/* cleanup IP pools and sync them with radacct */ static int nvp_cleanup(rlm_sqlhpwippool_t *data) { rlm_sql_handle_t *sqlsock; /* initialize the SQL socket */ sqlsock = sql_get_socket(data->sqlinst); if (!sqlsock) { nvp_log(__LINE__, data, L_ERR, "nvp_cleanup(): error while " "requesting new SQL connection"); return 0; } /* free IPs of closed sessions */ if (!nvp_freeclosed(data, sqlsock)) { sql_release_socket(data->sqlinst, sqlsock); return 0; } /* add sessions opened in the meantime */ if (!nvp_query(__LINE__, data, sqlsock, "UPDATE `%s`.`ips`, `radacct` " "SET " "`ips`.`pid` = 0, " "`ips`.`rsv_by` = `radacct`.`acctuniqueid`, " "`ips`.`rsv_since` = `radacct`.`acctstarttime`, " "`ips`.`rsv_until` = 0 " "WHERE " "`radacct`.`acctstoptime` IS NULL AND " /* session is opened */ "`ips`.`ip` = INET_ATON(`radacct`.`framedipaddress`) AND " "(" "`ips`.`pid` IS NULL OR " /* "(`ips`.`rsv_until` > 0 AND `ips.`rsv_until` < NOW()) " */ "`ips`.`rsv_until` != 0" /* no acct pkt received yet */ ")", data->db_name)) { sql_release_socket(data->sqlinst, sqlsock); return 0; } else { nvp_finish(data, sqlsock); } /* count number of free IP addresses in IP pools */ if (!nvp_syncfree(data, sqlsock)) { sql_release_socket(data->sqlinst, sqlsock); return 0; } sql_release_socket(data->sqlinst, sqlsock); return 1; }
/* assign new IP address, if required */ static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request) { VALUE_PAIR *vp; char const *pname; /* name of requested IP pool */ uint32_t nasip; /* NAS IP in host byte order */ struct in_addr ip = {0}; /* reserved IP for client (net. byte order) */ rlm_sql_handle_t *sqlsock; unsigned long s_gid, /* _s_elected in sql result set */ s_prio, /* as above */ s_pid, /* as above */ gid, /* real integer value */ pid, /* as above */ weights_sum, used_sum, ip_start, ip_stop, connid; long prio; rlm_sqlhpwippool_t *inst = (rlm_sqlhpwippool_t *) instance; /* if IP is already there, then nothing to do */ vp = pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0, TAG_ANY); if (vp) { nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): IP address " "already in the reply packet - exiting"); return RLM_MODULE_NOOP; } /* if no pool name, we don't need to do anything */ vp = pairfind(request->reply->vps, ASN_IP_POOL_NAME, VENDORPEC_ASN, TAG_ANY); if (vp) { pname = vp->vp_strvalue; nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): pool name = '%s'", pname); } else { nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): no IP pool name - exiting"); return RLM_MODULE_NOOP; } /* if no NAS IP address, assign 0 */ vp = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY); if (vp) { nasip = ntohl(vp->vp_ipaddr); } else { nasip = 0; nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): no NAS IP address in " "the request packet - using \"0.0.0.0/0\" (any)"); } /* get our database connection */ sqlsock = sql_get_socket(inst->sqlinst); if (!sqlsock) { nvp_log(__LINE__, inst, L_ERR, "mod_post_auth(): error while requesting an SQL socket"); return RLM_MODULE_FAIL; } /* get connection id as temporary unique integer */ if (nvp_select(__LINE__, inst, sqlsock, "SELECT CONNECTION_ID()") < 1) { nvp_log(__LINE__, inst, L_ERR, "mod_post_auth(): WTF ;-)!"); nvp_select_finish(inst, sqlsock); sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } connid = strtoul(sqlsock->row[0], (char **) NULL, 10); nvp_select_finish(inst, sqlsock); /* synchronize with radacct db, if needed */ if (++inst->sincesync >= inst->sync_after #ifdef HAVE_PTHREAD_D && (pthread_mutex_trylock(&inst->mutex)) == 0 #endif ) { int r; inst->sincesync = 0; nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): syncing with radacct table"); r = (nvp_freeclosed(inst, sqlsock) && nvp_syncfree(inst, sqlsock)); #ifdef HAVE_PTHREAD_D pthread_mutex_unlock(&inst->mutex); #endif if (!r) { nvp_log(__LINE__, inst, L_ERR, "mod_post_auth(): synchronization failed"); sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } } for (s_gid = 0; s_gid < RLM_NETVIM_MAX_ROWS && !(ip.s_addr); s_gid++) { nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): selecting gid on position %lu", s_gid); /* find the most specific group which NAS belongs to */ switch (nvp_select(__LINE__, inst, sqlsock, "SELECT `host_groups`.`gid` " "FROM " "`%s`.`host_groups`, " "`%1$s`.`gid_ip`, " "`%1$s`.`ids` " "WHERE " "`host_groups`.`gid` = `ids`.`id` AND " "`ids`.`enabled` = 1 AND " "`host_groups`.`gid` = `gid_ip`.`gid` AND " "%lu BETWEEN `gid_ip`.`ip_start` AND `gid_ip`.`ip_stop` " "ORDER BY (`gid_ip`.`ip_stop` - `gid_ip`.`ip_start`) ASC " "LIMIT %lu, 1", inst->db_name, nasip, s_gid)) { case -1: nvp_log(__LINE__, inst, L_ERR, "mod_post_auth(): couldn't find " "any more matching host groups"); goto end_gid; /* exit the main loop */ case 0: sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } /* store the group ID and free memory occupied by results */ gid = strtoul(sqlsock->row[0], (char **) NULL, 10); nvp_select_finish(inst, sqlsock); for (s_prio = 0; s_prio < RLM_NETVIM_MAX_ROWS && !(ip.s_addr); s_prio++) { nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): selecting prio on position %lu", s_prio); /* prepare to search for best fit pool */ switch (nvp_select(__LINE__, inst, sqlsock, "SELECT " "`ip_pools`.`prio`, " "SUM(`ip_pools`.`weight`) AS `weights_sum`, " "(SUM(`ip_pools`.`total`) - " "SUM(`ip_pools`.`free`)) AS `used_sum` " "FROM " "`%s`.`ip_pools`, " "`%1$s`.`ids`, " "`%1$s`.`pool_names` " "WHERE " "`ip_pools`.`gid` = %lu AND " "`ids`.`id` = `ip_pools`.`pid` AND " "`ids`.`enabled` = 1 AND " "`pool_names`.`pnid` = `ip_pools`.`pnid` AND " "`pool_names`.`name` = '%s' AND " "`ip_pools`.`free` > 0 " "GROUP BY `prio` " "ORDER BY `prio` ASC " "LIMIT %lu, 1", inst->db_name, gid, pname, s_prio)) { case -1: nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): couldn't find " "any more matching pools for gid = %u", gid); goto end_prio; /* select next gid */ case 0: sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } /* store the prio and weights sum */ prio = strtol(sqlsock->row[0], (char **) NULL, 10); weights_sum = strtoul(sqlsock->row[1], (char **) NULL, 10); used_sum = strtoul(sqlsock->row[2], (char **) NULL, 10); /* free memory */ nvp_select_finish(inst, sqlsock); for (s_pid = 0; s_pid < RLM_NETVIM_MAX_ROWS && !(ip.s_addr); s_pid++) { nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): selecting PID on position %lu", s_pid); /* search for best fit pool */ switch (nvp_select(__LINE__, inst, sqlsock, "SELECT " "`ip_pools`.`pid`, " "`ip_pools`.`ip_start`, " "`ip_pools`.`ip_stop` " "FROM " "`%s`.`ip_pools`, " "`%1$s`.`ids`, " "`%1$s`.`pool_names` " "WHERE " "`ip_pools`.`gid` = %lu AND " "`ids`.`id` = `ip_pools`.`pid` AND " "`ids`.`enabled` = 1 AND " "`pool_names`.`pnid` = `ip_pools`.`pnid` AND " "`pool_names`.`name` = '%s' AND " "`ip_pools`.`free` > 0 AND " "`prio` = %ld " "ORDER BY (`weight`/%lu.0000 - (`total` - `free`)/%lu) DESC " "LIMIT %lu, 1", inst->db_name, gid, pname, prio, weights_sum, used_sum, s_pid)) { case -1: nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): couldn't find any more " "matching pools of prio = %ld for gid = %lu", prio, gid); goto end_pid; /* select next prio */ case 0: sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } /* store the inst and free memory occupied by results */ pid = strtoul(sqlsock->row[0], (char **) NULL, 10); ip_start = strtoul(sqlsock->row[1], (char **) NULL, 10); ip_stop = strtoul(sqlsock->row[2], (char **) NULL, 10); nvp_select_finish(inst, sqlsock); /* reserve an IP address */ if (!nvp_query(__LINE__, inst, sqlsock, "UPDATE `%s`.`ips` " "SET " "`pid` = %lu, " "`rsv_since` = NOW(), " "`rsv_by` = '" RLM_NETVIM_TMP_PREFIX "%lu', " "`rsv_until` = NOW() + INTERVAL %d SECOND " "WHERE " "`ip` BETWEEN %lu AND %lu AND " "(" "`pid` IS NULL OR " "(`rsv_until` > 0 AND `rsv_until` < NOW())" ") " "ORDER BY RAND() " "LIMIT 1", inst->db_name, pid, connid, inst->free_after, ip_start, ip_stop)) { sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } else { nvp_finish(inst, sqlsock); } /* select assigned IP address */ switch (nvp_select(__LINE__, inst, sqlsock, "SELECT `ip` " "FROM `%s`.`ips` " "WHERE `rsv_by` = '" RLM_NETVIM_TMP_PREFIX "%lu' " "ORDER BY `rsv_since` DESC " "LIMIT 1", inst->db_name, connid)) { case -1: nvp_log(__LINE__, inst, L_ERR, "mod_post_auth(): couldn't reserve an IP address " "from pool of pid = %lu (prio = %ld, gid = %lu)", pid, prio, gid); continue; /* select next pid */ case 0: sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } /* update free IPs count */ if (!nvp_query(__LINE__, inst, sqlsock, "UPDATE `%s`.`ip_pools` " "SET " "`free` = `free` - 1 " "WHERE " "`pid` = %lu " "LIMIT 1", inst->db_name, pid)) { sql_release_socket(inst->sqlinst, sqlsock); return RLM_MODULE_FAIL; } else { nvp_finish(inst, sqlsock); } /* get assigned IP and free memory */ ip.s_addr = htonl(strtoul(sqlsock->row[0], (char **) NULL, 10)); nvp_select_finish(inst, sqlsock); } /* pid */ end_pid: continue; /* stupid */ } /* prio */ end_prio: continue; /* stupid */ } /* gid */ end_gid: /* release SQL socket */ sql_release_socket(inst->sqlinst, sqlsock); /* no free IP address found */ if (!ip.s_addr) { nvp_log(__LINE__, inst, L_INFO, "mod_post_auth(): no free IP address found!"); if (inst->no_free_fail) { nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): rejecting user"); return RLM_MODULE_REJECT; } else { nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): exiting"); return RLM_MODULE_NOOP; } } /* add IP address to reply packet */ vp = radius_paircreate(request, &request->reply->vps, PW_FRAMED_IP_ADDRESS, 0); vp->vp_ipaddr = ip.s_addr; nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): returning %s", inet_ntoa(ip)); return RLM_MODULE_OK; }
if (++inst->sincesync >= inst->sync_after #ifdef HAVE_PTHREAD_D && (pthread_mutex_trylock(&inst->mutex)) == 0 #endif ) { int r; inst->sincesync = 0; radlog(L_DBG, "mod_post_auth(): syncing with radacct table"); r = (nvp_freeclosed(inst, sqlsock) && nvp_syncfree(inst, sqlsock)); #ifdef HAVE_PTHREAD_D pthread_mutex_unlock(&inst->mutex); #endif if (!r) { radlog(L_ERR, "mod_post_auth(): synchronization failed"); fr_connection_release(inst->sql_inst->pool, sqlsock); return RLM_MODULE_FAIL; } }