/* initialize couchbase connection */
static int mod_instantiate(CONF_SECTION *conf, void *instance) {
static bool version_done;
rlm_couchbase_t *inst = instance; /* our module instance */
if (!version_done) {
version_done = true;
INFO("rlm_couchbase: liblcouchbase version: %s", lcb_get_version(NULL));
}
{
char *server, *p;
size_t len, i;
bool sep = false;
len = talloc_array_length(inst->server_raw);
server = p = talloc_array(inst, char, len);
for (i = 0; i < len; i++) {
switch (inst->server_raw[i]) {
case '\t':
case ' ':
case ',':
/* Consume multiple separators occurring in sequence */
if (sep == true) continue;
sep = true;
*p++ = ';';
break;
default:
sep = false;
*p++ = inst->server_raw[i];
break;
}
}
*p = '\0';
inst->server = server;
}
/* setup item map */
if (mod_build_attribute_element_map(conf, inst) != 0) {
/* fail */
return -1;
}
/* initiate connection pool */
inst->pool = fr_connection_pool_init(conf, inst, mod_conn_create, mod_conn_alive, mod_conn_delete, NULL);
/* check connection pool */
if (!inst->pool) {
ERROR("rlm_couchbase: failed to initiate connection pool");
/* fail */
return -1;
}
/* return okay */
return 0;
}
/*************************************************************************
*
* Function: sql_socket_pool_init
*
* Purpose: Connect to the sql server, if possible
*
*************************************************************************/
int sql_socket_pool_init(rlm_sql_t * inst)
{
inst->pool = fr_connection_pool_init(inst->cs, inst,
mod_conn_create, NULL, mod_conn_delete,
NULL);
if (!inst->pool) return -1;
return 1;
}
/*************************************************************************
*
* Function: sql_init_socketpool
*
* Purpose: Connect to the sql server, if possible
*
*************************************************************************/
int sql_init_socketpool(SQL_INST * inst)
{
inst->pool = fr_connection_pool_init(inst->cs, inst,
sql_conn_create,
NULL,
sql_conn_delete);
if (!inst->pool) return -1;
return 1;
}
static int redis_instantiate(CONF_SECTION *conf, void **instance)
{
REDIS_INST *inst;
const char *xlat_name;
/*
* Set up a storage area for instance data
*/
inst = rad_malloc(sizeof (REDIS_INST));
if (!inst) {
return -1;
}
memset(inst, 0, sizeof (*inst));
/*
* If the configuration parameters can't be parsed, then
* fail.
*/
if (cf_section_parse(conf, inst, module_config) < 0) {
free(inst);
return -1;
}
xlat_name = cf_section_name2(conf);
if (!xlat_name)
xlat_name = cf_section_name1(conf);
inst->xlat_name = strdup(xlat_name);
xlat_register(inst->xlat_name, (RAD_XLAT_FUNC)redis_xlat, inst);
inst->pool = fr_connection_pool_init(conf, inst,
redis_create_conn, NULL,
redis_delete_conn);
if (!inst->pool) {
redis_detach(inst);
return -1;
}
inst->redis_query = rlm_redis_query;
inst->redis_finish_query = rlm_redis_finish_query;
inst->redis_escape_func = redis_escape_func;
*instance = inst;
return 0;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_rest_t *inst = instance;
char const *xlat_name;
xlat_name = cf_section_name2(conf);
if (!xlat_name) {
xlat_name = cf_section_name1(conf);
}
inst->xlat_name = xlat_name;
/*
* Parse sub-section configs.
*/
if (
(parse_sub_section(conf, &inst->authorize,
RLM_COMPONENT_AUTZ) < 0) ||
(parse_sub_section(conf, &inst->authenticate,
RLM_COMPONENT_AUTH) < 0) ||
(parse_sub_section(conf, &inst->accounting,
RLM_COMPONENT_ACCT) < 0) ||
(parse_sub_section(conf, &inst->checksimul,
RLM_COMPONENT_SESS) < 0) ||
(parse_sub_section(conf, &inst->postauth,
RLM_COMPONENT_POST_AUTH) < 0))
{
return -1;
}
/*
* Initialise REST libraries.
*/
if (rest_init(inst) < 0) {
return -1;
}
inst->conn_pool = fr_connection_pool_init(conf, inst, mod_conn_create, mod_conn_alive, mod_conn_delete, NULL);
if (!inst->conn_pool) {
return -1;
}
return 0;
}
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
REDIS_INST *inst = instance;
inst->xlat_name = cf_section_name2(conf);
if (!inst->xlat_name)
inst->xlat_name = cf_section_name1(conf);
xlat_register(inst->xlat_name, redis_xlat, NULL, inst); /* FIXME! */
inst->pool = fr_connection_pool_init(conf, inst, mod_conn_create, NULL, mod_conn_delete, NULL);
if (!inst->pool) {
return -1;
}
inst->redis_query = rlm_redis_query;
inst->redis_finish_query = rlm_redis_finish_query;
return 0;
}
static int redis_instantiate(CONF_SECTION *conf, void **instance)
{
REDIS_INST *inst;
const char *xlat_name;
/*
* Set up a storage area for instance data
*/
*instance = inst = talloc_zero(conf, REDIS_INST);
if (!inst) return -1;
/*
* If the configuration parameters can't be parsed, then
* fail.
*/
if (cf_section_parse(conf, inst, module_config) < 0) {
return -1;
}
xlat_name = cf_section_name2(conf);
if (!xlat_name)
xlat_name = cf_section_name1(conf);
xlat_register(inst->xlat_name, redis_xlat, inst);
inst->pool = fr_connection_pool_init(conf, inst,
redis_create_conn, NULL,
redis_delete_conn);
if (!inst->pool) {
return -1;
}
inst->redis_query = rlm_redis_query;
inst->redis_finish_query = rlm_redis_finish_query;
inst->redis_escape_func = redis_escape_func;
return 0;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int rlm_rest_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_rest_t *data;
const char *xlat_name;
/*
* Allocate memory for instance data.
*/
data = rad_malloc(sizeof(*data));
if (!data) {
return -1;
}
memset(data, 0, sizeof(*data));
/*
* If the configuration parameters can't be parsed, then
* fail.
*/
if (cf_section_parse(conf, data, module_config) < 0) {
free(data);
return -1;
}
xlat_name = cf_section_name2(conf);
if (xlat_name == NULL) {
xlat_name = cf_section_name1(conf);
}
data->xlat_name = xlat_name;
/*
* Parse sub-section configs.
*/
if (
(parse_sub_section(conf, data, &data->authorize,
RLM_COMPONENT_AUTZ) < 0) ||
(parse_sub_section(conf, data, &data->authenticate,
RLM_COMPONENT_AUTH) < 0) ||
(parse_sub_section(conf, data, &data->accounting,
RLM_COMPONENT_ACCT) < 0) ||
(parse_sub_section(conf, data, &data->checksimul,
RLM_COMPONENT_SESS) < 0) ||
(parse_sub_section(conf, data, &data->postauth,
RLM_COMPONENT_POST_AUTH) < 0))
{
return -1;
}
/*
* Initialise REST libraries.
*/
if (!rest_init(data)) {
return -1;
}
data->conn_pool = fr_connection_pool_init(conf, data,
rest_socket_create,
rest_socket_alive,
rest_socket_delete);
if (!data->conn_pool) {
return -1;
}
*instance = data;
return 0;
}
/** Instantiate the module
*
* Creates a new instance of the module reading parameters from a configuration section.
*
* @param conf to parse.
* @param instance Where to write pointer to configuration data.
* @return 0 on success < 0 on failure.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
CONF_SECTION *options;
ldap_instance_t *inst = instance;
inst->cs = conf;
options = cf_section_sub_find(conf, "options");
if (!options || !cf_pair_find(options, "chase_referrals")) {
inst->chase_referrals_unset = true; /* use OpenLDAP defaults */
}
inst->xlat_name = cf_section_name2(conf);
if (!inst->xlat_name) {
inst->xlat_name = cf_section_name1(conf);
}
/*
* If the configuration parameters can't be parsed, then fail.
*/
if ((parse_sub_section(inst, conf, &inst->accounting, RLM_COMPONENT_ACCT) < 0) ||
(parse_sub_section(inst, conf, &inst->postauth, RLM_COMPONENT_POST_AUTH) < 0)) {
LDAP_ERR("Failed parsing configuration");
goto error;
}
/*
* Sanity checks for cacheable groups code.
*/
if (inst->cacheable_group_name && inst->groupobj_membership_filter) {
if (!inst->groupobj_name_attr) {
LDAP_ERR("Directive 'group.name_attribute' must be set if cacheable group names are enabled");
goto error;
}
}
/*
* Check for URLs. If they're used and the library doesn't support them, then complain.
*/
inst->is_url = 0;
if (ldap_is_ldap_url(inst->server)) {
#ifdef HAVE_LDAP_INITIALIZE
inst->is_url = 1;
inst->port = 0;
#else
LDAP_ERR("Directive 'server' is in URL form but ldap_initialize() is not available");
goto error;
#endif
}
/*
* Workaround for servers which support LDAPS but not START TLS
*/
if (inst->port == LDAPS_PORT || inst->tls_mode) {
inst->tls_mode = LDAP_OPT_X_TLS_HARD;
} else {
inst->tls_mode = 0;
}
#if LDAP_SET_REBIND_PROC_ARGS != 3
/*
* The 2-argument rebind doesn't take an instance variable. Our rebind function needs the instance
* variable for the username, password, etc.
*/
if (inst->rebind == true) {
LDAP_ERR("Cannot use 'rebind' directive as this version of libldap does not support the API "
"that we need");
goto error;
}
#endif
/*
* Convert scope strings to enumerated constants
*/
inst->userobj_scope = fr_str2int(ldap_scope, inst->userobj_scope_str, -1);
if (inst->userobj_scope < 0) {
LDAP_ERR("Invalid 'user.scope' value \"%s\", expected 'sub', 'one', 'base' or 'children'",
inst->userobj_scope_str);
goto error;
}
inst->groupobj_scope = fr_str2int(ldap_scope, inst->groupobj_scope_str, -1);
if (inst->groupobj_scope < 0) {
LDAP_ERR("Invalid 'group.scope' value \"%s\", expected 'sub', 'one', 'base' or 'children'",
inst->groupobj_scope_str);
goto error;
}
inst->clientobj_scope = fr_str2int(ldap_scope, inst->clientobj_scope_str, -1);
if (inst->clientobj_scope < 0) {
LDAP_ERR("Invalid 'client.scope' value \"%s\", expected 'sub', 'one', 'base' or 'children'",
inst->clientobj_scope_str);
goto error;
}
if (inst->tls_require_cert_str) {
#ifdef LDAP_OPT_X_TLS_NEVER
/*
* Convert cert strictness to enumerated constants
*/
inst->tls_require_cert = fr_str2int(ldap_tls_require_cert, inst->tls_require_cert_str, -1);
if (inst->tls_require_cert < 0) {
LDAP_ERR("Invalid 'tls.require_cert' value \"%s\", expected 'never', 'demand', 'allow', "
"'try' or 'hard'", inst->tls_require_cert_str);
goto error;
}
#else
LDAP_ERR("Modifying 'tls.require_cert' is not supported by current version of libldap. "
"Please upgrade libldap and rebuild this module");
goto error;
#endif
}
/*
* Build the attribute map
*/
if (rlm_ldap_map_verify(inst, &(inst->user_map)) < 0) {
goto error;
}
/*
* Group comparison checks.
*/
if (cf_section_name2(conf)) {
ATTR_FLAGS flags;
char buffer[256];
snprintf(buffer, sizeof(buffer), "%s-Ldap-Group",
inst->xlat_name);
memset(&flags, 0, sizeof(flags));
if (dict_addattr(buffer, -1, 0, PW_TYPE_STRING, flags) < 0) {
LDAP_ERR("Error creating group attribute: %s", fr_strerror());
return -1;
}
inst->group_da = dict_attrbyname(buffer);
if (!inst->group_da) {
LDAP_ERR("Failed creating attribute %s", buffer);
goto error;
}
paircompare_register(inst->group_da, dict_attrbyvalue(PW_USER_NAME, 0), false, rlm_ldap_groupcmp, inst);
/*
* Were the default instance
*/
} else {
inst->group_da = dict_attrbyvalue(PW_LDAP_GROUP, 0);
paircompare_register(dict_attrbyvalue(PW_LDAP_GROUP, 0), dict_attrbyvalue(PW_USER_NAME, 0),
false, rlm_ldap_groupcmp, inst);
}
xlat_register(inst->xlat_name, ldap_xlat, rlm_ldap_escape_func, inst);
/*
* Setup the cache attribute
*/
if (inst->cache_attribute) {
ATTR_FLAGS flags;
memset(&flags, 0, sizeof(flags));
if (dict_addattr(inst->cache_attribute, -1, 0, PW_TYPE_STRING, flags) < 0) {
LDAP_ERR("Error creating cache attribute: %s", fr_strerror());
return -1;
}
inst->cache_da = dict_attrbyname(inst->cache_attribute);
} else {
inst->cache_da = inst->group_da; /* Default to the group_da */
}
/*
* Initialize the socket pool.
*/
inst->pool = fr_connection_pool_init(inst->cs, inst, mod_conn_create, NULL, mod_conn_delete, NULL);
if (!inst->pool) {
return -1;
}
/*
* Bulk load dynamic clients.
*/
if (inst->do_clients) {
if (rlm_ldap_load_clients(inst) < 0) {
LDAP_ERR("Error loading clients");
return -1;
}
}
return 0;
error:
return -1;
}
