int stage; //!< Processing stage. uint32_t pac_lifetime; //!< seconds to add to current time to describe PAC lifetime char const *authority_identity; //!< The identity we present in the EAP-TLS uint8_t a_id[PAC_A_ID_LENGTH]; //!< The identity we present in the EAP-TLS char const *pac_opaque_key; //!< The key used to encrypt PAC-Opaque bool use_tunneled_reply; //!< Use the reply attributes from the tunneled session in //!< the non-tunneled reply to the client. bool copy_request_to_tunnel; //!< Use SOME of the request attributes from outside of the } rlm_eap_fast_t; static CONF_PARSER module_config[] = { { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_fast_t, tls_conf_name), NULL }, { "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_fast_t, default_method_name), "mschapv2" }, { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_NOT_EMPTY, rlm_eap_fast_t, virtual_server) , NULL}, { "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_fast_t, req_client_cert), "no" }, { "pac_lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_fast_t, pac_lifetime), "604800" }, { "authority_identity", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_fast_t, authority_identity), NULL }, { "pac_opaque_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_fast_t, pac_opaque_key), NULL }, { "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_fast_t, copy_request_to_tunnel), "no" }, { "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_fast_t, use_tunneled_reply), "no" }, CONF_PARSER_TERMINATOR
{ "never", LDAP_DEREF_NEVER }, { "searching", LDAP_DEREF_SEARCHING }, { "finding", LDAP_DEREF_FINDING }, { "always", LDAP_DEREF_ALWAYS }, { NULL , -1 } }; /* * TLS Configuration */ static CONF_PARSER tls_config[] = { /* * Deprecated attributes */ { "cacertfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_ca_file), NULL }, { "ca_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_ca_file), NULL }, { "cacertdir", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_ca_path), NULL }, { "ca_path", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_ca_path), NULL }, { "certfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_certificate_file), NULL }, { "certificate_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_certificate_file), NULL }, { "keyfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_private_key_file), NULL }, // OK if it changes on HUP { "private_key_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_private_key_file), NULL }, // OK if it changes on HUP { "randfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, ldap_instance_t, tls_random_file), NULL }, { "random_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, ldap_instance_t, tls_random_file), NULL }, /*
#ifdef USE_ITHREADS pthread_mutex_t clone_mutex; #endif HV *rad_perlconf_hv; //!< holds "config" items (perl %RAD_PERLCONF hash). } rlm_perl_t; /* * A mapping of configuration file names to internal variables. */ #define RLM_PERL_CONF(_x) { FR_CONF_OFFSET("func_" STRINGIFY(_x), FR_TYPE_STRING, rlm_perl_t, func_##_x), \ .data = NULL, .dflt = STRINGIFY(_x), .quote = T_INVALID } static const CONF_PARSER module_config[] = { { FR_CONF_OFFSET("filename", FR_TYPE_FILE_INPUT | FR_TYPE_REQUIRED, rlm_perl_t, module) }, RLM_PERL_CONF(authorize), RLM_PERL_CONF(authenticate), RLM_PERL_CONF(post_auth), RLM_PERL_CONF(accounting), RLM_PERL_CONF(preacct), RLM_PERL_CONF(detach), RLM_PERL_CONF(xlat), #ifdef WITH_PROXY RLM_PERL_CONF(pre_proxy), RLM_PERL_CONF(post_proxy), #endif #ifdef WITH_COA RLM_PERL_CONF(recv_coa),
/* * How many session updates to keep track of per user */ int trim_count; /* * These are used only for parsing. They aren't used at run-time. */ char const *insert; char const *trim; char const *expire; } rlm_rediswho_t; static CONF_PARSER section_config[] = { { "insert", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_XLAT, rlm_rediswho_t, insert), NULL }, { "trim", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_rediswho_t, trim), NULL }, /* required only if trim_count > 0 */ { "expire", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_XLAT, rlm_rediswho_t, expire), NULL }, CONF_PARSER_TERMINATOR }; static CONF_PARSER module_config[] = { { "redis-instance-name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_DEPRECATED, rlm_rediswho_t, redis_instance_name), NULL }, { "redis_module_instance", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_rediswho_t, redis_instance_name), "redis" }, { "trim-count", FR_CONF_OFFSET(PW_TYPE_SIGNED | PW_TYPE_DEPRECATED, rlm_rediswho_t, trim_count), NULL }, { "trim_count", FR_CONF_OFFSET(PW_TYPE_SIGNED, rlm_rediswho_t, trim_count), "-1" }, /* * These all smash the same variables, because we don't care about them right now.
*/ typedef struct rlm_always_t { char const *name; //!< Name of this instance of the always module. char const *rcode_str; //!< The base value. char const *rcode_old; //!< Make changing the rcode work with %{poke:} and radmin. rlm_rcode_t rcode; //!< The integer constant representing rcode_str. uint32_t simulcount; bool mpp; } rlm_always_t; /* * A mapping of configuration file names to internal variables. */ static const CONF_PARSER module_config[] = { { "rcode", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_always_t, rcode_str), "fail" }, { "simulcount", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_always_t, simulcount), "0" }, { "mpp", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_always_t, mpp), "no" }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_always_t *inst = instance; inst->name = cf_section_name1(conf); if (!inst->name) inst->name = cf_section_name2(conf); /* * Convert the rcode string to an int */
uint32_t dh_counter_max; char const *default_auth_type; char const *users_file_name; char const *server_auth_type; char const *server_id_type; bool send_cert_request; uint32_t fast_expire; bool enable_fast_dhex; bool enable_fast_reconnect; } rlm_eap_ikev2_t; CONF_PARSER module_config[] = { { "ca_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_ca_file), NULL }, { "private_key_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_private_key_file), NULL }, { "private_key_password", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_private_key_password), NULL }, { "certificate_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_certificate_file), NULL }, { "crl_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, tls_crl), NULL }, { "id", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, id), NULL }, { "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_ikev2_t, max_fragment_size), IKEv2_DEFAULT_MAX_FRAGMENT_SIZE_STR }, { "dh_counter_max", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_ikev2_t, dh_counter_max), IKEv2_DEFAULT_DH_COUNTER_MAX_STR }, { "default_authtype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, default_auth_type), "both" }, { "usersfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_eap_ikev2_t, users_file_name),"${confdir}/users" }, { "server_authtype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, server_auth_type), "secret" }, { "idtype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_ikev2_t, server_id_type), IKEv2_DEFAULT_IDTYPE_STR }, { "certreq", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_ikev2_t, send_cert_request), "no" }, { "fast_timer_expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_ikev2_t, fast_expire), "900" },
#ifdef USE_ITHREADS pthread_mutex_t clone_mutex; #endif HV *rad_perlconf_hv; //!< holds "config" items (perl %RAD_PERLCONF hash). } rlm_perl_t; /* * A mapping of configuration file names to internal variables. */ #define RLM_PERL_CONF(_x) { "func_" STRINGIFY(_x), PW_TYPE_STRING, \ offsetof(rlm_perl_t,func_##_x), NULL, STRINGIFY(_x)} static const CONF_PARSER module_config[] = { { "module", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, rlm_perl_t, module), NULL }, { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_REQUIRED, rlm_perl_t, module), NULL }, RLM_PERL_CONF(authorize), RLM_PERL_CONF(authenticate), RLM_PERL_CONF(post_auth), RLM_PERL_CONF(accounting), RLM_PERL_CONF(preacct), RLM_PERL_CONF(checksimul), RLM_PERL_CONF(detach), RLM_PERL_CONF(xlat), #ifdef WITH_PROXY RLM_PERL_CONF(pre_proxy), RLM_PERL_CONF(post_proxy), #endif
bool ipv4_integer; //!< Whether IPv4 addresses should be cast to integers, //!< for renew operations. bool copy_on_update; //!< Copy the address provided by ip_address to the //!< allocated_address_attr if updates are successful. fr_redis_cluster_t *cluster; //!< Redis cluster. } rlm_redis_ippool_t; static CONF_PARSER redis_config[] = { REDIS_COMMON_CONFIG, CONF_PARSER_TERMINATOR }; static CONF_PARSER module_config[] = { { FR_CONF_OFFSET("pool_name", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, pool_name) }, { FR_CONF_OFFSET("device", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, device_id) }, { FR_CONF_OFFSET("gateway", FR_TYPE_TMPL, rlm_redis_ippool_t, gateway_id) },\ { FR_CONF_OFFSET("offer_time", FR_TYPE_TMPL, rlm_redis_ippool_t, offer_time) }, { FR_CONF_OFFSET("lease_time", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, lease_time) }, { FR_CONF_OFFSET("wait_num", FR_TYPE_UINT32, rlm_redis_ippool_t, wait_num) }, { FR_CONF_OFFSET("wait_timeout", FR_TYPE_TIMEVAL, rlm_redis_ippool_t, wait_timeout) }, { FR_CONF_OFFSET("requested_address", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, requested_address), .dflt = "%{%{DHCP-Requested-IP-Address}:-%{DHCP-Client-IP-Address}}", .quote = T_DOUBLE_QUOTED_STRING }, { FR_CONF_DEPRECATED("ip_address", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_redis_ippool_t, NULL) }, { FR_CONF_OFFSET("allocated_address_attr", FR_TYPE_TMPL | FR_TYPE_ATTRIBUTE | FR_TYPE_REQUIRED, rlm_redis_ippool_t, allocated_address_attr), .dflt = "&reply:DHCP-Your-IP-Address", .quote = T_BARE_WORD }, { FR_CONF_DEPRECATED("reply_attr", FR_TYPE_TMPL | FR_TYPE_ATTRIBUTE | FR_TYPE_REQUIRED, rlm_redis_ippool_t, NULL) },
#define LOG_PREFIX "%s - " #define LOG_PREFIX_ARGS inst->config.name #include <freeradius-devel/server/base.h> #include <freeradius-devel/server/module.h> #include <freeradius-devel/server/modpriv.h> #include <freeradius-devel/server/dl.h> #include <freeradius-devel/server/rad_assert.h> #include "rlm_cache.h" extern rad_module_t rlm_cache; static const CONF_PARSER module_config[] = { { FR_CONF_OFFSET("driver", FR_TYPE_STRING, rlm_cache_config_t, driver_name), .dflt = "rlm_cache_rbtree" }, { FR_CONF_OFFSET("key", FR_TYPE_TMPL | FR_TYPE_REQUIRED, rlm_cache_config_t, key) }, { FR_CONF_OFFSET("ttl", FR_TYPE_UINT32, rlm_cache_config_t, ttl), .dflt = "500" }, { FR_CONF_OFFSET("max_entries", FR_TYPE_UINT32, rlm_cache_config_t, max_entries), .dflt = "0" }, /* Should be a type which matches time_t, @fixme before 2038 */ { FR_CONF_OFFSET("epoch", FR_TYPE_INT32, rlm_cache_config_t, epoch), .dflt = "0" }, { FR_CONF_OFFSET("add_stats", FR_TYPE_BOOL, rlm_cache_config_t, stats), .dflt = "no" }, CONF_PARSER_TERMINATOR }; static fr_dict_t *dict_freeradius; extern fr_dict_autoload_t rlm_cache_dict[]; fr_dict_autoload_t rlm_cache_dict[] = { { .out = &dict_freeradius, .proto = "freeradius" },
vp[4] ? vp[4]->vp_uint32 : 0, vp[5] ? vp[5]->vp_uint32 : 0); } return strlen(*out); } } return 0; } static const CONF_PARSER module_config[] = { /* * Do SoH over DHCP? */ { FR_CONF_OFFSET("dhcp", FR_TYPE_BOOL, rlm_soh_t, dhcp), .dflt = "no" }, CONF_PARSER_TERMINATOR }; static rlm_rcode_t CC_HINT(nonnull) mod_post_auth(void *instance, UNUSED void *thread, REQUEST *request) { #ifdef WITH_DHCP int rcode; VALUE_PAIR *vp; rlm_soh_t const *inst = instance; if (!inst->dhcp) return RLM_MODULE_NOOP; vp = fr_pair_find_by_da(request->packet->vps, attr_dhcp_vendor, TAG_ANY); if (vp) { /*
#include <freeradius-devel/libradius.h> #include <freeradius-devel/modules.h> #include <freeradius-devel/rad_assert.h> #include <libcouchbase/couchbase.h> #include <json/json.h> #include "mod.h" #include "couchbase.h" #include "jsonc_missing.h" /** * Module Configuration */ static const CONF_PARSER module_config[] = { { "acct_key", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, acct_key), "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" }, { "doctype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, doctype), "radacct" }, { "server", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, server), NULL }, { "bucket", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, bucket), NULL }, { "password", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, password), NULL }, { "expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_couchbase_t, expire), 0 }, { "user_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, user_key), "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}" }, {NULL, -1, 0, NULL, NULL} /* end the list */ }; /* initialize couchbase connection */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_couchbase_t *inst = instance; /* our module instance */ { char *server, *p;
struct timeval timeout; //!< How long to wait for read/write operations. } unix; linelog_net_t tcp; //!< TCP server. linelog_net_t udp; //!< UDP server. CONF_SECTION *cs; //!< #CONF_SECTION to use as the root for #log_ref lookups. } linelog_instance_t; typedef struct linelog_conn { int sockfd; //!< File descriptor associated with socket } linelog_conn_t; static const CONF_PARSER file_config[] = { { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT | PW_TYPE_XLAT, linelog_instance_t, file.name), NULL }, { "permissions", FR_CONF_OFFSET(PW_TYPE_INTEGER, linelog_instance_t, file.permissions), "0600" }, { "group", FR_CONF_OFFSET(PW_TYPE_STRING, linelog_instance_t, file.group_str), NULL }, { "escape_filenames", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, linelog_instance_t, file.escape), "no" }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; static const CONF_PARSER syslog_config[] = { { "facility", FR_CONF_OFFSET(PW_TYPE_STRING, linelog_instance_t, syslog.facility), NULL }, { "severity", FR_CONF_OFFSET(PW_TYPE_STRING, linelog_instance_t, syslog.severity), "info" }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; static const CONF_PARSER unix_config[] = {
#include <freeradius-devel/radiusd.h> #include <freeradius-devel/modules.h> #include <freeradius-devel/token.h> #include <freeradius-devel/rad_assert.h> #include <sys/stat.h> #include "rlm_sql.h" /* * So we can do pass2 xlat checks on the queries. */ static const CONF_PARSER query_config[] = { { "query", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT | PW_TYPE_MULTI, rlm_sql_config_t, accounting.query), NULL }, {NULL, -1, 0, NULL, NULL} }; /* * For now hard-code the subsections. This isn't perfect, but it * helps the average case. */ static const CONF_PARSER type_config[] = { { "accounting-on", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config }, { "accounting-off", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config }, { "start", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config }, { "interim-update", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config }, { "stop", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) query_config },
char const *line; char const *reference; fr_logfile_t *lf; } rlm_linelog_t; /* * A mapping of configuration file names to internal variables. * * Note that the string is dynamically allocated, so it MUST * be freed. When the configuration file parse re-reads the string, * it free's the old one, and strdup's the new one, placing the pointer * to the strdup'd string into 'config.string'. This gets around * buffer over-flows. */ static const CONF_PARSER module_config[] = { { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT| PW_TYPE_REQUIRED, rlm_linelog_t, filename), NULL }, { "syslog_facility", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, syslog_facility), NULL }, { "permissions", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_linelog_t, permissions), "0600" }, { "group", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, group), NULL }, { "format", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, line), NULL }, { "reference", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_linelog_t, reference), NULL }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; /* * Instantiate the module. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_linelog_t *inst = instance;
#ifdef HAVE_OPENSSL_RAND_H #include <openssl/rand.h> #endif #ifdef HAVE_OPENSSL_EVP_H #include <openssl/evp.h> #endif #include "rlm_eap_tls.h" #ifdef HAVE_SYS_STAT_H #include <sys/stat.h> #endif static CONF_PARSER module_config[] = { { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_tls_t, tls_conf_name), NULL }, { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_tls_t, virtual_server), NULL }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; /* * Attach the EAP-TLS module. */ static int mod_instantiate(CONF_SECTION *cs, void **instance) { rlm_eap_tls_t *inst; /*
#include <freeradius-devel/libradius.h> #include <freeradius-devel/modules.h> #include <freeradius-devel/rad_assert.h> #include <libcouchbase/couchbase.h> #include <json.h> #include "mod.h" #include "couchbase.h" #include "jsonc_missing.h" /** * Client Configuration */ static const CONF_PARSER client_config[] = { { "view", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, client_view), "_design/client/_view/by_name" }, {NULL, -1, 0, NULL, NULL} /* end the list */ }; /** * Module Configuration */ static const CONF_PARSER module_config[] = { { "acct_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_couchbase_t, acct_key), "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" }, { "doctype", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, doctype), "radacct" }, { "server", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, server_raw), NULL }, { "bucket", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_couchbase_t, bucket), NULL }, { "password", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_couchbase_t, password), NULL }, { "expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_couchbase_t, expire), 0 }, { "user_key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_couchbase_t, user_key), "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}" }, { "read_clients", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_couchbase_t, read_clients), NULL }, /* NULL defaults to "no" */
char const *filename; //!< File/path to write to. uint32_t perm; //!< Permissions to use for new files. char const *group; //!< Group to use for new files. char const *header; //!< Header format. bool locking; //!< Whether the file should be locked. bool log_srcdst; //!< Add IP src/dst attributes to entries. fr_logfile_t *lf; //!< Log file handler fr_hash_table_t *ht; //!< Holds suppressed attributes. } detail_instance_t; static const CONF_PARSER module_config[] = { { "detailfile", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT | PW_TYPE_DEPRECATED, detail_instance_t, filename), NULL }, { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_OUTPUT | PW_TYPE_REQUIRED, detail_instance_t, filename), "%A/%{Client-IP-Address}/detail" }, { "header", FR_CONF_OFFSET(PW_TYPE_STRING, detail_instance_t, header), "%t" }, { "detailperm", FR_CONF_OFFSET(PW_TYPE_INTEGER | PW_TYPE_DEPRECATED, detail_instance_t, perm), NULL }, { "permissions", FR_CONF_OFFSET(PW_TYPE_INTEGER, detail_instance_t, perm), "0600" }, { "group", FR_CONF_OFFSET(PW_TYPE_STRING, detail_instance_t, group), NULL }, { "locking", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, detail_instance_t, locking), "no" }, { "log_packet_header", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, detail_instance_t, log_srcdst), "no" }, { NULL, -1, 0, NULL, NULL } }; /* * Clean up. */ static int mod_detach(void *instance)
typedef struct rlm_preprocess_t { char const *huntgroup_file; char const *hints_file; PAIR_LIST *huntgroups; PAIR_LIST *hints; bool with_ascend_hack; uint32_t ascend_channels_per_line; bool with_ntdomain_hack; bool with_specialix_jetstream_hack; bool with_cisco_vsa_hack; bool with_alvarion_vsa_hack; bool with_cablelabs_vsa_hack; } rlm_preprocess_t; static const CONF_PARSER module_config[] = { { "huntgroups", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_preprocess_t, huntgroup_file), NULL }, { "hints", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_preprocess_t, hints_file), NULL }, { "with_ascend_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_ascend_hack), "no" }, { "ascend_channels_per_line", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_preprocess_t, ascend_channels_per_line), "23" }, { "with_ntdomain_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_ntdomain_hack), "no" }, { "with_specialix_jetstream_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_specialix_jetstream_hack), "no" }, { "with_cisco_vsa_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_cisco_vsa_hack), "no" }, { "with_alvarion_vsa_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_alvarion_vsa_hack), "no" }, #if 0 { "with_cablelabs_vsa_hack", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_preprocess_t, with_cablelabs_vsa_hack), NULL }, #endif { NULL, -1, 0, NULL, NULL } }; /*
#include <freeradius-devel/server/map.h> #include <freeradius-devel/server/module.h> #include <freeradius-devel/server/rad_assert.h> #include <freeradius-devel/util/base.h> #include <libcouchbase/couchbase.h> #include <freeradius-devel/json/base.h> #include "mod.h" #include "couchbase.h" /** * Client Configuration */ static const CONF_PARSER client_config[] = { { FR_CONF_OFFSET("view", FR_TYPE_STRING, rlm_couchbase_t, client_view), .dflt = "_design/client/_view/by_name" }, CONF_PARSER_TERMINATOR }; /** * Module Configuration */ static const CONF_PARSER module_config[] = { { FR_CONF_OFFSET("server", FR_TYPE_STRING | FR_TYPE_REQUIRED, rlm_couchbase_t, server_raw) }, { FR_CONF_OFFSET("bucket", FR_TYPE_STRING | FR_TYPE_REQUIRED, rlm_couchbase_t, bucket) }, { FR_CONF_OFFSET("password", FR_TYPE_STRING, rlm_couchbase_t, password) }, #ifdef WITH_ACCOUNTING { FR_CONF_OFFSET("acct_key", FR_TYPE_TMPL, rlm_couchbase_t, acct_key), .dflt = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}", .quote = T_DOUBLE_QUOTED_STRING }, { FR_CONF_OFFSET("doctype", FR_TYPE_STRING, rlm_couchbase_t, doctype), .dflt = "radacct" }, { FR_CONF_OFFSET("expire", FR_TYPE_UINT32, rlm_couchbase_t, expire), .dflt = 0 }, #endif
char const *off_commit; //!< SQL query to commit. /* Logging Section */ char const *log_exists; //!< There was an ip address already assigned. char const *log_success; //!< We successfully allocated ip address from pool. char const *log_clear; //!< We successfully deallocated ip address from pool. char const *log_failed; //!< Failed to allocate ip from the pool. char const *log_nopool; //!< There was no Framed-IP-Address but also no Pool-Name. /* Reserved to handle 255.255.255.254 Requests */ char const *defaultpool; //!< Default Pool-Name if there is none in the check items. } rlm_sqlippool_t; static CONF_PARSER message_config[] = { { "exists", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_exists), NULL }, { "success", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_success), NULL }, { "clear", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_clear), NULL }, { "failed", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_failed), NULL }, { "nopool", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_sqlippool_t, log_nopool), NULL }, CONF_PARSER_TERMINATOR }; /* * A mapping of configuration file names to internal variables. * * Note that the string is dynamically allocated, so it MUST * be freed. When the configuration file parse re-reads the string, * it free's the old one, and strdup's the new one, placing the pointer * to the strdup'd string into 'config.string'. This gets around * buffer over-flows.
*/ RCSID("$Id: 46cc8ca7c7179da925f6467dd4a15ef5e3ae4284 $") #include <freeradius-devel/radiusd.h> #include <freeradius-devel/modules.h> #include <freeradius-devel/token.h> #include <freeradius-devel/rad_assert.h> #include <ctype.h> #include "rest.h" /* * TLS Configuration */ static CONF_PARSER tls_config[] = { { "ca_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_ca_file), NULL }, { "ca_path", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_ca_path), NULL }, { "certificate_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_certificate_file), NULL }, { "private_key_file", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_rest_section_t, tls_private_key_file), NULL }, { "private_key_password", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_SECRET, rlm_rest_section_t, tls_private_key_password), NULL }, { "random_file", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_rest_section_t, tls_random_file), NULL }, { "check_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_rest_section_t, tls_check_cert), "yes" }, { "check_cert_cn", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_rest_section_t, tls_check_cert_cn), "yes" }, { NULL, -1, 0, NULL, NULL } }; /* * A mapping of configuration file names to internal variables. * * Note that the string is dynamically allocated, so it MUST
#include <ctype.h> #include <fcntl.h> /* * Define a structure with the module configuration, so it can * be used as the instance handle. */ typedef struct rlm_attr_filter { char const *filename; char const *key; bool relaxed; PAIR_LIST *attrs; } rlm_attr_filter_t; static const CONF_PARSER module_config[] = { { "attrsfile", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, rlm_attr_filter_t, filename), NULL }, { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_REQUIRED, rlm_attr_filter_t, filename), NULL }, { "key", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_attr_filter_t, key), "%{Realm}" }, { "relaxed", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_attr_filter_t, relaxed), "no" }, { NULL, -1, 0, NULL, NULL } }; static void check_pair(REQUEST *request, VALUE_PAIR *check_item, VALUE_PAIR *reply_item, int *pass, int *fail) { int compare; if (check_item->op == T_OP_SET) return; compare = paircmp(check_item, reply_item); if (compare < 0) { REDEBUG("Comparison failed: %s", fr_strerror());
#ifdef HAVE_PAM_PAM_APPL_H #include <pam/pam_appl.h> #endif #ifdef HAVE_SYSLOG_H #include <syslog.h> #endif typedef struct rlm_pam_t { char const *pam_auth_name; } rlm_pam_t; static const CONF_PARSER module_config[] = { { "pam_auth", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_pam_t, pam_auth_name), "radiusd" }, { NULL, -1, 0, NULL, NULL } }; /************************************************************************* * * Function: PAM_conv * * Purpose: Dialogue between RADIUS and PAM modules. * * jab - stolen from pop3d * * Alan DeKok: modified to use PAM's appdata_ptr, so that we're * multi-threaded safe, and don't have any nasty static * variables hanging around. *
#include <freeradius-devel/modules.h> #include <ctype.h> #include "rlm_securid.h" typedef enum { RC_SECURID_AUTH_SUCCESS = 0, RC_SECURID_AUTH_FAILURE = -3, RC_SECURID_AUTH_ACCESS_DENIED_FAILURE = -4, RC_SECURID_AUTH_INVALID_SERVER_FAILURE = -5, RC_SECURID_AUTH_CHALLENGE = -17 } SECURID_AUTH_RC; static const CONF_PARSER module_config[] = { { "timer_expire", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, timer_limit), "600" }, { "max_sessions", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, max_sessions), "2048" }, { "max_trips_per_session", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, max_trips_per_session), NULL }, { "max_round_trips", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_securid_t, max_trips_per_session), "6" }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; static SD_CHAR empty_pin[] = ""; /* comparison function to find session in the tree */ static int securid_session_cmp(void const *a, void const *b) { int rcode; SECURID_SESSION const *one = a; SECURID_SESSION const *two = b;
bool copy_request_to_tunnel; //!< Use SOME of the request attributes from outside of the //!< tunneled session in the tunneled request. #ifdef WITH_PROXY bool proxy_tunneled_request_as_eap; //!< Proxy tunneled session as EAP, or as de-capsulated //!< protocol. #endif char const *virtual_server; //!< Virtual server for inner tunnel session. bool soh; //!< Do we do SoH request? char const *soh_virtual_server; bool req_client_cert; //!< Do we do require a client cert? } rlm_eap_peap_t; static CONF_PARSER module_config[] = { { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, tls_conf_name), NULL }, { "default_method", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, default_method_name), "mschapv2" }, { "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, copy_request_to_tunnel), "no" }, { "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, use_tunneled_reply), "no" }, #ifdef WITH_PROXY { "proxy_tunneled_request_as_eap", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, proxy_tunneled_request_as_eap), "yes" }, #endif { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, virtual_server), NULL }, { "soh", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, soh), "no" },
* this code cannot simply be copied and put under a different distribution * license (including the GNU public license). */ RCSID("$Id: db8d619ca134aaed25dbf79e8d41c5b1c11e0424 $") USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ #include "rlm_eap_pwd.h" #include "eap_pwd.h" #define MPPE_KEY_LEN 32 #define MSK_EMSK_LEN (2*MPPE_KEY_LEN) static CONF_PARSER pwd_module_config[] = { { "group", FR_CONF_OFFSET(PW_TYPE_INTEGER, eap_pwd_t, group), "19" }, { "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, eap_pwd_t, fragment_size), "1020" }, { "server_id", FR_CONF_OFFSET(PW_TYPE_STRING, eap_pwd_t, server_id), NULL }, { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, eap_pwd_t, virtual_server), NULL }, CONF_PARSER_TERMINATOR }; static int mod_detach (void *arg) { eap_pwd_t *inst; inst = (eap_pwd_t *) arg; if (inst->bnctx) BN_CTX_free(inst->bnctx); return 0;
#include <freeradius-devel/modcall.h> #include <freeradius-devel/rad_assert.h> #include "rlm_cache.h" /* * A mapping of configuration file names to internal variables. * * Note that the string is dynamically allocated, so it MUST * be freed. When the configuration file parse re-reads the string, * it free's the old one, and strdup's the new one, placing the pointer * to the strdup'd string into 'config.string'. This gets around * buffer over-flows. */ static const CONF_PARSER module_config[] = { { "driver", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_cache_t, driver_name), "rlm_cache_rbtree" }, { "key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED | PW_TYPE_XLAT, rlm_cache_t, key), NULL }, { "ttl", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_cache_t, ttl), "500" }, { "max_entries", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_cache_t, max_entries), "0" }, /* Should be a type which matches time_t, @fixme before 2038 */ { "epoch", FR_CONF_OFFSET(PW_TYPE_SIGNED, rlm_cache_t, epoch), "0" }, { "add_stats", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_cache_t, stats), "no" }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; static int cache_acquire(rlm_cache_handle_t **out, rlm_cache_t *inst, REQUEST *request) { if (!inst->module->acquire) return 0;
* Old wrapper for client_find */ RADCLIENT *client_find_old(fr_ipaddr_t const *ipaddr) { return client_find(root_clients, ipaddr, IPPROTO_UDP); } static fr_ipaddr_t cl_ipaddr; static char const *cl_srcipaddr = NULL; #ifdef WITH_TCP static char const *hs_proto = NULL; #endif #ifdef WITH_TCP static CONF_PARSER limit_config[] = { { "max_connections", FR_CONF_OFFSET(PW_TYPE_INTEGER, RADCLIENT, limit.max_connections), "16" }, { "lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, RADCLIENT, limit.lifetime), "0" }, { "idle_timeout", FR_CONF_OFFSET(PW_TYPE_INTEGER, RADCLIENT, limit.idle_timeout), "30" }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; #endif static const CONF_PARSER client_config[] = { { "ipaddr", FR_CONF_POINTER(PW_TYPE_COMBO_IP_PREFIX, &cl_ipaddr), NULL }, { "ipv4addr", FR_CONF_POINTER(PW_TYPE_IPV4_PREFIX, &cl_ipaddr), NULL }, { "ipv6addr", FR_CONF_POINTER(PW_TYPE_IPV6_PREFIX, &cl_ipaddr), NULL }, { "src_ipaddr", FR_CONF_POINTER(PW_TYPE_STRING, &cl_srcipaddr), NULL },
#endif #include <ctype.h> #include "rlm_expr.h" /* * Define a structure for our module configuration. */ typedef struct rlm_expr_t { char const *xlat_name; char const *allowed_chars; } rlm_expr_t; static const CONF_PARSER module_config[] = { { "safe_characters", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_expr_t, allowed_chars), "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" }, {NULL, -1, 0, NULL, NULL} }; typedef enum expr_token_t { TOKEN_NONE = 0, TOKEN_INTEGER, TOKEN_ADD, TOKEN_SUBTRACT, TOKEN_DIVIDE, TOKEN_REMAINDER, TOKEN_MULTIPLY, TOKEN_AND, TOKEN_OR, TOKEN_POWER, TOKEN_LAST
unsigned int packet_code; bool shell_escape; uint32_t timeout; } rlm_exec_t; /* * A mapping of configuration file names to internal variables. * * Note that the string is dynamically allocated, so it MUST * be freed. When the configuration file parse re-reads the string, * it free's the old one, and strdup's the new one, placing the pointer * to the strdup'd string into 'config.string'. This gets around * buffer over-flows. */ static const CONF_PARSER module_config[] = { { "wait", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_exec_t, wait), "yes" }, { "program", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT, rlm_exec_t, program), NULL }, { "input_pairs", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_exec_t, input), NULL }, { "output_pairs", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_exec_t, output), NULL }, { "packet_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_exec_t, packet_type), NULL }, { "shell_escape", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_exec_t, shell_escape), "yes" }, { "timeout", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_exec_t, timeout), NULL }, { NULL, -1, 0, NULL, NULL } /* end the list */ }; static char const special[] = "\\'\"`<>|; \t\r\n()[]?#$^&*="; /* * Escape special characters */