2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 * Author : Maxim Mamontov <faust@stargazer.dp.ua>
22 * FreeRADIUS module for data access via Stargazer
25 * $Date: 2010/08/14 04:15:08 $
32 #include <freeradius/ident.h>
33 #include <freeradius/radiusd.h>
34 #include <freeradius/modules.h>
36 #include <stddef.h> // size_t
38 typedef struct rlm_stg_t {
42 static const CONF_PARSER module_config[] = {
43 { "address", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t, address), NULL, "unix:/var/run/stg.sock"},
45 { NULL, -1, 0, NULL, NULL } /* end the list */
48 static void deletePairs(STG_PAIR* pairs)
53 static size_t toVPS(const STG_PAIR* pairs, VALUE_PAIR** vps)
55 const STG_PAIR* pair = pairs;
58 while (!emptyPair(pair)) {
59 VALUE_PAIR* vp = pairmake(pair->key, pair->value, T_OP_SET);
68 static size_t toReply(STG_RESULT result, REQUEST* request)
72 count += toVPS(result.modify, &request->config_items);
73 pairfree(&request->reply->vps);
74 count += toVPS(result.reply, &request->reply->vps);
76 deletePairs(result.modify);
77 deletePairs(result.reply);
82 static int countVPS(const VALUE_PAIR* pairs)
85 while (pairs != NULL) {
92 static STG_PAIR* fromVPS(const VALUE_PAIR* pairs)
94 unsigned size = countVPS(pairs);
95 STG_PAIR* res = (STG_PAIR*)malloc(sizeof(STG_PAIR) * (size + 1));
97 while (pairs != NULL) {
98 bzero(res[pos].key, sizeof(res[0].key));
99 bzero(res[pos].value, sizeof(res[0].value));
100 strncpy(res[pos].key, pairs->name, sizeof(res[0].key));
101 vp_prints_value(res[pos].value, sizeof(res[0].value), pairs, 0);
105 bzero(res[pos].key, sizeof(res[0].key));
106 bzero(res[pos].value, sizeof(res[0].value));
111 * Do any per-module initialization that is separate to each
112 * configured instance of the module. e.g. set up connections
113 * to external databases, read configuration files, set up
114 * dictionary entries, etc.
116 * If configuration information is given in the config section
117 * that must be referenced in later calls, store a handle to it
118 * in *instance otherwise put a null pointer there.
120 static int stg_instantiate(CONF_SECTION* conf, void** instance)
125 * Set up a storage area for instance data
127 data = rad_malloc(sizeof(*data));
131 memset(data, 0, sizeof(*data));
134 * If the configuration parameters can't be parsed, then
137 if (cf_section_parse(conf, data, module_config) < 0) {
142 if (!stgInstantiateImpl(data->address)) {
153 * Find the named user in this modules database. Create the set
154 * of attribute-value pairs to check and reply with for this user
155 * from the database. The authentication code only needs to check
156 * the password, the rest is done here.
158 static int stg_authorize(void* instance, REQUEST* request)
161 STG_PAIR* pairs = fromVPS(request->packet->vps);
163 const char* username = NULL;
164 const char* password = NULL;
168 DEBUG("rlm_stg: stg_authorize()");
170 if (request->username) {
171 username = request->username->data.strvalue;
172 DEBUG("rlm_stg: stg_authorize() request username field: '%s'", username);
175 if (request->password) {
176 password = request->password->data.strvalue;
177 DEBUG("rlm_stg: stg_authorize() request password field: '%s'", password);
180 result = stgAuthorizeImpl(username, password, pairs);
183 if (!result.modify && !result.reply) {
184 DEBUG("rlm_stg: stg_authorize() failed.");
185 return RLM_MODULE_REJECT;
188 count = toReply(result, request);
191 return RLM_MODULE_UPDATED;
193 return RLM_MODULE_NOOP;
197 * Authenticate the user with the given password.
199 static int stg_authenticate(void* instance, REQUEST* request)
202 STG_PAIR* pairs = fromVPS(request->packet->vps);
204 const char* username = NULL;
205 const char* password = NULL;
209 DEBUG("rlm_stg: stg_authenticate()");
211 if (request->username) {
212 username = request->username->data.strvalue;
213 DEBUG("rlm_stg: stg_authenticate() request username field: '%s'", username);
216 if (request->password) {
217 password = request->password->data.strvalue;
218 DEBUG("rlm_stg: stg_authenticate() request password field: '%s'", password);
221 result = stgAuthenticateImpl(username, password, pairs);
224 if (!result.modify && !result.reply) {
225 DEBUG("rlm_stg: stg_authenticate() failed.");
226 return RLM_MODULE_REJECT;
229 count = toReply(result, request);
232 return RLM_MODULE_UPDATED;
234 return RLM_MODULE_NOOP;
238 * Massage the request before recording it or proxying it
240 static int stg_preacct(void* instance, REQUEST* request)
243 STG_PAIR* pairs = fromVPS(request->packet->vps);
245 const char* username = NULL;
246 const char* password = NULL;
248 DEBUG("rlm_stg: stg_preacct()");
252 if (request->username) {
253 username = request->username->data.strvalue;
254 DEBUG("rlm_stg: stg_preacct() request username field: '%s'", username);
257 if (request->password) {
258 password = request->password->data.strvalue;
259 DEBUG("rlm_stg: stg_preacct() request password field: '%s'", password);
262 result = stgPreAcctImpl(username, password, pairs);
265 if (!result.modify && !result.reply) {
266 DEBUG("rlm_stg: stg_preacct() failed.");
267 return RLM_MODULE_REJECT;
270 count = toReply(result, request);
273 return RLM_MODULE_UPDATED;
275 return RLM_MODULE_NOOP;
279 * Write accounting information to this modules database.
281 static int stg_accounting(void* instance, REQUEST* request)
284 STG_PAIR* pairs = fromVPS(request->packet->vps);
286 const char* username = NULL;
287 const char* password = NULL;
289 DEBUG("rlm_stg: stg_accounting()");
293 if (request->username) {
294 username = request->username->data.strvalue;
295 DEBUG("rlm_stg: stg_accounting() request username field: '%s'", username);
298 if (request->password) {
299 password = request->password->data.strvalue;
300 DEBUG("rlm_stg: stg_accounting() request password field: '%s'", password);
303 result = stgAccountingImpl(username, password, pairs);
306 if (!result.modify && !result.reply) {
307 DEBUG("rlm_stg: stg_accounting() failed.");
308 return RLM_MODULE_REJECT;
311 count = toReply(result, request);
314 return RLM_MODULE_UPDATED;
316 return RLM_MODULE_OK;
320 * See if a user is already logged in. Sets request->simul_count to the
321 * current session count for this user and sets request->simul_mpp to 2
322 * if it looks like a multilink attempt based on the requested IP
323 * address, otherwise leaves request->simul_mpp alone.
325 * Check twice. If on the first pass the user exceeds his
326 * max. number of logins, do a second pass and validate all
327 * logins by querying the terminal server (using eg. SNMP).
329 static int stg_checksimul(void* instance, REQUEST* request)
331 DEBUG("rlm_stg: stg_checksimul()");
335 request->simul_count = 0;
337 return RLM_MODULE_OK;
340 static int stg_postauth(void* instance, REQUEST* request)
343 STG_PAIR* pairs = fromVPS(request->packet->vps);
345 const char* username = NULL;
346 const char* password = NULL;
348 DEBUG("rlm_stg: stg_postauth()");
352 if (request->username) {
353 username = request->username->data.strvalue;
354 DEBUG("rlm_stg: stg_postauth() request username field: '%s'", username);
357 if (request->password) {
358 password = request->password->data.strvalue;
359 DEBUG("rlm_stg: stg_postauth() request password field: '%s'", password);
362 result = stgPostAuthImpl(username, password, pairs);
365 if (!result.modify && !result.reply) {
366 DEBUG("rlm_stg: stg_postauth() failed.");
367 return RLM_MODULE_REJECT;
370 count = toReply(result, request);
373 return RLM_MODULE_UPDATED;
375 return RLM_MODULE_NOOP;
378 static int stg_detach(void* instance)
380 free(((struct rlm_stg_t*)instance)->address);
388 RLM_TYPE_THREAD_UNSAFE, /* type */
389 stg_instantiate, /* instantiation */
390 stg_detach, /* detach */
392 stg_authenticate, /* authentication */
393 stg_authorize, /* authorization */
394 stg_preacct, /* preaccounting */
395 stg_accounting, /* accounting */
396 stg_checksimul, /* checksimul */
397 NULL, /* pre-proxy */
398 NULL, /* post-proxy */
399 stg_postauth /* post-auth */