From 15cf459a4e88bbd8d9e66baae5f098d81cb4d96e Mon Sep 17 00:00:00 2001 From: Arran Cudbard-Bell Date: Sat, 29 Dec 2012 23:26:56 +0000 Subject: [PATCH] Add support for tags to remaining functions in lib/valuepair.c --- src/include/libradius.h | 14 +-- src/lib/dhcp.c | 37 ++++--- src/lib/radius.c | 2 +- src/lib/valuepair.c | 119 ++++++++++++++------- src/lib/vqp.c | 6 +- src/main/acct.c | 6 +- src/main/auth.c | 46 ++++---- src/main/client.c | 2 +- src/main/detail.c | 14 +-- src/main/dhcpd.c | 40 +++---- src/main/listen.c | 8 +- src/main/modcall.c | 4 +- src/main/process.c | 61 +++++------ src/main/radclient.c | 12 +-- src/main/realms.c | 4 +- src/main/stats.c | 22 ++-- src/main/tls.c | 10 +- src/main/valuepair.c | 6 +- src/main/xlat.c | 34 ++---- src/modules/rlm_acctlog/rlm_acctlog.c | 2 +- src/modules/rlm_attr_filter/rlm_attr_filter.c | 11 +- src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c | 6 +- src/modules/rlm_cache/rlm_cache.c | 8 +- src/modules/rlm_chap/rlm_chap.c | 10 +- src/modules/rlm_checkval/rlm_checkval.c | 4 +- src/modules/rlm_counter/rlm_counter.c | 22 ++-- src/modules/rlm_cram/rlm_cram.c | 8 +- src/modules/rlm_dbm/rlm_dbm.c | 6 +- src/modules/rlm_digest/rlm_digest.c | 44 ++++---- src/modules/rlm_eap/eap.c | 22 ++-- src/modules/rlm_eap/libeap/eapcommon.c | 10 +- src/modules/rlm_eap/libeap/eapsimlib.c | 10 +- src/modules/rlm_eap/mem.c | 2 +- src/modules/rlm_eap/radeapclient.c | 79 +++++++------- src/modules/rlm_eap/rlm_eap.c | 24 ++--- .../rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c | 4 +- src/modules/rlm_eap/types/rlm_eap_ikev2/ike_conf.c | 6 +- .../rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c | 4 +- .../rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c | 2 +- .../types/rlm_eap_mschapv2/rlm_eap_mschapv2.c | 19 ++-- src/modules/rlm_eap/types/rlm_eap_peap/peap.c | 38 +++---- .../rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c | 3 +- .../rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c | 6 +- .../rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c | 16 +-- .../rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c | 3 +- .../rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c | 8 +- .../rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c | 3 +- src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c | 38 +++---- src/modules/rlm_eap2/rlm_eap2.c | 22 ++-- src/modules/rlm_example/rlm_example.c | 2 +- src/modules/rlm_exec/rlm_exec.c | 8 +- src/modules/rlm_expiration/rlm_expiration.c | 4 +- src/modules/rlm_expr/paircmp.c | 4 +- src/modules/rlm_fastusers/rlm_fastusers.c | 10 +- src/modules/rlm_files/rlm_files.c | 4 +- src/modules/rlm_ippool/rlm_ippool.c | 16 +-- src/modules/rlm_jradius/rlm_jradius.c | 6 +- src/modules/rlm_ldap/rlm_ldap.c | 21 ++-- src/modules/rlm_logintime/rlm_logintime.c | 4 +- src/modules/rlm_mschap/opendir.c | 2 +- src/modules/rlm_mschap/rlm_mschap.c | 75 +++++-------- src/modules/rlm_opendirectory/rlm_opendirectory.c | 4 +- src/modules/rlm_otp/otp_mppe.c | 4 +- src/modules/rlm_otp/otp_pw_valid.c | 4 +- src/modules/rlm_otp/otp_pwe.c | 4 +- src/modules/rlm_otp/rlm_otp.c | 6 +- src/modules/rlm_pam/rlm_pam.c | 2 +- src/modules/rlm_pap/rlm_pap.c | 8 +- src/modules/rlm_passwd/rlm_passwd.c | 2 +- src/modules/rlm_perl/rlm_perl.c | 11 +- src/modules/rlm_policy/evaluate.c | 2 +- src/modules/rlm_preprocess/rlm_preprocess.c | 33 +++--- src/modules/rlm_radutmp/rlm_radutmp.c | 10 +- src/modules/rlm_radutmp/rlm_radutmp2.c | 10 +- src/modules/rlm_realm/rlm_realm.c | 8 +- src/modules/rlm_rediswho/rlm_rediswho.c | 2 +- src/modules/rlm_replicate/rlm_replicate.c | 6 +- src/modules/rlm_securid/mem.c | 2 +- src/modules/rlm_smsotp/rlm_smsotp.c | 6 +- src/modules/rlm_soh/rlm_soh.c | 18 ++-- src/modules/rlm_sometimes/rlm_sometimes.c | 2 +- src/modules/rlm_sql/rlm_sql.c | 22 ++-- src/modules/rlm_sqlcounter/rlm_sqlcounter.c | 6 +- src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c | 14 +-- src/modules/rlm_sqlippool/rlm_sqlippool.c | 6 +- src/modules/rlm_unix/rlm_unix.c | 4 +- src/modules/rlm_wimax/rlm_wimax.c | 46 ++++---- 87 files changed, 629 insertions(+), 656 deletions(-) diff --git a/src/include/libradius.h b/src/include/libradius.h index 41c50db..8f1b7b6 100644 --- a/src/include/libradius.h +++ b/src/include/libradius.h @@ -89,11 +89,13 @@ extern "C" { vp_print(fr_log_fp, vp); \ } \ } while(0) -# define TAG_VALID(x) ((x) > 0 && (x) < 0x20) -# define TAG_VALID_ZERO(x) ((x) < 0x20) -# define TAG_ANY -128 /* minimum signed char */ #endif +#define TAG_VALID(x) ((x) > 0 && (x) < 0x20) +#define TAG_VALID_ZERO(x) ((x) < 0x20) +#define TAG_ANY -128 /* minimum signed char */ +#define TAG_UNUSED 0 + #if defined(__GNUC__) # define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) # define NEVER_RETURNS __attribute__ ((noreturn)) @@ -413,7 +415,7 @@ VALUE_PAIR *paircreate_raw(int attr, int vendor, int type, VALUE_PAIR *); VALUE_PAIR *paircreate(int attr, int vendor, int type); void pairfree(VALUE_PAIR **); void pairbasicfree(VALUE_PAIR *pair); -VALUE_PAIR *pairfind(VALUE_PAIR *, unsigned int attr, unsigned int vendor); +VALUE_PAIR *pairfind(VALUE_PAIR *, unsigned int attr, unsigned int vendor, int8_t tag); void pairdelete(VALUE_PAIR **, unsigned int attr, unsigned int vendor, int8_t tag); void pairadd(VALUE_PAIR **, VALUE_PAIR *); void pairreplace(VALUE_PAIR **first, VALUE_PAIR *add); @@ -422,13 +424,13 @@ VALUE_PAIR *paircopyvp(const VALUE_PAIR *vp); VALUE_PAIR *paircopy(VALUE_PAIR *vp); VALUE_PAIR *paircopy2(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor, int8_t tag); void pairmove(VALUE_PAIR **to, VALUE_PAIR **from); -void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned int vendor); +void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned int vendor, int8_t tag); VALUE_PAIR *pairparsevalue(VALUE_PAIR *vp, const char *value); VALUE_PAIR *pairmake(const char *attribute, const char *value, int operator); VALUE_PAIR *pairmake_xlat(const char *attribute, const char *value, int operator); VALUE_PAIR *pairread(const char **ptr, FR_TOKEN *eol); FR_TOKEN userparse(const char *buffer, VALUE_PAIR **first_pair); -VALUE_PAIR *readvp2(FILE *fp, int *pfiledone, const char *errprefix); +VALUE_PAIR *readvp2(FILE *fp, int *pfiledone, const char *errprefix); /* * Error functions. diff --git a/src/lib/dhcp.c b/src/lib/dhcp.c index e0dbf98..ccc8486 100644 --- a/src/lib/dhcp.c +++ b/src/lib/dhcp.c @@ -778,14 +778,14 @@ int fr_dhcp_decode(RADIUS_PACKET *packet) /* * DHCP Opcode is request */ - vp = pairfind(head, 256, DHCP_MAGIC_VENDOR); + vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp && vp->vp_integer == 3) { /* * Vendor is "MSFT 98" */ - vp = pairfind(head, 63, DHCP_MAGIC_VENDOR); + vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) { - vp = pairfind(head, 262, DHCP_MAGIC_VENDOR); + vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY); /* * Reply should be broadcast. @@ -806,8 +806,8 @@ int fr_dhcp_decode(RADIUS_PACKET *packet) * Client can request a LARGER size, but not a smaller * one. They also cannot request a size larger than MTU. */ - maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR); - mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR); + maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY); + mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY); if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) { fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification."); @@ -1110,8 +1110,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) if (fr_debug_flag) { for (i = 256; i < 269; i++) { - vp = pairfind(packet->vps, i, - DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, i, DHCP_MAGIC_VENDOR, TAG_ANY); if (!vp) continue; debug_pair(vp); @@ -1129,7 +1128,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) * smaller one. They also cannot request a size * larger than MTU. */ - vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR); + vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp && (vp->vp_integer > mms)) { mms = vp->vp_integer; @@ -1140,7 +1139,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) /* * RFC 3118: Authentication option. */ - vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { if (vp->length < 2) { memset(vp->vp_octets + vp->length, 0, @@ -1164,7 +1163,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) VALUE_PAIR *pass; vp->vp_octets[1] = 0; - pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR); + pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR, TAG_ANY); if (pass) { length = pass->length; if ((length + 11) > sizeof(vp->vp_octets)) { @@ -1184,7 +1183,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) } } - vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { *p++ = vp->vp_integer & 0xff; } else { @@ -1197,7 +1196,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) *p++ = 1; /* hardware type = ethernet */ *p++ = 6; /* 6 bytes of ethernet */ - vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { *p++ = vp->vp_integer & 0xff; } else { @@ -1222,7 +1221,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) /* * Allow the admin to set the broadcast flag. */ - vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { p[0] |= (vp->vp_integer & 0xff00) >> 8; p[1] |= (vp->vp_integer & 0xff); @@ -1233,7 +1232,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) /* * Set client IP address. */ - vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR); /* Your IP address */ + vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* Your IP address */ if (vp) { lvalue = vp->vp_ipaddr; } else { @@ -1242,8 +1241,8 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) memcpy(p, &lvalue, 4); /* your IP address */ p += 4; - vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR); /* server IP address */ - if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR); /* identifier */ + vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY); /* server IP address */ + if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* identifier */ if (vp) { lvalue = vp->vp_ipaddr; } else { @@ -1255,7 +1254,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) if (original) { memcpy(p, original->data + 24, 4); /* copy gateway IP address */ } else { - vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { lvalue = vp->vp_ipaddr; } else { @@ -1268,7 +1267,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) if (original) { memcpy(p, original->data + 28, DHCP_CHADDR_LEN); } else { - vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { if (vp->length > DHCP_CHADDR_LEN) { memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN); @@ -1294,7 +1293,7 @@ int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) * When that happens, the boot filename is passed as an option, * instead of being placed verbatim in the filename field. */ - vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR); + vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { if (vp->length > DHCP_FILE_LEN) { memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN); diff --git a/src/lib/radius.c b/src/lib/radius.c index df1481c..719d5cd 100644 --- a/src/lib/radius.c +++ b/src/lib/radius.c @@ -4438,7 +4438,7 @@ int rad_chap_encode(RADIUS_PACKET *packet, uint8_t *output, int id, * Use Chap-Challenge pair if present, * Request Authenticator otherwise. */ - challenge = pairfind(packet->vps, PW_CHAP_CHALLENGE, 0); + challenge = pairfind(packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY); if (challenge) { memcpy(ptr, challenge->vp_strvalue, challenge->length); i += challenge->length; diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c index db6580f..43e588b 100644 --- a/src/lib/valuepair.c +++ b/src/lib/valuepair.c @@ -238,10 +238,13 @@ void pairfree(VALUE_PAIR **pair_ptr) /* * Find the pair with the matching attribute */ -VALUE_PAIR * pairfind(VALUE_PAIR *first, unsigned int attr, unsigned int vendor) +VALUE_PAIR * pairfind(VALUE_PAIR *first, unsigned int attr, unsigned int vendor, + int8_t tag) { while (first) { - if ((first->attribute == attr) && (first->vendor == vendor)) { + if ((first->attribute == attr) && (first->vendor == vendor) + && ((tag == TAG_ANY) || + (first->flags.has_tag && (first->flags.tag == tag)))) { return first; } first = first->next; @@ -255,10 +258,10 @@ VALUE_PAIR * pairfind(VALUE_PAIR *first, unsigned int attr, unsigned int vendor) * * Delete matching pairs from the attribute list. * - * @param[in+out] vp which is head of the list. + * @param[in+out] first VP in list. * @param[in] attr to match. * @param[in] vendor to match. - * @param[in] tag to match, only used if > 0. + * @param[in] tag to match. TAG_ANY matches any tag, TAG_UNUSED matches tagless VPs. */ void pairdelete(VALUE_PAIR **first, unsigned int attr, unsigned int vendor, int8_t tag) @@ -269,7 +272,7 @@ void pairdelete(VALUE_PAIR **first, unsigned int attr, unsigned int vendor, for(i = *first; i; i = next) { next = i->next; if ((i->attribute == attr) && (i->vendor == vendor) && - ((tag < 0) || + ((tag == TAG_ANY) || (i->flags.has_tag && (i->flags.tag == tag)))) { *last = next; pairbasicfree(i); @@ -279,8 +282,13 @@ void pairdelete(VALUE_PAIR **first, unsigned int attr, unsigned int vendor, } } -/* - * Add a pair at the end of a VALUE_PAIR list. +/** Add a VP to the end of the list. + * + * Locates the end of 'first', and links an additional VP 'add' at the end. + * + * @param[in] first VP in linked list. Will add new VP to the end of this list. + * @param[in] add VP to add to list. + * @return a copy of the input VP */ void pairadd(VALUE_PAIR **first, VALUE_PAIR *add) { @@ -297,8 +305,15 @@ void pairadd(VALUE_PAIR **first, VALUE_PAIR *add) i->next = add; } -/* - * Add or replace a pair at the end of a VALUE_PAIR list. +/** Replace all matching VPs + * + * Walks over 'first', and replaces the first VP that matches 'replace'. + * + * @note Memory used by the VP being replaced will be freed. + * + * @param[in+out] first VP in linked list. Will search and replace in this list. + * @param[in] replace VP to replace. + * @return a copy of the input vp */ void pairreplace(VALUE_PAIR **first, VALUE_PAIR *replace) { @@ -323,7 +338,9 @@ void pairreplace(VALUE_PAIR **first, VALUE_PAIR *replace) * and return. */ if ((i->attribute == replace->attribute) && - (i->vendor == replace->vendor)) { + (i->vendor == replace->vendor) && + (!i->flags.has_tag || (i->flags.tag == replace->flags.tag)) + ) { *prev = replace; /* @@ -348,8 +365,12 @@ void pairreplace(VALUE_PAIR **first, VALUE_PAIR *replace) } -/* - * Copy just one VP. +/** Copy a single valuepair + * + * Copy the head of the vp list. + * + * @param[in] vp to copy. + * @return a copy of the input VP */ VALUE_PAIR *paircopyvp(const VALUE_PAIR *vp) { @@ -395,15 +416,14 @@ VALUE_PAIR *paircopyvp(const VALUE_PAIR *vp) * * @param[in] vp which is head of the input list. * @param[in] attr to match, if 0 input list will not be filtered by attr. - * @param[in] vendor to match - * @param[in] tag to match, if < 0 input list will not be filtered by vendor, - * if >= 0 only attributes with that tag value will be copied. + * @param[in] vendor to match. + * @param[in] tag to match, TAG_ANY matches any tag, TAG_UNUSED matches tagless VPs. * @return the head of the new VALUE_PAIR list. */ VALUE_PAIR *paircopy2(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor, int8_t tag) { - VALUE_PAIR *first, *n, **last; + VALUE_PAIR *first, *n, **last; first = NULL; last = &first; @@ -413,8 +433,10 @@ VALUE_PAIR *paircopy2(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor, ((vp->attribute != attr) || (vp->vendor != vendor))) goto skip; - if ((tag >= 0) && vp->flags.has_tag && (vp->flags.tag != tag)) + if ((tag != TAG_ANY) && vp->flags.has_tag && + (vp->flags.tag != tag)) { goto skip; + } n = paircopyvp(vp); if (!n) return first; @@ -438,13 +460,23 @@ VALUE_PAIR *paircopy2(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor, */ VALUE_PAIR *paircopy(VALUE_PAIR *vp) { - return paircopy2(vp, 0, 0, -1); + return paircopy2(vp, 0, 0, TAG_ANY); } - -/* - * Move attributes from one list to the other - * if not already present. +/** Move pairs from source list to destination list respecting operator + * + * @note This function does some additional magic that's probably not needed + * in most places. Consider using radius_pairmove in server code. + * + * @note pairfree should be called on the head of the source list to free + * unmoved attributes (if they're no longer needed). + * + * @note Does not respect tags when matching. + * + * @param[in+out] to destination list. + * @param[in+out] from source list. + * + * @see radius_pairmove */ void pairmove(VALUE_PAIR **to, VALUE_PAIR **from) { @@ -515,19 +547,20 @@ void pairmove(VALUE_PAIR **to, VALUE_PAIR **from) if (i->attribute == PW_FALL_THROUGH || (i->attribute != PW_HINT && i->attribute != PW_FRAMED_ROUTE)) { - found = pairfind(*to, i->attribute, i->vendor); + + found = pairfind(*to, i->attribute, i->vendor, TAG_ANY); switch (i->operator) { - /* - * If matching attributes are found, - * delete them. - */ + /* + * If matching attributes are found, + * delete them. + */ case T_OP_SUB: /* -= */ if (found) { if (!i->vp_strvalue[0] || (strcmp((char *)found->vp_strvalue, (char *)i->vp_strvalue) == 0)){ - pairdelete(to, found->attribute, found->vendor, found->flags.tag); + pairdelete(to, found->attribute, found->vendor, TAG_ANY); /* * 'tailto' may have been @@ -578,7 +611,7 @@ void pairmove(VALUE_PAIR **to, VALUE_PAIR **from) memcpy(found, i, sizeof(*found)); found->next = mynext; - pairdelete(&found->next, found->attribute, found->vendor, found->flags.tag); + pairdelete(&found->next, found->attribute, found->vendor, TAG_ANY); /* * 'tailto' may have been @@ -621,10 +654,23 @@ void pairmove(VALUE_PAIR **to, VALUE_PAIR **from) } } -/* - * Move one kind of attributes from one list to the other +/** Move matching pairs + * + * Move pairs of a matching attribute number, vendor number and tag from the + * the input list to the output list. + * + * @note pairfree should be called on the head of the old list to free unmoved + attributes (if they're no longer needed). + * + * @param[in+out] to destination list. + * @param[in+out] from source list. + * @param[in] attr to match, if PW_VENDOR_SPECIFIC and vendor 0, only VSAs will + * be copied. + * @param[in] vendor to match. + * @param[in] tag to match, TAG_ANY matches any tag, TAG_UNUSED matches tagless VPs. */ -void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned int vendor) +void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, + unsigned int vendor, int8_t tag) { VALUE_PAIR *to_tail, *i, *next; VALUE_PAIR *iprev = NULL; @@ -642,6 +688,11 @@ void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned i for(i = *from; i; i = next) { next = i->next; + if ((tag != TAG_ANY) && i->flags.has_tag && + (i->flags.tag != tag)) { + continue; + } + /* * vendor=0, attr = PW_VENDOR_SPECIFIC means * "match any vendor attribute". @@ -2077,8 +2128,6 @@ VALUE_PAIR *readvp2(FILE *fp, int *pfiledone, const char *errprefix) return error ? NULL: list; } - - /* * Compare two pairs, using the operator from "one". * @@ -2089,8 +2138,6 @@ VALUE_PAIR *readvp2(FILE *fp, int *pfiledone, const char *errprefix) * e.g. "foo" != "bar" * * Returns true (comparison is true), or false (comparison is not true); - * - * FIXME: Ignores tags! */ int paircmp(VALUE_PAIR *one, VALUE_PAIR *two) { diff --git a/src/lib/vqp.c b/src/lib/vqp.c index 74d0bf5..4eaeb83 100644 --- a/src/lib/vqp.c +++ b/src/lib/vqp.c @@ -556,7 +556,7 @@ int vqp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) if (packet->data) return 0; - vp = pairfind(packet->vps, PW_VQP_PACKET_TYPE, 0); + vp = pairfind(packet->vps, PW_VQP_PACKET_TYPE, 0, TAG_ANY); if (!vp) { fr_strerror_printf("Failed to find VQP-Packet-Type in response packet"); return -1; @@ -571,7 +571,7 @@ int vqp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) length = VQP_HDR_LEN; memset(vps, 0, sizeof(vps)); - vp = pairfind(packet->vps, PW_VQP_ERROR_CODE, 0); + vp = pairfind(packet->vps, PW_VQP_ERROR_CODE, 0, TAG_ANY); /* * FIXME: Map attributes from calling-station-Id, etc. @@ -586,7 +586,7 @@ int vqp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original) if (!vp) for (i = 0; i < VQP_MAX_ATTRIBUTES; i++) { if (!contents[code][i]) break; - vps[i] = pairfind(packet->vps, contents[code][i] | 0x2000, 0); + vps[i] = pairfind(packet->vps, contents[code][i] | 0x2000, 0, TAG_ANY); /* * FIXME: Print the name... diff --git a/src/main/acct.c b/src/main/acct.c index e0ead29..c5b60a7 100644 --- a/src/main/acct.c +++ b/src/main/acct.c @@ -85,7 +85,7 @@ int rad_accounting(REQUEST *request) * Do the data storage before proxying. This is to ensure * that we log the packet, even if the proxy never does. */ - vp = pairfind(request->config_items, PW_ACCT_TYPE, 0); + vp = pairfind(request->config_items, PW_ACCT_TYPE, 0, TAG_ANY); if (vp) { acct_type = vp->vp_integer; DEBUG2(" Found Acct-Type %s", @@ -123,7 +123,7 @@ int rad_accounting(REQUEST *request) * Maybe one of the preacct modules has decided * that a proxy should be used. */ - if ((vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0))) { + if ((vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY))) { REALM *realm; /* @@ -133,7 +133,7 @@ int rad_accounting(REQUEST *request) realm = realm_find2(vp->vp_strvalue); if (realm && !realm->acct_pool) { DEBUG("rad_accounting: Cancelling proxy to realm %s, as it is a LOCAL realm.", realm->name); - pairdelete(&request->config_items, PW_PROXY_TO_REALM, 0, -1); + pairdelete(&request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY); } else { /* * Don't reply to the NAS now because diff --git a/src/main/auth.c b/src/main/auth.c index 99c3d5a..4b28e9a 100644 --- a/src/main/auth.c +++ b/src/main/auth.c @@ -42,13 +42,13 @@ char *auth_name(char *buf, size_t buflen, REQUEST *request, int do_cli) int port = 0; const char *tls = ""; - if ((cli = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) == NULL) + if ((cli = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) == NULL) do_cli = 0; - if ((pair = pairfind(request->packet->vps, PW_NAS_PORT, 0)) != NULL) + if ((pair = pairfind(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY)) != NULL) port = pair->vp_integer; if (request->packet->dst_port == 0) { - if (pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0)) { + if (pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY)) { tls = " via TLS tunnel"; } else { tls = " via proxy to virtual server"; @@ -87,7 +87,7 @@ static int rad_authlog(const char *msg, REQUEST *request, int goodpass) * Get the correct username based on the configured value */ if (log_stripped_names == 0) { - username = pairfind(request->packet->vps, PW_USER_NAME, 0); + username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); } else { username = request->username; } @@ -110,8 +110,7 @@ static int rad_authlog(const char *msg, REQUEST *request, int goodpass) if (!request->password) { VALUE_PAIR *auth_type; - auth_type = pairfind(request->config_items, - PW_AUTH_TYPE, 0); + auth_type = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY); if (auth_type) { snprintf(clean_password, sizeof(clean_password), "", @@ -120,7 +119,7 @@ static int rad_authlog(const char *msg, REQUEST *request, int goodpass) } else { strcpy(clean_password, ""); } - } else if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0)) { + } else if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) { strcpy(clean_password, ""); } else { fr_print_string((char *)request->password->vp_strvalue, @@ -181,7 +180,7 @@ static int rad_check_password(REQUEST *request) * PW_AUTHTYPE_REJECT. */ cur_config_item = request->config_items; - while(((auth_type_pair = pairfind(cur_config_item, PW_AUTH_TYPE, 0))) != NULL) { + while(((auth_type_pair = pairfind(cur_config_item, PW_AUTH_TYPE, 0, TAG_ANY))) != NULL) { auth_type = auth_type_pair->vp_integer; auth_type_count++; @@ -225,11 +224,11 @@ static int rad_check_password(REQUEST *request) * been set, and complain if so. */ if (auth_type < 0) { - if (pairfind(request->config_items, PW_CRYPT_PASSWORD, 0) != NULL) { + if (pairfind(request->config_items, PW_CRYPT_PASSWORD, 0, TAG_ANY) != NULL) { RDEBUG2("WARNING: Please update your configuration, and remove 'Auth-Type = Crypt'"); RDEBUG2("WARNING: Use the PAP module instead."); } - else if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0) != NULL) { + else if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) != NULL) { RDEBUG2("WARNING: Please update your configuration, and remove 'Auth-Type = Local'"); RDEBUG2("WARNING: Use the PAP or CHAP modules instead."); } @@ -294,7 +293,7 @@ int rad_postauth(REQUEST *request) /* * Do post-authentication calls. ignoring the return code. */ - vp = pairfind(request->config_items, PW_POST_AUTH_TYPE, 0); + vp = pairfind(request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY); if (vp) { postauth_type = vp->vp_integer; RDEBUG2("Using Post-Auth-Type %s", @@ -412,8 +411,7 @@ int rad_authenticate(REQUEST *request) * Look for, and cache, passwords. */ if (!request->password) { - request->password = pairfind(request->packet->vps, - PW_USER_PASSWORD, 0); + request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY); } /* @@ -427,8 +425,7 @@ int rad_authenticate(REQUEST *request) /* * Maybe there's a CHAP-Password? */ - if ((auth_item = pairfind(request->packet->vps, - PW_CHAP_PASSWORD, 0)) != NULL) { + if ((auth_item = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) { password = ""; } else { @@ -458,8 +455,7 @@ autz_redo: case RLM_MODULE_REJECT: case RLM_MODULE_USERLOCK: default: - if ((module_msg = pairfind(request->packet->vps, - PW_MODULE_FAILURE_MESSAGE, 0)) != NULL) { + if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL) { char msg[MAX_STRING_LEN + 16]; snprintf(msg, sizeof(msg), "Invalid user (%s)", module_msg->vp_strvalue); @@ -471,7 +467,7 @@ autz_redo: return result; } if (!autz_retry) { - tmp = pairfind(request->config_items, PW_AUTZ_TYPE, 0); + tmp = pairfind(request->config_items, PW_AUTZ_TYPE, 0, TAG_ANY); if (tmp) { autz_type = tmp->vp_integer; RDEBUG2("Using Autz-Type %s", @@ -491,7 +487,7 @@ autz_redo: #ifdef WITH_PROXY (request->proxy == NULL) && #endif - ((tmp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0)) != NULL)) { + ((tmp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY)) != NULL)) { REALM *realm; realm = realm_find2(tmp->vp_strvalue); @@ -549,7 +545,7 @@ autz_redo: RDEBUG2("Failed to authenticate the user."); request->reply->code = PW_AUTHENTICATION_REJECT; - if ((module_msg = pairfind(request->packet->vps,PW_MODULE_FAILURE_MESSAGE, 0)) != NULL){ + if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL){ char msg[MAX_STRING_LEN+19]; snprintf(msg, sizeof(msg), "Login incorrect (%s)", @@ -580,13 +576,13 @@ autz_redo: #ifdef WITH_SESSION_MGMT if (result >= 0 && - (check_item = pairfind(request->config_items, PW_SIMULTANEOUS_USE, 0)) != NULL) { + (check_item = pairfind(request->config_items, PW_SIMULTANEOUS_USE, 0, TAG_ANY)) != NULL) { int r, session_type = 0; char logstr[1024]; char umsg[MAX_STRING_LEN + 1]; const char *user_msg = NULL; - tmp = pairfind(request->config_items, PW_SESSION_TYPE, 0); + tmp = pairfind(request->config_items, PW_SESSION_TYPE, 0, TAG_ANY); if (tmp) { session_type = tmp->vp_integer; RDEBUG2("Using Session-Type %s", @@ -605,7 +601,7 @@ autz_redo: /* Multilink attempt. Check if port-limit > simultaneous-use */ VALUE_PAIR *port_limit; - if ((port_limit = pairfind(request->reply->vps, PW_PORT_LIMIT, 0)) != NULL && + if ((port_limit = pairfind(request->reply->vps, PW_PORT_LIMIT, 0, TAG_ANY)) != NULL && port_limit->vp_integer > check_item->vp_integer){ RDEBUG2("MPP is OK"); mpp_ok = 1; @@ -658,7 +654,7 @@ autz_redo: if (request->reply->code == 0) request->reply->code = PW_AUTHENTICATION_ACK; - if ((module_msg = pairfind(request->packet->vps,PW_MODULE_SUCCESS_MESSAGE, 0)) != NULL){ + if ((module_msg = pairfind(request->packet->vps, PW_MODULE_SUCCESS_MESSAGE, 0, TAG_ANY)) != NULL){ char msg[MAX_STRING_LEN+12]; snprintf(msg, sizeof(msg), "Login OK (%s)", @@ -689,7 +685,7 @@ int rad_virtual_server(REQUEST *request) result = rad_authenticate(request); if (request->reply->code == PW_AUTHENTICATION_REJECT) { - pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, -1); + pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY); vp = radius_pairmake(request, &request->config_items, "Post-Auth-Type", "Reject", T_OP_SET); diff --git a/src/main/client.c b/src/main/client.c index 0e08f3b..5a2b2e0 100644 --- a/src/main/client.c +++ b/src/main/client.c @@ -1101,7 +1101,7 @@ RADCLIENT *client_create(RADCLIENT_LIST *clients, REQUEST *request) return NULL; } - vp = pairfind(request->config_items, da->attr, da->vendor); + vp = pairfind(request->config_items, da->attr, da->vendor, TAG_ANY); if (!vp) { /* * Not required. Skip it. diff --git a/src/main/detail.c b/src/main/detail.c index 34bd883..d7742d8 100644 --- a/src/main/detail.c +++ b/src/main/detail.c @@ -636,12 +636,12 @@ int detail_recv(rad_listen_t *listener) packet->src_ipaddr = data->client_ip; } - vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS, 0); + vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS, 0, TAG_ANY); if (vp) { packet->src_ipaddr.af = AF_INET; packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr; } else { - vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS, 0); + vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS, 0, TAG_ANY); if (vp) { packet->src_ipaddr.af = AF_INET6; memcpy(&packet->src_ipaddr.ipaddr.ip6addr, @@ -649,12 +649,12 @@ int detail_recv(rad_listen_t *listener) } } - vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS, 0); + vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY); if (vp) { packet->dst_ipaddr.af = AF_INET; packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr; } else { - vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS, 0); + vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY); if (vp) { packet->dst_ipaddr.af = AF_INET6; memcpy(&packet->dst_ipaddr.ipaddr.ip6addr, @@ -685,7 +685,7 @@ int detail_recv(rad_listen_t *listener) * "Timestamp" field is when we wrote the packet to the * detail file, which could have been much later. */ - vp = pairfind(packet->vps, PW_EVENT_TIMESTAMP, 0); + vp = pairfind(packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY); if (vp) { data->timestamp = vp->vp_integer; } @@ -694,7 +694,7 @@ int detail_recv(rad_listen_t *listener) * Look for Acct-Delay-Time, and update * based on Acct-Delay-Time += (time(NULL) - timestamp) */ - vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME, 0); + vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY); if (!vp) { vp = paircreate(PW_ACCT_DELAY_TIME, 0, PW_TYPE_INTEGER); rad_assert(vp != NULL); @@ -707,7 +707,7 @@ int detail_recv(rad_listen_t *listener) /* * Set the transmission count. */ - vp = pairfind(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0); + vp = pairfind(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0, TAG_ANY); if (!vp) { vp = paircreate(PW_PACKET_TRANSMIT_COUNTER, 0, PW_TYPE_INTEGER); rad_assert(vp != NULL); diff --git a/src/main/dhcpd.c b/src/main/dhcpd.c index 6c28fd2..e1a152c 100644 --- a/src/main/dhcpd.c +++ b/src/main/dhcpd.c @@ -82,9 +82,9 @@ static int dhcprelay_process_client_request(REQUEST *request) /* * It's invalid to have giaddr=0 AND a relay option */ - vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR); /* DHCP-Gateway-IP-Address */ + vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */ if ((vp && (vp->vp_ipaddr == htonl(INADDR_ANY))) && - pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR)) { /* DHCP-Relay-Agent-Information */ + pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR, TAG_ANY)) { /* DHCP-Relay-Agent-Information */ DEBUG("DHCP: Received packet with giaddr = 0 and containing relay option: Discarding packet\n"); return 1; } @@ -94,10 +94,10 @@ static int dhcprelay_process_client_request(REQUEST *request) * * Drop requests if hop-count > 16 or admin specified another value */ - if ((vp = pairfind(request->config_items, 271, DHCP_MAGIC_VENDOR))) { /* DHCP-Relay-Max-Hop-Count */ + if ((vp = pairfind(request->config_items, 271, DHCP_MAGIC_VENDOR, TAG_ANY))) { /* DHCP-Relay-Max-Hop-Count */ maxhops = vp->vp_integer; } - vp = pairfind(request->packet->vps, 259, DHCP_MAGIC_VENDOR); /* DHCP-Hop-Count */ + vp = pairfind(request->packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Hop-Count */ rad_assert(vp != NULL); if (vp->vp_integer > maxhops) { DEBUG("DHCP: Number of hops is greater than %d: not relaying\n", maxhops); @@ -119,7 +119,7 @@ static int dhcprelay_process_client_request(REQUEST *request) request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = sock->ipaddr.ipaddr.ip4addr.s_addr; request->packet->src_port = sock->port; - vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR); /* DHCP-Relay-To-IP-Address */ + vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Relay-To-IP-Address */ rad_assert(vp != NULL); /* set DEST ipaddr/port to the next server ipaddr/port */ @@ -154,7 +154,7 @@ static int dhcprelay_process_server_reply(REQUEST *request) * Check that packet is for us by looking at the * DHCP-Gateway-IP-Address. */ - vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR); + vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); rad_assert(vp != NULL); /* --with-udpfromto is needed just for the following test */ @@ -176,9 +176,9 @@ static int dhcprelay_process_server_reply(REQUEST *request) request->packet->dst_port = request->packet->dst_port + 1; /* Port 68 */ if ((request->packet->code == PW_DHCP_NAK) || - ((vp = pairfind(request->packet->vps, 262, DHCP_MAGIC_VENDOR)) /* DHCP-Flags */ && + ((vp = pairfind(request->packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Flags */ && (vp->vp_integer & 0x8000) && - ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR)) /* DHCP-Client-IP-Address */ && + ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ && (vp->vp_ipaddr == htonl(INADDR_ANY))))) { /* * RFC 2131, page 23 @@ -197,11 +197,11 @@ static int dhcprelay_process_server_reply(REQUEST *request) * - ciaddr if present * otherwise to yiaddr */ - if ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR)) /* DHCP-Client-IP-Address */ && + if ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ && (vp->vp_ipaddr != htonl(INADDR_ANY))) { request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr; } else { - vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR); /* DHCP-Your-IP-Address */ + vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-Address */ rad_assert(vp != NULL); request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr; @@ -212,7 +212,7 @@ static int dhcprelay_process_server_reply(REQUEST *request) * the client was requesting an IP address. */ if (request->packet->code == PW_DHCP_OFFER) { - VALUE_PAIR *hwvp = pairfind(request->packet->vps, 267, DHCP_MAGIC_VENDOR); /* DHCP-Client-Hardware-Address */ + VALUE_PAIR *hwvp = pairfind(request->packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Client-Hardware-Address */ if (hwvp == NULL) { DEBUG("DHCP: DHCP_OFFER packet received with " "no Client Hardware Address. Discarding packet"); @@ -239,7 +239,7 @@ static int dhcp_process(REQUEST *request) int rcode; VALUE_PAIR *vp; - vp = pairfind(request->packet->vps, 53, DHCP_MAGIC_VENDOR); /* DHCP-Message-Type */ + vp = pairfind(request->packet->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */ if (vp) { DICT_VALUE *dv = dict_valbyattr(53, DHCP_MAGIC_VENDOR, vp->vp_integer); DEBUG("Trying sub-section dhcp %s {...}", @@ -256,7 +256,7 @@ static int dhcp_process(REQUEST *request) */ vp = NULL; if (request->packet->data[0] == 1) { - vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR); + vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR, TAG_ANY); } if (vp) { VALUE_PAIR *giaddr; @@ -267,9 +267,9 @@ static int dhcp_process(REQUEST *request) * * It's invalid to have giaddr=0 AND a relay option */ - giaddr = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR); + giaddr = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); if (giaddr && (giaddr->vp_ipaddr == htonl(INADDR_ANY))) { - if (pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR)) { + if (pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR, TAG_ANY)) { RDEBUG("DHCP: Received packet with giaddr = 0 and containing relay option: Discarding packet"); return 1; } @@ -299,7 +299,7 @@ static int dhcp_process(REQUEST *request) /* * Hop count goes up. */ - vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR); + vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) vp->vp_integer++; return 1; @@ -320,12 +320,12 @@ static int dhcp_process(REQUEST *request) * server. So we must be the destination of the * giaddr field. */ - pairdelete(&request->packet->vps, 266, DHCP_MAGIC_VENDOR, -1); + pairdelete(&request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* * Search for client IP address. */ - vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR); + vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); if (!vp) { request->reply->code = 0; RDEBUG("DHCP: No YIAddr in the reply. Discarding packet"); @@ -344,7 +344,7 @@ static int dhcp_process(REQUEST *request) /* * Hop count goes down. */ - vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR); + vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp && (vp->vp_integer > 0)) vp->vp_integer--; /* @@ -355,7 +355,7 @@ static int dhcp_process(REQUEST *request) return 1; } - vp = pairfind(request->reply->vps, 53, DHCP_MAGIC_VENDOR); /* DHCP-Message-Type */ + vp = pairfind(request->reply->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */ if (vp) { request->reply->code = vp->vp_integer; if ((request->reply->code != 0) && diff --git a/src/main/listen.c b/src/main/listen.c index 5b1cb37..d813aa8 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -1570,7 +1570,7 @@ static int do_proxy(REQUEST *request) return 0; } - vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0); + vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0, TAG_ANY); if (!vp) return 0; if (!home_pool_byname(vp->vp_strvalue, HOME_TYPE_COA)) { @@ -1621,10 +1621,10 @@ static int rad_coa_recv(REQUEST *request) * with Service-Type = Authorize-Only, it MUST * have a State attribute in it. */ - vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0); + vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY); if (request->packet->code == PW_COA_REQUEST) { if (vp && (vp->vp_integer == 17)) { - vp = pairfind(request->packet->vps, PW_STATE, 0); + vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (!vp || (vp->length == 0)) { RDEBUG("ERROR: CoA-Request with Service-Type = Authorize-Only MUST contain a State attribute"); request->reply->code = PW_COA_NAK; @@ -1673,7 +1673,7 @@ static int rad_coa_recv(REQUEST *request) * Copy State from the request to the reply. * See RFC 5176 Section 3.3. */ - vp = paircopy2(request->packet->vps, PW_STATE, 0, -1); + vp = paircopy2(request->packet->vps, PW_STATE, 0, TAG_ANY); if (vp) pairadd(&request->reply->vps, vp); /* diff --git a/src/main/modcall.c b/src/main/modcall.c index 4b6580d..36a512e 100644 --- a/src/main/modcall.c +++ b/src/main/modcall.c @@ -579,9 +579,7 @@ int modcall(int component, modcallable *c, REQUEST *request) if (myresult == MOD_ACTION_RETURN) { break; } - vp = pairfind(vp->next, - vp->attribute, - vp->vendor); + vp = pairfind(vp->next, vp->attribute, vp->vendor, TAG_ANY); /* * Delete the cached attribute, diff --git a/src/main/process.c b/src/main/process.c index 6bef46a..461a41b 100644 --- a/src/main/process.c +++ b/src/main/process.c @@ -968,10 +968,8 @@ static int request_pre_handler(REQUEST *request, UNUSED int action) * process it. */ if (request->packet->dst_port == 0) { - request->username = pairfind(request->packet->vps, - PW_USER_NAME, 0); - request->password = pairfind(request->packet->vps, - PW_USER_PASSWORD, 0); + request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); + request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY); return 1; } @@ -1029,8 +1027,7 @@ static int request_pre_handler(REQUEST *request, UNUSED int action) } if (!request->username) { - request->username = pairfind(request->packet->vps, - PW_USER_NAME, 0); + request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); } #ifdef WITH_PROXY @@ -1065,7 +1062,7 @@ STATE_MACHINE_DECL(request_finish) * Override the response code if a * control:Response-Packet-Type attribute is present. */ - vp = pairfind(request->config_items, PW_RESPONSE_PACKET_TYPE, 0); + vp = pairfind(request->config_items, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY); if (vp) { if (vp->vp_integer == 256) { RDEBUG2("Not responding to request"); @@ -1075,7 +1072,7 @@ STATE_MACHINE_DECL(request_finish) request->reply->code = vp->vp_integer; } } else if (request->reply->code == 0) { - vp = pairfind(request->config_items, PW_AUTH_TYPE, 0); + vp = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY); if (!vp || (vp->vp_integer != PW_AUTHENTICATION_REJECT)) { RDEBUG2("There was no response configured: " @@ -1089,7 +1086,7 @@ STATE_MACHINE_DECL(request_finish) /* * Copy Proxy-State from the request to the reply. */ - vp = paircopy2(request->packet->vps, PW_PROXY_STATE, 0, -1); + vp = paircopy2(request->packet->vps, PW_PROXY_STATE, 0, TAG_ANY); if (vp) pairadd(&request->reply->vps, vp); /* @@ -1098,7 +1095,7 @@ STATE_MACHINE_DECL(request_finish) * Post-Auth-Type = Reject */ if (request->reply->code == PW_AUTHENTICATION_REJECT) { - pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, -1); + pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY); vp = radius_pairmake(request, &request->config_items, "Post-Auth-Type", "Reject", T_OP_SET); @@ -1764,7 +1761,7 @@ static int process_proxy_reply(REQUEST *request) * Run the packet through the post-proxy stage, * BEFORE playing games with the attributes. */ - vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0); + vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0, TAG_ANY); /* * If we have a proxy_reply, and it was a reject, setup @@ -1819,7 +1816,7 @@ static int process_proxy_reply(REQUEST *request) * the reply. These include Proxy-State * attributes from us and remote server. */ - pairdelete(&request->proxy_reply->vps, PW_PROXY_STATE, 0, -1); + pairdelete(&request->proxy_reply->vps, PW_PROXY_STATE, 0, TAG_ANY); /* * Add the attributes left in the proxy @@ -2001,12 +1998,12 @@ static int setup_post_proxy_fail(REQUEST *request) if (!dval) { DEBUG("No Post-Proxy-Type Fail: ignoring"); - pairdelete(&request->config_items, PW_POST_PROXY_TYPE, 0, -1); + pairdelete(&request->config_items, PW_POST_PROXY_TYPE, 0, TAG_ANY); request_cleanup_delay_init(request, NULL); return 0; } - vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0); + vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0, TAG_ANY); if (!vp) vp = radius_paircreate(request, &request->config_items, PW_POST_PROXY_TYPE, 0, PW_TYPE_INTEGER); vp->vp_integer = dval->value; @@ -2078,7 +2075,7 @@ static int request_will_proxy(REQUEST *request) */ if (request->reply->code != 0) return 0; - vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0); + vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY); if (vp) { realm = realm_find2(vp->vp_strvalue); if (!realm) { @@ -2113,7 +2110,7 @@ static int request_will_proxy(REQUEST *request) } else { int pool_type; - vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0); + vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0, TAG_ANY); if (!vp) return 0; switch (request->packet->code) { @@ -2176,7 +2173,7 @@ static int request_will_proxy(REQUEST *request) * requests. */ if (realm && (realm->striprealm == TRUE) && - (strippedname = pairfind(request->proxy->vps, PW_STRIPPED_USER_NAME, 0)) != NULL) { + (strippedname = pairfind(request->proxy->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY)) != NULL) { /* * If there's a Stripped-User-Name attribute in * the request, then use THAT as the User-Name @@ -2190,7 +2187,7 @@ static int request_will_proxy(REQUEST *request) * from the vps list, and making the new * User-Name the head of the vps list. */ - vp = pairfind(request->proxy->vps, PW_USER_NAME, 0); + vp = pairfind(request->proxy->vps, PW_USER_NAME, 0, TAG_ANY); if (!vp) { vp = radius_paircreate(request, NULL, PW_USER_NAME, 0, PW_TYPE_STRING); @@ -2215,8 +2212,8 @@ static int request_will_proxy(REQUEST *request) * anymore - we changed it. */ if ((request->packet->code == PW_AUTHENTICATION_REQUEST) && - pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0) && - pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0) == NULL) { + pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) && + pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) { vp = radius_paircreate(request, &request->proxy->vps, PW_CHAP_CHALLENGE, 0, PW_TYPE_OCTETS); memcpy(vp->vp_strvalue, request->packet->vector, @@ -2243,7 +2240,7 @@ static int request_will_proxy(REQUEST *request) /* * Call the pre-proxy routines. */ - vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0); + vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0, TAG_ANY); if (vp) { RDEBUG2(" Found Pre-Proxy-Type %s", vp->vp_strvalue); pre_proxy_type = vp->vp_integer; @@ -2434,7 +2431,7 @@ static int request_proxy_anew(REQUEST *request) if (request->packet->code == PW_ACCOUNTING_REQUEST) { VALUE_PAIR *vp; - vp = pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0); + vp = pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY); if (!vp) vp = radius_paircreate(request, &request->proxy->vps, PW_ACCT_DELAY_TIME, 0, @@ -2851,7 +2848,7 @@ STATE_MACHINE_DECL(proxy_wait_for_reply) * get a new ID. */ if ((request->packet->code == PW_ACCOUNTING_REQUEST) && - pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0)) { + pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY)) { request_proxy_anew(request); return; } @@ -2998,9 +2995,9 @@ static void request_coa_originate(REQUEST *request) /* * Check whether we want to originate one, or cancel one. */ - vp = pairfind(request->config_items, PW_SEND_COA_REQUEST, 0); + vp = pairfind(request->config_items, PW_SEND_COA_REQUEST, 0, TAG_ANY); if (!vp) { - vp = pairfind(request->coa->proxy->vps, PW_SEND_COA_REQUEST, 0); + vp = pairfind(request->coa->proxy->vps, PW_SEND_COA_REQUEST, 0, TAG_ANY); } if (vp) { @@ -3017,18 +3014,16 @@ static void request_coa_originate(REQUEST *request) * src_ipaddr will be set up in proxy_encode. */ memset(&ipaddr, 0, sizeof(ipaddr)); - vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IP_ADDRESS, 0); + vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY); if (vp) { ipaddr.af = AF_INET; ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr; - } else if ((vp = pairfind(coa->proxy->vps, - PW_PACKET_DST_IPV6_ADDRESS, 0)) != NULL) { + } else if ((vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL) { ipaddr.af = AF_INET6; ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr; - } else if ((vp = pairfind(coa->proxy->vps, - PW_HOME_SERVER_POOL, 0)) != NULL) { + } else if ((vp = pairfind(coa->proxy->vps, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) { coa->home_pool = home_pool_byname(vp->vp_strvalue, HOME_TYPE_COA); if (!coa->home_pool) { @@ -3068,7 +3063,7 @@ static void request_coa_originate(REQUEST *request) } else if (!coa->home_server) { int port = PW_COA_UDP_PORT; - vp = pairfind(coa->proxy->vps, PW_PACKET_DST_PORT, 0); + vp = pairfind(coa->proxy->vps, PW_PACKET_DST_PORT, 0, TAG_ANY); if (vp) port = vp->vp_integer; coa->home_server = home_server_find(&ipaddr, port, IPPROTO_UDP); @@ -3080,7 +3075,7 @@ static void request_coa_originate(REQUEST *request) } } - vp = pairfind(coa->proxy->vps, PW_PACKET_TYPE, 0); + vp = pairfind(coa->proxy->vps, PW_PACKET_TYPE, 0, TAG_ANY); if (vp) { switch (vp->vp_integer) { case PW_COA_REQUEST: @@ -3120,7 +3115,7 @@ static void request_coa_originate(REQUEST *request) /* * Call the pre-proxy routines. */ - vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0); + vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0, TAG_ANY); if (vp) { RDEBUG2(" Found Pre-Proxy-Type %s", vp->vp_strvalue); pre_proxy_type = vp->vp_integer; diff --git a/src/main/radclient.c b/src/main/radclient.c index ff16466..3685f1d 100644 --- a/src/main/radclient.c +++ b/src/main/radclient.c @@ -274,17 +274,17 @@ static int radclient_init(const char *filename) /* * Keep a copy of the the User-Password attribute. */ - if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0)) != NULL) { + if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy(radclient->password, vp->vp_strvalue, sizeof(radclient->password)); /* * Otherwise keep a copy of the CHAP-Password attribute. */ - } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) { + } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy(radclient->password, vp->vp_strvalue, sizeof(radclient->password)); - } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0)) != NULL) { + } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy(radclient->password, vp->vp_strvalue, sizeof(radclient->password)); } else { @@ -606,12 +606,12 @@ static int send_one_packet(radclient_t *radclient) if (radclient->password[0] != '\0') { VALUE_PAIR *vp; - if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0)) != NULL) { + if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy(vp->vp_strvalue, radclient->password, sizeof(vp->vp_strvalue)); vp->length = strlen(vp->vp_strvalue); - } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) { + } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) { int already_hex = 0; /* @@ -643,7 +643,7 @@ static int send_one_packet(radclient_t *radclient) fr_rand() & 0xff, vp); vp->length = 17; } - } else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0) != NULL) { + } else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY) != NULL) { mschapv1_encode(&radclient->request->vps, radclient->password); } else if (fr_debug_flag) { diff --git a/src/main/realms.c b/src/main/realms.c index e18d5aa..b8f5401 100644 --- a/src/main/realms.c +++ b/src/main/realms.c @@ -2136,7 +2136,7 @@ void home_server_update_request(home_server *home, REQUEST *request) */ if (home->message_authenticator && (request->packet->code == PW_AUTHENTICATION_REQUEST) && - !pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0)) { + !pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY)) { radius_pairmake(request, &request->proxy->vps, "Message-Authenticator", "0x00", T_OP_SET); @@ -2203,7 +2203,7 @@ home_server *home_server_ldb(const char *realmname, break; case HOME_POOL_KEYED_BALANCE: - if ((vp = pairfind(request->config_items, PW_LOAD_BALANCE_KEY, 0)) != NULL) { + if ((vp = pairfind(request->config_items, PW_LOAD_BALANCE_KEY, 0, TAG_ANY)) != NULL) { hash = fr_hash(vp->vp_strvalue, vp->length); start = hash % pool->num_home_servers; break; diff --git a/src/main/stats.c b/src/main/stats.c index 82b5425..80e7c8d 100644 --- a/src/main/stats.c +++ b/src/main/stats.c @@ -456,7 +456,7 @@ void request_stats_reply(REQUEST *request) rad_assert(request->packet->code == PW_STATUS_SERVER); rad_assert(request->listener->type == RAD_LISTEN_NONE); - flag = pairfind(request->packet->vps, 127, VENDORPEC_FREERADIUS); + flag = pairfind(request->packet->vps, 127, VENDORPEC_FREERADIUS, TAG_ANY); if (!flag || (flag->vp_integer == 0)) return; /* @@ -546,10 +546,9 @@ void request_stats_reply(REQUEST *request) * See if we need to look up the client by server * socket. */ - server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS); + server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY); if (server_ip) { - server_port = pairfind(request->packet->vps, - 171, VENDORPEC_FREERADIUS); + server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY); if (server_port) { ipaddr.af = AF_INET; @@ -564,7 +563,7 @@ void request_stats_reply(REQUEST *request) } - vp = pairfind(request->packet->vps, 167, VENDORPEC_FREERADIUS); + vp = pairfind(request->packet->vps, 167, VENDORPEC_FREERADIUS, TAG_ANY); if (vp) { ipaddr.af = AF_INET; ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr; @@ -578,8 +577,7 @@ void request_stats_reply(REQUEST *request) /* * Else look it up by number. */ - } else if ((vp = pairfind(request->packet->vps, - 168, VENDORPEC_FREERADIUS)) != NULL) { + } else if ((vp = pairfind(request->packet->vps, 168, VENDORPEC_FREERADIUS, TAG_ANY)) != NULL) { client = client_findbynumber(cl, vp->vp_integer); } @@ -650,11 +648,10 @@ void request_stats_reply(REQUEST *request) * See if we need to look up the server by socket * socket. */ - server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS); + server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY); if (!server_ip) return; - server_port = pairfind(request->packet->vps, - 171, VENDORPEC_FREERADIUS); + server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY); if (!server_port) return; ipaddr.af = AF_INET; @@ -702,11 +699,10 @@ void request_stats_reply(REQUEST *request) * See if we need to look up the server by socket * socket. */ - server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS); + server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY); if (!server_ip) return; - server_port = pairfind(request->packet->vps, - 171, VENDORPEC_FREERADIUS); + server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY); if (!server_port) return; ipaddr.af = AF_INET; diff --git a/src/main/tls.c b/src/main/tls.c index 863e296..c114e81 100644 --- a/src/main/tls.c +++ b/src/main/tls.c @@ -253,7 +253,7 @@ tls_session_t *tls_new_session(fr_tls_server_conf_t *conf, REQUEST *request, * just too much. */ state->offset = conf->fragment_size; - vp = pairfind(request->packet->vps, PW_FRAMED_MTU, 0); + vp = pairfind(request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY); if (vp && (vp->vp_integer > 100) && (vp->vp_integer < state->offset)) { state->offset = vp->vp_integer; } @@ -2438,7 +2438,7 @@ int tls_success(tls_session_t *ssn, REQUEST *request) * user. */ if ((!ssn->allow_session_resumption) || - (((vp = pairfind(request->config_items, 1127, 0)) != NULL) && + (((vp = pairfind(request->config_items, 1127, 0, TAG_ANY)) != NULL) && (vp->vp_integer == 0))) { SSL_CTX_remove_session(ssn->ctx, ssn->ssl->session); @@ -2467,13 +2467,13 @@ int tls_success(tls_session_t *ssn, REQUEST *request) fr_bin2hex(ssn->ssl->session->session_id, buffer, size); - vp = paircopy2(request->reply->vps, PW_USER_NAME, 0, -1); + vp = paircopy2(request->reply->vps, PW_USER_NAME, 0, TAG_ANY); if (vp) pairadd(&vps, vp); - vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0, -1); + vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY); if (vp) pairadd(&vps, vp); - vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0, -1); + vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0, TAG_ANY); if (vp) pairadd(&vps, vp); certs = (VALUE_PAIR **)SSL_get_ex_data(ssn->ssl, FR_TLS_EX_INDEX_CERTS); diff --git a/src/main/valuepair.c b/src/main/valuepair.c index 43415db..0a3f8ff 100644 --- a/src/main/valuepair.c +++ b/src/main/valuepair.c @@ -512,7 +512,7 @@ int paircompare(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check, DEBUG("WARNING: Are you sure you don't mean Cleartext-Password?"); DEBUG("WARNING: See \"man rlm_pap\" for more information."); } - if (pairfind(request, PW_USER_PASSWORD, 0) == NULL) { + if (pairfind(request, PW_USER_PASSWORD, 0, TAG_ANY) == NULL) { continue; } break; @@ -691,7 +691,7 @@ void pairxlatmove(REQUEST *req, VALUE_PAIR **to, VALUE_PAIR **from) pairparsevalue(i, buffer); } - found = pairfind(*to, i->attribute, i->vendor); + found = pairfind(*to, i->attribute, i->vendor, TAG_ANY); switch (i->operator) { /* @@ -1384,7 +1384,7 @@ int radius_get_vp(REQUEST *request, const char *name, VALUE_PAIR **vp_p) /* * May not may not be found, but it *is* a known name. */ - *vp_p = pairfind(*vps, vpt.da->attr, vpt.da->vendor); + *vp_p = pairfind(*vps, vpt.da->attr, vpt.da->vendor, TAG_ANY); return 0; } diff --git a/src/main/xlat.c b/src/main/xlat.c index a8dfdef..d733b65 100644 --- a/src/main/xlat.c +++ b/src/main/xlat.c @@ -106,24 +106,6 @@ static int valuepair2str(char * out,int outlen,VALUE_PAIR * pair, int type) return strlen(out); } -static VALUE_PAIR *pairfind_tag(VALUE_PAIR *vps, const DICT_ATTR *da, int tag) -{ - VALUE_PAIR *vp = vps; - -redo: - vp = pairfind(vp, da->attr, da->vendor); - if (!tag) return vp; - - if (!vp) return NULL; - - if (!vp->flags.has_tag) return NULL; - - if (vp->flags.tag == tag) return vp; - - vp = vp->next; - goto redo; -} - /* * Dynamically translate for check:, request:, reply:, etc. */ @@ -266,7 +248,7 @@ static size_t xlat_packet(void *instance, REQUEST *request, * No array, print the tagged attribute. */ if (!do_array) { - vp = pairfind_tag(vps, da, tag); + vp = pairfind(vps, da->attr, da->vendor, tag); goto just_print; } @@ -276,9 +258,9 @@ static size_t xlat_packet(void *instance, REQUEST *request, * Array[#] - return the total */ if (do_count) { - for (vp = pairfind_tag(vps, da, tag); + for (vp = pairfind(vps, da->attr, da->vendor, tag); vp != NULL; - vp = pairfind_tag(vp->next, da, tag)) { + vp = pairfind(vp->next, da->attr, da->vendor, tag)) { total++; } @@ -291,9 +273,9 @@ static size_t xlat_packet(void *instance, REQUEST *request, * the attributes, separated by a newline. */ if (do_all) { - for (vp = pairfind_tag(vps, da, tag); + for (vp = pairfind(vps, da->attr, da->vendor, tag); vp != NULL; - vp = pairfind_tag(vp->next, da, tag)) { + vp = pairfind(vp->next, da->attr, da->vendor, tag)) { count = valuepair2str(out, outlen - 1, vp, da->type); rad_assert(count <= outlen); total += count + 1; @@ -312,9 +294,9 @@ static size_t xlat_packet(void *instance, REQUEST *request, /* * Find the N'th value. */ - for (vp = pairfind_tag(vps, da, tag); + for (vp = pairfind(vps, da->attr, da->vendor, tag); vp != NULL; - vp = pairfind_tag(vp->next, da, tag)) { + vp = pairfind(vp->next, da->attr, da->vendor, tag)) { if (total == count) break; total++; if (total > count) { @@ -345,7 +327,7 @@ static size_t xlat_packet(void *instance, REQUEST *request, return valuepair2str(out, outlen, vp, da->type); } - vp = pairfind(vps, da->attr, da->vendor); + vp = pairfind(vps, da->attr, da->vendor, TAG_ANY); if (!vp) { /* * Some "magic" handlers, which are never in VP's, but diff --git a/src/modules/rlm_acctlog/rlm_acctlog.c b/src/modules/rlm_acctlog/rlm_acctlog.c index c7dc1b2..b69d905 100644 --- a/src/modules/rlm_acctlog/rlm_acctlog.c +++ b/src/modules/rlm_acctlog/rlm_acctlog.c @@ -85,7 +85,7 @@ static int do_acctlog_acct(void *instance, REQUEST *request) inst = (rlm_acctlog_t*) instance; - if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) { + if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) { acctstatustype = pair->vp_integer; } else { radius_xlat(logstr, sizeof(logstr), "packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL, NULL); diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c index c6bfda8..329a8b8 100644 --- a/src/modules/rlm_attr_filter/rlm_attr_filter.c +++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c @@ -190,7 +190,7 @@ static int attr_filter_common(void *instance, REQUEST *request, if (!inst->key) { VALUE_PAIR *namepair; - namepair = pairfind(request->packet->vps, PW_REALM, 0); + namepair = pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY); if (!namepair) { return (RLM_MODULE_NOOP); } @@ -330,13 +330,10 @@ static int attr_filter_common(void *instance, REQUEST *request, *input = output; if (request->packet->code == PW_AUTHENTICATION_REQUEST) { - request->username = pairfind(request->packet->vps, - PW_STRIPPED_USER_NAME, 0); + request->username = pairfind(request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY); if (!request->username) - request->username = pairfind(request->packet->vps, - PW_USER_NAME, 0); - request->password = pairfind(request->packet->vps, - PW_USER_PASSWORD, 0); + request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); + request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY); } return RLM_MODULE_UPDATED; diff --git a/src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c b/src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c index 78754a4..aa51c12 100644 --- a/src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c +++ b/src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c @@ -171,7 +171,7 @@ static int do_attr_rewrite(void *instance, REQUEST *request) char search_STR[MAX_STRING_LEN]; char replace_STR[MAX_STRING_LEN]; - if ((attr_vp = pairfind(request->config_items, PW_REWRITE_RULE, 0)) != NULL){ + if ((attr_vp = pairfind(request->config_items, PW_REWRITE_RULE, 0, TAG_ANY)) != NULL){ if (data->name == NULL || strcmp(data->name,attr_vp->vp_strvalue)) return RLM_MODULE_NOOP; } @@ -256,12 +256,12 @@ static int do_attr_rewrite(void *instance, REQUEST *request) default: radlog(L_ERR, "%s: Illegal value for searchin. Changing to packet.", data->name); data->searchin = RLM_REGEX_INPACKET; - attr_vp = pairfind(request->packet->vps, data->da->attr, data->da->vendor); + attr_vp = pairfind(request->packet->vps, data->da->attr, data->da->vendor, TAG_ANY); break; } do_again: if (tmp != NULL) - attr_vp = pairfind(tmp, data->da->attr, data->da->vendor); + attr_vp = pairfind(tmp, data->da->attr, data->da->vendor, TAG_ANY); if (attr_vp == NULL) { DEBUG2("%s: Could not find value pair for attribute %s", data->name,data->attribute); return ret; diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c index 3c87112..1df26f4 100644 --- a/src/modules/rlm_cache/rlm_cache.c +++ b/src/modules/rlm_cache/rlm_cache.c @@ -201,7 +201,7 @@ static rlm_cache_entry_t *cache_find(rlm_cache_t *inst, REQUEST *request, * Update the expiry time based on the TTL. * A TTL of 0 means "delete from the cache". */ - vp = pairfind(request->config_items, PW_CACHE_TTL, 0); + vp = pairfind(request->config_items, PW_CACHE_TTL, 0, TAG_ANY); if (vp) { if (vp->vp_integer == 0) goto delete; @@ -232,7 +232,7 @@ static rlm_cache_entry_t *cache_add(rlm_cache_t *inst, REQUEST *request, /* * TTL of 0 means "don't cache this entry" */ - vp = pairfind(request->config_items, PW_CACHE_TTL, 0); + vp = pairfind(request->config_items, PW_CACHE_TTL, 0, TAG_ANY); if (vp && (vp->vp_integer == 0)) return NULL; c = rad_malloc(sizeof(*c)); @@ -422,7 +422,7 @@ static size_t cache_xlat(void *instance, REQUEST *request, goto done; } - vp = pairfind(vps, target->attr, target->vendor); + vp = pairfind(vps, target->attr, target->vendor, TAG_ANY); if (!vp) { RDEBUG("No instance of this attribute has been cached"); goto done; @@ -606,7 +606,7 @@ static int cache_it(void *instance, REQUEST *request) /* * If yes, only return whether we found a valid cache entry */ - vp = pairfind(request->config_items, PW_CACHE_STATUS_ONLY, 0); + vp = pairfind(request->config_items, PW_CACHE_STATUS_ONLY, 0, TAG_ANY); if (vp && vp->vp_integer) { rcode = c ? RLM_MODULE_OK: RLM_MODULE_NOTFOUND; diff --git a/src/modules/rlm_chap/rlm_chap.c b/src/modules/rlm_chap/rlm_chap.c index 72c68b0..2a7116c 100644 --- a/src/modules/rlm_chap/rlm_chap.c +++ b/src/modules/rlm_chap/rlm_chap.c @@ -38,11 +38,11 @@ static int chap_authorize(void *instance, REQUEST *request) instance = instance; request = request; - if (!pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0)) { + if (!pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) { return RLM_MODULE_NOOP; } - if (pairfind(request->config_items, PW_AUTHTYPE, 0) != NULL) { + if (pairfind(request->config_items, PW_AUTHTYPE, 0, TAG_ANY) != NULL) { RDEBUG2("WARNING: Auth-Type already set. Not setting to CHAP"); return RLM_MODULE_NOOP; } @@ -76,7 +76,7 @@ static int chap_authenticate(void *instance, REQUEST *request) return RLM_MODULE_INVALID; } - chap = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0); + chap = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY); if (!chap) { RDEBUG("ERROR: You set 'Auth-Type = CHAP' for a request that does not contain a CHAP-Password attribute!"); return RLM_MODULE_INVALID; @@ -98,8 +98,8 @@ static int chap_authenticate(void *instance, REQUEST *request) RDEBUG("login attempt by \"%s\" with CHAP password", request->username->vp_strvalue); - if ((passwd_item = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0)) == NULL){ - if ((passwd_item = pairfind(request->config_items, PW_USER_PASSWORD, 0)) != NULL){ + if ((passwd_item = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) == NULL){ + if ((passwd_item = pairfind(request->config_items, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL){ RDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); RDEBUG("!!! Please update your configuration so that the \"known !!!"); RDEBUG("!!! good\" clear text password is in Cleartext-Password, !!!"); diff --git a/src/modules/rlm_checkval/rlm_checkval.c b/src/modules/rlm_checkval/rlm_checkval.c index 3a03e26..a219894 100644 --- a/src/modules/rlm_checkval/rlm_checkval.c +++ b/src/modules/rlm_checkval/rlm_checkval.c @@ -206,7 +206,7 @@ static int do_checkval(void *instance, REQUEST *request) * Look for the check item */ - if (!(item_vp = pairfind(request->packet->vps, data->item_attr->attr, data->item_attr->vendor))){ + if (!(item_vp = pairfind(request->packet->vps, data->item_attr->attr, data->item_attr->vendor, TAG_ANY))){ DEBUG2("rlm_checkval: Could not find item named %s in request", data->item_name); if (data->notfound_reject) ret = RLM_MODULE_REJECT; @@ -217,7 +217,7 @@ static int do_checkval(void *instance, REQUEST *request) DEBUG2("rlm_checkval: Item Name: %s, Value: %s",data->item_name, item_vp->vp_strvalue); tmp = request->config_items; do{ - if (!(chk_vp = pairfind(tmp, data->chk_attr->attr, data->chk_attr->vendor))){ + if (!(chk_vp = pairfind(tmp, data->chk_attr->attr, data->chk_attr->vendor, TAG_ANY))){ if (!found){ DEBUG2("rlm_checkval: Could not find attribute named %s in check pairs",data->check_name); ret = RLM_MODULE_NOTFOUND; diff --git a/src/modules/rlm_counter/rlm_counter.c b/src/modules/rlm_counter/rlm_counter.c index 03e8a38..a03d086 100644 --- a/src/modules/rlm_counter/rlm_counter.c +++ b/src/modules/rlm_counter/rlm_counter.c @@ -149,7 +149,7 @@ static int counter_cmp(void *instance, /* * Find the key attribute. */ - key_vp = pairfind(request, inst->key_attr, 0); + key_vp = pairfind(request, inst->key_attr, 0, TAG_ANY); if (key_vp == NULL) { return RLM_MODULE_NOOP; } @@ -585,7 +585,7 @@ static int counter_accounting(void *instance, REQUEST *request) int acctstatustype = 0; time_t diff; - if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) + if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) acctstatustype = key_vp->vp_integer; else { DEBUG("rlm_counter: Could not find account status type in packet."); @@ -595,7 +595,7 @@ static int counter_accounting(void *instance, REQUEST *request) DEBUG("rlm_counter: We only run on Accounting-Stop packets."); return RLM_MODULE_NOOP; } - uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0); + uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY); if (uniqueid_vp != NULL) DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue); @@ -619,7 +619,7 @@ static int counter_accounting(void *instance, REQUEST *request) * Check if we need to watch out for a specific service-type. If yes then check it */ if (inst->service_type != NULL) { - if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0)) == NULL){ + if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY)) == NULL){ DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP."); return RLM_MODULE_NOOP; } @@ -632,7 +632,7 @@ static int counter_accounting(void *instance, REQUEST *request) * Check if request->timestamp - {Acct-Delay-Time} < last_reset * If yes reject the packet since it is very old */ - key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0); + key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY); if (key_vp != NULL){ if (key_vp->vp_integer != 0 && (request->timestamp - key_vp->vp_integer) < inst->last_reset){ @@ -647,7 +647,7 @@ static int counter_accounting(void *instance, REQUEST *request) * Look for the key. User-Name is special. It means * The REAL username, after stripping. */ - key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0); + key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0, TAG_ANY); if (key_vp == NULL){ DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP."); return RLM_MODULE_NOOP; @@ -656,7 +656,7 @@ static int counter_accounting(void *instance, REQUEST *request) /* * Look for the attribute to use as a counter. */ - count_vp = pairfind(request->packet->vps, inst->count_attr, 0); + count_vp = pairfind(request->packet->vps, inst->count_attr, 0, TAG_ANY); if (count_vp == NULL){ DEBUG("rlm_counter: Could not find the count-attribute in the request."); return RLM_MODULE_NOOP; @@ -787,7 +787,7 @@ static int counter_authorize(void *instance, REQUEST *request) * The REAL username, after stripping. */ DEBUG2("rlm_counter: Entering module authorize code"); - key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0); + key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0, TAG_ANY); if (key_vp == NULL) { DEBUG2("rlm_counter: Could not find Key value pair"); return ret; @@ -796,7 +796,7 @@ static int counter_authorize(void *instance, REQUEST *request) /* * Look for the check item */ - if ((check_vp= pairfind(request->config_items, inst->check_attr, 0)) == NULL) { + if ((check_vp= pairfind(request->config_items, inst->check_attr, 0, TAG_ANY)) == NULL) { DEBUG2("rlm_counter: Could not find Check item value pair"); return ret; } @@ -861,7 +861,7 @@ static int counter_authorize(void *instance, REQUEST *request) res += check_vp->vp_integer; } - reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0); + reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY); if (reply_item && (reply_item->vp_integer > res)) { reply_item->vp_integer = res; } else { @@ -870,7 +870,7 @@ static int counter_authorize(void *instance, REQUEST *request) } } else if (inst->reply_attr) { - reply_item = pairfind(request->reply->vps, inst->reply_attr, 0); + reply_item = pairfind(request->reply->vps, inst->reply_attr, 0, TAG_ANY); if (reply_item && (reply_item->vp_integer > res)) { reply_item->vp_integer = res; } else { diff --git a/src/modules/rlm_cram/rlm_cram.c b/src/modules/rlm_cram/rlm_cram.c index b7e76d2..4e16638 100644 --- a/src/modules/rlm_cram/rlm_cram.c +++ b/src/modules/rlm_cram/rlm_cram.c @@ -140,22 +140,22 @@ static int cram_authenticate(UNUSED void * instance, REQUEST *request) VALUE_PAIR *authtype, *challenge, *response, *password; uint8_t buffer[64]; - password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0); + password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); if(!password) { radlog(L_AUTH, "rlm_cram: Cleartext-Password is required for authentication."); return RLM_MODULE_INVALID; } - authtype = pairfind(request->packet->vps, SM_AUTHTYPE, VENDORPEC_SM); + authtype = pairfind(request->packet->vps, SM_AUTHTYPE, VENDORPEC_SM, TAG_ANY); if(!authtype) { radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Authtype missed"); return RLM_MODULE_INVALID; } - challenge = pairfind(request->packet->vps, SM_CHALLENGE, VENDORPEC_SM); + challenge = pairfind(request->packet->vps, SM_CHALLENGE, VENDORPEC_SM, TAG_ANY); if(!challenge) { radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Challenge missed"); return RLM_MODULE_INVALID; } - response = pairfind(request->packet->vps, SM_RESPONSE, VENDORPEC_SM); + response = pairfind(request->packet->vps, SM_RESPONSE, VENDORPEC_SM, TAG_ANY); if(!response) { radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Response missed"); return RLM_MODULE_INVALID; diff --git a/src/modules/rlm_dbm/rlm_dbm.c b/src/modules/rlm_dbm/rlm_dbm.c index 59d6ff7..341c214 100644 --- a/src/modules/rlm_dbm/rlm_dbm.c +++ b/src/modules/rlm_dbm/rlm_dbm.c @@ -131,7 +131,7 @@ enum { static int isfallthrough(VALUE_PAIR *vp) { VALUE_PAIR * tmp; - tmp = pairfind(vp, PW_FALL_THROUGH, 0); + tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY); return tmp ? tmp -> vp_integer : 1; /* if no FALL_THROUGH - keep looking */ } @@ -221,7 +221,7 @@ static int sm_parse_user(DBM *pdb, const char * username, REQUEST *req, /* look for join-attribute */ DEBUG2("rlm_dbm: Reply found"); join_attr = vp; - while( (join_attr = pairfind(join_attr,SM_JOIN_ATTR, 0) ) != NULL ) { + while( (join_attr = pairfind(join_attr, SM_JOIN_ATTR, 0, TAG_ANY) ) != NULL ) { DEBUG2("rlm_dbm: Proccess nested record: username %s", (char *)join_attr->vp_strvalue); /* res = RLM_MODULE_NOTFOUND; */ @@ -239,7 +239,7 @@ static int sm_parse_user(DBM *pdb, const char * username, REQUEST *req, } join_attr = join_attr -> next; } - pairdelete(&vp,SM_JOIN_ATTR, 0, -1); + pairdelete(&vp,SM_JOIN_ATTR, 0, TAG_ANY); if ( parse_state != SMP_ERROR ) { if ( ! isfallthrough(vp) ) { continue_search = 0; diff --git a/src/modules/rlm_digest/rlm_digest.c b/src/modules/rlm_digest/rlm_digest.c index 3dbeb41..423454b 100644 --- a/src/modules/rlm_digest/rlm_digest.c +++ b/src/modules/rlm_digest/rlm_digest.c @@ -34,7 +34,7 @@ static int digest_fix(REQUEST *request) /* * We need both of these attributes to do the authentication. */ - vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY); if (vp == NULL) { return RLM_MODULE_NOOP; } @@ -49,7 +49,7 @@ static int digest_fix(REQUEST *request) /* * We need these, too. */ - vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY); if (vp == NULL) { return RLM_MODULE_NOOP; } @@ -100,14 +100,14 @@ static int digest_fix(REQUEST *request) /* * Find the next one, if it exists. */ - vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0); + vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY); } /* * Convert them to something sane. */ RDEBUG("Digest-Attributes look OK. Converting them to something more usful."); - vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY); while (vp) { int length = vp->length; int attrlen; @@ -173,7 +173,7 @@ static int digest_fix(REQUEST *request) /* * Find the next one, if it exists. */ - vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0); + vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY); } return RLM_MODULE_OK; @@ -193,7 +193,7 @@ static int digest_authorize(void *instance, REQUEST *request) if (rcode != RLM_MODULE_OK) return rcode; - if (pairfind(request->config_items, PW_AUTHTYPE, 0)) { + if (pairfind(request->config_items, PW_AUTHTYPE, 0, TAG_ANY)) { RDEBUG2("WARNING: Auth-Type already set. Not setting to DIGEST"); return RLM_MODULE_NOOP; } @@ -228,14 +228,14 @@ static int digest_authenticate(void *instance, REQUEST *request) * We require access to the plain-text password, or to the * Digest-HA1 parameter. */ - passwd = pairfind(request->config_items, PW_DIGEST_HA1, 0); + passwd = pairfind(request->config_items, PW_DIGEST_HA1, 0, TAG_ANY); if (passwd) { if (passwd->length != 32) { radlog_request(L_AUTH, 0, request, "Digest-HA1 has invalid length, authentication failed."); return RLM_MODULE_INVALID; } } else { - passwd = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0); + passwd = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); } if (!passwd) { radlog_request(L_AUTH, 0, request, "Cleartext-Password or Digest-HA1 is required for authentication."); @@ -245,7 +245,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * We need these, too. */ - vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY); if (vp == NULL) { error: RDEBUG("ERROR: You set 'Auth-Type = Digest' for a request that does not contain any digest attributes!"); @@ -259,7 +259,7 @@ static int digest_authenticate(void *instance, REQUEST *request) * "authorize" section. In that case, try to decode the * attributes here. */ - if (!pairfind(request->packet->vps, PW_DIGEST_NONCE, 0)) { + if (!pairfind(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY)) { int rcode; rcode = digest_fix(request); @@ -276,7 +276,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * We require access to the Digest-Nonce-Value */ - nonce = pairfind(request->packet->vps, PW_DIGEST_NONCE, 0); + nonce = pairfind(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY); if (!nonce) { RDEBUG("ERROR: No Digest-Nonce: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -285,7 +285,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * A1 = Digest-User-Name ":" Realm ":" Password */ - vp = pairfind(request->packet->vps, PW_DIGEST_USER_NAME, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_USER_NAME, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-User-Name: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -296,7 +296,7 @@ static int digest_authenticate(void *instance, REQUEST *request) a1[a1_len] = ':'; a1_len++; - vp = pairfind(request->packet->vps, PW_DIGEST_REALM, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_REALM, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-Realm: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -322,7 +322,7 @@ static int digest_authenticate(void *instance, REQUEST *request) * See which variant we calculate. * Assume MD5 if no Digest-Algorithm attribute received */ - algo = pairfind(request->packet->vps, PW_DIGEST_ALGORITHM, 0); + algo = pairfind(request->packet->vps, PW_DIGEST_ALGORITHM, 0, TAG_ANY); if ((algo == NULL) || (strcasecmp(algo->vp_strvalue, "MD5") == 0)) { /* @@ -366,7 +366,7 @@ static int digest_authenticate(void *instance, REQUEST *request) a1[a1_len] = ':'; a1_len++; - vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-CNonce: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -395,7 +395,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * A2 = Digest-Method ":" Digest-URI */ - vp = pairfind(request->packet->vps, PW_DIGEST_METHOD, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_METHOD, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-Method: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -406,7 +406,7 @@ static int digest_authenticate(void *instance, REQUEST *request) a2[a2_len] = ':'; a2_len++; - vp = pairfind(request->packet->vps, PW_DIGEST_URI, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_URI, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-URI: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -417,7 +417,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * QOP is "auth-int", tack on ": Digest-Body-Digest" */ - qop = pairfind(request->packet->vps, PW_DIGEST_QOP, 0); + qop = pairfind(request->packet->vps, PW_DIGEST_QOP, 0, TAG_ANY); if ((qop != NULL) && (strcasecmp(qop->vp_strvalue, "auth-int") == 0)) { VALUE_PAIR *body; @@ -431,7 +431,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * Must be a hex representation of an MD5 digest. */ - body = pairfind(request->packet->vps, PW_DIGEST_BODY_DIGEST, 0); + body = pairfind(request->packet->vps, PW_DIGEST_BODY_DIGEST, 0, TAG_ANY); if (!body) { RDEBUG("ERROR: No Digest-Body-Digest: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -502,7 +502,7 @@ static int digest_authenticate(void *instance, REQUEST *request) kd[kd_len] = ':'; kd_len++; - vp = pairfind(request->packet->vps, PW_DIGEST_NONCE_COUNT, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_NONCE_COUNT, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-Nonce-Count: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -513,7 +513,7 @@ static int digest_authenticate(void *instance, REQUEST *request) kd[kd_len] = ':'; kd_len++; - vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-CNonce: Cannot perform Digest authentication"); return RLM_MODULE_INVALID; @@ -562,7 +562,7 @@ static int digest_authenticate(void *instance, REQUEST *request) /* * Get the binary value of Digest-Response */ - vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0); + vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY); if (!vp) { RDEBUG("ERROR: No Digest-Response attribute in the request. Cannot perform digest authentication"); return RLM_MODULE_INVALID; diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c index 048e326..c2ea228 100644 --- a/src/modules/rlm_eap/eap.c +++ b/src/modules/rlm_eap/eap.c @@ -240,8 +240,7 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler) /* * Allow per-user configuration of EAP types. */ - vp = pairfind(handler->request->config_items, - PW_EAP_TYPE, 0); + vp = pairfind(handler->request->config_items, PW_EAP_TYPE, 0, TAG_ANY); if (vp) default_eap_type = vp->vp_integer; do_initiate: @@ -305,8 +304,7 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler) * as they may have asked for many. */ default_eap_type = 0; - vp = pairfind(handler->request->config_items, - PW_EAP_TYPE, 0); + vp = pairfind(handler->request->config_items, PW_EAP_TYPE, 0, TAG_ANY); for (i = 0; i < eaptype->length; i++) { /* * It is invalid to request identity, @@ -519,7 +517,7 @@ int eap_compose(EAP_HANDLER *handler) * Don't add a Message-Authenticator if it's already * there. */ - vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0); + vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0, PW_TYPE_OCTETS); memset(vp->vp_octets, 0, AUTH_VECTOR_LEN); @@ -576,7 +574,7 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) VALUE_PAIR *vp, *proxy; VALUE_PAIR *eap_msg; - eap_msg = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0); + eap_msg = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY); if (eap_msg == NULL) { RDEBUG2("No EAP-Message, not doing EAP"); return EAP_NOOP; @@ -586,7 +584,7 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) * Look for EAP-Type = None (FreeRADIUS specific attribute) * this allows you to NOT do EAP for some users. */ - vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0); + vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY); if (vp && vp->vp_integer == 0) { RDEBUG2("Found EAP-Message, but EAP-Type = None, so we're not doing EAP."); return EAP_NOOP; @@ -602,7 +600,7 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) * Check for a Proxy-To-Realm. Don't get excited over LOCAL * realms (sigh). */ - proxy = pairfind(request->config_items, PW_PROXY_TO_REALM, 0); + proxy = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY); if (proxy) { REALM *realm; @@ -826,8 +824,8 @@ void eap_fail(EAP_HANDLER *handler) /* * Delete any previous replies. */ - pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, 0, -1); - pairdelete(&handler->request->reply->vps, PW_STATE, 0, -1); + pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY); + pairdelete(&handler->request->reply->vps, PW_STATE, 0, TAG_ANY); eap_packet_free(&handler->eap_ds->request); handler->eap_ds->request = eap_packet_alloc(); @@ -1019,7 +1017,7 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p, return NULL; } - vp = pairfind(request->packet->vps, PW_USER_NAME, 0); + vp = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!vp) { /* * NAS did not set the User-Name @@ -1078,7 +1076,7 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p, return NULL; } - vp = pairfind(request->packet->vps, PW_USER_NAME, 0); + vp = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!vp) { /* * NAS did not set the User-Name diff --git a/src/modules/rlm_eap/libeap/eapcommon.c b/src/modules/rlm_eap/libeap/eapcommon.c index 1f0f0e7..9732e53 100644 --- a/src/modules/rlm_eap/libeap/eapcommon.c +++ b/src/modules/rlm_eap/libeap/eapcommon.c @@ -259,7 +259,7 @@ int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply) } eap_packet = (eap_packet_t *)reply->packet; - pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0, -1); + pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0, TAG_ANY); vp = eap_packet2vp(eap_packet); if (!vp) return RLM_MODULE_INVALID; @@ -272,7 +272,7 @@ int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply) * Don't add a Message-Authenticator if it's already * there. */ - vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0); + vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0, PW_TYPE_OCTETS); memset(vp->vp_strvalue, 0, AUTH_VECTOR_LEN); @@ -360,7 +360,7 @@ eap_packet_t *eap_vp2packet(VALUE_PAIR *vps) /* * Get only EAP-Message attribute list */ - first = pairfind(vps, PW_EAP_MESSAGE, 0); + first = pairfind(vps, PW_EAP_MESSAGE, 0, TAG_ANY); if (first == NULL) { DEBUG("rlm_eap: EAP-Message not found"); return NULL; @@ -393,7 +393,7 @@ eap_packet_t *eap_vp2packet(VALUE_PAIR *vps) * Sanity check the length, BEFORE malloc'ing memory. */ total_len = 0; - for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) { + for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) { total_len += vp->length; if (total_len > len) { @@ -425,7 +425,7 @@ eap_packet_t *eap_vp2packet(VALUE_PAIR *vps) ptr = (unsigned char *)eap_packet; /* RADIUS ensures order of attrs, so just concatenate all */ - for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) { + for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) { memcpy(ptr, vp->vp_strvalue, vp->length); ptr += vp->length; } diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c index 29b7866..9dd29f4 100644 --- a/src/modules/rlm_eap/libeap/eapsimlib.c +++ b/src/modules/rlm_eap/libeap/eapsimlib.c @@ -80,7 +80,7 @@ int map_eapsim_basictypes(RADIUS_PACKET *r, EAP_PACKET *ep) * it might be too big for putting into an EAP-Type-SIM * */ - vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0); + vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0, TAG_ANY); if(vp == NULL) { subtype = eapsim_start; @@ -90,7 +90,7 @@ int map_eapsim_basictypes(RADIUS_PACKET *r, EAP_PACKET *ep) subtype = vp->vp_integer; } - vp = pairfind(r->vps, ATTRIBUTE_EAP_ID, 0); + vp = pairfind(r->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY); if(vp == NULL) { id = ((int)getpid() & 0xff); @@ -100,7 +100,7 @@ int map_eapsim_basictypes(RADIUS_PACKET *r, EAP_PACKET *ep) id = vp->vp_integer; } - vp = pairfind(r->vps, ATTRIBUTE_EAP_CODE, 0); + vp = pairfind(r->vps, ATTRIBUTE_EAP_CODE, 0, TAG_ANY); if(vp == NULL) { eapcode = PW_EAP_REQUEST; @@ -250,7 +250,7 @@ int map_eapsim_basictypes(RADIUS_PACKET *r, EAP_PACKET *ep) * then we should calculate the HMAC-SHA1 of the resulting EAP-SIM * packet, appended with the value of append. */ - vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_KEY, 0); + vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_KEY, 0, TAG_ANY); if(macspace != NULL && vp != NULL) { unsigned char *buffer; @@ -396,7 +396,7 @@ eapsim_checkmac(VALUE_PAIR *rvps, int elen,len; VALUE_PAIR *mac; - mac = pairfind(rvps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0); + mac = pairfind(rvps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0, TAG_ANY); if(mac == NULL || mac->length != 18) { diff --git a/src/modules/rlm_eap/mem.c b/src/modules/rlm_eap/mem.c index dc219a7..fb4a468 100644 --- a/src/modules/rlm_eap/mem.c +++ b/src/modules/rlm_eap/mem.c @@ -552,7 +552,7 @@ EAP_HANDLER *eaplist_find(rlm_eap_t *inst, REQUEST *request, * We key the sessions off of the 'state' attribute, so it * must exist. */ - state = pairfind(request->packet->vps, PW_STATE, 0); + state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (!state || (state->length != EAP_STATE_LEN)) { return NULL; diff --git a/src/modules/rlm_eap/radeapclient.c b/src/modules/rlm_eap/radeapclient.c index 1faaac7..328d8a4 100644 --- a/src/modules/rlm_eap/radeapclient.c +++ b/src/modules/rlm_eap/radeapclient.c @@ -300,8 +300,8 @@ static void cleanresp(RADIUS_PACKET *resp) * maybe should just copy things we care about, or keep * a copy of the original input and start from there again? */ - pairdelete(&resp->vps, PW_EAP_MESSAGE, 0, -1); - pairdelete(&resp->vps, ATTRIBUTE_EAP_BASE+PW_EAP_IDENTITY, 0, -1); + pairdelete(&resp->vps, PW_EAP_MESSAGE, 0, TAG_ANY); + pairdelete(&resp->vps, ATTRIBUTE_EAP_BASE+PW_EAP_IDENTITY, 0, TAG_ANY); last = &resp->vps; for(vp = *last; vp != NULL; vp = vpnext) @@ -337,7 +337,7 @@ static int process_eap_start(RADIUS_PACKET *req, /* form new response clear of any EAP stuff */ cleanresp(rep); - if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0)) == NULL) { + if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0, TAG_ANY)) == NULL) { fprintf(stderr, "illegal start message has no VERSION_LIST\n"); return 0; } @@ -396,9 +396,9 @@ static int process_eap_start(RADIUS_PACKET *req, * anyway we like, but it is illegal to have more than one * present. */ - anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ, 0); - fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0); - permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ, 0); + anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ, 0, TAG_ANY); + fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0, TAG_ANY); + permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ, 0, TAG_ANY); if(fullauthidreq_vp == NULL || anyidreq_vp != NULL || @@ -458,7 +458,7 @@ static int process_eap_start(RADIUS_PACKET *req, /* * insert the identity here. */ - vp = pairfind(rep->vps, PW_USER_NAME, 0); + vp = pairfind(rep->vps, PW_USER_NAME, 0, TAG_ANY); if(vp == NULL) { fprintf(stderr, "eap-sim: We need to have a User-Name attribute!\n"); @@ -502,8 +502,8 @@ static int process_eap_challenge(RADIUS_PACKET *req, uint8_t calcmac[20]; /* look for the AT_MAC and the challenge data */ - mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0); - randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0); + mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0, TAG_ANY); + randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0, TAG_ANY); if(mac == NULL || randvp == NULL) { fprintf(stderr, "radeapclient: challenge message needs to contain RAND and MAC\n"); return 0; @@ -521,9 +521,9 @@ static int process_eap_challenge(RADIUS_PACKET *req, randcfg[1] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE]; randcfg[2] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE*2]; - randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1, 0); - randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2, 0); - randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3, 0); + randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1, 0, TAG_ANY); + randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2, 0, TAG_ANY); + randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3, 0, TAG_ANY); if(randcfgvp[0] == NULL || randcfgvp[1] == NULL || @@ -574,9 +574,9 @@ static int process_eap_challenge(RADIUS_PACKET *req, * Really, they should be calculated from the RAND! * */ - sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1, 0); - sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2, 0); - sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3, 0); + sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1, 0, TAG_ANY); + sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2, 0, TAG_ANY); + sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3, 0, TAG_ANY); if(sres1 == NULL || sres2 == NULL || @@ -588,9 +588,9 @@ static int process_eap_challenge(RADIUS_PACKET *req, memcpy(eapsim_mk.sres[1], sres2->vp_strvalue, sizeof(eapsim_mk.sres[1])); memcpy(eapsim_mk.sres[2], sres3->vp_strvalue, sizeof(eapsim_mk.sres[2])); - Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1, 0); - Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2, 0); - Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3, 0); + Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1, 0, TAG_ANY); + Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2, 0, TAG_ANY); + Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3, 0, TAG_ANY); if(Kc1 == NULL || Kc2 == NULL || @@ -673,12 +673,12 @@ static int respond_eap_sim(RADIUS_PACKET *req, VALUE_PAIR *vp, *statevp, *radstate, *eapid; char statenamebuf[32], subtypenamebuf[32]; - if ((radstate = paircopy2(req->vps, PW_STATE, 0, -1)) == NULL) + if ((radstate = paircopy2(req->vps, PW_STATE, 0, TAG_ANY)) == NULL) { return 0; } - if ((eapid = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, -1)) == NULL) + if ((eapid = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY)) == NULL) { return 0; } @@ -687,7 +687,7 @@ static int respond_eap_sim(RADIUS_PACKET *req, * outselves to be in EAP-SIM-Start state if there is none. */ - if((statevp = pairfind(resp->vps, ATTRIBUTE_EAP_SIM_STATE, 0)) == NULL) + if((statevp = pairfind(resp->vps, ATTRIBUTE_EAP_SIM_STATE, 0, TAG_ANY)) == NULL) { /* must be initial request */ statevp = paircreate(ATTRIBUTE_EAP_SIM_STATE, 0, PW_TYPE_INTEGER); @@ -701,7 +701,7 @@ static int respond_eap_sim(RADIUS_PACKET *req, */ unmap_eapsim_types(req); - if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0)) == NULL) + if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0, TAG_ANY)) == NULL) { return 0; } @@ -782,20 +782,20 @@ static int respond_eap_md5(RADIUS_PACKET *req, cleanresp(rep); - if ((state = paircopy2(req->vps, PW_STATE, 0, -1)) == NULL) + if ((state = paircopy2(req->vps, PW_STATE, 0, TAG_ANY)) == NULL) { fprintf(stderr, "radeapclient: no state attribute found\n"); return 0; } - if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, -1)) == NULL) + if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY)) == NULL) { fprintf(stderr, "radeapclient: no EAP-ID attribute found\n"); return 0; } identifier = id->vp_integer; - if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0)) == NULL) + if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0, TAG_ANY)) == NULL) { fprintf(stderr, "radeapclient: no EAP-MD5 attribute found\n"); return 0; @@ -851,15 +851,15 @@ static int sendrecv_eap(RADIUS_PACKET *rep) /* * Keep a copy of the the User-Password attribute. */ - if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0)) != NULL) { + if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue)); - } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0)) != NULL) { + } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue)); /* * Otherwise keep a copy of the CHAP-Password attribute. */ - } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0)) != NULL) { + } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue)); } else { *password = '\0'; @@ -916,15 +916,15 @@ static int sendrecv_eap(RADIUS_PACKET *rep) sizeof(rep->vector)); if (*password != '\0') { - if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0)) != NULL) { + if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue)); vp->length = strlen(password); - } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0)) != NULL) { + } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue)); vp->length = strlen(password); - } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0)) != NULL) { + } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) { strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue)); vp->length = strlen(password); @@ -1260,14 +1260,14 @@ static void map_eap_types(RADIUS_PACKET *req) EAP_PACKET ep; int eap_type; - vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0); + vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY); if(vp == NULL) { id = ((int)getpid() & 0xff); } else { id = vp->vp_integer; } - vp = pairfind(req->vps, ATTRIBUTE_EAP_CODE, 0); + vp = pairfind(req->vps, ATTRIBUTE_EAP_CODE, 0, TAG_ANY); if(vp == NULL) { eapcode = PW_EAP_REQUEST; } else { @@ -1309,7 +1309,7 @@ static void map_eap_types(RADIUS_PACKET *req) */ /* nuke any existing EAP-Messages */ - pairdelete(&req->vps, PW_EAP_MESSAGE, 0, -1); + pairdelete(&req->vps, PW_EAP_MESSAGE, 0, TAG_ANY); memset(&ep, 0, sizeof(ep)); ep.code = eapcode; @@ -1413,7 +1413,7 @@ static int unmap_eapsim_types(RADIUS_PACKET *r) { VALUE_PAIR *esvp; - esvp = pairfind(r->vps, ATTRIBUTE_EAP_BASE+PW_EAP_SIM, 0); + esvp = pairfind(r->vps, ATTRIBUTE_EAP_BASE+PW_EAP_SIM, 0, TAG_ANY); if (esvp == NULL) { radlog(L_ERR, "eap: EAP-Sim attribute not found"); return 0; @@ -1493,7 +1493,7 @@ main(int argc, char *argv[]) } /* find the EAP-Message, copy it to req2 */ - vp = paircopy2(req->vps, PW_EAP_MESSAGE, 0, -1); + vp = paircopy2(req->vps, PW_EAP_MESSAGE, 0, TAG_ANY); if(vp == NULL) continue; @@ -1508,10 +1508,9 @@ main(int argc, char *argv[]) vp_printlist(stdout, req2->vps); } - vp = pairfind(req2->vps, - ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0); - vpkey = pairfind(req->vps, ATTRIBUTE_EAP_SIM_KEY, 0); - vpextra = pairfind(req->vps, ATTRIBUTE_EAP_SIM_EXTRA, 0); + vp = pairfind(req2->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0, TAG_ANY); + vpkey = pairfind(req->vps, ATTRIBUTE_EAP_SIM_KEY, 0, TAG_ANY); + vpextra = pairfind(req->vps, ATTRIBUTE_EAP_SIM_EXTRA, 0, TAG_ANY); if(vp != NULL && vpkey != NULL && vpextra!=NULL) { uint8_t calcmac[16]; diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c index 7ac922b..b49f1f0 100644 --- a/src/modules/rlm_eap/rlm_eap.c +++ b/src/modules/rlm_eap/rlm_eap.c @@ -285,7 +285,7 @@ static int eap_authenticate(void *instance, REQUEST *request) inst = (rlm_eap_t *) instance; - if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0)) { + if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) { RDEBUG("ERROR: You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!"); return RLM_MODULE_INVALID; } @@ -374,9 +374,9 @@ static int eap_authenticate(void *instance, REQUEST *request) * Some simple sanity checks. These should really * be handled by the radius library... */ - vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE, 0); + vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE, 0, TAG_ANY); if (vp) { - vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0); + vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { vp = pairmake("Message-Authenticator", "0x00", T_OP_EQ); @@ -390,7 +390,7 @@ static int eap_authenticate(void *instance, REQUEST *request) * set to 127.0.0.1 for tunneled requests, and * we don't want to tell the world that... */ - pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS, -1); + pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS, TAG_ANY); RDEBUG2(" Tunneled session will be proxied. Not doing EAP."); return RLM_MODULE_HANDLED; @@ -458,7 +458,7 @@ static int eap_authenticate(void *instance, REQUEST *request) /* * Doesn't exist, add it in. */ - vp = pairfind(request->reply->vps, PW_USER_NAME, 0); + vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY); if (!vp) { vp = pairmake("User-Name", "", T_OP_EQ); @@ -538,7 +538,7 @@ static int eap_authorize(void *instance, REQUEST *request) * and to get excited if it doesn't appear. */ - vp = pairfind(request->config_items, PW_AUTH_TYPE, 0); + vp = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY); if ((!vp) || (vp->vp_integer != PW_AUTHTYPE_REJECT)) { vp = pairmake("Auth-Type", inst->xlat_name, T_OP_EQ); @@ -643,7 +643,7 @@ static int eap_post_proxy(void *inst, REQUEST *request) /* * Doesn't exist, add it in. */ - vp = pairfind(request->reply->vps, PW_USER_NAME, 0); + vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY); if (!vp) { vp = pairmake("User-Name", request->username->vp_strvalue, T_OP_EQ); @@ -670,7 +670,7 @@ static int eap_post_proxy(void *inst, REQUEST *request) * This is vendor Cisco (9), Cisco-AVPair * attribute (1) */ - vp = pairfind(vp, 1, 9); + vp = pairfind(vp, 1, 9, TAG_ANY); if (!vp) { return RLM_MODULE_NOOP; } @@ -732,16 +732,16 @@ static int eap_post_auth(void *instance, REQUEST *request) /* * Only build a failure message if something previously rejected the request */ - vp = pairfind(request->config_items, PW_POSTAUTHTYPE, 0); + vp = pairfind(request->config_items, PW_POSTAUTHTYPE, 0, TAG_ANY); if (!vp || (vp->vp_integer != PW_POSTAUTHTYPE_REJECT)) return RLM_MODULE_NOOP; - if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0)) { + if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) { RDEBUG2("Request didn't contain an EAP-Message, not inserting EAP-Failure"); return RLM_MODULE_NOOP; } - if (pairfind(request->reply->vps, PW_EAP_MESSAGE, 0)) { + if (pairfind(request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) { RDEBUG2("Reply already contained an EAP-Message, not inserting EAP-Failure"); return RLM_MODULE_NOOP; } @@ -766,7 +766,7 @@ static int eap_post_auth(void *instance, REQUEST *request) * Make sure there's a message authenticator attribute in the response * RADIUS protocol code will calculate the correct value later... */ - vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0); + vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { vp = pairmake("Message-Authenticator", "0x00", T_OP_EQ); diff --git a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c index 42e5660..43330f6 100644 --- a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c +++ b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c @@ -193,7 +193,7 @@ static int gtc_authenticate(void *type_data, EAP_HANDLER *handler) /* * For now, do clear-text password authentication. */ - vp = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0); + vp = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); if (!vp) { DEBUG2(" rlm_eap_gtc: ERROR: Cleartext-Password is required for authentication."); eap_ds->request->code = PW_EAP_FAILURE; @@ -224,7 +224,7 @@ static int gtc_authenticate(void *type_data, EAP_HANDLER *handler) * If there was a User-Password in the request, * why the heck are they using EAP-GTC? */ - pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD, 0, -1); + pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY); vp = pairmake("User-Password", "", T_OP_EQ); if (!vp) { diff --git a/src/modules/rlm_eap/types/rlm_eap_ikev2/ike_conf.c b/src/modules/rlm_eap/types/rlm_eap_ikev2/ike_conf.c index f86ebc7..c072f13 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ikev2/ike_conf.c +++ b/src/modules/rlm_eap/types/rlm_eap_ikev2/ike_conf.c @@ -300,7 +300,7 @@ void rad_update_shared_seclist(struct sharedSecList **list,char *id,VALUE_PAIR * if(items) { VALUE_PAIR *vp; //idtype - vp=pairfind(items,RAD_EAP_IKEV2_IDTYPE, 0); + vp=pairfind(items, RAD_EAP_IKEV2_IDTYPE, 0, TAG_ANY); if(!vp) { radlog(L_DBG,IKEv2_LOG_PREFIX "[%s] -- Id type not set",id); } else { @@ -309,14 +309,14 @@ void rad_update_shared_seclist(struct sharedSecList **list,char *id,VALUE_PAIR * } } //secret - vp=pairfind(items,RAD_EAP_IKEV2_SECRET, 0); + vp=pairfind(items, RAD_EAP_IKEV2_SECRET, 0, TAG_ANY); if(!vp || !vp->length) { radlog(L_DBG,IKEv2_LOG_PREFIX "[%s] -- Secret not set",id); } else { secret=vp->vp_strvalue; } //authtype - vp=pairfind(items,RAD_EAP_IKEV2_AUTHTYPE, 0); + vp=pairfind(items, RAD_EAP_IKEV2_AUTHTYPE, 0, TAG_ANY); if(vp && vp->length) { authtype=AuthtypeFromName(vp->vp_strvalue); if(authtype==-1) { diff --git a/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c b/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c index 6f0fee3..12ea227 100644 --- a/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c +++ b/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c @@ -116,8 +116,8 @@ static int leap_authenticate(UNUSED void *instance, EAP_HANDLER *handler) * The password is never sent over the wire. * Always get the configured password, for each user. */ - password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0); - if (!password) password = pairfind(handler->request->config_items, PW_NT_PASSWORD, 0); + password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); + if (!password) password = pairfind(handler->request->config_items, PW_NT_PASSWORD, 0, TAG_ANY); if (!password) { DEBUG2("rlm_eap_leap: No Cleartext-Password or NT-Password configured for this user"); eapleap_free(&packet); diff --git a/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c index c993e5d..c0a0e59 100644 --- a/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c +++ b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c @@ -117,7 +117,7 @@ static int md5_authenticate(UNUSED void *arg, EAP_HANDLER *handler) rad_assert(handler->request != NULL); rad_assert(handler->stage == AUTHENTICATE); - password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0); + password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); if (password == NULL) { DEBUG2("rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication"); return 0; diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index d01481e..ae2272c 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -48,10 +48,10 @@ static CONF_PARSER module_config[] = { static void fix_mppe_keys(EAP_HANDLER *handler, mschapv2_opaque_t *data) { - pairmove2(&data->mppe_keys, &handler->request->reply->vps, 7, VENDORPEC_MICROSOFT); - pairmove2(&data->mppe_keys, &handler->request->reply->vps, 8, VENDORPEC_MICROSOFT); - pairmove2(&data->mppe_keys, &handler->request->reply->vps, 16, VENDORPEC_MICROSOFT); - pairmove2(&data->mppe_keys, &handler->request->reply->vps, 17, VENDORPEC_MICROSOFT); + pairmove2(&data->mppe_keys, &handler->request->reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY); + pairmove2(&data->mppe_keys, &handler->request->reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY); + pairmove2(&data->mppe_keys, &handler->request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY); + pairmove2(&data->mppe_keys, &handler->request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY); } static void free_data(void *ptr) @@ -334,7 +334,7 @@ static int mschap_postproxy(EAP_HANDLER *handler, void *tunnel_data) */ pairmove2(&response, &handler->request->reply->vps, - PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT); + PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY); break; default: @@ -681,7 +681,7 @@ packet_ready: * the State attribute back, before passing * the handler & request back into the tunnel. */ - pairdelete(&handler->request->packet->vps, PW_STATE, 0, -1); + pairdelete(&handler->request->packet->vps, PW_STATE, 0, TAG_ANY); /* * Fix the User-Name when proxying, to strip off @@ -690,8 +690,7 @@ packet_ready: * in the user name, THEN discard the user name. */ if (inst->with_ntdomain_hack && - ((challenge = pairfind(handler->request->packet->vps, - PW_USER_NAME, 0)) != NULL) && + ((challenge = pairfind(handler->request->packet->vps, PW_USER_NAME, 0, TAG_ANY)) != NULL) && ((username = strchr(challenge->vp_strvalue, '\\')) != NULL)) { /* * Wipe out the NT domain. @@ -732,12 +731,12 @@ packet_ready: response = NULL; if (rcode == RLM_MODULE_OK) { pairmove2(&response, &handler->request->reply->vps, - PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT); + PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY); data->code = PW_EAP_MSCHAPV2_SUCCESS; } else if (inst->send_error) { pairmove2(&response, &handler->request->reply->vps, - PW_MSCHAP_ERROR, VENDORPEC_MICROSOFT); + PW_MSCHAP_ERROR, VENDORPEC_MICROSOFT, TAG_ANY); if (response) { int n,err,retry; char buf[34]; diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c index c4382b2..388568f 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c @@ -448,18 +448,18 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, /* * Clean up the tunneled reply. */ - pairdelete(&reply->vps, PW_PROXY_STATE, 0, -1); - pairdelete(&reply->vps, PW_EAP_MESSAGE, 0, -1); - pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, -1); + pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY); + pairdelete(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY); + pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); /* * Delete MPPE keys & encryption policy. We don't * want these here. */ - pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, -1); - pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, -1); - pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, -1); - pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, -1); + pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY); + pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY); + pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY); + pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY); t->accept_vps = reply->vps; reply->vps = NULL; @@ -482,7 +482,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * Get rid of the old State, too. */ pairfree(&t->state); - pairmove2(&t->state, &(reply->vps), PW_STATE, 0); + pairmove2(&t->state, &(reply->vps), PW_STATE, 0, TAG_ANY); /* * PEAP takes only EAP-Message attributes inside @@ -490,7 +490,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * Access-Challenge is ignored. */ vp = NULL; - pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE, 0); + pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE, 0, TAG_ANY); /* * Handle EAP-MSCHAP-V2, where Access-Accept's @@ -505,8 +505,8 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, /* * Clean up the tunneled reply. */ - pairdelete(&reply->vps, PW_PROXY_STATE, 0, -1); - pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, -1); + pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY); + pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); t->accept_vps = reply->vps; reply->vps = NULL; @@ -1009,7 +1009,7 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) setup_fake_request(request, fake, t); - if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0)) != NULL) { + if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) { fake->server = vp->vp_strvalue; } else if (t->virtual_server) { @@ -1051,7 +1051,7 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) switch (fake->reply->code) { case 0: /* No reply code, must be proxied... */ #ifdef WITH_PROXY - vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0); + vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY); if (vp) { eap_tunnel_data_t *tunnel; @@ -1114,7 +1114,7 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) * of attributes. */ pairdelete(&fake->packet->vps, - PW_EAP_MESSAGE, 0, -1); + PW_EAP_MESSAGE, 0, TAG_ANY); } DEBUG2(" PEAP: Tunneled authentication will be proxied to %s", vp->vp_strvalue); @@ -1124,8 +1124,8 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) * to be proxied. */ pairmove2(&(request->config_items), - &(fake->config_items), - PW_PROXY_TO_REALM, 0); + &(fake->config_items), + PW_PROXY_TO_REALM, 0, TAG_ANY); /* * Seed the proxy packet with the @@ -1228,7 +1228,7 @@ static int setup_fake_request(REQUEST *request, REQUEST *fake, peap_tunnel_t *t) if (t->username) { vp = paircopy(t->username); pairadd(&fake->packet->vps, vp); - fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0); + fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY); RDEBUG2("Setting User-Name to %s", fake->username->vp_strvalue); } else { RDEBUG2("No tunnel username (SSL resumption?)"); @@ -1274,7 +1274,7 @@ static int setup_fake_request(REQUEST *request, REQUEST *fake, peap_tunnel_t *t) * AND attributes which are copied there * from below. */ - if (pairfind(fake->packet->vps, vp->attribute, vp->vendor)) { + if (pairfind(fake->packet->vps, vp->attribute, vp->vendor, TAG_ANY)) { continue; } @@ -1309,7 +1309,7 @@ static int setup_fake_request(REQUEST *request, REQUEST *fake, peap_tunnel_t *t) * Don't copy from the head, we've already * checked it. */ - copy = paircopy2(vp, vp->attribute, vp->vendor, -1); + copy = paircopy2(vp, vp->attribute, vp->vendor, TAG_ANY); pairadd(&fake->packet->vps, copy); } } diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c index dba618e..f59d51d 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c @@ -241,8 +241,7 @@ static int eappeap_initiate(void *type_arg, EAP_HANDLER *handler) * EAP-TLS-Require-Client-Cert attribute will override * the require_client_cert configuration option. */ - vp = pairfind(handler->request->config_items, - PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0); + vp = pairfind(handler->request->config_items, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY); if (vp) { client_cert = vp->vp_integer; } diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c index ae8fb0b..5314d29 100644 --- a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c +++ b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c @@ -274,7 +274,7 @@ eap_pwd_initiate (void *type_data, EAP_HANDLER *handler) * figure out the MTU (basically do what eap-tls does) */ pwd_session->mtu = inst->conf->fragment_size; - vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU, 0); + vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY); if (vp && ((int)(vp->vp_integer - 9) < pwd_session->mtu)) { /* * 9 = 4 (EAPOL header) + 4 (EAP header) + 1 (EAP type) @@ -470,7 +470,7 @@ eap_pwd_authenticate (void *arg, EAP_HANDLER *handler) fake->username->length = pwd_session->peer_id_len; fake->username->vp_strvalue[fake->username->length] = 0; - if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0)) != NULL) { + if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) { fake->server = vp->vp_strvalue; } else if (inst->conf->virtual_server) { @@ -506,7 +506,7 @@ eap_pwd_authenticate (void *arg, EAP_HANDLER *handler) debug_pair_list(fake->reply->vps); } - if ((pw = pairfind(fake->config_items, PW_CLEARTEXT_PASSWORD, 0)) == NULL) { + if ((pw = pairfind(fake->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) == NULL) { DEBUG2("failed to find password for %s to do pwd authentication", pwd_session->peer_id); request_free(&fake); diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c index 8e79b66..63661b6 100644 --- a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c +++ b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c @@ -146,7 +146,7 @@ static int eap_sim_getchalans(VALUE_PAIR *vps, int chalno, rad_assert(chalno >= 0 && chalno < 3); - vp = pairfind(vps, ATTRIBUTE_EAP_SIM_RAND1+chalno, 0); + vp = pairfind(vps, ATTRIBUTE_EAP_SIM_RAND1+chalno, 0, TAG_ANY); if(vp == NULL) { /* bad, we can't find stuff! */ DEBUG2(" eap-sim can not find sim-challenge%d",chalno+1); @@ -159,7 +159,7 @@ static int eap_sim_getchalans(VALUE_PAIR *vps, int chalno, } memcpy(ess->keys.rand[chalno], vp->vp_strvalue, EAPSIM_RAND_SIZE); - vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SRES1+chalno, 0); + vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SRES1+chalno, 0, TAG_ANY); if(vp == NULL) { /* bad, we can't find stuff! */ DEBUG2(" eap-sim can not find sim-sres%d",chalno+1); @@ -172,7 +172,7 @@ static int eap_sim_getchalans(VALUE_PAIR *vps, int chalno, } memcpy(ess->keys.sres[chalno], vp->vp_strvalue, EAPSIM_SRES_SIZE); - vp = pairfind(vps, ATTRIBUTE_EAP_SIM_KC1+chalno, 0); + vp = pairfind(vps, ATTRIBUTE_EAP_SIM_KC1+chalno, 0, TAG_ANY); if(vp == NULL) { /* bad, we can't find stuff! */ DEBUG2(" eap-sim can not find sim-kc%d",chalno+1); @@ -249,7 +249,7 @@ static int eap_sim_sendchallenge(EAP_HANDLER *handler) memcpy(ess->keys.identity, handler->identity, ess->keys.identitylen); /* use the SIM identity, if available */ - newvp = pairfind(*invps, ATTRIBUTE_EAP_SIM_BASE + PW_EAP_SIM_IDENTITY, 0); + newvp = pairfind(*invps, ATTRIBUTE_EAP_SIM_BASE + PW_EAP_SIM_IDENTITY, 0, TAG_ANY); if (newvp && newvp->length > 2) { uint16_t len; @@ -389,7 +389,7 @@ static int eap_sim_initiate(void *type_data, EAP_HANDLER *handler) type_data = type_data; /* shut up compiler */ - vp = pairfind(outvps, ATTRIBUTE_EAP_SIM_RAND1, 0); + vp = pairfind(outvps, ATTRIBUTE_EAP_SIM_RAND1, 0, TAG_ANY); if(vp == NULL) { DEBUG2(" can not initiate sim, no RAND1 attribute"); return 0; @@ -448,8 +448,8 @@ static int process_eap_sim_start(EAP_HANDLER *handler, VALUE_PAIR *vps) ess = (struct eap_sim_server_state *)handler->opaque; - nonce_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT, 0); - selectedversion_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION, 0); + nonce_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT, 0, TAG_ANY); + selectedversion_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION, 0, TAG_ANY); if(nonce_vp == NULL || selectedversion_vp == NULL) { @@ -567,7 +567,7 @@ static int eap_sim_authenticate(void *arg, EAP_HANDLER *handler) } /* see what kind of message we have gotten */ - if((vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0)) == NULL) + if((vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0, TAG_ANY)) == NULL) { DEBUG2(" no subtype attribute was created, message dropped"); return 0; diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index 88d2e28..714d827 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -175,8 +175,7 @@ static int eaptls_authenticate(void *type_arg, EAP_HANDLER *handler) fake->packet->vps = paircopy(request->packet->vps); /* set the virtual server to use */ - if ((vp = pairfind(request->config_items, - PW_VIRTUAL_SERVER, 0)) != NULL) { + if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) { fake->server = vp->vp_strvalue; } else { fake->server = inst->virtual_server; diff --git a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c index fca5081..c4b97b8 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c +++ b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c @@ -133,14 +133,14 @@ static void setVlanAttribute(rlm_eap_tnc_t *inst, EAP_HANDLER *handler, switch(mode){ case VLAN_ISOLATE: vlanNumber = inst->vlan_isolate; - vp = pairfind(handler->request->config_items, - PW_TNC_VLAN_ISOLATE); + vp = pairfind(handler->request->config_items, PW_TNC_VLAN_ISOLATE, + TAG_ANY); if (vp) vlanNumber = vp->vp_strvalue; break; case VLAN_ACCESS: vlanNumber = inst->vlan_access; - vp = pairfind(handler->request->config_items, - PW_TNC_VLAN_ACCESS); + vp = pairfind(handler->request->config_items, PW_TNC_VLAN_ACCESS, + TAG_ANY); if (vp) vlanNumber = vp->vp_strvalue; break; diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c index b9e15c6..547dbdf 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c @@ -227,8 +227,7 @@ static int eapttls_initiate(void *type_arg, EAP_HANDLER *handler) * EAP-TLS-Require-Client-Cert attribute will override * the require_client_cert configuration option. */ - vp = pairfind(handler->request->config_items, - PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0); + vp = pairfind(handler->request->config_items, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY); if (vp) { client_cert = vp->vp_integer; } diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index 3344c53..8110f30 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -691,7 +691,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * packet, and we will send EAP-Success. */ vp = NULL; - pairmove2(&vp, &reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT); + pairmove2(&vp, &reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY); if (vp) { RDEBUG("Got MS-CHAP2-Success, tunneling it to the client in a challenge."); rcode = RLM_MODULE_HANDLED; @@ -701,10 +701,10 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * Delete MPPE keys & encryption policy. We don't * want these here. */ - pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, -1); - pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, -1); - pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, -1); - pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, -1); + pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY); + pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY); + pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY); + pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY); /* * Use the tunneled reply, but not now. @@ -724,7 +724,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * can figure it out, from the non-tunneled * EAP-Success packet. */ - pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0); + pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY); pairfree(&vp); } @@ -745,7 +745,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * tunneled user! */ if (t->use_tunneled_reply) { - pairdelete(&reply->vps, PW_PROXY_STATE, 0, -1); + pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY); pairadd(&request->reply->vps, reply->vps); reply->vps = NULL; } @@ -772,7 +772,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * Get rid of the old State, too. */ pairfree(&t->state); - pairmove2(&t->state, &reply->vps, PW_STATE, 0); + pairmove2(&t->state, &reply->vps, PW_STATE, 0, TAG_ANY); /* * We should really be a bit smarter about this, @@ -782,7 +782,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * method works in 99.9% of the situations. */ vp = NULL; - pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0); + pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY); /* * There MUST be a Reply-Message in the challenge, @@ -792,7 +792,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, * we MUST create one, with an empty string as * it's value. */ - pairmove2(&vp, &reply->vps, PW_REPLY_MESSAGE, 0); + pairmove2(&vp, &reply->vps, PW_REPLY_MESSAGE, 0, TAG_ANY); /* * Handle the ACK, by tunneling any necessary reply @@ -1050,8 +1050,8 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) /* * Update other items in the REQUEST data structure. */ - fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0); - fake->password = pairfind(fake->packet->vps, PW_USER_PASSWORD, 0); + fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY); + fake->password = pairfind(fake->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY); /* * No User-Name, try to create one from stored data. @@ -1062,7 +1062,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) * an EAP-Identity, and pull it out of there. */ if (!t->username) { - vp = pairfind(fake->packet->vps, PW_EAP_MESSAGE, 0); + vp = pairfind(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY); if (vp && (vp->length >= EAP_HEADER_LEN + 2) && (vp->vp_strvalue[0] == PW_EAP_RESPONSE) && @@ -1108,7 +1108,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) if (t->username) { vp = paircopy(t->username); pairadd(&fake->packet->vps, vp); - fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0); + fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY); } } /* else the request ALREADY had a User-Name */ @@ -1149,7 +1149,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) * AND attributes which are copied there * from below. */ - if (pairfind(fake->packet->vps, vp->attribute, vp->vendor)) { + if (pairfind(fake->packet->vps, vp->attribute, vp->vendor, TAG_ANY)) { continue; } @@ -1184,12 +1184,12 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) * Don't copy from the head, we've already * checked it. */ - copy = paircopy2(vp, vp->attribute, vp->vendor, -1); + copy = paircopy2(vp, vp->attribute, vp->vendor, TAG_ANY); pairadd(&fake->packet->vps, copy); } } - if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0)) != NULL) { + if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) { fake->server = vp->vp_strvalue; } else if (t->virtual_server) { @@ -1232,7 +1232,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) switch (fake->reply->code) { case 0: /* No reply code, must be proxied... */ #ifdef WITH_PROXY - vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0); + vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY); if (vp) { eap_tunnel_data_t *tunnel; RDEBUG("Tunneled authentication will be proxied to %s", vp->vp_strvalue); @@ -1243,7 +1243,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) */ pairmove2(&(request->config_items), &(fake->config_items), - PW_PROXY_TO_REALM, 0); + PW_PROXY_TO_REALM, 0, TAG_ANY); /* * Seed the proxy packet with the diff --git a/src/modules/rlm_eap2/rlm_eap2.c b/src/modules/rlm_eap2/rlm_eap2.c index d784ef5..dd518ff 100644 --- a/src/modules/rlm_eap2/rlm_eap2.c +++ b/src/modules/rlm_eap2/rlm_eap2.c @@ -237,7 +237,7 @@ static EAP_HANDLER *eaplist_find(rlm_eap_t *inst, REQUEST *request) * We key the sessions off of the 'state' attribute, so it * must exist. */ - state = pairfind(request->packet->vps, PW_STATE, 0); + state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (!state || (state->length != EAP_STATE_LEN)) { return NULL; @@ -390,12 +390,12 @@ static int server_get_eap_user(void *ctx, const u8 *identity, /* * Do this always, just in case. */ - vp = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0); + vp = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); if (vp) { user->password = (u8 *) os_strdup(vp->vp_strvalue); user->password_len = vp->length; } - if (!vp) vp = pairfind(request->config_items, PW_NT_PASSWORD, 0); + if (!vp) vp = pairfind(request->config_items, PW_NT_PASSWORD, 0, TAG_ANY); if (vp) { user->password = (u8 *) malloc(vp->length); memcpy(user->password, vp->vp_octets, vp->length); @@ -683,7 +683,7 @@ static int eap_req2vp(EAP_HANDLER *handler) total -= size; } while (total > 0); - pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, -1); + pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, TAG_ANY); pairadd(&handler->request->reply->vps, head); return encoded; @@ -774,7 +774,7 @@ static int eap_vp2data(VALUE_PAIR *vps, void **data, int *data_len) /* * Get only EAP-Message attribute list */ - first = pairfind(vps, PW_EAP_MESSAGE, 0); + first = pairfind(vps, PW_EAP_MESSAGE, 0, TAG_ANY); if (first == NULL) { radlog(L_ERR, "rlm_eap2: EAP-Message not found"); return -1; @@ -807,7 +807,7 @@ static int eap_vp2data(VALUE_PAIR *vps, void **data, int *data_len) * Sanity check the length, BEFORE malloc'ing memory. */ total_len = 0; - for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) { + for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) { total_len += vp->length; if (total_len > len) { @@ -840,7 +840,7 @@ static int eap_vp2data(VALUE_PAIR *vps, void **data, int *data_len) ptr = *data; /* RADIUS ensures order of attrs, so just concatenate all */ - for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) { + for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) { memcpy(ptr, vp->vp_strvalue, vp->length); ptr += vp->length; } @@ -868,7 +868,7 @@ static int eap_authenticate(void *instance, REQUEST *request) inst = (rlm_eap_t *) instance; - vp = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0); + vp = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY); if (!vp) { RDEBUG("No EAP-Message. Not doing EAP."); return RLM_MODULE_FAIL; @@ -884,7 +884,7 @@ static int eap_authenticate(void *instance, REQUEST *request) return RLM_MODULE_FAIL; } - vp = pairfind(request->packet->vps, PW_STATE, 0); + vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (vp) { handler = eaplist_find(inst, request); if (!handler) { @@ -977,7 +977,7 @@ static int eap_authenticate(void *instance, REQUEST *request) /* * Doesn't exist, add it in. */ - vp = pairfind(request->reply->vps, PW_USER_NAME, 0); + vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY); if (!vp) { vp = pairmake("User-Name", request->username->vp_strvalue, T_OP_EQ); @@ -996,7 +996,7 @@ static int eap_authenticate(void *instance, REQUEST *request) } } - vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0); + vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { vp = paircreate(PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS); memset(vp->vp_strvalue, 0, AUTH_VECTOR_LEN); diff --git a/src/modules/rlm_example/rlm_example.c b/src/modules/rlm_example/rlm_example.c index 00cf81d..68c5bf9 100644 --- a/src/modules/rlm_example/rlm_example.c +++ b/src/modules/rlm_example/rlm_example.c @@ -115,7 +115,7 @@ static int example_authorize(void *instance, REQUEST *request) /* * Look for the 'state' attribute. */ - state = pairfind(request->packet->vps, PW_STATE, 0); + state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (state != NULL) { RDEBUG("Found reply to access challenge"); return RLM_MODULE_OK; diff --git a/src/modules/rlm_exec/rlm_exec.c b/src/modules/rlm_exec/rlm_exec.c index 8875f28..869c8ff 100644 --- a/src/modules/rlm_exec/rlm_exec.c +++ b/src/modules/rlm_exec/rlm_exec.c @@ -389,11 +389,11 @@ static int exec_postauth(void *instance, REQUEST *request) VALUE_PAIR *vp, *tmp; rlm_exec_t *inst = (rlm_exec_t *) instance; - vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0); + vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY); if (vp) { exec_wait = 0; - } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0)) != NULL) { + } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) { exec_wait = 1; } if (!vp) { @@ -458,11 +458,11 @@ static int exec_accounting(void *instance, REQUEST *request) */ if (!inst->bare) return exec_dispatch(instance, request); - vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0); + vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY); if (vp) { exec_wait = 0; - } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0)) != NULL) { + } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) { exec_wait = 1; } if (!vp) return RLM_MODULE_NOOP; diff --git a/src/modules/rlm_expiration/rlm_expiration.c b/src/modules/rlm_expiration/rlm_expiration.c index 0f2cda0..3eb9caa 100644 --- a/src/modules/rlm_expiration/rlm_expiration.c +++ b/src/modules/rlm_expiration/rlm_expiration.c @@ -64,7 +64,7 @@ static int expiration_authorize(void *instance, REQUEST *request) VALUE_PAIR *vp, *check_item = NULL; char msg[MAX_STRING_LEN]; - if ((check_item = pairfind(request->config_items, PW_EXPIRATION, 0)) != NULL){ + if ((check_item = pairfind(request->config_items, PW_EXPIRATION, 0, TAG_ANY)) != NULL){ /* * Has this user's password expired? * @@ -99,7 +99,7 @@ static int expiration_authorize(void *instance, REQUEST *request) * Else the account hasn't expired, but it may do so * in the future. Set Session-Timeout. */ - vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0); + vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, PW_SESSION_TIMEOUT, 0, diff --git a/src/modules/rlm_expr/paircmp.c b/src/modules/rlm_expr/paircmp.c index 6923a21..25b9e2b 100644 --- a/src/modules/rlm_expr/paircmp.c +++ b/src/modules/rlm_expr/paircmp.c @@ -151,13 +151,13 @@ static int presufcmp(UNUSED void *instance, /* * If Strip-User-Name == No, then don't do any more. */ - vp = pairfind(check_pairs, PW_STRIP_USER_NAME, 0); + vp = pairfind(check_pairs, PW_STRIP_USER_NAME, 0, TAG_ANY); if (vp && !vp->vp_integer) return ret; /* * See where to put the stripped user name. */ - vp = pairfind(check_pairs, PW_STRIPPED_USER_NAME, 0); + vp = pairfind(check_pairs, PW_STRIPPED_USER_NAME, 0, TAG_ANY); if (!vp) { /* * If "request" is NULL, then the memory will be diff --git a/src/modules/rlm_fastusers/rlm_fastusers.c b/src/modules/rlm_fastusers/rlm_fastusers.c index fc55db3..88189fc 100644 --- a/src/modules/rlm_fastusers/rlm_fastusers.c +++ b/src/modules/rlm_fastusers/rlm_fastusers.c @@ -90,7 +90,7 @@ static const CONF_PARSER module_config[] = { static int fallthrough(VALUE_PAIR *vp) { VALUE_PAIR *tmp; - tmp = pairfind(vp, PW_FALL_THROUGH, 0); + tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY); return tmp ? tmp->vp_integer : 0; } @@ -106,7 +106,7 @@ static int rad_check_return(VALUE_PAIR *list) * We check for Auth-Type = Reject here */ - authtype = pairfind(list, PW_AUTHTYPE, 0); + authtype = pairfind(list, PW_AUTHTYPE, 0, TAG_ANY); if((authtype) && authtype->vp_integer == PW_AUTHTYPE_REJECT) { DEBUG2("rad_check_return: Auth-Type is Reject"); return RLM_MODULE_REJECT; @@ -595,7 +595,7 @@ static int fastuser_authorize(void *instance, REQUEST *request) pairfree(&reply_tmp); if(!fallthrough(user->reply)) { - pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, -1); + pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, TAG_ANY); return(rad_check_return(user->check)); } else { user=user->next; @@ -659,7 +659,7 @@ static int fastuser_authorize(void *instance, REQUEST *request) pairfree(&reply_tmp); if(!fallthrough(user->reply)) { - pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, -1); + pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, TAG_ANY); return(rad_check_return(user->check)); } @@ -675,7 +675,7 @@ static int fastuser_authorize(void *instance, REQUEST *request) } if(userfound || defaultfound) { - pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, -1); + pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, TAG_ANY); return(rad_check_return(request->config_items)); } else { DEBUG2("rlm_fastusers: user not found"); diff --git a/src/modules/rlm_files/rlm_files.c b/src/modules/rlm_files/rlm_files.c index 9b4e75d..0ef8867 100644 --- a/src/modules/rlm_files/rlm_files.c +++ b/src/modules/rlm_files/rlm_files.c @@ -71,7 +71,7 @@ struct file_instance { static int fallthrough(VALUE_PAIR *vp) { VALUE_PAIR *tmp; - tmp = pairfind(vp, PW_FALL_THROUGH, 0); + tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY); return tmp ? tmp->vp_integer : 0; } @@ -494,7 +494,7 @@ static int file_common(struct file_instance *inst, REQUEST *request, /* * Remove server internal parameters. */ - pairdelete(reply_pairs, PW_FALL_THROUGH, 0, -1); + pairdelete(reply_pairs, PW_FALL_THROUGH, 0, TAG_ANY); /* * See if we succeeded. diff --git a/src/modules/rlm_ippool/rlm_ippool.c b/src/modules/rlm_ippool/rlm_ippool.c index 51eb140..10a308a 100644 --- a/src/modules/rlm_ippool/rlm_ippool.c +++ b/src/modules/rlm_ippool/rlm_ippool.c @@ -329,7 +329,7 @@ static int ippool_accounting(void *instance, REQUEST *request) FR_MD5_CTX md5_context; - if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) acctstatustype = vp->vp_integer; else { RDEBUG("Could not find account status type in packet. Return NOOP."); @@ -471,7 +471,7 @@ static int ippool_postauth(void *instance, REQUEST *request) /* Check if Pool-Name attribute exists. If it exists check our name and * run only if they match */ - if ((vp = pairfind(request->config_items, PW_POOL_NAME, 0)) != NULL){ + if ((vp = pairfind(request->config_items, PW_POOL_NAME, 0, TAG_ANY)) != NULL){ if (data->name == NULL || (strcmp(data->name,vp->vp_strvalue) && strcmp(vp->vp_strvalue,"DEFAULT"))) return RLM_MODULE_NOOP; } else { @@ -483,7 +483,7 @@ static int ippool_postauth(void *instance, REQUEST *request) /* * Find the caller id */ - if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) cli = vp->vp_strvalue; #ifdef WITH_DHCP @@ -583,12 +583,12 @@ static int ippool_postauth(void *instance, REQUEST *request) * If there is a Framed-IP-Address (or Dhcp-Your-IP-Address) * attribute in the reply, check for override */ - if (pairfind(request->reply->vps, attr_ipaddr, vendor_ipaddr) != NULL) { + if (pairfind(request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY) != NULL) { RDEBUG("Found IP address attribute in reply attribute list."); if (data->override) { RDEBUG("Override supplied IP address"); - pairdelete(&request->reply->vps, attr_ipaddr, vendor_ipaddr, -1); + pairdelete(&request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY); } else { /* Abort */ RDEBUG("override is set to no. Return NOOP."); @@ -748,14 +748,14 @@ static int ippool_postauth(void *instance, REQUEST *request) free(key_datum.dptr); entry.active = 1; entry.timestamp = request->timestamp; - if ((vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0)) != NULL) { + if ((vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY)) != NULL) { entry.timeout = (time_t) vp->vp_integer; #ifdef WITH_DHCP if (dhcp) { vp = radius_paircreate(request, &request->reply->vps, PW_DHCP_IP_ADDRESS_LEASE_TIME, DHCP_MAGIC_VENDOR, PW_TYPE_INTEGER); vp->vp_integer = entry.timeout; - pairdelete(&request->reply->vps, PW_SESSION_TIMEOUT, 0, -1); + pairdelete(&request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY); } #endif } else { @@ -810,7 +810,7 @@ static int ippool_postauth(void *instance, REQUEST *request) * If there is no Framed-Netmask attribute in the * reply, add one */ - if (pairfind(request->reply->vps, attr_ipmask, vendor_ipaddr) == NULL) { + if (pairfind(request->reply->vps, attr_ipmask, vendor_ipaddr, TAG_ANY) == NULL) { vp = radius_paircreate(request, &request->reply->vps, attr_ipmask, vendor_ipaddr, PW_TYPE_IPADDR); diff --git a/src/modules/rlm_jradius/rlm_jradius.c b/src/modules/rlm_jradius/rlm_jradius.c index 40fd2e3..bd31b21 100644 --- a/src/modules/rlm_jradius/rlm_jradius.c +++ b/src/modules/rlm_jradius/rlm_jradius.c @@ -1023,11 +1023,11 @@ static int rlm_jradius_call(char func, void *instance, REQUEST *req, int isproxy * we need to reconfigure a few pointers in the REQUEST object */ if (req->username) { - req->username = pairfind(request->vps, PW_USER_NAME, 0); + req->username = pairfind(request->vps, PW_USER_NAME, 0, TAG_ANY); } if (req->password) { - req->password = pairfind(request->vps, PW_PASSWORD, 0); - if (!req->password) req->password = pairfind(request->vps, PW_CHAP_PASSWORD, 0); + req->password = pairfind(request->vps, PW_PASSWORD, 0, TAG_ANY); + if (!req->password) req->password = pairfind(request->vps, PW_CHAP_PASSWORD, 0, TAG_ANY); } /* diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 3abd33a..e0462b5 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -1000,7 +1000,7 @@ static char *get_userdn(LDAP_CONN **pconn, REQUEST *request, int *module_rcode) *module_rcode = RLM_MODULE_FAIL; - vp = pairfind(request->config_items, PW_LDAP_USERDN, 0); + vp = pairfind(request->config_items, PW_LDAP_USERDN, 0, TAG_ANY); if (vp) { *module_rcode = RLM_MODULE_OK; return vp->vp_strvalue; @@ -1766,15 +1766,11 @@ static void do_check_reply(ldap_instance *inst, REQUEST *request) * to read the documentation. */ if (inst->expect_password && (debug_flag > 1)) { - if (!pairfind(request->config_items,PW_CLEARTEXT_PASSWORD, 0) && - !pairfind(request->config_items, - PW_NT_PASSWORD, 0) && - !pairfind(request->config_items, - PW_USER_PASSWORD, 0) && - !pairfind(request->config_items, - PW_PASSWORD_WITH_HEADER, 0) && - !pairfind(request->config_items, - PW_CRYPT_PASSWORD, 0)) { + if (!pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) && + !pairfind(request->config_items, PW_NT_PASSWORD, 0, TAG_ANY) && + !pairfind(request->config_items, PW_USER_PASSWORD, 0, TAG_ANY) && + !pairfind(request->config_items, PW_PASSWORD_WITH_HEADER, 0, TAG_ANY) && + !pairfind(request->config_items, PW_CRYPT_PASSWORD, 0, TAG_ANY)) { RDEBUG("WARNING: No \"known good\" password " "was found in LDAP. Are you sure that " "the user is configured correctly?"); @@ -1931,8 +1927,7 @@ static int ldap_authorize(void *instance, REQUEST * request) /* * We already have a Cleartext-Password. Skip edir. */ - if (inst->edir && pairfind(request->config_items, - PW_CLEARTEXT_PASSWORD, 0)) { + if (inst->edir && pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) { goto skip_edir; } @@ -2000,7 +1995,7 @@ skip_edir: /* * Apply ONE user profile, or a default user profile. */ - vp = pairfind(request->config_items, PW_USER_PROFILE, 0); + vp = pairfind(request->config_items, PW_USER_PROFILE, 0, TAG_ANY); if (vp || inst->default_profile) { char *profile = inst->default_profile; diff --git a/src/modules/rlm_logintime/rlm_logintime.c b/src/modules/rlm_logintime/rlm_logintime.c index 3f915a2..cbee046 100644 --- a/src/modules/rlm_logintime/rlm_logintime.c +++ b/src/modules/rlm_logintime/rlm_logintime.c @@ -164,7 +164,7 @@ static int logintime_authorize(void *instance, REQUEST *request) VALUE_PAIR *check_item = NULL; int r; - if ((check_item = pairfind(request->config_items, PW_LOGIN_TIME, 0)) != NULL) { + if ((check_item = pairfind(request->config_items, PW_LOGIN_TIME, 0, TAG_ANY)) != NULL) { /* * Authentication is OK. Now see if this @@ -220,7 +220,7 @@ static int logintime_authorize(void *instance, REQUEST *request) * User is allowed, but set Session-Timeout. */ DEBUG("rlm_logintime: timestr returned accept"); - if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0)) != NULL) { + if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY)) != NULL) { if (reply_item->vp_integer > (unsigned) r) reply_item->vp_integer = r; } else { diff --git a/src/modules/rlm_mschap/opendir.c b/src/modules/rlm_mschap/opendir.c index b4b6f51..d4bf073 100644 --- a/src/modules/rlm_mschap/opendir.c +++ b/src/modules/rlm_mschap/opendir.c @@ -241,7 +241,7 @@ int od_mschap_auth(REQUEST *request, VALUE_PAIR *challenge, uint32_t uiLen = 0; char *username_string = NULL; char *shortUserName = NULL; - VALUE_PAIR *response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT); + VALUE_PAIR *response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY); #ifndef NDEBUG unsigned int t; #endif diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c index 0a315f1..d6fc4ed 100644 --- a/src/modules/rlm_mschap/rlm_mschap.c +++ b/src/modules/rlm_mschap/rlm_mschap.c @@ -181,9 +181,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * hash of MS-CHAPv2 challenge, and peer challenge. */ if (strncasecmp(fmt, "Challenge", 9) == 0) { - chap_challenge = pairfind(request->packet->vps, - PW_MSCHAP_CHALLENGE, - VENDORPEC_MICROSOFT); + chap_challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY); if (!chap_challenge) { RDEBUG2("No MS-CHAP-Challenge in the request."); return 0; @@ -207,9 +205,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, VALUE_PAIR *name_attr, *response_name; char *username_string; - response = pairfind(request->packet->vps, - PW_MSCHAP2_RESPONSE, - VENDORPEC_MICROSOFT); + response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY); if (!response) { RDEBUG2("MS-CHAP2-Response is required to calculate MS-CHAPv1 challenge."); return 0; @@ -229,8 +225,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, return 0; } - user_name = pairfind(request->packet->vps, - PW_USER_NAME, 0); + user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!user_name) { RDEBUG2("User-Name is required to calculate MS-CHAPv1 Challenge."); return 0; @@ -245,7 +240,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * We prefer this to the User-Name in the * packet. */ - response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0); + response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY); if (response_name) { name_attr = response_name; } else { @@ -294,11 +289,8 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * response. */ } else if (strncasecmp(fmt, "NT-Response", 11) == 0) { - response = pairfind(request->packet->vps, - PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT); - if (!response) response = pairfind(request->packet->vps, - PW_MSCHAP2_RESPONSE, - VENDORPEC_MICROSOFT); + response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY); + if (!response) response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY); if (!response) { RDEBUG2("No MS-CHAP-Response or MS-CHAP2-Response was found in the request."); return 0; @@ -327,8 +319,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, * in MS-CHAPv1, and not often there. */ } else if (strncasecmp(fmt, "LM-Response", 11) == 0) { - response = pairfind(request->packet->vps, - PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT); + response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY); if (!response) { RDEBUG2("No MS-CHAP-Response was found in the request."); return 0; @@ -351,7 +342,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, } else if (strncasecmp(fmt, "NT-Domain", 9) == 0) { char *p, *q; - user_name = pairfind(request->packet->vps, PW_USER_NAME, 0); + user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!user_name) { RDEBUG2("No User-Name was found in the request."); return 0; @@ -406,7 +397,7 @@ static size_t mschap_xlat(void *instance, REQUEST *request, } else if (strncasecmp(fmt, "User-Name", 9) == 0) { char *p; - user_name = pairfind(request->packet->vps, PW_USER_NAME, 0); + user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!user_name) { RDEBUG2("No User-Name was found in the request."); return 0; @@ -1281,24 +1272,19 @@ static int mschap_authorize(void * instance, REQUEST *request) #define inst ((rlm_mschap_t *)instance) VALUE_PAIR *challenge = NULL; - challenge = pairfind(request->packet->vps, - PW_MSCHAP_CHALLENGE, - VENDORPEC_MICROSOFT); + challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY); if (!challenge) { return RLM_MODULE_NOOP; } - if (!pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, - VENDORPEC_MICROSOFT) && - !pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, - VENDORPEC_MICROSOFT) && - !pairfind(request->packet->vps, PW_MSCHAP2_CPW, - VENDORPEC_MICROSOFT)) { + if (!pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) && + !pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) && + !pairfind(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY)) { RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP response or change-password"); return RLM_MODULE_NOOP; } - if (pairfind(request->config_items, PW_AUTH_TYPE, 0)) { + if (pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY)) { RDEBUG2("WARNING: Auth-Type already set. Not setting to MS-CHAP"); return RLM_MODULE_NOOP; } @@ -1362,8 +1348,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * want to suppress it. */ if (do_ntlm_auth) { - VALUE_PAIR *vp = pairfind(request->config_items, - PW_MS_CHAP_USE_NTLM_AUTH, 0); + VALUE_PAIR *vp = pairfind(request->config_items, PW_MS_CHAP_USE_NTLM_AUTH, 0, TAG_ANY); if (vp) do_ntlm_auth = vp->vp_integer; } @@ -1371,10 +1356,9 @@ static int mschap_authenticate(void * instance, REQUEST *request) * Find the SMB-Account-Ctrl attribute, or the * SMB-Account-Ctrl-Text attribute. */ - smb_ctrl = pairfind(request->config_items, PW_SMB_ACCOUNT_CTRL, 0); + smb_ctrl = pairfind(request->config_items, PW_SMB_ACCOUNT_CTRL, 0, TAG_ANY); if (!smb_ctrl) { - password = pairfind(request->config_items, - PW_SMB_ACCOUNT_CTRL_TEXT, 0); + password = pairfind(request->config_items, PW_SMB_ACCOUNT_CTRL_TEXT, 0, TAG_ANY); if (password) { smb_ctrl = radius_pairmake(request, &request->config_items, @@ -1403,12 +1387,12 @@ static int mschap_authenticate(void * instance, REQUEST *request) /* * Decide how to get the passwords. */ - password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0); + password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); /* * We need an LM-Password. */ - lm_password = pairfind(request->config_items, PW_LM_PASSWORD, 0); + lm_password = pairfind(request->config_items, PW_LM_PASSWORD, 0, TAG_ANY); if (lm_password) { /* * Allow raw octets. @@ -1443,7 +1427,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) /* * We need an NT-Password. */ - nt_password = pairfind(request->config_items, PW_NT_PASSWORD, 0); + nt_password = pairfind(request->config_items, PW_NT_PASSWORD, 0, TAG_ANY); if (nt_password) { if ((nt_password->length == 16) || ((nt_password->length == 32) && @@ -1472,8 +1456,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) } } - cpw = pairfind(request->packet->vps, PW_MSCHAP2_CPW, - VENDORPEC_MICROSOFT); + cpw = pairfind(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY); if (cpw) { /* * mschap2 password change request @@ -1600,9 +1583,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) memcpy(response->vp_octets+2, cpw->vp_octets + 18, 48); } - challenge = pairfind(request->packet->vps, - PW_MSCHAP_CHALLENGE, - VENDORPEC_MICROSOFT); + challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY); if (!challenge) { RDEBUG("ERROR: You set 'Auth-Type = MS-CHAP' for a request that does not contain any MS-CHAP attributes!"); return RLM_MODULE_REJECT; @@ -1611,9 +1592,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) /* * We also require an MS-CHAP-Response. */ - response = pairfind(request->packet->vps, - PW_MSCHAP_RESPONSE, - VENDORPEC_MICROSOFT); + response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY); /* * MS-CHAP-Response, means MS-CHAPv1 @@ -1663,9 +1642,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) chap = 1; - } else if ((response = pairfind(request->packet->vps, - PW_MSCHAP2_RESPONSE, - VENDORPEC_MICROSOFT)) != NULL) { + } else if ((response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY)) != NULL) { int mschap_result; uint8_t mschapv1_challenge[16]; VALUE_PAIR *name_attr, *response_name; @@ -1689,7 +1666,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) /* * We also require a User-Name */ - username = pairfind(request->packet->vps, PW_USER_NAME, 0); + username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!username) { radlog_request(L_AUTH, 0, request, "We require a User-Name for MS-CHAPv2"); return RLM_MODULE_INVALID; @@ -1704,7 +1681,7 @@ static int mschap_authenticate(void * instance, REQUEST *request) * We prefer this to the User-Name in the * packet. */ - response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0); + response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY); if (response_name) { name_attr = response_name; } else { diff --git a/src/modules/rlm_opendirectory/rlm_opendirectory.c b/src/modules/rlm_opendirectory/rlm_opendirectory.c index 2436966..cbb2e3a 100644 --- a/src/modules/rlm_opendirectory/rlm_opendirectory.c +++ b/src/modules/rlm_opendirectory/rlm_opendirectory.c @@ -405,7 +405,7 @@ static int od_authorize(UNUSED void *instance, REQUEST *request) if (uuid_is_null(guid_sacl) && uuid_is_null(guid_nasgroup)) { RDEBUG("no access control groups, all users allowed."); - if (pairfind(request->config_items, PW_AUTH_TYPE, 0) == NULL) { + if (pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) { pairadd(&request->config_items, pairmake("Auth-Type", kAuthType, T_OP_EQ)); RDEBUG("Setting Auth-Type = %s", kAuthType); } @@ -460,7 +460,7 @@ static int od_authorize(UNUSED void *instance, REQUEST *request) } } - if (pairfind(request->config_items, PW_AUTH_TYPE, 0) == NULL) { + if (pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) { pairadd(&request->config_items, pairmake("Auth-Type", kAuthType, T_OP_EQ)); RDEBUG("Setting Auth-Type = %s", kAuthType); } diff --git a/src/modules/rlm_otp/otp_mppe.c b/src/modules/rlm_otp/otp_mppe.c index 07ff7fb..576af50 100644 --- a/src/modules/rlm_otp/otp_mppe.c +++ b/src/modules/rlm_otp/otp_mppe.c @@ -49,8 +49,8 @@ otp_mppe(REQUEST *request, otp_pwe_t pwe, const otp_option_t *opt, VALUE_PAIR **avp = &request->reply->vps; VALUE_PAIR *cvp, *rvp, *vp; - cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor); - rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor); + cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor, TAG_ANY); + rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor, TAG_ANY); switch (pwe) { case PWE_PAP: diff --git a/src/modules/rlm_otp/otp_pw_valid.c b/src/modules/rlm_otp/otp_pw_valid.c index d8cc0e4..ac26248 100644 --- a/src/modules/rlm_otp/otp_pw_valid.c +++ b/src/modules/rlm_otp/otp_pw_valid.c @@ -92,8 +92,8 @@ otp_pw_valid(REQUEST *request, int pwe, const char *challenge, otp_request.pwe.pwe = pwe; /* otp_pwe_present() (done by caller) guarantees that both of these exist */ - cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor); - rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor); + cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor, TAG_ANY); + rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor, TAG_ANY); /* this is just to quiet Coverity */ if (!rvp || !cvp) return RLM_MODULE_REJECT; diff --git a/src/modules/rlm_otp/otp_pwe.c b/src/modules/rlm_otp/otp_pwe.c index e3e37c6..0f79d46 100644 --- a/src/modules/rlm_otp/otp_pwe.c +++ b/src/modules/rlm_otp/otp_pwe.c @@ -110,8 +110,8 @@ otp_pwe_present(const REQUEST *request) unsigned i; for (i = 0; i < SIZEOF_PWATTR; i += 2) { - if (pairfind(request->packet->vps, pwattr[i]->attr, pwattr[i]->vendor) && - pairfind(request->packet->vps, pwattr[i + 1]->attr, pwattr[i + 1]->vendor)) { + if (pairfind(request->packet->vps, pwattr[i]->attr, pwattr[i]->vendor, TAG_ANY) && + pairfind(request->packet->vps, pwattr[i + 1]->attr, pwattr[i + 1]->vendor, TAG_ANY)) { DEBUG("rlm_otp: %s: password attributes %s, %s", __func__, pwattr[i]->name, pwattr[i + 1]->name); return i + 1; /* Can't return 0 (indicates failure) */ diff --git a/src/modules/rlm_otp/rlm_otp.c b/src/modules/rlm_otp/rlm_otp.c index 51d49cb..efb3293 100644 --- a/src/modules/rlm_otp/rlm_otp.c +++ b/src/modules/rlm_otp/rlm_otp.c @@ -181,7 +181,7 @@ otp_authorize(void *instance, REQUEST *request) VALUE_PAIR *vp; auth_type_found = 0; - if ((vp = pairfind(request->config_items, PW_AUTHTYPE, 0)) != NULL) { + if ((vp = pairfind(request->config_items, PW_AUTHTYPE, 0, TAG_ANY)) != NULL) { auth_type_found = 1; if (strcmp(vp->vp_strvalue, inst->name)) return RLM_MODULE_NOOP; @@ -189,7 +189,7 @@ otp_authorize(void *instance, REQUEST *request) } /* The State attribute will be present if this is a response. */ - if (pairfind(request->packet->vps, PW_STATE, 0) != NULL) { + if (pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY) != NULL) { DEBUG("rlm_otp: autz: Found response to Access-Challenge"); return RLM_MODULE_OK; } @@ -313,7 +313,7 @@ otp_authenticate(void *instance, REQUEST *request) "rlm_otp", T_OP_EQ)); /* Retrieve the challenge (from State attribute). */ - if ((vp = pairfind(request->packet->vps, PW_STATE, 0)) != NULL) { + if ((vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY)) != NULL) { unsigned char state[OTP_MAX_RADSTATE_LEN]; unsigned char raw_state[OTP_MAX_RADSTATE_LEN]; unsigned char rad_state[OTP_MAX_RADSTATE_LEN]; diff --git a/src/modules/rlm_pam/rlm_pam.c b/src/modules/rlm_pam/rlm_pam.c index 24ebfe8..c126c41 100644 --- a/src/modules/rlm_pam/rlm_pam.c +++ b/src/modules/rlm_pam/rlm_pam.c @@ -266,7 +266,7 @@ static int pam_auth(void *instance, REQUEST *request) * Let the 'users' file over-ride the PAM auth name string, * for backwards compatibility. */ - pair = pairfind(request->config_items, PAM_AUTH_ATTR, 0); + pair = pairfind(request->config_items, PAM_AUTH_ATTR, 0, TAG_ANY); if (pair) pam_auth_string = (char *)pair->vp_strvalue; r = pam_pass((char *)request->username->vp_strvalue, diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index 8a7a93a..fb46d0e 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -286,7 +286,7 @@ static int pap_authorize(void *instance, REQUEST *request) * Password already exists: use * that instead of this one. */ - if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0)) { + if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) { RDEBUG("Config already contains \"known good\" password. Ignoring Password-With-Header"); break; } @@ -394,15 +394,15 @@ static int pap_authorize(void *instance, REQUEST *request) * Likely going to be proxied. Avoid printing * warning message. */ - if (pairfind(request->config_items, PW_REALM, 0) || - (pairfind(request->config_items, PW_PROXY_TO_REALM, 0))) { + if (pairfind(request->config_items, PW_REALM, 0, TAG_ANY) || + (pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY))) { return RLM_MODULE_NOOP; } /* * The TLS types don't need passwords. */ - vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0); + vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY); if (vp && ((vp->vp_integer == 13) || /* EAP-TLS */ (vp->vp_integer == 21) || /* EAP-TTLS */ diff --git a/src/modules/rlm_passwd/rlm_passwd.c b/src/modules/rlm_passwd/rlm_passwd.c index cd96eee..d61df93 100644 --- a/src/modules/rlm_passwd/rlm_passwd.c +++ b/src/modules/rlm_passwd/rlm_passwd.c @@ -536,7 +536,7 @@ static int passwd_map(void *instance, REQUEST *request) int found = 0; for (key = request->packet->vps; - key && (key = pairfind (key, inst->keyattr->attr, inst->keyattr->vendor)); + key && (key = pairfind(key, inst->keyattr->attr, inst->keyattr->vendor, TAG_ANY)); key = key->next ){ /* * Ensure we have the string form of the attribute diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c index dca182a..2520c3c 100644 --- a/src/modules/rlm_perl/rlm_perl.c +++ b/src/modules/rlm_perl/rlm_perl.c @@ -804,13 +804,10 @@ static int rlmperl_call(void *instance, REQUEST *request, char *function_name) /* * Update cached copies */ - request->username = pairfind(request->packet->vps, - PW_USER_NAME, 0); - request->password = pairfind(request->packet->vps, - PW_USER_PASSWORD, 0); + request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); + request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY); if (!request->password) - request->password = pairfind(request->packet->vps, - PW_CHAP_PASSWORD, 0); + request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY); } if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) { @@ -881,7 +878,7 @@ static int perl_accounting(void *instance, REQUEST *request) VALUE_PAIR *pair; int acctstatustype=0; - if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) { + if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) { acctstatustype = pair->vp_integer; } else { radlog(L_ERR, "Invalid Accounting Packet"); diff --git a/src/modules/rlm_policy/evaluate.c b/src/modules/rlm_policy/evaluate.c index 3b211fb..2e0720e 100644 --- a/src/modules/rlm_policy/evaluate.c +++ b/src/modules/rlm_policy/evaluate.c @@ -465,7 +465,7 @@ static VALUE_PAIR *find_vp(REQUEST *request, const char *name) return NULL; /* no such attribute */ } - return pairfind(vps, dattr->attr, dattr->vendor); + return pairfind(vps, dattr->attr, dattr->vendor, TAG_ANY); } diff --git a/src/modules/rlm_preprocess/rlm_preprocess.c b/src/modules/rlm_preprocess/rlm_preprocess.c index 50da773..a3e3a90 100644 --- a/src/modules/rlm_preprocess/rlm_preprocess.c +++ b/src/modules/rlm_preprocess/rlm_preprocess.c @@ -77,7 +77,7 @@ static const CONF_PARSER module_config[] = { static int fallthrough(VALUE_PAIR *vp) { VALUE_PAIR *tmp; - tmp = pairfind(vp, PW_FALL_THROUGH, 0); + tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY); return tmp ? tmp->vp_integer : 0; } @@ -250,7 +250,7 @@ static void cablelabs_vsa_hack(VALUE_PAIR **list) { VALUE_PAIR *ev; - ev = pairfind(*list, 1, 4491); /* Cablelabs-Event-Message */ + ev = pairfind(*list, 1, 4491, TAG_ANY); /* Cablelabs-Event-Message */ if (!ev) return; /* @@ -276,7 +276,7 @@ static void rad_mangle(rlm_preprocess_t *data, REQUEST *request) * If it isn't there, then we can't mangle the request. */ request_pairs = request->packet->vps; - namepair = pairfind(request_pairs, PW_USER_NAME, 0); + namepair = pairfind(request_pairs, PW_USER_NAME, 0, TAG_ANY); if ((namepair == NULL) || (namepair->length <= 0)) { return; @@ -324,8 +324,8 @@ static void rad_mangle(rlm_preprocess_t *data, REQUEST *request) * Small check: if Framed-Protocol present but Service-Type * is missing, add Service-Type = Framed-User. */ - if (pairfind(request_pairs, PW_FRAMED_PROTOCOL, 0) != NULL && - pairfind(request_pairs, PW_SERVICE_TYPE, 0) == NULL) { + if (pairfind(request_pairs, PW_FRAMED_PROTOCOL, 0, TAG_ANY) != NULL && + pairfind(request_pairs, PW_SERVICE_TYPE, 0, TAG_ANY) == NULL) { tmp = radius_paircreate(request, &request->packet->vps, PW_SERVICE_TYPE, 0, PW_TYPE_INTEGER); tmp->vp_integer = PW_FRAMED_USER; @@ -395,7 +395,7 @@ static int hints_setup(PAIR_LIST *hints, REQUEST *request) /* * Check for valid input, zero length names not permitted */ - if ((tmp = pairfind(request_pairs, PW_USER_NAME, 0)) == NULL) + if ((tmp = pairfind(request_pairs, PW_USER_NAME, 0, TAG_ANY)) == NULL) name = NULL; else name = (char *)tmp->vp_strvalue; @@ -422,8 +422,8 @@ static int hints_setup(PAIR_LIST *hints, REQUEST *request) */ add = paircopy(i->reply); ft = fallthrough(add); - pairdelete(&add, PW_STRIP_USER_NAME, 0, -1); - pairdelete(&add, PW_FALL_THROUGH, 0, -1); + pairdelete(&add, PW_STRIP_USER_NAME, 0, TAG_ANY); + pairdelete(&add, PW_FALL_THROUGH, 0, TAG_ANY); pairxlatmove(request, &request->packet->vps, &add); pairfree(&add); updated = 1; @@ -470,7 +470,7 @@ static int huntgroup_access(REQUEST *request, PAIR_LIST *huntgroups) * We've matched the huntgroup, so add it in * to the list of request pairs. */ - vp = pairfind(request_pairs, PW_HUNTGROUP_NAME, 0); + vp = pairfind(request_pairs, PW_HUNTGROUP_NAME, 0, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->packet->vps, @@ -498,7 +498,7 @@ static int add_nas_attr(REQUEST *request) switch (request->packet->src_ipaddr.af) { case AF_INET: - nas = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0); + nas = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY); if (!nas) { nas = radius_paircreate(request, &request->packet->vps, PW_NAS_IP_ADDRESS, 0, @@ -508,7 +508,7 @@ static int add_nas_attr(REQUEST *request) break; case AF_INET6: - nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0); + nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0, TAG_ANY); if (!nas) { nas = radius_paircreate(request, &request->packet->vps, PW_NAS_IPV6_ADDRESS, 0, @@ -606,8 +606,7 @@ static int preprocess_authorize(void *instance, REQUEST *request) * in place, to go from Ascend's weird values to something * approaching rationality. */ - ascend_nasport_hack(pairfind(request->packet->vps, - PW_NAS_PORT, 0), + ascend_nasport_hack(pairfind(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY), data->ascend_channels_per_line); } @@ -652,8 +651,8 @@ static int preprocess_authorize(void *instance, REQUEST *request) * is PW_CHAP_CHALLENGE we need to add it so that other * modules can use it as a normal attribute. */ - if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0) && - pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0) == NULL) { + if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) && + pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) { VALUE_PAIR *vp; vp = radius_paircreate(request, &request->packet->vps, @@ -727,7 +726,7 @@ static int preprocess_preaccounting(void *instance, REQUEST *request) * the server can use it, rather than various error-prone * manual calculations. */ - vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0); + vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY); if (!vp) { VALUE_PAIR *delay; @@ -735,7 +734,7 @@ static int preprocess_preaccounting(void *instance, REQUEST *request) PW_EVENT_TIMESTAMP, 0, PW_TYPE_DATE); vp->vp_date = request->packet->timestamp.tv_sec; - delay = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0); + delay = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY); if (delay) vp->vp_date -= delay->vp_integer; } diff --git a/src/modules/rlm_radutmp/rlm_radutmp.c b/src/modules/rlm_radutmp/rlm_radutmp.c index 96bca72..65fe921 100644 --- a/src/modules/rlm_radutmp/rlm_radutmp.c +++ b/src/modules/rlm_radutmp/rlm_radutmp.c @@ -205,7 +205,7 @@ static int radutmp_accounting(void *instance, REQUEST *request) /* * Which type is this. */ - if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) == NULL) { + if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) { RDEBUG("No Accounting-Status-Type record."); return RLM_MODULE_NOOP; } @@ -228,10 +228,10 @@ static int radutmp_accounting(void *instance, REQUEST *request) int check1 = 0; int check2 = 0; - if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0)) + if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY)) == NULL || vp->vp_date == 0) check1 = 1; - if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0)) + if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0, TAG_ANY)) != NULL && vp->length == 8 && memcmp(vp->vp_strvalue, "00000000", 8) == 0) check2 = 1; @@ -634,9 +634,9 @@ static int radutmp_checksimul(void *instance, REQUEST *request) /* * Setup some stuff, like for MPP detection. */ - if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) ipno = vp->vp_ipaddr; - if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) call_num = vp->vp_strvalue; /* diff --git a/src/modules/rlm_radutmp/rlm_radutmp2.c b/src/modules/rlm_radutmp/rlm_radutmp2.c index 8e06adc..8ab0f98 100644 --- a/src/modules/rlm_radutmp/rlm_radutmp2.c +++ b/src/modules/rlm_radutmp/rlm_radutmp2.c @@ -731,7 +731,7 @@ static int radutmp_accounting(void *instance, REQUEST *request) /* * Which type is this. */ - if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) == NULL) { + if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) { radlog(L_ERR, "rlm_radutmp: No Accounting-Status-Type record."); return RLM_MODULE_NOOP; } @@ -754,10 +754,10 @@ static int radutmp_accounting(void *instance, REQUEST *request) int check1 = 0; int check2 = 0; - if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0)) + if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY)) == NULL || vp->vp_date == 0) check1 = 1; - if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0)) + if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0, TAG_ANY)) != NULL && vp->length == 8 && memcmp(vp->vp_strvalue, "00000000", 8) == 0) check2 = 1; @@ -1386,9 +1386,9 @@ static int radutmp_checksimul(void *instance, REQUEST *request) /* * Setup some stuff, like for MPP detection. */ - if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) ipno = vp->vp_ipaddr; - if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) call_num = vp->vp_strvalue; /* diff --git a/src/modules/rlm_realm/rlm_realm.c b/src/modules/rlm_realm/rlm_realm.c index 18d68b3..3b68bb9 100644 --- a/src/modules/rlm_realm/rlm_realm.c +++ b/src/modules/rlm_realm/rlm_realm.c @@ -95,7 +95,7 @@ static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm * it already ( via another rlm_realm instance ) and should return. */ - if (pairfind(request->packet->vps, PW_REALM, 0) != NULL ) { + if (pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL ) { RDEBUG2("Request already proxied. Ignoring."); return RLM_MODULE_OK; } @@ -266,7 +266,7 @@ static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm * that has already proxied the request, we don't need to do * it again. */ - vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0); + vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY); if (vp && (request->packet->src_ipaddr.af == AF_INET)) { int i; fr_ipaddr_t my_ipaddr; @@ -467,12 +467,12 @@ static int realm_coa(UNUSED void *instance, REQUEST *request) VALUE_PAIR *vp; REALM *realm; - if (pairfind(request->packet->vps, PW_REALM, 0) != NULL) { + if (pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL) { RDEBUG2("Request already proxied. Ignoring."); return RLM_MODULE_OK; } - vp = pairfind(request->packet->vps, PW_OPERATOR_NAME, 0); + vp = pairfind(request->packet->vps, PW_OPERATOR_NAME, 0, TAG_ANY); /* * Catch the case of broken dictionaries. diff --git a/src/modules/rlm_rediswho/rlm_rediswho.c b/src/modules/rlm_rediswho/rlm_rediswho.c index 6eee917..a37593f 100644 --- a/src/modules/rlm_rediswho/rlm_rediswho.c +++ b/src/modules/rlm_rediswho/rlm_rediswho.c @@ -209,7 +209,7 @@ static int rediswho_accounting(void * instance, REQUEST * request) rlm_rediswho_t *inst = (rlm_rediswho_t *) instance; REDISSOCK *dissocket; - vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0); + vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY); if (!vp) { RDEBUG("Could not find account status type in packet."); return RLM_MODULE_NOOP; diff --git a/src/modules/rlm_replicate/rlm_replicate.c b/src/modules/rlm_replicate/rlm_replicate.c index 7125cbe..cd13957 100644 --- a/src/modules/rlm_replicate/rlm_replicate.c +++ b/src/modules/rlm_replicate/rlm_replicate.c @@ -69,7 +69,7 @@ static int replicate_packet(void *instance, REQUEST *request, * destinations. */ while (1) { - vp = pairfind(last, PW_REPLICATE_TO_REALM, 0); + vp = pairfind(last, PW_REPLICATE_TO_REALM, 0, TAG_ANY); if (!vp) break; last = vp->next; @@ -168,8 +168,8 @@ static int replicate_packet(void *instance, REQUEST *request, * it doesn't exist. */ if ((code == PW_AUTHENTICATION_REQUEST) && - (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0) != NULL) && - (pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0) == NULL)) { + (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) != NULL) && + (pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL)) { vp = radius_paircreate(request, &packet->vps, PW_CHAP_CHALLENGE, 0, PW_TYPE_OCTETS); diff --git a/src/modules/rlm_securid/mem.c b/src/modules/rlm_securid/mem.c index eefecbd..4986cbb 100644 --- a/src/modules/rlm_securid/mem.c +++ b/src/modules/rlm_securid/mem.c @@ -201,7 +201,7 @@ SECURID_SESSION *securid_sessionlist_find(rlm_securid_t *inst, REQUEST *request) /* * We key the sessions off of the 'state' attribute */ - state = pairfind(request->packet->vps, PW_STATE); + state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (!state) { return NULL; } diff --git a/src/modules/rlm_smsotp/rlm_smsotp.c b/src/modules/rlm_smsotp/rlm_smsotp.c index 70a957f..b4c6203 100644 --- a/src/modules/rlm_smsotp/rlm_smsotp.c +++ b/src/modules/rlm_smsotp/rlm_smsotp.c @@ -122,7 +122,7 @@ static int smsotp_authenticate(void *instance, REQUEST *request) /* * Look for the 'state' attribute. */ - state = pairfind(request->packet->vps, PW_STATE, 0); + state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (state != NULL) { DEBUG("rlm_smsotp: Found reply to access challenge"); @@ -216,11 +216,11 @@ static int smsotp_authorize(void *instance, REQUEST *request) /* * Look for the 'state' attribute. */ - state = pairfind(request->packet->vps, PW_STATE, 0); + state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY); if (state != NULL) { DEBUG("rlm_smsotp: Found reply to access challenge (AUTZ), Adding Auth-Type '%s'",opt->smsotp_authtype); - pairdelete(&request->config_items, PW_AUTH_TYPE, 0, -1); /* delete old auth-type */ + pairdelete(&request->config_items, PW_AUTH_TYPE, 0, TAG_ANY); /* delete old auth-type */ pairadd(&request->config_items, pairmake("Auth-Type", opt->smsotp_authtype, T_OP_SET)); } diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c index 69e6835..ced4cd2 100644 --- a/src/modules/rlm_soh/rlm_soh.c +++ b/src/modules/rlm_soh/rlm_soh.c @@ -48,19 +48,19 @@ static size_t soh_xlat(UNUSED void *instance, REQUEST *request, const char *fmt, * FIXME: should have a #define for the attribute... * SoH-Supported == 2119 in dictionary.freeradius.internal */ - vp[0] = pairfind(request->packet->vps, 2119, 0); + vp[0] = pairfind(request->packet->vps, 2119, 0, TAG_ANY); if (!vp[0]) return 0; if (strncasecmp(fmt, "OS", 2) == 0) { /* OS vendor */ - vp[0] = pairfind(request->packet->vps, 2100, 0); - vp[1] = pairfind(request->packet->vps, 2101, 0); - vp[2] = pairfind(request->packet->vps, 2102, 0); - vp[3] = pairfind(request->packet->vps, 2103, 0); - vp[4] = pairfind(request->packet->vps, 2104, 0); - vp[5] = pairfind(request->packet->vps, 2105, 0); + vp[0] = pairfind(request->packet->vps, 2100, 0, TAG_ANY); + vp[1] = pairfind(request->packet->vps, 2101, 0, TAG_ANY); + vp[2] = pairfind(request->packet->vps, 2102, 0, TAG_ANY); + vp[3] = pairfind(request->packet->vps, 2103, 0, TAG_ANY); + vp[4] = pairfind(request->packet->vps, 2104, 0, TAG_ANY); + vp[5] = pairfind(request->packet->vps, 2105, 0, TAG_ANY); if (vp[0] && vp[0]->vp_integer == VENDORPEC_MICROSOFT) { if (!vp[1]) { @@ -144,7 +144,7 @@ static int soh_postauth(UNUSED void * instance, REQUEST *request) int rcode; VALUE_PAIR *vp; - vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR); + vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { /* * vendor-specific options contain @@ -202,7 +202,7 @@ static int soh_authorize(UNUSED void * instance, REQUEST *request) int rv; /* try to find the MS-SoH payload */ - vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT); + vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT, TAG_ANY); if (!vp) { RDEBUG("SoH radius VP not found"); return RLM_MODULE_NOOP; diff --git a/src/modules/rlm_sometimes/rlm_sometimes.c b/src/modules/rlm_sometimes/rlm_sometimes.c index aa18a0b..2622b92 100644 --- a/src/modules/rlm_sometimes/rlm_sometimes.c +++ b/src/modules/rlm_sometimes/rlm_sometimes.c @@ -162,7 +162,7 @@ static int sometimes_return(void *instance, RADIUS_PACKET *packet, /* * Hash based on the given key. Usually User-Name. */ - vp = pairfind(packet->vps, inst->da->attr, inst->da->vendor); + vp = pairfind(packet->vps, inst->da->attr, inst->da->vendor, TAG_ANY); if (!vp) return RLM_MODULE_NOOP; hash = fr_hash(&vp->data, vp->length); diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c index 7495b02..a3d45cb 100644 --- a/src/modules/rlm_sql/rlm_sql.c +++ b/src/modules/rlm_sql/rlm_sql.c @@ -113,7 +113,7 @@ static const CONF_PARSER module_config[] = { static int fallthrough(VALUE_PAIR *vp) { VALUE_PAIR *tmp; - tmp = pairfind(vp, PW_FALL_THROUGH, 0); + tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY); return tmp ? tmp->vp_integer : 0; } @@ -657,7 +657,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql radlog_request(L_ERR, 0, request, "Error generating query; rejecting user"); /* Remove the grouup we added above */ - pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1); + pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY); sql_grouplist_free(&group_list); return -1; } @@ -666,7 +666,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql radlog_request(L_ERR, 0, request, "Error retrieving check pairs for group %s", group_list_tmp->groupname); /* Remove the grouup we added above */ - pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1); + pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY); pairfree(&check_tmp); sql_grouplist_free(&group_list); return -1; @@ -684,7 +684,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) { radlog_request(L_ERR, 0, request, "Error generating query; rejecting user"); /* Remove the grouup we added above */ - pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1); + pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY); pairfree(&check_tmp); sql_grouplist_free(&group_list); return -1; @@ -693,7 +693,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s", group_list_tmp->groupname); /* Remove the grouup we added above */ - pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1); + pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY); pairfree(&check_tmp); pairfree(&reply_tmp); sql_grouplist_free(&group_list); @@ -719,7 +719,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) { radlog_request(L_ERR, 0, request, "Error generating query; rejecting user"); /* Remove the grouup we added above */ - pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1); + pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY); pairfree(&check_tmp); sql_grouplist_free(&group_list); return -1; @@ -728,7 +728,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s", group_list_tmp->groupname); /* Remove the grouup we added above */ - pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1); + pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY); pairfree(&check_tmp); pairfree(&reply_tmp); sql_grouplist_free(&group_list); @@ -743,7 +743,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql * Delete the Sql-Group we added above * And clear out the pairlists */ - pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1); + pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY); pairfree(&check_tmp); pairfree(&reply_tmp); } @@ -1134,7 +1134,7 @@ static int rlm_sql_authorize(void *instance, REQUEST * request) /* * Check for a default_profile or for a User-Profile. */ - user_profile = pairfind(request->config_items, PW_USER_PROFILE, 0); + user_profile = pairfind(request->config_items, PW_USER_PROFILE, 0, TAG_ANY); const char *profile = user_profile ? user_profile->vp_strvalue : @@ -1421,9 +1421,9 @@ static int rlm_sql_checksimul(void *instance, REQUEST * request) { */ request->simul_count = 0; - if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) ipno = vp->vp_ipaddr; - if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL) + if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) call_num = vp->vp_strvalue; diff --git a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c index 8dfa014..053b4f5 100644 --- a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c +++ b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c @@ -550,7 +550,7 @@ static int sqlcounter_authorize(void *instance, REQUEST *request) * The REAL username, after stripping. */ DEBUG2("rlm_sqlcounter: Entering module authorize code"); - key_vp = ((data->key_attr->vendor == 0) && (data->key_attr->attr == PW_USER_NAME)) ? request->username : pairfind(request->packet->vps, data->key_attr->attr, data->key_attr->vendor); + key_vp = ((data->key_attr->vendor == 0) && (data->key_attr->attr == PW_USER_NAME)) ? request->username : pairfind(request->packet->vps, data->key_attr->attr, data->key_attr->vendor, TAG_ANY); if (key_vp == NULL) { DEBUG2("rlm_sqlcounter: Could not find Key value pair"); return ret; @@ -563,7 +563,7 @@ static int sqlcounter_authorize(void *instance, REQUEST *request) return ret; } /* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */ - if ((check_vp= pairfind(request->config_items, dattr->attr, dattr->vendor)) == NULL) { + if ((check_vp= pairfind(request->config_items, dattr->attr, dattr->vendor, TAG_ANY)) == NULL) { DEBUG2("rlm_sqlcounter: Could not find Check item value pair"); return ret; } @@ -613,7 +613,7 @@ static int sqlcounter_authorize(void *instance, REQUEST *request) * Limit the reply attribute to the minimum of * the existing value, or this new one. */ - reply_item = pairfind(request->reply->vps, data->reply_attr->attr, data->reply_attr->vendor); + reply_item = pairfind(request->reply->vps, data->reply_attr->attr, data->reply_attr->vendor, TAG_ANY); if (reply_item) { if (reply_item->vp_integer > res) reply_item->vp_integer = res; diff --git a/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c b/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c index b7b6cf5..682b804 100644 --- a/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c +++ b/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c @@ -366,7 +366,7 @@ static int sqlhpwippool_postauth(void *instance, REQUEST *request) rlm_sqlhpwippool_t *data = (rlm_sqlhpwippool_t *) instance; /* if IP is already there, then nothing to do */ - vp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0); + vp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY); if (vp) { nvp_log(__LINE__, data, L_DBG, "sqlhpwippool_postauth(): IP address " @@ -375,7 +375,7 @@ static int sqlhpwippool_postauth(void *instance, REQUEST *request) } /* if no pool name, we don't need to do anything */ - vp = pairfind(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN); + vp = pairfind(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN, TAG_ANY); if (vp) { pname = vp->vp_strvalue; nvp_log(__LINE__, data, L_DBG, @@ -389,7 +389,7 @@ static int sqlhpwippool_postauth(void *instance, REQUEST *request) } /* if no NAS IP address, assign 0 */ - vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0); + vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY); if (vp) { nasip = ntohl(vp->vp_ipaddr); } @@ -680,7 +680,7 @@ static int sqlhpwippool_accounting(void *instance, REQUEST *request) rlm_sqlhpwippool_t *data = (rlm_sqlhpwippool_t *) instance; /* if no unique session ID, don't even try */ - vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0); + vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY); if (vp) { sessid = vp->vp_strvalue; } @@ -690,7 +690,7 @@ static int sqlhpwippool_accounting(void *instance, REQUEST *request) return RLM_MODULE_FAIL; } - vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0); + vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY); if (vp) { acct_type = vp->vp_integer; } @@ -720,7 +720,7 @@ static int sqlhpwippool_accounting(void *instance, REQUEST *request) switch (acct_type) { case PW_STATUS_START: case PW_STATUS_ALIVE: - vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0); + vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY); if (!vp) { nvp_log(__LINE__, data, L_ERR, "sqlhpwippool_accounting(): no framed IP"); sql_release_socket(data->sqlinst, sqlsock); @@ -760,7 +760,7 @@ static int sqlhpwippool_accounting(void *instance, REQUEST *request) case PW_STATUS_ACCOUNTING_OFF: case PW_STATUS_ACCOUNTING_ON: - vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0); + vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY); if (!vp) { nvp_log(__LINE__, data, L_ERR, "sqlhpwippool_accounting(): no NAS IP"); sql_release_socket(data->sqlinst, sqlsock); diff --git a/src/modules/rlm_sqlippool/rlm_sqlippool.c b/src/modules/rlm_sqlippool/rlm_sqlippool.c index 5e387dc..5529a7a 100644 --- a/src/modules/rlm_sqlippool/rlm_sqlippool.c +++ b/src/modules/rlm_sqlippool/rlm_sqlippool.c @@ -543,7 +543,7 @@ static int sqlippool_postauth(void *instance, REQUEST * request) /* * If there is a Framed-IP-Address attribute in the reply do nothing */ - if (pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0) != NULL) { + if (pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY) != NULL) { /* We already have a Framed-IP-Address */ radius_xlat(logstr, sizeof(logstr), data->log_exists, request, NULL, NULL); @@ -552,7 +552,7 @@ static int sqlippool_postauth(void *instance, REQUEST * request) return do_logging(logstr, RLM_MODULE_NOOP); } - if (pairfind(request->config_items, PW_POOL_NAME, 0) == NULL) { + if (pairfind(request->config_items, PW_POOL_NAME, 0, TAG_ANY) == NULL) { RDEBUG("No Pool-Name defined."); radius_xlat(logstr, sizeof(logstr), data->log_nopool, request, NULL, NULL); @@ -831,7 +831,7 @@ static int sqlippool_accounting(void * instance, REQUEST * request) rlm_sqlippool_t * data = (rlm_sqlippool_t *) instance; SQLSOCK * sqlsocket; - vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0); + vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY); if (!vp) { RDEBUG("Could not find account status type in packet."); return RLM_MODULE_NOOP; diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c index abec68c..4ae1634 100644 --- a/src/modules/rlm_unix/rlm_unix.c +++ b/src/modules/rlm_unix/rlm_unix.c @@ -445,7 +445,7 @@ static int unix_accounting(void *instance, REQUEST *request) /* * Which type is this. */ - if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0))==NULL) { + if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY))==NULL) { RDEBUG("no Accounting-Status-Type attribute in request."); return RLM_MODULE_NOOP; } @@ -462,7 +462,7 @@ static int unix_accounting(void *instance, REQUEST *request) * We're only interested in accounting messages * with a username in it. */ - if (pairfind(request->packet->vps, PW_USER_NAME, 0) == NULL) + if (pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY) == NULL) return RLM_MODULE_NOOP; t = request->timestamp; diff --git a/src/modules/rlm_wimax/rlm_wimax.c b/src/modules/rlm_wimax/rlm_wimax.c index 0d7ad4d..4436567 100644 --- a/src/modules/rlm_wimax/rlm_wimax.c +++ b/src/modules/rlm_wimax/rlm_wimax.c @@ -114,7 +114,7 @@ static int wimax_authorize(void *instance, REQUEST *request) /* * Fix Calling-Station-Id. Damn you, WiMAX! */ - vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0); + vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY); if (vp && (vp->length == 6)) { int i; uint8_t buffer[6]; @@ -178,8 +178,8 @@ static int wimax_postauth(void *instance, REQUEST *request) uint8_t mip_rk_1[EVP_MAX_MD_SIZE], mip_rk_2[EVP_MAX_MD_SIZE]; uint8_t mip_rk[2 * EVP_MAX_MD_SIZE]; - msk = pairfind(request->reply->vps, 1129, 0); - emsk = pairfind(request->reply->vps, 1130, 0); + msk = pairfind(request->reply->vps, 1129, 0, TAG_ANY); + emsk = pairfind(request->reply->vps, 1130, 0, TAG_ANY); if (!msk || !emsk) { RDEBUG("No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys."); return RLM_MODULE_NOOP; @@ -190,8 +190,8 @@ static int wimax_postauth(void *instance, REQUEST *request) * the WiMAX-MSK so that the client has a key available. */ if (inst->delete_mppe_keys) { - pairdelete(&request->reply->vps, 16, VENDORPEC_MICROSOFT, -1); - pairdelete(&request->reply->vps, 17, VENDORPEC_MICROSOFT, -1); + pairdelete(&request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY); + pairdelete(&request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY); vp = radius_pairmake(request, &request->reply->vps, "WiMAX-MSK", "0x00", T_OP_EQ); if (vp) { @@ -226,7 +226,7 @@ static int wimax_postauth(void *instance, REQUEST *request) HMAC_Update(&hmac, &usage_data[0], sizeof(usage_data)); HMAC_Final(&hmac, &mip_rk_2[0], &rk2_len); - vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0); + vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY); if (vp) rk_lifetime = vp->vp_integer; memcpy(mip_rk, mip_rk_1, rk1_len); @@ -268,8 +268,8 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Calculate mobility keys */ - mn_nai = pairfind(request->packet->vps, 1900, 0); - if (!mn_nai) mn_nai = pairfind(request->reply->vps, 1900, 0); + mn_nai = pairfind(request->packet->vps, 1900, 0, TAG_ANY); + if (!mn_nai) mn_nai = pairfind(request->reply->vps, 1900, 0, TAG_ANY); if (!mn_nai) { RDEBUG("WARNING: WiMAX-MN-NAI was not found in the request or in the reply."); RDEBUG("WARNING: We cannot calculate MN-HA keys."); @@ -279,7 +279,7 @@ static int wimax_postauth(void *instance, REQUEST *request) * WiMAX-IP-Technology */ vp = NULL; - if (mn_nai) vp = pairfind(request->reply->vps, 23, VENDORPEC_WIMAX); + if (mn_nai) vp = pairfind(request->reply->vps, 23, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { RDEBUG("WARNING: WiMAX-IP-Technology not found in reply."); RDEBUG("WARNING: Not calculating MN-HA keys"); @@ -290,7 +290,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Look for WiMAX-hHA-IP-MIP4 */ - ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX); + ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY); if (!ip) { RDEBUG("WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-PMIP4 key"); break; @@ -310,7 +310,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Put MN-HA-PMIP4 into WiMAX-MN-hHA-MIP4-Key */ - vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX); + vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 10, VENDORPEC_WIMAX, PW_TYPE_OCTETS); @@ -325,7 +325,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Put MN-HA-PMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI */ - vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX); + vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 11, VENDORPEC_WIMAX, PW_TYPE_INTEGER); @@ -341,7 +341,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Look for WiMAX-hHA-IP-MIP4 */ - ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX); + ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY); if (!ip) { RDEBUG("WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-CMIP4 key"); break; @@ -361,7 +361,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Put MN-HA-CMIP4 into WiMAX-MN-hHA-MIP4-Key */ - vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX); + vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 10, VENDORPEC_WIMAX, PW_TYPE_OCTETS); @@ -376,7 +376,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Put MN-HA-CMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI */ - vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX); + vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 11, VENDORPEC_WIMAX, PW_TYPE_INTEGER); @@ -392,7 +392,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Look for WiMAX-hHA-IP-MIP6 */ - ip = pairfind(request->reply->vps, 7, VENDORPEC_WIMAX); + ip = pairfind(request->reply->vps, 7, VENDORPEC_WIMAX, TAG_ANY); if (!ip) { RDEBUG("WARNING: WiMAX-hHA-IP-MIP6 not found. Cannot calculate MN-HA-CMIP6 key"); break; @@ -412,7 +412,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Put MN-HA-CMIP6 into WiMAX-MN-hHA-MIP6-Key */ - vp = pairfind(request->reply->vps, 12, VENDORPEC_WIMAX); + vp = pairfind(request->reply->vps, 12, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 12, VENDORPEC_WIMAX, PW_TYPE_OCTETS); @@ -427,7 +427,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * Put MN-HA-CMIP6-SPI into WiMAX-MN-hHA-MIP6-SPI */ - vp = pairfind(request->reply->vps, 13, VENDORPEC_WIMAX); + vp = pairfind(request->reply->vps, 13, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 13, VENDORPEC_WIMAX, PW_TYPE_INTEGER); @@ -448,7 +448,7 @@ static int wimax_postauth(void *instance, REQUEST *request) * * FA-RK= H(MIP-RK, "FA-RK") */ - fa_rk = pairfind(request->reply->vps, 14, VENDORPEC_WIMAX); + fa_rk = pairfind(request->reply->vps, 14, VENDORPEC_WIMAX, TAG_ANY); if (fa_rk && (fa_rk->length <= 1)) { HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL); @@ -465,7 +465,7 @@ static int wimax_postauth(void *instance, REQUEST *request) * really MIP-SPI. Clear? Of course. This is WiMAX. */ if (fa_rk) { - vp = pairfind(request->reply->vps, 61, VENDORPEC_WIMAX); + vp = pairfind(request->reply->vps, 61, VENDORPEC_WIMAX, TAG_ANY); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 61, VENDORPEC_WIMAX, PW_TYPE_INTEGER); @@ -482,7 +482,7 @@ static int wimax_postauth(void *instance, REQUEST *request) * * WiMAX-RRQ-MN-HA-SPI */ - vp = pairfind(request->packet->vps, 20, VENDORPEC_WIMAX); + vp = pairfind(request->packet->vps, 20, VENDORPEC_WIMAX, TAG_ANY); if (vp) { RDEBUG("Client requested MN-HA key: Should use SPI to look up key from storage."); if (!mn_nai) { @@ -492,7 +492,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * WiMAX-RRQ-HA-IP */ - if (!pairfind(request->packet->vps, 18, VENDORPEC_WIMAX)) { + if (!pairfind(request->packet->vps, 18, VENDORPEC_WIMAX, TAG_ANY)) { RDEBUG("WARNING: HA-IP was not found!"); } @@ -500,7 +500,7 @@ static int wimax_postauth(void *instance, REQUEST *request) /* * WiMAX-HA-RK-Key-Requested */ - vp = pairfind(request->packet->vps, 58, VENDORPEC_WIMAX); + vp = pairfind(request->packet->vps, 58, VENDORPEC_WIMAX, TAG_ANY); if (vp && (vp->vp_integer == 1)) { RDEBUG("Client requested HA-RK: Should use IP to look it up from storage."); } -- 2.1.4