X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/dabab7c78d2a621f1a6c22b14ec29b7fa7f4ad6e..1911f68bb36127dfecfcd0fd71726069837053a0:/projects/rlm_stg/rlm_stg.cpp?ds=sidebyside diff --git a/projects/rlm_stg/rlm_stg.cpp b/projects/rlm_stg/rlm_stg.cpp index c5b5d7d9..f93390cb 100644 --- a/projects/rlm_stg/rlm_stg.cpp +++ b/projects/rlm_stg/rlm_stg.cpp @@ -30,23 +30,25 @@ #include #include +#include + extern "C" { #include "radius.h" #include "modules.h" } #include "stg_client.h" -#include "common.h" +#include "stg/common.h" STG_CLIENT * cli; volatile time_t stgTime; /* - * Define a structure for our module configuration. + * Define a structure for our module configuration. * - * These variables do not need to be in a structure, but it's - * a lot cleaner to do so, and a pointer to the structure can - * be used as the instance handle. + * These variables do not need to be in a structure, but it's + * a lot cleaner to do so, and a pointer to the structure can + * be used as the instance handle. */ typedef struct rlm_stg_t { char * server; @@ -56,13 +58,13 @@ typedef struct rlm_stg_t { } rlm_stg_t; /* - * A mapping of configuration file names to internal variables. + * A mapping of configuration file names to internal variables. * - * Note that the string is dynamically allocated, so it MUST - * be freed. When the configuration file parse re-reads the string, - * it free's the old one, and strdup's the new one, placing the pointer - * to the strdup'd string into 'config.string'. This gets around - * buffer over-flows. + * Note that the string is dynamically allocated, so it MUST + * be freed. When the configuration file parse re-reads the string, + * it free's the old one, and strdup's the new one, placing the pointer + * to the strdup'd string into 'config.string'. This gets around + * buffer over-flows. */ static CONF_PARSER module_config[] = { { "password", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,password), NULL, NULL}, @@ -70,277 +72,264 @@ static CONF_PARSER module_config[] = { { "port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,port), NULL, "5555" }, { "local_port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,localPort), NULL, "0" }, - { NULL, -1, 0, NULL, NULL } /* end the list */ + { NULL, -1, 0, NULL, NULL } /* end the list */ }; /* - * Do any per-module initialization that is separate to each - * configured instance of the module. e.g. set up connections - * to external databases, read configuration files, set up - * dictionary entries, etc. + * Do any per-module initialization that is separate to each + * configured instance of the module. e.g. set up connections + * to external databases, read configuration files, set up + * dictionary entries, etc. * - * If configuration information is given in the config section - * that must be referenced in later calls, store a handle to it - * in *instance otherwise put a null pointer there. + * If configuration information is given in the config section + * that must be referenced in later calls, store a handle to it + * in *instance otherwise put a null pointer there. */ static int stg_instantiate(CONF_SECTION *conf, void **instance) { - rlm_stg_t *data; - - /* - * Set up a storage area for instance data - */ - DEBUG("rlm_stg: stg_instantiate()"); - data = (rlm_stg_t *)rad_malloc(sizeof(rlm_stg_t)); - if (!data) { - return -1; - } - memset(data, 0, sizeof(rlm_stg_t)); - - /* - * If the configuration parameters can't be parsed, then - * fail. - */ - if (cf_section_parse(conf, data, module_config) < 0) { - free(data); - return -1; - } - - cli = new STG_CLIENT(); - cli->SetServer(data->server); - cli->SetPort(data->port); - cli->SetLocalPort(data->localPort); - cli->SetPassword(data->password); - if (cli->Start()) { - DEBUG("rlm_stg: stg_instantiate() error: '%s'", cli->GetError().c_str()); - return -1; - } - - *instance = data; - - return 0; + rlm_stg_t *data; + + /* + * Set up a storage area for instance data + */ + DEBUG("rlm_stg: stg_instantiate()"); + data = (rlm_stg_t *)rad_malloc(sizeof(rlm_stg_t)); + if (!data) { + return -1; + } + memset(data, 0, sizeof(rlm_stg_t)); + + /* + * If the configuration parameters can't be parsed, then + * fail. + */ + if (cf_section_parse(conf, data, module_config) < 0) { + free(data); + return -1; + } + + try { + cli = new STG_CLIENT(data->server, data->port, data->localPort, data->password); + } + catch (std::exception & ex) { + DEBUG("rlm_stg: stg_instantiate() error: '%s'", ex.what()); + return -1; + } + + *instance = data; + + return 0; } /* - * Find the named user in this modules database. Create the set - * of attribute-value pairs to check and reply with for this user - * from the database. The authentication code only needs to check - * the password, the rest is done here. + * Find the named user in this modules database. Create the set + * of attribute-value pairs to check and reply with for this user + * from the database. The authentication code only needs to check + * the password, the rest is done here. */ -static int stg_authorize(void *instance, REQUEST *request) +static int stg_authorize(void *, REQUEST *request) { - VALUE_PAIR *uname; - VALUE_PAIR *pwd; - VALUE_PAIR *svc; - DEBUG("rlm_stg: stg_authorize()"); - - /* quiet the compiler */ - instance = instance; - request = request; - - uname = pairfind(request->packet->vps, PW_USER_NAME); - if (uname) { - DEBUG("rlm_stg: stg_authorize() user name defined as '%s'", uname->vp_strvalue); - } else { - DEBUG("rlm_stg: stg_authorize() user name undefined"); - return RLM_MODULE_FAIL; - } - if (request->username) { - DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue); + VALUE_PAIR *uname; + VALUE_PAIR *pwd; + VALUE_PAIR *svc; + DEBUG("rlm_stg: stg_authorize()"); + + uname = pairfind(request->packet->vps, PW_USER_NAME); + if (uname) { + DEBUG("rlm_stg: stg_authorize() user name defined as '%s'", uname->vp_strvalue); + } else { + DEBUG("rlm_stg: stg_authorize() user name undefined"); + return RLM_MODULE_FAIL; + } + if (request->username) { + DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue); + } + if (request->password) { + DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue); + } + // Here we need to define Framed-Protocol + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + if (svc) { + DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue); + if (cli->Authorize((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { + DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str()); + return RLM_MODULE_REJECT; } - if (request->password) { - DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue); + } else { + DEBUG("rlm_stg: stg_authorize() Service-Type undefined"); + if (cli->Authorize((const char *)request->username->vp_strvalue, "")) { + DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str()); + return RLM_MODULE_REJECT; } - // Here we need to define Framed-Protocol - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - if (svc) { - DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->Authorize((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { - DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } - } else { - DEBUG("rlm_stg: stg_authorize() Service-Type undefined"); - if (cli->Authorize((const char *)request->username->vp_strvalue, "")) { - DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } - } - pwd = pairmake("Cleartext-Password", cli->GetUserPassword().c_str(), T_OP_SET); - pairadd(&request->config_items, pwd); - //pairadd(&request->reply->vps, uname); + } + pwd = pairmake("Cleartext-Password", cli->GetUserPassword().c_str(), T_OP_SET); + pairadd(&request->config_items, pwd); + //pairadd(&request->reply->vps, uname); - return RLM_MODULE_UPDATED; + return RLM_MODULE_UPDATED; } /* - * Authenticate the user with the given password. + * Authenticate the user with the given password. */ -static int stg_authenticate(void *instance, REQUEST *request) +static int stg_authenticate(void *, REQUEST *request) { - /* quiet the compiler */ - VALUE_PAIR *svc; - instance = instance; - request = request; - DEBUG("rlm_stg: stg_authenticate()"); - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - if (svc) { - DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->Authenticate((char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { - DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } - } else { - DEBUG("rlm_stg: stg_authenticate() Service-Type undefined"); - if (cli->Authenticate((char *)request->username->vp_strvalue, "")) { - DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } + /* quiet the compiler */ + VALUE_PAIR *svc; + + DEBUG("rlm_stg: stg_authenticate()"); + + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + if (svc) { + DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue); + if (cli->Authenticate((char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { + DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str()); + return RLM_MODULE_REJECT; + } + } else { + DEBUG("rlm_stg: stg_authenticate() Service-Type undefined"); + if (cli->Authenticate((char *)request->username->vp_strvalue, "")) { + DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str()); + return RLM_MODULE_REJECT; } + } - return RLM_MODULE_NOOP; + return RLM_MODULE_NOOP; } /* - * Massage the request before recording it or proxying it + * Massage the request before recording it or proxying it */ -static int stg_preacct(void *instance, REQUEST *request) +static int stg_preacct(void *, REQUEST *) { - /* quiet the compiler */ - instance = instance; - request = request; - DEBUG("rlm_stg: stg_preacct()"); + DEBUG("rlm_stg: stg_preacct()"); - return RLM_MODULE_OK; + return RLM_MODULE_OK; } /* - * Write accounting information to this modules database. + * Write accounting information to this modules database. */ -static int stg_accounting(void *instance, REQUEST *request) +static int stg_accounting(void *, REQUEST * request) { - /* quiet the compiler */ - VALUE_PAIR * sttype; - VALUE_PAIR * svc; - VALUE_PAIR * sessid; - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - instance = instance; - request = request; - DEBUG("rlm_stg: stg_accounting()"); - - sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID); - if (!sessid) { - DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined"); - return RLM_MODULE_FAIL; - } - sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE); - if (sttype) { - DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue); - if (svc) { - DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sessid->vp_strvalue)) { - DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } - } else { - DEBUG("rlm_stg: stg_accounting() Service-Type undefined"); - if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, "", (const char *)sessid->vp_strvalue)) { - DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } + /* quiet the compiler */ + VALUE_PAIR * sttype; + VALUE_PAIR * svc; + VALUE_PAIR * sessid; + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + + DEBUG("rlm_stg: stg_accounting()"); + + sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID); + if (!sessid) { + DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined"); + return RLM_MODULE_FAIL; + } + sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE); + if (sttype) { + DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue); + if (svc) { + DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue); + if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sessid->vp_strvalue)) { + DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str()); + return RLM_MODULE_FAIL; } } else { - DEBUG("Acct-Status-Type := NULL"); + DEBUG("rlm_stg: stg_accounting() Service-Type undefined"); + if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, "", (const char *)sessid->vp_strvalue)) { + DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str()); + return RLM_MODULE_FAIL; + } } + } else { + DEBUG("Acct-Status-Type := NULL"); + } - return RLM_MODULE_OK; + return RLM_MODULE_OK; } /* - * See if a user is already logged in. Sets request->simul_count to the - * current session count for this user and sets request->simul_mpp to 2 - * if it looks like a multilink attempt based on the requested IP - * address, otherwise leaves request->simul_mpp alone. + * See if a user is already logged in. Sets request->simul_count to the + * current session count for this user and sets request->simul_mpp to 2 + * if it looks like a multilink attempt based on the requested IP + * address, otherwise leaves request->simul_mpp alone. * - * Check twice. If on the first pass the user exceeds his - * max. number of logins, do a second pass and validate all - * logins by querying the terminal server (using eg. SNMP). + * Check twice. If on the first pass the user exceeds his + * max. number of logins, do a second pass and validate all + * logins by querying the terminal server (using eg. SNMP). */ -static int stg_checksimul(void *instance, REQUEST *request) +static int stg_checksimul(void *, REQUEST *request) { - instance = instance; - DEBUG("rlm_stg: stg_checksimul()"); + DEBUG("rlm_stg: stg_checksimul()"); - request->simul_count=0; + request->simul_count=0; - return RLM_MODULE_OK; + return RLM_MODULE_OK; } -static int stg_postauth(void *instance, REQUEST *request) +static int stg_postauth(void *, REQUEST *request) { - instance = instance; - VALUE_PAIR *fia; - VALUE_PAIR *svc; - struct in_addr fip; - DEBUG("rlm_stg: stg_postauth()"); - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - if (svc) { - DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { - DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } - } else { - DEBUG("rlm_stg: stg_postauth() Service-Type undefined"); - if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, "")) { - DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } + VALUE_PAIR *fia; + VALUE_PAIR *svc; + struct in_addr fip; + DEBUG("rlm_stg: stg_postauth()"); + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + if (svc) { + DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue); + if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { + DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str()); + return RLM_MODULE_FAIL; } - if (strncmp((const char *)svc->vp_strvalue, "Framed-User", 11) == 0) { - fip.s_addr = cli->GetFramedIP(); - DEBUG("rlm_stg: stg_postauth() ip = '%s'", inet_ntostring(fip.s_addr).c_str()); - fia = pairmake("Framed-IP-Address", inet_ntostring(fip.s_addr).c_str(), T_OP_SET); - pairadd(&request->reply->vps, fia); + } else { + DEBUG("rlm_stg: stg_postauth() Service-Type undefined"); + if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, "")) { + DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str()); + return RLM_MODULE_FAIL; } - - return RLM_MODULE_UPDATED; + } + if (strncmp((const char *)svc->vp_strvalue, "Framed-User", 11) == 0) { + fip.s_addr = cli->GetFramedIP(); + DEBUG("rlm_stg: stg_postauth() ip = '%s'", inet_ntostring(fip.s_addr).c_str()); + fia = pairmake("Framed-IP-Address", inet_ntostring(fip.s_addr).c_str(), T_OP_SET); + pairadd(&request->reply->vps, fia); + } + + return RLM_MODULE_UPDATED; } static int stg_detach(void *instance) { - DEBUG("rlm_stg: stg_detach()"); - cli->Stop(); - delete cli; - free(((struct rlm_stg_t *)instance)->server); - free(((struct rlm_stg_t *)instance)->password); - free(instance); - return 0; + DEBUG("rlm_stg: stg_detach()"); + delete cli; + free(((struct rlm_stg_t *)instance)->server); + free(((struct rlm_stg_t *)instance)->password); + free(instance); + return 0; } /* - * The module name should be the only globally exported symbol. - * That is, everything else should be 'static'. + * The module name should be the only globally exported symbol. + * That is, everything else should be 'static'. * - * If the module needs to temporarily modify it's instantiation - * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE. - * The server will then take care of ensuring that the module - * is single-threaded. + * If the module needs to temporarily modify it's instantiation + * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE. + * The server will then take care of ensuring that the module + * is single-threaded. */ module_t rlm_stg = { - RLM_MODULE_INIT, - "stg", - RLM_TYPE_THREAD_SAFE, /* type */ - stg_instantiate, /* instantiation */ - stg_detach, /* detach */ - { - stg_authenticate, /* authentication */ - stg_authorize, /* authorization */ - stg_preacct, /* preaccounting */ - stg_accounting, /* accounting */ - stg_checksimul, /* checksimul */ - NULL, /* pre-proxy */ - NULL, /* post-proxy */ - stg_postauth /* post-auth */ - }, + RLM_MODULE_INIT, + "stg", + RLM_TYPE_THREAD_SAFE, /* type */ + stg_instantiate, /* instantiation */ + stg_detach, /* detach */ + { + stg_authenticate, /* authentication */ + stg_authorize, /* authorization */ + stg_preacct, /* preaccounting */ + stg_accounting, /* accounting */ + stg_checksimul, /* checksimul */ + NULL, /* pre-proxy */ + NULL, /* post-proxy */ + stg_postauth /* post-auth */ + }, };