static rlm_rcode_t mod_post_auth(UNUSED void * instance, REQUEST *request) { #ifdef WITH_DHCP int rcode; VALUE_PAIR *vp; vp = pairfind(request->packet->vps, 43, DHCP_MAGIC_VENDOR, TAG_ANY); if (vp) { /* * vendor-specific options contain * * vendor opt 220/0xdc - SoH payload, or null byte to probe, or string * "NAP" to indicate server-side support for SoH in OFFERs * * vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck... */ uint8_t vopt, vlen, *data; data = vp->vp_octets; while (data < vp->vp_octets + vp->length) { vopt = *data++; vlen = *data++; switch (vopt) { case 220: if (vlen <= 1) { RDEBUG("SoH adding NAP marker to DHCP reply"); /* client probe; send "NAP" in the reply */ vp = paircreate(request->reply, 43, DHCP_MAGIC_VENDOR); vp->vp_octets[0] = 220; vp->vp_octets[1] = 3; vp->vp_octets[4] = 'N'; vp->vp_octets[3] = 'A'; vp->vp_octets[2] = 'P'; vp->length = 5; pairadd(&request->reply->vps, vp); } else { RDEBUG("SoH decoding NAP from DHCP request"); /* SoH payload */ rcode = soh_verify(request, data, vlen); if (rcode < 0) { return RLM_MODULE_FAIL; } } break; default: /* nothing to do */ break; } data += vlen; } return RLM_MODULE_OK; } #endif return RLM_MODULE_NOOP; }
static rlm_rcode_t mod_authorize(UNUSED void * instance, REQUEST *request) { VALUE_PAIR *vp; int rv; /* try to find the MS-SoH payload */ vp = pairfind(request->packet->vps, 55, VENDORPEC_MICROSOFT, TAG_ANY); if (!vp) { RDEBUG("SoH radius VP not found"); return RLM_MODULE_NOOP; } RDEBUG("SoH radius VP found"); /* decode it */ rv = soh_verify(request, vp->vp_octets, vp->length); if (rv < 0) { return RLM_MODULE_FAIL; } return RLM_MODULE_OK; }
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void *instance, UNUSED void *thread, REQUEST *request) { VALUE_PAIR *vp; int rv; /* try to find the MS-SoH payload */ vp = fr_pair_find_by_da(request->packet->vps, attr_ms_quarantine_soh, TAG_ANY); if (!vp) { RDEBUG2("SoH radius VP not found"); return RLM_MODULE_NOOP; } RDEBUG2("SoH radius VP found"); /* decode it */ rv = soh_verify(request, vp->vp_octets, vp->vp_length); if (rv < 0) { return RLM_MODULE_FAIL; } return RLM_MODULE_OK; }
static rlm_rcode_t CC_HINT(nonnull) mod_post_auth(void *instance, UNUSED void *thread, REQUEST *request) { #ifdef WITH_DHCP int rcode; VALUE_PAIR *vp; rlm_soh_t const *inst = instance; if (!inst->dhcp) return RLM_MODULE_NOOP; vp = fr_pair_find_by_da(request->packet->vps, attr_dhcp_vendor, TAG_ANY); if (vp) { /* * vendor-specific options contain * * vendor opt 220/0xdc - SoH payload, or null byte to probe, or string * "NAP" to indicate server-side support for SoH in OFFERs * * vendor opt 222/0xde - SoH correlation ID as utf-16 string, yuck... */ uint8_t vopt, vlen; uint8_t const *data; data = vp->vp_octets; while (data < vp->vp_octets + vp->vp_length) { vopt = *data++; vlen = *data++; switch (vopt) { case 220: if (vlen <= 1) { uint8_t *p; RDEBUG2("SoH adding NAP marker to DHCP reply"); /* client probe; send "NAP" in the reply */ vp = fr_pair_afrom_da(request->reply, attr_dhcp_vendor); p = talloc_array(vp, uint8_t, 5); p[0] = 220; p[1] = 3; p[4] = 'N'; p[3] = 'A'; p[2] = 'P'; fr_pair_value_memsteal(vp, p); fr_pair_add(&request->reply->vps, vp); } else { RDEBUG2("SoH decoding NAP from DHCP request"); /* SoH payload */ rcode = soh_verify(request, data, vlen); if (rcode < 0) { return RLM_MODULE_FAIL; } } break; default: /* nothing to do */ break; } data += vlen; } return RLM_MODULE_OK; } #endif return RLM_MODULE_NOOP; }