# RADIUS transport. It may also be "tcp", in which case the
# server will accept connections from this client ONLY over TCP.
#
-# proto = udp
+ proto = *
#
# A note on DNS: We STRONGLY recommend using IP addresses
+bob Cleartext-Password := "bob"
+ Tunnel-Password := "hello",
+ Tunnel-Private-Group-Id:1 = "foo",
+ Tunnel-Medium-Type:1 = IP
+
#
# Please read the documentation file ../doc/processing_users_file,
# or 'man 5 users' (after installing the server) for more information.
while (cur) {
VALUE_PAIR hack;
- vp = pairfind(request->packet->vps, cur->dattr->attr);
+ vp = pairfind(request->packet->vps, cur->dattr->attr, cur->dattr->vendor);
if (!vp) {
/*
* This was changed in 2.x, but it's still
* is always true.
*/
if ((check_item->attribute == PW_VENDOR_SPECIFIC) &&
- (VENDOR(vp->attribute) != 0) &&
+ (vp->vendor != 0) &&
(check_item->operator == T_OP_CMP_TRUE)) {
pass++;
continue;
if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
request->username = pairfind(request->packet->vps,
- PW_STRIPPED_USER_NAME);
+ PW_STRIPPED_USER_NAME, 0);
if (!request->username)
request->username = pairfind(request->packet->vps,
- PW_USER_NAME);
+ PW_USER_NAME, 0);
request->password = pairfind(request->packet->vps,
- PW_USER_PASSWORD);
+ PW_USER_PASSWORD, 0);
}
return RLM_MODULE_UPDATED;
typedef struct rlm_attr_rewrite_t {
char *attribute; /* The attribute to search for */
- int attr_num; /* The attribute number */
+ DICT_ATTR *da; /* The attribute definition */
char *search; /* The pattern to search for */
int search_len; /* The length of the search pattern */
char *searchin_str; /* The VALUE_PAIR list to search in. Can be either packet,reply,proxy,proxy_reply or control (plus it's alias 'config') */
data->attribute);
return -1;
}
- data->attr_num = dattr->attr;
+ data->da = dattr;
/* Add the module instance name */
data->name = cf_section_name2(conf); /* may be NULL */
/* new_attribute = no */
switch (data->searchin) {
case RLM_REGEX_INPACKET:
- if (data->attr_num == PW_USER_NAME)
+ if (!data->da->vendor && (data->da->attr == PW_USER_NAME))
attr_vp = request->username;
- else if (data->attr_num == PW_USER_PASSWORD)
+ else if (!data->da->vendor && (data->da->attr == PW_USER_PASSWORD))
attr_vp = request->password;
else
tmp = request->packet->vps;
default:
radlog(L_ERR, "%s: Illegal value for searchin. Changing to packet.", data->name);
data->searchin = RLM_REGEX_INPACKET;
- attr_vp = pairfind(request->packet->vps, data->attr_num);
+ attr_vp = pairfind(request->packet->vps, data->da->attr, data->da->vendor);
break;
}
do_again:
if (tmp != NULL)
- attr_vp = pairfind(tmp, data->attr_num);
+ attr_vp = pairfind(tmp, data->da->attr, data->da->vendor);
if (attr_vp == NULL) {
DEBUG2("%s: Could not find value pair for attribute %s", data->name,data->attribute);
return ret;
char *check_name; /* The attribute to check it with ie Allowed-Calling-Station-Id */
char *data_type; /* string,integer,ipaddr,date,abinary,octets */
int dat_type;
- int item_attr;
- int chk_attr;
+ DICT_ATTR *item_attr;
+ DICT_ATTR *chk_attr;
int notfound_reject; /* If we don't find the item_name in the request send back a reject */
} rlm_checkval_t;
checkval_detach(data);
return -1;
}
- data->item_attr = dattr->attr;
+ data->item_attr = dattr;
/*
* Add the check attribute name to the dictionary
checkval_detach(data);
return -1;
}
- data->chk_attr = dattr->attr;
+ data->chk_attr = dattr;
DEBUG2("rlm_checkval: Registered name %s for attribute %d",
dattr->name,dattr->attr);
* Look for the check item
*/
- if (!(item_vp = pairfind(request->packet->vps, data->item_attr))){
+ if (!(item_vp = pairfind(request->packet->vps, data->item_attr->attr, data->item_attr->vendor))){
DEBUG2("rlm_checkval: Could not find item named %s in request", data->item_name);
if (data->notfound_reject)
ret = RLM_MODULE_REJECT;
DEBUG2("rlm_checkval: Item Name: %s, Value: %s",data->item_name, item_vp->vp_strvalue);
tmp = request->config_items;
do{
- if (!(chk_vp = pairfind(tmp, data->chk_attr))){
+ if (!(chk_vp = pairfind(tmp, data->chk_attr->attr, data->chk_attr->vendor))){
if (!found){
DEBUG2("rlm_checkval: Could not find attribute named %s in check pairs",data->check_name);
ret = RLM_MODULE_NOTFOUND;
/* look for join-attribute */
DEBUG2("rlm_dbm: Reply found");
join_attr = vp;
- while( (join_attr = pairfind(join_attr,SM_JOIN_ATTR) ) != NULL ) {
+ while( (join_attr = pairfind(join_attr,SM_JOIN_ATTR, 0) ) != NULL ) {
DEBUG2("rlm_dbm: Proccess nested record: username %s",
(char *)join_attr->vp_strvalue);
/* res = RLM_MODULE_NOTFOUND; */
}
join_attr = join_attr -> next;
}
- pairdelete(&vp,SM_JOIN_ATTR);
+ pairdelete(&vp,SM_JOIN_ATTR, 0);
if ( parse_state != SMP_ERROR ) {
if ( ! isfallthrough(vp) ) {
continue_search = 0;
* Allow per-user configuration of EAP types.
*/
vp = pairfind(handler->request->config_items,
- PW_EAP_TYPE);
+ PW_EAP_TYPE, 0);
if (vp) default_eap_type = vp->vp_integer;
do_initiate:
*/
default_eap_type = 0;
vp = pairfind(handler->request->config_items,
- PW_EAP_TYPE);
+ PW_EAP_TYPE, 0);
for (i = 0; i < eaptype->length; i++) {
/*
* It is invalid to request identity,
*/
vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0);
if (!vp) {
- vp = paircreate(PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
+ vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0, PW_TYPE_OCTETS);
memset(vp->vp_octets, 0, AUTH_VECTOR_LEN);
vp->length = AUTH_VECTOR_LEN;
pairadd(&(request->reply->vps), vp);
* Create an EAP-Type containing the EAP-type
* from the packet.
*/
- vp = paircreate(PW_EAP_TYPE, PW_TYPE_INTEGER);
+ vp = paircreate(PW_EAP_TYPE, 0, PW_TYPE_INTEGER);
if (vp) {
vp->vp_integer = eap_msg->vp_octets[4];
pairadd(&(request->packet->vps), vp);
/*
* Delete any previous replies.
*/
- pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE);
- pairdelete(&handler->request->reply->vps, PW_STATE);
+ pairdelete(&handler->request->reply->vps, PW_EAP_MESSAGE, 0);
+ pairdelete(&handler->request->reply->vps, PW_STATE, 0);
eap_packet_free(&handler->eap_ds->request);
handler->eap_ds->request = eap_packet_alloc();
* user.
*/
if ((!tls_session->allow_session_resumption) ||
- (((vp = pairfind(request->config_items, 1127)) != NULL) &&
+ (((vp = pairfind(request->config_items, 1127, 0)) != NULL) &&
(vp->vp_integer == 0))) {
SSL_CTX_remove_session(tls_session->ctx,
tls_session->ssl->session);
} else if (!SSL_session_reused(tls_session->ssl)) {
RDEBUG2("Saving response in the cache");
- vp = paircopy2(request->reply->vps, PW_USER_NAME);
+ vp = paircopy2(request->reply->vps, PW_USER_NAME, 0);
pairadd(&vps, vp);
- vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME);
+ vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME, 0);
pairadd(&vps, vp);
if (vps) {
* Prefer the dictionary name over a number,
* if it exists.
*/
- dval = dict_valbyattr(PW_EAP_TYPE, type);
+ dval = dict_valbyattr(PW_EAP_TYPE, 0, type);
if (dval) {
snprintf(buffer, buflen, "%s", dval->name);
}
/*
* Prefer the dictionary name, if it exists.
*/
- dval = dict_valbyattr(PW_EAP_TYPE, type);
+ dval = dict_valbyattr(PW_EAP_TYPE, 0, type);
if (dval) {
snprintf(buffer, buflen, "%s", dval->name);
return buffer;
}
eap_packet = (eap_packet_t *)reply->packet;
- pairdelete(&(packet->vps), PW_EAP_MESSAGE);
+ pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0);
vp = eap_packet2vp(eap_packet);
if (!vp) return RLM_MODULE_INVALID;
*/
vp = pairfind(packet->vps, PW_MESSAGE_AUTHENTICATOR, 0);
if (!vp) {
- vp = paircreate(PW_MESSAGE_AUTHENTICATOR, PW_TYPE_OCTETS);
+ vp = paircreate(PW_MESSAGE_AUTHENTICATOR, 0, PW_TYPE_OCTETS);
memset(vp->vp_strvalue, 0, AUTH_VECTOR_LEN);
vp->length = AUTH_VECTOR_LEN;
pairadd(&(packet->vps), vp);
size = total;
if (size > 253) size = 253;
- vp = paircreate(PW_EAP_MESSAGE, PW_TYPE_OCTETS);
+ vp = paircreate(PW_EAP_MESSAGE, 0, PW_TYPE_OCTETS);
if (!vp) {
pairfree(&head);
return NULL;
* it might be too big for putting into an EAP-Type-SIM
*
*/
- vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_SUBTYPE);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0);
if(vp == NULL)
{
subtype = eapsim_start;
subtype = vp->vp_integer;
}
- vp = pairfind(r->vps, ATTRIBUTE_EAP_ID);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_ID, 0);
if(vp == NULL)
{
id = ((int)getpid() & 0xff);
id = vp->vp_integer;
}
- vp = pairfind(r->vps, ATTRIBUTE_EAP_CODE);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_CODE, 0);
if(vp == NULL)
{
eapcode = PW_EAP_REQUEST;
* then we should calculate the HMAC-SHA1 of the resulting EAP-SIM
* packet, appended with the value of append.
*/
- vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_KEY);
+ vp = pairfind(r->vps, ATTRIBUTE_EAP_SIM_KEY, 0);
if(macspace != NULL && vp != NULL)
{
unsigned char *buffer;
return 0;
}
- newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0, PW_TYPE_INTEGER);
if (!newvp) return 0;
newvp->vp_integer = attr[0];
newvp->length = 1;
return 0;
}
- newvp = paircreate(eapsim_attribute+ATTRIBUTE_EAP_SIM_BASE, PW_TYPE_OCTETS);
+ newvp = paircreate(eapsim_attribute+ATTRIBUTE_EAP_SIM_BASE, 0, PW_TYPE_OCTETS);
memcpy(newvp->vp_strvalue, &attr[2], eapsim_len-2);
newvp->length = eapsim_len-2;
pairadd(&(r->vps), newvp);
int elen,len;
VALUE_PAIR *mac;
- mac = pairfind(rvps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC);
+ mac = pairfind(rvps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0);
if(mac == NULL
|| mac->length != 18) {
/* libradius debug already prints out the value pairs for us */
if (!fr_debug_flag && do_output) {
printf("Received response ID %d, code %d, length = %d\n",
- (*rep)->id, (*rep)->code, (*rep)->data_len);
+ (*rep)->id, (*rep)->code, (int) (*rep)->data_len);
vp_printlist(stdout, (*rep)->vps);
}
if((*rep)->code == PW_AUTHENTICATION_ACK) {
* maybe should just copy things we care about, or keep
* a copy of the original input and start from there again?
*/
- pairdelete(&resp->vps, PW_EAP_MESSAGE);
- pairdelete(&resp->vps, ATTRIBUTE_EAP_BASE+PW_EAP_IDENTITY);
+ pairdelete(&resp->vps, PW_EAP_MESSAGE, 0);
+ pairdelete(&resp->vps, ATTRIBUTE_EAP_BASE+PW_EAP_IDENTITY, 0);
last = &resp->vps;
for(vp = *last; vp != NULL; vp = vpnext)
/* form new response clear of any EAP stuff */
cleanresp(rep);
- if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST)) == NULL) {
+ if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0)) == NULL) {
fprintf(stderr, "illegal start message has no VERSION_LIST\n");
return 0;
}
* anyway we like, but it is illegal to have more than one
* present.
*/
- anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ);
- fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ);
- permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ);
+ anyidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_ANY_ID_REQ, 0);
+ fullauthidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, 0);
+ permanentidreq_vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ, 0);
if(fullauthidreq_vp == NULL ||
anyidreq_vp != NULL ||
/* okay, we have just any_id_req there, so fill in response */
/* mark the subtype as being EAP-SIM/Response/Start */
- newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0, PW_TYPE_INTEGER);
newvp->vp_integer = eapsim_start;
pairreplace(&(rep->vps), newvp);
/* insert selected version into response. */
newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION,
- PW_TYPE_OCTETS);
+ 0, PW_TYPE_OCTETS);
versions = (uint16_t *)newvp->vp_strvalue;
versions[0] = htons(selectedversion);
newvp->length = 2;
* insert a nonce_mt that we make up.
*/
newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT,
- PW_TYPE_OCTETS);
+ 0, PW_TYPE_OCTETS);
newvp->vp_octets[0]=0;
newvp->vp_octets[1]=0;
newvp->length = 18; /* 16 bytes of nonce + padding */
return 0;
}
newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_IDENTITY,
- PW_TYPE_OCTETS);
+ 0, PW_TYPE_OCTETS);
idlen = strlen(vp->vp_strvalue);
pidlen = (uint16_t *)newvp->vp_strvalue;
*pidlen = htons(idlen);
uint8_t calcmac[20];
/* look for the AT_MAC and the challenge data */
- mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC);
- randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND);
+ mac = pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0);
+ randvp= pairfind(req->vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND, 0);
if(mac == NULL || randvp == NULL) {
fprintf(stderr, "radeapclient: challenge message needs to contain RAND and MAC\n");
return 0;
randcfg[1] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE];
randcfg[2] = &randvp->vp_octets[2+EAPSIM_RAND_SIZE*2];
- randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1);
- randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2);
- randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3);
+ randcfgvp[0] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND1, 0);
+ randcfgvp[1] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND2, 0);
+ randcfgvp[2] = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_RAND3, 0);
if(randcfgvp[0] == NULL ||
randcfgvp[1] == NULL ||
* Really, they should be calculated from the RAND!
*
*/
- sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1);
- sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2);
- sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3);
+ sres1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES1, 0);
+ sres2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES2, 0);
+ sres3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_SRES3, 0);
if(sres1 == NULL ||
sres2 == NULL ||
memcpy(eapsim_mk.sres[1], sres2->vp_strvalue, sizeof(eapsim_mk.sres[1]));
memcpy(eapsim_mk.sres[2], sres3->vp_strvalue, sizeof(eapsim_mk.sres[2]));
- Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1);
- Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2);
- Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3);
+ Kc1 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC1, 0);
+ Kc2 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC2, 0);
+ Kc3 = pairfind(rep->vps, ATTRIBUTE_EAP_SIM_KC3, 0);
if(Kc1 == NULL ||
Kc2 == NULL ||
cleanresp(rep);
/* mark the subtype as being EAP-SIM/Response/Start */
- newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0, PW_TYPE_INTEGER);
newvp->vp_integer = eapsim_challenge;
pairreplace(&(rep->vps), newvp);
* fill the SIM_MAC with a field that will in fact get appended
* to the packet before the MAC is calculated
*/
- newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC,
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC, 0,
PW_TYPE_OCTETS);
memcpy(newvp->vp_strvalue+EAPSIM_SRES_SIZE*0, sres1->vp_strvalue, EAPSIM_SRES_SIZE);
memcpy(newvp->vp_strvalue+EAPSIM_SRES_SIZE*1, sres2->vp_strvalue, EAPSIM_SRES_SIZE);
newvp->length = EAPSIM_SRES_SIZE*3;
pairreplace(&(rep->vps), newvp);
- newvp = paircreate(ATTRIBUTE_EAP_SIM_KEY, PW_TYPE_OCTETS);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_KEY, 0, PW_TYPE_OCTETS);
memcpy(newvp->vp_strvalue, eapsim_mk.K_aut, EAPSIM_AUTH_SIZE);
newvp->length = EAPSIM_AUTH_SIZE;
pairreplace(&(rep->vps), newvp);
VALUE_PAIR *vp, *statevp, *radstate, *eapid;
char statenamebuf[32], subtypenamebuf[32];
- if ((radstate = paircopy2(req->vps, PW_STATE)) == NULL)
+ if ((radstate = paircopy2(req->vps, PW_STATE, 0)) == NULL)
{
return 0;
}
- if ((eapid = paircopy2(req->vps, ATTRIBUTE_EAP_ID)) == NULL)
+ if ((eapid = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0)) == NULL)
{
return 0;
}
* outselves to be in EAP-SIM-Start state if there is none.
*/
- if((statevp = pairfind(resp->vps, ATTRIBUTE_EAP_SIM_STATE)) == NULL)
+ if((statevp = pairfind(resp->vps, ATTRIBUTE_EAP_SIM_STATE, 0)) == NULL)
{
/* must be initial request */
- statevp = paircreate(ATTRIBUTE_EAP_SIM_STATE, PW_TYPE_INTEGER);
+ statevp = paircreate(ATTRIBUTE_EAP_SIM_STATE, 0, PW_TYPE_INTEGER);
statevp->vp_integer = eapsim_client_init;
pairreplace(&(resp->vps), statevp);
}
printf("<+++ EAP-sim decoded packet:\n");
vp_printlist(stdout, req->vps);
- if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_SUBTYPE)) == NULL)
+ if((vp = pairfind(req->vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0)) == NULL)
{
return 0;
}
cleanresp(rep);
- if ((state = paircopy2(req->vps, PW_STATE)) == NULL)
+ if ((state = paircopy2(req->vps, PW_STATE, 0)) == NULL)
{
fprintf(stderr, "radeapclient: no state attribute found\n");
return 0;
}
- if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID)) == NULL)
+ if ((id = paircopy2(req->vps, ATTRIBUTE_EAP_ID, 0)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-ID attribute found\n");
return 0;
}
identifier = id->vp_integer;
- if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5)) == NULL)
+ if ((vp = pairfind(req->vps, ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0)) == NULL)
{
fprintf(stderr, "radeapclient: no EAP-MD5 attribute found\n");
return 0;
fr_MD5Update(&context, value, valuesize);
fr_MD5Final(response, &context);
- vp = paircreate(ATTRIBUTE_EAP_BASE+PW_EAP_MD5, PW_TYPE_OCTETS);
+ vp = paircreate(ATTRIBUTE_EAP_BASE+PW_EAP_MD5, 0, PW_TYPE_OCTETS);
vp->vp_octets[0]=16;
memcpy(&vp->vp_strvalue[1], response, 16);
vp->length = 17;
EAP_PACKET ep;
int eap_type;
- vp = pairfind(req->vps, ATTRIBUTE_EAP_ID);
+ vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0);
if(vp == NULL) {
id = ((int)getpid() & 0xff);
} else {
id = vp->vp_integer;
}
- vp = pairfind(req->vps, ATTRIBUTE_EAP_CODE);
+ vp = pairfind(req->vps, ATTRIBUTE_EAP_CODE, 0);
if(vp == NULL) {
eapcode = PW_EAP_REQUEST;
} else {
*/
/* nuke any existing EAP-Messages */
- pairdelete(&req->vps, PW_EAP_MESSAGE);
+ pairdelete(&req->vps, PW_EAP_MESSAGE, 0);
memset(&ep, 0, sizeof(ep));
ep.code = eapcode;
if(e == NULL) return;
/* create EAP-ID and EAP-CODE attributes to start */
- eap1 = paircreate(ATTRIBUTE_EAP_ID, PW_TYPE_INTEGER);
+ eap1 = paircreate(ATTRIBUTE_EAP_ID, 0, PW_TYPE_INTEGER);
eap1->vp_integer = e->id;
pairadd(&(rep->vps), eap1);
- eap1 = paircreate(ATTRIBUTE_EAP_CODE, PW_TYPE_INTEGER);
+ eap1 = paircreate(ATTRIBUTE_EAP_CODE, 0, PW_TYPE_INTEGER);
eap1->vp_integer = e->code;
pairadd(&(rep->vps), eap1);
len = MAX_STRING_LEN;
}
- eap1 = paircreate(type, PW_TYPE_OCTETS);
+ eap1 = paircreate(type, 0, PW_TYPE_OCTETS);
memcpy(eap1->vp_strvalue, &e->data[1], len);
eap1->length = len;
pairadd(&(rep->vps), eap1);
{
VALUE_PAIR *esvp;
- esvp = pairfind(r->vps, ATTRIBUTE_EAP_BASE+PW_EAP_SIM);
+ esvp = pairfind(r->vps, ATTRIBUTE_EAP_BASE+PW_EAP_SIM, 0);
if (esvp == NULL) {
radlog(L_ERR, "eap: EAP-Sim attribute not found");
return 0;
* set to 127.0.0.1 for tunneled requests, and
* we don't want to tell the world that...
*/
- pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO);
+ pairdelete(&request->proxy->vps, PW_FREERADIUS_PROXIED_TO, VENDORPEC_FREERADIUS);
RDEBUG2(" Tunneled session will be proxied. Not doing EAP.");
return RLM_MODULE_HANDLED;
* This is vendor Cisco (9), Cisco-AVPair
* attribute (1)
*/
- vp = pairfind(vp, (9 << 16) | 1);
+ vp = pairfind(vp, 1, 9);
if (!vp) {
return RLM_MODULE_NOOP;
}
return -1;
}
- dval = dict_valbyname(PW_AUTH_TYPE, inst->auth_type_name);
+ dval = dict_valbyname(PW_AUTH_TYPE, 0, inst->auth_type_name);
if (!dval) {
radlog(L_ERR, "rlm_eap_gtc: Unknown Auth-Type %s",
inst->auth_type_name);
}
if (eap_ds->response->type.length != vp->length) {
- DEBUG2(" rlm_eap_gtc: ERROR: Passwords are of different length. %d %d", eap_ds->response->type.length, vp->length);
+ DEBUG2(" rlm_eap_gtc: ERROR: Passwords are of different length. %d %d", (int) eap_ds->response->type.length, (int) vp->length);
eap_ds->request->code = PW_EAP_FAILURE;
return 0;
}
* If there was a User-Password in the request,
* why the heck are they using EAP-GTC?
*/
- pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD);
+ pairdelete(&handler->request->packet->vps, PW_USER_PASSWORD, 0);
vp = pairmake("User-Password", "", T_OP_EQ);
if (!vp) {
*/
pairmove2(&response,
&handler->request->reply->vps,
- PW_MSCHAP2_SUCCESS);
+ PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT);
break;
default:
*
* FIXME: Use intelligent names...
*/
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 7));
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 8));
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 16));
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 17));
+ pairdelete(&handler->request->reply->vps, 7, VENDORPEC_MICROSOFT);
+ pairdelete(&handler->request->reply->vps, 8, VENDORPEC_MICROSOFT);
+ pairdelete(&handler->request->reply->vps, 16, VENDORPEC_MICROSOFT);
+ pairdelete(&handler->request->reply->vps, 17, VENDORPEC_MICROSOFT);
/*
* And we need to challenge the user, not ack/reject them,
* the State attribute back, before passing
* the handler & request back into the tunnel.
*/
- pairdelete(&handler->request->packet->vps, PW_STATE);
+ pairdelete(&handler->request->packet->vps, PW_STATE, 0);
/*
* Fix the User-Name when proxying, to strip off
*/
if (inst->with_ntdomain_hack &&
((challenge = pairfind(handler->request->packet->vps,
- PW_USER_NAME)) != NULL) &&
+ PW_USER_NAME, 0)) != NULL) &&
((username = strchr(challenge->vp_strvalue, '\\')) != NULL)) {
/*
* Wipe out the NT domain.
* Delete MPPE keys & encryption policy. We don't
* want these here.
*/
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 7));
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 8));
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 16));
- pairdelete(&handler->request->reply->vps, ((311 << 16) | 17));
+ pairdelete(&handler->request->reply->vps, 7, VENDORPEC_MICROSOFT);
+ pairdelete(&handler->request->reply->vps, 8, VENDORPEC_MICROSOFT);
+ pairdelete(&handler->request->reply->vps, 16, VENDORPEC_MICROSOFT);
+ pairdelete(&handler->request->reply->vps, 17, VENDORPEC_MICROSOFT);
/*
* Take the response from the mschap module, and
response = NULL;
if (rcode == RLM_MODULE_OK) {
pairmove2(&response, &handler->request->reply->vps,
- PW_MSCHAP2_SUCCESS);
+ PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT);
data->code = PW_EAP_MSCHAPV2_SUCCESS;
} else {
/*
if (data_len > 65535) return NULL; /* paranoia */
- vp = paircreate(PW_EAP_MESSAGE, PW_TYPE_OCTETS);
+ vp = paircreate(PW_EAP_MESSAGE, 0, PW_TYPE_OCTETS);
if (!vp) {
RDEBUG2("Failure in creating VP");
return NULL;
int vp_len;
- vp = paircreate(PW_EAP_MESSAGE, PW_TYPE_OCTETS);
+ vp = paircreate(PW_EAP_MESSAGE, 0, PW_TYPE_OCTETS);
if (!vp) {
RDEBUG2("Failure in creating VP");
pairfree(&head);
if (this == vp) start = EAP_HEADER_LEN;
for (i = start; i < vp->length; i++) {
- if ((total & 0x0f) == 0) fprintf(fr_log_fp, " PEAP tunnel data out %04x: ", total);
+ if ((total & 0x0f) == 0) fprintf(fr_log_fp, " PEAP tunnel data out %04x: ", (int) total);
fprintf(fr_log_fp, "%02x ", vp->vp_octets[i]);
/*
* Clean up the tunneled reply.
*/
- pairdelete(&reply->vps, PW_PROXY_STATE);
- pairdelete(&reply->vps, PW_EAP_MESSAGE);
- pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR);
+ pairdelete(&reply->vps, PW_PROXY_STATE, 0);
+ pairdelete(&reply->vps, PW_EAP_MESSAGE, 0);
+ pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0);
t->accept_vps = reply->vps;
reply->vps = NULL;
* Get rid of the old State, too.
*/
pairfree(&t->state);
- pairmove2(&t->state, &(reply->vps), PW_STATE);
+ pairmove2(&t->state, &(reply->vps), PW_STATE, 0);
/*
* PEAP takes only EAP-Message attributes inside
* Access-Challenge is ignored.
*/
vp = NULL;
- pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE);
+ pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE, 0);
/*
* Handle EAP-MSCHAP-V2, where Access-Accept's
/*
* Clean up the tunneled reply.
*/
- pairdelete(&reply->vps, PW_PROXY_STATE);
- pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR);
+ pairdelete(&reply->vps, PW_PROXY_STATE, 0);
+ pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0);
t->accept_vps = reply->vps;
reply->vps = NULL;
* AND attributes which are copied there
* from below.
*/
- if (pairfind(fake->packet->vps, vp->attribute)) {
+ if (pairfind(fake->packet->vps, vp->attribute, vp->vendor)) {
continue;
}
* Don't copy from the head, we've already
* checked it.
*/
- copy = paircopy2(vp, vp->attribute);
+ copy = paircopy2(vp, vp->attribute, vp->vendor);
pairadd(&fake->packet->vps, copy);
}
}
* of attributes.
*/
pairdelete(&fake->packet->vps,
- PW_EAP_MESSAGE);
+ PW_EAP_MESSAGE, 0);
}
DEBUG2(" PEAP: Tunneled authentication will be proxied to %s", vp->vp_strvalue);
*/
pairmove2(&(request->config_items),
&(fake->config_items),
- PW_PROXY_TO_REALM);
+ PW_PROXY_TO_REALM, 0);
/*
* Seed the proxy packet with the
*/
/* the version list. We support only version 1. */
- newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST,
- PW_TYPE_OCTETS);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_VERSION_LIST, 0,
+ PW_TYPE_OCTETS);
words = (uint16_t *)newvp->vp_strvalue;
newvp->length = 3*sizeof(uint16_t);
words[0] = htons(1*sizeof(uint16_t));
pairadd(vps, newvp);
/* set the EAP_ID - new value */
- newvp = paircreate(ATTRIBUTE_EAP_ID, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_ID, 0, PW_TYPE_INTEGER);
newvp->vp_integer = ess->sim_id++;
pairreplace(vps, newvp);
/* the ANY_ID attribute. We do not support re-auth or pseudonym */
newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ,
- PW_TYPE_OCTETS);
+ 0, PW_TYPE_OCTETS);
newvp->length = 2;
newvp->vp_strvalue[0]=0;
newvp->vp_strvalue[0]=1;
pairadd(vps, newvp);
/* the SUBTYPE, set to start. */
- newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0, PW_TYPE_INTEGER);
newvp->vp_integer = eapsim_start;
pairreplace(vps, newvp);
rad_assert(chalno >= 0 && chalno < 3);
- vp = pairfind(vps, ATTRIBUTE_EAP_SIM_RAND1+chalno);
+ vp = pairfind(vps, ATTRIBUTE_EAP_SIM_RAND1+chalno, 0);
if(vp == NULL) {
/* bad, we can't find stuff! */
DEBUG2(" eap-sim can not find sim-challenge%d",chalno+1);
}
if(vp->length != EAPSIM_RAND_SIZE) {
DEBUG2(" eap-sim chal%d is not 8-bytes: %d", chalno+1,
- vp->length);
+ (int) vp->length);
return 0;
}
memcpy(ess->keys.rand[chalno], vp->vp_strvalue, EAPSIM_RAND_SIZE);
- vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SRES1+chalno);
+ vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SRES1+chalno, 0);
if(vp == NULL) {
/* bad, we can't find stuff! */
DEBUG2(" eap-sim can not find sim-sres%d",chalno+1);
}
if(vp->length != EAPSIM_SRES_SIZE) {
DEBUG2(" eap-sim sres%d is not 16-bytes: %d", chalno+1,
- vp->length);
+ (int) vp->length);
return 0;
}
memcpy(ess->keys.sres[chalno], vp->vp_strvalue, EAPSIM_SRES_SIZE);
- vp = pairfind(vps, ATTRIBUTE_EAP_SIM_KC1+chalno);
+ vp = pairfind(vps, ATTRIBUTE_EAP_SIM_KC1+chalno, 0);
if(vp == NULL) {
/* bad, we can't find stuff! */
DEBUG2(" eap-sim can not find sim-kc%d",chalno+1);
}
if(vp->length != EAPSIM_Kc_SIZE) {
DEBUG2(" eap-sim kc%d is not 8-bytes: %d", chalno+1,
- vp->length);
+ (int) vp->length);
return 0;
}
memcpy(ess->keys.Kc[chalno], vp->vp_strvalue, EAPSIM_Kc_SIZE);
/* okay, we got the challenges! Put them into an attribute */
newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_RAND,
- PW_TYPE_OCTETS);
+ 0, PW_TYPE_OCTETS);
memset(newvp->vp_strvalue, 0, 2); /* clear reserved bytes */
memcpy(newvp->vp_strvalue+2+EAPSIM_RAND_SIZE*0, ess->keys.rand[0], EAPSIM_RAND_SIZE);
memcpy(newvp->vp_strvalue+2+EAPSIM_RAND_SIZE*1, ess->keys.rand[1], EAPSIM_RAND_SIZE);
pairadd(outvps, newvp);
/* set the EAP_ID - new value */
- newvp = paircreate(ATTRIBUTE_EAP_ID, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_ID, 0, PW_TYPE_INTEGER);
newvp->vp_integer = ess->sim_id++;
pairreplace(outvps, newvp);
*/
newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_MAC,
- PW_TYPE_OCTETS);
+ 0, PW_TYPE_OCTETS);
memcpy(newvp->vp_strvalue, ess->keys.nonce_mt, 16);
newvp->length = 16;
pairreplace(outvps, newvp);
- newvp = paircreate(ATTRIBUTE_EAP_SIM_KEY, PW_TYPE_OCTETS);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_KEY, 0, PW_TYPE_OCTETS);
memcpy(newvp->vp_strvalue, ess->keys.K_aut, 16);
newvp->length = 16;
pairreplace(outvps, newvp);
/* the SUBTYPE, set to challenge. */
- newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_SIM_SUBTYPE, 0, PW_TYPE_INTEGER);
newvp->vp_integer = eapsim_challenge;
pairreplace(outvps, newvp);
ess = (struct eap_sim_server_state *)handler->opaque;
/* set the EAP_ID - new value */
- newvp = paircreate(ATTRIBUTE_EAP_ID, PW_TYPE_INTEGER);
+ newvp = paircreate(ATTRIBUTE_EAP_ID, 0, PW_TYPE_INTEGER);
newvp->vp_integer = ess->sim_id++;
pairreplace(outvps, newvp);
type_data = type_data; /* shut up compiler */
- vp = pairfind(outvps, ATTRIBUTE_EAP_SIM_RAND1);
+ vp = pairfind(outvps, ATTRIBUTE_EAP_SIM_RAND1, 0);
if(vp == NULL) {
DEBUG2(" can not initiate sim, no RAND1 attribute");
return 0;
ess = (struct eap_sim_server_state *)handler->opaque;
- nonce_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT);
- selectedversion_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION);
+ nonce_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_NONCE_MT, 0);
+ selectedversion_vp = pairfind(vps, ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_SELECTED_VERSION, 0);
if(nonce_vp == NULL ||
selectedversion_vp == NULL) {
* double check the nonce size.
*/
if(nonce_vp->length != 18) {
- DEBUG2(" EAP-Sim nonce_mt must be 16 bytes (+2 bytes padding), not %d", nonce_vp->length);
+ DEBUG2(" EAP-Sim nonce_mt must be 16 bytes (+2 bytes padding), not %d", (int) nonce_vp->length);
return 0;
}
memcpy(ess->keys.nonce_mt, nonce_vp->vp_strvalue+2, 16);
}
/* see what kind of message we have gotten */
- if((vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SUBTYPE)) == NULL)
+ if((vp = pairfind(vps, ATTRIBUTE_EAP_SIM_SUBTYPE, 0)) == NULL)
{
DEBUG2(" no subtype attribute was created, message dropped");
return 0;
*/
if (handler->eap_type != PW_EAP_TLS) {
vp = pairfind(handler->request->config_items,
- PW_EAP_TLS_REQUIRE_CLIENT_CERT);
+ PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0);
if (!vp) {
client_cert = FALSE;
} else {
return 0;
}
- attribute = (vendor << 16) | attr;
-
- da = dict_attrbyvalue(attribute);
+ da = dict_attrbyvalue(attribute, vendor);
/*
* SHOULD check ((length & (1 << 30)) != 0)
const uint8_t *data, size_t data_len)
{
uint32_t attr;
+ uint32_t vendor;
uint32_t length;
size_t offset;
size_t size;
memcpy(&attr, data, sizeof(attr));
data += 4;
attr = ntohl(attr);
+ vendor = 0;
memcpy(&length, data, sizeof(length));
data += 4;
*/
offset = 8;
if ((length & (1 << 31)) != 0) {
- uint32_t vendor;
-
memcpy(&vendor, data, sizeof(vendor));
vendor = ntohl(vendor);
return NULL;
}
- attr |= (vendor << 16);
-
data += 4; /* skip the vendor field, it's zero */
offset += 4; /* offset to value field */
}
* Vendor attributes can be larger than 255.
* Normal attributes cannot be.
*/
- if ((attr > 255) && (VENDOR(attr) == 0)) {
+ if ((attr > 255) && (vendor == 0)) {
RDEBUG2("Cannot handle Diameter attributes");
pairfree(&first);
return NULL;
/*
* Create it.
*/
- vp = paircreate(attr, PW_TYPE_OCTETS);
+ vp = paircreate(attr, vendor, PW_TYPE_OCTETS);
if (!vp) {
RDEBUG2("Failure in creating VP");
pairfree(&first);
if (size == 0) break;
- vp = paircreate(attr, PW_TYPE_OCTETS);
+ vp = paircreate(attr, vendor, PW_TYPE_OCTETS);
if (!vp) {
RDEBUG2("Failure in creating VP");
pairfree(&first);
if ((debug_flag > 2) && fr_log_fp) {
for (i = 0; i < total; i++) {
- if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TTLS tunnel data out %04x: ", (int) i);
+ if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TTLS tunnel data out %04x: ", (int) i);
fprintf(fr_log_fp, "%02x ", buffer[i]);
* packet, and we will send EAP-Success.
*/
vp = NULL;
- pairmove2(&vp, &reply->vps, PW_MSCHAP2_SUCCESS);
+ pairmove2(&vp, &reply->vps, PW_MSCHAP2_SUCCESS, VENDORPEC_MICROSOFT);
if (vp) {
RDEBUG("Got MS-CHAP2-Success, tunneling it to the client in a challenge.");
rcode = RLM_MODULE_HANDLED;
* Delete MPPE keys & encryption policy. We don't
* want these here.
*/
- pairdelete(&reply->vps, ((311 << 16) | 7));
- pairdelete(&reply->vps, ((311 << 16) | 8));
- pairdelete(&reply->vps, ((311 << 16) | 16));
- pairdelete(&reply->vps, ((311 << 16) | 17));
+ pairdelete(&reply->vps, 7, VENDORPEC_MICROSOFT);
+ pairdelete(&reply->vps, 8, VENDORPEC_MICROSOFT);
+ pairdelete(&reply->vps, 16, VENDORPEC_MICROSOFT);
+ pairdelete(&reply->vps, 17, VENDORPEC_MICROSOFT);
/*
* Use the tunneled reply, but not now.
* can figure it out, from the non-tunneled
* EAP-Success packet.
*/
- pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE);
+ pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0);
pairfree(&vp);
}
* tunneled user!
*/
if (t->use_tunneled_reply) {
- pairdelete(&reply->vps, PW_PROXY_STATE);
+ pairdelete(&reply->vps, PW_PROXY_STATE, 0);
pairadd(&request->reply->vps, reply->vps);
reply->vps = NULL;
}
* Get rid of the old State, too.
*/
pairfree(&t->state);
- pairmove2(&t->state, &reply->vps, PW_STATE);
+ pairmove2(&t->state, &reply->vps, PW_STATE, 0);
/*
* We should really be a bit smarter about this,
* method works in 99.9% of the situations.
*/
vp = NULL;
- pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE);
+ pairmove2(&vp, &reply->vps, PW_EAP_MESSAGE, 0);
/*
* There MUST be a Reply-Message in the challenge,
* we MUST create one, with an empty string as
* it's value.
*/
- pairmove2(&vp, &reply->vps, PW_REPLY_MESSAGE);
+ pairmove2(&vp, &reply->vps, PW_REPLY_MESSAGE, 0);
/*
* Handle the ACK, by tunneling any necessary reply
size_t i;
for (i = 0; i < data_len; i++) {
- if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TTLS tunnel data in %04x: ", (int) i);
+ if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TTLS tunnel data in %04x: ", (int) i);
fprintf(fr_log_fp, "%02x ", data[i]);
*/
if (t->default_eap_type != 0) {
RDEBUG("Setting default EAP type for tunneled EAP session.");
- vp = paircreate(PW_EAP_TYPE,
+ vp = paircreate(PW_EAP_TYPE, 0,
PW_TYPE_INTEGER);
rad_assert(vp != NULL);
vp->vp_integer = t->default_eap_type;
* AND attributes which are copied there
* from below.
*/
- if (pairfind(fake->packet->vps, vp->attribute)) {
+ if (pairfind(fake->packet->vps, vp->attribute, vp->vendor)) {
continue;
}
* Don't copy from the head, we've already
* checked it.
*/
- copy = paircopy2(vp, vp->attribute);
+ copy = paircopy2(vp, vp->attribute, vp->vendor);
pairadd(&fake->packet->vps, copy);
}
}
*/
pairmove2(&(request->config_items),
&(fake->config_items),
- PW_PROXY_TO_REALM);
+ PW_PROXY_TO_REALM, 0);
/*
* Seed the proxy packet with the
} else {
DICT_VALUE *dval;
- dval = dict_valbyname(PW_PACKET_TYPE, inst->packet_type);
+ dval = dict_valbyname(PW_PACKET_TYPE, 0, inst->packet_type);
if (!dval) {
radlog(L_ERR, "rlm_exec: Unknown packet type %s: See list of VALUEs for Packet-Type in share/dictionary", inst->packet_type);
exec_detach(inst);
pairfree(&reply_tmp);
if(!fallthrough(user->reply)) {
- pairdelete(&request->reply->vps, PW_FALL_THROUGH);
+ pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0);
return(rad_check_return(user->check));
} else {
user=user->next;
pairfree(&reply_tmp);
if(!fallthrough(user->reply)) {
- pairdelete(&request->reply->vps, PW_FALL_THROUGH);
+ pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0);
return(rad_check_return(user->check));
}
}
if(userfound || defaultfound) {
- pairdelete(&request->reply->vps, PW_FALL_THROUGH);
+ pairdelete(&request->reply->vps, PW_FALL_THROUGH, 0);
return(rad_check_return(request->config_items));
} else {
DEBUG2("rlm_fastusers: user not found");
/*
* Remove server internal parameters.
*/
- pairdelete(reply_pairs, PW_FALL_THROUGH);
+ pairdelete(reply_pairs, PW_FALL_THROUGH, 0);
/*
* See if we succeeded.
* in "authorize", but not "authenticate".
*/
if (inst->set_auth_type) {
- DICT_VALUE *dv = dict_valbyname(PW_AUTH_TYPE, xlat_name);
+ DICT_VALUE *dv = dict_valbyname(PW_AUTH_TYPE, 0, xlat_name);
/*
* No section of *my* name, but maybe there's an
* LDAP section...
*/
- if (!dv) dv = dict_valbyname(PW_AUTH_TYPE, "LDAP");
+ if (!dv) dv = dict_valbyname(PW_AUTH_TYPE, 0, "LDAP");
if (!dv) {
DEBUG2("rlm_ldap: Over-riding set_auth_type, as there is no module %s listed in the \"authenticate\" section.", xlat_name);
inst->set_auth_type = 0;
request->username->vp_strvalue, request->password->vp_strvalue);
while ((vp_user_dn = pairfind(request->config_items,
- PW_LDAP_USERDN)) == NULL) {
+ PW_LDAP_USERDN, 0)) == NULL) {
if (!radius_xlat(filter, sizeof(filter), inst->filter,
request, ldap_escape_func)) {
radlog(L_ERR, " [%s] unable to create filter.\n", inst->xlat_name);
* Add the pair into the packet.
*/
if (!vals_idx){
- pairdelete(pairs, newpair->attribute);
+ pairdelete(pairs, newpair->attribute, newpair->vendor);
}
pairadd(&pairlist, newpair);
}