return;
}
-/*
- * Copy the specified attribute to the specified list
- */
-static int mypairappend(REQUEST *request, VALUE_PAIR *item, VALUE_PAIR **to)
-{
- VALUE_PAIR *tmp;
- tmp = radius_paircreate(request, to, item->attribute, item->type);
-
- /*
- * Copy EVERYTHING.
- */
- memcpy(tmp, item, sizeof(*tmp));
- tmp->next = NULL;
- *to = tmp;
-
- return 0;
-}
static int getattrsfile(const char *filename, PAIR_LIST **pair_list)
{
* and we ignore Fall-Through,
* then bitch about it, giving a good warning message.
*/
- if (!(vp->attribute & ~0xffff) &&
+ if ((vp->vendor == 0) &&
(vp->attribute > 0xff) &&
(vp->attribute > 1000)) {
log_debug("[%s]:%d WARNING! Check item \"%s\"\n"
* Common attr_filter checks
*/
static int attr_filter_common(void *instance, REQUEST *request,
- VALUE_PAIR **input)
+ RADIUS_PACKET *packet)
{
struct attr_filter_instance *inst = instance;
VALUE_PAIR *vp;
- VALUE_PAIR *output = NULL;
+ VALUE_PAIR *output;
VALUE_PAIR **output_tail;
VALUE_PAIR *check_item;
PAIR_LIST *pl;
int found = 0;
int pass, fail = 0;
char *keyname = NULL;
+ VALUE_PAIR **input;
char buffer[256];
+ if (!packet) return RLM_MODULE_NOOP;
+
+ input = &(packet->vps);
+
if (!inst->key) {
VALUE_PAIR *namepair;
- namepair = pairfind(request->packet->vps, PW_REALM);
+ namepair = pairfind(request->packet->vps, PW_REALM, 0);
if (!namepair) {
return (RLM_MODULE_NOOP);
}
keyname = buffer;
}
+ output = NULL;
output_tail = &output;
/*
for (check_item = pl->check;
check_item != NULL;
check_item = check_item->next) {
- if (check_item->attribute == PW_FALL_THROUGH) {
+ if ((check_item->attribute == PW_FALL_THROUGH) &&
+ (check_item->vp_integer == 1)) {
fall_through = 1;
continue;
}
* the output list without checking it.
*/
if (check_item->operator == T_OP_SET ) {
- if (mypairappend(request, check_item, output_tail) < 0) {
+ vp = paircopyvp(check_item);
+ if (!vp) {
pairfree(&output);
return RLM_MODULE_FAIL;
}
- output_tail = &((*output_tail)->next);
+ *output_tail = vp;
+ output_tail = &(vp->next);
}
}
* is always true.
*/
if ((check_item->attribute == PW_VENDOR_SPECIFIC) &&
- (VENDOR(vp->attribute) != 0) &&
+ (vp->vendor != 0) &&
(check_item->operator == T_OP_CMP_TRUE)) {
pass++;
continue;
/* only move attribute if it passed all rules */
if (fail == 0 && pass > 0) {
- if (mypairappend(request, vp, output_tail) < 0) {
+ *output_tail = paircopyvp(vp);
+ if (!*output_tail) {
pairfree(&output);
return RLM_MODULE_FAIL;
}
pairfree(input);
*input = output;
+ if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
+ request->username = pairfind(request->packet->vps,
+ PW_STRIPPED_USER_NAME, 0);
+ if (!request->username)
+ request->username = pairfind(request->packet->vps,
+ PW_USER_NAME, 0);
+ request->password = pairfind(request->packet->vps,
+ PW_USER_PASSWORD, 0);
+ }
+
return RLM_MODULE_UPDATED;
}
+static int attr_filter_preacct(void *instance, REQUEST *request)
+{
+ return attr_filter_common(instance, request, request->packet);
+}
+
static int attr_filter_accounting(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->packet->vps);
+ return attr_filter_common(instance, request, request->reply);
}
+#ifdef WITH_PROXY
static int attr_filter_preproxy(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->proxy->vps);
+ return attr_filter_common(instance, request, request->proxy);
}
static int attr_filter_postproxy(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->proxy_reply->vps);
+ return attr_filter_common(instance, request, request->proxy_reply);
}
+#endif
static int attr_filter_postauth(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->reply->vps);
+ return attr_filter_common(instance, request, request->reply);
+}
+
+static int attr_filter_authorize(void *instance, REQUEST *request)
+{
+ return attr_filter_common(instance, request, request->packet);
}
module_t rlm_attr_filter = {
RLM_MODULE_INIT,
"attr_filter",
- 0, /* type: reserved */
+ RLM_TYPE_CHECK_CONFIG_SAFE | RLM_TYPE_HUP_SAFE, /* type */
attr_filter_instantiate, /* instantiation */
attr_filter_detach, /* detach */
{
NULL, /* authentication */
- NULL, /* authorization */
- NULL, /* preaccounting */
+ attr_filter_authorize, /* authorization */
+ attr_filter_preacct, /* pre-acct */
attr_filter_accounting, /* accounting */
NULL, /* checksimul */
+#ifdef WITH_PROXY
attr_filter_preproxy, /* pre-proxy */
attr_filter_postproxy, /* post-proxy */
+#else
+ NULL, NULL,
+#endif
attr_filter_postauth /* post-auth */
},
};