/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* Author : Maxim Mamontov <faust@stargazer.dp.ua>
*/
/*
* FreeRADIUS module for data access via Stargazer
*
* $Revision: 1.8 $
* $Date: 2010/08/14 04:15:08 $
*
*/
#ifndef NDEBUG
#define NDEBUG
#include <freeradius/ident.h>
#include <freeradius/radiusd.h>
#include <freeradius/modules.h>
#undef NDEBUG
#endif
#include "stgpair.h"
#include "iface.h"
typedef struct rlm_stg_t {
char * server;
uint16_t port;
char * password;
} rlm_stg_t;
static const CONF_PARSER module_config[] = {
{ "server", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,server), NULL, "localhost"},
{ "port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,port), NULL, "9091" },
{ "password", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,password), NULL, "123456"},
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
int emptyPair(const STG_PAIR * pair);
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int stg_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_stg_t *data;
/*
* Set up a storage area for instance data
*/
data = rad_malloc(sizeof(*data));
if (!data) {
return -1;
}
memset(data, 0, sizeof(*data));
/*
* If the configuration parameters can't be parsed, then
* fail.
*/
if (cf_section_parse(conf, data, module_config) < 0) {
free(data);
return -1;
}
if (!stgInstantiateImpl(data->server, data->port)) {
free(data);
return -1;
}
*instance = data;
return 0;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static int stg_authorize(void *, REQUEST *request)
{
VALUE_PAIR * pwd;
VALUE_PAIR * svc;
const STG_PAIR * pairs;
const STG_PAIR * pair;
size_t count = 0;
instance = instance;
DEBUG("rlm_stg: stg_authorize()");
if (request->username) {
DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue);
}
if (request->password) {
DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue);
}
// Here we need to define Framed-Protocol
svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
if (svc) {
DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue);
pairs = stgAuthorizeImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue);
} else {
DEBUG("rlm_stg: stg_authorize() Service-Type undefined");
pairs = stgAuthorizeImpl((const char *)request->username->vp_strvalue, "");
}
if (!pairs) {
DEBUG("rlm_stg: stg_authorize() failed.");
return RLM_MODULE_REJECT;
}
pair = pairs;
while (!emptyPair(pair)) {
pwd = pairmake(pair->key, pair->value, T_OP_SET);
pairadd(&request->config_items, pwd);
DEBUG("Adding pair '%s': '%s'", pair->key, pair->value);
++pair;
++count;
}
deletePairs(pairs);
if (count)
return RLM_MODULE_UPDATED;
return RLM_MODULE_NOOP;
}
/*
* Authenticate the user with the given password.
*/
static int stg_authenticate(void *, REQUEST *request)
{
VALUE_PAIR * svc;
VALUE_PAIR * pwd;
const STG_PAIR * pairs;
const STG_PAIR * pair;
size_t count = 0;
instance = instance;
DEBUG("rlm_stg: stg_authenticate()");
svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
if (svc) {
DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue);
pairs = stgAuthenticateImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue);
} else {
DEBUG("rlm_stg: stg_authenticate() Service-Type undefined");
pairs = stgAuthenticateImpl((const char *)request->username->vp_strvalue, "");
}
if (!pairs) {
DEBUG("rlm_stg: stg_authenticate() failed.");
return RLM_MODULE_REJECT;
}
pair = pairs;
while (!emptyPair(pair)) {
pwd = pairmake(pair->key, pair->value, T_OP_SET);
pairadd(&request->reply->vps, pwd);
++pair;
++count;
}
deletePairs(pairs);
if (count)
return RLM_MODULE_UPDATED;
return RLM_MODULE_NOOP;
}
/*
* Massage the request before recording it or proxying it
*/
static int stg_preacct(void *, REQUEST *)
{
DEBUG("rlm_stg: stg_preacct()");
instance = instance;
return RLM_MODULE_OK;
}
/*
* Write accounting information to this modules database.
*/
static int stg_accounting(void *, REQUEST * request)
{
VALUE_PAIR * sttype;
VALUE_PAIR * svc;
VALUE_PAIR * sessid;
VALUE_PAIR * pwd;
const STG_PAIR * pairs;
const STG_PAIR * pair;
size_t count = 0;
instance = instance;
DEBUG("rlm_stg: stg_accounting()");
svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID);
sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE);
if (!sessid) {
DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined");
return RLM_MODULE_FAIL;
}
if (sttype) {
DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue);
if (svc) {
DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue);
pairs = stgAccountingImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sttype->vp_strvalue, (const char *)sessid->vp_strvalue);
} else {
DEBUG("rlm_stg: stg_accounting() Service-Type undefined");
pairs = stgAccountingImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sttype->vp_strvalue, (const char *)sessid->vp_strvalue);
}
} else {
DEBUG("rlm_stg: stg_accounting() Acct-Status-Type := NULL");
return RLM_MODULE_OK;
}
if (!pairs) {
DEBUG("rlm_stg: stg_accounting() failed.");
return RLM_MODULE_REJECT;
}
pair = pairs;
while (!emptyPair(pair)) {
pwd = pairmake(pair->key, pair->value, T_OP_SET);
pairadd(&request->reply->vps, pwd);
++pair;
++count;
}
deletePairs(pairs);
if (count)
return RLM_MODULE_UPDATED;
return RLM_MODULE_OK;
}
/*
* See if a user is already logged in. Sets request->simul_count to the
* current session count for this user and sets request->simul_mpp to 2
* if it looks like a multilink attempt based on the requested IP
* address, otherwise leaves request->simul_mpp alone.
*
* Check twice. If on the first pass the user exceeds his
* max. number of logins, do a second pass and validate all
* logins by querying the terminal server (using eg. SNMP).
*/
static int stg_checksimul(void *, REQUEST *request)
{
DEBUG("rlm_stg: stg_checksimul()");
instance = instance;
request->simul_count=0;
return RLM_MODULE_OK;
}
static int stg_postauth(void *, REQUEST *request)
{
VALUE_PAIR * svc;
VALUE_PAIR * pwd;
const STG_PAIR * pairs;
const STG_PAIR * pair;
size_t count = 0;
instance = instance;
DEBUG("rlm_stg: stg_postauth()");
svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
if (svc) {
DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue);
pairs = stgPostAuthImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue);
} else {
DEBUG("rlm_stg: stg_postauth() Service-Type undefined");
pairs = stgPostAuthImpl((const char *)request->username->vp_strvalue, "");
}
if (!pairs) {
DEBUG("rlm_stg: stg_postauth() failed.");
return RLM_MODULE_REJECT;
}
pair = pairs;
while (!emptyPair(pair)) {
pwd = pairmake(pair->key, pair->value, T_OP_SET);
pairadd(&request->reply->vps, pwd);
++pair;
++count;
}
deletePairs(pairs);
if (count)
return RLM_MODULE_UPDATED;
return RLM_MODULE_NOOP;
}
static int stg_detach(void *instance)
{
free(((struct rlm_stg_t *)instance)->server);
free(instance);
return 0;
}
/*
* The module name should be the only globally exported symbol.
* That is, everything else should be 'static'.
*
* If the module needs to temporarily modify it's instantiation
* data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
* The server will then take care of ensuring that the module
* is single-threaded.
*/
module_t rlm_stg = {
RLM_MODULE_INIT,
"stg",
RLM_TYPE_THREAD_SAFE, /* type */
stg_instantiate, /* instantiation */
stg_detach, /* detach */
{
stg_authenticate, /* authentication */
stg_authorize, /* authorization */
stg_preacct, /* preaccounting */
stg_accounting, /* accounting */
stg_checksimul, /* checksimul */
NULL, /* pre-proxy */
NULL, /* post-proxy */
stg_postauth /* post-auth */
},
};