/* * Do any per-module initialization that is separate to each * configured instance of the module. e.g. set up connections * to external databases, read configuration files, set up * dictionary entries, etc. * * If configuration information is given in the config section * that must be referenced in later calls, store a handle to it * in *instance otherwise put a null pointer there. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_rest_t *inst = instance; /* * Parse sub-section configs. */ if ( (parse_sub_section(conf, &inst->authorize, MOD_AUTHORIZE) < 0) || (parse_sub_section(conf, &inst->authenticate, MOD_AUTHENTICATE) < 0) || (parse_sub_section(conf, &inst->accounting, MOD_ACCOUNTING) < 0) || /* @todo add behaviour for checksimul */ /* (parse_sub_section(conf, &inst->checksimul, MOD_SESSION) < 0) || */ (parse_sub_section(conf, &inst->post_auth, MOD_POST_AUTH) < 0)) { return -1; } /* * Initialise REST libraries. */ if (rest_init(inst) < 0) { return -1; } inst->connect_timeout = ((inst->connect_timeout_tv.tv_usec * 1000) + (inst->connect_timeout_tv.tv_sec / 1000)); inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL); if (!inst->pool) return -1; return 0; }
/* initialize couchbase connection */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { static bool version_done; rlm_couchbase_t *inst = instance; /* our module instance */ if (!version_done) { version_done = true; INFO("rlm_couchbase: json-c version: %s", json_c_version()); INFO("rlm_couchbase: libcouchbase version: %s", lcb_get_version(NULL)); } { char *server, *p; size_t len, i; bool sep = false; len = talloc_array_length(inst->server_raw); server = p = talloc_array(inst, char, len); for (i = 0; i < len; i++) { switch (inst->server_raw[i]) { case '\t': case ' ': case ',': /* Consume multiple separators occurring in sequence */ if (sep == true) continue; sep = true; *p++ = ';'; break; default: sep = false; *p++ = inst->server_raw[i]; break; } } *p = '\0'; inst->server = server; } /* setup item map */ if (mod_build_attribute_element_map(conf, inst) != 0) { /* fail */ return -1; } /* initiate connection pool */ inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL); /* check connection pool */ if (!inst->pool) { ERROR("rlm_couchbase: failed to initiate connection pool"); /* fail */ return -1; } /* return okay */ return 0; }
static int mod_instantiate(CONF_SECTION *conf, void *instance) { static bool version_done; REDIS_INST *inst = instance; if (!version_done) { version_done = true; INFO("rlm_redis: libhiredis version: %i.%i.%i", HIREDIS_MAJOR, HIREDIS_MINOR, HIREDIS_PATCH); } inst->xlat_name = cf_section_name2(conf); if (!inst->xlat_name) inst->xlat_name = cf_section_name1(conf); xlat_register(inst->xlat_name, redis_xlat, NULL, inst); /* FIXME! */ inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, NULL); if (!inst->pool) { return -1; } inst->redis_query = rlm_redis_query; inst->redis_finish_query = rlm_redis_finish_query; return 0; }
/** * Instantiate module. * @param[in] conf Module config. * @param[in] instance Module instance. * @return Zero on success. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_mongodb_t *inst = instance; inst->name = cf_section_name2(conf); if (!inst->name) { inst->name = cf_section_name1(conf); } if (!strcasecmp(inst->cfg.action, "get")) { inst->action = RLM_MONGODB_GET; cf_log_err_cs(conf, "action 'get' is not implemented"); goto err; } else if (!strcasecmp(inst->cfg.action, "set")) { inst->action = RLM_MONGODB_SET; } else { cf_log_err_cs(conf, "invalid 'action', use'get' or 'set'"); goto err; } if (inst->cfg.remove && inst->cfg.update_query) { cf_log_err_cs(conf, "'update_query' and 'remove' can't be used at the same time"); goto err; } else if (!inst->cfg.remove && !inst->cfg.update_query) { cf_log_err_cs(conf, "'update_query' or 'remove' must be set for 'set' action"); goto err; } if (!cf_pair_find(conf, "pool")) { if (!inst->cfg.server) { cf_log_err_cs(conf, "Invalid or missing 'server' option"); goto err; } } else { if (inst->cfg.server) { cf_log_err_cs(conf, "Can't use server option when foreign connection pool specified"); goto err; } } mongoc_init(); mongoc_log_set_handler(mongoc_log_handler, inst); inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, inst->name); if (!inst->pool) { goto err; } return 0; err: return -1; }
static int mod_instantiate(CONF_SECTION *conf, void *instance) { REDIS_INST *inst = instance; inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, NULL); if (!inst->pool) { return -1; } inst->redis_query = rlm_redis_query; inst->redis_finish_query = rlm_redis_finish_query; return 0; }
/* * Do any per-module initialization that is separate to each * configured instance of the module. e.g. set up connections * to external databases, read configuration files, set up * dictionary entries, etc. * * If configuration information is given in the config section * that must be referenced in later calls, store a handle to it * in *instance otherwise put a null pointer there. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_rest_t *inst = instance; char const *xlat_name; xlat_name = cf_section_name2(conf); if (!xlat_name) { xlat_name = cf_section_name1(conf); } inst->xlat_name = xlat_name; /* * Register the rest xlat function */ xlat_register(inst->xlat_name, rest_xlat, rest_uri_escape, inst); /* * Parse sub-section configs. */ if ( (parse_sub_section(conf, &inst->authorize, RLM_COMPONENT_AUTZ) < 0) || (parse_sub_section(conf, &inst->authenticate, RLM_COMPONENT_AUTH) < 0) || (parse_sub_section(conf, &inst->accounting, RLM_COMPONENT_ACCT) < 0) || /* @todo add behaviour for checksimul */ /* (parse_sub_section(conf, &inst->checksimul, RLM_COMPONENT_SESS) < 0) || */ (parse_sub_section(conf, &inst->post_auth, RLM_COMPONENT_POST_AUTH) < 0)) { return -1; } /* * Initialise REST libraries. */ if (rest_init(inst) < 0) { return -1; } inst->conn_pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL); if (!inst->conn_pool) { return -1; } return 0; }
/* * Do any per-module initialization that is separate to each * configured instance of the module. e.g. set up connections * to external databases, read configuration files, set up * dictionary entries, etc. * * If configuration information is given in the config section * that must be referenced in later calls, store a handle to it * in *instance otherwise put a null pointer there. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_smsotp_t *inst = instance; struct sockaddr_un sa; if (strlen(inst->socket) > (sizeof(sa.sun_path) - 1)) { cf_log_err_cs(conf, "Socket filename is too long"); return -1; } /* * Initialize the socket pool. */ inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, NULL); if (!inst->pool) { return -1; } return 0; }
/** Create a new rlm_cache_memcached instance * * @param conf memcached specific conf section. * @param inst main rlm_cache instance. * @return 0 on success, -1 on failure. */ static int mod_instantiate(CONF_SECTION *conf, rlm_cache_t *inst) { rlm_cache_memcached_t *driver; memcached_return_t ret; char buffer[256]; static bool version_done; buffer[0] = '\0'; /* * Get version info from the libmemcached API. */ if (!version_done) { version_done = true; INFO("rlm_cache_memcached: libmemcached version: %s", memcached_lib_version()); } driver = talloc_zero(inst, rlm_cache_memcached_t); talloc_set_destructor(driver, _mod_detach); if (cf_section_parse(conf, driver, driver_config) < 0) return -1; ret = libmemcached_check_configuration(driver->options, talloc_array_length(driver->options) -1, buffer, sizeof(buffer)); if (ret != MEMCACHED_SUCCESS) { ERROR("rlm_cache_memcached: Failed validating options string: %s", buffer); return -1; } inst->driver = driver; snprintf(buffer, sizeof(buffer), "rlm_cache (%s)", inst->name); driver->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, buffer); if (!driver->pool) return -1; if (inst->max_entries > 0) WARN("rlm_cache_memcached: max_entries is not supported by this driver"); return 0; }
/** Instantiate the module * * Creates a new instance of the module reading parameters from a configuration section. * * @param conf to parse. * @param instance Where to write pointer to configuration data. * @return 0 on success < 0 on failure. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { static bool version_done; CONF_SECTION *options; ldap_instance_t *inst = instance; inst->cs = conf; options = cf_section_sub_find(conf, "options"); if (!options || !cf_pair_find(options, "chase_referrals")) { inst->chase_referrals_unset = true; /* use OpenLDAP defaults */ } inst->xlat_name = cf_section_name2(conf); if (!inst->xlat_name) { inst->xlat_name = cf_section_name1(conf); } /* * Only needs to be done once, prevents races in environment * initialisation within libldap. * * See: https://github.com/arr2036/ldapperf/issues/2 */ #ifdef HAVE_LDAP_INITIALIZE ldap_initialize(&inst->handle, ""); #else inst->handle = ldap_init("", 0); #endif /* * Get version info from the LDAP API. */ if (!version_done) { static LDAPAPIInfo info; /* static to quiet valgrind about this being uninitialised */ int ldap_errno; version_done = true; ldap_errno = ldap_get_option(NULL, LDAP_OPT_API_INFO, &info); if (ldap_errno == LDAP_OPT_SUCCESS) { if (strcmp(info.ldapai_vendor_name, LDAP_VENDOR_NAME) != 0) { WARN("rlm_ldap: libldap vendor changed since the server was built"); WARN("rlm_ldap: linked: %s, built: %s", info.ldapai_vendor_name, LDAP_VENDOR_NAME); } if (info.ldapai_vendor_version != LDAP_VENDOR_VERSION) { WARN("rlm_ldap: libldap version changed since the server was built"); WARN("rlm_ldap: linked: %i, built: %i", info.ldapai_vendor_version, LDAP_VENDOR_VERSION); } INFO("rlm_ldap: libldap vendor: %s, version: %i", info.ldapai_vendor_name, info.ldapai_vendor_version); ldap_memfree(info.ldapai_vendor_name); ldap_memfree(info.ldapai_extensions); } else { DEBUG("rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO " "returned: %i", ldap_errno); INFO("rlm_ldap: libldap vendor: %s, version: %i.%i.%i", LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION_MAJOR, LDAP_VENDOR_VERSION_MINOR, LDAP_VENDOR_VERSION_PATCH); } } /* * If the configuration parameters can't be parsed, then fail. */ if ((parse_sub_section(inst, conf, &inst->accounting, RLM_COMPONENT_ACCT) < 0) || (parse_sub_section(inst, conf, &inst->postauth, RLM_COMPONENT_POST_AUTH) < 0)) { cf_log_err_cs(conf, "Failed parsing configuration"); goto error; } /* * Sanity checks for cacheable groups code. */ if (inst->cacheable_group_name && inst->groupobj_membership_filter) { if (!inst->groupobj_name_attr) { cf_log_err_cs(conf, "Directive 'group.name_attribute' must be set if cacheable " "group names are enabled"); goto error; } } /* * Split original server value out into URI, server and port * so whatever initialization function we use later will have * the server information in the format it needs. */ if (ldap_is_ldap_url(inst->server)) { LDAPURLDesc *ldap_url; int port; if (ldap_url_parse(inst->server, &ldap_url)){ cf_log_err_cs(conf, "Parsing LDAP URL \"%s\" failed", inst->server); return -1; } /* * Figure out the port from the URL */ if (ldap_url->lud_port == 0) { if (strcmp(ldap_url->lud_scheme, "ldaps://") == 0) { if (inst->start_tls == true) { start_tls_error: cf_log_err_cs(conf, "ldaps:// scheme is not compatible with 'start_tls'"); return -1; } port = 636; } else { port = 384; } } else { port = ldap_url->lud_port; } inst->uri = inst->server; inst->server = talloc_strdup(inst, ldap_url->lud_host); if ((inst->port != 384) && (port != inst->port)) { WARN("Non-default 'port' directive %i set to %i by LDAP URI", inst->port, port); } inst->port = port; /* * @todo We could set a few other top level * directives using the URL, like base_dn * and scope. */ ldap_free_urldesc(ldap_url); /* * We need to construct an LDAP URI */ } else { switch (inst->port) { default: case 384: inst->uri = talloc_asprintf(inst, "ldap://%s:%i/", inst->server, inst->port); break; case 636: if (inst->start_tls == true) goto start_tls_error; inst->uri = talloc_asprintf(inst, "ldaps://%s:%i/", inst->server, inst->port); break; } } #ifdef LDAP_OPT_X_TLS_NEVER /* * Workaround for servers which support LDAPS but not START TLS */ if (inst->port == LDAPS_PORT || inst->tls_mode) { inst->tls_mode = LDAP_OPT_X_TLS_HARD; } else { inst->tls_mode = 0; } #endif /* * Convert dereference strings to enumerated constants */ if (inst->dereference_str) { inst->dereference = fr_str2int(ldap_dereference, inst->dereference_str, -1); if (inst->dereference < 0) { cf_log_err_cs(conf, "Invalid 'dereference' value \"%s\", expected 'never', 'searching', " "'finding' or 'always'", inst->dereference_str); goto error; } } #if LDAP_SET_REBIND_PROC_ARGS != 3 /* * The 2-argument rebind doesn't take an instance variable. Our rebind function needs the instance * variable for the username, password, etc. */ if (inst->rebind == true) { cf_log_err_cs(conf, "Cannot use 'rebind' directive as this version of libldap " "does not support the API that we need"); goto error; } #endif /* * Convert scope strings to enumerated constants */ inst->userobj_scope = fr_str2int(ldap_scope, inst->userobj_scope_str, -1); if (inst->userobj_scope < 0) { cf_log_err_cs(conf, "Invalid 'user.scope' value \"%s\", expected 'sub', 'one'" #ifdef LDAP_SCOPE_CHILDREN ", 'base' or 'children'" #else " or 'base'" #endif , inst->userobj_scope_str); goto error; } inst->groupobj_scope = fr_str2int(ldap_scope, inst->groupobj_scope_str, -1); if (inst->groupobj_scope < 0) { cf_log_err_cs(conf, "Invalid 'group.scope' value \"%s\", expected 'sub', 'one'" #ifdef LDAP_SCOPE_CHILDREN ", 'base' or 'children'" #else " or 'base'" #endif , inst->groupobj_scope_str); goto error; } inst->clientobj_scope = fr_str2int(ldap_scope, inst->clientobj_scope_str, -1); if (inst->clientobj_scope < 0) { cf_log_err_cs(conf, "Invalid 'client.scope' value \"%s\", expected 'sub', 'one'" #ifdef LDAP_SCOPE_CHILDREN ", 'base' or 'children'" #else " or 'base'" #endif , inst->clientobj_scope_str); goto error; } if (inst->tls_require_cert_str) { #ifdef LDAP_OPT_X_TLS_NEVER /* * Convert cert strictness to enumerated constants */ inst->tls_require_cert = fr_str2int(ldap_tls_require_cert, inst->tls_require_cert_str, -1); if (inst->tls_require_cert < 0) { cf_log_err_cs(conf, "Invalid 'tls.require_cert' value \"%s\", expected 'never', " "'demand', 'allow', 'try' or 'hard'", inst->tls_require_cert_str); goto error; } #else cf_log_err_cs(conf, "Modifying 'tls.require_cert' is not supported by current " "version of libldap. Please upgrade or substitute current libldap and " "rebuild this module"); goto error; #endif } /* * Build the attribute map */ if (map_afrom_cs(&inst->user_map, cf_section_sub_find(inst->cs, "update"), PAIR_LIST_REPLY, PAIR_LIST_REQUEST, rlm_ldap_map_verify, inst, LDAP_MAX_ATTRMAP) < 0) { return -1; } /* * Group comparison checks. */ if (cf_section_name2(conf)) { static ATTR_FLAGS flags; char buffer[256]; snprintf(buffer, sizeof(buffer), "%s-Ldap-Group", inst->xlat_name); if (dict_addattr(buffer, -1, 0, PW_TYPE_STRING, flags) < 0) { LDAP_ERR("Error creating group attribute: %s", fr_strerror()); return -1; } inst->group_da = dict_attrbyname(buffer); if (!inst->group_da) { LDAP_ERR("Failed creating attribute %s", buffer); goto error; } paircompare_register(inst->group_da, dict_attrbyvalue(PW_USER_NAME, 0), false, rlm_ldap_groupcmp, inst); /* * Were the default instance */ } else { inst->group_da = dict_attrbyvalue(PW_LDAP_GROUP, 0); paircompare_register(dict_attrbyvalue(PW_LDAP_GROUP, 0), dict_attrbyvalue(PW_USER_NAME, 0), false, rlm_ldap_groupcmp, inst); } xlat_register(inst->xlat_name, ldap_xlat, rlm_ldap_escape_func, inst); /* * Setup the cache attribute */ if (inst->cache_attribute) { static ATTR_FLAGS flags; if (dict_addattr(inst->cache_attribute, -1, 0, PW_TYPE_STRING, flags) < 0) { LDAP_ERR("Error creating cache attribute: %s", fr_strerror()); goto error; } inst->cache_da = dict_attrbyname(inst->cache_attribute); } else { inst->cache_da = inst->group_da; /* Default to the group_da */ } /* * Initialize the socket pool. */ inst->pool = fr_connection_pool_module_init(inst->cs, inst, mod_conn_create, NULL, NULL); if (!inst->pool) goto error; /* * Bulk load dynamic clients. */ if (inst->do_clients) { CONF_SECTION *cs; cs = cf_section_sub_find(inst->cs, "client"); if (!cs) { cf_log_err_cs(conf, "Told to load clients but no client section found"); goto error; } cs = cf_section_sub_find(cs, "attribute"); if (!cs) { cf_log_err_cs(conf, "Told to load clients but no attribute section found"); goto error; } if (rlm_ldap_client_load(inst, cs) < 0) { cf_log_err_cs(conf, "Error loading clients"); return -1; } } return 0; error: return -1; }
/** Initialize the rlm_couchbase module * * Intialize the module and create the initial Couchbase connection pool. * * @param conf The module configuration. * @param instance The module instance. * @return Returns 0 on success, -1 on error. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { static bool version_done; rlm_couchbase_t *inst = instance; /* our module instance */ if (!version_done) { version_done = true; INFO("rlm_couchbase: json-c version: %s", json_c_version()); INFO("rlm_couchbase: libcouchbase version: %s", lcb_get_version(NULL)); } { char *server, *p; size_t len, i; bool sep = false; len = talloc_array_length(inst->server_raw); server = p = talloc_array(inst, char, len); for (i = 0; i < len; i++) { switch (inst->server_raw[i]) { case '\t': case ' ': case ',': /* Consume multiple separators occurring in sequence */ if (sep == true) continue; sep = true; *p++ = ';'; break; default: sep = false; *p++ = inst->server_raw[i]; break; } } *p = '\0'; inst->server = server; } /* setup item map */ if (mod_build_attribute_element_map(conf, inst) != 0) { /* fail */ return -1; } /* initiate connection pool */ inst->pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, mod_conn_alive, NULL); /* check connection pool */ if (!inst->pool) { ERROR("rlm_couchbase: failed to initiate connection pool"); /* fail */ return -1; } /* load clients if requested */ if (inst->read_clients) { CONF_SECTION *cs; /* conf section */ /* attempt to find client section */ cs = cf_section_sub_find(conf, "client"); if (!cs) { ERROR("rlm_couchbase: failed to find client section while loading clients"); /* fail */ return -1; } /* attempt to find attribute subsection */ cs = cf_section_sub_find(cs, "attribute"); if (!cs) { ERROR("rlm_couchbase: failed to find attribute subsection while loading clients"); /* fail */ return -1; } /* debugging */ DEBUG("rlm_couchbase: preparing to load client documents"); /* attempt to load clients */ if (mod_load_client_documents(inst, cs) != 0) { /* fail */ return -1; } } /* return okay */ return 0; }
/* * Instantiate the module. */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { linelog_instance_t *inst = instance; char prefix[100]; /* * Escape filenames only if asked. */ if (inst->file.escape) { inst->file.escape_func = rad_filename_escape; } else { inst->file.escape_func = rad_filename_make_safe; } inst->log_dst = fr_str2int(linelog_dst_table, inst->log_dst_str, LINELOG_DST_INVALID); if (inst->log_dst == LINELOG_DST_INVALID) { cf_log_err_cs(conf, "Invalid log destination \"%s\"", inst->log_dst_str); return -1; } if (!inst->log_src && !inst->log_ref) { cf_log_err_cs(conf, "Must specify a log format, or reference"); return -1; } inst->name = cf_section_name2(conf); if (!inst->name) inst->name = cf_section_name1(conf); snprintf(prefix, sizeof(prefix), "rlm_linelog (%s)", inst->name); /* * Setup the logging destination */ switch (inst->log_dst) { case LINELOG_DST_FILE: { if (!inst->file.name) { cf_log_err_cs(conf, "No value provided for 'filename'"); return -1; } inst->file.ef = exfile_init(inst, 64, 30, true); if (!inst->file.ef) { cf_log_err_cs(conf, "Failed creating log file context"); return -1; } if (inst->file.group_str) { char *endptr; inst->file.group = strtol(inst->file.group_str, &endptr, 10); if (*endptr != '\0') { if (rad_getgid(inst, &(inst->file.group), inst->file.group_str) < 0) { cf_log_err_cs(conf, "Unable to find system group \"%s\"", inst->file.group_str); return -1; } } } } break; case LINELOG_DST_SYSLOG: { int num; #ifndef HAVE_SYSLOG_H cf_log_err_cs(conf, "Syslog output is not supported on this system"); return -1; #else if (inst->syslog.facility) { num = fr_str2int(syslog_facility_table, inst->syslog.facility, -1); if (num < 0) { cf_log_err_cs(conf, "Invalid syslog facility \"%s\"", inst->syslog.facility); return -1; } inst->syslog.priority |= num; } num = fr_str2int(syslog_severity_table, inst->syslog.severity, -1); if (num < 0) { cf_log_err_cs(conf, "Invalid syslog severity \"%s\"", inst->syslog.severity); return -1; } inst->syslog.priority |= num; #endif } break; case LINELOG_DST_UNIX: #ifndef HAVE_SYS_UN_H cf_log_err_cs(conf, "Unix sockets are not supported on this sytem"); return -1; #else inst->pool = fr_connection_pool_module_init(cf_section_sub_find(conf, "unix"), inst, mod_conn_create, NULL, prefix); if (!inst->pool) return -1; #endif break; case LINELOG_DST_UDP: inst->pool = fr_connection_pool_module_init(cf_section_sub_find(conf, "udp"), inst, mod_conn_create, NULL, prefix); if (!inst->pool) return -1; break; case LINELOG_DST_TCP: inst->pool = fr_connection_pool_module_init(cf_section_sub_find(conf, "tcp"), inst, mod_conn_create, NULL, prefix); if (!inst->pool) return -1; break; case LINELOG_DST_INVALID: rad_assert(0); break; } inst->delimiter_len = talloc_array_length(inst->delimiter) - 1; inst->cs = conf; return 0; }
static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_sql_t *inst = instance; /* * Hack... */ inst->config = &inst->myconfig; inst->cs = conf; inst->config->xlat_name = cf_section_name2(conf); if (!inst->config->xlat_name) { inst->config->xlat_name = cf_section_name1(conf); } else { char *group_name; DICT_ATTR const *da; ATTR_FLAGS flags; /* * Allocate room for <instance>-SQL-Group */ group_name = talloc_typed_asprintf(inst, "%s-SQL-Group", inst->config->xlat_name); DEBUG("rlm_sql (%s): Creating new attribute %s", inst->config->xlat_name, group_name); memset(&flags, 0, sizeof(flags)); if (dict_addattr(group_name, -1, 0, PW_TYPE_STRING, flags) < 0) { ERROR("rlm_sql (%s): Failed to create " "attribute %s: %s", inst->config->xlat_name, group_name, fr_strerror()); return -1; } da = dict_attrbyname(group_name); if (!da) { ERROR("rlm_sql (%s): Failed to create " "attribute %s", inst->config->xlat_name, group_name); return -1; } if (inst->config->groupmemb_query) { DEBUG("rlm_sql (%s): Registering sql_groupcmp for %s", inst->config->xlat_name, group_name); paircompare_register(da, dict_attrbyvalue(PW_USER_NAME, 0), false, sql_groupcmp, inst); } } rad_assert(inst->config->xlat_name); /* * Sanity check for crazy people. */ if (strncmp(inst->config->sql_driver_name, "rlm_sql_", 8) != 0) { ERROR("rlm_sql (%s): \"%s\" is NOT an SQL driver!", inst->config->xlat_name, inst->config->sql_driver_name); return -1; } /* * We need authorize_group_check_query or authorize_group_reply_query * if group_membership_query is set. * * Or we need group_membership_query if authorize_group_check_query or * authorize_group_reply_query is set. */ if (!inst->config->groupmemb_query) { if (inst->config->authorize_group_check_query) { WARN("rlm_sql (%s): Ignoring authorize_group_reply_query as group_membership_query " "is not configured", inst->config->xlat_name); } if (inst->config->authorize_group_reply_query) { WARN("rlm_sql (%s): Ignoring authorize_group_check_query as group_membership_query " "is not configured", inst->config->xlat_name); } } else { if (!inst->config->authorize_group_check_query) { ERROR("rlm_sql (%s): authorize_group_check_query must be configured as group_membership_query " "is configured", inst->config->xlat_name); return -1; } if (!inst->config->authorize_group_reply_query) { ERROR("rlm_sql (%s): authorize_group_reply_query must be configured as group_membership_query " "is configured", inst->config->xlat_name); return -1; } } /* * This will always exist, as cf_section_parse_init() * will create it if it doesn't exist. However, the * "reference" config item won't exist in an auto-created * configuration. So if that doesn't exist, we ignore * the whole subsection. */ inst->config->accounting.cs = cf_section_sub_find(conf, "accounting"); inst->config->accounting.reference_cp = (cf_pair_find(inst->config->accounting.cs, "reference") != NULL); inst->config->postauth.cs = cf_section_sub_find(conf, "post-auth"); inst->config->postauth.reference_cp = (cf_pair_find(inst->config->postauth.cs, "reference") != NULL); /* * Cache the SQL-User-Name DICT_ATTR, so we can be slightly * more efficient about creating SQL-User-Name attributes. */ inst->sql_user = dict_attrbyname("SQL-User-Name"); if (!inst->sql_user) { return -1; } /* * Export these methods, too. This avoids RTDL_GLOBAL. */ inst->sql_set_user = sql_set_user; inst->sql_escape_func = sql_escape_func; inst->sql_query = rlm_sql_query; inst->sql_select_query = rlm_sql_select_query; inst->sql_fetch_row = rlm_sql_fetch_row; /* * Register the SQL xlat function */ xlat_register(inst->config->xlat_name, sql_xlat, sql_escape_func, inst); /* * Load the appropriate driver for our database */ inst->handle = lt_dlopenext(inst->config->sql_driver_name); if (!inst->handle) { ERROR("Could not link driver %s: %s", inst->config->sql_driver_name, dlerror()); ERROR("Make sure it (and all its dependent libraries!) are in the search path of your system's ld"); return -1; } inst->module = (rlm_sql_module_t *) dlsym(inst->handle, inst->config->sql_driver_name); if (!inst->module) { ERROR("Could not link symbol %s: %s", inst->config->sql_driver_name, dlerror()); return -1; } if (inst->module->mod_instantiate) { CONF_SECTION *cs; char const *name; name = strrchr(inst->config->sql_driver_name, '_'); if (!name) { name = inst->config->sql_driver_name; } else { name++; } cs = cf_section_sub_find(conf, name); if (!cs) { cs = cf_section_alloc(conf, name, NULL); if (!cs) { return -1; } } /* * It's up to the driver to register a destructor */ if (inst->module->mod_instantiate(cs, inst->config) < 0) { return -1; } } inst->ef = exfile_init(inst, 64, 30); if (!inst->ef) { cf_log_err_cs(conf, "Failed creating log file context"); return -1; } INFO("rlm_sql (%s): Driver %s (module %s) loaded and linked", inst->config->xlat_name, inst->config->sql_driver_name, inst->module->name); /* * Initialise the connection pool for this instance */ INFO("rlm_sql (%s): Attempting to connect to database \"%s\"", inst->config->xlat_name, inst->config->sql_db); inst->pool = fr_connection_pool_module_init(inst->cs, inst, mod_conn_create, NULL, NULL); if (!inst->pool) return -1; if (inst->config->groupmemb_query) { paircompare_register(dict_attrbyvalue(PW_SQL_GROUP, 0), dict_attrbyvalue(PW_USER_NAME, 0), false, sql_groupcmp, inst); } if (inst->config->do_clients) { if (generate_sql_clients(inst) == -1){ ERROR("Failed to load clients from SQL"); return -1; } } return RLM_MODULE_OK; }
int rlm_yubikey_ykclient_init(CONF_SECTION *conf, rlm_yubikey_t *inst) { ykclient_rc status; CONF_SECTION *servers; char prefix[100]; int count = 0; if (!inst->client_id) { ERROR("rlm_yubikey (%s): validation.client_id must be set (to a valid id) when validation is enabled", inst->name); return -1; } if (!inst->api_key || !*inst->api_key || is_zero(inst->api_key)) { ERROR("rlm_yubikey (%s): validation.api_key must be set (to a valid key) when validation is enabled", inst->name); return -1; } DEBUG("rlm_yubikey (%s): Initialising ykclient", inst->name); status = ykclient_global_init(); if (status != YKCLIENT_OK) { yk_error: ERROR("rlm_yubikey (%s): %s", ykclient_strerror(status), inst->name); return -1; } status = ykclient_init(&inst->ykc); if (status != YKCLIENT_OK) { goto yk_error; } servers = cf_section_sub_find(conf, "servers"); if (servers) { CONF_PAIR *uri, *first; /* * If there were no uris configured we just use the default * ykclient uris which point to the yubico servers. */ first = uri = cf_pair_find(servers, "uri"); if (!uri) { goto init; } while (uri) { count++; uri = cf_pair_find_next(servers, uri, "uri"); } inst->uris = talloc_zero_array(inst, char const *, count); uri = first; count = 0; while (uri) { inst->uris[count++] = cf_pair_value(uri); uri = cf_pair_find_next(servers, uri, "uri"); } if (count) { status = ykclient_set_url_templates(inst->ykc, count, inst->uris); if (status != YKCLIENT_OK) { goto yk_error; } } } init: status = ykclient_set_client_b64(inst->ykc, inst->client_id, inst->api_key); if (status != YKCLIENT_OK) { ERROR("rlm_yubikey (%s): Failed setting API credentials: %s", ykclient_strerror(status), inst->name); return -1; } snprintf(prefix, sizeof(prefix), "rlm_yubikey (%s)", inst->name); inst->conn_pool = fr_connection_pool_module_init(conf, inst, mod_conn_create, NULL, prefix); if (!inst->conn_pool) { ykclient_done(&inst->ykc); return -1; } return 0; }