typedef enum {
PW_CODE_UNDEFINED = 0, //!< Packet code has not been set
- PW_CODE_AUTHENTICATION_REQUEST = 1, //!< RFC2865 - Access-Request
- PW_CODE_AUTHENTICATION_ACK = 2, //!< RFC2865 - Access-Accept
- PW_CODE_AUTHENTICATION_REJECT = 3, //!< RFC2865 - Access-Reject
+ PW_CODE_ACCESS_REQUEST = 1, //!< RFC2865 - Access-Request
+ PW_CODE_ACCESS_ACCEPT = 2, //!< RFC2865 - Access-Accept
+ PW_CODE_ACCESS_REJECT = 3, //!< RFC2865 - Access-Reject
PW_CODE_ACCOUNTING_REQUEST = 4, //!< RFC2866 - Accounting-Request
PW_CODE_ACCOUNTING_RESPONSE = 5, //!< RFC2866 - Accounting-Response
PW_CODE_ACCOUNTING_STATUS = 6, //!< RFC3575 - Reserved
if (room < (18 + lvalue)) return 0;
switch (packet->code) {
- case PW_CODE_AUTHENTICATION_ACK:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_ACCEPT:
+ case PW_CODE_ACCESS_REJECT:
case PW_CODE_ACCESS_CHALLENGE:
default:
if (!original) {
* Double-check some things based on packet code.
*/
switch (packet->code) {
- case PW_CODE_AUTHENTICATION_ACK:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_ACCEPT:
+ case PW_CODE_ACCESS_REJECT:
case PW_CODE_ACCESS_CHALLENGE:
if (!original) {
fr_strerror_printf("ERROR: Cannot sign response packet without a request packet");
break;
do_ack:
- case PW_CODE_AUTHENTICATION_ACK:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_ACCEPT:
+ case PW_CODE_ACCESS_REJECT:
case PW_CODE_ACCESS_CHALLENGE:
if (!original) {
fr_strerror_printf("ERROR: Cannot sign response packet without a request packet");
* Request packets are not signed, bur
* have a random authentication vector.
*/
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
case PW_CODE_STATUS_SERVER:
break;
break;
do_ack:
- case PW_CODE_AUTHENTICATION_ACK:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_ACCEPT:
+ case PW_CODE_ACCESS_REJECT:
case PW_CODE_ACCESS_CHALLENGE:
case PW_CODE_DISCONNECT_ACK:
case PW_CODE_DISCONNECT_NAK:
int rcode;
char buffer[32];
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
case PW_CODE_STATUS_SERVER:
/*
* The authentication vector is random
break;
/* Verify the reply digest */
- case PW_CODE_AUTHENTICATION_ACK:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_ACCEPT:
+ case PW_CODE_ACCESS_REJECT:
case PW_CODE_ACCESS_CHALLENGE:
case PW_CODE_ACCOUNTING_RESPONSE:
case PW_CODE_DISCONNECT_ACK:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
result = RLM_MODULE_REJECT;
break;
/*
* Reply of ACCEPT means accept, thus set Auth-Type
* accordingly.
*/
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
tmp = radius_paircreate(request,
&request->config_items,
PW_AUTH_TYPE, 0);
* are being rejected, so we minimize the amount of work
* done by the server, by rejecting them here.
*/
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
rad_authlog("Login incorrect (Home Server says so)",
request, 0);
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
return RLM_MODULE_REJECT;
default:
} else {
rad_authlog("Invalid user", request, 0);
}
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
return result;
}
if (!autz_retry) {
*/
if (result < 0) {
RDEBUG2("Failed to authenticate the user");
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL){
char msg[MAX_STRING_LEN+19];
main_config.denied_msg);
}
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
/*
* They're trying to log in too many times.
* been set to something. (i.e. Access-Challenge)
*/
if (request->reply->code == 0)
- request->reply->code = PW_CODE_AUTHENTICATION_ACK;
+ request->reply->code = PW_CODE_ACCESS_ACCEPT;
if ((module_msg = pairfind(request->packet->vps, PW_MODULE_SUCCESS_MESSAGE, 0, TAG_ANY)) != NULL){
char msg[MAX_STRING_LEN+12];
* We currently only handle AUTH packets here.
* This could be expanded to handle other packets as well if required.
*/
- rad_assert(request->packet->code == PW_CODE_AUTHENTICATION_REQUEST);
+ rad_assert(request->packet->code == PW_CODE_ACCESS_REQUEST);
result = rad_authenticate(request);
- if (request->reply->code == PW_CODE_AUTHENTICATION_REJECT) {
+ if (request->reply->code == PW_CODE_ACCESS_REJECT) {
pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY);
vp = pairmake_config("Post-Auth-Type", "Reject", T_OP_SET);
if (vp) rad_postauth(request);
}
- if (request->reply->code == PW_CODE_AUTHENTICATION_ACK) {
+ if (request->reply->code == PW_CODE_ACCESS_ACCEPT) {
rad_postauth(request);
}
packet->id = inject_id++;
if (fake->type == RAD_LISTEN_AUTH) {
- packet->code = PW_CODE_AUTHENTICATION_REQUEST;
+ packet->code = PW_CODE_ACCESS_REQUEST;
fun = rad_authenticate;
} else {
switch (rcode) {
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
- request->reply->code = PW_CODE_AUTHENTICATION_ACK;
+ request->reply->code = PW_CODE_ACCESS_ACCEPT;
break;
case RLM_MODULE_FAIL:
default:
case RLM_MODULE_REJECT:
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
break;
}
break;
* Some sanity checks, based on the packet code.
*/
switch(packet->code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
if (listener->type != RAD_LISTEN_AUTH) goto bad_packet;
FR_STATS_INC(auth, total_requests);
fun = rad_authenticate;
* Some sanity checks, based on the packet code.
*/
switch(code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
fun = rad_authenticate;
break;
* FIXME: Client MIB updates?
*/
switch(packet->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
case PW_CODE_ACCESS_CHALLENGE:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
break;
#ifdef WITH_ACCOUNTING
* FIXME: Client MIB updates?
*/
switch(packet->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
case PW_CODE_ACCESS_CHALLENGE:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
break;
#ifdef WITH_ACCOUNTING
/*
* Catch Auth-Type := Reject BEFORE proxying the packet.
*/
- else if (request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ else if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
if (request->reply->code == 0) {
vp = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY);
- if (!vp || (vp->vp_integer != PW_CODE_AUTHENTICATION_REJECT)) {
+ if (!vp || (vp->vp_integer != PW_CODE_ACCESS_REJECT)) {
RDEBUG2("There was no response configured: "
"rejecting request");
}
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
}
}
if (vp) pairadd(&request->reply->vps, vp);
switch (request->reply->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
rad_postauth(request);
break;
case PW_CODE_ACCESS_CHALLENGE:
* We do this separately so ACK and challenge can change the code
* to reject if a module returns reject.
*/
- if (request->reply->code == PW_CODE_AUTHENTICATION_REJECT) {
+ if (request->reply->code == PW_CODE_ACCESS_REJECT) {
pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY);
vp = pairmake_config("Post-Auth-Type", "Reject", T_OP_SET);
if (vp) rad_postauth(request);
/*
* See if we need to delay an Access-Reject packet.
*/
- if ((request->reply->code == PW_CODE_AUTHENTICATION_REJECT) &&
+ if ((request->reply->code == PW_CODE_ACCESS_REJECT) &&
(request->root->reject_delay > 0)) {
request->response_delay = request->root->reject_delay;
#ifdef WITH_STATS
switch (packet->code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
FR_STATS_INC(auth, total_dup_requests);
break;
#ifdef WITH_STATS
request->listener->stats.last_packet = request->packet->timestamp.tv_sec;
- if (packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ if (packet->code == PW_CODE_ACCESS_REQUEST) {
request->client->auth.last_packet = request->packet->timestamp.tv_sec;
radius_auth_stats.last_packet = request->packet->timestamp.tv_sec;
#ifdef WITH_ACCOUNTING
* post-proxy-type Reject
*/
if (!vp && reply &&
- reply->code == PW_CODE_AUTHENTICATION_REJECT) {
+ reply->code == PW_CODE_ACCESS_REJECT) {
DICT_VALUE *dval;
dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, "Reject");
request->home_server->stats.last_packet = packet->timestamp.tv_sec;
request->proxy_listener->stats.last_packet = packet->timestamp.tv_sec;
- if (request->proxy->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ if (request->proxy->code == PW_CODE_ACCESS_REQUEST) {
proxy_auth_stats.last_packet = packet->timestamp.tv_sec;
#ifdef WITH_ACCOUNTING
} else if (request->proxy->code == PW_CODE_ACCOUNTING_REQUEST) {
DICT_VALUE const *dval = NULL;
VALUE_PAIR *vp;
- if (request->proxy->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ if (request->proxy->code == PW_CODE_ACCESS_REQUEST) {
dval = dict_valbyname(PW_POST_PROXY_TYPE, 0,
"Fail-Authentication");
/*
* Figure out which pool to use.
*/
- if (request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
pool = realm->auth_pool;
#ifdef WITH_ACCOUNTING
if (!vp) return 0;
switch (request->packet->code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
pool_type = HOME_TYPE_AUTH;
break;
* since we can't use the request authenticator
* anymore - we changed it.
*/
- if ((request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) &&
+ if ((request->packet->code == PW_CODE_ACCESS_REQUEST) &&
pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
vp = radius_paircreate(request->proxy, &request->proxy->vps, PW_CHAP_CHALLENGE, 0);
"Message-Authenticator", "0x00", T_OP_SET);
} else if (home->type == HOME_TYPE_AUTH) {
- request->proxy->code = PW_CODE_AUTHENTICATION_REQUEST;
+ request->proxy->code = PW_CODE_ACCESS_REQUEST;
pairmake(request->proxy, &request->proxy->vps,
"User-Name", home->ping_user_name, T_OP_SET);
}
static const FR_NAME_NUMBER request_types[] = {
- { "auth", PW_CODE_AUTHENTICATION_REQUEST },
+ { "auth", PW_CODE_ACCESS_REQUEST },
{ "challenge", PW_CODE_ACCESS_CHALLENGE },
{ "acct", PW_CODE_ACCOUNTING_REQUEST },
{ "status", PW_CODE_STATUS_SERVER },
{
switch (type) {
default:
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
case PW_CODE_ACCESS_CHALLENGE:
case PW_CODE_STATUS_SERVER:
if (*port == 0) *port = getport("radius");
static PW_CODE radclient_get_code(port)
{
if ((port == getport("radius")) || (port == PW_AUTH_UDP_PORT) || (port == PW_AUTH_UDP_PORT_ALT)) {
- return PW_CODE_AUTHENTICATION_REQUEST;
+ return PW_CODE_ACCESS_REQUEST;
}
if ((port == getport("radacct")) || (port == PW_ACCT_UDP_PORT) || (port == PW_ACCT_UDP_PORT_ALT)) {
return PW_CODE_ACCOUNTING_REQUEST;
*/
if (request->filter_code == PW_CODE_UNDEFINED) {
switch (request->packet->code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
- request->filter_code = PW_CODE_AUTHENTICATION_ACK;
+ case PW_CODE_ACCESS_REQUEST:
+ request->filter_code = PW_CODE_ACCESS_ACCEPT;
break;
case PW_CODE_ACCOUNTING_REQUEST:
case PW_CODE_STATUS_SERVER:
switch (radclient_get_code(request->packet->dst_port)) {
- case PW_CODE_AUTHENTICATION_REQUEST:
- request->filter_code = PW_CODE_AUTHENTICATION_ACK;
+ case PW_CODE_ACCESS_REQUEST:
+ request->filter_code = PW_CODE_ACCESS_ACCEPT;
break;
case PW_CODE_ACCOUNTING_REQUEST:
*/
} else if (request->packet->code == PW_CODE_UNDEFINED) {
switch (request->filter_code) {
- case PW_CODE_AUTHENTICATION_ACK:
- case PW_CODE_AUTHENTICATION_REJECT:
- request->packet->code = PW_CODE_AUTHENTICATION_REQUEST;
+ case PW_CODE_ACCESS_ACCEPT:
+ case PW_CODE_ACCESS_REJECT:
+ request->packet->code = PW_CODE_ACCESS_REQUEST;
break;
case PW_CODE_ACCOUNTING_RESPONSE:
* Increment counters...
*/
switch (request->reply->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
case PW_CODE_ACCOUNTING_RESPONSE:
case PW_CODE_COA_ACK:
case PW_CODE_DISCONNECT_ACK:
", built on " __DATE__ " at " __TIME__;
static int rs_useful_codes[] = {
- PW_CODE_AUTHENTICATION_REQUEST, //!< RFC2865 - Authentication request
- PW_CODE_AUTHENTICATION_ACK, //!< RFC2865 - Access-Accept
- PW_CODE_AUTHENTICATION_REJECT, //!< RFC2865 - Access-Reject
+ PW_CODE_ACCESS_REQUEST, //!< RFC2865 - Authentication request
+ PW_CODE_ACCESS_ACCEPT, //!< RFC2865 - Access-Accept
+ PW_CODE_ACCESS_REJECT, //!< RFC2865 - Access-Reject
PW_CODE_ACCOUNTING_REQUEST, //!< RFC2866 - Accounting-Request
PW_CODE_ACCOUNTING_RESPONSE, //!< RFC2866 - Accounting-Response
PW_CODE_ACCESS_CHALLENGE, //!< RFC2865 - Access-Challenge
switch (current->code) {
case PW_CODE_ACCOUNTING_RESPONSE:
- case PW_CODE_AUTHENTICATION_REJECT:
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_REJECT:
+ case PW_CODE_ACCESS_ACCEPT:
case PW_CODE_ACCESS_CHALLENGE:
case PW_CODE_COA_NAK:
case PW_CODE_COA_ACK:
}
case PW_CODE_ACCOUNTING_REQUEST:
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
case PW_CODE_COA_REQUEST:
case PW_CODE_DISCONNECT_REQUEST:
case PW_CODE_STATUS_SERVER:
* Access-Requests have a Message-Authenticator added,
* unless one already exists.
*/
- if ((request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) &&
+ if ((request->packet->code == PW_CODE_ACCESS_REQUEST) &&
!pairfind(request->proxy->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY)) {
pairmake(request->proxy, &request->proxy->vps,
"Message-Authenticator", "0x00",
if (!rd) return NULL;
pool = NULL;
- if (request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
pool = rd->auth_pool;
} else if (request->packet->code == PW_CODE_ACCOUNTING_REQUEST) {
* this function, which makes it thread-safe.
*/
if (request->reply && (request->packet->code != PW_CODE_STATUS_SERVER)) switch (request->reply->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
INC_AUTH(total_access_accepts);
auth_stats:
&request->reply->timestamp);
break;
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
INC_AUTH(total_access_rejects);
goto auth_stats;
* authenticator.
*/
case 0:
- if (request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
if (request->reply->offset == -2) {
INC_AUTH(total_bad_authenticators);
} else {
if (!request->proxy || !request->proxy_listener) goto done; /* simplifies formatting */
switch (request->proxy->code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
proxy_auth_stats.total_requests += request->num_proxied_requests;
request->proxy_listener->stats.total_requests += request->num_proxied_requests;
request->home_server->stats.total_requests += request->num_proxied_requests;
#define INC(_x) proxy_auth_stats._x += request->num_proxied_responses; request->proxy_listener->stats._x += request->num_proxied_responses; request->home_server->stats._x += request->num_proxied_responses;
switch (request->proxy_reply->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
INC(total_access_accepts);
proxy_stats:
INC(total_responses);
&request->proxy_reply->timestamp);
break;
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
INC(total_access_rejects);
goto proxy_stats;
* set.
*/
switch(packet->code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
if (listener->type != RAD_LISTEN_AUTH) goto bad_packet;
FR_STATS_INC(auth, total_requests);
fun = rad_authenticate;
* FIXME: Client MIB updates?
*/
switch(packet->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
case PW_CODE_ACCESS_CHALLENGE:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
break;
#ifdef WITH_ACCOUNTING
/*
* Set the defaults for IPs, etc.
*/
- request->packet->code = PW_CODE_AUTHENTICATION_REQUEST;
+ request->packet->code = PW_CODE_ACCESS_REQUEST;
request->packet->src_ipaddr.af = AF_INET;
request->packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_LOOPBACK);
/*
* Originate CoA requests only when necessary.
*/
- if ((request->packet->code != PW_CODE_AUTHENTICATION_REQUEST) &&
+ if ((request->packet->code != PW_CODE_ACCESS_REQUEST) &&
(request->packet->code != PW_CODE_ACCOUNTING_REQUEST)) return NULL;
request->coa = request_alloc_fake(request);
process_post_auth(0, request);
DEBUG2("Done VMPS");
- request->reply->code = PW_CODE_AUTHENTICATION_ACK;
+ request->reply->code = PW_CODE_ACCESS_ACCEPT;
return 0;
}
/*
* This is more than a bit of a hack.
*/
- packet->code = PW_CODE_AUTHENTICATION_REQUEST;
+ packet->code = PW_CODE_ACCESS_REQUEST;
memcpy(&id, packet->data + 4, 4);
packet->id = ntohl(id);
pairfree(&packet->vps);
packet->vps = output;
- if (request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+ if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
request->username = pairfind(request->packet->vps, PW_STRIPPED_USER_NAME, 0, TAG_ANY);
if (!request->username) {
request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
rcode = RLM_MODULE_OK;
if (!request->reply->code) switch(reply->code) {
case PW_EAP_RESPONSE:
- request->reply->code = PW_CODE_AUTHENTICATION_ACK;
+ request->reply->code = PW_CODE_ACCESS_ACCEPT;
rcode = RLM_MODULE_HANDLED; /* leap weirdness */
break;
case PW_EAP_SUCCESS:
- request->reply->code = PW_CODE_AUTHENTICATION_ACK;
+ request->reply->code = PW_CODE_ACCESS_ACCEPT;
rcode = RLM_MODULE_OK;
break;
case PW_EAP_FAILURE:
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
rcode = RLM_MODULE_REJECT;
break;
case PW_EAP_REQUEST:
/* Should never enter here */
ERROR("rlm_eap: reply code %d is unknown, Rejecting the request.", reply->code);
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
reply->code = PW_EAP_FAILURE;
rcode = RLM_MODULE_REJECT;
break;
if (!packet->code) switch(reply->code) {
case PW_EAP_RESPONSE:
case PW_EAP_SUCCESS:
- packet->code = PW_CODE_AUTHENTICATION_ACK;
+ packet->code = PW_CODE_ACCESS_ACCEPT;
rcode = RLM_MODULE_HANDLED;
break;
case PW_EAP_FAILURE:
- packet->code = PW_CODE_AUTHENTICATION_REJECT;
+ packet->code = PW_CODE_ACCESS_REJECT;
rcode = RLM_MODULE_REJECT;
break;
case PW_EAP_REQUEST:
default:
/* Should never enter here */
ERROR("rlm_eap: reply code %d is unknown, Rejecting the request.", reply->code);
- packet->code = PW_CODE_AUTHENTICATION_REJECT;
+ packet->code = PW_CODE_ACCESS_REJECT;
break;
}
if (!fr_debug_flag && do_output) {
debug_packet(*rep, R_RECV);
}
- if((*rep)->code == PW_CODE_AUTHENTICATION_ACK) {
+ if((*rep)->code == PW_CODE_ACCESS_ACCEPT) {
totalapp++;
- } else if ((*rep)->code == PW_CODE_AUTHENTICATION_REJECT) {
+ } else if ((*rep)->code == PW_CODE_ACCESS_REJECT) {
totaldeny++;
}
if (strcmp(argv[2], "auth") == 0) {
if (port == 0) port = getport("radius");
if (port == 0) port = PW_AUTH_UDP_PORT;
- req->code = PW_CODE_AUTHENTICATION_REQUEST;
+ req->code = PW_CODE_ACCESS_REQUEST;
} else if (strcmp(argv[2], "acct") == 0) {
if (port == 0) port = getport("radacct");
* says that we MUST include a User-Name attribute in the
* Access-Accept.
*/
- if ((request->reply->code == PW_CODE_AUTHENTICATION_ACK) &&
+ if ((request->reply->code == PW_CODE_ACCESS_ACCEPT) &&
request->username) {
VALUE_PAIR *vp;
* says that we MUST include a User-Name attribute in the
* Access-Accept.
*/
- if ((request->reply->code == PW_CODE_AUTHENTICATION_ACK) &&
+ if ((request->reply->code == PW_CODE_ACCESS_ACCEPT) &&
request->username) {
/*
* Doesn't exist, add it in.
* There is only a limited number of possibilities.
*/
switch (request->reply->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
RDEBUG2("Proxied authentication succeeded");
/*
break;
default:
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
RDEBUG("Proxied authentication did not succeed");
return 0;
}
}
switch (reply->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
RDEBUG2("Tunneled authentication was successful");
t->status = PEAP_STATUS_SENT_TLV_SUCCESS;
eappeap_success(handler, tls_session);
}
break;
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
RDEBUG2("Tunneled authentication was rejected");
t->status = PEAP_STATUS_SENT_TLV_FAILURE;
eappeap_failure(handler, tls_session);
/*
* Do the callback, if it exists, and if it was a success.
*/
- if (fake && (handler->request->proxy_reply->code == PW_CODE_AUTHENTICATION_ACK)) {
+ if (fake && (handler->request->proxy_reply->code == PW_CODE_ACCESS_ACCEPT)) {
peap_tunnel_t *t = tls_session->opaque;
t->home_access_accept = true;
RDEBUG("Got SoH reply");
debug_pair_list(fake->reply->vps);
- if (fake->reply->code != PW_CODE_AUTHENTICATION_ACK) {
+ if (fake->reply->code != PW_CODE_ACCESS_ACCEPT) {
RDEBUG2("SoH was rejected");
talloc_free(fake);
t->status = PEAP_STATUS_SENT_TLV_FAILURE;
/*
* Authentication succeeded! Rah!
*/
- fake->reply->code = PW_CODE_AUTHENTICATION_ACK;
+ fake->reply->code = PW_CODE_ACCESS_ACCEPT;
goto do_process;
}
&fake->reply->vps, 0, 0, TAG_ANY);
/* reject if virtual server didn't return accept */
- if (fake->reply->code != PW_CODE_AUTHENTICATION_ACK) {
+ if (fake->reply->code != PW_CODE_ACCESS_ACCEPT) {
RDEBUG2("Certificates were rejected by the virtual server");
talloc_free(fake);
eaptls_fail(handler, 0);
*/
rcode = eapttls_process(handler, tls_session);
switch (rcode) {
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
eaptls_fail(handler, 0);
return 0;
/*
* Success: Automatically return MPPE keys.
*/
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
return eaptls_success(handler, 0);
/*
* NOT 'eap start', so we should check for that....
*/
switch (reply->code) {
- case PW_CODE_AUTHENTICATION_ACK:
+ case PW_CODE_ACCESS_ACCEPT:
RDEBUG("Got tunneled Access-Accept");
rcode = RLM_MODULE_OK;
break;
- case PW_CODE_AUTHENTICATION_REJECT:
+ case PW_CODE_ACCESS_REJECT:
RDEBUG("Got tunneled Access-Reject");
rcode = RLM_MODULE_REJECT;
break;
/*
* Do the callback, if it exists, and if it was a success.
*/
- if (fake && (handler->request->proxy_reply->code == PW_CODE_AUTHENTICATION_ACK)) {
+ if (fake && (handler->request->proxy_reply->code == PW_CODE_ACCESS_ACCEPT)) {
/*
* Terrible hacks.
*/
*/
int eapttls_process(eap_handler_t *handler, tls_session_t *tls_session)
{
- int code = PW_CODE_AUTHENTICATION_REJECT;
+ int code = PW_CODE_ACCESS_REJECT;
rlm_rcode_t rcode;
REQUEST *fake;
VALUE_PAIR *vp;
if (data_len == 0) {
if (t->authenticated) {
RDEBUG("Got ACK, and the user was already authenticated");
- return PW_CODE_AUTHENTICATION_ACK;
+ return PW_CODE_ACCESS_ACCEPT;
} /* else no session, no data, die. */
/*
* wrong.
*/
RDEBUG2("SSL_read Error");
- return PW_CODE_AUTHENTICATION_REJECT;
+ return PW_CODE_ACCESS_REJECT;
}
#ifndef NDEBUG
#endif
if (!diameter_verify(request, data, data_len)) {
- return PW_CODE_AUTHENTICATION_REJECT;
+ return PW_CODE_ACCESS_REJECT;
}
/*
fake->packet->vps = diameter2vp(request, fake, tls_session->ssl, data, data_len);
if (!fake->packet->vps) {
talloc_free(fake);
- return PW_CODE_AUTHENTICATION_REJECT;
+ return PW_CODE_ACCESS_REJECT;
}
/*
{
RDEBUG("No tunneled reply was found for request %d , and the request was not proxied: rejecting the user.",
request->number);
- code = PW_CODE_AUTHENTICATION_REJECT;
+ code = PW_CODE_ACCESS_REJECT;
}
break;
rcode = process_reply(handler, tls_session, request, fake->reply);
switch (rcode) {
case RLM_MODULE_REJECT:
- code = PW_CODE_AUTHENTICATION_REJECT;
+ code = PW_CODE_ACCESS_REJECT;
break;
case RLM_MODULE_HANDLED:
break;
case RLM_MODULE_OK:
- code = PW_CODE_AUTHENTICATION_ACK;
+ code = PW_CODE_ACCESS_ACCEPT;
break;
default:
- code = PW_CODE_AUTHENTICATION_REJECT;
+ code = PW_CODE_ACCESS_REJECT;
break;
}
break;
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
- request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+ request->reply->code = PW_CODE_ACCESS_REJECT;
break;
default:
break;
/*
* Perhaps authentication proxying was turned off.
*/
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
if (!realm->auth_pool) {
RDEBUG2("Authentication realm is LOCAL");
return RLM_MODULE_OK;
cleanup(packet);
return RLM_MODULE_FAIL;
- case PW_CODE_AUTHENTICATION_REQUEST:
+ case PW_CODE_ACCESS_REQUEST:
pool = realm->auth_pool;
break;
* For CHAP, create the CHAP-Challenge if
* it doesn't exist.
*/
- if ((code == PW_CODE_AUTHENTICATION_REQUEST) &&
+ if ((code == PW_CODE_ACCESS_REQUEST) &&
(pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) != NULL) &&
(pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL)) {
uint8_t *p;
*/
if ((inst->rcode == RLM_MODULE_HANDLED) && reply) {
switch (packet->code) {
- case PW_CODE_AUTHENTICATION_REQUEST:
- reply->code = PW_CODE_AUTHENTICATION_ACK;
+ case PW_CODE_ACCESS_REQUEST:
+ reply->code = PW_CODE_ACCESS_ACCEPT;
break;
case PW_CODE_ACCOUNTING_REQUEST: