/*
* The Group = handler.
*/
-static int groupcmp(void *instance, UNUSED REQUEST *req, VALUE_PAIR *request,
+static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request,
VALUE_PAIR *check, VALUE_PAIR *check_pairs,
VALUE_PAIR **reply_pairs)
{
/*
* No user name, doesn't compare.
*/
- vp = pairfind(request, PW_STRIPPED_USER_NAME);
- if (!vp) {
- vp = pairfind(request, PW_USER_NAME);
- if (!vp) {
- return -1;
- }
+ if (!req->username) {
+ return -1;
}
- username = (char *)vp->vp_strvalue;
- pwd = getpwnam(username);
+ pwd = getpwnam(req->username->vp_strvalue);
if (pwd == NULL)
return -1;
- grp = getgrnam((char *)check->vp_strvalue);
+ grp = getgrnam(check->vp_strvalue);
if (grp == NULL)
return -1;
-
+
retval = (pwd->pw_gid == grp->gr_gid) ? 0 : -1;
if (retval < 0) {
for (member = grp->gr_mem; *member && retval; member++) {
* Users with a particular shell are denied access
*/
if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) {
- radlog(L_AUTH, "rlm_unix: [%s]: invalid shell", name);
+ radlog_request(L_AUTH, 0, request,
+ "rlm_unix: [%s]: invalid shell", name);
return RLM_MODULE_REJECT;
}
#endif
}
endusershell();
if (shell == NULL) {
- radlog(L_AUTH, "rlm_unix: [%s]: invalid shell [%s]",
+ radlog_request(L_AUTH, 0, request, "[%s]: invalid shell [%s]",
name, pwd->pw_shell);
return RLM_MODULE_REJECT;
}
*/
if (spwd && spwd->sp_expire > 0 &&
(request->timestamp / 86400) > spwd->sp_expire) {
- radlog(L_AUTH, "rlm_unix: [%s]: password has expired", name);
+ radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
return RLM_MODULE_REJECT;
}
#endif
*/
if ((pwd->pw_expire > 0) &&
(request->timestamp > pwd->pw_expire)) {
- radlog(L_AUTH, "rlm_unix: [%s]: password has expired", name);
+ radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
return RLM_MODULE_REJECT;
}
#endif
if (!request->password ||
(request->password->attribute != PW_USER_PASSWORD)) {
- radlog(L_AUTH, "rlm_unix: Attribute \"User-Password\" is required for authentication.");
+ radlog_request(L_AUTH, 0, request, "Attribute \"User-Password\" is required for authentication.");
return RLM_MODULE_INVALID;
}
/*
* 0 means "ok"
*/
- if (lrad_crypt_check((char *) request->password->vp_strvalue,
+ if (fr_crypt_check((char *) request->password->vp_strvalue,
(char *) vp->vp_strvalue) != 0) {
- radlog(L_AUTH, "rlm_unix: [%s]: invalid password",
- request->username->vp_strvalue);
+ radlog_request(L_AUTH, 0, request, "invalid password \"%s\"",
+ request->username->vp_strvalue);
return RLM_MODULE_REJECT;
}
#endif /* OSFFIA */
int status = -1;
int nas_address = 0;
int framed_address = 0;
+#ifdef USER_PROCESS
int protocol = -1;
+#endif
int nas_port = 0;
int port_seen = 0;
- int nas_port_type = 0;
struct unix_instance *inst = (struct unix_instance *) instance;
/*
* No radwtmp. Don't do anything.
*/
if (!inst->radwtmp) {
- DEBUG2("rlm_unix: No radwtmp file configured. Ignoring accounting request.");
+ RDEBUG2("No radwtmp file configured. Ignoring accounting request.");
return RLM_MODULE_NOOP;
}
if (request->packet->src_ipaddr.af != AF_INET) {
- DEBUG2("rlm_unix: IPv6 is not supported!");
+ RDEBUG2("IPv6 is not supported!");
return RLM_MODULE_NOOP;
}
/*
* Which type is this.
*/
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE))==NULL) {
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0))==NULL) {
radlog(L_ERR, "rlm_unix: no Accounting-Status-Type attribute in request.");
return RLM_MODULE_NOOP;
}
* We're only interested in accounting messages
* with a username in it.
*/
- if ((vp = pairfind(request->packet->vps, PW_USER_NAME)) == NULL)
+ if (pairfind(request->packet->vps, PW_USER_NAME, 0) == NULL)
return RLM_MODULE_NOOP;
t = request->timestamp;
case PW_FRAMED_IP_ADDRESS:
framed_address = vp->vp_ipaddr;
break;
+#ifdef USER_PROCESS
case PW_FRAMED_PROTOCOL:
protocol = vp->vp_integer;
break;
+#endif
case PW_NAS_IP_ADDRESS:
nas_address = vp->vp_ipaddr;
break;
case PW_ACCT_DELAY_TIME:
delay = vp->vp_ipaddr;
break;
- case PW_NAS_PORT_TYPE:
- nas_port_type = vp->vp_ipaddr;
- break;
}
}
if (strncmp(ut.ut_name, "!root", sizeof(ut.ut_name)) == 0 || !port_seen)
return RLM_MODULE_NOOP;
- s = "";
-
/*
* If we didn't find out the NAS address, use the
* originator's IP address.
*/
if (nas_address == 0) {
- RADCLIENT *cl;
nas_address = request->packet->src_ipaddr.ipaddr.ip4addr.s_addr;
-
- if ((cl = client_find_old(&request->packet->src_ipaddr)) != NULL)
- s = cl->shortname;
}
+ s = request->client->shortname;
if (!s || s[0] == 0) s = uue(&(nas_address));
#ifdef __linux__