2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 * Author : Maxim Mamontov <faust@stargazer.dp.ua>
22 * FreeRADIUS module for data access via Stargazer
25 * $Date: 2010/08/14 04:15:08 $
31 #include <freeradius/ident.h>
32 #include <freeradius/radiusd.h>
33 #include <freeradius/modules.h>
40 typedef struct rlm_stg_t {
46 static const CONF_PARSER module_config[] = {
47 { "server", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,server), NULL, "localhost"},
48 { "port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,port), NULL, "9091" },
49 { "password", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,password), NULL, "123456"},
51 { NULL, -1, 0, NULL, NULL } /* end the list */
54 int emptyPair(const STG_PAIR * pair);
57 * Do any per-module initialization that is separate to each
58 * configured instance of the module. e.g. set up connections
59 * to external databases, read configuration files, set up
60 * dictionary entries, etc.
62 * If configuration information is given in the config section
63 * that must be referenced in later calls, store a handle to it
64 * in *instance otherwise put a null pointer there.
66 static int stg_instantiate(CONF_SECTION *conf, void **instance)
71 * Set up a storage area for instance data
73 data = rad_malloc(sizeof(*data));
77 memset(data, 0, sizeof(*data));
80 * If the configuration parameters can't be parsed, then
83 if (cf_section_parse(conf, data, module_config) < 0) {
88 if (!stgInstantiateImpl(data->server, data->port)) {
99 * Find the named user in this modules database. Create the set
100 * of attribute-value pairs to check and reply with for this user
101 * from the database. The authentication code only needs to check
102 * the password, the rest is done here.
104 static int stg_authorize(void *, REQUEST *request)
106 const STG_PAIR * pairs;
107 const STG_PAIR * pair;
112 DEBUG("rlm_stg: stg_authorize()");
114 if (request->username) {
115 DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue);
117 if (request->password) {
118 DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue);
120 // Here we need to define Framed-Protocol
121 VALUE_PAIR * svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
123 DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue);
124 pairs = stgAuthorizeImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue);
126 DEBUG("rlm_stg: stg_authorize() Service-Type undefined");
127 pairs = stgAuthorizeImpl((const char *)request->username->vp_strvalue, "");
130 DEBUG("rlm_stg: stg_authorize() failed.");
131 return RLM_MODULE_REJECT;
135 while (!emptyPair(pair)) {
136 VALUE_PAIR * pwd = pairmake(pair->key, pair->value, T_OP_SET);
137 pairadd(&request->config_items, pwd);
138 DEBUG("Adding pair '%s': '%s'", pair->key, pair->value);
145 return RLM_MODULE_UPDATED;
147 return RLM_MODULE_NOOP;
151 * Authenticate the user with the given password.
153 static int stg_authenticate(void *, REQUEST *request)
155 const STG_PAIR * pairs;
156 const STG_PAIR * pair;
161 DEBUG("rlm_stg: stg_authenticate()");
163 VALUE_PAIR * svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
165 DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue);
166 pairs = stgAuthenticateImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue);
168 DEBUG("rlm_stg: stg_authenticate() Service-Type undefined");
169 pairs = stgAuthenticateImpl((const char *)request->username->vp_strvalue, "");
172 DEBUG("rlm_stg: stg_authenticate() failed.");
173 return RLM_MODULE_REJECT;
177 while (!emptyPair(pair)) {
178 VALUE_PAIR * pwd = pairmake(pair->key, pair->value, T_OP_SET);
179 pairadd(&request->reply->vps, pwd);
186 return RLM_MODULE_UPDATED;
188 return RLM_MODULE_NOOP;
192 * Massage the request before recording it or proxying it
194 static int stg_preacct(void *, REQUEST *)
196 DEBUG("rlm_stg: stg_preacct()");
200 return RLM_MODULE_OK;
204 * Write accounting information to this modules database.
206 static int stg_accounting(void *, REQUEST * request)
208 const STG_PAIR * pairs;
209 const STG_PAIR * pair;
214 DEBUG("rlm_stg: stg_accounting()");
216 VALUE_PAIR * svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
217 VALUE_PAIR * sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID);
218 VALUE_PAIR * sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE);
221 DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined");
222 return RLM_MODULE_FAIL;
226 DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue);
228 DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue);
229 pairs = stgAccountingImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sttype->vp_strvalue, (const char *)sessid->vp_strvalue);
231 DEBUG("rlm_stg: stg_accounting() Service-Type undefined");
232 pairs = stgAccountingImpl((const char *)request->username->vp_strvalue, "", (const char *)sttype->vp_strvalue, (const char *)sessid->vp_strvalue);
235 DEBUG("rlm_stg: stg_accounting() Acct-Status-Type := NULL");
236 return RLM_MODULE_OK;
239 DEBUG("rlm_stg: stg_accounting() failed.");
240 return RLM_MODULE_REJECT;
244 while (!emptyPair(pair)) {
245 VALUE_PAIR * pwd = pairmake(pair->key, pair->value, T_OP_SET);
246 pairadd(&request->reply->vps, pwd);
253 return RLM_MODULE_UPDATED;
255 return RLM_MODULE_OK;
259 * See if a user is already logged in. Sets request->simul_count to the
260 * current session count for this user and sets request->simul_mpp to 2
261 * if it looks like a multilink attempt based on the requested IP
262 * address, otherwise leaves request->simul_mpp alone.
264 * Check twice. If on the first pass the user exceeds his
265 * max. number of logins, do a second pass and validate all
266 * logins by querying the terminal server (using eg. SNMP).
268 static int stg_checksimul(void *, REQUEST *request)
270 DEBUG("rlm_stg: stg_checksimul()");
274 request->simul_count=0;
276 return RLM_MODULE_OK;
279 static int stg_postauth(void *, REQUEST *request)
281 const STG_PAIR * pairs;
282 const STG_PAIR * pair;
287 DEBUG("rlm_stg: stg_postauth()");
289 VALUE_PAIR * svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
292 DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue);
293 pairs = stgPostAuthImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue);
295 DEBUG("rlm_stg: stg_postauth() Service-Type undefined");
296 pairs = stgPostAuthImpl((const char *)request->username->vp_strvalue, "");
299 DEBUG("rlm_stg: stg_postauth() failed.");
300 return RLM_MODULE_REJECT;
304 while (!emptyPair(pair)) {
305 VALUE_PAIR * pwd = pairmake(pair->key, pair->value, T_OP_SET);
306 pairadd(&request->reply->vps, pwd);
313 return RLM_MODULE_UPDATED;
315 return RLM_MODULE_NOOP;
318 static int stg_detach(void *instance)
320 free(((struct rlm_stg_t *)instance)->server);
326 * The module name should be the only globally exported symbol.
327 * That is, everything else should be 'static'.
329 * If the module needs to temporarily modify it's instantiation
330 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
331 * The server will then take care of ensuring that the module
332 * is single-threaded.
337 RLM_TYPE_THREAD_SAFE, /* type */
338 stg_instantiate, /* instantiation */
339 stg_detach, /* detach */
341 stg_authenticate, /* authentication */
342 stg_authorize, /* authorization */
343 stg_preacct, /* preaccounting */
344 stg_accounting, /* accounting */
345 stg_checksimul, /* checksimul */
346 NULL, /* pre-proxy */
347 NULL, /* post-proxy */
348 stg_postauth /* post-auth */