From d09ae6a152d650724466d65870bc71f96b78942d Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Tue, 12 Oct 2010 13:12:13 +0200 Subject: [PATCH] Added REQUEST to soh_verify() parameters In preparation for DEBUG -> RDEBUG changes. Also made rlm_soh return FAIL on bad SoH packets. --- src/include/soh.h | 4 +--- src/main/soh.c | 6 +++--- src/modules/rlm_eap/types/rlm_eap_peap/peap.c | 2 +- src/modules/rlm_soh/rlm_soh.c | 11 +++++++++-- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/include/soh.h b/src/include/soh.h index 7dc17f9..27b6ad3 100644 --- a/src/include/soh.h +++ b/src/include/soh.h @@ -26,13 +26,11 @@ #include RCSIDH(soh_h, "$Id$") -#include - #ifdef __cplusplus extern "C" { #endif -int soh_verify(VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len); + int soh_verify(REQUEST *request, VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len); uint16_t soh_pull_be_16(const uint8_t *p); uint32_t soh_pull_be_24(const uint8_t *p); uint32_t soh_pull_be_32(const uint8_t *p); diff --git a/src/main/soh.c b/src/main/soh.c index ca4de00..926faa3 100644 --- a/src/main/soh.c +++ b/src/main/soh.c @@ -102,7 +102,7 @@ uint32_t soh_pull_be_32(const uint8_t *p) { * unknown types; we need to know their length ahead of time. Therefore, we abort * if we find an unknown type. */ -static int eapsoh_mstlv(VALUE_PAIR *sohvp, const uint8_t *p, unsigned int data_len) { +static int eapsoh_mstlv(REQUEST *request, VALUE_PAIR *sohvp, const uint8_t *p, unsigned int data_len) { VALUE_PAIR *vp; uint8_t c; int t; @@ -305,7 +305,7 @@ static const char* healthclass2str(uint8_t hc) { return NULL; } -int soh_verify(VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len) { +int soh_verify(REQUEST *request, VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len) { VALUE_PAIR *vp; eap_soh hdr; @@ -413,7 +413,7 @@ int soh_verify(VALUE_PAIR *sohvp, const uint8_t *data, unsigned int data_len) { */ if (curr_shid==0x137 && curr_shid_c==0) { DEBUG("SoH MS type-value payload"); - eapsoh_mstlv(sohvp, data + 4, tlv.tlv_len - 4); + eapsoh_mstlv(request, sohvp, data + 4, tlv.tlv_len - 4); } else { DEBUG("SoH unhandled vendor-specific TLV %08x/component=%i %i bytes payload", curr_shid, curr_shid_c, tlv.tlv_len); } diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c index be6a4a4..15e89dd 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c @@ -194,7 +194,7 @@ static VALUE_PAIR* eapsoh_verify(REQUEST *request, const uint8_t *data, unsigned } - rv = soh_verify(vp, data, data_len - 8); + rv = soh_verify(request, vp, data, data_len - 8); if (rv<0) { RDEBUG("SoH - error decoding payload: %s", fr_strerror()); } else { diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c index 027e0f6..aeb0c21 100644 --- a/src/modules/rlm_soh/rlm_soh.c +++ b/src/modules/rlm_soh/rlm_soh.c @@ -140,6 +140,7 @@ static int soh_instantiate(CONF_SECTION *conf, void **instance) { static int soh_postauth(UNUSED void * instance, REQUEST *request) { #ifdef WITH_DHCP + int rcode; VALUE_PAIR *vp; vp = pairfind(request->packet->vps, DHCP2ATTR(43)); @@ -176,7 +177,10 @@ static int soh_postauth(UNUSED void * instance, REQUEST *request) } else { RDEBUG("SoH decoding NAP from DHCP request"); /* SoH payload */ - soh_verify(request->packet->vps, data, vlen); + rcode = soh_verify(request, request->packet->vps, data, vlen); + if (rcode < 0) { + return RLM_MODULE_FAIL; + } } break; default: @@ -205,7 +209,10 @@ static int soh_authorize(UNUSED void * instance, REQUEST *request) RDEBUG("SoH radius VP found"); /* decode it */ - rv = soh_verify(request->packet->vps, vp->vp_octets, vp->length); + rv = soh_verify(request, request->packet->vps, vp->vp_octets, vp->length); + if (rv < 0) { + return RLM_MODULE_FAIL; + } return RLM_MODULE_OK; } -- 2.1.4