* and we ignore Fall-Through,
* then bitch about it, giving a good warning message.
*/
- if (!(vp->attribute & ~0xffff) &&
+ if ((vp->vendor == 0) &&
(vp->attribute > 0xff) &&
(vp->attribute > 1000)) {
log_debug("[%s]:%d WARNING! Check item \"%s\"\n"
* Common attr_filter checks
*/
static int attr_filter_common(void *instance, REQUEST *request,
- VALUE_PAIR **input)
+ RADIUS_PACKET *packet)
{
struct attr_filter_instance *inst = instance;
VALUE_PAIR *vp;
int found = 0;
int pass, fail = 0;
char *keyname = NULL;
+ VALUE_PAIR **input;
char buffer[256];
+ if (!packet) return RLM_MODULE_NOOP;
+
+ input = &(packet->vps);
+
if (!inst->key) {
VALUE_PAIR *namepair;
- namepair = pairfind(request->packet->vps, PW_REALM);
+ namepair = pairfind(request->packet->vps, PW_REALM, 0);
if (!namepair) {
return (RLM_MODULE_NOOP);
}
for (check_item = pl->check;
check_item != NULL;
check_item = check_item->next) {
- if (check_item->attribute == PW_FALL_THROUGH) {
+ if ((check_item->attribute == PW_FALL_THROUGH) &&
+ (check_item->vp_integer == 1)) {
fall_through = 1;
continue;
}
* is always true.
*/
if ((check_item->attribute == PW_VENDOR_SPECIFIC) &&
- (VENDOR(vp->attribute) != 0) &&
+ (vp->vendor != 0) &&
(check_item->operator == T_OP_CMP_TRUE)) {
pass++;
continue;
if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
request->username = pairfind(request->packet->vps,
- PW_STRIPPED_USER_NAME);
+ PW_STRIPPED_USER_NAME, 0);
if (!request->username)
request->username = pairfind(request->packet->vps,
- PW_USER_NAME);
+ PW_USER_NAME, 0);
request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD);
+ PW_USER_PASSWORD, 0);
}
return RLM_MODULE_UPDATED;
static int attr_filter_preacct(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->packet->vps);
+ return attr_filter_common(instance, request, request->packet);
}
static int attr_filter_accounting(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->reply->vps);
+ return attr_filter_common(instance, request, request->reply);
}
+#ifdef WITH_PROXY
static int attr_filter_preproxy(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->proxy->vps);
+ return attr_filter_common(instance, request, request->proxy);
}
static int attr_filter_postproxy(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->proxy_reply->vps);
+ return attr_filter_common(instance, request, request->proxy_reply);
}
+#endif
static int attr_filter_postauth(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->reply->vps);
+ return attr_filter_common(instance, request, request->reply);
}
static int attr_filter_authorize(void *instance, REQUEST *request)
{
- return attr_filter_common(instance, request, &request->packet->vps);
+ return attr_filter_common(instance, request, request->packet);
}
attr_filter_preacct, /* pre-acct */
attr_filter_accounting, /* accounting */
NULL, /* checksimul */
+#ifdef WITH_PROXY
attr_filter_preproxy, /* pre-proxy */
attr_filter_postproxy, /* post-proxy */
+#else
+ NULL, NULL,
+#endif
attr_filter_postauth /* post-auth */
},
};