/* executes query and fetches first row
* -1 on no results
* 0 on db error
* 1 on success */
static int nvp_select(unsigned int line, rlm_sqlhpwippool_t *data,
rlm_sql_handle_t *sqlsock, char const *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
if (!nvp_vquery(line, data, sqlsock, fmt, ap)) {
va_end(ap);
return 0;
}
va_end(ap);
if ((data->db->sql_store_result)(sqlsock, data->sqlinst->config)) {
nvp_log(__LINE__, data, L_ERR,
"nvp_select(): error while saving results of query from line %u",
line);
return 0;
}
if ((data->db->sql_num_rows)(sqlsock, data->sqlinst->config) < 1) {
nvp_log(__LINE__, data, L_DBG,
"nvp_select(): no results in query from line %u", line);
return -1;
}
if ((data->db->sql_fetch_row)(sqlsock, data->sqlinst->config)) {
nvp_log(__LINE__, data, L_ERR, "nvp_select(): couldn't fetch row "
"from results of query from line %u",
line);
return 0;
}
return 1;
}
/* standard foobar code */
static int sqlhpwippool_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_sqlhpwippool_t *data;
module_instance_t *modinst;
/* set up a storage area for instance data */
data = rad_malloc(sizeof(*data));
if (!data) return -1;
memset(data, 0, sizeof(*data)); /* so _detach will know what to free */
/* fail if the configuration parameters can't be parsed */
if (cf_section_parse(conf, data, module_config) < 0) {
sqlhpwippool_detach(*instance);
return -1;
}
/* save my name */
data->myname = cf_section_name2(conf);
if (!data->myname) {
data->myname = "(no name)";
}
data->sincesync = 0;
modinst = find_module_instance(cf_section_find("modules"), (data->sqlinst_name), 1 );
if (!modinst) {
nvp_log(__LINE__, data, L_ERR,
"sqlhpwippool_instantiate(): cannot find module instance "
"named \"%s\"",
data->sqlinst_name);
return -1;
}
/* check if the given instance is really a rlm_sql instance */
if (strcmp(modinst->entry->name, "rlm_sql") != 0) {
nvp_log(__LINE__, data, L_ERR,
"sqlhpwippool_instantiate(): given instance (%s) is not "
"an instance of the rlm_sql module",
data->sqlinst_name);
return -1;
}
/* save pointers to useful "objects" */
data->sqlinst = (SQL_INST *) modinst->insthandle;
data->db = (rlm_sql_module_t *) data->sqlinst->module;
/* everything went ok, cleanup pool */
*instance = data;
return ((nvp_cleanup(data)) ? 0 : -1);
}
static int nvp_vquery(unsigned int line, rlm_sqlhpwippool_t *data,
rlm_sql_handle_t *sqlsock, char const *fmt, va_list ap)
{
char query[MAX_QUERY_LEN];
vsnprintf(query, MAX_QUERY_LEN, fmt, ap);
if (rlm_sql_query(&sqlsock, data->sqlinst, query)) {
nvp_log(__LINE__, data, L_ERR, "nvp_vquery(): query from line %u: %s",
line, (char const *)(data->db->sql_error)(sqlsock, data->sqlinst->config));
return 0;
}
return 1;
}
/* cleanup IP pools and sync them with radacct */
static int nvp_cleanup(rlm_sqlhpwippool_t *data)
{
rlm_sql_handle_t *sqlsock;
/* initialize the SQL socket */
sqlsock = sql_get_socket(data->sqlinst);
if (!sqlsock) {
nvp_log(__LINE__, data, L_ERR, "nvp_cleanup(): error while "
"requesting new SQL connection");
return 0;
}
/* free IPs of closed sessions */
if (!nvp_freeclosed(data, sqlsock)) {
sql_release_socket(data->sqlinst, sqlsock);
return 0;
}
/* add sessions opened in the meantime */
if (!nvp_query(__LINE__, data, sqlsock,
"UPDATE `%s`.`ips`, `radacct` "
"SET "
"`ips`.`pid` = 0, "
"`ips`.`rsv_by` = `radacct`.`acctuniqueid`, "
"`ips`.`rsv_since` = `radacct`.`acctstarttime`, "
"`ips`.`rsv_until` = 0 "
"WHERE "
"`radacct`.`acctstoptime` IS NULL AND " /* session is opened */
"`ips`.`ip` = INET_ATON(`radacct`.`framedipaddress`) AND "
"("
"`ips`.`pid` IS NULL OR "
/* "(`ips`.`rsv_until` > 0 AND `ips.`rsv_until` < NOW()) " */
"`ips`.`rsv_until` != 0" /* no acct pkt received yet */
")",
data->db_name)) {
sql_release_socket(data->sqlinst, sqlsock);
return 0;
}
else {
nvp_finish(data, sqlsock);
}
/* count number of free IP addresses in IP pools */
if (!nvp_syncfree(data, sqlsock)) {
sql_release_socket(data->sqlinst, sqlsock);
return 0;
}
sql_release_socket(data->sqlinst, sqlsock);
return 1;
}
/* standard foobar code */
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_sqlhpwippool_t *inst = instance;
module_instance_t *sqlinst;
/* save my name */
inst->myname = cf_section_name2(conf);
if (!inst->myname) {
inst->myname = "(no name)";
}
inst->sincesync = 0;
sqlinst = find_module_instance(cf_section_find("modules"), (inst->sql_module_instance), 1 );
if (!sqlinst) {
nvp_log(__LINE__, inst, L_ERR,
"mod_instantiate(): cannot find module instance "
"named \"%s\"",
inst->sql_module_instance);
return -1;
}
/* check if the given instance is really a rlm_sql instance */
if (strcmp(sqlinst->entry->name, "rlm_sql") != 0) {
nvp_log(__LINE__, inst, L_ERR,
"mod_instantiate(): given instance (%s) is not "
"an instance of the rlm_sql module",
inst->sql_module_instance);
return -1;
}
/* save pointers to useful "objects" */
inst->sqlinst = (rlm_sql_t *) sqlinst->insthandle;
inst->db = (rlm_sql_module_t *) inst->sqlinst->module;
return ((nvp_cleanup(inst)) ? 0 : -1);
}
static rlm_rcode_t mod_accounting(void *instance, REQUEST *request)
{
VALUE_PAIR *vp;
rlm_sql_handle_t *sqlsock;
struct in_addr nasip; /* NAS IP */
char const *sessid; /* unique session id */
char nasipstr[16]; /* NAS IP in string format */
uint32_t framedip = 0; /* client's IP, host byte order */
uint32_t acct_type;
rlm_sqlhpwippool_t *inst = (rlm_sqlhpwippool_t *) instance;
/* if no unique session ID, don't even try */
vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
if (vp) {
sessid = vp->vp_strvalue;
}
else {
nvp_log(__LINE__, inst, L_ERR,
"mod_accounting(): unique session ID not found");
return RLM_MODULE_FAIL;
}
vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY);
if (vp) {
acct_type = vp->vp_integer;
}
else {
nvp_log(__LINE__, inst, L_ERR, "mod_accounting(): "
"couldn't find type of accounting packet");
return RLM_MODULE_FAIL;
}
if (!(acct_type == PW_STATUS_START ||
acct_type == PW_STATUS_ALIVE ||
acct_type == PW_STATUS_STOP ||
acct_type == PW_STATUS_ACCOUNTING_OFF ||
acct_type == PW_STATUS_ACCOUNTING_ON)) {
return RLM_MODULE_NOOP;
}
/* connect to database */
sqlsock = sql_get_socket(inst->sqlinst);
if (!sqlsock) {
nvp_log(__LINE__, inst, L_ERR,
"mod_accounting(): couldn't connect to database");
return RLM_MODULE_FAIL;
}
switch (acct_type) {
case PW_STATUS_START:
case PW_STATUS_ALIVE:
vp = pairfind(request->packet->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
if (!vp) {
nvp_log(__LINE__, inst, L_ERR, "mod_accounting(): no framed IP");
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
framedip = ntohl(vp->vp_ipaddr);
if (!nvp_query(__LINE__, inst, sqlsock,
"UPDATE `%s`.`ips` "
"SET "
"`rsv_until` = 0, "
"`rsv_by` = '%s' "
"WHERE `ip` = %lu",
inst->db_name, sessid, framedip)) {
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
nvp_finish(inst, sqlsock);
break;
case PW_STATUS_STOP:
if (!nvp_query(__LINE__, inst, sqlsock,
"UPDATE `%s`.`ips`, `%1$s`.`ip_pools` "
"SET "
"`ips`.`rsv_until` = NOW() + INTERVAL %u SECOND, "
"`ip_pools`.`free` = `ip_pools`.`free` + 1 "
"WHERE "
"`ips`.`rsv_by` = '%s' AND "
"`ips`.`ip` BETWEEN `ip_pools`.`ip_start` AND `ip_pools`.`ip_stop`",
inst->db_name, inst->free_after, sessid)) {
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
nvp_finish(inst, sqlsock);
break;
case PW_STATUS_ACCOUNTING_OFF:
case PW_STATUS_ACCOUNTING_ON:
vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (!vp) {
nvp_log(__LINE__, inst, L_ERR, "mod_accounting(): no NAS IP");
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
nasip.s_addr = vp->vp_ipaddr;
strlcpy(nasipstr, inet_ntoa(nasip), sizeof(nasipstr));
if (!nvp_query(__LINE__, inst, sqlsock,
"UPDATE `%s`.`ips`, `radacct` "
"SET `ips`.`rsv_until` = NOW() + INTERVAL %u SECOND "
"WHERE "
"`radacct`.`nasipaddress` = '%s' AND "
"`ips`.`rsv_by` = `radacct`.`acctuniqueid`",
inst->db_name, inst->free_after, nasipstr)) {
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
nvp_finish(inst, sqlsock);
break;
}
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_OK;
}
/* assign new IP address, if required */
static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request)
{
VALUE_PAIR *vp;
char const *pname; /* name of requested IP pool */
uint32_t nasip; /* NAS IP in host byte order */
struct in_addr ip = {0}; /* reserved IP for client (net. byte order) */
rlm_sql_handle_t *sqlsock;
unsigned long s_gid, /* _s_elected in sql result set */
s_prio, /* as above */
s_pid, /* as above */
gid, /* real integer value */
pid, /* as above */
weights_sum, used_sum, ip_start, ip_stop, connid;
long prio;
rlm_sqlhpwippool_t *inst = (rlm_sqlhpwippool_t *) instance;
/* if IP is already there, then nothing to do */
vp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): IP address "
"already in the reply packet - exiting");
return RLM_MODULE_NOOP;
}
/* if no pool name, we don't need to do anything */
vp = pairfind(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN, TAG_ANY);
if (vp) {
pname = vp->vp_strvalue;
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): pool name = '%s'",
pname);
}
else {
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): no IP pool name - exiting");
return RLM_MODULE_NOOP;
}
/* if no NAS IP address, assign 0 */
vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (vp) {
nasip = ntohl(vp->vp_ipaddr);
}
else {
nasip = 0;
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): no NAS IP address in "
"the request packet - using \"0.0.0.0/0\" (any)");
}
/* get our database connection */
sqlsock = sql_get_socket(inst->sqlinst);
if (!sqlsock) {
nvp_log(__LINE__, inst, L_ERR,
"mod_post_auth(): error while requesting an SQL socket");
return RLM_MODULE_FAIL;
}
/* get connection id as temporary unique integer */
if (nvp_select(__LINE__, inst, sqlsock, "SELECT CONNECTION_ID()") < 1) {
nvp_log(__LINE__, inst, L_ERR, "mod_post_auth(): WTF ;-)!");
nvp_select_finish(inst, sqlsock);
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
connid = strtoul(sqlsock->row[0], (char **) NULL, 10);
nvp_select_finish(inst, sqlsock);
/* synchronize with radacct db, if needed */
if (++inst->sincesync >= inst->sync_after
#ifdef HAVE_PTHREAD_D
&& (pthread_mutex_trylock(&inst->mutex)) == 0
#endif
) {
int r;
inst->sincesync = 0;
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): syncing with radacct table");
r = (nvp_freeclosed(inst, sqlsock) && nvp_syncfree(inst, sqlsock));
#ifdef HAVE_PTHREAD_D
pthread_mutex_unlock(&inst->mutex);
#endif
if (!r) {
nvp_log(__LINE__, inst, L_ERR,
"mod_post_auth(): synchronization failed");
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
}
for (s_gid = 0; s_gid < RLM_NETVIM_MAX_ROWS && !(ip.s_addr); s_gid++) {
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): selecting gid on position %lu",
s_gid);
/* find the most specific group which NAS belongs to */
switch (nvp_select(__LINE__, inst, sqlsock,
"SELECT `host_groups`.`gid` "
"FROM "
"`%s`.`host_groups`, "
"`%1$s`.`gid_ip`, "
"`%1$s`.`ids` "
"WHERE "
"`host_groups`.`gid` = `ids`.`id` AND "
"`ids`.`enabled` = 1 AND "
"`host_groups`.`gid` = `gid_ip`.`gid` AND "
"%lu BETWEEN `gid_ip`.`ip_start` AND `gid_ip`.`ip_stop` "
"ORDER BY (`gid_ip`.`ip_stop` - `gid_ip`.`ip_start`) ASC "
"LIMIT %lu, 1",
inst->db_name, nasip, s_gid)) {
case -1:
nvp_log(__LINE__, inst, L_ERR,
"mod_post_auth(): couldn't find "
"any more matching host groups");
goto end_gid; /* exit the main loop */
case 0:
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
/* store the group ID and free memory occupied by results */
gid = strtoul(sqlsock->row[0], (char **) NULL, 10);
nvp_select_finish(inst, sqlsock);
for (s_prio = 0; s_prio < RLM_NETVIM_MAX_ROWS && !(ip.s_addr); s_prio++) {
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): selecting prio on position %lu",
s_prio);
/* prepare to search for best fit pool */
switch (nvp_select(__LINE__, inst, sqlsock,
"SELECT "
"`ip_pools`.`prio`, "
"SUM(`ip_pools`.`weight`) AS `weights_sum`, "
"(SUM(`ip_pools`.`total`) - "
"SUM(`ip_pools`.`free`)) AS `used_sum` "
"FROM "
"`%s`.`ip_pools`, "
"`%1$s`.`ids`, "
"`%1$s`.`pool_names` "
"WHERE "
"`ip_pools`.`gid` = %lu AND "
"`ids`.`id` = `ip_pools`.`pid` AND "
"`ids`.`enabled` = 1 AND "
"`pool_names`.`pnid` = `ip_pools`.`pnid` AND "
"`pool_names`.`name` = '%s' AND "
"`ip_pools`.`free` > 0 "
"GROUP BY `prio` "
"ORDER BY `prio` ASC "
"LIMIT %lu, 1",
inst->db_name, gid, pname, s_prio)) {
case -1:
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): couldn't find "
"any more matching pools for gid = %u",
gid);
goto end_prio; /* select next gid */
case 0:
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
/* store the prio and weights sum */
prio = strtol(sqlsock->row[0], (char **) NULL, 10);
weights_sum = strtoul(sqlsock->row[1], (char **) NULL, 10);
used_sum = strtoul(sqlsock->row[2], (char **) NULL, 10);
/* free memory */
nvp_select_finish(inst, sqlsock);
for (s_pid = 0; s_pid < RLM_NETVIM_MAX_ROWS && !(ip.s_addr); s_pid++) {
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): selecting PID on position %lu",
s_pid);
/* search for best fit pool */
switch (nvp_select(__LINE__, inst, sqlsock,
"SELECT "
"`ip_pools`.`pid`, "
"`ip_pools`.`ip_start`, "
"`ip_pools`.`ip_stop` "
"FROM "
"`%s`.`ip_pools`, "
"`%1$s`.`ids`, "
"`%1$s`.`pool_names` "
"WHERE "
"`ip_pools`.`gid` = %lu AND "
"`ids`.`id` = `ip_pools`.`pid` AND "
"`ids`.`enabled` = 1 AND "
"`pool_names`.`pnid` = `ip_pools`.`pnid` AND "
"`pool_names`.`name` = '%s' AND "
"`ip_pools`.`free` > 0 AND "
"`prio` = %ld "
"ORDER BY (`weight`/%lu.0000 - (`total` - `free`)/%lu) DESC "
"LIMIT %lu, 1",
inst->db_name, gid, pname, prio,
weights_sum, used_sum, s_pid)) {
case -1:
nvp_log(__LINE__, inst, L_DBG,
"mod_post_auth(): couldn't find any more "
"matching pools of prio = %ld for gid = %lu",
prio, gid);
goto end_pid; /* select next prio */
case 0:
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
/* store the inst and free memory occupied by results */
pid = strtoul(sqlsock->row[0], (char **) NULL, 10);
ip_start = strtoul(sqlsock->row[1], (char **) NULL, 10);
ip_stop = strtoul(sqlsock->row[2], (char **) NULL, 10);
nvp_select_finish(inst, sqlsock);
/* reserve an IP address */
if (!nvp_query(__LINE__, inst, sqlsock,
"UPDATE `%s`.`ips` "
"SET "
"`pid` = %lu, "
"`rsv_since` = NOW(), "
"`rsv_by` = '" RLM_NETVIM_TMP_PREFIX "%lu', "
"`rsv_until` = NOW() + INTERVAL %d SECOND "
"WHERE "
"`ip` BETWEEN %lu AND %lu AND "
"("
"`pid` IS NULL OR "
"(`rsv_until` > 0 AND `rsv_until` < NOW())"
") "
"ORDER BY RAND() "
"LIMIT 1",
inst->db_name, pid, connid, inst->free_after, ip_start, ip_stop)) {
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
else {
nvp_finish(inst, sqlsock);
}
/* select assigned IP address */
switch (nvp_select(__LINE__, inst, sqlsock,
"SELECT `ip` "
"FROM `%s`.`ips` "
"WHERE `rsv_by` = '" RLM_NETVIM_TMP_PREFIX "%lu' "
"ORDER BY `rsv_since` DESC "
"LIMIT 1",
inst->db_name, connid)) {
case -1:
nvp_log(__LINE__, inst, L_ERR,
"mod_post_auth(): couldn't reserve an IP address "
"from pool of pid = %lu (prio = %ld, gid = %lu)",
pid, prio, gid);
continue; /* select next pid */
case 0:
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
/* update free IPs count */
if (!nvp_query(__LINE__, inst, sqlsock,
"UPDATE `%s`.`ip_pools` "
"SET "
"`free` = `free` - 1 "
"WHERE "
"`pid` = %lu "
"LIMIT 1",
inst->db_name, pid)) {
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
else {
nvp_finish(inst, sqlsock);
}
/* get assigned IP and free memory */
ip.s_addr = htonl(strtoul(sqlsock->row[0], (char **) NULL, 10));
nvp_select_finish(inst, sqlsock);
} /* pid */
end_pid: continue; /* stupid */
} /* prio */
end_prio: continue; /* stupid */
} /* gid */
end_gid:
/* release SQL socket */
sql_release_socket(inst->sqlinst, sqlsock);
/* no free IP address found */
if (!ip.s_addr) {
nvp_log(__LINE__, inst, L_INFO,
"mod_post_auth(): no free IP address found!");
if (inst->no_free_fail) {
nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): rejecting user");
return RLM_MODULE_REJECT;
}
else {
nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): exiting");
return RLM_MODULE_NOOP;
}
}
/* add IP address to reply packet */
vp = radius_paircreate(request, &request->reply->vps,
PW_FRAMED_IP_ADDRESS, 0);
vp->vp_ipaddr = ip.s_addr;
nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): returning %s",
inet_ntoa(ip));
return RLM_MODULE_OK;
}
