本文整理汇总了C++中RDEBUG3函数的典型用法代码示例。如果您正苦于以下问题:C++ RDEBUG3函数的具体用法?C++ RDEBUG3怎么用?C++ RDEBUG3使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了RDEBUG3函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: fr_redis_reply_to_map
/** Convert a pair of redis reply objects to a map
*
* The maps can then be applied using #map_to_request.
*
* @param[in,out] ctx to allocate maps in.
* @param[out] out Where to write the head of the new maps list.
* @param[in] request The current request.
* @param[in] key to process.
* @param[in] op to process.
* @param[in] value to process.
* @return
* - 0 on success.
* - -1 on failure.
*/
int fr_redis_reply_to_map(TALLOC_CTX *ctx, vp_map_t **out, REQUEST *request,
redisReply *key, redisReply *op, redisReply *value)
{
vp_map_t *map = NULL;
ssize_t slen;
*out = NULL;
if (key->type != REDIS_REPLY_STRING) {
REDEBUG("Bad key type, expected string, got %s",
fr_int2str(redis_reply_types, key->type, "<UNKNOWN>"));
error:
TALLOC_FREE(map);
return -1;
}
if (op->type != REDIS_REPLY_STRING) {
REDEBUG("Bad key type, expected string, got %s",
fr_int2str(redis_reply_types, op->type, "<UNKNOWN>"));
goto error;
}
RDEBUG3("Got key : %s", key->str);
RDEBUG3("Got op : %s", op->str);
RDEBUG3("Got value : %pV", fr_box_strvalue_len(value->str, value->len));
map = talloc_zero(ctx, vp_map_t);
slen = tmpl_afrom_attr_str(map, NULL, &map->lhs, key->str, &(vp_tmpl_rules_t){ .dict_def = request->dict });示例2: eap_crypto_mppe_keys
USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
#define __STDC_WANT_LIB_EXT1__ 1
#include <string.h>
#include <openssl/hmac.h>
#include <freeradius-devel/util/sha1.h>
#include <freeradius-devel/tls/base.h>
#include <freeradius-devel/tls/missing.h>
#include "tls.h"
#include "base.h"
#include "attrs.h"
#define EAP_TLS_MPPE_KEY_LEN 32
/** Generate keys according to RFC 2716 and add to the reply
*
*/
int eap_crypto_mppe_keys(REQUEST *request, SSL *ssl, char const *prf_label, size_t prf_label_len)
{
uint8_t out[4 * EAP_TLS_MPPE_KEY_LEN];
uint8_t *p;
if (SSL_export_keying_material(ssl, out, sizeof(out), prf_label, prf_label_len, NULL, 0, 0) != 1) {
tls_log_error(request, "Failed generating MPPE keys");
return -1;
}
if (RDEBUG_ENABLED3) {
uint8_t random[SSL3_RANDOM_SIZE];
size_t random_len;
uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH];
size_t master_key_len;
RDEBUG3("Key Derivation Function input");
RINDENT();
RDEBUG3("prf label : %pV", fr_box_strvalue_len(prf_label, prf_label_len));
master_key_len = SSL_SESSION_get_master_key(SSL_get_session(ssl), master_key, sizeof(master_key));
RDEBUG3("master session key : %pH", fr_box_octets(master_key, master_key_len));
random_len = SSL_get_client_random(ssl, random, SSL3_RANDOM_SIZE);
RDEBUG3("client random : %pH", fr_box_octets(random, random_len));
random_len = SSL_get_server_random(ssl, random, SSL3_RANDOM_SIZE);
RDEBUG3("server random : %pH", fr_box_octets(random, random_len));
REXDENT();
}
RDEBUG2("Adding session keys");
p = out;
eap_add_reply(request, attr_ms_mppe_recv_key, p, EAP_TLS_MPPE_KEY_LEN);
p += EAP_TLS_MPPE_KEY_LEN;
eap_add_reply(request, attr_ms_mppe_send_key, p, EAP_TLS_MPPE_KEY_LEN);
eap_add_reply(request, attr_eap_msk, out, 64);
eap_add_reply(request, attr_eap_emsk, out + 64, 64);
return 0;
}示例3: vector_gsm_from_triplets
static int vector_gsm_from_triplets(eap_session_t *eap_session, VALUE_PAIR *vps,
int idx, fr_sim_keys_t *keys)
{
REQUEST *request = eap_session->request;
VALUE_PAIR *rand = NULL, *sres = NULL, *kc = NULL;
fr_cursor_t cursor;
int i;
for (i = 0, (kc = fr_cursor_iter_by_da_init(&cursor, &vps, attr_eap_sim_kc));
(i < idx) && (kc = fr_cursor_next(&cursor));
i++);
if (!kc) {
RDEBUG3("No &control:%s[%i] attribute found, not using GSM triplets",
attr_eap_sim_kc->name, idx);
return 1;
}
if (kc->vp_length != SIM_VECTOR_GSM_KC_SIZE) {
REDEBUG("&control:%s[%i] is not " STRINGIFY(SIM_VECTOR_GSM_KC_SIZE) " bytes, got %zu bytes",
attr_eap_sim_kc->name, idx, kc->vp_length);
return -1;
}
for (i = 0, (rand = fr_cursor_iter_by_da_init(&cursor, &vps, attr_eap_sim_rand));
(i < idx) && (rand = fr_cursor_next(&cursor));
i++);
if (!rand) {
RDEBUG3("No &control:%s[%i] attribute found, not using GSM triplets",
attr_eap_sim_rand->name, idx);
return 1;
}
if (rand->vp_length != SIM_VECTOR_GSM_RAND_SIZE) {
REDEBUG("&control:EAP-SIM-Rand[%i] is not " STRINGIFY(SIM_RAND_SIZE) " bytes, got %zu bytes",
idx, rand->vp_length);
return -1;
}
for (i = 0, (sres = fr_cursor_iter_by_da_init(&cursor, &vps, attr_eap_sim_sres));
(i < idx) && (sres = fr_cursor_next(&cursor));
i++);
if (!sres) {
RDEBUG3("No &control:%s[%i] attribute found, not using GSM triplets",
attr_eap_sim_sres->name, idx);
return 1;
}
if (sres->vp_length != SIM_VECTOR_GSM_SRES_SIZE) {
REDEBUG("&control:%s[%i] is not " STRINGIFY(SIM_VECTOR_GSM_SRES_SIZE) " bytes, got %zu bytes",
attr_eap_sim_sres->name, idx, sres->vp_length);
return -1;
}
memcpy(keys->gsm.vector[idx].kc, kc->vp_strvalue, SIM_VECTOR_GSM_KC_SIZE);
memcpy(keys->gsm.vector[idx].rand, rand->vp_octets, SIM_VECTOR_GSM_RAND_SIZE);
memcpy(keys->gsm.vector[idx].sres, sres->vp_octets, SIM_VECTOR_GSM_SRES_SIZE);
return 0;
}示例4: prefix_suffix_cmp
/*
* Compare prefix/suffix.
*
* If they compare:
* - if FR_STRIP_USER_NAME is present in check_list,
* strip the username of prefix/suffix.
* - if FR_STRIP_USER_NAME is not present in check_list,
* add a FR_STRIPPED_USER_NAME to the request.
*/
static int prefix_suffix_cmp(UNUSED void *instance,
REQUEST *request,
VALUE_PAIR *req,
VALUE_PAIR *check,
VALUE_PAIR *check_list,
UNUSED VALUE_PAIR **reply_list)
{
VALUE_PAIR *vp;
char const *name;
char rest[FR_MAX_STRING_LEN];
int len, namelen;
int ret = -1;
if (!request || !request->username) return -1;
VP_VERIFY(check);
name = request->username->vp_strvalue;
RDEBUG3("Comparing name \"%s\" and check value \"%s\"", name, check->vp_strvalue);
len = strlen(check->vp_strvalue);
if (check->da == attr_prefix) {
ret = strncmp(name, check->vp_strvalue, len);
if (ret == 0)
strlcpy(rest, name + len, sizeof(rest));
} else if (check->da == attr_suffix) {
namelen = strlen(name);
if (namelen >= len) {
ret = strcmp(name + namelen - len, check->vp_strvalue);
if (ret == 0) strlcpy(rest, name, namelen - len + 1);
}
}
if (ret != 0) return ret;
/*
* If Strip-User-Name == No, then don't do any more.
*/
vp = fr_pair_find_by_da(check_list, attr_strip_user_name, TAG_ANY);
if (vp && !vp->vp_uint32) return ret;
/*
* See where to put the stripped user name.
*/
vp = fr_pair_find_by_da(check_list, attr_stripped_user_name, TAG_ANY);
if (!vp) {
/*
* If "request" is NULL, then the memory will be
* lost!
*/
MEM(vp = fr_pair_afrom_da(request->packet, attr_stripped_user_name));
fr_pair_add(&req, vp);
request->username = vp;
}
fr_pair_value_strcpy(vp, rest);
return ret;
}示例5: tls_socket_write
static int tls_socket_write(rad_listen_t *listener, REQUEST *request)
{
uint8_t *p;
ssize_t rcode;
listen_socket_t *sock = listener->data;
p = sock->ssn->dirty_out.data;
while (p < (sock->ssn->dirty_out.data + sock->ssn->dirty_out.used)) {
RDEBUG3("Writing to socket %d", request->packet->sockfd);
rcode = write(request->packet->sockfd, p,
(sock->ssn->dirty_out.data + sock->ssn->dirty_out.used) - p);
if (rcode <= 0) {
RDEBUG("Error writing to TLS socket: %s", strerror(errno));
tls_socket_close(listener);
return 0;
}
p += rcode;
}
sock->ssn->dirty_out.used = 0;
return 1;
}示例6: check_pair
static void check_pair(REQUEST *request, VALUE_PAIR *check_item, VALUE_PAIR *reply_item, int *pass, int *fail)
{
int compare;
if (check_item->op == T_OP_SET) return;
compare = paircmp(check_item, reply_item);
if (compare < 0) {
REDEBUG("Comparison failed: %s", fr_strerror());
}
if (compare == 1) {
++*(pass);
} else {
++*(fail);
}
if (RDEBUG_ENABLED3) {
char rule[1024], pair[1024];
vp_prints(rule, sizeof(rule), check_item);
vp_prints(pair, sizeof(pair), reply_item);
RDEBUG3("%s %s %s", pair, compare == 1 ? "allowed by" : "disallowed by", rule);
}
return;
}示例7: mod_delay_return
/** Called resume_at the delay is complete, and we're running from the interpreter
*
*/
static rlm_rcode_t mod_delay_return(REQUEST *request,
UNUSED void *instance, UNUSED void *thread, void *ctx)
{
struct timeval *yielded = talloc_get_type_abort(ctx, struct timeval);
/*
* Print how long the delay *really* was.
*/
if (RDEBUG_ENABLED3) {
struct timeval delayed, now;
gettimeofday(&now, NULL);
fr_timeval_subtract(&delayed, &now, yielded);
RDEBUG3("Request delayed by %pV", fr_box_timeval(delayed));
}
talloc_free(yielded);
return RLM_MODULE_OK;
}示例8: MEM
static inline VALUE_PAIR *tls_session_cert_attr_add(TALLOC_CTX *ctx, REQUEST *request, fr_cursor_t *cursor,
int attr, int attr_index, char const *value)
{
VALUE_PAIR *vp;
fr_dict_attr_t const *da = *(cert_attr_names[attr][attr_index]);
MEM(vp = fr_pair_afrom_da(ctx, da));
if (value) {
if (fr_pair_value_from_str(vp, value, -1, '\0', true) < 0) {
RPWDEBUG("Failed creating attribute %s", da->name);
talloc_free(vp);
return NULL;
}
}
RINDENT();
RDEBUG3("%pP", vp);
REXDENT();
fr_cursor_append(cursor, vp);
return vp;
}示例9: xlat_delay_resume
static xlat_action_t xlat_delay_resume(TALLOC_CTX *ctx, fr_cursor_t *out,
REQUEST *request,
UNUSED void const *xlat_inst, UNUSED void *xlat_thread_inst,
UNUSED fr_value_box_t **in, void *rctx)
{
struct timeval *yielded_at = talloc_get_type_abort(rctx, struct timeval);
struct timeval delayed, now;
fr_value_box_t *vb;
gettimeofday(&now, NULL);
fr_timeval_subtract(&delayed, &now, yielded_at);
talloc_free(yielded_at);
RDEBUG3("Request delayed by %pVs", fr_box_timeval(delayed));
MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_TIMEVAL, NULL, false));
vb->vb_timeval = delayed;
fr_cursor_insert(out, vb);
return XLAT_ACTION_DONE;
}示例10: CC_HINT
static rlm_rcode_t CC_HINT(nonnull) mod_delay(void *instance, UNUSED void *thread, REQUEST *request)
{
rlm_delay_t const *inst = instance;
struct timeval delay, resume_at, *yielded_at;
if (inst->delay) {
if (tmpl_aexpand(request, &delay, request, inst->delay, NULL, NULL) < 0) return RLM_MODULE_FAIL;
} else {
memset(&delay, 0, sizeof(delay));
}
/*
* Record the time that we yielded the request
*/
MEM(yielded_at = talloc(request, struct timeval));
if (gettimeofday(yielded_at, NULL) < 0) {
REDEBUG("Failed getting current time: %s", fr_syserror(errno));
return RLM_MODULE_FAIL;
}
/*
* Setup the delay for this request
*/
if (delay_add(request, &resume_at, yielded_at, &delay, inst->force_reschedule, inst->delay) != 0) {
return RLM_MODULE_NOOP;
}
RDEBUG3("Current time %pV, resume time %pV", fr_box_timeval(*yielded_at), fr_box_timeval(resume_at));
if (unlang_event_module_timeout_add(request, _delay_done, yielded_at, &resume_at) < 0) {
RPEDEBUG("Adding event failed");
return RLM_MODULE_FAIL;
}
return unlang_module_yield(request, mod_delay_return, mod_delay_cancel, yielded_at);
}示例11: eaptls_verify
/*
* The S flag is set only within the EAP-TLS start message sent
* from the EAP server to the peer.
*
* Similarly, when the EAP server receives an EAP-Response with
* the M bit set, it MUST respond with an EAP-Request with
* EAP-Type=EAP-TLS and no data. This serves as a fragment
* ACK. The EAP peer MUST wait.
*/
static fr_tls_status_t eaptls_verify(eap_handler_t *handler)
{
EAP_DS *eap_ds = handler->eap_ds;
tls_session_t *tls_session = handler->opaque;
EAP_DS *prev_eap_ds = handler->prev_eap_ds;
eaptls_packet_t *eaptls_packet;
REQUEST *request = handler->request;
size_t frag_len;
/*
* We don't check ANY of the input parameters. It's all
* code which works together, so if something is wrong,
* we SHOULD core dump.
*
* e.g. if eap_ds is NULL, of if eap_ds->response is
* NULL, of if it's NOT an EAP-Response, or if the packet
* is too short. See eap_validation()., in ../../eap.c
*/
eaptls_packet = (eaptls_packet_t *)eap_ds->response->type.data;
/*
* First output the flags (for debugging)
*/
RDEBUG3("Peer sent flags %c%c%c",
TLS_START(eaptls_packet->flags) ? 'S' : '-',
TLS_MORE_FRAGMENTS(eaptls_packet->flags) ? 'M' : '-',
TLS_LENGTH_INCLUDED(eaptls_packet->flags) ? 'L' : '-');
/*
* check for ACK
*
* If there's no TLS data, or there's 1 byte of TLS data,
* with the flags set to zero, then it's an ACK.
*
* Find if this is a reply to the previous request sent
*/
if ((!eaptls_packet) ||
((eap_ds->response->length == EAP_HEADER_LEN + 2) &&
((eaptls_packet->flags & 0xc0) == 0x00))) {
if (prev_eap_ds && (prev_eap_ds->request->id == eap_ds->response->id)) {
return tls_ack_handler(handler->opaque, request);
} else {
REDEBUG("Received Invalid TLS ACK");
return FR_TLS_INVALID;
}
}
/*
* We send TLS_START, but do not receive it.
*/
if (TLS_START(eaptls_packet->flags)) {
REDEBUG("Peer sent EAP-TLS Start message (only the server is allowed to do this)");
return FR_TLS_INVALID;
}
/*
* Calculate this fragment's length
*/
frag_len = eap_ds->response->length -
(EAP_HEADER_LEN + (TLS_LENGTH_INCLUDED(eaptls_packet->flags) ? 6 : 2));
/*
* The L bit (length included) is set to indicate the
* presence of the four octet TLS Message Length field,
* and MUST be set for the first fragment of a fragmented
* TLS message or set of messages.
*
* The M bit (more fragments) is set on all but the last
* fragment.
*
* The S bit (EAP-TLS start) is set in an EAP-TLS Start
* message. This differentiates the EAP-TLS Start message
* from a fragment acknowledgement.
*/
if (TLS_LENGTH_INCLUDED(eaptls_packet->flags)) {
size_t total_len = eaptls_packet->data[2] * 256 | eaptls_packet->data[3];
if (frag_len > total_len) {
REDEBUG("TLS fragment length (%zu bytes) greater than TLS record length (%zu bytes)", frag_len,
total_len);
return FR_TLS_INVALID;
}
if (tls_session->tls_record_transfer_started) {
REDEBUG("TLS Length Included (L) flag set, which indicates a new fragment transfer, "
"but previous transfer was not complete");
return FR_TLS_INVALID;
}
/*
* This is the first fragment of a fragmented TLS record transfer.
//.........这里部分代码省略.........
示例12: radius_do_cmp
/*
* *presult is "did comparison match or not"
*/
static int radius_do_cmp(REQUEST *request, int *presult,
FR_TOKEN lt, const char *pleft, FR_TOKEN token,
FR_TOKEN rt, const char *pright,
int cflags, int modreturn)
{
int result;
uint32_t lint, rint;
VALUE_PAIR *vp = NULL;
#ifdef HAVE_REGEX_H
char buffer[8192];
#else
cflags = cflags; /* -Wunused */
#endif
rt = rt; /* -Wunused */
if (lt == T_BARE_WORD) {
/*
* Maybe check the last return code.
*/
if (token == T_OP_CMP_TRUE) {
int isreturn;
/*
* Looks like a return code, treat is as such.
*/
isreturn = fr_str2int(modreturn_table, pleft, -1);
if (isreturn != -1) {
*presult = (modreturn == isreturn);
return TRUE;
}
}
/*
* Bare words on the left can be attribute names.
*/
if (radius_get_vp(request, pleft, &vp)) {
VALUE_PAIR myvp;
/*
* VP exists, and that's all we're looking for.
*/
if (token == T_OP_CMP_TRUE) {
*presult = (vp != NULL);
return TRUE;
}
if (!vp) {
DICT_ATTR *da;
/*
* The attribute on the LHS may
* have been a dynamically
* registered callback. i.e. it
* doesn't exist as a VALUE_PAIR.
* If so, try looking for it.
*/
da = dict_attrbyname(pleft);
if (da && (da->vendor == 0) && radius_find_compare(da->attr)) {
VALUE_PAIR *check = pairmake(pleft, pright, token);
*presult = (radius_callback_compare(request, NULL, check, NULL, NULL) == 0);
RDEBUG3(" Callback returns %d",
*presult);
pairfree(&check);
return TRUE;
}
RDEBUG2(" (Attribute %s was not found)",
pleft);
*presult = 0;
return TRUE;
}
#ifdef HAVE_REGEX_H
/*
* Regex comparisons treat everything as
* strings.
*/
if ((token == T_OP_REG_EQ) ||
(token == T_OP_REG_NE)) {
vp_prints_value(buffer, sizeof(buffer), vp, 0);
pleft = buffer;
goto do_checks;
}
#endif
memcpy(&myvp, vp, sizeof(myvp));
if (!pairparsevalue(&myvp, pright)) {
RDEBUG2("Failed parsing \"%s\": %s",
pright, fr_strerror());
return FALSE;
}
myvp.operator = token;
*presult = paircmp(&myvp, vp);
RDEBUG3(" paircmp -> %d", *presult);
return TRUE;
//.........这里部分代码省略.........
示例13: mod_authorize
//.........这里部分代码省略.........
}
if (rows == 0) {
goto skipreply;
}
if (!inst->config->read_groups) {
dofallthrough = fallthrough(reply_tmp);
}
RDEBUG2("User found in radreply table");
user_found = true;
radius_pairmove(request, &request->reply->vps, reply_tmp, true);
rcode = RLM_MODULE_OK;
}
skipreply:
/*
* Clear out the pairlists
*/
pairfree(&check_tmp);
pairfree(&reply_tmp);
/*
* dofallthrough is set to 1 by default so that if the user information
* is not found, we will still process groups. If the user information,
* however, *is* found, Fall-Through must be set in order to process
* the groups as well.
*/
if (dofallthrough) {
rlm_rcode_t ret;
RDEBUG3("... falling-through to group processing");
ret = rlm_sql_process_groups(inst, request, handle, &dofallthrough);
switch (ret) {
/*
* Nothing bad happened, continue...
*/
case RLM_MODULE_UPDATED:
rcode = RLM_MODULE_UPDATED;
/* FALL-THROUGH */
case RLM_MODULE_OK:
if (rcode != RLM_MODULE_UPDATED) {
rcode = RLM_MODULE_OK;
}
/* FALL-THROUGH */
case RLM_MODULE_NOOP:
user_found = true;
break;
case RLM_MODULE_NOTFOUND:
break;
default:
rcode = ret;
goto release;
}
}
/*
* Repeat the above process with the default profile or User-Profile
*/
if (dofallthrough) {
rlm_rcode_t ret;
示例14: redis_xlat
static ssize_t redis_xlat(UNUSED TALLOC_CTX *ctx, char **out, size_t outlen,
void const *mod_inst, UNUSED void const *xlat_inst,
REQUEST *request, char const *fmt)
{
rlm_redis_t const *inst = mod_inst;
fr_redis_conn_t *conn;
bool read_only = false;
uint8_t const *key = NULL;
size_t key_len = 0;
fr_redis_cluster_state_t state;
fr_redis_rcode_t status;
redisReply *reply = NULL;
int s_ret;
size_t len;
int ret;
char const *p = fmt, *q;
int argc;
char const *argv[MAX_REDIS_ARGS];
char argv_buf[MAX_REDIS_COMMAND_LEN];
if (p[0] == '-') {
p++;
read_only = true;
}
/*
* Hack to allow querying against a specific node for testing
*/
if (p[0] == '@') {
fr_socket_addr_t node_addr;
fr_pool_t *pool;
RDEBUG3("Overriding node selection");
p++;
q = strchr(p, ' ');
if (!q) {
REDEBUG("Found node specifier but no command, format is [-][@<host>[:port]] <redis command>");
return -1;
}
if (fr_inet_pton_port(&node_addr.ipaddr, &node_addr.port, p, q - p, AF_UNSPEC, true, true) < 0) {
RPEDEBUG("Failed parsing node address");
return -1;
}
p = q + 1;
if (fr_redis_cluster_pool_by_node_addr(&pool, inst->cluster, &node_addr, true) < 0) {
RPEDEBUG("Failed locating cluster node");
return -1;
}
conn = fr_pool_connection_get(pool, request);
if (!conn) {
REDEBUG("No connections available for cluster node");
return -1;
}
argc = rad_expand_xlat(request, p, MAX_REDIS_ARGS, argv, false, sizeof(argv_buf), argv_buf);
if (argc <= 0) {
RPEDEBUG("Invalid command: %s", p);
arg_error:
fr_pool_connection_release(pool, request, conn);
return -1;
}
if (argc >= (MAX_REDIS_ARGS - 1)) {
RPEDEBUG("Too many parameters; increase MAX_REDIS_ARGS and recompile: %s", p);
goto arg_error;
}
RDEBUG2("Executing command: %s", argv[0]);
if (argc > 1) {
RDEBUG2("With argments");
RINDENT();
for (int i = 1; i < argc; i++) RDEBUG2("[%i] %s", i, argv[i]);
REXDENT();
}
if (!read_only) {
reply = redisCommandArgv(conn->handle, argc, argv, NULL);
status = fr_redis_command_status(conn, reply);
} else if (redis_command_read_only(&status, &reply, request, conn, argc, argv) == -2) {
goto close_conn;
}
if (!reply) goto fail;
switch (status) {
case REDIS_RCODE_SUCCESS:
goto reply_parse;
case REDIS_RCODE_RECONNECT:
close_conn:
fr_pool_connection_close(pool, request, conn);
//.........这里部分代码省略.........
示例15: mod_authorize
/** Handle authorization requests using Couchbase document data
*
* Attempt to fetch the document assocaited with the requested user by
* using the deterministic key defined in the configuration. When a valid
* document is found it will be parsed and the containing value pairs will be
* injected into the request.
*
* @param instance The module instance.
* @param thread specific data.
* @param request The authorization request.
* @return Operation status (#rlm_rcode_t).
*/
static rlm_rcode_t mod_authorize(void *instance, UNUSED void *thread, REQUEST *request)
{
rlm_couchbase_t const *inst = instance; /* our module instance */
rlm_couchbase_handle_t *handle = NULL; /* connection pool handle */
char buffer[MAX_KEY_SIZE];
char const *dockey; /* our document key */
lcb_error_t cb_error = LCB_SUCCESS; /* couchbase error holder */
rlm_rcode_t rcode = RLM_MODULE_OK; /* return code */
ssize_t slen;
/* assert packet as not null */
rad_assert(request->packet != NULL);
/* attempt to build document key */
slen = tmpl_expand(&dockey, buffer, sizeof(buffer), request, inst->user_key, NULL, NULL);
if (slen < 0) return RLM_MODULE_FAIL;
if ((dockey == buffer) && is_truncated((size_t)slen, sizeof(buffer))) {
REDEBUG("Key too long, expected < " STRINGIFY(sizeof(buffer)) " bytes, got %zi bytes", slen);
return RLM_MODULE_FAIL;
}
/* get handle */
handle = fr_pool_connection_get(inst->pool, request);
/* check handle */
if (!handle) return RLM_MODULE_FAIL;
/* set couchbase instance */
lcb_t cb_inst = handle->handle;
/* set cookie */
cookie_t *cookie = handle->cookie;
/* fetch document */
cb_error = couchbase_get_key(cb_inst, cookie, dockey);
/* check error */
if (cb_error != LCB_SUCCESS || !cookie->jobj) {
/* log error */
RERROR("failed to fetch document or parse return");
/* set return */
rcode = RLM_MODULE_FAIL;
/* return */
goto finish;
}
/* debugging */
RDEBUG3("parsed user document == %s", json_object_to_json_string(cookie->jobj));
{
TALLOC_CTX *pool = talloc_pool(request, 1024); /* We need to do lots of allocs */
fr_cursor_t maps, vlms;
vp_map_t *map_head = NULL, *map;
vp_list_mod_t *vlm_head = NULL, *vlm;
fr_cursor_init(&maps, &map_head);
/*
* Convert JSON data into maps
*/
if ((mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_CONTROL) < 0) ||
(mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_REPLY) < 0) ||
(mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_REQUEST) < 0) ||
(mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_STATE) < 0)) {
invalid:
talloc_free(pool);
rcode = RLM_MODULE_INVALID;
goto finish;
}
fr_cursor_init(&vlms, &vlm_head);
/*
* Convert all the maps into list modifications,
* which are guaranteed to succeed.
*/
for (map = fr_cursor_head(&maps);
map;
map = fr_cursor_next(&maps)) {
if (map_to_list_mod(pool, &vlm, request, map, NULL, NULL) < 0) goto invalid;
fr_cursor_insert(&vlms, vlm);
}
if (!vlm_head) {
RDEBUG2("Nothing to update");
talloc_free(pool);
rcode = RLM_MODULE_NOOP;
goto finish;
//.........这里部分代码省略.........