6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2002,2006 The FreeRADIUS server project
21 * Copyright 2002 Alan DeKok <aland@ox.org>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
33 * Define a structure for our module configuration.
35 * These variables do not need to be in a structure, but it's
36 * a lot cleaner to do so, and a pointer to the structure can
37 * be used as the instance handle.
39 typedef struct rlm_smb_t {
46 * A mapping of configuration file names to internal variables.
48 * Note that the string is dynamically allocated, so it MUST
49 * be freed. When the configuration file parse re-reads the string,
50 * it free's the old one, and strdup's the new one, placing the pointer
51 * to the strdup'd string into 'config.string'. This gets around
54 static const CONF_PARSER module_config[] = {
55 { "server", PW_TYPE_STRING_PTR, offsetof(rlm_smb_t,server), NULL, NULL},
56 { "backup", PW_TYPE_STRING_PTR, offsetof(rlm_smb_t,backup), NULL, NULL},
57 { "domain", PW_TYPE_STRING_PTR, offsetof(rlm_smb_t,domain), NULL, NULL},
59 { NULL, -1, 0, NULL, NULL } /* end the list */
63 * Do any per-module initialization that is separate to each
64 * configured instance of the module. e.g. set up connections
65 * to external databases, read configuration files, set up
66 * dictionary entries, etc.
68 * If configuration information is given in the config section
69 * that must be referenced in later calls, store a handle to it
70 * in *instance otherwise put a null pointer there.
72 static int smb_instantiate(CONF_SECTION *conf, void **instance)
77 * Set up a storage area for instance data
79 data = rad_malloc(sizeof(*data));
83 memset(data, 0, sizeof(*data));
86 * If the configuration parameters can't be parsed, then
89 if (cf_section_parse(conf, data, module_config) < 0) {
100 * Authenticate the user with the given password.
102 static int smb_authenticate(void *instance, REQUEST *request)
104 rlm_smb_t *data = (rlm_smb_t *) instance;
108 * We can only authenticate user requests which HAVE
109 * a User-Name attribute.
111 if (!request->username) {
112 radlog(L_AUTH, "rlm_smb: Attribute \"User-Name\" is required for authentication.");
113 return RLM_MODULE_INVALID;
117 * We can only authenticate user requests which HAVE
118 * a User-Password attribute.
120 if (!request->password) {
121 radlog(L_AUTH, "rlm_smb: Attribute \"User-Password\" is required for authentication.");
122 return RLM_MODULE_INVALID;
126 * Ensure that we're being passed a plain-text password,
127 * and not anything else.
129 if (request->password->attribute != PW_USER_PASSWORD) {
130 radlog(L_AUTH, "rlm_smb: Attribute \"User-Password\" is required for authentication. Cannot use \"%s\".", request->password->name);
131 return RLM_MODULE_INVALID;
135 * Call the SMB magic to do the work.
137 rcode = Valid_User(request->username->vp_strvalue,
138 request->password->vp_strvalue,
139 data->server, data->backup, data->domain);
142 case 0: /* success */
143 return RLM_MODULE_OK;
146 case 1: /* network failure */
147 case 2: /* protocol failure */
148 return RLM_MODULE_FAIL;
151 case 3: /* invalid user name or password */
152 return RLM_MODULE_REJECT;
156 * Something weird happened. Give up.
158 return RLM_MODULE_INVALID;
161 static int smb_detach(void *instance)
163 rlm_smb_t *data = (rlm_smb_t *) instance;
171 * The module name should be the only globally exported symbol.
172 * That is, everything else should be 'static'.
174 * If the module needs to temporarily modify it's instantiation
175 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
176 * The server will then take care of ensuring that the module
177 * is single-threaded.
182 RLM_TYPE_THREAD_UNSAFE, /* type */
183 smb_instantiate, /* instantiation */
184 smb_detach, /* detach */
186 smb_authenticate, /* authentication */
187 NULL, /* authorization */
188 NULL, /* preaccounting */
189 NULL, /* accounting */
190 NULL, /* checksimul */
191 NULL, /* pre-proxy */
192 NULL, /* post-proxy */