src/modules/rlm_checkval/rlm_checkval.c

   1 /*
   2  * rlm_checkval.c
   3  *
   4  * Version:     $Id$
   5  *
   6  *   This program is free software; you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation; either version 2 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   This program is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with this program; if not, write to the Free Software
  18  *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  * Copyright 2003  The FreeRADIUS server project
  21  * Copyright 2003  Kostas Kalevras <kkalev@noc.ntua.gr>
  22  */
  23
  24 #include <freeradius-devel/autoconf.h>
  25
  26 #include <stdio.h>
  27 #include <stdlib.h>
  28 #include <string.h>
  29
  30 #include <freeradius-devel/radiusd.h>
  31 #include <freeradius-devel/modules.h>
  32 #ifdef HAVE_REGEX_H
  33 #       include <regex.h>
  34 #endif
  35 #ifndef REG_EXTENDED
  36 #define REG_EXTENDED (0)
  37 #endif
  38
  39 #ifndef REG_NOSUB
  40 #define REG_NOSUB (0)
  41 #endif
  42 /*
  43  *      Define a structure for our module configuration.
  44  *
  45  *      These variables do not need to be in a structure, but it's
  46  *      a lot cleaner to do so, and a pointer to the structure can
  47  *      be used as the instance handle.
  48  */
  49 typedef struct rlm_checkval_t {
  50         char    *item_name;     /* The attribute inside Access-Request ie Calling-Station-Id */
  51         char    *check_name;    /* The attribute to check it with ie Allowed-Calling-Station-Id */
  52         char    *data_type;     /* string,integer,ipaddr,date,abinary,octets */
  53         int     dat_type;
  54         int     item_attr;
  55         int     chk_attr;
  56         int     notfound_reject;        /* If we don't find the item_name in the request send back a reject */
  57 } rlm_checkval_t;
  58
  59 /*
  60  *      A mapping of configuration file names to internal variables.
  61  *
  62  *      Note that the string is dynamically allocated, so it MUST
  63  *      be freed.  When the configuration file parse re-reads the string,
  64  *      it free's the old one, and strdup's the new one, placing the pointer
  65  *      to the strdup'd string into 'config.string'.  This gets around
  66  *      buffer over-flows.
  67  */
  68 static const CONF_PARSER module_config[] = {
  69   { "item-name",  PW_TYPE_STRING_PTR, offsetof(rlm_checkval_t,item_name), NULL,  NULL},
  70   { "check-name",  PW_TYPE_STRING_PTR, offsetof(rlm_checkval_t,check_name), NULL,  NULL},
  71   { "data-type",    PW_TYPE_STRING_PTR, offsetof(rlm_checkval_t,data_type),NULL, "integer"},
  72   { "notfound-reject", PW_TYPE_BOOLEAN, offsetof(rlm_checkval_t,notfound_reject),NULL, "no"},
  73   { NULL, -1, 0, NULL, NULL }           /* end the list */
  74 };
  75
  76
  77 static int checkval_detach(void *instance)
  78 {
  79         rlm_checkval_t *data = (rlm_checkval_t *) instance;
  80
  81         if (data->item_name)
  82                 free((char *)data->item_name);
  83         if (data->check_name)
  84                 free((char *)data->check_name);
  85         if (data->data_type)
  86                 free((char *)data->data_type);
  87
  88         free(instance);
  89         return 0;
  90 }
  91
  92 /*
  93  *      Do any per-module initialization that is separate to each
  94  *      configured instance of the module.  e.g. set up connections
  95  *      to external databases, read configuration files, set up
  96  *      dictionary entries, etc.
  97  *
  98  *      If configuration information is given in the config section
  99  *      that must be referenced in later calls, store a handle to it
 100  *      in *instance otherwise put a null pointer there.
 101  */
 102 static int checkval_instantiate(CONF_SECTION *conf, void **instance)
 103 {
 104         rlm_checkval_t *data;
 105         DICT_ATTR *dattr;
 106         ATTR_FLAGS flags;
 107
 108         static const LRAD_NAME_NUMBER names[] = {
 109                 { "string", PW_TYPE_STRING },
 110                 { "integer", PW_TYPE_INTEGER },
 111                 { "ipaddr", PW_TYPE_IPADDR },
 112                 { "date", PW_TYPE_DATE },
 113                 { "abinary", PW_TYPE_OCTETS },
 114                 { "octets", PW_TYPE_OCTETS },
 115                 { "binary", PW_TYPE_OCTETS },
 116                 { NULL, 0 }
 117         };
 118
 119         /*
 120          *      Set up a storage area for instance data
 121          */
 122         data = rad_malloc(sizeof(*data));
 123         if (!data) {
 124                 return -1;
 125         }
 126         memset(data, 0, sizeof(*data));
 127
 128         /*
 129          *      If the configuration parameters can't be parsed, then
 130          *      fail.
 131          */
 132         if (cf_section_parse(conf, data, module_config) < 0) {
 133                 checkval_detach(data);
 134                 return -1;
 135         }
 136
 137         /*
 138          * Check if data_type exists
 139          */
 140         if (!data->data_type || !strlen(data->data_type)){
 141                 radlog(L_ERR, "rlm_checkval: Data type not defined");
 142                 checkval_detach(data);
 143                 return -1;
 144         }
 145         if (!data->item_name || !strlen(data->item_name)){
 146                 radlog(L_ERR, "rlm_checkval: Item name not defined");
 147                 checkval_detach(data);
 148                 return -1;
 149         }
 150         if (!data->check_name || !strlen(data->check_name)){
 151                 radlog(L_ERR, "rlm_checkval: Check item name not defined");
 152                 checkval_detach(data);
 153                 return -1;
 154         }
 155
 156         /*
 157          *      Discover the attribute number of the item name
 158          */
 159         dattr = dict_attrbyname(data->item_name);
 160         if (!dattr) {
 161                 radlog(L_ERR, "rlm_checkval: No such attribute %s",
 162                        data->item_name);
 163                 checkval_detach(data);
 164                 return -1;
 165         }
 166         data->item_attr = dattr->attr;
 167
 168         /*
 169          *      Add the check attribute name to the dictionary
 170          *      if it does not already exists. dict_addattr() handles that
 171          */
 172
 173         memset(&flags, 0, sizeof(flags));
 174         dict_addattr(data->check_name, 0, PW_TYPE_STRING, -1,flags);
 175         dattr = dict_attrbyname(data->check_name);
 176         if (!dattr){
 177                 radlog(L_ERR, "rlm_checkval: No such attribute %s",
 178                        data->check_name);
 179                 checkval_detach(data);
 180                 return -1;
 181         }
 182         data->chk_attr = dattr->attr;
 183         DEBUG2("rlm_checkval: Registered name %s for attribute %d",
 184                 dattr->name,dattr->attr);
 185
 186         /*
 187          *      Convert the string type to an integer type,
 188          *      so we don't have to do string comparisons on each
 189          *      packet.
 190          */
 191         data->dat_type = lrad_str2int(names, data->data_type, -1);
 192         if (data->dat_type < 0) {
 193                 radlog(L_ERR, "rlm_checkval: Data type %s in not known",data->data_type);
 194                 checkval_detach(data);
 195                 return -1;
 196         }
 197
 198         *instance = data;
 199
 200         return 0;
 201 }
 202
 203 static int do_checkval(void *instance, REQUEST *request)
 204 {
 205         rlm_checkval_t *data = (rlm_checkval_t *) instance;
 206         int ret=RLM_MODULE_NOOP;
 207         VALUE_PAIR *chk_vp, *item_vp;
 208         VALUE_PAIR *tmp;
 209         char found = 0;
 210
 211         /* quiet the compiler */
 212         instance = instance;
 213         request = request;
 214
 215
 216         /*
 217         *      Look for the check item
 218         */
 219
 220         if (!(item_vp = pairfind(request->packet->vps, data->item_attr))){
 221                 DEBUG2("rlm_checkval: Could not find item named %s in request", data->item_name);
 222                 if (data->notfound_reject)
 223                         ret = RLM_MODULE_REJECT;
 224                 else
 225                         ret = RLM_MODULE_NOTFOUND;
 226         }
 227         if (item_vp)
 228                 DEBUG2("rlm_checkval: Item Name: %s, Value: %s",data->item_name, item_vp->vp_strvalue);
 229         tmp = request->config_items;
 230         do{
 231                 if (!(chk_vp = pairfind(tmp, data->chk_attr))){
 232                         if (!found){
 233                                 DEBUG2("rlm_checkval: Could not find attribute named %s in check pairs",data->check_name);
 234                                 ret = RLM_MODULE_NOTFOUND;
 235                         }
 236                         break;
 237                 }
 238                 if (!item_vp)
 239                         break;
 240                 DEBUG2("rlm_checkval: Value Name: %s, Value: %s",data->check_name, chk_vp->vp_strvalue);
 241
 242                 /*
 243                 * Check if item != check
 244                 */
 245                 found = 1;
 246                 if (data->dat_type == PW_TYPE_STRING ||
 247                     data->dat_type == PW_TYPE_OCTETS) {
 248                         if (item_vp->length != chk_vp->length)
 249                                 ret = RLM_MODULE_REJECT;
 250                         else{
 251                                 if (!memcmp(item_vp->vp_strvalue,
 252                                             chk_vp->vp_strvalue,
 253                                             (size_t) chk_vp->length))
 254                                         ret = RLM_MODULE_OK;
 255                                 else
 256                                         ret = RLM_MODULE_REJECT;
 257                         }
 258                 }
 259                 else{   /* Integer or Date */
 260
 261                         if (item_vp->lvalue == chk_vp->lvalue)
 262                                 ret = RLM_MODULE_OK;
 263                         else
 264                                 ret = RLM_MODULE_REJECT;
 265                 }
 266 #ifdef HAVE_REGEX_H
 267                 if (ret == RLM_MODULE_REJECT &&
 268                     chk_vp->operator == T_OP_REG_EQ) {
 269                         regex_t reg;
 270                         int err;
 271                         char err_msg[MAX_STRING_LEN];
 272
 273                         DEBUG("rlm_checkval: Doing regex");
 274                         err = regcomp(&reg, (char *)chk_vp->vp_strvalue, REG_EXTENDED|REG_NOSUB);
 275                         if (err){
 276                                 regerror(err, &reg,err_msg, MAX_STRING_LEN);
 277                                 DEBUG("rlm_checkval: regcomp() returned error: %s", err_msg);
 278                                 return RLM_MODULE_FAIL;
 279                         }
 280                         if (regexec(&reg, (char *)item_vp->vp_strvalue,0, NULL, 0) == 0)
 281                                 ret = RLM_MODULE_OK;
 282                         else
 283                                 ret = RLM_MODULE_REJECT;
 284                         regfree(&reg);
 285                 }
 286 #endif
 287                 tmp = chk_vp->next;
 288         } while (ret == RLM_MODULE_REJECT &&
 289                  tmp != NULL);
 290
 291         if (ret == RLM_MODULE_REJECT) {
 292                 if (!item_vp && data->notfound_reject){
 293                         char module_fmsg[MAX_STRING_LEN];
 294                         VALUE_PAIR *module_fmsg_vp;
 295
 296                         snprintf(module_fmsg,sizeof(module_fmsg),
 297                                 "rlm_checkval: Could not find item named %s in request", data->item_name);
 298                         module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
 299                         pairadd(&request->packet->vps, module_fmsg_vp);
 300                 }
 301                 else{
 302                         char module_fmsg[MAX_STRING_LEN];
 303                         VALUE_PAIR *module_fmsg_vp;
 304
 305                         snprintf(module_fmsg,sizeof(module_fmsg),
 306                                 "rlm_checkval: This %s is not allowed for the user", data->item_name);
 307                         module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
 308                         pairadd(&request->packet->vps, module_fmsg_vp);
 309                 }
 310         }
 311
 312
 313         return ret;
 314 }
 315
 316 /*
 317  */
 318 static int checkval_authorize(void *instance, REQUEST *request)
 319 {
 320         return do_checkval(instance,request);
 321 }
 322
 323 static int checkval_accounting(void *instance, REQUEST *request)
 324 {
 325         return do_checkval(instance,request);
 326 }
 327
 328 /*
 329  *      The module name should be the only globally exported symbol.
 330  *      That is, everything else should be 'static'.
 331  *
 332  *      If the module needs to temporarily modify it's instantiation
 333  *      data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
 334  *      The server will then take care of ensuring that the module
 335  *      is single-threaded.
 336  */
 337 module_t rlm_checkval = {
 338          RLM_MODULE_INIT,
 339         "checkval",
 340         0,              /* type */
 341         checkval_instantiate,           /* instantiation */
 342         checkval_detach,                /* detach */
 343         {
 344                 NULL,                   /* authentication */
 345                 checkval_authorize,     /* authorization */
 346                 NULL,                   /* preaccounting */
 347                 checkval_accounting,    /* accounting */
 348                 NULL,                   /* checksimul */
 349                 NULL,                   /* pre-proxy */
 350                 NULL,                   /* post-proxy */
 351                 NULL                    /* post-auth */
 352         },
 353 };