11 static const char rcsid[] = "$Id$";
15 * Internal function to cut down on duplicated code.
17 * Returns NULL on don't proxy, realm otherwise.
19 static REALM *check_for_realm(REQUEST *request)
27 * If the request has a proxy entry, then it's a proxy
28 * reply, and we're walking through the module list again.
30 * In that case, don't bother trying to proxy the request
33 * Also, if there's no User-Name attribute, we can't
36 if ((request->proxy != NULL) ||
37 (request->username == NULL)) {
41 name = (char *)request->username->strvalue;
42 realmname = strrchr(name, '@');
43 if (realmname != NULL)
46 realm = realm_find(realmname);
50 DEBUG2(" rlm_realm: Proxying request from user %s to realm %s",
54 * If we've been told to strip the realm off, then do so.
56 if (realm->striprealm) {
58 * Create the Stripped-User-Name attribute, if it
61 * This code is copied from rlm_preprocess.
63 vp = pairfind(request->packet->vps, PW_STRIPPED_USER_NAME);
65 vp = paircreate(PW_STRIPPED_USER_NAME, PW_TYPE_STRING);
67 radlog(L_ERR|L_CONS, "no memory");
70 strcpy(vp->strvalue, name);
71 vp->length = strlen((char *)vp->strvalue);
72 pairadd(&request->packet->vps, vp);
73 request->username = vp;
77 * Let's strip the Stripped-User-Name attribute.
79 realmname = strrchr((char *)vp->strvalue, '@');
80 if (realmname != NULL) {
82 vp->length = strlen((char *)vp->strvalue);
87 * Don't add a 'Realm' attribute, proxy.c does
92 * Perhaps accounting proxying was turned off.
94 if ((request->packet->code == PW_ACCOUNTING_REQUEST) &&
95 (realm->acct_port == 0)) {
96 /* log a warning that the packet isn't getting proxied ??? */
101 * Perhaps authentication proxying was turned off.
103 if ((request->packet->code == PW_AUTHENTICATION_REQUEST) &&
104 (realm->auth_port == 0)) {
105 /* log a warning that the packet isn't getting proxied ??? */
114 * Maybe add a "Proxy-To-Realm" attribute to the request.
116 * If it's a LOCAL realm, then don't bother.
118 static void add_proxy_to_realm(VALUE_PAIR **vps, REALM *realm)
123 * If it's the LOCAL realm, we do NOT proxy it, but
124 * we DO strip the User-Name, if told to do so.
126 if (strcmp(realm->server, "LOCAL") == 0) {
131 * Tell the server to proxy this request to another
134 vp = pairmake("Proxy-To-Realm", realm->realm, T_OP_EQ);
136 radlog(L_ERR|L_CONS, "no memory");
141 * Add it, even if it's already present.
147 * Examine a request for a username with an @suffix, and if it
148 * corresponds to something in the realms file, set that realm as
151 * This should very nearly duplicate the old proxy_send() code
153 static int realm_authorize(void *instance, REQUEST *request,
154 VALUE_PAIR **check_pairs, VALUE_PAIR **reply_pairs)
159 reply_pairs = reply_pairs; /* -Wunused */
162 * Check if we've got to proxy the request.
163 * If not, return without adding a Proxy-To-Realm
166 realm = check_for_realm(request);
168 return RLM_MODULE_OK;
172 * Maybe add a Proxy-To-Realm attribute to the request.
174 add_proxy_to_realm(check_pairs, realm);
176 return RLM_MODULE_OK; /* try the next module */
180 * This does the exact same thing as the realm_authorize, it's just called
183 static int realm_preacct(void *instance, REQUEST *request)
185 const char *name = (char *)request->username->strvalue;
188 instance = instance; /* -Wunused */
191 return RLM_MODULE_OK;
195 * Check if we've got to proxy the request.
196 * If not, return without adding a Proxy-To-Realm
199 realm = check_for_realm(request);
201 return RLM_MODULE_OK;
206 * Maybe add a Proxy-To-Realm attribute to the request.
208 add_proxy_to_realm(&request->config_items, realm);
210 return RLM_MODULE_OK; /* try the next module */
213 /* globally exported name */
214 module_t rlm_realm = {
216 0, /* type: reserved */
217 NULL, /* initialization */
218 NULL, /* instantiation */
219 realm_authorize, /* authorization */
220 NULL, /* authentication */
221 realm_preacct, /* preaccounting */
222 NULL, /* accounting */