From: Arran Cudbard-Bell Date: Wed, 21 Apr 2021 22:54:30 +0000 (-0500) Subject: Add instance arg to fr_pair_find_by_da X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=77e5b129581b5ca5f3ef0ad10fffa985d7ea730b;p=thirdparty%2Ffreeradius-server.git Add instance arg to fr_pair_find_by_da --- diff --git a/src/bin/dhcpclient.c b/src/bin/dhcpclient.c index ded7f6bc0a4..b32ed6859b0 100644 --- a/src/bin/dhcpclient.c +++ b/src/bin/dhcpclient.c @@ -316,10 +316,8 @@ static fr_radius_packet_t *fr_dhcpv4_recv_raw_loop(int lsockfd, if (!found) found = reply; if (reply->code == FR_DHCP_OFFER) { - fr_pair_t *vp1 = fr_pair_find_by_da(&reply_vps, - attr_dhcp_dhcp_server_identifier); - fr_pair_t *vp2 = fr_pair_find_by_da(&reply_vps, - attr_dhcp_your_ip_address); + fr_pair_t *vp1 = fr_pair_find_by_da(&reply_vps, attr_dhcp_dhcp_server_identifier, 0); + fr_pair_t *vp2 = fr_pair_find_by_da(&reply_vps, attr_dhcp_your_ip_address, 0); if (vp1 && vp2) { nb_offer++; diff --git a/src/bin/radclient.c b/src/bin/radclient.c index fd232cb7cae..8b35c6b9fe5 100644 --- a/src/bin/radclient.c +++ b/src/bin/radclient.c @@ -832,11 +832,10 @@ static int send_one_packet(rc_request_t *request) if (request->password) { fr_pair_t *vp; - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password)) != NULL) { + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0)) != NULL) { fr_pair_value_strdup(vp, request->password->vp_strvalue); - } else if ((vp = fr_pair_find_by_da(&request->request_pairs, - attr_chap_password)) != NULL) { + } else if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) != NULL) { uint8_t buffer[17]; fr_pair_t *challenge; uint8_t const *vector; @@ -845,7 +844,7 @@ static int send_one_packet(rc_request_t *request) * Use Chap-Challenge pair if present, * Request Authenticator otherwise. */ - challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge); + challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0); if (challenge && (challenge->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) { vector = challenge->vp_octets; } else { @@ -858,7 +857,7 @@ static int send_one_packet(rc_request_t *request) request->password->vp_length); fr_pair_value_memdup(vp, buffer, sizeof(buffer), false); - } else if (fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_password) != NULL) { + } else if (fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_password, 0) != NULL) { mschapv1_encode(request->packet, &request->request_pairs, request->password->vp_strvalue); } else { diff --git a/src/bin/radsniff.c b/src/bin/radsniff.c index 19674b3e5b0..d62668dfa7d 100644 --- a/src/bin/radsniff.c +++ b/src/bin/radsniff.c @@ -345,7 +345,7 @@ static void rs_packet_print_csv(uint64_t count, rs_status_t status, fr_pcap_t *h fr_pair_t *vp; for (i = 0; i < conf->list_da_num; i++) { - vp = fr_pair_find_by_da(list, conf->list_da[i]); + vp = fr_pair_find_by_da(list, conf->list_da[i], 0); if (vp && (vp->vp_length > 0)) { if (conf->list_da[i]->type == FR_TYPE_STRING) { ssize_t slen; diff --git a/src/bin/radsnmp.c b/src/bin/radsnmp.c index a2ebf05a989..88c48e15335 100644 --- a/src/bin/radsnmp.c +++ b/src/bin/radsnmp.c @@ -590,7 +590,7 @@ static int radsnmp_set_response(int fd, fr_dict_attr_t const *error, fr_pair_lis struct iovec io_vector[2]; char newline[] = "\n"; - vp = fr_pair_find_by_da(head, error); + vp = fr_pair_find_by_da(head, error, 0); if (!vp) { if (write(fd, "DONE\n", 5) < 0) { fr_strerror_printf("Failed writing set response: %s", fr_syserror(errno)); diff --git a/src/bin/unit_test_module.c b/src/bin/unit_test_module.c index a313dd2ae67..d0b280adfa7 100644 --- a/src/bin/unit_test_module.c +++ b/src/bin/unit_test_module.c @@ -175,7 +175,7 @@ static request_t *request_from_file(TALLOC_CTX *ctx, FILE *fp, RADCLIENT *client goto error; } - vp = fr_pair_find_by_da(&request->request_pairs, attr_packet_type); + vp = fr_pair_find_by_da(&request->request_pairs, attr_packet_type, 0); if (!vp) { fr_strerror_printf("Input packet does not specify a Packet-Type"); goto error; diff --git a/src/lib/eap/base.c b/src/lib/eap/base.c index b2bfff7c2c6..637cf8eb8d1 100644 --- a/src/lib/eap/base.c +++ b/src/lib/eap/base.c @@ -403,7 +403,7 @@ rlm_rcode_t eap_virtual_server(request_t *request, eap_session_t *eap_session, c fr_pair_t *vp; CONF_SECTION *server_cs; - vp = fr_pair_find_by_da(&request->control_pairs, attr_virtual_server); + vp = fr_pair_find_by_da(&request->control_pairs, attr_virtual_server, 0); server_cs = vp ? virtual_server_find(vp->vp_strvalue) : virtual_server_find(virtual_server); if (server_cs) { diff --git a/src/lib/eap/chbind.c b/src/lib/eap/chbind.c index cb25e0acddf..1dbcf96e3ff 100644 --- a/src/lib/eap/chbind.c +++ b/src/lib/eap/chbind.c @@ -68,7 +68,7 @@ static bool chbind_build_response(request_t *request, CHBIND_REQ *chbind) * Set the response code. Default to "fail" if none was * specified. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_chbind_response_code); + vp = fr_pair_find_by_da(&request->control_pairs, attr_chbind_response_code, 0); if (vp) { ptr[0] = vp->vp_uint32; } else { diff --git a/src/lib/eap/compose.c b/src/lib/eap/compose.c index 72f4d6517c3..c476a3bc747 100644 --- a/src/lib/eap/compose.c +++ b/src/lib/eap/compose.c @@ -239,7 +239,7 @@ rlm_rcode_t eap_compose(eap_session_t *eap_session) * Don't add a Message-Authenticator if * it's already there. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_message_authenticator); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_message_authenticator, 0); if (!vp) { static uint8_t auth_vector[RADIUS_AUTH_VECTOR_LENGTH] = { 0x00 }; @@ -300,7 +300,7 @@ rlm_rcode_t eap_start(request_t *request, rlm_eap_method_t const methods[], bool fr_pair_t *vp; fr_pair_t *eap_msg; - eap_msg = fr_pair_find_by_da(&request->request_pairs, attr_eap_message); + eap_msg = fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0); if (!eap_msg) { RDEBUG2("No EAP-Message, not doing EAP"); return RLM_MODULE_NOOP; @@ -310,7 +310,7 @@ rlm_rcode_t eap_start(request_t *request, rlm_eap_method_t const methods[], bool * Look for EAP-Type = None (FreeRADIUS specific attribute) * this allows you to NOT do EAP for some users. */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_type); + vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_type, 0); if (vp && vp->vp_uint32 == 0) { RDEBUG2("Found EAP-Message, but EAP-Type = None, so we're not doing EAP"); return RLM_MODULE_NOOP; diff --git a/src/lib/eap/session.c b/src/lib/eap/session.c index 5dda0b59804..038157be7c4 100644 --- a/src/lib/eap/session.c +++ b/src/lib/eap/session.c @@ -420,7 +420,7 @@ eap_session_t *eap_session_continue(void const *instance, eap_packet_raw_t **eap * Type-Data field of the EAP-Response/Identity in the User-Name * attribute in every subsequent Access-Request. */ - user = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + user = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (!user) { /* * NAS did not set the User-Name diff --git a/src/lib/eap_aka_sim/module.c b/src/lib/eap_aka_sim/module.c index a986c9d8e3a..6fff875fb37 100644 --- a/src/lib/eap_aka_sim/module.c +++ b/src/lib/eap_aka_sim/module.c @@ -72,7 +72,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct * from the virtual server to determine what kind * of EAP response to send. */ - subtype_vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) { eap_session->this_round->request->code = (rcode == RLM_MODULE_OK) ? FR_EAP_CODE_SUCCESS : FR_EAP_CODE_FAILURE; @@ -138,9 +138,9 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct * Figure out if the state machine is * requesting an ID. */ - if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_any_id_req)) || - (vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_fullauth_id_req)) || - (vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_permanent_id_req))) { + if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_any_id_req, 0)) || + (vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_fullauth_id_req, 0)) || + (vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_permanent_id_req, 0))) { RDEBUG2("Sending EAP-Request/%pV (%s)", &subtype_vp->data, vp->da->name); } else { RDEBUG2("Sending EAP-Request/%pV", &subtype_vp->data); @@ -158,7 +158,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct * it should have used that. */ case FR_SUBTYPE_VALUE_AKA_CHALLENGE: - vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_bidding); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_bidding, 0); /* * Explicit NO @@ -195,7 +195,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct /* * Extra data to append to the packet when signing. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_hmac_extra_request); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_hmac_extra_request, 0); if (vp) { request_hmac_extra = vp->vp_octets; request_hmac_extra_len = vp->vp_length; @@ -205,7 +205,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct * Extra data to append to the response packet when * validating the signature. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_hmac_extra_response); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_hmac_extra_response, 0); if (vp) { fr_assert(!mod_session->response_hmac_extra); MEM(mod_session->response_hmac_extra = talloc_memdup(mod_session, @@ -215,7 +215,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct /* * Key we use for encrypting and decrypting attributes. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_k_encr); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_k_encr, 0); if (vp) { fr_assert(!mod_session->ctx.k_encr); MEM(mod_session->ctx.k_encr = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length)); @@ -224,7 +224,7 @@ static unlang_action_t mod_encode(rlm_rcode_t *p_result, module_ctx_t const *mct /* * Key we use for signing and validating mac values. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_k_aut); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_k_aut, 0); if (vp) { fr_assert(!mod_session->ctx.k_aut); MEM(mod_session->ctx.k_aut = talloc_memdup(mod_session, vp->vp_octets, vp->vp_length)); @@ -345,7 +345,7 @@ unlang_action_t eap_aka_sim_process(rlm_rcode_t *p_result, module_ctx_t const *m log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->request_pairs, NULL); } - subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) { REDEBUG2("Missing Sub-Type"); /* Let the state machine enter the right state */ break; diff --git a/src/lib/eap_aka_sim/state_machine.c b/src/lib/eap_aka_sim/state_machine.c index 415e3ba3850..aeee8f85e2e 100644 --- a/src/lib/eap_aka_sim/state_machine.c +++ b/src/lib/eap_aka_sim/state_machine.c @@ -217,7 +217,7 @@ static inline CC_HINT(always_inline) void client_error_debug(request_t *request) { fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_client_error_code); + vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_client_error_code, 0); if (!vp) { REDEBUG("Peer has not supplied a AT_ERROR_CODE"); } else { @@ -519,14 +519,14 @@ static int checkcode_validate(request_t *request) * done by the calling module, we just check * the result. */ - our_checkcode = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_checkcode); + our_checkcode = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_checkcode, 0); if (our_checkcode) { /* * If the peer doesn't include a checkcode then that * means they don't support it, and we can't validate * their view of the identity packets. */ - peer_checkcode = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_checkcode); + peer_checkcode = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_checkcode, 0); if (peer_checkcode) { if (fr_pair_cmp(peer_checkcode, our_checkcode) == 0) { RDEBUG2("Received AT_CHECKCODE matches calculated AT_CHECKCODE"); @@ -564,7 +564,7 @@ static int mac_validate(request_t *request) * done by the calling module, we just check * the result. */ - our_mac = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_mac); + our_mac = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_mac, 0); if (!our_mac) { REDEBUG("Missing &control.%s", attr_eap_aka_sim_mac->name); return -1; @@ -576,7 +576,7 @@ static int mac_validate(request_t *request) * means they don't support it, and we can't validate * their view of the identity packets. */ - peer_mac = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_mac); + peer_mac = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_mac, 0); if (!peer_mac) { REDEBUG("Peer didn't include AT_MAC"); return -1; @@ -663,7 +663,7 @@ RESUME(store_pseudonym) * find a next_reauth_id pair in the * reply list. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_next_reauth_id); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_next_reauth_id, 0); if (vp) { /* * Generate a random fastauth string @@ -743,7 +743,7 @@ RESUME(store_pseudonym) * state increment by 1, otherwise, add the * attribute and set to zero. */ - vp = fr_pair_find_by_da(&request->session_state_pairs, attr_eap_aka_sim_counter); + vp = fr_pair_find_by_da(&request->session_state_pairs, attr_eap_aka_sim_counter, 0); if (vp) { vp->vp_uint16++; /* @@ -794,7 +794,7 @@ static unlang_action_t session_and_pseudonym_store(rlm_rcode_t *p_result, module unlang_interpret_stack_result_set(request, RLM_MODULE_NOOP); /* Needed because we may call resume functions directly */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_next_pseudonym); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_next_pseudonym, 0); if (vp) { /* * Generate a random pseudonym string @@ -1112,7 +1112,7 @@ static int sim_start_selected_version_check(request_t *request, eap_aka_sim_sess /* * Check that we got an AT_SELECTED_VERSION */ - selected_version_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_selected_version); + selected_version_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_selected_version, 0); if (!selected_version_vp) { REDEBUG("EAP-Response/SIM/Start does not contain AT_SELECTED_VERSION"); return -1; @@ -1165,7 +1165,7 @@ static int sim_start_nonce_mt_check(request_t *request, eap_aka_sim_session_t *e /* * Copy nonce_mt to the keying material */ - nonce_mt_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_nonce_mt); + nonce_mt_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_nonce_mt, 0); if (!nonce_mt_vp) { REDEBUG("EAP-Response/SIM/Start does not contain AT_NONCE_MT"); return -1; @@ -1265,7 +1265,7 @@ STATE(common_failure_notification) eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->instance, eap_aka_sim_process_conf_t); fr_pair_t *subtype_vp = NULL; - subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) goto fail; switch (subtype_vp->vp_uint16) { @@ -1316,7 +1316,7 @@ RESUME(send_common_failure_notification) * - FR_NOTIFICATION_VALUE_NOT_SUBSCRIBED * User has not subscribed to the requested service. */ - notification_vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_notification); + notification_vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_notification, 0); /* * Change the failure notification depending where @@ -1660,7 +1660,7 @@ RESUME(recv_common_reauthentication_response) * clear out reauth information and enter the * challenge state. */ - if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_counter_too_small)) { + if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_counter_too_small, 0)) { RWDEBUG("Peer sent AT_COUNTER_TOO_SMALL (indicating our AT_COUNTER value (%u) wasn't fresh)", eap_aka_sim_session->keys.reauth.counter); @@ -1678,13 +1678,13 @@ RESUME(recv_common_reauthentication_response) * RFC 4187 Section #6.2. Result Indications */ if (eap_aka_sim_session->send_result_ind) { - if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) { RDEBUG("We wanted to use protected result indications, but peer does not"); eap_aka_sim_session->send_result_ind = false; } else { return STATE_TRANSITION(common_success_notification); } - } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind)) { + } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) { RDEBUG("Peer wanted to use protected result indications, but we do not"); } @@ -1706,7 +1706,7 @@ STATE(common_reauthentication) eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->instance, eap_aka_sim_process_conf_t); fr_pair_t *subtype_vp = NULL; - subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) { REDEBUG("Missing AT_SUBTYPE"); goto fail; @@ -1770,7 +1770,7 @@ static unlang_action_t common_reauthentication_request_compose(rlm_rcode_t *p_re * Not seen any doing this for re-authentication * but you never know... */ - kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity); + kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0); if (kdf_id) { crypto_identity_set(request, eap_aka_sim_session, (uint8_t const *)kdf_id->vp_strvalue, kdf_id->vp_length); @@ -1843,7 +1843,7 @@ static unlang_action_t common_reauthentication_request_compose(rlm_rcode_t *p_re * * Use our default, but allow user override too. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0); if (vp) eap_aka_sim_session->send_result_ind = vp->vp_bool; /* @@ -2120,7 +2120,7 @@ RESUME(recv_aka_syncronization_failure) * We couldn't generate an SQN and the user didn't provide one, * so we need to fail. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_sim_sqn); + vp = fr_pair_find_by_da(&request->control_pairs, attr_sim_sqn, 0); if (!vp) { REDEBUG("No &control.SQN value provided after resynchronisation, cannot continue"); goto failure; @@ -2180,7 +2180,7 @@ RESUME(recv_aka_challenge_response) */ if (checkcode_validate(request) < 0) goto failure; - vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_res); + vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_res, 0); if (!vp) { REDEBUG("AT_RES missing from challenge response"); goto failure; @@ -2212,13 +2212,13 @@ RESUME(recv_aka_challenge_response) * RFC 4187 Section #6.2. Result Indications */ if (eap_aka_sim_session->send_result_ind) { - if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) { RDEBUG("We wanted to use protected result indications, but peer does not"); eap_aka_sim_session->send_result_ind = false; } else { return STATE_TRANSITION(common_success_notification); } - } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind)) { + } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) { RDEBUG("Peer wanted to use protected result indications, but we do not"); } @@ -2242,7 +2242,7 @@ STATE(aka_challenge) fr_pair_t *subtype_vp = NULL; fr_pair_t *vp; - subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) { REDEBUG("Missing AT_SUBTYPE"); goto fail; @@ -2265,7 +2265,7 @@ STATE(aka_challenge) eap_aka_sim_session->allow_encrypted = false; - vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_auts); + vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_auts, 0); if (!vp) { REDEBUG("EAP-Response/AKA-Synchronisation-Failure missing AT_AUTS"); failure: @@ -2344,7 +2344,7 @@ RESUME(send_aka_challenge_request) * implement RFC 4187 correctly and use the * wrong identity as input the the PRF/KDF. */ - kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity); + kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0); if (kdf_id) { crypto_identity_set(request, eap_aka_sim_session, (uint8_t const *)kdf_id->vp_strvalue, kdf_id->vp_length); @@ -2358,7 +2358,7 @@ RESUME(send_aka_challenge_request) * Copy the network name the user specified for * key derivation purposes. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_kdf_input); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_kdf_input, 0); if (vp) { talloc_free(eap_aka_sim_session->keys.network); eap_aka_sim_session->keys.network = talloc_memdup(eap_aka_sim_session, @@ -2426,7 +2426,7 @@ RESUME(send_aka_challenge_request) * * Use our default, but allow user override too. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0); if (vp) eap_aka_sim_session->send_result_ind = vp->vp_bool; /* @@ -2508,7 +2508,7 @@ STATE_GUARD(aka_challenge) * and send it to the peer. */ if (inst->network_name && - !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_kdf_input)) { + !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_kdf_input, 0)) { MEM(pair_append_reply(&vp, attr_eap_aka_sim_kdf_input) >= 0); fr_pair_value_bstrdup_buffer(vp, inst->network_name, false); } @@ -2524,7 +2524,7 @@ STATE_GUARD(aka_challenge) * Set the defaults for protected result indicator */ if (eap_aka_sim_session->send_result_ind && - !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind)) { + !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0)) { MEM(pair_append_reply(&vp, attr_eap_aka_sim_result_ind) >= 0); vp->vp_bool = true; } @@ -2566,13 +2566,13 @@ RESUME(recv_sim_challenge_response) * notification, otherwise send a normal EAP-Success. */ if (eap_aka_sim_session->send_result_ind) { - if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) { RDEBUG("We wanted to use protected result indications, but peer does not"); eap_aka_sim_session->send_result_ind = false; } else { return STATE_TRANSITION(common_success_notification); } - } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind)) { + } else if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_result_ind, 0)) { RDEBUG("Peer wanted to use protected result indications, but we do not"); } @@ -2592,7 +2592,7 @@ STATE(sim_challenge) eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->instance, eap_aka_sim_process_conf_t); fr_pair_t *subtype_vp = NULL; - subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) { REDEBUG("Missing AT_SUBTYPE"); goto fail; @@ -2646,7 +2646,7 @@ RESUME(send_sim_challenge_request) * implement RFC 4187 correctly and use the * wrong identity as input the the PRF/KDF. */ - kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity); + kdf_id = fr_pair_find_by_da(&request->control_pairs, attr_eap_aka_sim_kdf_identity, 0); if (kdf_id) { crypto_identity_set(request, eap_aka_sim_session, (uint8_t const *)kdf_id->vp_strvalue, kdf_id->vp_length); @@ -2674,7 +2674,7 @@ RESUME(send_sim_challenge_request) * * Use our default, but allow user override too. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0); if (vp) eap_aka_sim_session->send_result_ind = vp->vp_bool; /* @@ -2730,7 +2730,7 @@ STATE_GUARD(sim_challenge) * Set the defaults for protected result indicator */ if (eap_aka_sim_session->send_result_ind && - !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind)) { + !fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_result_ind, 0)) { MEM(pair_append_reply(&vp, attr_eap_aka_sim_result_ind) >= 0); vp->vp_bool = true; } @@ -2823,7 +2823,7 @@ RESUME(recv_aka_identity_response) * If the identity looks like a fast re-auth id * run fast re-auth, otherwise do fullauth. */ - identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type); + identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type, 0); if (identity_type) switch (identity_type->vp_uint32) { case FR_IDENTITY_TYPE_VALUE_FASTAUTH: return STATE_TRANSITION(common_reauthentication); @@ -2862,7 +2862,7 @@ STATE(aka_identity) eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->instance, eap_aka_sim_process_conf_t); fr_pair_t *subtype_vp = NULL; - subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) { REDEBUG("Missing AT_SUBTYPE"); goto fail; @@ -2877,7 +2877,7 @@ STATE(aka_identity) fr_pair_t *id; fr_aka_sim_id_type_t type; - id = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity); + id = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity, 0); if (!id) { /* * 9.2. EAP-Response/Identity @@ -3086,7 +3086,7 @@ RESUME(recv_sim_start_response) * If the identity looks like a fast re-auth id * run fast re-auth, otherwise do fullauth. */ - identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type); + identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type, 0); if (identity_type) switch (identity_type->vp_uint32) { case FR_IDENTITY_TYPE_VALUE_FASTAUTH: /* @@ -3096,7 +3096,7 @@ RESUME(recv_sim_start_response) * with a fast re-authentication identity is present for fast * re-authentication */ - if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_nonce_mt)) { + if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_nonce_mt, 0)) { REDEBUG("AT_NONCE_MT is not allowed in EAP-Response/SIM-Reauthentication messages"); return STATE_TRANSITION(common_failure_notification); } @@ -3108,7 +3108,7 @@ RESUME(recv_sim_start_response) * AT_IDENTITY attribute with a fast re-authentication identity is * present for fast re-authentication. */ - if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_selected_version)) { + if (fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_selected_version, 0)) { REDEBUG("AT_SELECTED_VERSION is not allowed in EAP-Response/SIM-Reauthentication messages"); return STATE_TRANSITION(common_failure_notification); } @@ -3163,7 +3163,7 @@ STATE(sim_start) eap_aka_sim_process_conf_t *inst = talloc_get_type_abort(mctx->instance, eap_aka_sim_process_conf_t); fr_pair_t *subtype_vp = NULL; - subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype); + subtype_vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_subtype, 0); if (!subtype_vp) { REDEBUG("Missing AT_SUBTYPE"); goto fail; @@ -3174,7 +3174,7 @@ STATE(sim_start) fr_pair_t *id; fr_aka_sim_id_type_t type; - id = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity); + id = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity, 0); if (!id) { /* * RFC 4186 Section #9.2 @@ -3276,7 +3276,7 @@ RESUME(send_sim_start) * If the user provided no versions, then * just add the default (1). */ - if (!(fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_version_list))) { + if (!(fr_pair_find_by_da(&request->reply_pairs, attr_eap_aka_sim_version_list, 0))) { MEM(pair_append_reply(&vp, attr_eap_aka_sim_version_list) >= 0); vp->vp_uint16 = EAP_SIM_VERSION; } @@ -3393,10 +3393,10 @@ RESUME(recv_common_identity_response) * This must be done before we enter * the submodule. */ - eap_type = fr_pair_find_by_da(&request->control_pairs, attr_eap_type); + eap_type = fr_pair_find_by_da(&request->control_pairs, attr_eap_type, 0); if (eap_type) RWDEBUG("Ignoring &control.EAP-Type, this must be set *before* the EAP module is called"); - method = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_method_hint); + method = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_method_hint, 0); /* * Set default configuration, we may allow these @@ -3506,7 +3506,7 @@ RESUME(recv_common_identity_response) * If the identity looks like a fast re-auth id * run fast re-auth, otherwise do a fullauth. */ - identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type); + identity_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_aka_sim_identity_type, 0); if (identity_type) switch (identity_type->vp_uint32) { case FR_IDENTITY_TYPE_VALUE_FASTAUTH: return STATE_TRANSITION(common_reauthentication); diff --git a/src/lib/eap_aka_sim/vector.c b/src/lib/eap_aka_sim/vector.c index d921b5bfd32..b60fa5cfde6 100644 --- a/src/lib/eap_aka_sim/vector.c +++ b/src/lib/eap_aka_sim/vector.c @@ -45,7 +45,7 @@ static int vector_opc_from_op(request_t *request, uint8_t const **out, uint8_t o fr_pair_t *opc_vp; fr_pair_t *op_vp; - opc_vp = fr_pair_find_by_da(list, attr_sim_opc); + opc_vp = fr_pair_find_by_da(list, attr_sim_opc, 0); if (opc_vp) { if (opc_vp->vp_length != MILENAGE_OPC_SIZE) { REDEBUG("&control.%s has incorrect length, expected %u bytes got %zu bytes", @@ -56,7 +56,7 @@ static int vector_opc_from_op(request_t *request, uint8_t const **out, uint8_t o return 0; } - op_vp = fr_pair_find_by_da(list, attr_sim_op); + op_vp = fr_pair_find_by_da(list, attr_sim_op, 0); if (op_vp) { if (op_vp->vp_length != MILENAGE_OP_SIZE) { REDEBUG("&control.%s has incorrect length, expected %u bytes got %zu bytes", @@ -86,7 +86,7 @@ static int vector_gsm_from_ki(request_t *request, fr_pair_list_t *vps, int idx, /* * Generate a new RAND value, and derive Kc and SRES from Ki */ - ki_vp = fr_pair_find_by_da(vps, attr_sim_ki); + ki_vp = fr_pair_find_by_da(vps, attr_sim_ki, 0); if (!ki_vp) { RDEBUG3("No &control.%sfound, not generating triplets locally", attr_sim_ki->name); return 1; @@ -100,7 +100,7 @@ static int vector_gsm_from_ki(request_t *request, fr_pair_list_t *vps, int idx, * Check to see if we have a Ki for the IMSI, this allows us to generate the rest * of the triplets. */ - version_vp = fr_pair_find_by_da(vps, attr_sim_algo_version); + version_vp = fr_pair_find_by_da(vps, attr_sim_algo_version, 0); if (!version_vp) { if (vector_opc_from_op(request, &opc_p, opc_buff, vps, ki_vp->vp_octets) < 0) return -1; version = opc_p ? FR_SIM_ALGO_VERSION_VALUE_COMP128_4 : FR_SIM_ALGO_VERSION_VALUE_COMP128_3; @@ -403,7 +403,7 @@ static int vector_umts_from_ki(request_t *request, fr_pair_list_t *vps, fr_aka_s /* * Select the algorithm (default to Milenage) */ - version_vp = fr_pair_find_by_da(vps, attr_sim_algo_version); + version_vp = fr_pair_find_by_da(vps, attr_sim_algo_version, 0); if (version_vp) version = version_vp->vp_uint32; /* @@ -438,7 +438,7 @@ static int vector_umts_from_ki(request_t *request, fr_pair_list_t *vps, fr_aka_s /* * Find the Ki VP and check its length */ - ki_vp = fr_pair_find_by_da(vps, attr_sim_ki); + ki_vp = fr_pair_find_by_da(vps, attr_sim_ki, 0); if (!ki_vp) { RDEBUG3("No &control.%s found, not generating quintuplets locally", attr_sim_ki->name); return 1; @@ -451,13 +451,13 @@ static int vector_umts_from_ki(request_t *request, fr_pair_list_t *vps, fr_aka_s /* * Find the Sequence Number VP or default to SQN = 2 */ - sqn_vp = fr_pair_find_by_da(vps, attr_sim_sqn); + sqn_vp = fr_pair_find_by_da(vps, attr_sim_sqn, 0); keys->sqn = sqn_vp ? sqn_vp->vp_uint64 : 2; /* 2 is the lowest valid SQN on our side */ /* * Check if we have an AMF value */ - amf_vp = fr_pair_find_by_da(vps, attr_sim_amf); + amf_vp = fr_pair_find_by_da(vps, attr_sim_amf, 0); if (amf_vp) { if (amf_vp->vp_length != amf_size) { REDEBUG("&control.%s has incorrect length, expected %zu bytes got %zu bytes", @@ -597,7 +597,7 @@ static int vector_umts_from_quintuplets(request_t *request, fr_pair_list_t *vps, /* * Fetch AUTN */ - autn_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_autn); + autn_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_autn, 0); if (!autn_vp) { RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_autn->name); return 1; @@ -613,7 +613,7 @@ static int vector_umts_from_quintuplets(request_t *request, fr_pair_list_t *vps, /* * Fetch CK */ - ck_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ck); + ck_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ck, 0); if (!ck_vp) { RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_ck->name); return 1; @@ -629,7 +629,7 @@ static int vector_umts_from_quintuplets(request_t *request, fr_pair_list_t *vps, /* * Fetch IK */ - ik_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ik); + ik_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ik, 0); if (!ik_vp) { RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_ik->name); return 1; @@ -645,7 +645,7 @@ static int vector_umts_from_quintuplets(request_t *request, fr_pair_list_t *vps, /* * Fetch RAND */ - rand_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_rand); + rand_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_rand, 0); if (!rand_vp) { RDEBUG3("No &control.%s attribute found, not using quintuplet derivation", attr_eap_aka_sim_rand->name); return 1; @@ -660,7 +660,7 @@ static int vector_umts_from_quintuplets(request_t *request, fr_pair_list_t *vps, /* * Fetch XRES */ - xres_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_xres); + xres_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_xres, 0); if (!xres_vp) { RDEBUG3("No &control.%s attribute found, not using UMTS quintuplets", attr_eap_aka_sim_xres->name); return 1; @@ -676,7 +676,7 @@ static int vector_umts_from_quintuplets(request_t *request, fr_pair_list_t *vps, /* * Fetch (optional) AK */ - ak_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ak); + ak_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_ak, 0); if (ak_vp && (ak_vp->vp_length != MILENAGE_AK_SIZE)) { REDEBUG("&control.%s incorrect length. Expected " STRINGIFY(MILENAGE_AK_SIZE) " bytes, got %zu bytes", @@ -687,7 +687,7 @@ static int vector_umts_from_quintuplets(request_t *request, fr_pair_list_t *vps, /* * Fetch (optional) SQN */ - sqn_vp = fr_pair_find_by_da(vps, attr_sim_sqn); + sqn_vp = fr_pair_find_by_da(vps, attr_sim_sqn, 0); if (sqn_vp && (sqn_vp->vp_length != MILENAGE_SQN_SIZE)) { REDEBUG("&control.%s incorrect length. Expected " STRINGIFY(MILENAGE_AK_SIZE) " bytes, got %zu bytes", @@ -829,7 +829,7 @@ int fr_aka_sim_vector_gsm_umts_kdf_0_reauth_from_attrs(request_t *request, fr_pa * This is the *old* counter value increment * by 1 to get the *new* counter value */ - counter_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_counter); + counter_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_counter, 0); if (!counter_vp) { RDEBUG2("No &session-state.%s attribute found, can't calculate re-auth keys", attr_eap_aka_sim_counter->name); @@ -837,8 +837,8 @@ int fr_aka_sim_vector_gsm_umts_kdf_0_reauth_from_attrs(request_t *request, fr_pa } counter_vp->vp_uint16++; - mk_vp = fr_pair_find_by_da(vps, attr_session_data); - if (!mk_vp) mk_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_mk); + mk_vp = fr_pair_find_by_da(vps, attr_session_data, 0); + if (!mk_vp) mk_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_mk, 0); if (!mk_vp) { RDEBUG2("Neither &session-state.%s or &session-state.%s attributes found, " "can't calculate re-auth keys", attr_session_data->name, attr_eap_aka_sim_mk->name); @@ -878,7 +878,7 @@ int fr_aka_sim_vector_umts_kdf_1_reauth_from_attrs(request_t *request, fr_pair_l * This is the *old* counter value increment * by 1 to get the *new* counter value */ - counter_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_counter); + counter_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_counter, 0); if (!counter_vp) { RDEBUG2("No &session-state.%s attribute found, can't calculate re-auth keys", attr_eap_aka_sim_counter->name); @@ -886,8 +886,8 @@ int fr_aka_sim_vector_umts_kdf_1_reauth_from_attrs(request_t *request, fr_pair_l } counter_vp->vp_uint16++; - mk_vp = fr_pair_find_by_da(vps, attr_session_data); - if (!mk_vp) mk_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_mk); + mk_vp = fr_pair_find_by_da(vps, attr_session_data, 0); + if (!mk_vp) mk_vp = fr_pair_find_by_da(vps, attr_eap_aka_sim_mk, 0); if (!mk_vp) { RDEBUG2("Neither &session-state.%s or &session-sate:%s attributes found, " "can't calculate re-auth keys", attr_session_data->name, attr_eap_aka_sim_mk->name); diff --git a/src/lib/eap_aka_sim/xlat.c b/src/lib/eap_aka_sim/xlat.c index 5062bb77151..dc8f7d7587a 100644 --- a/src/lib/eap_aka_sim/xlat.c +++ b/src/lib/eap_aka_sim/xlat.c @@ -254,7 +254,7 @@ static xlat_action_t aka_sim_3gpp_temporary_id_decrypt_xlat(TALLOC_CTX *ctx, fr_ /* * Figure out what tag we should add to the permanent id */ - eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type); + eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type, 0); if (eap_type) { if (eap_type->vp_uint32 == enum_eap_type_sim->vb_uint32) { out_tag = ID_TAG_SIM_PERMANENT; @@ -435,7 +435,7 @@ static xlat_action_t aka_sim_3gpp_temporary_id_encrypt_xlat(TALLOC_CTX *ctx, fr_ } else if ((id_len >= AKA_SIM_IMSI_MIN_LEN) && (id_len <= AKA_SIM_IMSI_MAX_LEN)) { fr_pair_t *eap_type; - eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type); + eap_type = fr_pair_find_by_da(&request->request_pairs, attr_eap_type, 0); if (!eap_type) { REDEBUG("ID does not contain method hint, and no &request.EAP-Type found. " "Don't know what tag to prepend to encrypted identity"); diff --git a/src/lib/server/pair_server_tests.c b/src/lib/server/pair_server_tests.c index 146e892664c..9fa69a32d52 100644 --- a/src/lib/server/pair_server_tests.c +++ b/src/lib/server/pair_server_tests.c @@ -210,7 +210,7 @@ static void test_pair_update_request(void) vp->vp_uint32 = 112233; TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 112233)"); - TEST_CHECK((vp = fr_pair_find_by_da(&request->request_pairs, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&request->request_pairs, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -239,7 +239,7 @@ static void test_pair_update_reply(void) vp->vp_uint32 = 3333; TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 3333)"); - TEST_CHECK((vp = fr_pair_find_by_da(&request->reply_pairs, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&request->reply_pairs, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -264,7 +264,7 @@ static void test_pair_update_control(void) vp->vp_uint32 = 44444; TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 44444)"); - TEST_CHECK((vp = fr_pair_find_by_da(&request->control_pairs, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&request->control_pairs, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -289,7 +289,7 @@ static void test_pair_update_session_state(void) vp->vp_uint32 = 7890; TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 7890)"); - TEST_CHECK((vp = fr_pair_find_by_da(&request->session_state_pairs, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&request->session_state_pairs, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -310,7 +310,7 @@ static void test_pair_delete_request(void) TEST_CHECK(pair_delete_request(fr_dict_attr_test_uint32) > 0); TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->request_pairs'"); - TEST_CHECK(fr_pair_find_by_da(&request->request_pairs, fr_dict_attr_test_uint32) == NULL); + TEST_CHECK(fr_pair_find_by_da(&request->request_pairs, fr_dict_attr_test_uint32, 0) == NULL); TEST_CHECK_RET(talloc_free(request), 0); } @@ -326,7 +326,7 @@ static void test_pair_delete_reply(void) TEST_CHECK(pair_delete_reply(fr_dict_attr_test_uint32) > 0); TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->reply_pairs'"); - TEST_CHECK(fr_pair_find_by_da(&request->reply_pairs, fr_dict_attr_test_uint32) == NULL); + TEST_CHECK(fr_pair_find_by_da(&request->reply_pairs, fr_dict_attr_test_uint32, 0) == NULL); TEST_CHECK_RET(talloc_free(request), 0); } @@ -342,7 +342,7 @@ static void test_pair_delete_control(void) TEST_CHECK(pair_delete_control(fr_dict_attr_test_uint32) > 0); TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->control_pairs'"); - TEST_CHECK(fr_pair_find_by_da(&request->control_pairs, fr_dict_attr_test_uint32) == NULL); + TEST_CHECK(fr_pair_find_by_da(&request->control_pairs, fr_dict_attr_test_uint32, 0) == NULL); TEST_CHECK_RET(talloc_free(request), 0); } @@ -358,7 +358,7 @@ static void test_pair_delete_session_state(void) TEST_CHECK(pair_delete_session_state(fr_dict_attr_test_uint32) > 0); TEST_CASE("The 'Test-Integer' shouldn't exist in 'request->state'"); - TEST_CHECK(fr_pair_find_by_da(&request->session_state_pairs, fr_dict_attr_test_uint32) == NULL); + TEST_CHECK(fr_pair_find_by_da(&request->session_state_pairs, fr_dict_attr_test_uint32, 0) == NULL); TEST_CHECK_RET(talloc_free(request), 0); } diff --git a/src/lib/server/paircmp.c b/src/lib/server/paircmp.c index bf152ba05b0..2d05ad08ac7 100644 --- a/src/lib/server/paircmp.c +++ b/src/lib/server/paircmp.c @@ -548,7 +548,7 @@ int paircmp(request_t *request, WARN("Are you sure you don't mean Password.Cleartext?"); WARN("See \"man rlm_pap\" for more information"); } - if (fr_pair_find_by_da(request_list, attr_user_password) == NULL) continue; + if (fr_pair_find_by_da(request_list, attr_user_password, 0) == NULL) continue; } /* diff --git a/src/lib/server/state.c b/src/lib/server/state.c index 941ae4d9732..130c00d9e7b 100644 --- a/src/lib/server/state.c +++ b/src/lib/server/state.c @@ -435,7 +435,7 @@ static fr_state_entry_t *state_entry_create(fr_state_tree_t *state, request_t *r * int the reply, we use that in preference to the * old state. */ - vp = fr_pair_find_by_da(reply_list, state->da); + vp = fr_pair_find_by_da(reply_list, state->da, 0); if (vp) { if (DEBUG_ENABLED && (vp->vp_length > sizeof(entry->state))) { WARN("State too long, will be truncated. Expected <= %zd bytes, got %zu bytes", @@ -581,7 +581,7 @@ void fr_state_discard(fr_state_tree_t *state, request_t *request) fr_state_entry_t *entry; fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->request_pairs, state->da); + vp = fr_pair_find_by_da(&request->request_pairs, state->da, 0); if (!vp) return; PTHREAD_MUTEX_LOCK(&state->mutex); @@ -642,7 +642,7 @@ int fr_state_to_request(fr_state_tree_t *state, request_t *request) /* * No State, don't do anything. */ - vp = fr_pair_find_by_da(&request->request_pairs, state->da); + vp = fr_pair_find_by_da(&request->request_pairs, state->da, 0); if (!vp) { RDEBUG3("No &request.%s attribute, can't restore &session-state", state->da->name); if (request->seq_start == 0) request->seq_start = request->number; /* Need check for fake requests */ @@ -715,7 +715,7 @@ int fr_request_to_state(fr_state_tree_t *state, request_t *request) log_request_pair_list(L_DBG_LVL_2, request, NULL, &request->session_state_pairs, "&session-state."); } - vp = fr_pair_find_by_da(&request->request_pairs, state->da); + vp = fr_pair_find_by_da(&request->request_pairs, state->da, 0); PTHREAD_MUTEX_LOCK(&state->mutex); if (vp) old = state_entry_find(state, &vp->data); diff --git a/src/lib/server/trigger.c b/src/lib/server/trigger.c index ae38e8a5eed..743ed59347f 100644 --- a/src/lib/server/trigger.c +++ b/src/lib/server/trigger.c @@ -84,7 +84,7 @@ xlat_action_t trigger_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, request_t *reques return XLAT_ACTION_FAIL; } - vp = fr_pair_find_by_da(head, da); + vp = fr_pair_find_by_da(head, da, 0); if (!vp) { ERROR("Attribute \"%pV\" is not valid for this trigger", in_head); return XLAT_ACTION_FAIL; diff --git a/src/lib/server/virtual_servers.c b/src/lib/server/virtual_servers.c index 1db8dcff75e..3b8f978e30b 100644 --- a/src/lib/server/virtual_servers.c +++ b/src/lib/server/virtual_servers.c @@ -1437,7 +1437,7 @@ rlm_rcode_t virtual_server_process_auth(request_t *request, CONF_SECTION *virtua char const *auth_name; rlm_rcode_t rcode = RLM_MODULE_NOOP; - vp = fr_pair_find_by_da(&request->control_pairs, attr_auth_type); + vp = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0); if (!vp) { RDEBUG2("No &control.Auth-Type found"); fail: diff --git a/src/lib/tls/cache.c b/src/lib/tls/cache.c index c997e647d5a..cf266b13d61 100644 --- a/src/lib/tls/cache.c +++ b/src/lib/tls/cache.c @@ -363,7 +363,7 @@ static SSL_SESSION *fr_tls_cache_read(SSL *ssl, return NULL; } - vp = fr_pair_find_by_da(&request->session_state_pairs, attr_tls_session_data); + vp = fr_pair_find_by_da(&request->session_state_pairs, attr_tls_session_data, 0); if (!vp) { RWDEBUG("No cached session found"); return NULL; @@ -542,7 +542,7 @@ int fr_tls_cache_disable_cb(SSL *ssl, */ if (!session->allow_session_resumption) goto disable; - vp = fr_pair_find_by_da(&request->control_pairs, attr_allow_session_resumption); + vp = fr_pair_find_by_da(&request->control_pairs, attr_allow_session_resumption, 0); if (vp && (vp->vp_uint32 == 0)) { RDEBUG2("&control.Allow-Session-Resumption == no, disabling session resumption"); disable: diff --git a/src/lib/tls/ocsp.c b/src/lib/tls/ocsp.c index 17742cbb31a..25d79175c29 100644 --- a/src/lib/tls/ocsp.c +++ b/src/lib/tls/ocsp.c @@ -390,7 +390,7 @@ int fr_tls_ocsp_check(request_t *request, SSL *ssl, /* * Allow us to cache the OCSP verified state externally */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_ocsp_cert_valid); + vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_ocsp_cert_valid, 0); if (vp) switch (vp->vp_uint32) { case 0: /* no */ RDEBUG2("Found &control.TLS-OCSP-Cert-Valid = no, forcing OCSP failure"); @@ -404,7 +404,7 @@ int fr_tls_ocsp_check(request_t *request, SSL *ssl, * we need to run the full OCSP check. */ if (staple_response) { - vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_ocsp_response); + vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_ocsp_response, 0); if (!vp) { RDEBUG2("No &control.TLS-OCSP-Response attribute found, performing full OCSP check"); break; diff --git a/src/lib/tls/session.c b/src/lib/tls/session.c index b98a3d2f046..b4efec28a45 100644 --- a/src/lib/tls/session.c +++ b/src/lib/tls/session.c @@ -1774,7 +1774,7 @@ fr_tls_session_t *fr_tls_session_init_server(TALLOC_CTX *ctx, fr_tls_conf_t *con /* * Add the session certificate to the session. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_session_cert_file); + vp = fr_pair_find_by_da(&request->control_pairs, attr_tls_session_cert_file, 0); if (vp) { RDEBUG2("Loading TLS session certificate \"%pV\"", &vp->data); @@ -1846,7 +1846,7 @@ fr_tls_session_t *fr_tls_session_init_server(TALLOC_CTX *ctx, fr_tls_conf_t *con * just too much. */ session->mtu = conf->fragment_size; - vp = fr_pair_find_by_da(&request->request_pairs, attr_framed_mtu); + vp = fr_pair_find_by_da(&request->request_pairs, attr_framed_mtu, 0); if (vp && (vp->vp_uint32 > 100) && (vp->vp_uint32 < session->mtu)) { RDEBUG2("Setting fragment_len to %u from &Framed-MTU", vp->vp_uint32); session->mtu = vp->vp_uint32; diff --git a/src/lib/unlang/subrequest_child.c b/src/lib/unlang/subrequest_child.c index e220e6ccda5..1a6c5d2639a 100644 --- a/src/lib/unlang/subrequest_child.c +++ b/src/lib/unlang/subrequest_child.c @@ -87,7 +87,7 @@ int unlang_subrequest_lifetime_set(request_t *request) /* * Set Request Lifetime */ - vp = fr_pair_find_by_da(&request->control_pairs, request_attr_request_lifetime); + vp = fr_pair_find_by_da(&request->control_pairs, request_attr_request_lifetime, 0); if (!vp || (vp->vp_uint32 > 0)) { fr_time_delta_t when = 0; const fr_event_timer_t **ev_p; diff --git a/src/lib/util/pair.c b/src/lib/util/pair.c index d060e2627a0..b01e84d5e4f 100644 --- a/src/lib/util/pair.c +++ b/src/lib/util/pair.c @@ -503,13 +503,14 @@ void *fr_pair_iter_next_by_ancestor(fr_dlist_head_t *list, void *to_eval, void * * * @param[in] list to search in. * @param[in] da to look for in the list. + * @param[in] n Instance of the attribute to return. * @return * - first matching fr_pair_t. * - NULL if no fr_pair_ts match. * * @hidecallergraph */ -fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list, fr_dict_attr_t const *da) +fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list, fr_dict_attr_t const *da, unsigned int n) { fr_pair_t *vp = NULL; @@ -519,7 +520,12 @@ fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list, fr_dict_attr_t const * if (!da) return NULL; - while ((vp = fr_pair_list_next(list, vp))) if (da == vp->da) return vp; + while ((vp = fr_pair_list_next(list, vp))) { + if (da == vp->da) { + if (n == 0) return vp; + n--; + } + } return NULL; } @@ -845,7 +851,7 @@ int fr_pair_update_by_da(TALLOC_CTX *ctx, fr_pair_t **out, fr_pair_list_t *list, { fr_pair_t *vp; - vp = fr_pair_find_by_da(list, da); + vp = fr_pair_find_by_da(list, da, 0); if (vp) { VP_VERIFY(vp); if (out) *out = vp; diff --git a/src/lib/util/pair.h b/src/lib/util/pair.h index c6cfdce2dbb..5a5cfb87b86 100644 --- a/src/lib/util/pair.h +++ b/src/lib/util/pair.h @@ -229,7 +229,7 @@ static inline fr_pair_t *fr_dcursor_iter_by_ancestor_init(fr_dcursor_t *cursor, } /** @hidecallergraph */ -fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list, fr_dict_attr_t const *da); +fr_pair_t *fr_pair_find_by_da(fr_pair_list_t const *list, fr_dict_attr_t const *da, unsigned int n); fr_pair_t *fr_pair_find_by_ancestor(fr_pair_list_t const *list, fr_dict_attr_t const *ancestor); diff --git a/src/lib/util/pair_legacy.c b/src/lib/util/pair_legacy.c index 4847ab5d04b..ecf2df65ae3 100644 --- a/src/lib/util/pair_legacy.c +++ b/src/lib/util/pair_legacy.c @@ -776,7 +776,7 @@ void fr_pair_list_move(fr_pair_list_t *to, fr_pair_list_t *from) * it doesn't already exist. */ case T_OP_EQ: - found = fr_pair_find_by_da(to, i->da); + found = fr_pair_find_by_da(to, i->da, 0); if (!found) goto do_add; i = fr_pair_list_next(from, i); @@ -787,7 +787,7 @@ void fr_pair_list_move(fr_pair_list_t *to, fr_pair_list_t *from) * of the same vendor/attr which already exists. */ case T_OP_SET: - found = fr_pair_find_by_da(to, i->da); + found = fr_pair_find_by_da(to, i->da, 0); if (!found) goto do_add; /* diff --git a/src/lib/util/pair_legacy_tests.c b/src/lib/util/pair_legacy_tests.c index 4d5dea44e70..1af5e9fe2e9 100644 --- a/src/lib/util/pair_legacy_tests.c +++ b/src/lib/util/pair_legacy_tests.c @@ -110,7 +110,7 @@ static void test_fr_pair_mark_xlat(void) fr_pair_t *vp; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -140,7 +140,7 @@ static void test_fr_pair_list_afrom_str(void) TEST_CHECK(fr_pair_list_afrom_str(autofree, test_dict, buffer, strlen(buffer), &list) == T_EOL); TEST_CASE("Looking for Test-Uint32"); - TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -149,7 +149,7 @@ static void test_fr_pair_list_afrom_str(void) TEST_CHECK(vp && vp->vp_uint32 == 123); TEST_CASE("Looking for Test-String"); - TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -189,7 +189,7 @@ static void test_fr_pair_list_afrom_file(void) TEST_CHECK(fr_pair_list_afrom_file(autofree, test_dict, &list, fp, &pfiledone) == 0); TEST_CASE("Looking for Test-Uint32"); - TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -198,7 +198,7 @@ static void test_fr_pair_list_afrom_file(void) TEST_CHECK(vp && vp->vp_uint32 == 123); TEST_CASE("Looking for Test-String"); - TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&list, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -230,7 +230,7 @@ static void test_fr_pair_list_move(void) fr_pair_list_move(&new_list, &old_list); TEST_CASE("Looking for Test-Uint32"); - TEST_CHECK((vp = fr_pair_find_by_da(&new_list, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&new_list, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -241,7 +241,7 @@ static void test_fr_pair_list_move(void) TEST_CHECK(vp && vp->vp_uint32 == 123); TEST_CASE("Looking for Test-String"); - TEST_CHECK((vp = fr_pair_find_by_da(&new_list, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&new_list, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); diff --git a/src/lib/util/pair_list_perf_test.c b/src/lib/util/pair_list_perf_test.c index 2ee0f7017fa..f5a0d8d5db1 100644 --- a/src/lib/util/pair_list_perf_test.c +++ b/src/lib/util/pair_list_perf_test.c @@ -195,7 +195,7 @@ static void do_test_fr_pair_find_by_da(uint len, uint reps) int index = rand() % input_count; da = source_vps[index]->da; start = fr_time(); - (void) fr_pair_find_by_da(&test_vps, da); + (void) fr_pair_find_by_da(&test_vps, da, 0); end = fr_time(); used += (end - start); } @@ -212,7 +212,7 @@ test_funcs(fr_pair_find_by_da) static void do_test_find_nth(uint len, uint reps) { fr_pair_list_t test_vps; - uint i, j, k, nth_item; + uint i, j, nth_item; fr_pair_t *new_vp; fr_time_t start, end, used = 0; const fr_dict_attr_t *da; @@ -238,14 +238,8 @@ static void do_test_find_nth(uint len, uint reps) da = source_vps[index]->da; start = fr_time(); - k = 0; - - for (new_vp = fr_pair_list_head(&test_vps); new_vp; new_vp = fr_pair_list_next(&test_vps, new_vp)) { - if (new_vp->da == da) { - k++; - if (k == nth_item) break; - } - } + + (void) fr_pair_find_by_da(&test_vps, da, nth_item); end = fr_time(); used += (end - start); } diff --git a/src/lib/util/pair_tests.c b/src/lib/util/pair_tests.c index 039e93d325a..d770c8d0792 100644 --- a/src/lib/util/pair_tests.c +++ b/src/lib/util/pair_tests.c @@ -231,7 +231,7 @@ static void test_fr_pair_find_by_da(void) fr_pair_t *vp; TEST_CASE("Search for fr_dict_attr_test_tlv_string using fr_pair_find_by_da()"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_tlv_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_tlv_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -324,7 +324,7 @@ static void test_fr_pair_update_by_da(void) vp->vp_uint32 = 54321; TEST_CASE("Expected fr_dict_attr_test_uint32 (vp->vp_uint32 == 54321)"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -339,7 +339,7 @@ static void test_fr_pair_delete_by_da(void) TEST_CHECK(fr_pair_delete_by_da(&test_pairs, fr_dict_attr_test_string) == 1); TEST_CASE("The fr_dict_attr_test_string shouldn't exist in 'test_pairs'"); - TEST_CHECK(fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string) == NULL); + TEST_CHECK(fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0) == NULL); TEST_CASE("Add fr_dict_attr_test_string back into 'test_pairs'"); TEST_CHECK(fr_pair_prepend_by_da(autofree, NULL, &test_pairs, fr_dict_attr_test_string) == 0); @@ -535,7 +535,7 @@ static void test_fr_pair_value_copy(void) fr_pair_t *vp1, vp2; TEST_CASE("Create 'vp1' with Test-Integer = 123"); - TEST_CHECK((vp1 = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_uint32)) != NULL); + TEST_CHECK((vp1 = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_uint32, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp1); @@ -554,7 +554,7 @@ static void test_fr_pair_value_from_str(void) fr_pair_t *vp; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -574,7 +574,7 @@ static void test_fr_pair_value_strdup(void) fr_pair_t *vp; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -595,7 +595,7 @@ static void test_fr_pair_value_strdup_shallow(void) char *copy_test_string; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -620,7 +620,7 @@ static void test_fr_pair_value_strtrim(void) fr_pair_t *vp; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -647,7 +647,7 @@ static void test_fr_pair_value_aprintf(void) snprintf(fmt_test, sizeof(fmt_test), "Now is %ld", (long)now); TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -668,7 +668,7 @@ static void test_fr_pair_value_bstr_alloc(void) char *out = NULL; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -695,7 +695,7 @@ static void test_fr_pair_value_bstr_realloc(void) char *out = NULL; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -724,7 +724,7 @@ static void test_fr_pair_value_bstrndup(void) fr_pair_t *vp; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -742,7 +742,7 @@ static void test_fr_pair_value_bstrdup_buffer(void) char *copy_test_string; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -765,7 +765,7 @@ static void test_fr_pair_value_bstrndup_shallow(void) char *copy_test_string; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -788,7 +788,7 @@ static void test_fr_pair_value_bstrdup_buffer_shallow(void) char *copy_test_string; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -811,7 +811,7 @@ static void test_fr_pair_value_bstrn_append(void) char *copy_test_string; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -841,7 +841,7 @@ static void test_fr_pair_value_bstr_append_buffer(void) char *copy_test_string; TEST_CASE("Find 'Test-String'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_string, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -874,7 +874,7 @@ static void test_fr_pair_value_mem_alloc(void) uint8_t *out; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -898,7 +898,7 @@ static void test_fr_pair_value_mem_realloc(void) uint8_t *out; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -935,7 +935,7 @@ static void test_fr_pair_value_memdup(void) fr_pair_t *vp; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -953,7 +953,7 @@ static void test_fr_pair_value_memdup_buffer(void) uint8_t *copy_test_octets; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -976,7 +976,7 @@ static void test_fr_pair_value_memdup_shallow(void) uint8_t *copy_test_octets; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -999,7 +999,7 @@ static void test_fr_pair_value_memdup_buffer_shallow(void) uint8_t *copy_test_octets; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -1021,7 +1021,7 @@ static void test_fr_pair_value_mem_append(void) fr_pair_t *vp; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -1046,7 +1046,7 @@ static void test_fr_pair_value_mem_append_buffer(void) uint8_t *copy_test_octets; TEST_CASE("Find 'Test-Octets'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_octets, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -1077,7 +1077,7 @@ static void test_fr_pair_value_enum(void) char buf[20]; TEST_CASE("Find 'Test-Values'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_enum)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_enum, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); @@ -1099,7 +1099,7 @@ static void test_fr_pair_value_enum_box(void) fr_value_box_t const *vb; TEST_CASE("Find 'Test-Values'"); - TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_enum)) != NULL); + TEST_CHECK((vp = fr_pair_find_by_da(&test_pairs, fr_dict_attr_test_enum, 0)) != NULL); TEST_CASE("Validating VP_VERIFY()"); VP_VERIFY(vp); diff --git a/src/listen/radius/proto_radius_load.c b/src/listen/radius/proto_radius_load.c index 875ee6955e0..f36cf44cceb 100644 --- a/src/listen/radius/proto_radius_load.c +++ b/src/listen/radius/proto_radius_load.c @@ -410,7 +410,7 @@ static int mod_instantiate(void *instance, CONF_SECTION *cs) MEM(inst->packet = talloc_zero_array(inst, uint8_t, inst->max_packet_size)); - vp = fr_pair_find_by_da(&vps, attr_packet_type); + vp = fr_pair_find_by_da(&vps, attr_packet_type, 0); if (vp) code = vp->vp_uint32; /* diff --git a/src/listen/tacacs/proto_tacacs.c b/src/listen/tacacs/proto_tacacs.c index a619ce5a4d3..ca6c848aba3 100644 --- a/src/listen/tacacs/proto_tacacs.c +++ b/src/listen/tacacs/proto_tacacs.c @@ -303,7 +303,7 @@ static int mod_decode(void const *instance, request_t *request, uint8_t *const d if (client->active && ((pkt->hdr.flags & FR_FLAGS_VALUE_UNENCRYPTED) == 0) && RDEBUG_ENABLED2 && - ((vp = fr_pair_find_by_da(&request->request_pairs, attr_tacacs_user_name)) != NULL) && + ((vp = fr_pair_find_by_da(&request->request_pairs, attr_tacacs_user_name, 0)) != NULL) && (fr_utf8_str((uint8_t const *) vp->vp_strvalue, vp->vp_length) < 0)) { RWDEBUG("Unprintable characters in the %s. " "Double-check the shared secret on the server " diff --git a/src/modules/proto_ldap_sync/proto_ldap_sync.c b/src/modules/proto_ldap_sync/proto_ldap_sync.c index 08abf336deb..5a182117d31 100644 --- a/src/modules/proto_ldap_sync/proto_ldap_sync.c +++ b/src/modules/proto_ldap_sync/proto_ldap_sync.c @@ -843,7 +843,7 @@ static int proto_ldap_cookie_load(TALLOC_CTX *ctx, uint8_t **cookie, rad_listen_ { fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->reply_pairs, attr_ldap_sync_cookie); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_ldap_sync_cookie, 0); if (!vp) { if (config->allow_refresh) RDEBUG2("No &reply.Cookie attribute found. All entries matching " "sync configuration will be returned"); diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c index ed51f85b73f..44e2144825f 100644 --- a/src/modules/rlm_cache/rlm_cache.c +++ b/src/modules/rlm_cache/rlm_cache.c @@ -429,7 +429,7 @@ static unlang_action_t cache_insert(rlm_rcode_t *p_result, /* * Check to see if we need to merge the entry into the request */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_merge_new); + vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_merge_new, 0); if (vp && vp->vp_bool) merge = true; if (merge) cache_merge(inst, request, c); @@ -568,7 +568,7 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu * If Cache-Status-Only == yes, only return whether we found a * valid cache entry */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_status_only); + vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_status_only, 0); if (vp && vp->vp_bool) { RINDENT(); RDEBUG3("status-only: yes"); @@ -590,13 +590,13 @@ static unlang_action_t CC_HINT(nonnull) mod_cache_it(rlm_rcode_t *p_result, modu /* * Figure out what operation we're doing */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_allow_merge); + vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_allow_merge, 0); if (vp) merge = vp->vp_bool; - vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_allow_insert); + vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_allow_insert, 0); if (vp) insert = vp->vp_bool; - vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_ttl); + vp = fr_pair_find_by_da(&request->control_pairs, attr_cache_ttl, 0); if (vp) { if (vp->vp_int32 == 0) { expire = true; diff --git a/src/modules/rlm_chap/rlm_chap.c b/src/modules/rlm_chap/rlm_chap.c index 0775963a5ad..c78e950cb7c 100644 --- a/src/modules/rlm_chap/rlm_chap.c +++ b/src/modules/rlm_chap/rlm_chap.c @@ -93,7 +93,7 @@ static xlat_action_t xlat_func_chap_password(TALLOC_CTX *ctx, fr_dcursor_t *out, * Use Chap-Challenge pair if present, * Request Authenticator otherwise. */ - challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge); + challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0); if (challenge && (challenge->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) { vector = challenge->vp_octets; } else { @@ -114,7 +114,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod fr_pair_t *vp; rlm_chap_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_chap_t); - if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type) != NULL) { + if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0) != NULL) { RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", inst->name); RETURN_MODULE_NOOP; } @@ -123,7 +123,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * This case means the warnings below won't be printed * unless there's a CHAP-Password in the request. */ - if (!fr_pair_find_by_da(&request->request_pairs, attr_chap_password)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) { RETURN_MODULE_NOOP; } @@ -133,7 +133,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * This is so that the rest of the code does not need to * understand CHAP. */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge); + vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0); if (!vp) { RDEBUG2("Creating &%s from request authenticator", attr_chap_challenge->name); @@ -175,13 +175,13 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, fr_pair_t *challenge; uint8_t const *vector; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (!username) { REDEBUG("&User-Name attribute is required for authentication"); RETURN_MODULE_INVALID; } - chap = fr_pair_find_by_da(&request->request_pairs, attr_chap_password); + chap = fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0); if (!chap) { REDEBUG("You set '&control.Auth-Type = CHAP' for a request that " "does not contain a CHAP-Password attribute!"); @@ -220,7 +220,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * Use Chap-Challenge pair if present, * Request Authenticator otherwise. */ - challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge); + challenge = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0); if (challenge && (challenge->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) { vector = challenge->vp_octets; } else { @@ -239,7 +239,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, size_t length; fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge); + vp = fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0); if (vp) { RDEBUG2("Using challenge from &request.CHAP-Challenge"); p = vp->vp_octets; diff --git a/src/modules/rlm_couchbase/mod.c b/src/modules/rlm_couchbase/mod.c index e8cd54b51e3..2cefd30972d 100644 --- a/src/modules/rlm_couchbase/mod.c +++ b/src/modules/rlm_couchbase/mod.c @@ -627,7 +627,7 @@ int mod_ensure_start_timestamp(json_object *json, fr_pair_list_t *vps) } /* get current event timestamp */ - if ((vp = fr_pair_find_by_da(vps, attr_event_timestamp)) != NULL) { + if ((vp = fr_pair_find_by_da(vps, attr_event_timestamp, 0)) != NULL) { /* get seconds value from attribute */ ts = fr_time_to_sec(vp->vp_date); } else { @@ -641,7 +641,7 @@ int mod_ensure_start_timestamp(json_object *json, fr_pair_list_t *vps) memset(value, 0, sizeof(value)); /* get elapsed session time */ - if ((vp = fr_pair_find_by_da(vps, attr_acct_session_time)) != NULL) { + if ((vp = fr_pair_find_by_da(vps, attr_acct_session_time, 0)) != NULL) { /* calculate diff */ ts = (ts - vp->vp_uint32); /* calculate start time */ diff --git a/src/modules/rlm_couchbase/rlm_couchbase.c b/src/modules/rlm_couchbase/rlm_couchbase.c index ccd0311d2b3..bfb77e73322 100644 --- a/src/modules/rlm_couchbase/rlm_couchbase.c +++ b/src/modules/rlm_couchbase/rlm_couchbase.c @@ -253,7 +253,7 @@ static unlang_action_t mod_accounting(rlm_rcode_t *p_result, module_ctx_t const fr_assert(request->packet != NULL); /* sanity check */ - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type)) == NULL) { + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) == NULL) { /* log debug */ RDEBUG2("could not find status type in packet"); /* return */ @@ -334,7 +334,7 @@ static unlang_action_t mod_accounting(rlm_rcode_t *p_result, module_ctx_t const switch (status) { case FR_STATUS_START: /* add start time */ - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type)) != NULL) { + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) != NULL) { /* add to json object */ json_object_object_add_ex(cookie->jobj, "startTimestamp", mod_value_pair_to_json_object(request, vp), @@ -344,7 +344,7 @@ static unlang_action_t mod_accounting(rlm_rcode_t *p_result, module_ctx_t const case FR_STATUS_STOP: /* add stop time */ - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp)) != NULL) { + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp, 0)) != NULL) { /* add to json object */ json_object_object_add_ex(cookie->jobj, "stopTimestamp", mod_value_pair_to_json_object(request, vp), diff --git a/src/modules/rlm_digest/rlm_digest.c b/src/modules/rlm_digest/rlm_digest.c index 97974855a23..fa2e40921ee 100644 --- a/src/modules/rlm_digest/rlm_digest.c +++ b/src/modules/rlm_digest/rlm_digest.c @@ -92,7 +92,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod /* * Find the first attribute which is parented by Digest-Attributes. */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_attributes); + vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_attributes, 0); if (!vp) RETURN_MODULE_NOOP; if (!inst->auth_type) { @@ -127,21 +127,21 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * We require access to the plain-text password, or to the * Digest-HA1 parameter. */ - passwd = fr_pair_find_by_da(&request->control_pairs, attr_digest_ha1); + passwd = fr_pair_find_by_da(&request->control_pairs, attr_digest_ha1, 0); if (passwd) { if (passwd->vp_length != 32) { REDEBUG("Digest-HA1 has invalid length, authentication failed"); RETURN_MODULE_INVALID; } } else { - passwd = fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password); + passwd = fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password, 0); } if (!passwd) { REDEBUG("Password.Cleartext or Digest-HA1 is required for authentication"); RETURN_MODULE_INVALID; } - vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_attributes); + vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_attributes, 0); if (!vp) { REDEBUG("Digest-Attributes is required for authentication"); RETURN_MODULE_INVALID; @@ -151,7 +151,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * We require access to the Digest-Nonce-Value */ - nonce = fr_pair_find_by_da(list, attr_digest_nonce); + nonce = fr_pair_find_by_da(list, attr_digest_nonce, 0); if (!nonce) { REDEBUG("No Digest-Nonce: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -160,7 +160,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * A1 = Digest-User-Name ":" Realm ":" Password */ - vp = fr_pair_find_by_da(list, attr_digest_user_name); + vp = fr_pair_find_by_da(list, attr_digest_user_name, 0); if (!vp) { REDEBUG("No Digest-User-Name: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -171,7 +171,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, a1[a1_len] = ':'; a1_len++; - vp = fr_pair_find_by_da(list, attr_digest_realm); + vp = fr_pair_find_by_da(list, attr_digest_realm, 0); if (!vp) { REDEBUG("No Digest-Realm: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -197,7 +197,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * See which variant we calculate. * Assume MD5 if no Digest-Algorithm attribute received */ - algo = fr_pair_find_by_da(list, attr_digest_algorithm); + algo = fr_pair_find_by_da(list, attr_digest_algorithm, 0); if ((!algo) || (strcasecmp(algo->vp_strvalue, "MD5") == 0)) { /* @@ -242,7 +242,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, a1[a1_len] = ':'; a1_len++; - vp = fr_pair_find_by_da(list, attr_digest_cnonce); + vp = fr_pair_find_by_da(list, attr_digest_cnonce, 0); if (!vp) { REDEBUG("No Digest-CNonce: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -270,7 +270,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * A2 = Digest-Method ":" Digest-URI */ - vp = fr_pair_find_by_da(list, attr_digest_method); + vp = fr_pair_find_by_da(list, attr_digest_method, 0); if (!vp) { REDEBUG("No Digest-Method: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -281,7 +281,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, a2[a2_len] = ':'; a2_len++; - vp = fr_pair_find_by_da(list, attr_digest_uri); + vp = fr_pair_find_by_da(list, attr_digest_uri, 0); if (!vp) { REDEBUG("No Digest-URI: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -292,7 +292,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * QOP is "auth-int", tack on ": Digest-Body-Digest" */ - qop = fr_pair_find_by_da(list, attr_digest_qop); + qop = fr_pair_find_by_da(list, attr_digest_qop, 0); if (qop) { if (strcasecmp(qop->vp_strvalue, "auth-int") == 0) { fr_pair_t *body; @@ -306,7 +306,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * Must be a hex representation of an MD5 digest. */ - body = fr_pair_find_by_da(list, attr_digest_body_digest); + body = fr_pair_find_by_da(list, attr_digest_body_digest, 0); if (!body) { REDEBUG("No Digest-Body-Digest: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -369,7 +369,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, kd[kd_len] = ':'; kd_len++; - vp = fr_pair_find_by_da(list, attr_digest_nonce_count); + vp = fr_pair_find_by_da(list, attr_digest_nonce_count, 0); if (!vp) { REDEBUG("No Digest-Nonce-Count: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -380,7 +380,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, kd[kd_len] = ':'; kd_len++; - vp = fr_pair_find_by_da(list, attr_digest_cnonce); + vp = fr_pair_find_by_da(list, attr_digest_cnonce, 0); if (!vp) { REDEBUG("No Digest-CNonce: Cannot perform Digest authentication"); RETURN_MODULE_INVALID; @@ -423,7 +423,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * Get the binary value of Digest-Response. This isn't * inside of the Digest-Attributes group. */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_response); + vp = fr_pair_find_by_da(&request->request_pairs, attr_digest_response, 0); if (!vp) { REDEBUG("No Digest-Response attribute in the request. Cannot perform digest authentication"); RETURN_MODULE_INVALID; diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c index f34240c7e36..52f0ba6c653 100644 --- a/src/modules/rlm_eap/rlm_eap.c +++ b/src/modules/rlm_eap/rlm_eap.c @@ -260,7 +260,7 @@ static eap_type_t eap_process_nak(module_ctx_t const *mctx, request_t *request, * Pick one type out of the one they asked for, * as they may have asked for many. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_type); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_type, 0); for (i = 0; i < nak->length; i++) { /* * Type 0 is valid, and means there are no @@ -536,7 +536,7 @@ static unlang_action_t eap_method_select(rlm_rcode_t *p_result, module_ctx_t con /* * Allow per-user configuration of EAP types. */ - vp = fr_pair_find_by_da(&eap_session->request->control_pairs, attr_eap_type); + vp = fr_pair_find_by_da(&eap_session->request->control_pairs, attr_eap_type, 0); if (vp) { RDEBUG2("Using method from &control.EAP-Type"); next = vp->vp_uint32; @@ -688,7 +688,7 @@ static unlang_action_t mod_authenticate(rlm_rcode_t *p_result, module_ctx_t cons eap_packet_raw_t *eap_packet; unlang_action_t ua; - if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0)) { REDEBUG("You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!"); RETURN_MODULE_INVALID; } @@ -873,7 +873,7 @@ static unlang_action_t mod_post_proxy(rlm_rcode_t *p_result, module_ctx_t const eap_session_destroy(&eap_session); } - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); /* * If it's an Access-Accept, RFC 2869, Section 2.3.1 @@ -911,12 +911,12 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const * * says that we MUST include a User-Name attribute in the * Access-Accept. */ - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if ((request->reply->code == FR_RADIUS_CODE_ACCESS_ACCEPT) && username) { /* * Doesn't exist, add it in. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_user_name); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_user_name, 0); if (!vp) { vp = fr_pair_copy(request->reply_ctx, username); fr_pair_append(&request->reply_pairs, vp); @@ -929,12 +929,12 @@ static unlang_action_t mod_post_auth(rlm_rcode_t *p_result, module_ctx_t const * */ if (request->reply->code != FR_RADIUS_CODE_ACCESS_REJECT) RETURN_MODULE_NOOP; - if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0)) { RDEBUG3("Request didn't contain an EAP-Message, not inserting EAP-Failure"); RETURN_MODULE_NOOP; } - if (fr_pair_find_by_da(&request->reply_pairs, attr_eap_message)) { + if (fr_pair_find_by_da(&request->reply_pairs, attr_eap_message, 0)) { RDEBUG3("Reply already contained an EAP-Message, not inserting EAP-Failure"); RETURN_MODULE_NOOP; } diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c index c2ed3e34280..07e82677de5 100644 --- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c +++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c @@ -670,7 +670,7 @@ static fr_radius_packet_code_t eap_fast_eap_payload(request_t *request, eap_sess switch (fake->reply->code) { case 0: /* No reply code, must be proxied... */ #ifdef WITH_PROXY - vp = fr_pair_find_by_da(&fake->control, attr_proxy_to_realm); + vp = fr_pair_find_by_da(&fake->control, attr_proxy_to_realm, 0); if (vp) { int ret; eap_tunnel_data_t *tunnel; diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c index d78087b485d..a22ee84d0da 100644 --- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c +++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c @@ -575,7 +575,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons * EAP-TLS-Require-Client-Cert attribute will override * the require_client_cert configuration option. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0); if (vp) { client_cert = vp->vp_uint32 ? true : false; } else { diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index 0f81f24c505..7ce8c21e1e5 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -722,7 +722,7 @@ packet_ready: * in the user name, THEN discard the user name. */ if (inst->with_ntdomain_hack && - ((auth_challenge = fr_pair_find_by_da(&request->request_pairs, attr_user_name)) != NULL) && + ((auth_challenge = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0)) != NULL) && ((username = memchr(auth_challenge->vp_octets, '\\', auth_challenge->vp_length)) != NULL)) { /* * Wipe out the NT domain. @@ -782,13 +782,13 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons */ if (!fr_cond_assert(parent)) RETURN_MODULE_FAIL; - auth_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_challenge); + auth_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_challenge, 0); if (auth_challenge && (auth_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) { RWDEBUG("&parent.control.MS-CHAP-Challenge is incorrect length. Ignoring it"); auth_challenge = NULL; } - peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge); + peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge, 0); if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) { RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it"); peer_challenge = NULL; @@ -797,7 +797,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons if (auth_challenge) { created_auth_challenge = false; - peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge); + peer_challenge = fr_pair_find_by_da(&parent->control_pairs, attr_ms_chap_peer_challenge, 0); if (peer_challenge && (peer_challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) { RWDEBUG("&parent.control.MS-CHAP-Peer-Challenge is incorrect length. Ignoring it"); peer_challenge = NULL; diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c index 5e7e396df22..42030d10a31 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c @@ -266,7 +266,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons * EAP-TLS-Require-Client-Cert attribute will override * the require_client_cert configuration option. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0); if (vp) { client_cert = vp->vp_uint32 ? true : false; } else { diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c index 41387bdb858..3e4616fd16e 100644 --- a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c +++ b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c @@ -505,7 +505,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons * The admin can dynamically change the MTU. */ session->mtu = inst->fragment_size; - vp = fr_pair_find_by_da(&request->request_pairs, attr_framed_mtu); + vp = fr_pair_find_by_da(&request->request_pairs, attr_framed_mtu, 0); /* * session->mtu is *our* MTU. We need to subtract off the EAP diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index f10ca70386d..e3f8fcc3b91 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -144,7 +144,7 @@ static unlang_action_t eap_tls_virtual_server(rlm_rcode_t *p_result, rlm_eap_tls fr_pair_t *vp; /* set the virtual server to use */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_virtual_server); + vp = fr_pair_find_by_da(&request->control_pairs, attr_virtual_server, 0); if (vp) { server_cs = virtual_server_find(vp->vp_strvalue); if (!server_cs) { @@ -269,7 +269,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons * EAP-TLS-Require-Client-Cert attribute will override * the require_client_cert configuration option. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0); if (vp) { client_cert = vp->vp_uint32 ? true : false; } else { diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c index 3923d219b7b..65dfb109fb7 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c @@ -277,7 +277,7 @@ static unlang_action_t mod_session_init(rlm_rcode_t *p_result, module_ctx_t cons * EAP-TLS-Require-Client-Cert attribute will override * the require_client_cert configuration option. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert); + vp = fr_pair_find_by_da(&request->control_pairs, attr_eap_tls_require_client_cert, 0); if (vp) { client_cert = vp->vp_uint32 ? true : false; } else { diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index c5696bbe2d1..fe98af5a4b1 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -646,14 +646,14 @@ fr_radius_packet_code_t eap_ttls_process(request_t *request, eap_session_t *eap_ /* * No User-Name, try to create one from stored data. */ - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (!username) { /* * No User-Name in the stored data, look for * an EAP-Identity, and pull it out of there. */ if (!t->username) { - vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_message); + vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_message, 0); if (vp && (vp->vp_length >= EAP_HEADER_LEN + 2) && (vp->vp_strvalue[0] == FR_EAP_CODE_RESPONSE) && diff --git a/src/modules/rlm_expiration/rlm_expiration.c b/src/modules/rlm_expiration/rlm_expiration.c index f4ad919bb63..c7abdfc372a 100644 --- a/src/modules/rlm_expiration/rlm_expiration.c +++ b/src/modules/rlm_expiration/rlm_expiration.c @@ -59,7 +59,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU { fr_pair_t *vp, *check_item = NULL; - check_item = fr_pair_find_by_da(&request->control_pairs, attr_expiration); + check_item = fr_pair_find_by_da(&request->control_pairs, attr_expiration, 0); if (check_item != NULL) { uint32_t left; diff --git a/src/modules/rlm_imap/rlm_imap.c b/src/modules/rlm_imap/rlm_imap.c index 8c3aec68af7..0724681166d 100644 --- a/src/modules/rlm_imap/rlm_imap.c +++ b/src/modules/rlm_imap/rlm_imap.c @@ -127,8 +127,8 @@ static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_res RETURN_MODULE_FAIL; } - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (!username) { REDEBUG("Attribute \"User-Name\" is required for authentication"); diff --git a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c index ed8129aab34..aeb8703d049 100644 --- a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c +++ b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c @@ -1430,7 +1430,7 @@ static int parse_host(rlm_isc_dhcp_tokenizer_t *state, rlm_isc_dhcp_info_t *info /* * The 'host' entry might not have a client identifier option. */ - vp = fr_pair_find_by_da(&info->options, attr_client_identifier); + vp = fr_pair_find_by_da(&info->options, attr_client_identifier, 0); if (vp) { my_uid = talloc_zero(info, isc_host_uid_t); my_uid->client = &vp->data; @@ -1621,7 +1621,7 @@ static rlm_isc_dhcp_info_t *get_host(request_t *request, fr_hash_table_t *hosts_ * If that doesn't match, use client hardware * address. */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_client_identifier); + vp = fr_pair_find_by_da(&request->request_pairs, attr_client_identifier, 0); if (vp) { isc_host_uid_t *client, my_client; @@ -1635,7 +1635,7 @@ static rlm_isc_dhcp_info_t *get_host(request_t *request, fr_hash_table_t *hosts_ } - vp = fr_pair_find_by_da(&request->request_pairs, attr_client_hardware_address); + vp = fr_pair_find_by_da(&request->request_pairs, attr_client_hardware_address, 0); if (!vp) return NULL; memcpy(&my_ether.ether, vp->vp_ether, sizeof(my_ether.ether)); @@ -1756,7 +1756,7 @@ static int apply_fixed_ip(rlm_isc_dhcp_t const *inst, request_t *request) /* * If there's already a fixed IP, don't do anything */ - yiaddr = fr_pair_find_by_da(&request->reply_pairs, attr_your_ip_address); + yiaddr = fr_pair_find_by_da(&request->reply_pairs, attr_your_ip_address, 0); if (yiaddr) return 0; host = get_host(request, inst->hosts_by_ether, inst->hosts_by_uid); @@ -1803,7 +1803,7 @@ static int apply(rlm_isc_dhcp_t const *inst, request_t *request, rlm_isc_dhcp_in fr_pair_t *yiaddr; ret = 0; - yiaddr = fr_pair_find_by_da(&request->reply_pairs, attr_your_ip_address); + yiaddr = fr_pair_find_by_da(&request->reply_pairs, attr_your_ip_address, 0); /* * First, apply any "host" options @@ -1880,7 +1880,7 @@ recurse: vp = fr_pair_list_next(&head->options, vp)) { fr_pair_t *reply; - reply = fr_pair_find_by_da(&request->reply_pairs, vp->da); + reply = fr_pair_find_by_da(&request->reply_pairs, vp->da, 0); if (reply) continue; /* diff --git a/src/modules/rlm_krb5/rlm_krb5.c b/src/modules/rlm_krb5/rlm_krb5.c index 0fd9aea8c0f..29b37b98850 100644 --- a/src/modules/rlm_krb5/rlm_krb5.c +++ b/src/modules/rlm_krb5/rlm_krb5.c @@ -249,7 +249,7 @@ static rlm_rcode_t krb5_parse_user(krb5_principal *client, KRB5_UNUSED rlm_krb5_ char *princ_name; fr_pair_t *username; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); /* * We can only authenticate user requests which HAVE @@ -328,7 +328,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, krb5_principal client = NULL; fr_pair_t *password; - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (!password) { REDEBUG("Attribute \"User-Password\" is required for authentication"); @@ -422,7 +422,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, krb5_creds init_creds; fr_pair_t *password; - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (!password) { REDEBUG("Attribute \"User-Password\" is required for authentication"); diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 113538217af..20f5de2a85d 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -740,8 +740,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, fr_ldap_sasl_t sasl; fr_pair_t *username, *password; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); /* * We can only authenticate user requests which HAVE @@ -1034,7 +1034,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod /* * We already have a Password.Cleartext. Skip edir. */ - if (fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password)) goto skip_edir; + if (fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password, 0)) goto skip_edir; /* * Retrieve Universal Password if we use eDirectory diff --git a/src/modules/rlm_ldap/user.c b/src/modules/rlm_ldap/user.c index 80d9665af44..1e4eb872b7a 100644 --- a/src/modules/rlm_ldap/user.c +++ b/src/modules/rlm_ldap/user.c @@ -90,7 +90,7 @@ char const *rlm_ldap_find_user(rlm_ldap_t const *inst, request_t *request, fr_ld * If the caller isn't looking for the result we can just return the current userdn value. */ if (!force) { - vp = fr_pair_find_by_da(&request->control_pairs, attr_ldap_userdn); + vp = fr_pair_find_by_da(&request->control_pairs, attr_ldap_userdn, 0); if (vp) { RDEBUG2("Using user DN from request \"%pV\"", &vp->data); *rcode = RLM_MODULE_OK; @@ -267,11 +267,11 @@ void rlm_ldap_check_reply(rlm_ldap_t const *inst, request_t *request, fr_ldap_co */ if (!inst->expect_password || !RDEBUG_ENABLED2) return; - if (!fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password) && - !fr_pair_find_by_da(&request->control_pairs, attr_nt_password) && - !fr_pair_find_by_da(&request->control_pairs, attr_user_password) && - !fr_pair_find_by_da(&request->control_pairs, attr_password_with_header) && - !fr_pair_find_by_da(&request->control_pairs, attr_crypt_password)) { + if (!fr_pair_find_by_da(&request->control_pairs, attr_cleartext_password, 0) && + !fr_pair_find_by_da(&request->control_pairs, attr_nt_password, 0) && + !fr_pair_find_by_da(&request->control_pairs, attr_user_password, 0) && + !fr_pair_find_by_da(&request->control_pairs, attr_password_with_header, 0) && + !fr_pair_find_by_da(&request->control_pairs, attr_crypt_password, 0)) { switch (conn->directory->type) { case FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY: RWDEBUG2("!!! Found map between LDAP attribute and a FreeRADIUS password attribute"); diff --git a/src/modules/rlm_logintime/rlm_logintime.c b/src/modules/rlm_logintime/rlm_logintime.c index d706dd30e7f..505c86456d9 100644 --- a/src/modules/rlm_logintime/rlm_logintime.c +++ b/src/modules/rlm_logintime/rlm_logintime.c @@ -155,7 +155,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod fr_pair_t *ends, *vp; int32_t left; - ends = fr_pair_find_by_da(&request->control_pairs, attr_login_time); + ends = fr_pair_find_by_da(&request->control_pairs, attr_login_time, 0); if (!ends) RETURN_MODULE_NOOP; /* diff --git a/src/modules/rlm_mschap/auth_wbclient.c b/src/modules/rlm_mschap/auth_wbclient.c index 0d7b048f5a2..c2d8a1dcc89 100644 --- a/src/modules/rlm_mschap/auth_wbclient.c +++ b/src/modules/rlm_mschap/auth_wbclient.c @@ -182,13 +182,13 @@ int do_auth_wbclient(rlm_mschap_t const *inst, request_t *request, fr_box_strvalue_buffer(normalised_username)); /* Recalculate hash */ - vp_challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge); + vp_challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0); if (!vp_challenge) { RERROR("Unable to get MS-CHAP-Challenge"); goto release; } - vp_response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response); + vp_response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0); if (!vp_response) { RERROR("Unable to get MS-CHAP2-Response"); goto release; diff --git a/src/modules/rlm_mschap/opendir.c b/src/modules/rlm_mschap/opendir.c index 7551f213448..f0564edf4c3 100644 --- a/src/modules/rlm_mschap/opendir.c +++ b/src/modules/rlm_mschap/opendir.c @@ -239,7 +239,7 @@ unlang_action_t od_mschap_auth(rlm_rcode_t *p_result, request_t *request, fr_pai unsigned int t; #endif - response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response); + response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0); username_string = talloc_array(request, char, usernamepair->vp_length + 1); if (!username_string) RETURN_MODULE_FAIL; diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c index 6ede58a9be0..f5ea4e2f659 100644 --- a/src/modules/rlm_mschap/rlm_mschap.c +++ b/src/modules/rlm_mschap/rlm_mschap.c @@ -197,10 +197,10 @@ static fr_pair_t *mschap_identity_find(request_t *request) { fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (vp) return vp; - vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_identity); + vp = fr_pair_find_by_da(&request->request_pairs, attr_eap_identity, 0); if (vp) return vp; REDEBUG("No user identity found in current request"); @@ -312,7 +312,7 @@ static ssize_t mschap_xlat(UNUSED TALLOC_CTX *ctx, char **out, size_t outlen, * hash of MS-CHAPv2 challenge, and peer challenge. */ if (strncasecmp(fmt, "Challenge", 9) == 0) { - chap_challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge); + chap_challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0); if (!chap_challenge) { REDEBUG("No MS-CHAP-Challenge in the request"); return -1; @@ -337,7 +337,7 @@ static ssize_t mschap_xlat(UNUSED TALLOC_CTX *ctx, char **out, size_t outlen, char const *username_str; size_t username_len; - response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response); + response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0); if (!response) { REDEBUG("Vendor-Specific.Microsoft.CHAP2-Response is required to calculate MS-CHAPv1 challenge"); return -1; @@ -369,7 +369,7 @@ static ssize_t mschap_xlat(UNUSED TALLOC_CTX *ctx, char **out, size_t outlen, * We prefer this to the User-Name in the * packet. */ - response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name); + response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name, 0); if (response_name) { name_vp = response_name; } else { @@ -419,8 +419,8 @@ static ssize_t mschap_xlat(UNUSED TALLOC_CTX *ctx, char **out, size_t outlen, * response. */ } else if (strncasecmp(fmt, "NT-Response", 11) == 0) { - response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response); - if (!response) response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response); + response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0); + if (!response) response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0); if (!response) { REDEBUG("No MS-CHAP-Response or MS-CHAP2-Response was found in the request"); return -1; @@ -448,7 +448,7 @@ static ssize_t mschap_xlat(UNUSED TALLOC_CTX *ctx, char **out, size_t outlen, * in MS-CHAPv1, and not often there. */ } else if (strncasecmp(fmt, "LM-Response", 11) == 0) { - response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response); + response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0); if (!response) { REDEBUG("No MS-CHAP-Response was found in the request"); return -1; @@ -1378,12 +1378,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod rlm_mschap_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_mschap_t); fr_pair_t *challenge = NULL; - challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge); + challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0); if (!challenge) RETURN_MODULE_NOOP; - if (!fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response) && - !fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response) && - !fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_cpw)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0) && + !fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0) && + !fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_cpw, 0)) { RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP response or Change-Password"); RETURN_MODULE_NOOP; } @@ -1819,7 +1819,7 @@ static unlang_action_t CC_HINT(nonnull(1,2,3,4,5,8,9)) mschap_process_v2_respons * We prefer this to the User-Name in the * packet. */ - response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name); + response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name, 0); name_vp = response_name ? response_name : user_name; /* @@ -1859,7 +1859,7 @@ static unlang_action_t CC_HINT(nonnull(1,2,3,4,5,8,9)) mschap_process_v2_respons #endif peer_challenge = response->vp_octets + 2; - peer_challenge_attr = fr_pair_find_by_da(&request->control_pairs, attr_ms_chap_peer_challenge); + peer_challenge_attr = fr_pair_find_by_da(&request->control_pairs, attr_ms_chap_peer_challenge, 0); if (peer_challenge_attr) { RDEBUG2("Overriding peer challenge"); peer_challenge = peer_challenge_attr->vp_octets; @@ -1891,7 +1891,7 @@ static unlang_action_t CC_HINT(nonnull(1,2,3,4,5,8,9)) mschap_process_v2_respons #ifdef WITH_AUTH_WINBIND if (inst->wb_retry_with_normalised_username) { - response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name); + response_name = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_user_name, 0); if (response_name) { if (strcmp(username_str, response_name->vp_strvalue)) { RDEBUG2("Normalising username %pV -> %pV", @@ -1956,7 +1956,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * want to suppress it. */ if (method != AUTH_INTERNAL) { - fr_pair_t *vp = fr_pair_find_by_da(&request->control_pairs, attr_ms_chap_use_ntlm_auth); + fr_pair_t *vp = fr_pair_find_by_da(&request->control_pairs, attr_ms_chap_use_ntlm_auth, 0); if (vp && vp->vp_bool == false) method = AUTH_INTERNAL; } @@ -1964,11 +1964,11 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * Find the SMB-Account-Ctrl attribute, or the * SMB-Account-Ctrl-Text attribute. */ - smb_ctrl = fr_pair_find_by_da(&request->control_pairs, attr_smb_account_ctrl); + smb_ctrl = fr_pair_find_by_da(&request->control_pairs, attr_smb_account_ctrl, 0); if (!smb_ctrl) { fr_pair_t *smb_account_ctrl_text; - smb_account_ctrl_text = fr_pair_find_by_da(&request->control_pairs, attr_smb_account_ctrl_text); + smb_account_ctrl_text = fr_pair_find_by_da(&request->control_pairs, attr_smb_account_ctrl_text, 0); if (smb_account_ctrl_text) { MEM(pair_append_control(&smb_ctrl, attr_smb_account_ctrl) >= 0); smb_ctrl->vp_uint32 = pdb_decode_acct_ctrl(smb_account_ctrl_text->vp_strvalue); @@ -2002,7 +2002,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * Check to see if this is a change password request, and process * it accordingly if so. */ - cpw = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_cpw); + cpw = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_cpw, 0); if (cpw) { uint8_t *p; @@ -2034,7 +2034,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, memcpy(p + 2, cpw->vp_octets + 18, 48); } - challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge); + challenge = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_challenge, 0); if (!challenge) { REDEBUG("&control.Auth-Type = %s set for a request that does not contain &%s", inst->name, attr_ms_chap_challenge->name); @@ -2045,7 +2045,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, /* * We also require an MS-CHAP-Response. */ - if ((response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response))) { + if ((response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap_response, 0))) { mschap_process_response(&rcode, &mschap_version, nthashhash, inst, request, @@ -2053,7 +2053,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, challenge, response, method); if (rcode != RLM_MODULE_OK) goto finish; - } else if ((response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response))) { + } else if ((response = fr_pair_find_by_da(&request->request_pairs, attr_ms_chap2_response, 0))) { mschap_process_v2_response(&rcode, &mschap_version, nthashhash, inst, request, diff --git a/src/modules/rlm_opendirectory/rlm_opendirectory.c b/src/modules/rlm_opendirectory/rlm_opendirectory.c index 21bde248af6..aa0d95b3a66 100644 --- a/src/modules/rlm_opendirectory/rlm_opendirectory.c +++ b/src/modules/rlm_opendirectory/rlm_opendirectory.c @@ -312,8 +312,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, long odResult = eDSAuthFailed; fr_pair_t *username, *password; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); /* * We can only authenticate user requests which HAVE @@ -400,7 +400,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * We can only authenticate user requests which HAVE * a User-Name attribute. */ - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (!username) { RDEBUG2("OpenDirectory requires a User-Name attribute"); RETURN_MODULE_NOOP; diff --git a/src/modules/rlm_pam/rlm_pam.c b/src/modules/rlm_pam/rlm_pam.c index 2d2ce3fa51f..cfa06de8e95 100644 --- a/src/modules/rlm_pam/rlm_pam.c +++ b/src/modules/rlm_pam/rlm_pam.c @@ -220,8 +220,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, char const *pam_auth_string = data->pam_auth_name; fr_pair_t *username, *password; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); /* * We can only authenticate user requests which HAVE @@ -258,7 +258,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, * Let control list over-ride the PAM auth name string, * for backwards compatibility. */ - pair = fr_pair_find_by_da(&request->control_pairs, attr_pam_auth); + pair = fr_pair_find_by_da(&request->control_pairs, attr_pam_auth, 0); if (pair) pam_auth_string = pair->vp_strvalue; ret = do_pam(request, username->vp_strvalue, password->vp_strvalue, pam_auth_string); diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index ccaafa1dd88..d6fa65e6683 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -126,12 +126,12 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod rlm_pap_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_pap_t); fr_pair_t *password; - if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type) != NULL) { + if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0) != NULL) { RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", inst->name); RETURN_MODULE_NOOP; } - password = fr_pair_find_by_da(&request->request_pairs, attr_user); + password = fr_pair_find_by_da(&request->request_pairs, attr_user, 0); if (!password) { RDEBUG2("No %s attribute in the request. Cannot do PAP", attr_user->name); RETURN_MODULE_NOOP; @@ -877,7 +877,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, pap_auth_func_t auth_func; bool ephemeral; - password = fr_pair_find_by_da(&request->request_pairs, attr_user); + password = fr_pair_find_by_da(&request->request_pairs, attr_user, 0); if (!password) { REDEBUG("You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!"); RETURN_MODULE_INVALID; diff --git a/src/modules/rlm_passwd/rlm_passwd.c b/src/modules/rlm_passwd/rlm_passwd.c index bfcf4169c6a..b024b8ed787 100644 --- a/src/modules/rlm_passwd/rlm_passwd.c +++ b/src/modules/rlm_passwd/rlm_passwd.c @@ -543,7 +543,7 @@ static unlang_action_t CC_HINT(nonnull) mod_passwd_map(rlm_rcode_t *p_result, mo fr_dcursor_t cursor; int found = 0; - key = fr_pair_find_by_da(&request->request_pairs, inst->keyattr); + key = fr_pair_find_by_da(&request->request_pairs, inst->keyattr, 0); if (!key) RETURN_MODULE_NOTFOUND; for (i = fr_dcursor_iter_by_da_init(&cursor, &request->request_pairs, inst->keyattr); diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c index 0e30373f274..74dbe9f4c6b 100644 --- a/src/modules/rlm_perl/rlm_perl.c +++ b/src/modules/rlm_perl/rlm_perl.c @@ -960,7 +960,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo fr_pair_t *pair; int acct_status_type = 0; - pair = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type); + pair = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0); if (pair != NULL) { acct_status_type = pair->vp_uint32; } else { diff --git a/src/modules/rlm_radius/rlm_radius.c b/src/modules/rlm_radius/rlm_radius.c index 19057faae09..3d084192734 100644 --- a/src/modules/rlm_radius/rlm_radius.c +++ b/src/modules/rlm_radius/rlm_radius.c @@ -418,8 +418,8 @@ static void radius_fixups(rlm_radius_t const *inst, request_t *request) if (request->packet->code != FR_RADIUS_CODE_ACCESS_REQUEST) return; - if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password) && - !fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge)) { + if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0) && + !fr_pair_find_by_da(&request->request_pairs, attr_chap_challenge, 0)) { MEM(pair_append_request(&vp, attr_chap_challenge) >= 0); fr_pair_value_memdup(vp, request->packet->vector, sizeof(request->packet->vector), true); } diff --git a/src/modules/rlm_radius/rlm_radius_udp.c b/src/modules/rlm_radius/rlm_radius_udp.c index b836799a7fd..b8bee724ef6 100644 --- a/src/modules/rlm_radius/rlm_radius_udp.c +++ b/src/modules/rlm_radius/rlm_radius_udp.c @@ -402,7 +402,7 @@ static void CC_HINT(nonnull) status_check_alloc(fr_event_list_t *el, udp_handle_ * Ensure that there's a NAS-Identifier, if one wasn't * already added. */ - if (!fr_pair_find_by_da(&request->request_pairs, attr_nas_identifier)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_nas_identifier, 0)) { fr_pair_t *vp; MEM(pair_append_request(&vp, attr_nas_identifier) >= 0); @@ -414,7 +414,7 @@ static void CC_HINT(nonnull) status_check_alloc(fr_event_list_t *el, udp_handle_ * at which the first packet is sent. Or for * Status-Server, the time of the current packet. */ - if (!fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp, 0)) { MEM(pair_append_request(NULL, attr_event_timestamp) >= 0); } @@ -1330,7 +1330,7 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_ fr_pair_t *vp; proxy_state = 0; - vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp); + vp = fr_pair_find_by_da(&request->request_pairs, attr_event_timestamp, 0); if (vp) vp->vp_date = fr_time_to_unix_time(u->retry.updated); if (u->code == FR_RADIUS_CODE_STATUS_SERVER) u->can_retransmit = false; @@ -1463,7 +1463,7 @@ static int encode(rlm_radius_udp_t const *inst, request_t *request, udp_request_ * received the request. */ if ((u->code == FR_RADIUS_CODE_ACCOUNTING_REQUEST) && - (fr_pair_find_by_da(&request->request_pairs, attr_acct_delay_time) != NULL)) { + (fr_pair_find_by_da(&request->request_pairs, attr_acct_delay_time, 0) != NULL)) { uint8_t *attr, *end; uint32_t delay; fr_time_t now; @@ -2431,7 +2431,7 @@ static void request_demux(fr_trunk_connection_t *tconn, fr_connection_t *conn, U if ((u->code == FR_RADIUS_CODE_ACCESS_REQUEST) && (code == FR_RADIUS_CODE_ACCESS_CHALLENGE)) { fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->reply_pairs, attr_packet_type); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_packet_type, 0); if (!vp) { MEM(vp = fr_pair_afrom_da(request->reply_ctx, attr_packet_type)); vp->vp_uint32 = FR_RADIUS_CODE_ACCESS_CHALLENGE; @@ -2451,7 +2451,7 @@ static void request_demux(fr_trunk_connection_t *tconn, fr_connection_t *conn, U * reply.Message-Authenticator attribute, so that * it ends up in our reply. */ - if (fr_pair_find_by_da(&reply, attr_message_authenticator)) { + if (fr_pair_find_by_da(&reply, attr_message_authenticator, 0)) { fr_pair_t *vp; fr_pair_delete_by_da(&reply, attr_message_authenticator); @@ -2733,7 +2733,7 @@ static unlang_action_t mod_enqueue(rlm_rcode_t *p_result, void **rctx_out, void * * @todo - don't edit the input packet! */ - if (fr_pair_find_by_da(&request->request_pairs, attr_message_authenticator)) { + if (fr_pair_find_by_da(&request->request_pairs, attr_message_authenticator, 0)) { u->require_ma = true; pair_delete_request(attr_message_authenticator); } diff --git a/src/modules/rlm_radutmp/rlm_radutmp.c b/src/modules/rlm_radutmp/rlm_radutmp.c index 4ae03ecb8b6..5dc70d45a40 100644 --- a/src/modules/rlm_radutmp/rlm_radutmp.c +++ b/src/modules/rlm_radutmp/rlm_radutmp.c @@ -207,7 +207,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo /* * Which type is this. */ - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type)) == NULL) { + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) == NULL) { RDEBUG2("No Accounting-Status-Type record"); RETURN_MODULE_NOOP; } @@ -230,10 +230,10 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo int check1 = 0; int check2 = 0; - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_session_time)) + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_session_time, 0)) == NULL || vp->vp_uint32 == 0) check1 = 1; - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_session_id)) + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_session_id, 0)) != NULL && vp->vp_length == 8 && memcmp(vp->vp_strvalue, "00000000", 8) == 0) check2 = 1; diff --git a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c index e26c66e2d28..ebdab75071e 100644 --- a/src/modules/rlm_redis_ippool/rlm_redis_ippool.c +++ b/src/modules/rlm_redis_ippool/rlm_redis_ippool.c @@ -1270,13 +1270,13 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo /* * IP-Pool.Action override */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action); + vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0); if (vp) return mod_action(p_result, inst, request, vp->vp_uint32); /* * Otherwise, guess the action by Acct-Status-Type */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type); + vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0); if (!vp) { RDEBUG2("Couldn't find &request.Acct-Status-Type or &control.IP-Pool.Action, doing nothing..."); RETURN_MODULE_NOOP; @@ -1307,7 +1307,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * Unless it's overridden the default action is to allocate * when called in Post-Auth. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action); + vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0); return mod_action(p_result, inst, request, vp ? vp->vp_uint32 : POOL_ACTION_ALLOCATE); } @@ -1321,7 +1321,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod * Unless it's overridden the default action is to allocate * when called in Post-Auth. */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action); + vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0); if (vp) { if ((vp->vp_uint32 > 0) && (vp->vp_uint32 <= POOL_ACTION_BULK_RELEASE)) { action = vp->vp_uint32; @@ -1332,7 +1332,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod } } else if (request->dict == dict_dhcpv4) { - vp = fr_pair_find_by_da(&request->control_pairs, attr_message_type); + vp = fr_pair_find_by_da(&request->control_pairs, attr_message_type, 0); if (!vp) goto run; if (vp->vp_uint8 == FR_DHCP_REQUEST) action = POOL_ACTION_UPDATE; @@ -1352,7 +1352,7 @@ static unlang_action_t CC_HINT(nonnull) mod_request(rlm_rcode_t *p_result, modul * when called by DHCP request */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action); + vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0); return mod_action(p_result, inst, request, vp ? vp->vp_uint32 : POOL_ACTION_UPDATE); } @@ -1366,7 +1366,7 @@ static unlang_action_t CC_HINT(nonnull) mod_release(rlm_rcode_t *p_result, modul * when called by DHCP release */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action); + vp = fr_pair_find_by_da(&request->control_pairs, attr_pool_action, 0); return mod_action(p_result, inst, request, vp ? vp->vp_uint32 : POOL_ACTION_RELEASE); } diff --git a/src/modules/rlm_rediswho/rlm_rediswho.c b/src/modules/rlm_rediswho/rlm_rediswho.c index 5178d314094..281d5af3e29 100644 --- a/src/modules/rlm_rediswho/rlm_rediswho.c +++ b/src/modules/rlm_rediswho/rlm_rediswho.c @@ -205,7 +205,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo CONF_SECTION *cs; char const *insert, *trim, *expire; - vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type); + vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0); if (!vp) { RDEBUG2("Could not find account status type in packet"); RETURN_MODULE_NOOP; diff --git a/src/modules/rlm_rest/rlm_rest.c b/src/modules/rlm_rest/rlm_rest.c index e960b7271cd..215f77d2a50 100644 --- a/src/modules/rlm_rest/rlm_rest.c +++ b/src/modules/rlm_rest/rlm_rest.c @@ -642,8 +642,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, if (!section->name) RETURN_MODULE_NOOP; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); /* * We can only authenticate user requests which HAVE diff --git a/src/modules/rlm_securid/mem.c b/src/modules/rlm_securid/mem.c index eca9d274ab5..3e647ebfea2 100644 --- a/src/modules/rlm_securid/mem.c +++ b/src/modules/rlm_securid/mem.c @@ -183,7 +183,7 @@ SECURID_SESSION *securid_sessionlist_find(rlm_securid_t *inst, request_t *reques /* * We key the sessions off of the 'state' attribute */ - state = fr_pair_find_by_da(&request->request_pairs, attr_state); + state = fr_pair_find_by_da(&request->request_pairs, attr_state, 0); if (!state) { return NULL; } diff --git a/src/modules/rlm_securid/rlm_securid.c b/src/modules/rlm_securid/rlm_securid.c index 21698d33824..8b5579dc43c 100644 --- a/src/modules/rlm_securid/rlm_securid.c +++ b/src/modules/rlm_securid/rlm_securid.c @@ -473,8 +473,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, fr_pair_t *username, *password; fr_pair_t *vp; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); /* * We can only authenticate user requests which HAVE diff --git a/src/modules/rlm_smtp/rlm_smtp.c b/src/modules/rlm_smtp/rlm_smtp.c index 5ae1fbc521b..d7e60ef20a2 100644 --- a/src/modules/rlm_smtp/rlm_smtp.c +++ b/src/modules/rlm_smtp/rlm_smtp.c @@ -742,15 +742,15 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod fr_pair_t const *smtp_body, *username, *password; - if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type) != NULL) { + if (fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0) != NULL) { RDEBUG3("Auth-Type is already set. Not setting 'Auth-Type := %s'", inst->name); RETURN_MODULE_NOOP; } /* Elements provided by the request */ - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); - smtp_body = fr_pair_find_by_da(&request->request_pairs, attr_smtp_body); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); + smtp_body = fr_pair_find_by_da(&request->request_pairs, attr_smtp_body, 0); /* Make sure all of the essential email components are present and possible*/ if(!smtp_body) { @@ -911,8 +911,8 @@ static unlang_action_t CC_HINT(nonnull(1,2)) mod_authenticate(rlm_rcode_t *p_res RETURN_MODULE_FAIL; } - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); /* Make sure we have a user-name and user-password, and that they are possible */ if (!username) { diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c index d828e5b09cf..5b6096d3146 100644 --- a/src/modules/rlm_soh/rlm_soh.c +++ b/src/modules/rlm_soh/rlm_soh.c @@ -94,19 +94,19 @@ static xlat_action_t soh_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, request_t *req /* * There will be no point unless SoH-Supported = yes */ - vp[0] = fr_pair_find_by_da(&request->request_pairs, attr_soh_supported); + vp[0] = fr_pair_find_by_da(&request->request_pairs, attr_soh_supported, 0); if (!vp[0]) return XLAT_ACTION_FAIL; if (strncasecmp(in_head->vb_strvalue, "OS", 2) == 0) { /* OS vendor */ - vp[0] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_vendor); - vp[1] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_version); - vp[2] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_release); - vp[3] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_build); - vp[4] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_sp_version); - vp[5] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_sp_release); + vp[0] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_vendor, 0); + vp[1] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_version, 0); + vp[2] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_release, 0); + vp[3] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_os_build, 0); + vp[4] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_sp_version, 0); + vp[5] = fr_pair_find_by_da(&request->request_pairs, attr_soh_ms_machine_sp_release, 0); if (vp[0] && vp[0]->vp_uint32 == attr_ms_vendor->attr) { MEM(vb=fr_value_box_alloc_null(ctx)); @@ -192,7 +192,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod if (!inst->dhcp) RETURN_MODULE_NOOP; - vp = fr_pair_find_by_da(&request->request_pairs, attr_dhcp_vendor); + vp = fr_pair_find_by_da(&request->request_pairs, attr_dhcp_vendor, 0); if (vp) { /* * vendor-specific options contain @@ -253,7 +253,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU int rv; /* try to find the MS-SoH payload */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_ms_quarantine_soh); + vp = fr_pair_find_by_da(&request->request_pairs, attr_ms_quarantine_soh, 0); if (!vp) { RDEBUG2("SoH radius VP not found"); RETURN_MODULE_NOOP; diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c index 68e4ea1e158..63717a1dec2 100644 --- a/src/modules/rlm_sql/rlm_sql.c +++ b/src/modules/rlm_sql/rlm_sql.c @@ -148,7 +148,7 @@ static size_t sql_escape_for_xlat_func(request_t *request, char *out, size_t out static sql_fall_through_t fall_through(fr_pair_list_t *vps) { fr_pair_t *tmp; - tmp = fr_pair_find_by_da(vps, attr_fall_through); + tmp = fr_pair_find_by_da(vps, attr_fall_through, 0); return tmp ? tmp->vp_uint32 : FALL_THROUGH_DEFAULT; } @@ -1366,7 +1366,7 @@ skip_reply: * Check for a default_profile or for a User-Profile. */ RDEBUG3("... falling-through to profile processing"); - user_profile = fr_pair_find_by_da(&request->control_pairs, attr_user_profile); + user_profile = fr_pair_find_by_da(&request->control_pairs, attr_user_profile, 0); profile = user_profile ? user_profile->vp_strvalue : diff --git a/src/modules/rlm_sqlippool/rlm_sqlippool.c b/src/modules/rlm_sqlippool/rlm_sqlippool.c index 50b2b024ed7..70b3608645a 100644 --- a/src/modules/rlm_sqlippool/rlm_sqlippool.c +++ b/src/modules/rlm_sqlippool/rlm_sqlippool.c @@ -501,13 +501,13 @@ static unlang_action_t CC_HINT(nonnull) mod_alloc(rlm_rcode_t *p_result, module_ /* * If there is a Framed-IP-Address attribute in the reply do nothing */ - if (fr_pair_find_by_da(&request->reply_pairs, inst->allocated_address_da) != NULL) { + if (fr_pair_find_by_da(&request->reply_pairs, inst->allocated_address_da, 0) != NULL) { RDEBUG2("%s already exists", inst->allocated_address_da->name); return do_logging(p_result, inst, request, inst->log_exists, RLM_MODULE_NOOP); } - if (fr_pair_find_by_da(&request->control_pairs, attr_pool_name) == NULL) { + if (fr_pair_find_by_da(&request->control_pairs, attr_pool_name, 0) == NULL) { RDEBUG2("No %s defined", attr_pool_name->name); return do_logging(p_result, inst, request, inst->log_nopool, RLM_MODULE_NOOP); @@ -809,7 +809,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo int acct_status_type; - vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type); + vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0); if (!vp) { RDEBUG2("Could not find account status type in packet"); RETURN_MODULE_NOOP; diff --git a/src/modules/rlm_stats/rlm_stats.c b/src/modules/rlm_stats/rlm_stats.c index e896004d2b4..1502e283361 100644 --- a/src/modules/rlm_stats/rlm_stats.c +++ b/src/modules/rlm_stats/rlm_stats.c @@ -258,7 +258,7 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_ RETURN_MODULE_NOOP; } - vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_type); + vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_type, 0); if (!vp) { stats_type = FR_STATS4_TYPE_VALUE_GLOBAL; } else { @@ -290,8 +290,8 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_ break; case FR_STATS4_TYPE_VALUE_CLIENT: /* src */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv4_address); - if (!vp) vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv6_address); + vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv4_address, 0); + if (!vp) vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv6_address, 0); if (!vp) RETURN_MODULE_NOOP; mydata.ipaddr = vp->vp_ip; @@ -299,8 +299,8 @@ static unlang_action_t CC_HINT(nonnull) mod_stats(rlm_rcode_t *p_result, module_ break; case FR_STATS4_TYPE_VALUE_LISTENER: /* dst */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv4_address); - if (!vp) vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv6_address); + vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv4_address, 0); + if (!vp) vp = fr_pair_find_by_da(&request->request_pairs, attr_freeradius_stats4_ipv6_address, 0); if (!vp) RETURN_MODULE_NOOP; mydata.ipaddr = vp->vp_ip; diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c index 1d393c3f9d7..7a9df5a73da 100644 --- a/src/modules/rlm_unix/rlm_unix.c +++ b/src/modules/rlm_unix/rlm_unix.c @@ -112,7 +112,7 @@ static int groupcmp(UNUSED void *instance, request_t *request, UNUSED fr_pair_li /* * No user name, can't compare. */ - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (!username) return -1; if (rad_getpwnam(request, &pwd, username->vp_strvalue) < 0) { @@ -202,7 +202,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU * We can only authenticate user requests which HAVE * a User-Name attribute. */ - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (!username) RETURN_MODULE_NOOP; name = username->vp_strvalue; @@ -372,7 +372,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo /* * Which type is this. */ - if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type)) == NULL) { + if ((vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0)) == NULL) { RDEBUG2("no Accounting-Status-Type attribute in request"); RETURN_MODULE_NOOP; } @@ -389,7 +389,7 @@ static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, mo * We're only interested in accounting messages * with a username in it. */ - if (fr_pair_find_by_da(&request->request_pairs, attr_user_name) == NULL) + if (fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0) == NULL) RETURN_MODULE_NOOP; t = fr_time_to_sec(request->packet->timestamp); diff --git a/src/modules/rlm_wimax/rlm_wimax.c b/src/modules/rlm_wimax/rlm_wimax.c index 65e66b3db77..f18dc4cf521 100644 --- a/src/modules/rlm_wimax/rlm_wimax.c +++ b/src/modules/rlm_wimax/rlm_wimax.c @@ -123,7 +123,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU /* * Fix Calling-Station-Id. Damn you, WiMAX! */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_calling_station_id); + vp = fr_pair_find_by_da(&request->request_pairs, attr_calling_station_id, 0); if (vp && (vp->vp_length == 6)) { int i; char *p; @@ -173,8 +173,8 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod uint8_t mip_rk_1[EVP_MAX_MD_SIZE], mip_rk_2[EVP_MAX_MD_SIZE]; uint8_t mip_rk[2 * EVP_MAX_MD_SIZE]; - msk = fr_pair_find_by_da(&request->reply_pairs, attr_eap_msk); - emsk = fr_pair_find_by_da(&request->reply_pairs, attr_eap_emsk); + msk = fr_pair_find_by_da(&request->reply_pairs, attr_eap_msk, 0); + emsk = fr_pair_find_by_da(&request->reply_pairs, attr_eap_emsk, 0); if (!msk || !emsk) { REDEBUG2("No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys"); RETURN_MODULE_NOOP; @@ -248,8 +248,8 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod /* * Calculate mobility keys */ - mn_nai = fr_pair_find_by_da(&request->request_pairs, attr_wimax_mn_nai); - if (!mn_nai) mn_nai = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_mn_nai); + mn_nai = fr_pair_find_by_da(&request->request_pairs, attr_wimax_mn_nai, 0); + if (!mn_nai) mn_nai = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_mn_nai, 0); if (!mn_nai) { RWDEBUG("%s was not found in the request or in the reply", attr_wimax_mn_nai->name); RWDEBUG("We cannot calculate MN-HA keys"); @@ -259,7 +259,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod * WiMAX-IP-Technology */ vp = NULL; - if (mn_nai) vp = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_ip_technology); + if (mn_nai) vp = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_ip_technology, 0); if (!vp) { RWDEBUG("%s not found in reply", attr_wimax_ip_technology->name); RWDEBUG("Not calculating MN-HA keys"); @@ -270,7 +270,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod /* * Look for WiMAX-hHA-IP-MIP4 */ - ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip4); + ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip4, 0); if (!ip) { RWDEBUG("%s not found. Cannot calculate MN-HA-PMIP4 key", attr_wimax_hha_ip_mip4->name); break; @@ -304,7 +304,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod /* * Look for WiMAX-hHA-IP-MIP4 */ - ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip4); + ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip4, 0); if (!ip) { RWDEBUG("%s not found. Cannot calculate MN-HA-CMIP4 key", attr_wimax_hha_ip_mip4->name); break; @@ -338,7 +338,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod /* * Look for WiMAX-hHA-IP-MIP6 */ - ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip6); + ip = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_hha_ip_mip6, 0); if (!ip) { RWDEBUG("%s not found. Cannot calculate MN-HA-CMIP6 key", attr_wimax_hha_ip_mip6->name); break; @@ -377,7 +377,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod * * FA-RK= H(MIP-RK, "FA-RK") */ - fa_rk = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_fa_rk_key); + fa_rk = fr_pair_find_by_da(&request->reply_pairs, attr_wimax_fa_rk_key, 0); if (fa_rk && (fa_rk->vp_length <= 1)) { HMAC_Init_ex(hmac, mip_rk, rk_len, EVP_sha1(), NULL); @@ -402,7 +402,7 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod * * WiMAX-RRQ-MN-HA-SPI */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_wimax_rrq_mn_ha_spi); + vp = fr_pair_find_by_da(&request->request_pairs, attr_wimax_rrq_mn_ha_spi, 0); if (vp) { REDEBUG2("Client requested MN-HA key: Should use SPI to look up key from storage"); if (!mn_nai) { @@ -412,14 +412,14 @@ static unlang_action_t CC_HINT(nonnull) mod_post_auth(rlm_rcode_t *p_result, mod /* * WiMAX-RRQ-HA-IP */ - if (!fr_pair_find_by_da(&request->request_pairs, attr_wimax_rrq_ha_ip)) { + if (!fr_pair_find_by_da(&request->request_pairs, attr_wimax_rrq_ha_ip, 0)) { RWDEBUG("HA-IP was not found!"); } /* * WiMAX-HA-RK-Key-Requested */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_wimax_ha_rk_key_requested); + vp = fr_pair_find_by_da(&request->request_pairs, attr_wimax_ha_rk_key_requested, 0); if (vp && (vp->vp_uint32 == 1)) { REDEBUG2("Client requested HA-RK: Should use IP to look it up from storage"); } diff --git a/src/modules/rlm_winbind/rlm_winbind.c b/src/modules/rlm_winbind/rlm_winbind.c index 71df90b7cca..5f1ef34effc 100644 --- a/src/modules/rlm_winbind/rlm_winbind.c +++ b/src/modules/rlm_winbind/rlm_winbind.c @@ -103,7 +103,7 @@ static int winbind_group_cmp(void *instance, request_t *request, UNUSED fr_pair_ ssize_t slen; size_t backslash = 0; - vp_username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + vp_username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); if (!vp_username) return -1; RINDENT(); @@ -471,7 +471,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod rlm_winbind_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_winbind_t); fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (!vp) { REDEBUG2("No User-Password found in the request; not doing winbind authentication."); RETURN_MODULE_NOOP; @@ -500,8 +500,8 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, rlm_winbind_t const *inst = talloc_get_type_abort_const(mctx->instance, rlm_winbind_t); fr_pair_t *username, *password; - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); /* * We can only authenticate user requests which HAVE diff --git a/src/modules/rlm_yubikey/decrypt.c b/src/modules/rlm_yubikey/decrypt.c index eeb91f39d61..1f7143142ed 100644 --- a/src/modules/rlm_yubikey/decrypt.c +++ b/src/modules/rlm_yubikey/decrypt.c @@ -25,7 +25,7 @@ unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, rlm_yubikey_t const * fr_pair_t *key, *vp; - key = fr_pair_find_by_da(&request->control_pairs, attr_yubikey_key); + key = fr_pair_find_by_da(&request->control_pairs, attr_yubikey_key, 0); if (!key) { REDEBUG("Yubikey-Key attribute not found in control list, can't decrypt OTP data"); RETURN_MODULE_INVALID; @@ -87,7 +87,7 @@ unlang_action_t rlm_yubikey_decrypt(rlm_rcode_t *p_result, rlm_yubikey_t const * /* * Now we check for replay attacks */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_yubikey_counter); + vp = fr_pair_find_by_da(&request->control_pairs, attr_yubikey_counter, 0); if (!vp) { RWDEBUG("Yubikey-Counter not found in control list, skipping replay attack checks"); RETURN_MODULE_OK; diff --git a/src/modules/rlm_yubikey/rlm_yubikey.c b/src/modules/rlm_yubikey/rlm_yubikey.c index 17716a951f8..36bd0a409e6 100644 --- a/src/modules/rlm_yubikey/rlm_yubikey.c +++ b/src/modules/rlm_yubikey/rlm_yubikey.c @@ -287,7 +287,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod /* * Can't do yubikey auth if there's no password. */ - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (!password) { /* * Don't print out debugging messages if we know @@ -394,13 +394,13 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, size_t len; int ret; - vp = fr_pair_find_by_da(&request->request_pairs, attr_yubikey_otp); + vp = fr_pair_find_by_da(&request->request_pairs, attr_yubikey_otp, 0); if (!vp) { RDEBUG2("No Yubikey-OTP attribute found, falling back to User-Password"); /* * Can't do yubikey auth if there's no password. */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (!vp) { REDEBUG("No User-Password in the request. Can't do Yubikey authentication"); RETURN_MODULE_INVALID; diff --git a/src/process/dhcpv4/base.c b/src/process/dhcpv4/base.c index df6b1147a44..3333d91afb2 100644 --- a/src/process/dhcpv4/base.c +++ b/src/process/dhcpv4/base.c @@ -97,7 +97,7 @@ static void dhcpv4_packet_debug(request_t *request, fr_radius_packet_t *packet, if (!*dhcp_header_attrs[i]) continue; - vp = fr_pair_find_by_da(list, *dhcp_header_attrs[i]); + vp = fr_pair_find_by_da(list, *dhcp_header_attrs[i], 0); if (!vp) continue; RDEBUGX(L_DBG_LVL_1, "%pP", vp); } @@ -146,7 +146,7 @@ RESUME(check_yiaddr) { fr_pair_t *vp; - vp = fr_pair_find_by_da(&request->reply_pairs, attr_yiaddr); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_yiaddr, 0); if (!vp) { REDEBUG("%s packet does not have YIADDR. The client will not receive an IP address.", dhcp_message_types[request->reply->code]); diff --git a/src/process/dhcpv6/base.c b/src/process/dhcpv6/base.c index 6d8c6f1528e..a2b62e31e78 100644 --- a/src/process/dhcpv6/base.c +++ b/src/process/dhcpv6/base.c @@ -195,7 +195,7 @@ process_dhcpv6_client_fields_t *dhcpv6_client_fields_store(request_t *request, b fr_pair_t *transaction_id, *client_id, *server_id; process_dhcpv6_client_fields_t *rctx; - transaction_id = fr_pair_find_by_da(&request->request_pairs, attr_transaction_id); + transaction_id = fr_pair_find_by_da(&request->request_pairs, attr_transaction_id, 0); if (!transaction_id) { REDEBUG("Missing Transaction-ID"); return NULL; @@ -213,7 +213,7 @@ process_dhcpv6_client_fields_t *dhcpv6_client_fields_store(request_t *request, b return NULL; } - server_id = fr_pair_find_by_da(&request->request_pairs, attr_server_id); + server_id = fr_pair_find_by_da(&request->request_pairs, attr_server_id, 0); if (!server_id && expect_server_id) { REDEBUG("Missing Server-ID"); return NULL; @@ -300,7 +300,7 @@ int restore_field(request_t *request, fr_pair_t **to_restore) VP_VERIFY(*to_restore); - vp = fr_pair_find_by_da(&request->reply_pairs, (*to_restore)->da); + vp = fr_pair_find_by_da(&request->reply_pairs, (*to_restore)->da, 0); if (vp) { if (fr_pair_cmp(vp, *to_restore) != 0) { RWDEBUG("&reply.%pP does not match &request.%pP", vp, *to_restore); @@ -379,7 +379,7 @@ process_dhcpv6_relay_fields_t *dhcpv6_relay_fields_store(request_t *request) fr_pair_t *hop_count, *link_address, *peer_address; process_dhcpv6_relay_fields_t *rctx; - hop_count = fr_pair_find_by_da(&request->request_pairs, attr_hop_count); + hop_count = fr_pair_find_by_da(&request->request_pairs, attr_hop_count, 0); if (!hop_count) { REDEBUG("Missing Hop-Count"); return NULL; diff --git a/src/process/radius/base.c b/src/process/radius/base.c index 4e0de31f3bf..d9253aa6f52 100644 --- a/src/process/radius/base.c +++ b/src/process/radius/base.c @@ -247,9 +247,9 @@ static char *auth_name(char *buf, size_t buflen, request_t *request) char const *tls = ""; RADCLIENT *client = client_from_request(request); - cli = fr_pair_find_by_da(&request->request_pairs, attr_calling_station_id); + cli = fr_pair_find_by_da(&request->request_pairs, attr_calling_station_id, 0); - pair = fr_pair_find_by_da(&request->request_pairs, attr_nas_port); + pair = fr_pair_find_by_da(&request->request_pairs, attr_nas_port, 0); if (pair != NULL) port = pair->vp_uint32; if (request->packet->socket.inet.dst_port == 0) tls = " via proxy to virtual server"; @@ -293,21 +293,21 @@ static void CC_HINT(format (printf, 4, 5)) auth_message(process_radius_auth_t co * Get the correct username based on the configured value */ if (!inst->log_stripped_names) { - username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); } else { - username = fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name); - if (!username) username = fr_pair_find_by_da(&request->request_pairs, attr_user_name); + username = fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name, 0); + if (!username) username = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0); } /* * Clean up the password */ if (inst->log_auth_badpass || inst->log_auth_goodpass) { - password = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + password = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (!password) { fr_pair_t *auth_type; - auth_type = fr_pair_find_by_da(&request->control_pairs, attr_auth_type); + auth_type = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0); if (auth_type) { snprintf(password_buff, sizeof(password_buff), "", fr_dict_enum_name_by_value(auth_type->da, &auth_type->data)); @@ -315,7 +315,7 @@ static void CC_HINT(format (printf, 4, 5)) auth_message(process_radius_auth_t co } else { password_str = ""; } - } else if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password)) { + } else if (fr_pair_find_by_da(&request->request_pairs, attr_chap_password, 0)) { password_str = ""; } } @@ -414,7 +414,7 @@ RESUME(access_request) /* * Run authenticate foo { ... } */ - vp = fr_pair_find_by_da(&request->control_pairs, attr_auth_type); + vp = fr_pair_find_by_da(&request->control_pairs, attr_auth_type, 0); if (!vp) goto send_reply; dv = fr_dict_enum_by_value(vp->da, &vp->data); @@ -503,7 +503,7 @@ RESUME(auth_type) /* * Maybe the shared secret is wrong? */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password); + vp = fr_pair_find_by_da(&request->request_pairs, attr_user_password, 0); if (vp) { if (RDEBUG_ENABLED2) { uint8_t const *p; @@ -532,7 +532,7 @@ RESUME(auth_type) * section. */ case FR_RADIUS_CODE_ACCESS_CHALLENGE: - if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_state)) != NULL) { + if ((vp = fr_pair_find_by_da(&request->reply_pairs, attr_state, 0)) != NULL) { uint8_t buffer[16]; fr_rand_buffer(buffer, sizeof(buffer)); @@ -559,7 +559,7 @@ RESUME_NO_RCTX(access_accept) PROCESS_TRACE; - vp = fr_pair_find_by_da(&request->request_pairs, attr_module_success_message); + vp = fr_pair_find_by_da(&request->request_pairs, attr_module_success_message, 0); if (vp) { auth_message(&inst->auth, request, true, "Login OK (%pV)", &vp->data); } else { @@ -573,9 +573,9 @@ RESUME_NO_RCTX(access_accept) * (mostly) unique to that user. */ if (!request->parent && - ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name)) != NULL) && + ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name, 0)) != NULL) && (vp->vp_strvalue[0] == '@') && - !fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name)) { + !fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name, 0)) { RWDEBUG("User-Name is anonymized, and no Stripped-User-Name exists."); RWDEBUG("It may be difficult or impossible to identify the user."); RWDEBUG("Please update Stripped-User-Name with information which identifies the user."); @@ -592,7 +592,7 @@ RESUME_NO_RCTX(access_reject) PROCESS_TRACE; - vp = fr_pair_find_by_da(&request->request_pairs, attr_module_failure_message); + vp = fr_pair_find_by_da(&request->request_pairs, attr_module_failure_message, 0); if (vp) { auth_message(&inst->auth, request, false, "Login incorrect (%pV)", &vp->data); } else { @@ -699,7 +699,7 @@ RESUME(accounting_request) /* * Run accounting foo { ... } */ - vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type); + vp = fr_pair_find_by_da(&request->request_pairs, attr_acct_status_type, 0); if (!vp) goto send_reply; dv = fr_dict_enum_by_value(vp->da, &vp->data); @@ -745,7 +745,7 @@ RESUME(protocol_error) /* * https://tools.ietf.org/html/rfc7930#section-4 */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_original_packet_code); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_original_packet_code, 0); if (!vp) { vp = fr_pair_afrom_da(request->reply_ctx, attr_original_packet_code); if (vp) { @@ -757,7 +757,7 @@ RESUME(protocol_error) /* * If there's no Error-Cause, then include a generic 404. */ - vp = fr_pair_find_by_da(&request->reply_pairs, attr_error_cause); + vp = fr_pair_find_by_da(&request->reply_pairs, attr_error_cause, 0); if (!vp) { vp = fr_pair_afrom_da(request->reply_ctx, attr_error_cause); if (vp) { diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c index 0220876297c..ebc93d8dfa7 100644 --- a/src/process/tacacs/base.c +++ b/src/process/tacacs/base.c @@ -165,7 +165,7 @@ static void message_failed(request_t *request, PROCESS_INST *inst, fr_process_st /* * Set the server reply message. Note that we do not tell the user *why* they failed authentication. */ - if (!fr_pair_find_by_da(&request->reply_pairs, attr_tacacs_server_message)) { + if (!fr_pair_find_by_da(&request->reply_pairs, attr_tacacs_server_message, 0)) { MEM(pair_update_reply(&vp, attr_tacacs_server_message) >= 0); fr_pair_value_strdup(vp, msg); } @@ -277,8 +277,8 @@ RESUME(recv_tacacs) fr_dict_enum_t const *dv; CONF_SECTION *subcs; - vp = fr_pair_find_by_da(&request->request_pairs, *state->attr_process); - if (!vp) vp = fr_pair_find_by_da(&request->control_pairs, *state->attr_process); + vp = fr_pair_find_by_da(&request->request_pairs, *state->attr_process, 0); + if (!vp) vp = fr_pair_find_by_da(&request->control_pairs, *state->attr_process, 0); if (!vp) { RDEBUG2("No attribute found for &request.%s - proceeding to 'send'", (*state->attr_process)->name); break; @@ -335,7 +335,7 @@ RESUME(send_tacacs) * Save the state */ if (!request->parent && - (fr_pair_find_by_da(&request->request_pairs, attr_tacacs_state) != NULL)) { + (fr_pair_find_by_da(&request->request_pairs, attr_tacacs_state, 0) != NULL)) { fr_tacacs_packet_hdr_t const *pkt = (fr_tacacs_packet_hdr_t const *) request->packet->data; /* diff --git a/src/protocols/dhcpv4/base.c b/src/protocols/dhcpv4/base.c index f1b0cd6c1ae..4005d696582 100644 --- a/src/protocols/dhcpv4/base.c +++ b/src/protocols/dhcpv4/base.c @@ -314,7 +314,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c */ /* Maximum-Msg-Size */ - vp = fr_pair_find_by_da(vps, attr_dhcp_dhcp_maximum_msg_size); + vp = fr_pair_find_by_da(vps, attr_dhcp_dhcp_maximum_msg_size, 0); if (vp && (vp->vp_uint32 > mms)) { mms = vp->vp_uint32; @@ -322,7 +322,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } #endif - vp = fr_pair_find_by_da(vps, attr_dhcp_opcode); + vp = fr_pair_find_by_da(vps, attr_dhcp_opcode, 0); if (vp) { FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8); } else { @@ -330,7 +330,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Hardware-Type */ - vp = fr_pair_find_by_da(vps, attr_dhcp_hardware_type); + vp = fr_pair_find_by_da(vps, attr_dhcp_hardware_type, 0); if (vp) { FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8); @@ -342,7 +342,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Hardware-Address-len */ - vp = fr_pair_find_by_da(vps, attr_dhcp_hardware_address_length); + vp = fr_pair_find_by_da(vps, attr_dhcp_hardware_address_length, 0); if (vp) { FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8); @@ -354,7 +354,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Hop-Count */ - vp = fr_pair_find_by_da(vps, attr_dhcp_hop_count); + vp = fr_pair_find_by_da(vps, attr_dhcp_hop_count, 0); if (vp) { FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint8); @@ -369,7 +369,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c FR_DBUFF_IN_RETURN(&work_dbuff, xid); /* Number-of-Seconds */ - vp = fr_pair_find_by_da(vps, attr_dhcp_number_of_seconds); + vp = fr_pair_find_by_da(vps, attr_dhcp_number_of_seconds, 0); if (vp) { FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint16); } else { @@ -377,7 +377,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Flags */ - vp = fr_pair_find_by_da(vps, attr_dhcp_flags); + vp = fr_pair_find_by_da(vps, attr_dhcp_flags, 0); if (vp) { FR_DBUFF_IN_RETURN(&work_dbuff, vp->vp_uint16); } else { @@ -385,7 +385,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Client-IP-Address */ - vp = fr_pair_find_by_da(vps, attr_dhcp_client_ip_address); + vp = fr_pair_find_by_da(vps, attr_dhcp_client_ip_address, 0); if (vp) { FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr)); } else { @@ -393,7 +393,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Your-IP-address */ - vp = fr_pair_find_by_da(vps, attr_dhcp_your_ip_address); + vp = fr_pair_find_by_da(vps, attr_dhcp_your_ip_address, 0); if (vp) { FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr)); } else { @@ -401,7 +401,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Server-IP-Address */ - vp = fr_pair_find_by_da(vps, attr_dhcp_server_ip_address); + vp = fr_pair_find_by_da(vps, attr_dhcp_server_ip_address, 0); if (vp) { FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr)); } else { @@ -411,7 +411,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c /* * Gateway-IP-Address */ - vp = fr_pair_find_by_da(vps, attr_dhcp_gateway_ip_address); + vp = fr_pair_find_by_da(vps, attr_dhcp_gateway_ip_address, 0); if (vp) { FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)&vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr)); @@ -423,7 +423,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Client-Hardware-Address */ - if ((vp = fr_pair_find_by_da(vps, attr_dhcp_client_hardware_address))) { + if ((vp = fr_pair_find_by_da(vps, attr_dhcp_client_hardware_address, 0))) { FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, (uint8_t const *)vp->vp_ether, sizeof(vp->vp_ether)); FR_DBUFF_MEMSET_RETURN(&work_dbuff, 0, DHCP_CHADDR_LEN - sizeof(vp->vp_ether)); @@ -435,7 +435,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c } /* Server-Host-Name */ - if ((vp = fr_pair_find_by_da(vps, attr_dhcp_server_host_name))) { + if ((vp = fr_pair_find_by_da(vps, attr_dhcp_server_host_name, 0))) { if (vp->vp_length > DHCP_SNAME_LEN) { FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vp->vp_strvalue, DHCP_SNAME_LEN); } else { @@ -457,7 +457,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c */ /* Boot-Filename */ - if ((vp = fr_pair_find_by_da(vps, attr_dhcp_boot_filename))) { + if ((vp = fr_pair_find_by_da(vps, attr_dhcp_boot_filename, 0))) { if (vp->vp_length > DHCP_FILE_LEN) { FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vp->vp_strvalue, DHCP_FILE_LEN); } else { @@ -471,7 +471,7 @@ ssize_t fr_dhcpv4_encode_dbuff(fr_dbuff_t *dbuff, dhcp_packet_t *original, int c /* DHCP magic number */ FR_DBUFF_IN_RETURN(&work_dbuff, (uint32_t) DHCP_OPTION_MAGIC_NUMBER); - if ((vp = fr_pair_find_by_da(vps, attr_dhcp_message_type))) { + if ((vp = fr_pair_find_by_da(vps, attr_dhcp_message_type, 0))) { FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_MESSAGE_TYPE, 0x01, vp->vp_uint8); } else { FR_DBUFF_IN_BYTES_RETURN(&work_dbuff, FR_MESSAGE_TYPE, 0x01, (uint8_t)code); diff --git a/src/protocols/dhcpv4/packet.c b/src/protocols/dhcpv4/packet.c index ba83830a770..b110a72e71d 100644 --- a/src/protocols/dhcpv4/packet.c +++ b/src/protocols/dhcpv4/packet.c @@ -228,7 +228,7 @@ int fr_dhcpv4_decode(TALLOC_CTX *ctx, uint8_t const *data, size_t data_len, fr_d } if (code) { - vp = fr_pair_find_by_da(&head, attr_dhcp_message_type); + vp = fr_pair_find_by_da(&head, attr_dhcp_message_type, 0); if (vp) { *code = vp->vp_uint8; } @@ -238,7 +238,7 @@ int fr_dhcpv4_decode(TALLOC_CTX *ctx, uint8_t const *data, size_t data_len, fr_d * If option Overload is present in the 'options' field, then fields 'file' and/or 'sname' * are used to hold more options. They are partitioned and must be interpreted in sequence. */ - vp = fr_pair_find_by_da(&head, attr_dhcp_overload); + vp = fr_pair_find_by_da(&head, attr_dhcp_overload, 0); if (vp) { if ((vp->vp_uint8 & 1) == 1) { /* @@ -297,14 +297,14 @@ int fr_dhcpv4_decode(TALLOC_CTX *ctx, uint8_t const *data, size_t data_len, fr_d /* * DHCP Opcode is request */ - vp = fr_pair_find_by_da(&head, attr_dhcp_opcode); + vp = fr_pair_find_by_da(&head, attr_dhcp_opcode, 0); if (vp && vp->vp_uint8 == 1) { /* * Vendor is "MSFT 98" */ - vp = fr_pair_find_by_da(&head, attr_dhcp_vendor_class_identifier); + vp = fr_pair_find_by_da(&head, attr_dhcp_vendor_class_identifier, 0); if (vp && (vp->vp_length == 7) && (memcmp(vp->vp_strvalue, "MSFT 98", 7) == 0)) { - vp = fr_pair_find_by_da(&head, attr_dhcp_flags); + vp = fr_pair_find_by_da(&head, attr_dhcp_flags, 0); /* * Reply should be broadcast. @@ -331,12 +331,12 @@ int fr_dhcpv4_decode(TALLOC_CTX *ctx, uint8_t const *data, size_t data_len, fr_d /* * First look for Relay-Link-Selection */ - netaddr = fr_pair_find_by_da(&head, attr_dhcp_relay_link_selection); + netaddr = fr_pair_find_by_da(&head, attr_dhcp_relay_link_selection, 0); if (!netaddr) { /* * Next try Subnet-Selection-Option */ - netaddr = fr_pair_find_by_da(&head, attr_dhcp_subnet_selection_option); + netaddr = fr_pair_find_by_da(&head, attr_dhcp_subnet_selection_option, 0); } if (netaddr) { @@ -368,8 +368,8 @@ int fr_dhcpv4_decode(TALLOC_CTX *ctx, uint8_t const *data, size_t data_len, fr_d * Client can request a LARGER size, but not a smaller * one. They also cannot request a size larger than MTU. */ - maxms = fr_pair_find_by_da(&head, attr_dhcp_dhcp_maximum_msg_size); - mtu = fr_pair_find_by_da(&head, attr_dhcp_interface_mtu_size); + maxms = fr_pair_find_by_da(&head, attr_dhcp_dhcp_maximum_msg_size, 0); + mtu = fr_pair_find_by_da(&head, attr_dhcp_interface_mtu_size, 0); if (mtu && (mtu->vp_uint16 < DEFAULT_PACKET_SIZE)) { fr_strerror_const("Client says MTU is smaller than minimum permitted by the specification"); @@ -410,7 +410,7 @@ int fr_dhcpv4_packet_encode(fr_radius_packet_t *packet, fr_pair_list_t *list) if (packet->code == 0) packet->code = FR_DHCP_NAK; /* store xid */ - if ((vp = fr_pair_find_by_da(list, attr_dhcp_transaction_id))) { + if ((vp = fr_pair_find_by_da(list, attr_dhcp_transaction_id, 0))) { packet->id = vp->vp_uint32; } else { packet->id = fr_rand(); diff --git a/src/protocols/dhcpv4/raw.c b/src/protocols/dhcpv4/raw.c index 50beba71f98..f809ac16fc2 100644 --- a/src/protocols/dhcpv4/raw.c +++ b/src/protocols/dhcpv4/raw.c @@ -119,7 +119,7 @@ int fr_dhcpv4_raw_packet_send(int sockfd, struct sockaddr_ll *link_layer, /* set ethernet source address to our MAC address (Client-Hardware-Address). */ uint8_t dhmac[ETH_ADDR_LEN] = { 0 }; - if ((vp = fr_pair_find_by_da(list, attr_dhcp_client_hardware_address))) { + if ((vp = fr_pair_find_by_da(list, attr_dhcp_client_hardware_address, 0))) { if (vp->vp_type == FR_TYPE_ETHERNET) memcpy(dhmac, vp->vp_ether, sizeof(vp->vp_ether)); } @@ -229,7 +229,7 @@ fr_radius_packet_t *fr_dhcv4_raw_packet_recv(int sockfd, struct sockaddr_ll *lin * Check if it matches the source HW address used (Client-Hardware-Address = 267) */ if ((memcmp(ð_bcast, ð_hdr->dst_addr, ETH_ADDR_LEN) != 0) && - (vp = fr_pair_find_by_da(list, attr_dhcp_client_hardware_address)) && + (vp = fr_pair_find_by_da(list, attr_dhcp_client_hardware_address, 0)) && ((vp->vp_type == FR_TYPE_ETHERNET) && (memcmp(vp->vp_ether, ð_hdr->dst_addr, ETH_ADDR_LEN) != 0))) { /* No match. */ diff --git a/src/protocols/dhcpv6/base.c b/src/protocols/dhcpv6/base.c index af1465bb733..c2b5cba1040 100644 --- a/src/protocols/dhcpv6/base.c +++ b/src/protocols/dhcpv6/base.c @@ -786,7 +786,7 @@ ssize_t fr_dhcpv6_encode(fr_dbuff_t *dbuff, uint8_t const *original, size_t leng root = fr_dict_root(dict_dhcpv6); if (!msg_type) { - vp = fr_pair_find_by_da(vps, attr_packet_type); + vp = fr_pair_find_by_da(vps, attr_packet_type, 0); if (vp) msg_type = vp->vp_uint32; } @@ -800,21 +800,21 @@ ssize_t fr_dhcpv6_encode(fr_dbuff_t *dbuff, uint8_t const *original, size_t leng switch (msg_type) { case FR_DHCPV6_RELAY_REPLY: case FR_DHCPV6_RELAY_FORWARD: - vp = fr_pair_find_by_da(vps, attr_hop_count); + vp = fr_pair_find_by_da(vps, attr_hop_count, 0); if (likely(vp != NULL)) { FR_VALUE_BOX_TO_NETWORK_RETURN(&frame_dbuff, &vp->data); } else { FR_DBUFF_MEMSET_RETURN(&frame_dbuff, 0, DHCPV6_HOP_COUNT_LEN); } - vp = fr_pair_find_by_da(vps, attr_relay_link_address); + vp = fr_pair_find_by_da(vps, attr_relay_link_address, 0); if (likely(vp != NULL)) { FR_VALUE_BOX_TO_NETWORK_RETURN(&frame_dbuff, &vp->data); } else { FR_DBUFF_MEMSET_RETURN(&frame_dbuff, 0, DHCPV6_LINK_ADDRESS_LEN); } - vp = fr_pair_find_by_da(vps, attr_relay_peer_address); + vp = fr_pair_find_by_da(vps, attr_relay_peer_address, 0); if (likely(vp != NULL)) { FR_VALUE_BOX_TO_NETWORK_RETURN(&frame_dbuff, &vp->data); } else { @@ -826,7 +826,7 @@ ssize_t fr_dhcpv6_encode(fr_dbuff_t *dbuff, uint8_t const *original, size_t leng /* * We can set an XID, or we can pick a random one. */ - vp = fr_pair_find_by_da(vps, attr_transaction_id); + vp = fr_pair_find_by_da(vps, attr_transaction_id, 0); if (vp && (vp->vp_length >= DHCPV6_TRANSACTION_ID_LEN)) { FR_DBUFF_IN_MEMCPY_RETURN(&frame_dbuff, vp->vp_octets, DHCPV6_TRANSACTION_ID_LEN); } else { diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c index c0c4eb1181b..0162f700c91 100644 --- a/src/protocols/radius/decode.c +++ b/src/protocols/radius/decode.c @@ -442,7 +442,7 @@ ssize_t fr_radius_decode_tlv(TALLOC_CTX *ctx, fr_dcursor_t *cursor, fr_dict_t co * We don't have a "pair find in cursor" */ if (flag_concat(&parent->flags)) { - vp = fr_pair_find_by_da(fr_pair_list_from_dcursor(cursor), parent); + vp = fr_pair_find_by_da(fr_pair_list_from_dcursor(cursor), parent, 0); concat = (vp != NULL); } else { vp = NULL; diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c index d2b0230fe25..fafeab3154c 100644 --- a/src/protocols/radius/encode.c +++ b/src/protocols/radius/encode.c @@ -1527,11 +1527,11 @@ static ssize_t fr_radius_encode_proto(UNUSED TALLOC_CTX *ctx, fr_pair_list_t *vp fr_pair_t *vp; ssize_t slen; - vp = fr_pair_find_by_da(vps, attr_packet_type); + vp = fr_pair_find_by_da(vps, attr_packet_type, 0); if (vp) packet_type = vp->vp_uint32; if ((packet_type == FR_RADIUS_CODE_ACCESS_REQUEST) || (packet_type == FR_RADIUS_CODE_STATUS_SERVER)) { - vp = fr_pair_find_by_da(vps, attr_packet_authentication_vector); + vp = fr_pair_find_by_da(vps, attr_packet_authentication_vector, 0); if (vp && (vp->vp_length == RADIUS_AUTH_VECTOR_LENGTH)) { memcpy(data + 4, vp->vp_octets, RADIUS_AUTH_VECTOR_LENGTH); } else { diff --git a/src/protocols/tacacs/encode.c b/src/protocols/tacacs/encode.c index 9e7e0dee1c2..bf1a8428d23 100644 --- a/src/protocols/tacacs/encode.c +++ b/src/protocols/tacacs/encode.c @@ -92,7 +92,7 @@ static ssize_t tacacs_encode_field(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_di fr_pair_t *vp; fr_dbuff_t work_dbuff = FR_DBUFF_NO_ADVANCE(dbuff); - vp = fr_pair_find_by_da(vps, da); + vp = fr_pair_find_by_da(vps, da, 0); if (!vp || !vp->vp_length || (vp->vp_length > max_len)) return 0; if (da->type == FR_TYPE_STRING) { @@ -111,7 +111,7 @@ static ssize_t tacacs_encode_field(fr_dbuff_t *dbuff, fr_pair_list_t *vps, fr_di * doesn't specify them, then they don't get encoded. */ #define ENCODE_FIELD_UINT8(_field, _da) do { \ - vp = fr_pair_find_by_da(vps, _da); \ + vp = fr_pair_find_by_da(vps, _da, 0); \ _field = (vp) ? vp->vp_uint8 : 0; \ } while (0) @@ -571,7 +571,7 @@ ssize_t fr_tacacs_encode(fr_dbuff_t *dbuff, uint8_t const *original_packet, char /* * If the caller didn't set a session ID, use a random one. */ - if (!fr_pair_find_by_da(vps, attr_tacacs_session_id)) { + if (!fr_pair_find_by_da(vps, attr_tacacs_session_id, 0)) { packet->hdr.session_id = fr_rand(); }