#include <cstdlib>
#include <cstring>
+#include <exception>
+
extern "C" {
#include "radius.h"
#include "modules.h"
volatile time_t stgTime;
/*
- * Define a structure for our module configuration.
+ * Define a structure for our module configuration.
*
- * These variables do not need to be in a structure, but it's
- * a lot cleaner to do so, and a pointer to the structure can
- * be used as the instance handle.
+ * These variables do not need to be in a structure, but it's
+ * a lot cleaner to do so, and a pointer to the structure can
+ * be used as the instance handle.
*/
typedef struct rlm_stg_t {
char * server;
} rlm_stg_t;
/*
- * A mapping of configuration file names to internal variables.
+ * A mapping of configuration file names to internal variables.
*
- * Note that the string is dynamically allocated, so it MUST
- * be freed. When the configuration file parse re-reads the string,
- * it free's the old one, and strdup's the new one, placing the pointer
- * to the strdup'd string into 'config.string'. This gets around
- * buffer over-flows.
+ * Note that the string is dynamically allocated, so it MUST
+ * be freed. When the configuration file parse re-reads the string,
+ * it free's the old one, and strdup's the new one, placing the pointer
+ * to the strdup'd string into 'config.string'. This gets around
+ * buffer over-flows.
*/
static CONF_PARSER module_config[] = {
{ "password", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,password), NULL, NULL},
{ "port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,port), NULL, "5555" },
{ "local_port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,localPort), NULL, "0" },
- { NULL, -1, 0, NULL, NULL } /* end the list */
+ { NULL, -1, 0, NULL, NULL } /* end the list */
};
/*
- * Do any per-module initialization that is separate to each
- * configured instance of the module. e.g. set up connections
- * to external databases, read configuration files, set up
- * dictionary entries, etc.
+ * Do any per-module initialization that is separate to each
+ * configured instance of the module. e.g. set up connections
+ * to external databases, read configuration files, set up
+ * dictionary entries, etc.
*
- * If configuration information is given in the config section
- * that must be referenced in later calls, store a handle to it
- * in *instance otherwise put a null pointer there.
+ * If configuration information is given in the config section
+ * that must be referenced in later calls, store a handle to it
+ * in *instance otherwise put a null pointer there.
*/
static int stg_instantiate(CONF_SECTION *conf, void **instance)
{
- rlm_stg_t *data;
-
- /*
- * Set up a storage area for instance data
- */
- DEBUG("rlm_stg: stg_instantiate()");
- data = (rlm_stg_t *)rad_malloc(sizeof(rlm_stg_t));
- if (!data) {
- return -1;
- }
- memset(data, 0, sizeof(rlm_stg_t));
-
- /*
- * If the configuration parameters can't be parsed, then
- * fail.
- */
- if (cf_section_parse(conf, data, module_config) < 0) {
- free(data);
- return -1;
- }
-
- cli = new STG_CLIENT();
- cli->SetServer(data->server);
- cli->SetPort(data->port);
- cli->SetLocalPort(data->localPort);
- cli->SetPassword(data->password);
- if (cli->Start()) {
- DEBUG("rlm_stg: stg_instantiate() error: '%s'", cli->GetError().c_str());
- return -1;
- }
-
- *instance = data;
-
- return 0;
+ rlm_stg_t *data;
+
+ /*
+ * Set up a storage area for instance data
+ */
+ DEBUG("rlm_stg: stg_instantiate()");
+ data = (rlm_stg_t *)rad_malloc(sizeof(rlm_stg_t));
+ if (!data) {
+ return -1;
+ }
+ memset(data, 0, sizeof(rlm_stg_t));
+
+ /*
+ * If the configuration parameters can't be parsed, then
+ * fail.
+ */
+ if (cf_section_parse(conf, data, module_config) < 0) {
+ free(data);
+ return -1;
+ }
+
+ try {
+ cli = new STG_CLIENT(data->server, data->port, data->localPort, data->password);
+ }
+ catch (std::exception & ex) {
+ DEBUG("rlm_stg: stg_instantiate() error: '%s'", ex.what());
+ return -1;
+ }
+
+ *instance = data;
+
+ return 0;
}
/*
- * Find the named user in this modules database. Create the set
- * of attribute-value pairs to check and reply with for this user
- * from the database. The authentication code only needs to check
- * the password, the rest is done here.
+ * Find the named user in this modules database. Create the set
+ * of attribute-value pairs to check and reply with for this user
+ * from the database. The authentication code only needs to check
+ * the password, the rest is done here.
*/
-static int stg_authorize(void *instance, REQUEST *request)
+static int stg_authorize(void *, REQUEST *request)
{
- VALUE_PAIR *uname;
- VALUE_PAIR *pwd;
- VALUE_PAIR *svc;
- DEBUG("rlm_stg: stg_authorize()");
-
- /* quiet the compiler */
- instance = instance;
- request = request;
-
- uname = pairfind(request->packet->vps, PW_USER_NAME);
- if (uname) {
- DEBUG("rlm_stg: stg_authorize() user name defined as '%s'", uname->vp_strvalue);
- } else {
- DEBUG("rlm_stg: stg_authorize() user name undefined");
- return RLM_MODULE_FAIL;
- }
- if (request->username) {
- DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue);
+ VALUE_PAIR *uname;
+ VALUE_PAIR *pwd;
+ VALUE_PAIR *svc;
+ DEBUG("rlm_stg: stg_authorize()");
+
+ uname = pairfind(request->packet->vps, PW_USER_NAME);
+ if (uname) {
+ DEBUG("rlm_stg: stg_authorize() user name defined as '%s'", uname->vp_strvalue);
+ } else {
+ DEBUG("rlm_stg: stg_authorize() user name undefined");
+ return RLM_MODULE_FAIL;
+ }
+ if (request->username) {
+ DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue);
+ }
+ if (request->password) {
+ DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue);
+ }
+ // Here we need to define Framed-Protocol
+ svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
+ if (svc) {
+ DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue);
+ if (cli->Authorize((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
+ DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_REJECT;
}
- if (request->password) {
- DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue);
+ } else {
+ DEBUG("rlm_stg: stg_authorize() Service-Type undefined");
+ if (cli->Authorize((const char *)request->username->vp_strvalue, "")) {
+ DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_REJECT;
}
- // Here we need to define Framed-Protocol
- svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
- if (svc) {
- DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue);
- if (cli->Authorize((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
- DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str());
- return RLM_MODULE_REJECT;
- }
- } else {
- DEBUG("rlm_stg: stg_authorize() Service-Type undefined");
- if (cli->Authorize((const char *)request->username->vp_strvalue, "")) {
- DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str());
- return RLM_MODULE_REJECT;
- }
- }
- pwd = pairmake("Cleartext-Password", cli->GetUserPassword().c_str(), T_OP_SET);
- pairadd(&request->config_items, pwd);
- //pairadd(&request->reply->vps, uname);
+ }
+ pwd = pairmake("Cleartext-Password", cli->GetUserPassword().c_str(), T_OP_SET);
+ pairadd(&request->config_items, pwd);
+ //pairadd(&request->reply->vps, uname);
- return RLM_MODULE_UPDATED;
+ return RLM_MODULE_UPDATED;
}
/*
- * Authenticate the user with the given password.
+ * Authenticate the user with the given password.
*/
-static int stg_authenticate(void *instance, REQUEST *request)
+static int stg_authenticate(void *, REQUEST *request)
{
- /* quiet the compiler */
- VALUE_PAIR *svc;
- instance = instance;
- request = request;
- DEBUG("rlm_stg: stg_authenticate()");
- svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
- if (svc) {
- DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue);
- if (cli->Authenticate((char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
- DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str());
- return RLM_MODULE_REJECT;
- }
- } else {
- DEBUG("rlm_stg: stg_authenticate() Service-Type undefined");
- if (cli->Authenticate((char *)request->username->vp_strvalue, "")) {
- DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str());
- return RLM_MODULE_REJECT;
- }
+ /* quiet the compiler */
+ VALUE_PAIR *svc;
+
+ DEBUG("rlm_stg: stg_authenticate()");
+
+ svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
+ if (svc) {
+ DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue);
+ if (cli->Authenticate((char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
+ DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_REJECT;
+ }
+ } else {
+ DEBUG("rlm_stg: stg_authenticate() Service-Type undefined");
+ if (cli->Authenticate((char *)request->username->vp_strvalue, "")) {
+ DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_REJECT;
}
+ }
- return RLM_MODULE_NOOP;
+ return RLM_MODULE_NOOP;
}
/*
- * Massage the request before recording it or proxying it
+ * Massage the request before recording it or proxying it
*/
-static int stg_preacct(void *instance, REQUEST *request)
+static int stg_preacct(void *, REQUEST *)
{
- /* quiet the compiler */
- instance = instance;
- request = request;
- DEBUG("rlm_stg: stg_preacct()");
+ DEBUG("rlm_stg: stg_preacct()");
- return RLM_MODULE_OK;
+ return RLM_MODULE_OK;
}
/*
- * Write accounting information to this modules database.
+ * Write accounting information to this modules database.
*/
-static int stg_accounting(void *instance, REQUEST *request)
+static int stg_accounting(void *, REQUEST * request)
{
- /* quiet the compiler */
- VALUE_PAIR * sttype;
- VALUE_PAIR * svc;
- VALUE_PAIR * sessid;
- svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
- instance = instance;
- request = request;
- DEBUG("rlm_stg: stg_accounting()");
-
- sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID);
- if (!sessid) {
- DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined");
- return RLM_MODULE_FAIL;
- }
- sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE);
- if (sttype) {
- DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue);
- if (svc) {
- DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue);
- if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sessid->vp_strvalue)) {
- DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str());
- return RLM_MODULE_FAIL;
- }
- } else {
- DEBUG("rlm_stg: stg_accounting() Service-Type undefined");
- if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, "", (const char *)sessid->vp_strvalue)) {
- DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str());
- return RLM_MODULE_FAIL;
- }
+ /* quiet the compiler */
+ VALUE_PAIR * sttype;
+ VALUE_PAIR * svc;
+ VALUE_PAIR * sessid;
+ svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
+
+ DEBUG("rlm_stg: stg_accounting()");
+
+ sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID);
+ if (!sessid) {
+ DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined");
+ return RLM_MODULE_FAIL;
+ }
+ sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE);
+ if (sttype) {
+ DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue);
+ if (svc) {
+ DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue);
+ if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sessid->vp_strvalue)) {
+ DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_FAIL;
}
} else {
- DEBUG("Acct-Status-Type := NULL");
+ DEBUG("rlm_stg: stg_accounting() Service-Type undefined");
+ if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, "", (const char *)sessid->vp_strvalue)) {
+ DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_FAIL;
+ }
}
+ } else {
+ DEBUG("Acct-Status-Type := NULL");
+ }
- return RLM_MODULE_OK;
+ return RLM_MODULE_OK;
}
/*
- * See if a user is already logged in. Sets request->simul_count to the
- * current session count for this user and sets request->simul_mpp to 2
- * if it looks like a multilink attempt based on the requested IP
- * address, otherwise leaves request->simul_mpp alone.
+ * See if a user is already logged in. Sets request->simul_count to the
+ * current session count for this user and sets request->simul_mpp to 2
+ * if it looks like a multilink attempt based on the requested IP
+ * address, otherwise leaves request->simul_mpp alone.
*
- * Check twice. If on the first pass the user exceeds his
- * max. number of logins, do a second pass and validate all
- * logins by querying the terminal server (using eg. SNMP).
+ * Check twice. If on the first pass the user exceeds his
+ * max. number of logins, do a second pass and validate all
+ * logins by querying the terminal server (using eg. SNMP).
*/
-static int stg_checksimul(void *instance, REQUEST *request)
+static int stg_checksimul(void *, REQUEST *request)
{
- instance = instance;
- DEBUG("rlm_stg: stg_checksimul()");
+ DEBUG("rlm_stg: stg_checksimul()");
- request->simul_count=0;
+ request->simul_count=0;
- return RLM_MODULE_OK;
+ return RLM_MODULE_OK;
}
-static int stg_postauth(void *instance, REQUEST *request)
+static int stg_postauth(void *, REQUEST *request)
{
- instance = instance;
- VALUE_PAIR *fia;
- VALUE_PAIR *svc;
- struct in_addr fip;
- DEBUG("rlm_stg: stg_postauth()");
- svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
- if (svc) {
- DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue);
- if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
- DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str());
- return RLM_MODULE_FAIL;
- }
- } else {
- DEBUG("rlm_stg: stg_postauth() Service-Type undefined");
- if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, "")) {
- DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str());
- return RLM_MODULE_FAIL;
- }
+ VALUE_PAIR *fia;
+ VALUE_PAIR *svc;
+ struct in_addr fip;
+ DEBUG("rlm_stg: stg_postauth()");
+ svc = pairfind(request->packet->vps, PW_SERVICE_TYPE);
+ if (svc) {
+ DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue);
+ if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) {
+ DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_FAIL;
}
- if (strncmp((const char *)svc->vp_strvalue, "Framed-User", 11) == 0) {
- fip.s_addr = cli->GetFramedIP();
- DEBUG("rlm_stg: stg_postauth() ip = '%s'", inet_ntostring(fip.s_addr).c_str());
- fia = pairmake("Framed-IP-Address", inet_ntostring(fip.s_addr).c_str(), T_OP_SET);
- pairadd(&request->reply->vps, fia);
+ } else {
+ DEBUG("rlm_stg: stg_postauth() Service-Type undefined");
+ if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, "")) {
+ DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str());
+ return RLM_MODULE_FAIL;
}
-
- return RLM_MODULE_UPDATED;
+ }
+ if (strncmp((const char *)svc->vp_strvalue, "Framed-User", 11) == 0) {
+ fip.s_addr = cli->GetFramedIP();
+ DEBUG("rlm_stg: stg_postauth() ip = '%s'", inet_ntostring(fip.s_addr).c_str());
+ fia = pairmake("Framed-IP-Address", inet_ntostring(fip.s_addr).c_str(), T_OP_SET);
+ pairadd(&request->reply->vps, fia);
+ }
+
+ return RLM_MODULE_UPDATED;
}
static int stg_detach(void *instance)
{
- DEBUG("rlm_stg: stg_detach()");
- cli->Stop();
- delete cli;
- free(((struct rlm_stg_t *)instance)->server);
- free(((struct rlm_stg_t *)instance)->password);
- free(instance);
- return 0;
+ DEBUG("rlm_stg: stg_detach()");
+ delete cli;
+ free(((struct rlm_stg_t *)instance)->server);
+ free(((struct rlm_stg_t *)instance)->password);
+ free(instance);
+ return 0;
}
/*
- * The module name should be the only globally exported symbol.
- * That is, everything else should be 'static'.
+ * The module name should be the only globally exported symbol.
+ * That is, everything else should be 'static'.
*
- * If the module needs to temporarily modify it's instantiation
- * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
- * The server will then take care of ensuring that the module
- * is single-threaded.
+ * If the module needs to temporarily modify it's instantiation
+ * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
+ * The server will then take care of ensuring that the module
+ * is single-threaded.
*/
module_t rlm_stg = {
- RLM_MODULE_INIT,
- "stg",
- RLM_TYPE_THREAD_SAFE, /* type */
- stg_instantiate, /* instantiation */
- stg_detach, /* detach */
- {
- stg_authenticate, /* authentication */
- stg_authorize, /* authorization */
- stg_preacct, /* preaccounting */
- stg_accounting, /* accounting */
- stg_checksimul, /* checksimul */
- NULL, /* pre-proxy */
- NULL, /* post-proxy */
- stg_postauth /* post-auth */
- },
+ RLM_MODULE_INIT,
+ "stg",
+ RLM_TYPE_THREAD_SAFE, /* type */
+ stg_instantiate, /* instantiation */
+ stg_detach, /* detach */
+ {
+ stg_authenticate, /* authentication */
+ stg_authorize, /* authorization */
+ stg_preacct, /* preaccounting */
+ stg_accounting, /* accounting */
+ stg_checksimul, /* checksimul */
+ NULL, /* pre-proxy */
+ NULL, /* post-proxy */
+ stg_postauth /* post-auth */
+ },
};