/** Add a module failure message VALUE_PAIR to the request
*
* @param[in] request The current request.
* @param[in] msg with printf style substitution tokens.
* @param[in] ap Substitution arguments.
*/
void vlog_module_failure_msg(REQUEST *request, char const *msg, va_list ap)
{
char *p;
VALUE_PAIR *vp;
va_list aq;
if (!msg || !request || !request->packet) return;
rad_assert(attr_module_failure_message);
/*
* If we don't copy the original ap we get a segfault from vasprintf. This is apparently
* due to ap sometimes being implemented with a stack offset which is invalidated if
* ap is passed into another function. See here:
* http://julipedia.meroh.net/2011/09/using-vacopy-to-safely-pass-ap.html
*
* I don't buy that explanation, but doing a va_copy here does prevent SEGVs seen when
* running unit tests which generate errors under CI.
*/
va_copy(aq, ap);
p = fr_vasprintf(request, msg, aq);
va_end(aq);
MEM(pair_add_request(&vp, attr_module_failure_message) >= 0);
if (request->module && (request->module[0] != '\0')) {
fr_pair_value_snprintf(vp, "%s: %s", request->module, p);
} else {
fr_pair_value_snprintf(vp, "%s", p);
}
talloc_free(p);
}
/** Do any RADIUS-layer fixups for proxying.
*
*/
static void radius_fixups(rlm_radius_t *inst, REQUEST *request)
{
VALUE_PAIR *vp;
/*
* Check for proxy loops.
*/
if (RDEBUG_ENABLED) {
fr_cursor_t cursor;
for (vp = fr_cursor_iter_by_da_init(&cursor, &request->packet->vps, attr_proxy_state);
vp;
vp = fr_cursor_next(&cursor)) {
if (vp->vp_length != 4) continue;
if (memcmp(&inst->proxy_state, vp->vp_octets, 4) == 0) {
RWARN("Possible proxy loop - please check server configuration.");
break;
}
}
}
if (request->packet->code != FR_CODE_ACCESS_REQUEST) return;
if (fr_pair_find_by_da(request->packet->vps, attr_chap_password, TAG_ANY) &&
!fr_pair_find_by_da(request->packet->vps, attr_chap_challenge, TAG_ANY)) {
MEM(pair_add_request(&vp, attr_chap_challenge) >= 0);
fr_pair_value_memcpy(vp, request->packet->vector, sizeof(request->packet->vector));
}
}
/** Add attributes describing the sync to the request
*
* Adds:
* - LDAP-Sync-DN - The DN we're searching on (not the DN of any received object).
* - LDAP-Sync-Filter - The filter for the search.
* - LDAP-Sync-Attr - The attributes we retrieved.
*
* @param[in] request The current request.
* @param[in] config Configuration of the sync.
* @return
* - 0 on success.
* - -1 on failure.
*/
static int proto_ldap_attributes_add(REQUEST *request, sync_config_t const *config)
{
VALUE_PAIR *vp;
MEM(pair_add_request(&vp, attr_ldap_sync_dn) == 0);
fr_pair_value_strcpy(vp, config->base_dn);
if (config->filter) {
MEM(pair_update_request(&vp, attr_ldap_sync_filter) >= 0);
fr_pair_value_strcpy(vp, config->filter);
}
if (config->attrs) {
char const *attrs_p;
for (attrs_p = *config->attrs; *attrs_p; attrs_p++) {
MEM(pair_add_request(&vp, attr_ldap_sync_attr) == 0);
fr_pair_value_strcpy(vp, attrs_p);
}
}
return 0;
}