From: Arran Cudbard-Bell Date: Fri, 8 Jan 2021 14:10:26 +0000 (+0000) Subject: Move remaining list heads out of fr_radius_packet_t into the request_t X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=37a04d87008c112d484f3418a04a5b368b1a92da;p=thirdparty%2Ffreeradius-server.git Move remaining list heads out of fr_radius_packet_t into the request_t --- diff --git a/src/bin/radclient.c b/src/bin/radclient.c index 0eaf67ea022..e82ffd05b7b 100644 --- a/src/bin/radclient.c +++ b/src/bin/radclient.c @@ -200,8 +200,8 @@ static int mschapv1_encode(fr_radius_packet_t *packet, fr_pair_list_t *list, fr_pair_t *challenge, *reply; uint8_t nthash[16]; - fr_pair_delete_by_da(&packet->vps, attr_ms_chap_challenge); - fr_pair_delete_by_da(&packet->vps, attr_ms_chap_response); + fr_pair_delete_by_da(list, attr_ms_chap_challenge); + fr_pair_delete_by_da(list, attr_ms_chap_response); MEM(challenge = fr_pair_afrom_da(packet, attr_ms_chap_challenge)); @@ -1093,8 +1093,8 @@ static int recv_one_packet(fr_time_t wait_time) } else { fr_pair_t const *failed[2]; - fr_pair_list_sort(&request->reply->vps, fr_pair_cmp_by_da); - if (fr_pair_validate(failed, &request->filter, &request->reply->vps)) { + fr_pair_list_sort(&request->reply_pairs, fr_pair_cmp_by_da); + if (fr_pair_validate(failed, &request->filter, &request->reply_pairs)) { RDEBUG("%s: Response passed filter", request->name); stats.passed++; } else { diff --git a/src/bin/radclient.h b/src/bin/radclient.h index 65785a5069d..6331d412fde 100644 --- a/src/bin/radclient.h +++ b/src/bin/radclient.h @@ -59,8 +59,8 @@ typedef struct { } rc_stats_t; typedef struct { - char const *packets; //!< The file containing the request packet - char const *filters; //!< The file containing the definition of the + char const *packets; //!< The file containing the request packet + char const *filters; //!< The file containing the definition of the //!< packet we want to match. } rc_file_pair_t; @@ -80,8 +80,8 @@ struct rc_request { fr_radius_packet_t *packet; //!< The outgoing request. fr_radius_packet_t *reply; //!< The incoming response. - fr_pair_list_t *request_list; - fr_pair_list_t *reply_list; + fr_pair_list_t request_list; + fr_pair_list_t reply_list; fr_pair_list_t filter; //!< If the reply passes the filter, then the request passes. FR_CODE filter_code; //!< Expected code of the response packet. diff --git a/src/lib/server/request.c b/src/lib/server/request.c index f907c3c6766..f97a849b484 100644 --- a/src/lib/server/request.c +++ b/src/lib/server/request.c @@ -108,6 +108,8 @@ static void request_init(char const *file, int line, request_t *request) /* * Initialise pair value lists */ + fr_pair_list_init(&request->request_pairs); + fr_pair_list_init(&request->reply_pairs); fr_pair_list_init(&request->control_pairs); fr_pair_list_init(&request->state_pairs); } @@ -525,8 +527,6 @@ static void packet_verify(char const *file, int line, PACKET_VERIFY(packet); - if (!packet->vps) return; - fr_pair_list_verify(file, line, packet, list); } @@ -548,7 +548,7 @@ void request_verify(char const *file, int line, request_t const *request) file, line, sizeof(request_t), talloc_get_size(request)); fr_pair_list_verify(file, line, request, &request->control_pairs); - fr_pair_list_verify(file, line, request->state_ctx, &request->state); + fr_pair_list_verify(file, line, request->state_ctx, &request->state_pairs); fr_assert(request->server_cs != NULL); diff --git a/src/lib/server/request.h b/src/lib/server/request.h index 3974e964d9e..b00c5028711 100644 --- a/src/lib/server/request.h +++ b/src/lib/server/request.h @@ -100,16 +100,18 @@ struct request_s { rad_listen_t *listener; //!< The listener that received the request. RADCLIENT *client; //!< The client that originally sent us the request. - fr_radius_packet_t *packet; //!< Incoming request. - fr_radius_packet_t *reply; //!< Outgoing response. - - fr_pair_list_t control; //!< #fr_pair_t list used to set per request parameters - //!< for modules and the server core at runtime. + fr_radius_packet_t *packet; //!< Incoming request. + fr_radius_packet_t *reply; //!< Outgoing response. uint64_t seq_start; //!< State sequence ID. Stable identifier for a sequence of requests //!< and responses. + + fr_pair_list_t request_list; + fr_pair_list_t reply_list; + fr_pair_list_t control_list; //!< #fr_pair_t list used to set per request parameters + //!< for modules and the server core at runtime. TALLOC_CTX *state_ctx; //!< for request->state - fr_pair_list_t state; //!< #fr_pair_t list available over the lifetime of the authentication + fr_pair_list_t state_list; //!< #fr_pair_t list available over the lifetime of the authentication //!< attempt. Useful where the attempt involves a sequence of //!< many request/challenge packets, like OTP, and EAP. diff --git a/src/lib/server/state.c b/src/lib/server/state.c index 6353990116e..1889291febc 100644 --- a/src/lib/server/state.c +++ b/src/lib/server/state.c @@ -289,7 +289,7 @@ static int _state_entry_free(fr_state_entry_t *entry) * @note Called with the mutex held. */ static fr_state_entry_t *state_entry_create(fr_state_tree_t *state, request_t *request, - fr_radius_packet_t *packet, fr_state_entry_t *old) + fr_pair_list_t *reply_list, fr_state_entry_t *old) { size_t i; uint32_t x; @@ -412,7 +412,7 @@ static fr_state_entry_t *state_entry_create(fr_state_tree_t *state, request_t *r * int the reply, we use that in preference to the * old state. */ - vp = fr_pair_find_by_da(&packet->vps, state->da); + vp = fr_pair_find_by_da(reply_list, state->da); if (vp) { if (DEBUG_ENABLED && (vp->vp_length > sizeof(entry->state))) { WARN("State too long, will be truncated. Expected <= %zd bytes, got %zu bytes", @@ -475,9 +475,9 @@ static fr_state_entry_t *state_entry_create(fr_state_tree_t *state, request_t *r */ entry->state_comp.server_id = state->server_id; - MEM(vp = fr_pair_afrom_da(packet, state->da)); + MEM(vp = fr_pair_afrom_da(request, state->da)); fr_pair_value_memdup(vp, entry->state, sizeof(entry->state), false); - fr_pair_add(&packet->vps, vp); + fr_pair_add(reply_list, vp); } DEBUG4("State ID %" PRIu64 " created, value 0x%pH, expires %" PRIu64 "s", @@ -495,7 +495,7 @@ static fr_state_entry_t *state_entry_create(fr_state_tree_t *state, request_t *r if (!rbtree_insert(state->tree, entry)) { RERROR("Failed inserting state entry - Insertion into state tree failed"); - fr_pair_delete_by_da(&packet->vps, state->da); + fr_pair_delete_by_da(reply_list, state->da); talloc_free(entry); return NULL; } @@ -645,7 +645,7 @@ void fr_state_to_request(fr_state_tree_t *state, request_t *request) } PTHREAD_MUTEX_UNLOCK(&state->mutex); - if (request->state) { + if (request->state_pairs) { RDEBUG2("Restored &session-state"); log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->state_pairs, "&session-state."); } @@ -680,7 +680,7 @@ int fr_request_to_state(fr_state_tree_t *state, request_t *request) if (!request->state_pairs && fr_dlist_empty(&data)) return 0; - if (request->state) { + if (request->state_pairs) { RDEBUG2("Saving &session-state"); log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->state_pairs, "&session-state."); } @@ -690,7 +690,7 @@ int fr_request_to_state(fr_state_tree_t *state, request_t *request) PTHREAD_MUTEX_LOCK(&state->mutex); if (vp) old = state_entry_find(state, request, &vp->data); - entry = state_entry_create(state, request, request->reply, old); + entry = state_entry_create(state, request, &request->reply_pairs, old); if (!entry) { PTHREAD_MUTEX_UNLOCK(&state->mutex); RERROR("Creating state entry failed"); @@ -703,7 +703,7 @@ int fr_request_to_state(fr_state_tree_t *state, request_t *request) entry->seq_start = request->seq_start; entry->ctx = request->state_ctx; - entry->vps = request->state; + entry->vps = request->state_pairs; fr_dlist_move(&entry->data, &data); request->state_ctx = NULL; @@ -737,7 +737,7 @@ void fr_state_store_in_parent(request_t *request, void const *unique_ptr, int un * it easier to store/restore the * whole lot... */ - if (request->state) { + if (request->state_pairs) { /* * If parent and child share a state_ctx * which they usually should do, then just @@ -745,7 +745,7 @@ void fr_state_store_in_parent(request_t *request, void const *unique_ptr, int un * and don't bother copying. */ request_data_talloc_add(request, (void *)fr_state_store_in_parent, 0, fr_pair_t, - request->state, true, false, true); + request->state_pairs, true, false, true); request->state_pairs = NULL; } @@ -810,7 +810,7 @@ void fr_state_detach(request_t *request, bool will_free) if (unlikely(request->parent == NULL)) return; if (will_free) { - fr_pair_list_free(&request->state); + fr_pair_list_free(&request->state_pairs); /* * The non-persistable stuff is @@ -831,8 +831,8 @@ void fr_state_detach(request_t *request, bool will_free) request_data_by_persistance_reparent(new_state_ctx, NULL, request, true); request_data_by_persistance_reparent(new_state_ctx, NULL, request, false); - (void) fr_pair_list_copy(new_state_ctx, &vps, &request->state); - fr_pair_list_free(&request->state); + (void) fr_pair_list_copy(new_state_ctx, &vps, &request->state_pairs); + fr_pair_list_free(&request->state_pairs); request->state_pairs = vps; diff --git a/src/lib/util/packet.c b/src/lib/util/packet.c index 87fd741a33b..3689938960e 100644 --- a/src/lib/util/packet.c +++ b/src/lib/util/packet.c @@ -48,11 +48,8 @@ fr_radius_packet_t *fr_radius_alloc(TALLOC_CTX *ctx, bool new_vector) return NULL; } rp->id = -1; - fr_pair_list_init(&rp->vps); - if (new_vector) { - fr_rand_buffer(rp->vector, sizeof(rp->vector)); - } + if (new_vector) fr_rand_buffer(rp->vector, sizeof(rp->vector)); return rp; } @@ -81,9 +78,7 @@ fr_radius_packet_t *fr_radius_alloc_reply(TALLOC_CTX *ctx, fr_radius_packet_t *p fr_socket_addr_swap(&reply->socket, &packet->socket); reply->id = packet->id; reply->code = 0; /* UNKNOWN code */ - memset(reply->vector, 0, - sizeof(reply->vector)); - reply->vps = NULL; + memset(reply->vector, 0, sizeof(reply->vector)); reply->data = NULL; reply->data_len = 0; @@ -103,8 +98,6 @@ void fr_radius_packet_free(fr_radius_packet_t **packet_p) PACKET_VERIFY(packet); - fr_pair_list_free(&packet->vps); - talloc_free(packet); *packet_p = NULL; } diff --git a/src/lib/util/packet.h b/src/lib/util/packet.h index eeb27fc47c8..8e435977891 100644 --- a/src/lib/util/packet.h +++ b/src/lib/util/packet.h @@ -65,7 +65,6 @@ typedef struct { fr_time_t timestamp; //!< When we received the packet. uint8_t *data; //!< Packet data (body). size_t data_len; //!< Length of packet data. - fr_pair_list_t vps; //!< Result of decoding the packet into fr_pair_t list. uint32_t rounds; //!< for State[0] diff --git a/src/lib/util/pair.h b/src/lib/util/pair.h index d7938bcbba3..a5f9f1490f5 100644 --- a/src/lib/util/pair.h +++ b/src/lib/util/pair.h @@ -50,10 +50,10 @@ extern "C" { # define LIST_VERIFY(_x) #endif -#define request_pairs packet->vps -#define reply_pairs reply->vps -#define control_pairs control -#define state_pairs state +#define request_pairs request_list +#define reply_pairs reply_list +#define control_pairs control_list +#define state_pairs state_list /** The type of value a fr_pair_t contains * diff --git a/src/modules/proto_bfd/proto_bfd.c b/src/modules/proto_bfd/proto_bfd.c index 91a91e85574..69dbca5a9ce 100644 --- a/src/modules/proto_bfd/proto_bfd.c +++ b/src/modules/proto_bfd/proto_bfd.c @@ -387,10 +387,12 @@ static const char *bfd_state[] = { static void bfd_request(bfd_state_t *session, request_t *request, fr_radius_packet_t *packet) { memset(request, 0, sizeof(*request)); + fr_pair_list_init(&request->request_pairs); + fr_pair_list_init(&request->reply_pairs); fr_pair_list_init(&request->control_pairs); fr_pair_list_init(&request->state_pairs); + memset(packet, 0, sizeof(*packet)); - fr_pair_list_init(&packet->vps); request->packet = packet; request->server_cs = session->server_cs; diff --git a/src/modules/proto_dhcpv4/proto_dhcpv4.c b/src/modules/proto_dhcpv4/proto_dhcpv4.c index 387b0c62825..9980ed97834 100644 --- a/src/modules/proto_dhcpv4/proto_dhcpv4.c +++ b/src/modules/proto_dhcpv4/proto_dhcpv4.c @@ -216,7 +216,7 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d * That MUST be set and checked in the underlying * transport, via a call to fr_dhcpv4_ok(). */ - fr_cursor_init(&cursor, &packet->vps); + fr_cursor_init(&cursor, &request->request_pairs); if (fr_dhcpv4_decode(packet, packet->data, packet->data_len, &cursor, &packet->code) < 0) { RPEDEBUG("Failed decoding packet"); return -1; diff --git a/src/modules/proto_dhcpv4/proto_dhcpv4_process.c b/src/modules/proto_dhcpv4/proto_dhcpv4_process.c index becbd893b5b..267831e816d 100644 --- a/src/modules/proto_dhcpv4/proto_dhcpv4_process.c +++ b/src/modules/proto_dhcpv4/proto_dhcpv4_process.c @@ -54,7 +54,7 @@ fr_dict_attr_autoload_t proto_dhcpv4_process_dict_attr[] = { /* * Debug the packet if requested. */ -static void dhcpv4_packet_debug(request_t *request, fr_radius_packet_t *packet, bool received) +static void dhcpv4_packet_debug(request_t *request, fr_radius_packet_t *packet, fr_pair_list_t *list, bool received) { int i; #ifdef WITH_IFINDEX_NAME_RESOLUTION @@ -96,16 +96,16 @@ static void dhcpv4_packet_debug(request_t *request, fr_radius_packet_t *packet, if (!*dhcp_header_attrs[i]) continue; - vp = fr_pair_find_by_da(&packet->vps, *dhcp_header_attrs[i]); + vp = fr_pair_find_by_da(list, *dhcp_header_attrs[i]); if (!vp) continue; RDEBUGX(L_DBG_LVL_1, "%pP", vp); } REXDENT(); if (received || request->parent) { - log_request_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL); + log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL); } else { - log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL); + log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, list, NULL); } } @@ -151,7 +151,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co switch (request->request_state) { case REQUEST_INIT: - dhcpv4_packet_debug(request, request->packet, true); + dhcpv4_packet_debug(request, request->packet, &request->request_pairs, true); request->component = "dhcpv4"; @@ -294,7 +294,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co RETURN_MODULE_HANDLED; } - if (RDEBUG_ENABLED) dhcpv4_packet_debug(request, request->reply, false); + if (RDEBUG_ENABLED) dhcpv4_packet_debug(request, request->reply, &request->reply_pairs, false); break; default: diff --git a/src/modules/proto_dhcpv6/proto_dhcpv6.c b/src/modules/proto_dhcpv6/proto_dhcpv6.c index d6fcbb31682..62da8f60d57 100644 --- a/src/modules/proto_dhcpv6/proto_dhcpv6.c +++ b/src/modules/proto_dhcpv6/proto_dhcpv6.c @@ -215,7 +215,7 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d * That MUST be set and checked in the underlying * transport, via a call to fr_dhcpv6_ok(). */ - fr_cursor_init(&cursor, &packet->vps); + fr_cursor_init(&cursor, &request->request_pairs); if (fr_dhcpv6_decode(packet, packet->data, packet->data_len, &cursor) < 0) { RPEDEBUG("Failed decoding packet"); return -1; diff --git a/src/modules/proto_dhcpv6/proto_dhcpv6_process.c b/src/modules/proto_dhcpv6/proto_dhcpv6_process.c index 61463fab74b..60bfb7d1950 100644 --- a/src/modules/proto_dhcpv6/proto_dhcpv6_process.c +++ b/src/modules/proto_dhcpv6/proto_dhcpv6_process.c @@ -63,7 +63,7 @@ fr_dict_attr_autoload_t proto_dhcpv6_process_dict_attr[] = { /* * Debug the packet if requested. */ -static void dhcpv6_packet_debug(request_t *request, fr_radius_packet_t *packet, bool received) +static void dhcpv6_packet_debug(request_t *request, fr_radius_packet_t const *packet, fr_pair_list_t const *list, bool received) { #ifdef WITH_IFINDEX_NAME_RESOLUTION char if_name[IFNAMSIZ]; @@ -96,9 +96,9 @@ static void dhcpv6_packet_debug(request_t *request, fr_radius_packet_t *packet, ); if (received || request->parent) { - log_request_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL); + log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL); } else { - log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, &packet->vps, NULL); + log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, list, NULL); } } @@ -186,7 +186,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co switch (request->request_state) { case REQUEST_INIT: { - dhcpv6_packet_debug(request, request->packet, true); + dhcpv6_packet_debug(request, request->packet, &request->request_pairs, true); dhcpv6_reply_initialise(request); @@ -315,7 +315,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co * being called via the `call {}` keyword. */ MEM(fr_pair_update_by_da(request->reply, &reply_packet_type, - &request->reply->vps, attr_packet_type) >= 0); + &request->reply_pairs, attr_packet_type) >= 0); reply_packet_type->vp_uint32 = request->reply->code; /* @@ -326,7 +326,7 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, UNUSED module_ctx_t co RETURN_MODULE_HANDLED; } - if (RDEBUG_ENABLED) dhcpv6_packet_debug(request, request->reply, false); + if (RDEBUG_ENABLED) dhcpv6_packet_debug(request, request->reply, &request->reply_pairs, false); } break; diff --git a/src/modules/proto_vmps/proto_vmps.c b/src/modules/proto_vmps/proto_vmps.c index f22262ba29c..1c112fafa6b 100644 --- a/src/modules/proto_vmps/proto_vmps.c +++ b/src/modules/proto_vmps/proto_vmps.c @@ -201,7 +201,7 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d * That MUST be set and checked in the underlying * transport, via a call to fr_vmps_ok(). */ - fr_cursor_init(&cursor, &packet->vps); + fr_cursor_init(&cursor, &request->request_pairs); if (fr_vmps_decode(packet, packet->data, packet->data_len, &cursor, &packet->code) < 0) { RPEDEBUG("Failed decoding packet"); return -1; diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c index 39d7462a279..ce62b5388a4 100644 --- a/src/modules/rlm_attr_filter/rlm_attr_filter.c +++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c @@ -180,7 +180,7 @@ static int mod_instantiate(void *instance, UNUSED CONF_SECTION *conf) */ static unlang_action_t CC_HINT(nonnull(1,2)) attr_filter_common(rlm_rcode_t *p_result, void const *instance, request_t *request, - fr_radius_packet_t *packet) + fr_radius_packet_t *packet, fr_pair_list_t *list) { rlm_attr_filter_t const *inst = talloc_get_type_abort_const(instance, rlm_attr_filter_t); fr_cursor_t out; @@ -279,7 +279,7 @@ static unlang_action_t CC_HINT(nonnull(1,2)) attr_filter_common(rlm_rcode_t *p_r * only if it matches all rules that describe an * Idle-Timeout. */ - for (input_item = fr_cursor_init(&cursor, &packet->vps); + for (input_item = fr_cursor_init(&cursor, list); input_item; input_item = fr_cursor_next(&cursor)) { pass = fail = 0; /* reset the pass,fail vars for each reply item */ @@ -341,22 +341,22 @@ static unlang_action_t CC_HINT(nonnull(1,2)) attr_filter_common(rlm_rcode_t *p_r /* * Replace the existing request list with our filtered one */ - fr_pair_list_free(&packet->vps); - packet->vps = output; + fr_pair_list_free(list); + fr_pair_list_move(list, &output); RETURN_MODULE_UPDATED; } -#define RLM_AF_FUNC(_x, _y) static unlang_action_t CC_HINT(nonnull) mod_##_x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) \ +#define RLM_AF_FUNC(_x, _y, _z) static unlang_action_t CC_HINT(nonnull) mod_##_x(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) \ { \ - return attr_filter_common(p_result, mctx->instance, request, request->_y); \ + return attr_filter_common(p_result, mctx->instance, request, request->_y, &request->_z##_pairs); \ } -RLM_AF_FUNC(authorize, packet) -RLM_AF_FUNC(post_auth, reply) +RLM_AF_FUNC(authorize, packet, request) +RLM_AF_FUNC(post_auth, reply, reply) -RLM_AF_FUNC(preacct, packet) -RLM_AF_FUNC(accounting, reply) +RLM_AF_FUNC(preacct, packet, request) +RLM_AF_FUNC(accounting, reply, reply) /* globally exported name */ extern module_t rlm_attr_filter; diff --git a/src/modules/rlm_detail/rlm_detail.c b/src/modules/rlm_detail/rlm_detail.c index 3cb27d3d22d..7c0cbddbe24 100644 --- a/src/modules/rlm_detail/rlm_detail.c +++ b/src/modules/rlm_detail/rlm_detail.c @@ -234,7 +234,8 @@ static void detail_fr_pair_fprint(TALLOC_CTX *ctx, FILE *out, fr_pair_t const *s * @param[in] packet associated with the request (request, reply...). * @param[in] compat Write out entry in compatibility mode. */ -static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request, fr_radius_packet_t *packet, bool compat) +static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request, + fr_radius_packet_t *packet, fr_pair_list_t *list, bool compat) { fr_pair_t *vp; char timestamp[256]; @@ -244,7 +245,7 @@ static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request, return -1; } - if (!packet->vps) { + if (!list) { RWDEBUG("Skipping empty packet"); return 0; } @@ -322,7 +323,7 @@ static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request, { fr_cursor_t cursor; /* Write each attribute/value to the log file */ - for (vp = fr_cursor_init(&cursor, &packet->vps); + for (vp = fr_cursor_init(&cursor, list); vp; vp = fr_cursor_next(&cursor)) { fr_token_t op; @@ -361,7 +362,8 @@ static int detail_write(FILE *out, rlm_detail_t const *inst, request_t *request, * Do detail, compatible with old accounting */ static unlang_action_t CC_HINT(nonnull) detail_do(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request, - fr_radius_packet_t *packet, bool compat) + fr_radius_packet_t *packet, fr_pair_list_t *list, + bool compat) { int outfd, dupfd; char buffer[DIRLEN]; @@ -426,7 +428,7 @@ skip_group: RETURN_MODULE_FAIL; } - if (detail_write(outfp, inst, request, packet, compat) < 0) goto fail; + if (detail_write(outfp, inst, request, packet, list, compat) < 0) goto fail; /* * Flush everything @@ -445,7 +447,7 @@ skip_group: */ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) { - return detail_do(p_result, mctx, request, request->packet, true); + return detail_do(p_result, mctx, request, request->packet, &request->request_pairs, true); } /* @@ -453,7 +455,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo */ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) { - return detail_do(p_result, mctx, request, request->packet, false); + return detail_do(p_result, mctx, request, request->packet, &request->request_pairs, false); } /* @@ -461,7 +463,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod */ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) { - return detail_do(p_result, mctx, request, request->reply, false); + return detail_do(p_result, mctx, request, request->reply, &request->reply_pairs, false); } diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c index 5fa6a378172..2a65a85343d 100644 --- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c +++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c @@ -474,7 +474,8 @@ ssize_t eap_fast_decode_pair(TALLOC_CTX *ctx, fr_cursor_t *cursor, fr_dict_attr_ */ static rlm_rcode_t CC_HINT(nonnull) process_reply(UNUSED eap_session_t *eap_session, fr_tls_session_t *tls_session, - request_t *request, fr_radius_packet_t *reply) + request_t *request, + fr_radius_packet_t *reply, fr_pair_list_t *reply_list) { rlm_rcode_t rcode = RLM_MODULE_REJECT; fr_pair_t *vp; @@ -499,7 +500,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(UNUSED eap_session_t *eap_sess * Copy what we need into the TTLS tunnel and leave * the rest to be cleaned up. */ - for (vp = fr_cursor_init(&cursor, &reply->vps); vp; vp = fr_cursor_next(&cursor)) { + for (vp = fr_cursor_init(&cursor, reply_list); vp; vp = fr_cursor_next(&cursor)) { if (fr_dict_vendor_num_by_da(vp->da) != VENDORPEC_MICROSOFT) continue; /* FIXME must be a better way to capture/re-derive this later for ISK */ @@ -545,9 +546,9 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(UNUSED eap_session_t *eap_sess /* * Copy the EAP-Message back to the tunnel. */ - (void) fr_cursor_init(&cursor, &reply->vps); + (void) fr_cursor_init(&cursor, reply_list); - for (vp = fr_cursor_iter_by_da_init(&cursor, &reply->vps, attr_eap_message); + for (vp = fr_cursor_iter_by_da_init(&cursor, reply_list, attr_eap_message); vp; vp = fr_cursor_next(&cursor)) { eap_fast_tlv_append(tls_session, attr_eap_fast_eap_payload, true, vp->vp_length, vp->vp_octets); @@ -639,7 +640,7 @@ static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_sessi MEM(tvp = fr_pair_afrom_da(fake, attr_eap_type)); tvp->vp_uint32 = t->default_provisioning_method; - fr_pair_add(&fake->control, tvp); + fr_pair_add(&fake->control_pairs, tvp); /* * RFC 5422 section 3.2.3 - Authenticating Using EAP-FAST-MSCHAPv2 @@ -647,12 +648,12 @@ static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_sessi if (t->mode == EAP_FAST_PROVISIONING_ANON) { MEM(tvp = fr_pair_afrom_da(fake, attr_ms_chap_challenge)); fr_pair_value_memdup(tvp, t->keyblock->server_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, false); - fr_pair_add(&fake->control, tvp); + fr_pair_add(&fake->control_pairs, tvp); RHEXDUMP3(t->keyblock->server_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, "MSCHAPv2 auth_challenge"); MEM(tvp = fr_pair_afrom_da(fake, attr_ms_chap_peer_challenge)); fr_pair_value_memdup(tvp, t->keyblock->client_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, false); - fr_pair_add(&fake->control, tvp); + fr_pair_add(&fake->control_pairs, tvp); RHEXDUMP3(t->keyblock->client_challenge, RADIUS_CHAP_CHALLENGE_LENGTH, "MSCHAPv2 peer_challenge"); } } @@ -745,7 +746,7 @@ static FR_CODE eap_fast_eap_payload(request_t *request, eap_session_t *eap_sessi /* * Returns RLM_MODULE_FOO, and we want to return FR_FOO */ - rcode = process_reply(eap_session, tls_session, request, fake->reply); + rcode = process_reply(eap_session, tls_session, request, fake->reply, &fake->reply_pairs); switch (rcode) { case RLM_MODULE_REJECT: code = FR_CODE_ACCESS_REJECT; diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index 7b04b84763f..7c69f407cda 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -558,7 +558,7 @@ failure: if (data->mppe_keys) { RDEBUG2("Adding stored attributes to parent"); log_request_pair_list(L_DBG_LVL_2, request, NULL, &data->mppe_keys, "&parent.reply."); - MEM(fr_pair_list_copy(parent->reply, &parent->reply->vps, &data->mppe_keys) >= 0); + MEM(fr_pair_list_copy(parent->reply, &parent->reply_pairs, &data->mppe_keys) >= 0); } else { RDEBUG2("No stored attributes to copy to parent"); } @@ -572,7 +572,7 @@ failure: */ request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP; #endif - MEM(fr_pair_list_copy(parent->reply, &parent->reply->vps, &data->reply) >= 0); + MEM(fr_pair_list_copy(parent->reply, &parent->reply_pairs, &data->reply) >= 0); RETURN_MODULE_OK; } REDEBUG("Sent SUCCESS expecting SUCCESS (or ACK) but got %d", ccode); @@ -790,13 +790,13 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons */ if (!fr_cond_assert(parent)) RETURN_MODULE_FAIL; - auth_challenge = fr_pair_find_by_da(&parent->control, attr_ms_chap_challenge); + auth_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_challenge); if (auth_challenge && (auth_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) { RWDEBUG("&parent.control.MS-CHAP-Challenge is incorrect length. Ignoring it"); auth_challenge = NULL; } - peer_challenge = fr_pair_find_by_da(&parent->control, attr_ms_chap_peer_challenge); + peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge); if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) { RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it"); peer_challenge = NULL; @@ -805,7 +805,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons if (auth_challenge) { created_auth_challenge = false; - peer_challenge = fr_pair_find_by_da(&parent->control, attr_ms_chap_peer_challenge); + peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge); if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) { RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it"); peer_challenge = NULL; diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c index a475ee8fc59..e5dba6f63e2 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c @@ -372,7 +372,8 @@ static int eap_peap_check_tlv(request_t *request, uint8_t const *data, size_t da * Use a reply packet to determine what to do. */ static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_session_t *eap_session, fr_tls_session_t *tls_session, - request_t *request, fr_radius_packet_t *reply) + request_t *request, + fr_radius_packet_t *reply, fr_pair_list_t *reply_list) { rlm_rcode_t rcode = RLM_MODULE_REJECT; fr_pair_t *vp; @@ -389,7 +390,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_session_t *eap_session, fr } else { RDEBUG2("Got tunneled reply code %i", reply->code); } - log_request_pair_list(L_DBG_LVL_2, request, NULL, &reply->vps, NULL); + log_request_pair_list(L_DBG_LVL_2, request, NULL, reply_list, NULL); } switch (reply->code) { @@ -416,7 +417,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_session_t *eap_session, fr * Access-Challenge is ignored. */ vp = NULL; - fr_pair_list_copy_by_da(t, &vp, &reply->vps, attr_eap_message, 0); + fr_pair_list_copy_by_da(t, &vp, reply_list, attr_eap_message, 0); /* * Handle the ACK, by tunneling any necessary reply @@ -577,8 +578,8 @@ unlang_action_t eap_peap_process(rlm_rcode_t *p_result, request_t *request, /* save the SoH VPs */ fr_assert(!t->soh_reply_vps); - MEM(fr_pair_list_copy(t, &t->soh_reply_vps, &fake->reply->vps) >= 0); - fr_assert(!fake->reply->vps); + MEM(fr_pair_list_copy(t, &t->soh_reply_vps, &fake->reply_pairs) >= 0); + fr_assert(!fake->reply_pairs); TALLOC_FREE(fake); if (t->session_resumption_state == PEAP_RESUMPTION_YES) { @@ -743,7 +744,7 @@ unlang_action_t eap_peap_process(rlm_rcode_t *p_result, request_t *request, REDEBUG("Unknown RADIUS packet type %d: rejecting tunneled user", fake->reply->code); rcode = RLM_MODULE_REJECT; } else { - rcode = process_reply(eap_session, tls_session, request, fake->reply); + rcode = process_reply(eap_session, tls_session, request, fake->reply, &fake->reply_list); } finish: diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index 2d5f617fd35..4a79e0ee178 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -464,7 +464,8 @@ static int vp2diameter(request_t *request, fr_tls_session_t *tls_session, fr_pai * Use a reply packet to determine what to do. */ static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *eap_session, fr_tls_session_t *tls_session, - request_t *request, fr_radius_packet_t *reply) + request_t *request, + fr_radius_packet_t *reply, fr_pair_list_t *reply_list) { rlm_rcode_t rcode = RLM_MODULE_REJECT; fr_pair_t *vp; @@ -510,7 +511,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *e * Copy what we need into the TTLS tunnel and leave * the rest to be cleaned up. */ - for (vp = fr_cursor_init(&cursor, &reply->vps); + for (vp = fr_cursor_init(&cursor, reply_list); vp; vp = fr_cursor_next(&cursor)) { if (vp->da == attr_ms_chap2_success) { @@ -548,7 +549,7 @@ static rlm_rcode_t CC_HINT(nonnull) process_reply(NDEBUG_UNUSED eap_session_t *e * Copy what we need into the TTLS tunnel and leave * the rest to be cleaned up. */ - for (vp = fr_cursor_init(&cursor, &reply->vps); + for (vp = fr_cursor_init(&cursor, reply_list); vp; vp = fr_cursor_next(&cursor)) { if ((vp->da == attr_eap_message) || (vp->da == attr_reply_message)) { @@ -742,7 +743,7 @@ FR_CODE eap_ttls_process(request_t *request, eap_session_t *eap_session, fr_tls_ /* * Returns RLM_MODULE_FOO, and we want to return FR_FOO */ - rcode = process_reply(eap_session, tls_session, request, request->reply); + rcode = process_reply(eap_session, tls_session, request, request->reply, &request->reply_pairs); switch (rcode) { case RLM_MODULE_REJECT: code = FR_CODE_ACCESS_REJECT; diff --git a/src/modules/rlm_files/rlm_files.c b/src/modules/rlm_files/rlm_files.c index 20724c1b390..41fc21ccaf0 100644 --- a/src/modules/rlm_files/rlm_files.c +++ b/src/modules/rlm_files/rlm_files.c @@ -323,8 +323,7 @@ static int mod_instantiate(void *instance, UNUSED CONF_SECTION *conf) * Common code called by everything below. */ static unlang_action_t file_common(rlm_rcode_t *p_result, rlm_files_t const *inst, - request_t *request, char const *filename, rbtree_t *tree, - fr_radius_packet_t *packet, fr_radius_packet_t *reply) + request_t *request, char const *filename, rbtree_t *tree) { char const *name; PAIR_LIST const *user_pl, *default_pl; @@ -408,7 +407,7 @@ static unlang_action_t file_common(rlm_rcode_t *p_result, rlm_files_t const *ins fr_cursor_tail(&list_cursor); } - if (paircmp(request, &packet->vps, &list) != 0) { + if (paircmp(request, &request->request_pairs, &list) != 0) { fr_pair_list_free(&list); continue; } @@ -430,7 +429,7 @@ static unlang_action_t file_common(rlm_rcode_t *p_result, rlm_files_t const *ins map = fr_cursor_next(&cursor)) { if (map->op == T_OP_CMP_FALSE) continue; - if (map_to_vp(reply, &vp, request, map, NULL) < 0) { + if (map_to_vp(request->reply, &vp, request, map, NULL) < 0) { RPWARN("Failed parsing map for reply item %s, skipping it", map->rhs->name); break; } @@ -446,7 +445,7 @@ static unlang_action_t file_common(rlm_rcode_t *p_result, rlm_files_t const *ins continue; } - radius_pairmove(request, &reply->vps, &vp, true); + radius_pairmove(request, &request->reply_pairs, &vp, true); } } @@ -478,8 +477,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t); return file_common(p_result, inst, request, inst->filename, - inst->users ? inst->users : inst->common, - request->packet, request->reply); + inst->users ? inst->users : inst->common); } @@ -493,8 +491,7 @@ static unlang_action_t CC_HINT(nonnull) mod_preacct(rlm_rcode_t *p_result, modul rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t); return file_common(p_result, inst, request, inst->acct_usersfile, - inst->acct_users ? inst->acct_users : inst->common, - request->packet, request->reply); + inst->acct_users ? inst->acct_users : inst->common); } static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) @@ -502,8 +499,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t); return file_common(p_result, inst, request, inst->auth_usersfile, - inst->auth_users ? inst->auth_users : inst->common, - request->packet, request->reply); + inst->auth_users ? inst->auth_users : inst->common); } static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) @@ -511,8 +507,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod rlm_files_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_files_t); return file_common(p_result, inst, request, inst->postauth_usersfile, - inst->postauth_users ? inst->postauth_users : inst->common, - request->packet, request->reply); + inst->postauth_users ? inst->postauth_users : inst->common); } diff --git a/src/protocols/dhcpv4/packet.c b/src/protocols/dhcpv4/packet.c index b01a2c25dcf..4eb50cc46e0 100644 --- a/src/protocols/dhcpv4/packet.c +++ b/src/protocols/dhcpv4/packet.c @@ -405,7 +405,7 @@ int fr_dhcpv4_packet_encode(fr_radius_packet_t *packet, fr_pair_list_t *list) if (packet->code == 0) packet->code = FR_DHCP_NAK; /* store xid */ - if ((vp = fr_pair_find_by_da(&packet->vps, attr_dhcp_transaction_id))) { + if ((vp = fr_pair_find_by_da(list, attr_dhcp_transaction_id))) { packet->id = vp->vp_uint32; } else { packet->id = fr_rand(); diff --git a/src/protocols/radius/packet.c b/src/protocols/radius/packet.c index 42202c91f61..9b9af5197ad 100644 --- a/src/protocols/radius/packet.c +++ b/src/protocols/radius/packet.c @@ -376,7 +376,7 @@ static ssize_t rad_recvfrom(int sockfd, fr_radius_packet_t *packet, int flags) fr_radius_packet_t *fr_radius_packet_recv(TALLOC_CTX *ctx, int fd, int flags, uint32_t max_attributes, bool require_ma) { ssize_t data_len; - fr_radius_packet_t *packet; + fr_radius_packet_t *packet; /* * Allocate the new request data structure @@ -452,11 +452,6 @@ fr_radius_packet_t *fr_radius_packet_recv(TALLOC_CTX *ctx, int fd, int flags, ui * how to do this properly for all possible clients... */ - /* - * Explicitely set the VP list to empty. - */ - packet->vps = NULL; - return packet; } diff --git a/src/protocols/radius/tcp.c b/src/protocols/radius/tcp.c index 595f161256f..d3d70936eb9 100644 --- a/src/protocols/radius/tcp.c +++ b/src/protocols/radius/tcp.c @@ -145,11 +145,6 @@ int fr_tcp_read_packet(fr_radius_packet_t *packet, uint32_t max_attributes, bool return -1; } - /* - * Explicitly set the VP list to empty. - */ - packet->vps = NULL; - if (fr_debug_lvl) { char ip_buf[INET6_ADDRSTRLEN], buffer[256];