2 * modules.c Radius module support.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2003,2006 The FreeRADIUS server project
21 * Copyright 2000 Alan DeKok <aland@ox.org>
22 * Copyright 2000 Alan Curry <pacman@world.std.com>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/modpriv.h>
30 #include <freeradius-devel/modcall.h>
31 #include <freeradius-devel/rad_assert.h>
33 extern int check_config;
35 typedef struct indexed_modcallable {
38 modcallable *modulelist;
39 } indexed_modcallable;
41 typedef struct virtual_server_t {
47 modcallable *mc[RLM_COMPONENT_COUNT];
48 CONF_SECTION *subcs[RLM_COMPONENT_COUNT];
49 struct virtual_server_t *next;
53 * Keep a hash of virtual servers, so that we can reload them.
55 #define VIRTUAL_SERVER_HASH_SIZE (256)
56 static virtual_server_t *virtual_servers[VIRTUAL_SERVER_HASH_SIZE];
58 static rbtree_t *module_tree = NULL;
60 static rbtree_t *instance_tree = NULL;
62 struct fr_module_hup_t {
63 module_instance_t *mi;
66 fr_module_hup_t *next;
70 * Ordered by component
72 const section_type_value_t section_type_value[RLM_COMPONENT_COUNT] = {
73 { "authenticate", "Auth-Type", PW_AUTH_TYPE },
74 { "authorize", "Autz-Type", PW_AUTZ_TYPE },
75 { "preacct", "Pre-Acct-Type", PW_PRE_ACCT_TYPE },
76 { "accounting", "Acct-Type", PW_ACCT_TYPE },
77 { "session", "Session-Type", PW_SESSION_TYPE },
78 { "pre-proxy", "Pre-Proxy-Type", PW_PRE_PROXY_TYPE },
79 { "post-proxy", "Post-Proxy-Type", PW_POST_PROXY_TYPE },
80 { "post-auth", "Post-Auth-Type", PW_POST_AUTH_TYPE }
83 { "recv-coa", "Recv-CoA-Type", PW_RECV_COA_TYPE },
84 { "send-coa", "Send-CoA-Type", PW_SEND_COA_TYPE }
97 #define RTLD_LOCAL (0)
100 #define fr_dlopenext lt_dlopenext
103 #define LT_SHREXT ".dylib"
104 #define LD_LIBRARY_PATH "DYLD_FALLBACK_LIBRARY_PATH"
105 #elif defined (WIN32)
106 #define LT_SHREXT ".dll"
108 #define LT_SHREXT ".so"
109 #define LD_LIBRARY_PATH "LD_LIBRARY_PATH"
120 * This doesn't really do anything...
122 p = getenv(LD_LIBRARY_PATH);
124 snprintf(buffer, sizeof(buffer), "%s:%s", p, radlib_dir);
130 return setenv(LD_LIBRARY_PATH, val, 1);
133 lt_dlhandle lt_dlopenext(const char *name)
135 int flags = RTLD_NOW;
140 if (strcmp(name, "rlm_perl") == 0) {
141 flags |= RTLD_GLOBAL;
147 * Prefer loading our libraries by absolute path.
149 snprintf(buffer, sizeof(buffer), "%s/%s%s", radlib_dir, name, LT_SHREXT);
150 handle = dlopen(buffer, flags);
151 if (handle) return handle;
153 strlcpy(buffer, name, sizeof(buffer));
156 * FIXME: Make this configurable...
158 strlcat(buffer, LT_SHREXT, sizeof(buffer));
160 return dlopen(buffer, flags);
163 void *lt_dlsym(lt_dlhandle handle, UNUSED const char *symbol)
165 return dlsym(handle, symbol);
168 int lt_dlclose(lt_dlhandle handle)
170 if (!handle) return 0;
172 return dlclose(handle);
175 const char *lt_dlerror(void)
181 #else /* without dlopen */
182 typedef struct lt_dlmodule_t {
187 typedef struct eap_type_t EAP_TYPE;
188 typedef struct rlm_sql_module_t rlm_sql_module_t;
191 * FIXME: Write hackery to auto-generate this data.
192 * We only need to do this on systems that don't have dlopen.
194 extern module_t rlm_pap;
195 extern module_t rlm_chap;
196 extern module_t rlm_eap;
197 extern module_t rlm_sql;
200 extern EAP_TYPE rlm_eap_md5;
201 extern rlm_sql_module_t rlm_sql_mysql;
204 static const lt_dlmodule_t lt_dlmodules[] = {
205 { "rlm_pap", &rlm_pap },
206 { "rlm_chap", &rlm_chap },
207 { "rlm_eap", &rlm_eap },
210 { "rlm_eap_md5", &rlm_eap_md5 },
213 { "rlm_sql_mysql", &rlm_sql_mysql },
219 #define fr_dlopenext lt_dlopenext
220 lt_dlhandle lt_dlopenext(const char *name)
224 for (i = 0; lt_dlmodules[i].name != NULL; i++) {
225 if (strcmp(name, lt_dlmodules[i].name) == 0) {
226 return lt_dlmodules[i].ref;
233 void *lt_dlsym(lt_dlhandle handle, UNUSED const char *symbol)
238 int lt_dlclose(lt_dlhandle handle)
243 const char *lt_dlerror(void)
245 return "Unspecified error";
248 #endif /* HAVE_DLFCN_H */
249 #else /* WIT_LIBLTDL */
252 * Solve the issues of libraries linking to other libraries
253 * by using a newer libltdl API.
255 #ifndef HAVE_LT_DLADVISE_INIT
256 #define fr_dlopenext lt_dlopenext
258 static lt_dlhandle fr_dlopenext(const char *filename)
260 lt_dlhandle handle = 0;
263 if (!lt_dladvise_init (&advise) &&
264 !lt_dladvise_ext (&advise) &&
265 !lt_dladvise_global (&advise)) {
266 handle = lt_dlopenadvise (filename, advise);
269 lt_dladvise_destroy (&advise);
273 #endif /* HAVE_LT_DLADVISE_INIT */
274 #endif /* WITH_LIBLTDL */
276 static int virtual_server_idx(const char *name)
282 hash = fr_hash_string(name);
284 return hash & (VIRTUAL_SERVER_HASH_SIZE - 1);
287 static virtual_server_t *virtual_server_find(const char *name)
290 virtual_server_t *server;
292 rcode = virtual_server_idx(name);
293 for (server = virtual_servers[rcode];
295 server = server->next) {
296 if (!name && !server->name) break;
298 if ((name && server->name) &&
299 (strcmp(name, server->name) == 0)) break;
305 static void virtual_server_free(virtual_server_t *server)
309 if (server->components) rbtree_free(server->components);
310 server->components = NULL;
315 void virtual_servers_free(time_t when)
318 virtual_server_t **last;
320 for (i = 0; i < VIRTUAL_SERVER_HASH_SIZE; i++) {
321 virtual_server_t *server, *next;
323 last = &virtual_servers[i];
324 for (server = virtual_servers[i];
330 * If we delete it, fix the links so that
331 * we don't orphan anything. Also,
332 * delete it if it's old, AND a newer one
335 * Otherwise, the last pointer gets set to
336 * the one we didn't delete.
339 ((server->created < when) && server->can_free)) {
340 *last = server->next;
341 virtual_server_free(server);
343 last = &(server->next);
349 static void indexed_modcallable_free(void *data)
351 indexed_modcallable *c = data;
353 modcallable_free(&c->modulelist);
357 static int indexed_modcallable_cmp(const void *one, const void *two)
359 const indexed_modcallable *a = one;
360 const indexed_modcallable *b = two;
362 if (a->comp < b->comp) return -1;
363 if (a->comp > b->comp) return +1;
365 return a->idx - b->idx;
370 * Compare two module entries
372 static int module_instance_cmp(const void *one, const void *two)
374 const module_instance_t *a = one;
375 const module_instance_t *b = two;
377 return strcmp(a->name, b->name);
381 static void module_instance_free_old(UNUSED CONF_SECTION *cs, module_instance_t *node,
384 fr_module_hup_t *mh, **last;
387 * Walk the list, freeing up old instances.
394 * Free only every 60 seconds.
396 if ((when - mh->when) < 60) {
401 cf_section_parse_free(cs, mh->insthandle);
403 if (node->entry->module->detach) {
404 if ((node->entry->module->detach)(mh->insthandle) < 0) {
405 DEBUGW("Failed detaching module %s cleanly. Doing forcible shutdown", node->name);
409 free(mh->insthandle);
419 * Free a module instance.
421 static void module_instance_free(void *data)
423 module_instance_t *this = data;
425 module_instance_free_old(this->cs, this, time(NULL) + 100);
427 cf_section_parse_free(this->cs, this->insthandle);
429 if (this->entry->module->detach) {
430 (this->entry->module->detach)(this->insthandle);
433 #ifdef HAVE_PTHREAD_H
437 * The mutex MIGHT be locked...
438 * we'll check for that later, I guess.
440 pthread_mutex_destroy(this->mutex);
444 memset(this, 0, sizeof(*this));
450 * Compare two module entries
452 static int module_entry_cmp(const void *one, const void *two)
454 const module_entry_t *a = one;
455 const module_entry_t *b = two;
457 return strcmp(a->name, b->name);
461 * Free a module entry.
463 static void module_entry_free(void *data)
465 module_entry_t *this = data;
467 lt_dlclose(this->handle); /* ignore any errors */
468 memset(this, 0, sizeof(*this));
474 * Remove the module lists.
476 int detach_modules(void)
478 rbtree_free(instance_tree);
479 rbtree_free(module_tree);
488 * Find a module on disk or in memory, and link to it.
490 static module_entry_t *linkto_module(const char *module_name,
493 module_entry_t myentry;
494 module_entry_t *node;
495 lt_dlhandle handle = NULL;
496 char module_struct[256];
498 const module_t *module;
500 strlcpy(myentry.name, module_name, sizeof(myentry.name));
501 node = rbtree_finddata(module_tree, &myentry);
502 if (node) return node;
503 if (strlen(module_name) >= sizeof(module_struct)) {
504 cf_log_err(cf_sectiontoitem(cs),
505 "Failed to link to module '%s': Name is too long\n",
511 * Link to the module's rlm_FOO{} module structure.
513 * The module_name variable has the version number
514 * embedded in it, and we don't want that here.
516 strlcpy(module_struct, module_name, sizeof(module_struct));
517 p = strrchr(module_struct, '-');
520 #if !defined(WITH_LIBLTDL) && defined(HAVE_DLFCN_H) && defined(RTLD_SELF)
521 module = lt_dlsym(RTLD_SELF, module_struct);
522 if (module) goto open_self;
526 * Keep the handle around so we can dlclose() it.
528 handle = fr_dlopenext(module_name);
529 if (handle == NULL) {
530 cf_log_err(cf_sectiontoitem(cs),
531 "Failed to link to module '%s': %s\n",
532 module_name, lt_dlerror());
536 DEBUG3(" (Loaded %s, checking if it's valid)", module_name);
539 * libltld MAY core here, if the handle it gives us contains
542 module = lt_dlsym(handle, module_struct);
544 cf_log_err(cf_sectiontoitem(cs),
545 "Failed linking to %s structure: %s\n",
546 module_name, lt_dlerror());
551 #if !defined(WIT_LIBLTDL) && defined (HAVE_DLFCN_H) && defined(RTLD_SELF)
555 * Before doing anything else, check if it's sane.
557 if (module->magic != RLM_MODULE_MAGIC_NUMBER) {
559 cf_log_err(cf_sectiontoitem(cs),
560 "Invalid version in module '%s'",
566 /* make room for the module type */
567 node = rad_malloc(sizeof(*node));
568 memset(node, 0, sizeof(*node));
569 strlcpy(node->name, module_name, sizeof(node->name));
570 node->module = module;
571 node->handle = handle;
573 cf_log_module(cs, "Linked to module %s", module_name);
576 * Add the module as "rlm_foo-version" to the configuration
579 if (!rbtree_insert(module_tree, node)) {
580 radlog(L_ERR, "Failed to cache module %s", module_name);
590 * Find a module instance.
592 module_instance_t *find_module_instance(CONF_SECTION *modules,
593 const char *askedname, int do_link)
595 int check_config_safe = FALSE;
597 const char *name1, *instname;
598 module_instance_t *node, myNode;
599 char module_name[256];
601 if (!modules) return NULL;
604 * Look for the real name. Ignore the first character,
605 * which tells the server "it's OK for this module to not
608 instname = askedname;
609 if (instname[0] == '-') instname++;
612 * Module instances are declared in the modules{} block
613 * and referenced later by their name, which is the
614 * name2 from the config section, or name1 if there was
617 cs = cf_section_sub_find_name2(modules, NULL, instname);
619 radlog(L_ERR, "ERROR: Cannot find a configuration entry for module \"%s\".\n", instname);
624 * If there's already a module instance, return it.
626 strlcpy(myNode.name, instname, sizeof(myNode.name));
627 node = rbtree_finddata(instance_tree, &myNode);
628 if (node) return node;
630 if (!do_link) return NULL;
632 name1 = cf_section_name1(cs);
635 * Found the configuration entry.
637 node = rad_malloc(sizeof(*node));
638 memset(node, 0, sizeof(*node));
640 node->insthandle = NULL;
644 * Names in the "modules" section aren't prefixed
645 * with "rlm_", so we add it here.
647 snprintf(module_name, sizeof(module_name), "rlm_%s", name1);
649 node->entry = linkto_module(module_name, cs);
652 /* linkto_module logs any errors */
656 if (check_config && (node->entry->module->instantiate) &&
657 (node->entry->module->type & RLM_TYPE_CHECK_CONFIG_SAFE) == 0) {
658 const char *value = NULL;
661 cp = cf_pair_find(cs, "force_check_config");
662 if (cp) value = cf_pair_value(cp);
664 if (value && (strcmp(value, "yes") == 0)) goto print_inst;
666 cf_log_module(cs, "Skipping instantiation of %s", instname);
669 check_config_safe = TRUE;
670 cf_log_module(cs, "Instantiating module \"%s\" from file %s",
671 instname, cf_section_filename(cs));
675 * Call the module's instantiation routine.
677 if ((node->entry->module->instantiate) &&
678 (!check_config || check_config_safe) &&
679 ((node->entry->module->instantiate)(cs, &node->insthandle) < 0)) {
680 cf_log_err(cf_sectiontoitem(cs),
681 "Instantiation failed for module \"%s\"",
688 * We're done. Fill in the rest of the data structure,
689 * and link it to the module instance list.
691 strlcpy(node->name, instname, sizeof(node->name));
693 #ifdef HAVE_PTHREAD_H
695 * If we're threaded, check if the module is thread-safe.
697 * If it isn't, we create a mutex.
699 if ((node->entry->module->type & RLM_TYPE_THREAD_UNSAFE) != 0) {
700 node->mutex = (pthread_mutex_t *) rad_malloc(sizeof(pthread_mutex_t));
702 * Initialize the mutex.
704 pthread_mutex_init(node->mutex, NULL);
707 * The module is thread-safe. Don't give it a mutex.
713 rbtree_insert(instance_tree, node);
718 static indexed_modcallable *lookup_by_index(rbtree_t *components,
721 indexed_modcallable myc;
726 return rbtree_finddata(components, &myc);
730 * Create a new sublist.
732 static indexed_modcallable *new_sublist(rbtree_t *components, int comp, int idx)
734 indexed_modcallable *c;
736 c = lookup_by_index(components, comp, idx);
738 /* It is an error to try to create a sublist that already
739 * exists. It would almost certainly be caused by accidental
740 * duplication in the config file.
742 * index 0 is the exception, because it is used when we want
743 * to collect _all_ listed modules under a single index by
744 * default, which is currently the case in all components
745 * except authenticate. */
753 c = rad_malloc(sizeof(*c));
754 c->modulelist = NULL;
758 if (!rbtree_insert(components, c)) {
766 rlm_rcode_t indexed_modcall(int comp, int idx, REQUEST *request)
769 modcallable *list = NULL;
770 virtual_server_t *server;
773 * Hack to find the correct virtual server.
775 server = virtual_server_find(request->server);
777 RDEBUG("No such virtual server \"%s\"", request->server);
778 return RLM_MODULE_FAIL;
782 list = server->mc[comp];
783 if (!list) RDEBUG2W("Empty %s section. Using default return values.", section_type_value[comp].section);
786 indexed_modcallable *this;
788 this = lookup_by_index(server->components, comp, idx);
790 list = this->modulelist;
792 RDEBUG2W("Unknown value specified for %s. Cannot perform requested action.",
793 section_type_value[comp].typename);
797 if (server->subcs[comp]) {
799 RDEBUG("# Executing section %s from file %s",
800 section_type_value[comp].section,
801 cf_section_filename(server->subcs[comp]));
803 RDEBUG("# Executing group from file %s",
804 cf_section_filename(server->subcs[comp]));
807 request->component = section_type_value[comp].section;
809 rcode = modcall(comp, list, request);
811 request->module = "";
812 request->component = "<core>";
817 * Load a sub-module list, as found inside an Auth-Type foo {}
820 static int load_subcomponent_section(modcallable *parent, CONF_SECTION *cs,
821 rbtree_t *components,
822 const DICT_ATTR *dattr, int comp)
824 indexed_modcallable *subcomp;
827 const char *name2 = cf_section_name2(cs);
829 rad_assert(comp >= RLM_COMPONENT_AUTH);
830 rad_assert(comp < RLM_COMPONENT_COUNT);
836 cf_log_err(cf_sectiontoitem(cs),
837 "No name specified for %s block",
838 section_type_value[comp].typename);
845 ml = compile_modgroup(parent, comp, cs);
851 * We must assign a numeric index to this subcomponent.
852 * It is generated and placed in the dictionary
853 * automatically. If it isn't found, it's a serious
856 dval = dict_valbyname(dattr->attr, dattr->vendor, name2);
858 cf_log_err(cf_sectiontoitem(cs),
859 "%s %s Not previously configured",
860 section_type_value[comp].typename, name2);
861 modcallable_free(&ml);
865 subcomp = new_sublist(components, comp, dval->value);
867 modcallable_free(&ml);
871 subcomp->modulelist = ml;
875 static int define_type(const DICT_ATTR *dattr, const char *name)
881 * If the value already exists, don't
884 dval = dict_valbyname(dattr->attr, dattr->vendor, name);
888 * Create a new unique value with a
889 * meaningless number. You can't look at
890 * it from outside of this code, so it
891 * doesn't matter. The only requirement
892 * is that it's unique.
895 value = fr_rand() & 0x00ffffff;
896 } while (dict_valbyattr(dattr->attr, dattr->vendor, value));
898 DEBUG2(" Module: Creating %s = %s", dattr->name, name);
899 if (dict_addvalue(name, dattr->name, value) < 0) {
900 radlog(L_ERR, "%s", fr_strerror());
907 static int load_component_section(CONF_SECTION *cs,
908 rbtree_t *components, int comp)
913 indexed_modcallable *subcomp;
915 const char *visiblename;
916 const DICT_ATTR *dattr;
919 * Find the attribute used to store VALUEs for this section.
921 dattr = dict_attrbyvalue(section_type_value[comp].attr, 0);
923 cf_log_err(cf_sectiontoitem(cs),
924 "No such attribute %s",
925 section_type_value[comp].typename);
930 * Loop over the entries in the named section, loading
931 * the sections this time.
933 for (modref = cf_item_find_next(cs, NULL);
935 modref = cf_item_find_next(cs, modref)) {
937 CONF_PAIR *cp = NULL;
938 CONF_SECTION *scs = NULL;
940 if (cf_item_is_section(modref)) {
941 scs = cf_itemtosection(modref);
943 name1 = cf_section_name1(scs);
946 section_type_value[comp].typename) == 0) {
947 if (!load_subcomponent_section(NULL, scs,
951 return -1; /* FIXME: memleak? */
958 } else if (cf_item_is_pair(modref)) {
959 cp = cf_itemtopair(modref);
962 continue; /* ignore it */
966 * Try to compile one entry.
968 this = compile_modsingle(NULL, comp, modref, &modname);
971 * It's OK for the module to not exist.
973 if (!this && modname && (modname[0] == '-')) {
974 DEBUGW("Not loading module \"%s\" as it is not enabled", modname + 1);
979 cf_log_err(cf_sectiontoitem(cs),
980 "Errors parsing %s section.\n",
981 cf_section_name1(cs));
986 * Look for Auth-Type foo {}, which are special
987 * cases of named sections, and allowable ONLY
990 * i.e. They're not allowed in a "group" or "redundant"
993 if (comp == RLM_COMPONENT_AUTH) {
995 const char *modrefname = NULL;
997 modrefname = cf_pair_attr(cp);
999 modrefname = cf_section_name2(scs);
1001 modcallable_free(&this);
1002 cf_log_err(cf_sectiontoitem(cs),
1003 "Errors parsing %s sub-section.\n",
1004 cf_section_name1(scs));
1009 dval = dict_valbyname(PW_AUTH_TYPE, 0, modrefname);
1012 * It's a section, but nothing we
1015 modcallable_free(&this);
1016 cf_log_err(cf_sectiontoitem(cs),
1017 "Unknown Auth-Type \"%s\" in %s sub-section.",
1018 modrefname, section_type_value[comp].section);
1023 /* See the comment in new_sublist() for explanation
1024 * of the special index 0 */
1028 subcomp = new_sublist(components, comp, idx);
1029 if (subcomp == NULL) {
1030 modcallable_free(&this);
1034 /* If subcomp->modulelist is NULL, add_to_modcallable will
1036 visiblename = cf_section_name2(cs);
1037 if (visiblename == NULL)
1038 visiblename = cf_section_name1(cs);
1039 add_to_modcallable(&subcomp->modulelist, this,
1046 static int load_byserver(CONF_SECTION *cs)
1049 const char *name = cf_section_name2(cs);
1050 rbtree_t *components;
1051 virtual_server_t *server = NULL;
1052 indexed_modcallable *c;
1055 cf_log_info(cs, "server %s { # from file %s",
1056 name, cf_section_filename(cs));
1058 cf_log_info(cs, "server { # from file %s",
1059 cf_section_filename(cs));
1062 cf_log_info(cs, " modules {");
1064 components = rbtree_create(indexed_modcallable_cmp,
1065 indexed_modcallable_free, 0);
1067 radlog(L_ERR, "Failed to initialize components\n");
1071 server = rad_malloc(sizeof(*server));
1072 memset(server, 0, sizeof(*server));
1074 server->name = name;
1075 server->created = time(NULL);
1077 server->components = components;
1080 * Define types first.
1082 for (comp = 0; comp < RLM_COMPONENT_COUNT; ++comp) {
1083 CONF_SECTION *subcs;
1085 const DICT_ATTR *dattr;
1087 subcs = cf_section_sub_find(cs,
1088 section_type_value[comp].section);
1089 if (!subcs) continue;
1091 if (cf_item_find_next(subcs, NULL) == NULL) continue;
1094 * Find the attribute used to store VALUEs for this section.
1096 dattr = dict_attrbyvalue(section_type_value[comp].attr, 0);
1098 cf_log_err(cf_sectiontoitem(subcs),
1099 "No such attribute %s",
1100 section_type_value[comp].typename);
1102 if (debug_flag == 0) {
1103 radlog(L_ERR, "Failed to load virtual server %s",
1104 (name != NULL) ? name : "<default>");
1106 virtual_server_free(server);
1111 * Define dynamic types, so that others can reference
1114 for (modref = cf_item_find_next(subcs, NULL);
1116 modref = cf_item_find_next(subcs, modref)) {
1118 CONF_SECTION *subsubcs;
1121 * Create types for simple references
1122 * only when parsing the authenticate
1125 if ((section_type_value[comp].attr == PW_AUTH_TYPE) &&
1126 cf_item_is_pair(modref)) {
1127 CONF_PAIR *cp = cf_itemtopair(modref);
1128 if (!define_type(dattr, cf_pair_attr(cp))) {
1135 if (!cf_item_is_section(modref)) continue;
1137 subsubcs = cf_itemtosection(modref);
1138 name1 = cf_section_name1(subsubcs);
1140 if (strcmp(name1, section_type_value[comp].typename) == 0) {
1141 if (!define_type(dattr,
1142 cf_section_name2(subsubcs))) {
1147 } /* loop over components */
1150 * Loop over all of the known components, finding their
1151 * configuration section, and loading it.
1154 for (comp = 0; comp < RLM_COMPONENT_COUNT; ++comp) {
1155 CONF_SECTION *subcs;
1157 subcs = cf_section_sub_find(cs,
1158 section_type_value[comp].section);
1159 if (!subcs) continue;
1161 if (cf_item_find_next(subcs, NULL) == NULL) continue;
1163 cf_log_module(cs, "Checking %s {...} for more modules to load",
1164 section_type_value[comp].section);
1167 * Skip pre/post-proxy sections if we're not
1172 !mainconfig.proxy_requests &&
1174 ((comp == RLM_COMPONENT_PRE_PROXY) ||
1175 (comp == RLM_COMPONENT_POST_PROXY))) {
1179 #ifndef WITH_ACCOUNTING
1180 if (comp == RLM_COMPONENT_ACCT) continue;
1183 #ifndef WITH_SESSION_MGMT
1184 if (comp == RLM_COMPONENT_SESS) continue;
1187 if (load_component_section(subcs, components, comp) < 0) {
1192 * Cache a default, if it exists. Some people
1193 * put empty sections for some reason...
1195 c = lookup_by_index(components, comp, 0);
1196 if (c) server->mc[comp] = c->modulelist;
1198 server->subcs[comp] = subcs;
1201 } /* loop over components */
1204 * We haven't loaded any of the normal sections. Maybe we're
1205 * supposed to load the vmps section.
1207 * This is a bit of a hack...
1210 CONF_SECTION *subcs;
1212 subcs = cf_section_sub_find(cs, "vmps");
1214 cf_log_module(cs, "Checking vmps {...} for more modules to load");
1215 if (load_component_section(subcs, components,
1216 RLM_COMPONENT_POST_AUTH) < 0) {
1219 c = lookup_by_index(components,
1220 RLM_COMPONENT_POST_AUTH, 0);
1221 if (c) server->mc[RLM_COMPONENT_POST_AUTH] = c->modulelist;
1227 const DICT_ATTR *dattr;
1229 dattr = dict_attrbyname("DHCP-Message-Type");
1232 * Handle each DHCP Message type separately.
1234 if (dattr) for (subcs = cf_subsection_find_next(cs, NULL, "dhcp");
1236 subcs = cf_subsection_find_next(cs, subcs,
1238 const char *name2 = cf_section_name2(subcs);
1240 DEBUG2(" Module: Checking dhcp %s {...} for more modules to load", name2);
1241 if (!load_subcomponent_section(NULL, subcs,
1244 RLM_COMPONENT_POST_AUTH)) {
1245 goto error; /* FIXME: memleak? */
1247 c = lookup_by_index(components,
1248 RLM_COMPONENT_POST_AUTH, 0);
1249 if (c) server->mc[RLM_COMPONENT_POST_AUTH] = c->modulelist;
1256 cf_log_info(cs, " } # modules");
1257 cf_log_info(cs, "} # server");
1259 if (!flag && name) {
1260 DEBUGW("Server %s is empty, and will do nothing!",
1264 if (debug_flag == 0) {
1265 radlog(L_INFO, "Loaded virtual server %s",
1266 (name != NULL) ? name : "<default>");
1270 * Now that it is OK, insert it into the list.
1272 * This is thread-safe...
1274 comp = virtual_server_idx(name);
1275 server->next = virtual_servers[comp];
1276 virtual_servers[comp] = server;
1279 * Mark OLDER ones of the same name as being unused.
1281 server = server->next;
1283 if ((!name && !server->name) ||
1284 (name && server->name &&
1285 (strcmp(server->name, name) == 0))) {
1286 server->can_free = TRUE;
1289 server = server->next;
1297 * Load all of the virtual servers.
1299 int virtual_servers_load(CONF_SECTION *config)
1302 static int first_time = TRUE;
1304 DEBUG2("%s: #### Loading Virtual Servers ####", mainconfig.name);
1307 * If we have "server { ...}", then there SHOULD NOT be
1308 * bare "authorize", etc. sections. if there is no such
1309 * server, then try to load the old-style sections first.
1311 * In either case, load the "default" virtual server first.
1312 * this matches better iwth users expectations.
1314 cs = cf_section_find_name2(cf_subsection_find_next(config, NULL,
1318 if (load_byserver(cs) < 0) {
1322 if (load_byserver(config) < 0) {
1328 * Load all of the virtual servers.
1330 for (cs = cf_subsection_find_next(config, NULL, "server");
1332 cs = cf_subsection_find_next(config, cs, "server")) {
1334 virtual_server_t *server;
1336 name2 = cf_section_name2(cs);
1337 if (!name2) continue; /* handled above */
1339 server = virtual_server_find(name2);
1341 (cf_top_section(server->cs) == config)) {
1342 radlog(L_ERR, "Duplicate virtual server \"%s\" in file %s:%d and file %s:%d",
1344 cf_section_filename(server->cs),
1345 cf_section_lineno(server->cs),
1346 cf_section_filename(cs),
1347 cf_section_lineno(cs));
1351 if (load_byserver(cs) < 0) {
1353 * Once we successfully started once,
1354 * continue loading the OTHER servers,
1355 * even if one fails.
1357 if (!first_time) continue;
1363 * If we succeed the first time around, remember that.
1370 int module_hup_module(CONF_SECTION *cs, module_instance_t *node, time_t when)
1372 void *insthandle = NULL;
1373 fr_module_hup_t *mh;
1376 !node->entry->module->instantiate ||
1377 ((node->entry->module->type & RLM_TYPE_HUP_SAFE) == 0)) {
1381 cf_log_module(cs, "Trying to reload module \"%s\"", node->name);
1383 if ((node->entry->module->instantiate)(cs, &insthandle) < 0) {
1384 cf_log_err(cf_sectiontoitem(cs),
1385 "HUP failed for module \"%s\". Using old configuration.",
1390 radlog(L_INFO, " Module: Reloaded module \"%s\"", node->name);
1392 module_instance_free_old(cs, node, when);
1395 * Save the old instance handle for later deletion.
1397 mh = rad_malloc(sizeof(*mh));
1400 mh->insthandle = node->insthandle;
1401 mh->next = node->mh;
1404 node->insthandle = insthandle;
1407 * FIXME: Set a timeout to come back in 60s, so that
1408 * we can pro-actively clean up the old instances.
1415 int module_hup(CONF_SECTION *modules)
1420 module_instance_t *node;
1422 if (!modules) return 0;
1427 * Loop over the modules
1429 for (ci=cf_item_find_next(modules, NULL);
1431 ci=cf_item_find_next(modules, ci)) {
1432 const char *instname;
1433 module_instance_t myNode;
1436 * If it's not a section, ignore it.
1438 if (!cf_item_is_section(ci)) continue;
1440 cs = cf_itemtosection(ci);
1441 instname = cf_section_name2(cs);
1442 if (!instname) instname = cf_section_name1(cs);
1444 strlcpy(myNode.name, instname, sizeof(myNode.name));
1445 node = rbtree_finddata(instance_tree, &myNode);
1447 module_hup_module(cs, node, when);
1455 * Parse the module config sections, and load
1456 * and call each module's init() function.
1458 * Libtool makes your life a LOT easier, especially with libltdl.
1459 * see: http://www.gnu.org/software/libtool/
1461 int setup_modules(int reload, CONF_SECTION *config)
1463 CONF_ITEM *ci, *next;
1464 CONF_SECTION *cs, *modules;
1465 rad_listen_t *listener;
1467 if (reload) return 0;
1470 * If necessary, initialize libltdl.
1474 * This line works around a completely
1476 * RIDICULOUS INSANE IDIOTIC
1478 * bug in libltdl on certain systems. The "set
1479 * preloaded symbols" macro below ends up
1480 * referencing this name, but it isn't defined
1481 * anywhere in the libltdl source. As a result,
1482 * any program STUPID enough to rely on libltdl
1483 * fails to link, because the symbol isn't
1486 * It's like libtool and libltdl are some kind
1489 #ifdef IE_LIBTOOL_DIE
1490 #define lt__PROGRAM__LTX_preloaded_symbols lt_libltdl_LTX_preloaded_symbols
1494 * Set the default list of preloaded symbols.
1495 * This is used to initialize libltdl's list of
1496 * preloaded modules.
1498 * i.e. Static modules.
1500 LTDL_SET_PRELOADED_SYMBOLS();
1502 if (lt_dlinit() != 0) {
1503 radlog(L_ERR, "Failed to initialize libraries: %s\n",
1509 * Set the search path to ONLY our library directory.
1510 * This prevents the modules from being found from
1511 * any location on the disk.
1513 lt_dlsetsearchpath(radlib_dir);
1516 * Set up the internal module struct.
1518 module_tree = rbtree_create(module_entry_cmp,
1519 module_entry_free, 0);
1521 radlog(L_ERR, "Failed to initialize modules\n");
1525 instance_tree = rbtree_create(module_instance_cmp,
1526 module_instance_free, 0);
1527 if (!instance_tree) {
1528 radlog(L_ERR, "Failed to initialize modules\n");
1533 memset(virtual_servers, 0, sizeof(virtual_servers));
1536 * Remember where the modules were stored.
1538 modules = cf_section_sub_find(config, "modules");
1540 radlog(L_INFO, "WARNING: Cannot find a \"modules\" section in the configuration file!");
1543 DEBUG2("%s: #### Instantiating modules ####", mainconfig.name);
1546 * Loop over module definitions, looking for duplicates.
1548 * This is O(N^2) in the number of modules, but most
1549 * systems should have less than 100 modules.
1551 for (ci=cf_item_find_next(modules, NULL);
1554 const char *name1, *name2;
1555 CONF_SECTION *subcs, *duplicate;
1557 next = cf_item_find_next(modules, ci);
1559 if (!cf_item_is_section(ci)) continue;
1561 if (!next || !cf_item_is_section(next)) continue;
1563 subcs = cf_itemtosection(ci);
1564 name1 = cf_section_name1(subcs);
1565 name2 = cf_section_name2(subcs);
1567 duplicate = cf_section_find_name2(cf_itemtosection(next),
1569 if (!duplicate) continue;
1571 if (!name2) name2 = "";
1573 radlog(L_ERR, "Duplicate module \"%s %s\", in file %s:%d and file %s:%d",
1575 cf_section_filename(subcs),
1576 cf_section_lineno(subcs),
1577 cf_section_filename(duplicate),
1578 cf_section_lineno(duplicate));
1583 * Look for the 'instantiate' section, which tells us
1584 * the instantiation order of the modules, and also allows
1585 * us to load modules with no authorize/authenticate/etc.
1588 cs = cf_section_sub_find(config, "instantiate");
1591 module_instance_t *module;
1594 cf_log_info(cs, " instantiate {");
1597 * Loop over the items in the 'instantiate' section.
1599 for (ci=cf_item_find_next(cs, NULL);
1601 ci=cf_item_find_next(cs, ci)) {
1604 * Skip sections and "other" stuff.
1605 * Sections will be handled later, if
1606 * they're referenced at all...
1608 if (!cf_item_is_pair(ci)) {
1612 cp = cf_itemtopair(ci);
1613 name = cf_pair_attr(cp);
1614 module = find_module_instance(modules, name, 1);
1615 if (!module && (name[0] != '-')) {
1618 } /* loop over items in the subsection */
1620 cf_log_info(cs, " }");
1621 } /* if there's an 'instantiate' section. */
1624 * Loop over the listeners, figuring out which sections
1627 for (listener = mainconfig.listen;
1629 listener = listener->next) {
1633 if (listener->type == RAD_LISTEN_PROXY) continue;
1636 cs = cf_section_sub_find_name2(config,
1637 "server", listener->server);
1638 if (!cs && (listener->server != NULL)) {
1639 listener->print(listener, buffer, sizeof(buffer));
1641 radlog(L_ERR, "No server has been defined for %s", buffer);
1646 if (virtual_servers_load(config) < 0) return -1;
1652 * Call all authorization modules until one returns
1653 * somethings else than RLM_MODULE_OK
1655 rlm_rcode_t module_authorize(int autz_type, REQUEST *request)
1657 return indexed_modcall(RLM_COMPONENT_AUTZ, autz_type, request);
1661 * Authenticate a user/password with various methods.
1663 rlm_rcode_t module_authenticate(int auth_type, REQUEST *request)
1665 return indexed_modcall(RLM_COMPONENT_AUTH, auth_type, request);
1668 #ifdef WITH_ACCOUNTING
1670 * Do pre-accounting for ALL configured sessions
1672 rlm_rcode_t module_preacct(REQUEST *request)
1674 return indexed_modcall(RLM_COMPONENT_PREACCT, 0, request);
1678 * Do accounting for ALL configured sessions
1680 rlm_rcode_t module_accounting(int acct_type, REQUEST *request)
1682 return indexed_modcall(RLM_COMPONENT_ACCT, acct_type, request);
1686 #ifdef WITH_SESSION_MGMT
1688 * See if a user is already logged in.
1690 * Returns: 0 == OK, 1 == double logins, 2 == multilink attempt
1692 int module_checksimul(int sess_type, REQUEST *request, int maxsimul)
1696 if(!request->username)
1699 request->simul_count = 0;
1700 request->simul_max = maxsimul;
1701 request->simul_mpp = 1;
1703 rcode = indexed_modcall(RLM_COMPONENT_SESS, sess_type, request);
1705 if (rcode != RLM_MODULE_OK) {
1706 /* FIXME: Good spot for a *rate-limited* warning to the log */
1710 return (request->simul_count < maxsimul) ? 0 : request->simul_mpp;
1716 * Do pre-proxying for ALL configured sessions
1718 rlm_rcode_t module_pre_proxy(int type, REQUEST *request)
1720 return indexed_modcall(RLM_COMPONENT_PRE_PROXY, type, request);
1724 * Do post-proxying for ALL configured sessions
1726 rlm_rcode_t module_post_proxy(int type, REQUEST *request)
1728 return indexed_modcall(RLM_COMPONENT_POST_PROXY, type, request);
1733 * Do post-authentication for ALL configured sessions
1735 rlm_rcode_t module_post_auth(int postauth_type, REQUEST *request)
1737 return indexed_modcall(RLM_COMPONENT_POST_AUTH, postauth_type, request);
1741 rlm_rcode_t module_recv_coa(int recv_coa_type, REQUEST *request)
1743 return indexed_modcall(RLM_COMPONENT_RECV_COA, recv_coa_type, request);
1746 rlm_rcode_t module_send_coa(int send_coa_type, REQUEST *request)
1748 return indexed_modcall(RLM_COMPONENT_SEND_COA, send_coa_type, request);
1752 char *module_failure_msg(REQUEST *request, const char *fmt, ...)
1758 vp = paircreate(PW_MODULE_FAILURE_MESSAGE, 0);
1764 vsnprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), fmt, ap);
1766 pairadd(&request->packet->vps, vp);
1768 return vp->vp_strvalue;