Add support for post-auth query in rlm_sql

Patch from Nicolas Baradakis <nbk@sitadelle.com>

diff --git a/doc/ChangeLog b/doc/ChangeLog
index b0de091..a380b1f 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -4,8 +4,10 @@ FreeRADIUS 1.0.0 ; Date: $Date$, urgency=low
        * Fix segfault due to poorly initialised value in rlm_mschap
        * Added support for rejected packets to run an Post-Auth-Type REJECT
          stanza instead of skipping post-auth entirely.
+       * Added support for %{*:Packet-Type} translation. (Not for %{check:})
        * Added support for %{check:Attribute-Name} to go with
          %{request:Attribute-Name} and the like.
+       * Add support to rlm_sql for post-authentication query execution.
 
 FreeRADIUS 0.9.1 ; Date: 2003/09/04 14:56:34, urgency=low
 

diff --git a/raddb/sql.conf b/raddb/sql.conf
index 613057d..55c07e8 100644 (file)
--- a/raddb/sql.conf
+++ b/raddb/sql.conf
@@ -32,7 +32,10 @@ sql {
        # and stop table in acct_table2
        acct_table1 = "radacct"
        acct_table2 = "radacct"
-               
+
+       # Allow for storing data after authentication
+       postauth_table = "radpostauth"
+
        authcheck_table = "radcheck"
        authreply_table = "radreply"
        
@@ -179,4 +182,13 @@ sql {
        #######################################################################
 
        group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
+
+       #######################################################################
+       # Authentication Logging Queries
+       #######################################################################
+       # postauth_query                - Insert some info after authentication
+       #######################################################################
+
+       postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password}', '%{reply:Packet-Type}', NOW())"
+
 }

diff --git a/src/modules/rlm_sql/conf.h b/src/modules/rlm_sql/conf.h
index 0640d2b..a9cbc51 100644 (file)
--- a/src/modules/rlm_sql/conf.h
+++ b/src/modules/rlm_sql/conf.h
@@ -46,6 +46,8 @@ typedef struct sql_config {
        int     num_sql_socks;
        int     connect_failure_retry_delay;
        int     query_on_not_found;
+       char   *sql_postauth_table;
+       char   *postauth_query;
 
        /* individual driver config */
        void    *localcfg;

diff --git a/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql b/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
index 4a34f8c..68b8bd1 100644 (file)
--- a/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
+++ b/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
@@ -117,6 +117,19 @@ CREATE TABLE usergroup (
   KEY UserName (UserName(32))
 ) ;
 
+#
+# Table structure for table 'radpostauth'
+#
+
+CREATE TABLE radpostauth (
+  id int(11) NOT NULL auto_increment,
+  user varchar(64) NOT NULL default '',
+  pass varchar(64) NOT NULL default '',
+  reply varchar(32) NOT NULL default '',
+  date timestamp(14) NOT NULL,
+  PRIMARY KEY  (id)
+) ;
+
 ######################################################################
 #
 #  The next two tables are commented out because they are not

diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c
index e16c685..dc4c2ac 100644 (file)
--- a/src/modules/rlm_sql/rlm_sql.c
+++ b/src/modules/rlm_sql/rlm_sql.c
@@ -121,6 +121,10 @@ static CONF_PARSER module_config[] = {
         offsetof(SQL_CONFIG,simul_count_query), NULL, ""},
        {"simul_verify_query", PW_TYPE_STRING_PTR,
         offsetof(SQL_CONFIG,simul_verify_query), NULL, ""},
+       {"postauth_table", PW_TYPE_STRING_PTR,
+        offsetof(SQL_CONFIG,sql_postauth_table), NULL, "radpostauth"},
+       {"postauth_query", PW_TYPE_STRING_PTR,
+        offsetof(SQL_CONFIG,postauth_query), NULL, ""},
 
        {NULL, -1, 0, NULL, NULL}
 };
@@ -1072,6 +1076,47 @@ static int rlm_sql_checksimul(void *instance, REQUEST * request) {
 
 }
 
+/*
+ *     Execute postauth_query after authentication
+ */
+static int rlm_sql_postauth(void *instance, REQUEST *request) {
+       SQLSOCK         *sqlsocket = NULL;
+       SQL_INST        *inst = instance;
+       char            querystr[MAX_QUERY_LEN];
+
+       DEBUG("rlm_sql (%s): Processing sql_postauth", inst->config->xlat_name);
+
+       /* If postauth_query is not defined, we stop here */
+       if (inst->config->postauth_query[0] == '\0')
+               return RLM_MODULE_NOOP;
+
+       /* Expand variables in the query */
+       memset(querystr, 0, MAX_QUERY_LEN);
+       radius_xlat(querystr, sizeof(querystr), inst->config->postauth_query,
+                   request, sql_escape_func);
+       query_log(request, inst, querystr);
+       DEBUG2("rlm_sql (%s) in sql_postauth: query is %s",
+              inst->config->xlat_name, querystr);
+
+       /* Initialize the sql socket */
+       sqlsocket = sql_get_socket(inst);
+       if (sqlsocket == NULL)
+               return RLM_MODULE_FAIL;
+
+       /* Process the query */
+       if (rlm_sql_query(sqlsocket, inst, querystr)) {
+               radlog(L_ERR, "rlm_sql (%s) in sql_postauth: Database query error - %s",
+                      inst->config->xlat_name,
+                      (char *)(inst->module->sql_error)(sqlsocket, inst->config));
+               sql_release_socket(inst, sqlsocket);
+               return RLM_MODULE_FAIL;
+       }
+       (inst->module->sql_finish_query)(sqlsocket, inst->config);
+
+       sql_release_socket(inst, sqlsocket);
+       return RLM_MODULE_OK;
+}
+
 /* globally exported name */
 module_t rlm_sql = {
        "SQL",
@@ -1086,7 +1131,7 @@ module_t rlm_sql = {
                rlm_sql_checksimul,     /* checksimul */
                NULL,                   /* pre-proxy */
                NULL,                   /* post-proxy */
-               NULL                    /* post-auth */
+               rlm_sql_postauth        /* post-auth */
        },
        rlm_sql_detach,         /* detach */
        rlm_sql_destroy,        /* destroy */