*
*/
rs_stats_tmpl_t *rs_stats_collectd_init_latency(TALLOC_CTX *ctx, rs_stats_tmpl_t **out, rs_t *conf,
- char const *type, rs_latency_t *stats, FR_CODE code)
+ char const *type, rs_latency_t *stats, fr_radius_packet_code_t code)
{
rs_stats_tmpl_t **tmpl, *last;
char *p;
static rc_stats_t stats;
static uint16_t server_port = 0;
-static int packet_code = FR_CODE_UNDEFINED;
+static int packet_code = FR_RADIUS_CODE_UNDEFINED;
static fr_ipaddr_t server_ipaddr;
static int resend_count = 1;
static bool done = true;
/*
* Set a port from the request type if we don't already have one
*/
-static void radclient_get_port(FR_CODE type, uint16_t *port)
+static void radclient_get_port(fr_radius_packet_code_t type, uint16_t *port)
{
switch (type) {
default:
- case FR_CODE_ACCESS_REQUEST:
- case FR_CODE_ACCESS_CHALLENGE:
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_STATUS_SERVER:
if (*port == 0) *port = getport("radius");
if (*port == 0) *port = FR_AUTH_UDP_PORT;
return;
- case FR_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
if (*port == 0) *port = getport("radacct");
if (*port == 0) *port = FR_ACCT_UDP_PORT;
return;
- case FR_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
if (*port == 0) *port = FR_POD_UDP_PORT;
return;
- case FR_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
if (*port == 0) *port = FR_COA_UDP_PORT;
return;
- case FR_CODE_UNDEFINED:
+ case FR_RADIUS_CODE_UNDEFINED:
if (*port == 0) *port = 0;
return;
}
/*
* Resolve a port to a request type
*/
-static FR_CODE radclient_get_code(uint16_t port)
+static fr_radius_packet_code_t radclient_get_code(uint16_t port)
{
/*
* getport returns 0 if the service doesn't exist
* so we need to return early, to avoid incorrect
* codes.
*/
- if (port == 0) return FR_CODE_UNDEFINED;
+ if (port == 0) return FR_RADIUS_CODE_UNDEFINED;
if ((port == getport("radius")) || (port == FR_AUTH_UDP_PORT) || (port == FR_AUTH_UDP_PORT_ALT)) {
- return FR_CODE_ACCESS_REQUEST;
+ return FR_RADIUS_CODE_ACCESS_REQUEST;
}
if ((port == getport("radacct")) || (port == FR_ACCT_UDP_PORT) || (port == FR_ACCT_UDP_PORT_ALT)) {
- return FR_CODE_ACCOUNTING_REQUEST;
+ return FR_RADIUS_CODE_ACCOUNTING_REQUEST;
}
- if (port == FR_COA_UDP_PORT) return FR_CODE_COA_REQUEST;
+ if (port == FR_COA_UDP_PORT) return FR_RADIUS_CODE_COA_REQUEST;
- return FR_CODE_UNDEFINED;
+ return FR_RADIUS_CODE_UNDEFINED;
}
/*
* Use the default set on the command line
*/
- if (request->packet->code == FR_CODE_UNDEFINED) request->packet->code = packet_code;
+ if (request->packet->code == FR_RADIUS_CODE_UNDEFINED) request->packet->code = packet_code;
/*
* Default to the filename
* Automatically set the response code from the request code
* (if one wasn't already set).
*/
- if (request->filter_code == FR_CODE_UNDEFINED) {
+ if (request->filter_code == FR_RADIUS_CODE_UNDEFINED) {
switch (request->packet->code) {
- case FR_CODE_ACCESS_REQUEST:
- request->filter_code = FR_CODE_ACCESS_ACCEPT;
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ request->filter_code = FR_RADIUS_CODE_ACCESS_ACCEPT;
break;
- case FR_CODE_ACCOUNTING_REQUEST:
- request->filter_code = FR_CODE_ACCOUNTING_RESPONSE;
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ request->filter_code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
break;
- case FR_CODE_COA_REQUEST:
- request->filter_code = FR_CODE_COA_ACK;
+ case FR_RADIUS_CODE_COA_REQUEST:
+ request->filter_code = FR_RADIUS_CODE_COA_ACK;
break;
- case FR_CODE_DISCONNECT_REQUEST:
- request->filter_code = FR_CODE_DISCONNECT_ACK;
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+ request->filter_code = FR_RADIUS_CODE_DISCONNECT_ACK;
break;
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_STATUS_SERVER:
switch (radclient_get_code(request->packet->socket.inet.dst_port)) {
- case FR_CODE_ACCESS_REQUEST:
- request->filter_code = FR_CODE_ACCESS_ACCEPT;
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ request->filter_code = FR_RADIUS_CODE_ACCESS_ACCEPT;
break;
- case FR_CODE_ACCOUNTING_REQUEST:
- request->filter_code = FR_CODE_ACCOUNTING_RESPONSE;
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ request->filter_code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
break;
default:
- request->filter_code = FR_CODE_UNDEFINED;
+ request->filter_code = FR_RADIUS_CODE_UNDEFINED;
break;
}
break;
- case FR_CODE_UNDEFINED:
+ case FR_RADIUS_CODE_UNDEFINED:
REDEBUG("Packet-Type must be defined,"
"or a well known RADIUS port");
goto error;
* Automatically set the request code from the response code
* (if one wasn't already set).
*/
- } else if (request->packet->code == FR_CODE_UNDEFINED) {
+ } else if (request->packet->code == FR_RADIUS_CODE_UNDEFINED) {
switch (request->filter_code) {
- case FR_CODE_ACCESS_ACCEPT:
- case FR_CODE_ACCESS_REJECT:
- request->packet->code = FR_CODE_ACCESS_REQUEST;
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
+ request->packet->code = FR_RADIUS_CODE_ACCESS_REQUEST;
break;
- case FR_CODE_ACCOUNTING_RESPONSE:
- request->packet->code = FR_CODE_ACCOUNTING_REQUEST;
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+ request->packet->code = FR_RADIUS_CODE_ACCOUNTING_REQUEST;
break;
- case FR_CODE_DISCONNECT_ACK:
- case FR_CODE_DISCONNECT_NAK:
- request->packet->code = FR_CODE_DISCONNECT_REQUEST;
+ case FR_RADIUS_CODE_DISCONNECT_ACK:
+ case FR_RADIUS_CODE_DISCONNECT_NAK:
+ request->packet->code = FR_RADIUS_CODE_DISCONNECT_REQUEST;
break;
- case FR_CODE_COA_ACK:
- case FR_CODE_COA_NAK:
- request->packet->code = FR_CODE_COA_REQUEST;
+ case FR_RADIUS_CODE_COA_ACK:
+ case FR_RADIUS_CODE_COA_NAK:
+ request->packet->code = FR_RADIUS_CODE_COA_REQUEST;
break;
default:
* Increment counters...
*/
switch (request->reply->code) {
- case FR_CODE_ACCESS_ACCEPT:
- case FR_CODE_ACCOUNTING_RESPONSE:
- case FR_CODE_COA_ACK:
- case FR_CODE_DISCONNECT_ACK:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+ case FR_RADIUS_CODE_COA_ACK:
+ case FR_RADIUS_CODE_DISCONNECT_ACK:
stats.accepted++;
break;
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
break;
default:
* If we had an expected response code, check to see if the
* packet matched that.
*/
- if ((request->filter_code != FR_CODE_UNDEFINED) && (request->reply->code != request->filter_code)) {
+ if ((request->filter_code != FR_RADIUS_CODE_UNDEFINED) && (request->reply->code != request->filter_code)) {
if (is_radius_code(request->reply->code)) {
REDEBUG("%s: Expected %s got %s", request->name, fr_packet_codes[request->filter_code],
fr_packet_codes[request->reply->code]);
/*
* Work backwards from the port to determine the packet type
*/
- if (packet_code == FR_CODE_UNDEFINED) packet_code = radclient_get_code(server_port);
+ if (packet_code == FR_RADIUS_CODE_UNDEFINED) packet_code = radclient_get_code(server_port);
}
radclient_get_port(packet_code, &server_port);
fr_pair_list_t reply_list;
fr_pair_list_t filter; //!< If the reply passes the filter, then the request passes.
- FR_CODE filter_code; //!< Expected code of the response packet.
+ fr_radius_packet_code_t filter_code; //!< Expected code of the response packet.
int resend;
int tries;
static char const *radsniff_version = RADIUSD_VERSION_STRING_BUILD("radsniff");
static int rs_useful_codes[] = {
- FR_CODE_ACCESS_REQUEST, //!< RFC2865 - Authentication request
- FR_CODE_ACCESS_ACCEPT, //!< RFC2865 - Access-Accept
- FR_CODE_ACCESS_REJECT, //!< RFC2865 - Access-Reject
- FR_CODE_ACCOUNTING_REQUEST, //!< RFC2866 - Accounting-Request
- FR_CODE_ACCOUNTING_RESPONSE, //!< RFC2866 - Accounting-Response
- FR_CODE_ACCESS_CHALLENGE, //!< RFC2865 - Access-Challenge
- FR_CODE_STATUS_SERVER, //!< RFC2865/RFC5997 - Status Server (request)
- FR_CODE_STATUS_CLIENT, //!< RFC2865/RFC5997 - Status Server (response)
- FR_CODE_DISCONNECT_REQUEST, //!< RFC3575/RFC5176 - Disconnect-Request
- FR_CODE_DISCONNECT_ACK, //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
- FR_CODE_DISCONNECT_NAK, //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
- FR_CODE_COA_REQUEST, //!< RFC3575/RFC5176 - CoA-Request
- FR_CODE_COA_ACK, //!< RFC3575/RFC5176 - CoA-Ack (positive)
- FR_CODE_COA_NAK, //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
+ FR_RADIUS_CODE_ACCESS_REQUEST, //!< RFC2865 - Authentication request
+ FR_RADIUS_CODE_ACCESS_ACCEPT, //!< RFC2865 - Access-Accept
+ FR_RADIUS_CODE_ACCESS_REJECT, //!< RFC2865 - Access-Reject
+ FR_RADIUS_CODE_ACCOUNTING_REQUEST, //!< RFC2866 - Accounting-Request
+ FR_RADIUS_CODE_ACCOUNTING_RESPONSE, //!< RFC2866 - Accounting-Response
+ FR_RADIUS_CODE_ACCESS_CHALLENGE, //!< RFC2865 - Access-Challenge
+ FR_RADIUS_CODE_STATUS_SERVER, //!< RFC2865/RFC5997 - Status Server (request)
+ FR_RADIUS_CODE_STATUS_CLIENT, //!< RFC2865/RFC5997 - Status Server (response)
+ FR_RADIUS_CODE_DISCONNECT_REQUEST, //!< RFC3575/RFC5176 - Disconnect-Request
+ FR_RADIUS_CODE_DISCONNECT_ACK, //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
+ FR_RADIUS_CODE_DISCONNECT_NAK, //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
+ FR_RADIUS_CODE_COA_REQUEST, //!< RFC3575/RFC5176 - CoA-Request
+ FR_RADIUS_CODE_COA_ACK, //!< RFC3575/RFC5176 - CoA-Ack (positive)
+ FR_RADIUS_CODE_COA_NAK, //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
};
static fr_table_num_sorted_t const rs_events[] = {
}
}
-static void rs_stats_print_code_fancy(rs_latency_t *stats, FR_CODE code)
+static void rs_stats_print_code_fancy(rs_latency_t *stats, fr_radius_packet_code_t code)
{
int i;
bool have_rt = false;
}
switch (packet->code) {
- case FR_CODE_ACCOUNTING_RESPONSE:
- case FR_CODE_ACCESS_REJECT:
- case FR_CODE_ACCESS_ACCEPT:
- case FR_CODE_ACCESS_CHALLENGE:
- case FR_CODE_COA_NAK:
- case FR_CODE_COA_ACK:
- case FR_CODE_DISCONNECT_NAK:
- case FR_CODE_DISCONNECT_ACK:
- case FR_CODE_STATUS_CLIENT:
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_COA_NAK:
+ case FR_RADIUS_CODE_COA_ACK:
+ case FR_RADIUS_CODE_DISCONNECT_NAK:
+ case FR_RADIUS_CODE_DISCONNECT_ACK:
+ case FR_RADIUS_CODE_STATUS_CLIENT:
{
/* look for a matching request and use it for decoding */
search.expect = packet;
break;
}
- case FR_CODE_ACCOUNTING_REQUEST:
- case FR_CODE_ACCESS_REQUEST:
- case FR_CODE_COA_REQUEST:
- case FR_CODE_DISCONNECT_REQUEST:
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_STATUS_SERVER:
{
/*
* Verify this code is allowed
if (conf->verify_radius_authenticator) {
switch (packet->code) {
- case FR_CODE_ACCOUNTING_REQUEST:
- case FR_CODE_COA_REQUEST:
- case FR_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
{
int ret;
FILE *log_fp = fr_log_fp;
* CoA and Disconnect Messages, as we get the average latency across both
* response types.
*
- * It also justifies allocating FR_CODE_RADIUS_MAX instances of rs_latency_t.
+ * It also justifies allocating FR_RADIUS_CODE_MAXinstances of rs_latency_t.
*/
rs_stats_update_latency(&stats->exchange[packet->code], &latency);
rs_stats_update_latency(&stats->exchange[original->expect->code], &latency);
#endif
typedef struct {
- uint64_t type[FR_CODE_RADIUS_MAX + 1];
+ uint64_t type[FR_RADIUS_CODE_MAX+ 1];
} rs_counters_t;
typedef struct CC_HINT(__packed__) {
typedef struct {
int intervals; //!< Number of stats intervals.
- rs_latency_t exchange[FR_CODE_RADIUS_MAX + 1]; //!< We end up allocating ~16K, but memory is cheap so
+ rs_latency_t exchange[FR_RADIUS_CODE_MAX+ 1]; //!< We end up allocating ~16K, but memory is cheap so
//!< what the hell. This is required because instances of
//!< FreeRADIUS delay Access-Rejects, which would artificially
//!< increase latency stats for Access-Requests.
fr_pair_list_t filter_request_vps; //!< Sorted filter vps.
fr_pair_list_t filter_response_vps; //!< Sorted filter vps.
- FR_CODE filter_request_code; //!< Filter request packets by code.
- FR_CODE filter_response_code; //!< Filter response packets by code.
+ fr_radius_packet_code_t filter_request_code; //!< Filter request packets by code.
+ fr_radius_packet_code_t filter_response_code; //!< Filter response packets by code.
rs_status_t event_flags; //!< Events we log and capture on.
rs_packet_logger_t logger; //!< Packet logger
* collectd.c - Registration and processing functions
*/
rs_stats_tmpl_t *rs_stats_collectd_init_latency(TALLOC_CTX *ctx, rs_stats_tmpl_t **out, rs_t *conf,
- char const *type, rs_latency_t *stats, FR_CODE code);
+ char const *type, rs_latency_t *stats, fr_radius_packet_code_t code);
void rs_stats_collectd_do_stats(rs_t *conf, rs_stats_tmpl_t *tmpls, struct timeval *now);
int rs_stats_collectd_open(rs_t *conf);
int rs_stats_collectd_close(rs_t *conf);
}
-FR_CODE chbind_process(request_t *request, CHBIND_REQ *chbind)
+fr_radius_packet_code_t chbind_process(request_t *request, CHBIND_REQ *chbind)
{
- FR_CODE code;
+ fr_radius_packet_code_t code;
rlm_rcode_t rcode;
request_t *fake = NULL;
uint8_t const *attr_data;
talloc_free(packet_ctx.tmp_ctx);
talloc_free(packet_ctx.tags);
- return FR_CODE_ACCESS_ACCEPT;
+ return FR_RADIUS_CODE_ACCESS_ACCEPT;
}
attr_data += attr_len;
data_len -= attr_len;
* bindings, this is hard-coded for now.
*/
fake->server_cs = virtual_server_find("channel_bindings");
- fake->packet->code = FR_CODE_ACCESS_REQUEST;
+ fake->packet->code = FR_RADIUS_CODE_ACCESS_REQUEST;
rad_virtual_server(&rcode, fake);
switch (rcode) {
case RLM_MODULE_OK:
case RLM_MODULE_HANDLED:
if (chbind_build_response(fake, chbind)) {
- code = FR_CODE_ACCESS_ACCEPT;
+ code = FR_RADIUS_CODE_ACCESS_ACCEPT;
break;
}
FALL_THROUGH;
/* If we got any other response from the virtual server, it maps to a reject */
default:
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
break;
}
#define CHBIND_CODE_FAILURE 3
/* Channel binding function prototypes */
-FR_CODE chbind_process(request_t *request, CHBIND_REQ *chbind_req);
+fr_radius_packet_code_t chbind_process(request_t *request, CHBIND_REQ *chbind_req);
fr_pair_t *eap_chbind_packet2vp(TALLOC_CTX *ctx, chbind_packet_t *chbind);
chbind_packet_t *eap_chbind_vp2packet(TALLOC_CTX *ctx, fr_pair_list_t *vps);
rcode = RLM_MODULE_OK;
if (!request->reply->code) switch (reply->code) {
case FR_EAP_CODE_RESPONSE:
- request->reply->code = FR_CODE_ACCESS_ACCEPT;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_ACCEPT;
rcode = RLM_MODULE_HANDLED;
break;
case FR_EAP_CODE_SUCCESS:
- request->reply->code = FR_CODE_ACCESS_ACCEPT;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_ACCEPT;
rcode = RLM_MODULE_OK;
break;
case FR_EAP_CODE_FAILURE:
- request->reply->code = FR_CODE_ACCESS_REJECT;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT;
rcode = RLM_MODULE_REJECT;
break;
case FR_EAP_CODE_REQUEST:
- request->reply->code = FR_CODE_ACCESS_CHALLENGE;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
rcode = RLM_MODULE_HANDLED;
break;
/* Should never enter here */
REDEBUG("Reply code %d is unknown, rejecting the request", reply->code);
- request->reply->code = FR_CODE_ACCESS_REJECT;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT;
reply->code = FR_EAP_CODE_FAILURE;
rcode = RLM_MODULE_REJECT;
break;
fr_cond_assert(final == RLM_MODULE_OK);
if (!request->reply->code ||
- (request->reply->code == FR_CODE_ACCESS_REJECT)) {
+ (request->reply->code == FR_RADIUS_CODE_ACCESS_REJECT)) {
RETURN_MODULE_REJECT;
}
- if (request->reply->code == FR_CODE_ACCESS_CHALLENGE) {
+ if (request->reply->code == FR_RADIUS_CODE_ACCESS_CHALLENGE) {
RETURN_MODULE_HANDLED;
}
fr_dict_t const **dict; //!< pointer to local fr_dict_t *
} fr_process_module_t;
+#ifndef NDEBUG
+# define PROCESS_TRACE RDEBUG3("Entered state %s", __FUNCTION__)
+#else
+# define PROCESS_TRACE
+#endif
+
#ifdef __cplusplus
}
#endif
* @todo - a multi-protocol server shouldn't have
* hard-coded RADIUS.
*/
- if ((request->packet->code == FR_CODE_ACCESS_REQUEST) &&
+ if ((request->packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) &&
(request->reply && !request->reply->code)) {
fr_assert(request->session_state_ctx != NULL);
}
(request->listener->type != RAD_LISTEN_AUTH)) return;
#endif
/* don't count statistic requests */
- if (request->packet->code == FR_CODE_STATUS_SERVER)
+ if (request->packet->code == FR_RADIUS_CODE_STATUS_SERVER)
return;
#undef INC_AUTH
* deleted, because only the main server thread calls
* this function, which makes it thread-safe.
*/
- if (request->reply && (request->packet->code != FR_CODE_STATUS_SERVER)) switch (request->reply->code) {
- case FR_CODE_ACCESS_ACCEPT:
+ if (request->reply && (request->packet->code != FR_RADIUS_CODE_STATUS_SERVER)) switch (request->reply->code) {
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
INC_AUTH(total_access_accepts);
auth_stats:
request->reply->timestamp);
break;
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
INC_AUTH(total_access_rejects);
goto auth_stats;
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
INC_AUTH(total_access_challenges);
goto auth_stats;
- case FR_CODE_ACCOUNTING_RESPONSE:
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
INC_ACCT(total_responses);
fr_stats_bins(&radius_acct_stats,
request->packet->timestamp,
*/
case 0:
switch (request->packet->code) {
- case FR_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
if (request->reply->id == -1) {
INC_AUTH(total_bad_authenticators);
} else {
break;
- case FR_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
if (request->reply->id == -1) {
INC_ACCT(total_bad_authenticators);
} else {
};
static const CONF_PARSER priority_config[] = {
- { FR_CONF_OFFSET("Access-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_ACCESS_REQUEST]),
+ { FR_CONF_OFFSET("Access-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_ACCESS_REQUEST]),
.func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "high" },
- { FR_CONF_OFFSET("Accounting-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_ACCOUNTING_REQUEST]),
+ { FR_CONF_OFFSET("Accounting-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_ACCOUNTING_REQUEST]),
.func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "low" },
- { FR_CONF_OFFSET("CoA-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_COA_REQUEST]),
+ { FR_CONF_OFFSET("CoA-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_COA_REQUEST]),
.func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "normal" },
- { FR_CONF_OFFSET("Disconnect-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_DISCONNECT_REQUEST]),
+ { FR_CONF_OFFSET("Disconnect-Request", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_DISCONNECT_REQUEST]),
.func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "low" },
- { FR_CONF_OFFSET("Status-Server", FR_TYPE_UINT32, proto_radius_t, priorities[FR_CODE_STATUS_SERVER]),
+ { FR_CONF_OFFSET("Status-Server", FR_TYPE_UINT32, proto_radius_t, priorities[FR_RADIUS_CODE_STATUS_SERVER]),
.func = cf_table_parse_uint32, .uctx = &(cf_table_parse_ctx_t){ .table = channel_packet_priority, .len = &channel_packet_priority_len }, .dflt = "now" },
CONF_PARSER_TERMINATOR
value = cf_pair_value(cp);
dv = fr_dict_enum_by_name(attr_packet_type, value, -1);
- if (!dv || (dv->value->vb_uint32 >= FR_RADIUS_MAX_PACKET_CODE)) {
+ if (!dv || (dv->value->vb_uint32 >= FR_RADIUS_CODE_MAX)) {
cf_log_err(ci, "Unknown RADIUS packet type '%s'", value);
return -1;
}
RADCLIENT const *client;
fr_dcursor_t cursor;
- fr_assert(data[0] < FR_RADIUS_MAX_PACKET_CODE);
+ fr_assert(data[0] < FR_RADIUS_CODE_MAX);
/*
* Set the request dictionary so that we can do
* Process layer NAK, or "Do not respond".
*/
if ((buffer_len == 1) ||
- (request->reply->code == FR_CODE_DO_NOT_RESPOND) ||
- (request->reply->code == 0) || (request->reply->code >= FR_RADIUS_MAX_PACKET_CODE)) {
+ (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) ||
+ (request->reply->code == 0) || (request->reply->code >= FR_RADIUS_CODE_MAX)) {
track->do_not_respond = true;
return 1;
}
* We don't accept the new client, so don't do
* anything.
*/
- if (request->reply->code != FR_CODE_ACCESS_ACCEPT) {
+ if (request->reply->code != FR_RADIUS_CODE_ACCESS_ACCEPT) {
*buffer = true;
return 1;
}
proto_radius_t const *inst = talloc_get_type_abort_const(instance, proto_radius_t);
fr_assert(buffer[0] > 0);
- fr_assert(buffer[0] < FR_RADIUS_MAX_PACKET_CODE);
+ fr_assert(buffer[0] < FR_RADIUS_CODE_MAX);
/*
* Disallowed packet
/*
* No Access-Request packets, then no cleanup delay.
*/
- if (!inst->allowed[FR_CODE_ACCESS_REQUEST]) {
+ if (!inst->allowed[FR_RADIUS_CODE_ACCESS_REQUEST]) {
inst->io.cleanup_delay = 0;
}
#endif
bool tunnel_password_zeros; //!< check for trailing zeroes in Tunnel-Password.
- uint32_t priorities[FR_RADIUS_MAX_PACKET_CODE]; //!< priorities for individual packets
+ uint32_t priorities[FR_RADIUS_CODE_MAX]; //!< priorities for individual packets
char **allowed_types; //!< names for for 'type = ...'
- bool allowed[FR_RADIUS_MAX_PACKET_CODE];
+ bool allowed[FR_RADIUS_CODE_MAX];
} proto_radius_t;
fr_pair_t *vp;
fr_pair_list_t vps;
ssize_t packet_len;
- int code = FR_CODE_ACCESS_REQUEST;
+ int code = FR_RADIUS_CODE_ACCESS_REQUEST;
fr_pair_list_init(&vps);
inst->client = client = talloc_zero(inst, RADCLIENT);
/*
* We MUST always start with a known RADIUS packet.
*/
- if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_MAX_PACKET_CODE)) {
+ if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_CODE_MAX)) {
DEBUG("proto_radius_tcp got invalid packet code %d", buffer[0]);
thread->stats.total_unknown_types++;
return -1;
* connection-level negotiation data, but only the first
* time the packet is being written.
*/
- if ((written == 0) && (track->packet[0] == FR_CODE_STATUS_SERVER)) {
+ if ((written == 0) && (track->packet[0] == FR_RADIUS_CODE_STATUS_SERVER)) {
// status_check_reply(inst, buffer, buffer_len);
}
return 0;
}
- if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_MAX_PACKET_CODE)) {
+ if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_CODE_MAX)) {
DEBUG("proto_radius_udp got invalid packet code %d", buffer[0]);
thread->stats.total_unknown_types++;
return 0;
* Root through the reply to determine any
* connection-level negotiation data.
*/
- if (track->packet[0] == FR_CODE_STATUS_SERVER) {
+ if (track->packet[0] == FR_RADIUS_CODE_STATUS_SERVER) {
// status_check_reply(inst, buffer, buffer_len);
}
* Process layer NAK, never respond, or "Do not respond".
*/
if ((buffer_len == 1) ||
- (request->reply->code == FR_CODE_DO_NOT_RESPOND) ||
+ (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) ||
(request->reply->code >= FR_VQP_MAX_CODE)) {
track->do_not_respond = true;
return 1;
* says that we MUST include a User-Name attribute in the
* Access-Accept.
*/
- if ((request->reply->code == FR_CODE_ACCESS_ACCEPT) && username) {
+ if ((request->reply->code == FR_RADIUS_CODE_ACCESS_ACCEPT) && username) {
MEM(pair_update_reply(&vp, attr_user_name) >= 0);
fr_pair_value_copy(vp, username);
}
* Access-Accept.
*/
username = fr_pair_find_by_da(&request->request_pairs, attr_user_name);
- if ((request->reply->code == FR_CODE_ACCESS_ACCEPT) && username) {
+ if ((request->reply->code == FR_RADIUS_CODE_ACCESS_ACCEPT) && username) {
/*
* Doesn't exist, add it in.
*/
* Only synthesize a failure message if something
* previously rejected the request.
*/
- if (request->reply->code != FR_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP;
+ if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP;
if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message)) {
RDEBUG3("Request didn't contain an EAP-Message, not inserting EAP-Failure");
eap_fast_tlv_append(tls_session, attr_eap_fast_error, true, sizeof(value), &value);
}
-static void eap_fast_append_result(fr_tls_session_t *tls_session, FR_CODE code)
+static void eap_fast_append_result(fr_tls_session_t *tls_session, fr_radius_packet_code_t code)
{
eap_fast_tunnel_t *t = talloc_get_type_abort(tls_session->opaque, eap_fast_tunnel_t);
uint16_t state;
da = (t->result_final) ? attr_eap_fast_result : attr_eap_fast_intermediate_result;
- state = htons((code == FR_CODE_ACCESS_REJECT) ? EAP_FAST_TLV_RESULT_FAILURE : EAP_FAST_TLV_RESULT_SUCCESS);
+ state = htons((code == FR_RADIUS_CODE_ACCESS_REJECT) ? EAP_FAST_TLV_RESULT_FAILURE : EAP_FAST_TLV_RESULT_SUCCESS);
eap_fast_tlv_append(tls_session, da, true, sizeof(state), &state);
}
* NOT 'eap start', so we should check for that....
*/
switch (reply->code) {
- case FR_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
RDEBUG2("Got tunneled Access-Accept");
rcode = RLM_MODULE_OK;
RHEXDUMP3((uint8_t *)&t->isk, 2 * RADIUS_CHAP_CHALLENGE_LENGTH, "ISK[j]"); /* FIXME (part of above) */
break;
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
REDEBUG("Got tunneled Access-Reject");
rcode = RLM_MODULE_REJECT;
break;
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
RDEBUG2("Got tunneled Access-Challenge");
/*
return rcode;
}
-static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_session,
+static fr_radius_packet_code_t eap_fast_eap_payload(request_t *request, eap_session_t *eap_session,
fr_tls_session_t *tls_session, fr_pair_t *tlv_eap_payload)
{
- FR_CODE code = FR_CODE_ACCESS_REJECT;
+ fr_radius_packet_code_t code = FR_RADIUS_CODE_ACCESS_REJECT;
rlm_rcode_t rcode;
fr_pair_t *vp;
eap_fast_tunnel_t *t;
/*
* Didn't authenticate the packet, but we're proxying it.
*/
- code = FR_CODE_STATUS_CLIENT;
+ code = FR_RADIUS_CODE_STATUS_CLIENT;
} else
#endif /* WITH_PROXY */
{
REDEBUG("No tunneled reply was found, and the request was not proxied: rejecting the user");
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
}
break;
rcode = process_reply(eap_session, tls_session, request, fake->reply, &fake->reply_pairs);
switch (rcode) {
case RLM_MODULE_REJECT:
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
break;
case RLM_MODULE_HANDLED:
- code = FR_CODE_ACCESS_CHALLENGE;
+ code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
break;
case RLM_MODULE_OK:
- code = FR_CODE_ACCESS_ACCEPT;
+ code = FR_RADIUS_CODE_ACCESS_ACCEPT;
break;
default:
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
break;
}
break;
return code;
}
-static FR_CODE eap_fast_crypto_binding(request_t *request, UNUSED eap_session_t *eap_session,
+static fr_radius_packet_code_t eap_fast_crypto_binding(request_t *request, UNUSED eap_session_t *eap_session,
fr_tls_session_t *tls_session, eap_tlv_crypto_binding_tlv_t *binding)
{
uint8_t cmac[sizeof(binding->compound_mac)];
RDEBUG2("Crypto-Binding TLV mis-match");
RHEXDUMP3((uint8_t const *) binding->compound_mac,
sizeof(binding->compound_mac), "Calculated Compound MAC");
- return FR_CODE_ACCESS_REJECT;
+ return FR_RADIUS_CODE_ACCESS_REJECT;
}
- return FR_CODE_ACCESS_ACCEPT;
+ return FR_RADIUS_CODE_ACCESS_ACCEPT;
}
-static FR_CODE eap_fast_process_tlvs(request_t *request, eap_session_t *eap_session,
+static fr_radius_packet_code_t eap_fast_process_tlvs(request_t *request, eap_session_t *eap_session,
fr_tls_session_t *tls_session, fr_pair_list_t *fast_vps)
{
eap_fast_tunnel_t *t = talloc_get_type_abort(tls_session->opaque, eap_fast_tunnel_t);
for (vp = fr_pair_list_head(fast_vps);
vp;
vp = fr_pair_list_next(fast_vps, vp)) {
- FR_CODE code = FR_CODE_ACCESS_REJECT;
+ fr_radius_packet_code_t code = FR_RADIUS_CODE_ACCESS_REJECT;
if (vp->da->parent == attr_eap_fast_tlv) {
if (vp->da == attr_eap_fast_eap_payload) {
code = eap_fast_eap_payload(request, eap_session, tls_session, vp);
- if (code == FR_CODE_ACCESS_ACCEPT) t->stage = EAP_FAST_CRYPTOBIND_CHECK;
+ if (code == FR_RADIUS_CODE_ACCESS_ACCEPT) t->stage = EAP_FAST_CRYPTOBIND_CHECK;
} else if ((vp->da == attr_eap_fast_result) ||
(vp->da == attr_eap_fast_intermediate_result)) {
- code = FR_CODE_ACCESS_ACCEPT;
+ code = FR_RADIUS_CODE_ACCESS_ACCEPT;
t->stage = EAP_FAST_PROVISIONING;
} else {
RDEBUG2("ignoring unknown %pP", vp);
} else if (vp->da->parent == attr_eap_fast_pac_tlv) {
if (vp->da == attr_eap_fast_pac_acknowledge) {
if (vp->vp_uint32 == EAP_FAST_TLV_RESULT_SUCCESS) {
- code = FR_CODE_ACCESS_ACCEPT;
+ code = FR_RADIUS_CODE_ACCESS_ACCEPT;
t->pac.expires = UINT32_MAX;
t->pac.expired = false;
t->stage = EAP_FAST_COMPLETE;
continue;
}
- if (code == FR_CODE_ACCESS_REJECT) return FR_CODE_ACCESS_REJECT;
+ if (code == FR_RADIUS_CODE_ACCESS_REJECT) return FR_RADIUS_CODE_ACCESS_REJECT;
}
if (binding) {
- FR_CODE code = eap_fast_crypto_binding(request, eap_session, tls_session, binding);
- if (code == FR_CODE_ACCESS_ACCEPT) {
+ fr_radius_packet_code_t code = eap_fast_crypto_binding(request, eap_session, tls_session, binding);
+ if (code == FR_RADIUS_CODE_ACCESS_ACCEPT) {
t->stage = EAP_FAST_PROVISIONING;
}
return code;
}
- return FR_CODE_ACCESS_ACCEPT;
+ return FR_RADIUS_CODE_ACCESS_ACCEPT;
}
/*
* Process the inner tunnel data
*/
-FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
+fr_radius_packet_code_t eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
{
- FR_CODE code;
+ fr_radius_packet_code_t code;
fr_pair_list_t fast_vps;
uint8_t const *data;
size_t data_len;
/*
* See if the tunneled data is well formed.
*/
- if (!eap_fast_verify(request, tls_session, data, data_len)) return FR_CODE_ACCESS_REJECT;
+ if (!eap_fast_verify(request, tls_session, data, data_len)) return FR_RADIUS_CODE_ACCESS_REJECT;
if (t->stage == EAP_FAST_TLS_SESSION_HANDSHAKE) {
fr_assert(t->mode == EAP_FAST_UNKNOWN);
eap_fast_send_identity_request(request, tls_session, eap_session);
t->stage = EAP_FAST_AUTHENTICATION;
- return FR_CODE_ACCESS_CHALLENGE;
+ return FR_RADIUS_CODE_ACCESS_CHALLENGE;
}
if (eap_fast_decode_pair(request, &fast_vps, attr_eap_fast_tlv,
- data, data_len, NULL) < 0) return FR_CODE_ACCESS_REJECT;
+ data, data_len, NULL) < 0) return FR_RADIUS_CODE_ACCESS_REJECT;
RDEBUG2("Got Tunneled FAST TLVs");
log_request_pair_list(L_DBG_LVL_1, request, NULL, &fast_vps, NULL);
code = eap_fast_process_tlvs(request, eap_session, tls_session, &fast_vps);
fr_pair_list_free(&fast_vps);
- if (code == FR_CODE_ACCESS_REJECT) return FR_CODE_ACCESS_REJECT;
+ if (code == FR_RADIUS_CODE_ACCESS_REJECT) return FR_RADIUS_CODE_ACCESS_REJECT;
switch (t->stage) {
case EAP_FAST_AUTHENTICATION:
- code = FR_CODE_ACCESS_CHALLENGE;
+ code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
break;
case EAP_FAST_CRYPTOBIND_CHECK:
eap_fast_update_icmk(request, tls_session, (uint8_t *)&t->isk);
eap_fast_append_crypto_binding(request, tls_session);
- code = FR_CODE_ACCESS_CHALLENGE;
+ code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
break;
}
case EAP_FAST_PROVISIONING:
if (t->pac.send) {
RDEBUG2("Peer requires new PAC");
eap_fast_send_pac_tunnel(request, tls_session);
- code = FR_CODE_ACCESS_CHALLENGE;
+ code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
break;
}
*/
if (t->pac.type && t->pac.expired) {
REDEBUG("Rejecting expired PAC.");
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
break;
}
if (t->mode == EAP_FAST_PROVISIONING_ANON) {
REDEBUG("Rejecting unauthenticated provisioning");
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
break;
}
default:
RERROR("Internal sanity check failed in EAP-FAST at %d", t->stage);
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
}
return code;
*/
void eap_fast_tlv_append(fr_tls_session_t *tls_session, fr_dict_attr_t const *da, bool mandatory,
int length, const void *data) CC_HINT(nonnull);
-FR_CODE eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
+fr_radius_packet_code_t eap_fast_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
/*
* A bunch of EAP-FAST helper functions.
* Process the FAST portion of the request.
*/
switch (eap_fast_process(request, eap_session, tls_session)) {
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
eap_tls_fail(request, eap_session);
RETURN_MODULE_FAIL;
/*
* Access-Challenge, continue tunneled conversation.
*/
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
fr_tls_session_send(request, tls_session);
eap_tls_request(request, eap_session);
RETURN_MODULE_HANDLED;
/*
* Success: Automatically return MPPE keys.
*/
- case FR_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
if (eap_tls_success(request, eap_session, NULL, 0, NULL, 0) < 0) RETURN_MODULE_FAIL;
RETURN_MODULE_OK;
* that the request now has a "proxy" packet, and
* will proxy it, rather than returning an EAP packet.
*/
- case FR_CODE_STATUS_CLIENT:
+ case FR_RADIUS_CODE_STATUS_CLIENT:
RETURN_MODULE_OK;
default:
* There is only a limited number of possibilities.
*/
switch (request->reply->code) {
- case FR_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
RDEBUG2("Proxied authentication succeeded");
/*
break;
default:
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
REDEBUG("Proxied authentication was rejected");
RETURN_MODULE_REJECT;
}
* And we need to challenge the user, not ack/reject them,
* so we re-write the ACK to a challenge. Yuck.
*/
- request->reply->code = FR_CODE_ACCESS_CHALLENGE;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
fr_pair_list_free(&response);
RETURN_MODULE_HANDLED;
}
switch (reply->code) {
- case FR_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
RDEBUG2("Tunneled authentication was successful");
t->status = PEAP_STATUS_SENT_TLV_SUCCESS;
eap_peap_success(request, eap_session, tls_session);
rcode = RLM_MODULE_HANDLED;
break;
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
RDEBUG2("Tunneled authentication was rejected");
t->status = PEAP_STATUS_SENT_TLV_FAILURE;
eap_peap_failure(request, eap_session, tls_session);
rcode = RLM_MODULE_HANDLED;
break;
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
RDEBUG2("Got tunneled Access-Challenge");
/*
fake->server_cs ? cf_section_name2(fake->server_cs) : "NULL");
rad_virtual_server(&rcode, fake);
- if (fake->reply->code != FR_CODE_ACCESS_ACCEPT) {
+ if (fake->reply->code != FR_RADIUS_CODE_ACCESS_ACCEPT) {
RDEBUG2("SoH was rejected");
TALLOC_FREE(fake);
t->status = PEAP_STATUS_SENT_TLV_FAILURE;
/*
* Process the TTLS portion of an EAP-TTLS request.
*/
-FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
+fr_radius_packet_code_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session) CC_HINT(nonnull);
* Process the TTLS portion of the request.
*/
switch (eap_ttls_process(request, eap_session, tls_session)) {
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
eap_tls_fail(request, eap_session);
RETURN_MODULE_REJECT;
/*
* Access-Challenge, continue tunneled conversation.
*/
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
eap_tls_request(request, eap_session);
RETURN_MODULE_OK;
/*
* Success: Automatically return MPPE keys.
*/
- case FR_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
goto do_keys;
/*
* that the request now has a "proxy" packet, and
* will proxy it, rather than returning an EAP packet.
*/
- case FR_CODE_STATUS_CLIENT:
+ case FR_RADIUS_CODE_STATUS_CLIENT:
RETURN_MODULE_OK;
default:
* NOT 'eap start', so we should check for that....
*/
switch (reply->code) {
- case FR_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
{
RDEBUG2("Got tunneled Access-Accept");
}
break;
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
REDEBUG("Got tunneled Access-Reject");
rcode = RLM_MODULE_REJECT;
break;
* an Access-Challenge means that we MUST tunnel
* a Reply-Message to the client.
*/
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
RDEBUG2("Got tunneled Access-Challenge");
/*
/*
* Process the "diameter" contents of the tunneled data.
*/
-FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
+fr_radius_packet_code_t eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_session_t *tls_session)
{
- FR_CODE code = FR_CODE_ACCESS_REJECT;
+ fr_radius_packet_code_t code = FR_RADIUS_CODE_ACCESS_REJECT;
rlm_rcode_t rcode;
fr_pair_t *vp = NULL;
fr_dcursor_t cursor;
if (data_len == 0) {
if (t->authenticated) {
RDEBUG2("Got ACK, and the user was already authenticated");
- code = FR_CODE_ACCESS_ACCEPT;
+ code = FR_RADIUS_CODE_ACCESS_ACCEPT;
goto finish;
} /* else no session, no data, die. */
* wrong.
*/
RDEBUG2("SSL_read Error");
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
goto finish;
}
if (!diameter_verify(request, data, data_len)) {
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
goto finish;
}
if (eap_ttls_decode_pair(request->request_ctx, &cursor, fr_dict_root(fr_dict_internal()),
data, data_len, tls_session->ssl) < 0) {
RPEDEBUG("Decoding TTLS TLVs failed");
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
goto finish;
}
*/
chbind = eap_chbind_vp2packet(request, &request->request_pairs);
if (chbind) {
- FR_CODE chbind_code;
+ fr_radius_packet_code_t chbind_code;
CHBIND_REQ *req = talloc_zero(request, CHBIND_REQ);
RDEBUG2("received chbind request");
/* clean up chbind req */
talloc_free(req);
- if (chbind_code != FR_CODE_ACCESS_ACCEPT) {
+ if (chbind_code != FR_RADIUS_CODE_ACCESS_ACCEPT) {
code = chbind_code;
goto finish;
}
if (!request->reply->code) {
RDEBUG2("No tunneled reply was found for request %" PRIu64 ", and the request was not "
"proxied: rejecting the user", request->number);
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
} else {
/*
* Returns RLM_MODULE_FOO, and we want to return FR_FOO
rcode = process_reply(eap_session, tls_session, request, request->reply, &request->reply_pairs);
switch (rcode) {
case RLM_MODULE_REJECT:
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
break;
case RLM_MODULE_HANDLED:
- code = FR_CODE_ACCESS_CHALLENGE;
+ code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
break;
case RLM_MODULE_OK:
- code = FR_CODE_ACCESS_ACCEPT;
+ code = FR_RADIUS_CODE_ACCESS_ACCEPT;
break;
default:
- code = FR_CODE_ACCESS_REJECT;
+ code = FR_RADIUS_CODE_ACCESS_REJECT;
break;
}
}
* Retransmission intervals for the packets we support.
*/
static CONF_PARSER auth_config[] = {
- { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].irt), .dflt = STRINGIFY(2) },
- { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].mrt), .dflt = STRINGIFY(16) },
- { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].mrc), .dflt = STRINGIFY(5) },
- { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCESS_REQUEST].mrd), .dflt = STRINGIFY(30) },
+ { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].irt), .dflt = STRINGIFY(2) },
+ { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrt), .dflt = STRINGIFY(16) },
+ { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrc), .dflt = STRINGIFY(5) },
+ { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrd), .dflt = STRINGIFY(30) },
CONF_PARSER_TERMINATOR
};
static CONF_PARSER acct_config[] = {
- { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].irt), .dflt = STRINGIFY(2) },
- { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].mrt), .dflt = STRINGIFY(5) },
- { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].mrc), .dflt = STRINGIFY(1) },
- { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_ACCOUNTING_REQUEST].mrd), .dflt = STRINGIFY(30) },
+ { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].irt), .dflt = STRINGIFY(2) },
+ { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrt), .dflt = STRINGIFY(5) },
+ { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrc), .dflt = STRINGIFY(1) },
+ { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrd), .dflt = STRINGIFY(30) },
CONF_PARSER_TERMINATOR
};
static CONF_PARSER status_config[] = {
- { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].irt), .dflt = STRINGIFY(2) },
- { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].mrt), .dflt = STRINGIFY(5) },
- { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].mrc), .dflt = STRINGIFY(5) },
- { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_STATUS_SERVER].mrd), .dflt = STRINGIFY(30) },
+ { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].irt), .dflt = STRINGIFY(2) },
+ { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].mrt), .dflt = STRINGIFY(5) },
+ { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].mrc), .dflt = STRINGIFY(5) },
+ { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_STATUS_SERVER].mrd), .dflt = STRINGIFY(30) },
CONF_PARSER_TERMINATOR
};
static CONF_PARSER coa_config[] = {
- { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_COA_REQUEST].irt), .dflt = STRINGIFY(2) },
- { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_COA_REQUEST].mrt), .dflt = STRINGIFY(16) },
- { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_COA_REQUEST].mrc), .dflt = STRINGIFY(5) },
- { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_COA_REQUEST].mrd), .dflt = STRINGIFY(30) },
+ { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].irt), .dflt = STRINGIFY(2) },
+ { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].mrt), .dflt = STRINGIFY(16) },
+ { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].mrc), .dflt = STRINGIFY(5) },
+ { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_COA_REQUEST].mrd), .dflt = STRINGIFY(30) },
CONF_PARSER_TERMINATOR
};
static CONF_PARSER disconnect_config[] = {
- { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].irt), .dflt = STRINGIFY(2) },
- { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].mrt), .dflt = STRINGIFY(16) },
- { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].mrc), .dflt = STRINGIFY(5) },
- { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_CODE_DISCONNECT_REQUEST].mrd), .dflt = STRINGIFY(30) },
+ { FR_CONF_OFFSET("initial_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].irt), .dflt = STRINGIFY(2) },
+ { FR_CONF_OFFSET("max_rtx_time", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrt), .dflt = STRINGIFY(16) },
+ { FR_CONF_OFFSET("max_rtx_count", FR_TYPE_UINT32, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrc), .dflt = STRINGIFY(5) },
+ { FR_CONF_OFFSET("max_rtx_duration", FR_TYPE_TIME_DELTA, rlm_radius_t, retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrd), .dflt = STRINGIFY(30) },
CONF_PARSER_TERMINATOR
};
CONF_PARSER_TERMINATOR
};
-static CONF_PARSER const type_interval_config[FR_RADIUS_MAX_PACKET_CODE] = {
- [FR_CODE_ACCESS_REQUEST] = { FR_CONF_POINTER("Access-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) auth_config },
+static CONF_PARSER const type_interval_config[FR_RADIUS_CODE_MAX] = {
+ [FR_RADIUS_CODE_ACCESS_REQUEST] = { FR_CONF_POINTER("Access-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) auth_config },
- [FR_CODE_ACCOUNTING_REQUEST] = { FR_CONF_POINTER("Accounting-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) acct_config },
- [FR_CODE_STATUS_SERVER] = { FR_CONF_POINTER("Status-Server", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) status_config },
- [FR_CODE_COA_REQUEST] = { FR_CONF_POINTER("CoA-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) coa_config },
- [FR_CODE_DISCONNECT_REQUEST] = { FR_CONF_POINTER("Disconnect-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) disconnect_config },
+ [FR_RADIUS_CODE_ACCOUNTING_REQUEST] = { FR_CONF_POINTER("Accounting-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) acct_config },
+ [FR_RADIUS_CODE_STATUS_SERVER] = { FR_CONF_POINTER("Status-Server", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) status_config },
+ [FR_RADIUS_CODE_COA_REQUEST] = { FR_CONF_POINTER("CoA-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) coa_config },
+ [FR_RADIUS_CODE_DISCONNECT_REQUEST] = { FR_CONF_POINTER("Disconnect-Request", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) disconnect_config },
};
static fr_dict_t const *dict_radius;
/*
* Status-Server packets cannot be proxied.
*/
- if (code == FR_CODE_STATUS_SERVER) {
+ if (code == FR_RADIUS_CODE_STATUS_SERVER) {
cf_log_err(ci, "Invalid setting of 'type = Status-Server'. Status-Server packets cannot be proxied.");
return -1;
}
if (!code ||
- (code >= FR_RADIUS_MAX_PACKET_CODE) ||
+ (code >= FR_RADIUS_CODE_MAX) ||
(!type_interval_config[code].name)) goto invalid_code;
/*
* types.
*/
if (!code ||
- (code >= FR_RADIUS_MAX_PACKET_CODE) ||
+ (code >= FR_RADIUS_CODE_MAX) ||
(!type_interval_config[code].name)) goto invalid_code;
/*
/*
* Nothing more to do here, so we stop.
*/
- if (code == FR_CODE_STATUS_SERVER) return 0;
+ if (code == FR_RADIUS_CODE_STATUS_SERVER) return 0;
cf_section_rule_push(cs, status_check_update_config);
}
}
- if (request->packet->code != FR_CODE_ACCESS_REQUEST) return;
+ if (request->packet->code != FR_RADIUS_CODE_ACCESS_REQUEST) return;
if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password) &&
!fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge)) {
* Reserve Status-Server for ourselves, for link-specific
* signaling.
*/
- if (request->packet->code == FR_CODE_STATUS_SERVER) {
+ if (request->packet->code == FR_RADIUS_CODE_STATUS_SERVER) {
REDEBUG("Cannot proxy Status-Server packets");
RETURN_MODULE_FAIL;
}
- if ((request->packet->code >= FR_RADIUS_MAX_PACKET_CODE) ||
+ if ((request->packet->code >= FR_RADIUS_CODE_MAX) ||
!inst->retry[request->packet->code].irt) { /* can't be zero */
REDEBUG("Invalid packet code %d", request->packet->code);
RETURN_MODULE_FAIL;
code = inst->types[i];
fr_assert(code > 0);
- fr_assert(code < FR_RADIUS_MAX_PACKET_CODE);
+ fr_assert(code < FR_RADIUS_CODE_MAX);
inst->allowed[code] = true;
}
- fr_assert(inst->status_check < FR_RADIUS_MAX_PACKET_CODE);
+ fr_assert(inst->status_check < FR_RADIUS_CODE_MAX);
/*
* If we're replicating, we don't care if the other end
* packets.
*/
if (inst->status_check) {
- if (inst->status_check == FR_CODE_STATUS_SERVER) {
+ if (inst->status_check == FR_RADIUS_CODE_STATUS_SERVER) {
inst->allowed[inst->status_check] = true;
} else if (!inst->allowed[inst->status_check]) {
/*
* Set limits on retransmission timers
*/
- if (inst->allowed[FR_CODE_ACCESS_REQUEST]) {
- FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].irt, >=, fr_time_delta_from_sec(1));
- FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
- FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_CODE_ACCESS_REQUEST].mrc, >=, 1);
- FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_CODE_ACCESS_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
-
- FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].irt, <=, fr_time_delta_from_sec(3));
- FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_CODE_ACCESS_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
- FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_CODE_ACCESS_REQUEST].mrc, <=, 10);
- FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_CODE_ACCESS_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+ if (inst->allowed[FR_RADIUS_CODE_ACCESS_REQUEST]) {
+ FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+ FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+ FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrc, >=, 1);
+ FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
+
+ FR_TIME_DELTA_BOUND_CHECK("Access-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+ FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
+ FR_INTEGER_BOUND_CHECK("Access-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrc, <=, 10);
+ FR_TIME_DELTA_BOUND_CHECK("Access-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCESS_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
}
/*
* the server core will automatically free the request at
* max_request_time.
*/
- if (inst->allowed[FR_CODE_ACCOUNTING_REQUEST]) {
- FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+ if (inst->allowed[FR_RADIUS_CODE_ACCOUNTING_REQUEST]) {
+ FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].irt, >=, fr_time_delta_from_sec(1));
#if 0
- FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
- FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrc, >=, 0);
- FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrd, >=, fr_time_delta_from_sec(0));
+ FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+ FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrc, >=, 0);
+ FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrd, >=, fr_time_delta_from_sec(0));
#endif
- FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].irt, <=, fr_time_delta_from_sec(3));
- FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
- FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrc, <=, 10);
- FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_CODE_ACCOUNTING_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+ FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+ FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
+ FR_INTEGER_BOUND_CHECK("Accounting-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrc, <=, 10);
+ FR_TIME_DELTA_BOUND_CHECK("Accounting-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_ACCOUNTING_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
}
/*
* Status-Server
*/
- if (inst->allowed[FR_CODE_STATUS_SERVER]) {
- FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].irt, >=, fr_time_delta_from_sec(1));
- FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].mrt, >=, fr_time_delta_from_sec(5));
- FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_CODE_STATUS_SERVER].mrc, >=, 1);
- FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_CODE_STATUS_SERVER].mrd, >=, fr_time_delta_from_sec(5));
-
- FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].irt, <=, fr_time_delta_from_sec(3));
- FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_CODE_STATUS_SERVER].mrt, <=, fr_time_delta_from_sec(30));
- FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_CODE_STATUS_SERVER].mrc, <=, 10);
- FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_CODE_STATUS_SERVER].mrd, <=, fr_time_delta_from_sec(30));
+ if (inst->allowed[FR_RADIUS_CODE_STATUS_SERVER]) {
+ FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].irt, >=, fr_time_delta_from_sec(1));
+ FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrt, >=, fr_time_delta_from_sec(5));
+ FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrc, >=, 1);
+ FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrd, >=, fr_time_delta_from_sec(5));
+
+ FR_TIME_DELTA_BOUND_CHECK("Status-Server.initial_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].irt, <=, fr_time_delta_from_sec(3));
+ FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_time", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrt, <=, fr_time_delta_from_sec(30));
+ FR_INTEGER_BOUND_CHECK("Status-Server.max_rtx_count", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrc, <=, 10);
+ FR_TIME_DELTA_BOUND_CHECK("Status-Server.max_rtx_duration", inst->retry[FR_RADIUS_CODE_STATUS_SERVER].mrd, <=, fr_time_delta_from_sec(30));
}
/*
* CoA
*/
- if (inst->allowed[FR_CODE_COA_REQUEST]) {
- FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_CODE_COA_REQUEST].irt, >=, fr_time_delta_from_sec(1));
- FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_CODE_COA_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
- FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_CODE_COA_REQUEST].mrc, >=, 1);
- FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_CODE_COA_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
-
- FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_CODE_COA_REQUEST].irt, <=, fr_time_delta_from_sec(3));
- FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_CODE_COA_REQUEST].mrt, <=, fr_time_delta_from_sec(60));
- FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_CODE_COA_REQUEST].mrc, <=, 10);
- FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_CODE_COA_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+ if (inst->allowed[FR_RADIUS_CODE_COA_REQUEST]) {
+ FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+ FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+ FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrc, >=, 1);
+ FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
+
+ FR_TIME_DELTA_BOUND_CHECK("CoA-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+ FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrt, <=, fr_time_delta_from_sec(60));
+ FR_INTEGER_BOUND_CHECK("CoA-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrc, <=, 10);
+ FR_TIME_DELTA_BOUND_CHECK("CoA-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_COA_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
}
/*
* Disconnect
*/
- if (inst->allowed[FR_CODE_DISCONNECT_REQUEST]) {
- FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].irt, >=, fr_time_delta_from_sec(1));
- FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
- FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrc, >=, 1);
- FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
-
- FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].irt, <=, fr_time_delta_from_sec(3));
- FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
- FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrc, <=, 10);
- FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_CODE_DISCONNECT_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
+ if (inst->allowed[FR_RADIUS_CODE_DISCONNECT_REQUEST]) {
+ FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].irt, >=, fr_time_delta_from_sec(1));
+ FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrt, >=, fr_time_delta_from_sec(5));
+ FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrc, >=, 1);
+ FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrd, >=, fr_time_delta_from_sec(5));
+
+ FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.initial_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].irt, <=, fr_time_delta_from_sec(3));
+ FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_time", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrt, <=, fr_time_delta_from_sec(30));
+ FR_INTEGER_BOUND_CHECK("Disconnect-Request.max_rtx_count", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrc, <=, 10);
+ FR_TIME_DELTA_BOUND_CHECK("Disconnect-Request.max_rtx_duration", inst->retry[FR_RADIUS_CODE_DISCONNECT_REQUEST].mrd, <=, fr_time_delta_from_sec(30));
}
setup_io_submodule:
uint32_t num_answers_to_alive; //!< How many status check responses we need to
///< mark the connection as alive.
- bool allowed[FR_RADIUS_MAX_PACKET_CODE];
- fr_retry_config_t retry[FR_RADIUS_MAX_PACKET_CODE];
+ bool allowed[FR_RADIUS_CODE_MAX];
+ fr_retry_config_t retry[FR_RADIUS_CODE_MAX];
fr_trunk_conf_t trunk_conf; //!< trunk configuration
};
/** If we get a reply, the request must come from one of a small
* number of packet types.
*/
-static FR_CODE allowed_replies[FR_RADIUS_MAX_PACKET_CODE] = {
- [FR_CODE_ACCESS_ACCEPT] = FR_CODE_ACCESS_REQUEST,
- [FR_CODE_ACCESS_CHALLENGE] = FR_CODE_ACCESS_REQUEST,
- [FR_CODE_ACCESS_REJECT] = FR_CODE_ACCESS_REQUEST,
+static fr_radius_packet_code_t allowed_replies[FR_RADIUS_CODE_MAX] = {
+ [FR_RADIUS_CODE_ACCESS_ACCEPT] = FR_RADIUS_CODE_ACCESS_REQUEST,
+ [FR_RADIUS_CODE_ACCESS_CHALLENGE] = FR_RADIUS_CODE_ACCESS_REQUEST,
+ [FR_RADIUS_CODE_ACCESS_REJECT] = FR_RADIUS_CODE_ACCESS_REQUEST,
- [FR_CODE_ACCOUNTING_RESPONSE] = FR_CODE_ACCOUNTING_REQUEST,
+ [FR_RADIUS_CODE_ACCOUNTING_RESPONSE] = FR_RADIUS_CODE_ACCOUNTING_REQUEST,
- [FR_CODE_COA_ACK] = FR_CODE_COA_REQUEST,
- [FR_CODE_COA_NAK] = FR_CODE_COA_REQUEST,
+ [FR_RADIUS_CODE_COA_ACK] = FR_RADIUS_CODE_COA_REQUEST,
+ [FR_RADIUS_CODE_COA_NAK] = FR_RADIUS_CODE_COA_REQUEST,
- [FR_CODE_DISCONNECT_ACK] = FR_CODE_DISCONNECT_REQUEST,
- [FR_CODE_DISCONNECT_NAK] = FR_CODE_DISCONNECT_REQUEST,
+ [FR_RADIUS_CODE_DISCONNECT_ACK] = FR_RADIUS_CODE_DISCONNECT_REQUEST,
+ [FR_RADIUS_CODE_DISCONNECT_NAK] = FR_RADIUS_CODE_DISCONNECT_REQUEST,
- [FR_CODE_PROTOCOL_ERROR] = FR_CODE_PROTOCOL_ERROR, /* Any */
+ [FR_RADIUS_CODE_PROTOCOL_ERROR] = FR_RADIUS_CODE_PROTOCOL_ERROR, /* Any */
};
/** Turn a reply code into a module rcode;
*
*/
-static rlm_rcode_t radius_code_to_rcode[FR_RADIUS_MAX_PACKET_CODE] = {
- [FR_CODE_ACCESS_ACCEPT] = RLM_MODULE_OK,
- [FR_CODE_ACCESS_CHALLENGE] = RLM_MODULE_UPDATED,
- [FR_CODE_ACCESS_REJECT] = RLM_MODULE_REJECT,
+static rlm_rcode_t radius_code_to_rcode[FR_RADIUS_CODE_MAX] = {
+ [FR_RADIUS_CODE_ACCESS_ACCEPT] = RLM_MODULE_OK,
+ [FR_RADIUS_CODE_ACCESS_CHALLENGE] = RLM_MODULE_UPDATED,
+ [FR_RADIUS_CODE_ACCESS_REJECT] = RLM_MODULE_REJECT,
- [FR_CODE_ACCOUNTING_RESPONSE] = RLM_MODULE_OK,
+ [FR_RADIUS_CODE_ACCOUNTING_RESPONSE] = RLM_MODULE_OK,
- [FR_CODE_COA_ACK] = RLM_MODULE_OK,
- [FR_CODE_COA_NAK] = RLM_MODULE_REJECT,
+ [FR_RADIUS_CODE_COA_ACK] = RLM_MODULE_OK,
+ [FR_RADIUS_CODE_COA_NAK] = RLM_MODULE_REJECT,
- [FR_CODE_DISCONNECT_ACK] = RLM_MODULE_OK,
- [FR_CODE_DISCONNECT_NAK] = RLM_MODULE_REJECT,
+ [FR_RADIUS_CODE_DISCONNECT_ACK] = RLM_MODULE_OK,
+ [FR_RADIUS_CODE_DISCONNECT_NAK] = RLM_MODULE_REJECT,
- [FR_CODE_PROTOCOL_ERROR] = RLM_MODULE_HANDLED,
+ [FR_RADIUS_CODE_PROTOCOL_ERROR] = RLM_MODULE_HANDLED,
};
static void conn_writable_status_check(UNUSED fr_event_list_t *el, UNUSED int fd,
/*
* Allow passwords only in Access-Request packets.
*/
- if ((inst->parent->status_check != FR_CODE_ACCESS_REQUEST) &&
+ if ((inst->parent->status_check != FR_RADIUS_CODE_ACCESS_REQUEST) &&
(tmpl_da(map->lhs) == attr_user_password)) continue;
(void) map_to_request(request, map, map_to_vp, NULL);
* This is usually used for dynamic configuration
* on startup.
*/
- if (code == FR_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
+ if (code == FR_RADIUS_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
/*
* Last trunk event was a failure, be more careful about
}
code = data[0];
- if (!code || (code >= FR_RADIUS_MAX_PACKET_CODE)) {
+ if (!code || (code >= FR_RADIUS_CODE_MAX)) {
REDEBUG("Unknown reply code %d", code);
return DECODE_FAIL_UNKNOWN_PACKET_CODE;
}
*
* Status checks accept any response code.
*/
- if (!u->status_check && (code != FR_CODE_PROTOCOL_ERROR)) {
- if (allowed_replies[code] != (FR_CODE) u->code) {
+ if (!u->status_check && (code != FR_RADIUS_CODE_PROTOCOL_ERROR)) {
+ if (allowed_replies[code] != (fr_radius_packet_code_t) u->code) {
REDEBUG("%s packet received invalid reply code %s",
fr_packet_codes[u->code], fr_packet_codes[code]);
return DECODE_FAIL_UNKNOWN_PACKET_CODE;
* number...
*/
switch (u->code) {
- case FR_CODE_ACCESS_REQUEST:
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_STATUS_SERVER:
{
size_t i;
uint32_t hash, base;
vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp);
if (vp) vp->vp_date = fr_time_to_unix_time(u->retry.updated);
- if (u->code == FR_CODE_STATUS_SERVER) u->can_retransmit = false;
+ if (u->code == FR_RADIUS_CODE_STATUS_SERVER) u->can_retransmit = false;
} else if (inst->parent->originate) {
/*
* time difference between now, and when we originally
* received the request.
*/
- if ((u->code == FR_CODE_ACCOUNTING_REQUEST) &&
+ if ((u->code == FR_RADIUS_CODE_ACCOUNTING_REQUEST) &&
(fr_pair_find_by_da(&request->request_pairs, attr_acct_delay_time) != NULL)) {
uint8_t *attr, *end;
uint32_t delay;
*/
if (message_authenticator) goto sign;
switch (u->code) {
- case FR_CODE_ACCOUNTING_REQUEST:
- case FR_CODE_DISCONNECT_REQUEST:
- case FR_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
sign:
/*
* Now that we're done mangling the packet, sign it.
/*
* @todo - do other negotiation and signaling.
*/
- if (h->buffer[0] == FR_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
+ if (h->buffer[0] == FR_RADIUS_CODE_PROTOCOL_ERROR) protocol_error_reply(u, NULL, h);
if (u->num_replies < inst->num_answers_to_alive) {
DEBUG("Received %d / %u replies for status check, on connection - %s",
* packet.
*/
switch (code) {
- case FR_CODE_PROTOCOL_ERROR:
+ case FR_RADIUS_CODE_PROTOCOL_ERROR:
protocol_error_reply(u, r, h);
break;
* automatically result in it the parent request
* returning an ok/fail packet code.
*/
- if ((u->code == FR_CODE_ACCESS_REQUEST) && (code == FR_CODE_ACCESS_CHALLENGE)) {
+ if ((u->code == FR_RADIUS_CODE_ACCESS_REQUEST) && (code == FR_RADIUS_CODE_ACCESS_CHALLENGE)) {
fr_pair_t *vp;
vp = fr_pair_find_by_da(&request->reply_pairs, attr_packet_type);
if (!vp) {
MEM(vp = fr_pair_afrom_da(request->reply_ctx, attr_packet_type));
- vp->vp_uint32 = FR_CODE_ACCESS_CHALLENGE;
+ vp->vp_uint32 = FR_RADIUS_CODE_ACCESS_CHALLENGE;
fr_pair_append(&request->reply_pairs, vp);
}
}
fr_trunk_request_t *treq;
fr_assert(request->packet->code > 0);
- fr_assert(request->packet->code < FR_RADIUS_MAX_PACKET_CODE);
+ fr_assert(request->packet->code < FR_RADIUS_CODE_MAX);
- if (request->packet->code == FR_CODE_STATUS_SERVER) {
+ if (request->packet->code == FR_RADIUS_CODE_STATUS_SERVER) {
RWDEBUG("Status-Server is reserved for internal use, and cannot be sent manually.");
RETURN_MODULE_NOOP;
}
vp->vp_uint32 = 0; /* no echo */
/* Mark the packet as a Acceess-Challenge Packet */
- request->reply->code = FR_CODE_ACCESS_CHALLENGE;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_CHALLENGE;
RDEBUG2("Sending Access-Challenge");
rcode = RLM_MODULE_HANDLED;
break;
*/
if ((inst->rcode == RLM_MODULE_HANDLED) && reply) {
switch (packet->code) {
- case FR_CODE_ACCESS_REQUEST:
- reply->code = FR_CODE_ACCESS_ACCEPT;
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ reply->code = FR_RADIUS_CODE_ACCESS_ACCEPT;
break;
- case FR_CODE_ACCOUNTING_REQUEST:
- reply->code = FR_CODE_ACCOUNTING_RESPONSE;
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ reply->code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
break;
- case FR_CODE_COA_REQUEST:
- reply->code = FR_CODE_COA_ACK;
+ case FR_RADIUS_CODE_COA_REQUEST:
+ reply->code = FR_RADIUS_CODE_COA_ACK;
break;
- case FR_CODE_DISCONNECT_REQUEST:
- reply->code = FR_CODE_DISCONNECT_ACK;
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+ reply->code = FR_RADIUS_CODE_DISCONNECT_ACK;
break;
default:
fr_dict_attr_t const *ipv6_da; //!< FreeRADIUS-Stats4-IPv6-Address
fr_dlist_head_t list; //!< for threads to know about each other
- uint64_t stats[FR_RADIUS_MAX_PACKET_CODE];
+ uint64_t stats[FR_RADIUS_CODE_MAX];
} rlm_stats_t;
typedef struct {
fr_ipaddr_t ipaddr; //!< IP address of this thing
fr_time_t created; //!< when it was created
fr_time_t last_packet; //!< when we last saw a packet
- uint64_t stats[FR_RADIUS_MAX_PACKET_CODE]; //!< actual statistic
+ uint64_t stats[FR_RADIUS_CODE_MAX]; //!< actual statistic
} rlm_stats_data_t;
typedef struct {
rbtree_t *src; //!< stats by source
rbtree_t *dst; //!< stats by destination
- uint64_t stats[FR_RADIUS_MAX_PACKET_CODE];
+ uint64_t stats[FR_RADIUS_CODE_MAX];
} rlm_stats_thread_t;
static const CONF_PARSER module_config[] = {
{ NULL }
};
-static void coalesce(uint64_t final_stats[FR_RADIUS_MAX_PACKET_CODE], rlm_stats_thread_t *t,
+static void coalesce(uint64_t final_stats[FR_RADIUS_CODE_MAX], rlm_stats_thread_t *t,
size_t tree_offset, rlm_stats_data_t *mydata)
{
rlm_stats_data_t *stats;
rlm_stats_thread_t *other;
rbtree_t **tree;
- uint64_t local_stats[FR_RADIUS_MAX_PACKET_CODE];
+ uint64_t local_stats[FR_RADIUS_CODE_MAX];
tree = (rbtree_t **) (((uint8_t *) t) + tree_offset);
*/
stats = rbtree_find_data(*tree, mydata);
if (!stats) {
- memset(final_stats, 0, sizeof(uint64_t) * FR_RADIUS_MAX_PACKET_CODE);
+ memset(final_stats, 0, sizeof(uint64_t) * FR_RADIUS_CODE_MAX);
} else {
memcpy(final_stats, stats->stats, sizeof(stats->stats));
}
}
memcpy(&local_stats, stats->stats, sizeof(stats->stats));
- for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+ for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
final_stats[i] += local_stats[i];
}
}
int src_code, dst_code;
src_code = request->packet->code;
- if (src_code >= FR_RADIUS_MAX_PACKET_CODE) src_code = 0;
+ if (src_code >= FR_RADIUS_CODE_MAX) src_code = 0;
dst_code = request->reply->code;
- if (dst_code >= FR_RADIUS_MAX_PACKET_CODE) dst_code = 0;
+ if (dst_code >= FR_RADIUS_CODE_MAX) dst_code = 0;
t->stats[src_code]++;
t->stats[dst_code]++;
t->last_global_update = request->async->recv_time;
pthread_mutex_lock(&inst->mutex);
- for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+ for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
inst->stats[i] += t->stats[i];
t->stats[i] = 0;
}
* Ignore "authenticate" and anything other than Status-Server
*/
if ((request->request_state != REQUEST_RECV) ||
- (request->packet->code != FR_CODE_STATUS_SERVER)) {
+ (request->packet->code != FR_RADIUS_CODE_STATUS_SERVER)) {
RETURN_MODULE_NOOP;
}
* The copy helps minimize mutex contention.
*/
pthread_mutex_lock(&inst->mutex);
- for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+ for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
inst->stats[i] += t->stats[i];
t->stats[i] = 0;
}
strcpy(buffer, "FreeRADIUS-Stats4-");
- for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+ for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
fr_dict_attr_t const *da;
if (!local_stats[i]) continue;
int i;
pthread_mutex_lock(&inst->mutex);
- for (i = 0; i < FR_RADIUS_MAX_PACKET_CODE; i++) {
+ for (i = 0; i < FR_RADIUS_CODE_MAX; i++) {
inst->stats[i] += t->stats[i];
}
fr_dlist_remove(&inst->list, t);
* Don't print out debugging messages if we know
* they're useless.
*/
- if ((request->dict == dict_radius) && request->packet->code != FR_CODE_ACCESS_CHALLENGE) {
+ if ((request->dict == dict_radius) && request->packet->code != FR_RADIUS_CODE_ACCESS_CHALLENGE) {
RDEBUG2("No cleartext password in the request. Can't do Yubikey authentication");
}
/**
* $Id$
* @file src/process/radius/base.c
- * @brief RADIUS handler
+ * @brief RADIUS process module
*
* @copyright 2021 The FreeRADIUS server project.
* @copyright 2021 Network RADIUS SARL (legal@networkradius.com)
{ NULL }
};
-
-static fr_dict_attr_t const *attr_packet_type;
-
-static fr_dict_attr_t const *attr_acct_status_type;
-
static fr_dict_attr_t const *attr_auth_type;
-static fr_dict_attr_t const *attr_calling_station_id;
-static fr_dict_attr_t const *attr_chap_password;
static fr_dict_attr_t const *attr_module_failure_message;
static fr_dict_attr_t const *attr_module_success_message;
static fr_dict_attr_t const *attr_stripped_user_name;
+static fr_dict_attr_t const *attr_acct_status_type;
+static fr_dict_attr_t const *attr_calling_station_id;
+static fr_dict_attr_t const *attr_chap_password;
static fr_dict_attr_t const *attr_nas_port;
+static fr_dict_attr_t const *attr_packet_type;
static fr_dict_attr_t const *attr_service_type;
static fr_dict_attr_t const *attr_state;
static fr_dict_attr_t const *attr_user_name;
extern fr_dict_attr_autoload_t process_radius_dict_attr[];
fr_dict_attr_autoload_t process_radius_dict_attr[] = {
- { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
- { .out = &attr_acct_status_type, .name = "Acct-Status-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
{ .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
{ .out = &attr_module_failure_message, .name = "Module-Failure-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_module_success_message, .name = "Module-Success-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_stripped_user_name, .name = "Stripped-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
+ { .out = &attr_acct_status_type, .name = "Acct-Status-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
{ .out = &attr_calling_station_id, .name = "Calling-Station-Id", .type = FR_TYPE_STRING, .dict = &dict_radius },
{ .out = &attr_chap_password, .name = "CHAP-Password", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
{ .out = &attr_nas_port, .name = "NAS-Port", .type = FR_TYPE_UINT32, .dict = &dict_radius },
+ { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
{ .out = &attr_service_type, .name = "Service-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
{ .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
{ .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
/*
* RADIUS state machine configuration
*/
-typedef struct radius_unlang_packets_s {
+typedef struct {
uint64_t nothing; // so that "access_request" isn't at offset 0
- CONF_SECTION *access_request;
- CONF_SECTION *access_accept;
- CONF_SECTION *access_reject;
- CONF_SECTION *access_challenge;
+ CONF_SECTION *access_request;
+ CONF_SECTION *access_accept;
+ CONF_SECTION *access_reject;
+ CONF_SECTION *access_challenge;
- CONF_SECTION *accounting_request;
- CONF_SECTION *accounting_response;
+ CONF_SECTION *accounting_request;
+ CONF_SECTION *accounting_response;
- CONF_SECTION *status_server;
+ CONF_SECTION *status_server;
- CONF_SECTION *coa_request;
- CONF_SECTION *coa_ack;
- CONF_SECTION *coa_nak;
+ CONF_SECTION *coa_request;
+ CONF_SECTION *coa_ack;
+ CONF_SECTION *coa_nak;
- CONF_SECTION *disconnect_request;
- CONF_SECTION *disconnect_ack;
- CONF_SECTION *disconnect_nak;
+ CONF_SECTION *disconnect_request;
+ CONF_SECTION *disconnect_ack;
+ CONF_SECTION *disconnect_nak;
- CONF_SECTION *do_not_respond;
- CONF_SECTION *protocol_error; /* @todo - allow protocol error as a reject reply? */
-} radius_unlang_packets_t;
+ CONF_SECTION *do_not_respond;
+ CONF_SECTION *protocol_error; /* @todo - allow protocol error as a reject reply? */
+} process_radius_sections_t;
typedef struct {
bool log_stripped_names;
- bool log_auth; //!< Log authentication attempts.
- bool log_auth_badpass; //!< Log successful authentications.
- bool log_auth_goodpass; //!< Log failed authentications.
- char const *auth_badpass_msg; //!< Additional text to append to successful auth messages.
- char const *auth_goodpass_msg; //!< Additional text to append to failed auth messages.
+ bool log_auth; //!< Log authentication attempts.
+ bool log_auth_badpass; //!< Log successful authentications.
+ bool log_auth_goodpass; //!< Log failed authentications.
+ char const *auth_badpass_msg; //!< Additional text to append to successful auth messages.
+ char const *auth_goodpass_msg; //!< Additional text to append to failed auth messages.
- char const *denied_msg; //!< Additional text to append if the user is already logged
- //!< in (simultaneous use check failed).
+ char const *denied_msg; //!< Additional text to append if the user is already logged
+ //!< in (simultaneous use check failed).
- uint32_t session_timeout; //!< Maximum time between the last response and next request.
- uint32_t max_session; //!< Maximum ongoing session allowed.
+ uint32_t session_timeout; //!< Maximum time between the last response and next request.
+ uint32_t max_session; //!< Maximum ongoing session allowed.
- uint8_t state_server_id; //!< Sets a specific byte in the state to allow the
- //!< authenticating server to be identified in packet
- //!< captures.
+ uint8_t state_server_id; //!< Sets a specific byte in the state to allow the
+ //!< authenticating server to be identified in packet
+ //!<captures.
- fr_state_tree_t *state_tree; //!< State tree to link multiple requests/responses.
-} radius_auth_t;
+ fr_state_tree_t *state_tree; //!< State tree to link multiple requests/responses.
+} process_radius_auth_t;
-typedef struct process_radius_s {
- radius_unlang_packets_t packets;
- radius_auth_t auth;
+typedef struct {
+ process_radius_sections_t sections; //!< Pointers to various config sections
+ ///< we need to execute.
+ process_radius_auth_t auth; //!< Authentication configuration.
} process_radius_t;
static const CONF_PARSER session_config[] = {
- { FR_CONF_OFFSET("timeout", FR_TYPE_UINT32, radius_auth_t, session_timeout), .dflt = "15" },
- { FR_CONF_OFFSET("max", FR_TYPE_UINT32, radius_auth_t, max_session), .dflt = "4096" },
- { FR_CONF_OFFSET("state_server_id", FR_TYPE_UINT8, radius_auth_t, state_server_id) },
+ { FR_CONF_OFFSET("timeout", FR_TYPE_UINT32, process_radius_auth_t, session_timeout), .dflt = "15" },
+ { FR_CONF_OFFSET("max", FR_TYPE_UINT32, process_radius_auth_t, max_session), .dflt = "4096" },
+ { FR_CONF_OFFSET("state_server_id", FR_TYPE_UINT8, process_radius_auth_t, state_server_id) },
CONF_PARSER_TERMINATOR
};
static const CONF_PARSER log_config[] = {
- { FR_CONF_OFFSET("stripped_names", FR_TYPE_BOOL, radius_auth_t, log_stripped_names), .dflt = "no" },
- { FR_CONF_OFFSET("auth", FR_TYPE_BOOL, radius_auth_t, log_auth), .dflt = "no" },
- { FR_CONF_OFFSET("auth_badpass", FR_TYPE_BOOL, radius_auth_t, log_auth_badpass), .dflt = "no" },
- { FR_CONF_OFFSET("auth_goodpass", FR_TYPE_BOOL,radius_auth_t, log_auth_goodpass), .dflt = "no" },
- { FR_CONF_OFFSET("msg_badpass", FR_TYPE_STRING, radius_auth_t, auth_badpass_msg) },
- { FR_CONF_OFFSET("msg_goodpass", FR_TYPE_STRING, radius_auth_t, auth_goodpass_msg) },
- { FR_CONF_OFFSET("msg_denied", FR_TYPE_STRING, radius_auth_t, denied_msg), .dflt = "You are already logged in - access denied" },
+ { FR_CONF_OFFSET("stripped_names", FR_TYPE_BOOL, process_radius_auth_t, log_stripped_names), .dflt = "no" },
+ { FR_CONF_OFFSET("auth", FR_TYPE_BOOL, process_radius_auth_t, log_auth), .dflt = "no" },
+ { FR_CONF_OFFSET("auth_badpass", FR_TYPE_BOOL, process_radius_auth_t, log_auth_badpass), .dflt = "no" },
+ { FR_CONF_OFFSET("auth_goodpass", FR_TYPE_BOOL,process_radius_auth_t, log_auth_goodpass), .dflt = "no" },
+ { FR_CONF_OFFSET("msg_badpass", FR_TYPE_STRING, process_radius_auth_t, auth_badpass_msg) },
+ { FR_CONF_OFFSET("msg_goodpass", FR_TYPE_STRING, process_radius_auth_t, auth_goodpass_msg) },
+ { FR_CONF_OFFSET("msg_denied", FR_TYPE_STRING, process_radius_auth_t, denied_msg), .dflt = "You are already logged in - access denied" },
CONF_PARSER_TERMINATOR
};
/*
* RADIUS state machine tables for rcode to packet.
*/
-typedef unsigned int fr_packet_rcode_t[RLM_MODULE_NUMCODES];
-
-typedef struct radius_state_s {
- uint32_t packet_type[RLM_MODULE_NUMCODES];
- size_t offset;
- rlm_rcode_t rcode; // default rcode
- unsigned int reject; // reject packet
- module_method_t recv; // for incoming requests
- unlang_module_resume_t send; // for sending replies
- unlang_module_resume_t resume;
-} radius_state_t;
-
-static const radius_state_t radius_state[FR_RADIUS_MAX_PACKET_CODE];
+typedef struct {
+ fr_radius_packet_code_t packet_type[RLM_MODULE_NUMCODES]; //!< rcode to packet type mapping.
+ size_t section_offset; //!< Where to look in process_radius_sections_t for
+ ///< a pointer to the section we should execute.
+ rlm_rcode_t rcode; //!< Default rcode
+ fr_radius_packet_code_t reject; //!< Reject packet type.
+ module_method_t recv; //!< Method to call when receiving this type of packet.
+ unlang_module_resume_t resume; //!< Function to call after running a recv section.
+ unlang_module_resume_t send; //!< Method to call when sending this type of packet.
+} process_radius_state_t;
+
+static process_radius_state_t const radius_state[FR_RADIUS_CODE_MAX];
#define RAUTH(fmt, ...) log_request(L_AUTH, L_DBG_LVL_OFF, request, __FILE__, __LINE__, fmt, ## __VA_ARGS__)
-#ifndef NDEBUG
-# define TRACE RDEBUG3("Entered state %s", __FUNCTION__)
-#else
-# define TRACE
-#endif
-
/*
* Return a short string showing the terminal server, port
* and calling station ID.
* Make sure user/pass are clean and then create an attribute
* which contains the log message.
*/
-static void CC_HINT(format (printf, 4, 5)) auth_message(radius_auth_t const *inst,
+static void CC_HINT(format (printf, 4, 5)) auth_message(process_radius_auth_t const *inst,
request_t *request, bool goodpass, char const *fmt, ...)
{
va_list ap;
*/
#define UPDATE_STATE_CS(_x) do { \
state = &radius_state[request->_x->code]; \
- cs = *(CONF_SECTION **) (((uint8_t *) &inst->packets) + state->offset); \
+ cs = *(CONF_SECTION **) (((uint8_t *) &inst->sections) + state->section_offset); \
} while (0)
#define UPDATE_STATE(_x) state = &radius_state[request->_x->code]
#define SEND(_x) static unlang_action_t send_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, UNUSED void *rctx)
#define RESUME(_x) static unlang_action_t resume_ ## _x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, UNUSED void *rctx)
-#define RADIUS_PACKET_CODE_VALID(_code) (((_code) > 0) && ((_code) < FR_RADIUS_MAX_PACKET_CODE))
#if 0
RECV(access_request)
{
RESUME(access_request)
{
- rlm_rcode_t rcode = request->rcode;
- fr_pair_t *vp;
- CONF_SECTION *cs;
- fr_dict_enum_t const *dv;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ rlm_rcode_t rcode = request->rcode;
+ fr_pair_t *vp;
+ CONF_SECTION *cs;
+ fr_dict_enum_t const *dv;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
fr_assert(rcode < RLM_MODULE_NUMCODES);
request->reply->code = state->packet_type[rcode];
UPDATE_STATE_CS(reply);
- if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
+ if (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) {
RDEBUG("The 'recv Access-Request' section returned %s - not sending a response",
fr_table_str_by_value(rcode_table, rcode, "???"));
RESUME(auth_type)
{
- static const uint32_t auth_type_rcode[RLM_MODULE_NUMCODES] = {
- [RLM_MODULE_OK] = FR_CODE_ACCESS_ACCEPT,
- [RLM_MODULE_FAIL] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_INVALID] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_NOOP] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_NOTFOUND] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_REJECT] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_UPDATED] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT,
+ static const fr_radius_packet_code_t auth_type_rcode[RLM_MODULE_NUMCODES] = {
+ [RLM_MODULE_OK] = FR_RADIUS_CODE_ACCESS_ACCEPT,
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_NOOP] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT,
};
- rlm_rcode_t rcode = request->rcode;
- fr_pair_t *vp;
- CONF_SECTION *cs;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ rlm_rcode_t rcode = request->rcode;
+ fr_pair_t *vp;
+ CONF_SECTION *cs;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
fr_assert(rcode < RLM_MODULE_NUMCODES);
- fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+ fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
- if (auth_type_rcode[rcode] == FR_CODE_DO_NOT_RESPOND) {
+ if (auth_type_rcode[rcode] == FR_RADIUS_CODE_DO_NOT_RESPOND) {
request->reply->code = auth_type_rcode[rcode];
UPDATE_STATE_CS(reply);
request->reply->code = auth_type_rcode[rcode];
if (!request->reply->code) {
RDEBUG("No reply code was set. Forcing to Access-Reject");
- request->reply->code = FR_CODE_ACCESS_REJECT;
+ request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT;
} else switch (request->reply->code) {
/*
* Print complaints before running "send Access-Reject"
*/
- case FR_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
RDEBUG2("Failed to authenticate the user");
/*
break;
/*
- * Access-Challenge packets require a State. If there is
+ * Access-Challenge sections require a State. If there is
* none, create one here. This is so that the State
* attribute is accessible in the "send Access-Challenge"
* section.
*/
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_state)) != NULL) {
uint8_t buffer[16];
RESUME(access_accept)
{
- fr_pair_t *vp;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ fr_pair_t *vp;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
vp = fr_pair_find_by_da(&request->request_pairs, attr_module_success_message);
if (vp){
RESUME(access_reject)
{
- fr_pair_t *vp;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ fr_pair_t *vp;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
vp = fr_pair_find_by_da(&request->request_pairs, attr_module_failure_message);
if (vp) {
RESUME(access_challenge)
{
- CONF_SECTION *cs;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ CONF_SECTION *cs;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
/*
* Cache the state context.
* If this fails, don't respond to the request.
*/
if (fr_request_to_state(inst->auth.state_tree, request) < 0) {
- request->reply->code = FR_CODE_DO_NOT_RESPOND;
+ request->reply->code = FR_RADIUS_CODE_DO_NOT_RESPOND;
UPDATE_STATE_CS(reply);
return unlang_module_yield_to_section(p_result, request,
cs, state->rcode, state->send,
NULL, NULL);
}
- fr_assert(request->reply->code == FR_CODE_ACCESS_CHALLENGE);
+ fr_assert(request->reply->code == FR_RADIUS_CODE_ACCESS_CHALLENGE);
RETURN_MODULE_OK;
}
RESUME(acct_type)
{
- static const uint32_t acct_type_rcode[RLM_MODULE_NUMCODES] = {
- [RLM_MODULE_FAIL] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_INVALID] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_NOTFOUND] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_REJECT] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_DISALLOW] = FR_CODE_DO_NOT_RESPOND,
+ static const fr_radius_packet_code_t acct_type_rcode[RLM_MODULE_NUMCODES] = {
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND,
};
- rlm_rcode_t rcode = request->rcode;
- CONF_SECTION *cs;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ rlm_rcode_t rcode = request->rcode;
+ CONF_SECTION *cs;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
fr_assert(rcode < RLM_MODULE_NUMCODES);
- fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+ fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
if (acct_type_rcode[rcode]) {
- fr_assert(acct_type_rcode[rcode] == FR_CODE_DO_NOT_RESPOND);
+ fr_assert(acct_type_rcode[rcode] == FR_RADIUS_CODE_DO_NOT_RESPOND);
request->reply->code = acct_type_rcode[rcode];
UPDATE_STATE_CS(reply);
NULL, NULL);
}
- request->reply->code = FR_CODE_ACCOUNTING_RESPONSE;
+ request->reply->code = FR_RADIUS_CODE_ACCOUNTING_RESPONSE;
UPDATE_STATE_CS(reply);
fr_assert(state->send != NULL);
RESUME(accounting_request)
{
- rlm_rcode_t rcode = request->rcode;
- fr_pair_t *vp;
- CONF_SECTION *cs;
- fr_dict_enum_t const *dv;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ rlm_rcode_t rcode = request->rcode;
+ fr_pair_t *vp;
+ CONF_SECTION *cs;
+ fr_dict_enum_t const *dv;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
fr_assert(rcode < RLM_MODULE_NUMCODES);
request->reply->code = state->packet_type[rcode];
UPDATE_STATE_CS(reply);
- if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
+ if (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) {
RDEBUG("The 'recv Accounting-Request' section returned %s - not sending a response",
fr_table_str_by_value(rcode_table, rcode, "???"));
RECV(generic)
{
- CONF_SECTION *cs;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ CONF_SECTION *cs;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
if (request->parent && RDEBUG_ENABLED) {
RDEBUG("Received %s ID %i", fr_packet_codes[request->packet->code], request->packet->id);
RESUME(recv_generic)
{
- rlm_rcode_t rcode = request->rcode;
- CONF_SECTION *cs;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ rlm_rcode_t rcode = request->rcode;
+ CONF_SECTION *cs;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
fr_assert(rcode < RLM_MODULE_NUMCODES);
SEND(generic)
{
- fr_pair_t *vp;
- CONF_SECTION *cs;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ fr_pair_t *vp;
+ CONF_SECTION *cs;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
- fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+ fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
UPDATE_STATE_CS(reply);
&request->reply_pairs, attr_packet_type) >= 0);
vp->vp_uint32 = request->reply->code;
- } else if (RADIUS_PACKET_CODE_VALID(vp->vp_uint32)) {
+ } else if ((vp->vp_uint32 != FR_RADIUS_CODE_MAX) && FR_RADIUS_PACKET_CODE_VALID(vp->vp_uint32)) {
request->reply->code = vp->vp_uint32;
UPDATE_STATE_CS(reply);
RESUME(send_generic)
{
- rlm_rcode_t rcode = request->rcode;
- CONF_SECTION *cs;
- radius_state_t const *state;
- process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
+ rlm_rcode_t rcode = request->rcode;
+ CONF_SECTION *cs;
+ process_radius_state_t const *state;
+ process_radius_t *inst = talloc_get_type_abort_const(mctx->instance, process_radius_t);
- TRACE;
+ PROCESS_TRACE;
- fr_assert(RADIUS_PACKET_CODE_VALID(request->reply->code));
+ fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code));
/*
* If they delete &reply.Packet-Type, tough for them.
* And anything can say "don't respond".
*/
if ((state->packet_type[rcode] != request->reply->code) &&
- ((state->packet_type[rcode] == state->reject) || (state->packet_type[rcode] == FR_CODE_DO_NOT_RESPOND))) {
+ ((state->packet_type[rcode] == state->reject) || (state->packet_type[rcode] == FR_RADIUS_CODE_DO_NOT_RESPOND))) {
char const *old = cf_section_name2(cs);
request->reply->code = state->packet_type[rcode];
fr_assert(!state->packet_type[rcode] || (state->packet_type[rcode] == request->reply->code));
break;
- case FR_CODE_DO_NOT_RESPOND:
+ case FR_RADIUS_CODE_DO_NOT_RESPOND:
RDEBUG("The 'send %s' section returned %s - not sending a response",
fr_table_str_by_value(rcode_table, rcode, "???"),
cf_section_name2(cs));
- request->reply->code = FR_CODE_DO_NOT_RESPOND;
+ request->reply->code = FR_RADIUS_CODE_DO_NOT_RESPOND;
break;
}
/*
* Check for "do not respond".
*/
- if (request->reply->code == FR_CODE_DO_NOT_RESPOND) {
+ if (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) {
RDEBUG("Not sending reply to client.");
RETURN_MODULE_OK;
}
static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
{
- radius_state_t const *state;
+ process_radius_state_t const *state;
- TRACE;
+ PROCESS_TRACE;
- fr_assert(RADIUS_PACKET_CODE_VALID(request->packet->code));
+ fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->packet->code));
UPDATE_STATE(packet);
return 0;
}
-static const radius_state_t radius_state[FR_RADIUS_MAX_PACKET_CODE] = {
- [ FR_CODE_ACCESS_REQUEST ] = {
+static process_radius_state_t const radius_state[FR_RADIUS_CODE_MAX] = {
+ [ FR_RADIUS_CODE_ACCESS_REQUEST ] = {
.packet_type = {
- [RLM_MODULE_NOOP] = FR_CODE_ACCESS_ACCEPT,
- [RLM_MODULE_OK] = FR_CODE_ACCESS_ACCEPT,
- [RLM_MODULE_UPDATED] = FR_CODE_ACCESS_ACCEPT,
- [RLM_MODULE_HANDLED] = FR_CODE_ACCESS_ACCEPT,
-
- [RLM_MODULE_FAIL] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_INVALID] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_REJECT] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+ [RLM_MODULE_NOOP] = FR_RADIUS_CODE_ACCESS_ACCEPT,
+ [RLM_MODULE_OK] = FR_RADIUS_CODE_ACCESS_ACCEPT,
+ [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_ACCESS_ACCEPT,
+ [RLM_MODULE_HANDLED] = FR_RADIUS_CODE_ACCESS_ACCEPT,
+
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
},
.rcode = RLM_MODULE_REJECT,
.recv = recv_generic,
.resume = resume_access_request,
- .offset = offsetof(radius_unlang_packets_t, access_request),
+ .section_offset = offsetof(process_radius_sections_t, access_request),
},
- [ FR_CODE_ACCESS_ACCEPT ] = {
+ [ FR_RADIUS_CODE_ACCESS_ACCEPT ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_INVALID] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_REJECT] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
},
.rcode = RLM_MODULE_NOOP,
- .reject = FR_CODE_ACCESS_REJECT,
+ .reject = FR_RADIUS_CODE_ACCESS_REJECT,
.send = send_generic,
.resume = resume_access_accept,
- .offset = offsetof(radius_unlang_packets_t, access_accept),
+ .section_offset = offsetof(process_radius_sections_t, access_accept),
},
- [ FR_CODE_ACCESS_REJECT ] = {
+ [ FR_RADIUS_CODE_ACCESS_REJECT ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_INVALID] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_REJECT] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
},
.rcode = RLM_MODULE_NOOP,
.send = send_generic,
.resume = resume_access_reject,
- .offset = offsetof(radius_unlang_packets_t, access_reject),
+ .section_offset = offsetof(process_radius_sections_t, access_reject),
},
- [ FR_CODE_ACCESS_CHALLENGE ] = {
+ [ FR_RADIUS_CODE_ACCESS_CHALLENGE ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_INVALID] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_REJECT] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
},
.rcode = RLM_MODULE_NOOP,
- .reject = FR_CODE_ACCESS_REJECT,
+ .reject = FR_RADIUS_CODE_ACCESS_REJECT,
.send = send_generic,
.resume = resume_access_challenge,
- .offset = offsetof(radius_unlang_packets_t, access_challenge),
+ .section_offset = offsetof(process_radius_sections_t, access_challenge),
},
- [ FR_CODE_ACCOUNTING_REQUEST ] = {
+ [ FR_RADIUS_CODE_ACCOUNTING_REQUEST ] = {
.packet_type = {
- [RLM_MODULE_NOOP] = FR_CODE_ACCOUNTING_RESPONSE,
- [RLM_MODULE_OK] = FR_CODE_ACCOUNTING_RESPONSE,
- [RLM_MODULE_UPDATED] = FR_CODE_ACCOUNTING_RESPONSE,
- [RLM_MODULE_HANDLED] = FR_CODE_ACCOUNTING_RESPONSE,
-
- [RLM_MODULE_FAIL] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_INVALID] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_NOTFOUND] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_REJECT] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_DISALLOW] = FR_CODE_DO_NOT_RESPOND
+ [RLM_MODULE_NOOP] = FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+ [RLM_MODULE_OK] = FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+ [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+ [RLM_MODULE_HANDLED] = FR_RADIUS_CODE_ACCOUNTING_RESPONSE,
+
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND
},
.rcode = RLM_MODULE_NOOP,
.recv = recv_generic,
.resume = resume_accounting_request,
- .offset = offsetof(radius_unlang_packets_t, accounting_request),
+ .section_offset = offsetof(process_radius_sections_t, accounting_request),
},
- [ FR_CODE_ACCOUNTING_RESPONSE ] = {
+ [ FR_RADIUS_CODE_ACCOUNTING_RESPONSE ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_INVALID] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_NOTFOUND] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_REJECT] = FR_CODE_DO_NOT_RESPOND,
- [RLM_MODULE_DISALLOW] = FR_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DO_NOT_RESPOND,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND,
},
.rcode = RLM_MODULE_NOOP,
.send = send_generic,
.resume = resume_send_generic,
- .offset = offsetof(radius_unlang_packets_t, accounting_response),
+ .section_offset = offsetof(process_radius_sections_t, accounting_response),
},
- [ FR_CODE_STATUS_SERVER ] = {
+ [ FR_RADIUS_CODE_STATUS_SERVER ] = {
.packet_type = {
- [RLM_MODULE_OK] = FR_CODE_ACCESS_ACCEPT,
- [RLM_MODULE_UPDATED] = FR_CODE_ACCESS_ACCEPT,
-
- [RLM_MODULE_FAIL] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_INVALID] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_NOTFOUND] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_REJECT] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_NOOP] = FR_CODE_ACCESS_REJECT,
- [RLM_MODULE_DISALLOW] = FR_CODE_ACCESS_REJECT
+ [RLM_MODULE_OK] = FR_RADIUS_CODE_ACCESS_ACCEPT,
+ [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_ACCESS_ACCEPT,
+
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_NOOP] = FR_RADIUS_CODE_ACCESS_REJECT,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT
},
.rcode = RLM_MODULE_NOOP,
.recv = recv_generic,
.resume = resume_recv_generic,
- .offset = offsetof(radius_unlang_packets_t, status_server),
+ .section_offset = offsetof(process_radius_sections_t, status_server),
},
- [ FR_CODE_COA_REQUEST ] = {
+ [ FR_RADIUS_CODE_COA_REQUEST ] = {
.packet_type = {
- [RLM_MODULE_NOOP] = FR_CODE_COA_ACK,
- [RLM_MODULE_OK] = FR_CODE_COA_ACK,
- [RLM_MODULE_UPDATED] = FR_CODE_COA_ACK,
- [RLM_MODULE_NOTFOUND] = FR_CODE_COA_ACK,
-
- [RLM_MODULE_FAIL] = FR_CODE_COA_NAK,
- [RLM_MODULE_INVALID] = FR_CODE_COA_NAK,
- [RLM_MODULE_REJECT] = FR_CODE_COA_NAK,
- [RLM_MODULE_DISALLOW] = FR_CODE_COA_NAK
+ [RLM_MODULE_NOOP] = FR_RADIUS_CODE_COA_ACK,
+ [RLM_MODULE_OK] = FR_RADIUS_CODE_COA_ACK,
+ [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_COA_ACK,
+ [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_COA_ACK,
+
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_COA_NAK
},
.rcode = RLM_MODULE_NOOP,
.recv = recv_generic,
.resume = resume_recv_generic,
- .offset = offsetof(radius_unlang_packets_t, coa_request),
+ .section_offset = offsetof(process_radius_sections_t, coa_request),
},
- [ FR_CODE_COA_ACK ] = {
+ [ FR_RADIUS_CODE_COA_ACK ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_COA_NAK,
- [RLM_MODULE_INVALID] = FR_CODE_COA_NAK,
- [RLM_MODULE_REJECT] = FR_CODE_COA_NAK,
- [RLM_MODULE_DISALLOW] = FR_CODE_COA_NAK
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_COA_NAK
},
.rcode = RLM_MODULE_NOOP,
- .reject = FR_CODE_COA_NAK,
+ .reject = FR_RADIUS_CODE_COA_NAK,
.send = send_generic,
.resume = resume_send_generic,
- .offset = offsetof(radius_unlang_packets_t, coa_ack),
+ .section_offset = offsetof(process_radius_sections_t, coa_ack),
},
- [ FR_CODE_COA_NAK ] = {
+ [ FR_RADIUS_CODE_COA_NAK ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_COA_NAK,
- [RLM_MODULE_INVALID] = FR_CODE_COA_NAK,
- [RLM_MODULE_REJECT] = FR_CODE_COA_NAK,
- [RLM_MODULE_DISALLOW] = FR_CODE_COA_NAK
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_COA_NAK,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_COA_NAK
},
.rcode = RLM_MODULE_NOOP,
.send = send_generic,
.resume = resume_send_generic,
- .offset = offsetof(radius_unlang_packets_t, coa_nak),
+ .section_offset = offsetof(process_radius_sections_t, coa_nak),
},
- [ FR_CODE_DISCONNECT_REQUEST ] = {
+ [ FR_RADIUS_CODE_DISCONNECT_REQUEST ] = {
.packet_type = {
- [RLM_MODULE_NOOP] = FR_CODE_DISCONNECT_ACK,
- [RLM_MODULE_OK] = FR_CODE_DISCONNECT_ACK,
- [RLM_MODULE_UPDATED] = FR_CODE_DISCONNECT_ACK,
- [RLM_MODULE_NOTFOUND] = FR_CODE_DISCONNECT_ACK,
-
- [RLM_MODULE_FAIL] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_INVALID] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_REJECT] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_DISALLOW] = FR_CODE_DISCONNECT_NAK
+ [RLM_MODULE_NOOP] = FR_RADIUS_CODE_DISCONNECT_ACK,
+ [RLM_MODULE_OK] = FR_RADIUS_CODE_DISCONNECT_ACK,
+ [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_DISCONNECT_ACK,
+ [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DISCONNECT_ACK,
+
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DISCONNECT_NAK
},
.rcode = RLM_MODULE_NOOP,
.recv = recv_generic,
.resume = resume_recv_generic,
- .offset = offsetof(radius_unlang_packets_t, disconnect_request),
+ .section_offset = offsetof(process_radius_sections_t, disconnect_request),
},
- [ FR_CODE_DISCONNECT_ACK ] = {
+ [ FR_RADIUS_CODE_DISCONNECT_ACK ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_INVALID] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_REJECT] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_DISALLOW] = FR_CODE_DISCONNECT_NAK
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DISCONNECT_NAK
},
.rcode = RLM_MODULE_NOOP,
- .reject = FR_CODE_DISCONNECT_NAK,
+ .reject = FR_RADIUS_CODE_DISCONNECT_NAK,
.send = send_generic,
.resume = resume_send_generic,
- .offset = offsetof(radius_unlang_packets_t, disconnect_ack),
+ .section_offset = offsetof(process_radius_sections_t, disconnect_ack),
},
- [ FR_CODE_DISCONNECT_NAK ] = {
+ [ FR_RADIUS_CODE_DISCONNECT_NAK ] = {
.packet_type = {
- [RLM_MODULE_FAIL] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_INVALID] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_REJECT] = FR_CODE_DISCONNECT_NAK,
- [RLM_MODULE_DISALLOW] = FR_CODE_DISCONNECT_NAK
+ [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DISCONNECT_NAK,
+ [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DISCONNECT_NAK
},
.rcode = RLM_MODULE_NOOP,
.send = send_generic,
.resume = resume_send_generic,
- .offset = offsetof(radius_unlang_packets_t, disconnect_nak),
+ .section_offset = offsetof(process_radius_sections_t, disconnect_nak),
},
};
#undef CONF
-#define CONF(_x) .offset = offsetof(process_radius_t, packets._x)
+#define CONF(_x) .offset = offsetof(process_radius_t, sections._x)
-static const virtual_server_compile_t compile_list[] = {
+static virtual_server_compile_t const compile_list[] = {
{
.name = "recv",
.name2 = "Access-Request",
#define FR_DEBUG_STRERROR_PRINTF if (fr_debug_lvl) fr_strerror_printf_push
fr_table_num_sorted_t const fr_request_types[] = {
- { L("acct"), FR_CODE_ACCOUNTING_REQUEST },
- { L("auth"), FR_CODE_ACCESS_REQUEST },
- { L("auto"), FR_CODE_UNDEFINED },
- { L("challenge"), FR_CODE_ACCESS_CHALLENGE },
- { L("coa"), FR_CODE_COA_REQUEST },
- { L("disconnect"), FR_CODE_DISCONNECT_REQUEST },
- { L("status"), FR_CODE_STATUS_SERVER }
+ { L("acct"), FR_RADIUS_CODE_ACCOUNTING_REQUEST },
+ { L("auth"), FR_RADIUS_CODE_ACCESS_REQUEST },
+ { L("auto"), FR_RADIUS_CODE_UNDEFINED },
+ { L("challenge"), FR_RADIUS_CODE_ACCESS_CHALLENGE },
+ { L("coa"), FR_RADIUS_CODE_COA_REQUEST },
+ { L("disconnect"), FR_RADIUS_CODE_DISCONNECT_REQUEST },
+ { L("status"), FR_RADIUS_CODE_STATUS_SERVER }
};
size_t fr_request_types_len = NUM_ELEMENTS(fr_request_types);
-char const *fr_packet_codes[FR_RADIUS_MAX_PACKET_CODE] = {
+char const *fr_packet_codes[FR_RADIUS_CODE_MAX] = {
"", //!< 0
"Access-Request",
"Access-Accept",
"Protocol-Error",
};
-bool const fr_request_packets[FR_RADIUS_MAX_PACKET_CODE + 1] = {
- [FR_CODE_ACCESS_REQUEST] = true,
- [FR_CODE_ACCOUNTING_REQUEST] = true,
- [FR_CODE_STATUS_SERVER] = true,
- [FR_CODE_COA_REQUEST] = true,
- [FR_CODE_DISCONNECT_REQUEST] = true,
+bool const fr_request_packets[FR_RADIUS_CODE_MAX + 1] = {
+ [FR_RADIUS_CODE_ACCESS_REQUEST] = true,
+ [FR_RADIUS_CODE_ACCOUNTING_REQUEST] = true,
+ [FR_RADIUS_CODE_STATUS_SERVER] = true,
+ [FR_RADIUS_CODE_COA_REQUEST] = true,
+ [FR_RADIUS_CODE_DISCONNECT_REQUEST] = true,
};
}
switch (packet[0]) {
- case FR_CODE_ACCOUNTING_RESPONSE:
- case FR_CODE_DISCONNECT_ACK:
- case FR_CODE_DISCONNECT_NAK:
- case FR_CODE_COA_ACK:
- case FR_CODE_COA_NAK:
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+ case FR_RADIUS_CODE_DISCONNECT_ACK:
+ case FR_RADIUS_CODE_DISCONNECT_NAK:
+ case FR_RADIUS_CODE_COA_ACK:
+ case FR_RADIUS_CODE_COA_NAK:
if (!original) goto need_original;
- if (original[0] == FR_CODE_STATUS_SERVER) goto do_ack;
+ if (original[0] == FR_RADIUS_CODE_STATUS_SERVER) goto do_ack;
FALL_THROUGH;
- case FR_CODE_ACCOUNTING_REQUEST:
- case FR_CODE_DISCONNECT_REQUEST:
- case FR_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
memset(packet + 4, 0, RADIUS_AUTH_VECTOR_LENGTH);
break;
- case FR_CODE_ACCESS_ACCEPT:
- case FR_CODE_ACCESS_REJECT:
- case FR_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
do_ack:
if (!original) goto need_original;
memcpy(packet + 4, original + 4, RADIUS_AUTH_VECTOR_LENGTH);
break;
- case FR_CODE_ACCESS_REQUEST:
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_STATUS_SERVER:
/* packet + 4 MUST be the Request Authenticator filled with random data */
break;
* Initialize the request authenticator.
*/
switch (packet[0]) {
- case FR_CODE_ACCOUNTING_REQUEST:
- case FR_CODE_DISCONNECT_REQUEST:
- case FR_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
memset(packet + 4, 0, RADIUS_AUTH_VECTOR_LENGTH);
break;
- case FR_CODE_ACCESS_ACCEPT:
- case FR_CODE_ACCESS_REJECT:
- case FR_CODE_ACCESS_CHALLENGE:
- case FR_CODE_ACCOUNTING_RESPONSE:
- case FR_CODE_DISCONNECT_ACK:
- case FR_CODE_DISCONNECT_NAK:
- case FR_CODE_COA_ACK:
- case FR_CODE_COA_NAK:
- case FR_CODE_PROTOCOL_ERROR:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+ case FR_RADIUS_CODE_DISCONNECT_ACK:
+ case FR_RADIUS_CODE_DISCONNECT_NAK:
+ case FR_RADIUS_CODE_COA_ACK:
+ case FR_RADIUS_CODE_COA_NAK:
+ case FR_RADIUS_CODE_PROTOCOL_ERROR:
if (!original) {
need_original:
fr_strerror_const("Cannot sign response packet without a request packet");
* We don't need to sign anything else, so
* return.
*/
- case FR_CODE_ACCESS_REQUEST:
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_STATUS_SERVER:
return 0;
default:
* Code of 16 or greate is not understood.
*/
if ((packet[0] == 0) ||
- (packet[0] >= FR_RADIUS_MAX_PACKET_CODE)) {
+ (packet[0] >= FR_RADIUS_CODE_MAX)) {
FR_DEBUG_STRERROR_PRINTF("unknown packet code %d", packet[0]);
failure = DECODE_FAIL_UNKNOWN_PACKET_CODE;
goto finish;
* Message-Authenticator is required in Status-Server
* packets, otherwise they can be trivially forged.
*/
- if (packet[0] == FR_CODE_STATUS_SERVER) require_ma = true;
+ if (packet[0] == FR_RADIUS_CODE_STATUS_SERVER) require_ma = true;
/*
* Repeat the length checks. This time, instead of
* These are random numbers, so there's no point in
* comparing them.
*/
- if ((packet[0] == FR_CODE_ACCESS_REQUEST) || (packet[0] == FR_CODE_STATUS_SERVER)) {
+ if ((packet[0] == FR_RADIUS_CODE_ACCESS_REQUEST) || (packet[0] == FR_RADIUS_CODE_STATUS_SERVER)) {
return 0;
}
FR_DBUFF_IN_RETURN(&work_dbuff, (uint16_t) RADIUS_HEADER_LENGTH);
switch (code) {
- case FR_CODE_ACCESS_REQUEST:
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_STATUS_SERVER:
/*
* Callers in these cases have preloaded the buffer with the authentication vector.
*/
FR_DBUFF_OUT_MEMCPY_RETURN(packet_ctx.vector, &work_dbuff, sizeof(packet_ctx.vector));
break;
- case FR_CODE_ACCESS_ACCEPT:
- case FR_CODE_ACCESS_REJECT:
- case FR_CODE_ACCESS_CHALLENGE:
- case FR_CODE_ACCOUNTING_RESPONSE:
- case FR_CODE_COA_ACK:
- case FR_CODE_COA_NAK:
- case FR_CODE_DISCONNECT_ACK:
- case FR_CODE_DISCONNECT_NAK:
- case FR_CODE_PROTOCOL_ERROR:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+ case FR_RADIUS_CODE_COA_ACK:
+ case FR_RADIUS_CODE_COA_NAK:
+ case FR_RADIUS_CODE_DISCONNECT_ACK:
+ case FR_RADIUS_CODE_DISCONNECT_NAK:
+ case FR_RADIUS_CODE_PROTOCOL_ERROR:
if (!original) {
fr_strerror_const("Cannot encode response without request");
return -1;
FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, packet_ctx.vector, RADIUS_AUTH_VECTOR_LENGTH);
break;
- case FR_CODE_ACCOUNTING_REQUEST:
- case FR_CODE_COA_REQUEST:
- case FR_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
memset(packet_ctx.vector, 0, sizeof(packet_ctx.vector));
FR_DBUFF_MEMSET_RETURN(&work_dbuff, 0, RADIUS_AUTH_VECTOR_LENGTH);
break;
* Original-Packet-Code manually. If the user adds it
* later themselves, well, too bad.
*/
- if (code == FR_CODE_PROTOCOL_ERROR) {
+ if (code == FR_RADIUS_CODE_PROTOCOL_ERROR) {
FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_EXTENDED_ATTRIBUTE_1, 0x07, 0x04 /* Original-Packet-Code */,
0x00, 0x00, 0x00, original[0]);
}
*
*/
typedef enum {
- FR_CODE_UNDEFINED = 0, //!< Packet code has not been set
- FR_CODE_ACCESS_REQUEST = 1, //!< RFC2865 - Access-Request
- FR_CODE_ACCESS_ACCEPT = 2, //!< RFC2865 - Access-Accept
- FR_CODE_ACCESS_REJECT = 3, //!< RFC2865 - Access-Reject
- FR_CODE_ACCOUNTING_REQUEST = 4, //!< RFC2866 - Accounting-Request
- FR_CODE_ACCOUNTING_RESPONSE = 5, //!< RFC2866 - Accounting-Response
- FR_CODE_ACCOUNTING_STATUS = 6, //!< RFC3575 - Reserved
- FR_CODE_PASSWORD_REQUEST = 7, //!< RFC3575 - Reserved
- FR_CODE_PASSWORD_ACK = 8, //!< RFC3575 - Reserved
- FR_CODE_PASSWORD_REJECT = 9, //!< RFC3575 - Reserved
- FR_CODE_ACCOUNTING_MESSAGE = 10, //!< RFC3575 - Reserved
- FR_CODE_ACCESS_CHALLENGE = 11, //!< RFC2865 - Access-Challenge
- FR_CODE_STATUS_SERVER = 12, //!< RFC2865/RFC5997 - Status Server (request)
- FR_CODE_STATUS_CLIENT = 13, //!< RFC2865/RFC5997 - Status Server (response)
- FR_CODE_DISCONNECT_REQUEST = 40, //!< RFC3575/RFC5176 - Disconnect-Request
- FR_CODE_DISCONNECT_ACK = 41, //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
- FR_CODE_DISCONNECT_NAK = 42, //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
- FR_CODE_COA_REQUEST = 43, //!< RFC3575/RFC5176 - CoA-Request
- FR_CODE_COA_ACK = 44, //!< RFC3575/RFC5176 - CoA-Ack (positive)
- FR_CODE_COA_NAK = 45, //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
- FR_CODE_PROTOCOL_ERROR = 52, //!< RFC7930 - Protocol-Error (generic NAK)
- FR_CODE_RADIUS_MAX = 255, //!< Maximum possible code
-} FR_CODE;
-
-/*
- * Maximum code that we accept
- */
-#define FR_RADIUS_MAX_PACKET_CODE (53)
-
-#define FR_CODE_DO_NOT_RESPOND (256)
+ FR_RADIUS_CODE_UNDEFINED = 0, //!< Packet code has not been set
+ FR_RADIUS_CODE_ACCESS_REQUEST = 1, //!< RFC2865 - Access-Request
+ FR_RADIUS_CODE_ACCESS_ACCEPT = 2, //!< RFC2865 - Access-Accept
+ FR_RADIUS_CODE_ACCESS_REJECT = 3, //!< RFC2865 - Access-Reject
+ FR_RADIUS_CODE_ACCOUNTING_REQUEST = 4, //!< RFC2866 - Accounting-Request
+ FR_RADIUS_CODE_ACCOUNTING_RESPONSE = 5, //!< RFC2866 - Accounting-Response
+ FR_RADIUS_CODE_ACCOUNTING_STATUS = 6, //!< RFC3575 - Reserved
+ FR_RADIUS_CODE_PASSWORD_REQUEST = 7, //!< RFC3575 - Reserved
+ FR_RADIUS_CODE_PASSWORD_ACK = 8, //!< RFC3575 - Reserved
+ FR_RADIUS_CODE_PASSWORD_REJECT = 9, //!< RFC3575 - Reserved
+ FR_RADIUS_CODE_ACCOUNTING_MESSAGE = 10, //!< RFC3575 - Reserved
+ FR_RADIUS_CODE_ACCESS_CHALLENGE = 11, //!< RFC2865 - Access-Challenge
+ FR_RADIUS_CODE_STATUS_SERVER = 12, //!< RFC2865/RFC5997 - Status Server (request)
+ FR_RADIUS_CODE_STATUS_CLIENT = 13, //!< RFC2865/RFC5997 - Status Server (response)
+ FR_RADIUS_CODE_DISCONNECT_REQUEST = 40, //!< RFC3575/RFC5176 - Disconnect-Request
+ FR_RADIUS_CODE_DISCONNECT_ACK = 41, //!< RFC3575/RFC5176 - Disconnect-Ack (positive)
+ FR_RADIUS_CODE_DISCONNECT_NAK = 42, //!< RFC3575/RFC5176 - Disconnect-Nak (not willing to perform)
+ FR_RADIUS_CODE_COA_REQUEST = 43, //!< RFC3575/RFC5176 - CoA-Request
+ FR_RADIUS_CODE_COA_ACK = 44, //!< RFC3575/RFC5176 - CoA-Ack (positive)
+ FR_RADIUS_CODE_COA_NAK = 45, //!< RFC3575/RFC5176 - CoA-Nak (not willing to perform)
+ FR_RADIUS_CODE_PROTOCOL_ERROR = 52, //!< RFC7930 - Protocol-Error (generic NAK)
+ FR_RADIUS_CODE_MAX = 53, //!< Maximum possible protocol code
+ FR_RADIUS_CODE_DO_NOT_RESPOND = 256 //!< Special rcode to indicate we will not respond.
+} fr_radius_packet_code_t;
+
+#define FR_RADIUS_PACKET_CODE_VALID(_code) (((_code) > 0) && ((_code) < FR_RADIUS_CODE_MAX))
#define FR_AUTH_UDP_PORT 1812
#define FR_AUTH_UDP_PORT_ALT 1645
static ssize_t fr_radius_encode_proto(UNUSED TALLOC_CTX *ctx, fr_pair_list_t *vps, uint8_t *data, size_t data_len, void *proto_ctx)
{
fr_radius_ctx_t *test_ctx = talloc_get_type_abort(proto_ctx, fr_radius_ctx_t);
- int packet_type = FR_CODE_ACCESS_REQUEST;
+ int packet_type = FR_RADIUS_CODE_ACCESS_REQUEST;
fr_pair_t *vp;
ssize_t slen;
vp = fr_pair_find_by_da(vps, attr_packet_type);
if (vp) packet_type = vp->vp_uint32;
- if ((packet_type == FR_CODE_ACCESS_REQUEST) || (packet_type == FR_CODE_STATUS_SERVER)) {
+ if ((packet_type == FR_RADIUS_CODE_ACCESS_REQUEST) || (packet_type == FR_RADIUS_CODE_STATUS_SERVER)) {
vp = fr_pair_find_by_da(vps, attr_packet_authentication_vector);
if (vp && (vp->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) {
memcpy(data + 4, vp->vp_octets, RADIUS_AUTH_VECTOR_LENGTH);
#endif
switch (packet->code) {
- case FR_CODE_ACCESS_REQUEST:
- case FR_CODE_STATUS_SERVER:
+ case FR_RADIUS_CODE_ACCESS_REQUEST:
+ case FR_RADIUS_CODE_STATUS_SERVER:
memcpy(packet_ctx.vector, packet->vector, sizeof(packet_ctx.vector));
break;
- case FR_CODE_ACCESS_ACCEPT:
- case FR_CODE_ACCESS_REJECT:
- case FR_CODE_ACCESS_CHALLENGE:
- case FR_CODE_ACCOUNTING_RESPONSE:
- case FR_CODE_COA_ACK:
- case FR_CODE_COA_NAK:
- case FR_CODE_DISCONNECT_ACK:
- case FR_CODE_DISCONNECT_NAK:
+ case FR_RADIUS_CODE_ACCESS_ACCEPT:
+ case FR_RADIUS_CODE_ACCESS_REJECT:
+ case FR_RADIUS_CODE_ACCESS_CHALLENGE:
+ case FR_RADIUS_CODE_ACCOUNTING_RESPONSE:
+ case FR_RADIUS_CODE_COA_ACK:
+ case FR_RADIUS_CODE_COA_NAK:
+ case FR_RADIUS_CODE_DISCONNECT_ACK:
+ case FR_RADIUS_CODE_DISCONNECT_NAK:
/*
* radsniff doesn't always have a response
*/
}
break;
- case FR_CODE_ACCOUNTING_REQUEST:
- case FR_CODE_COA_REQUEST:
- case FR_CODE_DISCONNECT_REQUEST:
+ case FR_RADIUS_CODE_ACCOUNTING_REQUEST:
+ case FR_RADIUS_CODE_COA_REQUEST:
+ case FR_RADIUS_CODE_DISCONNECT_REQUEST:
memset(packet->vector, 0, sizeof(packet->vector));
memset(packet_ctx.vector, 0, sizeof(packet_ctx.vector));
break;
* codes have the Request Authenticator be the packet
* signature.
*/
- if ((packet->code == FR_CODE_ACCESS_REQUEST) ||
- (packet->code == FR_CODE_STATUS_SERVER)) {
+ if ((packet->code == FR_RADIUS_CODE_ACCESS_REQUEST) ||
+ (packet->code == FR_RADIUS_CODE_STATUS_SERVER)) {
memcpy(packet->data + 4, packet->vector, sizeof(packet->vector));
}
fr_log(log, L_DBG, file, line, " Dst Port : %u", packet->socket.inet.dst_port);
}
- if ((packet->data[0] > 0) && (packet->data[0] < FR_RADIUS_MAX_PACKET_CODE)) {
+ if ((packet->data[0] > 0) && (packet->data[0] < FR_RADIUS_CODE_MAX)) {
fr_log(log, L_DBG, file, line, " Code : %s", fr_packet_codes[packet->data[0]]);
} else {
fr_log(log, L_DBG, file, line, " Code : %u", packet->data[0]);
* protocols/radius/base.c
*/
-extern char const *fr_packet_codes[FR_RADIUS_MAX_PACKET_CODE];
-#define is_radius_code(_x) ((_x > 0) && (_x < FR_RADIUS_MAX_PACKET_CODE))
+extern char const *fr_packet_codes[FR_RADIUS_CODE_MAX];
+#define is_radius_code(_x) ((_x > 0) && (_x < FR_RADIUS_CODE_MAX))
#define AUTH_PASS_LEN (RADIUS_AUTH_VECTOR_LENGTH)
extern size_t const fr_radius_attr_sizes[FR_TYPE_MAX + 1][2];
extern fr_table_num_sorted_t const fr_request_types[];
extern size_t fr_request_types_len;
-extern bool const fr_request_packets[FR_RADIUS_MAX_PACKET_CODE + 1];
+extern bool const fr_request_packets[FR_RADIUS_CODE_MAX + 1];
typedef enum {
DECODE_FAIL_NONE = 0,
#endif
#define FR_VQP_MAX_CODE (5)
-#define FR_CODE_DO_NOT_RESPOND (0)
+#define FR_RADIUS_CODE_DO_NOT_RESPOND (0)
#define FR_VQP_HDR_LEN (8)
#define FR_VQP_VERSION (1)
MPRINT1("\t\tENCODE >>> request %"PRIu64" - data %p %p room %zd\n",
request->number, pc, buffer, buffer_len);
- buffer[0] = FR_CODE_ACCESS_ACCEPT;
+ buffer[0] = FR_RADIUS_CODE_ACCESS_ACCEPT;
buffer[1] = pc->id;
buffer[2] = 0;
buffer[3] = 20;
* Verify the packet before doing anything more with it.
*/
packet = cd->m.data;
- if (packet[0] != FR_CODE_ACCESS_REQUEST) {
+ if (packet[0] != FR_RADIUS_CODE_ACCESS_REQUEST) {
MPRINT1("Master ignoring packet code %u\n", packet[0]);
goto discard;
}
MPRINT1("\t\tENCODE >>> request %"PRIu64"- data %p %p room %zd\n", request->number, pc, buffer, buffer_len);
- buffer[0] = FR_CODE_ACCESS_ACCEPT;
+ buffer[0] = FR_RADIUS_CODE_ACCESS_ACCEPT;
buffer[1] = tpc.id;
buffer[2] = 0;
buffer[3] = 20;