Skip to content
Permalink
Browse files

remove request->username and request->password from the server

Finally.
  • Loading branch information
alandekok committed Jul 31, 2019
1 parent 0c34b26 commit 47566e632b793f618d850b4cb9236c5ca7fdb927
@@ -408,9 +408,6 @@ static REQUEST *request_from_file(TALLOC_CTX *ctx, FILE *fp, fr_event_list_t *el

request->log.lvl = rad_debug_lvl;

request->username = fr_pair_find_by_da(request->packet->vps, attr_user_name, TAG_ANY);
request->password = fr_pair_find_by_da(request->packet->vps, attr_user_password, TAG_ANY);

fr_request_async_bootstrap(request, el);

return request;
@@ -179,7 +179,6 @@ FR_CODE chbind_process(REQUEST *request, CHBIND_REQ *chbind)
if (chbind->username) {
vp = fr_pair_copy(fake->packet, chbind->username);
fr_pair_add(&fake->packet->vps, vp);
fake->username = vp;
}

/*
@@ -47,34 +47,38 @@ RCSID("$Id$")
*/
rlm_rcode_t rad_virtual_server(REQUEST *request)
{
VALUE_PAIR *vp;
VALUE_PAIR *vp, *username, *parent_username = NULL;
fr_io_final_t final;

RDEBUG("Virtual server %s received request", cf_section_name2(request->server_cs));
log_request_pair_list(L_DBG_LVL_1, request, request->packet->vps, NULL);

if (!request->username) {
request->username = fr_pair_find_by_num(request->packet->vps, 0, FR_USER_NAME, TAG_ANY);
username = fr_pair_find_by_num(request->packet->vps, 0, FR_STRIPPED_USER_NAME, TAG_ANY);
if (!username) username = fr_pair_find_by_num(request->packet->vps, 0, FR_USER_NAME, TAG_ANY);

if (request->parent) {
parent_username = fr_pair_find_by_num(request->parent->packet->vps, 0, FR_STRIPPED_USER_NAME, TAG_ANY);
if (!parent_username) parent_username = fr_pair_find_by_num(request->parent->packet->vps, 0, FR_USER_NAME, TAG_ANY);
}

/*
* Complain about possible issues related to tunnels.
*/
if (request->parent && request->parent->username && request->username) {
if (username && parent_username) {
/*
* Look at the full User-Name with realm.
*/
if (request->parent->username->da->attr == FR_STRIPPED_USER_NAME) {
if (parent_username->da->attr == FR_STRIPPED_USER_NAME) {
vp = fr_pair_find_by_num(request->parent->packet->vps, 0, FR_USER_NAME, TAG_ANY);
if (!vp) goto runit;
} else {
vp = request->parent->username;
vp = parent_username;
}

/*
* If the names aren't identical, we do some detailed checks.
*/
if (strcmp(vp->vp_strvalue, request->username->vp_strvalue) != 0) {
if (strcmp(vp->vp_strvalue, username->vp_strvalue) != 0) {
char const *outer, *inner;

outer = strchr(vp->vp_strvalue, '@');
@@ -102,7 +106,7 @@ rlm_rcode_t rad_virtual_server(REQUEST *request)
/*
* Look for an inner realm, which may or may not exist.
*/
inner = strchr(request->username->vp_strvalue, '@');
inner = strchr(username->vp_strvalue, '@');
if (outer && inner) {
outer++;
inner++;
@@ -117,8 +121,8 @@ rlm_rcode_t rad_virtual_server(REQUEST *request)
outer_len = vp->vp_length;
outer_len -= (outer - vp->vp_strvalue);

inner_len = request->username->vp_length;
inner_len -= (inner - request->username->vp_strvalue);
inner_len = username->vp_length;
inner_len -= (inner - username->vp_strvalue);

/*
* Inner: secure.example.org
@@ -1805,18 +1805,12 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
switch (mod->op) {
case T_OP_CMP_FALSE:
fr_pair_list_free(vp_list); /* Clear the entire list */

if (map->lhs->tmpl_list == PAIR_LIST_REQUEST) {
context->username = NULL;
context->password = NULL;
}
goto finish;

case T_OP_SET:
fr_pair_list_free(vp_list); /* Clear the existing list */
*vp_list = map_list_mod_to_vps(parent, vlm); /* Replace with a new list */
if (!*vp_list) goto finish;
goto update;
goto finish;

/*
* Ugh... exponential... Fixme? Build a tree if number
@@ -1852,7 +1846,7 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
fr_cursor_tail(&to);
fr_cursor_merge(&to, &to_insert); /* Do this last so we don't expand the 'to' set */
}
goto update;
goto finish;

case T_OP_ADD:
{
@@ -1868,7 +1862,7 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
fr_cursor_init(&from, &vp_from);
fr_cursor_merge(&to, &from);
}
goto update;
goto finish;

default:
rcode = -1;
@@ -1912,7 +1906,7 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
* Check that the User-Name and User-Password
* caches point to the correct attribute.
*/
goto update;
goto finish;

/*
* -= - Delete attributes in the found list which match any of the
@@ -1943,7 +1937,7 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
do {
if (fr_value_box_cmp(vb, &found->data) == 0) {
fr_cursor_free_item(&list);
goto update;
goto finish;
}
} while ((vb = vb->next));
goto finish; /* Wasn't found */
@@ -1966,8 +1960,6 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
}
} while ((vb = vb->next));
} while ((found = fr_cursor_next(&list)));

if (removed) goto update;
}
goto finish;

@@ -1989,7 +1981,7 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
fr_cursor_init(&from, &vp_from);
fr_cursor_merge(&to, &from);
}
goto update;
goto finish;

/*
* = - Set only if not already set
@@ -2021,7 +2013,7 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)

fr_cursor_merge(&list, &from); /* Merge first (insert after current attribute) */
fr_cursor_free_item(&list); /* Then free the current attribute */
goto update;
goto finish;
}

/*
@@ -2040,8 +2032,6 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
case T_OP_LE:
case T_OP_LT:
{
bool removed = false;

if (!found) goto finish;

/*
@@ -2055,10 +2045,7 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
if (fr_value_box_cmp_op(mod->op, &found->data, vb) == 1) remove = false;
} while ((vb = vb->next));

if (remove) {
fr_cursor_free_item(&list);
goto update;
}
if (remove) fr_cursor_free_item(&list);
goto finish;
}

@@ -2075,13 +2062,10 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)

if (remove) {
fr_cursor_free_item(&list);
removed = true;
} else {
fr_cursor_next(&list);
}
} while ((found = fr_cursor_current(&list)));

if (removed) goto update;
}
goto finish;

@@ -2091,46 +2075,6 @@ int map_list_mod_apply(REQUEST *request, vp_list_mod_t const *vlm)
goto finish;
}

update:
/*
* Update the cached username && password. This is code
* we execute on EVERY update (sigh) so that SOME modules
* MIGHT NOT have to do the search themselves.
*
* TBH, we should probably make each module just do the
* search themselves.
*/
if (map->lhs->tmpl_list == PAIR_LIST_REQUEST) {
VALUE_PAIR *vp;

context->username = NULL;
context->password = NULL;

for (vp = fr_cursor_init(&list, vp_list);
vp;
vp = fr_cursor_next(&list)) {

if (!fr_dict_attr_is_top_level(vp->da)) continue;
if (vp->da->flags.has_tag) continue;
if (vp->vp_type != FR_TYPE_STRING) continue;

if (!context->username && (vp->da->attr == FR_USER_NAME)) {
context->username = vp;
continue;
}

if (vp->da->attr == FR_STRIPPED_USER_NAME) {
context->username = vp;
continue;
}

if (vp->da->attr == FR_USER_PASSWORD) {
context->password = vp;
continue;
}
}
}

finish:
return rcode;
}
@@ -2580,11 +2524,6 @@ int map_to_request(REQUEST *request, vp_map_t const *map, radius_map_getvalue_t

/* Clear the entire dst list */
fr_pair_list_free(list);

if (map->lhs->tmpl_list == PAIR_LIST_REQUEST) {
context->username = NULL;
context->password = NULL;
}
goto finish;

case T_OP_SET:
@@ -2831,42 +2770,6 @@ int map_to_request(REQUEST *request, vp_map_t const *map, radius_map_getvalue_t
update:
rad_assert(!head);

/*
* Update the cached username && password. This is code
* we execute on EVERY update (sigh) so that SOME modules
* MIGHT NOT have to do the search themselves.
*
* TBH, we should probably make each module just do the
* search themselves.
*/
if (map->lhs->tmpl_list == PAIR_LIST_REQUEST) {
context->username = NULL;
context->password = NULL;

for (vp = fr_pair_cursor_init(&src_list, list);
vp;
vp = fr_pair_cursor_next(&src_list)) {
if (!fr_dict_attr_is_top_level(vp->da)) continue;
if (vp->da->flags.has_tag) continue;
if (vp->vp_type != FR_TYPE_STRING) continue;

if (!context->username && (vp->da->attr == FR_USER_NAME)) {
context->username = vp;
continue;
}

if (vp->da->attr == FR_STRIPPED_USER_NAME) {
context->username = vp;
continue;
}

if (vp->da->attr == FR_USER_PASSWORD) {
context->password = vp;
continue;
}
}
}

finish:
talloc_free(tmp_ctx);
return rcode;
@@ -35,6 +35,7 @@ RCSID("$Id$")
#include <freeradius-devel/server/request.h>

#include <freeradius-devel/protocol/radius/rfc2865.h>
#include <freeradius-devel/protocol/freeradius/freeradius.internal.h>

#include <ctype.h>

@@ -128,7 +129,8 @@ static int prefix_suffix_cmp(UNUSED void *instance,

if (!request) return -1;

username = fr_pair_find_by_da(request->packet->vps, attr_user_name, TAG_ANY);
username = fr_pair_find_by_da(request->packet->vps, attr_stripped_user_name, TAG_ANY);
if (!username) username = fr_pair_find_by_da(request->packet->vps, attr_user_name, TAG_ANY);
if (!username) return -1;

VP_VERIFY(check);
@@ -51,7 +51,6 @@ void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from, bool d
VALUE_PAIR *append, **append_tail;
VALUE_PAIR *to_copy = NULL;
bool *edited = NULL;
REQUEST *fixup = NULL;
TALLOC_CTX *ctx;

/*
@@ -296,12 +295,6 @@ void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from, bool d
fr_pair_list_free(to);
last = to;

if (to == &request->packet->vps) {
fixup = request;
} else if (request->parent && (to == &request->parent->packet->vps)) {
fixup = request->parent;
}

for (i = 0; i < tailto; i++) {
if (!to_list[i]) continue;

@@ -327,28 +320,6 @@ void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from, bool d
*/
*last = append;

/*
* Fix dumb cache issues
*/
if (fixup) {
fixup->username = NULL;
fixup->password = NULL;

for (vp = fixup->packet->vps; vp != NULL; vp = vp->next) {
if (!fr_dict_attr_is_top_level(vp->da)) continue;

if ((vp->da->attr == FR_USER_NAME) && !fixup->username) {
fixup->username = vp;

} else if (vp->da->attr == FR_STRIPPED_USER_NAME) {
fixup->username = vp;

} else if (vp->da->attr == FR_USER_PASSWORD) {
fixup->password = vp;
}
}
}

rad_assert(request->packet != NULL);

talloc_free(to_list);
@@ -92,8 +92,6 @@ REQUEST *request_alloc(TALLOC_CTX *ctx)
#endif
request->reply = NULL;
request->control = NULL;
request->username = NULL;
request->password = NULL;

/*
* These may be changed later by request_pre_handler
@@ -784,9 +782,6 @@ void request_verify(char const *file, int line, REQUEST const *request)
fr_pair_list_verify(file, line, request, request->control);
fr_pair_list_verify(file, line, request->state_ctx, request->state);

if (request->username) VP_VERIFY(request->username);
if (request->password) VP_VERIFY(request->password);

rad_assert(request->server_cs != NULL);

if (request->packet) {

0 comments on commit 47566e6

Please sign in to comment.
You can’t perform that action at this time.