/*
* First, look for Exec-Program && Exec-Program-Wait.
*
* Then, call exec_dispatch.
*/
static int exec_accounting(void *instance, REQUEST *request)
{
int result;
int exec_wait = 0;
VALUE_PAIR *vp;
rlm_exec_t *inst = (rlm_exec_t *) instance;
/*
* The "bare" exec module takes care of handling
* Exec-Program and Exec-Program-Wait.
*/
if (!inst->bare) return exec_dispatch(instance, request);
vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0);
if (vp) {
exec_wait = 0;
} else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0)) != NULL) {
exec_wait = 1;
}
if (!vp) return RLM_MODULE_NOOP;
result = radius_exec_program(vp->vp_strvalue, request, exec_wait,
NULL, 0, request->packet->vps, NULL,
inst->shell_escape);
if (result != 0) {
return RLM_MODULE_REJECT;
}
return RLM_MODULE_OK;
}
/*
* First, look for Exec-Program && Exec-Program-Wait.
*
* Then, call exec_dispatch.
*/
static rlm_rcode_t mod_accounting(void *instance, REQUEST *request)
{
rlm_exec_t *inst = (rlm_exec_t *) instance;
int status;
char out[1024];
bool we_wait = false;
VALUE_PAIR *vp;
/*
* The "bare" exec module takes care of handling
* Exec-Program and Exec-Program-Wait.
*/
if (!inst->bare) {
return exec_dispatch(instance, request);
}
vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
if (vp) {
we_wait = true;
} else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
we_wait = false;
}
if (!vp) {
return RLM_MODULE_NOOP;
}
status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
out, sizeof(out), inst->timeout,
request->packet->vps, NULL);
return rlm_exec_status2rcode(request, out, strlen(out), status);
}
/*
* First, look for Exec-Program && Exec-Program-Wait.
*
* Then, call exec_dispatch.
*/
static int exec_postauth(void *instance, REQUEST *request)
{
int result;
int exec_wait = 0;
VALUE_PAIR *vp, *tmp;
rlm_exec_t *inst = (rlm_exec_t *) instance;
vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0);
if (vp) {
exec_wait = 0;
} else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0)) != NULL) {
exec_wait = 1;
}
if (!vp) {
if (!inst->program) return RLM_MODULE_NOOP;
return exec_dispatch(instance, request);
}
tmp = NULL;
result = radius_exec_program(vp->vp_strvalue, request, exec_wait,
NULL, 0, request->packet->vps, &tmp,
inst->shell_escape);
/*
* Always add the value-pairs to the reply.
*/
pairmove(&request->reply->vps, &tmp);
pairfree(&tmp);
if (result < 0) {
/*
* Error. radius_exec_program() returns -1 on
* fork/exec errors.
*/
tmp = pairmake("Reply-Message", "Access denied (external check failed)", T_OP_SET);
pairadd(&request->reply->vps, tmp);
RDEBUG2("Login incorrect (external check failed)");
request->reply->code = PW_AUTHENTICATION_REJECT;
return RLM_MODULE_REJECT;
}
if (result > 0) {
/*
* Reject. radius_exec_program() returns >0
* if the exec'ed program had a non-zero
* exit status.
*/
request->reply->code = PW_AUTHENTICATION_REJECT;
RDEBUG2("Login incorrect (external check said so)");
return RLM_MODULE_REJECT;
}
return RLM_MODULE_OK;
}
/*
* First, look for Exec-Program && Exec-Program-Wait.
*
* Then, call exec_dispatch.
*/
static rlm_rcode_t exec_postauth(void *instance, REQUEST *request)
{
int result;
int exec_wait = 0;
VALUE_PAIR *vp, *tmp;
rlm_exec_t *inst = (rlm_exec_t *) instance;
vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
if (vp) {
exec_wait = 0;
} else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
exec_wait = 1;
}
if (!vp) {
if (!inst->program) return RLM_MODULE_NOOP;
return exec_dispatch(instance, request);
}
tmp = NULL;
result = radius_exec_program(vp->vp_strvalue, request, exec_wait,
NULL, 0, request->packet->vps, &tmp,
inst->shell_escape);
/*
* Always add the value-pairs to the reply.
*/
pairmove(&request->reply->vps, &tmp);
pairfree(&tmp);
if (result < 0) {
RDEBUG2("%s", module_failure_msg(request, "rlm_exec (%s): "
"Login incorrect (external "
"check failed)",
inst->xlat_name));
request->reply->code = PW_AUTHENTICATION_REJECT;
return RLM_MODULE_REJECT;
}
if (result > 0) {
/*
* Reject. radius_exec_program() returns >0
* if the exec'ed program had a non-zero
* exit status.
*/
request->reply->code = PW_AUTHENTICATION_REJECT;
RDEBUG2("%s", module_failure_msg(request, "rlm_exec (%s): "
"Login incorrect (external "
"check said so)",
inst->xlat_name));
return RLM_MODULE_REJECT;
}
return RLM_MODULE_OK;
}
/*
* First, look for Exec-Program && Exec-Program-Wait.
*
* Then, call exec_dispatch.
*/
static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request)
{
rlm_exec_t *inst = (rlm_exec_t *) instance;
rlm_rcode_t rcode;
int status;
char out[1024];
bool we_wait = false;
VALUE_PAIR *vp, *tmp;
vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM, 0, TAG_ANY);
if (vp) {
we_wait = false;
} else if ((vp = pairfind(request->reply->vps, PW_EXEC_PROGRAM_WAIT, 0, TAG_ANY)) != NULL) {
we_wait = true;
}
if (!vp) {
if (!inst->program) {
return RLM_MODULE_NOOP;
}
rcode = exec_dispatch(instance, request);
goto finish;
}
tmp = NULL;
status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
out, sizeof(out), inst->timeout,
request->packet->vps, &tmp);
rcode = rlm_exec_status2rcode(request, out, strlen(out), status);
/*
* Always add the value-pairs to the reply.
*/
pairmove(request->reply, &request->reply->vps, &tmp);
pairfree(&tmp);
finish:
switch (rcode) {
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
request->reply->code = PW_CODE_AUTHENTICATION_REJECT;
break;
default:
break;
}
return rcode;
}
