static const CONF_PARSER query_config[] = {
{ "query", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT | PW_TYPE_MULTI, rlm_sql_config_t, accounting.query), NULL },
- {NULL, -1, 0, NULL, NULL}
+ CONF_PARSER_TERMINATOR
};
/*
{ "interim-update", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
{ "stop", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
- {NULL, -1, 0, NULL, NULL}
+ CONF_PARSER_TERMINATOR
};
static const CONF_PARSER acct_config[] = {
{ "type", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) type_config },
- {NULL, -1, 0, NULL, NULL}
+ CONF_PARSER_TERMINATOR
};
static const CONF_PARSER postauth_config[] = {
{ "logfile", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sql_config_t, postauth.logfile), NULL },
{ "query", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT | PW_TYPE_MULTI, rlm_sql_config_t, postauth.query), NULL },
-
- {NULL, -1, 0, NULL, NULL}
+ CONF_PARSER_TERMINATOR
};
static const CONF_PARSER module_config[] = {
{ "driver", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sql_config_t, sql_driver_name), "rlm_sql_null" },
- { "server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sql_config_t, sql_server), "localhost" },
- { "port", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sql_config_t, sql_port), "" },
+ { "server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sql_config_t, sql_server), "" }, /* Must be zero length so drivers can determine if it was set */
+ { "port", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_sql_config_t, sql_port), "0" },
{ "login", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sql_config_t, sql_login), "" },
{ "password", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_SECRET, rlm_sql_config_t, sql_password), "" },
{ "radius_db", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sql_config_t, sql_db), "radius" },
{ "accounting", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) acct_config },
{ "post-auth", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) postauth_config },
-
- {NULL, -1, 0, NULL, NULL}
+ CONF_PARSER_TERMINATOR
};
/*
static sql_fall_through_t fall_through(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
+ tmp = fr_pair_find_by_num(vp, PW_FALL_THROUGH, 0, TAG_ANY);
return tmp ? tmp->vp_integer : FALL_THROUGH_DEFAULT;
}
numaffected = (inst->module->sql_affected_rows)(handle, inst->config);
if (numaffected < 1) {
RDEBUG("SQL query affected no rows");
+ (inst->driver->sql_finish_query)(handle, inst->config);
goto finish;
}
rcode = rlm_sql_fetch_row(inst, request, &handle);
if (rcode) {
- (inst->module->sql_finish_select_query)(handle, inst->config);
+ (inst->driver->sql_finish_select_query)(handle, inst->config);
goto query_error;
}
if (rlm_sql_select_query(inst, NULL, &handle, inst->config->client_query) != RLM_SQL_OK) return -1;
while ((rlm_sql_fetch_row(inst, NULL, &handle) == 0) && (row = handle->row)) {
+ int num_rows;
char *server = NULL;
+
i++;
+ num_rows = (inst->module->sql_num_fields)(handle, inst->config);
+ if (num_rows < 5) {
+ WARN("SELECT returned too few rows. Please do not edit 'client_query'");
+ continue;
+ }
+
/*
* The return data for each row MUST be in the following order:
*
continue;
}
- if (((inst->module->sql_num_fields)(handle, inst->config) > 5) && (row[5] != NULL) && *row[5]) {
+ if ((num_rows > 5) && (row[5] != NULL) && *row[5]) {
server = row[5];
}
/*
* Allow all multi-byte UTF8 characters.
*/
- utf8_len = fr_utf8_char((uint8_t const *) in);
+ utf8_len = fr_utf8_char((uint8_t const *) in, -1);
if (utf8_len > 1) {
if (outlen <= utf8_len) break;
return -1;
}
- vp = pairalloc(request->packet, inst->sql_user);
+ vp = fr_pair_afrom_da(request->packet, inst->sql_user);
if (!vp) {
talloc_free(expanded);
return -1;
}
- pairstrsteal(vp, expanded);
+ fr_pair_value_strsteal(vp, expanded);
RDEBUG2("SQL-User-Name set to '%s'", vp->vp_strvalue);
vp->op = T_OP_SET;
- radius_pairmove(request, &request->packet->vps, vp, false); /* needs to be pair move else op is not respected */
+
+ /*
+ * Delete any existing SQL-User-Name, and replace it with ours.
+ */
+ fr_pair_delete_by_num(&request->packet->vps, vp->da->attr, vp->da->vendor, TAG_ANY);
+ fr_pair_add(&request->packet->vps, vp);
return 0;
}
/*
* Do a set/unset user, so it's a bit clearer what's going on.
*/
-#define sql_unset_user(_i, _r) pairdelete(&_r->packet->vps, _i->sql_user->attr, _i->sql_user->vendor, TAG_ANY)
+#define sql_unset_user(_i, _r) fr_pair_delete_by_num(&_r->packet->vps, _i->sql_user->attr, _i->sql_user->vendor, TAG_ANY)
static int sql_get_grouplist(rlm_sql_t *inst, rlm_sql_handle_t **handle, REQUEST *request,
rlm_sql_grouplist_t **phead)
rlm_sql_t *inst = instance;
rlm_sql_grouplist_t *head, *entry;
+ /*
+ * No group queries, don't do group comparisons.
+ */
+ if (!inst->config->groupmemb_query) {
+ RWARN("Cannot do group comparison when group_membership_query is not set");
+ return 1;
+ }
+
RDEBUG("sql_groupcmp");
if (check->vp_length == 0){
rad_assert(request->packet != NULL);
+ if (!inst->config->groupmemb_query) {
+ RWARN("Cannot do check groups when group_membership_query is not set");
+
+ do_nothing:
+ *do_fall_through = FALL_THROUGH_DEFAULT;
+
+ /*
+ * Didn't add group attributes or allocate
+ * memory, so don't do anything else.
+ */
+ return RLM_MODULE_NOTFOUND;
+ }
+
/*
* Get the list of groups this user is a member of
*/
}
if (rows == 0) {
RDEBUG2("User not found in any groups");
- rcode = RLM_MODULE_NOTFOUND;
- *do_fall_through = FALL_THROUGH_DEFAULT;
-
- goto finish;
+ goto do_nothing;
}
rad_assert(head);
* Add the Sql-Group attribute to the request list so we know
* which group we're retrieving attributes for
*/
- sql_group = pairmake_packet("Sql-Group", NULL, T_OP_EQ);
+ sql_group = pair_make_request(inst->group_da->name, NULL, T_OP_EQ);
if (!sql_group) {
- REDEBUG("Error creating Sql-Group attribute");
+ REDEBUG("Error creating %s attribute", inst->group_da->name);
rcode = RLM_MODULE_FAIL;
goto finish;
}
do {
next:
rad_assert(entry != NULL);
- pairstrcpy(sql_group, entry->name);
+ fr_pair_value_strcpy(sql_group, entry->name);
if (inst->config->authorize_group_check_query) {
vp_cursor_t cursor;
*/
if ((rows > 0) &&
(paircompare(request, request->packet->vps, check_tmp, &request->reply->vps) != 0)) {
- pairfree(&check_tmp);
+ fr_pair_list_free(&check_tmp);
entry = entry->next;
if (!entry) break;
finish:
talloc_free(head);
- pairdelete(&request->packet->vps, inst->group_da->attr, 0, TAG_ANY);
+ fr_pair_delete_by_num(&request->packet->vps, inst->group_da->attr, 0, TAG_ANY);
return rcode;
}
{
rlm_sql_t *inst = instance;
+ /*
+ * Hack...
+ */
+ inst->config = &inst->myconfig;
+ inst->cs = conf;
+
+ inst->name = cf_section_name2(conf);
+ if (!inst->name) inst->name = cf_section_name1(conf);
+
+ /*
+ * Load the appropriate driver for our database.
+ *
+ * We need this to check if the sql_fields callback is provided.
+ */
+ inst->handle = fr_dlopenext(inst->config->sql_driver_name);
+ if (!inst->handle) {
+ ERROR("Could not link driver %s: %s", inst->config->sql_driver_name, fr_strerror());
+ ERROR("Make sure it (and all its dependent libraries!) are in the search path of your system's ld");
+ return -1;
+ }
+
+ inst->module = (rlm_sql_module_t *) dlsym(inst->handle, inst->config->sql_driver_name);
+ if (!inst->module) {
+ ERROR("Could not link symbol %s: %s", inst->config->sql_driver_name, dlerror());
+ return -1;
+ }
+
+ INFO("rlm_sql (%s): Driver %s (module %s) loaded and linked", inst->name,
+ inst->config->sql_driver_name, inst->module->name);
+
if (inst->config->groupmemb_query) {
- if (!cf_section_name2(conf)) {
+ if (cf_section_name2(conf)) {
char buffer[256];
snprintf(buffer, sizeof(buffer), "%s-SQL-Group", inst->name);
- if (paircompare_register_byname(buffer, dict_attrbyvalue(PW_USER_NAME, 0), false, sql_groupcmp, inst) < 0) {
+ if (paircompare_register_byname(buffer, dict_attrbyvalue(PW_USER_NAME, 0),
+ false, sql_groupcmp, inst) < 0) {
ERROR("Error registering group comparison: %s", fr_strerror());
return -1;
}
inst->group_da = dict_attrbyname("SQL-Group");
}
+
+ if (!inst->group_da) {
+ ERROR("Failed resolving group attribute");
+ return -1;
+ }
}
+ /*
+ * Register the SQL xlat function
+ */
+ xlat_register(inst->name, sql_xlat, sql_escape_func, inst);
+
return 0;
}
rlm_sql_t *inst = instance;
/*
- * Hack...
- */
- inst->config = &inst->myconfig;
- inst->cs = conf;
-
- inst->name = cf_section_name2(conf);
- if (!inst->name) {
- inst->name = cf_section_name1(conf);
- }
-
- rad_assert(inst->name);
-
- /*
* Complain if the strings exist, but are empty.
*/
#define CHECK_STRING(_x) if (inst->config->_x && !inst->config->_x[0]) \
WARN("rlm_sql (%s): Ignoring authorize_group_check_query as group_membership_query "
"is not configured", inst->name);
}
+
+ if (!inst->config->read_groups) {
+ WARN("rlm_sql (%s): Ignoring read_groups as group_membership_query "
+ "is not configured", inst->name);
+ inst->config->read_groups = false;
+ }
} /* allow the group check / reply queries to be NULL */
/*
inst->sql_select_query = rlm_sql_select_query;
inst->sql_fetch_row = rlm_sql_fetch_row;
- /*
- * Register the SQL xlat function
- */
- xlat_register(inst->name, sql_xlat, sql_escape_func, inst);
-
- /*
- * Load the appropriate driver for our database
- */
- inst->handle = lt_dlopenext(inst->config->sql_driver_name);
- if (!inst->handle) {
- ERROR("Could not link driver %s: %s", inst->config->sql_driver_name, dlerror());
- ERROR("Make sure it (and all its dependent libraries!) are in the search path of your system's ld");
- return -1;
- }
-
- inst->module = (rlm_sql_module_t *) dlsym(inst->handle,
- inst->config->sql_driver_name);
- if (!inst->module) {
- ERROR("Could not link symbol %s: %s", inst->config->sql_driver_name, dlerror());
- return -1;
- }
-
if (inst->module->mod_instantiate) {
CONF_SECTION *cs;
char const *name;
}
}
- inst->ef = exfile_init(inst, 64, 30, true);
+ inst->ef = exfile_init(inst, 256, 30, true);
if (!inst->ef) {
cf_log_err_cs(conf, "Failed creating log file context");
return -1;
}
- INFO("rlm_sql (%s): Driver %s (module %s) loaded and linked", inst->name,
- inst->config->sql_driver_name, inst->module->name);
-
/*
* Initialise the connection pool for this instance
*/
RDEBUG2("User found in radcheck table");
user_found = true;
if (paircompare(request, request->packet->vps, check_tmp, &request->reply->vps) != 0) {
- pairfree(&check_tmp);
+ fr_pair_list_free(&check_tmp);
check_tmp = NULL;
goto skipreply;
}
* Check for a default_profile or for a User-Profile.
*/
RDEBUG3("... falling-through to profile processing");
- user_profile = pairfind(request->config, PW_USER_PROFILE, 0, TAG_ANY);
+ user_profile = fr_pair_find_by_num(request->config, PW_USER_PROFILE, 0, TAG_ANY);
char const *profile = user_profile ?
user_profile->vp_strvalue :
return rcode;
error:
- pairfree(&check_tmp);
- pairfree(&reply_tmp);
+ fr_pair_list_free(&check_tmp);
+ fr_pair_list_free(&reply_tmp);
sql_unset_user(inst, request);
fr_connection_release(inst->pool, handle);
/* If simul_count_query is not defined, we don't do any checking */
if (!inst->config->simul_count_query) {
+ RWDEBUG("Simultaneous-Use checking requires 'simul_count_query' to be configured");
return RLM_MODULE_NOOP;
}
- if ((!request->username) || (request->username->vp_length == '\0')) {
+ if ((!request->username) || (request->username->vp_length == 0)) {
REDEBUG("Zero Length username not permitted");
return RLM_MODULE_INVALID;
if (rlm_sql_select_query(inst, request, &handle, expanded) != RLM_SQL_OK) {
rcode = RLM_MODULE_FAIL;
- goto finish;
+ goto release; /* handle may no longer be valid */
}
ret = rlm_sql_fetch_row(inst, request, &handle);
*/
request->simul_count = 0;
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY)) != NULL) {
ipno = vp->vp_ipaddr;
}
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
+ if ((vp = fr_pair_find_by_num(request->packet->vps, PW_CALLING_STATION_ID, 0, TAG_ANY)) != NULL) {
call_num = vp->vp_strvalue;
}
while (rlm_sql_fetch_row(inst, request, &handle) == 0) {
+ int num_rows;
+
row = handle->row;
if (!row) {
break;
}
+ num_rows = (inst->module->sql_num_fields)(handle, inst->config);
+ if (num_rows < 8) {
+ RDEBUG("Too few rows returned. Please do not edit 'simul_verify_query'");
+ rcode = RLM_MODULE_FAIL;
+
+ goto finish;
+ }
+
if (!row[2]){
RDEBUG("Cannot zap stale entry. No username present in entry");
rcode = RLM_MODULE_FAIL;
else if (strcmp(row[7], "SLIP") == 0)
proto = 'S';
}
- if (row[8])
+ if ((num_rows > 8) && row[8])
sess_time = atoi(row[8]);
session_zap(request, nas_addr, nas_port,
row[2], row[1], framed_addr,
extern module_t rlm_sql;
module_t rlm_sql = {
.magic = RLM_MODULE_INIT,
- .name = "SQL",
+ .name = "sql",
.type = RLM_TYPE_THREAD_SAFE,
.inst_size = sizeof(rlm_sql_t),
.config = module_config,