X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/d6e4a058a37bdaea7df8c8d360978c0dc8848fff..4a1a62fae847eab4e83fdd61a5c801e9ec99529e:/projects/stargazer/plugins/other/radius/config.cpp diff --git a/projects/stargazer/plugins/other/radius/config.cpp b/projects/stargazer/plugins/other/radius/config.cpp index 187620dd..79822852 100644 --- a/projects/stargazer/plugins/other/radius/config.cpp +++ b/projects/stargazer/plugins/other/radius/config.cpp @@ -20,6 +20,7 @@ #include "config.h" +#include "stg/user.h" #include "stg/common.h" #include @@ -34,6 +35,11 @@ namespace struct ParserError : public std::runtime_error { + ParserError(const std::string& message) + : runtime_error("Config is not valid. " + message), + position(0), + error(message) + {} ParserError(size_t pos, const std::string& message) : runtime_error("Parsing error at position " + x2str(pos) + ". " + message), position(pos), @@ -132,7 +138,7 @@ uid_t toUID(const std::vector& values) return -1; uid_t res = str2uid(values[0]); if (res == static_cast(-1)) - throw ParserError(0, "Invalid user name: '" + values[0] + "'"); + throw ParserError("Invalid user name: '" + values[0] + "'"); return res; } @@ -142,7 +148,7 @@ gid_t toGID(const std::vector& values) return -1; gid_t res = str2gid(values[0]); if (res == static_cast(-1)) - throw ParserError(0, "Invalid group name: '" + values[0] + "'"); + throw ParserError("Invalid group name: '" + values[0] + "'"); return res; } @@ -152,7 +158,7 @@ mode_t toMode(const std::vector& values) return -1; mode_t res = str2mode(values[0]); if (res == static_cast(-1)) - throw ParserError(0, "Invalid mode: '" + values[0] + "'"); + throw ParserError("Invalid mode: '" + values[0] + "'"); return res; } @@ -167,6 +173,46 @@ T toInt(const std::vector& values) return 0; } +uint16_t toPort(const std::string& value) +{ + if (value.empty()) + return 0; + uint16_t res = 0; + if (str2x(value, res) == 0) + return res; + throw ParserError("'" + value + "' is not a valid port number."); +} + +typedef std::map Codes; + +// One-time call to initialize the list of codes. +Codes getCodes() +{ + Codes res; + res["reject"] = Config::REJECT; + res["fail"] = Config::FAIL; + res["ok"] = Config::OK; + res["handled"] = Config::HANDLED; + res["invalid"] = Config::INVALID; + res["userlock"] = Config::USERLOCK; + res["notfound"] = Config::NOTFOUND; + res["noop"] = Config::NOOP; + res["updated"] = Config::UPDATED; + return res; +} + +Config::ReturnCode toReturnCode(const std::vector& values) +{ + static Codes codes(getCodes()); + if (values.empty()) + return Config::REJECT; + std::string code = ToLower(values[0]); + const Codes::const_iterator it = codes.find(code); + if (it == codes.end()) + return Config::REJECT; + return it->second; +} + Config::Pairs parseVector(const std::string& paramName, const std::vector& params) { for (size_t i = 0; i < params.size(); ++i) @@ -175,6 +221,22 @@ Config::Pairs parseVector(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return Config::Authorize(toPairs(params[i].value)); + return Config::Authorize(); +} + +Config::ReturnCode parseReturnCode(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return toReturnCode(params[i].value); + return Config::REJECT; +} + bool parseBool(const std::string& paramName, const std::vector& params) { for (size_t i = 0; i < params.size(); ++i) @@ -191,11 +253,31 @@ std::string parseString(const std::string& paramName, const std::vector& params) @@ -218,7 +300,9 @@ Config::Section parseSection(const std::string& paramName, const std::vector& p } // namespace anonymous +bool Config::Authorize::check(const USER& user, const Config::Pairs& radiusData) const +{ + if (!m_auth) + return false; // No flag - no authorization. + + if (m_cond.empty()) + return true; // Empty parameter - always authorize. + + Config::Pairs::const_iterator it = m_cond.begin(); + for (; it != m_cond.end(); ++it) + { + const Config::Pairs::const_iterator pos = radiusData.find(it->first); + if (pos == radiusData.end()) + return false; // No required Radius parameter. + if (user.GetParamValue(it->second) != pos->second) + return false; // No match with the user. + } + + return true; +} + Config::Config(const MODULE_SETTINGS& settings) : autz(parseSection("autz", settings.moduleParams)), auth(parseSection("auth", settings.moduleParams)), @@ -256,11 +361,26 @@ Config::Config(const MODULE_SETTINGS& settings) acct(parseSection("acct", settings.moduleParams)), verbose(parseBool("verbose", settings.moduleParams)), address(parseString("bind_address", settings.moduleParams)), - bindAddress(parseAddress(address)), connectionType(parseConnectionType(address)), + bindAddress(parseAddress(connectionType, address)), + portStr(parsePort(connectionType, address)), + port(toPort(portStr)), key(parseString("key", settings.moduleParams)), sockUID(parseUID("sock_owner", settings.moduleParams)), sockGID(parseGID("sock_group", settings.moduleParams)), sockMode(parseMode("sock_mode", settings.moduleParams)) { + size_t count = 0; + if (autz.authorize.exists()) + ++count; + if (auth.authorize.exists()) + ++count; + if (postauth.authorize.exists()) + ++count; + if (preacct.authorize.exists()) + ++count; + if (acct.authorize.exists()) + ++count; + if (count > 0) + throw ParserError("Authorization flag is specified in more than one section."); }