No idea if they work or not...
VALUE_PAIR **reply_pairs);
int radius_find_compare(int attribute);
VALUE_PAIR *radius_paircreate(REQUEST *request, VALUE_PAIR **vps,
- int attribute, int type);
+ int attribute, int vendor, int type);
VALUE_PAIR *radius_pairmake(REQUEST *request, VALUE_PAIR **vps,
const char *attribute, const char *value,
int operator);
*/
sub = radius_paircreate(request, &request->packet->vps,
PW_DIGEST_REALM - 1 + p[0],
- PW_TYPE_STRING);
+ 0, PW_TYPE_STRING);
memcpy(&sub->vp_octets[0], &p[2], attrlen - 2);
sub->vp_octets[attrlen - 2] = '\0';
sub->length = attrlen - 2;
vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- PW_SESSION_TIMEOUT,
+ PW_SESSION_TIMEOUT, 0,
PW_TYPE_INTEGER);
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
* If "request" is NULL, then the memory will be
* lost!
*/
- vp = radius_paircreate(req, &request,
- PW_STRIPPED_USER_NAME, PW_TYPE_STRING);
+ vp = radius_paircreate(req, &request, PW_STRIPPED_USER_NAME,
+ 0, PW_TYPE_STRING);
if (!vp) return ret;
req->username = vp;
}
create_attr:
passwd_item = radius_paircreate(request,
&request->config_items,
- attr,
+ attr, 0,
PW_TYPE_STRING);
strlcpy(passwd_item->vp_strvalue, value,
sizeof(passwd_item->vp_strvalue));
} else {
reply_item = radius_paircreate(request,
&request->reply->vps,
- PW_SESSION_TIMEOUT,
+ PW_SESSION_TIMEOUT, 0,
PW_TYPE_INTEGER);
reply_item->vp_integer = r;
}
*/
if (strncasecmp(fmt, "Challenge", 9) == 0) {
chap_challenge = pairfind(request->packet->vps,
- PW_MSCHAP_CHALLENGE);
+ PW_MSCHAP_CHALLENGE,
+ VENDORPEC_MICROSOFT);
if (!chap_challenge) {
RDEBUG2("No MS-CHAP-Challenge in the request.");
return 0;
RDEBUG2(" mschap2: %02x", chap_challenge->vp_octets[0]);
response = pairfind(request->packet->vps,
- PW_MSCHAP2_RESPONSE);
+ PW_MSCHAP2_RESPONSE,
+ VENDORPEC_MICROSOFT);
if (!response) {
RDEBUG2("MS-CHAP2-Response is required to calculate MS-CHAPv1 challenge.");
return 0;
}
user_name = pairfind(request->packet->vps,
- PW_USER_NAME);
+ PW_USER_NAME, 0);
if (!user_name) {
RDEBUG2("User-Name is required to calculateMS-CHAPv1 Challenge.");
return 0;
*/
} else if (strncasecmp(fmt, "NT-Response", 11) == 0) {
response = pairfind(request->packet->vps,
- PW_MSCHAP_RESPONSE);
+ PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT);
if (!response) response = pairfind(request->packet->vps,
- PW_MSCHAP2_RESPONSE);
+ PW_MSCHAP2_RESPONSE,
+ VENDORPEC_MICROSOFT);
if (!response) {
RDEBUG2("No MS-CHAP-Response or MS-CHAP2-Response was found in the request.");
return 0;
*/
} else if (strncasecmp(fmt, "LM-Response", 11) == 0) {
response = pairfind(request->packet->vps,
- PW_MSCHAP_RESPONSE);
+ PW_MSCHAP_RESPONSE, VENDORPEC_MICROSOFT);
if (!response) {
RDEBUG2("No MS-CHAP-Response was found in the request.");
return 0;
/*
* For backwards compatibility
*/
- if (!dict_valbyname(PW_AUTH_TYPE, inst->xlat_name)) {
+ if (!dict_valbyname(PW_AUTH_TYPE, 0, inst->xlat_name)) {
inst->auth_type = "MS-CHAP";
} else {
inst->auth_type = inst->xlat_name;
*/
if (do_ntlm_auth) {
VALUE_PAIR *vp = pairfind(request->config_items,
- PW_MS_CHAP_USE_NTLM_AUTH);
+ PW_MS_CHAP_USE_NTLM_AUTH, 0);
if (vp) do_ntlm_auth = vp->vp_integer;
}
smb_ctrl = pairfind(request->config_items, PW_SMB_ACCOUNT_CTRL, 0);
if (!smb_ctrl) {
password = pairfind(request->config_items,
- PW_SMB_ACCOUNT_CTRL_TEXT);
+ PW_SMB_ACCOUNT_CTRL_TEXT, 0);
if (password) {
smb_ctrl = radius_pairmake(request,
&request->config_items,
int32_t, int32_t, const unsigned char [16]);
/* otp_pwe.c */
-extern int pwattr[8];
+extern DICT_ATTR *pwattr[8];
extern void otp_pwe_init(void);
extern otp_pwe_t otp_pwe_present(const REQUEST *);
VALUE_PAIR **avp = &request->reply->vps;
VALUE_PAIR *cvp, *rvp, *vp;
- cvp = pairfind(request->packet->vps, pwattr[pwe - 1]);
- rvp = pairfind(request->packet->vps, pwattr[pwe]);
+ cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor);
+ rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor);
switch (pwe) {
case PWE_PAP:
#include <freeradius-devel/ident.h>
RCSIDH(otp_mppe_h, "$Id$")
-/* Some hardcoding here ... because not all types have #defines */
-#define PW_MS_CHAP_CHALLENGE ((311 << 16) | 11)
-#define PW_MS_CHAP_RESPONSE ((311 << 16) | 1)
-#define PW_MS_CHAP2_RESPONSE ((311 << 16) | 25)
-
/* MPPE encryption policy */
#define MPPE_ENC_POL_ENCRYPTION_FORBIDDEN "0x00000000"
#define MPPE_ENC_POL_ENCRYPTION_ALLOWED "0x00000001"
otp_request.pwe.pwe = pwe;
/* otp_pwe_present() (done by caller) guarantees that both of these exist */
- cvp = pairfind(request->packet->vps, pwattr[pwe - 1]);
- rvp = pairfind(request->packet->vps, pwattr[pwe]);
+ cvp = pairfind(request->packet->vps, pwattr[pwe - 1]->attr, pwattr[pwe - 1]->vendor);
+ rvp = pairfind(request->packet->vps, pwattr[pwe]->attr, pwattr[pwe]->vendor);
/* this is just to quiet Coverity */
if (!rvp || !cvp)
return RLM_MODULE_REJECT;
/* Attribute IDs for supported password encodings. */
#define SIZEOF_PWATTR (4 * 2)
-int pwattr[SIZEOF_PWATTR];
+DICT_ATTR *pwattr[SIZEOF_PWATTR];
/* Initialize the pwattr array for supported password encodings. */
/* PAP */
if ((da = dict_attrbyname("User-Password")) != NULL) {
- pwattr[0] = da->attr;
- pwattr[1] = da->attr;
+ pwattr[0] = da;
+ pwattr[1] = da;
}
/* CHAP */
if ((da = dict_attrbyname("CHAP-Challenge")) != NULL) {
- pwattr[2] = da->attr;
+ pwattr[2] = da;
if ((da = dict_attrbyname("CHAP-Password")) != NULL)
- pwattr[3] = da->attr;
+ pwattr[3] = da;
else
- pwattr[2] = 0;
+ pwattr[2] = NULL;
}
#if 0
/* MS-CHAP (recommended not to use) */
if ((da = dict_attrbyname("MS-CHAP-Challenge")) != NULL) {
- pwattr[4] = da->attr;
+ pwattr[4] = da;
if ((da = dict_attrbyname("MS-CHAP-Response")) != NULL)
- pwattr[5] = da->attr;
+ pwattr[5] = da;
else
- pwattr[4] = 0;
+ pwattr[4] = NULL;
}
#endif /* 0 */
/* MS-CHAPv2 */
if ((da = dict_attrbyname("MS-CHAP-Challenge")) != NULL) {
- pwattr[6] = da->attr;
+ pwattr[6] = da;
if ((da = dict_attrbyname("MS-CHAP2-Response")) != NULL)
- pwattr[7] = da->attr;
+ pwattr[7] = da;
else
- pwattr[6] = 0;
+ pwattr[6] = NULL;
}
}
unsigned i;
for (i = 0; i < SIZEOF_PWATTR; i += 2) {
- if (pairfind(request->packet->vps, pwattr[i]) &&
- pairfind(request->packet->vps, pwattr[i + 1])) {
- DEBUG("rlm_otp: %s: password attributes %d, %d", __func__,
- pwattr[i], pwattr[i + 1]);
+ if (pairfind(request->packet->vps, pwattr[i]->attr, pwattr[i]->vendor) &&
+ pairfind(request->packet->vps, pwattr[i + 1]->attr, pwattr[i + 1]->vendor)) {
+ DEBUG("rlm_otp: %s: password attributes %s, %s", __func__,
+ pwattr[i]->name, pwattr[i + 1]->name);
return i + 1; /* Can't return 0 (indicates failure) */
}
}
* Let the 'users' file over-ride the PAM auth name string,
* for backwards compatibility.
*/
- pair = pairfind(request->config_items, PAM_AUTH_ATTR);
+ pair = pairfind(request->config_items, PAM_AUTH_ATTR, 0);
if (pair) pam_auth_string = (char *)pair->vp_strvalue;
r = pam_pass((char *)request->username->vp_strvalue,
inst->name = cf_section_name1(conf);
}
- dval = dict_valbyname(PW_AUTH_TYPE, inst->name);
+ dval = dict_valbyname(PW_AUTH_TYPE, 0, inst->name);
if (dval) {
inst->auth_type = dval->value;
} else {
new_vp = radius_paircreate(request,
&request->config_items,
- attr, PW_TYPE_STRING);
+ attr, 0, PW_TYPE_STRING);
strcpy(new_vp->vp_strvalue, p + 1);/* bounds OK */
new_vp->length = strlen(new_vp->vp_strvalue);
* attribute, so we should delete the old
* User-Password here.
*/
- pairdelete(&request->config_items, PW_USER_PASSWORD);
+ pairdelete(&request->config_items, PW_USER_PASSWORD, 0);
}
break;
if (inst->auth_type) {
vp = radius_paircreate(request, &request->config_items,
- PW_AUTH_TYPE, PW_TYPE_INTEGER);
+ PW_AUTH_TYPE, 0, PW_TYPE_INTEGER);
vp->vp_integer = inst->auth_type;
}
int nfields;
int keyfield;
int listable;
- int keyattr;
- int keyattrtype;
+ DICT_ATTR *keyattr;
int ignoreempty;
};
release_ht(inst->ht);
return -1;
}
- inst->keyattr = da->attr;
- inst->keyattrtype = da->type;
+ inst->keyattr = da;
inst->nfields = nfields;
inst->keyfield = keyfield;
inst->listable = listable;
int found = 0;
for (key = request->packet->vps;
- key && (key = pairfind (key, inst->keyattr));
+ key && (key = pairfind (key, inst->keyattr->attr, inst->keyattr->vendor));
key = key->next ){
- switch (inst->keyattrtype) {
+ switch (inst->keyattr->type) {
case PW_TYPE_INTEGER:
snprintf(buffer, 1024, "%u", key->vp_integer);
name = buffer;
AV *av;
char namebuf[256], *name;
char buffer[1024];
- int attr, len;
+ int attr, vendor, len;
hv_undef(rad_hv);
nvp = paircopy(vp);
while (nvp != NULL) {
name = nvp->name;
attr = nvp->attribute;
- vpa = paircopy2(nvp,attr);
+ vendor = nvp->vendor;
+ vpa = paircopy2(nvp, attr, vendor);
if (vpa->next) {
av = newAV();
}
pairfree(&vpa);
- vpa = nvp; while ((vpa != NULL) && (vpa->attribute == attr))
+ vpa = nvp; while ((vpa != NULL) && (vpa->attribute == attr) && (vpa->vendor == vendor))
vpa = vpa->next;
- pairdelete(&nvp, attr);
+ pairdelete(&nvp, attr, vendor);
nvp = vpa;
}
}
* Update cached copies
*/
request->username = pairfind(request->packet->vps,
- PW_USER_NAME);
+ PW_USER_NAME, 0);
request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD);
+ PW_USER_PASSWORD, 0);
if (!request->password)
request->password = pairfind(request->packet->vps,
- PW_CHAP_PASSWORD);
+ PW_CHAP_PASSWORD, 0);
}
if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) {
return NULL; /* no such attribute */
}
- return pairfind(vps, dattr->attr);
+ return pairfind(vps, dattr->attr, dattr->vendor);
}
char newattr[MAX_STRING_LEN];
for ( ; vp != NULL; vp = vp->next) {
- vendorcode = VENDOR(vp->attribute);
+ vendorcode = vp->vendor;
if (!((vendorcode == 9) || (vendorcode == 6618))) continue; /* not a Cisco or Quintum VSA, continue */
if (vp->type != PW_TYPE_STRING) continue;
*/
static void alvarion_vsa_hack(VALUE_PAIR *vp)
{
- int vendorcode;
int number = 1;
for ( ; vp != NULL; vp = vp->next) {
DICT_ATTR *da;
- vendorcode = VENDOR(vp->attribute);
- if (vendorcode != 12394) continue;
+ if (vp->vendor != 12394) continue;
if (vp->type != PW_TYPE_STRING) continue;
- da = dict_attrbyvalue(number | (12394 << 16));
+ da = dict_attrbyvalue(number, 12394);
if (!da) continue;
vp->attribute = da->attr;
if (pairfind(request_pairs, PW_FRAMED_PROTOCOL, 0) != NULL &&
pairfind(request_pairs, PW_SERVICE_TYPE, 0) == NULL) {
tmp = radius_paircreate(request, &request->packet->vps,
- PW_SERVICE_TYPE, PW_TYPE_INTEGER);
+ PW_SERVICE_TYPE, 0, PW_TYPE_INTEGER);
tmp->vp_integer = PW_FRAMED_USER;
}
}
*/
add = paircopy(i->reply);
ft = fallthrough(add);
- pairdelete(&add, PW_STRIP_USER_NAME);
- pairdelete(&add, PW_FALL_THROUGH);
+ pairdelete(&add, PW_STRIP_USER_NAME, 0);
+ pairdelete(&add, PW_FALL_THROUGH, 0);
pairxlatmove(request, &request->packet->vps, &add);
pairfree(&add);
updated = 1;
if (!vp) {
vp = radius_paircreate(request,
&request->packet->vps,
- PW_HUNTGROUP_NAME,
+ PW_HUNTGROUP_NAME, 9,
PW_TYPE_STRING);
strlcpy(vp->vp_strvalue, i->name,
sizeof(vp->vp_strvalue));
nas = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0);
if (!nas) {
nas = radius_paircreate(request, &request->packet->vps,
- PW_NAS_IP_ADDRESS,
+ PW_NAS_IP_ADDRESS, 0,
PW_TYPE_IPADDR);
nas->vp_ipaddr = request->packet->src_ipaddr.ipaddr.ip4addr.s_addr;
}
nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0);
if (!nas) {
nas = radius_paircreate(request, &request->packet->vps,
- PW_NAS_IPV6_ADDRESS,
+ PW_NAS_IPV6_ADDRESS, 0,
PW_TYPE_IPV6ADDR);
memcpy(nas->vp_strvalue,
&request->packet->src_ipaddr.ipaddr,
* approaching rationality.
*/
ascend_nasport_hack(pairfind(request->packet->vps,
- PW_NAS_PORT),
+ PW_NAS_PORT, 0),
data->ascend_channels_per_line);
}
VALUE_PAIR *vp;
vp = radius_paircreate(request, &request->packet->vps,
- PW_CHAP_CHALLENGE, PW_TYPE_OCTETS);
+ PW_CHAP_CHALLENGE, 0, PW_TYPE_OCTETS);
vp->length = AUTH_VECTOR_LEN;
memcpy(vp->vp_strvalue, request->packet->vector, AUTH_VECTOR_LEN);
}
*/
if (request->username->attribute != PW_STRIPPED_USER_NAME) {
vp = radius_paircreate(request, &request->packet->vps,
- PW_STRIPPED_USER_NAME,
+ PW_STRIPPED_USER_NAME, 0,
PW_TYPE_STRING);
RDEBUG2("Adding Stripped-User-Name = \"%s\"", username);
} else {
sqlusername[0]= '\0';
/* Remove any user attr we added previously */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
if (username != NULL) {
strlcpy(tmpuser, username, sizeof(tmpuser));
sqlsocket = sql_get_socket(inst);
if (sqlsocket == NULL) {
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return 1;
}
radlog_request(L_ERR, 0, request,
"Error getting group membership");
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst, sqlsocket);
return 1;
}
/* Free the grouplist */
sql_grouplist_free(&group_list);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst, sqlsocket);
return 0;
}
/* Free the grouplist */
sql_grouplist_free(&group_list);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst,sqlsocket);
RDEBUG("sql_groupcmp finished: User is NOT a member of group %s",
radlog_request(L_ERR, 0, request,
"Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
return -1;
}
rows = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr);
radlog_request(L_ERR, 0, request, "Error retrieving check pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
return -1;
} else if (rows > 0) {
if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
return -1;
}
radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
return -1;
if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
return -1;
}
radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
return -1;
* Delete the Sql-Group we added above
* And clear out the pairlists
*/
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
}
sqlsocket = sql_get_socket(inst);
if (sqlsocket == NULL) {
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
}
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
}
rows = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr);
radlog_request(L_ERR, 0, request, "SQL query error; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
pairfree(&check_tmp);
return RLM_MODULE_FAIL;
} else if (rows > 0) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
pairfree(&check_tmp);
return RLM_MODULE_FAIL;
}
radlog_request(L_ERR, 0, request, "SQL query error; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
return RLM_MODULE_FAIL;
radlog_request(L_ERR, 0, request, "Error processing groups; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
} else if (rows > 0) {
found = 1;
radlog_request(L_ERR, 0, request, "Error setting profile; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
} else {
profile_found = 1;
radlog_request(L_ERR, 0, request, "Error processing profile groups; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
} else if (rows > 0) {
found = 1;
}
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst, sqlsocket);
if (!found) {
rad_assert(request->packet != NULL);
/* Remove any user attr we added previously */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
if (username != NULL) {
strlcpy(tmpuser, username, MAX_STRING_LEN);
}
/* Search the query in conf section of the module */
- if ((dval = dict_valbyattr(PW_ACCT_STATUS_TYPE, pair->vp_integer)) == NULL) {
+ if ((dval = dict_valbyattr(PW_ACCT_STATUS_TYPE, 0, pair->vp_integer)) == NULL) {
radlog_request(L_ERR, 0, request, "Unsupported Acct-Status-Type = %d",
pair->vp_integer);
return RLM_MODULE_NOOP;
char *allowed_chars; /* safe characters list for SQL queries */
time_t reset_time;
time_t last_reset;
- int key_attr; /* attribute number for key field */
- int dict_attr; /* attribute number for the counter. */
- int reply_attr; /* attribute number for the reply */
+ DICT_ATTR *key_attr; /* attribute number for key field */
+ DICT_ATTR *dict_attr; /* attribute number for the counter. */
+ DICT_ATTR *reply_attr; /* attribute number for the reply */
} rlm_sqlcounter_t;
/*
sqlcounter_detach(data);
return -1;
}
- data->key_attr = dattr->attr;
+ data->key_attr = dattr;
/*
* Discover the attribute number of the reply.
*/
if (data->reply_name == NULL) {
DEBUG2("rlm_sqlcounter: Reply attribute set to Session-Timeout.");
- data->reply_attr = PW_SESSION_TIMEOUT;
+ data->reply_attr = dict_attrbyvalue(PW_SESSION_TIMEOUT, 0);
data->reply_name = strdup("Session-Timeout");
}
else {
sqlcounter_detach(data);
return -1;
}
- data->reply_attr = dattr->attr;
+ data->reply_attr = dattr;
DEBUG2("rlm_sqlcounter: Reply attribute %s is number %d",
data->reply_name, dattr->attr);
}
sqlcounter_detach(data);
return -1;
}
- data->dict_attr = dattr->attr;
- DEBUG2("rlm_sqlcounter: Counter attribute %s is number %d",
- data->counter_name, data->dict_attr);
+ if (dattr->vendor != 0) {
+ radlog(L_ERR, "Counter attribute must not be a VSA");
+ sqlcounter_detach(data);
+ return -1;
+ }
+ data->dict_attr = dattr;
/*
* Create a new attribute for the check item.
/*
* Register the counter comparison operation.
*/
- paircompare_register(data->dict_attr, 0, sqlcounter_cmp, data);
+ paircompare_register(data->dict_attr->attr, 0, sqlcounter_cmp, data);
*instance = data;
* The REAL username, after stripping.
*/
DEBUG2("rlm_sqlcounter: Entering module authorize code");
- key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr);
+ key_vp = ((data->key_attr->vendor == 0) && (data->key_attr->attr == PW_USER_NAME)) ? request->username : pairfind(request->packet->vps, data->key_attr->attr, data->key_attr->vendor);
if (key_vp == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Key value pair");
return ret;
return ret;
}
/* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */
- if ((check_vp= pairfind(request->config_items, dattr->attr)) == NULL) {
+ if ((check_vp= pairfind(request->config_items, dattr->attr, dattr->vendor)) == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Check item value pair");
return ret;
}
res += check_vp->vp_integer;
}
- if ((reply_item = pairfind(request->reply->vps, data->reply_attr)) != NULL) {
+ if ((reply_item = pairfind(request->reply->vps, data->reply_attr->attr, data->reply_attr->vendor)) != NULL) {
if (reply_item->vp_integer > res)
reply_item->vp_integer = res;
} else {
reply_item = radius_paircreate(request,
&request->reply->vps,
- data->reply_attr,
+ data->reply_attr->attr,
+ data->reply_attr->vendor,
PW_TYPE_INTEGER);
reply_item->vp_integer = res;
}
rlm_sqlcounter_t *inst = (rlm_sqlcounter_t *)instance;
allowed_chars = NULL;
- paircompare_unregister(inst->dict_attr, sqlcounter_cmp);
+ paircompare_unregister(inst->dict_attr->attr, sqlcounter_cmp);
/*
* Free up dynamically allocated string pointers.
RDEBUG("Allocated IP %s [%08x]", allocation, ip_allocation);
vp = radius_paircreate(request, &request->reply->vps,
- PW_FRAMED_IP_ADDRESS, PW_TYPE_IPADDR);
+ PW_FRAMED_IP_ADDRESS, 0, PW_TYPE_IPADDR);
vp->vp_ipaddr = ip_allocation;
/*
/*
* FIXME: Fix the build system to create definitions from names.
*/
-#define WIMAX2ATTR(x) ((24757 << 16) | (x))
-
typedef struct rlm_wimax_t {
int delete_mppe_keys;
} rlm_wimax_t;
* the WiMAX-MSK so that the client has a key available.
*/
if (inst->delete_mppe_keys) {
- pairdelete(&request->reply->vps, ((311 << 16) | 16));
- pairdelete(&request->reply->vps, ((311 << 16) | 17));
+ pairdelete(&request->reply->vps, 16, VENDORPEC_MICROSOFT);
+ pairdelete(&request->reply->vps, 17, VENDORPEC_MICROSOFT);
vp = radius_pairmake(request, &request->reply->vps, "WiMAX-MSK", "0x00", T_OP_EQ);
if (vp) {
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = pairfind(request->reply->vps, WIMAX2ATTR(6));
+ ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX);
if (!ip) {
RDEBUG("WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-PMIP4 key");
break;
/*
* Put MN-HA-PMIP4 into WiMAX-MN-hHA-MIP4-Key
*/
- vp = pairfind(request->reply->vps, WIMAX2ATTR(10));
+ vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- WIMAX2ATTR(10), PW_TYPE_OCTETS);
+ 10, VENDORPEC_WIMAX, PW_TYPE_OCTETS);
}
if (!vp) {
RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP4-Key");
/*
* Put MN-HA-PMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI
*/
- vp = pairfind(request->reply->vps, WIMAX2ATTR(11));
+ vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- WIMAX2ATTR(11), PW_TYPE_INTEGER);
+ 11, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
}
if (!vp) {
RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP4-SPI");
/*
* Look for WiMAX-hHA-IP-MIP4
*/
- ip = pairfind(request->reply->vps, WIMAX2ATTR(6));
+ ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX);
if (!ip) {
RDEBUG("WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-CMIP4 key");
break;
/*
* Put MN-HA-CMIP4 into WiMAX-MN-hHA-MIP4-Key
*/
- vp = pairfind(request->reply->vps, WIMAX2ATTR(10));
+ vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- WIMAX2ATTR(10), PW_TYPE_OCTETS);
+ 10, VENDORPEC_WIMAX, PW_TYPE_OCTETS);
}
if (!vp) {
RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP4-Key");
/*
* Put MN-HA-CMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI
*/
- vp = pairfind(request->reply->vps, WIMAX2ATTR(11));
+ vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- WIMAX2ATTR(11), PW_TYPE_INTEGER);
+ 11, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
}
if (!vp) {
RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP4-SPI");
/*
* Look for WiMAX-hHA-IP-MIP6
*/
- ip = pairfind(request->reply->vps, WIMAX2ATTR(7));
+ ip = pairfind(request->reply->vps, 7, VENDORPEC_WIMAX);
if (!ip) {
RDEBUG("WARNING: WiMAX-hHA-IP-MIP6 not found. Cannot calculate MN-HA-CMIP6 key");
break;
/*
* Put MN-HA-CMIP6 into WiMAX-MN-hHA-MIP6-Key
*/
- vp = pairfind(request->reply->vps, WIMAX2ATTR(12));
+ vp = pairfind(request->reply->vps, 12, VENDORPEC_WIMAX);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- WIMAX2ATTR(12), PW_TYPE_OCTETS);
+ 12, VENDORPEC_WIMAX, PW_TYPE_OCTETS);
}
if (!vp) {
RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP6-Key");
/*
* Put MN-HA-CMIP6-SPI into WiMAX-MN-hHA-MIP6-SPI
*/
- vp = pairfind(request->reply->vps, WIMAX2ATTR(13));
+ vp = pairfind(request->reply->vps, 13, VENDORPEC_WIMAX);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- WIMAX2ATTR(13), PW_TYPE_INTEGER);
+ 13, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
}
if (!vp) {
RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP6-SPI");
*
* FA-RK= H(MIP-RK, "FA-RK")
*/
- fa_rk = pairfind(request->reply->vps, WIMAX2ATTR(14));
+ fa_rk = pairfind(request->reply->vps, 14, VENDORPEC_WIMAX);
if (fa_rk && (fa_rk->length <= 1)) {
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL);
* really MIP-SPI. Clear? Of course. This is WiMAX.
*/
if (fa_rk) {
- vp = pairfind(request->reply->vps, WIMAX2ATTR(61));
+ vp = pairfind(request->reply->vps, 61, VENDORPEC_WIMAX);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
- WIMAX2ATTR(61), PW_TYPE_INTEGER);
+ 61, VENDORPEC_WIMAX, PW_TYPE_INTEGER);
}
if (!vp) {
RDEBUG("WARNING: Failed creating WiMAX-FA-RK-SPI");
*
* WiMAX-RRQ-MN-HA-SPI
*/
- vp = pairfind(request->packet->vps, WIMAX2ATTR(20));
+ vp = pairfind(request->packet->vps, 20, VENDORPEC_WIMAX);
if (vp) {
RDEBUG("Client requested MN-HA key: Should use SPI to look up key from storage.");
if (!mn_nai) {
/*
* WiMAX-RRQ-HA-IP
*/
- if (!pairfind(request->packet->vps, WIMAX2ATTR(18))) {
+ if (!pairfind(request->packet->vps, 18, VENDORPEC_WIMAX)) {
RDEBUG("WARNING: HA-IP was not found!");
}
/*
* WiMAX-HA-RK-Key-Requested
*/
- vp = pairfind(request->packet->vps, WIMAX2ATTR(58));
+ vp = pairfind(request->packet->vps, 58, VENDORPEC_WIMAX);
if (vp && (vp->vp_integer == 1)) {
RDEBUG("Client requested HA-RK: Should use IP to look it up from storage.");
}