2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License, version 2 if the
4 * License as published by the Free Software Foundation.
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 * GNU General Public License for more details.
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 * @brief Example module code.
21 * @copyright 2013 The FreeRADIUS server project
22 * @copyright 2013 your name \<your address\>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
31 * Define a structure for our module configuration.
33 * These variables do not need to be in a structure, but it's
34 * a lot cleaner to do so, and a pointer to the structure can
35 * be used as the instance handle.
37 typedef struct rlm_example_t {
45 * A mapping of configuration file names to internal variables.
47 * Note that the string is dynamically allocated, so it MUST
48 * be freed. When the configuration file parse re-reads the string,
49 * it free's the old one, and strdup's the new one, placing the pointer
50 * to the strdup'd string into 'config.string'. This gets around
53 static const CONF_PARSER module_config[] = {
54 { "integer", PW_TYPE_INTEGER, offsetof(rlm_example_t,value), NULL, "1" },
55 { "boolean", PW_TYPE_BOOLEAN, offsetof(rlm_example_t,boolean), NULL, "no"},
56 { "string", PW_TYPE_STRING_PTR, offsetof(rlm_example_t,string), NULL, NULL},
57 { "ipaddr", PW_TYPE_IPADDR, offsetof(rlm_example_t,ipaddr), NULL, "*" },
59 { NULL, -1, 0, NULL, NULL } /* end the list */
64 * Do any per-module initialization that is separate to each
65 * configured instance of the module. e.g. set up connections
66 * to external databases, read configuration files, set up
67 * dictionary entries, etc.
69 * If configuration information is given in the config section
70 * that must be referenced in later calls, store a handle to it
71 * in *instance otherwise put a null pointer there.
73 static int example_instantiate(CONF_SECTION *conf, void **instance)
78 * Set up a storage area for instance data
80 *instance = data = talloc_zero(conf, rlm_example_t);
84 * If the configuration parameters can't be parsed, then
87 if (cf_section_parse(conf, data, module_config) < 0) {
95 * Find the named user in this modules database. Create the set
96 * of attribute-value pairs to check and reply with for this user
97 * from the database. The authentication code only needs to check
98 * the password, the rest is done here.
100 static rlm_rcode_t example_authorize(void *instance, REQUEST *request)
105 /* quiet the compiler */
110 * Look for the 'state' attribute.
112 state = pairfind(request->packet->vps, PW_STATE, 0, TAG_ANY);
114 RDEBUG("Found reply to access challenge");
115 return RLM_MODULE_OK;
119 * Create the challenge, and add it to the reply.
121 reply = pairmake("Reply-Message", "This is a challenge", T_OP_EQ);
122 pairadd(&request->reply->vps, reply);
123 state = pairmake("State", "0", T_OP_EQ);
124 pairadd(&request->reply->vps, state);
127 * Mark the packet as an Access-Challenge packet.
129 * The server will take care of sending it to the user.
131 request->reply->code = PW_ACCESS_CHALLENGE;
132 RDEBUG("Sending Access-Challenge.");
134 return RLM_MODULE_HANDLED;
138 * Authenticate the user with the given password.
140 static rlm_rcode_t example_authenticate(void *instance, REQUEST *request)
142 /* quiet the compiler */
146 return RLM_MODULE_OK;
150 * Massage the request before recording it or proxying it
152 static rlm_rcode_t example_preacct(void *instance, REQUEST *request)
154 /* quiet the compiler */
158 return RLM_MODULE_OK;
162 * Write accounting information to this modules database.
164 static rlm_rcode_t example_accounting(void *instance, REQUEST *request)
166 /* quiet the compiler */
170 return RLM_MODULE_OK;
174 * See if a user is already logged in. Sets request->simul_count to the
175 * current session count for this user and sets request->simul_mpp to 2
176 * if it looks like a multilink attempt based on the requested IP
177 * address, otherwise leaves request->simul_mpp alone.
179 * Check twice. If on the first pass the user exceeds his
180 * max. number of logins, do a second pass and validate all
181 * logins by querying the terminal server (using eg. SNMP).
183 static rlm_rcode_t example_checksimul(void *instance, REQUEST *request)
187 request->simul_count=0;
189 return RLM_MODULE_OK;
194 * Only free memory we allocated. The strings allocated via
195 * cf_section_parse() do not need to be freed.
197 static int example_detach(void *instance)
199 /* free things here */
204 * The module name should be the only globally exported symbol.
205 * That is, everything else should be 'static'.
207 * If the module needs to temporarily modify it's instantiation
208 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
209 * The server will then take care of ensuring that the module
210 * is single-threaded.
212 module_t rlm_example = {
215 RLM_TYPE_THREAD_SAFE, /* type */
216 example_instantiate, /* instantiation */
217 example_detach, /* detach */
219 example_authenticate, /* authentication */
220 example_authorize, /* authorization */
221 example_preacct, /* preaccounting */
222 example_accounting, /* accounting */
223 example_checksimul, /* checksimul */
224 NULL, /* pre-proxy */
225 NULL, /* post-proxy */