DICT_ATTR *da;
da = dict_attrbyvalue(attribute, VENDORPEC_EXTENDED);
- if (da && (da->flags.extended || da->flags.extended_flags)) {
+ if (da) { /* flags.extended MUST be set */
+ /*
+ * MUST have at least an "extended type" octet.
+ */
if (length == 0) return NULL;
attribute |= (data[0] << fr_wimax_shift[1]);
attribute, length, data);
}
}
+
+ /*
+ * We could avoid another dictionary lookup here
+ * by using pairalloc(da), but it's not serious...
+ */
}
vp = paircreate(attribute, vendor, PW_TYPE_OCTETS);
if (!vp) return NULL;
#ifdef WITH_PROXY
if (request->proxy) {
return process_proxy_reply(request);
-#endif
}
+#endif
return 1;
}
}
+#ifdef WITH_PROXY
static void rad_retransmit_packet(REQUEST *request)
{
char buffer[256];
return 1;
}
-
+#endif
static void received_retransmit(REQUEST *request, const RADCLIENT *client)
{
return 1;
}
+#ifdef WITH_PROXY
/*
* Maybe it's a socket that we opened to a home server.
*/
return 1;
}
-#endif
+#endif /* WITH_PROXY */
+#endif /* WITH_TCP */
ADDSTRING(" address ");
* TCP requires a destination IP for sockets.
* UDP doesn't, so it's allowed.
*/
+#ifdef WITH_PROXY
if ((this->type == RAD_LISTEN_PROXY) &&
(sock->proto != IPPROTO_UDP)) {
cf_log_err(cf_sectiontoitem(cs),
"Proxy listeners can only listen on proto = udp");
return -1;
}
-#endif
+#endif /* WITH_PROXY */
+#endif /* WITH_TCP */
}
sock->my_ipaddr = ipaddr;
}
#ifdef WITH_TCP
- if ((this->type == RAD_LISTEN_AUTH) ||
+ if ((this->type == RAD_LISTEN_AUTH)
#ifdef WITH_ACCT
- (this->type == RAD_LISTEN_ACCT) ||
+ || (this->type == RAD_LISTEN_ACCT)
#endif
#ifdef WITH_PROXY
- (this->type == RAD_LISTEN_PROXY)
+ || (this->type == RAD_LISTEN_PROXY)
#endif
) {
listen_socket_t *sock = this->data;
cf_log_module(cs, "Checking %s {...} for more modules to load",
section_type_value[comp].section);
-#ifdef WITH_PROXY
/*
* Skip pre/post-proxy sections if we're not
* proxying.
*/
- if (!mainconfig.proxy_requests &&
+ if (
+#ifdef WITH_PROXY
+ !mainconfig.proxy_requests &&
+#endif
((comp == RLM_COMPONENT_PRE_PROXY) ||
(comp == RLM_COMPONENT_POST_PROXY))) {
continue;
}
-#endif
if (load_component_section(subcs, components, comp) < 0) {
goto error;
return attr_filter_common(instance, request, request->reply);
}
+#ifdef WITH_PROXY
static int attr_filter_preproxy(void *instance, REQUEST *request)
{
return attr_filter_common(instance, request, request->proxy);
{
return attr_filter_common(instance, request, request->proxy_reply);
}
+#endif
static int attr_filter_postauth(void *instance, REQUEST *request)
{
attr_filter_preacct, /* pre-acct */
attr_filter_accounting, /* accounting */
NULL, /* checksimul */
+#ifdef WITH_PROXY
attr_filter_preproxy, /* pre-proxy */
attr_filter_postproxy, /* post-proxy */
+#else
+ NULL, NULL,
+#endif
attr_filter_postauth /* post-auth */
},
};
data->searchin = RLM_REGEX_INCONFIG;
else if (strcmp(data->searchin_str, "reply") == 0)
data->searchin = RLM_REGEX_INREPLY;
+#ifdef WITH_PROXY
else if (strcmp(data->searchin_str, "proxy") == 0)
data->searchin = RLM_REGEX_INPROXY;
else if (strcmp(data->searchin_str, "proxy_reply") == 0)
data->searchin = RLM_REGEX_INPROXYREPLY;
+#endif
else {
radlog(L_ERR, "rlm_attr_rewrite: Illegal searchin directive given. Assuming packet.");
data->searchin = RLM_REGEX_INPACKET;
case RLM_REGEX_INREPLY:
pairadd(&request->reply->vps,attr_vp);
break;
+#ifdef WITH_PROXY
case RLM_REGEX_INPROXY:
if (!request->proxy) {
pairbasicfree(attr_vp);
}
pairadd(&request->proxy_reply->vps, attr_vp);
break;
+#endif
default:
radlog(L_ERR, "%s: Illegal value for searchin. Changing to packet.", data->name);
data->searchin = RLM_REGEX_INPACKET;
case RLM_REGEX_INREPLY:
tmp = request->reply->vps;
break;
+#ifdef WITH_PROXY
case RLM_REGEX_INPROXYREPLY:
if (!request->proxy_reply)
return RLM_MODULE_NOOP;
return RLM_MODULE_NOOP;
tmp = request->proxy->vps;
break;
+#endif
default:
radlog(L_ERR, "%s: Illegal value for searchin. Changing to packet.", data->name);
data->searchin = RLM_REGEX_INPACKET;
return do_attr_rewrite(instance, request);
}
+#ifdef WITH_PROXY
static int attr_rewrite_preproxy(void *instance, REQUEST *request)
{
return do_attr_rewrite(instance, request);
{
return do_attr_rewrite(instance, request);
}
+#endif
static int attr_rewrite_postauth(void *instance, REQUEST *request)
{
attr_rewrite_preacct, /* preaccounting */
attr_rewrite_accounting, /* accounting */
attr_rewrite_checksimul, /* checksimul */
+#ifdef WITH_PROXY
attr_rewrite_preproxy, /* pre-proxy */
attr_rewrite_postproxy, /* post-proxy */
+#else
+ NULL, NULL,
+#endif
attr_rewrite_postauth /* post-auth */
},
};
* Add non-protocol attibutes.
*/
if (compat) {
+#ifdef WITH_PROXY
if (request->proxy) {
char proxy_buffer[128];
RDEBUG("Freeradius-Proxied-To = %s",
proxy_buffer);
}
+#endif
fprintf(outfp, "\tTimestamp = %ld\n",
(unsigned long) request->timestamp);
/*
* Outgoing Access-Request to home server - write the detail files.
*/
+#ifdef WITH_PROXY
static int detail_pre_proxy(void *instance, REQUEST *request)
{
if (request->proxy &&
return RLM_MODULE_NOOP;
}
+#endif
/* globally exported name */
NULL, /* preaccounting */
detail_accounting, /* accounting */
NULL, /* checksimul */
+#ifdef WITH_PROXY
detail_pre_proxy, /* pre-proxy */
detail_post_proxy, /* post-proxy */
+#else
+ NULL, NULL,
+#endif
detail_postauth /* post-auth */
#ifdef WITH_COA
, detail_recv_coa,
return &request->reply->vps;
}
+#ifdef WITH_PROXY
if (strcmp(string, "proxy-request") == 0) {
if (!request->proxy) return NULL;
return &request->proxy_reply->vps;
}
+#endif
if (strcmp(string, "config") == 0) {
return &request->config_items;
*/
if (!((inst->packet_code == 0) ||
(request->packet->code == inst->packet_code) ||
- (request->reply->code == inst->packet_code) ||
- (request->proxy &&
+ (request->reply->code == inst->packet_code)
+#ifdef WITH_PROXY
+ || (request->proxy &&
(request->proxy->code == inst->packet_code)) ||
(request->proxy_reply &&
- (request->proxy_reply->code == inst->packet_code)))) {
+ (request->proxy_reply->code == inst->packet_code))
+#endif
+ )) {
RDEBUG2("Packet type is not %s. Not executing.",
inst->packet_type);
return RLM_MODULE_NOOP;
char *usersfile;
fr_hash_table_t *users;
+
+ /* authenticate */
+ char *auth_usersfile;
+ fr_hash_table_t *auth_users;
+
/* preacct */
char *acctusersfile;
fr_hash_table_t *acctusers;
+#ifdef WITH_PROXY
/* pre-proxy */
char *preproxy_usersfile;
fr_hash_table_t *preproxy_users;
- /* authenticate */
- char *auth_usersfile;
- fr_hash_table_t *auth_users;
-
/* post-proxy */
char *postproxy_usersfile;
fr_hash_table_t *postproxy_users;
+#endif
/* post-authenticate */
char *postauth_usersfile;
offsetof(struct file_instance,usersfile), NULL, NULL },
{ "acctusersfile", PW_TYPE_FILENAME,
offsetof(struct file_instance,acctusersfile), NULL, NULL },
+#ifdef WITH_PROXY
{ "preproxy_usersfile", PW_TYPE_FILENAME,
offsetof(struct file_instance,preproxy_usersfile), NULL, NULL },
- { "auth_usersfile", PW_TYPE_FILENAME,
- offsetof(struct file_instance,auth_usersfile), NULL, NULL },
{ "postproxy_usersfile", PW_TYPE_FILENAME,
offsetof(struct file_instance,postproxy_usersfile), NULL, NULL },
+#endif
+ { "auth_usersfile", PW_TYPE_FILENAME,
+ offsetof(struct file_instance,auth_usersfile), NULL, NULL },
{ "postauth_usersfile", PW_TYPE_FILENAME,
offsetof(struct file_instance,postauth_usersfile), NULL, NULL },
{ "compat", PW_TYPE_STRING_PTR,
struct file_instance *inst = instance;
fr_hash_table_free(inst->users);
fr_hash_table_free(inst->acctusers);
+#ifdef WITH_PROXY
fr_hash_table_free(inst->preproxy_users);
- fr_hash_table_free(inst->auth_users);
fr_hash_table_free(inst->postproxy_users);
+#endif
+ fr_hash_table_free(inst->auth_users);
fr_hash_table_free(inst->postauth_users);
free(inst);
return 0;
return -1;
}
+#ifdef WITH_PROXY
/*
* Get the pre-proxy stuff
*/
return -1;
}
- rcode = getusersfile(inst->auth_usersfile, &inst->auth_users, inst->compat_mode);
+ rcode = getusersfile(inst->postproxy_usersfile, &inst->postproxy_users, inst->compat_mode);
if (rcode != 0) {
- radlog(L_ERR|L_CONS, "Errors reading %s", inst->auth_usersfile);
+ radlog(L_ERR|L_CONS, "Errors reading %s", inst->postproxy_usersfile);
file_detach(inst);
return -1;
}
+#endif
- rcode = getusersfile(inst->postproxy_usersfile, &inst->postproxy_users, inst->compat_mode);
+ rcode = getusersfile(inst->auth_usersfile, &inst->auth_users, inst->compat_mode);
if (rcode != 0) {
- radlog(L_ERR|L_CONS, "Errors reading %s", inst->postproxy_usersfile);
+ radlog(L_ERR|L_CONS, "Errors reading %s", inst->auth_usersfile);
file_detach(inst);
return -1;
}
request->packet->vps, &request->reply->vps);
}
+#ifdef WITH_PROXY
static int file_preproxy(void *instance, REQUEST *request)
{
struct file_instance *inst = instance;
inst->postproxy_users,
request->proxy_reply->vps, &request->reply->vps);
}
+#endif
static int file_authenticate(void *instance, REQUEST *request)
{
file_preacct, /* preaccounting */
NULL, /* accounting */
NULL, /* checksimul */
+#ifdef WITH_PROXY
file_preproxy, /* pre-proxy */
file_postproxy, /* post-proxy */
+#else
+ NULL, NULL,
+#endif
file_postauth /* post-auth */
},
};
static int rlm_jradius_call(char func, void *instance, REQUEST *req, int isproxy)
{
JRADIUS * inst = instance;
- RADIUS_PACKET * request = isproxy ? req->proxy : req->packet;
- RADIUS_PACKET * reply = isproxy ? req->proxy_reply : req->reply;
+ RADIUS_PACKET * request = req->packet;
+ RADIUS_PACKET * reply = req->reply;
JRSOCK * jrsock = 0;
JRSOCK sjrsock;
#define W_ERR(s) { err=s; goto packerror; }
#define R_ERR(s) { err=s; goto parseerror; }
+#ifdef WITH_PROXY
+ if (isproxy) {
+ request = req->proxy;
+ reply = req->proxy_reply;
+ }
+#endif
+
if (inst->keepalive) {
jrsock = get_socket(inst);
if (!jrsock) return exitstatus;
char *func_checksimul;
char *func_detach;
char *func_xlat;
+#ifdef WITH_PROXY
char *func_pre_proxy;
char *func_post_proxy;
+#endif
char *func_post_auth;
#ifdef WITH_COA
char *func_recv_coa;
offsetof(PERL_INST,func_detach), NULL, "detach"},
{ "func_xlat", PW_TYPE_STRING_PTR,
offsetof(PERL_INST,func_xlat), NULL, "xlat"},
+#ifdef WITH_PROXY
{ "func_pre_proxy", PW_TYPE_STRING_PTR,
offsetof(PERL_INST,func_pre_proxy), NULL, "pre_proxy"},
{ "func_post_proxy", PW_TYPE_STRING_PTR,
offsetof(PERL_INST,func_post_proxy), NULL, "post_proxy"},
+#endif
{ "func_post_auth", PW_TYPE_STRING_PTR,
offsetof(PERL_INST,func_post_auth), NULL, "post_auth"},
#ifdef WITH_COA
HV *rad_check_hv;
HV *rad_config_hv;
HV *rad_request_hv;
+#ifdef WITH_PROXY
HV *rad_request_proxy_hv;
HV *rad_request_proxy_reply_hv;
+#endif
AV *end_AV;
char **embed;
rad_check_hv = newHV();
rad_config_hv = newHV();
rad_request_hv = newHV();
+#ifdef WITH_PROXY
rad_request_proxy_hv = newHV();
rad_request_proxy_reply_hv = newHV();
+#endif
rad_reply_hv = get_hv("RAD_REPLY",1);
rad_check_hv = get_hv("RAD_CHECK",1);
rad_config_hv = get_hv("RAD_CONFIG",1);
rad_request_hv = get_hv("RAD_REQUEST",1);
+#ifdef WITH_PROXY
rad_request_proxy_hv = get_hv("RAD_REQUEST_PROXY",1);
rad_request_proxy_reply_hv = get_hv("RAD_REQUEST_PROXY_REPLY",1);
+#endif
xlat_name = cf_section_name2(conf);
if (xlat_name == NULL)
HV *rad_check_hv;
HV *rad_config_hv;
HV *rad_request_hv;
+#ifdef WITH_PROXY
HV *rad_request_proxy_hv;
HV *rad_request_proxy_reply_hv;
+#endif
#ifdef USE_ITHREADS
PerlInterpreter *interp;
rad_check_hv = get_hv("RAD_CHECK",1);
rad_config_hv = get_hv("RAD_CONFIG",1);
rad_request_hv = get_hv("RAD_REQUEST",1);
+#ifdef WITH_PROXY
rad_request_proxy_hv = get_hv("RAD_REQUEST_PROXY",1);
rad_request_proxy_reply_hv = get_hv("RAD_REQUEST_PROXY_REPLY",1);
-
+#endif
perl_store_vps(request->reply->vps, rad_reply_hv);
perl_store_vps(request->config_items, rad_check_hv);
perl_store_vps(request->packet->vps, rad_request_hv);
perl_store_vps(request->config_items, rad_config_hv);
+#ifdef WITH_PROXY
if (request->proxy != NULL) {
perl_store_vps(request->proxy->vps, rad_request_proxy_hv);
} else {
} else {
hv_undef(rad_request_proxy_reply_hv);
}
+#endif
PUSHMARK(SP);
/*
vp = NULL;
}
+#ifdef WITH_PROXY
if (request->proxy &&
(get_hv_content(rad_request_proxy_hv, &vp) > 0)) {
pairfree(&request->proxy->vps);
request->proxy_reply->vps = vp;
vp = NULL;
}
+#endif
}
return exitstatus;
return rlmperl_call(instance, request,
((PERL_INST *)instance)->func_checksimul);
}
+
+#ifdef WITH_PROXY
/*
* Pre-Proxy request
*/
return rlmperl_call(instance, request,
((PERL_INST *)instance)->func_post_proxy);
}
+#endif
+
/*
* Pre-Auth request
*/
perl_preacct, /* preacct */
perl_accounting, /* accounting */
perl_checksimul, /* check simul */
+#ifdef WITH_PROXY
perl_pre_proxy, /* pre-proxy */
perl_post_proxy, /* post-proxy */
+#else
+ NULL, NULL,
+#endif
perl_post_auth /* post-auth */
#ifdef WITH_COA
, perl_recv_coa,
} else if (strncasecmp(name, "reply:", 6) == 0) {
p += 6;
vps = request->reply->vps;
+#ifdef WITH_PROXY
} else if (strncasecmp(name, "proxy-request:", 14) == 0) {
p += 14;
if (request->proxy) {
if (request->proxy_reply) {
vps = request->proxy_reply->vps;
}
+#endif
} else if (strncasecmp(name, "control:", 8) == 0) {
p += 8;
vps = request->config_items;
vps = &(state->request->reply->vps);
break;
+#ifdef WITH_PROXY
case POLICY_RESERVED_PROXY_REQUEST:
if (!state->request->proxy) return 0; /* FIXME: print error */
vps = &(state->request->proxy->vps);
if (!state->request->proxy_reply) return 0; /* FIXME: print error */
vps = &(state->request->proxy_reply->vps);
break;
+#endif
default:
return 0;
* Also, if there's no User-Name attribute, we can't
* proxy it, either.
*/
+#ifdef WITH_PROXY
if ((request->proxy != NULL) ||
(request->username == NULL)) {
RDEBUG2("Proxy reply, or no User-Name. Ignoring.");
return RLM_MODULE_OK;
}
+#endif
/*
* Check for 'Realm' attribute. If it exists, then we've proxied
break;
}
+#ifdef WITH_PROXY
RDEBUG2("Proxying request from user %s to realm %s",
username, realm->name);
}
}
+#endif
/*
* We got this far, which means we have a realm, set returnrealm
*/
*returnrealm = realm;
+
return RLM_MODULE_UPDATED;
}