/* * Write accounting information to this modules database. */ static rlm_rcode_t mod_accounting(void *instance, UNUSED REQUEST *request) { rlm_rest_t *inst = instance; rlm_rest_section_t *section = &inst->accounting; void *handle; int hcode; int rcode = RLM_MODULE_OK; int ret; handle = fr_connection_get(inst->conn_pool); if (!handle) return RLM_MODULE_FAIL; ret = rlm_rest_perform(inst, section, handle, request, NULL, NULL); if (ret < 0) { rcode = RLM_MODULE_FAIL; goto end; } hcode = rest_get_handle_code(handle); if (hcode >= 500) { rcode = RLM_MODULE_FAIL; } else if (hcode == 204) { rcode = RLM_MODULE_OK; } else if ((hcode >= 200) && (hcode < 300)) { ret = rest_request_decode(inst, section, request, handle); if (ret < 0) rcode = RLM_MODULE_FAIL; else if (ret == 0) rcode = RLM_MODULE_OK; else rcode = RLM_MODULE_UPDATED; } else { rcode = RLM_MODULE_INVALID; } end: rlm_rest_cleanup(inst, section, handle); fr_connection_release(inst->conn_pool, handle); return rcode; }
/* * Find the named user in this modules database. Create the set * of attribute-value pairs to check and reply with for this user * from the database. The authentication code only needs to check * the password, the rest is done here. */ static rlm_rcode_t rlm_rest_authorize(void *instance, REQUEST *request) { rlm_rest_t *my_instance = instance; rlm_rest_section_t *section = &my_instance->authorize; void *handle; int hcode; int rcode = RLM_MODULE_OK; int ret; handle = fr_connection_get(my_instance->conn_pool); if (!handle) return RLM_MODULE_FAIL; ret = rlm_rest_perform(instance, section, handle, request); if (ret < 0) { rcode = RLM_MODULE_FAIL; goto end; } hcode = rest_get_handle_code(handle); switch (hcode) { case 404: case 410: rcode = RLM_MODULE_NOTFOUND; break; case 403: rcode = RLM_MODULE_USERLOCK; break; case 401: /* * Attempt to parse content if there was any. */ ret = rest_request_decode(my_instance, section, request, handle); if (ret < 0) { rcode = RLM_MODULE_FAIL; break; } rcode = RLM_MODULE_REJECT; break; case 204: rcode = RLM_MODULE_OK; break; default: /* * Attempt to parse content if there was any. */ if ((hcode >= 200) && (hcode < 300)) { ret = rest_request_decode(my_instance, section, request, handle); if (ret < 0) rcode = RLM_MODULE_FAIL; else if (ret == 0) rcode = RLM_MODULE_OK; else rcode = RLM_MODULE_UPDATED; break; } else if (hcode < 500) { rcode = RLM_MODULE_INVALID; } else { rcode = RLM_MODULE_FAIL; } } end: rlm_rest_cleanup(instance, section, handle); fr_connection_release(my_instance->conn_pool, handle); return rcode; }
/* * Authenticate the user with the given password. */ static rlm_rcode_t mod_authenticate(void *instance, UNUSED REQUEST *request) { rlm_rest_t *inst = instance; rlm_rest_section_t *section = &inst->authenticate; void *handle; int hcode; int rcode = RLM_MODULE_OK; int ret; VALUE_PAIR const *username; VALUE_PAIR const *password; username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); if (!username) { REDEBUG("Can't perform authentication, 'User-Name' attribute not found in the request"); return RLM_MODULE_INVALID; } password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); if (!password) { REDEBUG("Can't perform authentication, 'Cleartext-Password' attribute not found in the control list"); return RLM_MODULE_INVALID; } handle = fr_connection_get(inst->conn_pool); if (!handle) return RLM_MODULE_FAIL; ret = rlm_rest_perform(instance, section, handle, request, username->vp_strvalue, password->vp_strvalue); if (ret < 0) { rcode = RLM_MODULE_FAIL; goto end; } hcode = rest_get_handle_code(handle); switch (hcode) { case 404: case 410: rcode = RLM_MODULE_NOTFOUND; break; case 403: rcode = RLM_MODULE_USERLOCK; break; case 401: /* * Attempt to parse content if there was any. */ ret = rest_request_decode(inst, section, request, handle); if (ret < 0) { rcode = RLM_MODULE_FAIL; break; } rcode = RLM_MODULE_REJECT; break; case 204: rcode = RLM_MODULE_OK; break; default: /* * Attempt to parse content if there was any. */ if ((hcode >= 200) && (hcode < 300)) { ret = rest_request_decode(inst, section, request, handle); if (ret < 0) rcode = RLM_MODULE_FAIL; else if (ret == 0) rcode = RLM_MODULE_OK; else rcode = RLM_MODULE_UPDATED; break; } else if (hcode < 500) { rcode = RLM_MODULE_INVALID; } else { rcode = RLM_MODULE_FAIL; } } end: rlm_rest_cleanup(instance, section, handle); fr_connection_release(inst->conn_pool, handle); return rcode; }