static Term p_mod(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case (CELL)long_int_e: switch (ETypeOfTerm(t2)) { case (CELL)long_int_e: /* two integers */ { Int i1 = IntegerOfTerm(t1); Int i2 = IntegerOfTerm(t2); Int mod; if (i2 == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is " Int_FORMAT " mod 0", i1); if (i1 == Int_MIN && i2 == -1) { return MkIntTerm(0); } mod = i1%i2; if (mod && (mod ^ i2) < 0) mod += i2; RINT(mod); } case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); case (CELL)big_int_e: #ifdef USE_GMP return Yap_gmp_mod_int_big(IntegerOfTerm(t1), t2); #endif default: RERROR(); break; } case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); case (CELL)big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: /* modulo between bignum and integer */ { Int i2 = IntegerOfTerm(t2); if (i2 == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is ... mod 0"); return Yap_gmp_mod_big_int(t1, i2); } case (CELL)big_int_e: /* two bignums */ return Yap_gmp_mod_big_big(t1, t2); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); default: RERROR(); } #endif default: RERROR(); } }
static Term p_rem(Term t1, Term t2) { switch (ETypeOfTerm(t1)) { case (CELL)long_int_e: switch (ETypeOfTerm(t2)) { case (CELL)long_int_e: /* two integers */ { Int i1 = IntegerOfTerm(t1); Int i2 = IntegerOfTerm(t2); Int mod; if (i2 == 0) goto zero_divisor; if (i1 == Int_MIN && i2 == -1) { #ifdef USE_GMP return Yap_gmp_add_ints(Int_MAX, 1); #else return Yap_ArithError(EVALUATION_ERROR_INT_OVERFLOW, t1, "rem/2 with %d and %d", i1, i2); #endif } mod = i1%i2; RINT(i1%i2); } case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); case (CELL)big_int_e: #ifdef USE_GMP return Yap_gmp_rem_int_big(IntegerOfTerm(t1), t2); #endif default: RERROR(); } break; case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t1, "mod/2"); case (CELL)big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: return Yap_gmp_rem_big_int(t1, IntegerOfTerm(t2)); case (CELL)big_int_e: /* two bignums */ return Yap_gmp_rem_big_big(t1, t2); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); default: RERROR(); } #endif default: RERROR(); } zero_divisor: return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is mod 0"); }
/** Dialogue between RADIUS and PAM modules * * Uses PAM's appdata_ptr so it's thread safe, and doesn't * have any nasty static variables hanging around. */ static int pam_conv(int num_msg, struct pam_message const **msg, struct pam_response **resp, void *appdata_ptr) { int count; struct pam_response *reply; REQUEST *request; rlm_pam_data_t *pam_config = (rlm_pam_data_t *) appdata_ptr; request = pam_config->request; /* strdup(NULL) doesn't work on some platforms */ #define COPY_STRING(s) ((s) ? strdup(s) : NULL) reply = rad_malloc(num_msg * sizeof(struct pam_response)); memset(reply, 0, num_msg * sizeof(struct pam_response)); for (count = 0; count < num_msg; count++) { switch (msg[count]->msg_style) { case PAM_PROMPT_ECHO_ON: reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = COPY_STRING(pam_config->username); break; case PAM_PROMPT_ECHO_OFF: reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = COPY_STRING(pam_config->password); break; case PAM_TEXT_INFO: RDEBUG2("%s", msg[count]->msg); break; case PAM_ERROR_MSG: default: RERROR("PAM conversation failed"); /* Must be an error of some sort... */ for (count = 0; count < num_msg; count++) { if (msg[count]->msg_style == PAM_ERROR_MSG) RERROR("%s", msg[count]->msg); if (reply[count].resp) { /* could be a password, let's be sanitary */ memset(reply[count].resp, 0, strlen(reply[count].resp)); free(reply[count].resp); } } free(reply); pam_config->error = true; return PAM_CONV_ERR; } } *resp = reply; /* PAM frees reply (including reply[].resp) */ return PAM_SUCCESS; }
static Term p_rem(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case (CELL)long_int_e: switch (ETypeOfTerm(t2)) { case (CELL)long_int_e: /* two integers */ { Int i1 = IntegerOfTerm(t1); Int i2 = IntegerOfTerm(t2); if (i2 == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is " Int_FORMAT " rem 0", i1); if (i1 == Int_MIN && i2 == -1) { return MkIntTerm(0); } RINT(i1%i2); } case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); case (CELL)big_int_e: #ifdef USE_GMP return Yap_gmp_rem_int_big(IntegerOfTerm(t1), t2); #endif default: RERROR(); } break; case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t1, "mod/2"); case (CELL)big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: if (IntegerOfTerm(t2) == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is ... rem 0"); return Yap_gmp_rem_big_int(t1, IntegerOfTerm(t2)); case (CELL)big_int_e: /* two bignums */ return Yap_gmp_rem_big_big(t1, t2); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); default: RERROR(); } #endif default: RERROR(); } }
/** Check the users password against the standard UNIX password table + PAM. * * @note For most flexibility, passing a pamauth type to this function * allows you to have multiple authentication types (i.e. multiple * files associated with radius in /etc/pam.d). * * @param request The current request. * @param username User to authenticate. * @param passwd Password to authenticate with, * @param pamauth Type of PAM authentication. * @return 0 on success -1 on failure. */ static int do_pam(REQUEST *request, char const *username, char const *passwd, char const *pamauth) { pam_handle_t *handle = NULL; int ret; rlm_pam_data_t pam_config; struct pam_conv conv; /* * Initialize the structures */ conv.conv = pam_conv; conv.appdata_ptr = &pam_config; pam_config.request = request; pam_config.username = username; pam_config.password = passwd; pam_config.error = false; RDEBUG2("Using pamauth string \"%s\" for pam.conf lookup", pamauth); ret = pam_start(pamauth, username, &conv, &handle); if (ret != PAM_SUCCESS) { RERROR("pam_start failed: %s", pam_strerror(handle, ret)); return -1; } ret = pam_authenticate(handle, 0); if (ret != PAM_SUCCESS) { RERROR("pam_authenticate failed: %s", pam_strerror(handle, ret)); pam_end(handle, ret); return -1; } /* * FreeBSD 3.x doesn't have account and session management * functions in PAM, while 4.0 does. */ #if !defined(__FreeBSD_version) || (__FreeBSD_version >= 400000) ret = pam_acct_mgmt(handle, 0); if (ret != PAM_SUCCESS) { RERROR("pam_acct_mgmt failed: %s", pam_strerror(handle, ret)); pam_end(handle, ret); return -1; } #endif RDEBUG2("Authentication succeeded"); pam_end(handle, ret); return 0; }
/* * Query the redis database */ int rlm_redis_query(REDISSOCK **dissocket_p, REDIS_INST *inst, char const *query, REQUEST *request) { REDISSOCK *dissocket; int argc; char const *argv[MAX_REDIS_ARGS]; char argv_buf[MAX_QUERY_LEN]; if (!query || !*query || !inst || !dissocket_p) { return -1; } argc = rad_expand_xlat(request, query, MAX_REDIS_ARGS, argv, false, sizeof(argv_buf), argv_buf); if (argc <= 0) return -1; dissocket = *dissocket_p; DEBUG2("executing %s ...", argv[0]); dissocket->reply = redisCommandArgv(dissocket->conn, argc, argv, NULL); if (!dissocket->reply) { RERROR("%s", dissocket->conn->errstr); dissocket = fr_connection_reconnect(inst->pool, dissocket); if (!dissocket) { error: *dissocket_p = NULL; return -1; } dissocket->reply = redisCommand(dissocket->conn, query); if (!dissocket->reply) { RERROR("Failed after re-connect"); fr_connection_del(inst->pool, dissocket); goto error; } *dissocket_p = dissocket; } if (dissocket->reply->type == REDIS_REPLY_ERROR) { RERROR("Query failed, %s", query); return -1; } return 0; }
/** Insert a new entry into the data store * * @param inst main rlm_cache instance. * @param request The current request. * @param handle Pointer to memcached handle. * @param c entry to insert. * @return CACHE_OK on success else CACHE_ERROR on error. */ static cache_status_t cache_entry_insert(UNUSED rlm_cache_t *inst, REQUEST *request, rlm_cache_handle_t **handle, rlm_cache_entry_t *c) { rlm_cache_memcached_handle_t *mandle = *handle; memcached_return_t ret; TALLOC_CTX *pool; char *to_store; pool = talloc_pool(NULL, 1024); if (!pool) return CACHE_ERROR; if (cache_serialize(pool, &to_store, c) < 0) { talloc_free(pool); return CACHE_ERROR; } ret = memcached_set(mandle->handle, c->key, talloc_array_length(c->key) - 1, to_store ? to_store : "", to_store ? talloc_array_length(to_store) - 1 : 0, c->expires, 0); talloc_free(pool); if (ret != MEMCACHED_SUCCESS) { RERROR("Failed storing entry with key \"%s\": %s: %s", c->key, memcached_strerror(mandle->handle, ret), memcached_last_error_message(mandle->handle)); return CACHE_ERROR; } return CACHE_OK; }
static Term p_rdiv(Term t1, Term t2 USES_REGS) { #ifdef USE_GMP switch (ETypeOfTerm(t1)) { case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "rdiv/2"); case (CELL)long_int_e: switch (ETypeOfTerm(t2)) { case (CELL)long_int_e: /* two integers */ { Int i1 = IntegerOfTerm(t1); Int i2 = IntegerOfTerm(t2); if (i2 == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is " Int_FORMAT " rdiv 0", i1); return Yap_gmq_rdiv_int_int(i1, i2); } case (CELL)big_int_e: /* I know the term is much larger, so: */ return Yap_gmq_rdiv_int_big(IntegerOfTerm(t1), t2); default: RERROR(); } break; case (CELL)big_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: if (IntegerOfTerm(t2) == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is ... rdiv 0"); /* I know the term is much larger, so: */ return Yap_gmq_rdiv_big_int(t1, IntegerOfTerm(t2)); case (CELL)big_int_e: return Yap_gmq_rdiv_big_big(t1, t2); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); default: RERROR(); } default: RERROR(); } #else RERROR(); #endif }
/* module gcd */ static Term p_gcd(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case long_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* two integers */ { Int i1 = IntegerOfTerm(t1), i2 = IntegerOfTerm(t2); i1 = (i1 >= 0 ? i1 : -i1); i2 = (i2 >= 0 ? i2 : -i2); RINT(gcd(i1,i2 PASS_REGS)); } case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "gcd/2"); case big_int_e: #ifdef USE_GMP return Yap_gmp_gcd_int_big(IntegerOfTerm(t1), t2); #endif default: RERROR(); } break; case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t1, "gcd/2"); case big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: return Yap_gmp_gcd_int_big(IntegerOfTerm(t2), t1); case big_int_e: return Yap_gmp_gcd_big_big(t1, t2); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "gcd/2"); default: RERROR(); } #endif default: RERROR(); } RERROR(); }
/* xor # */ static Term p_xor(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case long_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* two integers */ RINT(IntegerOfTerm(t1) ^ IntegerOfTerm(t2)); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "#/2"); case big_int_e: #ifdef USE_GMP return Yap_gmp_xor_int_big(IntegerOfTerm(t1), t2); #endif default: RERROR(); } break; case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t1, "#/2"); case big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: return Yap_gmp_xor_int_big(IntegerOfTerm(t2), t1); case big_int_e: return Yap_gmp_xor_big_big(t1, t2); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "#/2"); default: RERROR(); } #endif default: RERROR(); } RERROR(); }
/** Locate a cache entry in memcached * * @param out Where to write the pointer to the cach entry. * @param inst main rlm_cache instance. * @param request The current request. * @param handle Pointer to memcached handle. * @param key to search for. * @return CACHE_OK on success CACHE_MISS if no entry found, CACHE_ERROR on error. */ static cache_status_t cache_entry_find(rlm_cache_entry_t **out, UNUSED rlm_cache_t *inst, REQUEST *request, rlm_cache_handle_t **handle, char const *key) { rlm_cache_memcached_handle_t *mandle = *handle; memcached_return_t mret; size_t len; int ret; uint32_t flags; char *from_store; rlm_cache_entry_t *c; from_store = memcached_get(mandle->handle, key, strlen(key), &len, &flags, &mret); if (!from_store) { if (mret == MEMCACHED_NOTFOUND) return CACHE_MISS; RERROR("Failed retrieving entry for key \"%s\": %s: %s", key, memcached_strerror(mandle->handle, mret), memcached_last_error_message(mandle->handle)); return CACHE_ERROR; } RDEBUG2("Retrieved %zu bytes from memcached", len); RDEBUG2("%s", from_store); c = talloc_zero(NULL, rlm_cache_entry_t); ret = cache_deserialize(c, from_store, len); free(from_store); if (ret < 0) { RERROR("%s", fr_strerror()); talloc_free(c); return CACHE_ERROR; } c->key = talloc_strdup(c, key); *out = c; return CACHE_OK; }
static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request) { rlm_eap_t *inst = instance; VALUE_PAIR *vp; eap_handler_t *handler; eap_packet_raw_t *eap_packet; /* * Only build a failure message if something previously rejected the request */ vp = pairfind(request->config_items, PW_POSTAUTHTYPE, 0, TAG_ANY); if (!vp || (vp->vp_integer != PW_POSTAUTHTYPE_REJECT)) return RLM_MODULE_NOOP; if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) { RDEBUG2("Request didn't contain an EAP-Message, not inserting EAP-Failure"); return RLM_MODULE_NOOP; } if (pairfind(request->reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) { RDEBUG2("Reply already contained an EAP-Message, not inserting EAP-Failure"); return RLM_MODULE_NOOP; } eap_packet = eap_vp2packet(request, request->packet->vps); if (!eap_packet) { RERROR("Malformed EAP Message"); return RLM_MODULE_FAIL; } handler = eap_handler(inst, &eap_packet, request); if (!handler) { RDEBUG2("Failed to get handler, probably already removed, not inserting EAP-Failure"); return RLM_MODULE_NOOP; } RDEBUG2("Request was previously rejected, inserting EAP-Failure"); eap_fail(handler); eap_handler_free(inst, handler); /* * Make sure there's a message authenticator attribute in the response * RADIUS protocol code will calculate the correct value later... */ vp = pairfind(request->reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY); if (!vp) { pairmake_reply("Message-Authenticator", "0x00", T_OP_EQ); } return RLM_MODULE_UPDATED; }
/* * Xlat for %{client:[<ipaddr>.]foo} */ static ssize_t xlat_client(TALLOC_CTX *ctx, char **out, UNUSED size_t outlen, UNUSED void const *mod_inst, UNUSED void const *xlat_inst, REQUEST *request, char const *fmt) { char const *value = NULL; char buffer[INET6_ADDRSTRLEN], *q; char const *p = fmt; fr_ipaddr_t ip; CONF_PAIR *cp; RADCLIENT *client = NULL; *out = NULL; q = strrchr(p, '.'); if (q) { strlcpy(buffer, p, (q + 1) - p); if (fr_inet_pton(&ip, buffer, -1, AF_UNSPEC, false, true) < 0) goto request_client; p = q + 1; client = client_find(NULL, &ip, IPPROTO_IP); if (!client) { RDEBUG("No client found with IP \"%s\"", buffer); return 0; } } else { request_client: client = request->client; if (!client) { RERROR("No client associated with this request"); return -1; } } cp = cf_pair_find(client->cs, p); if (!cp || !(value = cf_pair_value(cp))) { if (strcmp(fmt, "shortname") == 0 && request->client->shortname) { value = request->client->shortname; } else if (strcmp(fmt, "nas_type") == 0 && request->client->nas_type) { value = request->client->nas_type; } if (!value) return 0; } *out = talloc_typed_strdup(ctx, value); return talloc_array_length(*out) - 1; }
static Term eval2(Int fi, Term t1, Term t2 USES_REGS) { arith2_op f = fi; switch (f) { case op_plus: return p_plus(t1, t2 PASS_REGS); case op_minus: return p_minus(t1, t2 PASS_REGS); case op_times: return p_times(t1, t2 PASS_REGS); case op_div: return p_div(t1, t2 PASS_REGS); case op_idiv: return p_div2(t1, t2 PASS_REGS); case op_and: return p_and(t1, t2 PASS_REGS); case op_or: return p_or(t1, t2 PASS_REGS); case op_sll: return p_sll(t1, t2 PASS_REGS); case op_slr: return p_slr(t1, t2 PASS_REGS); case op_mod: return p_mod(t1, t2 PASS_REGS); case op_rem: return p_rem(t1, t2 PASS_REGS); case op_fdiv: return p_fdiv(t1, t2 PASS_REGS); case op_xor: return p_xor(t1, t2 PASS_REGS); case op_atan2: return p_atan2(t1, t2 PASS_REGS); case op_power: return p_exp(t1, t2 PASS_REGS); case op_power2: return p_power(t1, t2 PASS_REGS); case op_gcd: return p_gcd(t1, t2 PASS_REGS); case op_min: return p_min(t1, t2); case op_max: return p_max(t1, t2); case op_rdiv: return p_rdiv(t1, t2 PASS_REGS); } RERROR(); }
/** Call delete the cache entry from memcached * * @param inst main rlm_cache instance. * @param request The current request. * @param handle Pointer to memcached handle. * @param c entry to expire. * @return CACHE_OK on success else CACHE_ERROR. */ static cache_status_t cache_entry_expire(UNUSED rlm_cache_t *inst, REQUEST *request, rlm_cache_handle_t **handle, rlm_cache_entry_t *c) { rlm_cache_memcached_handle_t *mandle = *handle; memcached_return_t ret; ret = memcached_delete(mandle->handle, c->key, talloc_array_length(c->key) - 1, 0); if (ret != MEMCACHED_SUCCESS) { RERROR("Failed deleting entry with key \"%s\": %s", c->key, memcached_last_error_message(mandle->handle)); return CACHE_ERROR; } return CACHE_OK; }
/** Handle asynchronous cancellation of a request * * If we're signalled that the request has been cancelled (FR_SIGNAL_CANCEL). * Cleanup any pending state and release the connection handle back into the pool. * * @param[in] instance of rlm_rest. * @param[in] thread Thread specific module instance. * @param[in] request being cancelled. * @param[in] rctx rlm_rest_handle_t currently used by the request. * @param[in] action What happened. */ void rest_io_module_action(void *instance, void *thread, REQUEST *request, void *rctx, fr_state_signal_t action) { rlm_rest_handle_t *randle = talloc_get_type_abort(rctx, rlm_rest_handle_t); rlm_rest_thread_t *t = thread; CURLMcode ret; if (action != FR_SIGNAL_CANCEL) return; RDEBUG2("Forcefully cancelling pending REST request"); ret = curl_multi_remove_handle(t->mandle, randle->candle); /* Gracefully terminate the request */ if (ret != CURLM_OK) { RERROR("Failed removing curl handle from multi-handle: %s (%i)", curl_multi_strerror(ret), ret); /* Not much we can do */ } t->transfers--; rest_request_cleanup(instance, randle); fr_pool_connection_release(t->pool, request, randle); }
/* * Do detail, compatible with old accounting */ static rlm_rcode_t CC_HINT(nonnull) detail_do(void *instance, REQUEST *request, RADIUS_PACKET *packet, bool compat) { int outfd; char buffer[DIRLEN]; FILE *outfp; #ifdef HAVE_GRP_H gid_t gid; struct group *grp; char *endptr; #endif detail_instance_t *inst = instance; /* * Generate the path for the detail file. Use the same * format, but truncate at the last /. Then feed it * through radius_xlat() to expand the variables. */ if (radius_xlat(buffer, sizeof(buffer), request, inst->filename, NULL, NULL) < 0) { return RLM_MODULE_FAIL; } RDEBUG2("%s expands to %s", inst->filename, buffer); #ifdef WITH_ACCOUNTING #if defined(HAVE_FNMATCH_H) && defined(FNM_FILE_NAME) /* * If we read it from a detail file, and we're about to * write it back to the SAME detail file directory, then * suppress the write. This check prevents an infinite * loop. */ if ((request->listener->type == RAD_LISTEN_DETAIL) && (fnmatch(((listen_detail_t *)request->listener->data)->filename, buffer, FNM_FILE_NAME | FNM_PERIOD ) == 0)) { RWDEBUG2("Suppressing infinite loop"); return RLM_MODULE_NOOP; } #endif #endif outfd = fr_logfile_open(inst->lf, buffer, inst->perm); if (outfd < 0) { RERROR("Couldn't open file %s: %s", buffer, fr_strerror()); return RLM_MODULE_FAIL; } #ifdef HAVE_GRP_H if (inst->group != NULL) { gid = strtol(inst->group, &endptr, 10); if (*endptr != '\0') { grp = rad_getgrnam(inst->group); if (!grp) { RDEBUG2("Unable to find system group '%s'", inst->group); goto skip_group; } gid = grp->gr_gid; } if (chown(buffer, -1, gid) == -1) { RDEBUG2("Unable to change system group of '%s'", buffer); } } skip_group: #endif /* * Open the output fp for buffering. */ if ((outfp = fdopen(outfd, "a")) == NULL) { RERROR("Couldn't open file %s: %s", buffer, fr_syserror(errno)); fail: if (outfp) fclose(outfp); fr_logfile_unlock(inst->lf, outfd); return RLM_MODULE_FAIL; } if (detail_write(outfp, inst, request, packet, compat) < 0) goto fail; /* * Flush everything */ fclose(outfp); fr_logfile_unlock(inst->lf, outfd); /* do NOT close outfp */ /* * And everything is fine. */ return RLM_MODULE_OK; }
/* Floating point division: / */ static Term p_fdiv(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case long_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: { Int i2 = IntegerOfTerm(t2); /* two integers */ RFLOAT((((Float)IntegerOfTerm(t1))/(Float)i2)); } case double_e: { /* integer, double */ Float fl1 = (Float)IntegerOfTerm(t1); Float fl2 = FloatOfTerm(t2); RFLOAT(fl1/fl2); } case (CELL)big_int_e: #ifdef USE_GMP return Yap_gmp_fdiv_int_big(IntegerOfTerm(t1), t2); #endif default: RERROR(); } break; case double_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* float / integer */ { Int i2 = IntegerOfTerm(t2); RFLOAT(FloatOfTerm(t1)/(Float)i2); } case double_e: { Float f2 = FloatOfTerm(t2); RFLOAT(FloatOfTerm(t1)/f2); } case big_int_e: #ifdef USE_GMP return Yap_gmp_fdiv_float_big(FloatOfTerm(t1), t2); #endif default: RERROR(); } break; case big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: return Yap_gmp_fdiv_big_int(t1, IntegerOfTerm(t2)); case big_int_e: /* two bignums*/ return Yap_gmp_fdiv_big_big(t1, t2); case double_e: return Yap_gmp_fdiv_big_float(t1, FloatOfTerm(t2)); default: RERROR(); } #endif default: RERROR(); } RERROR(); }
/* * The S flag is set only within the EAP-TLS start message sent * from the EAP server to the peer. * * Similarly, when the EAP server receives an EAP-Response with * the M bit set, it MUST respond with an EAP-Request with * EAP-Type=EAP-TLS and no data. This serves as a fragment * ACK. The EAP peer MUST wait. */ static fr_tls_status_t eaptls_verify(eap_handler_t *handler) { EAP_DS *eap_ds = handler->eap_ds; EAP_DS *prev_eap_ds = handler->prev_eapds; eaptls_packet_t *eaptls_packet, *eaptls_prev = NULL; REQUEST *request = handler->request; /* * We don't check ANY of the input parameters. It's all * code which works together, so if something is wrong, * we SHOULD core dump. * * e.g. if eap_ds is NULL, of if eap_ds->response is * NULL, of if it's NOT an EAP-Response, or if the packet * is too short. See eap_validation()., in ../../eap.c * * Also, eap_method_select() takes care of selecting the * appropriate type, so we don't need to check * eap_ds->response->type.num == PW_EAP_TLS, or anything * else. */ eaptls_packet = (eaptls_packet_t *)eap_ds->response->type.data; if (prev_eap_ds && prev_eap_ds->response) eaptls_prev = (eaptls_packet_t *)prev_eap_ds->response->type.data; /* * check for ACK * * If there's no TLS data, or there's 1 byte of TLS data, * with the flags set to zero, then it's an ACK. * * Find if this is a reply to the previous request sent */ if ((!eaptls_packet) || ((eap_ds->response->length == EAP_HEADER_LEN + 2) && ((eaptls_packet->flags & 0xc0) == 0x00))) { if (prev_eap_ds && (prev_eap_ds->request->id == eap_ds->response->id)) { /* * Run the ACK handler directly from here. */ RDEBUG2("Received TLS ACK"); return tls_ack_handler(handler->opaque, request); } else { RERROR("Received Invalid TLS ACK"); return FR_TLS_INVALID; } } /* * We send TLS_START, but do not receive it. */ if (TLS_START(eaptls_packet->flags)) { RDEBUG("Received unexpected EAP-TLS Start message"); return FR_TLS_INVALID; } /* * The L bit (length included) is set to indicate the * presence of the four octet TLS Message Length field, * and MUST be set for the first fragment of a fragmented * TLS message or set of messages. * * The M bit (more fragments) is set on all but the last * fragment. * * The S bit (EAP-TLS start) is set in an EAP-TLS Start * message. This differentiates the EAP-TLS Start message * from a fragment acknowledgement. */ if (TLS_LENGTH_INCLUDED(eaptls_packet->flags)) { DEBUG2(" TLS Length %d", eaptls_packet->data[2] * 256 | eaptls_packet->data[3]); if (TLS_MORE_FRAGMENTS(eaptls_packet->flags)) { /* * FIRST_FRAGMENT is identified * 1. If there is no previous EAP-response received. * 2. If EAP-response received, then its M bit not set. * (It is because Last fragment will not have M bit set) */ if (!prev_eap_ds || (!prev_eap_ds->response) || (!eaptls_prev) || !TLS_MORE_FRAGMENTS(eaptls_prev->flags)) { RDEBUG2("Received EAP-TLS First Fragment of the message"); return FR_TLS_FIRST_FRAGMENT; } else { RDEBUG2("More Fragments with length included"); return FR_TLS_MORE_FRAGMENTS_WITH_LENGTH; } } else { RDEBUG2("Length Included"); return FR_TLS_LENGTH_INCLUDED; } } if (TLS_MORE_FRAGMENTS(eaptls_packet->flags)) { RDEBUG2("More fragments to follow"); return FR_TLS_MORE_FRAGMENTS; } /* * None of the flags are set, but it's still a valid * EAPTLS packet. */ return FR_TLS_OK; }
/** Locate a cache entry in redis * * @copydetails cache_entry_find_t */ static cache_status_t cache_entry_find(rlm_cache_entry_t **out, UNUSED rlm_cache_config_t const *config, void *driver_inst, REQUEST *request, UNUSED void *handle, uint8_t const *key, size_t key_len) { rlm_cache_redis_t *driver = driver_inst; size_t i; fr_redis_cluster_state_t state; fr_redis_conn_t *conn; fr_redis_rcode_t status; redisReply *reply = NULL; int s_ret; vp_map_t *head = NULL, **last = &head; #ifdef HAVE_TALLOC_POOLED_OBJECT size_t pool_size = 0; #endif rlm_cache_entry_t *c; for (s_ret = fr_redis_cluster_state_init(&state, &conn, driver->cluster, request, key, key_len, false); s_ret == REDIS_RCODE_TRY_AGAIN; /* Continue */ s_ret = fr_redis_cluster_state_next(&state, &conn, driver->cluster, request, status, &reply)) { /* * Grab all the data for this hash, should return an array * of alternating keys/values which we then convert into maps. */ if (RDEBUG_ENABLED3) { char *p; p = fr_asprint(NULL, (char const *)key, key_len, '"'); RDEBUG3("LRANGE %s 0 -1", key); talloc_free(p); } reply = redisCommand(conn->handle, "LRANGE %b 0 -1", key, key_len); status = fr_redis_command_status(conn, reply); } if (s_ret != REDIS_RCODE_SUCCESS) { RERROR("Failed retrieving entry"); fr_redis_reply_free(reply); return CACHE_ERROR; } rad_assert(reply); /* clang scan */ if (reply->type != REDIS_REPLY_ARRAY) { REDEBUG("Bad result type, expected array, got %s", fr_int2str(redis_reply_types, reply->type, "<UNKNOWN>")); fr_redis_reply_free(reply); return CACHE_ERROR; } RDEBUG3("Entry contains %zu elements", reply->elements); if (reply->elements == 0) { fr_redis_reply_free(reply); return CACHE_MISS; } if (reply->elements % 3) { REDEBUG("Invalid number of reply elements (%zu). " "Reply must contain triplets of keys operators and values", reply->elements); fr_redis_reply_free(reply); return CACHE_ERROR; } #ifdef HAVE_TALLOC_POOLED_OBJECT /* * We can get a pretty good idea of the required size of the pool */ for (i = 0; i < reply->elements; i += 3) { pool_size += sizeof(vp_map_t) + (sizeof(vp_tmpl_t) * 2); if (reply->element[i]->type == REDIS_REPLY_STRING) pool_size += reply->element[i]->len + 1; } /* * reply->elements gives us the number of chunks, as the maps are triplets, and there * are three chunks per map */ c = talloc_pooled_object(NULL, rlm_cache_entry_t, reply->elements, pool_size); memset(&pool, 0, sizeof(rlm_cache_entry_t)); #else c = talloc_zero(NULL, rlm_cache_entry_t); #endif /* * Convert the key/value pairs back into maps */ for (i = 0; i < reply->elements; i += 3) { if (fr_redis_reply_to_map(c, last, request, reply->element[i], reply->element[i + 1], reply->element[i + 2]) < 0) { talloc_free(c); fr_redis_reply_free(reply); return CACHE_ERROR; } last = &(*last)->next; } fr_redis_reply_free(reply); /* * Pull out the cache created date */ if ((head->lhs->tmpl_da->vendor == 0) && (head->lhs->tmpl_da->attr == PW_CACHE_CREATED)) { vp_map_t *map; c->created = head->rhs->tmpl_data_value.date; map = head; head = head->next; talloc_free(map); } /* * Pull out the cache expires date */ if ((head->lhs->tmpl_da->vendor == 0) && (head->lhs->tmpl_da->attr == PW_CACHE_EXPIRES)) { vp_map_t *map; c->expires = head->rhs->tmpl_data_value.date; map = head; head = head->next; talloc_free(map); } c->key = talloc_memdup(c, key, key_len); c->key_len = key_len; c->maps = head; *out = c; return CACHE_OK; }
static rlm_rcode_t do_linelog(void *instance, REQUEST *request) { int fd = -1; char buffer[4096]; char *p; char line[1024]; rlm_linelog_t *inst = (rlm_linelog_t*) instance; char const *value = inst->line; #ifdef HAVE_GRP_H gid_t gid; struct group *grp; char *endptr; #endif if (inst->reference) { CONF_ITEM *ci; CONF_PAIR *cp; p = line + 1; if (radius_xlat(p, sizeof(line) - 2, request, inst->reference, linelog_escape_func, NULL) < 0) { return RLM_MODULE_FAIL; } line[0] = '.'; /* force to be in current section */ /* * Don't allow it to go back up */ if (line[1] == '.') goto do_log; ci = cf_reference_item(NULL, inst->cs, line); if (!ci) { RDEBUG2("No such entry \"%s\"", line); return RLM_MODULE_NOOP; } if (!cf_item_is_pair(ci)) { RDEBUG2("Entry \"%s\" is not a variable assignment ", line); goto do_log; } cp = cf_itemtopair(ci); value = cf_pair_value(cp); if (!value) { RDEBUG2("Entry \"%s\" has no value", line); goto do_log; } /* * Value exists, but is empty. Don't log anything. */ if (!*value) return RLM_MODULE_OK; } do_log: /* * FIXME: Check length. */ if (strcmp(inst->filename, "syslog") != 0) { if (radius_xlat(buffer, sizeof(buffer), request, inst->filename, NULL, NULL) < 0) { return RLM_MODULE_FAIL; } /* check path and eventually create subdirs */ p = strrchr(buffer,'/'); if (p) { *p = '\0'; if (rad_mkdir(buffer, 0700) < 0) { RERROR("rlm_linelog: Failed to create directory %s: %s", buffer, fr_syserror(errno)); return RLM_MODULE_FAIL; } *p = '/'; } fd = fr_logfile_open(inst->lf, buffer, inst->permissions); if (fd == -1) { ERROR("rlm_linelog: Failed to open %s: %s", buffer, fr_syserror(errno)); return RLM_MODULE_FAIL; } #ifdef HAVE_GRP_H if (inst->group != NULL) { gid = strtol(inst->group, &endptr, 10); if (*endptr != '\0') { grp = getgrnam(inst->group); if (!grp) { RDEBUG2("Unable to find system group \"%s\"", inst->group); goto skip_group; } gid = grp->gr_gid; } if (chown(buffer, -1, gid) == -1) { RDEBUG2("Unable to change system group of \"%s\"", buffer); } } #endif } skip_group: /* * FIXME: Check length. */ if (radius_xlat(line, sizeof(line) - 1, request, value, linelog_escape_func, NULL) < 0) { if (fd > -1) { fr_logfile_close(inst->lf, fd); } return RLM_MODULE_FAIL; } if (fd >= 0) { strcat(line, "\n"); if (write(fd, line, strlen(line)) < 0) { EDEBUG("rlm_linelog: Failed writing: %s", fr_syserror(errno)); fr_logfile_close(inst->lf, fd); return RLM_MODULE_FAIL; } fr_logfile_close(inst->lf, fd); #ifdef HAVE_SYSLOG_H } else { syslog(inst->facility, "%s", line); #endif } return RLM_MODULE_OK; }
/* power: x^y */ static Term p_power(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case long_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: { Int i2 = IntegerOfTerm(t2); /* two integers */ RFLOAT(pow(IntegerOfTerm(t1),i2)); } case double_e: { /* integer, double */ Float fl1 = (Float)IntegerOfTerm(t1); Float fl2 = FloatOfTerm(t2); RFLOAT(pow(fl1,fl2)); } case big_int_e: #ifdef USE_GMP { Int i1 = IntegerOfTerm(t1); Float f2 = Yap_gmp_to_float(t2); RFLOAT(pow(i1,f2)); } #endif default: RERROR(); } break; case double_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* float / integer */ { Int i2 = IntegerOfTerm(t2); RFLOAT(pow(FloatOfTerm(t1),i2)); } case double_e: { Float f2 = FloatOfTerm(t2); RFLOAT(pow(FloatOfTerm(t1),f2)); } case big_int_e: #ifdef USE_GMP { RFLOAT(pow(FloatOfTerm(t1),Yap_gmp_to_float(t2))); } #endif default: RERROR(); } break; case big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: { Int i = IntegerOfTerm(t2); RFLOAT(pow(Yap_gmp_to_float(t1),i)); } case big_int_e: /* two bignums */ RFLOAT(pow(Yap_gmp_to_float(t1),Yap_gmp_to_float(t2))); case double_e: { Float dbl = FloatOfTerm(t2); RFLOAT(pow(Yap_gmp_to_float(t1),dbl)); } default: RERROR(); } #endif default: RERROR(); } RERROR(); }
/* atan2: arc tangent x/y */ static Term p_atan2(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case long_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* two integers */ RFLOAT(atan2(IntegerOfTerm(t1),IntegerOfTerm(t2))); case double_e: RFLOAT(atan2(IntegerOfTerm(t1),FloatOfTerm(t2))); case big_int_e: #ifdef USE_GMP { Int i1 = IntegerOfTerm(t1); Float f2 = Yap_gmp_to_float(t2); RFLOAT(atan2(i1,f2)); } #endif default: RERROR(); break; } case double_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* float / integer */ { Int i2 = IntegerOfTerm(t2); RFLOAT(atan2(FloatOfTerm(t1),i2)); } case double_e: { Float f2 = FloatOfTerm(t2); RFLOAT(atan2(FloatOfTerm(t1),f2)); } case big_int_e: #ifdef USE_GMP { RFLOAT(atan2(FloatOfTerm(t1),Yap_gmp_to_float(t2))); } #endif default: RERROR(); } break; case big_int_e: #ifdef USE_GMP { Float dbl1 = Yap_gmp_to_float(t1); switch (ETypeOfTerm(t2)) { case long_int_e: { Int i = IntegerOfTerm(t2); RFLOAT(atan2(dbl1,i)); } case big_int_e: /* two bignums */ RFLOAT(atan2(dbl1,Yap_gmp_to_float(t2))); case double_e: { Float dbl = FloatOfTerm(t2); RFLOAT(atan2(dbl1,dbl)); } default: RERROR(); } } #endif default: RERROR(); } RERROR(); }
/** Handle authorization requests using Couchbase document data * * Attempt to fetch the document assocaited with the requested user by * using the deterministic key defined in the configuration. When a valid * document is found it will be parsed and the containing value pairs will be * injected into the request. * * @param instance The module instance. * @param thread specific data. * @param request The authorization request. * @return Operation status (#rlm_rcode_t). */ static rlm_rcode_t mod_authorize(void *instance, UNUSED void *thread, REQUEST *request) { rlm_couchbase_t const *inst = instance; /* our module instance */ rlm_couchbase_handle_t *handle = NULL; /* connection pool handle */ char buffer[MAX_KEY_SIZE]; char const *dockey; /* our document key */ lcb_error_t cb_error = LCB_SUCCESS; /* couchbase error holder */ rlm_rcode_t rcode = RLM_MODULE_OK; /* return code */ ssize_t slen; /* assert packet as not null */ rad_assert(request->packet != NULL); /* attempt to build document key */ slen = tmpl_expand(&dockey, buffer, sizeof(buffer), request, inst->user_key, NULL, NULL); if (slen < 0) return RLM_MODULE_FAIL; if ((dockey == buffer) && is_truncated((size_t)slen, sizeof(buffer))) { REDEBUG("Key too long, expected < " STRINGIFY(sizeof(buffer)) " bytes, got %zi bytes", slen); return RLM_MODULE_FAIL; } /* get handle */ handle = fr_pool_connection_get(inst->pool, request); /* check handle */ if (!handle) return RLM_MODULE_FAIL; /* set couchbase instance */ lcb_t cb_inst = handle->handle; /* set cookie */ cookie_t *cookie = handle->cookie; /* fetch document */ cb_error = couchbase_get_key(cb_inst, cookie, dockey); /* check error */ if (cb_error != LCB_SUCCESS || !cookie->jobj) { /* log error */ RERROR("failed to fetch document or parse return"); /* set return */ rcode = RLM_MODULE_FAIL; /* return */ goto finish; } /* debugging */ RDEBUG3("parsed user document == %s", json_object_to_json_string(cookie->jobj)); { TALLOC_CTX *pool = talloc_pool(request, 1024); /* We need to do lots of allocs */ fr_cursor_t maps, vlms; vp_map_t *map_head = NULL, *map; vp_list_mod_t *vlm_head = NULL, *vlm; fr_cursor_init(&maps, &map_head); /* * Convert JSON data into maps */ if ((mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_CONTROL) < 0) || (mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_REPLY) < 0) || (mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_REQUEST) < 0) || (mod_json_object_to_map(pool, &maps, request, cookie->jobj, PAIR_LIST_STATE) < 0)) { invalid: talloc_free(pool); rcode = RLM_MODULE_INVALID; goto finish; } fr_cursor_init(&vlms, &vlm_head); /* * Convert all the maps into list modifications, * which are guaranteed to succeed. */ for (map = fr_cursor_head(&maps); map; map = fr_cursor_next(&maps)) { if (map_to_list_mod(pool, &vlm, request, map, NULL, NULL) < 0) goto invalid; fr_cursor_insert(&vlms, vlm); } if (!vlm_head) { RDEBUG2("Nothing to update"); talloc_free(pool); rcode = RLM_MODULE_NOOP; goto finish; } /* * Apply the list of modifications */ for (vlm = fr_cursor_head(&vlms); vlm; vlm = fr_cursor_next(&vlms)) { int ret; ret = map_list_mod_apply(request, vlm); /* SHOULD NOT FAIL */ if (!fr_cond_assert(ret == 0)) { talloc_free(pool); rcode = RLM_MODULE_FAIL; goto finish; } } talloc_free(pool); } finish: /* free json object */ if (cookie->jobj) { json_object_put(cookie->jobj); cookie->jobj = NULL; } /* release handle */ if (handle) fr_pool_connection_release(inst->pool, request, handle); /* return */ return rcode; }
/* power: x^y */ static Term p_exp(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case long_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: { Int i1 = IntegerOfTerm(t1); Int i2 = IntegerOfTerm(t2); Int pow = ipow(i1,i2); if (i2 < 0) { return Yap_ArithError(DOMAIN_ERROR_NOT_LESS_THAN_ZERO, t2, "%d ^ %d", i1, i2); } #ifdef USE_GMP /* two integers */ if ((i1 && !pow)) { /* overflow */ return Yap_gmp_exp_int_int(i1, i2); } #endif RINT(pow); } case double_e: { /* integer, double */ Float fl1 = (Float)IntegerOfTerm(t1); Float fl2 = FloatOfTerm(t2); RFLOAT(pow(fl1,fl2)); } case big_int_e: #ifdef USE_GMP { Int i = IntegerOfTerm(t1); return Yap_gmp_exp_int_big(i,t2); } #endif default: RERROR(); } break; case double_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* float / integer */ { Int i2 = IntegerOfTerm(t2); RFLOAT(pow(FloatOfTerm(t1),i2)); } case double_e: { Float f2 = FloatOfTerm(t2); RFLOAT(pow(FloatOfTerm(t1),f2)); } case big_int_e: #ifdef USE_GMP { RFLOAT(pow(FloatOfTerm(t1),Yap_gmp_to_float(t2))); } #endif default: RERROR(); } break; case big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: { Int i = IntegerOfTerm(t2); return Yap_gmp_exp_big_int(t1,i); } case big_int_e: /* two bignums, makes no sense */ return Yap_gmp_exp_big_big(t1,t2); case double_e: { Float dbl = FloatOfTerm(t2); RFLOAT(pow(Yap_gmp_to_float(t1),dbl)); } default: RERROR(); } #endif default: RERROR(); } RERROR(); }
/** Write accounting data to Couchbase documents * * Handle accounting requests and store the associated data into JSON documents * in couchbase mapping attribute names to JSON element names per the module configuration. * * When an existing document already exists for the same accounting section the new attributes * will be merged with the currently existing data. When conflicts arrise the new attribute * value will replace or be added to the existing value. * * @param instance The module instance. * @param thread specific data. * @param request The accounting request object. * @return Operation status (#rlm_rcode_t). */ static rlm_rcode_t mod_accounting(void *instance, UNUSED void *thread, REQUEST *request) { rlm_couchbase_t const *inst = instance; /* our module instance */ rlm_couchbase_handle_t *handle = NULL; /* connection pool handle */ rlm_rcode_t rcode = RLM_MODULE_OK; /* return code */ VALUE_PAIR *vp; /* radius value pair linked list */ char buffer[MAX_KEY_SIZE]; char const *dockey; /* our document key */ char document[MAX_VALUE_SIZE]; /* our document body */ char element[MAX_KEY_SIZE]; /* mapped radius attribute to element name */ int status = 0; /* account status type */ int docfound = 0; /* document found toggle */ lcb_error_t cb_error = LCB_SUCCESS; /* couchbase error holder */ ssize_t slen; /* assert packet as not null */ rad_assert(request->packet != NULL); /* sanity check */ if ((vp = fr_pair_find_by_da(request->packet->vps, attr_acct_status_type, TAG_ANY)) == NULL) { /* log debug */ RDEBUG2("could not find status type in packet"); /* return */ return RLM_MODULE_NOOP; } /* set status */ status = vp->vp_uint32; /* acknowledge the request but take no action */ if (status == FR_STATUS_ACCOUNTING_ON || status == FR_STATUS_ACCOUNTING_OFF) { /* log debug */ RDEBUG2("handling accounting on/off request without action"); /* return */ return RLM_MODULE_OK; } /* get handle */ handle = fr_pool_connection_get(inst->pool, request); /* check handle */ if (!handle) return RLM_MODULE_FAIL; /* set couchbase instance */ lcb_t cb_inst = handle->handle; /* set cookie */ cookie_t *cookie = handle->cookie; /* attempt to build document key */ slen = tmpl_expand(&dockey, buffer, sizeof(buffer), request, inst->acct_key, NULL, NULL); if (slen < 0) { rcode = RLM_MODULE_FAIL; goto finish; } if ((dockey == buffer) && is_truncated((size_t)slen, sizeof(buffer))) { REDEBUG("Key too long, expected < " STRINGIFY(sizeof(buffer)) " bytes, got %zi bytes", slen); rcode = RLM_MODULE_FAIL; /* return */ goto finish; } /* attempt to fetch document */ cb_error = couchbase_get_key(cb_inst, cookie, dockey); /* check error and object */ if (cb_error != LCB_SUCCESS || cookie->jerr != json_tokener_success || !cookie->jobj) { /* log error */ RERROR("failed to execute get request or parse returned json object"); /* free and reset json object */ if (cookie->jobj) { json_object_put(cookie->jobj); cookie->jobj = NULL; } /* check cookie json object */ } else if (cookie->jobj) { /* set doc found */ docfound = 1; /* debugging */ RDEBUG3("parsed json body from couchbase: %s", json_object_to_json_string(cookie->jobj)); } /* start json document if needed */ if (docfound != 1) { /* debugging */ RDEBUG2("no existing document found - creating new json document"); /* create new json object */ cookie->jobj = json_object_new_object(); /* set 'docType' element for new document */ json_object_object_add(cookie->jobj, "docType", json_object_new_string(inst->doctype)); /* default startTimestamp and stopTimestamp to null values */ json_object_object_add(cookie->jobj, "startTimestamp", NULL); json_object_object_add(cookie->jobj, "stopTimestamp", NULL); } /* status specific replacements for start/stop time */ switch (status) { case FR_STATUS_START: /* add start time */ if ((vp = fr_pair_find_by_da(request->packet->vps, attr_acct_status_type, TAG_ANY)) != NULL) { /* add to json object */ json_object_object_add(cookie->jobj, "startTimestamp", mod_value_pair_to_json_object(request, vp)); } break; case FR_STATUS_STOP: /* add stop time */ if ((vp = fr_pair_find_by_da(request->packet->vps, attr_event_timestamp, TAG_ANY)) != NULL) { /* add to json object */ json_object_object_add(cookie->jobj, "stopTimestamp", mod_value_pair_to_json_object(request, vp)); } /* check start timestamp and adjust if needed */ mod_ensure_start_timestamp(cookie->jobj, request->packet->vps); break; case FR_STATUS_ALIVE: /* check start timestamp and adjust if needed */ mod_ensure_start_timestamp(cookie->jobj, request->packet->vps); break; default: /* don't doing anything */ rcode = RLM_MODULE_NOOP; /* return */ goto finish; } /* loop through pairs and add to json document */ for (vp = request->packet->vps; vp; vp = vp->next) { /* map attribute to element */ if (mod_attribute_to_element(vp->da->name, inst->map, &element) == 0) { /* debug */ RDEBUG3("mapped attribute %s => %s", vp->da->name, element); /* add to json object with mapped name */ json_object_object_add(cookie->jobj, element, mod_value_pair_to_json_object(request, vp)); } } /* copy json string to document and check size */ if (strlcpy(document, json_object_to_json_string(cookie->jobj), sizeof(document)) >= sizeof(document)) { /* this isn't good */ RERROR("could not write json document - insufficient buffer space"); /* set return */ rcode = RLM_MODULE_FAIL; /* return */ goto finish; } /* debugging */ RDEBUG3("setting '%s' => '%s'", dockey, document); /* store document/key in couchbase */ cb_error = couchbase_set_key(cb_inst, dockey, document, inst->expire); /* check return */ if (cb_error != LCB_SUCCESS) { RERROR("failed to store document (%s): %s (0x%x)", dockey, lcb_strerror(NULL, cb_error), cb_error); } finish: /* free and reset json object */ if (cookie->jobj) { json_object_put(cookie->jobj); cookie->jobj = NULL; } /* release our connection handle */ if (handle) { fr_pool_connection_release(inst->pool, request, handle); } /* return */ return rcode; }
/* maximum: max(x,y) */ static Term p_max(Term t1, Term t2) { switch (ETypeOfTerm(t1)) { case long_int_e: switch (ETypeOfTerm(t2)) { case long_int_e: { Int i1 = IntegerOfTerm(t1); Int i2 = IntegerOfTerm(t2); return((i1 > i2 ? t1 : t2)); } case double_e: { /* integer, double */ Int i = IntegerOfTerm(t1); Float fl = FloatOfTerm(t2); if (i >= fl) { return t1; } return t2; } case big_int_e: #ifdef USE_GMP if (Yap_gmp_cmp_int_big(IntegerOfTerm(t1), t2) > 0) { return t1; } return t2; #endif default: RERROR(); } break; case double_e: switch (ETypeOfTerm(t2)) { case long_int_e: /* float / integer */ { Int i = IntegerOfTerm(t2); Float fl = FloatOfTerm(t1); if (i >= fl) { return t2; } return t1; } case double_e: { Float fl1 = FloatOfTerm(t1); Float fl2 = FloatOfTerm(t2); if (fl1 >= fl2) { return t1; } return t2; } case big_int_e: #ifdef USE_GMP if (Yap_gmp_cmp_float_big(FloatOfTerm(t1), t2) > 0) { return t1; } return t2; #endif default: RERROR(); } break; case big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: if (Yap_gmp_cmp_big_int(t1, IntegerOfTerm(t2)) > 0) { return t1; } return t2; case big_int_e: if (Yap_gmp_cmp_big_big(t1, t2) > 0) { return t1; } return t2; case double_e: if (Yap_gmp_cmp_big_float(t1, FloatOfTerm(t2)) > 0) { return t1; } return t2; default: RERROR(); } #endif default: RERROR(); } RERROR(); }
/** Execute a program. * * @param[in,out] ctx to allocate new VALUE_PAIR (s) in. * @param[out] out buffer to append plaintext (non valuepair) output. * @param[in] outlen length of out buffer. * @param[out] output_pairs list of value pairs - Data on child's stdout will be parsed and * added into this list of value pairs. * @param[in] request Current request (may be NULL). * @param[in] cmd Command to execute. This is parsed into argv[] parts, then each individual argv * part is xlat'ed. * @param[in] input_pairs list of value pairs - these will be available in the environment of the * child. * @param[in] exec_wait set to 1 if you want to read from or write to child. * @param[in] shell_escape values before passing them as arguments. * @param[in] timeout amount of time to wait, in seconds. * @return * - 0 if exec_wait==0. * - exit code if exec_wait!=0. * - -1 on failure. */ int radius_exec_program(TALLOC_CTX *ctx, char *out, size_t outlen, VALUE_PAIR **output_pairs, REQUEST *request, char const *cmd, VALUE_PAIR *input_pairs, bool exec_wait, bool shell_escape, int timeout) { pid_t pid; int from_child; #ifndef __MINGW32__ char *p; pid_t child_pid; int comma = 0; int status, ret = 0; ssize_t len; char answer[4096]; #endif RDEBUG2("Executing: %s:", cmd); if (out) *out = '\0'; pid = radius_start_program(cmd, request, exec_wait, NULL, &from_child, input_pairs, shell_escape); if (pid < 0) { return -1; } if (!exec_wait) { return 0; } #ifndef __MINGW32__ len = radius_readfrom_program(from_child, pid, timeout, answer, sizeof(answer)); if (len < 0) { /* * Failure - radius_readfrom_program will * have called close(from_child) for us */ RERROR("Failed to read from child output"); return -1; } answer[len] = '\0'; /* * Make sure that the writer can't block while writing to * a pipe that no one is reading from anymore. */ close(from_child); if (len == 0) { goto wait; } /* * Parse the output, if any. */ if (output_pairs) { /* * HACK: Replace '\n' with ',' so that * fr_pair_list_afrom_str() can parse the buffer in * one go (the proper way would be to * fix fr_pair_list_afrom_str(), but oh well). */ for (p = answer; *p; p++) { if (*p == '\n') { *p = comma ? ' ' : ','; p++; comma = 0; } if (*p == ',') { comma++; } } /* * Replace any trailing comma by a NUL. */ if (answer[len - 1] == ',') { answer[--len] = '\0'; } if (fr_pair_list_afrom_str(ctx, answer, output_pairs) == T_INVALID) { RERROR("Failed parsing output from: %s: %s", cmd, fr_strerror()); strlcpy(out, answer, len); ret = -1; } /* * We've not been told to extract output pairs, * just copy the programs output to the out * buffer. */ } else if (out) { strlcpy(out, answer, outlen); } /* * Call rad_waitpid (should map to waitpid on non-threaded * or single-server systems). */ wait: child_pid = rad_waitpid(pid, &status); if (child_pid == 0) { RERROR("Timeout waiting for child"); return -2; } if (child_pid == pid) { if (WIFEXITED(status)) { status = WEXITSTATUS(status); if ((status != 0) || (ret < 0)) { RERROR("Program returned code (%d) and output '%s'", status, answer); } else { RDEBUG2("Program returned code (%d) and output '%s'", status, answer); } return ret < 0 ? ret : status; } } RERROR("Abnormal child exit: %s", fr_syserror(errno)); #endif /* __MINGW32__ */ return -1; }
static Term p_div2(Term t1, Term t2 USES_REGS) { switch (ETypeOfTerm(t1)) { case (CELL)long_int_e: switch (ETypeOfTerm(t2)) { case (CELL)long_int_e: /* two integers */ { Int i1 = IntegerOfTerm(t1); Int i2 = IntegerOfTerm(t2); Int res, mod; if (i2 == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is " Int_FORMAT " div 0", i1); if (i1 == Int_MIN && i2 == -1) { #ifdef USE_GMP return Yap_gmp_add_ints(Int_MAX, 1); #else return Yap_ArithError(EVALUATION_ERROR_INT_OVERFLOW, t1, "// /2 with %d and %d", i1, i2); #endif } mod = i1%i2; if (mod && (mod ^ i2) < 0) mod += i2; res = (i1 - mod) / i2; RINT(res); } case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "div/2"); case (CELL)big_int_e: #ifdef USE_GMP return Yap_gmp_div_int_big(IntegerOfTerm(t1), t2); #endif default: RERROR(); break; } case (CELL)double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "div/2"); case (CELL)big_int_e: #ifdef USE_GMP switch (ETypeOfTerm(t2)) { case long_int_e: /* modulo between bignum and integer */ { Int i2 = IntegerOfTerm(t2); if (i2 == 0) return Yap_ArithError(EVALUATION_ERROR_ZERO_DIVISOR, t2, "X is ... div 0"); return Yap_gmp_div2_big_int(t1, i2); } case (CELL)big_int_e: /* two bignums */ return Yap_gmp_div2_big_big(t1, t2); case double_e: return Yap_ArithError(TYPE_ERROR_INTEGER, t2, "mod/2"); default: RERROR(); } #endif default: RERROR(); } }
/** Insert a new entry into the data store * * @copydetails cache_entry_insert_t */ static cache_status_t cache_entry_insert(UNUSED rlm_cache_config_t const *config, void *driver_inst, REQUEST *request, UNUSED void *handle, const rlm_cache_entry_t *c) { rlm_cache_redis_t *driver = driver_inst; TALLOC_CTX *pool; vp_map_t *map; fr_redis_conn_t *conn; fr_redis_cluster_state_t state; fr_redis_rcode_t status; redisReply *reply = NULL; int s_ret; static char const command[] = "RPUSH"; char const **argv; size_t *argv_len; char const **argv_p; size_t *argv_len_p; int pipelined = 0; /* How many commands pending in the pipeline */ redisReply *replies[5]; /* Should have the same number of elements as pipelined commands */ size_t reply_num = 0, i; char *p; int cnt; vp_tmpl_t expires_value; vp_map_t expires = { .op = T_OP_SET, .lhs = &driver->expires_attr, .rhs = &expires_value, }; vp_tmpl_t created_value; vp_map_t created = { .op = T_OP_SET, .lhs = &driver->created_attr, .rhs = &created_value, .next = &expires }; /* * Encode the entry created date */ tmpl_init(&created_value, TMPL_TYPE_DATA, "<TEMP>", 6, T_BARE_WORD); created_value.tmpl_data_type = PW_TYPE_DATE; created_value.tmpl_data_length = sizeof(created_value.tmpl_data_value.date); created_value.tmpl_data_value.date = c->created; /* * Encode the entry expiry time * * Although Redis objects expire on their own, we still need this * to ignore entries that were created before the last epoch. */ tmpl_init(&expires_value, TMPL_TYPE_DATA, "<TEMP>", 6, T_BARE_WORD); expires_value.tmpl_data_type = PW_TYPE_DATE; expires_value.tmpl_data_length = sizeof(expires_value.tmpl_data_value.date); expires_value.tmpl_data_value.date = c->expires; expires.next = c->maps; /* Head of the list */ for (cnt = 0, map = &created; map; cnt++, map = map->next); /* * The majority of serialized entries should be under 1k. * * @todo We should really calculate this using some sort of moving average. */ pool = talloc_pool(request, 1024); if (!pool) return CACHE_ERROR; argv_p = argv = talloc_array(pool, char const *, (cnt * 3) + 2); /* pair = 3 + cmd + key */ argv_len_p = argv_len = talloc_array(pool, size_t, (cnt * 3) + 2); /* pair = 3 + cmd + key */ *argv_p++ = command; *argv_len_p++ = sizeof(command) - 1; *argv_p++ = (char const *)c->key; *argv_len_p++ = c->key_len; /* * Add the maps to the command string in reverse order */ for (map = &created; map; map = map->next) { if (fr_redis_tuple_from_map(pool, argv_p, argv_len_p, map) < 0) { REDEBUG("Failed encoding map as Redis K/V pair"); talloc_free(pool); return CACHE_ERROR; } argv_p += 3; argv_len_p += 3; } RDEBUG3("Pipelining commands"); RINDENT(); for (s_ret = fr_redis_cluster_state_init(&state, &conn, driver->cluster, request, c->key, c->key_len, false); s_ret == REDIS_RCODE_TRY_AGAIN; /* Continue */ s_ret = fr_redis_cluster_state_next(&state, &conn, driver->cluster, request, status, &reply)) { /* * Start the transaction, as we need to set an expiry time too. */ if (c->expires > 0) { RDEBUG3("MULTI"); if (redisAppendCommand(conn->handle, "MULTI") != REDIS_OK) { append_error: REXDENT(); RERROR("Failed appending Redis command to output buffer: %s", conn->handle->errstr); talloc_free(pool); return CACHE_ERROR; } pipelined++; } if (RDEBUG_ENABLED3) { p = fr_asprint(request, (char const *)c->key, c->key_len, '\0'); RDEBUG3("DEL \"%s\"", p); talloc_free(p); } if (redisAppendCommand(conn->handle, "DEL %b", c->key, c->key_len) != REDIS_OK) goto append_error; pipelined++; if (RDEBUG_ENABLED3) { RDEBUG3("argv command"); RINDENT(); for (i = 0; i < talloc_array_length(argv); i++) { p = fr_asprint(request, argv[i], argv_len[i], '\0'); RDEBUG3("%s", p); talloc_free(p); } REXDENT(); } redisAppendCommandArgv(conn->handle, talloc_array_length(argv), argv, argv_len); pipelined++; /* * Set the expiry time and close out the transaction. */ if (c->expires > 0) { if (RDEBUG_ENABLED3) { p = fr_asprint(request, (char const *)c->key, c->key_len, '\"'); RDEBUG3("EXPIREAT \"%s\" %li", p, (long)c->expires); talloc_free(p); } if (redisAppendCommand(conn->handle, "EXPIREAT %b %i", c->key, c->key_len, c->expires) != REDIS_OK) goto append_error; pipelined++; RDEBUG3("EXEC"); if (redisAppendCommand(conn->handle, "EXEC") != REDIS_OK) goto append_error; pipelined++; } REXDENT(); reply_num = fr_redis_pipeline_result(&status, replies, sizeof(replies) / sizeof(*replies), conn, pipelined); reply = replies[0]; } talloc_free(pool); if (s_ret != REDIS_RCODE_SUCCESS) { RERROR("Failed inserting entry"); return CACHE_ERROR; } RDEBUG3("Command results"); RINDENT(); for (i = 0; i < reply_num; i++) { fr_redis_reply_print(L_DBG_LVL_3, replies[i], request, i); fr_redis_reply_free(replies[i]); } REXDENT(); return CACHE_OK; } /** Call delete the cache entry from redis * * @copydetails cache_entry_expire_t */ static cache_status_t cache_entry_expire(UNUSED rlm_cache_config_t const *config, void *driver_inst, REQUEST *request, UNUSED void *handle, uint8_t const *key, size_t key_len) { rlm_cache_redis_t *driver = driver_inst; fr_redis_cluster_state_t state; fr_redis_conn_t *conn; fr_redis_rcode_t status; redisReply *reply = NULL; int s_ret; for (s_ret = fr_redis_cluster_state_init(&state, &conn, driver->cluster, request, key, key_len, false); s_ret == REDIS_RCODE_TRY_AGAIN; /* Continue */ s_ret = fr_redis_cluster_state_next(&state, &conn, driver->cluster, request, status, &reply)) { reply = redisCommand(conn->handle, "DEL %b", key, key_len); status = fr_redis_command_status(conn, reply); } if (s_ret != REDIS_RCODE_SUCCESS) { RERROR("Failed expiring entry"); fr_redis_reply_free(reply); return CACHE_ERROR; } rad_assert(reply); /* clang scan */ if (reply->type == REDIS_REPLY_INTEGER) { fr_redis_reply_free(reply); if (reply->integer) return CACHE_OK; /* Affected */ return CACHE_MISS; } REDEBUG("Bad result type, expected integer, got %s", fr_int2str(redis_reply_types, reply->type, "<UNKNOWN>")); fr_redis_reply_free(reply); return CACHE_ERROR; } extern cache_driver_t rlm_cache_redis; cache_driver_t rlm_cache_redis = { .name = "rlm_cache_redis", .instantiate = mod_instantiate, .inst_size = sizeof(rlm_cache_redis_t), .free = cache_entry_free, .find = cache_entry_find, .insert = cache_entry_insert, .expire = cache_entry_expire, };