Use sane macro names for codes. PW_CODE_AUTHENTICATION_ACK, PW_CODE_A…

…UTHENTICATION_REJECT? Really?

src/include/radius.h

@@ -36,9 +36,9 @@ typedef enum {
 
 typedef enum {
 	PW_CODE_UNDEFINED		= 0,	//!< Packet code has not been set
-	PW_CODE_AUTHENTICATION_REQUEST 	= 1,	//!< RFC2865 - Access-Request
-	PW_CODE_AUTHENTICATION_ACK	= 2,	//!< RFC2865 - Access-Accept
-	PW_CODE_AUTHENTICATION_REJECT	= 3,	//!< RFC2865 - Access-Reject
+	PW_CODE_ACCESS_REQUEST 	= 1,	//!< RFC2865 - Access-Request
+	PW_CODE_ACCESS_ACCEPT	= 2,	//!< RFC2865 - Access-Accept
+	PW_CODE_ACCESS_REJECT	= 3,	//!< RFC2865 - Access-Reject
 	PW_CODE_ACCOUNTING_REQUEST	= 4,	//!< RFC2866 - Accounting-Request
 	PW_CODE_ACCOUNTING_RESPONSE	= 5,	//!< RFC2866 - Accounting-Response
 	PW_CODE_ACCOUNTING_STATUS	= 6,	//!< RFC3575 - Reserved

src/lib/radius.c

@@ -945,8 +945,8 @@ static ssize_t vp2data_any(RADIUS_PACKET const *packet,
 		if (room < (18 + lvalue)) return 0;
 
 		switch (packet->code) {
-		case PW_CODE_AUTHENTICATION_ACK:
-		case PW_CODE_AUTHENTICATION_REJECT:
+		case PW_CODE_ACCESS_ACCEPT:
+		case PW_CODE_ACCESS_REJECT:
 		case PW_CODE_ACCESS_CHALLENGE:
 		default:
 			if (!original) {
@@ -1736,8 +1736,8 @@ int rad_encode(RADIUS_PACKET *packet, RADIUS_PACKET const *original,
 	 *	Double-check some things based on packet code.
 	 */
 	switch (packet->code) {
-	case PW_CODE_AUTHENTICATION_ACK:
-	case PW_CODE_AUTHENTICATION_REJECT:
+	case PW_CODE_ACCESS_ACCEPT:
+	case PW_CODE_ACCESS_REJECT:
 	case PW_CODE_ACCESS_CHALLENGE:
 		if (!original) {
 			fr_strerror_printf("ERROR: Cannot sign response packet without a request packet");
@@ -1932,8 +1932,8 @@ int rad_sign(RADIUS_PACKET *packet, RADIUS_PACKET const *original,
 			break;
 
 		do_ack:
-		case PW_CODE_AUTHENTICATION_ACK:
-		case PW_CODE_AUTHENTICATION_REJECT:
+		case PW_CODE_ACCESS_ACCEPT:
+		case PW_CODE_ACCESS_REJECT:
 		case PW_CODE_ACCESS_CHALLENGE:
 			if (!original) {
 				fr_strerror_printf("ERROR: Cannot sign response packet without a request packet");
@@ -1975,7 +1975,7 @@ int rad_sign(RADIUS_PACKET *packet, RADIUS_PACKET const *original,
 		 *	Request packets are not signed, bur
 		 *	have a random authentication vector.
 		 */
-	case PW_CODE_AUTHENTICATION_REQUEST:
+	case PW_CODE_ACCESS_REQUEST:
 	case PW_CODE_STATUS_SERVER:
 		break;
 
@@ -2786,8 +2786,8 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 				break;
 
 			do_ack:
-			case PW_CODE_AUTHENTICATION_ACK:
-			case PW_CODE_AUTHENTICATION_REJECT:
+			case PW_CODE_ACCESS_ACCEPT:
+			case PW_CODE_ACCESS_REJECT:
 			case PW_CODE_ACCESS_CHALLENGE:
 			case PW_CODE_DISCONNECT_ACK:
 			case PW_CODE_DISCONNECT_NAK:
@@ -2849,7 +2849,7 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 		int rcode;
 		char buffer[32];
 
-		case PW_CODE_AUTHENTICATION_REQUEST:
+		case PW_CODE_ACCESS_REQUEST:
 		case PW_CODE_STATUS_SERVER:
 			/*
 			 *	The authentication vector is random
@@ -2872,8 +2872,8 @@ int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original,
 			break;
 
 			/* Verify the reply digest */
-		case PW_CODE_AUTHENTICATION_ACK:
-		case PW_CODE_AUTHENTICATION_REJECT:
+		case PW_CODE_ACCESS_ACCEPT:
+		case PW_CODE_ACCESS_REJECT:
 		case PW_CODE_ACCESS_CHALLENGE:
 		case PW_CODE_ACCOUNTING_RESPONSE:
 		case PW_CODE_DISCONNECT_ACK:

src/main/auth.c

@@ -310,7 +310,7 @@ int rad_postauth(REQUEST *request)
 		case RLM_MODULE_REJECT:
 		case RLM_MODULE_USERLOCK:
 		default:
-			request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+			request->reply->code = PW_CODE_ACCESS_REJECT;
 			result = RLM_MODULE_REJECT;
 			break;
 		/*
@@ -368,7 +368,7 @@ int rad_authenticate(REQUEST *request)
 		 *	Reply of ACCEPT means accept, thus set Auth-Type
 		 *	accordingly.
 		 */
-		case PW_CODE_AUTHENTICATION_ACK:
+		case PW_CODE_ACCESS_ACCEPT:
 			tmp = radius_paircreate(request,
 						&request->config_items,
 						PW_AUTH_TYPE, 0);
@@ -390,10 +390,10 @@ int rad_authenticate(REQUEST *request)
 		 *	are being rejected, so we minimize the amount of work
 		 *	done by the server, by rejecting them here.
 		 */
-		case PW_CODE_AUTHENTICATION_REJECT:
+		case PW_CODE_ACCESS_REJECT:
 			rad_authlog("Login incorrect (Home Server says so)",
 				    request, 0);
-			request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+			request->reply->code = PW_CODE_ACCESS_REJECT;
 			return RLM_MODULE_REJECT;
 
 		default:
@@ -439,7 +439,7 @@ int rad_authenticate(REQUEST *request)
 			} else {
 				rad_authlog("Invalid user", request, 0);
 			}
-			request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+			request->reply->code = PW_CODE_ACCESS_REJECT;
 			return result;
 	}
 	if (!autz_retry) {
@@ -514,7 +514,7 @@ int rad_authenticate(REQUEST *request)
 	 */
 	if (result < 0) {
 		RDEBUG2("Failed to authenticate the user");
-		request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+		request->reply->code = PW_CODE_ACCESS_REJECT;
 
 		if ((module_msg = pairfind(request->packet->vps, PW_MODULE_FAILURE_MESSAGE, 0, TAG_ANY)) != NULL){
 			char msg[MAX_STRING_LEN+19];
@@ -592,7 +592,7 @@ int rad_authenticate(REQUEST *request)
 						 main_config.denied_msg);
 				}
 
-				request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+				request->reply->code = PW_CODE_ACCESS_REJECT;
 
 				/*
 				 *	They're trying to log in too many times.
@@ -626,7 +626,7 @@ int rad_authenticate(REQUEST *request)
 	 *	been set to something.  (i.e. Access-Challenge)
 	 */
 	if (request->reply->code == 0)
-	  request->reply->code = PW_CODE_AUTHENTICATION_ACK;
+	  request->reply->code = PW_CODE_ACCESS_ACCEPT;
 
 	if ((module_msg = pairfind(request->packet->vps, PW_MODULE_SUCCESS_MESSAGE, 0, TAG_ANY)) != NULL){
 		char msg[MAX_STRING_LEN+12];
@@ -654,17 +654,17 @@ int rad_virtual_server(REQUEST *request)
 	 *	We currently only handle AUTH packets here.
 	 *	This could be expanded to handle other packets as well if required.
 	 */
-	rad_assert(request->packet->code == PW_CODE_AUTHENTICATION_REQUEST);
+	rad_assert(request->packet->code == PW_CODE_ACCESS_REQUEST);
 
 	result = rad_authenticate(request);
 
-	if (request->reply->code == PW_CODE_AUTHENTICATION_REJECT) {
+	if (request->reply->code == PW_CODE_ACCESS_REJECT) {
 		pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY);
 		vp = pairmake_config("Post-Auth-Type", "Reject", T_OP_SET);
 		if (vp) rad_postauth(request);
 	}
 
-	if (request->reply->code == PW_CODE_AUTHENTICATION_ACK) {
+	if (request->reply->code == PW_CODE_ACCESS_ACCEPT) {
 		rad_postauth(request);
 	}
 

src/main/command.c

@@ -1313,7 +1313,7 @@ static int command_inject_file(rad_listen_t *listener, int argc, char *argv[])
 	packet->id = inject_id++;
 
 	if (fake->type == RAD_LISTEN_AUTH) {
-		packet->code = PW_CODE_AUTHENTICATION_REQUEST;
+		packet->code = PW_CODE_ACCESS_REQUEST;
 		fun = rad_authenticate;
 
 	} else {

src/main/listen.c

@@ -331,7 +331,7 @@ int rad_status_server(REQUEST *request)
 		switch (rcode) {
 		case RLM_MODULE_OK:
 		case RLM_MODULE_UPDATED:
-			request->reply->code = PW_CODE_AUTHENTICATION_ACK;
+			request->reply->code = PW_CODE_ACCESS_ACCEPT;
 			break;
 
 		case RLM_MODULE_FAIL:
@@ -341,7 +341,7 @@ int rad_status_server(REQUEST *request)
 
 		default:
 		case RLM_MODULE_REJECT:
-			request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+			request->reply->code = PW_CODE_ACCESS_REJECT;
 			break;
 		}
 		break;
@@ -486,7 +486,7 @@ static int dual_tcp_recv(rad_listen_t *listener)
 	 *	Some sanity checks, based on the packet code.
 	 */
 	switch(packet->code) {
-	case PW_CODE_AUTHENTICATION_REQUEST:
+	case PW_CODE_ACCESS_REQUEST:
 		if (listener->type != RAD_LISTEN_AUTH) goto bad_packet;
 		FR_STATS_INC(auth, total_requests);
 		fun = rad_authenticate;
@@ -1444,7 +1444,7 @@ static int auth_socket_recv(rad_listen_t *listener)
 	 *	Some sanity checks, based on the packet code.
 	 */
 	switch(code) {
-	case PW_CODE_AUTHENTICATION_REQUEST:
+	case PW_CODE_ACCESS_REQUEST:
 		fun = rad_authenticate;
 		break;
 
@@ -1857,9 +1857,9 @@ static int proxy_socket_recv(rad_listen_t *listener)
 	 *	FIXME: Client MIB updates?
 	 */
 	switch(packet->code) {
-	case PW_CODE_AUTHENTICATION_ACK:
+	case PW_CODE_ACCESS_ACCEPT:
 	case PW_CODE_ACCESS_CHALLENGE:
-	case PW_CODE_AUTHENTICATION_REJECT:
+	case PW_CODE_ACCESS_REJECT:
 		break;
 
 #ifdef WITH_ACCOUNTING
@@ -1919,9 +1919,9 @@ static int proxy_socket_tcp_recv(rad_listen_t *listener)
 	 *	FIXME: Client MIB updates?
 	 */
 	switch(packet->code) {
-	case PW_CODE_AUTHENTICATION_ACK:
+	case PW_CODE_ACCESS_ACCEPT:
 	case PW_CODE_ACCESS_CHALLENGE:
-	case PW_CODE_AUTHENTICATION_REJECT:
+	case PW_CODE_ACCESS_REJECT:
 		break;
 
 #ifdef WITH_ACCOUNTING

src/main/process.c

@@ -1285,16 +1285,16 @@ STATE_MACHINE_DECL(request_finish)
 	/*
 	 *	Catch Auth-Type := Reject BEFORE proxying the packet.
 	 */
-	else if (request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+	else if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
 		if (request->reply->code == 0) {
 			vp = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY);
 
-			if (!vp || (vp->vp_integer != PW_CODE_AUTHENTICATION_REJECT)) {
+			if (!vp || (vp->vp_integer != PW_CODE_ACCESS_REJECT)) {
 				RDEBUG2("There was no response configured: "
 					"rejecting request");
 			}
 
-			request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
+			request->reply->code = PW_CODE_ACCESS_REJECT;
 		}
 	}
 
@@ -1306,7 +1306,7 @@ STATE_MACHINE_DECL(request_finish)
 	if (vp) pairadd(&request->reply->vps, vp);
 
 	switch (request->reply->code) {
-	case PW_CODE_AUTHENTICATION_ACK:
+	case PW_CODE_ACCESS_ACCEPT:
 		rad_postauth(request);
 		break;
 	case PW_CODE_ACCESS_CHALLENGE:
@@ -1327,7 +1327,7 @@ STATE_MACHINE_DECL(request_finish)
 	 *	We do this separately so ACK and challenge can change the code
 	 *	to reject if a module returns reject.
 	 */
-	if (request->reply->code == PW_CODE_AUTHENTICATION_REJECT) {
+	if (request->reply->code == PW_CODE_ACCESS_REJECT) {
 		pairdelete(&request->config_items, PW_POST_AUTH_TYPE, 0, TAG_ANY);
 		vp = pairmake_config("Post-Auth-Type", "Reject", T_OP_SET);
 		if (vp) rad_postauth(request);
@@ -1364,7 +1364,7 @@ STATE_MACHINE_DECL(request_finish)
 	/*
 	 *	See if we need to delay an Access-Reject packet.
 	 */
-	if ((request->reply->code == PW_CODE_AUTHENTICATION_REJECT) &&
+	if ((request->reply->code == PW_CODE_ACCESS_REJECT) &&
 	    (request->root->reject_delay > 0)) {
 		request->response_delay = request->root->reject_delay;
 
@@ -1553,7 +1553,7 @@ int request_receive(rad_listen_t *listener, RADIUS_PACKET *packet,
 
 #ifdef WITH_STATS
 				switch (packet->code) {
-				case PW_CODE_AUTHENTICATION_REQUEST:
+				case PW_CODE_ACCESS_REQUEST:
 					FR_STATS_INC(auth, total_dup_requests);
 					break;
 
@@ -1712,7 +1712,7 @@ static REQUEST *request_setup(rad_listen_t *listener, RADIUS_PACKET *packet,
 
 #ifdef WITH_STATS
 	request->listener->stats.last_packet = request->packet->timestamp.tv_sec;
-	if (packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+	if (packet->code == PW_CODE_ACCESS_REQUEST) {
 		request->client->auth.last_packet = request->packet->timestamp.tv_sec;
 		radius_auth_stats.last_packet = request->packet->timestamp.tv_sec;
 #ifdef WITH_ACCOUNTING
@@ -2156,7 +2156,7 @@ static int process_proxy_reply(REQUEST *request, RADIUS_PACKET *reply)
 	 *	post-proxy-type Reject
 	 */
 	if (!vp && reply &&
-	    reply->code == PW_CODE_AUTHENTICATION_REJECT) {
+	    reply->code == PW_CODE_ACCESS_REJECT) {
 		DICT_VALUE	*dval;
 
 		dval = dict_valbyname(PW_POST_PROXY_TYPE, 0, "Reject");
@@ -2342,7 +2342,7 @@ int request_proxy_reply(RADIUS_PACKET *packet)
 	request->home_server->stats.last_packet = packet->timestamp.tv_sec;
 	request->proxy_listener->stats.last_packet = packet->timestamp.tv_sec;
 
-	if (request->proxy->code == PW_CODE_AUTHENTICATION_REQUEST) {
+	if (request->proxy->code == PW_CODE_ACCESS_REQUEST) {
 		proxy_auth_stats.last_packet = packet->timestamp.tv_sec;
 #ifdef WITH_ACCOUNTING
 	} else if (request->proxy->code == PW_CODE_ACCOUNTING_REQUEST) {
@@ -2377,7 +2377,7 @@ static int setup_post_proxy_fail(REQUEST *request)
 	DICT_VALUE const *dval = NULL;
 	VALUE_PAIR *vp;
 
-	if (request->proxy->code == PW_CODE_AUTHENTICATION_REQUEST) {
+	if (request->proxy->code == PW_CODE_ACCESS_REQUEST) {
 		dval = dict_valbyname(PW_POST_PROXY_TYPE, 0,
 				      "Fail-Authentication");
 
@@ -2496,7 +2496,7 @@ static int request_will_proxy(REQUEST *request)
 		/*
 		 *	Figure out which pool to use.
 		 */
-		if (request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) {
+		if (request->packet->code == PW_CODE_ACCESS_REQUEST) {
 			pool = realm->auth_pool;
 
 #ifdef WITH_ACCOUNTING
@@ -2521,7 +2521,7 @@ static int request_will_proxy(REQUEST *request)
 		if (!vp) return 0;
 
 		switch (request->packet->code) {
-		case PW_CODE_AUTHENTICATION_REQUEST:
+		case PW_CODE_ACCESS_REQUEST:
 			pool_type = HOME_TYPE_AUTH;
 			break;
 
@@ -2623,7 +2623,7 @@ static int request_will_proxy(REQUEST *request)
 	 *	since we can't use the request authenticator
 	 *	anymore - we changed it.
 	 */
-	if ((request->packet->code == PW_CODE_AUTHENTICATION_REQUEST) &&
+	if ((request->packet->code == PW_CODE_ACCESS_REQUEST) &&
 	    pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) &&
 	    pairfind(request->proxy->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL) {
 		vp = radius_paircreate(request->proxy, &request->proxy->vps, PW_CHAP_CHALLENGE, 0);
@@ -3025,7 +3025,7 @@ static void ping_home_server(void *ctx)
 			 "Message-Authenticator", "0x00", T_OP_SET);
 
 	} else if (home->type == HOME_TYPE_AUTH) {
-		request->proxy->code = PW_CODE_AUTHENTICATION_REQUEST;
+		request->proxy->code = PW_CODE_ACCESS_REQUEST;
 
 		pairmake(request->proxy, &request->proxy->vps,
 			 "User-Name", home->ping_user_name, T_OP_SET);