24 RCSID(
"$Id: c07b3ce2becf0d5cee942ca9271ea02c1f37ae95 $")
26 #include <freeradius-devel/radiusd.h>
27 #include <freeradius-devel/modules.h>
31 #define REALM_FORMAT_PREFIX 0
32 #define REALM_FORMAT_SUFFIX 1
41 #ifdef HAVE_TRUST_ROUTER_TR_DH_H
42 char const *default_community;
44 char const *trust_router;
55 #ifdef HAVE_TRUST_ROUTER_TR_DH_H
74 char const *realmname = NULL;
96 || (request->
proxy != NULL)
100 RDEBUG2(
"Proxy reply, or no User-Name. Ignoring");
110 RDEBUG2(
"Request already has destination realm set. Ignoring");
123 RDEBUG2(
"Checking for suffix after \"%c\"", inst->
delim[0]);
124 ptr = strrchr(username, inst->
delim[0]);
132 RDEBUG2(
"Checking for prefix before \"%c\"", inst->
delim[0]);
133 ptr = strchr(username, inst->
delim[0]);
137 realmname = username;
153 RDEBUG2(
"Looking up realm \"%s\" for User-Name = \"%s\"",
154 realmname, request->
username->vp_strvalue);
157 RDEBUG2(
"No '%c' in User-Name = \"%s\", skipping NULL due to config.",
159 talloc_free(namebuf);
162 RDEBUG2(
"No '%c' in User-Name = \"%s\", looking up realm NULL",
171 #ifdef HAVE_TRUST_ROUTER_TR_DH_H
175 if (!realm && inst->trust_router)
176 realm =
tr_query_realm(request, realmname, inst->default_community, inst->rp_realm, inst->trust_router, inst->tr_port);
180 RDEBUG2(
"No such realm \"%s\"", (!realmname) ?
"NULL" : realmname);
181 talloc_free(namebuf);
185 RDEBUG2(
"Found DEFAULT, but skipping due to config");
186 talloc_free(namebuf);
203 PW_STRIPPED_USER_NAME, 0);
204 RDEBUG2(
"Adding Stripped-User-Name = \"%s\"", username);
207 RDEBUG2(
"Setting Stripped-User-Name = \"%s\"", username);
222 if (realm->
name[0] !=
'~') realmname = realm->
name;
224 RDEBUG2(
"Adding Realm = \"%s\"", realmname);
226 talloc_free(namebuf);
234 RDEBUG2(
"Unknown packet code %d\n",
243 RDEBUG2(
"Accounting realm is LOCAL");
253 RDEBUG2(
"Authentication realm is LOCAL");
260 RDEBUG2(
"Proxying request from user %s to realm %s",
268 *returnrealm = realm;
290 my_ipaddr.
af = AF_INET;
292 my_ipaddr.
ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
303 RDEBUG2(
"Suppressing proxy due to FreeRADIUS-Proxied-To");
328 RDEBUG2(
"Suppressing proxy because packet was already sent to a server in that realm");
339 *returnrealm = realm;
365 if (strcmp(inst->
delim,
"\\\\") == 0) {
367 }
else if (strlen(inst->
delim) != 1) {
373 #ifdef HAVE_TRUST_ROUTER_TR_DH_H
375 if (strcmp(inst->trust_router,
"none") != 0) {
410 RDEBUG2(
"Preparing to proxy authentication request to realm \"%s\"\n",
426 if (!request->username) {
442 RDEBUG2(
"Preparing to proxy accounting request to realm \"%s\"\n",
460 RDEBUG2(
"Request already has destination realm set. Ignoring");
493 RDEBUG2(
"Preparing to proxy authentication request to realm \"%s\"\n",
home_server_t * servers[1]
static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm)
REALM * tr_query_realm(REQUEST *request, char const *realm, char const *community, char const *rprealm, char const *trustrouter, unsigned int port)
The module is OK, continue.
Metadata exported by the module.
fr_ipaddr_t src_ipaddr
Src IP address of packet.
uint8_t prefix
Prefix length - Between 0-32 for IPv4 and 0-128 for IPv6.
int fr_is_inaddr_any(fr_ipaddr_t *ipaddr)
Determine if an address is the INADDR_ANY address for its address family.
VALUE_PAIR * radius_pair_create(TALLOC_CTX *ctx, VALUE_PAIR **vps, unsigned int attribute, unsigned int vendor)
Create a VALUE_PAIR and add it to a list of VALUE_PAIR s.
static rlm_rcode_t mod_authorize(void *instance, REQUEST *request)
Handle authorization requests using Couchbase document data.
VALUE_PAIR * username
Cached username VALUE_PAIR from request RADIUS_PACKET.
VALUE_PAIR * vps
Result of decoding the packet into VALUE_PAIRs.
#define CONF_PARSER_TERMINATOR
Headers for trust router code.
#define pair_make_request(_a, _b, _c)
char const * format_string
rad_listen_t * listener
The listener that received the request.
#define RLM_TYPE_HUP_SAFE
Will be restarted on HUP.
uint16_t src_port
Src port of packet.
Defines a CONF_PAIR to C data type mapping.
RADIUS_PACKET * proxy
Outgoing request to proxy server.
RFC2865 - Access-Request.
void fr_pair_value_strcpy(VALUE_PAIR *vp, char const *src)
Copy data into an "string" data type.
#define pair_make_config(_a, _b, _c)
RFC2866 - Accounting-Request.
#define REALM_FORMAT_SUFFIX
unsigned int attr
Attribute number.
union fr_ipaddr_t::@1 ipaddr
unsigned int code
Packet code (type).
Stores an attribute, a value and various bits of other data.
void rad_const_free(void const *ptr)
void void cf_log_err_cs(CONF_SECTION const *cs, char const *fmt,...) CC_HINT(format(printf
static rlm_rcode_t mod_realm_recv_coa(UNUSED void *instance, REQUEST *request)
enum rlm_rcodes rlm_rcode_t
Return codes indicating the result of the module call.
int strcasecmp(char *s1, char *s2)
Module succeeded without doing anything.
static rlm_rcode_t CC_HINT(nonnull)
REALM * realm_find(char const *name)
uint64_t magic
Used to validate module struct.
#define FR_CONF_OFFSET(_n, _t, _s, _f)
static int mod_instantiate(CONF_SECTION *conf, void *instance)
RADIUS_PACKET * packet
Incoming request.
#define REALM_FORMAT_PREFIX
static CONF_PARSER module_config[]
2 methods index for preacct section.
VALUE_PAIR * fr_pair_find_by_num(VALUE_PAIR *head, unsigned int vendor, unsigned int attr, int8_t tag)
Find the pair with the matching attribute.
8 methods index for recvcoa section.
fr_dict_attr_t const * da
Dictionary attribute defines the attribute.
String of printable characters.
1 methods index for authorize section.
struct rlm_realm_t rlm_realm_t
char * talloc_typed_strdup(void const *t, char const *p)
Call talloc strdup, setting the type on the new chunk correctly.
int fr_ipaddr_cmp(fr_ipaddr_t const *a, fr_ipaddr_t const *b)
Compare two ip addresses.
fr_ipaddr_t ipaddr
IP address of home server.