typedef int (*packetmethod)(void *instance, REQUEST *request);
-#define RLM_COMPONENT_AUTH 0
-#define RLM_COMPONENT_AUTZ 1
-#define RLM_COMPONENT_PREACCT 2
-#define RLM_COMPONENT_ACCT 3
-#define RLM_COMPONENT_SESS 4
-#define RLM_COMPONENT_COUNT 5 /* How many components are there */
+enum {
+ RLM_COMPONENT_AUTH = 0,
+ RLM_COMPONENT_AUTZ, /* 1 */
+ RLM_COMPONENT_PREACCT, /* 2 */
+ RLM_COMPONENT_ACCT, /* 3 */
+ RLM_COMPONENT_SESS, /* 4 */
+ RLM_COMPONENT_PRE_PROXY, /* 5 */
+ RLM_COMPONENT_POST_PROXY, /* 6 */
+ RLM_COMPONENT_POST_AUTH, /* 7 */
+ RLM_COMPONENT_COUNT /* 8: How many components are there */
+};
#define RLM_TYPE_THREAD_SAFE (0 << 0)
#define RLM_TYPE_THREAD_UNSAFE (1 << 0)
int module_preacct(REQUEST *request);
int module_accounting(REQUEST *request);
int module_checksimul(REQUEST *request, int maxsimul);
+int module_pre_proxy(REQUEST *request);
+int module_post_proxy(REQUEST *request);
+int module_post_auth(REQUEST *request);
#endif /* RADIUS_MODULES_H */
"authorize",
"preacct",
"accounting",
- "session"
+ "session",
+ "pre-proxy",
+ "post-proxy",
+ "post-auth"
};
#if HAVE_PTHREAD_H
/* Choose a default return value appropriate for the component */
switch(component) {
- case RLM_COMPONENT_AUTZ: myresult = RLM_MODULE_NOTFOUND;break;
- case RLM_COMPONENT_AUTH: myresult = RLM_MODULE_REJECT; break;
- case RLM_COMPONENT_PREACCT: myresult = RLM_MODULE_NOOP; break;
- case RLM_COMPONENT_ACCT: myresult = RLM_MODULE_NOOP; break;
- case RLM_COMPONENT_SESS: myresult = RLM_MODULE_FAIL; break;
- default: myresult = RLM_MODULE_FAIL;
+ case RLM_COMPONENT_AUTZ:
+ myresult = RLM_MODULE_NOTFOUND;
+ break;
+ case RLM_COMPONENT_AUTH:
+ myresult = RLM_MODULE_REJECT;
+ break;
+ case RLM_COMPONENT_PREACCT:
+ myresult = RLM_MODULE_NOOP;
+ break;
+ case RLM_COMPONENT_ACCT:
+ myresult = RLM_MODULE_NOOP;
+ break;
+ case RLM_COMPONENT_SESS:
+ myresult = RLM_MODULE_FAIL;
+ break;
+ case RLM_COMPONENT_PRE_PROXY:
+ myresult = RLM_MODULE_NOOP;
+ break;
+ case RLM_COMPONENT_POST_PROXY:
+ myresult = RLM_MODULE_NOOP;
+ break;
+ case RLM_COMPONENT_POST_AUTH:
+ myresult = RLM_MODULE_NOOP;
+ break;
+ default:
+ myresult = RLM_MODULE_FAIL;
+ break;
}
if(c == NULL) {
MOD_ACTION_RETURN, /* noop */
MOD_ACTION_RETURN /* updated */
}
+ },
+ /* pre-proxy */
+ {
+ /* group */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ MOD_ACTION_RETURN, /* fail */
+ 3, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ 1, /* notfound */
+ 2, /* noop */
+ 4 /* updated */
+ },
+ /* redundant */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ 1, /* fail */
+ MOD_ACTION_RETURN, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ MOD_ACTION_RETURN, /* notfound */
+ MOD_ACTION_RETURN, /* noop */
+ MOD_ACTION_RETURN /* updated */
+ },
+ /* append */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ 1, /* fail */
+ MOD_ACTION_RETURN, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ 2, /* notfound */
+ MOD_ACTION_RETURN, /* noop */
+ MOD_ACTION_RETURN /* updated */
+ }
+ },
+ /* post-proxy */
+ {
+ /* group */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ MOD_ACTION_RETURN, /* fail */
+ 3, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ 1, /* notfound */
+ 2, /* noop */
+ 4 /* updated */
+ },
+ /* redundant */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ 1, /* fail */
+ MOD_ACTION_RETURN, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ MOD_ACTION_RETURN, /* notfound */
+ MOD_ACTION_RETURN, /* noop */
+ MOD_ACTION_RETURN /* updated */
+ },
+ /* append */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ 1, /* fail */
+ MOD_ACTION_RETURN, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ 2, /* notfound */
+ MOD_ACTION_RETURN, /* noop */
+ MOD_ACTION_RETURN /* updated */
+ }
+ },
+ /* post-auth */
+ {
+ /* group */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ MOD_ACTION_RETURN, /* fail */
+ 3, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ 1, /* notfound */
+ 2, /* noop */
+ 4 /* updated */
+ },
+ /* redundant */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ 1, /* fail */
+ MOD_ACTION_RETURN, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ MOD_ACTION_RETURN, /* notfound */
+ MOD_ACTION_RETURN, /* noop */
+ MOD_ACTION_RETURN /* updated */
+ },
+ /* append */
+ {
+ MOD_ACTION_RETURN, /* reject */
+ 1, /* fail */
+ MOD_ACTION_RETURN, /* ok */
+ MOD_ACTION_RETURN, /* handled */
+ MOD_ACTION_RETURN, /* invalid */
+ MOD_ACTION_RETURN, /* userlock */
+ 2, /* notfound */
+ MOD_ACTION_RETURN, /* noop */
+ MOD_ACTION_RETURN /* updated */
+ }
}
};
"authorize",
"preacct",
"accounting",
- "session"
+ "session",
+ "pre-proxy",
+ "post-proxy",
+ "post-auth"
};
static const char *subcomponent_names[RLM_COMPONENT_COUNT] =
"autztype",
"preacctype",
"acctype",
- "sesstype"
+ "sesstype",
+ "pre-proxytype",
+ "post-proxytype",
+ "post-authtype"
};
static void indexed_modcallable_free(indexed_modcallable **cf)
/*
* Link to the module by name: rlm_FOO-major.minor
*/
- if (strncmp(name1, "rlm_", 4))
+ if (strncmp(name1, "rlm_", 4)) {
+#if 0
snprintf(module_name, sizeof(module_name), "rlm_%s-%d.%d",
- name1, RADIUSD_MAJOR_VERSION, RADIUSD_MINOR_VERSION);
- else
+ name1, RADIUSD_MAJOR_VERSION, RADIUSD_MINOR_VERSION);
+#else
+ snprintf(module_name, sizeof(module_name), "rlm_%s",
+ name1);
+#endif
+ } else {
strNcpy(module_name, name1, sizeof(module_name));
+
+ }
+
/* XXX "radiusd.conf" is wrong here; must find cf filename */
- node->entry = linkto_module(module_name,
- "radiusd.conf", cf_section_lineno(inst_cs));
+ node->entry = linkto_module(module_name, "radiusd.conf",
+ cf_section_lineno(inst_cs));
if (!node->entry) {
free(node);
/* linkto_module logs any errors */
case RLM_COMPONENT_PREACCT: return RLM_MODULE_NOOP;
case RLM_COMPONENT_ACCT: return RLM_MODULE_NOOP;
case RLM_COMPONENT_SESS: return RLM_MODULE_FAIL;
+ case RLM_COMPONENT_PRE_PROXY: return RLM_MODULE_NOOP;
+ case RLM_COMPONENT_POST_PROXY: return RLM_MODULE_NOOP;
+ case RLM_COMPONENT_POST_AUTH: return RLM_MODULE_NOOP;
default: return RLM_MODULE_FAIL;
}
}
return (request->simul_count < maxsimul) ? 0 : request->simul_mpp;
}
+
+/*
+ * Do pre-proxying for ALL configured sessions
+ */
+int module_pre_proxy(REQUEST *request)
+{
+ return indexed_modcall(RLM_COMPONENT_PRE_PROXY, 0, request);
+}
+
+/*
+ * Do post-proxying for ALL configured sessions
+ */
+int module_post_proxy(REQUEST *request)
+{
+ return indexed_modcall(RLM_COMPONENT_POST_PROXY, 0, request);
+}
+
+/*
+ * Do post-authentication for ALL configured sessions
+ */
+int module_post_auth(REQUEST *request)
+{
+ return indexed_modcall(RLM_COMPONENT_POST_AUTH, 0, request);
+}
+