From: Maxim Mamontov Date: Sat, 6 Oct 2012 14:40:25 +0000 (+0300) Subject: Changes in rlm_stg for better integration with FreeRADIUS. X-Git-Tag: 2.409~408 X-Git-Url: https://git.stg.codes/stg.git/commitdiff_plain/75dfb67fd068cc291e22f4f813b407812ebd09d2?ds=sidebyside Changes in rlm_stg for better integration with FreeRADIUS. --- diff --git a/projects/rlm_stg/Makefile b/projects/rlm_stg/Makefile index 9d51021b..98f5f2d2 100644 --- a/projects/rlm_stg/Makefile +++ b/projects/rlm_stg/Makefile @@ -8,7 +8,8 @@ LIB_NAME = rlm_stg PROG = $(LIB_NAME).so -SRCS = ./rlm_stg.cpp \ +SRCS = ./rlm_stg.c \ + ./iface.cpp \ ./stg_client.cpp STGLIBS = crypto \ diff --git a/projects/rlm_stg/build_check.c b/projects/rlm_stg/build_check.c deleted file mode 100644 index a5a7341e..00000000 --- a/projects/rlm_stg/build_check.c +++ /dev/null @@ -1 +0,0 @@ -int main() { int probe = 0x00000001; return *(char *)&probe; } diff --git a/projects/rlm_stg/conf.h b/projects/rlm_stg/conf.h deleted file mode 100644 index e96eb715..00000000 --- a/projects/rlm_stg/conf.h +++ /dev/null @@ -1,38 +0,0 @@ -/* Default Database File Names */ - -#define RADIUS_DIR RADDBDIR -#define RADACCT_DIR RADIR -#define RADLOG_DIR LOGDIR - -#define RADIUS_DICTIONARY "dictionary" -#define RADIUS_CLIENTS "clients" -#define RADIUS_NASLIST "naslist" -#define RADIUS_REALMS "realms" - -#define RADUTMP LOGDIR "/radutmp" -#define SRADUTMP LOGDIR "/sradutmp" -#define RADWTMP LOGDIR "/radwtmp" -#define SRADWTMP LOGDIR "/sradwtmp" - -/* Hack for funky ascend ports on MAX 4048 (and probably others) - The "NAS-Port-Id" value is "xyyzz" where "x" = 1 for digital, 2 for analog; - "yy" = line number (1 for first PRI/T1/E1, 2 for second, so on); - "zz" = channel number (on the PRI or Channelized T1/E1). - This should work with normal terminal servers, unless you have a TS with - more than 9999 ports ;^). - The "ASCEND_CHANNELS_PER_LINE" is the number of channels for each line into - the unit. For my US/PRI that's 23. A US/T1 would be 24, and a - European E1 would be 30 (I think ... never had one ;^). - This will NOT change the "NAS-Port-Id" reported in the detail log. This - is simply to fix the dynamic IP assignments a la Cistron. - You can change the default of 23 with an argument to ./configure. - WARNING: This hack works for me, but I only have one PRI!!! I've not - tested it on 2 or more (or with models other than the Max 4048) - Use at your own risk! - -- dgreer@austintx.com -*/ -#ifdef ASCEND_PORT_HACK -# ifndef ASCEND_CHANNELS_PER_LINE -# define ASCEND_CHANNELS_PER_LINE 23 -# endif -#endif diff --git a/projects/rlm_stg/conffile.h b/projects/rlm_stg/conffile.h deleted file mode 100644 index 8998c36d..00000000 --- a/projects/rlm_stg/conffile.h +++ /dev/null @@ -1,127 +0,0 @@ -#ifndef _CONFFILE_H -#define _CONFFILE_H - -/* - * conffile.h Defines for the conffile parsing routines. - * - * Version: $Id: conffile.h,v 1.1 2010/08/14 04:13:52 faust Exp $ - * - */ - -//#include -//RCSIDH(conffile_h, "$Id: conffile.h,v 1.1 2010/08/14 04:13:52 faust Exp $") - -#include -//#include -#include "libradius.h" - -/* - * Export the minimum amount of information about these structs - */ -typedef struct conf_item CONF_ITEM; -typedef struct conf_pair CONF_PAIR; -typedef struct conf_part CONF_SECTION; -typedef struct conf_data CONF_DATA; - -/* - * Instead of putting the information into a configuration structure, - * the configuration file routines MAY just parse it directly into - * user-supplied variables. - */ -#define PW_TYPE_STRING_PTR 100 -#define PW_TYPE_BOOLEAN 101 -#define PW_TYPE_SUBSECTION 102 -#define PW_TYPE_FILENAME 103 - -typedef struct CONF_PARSER { - const char *name; - int type; /* PW_TYPE_STRING, etc. */ - size_t offset; /* relative pointer within "base" */ - void *data; /* absolute pointer if base is NULL */ - const char *dflt; /* default as it would appear in radiusd.conf */ -} CONF_PARSER; - -/* This preprocessor trick will be useful in initializing CONF_PARSER struct */ -#define XStringify(x) #x -#define Stringify(x) XStringify(x) - -void cf_pair_free(CONF_PAIR **cp); -int cf_pair_replace(CONF_SECTION *cs, CONF_PAIR *cp, - const char *value); -void cf_section_free(CONF_SECTION **cp); -int cf_item_parse(CONF_SECTION *cs, const char *name, - int type, void *data, const char *dflt); -int cf_section_parse(CONF_SECTION *, void *base, - const CONF_PARSER *variables); -void cf_section_parse_free(CONF_SECTION *cs, void *base); -const CONF_PARSER *cf_section_parse_table(CONF_SECTION *cs); -CONF_SECTION *cf_file_read(const char *file); -int cf_file_include(const char *file, CONF_SECTION *cs); - -CONF_PAIR *cf_pair_find(const CONF_SECTION *, const char *name); -CONF_PAIR *cf_pair_find_next(const CONF_SECTION *, CONF_PAIR *, const char *name); -CONF_SECTION *cf_section_find(const char *name); -CONF_SECTION *cf_section_sub_find(const CONF_SECTION *, const char *name); -CONF_SECTION *cf_section_sub_find_name2(const CONF_SECTION *, const char *name1, const char *name2); -const char *cf_section_value_find(const CONF_SECTION *, const char *attr); -CONF_SECTION *cf_top_section(CONF_SECTION *cs); - -void *cf_data_find(CONF_SECTION *, const char *); -int cf_data_add(CONF_SECTION *, const char *, void *, void (*)(void *)); - -const char *cf_pair_attr(CONF_PAIR *pair); -const char *cf_pair_value(CONF_PAIR *pair); -VALUE_PAIR *cf_pairtovp(CONF_PAIR *pair); -const char *cf_section_name1(const CONF_SECTION *); -const char *cf_section_name2(const CONF_SECTION *); -int dump_config(CONF_SECTION *cs); -CONF_SECTION *cf_subsection_find_next(CONF_SECTION *section, - CONF_SECTION *subsection, - const char *name1); -CONF_SECTION *cf_section_find_next(CONF_SECTION *section, - CONF_SECTION *subsection, - const char *name1); -int cf_section_lineno(CONF_SECTION *section); -int cf_pair_lineno(CONF_PAIR *pair); -const char *cf_pair_filename(CONF_PAIR *pair); -const char *cf_section_filename(CONF_SECTION *section); -CONF_ITEM *cf_item_find_next(CONF_SECTION *section, CONF_ITEM *item); -int cf_item_is_section(CONF_ITEM *item); -int cf_item_is_pair(CONF_ITEM *item); -CONF_PAIR *cf_itemtopair(CONF_ITEM *item); -CONF_SECTION *cf_itemtosection(CONF_ITEM *item); -CONF_ITEM *cf_pairtoitem(CONF_PAIR *cp); -CONF_ITEM *cf_sectiontoitem(CONF_SECTION *cs); -int cf_section_template(CONF_SECTION *cs, CONF_SECTION *_template); -void cf_log_err(CONF_ITEM *ci, const char *fmt, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))) -#endif -; -void cf_log_info(CONF_SECTION *cs, const char *fmt, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))) -#endif -; -void cf_log_module(CONF_SECTION *cs, const char *fmt, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))) -#endif -; -CONF_ITEM *cf_reference_item(const CONF_SECTION *parentcs, - CONF_SECTION *outercs, - const char *ptr); -extern int cf_log_config; -extern int cf_log_modules; - -extern int cf_pair2xml(FILE *fp, CONF_PAIR *cp); -extern int cf_section2xml(FILE *fp, CONF_SECTION *cs); -extern int cf_pair2file(FILE *fp, CONF_PAIR *cp); -extern int cf_section2file(FILE *fp, CONF_SECTION *cs); - -/* - * Big magic. - */ -int cf_section_migrate(CONF_SECTION *dst, CONF_SECTION *src); - -#endif /* _CONFFILE_H */ diff --git a/projects/rlm_stg/iface.cpp b/projects/rlm_stg/iface.cpp new file mode 100644 index 00000000..9d6a7833 --- /dev/null +++ b/projects/rlm_stg/iface.cpp @@ -0,0 +1,43 @@ +#include "iface.h" + +#include "loki/Singleton.h" + +#include "thriftclient.h" + +int stgInstantiateImpl(const char * server, uint16_t port, const char * password) +{ + if (STG_CLIENT_ST::Get().Configure(server, port, password)) + return 1; + + return 0; +} + +const STG_PAIR * stgAuthorizeImpl(const char * userName, const char * serviceType) +{ + return STG_CLIENT_ST::Get().Authorize(userName, serviceType); +} + +const STG_PAIR * stgAuthenticateImpl(const char * userName, const char * serviceType) +{ + return STG_CLIENT_ST::Get().Authenticate(userName, serviceType); +} + +const STG_PAIR * stgPostAuthImpl(const char * userName, const char * serviceType) +{ + return STG_CLIENT_ST::Get().PostAuth(userName, serviceType); +} + +const STG_PAIR * stgPreAcctImpl(const char * userName, const char * serviceType) +{ + return STG_CLIENT_ST::Get().PreAcct(userName, serviceType); +} + +const STG_PAIR * stgAccountingImpl(const char * userName, const char * serviceType, const char * statusType, const char * sessionId) +{ + return STG_CLIENT_ST::Get().Account(userName, serviceType, statusType, sessionId); +} + +void deletePairs(const STG_PAIR * pairs) +{ + delete[] pairs; +} diff --git a/projects/rlm_stg/iface.h b/projects/rlm_stg/iface.h new file mode 100644 index 00000000..57bb9f42 --- /dev/null +++ b/projects/rlm_stg/iface.h @@ -0,0 +1,25 @@ +#ifndef __STG_IFACE_H__ +#define __STG_IFACE_H__ + +#include + +#include "stgpair.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int stgInstantiateImpl(const char * server, uint16_t port, const char * password); +const STG_PAIR * stgAuthorizeImpl(const char * userName, const char * serviceType); +const STG_PAIR * stgAuthenticateImpl(const char * userName, const char * serviceType); +const STG_PAIR * stgPostAuthImpl(const char * userName, const char * serviceType); +const STG_PAIR * stgPreAcctImpl(const char * userName, const char * serviceType); +const STG_PAIR * stgAccountingImpl(const char * userName, const char * serviceType, const char * statusType, const char * sessionId); + +void deletePairs(const STG_PAIR * pairs); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/projects/rlm_stg/libradius.h b/projects/rlm_stg/libradius.h deleted file mode 100644 index 25cb98e1..00000000 --- a/projects/rlm_stg/libradius.h +++ /dev/null @@ -1,475 +0,0 @@ -#ifndef LIBRADIUS_H -#define LIBRADIUS_H - -/* - * libradius.h Structures and prototypes - * for the radius library. - * - * Version: $Id: libradius.h,v 1.1 2010/08/14 04:13:52 faust Exp $ - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA - * - * Copyright 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008 The FreeRADIUS server project - */ - -//#include -//RCSIDH(libradius_h, "$Id: libradius.h,v 1.1 2010/08/14 04:13:52 faust Exp $") - -#include -#include - -#include -#include -#include -#include "stg/os_int.h" - -#ifdef FREE_BSD -#include -#endif -#include -#include - -/*#include -#include */ - -#include "token.h" - -#ifdef SIZEOF_UNSIGNED_INT -#if SIZEOF_UNSIGNED_INT != 4 -#error FATAL: sizeof(unsigned int) != 4 -#endif -#endif - -/* - * Include for modules. - */ -/*#include -#include */ - -#define EAP_START 2 - -#define AUTH_VECTOR_LEN 16 -#define CHAP_VALUE_LENGTH 16 -#define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */ - -# define VENDOR(x) ((x >> 16) & 0xffff) - -#ifdef _LIBRADIUS -# define AUTH_HDR_LEN 20 -# define VENDORPEC_USR 429 -#define VENDORPEC_LUCENT 4846 -#define VENDORPEC_STARENT 8164 -# define DEBUG if (fr_debug_flag && fr_log_fp) fr_printf_log -# define debug_pair(vp) do { if (fr_debug_flag && fr_log_fp) { \ - fputc('\t', fr_log_fp); \ - vp_print(fr_log_fp, vp); \ - fputc('\n', fr_log_fp); \ - } \ - } while(0) -# define TAG_VALID(x) ((x) > 0 && (x) < 0x20) -# define TAG_VALID_ZERO(x) ((x) < 0x20) -# define TAG_ANY -128 /* minimum signed char */ -#endif - -#if defined(__GNUC__) -# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) -# define NEVER_RETURNS __attribute__ ((noreturn)) -# define UNUSED __attribute__ ((unused)) -# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ -#else -# define PRINTF_LIKE(n) /* ignore */ -# define NEVER_RETURNS /* ignore */ -# define UNUSED /* ignore */ -# define BLANK_FORMAT "" -#endif - -typedef struct attr_flags { - unsigned int addport : 1; /* add NAS-Port to IP address */ - unsigned int has_tag : 1; /* tagged attribute */ - unsigned int do_xlat : 1; /* strvalue is dynamic */ - unsigned int unknown_attr : 1; /* not in dictionary */ - unsigned int array : 1; /* pack multiples into 1 attr */ - unsigned int has_value : 1; /* has a value */ - unsigned int has_value_alias : 1; /* has a value alias */ - unsigned int has_tlv : 1; /* has sub attributes */ - unsigned int is_tlv : 1; /* is a sub attribute */ - unsigned int encoded : 1; /* has been put into packet */ - - int8_t tag; /* tag for tunneled attributes */ - uint8_t encrypt; /* encryption method */ -} ATTR_FLAGS; - -/* - * Values of the encryption flags. - */ -#define FLAG_ENCRYPT_NONE (0) -#define FLAG_ENCRYPT_USER_PASSWORD (1) -#define FLAG_ENCRYPT_TUNNEL_PASSWORD (2) -#define FLAG_ENCRYPT_ASCEND_SECRET (3) - -typedef struct dict_attr { - unsigned int attr; - int type; - int vendor; - ATTR_FLAGS flags; - char name[1]; -} DICT_ATTR; - -typedef struct dict_value { - unsigned int attr; - int value; - char name[1]; -} DICT_VALUE; - -typedef struct dict_vendor { - int vendorpec; - int type; /* length of type data */ - int length; /* length of length data */ - int flags; - char name[1]; -} DICT_VENDOR; - -typedef union value_pair_data { - char strvalue[MAX_STRING_LEN]; - uint8_t octets[MAX_STRING_LEN]; - struct in_addr ipaddr; - struct in6_addr ipv6addr; - uint32_t date; - uint32_t integer; - int32_t sinteger; - uint8_t filter[32]; - uint8_t ifid[8]; /* struct? */ - uint8_t ipv6prefix[18]; /* struct? */ - uint8_t ether[6]; - uint8_t *tlv; -} VALUE_PAIR_DATA; - -typedef struct value_pair { - const char *name; - int attribute; - int vendor; - int type; - size_t length; /* of data */ - FR_TOKEN _operator; - ATTR_FLAGS flags; - struct value_pair *next; - uint32_t lvalue; - VALUE_PAIR_DATA data; -} VALUE_PAIR; -#define vp_strvalue data.strvalue -#define vp_octets data.octets -#define vp_ipv6addr data.ipv6addr -#define vp_ifid data.ifid -#define vp_ipv6prefix data.ipv6prefix -#define vp_filter data.filter -#define vp_ether data.ether -#define vp_signed data.sinteger -#define vp_tlv data.tlv - -#if 0 -#define vp_ipaddr data.ipaddr.s_addr -#define vp_date data.date -#define vp_integer data.integer -#else -/* - * These are left as lvalue until we audit the source for code - * that prints to vp_strvalue for integer/ipaddr/date types. - */ -#define vp_ipaddr lvalue -#define vp_date lvalue -#define vp_integer lvalue -#endif - - -typedef struct fr_ipaddr_t { - int af; /* address family */ - union { - struct in_addr ip4addr; - struct in6_addr ip6addr; /* maybe defined in missing.h */ - } ipaddr; -} fr_ipaddr_t; - -/* - * vector: Request authenticator from access-request packet - * Put in there by rad_decode, and must be put in the - * response RADIUS_PACKET as well before calling rad_send - * - * verified: Filled in by rad_decode for accounting-request packets - * - * data,data_len: Used between rad_recv and rad_decode. - */ -typedef struct radius_packet { - int sockfd; - fr_ipaddr_t src_ipaddr; - fr_ipaddr_t dst_ipaddr; - uint16_t src_port; - uint16_t dst_port; - int id; - unsigned int code; - uint32_t hash; - uint8_t vector[AUTH_VECTOR_LEN]; - time_t timestamp; - uint8_t *data; - int data_len; - VALUE_PAIR *vps; - ssize_t offset; -} RADIUS_PACKET; - -/* - * Printing functions. - */ -int fr_utf8_char(const uint8_t *str); -void fr_print_string(const char *in, size_t inlen, - char *out, size_t outlen); -int vp_prints_value(char *out, size_t outlen, - VALUE_PAIR *vp, int delimitst); -const char *vp_print_name(char *buffer, size_t bufsize, int attr); -int vp_prints(char *out, size_t outlen, VALUE_PAIR *vp); -void vp_print(FILE *, VALUE_PAIR *); -void vp_printlist(FILE *, VALUE_PAIR *); -#define fprint_attr_val vp_print - -/* - * Dictionary functions. - */ -int dict_addvendor(const char *name, int value); -int dict_addattr(const char *name, int vendor, int type, int value, ATTR_FLAGS flags); -int dict_addvalue(const char *namestr, const char *attrstr, int value); -int dict_init(const char *dir, const char *fn); -void dict_free(void); -DICT_ATTR *dict_attrbyvalue(unsigned int attr); -DICT_ATTR *dict_attrbyname(const char *attr); -DICT_VALUE *dict_valbyattr(unsigned int attr, int val); -DICT_VALUE *dict_valbyname(unsigned int attr, const char *val); -int dict_vendorbyname(const char *name); -DICT_VENDOR *dict_vendorbyvalue(int vendor); - -#if 1 /* FIXME: compat */ -#define dict_attrget dict_attrbyvalue -#define dict_attrfind dict_attrbyname -#define dict_valfind dict_valbyname -/*#define dict_valget dict_valbyattr almost but not quite*/ -#endif - -/* get around diffrent ctime_r styles */ -#ifdef CTIMERSTYLE -#if CTIMERSTYLE == SOLARISSTYLE -#define CTIME_R(a,b,c) ctime_r(a,b,c) -#else -#define CTIME_R(a,b,c) ctime_r(a,b) -#endif -#else -#define CTIME_R(a,b,c) ctime_r(a,b) -#endif - -/* md5.c */ - -void fr_md5_calc(uint8_t *, const uint8_t *, unsigned int); - -/* hmac.c */ - -void fr_hmac_md5(const uint8_t *text, int text_len, - const uint8_t *key, int key_len, - unsigned char *digest); - -/* hmacsha1.c */ - -void fr_hmac_sha1(const uint8_t *text, int text_len, - const uint8_t *key, int key_len, - uint8_t *digest); - -/* radius.c */ -int rad_send(RADIUS_PACKET *, const RADIUS_PACKET *, const char *secret); -int rad_packet_ok(RADIUS_PACKET *packet, int flags); -RADIUS_PACKET *rad_recv(int fd, int flags); -ssize_t rad_recv_header(int sockfd, fr_ipaddr_t *src_ipaddr, int *src_port, - int *code); -void rad_recv_discard(int sockfd); -int rad_verify(RADIUS_PACKET *packet, RADIUS_PACKET *original, - const char *secret); -int rad_decode(RADIUS_PACKET *packet, RADIUS_PACKET *original, const char *secret); -int rad_encode(RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret); -int rad_sign(RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret); - -RADIUS_PACKET *rad_alloc(int newvector); -RADIUS_PACKET *rad_alloc_reply(RADIUS_PACKET *); -void rad_free(RADIUS_PACKET **); -int rad_pwencode(char *encpw, size_t *len, const char *secret, - const uint8_t *vector); -int rad_pwdecode(char *encpw, size_t len, const char *secret, - const uint8_t *vector); -int rad_tunnel_pwencode(char *encpw, size_t *len, const char *secret, - const uint8_t *vector); -int rad_tunnel_pwdecode(uint8_t *encpw, size_t *len, - const char *secret, const uint8_t *vector); -int rad_chap_encode(RADIUS_PACKET *packet, uint8_t *output, - int id, VALUE_PAIR *password); -VALUE_PAIR *rad_attr2vp(const RADIUS_PACKET *packet, const RADIUS_PACKET *original, - const char *secret, int attribute, int length, - const uint8_t *data); -int rad_vp2attr(const RADIUS_PACKET *packet, - const RADIUS_PACKET *original, const char *secret, - const VALUE_PAIR *vp, uint8_t *ptr); - -/* valuepair.c */ -VALUE_PAIR *pairalloc(DICT_ATTR *da); -VALUE_PAIR *paircreate(int attr, int type); -void pairfree(VALUE_PAIR **); -void pairbasicfree(VALUE_PAIR *pair); -VALUE_PAIR *pairfind(VALUE_PAIR *, int); -void pairdelete(VALUE_PAIR **, int); -void pairadd(VALUE_PAIR **, VALUE_PAIR *); -void pairreplace(VALUE_PAIR **first, VALUE_PAIR *add); -int paircmp(VALUE_PAIR *check, VALUE_PAIR *data); -VALUE_PAIR *paircopyvp(const VALUE_PAIR *vp); -VALUE_PAIR *paircopy(VALUE_PAIR *vp); -VALUE_PAIR *paircopy2(VALUE_PAIR *vp, int attr); -void pairmove(VALUE_PAIR **to, VALUE_PAIR **from); -void pairmove2(VALUE_PAIR **to, VALUE_PAIR **from, int attr); -VALUE_PAIR *pairparsevalue(VALUE_PAIR *vp, const char *value); -VALUE_PAIR *pairmake(const char *attribute, const char *value, int _operator); -VALUE_PAIR *pairread(const char **ptr, FR_TOKEN *eol); -FR_TOKEN userparse(const char *buffer, VALUE_PAIR **first_pair); -VALUE_PAIR *readvp2(FILE *fp, int *pfiledone, const char *errprefix); - -/* - * Error functions. - */ -#ifdef _LIBRADIUS -void fr_strerror_printf(const char *, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 1, 2))) -#endif -; -#endif -void fr_perror(const char *, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 1, 2))) -#endif -; -extern const char *fr_strerror(void); -extern int fr_dns_lookups; /* 0 = no dns lookups */ -extern int fr_debug_flag; /* 0 = no debugging information */ -extern int fr_max_attributes; /* per incoming packet */ -#define FR_MAX_PACKET_CODE (52) -extern const char *fr_packet_codes[FR_MAX_PACKET_CODE]; -extern FILE *fr_log_fp; -void fr_printf_log(const char *, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 1, 2))) -#endif -; - -/* - * Several handy miscellaneous functions. - */ -const char * ip_ntoa(char *, uint32_t); -char *ifid_ntoa(char *buffer, size_t size, uint8_t *ifid); -uint8_t *ifid_aton(const char *ifid_str, uint8_t *ifid); -int rad_lockfd(int fd, int lock_len); -int rad_lockfd_nonblock(int fd, int lock_len); -int rad_unlockfd(int fd, int lock_len); -void fr_bin2hex(const uint8_t *bin, char *hex, size_t len); -size_t fr_hex2bin(const char *hex, uint8_t *bin, size_t len); -#ifndef HAVE_CLOSEFROM -int closefrom(int fd); -#endif -int fr_ipaddr_cmp(const fr_ipaddr_t *a, const fr_ipaddr_t *b); - -int ip_hton(const char *src, int af, fr_ipaddr_t *dst); -const char *ip_ntoh(const fr_ipaddr_t *src, char *dst, size_t cnt); -int fr_ipaddr2sockaddr(const fr_ipaddr_t *ipaddr, int port, - struct sockaddr_storage *sa, socklen_t *salen); -int fr_sockaddr2ipaddr(const struct sockaddr_storage *sa, socklen_t salen, - fr_ipaddr_t *ipaddr, int * port); - - -#ifdef ASCEND_BINARY -/* filters.c */ -int ascend_parse_filter(VALUE_PAIR *pair); -void print_abinary(VALUE_PAIR *vp, char *buffer, size_t len); -#endif /*ASCEND_BINARY*/ - -/* random numbers in isaac.c */ -/* context of random number generator */ -typedef struct fr_randctx { - uint32_t randcnt; - uint32_t randrsl[256]; - uint32_t randmem[256]; - uint32_t randa; - uint32_t randb; - uint32_t randc; -} fr_randctx; - -void fr_isaac(fr_randctx *ctx); -void fr_randinit(fr_randctx *ctx, int flag); -uint32_t fr_rand(void); /* like rand(), but better. */ -void fr_rand_seed(const void *, size_t ); /* seed the random pool */ - - -/* crypt wrapper from crypt.c */ -int fr_crypt_check(const char *key, const char *salt); - -/* rbtree.c */ -typedef struct rbtree_t rbtree_t; -typedef struct rbnode_t rbnode_t; - -rbtree_t *rbtree_create(int (*Compare)(const void *, const void *), - void (*freeNode)(void *), - int replace_flag); -void rbtree_free(rbtree_t *tree); -int rbtree_insert(rbtree_t *tree, void *Data); -rbnode_t *rbtree_insertnode(rbtree_t *tree, void *Data); -void rbtree_delete(rbtree_t *tree, rbnode_t *Z); -int rbtree_deletebydata(rbtree_t *tree, const void *data); -rbnode_t *rbtree_find(rbtree_t *tree, const void *Data); -void *rbtree_finddata(rbtree_t *tree, const void *Data); -int rbtree_num_elements(rbtree_t *tree); -void *rbtree_min(rbtree_t *tree); -void *rbtree_node2data(rbtree_t *tree, rbnode_t *node); - -/* callback order for walking */ -typedef enum { PreOrder, InOrder, PostOrder } RBTREE_ORDER; - -/* - * The callback should be declared as: - * int callback(void *context, void *data) - * - * The "context" is some user-defined context. - * The "data" is the pointer to the user data in the node, - * NOT the node itself. - * - * It should return 0 if all is OK, and !0 for any error. - * The walking will stop on any error. - */ -int rbtree_walk(rbtree_t *tree, RBTREE_ORDER order, int (*callback)(void *, void *), void *context); - -/* - * FIFOs - */ -typedef struct fr_fifo_t fr_fifo_t; -typedef void (*fr_fifo_free_t)(void *); -fr_fifo_t *fr_fifo_create(int max_entries, fr_fifo_free_t freeNode); -void fr_fifo_free(fr_fifo_t *fi); -int fr_fifo_push(fr_fifo_t *fi, void *data); -void *fr_fifo_pop(fr_fifo_t *fi); -void *fr_fifo_peek(fr_fifo_t *fi); -int fr_fifo_num_elements(fr_fifo_t *fi); - -//#include - -#endif /*LIBRADIUS_H*/ diff --git a/projects/rlm_stg/modules.h b/projects/rlm_stg/modules.h deleted file mode 100644 index cb49f478..00000000 --- a/projects/rlm_stg/modules.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * module.h Interface to the RADIUS module system. - * - * Version: $Id: modules.h,v 1.1 2010/08/14 04:13:52 faust Exp $ - * - */ - -#ifndef RADIUS_MODULES_H -#define RADIUS_MODULES_H - -//#include -//RCSIDH(modules_h, "$Id: modules.h,v 1.1 2010/08/14 04:13:52 faust Exp $") - -//#include "conffile.h" -#include "radiusd.h" - -typedef int (*packetmethod)(void *instance, REQUEST *request); - -enum { - RLM_COMPONENT_AUTH = 0, - RLM_COMPONENT_AUTZ, /* 1 */ - RLM_COMPONENT_PREACCT, /* 2 */ - RLM_COMPONENT_ACCT, /* 3 */ - RLM_COMPONENT_SESS, /* 4 */ - RLM_COMPONENT_PRE_PROXY, /* 5 */ - RLM_COMPONENT_POST_PROXY, /* 6 */ - RLM_COMPONENT_POST_AUTH, /* 7 */ -#ifdef WITH_COA - RLM_COMPONENT_RECV_COA, /* 8 */ - RLM_COMPONENT_SEND_COA, /* 9 */ -#endif - RLM_COMPONENT_COUNT /* 8 / 10: How many components are there */ -}; - -#define RLM_TYPE_THREAD_SAFE (0 << 0) -#define RLM_TYPE_THREAD_UNSAFE (1 << 0) -#define RLM_TYPE_CHECK_CONFIG_SAFE (1 << 1) -#define RLM_TYPE_HUP_SAFE (1 << 2) - -#define RLM_MODULE_MAGIC_NUMBER ((uint32_t) (0xf4ee4ad2)) -#define RLM_MODULE_INIT RLM_MODULE_MAGIC_NUMBER - -typedef struct module_t { - uint32_t magic; /* may later be opaque struct */ - const char *name; - int type; - int (*instantiate)(CONF_SECTION *mod_cs, void **instance); - int (*detach)(void *instance); - packetmethod methods[RLM_COMPONENT_COUNT]; -} module_t; - -enum { - RLM_MODULE_REJECT, /* immediately reject the request */ - RLM_MODULE_FAIL, /* module failed, don't reply */ - RLM_MODULE_OK, /* the module is OK, continue */ - RLM_MODULE_HANDLED, /* the module handled the request, so stop. */ - RLM_MODULE_INVALID, /* the module considers the request invalid. */ - RLM_MODULE_USERLOCK, /* reject the request (user is locked out) */ - RLM_MODULE_NOTFOUND, /* user not found */ - RLM_MODULE_NOOP, /* module succeeded without doing anything */ - RLM_MODULE_UPDATED, /* OK (pairs modified) */ - RLM_MODULE_NUMCODES /* How many return codes there are */ -}; - -int setup_modules(int, CONF_SECTION *); -int detach_modules(void); -int module_hup(CONF_SECTION *modules); -int module_authorize(int type, REQUEST *request); -int module_authenticate(int type, REQUEST *request); -int module_preacct(REQUEST *request); -int module_accounting(int type, REQUEST *request); -int module_checksimul(int type, REQUEST *request, int maxsimul); -int module_pre_proxy(int type, REQUEST *request); -int module_post_proxy(int type, REQUEST *request); -int module_post_auth(int type, REQUEST *request); -#ifdef WITH_COA -int module_recv_coa(int type, REQUEST *request); -int module_send_coa(int type, REQUEST *request); -#define MODULE_NULL_COA_FUNCS ,NULL,NULL -#else -#define MODULE_NULL_COA_FUNCS -#endif -int indexed_modcall(int comp, int idx, REQUEST *request); - -/* - * For now, these are strongly tied together. - */ -int virtual_servers_load(CONF_SECTION *config); -void virtual_servers_free(time_t when); - - -#endif /* RADIUS_MODULES_H */ diff --git a/projects/rlm_stg/radius.h b/projects/rlm_stg/radius.h deleted file mode 100644 index 3cf50282..00000000 --- a/projects/rlm_stg/radius.h +++ /dev/null @@ -1,346 +0,0 @@ -/* - * radius.h Constants of the radius protocol. - * - * Version: $Id$ - * - */ - - -#define PW_TYPE_STRING 0 -#define PW_TYPE_INTEGER 1 -#define PW_TYPE_IPADDR 2 -#define PW_TYPE_DATE 3 -#define PW_TYPE_ABINARY 4 -#define PW_TYPE_OCTETS 5 -#define PW_TYPE_IFID 6 -#define PW_TYPE_IPV6ADDR 7 -#define PW_TYPE_IPV6PREFIX 8 -#define PW_TYPE_BYTE 9 -#define PW_TYPE_SHORT 10 -#define PW_TYPE_ETHERNET 11 -#define PW_TYPE_SIGNED 12 -#define PW_TYPE_COMBO_IP 13 -#define PW_TYPE_TLV 14 - -#define PW_AUTHENTICATION_REQUEST 1 -#define PW_AUTHENTICATION_ACK 2 -#define PW_AUTHENTICATION_REJECT 3 -#define PW_ACCOUNTING_REQUEST 4 -#define PW_ACCOUNTING_RESPONSE 5 -#define PW_ACCOUNTING_STATUS 6 -#define PW_PASSWORD_REQUEST 7 -#define PW_PASSWORD_ACK 8 -#define PW_PASSWORD_REJECT 9 -#define PW_ACCOUNTING_MESSAGE 10 -#define PW_ACCESS_CHALLENGE 11 -#define PW_STATUS_SERVER 12 -#define PW_STATUS_CLIENT 13 -#define PW_DISCONNECT_REQUEST 40 -#define PW_DISCONNECT_ACK 41 -#define PW_DISCONNECT_NAK 42 -#define PW_COA_REQUEST 43 -#define PW_COA_ACK 44 -#define PW_COA_NAK 45 - -#define PW_AUTH_UDP_PORT 1812 -#define PW_ACCT_UDP_PORT 1813 -#define PW_POD_UDP_PORT 1700 -#define PW_COA_UDP_PORT 3799 - -#define PW_USER_NAME 1 -#define PW_USER_PASSWORD 2 -#define PW_PASSWORD 2 -#define PW_CHAP_PASSWORD 3 -#define PW_NAS_IP_ADDRESS 4 -#define PW_NAS_PORT 5 -#define PW_SERVICE_TYPE 6 -#define PW_FRAMED_PROTOCOL 7 -#define PW_FRAMED_IP_ADDRESS 8 -#define PW_FRAMED_IP_NETMASK 9 -#define PW_FRAMED_ROUTING 10 -#define PW_FILTER_ID 11 -#define PW_FRAMED_MTU 12 -#define PW_FRAMED_COMPRESSION 13 -#define PW_LOGIN_IP_HOST 14 -#define PW_LOGIN_SERVICE 15 -#define PW_LOGIN_TCP_PORT 16 -#define PW_OLD_PASSWORD 17 -#define PW_REPLY_MESSAGE 18 -#define PW_CALLBACK_NUMBER 19 -#define PW_CALLBACK_ID 20 -#if 0 -/* - * Deprecated, and no longer used. - */ -#define PW_EXPIRATION 21 -#endif -#define PW_FRAMED_ROUTE 22 -#define PW_FRAMED_IPXNET 23 -#define PW_STATE 24 -#define PW_CLASS 25 -#define PW_VENDOR_SPECIFIC 26 -#define PW_SESSION_TIMEOUT 27 -#define PW_IDLE_TIMEOUT 28 -#define PW_CALLED_STATION_ID 30 -#define PW_CALLING_STATION_ID 31 -#define PW_NAS_IDENTIFIER 32 -#define PW_PROXY_STATE 33 - -#define PW_ACCT_STATUS_TYPE 40 -#define PW_ACCT_DELAY_TIME 41 -#define PW_ACCT_INPUT_OCTETS 42 -#define PW_ACCT_OUTPUT_OCTETS 43 -#define PW_ACCT_SESSION_ID 44 -#define PW_ACCT_AUTHENTIC 45 -#define PW_ACCT_SESSION_TIME 46 -#define PW_ACCT_INPUT_PACKETS 47 -#define PW_ACCT_OUTPUT_PACKETS 48 -#define PW_ACCT_TERMINATE_CAUSE 49 - -#define PW_EVENT_TIMESTAMP 55 - -#define PW_CHAP_CHALLENGE 60 -#define PW_NAS_PORT_TYPE 61 -#define PW_PORT_LIMIT 62 - -#define PW_ARAP_PASSWORD 70 -#define PW_ARAP_FEATURES 71 -#define PW_ARAP_ZONE_ACCESS 72 -#define PW_ARAP_SECURITY 73 -#define PW_ARAP_SECURITY_DATA 74 -#define PW_PASSWORD_RETRY 75 -#define PW_PROMPT 76 -#define PW_CONNECT_INFO 77 -#define PW_CONFIGURATION_TOKEN 78 -#define PW_EAP_MESSAGE 79 -#define PW_MESSAGE_AUTHENTICATOR 80 - -#define PW_ARAP_CHALLENGE_RESPONSE 84 -#define PW_NAS_PORT_ID_STRING 87 -#define PW_FRAMED_POOL 88 -#define PW_CHARGEABLE_USER_IDENTITY 89 -#define PW_NAS_IPV6_ADDRESS 95 - -#define PW_EXTENDED_ATTRIBUTE 192 - -#define PW_DIGEST_RESPONSE 206 -#define PW_DIGEST_ATTRIBUTES 207 - -#define PW_FALL_THROUGH 500 -#define PW_EXEC_PROGRAM 502 -#define PW_EXEC_PROGRAM_WAIT 503 - -#define PW_AUTH_TYPE 1000 -#define PW_PREFIX 1003 -#define PW_SUFFIX 1004 -#define PW_GROUP 1005 -#define PW_CRYPT_PASSWORD 1006 -#define PW_CONNECT_RATE 1007 -#define PW_ADD_PREFIX 1008 -#define PW_ADD_SUFFIX 1009 -#define PW_EXPIRATION 1010 -#define PW_AUTZ_TYPE 1011 -#define PW_ACCT_TYPE 1012 -#define PW_SESSION_TYPE 1013 -#define PW_POST_AUTH_TYPE 1014 -#define PW_PRE_PROXY_TYPE 1015 -#define PW_POST_PROXY_TYPE 1016 -#define PW_PRE_ACCT_TYPE 1017 -#define PW_EAP_TYPE 1018 -#define PW_EAP_TLS_REQUIRE_CLIENT_CERT 1019 -#define PW_CLIENT_SHORTNAME 1024 -#define PW_LOAD_BALANCE_KEY 1025 -#define PW_RAW_ATTRIBUTE 1026 -#define PW_TNC_VLAN_ACCESS 1027 -#define PW_TNC_VLAN_ISOLATE 1028 -#define PW_USER_CATEGORY 1029 -#define PW_GROUP_NAME 1030 -#define PW_HUNTGROUP_NAME 1031 -#define PW_SIMULTANEOUS_USE 1034 -#define PW_STRIP_USER_NAME 1035 -#define PW_HINT 1040 -#define PAM_AUTH_ATTR 1041 -#define PW_LOGIN_TIME 1042 -#define PW_STRIPPED_USER_NAME 1043 -#define PW_CURRENT_TIME 1044 -#define PW_REALM 1045 -#define PW_NO_SUCH_ATTRIBUTE 1046 -#define PW_PACKET_TYPE 1047 -#define PW_PROXY_TO_REALM 1048 -#define PW_REPLICATE_TO_REALM 1049 -#define PW_ACCT_SESSION_START_TIME 1050 -#define PW_ACCT_UNIQUE_SESSION_ID 1051 -#define PW_CLIENT_IP_ADDRESS 1052 -#define PW_LDAP_USERDN 1053 -#define PW_NS_MTA_MD5_PASSWORD 1054 -#define PW_SQL_USER_NAME 1055 -#define PW_LM_PASSWORD 1057 -#define PW_NT_PASSWORD 1058 -#define PW_SMB_ACCOUNT_CTRL 1059 -#define PW_SMB_ACCOUNT_CTRL_TEXT 1061 -#define PW_USER_PROFILE 1062 -#define PW_DIGEST_REALM 1063 -#define PW_DIGEST_NONCE 1064 -#define PW_DIGEST_METHOD 1065 -#define PW_DIGEST_URI 1066 -#define PW_DIGEST_QOP 1067 -#define PW_DIGEST_ALGORITHM 1068 -#define PW_DIGEST_BODY_DIGEST 1069 -#define PW_DIGEST_CNONCE 1070 -#define PW_DIGEST_NONCE_COUNT 1071 -#define PW_DIGEST_USER_NAME 1072 -#define PW_POOL_NAME 1073 -#define PW_LDAP_GROUP 1074 -#define PW_MODULE_SUCCESS_MESSAGE 1075 -#define PW_MODULE_FAILURE_MESSAGE 1076 -#if 0 /* no longer used */ -#define PW_X99_FAST 1077 -#endif -#define PW_REWRITE_RULE 1078 -#define PW_SQL_GROUP 1079 -#define PW_RESPONSE_PACKET_TYPE 1080 -#define PW_DIGEST_HA1 1081 -#define PW_MS_CHAP_USE_NTLM_AUTH 1082 -#define PW_MS_CHAP_USER_NAME 1083 -#define PW_PACKET_SRC_IP_ADDRESS 1084 -#define PW_PACKET_DST_IP_ADDRESS 1085 -#define PW_PACKET_SRC_PORT 1086 -#define PW_PACKET_DST_PORT 1087 -#define PW_PACKET_AUTHENTICATION_VECTOR 1088 -#define PW_TIME_OF_DAY 1089 -#define PW_REQUEST_PROCESSING_STAGE 1090 -#define PW_CACHE_NO_CACHING 1091 -#define PW_CACHE_DELETE_CACHE 1092 - -#define PW_SHA_PASSWORD 1093 -#define PW_SSHA_PASSWORD 1094 -#define PW_MD5_PASSWORD 1095 -#define PW_SMD5_PASSWORD 1096 - -#define PW_PACKET_SRC_IPV6_ADDRESS 1097 -#define PW_PACKET_DST_IPV6_ADDRESS 1098 -#define PW_VIRTUAL_SERVER 1099 -#define PW_CLEARTEXT_PASSWORD 1100 -#define PW_PASSWORD_WITH_HEADER 1101 -#define PW_SEND_COA_REQUEST 1107 -#define PW_MODULE_RETURN_CODE 1108 -#define PW_PACKET_ORIGINAL_TIMESTAMP 1109 -#define PW_HOME_SERVER_POOL 1111 -#define PW_RECV_COA_TYPE 1131 -#define PW_SEND_COA_TYPE 1132 -#define PW_MSCHAP_PASSWORD 1133 -#define PW_PACKET_TRANSMIT_COUNTER 1134 -#define PW_CACHED_SESSION_POLICY 1135 - -/* - * Integer Translations - */ - -/* User Types */ - -#define PW_LOGIN_USER 1 -#define PW_FRAMED_USER 2 -#define PW_CALLBACK_LOGIN_USER 3 -#define PW_CALLBACK_FRAMED_USER 4 -#define PW_OUTBOUND_USER 5 -#define PW_ADMINISTRATIVE_USER 6 -#define PW_NAS_PROMPT_USER 7 -#define PW_AUTHENTICATE_ONLY 8 -#define PW_CALLBACK_NAS_PROMPT 9 - -/* Framed Protocols */ - -#define PW_PPP 1 -#define PW_SLIP 2 - -/* Framed Routing Values */ - -#define PW_NONE 0 -#define PW_BROADCAST 1 -#define PW_LISTEN 2 -#define PW_BROADCAST_LISTEN 3 - -/* Framed Compression Types */ - -#define PW_VAN_JACOBSEN_TCP_IP 1 - -/* Login Services */ - -#define PW_TELNET 0 -#define PW_RLOGIN 1 -#define PW_TCP_CLEAR 2 -#define PW_PORTMASTER 3 - -/* Authentication Level */ - -#define PW_AUTHTYPE_LOCAL 0 -#define PW_AUTHTYPE_SYSTEM 1 -#define PW_AUTHTYPE_SECURID 2 -#define PW_AUTHTYPE_CRYPT 3 -#define PW_AUTHTYPE_REJECT 4 -#define PW_AUTHTYPE_ACTIVCARD 5 -#define PW_AUTHTYPE_EAP 6 -#define PW_AUTHTYPE_ACCEPT 254 -#define PW_AUTHTYPE_MS_CHAP 1028 - -/* Port Types */ - -#define PW_NAS_PORT_ASYNC 0 -#define PW_NAS_PORT_SYNC 1 -#define PW_NAS_PORT_ISDN 2 -#define PW_NAS_PORT_ISDN_V120 3 -#define PW_NAS_PORT_ISDN_V110 4 - -/* Status Types */ - -#define PW_STATUS_START 1 -#define PW_STATUS_STOP 2 -#define PW_STATUS_ALIVE 3 -#define PW_STATUS_ACCOUNTING_ON 7 -#define PW_STATUS_ACCOUNTING_OFF 8 - -/* - * Vendor Private Enterprise Codes - */ -#define VENDORPEC_FREERADIUS 11344 - - -/* - * Vendor specific attributes - */ -#define PW_FREERADIUS_PROXIED_TO ((VENDORPEC_FREERADIUS<<16)|1) - -/* - * Microsoft has vendor code 311. - */ -#define PW_MSCHAP_RESPONSE ((311 << 16) | 1) -#define PW_MSCHAP_ERROR ((311 << 16) | 2) -#define PW_MSCHAP_CHALLENGE ((311 << 16) | 11) -#define PW_MSCHAP2_RESPONSE ((311 << 16) | 25) -#define PW_MSCHAP2_SUCCESS ((311 << 16) | 26) - - -/* - * Old nonsense. Will be deleted ASAP - */ -#define PW_AUTHTYPE 1000 -#define PW_AUTZTYPE 1011 -#define PW_ACCTTYPE 1012 -#define PW_SESSTYPE 1013 -#define PW_POSTAUTHTYPE 1014 - -/* - * Cisco's VLAN Query Protocol. - */ -#define PW_VQP_PACKET_TYPE 0x2b00 -#define PW_VQP_ERROR_CODE 0x2b01 -#define PW_VQP_SEQUENCE_NUMBER 0x2b02 - -#define PW_VQP_CLIENT_IP_ADDRESS 0x2c01 -#define PW_VQP_PORT_NAME 0x2c02 -#define PW_VQP_VLAN_NAME 0x2c03 -#define PW_VQP_DOMAIN_NAME 0x2c04 -#define PW_VQP_ETHERNET_FRAME 0x2c05 -#define PW_VQP_MAC 0x2c06 -#define PW_VQP_UNKNOWN 0x2c07 -#define PW_VQP_COOKIE 0x2c08 diff --git a/projects/rlm_stg/radiusd.h b/projects/rlm_stg/radiusd.h deleted file mode 100644 index 4cbf4034..00000000 --- a/projects/rlm_stg/radiusd.h +++ /dev/null @@ -1,636 +0,0 @@ -#ifndef RADIUSD_H -#define RADIUSD_H -/* - * radiusd.h Structures, prototypes and global variables - * for the FreeRADIUS server. - * - * Version: $Id: radiusd.h,v 1.1 2010/08/14 04:13:52 faust Exp $ - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA - * - * Copyright 1999,2000,2002,2003,2004,2005,2006,2007,2008 The FreeRADIUS server project - * - */ - -//#include -//RCSIDH(radiusd_h, "$Id: radiusd.h,v 1.1 2010/08/14 04:13:52 faust Exp $") - -#include "libradius.h" -//#include -//#include "conf.h" -#include "conffile.h" -#include "event.h" - -typedef struct auth_req REQUEST; - -#ifdef HAVE_PTHREAD_H -#include -#endif - -#ifndef NDEBUG -#define REQUEST_MAGIC (0xdeadbeef) -#endif - -/* - * New defines for minimizing the size of the server, to strip - * out functionality. In order to ensure that people don't have - * to re-run "configure", after "cvs update", we play some - * special games with the defines. i.e. any top-level "configure" - * option should set both WITH_FOO and WITHOUT_FOO. After a few - * weeks, the WITHOUT_FOO can be deleted from the configure script. - */ -#ifndef WITHOUT_PROXY -#define WITH_PROXY (1) -#endif - -#ifndef WITHOUT_DETAIL -#define WITH_DETAIL (1) -#endif - -#ifndef WITHOUT_SESSION_MGMT -#define WITH_SESSION_MGMT (1) -#endif - -#ifndef WITHOUT_UNLANG -#define WITH_UNLANG (1) -#endif - -#ifndef WITHOUT_ACCOUNTING -#define WITH_ACCOUNTING (1) -#else -#ifdef WITH_SESSION_MGMT -#error WITH_SESSION_MGMT is defined, but WITH_ACCOUNTING is not. Session management requires accounting. -#endif -#ifdef WITH_DETAIL -#error WITH_DETAIL is defined, but WITH_ACCOUNTING is not. Detail file reading requires accounting. -#endif -#endif - -#ifndef WITHOUT_DYNAMIC_CLIENTS -#define WITH_DYNAMIC_CLIENTS (1) -#endif - -#ifndef WITHOUT_STATS -#define WITH_STATS -#endif - -#ifndef WITHOUT_COMMAND_SOCKET -#ifdef HAVE_SYS_UN_H -#define WITH_COMMAND_SOCKET (1) -#endif -#endif - -#ifndef WITHOUT_COA -#define WITH_COA (1) -#ifndef WITH_PROXY -#error WITH_COA requires WITH_PROXY -#endif -#endif - -#include "stats.h" -/*#include "realms.h"*/ - - -/* - * See util.c - */ -typedef struct request_data_t request_data_t; - -typedef struct radclient { - fr_ipaddr_t ipaddr; - int prefix; - char *longname; - char *secret; - char *shortname; - int message_authenticator; - char *nastype; - char *login; - char *password; - char *server; - int number; - const CONF_SECTION *cs; -#ifdef WITH_STATS - fr_stats_t *auth; -#ifdef WITH_ACCOUNTING - fr_stats_t *acct; -#endif -#endif - -#ifdef WITH_DYNAMIC_CLIENTS - int lifetime; - int dynamic; - time_t created; - time_t last_new_client; - char *client_server; -#endif -} RADCLIENT; - -/* - * Types of listeners. - * - * Ordered by priority! - */ -typedef enum RAD_LISTEN_TYPE { - RAD_LISTEN_NONE = 0, -#ifdef WITH_PROXY - RAD_LISTEN_PROXY, -#endif - RAD_LISTEN_AUTH, -#ifdef WITH_ACCOUNTING - RAD_LISTEN_ACCT, -#endif -#ifdef WITH_DETAIL - RAD_LISTEN_DETAIL, -#endif -#ifdef WITH_VMPS - RAD_LISTEN_VQP, -#endif -#ifdef WITH_DHCP - RAD_LISTEN_DHCP, -#endif -#ifdef WITH_COMMAND_SOCKET - RAD_LISTEN_COMMAND, -#endif -#ifdef WITH_COA - RAD_LISTEN_COA, -#endif - RAD_LISTEN_MAX -} RAD_LISTEN_TYPE; - -#if defined(FREE_BSD) || defined(FREE_BSD5) -#include -#endif - -/* - * For listening on multiple IP's and ports. - */ -typedef struct rad_listen_t rad_listen_t; -typedef void (*radlog_func_t)(int, int, REQUEST *, const char *, ...); - -#define REQUEST_DATA_REGEX (0xadbeef00) -#define REQUEST_MAX_REGEX (8) - -struct auth_req { -#ifndef NDEBUG - uint32_t magic; /* for debugging only */ -#endif - RADIUS_PACKET *packet; -#ifdef WITH_PROXY - RADIUS_PACKET *proxy; -#endif - RADIUS_PACKET *reply; -#ifdef WITH_PROXY - RADIUS_PACKET *proxy_reply; -#endif - VALUE_PAIR *config_items; - VALUE_PAIR *username; - VALUE_PAIR *password; - - struct main_config_t *root; - - request_data_t *data; - RADCLIENT *client; -#ifdef HAVE_PTHREAD_H - pthread_t child_pid; -#endif - time_t timestamp; - int number; /* internal server number */ - - rad_listen_t *listener; -#ifdef WITH_PROXY - rad_listen_t *proxy_listener; -#endif - - - int simul_max; /* see modcall.c && xlat.c */ -#ifdef WITH_SESSION_MGMT - int simul_count; - int simul_mpp; /* WEIRD: 1 is false, 2 is true */ -#endif - - int options; /* miscellanous options */ - const char *module; /* for debugging unresponsive children */ - const char *component; /* ditto */ - - struct timeval received; - struct timeval when; /* to wake up */ - int delay; - - int master_state; - int child_state; - RAD_LISTEN_TYPE priority; - - fr_event_t *ev; - struct timeval next_when; - fr_event_callback_t next_callback; - - int in_request_hash; - - const char *server; - REQUEST *parent; - radlog_func_t radlog; /* logging function, if set */ -#ifdef WITH_COA - REQUEST *coa; - int num_coa_requests; -#endif -}; /* REQUEST typedef */ - -#define RAD_REQUEST_OPTION_NONE (0) -#define RAD_REQUEST_OPTION_DEBUG (1) -#define RAD_REQUEST_OPTION_DEBUG2 (2) -#define RAD_REQUEST_OPTION_DEBUG3 (3) -#define RAD_REQUEST_OPTION_DEBUG4 (4) - -#define REQUEST_ACTIVE (1) -#define REQUEST_STOP_PROCESSING (2) -#define REQUEST_COUNTED (3) - -#define REQUEST_QUEUED (1) -#define REQUEST_RUNNING (2) -#define REQUEST_PROXIED (3) -#define REQUEST_REJECT_DELAY (4) -#define REQUEST_CLEANUP_DELAY (5) -#define REQUEST_DONE (6) - -/* - * Function handler for requests. - */ -typedef int (*RAD_REQUEST_FUNP)(REQUEST *); - -typedef struct radclient_list RADCLIENT_LIST; - -typedef struct pair_list { - const char *name; - VALUE_PAIR *check; - VALUE_PAIR *reply; - int lineno; - int order; - struct pair_list *next; - struct pair_list *lastdefault; -} PAIR_LIST; - - -typedef int (*rad_listen_recv_t)(rad_listen_t *, RAD_REQUEST_FUNP *, REQUEST **); -typedef int (*rad_listen_send_t)(rad_listen_t *, REQUEST *); -typedef int (*rad_listen_print_t)(rad_listen_t *, char *, size_t); -typedef int (*rad_listen_encode_t)(rad_listen_t *, REQUEST *); -typedef int (*rad_listen_decode_t)(rad_listen_t *, REQUEST *); - -struct rad_listen_t { - struct rad_listen_t *next; /* should be rbtree stuff */ - - /* - * For normal sockets. - */ - RAD_LISTEN_TYPE type; - int fd; - const char *server; - int status; - - rad_listen_recv_t recv; - rad_listen_send_t send; - rad_listen_encode_t encode; - rad_listen_decode_t decode; - rad_listen_print_t print; - - void *data; - -#ifdef WITH_STATS - fr_stats_t stats; -#endif -}; - -#define RAD_LISTEN_STATUS_INIT (0) -#define RAD_LISTEN_STATUS_KNOWN (1) -#define RAD_LISTEN_STATUS_CLOSED (2) -#define RAD_LISTEN_STATUS_FINISH (3) - -typedef enum radlog_dest_t { - RADLOG_STDOUT = 0, - RADLOG_FILES, - RADLOG_SYSLOG, - RADLOG_STDERR, - RADLOG_NULL, - RADLOG_NUM_DEST -} radlog_dest_t; - -typedef struct main_config_t { - struct main_config *next; - int refcount; - fr_ipaddr_t myip; /* from the command-line only */ - int port; /* from the command-line only */ - int log_auth; - int log_auth_badpass; - int log_auth_goodpass; - int allow_core_dumps; - int debug_level; - int proxy_requests; - int reject_delay; - int status_server; - int max_request_time; - int cleanup_delay; - int max_requests; -#ifdef DELETE_BLOCKED_REQUESTS - int kill_unresponsive_children; -#endif - char *log_file; - char *checkrad; - const char *pid_file; - rad_listen_t *listen; - int syslog_facility; - int radlog_fd; - radlog_dest_t radlog_dest; - CONF_SECTION *config; - const char *name; - const char *auth_badpass_msg; - const char *auth_goodpass_msg; -} MAIN_CONFIG_T; - -#define DEBUG if(debug_flag)log_debug -#define DEBUG2 if (debug_flag > 1)log_debug -#define DEBUG3 if (debug_flag > 2)log_debug -#define DEBUG4 if (debug_flag > 3)log_debug - -#if __GNUC__ >= 3 -#define RDEBUG(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 1, request, fmt, ## __VA_ARGS__) -#define RDEBUG2(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 2, request, fmt, ## __VA_ARGS__) -#define RDEBUG3(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 3, request, fmt, ## __VA_ARGS__) -#define RDEBUG4(fmt, ...) if(request && request->radlog) request->radlog(L_DBG, 4, request, fmt, ## __VA_ARGS__) -#else -#define RDEBUG DEBUG -#define RDEBUG2 DEBUG2 -#define RDEBUG3 DEBUG3 -#define RDEBUG4 DEBUG4 -#endif - -#define SECONDS_PER_DAY 86400 -#define MAX_REQUEST_TIME 30 -#define CLEANUP_DELAY 5 -#define MAX_REQUESTS 256 -#define RETRY_DELAY 5 -#define RETRY_COUNT 3 -#define DEAD_TIME 120 - -#define L_DBG 1 -#define L_AUTH 2 -#define L_INFO 3 -#define L_ERR 4 -#define L_PROXY 5 -#define L_ACCT 6 -#define L_CONS 128 - -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef TRUE -/* - * This definition of true as NOT false is definitive. :) Making - * it '1' can cause problems on stupid platforms. See articles - * on C portability for more information. - */ -#define TRUE (!FALSE) -#endif - -/* for paircompare_register */ -typedef int (*RAD_COMPARE_FUNC)(void *instance, REQUEST *,VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR **); - -typedef enum request_fail_t { - REQUEST_FAIL_UNKNOWN = 0, - REQUEST_FAIL_NO_THREADS, /* no threads to handle it */ - REQUEST_FAIL_DECODE, /* rad_decode didn't like it */ - REQUEST_FAIL_PROXY, /* call to proxy modules failed */ - REQUEST_FAIL_PROXY_SEND, /* proxy_send didn't like it */ - REQUEST_FAIL_NO_RESPONSE, /* we weren't told to respond, so we reject */ - REQUEST_FAIL_HOME_SERVER, /* the home server didn't respond */ - REQUEST_FAIL_HOME_SERVER2, /* another case of the above */ - REQUEST_FAIL_HOME_SERVER3, /* another case of the above */ - REQUEST_FAIL_NORMAL_REJECT, /* authentication failure */ - REQUEST_FAIL_SERVER_TIMEOUT /* the server took too long to process the request */ -} request_fail_t; - -/* - * Global variables. - * - * We really shouldn't have this many. - */ -extern const char *progname; -extern int debug_flag; -extern const char *radacct_dir; -extern const char *radlog_dir; -extern const char *radlib_dir; -extern const char *radius_dir; -extern const char *radius_libdir; -extern uint32_t expiration_seconds; -extern int log_stripped_names; -extern int log_auth_detail; -extern const char *radiusd_version; -void radius_signal_self(int flag); - -#define RADIUS_SIGNAL_SELF_NONE (0) -#define RADIUS_SIGNAL_SELF_HUP (1 << 0) -#define RADIUS_SIGNAL_SELF_TERM (1 << 1) -#define RADIUS_SIGNAL_SELF_EXIT (1 << 2) -#define RADIUS_SIGNAL_SELF_DETAIL (1 << 3) -#define RADIUS_SIGNAL_SELF_NEW_FD (1 << 4) -#define RADIUS_SIGNAL_SELF_MAX (1 << 5) - - -/* - * Function prototypes. - */ - -/* acct.c */ -int rad_accounting(REQUEST *); - -/* session.c */ -int rad_check_ts(uint32_t nasaddr, unsigned int port, const char *user, - const char *sessionid); -int session_zap(REQUEST *request, uint32_t nasaddr, - unsigned int port, const char *user, - const char *sessionid, uint32_t cliaddr, - char proto,int session_time); - -/* radiusd.c */ -#undef debug_pair -void debug_pair(VALUE_PAIR *); -void debug_pair_list(VALUE_PAIR *); -int log_err (char *); - -/* util.c */ -void (*reset_signal(int signo, void (*func)(int)))(int); -void request_free(REQUEST **request); -int rad_mkdir(char *directory, int mode); -int rad_checkfilename(const char *filename); -void *rad_malloc(size_t size); /* calls exit(1) on error! */ -REQUEST *request_alloc(void); -REQUEST *request_alloc_fake(REQUEST *oldreq); -REQUEST *request_alloc_coa(REQUEST *request); -int request_data_add(REQUEST *request, - void *unique_ptr, int unique_int, - void *opaque, void (*free_opaque)(void *)); -void *request_data_get(REQUEST *request, - void *unique_ptr, int unique_int); -void *request_data_reference(REQUEST *request, - void *unique_ptr, int unique_int); -int rad_copy_string(char *dst, const char *src); -int rad_copy_variable(char *dst, const char *from); - -/* client.c */ -RADCLIENT_LIST *clients_init(void); -void clients_free(RADCLIENT_LIST *clients); -RADCLIENT_LIST *clients_parse_section(CONF_SECTION *section); -void client_free(RADCLIENT *client); -int client_add(RADCLIENT_LIST *clients, RADCLIENT *client); -#ifdef WITH_DYNAMIC_CLIENTS -void client_delete(RADCLIENT_LIST *clients, RADCLIENT *client); -RADCLIENT *client_create(RADCLIENT_LIST *clients, REQUEST *request); -#endif -RADCLIENT *client_find(const RADCLIENT_LIST *clients, - const fr_ipaddr_t *ipaddr); -RADCLIENT *client_findbynumber(const RADCLIENT_LIST *clients, - int number); -RADCLIENT *client_find_old(const fr_ipaddr_t *ipaddr); -int client_validate(RADCLIENT_LIST *clients, RADCLIENT *master, - RADCLIENT *c); -RADCLIENT *client_read(const char *filename, int in_server, int flag); - - -/* files.c */ -int pairlist_read(const char *file, PAIR_LIST **list, int complain); -void pairlist_free(PAIR_LIST **); - -/* version.c */ -void version(void); - -/* log.c */ -int vradlog(int, const char *, va_list ap); -int radlog(int, const char *, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))) -#endif -; -int log_debug(const char *, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 1, 2))) -#endif -; -void vp_listdebug(VALUE_PAIR *vp); -void radlog_request(int lvl, int priority, REQUEST *request, const char *msg, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 4, 5))) -#endif -; - -/* auth.c */ -char *auth_name(char *buf, size_t buflen, REQUEST *request, int do_cli); -int rad_authenticate (REQUEST *); -int rad_postauth(REQUEST *); - -/* exec.c */ -int radius_exec_program(const char *, REQUEST *, int, - char *user_msg, int msg_len, - VALUE_PAIR *input_pairs, - VALUE_PAIR **output_pairs, - int shell_escape); - -/* timestr.c */ -int timestr_match(char *, time_t); - -/* valuepair.c */ -int paircompare_register(int attr, int otherattr, - RAD_COMPARE_FUNC func, - void *instance); -void paircompare_unregister(int attr, RAD_COMPARE_FUNC func); -int paircompare(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check, - VALUE_PAIR **reply); -void pairxlatmove(REQUEST *, VALUE_PAIR **to, VALUE_PAIR **from); -int radius_compare_vps(REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *vp); -int radius_callback_compare(REQUEST *req, VALUE_PAIR *request, - VALUE_PAIR *check, VALUE_PAIR *check_pairs, - VALUE_PAIR **reply_pairs); -int radius_find_compare(int attribute); -VALUE_PAIR *radius_paircreate(REQUEST *request, VALUE_PAIR **vps, - int attribute, int type); -VALUE_PAIR *radius_pairmake(REQUEST *request, VALUE_PAIR **vps, - const char *attribute, const char *value, - int _operator); - -/* xlat.c */ -typedef size_t (*RADIUS_ESCAPE_STRING)(char *out, size_t outlen, const char *in); - -int radius_xlat(char * out, int outlen, const char *fmt, - REQUEST * request, RADIUS_ESCAPE_STRING func); -typedef size_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, char *, char *, size_t, RADIUS_ESCAPE_STRING func); -int xlat_register(const char *module, RAD_XLAT_FUNC func, - void *instance); -void xlat_unregister(const char *module, RAD_XLAT_FUNC func); -void xlat_free(void); - -/* threads.c */ -extern int thread_pool_init(CONF_SECTION *cs, int *spawn_flag); -extern int thread_pool_addrequest(REQUEST *, RAD_REQUEST_FUNP); -extern pid_t rad_fork(void); -extern pid_t rad_waitpid(pid_t pid, int *status); -extern int total_active_threads(void); -extern void thread_pool_lock(void); -extern void thread_pool_unlock(void); -extern void thread_pool_queue_stats(int *array); - -#ifndef HAVE_PTHREAD_H -#define rad_fork(n) fork() -#define rad_waitpid(a,b) waitpid(a,b, 0) -#endif - -/* mainconfig.c */ -/* Define a global config structure */ -extern struct main_config_t mainconfig; - -int read_mainconfig(int reload); -int free_mainconfig(void); -void hup_mainconfig(void); -void fr_suid_down(void); -void fr_suid_up(void); -void fr_suid_down_permanent(void); - -/* listen.c */ -void listen_free(rad_listen_t **head); -int listen_init(CONF_SECTION *cs, rad_listen_t **head); -rad_listen_t *proxy_new_listener(fr_ipaddr_t *ipaddr, int exists); -RADCLIENT *client_listener_find(const rad_listen_t *listener, - const fr_ipaddr_t *ipaddr, int src_port); -#ifdef WITH_STATS -RADCLIENT_LIST *listener_find_client_list(const fr_ipaddr_t *ipaddr, - int port); -rad_listen_t *listener_find_byipaddr(const fr_ipaddr_t *ipaddr, int port); -#endif - -/* event.c */ -int radius_event_init(CONF_SECTION *cs, int spawn_flag); -void radius_event_free(void); -int radius_event_process(void); -void radius_handle_request(REQUEST *request, RAD_REQUEST_FUNP fun); -int received_request(rad_listen_t *listener, - RADIUS_PACKET *packet, REQUEST **prequest, - RADCLIENT *client); -REQUEST *received_proxy_response(RADIUS_PACKET *packet); -void event_new_fd(rad_listen_t *listener); - -/* evaluate.c */ -int radius_evaluate_condition(REQUEST *request, int modreturn, int depth, - const char **ptr, int evaluate_it, int *presult); -int radius_update_attrlist(REQUEST *request, CONF_SECTION *cs, - VALUE_PAIR *input_vps, const char *name); -void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from); -#endif /*RADIUSD_H*/ diff --git a/projects/rlm_stg/rlm_stg.c b/projects/rlm_stg/rlm_stg.c new file mode 100644 index 00000000..3eb913dc --- /dev/null +++ b/projects/rlm_stg/rlm_stg.c @@ -0,0 +1,360 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +/* + * Author : Maxim Mamontov + */ + +/* + * FreeRADIUS module for data access via Stargazer + * + * $Revision: 1.8 $ + * $Date: 2010/08/14 04:15:08 $ + * + */ + +#ifndef NDEBUG +#define NDEBUG +#include +#include +#include +#undef NDEBUG +#endif + +#include "stgpair.h" +#include "iface.h" + +typedef struct rlm_stg_t { + char * server; + uint16_t port; + char * password; +} rlm_stg_t; + +static const CONF_PARSER module_config[] = { + { "server", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,server), NULL, "localhost"}, + { "port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,port), NULL, "9091" }, + { "password", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,password), NULL, "123456"}, + + { NULL, -1, 0, NULL, NULL } /* end the list */ +}; + +int emptyPair(const STG_PAIR * pair); + +/* + * Do any per-module initialization that is separate to each + * configured instance of the module. e.g. set up connections + * to external databases, read configuration files, set up + * dictionary entries, etc. + * + * If configuration information is given in the config section + * that must be referenced in later calls, store a handle to it + * in *instance otherwise put a null pointer there. + */ +static int stg_instantiate(CONF_SECTION *conf, void **instance) +{ + rlm_stg_t *data; + + /* + * Set up a storage area for instance data + */ + data = rad_malloc(sizeof(*data)); + if (!data) { + return -1; + } + memset(data, 0, sizeof(*data)); + + /* + * If the configuration parameters can't be parsed, then + * fail. + */ + if (cf_section_parse(conf, data, module_config) < 0) { + free(data); + return -1; + } + + if (!stgInstantiateImpl(data->server, data->port)) { + free(data); + return -1; + } + + *instance = data; + + return 0; +} + +/* + * Find the named user in this modules database. Create the set + * of attribute-value pairs to check and reply with for this user + * from the database. The authentication code only needs to check + * the password, the rest is done here. + */ +static int stg_authorize(void *, REQUEST *request) +{ + VALUE_PAIR * pwd; + VALUE_PAIR * svc; + const STG_PAIR * pairs; + const STG_PAIR * pair; + size_t count = 0; + + instance = instance; + + DEBUG("rlm_stg: stg_authorize()"); + + if (request->username) { + DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue); + } + if (request->password) { + DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue); + } + // Here we need to define Framed-Protocol + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + if (svc) { + DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue); + pairs = stgAuthorizeImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue); + } else { + DEBUG("rlm_stg: stg_authorize() Service-Type undefined"); + pairs = stgAuthorizeImpl((const char *)request->username->vp_strvalue, ""); + } + if (!pairs) { + DEBUG("rlm_stg: stg_authorize() failed."); + return RLM_MODULE_REJECT; + } + + pair = pairs; + while (!emptyPair(pair)) { + pwd = pairmake(pair->key, pair->value, T_OP_SET); + pairadd(&request->config_items, pwd); + DEBUG("Adding pair '%s': '%s'", pair->key, pair->value); + ++pair; + ++count; + } + deletePairs(pairs); + + if (count) + return RLM_MODULE_UPDATED; + + return RLM_MODULE_NOOP; +} + +/* + * Authenticate the user with the given password. + */ +static int stg_authenticate(void *, REQUEST *request) +{ + VALUE_PAIR * svc; + VALUE_PAIR * pwd; + const STG_PAIR * pairs; + const STG_PAIR * pair; + size_t count = 0; + + instance = instance; + + DEBUG("rlm_stg: stg_authenticate()"); + + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + if (svc) { + DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue); + pairs = stgAuthenticateImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue); + } else { + DEBUG("rlm_stg: stg_authenticate() Service-Type undefined"); + pairs = stgAuthenticateImpl((const char *)request->username->vp_strvalue, ""); + } + if (!pairs) { + DEBUG("rlm_stg: stg_authenticate() failed."); + return RLM_MODULE_REJECT; + } + + pair = pairs; + while (!emptyPair(pair)) { + pwd = pairmake(pair->key, pair->value, T_OP_SET); + pairadd(&request->reply->vps, pwd); + ++pair; + ++count; + } + deletePairs(pairs); + + if (count) + return RLM_MODULE_UPDATED; + + return RLM_MODULE_NOOP; +} + +/* + * Massage the request before recording it or proxying it + */ +static int stg_preacct(void *, REQUEST *) +{ + DEBUG("rlm_stg: stg_preacct()"); + + instance = instance; + + return RLM_MODULE_OK; +} + +/* + * Write accounting information to this modules database. + */ +static int stg_accounting(void *, REQUEST * request) +{ + VALUE_PAIR * sttype; + VALUE_PAIR * svc; + VALUE_PAIR * sessid; + VALUE_PAIR * pwd; + const STG_PAIR * pairs; + const STG_PAIR * pair; + size_t count = 0; + + instance = instance; + + DEBUG("rlm_stg: stg_accounting()"); + + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID); + sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE); + + if (!sessid) { + DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined"); + return RLM_MODULE_FAIL; + } + + if (sttype) { + DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue); + if (svc) { + DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue); + pairs = stgAccountingImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sttype->vp_strvalue, (const char *)sessid->vp_strvalue); + } else { + DEBUG("rlm_stg: stg_accounting() Service-Type undefined"); + pairs = stgAccountingImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sttype->vp_strvalue, (const char *)sessid->vp_strvalue); + } + } else { + DEBUG("rlm_stg: stg_accounting() Acct-Status-Type := NULL"); + return RLM_MODULE_OK; + } + if (!pairs) { + DEBUG("rlm_stg: stg_accounting() failed."); + return RLM_MODULE_REJECT; + } + + pair = pairs; + while (!emptyPair(pair)) { + pwd = pairmake(pair->key, pair->value, T_OP_SET); + pairadd(&request->reply->vps, pwd); + ++pair; + ++count; + } + deletePairs(pairs); + + if (count) + return RLM_MODULE_UPDATED; + + return RLM_MODULE_OK; +} + +/* + * See if a user is already logged in. Sets request->simul_count to the + * current session count for this user and sets request->simul_mpp to 2 + * if it looks like a multilink attempt based on the requested IP + * address, otherwise leaves request->simul_mpp alone. + * + * Check twice. If on the first pass the user exceeds his + * max. number of logins, do a second pass and validate all + * logins by querying the terminal server (using eg. SNMP). + */ +static int stg_checksimul(void *, REQUEST *request) +{ + DEBUG("rlm_stg: stg_checksimul()"); + + instance = instance; + + request->simul_count=0; + + return RLM_MODULE_OK; +} + +static int stg_postauth(void *, REQUEST *request) +{ + VALUE_PAIR * svc; + VALUE_PAIR * pwd; + const STG_PAIR * pairs; + const STG_PAIR * pair; + size_t count = 0; + + instance = instance; + + DEBUG("rlm_stg: stg_postauth()"); + + svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); + + if (svc) { + DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue); + pairs = stgPostAuthImpl((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue); + } else { + DEBUG("rlm_stg: stg_postauth() Service-Type undefined"); + pairs = stgPostAuthImpl((const char *)request->username->vp_strvalue, ""); + } + if (!pairs) { + DEBUG("rlm_stg: stg_postauth() failed."); + return RLM_MODULE_REJECT; + } + + pair = pairs; + while (!emptyPair(pair)) { + pwd = pairmake(pair->key, pair->value, T_OP_SET); + pairadd(&request->reply->vps, pwd); + ++pair; + ++count; + } + deletePairs(pairs); + + if (count) + return RLM_MODULE_UPDATED; + + return RLM_MODULE_NOOP; +} + +static int stg_detach(void *instance) +{ + free(((struct rlm_stg_t *)instance)->server); + free(instance); + return 0; +} + +/* + * The module name should be the only globally exported symbol. + * That is, everything else should be 'static'. + * + * If the module needs to temporarily modify it's instantiation + * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE. + * The server will then take care of ensuring that the module + * is single-threaded. + */ +module_t rlm_stg = { + RLM_MODULE_INIT, + "stg", + RLM_TYPE_THREAD_SAFE, /* type */ + stg_instantiate, /* instantiation */ + stg_detach, /* detach */ + { + stg_authenticate, /* authentication */ + stg_authorize, /* authorization */ + stg_preacct, /* preaccounting */ + stg_accounting, /* accounting */ + stg_checksimul, /* checksimul */ + NULL, /* pre-proxy */ + NULL, /* post-proxy */ + stg_postauth /* post-auth */ + }, +}; diff --git a/projects/rlm_stg/rlm_stg.cpp b/projects/rlm_stg/rlm_stg.cpp deleted file mode 100644 index f93390cb..00000000 --- a/projects/rlm_stg/rlm_stg.cpp +++ /dev/null @@ -1,335 +0,0 @@ -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * Author : Maxim Mamontov - */ - -/* - * FreeRADIUS module for data access via Stargazer - * - * $Revision: 1.8 $ - * $Date: 2010/08/14 04:15:08 $ - * - */ - -#include -#include -#include - -#include - -extern "C" { -#include "radius.h" -#include "modules.h" -} - -#include "stg_client.h" -#include "stg/common.h" - -STG_CLIENT * cli; -volatile time_t stgTime; - -/* - * Define a structure for our module configuration. - * - * These variables do not need to be in a structure, but it's - * a lot cleaner to do so, and a pointer to the structure can - * be used as the instance handle. - */ -typedef struct rlm_stg_t { - char * server; - char * password; - uint32_t port; - uint32_t localPort; -} rlm_stg_t; - -/* - * A mapping of configuration file names to internal variables. - * - * Note that the string is dynamically allocated, so it MUST - * be freed. When the configuration file parse re-reads the string, - * it free's the old one, and strdup's the new one, placing the pointer - * to the strdup'd string into 'config.string'. This gets around - * buffer over-flows. - */ -static CONF_PARSER module_config[] = { - { "password", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,password), NULL, NULL}, - { "server", PW_TYPE_STRING_PTR, offsetof(rlm_stg_t,server), NULL, NULL}, - { "port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,port), NULL, "5555" }, - { "local_port", PW_TYPE_INTEGER, offsetof(rlm_stg_t,localPort), NULL, "0" }, - - { NULL, -1, 0, NULL, NULL } /* end the list */ -}; - -/* - * Do any per-module initialization that is separate to each - * configured instance of the module. e.g. set up connections - * to external databases, read configuration files, set up - * dictionary entries, etc. - * - * If configuration information is given in the config section - * that must be referenced in later calls, store a handle to it - * in *instance otherwise put a null pointer there. - */ -static int stg_instantiate(CONF_SECTION *conf, void **instance) -{ - rlm_stg_t *data; - - /* - * Set up a storage area for instance data - */ - DEBUG("rlm_stg: stg_instantiate()"); - data = (rlm_stg_t *)rad_malloc(sizeof(rlm_stg_t)); - if (!data) { - return -1; - } - memset(data, 0, sizeof(rlm_stg_t)); - - /* - * If the configuration parameters can't be parsed, then - * fail. - */ - if (cf_section_parse(conf, data, module_config) < 0) { - free(data); - return -1; - } - - try { - cli = new STG_CLIENT(data->server, data->port, data->localPort, data->password); - } - catch (std::exception & ex) { - DEBUG("rlm_stg: stg_instantiate() error: '%s'", ex.what()); - return -1; - } - - *instance = data; - - return 0; -} - -/* - * Find the named user in this modules database. Create the set - * of attribute-value pairs to check and reply with for this user - * from the database. The authentication code only needs to check - * the password, the rest is done here. - */ -static int stg_authorize(void *, REQUEST *request) -{ - VALUE_PAIR *uname; - VALUE_PAIR *pwd; - VALUE_PAIR *svc; - DEBUG("rlm_stg: stg_authorize()"); - - uname = pairfind(request->packet->vps, PW_USER_NAME); - if (uname) { - DEBUG("rlm_stg: stg_authorize() user name defined as '%s'", uname->vp_strvalue); - } else { - DEBUG("rlm_stg: stg_authorize() user name undefined"); - return RLM_MODULE_FAIL; - } - if (request->username) { - DEBUG("rlm_stg: stg_authorize() request username field: '%s'", request->username->vp_strvalue); - } - if (request->password) { - DEBUG("rlm_stg: stg_authorize() request password field: '%s'", request->password->vp_strvalue); - } - // Here we need to define Framed-Protocol - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - if (svc) { - DEBUG("rlm_stg: stg_authorize() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->Authorize((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { - DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } - } else { - DEBUG("rlm_stg: stg_authorize() Service-Type undefined"); - if (cli->Authorize((const char *)request->username->vp_strvalue, "")) { - DEBUG("rlm_stg: stg_authorize() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } - } - pwd = pairmake("Cleartext-Password", cli->GetUserPassword().c_str(), T_OP_SET); - pairadd(&request->config_items, pwd); - //pairadd(&request->reply->vps, uname); - - return RLM_MODULE_UPDATED; -} - -/* - * Authenticate the user with the given password. - */ -static int stg_authenticate(void *, REQUEST *request) -{ - /* quiet the compiler */ - VALUE_PAIR *svc; - - DEBUG("rlm_stg: stg_authenticate()"); - - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - if (svc) { - DEBUG("rlm_stg: stg_authenticate() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->Authenticate((char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { - DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } - } else { - DEBUG("rlm_stg: stg_authenticate() Service-Type undefined"); - if (cli->Authenticate((char *)request->username->vp_strvalue, "")) { - DEBUG("rlm_stg: stg_authenticate() stg status: '%s'", cli->GetError().c_str()); - return RLM_MODULE_REJECT; - } - } - - return RLM_MODULE_NOOP; -} - -/* - * Massage the request before recording it or proxying it - */ -static int stg_preacct(void *, REQUEST *) -{ - DEBUG("rlm_stg: stg_preacct()"); - - return RLM_MODULE_OK; -} - -/* - * Write accounting information to this modules database. - */ -static int stg_accounting(void *, REQUEST * request) -{ - /* quiet the compiler */ - VALUE_PAIR * sttype; - VALUE_PAIR * svc; - VALUE_PAIR * sessid; - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - - DEBUG("rlm_stg: stg_accounting()"); - - sessid = pairfind(request->packet->vps, PW_ACCT_SESSION_ID); - if (!sessid) { - DEBUG("rlm_stg: stg_accounting() Acct-Session-ID undefined"); - return RLM_MODULE_FAIL; - } - sttype = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE); - if (sttype) { - DEBUG("Acct-Status-Type := %s", sttype->vp_strvalue); - if (svc) { - DEBUG("rlm_stg: stg_accounting() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue, (const char *)sessid->vp_strvalue)) { - DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } - } else { - DEBUG("rlm_stg: stg_accounting() Service-Type undefined"); - if (cli->Account((const char *)sttype->vp_strvalue, (const char *)request->username->vp_strvalue, "", (const char *)sessid->vp_strvalue)) { - DEBUG("rlm_stg: stg_accounting error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } - } - } else { - DEBUG("Acct-Status-Type := NULL"); - } - - return RLM_MODULE_OK; -} - -/* - * See if a user is already logged in. Sets request->simul_count to the - * current session count for this user and sets request->simul_mpp to 2 - * if it looks like a multilink attempt based on the requested IP - * address, otherwise leaves request->simul_mpp alone. - * - * Check twice. If on the first pass the user exceeds his - * max. number of logins, do a second pass and validate all - * logins by querying the terminal server (using eg. SNMP). - */ -static int stg_checksimul(void *, REQUEST *request) -{ - DEBUG("rlm_stg: stg_checksimul()"); - - request->simul_count=0; - - return RLM_MODULE_OK; -} - -static int stg_postauth(void *, REQUEST *request) -{ - VALUE_PAIR *fia; - VALUE_PAIR *svc; - struct in_addr fip; - DEBUG("rlm_stg: stg_postauth()"); - svc = pairfind(request->packet->vps, PW_SERVICE_TYPE); - if (svc) { - DEBUG("rlm_stg: stg_postauth() Service-Type defined as '%s'", svc->vp_strvalue); - if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, (const char *)svc->vp_strvalue)) { - DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } - } else { - DEBUG("rlm_stg: stg_postauth() Service-Type undefined"); - if (cli->PostAuthenticate((const char *)request->username->vp_strvalue, "")) { - DEBUG("rlm_stg: stg_postauth() error: '%s'", cli->GetError().c_str()); - return RLM_MODULE_FAIL; - } - } - if (strncmp((const char *)svc->vp_strvalue, "Framed-User", 11) == 0) { - fip.s_addr = cli->GetFramedIP(); - DEBUG("rlm_stg: stg_postauth() ip = '%s'", inet_ntostring(fip.s_addr).c_str()); - fia = pairmake("Framed-IP-Address", inet_ntostring(fip.s_addr).c_str(), T_OP_SET); - pairadd(&request->reply->vps, fia); - } - - return RLM_MODULE_UPDATED; -} - -static int stg_detach(void *instance) -{ - DEBUG("rlm_stg: stg_detach()"); - delete cli; - free(((struct rlm_stg_t *)instance)->server); - free(((struct rlm_stg_t *)instance)->password); - free(instance); - return 0; -} - -/* - * The module name should be the only globally exported symbol. - * That is, everything else should be 'static'. - * - * If the module needs to temporarily modify it's instantiation - * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE. - * The server will then take care of ensuring that the module - * is single-threaded. - */ -module_t rlm_stg = { - RLM_MODULE_INIT, - "stg", - RLM_TYPE_THREAD_SAFE, /* type */ - stg_instantiate, /* instantiation */ - stg_detach, /* detach */ - { - stg_authenticate, /* authentication */ - stg_authorize, /* authorization */ - stg_preacct, /* preaccounting */ - stg_accounting, /* accounting */ - stg_checksimul, /* checksimul */ - NULL, /* pre-proxy */ - NULL, /* post-proxy */ - stg_postauth /* post-auth */ - }, -}; diff --git a/projects/rlm_stg/stats.h b/projects/rlm_stg/stats.h deleted file mode 100644 index 88ef1730..00000000 --- a/projects/rlm_stg/stats.h +++ /dev/null @@ -1,104 +0,0 @@ -#ifndef FR_STATS_H -#define FR_STATS_H - -/* - * stats.h Structures and functions for statistics. - * - * Version: $Id: stats.h,v 1.1 2010/08/14 04:13:52 faust Exp $ - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA - * - * Copyright 2005,2006,2007,2008 The FreeRADIUS server project - */ - -//#include -//RCSIDH(stats_h, "$Id: stats.h,v 1.1 2010/08/14 04:13:52 faust Exp $") - -#ifdef WITH_STATS_64BIT -typedef uint64_t fr_uint_t; -#else -typedef uint32_t fr_uint_t; -#endif - -#ifdef WITH_STATS -typedef struct fr_stats_t { - fr_uint_t total_requests; - fr_uint_t total_invalid_requests; - fr_uint_t total_dup_requests; - fr_uint_t total_responses; - fr_uint_t total_access_accepts; - fr_uint_t total_access_rejects; - fr_uint_t total_access_challenges; - fr_uint_t total_malformed_requests; - fr_uint_t total_bad_authenticators; - fr_uint_t total_packets_dropped; - fr_uint_t total_no_records; - fr_uint_t total_unknown_types; -} fr_stats_t; - -typedef struct fr_stats_ema_t { - int window; - - int f1, f10; - int ema1, ema10; - -} fr_stats_ema_t; - -extern fr_stats_t radius_auth_stats; -extern fr_stats_t radius_acct_stats; -#ifdef WITH_PROXY -extern fr_stats_t proxy_auth_stats; -extern fr_stats_t proxy_acct_stats; -#endif - -void radius_stats_init(int flag); -void request_stats_final(REQUEST *request); -void request_stats_reply(REQUEST *request); -void radius_stats_ema(fr_stats_ema_t *ema, - struct timeval *start, struct timeval *end); - -#define RAD_STATS_INC(_x) _x++ -#ifdef WITH_ACCOUNTING -#define RAD_STATS_TYPE_INC(_listener, _x) if (_listener->type == RAD_LISTEN_AUTH) { \ - radius_auth_stats._x++; \ - } else if (_listener->type == RAD_LISTEN_ACCT) { \ - radius_acct_stats._x++; } \ - _listener->stats._x++ - -#define RAD_STATS_CLIENT_INC(_listener, _client, _x) if (_listener->type == RAD_LISTEN_AUTH) \ - _client->auth->_x++; \ - else if (_listener->type == RAD_LISTEN_ACCT) \ - _client->acct->_x++ - -#else /* WITH_ACCOUNTING */ - -#define RAD_STATS_TYPE_INC(_listener, _x) { radius_auth_stats._x++; _listener->stats._x++; } - -#define RAD_STATS_CLIENT_INC(_listener, _client, _x) _client->auth->_x++ - -#endif /* WITH_ACCOUNTING */ - - -#else /* WITH_STATS */ -#define request_stats_init(_x) -#define request_stats_final(_x) - -#define RAD_STATS_INC(_x) -#define RAD_STATS_TYPE_INC(_listener, _x) -#define RAD_STATS_CLIENT_INC(_listener, _client, _x) - -#endif - -#endif /* FR_STATS_H */ diff --git a/projects/rlm_stg/stg_client.cpp b/projects/rlm_stg/stg_client.cpp index 834f19c4..113e71c9 100644 --- a/projects/rlm_stg/stg_client.cpp +++ b/projects/rlm_stg/stg_client.cpp @@ -32,26 +32,22 @@ #include #include +#include +#include #include #include "stg_client.h" -using namespace std; +typedef std::vector > PAIRS; -void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password); -void Encrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8); -void Decrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8); - -//----------------------------------------------------------------------------- -//----------------------------------------------------------------------------- //----------------------------------------------------------------------------- + STG_CLIENT::STG_CLIENT(const std::string & host, uint16_t port, uint16_t lp, const std::string & pass) - : localPort(lp), - password(pass), + : password(pass), framedIP(0) { -sock = socket(AF_INET, SOCK_DGRAM, 0); +/*sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock == -1) { std::string message = strerror(errno); @@ -72,45 +68,22 @@ outerAddr.sin_addr.s_addr = *(uint32_t *)he->h_addr; InitEncrypt(&ctx, password); -PrepareNet(); +PrepareNet();*/ } -//----------------------------------------------------------------------------- + STG_CLIENT::~STG_CLIENT() { -close(sock); -} -//----------------------------------------------------------------------------- -uint32_t STG_CLIENT::GetFramedIP() const -{ -return framedIP; +/*close(sock);*/ } -//----------------------------------------------------------------------------- + int STG_CLIENT::PrepareNet() { -if (localPort != 0) - { - struct sockaddr_in localAddr; - localAddr.sin_family = AF_INET; - localAddr.sin_port = htons(localPort); - localAddr.sin_addr.s_addr = inet_addr("0.0.0.0");; - - if (bind(sock, (struct sockaddr *)&localAddr, sizeof(localAddr))) - { - errorStr = "Bind failed"; - return -1; - } - } return 0; } -//----------------------------------------------------------------------------- -string STG_CLIENT::GetUserPassword() const -{ -return userPassword; -} -//----------------------------------------------------------------------------- + int STG_CLIENT::Send(const RAD_PACKET & packet) { -char buf[RAD_MAX_PACKET_LEN]; +/*char buf[RAD_MAX_PACKET_LEN]; Encrypt(&ctx, buf, (char *)&packet, sizeof(RAD_PACKET) / 8); @@ -119,12 +92,12 @@ int res = sendto(sock, buf, sizeof(RAD_PACKET), 0, (struct sockaddr *)&outerAddr if (res == -1) errorStr = "Error sending data"; -return res; +return res;*/ } -//----------------------------------------------------------------------------- + int STG_CLIENT::RecvData(RAD_PACKET * packet) { -char buf[RAD_MAX_PACKET_LEN]; +/*char buf[RAD_MAX_PACKET_LEN]; int res; struct sockaddr_in addr; @@ -139,12 +112,12 @@ if (res == -1) Decrypt(&ctx, (char *)packet, buf, res / 8); -return 0; +return 0;*/ } -//----------------------------------------------------------------------------- + int STG_CLIENT::Request(RAD_PACKET * packet, const std::string & login, const std::string & svc, uint8_t packetType) { -int res; +/*int res; memcpy((void *)&packet->magic, (void *)RAD_ID, RAD_MAGIC_LEN); packet->protoVer[0] = '0'; @@ -172,12 +145,14 @@ if (strncmp((char *)packet->magic, RAD_ID, RAD_MAGIC_LEN)) return -1; } -return 0; +return 0;*/ } + //----------------------------------------------------------------------------- -int STG_CLIENT::Authorize(const string & login, const string & svc) + +const STG_PAIRS * STG_CLIENT::Authorize(const std::string & login, const std::string & svc) { -RAD_PACKET packet; +/*RAD_PACKET packet; userPassword = ""; @@ -187,14 +162,17 @@ if (Request(&packet, login, svc, RAD_AUTZ_PACKET)) if (packet.packetType != RAD_ACCEPT_PACKET) return -1; -userPassword = (char *)packet.password; +userPassword = (char *)packet.password;*/ -return 0; +PAIRS pairs; +pairs.push_back(std::make_pair("Cleartext-Password", userPassword)); + +return ToSTGPairs(pairs); } -//----------------------------------------------------------------------------- -int STG_CLIENT::Authenticate(const string & login, const string & svc) + +const STG_PAIRS * STG_CLIENT::Authenticate(const std::string & login, const std::string & svc) { -RAD_PACKET packet; +/*RAD_PACKET packet; userPassword = ""; @@ -202,14 +180,16 @@ if (Request(&packet, login, svc, RAD_AUTH_PACKET)) return -1; if (packet.packetType != RAD_ACCEPT_PACKET) - return -1; + return -1;*/ -return 0; +PAIRS pairs; + +return ToSTGPairs(pairs); } -//----------------------------------------------------------------------------- -int STG_CLIENT::PostAuthenticate(const string & login, const string & svc) + +const STG_PAIRS * STG_CLIENT::PostAuth(const std::string & login, const std::string & svc) { -RAD_PACKET packet; +/*RAD_PACKET packet; userPassword = ""; @@ -222,14 +202,24 @@ if (packet.packetType != RAD_ACCEPT_PACKET) if (svc == "Framed-User") framedIP = packet.ip; else - framedIP = 0; + framedIP = 0;*/ -return 0; +PAIRS pairs; +pairs.push_back(std::make_pair("Framed-IP-Address", inet_ntostring(framedIP))); + +return ToSTGPairs(pairs); } -//----------------------------------------------------------------------------- -int STG_CLIENT::Account(const std::string & type, const string & login, const string & svc, const string & sessid) + +const STG_PAIRS * STG_CLIENT::PreAcct(const std::string & login, const std::String & service) +{ +PAIRS pairs; + +return ToSTGPairs(pairs); +} + +const STG_PAIRS * STG_CLIENT::Account(const std::string & type, const std::string & login, const std::string & svc, const std::string & sessid) { -RAD_PACKET packet; +/*RAD_PACKET packet; userPassword = ""; strncpy((char *)packet.sessid, sessid.c_str(), RAD_SESSID_LEN); @@ -256,39 +246,50 @@ else } if (packet.packetType != RAD_ACCEPT_PACKET) - return -1; + return -1;*/ -return 0; +PAIRS pairs; + +return ToSTGPairs(pairs); } + //----------------------------------------------------------------------------- -inline -void Encrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8) -{ -// len8 - длина в 8-ми байтовых блоках -if (dst != src) - memcpy(dst, src, len8 * 8); - -for (int i = 0; i < len8; i++) - Blowfish_Encrypt(ctx, (uint32_t *)(dst + i*8), (uint32_t *)(dst + i*8 + 4)); -} + +std::string STG_CLIENT_ST::m_host; +uint16_t STG_CLIENT_ST::m_port(6666); +std::string STG_CLIENT_ST::m_password; + //----------------------------------------------------------------------------- -inline -void Decrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8) + +STG_CLIENT * STG_CLIENT_ST::Get() { -// len8 - длина в 8-ми байтовых блоках -if (dst != src) - memcpy(dst, src, len8 * 8); + static STG_CLIENT * stgClient = NULL; + if ( stgClient == NULL ) + stgClient = new STG_CLIENT(m_host, m_port, m_password); + return stgClient; +} -for (int i = 0; i < len8; i++) - Blowfish_Decrypt(ctx, (uint32_t *)(dst + i*8), (uint32_t *)(dst + i*8 + 4)); +void STG_CLIENT_ST::Configure(const std::string & host, uint16_t port, const std::string & password) +{ + m_host = host; + m_port = port; + m_password = password; } + //----------------------------------------------------------------------------- -inline -void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password) + +const STG_PAIR * ToSTGPairs(const PAIRS & source) { -unsigned char keyL[RAD_PASSWORD_LEN]; -memset(keyL, 0, RAD_PASSWORD_LEN); -strncpy((char *)keyL, password.c_str(), RAD_PASSWORD_LEN); -Blowfish_Init(ctx, keyL, RAD_PASSWORD_LEN); + STG_PAIR * pairs = new STG_PAIR[source.size() + 1]; + for (size_t pos = 0; pos < source.size(); ++pos) { + bzero(pairs[pos].key, sizeof(STG_PAIR::key)); + bzero(pairs[pos].value, sizeof(STG_PAIR::value)); + strncpy(pairs[pos].key, source[pos].first.c_str(), sizeof(STG_PAIR::key)); + strncpy(pairs[pos].value, source[pos].second.c_str(), sizeof(STG_PAIR::value)); + ++pos; + } + bzero(pairs[sources.size()].key, sizeof(STG_PAIR::key)); + bzero(pairs[sources.size()].value, sizeof(STG_PAIR::value)); + + return pairs; } -//----------------------------------------------------------------------------- diff --git a/projects/rlm_stg/stg_client.h b/projects/rlm_stg/stg_client.h index f87f816f..5ee000c7 100644 --- a/projects/rlm_stg/stg_client.h +++ b/projects/rlm_stg/stg_client.h @@ -38,36 +38,22 @@ #include "stg/blowfish.h" #include "stg/rad_packets.h" +#include "stgpair.h" + class STG_CLIENT { public: - STG_CLIENT(const std::string & host, uint16_t port, uint16_t lp, const std::string & pass); + STG_CLIENT(const std::string & host, uint16_t port, const std::string & password); ~STG_CLIENT(); - std::string GetUserPassword() const; - - int Authorize(const std::string & login, const std::string & svc); - int Authenticate(const std::string & login, const std::string & svc); - int PostAuthenticate(const std::string & login, const std::string & svc); - int Account(const std::string & type, const std::string & login, const std::string & svc, const std::string & sessid); - - uint32_t GetFramedIP() const; - - const std::string & GetError() const { return errorStr; }; + const STG_PAIR * Authorize(const std::string & login, const std::string & service); + const STG_PAIR * Authenticate(const std::string & login, const std::string & service); + const STG_PAIR * PostAuth(const std::string & login, const std::string & service); + const STG_PAIR * PreAcct(const std::string & login, const std::string & service); + const STG_PAIR * Account(const std::string & type, const std::string & login, const std::string & service, const std::string & sessionId); private: - uint16_t localPort; std::string password; - int sock; - std::string errorStr; - - struct sockaddr_in outerAddr; - - std::string userPassword; - - uint32_t framedIP; - - BLOWFISH_CTX ctx; int PrepareNet(); @@ -77,4 +63,16 @@ private: int Send(const RAD_PACKET & packet); }; +struct STG_CLIENT_ST +{ + public: + static void Configure(const std::string & host, uint16_t port, const std::string & password); + static STG_CLIENT * Get(); + + private: + static std::string m_host; + static uint16_t m_port; + static std::string m_password; +}; + #endif diff --git a/projects/rlm_stg/stgpair.h b/projects/rlm_stg/stgpair.h new file mode 100644 index 00000000..19b42bc1 --- /dev/null +++ b/projects/rlm_stg/stgpair.h @@ -0,0 +1,12 @@ +#ifndef __STG_STGPAIR_H__ +#define __STG_STGPAIR_H__ + +#define STGPAIR_KEYLENGTH 64 +#define STGPAIR_VALUELENGTH 256 + +typedef struct STG_PAIR { + char key[STGPAIR_KEYLENGTH]; + char value[STGPAIR_VALUELENGTH]; +} STG_PAIR; + +#endif diff --git a/projects/rlm_stg/token.h b/projects/rlm_stg/token.h deleted file mode 100644 index 0f553788..00000000 --- a/projects/rlm_stg/token.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef FR_TOKEN_H -#define FR_TOKEN_H - -/* - * token.h Special tokens. - * - * $Id$ - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA - * - * Copyright 2001,2006 The FreeRADIUS server project - */ - -//#include -//RCSIDH(token_h, "$Id$") - -typedef enum fr_token_t { - T_OP_INVALID = 0, /* invalid token */ - T_EOL, /* end of line */ - T_LCBRACE, /* { */ - T_RCBRACE, /* } */ - T_LBRACE, /* ( */ - T_RBRACE, /* ) 5 */ - T_COMMA, /* , */ - T_SEMICOLON, /* ; */ - - T_OP_ADD, /* += */ - T_OP_SUB, /* -= */ - T_OP_SET, /* := 10 */ - T_OP_EQ, /* = */ - T_OP_NE, /* != */ - T_OP_GE, /* >= */ - T_OP_GT, /* > */ - T_OP_LE, /* <= 15 */ - T_OP_LT, /* < */ - T_OP_REG_EQ, /* =~ */ - T_OP_REG_NE, /* !~ */ - T_OP_CMP_TRUE, /* =* */ - T_OP_CMP_FALSE, /* !* 20 */ - T_OP_CMP_EQ, /* == */ - T_HASH, /* # */ - T_BARE_WORD, /* bare word */ - T_DOUBLE_QUOTED_STRING, /* "foo" */ - T_SINGLE_QUOTED_STRING, /* 'foo' 25 */ - T_BACK_QUOTED_STRING, /* `foo` */ - T_TOKEN_LAST -} FR_TOKEN; - -#define T_EQSTART T_OP_ADD -#define T_EQEND (T_OP_CMP_EQ + 1) - -typedef struct FR_NAME_NUMBER { - const char *name; - int number; -} FR_NAME_NUMBER; - -int fr_str2int(const FR_NAME_NUMBER *table, const char *name, int def); -const char *fr_int2str(const FR_NAME_NUMBER *table, int number, - const char *def); - - -int getword (const char **ptr, char *buf, int buflen); -int getbareword (const char **ptr, char *buf, int buflen); -FR_TOKEN gettoken(const char **ptr, char *buf, int buflen); -FR_TOKEN getstring(const char **ptr, char *buf, int buflen); - -#endif /* FR_TOKEN_H */