2 * modules.c Radius module support.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2003,2006 The FreeRADIUS server project
21 * Copyright 2000 Alan DeKok <aland@ox.org>
22 * Copyright 2000 Alan Curry <pacman@world.std.com>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/modpriv.h>
30 #include <freeradius-devel/modcall.h>
31 #include <freeradius-devel/rad_assert.h>
33 extern int check_config;
35 typedef struct indexed_modcallable {
38 modcallable *modulelist;
39 } indexed_modcallable;
41 typedef struct virtual_server_t {
47 modcallable *mc[RLM_COMPONENT_COUNT];
48 CONF_SECTION *subcs[RLM_COMPONENT_COUNT];
49 struct virtual_server_t *next;
53 * Keep a hash of virtual servers, so that we can reload them.
55 #define VIRTUAL_SERVER_HASH_SIZE (256)
56 static virtual_server_t *virtual_servers[VIRTUAL_SERVER_HASH_SIZE];
58 static rbtree_t *module_tree = NULL;
60 static rbtree_t *instance_tree = NULL;
62 struct fr_module_hup_t {
63 module_instance_t *mi;
66 fr_module_hup_t *next;
70 typedef struct section_type_value_t {
74 } section_type_value_t;
77 * Ordered by component
79 static const section_type_value_t section_type_value[RLM_COMPONENT_COUNT] = {
80 { "authenticate", "Auth-Type", PW_AUTH_TYPE },
81 { "authorize", "Autz-Type", PW_AUTZ_TYPE },
82 { "preacct", "Pre-Acct-Type", PW_PRE_ACCT_TYPE },
83 { "accounting", "Acct-Type", PW_ACCT_TYPE },
84 { "session", "Session-Type", PW_SESSION_TYPE },
85 { "pre-proxy", "Pre-Proxy-Type", PW_PRE_PROXY_TYPE },
86 { "post-proxy", "Post-Proxy-Type", PW_POST_PROXY_TYPE },
87 { "post-auth", "Post-Auth-Type", PW_POST_AUTH_TYPE }
90 { "recv-coa", "Recv-CoA-Type", PW_RECV_COA_TYPE },
91 { "send-coa", "Send-CoA-Type", PW_SEND_COA_TYPE }
96 #ifdef WITHOUT_LIBLTDL
104 #define RTLD_LOCAL (0)
107 #define fr_dlopenext lt_dlopenext
110 #define LT_SHREXT ".so"
111 #elif defined (WIN32)
112 #define LT_SHREXT ".dll"
114 #define LT_SHREXT ".dylib"
118 lt_dlhandle lt_dlopenext(const char *name)
122 strlcpy(buffer, name, sizeof(buffer));
125 * FIXME: Make this configurable...
127 strlcat(buffer, LT_SHREXT, sizeof(buffer));
129 return dlopen(buffer, RTLD_NOW | RTLD_LOCAL);
132 void *lt_dlsym(lt_dlhandle handle, UNUSED const char *symbol)
134 return dlsym(handle, symbol);
137 int lt_dlclose(lt_dlhandle handle)
139 if (!handle) return 0;
141 return dlclose(handle);
144 const char *lt_dlerror(void)
150 #else /* without dlopen */
151 typedef struct lt_dlmodule_t {
156 typedef struct eap_type_t EAP_TYPE;
157 typedef struct rlm_sql_module_t rlm_sql_module_t;
160 * FIXME: Write hackery to auto-generate this data.
161 * We only need to do this on systems that don't have dlopen.
163 extern module_t rlm_pap;
164 extern module_t rlm_chap;
165 extern module_t rlm_eap;
166 extern module_t rlm_sql;
169 extern EAP_TYPE rlm_eap_md5;
170 extern rlm_sql_module_t rlm_sql_mysql;
173 static const lt_dlmodule_t lt_dlmodules[] = {
174 { "rlm_pap", &rlm_pap },
175 { "rlm_chap", &rlm_chap },
176 { "rlm_eap", &rlm_eap },
179 { "rlm_eap_md5", &rlm_eap_md5 },
182 { "rlm_sql_mysql", &rlm_sql_mysql },
188 #define fr_dlopenext lt_dlopenext
189 lt_dlhandle lt_dlopenext(const char *name)
193 for (i = 0; lt_dlmodules[i].name != NULL; i++) {
194 if (strcmp(name, lt_dlmodules[i].name) == 0) {
195 return lt_dlmodules[i].ref;
202 void *lt_dlsym(lt_dlhandle handle, UNUSED const char *symbol)
207 int lt_dlclose(lt_dlhandle handle)
212 const char *lt_dlerror(void)
214 return "Unspecified error";
217 #endif /* WITH_DLOPEN */
218 #else /* WITHOUT_LIBLTDL */
221 * Solve the issues of libraries linking to other libraries
222 * by using a newer libltdl API.
224 #ifndef HAVE_LT_DLADVISE_INIT
225 #define fr_dlopenext lt_dlopenext
227 static lt_dlhandle fr_dlopenext(const char *filename)
229 lt_dlhandle handle = 0;
232 if (!lt_dladvise_init (&advise) &&
233 !lt_dladvise_ext (&advise) &&
234 !lt_dladvise_global (&advise)) {
235 handle = lt_dlopenadvise (filename, advise);
238 lt_dladvise_destroy (&advise);
242 #endif /* HAVE_LT_DLADVISE_INIT */
243 #endif /* WITHOUT_LIBLTDL */
245 static int virtual_server_idx(const char *name)
251 hash = fr_hash_string(name);
253 return hash & (VIRTUAL_SERVER_HASH_SIZE - 1);
256 static void virtual_server_free(virtual_server_t *server)
260 if (server->components) rbtree_free(server->components);
261 server->components = NULL;
266 void virtual_servers_free(time_t when)
269 virtual_server_t **last;
271 for (i = 0; i < VIRTUAL_SERVER_HASH_SIZE; i++) {
272 virtual_server_t *server, *next;
274 last = &virtual_servers[i];
275 for (server = virtual_servers[i];
281 * If we delete it, fix the links so that
282 * we don't orphan anything. Also,
283 * delete it if it's old, AND a newer one
286 * Otherwise, the last pointer gets set to
287 * the one we didn't delete.
290 ((server->created < when) && server->can_free)) {
291 *last = server->next;
292 virtual_server_free(server);
294 last = &(server->next);
300 static void indexed_modcallable_free(void *data)
302 indexed_modcallable *c = data;
304 modcallable_free(&c->modulelist);
308 static int indexed_modcallable_cmp(const void *one, const void *two)
310 const indexed_modcallable *a = one;
311 const indexed_modcallable *b = two;
313 if (a->comp < b->comp) return -1;
314 if (a->comp > b->comp) return +1;
316 return a->idx - b->idx;
321 * Compare two module entries
323 static int module_instance_cmp(const void *one, const void *two)
325 const module_instance_t *a = one;
326 const module_instance_t *b = two;
328 return strcmp(a->name, b->name);
332 static void module_instance_free_old(CONF_SECTION *cs, module_instance_t *node,
335 fr_module_hup_t *mh, **last;
338 * Walk the list, freeing up old instances.
345 * Free only every 60 seconds.
347 if ((when - mh->when) < 60) {
352 cf_section_parse_free(cs, mh->insthandle);
354 if (node->entry->module->detach) {
355 (node->entry->module->detach)(mh->insthandle);
357 free(mh->insthandle);
367 * Free a module instance.
369 static void module_instance_free(void *data)
371 module_instance_t *this = data;
373 module_instance_free_old(this->cs, this, time(NULL) + 100);
375 if (this->entry->module->detach) {
376 (this->entry->module->detach)(this->insthandle);
379 #ifdef HAVE_PTHREAD_H
383 * The mutex MIGHT be locked...
384 * we'll check for that later, I guess.
386 pthread_mutex_destroy(this->mutex);
390 memset(this, 0, sizeof(*this));
396 * Compare two module entries
398 static int module_entry_cmp(const void *one, const void *two)
400 const module_entry_t *a = one;
401 const module_entry_t *b = two;
403 return strcmp(a->name, b->name);
407 * Free a module entry.
409 static void module_entry_free(void *data)
411 module_entry_t *this = data;
413 lt_dlclose(this->handle); /* ignore any errors */
414 memset(this, 0, sizeof(*this));
420 * Remove the module lists.
422 int detach_modules(void)
424 rbtree_free(instance_tree);
425 rbtree_free(module_tree);
434 * Find a module on disk or in memory, and link to it.
436 static module_entry_t *linkto_module(const char *module_name,
439 module_entry_t myentry;
440 module_entry_t *node;
441 lt_dlhandle handle = NULL;
442 char module_struct[256];
444 const module_t *module;
446 strlcpy(myentry.name, module_name, sizeof(myentry.name));
447 node = rbtree_finddata(module_tree, &myentry);
448 if (node) return node;
451 * Link to the module's rlm_FOO{} module structure.
453 * The module_name variable has the version number
454 * embedded in it, and we don't want that here.
456 strcpy(module_struct, module_name);
457 p = strrchr(module_struct, '-');
460 #if defined(WITHOUT_LIBLTDL) && defined (WITH_DLOPEN) && defined(RTLD_SELF)
461 module = lt_dlsym(RTLD_SELF, module_struct);
462 if (module) goto open_self;
466 * Keep the handle around so we can dlclose() it.
468 handle = fr_dlopenext(module_name);
469 if (handle == NULL) {
470 cf_log_err(cf_sectiontoitem(cs),
471 "Failed to link to module '%s': %s\n",
472 module_name, lt_dlerror());
476 DEBUG3(" (Loaded %s, checking if it's valid)", module_name);
479 * libltld MAY core here, if the handle it gives us contains
482 module = lt_dlsym(handle, module_struct);
484 cf_log_err(cf_sectiontoitem(cs),
485 "Failed linking to %s structure: %s\n",
486 module_name, lt_dlerror());
491 #if defined(WITHOUT_LIBLTDL) && defined (WITH_DLOPEN) && defined(RTLD_SELF)
495 * Before doing anything else, check if it's sane.
497 if (module->magic != RLM_MODULE_MAGIC_NUMBER) {
499 cf_log_err(cf_sectiontoitem(cs),
500 "Invalid version in module '%s'",
506 /* make room for the module type */
507 node = rad_malloc(sizeof(*node));
508 memset(node, 0, sizeof(*node));
509 strlcpy(node->name, module_name, sizeof(node->name));
510 node->module = module;
511 node->handle = handle;
513 cf_log_module(cs, "Linked to module %s", module_name);
516 * Add the module as "rlm_foo-version" to the configuration
519 if (!rbtree_insert(module_tree, node)) {
520 radlog(L_ERR, "Failed to cache module %s", module_name);
530 * Find a module instance.
532 module_instance_t *find_module_instance(CONF_SECTION *modules,
533 const char *instname, int do_link)
535 int check_config_safe = FALSE;
538 module_instance_t *node, myNode;
539 char module_name[256];
541 if (!modules) return NULL;
544 * Module instances are declared in the modules{} block
545 * and referenced later by their name, which is the
546 * name2 from the config section, or name1 if there was
549 cs = cf_section_sub_find_name2(modules, NULL, instname);
551 radlog(L_ERR, "ERROR: Cannot find a configuration entry for module \"%s\".\n", instname);
556 * If there's already a module instance, return it.
558 strlcpy(myNode.name, instname, sizeof(myNode.name));
559 node = rbtree_finddata(instance_tree, &myNode);
560 if (node) return node;
562 if (!do_link) return NULL;
564 name1 = cf_section_name1(cs);
567 * Found the configuration entry.
569 node = rad_malloc(sizeof(*node));
570 memset(node, 0, sizeof(*node));
572 node->insthandle = NULL;
576 * Names in the "modules" section aren't prefixed
577 * with "rlm_", so we add it here.
579 snprintf(module_name, sizeof(module_name), "rlm_%s", name1);
581 node->entry = linkto_module(module_name, cs);
584 /* linkto_module logs any errors */
588 if (check_config && (node->entry->module->instantiate) &&
589 (node->entry->module->type & RLM_TYPE_CHECK_CONFIG_SAFE) == 0) {
590 const char *value = NULL;
593 cp = cf_pair_find(cs, "force_check_config");
594 if (cp) value = cf_pair_value(cp);
596 if (value && (strcmp(value, "yes") == 0)) goto print_inst;
598 cf_log_module(cs, "Skipping instantiation of %s", instname);
601 check_config_safe = TRUE;
602 cf_log_module(cs, "Instantiating %s", instname);
606 * Call the module's instantiation routine.
608 if ((node->entry->module->instantiate) &&
609 (!check_config || check_config_safe) &&
610 ((node->entry->module->instantiate)(cs, &node->insthandle) < 0)) {
611 cf_log_err(cf_sectiontoitem(cs),
612 "Instantiation failed for module \"%s\"",
619 * We're done. Fill in the rest of the data structure,
620 * and link it to the module instance list.
622 strlcpy(node->name, instname, sizeof(node->name));
624 #ifdef HAVE_PTHREAD_H
626 * If we're threaded, check if the module is thread-safe.
628 * If it isn't, we create a mutex.
630 if ((node->entry->module->type & RLM_TYPE_THREAD_UNSAFE) != 0) {
631 node->mutex = (pthread_mutex_t *) rad_malloc(sizeof(pthread_mutex_t));
633 * Initialize the mutex.
635 pthread_mutex_init(node->mutex, NULL);
638 * The module is thread-safe. Don't give it a mutex.
644 rbtree_insert(instance_tree, node);
649 static indexed_modcallable *lookup_by_index(rbtree_t *components,
652 indexed_modcallable myc;
657 return rbtree_finddata(components, &myc);
661 * Create a new sublist.
663 static indexed_modcallable *new_sublist(rbtree_t *components, int comp, int idx)
665 indexed_modcallable *c;
667 c = lookup_by_index(components, comp, idx);
669 /* It is an error to try to create a sublist that already
670 * exists. It would almost certainly be caused by accidental
671 * duplication in the config file.
673 * index 0 is the exception, because it is used when we want
674 * to collect _all_ listed modules under a single index by
675 * default, which is currently the case in all components
676 * except authenticate. */
684 c = rad_malloc(sizeof(*c));
685 c->modulelist = NULL;
689 if (!rbtree_insert(components, c)) {
697 int indexed_modcall(int comp, int idx, REQUEST *request)
700 modcallable *list = NULL;
701 virtual_server_t *server;
704 * Hack to find the correct virtual server.
706 rcode = virtual_server_idx(request->server);
707 for (server = virtual_servers[rcode];
709 server = server->next) {
710 if (!request->server && !server->name) break;
712 if ((request->server && server->name) &&
713 (strcmp(request->server, server->name) == 0)) break;
717 RDEBUG("No such virtual server \"%s\"", request->server);
718 return RLM_MODULE_FAIL;
722 list = server->mc[comp];
723 if (!list) RDEBUG2(" WARNING: Empty %s section. Using default return values.", section_type_value[comp].section);
726 indexed_modcallable *this;
728 this = lookup_by_index(server->components, comp, idx);
730 list = this->modulelist;
732 RDEBUG2(" WARNING: Unknown value specified for %s. Cannot perform requested action.",
733 section_type_value[comp].typename);
737 request->component = section_type_value[comp].section;
739 rcode = modcall(comp, list, request);
741 request->module = "";
742 request->component = "";
747 * Load a sub-module list, as found inside an Auth-Type foo {}
750 static int load_subcomponent_section(modcallable *parent, CONF_SECTION *cs,
751 rbtree_t *components, int attr, int comp)
753 indexed_modcallable *subcomp;
756 const char *name2 = cf_section_name2(cs);
758 rad_assert(comp >= RLM_COMPONENT_AUTH);
759 rad_assert(comp < RLM_COMPONENT_COUNT);
765 cf_log_err(cf_sectiontoitem(cs),
766 "No name specified for %s block",
767 section_type_value[comp].typename);
774 ml = compile_modgroup(parent, comp, cs);
780 * We must assign a numeric index to this subcomponent.
781 * It is generated and placed in the dictionary
782 * automatically. If it isn't found, it's a serious
785 dval = dict_valbyname(attr, 0, name2);
787 cf_log_err(cf_sectiontoitem(cs),
788 "%s %s Not previously configured",
789 section_type_value[comp].typename, name2);
790 modcallable_free(&ml);
794 subcomp = new_sublist(components, comp, dval->value);
796 modcallable_free(&ml);
800 subcomp->modulelist = ml;
804 static int define_type(const DICT_ATTR *dattr, const char *name)
810 * If the value already exists, don't
813 dval = dict_valbyname(dattr->attr, dattr->vendor, name);
817 * Create a new unique value with a
818 * meaningless number. You can't look at
819 * it from outside of this code, so it
820 * doesn't matter. The only requirement
821 * is that it's unique.
824 value = fr_rand() & 0x00ffffff;
825 } while (dict_valbyattr(dattr->attr, dattr->vendor, value));
827 if (dict_addvalue(name, dattr->name, value) < 0) {
828 radlog(L_ERR, "%s", fr_strerror());
835 static int load_component_section(CONF_SECTION *cs,
836 rbtree_t *components, int comp)
841 indexed_modcallable *subcomp;
843 const char *visiblename;
844 const DICT_ATTR *dattr;
847 * Find the attribute used to store VALUEs for this section.
849 dattr = dict_attrbyvalue(section_type_value[comp].attr, 0);
851 cf_log_err(cf_sectiontoitem(cs),
852 "No such attribute %s",
853 section_type_value[comp].typename);
858 * Loop over the entries in the named section, loading
859 * the sections this time.
861 for (modref = cf_item_find_next(cs, NULL);
863 modref = cf_item_find_next(cs, modref)) {
865 CONF_PAIR *cp = NULL;
866 CONF_SECTION *scs = NULL;
868 if (cf_item_is_section(modref)) {
869 scs = cf_itemtosection(modref);
871 name1 = cf_section_name1(scs);
874 section_type_value[comp].typename) == 0) {
875 if (!load_subcomponent_section(NULL, scs,
879 return -1; /* FIXME: memleak? */
886 } else if (cf_item_is_pair(modref)) {
887 cp = cf_itemtopair(modref);
890 continue; /* ignore it */
894 * Try to compile one entry.
896 this = compile_modsingle(NULL, comp, modref, &modname);
898 cf_log_err(cf_sectiontoitem(cs),
899 "Errors parsing %s section.\n",
900 cf_section_name1(cs));
905 * Look for Auth-Type foo {}, which are special
906 * cases of named sections, and allowable ONLY
909 * i.e. They're not allowed in a "group" or "redundant"
912 if (comp == RLM_COMPONENT_AUTH) {
914 const char *modrefname = NULL;
916 modrefname = cf_pair_attr(cp);
918 modrefname = cf_section_name2(scs);
920 modcallable_free(&this);
921 cf_log_err(cf_sectiontoitem(cs),
922 "Errors parsing %s sub-section.\n",
923 cf_section_name1(scs));
928 dval = dict_valbyname(PW_AUTH_TYPE, 0, modrefname);
931 * It's a section, but nothing we
934 modcallable_free(&this);
935 cf_log_err(cf_sectiontoitem(cs),
936 "Unknown Auth-Type \"%s\" in %s sub-section.",
937 modrefname, section_type_value[comp].section);
942 /* See the comment in new_sublist() for explanation
943 * of the special index 0 */
947 subcomp = new_sublist(components, comp, idx);
948 if (subcomp == NULL) {
949 modcallable_free(&this);
953 /* If subcomp->modulelist is NULL, add_to_modcallable will
955 visiblename = cf_section_name2(cs);
956 if (visiblename == NULL)
957 visiblename = cf_section_name1(cs);
958 add_to_modcallable(&subcomp->modulelist, this,
965 static int load_byserver(CONF_SECTION *cs)
968 const char *name = cf_section_name2(cs);
969 rbtree_t *components;
970 virtual_server_t *server = NULL;
971 indexed_modcallable *c;
974 cf_log_info(cs, "server %s {", name);
976 cf_log_info(cs, "server {");
979 cf_log_info(cs, " modules {");
981 components = rbtree_create(indexed_modcallable_cmp,
982 indexed_modcallable_free, 0);
984 radlog(L_ERR, "Failed to initialize components\n");
988 server = rad_malloc(sizeof(*server));
989 memset(server, 0, sizeof(*server));
992 server->created = time(NULL);
994 server->components = components;
997 * Define types first.
999 for (comp = 0; comp < RLM_COMPONENT_COUNT; ++comp) {
1000 CONF_SECTION *subcs;
1004 subcs = cf_section_sub_find(cs,
1005 section_type_value[comp].section);
1006 if (!subcs) continue;
1008 if (cf_item_find_next(subcs, NULL) == NULL) continue;
1011 * Find the attribute used to store VALUEs for this section.
1013 dattr = dict_attrbyvalue(section_type_value[comp].attr, 0);
1015 cf_log_err(cf_sectiontoitem(subcs),
1016 "No such attribute %s",
1017 section_type_value[comp].typename);
1019 if (debug_flag == 0) {
1020 radlog(L_ERR, "Failed to load virtual server %s",
1021 (name != NULL) ? name : "<default>");
1023 virtual_server_free(server);
1028 * Define dynamic types, so that others can reference
1031 for (modref = cf_item_find_next(subcs, NULL);
1033 modref = cf_item_find_next(subcs, modref)) {
1035 CONF_SECTION *subsubcs;
1038 * Create types for simple references
1039 * only when parsing the authenticate
1042 if ((section_type_value[comp].attr == PW_AUTH_TYPE) &&
1043 cf_item_is_pair(modref)) {
1044 CONF_PAIR *cp = cf_itemtopair(modref);
1045 if (!define_type(dattr, cf_pair_attr(cp))) {
1052 if (!cf_item_is_section(modref)) continue;
1054 subsubcs = cf_itemtosection(modref);
1055 name1 = cf_section_name1(subsubcs);
1057 if (strcmp(name1, section_type_value[comp].typename) == 0) {
1058 if (!define_type(dattr,
1059 cf_section_name2(subsubcs))) {
1064 } /* loop over components */
1067 * Loop over all of the known components, finding their
1068 * configuration section, and loading it.
1071 for (comp = 0; comp < RLM_COMPONENT_COUNT; ++comp) {
1072 CONF_SECTION *subcs;
1074 subcs = cf_section_sub_find(cs,
1075 section_type_value[comp].section);
1076 if (!subcs) continue;
1078 if (cf_item_find_next(subcs, NULL) == NULL) continue;
1080 cf_log_module(cs, "Checking %s {...} for more modules to load",
1081 section_type_value[comp].section);
1085 * Skip pre/post-proxy sections if we're not
1088 if (!mainconfig.proxy_requests &&
1089 ((comp == PW_PRE_PROXY_TYPE) ||
1090 (comp == PW_PRE_PROXY_TYPE))) {
1095 if (load_component_section(subcs, components, comp) < 0) {
1100 * Cache a default, if it exists. Some people
1101 * put empty sections for some reason...
1103 c = lookup_by_index(components, comp, 0);
1104 if (c) server->mc[comp] = c->modulelist;
1106 server->subcs[comp] = subcs;
1109 } /* loop over components */
1112 * We haven't loaded any of the normal sections. Maybe we're
1113 * supposed to load the vmps section.
1115 * This is a bit of a hack...
1118 CONF_SECTION *subcs;
1120 subcs = cf_section_sub_find(cs, "vmps");
1122 cf_log_module(cs, "Checking vmps {...} for more modules to load");
1123 if (load_component_section(subcs, components,
1124 RLM_COMPONENT_POST_AUTH) < 0) {
1127 c = lookup_by_index(components,
1128 RLM_COMPONENT_POST_AUTH, 0);
1129 if (c) server->mc[RLM_COMPONENT_POST_AUTH] = c->modulelist;
1135 const DICT_ATTR *dattr;
1137 dattr = dict_attrbyname("DHCP-Message-Type");
1140 * Handle each DHCP Message type separately.
1142 if (dattr) for (subcs = cf_subsection_find_next(cs, NULL, "dhcp");
1144 subcs = cf_subsection_find_next(cs, subcs,
1146 const char *name2 = cf_section_name2(subcs);
1148 DEBUG2(" Module: Checking dhcp %s {...} for more modules to load", name2);
1149 if (!load_subcomponent_section(NULL, subcs,
1152 RLM_COMPONENT_POST_AUTH)) {
1153 goto error; /* FIXME: memleak? */
1155 c = lookup_by_index(components,
1156 RLM_COMPONENT_POST_AUTH, 0);
1157 if (c) server->mc[RLM_COMPONENT_POST_AUTH] = c->modulelist;
1164 cf_log_info(cs, " } # modules");
1165 cf_log_info(cs, "} # server");
1167 if (!flag && name) {
1168 DEBUG("WARNING: Server %s is empty, and will do nothing!",
1172 if (debug_flag == 0) {
1173 radlog(L_INFO, "Loaded virtual server %s",
1174 (name != NULL) ? name : "<default>");
1178 * Now that it is OK, insert it into the list.
1180 * This is thread-safe...
1182 comp = virtual_server_idx(name);
1183 server->next = virtual_servers[comp];
1184 virtual_servers[comp] = server;
1187 * Mark OLDER ones of the same name as being unused.
1189 server = server->next;
1191 if ((!name && !server->name) ||
1192 (name && server->name &&
1193 (strcmp(server->name, name) == 0))) {
1194 server->can_free = TRUE;
1197 server = server->next;
1205 * Load all of the virtual servers.
1207 int virtual_servers_load(CONF_SECTION *config)
1209 int null_server = FALSE;
1211 static int first_time = TRUE;
1213 DEBUG2("%s: #### Loading Virtual Servers ####", mainconfig.name);
1216 * Load all of the virtual servers.
1218 for (cs = cf_subsection_find_next(config, NULL, "server");
1220 cs = cf_subsection_find_next(config, cs, "server")) {
1221 if (!cf_section_name2(cs)) null_server = TRUE;
1223 if (load_byserver(cs) < 0) {
1225 * Once we successfully staryed once,
1226 * continue loading the OTHER servers,
1227 * even if one fails.
1229 if (!first_time) continue;
1235 * No empty server defined. Try to load an old-style
1236 * one for backwards compatibility.
1239 if (load_byserver(config) < 0) {
1245 * If we succeed the first time around, remember that.
1252 int module_hup_module(CONF_SECTION *cs, module_instance_t *node, time_t when)
1254 void *insthandle = NULL;
1255 fr_module_hup_t *mh;
1258 !node->entry->module->instantiate ||
1259 ((node->entry->module->type & RLM_TYPE_HUP_SAFE) == 0)) {
1263 cf_log_module(cs, "Trying to reload module \"%s\"", node->name);
1265 if ((node->entry->module->instantiate)(cs, &insthandle) < 0) {
1266 cf_log_err(cf_sectiontoitem(cs),
1267 "HUP failed for module \"%s\". Using old configuration.",
1272 radlog(L_INFO, " Module: Reloaded module \"%s\"", node->name);
1274 module_instance_free_old(cs, node, when);
1277 * Save the old instance handle for later deletion.
1279 mh = rad_malloc(sizeof(*mh));
1282 mh->insthandle = node->insthandle;
1283 mh->next = node->mh;
1286 node->insthandle = insthandle;
1289 * FIXME: Set a timeout to come back in 60s, so that
1290 * we can pro-actively clean up the old instances.
1297 int module_hup(CONF_SECTION *modules)
1302 module_instance_t *node;
1304 if (!modules) return 0;
1309 * Loop over the modules
1311 for (ci=cf_item_find_next(modules, NULL);
1313 ci=cf_item_find_next(modules, ci)) {
1314 const char *instname;
1315 module_instance_t myNode;
1318 * If it's not a section, ignore it.
1320 if (!cf_item_is_section(ci)) continue;
1322 cs = cf_itemtosection(ci);
1323 instname = cf_section_name2(cs);
1324 if (!instname) instname = cf_section_name1(cs);
1326 strlcpy(myNode.name, instname, sizeof(myNode.name));
1327 node = rbtree_finddata(instance_tree, &myNode);
1329 module_hup_module(cs, node, when);
1337 * Parse the module config sections, and load
1338 * and call each module's init() function.
1340 * Libtool makes your life a LOT easier, especially with libltdl.
1341 * see: http://www.gnu.org/software/libtool/
1343 int setup_modules(int reload, CONF_SECTION *config)
1345 CONF_SECTION *cs, *modules;
1346 rad_listen_t *listener;
1348 if (reload) return 0;
1351 * If necessary, initialize libltdl.
1355 * This line works around a completely
1357 * RIDICULOUS INSANE IDIOTIC
1359 * bug in libltdl on certain systems. The "set
1360 * preloaded symbols" macro below ends up
1361 * referencing this name, but it isn't defined
1362 * anywhere in the libltdl source. As a result,
1363 * any program STUPID enough to rely on libltdl
1364 * fails to link, because the symbol isn't
1367 * It's like libtool and libltdl are some kind
1370 #ifdef IE_LIBTOOL_DIE
1371 #define lt__PROGRAM__LTX_preloaded_symbols lt_libltdl_LTX_preloaded_symbols
1375 * Set the default list of preloaded symbols.
1376 * This is used to initialize libltdl's list of
1377 * preloaded modules.
1379 * i.e. Static modules.
1381 LTDL_SET_PRELOADED_SYMBOLS();
1383 if (lt_dlinit() != 0) {
1384 radlog(L_ERR, "Failed to initialize libraries: %s\n",
1390 * Set the search path to ONLY our library directory.
1391 * This prevents the modules from being found from
1392 * any location on the disk.
1394 lt_dlsetsearchpath(radlib_dir);
1397 * Set up the internal module struct.
1399 module_tree = rbtree_create(module_entry_cmp,
1400 module_entry_free, 0);
1402 radlog(L_ERR, "Failed to initialize modules\n");
1406 instance_tree = rbtree_create(module_instance_cmp,
1407 module_instance_free, 0);
1408 if (!instance_tree) {
1409 radlog(L_ERR, "Failed to initialize modules\n");
1414 memset(virtual_servers, 0, sizeof(virtual_servers));
1417 * Remember where the modules were stored.
1419 modules = cf_section_sub_find(config, "modules");
1421 radlog(L_ERR, "Cannot find a \"modules\" section in the configuration file!");
1425 DEBUG2("%s: #### Instantiating modules ####", mainconfig.name);
1428 * Look for the 'instantiate' section, which tells us
1429 * the instantiation order of the modules, and also allows
1430 * us to load modules with no authorize/authenticate/etc.
1433 cs = cf_section_sub_find(config, "instantiate");
1437 module_instance_t *module;
1440 cf_log_info(cs, " instantiate {");
1443 * Loop over the items in the 'instantiate' section.
1445 for (ci=cf_item_find_next(cs, NULL);
1447 ci=cf_item_find_next(cs, ci)) {
1450 * Skip sections and "other" stuff.
1451 * Sections will be handled later, if
1452 * they're referenced at all...
1454 if (!cf_item_is_pair(ci)) {
1458 cp = cf_itemtopair(ci);
1459 name = cf_pair_attr(cp);
1460 module = find_module_instance(modules, name, 1);
1464 } /* loop over items in the subsection */
1466 cf_log_info(cs, " }");
1467 } /* if there's an 'instantiate' section. */
1470 * Loop over the listeners, figuring out which sections
1473 for (listener = mainconfig.listen;
1475 listener = listener->next) {
1479 if (listener->type == RAD_LISTEN_PROXY) continue;
1482 cs = cf_section_sub_find_name2(config,
1483 "server", listener->server);
1484 if (!cs && (listener->server != NULL)) {
1485 listener->print(listener, buffer, sizeof(buffer));
1487 radlog(L_ERR, "No server has been defined for %s", buffer);
1492 if (virtual_servers_load(config) < 0) return -1;
1498 * Call all authorization modules until one returns
1499 * somethings else than RLM_MODULE_OK
1501 int module_authorize(int autz_type, REQUEST *request)
1503 return indexed_modcall(RLM_COMPONENT_AUTZ, autz_type, request);
1507 * Authenticate a user/password with various methods.
1509 int module_authenticate(int auth_type, REQUEST *request)
1511 return indexed_modcall(RLM_COMPONENT_AUTH, auth_type, request);
1514 #ifdef WITH_ACCOUNTING
1516 * Do pre-accounting for ALL configured sessions
1518 int module_preacct(REQUEST *request)
1520 return indexed_modcall(RLM_COMPONENT_PREACCT, 0, request);
1524 * Do accounting for ALL configured sessions
1526 int module_accounting(int acct_type, REQUEST *request)
1528 return indexed_modcall(RLM_COMPONENT_ACCT, acct_type, request);
1532 #ifdef WITH_SESSION_MGMT
1534 * See if a user is already logged in.
1536 * Returns: 0 == OK, 1 == double logins, 2 == multilink attempt
1538 int module_checksimul(int sess_type, REQUEST *request, int maxsimul)
1542 if(!request->username)
1545 request->simul_count = 0;
1546 request->simul_max = maxsimul;
1547 request->simul_mpp = 1;
1549 rcode = indexed_modcall(RLM_COMPONENT_SESS, sess_type, request);
1551 if (rcode != RLM_MODULE_OK) {
1552 /* FIXME: Good spot for a *rate-limited* warning to the log */
1556 return (request->simul_count < maxsimul) ? 0 : request->simul_mpp;
1562 * Do pre-proxying for ALL configured sessions
1564 int module_pre_proxy(int type, REQUEST *request)
1566 return indexed_modcall(RLM_COMPONENT_PRE_PROXY, type, request);
1570 * Do post-proxying for ALL configured sessions
1572 int module_post_proxy(int type, REQUEST *request)
1574 return indexed_modcall(RLM_COMPONENT_POST_PROXY, type, request);
1579 * Do post-authentication for ALL configured sessions
1581 int module_post_auth(int postauth_type, REQUEST *request)
1583 return indexed_modcall(RLM_COMPONENT_POST_AUTH, postauth_type, request);
1587 int module_recv_coa(int recv_coa_type, REQUEST *request)
1589 return indexed_modcall(RLM_COMPONENT_RECV_COA, recv_coa_type, request);
1592 int module_send_coa(int send_coa_type, REQUEST *request)
1594 return indexed_modcall(RLM_COMPONENT_SEND_COA, send_coa_type, request);