*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
- * Copyright 2000 The FreeRADIUS server project
+ * Copyright 2000,2006 The FreeRADIUS server project
* Copyright 2000 Alan DeKok <aland@ox.org>
*/
-static const char rcsid[] = "$Id$";
+#include <freeradius-devel/ident.h>
+RCSID("$Id$")
-#include "autoconf.h"
-#include "libradius.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
+#include <freeradius-devel/radiusd.h>
#ifdef HAVE_REGEX_H
# include <regex.h>
#endif
#endif
-#include "radiusd.h"
-
struct cmp {
int attribute;
int otherattr;
/*
* Compare 2 attributes. May call the attribute compare function.
*/
-static int paircompare(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check,
+static int compare_pair(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check,
VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
{
int ret = -2;
struct cmp *c;
/*
- * Sanity check.
- */
-#if 0
- if (request->attribute != check->attribute)
- return -2;
-#endif
-
- /*
* Check for =* and !* and return appropriately
*/
if( check->operator == T_OP_CMP_TRUE )
/*
* See if there is a special compare function.
+ *
+ * FIXME: use new RB-Tree code.
*/
for (c = cmp; c; c = c->next)
if (c->attribute == check->attribute)
return (c->compare)(c->instance, req, request, check,
check_pairs, reply_pairs);
+ if (!request) return -1; /* doesn't exist, don't compare it */
+
switch(check->type) {
#ifdef ASCEND_BINARY
/*
ret = 1; /* NOT equal */
break;
}
- ret = memcmp(request->strvalue, check->strvalue,
+ ret = memcmp(request->vp_strvalue, check->vp_strvalue,
request->length);
break;
case PW_TYPE_STRING:
- ret = strcmp((char *)request->strvalue,
- (char *)check->strvalue);
+ if (check->flags.caseless) {
+ ret = strcasecmp((char *)request->vp_strvalue,
+ (char *)check->vp_strvalue);
+ } else {
+ ret = strcmp((char *)request->vp_strvalue,
+ (char *)check->vp_strvalue);
+ }
break;
case PW_TYPE_INTEGER:
case PW_TYPE_DATE:
ret = request->lvalue - check->lvalue;
break;
case PW_TYPE_IPADDR:
- ret = ntohl(request->lvalue) - ntohl(check->lvalue);
+ ret = ntohl(request->vp_ipaddr) - ntohl(check->vp_ipaddr);
+ break;
+ case PW_TYPE_IPV6ADDR:
+ ret = memcmp(&request->vp_ipv6addr, &check->vp_ipv6addr,
+ sizeof(request->vp_ipv6addr));
break;
+
+ case PW_TYPE_IPV6PREFIX:
+ ret = memcmp(&request->vp_ipv6prefix, &check->vp_ipv6prefix,
+ sizeof(request->vp_ipv6prefix));
+ break;
+
+ case PW_TYPE_IFID:
+ ret = memcmp(&request->vp_ifid, &check->vp_ifid,
+ sizeof(request->vp_ifid));
+ break;
+
default:
break;
}
*
* Return 0 on match.
*/
-int paircmp(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check, VALUE_PAIR **reply)
+int paircompare(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check, VALUE_PAIR **reply)
{
VALUE_PAIR *check_item;
VALUE_PAIR *auth_item;
*
* This hack makes CHAP-Password work..
*/
- case PW_PASSWORD:
- if (pairfind(request, PW_PASSWORD) == NULL) {
+ case PW_USER_PASSWORD:
+ if (pairfind(request, PW_USER_PASSWORD) == NULL) {
continue;
}
break;
*/
if (check_item->flags.do_xlat) {
int rcode;
- char buffer[sizeof(check_item->strvalue)];
+ char buffer[sizeof(check_item->vp_strvalue)];
check_item->flags.do_xlat = 0;
rcode = radius_xlat(buffer, sizeof(buffer),
- check_item->strvalue,
+ check_item->vp_strvalue,
req, NULL);
/*
/*
* OK it is present now compare them.
*/
- compare = paircompare(req, auth_item, check_item, check, reply);
+ compare = compare_pair(req, auth_item, check_item, check, reply);
switch (check_item->operator) {
case T_OP_EQ:
default:
- radlog(L_ERR, "Invalid operator for item %s: "
+ radlog(L_INFO, "Invalid operator for item %s: "
"reverting to '=='", check_item->name);
/*FALLTHRU*/
case T_OP_CMP_TRUE: /* compare always == 0 */
case T_OP_REG_EQ:
{
int i;
- regmatch_t rxmatch[9];
+ regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
+
+ if ((auth_item->type == PW_TYPE_IPADDR) &&
+ (auth_item->vp_strvalue[0] == '\0')) {
+ inet_ntop(AF_INET, &(auth_item->lvalue),
+ auth_item->vp_strvalue,
+ sizeof(auth_item->vp_strvalue));
+ }
/*
* Include substring matches.
*/
- regcomp(®, (char *)check_item->strvalue,
+ regcomp(®, (char *)check_item->vp_strvalue,
REG_EXTENDED);
compare = regexec(®,
- (char *)auth_item->strvalue,
+ (char *)auth_item->vp_strvalue,
REQUEST_MAX_REGEX + 1,
rxmatch, 0);
regfree(®);
*/
for (i = 0; i <= REQUEST_MAX_REGEX; i++) {
char *p;
- char buffer[sizeof(check_item->strvalue)];
+ char buffer[sizeof(check_item->vp_strvalue)];
/*
* Didn't match: delete old
* Copy substring into buffer.
*/
memcpy(buffer,
- auth_item->strvalue + rxmatch[i].rm_so,
+ auth_item->vp_strvalue + rxmatch[i].rm_so,
rxmatch[i].rm_eo - rxmatch[i].rm_so);
buffer[rxmatch[i].rm_eo - rxmatch[i].rm_so] = '\0';
break;
case T_OP_REG_NE:
- regcomp(®, (char *)check_item->strvalue, REG_EXTENDED|REG_NOSUB);
- compare = regexec(®, (char *)auth_item->strvalue,
+ if ((auth_item->type == PW_TYPE_IPADDR) &&
+ (auth_item->vp_strvalue[0] == '\0')) {
+ inet_ntop(AF_INET, &(auth_item->lvalue),
+ auth_item->vp_strvalue,
+ sizeof(auth_item->vp_strvalue));
+ }
+
+ regcomp(®, (char *)check_item->vp_strvalue, REG_EXTENDED|REG_NOSUB);
+ compare = regexec(®, (char *)auth_item->vp_strvalue,
0, NULL, 0);
regfree(®);
if (compare == 0) result = -1;
}
/*
- * Compare two attributes simply. Calls paircompare.
+ * Compare two attributes simply. Calls compare_pair.
*/
int simplepaircmp(REQUEST *req, VALUE_PAIR *first, VALUE_PAIR *second)
{
- return paircompare( req, first, second, NULL, NULL );
-}
-
-
-/*
- * Compare a Connect-Info and a Connect-Rate
- */
-static int connectcmp(void *instance,
- REQUEST *req UNUSED,
- VALUE_PAIR *request,
- VALUE_PAIR *check,
- VALUE_PAIR *check_pairs,
- VALUE_PAIR **reply_pairs)
-{
- int rate;
-
- instance = instance;
- check_pairs = check_pairs; /* shut the compiler up */
- reply_pairs = reply_pairs;
-
- rate = atoi((char *)request->strvalue);
- return rate - check->lvalue;
-}
-
-
-/*
- * Compare a portno with a range.
- */
-static int portcmp(void *instance,
- REQUEST *req UNUSED, VALUE_PAIR *request, VALUE_PAIR *check,
- VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
-{
- char buf[MAX_STRING_LEN];
- char *s, *p;
- uint32_t lo, hi;
- uint32_t port = request->lvalue;
-
- instance = instance;
- check_pairs = check_pairs; /* shut the compiler up */
- reply_pairs = reply_pairs;
-
- if ((strchr((char *)check->strvalue, ',') == NULL) &&
- (strchr((char *)check->strvalue, '-') == NULL)) {
- return (request->lvalue - check->lvalue);
- }
-
- /* Same size */
- strcpy(buf, (char *)check->strvalue);
- s = strtok(buf, ",");
-
- while (s != NULL) {
- if ((p = strchr(s, '-')) != NULL)
- p++;
- else
- p = s;
- lo = strtoul(s, NULL, 10);
- hi = strtoul(p, NULL, 10);
- if (lo <= port && port <= hi) {
- return 0;
- }
- s = strtok(NULL, ",");
- }
-
- return -1;
-}
-
-/*
- * Compare prefix/suffix.
- *
- * If they compare:
- * - if PW_STRIP_USER_NAME is present in check_pairs,
- * strip the username of prefix/suffix.
- * - if PW_STRIP_USER_NAME is not present in check_pairs,
- * add a PW_STRIPPED_USER_NAME to the request.
- */
-static int presufcmp(void *instance,
- REQUEST *req UNUSED,
- VALUE_PAIR *request, VALUE_PAIR *check,
- VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
-{
- VALUE_PAIR *vp;
- char *name = (char *)request->strvalue;
- char rest[MAX_STRING_LEN];
- int len, namelen;
- int ret = -1;
-
- instance = instance;
- reply_pairs = reply_pairs; /* shut the compiler up */
-
-#if 0 /* DEBUG */
- printf("Comparing %s and %s, check->attr is %d\n",
- name, check->strvalue, check->attribute);
-#endif
-
- len = strlen((char *)check->strvalue);
- switch (check->attribute) {
- case PW_PREFIX:
- ret = strncmp(name, (char *)check->strvalue, len);
- if (ret == 0 && rest)
- strcpy(rest, name + len);
- break;
- case PW_SUFFIX:
- namelen = strlen(name);
- if (namelen < len)
- break;
- ret = strcmp(name + namelen - len,
- (char *)check->strvalue);
- if (ret == 0 && rest) {
- strNcpy(rest, name, namelen - len + 1);
- }
- break;
- }
- if (ret != 0)
- return ret;
-
- if ((vp = pairfind(check_pairs, PW_STRIP_USER_NAME)) != NULL) {
- if (vp->lvalue == 1) {
- /*
- * I don't think we want to update the User-Name
- * attribute in place... - atd
- */
- strcpy((char *)request->strvalue, rest);
- request->length = strlen(rest);
- } else {
- return ret;
- }
- } else {
- if ((vp = pairfind(check_pairs, PW_STRIPPED_USER_NAME)) != NULL){
- strcpy((char *)vp->strvalue, rest);
- vp->length = strlen(rest);
- } else if ((vp = paircreate(PW_STRIPPED_USER_NAME,
- PW_TYPE_STRING)) != NULL) {
- strcpy((char *)vp->strvalue, rest);
- vp->length = strlen(rest);
- pairadd(&request, vp);
- } /* else no memory! Die, die!: FIXME!! */
- }
-
- return ret;
-}
-
-
-/*
- * Compare the current time to a range.
- */
-static int timecmp(void *instance,
- REQUEST *req UNUSED,
- VALUE_PAIR *request, VALUE_PAIR *check,
- VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
-{
- instance = instance;
- request = request; /* shut the compiler up */
- check_pairs = check_pairs;
- reply_pairs = reply_pairs;
-
- if (timestr_match((char *)check->strvalue,
- req ? req->timestamp : time(NULL)) >= 0) {
- return 0;
- }
- return -1;
-}
-
-/*
- * Matches if there is NO SUCH ATTRIBUTE as the one named
- * in check->strvalue. If there IS such an attribute, it
- * doesn't match.
- *
- * This is ugly, and definitely non-optimal. We should be
- * doing the lookup only ONCE, and storing the result
- * in check->lvalue...
- */
-static int attrcmp(void *instance,
- REQUEST *req UNUSED,
- VALUE_PAIR *request, VALUE_PAIR *check,
- VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
-{
- VALUE_PAIR *pair;
- DICT_ATTR *dict;
- int attr;
-
- instance = instance;
- check_pairs = check_pairs; /* shut the compiler up */
- reply_pairs = reply_pairs;
-
- if (check->lvalue == 0) {
- dict = dict_attrbyname((char *)check->strvalue);
- if (dict == NULL) {
- return -1;
- }
- attr = dict->attr;
- } else {
- attr = check->lvalue;
- }
-
- /*
- * If there's no such attribute, then return MATCH,
- * else FAILURE.
- */
- pair = pairfind(request, attr);
- if (pair == NULL) {
- return 0;
- }
-
- return -1;
-}
-
-/*
- * Compare the expiration date.
- */
-static int expirecmp(void *instance, REQUEST *req UNUSED,
- VALUE_PAIR *request, VALUE_PAIR *check,
- VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
-{
- time_t now;
-
- instance = instance;
- request = request; /* shut the compiler up */
- check_pairs = check_pairs;
- reply_pairs = reply_pairs;
-
- /*
- * FIXME! This should be request->timestamp!
- */
- now = time(NULL);
-
- if (now <= (signed)check->lvalue) {
- return 0;
- }
-
- return +1;
-}
-
-/*
- * Compare the request packet type.
- */
-static int packetcmp(void *instance UNUSED, REQUEST *req,
- VALUE_PAIR *request UNUSED,
- VALUE_PAIR *check,
- VALUE_PAIR *check_pairs UNUSED,
- VALUE_PAIR **reply_pairs UNUSED)
-{
- if (req->packet->code == check->lvalue) {
- return 0;
- }
-
- return 1;
-}
-
-/*
- * Compare the response packet type.
- */
-static int responsecmp(void *instance UNUSED,
- REQUEST *req,
- VALUE_PAIR *request UNUSED,
- VALUE_PAIR *check,
- VALUE_PAIR *check_pairs UNUSED,
- VALUE_PAIR **reply_pairs UNUSED)
-{
- if (req->reply->code == check->lvalue) {
- return 0;
- }
-
- return 1;
+ return compare_pair( req, first, second, NULL, NULL );
}
-/*
- * Register server-builtin special attributes.
- */
-void pair_builtincompare_init(void)
-{
- paircompare_register(PW_NAS_PORT, -1, portcmp, NULL);
- paircompare_register(PW_PREFIX, PW_USER_NAME, presufcmp, NULL);
- paircompare_register(PW_SUFFIX, PW_USER_NAME, presufcmp, NULL);
- paircompare_register(PW_CONNECT_RATE, PW_CONNECT_INFO, connectcmp, NULL);
- paircompare_register(PW_CURRENT_TIME, 0, timecmp, NULL);
- paircompare_register(PW_NO_SUCH_ATTRIBUTE, 0, attrcmp, NULL);
- paircompare_register(PW_EXPIRATION, 0, expirecmp, NULL);
- paircompare_register(PW_PACKET_TYPE, 0, packetcmp, NULL);
- paircompare_register(PW_RESPONSE_PACKET_TYPE, 0, responsecmp, NULL);
-}
/*
* Move pairs, replacing/over-writing them, and doing xlat.
*/
if (i->flags.do_xlat) {
int rcode;
- char buffer[sizeof(i->strvalue)];
+ char buffer[sizeof(i->vp_strvalue)];
i->flags.do_xlat = 0;
rcode = radius_xlat(buffer, sizeof(buffer),
- i->strvalue,
+ i->vp_strvalue,
req, NULL);
/*
*/
case T_OP_SUB: /* -= */
if (found) {
- if (!i->strvalue[0] ||
- (strcmp((char *)found->strvalue,
- (char *)i->strvalue) == 0)){
+ if (!i->vp_strvalue[0] ||
+ (strcmp((char *)found->vp_strvalue,
+ (char *)i->vp_strvalue) == 0)){
pairdelete(to, found->attribute);
/*