Exemple #1
0
/** Add a module failure message VALUE_PAIR to the request
 *
 * @param[in] request	The current request.
 * @param[in] msg	with printf style substitution tokens.
 * @param[in] ap	Substitution arguments.
 */
void vlog_module_failure_msg(REQUEST *request, char const *msg, va_list ap)
{
	char		*p;
	VALUE_PAIR	*vp;
	va_list		aq;

	if (!msg || !request || !request->packet) return;

	rad_assert(attr_module_failure_message);

	/*
	 *  If we don't copy the original ap we get a segfault from vasprintf. This is apparently
	 *  due to ap sometimes being implemented with a stack offset which is invalidated if
	 *  ap is passed into another function. See here:
	 *  http://julipedia.meroh.net/2011/09/using-vacopy-to-safely-pass-ap.html
	 *
	 *  I don't buy that explanation, but doing a va_copy here does prevent SEGVs seen when
	 *  running unit tests which generate errors under CI.
	 */
	va_copy(aq, ap);
	p = fr_vasprintf(request, msg, aq);
	va_end(aq);

	MEM(pair_add_request(&vp, attr_module_failure_message) >= 0);
	if (request->module && (request->module[0] != '\0')) {
		fr_pair_value_snprintf(vp, "%s: %s", request->module, p);
	} else {
		fr_pair_value_snprintf(vp, "%s", p);
	}
	talloc_free(p);
}
/** Do any RADIUS-layer fixups for proxying.
 *
 */
static void radius_fixups(rlm_radius_t *inst, REQUEST *request)
{
	VALUE_PAIR *vp;

	/*
	 *	Check for proxy loops.
	 */
	if (RDEBUG_ENABLED) {
		fr_cursor_t cursor;

		for (vp = fr_cursor_iter_by_da_init(&cursor, &request->packet->vps, attr_proxy_state);
		     vp;
		     vp = fr_cursor_next(&cursor)) {
			if (vp->vp_length != 4) continue;

			if (memcmp(&inst->proxy_state, vp->vp_octets, 4) == 0) {
				RWARN("Possible proxy loop - please check server configuration.");
				break;
			}
		}
	}

	if (request->packet->code != FR_CODE_ACCESS_REQUEST) return;

	if (fr_pair_find_by_da(request->packet->vps, attr_chap_password, TAG_ANY) &&
	    !fr_pair_find_by_da(request->packet->vps, attr_chap_challenge, TAG_ANY)) {
	    	MEM(pair_add_request(&vp, attr_chap_challenge) >= 0);
		fr_pair_value_memcpy(vp, request->packet->vector, sizeof(request->packet->vector));
	}
}
/** Add attributes describing the sync to the request
 *
 * Adds:
 * - LDAP-Sync-DN     - The DN we're searching on (not the DN of any received object).
 * - LDAP-Sync-Filter - The filter for the search.
 * - LDAP-Sync-Attr   - The attributes we retrieved.
 *
 * @param[in] request	The current request.
 * @param[in] config	Configuration of the sync.
 * @return
 *	- 0 on success.
 *	- -1 on failure.
 */
static int proto_ldap_attributes_add(REQUEST *request, sync_config_t const *config)
{
	VALUE_PAIR *vp;

	MEM(pair_add_request(&vp, attr_ldap_sync_dn) == 0);
	fr_pair_value_strcpy(vp, config->base_dn);

	if (config->filter) {
		MEM(pair_update_request(&vp, attr_ldap_sync_filter) >= 0);
		fr_pair_value_strcpy(vp, config->filter);
	}
	if (config->attrs) {
		char const *attrs_p;

		for (attrs_p = *config->attrs; *attrs_p; attrs_p++) {
			MEM(pair_add_request(&vp, attr_ldap_sync_attr) == 0);
			fr_pair_value_strcpy(vp, attrs_p);
		}
	}

	return 0;
}