+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-/*
- * FreeRADIUS module for data access via Stargazer
- *
- * $Revision: 1.8 $
- * $Date: 2010/08/14 04:15:08 $
- *
- */
-
-#include "iface.h"
-#include "stgpair.h"
-
-#include <freeradius/ident.h>
-#include <freeradius/radiusd.h>
-#include <freeradius/modules.h>
-
-#include <stddef.h> // size_t
-
-typedef struct rlm_stg_t {
- char* address;
-} rlm_stg_t;
-
-static const CONF_PARSER module_config[] = {
- { "address", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t, address), NULL, "unix:/var/run/stg.sock"},
-
- { NULL, -1, 0, NULL, NULL } /* end the list */
-};
-
-static void deletePairs(STG_PAIR* pairs)
-{
- free(pairs);
-}
-
-static size_t toVPS(const STG_PAIR* pairs, VALUE_PAIR** vps)
-{
- const STG_PAIR* pair = pairs;
- size_t count = 0;
-
- while (!emptyPair(pair)) {
- VALUE_PAIR* vp = pairmake(pair->key, pair->value, T_OP_SET);
- if (vp != NULL) {
- pairadd(vps, vp);
- ++count;
- }
- ++pair;
- }
-
- return count;
-}
-
-static size_t toReply(STG_RESULT result, REQUEST* request)
-{
- size_t count = 0;
-
- count += toVPS(result.modify, &request->config_items);
- pairfree(&request->reply->vps);
- count += toVPS(result.reply, &request->reply->vps);
-
- deletePairs(result.modify);
- deletePairs(result.reply);
-
- return count;
-}
-
-static int countVPS(const VALUE_PAIR* pairs)
-{
- unsigned count = 0;
- while (pairs != NULL) {
- ++count;
- pairs = pairs->next;
- }
- return count;
-}
-
-static STG_PAIR* fromVPS(const VALUE_PAIR* pairs)
-{
- unsigned size = countVPS(pairs);
- STG_PAIR* res = (STG_PAIR*)malloc(sizeof(STG_PAIR) * (size + 1));
- size_t pos = 0;
- while (pairs != NULL) {
- bzero(res[pos].key, sizeof(res[0].key));
- bzero(res[pos].value, sizeof(res[0].value));
- strncpy(res[pos].key, pairs->name, sizeof(res[0].key));
- vp_prints_value(res[pos].value, sizeof(res[0].value), (VALUE_PAIR*)pairs, 0);
- ++pos;
- pairs = pairs->next;
- }
- bzero(res[pos].key, sizeof(res[0].key));
- bzero(res[pos].value, sizeof(res[0].value));
- return res;
-}
-
-static int toRLMCode(int code)
-{
- switch (code)
- {
- case STG_REJECT: return RLM_MODULE_REJECT;
- case STG_FAIL: return RLM_MODULE_FAIL;
- case STG_OK: return RLM_MODULE_OK;
- case STG_HANDLED: return RLM_MODULE_HANDLED;
- case STG_INVALID: return RLM_MODULE_INVALID;
- case STG_USERLOCK: return RLM_MODULE_USERLOCK;
- case STG_NOTFOUND: return RLM_MODULE_NOTFOUND;
- case STG_NOOP: return RLM_MODULE_NOOP;
- case STG_UPDATED: return RLM_MODULE_UPDATED;
- }
- return RLM_MODULE_REJECT;
-}
-
-/*
- * Do any per-module initialization that is separate to each
- * configured instance of the module. e.g. set up connections
- * to external databases, read configuration files, set up
- * dictionary entries, etc.
- *
- * If configuration information is given in the config section
- * that must be referenced in later calls, store a handle to it
- * in *instance otherwise put a null pointer there.
- */
-static int stg_instantiate(CONF_SECTION* conf, void** instance)
-{
- rlm_stg_t* data;
-
- /*
- * Set up a storage area for instance data
- */
- data = rad_malloc(sizeof(*data));
- if (!data)
- return -1;
-
- memset(data, 0, sizeof(*data));
-
- /*
- * If the configuration parameters can't be parsed, then
- * fail.
- */
- if (cf_section_parse(conf, data, module_config) < 0) {
- free(data);
- return -1;
- }
-
- if (!stgInstantiateImpl(data->address)) {
- free(data);
- return -1;
- }
-
- *instance = data;
-
- return 0;
-}
-
-/*
- * Find the named user in this modules database. Create the set
- * of attribute-value pairs to check and reply with for this user
- * from the database. The authentication code only needs to check
- * the password, the rest is done here.
- */
-static int stg_authorize(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- instance = instance;
-
- DEBUG("rlm_stg: stg_authorize()");
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_authorize() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_authorize() request password field: '%s'", password);
- }
-
- result = stgAuthorizeImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_authorize() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * Authenticate the user with the given password.
- */
-static int stg_authenticate(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- instance = instance;
-
- DEBUG("rlm_stg: stg_authenticate()");
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_authenticate() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_authenticate() request password field: '%s'", password);
- }
-
- result = stgAuthenticateImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_authenticate() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * Massage the request before recording it or proxying it
- */
-static int stg_preacct(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- DEBUG("rlm_stg: stg_preacct()");
-
- instance = instance;
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_preacct() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_preacct() request password field: '%s'", password);
- }
-
- result = stgPreAcctImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_preacct() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * Write accounting information to this modules database.
- */
-static int stg_accounting(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- DEBUG("rlm_stg: stg_accounting()");
-
- instance = instance;
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_accounting() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_accounting() request password field: '%s'", password);
- }
-
- result = stgAccountingImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_accounting() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * See if a user is already logged in. Sets request->simul_count to the
- * current session count for this user and sets request->simul_mpp to 2
- * if it looks like a multilink attempt based on the requested IP
- * address, otherwise leaves request->simul_mpp alone.
- *
- * Check twice. If on the first pass the user exceeds his
- * max. number of logins, do a second pass and validate all
- * logins by querying the terminal server (using eg. SNMP).
- */
-static int stg_checksimul(void* instance, REQUEST* request)
-{
- DEBUG("rlm_stg: stg_checksimul()");
-
- instance = instance;
-
- request->simul_count = 0;
-
- return RLM_MODULE_OK;
-}
-
-static int stg_postauth(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- DEBUG("rlm_stg: stg_postauth()");
-
- instance = instance;
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_postauth() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_postauth() request password field: '%s'", password);
- }
-
- result = stgPostAuthImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_postauth() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-static int stg_detach(void* instance)
-{
- free(((struct rlm_stg_t*)instance)->address);
- free(instance);
- return 0;
-}
-
-module_t rlm_stg = {
- RLM_MODULE_INIT,
- "stg",
- RLM_TYPE_THREAD_UNSAFE, /* type */
- stg_instantiate, /* instantiation */
- stg_detach, /* detach */
- {
- stg_authenticate, /* authentication */
- stg_authorize, /* authorization */
- stg_preacct, /* preaccounting */
- stg_accounting, /* accounting */
- stg_checksimul, /* checksimul */
- NULL, /* pre-proxy */
- NULL, /* post-proxy */
- stg_postauth /* post-auth */
- },
-};