The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rlm_unix.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: a66913ce637742e487bb83adf444be9da014964f $
19 * @file rlm_unix.c
20 * @brief Unixy things
21 *
22 * @copyright 2000,2006 The FreeRADIUS server project
23 * @copyright 2000 Jeff Carneal (jeff@apex.net)
24 * @copyright 2000 Alan Curry (pacman@world.std.com)
25 */
26RCSID("$Id: a66913ce637742e487bb83adf444be9da014964f $")
27USES_APPLE_DEPRECATED_API
28
29#define LOG_PREFIX mctx->mi->name
30
31#include <freeradius-devel/radius/radius.h>
32#include <freeradius-devel/server/base.h>
33#include <freeradius-devel/server/module_rlm.h>
34#include <freeradius-devel/server/sysutmp.h>
35#include <freeradius-devel/util/perm.h>
36#include <freeradius-devel/unlang/xlat_func.h>
37
38#include <grp.h>
39#include <pwd.h>
40#include <sys/stat.h>
41
42#include "config.h"
43
44#ifdef HAVE_SHADOW_H
45# include <shadow.h>
46#endif
47
48static char trans[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
49#define ENC(c) trans[c]
50
51typedef struct {
52 char const *radwtmp;
53} rlm_unix_t;
54
59
60static fr_dict_t const *dict_freeradius;
61static fr_dict_t const *dict_radius;
62
63extern fr_dict_autoload_t rlm_unix_dict[];
64fr_dict_autoload_t rlm_unix_dict[] = {
65 { .out = &dict_freeradius, .proto = "freeradius" },
66 { .out = &dict_radius, .proto = "radius" },
67 { NULL }
68};
69
70static fr_dict_attr_t const *attr_auth_type;
71static fr_dict_attr_t const *attr_crypt_password;
72static fr_dict_attr_t const *attr_user_name;
73static fr_dict_attr_t const *attr_login_ip_host;
74static fr_dict_attr_t const *attr_framed_ip_address;
75static fr_dict_attr_t const *attr_framed_protocol;
76static fr_dict_attr_t const *attr_nas_ip_address;
77static fr_dict_attr_t const *attr_nas_port;
78static fr_dict_attr_t const *attr_acct_status_type;
79static fr_dict_attr_t const *attr_acct_delay_time;
80static fr_dict_attr_t const *attr_expr_bool_enum;
81
82extern fr_dict_attr_autoload_t rlm_unix_dict_attr[];
83fr_dict_attr_autoload_t rlm_unix_dict_attr[] = {
84 { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
85 { .out = &attr_crypt_password, .name = "Password.Crypt", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
86 { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
87 { .out = &attr_login_ip_host, .name = "Login-IP-Host", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_radius },
88 { .out = &attr_framed_ip_address, .name = "Framed-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_radius },
89 { .out = &attr_framed_protocol, .name = "Framed-Protocol", .type = FR_TYPE_UINT32, .dict = &dict_radius },
90 { .out = &attr_nas_ip_address, .name = "NAS-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_radius },
91 { .out = &attr_nas_port, .name = "NAS-Port", .type = FR_TYPE_UINT32, .dict = &dict_radius },
92 { .out = &attr_acct_status_type, .name = "Acct-Status-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
93 { .out = &attr_acct_delay_time, .name = "Acct-Delay-Time", .type = FR_TYPE_UINT32, .dict = &dict_radius },
94 { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
95 { NULL }
96};
97
98/** Check if the user is in the given group
99 *
100 */
101static bool CC_HINT(nonnull) unix_check_group(UNUSED rlm_unix_t const *inst, request_t *request, char const *name)
102{
103 bool rcode = false;
104 struct passwd *pwd;
105 struct group *grp;
106 fr_pair_t *username;
107
108 /*
109 * No user name, can't compare.
110 */
111 username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
112 if (!username) return false;
113
114 if (fr_perm_getpwnam(request, &pwd, username->vp_strvalue) < 0) {
115 RPEDEBUG("Failed resolving user name");
116 return false;
117 }
118
119 if (fr_perm_getgrnam(request, &grp, name) < 0) {
120 RPEDEBUG("Failed resolving group name");
121 talloc_free(pwd);
122 return false;
123 }
124
125 /*
126 * The users default group may be the one we're looking
127 * for, in which case we use that.
128 *
129 * Otherwise, we go through the list of groups to see if the group name matches.
130 */
131 if (pwd->pw_gid == grp->gr_gid) {
132 rcode = true;
133
134 } else {
135 char **member;
136
137 for (member = grp->gr_mem; *member; member++) {
138 if (strcmp(*member, pwd->pw_name) == 0) {
139 rcode = true;
140 break;
141 }
142 }
143 }
144
145 /* lifo */
146 talloc_free(grp);
147 talloc_free(pwd);
148
149 return rcode;
150}
151
152
153/** Check if the user is a member of a particular unix group
154 *
155@verbatim
156%unix.group(<name>)
157@endverbatim
158 *
159 * @ingroup xlat_functions
160 */
161static xlat_action_t unix_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
162 xlat_ctx_t const *xctx,
163 request_t *request, fr_value_box_list_t *in)
164{
165 rlm_unix_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_unix_t);
166 fr_value_box_t *arg = fr_value_box_list_head(in);
167 char const *p = arg->vb_strvalue;
168 fr_value_box_t *vb;
169
170 fr_skip_whitespace(p);
171
172 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum));
173 vb->vb_bool = unix_check_group(inst, request, p);
174 fr_dcursor_append(out, vb);
175
176 return XLAT_ACTION_DONE;
177}
178
179
180/*
181 * Read the config
182 */
183static int mod_bootstrap(module_inst_ctx_t const *mctx)
184{
185 xlat_t *xlat;
186 xlat_arg_parser_t *xlat_arg;
187
188 /*
189 * Define the new %unix.group(name) xlat. The register
190 * function automatically adds the module instance name
191 * as a prefix.
192 */
193 xlat = module_rlm_xlat_register(mctx->mi->boot, mctx, "group", unix_group_xlat, FR_TYPE_BOOL);
194 if (!xlat) {
195 PERROR("Failed registering group expansion");
196 return -1;
197 }
198
199 /*
200 * The xlat escape function needs access to inst - so
201 * argument parser details need to be defined here
202 */
203 xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
204 xlat_arg[0] = (xlat_arg_parser_t) {
205 .type = FR_TYPE_STRING,
206 .required = true,
207 .concat = true
208 };
209 xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
210
211 xlat_func_args_set(xlat, xlat_arg);
212
213 return 0;
214}
215
216
217/*
218 * Pull the users password from where-ever, and add it to
219 * the given vp list.
220 */
221static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
222{
223 char const *name;
224 char const *encrypted_pass;
225#ifdef HAVE_GETSPNAM
226 struct spwd *spwd = NULL;
227#endif
228 struct passwd *pwd;
229#ifdef HAVE_GETUSERSHELL
230 char *shell;
231#endif
232 fr_pair_t *vp;
233 fr_pair_t *username;
234
235 /*
236 * We can only authenticate user requests which HAVE
237 * a User-Name attribute.
238 */
239 username = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name);
240 if (!username) RETURN_MODULE_NOOP;
241
242 name = username->vp_strvalue;
243 encrypted_pass = NULL;
244
245 if ((pwd = getpwnam(name)) == NULL) {
246 RETURN_MODULE_NOTFOUND;
247 }
248 encrypted_pass = pwd->pw_passwd;
249
250#ifdef HAVE_GETSPNAM
251 /*
252 * See if there is a shadow password.
253 *
254 * Only query the _system_ shadow file if the encrypted
255 * password from the passwd file is < 10 characters (i.e.
256 * a valid password would never crypt() to it). This will
257 * prevents users from using NULL password fields as things
258 * stand right now.
259 */
260 if ((!encrypted_pass) || (strlen(encrypted_pass) < 10)) {
261 if ((spwd = getspnam(name)) == NULL) {
262 RETURN_MODULE_NOTFOUND;
263 }
264 encrypted_pass = spwd->sp_pwdp;
265 }
266#endif /* HAVE_GETSPNAM */
267
268#ifdef DENY_SHELL
269 /*
270 * Users with a particular shell are denied access
271 */
272 if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) {
273 REDEBUG("Invalid shell", name);
274 RETURN_MODULE_REJECT;
275 }
276#endif
277
278#ifdef HAVE_GETUSERSHELL
279 /*
280 * Check /etc/shells for a valid shell. If that file
281 * contains /RADIUSD/ANY/SHELL then any shell will do.
282 */
283 while ((shell = getusershell()) != NULL) {
284 if (strcmp(shell, pwd->pw_shell) == 0 ||
285 strcmp(shell, "/RADIUSD/ANY/SHELL") == 0) {
286 break;
287 }
288 }
289 endusershell();
290 if (!shell) {
291 REDEBUG("[%s]: invalid shell [%s]", name, pwd->pw_shell);
292 RETURN_MODULE_REJECT;
293 }
294#endif
295
296#if defined(HAVE_GETSPNAM) && !defined(M_UNIX)
297 /*
298 * Check if password has expired.
299 */
300 if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
301 (fr_time_to_sec(request->packet->timestamp) / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
302 REDEBUG("[%s]: password has expired", name);
303 RETURN_MODULE_REJECT;
304 }
305 /*
306 * Check if account has expired.
307 */
308 if (spwd && spwd->sp_expire > 0 &&
309 (fr_time_to_sec(request->packet->timestamp) / 86400) > spwd->sp_expire) {
310 REDEBUG("[%s]: account has expired", name);
311 RETURN_MODULE_REJECT;
312 }
313#endif
314
315#if defined(__FreeBSD__) || defined(bsdi) || defined(_PWF_EXPIRE)
316 /*
317 * Check if password has expired.
318 */
319 if ((pwd->pw_expire > 0) &&
320 (fr_time_to_sec(request->packet->timestamp) > pwd->pw_expire)) {
321 REDEBUG("[%s]: password has expired", name);
322 RETURN_MODULE_REJECT;
323 }
324#endif
325
326 /*
327 * We might have a passwordless account.
328 *
329 * FIXME: Maybe add Auth-Type := Accept?
330 */
331 if (encrypted_pass[0] == 0)
332 RETURN_MODULE_NOOP;
333
334 MEM(pair_update_control(&vp, attr_crypt_password) >= 0);
335 fr_pair_value_strdup(vp, encrypted_pass, false);
336
337 RETURN_MODULE_UPDATED;
338}
339
340
341/*
342 * UUencode 4 bits base64. We use this to turn a 4 byte field
343 * (an IP address) into 6 bytes of ASCII. This is used for the
344 * wtmp file if we didn't find a short name in the naslist file.
345 */
346static char *uue(void *in)
347{
348 int i;
349 static unsigned char res[7];
350 unsigned char *data = (unsigned char *)in;
351
352 res[0] = ENC( data[0] >> 2 );
353 res[1] = ENC( ((data[0] << 4) & 060) + ((data[1] >> 4) & 017) );
354 res[2] = ENC( ((data[1] << 2) & 074) + ((data[2] >> 6) & 03) );
355 res[3] = ENC( data[2] & 077 );
356
357 res[4] = ENC( data[3] >> 2 );
358 res[5] = ENC( (data[3] << 4) & 060 );
359 res[6] = 0;
360
361 for(i = 0; i < 6; i++) {
362 if (res[i] == ' ') res[i] = '`';
363 if (res[i] < 32 || res[i] > 127)
364 printf("uue: protocol error ?!\n");
365 }
366 return (char *)res;
367}
368
369
370/*
371 * Unix accounting - write a wtmp file.
372 */
373static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
374{
375 rlm_unix_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_unix_t);
376 fr_pair_t *vp;
377 FILE *fp;
378 struct utmp ut;
379 uint64_t t;
380 char buf[64];
381 char const *s = NULL;
382 int status = -1;
383 int nas_address = 0;
384 int framed_address = 0;
385#ifdef USER_PROCESS
386 int protocol = -1;
387#endif
388 uint32_t nas_port = 0;
389 bool port_seen = true;
390 fr_client_t *client;
391
392 /*
393 * No radwtmp. Don't do anything.
394 */
395 if (!inst->radwtmp) {
396 RDEBUG2("No radwtmp file configured. Ignoring accounting request");
397 RETURN_MODULE_NOOP;
398 }
399
400 if (request->packet->socket.inet.src_ipaddr.af != AF_INET) {
401 RDEBUG2("IPv6 is not supported!");
402 RETURN_MODULE_NOOP;
403 }
404
405 /*
406 * Which type is this.
407 */
408 if ((vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_acct_status_type)) == NULL) {
409 RDEBUG2("no Accounting-Status-Type attribute in request");
410 RETURN_MODULE_NOOP;
411 }
412 status = vp->vp_uint32;
413
414 /*
415 * Maybe handle ALIVE, too?
416 */
417 if (status != FR_STATUS_START &&
418 status != FR_STATUS_STOP)
419 RETURN_MODULE_NOOP;
420
421 /*
422 * We're only interested in accounting messages
423 * with a username in it.
424 */
425 if (fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name) == NULL)
426 RETURN_MODULE_NOOP;
427
428 t = fr_time_to_sec(request->packet->timestamp);
429 memset(&ut, 0, sizeof(ut));
430
431 /*
432 * First, find the interesting attributes.
433 */
434 for (vp = fr_pair_list_head(&request->request_pairs);
435 vp;
436 vp = fr_pair_list_next(&request->request_pairs, vp)) {
437 if (vp->da == attr_user_name) {
438 if (vp->vp_length >= sizeof(ut.ut_name)) {
439 memcpy(ut.ut_name, vp->vp_strvalue, sizeof(ut.ut_name));
440 } else {
441 strlcpy(ut.ut_name, vp->vp_strvalue, sizeof(ut.ut_name));
442 }
443
444 } else if (vp->da == attr_login_ip_host ||
445 vp->da == attr_framed_ip_address) {
446 framed_address = vp->vp_ipv4addr;
447
448#ifdef USER_PROCESS
449 } else if (vp->da == attr_framed_protocol) {
450 protocol = vp->vp_uint32;
451#endif
452 } else if (vp->da == attr_nas_ip_address) {
453 nas_address = vp->vp_ipv4addr;
454
455 } else if (vp->da == attr_nas_port) {
456 nas_port = vp->vp_uint32;
457 port_seen = true;
458
459 } else if (vp->da == attr_acct_delay_time) {
460 uint32_t delay;
461
462 delay = vp->vp_uint32;
463
464 if (t < delay) RETURN_MODULE_FAIL;
465
466 t -= delay;
467 }
468 }
469 if (t > UINT32_MAX) RETURN_MODULE_FAIL;
470
471 /*
472 * We don't store !root sessions, or sessions
473 * where we didn't see a NAS-Port attribute.
474 */
475 if (strncmp(ut.ut_name, "!root", sizeof(ut.ut_name)) == 0 || !port_seen)
476 RETURN_MODULE_NOOP;
477
478 /*
479 * If we didn't find out the NAS address, use the
480 * originator's IP address.
481 */
482 if (nas_address == 0) {
483 nas_address = request->packet->socket.inet.src_ipaddr.addr.v4.s_addr;
484 }
485
486 client = client_from_request(request);
487 if (client) s = client->shortname;
488 if (!s || s[0] == 0) s = uue(&(nas_address));
489
490#ifdef __linux__
491 /*
492 * Linux has a field for the client address.
493 */
494 ut.ut_addr = framed_address;
495#endif
496 /*
497 * We use the tty field to store the terminal servers' port
498 * and address so that the tty field is unique.
499 */
500 snprintf(buf, sizeof(buf), "%03u:%s", nas_port, s);
501 strlcpy(ut.ut_line, buf, sizeof(ut.ut_line));
502
503 /*
504 * We store the dynamic IP address in the hostname field.
505 */
506#ifdef UT_HOSTSIZE
507 if (framed_address) {
508 inet_ntop(AF_INET, &framed_address, buf, sizeof(buf));
509 strlcpy(ut.ut_host, buf, sizeof(ut.ut_host));
510 }
511#endif
512#ifdef USE_UTMPX
513 ut.ut_xtime = t;
514#else
515 ut.ut_time = t;
516#endif
517#ifdef USER_PROCESS
518 /*
519 * And we can use the ID field to store
520 * the protocol.
521 */
522 if (protocol == FR_PPP)
523 strcpy(ut.ut_id, "P");
524 else if (protocol == FR_SLIP)
525 strcpy(ut.ut_id, "S");
526 else
527 strcpy(ut.ut_id, "T");
528 ut.ut_type = status == FR_STATUS_STOP ? DEAD_PROCESS : USER_PROCESS;
529#endif
530 if (status == FR_STATUS_STOP)
531 ut.ut_name[0] = 0;
532
533 /*
534 * Write a RADIUS wtmp log file.
535 *
536 * Try to open the file if we can't, we don't write the
537 * wtmp file. If we can try to write. If we fail,
538 * return RLM_MODULE_FAIL ..
539 */
540 if ((fp = fopen(inst->radwtmp, "a")) != NULL) {
541 if ((fwrite(&ut, sizeof(ut), 1, fp)) != 1) {
542 fclose(fp);
543 RETURN_MODULE_FAIL;
544 }
545 fclose(fp);
546 } else
547 RETURN_MODULE_FAIL;
548
549 RETURN_MODULE_OK;
550}
551
552/* globally exported name */
553extern module_rlm_t rlm_unix;
554module_rlm_t rlm_unix = {
555 .common = {
556 .magic = MODULE_MAGIC_INIT,
557 .name = "unix",
558 .flags = MODULE_TYPE_THREAD_UNSAFE,
559 .inst_size = sizeof(rlm_unix_t),
560 .config = module_config,
561 .bootstrap = mod_bootstrap
562 },
563 .method_group = {
564 .bindings = (module_method_binding_t[]){
565 { .section = SECTION_NAME("accounting", CF_IDENT_ANY), .method = mod_accounting },
566 { .section = SECTION_NAME("recv", "Access-Request"), .method = mod_authorize },
567 { .section = SECTION_NAME("send", "Accounting-Response"), .method = mod_accounting }, /* Backwards compatibility */
568 MODULE_BINDING_TERMINATOR
569 }
570 }
571};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
strcpy
strcpy(log_entry->msg, buffer)
USES_APPLE_DEPRECATED_API
#define USES_APPLE_DEPRECATED_API
Definition build.h:470
RCSID
#define RCSID(id)
Definition build.h:483
UNUSED
#define UNUSED
Definition build.h:315
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:642
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:256
CONF_FLAG_FILE_INPUT
@ CONF_FLAG_FILE_INPUT
File matching value must exist, and must be readable.
Definition cf_parse.h:424
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:579
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition cf_util.h:78
fr_dcursor_append
static int fr_dcursor_append(fr_dcursor_t *cursor, void *v)
Insert a single item at the end of the list.
Definition dcursor.h:406
fr_dcursor_s
Definition dcursor.h:93
MEM
#define MEM(x)
Definition debug.h:36
FR_STATUS_STOP
#define FR_STATUS_STOP
Definition defs.h:137
FR_STATUS_START
#define FR_STATUS_START
Definition defs.h:136
FR_PPP
#define FR_PPP
Definition defs.h:131
FR_SLIP
#define FR_SLIP
Definition defs.h:132
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:268
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:281
in
static fr_slen_t in
Definition dict.h:824
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:267
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:280
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
unix_group_xlat
static xlat_action_t unix_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Check if the user is a member of a particular unix group.
Definition rlm_unix.c:161
fr_client_s::shortname
char const * shortname
Client nickname.
Definition client.h:88
fr_client_s
Describes a host allowed to send packets to the server.
Definition client.h:80
PERROR
#define PERROR(_fmt,...)
Definition log.h:228
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition log.h:376
talloc_free
talloc_free(reap)
FR_TYPE_IPV4_ADDR
@ FR_TYPE_IPV4_ADDR
32 Bit IPv4 Address.
Definition merged_model.c:86
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition misc.h:59
inet_ntop
char const * inet_ntop(int af, void const *src, char *dst, size_t cnt)
Definition missing.c:443
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
module_rlm_xlat_register
xlat_t * module_rlm_xlat_register(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx, char const *name, xlat_func_t func, fr_type_t return_type)
Definition module_rlm.c:257
module_rlm_s::common
module_t common
Common fields presented by all modules.
Definition module_rlm.h:39
module_rlm_s
Definition module_rlm.h:38
fr_pair_value_strdup
int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
Copy data into an "string" data type.
Definition pair.c:2634
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:693
fr_perm_getgrnam
int fr_perm_getgrnam(TALLOC_CTX *ctx, struct group **out, char const *name)
Resolve a group name to a group database entry.
Definition perm.c:392
fr_perm_getpwnam
int fr_perm_getpwnam(TALLOC_CTX *ctx, struct passwd **out, char const *name)
Resolve a username to a passwd entry.
Definition perm.c:266
config
static const conf_parser_t config[]
Definition base.c:183
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient.h:52
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient.h:54
RETURN_MODULE_REJECT
#define RETURN_MODULE_REJECT
Definition rcode.h:55
RETURN_MODULE_NOOP
#define RETURN_MODULE_NOOP
Definition rcode.h:62
RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition rcode.h:57
RETURN_MODULE_FAIL
#define RETURN_MODULE_FAIL
Definition rcode.h:56
RETURN_MODULE_UPDATED
#define RETURN_MODULE_UPDATED
Definition rcode.h:63
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
RETURN_MODULE_NOTFOUND
#define RETURN_MODULE_NOTFOUND
Definition rcode.h:61
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
username
username
Definition rlm_securid.c:420
attr_login_ip_host
static fr_dict_attr_t const * attr_login_ip_host
Definition rlm_unix.c:73
ENC
#define ENC(c)
Definition rlm_unix.c:49
attr_crypt_password
static fr_dict_attr_t const * attr_crypt_password
Definition rlm_unix.c:71
uue
static char * uue(void *in)
Definition rlm_unix.c:346
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition rlm_unix.c:60
attr_expr_bool_enum
static fr_dict_attr_t const * attr_expr_bool_enum
Definition rlm_unix.c:80
dict_radius
static fr_dict_t const * dict_radius
Definition rlm_unix.c:61
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition rlm_unix.c:183
attr_auth_type
static fr_dict_attr_t const * attr_auth_type
Definition rlm_unix.c:70
attr_nas_ip_address
static fr_dict_attr_t const * attr_nas_ip_address
Definition rlm_unix.c:76
unix_check_group
static bool unix_check_group(UNUSED rlm_unix_t const *inst, request_t *request, char const *name)
Check if the user is in the given group.
Definition rlm_unix.c:101
attr_framed_ip_address
static fr_dict_attr_t const * attr_framed_ip_address
Definition rlm_unix.c:74
rlm_unix_t::radwtmp
char const * radwtmp
Definition rlm_unix.c:52
mod_accounting
static unlang_action_t mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Definition rlm_unix.c:373
attr_framed_protocol
static fr_dict_attr_t const * attr_framed_protocol
Definition rlm_unix.c:75
attr_nas_port
static fr_dict_attr_t const * attr_nas_port
Definition rlm_unix.c:77
attr_acct_status_type
static fr_dict_attr_t const * attr_acct_status_type
Definition rlm_unix.c:78
attr_user_name
static fr_dict_attr_t const * attr_user_name
Definition rlm_unix.c:72
attr_acct_delay_time
static fr_dict_attr_t const * attr_acct_delay_time
Definition rlm_unix.c:79
trans
static char trans[64]
Definition rlm_unix.c:48
module_config
static const conf_parser_t module_config[]
Definition rlm_unix.c:55
rlm_unix_dict
fr_dict_autoload_t rlm_unix_dict[]
Definition rlm_unix.c:64
rlm_unix
module_rlm_t rlm_unix
Definition rlm_unix.c:554
mod_authorize
static unlang_action_t mod_authorize(rlm_rcode_t *p_result, UNUSED module_ctx_t const *mctx, request_t *request)
Definition rlm_unix.c:221
rlm_unix_dict_attr
fr_dict_attr_autoload_t rlm_unix_dict_attr[]
Definition rlm_unix.c:83
rlm_unix_t
Definition rlm_unix.c:51
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
MODULE_TYPE_THREAD_UNSAFE
@ MODULE_TYPE_THREAD_UNSAFE
Module is not threadsafe.
Definition module.h:48
module_s::flags
module_flags_t flags
Flags that control how a module starts up and how a module is called.
Definition module.h:227
module_instance_s::data
void * data
Module's instance data.
Definition module.h:271
module_instance_s::boot
void * boot
Data allocated during the boostrap phase.
Definition module.h:274
MODULE_BINDING_TERMINATOR
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition module.h:151
module_method_binding_s
Named methods exported by a module.
Definition module.h:173
pair_update_control
#define pair_update_control(_attr, _da)
Return or allocate a fr_pair_t in the control list.
Definition pair.h:140
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
client_from_request
fr_client_t * client_from_request(request_t *request)
Search up a list of requests trying to locate one which has a client.
Definition client.c:1112
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620
vp
fr_pair_t * vp
Definition state_machine.c:2262
strlcpy
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
utmp::ut_id
char ut_id[4]
Definition sysutmp.h:116
utmp::ut_line
char ut_line[UT_LINESIZE]
Definition sysutmp.h:115
utmp::ut_host
char ut_host[UT_HOSTSIZE]
Definition sysutmp.h:119
utmp::ut_addr
long ut_addr
Definition sysutmp.h:120
utmp::ut_time
long ut_time
Definition sysutmp.h:117
USER_PROCESS
#define USER_PROCESS
Definition sysutmp.h:106
utmp::ut_type
short ut_type
Definition sysutmp.h:113
DEAD_PROCESS
#define DEAD_PROCESS
Definition sysutmp.h:107
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:282
fr_time_to_sec
static int64_t fr_time_to_sec(fr_time_t when)
Convert an fr_time_t (internal time) to number of sec since the unix epoch (wallclock time)
Definition time.h:731
xlat_arg_parser_t::type
fr_type_t type
Type to cast argument to.
Definition xlat.h:155
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition xlat.h:168
xlat_action_t
xlat_action_t
Definition xlat.h:37
XLAT_ACTION_DONE
@ XLAT_ACTION_DONE
We're done evaluating this level of nesting.
Definition xlat.h:43
xlat_arg_parser_t
Definition for a single argument consumend by an xlat function.
Definition xlat.h:147
fr_pair_list_next
fr_pair_t * fr_pair_list_next(fr_pair_list_t const *list, fr_pair_t const *item))
Get the next item in a valuepair list after a specific entry.
Definition pair_inline.c:70
fr_pair_list_head
fr_pair_t * fr_pair_list_head(fr_pair_list_t const *list)
Get the head of a valuepair list.
Definition pair_inline.c:43
fr_value_box_alloc
#define fr_value_box_alloc(_ctx, _type, _enumv)
Allocate a value box of a specific type.
Definition value.h:621
data
static fr_slen_t data
Definition value.h:1265
nonnull
int nonnull(2, 5))
out
static size_t char ** out
Definition value.h:997
xlat_ctx_s::mctx
module_ctx_t const * mctx
Synthesised module calling ctx.
Definition xlat_ctx.h:52
xlat_ctx_s
An xlat calling ctx.
Definition xlat_ctx.h:49
xlat_func_args_set
int xlat_func_args_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the arguments of an xlat.
Definition xlat_func.c:365
xlat_s
Definition xlat_priv.h:59
Generated by   doxygen 1.9.8