projects
/
freeradius.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixes from clang / scan-build
[freeradius.git]
/
src
/
modules
/
rlm_realm
/
rlm_realm.c
diff --git
a/src/modules/rlm_realm/rlm_realm.c
b/src/modules/rlm_realm/rlm_realm.c
index
c73bedf
..
6006769
100644
(file)
--- a/
src/modules/rlm_realm/rlm_realm.c
+++ b/
src/modules/rlm_realm/rlm_realm.c
@@
-60,7
+60,7
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
{
char namebuf[MAX_STRING_LEN];
char *username;
{
char namebuf[MAX_STRING_LEN];
char *username;
- char *realmname = NULL;
+ c
onst c
har *realmname = NULL;
char *ptr;
VALUE_PAIR *vp;
REALM *realm;
char *ptr;
VALUE_PAIR *vp;
REALM *realm;
@@
-80,20
+80,22
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
* Also, if there's no User-Name attribute, we can't
* proxy it, either.
*/
* Also, if there's no User-Name attribute, we can't
* proxy it, either.
*/
+#ifdef WITH_PROXY
if ((request->proxy != NULL) ||
(request->username == NULL)) {
if ((request->proxy != NULL) ||
(request->username == NULL)) {
-
DEBUG2(" rlm_realm:
Proxy reply, or no User-Name. Ignoring.");
- return
0
;
+
RDEBUG2("
Proxy reply, or no User-Name. Ignoring.");
+ return
RLM_MODULE_OK
;
}
}
+#endif
/*
* Check for 'Realm' attribute. If it exists, then we've proxied
* it already ( via another rlm_realm instance ) and should return.
*/
/*
* Check for 'Realm' attribute. If it exists, then we've proxied
* it already ( via another rlm_realm instance ) and should return.
*/
- if (
(vp = pairfind(request->packet->vps, PW_REALM)
) != NULL ) {
-
DEBUG2(" rlm_realm:
Request already proxied. Ignoring.");
- return
0
;
+ if (
pairfind(request->packet->vps, PW_REALM, 0
) != NULL ) {
+
RDEBUG2("
Request already proxied. Ignoring.");
+ return
RLM_MODULE_OK
;
}
/*
}
/*
@@
-109,10
+111,10
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
case REALM_FORMAT_SUFFIX:
/* DEBUG2(" rlm_realm: Checking for suffix after \"%c\"", inst->delim[0]); */
case REALM_FORMAT_SUFFIX:
/* DEBUG2(" rlm_realm: Checking for suffix after \"%c\"", inst->delim[0]); */
-
realmname
= strrchr(username, inst->delim[0]);
- if (
realmname
) {
- *
realmname
= '\0';
- realmname
++
;
+
ptr
= strrchr(username, inst->delim[0]);
+ if (
ptr
) {
+ *
ptr
= '\0';
+ realmname
= ptr + 1
;
}
break;
}
break;
@@
-140,15
+142,15
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
* what's going on.
*/
if (realmname) {
* what's going on.
*/
if (realmname) {
-
DEBUG2(" rlm_realm:
Looking up realm \"%s\" for User-Name = \"%s\"",
+
RDEBUG2("
Looking up realm \"%s\" for User-Name = \"%s\"",
realmname, request->username->vp_strvalue);
} else {
if( inst->ignore_null ) {
realmname, request->username->vp_strvalue);
} else {
if( inst->ignore_null ) {
-
DEBUG2(" rlm_realm:
No '%c' in User-Name = \"%s\", skipping NULL due to config.",
+
RDEBUG2("
No '%c' in User-Name = \"%s\", skipping NULL due to config.",
inst->delim[0], request->username->vp_strvalue);
inst->delim[0], request->username->vp_strvalue);
- return
0
;
+ return
RLM_MODULE_NOOP
;
}
}
-
DEBUG2(" rlm_realm:
No '%c' in User-Name = \"%s\", looking up realm NULL",
+
RDEBUG2("
No '%c' in User-Name = \"%s\", looking up realm NULL",
inst->delim[0], request->username->vp_strvalue);
}
inst->delim[0], request->username->vp_strvalue);
}
@@
-157,17
+159,17
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
*/
realm = realm_find(realmname);
if (!realm) {
*/
realm = realm_find(realmname);
if (!realm) {
-
DEBUG2(" rlm_realm:
No such realm \"%s\"",
+
RDEBUG2("
No such realm \"%s\"",
(realmname == NULL) ? "NULL" : realmname);
(realmname == NULL) ? "NULL" : realmname);
- return
0
;
+ return
RLM_MODULE_NOOP
;
}
if( inst->ignore_default &&
(strcmp(realm->name, "DEFAULT")) == 0) {
}
if( inst->ignore_default &&
(strcmp(realm->name, "DEFAULT")) == 0) {
-
DEBUG2(" rlm_realm:
Found DEFAULT, but skipping due to config.");
- return
0
;
+
RDEBUG2("
Found DEFAULT, but skipping due to config.");
+ return
RLM_MODULE_NOOP
;
}
}
-
DEBUG2(" rlm_realm:
Found realm \"%s\"", realm->name);
+
RDEBUG2("
Found realm \"%s\"", realm->name);
/*
* If we've been told to strip the realm off, then do so.
/*
* If we've been told to strip the realm off, then do so.
@@
-180,12
+182,12
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
*/
if (request->username->attribute != PW_STRIPPED_USER_NAME) {
vp = radius_paircreate(request, &request->packet->vps,
*/
if (request->username->attribute != PW_STRIPPED_USER_NAME) {
vp = radius_paircreate(request, &request->packet->vps,
- PW_STRIPPED_USER_NAME,
+ PW_STRIPPED_USER_NAME,
0,
PW_TYPE_STRING);
PW_TYPE_STRING);
-
DEBUG2(" rlm_realm:
Adding Stripped-User-Name = \"%s\"", username);
+
RDEBUG2("
Adding Stripped-User-Name = \"%s\"", username);
} else {
vp = request->username;
} else {
vp = request->username;
-
DEBUG2(" rlm_realm:
Setting Stripped-User-Name = \"%s\"", username);
+
RDEBUG2("
Setting Stripped-User-Name = \"%s\"", username);
}
strcpy(vp->vp_strvalue, username);
}
strcpy(vp->vp_strvalue, username);
@@
-195,27
+197,33
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
/*
* Add the realm name to the request.
/*
* Add the realm name to the request.
+ * If the realm is a regex, the use the realm as entered
+ * by the user. Otherwise, use the configured realm name,
+ * as realm name comparison is case insensitive. We want
+ * to use the configured name, rather than what the user
+ * entered.
*/
*/
- pairadd(&request->packet->vps, pairmake("Realm", realm->name,
+ if (realm->name[0] != '~') realmname = realm->name;
+ pairadd(&request->packet->vps, pairmake("Realm", realmname,
T_OP_EQ));
T_OP_EQ));
-
DEBUG2(" rlm_realm: Adding Realm = \"%s\"", realm->
name);
+
RDEBUG2("Adding Realm = \"%s\"", realm
name);
/*
* Figure out what to do with the request.
*/
switch (request->packet->code) {
default:
/*
* Figure out what to do with the request.
*/
switch (request->packet->code) {
default:
-
DEBUG2(" rlm_realm:
Unknown packet code %d\n",
+
RDEBUG2("
Unknown packet code %d\n",
request->packet->code);
request->packet->code);
- return
0;
/* don't do anything */
+ return
RLM_MODULE_OK;
/* don't do anything */
/*
* Perhaps accounting proxying was turned off.
*/
case PW_ACCOUNTING_REQUEST:
if (!realm->acct_pool) {
/*
* Perhaps accounting proxying was turned off.
*/
case PW_ACCOUNTING_REQUEST:
if (!realm->acct_pool) {
-
DEBUG2(" rlm_realm:
Accounting realm is LOCAL.");
- return
0
;
+
RDEBUG2("
Accounting realm is LOCAL.");
+ return
RLM_MODULE_OK
;
}
break;
}
break;
@@
-224,13
+232,14
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
*/
case PW_AUTHENTICATION_REQUEST:
if (!realm->auth_pool) {
*/
case PW_AUTHENTICATION_REQUEST:
if (!realm->auth_pool) {
-
DEBUG2(" rlm_realm:
Authentication realm is LOCAL.");
- return
0
;
+
RDEBUG2("
Authentication realm is LOCAL.");
+ return
RLM_MODULE_OK
;
}
break;
}
}
break;
}
- DEBUG2(" rlm_realm: Proxying request from user %s to realm %s",
+#ifdef WITH_PROXY
+ RDEBUG2("Proxying request from user %s to realm %s",
username, realm->name);
/*
username, realm->name);
/*
@@
-239,7
+248,7
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
*/
if (request->packet->code != PW_ACCOUNTING_REQUEST) {
*returnrealm = realm;
*/
if (request->packet->code != PW_ACCOUNTING_REQUEST) {
*returnrealm = realm;
- return
0
;
+ return
RLM_MODULE_UPDATED
;
}
/*
}
/*
@@
-255,7
+264,7
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
* that has already proxied the request, we don't need to do
* it again.
*/
* that has already proxied the request, we don't need to do
* it again.
*/
- vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO);
+ vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO
, 0
);
if (vp && (request->packet->src_ipaddr.af == AF_INET)) {
int i;
fr_ipaddr_t my_ipaddr;
if (vp && (request->packet->src_ipaddr.af == AF_INET)) {
int i;
fr_ipaddr_t my_ipaddr;
@@
-273,8
+282,8
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
for (i = 0; i < realm->acct_pool->num_home_servers; i++) {
if (fr_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
&my_ipaddr) == 0) {
for (i = 0; i < realm->acct_pool->num_home_servers; i++) {
if (fr_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
&my_ipaddr) == 0) {
- DEBUG2("Suppressing proxy due to FreeRADIUS-Proxied-To");
- return
0
;
+
R
DEBUG2("Suppressing proxy due to FreeRADIUS-Proxied-To");
+ return
RLM_MODULE_OK
;
}
}
}
}
@@
-298,18
+307,20
@@
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
if ((fr_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
&request->packet->src_ipaddr) == 0) &&
(realm->acct_pool->servers[i]->port == request->packet->src_port)) {
if ((fr_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
&request->packet->src_ipaddr) == 0) &&
(realm->acct_pool->servers[i]->port == request->packet->src_port)) {
- DEBUG2("Suppressing proxy because packet was already sent to a server in that realm");
- return
0
;
+
R
DEBUG2("Suppressing proxy because packet was already sent to a server in that realm");
+ return
RLM_MODULE_OK
;
}
}
}
}
}
}
+#endif
/*
* We got this far, which means we have a realm, set returnrealm
*/
*returnrealm = realm;
/*
* We got this far, which means we have a realm, set returnrealm
*/
*returnrealm = realm;
- return 0;
+
+ return RLM_MODULE_UPDATED;
}
/*
}
/*
@@
-389,6
+400,7
@@
static int realm_instantiate(CONF_SECTION *conf, void **instance)
*/
static int realm_authorize(void *instance, REQUEST *request)
{
*/
static int realm_authorize(void *instance, REQUEST *request)
{
+ int rcode;
REALM *realm;
/*
REALM *realm;
/*
@@
-396,17
+408,14
@@
static int realm_authorize(void *instance, REQUEST *request)
* If not, return without adding a Proxy-To-Realm
* attribute.
*/
* If not, return without adding a Proxy-To-Realm
* attribute.
*/
- if (check_for_realm(instance, request, &realm) < 0) {
- return RLM_MODULE_FAIL;
- }
- if (!realm) {
- return RLM_MODULE_NOOP;
- }
+ rcode = check_for_realm(instance, request, &realm);
+ if (rcode != RLM_MODULE_UPDATED) return rcode;
+ if (!realm) return RLM_MODULE_NOOP;
/*
* Maybe add a Proxy-To-Realm attribute to the request.
*/
/*
* Maybe add a Proxy-To-Realm attribute to the request.
*/
-
DEBUG2(" rlm_realm:
Preparing to proxy authentication request to realm \"%s\"\n",
+
RDEBUG2("
Preparing to proxy authentication request to realm \"%s\"\n",
realm->name);
add_proxy_to_realm(&request->config_items, realm);
realm->name);
add_proxy_to_realm(&request->config_items, realm);
@@
-419,6
+428,7
@@
static int realm_authorize(void *instance, REQUEST *request)
*/
static int realm_preacct(void *instance, REQUEST *request)
{
*/
static int realm_preacct(void *instance, REQUEST *request)
{
+ int rcode;
const char *name = (char *)request->username->vp_strvalue;
REALM *realm;
const char *name = (char *)request->username->vp_strvalue;
REALM *realm;
@@
-431,18
+441,14
@@
static int realm_preacct(void *instance, REQUEST *request)
* If not, return without adding a Proxy-To-Realm
* attribute.
*/
* If not, return without adding a Proxy-To-Realm
* attribute.
*/
- if (check_for_realm(instance, request, &realm) < 0) {
- return RLM_MODULE_FAIL;
- }
- if (!realm) {
- return RLM_MODULE_NOOP;
- }
-
+ rcode = check_for_realm(instance, request, &realm);
+ if (rcode != RLM_MODULE_UPDATED) return rcode;
+ if (!realm) return RLM_MODULE_NOOP;
/*
* Maybe add a Proxy-To-Realm attribute to the request.
*/
/*
* Maybe add a Proxy-To-Realm attribute to the request.
*/
-
DEBUG2(" rlm_realm:
Preparing to proxy accounting request to realm \"%s\"\n",
+
RDEBUG2("
Preparing to proxy accounting request to realm \"%s\"\n",
realm->name);
add_proxy_to_realm(&request->config_items, realm);
realm->name);
add_proxy_to_realm(&request->config_items, realm);