*/
int paircmp(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check, VALUE_PAIR **reply)
{
- VALUE_PAIR *check_item = check;
+ VALUE_PAIR *check_item;
VALUE_PAIR *auth_item;
int result = 0;
int compare;
regex_t reg;
#endif
- while (result == 0 && check_item != NULL) {
+ for (check_item = check; check_item != NULL; check_item = check_item->next) {
/*
* If the user is setting a configuration value,
* then don't bother comparing it to any attributes
*/
if ((check_item->operator == T_OP_SET) ||
(check_item->operator == T_OP_ADD)) {
- check_item = check_item->next;
continue;
}
* These are "server" check items.
*/
case PW_CRYPT_PASSWORD:
- check_item = check_item->next;
continue;
break;
*/
case PW_PASSWORD:
if (pairfind(request, PW_PASSWORD) == NULL) {
- check_item = check_item->next;
continue;
}
break;
*/
other = otherattr(check_item->attribute);
auth_item = request;
+ try_again:
for (; auth_item != NULL; auth_item = auth_item->next) {
if (auth_item->attribute == other || other == 0)
break;
}
+ /*
+ * Not found, it's not a match.
+ */
if (auth_item == NULL) {
- result = -1;
- continue;
+ return -1;
}
/*
"reverting to '=='", check_item->name);
/*FALLTHRU*/
case T_OP_CMP_EQ:
- if (compare != 0) return -1;
+ if (compare != 0) result = -1;
break;
case T_OP_NE:
- if (compare == 0) return -1;
+ if (compare == 0) result = -1;
break;
case T_OP_LT:
- if (compare >= 0) return -1;
+ if (compare >= 0) result = -1;
break;
case T_OP_GT:
- if (compare <= 0) return -1;
+ if (compare <= 0) result = -1;
break;
case T_OP_LE:
- if (compare > 0) return -1;
+ if (compare > 0) result = -1;
break;
case T_OP_GE:
- if (compare < 0) return -1;
+ if (compare < 0) result = -1;
break;
#ifdef HAVE_REGEX_H
compare = regexec(®, (char *)auth_item->strvalue,
0, NULL, 0);
regfree(®);
- if (compare != 0) return -1;
+ if (compare != 0) result = -1;
break;
case T_OP_REG_NE:
compare = regexec(®, (char *)auth_item->strvalue,
0, NULL, 0);
regfree(®);
- if (compare == 0) return -1;
+ if (compare == 0) result = -1;
break;
#endif
+ } /* switch over the operator of the check item */
+
+ /*
+ * This attribute didn't match, but maybe there's
+ * another of the same attribute, which DOES match.
+ */
+ if (result != 0) {
+ auth_item = auth_item->next;
+ goto try_again;
}
- if (result == 0)
- check_item = check_item->next;
- }
+ } /* for every entry in the check item list */
- return result;
+ return 0; /* it matched */
}
/*