-/***************************************************************************
-* sql.c rlm_sql - FreeRADIUS SQL Module *
-* *
-* Main code directly taken from ICRADIUS *
-* *
-* Mike Machado <mike@innercite.com> *
-***************************************************************************/
+/*
+ * sql.c rlm_sql - FreeRADIUS SQL Module
+ * Main code directly taken from ICRADIUS
+ *
+ * Version: $Id$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ *
+ * Copyright 2001 The FreeRADIUS server project
+ * Copyright 2000 Mike Machado <mike@innercite.com>
+ * Copyright 2000 Alan DeKok <aland@ox.org>
+ * Copyright 2001 Chad Miller <cmiller@surfsouth.com>
+ */
+
+#include <freeradius-devel/autoconf.h>
+
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <errno.h>
#include <sys/wait.h>
-#include "radiusd.h"
-#include "conffile.h"
+#include <freeradius-devel/radiusd.h>
+#include <freeradius-devel/conffile.h>
#include "rlm_sql.h"
+#ifdef HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+
+
+/*
+ * Connect to a server. If error, set this socket's state to be
+ * "sockunconnected" and set a grace period, during which we won't try
+ * connecting again (to prevent unduly lagging the server and being
+ * impolite to a DB server that may be having other issues). If
+ * successful in connecting, set state to sockconnected.
+ * - chad
+ */
+static int connect_single_socket(SQLSOCK *sqlsocket, SQL_INST *inst)
+{
+ int rcode;
+ radlog(L_DBG, "rlm_sql (%s): Attempting to connect %s #%d",
+ inst->config->xlat_name, inst->module->name, sqlsocket->id);
+
+ rcode = (inst->module->sql_init_socket)(sqlsocket, inst->config);
+ if (rcode == 0) {
+ radlog(L_DBG, "rlm_sql (%s): Connected new DB handle, #%d",
+ inst->config->xlat_name, sqlsocket->id);
+ sqlsocket->state = sockconnected;
+ return(0);
+ }
+
+ /*
+ * Error, or SQL_DOWN.
+ */
+ radlog(L_CONS | L_ERR, "rlm_sql (%s): Failed to connect DB handle #%d", inst->config->xlat_name, sqlsocket->id);
+ inst->connect_after = time(NULL) + inst->config->connect_failure_retry_delay;
+ sqlsocket->state = sockunconnected;
+ return(-1);
+}
+
+
/*************************************************************************
*
- * Function: mysql_start
+ * Function: sql_init_socketpool
*
- * Purpose: Reads SQL Config File
+ * Purpose: Connect to the sql server, if possible
*
*************************************************************************/
+int sql_init_socketpool(SQL_INST * inst)
+{
+ int i, rcode;
+ int success = 0;
+ SQLSOCK *sqlsocket;
-int sql_init(CONF_PARSER *module_config, SQL_CONFIG *config, int reload) {
+ inst->connect_after = 0;
+ inst->sqlpool = NULL;
- CONF_SECTION *sql_cs;
+ for (i = 0; i < inst->config->num_sql_socks; i++) {
+ radlog(L_DBG, "rlm_sql (%s): starting %d",
+ inst->config->xlat_name, i);
- /*
- * Initialize the data structure with dynamically allocated
- * memory.
- */
- config->sql_server = strdup("localhost");
- config->sql_login = strdup("");
- config->sql_password = strdup("");
- config->sql_db = strdup("radius");
- config->sql_authcheck_table = strdup("radcheck");
- config->sql_authreply_table = strdup("radreply");
- config->sql_groupcheck_table = strdup("radgroupcheck");
- config->sql_groupreply_table = strdup("radgroupreply");
- config->sql_usergroup_table = strdup("usergroup");
- config->sql_realmgroup_table = strdup("realmgroup");
- config->sql_acct_table = strdup("radacct");
- config->sqltrace = 0;
- config->sensitiveusername = 1;
- config->deletestalesessions = 0;
-
- config->sql_nas_table = strdup("nas");
- config->sql_realm_table = strdup( "realms");
- config->sql_dict_table = strdup("dictionary");
- config->max_sql_socks = MAX_SQL_SOCKS;
+ sqlsocket = rad_malloc(sizeof(*sqlsocket));
+ if (sqlsocket == NULL) {
+ return -1;
+ }
+ memset(sqlsocket, 0, sizeof(*sqlsocket));
+ sqlsocket->conn = NULL;
+ sqlsocket->id = i;
+ sqlsocket->state = sockunconnected;
+
+#ifdef HAVE_PTHREAD_H
+ rcode = pthread_mutex_init(&sqlsocket->mutex,NULL);
+ if (rcode != 0) {
+ radlog(L_ERR, "rlm_sql: Failed to init lock: %s",
+ strerror(errno));
+ return 0;
+ }
+#endif
+ if (time(NULL) > inst->connect_after) {
+ /*
+ * This sets the sqlsocket->state, and
+ * possibly also inst->connect_after
+ */
+ if (connect_single_socket(sqlsocket, inst) == 0) {
+ success = 1;
+ }
+ }
- /*
- * Look for the module's configuration. If it doesn't
- * exists, exit quietly (and use the defaults).
- */
- sql_cs = cf_module_config_find("sql");
- if (!sql_cs) {
- return 0;
- }
-
- /*
- * If the configuration parameters can't be parsed, then
- * fail.
- */
- if (cf_section_parse(sql_cs, module_config) < 0) {
- return -1;
- }
-
- sql->config = config;
-
- radlog(L_INFO,"SQL: Attempting to connect to %s@%s:%s", sql->config->sql_login, sql->config->sql_server, sql->config->sql_db);
-
- sql_init_socket(reload);
-
- return 0;
-}
+ /* Add this socket to the list of sockets */
+ sqlsocket->next = inst->sqlpool;
+ inst->sqlpool = sqlsocket;
+ }
+ inst->last_used = NULL;
+ if (!success) {
+ radlog(L_DBG, "rlm_sql (%s): Failed to connect to any SQL server.",
+ inst->config->xlat_name);
+ }
+
+ return 1;
+}
/*************************************************************************
*
- * Function: sql_init_socket
+ * Function: sql_poolfree
*
- * Purpose: Connect to the sql server
+ * Purpose: Clean up and free sql pool
*
*************************************************************************/
-int sql_init_socket(int reload) {
-
- int i;
-
- /* Clear up old connections if reload */
- if (reload)
- for (i = 0; i < sql->config->max_sql_socks; i++)
- if (!sql_close_socket(sql->socks[i]))
- radlog(L_CONS|L_ERR, "Could not release socket %d", i);
-
+void sql_poolfree(SQL_INST * inst)
+{
+ SQLSOCK *cur;
+ SQLSOCK *next;
- /* Initalize our connection pool */
- for (i = 0; i < sql->config->max_sql_socks; i++) {
- if ((sql->socks[i] = sql_create_socket()) == NULL) {
- radlog(L_CONS|L_ERR, "SQL: Failed to connect socket %d", i);
- } else {
- sql->socks[i]->id = i;
- sql->socks[i]->in_use = 0;
- DEBUG2("SQL: Connected socket %d", i);
- }
+ for (cur = inst->sqlpool; cur; cur = next) {
+ next = cur->next;
+ sql_close_socket(inst, cur);
}
-
- return 1;
+
+ inst->sqlpool = NULL;
}
*
* Function: sql_close_socket
*
- * Purpose: Close and free a sql socket
+ * Purpose: Close and free a sql sqlsocket
*
*************************************************************************/
-int sql_close_socket(SQLSOCK *socket) {
-
- DEBUG2("SQL: Closing socket %d", socket->id);
- sql_close(socket);
- free(socket);
+int sql_close_socket(SQL_INST *inst, SQLSOCK * sqlsocket)
+{
+ radlog(L_DBG, "rlm_sql (%s): Closing sqlsocket %d",
+ inst->config->xlat_name, sqlsocket->id);
+ if (sqlsocket->state == sockconnected) {
+ (inst->module->sql_close)(sqlsocket, inst->config);
+ }
+ if (inst->module->sql_destroy_socket) {
+ (inst->module->sql_destroy_socket)(sqlsocket, inst->config);
+ }
+#ifdef HAVE_PTHREAD_H
+ pthread_mutex_destroy(&sqlsocket->mutex);
+#endif
+ free(sqlsocket);
return 1;
}
-
+
/*************************************************************************
*
* Function: sql_get_socket
*
- * Purpose: Return a SQL socket from the connection pool
+ * Purpose: Return a SQL sqlsocket from the connection pool
*
*************************************************************************/
-SQLSOCK *sql_get_socket(void) {
-
- int i = 0;
-
- DEBUG2("SQL: Attempting to reserve socket");
- while (1) {
- if (i == sql->config->max_sql_socks)
- i = 0;
- if (sql->socks[i]->in_use == 0) {
- sql->socks[i]->in_use = 1;
- gettimeofday(&(sql->socks[i]->tv), NULL);
- DEBUG2("SQL: Reserved socket %d", i);
- return sql->socks[i];
+SQLSOCK * sql_get_socket(SQL_INST * inst)
+{
+ SQLSOCK *cur, *start;
+ int tried_to_connect = 0;
+ int unconnected = 0;
+
+ /*
+ * Start at the last place we left off.
+ */
+ start = inst->last_used;
+ if (!start) start = inst->sqlpool;
+
+ cur = start;
+
+ while (cur) {
+#ifdef HAVE_PTHREAD_H
+ /*
+ * If this socket is in use by another thread,
+ * skip it, and try another socket.
+ *
+ * If it isn't used, then grab it ourselves.
+ */
+ if (pthread_mutex_trylock(&cur->mutex) != 0) {
+ goto next;
+ } /* else we now have the lock */
+#endif
+
+ /*
+ * If we happen upon an unconnected socket, and
+ * this instance's grace period on
+ * (re)connecting has expired, then try to
+ * connect it. This should be really rare.
+ */
+ if ((cur->state == sockunconnected) && (time(NULL) > inst->connect_after)) {
+ radlog(L_INFO, "rlm_sql (%s): Trying to (re)connect unconnected handle %d..", inst->config->xlat_name, cur->id);
+ tried_to_connect++;
+ connect_single_socket(cur, inst);
+ }
+
+ /* if we still aren't connected, ignore this handle */
+ if (cur->state == sockunconnected) {
+ radlog(L_DBG, "rlm_sql (%s): Ignoring unconnected handle %d..", inst->config->xlat_name, cur->id);
+ unconnected++;
+#ifdef HAVE_PTHREAD_H
+ pthread_mutex_unlock(&cur->mutex);
+#endif
+ goto next;
+ }
+
+ /* should be connected, grab it */
+ radlog(L_DBG, "rlm_sql (%s): Reserving sql socket id: %d", inst->config->xlat_name, cur->id);
+
+ if (unconnected != 0 || tried_to_connect != 0) {
+ radlog(L_INFO, "rlm_sql (%s): got socket %d after skipping %d unconnected handles, tried to reconnect %d though", inst->config->xlat_name, cur->id, unconnected, tried_to_connect);
+ }
+
+ /*
+ * The socket is returned in the locked
+ * state.
+ *
+ * We also remember where we left off,
+ * so that the next search can start from
+ * here.
+ *
+ * Note that multiple threads MAY over-write
+ * the 'inst->last_used' variable. This is OK,
+ * as it's a pointer only used for reading.
+ */
+ inst->last_used = cur->next;
+ return cur;
+
+ /* move along the list */
+ next:
+ cur = cur->next;
+
+ /*
+ * Because we didnt start at the start, once we
+ * hit the end of the linklist, we should go
+ * back to the beginning and work toward the
+ * middle!
+ */
+ if (!cur) {
+ cur = inst->sqlpool;
+ }
+
+ /*
+ * If we're at the socket we started
+ */
+ if (cur == start) {
+ break;
}
- i++;
}
+
+ /* We get here if every DB handle is unconnected and unconnectABLE */
+ radlog(L_INFO, "rlm_sql (%s): There are no DB handles to use! skipped %d, tried to connect %d", inst->config->xlat_name, unconnected, tried_to_connect);
+ return NULL;
}
/*************************************************************************
*
* Function: sql_release_socket
*
- * Purpose: Frees a SQL socket back to the connection pool
+ * Purpose: Frees a SQL sqlsocket back to the connection pool
*
*************************************************************************/
-int sql_release_socket(SQLSOCK *socket) {
-
- struct timeval tv;
- double start, end;
- char buff[24];
-
- gettimeofday(&tv, NULL);
- sprintf(buff, "%ld.%2ld", tv.tv_sec, tv.tv_usec);
- end = strtod(buff, NULL);
- sprintf(buff, "%ld %2.0ld", socket->tv.tv_sec, socket->tv.tv_usec);
- start = strtod(buff, NULL);
- DEBUG2("SQL: Socket %d used for %.2f seconds", socket->id, end - start);
-
- socket->tv.tv_sec = tv.tv_sec;
- socket->tv.tv_usec = tv.tv_usec;
- sql->socks[socket->id]->in_use = 0;
- DEBUG2("SQL: Released socket %d", socket->id);
- return 1;
+int sql_release_socket(SQL_INST * inst, SQLSOCK * sqlsocket)
+{
+#ifdef HAVE_PTHREAD_H
+ pthread_mutex_unlock(&sqlsocket->mutex);
+#endif
+
+ radlog(L_DBG, "rlm_sql (%s): Released sql socket id: %d",
+ inst->config->xlat_name, sqlsocket->id);
+
+ return 0;
}
-
+
/*************************************************************************
*
- * Function: sql_save_acct
+ * Function: sql_userparse
*
- * Purpose: Write data from the sqlrecord structure to the database
+ * Purpose: Read entries from the database and fill VALUE_PAIR structures
*
*************************************************************************/
+int sql_userparse(VALUE_PAIR ** first_pair, SQL_ROW row)
+{
+ VALUE_PAIR *pair;
+ char *ptr, *value;
+ char buf[MAX_STRING_LEN];
+ char do_xlat = 0;
+ LRAD_TOKEN token, operator = T_EOL;
-int sql_save_acct(SQLSOCK *socket, SQLACCTREC *sqlrecord) {
+ /*
+ * Verify the 'Attribute' field
+ */
+ if (row[2] == NULL || row[2][0] == '\0') {
+ radlog(L_ERR, "rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row.");
+ return -1;
+ }
- char querystr[2048];
- FILE *sqlfile;
- int num = 0;
-#ifdef NT_DOMAIN_HACK
- char *ptr;
- char newname[AUTH_STRING_LEN];
-#endif
-
+ /*
+ * Verify the 'op' field
+ */
+ if (row[4] != NULL && row[4][0] != '\0') {
+ ptr = row[4];
+ operator = gettoken(&ptr, buf, sizeof(buf));
+ }
+ if (operator <= T_EOL) {
+ /*
+ * Complain about empty or invalid 'op' field
+ */
+ operator = T_OP_CMP_EQ;
+ radlog(L_ERR, "rlm_sql: The 'op' field for attribute '%s = %s' is NULL, or non-existent.", row[2], row[3]);
+ radlog(L_ERR, "rlm_sql: You MUST FIX THIS if you want the configuration to behave as you expect.");
+ }
+ /*
+ * The 'Value' field may be empty or NULL
+ */
+ value = row[3];
+ /*
+ * If we have a new-style quoted string, where the
+ * *entire* string is quoted, do xlat's.
+ */
+ if (row[3] != NULL &&
+ ((row[3][0] == '\'') || (row[3][0] == '`') || (row[3][0] == '"')) &&
+ (row[3][0] == row[3][strlen(row[3])-1])) {
- if((sqlfile = fopen(SQLQUERYLOG, "a")) == (FILE *)NULL) {
- radlog(L_ERR, "Acct: Couldn't open file %s", SQLQUERYLOG);
- } else {
- #if defined(F_LOCK) && !defined(BSD)
- (void)lockf((int)sqlfile, (int)F_LOCK, (off_t)SQL_LOCK_LEN);
- #else
- (void)flock(sqlfile, SQL_LOCK_EX);
- #endif
- }
+ token = gettoken(&value, buf, sizeof(buf));
+ switch (token) {
+ /*
+ * Take the unquoted string.
+ */
+ case T_SINGLE_QUOTED_STRING:
+ case T_DOUBLE_QUOTED_STRING:
+ value = buf;
+ break;
+
+ /*
+ * Mark the pair to be allocated later.
+ */
+ case T_BACK_QUOTED_STRING:
+ value = NULL;
+ do_xlat = 1;
+ break;
+
+ /*
+ * Keep the original string.
+ */
+ default:
+ value = row[3];
+ break;
+ }
+ }
-#ifdef NT_DOMAIN_HACK
/*
- * Windows NT machines often authenticate themselves as
- * NT_DOMAIN\username. Try to be smart about this.
- *
- * FIXME: should we handle this as a REALM ?
+ * Create the pair
*/
- if ((ptr = strchr(sqlrecord->UserName, '\\')) != NULL) {
- strncpy(newname, ptr + 1, sizeof(newname));
- newname[sizeof(newname) - 1] = 0;
- strcpy(sqlrecord->UserName, newname);
+ pair = pairmake(row[2], value, operator);
+ if (pair == NULL) {
+ radlog(L_ERR, "rlm_sql: Failed to create the pair: %s", librad_errstr);
+ return -1;
}
-#endif /* NT_DOMAIN_HACK */
-
- if (sqlrecord->AcctStatusTypeId == PW_STATUS_ACCOUNTING_ON || sqlrecord->AcctStatusTypeId == PW_STATUS_ACCOUNTING_OFF) {
- radlog(L_INFO, "Portmaster %s rebooted at %s", sqlrecord->NASIPAddress, sqlrecord->AcctTimeStamp);
-
- /* The Terminal server informed us that it was rebooted
- * STOP all records from this NAS */
-
- sprintf(querystr, "UPDATE %s SET AcctStopTime='%s', AcctSessionTime=unix_timestamp('%s') - unix_timestamp(AcctStartTime), AcctTerminateCause='%s', AcctStopDelay = %ld WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%s' AND AcctStartTime <= '%s'", sql->config->sql_acct_table, sqlrecord->AcctTimeStamp, sqlrecord->AcctTimeStamp, sqlrecord->AcctTerminateCause, sqlrecord->AcctDelayTime, sqlrecord->NASIPAddress, sqlrecord->AcctTimeStamp);
-
- if (sql_query(socket, querystr) < 0)
- radlog(L_ERR, "Acct: Couldn't update SQL accounting after NAS reboot - %s", sql_error(socket));
- sql_finish_query(socket);
-
- if (sqlfile) {
- fputs(querystr, sqlfile);
- fputs(";\n", sqlfile);
- fclose(sqlfile);
- }
- return 0;
- }
-
- if (sqlrecord->AcctStatusTypeId == PW_STATUS_ALIVE) {
- sprintf(querystr, "UPDATE %s SET FramedIPAddress = '%s' WHERE AcctSessionId = '%s' AND UserName = '%s' AND NASIPAddress= '%s'", sql->config->sql_acct_table, sqlrecord->FramedIPAddress, sqlrecord->AcctSessionId, sqlrecord->UserName, sqlrecord->NASIPAddress);
- if (sql_query(socket, querystr) < 0)
- radlog(L_ERR, "Acct: Couldn't update SQL accounting for ALIVE packet - %s", sql_error(socket));
- sql_finish_query(socket);
-
- if (sqlfile) {
- fputs(querystr, sqlfile);
- fputs(";\n", sqlfile);
- fclose(sqlfile);
- }
- return 0;
+ if (do_xlat) {
+ pair->flags.do_xlat = 1;
+ strNcpy(pair->vp_strvalue, buf, sizeof(pair->vp_strvalue));
+ pair->length = 0;
}
- /* Got start record */
- if(sqlrecord->AcctStatusTypeId == PW_STATUS_START) {
-
- /* Set start time on record with only a stop record */
- snprintf(querystr, 2048, "UPDATE %s SET AcctStartTime = '%s', AcctStartDelay = %ld WHERE AcctSessionId = '%s' AND UserName = '%s' AND NASIPAddress = '%s'",
- sql->config->sql_acct_table,
- sqlrecord->AcctTimeStamp,
- sqlrecord->AcctDelayTime,
- sqlrecord->AcctSessionId,
- sqlrecord->UserName,
- sqlrecord->NASIPAddress
- );
- if (sql_query(socket, querystr) < 0)
- radlog(L_ERR, "Acct: Couldn't update SQL accounting START record - %s", sql_error(socket));
- sql_finish_query(socket);
-
- num = sql_affected_rows(socket);
- if (num == 0) {
-
- /* Insert new record with blank stop time until stop record is got */
- snprintf(querystr, 2048, "INSERT INTO %s VALUES (0, '%s', '%s', '%s', '%s', %ld, '%s', '%s', 0, 0, '%s', '%s', 0, 0, '%s', '%s', '', '%s', '%s', '%s', %ld, 0)",
- sql->config->sql_acct_table,
- sqlrecord->AcctSessionId,
- sqlrecord->UserName,
- sqlrecord->Realm,
- sqlrecord->NASIPAddress,
- sqlrecord->NASPortId,
- sqlrecord->NASPortType,
- sqlrecord->AcctTimeStamp,
- sqlrecord->AcctAuthentic,
- sqlrecord->ConnectInfo,
- sqlrecord->CalledStationId,
- sqlrecord->CallingStationId,
- sqlrecord->ServiceType,
- sqlrecord->FramedProtocol,
- sqlrecord->FramedIPAddress,
- sqlrecord->AcctDelayTime
- );
-
- if (sql_query(socket, querystr) < 0)
- radlog(L_ERR, "Acct: Couldn't insert SQL accounting START record - %s", sql_error(socket));
- sql_finish_query(socket);
- }
-
- /* Got stop record */
- } else {
-
- sprintf(querystr, "SELECT RadAcctId FROM %s WHERE AcctSessionId='%s' AND NASIPAddress='%s' AND UserName='%s'", sql->config->sql_acct_table, sqlrecord->AcctSessionId, sqlrecord->NASIPAddress, sqlrecord->UserName);
- sql_select_query(socket, querystr);
- num = sql_num_rows(socket);
- sql_finish_select_query(socket);
-
- if (num > 0) {
-
- /* Set stop time on matching record with start time */
- snprintf(querystr, 2048, "UPDATE %s SET AcctStopTime = '%s', AcctSessionTime = '%lu', AcctInputOctets = '%lu', AcctOutputOctets = '%lu', AcctTerminateCause = '%s', AcctStopDelay = %ld WHERE AcctSessionId = '%s' AND UserName = '%s' AND NASIPAddress = '%s'",
- sql->config->sql_acct_table,
- sqlrecord->AcctTimeStamp,
- sqlrecord->AcctSessionTime,
- sqlrecord->AcctInputOctets,
- sqlrecord->AcctOutputOctets,
- sqlrecord->AcctTerminateCause,
- sqlrecord->AcctDelayTime,
- sqlrecord->AcctSessionId,
- sqlrecord->UserName,
- sqlrecord->NASIPAddress
- );
-
-
- if (sql_query(socket, querystr) < 0)
- radlog(L_ERR, "Acct: Couldn't update SQL accounting STOP record - %s", sql_error(socket));
- sql_finish_query(socket);
-
- } else if (num == 0) {
-
-#ifdef CISCO_ACCOUNTING_HACK
- /* If stop but zero session length AND no previous session found, drop it as in invalid packet */
- /* This is to fix CISCO's aaa from filling our table with bogus crap */
- if (sqlrecord->AcctSessionTime <= 0) {
- radlog(L_ERR, "Acct: Invalid STOP record. [%s] STOP record but zero session length? (nas %s)", sqlrecord->UserName, sqlrecord->NASIPAddress);
- return 0;
- }
-#endif
-
- /* Insert record with no start time until matching start record comes */
- snprintf(querystr, 2048, "INSERT INTO %s VALUES (0, '%s', '%s', '%s', '%s', %ld, '%s', 0, '%s', '%lu', '%s', '%s', '%lu', '%lu', '%s', '%s', '%s', '%s', '%s', '%s', 0, %ld)",
- sql->config->sql_acct_table,
- sqlrecord->AcctSessionId,
- sqlrecord->UserName,
- sqlrecord->Realm,
- sqlrecord->NASIPAddress,
- sqlrecord->NASPortId,
- sqlrecord->NASPortType,
- sqlrecord->AcctTimeStamp,
- sqlrecord->AcctSessionTime,
- sqlrecord->AcctAuthentic,
- sqlrecord->ConnectInfo,
- sqlrecord->AcctInputOctets,
- sqlrecord->AcctOutputOctets,
- sqlrecord->CalledStationId,
- sqlrecord->CallingStationId,
- sqlrecord->AcctTerminateCause,
- sqlrecord->ServiceType,
- sqlrecord->FramedProtocol,
- sqlrecord->FramedIPAddress,
- sqlrecord->AcctDelayTime
- );
-
- if (sql_query(socket, querystr) < 0)
- radlog(L_ERR, "Acct: Couldn't insert SQL accounting STOP record - %s", sql_error(socket));
- sql_finish_query(socket);
- }
-
- }
- if (sqlfile) {
- fputs(querystr, sqlfile);
- fputs(";\n", sqlfile);
- fflush(sqlfile);
- fclose(sqlfile);
- }
-
- return 0;
-
+ /*
+ * Add the pair into the packet
+ */
+ pairadd(first_pair, pair);
+ return 0;
}
/*************************************************************************
*
- * Function: sql_userparse
+ * Function: rlm_sql_fetch_row
*
- * Purpose: Read entries from the database and fill VALUE_PAIR structures
+ * Purpose: call the module's sql_fetch_row and implement re-connect
*
*************************************************************************/
-int sql_userparse(VALUE_PAIR **first_pair, SQL_ROW row, int mode) {
+int rlm_sql_fetch_row(SQLSOCK *sqlsocket, SQL_INST *inst)
+{
+ int ret;
- DICT_ATTR *attr;
- VALUE_PAIR *pair, *check;
+ if (sqlsocket->conn) {
+ ret = (inst->module->sql_fetch_row)(sqlsocket, inst->config);
+ } else {
+ ret = SQL_DOWN;
+ }
+ if (ret == SQL_DOWN) {
+ /* close the socket that failed, but only if it was open */
+ if (sqlsocket->conn) {
+ (inst->module->sql_close)(sqlsocket, inst->config);
+ }
- if((attr = dict_attrbyname(row[2])) == (DICT_ATTR *)NULL) {
- radlog(L_ERR|L_CONS, "unknown attribute %s", row[2]);
- return(-1);
- }
+ /* reconnect the socket */
+ if (connect_single_socket(sqlsocket, inst) < 0) {
+ radlog(L_ERR, "rlm_sql (%s): reconnect failed, database down?", inst->config->xlat_name);
+ return -1;
+ }
- /* If attribute is already there, skip it because we checked usercheck first
- and we want user settings to over ride group settings */
- if ((check = pairfind(*first_pair, attr->attr)) != NULL && mode == PW_VP_GROUPDATA)
- return 0;
+ /* retry the query on the newly connected socket */
+ ret = (inst->module->sql_fetch_row)(sqlsocket, inst->config);
- pair = pairmake(row[2], row[3], T_OP_CMP_EQ);
- pairadd(first_pair, pair);
-
- return 0;
-}
+ if (ret) {
+ radlog(L_ERR, "rlm_sql (%s): failed after re-connect",
+ inst->config->xlat_name);
+ return -1;
+ }
+ }
+ return ret;
+}
/*************************************************************************
*
- * Function: sql_getvpdata
+ * Function: rlm_sql_query
*
- * Purpose: Get any group check or reply pairs
+ * Purpose: call the module's sql_query and implement re-connect
*
*************************************************************************/
-int sql_getvpdata(SQLSOCK *socket, char *table, VALUE_PAIR **vp, char *user, int mode) {
-
- char querystr[256];
- char authstr[256];
- char username[AUTH_STRING_LEN*2+1];
- SQL_ROW row;
- int rows;
- int length;
-
- if (strlen(user) > AUTH_STRING_LEN)
- length = AUTH_STRING_LEN;
- else
- length = strlen(user);
-
- /* FIXME CHECK user for weird charactors!! */
- sql_escape_string(username, user, length);
-
- if (mode == PW_VP_USERDATA) {
- if (sql->config->sensitiveusername)
- sprintf(authstr, "STRCMP(Username, '%s') = 0", username);
- else
- sprintf(authstr, "UserName = '%s'", username);
- sprintf(querystr, "SELECT * FROM %s WHERE %s ORDER BY id", table, authstr);
- } else if (mode == PW_VP_GROUPDATA) {
- if (sql->config->sensitiveusername)
- sprintf(authstr, "STRCMP(%s.Username, '%s') = 0", sql->config->sql_usergroup_table, username);
- else
- sprintf(authstr, "%s.UserName = '%s'",sql->config->sql_usergroup_table, username);
- sprintf(querystr, "SELECT %s.* FROM %s, %s WHERE %s AND %s.GroupName = %s.GroupName ORDER BY %s.id", table, table, sql->config->sql_usergroup_table, authstr, sql->config->sql_usergroup_table, table, table);
- } else if (mode == PW_VP_REALMDATA)
- sprintf(querystr, "SELECT %s.* FROM %s, %s WHERE %s.RealmName = '%s' AND %s.GroupName = %s.GroupName ORDER BY %s.id", table, table, sql->config->sql_realmgroup_table, sql->config->sql_realmgroup_table, username, sql->config->sql_realmgroup_table, table, table);
- sql_select_query(socket, querystr);
- rows = sql_num_rows(socket);
- while ((row = sql_fetch_row(socket))) {
-
- if (sql_userparse(vp, row, mode) != 0) {
- radlog(L_ERR|L_CONS, "Error getting data from database");
- sql_finish_select_query(socket);
- return -1;
- }
+int rlm_sql_query(SQLSOCK *sqlsocket, SQL_INST *inst, char *query)
+{
+ int ret;
+
+ /*
+ * If there's no query, return an error.
+ */
+ if (!query || !*query) {
+ return -1;
}
- sql_finish_select_query(socket);
- return rows;
+ ret = (inst->module->sql_query)(sqlsocket, inst->config, query);
-}
+ if (ret == SQL_DOWN) {
+ /* close the socket that failed */
+ (inst->module->sql_close)(sqlsocket, inst->config);
+
+ /* reconnect the socket */
+ if (connect_single_socket(sqlsocket, inst) < 0) {
+ radlog(L_ERR, "rlm_sql (%s): reconnect failed, database down?", inst->config->xlat_name);
+ return -1;
+ }
+ /* retry the query on the newly connected socket */
+ ret = (inst->module->sql_query)(sqlsocket, inst->config, query);
-static int got_alrm;
-static void alrm_handler()
-{
- got_alrm = 1;
+ if (ret) {
+ radlog(L_ERR, "rlm_sql (%s): failed after re-connect",
+ inst->config->xlat_name);
+ return -1;
+ }
+ }
+
+ return ret;
}
/*************************************************************************
*
- * Function: sql_check_ts
+ * Function: rlm_sql_select_query
*
- * Purpose: Checks the terminal server for a spacific login entry
+ * Purpose: call the module's sql_select_query and implement re-connect
*
*************************************************************************/
-static int sql_check_ts(SQL_ROW row) {
-
- int pid, st, e;
- int n;
- NAS *nas;
- char session_id[12];
- char *s;
- void (*handler)(int);
+int rlm_sql_select_query(SQLSOCK *sqlsocket, SQL_INST *inst, char *query)
+{
+ int ret;
/*
- * Find NAS type.
+ * If there's no query, return an error.
*/
- if ((nas = nas_find(ip_addr(row[4]))) == NULL) {
- radlog(L_ERR, "Accounting: unknown NAS [%s]", row[4]);
- return -1;
- }
-
- /*
- * Fork.
- */
- handler = signal(SIGCHLD, SIG_DFL);
- if ((pid = fork()) < 0) {
- radlog(L_ERR, "Accounting: fork: %s", strerror(errno));
- signal(SIGCHLD, handler);
- return -1;
- }
-
- if (pid > 0) {
- /*
- * Parent - Wait for checkrad to terminate.
- * We timeout in 10 seconds.
- */
- got_alrm = 0;
- signal(SIGALRM, alrm_handler);
- alarm(10);
- while((e = waitpid(pid, &st, 0)) != pid)
- if (e < 0 && (errno != EINTR || got_alrm))
- break;
- alarm(0);
- signal(SIGCHLD, handler);
- if (got_alrm) {
- kill(pid, SIGTERM);
- sleep(1);
- kill(pid, SIGKILL);
- radlog(L_ERR, "Check-TS: timeout waiting for checkrad");
- return 2;
- }
- if (e < 0) {
- radlog(L_ERR, "Check-TS: unknown error in waitpid()");
- return 2;
- }
- return WEXITSTATUS(st);
- }
-
- /*
- * Child - exec checklogin with the right parameters.
- */
- for (n = 32; n >= 3; n--)
- close(n);
-
- sprintf(session_id, "%.8s", row[1]);
-
- s = CHECKRAD2;
- execl(CHECKRAD2, "checkrad", nas->nastype, row[4], row[5],
- row[2], session_id, NULL);
- if (errno == ENOENT) {
- s = CHECKRAD1;
- execl(CHECKRAD1, "checklogin", nas->nastype, row[4], row[5],
- row[2], session_id, NULL);
- }
- radlog(L_ERR, "Check-TS: exec %s: %s", s, strerror(errno));
-
- /*
- * Exit - 2 means "some error occured".
- */
- exit(2);
+ if (!query || !*query) {
+ return -1;
+ }
+
+ ret = (inst->module->sql_select_query)(sqlsocket, inst->config, query);
+
+ if (ret == SQL_DOWN) {
+ /* close the socket that failed */
+ (inst->module->sql_close)(sqlsocket, inst->config);
+ /* reconnect the socket */
+ if (connect_single_socket(sqlsocket, inst) < 0) {
+ radlog(L_ERR, "rlm_sql (%s): reconnect failed, database down?", inst->config->xlat_name);
+ return -1;
+ }
+
+ /* retry the query on the newly connected socket */
+ ret = (inst->module->sql_select_query)(sqlsocket, inst->config, query);
+
+ if (ret) {
+ radlog(L_ERR, "rlm_sql (%s): failed after re-connect",
+ inst->config->xlat_name);
+ return -1;
+ }
+ }
+
+ return ret;
}
/*************************************************************************
*
- * Function: sql_check_multi
+ * Function: sql_getvpdata
*
- * Purpose: Check radius accounting for duplicate logins
+ * Purpose: Get any group check or reply pairs
*
*************************************************************************/
-int sql_check_multi(SQLSOCK *socket, char *name, VALUE_PAIR *request, int maxsimul) {
-
- char querystr[256];
- char authstr[256];
- VALUE_PAIR *fra;
- SQL_ROW row;
- int count = 0;
- uint32_t ipno = 0;
- int mpp = 1;
-
- if (sql->config->sensitiveusername)
- sprintf(authstr, "STRCMP(UserName, '%s') = 0", name);
- else
- sprintf(authstr, "UserName = '%s'", name);
- sprintf(querystr, "SELECT COUNT(*) FROM %s WHERE %s AND AcctStopTime = 0", sql->config->sql_acct_table, authstr);
- sql_select_query(socket, querystr);
- row = sql_fetch_row(socket);
- count = atoi(row[0]);
- sql_finish_select_query(socket);
-
- if (count < maxsimul)
- return 0;
+int sql_getvpdata(SQL_INST * inst, SQLSOCK * sqlsocket, VALUE_PAIR **pair, char *query)
+{
+ SQL_ROW row;
+ int rows = 0;
/*
- * Setup some stuff, like for MPP detection.
- */
- if ((fra = pairfind(request, PW_FRAMED_IP_ADDRESS)) != NULL)
- ipno = htonl(fra->lvalue);
-
- count = 0;
- sprintf(querystr, "SELECT * FROM %s WHERE %s AND AcctStopTime = 0", sql->config->sql_acct_table, authstr);
- sql_select_query(socket, querystr);
- while ((row = sql_fetch_row(socket))) {
- int check = sql_check_ts(row);
- if (check == 1) {
- count++;
-
- if (ipno && atoi(row[19]) == ipno)
- mpp = 2;
-
- } else if (check == 2)
- radlog(L_ERR,"Problem with checkrad [%s] (from nas %s)", name, row[4]);
- else {
- /*
- * False record - zap it
- */
-
- if (sql->config->deletestalesessions) {
- SQLSOCK *socket;
+ * If there's no query, return an error.
+ */
+ if (!query || !*query) {
+ return -1;
+ }
- radlog(L_ERR,"Deleteing stale session [%s] (from nas %s/%s)", row[2], row[4], row[5]);
- socket = sql_get_socket();
- sprintf(querystr, "DELETE FROM %s WHERE RadAcctId = '%s'", sql->config->sql_acct_table, row[0]);
- sql_query(socket, querystr);
- sql_finish_query(socket);
- sql_close_socket(socket);
- }
+ if (rlm_sql_select_query(sqlsocket, inst, query)) {
+ radlog(L_ERR, "rlm_sql_getvpdata: database query error");
+ return -1;
+ }
+ while (rlm_sql_fetch_row(sqlsocket, inst)==0) {
+ row = sqlsocket->row;
+ if (!row)
+ break;
+ if (sql_userparse(pair, row) != 0) {
+ radlog(L_ERR | L_CONS, "rlm_sql (%s): Error getting data from database", inst->config->xlat_name);
+ (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
+ return -1;
}
+ rows++;
}
- sql_finish_select_query(socket);
+ (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
- return (count < maxsimul) ? 0 : mpp;
+ return rows;
+}
+void query_log(REQUEST *request, SQL_INST *inst, char *querystr)
+{
+ FILE *sqlfile = NULL;
+
+ if (inst->config->sqltrace) {
+ char buffer[8192];
+
+ if (!radius_xlat(buffer, sizeof(buffer),
+ inst->config->tracefile, request, NULL)) {
+ radlog(L_ERR, "rlm_sql (%s): xlat failed.",
+ inst->config->xlat_name);
+ return;
+ }
+
+ if ((sqlfile = fopen(buffer, "a")) == (FILE *) NULL) {
+ radlog(L_ERR, "rlm_sql (%s): Couldn't open file %s",
+ inst->config->xlat_name,
+ buffer);
+ } else {
+ int fd = fileno(sqlfile);
+
+ rad_lockfd(fd, MAX_QUERY_LEN);
+ fputs(querystr, sqlfile);
+ fputs(";\n", sqlfile);
+ fclose(sqlfile); /* and release the lock */
+ }
+ }
}