/*
* Parse a configuration section, and populate a HV.
* This function is recursively called (allows to have nested hashes.)
*/
static void perl_parse_config(CONF_SECTION *cs, int lvl, HV *rad_hv)
{
if (!cs || !rad_hv) return;
int indent_section = (lvl + 1) * 4;
int indent_item = (lvl + 2) * 4;
DEBUG("%*s%s {", indent_section, " ", cf_section_name1(cs));
CONF_ITEM *ci = NULL;
while ((ci = cf_item_next(cs, ci))) {
/*
* This is a section.
* Create a new HV, store it as a reference in current HV,
* Then recursively call perl_parse_config with this section and the new HV.
*/
if (cf_item_is_section(ci)) {
CONF_SECTION *sub_cs = cf_item_to_section(ci);
char const *key = cf_section_name1(sub_cs); /* hash key */
HV *sub_hv;
SV *ref;
if (!key) continue;
if (hv_exists(rad_hv, key, strlen(key))) {
WARN("Ignoring duplicate config section '%s'", key);
continue;
}
sub_hv = newHV();
ref = newRV_inc((SV*) sub_hv);
(void)hv_store(rad_hv, key, strlen(key), ref, 0);
perl_parse_config(sub_cs, lvl + 1, sub_hv);
} else if (cf_item_is_pair(ci)){
CONF_PAIR *cp = cf_item_to_pair(ci);
char const *key = cf_pair_attr(cp); /* hash key */
char const *value = cf_pair_value(cp); /* hash value */
if (!key || !value) continue;
/*
* This is an item.
* Store item attr / value in current HV.
*/
if (hv_exists(rad_hv, key, strlen(key))) {
WARN("Ignoring duplicate config item '%s'", key);
continue;
}
(void)hv_store(rad_hv, key, strlen(key), newSVpvn(value, strlen(value)), 0);
DEBUG("%*s%s = %s", indent_item, " ", key, value);
}
}
DEBUG("%*s}", indent_section, " ");
}
/** Iterate over all client attribute pairs and create client pair data using JSON element names
*
* If we hit a CONF_SECTION we recurse and process its CONF_PAIRS as well to support nested
* configurations sections.
*
* @param client The new client config section using the mapped names.
* @param map The client attribute section from the module configuration.
* @param json JSON object representation of a client document fetched from Couchbase.
* @param docid Document id.
* @return Returns 0 on success, -1 on error.
*/
int _mod_client_map_section(CONF_SECTION *client, CONF_SECTION const *map,
json_object *json, char const *docid)
{
CONF_ITEM const *ci;
for (ci = cf_item_find_next(map, NULL); ci != NULL; ci = cf_item_find_next(map, ci)) {
CONF_PAIR const *cp;
char const *attribute;
char const *element;
json_object *jval;
/*
* Recursively process map subsection
*/
if (cf_item_is_section(ci)) {
CONF_SECTION *cs, *cc; /* local scoped for new section */
cs = cf_itemtosection(ci);
cc = cf_section_alloc(client, cf_section_name1(cs), cf_section_name2(cs));
if (!cc) return -1;
cf_section_add(client, cc);
if (_mod_client_map_section(cc, cs, json, docid) != 0) {
return -1;
}
/* continue on to the next item */
continue;
}
/* create pair from item and get attribute name and value */
cp = cf_itemtopair(ci);
attribute = cf_pair_attr(cp);
element = cf_pair_value(cp);
/* attempt to find element in json object */
if (!json_object_object_get_ex(json, element, &jval)) {
/* skip this item */
continue;
}
/* allocate config pair */
cp = cf_pair_alloc(client, attribute, json_object_get_string(jval), T_OP_SET, T_SINGLE_QUOTED_STRING);
/* check pair */
if (!cp) {
ERROR("rlm_couchbase: failed allocating config pair '%s' = '%s'", attribute, json_object_get_string(jval));
return -1;
}
/* add pair to section */
cf_item_add(client, cf_pairtoitem(cp));
}
/* return success */
return 0;
}
/** Iterate over pairs in mapping section creating equivalent client pairs from LDAP values
*
* If we hit a CONF_SECTION we recurse and process its CONF_PAIRS too.
*
* @param[in] inst rlm_ldap configuration.
* @param[out] client config section.
* @param[in] map section.
* @param[in] conn LDAP connection.
* @param[in] entry returned from search.
* @return 0 on success else -1 on error.
*/
static int rlm_ldap_client_map_section(ldap_instance_t const *inst, CONF_SECTION *client,
CONF_SECTION const *map, ldap_handle_t *conn,
LDAPMessage *entry)
{
CONF_ITEM const *ci;
for (ci = cf_item_find_next(map, NULL);
ci != NULL;
ci = cf_item_find_next(map, ci)) {
CONF_PAIR const *cp;
char **value;
char const *attr;
/*
* Recursively process map subsection
*/
if (cf_item_is_section(ci)) {
CONF_SECTION *cs, *cc;
cs = cf_itemtosection(ci);
cc = cf_section_alloc(client, cf_section_name1(cs), cf_section_name2(cs));
if (!cc) return -1;
cf_section_add(client, cc);
if (rlm_ldap_client_map_section(inst, cc, cs, conn, entry) < 0) return -1;
continue;
}
cp = cf_itemtopair(ci);
attr = cf_pair_attr(cp);
value = ldap_get_values(conn->handle, entry, cf_pair_value(cp));
if (!value) continue;
cp = cf_pair_alloc(client, attr, value[0], T_OP_SET, T_SINGLE_QUOTED_STRING);
if (!cp) {
LDAP_ERR("Failed allocing pair \"%s\" = \"%s\"", attr, value[0]);
return -1;
}
cf_item_add(client, cf_pairtoitem(cp));
}
return 0;
}
/** Iterate over pairs in mapping section recording their values in an array
*
* This array is the list of attributes we retrieve from LDAP, and is NULL
* terminated.
*
* If we hit a CONF_SECTION we recurse and process its CONF_PAIRS too.
*
* @param[out] values array of char pointers.
* @param[in,out] idx records current array offset.
* @param[in] cs to iterate over.
* @return 0 on success else -1 on error.
*/
static int rlm_ldap_client_get_attrs(char const **values, int *idx, CONF_SECTION const *cs)
{
CONF_ITEM const *ci;
for (ci = cf_item_find_next(cs, NULL);
ci != NULL;
ci = cf_item_find_next(cs, ci)) {
char const *value;
if (cf_item_is_section(ci)) {
if (rlm_ldap_client_get_attrs(values, idx, cf_itemtosection(ci)) < 0) return -1;
continue;
}
value = cf_pair_value(cf_itemtopair(ci));
if (!value) return -1;
values[(*idx)++] = value;
}
values[*idx] = NULL;
return 0;
}
/** Modify user's object in LDAP
*
* Process a modifcation map to update a user object in the LDAP directory.
*
* @param inst rlm_ldap instance.
* @param request Current request.
* @param section that holds the map to process.
* @return one of the RLM_MODULE_* values.
*/
static rlm_rcode_t user_modify(ldap_instance_t *inst, REQUEST *request, ldap_acct_section_t *section)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
ldap_rcode_t status;
ldap_handle_t *conn = NULL;
LDAPMod *mod_p[LDAP_MAX_ATTRMAP + 1], mod_s[LDAP_MAX_ATTRMAP];
LDAPMod **modify = mod_p;
char *passed[LDAP_MAX_ATTRMAP * 2];
int i, total = 0, last_pass = 0;
char *expanded[LDAP_MAX_ATTRMAP];
int last_exp = 0;
char const *attr;
char const *value;
char const *dn;
/*
* Build our set of modifications using the update sections in
* the config.
*/
CONF_ITEM *ci;
CONF_PAIR *cp;
CONF_SECTION *cs;
FR_TOKEN op;
char path[MAX_STRING_LEN];
char *p = path;
rad_assert(section);
/*
* Locate the update section were going to be using
*/
if (section->reference[0] != '.') {
*p++ = '.';
}
if (radius_xlat(p, (sizeof(path) - (p - path)) - 1, request, section->reference, NULL, NULL) < 0) {
goto error;
}
ci = cf_reference_item(NULL, section->cs, path);
if (!ci) {
goto error;
}
if (!cf_item_is_section(ci)){
REDEBUG("Reference must resolve to a section");
goto error;
}
cs = cf_section_sub_find(cf_itemtosection(ci), "update");
if (!cs) {
REDEBUG("Section must contain 'update' subsection");
goto error;
}
/*
* Iterate over all the pairs, building our mods array
*/
for (ci = cf_item_find_next(cs, NULL); ci != NULL; ci = cf_item_find_next(cs, ci)) {
bool do_xlat = false;
if (total == LDAP_MAX_ATTRMAP) {
REDEBUG("Modify map size exceeded");
goto error;
}
if (!cf_item_is_pair(ci)) {
REDEBUG("Entry is not in \"ldap-attribute = value\" format");
goto error;
}
/*
* Retrieve all the information we need about the pair
*/
cp = cf_itemtopair(ci);
value = cf_pair_value(cp);
attr = cf_pair_attr(cp);
op = cf_pair_operator(cp);
if (!value || (*value == '\0')) {
RDEBUG("Empty value string, skipping attribute \"%s\"", attr);
continue;
}
switch (cf_pair_value_type(cp)) {
case T_BARE_WORD:
case T_SINGLE_QUOTED_STRING:
break;
case T_BACK_QUOTED_STRING:
case T_DOUBLE_QUOTED_STRING:
do_xlat = true;
break;
default:
rad_assert(0);
goto error;
}
if (op == T_OP_CMP_FALSE) {
passed[last_pass] = NULL;
} else if (do_xlat) {
char *exp = NULL;
if (radius_axlat(&exp, request, value, NULL, NULL) <= 0) {
RDEBUG("Skipping attribute \"%s\"", attr);
talloc_free(exp);
continue;
}
expanded[last_exp++] = exp;
passed[last_pass] = exp;
/*
* Static strings
*/
} else {
memcpy(&(passed[last_pass]), &value, sizeof(passed[last_pass]));
}
passed[last_pass + 1] = NULL;
mod_s[total].mod_values = &(passed[last_pass]);
last_pass += 2;
switch (op) {
/*
* T_OP_EQ is *NOT* supported, it is impossible to
* support because of the lack of transactions in LDAP
*/
case T_OP_ADD:
mod_s[total].mod_op = LDAP_MOD_ADD;
break;
case T_OP_SET:
mod_s[total].mod_op = LDAP_MOD_REPLACE;
break;
case T_OP_SUB:
case T_OP_CMP_FALSE:
mod_s[total].mod_op = LDAP_MOD_DELETE;
break;
#ifdef LDAP_MOD_INCREMENT
case T_OP_INCRM:
mod_s[total].mod_op = LDAP_MOD_INCREMENT;
break;
#endif
default:
REDEBUG("Operator '%s' is not supported for LDAP modify operations",
fr_int2str(fr_tokens, op, "<INVALID>"));
goto error;
}
/*
* Now we know the value is ok, copy the pointers into
* the ldapmod struct.
*/
memcpy(&(mod_s[total].mod_type), &attr, sizeof(mod_s[total].mod_type));
mod_p[total] = &(mod_s[total]);
total++;
}
if (total == 0) {
rcode = RLM_MODULE_NOOP;
goto release;
}
mod_p[total] = NULL;
conn = mod_conn_get(inst, request);
if (!conn) return RLM_MODULE_FAIL;
dn = rlm_ldap_find_user(inst, request, &conn, NULL, false, NULL, &rcode);
if (!dn || (rcode != RLM_MODULE_OK)) {
goto error;
}
status = rlm_ldap_modify(inst, request, &conn, dn, modify);
switch (status) {
case LDAP_PROC_SUCCESS:
break;
case LDAP_PROC_REJECT:
case LDAP_PROC_BAD_DN:
rcode = RLM_MODULE_INVALID;
break;
default:
rcode = RLM_MODULE_FAIL;
break;
};
release:
error:
/*
* Free up any buffers we allocated for xlat expansion
*/
for (i = 0; i < last_exp; i++) {
talloc_free(expanded[i]);
}
mod_conn_release(inst, conn);
return rcode;
}
/*
* Generic function for failing between a bunch of queries.
*
* Uses the same principle as rlm_linelog, expanding the 'reference' config
* item using xlat to figure out what query it should execute.
*
* If the reference matches multiple config items, and a query fails or
* doesn't update any rows, the next matching config item is used.
*
*/
static int acct_redundant(rlm_sql_t *inst, REQUEST *request, sql_acct_section_t *section)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
rlm_sql_handle_t *handle = NULL;
int sql_ret;
int numaffected = 0;
CONF_ITEM *item;
CONF_PAIR *pair;
char const *attr = NULL;
char const *value;
char path[MAX_STRING_LEN];
char *p = path;
char *expanded = NULL;
rad_assert(section);
if (section->reference[0] != '.') {
*p++ = '.';
}
if (radius_xlat(p, sizeof(path) - (p - path), request, section->reference, NULL, NULL) < 0) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
item = cf_reference_item(NULL, section->cs, path);
if (!item) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
if (cf_item_is_section(item)){
REDEBUG("Sections are not supported as references");
rcode = RLM_MODULE_FAIL;
goto finish;
}
pair = cf_itemtopair(item);
attr = cf_pair_attr(pair);
RDEBUG2("Using query template '%s'", attr);
handle = sql_get_socket(inst);
if (!handle) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
sql_set_user(inst, request, NULL);
while (true) {
value = cf_pair_value(pair);
if (!value) {
RDEBUG("Ignoring null query");
rcode = RLM_MODULE_NOOP;
goto finish;
}
if (radius_axlat(&expanded, request, value, sql_escape_func, inst) < 0) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
if (!*expanded) {
RDEBUG("Ignoring null query");
rcode = RLM_MODULE_NOOP;
talloc_free(expanded);
goto finish;
}
rlm_sql_query_log(inst, request, section, expanded);
/*
* If rlm_sql_query cannot use the socket it'll try and
* reconnect. Reconnecting will automatically release
* the current socket, and try to select a new one.
*
* If we get RLM_SQL_RECONNECT it means all connections in the pool
* were exhausted, and we couldn't create a new connection,
* so we do not need to call sql_release_socket.
*/
sql_ret = rlm_sql_query(&handle, inst, expanded);
TALLOC_FREE(expanded);
if (sql_ret == RLM_SQL_RECONNECT) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
rad_assert(handle);
/*
* Assume all other errors are incidental, and just meant our
* operation failed and its not a client or SQL syntax error.
*
* @fixme We should actually be able to distinguish between key
* constraint violations (which we expect) and other errors.
*/
if (sql_ret == RLM_SQL_OK) {
numaffected = (inst->module->sql_affected_rows)(handle, inst->config);
if (numaffected > 0) {
break; /* A query succeeded, were done! */
}
RDEBUG("No records updated");
}
(inst->module->sql_finish_query)(handle, inst->config);
/*
* We assume all entries with the same name form a redundant
* set of queries.
*/
pair = cf_pair_find_next(section->cs, pair, attr);
if (!pair) {
RDEBUG("No additional queries configured");
rcode = RLM_MODULE_NOOP;
goto finish;
}
RDEBUG("Trying next query...");
}
(inst->module->sql_finish_query)(handle, inst->config);
finish:
talloc_free(expanded);
sql_release_socket(inst, handle);
return rcode;
}
static void load_component_section(CONF_SECTION *cs, int comp, const char *filename)
{
modcallable *this;
CONF_ITEM *modref;
int modreflineno;
int idx;
indexed_modcallable *subcomp;
const char *modname;
char *visiblename;
for (modref=cf_item_find_next(cs, NULL);
modref != NULL;
modref=cf_item_find_next(cs, modref)) {
if (cf_item_is_section(modref)) {
CONF_SECTION *scs;
scs = cf_itemtosection(modref);
if (strcmp(cf_section_name1(scs),
subcomponent_names[comp]) == 0) {
load_subcomponent_section(scs, comp, filename);
continue;
}
/*
* Allow old names, too.
*/
if (strcmp(cf_section_name1(scs),
old_subcomponent_names[comp]) == 0) {
load_subcomponent_section(scs, comp, filename);
continue;
}
modreflineno = cf_section_lineno(scs);
} else {
CONF_PAIR *cp;
cp = cf_itemtopair(modref);
modreflineno = cf_pair_lineno(cp);
}
this = compile_modsingle(comp, modref, filename, &modname);
if (comp == RLM_COMPONENT_AUTH) {
DICT_VALUE *dval;
dval = dict_valbyname(PW_AUTH_TYPE, modname);
rad_assert(dval != NULL);
idx = dval->value;
} else {
/* See the comment in new_sublist() for explanation
* of the special index 0 */
idx = 0;
}
subcomp = new_sublist(comp, idx);
if (subcomp == NULL) {
radlog(L_ERR|L_CONS,
"%s %s %s already configured - skipping",
filename, subcomponent_names[comp],
modname);
modcallable_free(&this);
continue;
}
/* If subcomp->modulelist is NULL, add_to_modcallable will
* create it */
visiblename = cf_section_name2(cs);
if (visiblename == NULL)
visiblename = cf_section_name1(cs);
add_to_modcallable(&subcomp->modulelist, this,
comp, visiblename);
}
}
/** Create a client CONF_SECTION using a mapping section to map values from a result set to client attributes
*
* If we hit a CONF_SECTION we recurse and process its CONF_PAIRS too.
*
* @note Caller should free CONF_SECTION passed in as out, on error.
* Contents of that section will be in an undefined state.
*
* @param[in,out] out Section to perform mapping on. Either the root of the client config, or a parent section
* (when this function is called recursively).
* Should be alloced with cf_section_alloc, or if there's a separate template section, the
* result of calling cf_section_dup on that section.
* @param[in] map section.
* @param[in] func to call to retrieve CONF_PAIR values. Must return a talloced buffer containing the value.
* @param[in] data to pass to func, usually a result pointer.
* @return 0 on success else -1 on error.
*/
int client_map_section(CONF_SECTION *out, CONF_SECTION const *map, client_value_cb_t func, void *data)
{
CONF_ITEM const *ci;
for (ci = cf_item_find_next(map, NULL);
ci != NULL;
ci = cf_item_find_next(map, ci)) {
CONF_PAIR const *cp;
CONF_PAIR *old;
char *value;
char const *attr;
/*
* Recursively process map subsection
*/
if (cf_item_is_section(ci)) {
CONF_SECTION *cs, *cc;
cs = cf_item_to_section(ci);
/*
* Use pre-existing section or alloc a new one
*/
cc = cf_section_sub_find_name2(out, cf_section_name1(cs), cf_section_name2(cs));
if (!cc) {
cc = cf_section_alloc(out, cf_section_name1(cs), cf_section_name2(cs));
cf_section_add(out, cc);
if (!cc) return -1;
}
if (client_map_section(cc, cs, func, data) < 0) return -1;
continue;
}
cp = cf_item_to_pair(ci);
attr = cf_pair_attr(cp);
/*
* The callback can return 0 (success) and not provide a value
* in which case we skip the mapping pair.
*
* Or return -1 in which case we error out.
*/
if (func(&value, cp, data) < 0) {
cf_log_err_cs(out, "Failed performing mapping \"%s\" = \"%s\"", attr, cf_pair_value(cp));
return -1;
}
if (!value) continue;
/*
* Replace an existing CONF_PAIR
*/
old = cf_pair_find(out, attr);
if (old) {
cf_pair_replace(out, old, value);
talloc_free(value);
continue;
}
/*
* ...or add a new CONF_PAIR
*/
cp = cf_pair_alloc(out, attr, value, T_OP_SET, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
if (!cp) {
cf_log_err_cs(out, "Failed allocing pair \"%s\" = \"%s\"", attr, value);
talloc_free(value);
return -1;
}
talloc_free(value);
cf_item_add(out, cf_pair_to_item(cp));
}
return 0;
}
/*
* Generic function for failing between a bunch of queries.
*
* Uses the same principle as rlm_linelog, expanding the 'reference' config
* item using xlat to figure out what query it should execute.
*
* If the reference matches multiple config items, and a query fails or
* doesn't update any rows, the next matching config item is used.
*
*/
static int acct_redundant(rlm_sql_t *inst, REQUEST *request,
sql_acct_section_t *section)
{
int ret = RLM_MODULE_OK;
rlm_sql_handle_t *handle = NULL;
int sql_ret;
int numaffected = 0;
CONF_ITEM *item;
CONF_PAIR *pair;
const char *attr = NULL;
const char *value;
char path[MAX_STRING_LEN];
char querystr[MAX_QUERY_LEN];
char *p = path;
rad_assert(section);
if (section->reference[0] != '.')
*p++ = '.';
if (!radius_xlat(p, (sizeof(path) - (p - path)) - 1,
section->reference, request, NULL, NULL))
return RLM_MODULE_FAIL;
item = cf_reference_item(NULL, section->cs, path);
if (!item)
return RLM_MODULE_FAIL;
if (cf_item_is_section(item)){
radlog(L_ERR, "Sections are not supported as references");
return RLM_MODULE_FAIL;
}
pair = cf_itemtopair(item);
attr = cf_pair_attr(pair);
RDEBUG2("Using query template '%s'", attr);
handle = sql_get_socket(inst);
if (handle == NULL)
return RLM_MODULE_FAIL;
sql_set_user(inst, request, NULL);
while (TRUE) {
value = cf_pair_value(pair);
if (!value) {
RDEBUG("Ignoring null query");
ret = RLM_MODULE_NOOP;
goto release;
}
radius_xlat(querystr, sizeof(querystr), value, request,
sql_escape_func, inst);
if (!*querystr) {
RDEBUG("Ignoring null query");
ret = RLM_MODULE_NOOP;
goto release;
}
rlm_sql_query_log(inst, request, section, querystr);
/*
* If rlm_sql_query cannot use the socket it'll try and
* reconnect. Reconnecting will automatically release
* the current socket, and try to select a new one.
*
* If we get SQL_DOWN it means all connections in the pool
* were exhausted, and we couldn't create a new connection,
* so we do not need to call sql_release_socket.
*/
sql_ret = rlm_sql_query(&handle, inst, querystr);
if (sql_ret == SQL_DOWN)
return RLM_MODULE_FAIL;
rad_assert(handle);
/*
* Assume all other errors are incidental, and just meant our
* operation failed and its not a client or SQL syntax error.
*/
if (sql_ret == 0) {
numaffected = (inst->module->sql_affected_rows)
(handle, inst->config);
if (numaffected > 0)
break;
RDEBUG("No records updated");
}
(inst->module->sql_finish_query)(handle, inst->config);
/*
* We assume all entries with the same name form a redundant
* set of queries.
*/
pair = cf_pair_find_next(section->cs, pair, attr);
if (!pair) {
RDEBUG("No additional queries configured");
ret = RLM_MODULE_NOOP;
goto release;
}
RDEBUG("Trying next query...");
}
(inst->module->sql_finish_query)(handle, inst->config);
release:
sql_release_socket(inst, handle);
return ret;
}
/** Allow the admin to set packet contents for Status-Server ping checks
*
* @param[in] ctx to allocate data in (instance of proto_radius).
* @param[out] out Where to write our parsed data
* @param[in] parent Base structure address.
* @param[in] ci #CONF_SECTION specifying the things to update
* @param[in] rule unused.
* @return
* - 0 on success.
* - -1 on failure.
*/
static int status_check_update_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
{
int rcode;
CONF_SECTION *cs;
char const *name2;
vp_map_t *head = NULL;
rad_assert(cf_item_is_section(ci));
cs = cf_item_to_section(ci);
name2 = cf_section_name2(cs);
if (!name2 || (strcmp(name2, "request") != 0)) {
cf_log_err(cs, "You must specify 'request' as the destination list");
return -1;
}
/*
* Compile the "update" section.
*/
{
vp_tmpl_rules_t parse_rules = {
.allow_foreign = true /* Because we don't know where we'll be called */
};
rcode = map_afrom_cs(ctx, &head, cs, &parse_rules, &parse_rules, unlang_fixup_update, NULL, 128);
if (rcode < 0) return -1; /* message already printed */
if (!head) {
cf_log_err(cs, "'update' sections cannot be empty");
return -1;
}
}
/*
* Rely on "bootstrap" to do sanity checks between 'type
* = Access-Request', and 'update' containing passwords.
*/
memcpy(out, &head, sizeof(head));
return 0;
}
static void mod_radius_signal(REQUEST *request, void *instance, void *thread, void *ctx,
fr_state_signal_t action)
{
rlm_radius_t const *inst = talloc_get_type_abort_const(instance, rlm_radius_t);
rlm_radius_thread_t *t = talloc_get_type_abort(thread, rlm_radius_thread_t);
/*
* We've been told we're done. Clean up.
*
* Note that the caller doesn't necessarily need to send
* us the signal, as he can just talloc_free(request).
* But it is more polite to send a signal, and it allows
* the IO modules to do additional debugging if
* necessary.
*/
if (action == FR_SIGNAL_CANCEL) {
talloc_free(ctx);
return;
}
/*
* We received a duplicate packet, but we're not doing
* synchronous proxying. Ignore the dup, and rely on the
* IO submodule to time it's own retransmissions.
*/
if ((action == FR_SIGNAL_DUP) && !inst->synchronous) return;
if (!inst->io->signal) return;
inst->io->signal(request, inst->io_instance, t->thread_io_ctx, ctx, action);
}
/*
* Generic function for failing between a bunch of queries.
*
* Uses the same principle as rlm_linelog, expanding the 'reference' config
* item using xlat to figure out what query it should execute.
*
* If the reference matches multiple config items, and a query fails or
* doesn't update any rows, the next matching config item is used.
*
*/
static int acct_redundant(rlm_sql_t *inst, REQUEST *request, sql_acct_section_t *section)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
rlm_sql_handle_t *handle = NULL;
int sql_ret;
int numaffected = 0;
CONF_ITEM *item;
CONF_PAIR *pair;
char const *attr = NULL;
char const *value;
char path[MAX_STRING_LEN];
char *p = path;
char *expanded = NULL;
rad_assert(section);
if (section->reference[0] != '.') {
*p++ = '.';
}
if (radius_xlat(p, sizeof(path) - (p - path), request, section->reference, NULL, NULL) < 0) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
/*
* If we can't find a matching config item we do
* nothing so return RLM_MODULE_NOOP.
*/
item = cf_reference_item(NULL, section->cs, path);
if (!item) {
RWDEBUG("No such configuration item %s", path);
rcode = RLM_MODULE_NOOP;
goto finish;
}
if (cf_item_is_section(item)){
RWDEBUG("Sections are not supported as references");
rcode = RLM_MODULE_NOOP;
goto finish;
}
pair = cf_item_to_pair(item);
attr = cf_pair_attr(pair);
RDEBUG2("Using query template '%s'", attr);
handle = fr_connection_get(inst->pool);
if (!handle) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
sql_set_user(inst, request, NULL);
while (true) {
value = cf_pair_value(pair);
if (!value) {
RDEBUG("Ignoring null query");
rcode = RLM_MODULE_NOOP;
goto finish;
}
if (radius_axlat(&expanded, request, value, inst->sql_escape_func, handle) < 0) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
if (!*expanded) {
RDEBUG("Ignoring null query");
rcode = RLM_MODULE_NOOP;
talloc_free(expanded);
goto finish;
}
rlm_sql_query_log(inst, request, section, expanded);
sql_ret = rlm_sql_query(inst, request, &handle, expanded);
TALLOC_FREE(expanded);
RDEBUG("SQL query returned: %s", fr_int2str(sql_rcode_table, sql_ret, "<INVALID>"));
switch (sql_ret) {
/*
* Query was a success! Now we just need to check if it did anything.
*/
case RLM_SQL_OK:
break;
/*
* A general, unrecoverable server fault.
*/
case RLM_SQL_ERROR:
/*
* If we get RLM_SQL_RECONNECT it means all connections in the pool
* were exhausted, and we couldn't create a new connection,
* so we do not need to call fr_connection_release.
*/
case RLM_SQL_RECONNECT:
rcode = RLM_MODULE_FAIL;
goto finish;
/*
* Query was invalid, this is a terminal error, but we still need
* to do cleanup, as the connection handle is still valid.
*/
case RLM_SQL_QUERY_INVALID:
rcode = RLM_MODULE_INVALID;
goto finish;
/*
* Driver found an error (like a unique key constraint violation)
* that hinted it might be a good idea to try an alternative query.
*/
case RLM_SQL_ALT_QUERY:
goto next;
}
rad_assert(handle);
/*
* We need to have updated something for the query to have been
* counted as successful.
*/
numaffected = (inst->module->sql_affected_rows)(handle, inst->config);
(inst->module->sql_finish_query)(handle, inst->config);
RDEBUG("%i record(s) updated", numaffected);
if (numaffected > 0) break; /* A query succeeded, were done! */
next:
/*
* We assume all entries with the same name form a redundant
* set of queries.
*/
pair = cf_pair_find_next(section->cs, pair, attr);
if (!pair) {
RDEBUG("No additional queries configured");
rcode = RLM_MODULE_NOOP;
goto finish;
}
RDEBUG("Trying next query...");
}
finish:
talloc_free(expanded);
fr_connection_release(inst->pool, handle);
sql_unset_user(inst, request);
return rcode;
}
