The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
rlm_unix.c
Go to the documentation of this file.
1 /*
2  * This program is is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or (at
5  * your option) any later version.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15  */
16 
17 /**
18  * $Id: e2f6bf5d579f3bd8ca3b159a8910864c56a9ac86 $
19  * @file rlm_unix.c
20  * @brief Unixy things
21  *
22  * @copyright 2000,2006 The FreeRADIUS server project
23  * @copyright 2000 Jeff Carneal (jeff@apex.net)
24  * @copyright 2000 Alan Curry (pacman@world.std.com)
25  */
26 RCSID("$Id: e2f6bf5d579f3bd8ca3b159a8910864c56a9ac86 $")
27 USES_APPLE_DEPRECATED_API
28 
29 #define LOG_PREFIX mctx->inst->name
30 
31 #include <freeradius-devel/radius/radius.h>
32 #include <freeradius-devel/server/base.h>
33 #include <freeradius-devel/server/module_rlm.h>
34 #include <freeradius-devel/server/sysutmp.h>
35 #include <freeradius-devel/util/perm.h>
36 #include <freeradius-devel/unlang/xlat_func.h>
37 
38 #include <grp.h>
39 #include <pwd.h>
40 #include <sys/stat.h>
41 
42 #include "config.h"
43 
44 #ifdef HAVE_SHADOW_H
45 # include <shadow.h>
46 #endif
47 
48 static char trans[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
49 #define ENC(c) trans[c]
50 
51 typedef struct {
52  char const *radwtmp;
53 } rlm_unix_t;
54 
55 static const conf_parser_t module_config[] = {
56  { FR_CONF_OFFSET_FLAGS("radwtmp", CONF_FLAG_FILE_INPUT, rlm_unix_t, radwtmp) },
57  CONF_PARSER_TERMINATOR
58 };
59 
60 static fr_dict_t const *dict_freeradius;
61 static fr_dict_t const *dict_radius;
62 
63 extern fr_dict_autoload_t rlm_unix_dict[];
64 fr_dict_autoload_t rlm_unix_dict[] = {
65  { .out = &dict_freeradius, .proto = "freeradius" },
66  { .out = &dict_radius, .proto = "radius" },
67  { NULL }
68 };
69 
70 static fr_dict_attr_t const *attr_auth_type;
71 static fr_dict_attr_t const *attr_crypt_password;
72 static fr_dict_attr_t const *attr_user_name;
73 static fr_dict_attr_t const *attr_login_ip_host;
74 static fr_dict_attr_t const *attr_framed_ip_address;
75 static fr_dict_attr_t const *attr_framed_protocol;
76 static fr_dict_attr_t const *attr_nas_ip_address;
77 static fr_dict_attr_t const *attr_nas_port;
78 static fr_dict_attr_t const *attr_acct_status_type;
79 static fr_dict_attr_t const *attr_acct_delay_time;
80 static fr_dict_attr_t const *attr_expr_bool_enum;
81 
82 extern fr_dict_attr_autoload_t rlm_unix_dict_attr[];
83 fr_dict_attr_autoload_t rlm_unix_dict_attr[] = {
84  { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
85  { .out = &attr_crypt_password, .name = "Password.Crypt", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
86  { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
87  { .out = &attr_login_ip_host, .name = "Login-IP-Host", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_radius },
88  { .out = &attr_framed_ip_address, .name = "Framed-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_radius },
89  { .out = &attr_framed_protocol, .name = "Framed-Protocol", .type = FR_TYPE_UINT32, .dict = &dict_radius },
90  { .out = &attr_nas_ip_address, .name = "NAS-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_radius },
91  { .out = &attr_nas_port, .name = "NAS-Port", .type = FR_TYPE_UINT32, .dict = &dict_radius },
92  { .out = &attr_acct_status_type, .name = "Acct-Status-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
93  { .out = &attr_acct_delay_time, .name = "Acct-Delay-Time", .type = FR_TYPE_UINT32, .dict = &dict_radius },
94  { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
95  { NULL }
96 };
97 
98 /** Check if the user is in the given group
99  *
100  */
101 static bool CC_HINT(nonnull) unix_check_group(UNUSED rlm_unix_t const *inst, request_t *request, char const *name)
102 {
103  bool rcode = false;
104  struct passwd *pwd;
105  struct group *grp;
106  fr_pair_t *username;
107 
108  /*
109  * No user name, can't compare.
110  */
111  username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
112  if (!username) return false;
113 
114  if (fr_perm_getpwnam(request, &pwd, username->vp_strvalue) < 0) {
115  RPEDEBUG("Failed resolving user name");
116  return false;
117  }
118 
119  if (fr_perm_getgrnam(request, &grp, name) < 0) {
120  RPEDEBUG("Failed resolving group name");
121  talloc_free(pwd);
122  return false;
123  }
124 
125  /*
126  * The users default group may be the one we're looking
127  * for, in which case we use that.
128  *
129  * Otherwise, we go through the list of groups to see if the group name matches.
130  */
131  if (pwd->pw_gid == grp->gr_gid) {
132  rcode = true;
133 
134  } else {
135  char **member;
136 
137  for (member = grp->gr_mem; *member; member++) {
138  if (strcmp(*member, pwd->pw_name) == 0) {
139  rcode = true;
140  break;
141  }
142  }
143  }
144 
145  /* lifo */
146  talloc_free(grp);
147  talloc_free(pwd);
148 
149  return rcode;
150 }
151 
152 
153 /** Check if the user is a member of a particular unix group
154  *
155 @verbatim
156 %unix.group(<name>)
157 @endverbatim
158  *
159  * @ingroup xlat_functions
160  */
161 static xlat_action_t unix_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
162  xlat_ctx_t const *xctx,
163  request_t *request, fr_value_box_list_t *in)
164 {
165  rlm_unix_t const *inst = talloc_get_type_abort(xctx->mctx->inst->data, rlm_unix_t);
166  fr_value_box_t *arg = fr_value_box_list_head(in);
167  char const *p = arg->vb_strvalue;
168  fr_value_box_t *vb;
169 
170  fr_skip_whitespace(p);
171 
172  MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum));
173  vb->vb_bool = unix_check_group(inst, request, p);
174  fr_dcursor_append(out, vb);
175 
176  return XLAT_ACTION_DONE;
177 }
178 
179 
180 /*
181  * Read the config
182  */
183 static int mod_bootstrap(module_inst_ctx_t const *mctx)
184 {
185  rlm_unix_t *inst = talloc_get_type_abort(mctx->inst->data, rlm_unix_t);
186  xlat_t *xlat;
187  xlat_arg_parser_t *xlat_arg;
188 
189  /*
190  * Define the new %unix.group(name) xlat. The register
191  * function automatically adds the module instance name
192  * as a prefix.
193  */
194  xlat = xlat_func_register_module(inst, mctx, "group", unix_group_xlat, FR_TYPE_BOOL);
195  if (!xlat) {
196  PERROR("Failed registering group expansion");
197  return -1;
198  }
199 
200  /*
201  * The xlat escape function needs access to inst - so
202  * argument parser details need to be defined here
203  */
204  xlat_arg = talloc_zero_array(inst, xlat_arg_parser_t, 2);
205  xlat_arg[0].type = FR_TYPE_STRING;
206  xlat_arg[0].required = true;
207  xlat_arg[0].concat = true;
208  xlat_arg[0].func = NULL; /* No real escaping done - we do strcmp() on it */
209  xlat_arg[0].uctx = NULL;
210  xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
211 
212  xlat_func_mono_set(xlat, xlat_arg);
213 
214  return 0;
215 }
216 
217 
218 /*
219  * Pull the users password from where-ever, and add it to
220  * the given vp list.
221  */
222 static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
223 {
224  char const *name;
225  char const *encrypted_pass;
226 #ifdef HAVE_GETSPNAM
227  struct spwd *spwd = NULL;
228 #endif
229  struct passwd *pwd;
230 #ifdef HAVE_GETUSERSHELL
231  char *shell;
232 #endif
233  fr_pair_t *vp;
234  fr_pair_t *username;
235 
236  /*
237  * We can only authenticate user requests which HAVE
238  * a User-Name attribute.
239  */
240  username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
241  if (!username) RETURN_MODULE_NOOP;
242 
243  name = username->vp_strvalue;
244  encrypted_pass = NULL;
245 
246  if ((pwd = getpwnam(name)) == NULL) {
247  RETURN_MODULE_NOTFOUND;
248  }
249  encrypted_pass = pwd->pw_passwd;
250 
251 #ifdef HAVE_GETSPNAM
252  /*
253  * See if there is a shadow password.
254  *
255  * Only query the _system_ shadow file if the encrypted
256  * password from the passwd file is < 10 characters (i.e.
257  * a valid password would never crypt() to it). This will
258  * prevents users from using NULL password fields as things
259  * stand right now.
260  */
261  if ((!encrypted_pass) || (strlen(encrypted_pass) < 10)) {
262  if ((spwd = getspnam(name)) == NULL) {
263  RETURN_MODULE_NOTFOUND;
264  }
265  encrypted_pass = spwd->sp_pwdp;
266  }
267 #endif /* HAVE_GETSPNAM */
268 
269 #ifdef DENY_SHELL
270  /*
271  * Users with a particular shell are denied access
272  */
273  if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) {
274  REDEBUG("Invalid shell", name);
275  RETURN_MODULE_REJECT;
276  }
277 #endif
278 
279 #ifdef HAVE_GETUSERSHELL
280  /*
281  * Check /etc/shells for a valid shell. If that file
282  * contains /RADIUSD/ANY/SHELL then any shell will do.
283  */
284  while ((shell = getusershell()) != NULL) {
285  if (strcmp(shell, pwd->pw_shell) == 0 ||
286  strcmp(shell, "/RADIUSD/ANY/SHELL") == 0) {
287  break;
288  }
289  }
290  endusershell();
291  if (!shell) {
292  REDEBUG("[%s]: invalid shell [%s]", name, pwd->pw_shell);
293  RETURN_MODULE_REJECT;
294  }
295 #endif
296 
297 #if defined(HAVE_GETSPNAM) && !defined(M_UNIX)
298  /*
299  * Check if password has expired.
300  */
301  if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
302  (fr_time_to_sec(request->packet->timestamp) / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
303  REDEBUG("[%s]: password has expired", name);
304  RETURN_MODULE_REJECT;
305  }
306  /*
307  * Check if account has expired.
308  */
309  if (spwd && spwd->sp_expire > 0 &&
310  (fr_time_to_sec(request->packet->timestamp) / 86400) > spwd->sp_expire) {
311  REDEBUG("[%s]: account has expired", name);
312  RETURN_MODULE_REJECT;
313  }
314 #endif
315 
316 #if defined(__FreeBSD__) || defined(bsdi) || defined(_PWF_EXPIRE)
317  /*
318  * Check if password has expired.
319  */
320  if ((pwd->pw_expire > 0) &&
321  (fr_time_to_sec(request->packet->timestamp) > pwd->pw_expire)) {
322  REDEBUG("[%s]: password has expired", name);
323  RETURN_MODULE_REJECT;
324  }
325 #endif
326 
327  /*
328  * We might have a passwordless account.
329  *
330  * FIXME: Maybe add Auth-Type := Accept?
331  */
332  if (encrypted_pass[0] == 0)
333  RETURN_MODULE_NOOP;
334 
335  MEM(pair_update_control(&vp, attr_crypt_password) >= 0);
336  fr_pair_value_strdup(vp, encrypted_pass, false);
337 
338  RETURN_MODULE_UPDATED;
339 }
340 
341 
342 /*
343  * UUencode 4 bits base64. We use this to turn a 4 byte field
344  * (an IP address) into 6 bytes of ASCII. This is used for the
345  * wtmp file if we didn't find a short name in the naslist file.
346  */
347 static char *uue(void *in)
348 {
349  int i;
350  static unsigned char res[7];
351  unsigned char *data = (unsigned char *)in;
352 
353  res[0] = ENC( data[0] >> 2 );
354  res[1] = ENC( ((data[0] << 4) & 060) + ((data[1] >> 4) & 017) );
355  res[2] = ENC( ((data[1] << 2) & 074) + ((data[2] >> 6) & 03) );
356  res[3] = ENC( data[2] & 077 );
357 
358  res[4] = ENC( data[3] >> 2 );
359  res[5] = ENC( (data[3] << 4) & 060 );
360  res[6] = 0;
361 
362  for(i = 0; i < 6; i++) {
363  if (res[i] == ' ') res[i] = '`';
364  if (res[i] < 32 || res[i] > 127)
365  printf("uue: protocol error ?!\n");
366  }
367  return (char *)res;
368 }
369 
370 
371 /*
372  * Unix accounting - write a wtmp file.
373  */
374 static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
375 {
376  rlm_unix_t const *inst = talloc_get_type_abort_const(mctx->inst->data, rlm_unix_t);
377  fr_pair_t *vp;
378  FILE *fp;
379  struct utmp ut;
380  uint64_t t;
381  char buf[64];
382  char const *s = NULL;
383  int status = -1;
384  int nas_address = 0;
385  int framed_address = 0;
386 #ifdef USER_PROCESS
387  int protocol = -1;
388 #endif
389  uint32_t nas_port = 0;
390  bool port_seen = true;
391  fr_client_t *client;
392 
393  /*
394  * No radwtmp. Don't do anything.
395  */
396  if (!inst->radwtmp) {
397  RDEBUG2("No radwtmp file configured. Ignoring accounting request");
398  RETURN_MODULE_NOOP;
399  }
400 
401  if (request->packet->socket.inet.src_ipaddr.af != AF_INET) {
402  RDEBUG2("IPv6 is not supported!");
403  RETURN_MODULE_NOOP;
404  }
405 
406  /*
407  * Which type is this.
408  */
409  if ((vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_acct_status_type)) == NULL) {
410  RDEBUG2("no Accounting-Status-Type attribute in request");
411  RETURN_MODULE_NOOP;
412  }
413  status = vp->vp_uint32;
414 
415  /*
416  * Maybe handle ALIVE, too?
417  */
418  if (status != FR_STATUS_START &&
419  status != FR_STATUS_STOP)
420  RETURN_MODULE_NOOP;
421 
422  /*
423  * We're only interested in accounting messages
424  * with a username in it.
425  */
426  if (fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name) == NULL)
427  RETURN_MODULE_NOOP;
428 
429  t = fr_time_to_sec(request->packet->timestamp);
430  memset(&ut, 0, sizeof(ut));
431 
432  /*
433  * First, find the interesting attributes.
434  */
435  for (vp = fr_pair_list_head(&request->request_pairs);
436  vp;
437  vp = fr_pair_list_next(&request->request_pairs, vp)) {
438  if (vp->da == attr_user_name) {
439  if (vp->vp_length >= sizeof(ut.ut_name)) {
440  memcpy(ut.ut_name, vp->vp_strvalue, sizeof(ut.ut_name));
441  } else {
442  strlcpy(ut.ut_name, vp->vp_strvalue, sizeof(ut.ut_name));
443  }
444 
445  } else if (vp->da == attr_login_ip_host ||
446  vp->da == attr_framed_ip_address) {
447  framed_address = vp->vp_ipv4addr;
448 
449 #ifdef USER_PROCESS
450  } else if (vp->da == attr_framed_protocol) {
451  protocol = vp->vp_uint32;
452 #endif
453  } else if (vp->da == attr_nas_ip_address) {
454  nas_address = vp->vp_ipv4addr;
455 
456  } else if (vp->da == attr_nas_port) {
457  nas_port = vp->vp_uint32;
458  port_seen = true;
459 
460  } else if (vp->da == attr_acct_delay_time) {
461  uint32_t delay;
462 
463  delay = vp->vp_uint32;
464 
465  if (t < delay) RETURN_MODULE_FAIL;
466 
467  t -= delay;
468  }
469  }
470  if (t > UINT32_MAX) RETURN_MODULE_FAIL;
471 
472  /*
473  * We don't store !root sessions, or sessions
474  * where we didn't see a NAS-Port attribute.
475  */
476  if (strncmp(ut.ut_name, "!root", sizeof(ut.ut_name)) == 0 || !port_seen)
477  RETURN_MODULE_NOOP;
478 
479  /*
480  * If we didn't find out the NAS address, use the
481  * originator's IP address.
482  */
483  if (nas_address == 0) {
484  nas_address = request->packet->socket.inet.src_ipaddr.addr.v4.s_addr;
485  }
486 
487  client = client_from_request(request);
488  if (client) s = client->shortname;
489  if (!s || s[0] == 0) s = uue(&(nas_address));
490 
491 #ifdef __linux__
492  /*
493  * Linux has a field for the client address.
494  */
495  ut.ut_addr = framed_address;
496 #endif
497  /*
498  * We use the tty field to store the terminal servers' port
499  * and address so that the tty field is unique.
500  */
501  snprintf(buf, sizeof(buf), "%03u:%s", nas_port, s);
502  strlcpy(ut.ut_line, buf, sizeof(ut.ut_line));
503 
504  /*
505  * We store the dynamic IP address in the hostname field.
506  */
507 #ifdef UT_HOSTSIZE
508  if (framed_address) {
509  inet_ntop(AF_INET, &framed_address, buf, sizeof(buf));
510  strlcpy(ut.ut_host, buf, sizeof(ut.ut_host));
511  }
512 #endif
513 #ifdef USE_UTMPX
514  ut.ut_xtime = t;
515 #else
516  ut.ut_time = t;
517 #endif
518 #ifdef USER_PROCESS
519  /*
520  * And we can use the ID field to store
521  * the protocol.
522  */
523  if (protocol == FR_PPP)
524  strcpy(ut.ut_id, "P");
525  else if (protocol == FR_SLIP)
526  strcpy(ut.ut_id, "S");
527  else
528  strcpy(ut.ut_id, "T");
529  ut.ut_type = status == FR_STATUS_STOP ? DEAD_PROCESS : USER_PROCESS;
530 #endif
531  if (status == FR_STATUS_STOP)
532  ut.ut_name[0] = 0;
533 
534  /*
535  * Write a RADIUS wtmp log file.
536  *
537  * Try to open the file if we can't, we don't write the
538  * wtmp file. If we can try to write. If we fail,
539  * return RLM_MODULE_FAIL ..
540  */
541  if ((fp = fopen(inst->radwtmp, "a")) != NULL) {
542  if ((fwrite(&ut, sizeof(ut), 1, fp)) != 1) {
543  fclose(fp);
544  RETURN_MODULE_FAIL;
545  }
546  fclose(fp);
547  } else
548  RETURN_MODULE_FAIL;
549 
550  RETURN_MODULE_OK;
551 }
552 
553 /* globally exported name */
554 extern module_rlm_t rlm_unix;
555 module_rlm_t rlm_unix = {
556  .common = {
557  .magic = MODULE_MAGIC_INIT,
558  .name = "unix",
559  .flags = MODULE_TYPE_THREAD_UNSAFE,
560  .inst_size = sizeof(rlm_unix_t),
561  .config = module_config,
562  .bootstrap = mod_bootstrap
563  },
564  .method_names = (module_method_name_t[]){
565  { .name1 = "recv", .name2 = "access-request", .method = mod_authorize },
566  { .name1 = "send", .name2 = "accounting-response", .method = mod_accounting }, /* Backwards compatibility */
567  { .name1 = "accounting", .name2 = CF_IDENT_ANY, .method = mod_accounting },
568  MODULE_NAME_TERMINATOR
569  }
570 };
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
strcpy
strcpy(log_entry->msg, buffer)
USES_APPLE_DEPRECATED_API
#define USES_APPLE_DEPRECATED_API
Definition: build.h:431
RCSID
#define RCSID(id)
Definition: build.h:444
UNUSED
#define UNUSED
Definition: build.h:313
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:626
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:256
CONF_FLAG_FILE_INPUT
@ CONF_FLAG_FILE_INPUT
File matching value must exist, and must be readable.
Definition: cf_parse.h:412
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition: cf_parse.h:563
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition: cf_util.h:78
fr_dcursor_append
static int fr_dcursor_append(fr_dcursor_t *cursor, void *v)
Insert a single item at the end of the list.
Definition: dcursor.h:405
fr_dcursor_s
Definition: dcursor.h:93
FR_STATUS_STOP
#define FR_STATUS_STOP
Definition: defs.h:137
FR_STATUS_START
#define FR_STATUS_START
Definition: defs.h:136
FR_PPP
#define FR_PPP
Definition: defs.h:131
FR_SLIP
#define FR_SLIP
Definition: defs.h:132
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition: dict.h:250
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition: dict.h:263
in
static fr_slen_t in
Definition: dict.h:645
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition: dict.h:249
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition: dict.h:262
dl_module_instance_s::data
void *_CONST data
Module instance's parsed configuration.
Definition: dl_module.h:165
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:65
unix_group_xlat
static xlat_action_t unix_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Check if the user is a member of a particular unix group.
Definition: rlm_unix.c:161
fr_client_s::shortname
char const * shortname
Client nickname.
Definition: client.h:85
fr_client_s
Describes a host allowed to send packets to the server.
Definition: client.h:77
PERROR
#define PERROR(_fmt,...)
Definition: log.h:228
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition: log.h:376
talloc_free
talloc_free(reap)
FR_TYPE_IPV4_ADDR
@ FR_TYPE_IPV4_ADDR
32 Bit IPv4 Address.
Definition: merged_model.c:86
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition: merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition: merged_model.c:95
uint32_t
unsigned int uint32_t
Definition: merged_model.c:33
fr_dict_attr_t
Definition: merged_model.c:133
fr_dict_t
Definition: merged_model.c:198
fr_value_box_t
Definition: merged_model.c:136
request_t
Definition: merged_model.c:210
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition: misc.h:59
inet_ntop
char const * inet_ntop(int af, void const *src, char *dst, size_t cnt)
Definition: missing.c:443
module_inst_ctx_t::inst
dl_module_inst_t const * inst
Dynamic loader API handle for the module.
Definition: module_ctx.h:52
module_ctx_t::inst
dl_module_inst_t const * inst
Dynamic loader API handle for the module.
Definition: module_ctx.h:42
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition: module_ctx.h:41
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition: module_ctx.h:51
module_method_name_t
Specifies a module method identifier.
Definition: module_method.c:36
module_rlm_t::common
module_t common
Common fields presented by all modules.
Definition: module_rlm.h:37
module_rlm_t
Definition: module_rlm.h:36
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition: pair.c:688
fr_pair_value_strdup
int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
Copy data into an "string" data type.
Definition: pair.c:2631
fr_perm_getgrnam
int fr_perm_getgrnam(TALLOC_CTX *ctx, struct group **out, char const *name)
Resolve a group name to a group database entry.
Definition: perm.c:264
fr_perm_getpwnam
int fr_perm_getpwnam(TALLOC_CTX *ctx, struct passwd **out, char const *name)
Resolve a username to a passwd entry.
Definition: perm.c:138
config
static const conf_parser_t config[]
Definition: base.c:188
REDEBUG
#define REDEBUG(fmt,...)
Definition: radclient.h:52
RDEBUG2
#define RDEBUG2(fmt,...)
Definition: radclient.h:54
RETURN_MODULE_REJECT
#define RETURN_MODULE_REJECT
Definition: rcode.h:55
RETURN_MODULE_NOOP
#define RETURN_MODULE_NOOP
Definition: rcode.h:62
RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition: rcode.h:57
RETURN_MODULE_UPDATED
#define RETURN_MODULE_UPDATED
Definition: rcode.h:63
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40
RETURN_MODULE_NOTFOUND
#define RETURN_MODULE_NOTFOUND
Definition: rcode.h:61
name
static char const * name
Definition: rlm_redis_ippool_tool.c:156
username
username
Definition: rlm_securid.c:420
attr_login_ip_host
static fr_dict_attr_t const * attr_login_ip_host
Definition: rlm_unix.c:73
ENC
#define ENC(c)
Definition: rlm_unix.c:49
attr_crypt_password
static fr_dict_attr_t const * attr_crypt_password
Definition: rlm_unix.c:71
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition: rlm_unix.c:60
uue
static char * uue(void *in)
Definition: rlm_unix.c:347
attr_expr_bool_enum
static fr_dict_attr_t const * attr_expr_bool_enum
Definition: rlm_unix.c:80
dict_radius
static fr_dict_t const * dict_radius
Definition: rlm_unix.c:61
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition: rlm_unix.c:183
attr_auth_type
static fr_dict_attr_t const * attr_auth_type
Definition: rlm_unix.c:70
attr_nas_ip_address
static fr_dict_attr_t const * attr_nas_ip_address
Definition: rlm_unix.c:76
unix_check_group
static bool unix_check_group(UNUSED rlm_unix_t const *inst, request_t *request, char const *name)
Check if the user is in the given group.
Definition: rlm_unix.c:101
attr_framed_ip_address
static fr_dict_attr_t const * attr_framed_ip_address
Definition: rlm_unix.c:74
rlm_unix_t::radwtmp
char const * radwtmp
Definition: rlm_unix.c:52
mod_accounting
static unlang_action_t mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition: rlm_unix.c:374
attr_framed_protocol
static fr_dict_attr_t const * attr_framed_protocol
Definition: rlm_unix.c:75
attr_nas_port
static fr_dict_attr_t const * attr_nas_port
Definition: rlm_unix.c:77
attr_acct_status_type
static fr_dict_attr_t const * attr_acct_status_type
Definition: rlm_unix.c:78
attr_user_name
static fr_dict_attr_t const * attr_user_name
Definition: rlm_unix.c:72
attr_acct_delay_time
static fr_dict_attr_t const * attr_acct_delay_time
Definition: rlm_unix.c:79
trans
static char trans[64]
Definition: rlm_unix.c:48
module_config
static const conf_parser_t module_config[]
Definition: rlm_unix.c:55
rlm_unix_dict
fr_dict_autoload_t rlm_unix_dict[]
Definition: rlm_unix.c:64
rlm_unix
module_rlm_t rlm_unix
Definition: rlm_unix.c:555
mod_authorize
static unlang_action_t mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
Definition: rlm_unix.c:222
rlm_unix_dict_attr
fr_dict_attr_autoload_t rlm_unix_dict_attr[]
Definition: rlm_unix.c:83
rlm_unix_t
Definition: rlm_unix.c:51
MODULE_TYPE_THREAD_UNSAFE
@ MODULE_TYPE_THREAD_UNSAFE
Module is not threadsafe.
Definition: module.h:50
MODULE_NAME_TERMINATOR
#define MODULE_NAME_TERMINATOR
Definition: module.h:135
pair_update_control
#define pair_update_control(_attr, _da)
Return or allocate a fr_pair_t in the control list.
Definition: pair.h:140
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition: snprintf.c:689
client_from_request
fr_client_t * client_from_request(request_t *request)
Search up a list of requests trying to locate one which has a client.
Definition: client.c:1092
RETURN_MODULE_FAIL
RETURN_MODULE_FAIL
Definition: state_machine.c:1220
MEM
MEM(pair_append_request(&vp, attr_eap_aka_sim_identity) >=0)
inst
eap_aka_sim_process_conf_t * inst
Definition: state_machine.c:3633
vp
fr_pair_t * vp
Definition: state_machine.c:2271
strlcpy
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition: strlcpy.c:34
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition: pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition: pair.h:69
utmp::ut_id
char ut_id[4]
Definition: sysutmp.h:116
utmp::ut_line
char ut_line[UT_LINESIZE]
Definition: sysutmp.h:115
utmp::ut_host
char ut_host[UT_HOSTSIZE]
Definition: sysutmp.h:119
utmp::ut_addr
long ut_addr
Definition: sysutmp.h:120
utmp::ut_time
long ut_time
Definition: sysutmp.h:117
USER_PROCESS
#define USER_PROCESS
Definition: sysutmp.h:106
utmp::ut_type
short ut_type
Definition: sysutmp.h:113
DEAD_PROCESS
#define DEAD_PROCESS
Definition: sysutmp.h:107
utmp
Definition: sysutmp.h:112
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition: talloc.h:270
fr_time_to_sec
static int64_t fr_time_to_sec(fr_time_t when)
Convert an fr_time_t (internal time) to number of sec since the unix epoch (wallclock time)
Definition: time.h:729
xlat_arg_parser_t::type
fr_type_t type
Type to cast argument to.
Definition: xlat.h:153
xlat_arg_parser_t::uctx
void * uctx
Argument to pass to escape callback.
Definition: xlat.h:157
xlat_arg_parser_t::required
bool required
Argument must be present, and non-empty.
Definition: xlat.h:146
xlat_arg_parser_t::func
xlat_escape_func_t func
Function to handle tainted values.
Definition: xlat.h:154
xlat_arg_parser_t::concat
bool concat
Concat boxes together.
Definition: xlat.h:147
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition: xlat.h:166
xlat_action_t
xlat_action_t
Definition: xlat.h:35
XLAT_ACTION_DONE
@ XLAT_ACTION_DONE
We're done evaluating this level of nesting.
Definition: xlat.h:41
xlat_arg_parser_t
Definition for a single argument consumend by an xlat function.
Definition: xlat.h:145
fr_pair_list_head
fr_pair_t * fr_pair_list_head(fr_pair_list_t const *list)
Get the head of a valuepair list.
Definition: pair_inline.c:43
fr_pair_list_next
fr_pair_t * fr_pair_list_next(fr_pair_list_t const *list, fr_pair_t const *item))
Get the next item in a valuepair list after a specific entry.
Definition: pair_inline.c:70
fr_value_box_alloc
#define fr_value_box_alloc(_ctx, _type, _enumv)
Allocate a value box of a specific type.
Definition: value.h:608
data
static fr_slen_t data
Definition: value.h:1259
nonnull
int nonnull(2, 5))
out
static size_t char ** out
Definition: value.h:984
xlat_ctx_t::mctx
module_ctx_t const * mctx
Synthesised module calling ctx.
Definition: xlat_ctx.h:45
xlat_ctx_t
An xlat calling ctx.
Definition: xlat_ctx.h:42
xlat_func_mono_set
int xlat_func_mono_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the argument of an xlat.
Definition: xlat_func.c:392
xlat_func_register_module
xlat_t * xlat_func_register_module(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx, char const *name, xlat_func_t func, fr_type_t return_type)
Register an xlat function for a module.
Definition: xlat_func.c:274
xlat_s
Definition: xlat_priv.h:58
Generated by   doxygen 1.9.1