Huntgroups inside an Module
Patrick Kowalik
patrick at shoogee.com
Tue Mar 12 08:28:45 CET 2013
Hello everybody I wantd to read out my huntgroups inside an Module and
not like normal in the "radiusd.conf" with preprocess !
For that i needed to do the following changes in an C-Module :
typedef struct rlm_huntgroups_t {
char *huntgroup_file;
PAIR_LIST *huntgroups;
}rlm_huntgroups_t;
}
static const CONF_PARSER module_config[] = {
{ "huntgroups",
PW_TYPE_FILENAME,offsetof(rlm_huntgroups_t,huntgroup_file), NULL,
"${raddbdir}/huntgroups"},
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
/* This function ist imported from the preprocess C-FIle */
static int hunt_paircmp(REQUEST *req, VALUE_PAIR *request, VALUE_PAIR
*check)
{
VALUE_PAIR *check_item = check;
VALUE_PAIR *tmp;
int result = -1;
if (check == NULL) return 0;
while (result != 0 && check_item != NULL) {
tmp = check_item->next;
check_item->next = NULL;
result = paircompare(req, request, check_item, NULL);
check_item->next = tmp;
check_item = check_item->next;
}
return result;
}
/* This function ist imported from the preprocess C-FIle */
static int huntgroup_access(REQUEST *request, PAIR_LIST *huntgroups)
{
PAIR_LIST *i;
int r = RLM_MODULE_OK;
VALUE_PAIR *request_pairs = request->packet->vps;
/*
* We're not controlling access by huntgroups:
* Allow them in.
*/
if (huntgroups == NULL)
return RLM_MODULE_OK;
for(i = huntgroups; i; i = i->next) {
/*
* See if this entry matches.
*/
if (paircompare(request, request_pairs, i->check, NULL) != 0)
continue;
/*
* Now check for access.
*/
r = RLM_MODULE_REJECT;
if (hunt_paircmp(request, request_pairs, i->reply) == 0) {
VALUE_PAIR *vp;
/*
* We've matched the huntgroup, so add it in
* to the list of request pairs.
*/
vp = pairfind(request_pairs, PW_HUNTGROUP_NAME);
if (!vp) {
vp = radius_paircreate(request,
&request->packet->vps,
PW_HUNTGROUP_NAME,
PW_TYPE_STRING);
strlcpy(vp->vp_strvalue, i->name,
sizeof(vp->vp_strvalue));
vp->length = strlen(vp->vp_strvalue);
}
r = RLM_MODULE_OK;
}
break;
}
return r;
}
static int cpp_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_huntgroups_t *data;
int rcode;
/* Allocate room to put the module's instantiation data */
data = (rlm_huntgroups_t *) rad_malloc(sizeof(*data));
memset(data,0,sizeof(*data));
/* Read this modules configuration data */
if (cf_section_parse(conf, data, module_config) < 0) {
free(data);
return -1;
}
data->huntgroups = NULL;
/* Read the huntgroups file */
if(data->huntgroup_file)
{
rcode = pairlist_read(data->huntgroup_file,&(data->huntgroups),0);
if (rcode < 0)
{
radlog(L_ERR|L_CONS, "rlm_preprocess: Error reading %s",
data->huntgroup_file);
return -1;
}
}
/* Save the instantiation data for later */
*instance = data;
return RLM_MODULE_OK;
}
static int cpp_authorize(void *instance, REQUEST *request)
{
/* quiet the compiler */
instance = instance;
request = request;
rlm_huntgroups_t *data = (rlm_huntgroups_t *) instance;
int r;
if((r = huntgroup_access(request,data->huntgroups)) !=
RLM_MODULE_OK) {
char buf[1024];
radlog_request(L_INFO, 0, request, "No huntgroup access: [%s]
(%s)",
request->username ? request->username->vp_strvalue : "<NO
User-Name>",
auth_name(buf, sizeof(buf), request, 1));
return r;
}
return RLM_MODULE_OK;
}
extern "C" {
/*
* Clean up the module's instance.
*/
static int cpp_detach(void *instance)
{
rlm_huntgroups_t *data = (rlm_huntgroups_t *) instance;
pairlist_free(&(data->huntgroups));
free(data);
return 0;
}
}
extern "C" {
module_t rlm_cpp = {
RLM_MODULE_INIT,
"cpp",
RLM_TYPE_THREAD_SAFE, /* type */
cpp_instantiate, /* instantiation */
cpp_detach, /* detach */
{
NULL, /* authentication */
cpp_authorize, /* authorization */
NULL, /* preaccounting */
NULL, /* accounting */
NULL, /* checksimul */
NULL, /* pre-proxy */
NULL, /* post-proxy */
NULL /* post-auth */
},
};
}
Greetz
Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130312/2ef0b313/attachment-0001.html>
More information about the Freeradius-Devel
mailing list