X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/fad2dd8911abd78eaf95005e68c32796650a091a..b4dba83ccd632236b4f6ac78caa6637bc0874e35:/projects/stargazer/plugins/other/radius/config.cpp?ds=sidebyside diff --git a/projects/stargazer/plugins/other/radius/config.cpp b/projects/stargazer/plugins/other/radius/config.cpp index 6a29f002..79822852 100644 --- a/projects/stargazer/plugins/other/radius/config.cpp +++ b/projects/stargazer/plugins/other/radius/config.cpp @@ -20,6 +20,7 @@ #include "config.h" +#include "stg/user.h" #include "stg/common.h" #include @@ -34,6 +35,11 @@ namespace struct ParserError : public std::runtime_error { + ParserError(const std::string& message) + : runtime_error("Config is not valid. " + message), + position(0), + error(message) + {} ParserError(size_t pos, const std::string& message) : runtime_error("Parsing error at position " + x2str(pos) + ". " + message), position(pos), @@ -132,7 +138,7 @@ uid_t toUID(const std::vector& values) return -1; uid_t res = str2uid(values[0]); if (res == static_cast(-1)) - throw ParserError(0, "Invalid user name: '" + values[0] + "'"); + throw ParserError("Invalid user name: '" + values[0] + "'"); return res; } @@ -142,7 +148,7 @@ gid_t toGID(const std::vector& values) return -1; gid_t res = str2gid(values[0]); if (res == static_cast(-1)) - throw ParserError(0, "Invalid group name: '" + values[0] + "'"); + throw ParserError("Invalid group name: '" + values[0] + "'"); return res; } @@ -152,7 +158,7 @@ mode_t toMode(const std::vector& values) return -1; mode_t res = str2mode(values[0]); if (res == static_cast(-1)) - throw ParserError(0, "Invalid mode: '" + values[0] + "'"); + throw ParserError("Invalid mode: '" + values[0] + "'"); return res; } @@ -167,6 +173,16 @@ T toInt(const std::vector& values) return 0; } +uint16_t toPort(const std::string& value) +{ + if (value.empty()) + return 0; + uint16_t res = 0; + if (str2x(value, res) == 0) + return res; + throw ParserError("'" + value + "' is not a valid port number."); +} + typedef std::map Codes; // One-time call to initialize the list of codes. @@ -205,6 +221,14 @@ Config::Pairs parseVector(const std::string& paramName, const std::vector& params) +{ + for (size_t i = 0; i < params.size(); ++i) + if (params[i].param == paramName) + return Config::Authorize(toPairs(params[i].value)); + return Config::Authorize(); +} + Config::ReturnCode parseReturnCode(const std::string& paramName, const std::vector& params) { for (size_t i = 0; i < params.size(); ++i) @@ -229,11 +253,31 @@ std::string parseString(const std::string& paramName, const std::vector& params) @@ -257,7 +301,8 @@ Config::Section parseSection(const std::string& paramName, const std::vector& p } // namespace anonymous +bool Config::Authorize::check(const USER& user, const Config::Pairs& radiusData) const +{ + if (!m_auth) + return false; // No flag - no authorization. + + if (m_cond.empty()) + return true; // Empty parameter - always authorize. + + Config::Pairs::const_iterator it = m_cond.begin(); + for (; it != m_cond.end(); ++it) + { + const Config::Pairs::const_iterator pos = radiusData.find(it->first); + if (pos == radiusData.end()) + return false; // No required Radius parameter. + if (user.GetParamValue(it->second) != pos->second) + return false; // No match with the user. + } + + return true; +} + Config::Config(const MODULE_SETTINGS& settings) : autz(parseSection("autz", settings.moduleParams)), auth(parseSection("auth", settings.moduleParams)), @@ -295,11 +361,26 @@ Config::Config(const MODULE_SETTINGS& settings) acct(parseSection("acct", settings.moduleParams)), verbose(parseBool("verbose", settings.moduleParams)), address(parseString("bind_address", settings.moduleParams)), - bindAddress(parseAddress(address)), connectionType(parseConnectionType(address)), + bindAddress(parseAddress(connectionType, address)), + portStr(parsePort(connectionType, address)), + port(toPort(portStr)), key(parseString("key", settings.moduleParams)), sockUID(parseUID("sock_owner", settings.moduleParams)), sockGID(parseGID("sock_group", settings.moduleParams)), sockMode(parseMode("sock_mode", settings.moduleParams)) { + size_t count = 0; + if (autz.authorize.exists()) + ++count; + if (auth.authorize.exists()) + ++count; + if (postauth.authorize.exists()) + ++count; + if (preacct.authorize.exists()) + ++count; + if (acct.authorize.exists()) + ++count; + if (count > 0) + throw ParserError("Authorization flag is specified in more than one section."); }