inst = (rlm_eap_t *) instance;
+ if (!pairfind(request->packet->vps, PW_EAP_MESSAGE)) {
+ RDEBUG("ERROR: You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!");
+ return RLM_MODULE_INVALID;
+ }
+
/*
* Get the eap packet to start with
*/
* Some simple sanity checks. These should really
* be handled by the radius library...
*/
- vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE);
+ vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE, 0);
if (vp) {
- vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR);
+ vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0);
if (!vp) {
vp = pairmake("Message-Authenticator",
"0x00", T_OP_EQ);
* set to 127.0.0.1 for tunneled requests, and
* we don't want to tell the world that...
*/
- pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO);
+ pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS);
RDEBUG2(" Tunneled session will be proxied. Not doing EAP.");
return RLM_MODULE_HANDLED;
/*
* Doesn't exist, add it in.
*/
- vp = pairfind(request->reply->vps, PW_USER_NAME);
+ vp = pairfind(request->reply->vps, PW_USER_NAME, 0);
if (!vp) {
vp = pairmake("User-Name", "",
T_OP_EQ);
* and to get excited if it doesn't appear.
*/
- vp = pairfind(request->config_items, PW_AUTH_TYPE);
+ vp = pairfind(request->config_items, PW_AUTH_TYPE, 0);
if ((!vp) ||
(vp->vp_integer != PW_AUTHTYPE_REJECT)) {
vp = pairmake("Auth-Type", inst->xlat_name, T_OP_EQ);
return RLM_MODULE_FAIL;
}
pairadd(&request->config_items, vp);
+ } else {
+ RDEBUG2("WARNING: Auth-Type already set. Not setting to EAP");
}
if (status == EAP_OK) return RLM_MODULE_OK;
/*
* Doesn't exist, add it in.
*/
- vp = pairfind(request->reply->vps, PW_USER_NAME);
+ vp = pairfind(request->reply->vps, PW_USER_NAME, 0);
if (!vp) {
vp = pairmake("User-Name", request->username->vp_strvalue,
T_OP_EQ);
* This is vendor Cisco (9), Cisco-AVPair
* attribute (1)
*/
- vp = pairfind(vp, (9 << 16) | 1);
+ vp = pairfind(vp, 1, 9);
if (!vp) {
return RLM_MODULE_NOOP;
}