*extra = '\0';
}
- radlog_request(L_AUTH, 0, request, "%s: [%s%s%s] (%s)%s",
+ RAUTH("%s: [%s%s%s] (%s)%s",
msg,
clean_username,
logit ? "/" : "",
* one found will actually be used.
*/
if (( auth_type_count > 1) && (debug_flag)) {
- radlog_request(L_ERR, 0, request, "Warning: Found %d auth-types on request for user '%s'",
+ RERROR("Warning: Found %d auth-types on request for user '%s'",
auth_type_count, request->username->vp_strvalue);
}
}
if (fr_condition_tokenize(listener, argv[0], &debug_condition, &error) < 0) {
- radlog(L_ERR, "Failed parsing condition '%s': %s", argv[0], error);
+ ERROR("Failed parsing condition '%s': %s", argv[0], error);
}
return 0;
end = strchr(ptr, '}');
if (end == NULL) {
*p = '\0';
- radlog(L_INFO, "%s[%d]: Variable expansion missing }",
+ INFO("%s[%d]: Variable expansion missing }",
cf, *lineno);
return NULL;
}
end = strchr(ptr, '}');
if (end == NULL) {
*p = '\0';
- radlog(L_INFO, "%s[%d]: Environment variable expansion missing }",
+ INFO("%s[%d]: Environment variable expansion missing }",
cf, *lineno);
return NULL;
}
time_t *mtime;
CONF_DATA *cd;
- DEBUG2( "including configuration file %s", filename);
+ DEBUG2("including configuration file %s", filename);
fp = fopen(filename, "r");
if (!fp) {
*/
pthread_mutex_unlock(&pool->mutex);
- radlog(L_INFO, "%s: Opening additional connection (%i)",
+ INFO("%s: Opening additional connection (%i)",
pool->log_prefix, pool->count);
this = rad_malloc(sizeof(*this));
return 0;
}
- radlog(L_INFO, "%s: Opening connection successful (%i)",
+ INFO("%s: Opening connection successful (%i)",
pool->log_prefix, pool->count);
}
pool->active--;
}
- radlog(L_INFO, "%s: Deleting connection (%i)", pool->log_prefix,
+ INFO("%s: Deleting connection (%i)", pool->log_prefix,
this->number);
fr_connection_close(pool, this);
for (this = pool->head; this != NULL; this = next) {
next = this->next;
- radlog(L_INFO, "%s: Closing connection (%i)", pool->log_prefix,
+ INFO("%s: Closing connection (%i)", pool->log_prefix,
this->number);
fr_connection_close(pool, this);
do_delete:
if ((pool->num <= pool->min) &&
(pool->last_complained < now)) {
- radlog(L_INFO, "%s: WARNING: You probably need to "
+ INFO("%s: WARNING: You probably need to "
"lower \"min\"", pool->log_prefix);
pool->last_complained = now;
if ((pool->idle_timeout > 0) &&
((this->last_used + pool->idle_timeout) < now)) {
- radlog(L_INFO, "%s: Closing connection (%i): Hit idle_timeout, "
+ INFO("%s: Closing connection (%i): Hit idle_timeout, "
"was idle for %u seconds", pool->log_prefix, this->number,
(int) (now - this->last_used));
goto do_delete;
rad_assert(idle != NULL);
- radlog(L_INFO, "%s: Closing connection (%i): Too many "
+ INFO("%s: Closing connection (%i): Too many "
"free connections (%d > %d)", pool->log_prefix,
idle->number, spare, pool->spare);
fr_connection_close(pool, idle);
rad_assert(data->vps == NULL);
if (data->one_shot) {
- radlog(L_INFO, "Finished reading \"one shot\" detail file - Exiting");
+ INFO("Finished reading \"one shot\" detail file - Exiting");
radius_signal_self(RADIUS_SIGNAL_SELF_EXIT);
}
char *p;
#ifndef HAVE_GLOB_H
- radlog(L_INFO, "WARNING: Detail file \"%s\" appears to use file globbing, but it is not supported on this system.", data->filename);
+ INFO("WARNING: Detail file \"%s\" appears to use file globbing, but it is not supported on this system.", data->filename);
#endif
strlcpy(buffer, data->filename, sizeof(buffer));
p = strrchr(buffer, FR_DIR_SEP);
/*
* FIXME: Print client IP/port, and server IP/port.
*/
- radlog(L_INFO, "Ignoring new connection due to client max_connections (%d)", client->limit.max_connections);
+ INFO("Ignoring new connection due to client max_connections (%d)", client->limit.max_connections);
close(newfd);
return 0;
}
/*
* FIXME: Print client IP/port, and server IP/port.
*/
- radlog(L_INFO, "Ignoring new connection due to socket max_connections");
+ INFO("Ignoring new connection due to socket max_connections");
close(newfd);
return 0;
}
if (rad_send(request->reply, request->packet,
request->client->secret) < 0) {
- radlog_request(L_ERR, 0, request, "Failed sending reply: %s",
+ RERROR("Failed sending reply: %s",
fr_strerror());
return -1;
}
if (rad_send(request->reply, request->packet,
request->client->secret) < 0) {
- radlog_request(L_ERR, 0, request, "Failed sending reply: %s",
+ RERROR("Failed sending reply: %s",
fr_strerror());
return -1;
}
if (rad_send(request->proxy, NULL,
request->home_server->secret) < 0) {
- radlog_request(L_ERR, 0, request, "Failed sending proxied request: %s",
+ RERROR("Failed sending proxied request: %s",
fr_strerror());
return -1;
}
if (rad_encode(request->reply, request->packet,
request->client->secret) < 0) {
- radlog_request(L_ERR, 0, request, "Failed encoding packet: %s",
+ RERROR("Failed encoding packet: %s",
fr_strerror());
return -1;
}
if (rad_sign(request->reply, request->packet,
request->client->secret) < 0) {
- radlog_request(L_ERR, 0, request, "Failed signing packet: %s",
+ RERROR("Failed signing packet: %s",
fr_strerror());
return -1;
}
static int proxy_socket_encode(UNUSED rad_listen_t *listener, REQUEST *request)
{
if (rad_encode(request->proxy, NULL, request->home_server->secret) < 0) {
- radlog_request(L_ERR, 0, request, "Failed encoding proxied packet: %s",
+ RERROR("Failed encoding proxied packet: %s",
fr_strerror());
return -1;
}
if (rad_sign(request->proxy, NULL, request->home_server->secret) < 0) {
- radlog_request(L_ERR, 0, request, "Failed signing proxied packet: %s",
+ RERROR("Failed signing proxied packet: %s",
fr_strerror());
return -1;
}
void log_talloc(char const *msg)
{
- radlog(L_INFO, "%s", msg);
+ INFO("%s", msg);
}
void log_talloc_report(TALLOC_CTX *ctx)
talloc_report_full(NULL, fd);
} else {
do {
- radlog(L_INFO, "Context level %i", i++);
+ INFO("Context level %i", i++);
talloc_report_full(ctx, fd);
} while ((ctx = talloc_parent(ctx)) && (talloc_get_name(ctx) != null_ctx)); /* Stop before we hit NULL ctx */
fr_set_dumpable();
if (allow_core_dumps) {
- radlog(L_INFO, "Core dumps are enabled.");
+ INFO("Core dumps are enabled.");
}
return 1;
#endif
cf_set_strict(strict);
- radlog(L_INFO, "Starting - reading configuration files ...");
+ INFO("Starting - reading configuration files ...");
/* Initialize the dictionary */
if (!mainconfig.dictionary_dir) mainconfig.dictionary_dir = radius_dir;
CONF_SECTION *cs;
char buffer[1024];
- radlog(L_INFO, "HUP - Re-reading configuration files");
+ INFO("HUP - Re-reading configuration files");
/* Read the configuration file */
snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
*/
hup_logfile();
- radlog(L_INFO, "HUP - loading modules");
+ INFO("HUP - loading modules");
/*
* Prefer the new module configuration.
*/
blocked = (request->master_state == REQUEST_STOP_PROCESSING);
if (blocked) {
- radlog(L_INFO, "WARNING: Module %s became unblocked for request %u",
+ INFO("WARNING: Module %s became unblocked for request %u",
sp->modinst->entry->name, request->number);
}
}
if (debug_flag == 0) {
- radlog(L_INFO, "Loaded virtual server %s",
+ INFO("Loaded virtual server %s",
(name != NULL) ? name : "<default>");
}
return 0;
}
- radlog(L_INFO, " Module: Reloaded module \"%s\"", node->name);
+ INFO(" Module: Reloaded module \"%s\"", node->name);
module_instance_free_old(cs, node, when);
*/
modules = cf_section_sub_find(config, "modules");
if (!modules) {
- radlog(L_INFO, "WARNING: Cannot find a \"modules\" section in the configuration file!");
+ INFO("WARNING: Cannot find a \"modules\" section in the configuration file!");
}
DEBUG2("%s: #### Instantiating modules ####", mainconfig.name);
*/
if (request->reply->data) break;
- radlog_request(L_ERR, 0, request,
- "Received conflicting packet from "
+ RERROR("Received conflicting packet from "
"client %s port %d - ID: %d due to "
"unfinished request. Giving up on old request.",
request->client->shortname,
ERROR("Dropping request (%d is too many): from client %s port %d - ID: %d", count,
client->shortname,
packet->src_port, packet->id);
- radlog(L_INFO, "WARNING: Please check the configuration file.\n"
+ INFO("WARNING: Please check the configuration file.\n"
"\tThe value for 'max_requests' is probably set too low.\n");
exec_trigger(NULL, NULL, "server.max_requests", true);
* Remember the request in the list.
*/
if (!fr_packet_list_insert(pl, &request->packet)) {
- radlog_request(L_ERR, 0, request, "Failed to insert request in the list of live requests: discarding it");
+ RERROR("Failed to insert request in the list of live requests: discarding it");
request_done(request, FR_ACTION_DONE);
return 1;
}
if (!fr_packet_list_insert(proxy_list, &request->proxy)) {
fr_packet_list_id_free(proxy_list, request->proxy);
PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
- radlog_request(L_PROXY, 0, request, "Failed to insert entry into proxy list.");
+ RPROXY("Failed to insert entry into proxy list.");
return 0;
}
if (!proxy_p) {
PTHREAD_MUTEX_UNLOCK(&proxy_mutex);
- radlog(L_PROXY, "No outstanding request was found for reply from host %s port %d - ID %d",
+ PROXY( "No outstanding request was found for reply from host %s port %d - ID %d",
inet_ntop(packet->src_ipaddr.af,
&packet->src_ipaddr.ipaddr,
buffer, sizeof(buffer)),
* We're actually sending a proxied packet. Do that now.
*/
if (!request->in_proxy_hash && !insert_into_proxy_hash(request)) {
- radlog_request(L_PROXY, 0, request, "Failed to insert initial packet into the proxy list.");
+ RPROXY("Failed to insert initial packet into the proxy list.");
return -1;
}
* Don't free the old Id (if any) on error.
*/
if (!insert_into_proxy_hash(request)) {
- radlog_request(L_PROXY, 0, request, "Failed to insert retransmission into the proxy list.");
+ RPROXY("Failed to insert retransmission into the proxy list.");
goto post_proxy_fail;
}
rad_assert(request->in_proxy_hash);
request->home_server->num_received_pings++;
- radlog_request(L_PROXY, 0, request, "Received response to status check %d (%d in current sequence)",
+ RPROXY("Received response to status check %d (%d in current sequence)",
request->number, home->num_received_pings);
/*
fr_event_delete(el, &home->ev);
- radlog_request(L_PROXY, 0, request, "Marking home server %s port %d alive",
+ RPROXY("Marking home server %s port %d alive",
inet_ntop(request->proxy->dst_ipaddr.af,
&request->proxy->dst_ipaddr.ipaddr,
buffer, sizeof(buffer)),
rad_assert(request->proxy_listener == NULL);
if (!insert_into_proxy_hash(request)) {
- radlog_request(L_PROXY, 0, request, "Failed to insert status check %d into proxy list. Discarding it.",
+ RPROXY("Failed to insert status check %d into proxy list. Discarding it.",
request->number);
rad_assert(!request->in_request_hash);
home->num_sent_pings = 0;
home->num_received_pings = 0;
- radlog(L_PROXY, "Marking home server %s port %d as zombie (it has not responded in %d seconds).",
+ PROXY( "Marking home server %s port %d as zombie (it has not responded in %d seconds).",
inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
buffer, sizeof(buffer)),
home->port, home->response_window);
*/
if (home->ev) fr_event_delete(el, &home->ev);
- radlog(L_PROXY, "Marking home server %s port %d alive again... we have no idea if it really is alive or not.",
+ PROXY( "Marking home server %s port %d alive again... we have no idea if it really is alive or not.",
inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
buffer, sizeof(buffer)),
home->port);
}
#endif
- radlog(L_PROXY, "Marking home server %s port %d as dead.",
+ PROXY( "Marking home server %s port %d as dead.",
inet_ntop(home->ipaddr.af, &home->ipaddr.ipaddr,
buffer, sizeof(buffer)),
home->port);
* may have failed over to another home server.
* But that one may be dead, too.
*/
- radlog_request(L_ERR, 0, request, "Failing request due to lack of any response from home server %s port %d",
+ RERROR("Failing request due to lack of any response from home server %s port %d",
inet_ntop(request->proxy->dst_ipaddr.af,
&request->proxy->dst_ipaddr.ipaddr,
buffer, sizeof(buffer)),
if (debug_flag == 0) {
if (just_started) {
- radlog(L_INFO, "Ready to process requests.");
+ INFO("Ready to process requests.");
just_started = false;
}
return;
}
if (!wake) {
- radlog(L_INFO, "Ready to process requests.");
+ INFO("Ready to process requests.");
} else if ((wake->tv_sec != 0) ||
(wake->tv_usec >= 100000)) {
if (just_started) {
DEBUG("Listening on %s", buffer);
} else {
- radlog(L_INFO, " ... adding new socket %s", buffer);
+ INFO(" ... adding new socket %s", buffer);
}
#ifdef WITH_PROXY
listen_socket_t *sock = this->data;
rad_assert(this->count == 0);
- radlog(L_INFO, " ... closing socket %s", buffer);
+ INFO(" ... closing socket %s", buffer);
/*
* Remove it from the list of live FD's. Note
{
if ((flag & (RADIUS_SIGNAL_SELF_EXIT | RADIUS_SIGNAL_SELF_TERM)) != 0) {
if ((flag & RADIUS_SIGNAL_SELF_EXIT) != 0) {
- radlog(L_INFO, "Signalled to exit");
+ INFO("Signalled to exit");
fr_event_loop_exit(el, 1);
} else {
- radlog(L_INFO, "Signalled to terminate");
+ INFO("Signalled to terminate");
exec_trigger(NULL, NULL, "server.signal.term", true);
fr_event_loop_exit(el, 2);
}
when = time(NULL);
if ((int) (when - last_hup) < 5) {
- radlog(L_INFO, "Ignoring HUP (less than 5s since last one)");
+ INFO("Ignoring HUP (less than 5s since last one)");
return;
}
- radlog(L_INFO, "Received HUP signal.");
+ INFO("Received HUP signal.");
last_hup = when;
fr_strerror());
rcode = 2;
} else {
- radlog(L_INFO, "Exiting normally.");
+ INFO("Exiting normally.");
}
exec_trigger(NULL, NULL, "server.stop", false);
#endif
if (memory_report) {
- radlog(L_INFO, "Allocated memory at time of report:");
+ INFO("Allocated memory at time of report:");
log_talloc_report(NULL);
}
*/
if (conf->check_cert_issuer &&
(strcmp(issuer, conf->check_cert_issuer) != 0)) {
- radlog(L_AUTH, "rlm_eap_tls: Certificate issuer (%s) does not match specified value (%s)!", issuer, conf->check_cert_issuer);
+ AUTH("rlm_eap_tls: Certificate issuer (%s) does not match specified value (%s)!", issuer, conf->check_cert_issuer);
my_ok = 0;
}
} else {
RDEBUG2("checking certificate CN (%s) with xlat'ed value (%s)", common_name, cn_str);
if (strcmp(cn_str, common_name) != 0) {
- radlog(L_AUTH, "rlm_eap_tls: Certificate CN (%s) does not match specified value (%s)!", common_name, cn_str);
+ AUTH("rlm_eap_tls: Certificate CN (%s) does not match specified value (%s)!", common_name, cn_str);
my_ok = 0;
}
}
request, 1, NULL, 0,
request->packet->vps,
NULL, 1) != 0) {
- radlog(L_AUTH, "rlm_eap_tls: Certificate CN (%s) fails external verification!", common_name);
+ AUTH("rlm_eap_tls: Certificate CN (%s) fails external verification!", common_name);
my_ok = 0;
} else {
RDEBUG("Client certificate CN %s passed external validation", common_name);
RDEBUG2("Received TLS ACK");
if (ssn == NULL){
- radlog_request(L_ERR, 0, request, "FAIL: Unexpected ACK received. Could not obtain session information.");
+ RERROR("FAIL: Unexpected ACK received. Could not obtain session information.");
return FR_TLS_INVALID;
}
if (ssn->info.initialized == 0) {
}
if ((ssn->info.content_type == handshake) &&
(ssn->info.origin == 0)) {
- radlog_request(L_ERR, 0, request, "FAIL: ACK without earlier message.");
+ RERROR("FAIL: ACK without earlier message.");
return FR_TLS_INVALID;
}
*/
default:
RDEBUG2("ACK default");
- radlog_request(L_ERR, 0, request, "Invalid ACK received: %d",
+ RERROR("Invalid ACK received: %d",
ssn->info.content_type);
return FR_TLS_INVALID;
}
(unsigned int) length);
if (length > sock->ssn->offset) {
- radlog(L_INFO,
- "Received packet will be too large! Set \"fragment_size=%u\"",
+ INFO("Received packet will be too large! Set \"fragment_size=%u\"",
(data[2] << 8) | data[3]);
goto do_close;
}
switch (check_item->op) {
case T_OP_EQ:
default:
- radlog(L_INFO, "Invalid operator for item %s: "
+ INFO("Invalid operator for item %s: "
"reverting to '=='", check_item->da->name);
/* FALL-THROUGH */
case T_OP_CMP_TRUE:
*/
void version(void)
{
- radlog(L_INFO, "%s: %s", progname, radiusd_version);
+ INFO("%s: %s", progname, radiusd_version);
DEBUG3("Server was built with: ");
DEBUG3(" ssl : %s", ssl_version());
- radlog(L_INFO, "Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.");
- radlog(L_INFO, "There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A");
- radlog(L_INFO, "PARTICULAR PURPOSE.");
- radlog(L_INFO, "You may redistribute copies of FreeRADIUS under the terms of the");
- radlog(L_INFO, "GNU General Public License.");
- radlog(L_INFO, "For more information about these matters, see the file named COPYRIGHT.");
+ INFO("Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.");
+ INFO("There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A");
+ INFO("PARTICULAR PURPOSE.");
+ INFO("You may redistribute copies of FreeRADIUS under the terms of the");
+ INFO("GNU General Public License.");
+ INFO("For more information about these matters, see the file named COPYRIGHT.");
fflush(NULL);
}
password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if(!password) {
- radlog(L_AUTH, "rlm_cram: Cleartext-Password is required for authentication.");
+ AUTH("rlm_cram: Cleartext-Password is required for authentication.");
return RLM_MODULE_INVALID;
}
authtype = pairfind(request->packet->vps, SM_AUTHTYPE, VENDORPEC_SM, TAG_ANY);
if(!authtype) {
- radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Authtype missed");
+ AUTH("rlm_cram: Required attribute Sandy-Mail-Authtype missed");
return RLM_MODULE_INVALID;
}
challenge = pairfind(request->packet->vps, SM_CHALLENGE, VENDORPEC_SM, TAG_ANY);
if(!challenge) {
- radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Challenge missed");
+ AUTH("rlm_cram: Required attribute Sandy-Mail-Challenge missed");
return RLM_MODULE_INVALID;
}
response = pairfind(request->packet->vps, SM_RESPONSE, VENDORPEC_SM, TAG_ANY);
if(!response) {
- radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Response missed");
+ AUTH("rlm_cram: Required attribute Sandy-Mail-Response missed");
return RLM_MODULE_INVALID;
}
switch(authtype->vp_integer){
case 2: /* CRAM-MD5 */
if(challenge->length < 5 || response->length != 16) {
- radlog(L_AUTH, "rlm_cram: invalid MD5 challenge/response length");
+ AUTH("rlm_cram: invalid MD5 challenge/response length");
return RLM_MODULE_INVALID;
}
calc_md5_digest(buffer, challenge->vp_octets, challenge->length, password->vp_strvalue);
break;
case 3: /* APOP */
if(challenge->length < 5 || response->length != 16) {
- radlog(L_AUTH, "rlm_cram: invalid APOP challenge/response length");
+ AUTH("rlm_cram: invalid APOP challenge/response length");
return RLM_MODULE_INVALID;
}
calc_apop_digest(buffer, challenge->vp_octets, challenge->length, password->vp_strvalue);
break;
case 8: /* CRAM-MD4 */
if(challenge->length < 5 || response->length != 16) {
- radlog(L_AUTH, "rlm_cram: invalid MD4 challenge/response length");
+ AUTH("rlm_cram: invalid MD4 challenge/response length");
return RLM_MODULE_INVALID;
}
calc_md4_digest(buffer, challenge->vp_octets, challenge->length, password->vp_strvalue);
break;
case 9: /* CRAM-SHA1 */
if(challenge->length < 5 || response->length != 20) {
- radlog(L_AUTH, "rlm_cram: invalid MD4 challenge/response length");
+ AUTH("rlm_cram: invalid MD4 challenge/response length");
return RLM_MODULE_INVALID;
}
calc_sha1_digest(buffer, challenge->vp_octets, challenge->length, password->vp_strvalue);
if(!memcmp(buffer, response->vp_octets, 20)) return RLM_MODULE_OK;
break;
default:
- radlog(L_AUTH, "rlm_cram: unsupported Sandy-Mail-Authtype");
+ AUTH("rlm_cram: unsupported Sandy-Mail-Authtype");
return RLM_MODULE_INVALID;
}
return RLM_MODULE_NOTFOUND;
* a directory that the server was using.
*/
if (rad_mkdir(buffer, inst->dirperm) < 0) {
- radlog_request(L_ERR, 0, request, "rlm_detail: Failed to create directory %s: %s", buffer, strerror(errno));
+ RERROR("rlm_detail: Failed to create directory %s: %s", buffer, strerror(errno));
return RLM_MODULE_FAIL;
}
*/
if ((outfd = open(buffer, O_WRONLY | O_APPEND | O_CREAT,
inst->detailperm)) < 0) {
- radlog_request(L_ERR, 0, request, "rlm_detail: Couldn't open file %s: %s",
+ RERROR("rlm_detail: Couldn't open file %s: %s",
buffer, strerror(errno));
return RLM_MODULE_FAIL;
}
* the lock (race condition)
*/
if (fstat(outfd, &st) != 0) {
- radlog_request(L_ERR, 0, request, "rlm_detail: Couldn't stat file %s: %s",
+ RERROR("rlm_detail: Couldn't stat file %s: %s",
buffer, strerror(errno));
close(outfd);
return RLM_MODULE_FAIL;
if (inst->locking && !locked) {
close(outfd);
- radlog_request(L_ERR, 0, request, "rlm_detail: Failed to acquire filelock for %s, giving up",
+ RERROR("rlm_detail: Failed to acquire filelock for %s, giving up",
buffer);
return RLM_MODULE_FAIL;
}
*/
fsize = lseek(outfd, 0L, SEEK_END);
if (fsize < 0) {
- radlog_request(L_ERR, 0, request, "rlm_detail: Failed to seek to the end of detail file %s",
+ RERROR("rlm_detail: Failed to seek to the end of detail file %s",
buffer);
close(outfd);
return RLM_MODULE_FAIL;
* Open the FP for buffering.
*/
if ((fp = fdopen(outfd, "a")) == NULL) {
- radlog_request(L_ERR, 0, request, "rlm_detail: Couldn't open file %s: %s",
+ RERROR("rlm_detail: Couldn't open file %s: %s",
buffer, strerror(errno));
close(outfd);
return RLM_MODULE_FAIL;
passwd = pairfind(request->config_items, PW_DIGEST_HA1, 0, TAG_ANY);
if (passwd) {
if (passwd->length != 32) {
- radlog_request(L_AUTH, 0, request, "Digest-HA1 has invalid length, authentication failed.");
+ RAUTH("Digest-HA1 has invalid length, authentication failed.");
return RLM_MODULE_INVALID;
}
} else {
passwd = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
}
if (!passwd) {
- radlog_request(L_AUTH, 0, request, "Cleartext-Password or Digest-HA1 is required for authentication.");
+ RAUTH("Cleartext-Password or Digest-HA1 is required for authentication.");
return RLM_MODULE_INVALID;
}
(eap_packet->data[0] <= 0) ||
(eap_packet->data[0] >= PW_EAP_MAX_TYPES)) {
- radlog_request(L_AUTH, 0, request,
- "Badly formatted EAP Message: Ignoring the packet");
+ RAUTH("Badly formatted EAP Message: Ignoring the packet");
return EAP_INVALID;
}
/* we don't expect notification, but we send it */
if (eap_packet->data[0] == PW_EAP_NOTIFICATION) {
- radlog_request(L_AUTH, 0, request, "Got NOTIFICATION, "
+ RAUTH("Got NOTIFICATION, "
"Ignoring the packet");
return EAP_INVALID;
}
RDEBUG2("Received TLS ACK");
return tls_ack_handler(handler->opaque, request);
} else {
- radlog_request(L_ERR, 0, request, "Received Invalid TLS ACK");
+ RERROR("Received Invalid TLS ACK");
return FR_TLS_INVALID;
}
}
* We don't fall back if the 'attr' is specified, but we can't
* find the section - that is just a config error.
*/
- radlog(L_INFO, "debug: '%s' option missing, trying to use legacy configuration", attr);
+ INFO("debug: '%s' option missing, trying to use legacy configuration", attr);
tls_cs = cf_section_sub_find(parent, "tls");
}
*/
eap_packet = eap_vp2packet(request, request->packet->vps);
if (!eap_packet) {
- radlog_request(L_ERR, 0, request, "Malformed EAP Message");
+ RERROR("Malformed EAP Message");
return RLM_MODULE_FAIL;
}
request->proxy,
REQUEST_DATA_EAP_TUNNEL_CALLBACK);
if (!data) {
- radlog_request(L_ERR, 0, request, "Failed to retrieve callback for tunneled session!");
+ RERROR("Failed to retrieve callback for tunneled session!");
eap_handler_free(inst, handler);
return RLM_MODULE_FAIL;
}
eap_packet = eap_vp2packet(request, request->packet->vps);
if (!eap_packet) {
- radlog_request(L_ERR, 0, request, "Malformed EAP Message");
+ RERROR("Malformed EAP Message");
return RLM_MODULE_FAIL;
}
DEBUG(IKEv2_LOG_PREFIX "Using server auth type: secret");
return IKEv2_AUTH_SK;
}
- radlog(L_AUTH,IKEv2_LOG_PREFIX "Unsupported server auth type: %s",authtype_name);
- radlog(L_AUTH,IKEv2_LOG_PREFIX "Using server auth type: secret (default)");
+ AUTH(IKEv2_LOG_PREFIX "Unsupported server auth type: %s",authtype_name);
+ AUTH(IKEv2_LOG_PREFIX "Using server auth type: secret (default)");
return IKEv2_AUTH_SK;
}
session = ((struct IKEv2Data*)handler->opaque)->session;
if (session->eapKeyData==NULL){
- radlog( L_INFO,IKEv2_LOG_PREFIX "Key session not available!!!");
+ INFO(IKEv2_LOG_PREFIX "Key session not available!!!");
return 1;
}
break;
}
if(!i2->trusted) {
- radlog(L_AUTH,IKEv2_LOG_PREFIX "'CA_file' item not set, client cert based authentication will fail");
+ AUTH(IKEv2_LOG_PREFIX "'CA_file' item not set, client cert based authentication will fail");
} else {
if(!file_exists(i2->trusted)) {
ERROR(IKEv2_LOG_PREFIX "Can not open 'CA_file' %s",i2->trusted);
static int ikev2_initiate(void *instance, eap_handler_t *handler)
{
- radlog( L_INFO,IKEv2_LOG_PREFIX "Initiate connection!");
+ INFO(IKEv2_LOG_PREFIX "Initiate connection!");
// This is the way for silent discarding behavior
// handler->request->options|=RAD_REQUEST_OPTION_FAKE_REQUEST;
// handler->request->options|=RAD_REQUEST_OPTION_DONT_CACHE;
{
struct ikev2_ctx *i2=(struct ikev2_ctx*)instance;
- radlog( L_INFO, IKEv2_LOG_PREFIX "authenticate" );
+ INFO(IKEv2_LOG_PREFIX "authenticate" );
rad_assert(handler->request != NULL);
rad_assert(handler->stage == AUTHENTICATE);
{
if(ikemsg!=NULL) free (ikemsg);
handler->eap_ds->request->code=PW_EAP_FAILURE;
- radlog(L_INFO,IKEv2_LOG_PREFIX "Discarded packet");
+ INFO(IKEv2_LOG_PREFIX "Discarded packet");
return 1;
}
if( IKEv2ProcessMsg( i2, ikemsg, &sikemsg, &slen, session) != IKEv2_RET_OK )
{
- radlog(L_INFO, IKEv2_LOG_PREFIX "EAP_STATE_DISCARD");
+ INFO(IKEv2_LOG_PREFIX "EAP_STATE_DISCARD");
//session->State = EAP_STATE_DISCARD;
free(out);
return 1;
if( session->Status == IKEv2_SST_FAILED )
{
- radlog(L_INFO,IKEv2_LOG_PREFIX "FAILED");
+ INFO(IKEv2_LOG_PREFIX "FAILED");
olen = CreateResultMessage( false, session, &out );
}
if( session->Status == IKEv2_SST_ESTABLISHED )
{
- radlog(L_INFO,IKEv2_LOG_PREFIX "SUCCESS");
+ INFO(IKEv2_LOG_PREFIX "SUCCESS");
olen = CreateResultMessage( true, session, &out );
session->fFastReconnect=i2->enableFastReconnect;
if (!auth_type) continue;
if (num_types >= EAP_MAX_METHODS) {
- radlog(L_INFO, "WARNING: Ignoring EAP type %s: too many types defined", auth_type);
+ INFO("WARNING: Ignoring EAP type %s: too many types defined", auth_type);
continue;
}
* simplifies switching certain messages from the request log to
* the main log.
*/
-#define LDAP_INFO(fmt, ...) radlog(L_INFO, "rlm_ldap (%s): " fmt, inst->xlat_name, ##__VA_ARGS__)
+#define LDAP_INFO(fmt, ...) INFO("rlm_ldap (%s): " fmt, inst->xlat_name, ##__VA_ARGS__)
#define LDAP_DBGW(fmt, ...) radlog(L_DBG_WARN, "rlm_ldap (%s): " fmt, inst->xlat_name, ##__VA_ARGS__)
#define LDAP_DBGW_REQ(fmt, ...) do { if (request) {RWDEBUG(fmt, ##__VA_ARGS__);} else {LDAP_DBGW(fmt, ##__VA_ARGS__);}} while (0)
cs = cf_section_sub_find(parent, name);
if (!cs) {
- radlog(L_INFO, "rlm_ldap (%s): Couldn't find configuration for %s, will return NOOP for calls "
+ INFO("rlm_ldap (%s): Couldn't find configuration for %s, will return NOOP for calls "
"from this section", inst->xlat_name, name);
return 0;
if (p) {
*p = '\0';
if (rad_mkdir(buffer, 0700) < 0) {
- radlog_request(L_ERR, 0, request, "rlm_linelog: Failed to create directory %s: %s", buffer, strerror(errno));
+ RERROR("rlm_linelog: Failed to create directory %s: %s", buffer, strerror(errno));
return RLM_MODULE_FAIL;
}
*p = '/';
* Responses are 50 octets.
*/
if (response->length < 50) {
- radlog_request(L_AUTH, 0, request, "MS-CHAP-Response has the wrong format.");
+ RAUTH("MS-CHAP-Response has the wrong format.");
return 0;
}
lm_password->length = 16;
} else {
- radlog_request(L_ERR, 0, request, "Invalid LM-Password");
+ RERROR("Invalid LM-Password");
lm_password = NULL;
}
} else { /* there is a configured Cleartext-Password */
lm_password = pairmake_config("LM-Password", "", T_OP_EQ);
if (!lm_password) {
- radlog_request(L_ERR, 0, request, "No memory");
+ RERROR("No memory");
} else {
smbdes_lmpwdhash(password->vp_strvalue,
lm_password->vp_octets);
nt_password->length = 16;
} else {
- radlog_request(L_ERR, 0, request, "Invalid NT-Password");
+ RERROR("Invalid NT-Password");
nt_password = NULL;
}
} else if (!password) {
} else { /* there is a configured Cleartext-Password */
nt_password = pairmake_config("NT-Password", "", T_OP_EQ);
if (!nt_password) {
- radlog_request(L_ERR, 0, request, "No memory");
+ RERROR("No memory");
return RLM_MODULE_FAIL;
} else {
mschap_ntpwdhash(nt_password->vp_octets,
* MS-CHAPv1 challenges are 8 octets.
*/
if (challenge->length < 8) {
- radlog_request(L_AUTH, 0, request, "MS-CHAP-Challenge has the wrong format.");
+ RAUTH("MS-CHAP-Challenge has the wrong format.");
return RLM_MODULE_INVALID;
}
* Responses are 50 octets.
*/
if (response->length < 50) {
- radlog_request(L_AUTH, 0, request, "MS-CHAP-Response has the wrong format.");
+ RAUTH("MS-CHAP-Response has the wrong format.");
return RLM_MODULE_INVALID;
}
* MS-CHAPv2 challenges are 16 octets.
*/
if (challenge->length < 16) {
- radlog_request(L_AUTH, 0, request, "MS-CHAP-Challenge has the wrong format.");
+ RAUTH("MS-CHAP-Challenge has the wrong format.");
return RLM_MODULE_INVALID;
}
* Responses are 50 octets.
*/
if (response->length < 50) {
- radlog_request(L_AUTH, 0, request, "MS-CHAP-Response has the wrong format.");
+ RAUTH("MS-CHAP-Response has the wrong format.");
return RLM_MODULE_INVALID;
}
*/
username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!username) {
- radlog_request(L_AUTH, 0, request, "We require a User-Name for MS-CHAPv2");
+ RAUTH("We require a User-Name for MS-CHAPv2");
return RLM_MODULE_INVALID;
}
/* attempt to resolve the name */
groupdata = getgrnam(rad_client->community);
if (!groupdata) {
- radlog(L_AUTH, "rlm_opendirectory: The group \"%s\" does not exist on this system.", rad_client->community);
+ AUTH("rlm_opendirectory: The group \"%s\" does not exist on this system.", rad_client->community);
return RLM_MODULE_FAIL;
}
err = mbr_gid_to_uuid(groupdata->gr_gid, guid_nasgroup);
if (err != 0) {
- radlog(L_AUTH, "rlm_opendirectory: The group \"%s\" does not have a GUID.", rad_client->community);
+ AUTH("rlm_opendirectory: The group \"%s\" does not have a GUID.", rad_client->community);
return RLM_MODULE_FAIL;
}
}
int rc;
if (request->username->length > OTP_MAX_USERNAME_LEN) {
- radlog(L_AUTH, "rlm_otp: username [%s] too long", username);
+ AUTH("rlm_otp: username [%s] too long", username);
return RLM_MODULE_REJECT;
}
switch (otp_request.pwe.pwe) {
case PWE_PAP:
if (rvp->length >= sizeof(otp_request.pwe.u.pap.passcode)) {
- radlog(L_AUTH, "rlm_otp: passcode for [%s] too long",
+ AUTH("rlm_otp: passcode for [%s] too long",
username);
return RLM_MODULE_REJECT;
case PWE_CHAP:
if (cvp->length > 16) {
- radlog(L_AUTH, "rlm_otp: CHAP challenge for [%s] "
+ AUTH("rlm_otp: CHAP challenge for [%s] "
"too long", username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 17) {
- radlog(L_AUTH, "rlm_otp: CHAP response for [%s] "
+ AUTH("rlm_otp: CHAP response for [%s] "
"wrong size", username);
return RLM_MODULE_INVALID;
case PWE_MSCHAP:
if (cvp->length != 8) {
- radlog(L_AUTH, "rlm_otp: MS-CHAP challenge for "
+ AUTH("rlm_otp: MS-CHAP challenge for "
"[%s] wrong size", username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 50) {
- radlog(L_AUTH, "rlm_otp: MS-CHAP response for [%s] "
+ AUTH("rlm_otp: MS-CHAP response for [%s] "
"wrong size", username);
return RLM_MODULE_INVALID;
case PWE_MSCHAP2:
if (cvp->length != 16) {
- (void) radlog(L_AUTH, "rlm_otp: MS-CHAP2 challenge for "
+ AUTH("rlm_otp: MS-CHAP2 challenge for "
"[%s] wrong size", username);
return RLM_MODULE_INVALID;
}
if (rvp->length != 50) {
- radlog(L_AUTH, "rlm_otp: MS-CHAP2 response for [%s] "
+ AUTH("rlm_otp: MS-CHAP2 response for [%s] "
"wrong size", username);
return RLM_MODULE_INVALID;
/* validate the reply */
if (reply->version != 1) {
- radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid "
+ AUTH("rlm_otp: otpd reply for [%s] invalid "
"(version %d != 1)", request->username, reply->version);
otp_putfd(fdp, 1);
}
if (reply->passcode[OTP_MAX_PASSCODE_LEN] != '\0') {
- radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid "
+ AUTH("rlm_otp: otpd reply for [%s] invalid "
"(passcode)", request->username);
otp_putfd(fdp, 1);
* a User-Name attribute.
*/
if (!request->username) {
- radlog(L_AUTH, "rlm_pam: Attribute \"User-Name\" is required for authentication.");
+ AUTH("rlm_pam: Attribute \"User-Name\" is required for authentication.");
return RLM_MODULE_INVALID;
}
* a User-Password attribute.
*/
if (!request->password) {
- radlog(L_AUTH, "rlm_pam: Attribute \"User-Password\" is required for authentication.");
+ AUTH("rlm_pam: Attribute \"User-Password\" is required for authentication.");
return RLM_MODULE_INVALID;
}
* and not anything else.
*/
if (request->password->da->attr != PW_USER_PASSWORD) {
- radlog(L_AUTH, "rlm_pam: Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->da->name);
+ AUTH("rlm_pam: Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->da->name);
return RLM_MODULE_INVALID;
}
if (check1 == 0 || check2 == 0) {
break;
}
- radlog(L_INFO, "rlm_radutmp: converting reboot records.");
+ INFO("rlm_radutmp: converting reboot records.");
if (status == PW_STATUS_STOP)
status = PW_STATUS_ACCOUNTING_OFF;
if (status == PW_STATUS_START)
if ((status == PW_STATUS_START) && strncmp(ut.session_id, u.session_id, sizeof(u.session_id)) == 0 &&
u.time >= ut.time) {
if (u.type == P_LOGIN) {
- radlog(L_INFO, "rlm_radutmp: Login entry for NAS %s port %u duplicate",
+ INFO("rlm_radutmp: Login entry for NAS %s port %u duplicate",
nas, u.nas_port);
r = -1;
break;
acm_ret = SD_Next(securid_session->sdiHandle, securid_pass);
if (acm_ret == ACM_OK) {
- radlog(L_INFO, "Next SecurID token accepted for [%s].", securid_session->identity);
+ INFO("Next SecurID token accepted for [%s].", securid_session->identity);
rc = RC_SECURID_AUTH_SUCCESS;
} else {
- radlog(L_INFO, "SecurID: Next token rejected for [%s].", securid_session->identity);
+ INFO("SecurID: Next token rejected for [%s].", securid_session->identity);
rc = RC_SECURID_AUTH_FAILURE;
}
rc = RC_SECURID_AUTH_SUCCESS;
} else {
- radlog(L_INFO, "SecurID: New passcode rejected for [%s].", securid_session->identity);
+ INFO("SecurID: New passcode rejected for [%s].", securid_session->identity);
rc = RC_SECURID_AUTH_FAILURE;
}
* a User-Name attribute.
*/
if (!request->username) {
- radlog(L_AUTH, "rlm_securid: Attribute \"User-Name\" is required for authentication.");
+ AUTH("rlm_securid: Attribute \"User-Name\" is required for authentication.");
return RLM_MODULE_INVALID;
}
if (!request->password) {
- radlog_request(L_AUTH, 0, request, "Attribute \"Password\" is required for authentication.");
+ RAUTH("Attribute \"Password\" is required for authentication.");
return RLM_MODULE_INVALID;
}
* Clear-text passwords are the only ones we support.
*/
if (request->password->da->attr != PW_USER_PASSWORD) {
- radlog_request(L_AUTH, 0, request, "Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->da->name);
+ RAUTH("Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->da->name);
return RLM_MODULE_INVALID;
}
sqlite3_stmt *statement;
char const *z_tail;
- radlog(L_INFO, "rlm_sql_sqlite: Executing SQL statements from file \"%s\"", filename);
+ INFO("rlm_sql_sqlite: Executing SQL statements from file \"%s\"", filename);
f = fopen(filename, "r");
if (!f) {
return -1;
}
- radlog(L_DBG, "rlm_sql_sqlite: Ignoring empty SQL file");
+ DEBUG("rlm_sql_sqlite: Ignoring empty SQL file");
fclose(f);
talloc_free(buffer);
return -1;
}
- radlog(L_INFO, "rlm_sql_sqlite: SQLite library version: %s", sqlite3_libversion());
+ INFO("rlm_sql_sqlite: SQLite library version: %s", sqlite3_libversion());
if (!driver->filename) {
MEM(driver->filename = talloc_asprintf(driver, "%s/%s", radius_dir, config->sql_db));
}
char *buff;
sqlite3 *db = NULL;
- radlog(L_INFO, "rlm_sql_sqlite: Database doesn't exist, creating it and loading schema");
+ INFO("rlm_sql_sqlite: Database doesn't exist, creating it and loading schema");
p = strrchr(driver->filename, '/');
if (p) {
MEM(conn = handle->conn = talloc_zero(handle, rlm_sql_sqlite_conn_t));
talloc_set_destructor((void *) conn, sql_socket_destructor);
- radlog(L_INFO, "rlm_sql_sqlite: Opening SQLite database \"%s\"", driver->filename);
+ INFO("rlm_sql_sqlite: Opening SQLite database \"%s\"", driver->filename);
#ifdef HAVE_SQLITE_V2_API
status = sqlite3_open_v2(driver->filename, &(conn->db), SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX, NULL);
switch(state[1]) {
/* SQLSTATE 01 class contains info and warning messages */
case '1':
- radlog(L_INFO, "rlm_sql_unixodbc: %s %s\n", state, error);
+ INFO("rlm_sql_unixodbc: %s %s\n", state, error);
/* FALL-THROUGH */
case '0': /* SQLSTATE 00 class means success */
res = 0;
cs = cf_section_sub_find(parent, name);
if (!cs) {
- radlog(L_INFO, "rlm_sql (%s): Couldn't find configuration for "
+ INFO("rlm_sql (%s): Couldn't find configuration for "
"%s, will return NOOP for calls from this section",
inst->config->xlat_name, name);
}
}
- radlog(L_INFO, "rlm_sql (%s): Driver %s (module %s) loaded and linked",
+ INFO("rlm_sql (%s): Driver %s (module %s) loaded and linked",
inst->config->xlat_name, inst->config->sql_driver_name,
inst->module->name);
/*
* Initialise the connection pool for this instance
*/
- radlog(L_INFO, "rlm_sql (%s): Attempting to connect to database \"%s\"",
+ INFO("rlm_sql (%s): Attempting to connect to database \"%s\"",
inst->config->xlat_name, inst->config->sql_db);
if (sql_socket_pool_init(inst) < 0) return -1;
* Check if account is locked.
*/
if (pr_pw->uflg.fg_lock!=1) {
- radlog(L_AUTH, "rlm_unix: [%s]: account locked", name);
+ AUTH("rlm_unix: [%s]: account locked", name);
return RLM_MODULE_USERLOCK;
}
#else /* OSFC2 */
* Users with a particular shell are denied access
*/
if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) {
- radlog_request(L_AUTH, 0, request,
- "rlm_unix: [%s]: invalid shell", name);
+ RAUTH("rlm_unix: [%s]: invalid shell", name);
return RLM_MODULE_REJECT;
}
#endif
}
endusershell();
if (!shell) {
- radlog_request(L_AUTH, 0, request, "[%s]: invalid shell [%s]",
+ RAUTH("[%s]: invalid shell [%s]",
name, pwd->pw_shell);
return RLM_MODULE_REJECT;
}
*/
if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
(request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
- radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+ RAUTH("[%s]: password has expired", name);
return RLM_MODULE_REJECT;
}
/*
*/
if (spwd && spwd->sp_expire > 0 &&
(request->timestamp / 86400) > spwd->sp_expire) {
- radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name);
+ RAUTH("[%s]: account has expired", name);
return RLM_MODULE_REJECT;
}
#endif
*/
if ((pwd->pw_expire > 0) &&
(request->timestamp > pwd->pw_expire)) {
- radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+ RAUTH("[%s]: password has expired", name);
return RLM_MODULE_REJECT;
}
#endif
projects / freeradius.git / commitdiff