/*
* Write accounting information to this modules database.
*/
static rlm_rcode_t mod_accounting(void *instance, UNUSED REQUEST *request)
{
rlm_rest_t *inst = instance;
rlm_rest_section_t *section = &inst->accounting;
void *handle;
int hcode;
int rcode = RLM_MODULE_OK;
int ret;
handle = fr_connection_get(inst->conn_pool);
if (!handle) return RLM_MODULE_FAIL;
ret = rlm_rest_perform(inst, section, handle, request, NULL, NULL);
if (ret < 0) {
rcode = RLM_MODULE_FAIL;
goto end;
}
hcode = rest_get_handle_code(handle);
if (hcode >= 500) {
rcode = RLM_MODULE_FAIL;
} else if (hcode == 204) {
rcode = RLM_MODULE_OK;
} else if ((hcode >= 200) && (hcode < 300)) {
ret = rest_request_decode(inst, section, request, handle);
if (ret < 0) rcode = RLM_MODULE_FAIL;
else if (ret == 0) rcode = RLM_MODULE_OK;
else rcode = RLM_MODULE_UPDATED;
} else {
rcode = RLM_MODULE_INVALID;
}
end:
rlm_rest_cleanup(inst, section, handle);
fr_connection_release(inst->conn_pool, handle);
return rcode;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static rlm_rcode_t rlm_rest_authorize(void *instance, REQUEST *request)
{
rlm_rest_t *my_instance = instance;
rlm_rest_section_t *section = &my_instance->authorize;
void *handle;
int hcode;
int rcode = RLM_MODULE_OK;
int ret;
handle = fr_connection_get(my_instance->conn_pool);
if (!handle) return RLM_MODULE_FAIL;
ret = rlm_rest_perform(instance, section, handle, request);
if (ret < 0) {
rcode = RLM_MODULE_FAIL;
goto end;
}
hcode = rest_get_handle_code(handle);
switch (hcode) {
case 404:
case 410:
rcode = RLM_MODULE_NOTFOUND;
break;
case 403:
rcode = RLM_MODULE_USERLOCK;
break;
case 401:
/*
* Attempt to parse content if there was any.
*/
ret = rest_request_decode(my_instance, section,
request, handle);
if (ret < 0) {
rcode = RLM_MODULE_FAIL;
break;
}
rcode = RLM_MODULE_REJECT;
break;
case 204:
rcode = RLM_MODULE_OK;
break;
default:
/*
* Attempt to parse content if there was any.
*/
if ((hcode >= 200) && (hcode < 300)) {
ret = rest_request_decode(my_instance, section,
request, handle);
if (ret < 0) rcode = RLM_MODULE_FAIL;
else if (ret == 0) rcode = RLM_MODULE_OK;
else rcode = RLM_MODULE_UPDATED;
break;
} else if (hcode < 500) {
rcode = RLM_MODULE_INVALID;
} else {
rcode = RLM_MODULE_FAIL;
}
}
end:
rlm_rest_cleanup(instance, section, handle);
fr_connection_release(my_instance->conn_pool, handle);
return rcode;
}
/*
* Authenticate the user with the given password.
*/
static rlm_rcode_t mod_authenticate(void *instance, UNUSED REQUEST *request)
{
rlm_rest_t *inst = instance;
rlm_rest_section_t *section = &inst->authenticate;
void *handle;
int hcode;
int rcode = RLM_MODULE_OK;
int ret;
VALUE_PAIR const *username;
VALUE_PAIR const *password;
username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
if (!username) {
REDEBUG("Can't perform authentication, 'User-Name' attribute not found in the request");
return RLM_MODULE_INVALID;
}
password = pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY);
if (!password) {
REDEBUG("Can't perform authentication, 'Cleartext-Password' attribute not found in the control list");
return RLM_MODULE_INVALID;
}
handle = fr_connection_get(inst->conn_pool);
if (!handle) return RLM_MODULE_FAIL;
ret = rlm_rest_perform(instance, section, handle, request, username->vp_strvalue, password->vp_strvalue);
if (ret < 0) {
rcode = RLM_MODULE_FAIL;
goto end;
}
hcode = rest_get_handle_code(handle);
switch (hcode) {
case 404:
case 410:
rcode = RLM_MODULE_NOTFOUND;
break;
case 403:
rcode = RLM_MODULE_USERLOCK;
break;
case 401:
/*
* Attempt to parse content if there was any.
*/
ret = rest_request_decode(inst, section, request, handle);
if (ret < 0) {
rcode = RLM_MODULE_FAIL;
break;
}
rcode = RLM_MODULE_REJECT;
break;
case 204:
rcode = RLM_MODULE_OK;
break;
default:
/*
* Attempt to parse content if there was any.
*/
if ((hcode >= 200) && (hcode < 300)) {
ret = rest_request_decode(inst, section, request, handle);
if (ret < 0) rcode = RLM_MODULE_FAIL;
else if (ret == 0) rcode = RLM_MODULE_OK;
else rcode = RLM_MODULE_UPDATED;
break;
} else if (hcode < 500) {
rcode = RLM_MODULE_INVALID;
} else {
rcode = RLM_MODULE_FAIL;
}
}
end:
rlm_rest_cleanup(instance, section, handle);
fr_connection_release(inst->conn_pool, handle);
return rcode;
}
