6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Copyright 2002 The FreeRADIUS server project
21 * Copyright 2002 Alan DeKok <aland@ox.org>
25 #include "libradius.h"
36 static const char rcsid[] = "$Id$";
39 * Define a structure for our module configuration.
41 * These variables do not need to be in a structure, but it's
42 * a lot cleaner to do so, and a pointer to the structure can
43 * be used as the instance handle.
45 typedef struct rlm_smb_t {
52 * A mapping of configuration file names to internal variables.
54 * Note that the string is dynamically allocated, so it MUST
55 * be freed. When the configuration file parse re-reads the string,
56 * it free's the old one, and strdup's the new one, placing the pointer
57 * to the strdup'd string into 'config.string'. This gets around
60 static CONF_PARSER module_config[] = {
61 { "server", PW_TYPE_STRING_PTR, offsetof(rlm_smb_t,server), NULL, NULL},
62 { "backup", PW_TYPE_STRING_PTR, offsetof(rlm_smb_t,backup), NULL, NULL},
63 { "domain", PW_TYPE_STRING_PTR, offsetof(rlm_smb_t,domain), NULL, NULL},
65 { NULL, -1, 0, NULL, NULL } /* end the list */
69 * Do any per-module initialization that is separate to each
70 * configured instance of the module. e.g. set up connections
71 * to external databases, read configuration files, set up
72 * dictionary entries, etc.
74 * If configuration information is given in the config section
75 * that must be referenced in later calls, store a handle to it
76 * in *instance otherwise put a null pointer there.
78 static int smb_instantiate(CONF_SECTION *conf, void **instance)
83 * Set up a storage area for instance data
85 data = rad_malloc(sizeof(*data));
88 * If the configuration parameters can't be parsed, then
91 if (cf_section_parse(conf, data, module_config) < 0) {
102 * Authenticate the user with the given password.
104 static int smb_authenticate(void *instance, REQUEST *request)
106 rlm_smb_t *data = (rlm_smb_t *) instance;
110 * We can only authenticate user requests which HAVE
111 * a User-Name attribute.
113 if (!request->username) {
114 radlog(L_AUTH, "rlm_smb: Attribute \"User-Name\" is required for authentication.");
115 return RLM_MODULE_INVALID;
119 * We can only authenticate user requests which HAVE
120 * a User-Password attribute.
122 if (!request->password) {
123 radlog(L_AUTH, "rlm_smb: Attribute \"User-Password\" is required for authentication.");
124 return RLM_MODULE_INVALID;
128 * Ensure that we're being passed a plain-text password,
129 * and not anything else.
131 if (request->password->attribute != PW_PASSWORD) {
132 radlog(L_AUTH, "rlm_smb: Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->name);
133 return RLM_MODULE_INVALID;
137 * Call the SMB magic to do the work.
139 rcode = Valid_User(request->username->strvalue,
140 request->password->strvalue,
141 data->server, data->backup, data->domain);
144 case 0: /* success */
145 return RLM_MODULE_OK;
148 case 1: /* network failure */
149 case 2: /* protocol failure */
150 return RLM_MODULE_FAIL;
153 case 3: /* invalid user name or password */
154 return RLM_MODULE_REJECT;
158 * Something weird happened. Give up.
160 return RLM_MODULE_INVALID;
163 static int smb_detach(void *instance)
165 rlm_smb_t *data = (rlm_smb_t *) instance;
167 if (data->server) free(data->server);
168 if (data->backup) free(data->backup);
169 if (data->domain) free(data->domain);
176 * The module name should be the only globally exported symbol.
177 * That is, everything else should be 'static'.
179 * If the module needs to temporarily modify it's instantiation
180 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
181 * The server will then take care of ensuring that the module
182 * is single-threaded.
186 RLM_TYPE_THREAD_UNSAFE, /* type */
187 NULL, /* initialization */
188 smb_instantiate, /* instantiation */
190 smb_authenticate, /* authentication */
191 NULL, /* authorization */
192 NULL, /* preaccounting */
193 NULL, /* accounting */
194 NULL /* checksimul */
196 smb_detach, /* detach */