X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/8c6fa3fbaccc22127280bf77a48fab5a3ee0716e..46b0747592074017ff0ea4b33d4a7194235886e5:/stargazer/plugins/other/radius/config.cpp diff --git a/stargazer/plugins/other/radius/config.cpp b/stargazer/plugins/other/radius/config.cpp new file mode 100644 index 00000000..79822852 --- /dev/null +++ b/stargazer/plugins/other/radius/config.cpp @@ -0,0 +1,386 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +/* + * Author : Maxim Mamontov + */ + +#include "config.h" + +#include "stg/user.h" +#include "stg/common.h" + +#include +#include + +#include // strncasecmp + +using STG::Config; + +namespace +{ + +struct ParserError : public std::runtime_error +{ + ParserError(const std::string& message) + : runtime_error("Config is not valid. " + message), + position(0), + error(message) + {} + ParserError(size_t pos, const std::string& message) + : runtime_error("Parsing error at position " + x2str(pos) + ". " + message), + position(pos), + error(message) + {} + virtual ~ParserError() throw() {} + + size_t position; + std::string error; +}; + +size_t skipSpaces(const std::string& value, size_t start) +{ + while (start < value.length() && std::isspace(value[start])) + ++start; + return start; +} + +size_t checkChar(const std::string& value, size_t start, char ch) +{ + if (start >= value.length()) + throw ParserError(start, "Unexpected end of string. Expected '" + std::string(1, ch) + "'."); + if (value[start] != ch) + throw ParserError(start, "Expected '" + std::string(1, ch) + "', got '" + std::string(1, value[start]) + "'."); + return start + 1; +} + +std::pair readString(const std::string& value, size_t start) +{ + std::string dest; + while (start < value.length() && !std::isspace(value[start]) && + value[start] != ',' && value[start] != '(' && value[start] != ')') + dest.push_back(value[start++]); + if (dest.empty()) { + if (start == value.length()) + throw ParserError(start, "Unexpected end of string. Expected string."); + else + throw ParserError(start, "Unexpected whitespace. Expected string."); + } + return std::make_pair(start, dest); +} + +Config::Pairs toPairs(const std::vector& values) +{ + if (values.empty()) + return Config::Pairs(); + std::string value(values[0]); + Config::Pairs res; + size_t start = 0; + while (start < value.size()) { + Config::Pair pair; + start = skipSpaces(value, start); + if (!res.empty()) + { + start = checkChar(value, start, ','); + start = skipSpaces(value, start); + } + size_t pairStart = start; + start = checkChar(value, start, '('); + const std::pair key = readString(value, start); + start = key.first; + pair.first = key.second; + start = skipSpaces(value, start); + start = checkChar(value, start, ','); + start = skipSpaces(value, start); + const std::pair val = readString(value, start); + start = val.first; + pair.second = val.second; + start = skipSpaces(value, start); + start = checkChar(value, start, ')'); + if (res.find(pair.first) != res.end()) + throw ParserError(pairStart, "Duplicate field."); + res.insert(pair); + } + return res; +} + +bool toBool(const std::vector& values) +{ + if (values.empty()) + return false; + std::string value(values[0]); + return strncasecmp(value.c_str(), "yes", 3) == 0; +} + +std::string toString(const std::vector& values) +{ + if (values.empty()) + return ""; + return values[0]; +} + +uid_t toUID(const std::vector& values) +{ + if (values.empty()) + return -1; + uid_t res = str2uid(values[0]); + if (res == static_cast(-1)) + throw ParserError("Invalid user name: '" + values[0] + "'"); + return res; +} + +gid_t toGID(const std::vector& values) +{ + if (values.empty()) + return -1; + gid_t res = str2gid(values[0]); + if (res == static_cast(-1)) + throw ParserError("Invalid group name: '" + values[0] + "'"); + return res; +} + +mode_t toMode(const std::vector& values) +{ + if (values.empty()) + return -1; + mode_t res = str2mode(values[0]); + if (res == static_cast(-1)) + throw ParserError("Invalid mode: '" + values[0] + "'"); + return res; +} + +template +T toInt(const std::vector& values) +{ + if (values.empty()) + return 0; + T res = 0; + if (str2x(values[0], res) == 0) + return res; + return 0; +} + +uint16_t toPort(const std::string& value) +{ + if (value.empty()) + return 0; + uint16_t res = 0; + if (str2x(value, res) == 0) + return res; + throw ParserError("'" + value + "' is not a valid port number."); +} + +typedef std::map Codes; + +// One-time call to initialize the list of codes. +Codes getCodes() +{ + Codes res; + res["reject"] = Config::REJECT; + res["fail"] = Config::FAIL; + res["ok"] = Config::OK; + res["handled"] = Config::HANDLED; + res["invalid"] = Config::INVALID; + res["userlock"] = Config::USERLOCK; + res["notfound"] = Config::NOTFOUND; + res["noop"] = Config::NOOP; + res["updated"] = Config::UPDATED; + return res; +} + +Config::ReturnCode toReturnCode(const std::vector& values) +{ + static Codes codes(getCodes()); + if (values.empty()) + return Config::REJECT; + std::string code = ToLower(values[0]); + const Codes::const_iterator it = codes.find(code); + if (it == codes.end()) + return Config::REJECT; + return it->second; +} + +Config::Pairs parseVector(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toPairs(params[i].value); + return Config::Pairs(); +} + +Config::Authorize parseAuthorize(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return Config::Authorize(toPairs(params[i].value)); + return Config::Authorize(); +} + +Config::ReturnCode parseReturnCode(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toReturnCode(params[i].value); + return Config::REJECT; +} + +bool parseBool(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toBool(params[i].value); + return false; +} + +std::string parseString(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toString(params[i].value); + return ""; +} + +std::string parseAddress(Config::Type connectionType, const std::string& value) +{ + size_t pos = value.find_first_of(':'); + if (pos == std::string::npos) + throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'."); + if (connectionType == Config::UNIX) + return value.substr(pos + 1); + std::string address(value.substr(pos + 1)); + pos = address.find_first_of(':', pos + 1); + if (pos == std::string::npos) + throw ParserError("Port is not specified."); + return address.substr(0, pos - 1); +} + +std::string parsePort(Config::Type connectionType, const std::string& value) +{ + size_t pos = value.find_first_of(':'); + if (pos == std::string::npos) + throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'."); + if (connectionType == Config::UNIX) + return ""; + std::string address(value.substr(pos + 1)); + pos = address.find_first_of(':', pos + 1); + if (pos == std::string::npos) + throw ParserError("Port is not specified."); + return address.substr(pos + 1); +} + +Config::Type parseConnectionType(const std::string& address) +{ + size_t pos = address.find_first_of(':'); + if (pos == std::string::npos) + throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'."); + std::string type = ToLower(address.substr(0, pos)); + if (type == "unix") + return Config::UNIX; + else if (type == "tcp") + return Config::TCP; + throw ParserError("Invalid connection type. Should be either 'unix' or 'tcp', got '" + type + "'"); +} + +Config::Section parseSection(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return Config::Section(parseVector("match", params[i].sections), + parseVector("modify", params[i].sections), + parseVector("reply", params[i].sections), + parseReturnCode("no_match", params[i].sections), + parseAuthorize("authorize", params[i].sections)); + return Config::Section(); +} + +uid_t parseUID(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toUID(params[i].value); + return -1; +} + +gid_t parseGID(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toGID(params[i].value); + return -1; +} + +mode_t parseMode(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toMode(params[i].value); + return -1; +} + +} // namespace anonymous + +bool Config::Authorize::check(const USER& user, const Config::Pairs& radiusData) const +{ + if (!m_auth) + return false; // No flag - no authorization. + + if (m_cond.empty()) + return true; // Empty parameter - always authorize. + + Config::Pairs::const_iterator it = m_cond.begin(); + for (; it != m_cond.end(); ++it) + { + const Config::Pairs::const_iterator pos = radiusData.find(it->first); + if (pos == radiusData.end()) + return false; // No required Radius parameter. + if (user.GetParamValue(it->second) != pos->second) + return false; // No match with the user. + } + + return true; +} + +Config::Config(const MODULE_SETTINGS& settings) + : autz(parseSection("autz", settings.moduleParams)), + auth(parseSection("auth", settings.moduleParams)), + postauth(parseSection("postauth", settings.moduleParams)), + preacct(parseSection("preacct", settings.moduleParams)), + acct(parseSection("acct", settings.moduleParams)), + verbose(parseBool("verbose", settings.moduleParams)), + address(parseString("bind_address", settings.moduleParams)), + connectionType(parseConnectionType(address)), + bindAddress(parseAddress(connectionType, address)), + portStr(parsePort(connectionType, address)), + port(toPort(portStr)), + key(parseString("key", settings.moduleParams)), + sockUID(parseUID("sock_owner", settings.moduleParams)), + sockGID(parseGID("sock_group", settings.moduleParams)), + sockMode(parseMode("sock_mode", settings.moduleParams)) +{ + size_t count = 0; + if (autz.authorize.exists()) + ++count; + if (auth.authorize.exists()) + ++count; + if (postauth.authorize.exists()) + ++count; + if (preacct.authorize.exists()) + ++count; + if (acct.authorize.exists()) + ++count; + if (count > 0) + throw ParserError("Authorization flag is specified in more than one section."); +}