/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_rest_t *inst = instance;
/*
* Parse sub-section configs.
*/
if (
(parse_sub_section(conf, &inst->authorize, MOD_AUTHORIZE) < 0) ||
(parse_sub_section(conf, &inst->authenticate, MOD_AUTHENTICATE) < 0) ||
(parse_sub_section(conf, &inst->accounting, MOD_ACCOUNTING) < 0) ||
/* @todo add behaviour for checksimul */
/* (parse_sub_section(conf, &inst->checksimul, MOD_SESSION) < 0) || */
(parse_sub_section(conf, &inst->post_auth, MOD_POST_AUTH) < 0))
{
return -1;
}
/*
* Initialise REST libraries.
*/
if (rest_init(inst) < 0) {
return -1;
}
inst->connect_timeout = ((inst->connect_timeout_tv.tv_usec * 1000) +
(inst->connect_timeout_tv.tv_sec / 1000));
inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL);
if (!inst->pool) return -1;
return 0;
}
/* initialize couchbase connection */
static int mod_instantiate(CONF_SECTION *conf, void *instance) {
static bool version_done;
rlm_couchbase_t *inst = instance; /* our module instance */
if (!version_done) {
version_done = true;
INFO("rlm_couchbase: json-c version: %s", json_c_version());
INFO("rlm_couchbase: libcouchbase version: %s", lcb_get_version(NULL));
}
{
char *server, *p;
size_t len, i;
bool sep = false;
len = talloc_array_length(inst->server_raw);
server = p = talloc_array(inst, char, len);
for (i = 0; i < len; i++) {
switch (inst->server_raw[i]) {
case '\t':
case ' ':
case ',':
/* Consume multiple separators occurring in sequence */
if (sep == true) continue;
sep = true;
*p++ = ';';
break;
default:
sep = false;
*p++ = inst->server_raw[i];
break;
}
}
*p = '\0';
inst->server = server;
}
/* setup item map */
if (mod_build_attribute_element_map(conf, inst) != 0) {
/* fail */
return -1;
}
/* initiate connection pool */
inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL);
/* check connection pool */
if (!inst->pool) {
ERROR("rlm_couchbase: failed to initiate connection pool");
/* fail */
return -1;
}
/* return okay */
return 0;
}
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
static bool version_done;
REDIS_INST *inst = instance;
if (!version_done) {
version_done = true;
INFO("rlm_redis: libhiredis version: %i.%i.%i", HIREDIS_MAJOR, HIREDIS_MINOR, HIREDIS_PATCH);
}
inst->xlat_name = cf_section_name2(conf);
if (!inst->xlat_name) inst->xlat_name = cf_section_name1(conf);
xlat_register(inst->xlat_name, redis_xlat, NULL, inst); /* FIXME! */
inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, NULL);
if (!inst->pool) {
return -1;
}
inst->redis_query = rlm_redis_query;
inst->redis_finish_query = rlm_redis_finish_query;
return 0;
}
/**
* Instantiate module.
* @param[in] conf Module config.
* @param[in] instance Module instance.
* @return Zero on success.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance) {
rlm_mongodb_t *inst = instance;
inst->name = cf_section_name2(conf);
if (!inst->name) {
inst->name = cf_section_name1(conf);
}
if (!strcasecmp(inst->cfg.action, "get")) {
inst->action = RLM_MONGODB_GET;
cf_log_err_cs(conf, "action 'get' is not implemented");
goto err;
} else if (!strcasecmp(inst->cfg.action, "set")) {
inst->action = RLM_MONGODB_SET;
} else {
cf_log_err_cs(conf, "invalid 'action', use'get' or 'set'");
goto err;
}
if (inst->cfg.remove && inst->cfg.update_query) {
cf_log_err_cs(conf, "'update_query' and 'remove' can't be used at the same time");
goto err;
} else if (!inst->cfg.remove && !inst->cfg.update_query) {
cf_log_err_cs(conf, "'update_query' or 'remove' must be set for 'set' action");
goto err;
}
if (!cf_pair_find(conf, "pool")) {
if (!inst->cfg.server) {
cf_log_err_cs(conf, "Invalid or missing 'server' option");
goto err;
}
} else {
if (inst->cfg.server) {
cf_log_err_cs(conf, "Can't use server option when foreign connection pool specified");
goto err;
}
}
mongoc_init();
mongoc_log_set_handler(mongoc_log_handler, inst);
inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, inst->name);
if (!inst->pool) {
goto err;
}
return 0;
err:
return -1;
}
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
REDIS_INST *inst = instance;
inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, NULL);
if (!inst->pool) {
return -1;
}
inst->redis_query = rlm_redis_query;
inst->redis_finish_query = rlm_redis_finish_query;
return 0;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_rest_t *inst = instance;
char const *xlat_name;
xlat_name = cf_section_name2(conf);
if (!xlat_name) {
xlat_name = cf_section_name1(conf);
}
inst->xlat_name = xlat_name;
/*
* Register the rest xlat function
*/
xlat_register(inst->xlat_name, rest_xlat, rest_uri_escape, inst);
/*
* Parse sub-section configs.
*/
if (
(parse_sub_section(conf, &inst->authorize, RLM_COMPONENT_AUTZ) < 0) ||
(parse_sub_section(conf, &inst->authenticate, RLM_COMPONENT_AUTH) < 0) ||
(parse_sub_section(conf, &inst->accounting, RLM_COMPONENT_ACCT) < 0) ||
/* @todo add behaviour for checksimul */
/* (parse_sub_section(conf, &inst->checksimul, RLM_COMPONENT_SESS) < 0) || */
(parse_sub_section(conf, &inst->post_auth, RLM_COMPONENT_POST_AUTH) < 0))
{
return -1;
}
/*
* Initialise REST libraries.
*/
if (rest_init(inst) < 0) {
return -1;
}
inst->conn_pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL);
if (!inst->conn_pool) {
return -1;
}
return 0;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_smsotp_t *inst = instance;
struct sockaddr_un sa;
if (strlen(inst->socket) > (sizeof(sa.sun_path) - 1)) {
cf_log_err_cs(conf, "Socket filename is too long");
return -1;
}
/*
* Initialize the socket pool.
*/
inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, NULL);
if (!inst->pool) {
return -1;
}
return 0;
}
/** Create a new rlm_cache_memcached instance
*
* @param conf memcached specific conf section.
* @param inst main rlm_cache instance.
* @return 0 on success, -1 on failure.
*/
static int mod_instantiate(CONF_SECTION *conf, rlm_cache_t *inst)
{
rlm_cache_memcached_t *driver;
memcached_return_t ret;
char buffer[256];
static bool version_done;
buffer[0] = '\0';
/*
* Get version info from the libmemcached API.
*/
if (!version_done) {
version_done = true;
INFO("rlm_cache_memcached: libmemcached version: %s", memcached_lib_version());
}
driver = talloc_zero(inst, rlm_cache_memcached_t);
talloc_set_destructor(driver, _mod_detach);
if (cf_section_parse(conf, driver, driver_config) < 0) return -1;
ret = libmemcached_check_configuration(driver->options, talloc_array_length(driver->options) -1,
buffer, sizeof(buffer));
if (ret != MEMCACHED_SUCCESS) {
ERROR("rlm_cache_memcached: Failed validating options string: %s", buffer);
return -1;
}
inst->driver = driver;
snprintf(buffer, sizeof(buffer), "rlm_cache (%s)", inst->name);
driver->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, buffer);
if (!driver->pool) return -1;
if (inst->max_entries > 0) WARN("rlm_cache_memcached: max_entries is not supported by this driver");
return 0;
}
/** Instantiate the module
*
* Creates a new instance of the module reading parameters from a configuration section.
*
* @param conf to parse.
* @param instance Where to write pointer to configuration data.
* @return 0 on success < 0 on failure.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
static bool version_done;
CONF_SECTION *options;
ldap_instance_t *inst = instance;
inst->cs = conf;
options = cf_section_sub_find(conf, "options");
if (!options || !cf_pair_find(options, "chase_referrals")) {
inst->chase_referrals_unset = true; /* use OpenLDAP defaults */
}
inst->xlat_name = cf_section_name2(conf);
if (!inst->xlat_name) {
inst->xlat_name = cf_section_name1(conf);
}
/*
* Only needs to be done once, prevents races in environment
* initialisation within libldap.
*
* See: https://github.com/arr2036/ldapperf/issues/2
*/
#ifdef HAVE_LDAP_INITIALIZE
ldap_initialize(&inst->handle, "");
#else
inst->handle = ldap_init("", 0);
#endif
/*
* Get version info from the LDAP API.
*/
if (!version_done) {
static LDAPAPIInfo info; /* static to quiet valgrind about this being uninitialised */
int ldap_errno;
version_done = true;
ldap_errno = ldap_get_option(NULL, LDAP_OPT_API_INFO, &info);
if (ldap_errno == LDAP_OPT_SUCCESS) {
if (strcmp(info.ldapai_vendor_name, LDAP_VENDOR_NAME) != 0) {
WARN("rlm_ldap: libldap vendor changed since the server was built");
WARN("rlm_ldap: linked: %s, built: %s", info.ldapai_vendor_name, LDAP_VENDOR_NAME);
}
if (info.ldapai_vendor_version != LDAP_VENDOR_VERSION) {
WARN("rlm_ldap: libldap version changed since the server was built");
WARN("rlm_ldap: linked: %i, built: %i",
info.ldapai_vendor_version, LDAP_VENDOR_VERSION);
}
INFO("rlm_ldap: libldap vendor: %s, version: %i", info.ldapai_vendor_name,
info.ldapai_vendor_version);
ldap_memfree(info.ldapai_vendor_name);
ldap_memfree(info.ldapai_extensions);
} else {
DEBUG("rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO "
"returned: %i", ldap_errno);
INFO("rlm_ldap: libldap vendor: %s, version: %i.%i.%i", LDAP_VENDOR_NAME,
LDAP_VENDOR_VERSION_MAJOR, LDAP_VENDOR_VERSION_MINOR, LDAP_VENDOR_VERSION_PATCH);
}
}
/*
* If the configuration parameters can't be parsed, then fail.
*/
if ((parse_sub_section(inst, conf, &inst->accounting, RLM_COMPONENT_ACCT) < 0) ||
(parse_sub_section(inst, conf, &inst->postauth, RLM_COMPONENT_POST_AUTH) < 0)) {
cf_log_err_cs(conf, "Failed parsing configuration");
goto error;
}
/*
* Sanity checks for cacheable groups code.
*/
if (inst->cacheable_group_name && inst->groupobj_membership_filter) {
if (!inst->groupobj_name_attr) {
cf_log_err_cs(conf, "Directive 'group.name_attribute' must be set if cacheable "
"group names are enabled");
goto error;
}
}
/*
* Split original server value out into URI, server and port
* so whatever initialization function we use later will have
* the server information in the format it needs.
*/
if (ldap_is_ldap_url(inst->server)) {
LDAPURLDesc *ldap_url;
int port;
if (ldap_url_parse(inst->server, &ldap_url)){
cf_log_err_cs(conf, "Parsing LDAP URL \"%s\" failed", inst->server);
return -1;
}
/*
* Figure out the port from the URL
*/
if (ldap_url->lud_port == 0) {
if (strcmp(ldap_url->lud_scheme, "ldaps://") == 0) {
if (inst->start_tls == true) {
start_tls_error:
cf_log_err_cs(conf, "ldaps:// scheme is not compatible with 'start_tls'");
return -1;
}
port = 636;
} else {
port = 384;
}
} else {
port = ldap_url->lud_port;
}
inst->uri = inst->server;
inst->server = talloc_strdup(inst, ldap_url->lud_host);
if ((inst->port != 384) && (port != inst->port)) {
WARN("Non-default 'port' directive %i set to %i by LDAP URI", inst->port, port);
}
inst->port = port;
/*
* @todo We could set a few other top level
* directives using the URL, like base_dn
* and scope.
*/
ldap_free_urldesc(ldap_url);
/*
* We need to construct an LDAP URI
*/
} else {
switch (inst->port) {
default:
case 384:
inst->uri = talloc_asprintf(inst, "ldap://%s:%i/", inst->server, inst->port);
break;
case 636:
if (inst->start_tls == true) goto start_tls_error;
inst->uri = talloc_asprintf(inst, "ldaps://%s:%i/", inst->server, inst->port);
break;
}
}
#ifdef LDAP_OPT_X_TLS_NEVER
/*
* Workaround for servers which support LDAPS but not START TLS
*/
if (inst->port == LDAPS_PORT || inst->tls_mode) {
inst->tls_mode = LDAP_OPT_X_TLS_HARD;
} else {
inst->tls_mode = 0;
}
#endif
/*
* Convert dereference strings to enumerated constants
*/
if (inst->dereference_str) {
inst->dereference = fr_str2int(ldap_dereference, inst->dereference_str, -1);
if (inst->dereference < 0) {
cf_log_err_cs(conf, "Invalid 'dereference' value \"%s\", expected 'never', 'searching', "
"'finding' or 'always'", inst->dereference_str);
goto error;
}
}
#if LDAP_SET_REBIND_PROC_ARGS != 3
/*
* The 2-argument rebind doesn't take an instance variable. Our rebind function needs the instance
* variable for the username, password, etc.
*/
if (inst->rebind == true) {
cf_log_err_cs(conf, "Cannot use 'rebind' directive as this version of libldap "
"does not support the API that we need");
goto error;
}
#endif
/*
* Convert scope strings to enumerated constants
*/
inst->userobj_scope = fr_str2int(ldap_scope, inst->userobj_scope_str, -1);
if (inst->userobj_scope < 0) {
cf_log_err_cs(conf, "Invalid 'user.scope' value \"%s\", expected 'sub', 'one'"
#ifdef LDAP_SCOPE_CHILDREN
", 'base' or 'children'"
#else
" or 'base'"
#endif
, inst->userobj_scope_str);
goto error;
}
inst->groupobj_scope = fr_str2int(ldap_scope, inst->groupobj_scope_str, -1);
if (inst->groupobj_scope < 0) {
cf_log_err_cs(conf, "Invalid 'group.scope' value \"%s\", expected 'sub', 'one'"
#ifdef LDAP_SCOPE_CHILDREN
", 'base' or 'children'"
#else
" or 'base'"
#endif
, inst->groupobj_scope_str);
goto error;
}
inst->clientobj_scope = fr_str2int(ldap_scope, inst->clientobj_scope_str, -1);
if (inst->clientobj_scope < 0) {
cf_log_err_cs(conf, "Invalid 'client.scope' value \"%s\", expected 'sub', 'one'"
#ifdef LDAP_SCOPE_CHILDREN
", 'base' or 'children'"
#else
" or 'base'"
#endif
, inst->clientobj_scope_str);
goto error;
}
if (inst->tls_require_cert_str) {
#ifdef LDAP_OPT_X_TLS_NEVER
/*
* Convert cert strictness to enumerated constants
*/
inst->tls_require_cert = fr_str2int(ldap_tls_require_cert, inst->tls_require_cert_str, -1);
if (inst->tls_require_cert < 0) {
cf_log_err_cs(conf, "Invalid 'tls.require_cert' value \"%s\", expected 'never', "
"'demand', 'allow', 'try' or 'hard'", inst->tls_require_cert_str);
goto error;
}
#else
cf_log_err_cs(conf, "Modifying 'tls.require_cert' is not supported by current "
"version of libldap. Please upgrade or substitute current libldap and "
"rebuild this module");
goto error;
#endif
}
/*
* Build the attribute map
*/
if (map_afrom_cs(&inst->user_map, cf_section_sub_find(inst->cs, "update"),
PAIR_LIST_REPLY, PAIR_LIST_REQUEST, rlm_ldap_map_verify, inst,
LDAP_MAX_ATTRMAP) < 0) {
return -1;
}
/*
* Group comparison checks.
*/
if (cf_section_name2(conf)) {
static ATTR_FLAGS flags;
char buffer[256];
snprintf(buffer, sizeof(buffer), "%s-Ldap-Group", inst->xlat_name);
if (dict_addattr(buffer, -1, 0, PW_TYPE_STRING, flags) < 0) {
LDAP_ERR("Error creating group attribute: %s", fr_strerror());
return -1;
}
inst->group_da = dict_attrbyname(buffer);
if (!inst->group_da) {
LDAP_ERR("Failed creating attribute %s", buffer);
goto error;
}
paircompare_register(inst->group_da, dict_attrbyvalue(PW_USER_NAME, 0), false, rlm_ldap_groupcmp, inst);
/*
* Were the default instance
*/
} else {
inst->group_da = dict_attrbyvalue(PW_LDAP_GROUP, 0);
paircompare_register(dict_attrbyvalue(PW_LDAP_GROUP, 0), dict_attrbyvalue(PW_USER_NAME, 0),
false, rlm_ldap_groupcmp, inst);
}
xlat_register(inst->xlat_name, ldap_xlat, rlm_ldap_escape_func, inst);
/*
* Setup the cache attribute
*/
if (inst->cache_attribute) {
static ATTR_FLAGS flags;
if (dict_addattr(inst->cache_attribute, -1, 0, PW_TYPE_STRING, flags) < 0) {
LDAP_ERR("Error creating cache attribute: %s", fr_strerror());
goto error;
}
inst->cache_da = dict_attrbyname(inst->cache_attribute);
} else {
inst->cache_da = inst->group_da; /* Default to the group_da */
}
/*
* Initialize the socket pool.
*/
inst->pool = fr_connection_pool_module_init(inst->cs, inst, mod_conn_create, NULL, NULL);
if (!inst->pool) goto error;
/*
* Bulk load dynamic clients.
*/
if (inst->do_clients) {
CONF_SECTION *cs;
cs = cf_section_sub_find(inst->cs, "client");
if (!cs) {
cf_log_err_cs(conf, "Told to load clients but no client section found");
goto error;
}
cs = cf_section_sub_find(cs, "attribute");
if (!cs) {
cf_log_err_cs(conf, "Told to load clients but no attribute section found");
goto error;
}
if (rlm_ldap_client_load(inst, cs) < 0) {
cf_log_err_cs(conf, "Error loading clients");
return -1;
}
}
return 0;
error:
return -1;
}
/** Initialize the rlm_couchbase module
*
* Intialize the module and create the initial Couchbase connection pool.
*
* @param conf The module configuration.
* @param instance The module instance.
* @return Returns 0 on success, -1 on error.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance) {
static bool version_done;
rlm_couchbase_t *inst = instance; /* our module instance */
if (!version_done) {
version_done = true;
INFO("rlm_couchbase: json-c version: %s", json_c_version());
INFO("rlm_couchbase: libcouchbase version: %s", lcb_get_version(NULL));
}
{
char *server, *p;
size_t len, i;
bool sep = false;
len = talloc_array_length(inst->server_raw);
server = p = talloc_array(inst, char, len);
for (i = 0; i < len; i++) {
switch (inst->server_raw[i]) {
case '\t':
case ' ':
case ',':
/* Consume multiple separators occurring in sequence */
if (sep == true) continue;
sep = true;
*p++ = ';';
break;
default:
sep = false;
*p++ = inst->server_raw[i];
break;
}
}
*p = '\0';
inst->server = server;
}
/* setup item map */
if (mod_build_attribute_element_map(conf, inst) != 0) {
/* fail */
return -1;
}
/* initiate connection pool */
inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL);
/* check connection pool */
if (!inst->pool) {
ERROR("rlm_couchbase: failed to initiate connection pool");
/* fail */
return -1;
}
/* load clients if requested */
if (inst->read_clients) {
CONF_SECTION *cs; /* conf section */
/* attempt to find client section */
cs = cf_section_sub_find(conf, "client");
if (!cs) {
ERROR("rlm_couchbase: failed to find client section while loading clients");
/* fail */
return -1;
}
/* attempt to find attribute subsection */
cs = cf_section_sub_find(cs, "attribute");
if (!cs) {
ERROR("rlm_couchbase: failed to find attribute subsection while loading clients");
/* fail */
return -1;
}
/* debugging */
DEBUG("rlm_couchbase: preparing to load client documents");
/* attempt to load clients */
if (mod_load_client_documents(inst, cs) != 0) {
/* fail */
return -1;
}
}
/* return okay */
return 0;
}
/*
* Instantiate the module.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
linelog_instance_t *inst = instance;
char prefix[100];
/*
* Escape filenames only if asked.
*/
if (inst->file.escape) {
inst->file.escape_func = rad_filename_escape;
} else {
inst->file.escape_func = rad_filename_make_safe;
}
inst->log_dst = fr_str2int(linelog_dst_table, inst->log_dst_str, LINELOG_DST_INVALID);
if (inst->log_dst == LINELOG_DST_INVALID) {
cf_log_err_cs(conf, "Invalid log destination \"%s\"", inst->log_dst_str);
return -1;
}
if (!inst->log_src && !inst->log_ref) {
cf_log_err_cs(conf, "Must specify a log format, or reference");
return -1;
}
inst->name = cf_section_name2(conf);
if (!inst->name) inst->name = cf_section_name1(conf);
snprintf(prefix, sizeof(prefix), "rlm_linelog (%s)", inst->name);
/*
* Setup the logging destination
*/
switch (inst->log_dst) {
case LINELOG_DST_FILE:
{
if (!inst->file.name) {
cf_log_err_cs(conf, "No value provided for 'filename'");
return -1;
}
inst->file.ef = exfile_init(inst, 64, 30, true);
if (!inst->file.ef) {
cf_log_err_cs(conf, "Failed creating log file context");
return -1;
}
if (inst->file.group_str) {
char *endptr;
inst->file.group = strtol(inst->file.group_str, &endptr, 10);
if (*endptr != '\0') {
if (rad_getgid(inst, &(inst->file.group), inst->file.group_str) < 0) {
cf_log_err_cs(conf, "Unable to find system group \"%s\"",
inst->file.group_str);
return -1;
}
}
}
}
break;
case LINELOG_DST_SYSLOG:
{
int num;
#ifndef HAVE_SYSLOG_H
cf_log_err_cs(conf, "Syslog output is not supported on this system");
return -1;
#else
if (inst->syslog.facility) {
num = fr_str2int(syslog_facility_table, inst->syslog.facility, -1);
if (num < 0) {
cf_log_err_cs(conf, "Invalid syslog facility \"%s\"", inst->syslog.facility);
return -1;
}
inst->syslog.priority |= num;
}
num = fr_str2int(syslog_severity_table, inst->syslog.severity, -1);
if (num < 0) {
cf_log_err_cs(conf, "Invalid syslog severity \"%s\"", inst->syslog.severity);
return -1;
}
inst->syslog.priority |= num;
#endif
}
break;
case LINELOG_DST_UNIX:
#ifndef HAVE_SYS_UN_H
cf_log_err_cs(conf, "Unix sockets are not supported on this sytem");
return -1;
#else
inst->pool = fr_connection_pool_module_init(cf_section_sub_find(conf, "unix"),
inst, mod_conn_create, NULL, prefix);
if (!inst->pool) return -1;
#endif
break;
case LINELOG_DST_UDP:
inst->pool = fr_connection_pool_module_init(cf_section_sub_find(conf, "udp"),
inst, mod_conn_create, NULL, prefix);
if (!inst->pool) return -1;
break;
case LINELOG_DST_TCP:
inst->pool = fr_connection_pool_module_init(cf_section_sub_find(conf, "tcp"),
inst, mod_conn_create, NULL, prefix);
if (!inst->pool) return -1;
break;
case LINELOG_DST_INVALID:
rad_assert(0);
break;
}
inst->delimiter_len = talloc_array_length(inst->delimiter) - 1;
inst->cs = conf;
return 0;
}
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_sql_t *inst = instance;
/*
* Hack...
*/
inst->config = &inst->myconfig;
inst->cs = conf;
inst->config->xlat_name = cf_section_name2(conf);
if (!inst->config->xlat_name) {
inst->config->xlat_name = cf_section_name1(conf);
} else {
char *group_name;
DICT_ATTR const *da;
ATTR_FLAGS flags;
/*
* Allocate room for <instance>-SQL-Group
*/
group_name = talloc_typed_asprintf(inst, "%s-SQL-Group", inst->config->xlat_name);
DEBUG("rlm_sql (%s): Creating new attribute %s",
inst->config->xlat_name, group_name);
memset(&flags, 0, sizeof(flags));
if (dict_addattr(group_name, -1, 0, PW_TYPE_STRING, flags) < 0) {
ERROR("rlm_sql (%s): Failed to create "
"attribute %s: %s", inst->config->xlat_name, group_name,
fr_strerror());
return -1;
}
da = dict_attrbyname(group_name);
if (!da) {
ERROR("rlm_sql (%s): Failed to create "
"attribute %s", inst->config->xlat_name, group_name);
return -1;
}
if (inst->config->groupmemb_query) {
DEBUG("rlm_sql (%s): Registering sql_groupcmp for %s",
inst->config->xlat_name, group_name);
paircompare_register(da, dict_attrbyvalue(PW_USER_NAME, 0),
false, sql_groupcmp, inst);
}
}
rad_assert(inst->config->xlat_name);
/*
* Sanity check for crazy people.
*/
if (strncmp(inst->config->sql_driver_name, "rlm_sql_", 8) != 0) {
ERROR("rlm_sql (%s): \"%s\" is NOT an SQL driver!", inst->config->xlat_name, inst->config->sql_driver_name);
return -1;
}
/*
* We need authorize_group_check_query or authorize_group_reply_query
* if group_membership_query is set.
*
* Or we need group_membership_query if authorize_group_check_query or
* authorize_group_reply_query is set.
*/
if (!inst->config->groupmemb_query) {
if (inst->config->authorize_group_check_query) {
WARN("rlm_sql (%s): Ignoring authorize_group_reply_query as group_membership_query "
"is not configured", inst->config->xlat_name);
}
if (inst->config->authorize_group_reply_query) {
WARN("rlm_sql (%s): Ignoring authorize_group_check_query as group_membership_query "
"is not configured", inst->config->xlat_name);
}
} else {
if (!inst->config->authorize_group_check_query) {
ERROR("rlm_sql (%s): authorize_group_check_query must be configured as group_membership_query "
"is configured", inst->config->xlat_name);
return -1;
}
if (!inst->config->authorize_group_reply_query) {
ERROR("rlm_sql (%s): authorize_group_reply_query must be configured as group_membership_query "
"is configured", inst->config->xlat_name);
return -1;
}
}
/*
* This will always exist, as cf_section_parse_init()
* will create it if it doesn't exist. However, the
* "reference" config item won't exist in an auto-created
* configuration. So if that doesn't exist, we ignore
* the whole subsection.
*/
inst->config->accounting.cs = cf_section_sub_find(conf, "accounting");
inst->config->accounting.reference_cp = (cf_pair_find(inst->config->accounting.cs, "reference") != NULL);
inst->config->postauth.cs = cf_section_sub_find(conf, "post-auth");
inst->config->postauth.reference_cp = (cf_pair_find(inst->config->postauth.cs, "reference") != NULL);
/*
* Cache the SQL-User-Name DICT_ATTR, so we can be slightly
* more efficient about creating SQL-User-Name attributes.
*/
inst->sql_user = dict_attrbyname("SQL-User-Name");
if (!inst->sql_user) {
return -1;
}
/*
* Export these methods, too. This avoids RTDL_GLOBAL.
*/
inst->sql_set_user = sql_set_user;
inst->sql_escape_func = sql_escape_func;
inst->sql_query = rlm_sql_query;
inst->sql_select_query = rlm_sql_select_query;
inst->sql_fetch_row = rlm_sql_fetch_row;
/*
* Register the SQL xlat function
*/
xlat_register(inst->config->xlat_name, sql_xlat, sql_escape_func, inst);
/*
* Load the appropriate driver for our database
*/
inst->handle = lt_dlopenext(inst->config->sql_driver_name);
if (!inst->handle) {
ERROR("Could not link driver %s: %s", inst->config->sql_driver_name, dlerror());
ERROR("Make sure it (and all its dependent libraries!) are in the search path of your system's ld");
return -1;
}
inst->module = (rlm_sql_module_t *) dlsym(inst->handle,
inst->config->sql_driver_name);
if (!inst->module) {
ERROR("Could not link symbol %s: %s", inst->config->sql_driver_name, dlerror());
return -1;
}
if (inst->module->mod_instantiate) {
CONF_SECTION *cs;
char const *name;
name = strrchr(inst->config->sql_driver_name, '_');
if (!name) {
name = inst->config->sql_driver_name;
} else {
name++;
}
cs = cf_section_sub_find(conf, name);
if (!cs) {
cs = cf_section_alloc(conf, name, NULL);
if (!cs) {
return -1;
}
}
/*
* It's up to the driver to register a destructor
*/
if (inst->module->mod_instantiate(cs, inst->config) < 0) {
return -1;
}
}
inst->ef = exfile_init(inst, 64, 30);
if (!inst->ef) {
cf_log_err_cs(conf, "Failed creating log file context");
return -1;
}
INFO("rlm_sql (%s): Driver %s (module %s) loaded and linked", inst->config->xlat_name,
inst->config->sql_driver_name, inst->module->name);
/*
* Initialise the connection pool for this instance
*/
INFO("rlm_sql (%s): Attempting to connect to database \"%s\"", inst->config->xlat_name, inst->config->sql_db);
inst->pool = fr_connection_pool_module_init(inst->cs, inst, mod_conn_create, NULL, NULL);
if (!inst->pool) return -1;
if (inst->config->groupmemb_query) {
paircompare_register(dict_attrbyvalue(PW_SQL_GROUP, 0),
dict_attrbyvalue(PW_USER_NAME, 0), false, sql_groupcmp, inst);
}
if (inst->config->do_clients) {
if (generate_sql_clients(inst) == -1){
ERROR("Failed to load clients from SQL");
return -1;
}
}
return RLM_MODULE_OK;
}
int rlm_yubikey_ykclient_init(CONF_SECTION *conf, rlm_yubikey_t *inst)
{
ykclient_rc status;
CONF_SECTION *servers;
char prefix[100];
int count = 0;
if (!inst->client_id) {
ERROR("rlm_yubikey (%s): validation.client_id must be set (to a valid id) when validation is enabled",
inst->name);
return -1;
}
if (!inst->api_key || !*inst->api_key || is_zero(inst->api_key)) {
ERROR("rlm_yubikey (%s): validation.api_key must be set (to a valid key) when validation is enabled",
inst->name);
return -1;
}
DEBUG("rlm_yubikey (%s): Initialising ykclient", inst->name);
status = ykclient_global_init();
if (status != YKCLIENT_OK) {
yk_error:
ERROR("rlm_yubikey (%s): %s", ykclient_strerror(status), inst->name);
return -1;
}
status = ykclient_init(&inst->ykc);
if (status != YKCLIENT_OK) {
goto yk_error;
}
servers = cf_section_sub_find(conf, "servers");
if (servers) {
CONF_PAIR *uri, *first;
/*
* If there were no uris configured we just use the default
* ykclient uris which point to the yubico servers.
*/
first = uri = cf_pair_find(servers, "uri");
if (!uri) {
goto init;
}
while (uri) {
count++;
uri = cf_pair_find_next(servers, uri, "uri");
}
inst->uris = talloc_zero_array(inst, char const *, count);
uri = first;
count = 0;
while (uri) {
inst->uris[count++] = cf_pair_value(uri);
uri = cf_pair_find_next(servers, uri, "uri");
}
if (count) {
status = ykclient_set_url_templates(inst->ykc, count, inst->uris);
if (status != YKCLIENT_OK) {
goto yk_error;
}
}
}
init:
status = ykclient_set_client_b64(inst->ykc, inst->client_id, inst->api_key);
if (status != YKCLIENT_OK) {
ERROR("rlm_yubikey (%s): Failed setting API credentials: %s", ykclient_strerror(status), inst->name);
return -1;
}
snprintf(prefix, sizeof(prefix), "rlm_yubikey (%s)", inst->name);
inst->conn_pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, prefix);
if (!inst->conn_pool) {
ykclient_done(&inst->ykc);
return -1;
}
return 0;
}
