2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 * Author : Maxim Mamontov <faust@stargazer.dp.ua>
22 * FreeRADIUS module for data access via Stargazer
25 * $Date: 2010/08/14 04:15:08 $
40 #include "stg_client.h"
44 volatile time_t stgTime;
47 * Define a structure for our module configuration.
49 * These variables do not need to be in a structure, but it's
50 * a lot cleaner to do so, and a pointer to the structure can
51 * be used as the instance handle.
53 typedef struct rlm_stg_t {
61 * A mapping of configuration file names to internal variables.
63 * Note that the string is dynamically allocated, so it MUST
64 * be freed. When the configuration file parse re-reads the string,
65 * it free's the old one, and strdup's the new one, placing the pointer
66 * to the strdup'd string into 'config.string'. This gets around
69 static CONF_PARSER module_config[] = {
70 { "password", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,password), NULL, NULL},
71 { "server", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,server), NULL, NULL},
72 { "port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,port), NULL, "5555" },
73 { "local_port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,localPort), NULL, "0" },
75 { NULL, -1, 0, NULL, NULL } /* end the list */
79 * Do any per-module initialization that is separate to each
80 * configured instance of the module. e.g. set up connections
81 * to external databases, read configuration files, set up
82 * dictionary entries, etc.
84 * If configuration information is given in the config section
85 * that must be referenced in later calls, store a handle to it
86 * in *instance otherwise put a null pointer there.
88 static int stg_instantiate(CONF_SECTION *conf, void **instance)
93 * Set up a storage area for instance data
95 DEBUG("rlm_stg: stg_instantiate()");
96 data = (rlm_stg_t *)rad_malloc(sizeof(rlm_stg_t));
100 memset(data, 0, sizeof(rlm_stg_t));
103 * If the configuration parameters can't be parsed, then
106 if (cf_section_parse(conf, data, module_config) < 0) {
112 cli = new STG_CLIENT(data->server, data->port, data->localPort, data->password);
114 catch (std::exception & ex) {
115 DEBUG("rlm_stg: stg_instantiate() error: '%s'", ex.what());
120 DEBUG("rlm_stg: stg_instantiate() error: '%s'", cli->GetError().c_str());
130 * Find the named user in this modules database. Create the set
131 * of attribute-value pairs to check and reply with for this user
132 * from the database. The authentication code only needs to check
133 * the password, the rest is done here.
135 static int stg_authorize(void *instance, REQUEST *request)
140 DEBUG("rlm_stg: stg_authorize()");
142 /* quiet the compiler */
146 uname = pairfind(request->packet->vps, PW_USER_NAME);
148 DEBUG("rlm_stg: stg_authorize() user name defined as '%s'", uname->vp_strvalue);
150 DEBUG("rlm_stg: stg_authorize() user name undefined");
151 return RLM_MODULE_FAIL;
153 if (request->username) {
154 DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue);
156 if (request->password) {
157 DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue);
159 // Here we need to define Framed-Protocol
160 svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
162 DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue);
163 if (cli->Authorize((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
164 DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str());
165 return RLM_MODULE_REJECT;
168 DEBUG("rlm_stg: stg_authorize() Service-Type undefined");
169 if (cli->Authorize((const char *)request->username->vp_strvalue, "")) {
170 DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str());
171 return RLM_MODULE_REJECT;
174 pwd = pairmake("Cleartext-Password", cli->GetUserPassword().c_str(), T_OP_SET);
175 pairadd(&request->config_items, pwd);
176 //pairadd(&request->reply->vps, uname);
178 return RLM_MODULE_UPDATED;
182 * Authenticate the user with the given password.
184 static int stg_authenticate(void *instance, REQUEST *request)
186 /* quiet the compiler */
190 DEBUG("rlm_stg: stg_authenticate()");
191 svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
193 DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue);
194 if (cli->Authenticate((char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
195 DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str());
196 return RLM_MODULE_REJECT;
199 DEBUG("rlm_stg: stg_authenticate() Service-Type undefined");
200 if (cli->Authenticate((char *)request->username->vp_strvalue, "")) {
201 DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str());
202 return RLM_MODULE_REJECT;
206 return RLM_MODULE_NOOP;
210 * Massage the request before recording it or proxying it
212 static int stg_preacct(void *instance, REQUEST *request)
214 /* quiet the compiler */
217 DEBUG("rlm_stg: stg_preacct()");
219 return RLM_MODULE_OK;
223 * Write accounting information to this modules database.
225 static int stg_accounting(void *instance, REQUEST *request)
227 /* quiet the compiler */
231 svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
234 DEBUG("rlm_stg: stg_accounting()");
236 sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID);
238 DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined");
239 return RLM_MODULE_FAIL;
241 sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE);
243 DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue);
245 DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue);
246 if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sessid->vp_strvalue)) {
247 DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str());
248 return RLM_MODULE_FAIL;
251 DEBUG("rlm_stg: stg_accounting() Service-Type undefined");
252 if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, "", (const char *)sessid->vp_strvalue)) {
253 DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str());
254 return RLM_MODULE_FAIL;
258 DEBUG("Acct-Status-Type := NULL");
261 return RLM_MODULE_OK;
265 * See if a user is already logged in. Sets request->simul_count to the
266 * current session count for this user and sets request->simul_mpp to 2
267 * if it looks like a multilink attempt based on the requested IP
268 * address, otherwise leaves request->simul_mpp alone.
270 * Check twice. If on the first pass the user exceeds his
271 * max. number of logins, do a second pass and validate all
272 * logins by querying the terminal server (using eg. SNMP).
274 static int stg_checksimul(void *instance, REQUEST *request)
277 DEBUG("rlm_stg: stg_checksimul()");
279 request->simul_count=0;
281 return RLM_MODULE_OK;
284 static int stg_postauth(void *instance, REQUEST *request)
290 DEBUG("rlm_stg: stg_postauth()");
291 svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
293 DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue);
294 if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
295 DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str());
296 return RLM_MODULE_FAIL;
299 DEBUG("rlm_stg: stg_postauth() Service-Type undefined");
300 if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, "")) {
301 DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str());
302 return RLM_MODULE_FAIL;
305 if (strncmp((const char *)svc->vp_strvalue, "Framed-User", 11) == 0) {
306 fip.s_addr = cli->GetFramedIP();
307 DEBUG("rlm_stg: stg_postauth() ip = '%s'", inet_ntostring(fip.s_addr).c_str());
308 fia = pairmake("Framed-IP-Address", inet_ntostring(fip.s_addr).c_str(), T_OP_SET);
309 pairadd(&request->reply->vps, fia);
312 return RLM_MODULE_UPDATED;
315 static int stg_detach(void *instance)
317 DEBUG("rlm_stg: stg_detach()");
320 free(((struct rlm_stg_t *)instance)->server);
321 free(((struct rlm_stg_t *)instance)->password);
327 * The module name should be the only globally exported symbol.
328 * That is, everything else should be 'static'.
330 * If the module needs to temporarily modify it's instantiation
331 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
332 * The server will then take care of ensuring that the module
333 * is single-threaded.
338 RLM_TYPE_THREAD_SAFE, /* type */
339 stg_instantiate, /* instantiation */
340 stg_detach, /* detach */
342 stg_authenticate, /* authentication */
343 stg_authorize, /* authorization */
344 stg_preacct, /* preaccounting */
345 stg_accounting, /* accounting */
346 stg_checksimul, /* checksimul */
347 NULL, /* pre-proxy */
348 NULL, /* post-proxy */
349 stg_postauth /* post-auth */