VALUE_PAIR *pair;
int port = 0;
- if ((cli = pairfind(request->packet->vps, PW_CALLING_STATION_ID)) == NULL)
+ if ((cli = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) == NULL)
do_cli = 0;
- if ((pair = pairfind(request->packet->vps, PW_NAS_PORT)) != NULL)
+ if ((pair = pairfind(request->packet->vps, PW_NAS_PORT, 0)) != NULL)
port = pair->vp_integer;
snprintf(buf, buflen, "from client %.128s port %u%s%.128s%s",
* Make sure user/pass are clean
* and then log them
*/
-static int rad_authlog(const char *msg, REQUEST *request, int goodpass) {
-
+static int rad_authlog(const char *msg, REQUEST *request, int goodpass)
+{
+ int logit;
+ const char *extra_msg = NULL;
char clean_password[1024];
char clean_username[1024];
char buf[1024];
+ char extra[1024];
VALUE_PAIR *username = NULL;
if (!request->root->log_auth) {
* Get the correct username based on the configured value
*/
if (log_stripped_names == 0) {
- username = pairfind(request->packet->vps, PW_USER_NAME);
+ username = pairfind(request->packet->vps, PW_USER_NAME, 0);
} else {
username = request->username;
}
if (username == NULL) {
strcpy(clean_username, "<no User-Name attribute>");
} else {
- librad_safeprint((char *)username->vp_strvalue,
+ fr_print_string((char *)username->vp_strvalue,
username->length,
clean_username, sizeof(clean_username));
}
VALUE_PAIR *auth_type;
auth_type = pairfind(request->config_items,
- PW_AUTH_TYPE);
+ PW_AUTH_TYPE, 0);
if (auth_type && (auth_type->vp_strvalue[0] != '\0')) {
snprintf(clean_password, sizeof(clean_password),
"<via Auth-Type = %s>",
} else {
strcpy(clean_password, "<no User-Password attribute>");
}
- } else if (pairfind(request->packet->vps, PW_CHAP_PASSWORD)) {
+ } else if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0)) {
strcpy(clean_password, "<CHAP-Password>");
} else {
- librad_safeprint((char *)request->password->vp_strvalue,
+ fr_print_string((char *)request->password->vp_strvalue,
request->password->length,
clean_password, sizeof(clean_password));
}
}
if (goodpass) {
- radlog_request(L_AUTH, 0, request, "%s: [%s%s%s] (%s)",
- msg,
- clean_username,
- request->root->log_auth_goodpass ? "/" : "",
- request->root->log_auth_goodpass ? clean_password : "",
- auth_name(buf, sizeof(buf), request, 1));
+ logit = request->root->log_auth_goodpass;
+ extra_msg = request->root->auth_goodpass_msg;
+ } else {
+ logit = request->root->log_auth_badpass;
+ extra_msg = request->root->auth_badpass_msg;
+ }
+
+ if (extra_msg) {
+ extra[0] = ' ';
+ radius_xlat(extra + 1, sizeof(extra) - 1, extra_msg, request,
+ NULL);
} else {
- radlog_request(L_AUTH, 0, request, "%s: [%s%s%s] (%s)",
- msg,
- clean_username,
- request->root->log_auth_badpass ? "/" : "",
- request->root->log_auth_badpass ? clean_password : "",
- auth_name(buf, sizeof(buf), request, 1));
+ *extra = '\0';
}
+ radlog_request(L_AUTH, 0, request, "%s: [%s%s%s] (%s)%s",
+ msg,
+ clean_username,
+ logit ? "/" : "",
+ logit ? clean_password : "",
+ auth_name(buf, sizeof(buf), request, 1),
+ extra);
+
return 0;
}
* PW_AUTHTYPE_REJECT.
*/
cur_config_item = request->config_items;
- while(((auth_type_pair = pairfind(cur_config_item, PW_AUTH_TYPE))) != NULL) {
+ while(((auth_type_pair = pairfind(cur_config_item, PW_AUTH_TYPE, 0))) != NULL) {
+ DICT_VALUE *dv;
auth_type = auth_type_pair->vp_integer;
auth_type_count++;
- DICT_VALUE *dv = dict_valbyattr(auth_type_pair->attribute,
- auth_type_pair->vp_integer);
+ dv = dict_valbyattr(auth_type_pair->attribute,
+ auth_type_pair->vp_integer, 0);
RDEBUG2("Found Auth-Type = %s",
(dv != NULL) ? dv->name : "?");
return 0;
}
- password_pair = pairfind(request->config_items, PW_USER_PASSWORD);
+ password_pair = pairfind(request->config_items, PW_USER_PASSWORD, 0);
if (password_pair &&
- pairfind(request->config_items, PW_CLEARTEXT_PASSWORD)) {
- pairdelete(&request->config_items, PW_USER_PASSWORD);
+ pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0)) {
+ pairdelete(&request->config_items, PW_USER_PASSWORD, 0);
password_pair = NULL;
}
RDEBUG("!!! clear text password is in Cleartext-Password, and not in User-Password. !!!");
RDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
password_pair->attribute = PW_CLEARTEXT_PASSWORD;
- da = dict_attrbyvalue(PW_CLEARTEXT_PASSWORD);
+ da = dict_attrbyvalue(PW_CLEARTEXT_PASSWORD, 0);
if (!da) {
radlog_request(L_ERR, 0, request, "FATAL: You broke the dictionaries. Please use the default dictionaries!");
_exit(1);
* FIXME: We should get rid of these hacks, and replace
* them with a module.
*/
- if ((password_pair = pairfind(request->config_items, PW_CRYPT_PASSWORD)) != NULL) {
+ if ((password_pair = pairfind(request->config_items, PW_CRYPT_PASSWORD, 0)) != NULL) {
/*
* Re-write Auth-Type, but ONLY if it isn't already
* set.
*/
if (auth_type == -1) auth_type = PW_AUTHTYPE_CRYPT;
} else {
- password_pair = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD);
+ password_pair = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0);
}
if (auth_type < 0) {
*
* This is fail-safe.
*/
- RDEBUG2("No authenticate method (Auth-Type) configuration found for the request: Rejecting the user");
+ RDEBUG2("ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user");
return -2;
}
}
auth_item = request->password;
if (!auth_item)
auth_item = pairfind(request->packet->vps,
- PW_CHAP_PASSWORD);
+ PW_CHAP_PASSWORD, 0);
if (!auth_item) {
RDEBUG2("No User-Password or CHAP-Password attribute in the request.");
RDEBUG2("Cannot perform authentication.");
/*
* Do post-authentication calls. ignoring the return code.
*/
- vp = pairfind(request->config_items, PW_POST_AUTH_TYPE);
+ vp = pairfind(request->config_items, PW_POST_AUTH_TYPE, 0);
if (vp) {
RDEBUG2("Using Post-Auth-Type %s", vp->vp_strvalue);
postauth_type = vp->vp_integer;
case PW_AUTHENTICATION_ACK:
tmp = radius_paircreate(request,
&request->config_items,
- PW_AUTH_TYPE, PW_TYPE_INTEGER);
+ PW_AUTH_TYPE, 0, PW_TYPE_INTEGER);
if (tmp) tmp->vp_integer = PW_AUTHTYPE_ACCEPT;
goto authenticate;
* done by the server, by rejecting them here.
*/
case PW_AUTHENTICATION_REJECT:
- default:
rad_authlog("Login incorrect (Home Server says so)",
request, 0);
request->reply->code = PW_AUTHENTICATION_REJECT;
return RLM_MODULE_REJECT;
+
+ default:
+ rad_authlog("Login incorrect (Home Server failed to respond)",
+ request, 0);
+ return RLM_MODULE_REJECT;
}
}
#endif
*/
if (!request->password) {
request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD);
+ PW_USER_PASSWORD, 0);
}
/*
* Maybe there's a CHAP-Password?
*/
if ((auth_item = pairfind(request->packet->vps,
- PW_CHAP_PASSWORD)) != NULL) {
+ PW_CHAP_PASSWORD, 0)) != NULL) {
password = "<CHAP-PASSWORD>";
} else {
case RLM_MODULE_USERLOCK:
default:
if ((module_msg = pairfind(request->packet->vps,
- PW_MODULE_FAILURE_MESSAGE)) != NULL) {
+ PW_MODULE_FAILURE_MESSAGE, 0)) != NULL) {
char msg[MAX_STRING_LEN + 16];
snprintf(msg, sizeof(msg), "Invalid user (%s)",
module_msg->vp_strvalue);
return result;
}
if (!autz_retry) {
- tmp = pairfind(request->config_items, PW_AUTZ_TYPE);
+ tmp = pairfind(request->config_items, PW_AUTZ_TYPE, 0);
if (tmp) {
RDEBUG2("Using Autz-Type %s", tmp->vp_strvalue);
autz_type = tmp->vp_integer;
#ifdef WITH_PROXY
(request->proxy == NULL) &&
#endif
- ((tmp = pairfind(request->config_items, PW_PROXY_TO_REALM)) != NULL)) {
+ ((tmp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0)) != NULL)) {
REALM *realm;
realm = realm_find2(tmp->vp_strvalue);
RDEBUG2("Failed to authenticate the user.");
request->reply->code = PW_AUTHENTICATION_REJECT;
- if ((module_msg = pairfind(request->packet->vps,PW_MODULE_FAILURE_MESSAGE)) != NULL){
+ if ((module_msg = pairfind(request->packet->vps,PW_MODULE_FAILURE_MESSAGE, 0)) != NULL){
char msg[MAX_STRING_LEN+19];
snprintf(msg, sizeof(msg), "Login incorrect (%s)",
#ifdef WITH_SESSION_MGMT
if (result >= 0 &&
- (check_item = pairfind(request->config_items, PW_SIMULTANEOUS_USE)) != NULL) {
+ (check_item = pairfind(request->config_items, PW_SIMULTANEOUS_USE, 0)) != NULL) {
int r, session_type = 0;
char logstr[1024];
char umsg[MAX_STRING_LEN + 1];
const char *user_msg = NULL;
- tmp = pairfind(request->config_items, PW_SESSION_TYPE);
+ tmp = pairfind(request->config_items, PW_SESSION_TYPE, 0);
if (tmp) {
RDEBUG2("Using Session-Type %s", tmp->vp_strvalue);
session_type = tmp->vp_integer;
/* Multilink attempt. Check if port-limit > simultaneous-use */
VALUE_PAIR *port_limit;
- if ((port_limit = pairfind(request->reply->vps, PW_PORT_LIMIT)) != NULL &&
+ if ((port_limit = pairfind(request->reply->vps, PW_PORT_LIMIT, 0)) != NULL &&
port_limit->vp_integer > check_item->vp_integer){
RDEBUG2("MPP is OK");
mpp_ok = 1;
* vp->addport is set.
*/
if (((tmp = pairfind(request->reply->vps,
- PW_FRAMED_IP_ADDRESS)) != NULL) &&
+ PW_FRAMED_IP_ADDRESS, 0)) != NULL) &&
(tmp->flags.addport != 0)) {
VALUE_PAIR *vpPortId;
* Find the NAS port ID.
*/
if ((vpPortId = pairfind(request->packet->vps,
- PW_NAS_PORT)) != NULL) {
+ PW_NAS_PORT, 0)) != NULL) {
unsigned long tvalue = ntohl(tmp->vp_integer);
tmp->vp_integer = htonl(tvalue + vpPortId->vp_integer);
tmp->flags.addport = 0;
ip_ntoa(tmp->vp_strvalue, tmp->vp_integer);
} else {
RDEBUG2("WARNING: No NAS-Port attribute in request. CANNOT return a Framed-IP-Address + NAS-Port.\n");
- pairdelete(&request->reply->vps, PW_FRAMED_IP_ADDRESS);
+ pairdelete(&request->reply->vps, PW_FRAMED_IP_ADDRESS, 0);
}
}
if (request->reply->code == 0)
request->reply->code = PW_AUTHENTICATION_ACK;
- if ((module_msg = pairfind(request->packet->vps,PW_MODULE_SUCCESS_MESSAGE)) != NULL){
+ if ((module_msg = pairfind(request->packet->vps,PW_MODULE_SUCCESS_MESSAGE, 0)) != NULL){
char msg[MAX_STRING_LEN+12];
snprintf(msg, sizeof(msg), "Login OK (%s)",