X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/ff0c2d8d54cb2bee245d37164f9655f0c4d5bffb..refs/heads/stg-2.409-radius:/projects/stargazer/plugins/other/radius/radius.cpp?ds=sidebyside diff --git a/projects/stargazer/plugins/other/radius/radius.cpp b/projects/stargazer/plugins/other/radius/radius.cpp index 6e026fe7..45a9d0e1 100644 --- a/projects/stargazer/plugins/other/radius/radius.cpp +++ b/projects/stargazer/plugins/other/radius/radius.cpp @@ -91,6 +91,11 @@ int RADIUS::Start() int RADIUS::Stop() { + std::set::const_iterator it = m_logins.begin(); + for (; it != m_logins.end(); ++it) + m_users->Unauthorize(*it, this, "Stopping RADIUS plugin."); + m_logins.clear(); + if (m_stopped) return 0; @@ -176,6 +181,9 @@ int RADIUS::createUNIX() const m_logger(m_error); return 0; } + chown(m_config.bindAddress.c_str(), m_config.sockUID, m_config.sockGID); + if (m_config.sockMode != static_cast(-1)) + chmod(m_config.bindAddress.c_str(), m_config.sockMode); return fd; } @@ -233,6 +241,7 @@ int RADIUS::createTCP() const void RADIUS::runImpl() { m_running = true; + m_stopped = false; while (m_running) { fd_set fds; @@ -338,7 +347,7 @@ void RADIUS::acceptUNIX() return; } printfd(__FILE__, "New UNIX connection: '%s'\n", addr.sun_path); - m_conns.push_back(new Conn(*m_users, m_logger, m_config, res, addr.sun_path)); + m_conns.push_back(new Conn(*m_users, m_logger, *this, m_config, res, addr.sun_path)); } void RADIUS::acceptTCP() @@ -355,5 +364,27 @@ void RADIUS::acceptTCP() } std::string remote = inet_ntostring(addr.sin_addr.s_addr) + ":" + x2str(ntohs(addr.sin_port)); printfd(__FILE__, "New TCP connection: '%s'\n", remote.c_str()); - m_conns.push_back(new Conn(*m_users, m_logger, m_config, res, remote)); + m_conns.push_back(new Conn(*m_users, m_logger, *this, m_config, res, remote)); +} + +void RADIUS::authorize(const USER& user) +{ + uint32_t ip = 0; + const std::string& login(user.GetLogin()); + if (!m_users->Authorize(login, ip, 0xffFFffFF, this)) + { + m_error = "Unable to authorize user '" + login + "' with ip " + inet_ntostring(ip) + "."; + m_logger(m_error); + } + else + m_logins.insert(login); +} + +void RADIUS::unauthorize(const std::string& login, const std::string& reason) +{ + const std::set::const_iterator it = m_logins.find(login); + if (it == m_logins.end()) + return; + m_logins.erase(it); + m_users->Unauthorize(login, this, reason); }