Regularize error messages

[freeradius.git] / src / modules / rlm_eap / rlm_eap.c

diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c
index 7f70fe2..a4391e6 100644 (file)
--- a/src/modules/rlm_eap/rlm_eap.c
+++ b/src/modules/rlm_eap/rlm_eap.c
@@ -257,6 +257,11 @@ static int eap_authenticate(void *instance, REQUEST *request)
 
        inst = (rlm_eap_t *) instance;
 
+       if (!pairfind(request->packet->vps, PW_EAP_MESSAGE)) {
+               RDEBUG("ERROR: You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!");
+               return RLM_MODULE_INVALID;
+       }
+
        /*
         *      Get the eap packet  to start with
         */
@@ -339,9 +344,9 @@ static int eap_authenticate(void *instance, REQUEST *request)
                 *      Some simple sanity checks.  These should really
                 *      be handled by the radius library...
                 */
-               vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE);
+               vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE, 0);
                if (vp) {
-                       vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR);
+                       vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0);
                        if (!vp) {
                                vp = pairmake("Message-Authenticator",
                                              "0x00", T_OP_EQ);
@@ -355,7 +360,7 @@ static int eap_authenticate(void *instance, REQUEST *request)
                 *      set to 127.0.0.1 for tunneled requests, and
                 *      we don't want to tell the world that...
                 */
-               pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO);
+               pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS);
 
                RDEBUG2("  Tunneled session will be proxied.  Not doing EAP.");
                return RLM_MODULE_HANDLED;
@@ -422,7 +427,7 @@ static int eap_authenticate(void *instance, REQUEST *request)
                /*
                 *      Doesn't exist, add it in.
                 */
-               vp = pairfind(request->reply->vps, PW_USER_NAME);
+               vp = pairfind(request->reply->vps, PW_USER_NAME, 0);
                if (!vp) {
                        vp = pairmake("User-Name", "",
                                      T_OP_EQ);
@@ -502,7 +507,7 @@ static int eap_authorize(void *instance, REQUEST *request)
         *      and to get excited if it doesn't appear.
         */
 
-       vp = pairfind(request->config_items, PW_AUTH_TYPE);
+       vp = pairfind(request->config_items, PW_AUTH_TYPE, 0);
        if ((!vp) ||
            (vp->vp_integer != PW_AUTHTYPE_REJECT)) {
                vp = pairmake("Auth-Type", inst->xlat_name, T_OP_EQ);
@@ -512,6 +517,8 @@ static int eap_authorize(void *instance, REQUEST *request)
                        return RLM_MODULE_FAIL;
                }
                pairadd(&request->config_items, vp);
+       } else {
+               RDEBUG2("WARNING: Auth-Type already set.  Not setting to EAP");
        }
 
        if (status == EAP_OK) return RLM_MODULE_OK;
@@ -605,7 +612,7 @@ static int eap_post_proxy(void *inst, REQUEST *request)
                        /*
                         *      Doesn't exist, add it in.
                         */
-                       vp = pairfind(request->reply->vps, PW_USER_NAME);
+                       vp = pairfind(request->reply->vps, PW_USER_NAME, 0);
                        if (!vp) {
                                vp = pairmake("User-Name", request->username->vp_strvalue,
                                              T_OP_EQ);
@@ -632,7 +639,7 @@ static int eap_post_proxy(void *inst, REQUEST *request)
                 *      This is vendor Cisco (9), Cisco-AVPair
                 *      attribute (1)
                 */
-               vp = pairfind(vp, (9 << 16)  | 1);
+               vp = pairfind(vp, 1, 9);
                if (!vp) {
                        return RLM_MODULE_NOOP;
                }