int stage; //!< Processing stage.
uint32_t pac_lifetime; //!< seconds to add to current time to describe PAC lifetime
char const *authority_identity; //!< The identity we present in the EAP-TLS
uint8_t a_id[PAC_A_ID_LENGTH]; //!< The identity we present in the EAP-TLS
char const *pac_opaque_key; //!< The key used to encrypt PAC-Opaque
bool use_tunneled_reply; //!< Use the reply attributes from the tunneled session in
//!< the non-tunneled reply to the client.
bool copy_request_to_tunnel; //!< Use SOME of the request attributes from outside of the
} rlm_eap_fast_t;
static CONF_PARSER module_config[] = {
{ "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_fast_t, tls_conf_name), NULL },
{ "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_fast_t, default_method_name), "mschapv2" },
{ "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_NOT_EMPTY, rlm_eap_fast_t, virtual_server) , NULL},
{ "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_fast_t, req_client_cert), "no" },
{ "pac_lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_fast_t, pac_lifetime), "604800" },
{ "authority_identity", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_fast_t, authority_identity), NULL },
{ "pac_opaque_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_fast_t, pac_opaque_key), NULL },
{ "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_fast_t, copy_request_to_tunnel), "no" },
{ "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_fast_t, use_tunneled_reply), "no" },
CONF_PARSER_TERMINATOR
{ "never", LDAP_DEREF_NEVER },
{ "searching", LDAP_DEREF_SEARCHING },
{ "finding", LDAP_DEREF_FINDING },
{ "always", LDAP_DEREF_ALWAYS },
{ NULL , -1 }
};
/*
* TLS Configuration
*/
static CONF_PARSER tls_config[] = {
/*
* Deprecated attributes
*/
{ "cacertfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_ca_file), NULL },
{ "ca_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_ca_file), NULL },
{ "cacertdir", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_ca_path), NULL },
{ "ca_path", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_ca_path), NULL },
{ "certfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_certificate_file), NULL },
{ "certificate_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_certificate_file), NULL },
{ "keyfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_private_key_file), NULL }, // OK if it changes on HUP
{ "private_key_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_private_key_file), NULL }, // OK if it changes on HUP
{ "randfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_random_file), NULL },
{ "random_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_random_file), NULL },
/*
#ifdef USE_ITHREADS
pthread_mutex_t clone_mutex;
#endif
HV *rad_perlconf_hv; //!< holds "config" items (perl %RAD_PERLCONF hash).
} rlm_perl_t;
/*
* A mapping of configuration file names to internal variables.
*/
#define RLM_PERL_CONF(_x) { FR_CONF_OFFSET("func_" STRINGIFY(_x), FR_TYPE_STRING, rlm_perl_t, func_##_x), \
.data = NULL, .dflt = STRINGIFY(_x), .quote = T_INVALID }
static const CONF_PARSER module_config[] = {
{ FR_CONF_OFFSET("filename", FR_TYPE_FILE_INPUT | FR_TYPE_REQUIRED, rlm_perl_t, module) },
RLM_PERL_CONF(authorize),
RLM_PERL_CONF(authenticate),
RLM_PERL_CONF(post_auth),
RLM_PERL_CONF(accounting),
RLM_PERL_CONF(preacct),
RLM_PERL_CONF(detach),
RLM_PERL_CONF(xlat),
#ifdef WITH_PROXY
RLM_PERL_CONF(pre_proxy),
RLM_PERL_CONF(post_proxy),
#endif
#ifdef WITH_COA
RLM_PERL_CONF(recv_coa),
/*
* How many session updates to keep track of per user
*/
int trim_count;
/*
* These are used only for parsing. They aren't used at run-time.
*/
char const *insert;
char const *trim;
char const *expire;
} rlm_rediswho_t;
static CONF_PARSER section_config[] = {
{ "insert", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_XLAT, rlm_rediswho_t, insert), NULL },
{ "trim", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_rediswho_t, trim), NULL }, /* required only if trim_count > 0 */
{ "expire", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_XLAT, rlm_rediswho_t, expire), NULL },
CONF_PARSER_TERMINATOR
};
static CONF_PARSER module_config[] = {
{ "redis-instance-name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_DEPRECATED, rlm_rediswho_t, redis_instance_name), NULL },
{ "redis_module_instance", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_rediswho_t, redis_instance_name), "redis" },
{ "trim-count", FR_CONF_OFFSET(PW_TYPE_SIGNED | PW_TYPE_DEPRECATED, rlm_rediswho_t, trim_count), NULL },
{ "trim_count", FR_CONF_OFFSET(PW_TYPE_SIGNED, rlm_rediswho_t, trim_count), "-1" },
/*
* These all smash the same variables, because we don't care about them right now.
*/
typedef struct rlm_always_t {
char const *name; //!< Name of this instance of the always module.
char const *rcode_str; //!< The base value.
char const *rcode_old; //!< Make changing the rcode work with %{poke:} and radmin.
rlm_rcode_t rcode; //!< The integer constant representing rcode_str.
uint32_t simulcount;
bool mpp;
} rlm_always_t;
/*
* A mapping of configuration file names to internal variables.
*/
static const CONF_PARSER module_config[] = {
{ "rcode", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_always_t, rcode_str), "fail" },
{ "simulcount", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_always_t, simulcount), "0" },
{ "mpp", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_always_t, mpp), "no" },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_always_t *inst = instance;
inst->name = cf_section_name1(conf);
if (!inst->name) inst->name = cf_section_name2(conf);
/*
* Convert the rcode string to an int
*/
uint32_t dh_counter_max;
char const *default_auth_type;
char const *users_file_name;
char const *server_auth_type;
char const *server_id_type;
bool send_cert_request;
uint32_t fast_expire;
bool enable_fast_dhex;
bool enable_fast_reconnect;
} rlm_eap_ikev2_t;
CONF_PARSER module_config[] = {
{ "ca_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_ca_file), NULL },
{ "private_key_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_private_key_file), NULL },
{ "private_key_password", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_private_key_password), NULL },
{ "certificate_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_certificate_file), NULL },
{ "crl_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_crl), NULL },
{ "id", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, id), NULL },
{ "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_ikev2_t, max_fragment_size), IKEv2_DEFAULT_MAX_FRAGMENT_SIZE_STR },
{ "dh_counter_max", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_ikev2_t, dh_counter_max), IKEv2_DEFAULT_DH_COUNTER_MAX_STR },
{ "default_authtype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, default_auth_type), "both" },
{ "usersfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_eap_ikev2_t, users_file_name),"${confdir}/users" },
{ "server_authtype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, server_auth_type), "secret" },
{ "idtype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, server_id_type), IKEv2_DEFAULT_IDTYPE_STR },
{ "certreq", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_ikev2_t, send_cert_request), "no" },
{ "fast_timer_expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_ikev2_t, fast_expire), "900" },
#ifdef USE_ITHREADS
pthread_mutex_t clone_mutex;
#endif
HV *rad_perlconf_hv; //!< holds "config" items (perl %RAD_PERLCONF hash).
} rlm_perl_t;
/*
* A mapping of configuration file names to internal variables.
*/
#define RLM_PERL_CONF(_x) { "func_" STRINGIFY(_x), PW_TYPE_STRING, \
offsetof(rlm_perl_t,func_##_x), NULL, STRINGIFY(_x)}
static const CONF_PARSER module_config[] = {
{ "module", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, rlm_perl_t, module), NULL },
{ "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_REQUIRED, rlm_perl_t, module), NULL },
RLM_PERL_CONF(authorize),
RLM_PERL_CONF(authenticate),
RLM_PERL_CONF(post_auth),
RLM_PERL_CONF(accounting),
RLM_PERL_CONF(preacct),
RLM_PERL_CONF(checksimul),
RLM_PERL_CONF(detach),
RLM_PERL_CONF(xlat),
#ifdef WITH_PROXY
RLM_PERL_CONF(pre_proxy),
RLM_PERL_CONF(post_proxy),
#endif
bool ipv4_integer; //!< Whether IPv4 addresses should be cast to integers,
//!< for renew operations.
bool copy_on_update; //!< Copy the address provided by ip_address to the
//!< allocated_address_attr if updates are successful.
fr_redis_cluster_t *cluster; //!< Redis cluster.
} rlm_redis_ippool_t;
static CONF_PARSER redis_config[] = {
REDIS_COMMON_CONFIG,
CONF_PARSER_TERMINATOR
};
static CONF_PARSER module_config[] = {
{ FR_CONF_OFFSET("pool_name", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, pool_name) },
{ FR_CONF_OFFSET("device", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, device_id) },
{ FR_CONF_OFFSET("gateway", FR_TYPE_TMPL, rlm_redis_ippool_t, gateway_id) },\
{ FR_CONF_OFFSET("offer_time", FR_TYPE_TMPL, rlm_redis_ippool_t, offer_time) },
{ FR_CONF_OFFSET("lease_time", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, lease_time) },
{ FR_CONF_OFFSET("wait_num", FR_TYPE_UINT32, rlm_redis_ippool_t, wait_num) },
{ FR_CONF_OFFSET("wait_timeout", FR_TYPE_TIMEVAL, rlm_redis_ippool_t, wait_timeout) },
{ FR_CONF_OFFSET("requested_address", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, requested_address), .dflt = "%{%{DHCP-Requested-IP-Address}:-%{DHCP-Client-IP-Address}}", .quote = T_DOUBLE_QUOTED_STRING },
{ FR_CONF_DEPRECATED("ip_address", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, NULL) },
{ FR_CONF_OFFSET("allocated_address_attr", FR_TYPE_TMPL | FR_TYPE_ATTRIBUTE | FR_TYPE_REQUIRED, rlm_redis_ippool_t, allocated_address_attr), .dflt = "&reply:DHCP-Your-IP-Address", .quote = T_BARE_WORD },
{ FR_CONF_DEPRECATED("reply_attr", FR_TYPE_TMPL | FR_TYPE_ATTRIBUTE | FR_TYPE_REQUIRED, rlm_redis_ippool_t, NULL) },
#define LOG_PREFIX "%s - "
#define LOG_PREFIX_ARGS inst->config.name
#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module.h>
#include <freeradius-devel/server/modpriv.h>
#include <freeradius-devel/server/dl.h>
#include <freeradius-devel/server/rad_assert.h>
#include "rlm_cache.h"
extern rad_module_t rlm_cache;
static const CONF_PARSER module_config[] = {
{ FR_CONF_OFFSET("driver", FR_TYPE_STRING, rlm_cache_config_t, driver_name), .dflt = "rlm_cache_rbtree" },
{ FR_CONF_OFFSET("key", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_cache_config_t, key) },
{ FR_CONF_OFFSET("ttl", FR_TYPE_UINT32, rlm_cache_config_t, ttl), .dflt = "500" },
{ FR_CONF_OFFSET("max_entries", FR_TYPE_UINT32, rlm_cache_config_t, max_entries), .dflt = "0" },
/* Should be a type which matches time_t, @fixme before 2038 */
{ FR_CONF_OFFSET("epoch", FR_TYPE_INT32, rlm_cache_config_t, epoch), .dflt = "0" },
{ FR_CONF_OFFSET("add_stats", FR_TYPE_BOOL, rlm_cache_config_t, stats), .dflt = "no" },
CONF_PARSER_TERMINATOR
};
static fr_dict_t *dict_freeradius;
extern fr_dict_autoload_t rlm_cache_dict[];
fr_dict_autoload_t rlm_cache_dict[] = {
{ .out = &dict_freeradius, .proto = "freeradius" },
vp[4] ? vp[4]->vp_uint32 : 0,
vp[5] ? vp[5]->vp_uint32 : 0);
}
return strlen(*out);
}
}
return 0;
}
static const CONF_PARSER module_config[] = {
/*
* Do SoH over DHCP?
*/
{ FR_CONF_OFFSET("dhcp", FR_TYPE_BOOL, rlm_soh_t, dhcp), .dflt = "no" },
CONF_PARSER_TERMINATOR
};
static rlm_rcode_t CC_HINT(nonnull) mod_post_auth(void *instance, UNUSED void *thread, REQUEST *request)
{
#ifdef WITH_DHCP
int rcode;
VALUE_PAIR *vp;
rlm_soh_t const *inst = instance;
if (!inst->dhcp) return RLM_MODULE_NOOP;
vp = fr_pair_find_by_da(request->packet->vps, attr_dhcp_vendor, TAG_ANY);
if (vp) {
/*
#include <freeradius-devel/libradius.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/rad_assert.h>
#include <libcouchbase/couchbase.h>
#include <json/json.h>
#include "mod.h"
#include "couchbase.h"
#include "jsonc_missing.h"
/**
* Module Configuration
*/
static const CONF_PARSER module_config[] = {
{ "acct_key", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, acct_key), "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" },
{ "doctype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, doctype), "radacct" },
{ "server", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, server), NULL },
{ "bucket", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, bucket), NULL },
{ "password", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, password), NULL },
{ "expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_couchbase_t, expire), 0 },
{ "user_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, user_key), "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}" },
{NULL, -1, 0, NULL, NULL} /* end the list */
};
/* initialize couchbase connection */
static int mod_instantiate(CONF_SECTION *conf, void *instance) {
rlm_couchbase_t *inst = instance; /* our module instance */
{
char *server, *p;
struct timeval timeout; //!< How long to wait for read/write operations.
} unix;
linelog_net_t tcp; //!< TCP server.
linelog_net_t udp; //!< UDP server.
CONF_SECTION *cs; //!< #CONF_SECTION to use as the root for #log_ref lookups.
} linelog_instance_t;
typedef struct linelog_conn {
int sockfd; //!< File descriptor associated with socket
} linelog_conn_t;
static const CONF_PARSER file_config[] = {
{ "filename", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT | PW_TYPE_XLAT, linelog_instance_t, file.name), NULL },
{ "permissions", FR_CONF_OFFSET(PW_TYPE_INTEGER, linelog_instance_t, file.permissions), "0600" },
{ "group", FR_CONF_OFFSET(PW_TYPE_STRING, linelog_instance_t, file.group_str), NULL },
{ "escape_filenames", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, linelog_instance_t, file.escape), "no" },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
static const CONF_PARSER syslog_config[] = {
{ "facility", FR_CONF_OFFSET(PW_TYPE_STRING, linelog_instance_t, syslog.facility), NULL },
{ "severity", FR_CONF_OFFSET(PW_TYPE_STRING, linelog_instance_t, syslog.severity), "info" },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
static const CONF_PARSER unix_config[] = {
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/token.h>
#include <freeradius-devel/rad_assert.h>
#include <sys/stat.h>
#include "rlm_sql.h"
/*
* So we can do pass2 xlat checks on the queries.
*/
static const CONF_PARSER query_config[] = {
{ "query", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT | PW_TYPE_MULTI, rlm_sql_config_t, accounting.query), NULL },
{NULL, -1, 0, NULL, NULL}
};
/*
* For now hard-code the subsections. This isn't perfect, but it
* helps the average case.
*/
static const CONF_PARSER type_config[] = {
{ "accounting-on", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
{ "accounting-off", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
{ "start", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
{ "interim-update", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
{ "stop", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
char const *line;
char const *reference;
fr_logfile_t *lf;
} rlm_linelog_t;
/*
* A mapping of configuration file names to internal variables.
*
* Note that the string is dynamically allocated, so it MUST
* be freed. When the configuration file parse re-reads the string,
* it free's the old one, and strdup's the new one, placing the pointer
* to the strdup'd string into 'config.string'. This gets around
* buffer over-flows.
*/
static const CONF_PARSER module_config[] = {
{ "filename", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT| PW_TYPE_REQUIRED, rlm_linelog_t, filename), NULL },
{ "syslog_facility", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, syslog_facility), NULL },
{ "permissions", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_linelog_t, permissions), "0600" },
{ "group", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, group), NULL },
{ "format", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, line), NULL },
{ "reference", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, reference), NULL },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
/*
* Instantiate the module.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_linelog_t *inst = instance;
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#ifdef HAVE_OPENSSL_EVP_H
#include <openssl/evp.h>
#endif
#include "rlm_eap_tls.h"
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
static CONF_PARSER module_config[] = {
{ "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_tls_t, tls_conf_name), NULL },
{ "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_tls_t, virtual_server), NULL },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
/*
* Attach the EAP-TLS module.
*/
static int mod_instantiate(CONF_SECTION *cs, void **instance)
{
rlm_eap_tls_t *inst;
/*
#include <freeradius-devel/libradius.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/rad_assert.h>
#include <libcouchbase/couchbase.h>
#include <json.h>
#include "mod.h"
#include "couchbase.h"
#include "jsonc_missing.h"
/**
* Client Configuration
*/
static const CONF_PARSER client_config[] = {
{ "view", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, client_view), "_design/client/_view/by_name" },
{NULL, -1, 0, NULL, NULL} /* end the list */
};
/**
* Module Configuration
*/
static const CONF_PARSER module_config[] = {
{ "acct_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_couchbase_t, acct_key), "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" },
{ "doctype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, doctype), "radacct" },
{ "server", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, server_raw), NULL },
{ "bucket", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, bucket), NULL },
{ "password", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, password), NULL },
{ "expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_couchbase_t, expire), 0 },
{ "user_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_couchbase_t, user_key), "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}" },
{ "read_clients", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_couchbase_t, read_clients), NULL }, /* NULL defaults to "no" */
char const *filename; //!< File/path to write to.
uint32_t perm; //!< Permissions to use for new files.
char const *group; //!< Group to use for new files.
char const *header; //!< Header format.
bool locking; //!< Whether the file should be locked.
bool log_srcdst; //!< Add IP src/dst attributes to entries.
fr_logfile_t *lf; //!< Log file handler
fr_hash_table_t *ht; //!< Holds suppressed attributes.
} detail_instance_t;
static const CONF_PARSER module_config[] = {
{ "detailfile", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT | PW_TYPE_DEPRECATED, detail_instance_t, filename), NULL },
{ "filename", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT | PW_TYPE_REQUIRED, detail_instance_t, filename), "%A/%{Client-IP-Address}/detail" },
{ "header", FR_CONF_OFFSET(PW_TYPE_STRING, detail_instance_t, header), "%t" },
{ "detailperm", FR_CONF_OFFSET(PW_TYPE_INTEGER | PW_TYPE_DEPRECATED, detail_instance_t, perm), NULL },
{ "permissions", FR_CONF_OFFSET(PW_TYPE_INTEGER, detail_instance_t, perm), "0600" },
{ "group", FR_CONF_OFFSET(PW_TYPE_STRING, detail_instance_t, group), NULL },
{ "locking", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, detail_instance_t, locking), "no" },
{ "log_packet_header", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, detail_instance_t, log_srcdst), "no" },
{ NULL, -1, 0, NULL, NULL }
};
/*
* Clean up.
*/
static int mod_detach(void *instance)
typedef struct rlm_preprocess_t {
char const *huntgroup_file;
char const *hints_file;
PAIR_LIST *huntgroups;
PAIR_LIST *hints;
bool with_ascend_hack;
uint32_t ascend_channels_per_line;
bool with_ntdomain_hack;
bool with_specialix_jetstream_hack;
bool with_cisco_vsa_hack;
bool with_alvarion_vsa_hack;
bool with_cablelabs_vsa_hack;
} rlm_preprocess_t;
static const CONF_PARSER module_config[] = {
{ "huntgroups", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_preprocess_t, huntgroup_file), NULL },
{ "hints", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_preprocess_t, hints_file), NULL },
{ "with_ascend_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_ascend_hack), "no" },
{ "ascend_channels_per_line", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_preprocess_t, ascend_channels_per_line), "23" },
{ "with_ntdomain_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_ntdomain_hack), "no" },
{ "with_specialix_jetstream_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_specialix_jetstream_hack), "no" },
{ "with_cisco_vsa_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_cisco_vsa_hack), "no" },
{ "with_alvarion_vsa_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_alvarion_vsa_hack), "no" },
#if 0
{ "with_cablelabs_vsa_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_cablelabs_vsa_hack), NULL },
#endif
{ NULL, -1, 0, NULL, NULL }
};
/*
#include <freeradius-devel/server/map.h>
#include <freeradius-devel/server/module.h>
#include <freeradius-devel/server/rad_assert.h>
#include <freeradius-devel/util/base.h>
#include <libcouchbase/couchbase.h>
#include <freeradius-devel/json/base.h>
#include "mod.h"
#include "couchbase.h"
/**
* Client Configuration
*/
static const CONF_PARSER client_config[] = {
{ FR_CONF_OFFSET("view", FR_TYPE_STRING, rlm_couchbase_t, client_view), .dflt = "_design/client/_view/by_name" },
CONF_PARSER_TERMINATOR
};
/**
* Module Configuration
*/
static const CONF_PARSER module_config[] = {
{ FR_CONF_OFFSET("server", FR_TYPE_STRING | FR_TYPE_REQUIRED, rlm_couchbase_t, server_raw) },
{ FR_CONF_OFFSET("bucket", FR_TYPE_STRING | FR_TYPE_REQUIRED, rlm_couchbase_t, bucket) },
{ FR_CONF_OFFSET("password", FR_TYPE_STRING, rlm_couchbase_t, password) },
#ifdef WITH_ACCOUNTING
{ FR_CONF_OFFSET("acct_key", FR_TYPE_TMPL, rlm_couchbase_t, acct_key), .dflt = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}", .quote = T_DOUBLE_QUOTED_STRING },
{ FR_CONF_OFFSET("doctype", FR_TYPE_STRING, rlm_couchbase_t, doctype), .dflt = "radacct" },
{ FR_CONF_OFFSET("expire", FR_TYPE_UINT32, rlm_couchbase_t, expire), .dflt = 0 },
#endif
char const *off_commit; //!< SQL query to commit.
/* Logging Section */
char const *log_exists; //!< There was an ip address already assigned.
char const *log_success; //!< We successfully allocated ip address from pool.
char const *log_clear; //!< We successfully deallocated ip address from pool.
char const *log_failed; //!< Failed to allocate ip from the pool.
char const *log_nopool; //!< There was no Framed-IP-Address but also no Pool-Name.
/* Reserved to handle 255.255.255.254 Requests */
char const *defaultpool; //!< Default Pool-Name if there is none in the check items.
} rlm_sqlippool_t;
static CONF_PARSER message_config[] = {
{ "exists", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_exists), NULL },
{ "success", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_success), NULL },
{ "clear", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_clear), NULL },
{ "failed", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_failed), NULL },
{ "nopool", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_nopool), NULL },
CONF_PARSER_TERMINATOR
};
/*
* A mapping of configuration file names to internal variables.
*
* Note that the string is dynamically allocated, so it MUST
* be freed. When the configuration file parse re-reads the string,
* it free's the old one, and strdup's the new one, placing the pointer
* to the strdup'd string into 'config.string'. This gets around
* buffer over-flows.
*/
RCSID("$Id: 46cc8ca7c7179da925f6467dd4a15ef5e3ae4284 $")
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/token.h>
#include <freeradius-devel/rad_assert.h>
#include <ctype.h>
#include "rest.h"
/*
* TLS Configuration
*/
static CONF_PARSER tls_config[] = {
{ "ca_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_ca_file), NULL },
{ "ca_path", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_ca_path), NULL },
{ "certificate_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_certificate_file), NULL },
{ "private_key_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_private_key_file), NULL },
{ "private_key_password", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_SECRET, rlm_rest_section_t, tls_private_key_password), NULL },
{ "random_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_rest_section_t, tls_random_file), NULL },
{ "check_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_rest_section_t, tls_check_cert), "yes" },
{ "check_cert_cn", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_rest_section_t, tls_check_cert_cn), "yes" },
{ NULL, -1, 0, NULL, NULL }
};
/*
* A mapping of configuration file names to internal variables.
*
* Note that the string is dynamically allocated, so it MUST
#include <ctype.h>
#include <fcntl.h>
/*
* Define a structure with the module configuration, so it can
* be used as the instance handle.
*/
typedef struct rlm_attr_filter {
char const *filename;
char const *key;
bool relaxed;
PAIR_LIST *attrs;
} rlm_attr_filter_t;
static const CONF_PARSER module_config[] = {
{ "attrsfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, rlm_attr_filter_t, filename), NULL },
{ "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_REQUIRED, rlm_attr_filter_t, filename), NULL },
{ "key", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_attr_filter_t, key), "%{Realm}" },
{ "relaxed", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_attr_filter_t, relaxed), "no" },
{ NULL, -1, 0, NULL, NULL }
};
static void check_pair(REQUEST *request, VALUE_PAIR *check_item, VALUE_PAIR *reply_item, int *pass, int *fail)
{
int compare;
if (check_item->op == T_OP_SET) return;
compare = paircmp(check_item, reply_item);
if (compare < 0) {
REDEBUG("Comparison failed: %s", fr_strerror());
#ifdef HAVE_PAM_PAM_APPL_H
#include <pam/pam_appl.h>
#endif
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
typedef struct rlm_pam_t {
char const *pam_auth_name;
} rlm_pam_t;
static const CONF_PARSER module_config[] = {
{ "pam_auth", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_pam_t, pam_auth_name), "radiusd" },
{ NULL, -1, 0, NULL, NULL }
};
/*************************************************************************
*
* Function: PAM_conv
*
* Purpose: Dialogue between RADIUS and PAM modules.
*
* jab - stolen from pop3d
*
* Alan DeKok: modified to use PAM's appdata_ptr, so that we're
* multi-threaded safe, and don't have any nasty static
* variables hanging around.
*
#include <freeradius-devel/modules.h>
#include <ctype.h>
#include "rlm_securid.h"
typedef enum {
RC_SECURID_AUTH_SUCCESS = 0,
RC_SECURID_AUTH_FAILURE = -3,
RC_SECURID_AUTH_ACCESS_DENIED_FAILURE = -4,
RC_SECURID_AUTH_INVALID_SERVER_FAILURE = -5,
RC_SECURID_AUTH_CHALLENGE = -17
} SECURID_AUTH_RC;
static const CONF_PARSER module_config[] = {
{ "timer_expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, timer_limit), "600" },
{ "max_sessions", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, max_sessions), "2048" },
{ "max_trips_per_session", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, max_trips_per_session), NULL },
{ "max_round_trips", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, max_trips_per_session), "6" },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
static SD_CHAR empty_pin[] = "";
/* comparison function to find session in the tree */
static int securid_session_cmp(void const *a, void const *b)
{
int rcode;
SECURID_SESSION const *one = a;
SECURID_SESSION const *two = b;
bool copy_request_to_tunnel; //!< Use SOME of the request attributes from outside of the
//!< tunneled session in the tunneled request.
#ifdef WITH_PROXY
bool proxy_tunneled_request_as_eap; //!< Proxy tunneled session as EAP, or as de-capsulated
//!< protocol.
#endif
char const *virtual_server; //!< Virtual server for inner tunnel session.
bool soh; //!< Do we do SoH request?
char const *soh_virtual_server;
bool req_client_cert; //!< Do we do require a client cert?
} rlm_eap_peap_t;
static CONF_PARSER module_config[] = {
{ "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, tls_conf_name), NULL },
{ "default_method", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, default_method_name), "mschapv2" },
{ "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, copy_request_to_tunnel), "no" },
{ "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, use_tunneled_reply), "no" },
#ifdef WITH_PROXY
{ "proxy_tunneled_request_as_eap", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, proxy_tunneled_request_as_eap), "yes" },
#endif
{ "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, virtual_server), NULL },
{ "soh", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, soh), "no" },
* this code cannot simply be copied and put under a different distribution
* license (including the GNU public license).
*/
RCSID("$Id: db8d619ca134aaed25dbf79e8d41c5b1c11e0424 $")
USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
#include "rlm_eap_pwd.h"
#include "eap_pwd.h"
#define MPPE_KEY_LEN 32
#define MSK_EMSK_LEN (2*MPPE_KEY_LEN)
static CONF_PARSER pwd_module_config[] = {
{ "group", FR_CONF_OFFSET(PW_TYPE_INTEGER, eap_pwd_t, group), "19" },
{ "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, eap_pwd_t, fragment_size), "1020" },
{ "server_id", FR_CONF_OFFSET(PW_TYPE_STRING, eap_pwd_t, server_id), NULL },
{ "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, eap_pwd_t, virtual_server), NULL },
CONF_PARSER_TERMINATOR
};
static int mod_detach (void *arg)
{
eap_pwd_t *inst;
inst = (eap_pwd_t *) arg;
if (inst->bnctx) BN_CTX_free(inst->bnctx);
return 0;
#include <freeradius-devel/modcall.h>
#include <freeradius-devel/rad_assert.h>
#include "rlm_cache.h"
/*
* A mapping of configuration file names to internal variables.
*
* Note that the string is dynamically allocated, so it MUST
* be freed. When the configuration file parse re-reads the string,
* it free's the old one, and strdup's the new one, placing the pointer
* to the strdup'd string into 'config.string'. This gets around
* buffer over-flows.
*/
static const CONF_PARSER module_config[] = {
{ "driver", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_cache_t, driver_name), "rlm_cache_rbtree" },
{ "key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_XLAT, rlm_cache_t, key), NULL },
{ "ttl", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_cache_t, ttl), "500" },
{ "max_entries", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_cache_t, max_entries), "0" },
/* Should be a type which matches time_t, @fixme before 2038 */
{ "epoch", FR_CONF_OFFSET(PW_TYPE_SIGNED, rlm_cache_t, epoch), "0" },
{ "add_stats", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_cache_t, stats), "no" },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
static int cache_acquire(rlm_cache_handle_t **out, rlm_cache_t *inst, REQUEST *request)
{
if (!inst->module->acquire) return 0;
* Old wrapper for client_find
*/
RADCLIENT *client_find_old(fr_ipaddr_t const *ipaddr)
{
return client_find(root_clients, ipaddr, IPPROTO_UDP);
}
static fr_ipaddr_t cl_ipaddr;
static char const *cl_srcipaddr = NULL;
#ifdef WITH_TCP
static char const *hs_proto = NULL;
#endif
#ifdef WITH_TCP
static CONF_PARSER limit_config[] = {
{ "max_connections", FR_CONF_OFFSET(PW_TYPE_INTEGER, RADCLIENT, limit.max_connections), "16" },
{ "lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, RADCLIENT, limit.lifetime), "0" },
{ "idle_timeout", FR_CONF_OFFSET(PW_TYPE_INTEGER, RADCLIENT, limit.idle_timeout), "30" },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
#endif
static const CONF_PARSER client_config[] = {
{ "ipaddr", FR_CONF_POINTER(PW_TYPE_COMBO_IP_PREFIX, &cl_ipaddr), NULL },
{ "ipv4addr", FR_CONF_POINTER(PW_TYPE_IPV4_PREFIX, &cl_ipaddr), NULL },
{ "ipv6addr", FR_CONF_POINTER(PW_TYPE_IPV6_PREFIX, &cl_ipaddr), NULL },
{ "src_ipaddr", FR_CONF_POINTER(PW_TYPE_STRING, &cl_srcipaddr), NULL },
#endif
#include <ctype.h>
#include "rlm_expr.h"
/*
* Define a structure for our module configuration.
*/
typedef struct rlm_expr_t {
char const *xlat_name;
char const *allowed_chars;
} rlm_expr_t;
static const CONF_PARSER module_config[] = {
{ "safe_characters", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_expr_t, allowed_chars), "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" },
{NULL, -1, 0, NULL, NULL}
};
typedef enum expr_token_t {
TOKEN_NONE = 0,
TOKEN_INTEGER,
TOKEN_ADD,
TOKEN_SUBTRACT,
TOKEN_DIVIDE,
TOKEN_REMAINDER,
TOKEN_MULTIPLY,
TOKEN_AND,
TOKEN_OR,
TOKEN_POWER,
TOKEN_LAST
unsigned int packet_code;
bool shell_escape;
uint32_t timeout;
} rlm_exec_t;
/*
* A mapping of configuration file names to internal variables.
*
* Note that the string is dynamically allocated, so it MUST
* be freed. When the configuration file parse re-reads the string,
* it free's the old one, and strdup's the new one, placing the pointer
* to the strdup'd string into 'config.string'. This gets around
* buffer over-flows.
*/
static const CONF_PARSER module_config[] = {
{ "wait", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_exec_t, wait), "yes" },
{ "program", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_exec_t, program), NULL },
{ "input_pairs", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_exec_t, input), NULL },
{ "output_pairs", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_exec_t, output), NULL },
{ "packet_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_exec_t, packet_type), NULL },
{ "shell_escape", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_exec_t, shell_escape), "yes" },
{ "timeout", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_exec_t, timeout), NULL },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
static char const special[] = "\\'\"`<>|; \t\r\n()[]?#$^&*=";
/*
* Escape special characters
*/
