2 * modules.c Radius module support.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2003,2006 The FreeRADIUS server project
21 * Copyright 2000 Alan DeKok <aland@ox.org>
22 * Copyright 2000 Alan Curry <pacman@world.std.com>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/modpriv.h>
30 #include <freeradius-devel/modcall.h>
31 #include <freeradius-devel/rad_assert.h>
33 extern int check_config;
35 typedef struct indexed_modcallable {
38 modcallable *modulelist;
39 } indexed_modcallable;
41 typedef struct virtual_server_t {
47 modcallable *mc[RLM_COMPONENT_COUNT];
48 CONF_SECTION *subcs[RLM_COMPONENT_COUNT];
49 struct virtual_server_t *next;
53 * Keep a hash of virtual servers, so that we can reload them.
55 #define VIRTUAL_SERVER_HASH_SIZE (256)
56 static virtual_server_t *virtual_servers[VIRTUAL_SERVER_HASH_SIZE];
58 static rbtree_t *module_tree = NULL;
60 static rbtree_t *instance_tree = NULL;
62 struct fr_module_hup_t {
63 module_instance_t *mi;
66 fr_module_hup_t *next;
70 typedef struct section_type_value_t {
74 } section_type_value_t;
77 * Ordered by component
79 static const section_type_value_t section_type_value[RLM_COMPONENT_COUNT] = {
80 { "authenticate", "Auth-Type", PW_AUTH_TYPE },
81 { "authorize", "Autz-Type", PW_AUTZ_TYPE },
82 { "preacct", "Pre-Acct-Type", PW_PRE_ACCT_TYPE },
83 { "accounting", "Acct-Type", PW_ACCT_TYPE },
84 { "session", "Session-Type", PW_SESSION_TYPE },
85 { "pre-proxy", "Pre-Proxy-Type", PW_PRE_PROXY_TYPE },
86 { "post-proxy", "Post-Proxy-Type", PW_POST_PROXY_TYPE },
87 { "post-auth", "Post-Auth-Type", PW_POST_AUTH_TYPE }
90 { "recv-coa", "Recv-CoA-Type", PW_RECV_COA_TYPE },
91 { "send-coa", "Send-CoA-Type", PW_SEND_COA_TYPE }
96 #ifdef WITHOUT_LIBLTDL
104 #define RTLD_LOCAL (0)
107 #define fr_dlopenext lt_dlopenext
108 lt_dlhandle lt_dlopenext(const char *name)
112 strlcpy(buffer, name, sizeof(buffer));
115 * FIXME: Make this configurable...
117 strlcat(buffer, ".so", sizeof(buffer));
119 return dlopen(buffer, RTLD_NOW | RTLD_LOCAL);
122 void *lt_dlsym(lt_dlhandle handle, UNUSED const char *symbol)
124 return dlsym(handle, symbol);
127 int lt_dlclose(lt_dlhandle handle)
129 if (!handle) return 0;
131 return dlclose(handle);
134 const char *lt_dlerror(void)
140 #else /* without dlopen */
141 typedef struct lt_dlmodule_t {
146 typedef struct eap_type_t EAP_TYPE;
147 typedef struct rlm_sql_module_t rlm_sql_module_t;
150 * FIXME: Write hackery to auto-generate this data.
151 * We only need to do this on systems that don't have dlopen.
153 extern module_t rlm_pap;
154 extern module_t rlm_chap;
155 extern module_t rlm_eap;
156 extern module_t rlm_sql;
159 extern EAP_TYPE rlm_eap_md5;
160 extern rlm_sql_module_t rlm_sql_mysql;
163 static const lt_dlmodule_t lt_dlmodules[] = {
164 { "rlm_pap", &rlm_pap },
165 { "rlm_chap", &rlm_chap },
166 { "rlm_eap", &rlm_eap },
169 { "rlm_eap_md5", &rlm_eap_md5 },
172 { "rlm_sql_mysql", &rlm_sql_mysql },
178 #define fr_dlopenext lt_dlopenext
179 lt_dlhandle lt_dlopenext(const char *name)
183 for (i = 0; lt_dlmodules[i].name != NULL; i++) {
184 if (strcmp(name, lt_dlmodules[i].name) == 0) {
185 return lt_dlmodules[i].ref;
192 void *lt_dlsym(lt_dlhandle handle, UNUSED const char *symbol)
197 int lt_dlclose(lt_dlhandle handle)
202 const char *lt_dlerror(void)
204 return "Unspecified error";
207 #endif /* WITH_DLOPEN */
208 #else /* WITHOUT_LIBLTDL */
211 * Solve the issues of libraries linking to other libraries
212 * by using a newer libltdl API.
214 #ifndef HAVE_LT_DLADVISE_INIT
215 #define fr_dlopenext lt_dlopenext
217 static lt_dlhandle fr_dlopenext(const char *filename)
219 lt_dlhandle handle = 0;
222 if (!lt_dladvise_init (&advise) &&
223 !lt_dladvise_ext (&advise) &&
224 !lt_dladvise_global (&advise)) {
225 handle = lt_dlopenadvise (filename, advise);
228 lt_dladvise_destroy (&advise);
232 #endif /* HAVE_LT_DLADVISE_INIT */
233 #endif /* WITHOUT_LIBLTDL */
235 static int virtual_server_idx(const char *name)
241 hash = fr_hash_string(name);
243 return hash & (VIRTUAL_SERVER_HASH_SIZE - 1);
246 static void virtual_server_free(virtual_server_t *server)
250 if (server->components) rbtree_free(server->components);
251 server->components = NULL;
256 void virtual_servers_free(time_t when)
259 virtual_server_t **last;
261 for (i = 0; i < VIRTUAL_SERVER_HASH_SIZE; i++) {
262 virtual_server_t *server, *next;
264 last = &virtual_servers[i];
265 for (server = virtual_servers[i];
271 * If we delete it, fix the links so that
272 * we don't orphan anything. Also,
273 * delete it if it's old, AND a newer one
276 * Otherwise, the last pointer gets set to
277 * the one we didn't delete.
280 ((server->created < when) && server->can_free)) {
281 *last = server->next;
282 virtual_server_free(server);
284 last = &(server->next);
290 static void indexed_modcallable_free(void *data)
292 indexed_modcallable *c = data;
294 modcallable_free(&c->modulelist);
298 static int indexed_modcallable_cmp(const void *one, const void *two)
300 const indexed_modcallable *a = one;
301 const indexed_modcallable *b = two;
303 if (a->comp < b->comp) return -1;
304 if (a->comp > b->comp) return +1;
306 return a->idx - b->idx;
311 * Compare two module entries
313 static int module_instance_cmp(const void *one, const void *two)
315 const module_instance_t *a = one;
316 const module_instance_t *b = two;
318 return strcmp(a->name, b->name);
322 static void module_instance_free_old(CONF_SECTION *cs, module_instance_t *node,
325 fr_module_hup_t *mh, **last;
328 * Walk the list, freeing up old instances.
335 * Free only every 60 seconds.
337 if ((when - mh->when) < 60) {
342 cf_section_parse_free(cs, mh->insthandle);
344 if (node->entry->module->detach) {
345 (node->entry->module->detach)(mh->insthandle);
347 free(mh->insthandle);
357 * Free a module instance.
359 static void module_instance_free(void *data)
361 module_instance_t *this = data;
363 module_instance_free_old(this->cs, this, time(NULL) + 100);
365 if (this->entry->module->detach) {
366 (this->entry->module->detach)(this->insthandle);
369 #ifdef HAVE_PTHREAD_H
373 * The mutex MIGHT be locked...
374 * we'll check for that later, I guess.
376 pthread_mutex_destroy(this->mutex);
380 memset(this, 0, sizeof(*this));
386 * Compare two module entries
388 static int module_entry_cmp(const void *one, const void *two)
390 const module_entry_t *a = one;
391 const module_entry_t *b = two;
393 return strcmp(a->name, b->name);
397 * Free a module entry.
399 static void module_entry_free(void *data)
401 module_entry_t *this = data;
403 lt_dlclose(this->handle); /* ignore any errors */
404 memset(this, 0, sizeof(*this));
410 * Remove the module lists.
412 int detach_modules(void)
414 rbtree_free(instance_tree);
415 rbtree_free(module_tree);
424 * Find a module on disk or in memory, and link to it.
426 static module_entry_t *linkto_module(const char *module_name,
429 module_entry_t myentry;
430 module_entry_t *node;
431 lt_dlhandle handle = NULL;
432 char module_struct[256];
434 const module_t *module;
436 strlcpy(myentry.name, module_name, sizeof(myentry.name));
437 node = rbtree_finddata(module_tree, &myentry);
438 if (node) return node;
441 * Link to the module's rlm_FOO{} module structure.
443 * The module_name variable has the version number
444 * embedded in it, and we don't want that here.
446 strcpy(module_struct, module_name);
447 p = strrchr(module_struct, '-');
450 #if defined(WITHOUT_LIBLTDL) && defined (WITH_DLOPEN) && defined(RTLD_SELF)
451 module = lt_dlsym(RTLD_SELF, module_struct);
452 if (module) goto open_self;
456 * Keep the handle around so we can dlclose() it.
458 handle = fr_dlopenext(module_name);
459 if (handle == NULL) {
460 cf_log_err(cf_sectiontoitem(cs),
461 "Failed to link to module '%s': %s\n",
462 module_name, lt_dlerror());
466 DEBUG3(" (Loaded %s, checking if it's valid)", module_name);
469 * libltld MAY core here, if the handle it gives us contains
472 module = lt_dlsym(handle, module_struct);
474 cf_log_err(cf_sectiontoitem(cs),
475 "Failed linking to %s structure: %s\n",
476 module_name, lt_dlerror());
481 #if defined(WITHOUT_LIBLTDL) && defined (WITH_DLOPEN) && defined(RTLD_SELF)
485 * Before doing anything else, check if it's sane.
487 if (module->magic != RLM_MODULE_MAGIC_NUMBER) {
489 cf_log_err(cf_sectiontoitem(cs),
490 "Invalid version in module '%s'",
496 /* make room for the module type */
497 node = rad_malloc(sizeof(*node));
498 memset(node, 0, sizeof(*node));
499 strlcpy(node->name, module_name, sizeof(node->name));
500 node->module = module;
501 node->handle = handle;
503 cf_log_module(cs, "Linked to module %s", module_name);
506 * Add the module as "rlm_foo-version" to the configuration
509 if (!rbtree_insert(module_tree, node)) {
510 radlog(L_ERR, "Failed to cache module %s", module_name);
520 * Find a module instance.
522 module_instance_t *find_module_instance(CONF_SECTION *modules,
523 const char *instname, int do_link)
525 int check_config_safe = FALSE;
528 module_instance_t *node, myNode;
529 char module_name[256];
531 if (!modules) return NULL;
534 * Module instances are declared in the modules{} block
535 * and referenced later by their name, which is the
536 * name2 from the config section, or name1 if there was
539 cs = cf_section_sub_find_name2(modules, NULL, instname);
541 radlog(L_ERR, "ERROR: Cannot find a configuration entry for module \"%s\".\n", instname);
546 * If there's already a module instance, return it.
548 strlcpy(myNode.name, instname, sizeof(myNode.name));
549 node = rbtree_finddata(instance_tree, &myNode);
550 if (node) return node;
552 if (!do_link) return NULL;
554 name1 = cf_section_name1(cs);
557 * Found the configuration entry.
559 node = rad_malloc(sizeof(*node));
560 memset(node, 0, sizeof(*node));
562 node->insthandle = NULL;
566 * Names in the "modules" section aren't prefixed
567 * with "rlm_", so we add it here.
569 snprintf(module_name, sizeof(module_name), "rlm_%s", name1);
571 node->entry = linkto_module(module_name, cs);
574 /* linkto_module logs any errors */
578 if (check_config && (node->entry->module->instantiate) &&
579 (node->entry->module->type & RLM_TYPE_CHECK_CONFIG_SAFE) == 0) {
580 const char *value = NULL;
583 cp = cf_pair_find(cs, "force_check_config");
584 if (cp) value = cf_pair_value(cp);
586 if (value && (strcmp(value, "yes") == 0)) goto print_inst;
588 cf_log_module(cs, "Skipping instantiation of %s", instname);
591 check_config_safe = TRUE;
592 cf_log_module(cs, "Instantiating %s", instname);
596 * Call the module's instantiation routine.
598 if ((node->entry->module->instantiate) &&
599 (!check_config || check_config_safe) &&
600 ((node->entry->module->instantiate)(cs, &node->insthandle) < 0)) {
601 cf_log_err(cf_sectiontoitem(cs),
602 "Instantiation failed for module \"%s\"",
609 * We're done. Fill in the rest of the data structure,
610 * and link it to the module instance list.
612 strlcpy(node->name, instname, sizeof(node->name));
614 #ifdef HAVE_PTHREAD_H
616 * If we're threaded, check if the module is thread-safe.
618 * If it isn't, we create a mutex.
620 if ((node->entry->module->type & RLM_TYPE_THREAD_UNSAFE) != 0) {
621 node->mutex = (pthread_mutex_t *) rad_malloc(sizeof(pthread_mutex_t));
623 * Initialize the mutex.
625 pthread_mutex_init(node->mutex, NULL);
628 * The module is thread-safe. Don't give it a mutex.
634 rbtree_insert(instance_tree, node);
639 static indexed_modcallable *lookup_by_index(rbtree_t *components,
642 indexed_modcallable myc;
647 return rbtree_finddata(components, &myc);
651 * Create a new sublist.
653 static indexed_modcallable *new_sublist(rbtree_t *components, int comp, int idx)
655 indexed_modcallable *c;
657 c = lookup_by_index(components, comp, idx);
659 /* It is an error to try to create a sublist that already
660 * exists. It would almost certainly be caused by accidental
661 * duplication in the config file.
663 * index 0 is the exception, because it is used when we want
664 * to collect _all_ listed modules under a single index by
665 * default, which is currently the case in all components
666 * except authenticate. */
674 c = rad_malloc(sizeof(*c));
675 c->modulelist = NULL;
679 if (!rbtree_insert(components, c)) {
687 int indexed_modcall(int comp, int idx, REQUEST *request)
690 modcallable *list = NULL;
691 virtual_server_t *server;
694 * Hack to find the correct virtual server.
696 rcode = virtual_server_idx(request->server);
697 for (server = virtual_servers[rcode];
699 server = server->next) {
700 if (!request->server && !server->name) break;
702 if ((request->server && server->name) &&
703 (strcmp(request->server, server->name) == 0)) break;
707 RDEBUG("No such virtual server \"%s\"", request->server);
708 return RLM_MODULE_FAIL;
712 list = server->mc[comp];
713 if (!list) RDEBUG2(" WARNING: Empty %s section. Using default return values.", section_type_value[comp].section);
716 indexed_modcallable *this;
718 this = lookup_by_index(server->components, comp, idx);
720 list = this->modulelist;
722 RDEBUG2(" WARNING: Unknown value specified for %s. Cannot perform requested action.",
723 section_type_value[comp].typename);
727 request->component = section_type_value[comp].section;
729 rcode = modcall(comp, list, request);
731 request->module = "";
732 request->component = "";
737 * Load a sub-module list, as found inside an Auth-Type foo {}
740 static int load_subcomponent_section(modcallable *parent, CONF_SECTION *cs,
741 rbtree_t *components, int attr, int comp)
743 indexed_modcallable *subcomp;
746 const char *name2 = cf_section_name2(cs);
748 rad_assert(comp >= RLM_COMPONENT_AUTH);
749 rad_assert(comp < RLM_COMPONENT_COUNT);
755 cf_log_err(cf_sectiontoitem(cs),
756 "No name specified for %s block",
757 section_type_value[comp].typename);
764 ml = compile_modgroup(parent, comp, cs);
770 * We must assign a numeric index to this subcomponent.
771 * It is generated and placed in the dictionary
772 * automatically. If it isn't found, it's a serious
775 dval = dict_valbyname(attr, 0, name2);
777 cf_log_err(cf_sectiontoitem(cs),
778 "%s %s Not previously configured",
779 section_type_value[comp].typename, name2);
780 modcallable_free(&ml);
784 subcomp = new_sublist(components, comp, dval->value);
786 modcallable_free(&ml);
790 subcomp->modulelist = ml;
794 static int define_type(const DICT_ATTR *dattr, const char *name)
800 * If the value already exists, don't
803 dval = dict_valbyname(dattr->attr, dattr->vendor, name);
807 * Create a new unique value with a
808 * meaningless number. You can't look at
809 * it from outside of this code, so it
810 * doesn't matter. The only requirement
811 * is that it's unique.
814 value = fr_rand() & 0x00ffffff;
815 } while (dict_valbyattr(dattr->attr, dattr->vendor, value));
817 if (dict_addvalue(name, dattr->name, value) < 0) {
818 radlog(L_ERR, "%s", fr_strerror());
825 static int load_component_section(CONF_SECTION *cs,
826 rbtree_t *components, int comp)
831 indexed_modcallable *subcomp;
833 const char *visiblename;
834 const DICT_ATTR *dattr;
837 * Find the attribute used to store VALUEs for this section.
839 dattr = dict_attrbyvalue(section_type_value[comp].attr, 0);
841 cf_log_err(cf_sectiontoitem(cs),
842 "No such attribute %s",
843 section_type_value[comp].typename);
848 * Loop over the entries in the named section, loading
849 * the sections this time.
851 for (modref = cf_item_find_next(cs, NULL);
853 modref = cf_item_find_next(cs, modref)) {
855 CONF_PAIR *cp = NULL;
856 CONF_SECTION *scs = NULL;
858 if (cf_item_is_section(modref)) {
859 scs = cf_itemtosection(modref);
861 name1 = cf_section_name1(scs);
864 section_type_value[comp].typename) == 0) {
865 if (!load_subcomponent_section(NULL, scs,
869 return -1; /* FIXME: memleak? */
876 } else if (cf_item_is_pair(modref)) {
877 cp = cf_itemtopair(modref);
880 continue; /* ignore it */
884 * Try to compile one entry.
886 this = compile_modsingle(NULL, comp, modref, &modname);
888 cf_log_err(cf_sectiontoitem(cs),
889 "Errors parsing %s section.\n",
890 cf_section_name1(cs));
895 * Look for Auth-Type foo {}, which are special
896 * cases of named sections, and allowable ONLY
899 * i.e. They're not allowed in a "group" or "redundant"
902 if (comp == RLM_COMPONENT_AUTH) {
904 const char *modrefname = NULL;
906 modrefname = cf_pair_attr(cp);
908 modrefname = cf_section_name2(scs);
910 modcallable_free(&this);
911 cf_log_err(cf_sectiontoitem(cs),
912 "Errors parsing %s sub-section.\n",
913 cf_section_name1(scs));
918 dval = dict_valbyname(PW_AUTH_TYPE, 0, modrefname);
921 * It's a section, but nothing we
924 modcallable_free(&this);
925 cf_log_err(cf_sectiontoitem(cs),
926 "Unknown Auth-Type \"%s\" in %s sub-section.",
927 modrefname, section_type_value[comp].section);
932 /* See the comment in new_sublist() for explanation
933 * of the special index 0 */
937 subcomp = new_sublist(components, comp, idx);
938 if (subcomp == NULL) {
939 modcallable_free(&this);
943 /* If subcomp->modulelist is NULL, add_to_modcallable will
945 visiblename = cf_section_name2(cs);
946 if (visiblename == NULL)
947 visiblename = cf_section_name1(cs);
948 add_to_modcallable(&subcomp->modulelist, this,
955 static int load_byserver(CONF_SECTION *cs)
958 const char *name = cf_section_name2(cs);
959 rbtree_t *components;
960 virtual_server_t *server = NULL;
961 indexed_modcallable *c;
964 cf_log_info(cs, "server %s {", name);
966 cf_log_info(cs, "server {");
969 cf_log_info(cs, " modules {");
971 components = rbtree_create(indexed_modcallable_cmp,
972 indexed_modcallable_free, 0);
974 radlog(L_ERR, "Failed to initialize components\n");
978 server = rad_malloc(sizeof(*server));
979 memset(server, 0, sizeof(*server));
982 server->created = time(NULL);
984 server->components = components;
987 * Define types first.
989 for (comp = 0; comp < RLM_COMPONENT_COUNT; ++comp) {
994 subcs = cf_section_sub_find(cs,
995 section_type_value[comp].section);
996 if (!subcs) continue;
998 if (cf_item_find_next(subcs, NULL) == NULL) continue;
1001 * Find the attribute used to store VALUEs for this section.
1003 dattr = dict_attrbyvalue(section_type_value[comp].attr, 0);
1005 cf_log_err(cf_sectiontoitem(subcs),
1006 "No such attribute %s",
1007 section_type_value[comp].typename);
1009 if (debug_flag == 0) {
1010 radlog(L_ERR, "Failed to load virtual server %s",
1011 (name != NULL) ? name : "<default>");
1013 virtual_server_free(server);
1018 * Define dynamic types, so that others can reference
1021 for (modref = cf_item_find_next(subcs, NULL);
1023 modref = cf_item_find_next(subcs, modref)) {
1025 CONF_SECTION *subsubcs;
1028 * Create types for simple references
1029 * only when parsing the authenticate
1032 if ((section_type_value[comp].attr == PW_AUTH_TYPE) &&
1033 cf_item_is_pair(modref)) {
1034 CONF_PAIR *cp = cf_itemtopair(modref);
1035 if (!define_type(dattr, cf_pair_attr(cp))) {
1042 if (!cf_item_is_section(modref)) continue;
1044 subsubcs = cf_itemtosection(modref);
1045 name1 = cf_section_name1(subsubcs);
1047 if (strcmp(name1, section_type_value[comp].typename) == 0) {
1048 if (!define_type(dattr,
1049 cf_section_name2(subsubcs))) {
1054 } /* loop over components */
1057 * Loop over all of the known components, finding their
1058 * configuration section, and loading it.
1061 for (comp = 0; comp < RLM_COMPONENT_COUNT; ++comp) {
1062 CONF_SECTION *subcs;
1064 subcs = cf_section_sub_find(cs,
1065 section_type_value[comp].section);
1066 if (!subcs) continue;
1068 if (cf_item_find_next(subcs, NULL) == NULL) continue;
1070 cf_log_module(cs, "Checking %s {...} for more modules to load",
1071 section_type_value[comp].section);
1075 * Skip pre/post-proxy sections if we're not
1078 if (!mainconfig.proxy_requests &&
1079 ((comp == PW_PRE_PROXY_TYPE) ||
1080 (comp == PW_PRE_PROXY_TYPE))) {
1085 if (load_component_section(subcs, components, comp) < 0) {
1090 * Cache a default, if it exists. Some people
1091 * put empty sections for some reason...
1093 c = lookup_by_index(components, comp, 0);
1094 if (c) server->mc[comp] = c->modulelist;
1096 server->subcs[comp] = subcs;
1099 } /* loop over components */
1102 * We haven't loaded any of the normal sections. Maybe we're
1103 * supposed to load the vmps section.
1105 * This is a bit of a hack...
1108 CONF_SECTION *subcs;
1110 subcs = cf_section_sub_find(cs, "vmps");
1112 cf_log_module(cs, "Checking vmps {...} for more modules to load");
1113 if (load_component_section(subcs, components,
1114 RLM_COMPONENT_POST_AUTH) < 0) {
1117 c = lookup_by_index(components,
1118 RLM_COMPONENT_POST_AUTH, 0);
1119 if (c) server->mc[RLM_COMPONENT_POST_AUTH] = c->modulelist;
1125 const DICT_ATTR *dattr;
1127 dattr = dict_attrbyname("DHCP-Message-Type");
1130 * Handle each DHCP Message type separately.
1132 if (dattr) for (subcs = cf_subsection_find_next(cs, NULL, "dhcp");
1134 subcs = cf_subsection_find_next(cs, subcs,
1136 const char *name2 = cf_section_name2(subcs);
1138 DEBUG2(" Module: Checking dhcp %s {...} for more modules to load", name2);
1139 if (!load_subcomponent_section(NULL, subcs,
1142 RLM_COMPONENT_POST_AUTH)) {
1143 goto error; /* FIXME: memleak? */
1145 c = lookup_by_index(components,
1146 RLM_COMPONENT_POST_AUTH, 0);
1147 if (c) server->mc[RLM_COMPONENT_POST_AUTH] = c->modulelist;
1154 cf_log_info(cs, " } # modules");
1155 cf_log_info(cs, "} # server");
1157 if (!flag && name) {
1158 DEBUG("WARNING: Server %s is empty, and will do nothing!",
1162 if (debug_flag == 0) {
1163 radlog(L_INFO, "Loaded virtual server %s",
1164 (name != NULL) ? name : "<default>");
1168 * Now that it is OK, insert it into the list.
1170 * This is thread-safe...
1172 comp = virtual_server_idx(name);
1173 server->next = virtual_servers[comp];
1174 virtual_servers[comp] = server;
1177 * Mark OLDER ones of the same name as being unused.
1179 server = server->next;
1181 if ((!name && !server->name) ||
1182 (name && server->name &&
1183 (strcmp(server->name, name) == 0))) {
1184 server->can_free = TRUE;
1187 server = server->next;
1195 * Load all of the virtual servers.
1197 int virtual_servers_load(CONF_SECTION *config)
1199 int null_server = FALSE;
1201 static int first_time = TRUE;
1203 DEBUG2("%s: #### Loading Virtual Servers ####", mainconfig.name);
1206 * Load all of the virtual servers.
1208 for (cs = cf_subsection_find_next(config, NULL, "server");
1210 cs = cf_subsection_find_next(config, cs, "server")) {
1211 if (!cf_section_name2(cs)) null_server = TRUE;
1213 if (load_byserver(cs) < 0) {
1215 * Once we successfully staryed once,
1216 * continue loading the OTHER servers,
1217 * even if one fails.
1219 if (!first_time) continue;
1225 * No empty server defined. Try to load an old-style
1226 * one for backwards compatibility.
1229 if (load_byserver(config) < 0) {
1235 * If we succeed the first time around, remember that.
1242 int module_hup_module(CONF_SECTION *cs, module_instance_t *node, time_t when)
1244 void *insthandle = NULL;
1245 fr_module_hup_t *mh;
1248 !node->entry->module->instantiate ||
1249 ((node->entry->module->type & RLM_TYPE_HUP_SAFE) == 0)) {
1253 cf_log_module(cs, "Trying to reload module \"%s\"", node->name);
1255 if ((node->entry->module->instantiate)(cs, &insthandle) < 0) {
1256 cf_log_err(cf_sectiontoitem(cs),
1257 "HUP failed for module \"%s\". Using old configuration.",
1262 radlog(L_INFO, " Module: Reloaded module \"%s\"", node->name);
1264 module_instance_free_old(cs, node, when);
1267 * Save the old instance handle for later deletion.
1269 mh = rad_malloc(sizeof(*mh));
1272 mh->insthandle = node->insthandle;
1273 mh->next = node->mh;
1276 node->insthandle = insthandle;
1279 * FIXME: Set a timeout to come back in 60s, so that
1280 * we can pro-actively clean up the old instances.
1287 int module_hup(CONF_SECTION *modules)
1292 module_instance_t *node;
1294 if (!modules) return 0;
1299 * Loop over the modules
1301 for (ci=cf_item_find_next(modules, NULL);
1303 ci=cf_item_find_next(modules, ci)) {
1304 const char *instname;
1305 module_instance_t myNode;
1308 * If it's not a section, ignore it.
1310 if (!cf_item_is_section(ci)) continue;
1312 cs = cf_itemtosection(ci);
1313 instname = cf_section_name2(cs);
1314 if (!instname) instname = cf_section_name1(cs);
1316 strlcpy(myNode.name, instname, sizeof(myNode.name));
1317 node = rbtree_finddata(instance_tree, &myNode);
1319 module_hup_module(cs, node, when);
1327 * Parse the module config sections, and load
1328 * and call each module's init() function.
1330 * Libtool makes your life a LOT easier, especially with libltdl.
1331 * see: http://www.gnu.org/software/libtool/
1333 int setup_modules(int reload, CONF_SECTION *config)
1335 CONF_SECTION *cs, *modules;
1336 rad_listen_t *listener;
1338 if (reload) return 0;
1341 * If necessary, initialize libltdl.
1345 * This line works around a completely
1347 * RIDICULOUS INSANE IDIOTIC
1349 * bug in libltdl on certain systems. The "set
1350 * preloaded symbols" macro below ends up
1351 * referencing this name, but it isn't defined
1352 * anywhere in the libltdl source. As a result,
1353 * any program STUPID enough to rely on libltdl
1354 * fails to link, because the symbol isn't
1357 * It's like libtool and libltdl are some kind
1360 #ifdef IE_LIBTOOL_DIE
1361 #define lt__PROGRAM__LTX_preloaded_symbols lt_libltdl_LTX_preloaded_symbols
1365 * Set the default list of preloaded symbols.
1366 * This is used to initialize libltdl's list of
1367 * preloaded modules.
1369 * i.e. Static modules.
1371 LTDL_SET_PRELOADED_SYMBOLS();
1373 if (lt_dlinit() != 0) {
1374 radlog(L_ERR, "Failed to initialize libraries: %s\n",
1380 * Set the search path to ONLY our library directory.
1381 * This prevents the modules from being found from
1382 * any location on the disk.
1384 lt_dlsetsearchpath(radlib_dir);
1387 * Set up the internal module struct.
1389 module_tree = rbtree_create(module_entry_cmp,
1390 module_entry_free, 0);
1392 radlog(L_ERR, "Failed to initialize modules\n");
1396 instance_tree = rbtree_create(module_instance_cmp,
1397 module_instance_free, 0);
1398 if (!instance_tree) {
1399 radlog(L_ERR, "Failed to initialize modules\n");
1404 memset(virtual_servers, 0, sizeof(virtual_servers));
1407 * Remember where the modules were stored.
1409 modules = cf_section_sub_find(config, "modules");
1411 radlog(L_ERR, "Cannot find a \"modules\" section in the configuration file!");
1415 DEBUG2("%s: #### Instantiating modules ####", mainconfig.name);
1418 * Look for the 'instantiate' section, which tells us
1419 * the instantiation order of the modules, and also allows
1420 * us to load modules with no authorize/authenticate/etc.
1423 cs = cf_section_sub_find(config, "instantiate");
1427 module_instance_t *module;
1430 cf_log_info(cs, " instantiate {");
1433 * Loop over the items in the 'instantiate' section.
1435 for (ci=cf_item_find_next(cs, NULL);
1437 ci=cf_item_find_next(cs, ci)) {
1440 * Skip sections and "other" stuff.
1441 * Sections will be handled later, if
1442 * they're referenced at all...
1444 if (!cf_item_is_pair(ci)) {
1448 cp = cf_itemtopair(ci);
1449 name = cf_pair_attr(cp);
1450 module = find_module_instance(modules, name, 1);
1454 } /* loop over items in the subsection */
1456 cf_log_info(cs, " }");
1457 } /* if there's an 'instantiate' section. */
1460 * Loop over the listeners, figuring out which sections
1463 for (listener = mainconfig.listen;
1465 listener = listener->next) {
1469 if (listener->type == RAD_LISTEN_PROXY) continue;
1472 cs = cf_section_sub_find_name2(config,
1473 "server", listener->server);
1474 if (!cs && (listener->server != NULL)) {
1475 listener->print(listener, buffer, sizeof(buffer));
1477 radlog(L_ERR, "No server has been defined for %s", buffer);
1482 if (virtual_servers_load(config) < 0) return -1;
1488 * Call all authorization modules until one returns
1489 * somethings else than RLM_MODULE_OK
1491 int module_authorize(int autz_type, REQUEST *request)
1493 return indexed_modcall(RLM_COMPONENT_AUTZ, autz_type, request);
1497 * Authenticate a user/password with various methods.
1499 int module_authenticate(int auth_type, REQUEST *request)
1501 return indexed_modcall(RLM_COMPONENT_AUTH, auth_type, request);
1504 #ifdef WITH_ACCOUNTING
1506 * Do pre-accounting for ALL configured sessions
1508 int module_preacct(REQUEST *request)
1510 return indexed_modcall(RLM_COMPONENT_PREACCT, 0, request);
1514 * Do accounting for ALL configured sessions
1516 int module_accounting(int acct_type, REQUEST *request)
1518 return indexed_modcall(RLM_COMPONENT_ACCT, acct_type, request);
1522 #ifdef WITH_SESSION_MGMT
1524 * See if a user is already logged in.
1526 * Returns: 0 == OK, 1 == double logins, 2 == multilink attempt
1528 int module_checksimul(int sess_type, REQUEST *request, int maxsimul)
1532 if(!request->username)
1535 request->simul_count = 0;
1536 request->simul_max = maxsimul;
1537 request->simul_mpp = 1;
1539 rcode = indexed_modcall(RLM_COMPONENT_SESS, sess_type, request);
1541 if (rcode != RLM_MODULE_OK) {
1542 /* FIXME: Good spot for a *rate-limited* warning to the log */
1546 return (request->simul_count < maxsimul) ? 0 : request->simul_mpp;
1552 * Do pre-proxying for ALL configured sessions
1554 int module_pre_proxy(int type, REQUEST *request)
1556 return indexed_modcall(RLM_COMPONENT_PRE_PROXY, type, request);
1560 * Do post-proxying for ALL configured sessions
1562 int module_post_proxy(int type, REQUEST *request)
1564 return indexed_modcall(RLM_COMPONENT_POST_PROXY, type, request);
1569 * Do post-authentication for ALL configured sessions
1571 int module_post_auth(int postauth_type, REQUEST *request)
1573 return indexed_modcall(RLM_COMPONENT_POST_AUTH, postauth_type, request);
1577 int module_recv_coa(int recv_coa_type, REQUEST *request)
1579 return indexed_modcall(RLM_COMPONENT_RECV_COA, recv_coa_type, request);
1582 int module_send_coa(int send_coa_type, REQUEST *request)
1584 return indexed_modcall(RLM_COMPONENT_SEND_COA, send_coa_type, request);