1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
/*
* This program is is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*/
/**
* $Id$
* @file rlm_sometimes.c
* @brief Switches between retuning different return codes.
*
* @copyright 2012 The FreeRADIUS server project
*/
RCSID("$Id$")
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/rad_assert.h>
/*
* The instance data for rlm_sometimes is the list of fake values we are
* going to return.
*/
typedef struct rlm_sometimes_t {
char const *rcode_str;
rlm_rcode_t rcode;
uint32_t start;
uint32_t end;
char const *key;
DICT_ATTR const *da;
} rlm_sometimes_t;
/*
* A mapping of configuration file names to internal variables.
*
* Note that the string is dynamically allocated, so it MUST
* be freed. When the configuration file parse re-reads the string,
* it free's the old one, and strdup's the new one, placing the pointer
* to the strdup'd string into 'config.string'. This gets around
* buffer over-flows.
*/
static const CONF_PARSER module_config[] = {
{ "rcode", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sometimes_t, rcode_str), "fail" },
{ "key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_ATTRIBUTE, rlm_sometimes_t, key), "User-Name" },
{ "start", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_sometimes_t, start), "0" },
{ "end", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_sometimes_t, end), "127" },
CONF_PARSER_TERMINATOR
};
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_sometimes_t *inst = instance;
/*
* Convert the rcode string to an int, and get rid of it
*/
inst->rcode = fr_str2int(mod_rcode_table, inst->rcode_str, RLM_MODULE_UNKNOWN);
if (inst->rcode == RLM_MODULE_UNKNOWN) {
cf_log_err_cs(conf, "Unknown module return code '%s'", inst->rcode_str);
return -1;
}
inst->da = dict_attrbyname(inst->key);
rad_assert(inst->da);
return 0;
}
/*
* A lie! It always returns!
*/
static rlm_rcode_t sometimes_return(void *instance, RADIUS_PACKET *packet, RADIUS_PACKET *reply)
{
uint32_t hash;
uint32_t value;
rlm_sometimes_t *inst = instance;
VALUE_PAIR *vp;
/*
* Set it to NOOP and the module will always do nothing
*/
if (inst->rcode == RLM_MODULE_NOOP) return inst->rcode;
/*
* Hash based on the given key. Usually User-Name.
*/
vp = fr_pair_find_by_da(packet->vps, inst->da, TAG_ANY);
if (!vp) return RLM_MODULE_NOOP;
hash = fr_hash(&vp->data, vp->vp_length);
hash &= 0xff; /* ensure it's 0..255 */
value = hash;
/*
* Ranges are INCLUSIVE.
* [start,end] returns "rcode"
* Everything else returns "noop"
*/
if (value < inst->start) return RLM_MODULE_NOOP;
if (value > inst->end) return RLM_MODULE_NOOP;
/*
* If we're returning "handled", then set the packet
* code in the reply, so that the server responds.
*/
if ((inst->rcode == RLM_MODULE_HANDLED) && reply) {
switch (packet->code) {
case PW_CODE_ACCESS_REQUEST:
reply->code = PW_CODE_ACCESS_ACCEPT;
break;
case PW_CODE_ACCOUNTING_REQUEST:
reply->code = PW_CODE_ACCOUNTING_RESPONSE;
break;
case PW_CODE_COA_REQUEST:
reply->code = PW_CODE_COA_ACK;
break;
case PW_CODE_DISCONNECT_REQUEST:
reply->code = PW_CODE_DISCONNECT_ACK;
break;
default:
break;
}
}
return inst->rcode;
}
static rlm_rcode_t CC_HINT(nonnull) mod_sometimes_packet(void *instance, REQUEST *request)
{
return sometimes_return(instance, request->packet, request->reply);
}
static rlm_rcode_t CC_HINT(nonnull) mod_sometimes_reply(void *instance, REQUEST *request)
{
return sometimes_return(instance, request->reply, NULL);
}
#ifdef WITH_PROXY
static rlm_rcode_t CC_HINT(nonnull) mod_pre_proxy(void *instance, REQUEST *request)
{
if (!request->proxy) return RLM_MODULE_NOOP;
return sometimes_return(instance, request->proxy, request->proxy_reply);
}
static rlm_rcode_t CC_HINT(nonnull) mod_post_proxy(void *instance, REQUEST *request)
{
if (!request->proxy_reply) return RLM_MODULE_NOOP;
return sometimes_return(instance, request->proxy_reply, NULL);
}
#endif
extern module_t rlm_sometimes;
module_t rlm_sometimes = {
.magic = RLM_MODULE_INIT,
.name = "sometimes",
.type = RLM_TYPE_HUP_SAFE, /* needed for radmin */
.inst_size = sizeof(rlm_sometimes_t),
.config = module_config,
.instantiate = mod_instantiate,
.methods = {
[MOD_AUTHENTICATE] = mod_sometimes_packet,
[MOD_AUTHORIZE] = mod_sometimes_packet,
[MOD_PREACCT] = mod_sometimes_packet,
[MOD_ACCOUNTING] = mod_sometimes_packet,
#ifdef WITH_PROXY
[MOD_PRE_PROXY] = mod_pre_proxy,
[MOD_POST_PROXY] = mod_post_proxy,
#endif
[MOD_POST_AUTH] = mod_sometimes_reply,
#ifdef WITH_COA
[MOD_RECV_COA] = mod_sometimes_packet,
[MOD_SEND_COA] = mod_sometimes_reply,
#endif
},
};
|