25 RCSID(
"$Id: d30bb6c90bfed3efcc84f26060ee7612d18fa89c $")
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
78 return tmp ? tmp->vp_integer : 0;
108 PAIR_LIST *user_list, *default_list, **default_tail;
126 (compat_mode_str && (strcmp(compat_mode_str,
"cistron") == 0))) {
128 bool compat_mode =
false;
130 if (compat_mode_str && (strcmp(compat_mode_str,
"cistron") == 0)) {
138 DEBUG(
"[%s]:%d Cistron compatibility checks for entry %s ...",
167 WARN(
"[%s]:%d Changing '%s =' to '%s =='\n\tfor comparing RADIUS attribute in check item list for user %s",
172 DEBUG(
"\tChanging '%s =' to '%s =='",
194 if ((vp->
da->
attr >= 0x100) &&
195 (vp->
da->
attr <= 0xffff) &&
196 (vp->
da->
attr != PW_HINT) &&
197 (vp->
da->
attr != PW_HUNTGROUP_NAME)) {
226 WARN(
"[%s]:%d Check item \"%s\"\n"
227 "\tfound in reply item list for user \"%s\".\n"
228 "\tThis attribute MUST go on the first line"
229 " with the other check items", filename, entry->
lineno, vp->
da->
name,
245 default_tail = &default_list;
252 for (entry = users; entry != NULL; entry = next) {
258 (void) talloc_steal(tree, entry);
263 if (strcmp(entry->
name,
"DEFAULT") == 0) {
265 default_list = entry;
283 *default_tail = entry;
286 default_tail = &entry->
next;
304 while (user_list->
next) user_list = user_list->
next;
306 user_list->
next = entry;
325 #define READFILE(_x, _y) do { if (getusersfile(inst, inst->_x, &inst->_y, inst->compat_mode) != 0) { ERROR("Failed reading %s", inst->_x); return -1;} } while (0)
332 READFILE(preproxy_usersfile, preproxy_users);
333 READFILE(postproxy_usersfile, postproxy_users);
336 READFILE(auth_usersfile, auth_users);
337 READFILE(postauth_usersfile, postauth_users);
348 char const *
name, *match;
360 name = namepair ? namepair->vp_strvalue :
"NONE";
364 len =
radius_xlat(buffer,
sizeof(buffer), request, inst->
key, NULL, NULL);
369 name = len ? buffer :
"NONE";
376 my_pl.
name =
"DEFAULT";
382 while (user_pl || default_pl) {
391 if (!default_pl && user_pl) {
394 user_pl = user_pl->
next;
396 }
else if (!user_pl && default_pl) {
399 default_pl = default_pl->
next;
404 user_pl = user_pl->
next;
409 default_pl = default_pl->
next;
417 RWARN(
"Failed parsing expanded value for check item, skipping entry: %s",
fr_strerror());
423 if (
paircompare(request, request_packet->
vps, check_tmp, &reply_packet->
vps) == 0) {
424 RDEBUG2(
"%s: Matched entry %s at line %d", filename, match, pl->
lineno);
469 request->packet, request->reply);
484 request->packet, request->reply);
492 return file_common(inst, request,
"preproxy_users",
494 request->packet, request->proxy);
501 return file_common(inst, request,
"postproxy_users",
503 request->proxy_reply, request->reply);
513 request->packet, request->reply);
520 return file_common(inst, request,
"postauth_users",
522 request->packet, request->reply);
533 .config = module_config,
static rlm_rcode_t file_common(rlm_files_t *inst, REQUEST *request, char const *filename, rbtree_t *tree, RADIUS_PACKET *request_packet, RADIUS_PACKET *reply_packet)
void fr_pair_list_free(VALUE_PAIR **)
Free memory used by a valuepair list.
5 methods index for preproxy section.
#define PW_TYPE_FILE_INPUT
File matching value must exist, and must be readable.
void radius_pairmove(REQUEST *request, VALUE_PAIR **to, VALUE_PAIR *from, bool do_xlat) CC_HINT(nonnull)
VALUE_PAIR * config
VALUE_PAIR (s) used to set per request parameters for modules and the server core at runtime...
void rbtree_free(rbtree_t *tree)
The module is OK, continue.
static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request) CC_HINT(nonnull)
Metadata exported by the module.
7 methods index for postauth section.
int paircompare(REQUEST *request, VALUE_PAIR *req_list, VALUE_PAIR *check, VALUE_PAIR **rep_list)
Compare two pair lists except for the password information.
static rlm_rcode_t mod_authorize(void *instance, REQUEST *request)
Handle authorization requests using Couchbase document data.
VALUE_PAIR * username
Cached username VALUE_PAIR from request RADIUS_PACKET.
char const * acctusersfile
VALUE_PAIR * vps
Result of decoding the packet into VALUE_PAIRs.
#define CONF_PARSER_TERMINATOR
void pairlist_free(PAIR_LIST **)
VALUE_PAIR * fr_cursor_init(vp_cursor_t *cursor, VALUE_PAIR *const *node)
Setup a cursor to iterate over attribute pairs.
rbtree_t * postauth_users
rbtree_t * postproxy_users
char const * preproxy_usersfile
#define PW_TYPE_DEPRECATED
If a matching CONF_PAIR is found, error out with a deprecated message.
void * rbtree_finddata(rbtree_t *tree, void const *data)
Find the user data.
#define RLM_TYPE_HUP_SAFE
Will be restarted on HUP.
static rlm_rcode_t mod_authenticate(void *instance, REQUEST *request) CC_HINT(nonnull)
Defines a CONF_PAIR to C data type mapping.
Abstraction to allow iterating over different configurations of VALUE_PAIRs.
VALUE_PAIR * fr_pair_list_copy(TALLOC_CTX *ctx, VALUE_PAIR *from)
Copy a pairlist.
rbtree_t * rbtree_create(TALLOC_CTX *ctx, rb_comparator_t compare, rb_free_t node_free, int flags)
Create a new RED-BLACK tree.
static rlm_rcode_t CC_HINT(nonnull)
rbtree_t * preproxy_users
#define PW_TYPE_XLAT
string will be dynamically expanded.
char const * postauth_usersfile
unsigned int attr
Attribute number.
static int fall_through(VALUE_PAIR *vp)
unsigned int vendor
Vendor that defines this attribute.
Stores an attribute, a value and various bits of other data.
0 methods index for authenticate section.
char const * auth_usersfile
FR_TOKEN op
Operator to use when moving or inserting valuepair into a list.
enum rlm_rcodes rlm_rcode_t
Return codes indicating the result of the module call.
int radius_xlat_do(REQUEST *request, VALUE_PAIR *vp)
Expands an attribute marked with fr_pair_mark_xlat.
ssize_t radius_xlat(char *out, size_t outlen, REQUEST *request, char const *fmt, xlat_escape_t escape, void *escape_ctx) CC_HINT(nonnull(1
char const * fr_strerror(void)
Get the last library error.
void fr_pair_delete_by_num(VALUE_PAIR **head, unsigned int vendor, unsigned int attr, int8_t tag)
Delete matching pairs.
Module succeeded without doing anything.
void fr_pair_list_move(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from)
Move pairs from source list to destination list respecting operator.
char name[1]
Attribute name.
uint64_t magic
Used to validate module struct.
Module failed, don't reply.
static int mod_instantiate(UNUSED CONF_SECTION *conf, void *instance)
#define FR_CONF_OFFSET(_n, _t, _s, _f)
log_lvl_t rad_debug_lvl
Global debugging level.
VALUE_PAIR * fr_cursor_next(vp_cursor_t *cursor)
Advanced the cursor to the next VALUE_PAIR.
bool rbtree_insert(rbtree_t *tree, void *data)
static int pairlist_cmp(void const *a, void const *b)
6 methods index for postproxy section.
2 methods index for preacct section.
VALUE_PAIR * fr_pair_find_by_num(VALUE_PAIR *head, unsigned int vendor, unsigned int attr, int8_t tag)
Find the pair with the matching attribute.
char const * postproxy_usersfile
struct rlm_files_t rlm_files_t
fr_dict_attr_t const * da
Dictionary attribute defines the attribute.
static const CONF_PARSER module_config[]
String of printable characters.
1 methods index for authorize section.
static int getusersfile(TALLOC_CTX *ctx, char const *filename, rbtree_t **ptree, char const *compat_mode_str)
int pairlist_read(TALLOC_CTX *ctx, char const *file, PAIR_LIST **list, int complain)