fr_pair_t *challenge, *reply;
uint8_t nthash[16];
- fr_pair_delete_by_da(&packet->vps, attr_ms_chap_challenge);
- fr_pair_delete_by_da(&packet->vps, attr_ms_chap_response);
+ fr_pair_delete_by_da(list, attr_ms_chap_challenge);
+ fr_pair_delete_by_da(list, attr_ms_chap_response);
MEM(challenge = fr_pair_afrom_da(packet, attr_ms_chap_challenge));
} else {
fr_pair_t const *failed[2];
- fr_pair_list_sort(&request->reply->vps, fr_pair_cmp_by_da);
- if (fr_pair_validate(failed, &request->filter, &request->reply->vps)) {
+ fr_pair_list_sort(&request->reply_pairs, fr_pair_cmp_by_da);
+ if (fr_pair_validate(failed, &request->filter, &request->reply_pairs)) {
RDEBUG("%s: Response passed filter", request->name);
stats.passed++;
} else {
} rc_stats_t;
typedef struct {
- char const *packets; //!< The file containing the request packet
- char const *filters; //!< The file containing the definition of the
+ char const *packets; //!< The file containing the request packet
+ char const *filters; //!< The file containing the definition of the
//!< packet we want to match.
} rc_file_pair_t;
fr_radius_packet_t *packet; //!< The outgoing request.
fr_radius_packet_t *reply; //!< The incoming response.
- fr_pair_list_t *request_list;
- fr_pair_list_t *reply_list;
+ fr_pair_list_t request_list;
+ fr_pair_list_t reply_list;
fr_pair_list_t filter; //!< If the reply passes the filter, then the request passes.
FR_CODE filter_code; //!< Expected code of the response packet.
/*
* Initialise pair value lists
*/
+ fr_pair_list_init(&request->request_pairs);
+ fr_pair_list_init(&request->reply_pairs);
fr_pair_list_init(&request->control_pairs);
fr_pair_list_init(&request->state_pairs);
}
PACKET_VERIFY(packet);
- if (!packet->vps) return;
-
fr_pair_list_verify(file, line, packet, list);
}
file, line, sizeof(request_t), talloc_get_size(request));
fr_pair_list_verify(file, line, request, &request->control_pairs);
- fr_pair_list_verify(file, line, request->state_ctx, &request->state);
+ fr_pair_list_verify(file, line, request->state_ctx, &request->state_pairs);
fr_assert(request->server_cs != NULL);
rad_listen_t *listener; //!< The listener that received the request.
RADCLIENT *client; //!< The client that originally sent us the request.
- fr_radius_packet_t *packet; //!< Incoming request.
- fr_radius_packet_t *reply; //!< Outgoing response.
-
- fr_pair_list_t control; //!< #fr_pair_t list used to set per request parameters
- //!< for modules and the server core at runtime.
+ fr_radius_packet_t *packet; //!< Incoming request.
+ fr_radius_packet_t *reply; //!< Outgoing response.
uint64_t seq_start; //!< State sequence ID. Stable identifier for a sequence of requests
//!< and responses.
+
+ fr_pair_list_t request_list;
+ fr_pair_list_t reply_list;
+ fr_pair_list_t control_list; //!< #fr_pair_t list used to set per request parameters
+ //!< for modules and the server core at runtime.
TALLOC_CTX *state_ctx; //!< for request->state
- fr_pair_list_t state; //!< #fr_pair_t list available over the lifetime of the authentication
+ fr_pair_list_t state_list; //!< #fr_pair_t list available over the lifetime of the authentication
//!< attempt. Useful where the attempt involves a sequence of
//!< many request/challenge packets, like OTP, and EAP.
* @note Called with the mutex held.
*/
static fr_state_entry_t *state_entry_create(fr_state_tree_t *state, request_t *request,
- fr_radius_packet_t *packet, fr_state_entry_t *old)
+ fr_pair_list_t *reply_list, fr_state_entry_t *old)
{
size_t i;
uint32_t x;
* int the reply, we use that in preference to the
* old state.
*/
- vp = fr_pair_find_by_da(&packet->vps, state->da);
+ vp = fr_pair_find_by_da(reply_list, state->da);
if (vp) {
if (DEBUG_ENABLED && (vp->vp_length > sizeof(entry->state))) {
WARN("State too long, will be truncated. Expected <= %zd bytes, got %zu bytes",
*/
entry->state_comp.server_id = state->server_id;
- MEM(vp = fr_pair_afrom_da(packet, state->da));
+ MEM(vp = fr_pair_afrom_da(request, state->da));
fr_pair_value_memdup(vp, entry->state, sizeof(entry->state), false);
- fr_pair_add(&packet->vps, vp);
+ fr_pair_add(reply_list, vp);
}
DEBUG4("State ID %" PRIu64 " created, value 0x%pH, expires %" PRIu64 "s",
if (!rbtree_insert(state->tree, entry)) {
RERROR("Failed inserting state entry - Insertion into state tree failed");
- fr_pair_delete_by_da(&packet->vps, state->da);
+ fr_pair_delete_by_da(reply_list, state->da);
talloc_free(entry);
return NULL;
}
}
PTHREAD_MUTEX_UNLOCK(&state->mutex);
- if (request->state) {
+ if (request->state_pairs) {
RDEBUG2("Restored &session-state");
log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->state_pairs, "&session-state.");
}
if (!request->state_pairs && fr_dlist_empty(&data)) return 0;
- if (request->state) {
+ if (request->state_pairs) {
RDEBUG2("Saving &session-state");
log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->state_pairs, "&session-state.");
}
PTHREAD_MUTEX_LOCK(&state->mutex);
if (vp) old = state_entry_find(state, request, &vp->data);
- entry = state_entry_create(state, request, request->reply, old);
+ entry = state_entry_create(state, request, &request->reply_pairs, old);
if (!entry) {
PTHREAD_MUTEX_UNLOCK(&state->mutex);
RERROR("Creating state entry failed");
entry->seq_start = request->seq_start;
entry->ctx = request->state_ctx;
- entry->vps = request->state;
+ entry->vps = request->state_pairs;
fr_dlist_move(&entry->data, &data);
request->state_ctx = NULL;
* it easier to store/restore the
* whole lot...
*/
- if (request->state) {
+ if (request->state_pairs) {
/*
* If parent and child share a state_ctx
* which they usually should do, then just
* and don't bother copying.
*/
request_data_talloc_add(request, (void *)fr_state_store_in_parent, 0, fr_pair_t,
- request->state, true, false, true);
+ request->state_pairs, true, false, true);
request->state_pairs = NULL;
}
if (unlikely(request->parent == NULL)) return;
if (will_free) {
- fr_pair_list_free(&request->state);
+ fr_pair_list_free(&request->state_pairs);
/*
* The non-persistable stuff is
request_data_by_persistance_reparent(new_state_ctx, NULL, request, true);
request_data_by_persistance_reparent(new_state_ctx, NULL, request, false);
- (void) fr_pair_list_copy(new_state_ctx, &vps, &request->state);
- fr_pair_list_free(&request->state);
+ (void) fr_pair_list_copy(new_state_ctx, &vps, &request->state_pairs);
+ fr_pair_list_free(&request->state_pairs);
request->state_pairs = vps;
return NULL;
}
rp->id = -1;
- fr_pair_list_init(&rp->vps);
- if (new_vector) {
- fr_rand_buffer(rp->vector, sizeof(rp->vector));
- }
+ if (new_vector) fr_rand_buffer(rp->vector, sizeof(rp->vector));
return rp;
}
fr_socket_addr_swap(&reply->socket, &packet->socket);
reply->id = packet->id;
reply->code = 0; /* UNKNOWN code */
- memset(reply->vector, 0,
- sizeof(reply->vector));
- reply->vps = NULL;
+ memset(reply->vector, 0, sizeof(reply->vector));
reply->data = NULL;
reply->data_len = 0;
PACKET_VERIFY(packet);
- fr_pair_list_free(&packet->vps);
-
talloc_free(packet);
*packet_p = NULL;
}
fr_time_t timestamp; //!< When we received the packet.
uint8_t *data; //!< Packet data (body).
size_t data_len; //!< Length of packet data.
- fr_pair_list_t vps; //!< Result of decoding the packet into fr_pair_t list.
uint32_t rounds; //!< for State[0]
# define LIST_VERIFY(_x)
#endif
-#define request_pairs packet->vps
-#define reply_pairs reply->vps
-#define control_pairs control
-#define state_pairs state
+#define request_pairs request_list
+#define reply_pairs reply_list
+#define control_pairs control_list
+#define state_pairs state_list
/** The type of value a fr_pair_t contains
*
static void bfd_request(bfd_state_t *session, request_t *request, fr_radius_packet_t *packet)
{
memset(request, 0, sizeof(*request));
+ fr_pair_list_init(&request->request_pairs);
+ fr_pair_list_init(&request->reply_pairs);
fr_pair_list_init(&request->control_pairs);
fr_pair_list_init(&request->state_pairs);
+
memset(packet, 0, sizeof(*packet));
- fr_pair_list_init(&packet->vps);
request->packet = packet;
request->server_cs = session->server_cs;
* That MUST be set and checked in the underlying
* transport, via a call to fr_dhcpv4_ok().
*/
- fr_cursor_init(&cursor, &packet->vps);
+ fr_cursor_init(&cursor, &request->request_pairs);
if (fr_dhcpv4_decode(packet, packet->data, packet->data_len, &cursor, &packet->code) < 0) {
RPEDEBUG("Failed decoding packet");
return -1;
/*
* Debug the packet if requested.
*/
-static void dhcpv4_packet_debug(request_t *request, fr_radius_packet_t *packet, bool received)
+static void dhcpv4_packet_debug(request_t *request, fr_radius_packet_t *packet, fr_pair_list_t *list, bool received)
{
int i;
#ifdef WITH_IFINDEX_NAME_RESOLUTION
if (!*dhcp_header_attrs[i]) continue;
- vp = fr_pair_find_by_da(&packet->vps, *dhcp_header_attrs[i]);
+ vp = fr_pair_find_by_da(list, *dhcp_header_attrs[i]);
if (!vp) continue;
RDEBUGX(L_DBG_LVL_1, "%pP", vp);
}
REXDENT();
if (received || request->parent) {
- log_request_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL);
+ log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
} else {
- log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL);
+ log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
}
}
switch (request->request_state) {
case REQUEST_INIT:
- dhcpv4_packet_debug(request, request->packet, true);
+ dhcpv4_packet_debug(request, request->packet, &request->request_pairs, true);
request->component = "dhcpv4";
RETURN_MODULE_HANDLED;
}
- if (RDEBUG_ENABLED) dhcpv4_packet_debug(request, request->reply, false);
+ if (RDEBUG_ENABLED) dhcpv4_packet_debug(request, request->reply, &request->reply_pairs, false);
break;
default:
* That MUST be set and checked in the underlying
* transport, via a call to fr_dhcpv6_ok().
*/
- fr_cursor_init(&cursor, &packet->vps);
+ fr_cursor_init(&cursor, &request->request_pairs);
if (fr_dhcpv6_decode(packet, packet->data, packet->data_len, &cursor) < 0) {
RPEDEBUG("Failed decoding packet");
return -1;
/*
* Debug the packet if requested.
*/
-static void dhcpv6_packet_debug(request_t *request, fr_radius_packet_t *packet, bool received)
+static void dhcpv6_packet_debug(request_t *request, fr_radius_packet_t const *packet, fr_pair_list_t const *list, bool received)
{
#ifdef WITH_IFINDEX_NAME_RESOLUTION
char if_name[IFNAMSIZ];
);
if (received || request->parent) {
- log_request_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL);
+ log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
} else {
- log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL);
+ log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, list, NULL);
}
}
switch (request->request_state) {
case REQUEST_INIT:
{
- dhcpv6_packet_debug(request, request->packet, true);
+ dhcpv6_packet_debug(request, request->packet, &request->request_pairs, true);
dhcpv6_reply_initialise(request);
* being called via the `call {}` keyword.
*/
MEM(fr_pair_update_by_da(request->reply, &reply_packet_type,
- &request->reply->vps, attr_packet_type) >= 0);
+ &request->reply_pairs, attr_packet_type) >= 0);
reply_packet_type->vp_uint32 = request->reply->code;
/*
RETURN_MODULE_HANDLED;
}
- if (RDEBUG_ENABLED) dhcpv6_packet_debug(request, request->reply, false);
+ if (RDEBUG_ENABLED) dhcpv6_packet_debug(request, request->reply, &request->reply_pairs, false);
}
break;
* That MUST be set and checked in the underlying
* transport, via a call to fr_vmps_ok().
*/
- fr_cursor_init(&cursor, &packet->vps);
+ fr_cursor_init(&cursor, &request->request_pairs);
if (fr_vmps_decode(packet, packet->data, packet->data_len, &cursor, &packet->code) < 0) {
RPEDEBUG("Failed decoding packet");
return -1;
*/
static unlang_action_t CC_HINT(nonnull(1,2)) attr_filter_common(rlm_rcode_t *p_result,
void const *instance, request_t *request,
- fr_radius_packet_t *packet)
+ fr_radius_packet_t *packet, fr_pair_list_t *list)
{
rlm_attr_filter_t const *inst = talloc_get_type_abort_const(instance, rlm_attr_filter_t);
fr_cursor_t out;
* only if it matches all rules that describe an
* Idle-Timeout.
*/
- for (input_item = fr_cursor_init(&cursor, &packet->vps);
+ for (input_item = fr_cursor_init(&cursor, list);
input_item;
input_item = fr_cursor_next(&cursor)) {
pass = fail = 0; /* reset the pass,fail vars for each reply item */
/*
* Replace the existing request list with our filtered one
*/
- fr_pair_list_free(&packet->vps);
- packet->vps = output;
+ fr_pair_list_free(list);
+ fr_pair_list_move(list, &output);
RETURN_MODULE_UPDATED;
}
-#define RLM_AF_FUNC(_x, _y) static unlang_action_t CC_HINT(nonnull) mod_##_x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) \
+#define RLM_AF_FUNC(_x, _y, _z) static unlang_action_t CC_HINT(nonnull) mod_##_x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) \
{ \
- return attr_filter_common(p_result, mctx->instance, request, request->_y); \
+ return attr_filter_common(p_result, mctx->instance, request, request->_y, &request->_z##_pairs); \
}
-RLM_AF_FUNC(authorize, packet)
-RLM_AF_FUNC(post_auth, reply)
+RLM_AF_FUNC(authorize, packet, request)
+RLM_AF_FUNC(post_auth, reply, reply)
-RLM_AF_FUNC(preacct, packet)
-RLM_AF_FUNC(accounting, reply)
+RLM_AF_FUNC(preacct, packet, request)
+RLM_AF_FUNC(accounting, reply, reply)
/* globally exported name */
extern module_t rlm_attr_filter;
* @param[in] packet associated with the request (request, reply...).
* @param[in] compat Write out entry in compatibility mode.
*/
-static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request, fr_radius_packet_t *packet, bool compat)
+static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request,
+ fr_radius_packet_t *packet, fr_pair_list_t *list, bool compat)
{
fr_pair_t *vp;
char timestamp[256];
return -1;
}
- if (!packet->vps) {
+ if (!list) {
RWDEBUG("Skipping empty packet");
return 0;
}
{
fr_cursor_t cursor;
/* Write each attribute/value to the log file */
- for (vp = fr_cursor_init(&cursor, &packet->vps);
+ for (vp = fr_cursor_init(&cursor, list);
vp;
vp = fr_cursor_next(&cursor)) {
fr_token_t op;
* Do detail, compatible with old accounting
*/
static unlang_action_t CC_HINT(nonnull) detail_do(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request,
- fr_radius_packet_t *packet, bool compat)
+ fr_radius_packet_t *packet, fr_pair_list_t *list,
+ bool compat)
{
int outfd, dupfd;
char buffer[DIRLEN];
RETURN_MODULE_FAIL;
}
- if (detail_write(outfp, inst, request, packet, compat) < 0) goto fail;
+ if (detail_write(outfp, inst, request, packet, list, compat) < 0) goto fail;
/*
* Flush everything
*/
static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
{
- return detail_do(p_result, mctx, request, request->packet, true);
+ return detail_do(p_result, mctx, request, request->packet, &request->request_pairs, true);
}
/*
*/
static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
{
- return detail_do(p_result, mctx, request, request->packet, false);
+ return detail_do(p_result, mctx, request, request->packet, &request->request_pairs, false);
}
/*
*/
static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
{
- return detail_do(p_result, mctx, request, request->reply, false);
+ return detail_do(p_result, mctx, request, request->reply, &request->reply_pairs, false);
}
*/
static rlm_rcode_t CC_HINT(nonnull) process_reply(UNUSED eap_session_t *eap_session,
fr_tls_session_t *tls_session,
- request_t *request, fr_radius_packet_t *reply)
+ request_t *request,
+ fr_radius_packet_t *reply, fr_pair_list_t *reply_list)
{
rlm_rcode_t rcode = RLM_MODULE_REJECT;
fr_pair_t *vp;
* Copy what we need into the TTLS tunnel and leave
* the rest to be cleaned up.
*/
- for (vp = fr_cursor_init(&cursor, &reply->vps); vp; vp = fr_cursor_next(&cursor)) {
+ for (vp = fr_cursor_init(&cursor, reply_list); vp; vp = fr_cursor_next(&cursor)) {
if (fr_dict_vendor_num_by_da(vp->da) != VENDORPEC_MICROSOFT) continue;
/* FIXME must be a better way to capture/re-derive this later for ISK */
/*
* Copy the EAP-Message back to the tunnel.
*/
- (void) fr_cursor_init(&cursor, &reply->vps);
+ (void) fr_cursor_init(&cursor, reply_list);
- for (vp = fr_cursor_iter_by_da_init(&cursor, &reply->vps, attr_eap_message);
+ for (vp = fr_cursor_iter_by_da_init(&cursor, reply_list, attr_eap_message);
vp;
vp = fr_cursor_next(&cursor)) {
eap_fast_tlv_append(tls_session, attr_eap_fast_eap_payload, true, vp->vp_length, vp->vp_octets);
MEM(tvp = fr_pair_afrom_da(fake, attr_eap_type));
tvp->vp_uint32 = t->default_provisioning_method;
- fr_pair_add(&fake->control, tvp);
+ fr_pair_add(&fake->control_pairs, tvp);
/*
* RFC 5422 section 3.2.3 - Authenticating Using EAP-FAST-MSCHAPv2
if (t->mode == EAP_FAST_PROVISIONING_ANON) {
MEM(tvp = fr_pair_afrom_da(fake, attr_ms_chap_challenge));
fr_pair_value_memdup(tvp, t->keyblock->server_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, false);
- fr_pair_add(&fake->control, tvp);
+ fr_pair_add(&fake->control_pairs, tvp);
RHEXDUMP3(t->keyblock->server_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, "MSCHAPv2 auth_challenge");
MEM(tvp = fr_pair_afrom_da(fake, attr_ms_chap_peer_challenge));
fr_pair_value_memdup(tvp, t->keyblock->client_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, false);
- fr_pair_add(&fake->control, tvp);
+ fr_pair_add(&fake->control_pairs, tvp);
RHEXDUMP3(t->keyblock->client_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, "MSCHAPv2 peer_challenge");
}
}
/*
* Returns RLM_MODULE_FOO, and we want to return FR_FOO
*/
- rcode = process_reply(eap_session, tls_session, request, fake->reply);
+ rcode = process_reply(eap_session, tls_session, request, fake->reply, &fake->reply_pairs);
switch (rcode) {
case RLM_MODULE_REJECT:
code = FR_CODE_ACCESS_REJECT;
if (data->mppe_keys) {
RDEBUG2("Adding stored attributes to parent");
log_request_pair_list(L_DBG_LVL_2, request, NULL, &data->mppe_keys, "&parent.reply.");
- MEM(fr_pair_list_copy(parent->reply, &parent->reply->vps, &data->mppe_keys) >= 0);
+ MEM(fr_pair_list_copy(parent->reply, &parent->reply_pairs, &data->mppe_keys) >= 0);
} else {
RDEBUG2("No stored attributes to copy to parent");
}
*/
request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
#endif
- MEM(fr_pair_list_copy(parent->reply, &parent->reply->vps, &data->reply) >= 0);
+ MEM(fr_pair_list_copy(parent->reply, &parent->reply_pairs, &data->reply) >= 0);
RETURN_MODULE_OK;
}
REDEBUG("Sent SUCCESS expecting SUCCESS (or ACK) but got %d", ccode);
*/
if (!fr_cond_assert(parent)) RETURN_MODULE_FAIL;
- auth_challenge = fr_pair_find_by_da(&parent->control, attr_ms_chap_challenge);
+ auth_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_challenge);
if (auth_challenge && (auth_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) {
RWDEBUG("&parent.control.MS-CHAP-Challenge is incorrect length. Ignoring it");
auth_challenge = NULL;
}
- peer_challenge = fr_pair_find_by_da(&parent->control, attr_ms_chap_peer_challenge);
+ peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge);
if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) {
RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it");
peer_challenge = NULL;
if (auth_challenge) {
created_auth_challenge = false;
- peer_challenge = fr_pair_find_by_da(&parent->control, attr_ms_chap_peer_challenge);
+ peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge);
if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) {
RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it");
peer_challenge = NULL;
* Use a reply packet to determine what to do.
*/
static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_session_t *eap_session, fr_tls_session_t *tls_session,
- request_t *request, fr_radius_packet_t *reply)
+ request_t *request,
+ fr_radius_packet_t *reply, fr_pair_list_t *reply_list)
{
rlm_rcode_t rcode = RLM_MODULE_REJECT;
fr_pair_t *vp;
} else {
RDEBUG2("Got tunneled reply code %i", reply->code);
}
- log_request_pair_list(L_DBG_LVL_2, request, NULL, &reply->vps, NULL);
+ log_request_pair_list(L_DBG_LVL_2, request, NULL, reply_list, NULL);
}
switch (reply->code) {
* Access-Challenge is ignored.
*/
vp = NULL;
- fr_pair_list_copy_by_da(t, &vp, &reply->vps, attr_eap_message, 0);
+ fr_pair_list_copy_by_da(t, &vp, reply_list, attr_eap_message, 0);
/*
* Handle the ACK, by tunneling any necessary reply
/* save the SoH VPs */
fr_assert(!t->soh_reply_vps);
- MEM(fr_pair_list_copy(t, &t->soh_reply_vps, &fake->reply->vps) >= 0);
- fr_assert(!fake->reply->vps);
+ MEM(fr_pair_list_copy(t, &t->soh_reply_vps, &fake->reply_pairs) >= 0);
+ fr_assert(!fake->reply_pairs);
TALLOC_FREE(fake);
if (t->session_resumption_state == PEAP_RESUMPTION_YES) {
REDEBUG("Unknown RADIUS packet type %d: rejecting tunneled user", fake->reply->code);
rcode = RLM_MODULE_REJECT;
} else {
- rcode = process_reply(eap_session, tls_session, request, fake->reply);
+ rcode = process_reply(eap_session, tls_session, request, fake->reply, &fake->reply_list);
}
finish:
* Use a reply packet to determine what to do.
*/
static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *eap_session, fr_tls_session_t *tls_session,
- request_t *request, fr_radius_packet_t *reply)
+ request_t *request,
+ fr_radius_packet_t *reply, fr_pair_list_t *reply_list)
{
rlm_rcode_t rcode = RLM_MODULE_REJECT;
fr_pair_t *vp;
* Copy what we need into the TTLS tunnel and leave
* the rest to be cleaned up.
*/
- for (vp = fr_cursor_init(&cursor, &reply->vps);
+ for (vp = fr_cursor_init(&cursor, reply_list);
vp;
vp = fr_cursor_next(&cursor)) {
if (vp->da == attr_ms_chap2_success) {
* Copy what we need into the TTLS tunnel and leave
* the rest to be cleaned up.
*/
- for (vp = fr_cursor_init(&cursor, &reply->vps);
+ for (vp = fr_cursor_init(&cursor, reply_list);
vp;
vp = fr_cursor_next(&cursor)) {
if ((vp->da == attr_eap_message) || (vp->da == attr_reply_message)) {
/*
* Returns RLM_MODULE_FOO, and we want to return FR_FOO
*/
- rcode = process_reply(eap_session, tls_session, request, request->reply);
+ rcode = process_reply(eap_session, tls_session, request, request->reply, &request->reply_pairs);
switch (rcode) {
case RLM_MODULE_REJECT:
code = FR_CODE_ACCESS_REJECT;
* Common code called by everything below.
*/
static unlang_action_t file_common(rlm_rcode_t *p_result, rlm_files_t const *inst,
- request_t *request, char const *filename, rbtree_t *tree,
- fr_radius_packet_t *packet, fr_radius_packet_t *reply)
+ request_t *request, char const *filename, rbtree_t *tree)
{
char const *name;
PAIR_LIST const *user_pl, *default_pl;
fr_cursor_tail(&list_cursor);
}
- if (paircmp(request, &packet->vps, &list) != 0) {
+ if (paircmp(request, &request->request_pairs, &list) != 0) {
fr_pair_list_free(&list);
continue;
}
map = fr_cursor_next(&cursor)) {
if (map->op == T_OP_CMP_FALSE) continue;
- if (map_to_vp(reply, &vp, request, map, NULL) < 0) {
+ if (map_to_vp(request->reply, &vp, request, map, NULL) < 0) {
RPWARN("Failed parsing map for reply item %s, skipping it", map->rhs->name);
break;
}
continue;
}
- radius_pairmove(request, &reply->vps, &vp, true);
+ radius_pairmove(request, &request->reply_pairs, &vp, true);
}
}
rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t);
return file_common(p_result, inst, request, inst->filename,
- inst->users ? inst->users : inst->common,
- request->packet, request->reply);
+ inst->users ? inst->users : inst->common);
}
rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t);
return file_common(p_result, inst, request, inst->acct_usersfile,
- inst->acct_users ? inst->acct_users : inst->common,
- request->packet, request->reply);
+ inst->acct_users ? inst->acct_users : inst->common);
}
static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t);
return file_common(p_result, inst, request, inst->auth_usersfile,
- inst->auth_users ? inst->auth_users : inst->common,
- request->packet, request->reply);
+ inst->auth_users ? inst->auth_users : inst->common);
}
static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t);
return file_common(p_result, inst, request, inst->postauth_usersfile,
- inst->postauth_users ? inst->postauth_users : inst->common,
- request->packet, request->reply);
+ inst->postauth_users ? inst->postauth_users : inst->common);
}
if (packet->code == 0) packet->code = FR_DHCP_NAK;
/* store xid */
- if ((vp = fr_pair_find_by_da(&packet->vps, attr_dhcp_transaction_id))) {
+ if ((vp = fr_pair_find_by_da(list, attr_dhcp_transaction_id))) {
packet->id = vp->vp_uint32;
} else {
packet->id = fr_rand();
fr_radius_packet_t *fr_radius_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_ma)
{
ssize_t data_len;
- fr_radius_packet_t *packet;
+ fr_radius_packet_t *packet;
/*
* Allocate the new request data structure
* how to do this properly for all possible clients...
*/
- /*
- * Explicitely set the VP list to empty.
- */
- packet->vps = NULL;
-
return packet;
}
return -1;
}
- /*
- * Explicitly set the VP list to empty.
- */
- packet->vps = NULL;
-
if (fr_debug_lvl) {
char ip_buf[INET6_ADDRSTRLEN], buffer[256];