_STATUS_SENT_TLV_FAILURE;
index 3862fc876e037d78fc114c15ab3f19c6a754fdbe..fff42c84bc24cd008c88255d4b0174ce8a6f4808 100644 (file)
@@ -51,4 +51,4 @@ typedef struct {
 /*
  *     Process the TTLS portion of an EAP-TTLS request.
  */
-FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
+fr_radius_packet_code_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
index 77c841273eb7f63a1333717242411bc8624c1015..9b9607d523f86d41f1b5bfb7cdb28df1e0b12f12 100644 (file)
@@ -222,21 +222,21 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc
         *      Process the TTLS portion of the request.
         */
        switch (eap_ttls_process(request, eap_session, tls_session)) {
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                eap_tls_fail(request, eap_session);
                RETURN_MODULE_REJECT;
 
                /*
                 *      Access-Challenge, continue tunneled conversation.
                 */
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                eap_tls_request(request, eap_session);
                RETURN_MODULE_OK;
 
                /*
                 *      Success: Automatically return MPPE keys.
                 */
-       case FR_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
                goto do_keys;
 
        /*
@@ -245,7 +245,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc
         *      that the request now has a "proxy" packet, and
         *      will proxy it, rather than returning an EAP packet.
         */
-       case FR_CODE_STATUS_CLIENT:
+       case FR_RADIUS_CODE_STATUS_CLIENT:
                RETURN_MODULE_OK;
 
        default:
index ca4fca73e24b5d3406e5f2aca1c114191465764c..7fd35bdc3ac6abd15c7d26ed06d683174c91206a 100644 (file)
@@ -497,7 +497,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *e
         *      NOT 'eap start', so we should check for that....
         */
        switch (reply->code) {
-       case FR_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
        {
                RDEBUG2("Got tunneled Access-Accept");
 
@@ -525,7 +525,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *e
        }
                break;
 
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                REDEBUG("Got tunneled Access-Reject");
                rcode = RLM_MODULE_REJECT;
                break;
@@ -536,7 +536,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *e
         *      an Access-Challenge means that we MUST tunnel
         *      a Reply-Message to the client.
         */
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                RDEBUG2("Got tunneled Access-Challenge");
 
                /*
@@ -581,9 +581,9 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *e
 /*
  *     Process the "diameter" contents of the tunneled data.
  */
-FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
+fr_radius_packet_code_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
 {
-       FR_CODE                 code = FR_CODE_ACCESS_REJECT;
+       fr_radius_packet_code_t                 code = FR_RADIUS_CODE_ACCESS_REJECT;
        rlm_rcode_t             rcode;
        fr_pair_t               *vp = NULL;
        fr_dcursor_t            cursor;
@@ -610,7 +610,7 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_
        if (data_len == 0) {
                if (t->authenticated) {
                        RDEBUG2("Got ACK, and the user was already authenticated");
-                       code = FR_CODE_ACCESS_ACCEPT;
+                       code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                        goto finish;
                } /* else no session, no data, die. */
 
@@ -619,12 +619,12 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_
                 *      wrong.
                 */
                RDEBUG2("SSL_read Error");
-               code = FR_CODE_ACCESS_REJECT;
+               code = FR_RADIUS_CODE_ACCESS_REJECT;
                goto finish;
        }
 
        if (!diameter_verify(request, data, data_len)) {
-               code = FR_CODE_ACCESS_REJECT;
+               code = FR_RADIUS_CODE_ACCESS_REJECT;
                goto finish;
        }
 
@@ -635,7 +635,7 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_
        if (eap_ttls_decode_pair(request->request_ctx, &cursor, fr_dict_root(fr_dict_internal()),
                                 data, data_len, tls_session->ssl) < 0) {
                RPEDEBUG("Decoding TTLS TLVs failed");
-               code = FR_CODE_ACCESS_REJECT;
+               code = FR_RADIUS_CODE_ACCESS_REJECT;
                goto finish;
        }
 
@@ -690,7 +690,7 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_
         */
        chbind = eap_chbind_vp2packet(request, &request->request_pairs);
        if (chbind) {
-               FR_CODE chbind_code;
+               fr_radius_packet_code_t chbind_code;
                CHBIND_REQ *req = talloc_zero(request, CHBIND_REQ);
 
                RDEBUG2("received chbind request");
@@ -714,7 +714,7 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_
                /* clean up chbind req */
                talloc_free(req);
 
-               if (chbind_code != FR_CODE_ACCESS_ACCEPT) {
+               if (chbind_code != FR_RADIUS_CODE_ACCESS_ACCEPT) {
                        code = chbind_code;
                        goto finish;
                }
@@ -732,7 +732,7 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_
        if (!request->reply->code) {
                RDEBUG2("No tunneled reply was found for request %" PRIu64 ", and the request was not "
                       "proxied: rejecting the user", request->number);
-               code = FR_CODE_ACCESS_REJECT;
+               code = FR_RADIUS_CODE_ACCESS_REJECT;
        } else {
                /*
                 *      Returns RLM_MODULE_FOO, and we want to return FR_FOO
@@ -740,19 +740,19 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_
                rcode = process_reply(eap_session, tls_session, request, request->reply, &request->reply_pairs);
                switch (rcode) {
                case RLM_MODULE_REJECT:
-                       code = FR_CODE_ACCESS_REJECT;
+                       code = FR_RADIUS_CODE_ACCESS_REJECT;
                        break;
 
                case RLM_MODULE_HANDLED:
-                       code = FR_CODE_ACCESS_CHALLENGE;
+                       code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                        break;
 
                case RLM_MODULE_OK:
-                       code = FR_CODE_ACCESS_ACCEPT;
+                       code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                        break;
 
                default:
-                       code = FR_CODE_ACCESS_REJECT;
+                       code = FR_RADIUS_CODE_ACCESS_REJECT;
                        break;
                }
        }
index 41f755179ad2b44f315580f831ddfa86e13f9ace..745956de0e52ed4e99d891d0d172e0fac0d3aa3b 100644 (file)
@@ -57,42 +57,42 @@ static CONF_PARSER const status_check_update_config[] = {
  *     Retransmission intervals for the packets we support.
  */
 static CONF_PARSER auth_config[] = {
-       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].irt), .dflt = STRINGIFY(2) },
-       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].mrt), .dflt = STRINGIFY(16) },
-       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].mrc), .dflt = STRINGIFY(5) },
-       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].mrd), .dflt = STRINGIFY(30) },
+       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].irt), .dflt = STRINGIFY(2) },
+       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrt), .dflt = STRINGIFY(16) },
+       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrc), .dflt = STRINGIFY(5) },
+       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrd), .dflt = STRINGIFY(30) },
        CONF_PARSER_TERMINATOR
 };
 
 static CONF_PARSER acct_config[] = {
-       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].irt), .dflt = STRINGIFY(2) },
-       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].mrt), .dflt = STRINGIFY(5) },
-       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].mrc), .dflt = STRINGIFY(1) },
-       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].mrd), .dflt = STRINGIFY(30) },
+       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].irt), .dflt = STRINGIFY(2) },
+       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrt), .dflt = STRINGIFY(5) },
+       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrc), .dflt = STRINGIFY(1) },
+       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrd), .dflt = STRINGIFY(30) },
        CONF_PARSER_TERMINATOR
 };
 
 static CONF_PARSER status_config[] = {
-       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].irt), .dflt = STRINGIFY(2) },
-       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].mrt), .dflt = STRINGIFY(5) },
-       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].mrc), .dflt = STRINGIFY(5) },
-       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].mrd), .dflt = STRINGIFY(30) },
+       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].irt), .dflt = STRINGIFY(2) },
+       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].mrt), .dflt = STRINGIFY(5) },
+       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].mrc), .dflt = STRINGIFY(5) },
+       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].mrd), .dflt = STRINGIFY(30) },
        CONF_PARSER_TERMINATOR
 };
 
 static CONF_PARSER coa_config[] = {
-       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_COA_REQUEST].irt), .dflt = STRINGIFY(2) },
-       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_COA_REQUEST].mrt), .dflt = STRINGIFY(16) },
-       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_COA_REQUEST].mrc), .dflt = STRINGIFY(5) },
-       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_COA_REQUEST].mrd), .dflt = STRINGIFY(30) },
+       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].irt), .dflt = STRINGIFY(2) },
+       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].mrt), .dflt = STRINGIFY(16) },
+       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].mrc), .dflt = STRINGIFY(5) },
+       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].mrd), .dflt = STRINGIFY(30) },
        CONF_PARSER_TERMINATOR
 };
 
 static CONF_PARSER disconnect_config[] = {
-       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].irt), .dflt = STRINGIFY(2) },
-       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].mrt), .dflt = STRINGIFY(16) },
-       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].mrc), .dflt = STRINGIFY(5) },
-       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].mrd), .dflt = STRINGIFY(30) },
+       { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].irt), .dflt = STRINGIFY(2) },
+       { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrt), .dflt = STRINGIFY(16) },
+       { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrc), .dflt = STRINGIFY(5) },
+       { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrd), .dflt = STRINGIFY(30) },
        CONF_PARSER_TERMINATOR
 };
 
@@ -126,13 +126,13 @@ static CONF_PARSER const module_config[] = {
        CONF_PARSER_TERMINATOR
 };
 
-static CONF_PARSER const type_interval_config[FR_RADIUS_MAX_PACKET_CODE] = {
-       [FR_CODE_ACCESS_REQUEST] = { FR_CONF_POINTER("Access-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) auth_config },
+static CONF_PARSER const type_interval_config[FR_RADIUS_CODE_MAX] = {
+       [FR_RADIUS_CODE_ACCESS_REQUEST] = { FR_CONF_POINTER("Access-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) auth_config },
 
-       [FR_CODE_ACCOUNTING_REQUEST] = { FR_CONF_POINTER("Accounting-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) acct_config },
-       [FR_CODE_STATUS_SERVER] = { FR_CONF_POINTER("Status-Server", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) status_config },
-       [FR_CODE_COA_REQUEST] = { FR_CONF_POINTER("CoA-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) coa_config },
-       [FR_CODE_DISCONNECT_REQUEST] = { FR_CONF_POINTER("Disconnect-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) disconnect_config },
+       [FR_RADIUS_CODE_ACCOUNTING_REQUEST] = { FR_CONF_POINTER("Accounting-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) acct_config },
+       [FR_RADIUS_CODE_STATUS_SERVER] = { FR_CONF_POINTER("Status-Server", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) status_config },
+       [FR_RADIUS_CODE_COA_REQUEST] = { FR_CONF_POINTER("CoA-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) coa_config },
+       [FR_RADIUS_CODE_DISCONNECT_REQUEST] = { FR_CONF_POINTER("Disconnect-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) disconnect_config },
 };
 
 static fr_dict_t const *dict_radius;
@@ -197,13 +197,13 @@ static int type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent,
        /*
         *      Status-Server packets cannot be proxied.
         */
-       if (code == FR_CODE_STATUS_SERVER) {
+       if (code == FR_RADIUS_CODE_STATUS_SERVER) {
                cf_log_err(ci, "Invalid setting of 'type = Status-Server'.  Status-Server packets cannot be proxied.");
                return -1;
        }
 
        if (!code ||
-           (code >= FR_RADIUS_MAX_PACKET_CODE) ||
+           (code >= FR_RADIUS_CODE_MAX) ||
            (!type_interval_config[code].name)) goto invalid_code;
 
        /*
@@ -288,7 +288,7 @@ static int status_check_type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED voi
         *      types.
         */
        if (!code ||
-           (code >= FR_RADIUS_MAX_PACKET_CODE) ||
+           (code >= FR_RADIUS_CODE_MAX) ||
            (!type_interval_config[code].name)) goto invalid_code;
 
        /*
@@ -302,7 +302,7 @@ static int status_check_type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED voi
        /*
         *      Nothing more to do here, so we stop.
         */
-       if (code == FR_CODE_STATUS_SERVER) return 0;
+       if (code == FR_RADIUS_CODE_STATUS_SERVER) return 0;
 
        cf_section_rule_push(cs, status_check_update_config);
 
@@ -416,7 +416,7 @@ static void radius_fixups(rlm_radius_t const *inst, request_t *request)
                }
        }
 
-       if (request->packet->code != FR_CODE_ACCESS_REQUEST) return;
+       if (request->packet->code != FR_RADIUS_CODE_ACCESS_REQUEST) return;
 
        if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password) &&
            !fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge)) {
@@ -447,12 +447,12 @@ static unlang_action_t CC_HINT(nonnull) mod_process(rlm_rcode_t *p_result, modul
         *      Reserve Status-Server for ourselves, for link-specific
         *      signaling.
         */
-       if (request->packet->code == FR_CODE_STATUS_SERVER) {
+       if (request->packet->code == FR_RADIUS_CODE_STATUS_SERVER) {
                REDEBUG("Cannot proxy Status-Server packets");
                RETURN_MODULE_FAIL;
        }
 
-       if ((request->packet->code >= FR_RADIUS_MAX_PACKET_CODE) ||
+       if ((request->packet->code >= FR_RADIUS_CODE_MAX) ||
            !inst->retry[request->packet->code].irt) { /* can't be zero */
                REDEBUG("Invalid packet code %d", request->packet->code);
                RETURN_MODULE_FAIL;
@@ -609,12 +609,12 @@ static int mod_bootstrap(void *instance, CONF_SECTION *conf)
 
                code = inst->types[i];
                fr_assert(code > 0);
-               fr_assert(code < FR_RADIUS_MAX_PACKET_CODE);
+               fr_assert(code < FR_RADIUS_CODE_MAX);
 
                inst->allowed[code] = true;
        }
 
-       fr_assert(inst->status_check < FR_RADIUS_MAX_PACKET_CODE);
+       fr_assert(inst->status_check < FR_RADIUS_CODE_MAX);
 
        /*
         *      If we're replicating, we don't care if the other end
@@ -634,7 +634,7 @@ static int mod_bootstrap(void *instance, CONF_SECTION *conf)
         *      packets.
         */
        if (inst->status_check) {
-               if (inst->status_check == FR_CODE_STATUS_SERVER) {
+               if (inst->status_check == FR_RADIUS_CODE_STATUS_SERVER) {
                        inst->allowed[inst->status_check] = true;
 
                } else if (!inst->allowed[inst->status_check]) {
@@ -659,16 +659,16 @@ static int mod_bootstrap(void *instance, CONF_SECTION *conf)
        /*
         *      Set limits on retransmission timers
         */
-       if (inst->allowed[FR_CODE_ACCESS_REQUEST]) {
-               FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].irt, >=, fr_time_delta_from_sec(1));
-               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
-               FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_CODE_ACCESS_REQUEST].mrc, >=, 1);
-               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_CODE_ACCESS_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
-
-               FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].irt, <=, fr_time_delta_from_sec(3));
-               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
-               FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_CODE_ACCESS_REQUEST].mrc, <=, 10);
-               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_CODE_ACCESS_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+       if (inst->allowed[FR_RADIUS_CODE_ACCESS_REQUEST]) {
+               FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+               FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrc, >=, 1);
+               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
+
+               FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
+               FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrc, <=, 10);
+               FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
        }
 
        /*
@@ -678,63 +678,63 @@ static int mod_bootstrap(void *instance, CONF_SECTION *conf)
         *      the server core will automatically free the request at
         *      max_request_time.
         */
-       if (inst->allowed[FR_CODE_ACCOUNTING_REQUEST]) {
-               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+       if (inst->allowed[FR_RADIUS_CODE_ACCOUNTING_REQUEST]) {
+               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].irt, >=, fr_time_delta_from_sec(1));
 #if 0
-               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
-               FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrc, >=, 0);
-               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrd, >=, fr_time_delta_from_sec(0));
+               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+               FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrc, >=, 0);
+               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrd, >=, fr_time_delta_from_sec(0));
 #endif
 
-               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].irt, <=, fr_time_delta_from_sec(3));
-               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
-               FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrc, <=, 10);
-               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
+               FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrc, <=, 10);
+               FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
        }
 
        /*
         *      Status-Server
         */
-       if (inst->allowed[FR_CODE_STATUS_SERVER]) {
-               FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].irt, >=, fr_time_delta_from_sec(1));
-               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].mrt, >=, fr_time_delta_from_sec(5));
-               FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_CODE_STATUS_SERVER].mrc, >=, 1);
-               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_CODE_STATUS_SERVER].mrd, >=, fr_time_delta_from_sec(5));
-
-               FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].irt, <=, fr_time_delta_from_sec(3));
-               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].mrt, <=, fr_time_delta_from_sec(30));
-               FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_CODE_STATUS_SERVER].mrc, <=, 10);
-               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_CODE_STATUS_SERVER].mrd, <=, fr_time_delta_from_sec(30));
+       if (inst->allowed[FR_RADIUS_CODE_STATUS_SERVER]) {
+               FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].irt, >=, fr_time_delta_from_sec(1));
+               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrt, >=, fr_time_delta_from_sec(5));
+               FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrc, >=, 1);
+               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrd, >=, fr_time_delta_from_sec(5));
+
+               FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].irt, <=, fr_time_delta_from_sec(3));
+               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrt, <=, fr_time_delta_from_sec(30));
+               FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrc, <=, 10);
+               FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrd, <=, fr_time_delta_from_sec(30));
        }
 
        /*
         *      CoA
         */
-       if (inst->allowed[FR_CODE_COA_REQUEST]) {
-               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_CODE_COA_REQUEST].irt, >=, fr_time_delta_from_sec(1));
-               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_CODE_COA_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
-               FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_CODE_COA_REQUEST].mrc, >=, 1);
-               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_CODE_COA_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
-
-               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_CODE_COA_REQUEST].irt, <=, fr_time_delta_from_sec(3));
-               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_CODE_COA_REQUEST].mrt, <=, fr_time_delta_from_sec(60));
-               FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_CODE_COA_REQUEST].mrc, <=, 10);
-               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_CODE_COA_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+       if (inst->allowed[FR_RADIUS_CODE_COA_REQUEST]) {
+               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+               FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrc, >=, 1);
+               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
+
+               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrt, <=, fr_time_delta_from_sec(60));
+               FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrc, <=, 10);
+               FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
        }
 
        /*
         *      Disconnect
         */
-       if (inst->allowed[FR_CODE_DISCONNECT_REQUEST]) {
-               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].irt, >=, fr_time_delta_from_sec(1));
-               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
-               FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrc, >=, 1);
-               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
-
-               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].irt, <=, fr_time_delta_from_sec(3));
-               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
-               FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrc, <=, 10);
-               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+       if (inst->allowed[FR_RADIUS_CODE_DISCONNECT_REQUEST]) {
+               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+               FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrc, >=, 1);
+               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
+
+               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
+               FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrc, <=, 10);
+               FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
        }
 
 setup_io_submodule:
index d917fdb5a2902f17d241a9b825fd06623cf72bb9..f199c19758c8d22963bcc594001c3a9246e9a662 100644 (file)
@@ -74,8 +74,8 @@ struct rlm_radius_s {
        uint32_t                num_answers_to_alive;           //!< How many status check responses we need to
                                                        ///< mark the connection as alive.
 
-       bool                    allowed[FR_RADIUS_MAX_PACKET_CODE];
-       fr_retry_config_t       retry[FR_RADIUS_MAX_PACKET_CODE];
+       bool                    allowed[FR_RADIUS_CODE_MAX];
+       fr_retry_config_t       retry[FR_RADIUS_CODE_MAX];
 
        fr_trunk_conf_t         trunk_conf;             //!< trunk configuration
 };
index 902c8e0918fe23b5ed7b83043f1cd1b5e8347eaf..0a1037a8caded8a4d2ea44a147b5dcb3b9882934 100644 (file)
@@ -225,39 +225,39 @@ fr_dict_attr_autoload_t rlm_radius_udp_dict_attr[] = {
 /** If we get a reply, the request must come from one of a small
  * number of packet types.
  */
-static FR_CODE allowed_replies[FR_RADIUS_MAX_PACKET_CODE] = {
-       [FR_CODE_ACCESS_ACCEPT]         = FR_CODE_ACCESS_REQUEST,
-       [FR_CODE_ACCESS_CHALLENGE]      = FR_CODE_ACCESS_REQUEST,
-       [FR_CODE_ACCESS_REJECT]         = FR_CODE_ACCESS_REQUEST,
+static fr_radius_packet_code_t allowed_replies[FR_RADIUS_CODE_MAX] = {
+       [FR_RADIUS_CODE_ACCESS_ACCEPT]          = FR_RADIUS_CODE_ACCESS_REQUEST,
+       [FR_RADIUS_CODE_ACCESS_CHALLENGE]       = FR_RADIUS_CODE_ACCESS_REQUEST,
+       [FR_RADIUS_CODE_ACCESS_REJECT]          = FR_RADIUS_CODE_ACCESS_REQUEST,
 
-       [FR_CODE_ACCOUNTING_RESPONSE]   = FR_CODE_ACCOUNTING_REQUEST,
+       [FR_RADIUS_CODE_ACCOUNTING_RESPONSE]    = FR_RADIUS_CODE_ACCOUNTING_REQUEST,
 
-       [FR_CODE_COA_ACK]               = FR_CODE_COA_REQUEST,
-       [FR_CODE_COA_NAK]               = FR_CODE_COA_REQUEST,
+       [FR_RADIUS_CODE_COA_ACK]                = FR_RADIUS_CODE_COA_REQUEST,
+       [FR_RADIUS_CODE_COA_NAK]                = FR_RADIUS_CODE_COA_REQUEST,
 
-       [FR_CODE_DISCONNECT_ACK]        = FR_CODE_DISCONNECT_REQUEST,
-       [FR_CODE_DISCONNECT_NAK]        = FR_CODE_DISCONNECT_REQUEST,
+       [FR_RADIUS_CODE_DISCONNECT_ACK] = FR_RADIUS_CODE_DISCONNECT_REQUEST,
+       [FR_RADIUS_CODE_DISCONNECT_NAK] = FR_RADIUS_CODE_DISCONNECT_REQUEST,
 
-       [FR_CODE_PROTOCOL_ERROR]        = FR_CODE_PROTOCOL_ERROR,       /* Any */
+       [FR_RADIUS_CODE_PROTOCOL_ERROR] = FR_RADIUS_CODE_PROTOCOL_ERROR,        /* Any */
 };
 
 /** Turn a reply code into a module rcode;
  *
  */
-static rlm_rcode_t radius_code_to_rcode[FR_RADIUS_MAX_PACKET_CODE] = {
-       [FR_CODE_ACCESS_ACCEPT]         = RLM_MODULE_OK,
-       [FR_CODE_ACCESS_CHALLENGE]      = RLM_MODULE_UPDATED,
-       [FR_CODE_ACCESS_REJECT]         = RLM_MODULE_REJECT,
+static rlm_rcode_t radius_code_to_rcode[FR_RADIUS_CODE_MAX] = {
+       [FR_RADIUS_CODE_ACCESS_ACCEPT]          = RLM_MODULE_OK,
+       [FR_RADIUS_CODE_ACCESS_CHALLENGE]       = RLM_MODULE_UPDATED,
+       [FR_RADIUS_CODE_ACCESS_REJECT]          = RLM_MODULE_REJECT,
 
-       [FR_CODE_ACCOUNTING_RESPONSE]   = RLM_MODULE_OK,
+       [FR_RADIUS_CODE_ACCOUNTING_RESPONSE]    = RLM_MODULE_OK,
 
-       [FR_CODE_COA_ACK]               = RLM_MODULE_OK,
-       [FR_CODE_COA_NAK]               = RLM_MODULE_REJECT,
+       [FR_RADIUS_CODE_COA_ACK]                = RLM_MODULE_OK,
+       [FR_RADIUS_CODE_COA_NAK]                = RLM_MODULE_REJECT,
 
-       [FR_CODE_DISCONNECT_ACK]        = RLM_MODULE_OK,
-       [FR_CODE_DISCONNECT_NAK]        = RLM_MODULE_REJECT,
+       [FR_RADIUS_CODE_DISCONNECT_ACK] = RLM_MODULE_OK,
+       [FR_RADIUS_CODE_DISCONNECT_NAK] = RLM_MODULE_REJECT,
 
-       [FR_CODE_PROTOCOL_ERROR]        = RLM_MODULE_HANDLED,
+       [FR_RADIUS_CODE_PROTOCOL_ERROR] = RLM_MODULE_HANDLED,
 };
 
 static void            conn_writable_status_check(UNUSED fr_event_list_t *el, UNUSED int fd,
@@ -392,7 +392,7 @@ static void CC_HINT(nonnull) status_check_alloc(fr_event_list_t *el, udp_handle_
                /*
                 *      Allow passwords only in Access-Request packets.
                 */
-               if ((inst->parent->status_check != FR_CODE_ACCESS_REQUEST) &&
+               if ((inst->parent->status_check != FR_RADIUS_CODE_ACCESS_REQUEST) &&
                    (tmpl_da(map->lhs) == attr_user_password)) continue;
 
                (void) map_to_request(request, map, map_to_vp, NULL);
@@ -587,7 +587,7 @@ static void conn_readable_status_check(fr_event_list_t *el, UNUSED int fd, UNUSE
         *      This is usually used for dynamic configuration
         *      on startup.
         */
-       if (code == FR_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
+       if (code == FR_RADIUS_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
 
        /*
         *      Last trunk event was a failure, be more careful about
@@ -1211,7 +1211,7 @@ static decode_fail_t decode(TALLOC_CTX *ctx, fr_pair_list_t *reply, uint8_t *res
        }
 
        code = data[0];
-       if (!code || (code >= FR_RADIUS_MAX_PACKET_CODE)) {
+       if (!code || (code >= FR_RADIUS_CODE_MAX)) {
                REDEBUG("Unknown reply code %d", code);
                return DECODE_FAIL_UNKNOWN_PACKET_CODE;
        }
@@ -1228,8 +1228,8 @@ static decode_fail_t decode(TALLOC_CTX *ctx, fr_pair_list_t *reply, uint8_t *res
         *
         *      Status checks accept any response code.
         */
-       if (!u->status_check && (code != FR_CODE_PROTOCOL_ERROR)) {
-               if (allowed_replies[code] != (FR_CODE) u->code) {
+       if (!u->status_check && (code != FR_RADIUS_CODE_PROTOCOL_ERROR)) {
+               if (allowed_replies[code] != (fr_radius_packet_code_t) u->code) {
                        REDEBUG("%s packet received invalid reply code %s",
                                fr_packet_codes[u->code], fr_packet_codes[code]);
                        return DECODE_FAIL_UNKNOWN_PACKET_CODE;
@@ -1300,8 +1300,8 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_
         *      number...
         */
        switch (u->code) {
-       case FR_CODE_ACCESS_REQUEST:
-       case FR_CODE_STATUS_SERVER:
+       case FR_RADIUS_CODE_ACCESS_REQUEST:
+       case FR_RADIUS_CODE_STATUS_SERVER:
        {
                size_t i;
                uint32_t hash, base;
@@ -1333,7 +1333,7 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_
                vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp);
                if (vp) vp->vp_date = fr_time_to_unix_time(u->retry.updated);
 
-               if (u->code == FR_CODE_STATUS_SERVER) u->can_retransmit = false;
+               if (u->code == FR_RADIUS_CODE_STATUS_SERVER) u->can_retransmit = false;
 
        } else if (inst->parent->originate) {
                /*
@@ -1462,7 +1462,7 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_
         *      time difference between now, and when we originally
         *      received the request.
         */
-       if ((u->code == FR_CODE_ACCOUNTING_REQUEST) &&
+       if ((u->code == FR_RADIUS_CODE_ACCOUNTING_REQUEST) &&
            (fr_pair_find_by_da(&request->request_pairs, attr_acct_delay_time) != NULL)) {
                uint8_t *attr, *end;
                uint32_t delay;
@@ -1507,9 +1507,9 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_
         */
        if (message_authenticator) goto sign;
        switch (u->code) {
-       case FR_CODE_ACCOUNTING_REQUEST:
-       case FR_CODE_DISCONNECT_REQUEST:
-       case FR_CODE_COA_REQUEST:
+       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+       case FR_RADIUS_CODE_COA_REQUEST:
        sign:
                /*
                 *      Now that we're done mangling the packet, sign it.
@@ -2272,7 +2272,7 @@ static void status_check_reply(fr_trunk_request_t *treq, fr_time_t now)
        /*
         *      @todo - do other negotiation and signaling.
         */
-       if (h->buffer[0] == FR_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
+       if (h->buffer[0] == FR_RADIUS_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
 
        if (u->num_replies < inst->num_answers_to_alive) {
                DEBUG("Received %d / %u replies for status check, on connection - %s",
@@ -2414,7 +2414,7 @@ static void request_demux(fr_trunk_connection_t *tconn, fr_connection_t *conn, U
                 *      packet.
                 */
                switch (code) {
-               case FR_CODE_PROTOCOL_ERROR:
+               case FR_RADIUS_CODE_PROTOCOL_ERROR:
                        protocol_error_reply(u, r, h);
                        break;
 
@@ -2431,13 +2431,13 @@ static void request_demux(fr_trunk_connection_t *tconn, fr_connection_t *conn, U
                 *      automatically result in it the parent request
                 *      returning an ok/fail packet code.
                 */
-               if ((u->code == FR_CODE_ACCESS_REQUEST) && (code == FR_CODE_ACCESS_CHALLENGE)) {
+               if ((u->code == FR_RADIUS_CODE_ACCESS_REQUEST) && (code == FR_RADIUS_CODE_ACCESS_CHALLENGE)) {
                        fr_pair_t       *vp;
 
                        vp = fr_pair_find_by_da(&request->reply_pairs, attr_packet_type);
                        if (!vp) {
                                MEM(vp = fr_pair_afrom_da(request->reply_ctx, attr_packet_type));
-                               vp->vp_uint32 = FR_CODE_ACCESS_CHALLENGE;
+                               vp->vp_uint32 = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                                fr_pair_append(&request->reply_pairs, vp);
                        }
                }
@@ -2700,9 +2700,9 @@ static unlang_action_t mod_enqueue(rlm_rcode_t *p_result, void **rctx_out, void
        fr_trunk_request_t              *treq;
 
        fr_assert(request->packet->code > 0);
-       fr_assert(request->packet->code < FR_RADIUS_MAX_PACKET_CODE);
+       fr_assert(request->packet->code < FR_RADIUS_CODE_MAX);
 
-       if (request->packet->code == FR_CODE_STATUS_SERVER) {
+       if (request->packet->code == FR_RADIUS_CODE_STATUS_SERVER) {
                RWDEBUG("Status-Server is reserved for internal use, and cannot be sent manually.");
                RETURN_MODULE_NOOP;
        }
index 09bfa6438b4c95ff6206dc889f6d4e8aa6664a02..6721d9bd831120edd222ec67869a914f4f71be51 100644 (file)
@@ -520,7 +520,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result,
                vp->vp_uint32 = 0; /* no echo */
 
                /* Mark the packet as a Acceess-Challenge Packet */
-               request->reply->code = FR_CODE_ACCESS_CHALLENGE;
+               request->reply->code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
                RDEBUG2("Sending Access-Challenge");
                rcode = RLM_MODULE_HANDLED;
                break;
index 9a0dba23ded6bf45436defa90ac787b66c34c470..480fa9a78a631f92e454afc5202cd2cb9e30f109 100644 (file)
@@ -118,20 +118,20 @@ static unlang_action_t sometimes_return(rlm_rcode_t *p_result, void const *insta
         */
        if ((inst->rcode == RLM_MODULE_HANDLED) && reply) {
                switch (packet->code) {
-               case FR_CODE_ACCESS_REQUEST:
-                       reply->code = FR_CODE_ACCESS_ACCEPT;
+               case FR_RADIUS_CODE_ACCESS_REQUEST:
+                       reply->code = FR_RADIUS_CODE_ACCESS_ACCEPT;
                        break;
 
-               case FR_CODE_ACCOUNTING_REQUEST:
-                       reply->code = FR_CODE_ACCOUNTING_RESPONSE;
+               case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+                       reply->code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
                        break;
 
-               case FR_CODE_COA_REQUEST:
-                       reply->code = FR_CODE_COA_ACK;
+               case FR_RADIUS_CODE_COA_REQUEST:
+                       reply->code = FR_RADIUS_CODE_COA_ACK;
                        break;
 
-               case FR_CODE_DISCONNECT_REQUEST:
-                       reply->code = FR_CODE_DISCONNECT_ACK;
+               case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+                       reply->code = FR_RADIUS_CODE_DISCONNECT_ACK;
                        break;
 
                default:
index 4a0c2f6fbcc7525a07223465938d79f5bb604459..5e7e66229f14ca4c5675c6157da833f4b1ba3d91 100644 (file)
@@ -53,7 +53,7 @@ typedef struct {
        fr_dict_attr_t const    *ipv6_da;                       //!< FreeRADIUS-Stats4-IPv6-Address
        fr_dlist_head_t         list;                           //!< for threads to know about each other
 
-       uint64_t                stats[FR_RADIUS_MAX_PACKET_CODE];
+       uint64_t                stats[FR_RADIUS_CODE_MAX];
 } rlm_stats_t;
 
 typedef struct {
@@ -62,7 +62,7 @@ typedef struct {
        fr_ipaddr_t             ipaddr;                         //!< IP address of this thing
        fr_time_t               created;                        //!< when it was created
        fr_time_t               last_packet;                    //!< when we last saw a packet
-       uint64_t                stats[FR_RADIUS_MAX_PACKET_CODE];       //!< actual statistic
+       uint64_t                stats[FR_RADIUS_CODE_MAX];      //!< actual statistic
 } rlm_stats_data_t;
 
 typedef struct {
@@ -76,7 +76,7 @@ typedef struct {
        rbtree_t                *src;                           //!< stats by source
        rbtree_t                *dst;                           //!< stats by destination
 
-       uint64_t                stats[FR_RADIUS_MAX_PACKET_CODE];
+       uint64_t                stats[FR_RADIUS_CODE_MAX];
 } rlm_stats_thread_t;
 
 static const CONF_PARSER module_config[] = {
@@ -103,13 +103,13 @@ fr_dict_attr_autoload_t rlm_stats_dict_attr[] = {
        { NULL }
 };
 
-static void coalesce(uint64_t final_stats[FR_RADIUS_MAX_PACKET_CODE], rlm_stats_thread_t *t,
+static void coalesce(uint64_t final_stats[FR_RADIUS_CODE_MAX], rlm_stats_thread_t *t,
                     size_t tree_offset, rlm_stats_data_t *mydata)
 {
        rlm_stats_data_t *stats;
        rlm_stats_thread_t *other;
        rbtree_t **tree;
-       uint64_t local_stats[FR_RADIUS_MAX_PACKET_CODE];
+       uint64_t local_stats[FR_RADIUS_CODE_MAX];
 
        tree = (rbtree_t **) (((uint8_t *) t) + tree_offset);
 
@@ -119,7 +119,7 @@ static void coalesce(uint64_t final_stats[FR_RADIUS_MAX_PACKET_CODE], rlm_stats_
         */
        stats = rbtree_find_data(*tree, mydata);
        if (!stats) {
-               memset(final_stats, 0, sizeof(uint64_t) * FR_RADIUS_MAX_PACKET_CODE);
+               memset(final_stats, 0, sizeof(uint64_t) * FR_RADIUS_CODE_MAX);
        } else {
                memcpy(final_stats, stats->stats, sizeof(stats->stats));
        }
@@ -142,7 +142,7 @@ static void coalesce(uint64_t final_stats[FR_RADIUS_MAX_PACKET_CODE], rlm_stats_
                }
                memcpy(&local_stats, stats->stats, sizeof(stats->stats));
 
-               for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+               for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
                        final_stats[i] += local_stats[i];
                }
        }
@@ -174,10 +174,10 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_
                int src_code, dst_code;
 
                src_code = request->packet->code;
-               if (src_code >= FR_RADIUS_MAX_PACKET_CODE) src_code = 0;
+               if (src_code >= FR_RADIUS_CODE_MAX) src_code = 0;
 
                dst_code = request->reply->code;
-               if (dst_code >= FR_RADIUS_MAX_PACKET_CODE) dst_code = 0;
+               if (dst_code >= FR_RADIUS_CODE_MAX) dst_code = 0;
 
                t->stats[src_code]++;
                t->stats[dst_code]++;
@@ -229,7 +229,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_
                t->last_global_update = request->async->recv_time;
 
                pthread_mutex_lock(&inst->mutex);
-               for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+               for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
                        inst->stats[i] += t->stats[i];
                        t->stats[i] = 0;
                }
@@ -242,7 +242,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_
         *      Ignore "authenticate" and anything other than Status-Server
         */
        if ((request->request_state != REQUEST_RECV) ||
-           (request->packet->code != FR_CODE_STATUS_SERVER)) {
+           (request->packet->code != FR_RADIUS_CODE_STATUS_SERVER)) {
                RETURN_MODULE_NOOP;
        }
 
@@ -268,7 +268,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_
                 *      The copy helps minimize mutex contention.
                 */
                pthread_mutex_lock(&inst->mutex);
-               for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+               for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
                        inst->stats[i] += t->stats[i];
                        t->stats[i] = 0;
                }
@@ -309,7 +309,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_
 
        strcpy(buffer, "FreeRADIUS-Stats4-");
 
-       for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+       for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
                fr_dict_attr_t const *da;
 
                if (!local_stats[i]) continue;
@@ -369,7 +369,7 @@ static int mod_thread_detach(UNUSED fr_event_list_t *el, void *thread)
        int i;
 
        pthread_mutex_lock(&inst->mutex);
-       for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+       for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
                inst->stats[i] += t->stats[i];
        }
        fr_dlist_remove(&inst->list, t);
index 73673462c5ed95e1500d16496764cc74b1c11aeb..165010147064e6d128dfed5be8c9c6c0741fcfe8 100644 (file)
@@ -264,7 +264,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod
                 *      Don't print out debugging messages if we know
                 *      they're useless.
                 */
-               if ((request->dict == dict_radius) && request->packet->code != FR_CODE_ACCESS_CHALLENGE) {
+               if ((request->dict == dict_radius) && request->packet->code != FR_RADIUS_CODE_ACCESS_CHALLENGE) {
                        RDEBUG2("No cleartext password in the request. Can't do Yubikey authentication");
                }
 
index 250aae886630d42ea93c91c3683d180a2d1594aa..d1401c3130e4c6119032ba2ebb92f742082ba66b 100644 (file)
@@ -17,7 +17,7 @@
 /**
  * $Id$
  * @file src/process/radius/base.c
- * @brief RADIUS handler
+ * @brief RADIUS process module
  *
  * @copyright 2021 The FreeRADIUS server project.
  * @copyright 2021 Network RADIUS SARL (legal@networkradius.com)
@@ -43,19 +43,16 @@ fr_dict_autoload_t process_radius_dict[] = {
        { NULL }
 };
 
-
-static fr_dict_attr_t const *attr_packet_type;
-
-static fr_dict_attr_t const *attr_acct_status_type;
-
 static fr_dict_attr_t const *attr_auth_type;
-static fr_dict_attr_t const *attr_calling_station_id;
-static fr_dict_attr_t const *attr_chap_password;
 static fr_dict_attr_t const *attr_module_failure_message;
 static fr_dict_attr_t const *attr_module_success_message;
 static fr_dict_attr_t const *attr_stripped_user_name;
 
+static fr_dict_attr_t const *attr_acct_status_type;
+static fr_dict_attr_t const *attr_calling_station_id;
+static fr_dict_attr_t const *attr_chap_password;
 static fr_dict_attr_t const *attr_nas_port;
+static fr_dict_attr_t const *attr_packet_type;
 static fr_dict_attr_t const *attr_service_type;
 static fr_dict_attr_t const *attr_state;
 static fr_dict_attr_t const *attr_user_name;
@@ -63,17 +60,17 @@ static fr_dict_attr_t const *attr_user_password;
 
 extern fr_dict_attr_autoload_t process_radius_dict_attr[];
 fr_dict_attr_autoload_t process_radius_dict_attr[] = {
-       { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
-       { .out = &attr_acct_status_type, .name = "Acct-Status-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
 
        { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
        { .out = &attr_module_failure_message, .name = "Module-Failure-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_module_success_message, .name = "Module-Success-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
        { .out = &attr_stripped_user_name, .name = "Stripped-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
 
+       { .out = &attr_acct_status_type, .name = "Acct-Status-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_calling_station_id, .name = "Calling-Station-Id", .type = FR_TYPE_STRING, .dict = &dict_radius },
        { .out = &attr_chap_password, .name = "CHAP-Password", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_nas_port, .name = "NAS-Port", .type = FR_TYPE_UINT32, .dict = &dict_radius },
+       { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_service_type, .name = "Service-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
        { .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
        { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
@@ -85,73 +82,74 @@ fr_dict_attr_autoload_t process_radius_dict_attr[] = {
 /*
  *     RADIUS state machine configuration
  */
-typedef struct radius_unlang_packets_s {
+typedef struct {
        uint64_t        nothing;                // so that "access_request" isn't at offset 0
 
-       CONF_SECTION *access_request;
-       CONF_SECTION *access_accept;
-       CONF_SECTION *access_reject;
-       CONF_SECTION *access_challenge;
+       CONF_SECTION    *access_request;
+       CONF_SECTION    *access_accept;
+       CONF_SECTION    *access_reject;
+       CONF_SECTION    *access_challenge;
 
-       CONF_SECTION *accounting_request;
-       CONF_SECTION *accounting_response;
+       CONF_SECTION    *accounting_request;
+       CONF_SECTION    *accounting_response;
 
-       CONF_SECTION *status_server;
+       CONF_SECTION    *status_server;
 
-       CONF_SECTION *coa_request;
-       CONF_SECTION *coa_ack;
-       CONF_SECTION *coa_nak;
+       CONF_SECTION    *coa_request;
+       CONF_SECTION    *coa_ack;
+       CONF_SECTION    *coa_nak;
 
-       CONF_SECTION *disconnect_request;
-       CONF_SECTION *disconnect_ack;
-       CONF_SECTION *disconnect_nak;
+       CONF_SECTION    *disconnect_request;
+       CONF_SECTION    *disconnect_ack;
+       CONF_SECTION    *disconnect_nak;
 
-       CONF_SECTION *do_not_respond;
-       CONF_SECTION *protocol_error; /* @todo - allow protocol error as a reject reply? */
-} radius_unlang_packets_t;
+       CONF_SECTION    *do_not_respond;
+       CONF_SECTION    *protocol_error;        /* @todo - allow protocol error as a reject reply? */
+} process_radius_sections_t;
 
 typedef struct {
        bool            log_stripped_names;
-       bool            log_auth;                       //!< Log authentication attempts.
-       bool            log_auth_badpass;               //!< Log successful authentications.
-       bool            log_auth_goodpass;              //!< Log failed authentications.
-       char const      *auth_badpass_msg;              //!< Additional text to append to successful auth messages.
-       char const      *auth_goodpass_msg;             //!< Additional text to append to failed auth messages.
+       bool            log_auth;               //!< Log authentication attempts.
+       bool            log_auth_badpass;       //!< Log successful authentications.
+       bool            log_auth_goodpass;      //!< Log failed authentications.
+       char const      *auth_badpass_msg;      //!< Additional text to append to successful auth messages.
+       char const      *auth_goodpass_msg;     //!< Additional text to append to failed auth messages.
 
-       char const      *denied_msg;                    //!< Additional text to append if the user is already logged
-                                                       //!< in (simultaneous use check failed).
+       char const      *denied_msg;            //!< Additional text to append if the user is already logged
+                                               //!< in (simultaneous use check failed).
 
-       uint32_t        session_timeout;                //!< Maximum time between the last response and next request.
-       uint32_t        max_session;                    //!< Maximum ongoing session allowed.
+       uint32_t        session_timeout;        //!< Maximum time between the last response and next request.
+       uint32_t        max_session;            //!< Maximum ongoing session allowed.
 
-       uint8_t         state_server_id;                //!< Sets a specific byte in the state to allow the
-                                                       //!< authenticating server to be identified in packet
-                                                       //!< captures.
+       uint8_t         state_server_id;        //!< Sets a specific byte in the state to allow the
+                                               //!< authenticating server to be identified in packet
+                                               //!<captures.
 
-       fr_state_tree_t *state_tree;                    //!< State tree to link multiple requests/responses.
-} radius_auth_t;
+       fr_state_tree_t *state_tree;            //!< State tree to link multiple requests/responses.
+} process_radius_auth_t;
 
-typedef struct process_radius_s {
-       radius_unlang_packets_t packets;
-       radius_auth_t           auth;
+typedef struct {
+       process_radius_sections_t       sections;       //!< Pointers to various config sections
+                                                       ///< we need to execute.
+       process_radius_auth_t           auth;           //!< Authentication configuration.
 } process_radius_t;
 
 static const CONF_PARSER session_config[] = {
-       { FR_CONF_OFFSET("timeout", FR_TYPE_UINT32, radius_auth_t, session_timeout), .dflt = "15" },
-       { FR_CONF_OFFSET("max", FR_TYPE_UINT32, radius_auth_t, max_session), .dflt = "4096" },
-       { FR_CONF_OFFSET("state_server_id", FR_TYPE_UINT8, radius_auth_t, state_server_id) },
+       { FR_CONF_OFFSET("timeout", FR_TYPE_UINT32, process_radius_auth_t, session_timeout), .dflt = "15" },
+       { FR_CONF_OFFSET("max", FR_TYPE_UINT32, process_radius_auth_t, max_session), .dflt = "4096" },
+       { FR_CONF_OFFSET("state_server_id", FR_TYPE_UINT8, process_radius_auth_t, state_server_id) },
 
        CONF_PARSER_TERMINATOR
 };
 
 static const CONF_PARSER log_config[] = {
-       { FR_CONF_OFFSET("stripped_names", FR_TYPE_BOOL, radius_auth_t, log_stripped_names), .dflt = "no" },
-       { FR_CONF_OFFSET("auth", FR_TYPE_BOOL, radius_auth_t, log_auth), .dflt = "no" },
-       { FR_CONF_OFFSET("auth_badpass", FR_TYPE_BOOL, radius_auth_t, log_auth_badpass), .dflt = "no" },
-       { FR_CONF_OFFSET("auth_goodpass", FR_TYPE_BOOL,radius_auth_t,  log_auth_goodpass), .dflt = "no" },
-       { FR_CONF_OFFSET("msg_badpass", FR_TYPE_STRING, radius_auth_t, auth_badpass_msg) },
-       { FR_CONF_OFFSET("msg_goodpass", FR_TYPE_STRING, radius_auth_t, auth_goodpass_msg) },
-       { FR_CONF_OFFSET("msg_denied", FR_TYPE_STRING, radius_auth_t, denied_msg), .dflt = "You are already logged in - access denied" },
+       { FR_CONF_OFFSET("stripped_names", FR_TYPE_BOOL, process_radius_auth_t, log_stripped_names), .dflt = "no" },
+       { FR_CONF_OFFSET("auth", FR_TYPE_BOOL, process_radius_auth_t, log_auth), .dflt = "no" },
+       { FR_CONF_OFFSET("auth_badpass", FR_TYPE_BOOL, process_radius_auth_t, log_auth_badpass), .dflt = "no" },
+       { FR_CONF_OFFSET("auth_goodpass", FR_TYPE_BOOL,process_radius_auth_t,  log_auth_goodpass), .dflt = "no" },
+       { FR_CONF_OFFSET("msg_badpass", FR_TYPE_STRING, process_radius_auth_t, auth_badpass_msg) },
+       { FR_CONF_OFFSET("msg_goodpass", FR_TYPE_STRING, process_radius_auth_t, auth_goodpass_msg) },
+       { FR_CONF_OFFSET("msg_denied", FR_TYPE_STRING, process_radius_auth_t, denied_msg), .dflt = "You are already logged in - access denied" },
 
        CONF_PARSER_TERMINATOR
 };
@@ -174,28 +172,21 @@ static const CONF_PARSER config[] = {
 /*
  *     RADIUS state machine tables for rcode to packet.
  */
-typedef unsigned int fr_packet_rcode_t[RLM_MODULE_NUMCODES];
-
-typedef struct radius_state_s {
-       uint32_t                packet_type[RLM_MODULE_NUMCODES];
-       size_t                  offset;
-       rlm_rcode_t             rcode;          // default rcode
-       unsigned int            reject;         // reject packet
-       module_method_t         recv;           // for incoming requests
-       unlang_module_resume_t  send;           // for sending replies
-       unlang_module_resume_t  resume;
-} radius_state_t;
-
-static const radius_state_t radius_state[FR_RADIUS_MAX_PACKET_CODE];
+typedef struct {
+       fr_radius_packet_code_t packet_type[RLM_MODULE_NUMCODES];       //!< rcode to packet type mapping.
+       size_t                  section_offset; //!< Where to look in process_radius_sections_t for
+                                               ///< a pointer to the section we should execute.
+       rlm_rcode_t             rcode;          //!< Default rcode
+       fr_radius_packet_code_t reject;         //!< Reject packet type.
+       module_method_t         recv;           //!< Method to call when receiving this type of packet.
+       unlang_module_resume_t  resume;         //!< Function to call after running a recv section.
+       unlang_module_resume_t  send;           //!< Method to call when sending this type of packet.
+} process_radius_state_t;
+
+static process_radius_state_t const radius_state[FR_RADIUS_CODE_MAX];
 
 #define RAUTH(fmt, ...)                log_request(L_AUTH, L_DBG_LVL_OFF, request, __FILE__, __LINE__, fmt, ## __VA_ARGS__)
 
-#ifndef NDEBUG
-#  define TRACE        RDEBUG3("Entered state %s", __FUNCTION__)
-#else
-#  define TRACE
-#endif
-
 /*
  *     Return a short string showing the terminal server, port
  *     and calling station ID.
@@ -226,7 +217,7 @@ static char *auth_name(char *buf, size_t buflen, request_t *request)
  *     Make sure user/pass are clean and then create an attribute
  *     which contains the log message.
  */
-static void CC_HINT(format (printf, 4, 5)) auth_message(radius_auth_t const *inst,
+static void CC_HINT(format (printf, 4, 5)) auth_message(process_radius_auth_t const *inst,
                                                        request_t *request, bool goodpass, char const *fmt, ...)
 {
        va_list          ap;
@@ -319,7 +310,7 @@ static void CC_HINT(format (printf, 4, 5)) auth_message(radius_auth_t const *ins
  */
 #define UPDATE_STATE_CS(_x) do { \
                        state = &radius_state[request->_x->code]; \
-                       cs = *(CONF_SECTION **) (((uint8_t *) &inst->packets) + state->offset); \
+                       cs = *(CONF_SECTION **) (((uint8_t *) &inst->sections) + state->section_offset); \
                } while (0)
 
 #define UPDATE_STATE(_x) state = &radius_state[request->_x->code]
@@ -329,7 +320,6 @@ static void CC_HINT(format (printf, 4, 5)) auth_message(radius_auth_t const *ins
 #define SEND(_x) static unlang_action_t send_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, UNUSED void *rctx)
 #define RESUME(_x) static unlang_action_t resume_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, UNUSED void *rctx)
 
-#define RADIUS_PACKET_CODE_VALID(_code) (((_code) > 0) && ((_code) < FR_RADIUS_MAX_PACKET_CODE))
 #if 0
 RECV(access_request)
 {
@@ -341,14 +331,14 @@ RESUME(auth_type);
 
 RESUME(access_request)
 {
-       rlm_rcode_t             rcode = request->rcode;
-       fr_pair_t               *vp;
-       CONF_SECTION            *cs;
-       fr_dict_enum_t const    *dv;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       rlm_rcode_t                     rcode = request->rcode;
+       fr_pair_t                       *vp;
+       CONF_SECTION                    *cs;
+       fr_dict_enum_t const            *dv;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        fr_assert(rcode < RLM_MODULE_NUMCODES);
 
@@ -358,7 +348,7 @@ RESUME(access_request)
        request->reply->code = state->packet_type[rcode];
        UPDATE_STATE_CS(reply);
 
-       if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
+       if (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) {
                RDEBUG("The 'recv Access-Request' section returned %s - not sending a response",
                       fr_table_str_by_value(rcode_table, rcode, "???"));
 
@@ -396,29 +386,29 @@ RESUME(access_request)
 
 RESUME(auth_type)
 {
-       static const uint32_t auth_type_rcode[RLM_MODULE_NUMCODES] = {
-               [RLM_MODULE_OK] =       FR_CODE_ACCESS_ACCEPT,
-               [RLM_MODULE_FAIL] =     FR_CODE_ACCESS_REJECT,
-               [RLM_MODULE_INVALID] =  FR_CODE_ACCESS_REJECT,
-               [RLM_MODULE_NOOP] =     FR_CODE_ACCESS_REJECT,
-               [RLM_MODULE_NOTFOUND] = FR_CODE_ACCESS_REJECT,
-               [RLM_MODULE_REJECT] =   FR_CODE_ACCESS_REJECT,
-               [RLM_MODULE_UPDATED] =  FR_CODE_ACCESS_REJECT,
-               [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT,
+       static const fr_radius_packet_code_t auth_type_rcode[RLM_MODULE_NUMCODES] = {
+               [RLM_MODULE_OK] =       FR_RADIUS_CODE_ACCESS_ACCEPT,
+               [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_ACCESS_REJECT,
+               [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_ACCESS_REJECT,
+               [RLM_MODULE_NOOP] =     FR_RADIUS_CODE_ACCESS_REJECT,
+               [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_ACCESS_REJECT,
+               [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_ACCESS_REJECT,
+               [RLM_MODULE_UPDATED] =  FR_RADIUS_CODE_ACCESS_REJECT,
+               [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT,
        };
 
-       rlm_rcode_t             rcode = request->rcode;
-       fr_pair_t               *vp;
-       CONF_SECTION            *cs;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       rlm_rcode_t                     rcode = request->rcode;
+       fr_pair_t                       *vp;
+       CONF_SECTION                    *cs;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        fr_assert(rcode < RLM_MODULE_NUMCODES);
-       fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+       fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
 
-       if (auth_type_rcode[rcode] == FR_CODE_DO_NOT_RESPOND) {
+       if (auth_type_rcode[rcode] == FR_RADIUS_CODE_DO_NOT_RESPOND) {
                request->reply->code = auth_type_rcode[rcode];
                UPDATE_STATE_CS(reply);
 
@@ -437,13 +427,13 @@ RESUME(auth_type)
        request->reply->code = auth_type_rcode[rcode];
        if (!request->reply->code) {
                RDEBUG("No reply code was set.  Forcing to Access-Reject");
-               request->reply->code = FR_CODE_ACCESS_REJECT;
+               request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT;
 
        } else switch (request->reply->code) {
        /*
         *      Print complaints before running "send Access-Reject"
         */
-       case FR_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
                RDEBUG2("Failed to authenticate the user");
 
                /*
@@ -472,12 +462,12 @@ RESUME(auth_type)
                break;
 
        /*
-        *      Access-Challenge packets require a State.  If there is
+        *      Access-Challenge sections require a State.  If there is
         *      none, create one here.  This is so that the State
         *      attribute is accessible in the "send Access-Challenge"
         *      section.
         */
-       case FR_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_state)) != NULL) {
                        uint8_t buffer[16];
 
@@ -502,10 +492,10 @@ RESUME(auth_type)
 
 RESUME(access_accept)
 {
-       fr_pair_t *vp;
-       process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       fr_pair_t                       *vp;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        vp = fr_pair_find_by_da(&request->request_pairs, attr_module_success_message);
        if (vp){
@@ -520,10 +510,10 @@ RESUME(access_accept)
 
 RESUME(access_reject)
 {
-       fr_pair_t *vp;
-       process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       fr_pair_t                       *vp;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        vp = fr_pair_find_by_da(&request->request_pairs, attr_module_failure_message);
        if (vp) {
@@ -538,11 +528,11 @@ RESUME(access_reject)
 
 RESUME(access_challenge)
 {
-       CONF_SECTION            *cs;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       CONF_SECTION                    *cs;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        /*
         *      Cache the state context.
@@ -550,39 +540,39 @@ RESUME(access_challenge)
         *      If this fails, don't respond to the request.
         */
        if (fr_request_to_state(inst->auth.state_tree, request) < 0) {
-               request->reply->code = FR_CODE_DO_NOT_RESPOND;
+               request->reply->code = FR_RADIUS_CODE_DO_NOT_RESPOND;
                UPDATE_STATE_CS(reply);
                return unlang_module_yield_to_section(p_result, request,
                                                      cs, state->rcode, state->send,
                                                      NULL, NULL);
        }
 
-       fr_assert(request->reply->code == FR_CODE_ACCESS_CHALLENGE);
+       fr_assert(request->reply->code == FR_RADIUS_CODE_ACCESS_CHALLENGE);
        RETURN_MODULE_OK;
 }
 
 RESUME(acct_type)
 {
-       static const uint32_t acct_type_rcode[RLM_MODULE_NUMCODES] = {
-               [RLM_MODULE_FAIL] =     FR_CODE_DO_NOT_RESPOND,
-               [RLM_MODULE_INVALID] =  FR_CODE_DO_NOT_RESPOND,
-               [RLM_MODULE_NOTFOUND] = FR_CODE_DO_NOT_RESPOND,
-               [RLM_MODULE_REJECT] =   FR_CODE_DO_NOT_RESPOND,
-               [RLM_MODULE_DISALLOW] = FR_CODE_DO_NOT_RESPOND,
+       static const fr_radius_packet_code_t acct_type_rcode[RLM_MODULE_NUMCODES] = {
+               [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_DO_NOT_RESPOND,
+               [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_DO_NOT_RESPOND,
+               [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+               [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_DO_NOT_RESPOND,
+               [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND,
        };
 
-       rlm_rcode_t             rcode = request->rcode;
-       CONF_SECTION            *cs;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       rlm_rcode_t                     rcode = request->rcode;
+       CONF_SECTION                    *cs;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        fr_assert(rcode < RLM_MODULE_NUMCODES);
-       fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+       fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
 
        if (acct_type_rcode[rcode]) {
-               fr_assert(acct_type_rcode[rcode] == FR_CODE_DO_NOT_RESPOND);
+               fr_assert(acct_type_rcode[rcode] == FR_RADIUS_CODE_DO_NOT_RESPOND);
 
                request->reply->code = acct_type_rcode[rcode];
                UPDATE_STATE_CS(reply);
@@ -596,7 +586,7 @@ RESUME(acct_type)
                                                      NULL, NULL);
        }
 
-       request->reply->code = FR_CODE_ACCOUNTING_RESPONSE;
+       request->reply->code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
        UPDATE_STATE_CS(reply);
 
        fr_assert(state->send != NULL);
@@ -607,14 +597,14 @@ RESUME(acct_type)
 
 RESUME(accounting_request)
 {
-       rlm_rcode_t             rcode = request->rcode;
-       fr_pair_t               *vp;
-       CONF_SECTION            *cs;
-       fr_dict_enum_t const    *dv;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       rlm_rcode_t                     rcode = request->rcode;
+       fr_pair_t                       *vp;
+       CONF_SECTION                    *cs;
+       fr_dict_enum_t const            *dv;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        fr_assert(rcode < RLM_MODULE_NUMCODES);
 
@@ -624,7 +614,7 @@ RESUME(accounting_request)
        request->reply->code = state->packet_type[rcode];
        UPDATE_STATE_CS(reply);
 
-       if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
+       if (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) {
                RDEBUG("The 'recv Accounting-Request' section returned %s - not sending a response",
                       fr_table_str_by_value(rcode_table, rcode, "???"));
 
@@ -675,11 +665,11 @@ RESUME(status_server)
 
 RECV(generic)
 {
-       CONF_SECTION            *cs;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       CONF_SECTION                    *cs;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        if (request->parent && RDEBUG_ENABLED) {
                RDEBUG("Received %s ID %i", fr_packet_codes[request->packet->code], request->packet->id);
@@ -704,12 +694,12 @@ RECV(generic)
 
 RESUME(recv_generic)
 {
-       rlm_rcode_t             rcode = request->rcode;
-       CONF_SECTION            *cs;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       rlm_rcode_t                     rcode = request->rcode;
+       CONF_SECTION                    *cs;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
        fr_assert(rcode < RLM_MODULE_NUMCODES);
 
@@ -727,14 +717,14 @@ RESUME(recv_generic)
 
 SEND(generic)
 {
-       fr_pair_t               *vp;
-       CONF_SECTION            *cs;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       fr_pair_t                       *vp;
+       CONF_SECTION                    *cs;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
-       fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+       fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
 
        UPDATE_STATE_CS(reply);
 
@@ -755,7 +745,7 @@ SEND(generic)
                                         &request->reply_pairs, attr_packet_type) >= 0);
                vp->vp_uint32 = request->reply->code;
 
-       } else if (RADIUS_PACKET_CODE_VALID(vp->vp_uint32)) {
+       } else if ((vp->vp_uint32 != FR_RADIUS_CODE_MAX) && FR_RADIUS_PACKET_CODE_VALID(vp->vp_uint32)) {
                request->reply->code = vp->vp_uint32;
                UPDATE_STATE_CS(reply);
 
@@ -771,14 +761,14 @@ SEND(generic)
 
 RESUME(send_generic)
 {
-       rlm_rcode_t             rcode = request->rcode;
-       CONF_SECTION            *cs;
-       radius_state_t const    *state;
-       process_radius_t        *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+       rlm_rcode_t                     rcode = request->rcode;
+       CONF_SECTION                    *cs;
+       process_radius_state_t const    *state;
+       process_radius_t                *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
 
-       TRACE;
+       PROCESS_TRACE;
 
-       fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+       fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
 
        /*
         *      If they delete &reply.Packet-Type, tough for them.
@@ -797,7 +787,7 @@ RESUME(send_generic)
                 *      And anything can say "don't respond".
                 */
                if ((state->packet_type[rcode] != request->reply->code) &&
-                   ((state->packet_type[rcode] == state->reject) || (state->packet_type[rcode] == FR_CODE_DO_NOT_RESPOND))) {
+                   ((state->packet_type[rcode] == state->reject) || (state->packet_type[rcode] == FR_RADIUS_CODE_DO_NOT_RESPOND))) {
                        char const *old = cf_section_name2(cs);
 
                        request->reply->code = state->packet_type[rcode];
@@ -813,11 +803,11 @@ RESUME(send_generic)
                fr_assert(!state->packet_type[rcode] || (state->packet_type[rcode] == request->reply->code));
                break;
 
-       case FR_CODE_DO_NOT_RESPOND:
+       case FR_RADIUS_CODE_DO_NOT_RESPOND:
                RDEBUG("The 'send %s' section returned %s - not sending a response",
                       fr_table_str_by_value(rcode_table, rcode, "???"),
                       cf_section_name2(cs));
-               request->reply->code = FR_CODE_DO_NOT_RESPOND;
+               request->reply->code = FR_RADIUS_CODE_DO_NOT_RESPOND;
                break;
        }
 
@@ -826,7 +816,7 @@ RESUME(send_generic)
        /*
         *      Check for "do not respond".
         */
-       if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
+       if (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) {
                RDEBUG("Not sending reply to client.");
                RETURN_MODULE_OK;
        }
@@ -841,11 +831,11 @@ RESUME(send_generic)
 
 static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
 {
-       radius_state_t  const   *state;
+       process_radius_state_t const *state;
 
-       TRACE;
+       PROCESS_TRACE;
 
-       fr_assert(RADIUS_PACKET_CODE_VALID(request->packet->code));
+       fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->packet->code));
 
        UPDATE_STATE(packet);
 
@@ -879,201 +869,201 @@ static int mod_bootstrap(UNUSED void *instance, CONF_SECTION *cs)
        return 0;
 }
 
-static const radius_state_t radius_state[FR_RADIUS_MAX_PACKET_CODE] = {
-       [ FR_CODE_ACCESS_REQUEST ] = {
+static process_radius_state_t const radius_state[FR_RADIUS_CODE_MAX] = {
+       [ FR_RADIUS_CODE_ACCESS_REQUEST ] = {
                .packet_type = {
-                       [RLM_MODULE_NOOP] =     FR_CODE_ACCESS_ACCEPT,
-                       [RLM_MODULE_OK] =       FR_CODE_ACCESS_ACCEPT,
-                       [RLM_MODULE_UPDATED] =  FR_CODE_ACCESS_ACCEPT,
-                       [RLM_MODULE_HANDLED] =  FR_CODE_ACCESS_ACCEPT,
-
-                       [RLM_MODULE_FAIL] =     FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_INVALID] =  FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_REJECT] =   FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+                       [RLM_MODULE_NOOP] =     FR_RADIUS_CODE_ACCESS_ACCEPT,
+                       [RLM_MODULE_OK] =       FR_RADIUS_CODE_ACCESS_ACCEPT,
+                       [RLM_MODULE_UPDATED] =  FR_RADIUS_CODE_ACCESS_ACCEPT,
+                       [RLM_MODULE_HANDLED] =  FR_RADIUS_CODE_ACCESS_ACCEPT,
+
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
                },
                .rcode = RLM_MODULE_REJECT,
                .recv = recv_generic,
                .resume = resume_access_request,
-               .offset = offsetof(radius_unlang_packets_t, access_request),
+               .section_offset = offsetof(process_radius_sections_t, access_request),
        },
-       [ FR_CODE_ACCESS_ACCEPT ] = {
+       [ FR_RADIUS_CODE_ACCESS_ACCEPT ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_INVALID] =  FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_REJECT] =   FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
                },
                .rcode = RLM_MODULE_NOOP,
-               .reject = FR_CODE_ACCESS_REJECT,
+               .reject = FR_RADIUS_CODE_ACCESS_REJECT,
                .send = send_generic,
                .resume = resume_access_accept,
-               .offset = offsetof(radius_unlang_packets_t, access_accept),
+               .section_offset = offsetof(process_radius_sections_t, access_accept),
        },
-       [ FR_CODE_ACCESS_REJECT ] = {
+       [ FR_RADIUS_CODE_ACCESS_REJECT ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_INVALID] =  FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_REJECT] =   FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
                },
                .rcode = RLM_MODULE_NOOP,
                .send = send_generic,
                .resume = resume_access_reject,
-               .offset = offsetof(radius_unlang_packets_t, access_reject),
+               .section_offset = offsetof(process_radius_sections_t, access_reject),
        },
-       [ FR_CODE_ACCESS_CHALLENGE ] = {
+       [ FR_RADIUS_CODE_ACCESS_CHALLENGE ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_INVALID] =  FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_REJECT] =   FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
                },
                .rcode = RLM_MODULE_NOOP,
-               .reject = FR_CODE_ACCESS_REJECT,
+               .reject = FR_RADIUS_CODE_ACCESS_REJECT,
                .send = send_generic,
                .resume = resume_access_challenge,
-               .offset = offsetof(radius_unlang_packets_t, access_challenge),
+               .section_offset = offsetof(process_radius_sections_t, access_challenge),
        },
 
-       [ FR_CODE_ACCOUNTING_REQUEST ] = {
+       [ FR_RADIUS_CODE_ACCOUNTING_REQUEST ] = {
                .packet_type = {
-                       [RLM_MODULE_NOOP] =     FR_CODE_ACCOUNTING_RESPONSE,
-                       [RLM_MODULE_OK] =       FR_CODE_ACCOUNTING_RESPONSE,
-                       [RLM_MODULE_UPDATED] =  FR_CODE_ACCOUNTING_RESPONSE,
-                       [RLM_MODULE_HANDLED] =  FR_CODE_ACCOUNTING_RESPONSE,
-
-                       [RLM_MODULE_FAIL] =     FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_INVALID] =  FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_NOTFOUND] = FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_REJECT] =   FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_DO_NOT_RESPOND
+                       [RLM_MODULE_NOOP] =     FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+                       [RLM_MODULE_OK] =       FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+                       [RLM_MODULE_UPDATED] =  FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+                       [RLM_MODULE_HANDLED] =  FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND
                },
                .rcode = RLM_MODULE_NOOP,
                .recv = recv_generic,
                .resume = resume_accounting_request,
-               .offset = offsetof(radius_unlang_packets_t, accounting_request),
+               .section_offset = offsetof(process_radius_sections_t, accounting_request),
        },
-       [ FR_CODE_ACCOUNTING_RESPONSE ] = {
+       [ FR_RADIUS_CODE_ACCOUNTING_RESPONSE ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_INVALID] =  FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_NOTFOUND] = FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_REJECT] =   FR_CODE_DO_NOT_RESPOND,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_DO_NOT_RESPOND,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND,
                },
                .rcode = RLM_MODULE_NOOP,
                .send = send_generic,
                .resume = resume_send_generic,
-               .offset = offsetof(radius_unlang_packets_t, accounting_response),
+               .section_offset = offsetof(process_radius_sections_t, accounting_response),
        },
-       [ FR_CODE_STATUS_SERVER ] = {
+       [ FR_RADIUS_CODE_STATUS_SERVER ] = {
                .packet_type = {
-                       [RLM_MODULE_OK] =       FR_CODE_ACCESS_ACCEPT,
-                       [RLM_MODULE_UPDATED] =  FR_CODE_ACCESS_ACCEPT,
-
-                       [RLM_MODULE_FAIL] =     FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_INVALID] =  FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_NOTFOUND] = FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_REJECT] =   FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_NOOP] =     FR_CODE_ACCESS_REJECT,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+                       [RLM_MODULE_OK] =       FR_RADIUS_CODE_ACCESS_ACCEPT,
+                       [RLM_MODULE_UPDATED] =  FR_RADIUS_CODE_ACCESS_ACCEPT,
+
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_NOOP] =     FR_RADIUS_CODE_ACCESS_REJECT,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
                },
                .rcode = RLM_MODULE_NOOP,
                .recv = recv_generic,
                .resume = resume_recv_generic,
-               .offset = offsetof(radius_unlang_packets_t, status_server),
+               .section_offset = offsetof(process_radius_sections_t, status_server),
        },
-       [ FR_CODE_COA_REQUEST ] = {
+       [ FR_RADIUS_CODE_COA_REQUEST ] = {
                .packet_type = {
-                       [RLM_MODULE_NOOP] =     FR_CODE_COA_ACK,
-                       [RLM_MODULE_OK] =       FR_CODE_COA_ACK,
-                       [RLM_MODULE_UPDATED] =  FR_CODE_COA_ACK,
-                       [RLM_MODULE_NOTFOUND] = FR_CODE_COA_ACK,
-
-                       [RLM_MODULE_FAIL] =     FR_CODE_COA_NAK,
-                       [RLM_MODULE_INVALID] =  FR_CODE_COA_NAK,
-                       [RLM_MODULE_REJECT] =   FR_CODE_COA_NAK,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_COA_NAK
+                       [RLM_MODULE_NOOP] =     FR_RADIUS_CODE_COA_ACK,
+                       [RLM_MODULE_OK] =       FR_RADIUS_CODE_COA_ACK,
+                       [RLM_MODULE_UPDATED] =  FR_RADIUS_CODE_COA_ACK,
+                       [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_COA_ACK,
+
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_COA_NAK
                },
                .rcode = RLM_MODULE_NOOP,
                .recv = recv_generic,
                .resume = resume_recv_generic,
-               .offset = offsetof(radius_unlang_packets_t, coa_request),
+               .section_offset = offsetof(process_radius_sections_t, coa_request),
        },
-       [ FR_CODE_COA_ACK ] = {
+       [ FR_RADIUS_CODE_COA_ACK ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_COA_NAK,
-                       [RLM_MODULE_INVALID] =  FR_CODE_COA_NAK,
-                       [RLM_MODULE_REJECT] =   FR_CODE_COA_NAK,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_COA_NAK
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_COA_NAK
                },
                .rcode = RLM_MODULE_NOOP,
-               .reject = FR_CODE_COA_NAK,
+               .reject = FR_RADIUS_CODE_COA_NAK,
                .send = send_generic,
                .resume = resume_send_generic,
-               .offset = offsetof(radius_unlang_packets_t, coa_ack),
+               .section_offset = offsetof(process_radius_sections_t, coa_ack),
        },
-       [ FR_CODE_COA_NAK ] = {
+       [ FR_RADIUS_CODE_COA_NAK ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_COA_NAK,
-                       [RLM_MODULE_INVALID] =  FR_CODE_COA_NAK,
-                       [RLM_MODULE_REJECT] =   FR_CODE_COA_NAK,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_COA_NAK
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_COA_NAK,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_COA_NAK
                },
                .rcode = RLM_MODULE_NOOP,
                .send = send_generic,
                .resume = resume_send_generic,
-               .offset = offsetof(radius_unlang_packets_t, coa_nak),
+               .section_offset = offsetof(process_radius_sections_t, coa_nak),
        },
-       [ FR_CODE_DISCONNECT_REQUEST ] = {
+       [ FR_RADIUS_CODE_DISCONNECT_REQUEST ] = {
                .packet_type = {
-                       [RLM_MODULE_NOOP] =     FR_CODE_DISCONNECT_ACK,
-                       [RLM_MODULE_OK] =       FR_CODE_DISCONNECT_ACK,
-                       [RLM_MODULE_UPDATED] =  FR_CODE_DISCONNECT_ACK,
-                       [RLM_MODULE_NOTFOUND] = FR_CODE_DISCONNECT_ACK,
-
-                       [RLM_MODULE_FAIL] =     FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_INVALID] =  FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_REJECT] =   FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_DISCONNECT_NAK
+                       [RLM_MODULE_NOOP] =     FR_RADIUS_CODE_DISCONNECT_ACK,
+                       [RLM_MODULE_OK] =       FR_RADIUS_CODE_DISCONNECT_ACK,
+                       [RLM_MODULE_UPDATED] =  FR_RADIUS_CODE_DISCONNECT_ACK,
+                       [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DISCONNECT_ACK,
+
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DISCONNECT_NAK
                },
                .rcode = RLM_MODULE_NOOP,
                .recv = recv_generic,
                .resume = resume_recv_generic,
-               .offset = offsetof(radius_unlang_packets_t, disconnect_request),
+               .section_offset = offsetof(process_radius_sections_t, disconnect_request),
        },
-       [ FR_CODE_DISCONNECT_ACK ] = {
+       [ FR_RADIUS_CODE_DISCONNECT_ACK ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_INVALID] =  FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_REJECT] =   FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_DISCONNECT_NAK
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DISCONNECT_NAK
                },
                .rcode = RLM_MODULE_NOOP,
-               .reject = FR_CODE_DISCONNECT_NAK,
+               .reject = FR_RADIUS_CODE_DISCONNECT_NAK,
                .send = send_generic,
                .resume = resume_send_generic,
-               .offset = offsetof(radius_unlang_packets_t, disconnect_ack),
+               .section_offset = offsetof(process_radius_sections_t, disconnect_ack),
        },
-       [ FR_CODE_DISCONNECT_NAK ] = {
+       [ FR_RADIUS_CODE_DISCONNECT_NAK ] = {
                .packet_type = {
-                       [RLM_MODULE_FAIL] =     FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_INVALID] =  FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_REJECT] =   FR_CODE_DISCONNECT_NAK,
-                       [RLM_MODULE_DISALLOW] = FR_CODE_DISCONNECT_NAK
+                       [RLM_MODULE_FAIL] =     FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_INVALID] =  FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_REJECT] =   FR_RADIUS_CODE_DISCONNECT_NAK,
+                       [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DISCONNECT_NAK
                },
                .rcode = RLM_MODULE_NOOP,
                .send = send_generic,
                .resume = resume_send_generic,
-               .offset = offsetof(radius_unlang_packets_t, disconnect_nak),
+               .section_offset = offsetof(process_radius_sections_t, disconnect_nak),
        },
 };
 
 #undef CONF
-#define CONF(_x) .offset = offsetof(process_radius_t, packets._x)
+#define CONF(_x) .offset = offsetof(process_radius_t, sections._x)
 
-static const virtual_server_compile_t compile_list[] = {
+static virtual_server_compile_t const compile_list[] = {
        {
                .name = "recv",
                .name2 = "Access-Request",
index d3d54c2c650f4d9e5d1740f39ac25fdd4dc3b9de..9765f1774f2897aaeda4b30ceb4b689128b8d72c 100644 (file)
@@ -126,17 +126,17 @@ size_t const fr_radius_attr_sizes[FR_TYPE_MAX + 1][2] = {
 #define FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf_push
 
 fr_table_num_sorted_t const fr_request_types[] = {
-       { L("acct"),    FR_CODE_ACCOUNTING_REQUEST      },
-       { L("auth"),    FR_CODE_ACCESS_REQUEST          },
-       { L("auto"),    FR_CODE_UNDEFINED               },
-       { L("challenge"),       FR_CODE_ACCESS_CHALLENGE        },
-       { L("coa"),     FR_CODE_COA_REQUEST             },
-       { L("disconnect"),      FR_CODE_DISCONNECT_REQUEST      },
-       { L("status"),  FR_CODE_STATUS_SERVER           }
+       { L("acct"),    FR_RADIUS_CODE_ACCOUNTING_REQUEST       },
+       { L("auth"),    FR_RADIUS_CODE_ACCESS_REQUEST           },
+       { L("auto"),    FR_RADIUS_CODE_UNDEFINED                },
+       { L("challenge"),       FR_RADIUS_CODE_ACCESS_CHALLENGE },
+       { L("coa"),     FR_RADIUS_CODE_COA_REQUEST              },
+       { L("disconnect"),      FR_RADIUS_CODE_DISCONNECT_REQUEST       },
+       { L("status"),  FR_RADIUS_CODE_STATUS_SERVER            }
 };
 size_t fr_request_types_len = NUM_ELEMENTS(fr_request_types);
 
-char const *fr_packet_codes[FR_RADIUS_MAX_PACKET_CODE] = {
+char const *fr_packet_codes[FR_RADIUS_CODE_MAX] = {
        "",                                     //!< 0
        "Access-Request",
        "Access-Accept",
@@ -192,12 +192,12 @@ char const *fr_packet_codes[FR_RADIUS_MAX_PACKET_CODE] = {
        "Protocol-Error",
 };
 
-bool const fr_request_packets[FR_RADIUS_MAX_PACKET_CODE + 1] = {
-       [FR_CODE_ACCESS_REQUEST] = true,
-       [FR_CODE_ACCOUNTING_REQUEST] = true,
-       [FR_CODE_STATUS_SERVER] = true,
-       [FR_CODE_COA_REQUEST] = true,
-       [FR_CODE_DISCONNECT_REQUEST] = true,
+bool const fr_request_packets[FR_RADIUS_CODE_MAX + 1] = {
+       [FR_RADIUS_CODE_ACCESS_REQUEST] = true,
+       [FR_RADIUS_CODE_ACCOUNTING_REQUEST] = true,
+       [FR_RADIUS_CODE_STATUS_SERVER] = true,
+       [FR_RADIUS_CODE_COA_REQUEST] = true,
+       [FR_RADIUS_CODE_DISCONNECT_REQUEST] = true,
 };
 
 
@@ -389,31 +389,31 @@ int fr_radius_sign(uint8_t *packet, uint8_t const *original,
                }
 
                switch (packet[0]) {
-               case FR_CODE_ACCOUNTING_RESPONSE:
-               case FR_CODE_DISCONNECT_ACK:
-               case FR_CODE_DISCONNECT_NAK:
-               case FR_CODE_COA_ACK:
-               case FR_CODE_COA_NAK:
+               case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+               case FR_RADIUS_CODE_DISCONNECT_ACK:
+               case FR_RADIUS_CODE_DISCONNECT_NAK:
+               case FR_RADIUS_CODE_COA_ACK:
+               case FR_RADIUS_CODE_COA_NAK:
                        if (!original) goto need_original;
-                       if (original[0] == FR_CODE_STATUS_SERVER) goto do_ack;
+                       if (original[0] == FR_RADIUS_CODE_STATUS_SERVER) goto do_ack;
                        FALL_THROUGH;
 
-               case FR_CODE_ACCOUNTING_REQUEST:
-               case FR_CODE_DISCONNECT_REQUEST:
-               case FR_CODE_COA_REQUEST:
+               case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+               case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+               case FR_RADIUS_CODE_COA_REQUEST:
                        memset(packet + 4, 0, RADIUS_AUTH_VECTOR_LENGTH);
                        break;
 
-               case FR_CODE_ACCESS_ACCEPT:
-               case FR_CODE_ACCESS_REJECT:
-               case FR_CODE_ACCESS_CHALLENGE:
+               case FR_RADIUS_CODE_ACCESS_ACCEPT:
+               case FR_RADIUS_CODE_ACCESS_REJECT:
+               case FR_RADIUS_CODE_ACCESS_CHALLENGE:
                do_ack:
                        if (!original) goto need_original;
                        memcpy(packet + 4, original + 4, RADIUS_AUTH_VECTOR_LENGTH);
                        break;
 
-               case FR_CODE_ACCESS_REQUEST:
-               case FR_CODE_STATUS_SERVER:
+               case FR_RADIUS_CODE_ACCESS_REQUEST:
+               case FR_RADIUS_CODE_STATUS_SERVER:
                        /* packet + 4 MUST be the Request Authenticator filled with random data */
                        break;
 
@@ -435,21 +435,21 @@ int fr_radius_sign(uint8_t *packet, uint8_t const *original,
         *      Initialize the request authenticator.
         */
        switch (packet[0]) {
-       case FR_CODE_ACCOUNTING_REQUEST:
-       case FR_CODE_DISCONNECT_REQUEST:
-       case FR_CODE_COA_REQUEST:
+       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+       case FR_RADIUS_CODE_COA_REQUEST:
                memset(packet + 4, 0, RADIUS_AUTH_VECTOR_LENGTH);
                break;
 
-       case FR_CODE_ACCESS_ACCEPT:
-       case FR_CODE_ACCESS_REJECT:
-       case FR_CODE_ACCESS_CHALLENGE:
-       case FR_CODE_ACCOUNTING_RESPONSE:
-       case FR_CODE_DISCONNECT_ACK:
-       case FR_CODE_DISCONNECT_NAK:
-       case FR_CODE_COA_ACK:
-       case FR_CODE_COA_NAK:
-       case FR_CODE_PROTOCOL_ERROR:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+       case FR_RADIUS_CODE_DISCONNECT_ACK:
+       case FR_RADIUS_CODE_DISCONNECT_NAK:
+       case FR_RADIUS_CODE_COA_ACK:
+       case FR_RADIUS_CODE_COA_NAK:
+       case FR_RADIUS_CODE_PROTOCOL_ERROR:
                if (!original) {
                need_original:
                        fr_strerror_const("Cannot sign response packet without a request packet");
@@ -463,8 +463,8 @@ int fr_radius_sign(uint8_t *packet, uint8_t const *original,
                 *      We don't need to sign anything else, so
                 *      return.
                 */
-       case FR_CODE_ACCESS_REQUEST:
-       case FR_CODE_STATUS_SERVER:
+       case FR_RADIUS_CODE_ACCESS_REQUEST:
+       case FR_RADIUS_CODE_STATUS_SERVER:
                return 0;
 
        default:
@@ -538,7 +538,7 @@ bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p,
         *      Code of 16 or greate is not understood.
         */
        if ((packet[0] == 0) ||
-           (packet[0] >= FR_RADIUS_MAX_PACKET_CODE)) {
+           (packet[0] >= FR_RADIUS_CODE_MAX)) {
                FR_DEBUG_STRERROR_PRINTF("unknown packet code %d", packet[0]);
                failure = DECODE_FAIL_UNKNOWN_PACKET_CODE;
                goto finish;
@@ -548,7 +548,7 @@ bool fr_radius_ok(uint8_t const *packet, size_t *packet_len_p,
         *      Message-Authenticator is required in Status-Server
         *      packets, otherwise they can be trivially forged.
         */
-       if (packet[0] == FR_CODE_STATUS_SERVER) require_ma = true;
+       if (packet[0] == FR_RADIUS_CODE_STATUS_SERVER) require_ma = true;
 
        /*
         *      Repeat the length checks.  This time, instead of
@@ -852,7 +852,7 @@ int fr_radius_verify(uint8_t *packet, uint8_t const *original,
         *      These are random numbers, so there's no point in
         *      comparing them.
         */
-       if ((packet[0] == FR_CODE_ACCESS_REQUEST) || (packet[0] == FR_CODE_STATUS_SERVER)) {
+       if ((packet[0] == FR_RADIUS_CODE_ACCESS_REQUEST) || (packet[0] == FR_RADIUS_CODE_STATUS_SERVER)) {
                return 0;
        }
 
@@ -926,23 +926,23 @@ ssize_t fr_radius_encode_dbuff(fr_dbuff_t *dbuff, uint8_t const *original,
        FR_DBUFF_IN_RETURN(&work_dbuff, (uint16_t) RADIUS_HEADER_LENGTH);
 
        switch (code) {
-       case FR_CODE_ACCESS_REQUEST:
-       case FR_CODE_STATUS_SERVER:
+       case FR_RADIUS_CODE_ACCESS_REQUEST:
+       case FR_RADIUS_CODE_STATUS_SERVER:
                /*
                 * Callers in these cases have preloaded the buffer with the authentication vector.
                 */
                FR_DBUFF_OUT_MEMCPY_RETURN(packet_ctx.vector, &work_dbuff, sizeof(packet_ctx.vector));
                break;
 
-       case FR_CODE_ACCESS_ACCEPT:
-       case FR_CODE_ACCESS_REJECT:
-       case FR_CODE_ACCESS_CHALLENGE:
-       case FR_CODE_ACCOUNTING_RESPONSE:
-       case FR_CODE_COA_ACK:
-       case FR_CODE_COA_NAK:
-       case FR_CODE_DISCONNECT_ACK:
-       case FR_CODE_DISCONNECT_NAK:
-       case FR_CODE_PROTOCOL_ERROR:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+       case FR_RADIUS_CODE_COA_ACK:
+       case FR_RADIUS_CODE_COA_NAK:
+       case FR_RADIUS_CODE_DISCONNECT_ACK:
+       case FR_RADIUS_CODE_DISCONNECT_NAK:
+       case FR_RADIUS_CODE_PROTOCOL_ERROR:
                if (!original) {
                        fr_strerror_const("Cannot encode response without request");
                        return -1;
@@ -951,9 +951,9 @@ ssize_t fr_radius_encode_dbuff(fr_dbuff_t *dbuff, uint8_t const *original,
                FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, packet_ctx.vector, RADIUS_AUTH_VECTOR_LENGTH);
                break;
 
-       case FR_CODE_ACCOUNTING_REQUEST:
-       case FR_CODE_COA_REQUEST:
-       case FR_CODE_DISCONNECT_REQUEST:
+       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+       case FR_RADIUS_CODE_COA_REQUEST:
+       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
                memset(packet_ctx.vector, 0, sizeof(packet_ctx.vector));
                FR_DBUFF_MEMSET_RETURN(&work_dbuff, 0, RADIUS_AUTH_VECTOR_LENGTH);
                break;
@@ -968,7 +968,7 @@ ssize_t fr_radius_encode_dbuff(fr_dbuff_t *dbuff, uint8_t const *original,
         *      Original-Packet-Code manually.  If the user adds it
         *      later themselves, well, too bad.
         */
-       if (code == FR_CODE_PROTOCOL_ERROR) {
+       if (code == FR_RADIUS_CODE_PROTOCOL_ERROR) {
                FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_EXTENDED_ATTRIBUTE_1, 0x07, 0x04 /* Original-Packet-Code */,
                                         0x00, 0x00, 0x00, original[0]);
        }
index fd91cf63eadedfa31438cf4e3eb978e20c76d708..746f00fd1dd7ad3db8c662873b89a57bfbc30900 100644 (file)
@@ -29,36 +29,32 @@ RCSIDH(radius_h, "$Id$")
  *
  */
 typedef enum {
-       FR_CODE_UNDEFINED               = 0,    //!< Packet code has not been set
-       FR_CODE_ACCESS_REQUEST          = 1,    //!< RFC2865 - Access-Request
-       FR_CODE_ACCESS_ACCEPT           = 2,    //!< RFC2865 - Access-Accept
-       FR_CODE_ACCESS_REJECT           = 3,    //!< RFC2865 - Access-Reject
-       FR_CODE_ACCOUNTING_REQUEST      = 4,    //!< RFC2866 - Accounting-Request
-       FR_CODE_ACCOUNTING_RESPONSE     = 5,    //!< RFC2866 - Accounting-Response
-       FR_CODE_ACCOUNTING_STATUS       = 6,    //!< RFC3575 - Reserved
-       FR_CODE_PASSWORD_REQUEST        = 7,    //!< RFC3575 - Reserved
-       FR_CODE_PASSWORD_ACK            = 8,    //!< RFC3575 - Reserved
-       FR_CODE_PASSWORD_REJECT         = 9,    //!< RFC3575 - Reserved
-       FR_CODE_ACCOUNTING_MESSAGE      = 10,   //!< RFC3575 - Reserved
-       FR_CODE_ACCESS_CHALLENGE        = 11,   //!< RFC2865 - Access-Challenge
-       FR_CODE_STATUS_SERVER           = 12,   //!< RFC2865/RFC5997 - Status Server (request)
-       FR_CODE_STATUS_CLIENT           = 13,   //!< RFC2865/RFC5997 - Status Server (response)
-       FR_CODE_DISCONNECT_REQUEST      = 40,   //!< RFC3575/RFC5176 - Disconnect-Request
-       FR_CODE_DISCONNECT_ACK          = 41,   //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
-       FR_CODE_DISCONNECT_NAK          = 42,   //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
-       FR_CODE_COA_REQUEST             = 43,   //!< RFC3575/RFC5176 - CoA-Request
-       FR_CODE_COA_ACK                 = 44,   //!< RFC3575/RFC5176 - CoA-Ack (positive)
-       FR_CODE_COA_NAK                 = 45,   //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
-       FR_CODE_PROTOCOL_ERROR          = 52,   //!< RFC7930 - Protocol-Error (generic NAK)
-       FR_CODE_RADIUS_MAX              = 255,  //!< Maximum possible code
-} FR_CODE;
-
-/*
- *     Maximum code that we accept
- */
-#define        FR_RADIUS_MAX_PACKET_CODE       (53)
-
-#define FR_CODE_DO_NOT_RESPOND         (256)
+       FR_RADIUS_CODE_UNDEFINED                = 0,    //!< Packet code has not been set
+       FR_RADIUS_CODE_ACCESS_REQUEST           = 1,    //!< RFC2865 - Access-Request
+       FR_RADIUS_CODE_ACCESS_ACCEPT            = 2,    //!< RFC2865 - Access-Accept
+       FR_RADIUS_CODE_ACCESS_REJECT            = 3,    //!< RFC2865 - Access-Reject
+       FR_RADIUS_CODE_ACCOUNTING_REQUEST       = 4,    //!< RFC2866 - Accounting-Request
+       FR_RADIUS_CODE_ACCOUNTING_RESPONSE      = 5,    //!< RFC2866 - Accounting-Response
+       FR_RADIUS_CODE_ACCOUNTING_STATUS        = 6,    //!< RFC3575 - Reserved
+       FR_RADIUS_CODE_PASSWORD_REQUEST         = 7,    //!< RFC3575 - Reserved
+       FR_RADIUS_CODE_PASSWORD_ACK             = 8,    //!< RFC3575 - Reserved
+       FR_RADIUS_CODE_PASSWORD_REJECT          = 9,    //!< RFC3575 - Reserved
+       FR_RADIUS_CODE_ACCOUNTING_MESSAGE       = 10,   //!< RFC3575 - Reserved
+       FR_RADIUS_CODE_ACCESS_CHALLENGE         = 11,   //!< RFC2865 - Access-Challenge
+       FR_RADIUS_CODE_STATUS_SERVER            = 12,   //!< RFC2865/RFC5997 - Status Server (request)
+       FR_RADIUS_CODE_STATUS_CLIENT            = 13,   //!< RFC2865/RFC5997 - Status Server (response)
+       FR_RADIUS_CODE_DISCONNECT_REQUEST       = 40,   //!< RFC3575/RFC5176 - Disconnect-Request
+       FR_RADIUS_CODE_DISCONNECT_ACK           = 41,   //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
+       FR_RADIUS_CODE_DISCONNECT_NAK           = 42,   //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
+       FR_RADIUS_CODE_COA_REQUEST              = 43,   //!< RFC3575/RFC5176 - CoA-Request
+       FR_RADIUS_CODE_COA_ACK                  = 44,   //!< RFC3575/RFC5176 - CoA-Ack (positive)
+       FR_RADIUS_CODE_COA_NAK                  = 45,   //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
+       FR_RADIUS_CODE_PROTOCOL_ERROR           = 52,   //!< RFC7930 - Protocol-Error (generic NAK)
+       FR_RADIUS_CODE_MAX                      = 53,   //!< Maximum possible protocol code
+       FR_RADIUS_CODE_DO_NOT_RESPOND           = 256   //!< Special rcode to indicate we will not respond.
+} fr_radius_packet_code_t;
+
+#define FR_RADIUS_PACKET_CODE_VALID(_code) (((_code) > 0) && ((_code) < FR_RADIUS_CODE_MAX))
 
 #define FR_AUTH_UDP_PORT               1812
 #define FR_AUTH_UDP_PORT_ALT           1645
index 3c586ed9e90c49d655bafd03d1db0f08887fdee5..22a37187554af6a378ed76641398eac2d02aeb60 100644 (file)
@@ -1513,14 +1513,14 @@ static int encode_test_ctx(void **out, TALLOC_CTX *ctx)
 static ssize_t fr_radius_encode_proto(UNUSED TALLOC_CTX *ctx, fr_pair_list_t *vps, uint8_t *data, size_t data_len, void *proto_ctx)
 {
        fr_radius_ctx_t *test_ctx = talloc_get_type_abort(proto_ctx, fr_radius_ctx_t);
-       int packet_type = FR_CODE_ACCESS_REQUEST;
+       int packet_type = FR_RADIUS_CODE_ACCESS_REQUEST;
        fr_pair_t *vp;
        ssize_t slen;
 
        vp = fr_pair_find_by_da(vps, attr_packet_type);
        if (vp) packet_type = vp->vp_uint32;
 
-       if ((packet_type == FR_CODE_ACCESS_REQUEST) || (packet_type == FR_CODE_STATUS_SERVER)) {
+       if ((packet_type == FR_RADIUS_CODE_ACCESS_REQUEST) || (packet_type == FR_RADIUS_CODE_STATUS_SERVER)) {
                vp = fr_pair_find_by_da(vps, attr_packet_authentication_vector);
                if (vp && (vp->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) {
                        memcpy(data + 4, vp->vp_octets, RADIUS_AUTH_VECTOR_LENGTH);
index d440888a4e6d8259aa950628f652f2e49591447d..0fab3e169707b4c6c4a1eb4dfabe1b83074b5c30 100644 (file)
@@ -136,19 +136,19 @@ int fr_radius_packet_decode(fr_radius_packet_t *packet, fr_pair_list_t *list,
 #endif
 
        switch (packet->code) {
-       case FR_CODE_ACCESS_REQUEST:
-       case FR_CODE_STATUS_SERVER:
+       case FR_RADIUS_CODE_ACCESS_REQUEST:
+       case FR_RADIUS_CODE_STATUS_SERVER:
                memcpy(packet_ctx.vector, packet->vector, sizeof(packet_ctx.vector));
                break;
 
-       case FR_CODE_ACCESS_ACCEPT:
-       case FR_CODE_ACCESS_REJECT:
-       case FR_CODE_ACCESS_CHALLENGE:
-       case FR_CODE_ACCOUNTING_RESPONSE:
-       case FR_CODE_COA_ACK:
-       case FR_CODE_COA_NAK:
-       case FR_CODE_DISCONNECT_ACK:
-       case FR_CODE_DISCONNECT_NAK:
+       case FR_RADIUS_CODE_ACCESS_ACCEPT:
+       case FR_RADIUS_CODE_ACCESS_REJECT:
+       case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+       case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+       case FR_RADIUS_CODE_COA_ACK:
+       case FR_RADIUS_CODE_COA_NAK:
+       case FR_RADIUS_CODE_DISCONNECT_ACK:
+       case FR_RADIUS_CODE_DISCONNECT_NAK:
                /*
                 *      radsniff doesn't always have a response
                 */
@@ -160,9 +160,9 @@ int fr_radius_packet_decode(fr_radius_packet_t *packet, fr_pair_list_t *list,
                }
                break;
 
-       case FR_CODE_ACCOUNTING_REQUEST:
-       case FR_CODE_COA_REQUEST:
-       case FR_CODE_DISCONNECT_REQUEST:
+       case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+       case FR_RADIUS_CODE_COA_REQUEST:
+       case FR_RADIUS_CODE_DISCONNECT_REQUEST:
                memset(packet->vector, 0, sizeof(packet->vector));
                memset(packet_ctx.vector, 0, sizeof(packet_ctx.vector));
                break;
@@ -334,8 +334,8 @@ int fr_radius_packet_sign(fr_radius_packet_t *packet, fr_radius_packet_t const *
         *      codes have the Request Authenticator be the packet
         *      signature.
         */
-       if ((packet->code == FR_CODE_ACCESS_REQUEST) ||
-           (packet->code == FR_CODE_STATUS_SERVER)) {
+       if ((packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) ||
+           (packet->code == FR_RADIUS_CODE_STATUS_SERVER)) {
                memcpy(packet->data + 4, packet->vector, sizeof(packet->vector));
        }
 
@@ -536,7 +536,7 @@ void _fr_radius_packet_log_hex(fr_log_t const *log, fr_radius_packet_t const *pa
                fr_log(log, L_DBG, file, line, "  Dst Port : %u", packet->socket.inet.dst_port);
        }
 
-       if ((packet->data[0] > 0) && (packet->data[0] < FR_RADIUS_MAX_PACKET_CODE)) {
+       if ((packet->data[0] > 0) && (packet->data[0] < FR_RADIUS_CODE_MAX)) {
                fr_log(log, L_DBG, file, line, "  Code     : %s", fr_packet_codes[packet->data[0]]);
        } else {
                fr_log(log, L_DBG, file, line, "  Code     : %u", packet->data[0]);
index cd25e078ab1cb225701a00264b4bcd220af78504..d0baf972cd3c5aff50bcefd97e164e119cc2f131 100644 (file)
@@ -48,8 +48,8 @@
  *     protocols/radius/base.c
  */
 
-extern char const *fr_packet_codes[FR_RADIUS_MAX_PACKET_CODE];
-#define is_radius_code(_x) ((_x > 0) && (_x < FR_RADIUS_MAX_PACKET_CODE))
+extern char const *fr_packet_codes[FR_RADIUS_CODE_MAX];
+#define is_radius_code(_x) ((_x > 0) && (_x < FR_RADIUS_CODE_MAX))
 
 #define AUTH_PASS_LEN (RADIUS_AUTH_VECTOR_LENGTH)
 
@@ -57,7 +57,7 @@ extern char const *fr_packet_codes[FR_RADIUS_MAX_PACKET_CODE];
 extern size_t const fr_radius_attr_sizes[FR_TYPE_MAX + 1][2];
 extern fr_table_num_sorted_t const fr_request_types[];
 extern size_t fr_request_types_len;
-extern bool const fr_request_packets[FR_RADIUS_MAX_PACKET_CODE + 1];
+extern bool const fr_request_packets[FR_RADIUS_CODE_MAX + 1];
 
 typedef enum {
        DECODE_FAIL_NONE = 0,
index 04562a0ed42d32085785db92716d1e92edd1878e..a246051ba2e1d79f8bd7951985bd38822f2aa379 100644 (file)
@@ -32,7 +32,7 @@ extern "C" {
 #endif
 
 #define FR_VQP_MAX_CODE (5)
-#define FR_CODE_DO_NOT_RESPOND (0)
+#define FR_RADIUS_CODE_DO_NOT_RESPOND (0)
 #define FR_VQP_HDR_LEN (8)
 #define FR_VQP_VERSION (1)
 
index 2fb4ce529a4c5d0910f3f9201c4d0f9a8451a16f..b0906ae9e35453e1b1e8ba7a88ccbfa73a1e41fc 100644 (file)
@@ -121,7 +121,7 @@ static ssize_t test_encode(UNUSED void const *instance, request_t *request, uint
        MPRINT1("\t\tENCODE >>> request %"PRIu64" - data %p %p room %zd\n",
                request->number, pc, buffer, buffer_len);
 
-       buffer[0] = FR_CODE_ACCESS_ACCEPT;
+       buffer[0] = FR_RADIUS_CODE_ACCESS_ACCEPT;
        buffer[1] = pc->id;
        buffer[2] = 0;
        buffer[3] = 20;
@@ -369,7 +369,7 @@ static void master_process(TALLOC_CTX *ctx)
                         *      Verify the packet before doing anything more with it.
                         */
                        packet = cd->m.data;
-                       if (packet[0] != FR_CODE_ACCESS_REQUEST) {
+                       if (packet[0] != FR_RADIUS_CODE_ACCESS_REQUEST) {
                                MPRINT1("Master ignoring packet code %u\n", packet[0]);
                                goto discard;
                        }
index 33dd3e16a83fb3fb9cb88eded825e33152a454fd..ae601aa8be3198df66be7f0a02b745254b3b78ee 100644 (file)
@@ -87,7 +87,7 @@ static ssize_t test_encode(void const *instance, request_t *request, uint8_t *bu
 
        MPRINT1("\t\tENCODE >>> request %"PRIu64"- data %p %p room %zd\n", request->number, pc, buffer, buffer_len);
 
-       buffer[0] = FR_CODE_ACCESS_ACCEPT;
+       buffer[0] = FR_RADIUS_CODE_ACCESS_ACCEPT;
        buffer[1] = tpc.id;
        buffer[2] = 0;
        buffer[3] = 20;