X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/114e097d3658e41e7946b5d5ba1ad2ffdc7fe2d9..9e6bfec34d7980e5c0af100110721ffd09f46e29:/projects/stargazer/plugins/other/radius/radius.cpp

diff --git a/projects/stargazer/plugins/other/radius/radius.cpp b/projects/stargazer/plugins/other/radius/radius.cpp
index 68a96d29..45a9d0e1 100644
--- a/projects/stargazer/plugins/other/radius/radius.cpp
+++ b/projects/stargazer/plugins/other/radius/radius.cpp
@@ -91,6 +91,11 @@ int RADIUS::Start()
 
 int RADIUS::Stop()
 {
+    std::set<std::string>::const_iterator it = m_logins.begin();
+    for (; it != m_logins.end(); ++it)
+        m_users->Unauthorize(*it, this, "Stopping RADIUS plugin.");
+    m_logins.clear();
+
     if (m_stopped)
         return 0;
 
@@ -176,6 +181,9 @@ int RADIUS::createUNIX() const
         m_logger(m_error);
         return 0;
     }
+    chown(m_config.bindAddress.c_str(), m_config.sockUID, m_config.sockGID);
+    if (m_config.sockMode != static_cast<mode_t>(-1))
+        chmod(m_config.bindAddress.c_str(), m_config.sockMode);
     return fd;
 }
 
@@ -339,7 +347,7 @@ void RADIUS::acceptUNIX()
         return;
     }
     printfd(__FILE__, "New UNIX connection: '%s'\n", addr.sun_path);
-    m_conns.push_back(new Conn(*m_users, m_logger, m_config, res, addr.sun_path));
+    m_conns.push_back(new Conn(*m_users, m_logger, *this, m_config, res, addr.sun_path));
 }
 
 void RADIUS::acceptTCP()
@@ -356,5 +364,27 @@ void RADIUS::acceptTCP()
     }
     std::string remote = inet_ntostring(addr.sin_addr.s_addr) + ":" + x2str(ntohs(addr.sin_port));
     printfd(__FILE__, "New TCP connection: '%s'\n", remote.c_str());
-    m_conns.push_back(new Conn(*m_users, m_logger, m_config, res, remote));
+    m_conns.push_back(new Conn(*m_users, m_logger, *this, m_config, res, remote));
+}
+
+void RADIUS::authorize(const USER& user)
+{
+    uint32_t ip = 0;
+    const std::string& login(user.GetLogin());
+    if (!m_users->Authorize(login, ip, 0xffFFffFF, this))
+    {
+        m_error = "Unable to authorize user '" + login + "' with ip " + inet_ntostring(ip) + ".";
+        m_logger(m_error);
+    }
+    else
+        m_logins.insert(login);
+}
+
+void RADIUS::unauthorize(const std::string& login, const std::string& reason)
+{
+    const std::set<std::string>::const_iterator it = m_logins.find(login);
+    if (it == m_logins.end())
+        return;
+    m_logins.erase(it);
+    m_users->Unauthorize(login, this, reason);
 }