#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/rad_assert.h>
-#include <ltdl.h>
#include <sys/stat.h>
offsetof(SQL_CONFIG,sql_password), NULL, ""},
{"radius_db", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,sql_db), NULL, "radius"},
+ {"filename", PW_TYPE_FILENAME, /* for sqlite */
+ offsetof(SQL_CONFIG,sql_file), NULL, NULL},
{"read_groups", PW_TYPE_BOOLEAN,
offsetof(SQL_CONFIG,read_groups), NULL, "yes"},
{"sqltrace", PW_TYPE_BOOLEAN,
offsetof(SQL_CONFIG,authorize_group_check_query), NULL, ""},
{"authorize_group_reply_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,authorize_group_reply_query), NULL, ""},
+#ifdef WITH_ACCOUNTING
{"accounting_onoff_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,accounting_onoff_query), NULL, ""},
{"accounting_update_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,accounting_stop_query), NULL, ""},
{"accounting_stop_query_alt", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,accounting_stop_query_alt), NULL, ""},
+#endif
{"group_membership_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,groupmemb_query), NULL, NULL},
{"connect_failure_retry_delay", PW_TYPE_INTEGER,
offsetof(SQL_CONFIG,connect_failure_retry_delay), NULL, "60"},
+#ifdef WITH_SESSION_MGMT
{"simul_count_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,simul_count_query), NULL, ""},
{"simul_verify_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,simul_verify_query), NULL, ""},
+#endif
{"postauth_query", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,postauth_query), NULL, ""},
{"safe-characters", PW_TYPE_STRING_PTR,
offsetof(SQL_CONFIG,allowed_chars), NULL,
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"},
+ /*
+ * This only works for a few drivers.
+ */
+ {"query_timeout", PW_TYPE_INTEGER,
+ offsetof(SQL_CONFIG,query_timeout), NULL, NULL},
+
{NULL, -1, 0, NULL, NULL}
};
static int fallthrough(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
- tmp = pairfind(vp, PW_FALL_THROUGH);
+ tmp = pairfind(vp, PW_FALL_THROUGH, 0);
return tmp ? tmp->vp_integer : 0;
}
c->nastype = strdup(row[3]);
numf = (inst->module->sql_num_fields)(sqlsocket, inst->config);
- if ((numf > 5) && (row[5] != NULL)) c->server = strdup(row[5]);
+ if ((numf > 5) && (row[5] != NULL) && *row[5]) c->server = strdup(row[5]);
DEBUG("rlm_sql (%s): Adding client %s (%s, server=%s) to clients list",
inst->config->xlat_name,
c->longname,c->shortname, c->server ? c->server : "<none>");
if (!client_add(NULL, c)) {
+ sql_release_socket(inst, sqlsocket);
DEBUG("rlm_sql (%s): Failed to add client %s (%s) to clients list. Maybe there's a duplicate?",
inst->config->xlat_name,
c->longname,c->shortname);
sqlusername[0]= '\0';
/* Remove any user attr we added previously */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
if (username != NULL) {
strlcpy(tmpuser, username, sizeof(tmpuser));
sqlsocket = sql_get_socket(inst);
if (sqlsocket == NULL) {
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return 1;
}
radlog_request(L_ERR, 0, request,
"Error getting group membership");
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst, sqlsocket);
return 1;
}
/* Free the grouplist */
sql_grouplist_free(&group_list);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst, sqlsocket);
return 0;
}
/* Free the grouplist */
sql_grouplist_free(&group_list);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst,sqlsocket);
RDEBUG("sql_groupcmp finished: User is NOT a member of group %s",
radlog_request(L_ERR, 0, request,
"Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
return -1;
}
rows = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr);
radlog_request(L_ERR, 0, request, "Error retrieving check pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
return -1;
} else if (rows > 0) {
if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
return -1;
}
radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
return -1;
if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
return -1;
}
radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
group_list_tmp->groupname);
/* Remove the grouup we added above */
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
return -1;
* Delete the Sql-Group we added above
* And clear out the pairlists
*/
- pairdelete(&request->packet->vps, PW_SQL_GROUP);
+ pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
}
free(*p);
*p = NULL;
}
- allowed_chars = NULL;
+ /*
+ * Catch multiple instances of the module.
+ */
+ if (allowed_chars == inst->config->allowed_chars) {
+ allowed_chars = NULL;
+ }
free(inst->config);
inst->config = NULL;
}
}
xlat_name = cf_section_name2(conf);
- if (xlat_name == NULL)
+ if (xlat_name == NULL) {
xlat_name = cf_section_name1(conf);
+ } else {
+ char *group_name;
+ DICT_ATTR *dattr;
+ ATTR_FLAGS flags;
+
+ /*
+ * Allocate room for <instance>-SQL-Group
+ */
+ group_name = rad_malloc((strlen(xlat_name) + 1 + 11) * sizeof(char));
+ sprintf(group_name,"%s-SQL-Group",xlat_name);
+ DEBUG("rlm_sql Creating new attribute %s",group_name);
+
+ memset(&flags, 0, sizeof(flags));
+ dict_addattr(group_name, 0, PW_TYPE_STRING, -1, flags);
+ dattr = dict_attrbyname(group_name);
+ if (dattr == NULL){
+ radlog(L_ERR, "rlm_ldap: Failed to create attribute %s",group_name);
+ free(group_name);
+ free(inst); /* FIXME: detach */
+ return -1;
+ }
+
+ if (inst->config->groupmemb_query &&
+ inst->config->groupmemb_query[0]) {
+ DEBUG("rlm_sql: Registering sql_groupcmp for %s",group_name);
+ paircompare_register(dattr->attr, PW_USER_NAME, sql_groupcmp, inst);
+ }
+
+ free(group_name);
+ }
if (xlat_name){
inst->config->xlat_name = strdup(xlat_name);
xlat_register(xlat_name, (RAD_XLAT_FUNC)sql_xlat, inst);
return -1;
}
- paircompare_register(PW_SQL_GROUP, PW_USER_NAME, sql_groupcmp, inst);
+ if (inst->config->groupmemb_query &&
+ inst->config->groupmemb_query[0]) {
+ paircompare_register(PW_SQL_GROUP, PW_USER_NAME, sql_groupcmp, inst);
+ }
if (inst->config->do_clients){
if (generate_sql_clients(inst) == -1){
sqlsocket = sql_get_socket(inst);
if (sqlsocket == NULL) {
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
}
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
}
rows = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr);
radlog_request(L_ERR, 0, request, "SQL query error; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
pairfree(&check_tmp);
return RLM_MODULE_FAIL;
} else if (rows > 0) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
pairfree(&check_tmp);
return RLM_MODULE_FAIL;
}
radlog_request(L_ERR, 0, request, "SQL query error; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
pairfree(&check_tmp);
pairfree(&reply_tmp);
return RLM_MODULE_FAIL;
radlog_request(L_ERR, 0, request, "Error processing groups; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
} else if (rows > 0) {
found = 1;
/*
* Check for a default_profile or for a User-Profile.
*/
- user_profile = pairfind(request->config_items, PW_USER_PROFILE);
+ user_profile = pairfind(request->config_items, PW_USER_PROFILE, 0);
if (inst->config->default_profile[0] != 0 || user_profile != NULL){
char *profile = inst->config->default_profile;
radlog_request(L_ERR, 0, request, "Error setting profile; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
} else {
profile_found = 1;
radlog_request(L_ERR, 0, request, "Error processing profile groups; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
return RLM_MODULE_FAIL;
} else if (rows > 0) {
found = 1;
}
/* Remove the username we (maybe) added above */
- pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
+ pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0);
sql_release_socket(inst, sqlsocket);
if (!found) {
}
}
+#ifdef WITH_ACCOUNTING
/*
* Accounting: save the account data to our sql table
*/
/*
* Find the Acct Status Type
*/
- if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE)) != NULL) {
+ if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) {
acctstatustype = pair->vp_integer;
} else {
radius_xlat(logstr, sizeof(logstr), "packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL);
* This is to fix CISCO's aaa from filling our
* table with bogus crap
*/
- if ((pair = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME)) != NULL)
+ if ((pair = pairfind(request->packet->vps, PW_ACCT_SESSION_TIME, 0)) != NULL)
acctsessiontime = pair->vp_integer;
if (acctsessiontime <= 0) {
radius_xlat(logstr, sizeof(logstr), "stop packet with zero session length. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL);
- radlog_request(L_ERR, 0, request, "%s", logstr);
+ radlog_request(L_DBG, 0, request, "%s", logstr);
sql_release_socket(inst, sqlsocket);
- ret = RLM_MODULE_NOOP;
+ return RLM_MODULE_NOOP;
}
#endif
return ret;
}
+#endif
+#ifdef WITH_SESSION_MGMT
/*
* See if a user is already logged in. Sets request->simul_count to the
* current session count for this user.
*/
request->simul_count = 0;
- if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0)) != NULL)
ipno = vp->vp_ipaddr;
- if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID)) != NULL)
+ if ((vp = pairfind(request->packet->vps, PW_CALLING_STATION_ID, 0)) != NULL)
call_num = vp->vp_strvalue;
*/
return RLM_MODULE_OK;
}
+#endif
/*
* Execute postauth_query after authentication
NULL, /* authentication */
rlm_sql_authorize, /* authorization */
NULL, /* preaccounting */
+#ifdef WITH_ACCOUNTING
rlm_sql_accounting, /* accounting */
+#else
+ NULL,
+#endif
+#ifdef WITH_SESSION_MGMT
rlm_sql_checksimul, /* checksimul */
+#else
+ NULL,
+#endif
NULL, /* pre-proxy */
NULL, /* post-proxy */
rlm_sql_postauth /* post-auth */