vp_print(fr_log_fp, vp); \
} \
} while(0)
-# define TAG_VALID(x) ((x) > 0 && (x) < 0x20)
-# define TAG_VALID_ZERO(x) ((x) < 0x20)
-# define TAG_ANY -128 /* minimum signed char */
#endif
+#define TAG_VALID(x) ((x) > 0 && (x) < 0x20)
+#define TAG_VALID_ZERO(x) ((x) < 0x20)
+#define TAG_ANY -128 /* minimum signed char */
+#define TAG_UNUSED 0
+
#if defined(__GNUC__)
# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
# define NEVER_RETURNS __attribute__ ((noreturn))
VALUE_PAIR *paircreate(int attr, int vendor, int type);
void pairfree(VALUE_PAIR **);
void pairbasicfree(VALUE_PAIR *pair);
-VALUE_PAIR *pairfind(VALUE_PAIR *, unsigned int attr, unsigned int vendor);
+VALUE_PAIR *pairfind(VALUE_PAIR *, unsigned int attr, unsigned int vendor, int8_t tag);
void pairdelete(VALUE_PAIR **, unsigned int attr, unsigned int vendor, int8_t tag);
void pairadd(VALUE_PAIR **, VALUE_PAIR *);
void pairreplace(VALUE_PAIR **first, VALUE_PAIR *add);
VALUE_PAIR *paircopy(VALUE_PAIR *vp);
VALUE_PAIR *paircopy2(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor, int8_t tag);
void pairmove(VALUE_PAIR **to, VALUE_PAIR **from);
-void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned int vendor);
+void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned int vendor, int8_t tag);
VALUE_PAIR *pairparsevalue(VALUE_PAIR *vp, const char *value);
VALUE_PAIR *pairmake(const char *attribute, const char *value, int operator);
VALUE_PAIR *pairmake_xlat(const char *attribute, const char *value, int operator);
VALUE_PAIR *pairread(const char **ptr, FR_TOKEN *eol);
FR_TOKEN userparse(const char *buffer, VALUE_PAIR **first_pair);
-VALUE_PAIR *readvp2(FILE *fp, int *pfiledone, const char *errprefix);
+VALUE_PAIR *readvp2(FILE *fp, int *pfiledone, const char *errprefix);
/*
* Error functions.
/*
* DHCP Opcode is request
*/
- vp = pairfind(head, 256, DHCP_MAGIC_VENDOR);
+ vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp && vp->vp_integer == 3) {
/*
* Vendor is "MSFT 98"
*/
- vp = pairfind(head, 63, DHCP_MAGIC_VENDOR);
+ vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
- vp = pairfind(head, 262, DHCP_MAGIC_VENDOR);
+ vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
/*
* Reply should be broadcast.
* Client can request a LARGER size, but not a smaller
* one. They also cannot request a size larger than MTU.
*/
- maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR);
- mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR);
+ maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
+ mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification.");
if (fr_debug_flag) {
for (i = 256; i < 269; i++) {
- vp = pairfind(packet->vps, i,
- DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, i, DHCP_MAGIC_VENDOR, TAG_ANY);
if (!vp) continue;
debug_pair(vp);
* smaller one. They also cannot request a size
* larger than MTU.
*/
- vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR);
+ vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp && (vp->vp_integer > mms)) {
mms = vp->vp_integer;
/*
* RFC 3118: Authentication option.
*/
- vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
if (vp->length < 2) {
memset(vp->vp_octets + vp->length, 0,
VALUE_PAIR *pass;
vp->vp_octets[1] = 0;
- pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR);
+ pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR, TAG_ANY);
if (pass) {
length = pass->length;
if ((length + 11) > sizeof(vp->vp_octets)) {
}
}
- vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
*p++ = vp->vp_integer & 0xff;
} else {
*p++ = 1; /* hardware type = ethernet */
*p++ = 6; /* 6 bytes of ethernet */
- vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
*p++ = vp->vp_integer & 0xff;
} else {
/*
* Allow the admin to set the broadcast flag.
*/
- vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
p[0] |= (vp->vp_integer & 0xff00) >> 8;
p[1] |= (vp->vp_integer & 0xff);
/*
* Set client IP address.
*/
- vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR); /* Your IP address */
+ vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* Your IP address */
if (vp) {
lvalue = vp->vp_ipaddr;
} else {
memcpy(p, &lvalue, 4); /* your IP address */
p += 4;
- vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR); /* server IP address */
- if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR); /* identifier */
+ vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY); /* server IP address */
+ if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* identifier */
if (vp) {
lvalue = vp->vp_ipaddr;
} else {
if (original) {
memcpy(p, original->data + 24, 4); /* copy gateway IP address */
} else {
- vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
lvalue = vp->vp_ipaddr;
} else {
if (original) {
memcpy(p, original->data + 28, DHCP_CHADDR_LEN);
} else {
- vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
if (vp->length > DHCP_CHADDR_LEN) {
memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN);
* When that happens, the boot filename is passed as an option,
* instead of being placed verbatim in the filename field.
*/
- vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR);
+ vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
if (vp->length > DHCP_FILE_LEN) {
memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
* Use Chap-Challenge pair if present,
* Request Authenticator otherwise.
*/
- challenge = pairfind(packet->vps, PW_CHAP_CHALLENGE, 0);
+ challenge = pairfind(packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY);
if (challenge) {
memcpy(ptr, challenge->vp_strvalue, challenge->length);
i += challenge->length;
/*
* Find the pair with the matching attribute
*/
-VALUE_PAIR * pairfind(VALUE_PAIR *first, unsigned int attr, unsigned int vendor)
+VALUE_PAIR * pairfind(VALUE_PAIR *first, unsigned int attr, unsigned int vendor,
+ int8_t tag)
{
while (first) {
- if ((first->attribute == attr) && (first->vendor == vendor)) {
+ if ((first->attribute == attr) && (first->vendor == vendor)
+ && ((tag == TAG_ANY) ||
+ (first->flags.has_tag && (first->flags.tag == tag)))) {
return first;
}
first = first->next;
*
* Delete matching pairs from the attribute list.
*
- * @param[in+out] vp which is head of the list.
+ * @param[in+out] first VP in list.
* @param[in] attr to match.
* @param[in] vendor to match.
- * @param[in] tag to match, only used if > 0.
+ * @param[in] tag to match. TAG_ANY matches any tag, TAG_UNUSED matches tagless VPs.
*/
void pairdelete(VALUE_PAIR **first, unsigned int attr, unsigned int vendor,
int8_t tag)
for(i = *first; i; i = next) {
next = i->next;
if ((i->attribute == attr) && (i->vendor == vendor) &&
- ((tag < 0) ||
+ ((tag == TAG_ANY) ||
(i->flags.has_tag && (i->flags.tag == tag)))) {
*last = next;
pairbasicfree(i);
}
}
-/*
- * Add a pair at the end of a VALUE_PAIR list.
+/** Add a VP to the end of the list.
+ *
+ * Locates the end of 'first', and links an additional VP 'add' at the end.
+ *
+ * @param[in] first VP in linked list. Will add new VP to the end of this list.
+ * @param[in] add VP to add to list.
+ * @return a copy of the input VP
*/
void pairadd(VALUE_PAIR **first, VALUE_PAIR *add)
{
i->next = add;
}
-/*
- * Add or replace a pair at the end of a VALUE_PAIR list.
+/** Replace all matching VPs
+ *
+ * Walks over 'first', and replaces the first VP that matches 'replace'.
+ *
+ * @note Memory used by the VP being replaced will be freed.
+ *
+ * @param[in+out] first VP in linked list. Will search and replace in this list.
+ * @param[in] replace VP to replace.
+ * @return a copy of the input vp
*/
void pairreplace(VALUE_PAIR **first, VALUE_PAIR *replace)
{
* and return.
*/
if ((i->attribute == replace->attribute) &&
- (i->vendor == replace->vendor)) {
+ (i->vendor == replace->vendor) &&
+ (!i->flags.has_tag || (i->flags.tag == replace->flags.tag))
+ ) {
*prev = replace;
/*
}
-/*
- * Copy just one VP.
+/** Copy a single valuepair
+ *
+ * Copy the head of the vp list.
+ *
+ * @param[in] vp to copy.
+ * @return a copy of the input VP
*/
VALUE_PAIR *paircopyvp(const VALUE_PAIR *vp)
{
*
* @param[in] vp which is head of the input list.
* @param[in] attr to match, if 0 input list will not be filtered by attr.
- * @param[in] vendor to match
- * @param[in] tag to match, if < 0 input list will not be filtered by vendor,
- * if >= 0 only attributes with that tag value will be copied.
+ * @param[in] vendor to match.
+ * @param[in] tag to match, TAG_ANY matches any tag, TAG_UNUSED matches tagless VPs.
* @return the head of the new VALUE_PAIR list.
*/
VALUE_PAIR *paircopy2(VALUE_PAIR *vp, unsigned int attr, unsigned int vendor,
int8_t tag)
{
- VALUE_PAIR *first, *n, **last;
+ VALUE_PAIR *first, *n, **last;
first = NULL;
last = &first;
((vp->attribute != attr) || (vp->vendor != vendor)))
goto skip;
- if ((tag >= 0) && vp->flags.has_tag && (vp->flags.tag != tag))
+ if ((tag != TAG_ANY) && vp->flags.has_tag &&
+ (vp->flags.tag != tag)) {
goto skip;
+ }
n = paircopyvp(vp);
if (!n) return first;
*/
VALUE_PAIR *paircopy(VALUE_PAIR *vp)
{
- return paircopy2(vp, 0, 0, -1);
+ return paircopy2(vp, 0, 0, TAG_ANY);
}
-
-/*
- * Move attributes from one list to the other
- * if not already present.
+/** Move pairs from source list to destination list respecting operator
+ *
+ * @note This function does some additional magic that's probably not needed
+ * in most places. Consider using radius_pairmove in server code.
+ *
+ * @note pairfree should be called on the head of the source list to free
+ * unmoved attributes (if they're no longer needed).
+ *
+ * @note Does not respect tags when matching.
+ *
+ * @param[in+out] to destination list.
+ * @param[in+out] from source list.
+ *
+ * @see radius_pairmove
*/
void pairmove(VALUE_PAIR **to, VALUE_PAIR **from)
{
if (i->attribute == PW_FALL_THROUGH ||
(i->attribute != PW_HINT && i->attribute != PW_FRAMED_ROUTE)) {
- found = pairfind(*to, i->attribute, i->vendor);
+
+ found = pairfind(*to, i->attribute, i->vendor, TAG_ANY);
switch (i->operator) {
- /*
- * If matching attributes are found,
- * delete them.
- */
+ /*
+ * If matching attributes are found,
+ * delete them.
+ */
case T_OP_SUB: /* -= */
if (found) {
if (!i->vp_strvalue[0] ||
(strcmp((char *)found->vp_strvalue,
(char *)i->vp_strvalue) == 0)){
- pairdelete(to, found->attribute, found->vendor, found->flags.tag);
+ pairdelete(to, found->attribute, found->vendor, TAG_ANY);
/*
* 'tailto' may have been
memcpy(found, i, sizeof(*found));
found->next = mynext;
- pairdelete(&found->next, found->attribute, found->vendor, found->flags.tag);
+ pairdelete(&found->next, found->attribute, found->vendor, TAG_ANY);
/*
* 'tailto' may have been
}
}
-/*
- * Move one kind of attributes from one list to the other
+/** Move matching pairs
+ *
+ * Move pairs of a matching attribute number, vendor number and tag from the
+ * the input list to the output list.
+ *
+ * @note pairfree should be called on the head of the old list to free unmoved
+ attributes (if they're no longer needed).
+ *
+ * @param[in+out] to destination list.
+ * @param[in+out] from source list.
+ * @param[in] attr to match, if PW_VENDOR_SPECIFIC and vendor 0, only VSAs will
+ * be copied.
+ * @param[in] vendor to match.
+ * @param[in] tag to match, TAG_ANY matches any tag, TAG_UNUSED matches tagless VPs.
*/
-void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr, unsigned int vendor)
+void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, unsigned int attr,
+ unsigned int vendor, int8_t tag)
{
VALUE_PAIR *to_tail, *i, *next;
VALUE_PAIR *iprev = NULL;
for(i = *from; i; i = next) {
next = i->next;
+ if ((tag != TAG_ANY) && i->flags.has_tag &&
+ (i->flags.tag != tag)) {
+ continue;
+ }
+
/*
* vendor=0, attr = PW_VENDOR_SPECIFIC means
* "match any vendor attribute".
return error ? NULL: list;
}
-
-
/*
* Compare two pairs, using the operator from "one".
*
* e.g. "foo" != "bar"
*
* Returns true (comparison is true), or false (comparison is not true);
- *
- * FIXME: Ignores tags!
*/
int paircmp(VALUE_PAIR *one, VALUE_PAIR *two)
{
if (packet->data) return 0;
- vp = pairfind(packet->vps, PW_VQP_PACKET_TYPE, 0);
+ vp = pairfind(packet->vps, PW_VQP_PACKET_TYPE, 0, TAG_ANY);
if (!vp) {
fr_strerror_printf("Failed to find VQP-Packet-Type in response packet");
return -1;
length = VQP_HDR_LEN;
memset(vps, 0, sizeof(vps));
- vp = pairfind(packet->vps, PW_VQP_ERROR_CODE, 0);
+ vp = pairfind(packet->vps, PW_VQP_ERROR_CODE, 0, TAG_ANY);
/*
* FIXME: Map attributes from calling-station-Id, etc.
if (!vp) for (i = 0; i < VQP_MAX_ATTRIBUTES; i++) {
if (!contents[code][i]) break;
- vps[i] = pairfind(packet->vps, contents[code][i] | 0x2000, 0);
+ vps[i] = pairfind(packet->vps, contents[code][i] | 0x2000, 0, TAG_ANY);
/*
* FIXME: Print the name...
* Do the data storage before proxying. This is to ensure
* that we log the packet, even if the proxy never does.
*/
- vp = pairfind(request->config_items, PW_ACCT_TYPE, 0);
+ vp = pairfind(request->config_items, PW_ACCT_TYPE, 0, TAG_ANY);
if (vp) {
acct_type = vp->vp_integer;
DEBUG2(" Found Acct-Type %s",
* Maybe one of the preacct modules has decided
* that a proxy should be used.
*/
- if ((vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0))) {
+ if ((vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY))) {
REALM *realm;
/*
realm = realm_find2(vp->vp_strvalue);
if (realm && !realm->acct_pool) {
DEBUG("rad_accounting: Cancelling proxy to realm %s, as it is a LOCAL realm.", realm->name);
- pairdelete(&request->config_items, PW_PROXY_TO_REALM, 0, -1);
+ pairdelete(&request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY);
} else {
/*
* Don't reply to the NAS now because
int port = 0;
const char *tls = "";
- if ((cli = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) == NULL)
+ if ((cli = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) == NULL)
do_cli = 0;
- if ((pair = pairfind(request->packet->vps, PW_NAS_PORT, 0)) != NULL)
+ if ((pair = pairfind(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY)) != NULL)
port = pair->vp_integer;
if (request->packet->dst_port == 0) {
- if (pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0)) {
+ if (pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY)) {
tls = " via TLS tunnel";
} else {
tls = " via proxy to virtual server";
* Get the correct username based on the configured value
*/
if (log_stripped_names == 0) {
- username = pairfind(request->packet->vps, PW_USER_NAME, 0);
+ username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
} else {
username = request->username;
}
if (!request->password) {
VALUE_PAIR *auth_type;
- auth_type = pairfind(request->config_items,
- PW_AUTH_TYPE, 0);
+ auth_type = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY);
if (auth_type) {
snprintf(clean_password, sizeof(clean_password),
"<via Auth-Type = %s>",
} else {
strcpy(clean_password, "<no User-Password attribute>");
}
- } else if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0)) {
+ } else if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) {
strcpy(clean_password, "<CHAP-Password>");
} else {
fr_print_string((char *)request->password->vp_strvalue,
* PW_AUTHTYPE_REJECT.
*/
cur_config_item = request->config_items;
- while(((auth_type_pair = pairfind(cur_config_item, PW_AUTH_TYPE, 0))) != NULL) {
+ while(((auth_type_pair = pairfind(cur_config_item, PW_AUTH_TYPE, 0, TAG_ANY))) != NULL) {
auth_type = auth_type_pair->vp_integer;
auth_type_count++;
* been set, and complain if so.
*/
if (auth_type < 0) {
- if (pairfind(request->config_items, PW_CRYPT_PASSWORD, 0) != NULL) {
+ if (pairfind(request->config_items, PW_CRYPT_PASSWORD, 0, TAG_ANY) != NULL) {
RDEBUG2("WARNING: Please update your configuration, and remove 'Auth-Type = Crypt'");
RDEBUG2("WARNING: Use the PAP module instead.");
}
- else if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0) != NULL) {
+ else if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) != NULL) {
RDEBUG2("WARNING: Please update your configuration, and remove 'Auth-Type = Local'");
RDEBUG2("WARNING: Use the PAP or CHAP modules instead.");
}
/*
* Do post-authentication calls. ignoring the return code.
*/
- vp = pairfind(request->config_items, PW_POST_AUTH_TYPE, 0);
+ vp = pairfind(request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY);
if (vp) {
postauth_type = vp->vp_integer;
RDEBUG2("Using Post-Auth-Type %s",
* Look for, and cache, passwords.
*/
if (!request->password) {
- request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD, 0);
+ request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
}
/*
/*
* Maybe there's a CHAP-Password?
*/
- if ((auth_item = pairfind(request->packet->vps,
- PW_CHAP_PASSWORD, 0)) != NULL) {
+ if ((auth_item = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
password = "<CHAP-PASSWORD>";
} else {
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
- if ((module_msg = pairfind(request->packet->vps,
- PW_MODULE_FAILURE_MESSAGE, 0)) != NULL) {
+ if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL) {
char msg[MAX_STRING_LEN + 16];
snprintf(msg, sizeof(msg), "Invalid user (%s)",
module_msg->vp_strvalue);
return result;
}
if (!autz_retry) {
- tmp = pairfind(request->config_items, PW_AUTZ_TYPE, 0);
+ tmp = pairfind(request->config_items, PW_AUTZ_TYPE, 0, TAG_ANY);
if (tmp) {
autz_type = tmp->vp_integer;
RDEBUG2("Using Autz-Type %s",
#ifdef WITH_PROXY
(request->proxy == NULL) &&
#endif
- ((tmp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0)) != NULL)) {
+ ((tmp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY)) != NULL)) {
REALM *realm;
realm = realm_find2(tmp->vp_strvalue);
RDEBUG2("Failed to authenticate the user.");
request->reply->code = PW_AUTHENTICATION_REJECT;
- if ((module_msg = pairfind(request->packet->vps,PW_MODULE_FAILURE_MESSAGE, 0)) != NULL){
+ if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL){
char msg[MAX_STRING_LEN+19];
snprintf(msg, sizeof(msg), "Login incorrect (%s)",
#ifdef WITH_SESSION_MGMT
if (result >= 0 &&
- (check_item = pairfind(request->config_items, PW_SIMULTANEOUS_USE, 0)) != NULL) {
+ (check_item = pairfind(request->config_items, PW_SIMULTANEOUS_USE, 0, TAG_ANY)) != NULL) {
int r, session_type = 0;
char logstr[1024];
char umsg[MAX_STRING_LEN + 1];
const char *user_msg = NULL;
- tmp = pairfind(request->config_items, PW_SESSION_TYPE, 0);
+ tmp = pairfind(request->config_items, PW_SESSION_TYPE, 0, TAG_ANY);
if (tmp) {
session_type = tmp->vp_integer;
RDEBUG2("Using Session-Type %s",
/* Multilink attempt. Check if port-limit > simultaneous-use */
VALUE_PAIR *port_limit;
- if ((port_limit = pairfind(request->reply->vps, PW_PORT_LIMIT, 0)) != NULL &&
+ if ((port_limit = pairfind(request->reply->vps, PW_PORT_LIMIT, 0, TAG_ANY)) != NULL &&
port_limit->vp_integer > check_item->vp_integer){
RDEBUG2("MPP is OK");
mpp_ok = 1;
if (request->reply->code == 0)
request->reply->code = PW_AUTHENTICATION_ACK;
- if ((module_msg = pairfind(request->packet->vps,PW_MODULE_SUCCESS_MESSAGE, 0)) != NULL){
+ if ((module_msg = pairfind(request->packet->vps, PW_MODULE_SUCCESS_MESSAGE, 0, TAG_ANY)) != NULL){
char msg[MAX_STRING_LEN+12];
snprintf(msg, sizeof(msg), "Login OK (%s)",
result = rad_authenticate(request);
if (request->reply->code == PW_AUTHENTICATION_REJECT) {
- pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, -1);
+ pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY);
vp = radius_pairmake(request, &request->config_items,
"Post-Auth-Type", "Reject",
T_OP_SET);
return NULL;
}
- vp = pairfind(request->config_items, da->attr, da->vendor);
+ vp = pairfind(request->config_items, da->attr, da->vendor, TAG_ANY);
if (!vp) {
/*
* Not required. Skip it.
packet->src_ipaddr = data->client_ip;
}
- vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS, 0);
+ vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->src_ipaddr.af = AF_INET;
packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
} else {
- vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS, 0);
+ vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->src_ipaddr.af = AF_INET6;
memcpy(&packet->src_ipaddr.ipaddr.ip6addr,
}
}
- vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS, 0);
+ vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->dst_ipaddr.af = AF_INET;
packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
} else {
- vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS, 0);
+ vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY);
if (vp) {
packet->dst_ipaddr.af = AF_INET6;
memcpy(&packet->dst_ipaddr.ipaddr.ip6addr,
* "Timestamp" field is when we wrote the packet to the
* detail file, which could have been much later.
*/
- vp = pairfind(packet->vps, PW_EVENT_TIMESTAMP, 0);
+ vp = pairfind(packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
if (vp) {
data->timestamp = vp->vp_integer;
}
* Look for Acct-Delay-Time, and update
* based on Acct-Delay-Time += (time(NULL) - timestamp)
*/
- vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME, 0);
+ vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (!vp) {
vp = paircreate(PW_ACCT_DELAY_TIME, 0, PW_TYPE_INTEGER);
rad_assert(vp != NULL);
/*
* Set the transmission count.
*/
- vp = pairfind(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0);
+ vp = pairfind(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0, TAG_ANY);
if (!vp) {
vp = paircreate(PW_PACKET_TRANSMIT_COUNTER, 0, PW_TYPE_INTEGER);
rad_assert(vp != NULL);
/*
* It's invalid to have giaddr=0 AND a relay option
*/
- vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR); /* DHCP-Gateway-IP-Address */
+ vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
if ((vp && (vp->vp_ipaddr == htonl(INADDR_ANY))) &&
- pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR)) { /* DHCP-Relay-Agent-Information */
+ pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR, TAG_ANY)) { /* DHCP-Relay-Agent-Information */
DEBUG("DHCP: Received packet with giaddr = 0 and containing relay option: Discarding packet\n");
return 1;
}
*
* Drop requests if hop-count > 16 or admin specified another value
*/
- if ((vp = pairfind(request->config_items, 271, DHCP_MAGIC_VENDOR))) { /* DHCP-Relay-Max-Hop-Count */
+ if ((vp = pairfind(request->config_items, 271, DHCP_MAGIC_VENDOR, TAG_ANY))) { /* DHCP-Relay-Max-Hop-Count */
maxhops = vp->vp_integer;
}
- vp = pairfind(request->packet->vps, 259, DHCP_MAGIC_VENDOR); /* DHCP-Hop-Count */
+ vp = pairfind(request->packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Hop-Count */
rad_assert(vp != NULL);
if (vp->vp_integer > maxhops) {
DEBUG("DHCP: Number of hops is greater than %d: not relaying\n", maxhops);
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = sock->ipaddr.ipaddr.ip4addr.s_addr;
request->packet->src_port = sock->port;
- vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR); /* DHCP-Relay-To-IP-Address */
+ vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Relay-To-IP-Address */
rad_assert(vp != NULL);
/* set DEST ipaddr/port to the next server ipaddr/port */
* Check that packet is for us by looking at the
* DHCP-Gateway-IP-Address.
*/
- vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR);
+ vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY);
rad_assert(vp != NULL);
/* --with-udpfromto is needed just for the following test */
request->packet->dst_port = request->packet->dst_port + 1; /* Port 68 */
if ((request->packet->code == PW_DHCP_NAK) ||
- ((vp = pairfind(request->packet->vps, 262, DHCP_MAGIC_VENDOR)) /* DHCP-Flags */ &&
+ ((vp = pairfind(request->packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Flags */ &&
(vp->vp_integer & 0x8000) &&
- ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR)) /* DHCP-Client-IP-Address */ &&
+ ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ &&
(vp->vp_ipaddr == htonl(INADDR_ANY))))) {
/*
* RFC 2131, page 23
* - ciaddr if present
* otherwise to yiaddr
*/
- if ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR)) /* DHCP-Client-IP-Address */ &&
+ if ((vp = pairfind(request->packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY)) /* DHCP-Client-IP-Address */ &&
(vp->vp_ipaddr != htonl(INADDR_ANY))) {
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
} else {
- vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR); /* DHCP-Your-IP-Address */
+ vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Your-IP-Address */
rad_assert(vp != NULL);
request->packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
* the client was requesting an IP address.
*/
if (request->packet->code == PW_DHCP_OFFER) {
- VALUE_PAIR *hwvp = pairfind(request->packet->vps, 267, DHCP_MAGIC_VENDOR); /* DHCP-Client-Hardware-Address */
+ VALUE_PAIR *hwvp = pairfind(request->packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Client-Hardware-Address */
if (hwvp == NULL) {
DEBUG("DHCP: DHCP_OFFER packet received with "
"no Client Hardware Address. Discarding packet");
int rcode;
VALUE_PAIR *vp;
- vp = pairfind(request->packet->vps, 53, DHCP_MAGIC_VENDOR); /* DHCP-Message-Type */
+ vp = pairfind(request->packet->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
DICT_VALUE *dv = dict_valbyattr(53, DHCP_MAGIC_VENDOR, vp->vp_integer);
DEBUG("Trying sub-section dhcp %s {...}",
*/
vp = NULL;
if (request->packet->data[0] == 1) {
- vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR);
+ vp = pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR, TAG_ANY);
}
if (vp) {
VALUE_PAIR *giaddr;
*
* It's invalid to have giaddr=0 AND a relay option
*/
- giaddr = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR);
+ giaddr = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY);
if (giaddr && (giaddr->vp_ipaddr == htonl(INADDR_ANY))) {
- if (pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR)) {
+ if (pairfind(request->packet->vps, 82, DHCP_MAGIC_VENDOR, TAG_ANY)) {
RDEBUG("DHCP: Received packet with giaddr = 0 and containing relay option: Discarding packet");
return 1;
}
/*
* Hop count goes up.
*/
- vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR);
+ vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) vp->vp_integer++;
return 1;
* server. So we must be the destination of the
* giaddr field.
*/
- pairdelete(&request->packet->vps, 266, DHCP_MAGIC_VENDOR, -1);
+ pairdelete(&request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY);
/*
* Search for client IP address.
*/
- vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR);
+ vp = pairfind(request->packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY);
if (!vp) {
request->reply->code = 0;
RDEBUG("DHCP: No YIAddr in the reply. Discarding packet");
/*
* Hop count goes down.
*/
- vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR);
+ vp = pairfind(request->reply->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp && (vp->vp_integer > 0)) vp->vp_integer--;
/*
return 1;
}
- vp = pairfind(request->reply->vps, 53, DHCP_MAGIC_VENDOR); /* DHCP-Message-Type */
+ vp = pairfind(request->reply->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
request->reply->code = vp->vp_integer;
if ((request->reply->code != 0) &&
return 0;
}
- vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0);
+ vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0, TAG_ANY);
if (!vp) return 0;
if (!home_pool_byname(vp->vp_strvalue, HOME_TYPE_COA)) {
* with Service-Type = Authorize-Only, it MUST
* have a State attribute in it.
*/
- vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0);
+ vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY);
if (request->packet->code == PW_COA_REQUEST) {
if (vp && (vp->vp_integer == 17)) {
- vp = pairfind(request->packet->vps, PW_STATE, 0);
+ vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (!vp || (vp->length == 0)) {
RDEBUG("ERROR: CoA-Request with Service-Type = Authorize-Only MUST contain a State attribute");
request->reply->code = PW_COA_NAK;
* Copy State from the request to the reply.
* See RFC 5176 Section 3.3.
*/
- vp = paircopy2(request->packet->vps, PW_STATE, 0, -1);
+ vp = paircopy2(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (vp) pairadd(&request->reply->vps, vp);
/*
if (myresult == MOD_ACTION_RETURN) {
break;
}
- vp = pairfind(vp->next,
- vp->attribute,
- vp->vendor);
+ vp = pairfind(vp->next, vp->attribute, vp->vendor, TAG_ANY);
/*
* Delete the cached attribute,
* process it.
*/
if (request->packet->dst_port == 0) {
- request->username = pairfind(request->packet->vps,
- PW_USER_NAME, 0);
- request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD, 0);
+ request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
return 1;
}
}
if (!request->username) {
- request->username = pairfind(request->packet->vps,
- PW_USER_NAME, 0);
+ request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
}
#ifdef WITH_PROXY
* Override the response code if a
* control:Response-Packet-Type attribute is present.
*/
- vp = pairfind(request->config_items, PW_RESPONSE_PACKET_TYPE, 0);
+ vp = pairfind(request->config_items, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
if (vp) {
if (vp->vp_integer == 256) {
RDEBUG2("Not responding to request");
request->reply->code = vp->vp_integer;
}
} else if (request->reply->code == 0) {
- vp = pairfind(request->config_items, PW_AUTH_TYPE, 0);
+ vp = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY);
if (!vp || (vp->vp_integer != PW_AUTHENTICATION_REJECT)) {
RDEBUG2("There was no response configured: "
/*
* Copy Proxy-State from the request to the reply.
*/
- vp = paircopy2(request->packet->vps, PW_PROXY_STATE, 0, -1);
+ vp = paircopy2(request->packet->vps, PW_PROXY_STATE, 0, TAG_ANY);
if (vp) pairadd(&request->reply->vps, vp);
/*
* Post-Auth-Type = Reject
*/
if (request->reply->code == PW_AUTHENTICATION_REJECT) {
- pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, -1);
+ pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY);
vp = radius_pairmake(request, &request->config_items,
"Post-Auth-Type", "Reject",
T_OP_SET);
* Run the packet through the post-proxy stage,
* BEFORE playing games with the attributes.
*/
- vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0);
+ vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0, TAG_ANY);
/*
* If we have a proxy_reply, and it was a reject, setup
* the reply. These include Proxy-State
* attributes from us and remote server.
*/
- pairdelete(&request->proxy_reply->vps, PW_PROXY_STATE, 0, -1);
+ pairdelete(&request->proxy_reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
/*
* Add the attributes left in the proxy
if (!dval) {
DEBUG("No Post-Proxy-Type Fail: ignoring");
- pairdelete(&request->config_items, PW_POST_PROXY_TYPE, 0, -1);
+ pairdelete(&request->config_items, PW_POST_PROXY_TYPE, 0, TAG_ANY);
request_cleanup_delay_init(request, NULL);
return 0;
}
- vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0);
+ vp = pairfind(request->config_items, PW_POST_PROXY_TYPE, 0, TAG_ANY);
if (!vp) vp = radius_paircreate(request, &request->config_items,
PW_POST_PROXY_TYPE, 0, PW_TYPE_INTEGER);
vp->vp_integer = dval->value;
*/
if (request->reply->code != 0) return 0;
- vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0);
+ vp = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (vp) {
realm = realm_find2(vp->vp_strvalue);
if (!realm) {
} else {
int pool_type;
- vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0);
+ vp = pairfind(request->config_items, PW_HOME_SERVER_POOL, 0, TAG_ANY);
if (!vp) return 0;
switch (request->packet->code) {
* requests.
*/
if (realm && (realm->striprealm == TRUE) &&
- (strippedname = pairfind(request->proxy->vps, PW_STRIPPED_USER_NAME, 0)) != NULL) {
+ (strippedname = pairfind(request->proxy->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY)) != NULL) {
/*
* If there's a Stripped-User-Name attribute in
* the request, then use THAT as the User-Name
* from the vps list, and making the new
* User-Name the head of the vps list.
*/
- vp = pairfind(request->proxy->vps, PW_USER_NAME, 0);
+ vp = pairfind(request->proxy->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, NULL,
PW_USER_NAME, 0, PW_TYPE_STRING);
* anymore - we changed it.
*/
if ((request->packet->code == PW_AUTHENTICATION_REQUEST) &&
- pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0) &&
- pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0) == NULL) {
+ pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
+ pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
vp = radius_paircreate(request, &request->proxy->vps,
PW_CHAP_CHALLENGE, 0, PW_TYPE_OCTETS);
memcpy(vp->vp_strvalue, request->packet->vector,
/*
* Call the pre-proxy routines.
*/
- vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0);
+ vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
if (vp) {
RDEBUG2(" Found Pre-Proxy-Type %s", vp->vp_strvalue);
pre_proxy_type = vp->vp_integer;
if (request->packet->code == PW_ACCOUNTING_REQUEST) {
VALUE_PAIR *vp;
- vp = pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0);
+ vp = pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (!vp) vp = radius_paircreate(request,
&request->proxy->vps,
PW_ACCT_DELAY_TIME, 0,
* get a new ID.
*/
if ((request->packet->code == PW_ACCOUNTING_REQUEST) &&
- pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0)) {
+ pairfind(request->proxy->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY)) {
request_proxy_anew(request);
return;
}
/*
* Check whether we want to originate one, or cancel one.
*/
- vp = pairfind(request->config_items, PW_SEND_COA_REQUEST, 0);
+ vp = pairfind(request->config_items, PW_SEND_COA_REQUEST, 0, TAG_ANY);
if (!vp) {
- vp = pairfind(request->coa->proxy->vps, PW_SEND_COA_REQUEST, 0);
+ vp = pairfind(request->coa->proxy->vps, PW_SEND_COA_REQUEST, 0, TAG_ANY);
}
if (vp) {
* src_ipaddr will be set up in proxy_encode.
*/
memset(&ipaddr, 0, sizeof(ipaddr));
- vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IP_ADDRESS, 0);
+ vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
ipaddr.af = AF_INET;
ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
- } else if ((vp = pairfind(coa->proxy->vps,
- PW_PACKET_DST_IPV6_ADDRESS, 0)) != NULL) {
+ } else if ((vp = pairfind(coa->proxy->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY)) != NULL) {
ipaddr.af = AF_INET6;
ipaddr.ipaddr.ip6addr = vp->vp_ipv6addr;
- } else if ((vp = pairfind(coa->proxy->vps,
- PW_HOME_SERVER_POOL, 0)) != NULL) {
+ } else if ((vp = pairfind(coa->proxy->vps, PW_HOME_SERVER_POOL, 0, TAG_ANY)) != NULL) {
coa->home_pool = home_pool_byname(vp->vp_strvalue,
HOME_TYPE_COA);
if (!coa->home_pool) {
} else if (!coa->home_server) {
int port = PW_COA_UDP_PORT;
- vp = pairfind(coa->proxy->vps, PW_PACKET_DST_PORT, 0);
+ vp = pairfind(coa->proxy->vps, PW_PACKET_DST_PORT, 0, TAG_ANY);
if (vp) port = vp->vp_integer;
coa->home_server = home_server_find(&ipaddr, port, IPPROTO_UDP);
}
}
- vp = pairfind(coa->proxy->vps, PW_PACKET_TYPE, 0);
+ vp = pairfind(coa->proxy->vps, PW_PACKET_TYPE, 0, TAG_ANY);
if (vp) {
switch (vp->vp_integer) {
case PW_COA_REQUEST:
/*
* Call the pre-proxy routines.
*/
- vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0);
+ vp = pairfind(request->config_items, PW_PRE_PROXY_TYPE, 0, TAG_ANY);
if (vp) {
RDEBUG2(" Found Pre-Proxy-Type %s", vp->vp_strvalue);
pre_proxy_type = vp->vp_integer;
/*
* Keep a copy of the the User-Password attribute.
*/
- if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0)) != NULL) {
+ if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
- } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
+ } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
- } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0)) != NULL) {
+ } else if ((vp = pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(radclient->password, vp->vp_strvalue,
sizeof(radclient->password));
} else {
if (radclient->password[0] != '\0') {
VALUE_PAIR *vp;
- if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0)) != NULL) {
+ if ((vp = pairfind(radclient->request->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(vp->vp_strvalue, radclient->password,
sizeof(vp->vp_strvalue));
vp->length = strlen(vp->vp_strvalue);
- } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
+ } else if ((vp = pairfind(radclient->request->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
int already_hex = 0;
/*
fr_rand() & 0xff, vp);
vp->length = 17;
}
- } else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0) != NULL) {
+ } else if (pairfind(radclient->request->vps, PW_MSCHAP_PASSWORD, 0, TAG_ANY) != NULL) {
mschapv1_encode(&radclient->request->vps,
radclient->password);
} else if (fr_debug_flag) {
*/
if (home->message_authenticator &&
(request->packet->code == PW_AUTHENTICATION_REQUEST) &&
- !pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0)) {
+ !pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY)) {
radius_pairmake(request, &request->proxy->vps,
"Message-Authenticator", "0x00",
T_OP_SET);
break;
case HOME_POOL_KEYED_BALANCE:
- if ((vp = pairfind(request->config_items, PW_LOAD_BALANCE_KEY, 0)) != NULL) {
+ if ((vp = pairfind(request->config_items, PW_LOAD_BALANCE_KEY, 0, TAG_ANY)) != NULL) {
hash = fr_hash(vp->vp_strvalue, vp->length);
start = hash % pool->num_home_servers;
break;
rad_assert(request->packet->code == PW_STATUS_SERVER);
rad_assert(request->listener->type == RAD_LISTEN_NONE);
- flag = pairfind(request->packet->vps, 127, VENDORPEC_FREERADIUS);
+ flag = pairfind(request->packet->vps, 127, VENDORPEC_FREERADIUS, TAG_ANY);
if (!flag || (flag->vp_integer == 0)) return;
/*
* See if we need to look up the client by server
* socket.
*/
- server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS);
+ server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
if (server_ip) {
- server_port = pairfind(request->packet->vps,
- 171, VENDORPEC_FREERADIUS);
+ server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
if (server_port) {
ipaddr.af = AF_INET;
}
- vp = pairfind(request->packet->vps, 167, VENDORPEC_FREERADIUS);
+ vp = pairfind(request->packet->vps, 167, VENDORPEC_FREERADIUS, TAG_ANY);
if (vp) {
ipaddr.af = AF_INET;
ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
/*
* Else look it up by number.
*/
- } else if ((vp = pairfind(request->packet->vps,
- 168, VENDORPEC_FREERADIUS)) != NULL) {
+ } else if ((vp = pairfind(request->packet->vps, 168, VENDORPEC_FREERADIUS, TAG_ANY)) != NULL) {
client = client_findbynumber(cl, vp->vp_integer);
}
* See if we need to look up the server by socket
* socket.
*/
- server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS);
+ server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_ip) return;
- server_port = pairfind(request->packet->vps,
- 171, VENDORPEC_FREERADIUS);
+ server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_port) return;
ipaddr.af = AF_INET;
* See if we need to look up the server by socket
* socket.
*/
- server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS);
+ server_ip = pairfind(request->packet->vps, 170, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_ip) return;
- server_port = pairfind(request->packet->vps,
- 171, VENDORPEC_FREERADIUS);
+ server_port = pairfind(request->packet->vps, 171, VENDORPEC_FREERADIUS, TAG_ANY);
if (!server_port) return;
ipaddr.af = AF_INET;
* just too much.
*/
state->offset = conf->fragment_size;
- vp = pairfind(request->packet->vps, PW_FRAMED_MTU, 0);
+ vp = pairfind(request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY);
if (vp && (vp->vp_integer > 100) && (vp->vp_integer < state->offset)) {
state->offset = vp->vp_integer;
}
* user.
*/
if ((!ssn->allow_session_resumption) ||
- (((vp = pairfind(request->config_items, 1127, 0)) != NULL) &&
+ (((vp = pairfind(request->config_items, 1127, 0, TAG_ANY)) != NULL) &&
(vp->vp_integer == 0))) {
SSL_CTX_remove_session(ssn->ctx,
ssn->ssl->session);
fr_bin2hex(ssn->ssl->session->session_id, buffer, size);
- vp = paircopy2(request->reply->vps, PW_USER_NAME, 0, -1);
+ vp = paircopy2(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
if (vp) pairadd(&vps, vp);
- vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0, -1);
+ vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
if (vp) pairadd(&vps, vp);
- vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0, -1);
+ vp = paircopy2(request->reply->vps, PW_CACHED_SESSION_POLICY, 0, TAG_ANY);
if (vp) pairadd(&vps, vp);
certs = (VALUE_PAIR **)SSL_get_ex_data(ssn->ssl, FR_TLS_EX_INDEX_CERTS);
DEBUG("WARNING: Are you sure you don't mean Cleartext-Password?");
DEBUG("WARNING: See \"man rlm_pap\" for more information.");
}
- if (pairfind(request, PW_USER_PASSWORD, 0) == NULL) {
+ if (pairfind(request, PW_USER_PASSWORD, 0, TAG_ANY) == NULL) {
continue;
}
break;
pairparsevalue(i, buffer);
}
- found = pairfind(*to, i->attribute, i->vendor);
+ found = pairfind(*to, i->attribute, i->vendor, TAG_ANY);
switch (i->operator) {
/*
/*
* May not may not be found, but it *is* a known name.
*/
- *vp_p = pairfind(*vps, vpt.da->attr, vpt.da->vendor);
+ *vp_p = pairfind(*vps, vpt.da->attr, vpt.da->vendor, TAG_ANY);
return 0;
}
return strlen(out);
}
-static VALUE_PAIR *pairfind_tag(VALUE_PAIR *vps, const DICT_ATTR *da, int tag)
-{
- VALUE_PAIR *vp = vps;
-
-redo:
- vp = pairfind(vp, da->attr, da->vendor);
- if (!tag) return vp;
-
- if (!vp) return NULL;
-
- if (!vp->flags.has_tag) return NULL;
-
- if (vp->flags.tag == tag) return vp;
-
- vp = vp->next;
- goto redo;
-}
-
/*
* Dynamically translate for check:, request:, reply:, etc.
*/
* No array, print the tagged attribute.
*/
if (!do_array) {
- vp = pairfind_tag(vps, da, tag);
+ vp = pairfind(vps, da->attr, da->vendor, tag);
goto just_print;
}
* Array[#] - return the total
*/
if (do_count) {
- for (vp = pairfind_tag(vps, da, tag);
+ for (vp = pairfind(vps, da->attr, da->vendor, tag);
vp != NULL;
- vp = pairfind_tag(vp->next, da, tag)) {
+ vp = pairfind(vp->next, da->attr, da->vendor, tag)) {
total++;
}
* the attributes, separated by a newline.
*/
if (do_all) {
- for (vp = pairfind_tag(vps, da, tag);
+ for (vp = pairfind(vps, da->attr, da->vendor, tag);
vp != NULL;
- vp = pairfind_tag(vp->next, da, tag)) {
+ vp = pairfind(vp->next, da->attr, da->vendor, tag)) {
count = valuepair2str(out, outlen - 1, vp, da->type);
rad_assert(count <= outlen);
total += count + 1;
/*
* Find the N'th value.
*/
- for (vp = pairfind_tag(vps, da, tag);
+ for (vp = pairfind(vps, da->attr, da->vendor, tag);
vp != NULL;
- vp = pairfind_tag(vp->next, da, tag)) {
+ vp = pairfind(vp->next, da->attr, da->vendor, tag)) {
if (total == count) break;
total++;
if (total > count) {
return valuepair2str(out, outlen, vp, da->type);
}
- vp = pairfind(vps, da->attr, da->vendor);
+ vp = pairfind(vps, da->attr, da->vendor, TAG_ANY);
if (!vp) {
/*
* Some "magic" handlers, which are never in VP's, but
inst = (rlm_acctlog_t*) instance;
- if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) {
+ if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) {
acctstatustype = pair->vp_integer;
} else {
radius_xlat(logstr, sizeof(logstr), "packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL, NULL);
if (!inst->key) {
VALUE_PAIR *namepair;
- namepair = pairfind(request->packet->vps, PW_REALM, 0);
+ namepair = pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY);
if (!namepair) {
return (RLM_MODULE_NOOP);
}
*input = output;
if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
- request->username = pairfind(request->packet->vps,
- PW_STRIPPED_USER_NAME, 0);
+ request->username = pairfind(request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
if (!request->username)
- request->username = pairfind(request->packet->vps,
- PW_USER_NAME, 0);
- request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD, 0);
+ request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
}
return RLM_MODULE_UPDATED;
char search_STR[MAX_STRING_LEN];
char replace_STR[MAX_STRING_LEN];
- if ((attr_vp = pairfind(request->config_items, PW_REWRITE_RULE, 0)) != NULL){
+ if ((attr_vp = pairfind(request->config_items, PW_REWRITE_RULE, 0, TAG_ANY)) != NULL){
if (data->name == NULL || strcmp(data->name,attr_vp->vp_strvalue))
return RLM_MODULE_NOOP;
}
default:
radlog(L_ERR, "%s: Illegal value for searchin. Changing to packet.", data->name);
data->searchin = RLM_REGEX_INPACKET;
- attr_vp = pairfind(request->packet->vps, data->da->attr, data->da->vendor);
+ attr_vp = pairfind(request->packet->vps, data->da->attr, data->da->vendor, TAG_ANY);
break;
}
do_again:
if (tmp != NULL)
- attr_vp = pairfind(tmp, data->da->attr, data->da->vendor);
+ attr_vp = pairfind(tmp, data->da->attr, data->da->vendor, TAG_ANY);
if (attr_vp == NULL) {
DEBUG2("%s: Could not find value pair for attribute %s", data->name,data->attribute);
return ret;
* Update the expiry time based on the TTL.
* A TTL of 0 means "delete from the cache".
*/
- vp = pairfind(request->config_items, PW_CACHE_TTL, 0);
+ vp = pairfind(request->config_items, PW_CACHE_TTL, 0, TAG_ANY);
if (vp) {
if (vp->vp_integer == 0) goto delete;
/*
* TTL of 0 means "don't cache this entry"
*/
- vp = pairfind(request->config_items, PW_CACHE_TTL, 0);
+ vp = pairfind(request->config_items, PW_CACHE_TTL, 0, TAG_ANY);
if (vp && (vp->vp_integer == 0)) return NULL;
c = rad_malloc(sizeof(*c));
goto done;
}
- vp = pairfind(vps, target->attr, target->vendor);
+ vp = pairfind(vps, target->attr, target->vendor, TAG_ANY);
if (!vp) {
RDEBUG("No instance of this attribute has been cached");
goto done;
/*
* If yes, only return whether we found a valid cache entry
*/
- vp = pairfind(request->config_items, PW_CACHE_STATUS_ONLY, 0);
+ vp = pairfind(request->config_items, PW_CACHE_STATUS_ONLY, 0, TAG_ANY);
if (vp && vp->vp_integer) {
rcode = c ? RLM_MODULE_OK:
RLM_MODULE_NOTFOUND;
instance = instance;
request = request;
- if (!pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0)) {
+ if (!pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) {
return RLM_MODULE_NOOP;
}
- if (pairfind(request->config_items, PW_AUTHTYPE, 0) != NULL) {
+ if (pairfind(request->config_items, PW_AUTHTYPE, 0, TAG_ANY) != NULL) {
RDEBUG2("WARNING: Auth-Type already set. Not setting to CHAP");
return RLM_MODULE_NOOP;
}
return RLM_MODULE_INVALID;
}
- chap = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0);
+ chap = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
if (!chap) {
RDEBUG("ERROR: You set 'Auth-Type = CHAP' for a request that does not contain a CHAP-Password attribute!");
return RLM_MODULE_INVALID;
RDEBUG("login attempt by \"%s\" with CHAP password",
request->username->vp_strvalue);
- if ((passwd_item = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0)) == NULL){
- if ((passwd_item = pairfind(request->config_items, PW_USER_PASSWORD, 0)) != NULL){
+ if ((passwd_item = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) == NULL){
+ if ((passwd_item = pairfind(request->config_items, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL){
RDEBUG("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
RDEBUG("!!! Please update your configuration so that the \"known !!!");
RDEBUG("!!! good\" clear text password is in Cleartext-Password, !!!");
* Look for the check item
*/
- if (!(item_vp = pairfind(request->packet->vps, data->item_attr->attr, data->item_attr->vendor))){
+ if (!(item_vp = pairfind(request->packet->vps, data->item_attr->attr, data->item_attr->vendor, TAG_ANY))){
DEBUG2("rlm_checkval: Could not find item named %s in request", data->item_name);
if (data->notfound_reject)
ret = RLM_MODULE_REJECT;
DEBUG2("rlm_checkval: Item Name: %s, Value: %s",data->item_name, item_vp->vp_strvalue);
tmp = request->config_items;
do{
- if (!(chk_vp = pairfind(tmp, data->chk_attr->attr, data->chk_attr->vendor))){
+ if (!(chk_vp = pairfind(tmp, data->chk_attr->attr, data->chk_attr->vendor, TAG_ANY))){
if (!found){
DEBUG2("rlm_checkval: Could not find attribute named %s in check pairs",data->check_name);
ret = RLM_MODULE_NOTFOUND;
/*
* Find the key attribute.
*/
- key_vp = pairfind(request, inst->key_attr, 0);
+ key_vp = pairfind(request, inst->key_attr, 0, TAG_ANY);
if (key_vp == NULL) {
return RLM_MODULE_NOOP;
}
int acctstatustype = 0;
time_t diff;
- if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL)
+ if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL)
acctstatustype = key_vp->vp_integer;
else {
DEBUG("rlm_counter: Could not find account status type in packet.");
DEBUG("rlm_counter: We only run on Accounting-Stop packets.");
return RLM_MODULE_NOOP;
}
- uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0);
+ uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
if (uniqueid_vp != NULL)
DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue);
* Check if we need to watch out for a specific service-type. If yes then check it
*/
if (inst->service_type != NULL) {
- if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0)) == NULL){
+ if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY)) == NULL){
DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP.");
return RLM_MODULE_NOOP;
}
* Check if request->timestamp - {Acct-Delay-Time} < last_reset
* If yes reject the packet since it is very old
*/
- key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0);
+ key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (key_vp != NULL){
if (key_vp->vp_integer != 0 &&
(request->timestamp - key_vp->vp_integer) < inst->last_reset){
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
- key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0);
+ key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0, TAG_ANY);
if (key_vp == NULL){
DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP.");
return RLM_MODULE_NOOP;
/*
* Look for the attribute to use as a counter.
*/
- count_vp = pairfind(request->packet->vps, inst->count_attr, 0);
+ count_vp = pairfind(request->packet->vps, inst->count_attr, 0, TAG_ANY);
if (count_vp == NULL){
DEBUG("rlm_counter: Could not find the count-attribute in the request.");
return RLM_MODULE_NOOP;
* The REAL username, after stripping.
*/
DEBUG2("rlm_counter: Entering module authorize code");
- key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0);
+ key_vp = (inst->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, inst->key_attr, 0, TAG_ANY);
if (key_vp == NULL) {
DEBUG2("rlm_counter: Could not find Key value pair");
return ret;
/*
* Look for the check item
*/
- if ((check_vp= pairfind(request->config_items, inst->check_attr, 0)) == NULL) {
+ if ((check_vp= pairfind(request->config_items, inst->check_attr, 0, TAG_ANY)) == NULL) {
DEBUG2("rlm_counter: Could not find Check item value pair");
return ret;
}
res += check_vp->vp_integer;
}
- reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0);
+ reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (reply_item && (reply_item->vp_integer > res)) {
reply_item->vp_integer = res;
} else {
}
}
else if (inst->reply_attr) {
- reply_item = pairfind(request->reply->vps, inst->reply_attr, 0);
+ reply_item = pairfind(request->reply->vps, inst->reply_attr, 0, TAG_ANY);
if (reply_item && (reply_item->vp_integer > res)) {
reply_item->vp_integer = res;
} else {
VALUE_PAIR *authtype, *challenge, *response, *password;
uint8_t buffer[64];
- password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0);
+ password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if(!password) {
radlog(L_AUTH, "rlm_cram: Cleartext-Password is required for authentication.");
return RLM_MODULE_INVALID;
}
- authtype = pairfind(request->packet->vps, SM_AUTHTYPE, VENDORPEC_SM);
+ authtype = pairfind(request->packet->vps, SM_AUTHTYPE, VENDORPEC_SM, TAG_ANY);
if(!authtype) {
radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Authtype missed");
return RLM_MODULE_INVALID;
}
- challenge = pairfind(request->packet->vps, SM_CHALLENGE, VENDORPEC_SM);
+ challenge = pairfind(request->packet->vps, SM_CHALLENGE, VENDORPEC_SM, TAG_ANY);
if(!challenge) {
radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Challenge missed");
return RLM_MODULE_INVALID;
}
- response = pairfind(request->packet->vps, SM_RESPONSE, VENDORPEC_SM);
+ response = pairfind(request->packet->vps, SM_RESPONSE, VENDORPEC_SM, TAG_ANY);
if(!response) {
radlog(L_AUTH, "rlm_cram: Required attribute Sandy-Mail-Response missed");
return RLM_MODULE_INVALID;
static int isfallthrough(VALUE_PAIR *vp) {
VALUE_PAIR * tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0);
+ tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp -> vp_integer : 1; /* if no FALL_THROUGH - keep looking */
}
/* look for join-attribute */
DEBUG2("rlm_dbm: Reply found");
join_attr = vp;
- while( (join_attr = pairfind(join_attr,SM_JOIN_ATTR, 0) ) != NULL ) {
+ while( (join_attr = pairfind(join_attr, SM_JOIN_ATTR, 0, TAG_ANY) ) != NULL ) {
DEBUG2("rlm_dbm: Proccess nested record: username %s",
(char *)join_attr->vp_strvalue);
/* res = RLM_MODULE_NOTFOUND; */
}
join_attr = join_attr -> next;
}
- pairdelete(&vp,SM_JOIN_ATTR, 0, -1);
+ pairdelete(&vp,SM_JOIN_ATTR, 0, TAG_ANY);
if ( parse_state != SMP_ERROR ) {
if ( ! isfallthrough(vp) ) {
continue_search = 0;
/*
* We need both of these attributes to do the authentication.
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY);
if (vp == NULL) {
return RLM_MODULE_NOOP;
}
/*
* We need these, too.
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
if (vp == NULL) {
return RLM_MODULE_NOOP;
}
/*
* Find the next one, if it exists.
*/
- vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0);
+ vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
}
/*
* Convert them to something sane.
*/
RDEBUG("Digest-Attributes look OK. Converting them to something more usful.");
- vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
while (vp) {
int length = vp->length;
int attrlen;
/*
* Find the next one, if it exists.
*/
- vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0);
+ vp = pairfind(vp->next, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
}
return RLM_MODULE_OK;
if (rcode != RLM_MODULE_OK) return rcode;
- if (pairfind(request->config_items, PW_AUTHTYPE, 0)) {
+ if (pairfind(request->config_items, PW_AUTHTYPE, 0, TAG_ANY)) {
RDEBUG2("WARNING: Auth-Type already set. Not setting to DIGEST");
return RLM_MODULE_NOOP;
}
* We require access to the plain-text password, or to the
* Digest-HA1 parameter.
*/
- passwd = pairfind(request->config_items, PW_DIGEST_HA1, 0);
+ passwd = pairfind(request->config_items, PW_DIGEST_HA1, 0, TAG_ANY);
if (passwd) {
if (passwd->length != 32) {
radlog_request(L_AUTH, 0, request, "Digest-HA1 has invalid length, authentication failed.");
return RLM_MODULE_INVALID;
}
} else {
- passwd = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0);
+ passwd = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
}
if (!passwd) {
radlog_request(L_AUTH, 0, request, "Cleartext-Password or Digest-HA1 is required for authentication.");
/*
* We need these, too.
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_ATTRIBUTES, 0, TAG_ANY);
if (vp == NULL) {
error:
RDEBUG("ERROR: You set 'Auth-Type = Digest' for a request that does not contain any digest attributes!");
* "authorize" section. In that case, try to decode the
* attributes here.
*/
- if (!pairfind(request->packet->vps, PW_DIGEST_NONCE, 0)) {
+ if (!pairfind(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY)) {
int rcode;
rcode = digest_fix(request);
/*
* We require access to the Digest-Nonce-Value
*/
- nonce = pairfind(request->packet->vps, PW_DIGEST_NONCE, 0);
+ nonce = pairfind(request->packet->vps, PW_DIGEST_NONCE, 0, TAG_ANY);
if (!nonce) {
RDEBUG("ERROR: No Digest-Nonce: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* A1 = Digest-User-Name ":" Realm ":" Password
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_USER_NAME, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_USER_NAME, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-User-Name: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
a1[a1_len] = ':';
a1_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_REALM, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_REALM, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-Realm: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
* See which variant we calculate.
* Assume MD5 if no Digest-Algorithm attribute received
*/
- algo = pairfind(request->packet->vps, PW_DIGEST_ALGORITHM, 0);
+ algo = pairfind(request->packet->vps, PW_DIGEST_ALGORITHM, 0, TAG_ANY);
if ((algo == NULL) ||
(strcasecmp(algo->vp_strvalue, "MD5") == 0)) {
/*
a1[a1_len] = ':';
a1_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-CNonce: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* A2 = Digest-Method ":" Digest-URI
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_METHOD, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_METHOD, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-Method: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
a2[a2_len] = ':';
a2_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_URI, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_URI, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-URI: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* QOP is "auth-int", tack on ": Digest-Body-Digest"
*/
- qop = pairfind(request->packet->vps, PW_DIGEST_QOP, 0);
+ qop = pairfind(request->packet->vps, PW_DIGEST_QOP, 0, TAG_ANY);
if ((qop != NULL) &&
(strcasecmp(qop->vp_strvalue, "auth-int") == 0)) {
VALUE_PAIR *body;
/*
* Must be a hex representation of an MD5 digest.
*/
- body = pairfind(request->packet->vps, PW_DIGEST_BODY_DIGEST, 0);
+ body = pairfind(request->packet->vps, PW_DIGEST_BODY_DIGEST, 0, TAG_ANY);
if (!body) {
RDEBUG("ERROR: No Digest-Body-Digest: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
kd[kd_len] = ':';
kd_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_NONCE_COUNT, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_NONCE_COUNT, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-Nonce-Count: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
kd[kd_len] = ':';
kd_len++;
- vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_CNONCE, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-CNonce: Cannot perform Digest authentication");
return RLM_MODULE_INVALID;
/*
* Get the binary value of Digest-Response
*/
- vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0);
+ vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE, 0, TAG_ANY);
if (!vp) {
RDEBUG("ERROR: No Digest-Response attribute in the request. Cannot perform digest authentication");
return RLM_MODULE_INVALID;
/*
* Allow per-user configuration of EAP types.
*/
- vp = pairfind(handler->request->config_items,
- PW_EAP_TYPE, 0);
+ vp = pairfind(handler->request->config_items, PW_EAP_TYPE, 0, TAG_ANY);
if (vp) default_eap_type = vp->vp_integer;
do_initiate:
* as they may have asked for many.
*/
default_eap_type = 0;
- vp = pairfind(handler->request->config_items,
- PW_EAP_TYPE, 0);
+ vp = pairfind(handler->request->config_items, PW_EAP_TYPE, 0, TAG_ANY);
for (i = 0; i < eaptype->length; i++) {
/*
* It is invalid to request identity,
* Don't add a Message-Authenticator if it's already
* there.
*/
- vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0);
+ vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0, PW_TYPE_OCTETS);
memset(vp->vp_octets, 0, AUTH_VECTOR_LEN);
VALUE_PAIR *vp, *proxy;
VALUE_PAIR *eap_msg;
- eap_msg = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0);
+ eap_msg = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (eap_msg == NULL) {
RDEBUG2("No EAP-Message, not doing EAP");
return EAP_NOOP;
* Look for EAP-Type = None (FreeRADIUS specific attribute)
* this allows you to NOT do EAP for some users.
*/
- vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0);
+ vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY);
if (vp && vp->vp_integer == 0) {
RDEBUG2("Found EAP-Message, but EAP-Type = None, so we're not doing EAP.");
return EAP_NOOP;
* Check for a Proxy-To-Realm. Don't get excited over LOCAL
* realms (sigh).
*/
- proxy = pairfind(request->config_items, PW_PROXY_TO_REALM, 0);
+ proxy = pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (proxy) {
REALM *realm;
/*
* Delete any previous replies.
*/
- pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, 0, -1);
- pairdelete(&handler->request->reply->vps, PW_STATE, 0, -1);
+ pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ pairdelete(&handler->request->reply->vps, PW_STATE, 0, TAG_ANY);
eap_packet_free(&handler->eap_ds->request);
handler->eap_ds->request = eap_packet_alloc();
return NULL;
}
- vp = pairfind(request->packet->vps, PW_USER_NAME, 0);
+ vp = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
/*
* NAS did not set the User-Name
return NULL;
}
- vp = pairfind(request->packet->vps, PW_USER_NAME, 0);
+ vp = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
/*
* NAS did not set the User-Name
}
eap_packet = (eap_packet_t *)reply->packet;
- pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0, -1);
+ pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0, TAG_ANY);
vp = eap_packet2vp(eap_packet);
if (!vp) return RLM_MODULE_INVALID;
* Don't add a Message-Authenticator if it's already
* there.
*/
- vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0);
+ vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0, PW_TYPE_OCTETS);
memset(vp->vp_strvalue, 0, AUTH_VECTOR_LEN);
/*
* Get only EAP-Message attribute list
*/
- first = pairfind(vps, PW_EAP_MESSAGE, 0);
+ first = pairfind(vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (first == NULL) {
DEBUG("rlm_eap: EAP-Message not found");
return NULL;
* Sanity check the length, BEFORE malloc'ing memory.
*/
total_len = 0;
- for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) {
+ for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) {
total_len += vp->length;
if (total_len > len) {
ptr = (unsigned char *)eap_packet;
/* RADIUS ensures order of attrs, so just concatenate all */
- for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) {
+ for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) {
memcpy(ptr, vp->vp_strvalue, vp->length);
ptr += vp->length;
}
* it might be too big for putting into an EAP-Type-SIM
*
*/
- vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0, TAG_ANY);
if(vp == NULL)
{
subtype = eapsim_start;
subtype = vp->vp_integer;
}
- vp = pairfind(r->vps, ATTRIBUTE_EAP_ID, 0);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY);
if(vp == NULL)
{
id = ((int)getpid() & 0xff);
id = vp->vp_integer;
}
- vp = pairfind(r->vps, ATTRIBUTE_EAP_CODE, 0);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_CODE, 0, TAG_ANY);
if(vp == NULL)
{
eapcode = PW_EAP_REQUEST;
* then we should calculate the HMAC-SHA1 of the resulting EAP-SIM
* packet, appended with the value of append.
*/
- vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_KEY, 0);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_KEY, 0, TAG_ANY);
if(macspace != NULL && vp != NULL)
{
unsigned char *buffer;
int elen,len;
VALUE_PAIR *mac;
- mac = pairfind(rvps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0);
+ mac = pairfind(rvps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0, TAG_ANY);
if(mac == NULL
|| mac->length != 18) {
* We key the sessions off of the 'state' attribute, so it
* must exist.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0);
+ state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (!state ||
(state->length != EAP_STATE_LEN)) {
return NULL;
* maybe should just copy things we care about, or keep
* a copy of the original input and start from there again?
*/
- pairdelete(&resp->vps, PW_EAP_MESSAGE, 0, -1);
- pairdelete(&resp->vps, ATTRIBUTE_EAP_BASE+PW_EAP_IDENTITY, 0, -1);
+ pairdelete(&resp->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ pairdelete(&resp->vps, ATTRIBUTE_EAP_BASE+PW_EAP_IDENTITY, 0, TAG_ANY);
last = &resp->vps;
for(vp = *last; vp != NULL; vp = vpnext)
/* form new response clear of any EAP stuff */
cleanresp(rep);
- if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0)) == NULL) {
+ if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0, TAG_ANY)) == NULL) {
fprintf(stderr, "illegal start message has no VERSION_LIST\n");
return 0;
}
* anyway we like, but it is illegal to have more than one
* present.
*/
- anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ, 0);
- fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0);
- permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ, 0);
+ anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ, 0, TAG_ANY);
+ fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0, TAG_ANY);
+ permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ, 0, TAG_ANY);
if(fullauthidreq_vp == NULL ||
anyidreq_vp != NULL ||
/*
* insert the identity here.
*/
- vp = pairfind(rep->vps, PW_USER_NAME, 0);
+ vp = pairfind(rep->vps, PW_USER_NAME, 0, TAG_ANY);
if(vp == NULL)
{
fprintf(stderr, "eap-sim: We need to have a User-Name attribute!\n");
uint8_t calcmac[20];
/* look for the AT_MAC and the challenge data */
- mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0);
- randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0);
+ mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0, TAG_ANY);
+ randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0, TAG_ANY);
if(mac == NULL || randvp == NULL) {
fprintf(stderr, "radeapclient: challenge message needs to contain RAND and MAC\n");
return 0;
randcfg[1] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE];
randcfg[2] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE*2];
- randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1, 0);
- randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2, 0);
- randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3, 0);
+ randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1, 0, TAG_ANY);
+ randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2, 0, TAG_ANY);
+ randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3, 0, TAG_ANY);
if(randcfgvp[0] == NULL ||
randcfgvp[1] == NULL ||
* Really, they should be calculated from the RAND!
*
*/
- sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1, 0);
- sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2, 0);
- sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3, 0);
+ sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1, 0, TAG_ANY);
+ sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2, 0, TAG_ANY);
+ sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3, 0, TAG_ANY);
if(sres1 == NULL ||
sres2 == NULL ||
memcpy(eapsim_mk.sres[1], sres2->vp_strvalue, sizeof(eapsim_mk.sres[1]));
memcpy(eapsim_mk.sres[2], sres3->vp_strvalue, sizeof(eapsim_mk.sres[2]));
- Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1, 0);
- Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2, 0);
- Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3, 0);
+ Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1, 0, TAG_ANY);
+ Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2, 0, TAG_ANY);
+ Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3, 0, TAG_ANY);
if(Kc1 == NULL ||
Kc2 == NULL ||
VALUE_PAIR *vp, *statevp, *radstate, *eapid;
char statenamebuf[32], subtypenamebuf[32];
- if ((radstate = paircopy2(req->vps, PW_STATE, 0, -1)) == NULL)
+ if ((radstate = paircopy2(req->vps, PW_STATE, 0, TAG_ANY)) == NULL)
{
return 0;
}
- if ((eapid = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, -1)) == NULL)
+ if ((eapid = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY)) == NULL)
{
return 0;
}
* outselves to be in EAP-SIM-Start state if there is none.
*/
- if((statevp = pairfind(resp->vps, ATTRIBUTE_EAP_SIM_STATE, 0)) == NULL)
+ if((statevp = pairfind(resp->vps, ATTRIBUTE_EAP_SIM_STATE, 0, TAG_ANY)) == NULL)
{
/* must be initial request */
statevp = paircreate(ATTRIBUTE_EAP_SIM_STATE, 0, PW_TYPE_INTEGER);
*/
unmap_eapsim_types(req);
- if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0)) == NULL)
+ if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0, TAG_ANY)) == NULL)
{
return 0;
}
cleanresp(rep);
- if ((state = paircopy2(req->vps, PW_STATE, 0, -1)) == NULL)
+ if ((state = paircopy2(req->vps, PW_STATE, 0, TAG_ANY)) == NULL)
{
fprintf(stderr, "radeapclient: no state attribute found\n");
return 0;
}
- if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, -1)) == NULL)
+ if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-ID attribute found\n");
return 0;
}
identifier = id->vp_integer;
- if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0)) == NULL)
+ if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0, TAG_ANY)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-MD5 attribute found\n");
return 0;
/*
* Keep a copy of the the User-Password attribute.
*/
- if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0)) != NULL) {
+ if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue));
- } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0)) != NULL) {
+ } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue));
/*
* Otherwise keep a copy of the CHAP-Password attribute.
*/
- } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
+ } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy(password, (char *)vp->vp_strvalue, sizeof(vp->vp_strvalue));
} else {
*password = '\0';
sizeof(rep->vector));
if (*password != '\0') {
- if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0)) != NULL) {
+ if ((vp = pairfind(rep->vps, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue));
vp->length = strlen(password);
- } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0)) != NULL) {
+ } else if ((vp = pairfind(rep->vps, PW_USER_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue));
vp->length = strlen(password);
- } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0)) != NULL) {
+ } else if ((vp = pairfind(rep->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) != NULL) {
strlcpy((char *)vp->vp_strvalue, password, sizeof(vp->vp_strvalue));
vp->length = strlen(password);
EAP_PACKET ep;
int eap_type;
- vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0);
+ vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY);
if(vp == NULL) {
id = ((int)getpid() & 0xff);
} else {
id = vp->vp_integer;
}
- vp = pairfind(req->vps, ATTRIBUTE_EAP_CODE, 0);
+ vp = pairfind(req->vps, ATTRIBUTE_EAP_CODE, 0, TAG_ANY);
if(vp == NULL) {
eapcode = PW_EAP_REQUEST;
} else {
*/
/* nuke any existing EAP-Messages */
- pairdelete(&req->vps, PW_EAP_MESSAGE, 0, -1);
+ pairdelete(&req->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
memset(&ep, 0, sizeof(ep));
ep.code = eapcode;
{
VALUE_PAIR *esvp;
- esvp = pairfind(r->vps, ATTRIBUTE_EAP_BASE+PW_EAP_SIM, 0);
+ esvp = pairfind(r->vps, ATTRIBUTE_EAP_BASE+PW_EAP_SIM, 0, TAG_ANY);
if (esvp == NULL) {
radlog(L_ERR, "eap: EAP-Sim attribute not found");
return 0;
}
/* find the EAP-Message, copy it to req2 */
- vp = paircopy2(req->vps, PW_EAP_MESSAGE, 0, -1);
+ vp = paircopy2(req->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if(vp == NULL) continue;
vp_printlist(stdout, req2->vps);
}
- vp = pairfind(req2->vps,
- ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0);
- vpkey = pairfind(req->vps, ATTRIBUTE_EAP_SIM_KEY, 0);
- vpextra = pairfind(req->vps, ATTRIBUTE_EAP_SIM_EXTRA, 0);
+ vp = pairfind(req2->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0, TAG_ANY);
+ vpkey = pairfind(req->vps, ATTRIBUTE_EAP_SIM_KEY, 0, TAG_ANY);
+ vpextra = pairfind(req->vps, ATTRIBUTE_EAP_SIM_EXTRA, 0, TAG_ANY);
if(vp != NULL && vpkey != NULL && vpextra!=NULL) {
uint8_t calcmac[16];
inst = (rlm_eap_t *) instance;
- if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0)) {
+ if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
RDEBUG("ERROR: You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!");
return RLM_MODULE_INVALID;
}
* Some simple sanity checks. These should really
* be handled by the radius library...
*/
- vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE, 0);
+ vp = pairfind(request->proxy->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (vp) {
- vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0);
+ vp = pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
vp = pairmake("Message-Authenticator",
"0x00", T_OP_EQ);
* set to 127.0.0.1 for tunneled requests, and
* we don't want to tell the world that...
*/
- pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS, -1);
+ pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS, TAG_ANY);
RDEBUG2(" Tunneled session will be proxied. Not doing EAP.");
return RLM_MODULE_HANDLED;
/*
* Doesn't exist, add it in.
*/
- vp = pairfind(request->reply->vps, PW_USER_NAME, 0);
+ vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
vp = pairmake("User-Name", "",
T_OP_EQ);
* and to get excited if it doesn't appear.
*/
- vp = pairfind(request->config_items, PW_AUTH_TYPE, 0);
+ vp = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY);
if ((!vp) ||
(vp->vp_integer != PW_AUTHTYPE_REJECT)) {
vp = pairmake("Auth-Type", inst->xlat_name, T_OP_EQ);
/*
* Doesn't exist, add it in.
*/
- vp = pairfind(request->reply->vps, PW_USER_NAME, 0);
+ vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
vp = pairmake("User-Name", request->username->vp_strvalue,
T_OP_EQ);
* This is vendor Cisco (9), Cisco-AVPair
* attribute (1)
*/
- vp = pairfind(vp, 1, 9);
+ vp = pairfind(vp, 1, 9, TAG_ANY);
if (!vp) {
return RLM_MODULE_NOOP;
}
/*
* Only build a failure message if something previously rejected the request
*/
- vp = pairfind(request->config_items, PW_POSTAUTHTYPE, 0);
+ vp = pairfind(request->config_items, PW_POSTAUTHTYPE, 0, TAG_ANY);
if (!vp || (vp->vp_integer != PW_POSTAUTHTYPE_REJECT)) return RLM_MODULE_NOOP;
- if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0)) {
+ if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
RDEBUG2("Request didn't contain an EAP-Message, not inserting EAP-Failure");
return RLM_MODULE_NOOP;
}
- if (pairfind(request->reply->vps, PW_EAP_MESSAGE, 0)) {
+ if (pairfind(request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) {
RDEBUG2("Reply already contained an EAP-Message, not inserting EAP-Failure");
return RLM_MODULE_NOOP;
}
* Make sure there's a message authenticator attribute in the response
* RADIUS protocol code will calculate the correct value later...
*/
- vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0);
+ vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
vp = pairmake("Message-Authenticator",
"0x00", T_OP_EQ);
/*
* For now, do clear-text password authentication.
*/
- vp = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0);
+ vp = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (!vp) {
DEBUG2(" rlm_eap_gtc: ERROR: Cleartext-Password is required for authentication.");
eap_ds->request->code = PW_EAP_FAILURE;
* If there was a User-Password in the request,
* why the heck are they using EAP-GTC?
*/
- pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD, 0, -1);
+ pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
vp = pairmake("User-Password", "", T_OP_EQ);
if (!vp) {
if(items) {
VALUE_PAIR *vp;
//idtype
- vp=pairfind(items,RAD_EAP_IKEV2_IDTYPE, 0);
+ vp=pairfind(items, RAD_EAP_IKEV2_IDTYPE, 0, TAG_ANY);
if(!vp) {
radlog(L_DBG,IKEv2_LOG_PREFIX "[%s] -- Id type not set",id);
} else {
}
}
//secret
- vp=pairfind(items,RAD_EAP_IKEV2_SECRET, 0);
+ vp=pairfind(items, RAD_EAP_IKEV2_SECRET, 0, TAG_ANY);
if(!vp || !vp->length) {
radlog(L_DBG,IKEv2_LOG_PREFIX "[%s] -- Secret not set",id);
} else {
secret=vp->vp_strvalue;
}
//authtype
- vp=pairfind(items,RAD_EAP_IKEV2_AUTHTYPE, 0);
+ vp=pairfind(items, RAD_EAP_IKEV2_AUTHTYPE, 0, TAG_ANY);
if(vp && vp->length) {
authtype=AuthtypeFromName(vp->vp_strvalue);
if(authtype==-1) {
* The password is never sent over the wire.
* Always get the configured password, for each user.
*/
- password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0);
- if (!password) password = pairfind(handler->request->config_items, PW_NT_PASSWORD, 0);
+ password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
+ if (!password) password = pairfind(handler->request->config_items, PW_NT_PASSWORD, 0, TAG_ANY);
if (!password) {
DEBUG2("rlm_eap_leap: No Cleartext-Password or NT-Password configured for this user");
eapleap_free(&packet);
rad_assert(handler->request != NULL);
rad_assert(handler->stage == AUTHENTICATE);
- password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0);
+ password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (password == NULL) {
DEBUG2("rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication");
return 0;
static void fix_mppe_keys(EAP_HANDLER *handler, mschapv2_opaque_t *data)
{
- pairmove2(&data->mppe_keys, &handler->request->reply->vps, 7, VENDORPEC_MICROSOFT);
- pairmove2(&data->mppe_keys, &handler->request->reply->vps, 8, VENDORPEC_MICROSOFT);
- pairmove2(&data->mppe_keys, &handler->request->reply->vps, 16, VENDORPEC_MICROSOFT);
- pairmove2(&data->mppe_keys, &handler->request->reply->vps, 17, VENDORPEC_MICROSOFT);
+ pairmove2(&data->mppe_keys, &handler->request->reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairmove2(&data->mppe_keys, &handler->request->reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairmove2(&data->mppe_keys, &handler->request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairmove2(&data->mppe_keys, &handler->request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
}
static void free_data(void *ptr)
*/
pairmove2(&response,
&handler->request->reply->vps,
- PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT);
+ PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
break;
default:
* the State attribute back, before passing
* the handler & request back into the tunnel.
*/
- pairdelete(&handler->request->packet->vps, PW_STATE, 0, -1);
+ pairdelete(&handler->request->packet->vps, PW_STATE, 0, TAG_ANY);
/*
* Fix the User-Name when proxying, to strip off
* in the user name, THEN discard the user name.
*/
if (inst->with_ntdomain_hack &&
- ((challenge = pairfind(handler->request->packet->vps,
- PW_USER_NAME, 0)) != NULL) &&
+ ((challenge = pairfind(handler->request->packet->vps, PW_USER_NAME, 0, TAG_ANY)) != NULL) &&
((username = strchr(challenge->vp_strvalue, '\\')) != NULL)) {
/*
* Wipe out the NT domain.
response = NULL;
if (rcode == RLM_MODULE_OK) {
pairmove2(&response, &handler->request->reply->vps,
- PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT);
+ PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
data->code = PW_EAP_MSCHAPV2_SUCCESS;
} else if (inst->send_error) {
pairmove2(&response, &handler->request->reply->vps,
- PW_MSCHAP_ERROR, VENDORPEC_MICROSOFT);
+ PW_MSCHAP_ERROR, VENDORPEC_MICROSOFT, TAG_ANY);
if (response) {
int n,err,retry;
char buf[34];
/*
* Clean up the tunneled reply.
*/
- pairdelete(&reply->vps, PW_PROXY_STATE, 0, -1);
- pairdelete(&reply->vps, PW_EAP_MESSAGE, 0, -1);
- pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, -1);
+ pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
+ pairdelete(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+ pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
/*
* Delete MPPE keys & encryption policy. We don't
* want these here.
*/
- pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, -1);
- pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, -1);
- pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, -1);
- pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, -1);
+ pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
t->accept_vps = reply->vps;
reply->vps = NULL;
* Get rid of the old State, too.
*/
pairfree(&t->state);
- pairmove2(&t->state, &(reply->vps), PW_STATE, 0);
+ pairmove2(&t->state, &(reply->vps), PW_STATE, 0, TAG_ANY);
/*
* PEAP takes only EAP-Message attributes inside
* Access-Challenge is ignored.
*/
vp = NULL;
- pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE, 0);
+ pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE, 0, TAG_ANY);
/*
* Handle EAP-MSCHAP-V2, where Access-Accept's
/*
* Clean up the tunneled reply.
*/
- pairdelete(&reply->vps, PW_PROXY_STATE, 0, -1);
- pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, -1);
+ pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
+ pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
t->accept_vps = reply->vps;
reply->vps = NULL;
setup_fake_request(request, fake, t);
- if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0)) != NULL) {
+ if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else if (t->virtual_server) {
switch (fake->reply->code) {
case 0: /* No reply code, must be proxied... */
#ifdef WITH_PROXY
- vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0);
+ vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (vp) {
eap_tunnel_data_t *tunnel;
* of attributes.
*/
pairdelete(&fake->packet->vps,
- PW_EAP_MESSAGE, 0, -1);
+ PW_EAP_MESSAGE, 0, TAG_ANY);
}
DEBUG2(" PEAP: Tunneled authentication will be proxied to %s", vp->vp_strvalue);
* to be proxied.
*/
pairmove2(&(request->config_items),
- &(fake->config_items),
- PW_PROXY_TO_REALM, 0);
+ &(fake->config_items),
+ PW_PROXY_TO_REALM, 0, TAG_ANY);
/*
* Seed the proxy packet with the
if (t->username) {
vp = paircopy(t->username);
pairadd(&fake->packet->vps, vp);
- fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0);
+ fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY);
RDEBUG2("Setting User-Name to %s", fake->username->vp_strvalue);
} else {
RDEBUG2("No tunnel username (SSL resumption?)");
* AND attributes which are copied there
* from below.
*/
- if (pairfind(fake->packet->vps, vp->attribute, vp->vendor)) {
+ if (pairfind(fake->packet->vps, vp->attribute, vp->vendor, TAG_ANY)) {
continue;
}
* Don't copy from the head, we've already
* checked it.
*/
- copy = paircopy2(vp, vp->attribute, vp->vendor, -1);
+ copy = paircopy2(vp, vp->attribute, vp->vendor, TAG_ANY);
pairadd(&fake->packet->vps, copy);
}
}
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = pairfind(handler->request->config_items,
- PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0);
+ vp = pairfind(handler->request->config_items, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
if (vp) {
client_cert = vp->vp_integer;
}
* figure out the MTU (basically do what eap-tls does)
*/
pwd_session->mtu = inst->conf->fragment_size;
- vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU, 0);
+ vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU, 0, TAG_ANY);
if (vp && ((int)(vp->vp_integer - 9) < pwd_session->mtu)) {
/*
* 9 = 4 (EAPOL header) + 4 (EAP header) + 1 (EAP type)
fake->username->length = pwd_session->peer_id_len;
fake->username->vp_strvalue[fake->username->length] = 0;
- if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0)) != NULL) {
+ if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else if (inst->conf->virtual_server) {
debug_pair_list(fake->reply->vps);
}
- if ((pw = pairfind(fake->config_items, PW_CLEARTEXT_PASSWORD, 0)) == NULL) {
+ if ((pw = pairfind(fake->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) == NULL) {
DEBUG2("failed to find password for %s to do pwd authentication",
pwd_session->peer_id);
request_free(&fake);
rad_assert(chalno >= 0 && chalno < 3);
- vp = pairfind(vps, ATTRIBUTE_EAP_SIM_RAND1+chalno, 0);
+ vp = pairfind(vps, ATTRIBUTE_EAP_SIM_RAND1+chalno, 0, TAG_ANY);
if(vp == NULL) {
/* bad, we can't find stuff! */
DEBUG2(" eap-sim can not find sim-challenge%d",chalno+1);
}
memcpy(ess->keys.rand[chalno], vp->vp_strvalue, EAPSIM_RAND_SIZE);
- vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SRES1+chalno, 0);
+ vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SRES1+chalno, 0, TAG_ANY);
if(vp == NULL) {
/* bad, we can't find stuff! */
DEBUG2(" eap-sim can not find sim-sres%d",chalno+1);
}
memcpy(ess->keys.sres[chalno], vp->vp_strvalue, EAPSIM_SRES_SIZE);
- vp = pairfind(vps, ATTRIBUTE_EAP_SIM_KC1+chalno, 0);
+ vp = pairfind(vps, ATTRIBUTE_EAP_SIM_KC1+chalno, 0, TAG_ANY);
if(vp == NULL) {
/* bad, we can't find stuff! */
DEBUG2(" eap-sim can not find sim-kc%d",chalno+1);
memcpy(ess->keys.identity, handler->identity, ess->keys.identitylen);
/* use the SIM identity, if available */
- newvp = pairfind(*invps, ATTRIBUTE_EAP_SIM_BASE + PW_EAP_SIM_IDENTITY, 0);
+ newvp = pairfind(*invps, ATTRIBUTE_EAP_SIM_BASE + PW_EAP_SIM_IDENTITY, 0, TAG_ANY);
if (newvp && newvp->length > 2) {
uint16_t len;
type_data = type_data; /* shut up compiler */
- vp = pairfind(outvps, ATTRIBUTE_EAP_SIM_RAND1, 0);
+ vp = pairfind(outvps, ATTRIBUTE_EAP_SIM_RAND1, 0, TAG_ANY);
if(vp == NULL) {
DEBUG2(" can not initiate sim, no RAND1 attribute");
return 0;
ess = (struct eap_sim_server_state *)handler->opaque;
- nonce_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT, 0);
- selectedversion_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION, 0);
+ nonce_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT, 0, TAG_ANY);
+ selectedversion_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION, 0, TAG_ANY);
if(nonce_vp == NULL ||
selectedversion_vp == NULL) {
}
/* see what kind of message we have gotten */
- if((vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0)) == NULL)
+ if((vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0, TAG_ANY)) == NULL)
{
DEBUG2(" no subtype attribute was created, message dropped");
return 0;
fake->packet->vps = paircopy(request->packet->vps);
/* set the virtual server to use */
- if ((vp = pairfind(request->config_items,
- PW_VIRTUAL_SERVER, 0)) != NULL) {
+ if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else {
fake->server = inst->virtual_server;
switch(mode){
case VLAN_ISOLATE:
vlanNumber = inst->vlan_isolate;
- vp = pairfind(handler->request->config_items,
- PW_TNC_VLAN_ISOLATE);
+ vp = pairfind(handler->request->config_items, PW_TNC_VLAN_ISOLATE,
+ TAG_ANY);
if (vp) vlanNumber = vp->vp_strvalue;
break;
case VLAN_ACCESS:
vlanNumber = inst->vlan_access;
- vp = pairfind(handler->request->config_items,
- PW_TNC_VLAN_ACCESS);
+ vp = pairfind(handler->request->config_items, PW_TNC_VLAN_ACCESS,
+ TAG_ANY);
if (vp) vlanNumber = vp->vp_strvalue;
break;
* EAP-TLS-Require-Client-Cert attribute will override
* the require_client_cert configuration option.
*/
- vp = pairfind(handler->request->config_items,
- PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0);
+ vp = pairfind(handler->request->config_items, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
if (vp) {
client_cert = vp->vp_integer;
}
* packet, and we will send EAP-Success.
*/
vp = NULL;
- pairmove2(&vp, &reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT);
+ pairmove2(&vp, &reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT, TAG_ANY);
if (vp) {
RDEBUG("Got MS-CHAP2-Success, tunneling it to the client in a challenge.");
rcode = RLM_MODULE_HANDLED;
* Delete MPPE keys & encryption policy. We don't
* want these here.
*/
- pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, -1);
- pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, -1);
- pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, -1);
- pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, -1);
+ pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
/*
* Use the tunneled reply, but not now.
* can figure it out, from the non-tunneled
* EAP-Success packet.
*/
- pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0);
+ pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
pairfree(&vp);
}
* tunneled user!
*/
if (t->use_tunneled_reply) {
- pairdelete(&reply->vps, PW_PROXY_STATE, 0, -1);
+ pairdelete(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
pairadd(&request->reply->vps, reply->vps);
reply->vps = NULL;
}
* Get rid of the old State, too.
*/
pairfree(&t->state);
- pairmove2(&t->state, &reply->vps, PW_STATE, 0);
+ pairmove2(&t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
/*
* We should really be a bit smarter about this,
* method works in 99.9% of the situations.
*/
vp = NULL;
- pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0);
+ pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
/*
* There MUST be a Reply-Message in the challenge,
* we MUST create one, with an empty string as
* it's value.
*/
- pairmove2(&vp, &reply->vps, PW_REPLY_MESSAGE, 0);
+ pairmove2(&vp, &reply->vps, PW_REPLY_MESSAGE, 0, TAG_ANY);
/*
* Handle the ACK, by tunneling any necessary reply
/*
* Update other items in the REQUEST data structure.
*/
- fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0);
- fake->password = pairfind(fake->packet->vps, PW_USER_PASSWORD, 0);
+ fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ fake->password = pairfind(fake->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
/*
* No User-Name, try to create one from stored data.
* an EAP-Identity, and pull it out of there.
*/
if (!t->username) {
- vp = pairfind(fake->packet->vps, PW_EAP_MESSAGE, 0);
+ vp = pairfind(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (vp &&
(vp->length >= EAP_HEADER_LEN + 2) &&
(vp->vp_strvalue[0] == PW_EAP_RESPONSE) &&
if (t->username) {
vp = paircopy(t->username);
pairadd(&fake->packet->vps, vp);
- fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0);
+ fake->username = pairfind(fake->packet->vps, PW_USER_NAME, 0, TAG_ANY);
}
} /* else the request ALREADY had a User-Name */
* AND attributes which are copied there
* from below.
*/
- if (pairfind(fake->packet->vps, vp->attribute, vp->vendor)) {
+ if (pairfind(fake->packet->vps, vp->attribute, vp->vendor, TAG_ANY)) {
continue;
}
* Don't copy from the head, we've already
* checked it.
*/
- copy = paircopy2(vp, vp->attribute, vp->vendor, -1);
+ copy = paircopy2(vp, vp->attribute, vp->vendor, TAG_ANY);
pairadd(&fake->packet->vps, copy);
}
}
- if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0)) != NULL) {
+ if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
fake->server = vp->vp_strvalue;
} else if (t->virtual_server) {
switch (fake->reply->code) {
case 0: /* No reply code, must be proxied... */
#ifdef WITH_PROXY
- vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0);
+ vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY);
if (vp) {
eap_tunnel_data_t *tunnel;
RDEBUG("Tunneled authentication will be proxied to %s", vp->vp_strvalue);
*/
pairmove2(&(request->config_items),
&(fake->config_items),
- PW_PROXY_TO_REALM, 0);
+ PW_PROXY_TO_REALM, 0, TAG_ANY);
/*
* Seed the proxy packet with the
* We key the sessions off of the 'state' attribute, so it
* must exist.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0);
+ state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (!state ||
(state->length != EAP_STATE_LEN)) {
return NULL;
/*
* Do this always, just in case.
*/
- vp = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0);
+ vp = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (vp) {
user->password = (u8 *) os_strdup(vp->vp_strvalue);
user->password_len = vp->length;
}
- if (!vp) vp = pairfind(request->config_items, PW_NT_PASSWORD, 0);
+ if (!vp) vp = pairfind(request->config_items, PW_NT_PASSWORD, 0, TAG_ANY);
if (vp) {
user->password = (u8 *) malloc(vp->length);
memcpy(user->password, vp->vp_octets, vp->length);
total -= size;
} while (total > 0);
- pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, -1);
+ pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, TAG_ANY);
pairadd(&handler->request->reply->vps, head);
return encoded;
/*
* Get only EAP-Message attribute list
*/
- first = pairfind(vps, PW_EAP_MESSAGE, 0);
+ first = pairfind(vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (first == NULL) {
radlog(L_ERR, "rlm_eap2: EAP-Message not found");
return -1;
* Sanity check the length, BEFORE malloc'ing memory.
*/
total_len = 0;
- for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) {
+ for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) {
total_len += vp->length;
if (total_len > len) {
ptr = *data;
/* RADIUS ensures order of attrs, so just concatenate all */
- for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0)) {
+ for (vp = first; vp; vp = pairfind(vp->next, PW_EAP_MESSAGE, 0, TAG_ANY)) {
memcpy(ptr, vp->vp_strvalue, vp->length);
ptr += vp->length;
}
inst = (rlm_eap_t *) instance;
- vp = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0);
+ vp = pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
if (!vp) {
RDEBUG("No EAP-Message. Not doing EAP.");
return RLM_MODULE_FAIL;
return RLM_MODULE_FAIL;
}
- vp = pairfind(request->packet->vps, PW_STATE, 0);
+ vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (vp) {
handler = eaplist_find(inst, request);
if (!handler) {
/*
* Doesn't exist, add it in.
*/
- vp = pairfind(request->reply->vps, PW_USER_NAME, 0);
+ vp = pairfind(request->reply->vps, PW_USER_NAME, 0, TAG_ANY);
if (!vp) {
vp = pairmake("User-Name", request->username->vp_strvalue,
T_OP_EQ);
}
}
- vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0);
+ vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
if (!vp) {
vp = paircreate(PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
memset(vp->vp_strvalue, 0, AUTH_VECTOR_LEN);
/*
* Look for the 'state' attribute.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0);
+ state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (state != NULL) {
RDEBUG("Found reply to access challenge");
return RLM_MODULE_OK;
VALUE_PAIR *vp, *tmp;
rlm_exec_t *inst = (rlm_exec_t *) instance;
- vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0);
+ vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
if (vp) {
exec_wait = 0;
- } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0)) != NULL) {
+ } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
exec_wait = 1;
}
if (!vp) {
*/
if (!inst->bare) return exec_dispatch(instance, request);
- vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0);
+ vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
if (vp) {
exec_wait = 0;
- } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0)) != NULL) {
+ } else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
exec_wait = 1;
}
if (!vp) return RLM_MODULE_NOOP;
VALUE_PAIR *vp, *check_item = NULL;
char msg[MAX_STRING_LEN];
- if ((check_item = pairfind(request->config_items, PW_EXPIRATION, 0)) != NULL){
+ if ((check_item = pairfind(request->config_items, PW_EXPIRATION, 0, TAG_ANY)) != NULL){
/*
* Has this user's password expired?
*
* Else the account hasn't expired, but it may do so
* in the future. Set Session-Timeout.
*/
- vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0);
+ vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
PW_SESSION_TIMEOUT, 0,
/*
* If Strip-User-Name == No, then don't do any more.
*/
- vp = pairfind(check_pairs, PW_STRIP_USER_NAME, 0);
+ vp = pairfind(check_pairs, PW_STRIP_USER_NAME, 0, TAG_ANY);
if (vp && !vp->vp_integer) return ret;
/*
* See where to put the stripped user name.
*/
- vp = pairfind(check_pairs, PW_STRIPPED_USER_NAME, 0);
+ vp = pairfind(check_pairs, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
if (!vp) {
/*
* If "request" is NULL, then the memory will be
static int fallthrough(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0);
+ tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : 0;
}
* We check for Auth-Type = Reject here
*/
- authtype = pairfind(list, PW_AUTHTYPE, 0);
+ authtype = pairfind(list, PW_AUTHTYPE, 0, TAG_ANY);
if((authtype) && authtype->vp_integer == PW_AUTHTYPE_REJECT) {
DEBUG2("rad_check_return: Auth-Type is Reject");
return RLM_MODULE_REJECT;
pairfree(&reply_tmp);
if(!fallthrough(user->reply)) {
- pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, -1);
+ pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, TAG_ANY);
return(rad_check_return(user->check));
} else {
user=user->next;
pairfree(&reply_tmp);
if(!fallthrough(user->reply)) {
- pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, -1);
+ pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, TAG_ANY);
return(rad_check_return(user->check));
}
}
if(userfound || defaultfound) {
- pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, -1);
+ pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0, TAG_ANY);
return(rad_check_return(request->config_items));
} else {
DEBUG2("rlm_fastusers: user not found");
static int fallthrough(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0);
+ tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : 0;
}
/*
* Remove server internal parameters.
*/
- pairdelete(reply_pairs, PW_FALL_THROUGH, 0, -1);
+ pairdelete(reply_pairs, PW_FALL_THROUGH, 0, TAG_ANY);
/*
* See if we succeeded.
FR_MD5_CTX md5_context;
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL)
acctstatustype = vp->vp_integer;
else {
RDEBUG("Could not find account status type in packet. Return NOOP.");
/* Check if Pool-Name attribute exists. If it exists check our name and
* run only if they match
*/
- if ((vp = pairfind(request->config_items, PW_POOL_NAME, 0)) != NULL){
+ if ((vp = pairfind(request->config_items, PW_POOL_NAME, 0, TAG_ANY)) != NULL){
if (data->name == NULL || (strcmp(data->name,vp->vp_strvalue) && strcmp(vp->vp_strvalue,"DEFAULT")))
return RLM_MODULE_NOOP;
} else {
/*
* Find the caller id
*/
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL)
cli = vp->vp_strvalue;
#ifdef WITH_DHCP
* If there is a Framed-IP-Address (or Dhcp-Your-IP-Address)
* attribute in the reply, check for override
*/
- if (pairfind(request->reply->vps, attr_ipaddr, vendor_ipaddr) != NULL) {
+ if (pairfind(request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY) != NULL) {
RDEBUG("Found IP address attribute in reply attribute list.");
if (data->override)
{
RDEBUG("Override supplied IP address");
- pairdelete(&request->reply->vps, attr_ipaddr, vendor_ipaddr, -1);
+ pairdelete(&request->reply->vps, attr_ipaddr, vendor_ipaddr, TAG_ANY);
} else {
/* Abort */
RDEBUG("override is set to no. Return NOOP.");
free(key_datum.dptr);
entry.active = 1;
entry.timestamp = request->timestamp;
- if ((vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0)) != NULL) {
+ if ((vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY)) != NULL) {
entry.timeout = (time_t) vp->vp_integer;
#ifdef WITH_DHCP
if (dhcp) {
vp = radius_paircreate(request, &request->reply->vps,
PW_DHCP_IP_ADDRESS_LEASE_TIME, DHCP_MAGIC_VENDOR, PW_TYPE_INTEGER);
vp->vp_integer = entry.timeout;
- pairdelete(&request->reply->vps, PW_SESSION_TIMEOUT, 0, -1);
+ pairdelete(&request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
}
#endif
} else {
* If there is no Framed-Netmask attribute in the
* reply, add one
*/
- if (pairfind(request->reply->vps, attr_ipmask, vendor_ipaddr) == NULL) {
+ if (pairfind(request->reply->vps, attr_ipmask, vendor_ipaddr, TAG_ANY) == NULL) {
vp = radius_paircreate(request, &request->reply->vps,
attr_ipmask, vendor_ipaddr,
PW_TYPE_IPADDR);
* we need to reconfigure a few pointers in the REQUEST object
*/
if (req->username) {
- req->username = pairfind(request->vps, PW_USER_NAME, 0);
+ req->username = pairfind(request->vps, PW_USER_NAME, 0, TAG_ANY);
}
if (req->password) {
- req->password = pairfind(request->vps, PW_PASSWORD, 0);
- if (!req->password) req->password = pairfind(request->vps, PW_CHAP_PASSWORD, 0);
+ req->password = pairfind(request->vps, PW_PASSWORD, 0, TAG_ANY);
+ if (!req->password) req->password = pairfind(request->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
}
/*
*module_rcode = RLM_MODULE_FAIL;
- vp = pairfind(request->config_items, PW_LDAP_USERDN, 0);
+ vp = pairfind(request->config_items, PW_LDAP_USERDN, 0, TAG_ANY);
if (vp) {
*module_rcode = RLM_MODULE_OK;
return vp->vp_strvalue;
* to read the documentation.
*/
if (inst->expect_password && (debug_flag > 1)) {
- if (!pairfind(request->config_items,PW_CLEARTEXT_PASSWORD, 0) &&
- !pairfind(request->config_items,
- PW_NT_PASSWORD, 0) &&
- !pairfind(request->config_items,
- PW_USER_PASSWORD, 0) &&
- !pairfind(request->config_items,
- PW_PASSWORD_WITH_HEADER, 0) &&
- !pairfind(request->config_items,
- PW_CRYPT_PASSWORD, 0)) {
+ if (!pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY) &&
+ !pairfind(request->config_items, PW_NT_PASSWORD, 0, TAG_ANY) &&
+ !pairfind(request->config_items, PW_USER_PASSWORD, 0, TAG_ANY) &&
+ !pairfind(request->config_items, PW_PASSWORD_WITH_HEADER, 0, TAG_ANY) &&
+ !pairfind(request->config_items, PW_CRYPT_PASSWORD, 0, TAG_ANY)) {
RDEBUG("WARNING: No \"known good\" password "
"was found in LDAP. Are you sure that "
"the user is configured correctly?");
/*
* We already have a Cleartext-Password. Skip edir.
*/
- if (inst->edir && pairfind(request->config_items,
- PW_CLEARTEXT_PASSWORD, 0)) {
+ if (inst->edir && pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) {
goto skip_edir;
}
/*
* Apply ONE user profile, or a default user profile.
*/
- vp = pairfind(request->config_items, PW_USER_PROFILE, 0);
+ vp = pairfind(request->config_items, PW_USER_PROFILE, 0, TAG_ANY);
if (vp || inst->default_profile) {
char *profile = inst->default_profile;
VALUE_PAIR *check_item = NULL;
int r;
- if ((check_item = pairfind(request->config_items, PW_LOGIN_TIME, 0)) != NULL) {
+ if ((check_item = pairfind(request->config_items, PW_LOGIN_TIME, 0, TAG_ANY)) != NULL) {
/*
* Authentication is OK. Now see if this
* User is allowed, but set Session-Timeout.
*/
DEBUG("rlm_logintime: timestr returned accept");
- if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0)) != NULL) {
+ if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY)) != NULL) {
if (reply_item->vp_integer > (unsigned) r)
reply_item->vp_integer = r;
} else {
uint32_t uiLen = 0;
char *username_string = NULL;
char *shortUserName = NULL;
- VALUE_PAIR *response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT);
+ VALUE_PAIR *response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
#ifndef NDEBUG
unsigned int t;
#endif
* hash of MS-CHAPv2 challenge, and peer challenge.
*/
if (strncasecmp(fmt, "Challenge", 9) == 0) {
- chap_challenge = pairfind(request->packet->vps,
- PW_MSCHAP_CHALLENGE,
- VENDORPEC_MICROSOFT);
+ chap_challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!chap_challenge) {
RDEBUG2("No MS-CHAP-Challenge in the request.");
return 0;
VALUE_PAIR *name_attr, *response_name;
char *username_string;
- response = pairfind(request->packet->vps,
- PW_MSCHAP2_RESPONSE,
- VENDORPEC_MICROSOFT);
+ response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!response) {
RDEBUG2("MS-CHAP2-Response is required to calculate MS-CHAPv1 challenge.");
return 0;
return 0;
}
- user_name = pairfind(request->packet->vps,
- PW_USER_NAME, 0);
+ user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!user_name) {
RDEBUG2("User-Name is required to calculate MS-CHAPv1 Challenge.");
return 0;
* We prefer this to the User-Name in the
* packet.
*/
- response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0);
+ response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY);
if (response_name) {
name_attr = response_name;
} else {
* response.
*/
} else if (strncasecmp(fmt, "NT-Response", 11) == 0) {
- response = pairfind(request->packet->vps,
- PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT);
- if (!response) response = pairfind(request->packet->vps,
- PW_MSCHAP2_RESPONSE,
- VENDORPEC_MICROSOFT);
+ response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
+ if (!response) response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!response) {
RDEBUG2("No MS-CHAP-Response or MS-CHAP2-Response was found in the request.");
return 0;
* in MS-CHAPv1, and not often there.
*/
} else if (strncasecmp(fmt, "LM-Response", 11) == 0) {
- response = pairfind(request->packet->vps,
- PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT);
+ response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!response) {
RDEBUG2("No MS-CHAP-Response was found in the request.");
return 0;
} else if (strncasecmp(fmt, "NT-Domain", 9) == 0) {
char *p, *q;
- user_name = pairfind(request->packet->vps, PW_USER_NAME, 0);
+ user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!user_name) {
RDEBUG2("No User-Name was found in the request.");
return 0;
} else if (strncasecmp(fmt, "User-Name", 9) == 0) {
char *p;
- user_name = pairfind(request->packet->vps, PW_USER_NAME, 0);
+ user_name = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!user_name) {
RDEBUG2("No User-Name was found in the request.");
return 0;
#define inst ((rlm_mschap_t *)instance)
VALUE_PAIR *challenge = NULL;
- challenge = pairfind(request->packet->vps,
- PW_MSCHAP_CHALLENGE,
- VENDORPEC_MICROSOFT);
+ challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!challenge) {
return RLM_MODULE_NOOP;
}
- if (!pairfind(request->packet->vps, PW_MSCHAP_RESPONSE,
- VENDORPEC_MICROSOFT) &&
- !pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE,
- VENDORPEC_MICROSOFT) &&
- !pairfind(request->packet->vps, PW_MSCHAP2_CPW,
- VENDORPEC_MICROSOFT)) {
+ if (!pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) &&
+ !pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY) &&
+ !pairfind(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY)) {
RDEBUG2("Found MS-CHAP-Challenge, but no MS-CHAP response or change-password");
return RLM_MODULE_NOOP;
}
- if (pairfind(request->config_items, PW_AUTH_TYPE, 0)) {
+ if (pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY)) {
RDEBUG2("WARNING: Auth-Type already set. Not setting to MS-CHAP");
return RLM_MODULE_NOOP;
}
* want to suppress it.
*/
if (do_ntlm_auth) {
- VALUE_PAIR *vp = pairfind(request->config_items,
- PW_MS_CHAP_USE_NTLM_AUTH, 0);
+ VALUE_PAIR *vp = pairfind(request->config_items, PW_MS_CHAP_USE_NTLM_AUTH, 0, TAG_ANY);
if (vp) do_ntlm_auth = vp->vp_integer;
}
* Find the SMB-Account-Ctrl attribute, or the
* SMB-Account-Ctrl-Text attribute.
*/
- smb_ctrl = pairfind(request->config_items, PW_SMB_ACCOUNT_CTRL, 0);
+ smb_ctrl = pairfind(request->config_items, PW_SMB_ACCOUNT_CTRL, 0, TAG_ANY);
if (!smb_ctrl) {
- password = pairfind(request->config_items,
- PW_SMB_ACCOUNT_CTRL_TEXT, 0);
+ password = pairfind(request->config_items, PW_SMB_ACCOUNT_CTRL_TEXT, 0, TAG_ANY);
if (password) {
smb_ctrl = radius_pairmake(request,
&request->config_items,
/*
* Decide how to get the passwords.
*/
- password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0);
+ password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
/*
* We need an LM-Password.
*/
- lm_password = pairfind(request->config_items, PW_LM_PASSWORD, 0);
+ lm_password = pairfind(request->config_items, PW_LM_PASSWORD, 0, TAG_ANY);
if (lm_password) {
/*
* Allow raw octets.
/*
* We need an NT-Password.
*/
- nt_password = pairfind(request->config_items, PW_NT_PASSWORD, 0);
+ nt_password = pairfind(request->config_items, PW_NT_PASSWORD, 0, TAG_ANY);
if (nt_password) {
if ((nt_password->length == 16) ||
((nt_password->length == 32) &&
}
}
- cpw = pairfind(request->packet->vps, PW_MSCHAP2_CPW,
- VENDORPEC_MICROSOFT);
+ cpw = pairfind(request->packet->vps, PW_MSCHAP2_CPW, VENDORPEC_MICROSOFT, TAG_ANY);
if (cpw) {
/*
* mschap2 password change request
memcpy(response->vp_octets+2, cpw->vp_octets + 18, 48);
}
- challenge = pairfind(request->packet->vps,
- PW_MSCHAP_CHALLENGE,
- VENDORPEC_MICROSOFT);
+ challenge = pairfind(request->packet->vps, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT, TAG_ANY);
if (!challenge) {
RDEBUG("ERROR: You set 'Auth-Type = MS-CHAP' for a request that does not contain any MS-CHAP attributes!");
return RLM_MODULE_REJECT;
/*
* We also require an MS-CHAP-Response.
*/
- response = pairfind(request->packet->vps,
- PW_MSCHAP_RESPONSE,
- VENDORPEC_MICROSOFT);
+ response = pairfind(request->packet->vps, PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY);
/*
* MS-CHAP-Response, means MS-CHAPv1
chap = 1;
- } else if ((response = pairfind(request->packet->vps,
- PW_MSCHAP2_RESPONSE,
- VENDORPEC_MICROSOFT)) != NULL) {
+ } else if ((response = pairfind(request->packet->vps, PW_MSCHAP2_RESPONSE, VENDORPEC_MICROSOFT, TAG_ANY)) != NULL) {
int mschap_result;
uint8_t mschapv1_challenge[16];
VALUE_PAIR *name_attr, *response_name;
/*
* We also require a User-Name
*/
- username = pairfind(request->packet->vps, PW_USER_NAME, 0);
+ username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!username) {
radlog_request(L_AUTH, 0, request, "We require a User-Name for MS-CHAPv2");
return RLM_MODULE_INVALID;
* We prefer this to the User-Name in the
* packet.
*/
- response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0);
+ response_name = pairfind(request->packet->vps, PW_MS_CHAP_USER_NAME, 0, TAG_ANY);
if (response_name) {
name_attr = response_name;
} else {
if (uuid_is_null(guid_sacl) && uuid_is_null(guid_nasgroup)) {
RDEBUG("no access control groups, all users allowed.");
- if (pairfind(request->config_items, PW_AUTH_TYPE, 0) == NULL) {
+ if (pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) {
pairadd(&request->config_items, pairmake("Auth-Type", kAuthType, T_OP_EQ));
RDEBUG("Setting Auth-Type = %s", kAuthType);
}
}
}
- if (pairfind(request->config_items, PW_AUTH_TYPE, 0) == NULL) {
+ if (pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY) == NULL) {
pairadd(&request->config_items, pairmake("Auth-Type", kAuthType, T_OP_EQ));
RDEBUG("Setting Auth-Type = %s", kAuthType);
}
VALUE_PAIR **avp = &request->reply->vps;
VALUE_PAIR *cvp, *rvp, *vp;
- cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor);
- rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor);
+ cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor, TAG_ANY);
+ rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor, TAG_ANY);
switch (pwe) {
case PWE_PAP:
otp_request.pwe.pwe = pwe;
/* otp_pwe_present() (done by caller) guarantees that both of these exist */
- cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor);
- rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor);
+ cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor, TAG_ANY);
+ rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor, TAG_ANY);
/* this is just to quiet Coverity */
if (!rvp || !cvp)
return RLM_MODULE_REJECT;
unsigned i;
for (i = 0; i < SIZEOF_PWATTR; i += 2) {
- if (pairfind(request->packet->vps, pwattr[i]->attr, pwattr[i]->vendor) &&
- pairfind(request->packet->vps, pwattr[i + 1]->attr, pwattr[i + 1]->vendor)) {
+ if (pairfind(request->packet->vps, pwattr[i]->attr, pwattr[i]->vendor, TAG_ANY) &&
+ pairfind(request->packet->vps, pwattr[i + 1]->attr, pwattr[i + 1]->vendor, TAG_ANY)) {
DEBUG("rlm_otp: %s: password attributes %s, %s", __func__,
pwattr[i]->name, pwattr[i + 1]->name);
return i + 1; /* Can't return 0 (indicates failure) */
VALUE_PAIR *vp;
auth_type_found = 0;
- if ((vp = pairfind(request->config_items, PW_AUTHTYPE, 0)) != NULL) {
+ if ((vp = pairfind(request->config_items, PW_AUTHTYPE, 0, TAG_ANY)) != NULL) {
auth_type_found = 1;
if (strcmp(vp->vp_strvalue, inst->name))
return RLM_MODULE_NOOP;
}
/* The State attribute will be present if this is a response. */
- if (pairfind(request->packet->vps, PW_STATE, 0) != NULL) {
+ if (pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY) != NULL) {
DEBUG("rlm_otp: autz: Found response to Access-Challenge");
return RLM_MODULE_OK;
}
"rlm_otp", T_OP_EQ));
/* Retrieve the challenge (from State attribute). */
- if ((vp = pairfind(request->packet->vps, PW_STATE, 0)) != NULL) {
+ if ((vp = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY)) != NULL) {
unsigned char state[OTP_MAX_RADSTATE_LEN];
unsigned char raw_state[OTP_MAX_RADSTATE_LEN];
unsigned char rad_state[OTP_MAX_RADSTATE_LEN];
* Let the 'users' file over-ride the PAM auth name string,
* for backwards compatibility.
*/
- pair = pairfind(request->config_items, PAM_AUTH_ATTR, 0);
+ pair = pairfind(request->config_items, PAM_AUTH_ATTR, 0, TAG_ANY);
if (pair) pam_auth_string = (char *)pair->vp_strvalue;
r = pam_pass((char *)request->username->vp_strvalue,
* Password already exists: use
* that instead of this one.
*/
- if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0)) {
+ if (pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY)) {
RDEBUG("Config already contains \"known good\" password. Ignoring Password-With-Header");
break;
}
* Likely going to be proxied. Avoid printing
* warning message.
*/
- if (pairfind(request->config_items, PW_REALM, 0) ||
- (pairfind(request->config_items, PW_PROXY_TO_REALM, 0))) {
+ if (pairfind(request->config_items, PW_REALM, 0, TAG_ANY) ||
+ (pairfind(request->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY))) {
return RLM_MODULE_NOOP;
}
/*
* The TLS types don't need passwords.
*/
- vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0);
+ vp = pairfind(request->packet->vps, PW_EAP_TYPE, 0, TAG_ANY);
if (vp &&
((vp->vp_integer == 13) || /* EAP-TLS */
(vp->vp_integer == 21) || /* EAP-TTLS */
int found = 0;
for (key = request->packet->vps;
- key && (key = pairfind (key, inst->keyattr->attr, inst->keyattr->vendor));
+ key && (key = pairfind(key, inst->keyattr->attr, inst->keyattr->vendor, TAG_ANY));
key = key->next ){
/*
* Ensure we have the string form of the attribute
/*
* Update cached copies
*/
- request->username = pairfind(request->packet->vps,
- PW_USER_NAME, 0);
- request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD, 0);
+ request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+ request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
if (!request->password)
- request->password = pairfind(request->packet->vps,
- PW_CHAP_PASSWORD, 0);
+ request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
}
if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) {
VALUE_PAIR *pair;
int acctstatustype=0;
- if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) {
+ if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) {
acctstatustype = pair->vp_integer;
} else {
radlog(L_ERR, "Invalid Accounting Packet");
return NULL; /* no such attribute */
}
- return pairfind(vps, dattr->attr, dattr->vendor);
+ return pairfind(vps, dattr->attr, dattr->vendor, TAG_ANY);
}
static int fallthrough(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0);
+ tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : 0;
}
{
VALUE_PAIR *ev;
- ev = pairfind(*list, 1, 4491); /* Cablelabs-Event-Message */
+ ev = pairfind(*list, 1, 4491, TAG_ANY); /* Cablelabs-Event-Message */
if (!ev) return;
/*
* If it isn't there, then we can't mangle the request.
*/
request_pairs = request->packet->vps;
- namepair = pairfind(request_pairs, PW_USER_NAME, 0);
+ namepair = pairfind(request_pairs, PW_USER_NAME, 0, TAG_ANY);
if ((namepair == NULL) ||
(namepair->length <= 0)) {
return;
* Small check: if Framed-Protocol present but Service-Type
* is missing, add Service-Type = Framed-User.
*/
- if (pairfind(request_pairs, PW_FRAMED_PROTOCOL, 0) != NULL &&
- pairfind(request_pairs, PW_SERVICE_TYPE, 0) == NULL) {
+ if (pairfind(request_pairs, PW_FRAMED_PROTOCOL, 0, TAG_ANY) != NULL &&
+ pairfind(request_pairs, PW_SERVICE_TYPE, 0, TAG_ANY) == NULL) {
tmp = radius_paircreate(request, &request->packet->vps,
PW_SERVICE_TYPE, 0, PW_TYPE_INTEGER);
tmp->vp_integer = PW_FRAMED_USER;
/*
* Check for valid input, zero length names not permitted
*/
- if ((tmp = pairfind(request_pairs, PW_USER_NAME, 0)) == NULL)
+ if ((tmp = pairfind(request_pairs, PW_USER_NAME, 0, TAG_ANY)) == NULL)
name = NULL;
else
name = (char *)tmp->vp_strvalue;
*/
add = paircopy(i->reply);
ft = fallthrough(add);
- pairdelete(&add, PW_STRIP_USER_NAME, 0, -1);
- pairdelete(&add, PW_FALL_THROUGH, 0, -1);
+ pairdelete(&add, PW_STRIP_USER_NAME, 0, TAG_ANY);
+ pairdelete(&add, PW_FALL_THROUGH, 0, TAG_ANY);
pairxlatmove(request, &request->packet->vps, &add);
pairfree(&add);
updated = 1;
* We've matched the huntgroup, so add it in
* to the list of request pairs.
*/
- vp = pairfind(request_pairs, PW_HUNTGROUP_NAME, 0);
+ vp = pairfind(request_pairs, PW_HUNTGROUP_NAME, 0, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request,
&request->packet->vps,
switch (request->packet->src_ipaddr.af) {
case AF_INET:
- nas = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0);
+ nas = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (!nas) {
nas = radius_paircreate(request, &request->packet->vps,
PW_NAS_IP_ADDRESS, 0,
break;
case AF_INET6:
- nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0);
+ nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0, TAG_ANY);
if (!nas) {
nas = radius_paircreate(request, &request->packet->vps,
PW_NAS_IPV6_ADDRESS, 0,
* in place, to go from Ascend's weird values to something
* approaching rationality.
*/
- ascend_nasport_hack(pairfind(request->packet->vps,
- PW_NAS_PORT, 0),
+ ascend_nasport_hack(pairfind(request->packet->vps, PW_NAS_PORT, 0, TAG_ANY),
data->ascend_channels_per_line);
}
* is PW_CHAP_CHALLENGE we need to add it so that other
* modules can use it as a normal attribute.
*/
- if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0) &&
- pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0) == NULL) {
+ if (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
+ pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
VALUE_PAIR *vp;
vp = radius_paircreate(request, &request->packet->vps,
* the server can use it, rather than various error-prone
* manual calculations.
*/
- vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0);
+ vp = pairfind(request->packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
if (!vp) {
VALUE_PAIR *delay;
PW_EVENT_TIMESTAMP, 0,
PW_TYPE_DATE);
vp->vp_date = request->packet->timestamp.tv_sec;
- delay = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0);
+ delay = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (delay) vp->vp_date -= delay->vp_integer;
}
/*
* Which type is this.
*/
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) == NULL) {
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) {
RDEBUG("No Accounting-Status-Type record.");
return RLM_MODULE_NOOP;
}
int check1 = 0;
int check2 = 0;
- if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0))
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY))
== NULL || vp->vp_date == 0)
check1 = 1;
- if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0))
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0, TAG_ANY))
!= NULL && vp->length == 8 &&
memcmp(vp->vp_strvalue, "00000000", 8) == 0)
check2 = 1;
/*
* Setup some stuff, like for MPP detection.
*/
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL)
ipno = vp->vp_ipaddr;
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL)
call_num = vp->vp_strvalue;
/*
/*
* Which type is this.
*/
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) == NULL) {
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) == NULL) {
radlog(L_ERR, "rlm_radutmp: No Accounting-Status-Type record.");
return RLM_MODULE_NOOP;
}
int check1 = 0;
int check2 = 0;
- if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0))
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0, TAG_ANY))
== NULL || vp->vp_date == 0)
check1 = 1;
- if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0))
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_SESSION_ID, 0, TAG_ANY))
!= NULL && vp->length == 8 &&
memcmp(vp->vp_strvalue, "00000000", 8) == 0)
check2 = 1;
/*
* Setup some stuff, like for MPP detection.
*/
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL)
ipno = vp->vp_ipaddr;
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL)
call_num = vp->vp_strvalue;
/*
* it already ( via another rlm_realm instance ) and should return.
*/
- if (pairfind(request->packet->vps, PW_REALM, 0) != NULL ) {
+ if (pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL ) {
RDEBUG2("Request already proxied. Ignoring.");
return RLM_MODULE_OK;
}
* that has already proxied the request, we don't need to do
* it again.
*/
- vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0);
+ vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0, TAG_ANY);
if (vp && (request->packet->src_ipaddr.af == AF_INET)) {
int i;
fr_ipaddr_t my_ipaddr;
VALUE_PAIR *vp;
REALM *realm;
- if (pairfind(request->packet->vps, PW_REALM, 0) != NULL) {
+ if (pairfind(request->packet->vps, PW_REALM, 0, TAG_ANY) != NULL) {
RDEBUG2("Request already proxied. Ignoring.");
return RLM_MODULE_OK;
}
- vp = pairfind(request->packet->vps, PW_OPERATOR_NAME, 0);
+ vp = pairfind(request->packet->vps, PW_OPERATOR_NAME, 0, TAG_ANY);
/*
* Catch the case of broken dictionaries.
rlm_rediswho_t *inst = (rlm_rediswho_t *) instance;
REDISSOCK *dissocket;
- vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0);
+ vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (!vp) {
RDEBUG("Could not find account status type in packet.");
return RLM_MODULE_NOOP;
* destinations.
*/
while (1) {
- vp = pairfind(last, PW_REPLICATE_TO_REALM, 0);
+ vp = pairfind(last, PW_REPLICATE_TO_REALM, 0, TAG_ANY);
if (!vp) break;
last = vp->next;
* it doesn't exist.
*/
if ((code == PW_AUTHENTICATION_REQUEST) &&
- (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0) != NULL) &&
- (pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0) == NULL)) {
+ (pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) != NULL) &&
+ (pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL)) {
vp = radius_paircreate(request, &packet->vps,
PW_CHAP_CHALLENGE, 0,
PW_TYPE_OCTETS);
/*
* We key the sessions off of the 'state' attribute
*/
- state = pairfind(request->packet->vps, PW_STATE);
+ state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (!state) {
return NULL;
}
/*
* Look for the 'state' attribute.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0);
+ state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (state != NULL) {
DEBUG("rlm_smsotp: Found reply to access challenge");
/*
* Look for the 'state' attribute.
*/
- state = pairfind(request->packet->vps, PW_STATE, 0);
+ state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
if (state != NULL) {
DEBUG("rlm_smsotp: Found reply to access challenge (AUTZ), Adding Auth-Type '%s'",opt->smsotp_authtype);
- pairdelete(&request->config_items, PW_AUTH_TYPE, 0, -1); /* delete old auth-type */
+ pairdelete(&request->config_items, PW_AUTH_TYPE, 0, TAG_ANY); /* delete old auth-type */
pairadd(&request->config_items, pairmake("Auth-Type", opt->smsotp_authtype, T_OP_SET));
}
* FIXME: should have a #define for the attribute...
* SoH-Supported == 2119 in dictionary.freeradius.internal
*/
- vp[0] = pairfind(request->packet->vps, 2119, 0);
+ vp[0] = pairfind(request->packet->vps, 2119, 0, TAG_ANY);
if (!vp[0])
return 0;
if (strncasecmp(fmt, "OS", 2) == 0) {
/* OS vendor */
- vp[0] = pairfind(request->packet->vps, 2100, 0);
- vp[1] = pairfind(request->packet->vps, 2101, 0);
- vp[2] = pairfind(request->packet->vps, 2102, 0);
- vp[3] = pairfind(request->packet->vps, 2103, 0);
- vp[4] = pairfind(request->packet->vps, 2104, 0);
- vp[5] = pairfind(request->packet->vps, 2105, 0);
+ vp[0] = pairfind(request->packet->vps, 2100, 0, TAG_ANY);
+ vp[1] = pairfind(request->packet->vps, 2101, 0, TAG_ANY);
+ vp[2] = pairfind(request->packet->vps, 2102, 0, TAG_ANY);
+ vp[3] = pairfind(request->packet->vps, 2103, 0, TAG_ANY);
+ vp[4] = pairfind(request->packet->vps, 2104, 0, TAG_ANY);
+ vp[5] = pairfind(request->packet->vps, 2105, 0, TAG_ANY);
if (vp[0] && vp[0]->vp_integer == VENDORPEC_MICROSOFT) {
if (!vp[1]) {
int rcode;
VALUE_PAIR *vp;
- vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR);
+ vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
/*
* vendor-specific options contain
int rv;
/* try to find the MS-SoH payload */
- vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT);
+ vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT, TAG_ANY);
if (!vp) {
RDEBUG("SoH radius VP not found");
return RLM_MODULE_NOOP;
/*
* Hash based on the given key. Usually User-Name.
*/
- vp = pairfind(packet->vps, inst->da->attr, inst->da->vendor);
+ vp = pairfind(packet->vps, inst->da->attr, inst->da->vendor, TAG_ANY);
if (!vp) return RLM_MODULE_NOOP;
hash = fr_hash(&vp->data, vp->length);
static int fallthrough(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0);
+ tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : 0;
}
radlog_request(L_ERR, 0, request,
"Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY);
sql_grouplist_free(&group_list);
return -1;
}
radlog_request(L_ERR, 0, request, "Error retrieving check pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY);
pairfree(&check_tmp);
sql_grouplist_free(&group_list);
return -1;
if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY);
pairfree(&check_tmp);
sql_grouplist_free(&group_list);
return -1;
radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY);
pairfree(&check_tmp);
pairfree(&reply_tmp);
sql_grouplist_free(&group_list);
if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY);
pairfree(&check_tmp);
sql_grouplist_free(&group_list);
return -1;
radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY);
pairfree(&check_tmp);
pairfree(&reply_tmp);
sql_grouplist_free(&group_list);
* Delete the Sql-Group we added above
* And clear out the pairlists
*/
- pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, -1);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0, TAG_ANY);
pairfree(&check_tmp);
pairfree(&reply_tmp);
}
/*
* Check for a default_profile or for a User-Profile.
*/
- user_profile = pairfind(request->config_items, PW_USER_PROFILE, 0);
+ user_profile = pairfind(request->config_items, PW_USER_PROFILE, 0, TAG_ANY);
const char *profile = user_profile ?
user_profile->vp_strvalue :
*/
request->simul_count = 0;
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL)
ipno = vp->vp_ipaddr;
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL)
call_num = vp->vp_strvalue;
* The REAL username, after stripping.
*/
DEBUG2("rlm_sqlcounter: Entering module authorize code");
- key_vp = ((data->key_attr->vendor == 0) && (data->key_attr->attr == PW_USER_NAME)) ? request->username : pairfind(request->packet->vps, data->key_attr->attr, data->key_attr->vendor);
+ key_vp = ((data->key_attr->vendor == 0) && (data->key_attr->attr == PW_USER_NAME)) ? request->username : pairfind(request->packet->vps, data->key_attr->attr, data->key_attr->vendor, TAG_ANY);
if (key_vp == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Key value pair");
return ret;
return ret;
}
/* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */
- if ((check_vp= pairfind(request->config_items, dattr->attr, dattr->vendor)) == NULL) {
+ if ((check_vp= pairfind(request->config_items, dattr->attr, dattr->vendor, TAG_ANY)) == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Check item value pair");
return ret;
}
* Limit the reply attribute to the minimum of
* the existing value, or this new one.
*/
- reply_item = pairfind(request->reply->vps, data->reply_attr->attr, data->reply_attr->vendor);
+ reply_item = pairfind(request->reply->vps, data->reply_attr->attr, data->reply_attr->vendor, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer > res)
reply_item->vp_integer = res;
rlm_sqlhpwippool_t *data = (rlm_sqlhpwippool_t *) instance;
/* if IP is already there, then nothing to do */
- vp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0);
+ vp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
nvp_log(__LINE__, data, L_DBG,
"sqlhpwippool_postauth(): IP address "
}
/* if no pool name, we don't need to do anything */
- vp = pairfind(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN);
+ vp = pairfind(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN, TAG_ANY);
if (vp) {
pname = vp->vp_strvalue;
nvp_log(__LINE__, data, L_DBG,
}
/* if no NAS IP address, assign 0 */
- vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0);
+ vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
nasip = ntohl(vp->vp_ipaddr);
}
rlm_sqlhpwippool_t *data = (rlm_sqlhpwippool_t *) instance;
/* if no unique session ID, don't even try */
- vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0);
+ vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
if (vp) {
sessid = vp->vp_strvalue;
}
return RLM_MODULE_FAIL;
}
- vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0);
+ vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (vp) {
acct_type = vp->vp_integer;
}
switch (acct_type) {
case PW_STATUS_START:
case PW_STATUS_ALIVE:
- vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0);
+ vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
if (!vp) {
nvp_log(__LINE__, data, L_ERR, "sqlhpwippool_accounting(): no framed IP");
sql_release_socket(data->sqlinst, sqlsock);
case PW_STATUS_ACCOUNTING_OFF:
case PW_STATUS_ACCOUNTING_ON:
- vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0);
+ vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (!vp) {
nvp_log(__LINE__, data, L_ERR, "sqlhpwippool_accounting(): no NAS IP");
sql_release_socket(data->sqlinst, sqlsock);
/*
* If there is a Framed-IP-Address attribute in the reply do nothing
*/
- if (pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0) != NULL) {
+ if (pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY) != NULL) {
/* We already have a Framed-IP-Address */
radius_xlat(logstr, sizeof(logstr), data->log_exists,
request, NULL, NULL);
return do_logging(logstr, RLM_MODULE_NOOP);
}
- if (pairfind(request->config_items, PW_POOL_NAME, 0) == NULL) {
+ if (pairfind(request->config_items, PW_POOL_NAME, 0, TAG_ANY) == NULL) {
RDEBUG("No Pool-Name defined.");
radius_xlat(logstr, sizeof(logstr), data->log_nopool,
request, NULL, NULL);
rlm_sqlippool_t * data = (rlm_sqlippool_t *) instance;
SQLSOCK * sqlsocket;
- vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0);
+ vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (!vp) {
RDEBUG("Could not find account status type in packet.");
return RLM_MODULE_NOOP;
/*
* Which type is this.
*/
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0))==NULL) {
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY))==NULL) {
RDEBUG("no Accounting-Status-Type attribute in request.");
return RLM_MODULE_NOOP;
}
* We're only interested in accounting messages
* with a username in it.
*/
- if (pairfind(request->packet->vps, PW_USER_NAME, 0) == NULL)
+ if (pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY) == NULL)
return RLM_MODULE_NOOP;
t = request->timestamp;
/*
* Fix Calling-Station-Id. Damn you, WiMAX!
*/
- vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0);
+ vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY);
if (vp && (vp->length == 6)) {
int i;
uint8_t buffer[6];
uint8_t mip_rk_1[EVP_MAX_MD_SIZE], mip_rk_2[EVP_MAX_MD_SIZE];
uint8_t mip_rk[2 * EVP_MAX_MD_SIZE];
- msk = pairfind(request->reply->vps, 1129, 0);
- emsk = pairfind(request->reply->vps, 1130, 0);
+ msk = pairfind(request->reply->vps, 1129, 0, TAG_ANY);
+ emsk = pairfind(request->reply->vps, 1130, 0, TAG_ANY);
if (!msk || !emsk) {
RDEBUG("No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys.");
return RLM_MODULE_NOOP;
* the WiMAX-MSK so that the client has a key available.
*/
if (inst->delete_mppe_keys) {
- pairdelete(&request->reply->vps, 16, VENDORPEC_MICROSOFT, -1);
- pairdelete(&request->reply->vps, 17, VENDORPEC_MICROSOFT, -1);
+ pairdelete(&request->reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+ pairdelete(&request->reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
vp = radius_pairmake(request, &request->reply->vps, "WiMAX-MSK", "0x00", T_OP_EQ);
if (vp) {
HMAC_Update(&hmac, &usage_data[0], sizeof(usage_data));
HMAC_Final(&hmac, &mip_rk_2[0], &rk2_len);
- vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0);
+ vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (vp) rk_lifetime = vp->vp_integer;
memcpy(mip_rk, mip_rk_1, rk1_len);
/*
* Calculate mobility keys
*/
- mn_nai = pairfind(request->packet->vps, 1900, 0);
- if (!mn_nai) mn_nai = pairfind(request->reply->vps, 1900, 0);
+ mn_nai = pairfind(request->packet->vps, 1900, 0, TAG_ANY);
+ if (!mn_nai) mn_nai = pairfind(request->reply->vps, 1900, 0, TAG_ANY);
if (!mn_nai) {
RDEBUG("WARNING: WiMAX-MN-NAI was not found in the request or in the reply.");
RDEBUG("WARNING: We cannot calculate MN-HA keys.");
* WiMAX-IP-Technology
*/
vp = NULL;
- if (mn_nai) vp = pairfind(request->reply->vps, 23, VENDORPEC_WIMAX);
+ if (mn_nai) vp = pairfind(request->reply->vps, 23, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
RDEBUG("WARNING: WiMAX-IP-Technology not found in reply.");
RDEBUG("WARNING: Not calculating MN-HA keys");
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX);
+ ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY);
if (!ip) {
RDEBUG("WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-PMIP4 key");
break;
/*
* Put MN-HA-PMIP4 into WiMAX-MN-hHA-MIP4-Key
*/
- vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX);
+ vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
10, VENDORPEC_WIMAX, PW_TYPE_OCTETS);
/*
* Put MN-HA-PMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI
*/
- vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX);
+ vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
11, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX);
+ ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX, TAG_ANY);
if (!ip) {
RDEBUG("WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-CMIP4 key");
break;
/*
* Put MN-HA-CMIP4 into WiMAX-MN-hHA-MIP4-Key
*/
- vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX);
+ vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
10, VENDORPEC_WIMAX, PW_TYPE_OCTETS);
/*
* Put MN-HA-CMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI
*/
- vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX);
+ vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
11, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
/*
* Look for WiMAX-hHA-IP-MIP6
*/
- ip = pairfind(request->reply->vps, 7, VENDORPEC_WIMAX);
+ ip = pairfind(request->reply->vps, 7, VENDORPEC_WIMAX, TAG_ANY);
if (!ip) {
RDEBUG("WARNING: WiMAX-hHA-IP-MIP6 not found. Cannot calculate MN-HA-CMIP6 key");
break;
/*
* Put MN-HA-CMIP6 into WiMAX-MN-hHA-MIP6-Key
*/
- vp = pairfind(request->reply->vps, 12, VENDORPEC_WIMAX);
+ vp = pairfind(request->reply->vps, 12, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
12, VENDORPEC_WIMAX, PW_TYPE_OCTETS);
/*
* Put MN-HA-CMIP6-SPI into WiMAX-MN-hHA-MIP6-SPI
*/
- vp = pairfind(request->reply->vps, 13, VENDORPEC_WIMAX);
+ vp = pairfind(request->reply->vps, 13, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
13, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
*
* FA-RK= H(MIP-RK, "FA-RK")
*/
- fa_rk = pairfind(request->reply->vps, 14, VENDORPEC_WIMAX);
+ fa_rk = pairfind(request->reply->vps, 14, VENDORPEC_WIMAX, TAG_ANY);
if (fa_rk && (fa_rk->length <= 1)) {
HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL);
* really MIP-SPI. Clear? Of course. This is WiMAX.
*/
if (fa_rk) {
- vp = pairfind(request->reply->vps, 61, VENDORPEC_WIMAX);
+ vp = pairfind(request->reply->vps, 61, VENDORPEC_WIMAX, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
61, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
*
* WiMAX-RRQ-MN-HA-SPI
*/
- vp = pairfind(request->packet->vps, 20, VENDORPEC_WIMAX);
+ vp = pairfind(request->packet->vps, 20, VENDORPEC_WIMAX, TAG_ANY);
if (vp) {
RDEBUG("Client requested MN-HA key: Should use SPI to look up key from storage.");
if (!mn_nai) {
/*
* WiMAX-RRQ-HA-IP
*/
- if (!pairfind(request->packet->vps, 18, VENDORPEC_WIMAX)) {
+ if (!pairfind(request->packet->vps, 18, VENDORPEC_WIMAX, TAG_ANY)) {
RDEBUG("WARNING: HA-IP was not found!");
}
/*
* WiMAX-HA-RK-Key-Requested
*/
- vp = pairfind(request->packet->vps, 58, VENDORPEC_WIMAX);
+ vp = pairfind(request->packet->vps, 58, VENDORPEC_WIMAX, TAG_ANY);
if (vp && (vp->vp_integer == 1)) {
RDEBUG("Client requested HA-RK: Should use IP to look it up from storage.");
}