/**********************************************************************
* %FUNCTION: print_attributes
* %ARGUMENTS:
* vp -- linked-list of RADIUS attribute-value pairs
* %RETURNS:
* Nothing
* %DESCRIPTION:
* Prints the attribute pairs to /var/run/radattr.pppN. Each line of the
* file contains "name value" pairs.
***********************************************************************/
static void
print_attributes(VALUE_PAIR *vp)
{
FILE *fp;
char fname[512];
char name[2048];
char value[2048];
int cnt = 0;
slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
fp = fopen(fname, "w");
if (!fp) {
warn("radattr plugin: Could not open %s for writing: %m", fname);
return;
}
for (; vp; vp=vp->next) {
if (rc_avpair_tostr(vp, name, sizeof(name), value, sizeof(value)) < 0) {
continue;
}
fprintf(fp, "%s %s\n", name, value);
cnt++;
}
fclose(fp);
dbglog("RADATTR plugin wrote %d line(s) to file %s.", cnt, fname);
}
/** Format a sequence of attribute value pairs into a printable string
*
* The caller should provide a storage buffer and the buffer length.
*
* @param rh a handle to parsed configuration.
* @param pair a pointer to a #VALUE_PAIR structure.
* @param buf will hold the string output of the pair.
* @param len the size of buf.
* @return a pointer to provided storage buffer.
*/
char *rc_avpair_log(rc_handle const *rh, VALUE_PAIR *pair, char *buf, size_t buf_len)
{
size_t len, nlen;
VALUE_PAIR *vp;
char name[33], value[256];
len = 0;
for (vp = pair; vp != NULL; vp = vp->next) {
if (rc_avpair_tostr(rh, vp, name, sizeof(name), value,
sizeof(value)) == -1)
return NULL;
nlen = len + 32 + 3 + strlen(value) + 2 + 2;
if(nlen<buf_len-1) {
sprintf(buf + len, "%-32s = '%s'\n", name, value);
} else return buf;
len = nlen - 1;
}
return buf;
}
LFUNC auth_radius(UINT4 client_port, char *username, char *passwd)
{
VALUE_PAIR *send, *received, *vp, *service_vp;
UINT4 service, ftype, ctype;
char msg[4096], *p, username_realm[256];
char name[2048], value[2048]; /* more than enough */
int result;
char *default_realm, *service_str, *ftype_str;
DICT_VALUE *dval;
send = received = NULL;
/*
* Determine and fill in Service-Type
*/
#ifdef SCP
/* determine based on the username what kind of service is requested.
this allows you to use one password for all accounts, but the
Merit radiusd supplies you just with the right information you
need for the specified service type -lf, 03/15/96 */
switch (*username)
{
case 'S':
service = PW_FRAMED;
ftype = PW_SLIP;
ctype = 0;
username++;
break;
case 'C':
service = PW_FRAMED;
ftype = PW_SLIP;
ctype = PW_VAN_JACOBSON_TCP_IP;
username++;
break;
case 'P':
service = PW_FRAMED;
ftype = PW_PPP;
ctype = 0;
username++;
break;
default:
service = PW_LOGIN;
ftype = 0;
ctype = 0;
break;
}
#else
service = PW_LOGIN;
ftype = 0;
ctype = 0;
#endif
if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
/* Fill in Framed-Protocol, if neccessary */
if (ftype != 0)
{
if (rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &ftype, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
}
/* Fill in Framed-Compression, if neccessary */
if (ctype != 0)
{
if (rc_avpair_add(&send, PW_FRAMED_COMPRESSION, &ctype, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
}
/*
* Fill in User-Name
*/
strncpy(username_realm, username, sizeof(username_realm));
/* Append default realm */
default_realm = rc_conf_str("default_realm");
if ((strchr(username_realm, '@') == NULL) && default_realm &&
((*default_realm) != '\0'))
{
strncat(username_realm, "@", sizeof(username_realm));
strncat(username_realm, default_realm, sizeof(username_realm));
}
if (rc_avpair_add(&send, PW_USER_NAME, username_realm, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
/*
* Fill in User-Password
*/
if (rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
result = rc_auth(client_port, send, &received, msg, NULL);
if (result == OK_RC)
{
/* Set up a running count of attributes saved. */
int acount[256], attr;
memset(acount, 0, sizeof(acount));
rc_add_env(env, "RADIUS_USER_NAME", username);
vp = received;
/* map-- keep track of the attributes so that we know
when to add the delimiters. Note that we can only
handle attributes < 256, which is the standard anyway. */
while (vp)
{
strcpy(name, "RADIUS_");
if (rc_avpair_tostr(vp, name+7, sizeof(name)-7, value, sizeof(value)) < 0) {
rc_avpair_free(send);
rc_avpair_free(received);
return (LFUNC) NULL;
}
/* Translate "-" => "_" and uppercase*/
for(p = name; *p; p++) {
*p = toupper(*p);
if (*p == '-') *p = '_';
}
/* Add to the attribute count and append the var
if necessary. */
if ((attr = vp->attribute) < 256)
{
int count;
if ((count = acount[attr]++) > 0) {
char buf[10];
sprintf(buf, "_%d", count);
strcat(name,buf);
}
}
if (rc_add_env(env, name, value) < 0)
{
rc_avpair_free(send);
rc_avpair_free(received);
return (LFUNC) NULL;
}
vp = vp->next;
}
service_str = "(unknown)";
ftype_str = NULL;
if ((service_vp = rc_avpair_get(received, PW_SERVICE_TYPE)) != NULL)
if ((dval = rc_dict_getval(service_vp->lvalue, service_vp->name)) != NULL) {
service_str = dval->name;
}
if (service_vp && (service_vp->lvalue == PW_FRAMED) &&
((vp = rc_avpair_get(received, PW_FRAMED_PROTOCOL)) != NULL))
if ((dval = rc_dict_getval(vp->lvalue, vp->name)) != NULL) {
ftype_str = dval->name;
}
rc_log(LOG_NOTICE, "authentication OK, username %s, service %s%s%s",
username, service_str,(ftype_str)?"/":"", (ftype_str)?ftype_str:"");
if (msg && (*msg != '\0'))
printf(SC_SERVER_REPLY, msg);
else
printf(SC_RADIUS_OK);
rc_avpair_free(send);
rc_avpair_free(received);
return radius_login;
}
else
{
rc_log(LOG_NOTICE, "authentication FAILED, type RADIUS, username %s",
username_realm);
if (msg && (*msg != '\0'))
printf(SC_SERVER_REPLY, msg);
else
printf(SC_RADIUS_FAILED);
}
rc_avpair_free(send);
if (received)
rc_avpair_free(received);
return (LFUNC) NULL;
}
switch_xml_t mod_xml_radius_auth_reg(switch_event_t *params) {
int result = 0, param_idx = 0;
VALUE_PAIR *send = NULL, *recv = NULL, *service_vp = NULL;
char msg[512 * 10 + 1] = {0};
uint32_t service = PW_AUTHENTICATE_ONLY;
rc_handle *new_handle = NULL;
switch_xml_t fields, xml, dir, dom, usr, vars, var;
char name[512], value[512], *strtmp;
if (GLOBAL_DEBUG ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "mod_xml_radius: starting registration authentication\n");
}
if ( mod_xml_radius_new_handle(&new_handle, globals.auth_invite_configs) != SWITCH_STATUS_SUCCESS ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Failed to load radius handle for registration authentication\n");
goto err;
}
if ( new_handle == NULL ) {
goto err;
}
if ((fields = switch_xml_child(globals.auth_reg_configs, "fields")) == NULL ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Could not find 'fields' section in config file.\n");
goto err;
}
if ( mod_xml_radius_add_params(NULL, params, new_handle, &send, fields) != SWITCH_STATUS_SUCCESS ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Failed to add params to rc_handle\n");
goto err;
}
if (rc_avpair_add(new_handle, &send, PW_SERVICE_TYPE, &service, -1, 0) == NULL) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "mod_xml_radius: failed to add option to handle\n");
goto err;
}
result = rc_auth(new_handle, 0, send, &recv, msg);
if ( GLOBAL_DEBUG ){
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "mod_xml_radius: result(RC=%d) %s \n", result, msg);
}
if ( result != 0 ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "mod_xml_radius: Failed to authenticate\n");
goto err;
}
xml = switch_xml_new("document");
switch_xml_set_attr_d(xml, "type", "freeswitch/xml");
dir = switch_xml_add_child_d(xml, "section", 0);
switch_xml_set_attr_d(dir, "name", "directory");
dom = switch_xml_add_child_d(dir, "domain", 0);
switch_xml_set_attr_d(dom, "name", switch_event_get_header(params, "domain"));
usr = switch_xml_add_child_d(dom, "user", 0);
vars = switch_xml_add_child_d(usr, "variables", 0);
switch_xml_set_attr_d(usr, "id", switch_event_get_header(params, "user"));
service_vp = recv;
while (service_vp != NULL) {
rc_avpair_tostr(new_handle, service_vp, name, 512, value, 512);
if ( GLOBAL_DEBUG )
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "\tattribute (%s)[%s] found in radius packet\n", name, value);
var = switch_xml_add_child_d(vars, "variable", param_idx++);
strtmp = strdup(name);
switch_xml_set_attr_d(var, "name", strtmp);
free(strtmp);
strtmp = strdup(value);
switch_xml_set_attr_d(var, "value", strtmp);
free(strtmp);
service_vp = service_vp->next;
}
if ( GLOBAL_DEBUG ) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "XML: %s \n", switch_xml_toxml(xml, 1));
}
if ( recv ) {
rc_avpair_free(recv);
recv = NULL;
}
if ( send ) {
rc_avpair_free(send);
send = NULL;
}
if ( new_handle ) {
rc_destroy(new_handle);
new_handle = NULL;
}
return xml;
err:
if ( recv ) {
rc_avpair_free(recv);
recv = NULL;
}
if ( send ) {
rc_avpair_free(send);
send = NULL;
}
if ( new_handle ) {
rc_destroy(new_handle);
new_handle = NULL;
}
return NULL;
}
