* Add if (_x->da) (void) talloc_get_type_abort(_x->da, DICT_ATTR);
* to the macro below when dictionaries are talloced.
*/
-# define VERIFY_VP(_x) fr_pair_verify_vp(__FILE__, __LINE__, _x)
-# define VERIFY_LIST(_x) fr_pair_verify_list(__FILE__, __LINE__, NULL, _x)
+# define VERIFY_VP(_x) fr_pair_verify(__FILE__, __LINE__, _x)
+# define VERIFY_LIST(_x) fr_pair_list_verify(__FILE__, __LINE__, NULL, _x)
# define VERIFY_PACKET(_x) (void) talloc_get_type_abort(_x, RADIUS_PACKET)
#else
/*
VALUE_PAIR const **pvp, uint8_t *ptr, size_t room);
/* pair.c */
-VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, DICT_ATTR const *da);
-VALUE_PAIR *paircreate(TALLOC_CTX *ctx, unsigned int attr, unsigned int vendor);
-int pair2unknown(VALUE_PAIR *vp);
-void pairfree(VALUE_PAIR **);
-VALUE_PAIR *pairfind(VALUE_PAIR *, unsigned int attr, unsigned int vendor, int8_t tag);
-VALUE_PAIR *pair_find_by_da(VALUE_PAIR *, DICT_ATTR const *da, int8_t tag);
+VALUE_PAIR *fr_pair_afrom_da(TALLOC_CTX *ctx, DICT_ATTR const *da);
+VALUE_PAIR *fr_pair_afrom_num(TALLOC_CTX *ctx, unsigned int attr, unsigned int vendor);
+int fr_pair_to_unknown(VALUE_PAIR *vp);
+void fr_pair_list_free(VALUE_PAIR **);
+VALUE_PAIR *fr_pair_find_by_num(VALUE_PAIR *, unsigned int attr, unsigned int vendor, int8_t tag);
+VALUE_PAIR *fr_pair_find_by_da(VALUE_PAIR *, DICT_ATTR const *da, int8_t tag);
VALUE_PAIR *fr_cursor_init(vp_cursor_t *cursor, VALUE_PAIR * const *node);
void fr_cursor_copy(vp_cursor_t *out, vp_cursor_t *in);
void fr_cursor_merge(vp_cursor_t *cursor, VALUE_PAIR *vp);
VALUE_PAIR *fr_cursor_remove(vp_cursor_t *cursor);
VALUE_PAIR *fr_cursor_replace(vp_cursor_t *cursor, VALUE_PAIR *new);
-void pairdelete(VALUE_PAIR **, unsigned int attr, unsigned int vendor, int8_t tag);
-void pairadd(VALUE_PAIR **, VALUE_PAIR *);
-void pairreplace(VALUE_PAIR **first, VALUE_PAIR *add);
-int paircmp(VALUE_PAIR *a, VALUE_PAIR *b);
-int pairlistcmp(VALUE_PAIR *a, VALUE_PAIR *b);
+void fr_pair_delete_by_num(VALUE_PAIR **, unsigned int attr, unsigned int vendor, int8_t tag);
+void fr_pair_add(VALUE_PAIR **, VALUE_PAIR *);
+void fr_pair_replace(VALUE_PAIR **first, VALUE_PAIR *add);
+int fr_pair_cmp(VALUE_PAIR *a, VALUE_PAIR *b);
+int fr_pair_list_cmp(VALUE_PAIR *a, VALUE_PAIR *b);
typedef int8_t (*fr_cmp_t)(void const *a, void const *b);
int8_t attrcmp(void const *a, void const *b);
-int8_t attrtagcmp(void const *a, void const *b);
-void pairsort(VALUE_PAIR **vps, fr_cmp_t cmp);
-void pairvalidate_debug(TALLOC_CTX *ctx, VALUE_PAIR const *failed[2]);
-bool pairvalidate(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list);
-bool pairvalidate_relaxed(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list);
-VALUE_PAIR *paircopyvp(TALLOC_CTX *ctx, VALUE_PAIR const *vp);
-VALUE_PAIR *paircopy(TALLOC_CTX *ctx, VALUE_PAIR *from);
-VALUE_PAIR *paircopy_by_num(TALLOC_CTX *ctx, VALUE_PAIR *from, unsigned int attr, unsigned int vendor, int8_t tag);
-void pairsteal(TALLOC_CTX *ctx, VALUE_PAIR *vp);
-void pairmemcpy(VALUE_PAIR *vp, uint8_t const * src, size_t len);
-void pairmemsteal(VALUE_PAIR *vp, uint8_t const *src);
-void pairstrsteal(VALUE_PAIR *vp, char const *src);
-void pairstrcpy(VALUE_PAIR *vp, char const * src);
-void pairbstrncpy(VALUE_PAIR *vp, void const * src, size_t len);
-void pairsprintf(VALUE_PAIR *vp, char const * fmt, ...) CC_HINT(format (printf, 2, 3));
-void pairmove(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from);
-void pairfilter(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from,
+int8_t fr_pair_cmp_by_da_tag(void const *a, void const *b);
+void fr_pair_list_sort(VALUE_PAIR **vps, fr_cmp_t cmp);
+void fr_pair_validate_debug(TALLOC_CTX *ctx, VALUE_PAIR const *failed[2]);
+bool fr_pair_validate(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list);
+bool fr_pair_validate_relaxed(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list);
+VALUE_PAIR *fr_pair_copy(TALLOC_CTX *ctx, VALUE_PAIR const *vp);
+VALUE_PAIR *fr_pair_list_copy(TALLOC_CTX *ctx, VALUE_PAIR *from);
+VALUE_PAIR *fr_pair_list_copy_by_num(TALLOC_CTX *ctx, VALUE_PAIR *from, unsigned int attr, unsigned int vendor, int8_t tag);
+void fr_pair_steal(TALLOC_CTX *ctx, VALUE_PAIR *vp);
+void fr_pair_value_memcpy(VALUE_PAIR *vp, uint8_t const * src, size_t len);
+void fr_pair_value_memsteal(VALUE_PAIR *vp, uint8_t const *src);
+void fr_pair_value_strsteal(VALUE_PAIR *vp, char const *src);
+void fr_pair_value_strcpy(VALUE_PAIR *vp, char const * src);
+void fr_pair_value_bstrncpy(VALUE_PAIR *vp, void const * src, size_t len);
+void fr_pair_value_sprintf(VALUE_PAIR *vp, char const * fmt, ...) CC_HINT(format (printf, 2, 3));
+void fr_pair_list_move(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from);
+void fr_pair_list_move_by_num(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from,
unsigned int attr, unsigned int vendor, int8_t tag);
-VALUE_PAIR *pairmake_ip(TALLOC_CTX *ctx, char const *value,
+VALUE_PAIR *fr_pair_afrom_ip_str(TALLOC_CTX *ctx, char const *value,
DICT_ATTR *ipv4, DICT_ATTR *ipv6, DICT_ATTR *ipv4_prefix, DICT_ATTR *ipv6_prefix);
-int pairparsevalue(VALUE_PAIR *vp, char const *value, size_t len);
-VALUE_PAIR *pairmake(TALLOC_CTX *ctx, VALUE_PAIR **vps, char const *attribute, char const *value, FR_TOKEN op);
-int pairmark_xlat(VALUE_PAIR *vp, char const *value);
-FR_TOKEN pairread(char const **ptr, VALUE_PAIR_RAW *raw);
-FR_TOKEN userparse(TALLOC_CTX *ctx, char const *buffer, VALUE_PAIR **head);
-int readvp2(TALLOC_CTX *ctx, VALUE_PAIR **out, FILE *fp, bool *pfiledone);
+int fr_pair_value_from_str(VALUE_PAIR *vp, char const *value, size_t len);
+VALUE_PAIR *fr_pair_make(TALLOC_CTX *ctx, VALUE_PAIR **vps, char const *attribute, char const *value, FR_TOKEN op);
+int fr_pair_mark_xlat(VALUE_PAIR *vp, char const *value);
+FR_TOKEN fr_pair_raw_from_str(char const **ptr, VALUE_PAIR_RAW *raw);
+FR_TOKEN fr_pair_list_afrom_str(TALLOC_CTX *ctx, char const *buffer, VALUE_PAIR **head);
+int fr_pair_list_afrom_file(TALLOC_CTX *ctx, VALUE_PAIR **out, FILE *fp, bool *pfiledone);
/** Compare two attributes using and operator.
*
* @return 1 if equal, 0 if not eaqual, -1 on error.
*/
-#define paircmp_op(_op, _a, _b) value_data_cmp_op(_op, _a->da->type, &_a->data, _a->vp_length, _b->da->type, &_b->data, _b->vp_length)
+#define fr_pair_cmp_op(_op, _a, _b) value_data_cmp_op(_op, _a->da->type, &_a->data, _a->vp_length, _b->da->type, &_b->data, _b->vp_length)
/* value.c */
int value_data_cmp(PW_TYPE a_type, value_data_t const *a, size_t a_len,
void fr_fault_log(char const *msg, ...) CC_HINT(format (printf, 1, 2));
# ifdef WITH_VERIFY_PTR
-void fr_pair_verify_vp(char const *file, int line, VALUE_PAIR const *vp);
-void fr_pair_verify_list(char const *file, int line, TALLOC_CTX *expected, VALUE_PAIR *vps);
+void fr_pair_verify(char const *file, int line, VALUE_PAIR const *vp);
+void fr_pair_list_verify(char const *file, int line, TALLOC_CTX *expected, VALUE_PAIR *vps);
# endif
bool fr_assert_cond(char const *file, int line, char const *expr, bool cond);
VALUE_PAIR *check, VALUE_PAIR *check_pairs,
VALUE_PAIR **reply_pairs);
int radius_find_compare(DICT_ATTR const *attribute);
-VALUE_PAIR *radius_paircreate(TALLOC_CTX *ctx, VALUE_PAIR **vps, unsigned int attribute, unsigned int vendor);
+VALUE_PAIR *radius_pair_create(TALLOC_CTX *ctx, VALUE_PAIR **vps, unsigned int attribute, unsigned int vendor);
void module_failure_msg(REQUEST *request, char const *fmt, ...) CC_HINT(format (printf, 2, 3));
void vmodule_failure_msg(REQUEST *request, char const *fmt, va_list ap) CC_HINT(format (printf, 2, 0));
* @param _b value
* @param _c op
*/
-#define pairmake_packet(_a, _b, _c) pairmake(request->packet, &request->packet->vps, _a, _b, _c)
-#define pairmake_reply(_a, _b, _c) pairmake(request->reply, &request->reply->vps, _a, _b, _c)
-#define pairmake_config(_a, _b, _c) pairmake(request, &request->config, _a, _b, _c)
+#define pair_make_packet(_a, _b, _c) fr_pair_make(request->packet, &request->packet->vps, _a, _b, _c)
+#define pair_make_reply(_a, _b, _c) fr_pair_make(request->reply, &request->reply->vps, _a, _b, _c)
+#define pair_make_config(_a, _b, _c) fr_pair_make(request, &request->config, _a, _b, _c)
/* threads.c */
int thread_pool_init(CONF_SECTION *cs, bool *spawn_flag);
cursor->current = before; /* current jumps back one, but this is usually desirable */
fixup:
- vp->next = NULL; /* limit scope of pairfree() */
+ vp->next = NULL; /* limit scope of fr_pair_list_free() */
/*
* Fixup cursor->found if we removed the VP it was referring to
* @param vp to free.
* @return 0
*/
-static int _pairfree(VALUE_PAIR *vp) {
+static int _fr_pair_free(VALUE_PAIR *vp) {
#ifndef NDEBUG
vp->vp_integer = 0xf4eef4ee;
#endif
* @param[in] da Specifies the dictionary attribute to build the VP from.
* @return a new value pair or NULL if an error occurred.
*/
-VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, DICT_ATTR const *da)
+VALUE_PAIR *fr_pair_afrom_da(TALLOC_CTX *ctx, DICT_ATTR const *da)
{
VALUE_PAIR *vp;
vp->vp_length = da->flags.length;
- talloc_set_destructor(vp, _pairfree);
+ talloc_set_destructor(vp, _fr_pair_free);
return vp;
}
* @param[in] vendor number.
* @return the new valuepair or NULL on error.
*/
-VALUE_PAIR *paircreate(TALLOC_CTX *ctx, unsigned int attr, unsigned int vendor)
+VALUE_PAIR *fr_pair_afrom_num(TALLOC_CTX *ctx, unsigned int attr, unsigned int vendor)
{
DICT_ATTR const *da;
}
}
- return pairalloc(ctx, da);
+ return fr_pair_afrom_da(ctx, da);
}
/** Free memory used by a valuepair list.
*
* @todo TLV: needs to free all dependents of each VP freed.
*/
-void pairfree(VALUE_PAIR **vps)
+void fr_pair_list_free(VALUE_PAIR **vps)
{
VALUE_PAIR *vp;
vp_cursor_t cursor;
* @param vp to change DICT_ATTR of.
* @return 0 on success (or if already unknown) else -1 on error.
*/
-int pair2unknown(VALUE_PAIR *vp)
+int fr_pair_to_unknown(VALUE_PAIR *vp)
{
DICT_ATTR const *da;
/** Find the pair with the matching DAs
*
*/
-VALUE_PAIR *pair_find_by_da(VALUE_PAIR *vp, DICT_ATTR const *da, int8_t tag)
+VALUE_PAIR *fr_pair_find_by_da(VALUE_PAIR *vp, DICT_ATTR const *da, int8_t tag)
{
vp_cursor_t cursor;
*
* @todo should take DAs and do a pointer comparison.
*/
-VALUE_PAIR *pairfind(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor, int8_t tag)
+VALUE_PAIR *fr_pair_find_by_num(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor, int8_t tag)
{
vp_cursor_t cursor;
*
* @todo should take DAs and do a point comparison.
*/
-void pairdelete(VALUE_PAIR **first, unsigned int attr, unsigned int vendor,
- int8_t tag)
+void fr_pair_delete_by_num(VALUE_PAIR **first, unsigned int attr, unsigned int vendor, int8_t tag)
{
VALUE_PAIR *i, *next;
VALUE_PAIR **last = first;
* @param[in] first VP in linked list. Will add new VP to the end of this list.
* @param[in] add VP to add to list.
*/
-void pairadd(VALUE_PAIR **first, VALUE_PAIR *add)
+void fr_pair_add(VALUE_PAIR **first, VALUE_PAIR *add)
{
VALUE_PAIR *i;
* @param[in,out] first VP in linked list. Will search and replace in this list.
* @param[in] replace VP to replace.
*/
-void pairreplace(VALUE_PAIR **first, VALUE_PAIR *replace)
+void fr_pair_replace(VALUE_PAIR **first, VALUE_PAIR *replace)
{
VALUE_PAIR *i, *next;
VALUE_PAIR **prev = first;
*prev = replace;
}
-int8_t attrtagcmp(void const *a, void const *b)
+int8_t fr_pair_cmp_by_da_tag(void const *a, void const *b)
{
VALUE_PAIR const *my_a = a;
VALUE_PAIR const *my_b = b;
return 0;
}
-static void pairsort_split(VALUE_PAIR *source, VALUE_PAIR **front, VALUE_PAIR **back)
+static void fr_pair_list_sort_split(VALUE_PAIR *source, VALUE_PAIR **front, VALUE_PAIR **back)
{
VALUE_PAIR *fast;
VALUE_PAIR *slow;
slow->next = NULL;
}
-static VALUE_PAIR *pairsort_merge(VALUE_PAIR *a, VALUE_PAIR *b, fr_cmp_t cmp)
+static VALUE_PAIR *fr_pair_list_sort_merge(VALUE_PAIR *a, VALUE_PAIR *b, fr_cmp_t cmp)
{
VALUE_PAIR *result = NULL;
*/
if (cmp(a, b) <= 0) {
result = a;
- result->next = pairsort_merge(a->next, b, cmp);
+ result->next = fr_pair_list_sort_merge(a->next, b, cmp);
} else {
result = b;
- result->next = pairsort_merge(a, b->next, cmp);
+ result->next = fr_pair_list_sort_merge(a, b->next, cmp);
}
return result;
* @param[in,out] vps List of VALUE_PAIRs to sort.
* @param[in] cmp to sort with
*/
-void pairsort(VALUE_PAIR **vps, fr_cmp_t cmp)
+void fr_pair_list_sort(VALUE_PAIR **vps, fr_cmp_t cmp)
{
VALUE_PAIR *head = *vps;
VALUE_PAIR *a;
return;
}
- pairsort_split(head, &a, &b); /* Split into sublists */
- pairsort(&a, cmp); /* Traverse left */
- pairsort(&b, cmp); /* Traverse right */
+ fr_pair_list_sort_split(head, &a, &b); /* Split into sublists */
+ fr_pair_list_sort(&a, cmp); /* Traverse left */
+ fr_pair_list_sort(&b, cmp); /* Traverse right */
/*
* merge the two sorted lists together
*/
- *vps = pairsort_merge(a, b, cmp);
+ *vps = fr_pair_list_sort_merge(a, b, cmp);
}
/** Write an error to the library errorbuff detailing the mismatch
* @param ctx a hack until we have thread specific talloc contexts.
* @param failed pair of attributes which didn't match.
*/
-void pairvalidate_debug(TALLOC_CTX *ctx, VALUE_PAIR const *failed[2])
+void fr_pair_validate_debug(TALLOC_CTX *ctx, VALUE_PAIR const *failed[2])
{
VALUE_PAIR const *filter = failed[0];
VALUE_PAIR const *list = failed[1];
return;
}
-/** Uses paircmp to verify all VALUE_PAIRs in list match the filter defined by check
+/** Uses fr_pair_cmp to verify all VALUE_PAIRs in list match the filter defined by check
*
* @note will sort both filter and list in place.
*
* @param filter attributes to check list against.
* @param list attributes, probably a request or reply
*/
-bool pairvalidate(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list)
+bool fr_pair_validate(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list)
{
vp_cursor_t filter_cursor;
vp_cursor_t list_cursor;
*
* @todo this should be removed one we have sets and lists
*/
- pairsort(&filter, attrtagcmp);
- pairsort(&list, attrtagcmp);
+ fr_pair_list_sort(&filter, fr_pair_cmp_by_da_tag);
+ fr_pair_list_sort(&list, fr_pair_cmp_by_da_tag);
check = fr_cursor_init(&filter_cursor, &filter);
match = fr_cursor_init(&list_cursor, &list);
* Note that the RFCs say that for attributes of
* the same type, order is important.
*/
- if (paircmp(check, match) != 1) goto mismatch;
+ if (fr_pair_cmp(check, match) != 1) goto mismatch;
check = fr_cursor_next(&filter_cursor);
match = fr_cursor_next(&list_cursor);
return false;
}
-/** Uses paircmp to verify all VALUE_PAIRs in list match the filter defined by check
+/** Uses fr_pair_cmp to verify all VALUE_PAIRs in list match the filter defined by check
*
* @note will sort both filter and list in place.
*
* @param filter attributes to check list against.
* @param list attributes, probably a request or reply
*/
-bool pairvalidate_relaxed(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list)
+bool fr_pair_validate_relaxed(VALUE_PAIR const *failed[2], VALUE_PAIR *filter, VALUE_PAIR *list)
{
vp_cursor_t filter_cursor;
vp_cursor_t list_cursor;
*
* @todo this should be removed one we have sets and lists
*/
- pairsort(&filter, attrtagcmp);
- pairsort(&list, attrtagcmp);
+ fr_pair_list_sort(&filter, fr_pair_cmp_by_da_tag);
+ fr_pair_list_sort(&list, fr_pair_cmp_by_da_tag);
fr_cursor_init(&list_cursor, &list);
for (check = fr_cursor_init(&filter_cursor, &filter);
/*
* This attribute passed the filter
*/
- if (!paircmp(check, match)) goto mismatch;
+ if (!fr_pair_cmp(check, match)) goto mismatch;
}
}
* @param[in] vp to copy.
* @return a copy of the input VP or NULL on error.
*/
-VALUE_PAIR *paircopyvp(TALLOC_CTX *ctx, VALUE_PAIR const *vp)
+VALUE_PAIR *fr_pair_copy(TALLOC_CTX *ctx, VALUE_PAIR const *vp)
{
VALUE_PAIR *n;
VERIFY_VP(vp);
- n = pairalloc(ctx, vp->da);
+ n = fr_pair_afrom_da(ctx, vp->da);
if (!n) return NULL;
memcpy(n, vp, sizeof(*n));
* nothing for "n", but will also copy the unknown "da".
*/
if (n->da->flags.is_unknown) {
- pairsteal(ctx, n);
+ fr_pair_steal(ctx, n);
}
n->next = NULL;
switch (vp->da->type) {
case PW_TYPE_OCTETS:
- n->vp_octets = NULL; /* else pairmemcpy will free vp's value */
- pairmemcpy(n, vp->vp_octets, n->vp_length);
+ n->vp_octets = NULL; /* else fr_pair_value_memcpy will free vp's value */
+ fr_pair_value_memcpy(n, vp->vp_octets, n->vp_length);
break;
case PW_TYPE_STRING:
n->vp_strvalue = NULL; /* else pairstrnpy will free vp's value */
- pairbstrncpy(n, vp->vp_strvalue, n->vp_length);
+ fr_pair_value_bstrncpy(n, vp->vp_strvalue, n->vp_length);
break;
default:
* @param[in] from whence to copy VALUE_PAIRs.
* @return the head of the new VALUE_PAIR list or NULL on error.
*/
-VALUE_PAIR *paircopy(TALLOC_CTX *ctx, VALUE_PAIR *from)
+VALUE_PAIR *fr_pair_list_copy(TALLOC_CTX *ctx, VALUE_PAIR *from)
{
vp_cursor_t src, dst;
vp;
vp = fr_cursor_next(&src)) {
VERIFY_VP(vp);
- vp = paircopyvp(ctx, vp);
+ vp = fr_pair_copy(ctx, vp);
if (!vp) {
- pairfree(&out);
+ fr_pair_list_free(&out);
return NULL;
}
- fr_cursor_insert(&dst, vp); /* paircopy sets next pointer to NULL */
+ fr_cursor_insert(&dst, vp); /* fr_pair_list_copy sets next pointer to NULL */
}
return out;
* @param[in] tag to match, TAG_ANY matches any tag, TAG_NONE matches tagless VPs.
* @return the head of the new VALUE_PAIR list or NULL on error.
*/
-VALUE_PAIR *paircopy_by_num(TALLOC_CTX *ctx, VALUE_PAIR *from, unsigned int attr, unsigned int vendor, int8_t tag)
+VALUE_PAIR *fr_pair_list_copy_by_num(TALLOC_CTX *ctx, VALUE_PAIR *from,
+ unsigned int attr, unsigned int vendor, int8_t tag)
{
vp_cursor_t src, dst;
continue;
}
- vp = paircopyvp(ctx, vp);
+ vp = fr_pair_copy(ctx, vp);
if (!vp) {
- pairfree(&out);
+ fr_pair_list_free(&out);
return NULL;
}
fr_cursor_insert(&dst, vp);
* @param[in] ctx to move VALUE_PAIR into
* @param[in] vp VALUE_PAIR to move into the new context.
*/
-void pairsteal(TALLOC_CTX *ctx, VALUE_PAIR *vp)
+void fr_pair_steal(TALLOC_CTX *ctx, VALUE_PAIR *vp)
{
(void) talloc_steal(ctx, vp);
* @note This function does some additional magic that's probably not needed
* in most places. Consider using radius_pairmove in server code.
*
- * @note pairfree should be called on the head of the source list to free
+ * @note fr_pair_list_free should be called on the head of the source list to free
* unmoved attributes (if they're no longer needed).
*
* @note Does not respect tags when matching.
*
* @see radius_pairmove
*/
-void pairmove(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from)
+void fr_pair_list_move(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from)
{
VALUE_PAIR *i, *found;
VALUE_PAIR *head_new, **tail_new;
* it doesn't already exist.
*/
case T_OP_EQ:
- found = pair_find_by_da(*to, i->da, TAG_ANY);
+ found = fr_pair_find_by_da(*to, i->da, TAG_ANY);
if (!found) goto do_add;
tail_from = &(i->next);
* of the same vendor/attr which already exists.
*/
case T_OP_SET:
- found = pair_find_by_da(*to, i->da, TAG_ANY);
+ found = fr_pair_find_by_da(*to, i->da, TAG_ANY);
if (!found) goto do_add;
/*
- * Do NOT call pairdelete() here,
+ * Do NOT call fr_pair_delete_by_num() here,
* due to issues with re-writing
* "request->username".
*
- * Everybody calls pairmove, and
+ * Everybody calls fr_pair_move, and
* expects it to work. We can't
* update request->username here,
* so instead we over-write the
break;
case PW_TYPE_OCTETS:
- pairmemsteal(found, i->vp_octets);
+ fr_pair_value_memsteal(found, i->vp_octets);
i->vp_octets = NULL;
break;
case PW_TYPE_STRING:
- pairstrsteal(found, i->vp_strvalue);
+ fr_pair_value_strsteal(found, i->vp_strvalue);
i->vp_strvalue = NULL;
found->tag = i->tag;
break;
* Delete *all* of the attributes
* of the same number.
*/
- pairdelete(&found->next,
+ fr_pair_delete_by_num(&found->next,
found->da->attr,
found->da->vendor, TAG_ANY);
*/
*tail_from = i->next;
i->next = NULL;
- pairfree(&i);
+ fr_pair_list_free(&i);
continue;
/*
*tail_from = i->next;
i->next = NULL;
*tail_new = i;
- pairsteal(ctx, i);
+ fr_pair_steal(ctx, i);
tail_new = &(i->next);
continue;
}
/*
* Take the "new" list, and append it to the "to" list.
*/
- pairadd(to, head_new);
+ fr_pair_add(to, head_new);
}
/** Move matching pairs between VALUE_PAIR lists
*
* @note pairs which are moved have their parent changed to ctx.
*
- * @note pairfree should be called on the head of the old list to free unmoved
+ * @note fr_pair_list_free should be called on the head of the old list to free unmoved
attributes (if they're no longer needed).
*
* @param[in] ctx for talloc
* @param[in] vendor to match.
* @param[in] tag to match, TAG_ANY matches any tag, TAG_NONE matches tagless VPs.
*/
-void pairfilter(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned int vendor, int8_t tag)
+void fr_pair_list_move_by_num(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from,
+ unsigned int attr, unsigned int vendor, int8_t tag)
{
VALUE_PAIR *to_tail, *i, *next;
VALUE_PAIR *iprev = NULL;
/*
* Attr/vendor of 0 means "move them all".
- * It's better than "pairadd(foo,bar);bar=NULL"
+ * It's better than "fr_pair_add(foo,bar);bar=NULL"
*/
if ((vendor == 0) && (attr == 0)) {
if (*to) {
}
for (i = *from; i; i = i->next) {
- pairsteal(ctx, i);
+ fr_pair_steal(ctx, i);
}
*from = NULL;
*to = i;
to_tail = i;
i->next = NULL;
- pairsteal(ctx, i);
+ fr_pair_steal(ctx, i);
}
}
* should be the length of the string or sub string to parse.
* @return 0 on success -1 on error.
*/
-int pairparsevalue(VALUE_PAIR *vp, char const *value, size_t inlen)
+int fr_pair_value_from_str(VALUE_PAIR *vp, char const *value, size_t inlen)
{
ssize_t ret;
PW_TYPE type;
* @param ipv6_prefix dictionary attribute to use for an IPv6 prefix.
* @return NULL on error, or new VALUE_PAIR.
*/
-VALUE_PAIR *pairmake_ip(TALLOC_CTX *ctx, char const *value, DICT_ATTR *ipv4, DICT_ATTR *ipv6,
- DICT_ATTR *ipv4_prefix, DICT_ATTR *ipv6_prefix)
+VALUE_PAIR *fr_pair_afrom_ip_str(TALLOC_CTX *ctx, char const *value, DICT_ATTR *ipv4, DICT_ATTR *ipv6,
+ DICT_ATTR *ipv4_prefix, DICT_ATTR *ipv6_prefix)
{
VALUE_PAIR *vp;
DICT_ATTR *da = NULL;
return NULL;
}
- /* No point in repeating the work of pairparsevalue */
+ /* No point in repeating the work of fr_pair_value_from_str */
if (strchr(value, ':')) {
if (strchr(value, '/')) {
da = ipv6_prefix;
ipv4_prefix ? "ipv4prefix " : "", ipv6_prefix ? "ipv6prefix" : "");
finish:
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) return NULL;
- if (pairparsevalue(vp, value, -1) < 0) {
+ if (fr_pair_value_from_str(vp, value, -1) < 0) {
talloc_free(vp);
return NULL;
}
}
-static VALUE_PAIR *pair_unknown2known(VALUE_PAIR *vp, DICT_ATTR const *da)
+static VALUE_PAIR *fr_pair_from_unkown(VALUE_PAIR *vp, DICT_ATTR const *da)
{
ssize_t len;
VALUE_PAIR *vp2;
if (len < 0) return vp; /* it's really unknown */
if (vp2->da->flags.is_unknown) {
- pairfree(&vp2);
+ fr_pair_list_free(&vp2);
return vp;
}
* and 1 "unknown" is likely preferable.
*/
if ((size_t) len < vp->vp_length) {
- pairfree(&vp2);
+ fr_pair_list_free(&vp2);
return vp;
}
- pairsteal(talloc_parent(vp), vp2);
- pairfree(&vp);
+ fr_pair_steal(talloc_parent(vp), vp2);
+ fr_pair_list_free(&vp);
return vp2;
}
* @param op to assign to new valuepair.
* @return new valuepair or NULL on error.
*/
-static VALUE_PAIR *pairmake_any(TALLOC_CTX *ctx,
- char const *attribute, char const *value,
- FR_TOKEN op)
+static VALUE_PAIR *fr_pair_make_any(TALLOC_CTX *ctx,
+ char const *attribute, char const *value,
+ FR_TOKEN op)
{
VALUE_PAIR *vp;
DICT_ATTR const *da;
* it. This next stop also looks the attribute up in the
* dictionary, and creates the appropriate type for it.
*/
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) {
dict_attr_free(&da);
return NULL;
*/
da = dict_attrbyvalue(vp->da->attr, vp->da->vendor);
if (da) {
- return pair_unknown2known(vp, da);
+ return fr_pair_from_unkown(vp, da);
}
return vp;
* @param[in] op to assign to new VALUE_PAIR.
* @return a new VALUE_PAIR.
*/
-VALUE_PAIR *pairmake(TALLOC_CTX *ctx, VALUE_PAIR **vps,
- char const *attribute, char const *value, FR_TOKEN op)
+VALUE_PAIR *fr_pair_make(TALLOC_CTX *ctx, VALUE_PAIR **vps,
+ char const *attribute, char const *value, FR_TOKEN op)
{
DICT_ATTR const *da;
VALUE_PAIR *vp;
*/
da = dict_attrbyname(attrname);
if (!da) {
- vp = pairmake_any(ctx, attrname, value, op);
- if (vp && vps) pairadd(vps, vp);
+ vp = fr_pair_make_any(ctx, attrname, value, op);
+ if (vp && vps) fr_pair_add(vps, vp);
return vp;
}
}
}
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) return NULL;
vp->op = (op == 0) ? T_OP_EQ : op;
vp->tag = tag;
}
talloc_free(preg);
- vp = pairmake(ctx, NULL, attribute, NULL, op);
+ vp = fr_pair_make(ctx, NULL, attribute, NULL, op);
if (!vp) return NULL;
- if (pairmark_xlat(vp, value) < 0) {
+ if (fr_pair_mark_xlat(vp, value) < 0) {
talloc_free(vp);
return NULL;
}
/*
* Parse it as an unknown type, i.e. octets.
*/
- if (pairparsevalue(vp, value, -1) < 0) {
+ if (fr_pair_value_from_str(vp, value, -1) < 0) {
talloc_free(vp);
return NULL;
}
* then the user MAY have typed in the attribute name
* as Vendor-%d-Attr-%d, and the value MAY be octets.
*
- * We probably want to fix pairparsevalue to accept
+ * We probably want to fix fr_pair_value_from_str to accept
* octets as values for any attribute.
*/
- if (value && (pairparsevalue(vp, value, -1) < 0)) {
+ if (value && (fr_pair_value_from_str(vp, value, -1) < 0)) {
talloc_free(vp);
return NULL;
}
do_add:
- if (vps) pairadd(vps, vp);
+ if (vps) fr_pair_add(vps, vp);
return vp;
}
* @param value to expand.
* @return 0 if marking succeeded or -1 if vp already had a value, or OOM.
*/
-int pairmark_xlat(VALUE_PAIR *vp, char const *value)
+int fr_pair_mark_xlat(VALUE_PAIR *vp, char const *value)
{
char *raw;
* @param[out] raw The struct to write the raw VALUE_PAIR to.
* @return the last token read.
*/
-FR_TOKEN pairread(char const **ptr, VALUE_PAIR_RAW *raw)
+FR_TOKEN fr_pair_raw_from_str(char const **ptr, VALUE_PAIR_RAW *raw)
{
char const *p;
char *q;
* @param list where the parsed VALUE_PAIRs will be appended.
* @return the last token parsed, or T_INVALID
*/
-FR_TOKEN userparse(TALLOC_CTX *ctx, char const *buffer, VALUE_PAIR **list)
+FR_TOKEN fr_pair_list_afrom_str(TALLOC_CTX *ctx, char const *buffer, VALUE_PAIR **list)
{
VALUE_PAIR *vp, *head, **tail;
char const *p;
raw.l_opand[0] = '\0';
raw.r_opand[0] = '\0';
- last_token = pairread(&p, &raw);
+ last_token = fr_pair_raw_from_str(&p, &raw);
/*
* JUST a hash. Don't try to create a VP.
if (last_token == T_INVALID) break;
if (raw.quote == T_DOUBLE_QUOTED_STRING) {
- vp = pairmake(ctx, NULL, raw.l_opand, NULL, raw.op);
+ vp = fr_pair_make(ctx, NULL, raw.l_opand, NULL, raw.op);
if (!vp) {
last_token = T_INVALID;
break;
}
- if (pairmark_xlat(vp, raw.r_opand) < 0) {
+ if (fr_pair_mark_xlat(vp, raw.r_opand) < 0) {
talloc_free(vp);
last_token = T_INVALID;
break;
}
} else {
- vp = pairmake(ctx, NULL, raw.l_opand, raw.r_opand, raw.op);
+ vp = fr_pair_make(ctx, NULL, raw.l_opand, raw.r_opand, raw.op);
if (!vp) {
last_token = T_INVALID;
break;
} while (*p && (last_token == T_COMMA));
if (last_token == T_INVALID) {
- pairfree(&head);
+ fr_pair_list_free(&head);
} else {
- pairadd(list, head);
+ fr_pair_add(list, head);
}
/*
/*
* Read valuepairs from the fp up to End-Of-File.
*/
-int readvp2(TALLOC_CTX *ctx, VALUE_PAIR **out, FILE *fp, bool *pfiledone)
+int fr_pair_list_afrom_file(TALLOC_CTX *ctx, VALUE_PAIR **out, FILE *fp, bool *pfiledone)
{
char buf[8192];
FR_TOKEN last_token = T_EOL;
* Read all of the attributes on the current line.
*/
vp = NULL;
- last_token = userparse(ctx, buf, &vp);
+ last_token = fr_pair_list_afrom_str(ctx, buf, &vp);
if (!vp) {
if (last_token != T_EOL) goto error;
break;
error:
*pfiledone = false;
vp = fr_cursor_first(&cursor);
- if (vp) pairfree(&vp);
+ if (vp) fr_pair_list_free(&vp);
return -1;
}
* @param[in] b the second attribute
* @return 1 if true, 0 if false, -1 on error.
*/
-int paircmp(VALUE_PAIR *a, VALUE_PAIR *b)
+int fr_pair_cmp(VALUE_PAIR *a, VALUE_PAIR *b)
{
if (!a) return -1;
break;
}
- return paircmp_op(a->op, b, a);
+ return fr_pair_cmp_op(a->op, b, a);
}
/** Determine equality of two lists
* @param b second list of VALUE_PAIRs.
* @return -1 if a < b, 0 if the two lists are equal, 1 if a > b, -2 on error.
*/
-int pairlistcmp(VALUE_PAIR *a, VALUE_PAIR *b)
+int fr_pair_list_cmp(VALUE_PAIR *a, VALUE_PAIR *b)
{
vp_cursor_t a_cursor, b_cursor;
VALUE_PAIR *a_p, *b_p;
*
* @param vp to fixup.
*/
-static void pairtypeset(VALUE_PAIR *vp)
+static void fr_pair_value_set_type(VALUE_PAIR *vp)
{
if (!vp->data.ptr) return;
* @param[in] src data to copy
* @param[in] size of the data, may be 0 in which case previous value will be freed.
*/
-void pairmemcpy(VALUE_PAIR *vp, uint8_t const *src, size_t size)
+void fr_pair_value_memcpy(VALUE_PAIR *vp, uint8_t const *src, size_t size)
{
uint8_t *p = NULL, *q;
vp->vp_octets = p;
vp->vp_length = size;
- if (size > 0) pairtypeset(vp);
+ if (size > 0) fr_pair_value_set_type(vp);
}
/** Reparent an allocated octet buffer to a VALUE_PAIR
* @param[in,out] vp to update
* @param[in] src buffer to steal.
*/
-void pairmemsteal(VALUE_PAIR *vp, uint8_t const *src)
+void fr_pair_value_memsteal(VALUE_PAIR *vp, uint8_t const *src)
{
uint8_t *q;
vp->vp_octets = talloc_steal(vp, src);
vp->type = VT_DATA;
vp->vp_length = talloc_array_length(vp->vp_strvalue);
- pairtypeset(vp);
+ fr_pair_value_set_type(vp);
}
/** Reparent an allocated char buffer to a VALUE_PAIR
* @param[in,out] vp to update
* @param[in] src buffer to steal.
*/
-void pairstrsteal(VALUE_PAIR *vp, char const *src)
+void fr_pair_value_strsteal(VALUE_PAIR *vp, char const *src)
{
uint8_t *q;
vp->vp_strvalue = talloc_steal(vp, src);
vp->type = VT_DATA;
vp->vp_length = talloc_array_length(vp->vp_strvalue) - 1;
- pairtypeset(vp);
+ fr_pair_value_set_type(vp);
}
/** Copy data into an "string" data type.
* @param[in,out] vp to update
* @param[in] src data to copy
*/
-void pairstrcpy(VALUE_PAIR *vp, char const *src)
+void fr_pair_value_strcpy(VALUE_PAIR *vp, char const *src)
{
char *p, *q;
vp->vp_strvalue = p;
vp->type = VT_DATA;
vp->vp_length = talloc_array_length(vp->vp_strvalue) - 1;
- pairtypeset(vp);
+ fr_pair_value_set_type(vp);
}
/** Copy data into an "string" data type.
* @param[in] src data to copy.
* @param[in] len of data to copy.
*/
-void pairbstrncpy(VALUE_PAIR *vp, void const *src, size_t len)
+void fr_pair_value_bstrncpy(VALUE_PAIR *vp, void const *src, size_t len)
{
char *p, *q;
vp->vp_strvalue = p;
vp->type = VT_DATA;
vp->vp_length = len;
- pairtypeset(vp);
+ fr_pair_value_set_type(vp);
}
/** Print data into an "string" data type.
* @param[in,out] vp to update
* @param[in] fmt the format string
*/
-void pairsprintf(VALUE_PAIR *vp, char const *fmt, ...)
+void fr_pair_value_sprintf(VALUE_PAIR *vp, char const *fmt, ...)
{
va_list ap;
char *p, *q;
vp->type = VT_DATA;
vp->vp_length = talloc_array_length(vp->vp_strvalue) - 1;
- pairtypeset(vp);
+ fr_pair_value_set_type(vp);
}
#ifdef WITH_VERIFY_PTR
/*
* Verify a VALUE_PAIR
*/
-inline void fr_pair_verify_vp(char const *file, int line, VALUE_PAIR const *vp)
+inline void fr_pair_verify(char const *file, int line, VALUE_PAIR const *vp)
{
if (!vp) {
FR_FAULT_LOG("CONSISTENCY CHECK FAILED %s[%u]: VALUE_PAIR pointer was NULL", file, line);
/*
* Verify a pair list
*/
-void fr_pair_verify_list(char const *file, int line, TALLOC_CTX *expected, VALUE_PAIR *vps)
+void fr_pair_list_verify(char const *file, int line, TALLOC_CTX *expected, VALUE_PAIR *vps)
{
vp_cursor_t cursor;
VALUE_PAIR *vp;
if (ptr[0] != attr) break;
}
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) return -1;
vp->vp_length = total;
vp->vp_octets = p = talloc_array(vp, uint8_t, vp->vp_length);
if (!p) {
- pairfree(&vp);
+ fr_pair_list_free(&vp);
return -1;
}
my_vendor = da->vendor;
if (!dict_attr_child(da, &my_attr, &my_vendor)) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
child = dict_unknown_afrom_fields(ctx, my_attr, my_vendor);
if (!child) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
}
tlv_len = data2vp(ctx, packet, original, secret, child,
data + 2, data[1] - 2, data[1] - 2, tail);
if (tlv_len < 0) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
if (*tail) tail = &((*tail)->next);
vsa_len = data2vp_vsa(ctx, packet, original, secret, dv,
data, attrlen, tail);
if (vsa_len < 0) {
- pairfree(&head);
+ fr_pair_list_free(&head);
fr_strerror_printf("Internal sanity check %d", __LINE__);
return -1;
}
* information, decode the actual data.
*/
alloc_cui:
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) return -1;
vp->vp_length = datalen;
break;
case PW_TYPE_OCTETS:
- pairmemcpy(vp, data, vp->vp_length);
+ fr_pair_value_memcpy(vp, data, vp->vp_length);
break;
case PW_TYPE_ABINARY:
break;
default:
- pairfree(&vp);
+ fr_pair_list_free(&vp);
fr_strerror_printf("Internal sanity check %d", __LINE__);
return -1;
}
my_len = rad_attr2vp(packet, packet, original, secret,
ptr, packet_length, &vp);
if (my_len < 0) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
(num_attributes > fr_max_attributes)) {
char host_ipaddr[128];
- pairfree(&head);
+ fr_pair_list_free(&head);
fr_strerror_printf("Possible DoS attack from host %s: Too many attributes in request (received %d, max %d are allowed).",
inet_ntop(packet->src_ipaddr.af,
&packet->src_ipaddr.ipaddr,
* Use Chap-Challenge pair if present,
* Request Authenticator otherwise.
*/
- challenge = pairfind(packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY);
+ challenge = fr_pair_find_by_num(packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY);
if (challenge) {
memcpy(ptr, challenge->vp_strvalue, challenge->vp_length);
i += challenge->vp_length;
VERIFY_PACKET(radius_packet);
- pairfree(&radius_packet->vps);
+ fr_pair_list_free(&radius_packet->vps);
talloc_free(radius_packet);
*radius_packet_ptr = NULL;
out->data = NULL;
out->data_len = 0;
- out->vps = paircopy(out, in->vps);
+ out->vps = fr_pair_list_copy(out, in->vps);
out->offset = 0;
return out;
* Do the data storage before proxying. This is to ensure
* that we log the packet, even if the proxy never does.
*/
- vp = pairfind(request->config, PW_ACCT_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_ACCT_TYPE, 0, TAG_ANY);
if (vp) {
acct_type = vp->vp_integer;
DEBUG2(" Found Acct-Type %s",
* Maybe one of the preacct modules has decided
* that a proxy should be used.
*/
- if ((vp = pairfind(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY))) {
REALM *realm;
/*
realm = realm_find2(vp->vp_strvalue);
if (realm && !realm->acct_pool) {
DEBUG("rad_accounting: Cancelling proxy to realm %s, as it is a LOCAL realm.", realm->name);
- pairdelete(&request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
} else {
/*
* Don't reply to the NAS now because
uint16_t port = 0;
char const *tls = "";
- if ((cli = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) == NULL) {
+ if ((cli = fr_pair_find_by_num(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) == NULL) {
do_cli = false;
}
- if ((pair = pairfind(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY)) != NULL) {
+ if ((pair = fr_pair_find_by_num(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY)) != NULL) {
port = pair->vp_integer;
}
if (request->packet->dst_port == 0) {
- if (pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY)) {
+ if (fr_pair_find_by_num(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY)) {
tls = " via TLS tunnel";
} else {
tls = " via proxy to virtual server";
* Get the correct username based on the configured value
*/
if (!log_stripped_names) {
- username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
} else {
username = request->username;
}
if (!request->password) {
VALUE_PAIR *auth_type;
- auth_type = pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
+ auth_type = fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
if (auth_type) {
snprintf(clean_password, sizeof(clean_password),
"<via Auth-Type = %s>",
} else {
strcpy(clean_password, "<no User-Password attribute>");
}
- } else if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) {
+ } else if (fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) {
strcpy(clean_password, "<CHAP-Password>");
} else {
fr_prints(clean_password, sizeof(clean_password),
* been set, and complain if so.
*/
if (auth_type < 0) {
- if (pairfind(request->config, PW_CRYPT_PASSWORD, 0, TAG_ANY) != NULL) {
+ if (fr_pair_find_by_num(request->config, PW_CRYPT_PASSWORD, 0, TAG_ANY) != NULL) {
RWDEBUG2("Please update your configuration, and remove 'Auth-Type = Crypt'");
RWDEBUG2("Use the PAP module instead");
}
- else if (pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) != NULL) {
+ else if (fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) != NULL) {
RWDEBUG2("Please update your configuration, and remove 'Auth-Type = Local'");
RWDEBUG2("Use the PAP or CHAP modules instead");
}
VALUE_PAIR *vp;
if (request->reply->code == PW_CODE_ACCESS_CHALLENGE) {
- pairdelete(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
- vp = pairmake_config("Post-Auth-Type", "Challenge", T_OP_SET);
+ fr_pair_delete_by_num(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
+ vp = pair_make_config("Post-Auth-Type", "Challenge", T_OP_SET);
if (!vp) return RLM_MODULE_OK;
} else if (request->reply->code == PW_CODE_ACCESS_REJECT) {
- pairdelete(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
- vp = pairmake_config("Post-Auth-Type", "Reject", T_OP_SET);
+ fr_pair_delete_by_num(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
+ vp = pair_make_config("Post-Auth-Type", "Reject", T_OP_SET);
if (!vp) return RLM_MODULE_OK;
} else {
- vp = pairfind(request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
}
/*
* If we're still accepting the user, say so.
*/
if (request->reply->code == PW_CODE_ACCESS_ACCEPT) {
- if ((vp = pairfind(request->packet->vps, PW_MODULE_SUCCESS_MESSAGE, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_MODULE_SUCCESS_MESSAGE, 0, TAG_ANY)) != NULL) {
char msg[MAX_STRING_LEN+12];
snprintf(msg, sizeof(msg), "Login OK (%s)",
* accordingly.
*/
case PW_CODE_ACCESS_ACCEPT:
- tmp = radius_paircreate(request,
+ tmp = radius_pair_create(request,
&request->config,
PW_AUTH_TYPE, 0);
if (tmp) tmp->vp_integer = PW_AUTH_TYPE_ACCEPT;
* Look for, and cache, passwords.
*/
if (!request->password) {
- request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
}
if (!request->password) {
- request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
}
/*
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
- if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL) {
+ if ((module_msg = fr_pair_find_by_num(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL) {
char msg[MAX_STRING_LEN + 16];
snprintf(msg, sizeof(msg), "Invalid user (%s)",
module_msg->vp_strvalue);
return result;
}
if (!autz_retry) {
- tmp = pairfind(request->config, PW_AUTZ_TYPE, 0, TAG_ANY);
+ tmp = fr_pair_find_by_num(request->config, PW_AUTZ_TYPE, 0, TAG_ANY);
if (tmp) {
autz_type = tmp->vp_integer;
RDEBUG2("Using Autz-Type %s",
#ifdef WITH_PROXY
(request->proxy == NULL) &&
#endif
- ((tmp = pairfind(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY)) != NULL)) {
+ ((tmp = fr_pair_find_by_num(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY)) != NULL)) {
REALM *realm;
realm = realm_find2(tmp->vp_strvalue);
RDEBUG2("Failed to authenticate the user");
request->reply->code = PW_CODE_ACCESS_REJECT;
- if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL){
+ if ((module_msg = fr_pair_find_by_num(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL){
char msg[MAX_STRING_LEN+19];
snprintf(msg, sizeof(msg), "Login incorrect (%s)",
#ifdef WITH_SESSION_MGMT
if (result >= 0 &&
- (check_item = pairfind(request->config, PW_SIMULTANEOUS_USE, 0, TAG_ANY)) != NULL) {
+ (check_item = fr_pair_find_by_num(request->config, PW_SIMULTANEOUS_USE, 0, TAG_ANY)) != NULL) {
int r, session_type = 0;
char logstr[1024];
char umsg[MAX_STRING_LEN + 1];
- tmp = pairfind(request->config, PW_SESSION_TYPE, 0, TAG_ANY);
+ tmp = fr_pair_find_by_num(request->config, PW_SESSION_TYPE, 0, TAG_ANY);
if (tmp) {
session_type = tmp->vp_integer;
RDEBUG2("Using Session-Type %s",
/* Multilink attempt. Check if port-limit > simultaneous-use */
VALUE_PAIR *port_limit;
- if ((port_limit = pairfind(request->reply->vps, PW_PORT_LIMIT, 0, TAG_ANY)) != NULL &&
+ if ((port_limit = fr_pair_find_by_num(request->reply->vps, PW_PORT_LIMIT, 0, TAG_ANY)) != NULL &&
port_limit->vp_integer > check_item->vp_integer){
RDEBUG2("MPP is OK");
mpp_ok = 1;
* They're trying to log in too many times.
* Remove ALL reply attributes.
*/
- pairfree(&request->reply->vps);
- pairmake_reply("Reply-Message", umsg, T_OP_SET);
+ fr_pair_list_free(&request->reply->vps);
+ pair_make_reply("Reply-Message", umsg, T_OP_SET);
snprintf(logstr, sizeof(logstr), "Multiple logins (max %d) %s",
check_item->vp_integer,
result = rad_authenticate(request);
if (request->reply->code == PW_CODE_ACCESS_REJECT) {
- pairdelete(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
- vp = pairmake_config("Post-Auth-Type", "Reject", T_OP_SET);
+ fr_pair_delete_by_num(&request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
+ vp = pair_make_config("Post-Auth-Type", "Reject", T_OP_SET);
if (vp) rad_postauth(request);
}
return 0;
}
- ret = readvp2(NULL, &vp, fp, &filedone);
+ ret = fr_pair_list_afrom_file(NULL, &vp, fp, &filedone);
fclose(fp);
if (ret < 0) {
cprintf_error(listener, "Failed reading attributes from %s: %s\n",
(pair->rhs_type == T_BACK_QUOTED_STRING))) {
VALUE_PAIR *vp;
- vp = pairmake(pair, NULL, pair->attr, NULL, pair->op);
+ vp = fr_pair_make(pair, NULL, pair->attr, NULL, pair->op);
if (!vp) {
return NULL;
}
- if (pairmark_xlat(vp, pair->value) < 0) {
+ if (fr_pair_mark_xlat(vp, pair->value) < 0) {
talloc_free(vp);
return NULL;
return vp;
}
- return pairmake(pair, NULL, pair->attr, pair->value, pair->op);
+ return fr_pair_make(pair, NULL, pair->attr, pair->value, pair->op);
}
/*
}
}
- pairfree(&data->vps);
+ fr_pair_list_free(&data->vps);
data->state = STATE_HEADER;
goto do_header;
}
* FIXME: Maybe flag an error?
*/
if (!strchr(buffer, '\n')) {
- pairfree(&data->vps);
+ fr_pair_list_free(&data->vps);
goto cleanup;
}
if (ip_hton(&data->client_ip, AF_INET, value, false) < 0) {
ERROR("detail (%s): Failed parsing Client-IP-Address", data->name);
- pairfree(&data->vps);
+ fr_pair_list_free(&data->vps);
goto cleanup;
}
continue;
data->timestamp = atoi(value);
data->timestamp_offset = data->last_offset;
- vp = paircreate(data, PW_PACKET_ORIGINAL_TIMESTAMP, 0);
+ vp = fr_pair_afrom_num(data, PW_PACKET_ORIGINAL_TIMESTAMP, 0);
if (vp) {
vp->vp_date = (uint32_t) data->timestamp;
vp->type = VT_DATA;
* attributes like radsqlrelay does?
*/
vp = NULL;
- if ((userparse(data, buffer, &vp) > 0) &&
+ if ((fr_pair_list_afrom_str(data, buffer, &vp) > 0) &&
(vp != NULL)) {
fr_cursor_merge(&cursor, vp);
}
alloc_packet:
if (data->done_entry) {
DEBUG2("detail (%s): Skipping record for timestamp %lu", data->name, data->timestamp);
- pairfree(&data->vps);
+ fr_pair_list_free(&data->vps);
data->state = STATE_HEADER;
goto do_header;
}
if (data->state != STATE_QUEUED) {
ERROR("detail (%s): Truncated record: treating it as EOF for detail file %s",
data->name, data->filename_work);
- pairfree(&data->vps);
+ fr_pair_list_free(&data->vps);
goto cleanup;
}
* Otherwise, it lets us re-send the original packet
* contents, unmolested.
*/
- packet->vps = paircopy(packet, data->vps);
+ packet->vps = fr_pair_list_copy(packet, data->vps);
packet->code = PW_CODE_ACCOUNTING_REQUEST;
- vp = pairfind(packet->vps, PW_PACKET_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_PACKET_TYPE, 0, TAG_ANY);
if (vp) packet->code = vp->vp_integer;
gettimeofday(&packet->timestamp, NULL);
packet->src_ipaddr = data->client_ip;
}
- vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_PACKET_SRC_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->src_ipaddr.af = AF_INET;
packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
packet->src_ipaddr.prefix = 32;
} else {
- vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->src_ipaddr.af = AF_INET6;
memcpy(&packet->src_ipaddr.ipaddr.ip6addr,
}
}
- vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->dst_ipaddr.af = AF_INET;
packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
packet->dst_ipaddr.prefix = 32;
} else {
- vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->dst_ipaddr.af = AF_INET6;
memcpy(&packet->dst_ipaddr.ipaddr.ip6addr,
* "Timestamp" field is when we wrote the packet to the
* detail file, which could have been much later.
*/
- vp = pairfind(packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
if (vp) {
data->timestamp = vp->vp_integer;
}
* Look for Acct-Delay-Time, and update
* based on Acct-Delay-Time += (time(NULL) - timestamp)
*/
- vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (!vp) {
- vp = paircreate(packet, PW_ACCT_DELAY_TIME, 0);
+ vp = fr_pair_afrom_num(packet, PW_ACCT_DELAY_TIME, 0);
rad_assert(vp != NULL);
- pairadd(&packet->vps, vp);
+ fr_pair_add(&packet->vps, vp);
}
if (data->timestamp != 0) {
vp->vp_integer += time(NULL) - data->timestamp;
/*
* Set the transmission count.
*/
- vp = pairfind(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0, TAG_ANY);
if (!vp) {
- vp = paircreate(packet, PW_PACKET_TRANSMIT_COUNTER, 0);
+ vp = fr_pair_afrom_num(packet, PW_PACKET_TRANSMIT_COUNTER, 0);
rad_assert(vp != NULL);
- pairadd(&packet->vps, vp);
+ fr_pair_add(&packet->vps, vp);
}
vp->vp_integer = data->tries;
EVAL_DEBUG("CMP WITH PAIRCOMPARE");
rad_assert(map->lhs->type == TMPL_TYPE_ATTR);
- vp = pairalloc(request, map->lhs->tmpl_da);
+ vp = fr_pair_afrom_da(request, map->lhs->tmpl_da);
vp->op = c->data.map->op;
value_data_copy(vp, &vp->data, rhs_type, rhs, rhs_len);
/*
- * The pairmove() function in src/lib/valuepair.c does all sorts of
+ * The fr_pair_list_move() function in src/lib/valuepair.c does all sorts of
* extra magic that we don't want here.
*
* FIXME: integrate this with the code calling it, so that we
- * only paircopy() those attributes that we're really going to
+ * only fr_pair_list_copy() those attributes that we're really going to
* use.
*/
void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from, bool do_xlat)
*
* It also means that the operators apply ONLY to the
* attributes in the original list. With the previous
- * implementation of pairmove(), adding two attributes
+ * implementation of fr_pair_list_move(), adding two attributes
* via "+=" and then "=" would mean that the second one
* wasn't added, because of the existence of the first
* one in the "to" list. This implementation doesn't
* Also, the previous implementation did NOT implement
* "-=" correctly. If two of the same attributes existed
* in the "to" list, and you tried to subtract something
- * matching the *second* value, then the pairdelete()
+ * matching the *second* value, then the fr_pair_delete_by_num()
* function was called, and the *all* attributes of that
* number were deleted. With this implementation, only
* the matching attributes are deleted.
to_count = 0;
ctx = talloc_parent(*to);
- to_copy = paircopy(ctx, *to);
+ to_copy = fr_pair_list_copy(ctx, *to);
for (vp = to_copy; vp != NULL; vp = next) {
next = vp->next;
to_list[to_count++] = vp;
if (from_list[i]->op == T_OP_SET) {
RDEBUG4("::: OVERWRITING %s FROM %d TO %d",
to_list[j]->da->name, i, j);
- pairfree(&to_list[j]);
+ fr_pair_list_free(&to_list[j]);
to_list[j] = from_list[i];
from_list[i] = NULL;
edited[j] = true;
delete:
RDEBUG4("::: DELETING %s FROM %d TO %d",
from_list[i]->da->name, i, j);
- pairfree(&to_list[j]);
+ fr_pair_list_free(&to_list[j]);
to_list[j] = NULL;
}
break;
if (rcode > 0) {
RDEBUG4("::: REPLACING %s FROM %d TO %d",
from_list[i]->da->name, i, j);
- pairfree(&to_list[j]);
+ fr_pair_list_free(&to_list[j]);
to_list[j] = from_list[i];
from_list[i] = NULL;
edited[j] = true;
if (rcode < 0) {
RDEBUG4("::: REPLACING %s FROM %d TO %d",
from_list[i]->da->name, i, j);
- pairfree(&to_list[j]);
+ fr_pair_list_free(&to_list[j]);
to_list[j] = from_list[i];
from_list[i] = NULL;
edited[j] = true;
for (i = 0; i < from_count; i++) {
if (!from_list[i]) continue;
- pairfree(&from_list[i]);
+ fr_pair_list_free(&from_list[i]);
}
talloc_free(from_list);
/*
* Re-chain the "to" list.
*/
- pairfree(to);
+ fr_pair_list_free(to);
last = to;
if (to == &request->packet->vps) {
if (output_pairs) {
/*
* HACK: Replace '\n' with ',' so that
- * userparse() can parse the buffer in
+ * fr_pair_list_afrom_str() can parse the buffer in
* one go (the proper way would be to
- * fix userparse(), but oh well).
+ * fix fr_pair_list_afrom_str(), but oh well).
*/
for (p = answer; *p; p++) {
if (*p == '\n') {
answer[--len] = '\0';
}
- if (userparse(ctx, answer, output_pairs) == T_INVALID) {
+ if (fr_pair_list_afrom_str(ctx, answer, output_pairs) == T_INVALID) {
RERROR("Failed parsing output from: %s: %s", cmd, fr_strerror());
strlcpy(out, answer, len);
ret = -1;
*/
rad_assert(check_tmp == NULL);
rad_assert(reply_tmp == NULL);
- parsecode = userparse(ctx, ptr, &check_tmp);
+ parsecode = fr_pair_list_afrom_str(ctx, ptr, &check_tmp);
if (parsecode == T_INVALID) {
pairlist_free(&pl);
ERROR("%s[%d]: Parse error (check) for entry %s: %s",
* Parse the reply values. If there's a trailing
* comma, keep parsing the reply values.
*/
- parsecode = userparse(ctx, buffer, &reply_tmp);
+ parsecode = fr_pair_list_afrom_str(ctx, buffer, &reply_tmp);
if (parsecode == T_COMMA) {
continue;
}
*/
MEM(t = talloc_zero(ctx, PAIR_LIST));
- if (check_tmp) pairsteal(t, check_tmp);
- if (reply_tmp) pairsteal(t, reply_tmp);
+ if (check_tmp) fr_pair_steal(t, check_tmp);
+ if (reply_tmp) fr_pair_steal(t, reply_tmp);
t->check = check_tmp;
t->reply = reply_tmp;
return 0;
}
- vp = pairfind(request->config, PW_HOME_SERVER_POOL, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_HOME_SERVER_POOL, 0, TAG_ANY);
if (vp) {
if (!home_pool_byname(vp->vp_strvalue, HOME_TYPE_COA)) {
/*
* We have a destination IP address. It will (later) proxied.
*/
- vp = pairfind(request->config, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
- if (!vp) vp = pairfind(request->config, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
+ if (!vp) vp = fr_pair_find_by_num(request->config, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY);
if (!vp) return 0;
* with Service-Type = Authorize-Only, it MUST
* have a State attribute in it.
*/
- vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY);
if (request->packet->code == PW_CODE_COA_REQUEST) {
if (vp && (vp->vp_integer == 17)) {
- vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (!vp || (vp->vp_length == 0)) {
REDEBUG("CoA-Request with Service-Type = Authorize-Only MUST contain a State attribute");
request->reply->code = PW_CODE_COA_NAK;
* Copy State from the request to the reply.
* See RFC 5176 Section 3.3.
*/
- vp = paircopy_by_num(request->reply, request->packet->vps, PW_STATE, 0, TAG_ANY);
- if (vp) pairadd(&request->reply->vps, vp);
+ vp = fr_pair_list_copy_by_num(request->reply, request->packet->vps, PW_STATE, 0, TAG_ANY);
+ if (vp) fr_pair_add(&request->reply->vps, vp);
/*
* We may want to over-ride the reply.
const char *identity = SSL_get_psk_identity(sock->ssn->ssl);
if (identity) {
RDEBUG("Retrieved psk identity: %s", identity);
- pairmake_packet("TLS-PSK-Identity", identity, T_OP_SET);
+ pair_make_packet("TLS-PSK-Identity", identity, T_OP_SET);
}
#endif
}
if ((size_t) rlen < len) {
free_vp:
- pairfree(&vp);
+ fr_pair_list_free(&vp);
return false;
}
talloc_free(map->lhs);
map->lhs = vpt;
- pairfree(&vp);
+ fr_pair_list_free(&vp);
VERIFY_MAP(map);
* Automagically switch output type depending on our destination
* If dst is a list, then we create attributes from the output of the program
* if dst is an attribute, then we create an attribute of that type and then
- * call pairparsevalue on the output of the script.
+ * call fr_pair_value_from_str on the output of the script.
*/
result = radius_exec_program(ctx, answer, sizeof(answer),
(map->lhs->type == TMPL_TYPE_LIST) ? &output_pairs : NULL,
{
VALUE_PAIR *vp;
- vp = pairalloc(ctx, map->lhs->tmpl_da);
+ vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
if (!vp) return -1;
vp->op = map->op;
- if (pairparsevalue(vp, answer, -1) < 0) {
- pairfree(&vp);
+ if (fr_pair_value_from_str(vp, answer, -1) < 0) {
+ fr_pair_list_free(&vp);
return -2;
}
*out = vp;
}
if (!from) return 0;
- found = paircopy(ctx, *from);
+ found = fr_pair_list_copy(ctx, *from);
/*
* List to list copy is empty if the src list has no attributes.
rad_assert(map->lhs->tmpl_da); /* We need to know which attribute to create */
rad_assert(map->rhs->tmpl_xlat != NULL);
- new = pairalloc(ctx, map->lhs->tmpl_da);
+ new = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
if (!new) return -1;
str = NULL;
RDEBUG2("EXPAND %s", map->rhs->name);
RDEBUG2(" --> %s", str);
- rcode = pairparsevalue(new, str, -1);
+ rcode = fr_pair_value_from_str(new, str, -1);
talloc_free(str);
if (rcode < 0) {
- pairfree(&new);
+ fr_pair_list_free(&new);
goto error;
}
new->op = map->op;
rad_assert(map->lhs->type == TMPL_TYPE_ATTR);
rad_assert(map->lhs->tmpl_da); /* We need to know which attribute to create */
- new = pairalloc(ctx, map->lhs->tmpl_da);
+ new = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
if (!new) return -1;
str = NULL;
goto error;
}
- rcode = pairparsevalue(new, str, -1);
+ rcode = fr_pair_value_from_str(new, str, -1);
talloc_free(str);
if (rcode < 0) {
- pairfree(&new);
+ fr_pair_list_free(&new);
goto error;
}
new->op = map->op;
rad_assert(map->lhs->type == TMPL_TYPE_ATTR);
rad_assert(map->lhs->tmpl_da); /* We need to know which attribute to create */
- new = pairalloc(ctx, map->lhs->tmpl_da);
+ new = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
if (!new) return -1;
- if (pairparsevalue(new, map->rhs->name, -1) < 0) {
+ if (fr_pair_value_from_str(new, map->rhs->name, -1) < 0) {
rcode = 0;
goto error;
}
(void) fr_cursor_init(&to, out);
for (; vp; vp = fr_cursor_next(&from)) {
- new = pairalloc(ctx, map->lhs->tmpl_da);
+ new = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
if (!new) return -1;
len = value_data_cast(new, &new->data, new->da->type, new->da,
vp->da->type, vp->da, &vp->data, vp->vp_length);
if (len < 0) {
REDEBUG("Attribute conversion failed: %s", fr_strerror());
- pairfree(&found);
- pairfree(&new);
+ fr_pair_list_free(&found);
+ fr_pair_list_free(&new);
return -1;
}
rad_assert(map->lhs->type == TMPL_TYPE_ATTR);
rad_assert(map->lhs->tmpl_da->type == map->rhs->tmpl_data_type);
- new = pairalloc(ctx, map->lhs->tmpl_da);
+ new = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
if (!new) return -1;
len = value_data_copy(new, &new->data, new->da->type, &map->rhs->tmpl_data_value,
rad_assert(0); /* Should have been caught at parse time */
error:
- pairfree(&vp);
+ fr_pair_list_free(&vp);
return rcode;
}
rad_assert(!head);
/* Clear the entire dst list */
- pairfree(list);
+ fr_pair_list_free(list);
if (map->lhs->tmpl_list == PAIR_LIST_REQUEST) {
context->username = NULL;
case T_OP_SET:
if (map->rhs->type == TMPL_TYPE_LIST) {
- pairfree(list);
+ fr_pair_list_free(list);
*list = head;
head = NULL;
} else {
case T_OP_EQ:
rad_assert(map->rhs->type == TMPL_TYPE_EXEC);
case T_OP_ADD:
- pairmove(parent, list, &head);
- pairfree(&head);
+ fr_pair_list_move(parent, list, &head);
+ fr_pair_list_free(&head);
}
goto finish;
default:
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
}
* Wildcard: delete all of the matching ones, based on tag.
*/
if (map->lhs->tmpl_num == NUM_ANY) {
- pairdelete(list, map->lhs->tmpl_da->attr, map->lhs->tmpl_da->vendor, map->lhs->tmpl_tag);
+ fr_pair_delete_by_num(list, map->lhs->tmpl_da->attr, map->lhs->tmpl_da->vendor, map->lhs->tmpl_tag);
dst = NULL;
/*
* We've found the Nth one. Delete it, and only it.
*/
} else {
dst = fr_cursor_remove(&dst_list);
- pairfree(&dst);
+ fr_pair_list_free(&dst);
}
/*
case T_OP_SUB:
/* We didn't find any attributes earlier */
if (!dst) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return 0;
}
rcode = radius_compare_vps(request, vp, dst);
if (rcode == 0) {
dst = fr_cursor_remove(&dst_list);
- pairfree(&dst);
+ fr_pair_list_free(&dst);
found = true;
}
}
- pairfree(&head);
+ fr_pair_list_free(&head);
if (!found) return 0;
goto finish;
}
rcode = radius_compare_vps(request, vp, dst);
if (rcode == 0) {
dst = fr_cursor_remove(&dst_list);
- pairfree(&dst);
+ fr_pair_list_free(&dst);
found = true;
}
}
}
- pairfree(&head);
+ fr_pair_list_free(&head);
if (!found) return 0;
goto finish;
}
case T_OP_EQ:
if (dst) {
RDEBUG3("Refusing to overwrite (use :=)");
- pairfree(&head);
+ fr_pair_list_free(&head);
return 0;
}
fr_cursor_first(&src_list);
fr_cursor_insert(&dst_list, fr_cursor_remove(&src_list));
/* Free any we didn't insert */
- pairfree(&head);
+ fr_pair_list_free(&head);
break;
/*
if (dst) {
DEBUG_OVERWRITE(dst, fr_cursor_current(&src_list));
dst = fr_cursor_replace(&dst_list, fr_cursor_remove(&src_list));
- pairfree(&dst);
+ fr_pair_list_free(&dst);
} else {
fr_cursor_insert(&dst_list, fr_cursor_remove(&src_list));
}
/* Free any we didn't insert */
- pairfree(&head);
+ fr_pair_list_free(&head);
break;
/*
*/
case T_OP_ADD:
/* Insert all the instances! (if multiple) */
- pairadd(list, head);
+ fr_pair_add(list, head);
head = NULL;
break;
replace:
dst = fr_cursor_remove(&dst_list);
DEBUG_OVERWRITE(dst, fr_cursor_current(&src_list));
- pairfree(&dst);
+ fr_pair_list_free(&dst);
fr_cursor_insert(&dst_list, fr_cursor_remove(&src_list));
found = true;
continue;
goto replace;
default:
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
}
- pairfree(&head);
+ fr_pair_list_free(&head);
if (!found) return 0;
break;
* If we don't remove the request data, something could call
* the xlat outside of a foreach loop and trigger a segv.
*/
- pairfree(&vps);
+ fr_pair_list_free(&vps);
request_data_get(request, (void *)radius_get_vp, foreach_depth);
rad_assert(next != NULL);
/*
* Mark it as requiring a paircompare() call, instead of
- * paircmp().
+ * fr_pair_cmp().
*/
c->pass2_fixup = PASS2_PAIRCOMPARE;
WARN("Are you sure you don't mean Cleartext-Password?");
WARN("See \"man rlm_pap\" for more information");
}
- if (pairfind(req_list, PW_USER_PASSWORD, 0, TAG_ANY) == NULL) {
+ if (fr_pair_find_by_num(req_list, PW_USER_PASSWORD, 0, TAG_ANY) == NULL) {
continue;
}
break;
return result;
}
-/** Expands an attribute marked with pairmark_xlat
+/** Expands an attribute marked with fr_pair_mark_xlat
*
* Writes the new value to the vp.
*
* then we just want to copy the new value in unmolested.
*/
if ((vp->op == T_OP_REG_EQ) || (vp->op == T_OP_REG_NE)) {
- pairstrsteal(vp, expanded);
+ fr_pair_value_strsteal(vp, expanded);
return 0;
}
- if (pairparsevalue(vp, expanded, -1) < 0){
+ if (fr_pair_value_from_str(vp, expanded, -1) < 0){
talloc_free(expanded);
return -2;
}
* @param[in] vendor number.
* @return a new VLAUE_PAIR or causes server to exit on error.
*/
-VALUE_PAIR *radius_paircreate(TALLOC_CTX *ctx, VALUE_PAIR **vps,
+VALUE_PAIR *radius_pair_create(TALLOC_CTX *ctx, VALUE_PAIR **vps,
unsigned int attribute, unsigned int vendor)
{
VALUE_PAIR *vp;
- vp = paircreate(ctx, attribute, vendor);
+ vp = fr_pair_afrom_num(ctx, attribute, vendor);
if (!vp) {
ERROR("No memory!");
rad_assert("No memory" == NULL);
fr_exit_now(1);
}
- if (vps) pairadd(vps, vp);
+ if (vps) fr_pair_add(vps, vp);
return vp;
}
p = talloc_vasprintf(request, fmt, aq);
va_end(aq);
- MEM(vp = pairmake_packet("Module-Failure-Message", NULL, T_OP_ADD));
+ MEM(vp = pair_make_packet("Module-Failure-Message", NULL, T_OP_ADD));
if (request->module && (request->module[0] != '\0')) {
- pairsprintf(vp, "%s: %s", request->module, p);
+ fr_pair_value_sprintf(vp, "%s: %s", request->module, p);
} else {
- pairsprintf(vp, "%s", p);
+ fr_pair_value_sprintf(vp, "%s", p);
}
talloc_free(p);
}
* process it.
*/
if (request->packet->dst_port == 0) {
- request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
- request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
return 1;
}
}
if (!request->username) {
- request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
}
return 1;
/*
* Override the response code if a control:Response-Packet-Type attribute is present.
*/
- vp = pairfind(request->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
if (vp) {
if (vp->vp_integer == 256) {
RDEBUG2("Not responding to request");
*/
else if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
if (request->reply->code == 0) {
- vp = pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
if (!vp || (vp->vp_integer != 5)) {
RDEBUG2("There was no response configured: "
"rejecting request");
/*
* Copy Proxy-State from the request to the reply.
*/
- vp = paircopy_by_num(request->reply, request->packet->vps,
+ vp = fr_pair_list_copy_by_num(request->reply, request->packet->vps,
PW_PROXY_STATE, 0, TAG_ANY);
- if (vp) pairadd(&request->reply->vps, vp);
+ if (vp) fr_pair_add(&request->reply->vps, vp);
/*
* Call Post-Auth for Access-Request packets.
#endif
request->listener->decode(request->listener, request);
- request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
- request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
fun(request);
* Delete any reply we had accumulated until now.
*/
RDEBUG2("Clearing existing &reply: attributes");
- pairfree(&request->reply->vps);
+ fr_pair_list_free(&request->reply->vps);
/*
* Run the packet through the post-proxy stage,
* BEFORE playing games with the attributes.
*/
- vp = pairfind(request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
if (vp) {
post_proxy_type = vp->vp_integer;
/*
* Create config:Post-Proxy-Type
*/
if (dval) {
- vp = radius_paircreate(request, &request->config, PW_POST_PROXY_TYPE, 0);
+ vp = radius_pair_create(request, &request->config, PW_POST_PROXY_TYPE, 0);
vp->vp_integer = dval->value;
}
}
* running Post-Proxy-Type = Fail.
*/
if (reply) {
- pairadd(&request->reply->vps, paircopy(request->reply, reply->vps));
+ fr_pair_add(&request->reply->vps, fr_pair_list_copy(request->reply, reply->vps));
/*
* Delete the Proxy-State Attributes from
* the reply. These include Proxy-State
* attributes from us and remote server.
*/
- pairdelete(&request->reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
}
switch (rcode) {
if (!dval) dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, "Fail");
if (!dval) {
- pairdelete(&request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
return 0;
}
- vp = pairfind(request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
- if (!vp) vp = radius_paircreate(request, &request->config,
+ vp = fr_pair_find_by_num(request->config, PW_POST_PROXY_TYPE, 0, TAG_ANY);
+ if (!vp) vp = radius_pair_create(request, &request->config,
PW_POST_PROXY_TYPE, 0);
vp->vp_integer = dval->value;
*/
if (request->reply->code != 0) return 0;
- vp = pairfind(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (vp) {
realm = realm_find2(vp->vp_strvalue);
if (!realm) {
return 0;
}
- } else if ((vp = pairfind(request->config, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) {
+ } else if ((vp = fr_pair_find_by_num(request->config, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) {
int pool_type;
switch (request->packet->code) {
/*
* Send it directly to a home server (i.e. NAS)
*/
- } else if (((vp = pairfind(request->config, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY)) != NULL) ||
- ((vp = pairfind(request->config, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL)) {
+ } else if (((vp = fr_pair_find_by_num(request->config, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY)) != NULL) ||
+ ((vp = fr_pair_find_by_num(request->config, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL)) {
VALUE_PAIR *port;
uint16_t dst_port;
fr_ipaddr_t dst_ipaddr;
dst_ipaddr.prefix = 128;
}
- port = pairfind(request->config, PW_PACKET_DST_PORT, 0, TAG_ANY);
+ port = fr_pair_find_by_num(request->config, PW_PACKET_DST_PORT, 0, TAG_ANY);
if (!port) {
if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
dst_port = PW_AUTH_UDP_PORT;
/*
* Remember that we sent the request to a Realm.
*/
- if (realmname) pairmake_packet("Realm", realmname, T_OP_EQ);
+ if (realmname) pair_make_packet("Realm", realmname, T_OP_EQ);
/*
* Strip the name, if told to.
* requests.
*/
if (realm && (realm->strip_realm == true) &&
- (strippedname = pairfind(request->proxy->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY)) != NULL) {
+ (strippedname = fr_pair_find_by_num(request->proxy->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY)) != NULL) {
/*
* If there's a Stripped-User-Name attribute in
* the request, then use THAT as the User-Name
* from the vps list, and making the new
* User-Name the head of the vps list.
*/
- vp = pairfind(request->proxy->vps, PW_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->proxy->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
vp_cursor_t cursor;
- vp = radius_paircreate(NULL, NULL,
+ vp = radius_pair_create(NULL, NULL,
PW_USER_NAME, 0);
rad_assert(vp != NULL); /* handled by above function */
/* Insert at the START of the list */
fr_cursor_merge(&cursor, request->proxy->vps);
request->proxy->vps = vp;
}
- pairstrcpy(vp, strippedname->vp_strvalue);
+ fr_pair_value_strcpy(vp, strippedname->vp_strvalue);
/*
* Do NOT delete Stripped-User-Name.
* anymore - we changed it.
*/
if ((request->packet->code == PW_CODE_ACCESS_REQUEST) &&
- pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
- pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
- vp = radius_paircreate(request->proxy, &request->proxy->vps, PW_CHAP_CHALLENGE, 0);
- pairmemcpy(vp, request->packet->vector, sizeof(request->packet->vector));
+ fr_pair_find_by_num(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
+ fr_pair_find_by_num(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
+ vp = radius_pair_create(request->proxy, &request->proxy->vps, PW_CHAP_CHALLENGE, 0);
+ fr_pair_value_memcpy(vp, request->packet->vector, sizeof(request->packet->vector));
}
/*
* The RFC's say we have to do this, but FreeRADIUS
* doesn't need it.
*/
- vp = radius_paircreate(request->proxy, &request->proxy->vps, PW_PROXY_STATE, 0);
- pairsprintf(vp, "%u", request->packet->id);
+ vp = radius_pair_create(request->proxy, &request->proxy->vps, PW_PROXY_STATE, 0);
+ fr_pair_value_sprintf(vp, "%u", request->packet->id);
/*
* Should be done BEFORE inserting into proxy hash, as
/*
* Call the pre-proxy routines.
*/
- vp = pairfind(request->config, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
if (vp) {
DICT_VALUE const *dval = dict_valbyattr(vp->da->attr, vp->da->vendor, vp->vp_integer);
/* Must be a validation issue */
fake = request_alloc_fake(request);
- fake->packet->vps = paircopy(fake->packet, request->packet->vps);
+ fake->packet->vps = fr_pair_list_copy(fake->packet, request->packet->vps);
talloc_free(request->proxy);
fake->server = request->home_server->server;
if (request->packet->code == PW_CODE_ACCOUNTING_REQUEST) {
VALUE_PAIR *vp;
- vp = pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
- if (!vp) vp = radius_paircreate(request->proxy,
+ vp = fr_pair_find_by_num(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
+ if (!vp) vp = radius_pair_create(request->proxy,
&request->proxy->vps,
PW_ACCT_DELAY_TIME, 0);
if (vp) {
if (home->ping_check == HOME_PING_CHECK_STATUS_SERVER) {
request->proxy->code = PW_CODE_STATUS_SERVER;
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"Message-Authenticator", "0x00", T_OP_SET);
} else if (home->type == HOME_TYPE_AUTH) {
request->proxy->code = PW_CODE_ACCESS_REQUEST;
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"User-Name", home->ping_user_name, T_OP_SET);
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"User-Password", home->ping_user_password, T_OP_SET);
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"Service-Type", "Authenticate-Only", T_OP_SET);
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"Message-Authenticator", "0x00", T_OP_SET);
} else {
#ifdef WITH_ACCOUNTING
request->proxy->code = PW_CODE_ACCOUNTING_REQUEST;
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"User-Name", home->ping_user_name, T_OP_SET);
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"Acct-Status-Type", "Stop", T_OP_SET);
- pairmake(request->proxy, &request->proxy->vps,
+ fr_pair_make(request->proxy, &request->proxy->vps,
"Acct-Session-Id", "00000000", T_OP_SET);
- vp = pairmake(request->proxy, &request->proxy->vps,
+ vp = fr_pair_make(request->proxy, &request->proxy->vps,
"Event-Timestamp", "0", T_OP_SET);
vp->vp_date = now.tv_sec;
#else
#endif
}
- vp = pairmake(request->proxy, &request->proxy->vps,
+ vp = fr_pair_make(request->proxy, &request->proxy->vps,
"NAS-Identifier", "", T_OP_SET);
if (vp) {
- pairsprintf(vp, "Status Check %u. Are you alive?",
+ fr_pair_value_sprintf(vp, "Status Check %u. Are you alive?",
home->num_sent_pings);
}
* get a new ID.
*/
if ((request->packet->code == PW_CODE_ACCOUNTING_REQUEST) &&
- pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY)) {
+ fr_pair_find_by_num(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY)) {
request_proxy_anew(request);
return;
}
/*
* Check whether we want to originate one, or cancel one.
*/
- vp = pairfind(request->config, PW_SEND_COA_REQUEST, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_SEND_COA_REQUEST, 0, TAG_ANY);
if (!vp) {
- vp = pairfind(request->coa->proxy->vps, PW_SEND_COA_REQUEST, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->coa->proxy->vps, PW_SEND_COA_REQUEST, 0, TAG_ANY);
}
if (vp) {
* src_ipaddr will be set up in proxy_encode.
*/
memset(&ipaddr, 0, sizeof(ipaddr));
- vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
ipaddr.af = AF_INET;
ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
ipaddr.prefix = 32;
- } else if ((vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL) {
+ } else if ((vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL) {
ipaddr.af = AF_INET6;
ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
ipaddr.prefix = 128;
- } else if ((vp = pairfind(coa->proxy->vps, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) {
+ } else if ((vp = fr_pair_find_by_num(coa->proxy->vps, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) {
coa->home_pool = home_pool_byname(vp->vp_strvalue,
HOME_TYPE_COA);
if (!coa->home_pool) {
} else if (!coa->home_server) {
uint16_t port = PW_COA_UDP_PORT;
- vp = pairfind(coa->proxy->vps, PW_PACKET_DST_PORT, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_DST_PORT, 0, TAG_ANY);
if (vp) port = vp->vp_integer;
coa->home_server = home_server_find(&ipaddr, port, IPPROTO_UDP);
}
}
- vp = pairfind(coa->proxy->vps, PW_PACKET_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(coa->proxy->vps, PW_PACKET_TYPE, 0, TAG_ANY);
if (vp) {
switch (vp->vp_integer) {
case PW_CODE_COA_REQUEST:
coa->packet = rad_copy_packet(coa, request->packet);
coa->reply = rad_copy_packet(coa, request->reply);
- coa->config = paircopy(coa, request->config);
+ coa->config = fr_pair_list_copy(coa, request->config);
coa->num_coa_requests = 0;
coa->handle = null_handler;
coa->number = request->number; /* it's associated with the same request */
/*
* Call the pre-proxy routines.
*/
- vp = pairfind(request->config, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
if (vp) {
DICT_VALUE const *dval = dict_valbyattr(vp->da->attr, vp->da->vendor, vp->vp_integer);
/* Must be a validation issue */
p += 7;
}
- if (userparse(NULL, p, &head) != T_EOL) {
+ if (fr_pair_list_afrom_str(NULL, p, &head) != T_EOL) {
strlcpy(output, fr_strerror(), sizeof(output));
continue;
}
if (len == 0) break;
}
- pairfree(&head);
+ fr_pair_list_free(&head);
outlen = attr - data;
goto print_hex;
}
vp = NULL;
my_len = rad_attr2vp(NULL, NULL, NULL, NULL, attr, len, &vp);
if (my_len < 0) {
- pairfree(&head);
+ fr_pair_list_free(&head);
break;
}
}
}
- pairfree(&head);
+ fr_pair_list_free(&head);
} else if (my_len < 0) {
strlcpy(output, fr_strerror(), sizeof(output));
p += 12;
}
- if (userparse(NULL, p, &head) != T_EOL) {
+ if (fr_pair_list_afrom_str(NULL, p, &head) != T_EOL) {
strlcpy(output, fr_strerror(), sizeof(output));
continue;
}
attr += len;
};
- pairfree(&head);
+ fr_pair_list_free(&head);
outlen = attr - data;
goto print_hex;
}
}
}
- pairfree(&head);
+ fr_pair_list_free(&head);
} else if (my_len < 0) {
strlcpy(output, fr_strerror(), sizeof(output));
if (strncmp(p, "attribute ", 10) == 0) {
p += 10;
- if (userparse(NULL, p, &head) != T_EOL) {
+ if (fr_pair_list_afrom_str(NULL, p, &head) != T_EOL) {
strlcpy(output, fr_strerror(), sizeof(output));
continue;
}
VALUE_PAIR *challenge, *reply;
uint8_t nthash[16];
- pairdelete(&packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
- challenge = paircreate(packet, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT);
+ challenge = fr_pair_afrom_num(packet, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT);
if (!challenge) {
return 0;
}
- pairadd(request, challenge);
+ fr_pair_add(request, challenge);
challenge->vp_length = 8;
challenge->vp_octets = p = talloc_array(challenge, uint8_t, challenge->vp_length);
for (i = 0; i < challenge->vp_length; i++) {
p[i] = fr_rand();
}
- reply = paircreate(packet, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT);
+ reply = fr_pair_afrom_num(packet, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT);
if (!reply) {
return 0;
}
- pairadd(request, reply);
+ fr_pair_add(request, reply);
reply->vp_length = 50;
reply->vp_octets = p = talloc_array(reply, uint8_t, reply->vp_length);
memset(p, 0, reply->vp_length);
/*
* Read the request VP's.
*/
- if (readvp2(request->packet, &request->packet->vps, packets, &packets_done) < 0) {
+ if (fr_pair_list_afrom_file(request->packet, &request->packet->vps, packets, &packets_done) < 0) {
char const *input;
if ((files->packets[0] == '-') && (files->packets[1] == '\0')) {
if (filters) {
bool filters_done;
- if (readvp2(request, &request->filter, filters, &filters_done) < 0) {
+ if (fr_pair_list_afrom_file(request, &request->filter, filters, &filters_done) < 0) {
REDEBUG("Error parsing \"%s\"", files->filters);
goto error;
}
/*
* This allows efficient list comparisons later
*/
- pairsort(&request->filter, attrtagcmp);
+ fr_pair_list_sort(&request->filter, fr_pair_cmp_by_da_tag);
}
/*
vp->da = da;
/*
- * Re-do pairmemsteal ourselves,
+ * Re-do fr_pair_value_memsteal ourselves,
* because we play games with
- * vp->da, and pairmemsteal goes
+ * vp->da, and fr_pair_value_memsteal goes
* to GREAT lengths to sanitize
* and fix and change and
* double-check the various
/*
* CHAP-Password is octets, so it may not be zero terminated.
*/
- request->password = pairmake(request->packet, &request->packet->vps, "Cleartext-Password",
+ request->password = fr_pair_make(request->packet, &request->packet->vps, "Cleartext-Password",
"", T_OP_EQ);
- pairbstrncpy(request->password, vp->vp_strvalue, vp->vp_length);
+ fr_pair_value_bstrncpy(request->password, vp->vp_strvalue, vp->vp_length);
break;
case PW_USER_PASSWORD:
case PW_MS_CHAP_PASSWORD:
- request->password = pairmake(request->packet, &request->packet->vps, "Cleartext-Password",
+ request->password = fr_pair_make(request->packet, &request->packet->vps, "Cleartext-Password",
vp->vp_strvalue, T_OP_EQ);
break;
if (request->password) {
VALUE_PAIR *vp;
- if ((vp = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
- pairstrcpy(vp, request->password->vp_strvalue);
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
+ fr_pair_value_strcpy(vp, request->password->vp_strvalue);
- } else if ((vp = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
+ } else if ((vp = fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
uint8_t buffer[17];
rad_chap_encode(request->packet, buffer, fr_rand() & 0xff, request->password);
- pairmemcpy(vp, buffer, 17);
+ fr_pair_value_memcpy(vp, buffer, 17);
- } else if (pairfind(request->packet->vps, PW_MS_CHAP_PASSWORD, 0, TAG_ANY) != NULL) {
+ } else if (fr_pair_find_by_num(request->packet->vps, PW_MS_CHAP_PASSWORD, 0, TAG_ANY) != NULL) {
mschapv1_encode(request->packet, &request->packet->vps, request->password->vp_strvalue);
} else {
} else {
VALUE_PAIR const *failed[2];
- pairsort(&request->reply->vps, attrtagcmp);
- if (pairvalidate(failed, request->filter, request->reply->vps)) {
+ fr_pair_list_sort(&request->reply->vps, fr_pair_cmp_by_da_tag);
+ if (fr_pair_validate(failed, request->filter, request->reply->vps)) {
RDEBUG("%s: Response passed filter", request->name);
stats.passed++;
} else {
- pairvalidate_debug(request, failed);
+ fr_pair_validate_debug(request, failed);
REDEBUG("%s: Response for failed filter", request->name);
stats.failed++;
}
VALUE_PAIR *vp;
for (i = 0; i < conf->list_da_num; i++) {
- vp = pair_find_by_da(packet->vps, conf->list_da[i], TAG_ANY);
+ vp = fr_pair_find_by_da(packet->vps, conf->list_da[i], TAG_ANY);
if (vp && (vp->vp_length > 0)) {
if (conf->list_da[i]->type == PW_TYPE_STRING) {
*p++ = '"';
char vector[(AUTH_VECTOR_LEN * 2) + 1];
if (packet->vps) {
- pairsort(&packet->vps, attrtagcmp);
+ fr_pair_list_sort(&packet->vps, fr_pair_cmp_by_da_tag);
vp_printlist(fr_log_fp, packet->vps);
}
}
do {
- copy = paircopyvp(ctx, match);
+ copy = fr_pair_copy(ctx, match);
if (!copy) {
- pairfree(out);
+ fr_pair_list_free(out);
return -1;
}
fr_cursor_insert(&out_cursor, copy);
* Now verify the packet passes the attribute filter
*/
if (conf->filter_response_vps) {
- pairsort(¤t->vps, attrtagcmp);
- if (!pairvalidate_relaxed(NULL, conf->filter_response_vps, current->vps)) {
+ fr_pair_list_sort(¤t->vps, fr_pair_cmp_by_da_tag);
+ if (!fr_pair_validate_relaxed(NULL, conf->filter_response_vps, current->vps)) {
goto drop_response;
}
}
return;
}
- pairsort(¤t->vps, attrtagcmp);
+ fr_pair_list_sort(¤t->vps, fr_pair_cmp_by_da_tag);
}
/*
* Now verify the packet passes the attribute filter
*/
if (conf->filter_request_vps) {
- if (!pairvalidate_relaxed(NULL, conf->filter_request_vps, current->vps)) {
+ if (!fr_pair_validate_relaxed(NULL, conf->filter_request_vps, current->vps)) {
goto drop_request;
}
}
for (vp = fr_cursor_init(&cursor, &search.link_vps);
vp;
vp = fr_cursor_next(&cursor)) {
- pairsteal(original, search.link_vps);
+ fr_pair_steal(original, search.link_vps);
}
original->link_vps = search.link_vps;
rcode = fr_ipaddr_cmp(&a->expect->dst_ipaddr, &b->expect->dst_ipaddr);
if (rcode != 0) return rcode;
- return pairlistcmp(a->link_vps, b->link_vps);
+ return fr_pair_list_cmp(a->link_vps, b->link_vps);
}
static int rs_build_dict_list(DICT_ATTR const **out, size_t len, char *list)
VALUE_PAIR *vp;
FR_TOKEN code;
- code = userparse(conf, filter, out);
+ code = fr_pair_list_afrom_str(conf, filter, out);
if (code == T_INVALID) {
ERROR("Invalid RADIUS filter \"%s\" (%s)", filter, fr_strerror());
return -1;
/*
* This allows efficient list comparisons later
*/
- pairsort(out, attrtagcmp);
+ fr_pair_list_sort(out, fr_pair_cmp_by_da_tag);
return 0;
}
* attribute is the one hacked through
* the 'hints' file.
*/
- request->proxy->vps = paircopy(request->proxy,
+ request->proxy->vps = fr_pair_list_copy(request->proxy,
request->packet->vps);
}
* unless one already exists.
*/
if ((request->packet->code == PW_CODE_ACCESS_REQUEST) &&
- !pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY)) {
- pairmake(request->proxy, &request->proxy->vps,
+ !fr_pair_find_by_num(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY)) {
+ fr_pair_make(request->proxy, &request->proxy->vps,
"Message-Authenticator", "0x00",
T_OP_SET);
}
break;
case HOME_POOL_KEYED_BALANCE:
- if ((vp = pairfind(request->config, PW_LOAD_BALANCE_KEY, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->config, PW_LOAD_BALANCE_KEY, 0, TAG_ANY)) != NULL) {
hash = fr_hash(vp->vp_strvalue, vp->vp_length);
start = hash % pool->num_home_servers;
break;
/* Hold your breath */
#define PAIR(n,v,e) do { \
- if(!(vp = paircreate(stopreq->packet,n, 0))) { \
+ if(!(vp = fr_pair_afrom_num(stopreq->packet,n, 0))) { \
talloc_free(stopreq); \
ERROR("no memory"); \
- pairfree(&(stopreq->packet->vps)); \
+ fr_pair_list_free(&(stopreq->packet->vps)); \
return 0; \
} \
vp->e = v; \
- pairadd(&(stopreq->packet->vps), vp); \
+ fr_pair_add(&(stopreq->packet->vps), vp); \
} while(0)
#define INTPAIR(n,v) PAIR(n,v,vp_integer)
#define IPPAIR(n,v) PAIR(n,v,vp_ipaddr)
#define STRINGPAIR(n,v) do { \
- if(!(vp = paircreate(stopreq->packet,n, 0))) { \
+ if(!(vp = fr_pair_afrom_num(stopreq->packet,n, 0))) { \
talloc_free(stopreq); \
ERROR("no memory"); \
- pairfree(&(stopreq->packet->vps)); \
+ fr_pair_list_free(&(stopreq->packet->vps)); \
return 0; \
} \
- pairstrcpy(vp, v); \
- pairadd(&(stopreq->packet->vps), vp); \
+ fr_pair_value_strcpy(vp, v); \
+ fr_pair_add(&(stopreq->packet->vps), vp); \
} while(0)
INTPAIR(PW_ACCT_STATUS_TYPE, PW_STATUS_STOP);
}
data_len -= 18;
- vp = pairmake_packet("SoH-MS-Machine-OS-vendor", "Microsoft", T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-OS-vendor", "Microsoft", T_OP_EQ);
if (!vp) return 0;
- vp = pairmake_packet("SoH-MS-Machine-OS-version", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-OS-version", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_integer = soh_pull_be_32(p); p+=4;
- vp = pairmake_packet("SoH-MS-Machine-OS-release", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-OS-release", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_integer = soh_pull_be_32(p); p+=4;
- vp = pairmake_packet("SoH-MS-Machine-OS-build", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-OS-build", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_integer = soh_pull_be_32(p); p+=4;
- vp = pairmake_packet("SoH-MS-Machine-SP-version", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-SP-version", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_integer = soh_pull_be_16(p); p+=2;
- vp = pairmake_packet("SoH-MS-Machine-SP-release", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-SP-release", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_integer = soh_pull_be_16(p); p+=2;
- vp = pairmake_packet("SoH-MS-Machine-Processor", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-Processor", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_integer = soh_pull_be_16(p); p+=2;
t = soh_pull_be_16(p);
p += 2;
- vp = pairmake_packet("SoH-MS-Machine-Name", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-Name", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_strvalue = q = talloc_array(vp, char, t);
* 24 bytes opaque binary which we might, in future, have
* to echo back to the client in a final SoHR
*/
- vp = pairmake_packet("SoH-MS-Correlation-Id", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Correlation-Id", NULL, T_OP_EQ);
if (!vp) return 0;
- pairmemcpy(vp, p, 24);
+ fr_pair_value_memcpy(vp, p, 24);
p += 24;
data_len -= 24;
break;
* 1 byte product type (client=1 domain_controller=2 server=3)
*/
p += 4;
- vp = pairmake_packet("SoH-MS-Machine-Role", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Machine-Role", NULL, T_OP_EQ);
if (!vp) return 0;
vp->vp_integer = *p;
RDEBUG2("SoH Health-Class-Status microsoft DWORD=%08x", hcstatus);
- vp = pairmake_packet("SoH-MS-Windows-Health-Status", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Windows-Health-Status", NULL, T_OP_EQ);
if (!vp) return 0;
switch (curr_hc) {
s = "security-updates";
switch (hcstatus) {
case 0xff0005:
- pairsprintf(vp, "%s ok all-installed", s);
+ fr_pair_value_sprintf(vp, "%s ok all-installed", s);
break;
case 0xff0006:
- pairsprintf(vp, "%s warn some-missing", s);
+ fr_pair_value_sprintf(vp, "%s warn some-missing", s);
break;
case 0xff0008:
- pairsprintf(vp, "%s warn never-started", s);
+ fr_pair_value_sprintf(vp, "%s warn never-started", s);
break;
case 0xc0ff000c:
- pairsprintf(vp, "%s error no-wsus-srv", s);
+ fr_pair_value_sprintf(vp, "%s error no-wsus-srv", s);
break;
case 0xc0ff000d:
- pairsprintf(vp, "%s error no-wsus-clid", s);
+ fr_pair_value_sprintf(vp, "%s error no-wsus-clid", s);
break;
case 0xc0ff000e:
- pairsprintf(vp, "%s warn wsus-disabled", s);
+ fr_pair_value_sprintf(vp, "%s warn wsus-disabled", s);
break;
case 0xc0ff000f:
- pairsprintf(vp, "%s error comm-failure", s);
+ fr_pair_value_sprintf(vp, "%s error comm-failure", s);
break;
case 0xc0ff0010:
- pairsprintf(vp, "%s warn needs-reboot", s);
+ fr_pair_value_sprintf(vp, "%s warn needs-reboot", s);
break;
default:
- pairsprintf(vp, "%s error %08x", s, hcstatus);
+ fr_pair_value_sprintf(vp, "%s error %08x", s, hcstatus);
break;
}
break;
s = "auto-updates";
switch (hcstatus) {
case 1:
- pairsprintf(vp, "%s warn disabled", s);
+ fr_pair_value_sprintf(vp, "%s warn disabled", s);
break;
case 2:
- pairsprintf(vp, "%s ok action=check-only", s);
+ fr_pair_value_sprintf(vp, "%s ok action=check-only", s);
break;
case 3:
- pairsprintf(vp, "%s ok action=download", s);
+ fr_pair_value_sprintf(vp, "%s ok action=download", s);
break;
case 4:
- pairsprintf(vp, "%s ok action=install", s);
+ fr_pair_value_sprintf(vp, "%s ok action=install", s);
break;
case 5:
- pairsprintf(vp, "%s warn unconfigured", s);
+ fr_pair_value_sprintf(vp, "%s warn unconfigured", s);
break;
case 0xc0ff0003:
- pairsprintf(vp, "%s warn service-down", s);
+ fr_pair_value_sprintf(vp, "%s warn service-down", s);
break;
case 0xc0ff0018:
- pairsprintf(vp, "%s warn never-started", s);
+ fr_pair_value_sprintf(vp, "%s warn never-started", s);
break;
default:
- pairsprintf(vp, "%s error %08x", s, hcstatus);
+ fr_pair_value_sprintf(vp, "%s error %08x", s, hcstatus);
break;
}
break;
*/
t = clientstatus2str(hcstatus);
if (t) {
- pairsprintf(vp, "%s error %s", s, t);
+ fr_pair_value_sprintf(vp, "%s error %s", s, t);
} else {
- pairsprintf(vp, "%s error %08x", s, hcstatus);
+ fr_pair_value_sprintf(vp, "%s error %08x", s, hcstatus);
}
} else {
- pairsprintf(vp,
+ fr_pair_value_sprintf(vp,
"%s ok snoozed=%i microsoft=%i up2date=%i enabled=%i",
s,
hcstatus & 0x8 ? 1 : 0,
);
}
} else {
- pairsprintf(vp, "%i unknown %08x", curr_hc, hcstatus);
+ fr_pair_value_sprintf(vp, "%i unknown %08x", curr_hc, hcstatus);
}
break;
}
} else {
- vp = pairmake_packet("SoH-MS-Health-Other", NULL, T_OP_EQ);
+ vp = pair_make_packet("SoH-MS-Health-Other", NULL, T_OP_EQ);
if (!vp) return 0;
/* FIXME: what to do with the payload? */
- pairsprintf(vp, "%08x/%i ?", curr_shid, curr_shid_c);
+ fr_pair_value_sprintf(vp, "%08x/%i ?", curr_shid, curr_shid_c);
}
break;
* The EAP module creates it's own State attribute, so we
* want to use that one in preference to one we create.
*/
- vp = pairfind(packet->vps, PW_STATE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_STATE, 0, TAG_ANY);
/*
* If possible, base the new one off of the old one.
memcpy(entry->state, vp->vp_octets, sizeof(entry->state));
} else {
- vp = paircreate(packet, PW_STATE, 0);
- pairmemcpy(vp, entry->state, sizeof(entry->state));
- pairadd(&packet->vps, vp);
+ vp = fr_pair_afrom_num(packet, PW_STATE, 0);
+ fr_pair_value_memcpy(vp, entry->state, sizeof(entry->state));
+ fr_pair_add(&packet->vps, vp);
}
if (!rbtree_insert(state->tree, entry)) {
VALUE_PAIR *vp;
state_entry_t *entry, my_entry;
- vp = pairfind(packet->vps, PW_STATE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_STATE, 0, TAG_ANY);
if (!vp) return NULL;
if (vp->vp_length != sizeof(my_entry.state)) return NULL;
state_entry_t *entry;
fr_state_t *state = &global_state;
- pairfree(&request->state);
+ fr_pair_list_free(&request->state);
request->state = NULL;
PTHREAD_MUTEX_LOCK(&state->mutex);
/*
* No State, don't do anything.
*/
- if (!pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY)) {
RDEBUG3("session-state: No State attribute");
return;
}
* isn't thread-safe.
*/
if (entry) {
- pairfilter(request, &request->state, &entry->vps, 0, 0, TAG_ANY);
+ fr_pair_list_move_by_num(request, &request->state, &entry->vps, 0, 0, TAG_ANY);
RDEBUG2("session-state: Found cached attributes");
rdebug_pair_list(L_DBG_LVL_1, request, request->state, NULL);
* This has to be done in a mutex lock, because talloc
* isn't thread-safe.
*/
- pairfilter(entry, &entry->vps, &request->state, 0, 0, TAG_ANY);
+ fr_pair_list_move_by_num(entry, &entry->vps, &request->state, 0, 0, TAG_ANY);
PTHREAD_MUTEX_UNLOCK(&state->mutex);
rad_assert(request->state == NULL);
VALUE_PAIR *vp;
for (i = 0; table[i].attribute != 0; i++) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
table[i].attribute, VENDORPEC_FREERADIUS);
if (!vp) continue;
rad_assert(request->packet->code == PW_CODE_STATUS_SERVER);
rad_assert(request->listener->type == RAD_LISTEN_NONE);
- flag = pairfind(request->packet->vps, 127, VENDORPEC_FREERADIUS, TAG_ANY);
+ flag = fr_pair_find_by_num(request->packet->vps, 127, VENDORPEC_FREERADIUS, TAG_ANY);
if (!flag || (flag->vp_integer == 0)) return;
/*
* Internal server statistics
*/
if ((flag->vp_integer & 0x10) != 0) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
176, VENDORPEC_FREERADIUS);
if (vp) vp->vp_date = start_time.tv_sec;
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
177, VENDORPEC_FREERADIUS);
if (vp) vp->vp_date = hup_time.tv_sec;
thread_pool_queue_stats(array, pps);
for (i = 0; i <= 4; i++) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
162 + i, VENDORPEC_FREERADIUS);
if (!vp) continue;
}
for (i = 0; i < 2; i++) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
181 + i, VENDORPEC_FREERADIUS);
if (!vp) continue;
* See if we need to look up the client by server
* socket.
*/
- server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
+ server_ip = fr_pair_find_by_num(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
if (server_ip) {
- server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
+ server_port = fr_pair_find_by_num(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
if (server_port) {
ipaddr.af = AF_INET;
}
- vp = pairfind(request->packet->vps, 167, VENDORPEC_FREERADIUS, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, 167, VENDORPEC_FREERADIUS, TAG_ANY);
if (vp) {
memset(&ipaddr, 0, sizeof(ipaddr));
ipaddr.af = AF_INET;
/*
* Else look it up by number.
*/
- } else if ((vp = pairfind(request->packet->vps, 168, VENDORPEC_FREERADIUS, TAG_ANY)) != NULL) {
+ } else if ((vp = fr_pair_find_by_num(request->packet->vps, 168, VENDORPEC_FREERADIUS, TAG_ANY)) != NULL) {
client = client_findbynumber(cl, vp->vp_integer);
}
* If found, echo it back, along with
* the requested statistics.
*/
- pairadd(&request->reply->vps, paircopyvp(request->reply, vp));
+ fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp));
/*
* When retrieving client by number, also
*/
if ((vp->da->type == PW_TYPE_INTEGER) &&
(client->ipaddr.af == AF_INET)) {
- vp = radius_paircreate(request->reply,
+ vp = radius_pair_create(request->reply,
&request->reply->vps,
167, VENDORPEC_FREERADIUS);
if (vp) {
}
if (client->ipaddr.prefix != 32) {
- vp = radius_paircreate(request->reply,
+ vp = radius_pair_create(request->reply,
&request->reply->vps,
169, VENDORPEC_FREERADIUS);
if (vp) {
}
if (server_ip) {
- pairadd(&request->reply->vps,
- paircopyvp(request->reply, server_ip));
+ fr_pair_add(&request->reply->vps,
+ fr_pair_copy(request->reply, server_ip));
}
if (server_port) {
- pairadd(&request->reply->vps,
- paircopyvp(request->reply, server_port));
+ fr_pair_add(&request->reply->vps,
+ fr_pair_copy(request->reply, server_port));
}
if ((flag->vp_integer & 0x01) != 0) {
* See if we need to look up the server by socket
* socket.
*/
- server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
+ server_ip = fr_pair_find_by_num(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_ip) return;
- server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
+ server_port = fr_pair_find_by_num(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_port) return;
ipaddr.af = AF_INET;
*/
if (!this) return;
- pairadd(&request->reply->vps,
- paircopyvp(request->reply, server_ip));
- pairadd(&request->reply->vps,
- paircopyvp(request->reply, server_port));
+ fr_pair_add(&request->reply->vps,
+ fr_pair_copy(request->reply, server_ip));
+ fr_pair_add(&request->reply->vps,
+ fr_pair_copy(request->reply, server_port));
if (((flag->vp_integer & 0x01) != 0) &&
((request->listener->type == RAD_LISTEN_AUTH) ||
* See if we need to look up the server by socket
* socket.
*/
- server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
+ server_ip = fr_pair_find_by_num(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_ip) return;
- server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
+ server_port = fr_pair_find_by_num(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_port) return;
#ifndef NDEBUG
*/
if (!home) return;
- pairadd(&request->reply->vps,
- paircopyvp(request->reply, server_ip));
- pairadd(&request->reply->vps,
- paircopyvp(request->reply, server_port));
+ fr_pair_add(&request->reply->vps,
+ fr_pair_copy(request->reply, server_ip));
+ fr_pair_add(&request->reply->vps,
+ fr_pair_copy(request->reply, server_port));
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
172, VENDORPEC_FREERADIUS);
if (vp) vp->vp_integer = home->currently_outstanding;
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
173, VENDORPEC_FREERADIUS);
if (vp) vp->vp_integer = home->state;
if ((home->state == HOME_STATE_ALIVE) &&
(home->revive_time.tv_sec != 0)) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
175, VENDORPEC_FREERADIUS);
if (vp) vp->vp_date = home->revive_time.tv_sec;
}
if ((home->state == HOME_STATE_ALIVE) &&
(home->ema.window > 0)) {
- vp = radius_paircreate(request->reply,
+ vp = radius_pair_create(request->reply,
&request->reply->vps,
178, VENDORPEC_FREERADIUS);
if (vp) vp->vp_integer = home->ema.window;
- vp = radius_paircreate(request->reply,
+ vp = radius_pair_create(request->reply,
&request->reply->vps,
179, VENDORPEC_FREERADIUS);
if (vp) vp->vp_integer = home->ema.ema1 / EMA_SCALE;
- vp = radius_paircreate(request->reply,
+ vp = radius_pair_create(request->reply,
&request->reply->vps,
180, VENDORPEC_FREERADIUS);
if (vp) vp->vp_integer = home->ema.ema10 / EMA_SCALE;
}
if (home->state == HOME_STATE_IS_DEAD) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
174, VENDORPEC_FREERADIUS);
if (vp) vp->vp_date = home->zombie_period_start.tv_sec + home->zombie_period;
}
*
* FIXME: do this for clients, too!
*/
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
184, VENDORPEC_FREERADIUS);
if (vp) vp->vp_date = home->last_packet_recv;
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
185, VENDORPEC_FREERADIUS);
if (vp) vp->vp_date = home->last_packet_sent;
VALUE_PAIR *vp;
REQUEST *request = self->request;
- vp = radius_paircreate(request, &request->config,
+ vp = radius_pair_create(request, &request->config,
181, VENDORPEC_FREERADIUS);
if (vp) vp->vp_integer = thread_pool.pps_in.pps;
- vp = radius_paircreate(request, &request->config,
+ vp = radius_pair_create(request, &request->config,
182, VENDORPEC_FREERADIUS);
if (vp) vp->vp_integer = thread_pool.pps_in.pps;
- vp = radius_paircreate(request, &request->config,
+ vp = radius_pair_create(request, &request->config,
183, VENDORPEC_FREERADIUS);
if (vp) {
vp->vp_integer = thread_pool.max_queue_size - thread_pool.num_queued;
return 0;
}
- vp = pairmake_packet("TLS-PSK-Identity", identity, T_OP_SET);
+ vp = pair_make_packet("TLS-PSK-Identity", identity, T_OP_SET);
if (!vp) return 0;
hex_len = radius_xlat(buffer, sizeof(buffer), request, conf->psk_query,
* just too much.
*/
state->mtu = conf->fragment_size;
- vp = pairfind(request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY);
if (vp && (vp->vp_integer > 100) && (vp->vp_integer < state->mtu)) {
state->mtu = vp->vp_integer;
}
}
/* move the cached VPs into the session */
- pairfilter(talloc_ctx, &vps, &pairlist->reply, 0, 0, TAG_ANY);
+ fr_pair_list_move_by_num(talloc_ctx, &vps, &pairlist->reply, 0, 0, TAG_ANY);
SSL_SESSION_set_ex_data(sess, fr_tls_ex_index_vps, vps);
RWDEBUG("Successfully restored session %s", buffer);
sprintf(p, "%02x", (unsigned int)sn->data[i]);
p += 2;
}
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_SERIAL][lookup], buf, T_OP_SET);
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SERIAL][lookup], buf, T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
}
(asn_time->length < (int) sizeof(buf))) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
buf[asn_time->length] = '\0';
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_EXPIRATION][lookup], buf, T_OP_SET);
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_EXPIRATION][lookup], buf, T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
}
sizeof(subject));
subject[sizeof(subject) - 1] = '\0';
if (certs && identity && (lookup <= 1) && subject[0]) {
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_SUBJECT][lookup], subject, T_OP_SET);
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SUBJECT][lookup], subject, T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
}
sizeof(issuer));
issuer[sizeof(issuer) - 1] = '\0';
if (certs && identity && (lookup <= 1) && issuer[0]) {
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_ISSUER][lookup], issuer, T_OP_SET);
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_ISSUER][lookup], issuer, T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
}
NID_commonName, common_name, sizeof(common_name));
common_name[sizeof(common_name) - 1] = '\0';
if (certs && identity && (lookup <= 1) && common_name[0] && subject[0]) {
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_CN][lookup], common_name, T_OP_SET);
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_CN][lookup], common_name, T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
}
switch (name->type) {
#ifdef GEN_EMAIL
case GEN_EMAIL:
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_EMAIL][lookup],
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_EMAIL][lookup],
(char *) ASN1_STRING_data(name->d.rfc822Name), T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
break;
#endif /* GEN_EMAIL */
#ifdef GEN_DNS
case GEN_DNS:
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_DNS][lookup],
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_DNS][lookup],
(char *) ASN1_STRING_data(name->d.dNSName), T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
break;
if (NID_ms_upn == OBJ_obj2nid(name->d.otherName->type_id)) {
/* we've got a UPN - Must be ASN1-encoded UTF8 string */
if (name->d.otherName->value->type == V_ASN1_UTF8STRING) {
- vp = pairmake(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_UPN][lookup],
+ vp = fr_pair_make(talloc_ctx, certs, cert_attr_names[FR_TLS_SAN_UPN][lookup],
(char *) ASN1_STRING_data(name->d.otherName->value->value.utf8string), T_OP_SET);
rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
break;
value[len] = '\0';
- vp = pairmake(talloc_ctx, certs, attribute, value, T_OP_ADD);
+ vp = fr_pair_make(talloc_ctx, certs, attribute, value, T_OP_ADD);
if (!vp) {
RDEBUG3("Skipping %s += '%s'. Please check that both the "
"attribute and value are defined in the dictionaries",
}
fclose(fp);
- if (!pairmake_packet("TLS-Client-Cert-Filename",
+ if (!pair_make_packet("TLS-Client-Cert-Filename",
filename, T_OP_SET)) {
RDEBUG("Failed creating TLS-Client-Cert-Filename");
DEBUG2(LOG_PREFIX ": Freeing cached session VPs");
- pairfree(&vp);
+ fr_pair_list_free(&vp);
}
static void sess_free_certs(UNUSED void *parent, void *data_ptr,
DEBUG2(LOG_PREFIX ": Freeing cached session Certificates");
- pairfree(certs);
+ fr_pair_list_free(certs);
}
/** Add all the default ciphers and message digests reate our context.
* user.
*/
if ((!ssn->allow_session_resumption) ||
- (((vp = pairfind(request->config, PW_ALLOW_SESSION_RESUMPTION, 0, TAG_ANY)) != NULL) &&
+ (((vp = fr_pair_find_by_num(request->config, PW_ALLOW_SESSION_RESUMPTION, 0, TAG_ANY)) != NULL) &&
(vp->vp_integer == 0))) {
SSL_CTX_remove_session(ssn->ctx,
ssn->ssl->session);
fr_bin2hex(buffer, ssn->ssl->session->session_id, size);
- vp = paircopy_by_num(talloc_ctx, request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
- if (vp) pairadd(&vps, vp);
+ vp = fr_pair_list_copy_by_num(talloc_ctx, request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
+ if (vp) fr_pair_add(&vps, vp);
- vp = paircopy_by_num(talloc_ctx, request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
- if (vp) pairadd(&vps, vp);
+ vp = fr_pair_list_copy_by_num(talloc_ctx, request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
+ if (vp) fr_pair_add(&vps, vp);
- vp = paircopy_by_num(talloc_ctx, request->packet->vps, PW_STRIPPED_USER_DOMAIN, 0, TAG_ANY);
- if (vp) pairadd(&vps, vp);
+ vp = fr_pair_list_copy_by_num(talloc_ctx, request->packet->vps, PW_STRIPPED_USER_DOMAIN, 0, TAG_ANY);
+ if (vp) fr_pair_add(&vps, vp);
- vp = paircopy_by_num(talloc_ctx, request->reply->vps, PW_CHARGEABLE_USER_IDENTITY, 0, TAG_ANY);
- if (vp) pairadd(&vps, vp);
+ vp = fr_pair_list_copy_by_num(talloc_ctx, request->reply->vps, PW_CHARGEABLE_USER_IDENTITY, 0, TAG_ANY);
+ if (vp) fr_pair_add(&vps, vp);
- vp = paircopy_by_num(talloc_ctx, request->reply->vps, PW_CACHED_SESSION_POLICY, 0, TAG_ANY);
- if (vp) pairadd(&vps, vp);
+ vp = fr_pair_list_copy_by_num(talloc_ctx, request->reply->vps, PW_CACHED_SESSION_POLICY, 0, TAG_ANY);
+ if (vp) fr_pair_add(&vps, vp);
certs = (VALUE_PAIR **)SSL_get_ex_data(ssn->ssl, fr_tls_ex_index_certs);
* @todo: some go into reply, others into
* request
*/
- pairadd(&vps, paircopy(talloc_ctx, *certs));
+ fr_pair_add(&vps, fr_pair_list_copy(talloc_ctx, *certs));
/*
* Save the certs in the packet, so that we can see them.
*/
- pairadd(&request->packet->vps, paircopy(request->packet, *certs));
+ fr_pair_add(&request->packet->vps, fr_pair_list_copy(request->packet, *certs));
}
if (vps) {
/*
* Mark the request as resumed.
*/
- pairmake_packet("EAP-Session-Resumed", "1", T_OP_SET);
+ pair_make_packet("EAP-Session-Resumed", "1", T_OP_SET);
}
return 0;
*/
certs = (VALUE_PAIR **)SSL_get_ex_data(ssn->ssl, fr_tls_ex_index_certs);
- if (certs) pairadd(&request->packet->vps, paircopy(request->packet, *certs));
+ if (certs) fr_pair_add(&request->packet->vps, fr_pair_list_copy(request->packet, *certs));
return FR_TLS_OK;
}
*out = NULL;
- vp = pairalloc(request, cast);
+ vp = fr_pair_afrom_da(request, cast);
if (!vp) return -1;
if (vpt->type == TMPL_TYPE_DATA) {
rcode = tmpl_aexpand(vp, &p, request, vpt, NULL, NULL);
if (rcode < 0) {
- pairfree(&vp);
+ fr_pair_list_free(&vp);
return rcode;
}
data.strvalue = p;
vp->data.ptr = talloc_steal(vp, data.ptr);
vp->vp_length = rcode;
- } else if (pairparsevalue(vp, data.strvalue, rcode) < 0) {
+ } else if (fr_pair_value_from_str(vp, data.strvalue, rcode) < 0) {
talloc_free(data.ptr);
- pairfree(&vp);
+ fr_pair_list_free(&vp);
return -1;
}
for (vp = tmpl_cursor_init(&err, &from, request, vpt);
vp;
vp = tmpl_cursor_next(&from, vpt)) {
- vp = paircopyvp(ctx, vp);
+ vp = fr_pair_copy(ctx, vp);
if (!vp) {
- pairfree(out);
+ fr_pair_list_free(out);
return -4;
}
fr_cursor_insert(&to, vp);
/*
* Read packet from fp
*/
- if (readvp2(request->packet, &request->packet->vps, fp, &filedone) < 0) {
+ if (fr_pair_list_afrom_file(request->packet, &request->packet->vps, fp, &filedone) < 0) {
fr_perror("unittest");
talloc_free(request);
return NULL;
vp->da = da;
/*
- * Re-do pairmemsteal ourselves,
+ * Re-do fr_pair_value_memsteal ourselves,
* because we play games with
- * vp->da, and pairmemsteal goes
+ * vp->da, and fr_pair_value_memsteal goes
* to GREAT lengths to sanitize
* and fix and change and
* double-check the various
request->log.lvl = rad_debug_lvl;
request->log.func = vradlog_request;
- request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
- request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
return request;
}
}
- if (readvp2(request, &filter_vps, fp, &filedone) < 0) {
+ if (fr_pair_list_afrom_file(request, &filter_vps, fp, &filedone) < 0) {
fprintf(stderr, "Failed reading attributes from %s: %s\n",
filter_file, fr_strerror());
rcode = EXIT_FAILURE;
/*
* Update the list with the response type.
*/
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
PW_RESPONSE_PACKET_TYPE, 0);
vp->vp_integer = request->reply->code;
{
VALUE_PAIR const *failed[2];
- if (filter_vps && !pairvalidate(failed, filter_vps, request->reply->vps)) {
- pairvalidate_debug(request, failed);
+ if (filter_vps && !fr_pair_validate(failed, filter_vps, request->reply->vps)) {
+ fr_pair_validate_debug(request, failed);
fr_perror("Output file %s does not match attributes in filter %s (%s)",
output_file ? output_file : input_file, filter_file, fr_strerror());
rcode = EXIT_FAILURE;
if (!packet->vps) return;
#ifdef WITH_VERIFY_PTR
- fr_pair_verify_list(file, line, packet, packet->vps);
+ fr_pair_list_verify(file, line, packet, packet->vps);
#endif
}
/*
(void) talloc_get_type_abort(request, REQUEST);
#ifdef WITH_VERIFY_PTR
- fr_pair_verify_list(file, line, request, request->config);
- fr_pair_verify_list(file, line, request, request->state);
+ fr_pair_list_verify(file, line, request, request->config);
+ fr_pair_list_verify(file, line, request, request->state);
#endif
if (request->packet) verify_packet(file, line, request, request->packet, "request");
* various VP functions.
*/
case PW_PACKET_AUTHENTICATION_VECTOR:
- virtual = pairalloc(ctx, vpt->tmpl_da);
- pairmemcpy(virtual, packet->vector, sizeof(packet->vector));
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
+ fr_pair_value_memcpy(virtual, packet->vector, sizeof(packet->vector));
vp = virtual;
break;
case PW_CLIENT_IP_ADDRESS:
case PW_PACKET_SRC_IP_ADDRESS:
if (packet->src_ipaddr.af == AF_INET) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_ipaddr = packet->src_ipaddr.ipaddr.ip4addr.s_addr;
vp = virtual;
}
case PW_PACKET_DST_IP_ADDRESS:
if (packet->dst_ipaddr.af == AF_INET) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_ipaddr = packet->dst_ipaddr.ipaddr.ip4addr.s_addr;
vp = virtual;
}
case PW_PACKET_SRC_IPV6_ADDRESS:
if (packet->src_ipaddr.af == AF_INET6) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
memcpy(&virtual->vp_ipv6addr,
&packet->src_ipaddr.ipaddr.ip6addr,
sizeof(packet->src_ipaddr.ipaddr.ip6addr));
case PW_PACKET_DST_IPV6_ADDRESS:
if (packet->dst_ipaddr.af == AF_INET6) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
memcpy(&virtual->vp_ipv6addr,
&packet->dst_ipaddr.ipaddr.ip6addr,
sizeof(packet->dst_ipaddr.ipaddr.ip6addr));
break;
case PW_PACKET_SRC_PORT:
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_integer = packet->src_port;
vp = virtual;
break;
case PW_PACKET_DST_PORT:
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_integer = packet->dst_port;
vp = virtual;
break;
if (!da) {
da = dict_unknown_afrom_fields(ctx, attr, (*tlv)->da->vendor);
if (!da) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
}
a_p = p + 2;
num_entries = fr_dhcp_array_members(&a_len, da);
for (i = 0; i < num_entries; i++) {
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
vp->op = T_OP_EQ;
- pairsteal(ctx, vp); /* for unknown attributes hack */
+ fr_pair_steal(ctx, vp); /* for unknown attributes hack */
if (fr_dhcp_attr2vp(ctx, &vp, a_p, a_len) < 0) {
dict_attr_free(&da);
- pairfree(&head);
+ fr_pair_list_free(&head);
goto malformed;
}
fr_cursor_merge(&cursor, vp);
return 0;
malformed:
- pair2unknown(*tlv);
- pairmemcpy(*tlv, data, len);
+ fr_pair_to_unknown(*tlv);
+ fr_pair_value_memcpy(*tlv, data, len);
return 0;
}
q = end = data + len;
if (!vp->da->flags.array) {
- pairbstrncpy(vp, (char const *)p, q - p);
+ fr_pair_value_bstrncpy(vp, (char const *)p, q - p);
break;
}
/* Malformed but recoverable */
if (!q) q = end;
- pairbstrncpy(vp, (char const *)p, q - p);
+ fr_pair_value_bstrncpy(vp, (char const *)p, q - p);
p = q + 1;
/* Need another VP for the next round */
if (p < end) {
- vp = pairalloc(ctx, vp->da);
+ vp = fr_pair_afrom_da(ctx, vp->da);
if (!vp) {
- pairfree(vp_p);
+ fr_pair_list_free(vp_p);
return -1;
}
fr_cursor_insert(&cursor, vp);
* vp's original DICT_ATTR with an unknown one.
*/
raw:
- if (pair2unknown(vp) < 0) return -1;
+ if (fr_pair_to_unknown(vp) < 0) return -1;
case PW_TYPE_OCTETS:
if (len > 255) return -1;
- pairmemcpy(vp, data, len);
+ fr_pair_value_memcpy(vp, data, len);
break;
/*
if (!da) {
da = dict_unknown_afrom_fields(ctx, p[0], DHCP_MAGIC_VENDOR);
if (!da) {
- pairfree(out);
+ fr_pair_list_free(out);
return -1;
}
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) {
- pairfree(out);
+ fr_pair_list_free(out);
return -1;
}
- pairmemcpy(vp, a_p, a_len);
+ fr_pair_value_memcpy(vp, a_p, a_len);
fr_cursor_insert(&cursor, vp);
goto next;
*/
num_entries = fr_dhcp_array_members(&a_len, da);
for (i = 0; i < num_entries; i++) {
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) {
- pairfree(out);
+ fr_pair_list_free(out);
return -1;
}
vp->op = T_OP_EQ;
if (fr_dhcp_attr2vp(ctx, &vp, a_p, a_len) < 0) {
- pairfree(&vp);
- pairfree(out);
+ fr_pair_list_free(&vp);
+ fr_pair_list_free(out);
return -1;
}
fr_cursor_merge(&cursor, vp);
for (i = 0; i < 14; i++) {
char *q;
- vp = pairmake(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ);
+ vp = fr_pair_make(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ);
if (!vp) {
char buffer[256];
strlcpy(buffer, fr_strerror(), sizeof(buffer));
fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
q[dhcp_header_sizes[i]] = '\0';
vp->vp_length = strlen(vp->vp_strvalue);
if (vp->vp_length == 0) {
- pairfree(&vp);
+ fr_pair_list_free(&vp);
}
break;
case PW_TYPE_OCTETS:
- pairmemcpy(vp, p, packet->data[2]);
+ fr_pair_value_memcpy(vp, p, packet->data[2]);
break;
case PW_TYPE_ETHERNET:
default:
fr_strerror_printf("BAD TYPE %d", vp->da->type);
- pairfree(&vp);
+ fr_pair_list_free(&vp);
break;
}
p += dhcp_header_sizes[i];
/*
* DHCP Opcode is request
*/
- vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp && vp->vp_integer == 3) {
/*
* Vendor is "MSFT 98"
*/
- vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
- vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
/*
* Reply should be broadcast.
* Client can request a LARGER size, but not a smaller
* one. They also cannot request a size larger than MTU.
*/
- maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
- mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
+ maxms = fr_pair_find_by_num(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
+ mtu = fr_pair_find_by_num(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification");
if (packet->code == 0) packet->code = PW_DHCP_NAK;
/* store xid */
- if ((vp = pairfind(packet->vps, 260, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 260, DHCP_MAGIC_VENDOR, TAG_ANY))) {
packet->id = vp->vp_integer;
} else {
packet->id = fr_rand();
*/
/* DHCP-DHCP-Maximum-Msg-Size */
- vp = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp && (vp->vp_integer > mms)) {
mms = vp->vp_integer;
}
#endif
- vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
*p++ = vp->vp_integer & 0xff;
} else {
}
/* DHCP-Hardware-Type */
- if ((vp = pairfind(packet->vps, 257, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 257, DHCP_MAGIC_VENDOR, TAG_ANY))) {
*p++ = vp->vp_integer & 0xFF;
} else {
*p++ = 1; /* hardware type = ethernet */
}
/* DHCP-Hardware-Address-Length */
- if ((vp = pairfind(packet->vps, 258, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 258, DHCP_MAGIC_VENDOR, TAG_ANY))) {
*p++ = vp->vp_integer & 0xFF;
} else {
*p++ = 6; /* 6 bytes of ethernet */
}
/* DHCP-Hop-Count */
- if ((vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY))) {
*p = vp->vp_integer & 0xff;
}
p++;
p += 4;
/* DHCP-Number-of-Seconds */
- if ((vp = pairfind(packet->vps, 261, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 261, DHCP_MAGIC_VENDOR, TAG_ANY))) {
lvalue = htonl(vp->vp_integer);
memcpy(p, &lvalue, 2);
}
p += 2;
/* DHCP-Flags */
- if ((vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY))) {
lvalue = htons(vp->vp_integer);
memcpy(p, &lvalue, 2);
}
p += 2;
/* DHCP-Client-IP-Address */
- if ((vp = pairfind(packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY))) {
memcpy(p, &vp->vp_ipaddr, 4);
}
p += 4;
/* DHCP-Your-IP-address */
- if ((vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY))) {
lvalue = vp->vp_ipaddr;
} else {
lvalue = htonl(INADDR_ANY);
p += 4;
/* DHCP-Server-IP-Address */
- vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
lvalue = vp->vp_ipaddr;
} else {
/*
* DHCP-Gateway-IP-Address
*/
- if ((vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY))) {
lvalue = vp->vp_ipaddr;
} else {
lvalue = htonl(INADDR_ANY);
p += 4;
/* DHCP-Client-Hardware-Address */
- if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
if (vp->vp_length == sizeof(vp->vp_ether)) {
memcpy(p, vp->vp_ether, vp->vp_length);
} /* else ignore it */
p += DHCP_CHADDR_LEN;
/* DHCP-Server-Host-Name */
- if ((vp = pairfind(packet->vps, 268, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 268, DHCP_MAGIC_VENDOR, TAG_ANY))) {
if (vp->vp_length > DHCP_SNAME_LEN) {
memcpy(p, vp->vp_strvalue, DHCP_SNAME_LEN);
} else {
*/
/* DHCP-Boot-Filename */
- vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
if (vp->vp_length > DHCP_FILE_LEN) {
memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
for (i = 0; i < 14; i++) {
char *q;
- vp = pairmake(packet, NULL,
+ vp = fr_pair_make(packet, NULL,
dhcp_header_names[i], NULL, T_OP_EQ);
if (!vp) {
char buffer[256];
break;
case PW_TYPE_OCTETS: /* only for Client HW Address */
- pairmemcpy(vp, p, packet->data[2]);
+ fr_pair_value_memcpy(vp, p, packet->data[2]);
break;
case PW_TYPE_ETHERNET: /* only for Client HW Address */
default:
fr_strerror_printf("Internal sanity check failed %d %d", vp->da->type, __LINE__);
- pairfree(&vp);
+ fr_pair_list_free(&vp);
break;
}
p += dhcp_header_sizes[i];
debug_pair(vp);
- pairfree(&vp);
+ fr_pair_list_free(&vp);
}
/*
* Pre-sort attributes into contiguous blocks so that fr_dhcp_encode_option
* operates correctly. This changes the order of the list, but never mind...
*/
- pairsort(&packet->vps, fr_dhcp_attr_cmp);
+ fr_pair_list_sort(&packet->vps, fr_dhcp_attr_cmp);
fr_cursor_init(&cursor, &packet->vps);
/*
/* set ethernet source address to our MAC address (DHCP-Client-Hardware-Address). */
u_char dhmac[ETH_ADDR_LEN] = { 0 };
- if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
+ if ((vp = fr_pair_find_by_num(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
if (vp->length == sizeof(vp->vp_ether)) {
memcpy(dhmac, vp->vp_ether, vp->length);
}
* Check if it matches the source HW address used (DHCP-Client-Hardware-Address = 267)
*/
if ( (memcmp(ð_bcast, ð_hdr->ether_dst, ETH_ADDR_LEN) != 0) &&
- (vp = pairfind(request->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY)) &&
+ (vp = fr_pair_find_by_num(request->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY)) &&
(vp->length == sizeof(vp->vp_ether)) &&
(memcmp(vp->vp_ether, ð_hdr->ether_dst, ETH_ADDR_LEN) != 0) ) {
/* No match. */
/*
* Read the VP's.
*/
- if (readvp2(NULL, &request->vps, fp, &filedone) < 0) {
+ if (fr_pair_list_afrom_file(NULL, &request->vps, fp, &filedone) < 0) {
fr_perror("dhcpclient");
rad_free(&request);
if (fp != stdin) fclose(fp);
if (!reply_p) reply_p = cur_reply_p;
if (cur_reply_p->code == PW_DHCP_OFFER) {
- VALUE_PAIR *vp1 = pairfind(cur_reply_p->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-DHCP-Server-Identifier */
- VALUE_PAIR *vp2 = pairfind(cur_reply_p->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-address */
+ VALUE_PAIR *vp1 = fr_pair_find_by_num(cur_reply_p->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-DHCP-Server-Identifier */
+ VALUE_PAIR *vp2 = fr_pair_find_by_num(cur_reply_p->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-address */
if (vp1 && vp2) {
nb_offer ++;
/*
* It's invalid to have giaddr=0 AND a relay option
*/
- giaddr = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
+ giaddr = fr_pair_find_by_num(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
if (giaddr && (giaddr->vp_ipaddr == htonl(INADDR_ANY)) &&
- pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR, TAG_ANY)) { /* DHCP-Relay-Agent-Information */
+ fr_pair_find_by_num(request->packet->vps, 82, DHCP_MAGIC_VENDOR, TAG_ANY)) { /* DHCP-Relay-Agent-Information */
DEBUG("DHCP: Received packet with giaddr = 0 and containing relay option: Discarding packet\n");
return 1;
}
*
* Drop requests if hop-count > 16 or admin specified another value
*/
- if ((vp = pairfind(request->config, 271, DHCP_MAGIC_VENDOR, TAG_ANY))) { /* DHCP-Relay-Max-Hop-Count */
+ if ((vp = fr_pair_find_by_num(request->config, 271, DHCP_MAGIC_VENDOR, TAG_ANY))) { /* DHCP-Relay-Max-Hop-Count */
maxhops = vp->vp_integer;
}
- vp = pairfind(request->packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Hop-Count */
+ vp = fr_pair_find_by_num(request->packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Hop-Count */
rad_assert(vp != NULL);
if (vp->vp_integer > maxhops) {
DEBUG("DHCP: Number of hops is greater than %d: not relaying\n", maxhops);
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = sock->lsock.my_ipaddr.ipaddr.ip4addr.s_addr;
request->packet->src_port = sock->lsock.my_port;
- vp = pairfind(request->config, 270, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Relay-To-IP-Address */
+ vp = fr_pair_find_by_num(request->config, 270, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Relay-To-IP-Address */
rad_assert(vp != NULL);
/* set DEST ipaddr/port to the next server ipaddr/port */
/*
* Check that packet is for us.
*/
- giaddr = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
+ giaddr = fr_pair_find_by_num(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
/* --with-udpfromto is needed just for the following test */
if (!giaddr || giaddr->vp_ipaddr != request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr) {
if ((request->packet->code == PW_DHCP_NAK) ||
!sock->src_interface ||
- ((vp = pairfind(request->packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Flags */ &&
+ ((vp = fr_pair_find_by_num(request->packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Flags */ &&
(vp->vp_integer & 0x8000) &&
- ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ &&
+ ((vp = fr_pair_find_by_num(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ &&
(vp->vp_ipaddr == htonl(INADDR_ANY))))) {
/*
* RFC 2131, page 23
* - ciaddr if present
* otherwise to yiaddr
*/
- if ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ &&
+ if ((vp = fr_pair_find_by_num(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ &&
(vp->vp_ipaddr != htonl(INADDR_ANY))) {
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
} else {
- vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-Address */
+ vp = fr_pair_find_by_num(request->packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-Address */
if (!vp) {
DEBUG("DHCP: Failed to find IP Address for request");
return -1;
* the client was requesting an IP address.
*/
if (request->packet->code == PW_DHCP_OFFER) {
- VALUE_PAIR *hwvp = pairfind(request->packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Client-Hardware-Address */
+ VALUE_PAIR *hwvp = fr_pair_find_by_num(request->packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Client-Hardware-Address */
if (hwvp == NULL) {
DEBUG("DHCP: DHCP_OFFER packet received with "
"no Client Hardware Address. Discarding packet");
* in the response. That way the later code knows where
* to send the reply.
*/
- vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
+ vp = fr_pair_find_by_num(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
if (vp && (vp->vp_ipaddr != htonl(INADDR_ANY))) {
VALUE_PAIR *relay;
/* DHCP-Relay-IP-Address */
- relay = radius_paircreate(request->reply, &request->reply->vps,
+ relay = radius_pair_create(request->reply, &request->reply->vps,
272, DHCP_MAGIC_VENDOR);
if (relay) relay->vp_ipaddr = vp->vp_ipaddr;
}
- vp = pairfind(request->packet->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
+ vp = fr_pair_find_by_num(request->packet->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
DICT_VALUE *dv = dict_valbyattr(53, DHCP_MAGIC_VENDOR, vp->vp_integer);
DEBUG("Trying sub-section dhcp %s {...}",
rcode = RLM_MODULE_FAIL;
}
- vp = pairfind(request->reply->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
+ vp = fr_pair_find_by_num(request->reply->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
request->reply->code = vp->vp_integer;
if ((request->reply->code != 0) &&
/*
* Handle requests when acting as a DHCP relay
*/
- vp = pairfind(request->packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Opcode */
+ vp = fr_pair_find_by_num(request->packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Opcode */
if (!vp) {
RDEBUG("FAILURE: Someone deleted the DHCP-Opcode!");
return 1;
}
/* Packet from client, and we have DHCP-Relay-To-IP-Address */
- if (pairfind(request->config, 270, DHCP_MAGIC_VENDOR, TAG_ANY)) {
+ if (fr_pair_find_by_num(request->config, 270, DHCP_MAGIC_VENDOR, TAG_ANY)) {
return dhcprelay_process_client_request(request);
}
for (i = 0; i < sizeof(attrnums) / sizeof(attrnums[0]); i++) {
uint32_t attr = attrnums[i];
- if (pairfind(request->reply->vps, attr, DHCP_MAGIC_VENDOR, TAG_ANY)) continue;
+ if (fr_pair_find_by_num(request->reply->vps, attr, DHCP_MAGIC_VENDOR, TAG_ANY)) continue;
- vp = pairfind(request->packet->vps, attr, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, attr, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
- pairadd(&request->reply->vps, paircopyvp(request->reply, vp));
+ fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp));
}
}
- vp = pairfind(request->reply->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Opcode */
+ vp = fr_pair_find_by_num(request->reply->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Opcode */
rad_assert(vp != NULL);
vp->vp_integer = 2; /* BOOTREPLY */
* Allow NAKs to be delayed for a short period of time.
*/
if (request->reply->code == PW_DHCP_NAK) {
- vp = pairfind(request->reply->vps, PW_FREERADIUS_RESPONSE_DELAY, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_FREERADIUS_RESPONSE_DELAY, 0, TAG_ANY);
if (vp) {
if (vp->vp_integer <= 10) {
request->response_delay.tv_sec = vp->vp_integer;
}
} else {
#define USEC 1000000
- vp = pairfind(request->reply->vps, PW_FREERADIUS_RESPONSE_DELAY_USEC, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_FREERADIUS_RESPONSE_DELAY_USEC, 0, TAG_ANY);
if (vp) {
if (vp->vp_integer <= 10 * USEC) {
request->response_delay.tv_sec = vp->vp_integer / USEC;
* identifier, use it.
*/
if (request->reply->src_ipaddr.ipaddr.ip4addr.s_addr == INADDR_ANY) {
- vp = pairfind(request->reply->vps, PW_PACKET_SRC_IP_ADDRESS, 0, TAG_ANY);
- if (!vp) vp = pairfind(request->reply->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-DHCP-Server-Identifier */
+ vp = fr_pair_find_by_num(request->reply->vps, PW_PACKET_SRC_IP_ADDRESS, 0, TAG_ANY);
+ if (!vp) vp = fr_pair_find_by_num(request->reply->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-DHCP-Server-Identifier */
if (vp) {
request->reply->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
}
* packet to the client. i.e. the relay may have a
* public IP, but the gateway a private one.
*/
- vp = pairfind(request->reply->vps, 272, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Relay-IP-Address */
+ vp = fr_pair_find_by_num(request->reply->vps, 272, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Relay-IP-Address */
if (vp && (vp->vp_ipaddr != ntohl(INADDR_ANY))) {
RDEBUG("DHCP: Reply will be unicast to giaddr from original packet");
request->reply->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
request->reply->dst_port = request->packet->dst_port;
- vp = pairfind(request->reply->vps, PW_PACKET_DST_PORT, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_PACKET_DST_PORT, 0, TAG_ANY);
if (vp) request->reply->dst_port = vp->vp_integer;
return 1;
* Gateways are servers, and listen on the server port,
* not the client port.
*/
- vp = pairfind(request->reply->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
+ vp = fr_pair_find_by_num(request->reply->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
if (vp && (vp->vp_ipaddr != htonl(INADDR_ANY))) {
RDEBUG("DHCP: Reply will be unicast to giaddr");
request->reply->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
* there's no client-ip-address, send a broadcast.
*/
if ((request->reply->code == PW_DHCP_NAK) ||
- ((vp = pairfind(request->reply->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY)) && /* DHCP-Flags */
+ ((vp = fr_pair_find_by_num(request->reply->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY)) && /* DHCP-Flags */
(vp->vp_integer & 0x8000) &&
- ((vp = pairfind(request->reply->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) && /* DHCP-Client-IP-Address */
+ ((vp = fr_pair_find_by_num(request->reply->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) && /* DHCP-Client-IP-Address */
(vp->vp_ipaddr == htonl(INADDR_ANY))))) {
/*
* RFC 2131, page 23
*
* Unicast to ciaddr if present, otherwise to yiaddr.
*/
- if ((vp = pairfind(request->reply->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) && /* DHCP-Client-IP-Address */
+ if ((vp = fr_pair_find_by_num(request->reply->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) && /* DHCP-Client-IP-Address */
(vp->vp_ipaddr != htonl(INADDR_ANY))) {
RDEBUG("DHCP: Reply will be sent unicast to client-ip-address");
request->reply->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
return 1;
}
- vp = pairfind(request->reply->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-Address */
+ vp = fr_pair_find_by_num(request->reply->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-Address */
if (!vp) {
RDEBUG("DHCP: Failed to find DHCP-Client-IP-Address or DHCP-Your-IP-Address for request; "
"not responding");
* socket to send DHCP packets.
*/
if (request->reply->code == PW_DHCP_OFFER) {
- VALUE_PAIR *hwvp = pairfind(request->reply->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Client-Hardware-Address */
+ VALUE_PAIR *hwvp = fr_pair_find_by_num(request->reply->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Client-Hardware-Address */
if (!hwvp) return -1;
decoded++;
}
- pairmove(request->packet, &(request->packet->vps), &head);
+ fr_pair_list_move(request->packet, &(request->packet->vps), &head);
/* Free any unmoved pairs */
- pairfree(&head);
+ fr_pair_list_free(&head);
}
snprintf(out, freespace, "%i", decoded);
if (packet->data_len < VQP_HDR_LEN) return -1;
fr_cursor_init(&cursor, &packet->vps);
- vp = paircreate(packet, PW_VQP_PACKET_TYPE, 0);
+ vp = fr_pair_afrom_num(packet, PW_VQP_PACKET_TYPE, 0);
if (!vp) {
fr_strerror_printf("No memory");
return -1;
debug_pair(vp);
fr_cursor_insert(&cursor, vp);
- vp = paircreate(packet, PW_VQP_ERROR_CODE, 0);
+ vp = fr_pair_afrom_num(packet, PW_VQP_ERROR_CODE, 0);
if (!vp) {
fr_strerror_printf("No memory");
return -1;
debug_pair(vp);
fr_cursor_insert(&cursor, vp);
- vp = paircreate(packet, PW_VQP_SEQUENCE_NUMBER, 0);
+ vp = fr_pair_afrom_num(packet, PW_VQP_SEQUENCE_NUMBER, 0);
if (!vp) {
fr_strerror_printf("No memory");
return -1;
* Hack to get the dictionaries to work correctly.
*/
attribute |= 0x2000;
- vp = paircreate(packet, attribute, 0);
+ vp = fr_pair_afrom_num(packet, attribute, 0);
if (!vp) {
- pairfree(&packet->vps);
+ fr_pair_list_free(&packet->vps);
fr_strerror_printf("No memory");
return -1;
default:
case PW_TYPE_OCTETS:
if (length < 1024) {
- pairmemcpy(vp, ptr, length);
+ fr_pair_value_memcpy(vp, ptr, length);
} else {
- pairmemcpy(vp, ptr, 1024);
+ fr_pair_value_memcpy(vp, ptr, 1024);
}
break;
if (packet->data) return 0;
- vp = pairfind(packet->vps, PW_VQP_PACKET_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_VQP_PACKET_TYPE, 0, TAG_ANY);
if (!vp) {
fr_strerror_printf("Failed to find VQP-Packet-Type in response packet");
return -1;
length = VQP_HDR_LEN;
memset(vps, 0, sizeof(vps));
- vp = pairfind(packet->vps, PW_VQP_ERROR_CODE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_VQP_ERROR_CODE, 0, TAG_ANY);
/*
* FIXME: Map attributes from calling-station-Id, etc.
if (!vp) for (i = 0; i < VQP_MAX_ATTRIBUTES; i++) {
if (!contents[code][i]) break;
- vps[i] = pairfind(packet->vps, contents[code][i] | 0x2000, 0, TAG_ANY);
+ vps[i] = fr_pair_find_by_num(packet->vps, contents[code][i] | 0x2000, 0, TAG_ANY);
/*
* FIXME: Print the name...
if (check_item->op == T_OP_SET) return;
- compare = paircmp(check_item, reply_item);
+ compare = fr_pair_cmp(check_item, reply_item);
if (compare < 0) {
REDEBUG("Comparison failed: %s", fr_strerror());
}
if (!inst->key) {
VALUE_PAIR *namepair;
- namepair = pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY);
+ namepair = fr_pair_find_by_num(request->packet->vps, PW_REALM, 0, TAG_ANY);
if (!namepair) {
return (RLM_MODULE_NOOP);
}
* the output list without checking it.
*/
if (check_item->op == T_OP_SET ) {
- vp = paircopyvp(packet, check_item);
+ vp = fr_pair_copy(packet, check_item);
if (!vp) {
goto error;
}
if (!pass) {
RDEBUG3("Attribute \"%s\" allowed by relaxed mode", input_item->da->name);
}
- vp = paircopyvp(packet, input_item);
+ vp = fr_pair_copy(packet, input_item);
if (!vp) {
goto error;
}
/*
* Replace the existing request list with our filtered one
*/
- pairfree(&packet->vps);
+ fr_pair_list_free(&packet->vps);
packet->vps = output;
if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
- request->username = pairfind(request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
+ request->username = fr_pair_find_by_num(request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
if (!request->username) {
- request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
}
- request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
}
return RLM_MODULE_UPDATED;
error:
- pairfree(&output);
+ fr_pair_list_free(&output);
return RLM_MODULE_FAIL;
}
{
VALUE_PAIR *vp;
- vp = pairfind(request->config, PW_CACHE_MERGE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_CACHE_MERGE, 0, TAG_ANY);
if (vp && (vp->vp_integer == 0)) {
RDEBUG2("Told not to merge entry into request");
return;
if (c->packet && request->packet) {
rdebug_pair_list(L_DBG_LVL_2, request, c->packet, "&request:");
- radius_pairmove(request, &request->packet->vps, paircopy(request->packet, c->packet), false);
+ radius_pairmove(request, &request->packet->vps, fr_pair_list_copy(request->packet, c->packet), false);
}
if (c->reply && request->reply) {
rdebug_pair_list(L_DBG_LVL_2, request, c->reply, "&reply:");
- radius_pairmove(request, &request->reply->vps, paircopy(request->reply, c->reply), false);
+ radius_pairmove(request, &request->reply->vps, fr_pair_list_copy(request->reply, c->reply), false);
}
if (c->control) {
rdebug_pair_list(L_DBG_LVL_2, request, c->control, "&control:");
- radius_pairmove(request, &request->config, paircopy(request, c->control), false);
+ radius_pairmove(request, &request->config, fr_pair_list_copy(request, c->control), false);
}
if (c->state) {
rdebug_pair_list(L_DBG_LVL_2, request, c->state, "&session-state:");
- radius_pairmove(request, &request->state, paircopy(request->state, c->state), false);
+ radius_pairmove(request, &request->state, fr_pair_list_copy(request->state, c->state), false);
}
if (inst->stats) {
rad_assert(request->packet != NULL);
- vp = pairfind(request->packet->vps, PW_CACHE_ENTRY_HITS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_CACHE_ENTRY_HITS, 0, TAG_ANY);
if (!vp) {
- vp = paircreate(request->packet, PW_CACHE_ENTRY_HITS, 0);
+ vp = fr_pair_afrom_num(request->packet, PW_CACHE_ENTRY_HITS, 0);
rad_assert(vp != NULL);
- pairadd(&request->packet->vps, vp);
+ fr_pair_add(&request->packet->vps, vp);
}
vp->vp_integer = c->hits;
}
/*
* Check to see if we need to merge the entry into the request
*/
- vp = pairfind(request->config, PW_CACHE_MERGE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_CACHE_MERGE, 0, TAG_ANY);
if (vp && (vp->vp_integer == 0)) merge = false;
if (merge) cache_merge(inst, request, c);
* If Cache-Status-Only == yes, only return whether we found a
* valid cache entry
*/
- vp = pairfind(request->config, PW_CACHE_STATUS_ONLY, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_CACHE_STATUS_ONLY, 0, TAG_ANY);
if (vp && vp->vp_integer) {
rcode = c ? RLM_MODULE_OK:
RLM_MODULE_NOTFOUND;
* A TTL of 0 means "delete from the cache".
* A TTL < 0 means "delete from the cache and recreate the entry".
*/
- vp = pairfind(request->config, PW_CACHE_TTL, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_CACHE_TTL, 0, TAG_ANY);
if (vp) ttl = vp->vp_signed;
/*
* If Cache-Read-Only == yes, then we only allow already cached entries
* to be merged into the request
*/
- vp = pairfind(request->config, PW_CACHE_READ_ONLY, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_CACHE_READ_ONLY, 0, TAG_ANY);
if (vp && vp->vp_integer) {
rcode = RLM_MODULE_NOTFOUND;
goto finish;
goto finish;
}
- vp = pairfind(vps, target->attr, target->vendor, TAG_ANY);
+ vp = fr_pair_find_by_num(vps, target->attr, target->vendor, TAG_ANY);
if (!vp) {
RDEBUG("No instance of this attribute has been cached");
*out = '\0';
*/
if (tmpl_cast_in_place(map->rhs, map->lhs->tmpl_da->type, map->lhs->tmpl_da) < 0) goto error;
- vp = pairalloc(c, map->lhs->tmpl_da);
+ vp = fr_pair_afrom_da(c, map->lhs->tmpl_da);
len = value_data_copy(vp, &vp->data, map->rhs->tmpl_data_type,
&map->rhs->tmpl_data_value, map->rhs->tmpl_data_length);
if (len < 0) goto error;
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void *instance, REQUEST *request)
{
- if (!pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) {
return RLM_MODULE_NOOP;
}
- if (pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY) != NULL) {
+ if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY) != NULL) {
RWDEBUG2("&control:Auth-Type already set. Not setting to CHAP");
return RLM_MODULE_NOOP;
}
RINDENT();
RDEBUG("&control:Auth-Type := CHAP");
REXDENT();
- pairmake_config("Auth-Type", "CHAP", T_OP_EQ);
+ pair_make_config("Auth-Type", "CHAP", T_OP_EQ);
return RLM_MODULE_OK;
}
return RLM_MODULE_INVALID;
}
- chap = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
+ chap = fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
if (!chap) {
REDEBUG("You set '&control:Auth-Type = CHAP' for a request that "
"does not contain a CHAP-Password attribute!");
return RLM_MODULE_INVALID;
}
- password = pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (password == NULL) {
- if (pairfind(request->config, PW_USER_PASSWORD, 0, TAG_ANY) != NULL){
+ if (fr_pair_find_by_num(request->config, PW_USER_PASSWORD, 0, TAG_ANY) != NULL){
REDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
REDEBUG("!!! Please update your configuration so that the \"known !!!");
REDEBUG("!!! good\" cleartext password is in Cleartext-Password, !!!");
RDEBUG3("Comparing with \"known good\" &control:Cleartext-Password value \"%s\"",
password->vp_strvalue);
- vp = pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY);
if (vp) {
RDEBUG2("Using challenge from &request:CHAP-Challenge");
p = vp->vp_octets;
void *mod_json_object_to_value_pairs(json_object *json, const char *section, REQUEST *request)
{
json_object *jobj, *jval, *jop; /* json object pointers */
- TALLOC_CTX *ctx; /* talloc context for pairmake */
- VALUE_PAIR *vp, **ptr; /* value pair and value pair pointer for pairmake */
+ TALLOC_CTX *ctx; /* talloc context for fr_pair_make */
+ VALUE_PAIR *vp, **ptr; /* value pair and value pair pointer for fr_pair_make */
- /* assign ctx and vps for pairmake based on section */
+ /* assign ctx and vps for fr_pair_make based on section */
if (strcmp(section, "config") == 0) {
ctx = request;
ptr = &(request->config);
ptr = &(request->reply->vps);
} else {
/* log error - this shouldn't happen */
- RERROR("invalid section passed for pairmake");
+ RERROR("invalid section passed for fr_pair_make");
/* return */
return NULL;
}
/* debugging */
RDEBUG("adding '%s' attribute to '%s' section", attribute, section);
/* add pair */
- vp = pairmake(ctx, ptr, attribute, json_object_get_string(jval),
+ vp = fr_pair_make(ctx, ptr, attribute, json_object_get_string(jval),
fr_str2int(fr_tokens, json_object_get_string(jop), 0));
/* check pair */
if (!vp) {
}
/* get current event timestamp */
- if ((vp = pairfind(vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY)) != NULL) {
/* get seconds value from attribute */
ts = vp->vp_date;
} else {
memset(value, 0, sizeof(value));
/* get elapsed session time */
- if ((vp = pairfind(vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY)) != NULL) {
/* calculate diff */
ts = (ts - vp->vp_integer);
/* calculate start time */
rad_assert(request->packet != NULL);
/* sanity check */
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) {
/* log debug */
RDEBUG("could not find status type in packet");
/* return */
switch (status) {
case PW_STATUS_START:
/* add start time */
- if ((vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY)) != NULL) {
/* add to json object */
json_object_object_add(cookie->jobj, "startTimestamp",
mod_value_pair_to_json_object(request, vp));
case PW_STATUS_STOP:
/* add stop time */
- if ((vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY)) != NULL) {
/* add to json object */
json_object_object_add(cookie->jobj, "stopTimestamp",
mod_value_pair_to_json_object(request, vp));
request->simul_count = 0;
/* get client ip address for MPP detection below */
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
client_ip_addr = vp->vp_ipaddr;
}
/* get calling station id for MPP detection below */
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
client_cs_id = vp->vp_strvalue;
}
/*
* Find the key attribute.
*/
- key_vp = pair_find_by_da(request, inst->key_attr, TAG_ANY);
+ key_vp = fr_pair_find_by_da(request, inst->key_attr, TAG_ANY);
if (!key_vp) {
return RLM_MODULE_NOOP;
}
int acctstatustype = 0;
time_t diff;
- if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL)
+ if ((key_vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL)
acctstatustype = key_vp->vp_integer;
else {
DEBUG("rlm_counter: Could not find account status type in packet");
DEBUG("rlm_counter: We only run on Accounting-Stop packets");
return RLM_MODULE_NOOP;
}
- uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
+ uniqueid_vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
if (uniqueid_vp != NULL)
DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue);
* Check if we need to watch out for a specific service-type. If yes then check it
*/
if (inst->service_type != NULL) {
- if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY)) == NULL) {
+ if ((proto_vp = fr_pair_find_by_num(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY)) == NULL) {
DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP");
return RLM_MODULE_NOOP;
}
* Check if request->timestamp - {Acct-Delay-Time} < last_reset
* If yes reject the packet since it is very old
*/
- key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
+ key_vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (key_vp != NULL) {
if ((key_vp->vp_integer != 0) && (request->timestamp - (time_t) key_vp->vp_integer) < inst->last_reset) {
DEBUG("rlm_counter: This packet is too old. Returning NOOP");
* The REAL username, after stripping.
*/
key_vp = (inst->key_attr->attr == PW_USER_NAME) ? request->username :
- pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
+ fr_pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
if (!key_vp) {
DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP");
return RLM_MODULE_NOOP;
/*
* Look for the attribute to use as a counter.
*/
- count_vp = pair_find_by_da(request->packet->vps, inst->count_attr, TAG_ANY);
+ count_vp = fr_pair_find_by_da(request->packet->vps, inst->count_attr, TAG_ANY);
if (!count_vp) {
DEBUG("rlm_counter: Could not find the count_attribute in the request");
return RLM_MODULE_NOOP;
*/
DEBUG2("rlm_counter: Entering module authorize code");
key_vp = (inst->key_attr->attr == PW_USER_NAME) ? request->username :
- pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
+ fr_pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
if (!key_vp) {
DEBUG2("rlm_counter: Could not find Key value pair");
return rcode;
/*
* Look for the check item
*/
- if ((check_vp = pair_find_by_da(request->config, inst->check_attr, TAG_ANY)) == NULL) {
+ if ((check_vp = fr_pair_find_by_da(request->config, inst->check_attr, TAG_ANY)) == NULL) {
DEBUG2("rlm_counter: Could not find Check item value pair");
return rcode;
}
res += check_vp->vp_integer;
}
- reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
+ reply_item = fr_pair_find_by_num(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer > res) {
reply_item->vp_integer = res;
}
} else {
- reply_item = radius_paircreate(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
+ reply_item = radius_pair_create(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
reply_item->vp_integer = res;
}
} else if (inst->reply_attr) {
- reply_item = pair_find_by_da(request->reply->vps, inst->reply_attr, TAG_ANY);
+ reply_item = fr_pair_find_by_da(request->reply->vps, inst->reply_attr, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer > res) {
reply_item->vp_integer = res;
}
} else {
- reply_item = radius_paircreate(request->reply, &request->reply->vps, inst->reply_attr->attr,
+ reply_item = radius_pair_create(request->reply, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
reply_item->vp_integer = res;
}
* User is denied access, send back a reply message
*/
sprintf(msg, "Your maximum %s usage time has been reached", inst->reset);
- pairmake_reply("Reply-Message", msg, T_OP_EQ);
+ pair_make_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG("Maximum %s usage time reached", inst->reset);
rcode = RLM_MODULE_REJECT;
VALUE_PAIR *authtype, *challenge, *response, *password;
uint8_t buffer[64];
- password = pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if(!password) {
AUTH("rlm_cram: Cleartext-Password is required for authentication");
return RLM_MODULE_INVALID;
}
- authtype = pairfind(request->packet->vps, SM_AUTHTYPE, VENDORPEC_SM, TAG_ANY);
+ authtype = fr_pair_find_by_num(request->packet->vps, SM_AUTHTYPE, VENDORPEC_SM, TAG_ANY);
if(!authtype) {
AUTH("rlm_cram: Required attribute Sandy-Mail-Authtype missed");
return RLM_MODULE_INVALID;
}
- challenge = pairfind(request->packet->vps, SM_CHALLENGE, VENDORPEC_SM, TAG_ANY);
+ challenge = fr_pair_find_by_num(request->packet->vps, SM_CHALLENGE, VENDORPEC_SM, TAG_ANY);
if(!challenge) {
AUTH("rlm_cram: Required attribute Sandy-Mail-Challenge missed");
return RLM_MODULE_INVALID;
}
- response = pairfind(request->packet->vps, SM_RESPONSE, VENDORPEC_SM, TAG_ANY);
+ response = fr_pair_find_by_num(request->packet->vps, SM_RESPONSE, VENDORPEC_SM, TAG_ANY);
if(!response) {
AUTH("rlm_cram: Required attribute Sandy-Mail-Response missed");
return RLM_MODULE_INVALID;
/*
* We need both of these attributes to do the authentication.
*/
- first = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY);
+ first = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY);
if (!first) {
return RLM_MODULE_NOOP;
}
*/
RDEBUG("Checking for correctly formatted Digest-Attributes");
- first = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
+ first = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
if (!first) {
return RLM_MODULE_NOOP;
}
*
* Didn't they know that VSA's exist?
*/
- sub = radius_paircreate(request->packet, &request->packet->vps,
+ sub = radius_pair_create(request->packet, &request->packet->vps,
PW_DIGEST_REALM - 1 + p[0], 0);
sub->vp_length = attrlen - 2;
sub->vp_strvalue = q = talloc_array(sub, char, sub->vp_length + 1);
if (rcode != RLM_MODULE_OK) return rcode;
- if (pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) {
+ if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) {
RWDEBUG2("Auth-Type already set. Not setting to DIGEST");
return RLM_MODULE_NOOP;
}
* Everything's OK, add a digest authentication type.
*/
RDEBUG("Adding Auth-Type = DIGEST");
- pairmake_config("Auth-Type", "DIGEST", T_OP_EQ);
+ pair_make_config("Auth-Type", "DIGEST", T_OP_EQ);
return RLM_MODULE_OK;
}
* We require access to the plain-text password, or to the
* Digest-HA1 parameter.
*/
- passwd = pairfind(request->config, PW_DIGEST_HA1, 0, TAG_ANY);
+ passwd = fr_pair_find_by_num(request->config, PW_DIGEST_HA1, 0, TAG_ANY);
if (passwd) {
if (passwd->vp_length != 32) {
RAUTH("Digest-HA1 has invalid length, authentication failed");
return RLM_MODULE_INVALID;
}
} else {
- passwd = pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ passwd = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
}
if (!passwd) {
RAUTH("Cleartext-Password or Digest-HA1 is required for authentication");
/*
* We need these, too.
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
if (!vp) {
error:
REDEBUG("You set 'Auth-Type = Digest' for a request that does not contain any digest attributes!");
* "authorize" section. In that case, try to decode the
* attributes here.
*/
- if (!pairfind(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY)) {
int rcode;
rcode = digest_fix(request);
/*
* We require access to the Digest-Nonce-Value
*/
- nonce = pairfind(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY);
+ nonce = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY);
if (!nonce) {
REDEBUG("No Digest-Nonce: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* A1 = Digest-User-Name ":" Realm ":" Password
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_USER_NAME, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-User-Name: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
a1[a1_len] = ':';
a1_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_REALM, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_REALM, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-Realm: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
* See which variant we calculate.
* Assume MD5 if no Digest-Algorithm attribute received
*/
- algo = pairfind(request->packet->vps, PW_DIGEST_ALGORITHM, 0, TAG_ANY);
+ algo = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_ALGORITHM, 0, TAG_ANY);
if ((!algo) ||
(strcasecmp(algo->vp_strvalue, "MD5") == 0)) {
/*
a1[a1_len] = ':';
a1_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-CNonce: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* A2 = Digest-Method ":" Digest-URI
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_METHOD, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_METHOD, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-Method: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
a2[a2_len] = ':';
a2_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_URI, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_URI, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-URI: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* QOP is "auth-int", tack on ": Digest-Body-Digest"
*/
- qop = pairfind(request->packet->vps, PW_DIGEST_QOP, 0, TAG_ANY);
+ qop = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_QOP, 0, TAG_ANY);
if (qop) {
if (strcasecmp(qop->vp_strvalue, "auth-int") == 0) {
VALUE_PAIR *body;
/*
* Must be a hex representation of an MD5 digest.
*/
- body = pairfind(request->packet->vps, PW_DIGEST_BODY_DIGEST, 0, TAG_ANY);
+ body = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_BODY_DIGEST, 0, TAG_ANY);
if (!body) {
REDEBUG("No Digest-Body-Digest: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
kd[kd_len] = ':';
kd_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_NONCE_COUNT, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_NONCE_COUNT, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-Nonce-Count: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
kd[kd_len] = ':';
kd_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-CNonce: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* Get the binary value of Digest-Response
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY);
if (!vp) {
REDEBUG("No Digest-Response attribute in the request. Cannot perform digest authentication");
return RLM_MODULE_INVALID;
* Pick one type out of the one they asked for,
* as they may have asked for many.
*/
- vp = pairfind(request->config, PW_EAP_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_EAP_TYPE, 0, TAG_ANY);
for (i = 0; i < nak->length; i++) {
/*
* Type 0 is valid, and means there are no
/*
* Allow per-user configuration of EAP types.
*/
- vp = pairfind(handler->request->config, PW_EAP_TYPE, 0,
+ vp = fr_pair_find_by_num(handler->request->config, PW_EAP_TYPE, 0,
TAG_ANY);
if (vp) next = vp->vp_integer;
}
eap_packet = (eap_packet_raw_t *)reply->packet;
- vp = radius_paircreate(request->reply, &request->reply->vps, PW_EAP_MESSAGE, 0);
+ vp = radius_pair_create(request->reply, &request->reply->vps, PW_EAP_MESSAGE, 0);
if (!vp) return RLM_MODULE_INVALID;
vp->vp_length = eap_packet->length[0] * 256 + eap_packet->length[1];
* Don't add a Message-Authenticator if it's already
* there.
*/
- vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
- vp = paircreate(request->reply, PW_MESSAGE_AUTHENTICATOR, 0);
+ vp = fr_pair_afrom_num(request->reply, PW_MESSAGE_AUTHENTICATOR, 0);
vp->vp_length = AUTH_VECTOR_LEN;
vp->vp_octets = talloc_zero_array(vp, uint8_t, vp->vp_length);
- pairadd(&(request->reply->vps), vp);
+ fr_pair_add(&(request->reply->vps), vp);
}
/* Set request reply code, but only if it's not already set. */
VALUE_PAIR *vp, *proxy;
VALUE_PAIR *eap_msg;
- eap_msg = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ eap_msg = fr_pair_find_by_num(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (!eap_msg) {
RDEBUG2("No EAP-Message, not doing EAP");
return EAP_NOOP;
* Look for EAP-Type = None (FreeRADIUS specific attribute)
* this allows you to NOT do EAP for some users.
*/
- vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY);
if (vp && vp->vp_integer == 0) {
RDEBUG2("Found EAP-Message, but EAP-Type = None, so we're not doing EAP");
return EAP_NOOP;
* Check for a Proxy-To-Realm. Don't get excited over LOCAL
* realms (sigh).
*/
- proxy = pairfind(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
+ proxy = fr_pair_find_by_num(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (proxy) {
REALM *realm;
}
RDEBUG2("Got EAP_START message");
- vp = paircreate(request->reply, PW_EAP_MESSAGE, 0);
+ vp = fr_pair_afrom_num(request->reply, PW_EAP_MESSAGE, 0);
if (!vp) return EAP_FAIL;
- pairadd(&request->reply->vps, vp);
+ fr_pair_add(&request->reply->vps, vp);
/*
* Manually create an EAP Identity request
* Create an EAP-Type containing the EAP-type
* from the packet.
*/
- vp = paircreate(request->packet, PW_EAP_TYPE, 0);
+ vp = fr_pair_afrom_num(request->packet, PW_EAP_TYPE, 0);
if (vp) {
vp->vp_integer = eap_msg->vp_octets[4];
- pairadd(&(request->packet->vps), vp);
+ fr_pair_add(&(request->packet->vps), vp);
}
/*
/*
* Delete any previous replies.
*/
- pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
- pairdelete(&handler->request->reply->vps, PW_STATE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&handler->request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&handler->request->reply->vps, PW_STATE, 0, TAG_ANY);
talloc_free(handler->eap_ds->request);
handler->eap_ds->request = talloc_zero(handler->eap_ds, eap_packet_t);
goto error;
}
- vp = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
/*
* NAS did not set the User-Name
* correctly
*/
RDEBUG2("Broken NAS did not set User-Name, setting from EAP Identity");
- vp = pairmake(request->packet, &request->packet->vps, "User-Name", handler->identity, T_OP_EQ);
+ vp = fr_pair_make(request->packet, &request->packet->vps, "User-Name", handler->identity, T_OP_EQ);
if (!vp) {
goto error;
}
goto error;
}
- vp = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
/*
* NAS did not set the User-Name
* correctly
*/
RWDEBUG2("NAS did not set User-Name. Setting it locally from EAP Identity");
- vp = pairmake(request->packet, &request->packet->vps, "User-Name", handler->identity, T_OP_EQ);
+ vp = fr_pair_make(request->packet, &request->packet->vps, "User-Name", handler->identity, T_OP_EQ);
if (!vp) {
goto error2;
}
* Set the response code. Default to "fail" if none was
* specified.
*/
- vp = pairfind(request->config, PW_CHBIND_RESPONSE_CODE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_CHBIND_RESPONSE_CODE, 0, TAG_ANY);
if (vp) {
ptr[0] = vp->vp_integer;
} else {
/* Set-up the fake request */
fake = request_alloc_fake(request);
- pairmake_packet("Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
+ pair_make_packet("Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
/* Add the username to the fake request */
if (chbind->username) {
- vp = paircopyvp(fake->packet, chbind->username);
- pairadd(&fake->packet->vps, vp);
+ vp = fr_pair_copy(fake->packet, chbind->username);
+ fr_pair_add(&fake->packet->vps, vp);
fake->username = vp;
}
return PW_CODE_ACCESS_ACCEPT;
}
if (vp) {
- pairadd(&fake->packet->vps, vp);
+ fr_pair_add(&fake->packet->vps, vp);
}
attr_data += attr_len;
data_len -= attr_len;
chbind_packet_t *packet;
vp_cursor_t cursor;
- first = pairfind(vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY);
+ first = fr_pair_find_by_num(vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY);
if (!first) return NULL;
/*
if (!packet) return NULL; /* don't produce garbage */
- vp = paircreate(request->packet, PW_UKERNA_CHBIND, VENDORPEC_UKERNA);
+ vp = fr_pair_afrom_num(request->packet, PW_UKERNA_CHBIND, VENDORPEC_UKERNA);
if (!vp) return NULL;
- pairmemcpy(vp, (uint8_t *) packet, talloc_array_length((uint8_t *)packet));
+ fr_pair_value_memcpy(vp, (uint8_t *) packet, talloc_array_length((uint8_t *)packet));
return vp;
}
SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request);
- if (handler->certs) pairadd(&request->packet->vps,
- paircopy(request->packet, handler->certs));
+ if (handler->certs) fr_pair_add(&request->packet->vps,
+ fr_pair_list_copy(request->packet, handler->certs));
/*
* This case is when SSL generates Alert then we
*/
if (!handler->certs) {
rdebug_pair(L_DBG_LVL_2, request, vp, "request:");
- pairadd(&request->packet->vps, paircopyvp(request->packet, vp));
+ fr_pair_add(&request->packet->vps, fr_pair_copy(request->packet, vp));
}
} else {
rdebug_pair(L_DBG_LVL_2, request, vp, "reply:");
- pairadd(&request->reply->vps, paircopyvp(request->reply, vp));
+ fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp));
}
}
REXDENT();
}
eap_packet = (eap_packet_raw_t *)reply->packet;
- pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&(packet->vps), PW_EAP_MESSAGE, 0, TAG_ANY);
vp = eap_packet2vp(packet, eap_packet);
if (!vp) return RLM_MODULE_INVALID;
- pairadd(&(packet->vps), vp);
+ fr_pair_add(&(packet->vps), vp);
/*
* EAP-Message is always associated with
* Don't add a Message-Authenticator if it's already
* there.
*/
- vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
- vp = paircreate(packet, PW_MESSAGE_AUTHENTICATOR, 0);
+ vp = fr_pair_afrom_num(packet, PW_MESSAGE_AUTHENTICATOR, 0);
vp->vp_length = AUTH_VECTOR_LEN;
vp->vp_octets = talloc_zero_array(vp, uint8_t, vp->vp_length);
- pairadd(&(packet->vps), vp);
+ fr_pair_add(&(packet->vps), vp);
}
/* Set request reply code, but only if it's not already set. */
size = total;
if (size > 253) size = 253;
- vp = paircreate(packet, PW_EAP_MESSAGE, 0);
+ vp = fr_pair_afrom_num(packet, PW_EAP_MESSAGE, 0);
if (!vp) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return NULL;
}
- pairmemcpy(vp, ptr, size);
+ fr_pair_value_memcpy(vp, ptr, size);
fr_cursor_insert(&out, vp);
/*
* Get only EAP-Message attribute list
*/
- first = pairfind(vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ first = fr_pair_find_by_num(vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (!first) {
fr_strerror_printf("EAP-Message not found");
return NULL;
{
VALUE_PAIR *vp;
- vp = pairmake_reply(name, NULL, T_OP_EQ);
+ vp = pair_make_reply(name, NULL, T_OP_EQ);
if (!vp) {
REDEBUG("Did not create attribute %s: %s\n",
name, fr_strerror());
return;
}
- pairmemcpy(vp, value, len);
+ fr_pair_value_memcpy(vp, value, len);
}
* it might be too big for putting into an EAP-Type-SIM
*
*/
- subtype = (vp = pairfind(r->vps, PW_EAP_SIM_SUBTYPE, 0, TAG_ANY)) ?
+ subtype = (vp = fr_pair_find_by_num(r->vps, PW_EAP_SIM_SUBTYPE, 0, TAG_ANY)) ?
vp->vp_integer : EAPSIM_START;
- id = (vp = pairfind(r->vps, PW_EAP_ID, 0, TAG_ANY)) ?
+ id = (vp = fr_pair_find_by_num(r->vps, PW_EAP_ID, 0, TAG_ANY)) ?
vp->vp_integer : ((int)getpid() & 0xff);
- eapcode = (vp = pairfind(r->vps, PW_EAP_CODE, 0, TAG_ANY)) ?
+ eapcode = (vp = fr_pair_find_by_num(r->vps, PW_EAP_CODE, 0, TAG_ANY)) ?
vp->vp_integer : PW_EAP_REQUEST;
/*
* then we should calculate the HMAC-SHA1 of the resulting EAP-SIM
* packet, appended with the value of append.
*/
- vp = pairfind(r->vps, PW_EAP_SIM_KEY, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(r->vps, PW_EAP_SIM_KEY, 0, TAG_ANY);
if(macspace != NULL && vp != NULL) {
unsigned char *buffer;
eap_packet_raw_t *hdr;
return 0;
}
- newvp = paircreate(r, PW_EAP_SIM_SUBTYPE, 0);
+ newvp = fr_pair_afrom_num(r, PW_EAP_SIM_SUBTYPE, 0);
if (!newvp) {
return 0;
}
newvp->vp_integer = attr[0];
newvp->vp_length = 1;
- pairadd(&(r->vps), newvp);
+ fr_pair_add(&(r->vps), newvp);
attr += 3;
attrlen -= 3;
return 0;
}
- newvp = paircreate(r, eapsim_attribute+PW_EAP_SIM_BASE, 0);
+ newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0);
newvp->vp_length = eapsim_len-2;
newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
memcpy(p, &attr[2], eapsim_len-2);
- pairadd(&(r->vps), newvp);
+ fr_pair_add(&(r->vps), newvp);
newvp = NULL;
/* advance pointers, decrement length */
int elen,len;
VALUE_PAIR *mac;
- mac = pairfind(rvps, PW_EAP_SIM_MAC, 0, TAG_ANY);
+ mac = fr_pair_find_by_num(rvps, PW_EAP_SIM_MAC, 0, TAG_ANY);
if(!mac || mac->vp_length != 18) {
/* can't check a packet with no AT_MAC attribute */
return;
}
- vp = paircreate(packet, PW_EAP_SESSION_ID, 0);
+ vp = fr_pair_afrom_num(packet, PW_EAP_SESSION_ID, 0);
if (!vp) return;
vp->vp_length = 1 + 2 * SSL3_RANDOM_SIZE;
memcpy(p + 1 + SSL3_RANDOM_SIZE,
s->s3->server_random, SSL3_RANDOM_SIZE);
vp->vp_octets = p;
- pairadd(&packet->vps, vp);
+ fr_pair_add(&packet->vps, vp);
}
handler->opaque = NULL;
handler->free_opaque = NULL;
- if (handler->certs) pairfree(&handler->certs);
+ if (handler->certs) fr_pair_list_free(&handler->certs);
/*
* Give helpful debug messages if:
* Generate State, since we've been asked to add it to
* the list.
*/
- state = pairmake_reply("State", NULL, T_OP_EQ);
+ state = pair_make_reply("State", NULL, T_OP_EQ);
if (!state) return 0;
/*
handler->state[5] = handler->eap_id ^ handler->state[1];
handler->state[6] = handler->type ^ handler->state[2];
- pairmemcpy(state, handler->state, sizeof(handler->state));
+ fr_pair_value_memcpy(state, handler->state, sizeof(handler->state));
/*
* Big-time failure.
PTHREAD_MUTEX_UNLOCK(&(inst->session_mutex));
if (status <= 0) {
- pairdelete(&request->reply->vps, PW_STATE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->reply->vps, PW_STATE, 0, TAG_ANY);
if (status < 0) {
static time_t last_logged = 0;
* We key the sessions off of the 'state' attribute, so it
* must exist.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
+ state = fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (!state ||
(state->vp_length != EAP_STATE_LEN)) {
return NULL;
input_num ++;
MEM(request = talloc_zero(ctx, rc_input_vps_t));
- if (readvp2(request, &request->vps_in, file_in, &file_done) < 0) {
+ if (fr_pair_list_afrom_file(request, &request->vps_in, file_in, &file_done) < 0) {
ERROR("Error parsing entry %u from input: %s", input_num, input);
talloc_free(request);
break;
}
if (NULL == request->vps_in) {
- /* Last line might be empty, in this case readvp2 will return a NULL vps pointer. Silently ignore this. */
+ /* Last line might be empty, in this case fr_pair_list_afrom_file will return a NULL vps pointer. Silently ignore this. */
talloc_free(request);
break;
}
vp->da = da;
/*
- * Re-do pairmemsteal ourselves,
+ * Re-do fr_pair_value_memsteal ourselves,
* because we play games with
- * vp->da, and pairmemsteal goes
+ * vp->da, and fr_pair_value_memsteal goes
* to GREAT lengths to sanitize
* and fix and change and
* double-check the various
* of challenge the server will issue.
*/
VALUE_PAIR *vp;
- vp = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
- if (!vp) vp = pairfind(packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
- if (!vp) vp = pairfind(packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(packet->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ if (!vp) vp = fr_pair_find_by_num(packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ if (!vp) vp = fr_pair_find_by_num(packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
if (vp) {
strlcpy(trans->eap_context->password, vp->vp_strvalue, sizeof(trans->eap_context->password));
}
trans->packet = packet;
/* Fill in the packet value pairs. */
- packet->vps = paircopy(packet, vps_entry->vps_in);
+ packet->vps = fr_pair_list_copy(packet, vps_entry->vps_in);
/* Initialize the transaction packet. */
if (!rc_init_packet(trans)) {
* maybe should just copy things we care about, or keep
* a copy of the original input and start from there again?
*/
- pairdelete(&resp->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
- pairdelete(&resp->vps, PW_EAP_TYPE_BASE+PW_EAP_IDENTITY, 0, TAG_ANY);
+ fr_pair_delete_by_num(&resp->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&resp->vps, PW_EAP_TYPE_BASE+PW_EAP_IDENTITY, 0, TAG_ANY);
last = &resp->vps;
for (vp = *last; vp != NULL; vp = vpnext)
/* form new response clear of any EAP stuff */
rc_cleanresp(rep);
- if ((vp = pairfind(req->vps, PW_EAP_SIM_VERSION_LIST, 0, TAG_ANY)) == NULL) {
+ if ((vp = fr_pair_find_by_num(req->vps, PW_EAP_SIM_VERSION_LIST, 0, TAG_ANY)) == NULL) {
ERROR("illegal start message has no VERSION_LIST");
return 0;
}
* anyway we like, but it is illegal to have more than one
* present.
*/
- anyidreq_vp = pairfind(req->vps, PW_EAP_SIM_ANY_ID_REQ, 0, TAG_ANY);
- fullauthidreq_vp = pairfind(req->vps, PW_EAP_SIM_FULLAUTH_ID_REQ, 0, TAG_ANY);
- permanentidreq_vp = pairfind(req->vps, PW_EAP_SIM_PERMANENT_ID_REQ, 0, TAG_ANY);
+ anyidreq_vp = fr_pair_find_by_num(req->vps, PW_EAP_SIM_ANY_ID_REQ, 0, TAG_ANY);
+ fullauthidreq_vp = fr_pair_find_by_num(req->vps, PW_EAP_SIM_FULLAUTH_ID_REQ, 0, TAG_ANY);
+ permanentidreq_vp = fr_pair_find_by_num(req->vps, PW_EAP_SIM_PERMANENT_ID_REQ, 0, TAG_ANY);
if (!fullauthidreq_vp ||
anyidreq_vp != NULL ||
/* okay, we have just any_id_req there, so fill in response */
/* mark the subtype as being EAP-SIM/Response/Start */
- newvp = paircreate(rep, PW_EAP_SIM_SUBTYPE, 0);
+ newvp = fr_pair_afrom_num(rep, PW_EAP_SIM_SUBTYPE, 0);
newvp->vp_integer = EAPSIM_START;
- pairreplace(&(rep->vps), newvp);
+ fr_pair_replace(&(rep->vps), newvp);
/* insert selected version into response. */
{
no_versions = htons(selectedversion);
- newvp = paircreate(rep, PW_EAP_SIM_SELECTED_VERSION, 0);
- pairmemcpy(newvp, (uint8_t *) &no_versions, 2);
- pairreplace(&(rep->vps), newvp);
+ newvp = fr_pair_afrom_num(rep, PW_EAP_SIM_SELECTED_VERSION, 0);
+ fr_pair_value_memcpy(newvp, (uint8_t *) &no_versions, 2);
+ fr_pair_replace(&(rep->vps), newvp);
/* record the selected version */
memcpy(eap_context->eap.sim.keys.versionselect, &no_versions, 2);
nonce[2]=fr_rand();
nonce[3]=fr_rand();
- newvp = paircreate(rep, PW_EAP_SIM_NONCE_MT, 0);
+ newvp = fr_pair_afrom_num(rep, PW_EAP_SIM_NONCE_MT, 0);
p = talloc_zero_array(newvp, uint8_t, 18); /* 18 = 16 bytes of nonce + padding */
memcpy(&p[2], nonce, 16);
- pairmemsteal(newvp, p);
+ fr_pair_value_memsteal(newvp, p);
- pairreplace(&(rep->vps), newvp);
+ fr_pair_replace(&(rep->vps), newvp);
/* also keep a copy of the nonce! */
memcpy(eap_context->eap.sim.keys.nonce_mt, nonce, 16);
/*
* insert the identity here.
*/
- vp = pairfind(rep->vps, PW_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(rep->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp)
{
ERROR("eap-sim: We need to have a User-Name attribute!");
return 0;
}
- newvp = paircreate(rep, PW_EAP_SIM_IDENTITY, 0);
+ newvp = fr_pair_afrom_num(rep, PW_EAP_SIM_IDENTITY, 0);
idlen = strlen(vp->vp_strvalue);
p = talloc_zero_array(newvp, uint8_t, idlen + 2);
no_idlen = htons(idlen);
memcpy(p, &no_idlen, 2);
memcpy(p + 2, vp->vp_strvalue, idlen);
- pairmemsteal(newvp, p);
+ fr_pair_value_memsteal(newvp, p);
- pairreplace(&(rep->vps), newvp);
+ fr_pair_replace(&(rep->vps), newvp);
/* record it */
memcpy(eap_context->eap.sim.keys.identity, vp->vp_strvalue, idlen);
uint8_t calcmac[20];
/* look for the AT_MAC and the challenge data */
- mac = pairfind(req->vps, PW_EAP_SIM_MAC, 0, TAG_ANY);
- randvp= pairfind(req->vps, PW_EAP_SIM_RAND, 0, TAG_ANY);
+ mac = fr_pair_find_by_num(req->vps, PW_EAP_SIM_MAC, 0, TAG_ANY);
+ randvp= fr_pair_find_by_num(req->vps, PW_EAP_SIM_RAND, 0, TAG_ANY);
if (!mac || !randvp) {
ERROR("challenge message needs to contain RAND and MAC");
return 0;
randcfg[1] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE];
randcfg[2] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE*2];
- randcfgvp[0] = pairfind(rep->vps, PW_EAP_SIM_RAND1, 0, TAG_ANY);
- randcfgvp[1] = pairfind(rep->vps, PW_EAP_SIM_RAND2, 0, TAG_ANY);
- randcfgvp[2] = pairfind(rep->vps, PW_EAP_SIM_RAND3, 0, TAG_ANY);
+ randcfgvp[0] = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_RAND1, 0, TAG_ANY);
+ randcfgvp[1] = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_RAND2, 0, TAG_ANY);
+ randcfgvp[2] = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_RAND3, 0, TAG_ANY);
if (!randcfgvp[0] ||
!randcfgvp[1] ||
* Really, they should be calculated from the RAND!
*
*/
- sres1 = pairfind(rep->vps, PW_EAP_SIM_SRES1, 0, TAG_ANY);
- sres2 = pairfind(rep->vps, PW_EAP_SIM_SRES2, 0, TAG_ANY);
- sres3 = pairfind(rep->vps, PW_EAP_SIM_SRES3, 0, TAG_ANY);
+ sres1 = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_SRES1, 0, TAG_ANY);
+ sres2 = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_SRES2, 0, TAG_ANY);
+ sres3 = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_SRES3, 0, TAG_ANY);
if (!sres1 ||
!sres2 ||
memcpy(eap_context->eap.sim.keys.sres[1], sres2->vp_strvalue, sizeof(eap_context->eap.sim.keys.sres[1]));
memcpy(eap_context->eap.sim.keys.sres[2], sres3->vp_strvalue, sizeof(eap_context->eap.sim.keys.sres[2]));
- Kc1 = pairfind(rep->vps, PW_EAP_SIM_KC1, 0, TAG_ANY);
- Kc2 = pairfind(rep->vps, PW_EAP_SIM_KC2, 0, TAG_ANY);
- Kc3 = pairfind(rep->vps, PW_EAP_SIM_KC3, 0, TAG_ANY);
+ Kc1 = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_KC1, 0, TAG_ANY);
+ Kc2 = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_KC2, 0, TAG_ANY);
+ Kc3 = fr_pair_find_by_num(rep->vps, PW_EAP_SIM_KC3, 0, TAG_ANY);
if (!Kc1 ||
!Kc2 ||
rc_cleanresp(rep);
/* mark the subtype as being EAP-SIM/Response/Start */
- newvp = paircreate(rep, PW_EAP_SIM_SUBTYPE, 0);
+ newvp = fr_pair_afrom_num(rep, PW_EAP_SIM_SUBTYPE, 0);
newvp->vp_integer = EAPSIM_CHALLENGE;
- pairreplace(&(rep->vps), newvp);
+ fr_pair_replace(&(rep->vps), newvp);
{
uint8_t *p;
* fill the SIM_MAC with a field that will in fact get appended
* to the packet before the MAC is calculated
*/
- newvp = paircreate(rep, PW_EAP_SIM_MAC, 0);
+ newvp = fr_pair_afrom_num(rep, PW_EAP_SIM_MAC, 0);
p = talloc_zero_array(newvp, uint8_t, EAPSIM_SRES_SIZE*3);
memcpy(p+EAPSIM_SRES_SIZE * 0, sres1->vp_strvalue, EAPSIM_SRES_SIZE);
memcpy(p+EAPSIM_SRES_SIZE * 1, sres2->vp_strvalue, EAPSIM_SRES_SIZE);
memcpy(p+EAPSIM_SRES_SIZE * 2, sres3->vp_strvalue, EAPSIM_SRES_SIZE);
- pairmemsteal(newvp, p);
+ fr_pair_value_memsteal(newvp, p);
- pairreplace(&(rep->vps), newvp);
+ fr_pair_replace(&(rep->vps), newvp);
}
- newvp = paircreate(rep, PW_EAP_SIM_KEY, 0);
- pairmemcpy(newvp, eap_context->eap.sim.keys.K_aut, EAPSIM_AUTH_SIZE);
+ newvp = fr_pair_afrom_num(rep, PW_EAP_SIM_KEY, 0);
+ fr_pair_value_memcpy(newvp, eap_context->eap.sim.keys.K_aut, EAPSIM_AUTH_SIZE);
- pairreplace(&(rep->vps), newvp);
+ fr_pair_replace(&(rep->vps), newvp);
return 1;
}
VALUE_PAIR *vp, *statevp, *radstate, *eapid;
char statenamebuf[32], subtypenamebuf[32];
- if ((radstate = paircopy_by_num(NULL, req->vps, PW_STATE, 0, TAG_ANY)) == NULL)
+ if ((radstate = fr_pair_list_copy_by_num(NULL, req->vps, PW_STATE, 0, TAG_ANY)) == NULL)
{
return 0;
}
- if ((eapid = paircopy_by_num(NULL, req->vps, PW_EAP_ID, 0, TAG_ANY)) == NULL)
+ if ((eapid = fr_pair_list_copy_by_num(NULL, req->vps, PW_EAP_ID, 0, TAG_ANY)) == NULL)
{
return 0;
}
* ourselves to be in EAP-SIM-Start state if there is none.
*/
- if ((statevp = pairfind(resp->vps, PW_EAP_SIM_STATE, 0, TAG_ANY)) == NULL)
+ if ((statevp = fr_pair_find_by_num(resp->vps, PW_EAP_SIM_STATE, 0, TAG_ANY)) == NULL)
{
/* must be initial request */
- statevp = paircreate(resp, PW_EAP_SIM_STATE, 0);
+ statevp = fr_pair_afrom_num(resp, PW_EAP_SIM_STATE, 0);
statevp->vp_integer = EAPSIM_CLIENT_INIT;
- pairreplace(&(resp->vps), statevp);
+ fr_pair_replace(&(resp->vps), statevp);
}
state = statevp->vp_integer;
*/
rc_unmap_eapsim_types(req);
- if ((vp = pairfind(req->vps, PW_EAP_SIM_SUBTYPE, 0, TAG_ANY)) == NULL)
+ if ((vp = fr_pair_find_by_num(req->vps, PW_EAP_SIM_SUBTYPE, 0, TAG_ANY)) == NULL)
{
return 0;
}
}
/* copy the eap state object in */
- pairreplace(&(resp->vps), eapid);
+ fr_pair_replace(&(resp->vps), eapid);
/* update stete info, and send new packet */
rc_map_eapsim_types(resp);
/* copy the radius state object in */
- pairreplace(&(resp->vps), radstate);
+ fr_pair_replace(&(resp->vps), radstate);
statevp->vp_integer = newstate;
return 1;
rc_cleanresp(rep);
- if ((state = paircopy_by_num(NULL, req->vps, PW_STATE, 0, TAG_ANY)) == NULL)
+ if ((state = fr_pair_list_copy_by_num(NULL, req->vps, PW_STATE, 0, TAG_ANY)) == NULL)
{
ERROR("no state attribute found");
return 0;
}
- if ((id = paircopy_by_num(NULL, req->vps, PW_EAP_ID, 0, TAG_ANY)) == NULL)
+ if ((id = fr_pair_list_copy_by_num(NULL, req->vps, PW_EAP_ID, 0, TAG_ANY)) == NULL)
{
ERROR("no EAP-ID attribute found");
return 0;
}
identifier = id->vp_integer;
- if ((vp = pairfind(req->vps, PW_EAP_TYPE_BASE+PW_EAP_MD5, 0, TAG_ANY)) == NULL)
+ if ((vp = fr_pair_find_by_num(req->vps, PW_EAP_TYPE_BASE+PW_EAP_MD5, 0, TAG_ANY)) == NULL)
{
ERROR("no EAP-MD5 attribute found");
return 0;
uint8_t *p;
uint8_t lg_response;
- vp = paircreate(rep, PW_EAP_TYPE_BASE+PW_EAP_MD5, 0);
+ vp = fr_pair_afrom_num(rep, PW_EAP_TYPE_BASE+PW_EAP_MD5, 0);
vp->vp_length = 17;
p = talloc_zero_array(vp, uint8_t, 17);
lg_response = 16;
memcpy(p, &lg_response, 1);
memcpy(p + 1, response, 16);
- pairmemsteal(vp, p);
+ fr_pair_value_memsteal(vp, p);
}
- pairreplace(&(rep->vps), vp);
+ fr_pair_replace(&(rep->vps), vp);
- pairreplace(&(rep->vps), id);
+ fr_pair_replace(&(rep->vps), id);
/* copy the state object in */
- pairreplace(&(rep->vps), state);
+ fr_pair_replace(&(rep->vps), state);
return 1;
}
DEBUG("EAP transaction finished, but reply is not an Access-Accept");
goto packet_done;
}
- vp = pairfind(trans->reply->vps, PW_EAP_CODE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(trans->reply->vps, PW_EAP_CODE, 0, TAG_ANY);
if ( (!vp) || (vp->vp_integer != 3) ) {
DEBUG("EAP transaction finished, but reply does not contain EAP-Code = Success");
goto packet_done;
eap_packet_t *pt_ep = talloc_zero(req, eap_packet_t);
- vp = pairfind(req->vps, PW_EAP_ID, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(req->vps, PW_EAP_ID, 0, TAG_ANY);
if (!vp) {
id = ((int)getpid() & 0xff);
} else {
id = vp->vp_integer;
}
- vp = pairfind(req->vps, PW_EAP_CODE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(req->vps, PW_EAP_CODE, 0, TAG_ANY);
if (!vp) {
eapcode = PW_EAP_REQUEST;
} else {
*/
/* nuke any existing EAP-Messages */
- pairdelete(&req->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&req->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
pt_ep->code = eapcode;
pt_ep->id = id;
return;
}
/* create EAP-ID and EAP-CODE attributes to start */
- eap1 = paircreate(rep, PW_EAP_ID, 0);
+ eap1 = fr_pair_afrom_num(rep, PW_EAP_ID, 0);
eap1->vp_integer = e->id;
- pairadd(&(rep->vps), eap1);
+ fr_pair_add(&(rep->vps), eap1);
- eap1 = paircreate(rep, PW_EAP_CODE, 0);
+ eap1 = fr_pair_afrom_num(rep, PW_EAP_CODE, 0);
eap1->vp_integer = e->code;
- pairadd(&(rep->vps), eap1);
+ fr_pair_add(&(rep->vps), eap1);
switch (e->code) {
default:
len = MAX_STRING_LEN;
}
- eap1 = paircreate(rep, type, 0);
- pairmemcpy(eap1, e->data + 1, len);
+ eap1 = fr_pair_afrom_num(rep, type, 0);
+ fr_pair_value_memcpy(eap1, e->data + 1, len);
- pairadd(&(rep->vps), eap1);
+ fr_pair_add(&(rep->vps), eap1);
break;
}
uint8_t *eap_data;
int rcode_unmap;
- esvp = pairfind(r->vps, PW_EAP_TYPE_BASE+PW_EAP_SIM, 0, TAG_ANY);
+ esvp = fr_pair_find_by_num(r->vps, PW_EAP_TYPE_BASE+PW_EAP_SIM, 0, TAG_ANY);
if (!esvp) {
ERROR("eap: EAP-Sim attribute not found");
return 0;
inst = (rlm_eap_t *) instance;
- if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
REDEBUG("You set 'Auth-Type = EAP' for a request that does "
"not contain an EAP-Message attribute!");
return RLM_MODULE_INVALID;
* Some simple sanity checks. These should really
* be handled by the radius library...
*/
- vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->proxy->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (vp) {
- vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
- pairmake(request->proxy,
+ fr_pair_make(request->proxy,
&request->proxy->vps,
"Message-Authenticator",
NULL, T_OP_EQ);
* set to 127.0.0.1 for tunneled requests, and
* we don't want to tell the world that...
*/
- pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS, TAG_ANY);
+ fr_pair_delete_by_num(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS, TAG_ANY);
RDEBUG2("Tunneled session will be proxied. Not doing EAP");
return RLM_MODULE_HANDLED;
/*
* Doesn't exist, add it in.
*/
- vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
- vp = paircopyvp(request->reply, request->username);
- pairadd(&request->reply->vps, vp);
+ vp = fr_pair_copy(request->reply, request->username);
+ fr_pair_add(&request->reply->vps, vp);
}
/*
* each EAP sub-module to look for handler->request->username,
* and to get excited if it doesn't appear.
*/
- vp = pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
if ((!vp) || (vp->vp_integer != PW_AUTH_TYPE_REJECT)) {
- vp = pairmake_config("Auth-Type", inst->xlat_name, T_OP_EQ);
+ vp = pair_make_config("Auth-Type", inst->xlat_name, T_OP_EQ);
if (!vp) {
RDEBUG2("Failed to create Auth-Type %s: %s\n",
inst->xlat_name, fr_strerror());
/*
* Doesn't exist, add it in.
*/
- vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
- pairmake_reply("User-Name",
+ pair_make_reply("User-Name",
request->username->vp_strvalue,
T_OP_EQ);
}
rad_tunnel_pwencode(p + 17, &len,
request->client->secret,
request->packet->vector);
- pairstrsteal(vp, p);
+ fr_pair_value_strsteal(vp, p);
return RLM_MODULE_UPDATED;
}
/*
* Only build a failure message if something previously rejected the request
*/
- vp = pairfind(request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_POST_AUTH_TYPE, 0, TAG_ANY);
if (!vp || (vp->vp_integer != PW_POST_AUTH_TYPE_REJECT)) return RLM_MODULE_NOOP;
- if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
RDEBUG2("Request didn't contain an EAP-Message, not inserting EAP-Failure");
return RLM_MODULE_NOOP;
}
- if (pairfind(request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
+ if (fr_pair_find_by_num(request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
RDEBUG2("Reply already contained an EAP-Message, not inserting EAP-Failure");
return RLM_MODULE_NOOP;
}
* Make sure there's a message authenticator attribute in the response
* RADIUS protocol code will calculate the correct value later...
*/
- vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
- pairmake_reply("Message-Authenticator", "0x00", T_OP_EQ);
+ pair_make_reply("Message-Authenticator", "0x00", T_OP_EQ);
}
return RLM_MODULE_UPDATED;
/*
* For now, do cleartext password authentication.
*/
- vp = pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (!vp) {
REDEBUG2("Cleartext-Password is required for authentication");
eap_ds->request->code = PW_EAP_FAILURE;
* If there was a User-Password in the request,
* why the heck are they using EAP-GTC?
*/
- pairdelete(&request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
- vp = pairmake_packet("User-Password", NULL, T_OP_EQ);
+ vp = pair_make_packet("User-Password", NULL, T_OP_EQ);
if (!vp) {
return 0;
}
}
//idtype
- vp = pairfind(items, RAD_EAP_IKEV2_IDTYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(items, RAD_EAP_IKEV2_IDTYPE, 0, TAG_ANY);
if (!vp) {
DEBUG(IKEv2_LOG_PREFIX "[%s] -- Id type not set", id);
} else {
}
//secret
- vp = pairfind(items, RAD_EAP_IKEV2_SECRET, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(items, RAD_EAP_IKEV2_SECRET, 0, TAG_ANY);
if (!vp || !vp->vp_length) {
DEBUG(IKEv2_LOG_PREFIX "[%s] -- Secret not set", id);
} else {
}
//authtype
- vp = pairfind(items, RAD_EAP_IKEV2_AUTHTYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(items, RAD_EAP_IKEV2_AUTHTYPE, 0, TAG_ANY);
if (vp && vp->vp_length) {
authtype = AuthtypeFromName(vp->vp_strvalue);
}
if (p) {
- pairmemcpy(password, p, 16);
+ fr_pair_value_memcpy(password, p, 16);
talloc_free(p);
}
/*
* Calculate the leap:session-key attribute
*/
- vp = pairmake_reply("Cisco-AVPair", NULL, T_OP_ADD);
+ vp = pair_make_reply("Cisco-AVPair", NULL, T_OP_ADD);
if (!vp) {
REDEBUG("Failed to create Cisco-AVPair attribute. LEAP cancelled");
talloc_free(reply);
i = 16;
rad_tunnel_pwencode(q + 17, &i, request->client->secret, request->packet->vector);
- pairstrsteal(vp, q);
+ fr_pair_value_strsteal(vp, q);
vp->vp_length = 17 + i;
return reply;
* The password is never sent over the wire.
* Always get the configured password, for each user.
*/
- password = pairfind(handler->request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ password = fr_pair_find_by_num(handler->request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (!password) {
- password = pairfind(handler->request->config, PW_NT_PASSWORD, 0, TAG_ANY);
+ password = fr_pair_find_by_num(handler->request->config, PW_NT_PASSWORD, 0, TAG_ANY);
}
if (!password) {
rad_assert(handler->request != NULL);
rad_assert(handler->stage == PROCESS);
- password = pairfind(handler->request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ password = fr_pair_find_by_num(handler->request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (!password) {
RDEBUG2("Cleartext-Password is required for EAP-MD5 authentication");
return 0;
static void fix_mppe_keys(eap_handler_t *handler, mschapv2_opaque_t *data)
{
- pairfilter(data, &data->mppe_keys, &handler->request->reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
- pairfilter(data, &data->mppe_keys, &handler->request->reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
- pairfilter(data, &data->mppe_keys, &handler->request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
- pairfilter(data, &data->mppe_keys, &handler->request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(data, &data->mppe_keys, &handler->request->reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(data, &data->mppe_keys, &handler->request->reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(data, &data->mppe_keys, &handler->request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(data, &data->mppe_keys, &handler->request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
}
/*
bool created_challenge = false;
rlm_eap_mschapv2_t *inst = instance;
- challenge = pairfind(request->config, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
+ challenge = fr_pair_find_by_num(request->config, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
if (challenge && (challenge->vp_length != MSCHAPV2_CHALLENGE_LEN)) {
RWDEBUG("control:MS-CHAP-Challenge is incorrect length. Ignoring it.");
challenge = NULL;
if (!challenge) {
created_challenge = true;
- challenge = pairmake(handler, NULL, "MS-CHAP-Challenge", NULL, T_OP_EQ);
+ challenge = fr_pair_make(handler, NULL, "MS-CHAP-Challenge", NULL, T_OP_EQ);
/*
* Get a random challenge.
* and free it.
*/
eapmschapv2_compose(inst, handler, challenge);
- if (created_challenge) pairfree(&challenge);
+ if (created_challenge) fr_pair_list_free(&challenge);
#ifdef WITH_PROXY
/*
* Move the attribute, so it doesn't go into
* the reply.
*/
- pairfilter(data, &response, &request->reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(data, &response, &request->reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
break;
default:
* access-accept e.g. vlan, etc. This lets the PEAP
* use_tunneled_reply code work
*/
- data->reply = paircopy(data, request->reply->vps);
+ data->reply = fr_pair_list_copy(data, request->reply->vps);
/*
* And we need to challenge the user, not ack/reject them,
* so we re-write the ACK to a challenge. Yuck.
*/
request->reply->code = PW_CODE_ACCESS_CHALLENGE;
- pairfree(&response);
+ fr_pair_list_free(&response);
return 1;
}
RDEBUG2("Password change packet received");
- challenge = pairmake_packet("MS-CHAP-Challenge", NULL, T_OP_EQ);
+ challenge = pair_make_packet("MS-CHAP-Challenge", NULL, T_OP_EQ);
if (!challenge) return 0;
- pairmemcpy(challenge, data->challenge, MSCHAPV2_CHALLENGE_LEN);
+ fr_pair_value_memcpy(challenge, data->challenge, MSCHAPV2_CHALLENGE_LEN);
- cpw = pairmake_packet("MS-CHAP2-CPW", NULL, T_OP_EQ);
+ cpw = pair_make_packet("MS-CHAP2-CPW", NULL, T_OP_EQ);
cpw->vp_length = 68;
cpw->vp_octets = p = talloc_array(cpw, uint8_t, cpw->vp_length);
int to_copy = 516 - copied;
if (to_copy > 243) to_copy = 243;
- nt_enc = pairmake_packet("MS-CHAP-NT-Enc-PW", NULL, T_OP_ADD);
+ nt_enc = pair_make_packet("MS-CHAP-NT-Enc-PW", NULL, T_OP_ADD);
nt_enc->vp_length = 4 + to_copy;
nt_enc->vp_octets = p = talloc_array(nt_enc, uint8_t, nt_enc->vp_length);
case PW_EAP_MSCHAPV2_SUCCESS:
eap_ds->request->code = PW_EAP_SUCCESS;
- pairfilter(request->reply, &request->reply->vps, &data->mppe_keys, 0, 0, TAG_ANY);
+ fr_pair_list_move_by_num(request->reply, &request->reply->vps, &data->mppe_keys, 0, 0, TAG_ANY);
/* FALL-THROUGH */
case PW_EAP_MSCHAPV2_ACK:
*/
request->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
#endif
- pairfilter(request->reply, &request->reply->vps, &data->reply, 0, 0, TAG_ANY);
+ fr_pair_list_move_by_num(request->reply, &request->reply->vps, &data->reply, 0, 0, TAG_ANY);
return 1;
}
REDEBUG("Sent SUCCESS expecting SUCCESS (or ACK) but got %d", ccode);
* to pass to the 'mschap' module. This is a little wonky,
* but it works.
*/
- challenge = pairmake_packet("MS-CHAP-Challenge", NULL, T_OP_EQ);
+ challenge = pair_make_packet("MS-CHAP-Challenge", NULL, T_OP_EQ);
if (!challenge) return 0;
- pairmemcpy(challenge, data->challenge, MSCHAPV2_CHALLENGE_LEN);
+ fr_pair_value_memcpy(challenge, data->challenge, MSCHAPV2_CHALLENGE_LEN);
- response = pairmake_packet("MS-CHAP2-Response", NULL, T_OP_EQ);
+ response = pair_make_packet("MS-CHAP2-Response", NULL, T_OP_EQ);
if (!response) return 0;
response->vp_length = MSCHAPV2_RESPONSE_LEN;
response->vp_octets = p = talloc_array(response, uint8_t, response->vp_length);
p[1] = eap_ds->response->type.data[5 + MSCHAPV2_RESPONSE_LEN];
memcpy(p + 2, &eap_ds->response->type.data[5], MSCHAPV2_RESPONSE_LEN - 2);
- name = pairmake_packet("MS-CHAP-User-Name", NULL, T_OP_EQ);
+ name = pair_make_packet("MS-CHAP-User-Name", NULL, T_OP_EQ);
if (!name) return 0;
/*
* the State attribute back, before passing
* the handler & request back into the tunnel.
*/
- pairdelete(&request->packet->vps, PW_STATE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->packet->vps, PW_STATE, 0, TAG_ANY);
/*
* Fix the User-Name when proxying, to strip off
* in the user name, THEN discard the user name.
*/
if (inst->with_ntdomain_hack &&
- ((challenge = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY)) != NULL) &&
+ ((challenge = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY)) != NULL) &&
((username = strchr(challenge->vp_strvalue, '\\')) != NULL)) {
/*
* Wipe out the NT domain.
* FIXME: Put it into MS-CHAP-Domain?
*/
username++; /* skip the \\ */
- pairstrcpy(challenge, username);
+ fr_pair_value_strcpy(challenge, username);
}
/*
*/
response = NULL;
if (rcode == RLM_MODULE_OK) {
- pairfilter(data, &response, &request->reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(data, &response, &request->reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
data->code = PW_EAP_MSCHAPV2_SUCCESS;
} else if (inst->send_error) {
- pairfilter(data, &response, &request->reply->vps, PW_MSCHAP_ERROR, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(data, &response, &request->reply->vps, PW_MSCHAP_ERROR, VENDORPEC_MICROSOFT, TAG_ANY);
if (response) {
int n,err,retry;
char buf[34];
* and return it to the over-lying EAP module.
*/
eapmschapv2_compose(inst, handler, response);
- pairfree(&response);
+ fr_pair_list_free(&response);
return 1;
}
uint32_t eap_method;
int rv;
- vp = pairmake(packet, &packet->vps, "SoH-Supported", "no", T_OP_EQ);
+ vp = fr_pair_make(packet, &packet->vps, "SoH-Supported", "no", T_OP_EQ);
if (data && data[0] == PW_EAP_NAK) {
RDEBUG("SoH - client NAKed");
return;
if (data_len > 65535) return NULL; /* paranoia */
- vp = paircreate(packet, PW_EAP_MESSAGE, 0);
+ vp = fr_pair_afrom_num(packet, PW_EAP_MESSAGE, 0);
if (!vp) {
return NULL;
}
fr_cursor_init(&cursor, &head);
fr_cursor_insert(&cursor, vp);
while (total < data_len) {
- vp = paircreate(packet, PW_EAP_MESSAGE, 0);
+ vp = fr_pair_afrom_num(packet, PW_EAP_MESSAGE, 0);
if (!vp) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return NULL;
}
- pairmemcpy(vp, data + total, (data_len - total));
+ fr_pair_value_memcpy(vp, data + total, (data_len - total));
total += vp->vp_length;
/*
* Clean up the tunneled reply.
*/
- pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
- pairdelete(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
- pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
/*
* Delete MPPE keys & encryption policy. We don't
* want these here.
*/
- pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
- pairfree(&t->accept_vps); /* for proxying MS-CHAP2 */
- pairfilter(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY);
+ fr_pair_list_free(&t->accept_vps); /* for proxying MS-CHAP2 */
+ fr_pair_list_move_by_num(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY);
rad_assert(!reply->vps);
}
break;
*
* Get rid of the old State, too.
*/
- pairfree(&t->state);
- pairfilter(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
+ fr_pair_list_free(&t->state);
+ fr_pair_list_move_by_num(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
/*
* PEAP takes only EAP-Message attributes inside
* Access-Challenge is ignored.
*/
vp = NULL;
- pairfilter(t, &vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_list_move_by_num(t, &vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
/*
* Handle EAP-MSCHAP-V2, where Access-Accept's
/*
* Clean up the tunneled reply.
*/
- pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
- pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
rad_assert(!t->accept_vps);
- pairfilter(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY);
+ fr_pair_list_move_by_num(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY);
rad_assert(!reply->vps);
}
*/
if (vp) {
vp2eap(request, tls_session, vp);
- pairfree(&vp);
+ fr_pair_list_free(&vp);
}
rcode = RLM_MODULE_HANDLED;
* the basis for the reply to the NAS. We don't want that,
* so we toss it, after we've had our way with it.
*/
- pairfree(&handler->request->proxy_reply->vps);
+ fr_pair_list_free(&handler->request->proxy_reply->vps);
switch (rcode) {
case RLM_MODULE_REJECT:
/*
* Save it for later.
*/
- t->username = pairmake(t, NULL, "User-Name", NULL, T_OP_EQ);
+ t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
rad_assert(t->username != NULL);
- pairbstrncpy(t->username, data + 1, data_len - 1);
+ fr_pair_value_bstrncpy(t->username, data + 1, data_len - 1);
RDEBUG("Got inner identity '%s'", t->username->vp_strvalue);
if (t->soh) {
/* save the SoH VPs */
rad_assert(!t->soh_reply_vps);
- pairfilter(t, &t->soh_reply_vps, &fake->reply->vps, 0, 0, TAG_ANY);
+ fr_pair_list_move_by_num(t, &t->soh_reply_vps, &fake->reply->vps, 0, 0, TAG_ANY);
rad_assert(!fake->reply->vps);
talloc_free(fake);
t->status = PEAP_STATUS_PHASE2;
- vp = paircreate(fake->packet, PW_EAP_MESSAGE, 0);
+ vp = fr_pair_afrom_num(fake->packet, PW_EAP_MESSAGE, 0);
vp->vp_length = len;
vp->vp_octets = q = talloc_array(vp, uint8_t, vp->vp_length);
memcpy(q + EAP_HEADER_LEN + 1,
t->username->vp_strvalue, t->username->vp_length);
- pairadd(&fake->packet->vps, vp);
+ fr_pair_add(&fake->packet->vps, vp);
if (t->default_method != 0) {
RDEBUG2("Setting default EAP type for tunneled EAP session");
- vp = pairmake(fake, &fake->config, "EAP-Type", "0", T_OP_EQ);
+ vp = fr_pair_make(fake, &fake->config, "EAP-Type", "0", T_OP_EQ);
vp->vp_integer = t->default_method;
}
break; }
* EAP-Identity packet.
*/
if ((data[0] == PW_EAP_IDENTITY) && (data_len > 1)) {
- t->username = pairmake(t, NULL, "User-Name", NULL, T_OP_EQ);
+ t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
rad_assert(t->username != NULL);
- pairbstrncpy(t->username, data + 1, data_len - 1);
+ fr_pair_value_bstrncpy(t->username, data + 1, data_len - 1);
RDEBUG2("Got tunneled identity of %s", t->username->vp_strvalue);
*/
if (t->default_method != 0) {
RDEBUG2("Setting default EAP type for tunneled EAP session");
- vp = pairmake(fake, &fake->config, "EAP-Type", "0", T_OP_EQ);
+ vp = fr_pair_make(fake, &fake->config, "EAP-Type", "0", T_OP_EQ);
vp->vp_integer = t->default_method;
}
}
setup_fake_request(request, fake, t);
- if ((vp = pairfind(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else if (t->virtual_server) {
switch (fake->reply->code) {
case 0: /* No reply code, must be proxied... */
#ifdef WITH_PROXY
- vp = pairfind(fake->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(fake->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (vp) {
eap_tunnel_data_t *tunnel;
* EAP-Message into another set
* of attributes.
*/
- pairdelete(&fake->packet->vps,
+ fr_pair_delete_by_num(&fake->packet->vps,
PW_EAP_MESSAGE, 0, TAG_ANY);
}
* Tell the original request that it's going
* to be proxied.
*/
- pairfilter(request, &request->config,
+ fr_pair_list_move_by_num(request, &request->config,
&fake->config,
PW_PROXY_TO_REALM, 0, TAG_ANY);
/*
* Tell the request that it's a fake one.
*/
- pairmake(fake->packet, &fake->packet->vps, "Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
+ fr_pair_make(fake->packet, &fake->packet->vps, "Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
if (t->username) {
- vp = paircopy(fake->packet, t->username);
- pairadd(&fake->packet->vps, vp);
+ vp = fr_pair_list_copy(fake->packet, t->username);
+ fr_pair_add(&fake->packet->vps, vp);
fake->username = vp;
RDEBUG2("Setting User-Name to %s", fake->username->vp_strvalue);
} else {
* Add the State attribute, too, if it exists.
*/
if (t->state) {
- vp = paircopy(fake->packet, t->state);
- if (vp) pairadd(&fake->packet->vps, vp);
+ vp = fr_pair_list_copy(fake->packet, t->state);
+ if (vp) fr_pair_add(&fake->packet->vps, vp);
}
/*
* AND attributes which are copied there
* from below.
*/
- if (pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) continue;
+ if (fr_pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) continue;
/*
* Some attributes are handled specially.
* Don't copy from the head, we've already
* checked it.
*/
- copy = paircopy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY);
- pairadd(&fake->packet->vps, copy);
+ copy = fr_pair_list_copy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY);
+ fr_pair_add(&fake->packet->vps, copy);
}
}
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = pairfind(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
if (vp) {
client_cert = vp->vp_integer ? true : false;
} else {
if (peap->soh_reply_vps) {
RDEBUG2("Using saved attributes from the SoH reply");
rdebug_pair_list(L_DBG_LVL_2, request, peap->soh_reply_vps, NULL);
- pairfilter(handler->request->reply,
+ fr_pair_list_move_by_num(handler->request->reply,
&handler->request->reply->vps,
&peap->soh_reply_vps, 0, 0, TAG_ANY);
}
if (peap->accept_vps) {
RDEBUG2("Using saved attributes from the original Access-Accept");
rdebug_pair_list(L_DBG_LVL_2, request, peap->accept_vps, NULL);
- pairfilter(handler->request->reply,
+ fr_pair_list_move_by_num(handler->request->reply,
&handler->request->reply->vps,
&peap->accept_vps, 0, 0, TAG_ANY);
} else if (peap->use_tunneled_reply) {
* The admin can dynamically change the MTU.
*/
session->mtu = inst->fragment_size;
- vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(handler->request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY);
/*
* session->mtu is *our* MTU. We need to subtract off the EAP
RDEBUG("pwd unable to create fake request!");
return 0;
}
- fake->username = pairmake_packet("User-Name", NULL, T_OP_EQ);
+ fake->username = pair_make_packet("User-Name", NULL, T_OP_EQ);
if (!fake->username) {
RDEBUG("pwd unanable to create value pair for username!");
talloc_free(fake);
memcpy(p, session->peer_id, session->peer_id_len);
p[fake->username->vp_length] = '\0';
- pairadd(&fake->packet->vps, fake->username);
+ fr_pair_add(&fake->packet->vps, fake->username);
- if ((vp = pairfind(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else if (inst->virtual_server) {
fake->server = inst->virtual_server;
RDEBUG("Got tunneled reply code %d", fake->reply->code);
rdebug_pair_list(L_DBG_LVL_1, request, fake->reply->vps, NULL);
- if ((pw = pairfind(fake->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) == NULL) {
+ if ((pw = fr_pair_find_by_num(fake->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) == NULL) {
DEBUG2("failed to find password for %s to do pwd authentication",
session->peer_id);
talloc_free(fake);
words[1] = htons(EAP_SIM_VERSION);
words[2] = 0;
- newvp = paircreate(packet, PW_EAP_SIM_VERSION_LIST, 0);
- pairmemcpy(newvp, (uint8_t const *) words, sizeof(words));
+ newvp = fr_pair_afrom_num(packet, PW_EAP_SIM_VERSION_LIST, 0);
+ fr_pair_value_memcpy(newvp, (uint8_t const *) words, sizeof(words));
- pairadd(vps, newvp);
+ fr_pair_add(vps, newvp);
/* set the EAP_ID - new value */
- newvp = paircreate(packet, PW_EAP_ID, 0);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_ID, 0);
newvp->vp_integer = ess->sim_id++;
- pairreplace(vps, newvp);
+ fr_pair_replace(vps, newvp);
/* record it in the ess */
ess->keys.versionlistlen = 2;
memcpy(ess->keys.versionlist, words + 1, ess->keys.versionlistlen);
/* the ANY_ID attribute. We do not support re-auth or pseudonym */
- newvp = paircreate(packet, PW_EAP_SIM_FULLAUTH_ID_REQ, 0);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_SIM_FULLAUTH_ID_REQ, 0);
newvp->vp_length = 2;
newvp->vp_octets = p = talloc_array(newvp, uint8_t, 2);
p[0] = 0;
p[0] = 1;
- pairadd(vps, newvp);
+ fr_pair_add(vps, newvp);
/* the SUBTYPE, set to start. */
- newvp = paircreate(packet, PW_EAP_SIM_SUBTYPE, 0);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_SIM_SUBTYPE, 0);
newvp->vp_integer = EAPSIM_START;
- pairreplace(vps, newvp);
+ fr_pair_replace(vps, newvp);
return 1;
}
/*
* Generate a new RAND value, and derive Kc and SRES from Ki
*/
- ki = pairfind(vps, PW_EAP_SIM_KI, 0, TAG_ANY);
+ ki = fr_pair_find_by_num(vps, PW_EAP_SIM_KI, 0, TAG_ANY);
if (ki) {
int i;
* Check to see if have a Ki for the IMSI, this allows us to generate the rest
* of the triplets.
*/
- algo_version = pairfind(vps, PW_EAP_SIM_ALGO_VERSION, 0, TAG_ANY);
+ algo_version = fr_pair_find_by_num(vps, PW_EAP_SIM_ALGO_VERSION, 0, TAG_ANY);
if (!algo_version) {
REDEBUG("Found Ki, but missing EAP-Sim-Algo-Version");
return 0;
* Use known RAND, SRES, and Kc values, these may of been pulled in from an AuC,
* or created by sending challenges to the SIM directly.
*/
- vp = pairfind(vps, PW_EAP_SIM_RAND1 + idx, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(vps, PW_EAP_SIM_RAND1 + idx, 0, TAG_ANY);
/* Hack for backwards compatibility */
if (!vp) {
- vp = pairfind(request->reply->vps, PW_EAP_SIM_RAND1 + idx, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_EAP_SIM_RAND1 + idx, 0, TAG_ANY);
}
if (!vp) {
/* bad, we can't find stuff! */
}
memcpy(ess->keys.rand[idx], vp->vp_strvalue, EAPSIM_RAND_SIZE);
- vp = pairfind(vps, PW_EAP_SIM_SRES1 + idx, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(vps, PW_EAP_SIM_SRES1 + idx, 0, TAG_ANY);
/* Hack for backwards compatibility */
if (!vp) {
- vp = pairfind(request->reply->vps, PW_EAP_SIM_SRES1 + idx, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_EAP_SIM_SRES1 + idx, 0, TAG_ANY);
}
if (!vp) {
/* bad, we can't find stuff! */
}
memcpy(ess->keys.sres[idx], vp->vp_strvalue, EAPSIM_SRES_SIZE);
- vp = pairfind(vps, PW_EAP_SIM_KC1 + idx, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(vps, PW_EAP_SIM_KC1 + idx, 0, TAG_ANY);
/* Hack for backwards compatibility */
if (!vp) {
- vp = pairfind(request->reply->vps, PW_EAP_SIM_KC1 + idx, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_EAP_SIM_KC1 + idx, 0, TAG_ANY);
}
if (!vp) {
/*
* Okay, we got the challenges! Put them into an attribute.
*/
- newvp = paircreate(packet, PW_EAP_SIM_RAND, 0);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_SIM_RAND, 0);
newvp->vp_length = 2 + (EAPSIM_RAND_SIZE * 3);
newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length);
memcpy(p, ess->keys.rand[1], EAPSIM_RAND_SIZE);
p += EAPSIM_RAND_SIZE;
memcpy(p, ess->keys.rand[2], EAPSIM_RAND_SIZE);
- pairadd(outvps, newvp);
+ fr_pair_add(outvps, newvp);
/*
* Set the EAP_ID - new value
*/
- newvp = paircreate(packet, PW_EAP_ID, 0);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_ID, 0);
newvp->vp_integer = ess->sim_id++;
- pairreplace(outvps, newvp);
+ fr_pair_replace(outvps, newvp);
/*
* Make a copy of the identity
/*
* Use the SIM identity, if available
*/
- newvp = pairfind(*invps, PW_EAP_SIM_IDENTITY, 0, TAG_ANY);
+ newvp = fr_pair_find_by_num(*invps, PW_EAP_SIM_IDENTITY, 0, TAG_ANY);
if (newvp && newvp->vp_length > 2) {
uint16_t len;
* We store the NONCE_MT in the MAC for the encoder, which
* will pull it out before it does the operation.
*/
- newvp = paircreate(packet, PW_EAP_SIM_MAC, 0);
- pairmemcpy(newvp, ess->keys.nonce_mt, 16);
- pairreplace(outvps, newvp);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_SIM_MAC, 0);
+ fr_pair_value_memcpy(newvp, ess->keys.nonce_mt, 16);
+ fr_pair_replace(outvps, newvp);
- newvp = paircreate(packet, PW_EAP_SIM_KEY, 0);
- pairmemcpy(newvp, ess->keys.K_aut, 16);
- pairreplace(outvps, newvp);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_SIM_KEY, 0);
+ fr_pair_value_memcpy(newvp, ess->keys.K_aut, 16);
+ fr_pair_replace(outvps, newvp);
/* the SUBTYPE, set to challenge. */
- newvp = paircreate(packet, PW_EAP_SIM_SUBTYPE, 0);
+ newvp = fr_pair_afrom_num(packet, PW_EAP_SIM_SUBTYPE, 0);
newvp->vp_integer = EAPSIM_CHALLENGE;
- pairreplace(outvps, newvp);
+ fr_pair_replace(outvps, newvp);
return 1;
}
ess = (eap_sim_state_t *)handler->opaque;
/* set the EAP_ID - new value */
- vp = paircreate(packet, PW_EAP_ID, 0);
+ vp = fr_pair_afrom_num(packet, PW_EAP_ID, 0);
vp->vp_integer = ess->sim_id++;
- pairreplace(&handler->request->reply->vps, vp);
+ fr_pair_replace(&handler->request->reply->vps, vp);
p = ess->keys.msk;
eap_add_reply(handler->request, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN);
uint16_t simversion;
ess = (eap_sim_state_t *)handler->opaque;
- nonce_vp = pairfind(vps, PW_EAP_SIM_NONCE_MT, 0, TAG_ANY);
- selectedversion_vp = pairfind(vps, PW_EAP_SIM_SELECTED_VERSION, 0, TAG_ANY);
+ nonce_vp = fr_pair_find_by_num(vps, PW_EAP_SIM_NONCE_MT, 0, TAG_ANY);
+ selectedversion_vp = fr_pair_find_by_num(vps, PW_EAP_SIM_SELECTED_VERSION, 0, TAG_ANY);
if (!nonce_vp || !selectedversion_vp) {
RDEBUG2("Client did not select a version and send a NONCE");
eap_sim_stateenter(handler, ess, EAPSIM_SERVER_START);
/*
* See what kind of message we have gotten
*/
- vp = pairfind(vps, PW_EAP_SIM_SUBTYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(vps, PW_EAP_SIM_SUBTYPE, 0, TAG_ANY);
if (!vp) {
REDEBUG2("No subtype attribute was created, message dropped");
return 0;
fake = request_alloc_fake(request);
rad_assert(!fake->packet->vps);
- fake->packet->vps = paircopy(fake->packet, request->packet->vps);
+ fake->packet->vps = fr_pair_list_copy(fake->packet, request->packet->vps);
/* set the virtual server to use */
- if ((vp = pairfind(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else {
fake->server = inst->virtual_server;
rad_virtual_server(fake);
/* copy the reply vps back to our reply */
- pairfilter(request->reply, &request->reply->vps,
+ fr_pair_list_move_by_num(request->reply, &request->reply->vps,
&fake->reply->vps, 0, 0, TAG_ANY);
/* reject if virtual server didn't return accept */
*
* Something has gone very wrong if the User-Name doesn't exist.
*/
- username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
RDEBUG("Username for TNC connection: %s", username->vp_strvalue);
case TNC_CONNECTION_STATE_ACCESS_NONE:
code = PW_EAP_FAILURE;
- pairmake_config("TNC-Status", "None", T_OP_SET);
+ pair_make_config("TNC-Status", "None", T_OP_SET);
break;
case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
code = PW_EAP_SUCCESS;
- pairmake_config("TNC-Status", "Access", T_OP_SET);
+ pair_make_config("TNC-Status", "Access", T_OP_SET);
break;
case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
code = PW_EAP_SUCCESS;
- pairmake_config("TNC-Status", "Isolate", T_OP_SET);
+ pair_make_config("TNC-Status", "Isolate", T_OP_SET);
break;
default:
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = pairfind(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
if (vp) {
client_cert = vp->vp_integer ? true : false;
} else {
if (t->accept_vps) {
RDEBUG2("Using saved attributes from the original Access-Accept");
rdebug_pair_list(L_DBG_LVL_2, request, t->accept_vps, NULL);
- pairfilter(handler->request->reply,
+ fr_pair_list_move_by_num(handler->request->reply,
&handler->request->reply->vps,
&t->accept_vps, 0, 0, TAG_ANY);
} else if (t->use_tunneled_reply) {
if ((size_t) decoded != size + 2) {
REDEBUG2("diameter2vp failed to entirely decode VSA");
- pairfree(&vp);
+ fr_pair_list_free(&vp);
goto do_octets;
}
* Create it. If this fails, it's because we're OOM.
*/
do_octets:
- vp = paircreate(packet, attr, vendor);
+ vp = fr_pair_afrom_num(packet, attr, vendor);
if (!vp) {
RDEBUG2("Failure in creating VP");
- pairfree(&first);
+ fr_pair_list_free(&first);
return NULL;
}
* attribute.
*/
raw:
- if (vp) pairfree(&vp);
+ if (vp) fr_pair_list_free(&vp);
da = dict_unknown_afrom_fields(packet, attr, vendor);
if (!da) return NULL;
- vp = pairalloc(packet, da);
+ vp = fr_pair_afrom_da(packet, da);
if (!vp) return NULL;
- pairmemcpy(vp, data, size);
+ fr_pair_value_memcpy(vp, data, size);
break;
}
memcpy(&vp->vp_integer, data, vp->vp_length);
if (size != vp->vp_length) {
RDEBUG2("Invalid length attribute %d",
attr);
- pairfree(&first);
- pairfree(&vp);
+ fr_pair_list_free(&first);
+ fr_pair_list_free(&vp);
return NULL;
}
memcpy(&vp->vp_ipaddr, data, vp->vp_length);
break;
case PW_TYPE_STRING:
- pairbstrncpy(vp, data, size);
+ fr_pair_value_bstrncpy(vp, data, size);
vp->vp_length = strlen(vp->vp_strvalue); /* embedded zeros are NOT allowed */
break;
*/
case PW_TYPE_OCTETS:
default:
- pairmemcpy(vp, data, size);
+ fr_pair_value_memcpy(vp, data, size);
break;
}
if ((vp->vp_length < 8) ||
(vp->vp_length > 16)) {
RDEBUG("Tunneled challenge has invalid length");
- pairfree(&first);
- pairfree(&vp);
+ fr_pair_list_free(&first);
+ fr_pair_list_free(&vp);
return NULL;
}
if (memcmp(challenge, vp->vp_octets,
vp->vp_length) != 0) {
RDEBUG("Tunneled challenge is incorrect");
- pairfree(&first);
- pairfree(&vp);
+ fr_pair_list_free(&first);
+ fr_pair_list_free(&vp);
return NULL;
}
}
* packet, and we will send EAP-Success.
*/
vp = NULL;
- pairfilter(tls_session, &vp, &reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_list_move_by_num(tls_session, &vp, &reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
if (vp) {
RDEBUG("Got MS-CHAP2-Success, tunneling it to the client in a challenge");
rcode = RLM_MODULE_HANDLED;
* Delete MPPE keys & encryption policy. We don't
* want these here.
*/
- pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
/*
* Use the tunneled reply, but not now.
*/
if (t->use_tunneled_reply) {
rad_assert(!t->accept_vps);
- pairfilter(t, &t->accept_vps, &reply->vps,
+ fr_pair_list_move_by_num(t, &t->accept_vps, &reply->vps,
0, 0, TAG_ANY);
rad_assert(!reply->vps);
}
* can figure it out, from the non-tunneled
* EAP-Success packet.
*/
- pairfilter(tls_session, &vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
- pairfree(&vp);
+ fr_pair_list_move_by_num(tls_session, &vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_list_free(&vp);
}
/* move channel binding responses; we need to send them */
- pairfilter(tls_session, &vp, &reply->vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY);
- if (pairfind(vp, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY) != NULL) {
+ fr_pair_list_move_by_num(tls_session, &vp, &reply->vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY);
+ if (fr_pair_find_by_num(vp, PW_UKERNA_CHBIND, VENDORPEC_UKERNA, TAG_ANY) != NULL) {
t->authenticated = true;
/*
* Use the tunneled reply, but not now.
*/
if (t->use_tunneled_reply) {
rad_assert(!t->accept_vps);
- pairfilter(t, &t->accept_vps, &reply->vps,
+ fr_pair_list_move_by_num(t, &t->accept_vps, &reply->vps,
0, 0, TAG_ANY);
rad_assert(!reply->vps);
}
rdebug_pair_list(L_DBG_LVL_1, request, vp, NULL);
vp2diameter(request, tls_session, vp);
- pairfree(&vp);
+ fr_pair_list_free(&vp);
}
/*
* tunneled user!
*/
if (t->use_tunneled_reply) {
- pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
- pairfilter(request->reply, &request->reply->vps,
+ fr_pair_delete_by_num(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
+ fr_pair_list_move_by_num(request->reply, &request->reply->vps,
&reply->vps, 0, 0, TAG_ANY);
}
break;
*
* Get rid of the old State, too.
*/
- pairfree(&t->state);
- pairfilter(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
+ fr_pair_list_free(&t->state);
+ fr_pair_list_move_by_num(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
/*
* We should really be a bit smarter about this,
* method works in 99.9% of the situations.
*/
vp = NULL;
- pairfilter(t, &vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ fr_pair_list_move_by_num(t, &vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
/*
* There MUST be a Reply-Message in the challenge,
* we MUST create one, with an empty string as
* it's value.
*/
- pairfilter(t, &vp, &reply->vps, PW_REPLY_MESSAGE, 0, TAG_ANY);
+ fr_pair_list_move_by_num(t, &vp, &reply->vps, PW_REPLY_MESSAGE, 0, TAG_ANY);
/* also move chbind messages, if any */
- pairfilter(t, &vp, &reply->vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA,
+ fr_pair_list_move_by_num(t, &vp, &reply->vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA,
TAG_ANY);
/*
*/
if (vp) {
vp2diameter(request, tls_session, vp);
- pairfree(&vp);
+ fr_pair_list_free(&vp);
}
rcode = RLM_MODULE_HANDLED;
break;
* the basis for the reply to the NAS. We don't want that,
* so we toss it, after we've had our way with it.
*/
- pairfree(&handler->request->proxy_reply->vps);
+ fr_pair_list_free(&handler->request->proxy_reply->vps);
switch (rcode) {
case RLM_MODULE_REJECT:
/*
* Tell the request that it's a fake one.
*/
- pairmake_packet("Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
+ pair_make_packet("Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
RDEBUG("Got tunneled request");
rdebug_pair_list(L_DBG_LVL_1, request, fake->packet->vps, NULL);
/*
* Update other items in the REQUEST data structure.
*/
- fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY);
- fake->password = pairfind(fake->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ fake->username = fr_pair_find_by_num(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ fake->password = fr_pair_find_by_num(fake->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
/*
* No User-Name, try to create one from stored data.
* an EAP-Identity, and pull it out of there.
*/
if (!t->username) {
- vp = pairfind(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (vp &&
(vp->vp_length >= EAP_HEADER_LEN + 2) &&
(vp->vp_strvalue[0] == PW_EAP_RESPONSE) &&
/*
* Create & remember a User-Name
*/
- t->username = pairmake(t, NULL, "User-Name", NULL, T_OP_EQ);
+ t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
rad_assert(t->username != NULL);
- pairbstrncpy(t->username, vp->vp_octets + 5, vp->vp_length - 5);
+ fr_pair_value_bstrncpy(t->username, vp->vp_octets + 5, vp->vp_length - 5);
RDEBUG("Got tunneled identity of %s",
t->username->vp_strvalue);
*/
if (t->default_method != 0) {
RDEBUG("Setting default EAP type for tunneled EAP session");
- vp = paircreate(fake, PW_EAP_TYPE, 0);
+ vp = fr_pair_afrom_num(fake, PW_EAP_TYPE, 0);
rad_assert(vp != NULL);
vp->vp_integer = t->default_method;
- pairadd(&fake->config, vp);
+ fr_pair_add(&fake->config, vp);
}
} else {
} /* else there WAS a t->username */
if (t->username) {
- vp = paircopy(fake->packet, t->username);
- pairadd(&fake->packet->vps, vp);
- fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_list_copy(fake->packet, t->username);
+ fr_pair_add(&fake->packet->vps, vp);
+ fake->username = fr_pair_find_by_num(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY);
}
} /* else the request ALREADY had a User-Name */
* Add the State attribute, too, if it exists.
*/
if (t->state) {
- vp = paircopy(fake->packet, t->state);
- if (vp) pairadd(&fake->packet->vps, vp);
+ vp = fr_pair_list_copy(fake->packet, t->state);
+ if (vp) fr_pair_add(&fake->packet->vps, vp);
}
/*
* AND attributes which are copied there
* from below.
*/
- if (pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) {
+ if (fr_pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) {
continue;
}
* Don't copy from the head, we've already
* checked it.
*/
- copy = paircopy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY);
- pairadd(&fake->packet->vps, copy);
+ copy = fr_pair_list_copy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY);
+ fr_pair_add(&fake->packet->vps, copy);
}
}
- if ((vp = pairfind(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else if (t->virtual_server) {
/* encapsulate response here */
if (req->response) {
RDEBUG("sending chbind response");
- pairadd(&fake->reply->vps,
+ fr_pair_add(&fake->reply->vps,
eap_chbind_packet2vp(fake, req->response));
} else {
RDEBUG("no chbind response");
switch (fake->reply->code) {
case 0: /* No reply code, must be proxied... */
#ifdef WITH_PROXY
- vp = pairfind(fake->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(fake->config, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (vp) {
eap_tunnel_data_t *tunnel;
RDEBUG("Tunneled authentication will be proxied to %s", vp->vp_strvalue);
* Tell the original request that it's going
* to be proxied.
*/
- pairfilter(request, &request->config,
+ fr_pair_list_move_by_num(request, &request->config,
&fake->config,
PW_PROXY_TO_REALM, 0, TAG_ANY);
/*
* Look for the 'state' attribute.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
+ state = fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (state != NULL) {
RDEBUG("Found reply to access challenge");
return RLM_MODULE_OK;
/*
* Create the challenge, and add it to the reply.
*/
- pairmake_reply("Reply-Message", "This is a challenge", T_OP_EQ);
- pairmake_reply("State", "0", T_OP_EQ);
+ pair_make_reply("Reply-Message", "This is a challenge", T_OP_EQ);
+ pair_make_reply("State", "0", T_OP_EQ);
/*
* Mark the packet as an Access-Challenge packet.
* If we're not waiting, then there are no output pairs.
*/
if (inst->output) {
- pairmove(request, output_pairs, &answer);
+ fr_pair_list_move(request, output_pairs, &answer);
}
- pairfree(&answer);
+ fr_pair_list_free(&answer);
return rcode;
}
bool we_wait = false;
VALUE_PAIR *vp, *tmp;
- vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
if (vp) {
we_wait = false;
- } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
+ } else if ((vp = fr_pair_find_by_num(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
we_wait = true;
}
if (!vp) {
/*
* Always add the value-pairs to the reply.
*/
- pairmove(request->reply, &request->reply->vps, &tmp);
- pairfree(&tmp);
+ fr_pair_list_move(request->reply, &request->reply->vps, &tmp);
+ fr_pair_list_free(&tmp);
finish:
switch (rcode) {
return mod_exec_dispatch(instance, request);
}
- vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
if (vp) {
we_wait = true;
- } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
+ } else if ((vp = fr_pair_find_by_num(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
we_wait = false;
}
if (!vp) {
VALUE_PAIR *vp, *check_item;
char date[50];
- check_item = pairfind(request->config, PW_EXPIRATION, 0, TAG_ANY);
+ check_item = fr_pair_find_by_num(request->config, PW_EXPIRATION, 0, TAG_ANY);
if (!check_item) return RLM_MODULE_NOOP;
/*
* Else the account hasn't expired, but it may do so
* in the future. Set Session-Timeout.
*/
- vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
+ vp = radius_pair_create(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
} else if (vp->vp_date > ((uint32_t) (((time_t) check_item->vp_date) - request->timestamp))) {
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
/*
* If Strip-User-Name == No, then don't do any more.
*/
- vp = pairfind(check_pairs, PW_STRIP_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(check_pairs, PW_STRIP_USER_NAME, 0, TAG_ANY);
if (vp && !vp->vp_integer) return ret;
/*
* See where to put the stripped user name.
*/
- vp = pairfind(check_pairs, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(check_pairs, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
if (!vp) {
/*
* If "request" is NULL, then the memory will be
* lost!
*/
- vp = radius_paircreate(req->packet, &request, PW_STRIPPED_USER_NAME, 0);
+ vp = radius_pair_create(req->packet, &request, PW_STRIPPED_USER_NAME, 0);
if (!vp) return ret;
req->username = vp;
}
- pairstrcpy(vp, rest);
+ fr_pair_value_strcpy(vp, rest);
return ret;
}
if (radius_xlat(value, sizeof(value), request, name, NULL, NULL) < 0) {
return 0;
}
- vp = pairmake(req, NULL, check->da->name, value, check->op);
+ vp = fr_pair_make(req, NULL, check->da->name, value, check->op);
/*
* Paircmp returns 0 for failed comparison,
* 1 for succeeded.
*/
- rcode = paircmp(check, vp);
+ rcode = fr_pair_cmp(check, vp);
/*
* We're being called from radius_callback_compare,
* returns 0 for matched, and 1 for didn't match.
*/
rcode = !rcode;
- pairfree(&vp);
+ fr_pair_list_free(&vp);
return rcode;
}
continue;
}
- new = pairalloc(talloc_parent(vp), vp->da);
+ new = fr_pair_afrom_da(talloc_parent(vp), vp->da);
if (!new) {
- pairfree(&head);
+ fr_pair_list_free(&head);
return -1;
}
new->tag = vp->tag;
buff = talloc_array(new, uint8_t, q - p);
memcpy(buff, p, q - p);
- pairmemsteal(new, buff);
+ fr_pair_value_memsteal(new, buff);
}
break;
buff = talloc_array(new, char, (q - p) + 1);
memcpy(buff, p, q - p);
buff[q - p] = '\0';
- pairstrsteal(new, (char *)buff);
+ fr_pair_value_strsteal(new, (char *)buff);
}
break;
static int fall_through(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
+ tmp = fr_pair_find_by_num(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : 0;
}
default_pl = default_pl->next;
}
- check_tmp = paircopy(request, pl->check);
+ check_tmp = fr_pair_list_copy(request, pl->check);
for (vp = fr_cursor_init(&cursor, &check_tmp);
vp;
vp = fr_cursor_next(&cursor)) {
if (radius_xlat_do(request, vp) < 0) {
RWARN("Failed parsing expanded value for check item, skipping entry: %s", fr_strerror());
- pairfree(&check_tmp);
+ fr_pair_list_free(&check_tmp);
continue;
}
}
found = true;
/* ctx may be reply or proxy */
- reply_tmp = paircopy(reply_packet, pl->reply);
+ reply_tmp = fr_pair_list_copy(reply_packet, pl->reply);
radius_pairmove(request, &reply_packet->vps, reply_tmp, true);
- pairmove(request, &request->config, &check_tmp);
- pairfree(&check_tmp);
+ fr_pair_list_move(request, &request->config, &check_tmp);
+ fr_pair_list_free(&check_tmp);
/*
* Fallthrough?
/*
* Remove server internal parameters.
*/
- pairdelete(&reply_packet->vps, PW_FALL_THROUGH, 0, TAG_ANY);
+ fr_pair_delete_by_num(&reply_packet->vps, PW_FALL_THROUGH, 0, TAG_ANY);
/*
* See if we succeeded.
char xlat_str[MAX_STRING_LEN];
int ret;
- vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (!vp) {
RDEBUG2("Could not find account status type in packet");
return RLM_MODULE_INVALID;
* Check if Pool-Name attribute exists. If it exists check our name and
* run only if they match
*/
- vp = pairfind(request->config, PW_POOL_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_POOL_NAME, 0, TAG_ANY);
if (vp != NULL){
if (!inst->name || (strcmp(inst->name,vp->vp_strvalue) && strcmp(vp->vp_strvalue,"DEFAULT")))
return RLM_MODULE_NOOP;
/*
* Find the caller id
*/
- vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY);
if (vp != NULL) {
cli = vp->vp_strvalue;
}
* If there is a Framed-IP-Address (or Dhcp-Your-IP-Address)
* attribute in the reply, check for override
*/
- if (pairfind(request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY) != NULL) {
+ if (fr_pair_find_by_num(request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY) != NULL) {
RDEBUG("Found IP address attribute in reply attribute list");
if (!inst->override) {
RDEBUG("override is set to no. Return NOOP");
}
RDEBUG("Override supplied IP address");
- pairdelete(&request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY);
+ fr_pair_delete_by_num(&request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY);
}
/*
free(key_datum.dptr);
entry.active = 1;
entry.timestamp = request->timestamp;
- if ((vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY)) != NULL) {
entry.timeout = (time_t) vp->vp_integer;
#ifdef WITH_DHCP
if (dhcp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
PW_DHCP_IP_ADDRESS_LEASE_TIME, DHCP_MAGIC_VENDOR);
vp->vp_integer = entry.timeout;
- pairdelete(&request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
}
#endif
} else {
pthread_mutex_unlock(&inst->op_mutex);
RDEBUG("Allocated ip %s to client key: %s",ip_ntoa(str,entry.ipaddr),hex_str);
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
attr_ipaddr, vendor_ipaddr);
vp->vp_ipaddr = entry.ipaddr;
* If there is no Framed-Netmask attribute in the
* reply, add one
*/
- if (pairfind(request->reply->vps, attr_ipmask, vendor_ipaddr, TAG_ANY) == NULL) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ if (fr_pair_find_by_num(request->reply->vps, attr_ipmask, vendor_ipaddr, TAG_ANY) == NULL) {
+ vp = radius_pair_create(request->reply, &request->reply->vps,
attr_ipmask, vendor_ipaddr);
vp->vp_ipaddr = ntohl(inst->netmask);
}
for (i = 0; i < self->count; i++) {
if (!self->values[i]->bv_len) continue;
- vp = pairalloc(ctx, map->lhs->tmpl_da);
+ vp = fr_pair_afrom_da(ctx, map->lhs->tmpl_da);
rad_assert(vp);
- if (pairparsevalue(vp, self->values[i]->bv_val, self->values[i]->bv_len) < 0) {
+ if (fr_pair_value_from_str(vp, self->values[i]->bv_val, self->values[i]->bv_len) < 0) {
char *escaped;
escaped = fr_aprints(vp, self->values[i]->bv_val, self->values[i]->bv_len, '"');
* The easy case, we're caching DNs and we got a DN.
*/
if (is_dn) {
- MEM(vp = pairalloc(list_ctx, inst->cache_da));
- pairbstrncpy(vp, values[i]->bv_val, values[i]->bv_len);
+ MEM(vp = fr_pair_afrom_da(list_ctx, inst->cache_da));
+ fr_pair_value_bstrncpy(vp, values[i]->bv_val, values[i]->bv_len);
fr_cursor_insert(&groups_cursor, vp);
/*
* We were told to cache DNs but we got a name, we now need to resolve
* The easy case, we're caching names and we got a name.
*/
if (!is_dn) {
- MEM(vp = pairalloc(list_ctx, inst->cache_da));
- pairbstrncpy(vp, values[i]->bv_val, values[i]->bv_len);
+ MEM(vp = fr_pair_afrom_da(list_ctx, inst->cache_da));
+ fr_pair_value_bstrncpy(vp, values[i]->bv_val, values[i]->bv_len);
fr_cursor_insert(&groups_cursor, vp);
/*
* We were told to cache names but we got a DN, we now need to resolve
if (rcode != RLM_MODULE_OK) {
ldap_value_free_len(values);
talloc_free(value_ctx);
- pairfree(&groups);
+ fr_pair_list_free(&groups);
return rcode;
}
- MEM(vp = pairalloc(list_ctx, inst->cache_da));
- pairbstrncpy(vp, name, talloc_array_length(name) - 1);
+ MEM(vp = fr_pair_afrom_da(list_ctx, inst->cache_da));
+ fr_pair_value_bstrncpy(vp, name, talloc_array_length(name) - 1);
fr_cursor_insert(&groups_cursor, vp);
talloc_free(name);
}
fr_cursor_merge(&list_cursor, groups);
for (dn_p = group_dn; *dn_p; dn_p++) {
- MEM(vp = pairalloc(list_ctx, inst->cache_da));
- pairstrcpy(vp, *dn_p);
+ MEM(vp = fr_pair_afrom_da(list_ctx, inst->cache_da));
+ fr_pair_value_strcpy(vp, *dn_p);
fr_cursor_insert(&list_cursor, vp);
RDEBUG("&control:%s += \"%s\"", inst->cache_da->name, vp->vp_strvalue);
}
rlm_ldap_normalise_dn(dn, dn);
- MEM(vp = pairmake_config(inst->cache_da->name, NULL, T_OP_ADD));
- pairstrcpy(vp, dn);
+ MEM(vp = pair_make_config(inst->cache_da->name, NULL, T_OP_ADD));
+ fr_pair_value_strcpy(vp, dn);
RINDENT();
RDEBUG("&control:%s += \"%s\"", inst->cache_da->name, dn);
values = ldap_get_values_len((*pconn)->handle, entry, inst->groupobj_name_attr);
if (!values) continue;
- MEM(vp = pairmake_config(inst->cache_da->name, NULL, T_OP_ADD));
- pairbstrncpy(vp, values[0]->bv_val, values[0]->bv_len);
+ MEM(vp = pair_make_config(inst->cache_da->name, NULL, T_OP_ADD));
+ fr_pair_value_bstrncpy(vp, values[0]->bv_val, values[0]->bv_len);
RINDENT();
RDEBUG("&control:%s += \"%.*s\"", inst->cache_da->name,
fr_cursor_first(&cursor);
while ((vp = fr_cursor_next_by_num(&cursor, inst->cache_da->attr, inst->cache_da->vendor, TAG_ANY))) {
- ret = paircmp_op(T_OP_CMP_EQ, vp, check);
+ ret = fr_pair_cmp_op(T_OP_CMP_EQ, vp, check);
if (ret == 1) {
RDEBUG2("User found. Matched cached membership");
return RLM_MODULE_OK;
* If the caller isn't looking for the result we can just return the current userdn value.
*/
if (!force) {
- vp = pairfind(request->config, PW_LDAP_USERDN, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_LDAP_USERDN, 0, TAG_ANY);
if (vp) {
RDEBUG("Using user DN from request \"%s\"", vp->vp_strvalue);
*rcode = RLM_MODULE_OK;
rlm_ldap_normalise_dn(dn, dn);
/*
- * We can't use pairmake here to copy the value into the
+ * We can't use fr_pair_make here to copy the value into the
* attribute, as the dn must be copied into the attribute
* verbatim (without de-escaping).
*
* we pass the string back to libldap we must not alter it.
*/
RDEBUG("User object found at DN \"%s\"", dn);
- vp = pairmake(request, &request->config, "LDAP-UserDN", NULL, T_OP_EQ);
+ vp = fr_pair_make(request, &request->config, "LDAP-UserDN", NULL, T_OP_EQ);
if (vp) {
- pairstrcpy(vp, dn);
+ fr_pair_value_strcpy(vp, dn);
*rcode = RLM_MODULE_OK;
}
* an LDAP attribute and a password reference attribute in the control list.
*/
if (inst->expect_password && (rad_debug_lvl > 1)) {
- if (!pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) &&
- !pairfind(request->config, PW_NT_PASSWORD, 0, TAG_ANY) &&
- !pairfind(request->config, PW_USER_PASSWORD, 0, TAG_ANY) &&
- !pairfind(request->config, PW_PASSWORD_WITH_HEADER, 0, TAG_ANY) &&
- !pairfind(request->config, PW_CRYPT_PASSWORD, 0, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) &&
+ !fr_pair_find_by_num(request->config, PW_NT_PASSWORD, 0, TAG_ANY) &&
+ !fr_pair_find_by_num(request->config, PW_USER_PASSWORD, 0, TAG_ANY) &&
+ !fr_pair_find_by_num(request->config, PW_PASSWORD_WITH_HEADER, 0, TAG_ANY) &&
+ !fr_pair_find_by_num(request->config, PW_CRYPT_PASSWORD, 0, TAG_ANY)) {
RWDEBUG("No \"known good\" password added. Ensure the admin user has permission to "
"read the password attribute");
RWDEBUG("PAP authentication will *NOT* work with Active Directory (if that is what you "
MEM(norm = talloc_memdup(check, check->vp_strvalue, talloc_array_length(check->vp_strvalue)));
rlm_ldap_normalise_dn(norm, check->vp_strvalue);
- pairstrsteal(check, norm);
+ fr_pair_value_strsteal(check, norm);
}
if ((check_is_dn && inst->cacheable_group_dn) || (!check_is_dn && inst->cacheable_group_name)) {
switch (rlm_ldap_check_cached(inst, request, check)) {
/*
* We already have a Cleartext-Password. Skip edir.
*/
- if (pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) {
+ if (fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) {
goto skip_edir;
}
/*
* Add Cleartext-Password attribute to the request
*/
- vp = radius_paircreate(request, &request->config, PW_CLEARTEXT_PASSWORD, 0);
- pairstrcpy(vp, password);
+ vp = radius_pair_create(request, &request->config, PW_CLEARTEXT_PASSWORD, 0);
+ fr_pair_value_strcpy(vp, password);
vp->vp_length = pass_size;
if (RDEBUG_ENABLED3) {
VALUE_PAIR *ends, *timeout;
int left;
- ends = pairfind(request->config, PW_LOGIN_TIME, 0, TAG_ANY);
+ ends = fr_pair_find_by_num(request->config, PW_LOGIN_TIME, 0, TAG_ANY);
if (!ends) {
return RLM_MODULE_NOOP;
}
*/
RDEBUG("Login within allowed time-slot, %d seconds left in this session", left);
- timeout = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
+ timeout = fr_pair_find_by_num(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (timeout) { /* just update... */
if (timeout->vp_integer > (unsigned int) left) {
timeout->vp_integer = left;
}
} else {
- timeout = radius_paircreate(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
+ timeout = radius_pair_create(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
timeout->vp_integer = left;
}
uint32_t uiLen = 0;
char *username_string = NULL;
char *shortUserName = NULL;
- VALUE_PAIR *response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ VALUE_PAIR *response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
#ifndef NDEBUG
unsigned int t;
#endif
* hash of MS-CHAPv2 challenge, and peer challenge.
*/
if (strncasecmp(fmt, "Challenge", 9) == 0) {
- chap_challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
+ chap_challenge = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!chap_challenge) {
REDEBUG("No MS-CHAP-Challenge in the request");
return -1;
VALUE_PAIR *name_attr, *response_name;
char const *username_string;
- response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!response) {
REDEBUG("MS-CHAP2-Response is required to calculate MS-CHAPv1 challenge");
return -1;
return -1;
}
- user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ user_name = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!user_name) {
REDEBUG("User-Name is required to calculate MS-CHAPv1 Challenge");
return -1;
* We prefer this to the User-Name in the
* packet.
*/
- response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY);
+ response_name = fr_pair_find_by_num(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY);
if (response_name) {
name_attr = response_name;
} else {
* response.
*/
} else if (strncasecmp(fmt, "NT-Response", 11) == 0) {
- response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
- if (!response) response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ if (!response) response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!response) {
REDEBUG("No MS-CHAP-Response or MS-CHAP2-Response was found in the request");
return -1;
* in MS-CHAPv1, and not often there.
*/
} else if (strncasecmp(fmt, "LM-Response", 11) == 0) {
- response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!response) {
REDEBUG("No MS-CHAP-Response was found in the request");
return -1;
} else if (strncasecmp(fmt, "NT-Domain", 9) == 0) {
char *p, *q;
- user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ user_name = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!user_name) {
REDEBUG("No User-Name was found in the request");
return -1;
} else if (strncasecmp(fmt, "User-Name", 9) == 0) {
char const *p, *q;
- user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ user_name = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!user_name) {
REDEBUG("No User-Name was found in the request");
return -1;
{
VALUE_PAIR *vp;
- vp = pairmake_reply(name, NULL, T_OP_EQ);
+ vp = pair_make_reply(name, NULL, T_OP_EQ);
if (!vp) {
REDEBUG("Failed to create attribute %s: %s", name, fr_strerror());
return;
{
VALUE_PAIR *vp;
- vp = pairmake_reply(name, NULL, T_OP_EQ);
+ vp = pair_make_reply(name, NULL, T_OP_EQ);
if (!vp) {
REDEBUG("mppe_add_reply failed to create attribute %s: %s", name, fr_strerror());
return;
}
- pairmemcpy(vp, value, len);
+ fr_pair_value_memcpy(vp, value, len);
}
static int write_all(int fd, char const *buf, int len) {
* The new NT hash - this should be preferred over the
* cleartext password as it avoids unicode hassles.
*/
- new_hash = pairmake_packet("MS-CHAP-New-NT-Password", NULL, T_OP_EQ);
+ new_hash = pair_make_packet("MS-CHAP-New-NT-Password", NULL, T_OP_EQ);
new_hash->vp_length = NT_DIGEST_LENGTH;
new_hash->vp_octets = q = talloc_array(new_hash, uint8_t, new_hash->vp_length);
fr_md4_calc(q, p, passlen);
*
* First pass: get the length of the converted string.
*/
- new_pass = pairmake_packet("MS-CHAP-New-Cleartext-Password", NULL, T_OP_EQ);
+ new_pass = pair_make_packet("MS-CHAP-New-Cleartext-Password", NULL, T_OP_EQ);
new_pass->vp_length = 0;
i = 0;
* fall through to the authentication code using the new hash,
* not the old one.
*/
- pairmemcpy(nt_password, new_hash->vp_octets, new_hash->vp_length);
+ fr_pair_value_memcpy(nt_password, new_hash->vp_octets, new_hash->vp_length);
/*
* Rock on! password change succeeded.
rlm_mschap_t *inst = instance;
VALUE_PAIR *challenge = NULL;
- challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
+ challenge = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!challenge) {
return RLM_MODULE_NOOP;
}
- if (!pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) &&
- !pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) &&
- !pairfind(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) &&
+ !fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) &&
+ !fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY)) {
RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP response or change-password");
return RLM_MODULE_NOOP;
}
- if (pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) {
+ if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) {
RWDEBUG2("Auth-Type already set. Not setting to MS-CHAP");
return RLM_MODULE_NOOP;
}
* will take care of turning cleartext passwords into
* NT/LM passwords.
*/
- if (!pairmake_config("Auth-Type", inst->auth_type, T_OP_EQ)) {
+ if (!pair_make_config("Auth-Type", inst->auth_type, T_OP_EQ)) {
return RLM_MODULE_FAIL;
}
* want to suppress it.
*/
if (auth_method != AUTH_INTERNAL) {
- VALUE_PAIR *vp = pairfind(request->config, PW_MS_CHAP_USE_NTLM_AUTH, 0, TAG_ANY);
+ VALUE_PAIR *vp = fr_pair_find_by_num(request->config, PW_MS_CHAP_USE_NTLM_AUTH, 0, TAG_ANY);
if (vp && vp->vp_integer == 0) auth_method = AUTH_INTERNAL;
}
* Find the SMB-Account-Ctrl attribute, or the
* SMB-Account-Ctrl-Text attribute.
*/
- smb_ctrl = pairfind(request->config, PW_SMB_ACCOUNT_CTRL, 0, TAG_ANY);
+ smb_ctrl = fr_pair_find_by_num(request->config, PW_SMB_ACCOUNT_CTRL, 0, TAG_ANY);
if (!smb_ctrl) {
- password = pairfind(request->config, PW_SMB_ACCOUNT_CTRL_TEXT, 0, TAG_ANY);
+ password = fr_pair_find_by_num(request->config, PW_SMB_ACCOUNT_CTRL_TEXT, 0, TAG_ANY);
if (password) {
- smb_ctrl = pairmake_config("SMB-Account-CTRL", "0", T_OP_SET);
+ smb_ctrl = pair_make_config("SMB-Account-CTRL", "0", T_OP_SET);
if (smb_ctrl) {
smb_ctrl->vp_integer = pdb_decode_acct_ctrl(password->vp_strvalue);
}
/*
* Decide how to get the passwords.
*/
- password = pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ password = fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
/*
* We need an NT-Password.
*/
- nt_password = pairfind(request->config, PW_NT_PASSWORD, 0, TAG_ANY);
+ nt_password = fr_pair_find_by_num(request->config, PW_NT_PASSWORD, 0, TAG_ANY);
if (nt_password) {
VERIFY_VP(nt_password);
if (!nt_password) {
if (password) {
RDEBUG2("Found Cleartext-Password, hashing to create NT-Password");
- nt_password = pairmake_config("NT-Password", NULL, T_OP_EQ);
+ nt_password = pair_make_config("NT-Password", NULL, T_OP_EQ);
if (!nt_password) {
RERROR("No memory");
return RLM_MODULE_FAIL;
/*
* Or an LM-Password.
*/
- lm_password = pairfind(request->config, PW_LM_PASSWORD, 0, TAG_ANY);
+ lm_password = fr_pair_find_by_num(request->config, PW_LM_PASSWORD, 0, TAG_ANY);
if (lm_password) {
VERIFY_VP(lm_password);
if (!lm_password) {
if (password) {
RDEBUG2("Found Cleartext-Password, hashing to create LM-Password");
- lm_password = pairmake_config("LM-Password", NULL, T_OP_EQ);
+ lm_password = pair_make_config("LM-Password", NULL, T_OP_EQ);
if (!lm_password) {
RERROR("No memory");
} else {
}
}
- cpw = pairfind(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY);
+ cpw = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY);
if (cpw) {
/*
* mschap2 password change request
* the authentication
*/
- response = radius_paircreate(request->packet, &request->packet->vps,
+ response = radius_pair_create(request->packet, &request->packet->vps,
PW_MSCHAP2_RESPONSE,
VENDORPEC_MICROSOFT);
response->vp_length = 50;
memcpy(p + 2, cpw->vp_octets + 18, 48);
}
- challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
+ challenge = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!challenge) {
REDEBUG("You set 'Auth-Type = MS-CHAP' for a request that does not contain any MS-CHAP attributes!");
return RLM_MODULE_REJECT;
/*
* We also require an MS-CHAP-Response.
*/
- response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
/*
* MS-CHAP-Response, means MS-CHAPv1
chap = 1;
- } else if ((response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY)) != NULL) {
+ } else if ((response = fr_pair_find_by_num(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY)) != NULL) {
int mschap_result;
uint8_t mschapv1_challenge[16];
VALUE_PAIR *name_attr, *response_name;
/*
* We also require a User-Name
*/
- username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!username) {
REDEBUG("We require a User-Name for MS-CHAPv2");
return RLM_MODULE_INVALID;
* We prefer this to the User-Name in the
* packet.
*/
- response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY);
+ response_name = fr_pair_find_by_num(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY);
if (response_name) {
name_attr = response_name;
} else {
mppe_add_reply(request, "MS-MPPE-Send-Key", mppe_sendkey, 16);
}
- pairmake_reply("MS-MPPE-Encryption-Policy",
+ pair_make_reply("MS-MPPE-Encryption-Policy",
(inst->require_encryption) ? "0x00000002":"0x00000001", T_OP_EQ);
- pairmake_reply("MS-MPPE-Encryption-Types",
+ pair_make_reply("MS-MPPE-Encryption-Types",
(inst->require_strong) ? "0x00000004":"0x00000006", T_OP_EQ);
} /* else we weren't asked to use MPPE */
if (uuid_is_null(guid_sacl) && uuid_is_null(guid_nasgroup)) {
RDEBUG("no access control groups, all users allowed");
- if (pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) {
- pairmake_config("Auth-Type", kAuthType, T_OP_EQ);
+ if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) {
+ pair_make_config("Auth-Type", kAuthType, T_OP_EQ);
RDEBUG("Setting Auth-Type = %s", kAuthType);
}
return RLM_MODULE_OK;
}
}
- if (pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) {
- pairmake_config("Auth-Type", kAuthType, T_OP_EQ);
+ if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) {
+ pair_make_config("Auth-Type", kAuthType, T_OP_EQ);
RDEBUG("Setting Auth-Type = %s", kAuthType);
}
{
VALUE_PAIR *cvp, *rvp;
- cvp = pair_find_by_da(request->packet->vps, pwattr[pwe - 1], TAG_ANY);
- rvp = pair_find_by_da(request->packet->vps, pwattr[pwe], TAG_ANY);
+ cvp = fr_pair_find_by_da(request->packet->vps, pwattr[pwe - 1], TAG_ANY);
+ rvp = fr_pair_find_by_da(request->packet->vps, pwattr[pwe], TAG_ANY);
if (!cvp || !rvp) {
return;
}
case PWE_MSCHAP:
/* First, set some related attributes. */
- pairmake_reply("MS-MPPE-Encryption-Policy", otp_mppe_policy[opt->mschap_mppe_policy], T_OP_EQ);
- pairmake_reply("MS-MPPE-Encryption-Types", otp_mppe_types[opt->mschap_mppe_types], T_OP_EQ);
+ pair_make_reply("MS-MPPE-Encryption-Policy", otp_mppe_policy[opt->mschap_mppe_policy], T_OP_EQ);
+ pair_make_reply("MS-MPPE-Encryption-Types", otp_mppe_types[opt->mschap_mppe_types], T_OP_EQ);
/* If no MPPE, we're done. */
if (!opt->mschap_mppe_policy) {
/* second md4 */
(void) MD4(password_md, MD4_DIGEST_LENGTH, &mppe_keys[8]);
- /* Whew. Now stringify it for pairmake(). */
+ /* Whew. Now stringify it for fr_pair_make(). */
mppe_keys_string[0] = '0';
mppe_keys_string[1] = 'x';
(void) sprintf(&mppe_keys_string[i*2+2], "%02X", mppe_keys[i]);
}
- pairmake_reply("MS-CHAP-MPPE-Keys", mppe_keys_string, T_OP_EQ);
+ pair_make_reply("MS-CHAP-MPPE-Keys", mppe_keys_string, T_OP_EQ);
} /* (doing mppe) */
break; /* PWE_MSCHAP */
/*
* ugh. The ASCII authenticator (auth_md_string) is sent
* along with a single (useless) binary byte (the ID).
- * So we must "stringify" it again (for pairmake()) since the
+ * So we must "stringify" it again (for fr_pair_make()) since the
* binary byte requires the attribute to be of type "octets".
*/
/* 0x(ID)(ASCII("S="ASCII(auth_md))) */
(void) sprintf(&auth_octet_string[i * 2 +4], "%02X", auth_md_string[i]);
}
- pairmake_reply("MS-CHAP2-Success", auth_octet_string, T_OP_EQ);
+ pair_make_reply("MS-CHAP2-Success", auth_octet_string, T_OP_EQ);
} /* Generate mutual auth info. */
/*
* Now, set some MPPE related attributes.
*/
- pairmake_reply("MS-MPPE-Encryption-Policy", otp_mppe_policy[opt->mschapv2_mppe_policy], T_OP_EQ);
- pairmake_reply("MS-MPPE-Encryption-Types", otp_mppe_types[opt->mschapv2_mppe_types], T_OP_EQ);
+ pair_make_reply("MS-MPPE-Encryption-Policy", otp_mppe_policy[opt->mschapv2_mppe_policy], T_OP_EQ);
+ pair_make_reply("MS-MPPE-Encryption-Types", otp_mppe_types[opt->mschapv2_mppe_types], T_OP_EQ);
/* If no MPPE, we're done. */
if (!opt->mschapv2_mppe_policy) {
(void) sprintf(&mppe_key_string[i*2+2], "%02X", MasterSendKey[i]);
}
- pairmake_reply("MS-MPPE-Send-Key", mppe_key_string, T_OP_EQ);
+ pair_make_reply("MS-MPPE-Send-Key", mppe_key_string, T_OP_EQ);
/*
* Generate the MS-MPPE-Recv-Key attribute.
for (i = 0; i < sizeof(MasterReceiveKey); ++i) {
(void) sprintf(&mppe_key_string[i*2+2], "%02X", MasterReceiveKey[i]);
}
- pairmake_reply("MS-MPPE-Recv-Key", mppe_key_string, T_OP_EQ);
+ pair_make_reply("MS-MPPE-Recv-Key", mppe_key_string, T_OP_EQ);
} /* (doing mppe) */
break; /* PWE_MSCHAP2 */
* otp_pwe_present() (done by caller) guarantees that both of
* these exist
*/
- cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr,
+ cvp = fr_pair_find_by_num(request->packet->vps, pwattr[pwe - 1]->attr,
pwattr[pwe - 1]->vendor, TAG_ANY);
- rvp = pairfind(request->packet->vps, pwattr[pwe]->attr,
+ rvp = fr_pair_find_by_num(request->packet->vps, pwattr[pwe]->attr,
pwattr[pwe]->vendor, TAG_ANY);
/* this is just to quiet Coverity */
continue;
}
- if (pairfind(request->packet->vps, pwattr[i]->attr,
+ if (fr_pair_find_by_num(request->packet->vps, pwattr[i]->attr,
pwattr[i]->vendor, TAG_ANY) &&
- pairfind(request->packet->vps, pwattr[i + 1]->attr,
+ fr_pair_find_by_num(request->packet->vps, pwattr[i + 1]->attr,
pwattr[i + 1]->vendor, TAG_ANY)) {
DEBUG("rlm_otp: %s: password attributes %s, %s",
__func__, pwattr[i]->name, pwattr[i + 1]->name);
#include <openssl/hmac.h>
/*
- * Generate the State attribute, suitable for passing to pairmake().
+ * Generate the State attribute, suitable for passing to fr_pair_make().
* 'challenge' must be a null terminated string, and be sized at least
* as large as indicated in the function definition.
*
* Returns 0 on success, non-zero otherwise. For successful returns,
- * 'rad_state' (suitable for passing to pairmake()) and 'raw_state',
+ * 'rad_state' (suitable for passing to fr_pair_make()) and 'raw_state',
* if non-NULL, will be filled in.
*
* In the simplest implementation, we would just use the challenge as state.
VALUE_PAIR *vp;
auth_type_found = 0;
- vp = pairfind(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY);
if (vp) {
auth_type_found = 1;
if (strcmp(vp->vp_strvalue, inst->name)) {
}
/* The State attribute will be present if this is a response. */
- if (pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY) != NULL) {
+ if (fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY) != NULL) {
DEBUG("rlm_otp: autz: Found response to Access-Challenge");
return RLM_MODULE_OK;
if (inst->allow_sync && !inst->allow_async) {
/* This is the token sync response. */
if (!auth_type_found) {
- pairmake_config("Auth-Type", inst->name, T_OP_EQ);
+ pair_make_config("Auth-Type", inst->name, T_OP_EQ);
}
return RLM_MODULE_OK;
len = otp_gen_state(gen_state, challenge, inst->challenge_len,
0, now, inst->hmac_key);
- vp = paircreate(request->reply, PW_STATE, 0);
+ vp = fr_pair_afrom_num(request->reply, PW_STATE, 0);
if (!vp) {
return RLM_MODULE_FAIL;
}
- pairmemcpy(vp, (uint8_t const *) gen_state, len);
- pairadd(&request->reply->vps, vp);
+ fr_pair_value_memcpy(vp, (uint8_t const *) gen_state, len);
+ fr_pair_add(&request->reply->vps, vp);
}
/*
* First add the internal OTP challenge attribute to
* the reply list.
*/
- vp = paircreate(request->reply, PW_OTP_CHALLENGE, 0);
+ vp = fr_pair_afrom_num(request->reply, PW_OTP_CHALLENGE, 0);
if (!vp) {
return RLM_MODULE_FAIL;
}
- pairstrcpy(vp, challenge);
+ fr_pair_value_strcpy(vp, challenge);
vp->op = T_OP_SET;
- pairadd(&request->reply->vps, vp);
+ fr_pair_add(&request->reply->vps, vp);
/*
* Then add the message to the user to they known
return RLM_MODULE_FAIL;
}
- vp = paircreate(request->reply, PW_REPLY_MESSAGE, 0);
+ vp = fr_pair_afrom_num(request->reply, PW_REPLY_MESSAGE, 0);
if (!vp) {
talloc_free(expanded);
return RLM_MODULE_FAIL;
vp->op = T_OP_SET;
vp->type = VT_DATA;
- pairadd(&request->reply->vps, vp);
+ fr_pair_add(&request->reply->vps, vp);
}
/*
DEBUG("rlm_otp: Sending Access-Challenge");
if (!auth_type_found) {
- pairmake_config("Auth-Type", inst->name, T_OP_EQ);
+ pair_make_config("Auth-Type", inst->name, T_OP_EQ);
}
return RLM_MODULE_HANDLED;
/*
* Retrieve the challenge (from State attribute).
*/
- vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (vp) {
char gen_state[OTP_MAX_RADSTATE_LEN]; //!< State as hexits
uint8_t bin_state[OTP_MAX_RADSTATE_LEN];
* Let the 'users' file over-ride the PAM auth name string,
* for backwards compatibility.
*/
- pair = pairfind(request->config, PW_PAM_AUTH, 0, TAG_ANY);
+ pair = fr_pair_find_by_num(request->config, PW_PAM_AUTH, 0, TAG_ANY);
if (pair) pam_auth_string = pair->vp_strvalue;
ret = do_pam(request, request->username->vp_strvalue, request->password->vp_strvalue, pam_auth_string);
if (decoded == (vp->vp_length >> 1)) {
RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes",
vp->da->name, vp->vp_length, decoded);
- pairmemcpy(vp, buffer, decoded);
+ fr_pair_value_memcpy(vp, buffer, decoded);
return;
}
}
if (decoded >= (ssize_t) min_len) {
RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes",
vp->da->name, vp->vp_length, decoded);
- pairmemcpy(vp, buffer, decoded);
+ fr_pair_value_memcpy(vp, buffer, decoded);
return;
}
}
* memcpy. BUT it might be a string (or used as one), so
* we ensure that there's a trailing zero, too.
*/
- new = paircreate(request, attr, 0);
+ new = fr_pair_afrom_num(request, attr, 0);
if (new->da->type == PW_TYPE_OCTETS) {
- pairmemcpy(new, (uint8_t const *) q + 1, (len - hlen) + 1);
+ fr_pair_value_memcpy(new, (uint8_t const *) q + 1, (len - hlen) + 1);
new->vp_length = (len - hlen); /* lie about the length */
} else {
- pairstrcpy(new, q + 1);
+ fr_pair_value_strcpy(new, q + 1);
}
if (RDEBUG_ENABLED3) {
* must be \0 terminated.
*/
digest[decoded] = '\0';
- pairmemcpy(vp, digest, decoded + 1);
+ fr_pair_value_memcpy(vp, digest, decoded + 1);
vp->vp_length = decoded; /* lie about the length */
goto redo;
}
unknown_header:
- new = paircreate(request, PW_CLEARTEXT_PASSWORD, 0);
- pairstrcpy(new, vp->vp_strvalue);
+ new = fr_pair_afrom_num(request, PW_CLEARTEXT_PASSWORD, 0);
+ fr_pair_value_strcpy(new, vp->vp_strvalue);
return new;
}
/*
* Password already exists: use that instead of this one.
*/
- if (pairfind(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) {
+ if (fr_pair_find_by_num(request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) {
RWDEBUG("Config already contains a \"known good\" password "
"(&control:Cleartext-Password). Ignoring &config:Password-With-Header");
break;
* Likely going to be proxied. Avoid printing
* warning message.
*/
- if (pairfind(request->config, PW_REALM, 0, TAG_ANY) ||
- (pairfind(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY))) {
+ if (fr_pair_find_by_num(request->config, PW_REALM, 0, TAG_ANY) ||
+ (fr_pair_find_by_num(request->config, PW_PROXY_TO_REALM, 0, TAG_ANY))) {
return RLM_MODULE_NOOP;
}
/*
* The TLS types don't need passwords.
*/
- vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY);
if (vp &&
((vp->vp_integer == 13) || /* EAP-TLS */
(vp->vp_integer == 21) || /* EAP-TTLS */
}
if (inst->auth_type) {
- vp = radius_paircreate(request, &request->config,
+ vp = radius_pair_create(request, &request->config,
PW_AUTH_TYPE, 0);
vp->vp_integer = inst->auth_type;
}
for (i = 0; i < inst->nfields; i++) {
if (inst->pwdfmt->field[i] && *inst->pwdfmt->field[i] && pw->field[i] && i != inst->keyfield && inst->pwdfmt->listflag[i] == when) {
if ( !inst->ignore_empty || pw->field[i][0] != 0 ) { /* if value in key/value pair is not empty */
- vp = pairmake(ctx, vps, inst->pwdfmt->field[i], pw->field[i], T_OP_EQ);
+ vp = fr_pair_make(ctx, vps, inst->pwdfmt->field[i], pw->field[i], T_OP_EQ);
if (vp) {
RDEBUG("Added %s: '%s' to %s ", inst->pwdfmt->field[i], pw->field[i], listname);
}
struct mypasswd * pw, *last_found;
vp_cursor_t cursor;
- key = pair_find_by_da(request->packet->vps, inst->keyattr, TAG_ANY);
+ key = fr_pair_find_by_da(request->packet->vps, inst->keyattr, TAG_ANY);
if (!key) {
return RLM_MODULE_NOTFOUND;
}
vp_cursor_t cursor;
RINDENT();
- pairsort(vps, attrtagcmp);
+ fr_pair_list_sort(vps, fr_pair_cmp_by_da_tag);
for (vp = fr_cursor_init(&cursor, vps);
vp;
vp = fr_cursor_next(&cursor)) {
if (SvOK(sv)) {
STRLEN len;
val = SvPV(sv, len);
- vp = pairmake(ctx, vps, key, NULL, op);
+ vp = fr_pair_make(ctx, vps, key, NULL, op);
if (!vp) {
fail:
REDEBUG("Failed to create pair %s:%s %s %s", list_name, key,
switch (vp->da->type) {
case PW_TYPE_STRING:
- pairbstrncpy(vp, val, len);
+ fr_pair_value_bstrncpy(vp, val, len);
break;
default:
- if (pairparsevalue(vp, val, len) < 0) goto fail;
+ if (fr_pair_value_from_str(vp, val, len) < 0) goto fail;
}
RDEBUG("&%s:%s %s $%s{'%s'} -> '%s'", list_name, key, fr_int2str(fr_tokens, op, "<INVALID>"),
vp = NULL;
if ((get_hv_content(request->packet, request, rad_request_hv, &vp, "RAD_REQUEST", "request")) == 0) {
- pairfree(&request->packet->vps);
+ fr_pair_list_free(&request->packet->vps);
request->packet->vps = vp;
vp = NULL;
/*
* Update cached copies
*/
- request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
- request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
+ request->username = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
if (!request->password)
- request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
+ request->password = fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
}
if ((get_hv_content(request->reply, request, rad_reply_hv, &vp, "RAD_REPLY", "reply")) == 0) {
- pairfree(&request->reply->vps);
+ fr_pair_list_free(&request->reply->vps);
request->reply->vps = vp;
vp = NULL;
}
if ((get_hv_content(request, request, rad_check_hv, &vp, "RAD_CHECK", "control")) == 0) {
- pairfree(&request->config);
+ fr_pair_list_free(&request->config);
request->config = vp;
vp = NULL;
}
if (request->proxy &&
(get_hv_content(request->proxy, request, rad_request_proxy_hv, &vp,
"RAD_REQUEST_PROXY", "proxy-request") == 0)) {
- pairfree(&request->proxy->vps);
+ fr_pair_list_free(&request->proxy->vps);
request->proxy->vps = vp;
vp = NULL;
}
if (request->proxy_reply &&
(get_hv_content(request->proxy_reply, request, rad_request_proxy_reply_hv, &vp,
"RAD_REQUEST_PROXY_REPLY", "proxy-reply") == 0)) {
- pairfree(&request->proxy_reply->vps);
+ fr_pair_list_free(&request->proxy_reply->vps);
request->proxy_reply->vps = vp;
vp = NULL;
}
VALUE_PAIR *pair;
int acctstatustype=0;
- if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) {
+ if ((pair = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) {
acctstatustype = pair->vp_integer;
} else {
RDEBUG("Invalid Accounting Packet");
static int fall_through(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
+ tmp = fr_pair_find_by_num(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : 0;
}
gettoken(&p, newattr, sizeof(newattr), false);
if (dict_attrbyname(newattr) != NULL) {
- pairmake_packet(newattr, ptr + 1, T_OP_EQ);
+ pair_make_packet(newattr, ptr + 1, T_OP_EQ);
}
} else { /* h322-foo-bar = "h323-foo-bar = baz" */
/*
* value field, we use only the value on
* the right side of the '=' character.
*/
- pairstrcpy(vp, ptr + 1);
+ fr_pair_value_strcpy(vp, ptr + 1);
}
}
}
{
VALUE_PAIR *ev;
- ev = pairfind(*list, 1, 4491, TAG_ANY); /* Cablelabs-Event-Message */
+ ev = fr_pair_find_by_num(*list, 1, 4491, TAG_ANY); /* Cablelabs-Event-Message */
if (!ev) {
return;
}
* If it isn't there, then we can't mangle the request.
*/
request_pairs = request->packet->vps;
- namepair = pairfind(request_pairs, PW_USER_NAME, 0, TAG_ANY);
+ namepair = fr_pair_find_by_num(request_pairs, PW_USER_NAME, 0, TAG_ANY);
if (!namepair || (namepair->vp_length == 0)) {
return;
}
if ((ptr = strchr(namepair->vp_strvalue, '\\')) != NULL) {
strlcpy(newname, ptr + 1, sizeof(newname));
/* Same size */
- pairstrcpy(namepair, newname);
+ fr_pair_value_strcpy(namepair, newname);
}
}
*/
if ((strlen(namepair->vp_strvalue) > 10) &&
(namepair->vp_strvalue[10] == '/')) {
- pairstrcpy(namepair, namepair->vp_strvalue + 11);
+ fr_pair_value_strcpy(namepair, namepair->vp_strvalue + 11);
}
}
* Small check: if Framed-Protocol present but Service-Type
* is missing, add Service-Type = Framed-User.
*/
- if (pairfind(request_pairs, PW_FRAMED_PROTOCOL, 0, TAG_ANY) != NULL &&
- pairfind(request_pairs, PW_SERVICE_TYPE, 0, TAG_ANY) == NULL) {
- tmp = radius_paircreate(request->packet, &request->packet->vps, PW_SERVICE_TYPE, 0);
+ if (fr_pair_find_by_num(request_pairs, PW_FRAMED_PROTOCOL, 0, TAG_ANY) != NULL &&
+ fr_pair_find_by_num(request_pairs, PW_SERVICE_TYPE, 0, TAG_ANY) == NULL) {
+ tmp = radius_pair_create(request->packet, &request->packet->vps, PW_SERVICE_TYPE, 0);
tmp->vp_integer = PW_FRAMED_USER;
}
for (check_item = fr_cursor_init(&cursor, &check);
check_item && (result != 0);
check_item = fr_cursor_next(&cursor)) {
- /* FIXME: paircopy should be removed once VALUE_PAIRs are no longer in linked lists */
- tmp = paircopyvp(request, check_item);
+ /* FIXME: fr_pair_list_copy should be removed once VALUE_PAIRs are no longer in linked lists */
+ tmp = fr_pair_copy(request, check_item);
tmp->op = check_item->op;
result = paircompare(req, request, check_item, NULL);
- pairfree(&tmp);
+ fr_pair_list_free(&tmp);
}
return result;
/*
* Check for valid input, zero length names not permitted
*/
- name = (tmp = pairfind(request_pairs, PW_USER_NAME, 0, TAG_ANY)) ?
+ name = (tmp = fr_pair_find_by_num(request_pairs, PW_USER_NAME, 0, TAG_ANY)) ?
tmp->vp_strvalue : NULL;
if (!name || name[0] == 0) {
/*
* except PW_STRIP_USER_NAME and PW_FALL_THROUGH
* and xlat them.
*/
- add = paircopy(request->packet, i->reply);
+ add = fr_pair_list_copy(request->packet, i->reply);
ft = fall_through(add);
- pairdelete(&add, PW_STRIP_USER_NAME, 0, TAG_ANY);
- pairdelete(&add, PW_FALL_THROUGH, 0, TAG_ANY);
+ fr_pair_delete_by_num(&add, PW_STRIP_USER_NAME, 0, TAG_ANY);
+ fr_pair_delete_by_num(&add, PW_FALL_THROUGH, 0, TAG_ANY);
radius_pairmove(request, &request->packet->vps, add, true);
updated = 1;
* We've matched the huntgroup, so add it in
* to the list of request pairs.
*/
- vp = pairfind(request_pairs, PW_HUNTGROUP_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request_pairs, PW_HUNTGROUP_NAME, 0, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->packet, &request->packet->vps, PW_HUNTGROUP_NAME, 0);
- pairstrcpy(vp, i->name);
+ vp = radius_pair_create(request->packet, &request->packet->vps, PW_HUNTGROUP_NAME, 0);
+ fr_pair_value_strcpy(vp, i->name);
}
r = RLM_MODULE_OK;
}
switch (request->packet->src_ipaddr.af) {
case AF_INET:
- nas = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
+ nas = fr_pair_find_by_num(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (!nas) {
- nas = radius_paircreate(request->packet, &request->packet->vps, PW_NAS_IP_ADDRESS, 0);
+ nas = radius_pair_create(request->packet, &request->packet->vps, PW_NAS_IP_ADDRESS, 0);
nas->vp_ipaddr = request->packet->src_ipaddr.ipaddr.ip4addr.s_addr;
}
break;
case AF_INET6:
- nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0, TAG_ANY);
+ nas = fr_pair_find_by_num(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0, TAG_ANY);
if (!nas) {
- nas = radius_paircreate(request->packet, &request->packet->vps, PW_NAS_IPV6_ADDRESS, 0);
+ nas = radius_pair_create(request->packet, &request->packet->vps, PW_NAS_IPV6_ADDRESS, 0);
memcpy(&nas->vp_ipv6addr, &request->packet->src_ipaddr.ipaddr,
sizeof(request->packet->src_ipaddr.ipaddr));
}
* in place, to go from Ascend's weird values to something
* approaching rationality.
*/
- ascend_nasport_hack(pairfind(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY),
+ ascend_nasport_hack(fr_pair_find_by_num(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY),
inst->ascend_channels_per_line);
}
* Add an event timestamp. Means Event-Timestamp can be used
* consistently instead of one letter expansions.
*/
- vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->packet, &request->packet->vps, PW_EVENT_TIMESTAMP, 0);
+ vp = radius_pair_create(request->packet, &request->packet->vps, PW_EVENT_TIMESTAMP, 0);
vp->vp_date = request->packet->timestamp.tv_sec;
}
* is PW_CHAP_CHALLENGE we need to add it so that other
* modules can use it as a normal attribute.
*/
- if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
- pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
- vp = radius_paircreate(request->packet, &request->packet->vps, PW_CHAP_CHALLENGE, 0);
- pairmemcpy(vp, request->packet->vector, AUTH_VECTOR_LEN);
+ if (fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
+ fr_pair_find_by_num(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
+ vp = radius_pair_create(request->packet, &request->packet->vps, PW_CHAP_CHALLENGE, 0);
+ fr_pair_value_memcpy(vp, request->packet->vector, AUTH_VECTOR_LEN);
}
if ((r = huntgroup_access(request, inst->huntgroups)) != RLM_MODULE_OK) {
* the server can use it, rather than various error-prone
* manual calculations.
*/
- vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
if (!vp) {
VALUE_PAIR *delay;
- vp = radius_paircreate(request->packet, &request->packet->vps, PW_EVENT_TIMESTAMP, 0);
+ vp = radius_pair_create(request->packet, &request->packet->vps, PW_EVENT_TIMESTAMP, 0);
vp->vp_date = request->packet->timestamp.tv_sec;
- delay = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
+ delay = fr_pair_find_by_num(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (delay) {
if ((delay->vp_integer >= vp->vp_date) || (delay->vp_integer == UINT32_MAX)) {
RWARN("Ignoring invalid Acct-Delay-time of %u seconds", delay->vp_integer);
}
s1 = PyString_AsString(pStr1);
s2 = PyString_AsString(pStr2);
- vp = pairmake(ctx, vps, s1, s2, op);
+ vp = fr_pair_make(ctx, vps, s1, s2, op);
if (vp != NULL) {
DEBUG("rlm_python:%s: '%s' = '%s'", funcname, s1, s2);
} else {
/*
* Which type is this.
*/
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) {
RDEBUG("No Accounting-Status-Type record");
return RLM_MODULE_NOOP;
}
int check1 = 0;
int check2 = 0;
- if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY))
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY))
== NULL || vp->vp_date == 0)
check1 = 1;
- if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0, TAG_ANY))
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_SESSION_ID, 0, TAG_ANY))
!= NULL && vp->vp_length == 8 &&
memcmp(vp->vp_strvalue, "00000000", 8) == 0)
check2 = 1;
/*
* Setup some stuff, like for MPP detection.
*/
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
ipno = vp->vp_ipaddr;
}
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
call_num = vp->vp_strvalue;
}
* it already ( via another rlm_realm instance ) and should return.
*/
- if (pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL ) {
+ if (fr_pair_find_by_num(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL ) {
RDEBUG2("Request already has destination realm set. Ignoring");
return RLM_MODULE_NOOP;
}
*
*/
if (request->username->da->attr != PW_STRIPPED_USER_NAME) {
- vp = radius_paircreate(request->packet, &request->packet->vps,
+ vp = radius_pair_create(request->packet, &request->packet->vps,
PW_STRIPPED_USER_NAME, 0);
RDEBUG2("Adding Stripped-User-Name = \"%s\"", username);
} else {
RDEBUG2("Setting Stripped-User-Name = \"%s\"", username);
}
- pairstrcpy(vp, username);
+ fr_pair_value_strcpy(vp, username);
request->username = vp;
}
* entered.
*/
if (realm->name[0] != '~') realmname = realm->name;
- pairmake_packet("Realm", realmname, T_OP_EQ);
+ pair_make_packet("Realm", realmname, T_OP_EQ);
RDEBUG2("Adding Realm = \"%s\"", realmname);
talloc_free(namebuf);
* that has already proxied the request, we don't need to do
* it again.
*/
- vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY);
if (vp && (request->packet->src_ipaddr.af == AF_INET)) {
int i;
fr_ipaddr_t my_ipaddr;
*/
RDEBUG2("Preparing to proxy authentication request to realm \"%s\"\n",
realm->name);
- pairmake_config("Proxy-To-Realm", realm->name, T_OP_EQ);
+ pair_make_config("Proxy-To-Realm", realm->name, T_OP_EQ);
return RLM_MODULE_UPDATED; /* try the next module */
}
*/
RDEBUG2("Preparing to proxy accounting request to realm \"%s\"\n",
realm->name);
- pairmake_config("Proxy-To-Realm", realm->name, T_OP_EQ);
+ pair_make_config("Proxy-To-Realm", realm->name, T_OP_EQ);
return RLM_MODULE_UPDATED; /* try the next module */
}
VALUE_PAIR *vp;
REALM *realm;
- if (pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL) {
+ if (fr_pair_find_by_num(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL) {
RDEBUG2("Request already has destination realm set. Ignoring");
return RLM_MODULE_NOOP;
}
- vp = pairfind(request->packet->vps, PW_OPERATOR_NAME, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_OPERATOR_NAME, 0, TAG_ANY);
if (!vp) return RLM_MODULE_NOOP;
/*
*/
RDEBUG2("Preparing to proxy authentication request to realm \"%s\"\n",
realm->name);
- pairmake_config("Proxy-To-Realm", realm->name, T_OP_EQ);
+ pair_make_config("Proxy-To-Realm", realm->name, T_OP_EQ);
return RLM_MODULE_UPDATED; /* try the next module */
}
memset (&cookie, 0, sizeof(cookie));
/* See if the request overrides the community*/
- vp = pairfind(request->packet->vps, PW_UKERNA_TR_COI, VENDORPEC_UKERNA, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_UKERNA_TR_COI, VENDORPEC_UKERNA, TAG_ANY);
if (vp)
community = vp->vp_strvalue;
- else pairmake_packet("Trust-Router-COI", community, T_OP_SET);
+ else pair_make_packet("Trust-Router-COI", community, T_OP_SET);
cookie.fr_realm_name = talloc_asprintf(NULL,
"%s%%%s",
DEBUG2("TID response is error, rc = %d: %s.\n", cookie.result,
cookie.err_msg?cookie.err_msg:"(NO ERROR TEXT)");
if (cookie.err_msg)
- pairmake_reply("Reply-Message", cookie.err_msg, T_OP_SET);
- pairmake_reply("Error-Cause", "502", T_OP_SET); /*proxy unroutable*/
+ pair_make_reply("Reply-Message", cookie.err_msg, T_OP_SET);
+ pair_make_reply("Error-Cause", "502", T_OP_SET); /*proxy unroutable*/
}
cleanup:
rlm_rediswho_t *inst = (rlm_rediswho_t *) instance;
REDISSOCK *dissocket;
- vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (!vp) {
RDEBUG("Could not find account status type in packet");
return RLM_MODULE_NOOP;
* attributes.
*/
if (*vps) {
- packet->vps = paircopy(packet, *vps);
+ packet->vps = fr_pair_list_copy(packet, *vps);
if (!packet->vps) {
rcode = RLM_MODULE_FAIL;
goto done;
* it doesn't exist.
*/
if ((code == PW_CODE_ACCESS_REQUEST) &&
- (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) != NULL) &&
- (pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL)) {
+ (fr_pair_find_by_num(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) != NULL) &&
+ (fr_pair_find_by_num(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL)) {
uint8_t *p;
- vp = radius_paircreate(packet, &packet->vps, PW_CHAP_CHALLENGE, 0);
+ vp = radius_pair_create(packet, &packet->vps, PW_CHAP_CHALLENGE, 0);
vp->length = AUTH_VECTOR_LEN;
vp->vp_octets = p = talloc_array(vp, uint8_t, vp->length);
memcpy(p, request->packet->vector, AUTH_VECTOR_LEN);
/** Flags to control the conversion of JSON values to VALUE_PAIRs.
*
* These fields are set when parsing the expanded format for value pairs in
- * JSON, and control how json_pairmake_leaf and json_pairmake convert the JSON
+ * JSON, and control how json_fr_pair_make_leaf and json_fr_pair_make convert the JSON
* value, and move the new VALUE_PAIR into an attribute list.
*
- * @see json_pairmake
- * @see json_pairmake_leaf
+ * @see json_fr_pair_make
+ * @see json_fr_pair_make_leaf
*/
typedef struct json_flags {
int do_xlat; //!< If true value will be expanded with xlat.
* Sorts pairs in place, oh well...
*/
if (sort) {
- pairsort(&request->packet->vps, attrtagcmp);
+ fr_pair_list_sort(&request->packet->vps, fr_pair_cmp_by_da_tag);
}
fr_cursor_init(&ctx->cursor, &request->packet->vps);
}
/*
* Use rawlen to protect against overrun, and to cope with any binary data
*/
- vp = pairmake_reply("REST-HTTP-Body", NULL, T_OP_ADD);
- pairbstrncpy(vp, raw, rawlen);
+ vp = pair_make_reply("REST-HTTP-Body", NULL, T_OP_ADD);
+ fr_pair_value_bstrncpy(vp, raw, rawlen);
RDEBUG2("Adding reply:REST-HTTP-Body += \"%s\"", vp->vp_strvalue);
goto skip;
}
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) {
REDEBUG("Failed creating valuepair");
talloc_free(expanded);
goto error;
}
- ret = pairparsevalue(vp, expanded, -1);
+ ret = fr_pair_value_from_str(vp, expanded, -1);
TALLOC_FREE(expanded);
if (ret < 0) {
RWDEBUG("Incompatible value assignment, skipping");
goto skip;
}
- pairadd(vps, vp);
+ fr_pair_add(vps, vp);
count++;
* @param[in] leaf object containing the VALUE_PAIR value.
* @return The VALUE_PAIR just created, or NULL on error.
*/
-static VALUE_PAIR *json_pairmake_leaf(UNUSED rlm_rest_t *instance, UNUSED rlm_rest_section_t *section,
+static VALUE_PAIR *json_fr_pair_make_leaf(UNUSED rlm_rest_t *instance, UNUSED rlm_rest_section_t *section,
TALLOC_CTX *ctx, REQUEST *request, DICT_ATTR const *da,
json_flags_t *flags, json_object *leaf)
{
to_parse = value;
}
- vp = pairalloc(ctx, da);
+ vp = fr_pair_afrom_da(ctx, da);
if (!vp) {
RWDEBUG("Failed creating valuepair for attribute \"%s\", skipping...", da->name);
talloc_free(expanded);
vp->op = flags->op;
- ret = pairparsevalue(vp, to_parse, -1);
+ ret = fr_pair_value_from_str(vp, to_parse, -1);
talloc_free(expanded);
if (ret < 0) {
RWDEBUG("Incompatible value assignment for attribute \"%s\", skipping...", da->name);
* when 0 no more attributes will be processed.
* @return number of attributes created or < 0 on error.
*/
-static int json_pairmake(rlm_rest_t *instance, rlm_rest_section_t *section,
+static int json_fr_pair_make(rlm_rest_t *instance, rlm_rest_section_t *section,
REQUEST *request, json_object *object, UNUSED int level, int max)
{
struct lh_entry *entry;
}
/*
- * Setup pairmake / recursion loop.
+ * Setup fr_pair_make / recursion loop.
*/
if (!flags.is_json && json_object_is_type(value, json_type_array)) {
elements = json_object_array_length(value);
continue;
/*
- vp = json_pairmake(instance, section,
+ vp = json_fr_pair_make(instance, section,
request, value,
level + 1, max_attrs);*/
} else {
- vp = json_pairmake_leaf(instance, section, ctx, request,
+ vp = json_fr_pair_make_leaf(instance, section, ctx, request,
dst.tmpl_da, &flags, element);
if (!vp) continue;
}
/** Converts JSON response into VALUE_PAIRs and adds them to the request.
*
* Converts the raw JSON string into a json-c object tree and passes it to
- * json_pairmake. After the tree has been parsed json_object_put is called
+ * json_fr_pair_make. After the tree has been parsed json_object_put is called
* which decrements the reference count of the root node by one, and frees
* the entire tree.
*
* @see rest_encode_json
- * @see json_pairmake
+ * @see json_fr_pair_make
*
* @param[in] instance configuration data.
* @param[in] section configuration data.
return -1;
}
- ret = json_pairmake(instance, section, request, json, 0, REST_BODY_MAX_ATTRS);
+ ret = json_fr_pair_make(instance, section, request, json, 0, REST_BODY_MAX_ATTRS);
/*
* Decrement reference count for root object, should free entire JSON tree.
char const *s1, *s2;
- /* pairmake() will convert and find any
+ /* fr_pair_make() will convert and find any
* errors in the pair.
*/
function_name, s1, s2);
/* xxx Might need to support other T_OP */
- vp = pairmake(ctx, vpp, s1, s2, T_OP_EQ);
+ vp = fr_pair_make(ctx, vpp, s1, s2, T_OP_EQ);
if (vp != NULL) {
DEBUG("%s: s1, s2 OK", function_name);
} else {
* Generate State, since we've been asked to add it to
* the list.
*/
- state = pairmake_reply("State", session->state, T_OP_EQ);
+ state = pair_make_reply("State", session->state, T_OP_EQ);
if (!state) return -1;
state->vp_length = SECURID_STATE_LEN;
pthread_mutex_unlock(&(inst->session_mutex));
if (!status) {
- pairfree(&state);
+ fr_pair_list_free(&state);
ERROR("rlm_securid: Failed to store session");
return -1;
}
/*
* We key the sessions off of the 'state' attribute
*/
- state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
+ state = fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (!state) {
return NULL;
}
/* reply with Access-challenge message code (11) */
/* Generate Prompt attribute */
- vp = paircreate(request->reply, PW_PROMPT, 0);
+ vp = fr_pair_afrom_num(request->reply, PW_PROMPT, 0);
rad_assert(vp != NULL);
vp->vp_integer = 0; /* no echo */
- pairadd(&request->reply->vps, vp);
+ fr_pair_add(&request->reply->vps, vp);
/* Mark the packet as a Acceess-Challenge Packet */
request->reply->code = PW_CODE_ACCESS_CHALLENGE;
break;
}
- if (*buffer) pairmake_reply("Reply-Message", buffer, T_OP_EQ);
+ if (*buffer) pair_make_reply("Reply-Message", buffer, T_OP_EQ);
return rcode;
}
* Look for the 'state' attribute.
*/
#define WRITE_ALL(_a,_b,_c) if (write_all(_a,_b,_c) < 0) goto done;
- state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
+ state = fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (state) {
RDEBUG("Found reply to access challenge");
* Create the challenge, and add it to the reply.
*/
- pairmake_reply("Reply-Message", inst->challenge, T_OP_EQ);
- pairmake_reply("State", buffer, T_OP_EQ);
+ pair_make_reply("Reply-Message", inst->challenge, T_OP_EQ);
+ pair_make_reply("State", buffer, T_OP_EQ);
/*
* Mark the packet as an Access-Challenge packet.
/*
* Look for the 'state' attribute.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
+ state = fr_pair_find_by_num(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (state != NULL) {
DEBUG("rlm_smsotp: Found reply to access challenge (AUTZ), Adding Auth-Type '%s'",inst->authtype);
- pairdelete(&request->config, PW_AUTH_TYPE, 0, TAG_ANY); /* delete old auth-type */
- pairmake_config("Auth-Type", inst->authtype, T_OP_SET);
+ fr_pair_delete_by_num(&request->config, PW_AUTH_TYPE, 0, TAG_ANY); /* delete old auth-type */
+ pair_make_config("Auth-Type", inst->authtype, T_OP_SET);
}
return RLM_MODULE_OK;
/*
* There will be no point unless SoH-Supported = yes
*/
- vp[0] = pairfind(request->packet->vps, PW_SOH_SUPPORTED, 0, TAG_ANY);
+ vp[0] = fr_pair_find_by_num(request->packet->vps, PW_SOH_SUPPORTED, 0, TAG_ANY);
if (!vp[0])
return 0;
if (strncasecmp(fmt, "OS", 2) == 0) {
/* OS vendor */
- vp[0] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_VENDOR, 0, TAG_ANY);
- vp[1] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_VERSION, 0, TAG_ANY);
- vp[2] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_RELEASE, 0, TAG_ANY);
- vp[3] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_OS_BUILD, 0, TAG_ANY);
- vp[4] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_SP_VERSION, 0, TAG_ANY);
- vp[5] = pairfind(request->packet->vps, PW_SOH_MS_MACHINE_SP_RELEASE, 0, TAG_ANY);
+ vp[0] = fr_pair_find_by_num(request->packet->vps, PW_SOH_MS_MACHINE_OS_VENDOR, 0, TAG_ANY);
+ vp[1] = fr_pair_find_by_num(request->packet->vps, PW_SOH_MS_MACHINE_OS_VERSION, 0, TAG_ANY);
+ vp[2] = fr_pair_find_by_num(request->packet->vps, PW_SOH_MS_MACHINE_OS_RELEASE, 0, TAG_ANY);
+ vp[3] = fr_pair_find_by_num(request->packet->vps, PW_SOH_MS_MACHINE_OS_BUILD, 0, TAG_ANY);
+ vp[4] = fr_pair_find_by_num(request->packet->vps, PW_SOH_MS_MACHINE_SP_VERSION, 0, TAG_ANY);
+ vp[5] = fr_pair_find_by_num(request->packet->vps, PW_SOH_MS_MACHINE_SP_RELEASE, 0, TAG_ANY);
if (vp[0] && vp[0]->vp_integer == VENDORPEC_MICROSOFT) {
if (!vp[1]) {
if (!inst->dhcp) return RLM_MODULE_NOOP;
- vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, 43, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
/*
* vendor-specific options contain
RDEBUG("SoH adding NAP marker to DHCP reply");
/* client probe; send "NAP" in the reply */
- vp = paircreate(request->reply, 43, DHCP_MAGIC_VENDOR);
+ vp = fr_pair_afrom_num(request->reply, 43, DHCP_MAGIC_VENDOR);
vp->vp_length = 5;
vp->vp_octets = p = talloc_array(vp, uint8_t, vp->vp_length);
p[3] = 'A';
p[2] = 'P';
- pairadd(&request->reply->vps, vp);
+ fr_pair_add(&request->reply->vps, vp);
} else {
RDEBUG("SoH decoding NAP from DHCP request");
int rv;
/* try to find the MS-SoH payload */
- vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, 55, VENDORPEC_MICROSOFT, TAG_ANY);
if (!vp) {
RDEBUG("SoH radius VP not found");
return RLM_MODULE_NOOP;
/*
* Hash based on the given key. Usually User-Name.
*/
- vp = pair_find_by_da(packet->vps, inst->da, TAG_ANY);
+ vp = fr_pair_find_by_da(packet->vps, inst->da, TAG_ANY);
if (!vp) return RLM_MODULE_NOOP;
hash = fr_hash(&vp->data, vp->vp_length);
static sql_fall_through_t fall_through(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
+ tmp = fr_pair_find_by_num(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : FALL_THROUGH_DEFAULT;
}
return -1;
}
- vp = pairalloc(request->packet, inst->sql_user);
+ vp = fr_pair_afrom_da(request->packet, inst->sql_user);
if (!vp) {
talloc_free(expanded);
return -1;
}
- pairstrsteal(vp, expanded);
+ fr_pair_value_strsteal(vp, expanded);
RDEBUG2("SQL-User-Name set to '%s'", vp->vp_strvalue);
vp->op = T_OP_SET;
radius_pairmove(request, &request->packet->vps, vp, false); /* needs to be pair move else op is not respected */
/*
* Do a set/unset user, so it's a bit clearer what's going on.
*/
-#define sql_unset_user(_i, _r) pairdelete(&_r->packet->vps, _i->sql_user->attr, _i->sql_user->vendor, TAG_ANY)
+#define sql_unset_user(_i, _r) fr_pair_delete_by_num(&_r->packet->vps, _i->sql_user->attr, _i->sql_user->vendor, TAG_ANY)
static int sql_get_grouplist(rlm_sql_t *inst, rlm_sql_handle_t **handle, REQUEST *request,
rlm_sql_grouplist_t **phead)
* Add the Sql-Group attribute to the request list so we know
* which group we're retrieving attributes for
*/
- sql_group = pairmake_packet(inst->group_da->name, NULL, T_OP_EQ);
+ sql_group = pair_make_packet(inst->group_da->name, NULL, T_OP_EQ);
if (!sql_group) {
REDEBUG("Error creating %s attribute", inst->group_da->name);
rcode = RLM_MODULE_FAIL;
do {
next:
rad_assert(entry != NULL);
- pairstrcpy(sql_group, entry->name);
+ fr_pair_value_strcpy(sql_group, entry->name);
if (inst->config->authorize_group_check_query) {
vp_cursor_t cursor;
*/
if ((rows > 0) &&
(paircompare(request, request->packet->vps, check_tmp, &request->reply->vps) != 0)) {
- pairfree(&check_tmp);
+ fr_pair_list_free(&check_tmp);
entry = entry->next;
if (!entry) break;
finish:
talloc_free(head);
- pairdelete(&request->packet->vps, inst->group_da->attr, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->packet->vps, inst->group_da->attr, 0, TAG_ANY);
return rcode;
}
RDEBUG2("User found in radcheck table");
user_found = true;
if (paircompare(request, request->packet->vps, check_tmp, &request->reply->vps) != 0) {
- pairfree(&check_tmp);
+ fr_pair_list_free(&check_tmp);
check_tmp = NULL;
goto skipreply;
}
* Check for a default_profile or for a User-Profile.
*/
RDEBUG3("... falling-through to profile processing");
- user_profile = pairfind(request->config, PW_USER_PROFILE, 0, TAG_ANY);
+ user_profile = fr_pair_find_by_num(request->config, PW_USER_PROFILE, 0, TAG_ANY);
char const *profile = user_profile ?
user_profile->vp_strvalue :
return rcode;
error:
- pairfree(&check_tmp);
- pairfree(&reply_tmp);
+ fr_pair_list_free(&check_tmp);
+ fr_pair_list_free(&reply_tmp);
sql_unset_user(inst, request);
fr_connection_release(inst->pool, handle);
*/
request->simul_count = 0;
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
ipno = vp->vp_ipaddr;
}
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
call_num = vp->vp_strvalue;
}
} rlm_sql_grouplist_t;
void *mod_conn_create(TALLOC_CTX *ctx, void *instance);
-int sql_userparse(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **first_pair, rlm_sql_row_t row);
+int sql_fr_pair_list_afrom_str(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **first_pair, rlm_sql_row_t row);
int sql_read_realms(rlm_sql_handle_t *handle);
int sql_getvpdata(TALLOC_CTX *ctx, rlm_sql_t *inst, REQUEST *request, rlm_sql_handle_t **handle, VALUE_PAIR **pair, char const *query);
int sql_read_clients(rlm_sql_handle_t *handle);
/*************************************************************************
*
- * Function: sql_userparse
+ * Function: sql_fr_pair_list_afrom_str
*
* Purpose: Read entries from the database and fill VALUE_PAIR structures
*
*************************************************************************/
-int sql_userparse(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **head, rlm_sql_row_t row)
+int sql_fr_pair_list_afrom_str(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **head, rlm_sql_row_t row)
{
VALUE_PAIR *vp;
char const *ptr, *value;
/*
* Create the pair
*/
- vp = pairmake(ctx, NULL, row[2], NULL, operator);
+ vp = fr_pair_make(ctx, NULL, row[2], NULL, operator);
if (!vp) {
REDEBUG("Failed to create the pair: %s", fr_strerror());
return -1;
}
if (do_xlat) {
- if (pairmark_xlat(vp, value) < 0) {
+ if (fr_pair_mark_xlat(vp, value) < 0) {
REDEBUG("Error marking pair for xlat");
talloc_free(vp);
return -1;
}
} else {
- if (pairparsevalue(vp, value, -1) < 0) {
+ if (fr_pair_value_from_str(vp, value, -1) < 0) {
REDEBUG("Error parsing value: %s", fr_strerror());
talloc_free(vp);
/*
* Add the pair into the packet
*/
- pairadd(head, vp);
+ fr_pair_add(head, vp);
return 0;
}
while (rlm_sql_fetch_row(inst, request, handle) == 0) {
row = (*handle)->row;
if (!row) break;
- if (sql_userparse(ctx, request, pair, row) != 0) {
+ if (sql_fr_pair_list_afrom_str(ctx, request, pair, row) != 0) {
REDEBUG("Error parsing user data from database result");
(inst->module->sql_finish_select_query)(*handle, inst->config);
if ((inst->key_attr->vendor == 0) && (inst->key_attr->attr == PW_USER_NAME)) {
key_vp = request->username;
} else {
- key_vp = pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
+ key_vp = fr_pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
}
if (!key_vp) {
RWDEBUG2("Couldn't find key attribute, request:%s, doing nothing...", inst->key_attr->name);
return rcode;
}
- limit = pair_find_by_da(request->config, da, TAG_ANY);
+ limit = fr_pair_find_by_da(request->config, da, TAG_ANY);
if (limit == NULL) {
/* Yes this really is 'check' as distinct from control */
RWDEBUG2("Couldn't find check attribute, control:%s, doing nothing...", inst->limit_name);
if (limit->vp_integer64 <= counter) {
/* User is denied access, send back a reply message */
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", inst->reset);
- pairmake_reply("Reply-Message", msg, T_OP_EQ);
+ pair_make_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG2("Maximum %s usage time reached", inst->reset);
REDEBUG2("Rejecting user, &control:%s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")",
/*
* Limit the reply attribute to the minimum of the existing value, or this new one.
*/
- reply_item = pair_find_by_da(request->reply->vps, inst->reply_attr, TAG_ANY);
+ reply_item = fr_pair_find_by_da(request->reply->vps, inst->reply_attr, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer64 <= res) {
RDEBUG2("Leaving existing &reply:%s value of %" PRIu64, inst->reply_attr->name,
return RLM_MODULE_OK;
}
} else {
- reply_item = radius_paircreate(request->reply, &request->reply->vps, inst->reply_attr->attr,
+ reply_item = radius_pair_create(request->reply, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
}
reply_item->vp_integer64 = res;
rlm_sqlhpwippool_t *inst = (rlm_sqlhpwippool_t *) instance;
/* if IP is already there, then nothing to do */
- vp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): IP address "
}
/* if no pool name, we don't need to do anything */
- vp = pairfind(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN, TAG_ANY);
if (vp) {
pname = vp->vp_strvalue;
nvp_log(__LINE__, inst, L_DBG,
}
/* if no NAS IP address, assign 0 */
- vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
nasip = ntohl(vp->vp_ipaddr);
}
}
/* add IP address to reply packet */
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
PW_FRAMED_IP_ADDRESS, 0);
vp->vp_ipaddr = ip.s_addr;
rlm_sqlhpwippool_t *inst = (rlm_sqlhpwippool_t *) instance;
/* if no unique session ID, don't even try */
- vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
if (vp) {
sessid = vp->vp_strvalue;
}
return RLM_MODULE_FAIL;
}
- vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (vp) {
acct_type = vp->vp_integer;
}
switch (acct_type) {
case PW_STATUS_START:
case PW_STATUS_ALIVE:
- vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
if (!vp) {
nvp_log(__LINE__, inst, L_ERR, "mod_accounting(): no framed IP");
fr_connection_release(inst->sql_inst->pool, sqlsock);
case PW_STATUS_ACCOUNTING_OFF:
case PW_STATUS_ACCOUNTING_ON:
- vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (!vp) {
nvp_log(__LINE__, inst, L_ERR, "mod_accounting(): no NAS IP");
fr_connection_release(inst->sql_inst->pool, sqlsock);
return rcode;
}
- pairmake_config("Module-Success-Message", expanded, T_OP_SET);
+ pair_make_config("Module-Success-Message", expanded, T_OP_SET);
talloc_free(expanded);
/*
* If there is a Framed-IP-Address attribute in the reply do nothing
*/
- if (pairfind(request->reply->vps, inst->framed_ip_address, 0, TAG_ANY) != NULL) {
+ if (fr_pair_find_by_num(request->reply->vps, inst->framed_ip_address, 0, TAG_ANY) != NULL) {
RDEBUG("Framed-IP-Address already exists");
return do_logging(request, inst->log_exists, RLM_MODULE_NOOP);
}
- if (pairfind(request->config, PW_POOL_NAME, 0, TAG_ANY) == NULL) {
+ if (fr_pair_find_by_num(request->config, PW_POOL_NAME, 0, TAG_ANY) == NULL) {
RDEBUG("No Pool-Name defined");
return do_logging(request, inst->log_nopool, RLM_MODULE_NOOP);
* See if we can create the VP from the returned data. If not,
* error out. If so, add it to the list.
*/
- vp = paircreate(request->reply, inst->framed_ip_address, 0);
- if (pairparsevalue(vp, allocation, allocation_len) < 0) {
+ vp = fr_pair_afrom_num(request->reply, inst->framed_ip_address, 0);
+ if (fr_pair_value_from_str(vp, allocation, allocation_len) < 0) {
DO(allocate_commit);
RDEBUG("Invalid IP number [%s] returned from instbase query.", allocation);
}
RDEBUG("Allocated IP %s", allocation);
- pairadd(&request->reply->vps, vp);
+ fr_pair_add(&request->reply->vps, vp);
/*
* UPDATE
rlm_sqlippool_t *inst = (rlm_sqlippool_t *) instance;
rlm_sql_handle_t *handle;
- vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (!vp) {
RDEBUG("Could not find account status type in packet");
return RLM_MODULE_NOOP;
if (encrypted_pass[0] == 0)
return RLM_MODULE_NOOP;
- vp = pairmake_config("Crypt-Password", encrypted_pass, T_OP_SET);
+ vp = pair_make_config("Crypt-Password", encrypted_pass, T_OP_SET);
if (!vp) return RLM_MODULE_FAIL;
return RLM_MODULE_UPDATED;
/*
* Which type is this.
*/
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY))==NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY))==NULL) {
RDEBUG("no Accounting-Status-Type attribute in request");
return RLM_MODULE_NOOP;
}
* We're only interested in accounting messages
* with a username in it.
*/
- if (pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY) == NULL)
+ if (fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY) == NULL)
return RLM_MODULE_NOOP;
t = request->timestamp;
goto nothing;
}
- cast = pairalloc(request, da);
+ cast = fr_pair_afrom_da(request, da);
if (!cast) goto nothing;
memcpy(&(cast->data), input + offset, dict_attr_sizes[type][0]);
/*
* Fix Calling-Station-Id. Damn you, WiMAX!
*/
- vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY);
if (vp && (vp->vp_length == 6)) {
int i;
char *p;
uint8_t mip_rk_1[EVP_MAX_MD_SIZE], mip_rk_2[EVP_MAX_MD_SIZE];
uint8_t mip_rk[2 * EVP_MAX_MD_SIZE];
- msk = pairfind(request->reply->vps, PW_EAP_MSK, 0, TAG_ANY);
- emsk = pairfind(request->reply->vps, PW_EAP_EMSK, 0, TAG_ANY);
+ msk = fr_pair_find_by_num(request->reply->vps, PW_EAP_MSK, 0, TAG_ANY);
+ emsk = fr_pair_find_by_num(request->reply->vps, PW_EAP_EMSK, 0, TAG_ANY);
if (!msk || !emsk) {
RDEBUG("No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys");
return RLM_MODULE_NOOP;
* the WiMAX-MSK so that the client has a key available.
*/
if (inst->delete_mppe_keys) {
- pairdelete(&request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
- pairdelete(&request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ fr_pair_delete_by_num(&request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
- vp = pairmake_reply("WiMAX-MSK", NULL, T_OP_EQ);
+ vp = pair_make_reply("WiMAX-MSK", NULL, T_OP_EQ);
if (vp) {
- pairmemcpy(vp, msk->vp_octets, msk->vp_length);
+ fr_pair_value_memcpy(vp, msk->vp_octets, msk->vp_length);
}
}
/*
* Calculate mobility keys
*/
- mn_nai = pairfind(request->packet->vps, PW_WIMAX_MN_NAI, 0, TAG_ANY);
- if (!mn_nai) mn_nai = pairfind(request->reply->vps, PW_WIMAX_MN_NAI, 0, TAG_ANY);
+ mn_nai = fr_pair_find_by_num(request->packet->vps, PW_WIMAX_MN_NAI, 0, TAG_ANY);
+ if (!mn_nai) mn_nai = fr_pair_find_by_num(request->reply->vps, PW_WIMAX_MN_NAI, 0, TAG_ANY);
if (!mn_nai) {
RWDEBUG("WiMAX-MN-NAI was not found in the request or in the reply");
RWDEBUG("We cannot calculate MN-HA keys");
* WiMAX-IP-Technology
*/
vp = NULL;
- if (mn_nai) vp = pairfind(request->reply->vps, 23, VENDORPEC_WIMAX, TAG_ANY);
+ if (mn_nai) vp = fr_pair_find_by_num(request->reply->vps, 23, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
RWDEBUG("WiMAX-IP-Technology not found in reply");
RWDEBUG("Not calculating MN-HA keys");
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY);
+ ip = fr_pair_find_by_num(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY);
if (!ip) {
RWDEBUG("WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-PMIP4 key");
break;
/*
* Put MN-HA-PMIP4 into WiMAX-MN-hHA-MIP4-Key
*/
- vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
10, VENDORPEC_WIMAX);
}
if (!vp) {
RWDEBUG("Failed creating WiMAX-MN-hHA-MIP4-Key");
break;
}
- pairmemcpy(vp, &mip_rk_1[0], rk1_len);
+ fr_pair_value_memcpy(vp, &mip_rk_1[0], rk1_len);
/*
* Put MN-HA-PMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI
*/
- vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
11, VENDORPEC_WIMAX);
}
if (!vp) {
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY);
+ ip = fr_pair_find_by_num(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY);
if (!ip) {
RWDEBUG("WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-CMIP4 key");
break;
/*
* Put MN-HA-CMIP4 into WiMAX-MN-hHA-MIP4-Key
*/
- vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
10, VENDORPEC_WIMAX);
}
if (!vp) {
RWDEBUG("Failed creating WiMAX-MN-hHA-MIP4-Key");
break;
}
- pairmemcpy(vp, &mip_rk_1[0], rk1_len);
+ fr_pair_value_memcpy(vp, &mip_rk_1[0], rk1_len);
/*
* Put MN-HA-CMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI
*/
- vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
11, VENDORPEC_WIMAX);
}
if (!vp) {
/*
* Look for WiMAX-hHA-IP-MIP6
*/
- ip = pairfind(request->reply->vps, 7, VENDORPEC_WIMAX, TAG_ANY);
+ ip = fr_pair_find_by_num(request->reply->vps, 7, VENDORPEC_WIMAX, TAG_ANY);
if (!ip) {
RWDEBUG("WiMAX-hHA-IP-MIP6 not found. Cannot calculate MN-HA-CMIP6 key");
break;
/*
* Put MN-HA-CMIP6 into WiMAX-MN-hHA-MIP6-Key
*/
- vp = pairfind(request->reply->vps, 12, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, 12, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
12, VENDORPEC_WIMAX);
}
if (!vp) {
RWDEBUG("Failed creating WiMAX-MN-hHA-MIP6-Key");
break;
}
- pairmemcpy(vp, &mip_rk_1[0], rk1_len);
+ fr_pair_value_memcpy(vp, &mip_rk_1[0], rk1_len);
/*
* Put MN-HA-CMIP6-SPI into WiMAX-MN-hHA-MIP6-SPI
*/
- vp = pairfind(request->reply->vps, 13, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, 13, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
13, VENDORPEC_WIMAX);
}
if (!vp) {
*
* FA-RK= H(MIP-RK, "FA-RK")
*/
- fa_rk = pairfind(request->reply->vps, 14, VENDORPEC_WIMAX, TAG_ANY);
+ fa_rk = fr_pair_find_by_num(request->reply->vps, 14, VENDORPEC_WIMAX, TAG_ANY);
if (fa_rk && (fa_rk->vp_length <= 1)) {
HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL);
HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len);
- pairmemcpy(fa_rk, &mip_rk_1[0], rk1_len);
+ fr_pair_value_memcpy(fa_rk, &mip_rk_1[0], rk1_len);
}
/*
* really MIP-SPI. Clear? Of course. This is WiMAX.
*/
if (fa_rk) {
- vp = pairfind(request->reply->vps, 61, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->reply->vps, 61, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
- vp = radius_paircreate(request->reply, &request->reply->vps,
+ vp = radius_pair_create(request->reply, &request->reply->vps,
61, VENDORPEC_WIMAX);
}
if (!vp) {
*
* WiMAX-RRQ-MN-HA-SPI
*/
- vp = pairfind(request->packet->vps, 20, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, 20, VENDORPEC_WIMAX, TAG_ANY);
if (vp) {
RDEBUG("Client requested MN-HA key: Should use SPI to look up key from storage");
if (!mn_nai) {
/*
* WiMAX-RRQ-HA-IP
*/
- if (!pairfind(request->packet->vps, 18, VENDORPEC_WIMAX, TAG_ANY)) {
+ if (!fr_pair_find_by_num(request->packet->vps, 18, VENDORPEC_WIMAX, TAG_ANY)) {
RWDEBUG("HA-IP was not found!");
}
/*
* WiMAX-HA-RK-Key-Requested
*/
- vp = pairfind(request->packet->vps, 58, VENDORPEC_WIMAX, TAG_ANY);
+ vp = fr_pair_find_by_num(request->packet->vps, 58, VENDORPEC_WIMAX, TAG_ANY);
if (vp && (vp->vp_integer == 1)) {
RDEBUG("Client requested HA-RK: Should use IP to look it up from storage");
}
return RLM_MODULE_FAIL;
}
- key = pair_find_by_da(request->config, da, TAG_ANY);
+ key = fr_pair_find_by_da(request->config, da, TAG_ANY);
if (!key) {
REDEBUG("Yubikey-Key attribute not found in control list, can't decrypt OTP data");
return RLM_MODULE_INVALID;
/*
* Private ID used for validation purposes
*/
- vp = pairmake(request, &request->packet->vps, "Yubikey-Private-ID", NULL, T_OP_SET);
+ vp = fr_pair_make(request, &request->packet->vps, "Yubikey-Private-ID", NULL, T_OP_SET);
if (!vp) {
REDEBUG("Failed creating Yubikey-Private-ID");
return RLM_MODULE_FAIL;
}
- pairmemcpy(vp, token.uid, YUBIKEY_UID_SIZE);
+ fr_pair_value_memcpy(vp, token.uid, YUBIKEY_UID_SIZE);
/*
* Token timestamp
*/
- vp = pairmake(request, &request->packet->vps, "Yubikey-Timestamp", NULL, T_OP_SET);
+ vp = fr_pair_make(request, &request->packet->vps, "Yubikey-Timestamp", NULL, T_OP_SET);
if (!vp) {
REDEBUG("Failed creating Yubikey-Timestamp");
/*
* Token random
*/
- vp = pairmake(request, &request->packet->vps, "Yubikey-Random", NULL, T_OP_SET);
+ vp = fr_pair_make(request, &request->packet->vps, "Yubikey-Random", NULL, T_OP_SET);
if (!vp) {
REDEBUG("Failed creating Yubikey-Random");
*/
counter = (yubikey_counter(token.ctr) << 16) | token.use;
- vp = pairmake(request, &request->packet->vps, "Yubikey-Counter", NULL, T_OP_SET);
+ vp = fr_pair_make(request, &request->packet->vps, "Yubikey-Counter", NULL, T_OP_SET);
if (!vp) {
REDEBUG("Failed creating Yubikey-Counter");
/*
* Now we check for replay attacks
*/
- vp = pair_find_by_da(request->config, da, TAG_ANY);
+ vp = fr_pair_find_by_da(request->config, da, TAG_ANY);
if (!vp) {
RWDEBUG("Yubikey-Counter not found in control list, skipping replay attack checks");
return RLM_MODULE_OK;
* Insert a new request attribute just containing the OTP
* portion.
*/
- vp = pairmake_packet("Yubikey-OTP", otp, T_OP_SET);
+ vp = pair_make_packet("Yubikey-OTP", otp, T_OP_SET);
if (!vp) {
REDEBUG("Failed creating 'Yubikey-OTP' attribute");
return RLM_MODULE_FAIL;
*/
MEM(password = talloc_array(request->password, char, password_len + 1));
strlcpy(password, passcode, password_len + 1);
- pairstrsteal(request->password, password);
+ fr_pair_value_strsteal(request->password, password);
RINDENT();
if (RDEBUG_ENABLED3) {
dval = dict_valbyname(PW_AUTH_TYPE, 0, inst->name);
if (dval) {
- vp = radius_paircreate(request, &request->config, PW_AUTH_TYPE, 0);
+ vp = radius_pair_create(request, &request->config, PW_AUTH_TYPE, 0);
vp->vp_integer = dval->value;
}
* It's left up to the user if they want to decode it or not.
*/
if (inst->id_len) {
- vp = pairmake(request, &request->packet->vps, "Yubikey-Public-ID", NULL, T_OP_SET);
+ vp = fr_pair_make(request, &request->packet->vps, "Yubikey-Public-ID", NULL, T_OP_SET);
if (!vp) {
REDEBUG("Failed creating Yubikey-Public-ID");
return RLM_MODULE_FAIL;
}
- pairbstrncpy(vp, passcode, inst->id_len);
+ fr_pair_value_bstrncpy(vp, passcode, inst->id_len);
}
return RLM_MODULE_OK;
goto user_password;
}
- vp = pair_find_by_da(request->packet->vps, da, TAG_ANY);
+ vp = fr_pair_find_by_da(request->packet->vps, da, TAG_ANY);
if (vp) {
passcode = vp->vp_strvalue;
len = vp->vp_length;