option ( BUILD_STG "Build Stargazer server." OFF )
option ( BUILD_SGCONF "Build SGConf client." OFF )
option ( BUILD_RSCRIPTD "Build RScriptD server." OFF )
-option ( BUILD_RLM_STG "Build rlm_stg FreeRADIUS module." OFF )
option ( BUILD_SGAUTH "Build SGAuth client." OFF )
# General modules
option ( BUILD_MOD_RPCCONFIG "Build XML-RPC configuretion STG module." OFF )
option ( BUILD_MOD_CAP_PCAP "Build PCap capture STG module." OFF )
option ( BUILD_MOD_CAP_NFQUEUE "Build NFQueue capture STG module." OFF )
-option ( BUILD_MOD_RADIUS "Build rlm_stg backend STG module." OFF )
# Grouping
option ( BUILD_ALL_MODS "Build all modules." OFF )
set ( BUILD_TESTS ON )
set ( BUILD_SGAUTH ON )
set ( BUILD_RSCRIPTD ON )
- set ( BUILD_RLM_STG ON )
set ( BUILD_SGCONF ON )
set ( BUILD_STG ON )
endif ( BUILD_ALL )
set ( BUILD_LIB_SCRIPTEXECUTER ON )
endif ( BUILD_RSCRIPTD OR BUILD_ALL_LIBS )
-if ( BUILD_RLM_STG OR BUILD_ALL_LIBS )
+if ( BUILD_ALL_LIBS )
set ( BUILD_LIB_CRYPTO ON )
- set ( BUILD_LIB_JSON ON )
-endif ( BUILD_RLM_STG OR BUILD_ALL_LIBS )
+endif ( BUILD_ALL_LIBS )
if ( BUILD_STG OR BUILD_ALL_LIBS )
set ( BUILD_LIB_CONFFILES ON )
set ( BUILD_MOD_STORE_POSTGRESQL ON )
set ( BUILD_MOD_RPCCONFIG ON )
set ( BUILD_MOD_CAP_PCAP ON )
- set ( BUILD_MOD_RADIUS ON )
endif ( BUILD_ALL_MODS )
if ( BUILD_MOD_STORE_FIREBIRD OR BUILD_ALL_LIBS )
set ( BUILD_LIB_IBPP ON )
endif ( BUILD_MOD_STORE_FIREBIRD OR BUILD_ALL_LIBS )
-if ( BUILD_MOD_RADIUS OR BUILD_ALL_LIBS )
- set ( BUILD_LIB_JSON ON )
- set ( BUILD_LIB_IBPP ON )
-endif ( BUILD_MOD_RADIUS OR BUILD_ALL_LIBS )
-
if ( BUILD_MOD_PING OR BUILD_ALL_LIBS )
set ( BUILD_LIB_PINGER ON )
endif ( BUILD_MOD_PING OR BUILD_ALL_LIBS )
add_subdirectory ( libs )
-if ( BUILD_RLM_STG )
- add_subdirectory ( rlm_stg )
-endif ( BUILD_RLM_STG )
-
if ( BUILD_RSCRIPTD )
add_subdirectory ( rscriptd )
endif ( BUILD_RSCRIPTD )
target_compile_options ( ibpp PRIVATE -Wno-old-style-cast $<$<CXX_COMPILER_ID:GNU>:-Wno-useless-cast> )
endif ( BUILD_LIB_IBPP )
-if ( BUILD_LIB_JSON )
- find_package ( YAJL REQUIRED )
- add_library ( json STATIC json/generator.cpp json/parser.cpp )
- target_include_directories ( json PUBLIC json/include )
- target_link_libraries ( json common YAJL::YAJL )
-endif ( BUILD_LIB_JSON )
-
if ( BUILD_LIB_LOGGER )
add_library ( logger STATIC logger/logger.cpp )
target_include_directories ( logger PUBLIC logger/include )
+++ /dev/null
-find_package ( YAJL REQUIRED )
-
-set ( CPP_FILES conn.cpp iface.cpp stg_client.cpp )
-set ( C_FILES rlm_stg.c radlog.c )
-
-set ( THREADS_PREFER_PTHREAD_FLAG ON )
-find_package ( Threads REQUIRED )
-
-add_library ( rlm_stg MODULE ${CPP_FILES} ${C_FILES} )
-
-target_link_libraries ( rlm_stg crypto common json dl YAJL::YAJL )
-
-# TODO: install
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#include "conn.h"
-
-#include "radlog.h"
-#include "stgpair.h"
-
-#include "stg/json_parser.h"
-#include "stg/json_generator.h"
-#include "stg/locker.h"
-
-#include <cerrno>
-#include <cstring>
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/un.h> // UNIX
-#include <netinet/in.h> // IP
-#include <netinet/tcp.h> // TCP
-#include <netdb.h>
-
-namespace RLM = STG::RLM;
-
-using RLM::Conn;
-using STG::JSON::Parser;
-using STG::JSON::PairsParser;
-using STG::JSON::EnumParser;
-using STG::JSON::NodeParser;
-using STG::JSON::Gen;
-using STG::JSON::MapGen;
-using STG::JSON::StringGen;
-
-namespace
-{
-
-double CONN_TIMEOUT = 60;
-double PING_TIMEOUT = 10;
-
-struct ChannelConfig {
- struct Error : std::runtime_error {
- explicit Error(const std::string& message) : runtime_error(message) {}
- };
-
- explicit ChannelConfig(std::string address);
-
- std::string transport;
- std::string key;
- std::string address;
- std::string portStr;
- uint16_t port;
-};
-
-std::string toStage(RLM::REQUEST_TYPE type)
-{
- switch (type)
- {
- case RLM::AUTHORIZE: return "authorize";
- case RLM::AUTHENTICATE: return "authenticate";
- case RLM::POST_AUTH: return "postauth";
- case RLM::PRE_ACCT: return "preacct";
- case RLM::ACCOUNT: return "accounting";
- }
- return "";
-}
-
-enum Packet
-{
- PING,
- PONG,
- DATA
-};
-
-std::map<std::string, Packet> packetCodes;
-std::map<std::string, bool> resultCodes;
-std::map<std::string, int> returnCodes;
-
-class PacketParser : public EnumParser<Packet>
-{
- public:
- PacketParser(NodeParser* next, Packet& packet, std::string& packetStr)
- : EnumParser(next, packet, packetStr, packetCodes)
- {
- if (!packetCodes.empty())
- return;
- packetCodes["ping"] = PING;
- packetCodes["pong"] = PONG;
- packetCodes["data"] = DATA;
- }
-};
-
-class ResultParser : public EnumParser<bool>
-{
- public:
- ResultParser(NodeParser* next, bool& result, std::string& resultStr)
- : EnumParser(next, result, resultStr, resultCodes)
- {
- if (!resultCodes.empty())
- return;
- resultCodes["no"] = false;
- resultCodes["ok"] = true;
- }
-};
-
-class ReturnCodeParser : public EnumParser<int>
-{
- public:
- ReturnCodeParser(NodeParser* next, int& returnCode, std::string& returnCodeStr)
- : EnumParser(next, returnCode, returnCodeStr, returnCodes)
- {
- if (!returnCodes.empty())
- return;
- returnCodes["reject"] = STG_REJECT;
- returnCodes["fail"] = STG_FAIL;
- returnCodes["ok"] = STG_OK;
- returnCodes["handled"] = STG_HANDLED;
- returnCodes["invalid"] = STG_INVALID;
- returnCodes["userlock"] = STG_USERLOCK;
- returnCodes["notfound"] = STG_NOTFOUND;
- returnCodes["noop"] = STG_NOOP;
- returnCodes["updated"] = STG_UPDATED;
- }
-};
-
-class TopParser : public NodeParser
-{
- public:
- typedef void (*Callback) (void* /*data*/);
- TopParser(Callback callback, void* data)
- : m_packet(PING),
- m_result(false),
- m_returnCode(STG_REJECT),
- m_packetParser(this, m_packet, m_packetStr),
- m_resultParser(this, m_result, m_resultStr),
- m_returnCodeParser(this, m_returnCode, m_returnCodeStr),
- m_replyParser(this, m_reply),
- m_modifyParser(this, m_modify),
- m_callback(callback), m_data(data)
- {}
-
- virtual NodeParser* parseStartMap() { return this; }
- virtual NodeParser* parseMapKey(const std::string& value)
- {
- std::string key = ToLower(value);
-
- if (key == "packet")
- return &m_packetParser;
- else if (key == "result")
- return &m_resultParser;
- else if (key == "reply")
- return &m_replyParser;
- else if (key == "modify")
- return &m_modifyParser;
- else if (key == "return_code")
- return &m_returnCodeParser;
-
- return this;
- }
- virtual NodeParser* parseEndMap() { m_callback(m_data); return this; }
-
- const std::string& packetStr() const { return m_packetStr; }
- Packet packet() const { return m_packet; }
- const std::string& resultStr() const { return m_resultStr; }
- bool result() const { return m_result; }
- const std::string& returnCodeStr() const { return m_returnCodeStr; }
- int returnCode() const { return m_returnCode; }
- const PairsParser::Pairs& reply() const { return m_reply; }
- const PairsParser::Pairs& modify() const { return m_modify; }
-
- private:
- std::string m_packetStr;
- Packet m_packet;
- std::string m_resultStr;
- bool m_result;
- std::string m_returnCodeStr;
- int m_returnCode;
- PairsParser::Pairs m_reply;
- PairsParser::Pairs m_modify;
-
- PacketParser m_packetParser;
- ResultParser m_resultParser;
- ReturnCodeParser m_returnCodeParser;
- PairsParser m_replyParser;
- PairsParser m_modifyParser;
-
- Callback m_callback;
- void* m_data;
-};
-
-class ProtoParser : public Parser
-{
- public:
- ProtoParser(TopParser::Callback callback, void* data)
- : Parser( &m_topParser ),
- m_topParser(callback, data)
- {}
-
- const std::string& packetStr() const { return m_topParser.packetStr(); }
- Packet packet() const { return m_topParser.packet(); }
- const std::string& resultStr() const { return m_topParser.resultStr(); }
- bool result() const { return m_topParser.result(); }
- const std::string& returnCodeStr() const { return m_topParser.returnCodeStr(); }
- int returnCode() const { return m_topParser.returnCode(); }
- const PairsParser::Pairs& reply() const { return m_topParser.reply(); }
- const PairsParser::Pairs& modify() const { return m_topParser.modify(); }
-
- private:
- TopParser m_topParser;
-};
-
-class PacketGen : public Gen
-{
- public:
- explicit PacketGen(const std::string& type)
- : m_type(type)
- {
- m_gen.add("packet", m_type);
- }
- void run(yajl_gen_t* handle) const
- {
- m_gen.run(handle);
- }
- PacketGen& add(const std::string& key, const std::string& value)
- {
- m_gen.add(key, new StringGen(value));
- return *this;
- }
- PacketGen& add(const std::string& key, MapGen& map)
- {
- m_gen.add(key, map);
- return *this;
- }
- private:
- MapGen m_gen;
- StringGen m_type;
-};
-
-}
-
-class Conn::Impl
-{
-public:
- Impl(const std::string& address, Callback callback, void* data);
- ~Impl();
-
- bool stop();
- bool connected() const { return m_connected; }
-
- bool request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs);
-
-private:
- ChannelConfig m_config;
-
- int m_sock;
-
- bool m_running;
- bool m_stopped;
-
- time_t m_lastPing;
- time_t m_lastActivity;
-
- pthread_t m_thread;
- pthread_mutex_t m_mutex;
-
- Callback m_callback;
- void* m_data;
-
- ProtoParser m_parser;
-
- bool m_connected;
-
- void m_writeHeader(REQUEST_TYPE type, const std::string& userName, const std::string& password);
- void m_writePairBlock(const PAIRS& source);
- PAIRS m_readPairBlock();
-
- static void* run(void* );
-
- void runImpl();
-
- bool start();
-
- int connect();
- int connectTCP();
- int connectUNIX();
-
- bool read();
- bool tick();
-
- static void process(void* data);
- void processPing();
- void processPong();
- void processData();
- bool sendPing();
- bool sendPong();
-
- static bool write(void* data, const char* buf, size_t size);
-};
-
-ChannelConfig::ChannelConfig(std::string addr)
-{
- // unix:pass@/var/run/stg.sock
- // tcp:secret@192.168.0.1:12345
- // udp:key@isp.com.ua:54321
-
- size_t pos = addr.find_first_of(':');
- if (pos == std::string::npos)
- throw Error("Missing transport name.");
- transport = ToLower(addr.substr(0, pos));
- addr = addr.substr(pos + 1);
- if (addr.empty())
- throw Error("Missing address to connect to.");
- pos = addr.find_first_of('@');
- if (pos != std::string::npos) {
- key = addr.substr(0, pos);
- addr = addr.substr(pos + 1);
- if (addr.empty())
- throw Error("Missing address to connect to.");
- }
- if (transport == "unix")
- {
- address = addr;
- return;
- }
- pos = addr.find_first_of(':');
- if (pos == std::string::npos)
- throw Error("Missing port.");
- address = addr.substr(0, pos);
- portStr = addr.substr(pos + 1);
- if (str2x(portStr, port))
- throw Error("Invalid port value.");
-}
-
-Conn::Conn(const std::string& address, Callback callback, void* data)
- : m_impl(new Impl(address, callback, data))
-{
-}
-
-Conn::~Conn()
-{
-}
-
-bool Conn::stop()
-{
- return m_impl->stop();
-}
-
-bool Conn::connected() const
-{
- return m_impl->connected();
-}
-
-bool Conn::request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs)
-{
- return m_impl->request(type, userName, password, pairs);
-}
-
-Conn::Impl::Impl(const std::string& address, Callback callback, void* data)
- : m_config(address),
- m_sock(connect()),
- m_running(false),
- m_stopped(true),
- m_lastPing(time(NULL)),
- m_lastActivity(m_lastPing),
- m_callback(callback),
- m_data(data),
- m_parser(&Conn::Impl::process, this),
- m_connected(true)
-{
- pthread_mutex_init(&m_mutex, NULL);
-}
-
-Conn::Impl::~Impl()
-{
- stop();
- shutdown(m_sock, SHUT_RDWR);
- close(m_sock);
- pthread_mutex_destroy(&m_mutex);
-}
-
-bool Conn::Impl::stop()
-{
- m_connected = false;
-
- if (m_stopped)
- return true;
-
- m_running = false;
-
- for (size_t i = 0; i < 25 && !m_stopped; i++) {
- struct timespec ts = {0, 200000000};
- nanosleep(&ts, NULL);
- }
-
- if (m_stopped) {
- pthread_join(m_thread, NULL);
- return true;
- }
-
- return false;
-}
-
-bool Conn::Impl::request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs)
-{
- if (!m_running)
- if (!start())
- return false;
- MapGen map;
- for (PAIRS::const_iterator it = pairs.begin(); it != pairs.end(); ++it)
- map.add(it->first, new StringGen(it->second));
- map.add("Radius-Username", new StringGen(userName));
- map.add("Radius-Userpass", new StringGen(password));
-
- PacketGen gen("data");
- gen.add("stage", toStage(type))
- .add("pairs", map);
-
- STG_LOCKER lock(m_mutex);
-
- m_lastPing = time(NULL);
-
- return generate(gen, &Conn::Impl::write, this);
-}
-
-void Conn::Impl::runImpl()
-{
- m_running = true;
-
- while (m_running) {
- fd_set fds;
-
- FD_ZERO(&fds);
- FD_SET(m_sock, &fds);
-
- struct timeval tv;
- tv.tv_sec = 0;
- tv.tv_usec = 500000;
-
- int res = select(m_sock + 1, &fds, NULL, NULL, &tv);
- if (res < 0)
- {
- if (errno == EINTR)
- continue;
- RadLog("'select' is failed: %s", strerror(errno));
- break;
- }
-
-
- if (!m_running)
- break;
-
- STG_LOCKER lock(m_mutex);
-
- if (res > 0)
- {
- if (FD_ISSET(m_sock, &fds))
- m_running = read();
- }
- else
- m_running = tick();
- }
-
- m_connected = false;
- m_stopped = true;
-}
-
-bool Conn::Impl::start()
-{
- int res = pthread_create(&m_thread, NULL, &Conn::Impl::run, this);
- if (res != 0)
- return false;
- return true;
-}
-
-int Conn::Impl::connect()
-{
- if (m_config.transport == "tcp")
- return connectTCP();
- else if (m_config.transport == "unix")
- return connectUNIX();
- throw Error("Invalid transport type: '" + m_config.transport + "'. Should be 'tcp' or 'unix'.");
-}
-
-int Conn::Impl::connectTCP()
-{
- addrinfo hints;
- memset(&hints, 0, sizeof(addrinfo));
-
- hints.ai_family = AF_INET; /* Allow IPv4 */
- hints.ai_socktype = SOCK_STREAM; /* Stream socket */
- hints.ai_flags = 0; /* For wildcard IP address */
- hints.ai_protocol = 0; /* Any protocol */
- hints.ai_canonname = NULL;
- hints.ai_addr = NULL;
- hints.ai_next = NULL;
-
- addrinfo* ais = NULL;
- int res = getaddrinfo(m_config.address.c_str(), m_config.portStr.c_str(), &hints, &ais);
- if (res != 0)
- throw Error("Error resolvin address '" + m_config.address + "': " + gai_strerror(res));
-
- for (addrinfo* ai = ais; ai != NULL; ai = ai->ai_next)
- {
- int fd = socket(AF_INET, SOCK_STREAM, 0);
- if (fd == -1)
- {
- Error error(std::string("Error creating TCP socket: ") + strerror(errno));
- freeaddrinfo(ais);
- throw error;
- }
- if (::connect(fd, ai->ai_addr, ai->ai_addrlen) == -1)
- {
- shutdown(fd, SHUT_RDWR);
- close(fd);
- RadLog("'connect' is failed: %s", strerror(errno));
- continue;
- }
- freeaddrinfo(ais);
- return fd;
- }
-
- freeaddrinfo(ais);
-
- throw Error("Failed to resolve '" + m_config.address);
-};
-
-int Conn::Impl::connectUNIX()
-{
- int fd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (fd == -1)
- throw Error(std::string("Error creating UNIX socket: ") + strerror(errno));
- struct sockaddr_un addr;
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, m_config.address.c_str(), m_config.address.length());
- if (::connect(fd, reinterpret_cast<struct sockaddr*>(&addr), sizeof(addr)) == -1)
- {
- Error error(std::string("Error connecting UNIX socket: ") + strerror(errno));
- shutdown(fd, SHUT_RDWR);
- close(fd);
- throw error;
- }
- return fd;
-}
-
-bool Conn::Impl::read()
-{
- static std::vector<char> buffer(1024);
- ssize_t res = ::read(m_sock, buffer.data(), buffer.size());
- if (res < 0)
- {
- RadLog("Failed to read data: %s", strerror(errno));
- return false;
- }
- m_lastActivity = time(NULL);
- RadLog("Read %d bytes.\n%s\n", res, std::string(buffer.data(), res).c_str());
- if (res == 0)
- {
- m_parser.last();
- return false;
- }
- return m_parser.append(buffer.data(), res);
-}
-
-bool Conn::Impl::tick()
-{
- time_t now = time(NULL);
- if (difftime(now, m_lastActivity) > CONN_TIMEOUT)
- {
- int delta = difftime(now, m_lastActivity);
- RadLog("Connection timeout: %d sec.", delta);
- //m_logger("Connection to " + m_remote + " timed out.");
- return false;
- }
- if (difftime(now, m_lastPing) > PING_TIMEOUT)
- {
- int delta = difftime(now, m_lastPing);
- RadLog("Ping timeout: %d sec. Sending ping...", delta);
- sendPing();
- }
- return true;
-}
-
-void Conn::Impl::process(void* data)
-{
- Impl& impl = *static_cast<Impl*>(data);
- switch (impl.m_parser.packet())
- {
- case PING:
- impl.processPing();
- return;
- case PONG:
- impl.processPong();
- return;
- case DATA:
- impl.processData();
- return;
- }
- RadLog("Received invalid packet type: '%s'.", impl.m_parser.packetStr().c_str());
-}
-
-void Conn::Impl::processPing()
-{
- sendPong();
-}
-
-void Conn::Impl::processPong()
-{
- m_lastActivity = time(NULL);
-}
-
-void Conn::Impl::processData()
-{
- RESULT data;
- if (m_parser.result())
- {
- for (PairsParser::Pairs::const_iterator it = m_parser.reply().begin(); it != m_parser.reply().end(); ++it)
- data.reply.push_back(std::make_pair(it->first, it->second));
- for (PairsParser::Pairs::const_iterator it = m_parser.modify().begin(); it != m_parser.modify().end(); ++it)
- data.modify.push_back(std::make_pair(it->first, it->second));
- data.returnCode = STG_UPDATED;
- }
- else
- data.returnCode = m_parser.returnCode();
- m_callback(m_data, data);
-}
-
-bool Conn::Impl::sendPing()
-{
- PacketGen gen("ping");
-
- m_lastPing = time(NULL);
-
- return generate(gen, &Conn::Impl::write, this);
-}
-
-bool Conn::Impl::sendPong()
-{
- PacketGen gen("pong");
-
- m_lastPing = time(NULL);
-
- return generate(gen, &Conn::Impl::write, this);
-}
-
-bool Conn::Impl::write(void* data, const char* buf, size_t size)
-{
- std::string json(buf, size);
- RadLog("Sending JSON: %s", json.c_str());
- Conn::Impl& impl = *static_cast<Conn::Impl*>(data);
- while (size > 0)
- {
- ssize_t res = ::send(impl.m_sock, buf, size, MSG_NOSIGNAL);
- if (res < 0)
- {
- impl.m_connected = false;
- RadLog("Failed to write data: %s.", strerror(errno));
- return false;
- }
- size -= res;
- }
- return true;
-}
-
-void* Conn::Impl::run(void* data)
-{
- Impl& impl = *static_cast<Impl*>(data);
- impl.runImpl();
- return NULL;
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#ifndef __STG_RLM_CONN_H__
-#define __STG_RLM_CONN_H__
-
-#include "types.h"
-
-#include <string>
-#include <memory>
-#include <stdexcept>
-#include <cstdint>
-
-namespace STG
-{
-namespace RLM
-{
-
-class Conn
-{
- public:
- struct Error : std::runtime_error {
- explicit Error(const std::string& message) : runtime_error(message) {}
- };
-
- typedef bool (*Callback)(void* /*data*/, const RESULT& /*result*/);
-
- Conn(const std::string& address, Callback callback, void* data);
- ~Conn();
-
- bool stop();
- bool connected() const;
-
- bool request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs);
-
- private:
- class Impl;
- std::unique_ptr<Impl> m_impl;
-};
-
-}
-}
-
-#endif
+++ /dev/null
-#include "iface.h"
-
-#include "stg_client.h"
-#include "types.h"
-#include "radlog.h"
-
-#include <stdexcept>
-#include <cstring>
-
-#include <strings.h>
-
-namespace RLM = STG::RLM;
-
-using RLM::Client;
-using RLM::PAIRS;
-using RLM::RESULT;
-using RLM::REQUEST_TYPE;
-
-namespace
-{
-
-STG_PAIR* toSTGPairs(const PAIRS& source)
-{
- STG_PAIR * pairs = new STG_PAIR[source.size() + 1];
- for (size_t pos = 0; pos < source.size(); ++pos) {
- bzero(pairs[pos].key, sizeof(pairs[pos].key));
- bzero(pairs[pos].value, sizeof(pairs[pos].value));
- strncpy(pairs[pos].key, source[pos].first.c_str(), sizeof(pairs[pos].key));
- strncpy(pairs[pos].value, source[pos].second.c_str(), sizeof(pairs[pos].value));
- }
- bzero(pairs[source.size()].key, sizeof(pairs[source.size()].key));
- bzero(pairs[source.size()].value, sizeof(pairs[source.size()].value));
-
- return pairs;
-}
-
-PAIRS fromSTGPairs(const STG_PAIR* pairs)
-{
- const STG_PAIR* pair = pairs;
- PAIRS res;
-
- while (!emptyPair(pair)) {
- res.push_back(std::pair<std::string, std::string>(pair->key, pair->value));
- ++pair;
- }
-
- return res;
-}
-
-STG_RESULT toResult(const RESULT& source)
-{
- STG_RESULT result;
- result.modify = toSTGPairs(source.modify);
- result.reply = toSTGPairs(source.reply);
- result.returnCode = source.returnCode;
- return result;
-}
-
-STG_RESULT emptyResult()
-{
- STG_RESULT result = {NULL, NULL, STG_REJECT};
- return result;
-}
-
-std::string toString(const char* value)
-{
- if (value == NULL)
- return "";
- else
- return value;
-}
-
-STG_RESULT stgRequest(REQUEST_TYPE type, const char* userName, const char* password, const STG_PAIR* pairs)
-{
- Client* client = Client::get();
- if (client == NULL) {
- RadLog("Client is not configured.");
- return emptyResult();
- }
- try {
- return toResult(client->request(type, toString(userName), toString(password), fromSTGPairs(pairs)));
- } catch (const std::runtime_error& ex) {
- RadLog("Error: '%s'.", ex.what());
- return emptyResult();
- }
-}
-
-}
-
-int stgInstantiateImpl(const char* address)
-{
- if (Client::configure(toString(address)))
- return 1;
-
- return 0;
-}
-
-STG_RESULT stgAuthorizeImpl(const char* userName, const char* password, const STG_PAIR* pairs)
-{
- return stgRequest(RLM::AUTHORIZE, userName, password, pairs);
-}
-
-STG_RESULT stgAuthenticateImpl(const char* userName, const char* password, const STG_PAIR* pairs)
-{
- return stgRequest(RLM::AUTHENTICATE, userName, password, pairs);
-}
-
-STG_RESULT stgPostAuthImpl(const char* userName, const char* password, const STG_PAIR* pairs)
-{
- return stgRequest(RLM::POST_AUTH, userName, password, pairs);
-}
-
-STG_RESULT stgPreAcctImpl(const char* userName, const char* password, const STG_PAIR* pairs)
-{
- return stgRequest(RLM::PRE_ACCT, userName, password, pairs);
-}
-
-STG_RESULT stgAccountingImpl(const char* userName, const char* password, const STG_PAIR* pairs)
-{
- return stgRequest(RLM::ACCOUNT, userName, password, pairs);
-}
+++ /dev/null
-#ifndef __STG_IFACE_H__
-#define __STG_IFACE_H__
-
-#include <stdint.h>
-
-#include "stgpair.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int stgInstantiateImpl(const char* address);
-STG_RESULT stgAuthorizeImpl(const char* userName, const char* password, const STG_PAIR* vps);
-STG_RESULT stgAuthenticateImpl(const char* userName, const char* password, const STG_PAIR* vps);
-STG_RESULT stgPostAuthImpl(const char* userName, const char* password, const STG_PAIR* vps);
-STG_RESULT stgPreAcctImpl(const char* userName, const char* password, const STG_PAIR* vps);
-STG_RESULT stgAccountingImpl(const char* userName, const char* password, const STG_PAIR* vps);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-#include "radlog.h"
-
-//#ifndef NDEBUG
-//#define NDEBUG
-#include <freeradius/ident.h>
-#include <freeradius/radiusd.h>
-#include <freeradius/modules.h>
-//#undef NDEBUG
-//#endif
-
-#include <stdarg.h>
-
-void RadLog(const char* format, ...)
-{
- char buf[1024];
-
- va_list vl;
- va_start(vl, format);
- vsnprintf(buf, sizeof(buf), format, vl);
- va_end(vl);
-
- DEBUG("[rlm_stg] *** %s", buf);
-}
+++ /dev/null
-#ifndef __STG_RADLOG_H__
-#define __STG_RADLOG_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void RadLog(const char* format, ...);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-/*
- * FreeRADIUS module for data access via Stargazer
- *
- * $Revision: 1.8 $
- * $Date: 2010/08/14 04:15:08 $
- *
- */
-
-#include "iface.h"
-#include "stgpair.h"
-
-#include <freeradius/ident.h>
-#include <freeradius/radiusd.h>
-#include <freeradius/modules.h>
-
-#include <stddef.h> // size_t
-
-typedef struct rlm_stg_t {
- char* address;
-} rlm_stg_t;
-
-static const CONF_PARSER module_config[] = {
- { "address", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t, address), NULL, "unix:/var/run/stg.sock"},
-
- { NULL, -1, 0, NULL, NULL } /* end the list */
-};
-
-static void deletePairs(STG_PAIR* pairs)
-{
- free(pairs);
-}
-
-static size_t toVPS(const STG_PAIR* pairs, VALUE_PAIR** vps)
-{
- const STG_PAIR* pair = pairs;
- size_t count = 0;
-
- while (!emptyPair(pair)) {
- VALUE_PAIR* vp = pairmake(pair->key, pair->value, T_OP_SET);
- if (vp != NULL) {
- pairadd(vps, vp);
- ++count;
- }
- ++pair;
- }
-
- return count;
-}
-
-static size_t toReply(STG_RESULT result, REQUEST* request)
-{
- size_t count = 0;
-
- count += toVPS(result.modify, &request->config_items);
- pairfree(&request->reply->vps);
- count += toVPS(result.reply, &request->reply->vps);
-
- deletePairs(result.modify);
- deletePairs(result.reply);
-
- return count;
-}
-
-static int countVPS(const VALUE_PAIR* pairs)
-{
- unsigned count = 0;
- while (pairs != NULL) {
- ++count;
- pairs = pairs->next;
- }
- return count;
-}
-
-static STG_PAIR* fromVPS(const VALUE_PAIR* pairs)
-{
- unsigned size = countVPS(pairs);
- STG_PAIR* res = (STG_PAIR*)malloc(sizeof(STG_PAIR) * (size + 1));
- size_t pos = 0;
- while (pairs != NULL) {
- bzero(res[pos].key, sizeof(res[0].key));
- bzero(res[pos].value, sizeof(res[0].value));
- strncpy(res[pos].key, pairs->name, sizeof(res[0].key));
- vp_prints_value(res[pos].value, sizeof(res[0].value), (VALUE_PAIR*)pairs, 0);
- ++pos;
- pairs = pairs->next;
- }
- bzero(res[pos].key, sizeof(res[0].key));
- bzero(res[pos].value, sizeof(res[0].value));
- return res;
-}
-
-static int toRLMCode(int code)
-{
- switch (code)
- {
- case STG_REJECT: return RLM_MODULE_REJECT;
- case STG_FAIL: return RLM_MODULE_FAIL;
- case STG_OK: return RLM_MODULE_OK;
- case STG_HANDLED: return RLM_MODULE_HANDLED;
- case STG_INVALID: return RLM_MODULE_INVALID;
- case STG_USERLOCK: return RLM_MODULE_USERLOCK;
- case STG_NOTFOUND: return RLM_MODULE_NOTFOUND;
- case STG_NOOP: return RLM_MODULE_NOOP;
- case STG_UPDATED: return RLM_MODULE_UPDATED;
- }
- return RLM_MODULE_REJECT;
-}
-
-/*
- * Do any per-module initialization that is separate to each
- * configured instance of the module. e.g. set up connections
- * to external databases, read configuration files, set up
- * dictionary entries, etc.
- *
- * If configuration information is given in the config section
- * that must be referenced in later calls, store a handle to it
- * in *instance otherwise put a null pointer there.
- */
-static int stg_instantiate(CONF_SECTION* conf, void** instance)
-{
- rlm_stg_t* data;
-
- /*
- * Set up a storage area for instance data
- */
- data = rad_malloc(sizeof(*data));
- if (!data)
- return -1;
-
- memset(data, 0, sizeof(*data));
-
- /*
- * If the configuration parameters can't be parsed, then
- * fail.
- */
- if (cf_section_parse(conf, data, module_config) < 0) {
- free(data);
- return -1;
- }
-
- if (!stgInstantiateImpl(data->address)) {
- free(data);
- return -1;
- }
-
- *instance = data;
-
- return 0;
-}
-
-/*
- * Find the named user in this modules database. Create the set
- * of attribute-value pairs to check and reply with for this user
- * from the database. The authentication code only needs to check
- * the password, the rest is done here.
- */
-static int stg_authorize(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- instance = instance;
-
- DEBUG("rlm_stg: stg_authorize()");
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_authorize() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_authorize() request password field: '%s'", password);
- }
-
- result = stgAuthorizeImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_authorize() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * Authenticate the user with the given password.
- */
-static int stg_authenticate(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- instance = instance;
-
- DEBUG("rlm_stg: stg_authenticate()");
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_authenticate() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_authenticate() request password field: '%s'", password);
- }
-
- result = stgAuthenticateImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_authenticate() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * Massage the request before recording it or proxying it
- */
-static int stg_preacct(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- DEBUG("rlm_stg: stg_preacct()");
-
- instance = instance;
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_preacct() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_preacct() request password field: '%s'", password);
- }
-
- result = stgPreAcctImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_preacct() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * Write accounting information to this modules database.
- */
-static int stg_accounting(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- DEBUG("rlm_stg: stg_accounting()");
-
- instance = instance;
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_accounting() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_accounting() request password field: '%s'", password);
- }
-
- result = stgAccountingImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_accounting() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-/*
- * See if a user is already logged in. Sets request->simul_count to the
- * current session count for this user and sets request->simul_mpp to 2
- * if it looks like a multilink attempt based on the requested IP
- * address, otherwise leaves request->simul_mpp alone.
- *
- * Check twice. If on the first pass the user exceeds his
- * max. number of logins, do a second pass and validate all
- * logins by querying the terminal server (using eg. SNMP).
- */
-static int stg_checksimul(void* instance, REQUEST* request)
-{
- DEBUG("rlm_stg: stg_checksimul()");
-
- instance = instance;
-
- request->simul_count = 0;
-
- return RLM_MODULE_OK;
-}
-
-static int stg_postauth(void* instance, REQUEST* request)
-{
- STG_RESULT result;
- STG_PAIR* pairs = fromVPS(request->packet->vps);
- size_t count = 0;
- const char* username = NULL;
- const char* password = NULL;
-
- DEBUG("rlm_stg: stg_postauth()");
-
- instance = instance;
-
- if (request->username) {
- username = request->username->data.strvalue;
- DEBUG("rlm_stg: stg_postauth() request username field: '%s'", username);
- }
-
- if (request->password) {
- password = request->password->data.strvalue;
- DEBUG("rlm_stg: stg_postauth() request password field: '%s'", password);
- }
-
- result = stgPostAuthImpl(username, password, pairs);
- deletePairs(pairs);
-
- if (!result.modify && !result.reply) {
- DEBUG("rlm_stg: stg_postauth() failed.");
- return RLM_MODULE_REJECT;
- }
-
- count = toReply(result, request);
-
- if (count)
- return RLM_MODULE_UPDATED;
-
- return toRLMCode(result.returnCode);
-}
-
-static int stg_detach(void* instance)
-{
- free(((struct rlm_stg_t*)instance)->address);
- free(instance);
- return 0;
-}
-
-module_t rlm_stg = {
- RLM_MODULE_INIT,
- "stg",
- RLM_TYPE_THREAD_UNSAFE, /* type */
- stg_instantiate, /* instantiation */
- stg_detach, /* detach */
- {
- stg_authenticate, /* authentication */
- stg_authorize, /* authorization */
- stg_preacct, /* preaccounting */
- stg_accounting, /* accounting */
- stg_checksimul, /* checksimul */
- NULL, /* pre-proxy */
- NULL, /* post-proxy */
- stg_postauth /* post-auth */
- },
-};
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#include "stg_client.h"
-
-#include "conn.h"
-#include "radlog.h"
-
-#include "stg/locker.h"
-#include "stg/common.h"
-
-#include <map>
-#include <utility>
-
-using STG::RLM::Client;
-using STG::RLM::Conn;
-using STG::RLM::RESULT;
-
-namespace {
-
-Client* stgClient = NULL;
-
-}
-
-class Client::Impl
-{
- public:
- explicit Impl(const std::string& address);
- ~Impl();
-
- bool stop() { return m_conn ? m_conn->stop() : true; }
-
- RESULT request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs);
-
- private:
- std::string m_address;
- std::unique_ptr<Conn> m_conn;
-
- pthread_mutex_t m_mutex;
- pthread_cond_t m_cond;
- bool m_done;
- RESULT m_result;
-
- static bool callback(void* data, const RESULT& result)
- {
- Impl& impl = *static_cast<Impl*>(data);
- STG_LOCKER lock(impl.m_mutex);
- impl.m_result = result;
- impl.m_done = true;
- pthread_cond_signal(&impl.m_cond);
- return true;
- }
-};
-
-Client::Impl::Impl(const std::string& address)
- : m_address(address)
-{
- try
- {
- m_conn.reset(new Conn(m_address, &Impl::callback, this));
- }
- catch (const std::runtime_error& ex)
- {
- RadLog("Connection error: %s.", ex.what());
- }
- pthread_mutex_init(&m_mutex, NULL);
- pthread_cond_init(&m_cond, NULL);
- m_done = false;
-}
-
-Client::Impl::~Impl()
-{
- pthread_cond_destroy(&m_cond);
- pthread_mutex_destroy(&m_mutex);
-}
-
-RESULT Client::Impl::request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs)
-{
- STG_LOCKER lock(m_mutex);
- if (!m_conn || !m_conn->connected())
- m_conn.reset(new Conn(m_address, &Impl::callback, this));
- if (!m_conn->connected())
- throw Conn::Error("Failed to create connection to '" + m_address + "'.");
-
- m_done = false;
- m_conn->request(type, userName, password, pairs);
- timespec ts;
- clock_gettime(CLOCK_REALTIME, &ts);
- ts.tv_sec += 5;
- int res = 0;
- while (!m_done && res == 0)
- res = pthread_cond_timedwait(&m_cond, &m_mutex, &ts);
- if (res != 0)
- throw Conn::Error("Request failed.");
- return m_result;
-}
-
-Client::Client(const std::string& address)
- : m_impl(new Impl(address))
-{
-}
-
-Client::~Client()
-{
-}
-
-bool Client::stop()
-{
- return m_impl->stop();
-}
-
-RESULT Client::request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs)
-{
- return m_impl->request(type, userName, password, pairs);
-}
-
-Client* Client::get()
-{
- return stgClient;
-}
-
-bool Client::configure(const std::string& address)
-{
- if ( stgClient != NULL )
- return stgClient->configure(address);
- try {
- stgClient = new Client(address);
- return true;
- } catch (const std::exception& ex) {
- RadLog("Client configuration error: %s.", ex.what());
- }
- return false;
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#ifndef __STG_RLM_CLIENT_H__
-#define __STG_RLM_CLIENT_H__
-
-#include "types.h"
-
-#include <string>
-#include <memory>
-#include <cstdint>
-
-namespace STG
-{
-namespace RLM
-{
-
-class Client
-{
-public:
- explicit Client(const std::string& address);
- ~Client();
-
- bool stop();
-
- static Client* get();
- static bool configure(const std::string& address);
-
- RESULT request(REQUEST_TYPE type, const std::string& userName, const std::string& password, const PAIRS& pairs);
-
-private:
- class Impl;
- std::unique_ptr<Impl> m_impl;
-};
-
-} // namespace RLM
-} // namespace STG
-
-#endif
+++ /dev/null
-#ifndef __STG_STGPAIR_H__
-#define __STG_STGPAIR_H__
-
-#include <stddef.h>
-
-#define STGPAIR_KEYLENGTH 64
-#define STGPAIR_VALUELENGTH 256
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct STG_PAIR {
- char key[STGPAIR_KEYLENGTH];
- char value[STGPAIR_VALUELENGTH];
-} STG_PAIR;
-
-typedef struct STG_RESULT {
- STG_PAIR* modify;
- STG_PAIR* reply;
- int returnCode;
-} STG_RESULT;
-
-inline
-int emptyPair(const STG_PAIR* pair)
-{
- return pair == NULL || pair->key[0] == '\0' || pair->value[0] == '\0';
-}
-
-enum
-{
- STG_REJECT,
- STG_FAIL,
- STG_OK,
- STG_HANDLED,
- STG_INVALID,
- STG_USERLOCK,
- STG_NOTFOUND,
- STG_NOOP,
- STG_UPDATED
-};
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#ifndef __STG_RLM_CLIENT_CONN_H__
-#define __STG_RLM_CLIENT_CONN_H__
-
-#include <vector>
-#include <string>
-
-namespace STG
-{
-namespace RLM
-{
-
-typedef std::vector<std::pair<std::string, std::string> > PAIRS;
-
-struct RESULT
-{
- PAIRS modify;
- PAIRS reply;
- int returnCode;
-};
-
-enum REQUEST_TYPE {
- AUTHORIZE,
- AUTHENTICATE,
- POST_AUTH,
- PRE_ACCT,
- ACCOUNT
-};
-
-} // namespace RLM
-} // namespace STG
-
-#endif
set_target_properties ( mod_ping PROPERTIES PREFIX "" )
endif ( BUILD_MOD_PING )
-if ( BUILD_MOD_RADIUS )
- find_package ( YAJL REQUIRED )
- add_library ( mod_radius MODULE other/radius/radius.cpp
- other/radius/config.cpp
- other/radius/conn.cpp )
- target_link_libraries ( mod_radius logger json common YAJL::YAJL )
- set_target_properties ( mod_radius PROPERTIES PREFIX "" )
-endif ( BUILD_MOD_RADIUS )
-
if ( BUILD_MOD_RSCRYPT )
add_library ( mod_remote_script MODULE other/rscript/rscript.cpp other/rscript/nrmap_parser.cpp )
target_link_libraries ( mod_remote_script crypto scriptexecuter logger common )
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#include "config.h"
-
-#include "stg/user.h"
-#include "stg/common.h"
-
-#include <vector>
-#include <stdexcept>
-
-#include <strings.h> // strncasecmp
-
-using STG::Config;
-
-namespace
-{
-
-struct ParserError : public std::runtime_error
-{
- ParserError(const std::string& message)
- : runtime_error("Config is not valid. " + message),
- position(0),
- error(message)
- {}
- ParserError(size_t pos, const std::string& message)
- : runtime_error("Parsing error at position " + std::to_string(pos) + ". " + message),
- position(pos),
- error(message)
- {}
-
- size_t position;
- std::string error;
-};
-
-size_t skipSpaces(const std::string& value, size_t start)
-{
- while (start < value.length() && std::isspace(value[start]))
- ++start;
- return start;
-}
-
-size_t checkChar(const std::string& value, size_t start, char ch)
-{
- if (start >= value.length())
- throw ParserError(start, "Unexpected end of string. Expected '" + std::string(1, ch) + "'.");
- if (value[start] != ch)
- throw ParserError(start, "Expected '" + std::string(1, ch) + "', got '" + std::string(1, value[start]) + "'.");
- return start + 1;
-}
-
-std::pair<size_t, std::string> readString(const std::string& value, size_t start)
-{
- std::string dest;
- while (start < value.length() && !std::isspace(value[start]) &&
- value[start] != ',' && value[start] != '(' && value[start] != ')')
- dest.push_back(value[start++]);
- if (dest.empty()) {
- if (start == value.length())
- throw ParserError(start, "Unexpected end of string. Expected string.");
- else
- throw ParserError(start, "Unexpected whitespace. Expected string.");
- }
- return std::make_pair(start, dest);
-}
-
-Config::Pairs toPairs(const std::vector<std::string>& values)
-{
- if (values.empty())
- return Config::Pairs();
- std::string value(values[0]);
- Config::Pairs res;
- size_t start = 0;
- while (start < value.size()) {
- Config::Pair pair;
- start = skipSpaces(value, start);
- if (!res.empty())
- {
- start = checkChar(value, start, ',');
- start = skipSpaces(value, start);
- }
- size_t pairStart = start;
- start = checkChar(value, start, '(');
- const std::pair<size_t, std::string> key = readString(value, start);
- start = key.first;
- pair.first = key.second;
- start = skipSpaces(value, start);
- start = checkChar(value, start, ',');
- start = skipSpaces(value, start);
- const std::pair<size_t, std::string> val = readString(value, start);
- start = val.first;
- pair.second = val.second;
- start = skipSpaces(value, start);
- start = checkChar(value, start, ')');
- if (res.find(pair.first) != res.end())
- throw ParserError(pairStart, "Duplicate field.");
- res.insert(pair);
- }
- return res;
-}
-
-bool toBool(const std::vector<std::string>& values)
-{
- if (values.empty())
- return false;
- std::string value(values[0]);
- return strncasecmp(value.c_str(), "yes", 3) == 0;
-}
-
-std::string toString(const std::vector<std::string>& values)
-{
- if (values.empty())
- return "";
- return values[0];
-}
-
-uid_t toUID(const std::vector<std::string>& values)
-{
- if (values.empty())
- return -1;
- uid_t res = str2uid(values[0]);
- if (res == static_cast<uid_t>(-1))
- throw ParserError("Invalid user name: '" + values[0] + "'");
- return res;
-}
-
-gid_t toGID(const std::vector<std::string>& values)
-{
- if (values.empty())
- return -1;
- gid_t res = str2gid(values[0]);
- if (res == static_cast<gid_t>(-1))
- throw ParserError("Invalid group name: '" + values[0] + "'");
- return res;
-}
-
-mode_t toMode(const std::vector<std::string>& values)
-{
- if (values.empty())
- return -1;
- mode_t res = str2mode(values[0]);
- if (res == static_cast<mode_t>(-1))
- throw ParserError("Invalid mode: '" + values[0] + "'");
- return res;
-}
-
-template <typename T>
-T toInt(const std::vector<std::string>& values)
-{
- if (values.empty())
- return 0;
- T res = 0;
- if (str2x(values[0], res) == 0)
- return res;
- return 0;
-}
-
-uint16_t toPort(const std::string& value)
-{
- if (value.empty())
- return 0;
- uint16_t res = 0;
- if (str2x(value, res) == 0)
- return res;
- throw ParserError("'" + value + "' is not a valid port number.");
-}
-
-typedef std::map<std::string, Config::ReturnCode> Codes;
-
-// One-time call to initialize the list of codes.
-Codes getCodes()
-{
- Codes res;
- res["reject"] = Config::REJECT;
- res["fail"] = Config::FAIL;
- res["ok"] = Config::OK;
- res["handled"] = Config::HANDLED;
- res["invalid"] = Config::INVALID;
- res["userlock"] = Config::USERLOCK;
- res["notfound"] = Config::NOTFOUND;
- res["noop"] = Config::NOOP;
- res["updated"] = Config::UPDATED;
- return res;
-}
-
-Config::ReturnCode toReturnCode(const std::vector<std::string>& values)
-{
- static Codes codes(getCodes());
- if (values.empty())
- return Config::REJECT;
- std::string code = ToLower(values[0]);
- const Codes::const_iterator it = codes.find(code);
- if (it == codes.end())
- return Config::REJECT;
- return it->second;
-}
-
-Config::Pairs parseVector(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toPairs(params[i].value);
- return Config::Pairs();
-}
-
-Config::Authorize parseAuthorize(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return Config::Authorize(toPairs(params[i].value));
- return Config::Authorize();
-}
-
-Config::ReturnCode parseReturnCode(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toReturnCode(params[i].value);
- return Config::REJECT;
-}
-
-bool parseBool(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toBool(params[i].value);
- return false;
-}
-
-std::string parseString(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toString(params[i].value);
- return "";
-}
-
-std::string parseAddress(Config::Type connectionType, const std::string& value)
-{
- size_t pos = value.find_first_of(':');
- if (pos == std::string::npos)
- throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
- if (connectionType == Config::UNIX)
- return value.substr(pos + 1);
- std::string address(value.substr(pos + 1));
- pos = address.find_first_of(':', pos + 1);
- if (pos == std::string::npos)
- throw ParserError("Port is not specified.");
- return address.substr(0, pos - 1);
-}
-
-std::string parsePort(Config::Type connectionType, const std::string& value)
-{
- size_t pos = value.find_first_of(':');
- if (pos == std::string::npos)
- throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
- if (connectionType == Config::UNIX)
- return "";
- std::string address(value.substr(pos + 1));
- pos = address.find_first_of(':', pos + 1);
- if (pos == std::string::npos)
- throw ParserError("Port is not specified.");
- return address.substr(pos + 1);
-}
-
-Config::Type parseConnectionType(const std::string& address)
-{
- size_t pos = address.find_first_of(':');
- if (pos == std::string::npos)
- throw ParserError("Connection type is not specified. Should be either 'unix' or 'tcp'.");
- std::string type = ToLower(address.substr(0, pos));
- if (type == "unix")
- return Config::UNIX;
- else if (type == "tcp")
- return Config::TCP;
- throw ParserError("Invalid connection type. Should be either 'unix' or 'tcp', got '" + type + "'");
-}
-
-Config::Section parseSection(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return Config::Section(parseVector("match", params[i].sections),
- parseVector("modify", params[i].sections),
- parseVector("reply", params[i].sections),
- parseReturnCode("no_match", params[i].sections),
- parseAuthorize("authorize", params[i].sections));
- return Config::Section();
-}
-
-uid_t parseUID(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toUID(params[i].value);
- return -1;
-}
-
-gid_t parseGID(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toGID(params[i].value);
- return -1;
-}
-
-mode_t parseMode(const std::string& paramName, const std::vector<STG::ParamValue>& params)
-{
- for (size_t i = 0; i < params.size(); ++i)
- if (params[i].param == paramName)
- return toMode(params[i].value);
- return -1;
-}
-
-} // namespace anonymous
-
-bool Config::Authorize::check(const User& user, const Config::Pairs& radiusData) const
-{
- if (!m_auth)
- return false; // No flag - no authorization.
-
- if (m_cond.empty())
- return true; // Empty parameter - always authorize.
-
- Config::Pairs::const_iterator it = m_cond.begin();
- for (; it != m_cond.end(); ++it)
- {
- const Config::Pairs::const_iterator pos = radiusData.find(it->first);
- if (pos == radiusData.end())
- return false; // No required Radius parameter.
- if (user.GetParamValue(it->second) != pos->second)
- return false; // No match with the user.
- }
-
- return true;
-}
-
-Config::Config(const ModuleSettings& settings)
- : autz(parseSection("autz", settings.moduleParams)),
- auth(parseSection("auth", settings.moduleParams)),
- postauth(parseSection("postauth", settings.moduleParams)),
- preacct(parseSection("preacct", settings.moduleParams)),
- acct(parseSection("acct", settings.moduleParams)),
- verbose(parseBool("verbose", settings.moduleParams)),
- address(parseString("bind_address", settings.moduleParams)),
- connectionType(parseConnectionType(address)),
- bindAddress(parseAddress(connectionType, address)),
- portStr(parsePort(connectionType, address)),
- port(toPort(portStr)),
- key(parseString("key", settings.moduleParams)),
- sockUID(parseUID("sock_owner", settings.moduleParams)),
- sockGID(parseGID("sock_group", settings.moduleParams)),
- sockMode(parseMode("sock_mode", settings.moduleParams))
-{
- size_t count = 0;
- if (autz.authorize.exists())
- ++count;
- if (auth.authorize.exists())
- ++count;
- if (postauth.authorize.exists())
- ++count;
- if (preacct.authorize.exists())
- ++count;
- if (acct.authorize.exists())
- ++count;
- if (count > 0)
- throw ParserError("Authorization flag is specified in more than one section.");
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#pragma once
-
-#include "stg/module_settings.h"
-
-#include <map>
-#include <string>
-#include <cstdint>
-
-#include <unistd.h> // uid_t, gid_t
-#include <sys/stat.h> // mode_t
-
-namespace STG
-{
-
-struct User;
-
-struct Config
-{
- typedef std::map<std::string, std::string> Pairs;
- typedef std::pair<std::string, std::string> Pair;
- enum Type { UNIX, TCP };
- enum ReturnCode
- {
- REJECT, // Reject the request immediately.
- FAIL, // Module failed.
- OK, // Module is OK, continue.
- HANDLED, // The request is handled, no further handling.
- INVALID, // The request is invalud.
- USERLOCK, // Reject the request, user is locked.
- NOTFOUND, // User not found.
- NOOP, // Module performed no action.
- UPDATED // Module sends some updates.
- };
-
- class Authorize
- {
- public:
- Authorize() : m_auth(false) {}
- Authorize(const Pairs& cond) : m_auth(true), m_cond(cond) {}
-
- bool check(const User& user, const Pairs& radiusData) const;
- bool exists() const { return m_auth; }
- private:
- bool m_auth;
- Pairs m_cond;
- };
-
- struct Section
- {
- Section() = default;
- Section(const Pairs& ma, const Pairs& mo, const Pairs& re, ReturnCode code, const Authorize& auth)
- : match(ma), modify(mo), reply(re), returnCode(code), authorize(auth) {}
- Pairs match;
- Pairs modify;
- Pairs reply;
- ReturnCode returnCode;
- Authorize authorize;
- };
-
- Config() = default;
- Config(const ModuleSettings& settings);
-
- Section autz;
- Section auth;
- Section postauth;
- Section preacct;
- Section acct;
-
- bool verbose;
-
- std::string address;
- Type connectionType;
- std::string bindAddress;
- std::string portStr;
- uint16_t port;
- std::string key;
-
- uid_t sockUID;
- gid_t sockGID;
- mode_t sockMode;
-};
-
-} // namespace STG
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#include "conn.h"
-
-#include "radius.h"
-#include "config.h"
-
-#include "stg/json_parser.h"
-#include "stg/json_generator.h"
-#include "stg/users.h"
-#include "stg/user.h"
-#include "stg/logger.h"
-#include "stg/common.h"
-
-#include <yajl/yajl_gen.h>
-
-#include <map>
-#include <stdexcept>
-#include <cstring>
-#include <cerrno>
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifndef MSG_NOSIGNAL
-// On OSX this flag does not exist.
-#define MSG_NOSIGNAL 0
-#endif
-
-using STG::Conn;
-using STG::Config;
-using STG::JSON::Parser;
-using STG::JSON::PairsParser;
-using STG::JSON::EnumParser;
-using STG::JSON::NodeParser;
-using STG::JSON::Gen;
-using STG::JSON::MapGen;
-using STG::JSON::StringGen;
-
-namespace
-{
-
-double CONN_TIMEOUT = 60;
-double PING_TIMEOUT = 10;
-
-enum Packet
-{
- PING,
- PONG,
- DATA
-};
-
-enum Stage
-{
- AUTHORIZE,
- AUTHENTICATE,
- PREACCT,
- ACCOUNTING,
- POSTAUTH
-};
-
-std::map<std::string, Packet> packetCodes;
-std::map<std::string, Stage> stageCodes;
-
-class PacketParser : public EnumParser<Packet>
-{
- public:
- PacketParser(NodeParser* next, Packet& packet, std::string& packetStr)
- : EnumParser(next, packet, packetStr, packetCodes)
- {
- if (!packetCodes.empty())
- return;
- packetCodes["ping"] = PING;
- packetCodes["pong"] = PONG;
- packetCodes["data"] = DATA;
- }
-};
-
-class StageParser : public EnumParser<Stage>
-{
- public:
- StageParser(NodeParser* next, Stage& stage, std::string& stageStr)
- : EnumParser(next, stage, stageStr, stageCodes)
- {
- if (!stageCodes.empty())
- return;
- stageCodes["authorize"] = AUTHORIZE;
- stageCodes["authenticate"] = AUTHENTICATE;
- stageCodes["preacct"] = PREACCT;
- stageCodes["accounting"] = ACCOUNTING;
- stageCodes["postauth"] = POSTAUTH;
- }
-};
-
-class TopParser : public NodeParser
-{
- public:
- typedef void (*Callback) (void* /*data*/);
- TopParser(Callback callback, void* data)
- : m_packetParser(this, m_packet, m_packetStr),
- m_stageParser(this, m_stage, m_stageStr),
- m_pairsParser(this, m_data),
- m_callback(callback), m_callbackData(data)
- {}
-
- virtual NodeParser* parseStartMap() { return this; }
- virtual NodeParser* parseMapKey(const std::string& value)
- {
- std::string key = ToLower(value);
-
- if (key == "packet")
- return &m_packetParser;
- else if (key == "stage")
- return &m_stageParser;
- else if (key == "pairs")
- return &m_pairsParser;
-
- return this;
- }
- virtual NodeParser* parseEndMap() { m_callback(m_callbackData); return this; }
-
- const std::string& packetStr() const { return m_packetStr; }
- Packet packet() const { return m_packet; }
- const std::string& stageStr() const { return m_stageStr; }
- Stage stage() const { return m_stage; }
- const Config::Pairs& data() const { return m_data; }
-
- private:
- std::string m_packetStr;
- Packet m_packet;
- std::string m_stageStr;
- Stage m_stage;
- Config::Pairs m_data;
-
- PacketParser m_packetParser;
- StageParser m_stageParser;
- PairsParser m_pairsParser;
-
- Callback m_callback;
- void* m_callbackData;
-};
-
-class ProtoParser : public Parser
-{
- public:
- ProtoParser(TopParser::Callback callback, void* data)
- : Parser( &m_topParser ),
- m_topParser(callback, data)
- {}
-
- const std::string& packetStr() const { return m_topParser.packetStr(); }
- Packet packet() const { return m_topParser.packet(); }
- const std::string& stageStr() const { return m_topParser.stageStr(); }
- Stage stage() const { return m_topParser.stage(); }
- const Config::Pairs& data() const { return m_topParser.data(); }
-
- private:
- TopParser m_topParser;
-};
-
-class PacketGen : public Gen
-{
- public:
- PacketGen(const std::string& type)
- : m_type(type)
- {
- m_gen.add("packet", m_type);
- }
- void run(yajl_gen_t* handle) const
- {
- m_gen.run(handle);
- }
- PacketGen& add(const std::string& key, const std::string& value)
- {
- m_gen.add(key, new StringGen(value));
- return *this;
- }
- PacketGen& add(const std::string& key, MapGen* map)
- {
- m_gen.add(key, map);
- return *this;
- }
- PacketGen& add(const std::string& key, MapGen& map)
- {
- m_gen.add(key, map);
- return *this;
- }
- private:
- MapGen m_gen;
- StringGen m_type;
-};
-
-std::string toString(Config::ReturnCode code)
-{
- switch (code)
- {
- case Config::REJECT: return "reject";
- case Config::FAIL: return "fail";
- case Config::OK: return "ok";
- case Config::HANDLED: return "handled";
- case Config::INVALID: return "invalid";
- case Config::USERLOCK: return "userlock";
- case Config::NOTFOUND: return "notfound";
- case Config::NOOP: return "noop";
- case Config::UPDATED: return "noop";
- }
- return "reject";
-}
-
-}
-
-class Conn::Impl
-{
- public:
- Impl(Users& users, PluginLogger& logger, RADIUS& plugin, const Config& config, int fd, const std::string& remote);
- ~Impl();
-
- int sock() const { return m_sock; }
-
- bool read();
- bool tick();
-
- bool isOk() const { return m_ok; }
-
- private:
- Users& m_users;
- PluginLogger& m_logger;
- RADIUS& m_plugin;
- const Config& m_config;
- int m_sock;
- std::string m_remote;
- bool m_ok;
- time_t m_lastPing;
- time_t m_lastActivity;
- ProtoParser m_parser;
- std::set<std::string> m_authorized;
-
- template <typename T>
- const T& stageMember(T Config::Section::* member) const
- {
- switch (m_parser.stage())
- {
- case AUTHORIZE: return m_config.autz.*member;
- case AUTHENTICATE: return m_config.auth.*member;
- case POSTAUTH: return m_config.postauth.*member;
- case PREACCT: return m_config.preacct.*member;
- case ACCOUNTING: return m_config.acct.*member;
- }
- throw std::runtime_error("Invalid stage: '" + m_parser.stageStr() + "'.");
- }
-
- const Config::Pairs& match() const { return stageMember(&Config::Section::match); }
- const Config::Pairs& modify() const { return stageMember(&Config::Section::modify); }
- const Config::Pairs& reply() const { return stageMember(&Config::Section::reply); }
- Config::ReturnCode returnCode() const { return stageMember(&Config::Section::returnCode); }
- const Config::Authorize& authorize() const { return stageMember(&Config::Section::authorize); }
-
- static void process(void* data);
- void processPing();
- void processPong();
- void processData();
- bool answer(const User& user);
- bool answerNo();
- bool sendPing();
- bool sendPong();
-
- static bool write(void* data, const char* buf, size_t size);
-};
-
-Conn::Conn(Users& users, PluginLogger& logger, RADIUS& plugin, const Config& config, int fd, const std::string& remote)
- : m_impl(new Impl(users, logger, plugin, config, fd, remote))
-{
-}
-
-Conn::~Conn()
-{
-}
-
-int Conn::sock() const
-{
- return m_impl->sock();
-}
-
-bool Conn::read()
-{
- return m_impl->read();
-}
-
-bool Conn::tick()
-{
- return m_impl->tick();
-}
-
-bool Conn::isOk() const
-{
- return m_impl->isOk();
-}
-
-Conn::Impl::Impl(Users& users, PluginLogger& logger, RADIUS& plugin, const Config& config, int fd, const std::string& remote)
- : m_users(users),
- m_logger(logger),
- m_plugin(plugin),
- m_config(config),
- m_sock(fd),
- m_remote(remote),
- m_ok(true),
- m_lastPing(time(NULL)),
- m_lastActivity(m_lastPing),
- m_parser(&Conn::Impl::process, this)
-{
-}
-
-Conn::Impl::~Impl()
-{
- close(m_sock);
-
- std::set<std::string>::const_iterator it = m_authorized.begin();
- for (; it != m_authorized.end(); ++it)
- m_plugin.unauthorize(*it, "Lost connection to RADIUS server " + m_remote + ".");
-}
-
-bool Conn::Impl::read()
-{
- static std::vector<char> buffer(1024);
- ssize_t res = ::read(m_sock, buffer.data(), buffer.size());
- if (res < 0)
- {
- m_logger("Failed to read data from '" + m_remote + "': " + strerror(errno));
- m_ok = false;
- return false;
- }
- printfd(__FILE__, "Read %d bytes.\n%s\n", res, std::string(buffer.data(), res).c_str());
- m_lastActivity = time(NULL);
- if (res == 0)
- {
- m_ok = false;
- return true;
- }
- return m_parser.append(buffer.data(), res);
-}
-
-bool Conn::Impl::tick()
-{
- time_t now = time(NULL);
- if (difftime(now, m_lastActivity) > CONN_TIMEOUT)
- {
- int delta = difftime(now, m_lastActivity);
- printfd(__FILE__, "Connection to '%s' timed out: %d sec.\n", m_remote.c_str(), delta);
- m_logger("Connection to " + m_remote + " timed out.");
- m_ok = false;
- return false;
- }
- if (difftime(now, m_lastPing) > PING_TIMEOUT)
- {
- int delta = difftime(now, m_lastPing);
- printfd(__FILE__, "Ping timeout: %d sec. Sending ping...\n", delta);
- sendPing();
- }
- return true;
-}
-
-void Conn::Impl::process(void* data)
-{
- Impl& impl = *static_cast<Impl*>(data);
- try
- {
- switch (impl.m_parser.packet())
- {
- case PING:
- impl.processPing();
- return;
- case PONG:
- impl.processPong();
- return;
- case DATA:
- impl.processData();
- return;
- }
- }
- catch (const std::exception& ex)
- {
- printfd(__FILE__, "Processing error. %s", ex.what());
- impl.m_logger("Processing error. %s", ex.what());
- }
- printfd(__FILE__, "Received invalid packet type: '%s'.\n", impl.m_parser.packetStr().c_str());
- impl.m_logger("Received invalid packet type: " + impl.m_parser.packetStr());
-}
-
-void Conn::Impl::processPing()
-{
- printfd(__FILE__, "Got ping. Sending pong...\n");
- sendPong();
-}
-
-void Conn::Impl::processPong()
-{
- printfd(__FILE__, "Got pong.\n");
- m_lastActivity = time(NULL);
-}
-
-void Conn::Impl::processData()
-{
- printfd(__FILE__, "Got data.\n");
- int handle = m_users.OpenSearch();
-
- User* user = NULL;
- bool matched = false;
- while (m_users.SearchNext(handle, &user) == 0)
- {
- if (user == NULL)
- continue;
-
- matched = true;
- for (Config::Pairs::const_iterator it = match().begin(); it != match().end(); ++it)
- {
- Config::Pairs::const_iterator pos = m_parser.data().find(it->first);
- if (pos == m_parser.data().end())
- {
- matched = false;
- break;
- }
- if (user->GetParamValue(it->second) != pos->second)
- {
- matched = false;
- break;
- }
- }
- if (!matched)
- continue;
- answer(*user);
- if (authorize().check(*user, m_parser.data()))
- {
- m_plugin.authorize(*user);
- m_authorized.insert(user->GetLogin());
- }
- break;
- }
-
- if (!matched)
- answerNo();
-
- m_users.CloseSearch(handle);
-}
-
-bool Conn::Impl::answer(const User& user)
-{
- printfd(__FILE__, "Got match. Sending answer...\n");
- MapGen replyData;
- for (Config::Pairs::const_iterator it = reply().begin(); it != reply().end(); ++it)
- replyData.add(it->first, new StringGen(user.GetParamValue(it->second)));
-
- MapGen modifyData;
- for (Config::Pairs::const_iterator it = modify().begin(); it != modify().end(); ++it)
- modifyData.add(it->first, new StringGen(user.GetParamValue(it->second)));
-
- PacketGen gen("data");
- gen.add("result", "ok")
- .add("reply", replyData)
- .add("modify", modifyData);
-
- m_lastPing = time(NULL);
-
- return generate(gen, &Conn::Impl::write, this);
-}
-
-bool Conn::Impl::answerNo()
-{
- printfd(__FILE__, "No match. Sending answer...\n");
- PacketGen gen("data");
- gen.add("result", "no");
- gen.add("return_code", toString(returnCode()));
-
- m_lastPing = time(NULL);
-
- return generate(gen, &Conn::Impl::write, this);
-}
-
-bool Conn::Impl::sendPing()
-{
- PacketGen gen("ping");
-
- m_lastPing = time(NULL);
-
- return generate(gen, &Conn::Impl::write, this);
-}
-
-bool Conn::Impl::sendPong()
-{
- PacketGen gen("pong");
-
- m_lastPing = time(NULL);
-
- return generate(gen, &Conn::Impl::write, this);
-}
-
-bool Conn::Impl::write(void* data, const char* buf, size_t size)
-{
- std::string json(buf, size);
- printfd(__FILE__, "Writing JSON:\n%s\n", json.c_str());
- Conn::Impl& conn = *static_cast<Conn::Impl*>(data);
- while (size > 0)
- {
- ssize_t res = ::send(conn.m_sock, buf, size, MSG_NOSIGNAL);
- if (res < 0)
- {
- conn.m_logger("Failed to write pong to '" + conn.m_remote + "': " + strerror(errno));
- conn.m_ok = false;
- return false;
- }
- size -= res;
- }
- return true;
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#pragma once
-
-#include <string>
-#include <memory>
-
-class RADIUS;
-
-namespace STG
-{
-
-struct Users;
-class PluginLogger;
-
-struct Config;
-
-class Conn
-{
- public:
- Conn(Users& users, PluginLogger& logger, RADIUS& plugin, const Config& config, int fd, const std::string& remote);
- ~Conn();
-
- int sock() const;
-
- bool read();
- bool tick();
-
- bool isOk() const;
-
- private:
- class Impl;
- std::unique_ptr<Impl> m_impl;
-};
-
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#include "radius.h"
-
-#include "stg/store.h"
-#include "stg/users.h"
-#include "stg/user.h"
-#include "stg/common.h"
-
-#include <algorithm>
-#include <stdexcept>
-#include <csignal>
-#include <cerrno>
-#include <cstring>
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/un.h> // UNIX
-#include <netinet/in.h> // IP
-#include <netinet/tcp.h> // TCP
-#include <netdb.h>
-
-using STG::Config;
-using STG::Conn;
-
-extern "C" STG::Plugin* GetPlugin()
-{
- static RADIUS plugin;
- return &plugin;
-}
-
-RADIUS::RADIUS()
- : m_running(false),
- m_stopped(true),
- m_users(NULL),
- m_store(NULL),
- m_listenSocket(0),
- m_logger(STG::PluginLogger::get("radius"))
-{
-}
-
-int RADIUS::ParseSettings()
-{
- try {
- m_config = STG::Config(m_settings);
- return reconnect() ? 0 : -1;
- } catch (const std::runtime_error& ex) {
- m_logger("Failed to parse settings. %s", ex.what());
- return -1;
- }
-}
-
-int RADIUS::Start()
-{
- if (m_running)
- return 0;
-
- int res = pthread_create(&m_thread, NULL, run, this);
- if (res == 0)
- return 0;
-
- m_error = strerror(res);
- m_logger("Failed to create thread: '" + m_error + "'.");
- return -1;
-}
-
-int RADIUS::Stop()
-{
- std::set<std::string>::const_iterator it = m_logins.begin();
- for (; it != m_logins.end(); ++it)
- m_users->Unauthorize(*it, this, "Stopping RADIUS plugin.");
- m_logins.clear();
-
- if (m_stopped)
- return 0;
-
- m_running = false;
-
- for (size_t i = 0; i < 25 && !m_stopped; i++) {
- struct timespec ts = {0, 200000000};
- nanosleep(&ts, NULL);
- }
-
- if (m_stopped) {
- pthread_join(m_thread, NULL);
- return 0;
- }
-
- if (m_config.connectionType == Config::UNIX)
- unlink(m_config.bindAddress.c_str());
-
- m_error = "Failed to stop thread.";
- m_logger(m_error);
- return -1;
-}
-//-----------------------------------------------------------------------------
-void* RADIUS::run(void* d)
-{
- sigset_t signalSet;
- sigfillset(&signalSet);
- pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
-
- static_cast<RADIUS *>(d)->runImpl();
-
- return NULL;
-}
-
-bool RADIUS::reconnect()
-{
- if (!m_conns.empty())
- {
- std::deque<STG::Conn *>::const_iterator it;
- for (it = m_conns.begin(); it != m_conns.end(); ++it)
- delete(*it);
- m_conns.clear();
- }
- if (m_listenSocket != 0)
- {
- shutdown(m_listenSocket, SHUT_RDWR);
- close(m_listenSocket);
- }
- if (m_config.connectionType == Config::UNIX)
- m_listenSocket = createUNIX();
- else
- m_listenSocket = createTCP();
- if (m_listenSocket == 0)
- return false;
- if (listen(m_listenSocket, 100) == -1)
- {
- m_error = std::string("Error starting to listen socket: ") + strerror(errno);
- m_logger(m_error);
- return false;
- }
- return true;
-}
-
-int RADIUS::createUNIX() const
-{
- int fd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (fd == -1)
- {
- m_error = std::string("Error creating UNIX socket: ") + strerror(errno);
- m_logger(m_error);
- return 0;
- }
- struct sockaddr_un addr;
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, m_config.bindAddress.c_str(), m_config.bindAddress.length());
- unlink(m_config.bindAddress.c_str());
- if (bind(fd, reinterpret_cast<struct sockaddr*>(&addr), sizeof(addr)) == -1)
- {
- shutdown(fd, SHUT_RDWR);
- close(fd);
- m_error = std::string("Error binding UNIX socket: ") + strerror(errno);
- m_logger(m_error);
- return 0;
- }
- chown(m_config.bindAddress.c_str(), m_config.sockUID, m_config.sockGID);
- if (m_config.sockMode != static_cast<mode_t>(-1))
- chmod(m_config.bindAddress.c_str(), m_config.sockMode);
- return fd;
-}
-
-int RADIUS::createTCP() const
-{
- addrinfo hints;
- memset(&hints, 0, sizeof(addrinfo));
-
- hints.ai_family = AF_INET; /* Allow IPv4 */
- hints.ai_socktype = SOCK_STREAM; /* Stream socket */
- hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
- hints.ai_protocol = 0; /* Any protocol */
- hints.ai_canonname = NULL;
- hints.ai_addr = NULL;
- hints.ai_next = NULL;
-
- addrinfo* ais = NULL;
- int res = getaddrinfo(m_config.bindAddress.c_str(), m_config.portStr.c_str(), &hints, &ais);
- if (res != 0)
- {
- m_error = "Error resolving address '" + m_config.bindAddress + "': " + gai_strerror(res);
- m_logger(m_error);
- return 0;
- }
-
- for (addrinfo* ai = ais; ai != NULL; ai = ai->ai_next)
- {
- int fd = socket(AF_INET, SOCK_STREAM, 0);
- if (fd == -1)
- {
- m_error = std::string("Error creating TCP socket: ") + strerror(errno);
- m_logger(m_error);
- freeaddrinfo(ais);
- return 0;
- }
- if (bind(fd, ai->ai_addr, ai->ai_addrlen) == -1)
- {
- shutdown(fd, SHUT_RDWR);
- close(fd);
- m_error = std::string("Error binding TCP socket: ") + strerror(errno);
- m_logger(m_error);
- continue;
- }
- freeaddrinfo(ais);
- return fd;
- }
-
- m_error = "Failed to resolve '" + m_config.bindAddress;
- m_logger(m_error);
-
- freeaddrinfo(ais);
- return 0;
-}
-
-void RADIUS::runImpl()
-{
- m_running = true;
- m_stopped = false;
-
- while (m_running) {
- fd_set fds;
-
- buildFDSet(fds);
-
- struct timeval tv;
- tv.tv_sec = 0;
- tv.tv_usec = 500000;
-
- int res = select(maxFD() + 1, &fds, NULL, NULL, &tv);
- if (res < 0)
- {
- if (errno == EINTR)
- continue;
- m_error = std::string("'select' is failed: '") + strerror(errno) + "'.";
- m_logger(m_error);
- break;
- }
-
- if (!m_running)
- break;
-
- if (res > 0)
- handleEvents(fds);
- else
- {
- for (std::deque<Conn*>::iterator it = m_conns.begin(); it != m_conns.end(); ++it)
- (*it)->tick();
- }
-
- cleanupConns();
- }
-
- m_stopped = true;
-}
-
-int RADIUS::maxFD() const
-{
- int maxFD = m_listenSocket;
- std::deque<STG::Conn *>::const_iterator it;
- for (it = m_conns.begin(); it != m_conns.end(); ++it)
- if (maxFD < (*it)->sock())
- maxFD = (*it)->sock();
- return maxFD;
-}
-
-void RADIUS::buildFDSet(fd_set & fds) const
-{
- FD_ZERO(&fds);
- FD_SET(m_listenSocket, &fds);
- std::deque<STG::Conn *>::const_iterator it;
- for (it = m_conns.begin(); it != m_conns.end(); ++it)
- FD_SET((*it)->sock(), &fds);
-}
-
-void RADIUS::cleanupConns()
-{
- std::deque<STG::Conn *>::iterator pos;
- for (pos = m_conns.begin(); pos != m_conns.end(); ++pos)
- if (!(*pos)->isOk()) {
- delete *pos;
- *pos = NULL;
- }
-
- pos = std::remove(m_conns.begin(), m_conns.end(), static_cast<STG::Conn *>(NULL));
- m_conns.erase(pos, m_conns.end());
-}
-
-void RADIUS::handleEvents(const fd_set & fds)
-{
- if (FD_ISSET(m_listenSocket, &fds))
- acceptConnection();
- else
- {
- std::deque<STG::Conn *>::iterator it;
- for (it = m_conns.begin(); it != m_conns.end(); ++it)
- if (FD_ISSET((*it)->sock(), &fds))
- (*it)->read();
- else
- (*it)->tick();
- }
-}
-
-void RADIUS::acceptConnection()
-{
- if (m_config.connectionType == Config::UNIX)
- acceptUNIX();
- else
- acceptTCP();
-}
-
-void RADIUS::acceptUNIX()
-{
- struct sockaddr_un addr;
- memset(&addr, 0, sizeof(addr));
- socklen_t size = sizeof(addr);
- int res = accept(m_listenSocket, reinterpret_cast<sockaddr*>(&addr), &size);
- if (res == -1)
- {
- m_error = std::string("Failed to accept UNIX connection: ") + strerror(errno);
- m_logger(m_error);
- return;
- }
- printfd(__FILE__, "New UNIX connection: '%s'\n", addr.sun_path);
- m_conns.push_back(new Conn(*m_users, m_logger, *this, m_config, res, addr.sun_path));
-}
-
-void RADIUS::acceptTCP()
-{
- struct sockaddr_in addr;
- memset(&addr, 0, sizeof(addr));
- socklen_t size = sizeof(addr);
- int res = accept(m_listenSocket, reinterpret_cast<sockaddr*>(&addr), &size);
- if (res == -1)
- {
- m_error = std::string("Failed to accept TCP connection: ") + strerror(errno);
- m_logger(m_error);
- return;
- }
- std::string remote = inet_ntostring(addr.sin_addr.s_addr) + ":" + std::to_string(ntohs(addr.sin_port));
- printfd(__FILE__, "New TCP connection: '%s'\n", remote.c_str());
- m_conns.push_back(new Conn(*m_users, m_logger, *this, m_config, res, remote));
-}
-
-void RADIUS::authorize(const STG::User& user)
-{
- uint32_t ip = 0;
- const std::string& login(user.GetLogin());
- if (!m_users->Authorize(login, ip, 0xffFFffFF, this))
- {
- m_error = "Unable to authorize user '" + login + "' with ip " + inet_ntostring(ip) + ".";
- m_logger(m_error);
- }
- else
- m_logins.insert(login);
-}
-
-void RADIUS::unauthorize(const std::string& login, const std::string& reason)
-{
- const std::set<std::string>::const_iterator it = m_logins.find(login);
- if (it == m_logins.end())
- return;
- m_logins.erase(it);
- m_users->Unauthorize(login, this, reason);
-}
+++ /dev/null
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * Author : Maxim Mamontov <faust@stargazer.dp.ua>
- */
-
-#pragma once
-
-#include "stg/auth.h"
-#include "stg/module_settings.h"
-#include "stg/logger.h"
-
-#include "config.h"
-#include "conn.h"
-
-#include <string>
-#include <deque>
-#include <set>
-#include <cstdint>
-
-#include <pthread.h>
-#include <unistd.h>
-#include <sys/select.h>
-#include <sys/types.h>
-
-namespace STG
-{
-struct Store;
-struct Users;
-struct User;
-}
-
-class RADIUS : public STG::Auth {
-public:
- RADIUS();
- virtual ~RADIUS() {}
-
- void SetUsers(STG::Users* u) { m_users = u; }
- void SetStore(STG::Store* s) { m_store = s; }
- void SetStgSettings(const STG::Settings*) {}
- void SetSettings(const STG::ModuleSettings& s) { m_settings = s; }
- int ParseSettings();
-
- int Start();
- int Stop();
- int Reload(const STG::ModuleSettings & /*ms*/) { return 0; }
- bool IsRunning() { return m_running; }
-
- const std::string& GetStrError() const { return m_error; }
- std::string GetVersion() const { return "RADIUS data access plugin v. 2.0"; }
- uint16_t GetStartPosition() const { return 30; }
- uint16_t GetStopPosition() const { return 30; }
-
- int SendMessage(const STG::Message&, uint32_t) const { return 0; }
-
- void authorize(const STG::User& user);
- void unauthorize(const std::string& login, const std::string& reason);
-
-private:
- RADIUS(const RADIUS & rvalue);
- RADIUS & operator=(const RADIUS & rvalue);
-
- static void* run(void*);
-
- bool reconnect();
- int createUNIX() const;
- int createTCP() const;
- void runImpl();
- int maxFD() const;
- void buildFDSet(fd_set & fds) const;
- void cleanupConns();
- void handleEvents(const fd_set & fds);
- void acceptConnection();
- void acceptUNIX();
- void acceptTCP();
-
- mutable std::string m_error;
- STG::Config m_config;
-
- STG::ModuleSettings m_settings;
-
- bool m_running;
- bool m_stopped;
-
- STG::Users* m_users;
- const STG::Store* m_store;
-
- int m_listenSocket;
- std::deque<STG::Conn*> m_conns;
- std::set<std::string> m_logins;
-
- pthread_t m_thread;
-
- STG::PluginLogger m_logger;
-};
git.stg.codes / stg.git / commitdiff