#include <freeradius-devel/ident.h>
RCSID("$Id$")
-#include <freeradius-devel/autoconf.h>
+#include <freeradius-devel/radiusd.h>
-#include <stdlib.h>
-#include <string.h>
#include <grp.h>
#include <pwd.h>
-#include <sys/types.h>
#include <sys/stat.h>
#include "config.h"
# include <siad.h>
#endif
-#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/sysutmp.h>
/*
* The Group = handler.
*/
-static int groupcmp(void *instance, UNUSED REQUEST *req, VALUE_PAIR *request,
+static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request,
VALUE_PAIR *check, VALUE_PAIR *check_pairs,
VALUE_PAIR **reply_pairs)
{
/*
* No user name, doesn't compare.
*/
- vp = pairfind(request, PW_STRIPPED_USER_NAME);
- if (!vp) {
- vp = pairfind(request, PW_USER_NAME);
- if (!vp) {
- return -1;
- }
+ if (!req->username) {
+ return -1;
}
- username = (char *)vp->vp_strvalue;
- pwd = getpwnam(username);
+ pwd = getpwnam(req->username->vp_strvalue);
if (pwd == NULL)
return -1;
- grp = getgrnam((char *)check->vp_strvalue);
+ grp = getgrnam(check->vp_strvalue);
if (grp == NULL)
return -1;
-
+
retval = (pwd->pw_gid == grp->gr_gid) ? 0 : -1;
if (retval < 0) {
for (member = grp->gr_mem; *member && retval; member++) {
* Users with a particular shell are denied access
*/
if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) {
- radlog(L_AUTH, "rlm_unix: [%s]: invalid shell", name);
+ radlog_request(L_AUTH, 0, request,
+ "rlm_unix: [%s]: invalid shell", name);
return RLM_MODULE_REJECT;
}
#endif
}
endusershell();
if (shell == NULL) {
- radlog(L_AUTH, "rlm_unix: [%s]: invalid shell [%s]",
+ radlog_request(L_AUTH, 0, request, "[%s]: invalid shell [%s]",
name, pwd->pw_shell);
return RLM_MODULE_REJECT;
}
*/
if (spwd && spwd->sp_expire > 0 &&
(request->timestamp / 86400) > spwd->sp_expire) {
- radlog(L_AUTH, "rlm_unix: [%s]: password has expired", name);
+ radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
return RLM_MODULE_REJECT;
}
#endif
*/
if ((pwd->pw_expire > 0) &&
(request->timestamp > pwd->pw_expire)) {
- radlog(L_AUTH, "rlm_unix: [%s]: password has expired", name);
+ radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
return RLM_MODULE_REJECT;
}
#endif
if (!request->password ||
(request->password->attribute != PW_USER_PASSWORD)) {
- radlog(L_AUTH, "rlm_unix: Attribute \"User-Password\" is required for authentication.");
+ radlog_request(L_AUTH, 0, request, "Attribute \"User-Password\" is required for authentication.");
return RLM_MODULE_INVALID;
}
/*
* 0 means "ok"
*/
- if (lrad_crypt_check((char *) request->password->vp_strvalue,
+ if (fr_crypt_check((char *) request->password->vp_strvalue,
(char *) vp->vp_strvalue) != 0) {
- radlog(L_AUTH, "rlm_unix: [%s]: invalid password",
- request->username->vp_strvalue);
+ radlog_request(L_AUTH, 0, request, "invalid password \"%s\"",
+ request->username->vp_strvalue);
return RLM_MODULE_REJECT;
}
#endif /* OSFFIA */
int status = -1;
int nas_address = 0;
int framed_address = 0;
+#ifdef USER_PROCESS
int protocol = -1;
+#endif
int nas_port = 0;
int port_seen = 0;
- int nas_port_type = 0;
struct unix_instance *inst = (struct unix_instance *) instance;
/*
* No radwtmp. Don't do anything.
*/
if (!inst->radwtmp) {
- DEBUG2("rlm_unix: No radwtmp file configured. Ignoring accounting request.");
+ RDEBUG2("No radwtmp file configured. Ignoring accounting request.");
return RLM_MODULE_NOOP;
}
if (request->packet->src_ipaddr.af != AF_INET) {
- DEBUG2("rlm_unix: IPv6 is not supported!");
+ RDEBUG2("IPv6 is not supported!");
return RLM_MODULE_NOOP;
}
/*
* Which type is this.
*/
- if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE))==NULL) {
+ if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0))==NULL) {
radlog(L_ERR, "rlm_unix: no Accounting-Status-Type attribute in request.");
return RLM_MODULE_NOOP;
}
- status = vp->lvalue;
+ status = vp->vp_integer;
/*
* FIXME: handle PW_STATUS_ALIVE like 1.5.4.3 did.
* We're only interested in accounting messages
* with a username in it.
*/
- if ((vp = pairfind(request->packet->vps, PW_USER_NAME)) == NULL)
+ if (pairfind(request->packet->vps, PW_USER_NAME, 0) == NULL)
return RLM_MODULE_NOOP;
t = request->timestamp;
break;
case PW_LOGIN_IP_HOST:
case PW_FRAMED_IP_ADDRESS:
- framed_address = vp->lvalue;
+ framed_address = vp->vp_ipaddr;
break;
+#ifdef USER_PROCESS
case PW_FRAMED_PROTOCOL:
- protocol = vp->lvalue;
+ protocol = vp->vp_integer;
break;
+#endif
case PW_NAS_IP_ADDRESS:
- nas_address = vp->lvalue;
+ nas_address = vp->vp_ipaddr;
break;
case PW_NAS_PORT:
- nas_port = vp->lvalue;
+ nas_port = vp->vp_integer;
port_seen = 1;
break;
case PW_ACCT_DELAY_TIME:
- delay = vp->lvalue;
- break;
- case PW_NAS_PORT_TYPE:
- nas_port_type = vp->lvalue;
+ delay = vp->vp_ipaddr;
break;
}
}
if (strncmp(ut.ut_name, "!root", sizeof(ut.ut_name)) == 0 || !port_seen)
return RLM_MODULE_NOOP;
- s = "";
-
/*
* If we didn't find out the NAS address, use the
* originator's IP address.
*/
if (nas_address == 0) {
- RADCLIENT *cl;
nas_address = request->packet->src_ipaddr.ipaddr.ip4addr.s_addr;
-
- if ((cl = client_find_old(&request->packet->src_ipaddr)) != NULL)
- s = cl->shortname;
}
+ s = request->client->shortname;
if (!s || s[0] == 0) s = uue(&(nas_address));
-
+
#ifdef __linux__
/*
* Linux has a field for the client address.
* We use the tty field to store the terminal servers' port
* and address so that the tty field is unique.
*/
- sprintf(buf, "%03d:%s", nas_port, s);
+ snprintf(buf, sizeof(buf), "%03d:%s", nas_port, s);
strlcpy(ut.ut_line, buf, sizeof(ut.ut_line));
/*
module_t rlm_unix = {
RLM_MODULE_INIT,
"System",
- RLM_TYPE_THREAD_UNSAFE, /* type */
+ RLM_TYPE_THREAD_UNSAFE | RLM_TYPE_CHECK_CONFIG_SAFE,
unix_instantiate, /* instantiation */
unix_detach, /* detach */
{
projects / freeradius.git / blobdiff