authenticate functions. This makes the code look a little cleaner.
* edit each and every module when we decide to add another type
* of request handler.
*/
-typedef int (*RLM_AUTHORIZE_FUNCP)(REQUEST *request,
- VALUE_PAIR **check_items,
- VALUE_PAIR **reply_items);
-typedef int (*RLM_AUTHENTICATE_FUNCP)(REQUEST *request,
- VALUE_PAIR **check_items,
- VALUE_PAIR **reply_items);
+typedef int (*RLM_AUTHORIZE_FUNCP)(REQUEST *request);
+typedef int (*RLM_AUTHENTICATE_FUNCP)(REQUEST *request);
typedef int (*RLM_POST_AUTHENTICATE_FUNCP)(REQUEST *request);
typedef int (*RLM_PRE_ACCOUNTING_FUNCP)(REQUEST *request);
typedef int (*RLM_ACCOUNTING_FUNCP)(REQUEST *request);
int type; /* reserved */
int (*init)(void);
int (*instantiate)(CONF_SECTION *mod_cs, void **instance);
- int (*authorize)(void *instance, REQUEST *request,
- VALUE_PAIR **check_items, VALUE_PAIR **reply_items);
- int (*authenticate)(void *instance, REQUEST *request,
- VALUE_PAIR **check_items, VALUE_PAIR **reply_items);
+ int (*authorize)(void *instance, REQUEST *request);
+ int (*authenticate)(void *instance, REQUEST *request);
int (*preaccounting)(void *instance, REQUEST *request);
int (*accounting)(void *instance, REQUEST *request);
int (*detach)(void *instance);
while (this && rcode == RLM_MODULE_OK) {
DEBUG2(" authorize: %s", this->instance->entry->module->name);
rcode = (this->instance->entry->module->authorize)(
- this->instance->insthandle, request,
- &request->config_items,
- &request->reply->vps);
+ this->instance->insthandle, request);
this = this->next;
}
DEBUG2(" authenticate: %s", this->instance->entry->module->name);
return (this->instance->entry->module->authenticate)(
- this->instance->insthandle, request,
- &request->config_items, &request->reply->vps);
+ this->instance->insthandle, request);
}
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
-static int radius_authorize(void *instance, REQUEST *request,
- VALUE_PAIR **check_pairs, VALUE_PAIR **reply_pairs)
+static int radius_authorize(void *instance, REQUEST *request)
{
/* quiet the compiler */
instance = instance;
request = request;
- check_pairs = check_pairs;
- reply_pairs = reply_pairs;
return RLM_MODULE_OK;
}
/*
* Authenticate the user with the given password.
*/
-static int radius_authenticate(void *instance, REQUEST *request,
- VALUE_PAIR **check_items, VALUE_PAIR **reply_items)
+static int radius_authenticate(void *instance, REQUEST *request)
{
/* quiet the compiler */
instance = instance;
* for this user from the database. The main code only
* needs to check the password, the rest is done here.
*/
-static int file_authorize(void *instance, REQUEST *request,
- VALUE_PAIR **check_pairs, VALUE_PAIR **reply_pairs)
+static int file_authorize(void *instance, REQUEST *request)
{
int nas_port = 0;
VALUE_PAIR *namepair;
int auth_type = -1;
int result = 1;
#endif
+ VALUE_PAIR **check_pairs, **reply_pairs;
request_pairs = request->packet->vps;
+ check_pairs = &request->config_items;
+ reply_pairs = &request->reply->vps;
/*
* Grab the canonical user name.
/*
* Authentication - unused.
*/
-static int file_authenticate(void *instance, REQUEST *request,
- VALUE_PAIR **check_items, VALUE_PAIR **reply_items)
+static int file_authenticate(void *instance, REQUEST *request)
{
instance = instance;
request = request;
* Purpose: Check if user is authorized for remote access
*
*****************************************************************************/
-static int rlm_ldap_authorize(void *instance, REQUEST *request,
- VALUE_PAIR **check_pairs, VALUE_PAIR **reply_pairs)
+static int rlm_ldap_authorize(void *instance, REQUEST *request)
{
LDAPMessage *result, *msg, *gr_result, *gr_msg;
char *filter, *name, *user_dn,
VALUE_PAIR *reply_tmp;
int i;
int res;
+ VALUE_PAIR **check_pairs, **reply_pairs;
+
+ check_pairs = &request->config_items;
+ reply_pairs = &request->reply->vps;
DEBUG("rlm_ldap: thread #%p - authorize", pthread_self());
name = request->username->strvalue;
* Purpose: Check the user's password against ldap database
*
*****************************************************************************/
-static int rlm_ldap_authenticate(void *instance, REQUEST *request,
- VALUE_PAIR **check_items, VALUE_PAIR **reply_items);
+static int rlm_ldap_authenticate(void *instance, REQUEST *request);
{
LDAP *ld_user;
LDAPMessage *result, *msg;
/*
* Preprocess a request.
*/
-static int preprocess_authorize(void *instance, REQUEST *request,
- VALUE_PAIR **check_pairs, VALUE_PAIR **reply_pairs)
+static int preprocess_authorize(void *instance, REQUEST *request)
{
char buf[1024];
instance = instance;
- check_pairs = check_pairs; /* shut the compiler up */
- reply_pairs = reply_pairs;
-
/*
* Mangle the username, to get rid of stupid implementation
* bugs.
*
* This should very nearly duplicate the old proxy_send() code
*/
-static int realm_authorize(void *instance, REQUEST *request,
- VALUE_PAIR **check_pairs, VALUE_PAIR **reply_pairs)
+static int realm_authorize(void *instance, REQUEST *request)
{
REALM *realm;
instance = instance;
- reply_pairs = reply_pairs; /* -Wunused */
/*
* Check if we've got to proxy the request.
/*
* Maybe add a Proxy-To-Realm attribute to the request.
*/
- add_proxy_to_realm(check_pairs, realm);
+ add_proxy_to_realm(&request->config_items, realm);
return RLM_MODULE_OK; /* try the next module */
}
}
-static int rlm_sql_authorize(REQUEST *request, VALUE_PAIR **check_pairs, VALUE_PAIR **reply_pairs)
+static int rlm_sql_authorize(REQUEST *request)
{
int nas_port = 0;
VALUE_PAIR *check_tmp = NULL;
return RLM_MODULE_OK;
}
- pairmove(reply_pairs, &reply_tmp);
- pairmove(check_pairs, &check_tmp);
+ pairmove(&request->reply->vps, &reply_tmp);
+ pairmove(&request->config_items, &check_tmp);
pairfree(reply_tmp);
pairfree(check_tmp);
/*
* Fix dynamic IP address if needed.
*/
- if ((tmp = pairfind(*reply_pairs, PW_ADD_PORT_TO_IP_ADDRESS)) != NULL){
+ if ((tmp = pairfind(request->reply->vps, PW_ADD_PORT_TO_IP_ADDRESS)) != NULL){
if (tmp->lvalue != 0) {
- tmp = pairfind(*reply_pairs, PW_FRAMED_IP_ADDRESS);
+ tmp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS);
if (tmp) {
/*
* FIXME: This only works because IP
tmp->lvalue += nas_port;
}
}
- pairdelete(reply_pairs, PW_ADD_PORT_TO_IP_ADDRESS);
+ pairdelete(request->reply->vps, PW_ADD_PORT_TO_IP_ADDRESS);
}
return RLM_MODULE_OK;
}
-static int rlm_sql_authenticate(REQUEST *request,
- VALUE_PAIR **check_items, VALUE_PAIR **reply_items)
+static int rlm_sql_authenticate(REQUEST *request)
{
SQL_ROW row;
* Check the users password against the standard UNIX
* password table.
*/
-static int unix_authenticate(void *instance, REQUEST *request,
- VALUE_PAIR **check_items, VALUE_PAIR **reply_items)
+static int unix_authenticate(void *instance, REQUEST *request)
{
char *name, *passwd;
struct passwd *pwd;
name = (char *)request->username->strvalue;
passwd = (char *)request->password->strvalue;
- if (cache_passwd && (ret = H_unix_pass(name, passwd, reply_items)) != -2)
+ if (cache_passwd && (ret = H_unix_pass(name, passwd, &request->reply->vps)) != -2)
return (ret == 0) ? RLM_MODULE_OK : RLM_MODULE_REJECT;
#ifdef OSFC2