#include "config.h"
+#include "stg/user.h"
#include "stg/common.h"
#include <vector>
struct ParserError : public std::runtime_error
{
+ ParserError(const std::string& message)
+ : runtime_error("Config is not valid. " + message),
+ position(0),
+ error(message)
+ {}
ParserError(size_t pos, const std::string& message)
: runtime_error("Parsing error at position " + x2str(pos) + ". " + message),
position(pos),
return -1;
uid_t res = str2uid(values[0]);
if (res == static_cast<uid_t>(-1))
- throw ParserError(0, "Invalid user name: '" + values[0] + "'");
+ throw ParserError("Invalid user name: '" + values[0] + "'");
return res;
}
return -1;
gid_t res = str2gid(values[0]);
if (res == static_cast<gid_t>(-1))
- throw ParserError(0, "Invalid group name: '" + values[0] + "'");
+ throw ParserError("Invalid group name: '" + values[0] + "'");
return res;
}
return -1;
mode_t res = str2mode(values[0]);
if (res == static_cast<mode_t>(-1))
- throw ParserError(0, "Invalid mode: '" + values[0] + "'");
+ throw ParserError("Invalid mode: '" + values[0] + "'");
return res;
}
uint16_t res = 0;
if (str2x(value, res) == 0)
return res;
- throw ParserError(0, "'" + value + "' is not a valid port number.");
+ throw ParserError("'" + value + "' is not a valid port number.");
}
typedef std::map<std::string, Config::ReturnCode> Codes;
return Config::Pairs();
}
+Config::Authorize parseAuthorize(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
+{
+ for (size_t i = 0; i < params.size(); ++i)
+ if (params[i].param == paramName)
+ return Config::Authorize(toPairs(params[i].value));
+ return Config::Authorize();
+}
+
Config::ReturnCode parseReturnCode(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
{
for (size_t i = 0; i < params.size(); ++i)
{
size_t pos = value.find_first_of(':');
if (pos == std::string::npos)
- throw ParserError(0, "Connection type is not specified. Should be either 'unix' or 'tcp'.");
+ throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
if (connectionType == Config::UNIX)
return value.substr(pos + 1);
std::string address(value.substr(pos + 1));
pos = address.find_first_of(':', pos + 1);
if (pos == std::string::npos)
- throw ParserError(0, "Port is not specified.");
+ throw ParserError("Port is not specified.");
return address.substr(0, pos - 1);
}
{
size_t pos = value.find_first_of(':');
if (pos == std::string::npos)
- throw ParserError(0, "Connection type is not specified. Should be either 'unix' or 'tcp'.");
+ throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
if (connectionType == Config::UNIX)
return "";
std::string address(value.substr(pos + 1));
pos = address.find_first_of(':', pos + 1);
if (pos == std::string::npos)
- throw ParserError(0, "Port is not specified.");
+ throw ParserError("Port is not specified.");
return address.substr(pos + 1);
}
{
size_t pos = address.find_first_of(':');
if (pos == std::string::npos)
- throw ParserError(0, "Connection type is not specified. Should be either 'unix' or 'tcp'.");
+ throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
std::string type = ToLower(address.substr(0, pos));
if (type == "unix")
return Config::UNIX;
else if (type == "tcp")
return Config::TCP;
- throw ParserError(0, "Invalid connection type. Should be either 'unix' or 'tcp', got '" + type + "'");
+ throw ParserError("Invalid connection type. Should be either 'unix' or 'tcp', got '" + type + "'");
}
Config::Section parseSection(const std::string& paramName, const std::vector<PARAM_VALUE>& params)
return Config::Section(parseVector("match", params[i].sections),
parseVector("modify", params[i].sections),
parseVector("reply", params[i].sections),
- parseReturnCode("no_match", params[i].sections));
+ parseReturnCode("no_match", params[i].sections),
+ parseAuthorize("authorize", params[i].sections));
return Config::Section();
}
} // namespace anonymous
+bool Config::Authorize::check(const USER& user, const Config::Pairs& radiusData) const
+{
+ if (!m_auth)
+ return false; // No flag - no authorization.
+
+ if (m_cond.empty())
+ return true; // Empty parameter - always authorize.
+
+ Config::Pairs::const_iterator it = m_cond.begin();
+ for (; it != m_cond.end(); ++it)
+ {
+ const Config::Pairs::const_iterator pos = radiusData.find(it->first);
+ if (pos == radiusData.end())
+ return false; // No required Radius parameter.
+ if (user.GetParamValue(it->second) != pos->second)
+ return false; // No match with the user.
+ }
+
+ return true;
+}
+
Config::Config(const MODULE_SETTINGS& settings)
: autz(parseSection("autz", settings.moduleParams)),
auth(parseSection("auth", settings.moduleParams)),
sockGID(parseGID("sock_group", settings.moduleParams)),
sockMode(parseMode("sock_mode", settings.moduleParams))
{
+ size_t count = 0;
+ if (autz.authorize.exists())
+ ++count;
+ if (auth.authorize.exists())
+ ++count;
+ if (postauth.authorize.exists())
+ ++count;
+ if (preacct.authorize.exists())
+ ++count;
+ if (acct.authorize.exists())
+ ++count;
+ if (count > 0)
+ throw ParserError("Authorization flag is specified in more than one section.");
}
git.stg.codes / stg.git / blobdiff