static rlm_rcode_t mod_post_auth(UNUSED void * instance, REQUEST *request)
{
#ifdef WITH_DHCP
int rcode;
VALUE_PAIR *vp;
vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR, TAG_ANY);
if (vp) {
/*
* vendor-specific options contain
*
* vendor opt 220/0xdc - SoH payload, or null byte to probe, or string
* "NAP" to indicate server-side support for SoH in OFFERs
*
* vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck...
*/
uint8_t vopt, vlen, *data;
data = vp->vp_octets;
while (data < vp->vp_octets + vp->length) {
vopt = *data++;
vlen = *data++;
switch (vopt) {
case 220:
if (vlen <= 1) {
RDEBUG("SoH adding NAP marker to DHCP reply");
/* client probe; send "NAP" in the reply */
vp = paircreate(request->reply, 43, DHCP_MAGIC_VENDOR);
vp->vp_octets[0] = 220;
vp->vp_octets[1] = 3;
vp->vp_octets[4] = 'N';
vp->vp_octets[3] = 'A';
vp->vp_octets[2] = 'P';
vp->length = 5;
pairadd(&request->reply->vps, vp);
} else {
RDEBUG("SoH decoding NAP from DHCP request");
/* SoH payload */
rcode = soh_verify(request, data, vlen);
if (rcode < 0) {
return RLM_MODULE_FAIL;
}
}
break;
default:
/* nothing to do */
break;
}
data += vlen;
}
return RLM_MODULE_OK;
}
#endif
return RLM_MODULE_NOOP;
}
static rlm_rcode_t mod_authorize(UNUSED void * instance, REQUEST *request)
{
VALUE_PAIR *vp;
int rv;
/* try to find the MS-SoH payload */
vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT, TAG_ANY);
if (!vp) {
RDEBUG("SoH radius VP not found");
return RLM_MODULE_NOOP;
}
RDEBUG("SoH radius VP found");
/* decode it */
rv = soh_verify(request, vp->vp_octets, vp->length);
if (rv < 0) {
return RLM_MODULE_FAIL;
}
return RLM_MODULE_OK;
}
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void *instance, UNUSED void *thread, REQUEST *request)
{
VALUE_PAIR *vp;
int rv;
/* try to find the MS-SoH payload */
vp = fr_pair_find_by_da(request->packet->vps, attr_ms_quarantine_soh, TAG_ANY);
if (!vp) {
RDEBUG2("SoH radius VP not found");
return RLM_MODULE_NOOP;
}
RDEBUG2("SoH radius VP found");
/* decode it */
rv = soh_verify(request, vp->vp_octets, vp->vp_length);
if (rv < 0) {
return RLM_MODULE_FAIL;
}
return RLM_MODULE_OK;
}
static rlm_rcode_t CC_HINT(nonnull) mod_post_auth(void *instance, UNUSED void *thread, REQUEST *request)
{
#ifdef WITH_DHCP
int rcode;
VALUE_PAIR *vp;
rlm_soh_t const *inst = instance;
if (!inst->dhcp) return RLM_MODULE_NOOP;
vp = fr_pair_find_by_da(request->packet->vps, attr_dhcp_vendor, TAG_ANY);
if (vp) {
/*
* vendor-specific options contain
*
* vendor opt 220/0xdc - SoH payload, or null byte to probe, or string
* "NAP" to indicate server-side support for SoH in OFFERs
*
* vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck...
*/
uint8_t vopt, vlen;
uint8_t const *data;
data = vp->vp_octets;
while (data < vp->vp_octets + vp->vp_length) {
vopt = *data++;
vlen = *data++;
switch (vopt) {
case 220:
if (vlen <= 1) {
uint8_t *p;
RDEBUG2("SoH adding NAP marker to DHCP reply");
/* client probe; send "NAP" in the reply */
vp = fr_pair_afrom_da(request->reply, attr_dhcp_vendor);
p = talloc_array(vp, uint8_t, 5);
p[0] = 220;
p[1] = 3;
p[4] = 'N';
p[3] = 'A';
p[2] = 'P';
fr_pair_value_memsteal(vp, p);
fr_pair_add(&request->reply->vps, vp);
} else {
RDEBUG2("SoH decoding NAP from DHCP request");
/* SoH payload */
rcode = soh_verify(request, data, vlen);
if (rcode < 0) {
return RLM_MODULE_FAIL;
}
}
break;
default:
/* nothing to do */
break;
}
data += vlen;
}
return RLM_MODULE_OK;
}
#endif
return RLM_MODULE_NOOP;
}
