void fr_cursor_copy(vp_cursor_t *out, vp_cursor_t *in);
VALUE_PAIR *fr_cursor_first(vp_cursor_t *cursor);
VALUE_PAIR *fr_cursor_next_by_num(vp_cursor_t *cursor, unsigned int attr, unsigned int vendor, int8_t tag);
-VALUE_PAIR *fr_cursor_next_by_da(vp_cursor_t *cursor, DICT_ATTR const *da, int8_t tag);
+
+VALUE_PAIR *fr_cursor_next_by_da(vp_cursor_t *cursor, DICT_ATTR const *da, int8_t tag)
+ CC_HINT(nonnull);
+
VALUE_PAIR *fr_cursor_next(vp_cursor_t *cursor);
VALUE_PAIR *fr_cursor_current(vp_cursor_t *cursor);
void fr_cursor_insert(vp_cursor_t *cursor, VALUE_PAIR *vp);
int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
char *user_msg, size_t msg_len, int timeout,
VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs);
-void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quench);
+void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quench)
+ CC_HINT(nonnull (3));
/* valuepair.c */
int paircompare_register(DICT_ATTR const *attribute, DICT_ATTR const *from,
typedef size_t (*RADIUS_ESCAPE_STRING)(REQUEST *, char *out, size_t outlen, char const *in, void *arg);
ssize_t radius_xlat(char *out, size_t outlen, REQUEST *request, char const *fmt, RADIUS_ESCAPE_STRING escape,
- void *escape_ctx);
+ void *escape_ctx)
+ CC_HINT(nonnull (1, 3, 4));
-ssize_t radius_axlat(char **out, REQUEST *request, char const *fmt, RADIUS_ESCAPE_STRING escape,
- void *escape_ctx);
-ssize_t radius_axlat_struct(char **out, REQUEST *request, xlat_exp_t const *xlat, RADIUS_ESCAPE_STRING escape, void *ctx);
+ssize_t radius_axlat(char **out, REQUEST *request, char const *fmt, RADIUS_ESCAPE_STRING escape, void *escape_ctx)
+ CC_HINT(nonnull (1, 2, 3));
+
+ssize_t radius_axlat_struct(char **out, REQUEST *request, xlat_exp_t const *xlat, RADIUS_ESCAPE_STRING escape,
+ void *ctx)
+ CC_HINT(nonnull (1, 2, 3));
typedef ssize_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, char const *, char *, size_t);
int xlat_register(char const *module, RAD_XLAT_FUNC func, RADIUS_ESCAPE_STRING escape,
void xlat_free(void);
/* threads.c */
-extern int thread_pool_init(CONF_SECTION *cs, bool *spawn_flag);
-extern void thread_pool_stop(void);
-extern int thread_pool_addrequest(REQUEST *, RAD_REQUEST_FUNP);
-extern pid_t rad_fork(void);
-extern pid_t rad_waitpid(pid_t pid, int *status);
-extern int total_active_threads(void);
-extern void thread_pool_lock(void);
-extern void thread_pool_unlock(void);
-extern void thread_pool_queue_stats(int array[RAD_LISTEN_MAX], int pps[2]);
+extern int thread_pool_init(CONF_SECTION *cs, bool *spawn_flag);
+extern void thread_pool_stop(void);
+extern int thread_pool_addrequest(REQUEST *, RAD_REQUEST_FUNP);
+extern pid_t rad_fork(void);
+extern pid_t rad_waitpid(pid_t pid, int *status);
+extern int total_active_threads(void);
+extern void thread_pool_lock(void);
+extern void thread_pool_unlock(void);
+extern void thread_pool_queue_stats(int array[RAD_LISTEN_MAX], int pps[2]);
#ifndef HAVE_PTHREAD_H
#define rad_fork(n) fork()
ci = cf_reference_item(subcs, mainconfig.config, attr);
if (!ci) {
- RDEBUG3("No such item in trigger section: %s", attr);
+ EDEBUG3("No such item in trigger section: %s", attr);
return;
}
if (!cf_item_is_pair(ci)) {
- RDEBUG2("Trigger is not a configuration variable: %s", attr);
+ EDEBUG2("Trigger is not a configuration variable: %s", attr);
return;
}
value = cf_pair_value(cp);
if (!value) {
- RDEBUG2("Trigger has no value: %s", name);
+ EDEBUG2("Trigger has no value: %s", name);
return;
}
}
}
- RDEBUG("Trigger %s -> %s", name, value);
+ DEBUG("Trigger %s -> %s", name, value);
radius_exec_program(request, value, false, true, NULL, 0, EXEC_TIMEOUT, vp, NULL);
}
from = NULL;
da = map->src->vpt_da;
+ rad_assert(da != NULL);
+
context = request;
if (radius_request(&context, map->src->vpt_request) == 0) {
from = radius_list(context, map->src->vpt_list);
if (!from) continue;
fr_cursor_init(&cursor, from);
- found = fr_cursor_next_by_num(&cursor, da->attr, da->vendor, TAG_ANY);
+ found = fr_cursor_next_by_da(&cursor, da, TAG_ANY);
if (!found) {
RWDEBUG("\"%s\" not found, skipping",
map->src->name);
radius_pairmove(request, to_req, vp, false);
}
- } while ((found = fr_cursor_next_by_num(&cursor, da->attr, da->vendor, TAG_ANY)));
+ } while ((found = fr_cursor_next_by_da(&cursor, da, TAG_ANY)));
break;
default:
/*
* Use a reply packet to determine what to do.
*/
-static int process_reply(eap_handler_t *handler, tls_session_t *tls_session,
- REQUEST *request, RADIUS_PACKET *reply)
+static int CC_HINT(nonnull) process_reply(eap_handler_t *handler, tls_session_t *tls_session,
+ REQUEST *request, RADIUS_PACKET *reply)
{
int rcode = RLM_MODULE_REJECT;
VALUE_PAIR *vp;
/*
* Do the callback, if it exists, and if it was a success.
*/
- if (fake &&
- handler->request->proxy_reply &&
- (handler->request->proxy_reply->code == PW_CODE_AUTHENTICATION_ACK)) {
+ if (fake && (handler->request->proxy_reply->code == PW_CODE_AUTHENTICATION_ACK)) {
/*
* Terrible hacks.
*/
/*
* Process the reply from the home server.
*/
- rcode = process_reply(handler, tls_session, handler->request,
- handler->request->proxy_reply);
+ rcode = process_reply(handler, tls_session, handler->request, handler->request->proxy_reply);
/*
* The proxy code uses the reply from the home server as
ssize_t len;
char *exp = NULL;
- len = radius_xlat(exp, 0, request, map->src->name, NULL, NULL);
+ len = radius_axlat(&exp, request, map->src->name, NULL, NULL);
if (len < 0) {
RDEBUG("Expansion of LDAP attribute \"%s\" failed", map->src->name);
} else if (do_xlat) {
char *exp = NULL;
- if (radius_xlat(exp, 0, request, value, NULL, NULL) <= 0) {
+ if (radius_axlat(&exp, request, value, NULL, NULL) <= 0) {
RDEBUG("Skipping attribute \"%s\"", attr);
talloc_free(exp);
{
rlm_linelog_t *inst = instance;
- rad_assert(inst->filename && *inst->filename);
+ if (!inst->filename) {
+ cf_log_err_cs(conf, "No value provided for 'filename'");
+ return -1;
+ }
#ifndef HAVE_SYSLOG_H
if (strcmp(inst->filename, "syslog") == 0) {
char *endptr;
#endif
+ line[0] = '\0';
+
if (inst->reference) {
CONF_ITEM *ci;
CONF_PAIR *cp;
p = line + 1;
- if (radius_xlat(p, sizeof(line) - 2, request, inst->reference, linelog_escape_func,
- NULL) < 0) {
+ if (radius_xlat(p, sizeof(line) - 2, request, inst->reference, linelog_escape_func, NULL) < 0) {
return RLM_MODULE_FAIL;
}
/*
* FIXME: Check length.
*/
- if (radius_xlat(line, sizeof(line) - 1, request, value, linelog_escape_func, NULL) < 0) {
+ if (value && (radius_xlat(line, sizeof(line) - 1, request, value, linelog_escape_func, NULL) < 0)) {
if (fd > -1) {
fr_logfile_close(inst->lf, fd);
}
* Perform an MS-CHAP2 password change
*/
-static int CC_HINT(nonnull) do_mschap_cpw(rlm_mschap_t *inst,
- REQUEST *request,
+static int CC_HINT(nonnull (1, 2, 4, 5)) do_mschap_cpw(rlm_mschap_t *inst,
+ REQUEST *request,
#ifdef HAVE_OPENSSL_CRYPTO_H
- VALUE_PAIR *nt_password,
+ VALUE_PAIR *nt_password,
#else
- UNUSED VALUE_PAIR *nt_password,
+ UNUSED VALUE_PAIR *nt_password,
#endif
- uint8_t *new_nt_password,
- uint8_t *old_nt_hash,
- int do_ntlm_auth)
+ uint8_t *new_nt_password,
+ uint8_t *old_nt_hash,
+ bool do_ntlm_auth)
{
if (inst->ntlm_cpw && do_ntlm_auth) {
/*
* authentication is in one place, and we can perhaps later replace
* it with code to call winbindd, or something similar.
*/
-static int CC_HINT(nonnull) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
- uint8_t const *challenge, uint8_t const *response,
- uint8_t *nthashhash, int do_ntlm_auth)
+static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
+ uint8_t const *challenge, uint8_t const *response,
+ uint8_t *nthashhash, bool do_ntlm_auth)
{
- uint8_t calculated[24];
+ uint8_t calculated[24];
/*
* Do normal authentication.
uint8_t *p;
char const *username_string;
int chap = 0;
- int do_ntlm_auth;
+ bool do_ntlm_auth;
/*
* If we have ntlm_auth configured, use it unless told
*/
if (do_ntlm_auth) {
VALUE_PAIR *vp = pairfind(request->config_items, PW_MS_CHAP_USE_NTLM_AUTH, 0, TAG_ANY);
- if (vp) do_ntlm_auth = vp->vp_integer;
+ if (vp) do_ntlm_auth = (vp->vp_integer > 0);
}
/*
* 2 octets - flags (ignored)
*/
- memcpy(old_nt_encrypted, cpw->vp_octets+2, sizeof(old_nt_encrypted));
+ memcpy(old_nt_encrypted, cpw->vp_octets + 2, sizeof(old_nt_encrypted));
RDEBUG2("Password change payload valid");
/* perform the actual password change */
+ rad_assert(nt_password);
if (do_mschap_cpw(inst, request, nt_password, new_nt_encrypted, old_nt_encrypted, do_ntlm_auth) < 0) {
char buffer[128];
/*
* Query the database expecting a single result row
*/
-static int CC_HINT(nonnull (1,3,4,5)) sqlippool_query1(char *out, int outlen, char const *fmt,
- rlm_sql_handle_t *handle, rlm_sqlippool_t *data,
- REQUEST *request, char *param, int param_len)
+static int CC_HINT(nonnull (1, 3, 4, 5)) sqlippool_query1(char *out, int outlen, char const *fmt,
+ rlm_sql_handle_t *handle, rlm_sqlippool_t *data,
+ REQUEST *request, char *param, int param_len)
{
char query[MAX_QUERY_LEN];
char *expanded = NULL;