本文整理汇总了C++中radius_paircreate函数的典型用法代码示例。如果您正苦于以下问题:C++ radius_paircreate函数的具体用法?C++ radius_paircreate怎么用?C++ radius_paircreate使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了radius_paircreate函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: add_nas_attr
/*
* If the NAS wasn't smart enought to add a NAS-IP-Address
* to the request, then add it ourselves.
*/
static int add_nas_attr(REQUEST *request)
{
VALUE_PAIR *nas;
switch (request->packet->src_ipaddr.af) {
case AF_INET:
nas = pairfind(request->packet->vps, PW_NAS_IP_ADDRESS, 0, TAG_ANY);
if (!nas) {
nas = radius_paircreate(request->packet, &request->packet->vps, PW_NAS_IP_ADDRESS, 0);
nas->vp_ipaddr = request->packet->src_ipaddr.ipaddr.ip4addr.s_addr;
}
break;
case AF_INET6:
nas = pairfind(request->packet->vps, PW_NAS_IPV6_ADDRESS, 0, TAG_ANY);
if (!nas) {
nas = radius_paircreate(request->packet, &request->packet->vps, PW_NAS_IPV6_ADDRESS, 0);
memcpy(&nas->vp_ipv6addr, &request->packet->src_ipaddr.ipaddr,
sizeof(request->packet->src_ipaddr.ipaddr));
}
break;
default:
ERROR("Unknown address family for packet");
return -1;
}
return 0;
}
开发者ID:RockalotofPokadots,项目名称:freeradius-server,代码行数:33,代码来源:rlm_preprocess.c
示例2: rlm_replicate_alloc
/** Allocate a request packet
*
* This is done once per request with the same packet being sent to multiple realms.
*/
static rlm_rcode_t rlm_replicate_alloc(RADIUS_PACKET **out, REQUEST *request, pair_lists_t list, PW_CODE code)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
RADIUS_PACKET *packet = NULL;
VALUE_PAIR *vp, **vps;
*out = NULL;
packet = rad_alloc(request, 1);
if (!packet) {
return RLM_MODULE_FAIL;
}
packet->code = code;
/*
* Figure out which list in the request were replicating
*/
vps = radius_list(request, list);
if (!vps) {
RWDEBUG("List '%s' doesn't exist for this packet", fr_int2str(pair_lists, list, "<INVALID>"));
rcode = RLM_MODULE_INVALID;
goto error;
}
/*
* Don't assume the list actually contains any attributes.
*/
if (*vps) {
packet->vps = paircopy(packet, *vps);
if (!packet->vps) {
rcode = RLM_MODULE_FAIL;
goto error;
}
}
/*
* For CHAP, create the CHAP-Challenge if it doesn't exist.
*/
if ((code == PW_CODE_ACCESS_REQUEST) &&
(pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY) != NULL) &&
(pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0, TAG_ANY) == NULL)) {
vp = radius_paircreate(packet, &packet->vps, PW_CHAP_CHALLENGE, 0);
pairmemcpy(vp, request->packet->vector, AUTH_VECTOR_LEN);
}
*out = packet;
return rcode;
error:
talloc_free(packet);
return rcode;
}
开发者ID:aurelienfavre,项目名称:freeradius-server,代码行数:56,代码来源:rlm_replicate.c
示例3: mod_authorize
/*
* Check if account has expired, and if user may login now.
*/
static rlm_rcode_t mod_authorize(void *instance, REQUEST *request)
{
rlm_expiration_t *inst = instance;
VALUE_PAIR *vp, *check_item = NULL;
char msg[MAX_STRING_LEN];
if ((check_item = pairfind(request->config_items, PW_EXPIRATION, 0, TAG_ANY)) != NULL){
/*
* Has this user's password expired?
*
* If so, remove ALL reply attributes,
* and add our own Reply-Message, saying
* why they're being rejected.
*/
RDEBUG("Checking Expiration time: '%s'",check_item->vp_strvalue);
if (((time_t) check_item->vp_date) <= request->timestamp) {
RDEBUG("Account has expired");
if (inst->msg && inst->msg[0]){
if (!radius_xlat(msg, sizeof(msg), inst->msg, request, NULL, NULL)) {
radlog(L_ERR, "rlm_expiration: xlat failed.");
return RLM_MODULE_FAIL;
}
pairfree(&request->reply->vps);
pairmake_reply("Reply-Message", msg, T_OP_ADD);
}
RDEBUGE("Account has expired [Expiration %s]",check_item->vp_strvalue);
return RLM_MODULE_USERLOCK;
}
/*
* Else the account hasn't expired, but it may do so
* in the future. Set Session-Timeout.
*/
vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request, &request->reply->vps,
PW_SESSION_TIMEOUT, 0);
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
} else if (vp->vp_date > ((uint32_t) (((time_t) check_item->vp_date) - request->timestamp))) {
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
}
}
else
return RLM_MODULE_NOOP;
return RLM_MODULE_OK;
}
开发者ID:jcartermeru,项目名称:freeradius-server,代码行数:53,代码来源:rlm_expiration.c
示例4: request_stats_addvp
static void request_stats_addvp(REQUEST *request,
fr_stats2vp *table, fr_stats_t *stats)
{
int i;
VALUE_PAIR *vp;
for (i = 0; table[i].attribute != 0; i++) {
vp = radius_paircreate(request, &request->reply->vps,
FR2ATTR(table[i].attribute),
PW_TYPE_INTEGER);
if (!vp) continue;
vp->vp_integer = *(int *)(((char *) stats) + table[i].offset);
}
}
开发者ID:Antti,项目名称:freeradius-server,代码行数:15,代码来源:frs_status.c
示例5: request_stats_addvp
static void request_stats_addvp(REQUEST *request,
fr_stats2vp *table, fr_stats_t *stats)
{
int i;
fr_uint_t counter;
VALUE_PAIR *vp;
for (i = 0; table[i].attribute != 0; i++) {
vp = radius_paircreate(request->reply, &request->reply->vps,
table[i].attribute, VENDORPEC_FREERADIUS);
if (!vp) continue;
counter = *(fr_uint_t *) (((uint8_t *) stats) + table[i].offset);
vp->vp_integer = counter;
}
}
开发者ID:K1ngR1chard,项目名称:freeradius-server,代码行数:16,代码来源:stats.c
示例6: huntgroup_access
/*
* See if we have access to the huntgroup.
*/
static int huntgroup_access(REQUEST *request, PAIR_LIST *huntgroups)
{
PAIR_LIST *i;
int r = RLM_MODULE_OK;
VALUE_PAIR *request_pairs = request->packet->vps;
/*
* We're not controlling access by huntgroups:
* Allow them in.
*/
if (!huntgroups) {
return RLM_MODULE_OK;
}
for (i = huntgroups; i; i = i->next) {
/*
* See if this entry matches.
*/
if (paircompare(request, request_pairs, i->check, NULL) != 0) {
continue;
}
/*
* Now check for access.
*/
r = RLM_MODULE_REJECT;
if (hunt_paircmp(request, request_pairs, i->reply) == 0) {
VALUE_PAIR *vp;
/*
* We've matched the huntgroup, so add it in
* to the list of request pairs.
*/
vp = pairfind(request_pairs, PW_HUNTGROUP_NAME, 0, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request->packet, &request->packet->vps, PW_HUNTGROUP_NAME, 0);
pairstrcpy(vp, i->name);
}
r = RLM_MODULE_OK;
}
break;
}
return r;
}
开发者ID:RockalotofPokadots,项目名称:freeradius-server,代码行数:48,代码来源:rlm_preprocess.c
示例7: CC_HINT
/*
* Check if account has expired, and if user may login now.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void *instance, REQUEST *request)
{
VALUE_PAIR *vp, *check_item = NULL;
check_item = pairfind(request->config, PW_EXPIRATION, 0, TAG_ANY);
if (check_item != NULL) {
char date[50];
/*
* Has this user's password expired?
*
* If so, remove ALL reply attributes,
* and add our own Reply-Message, saying
* why they're being rejected.
*/
if (((time_t) check_item->vp_date) <= request->timestamp) {
vp_prints_value(date, sizeof(date), check_item, 0);
REDEBUG("Account expired at '%s'", date);
return RLM_MODULE_USERLOCK;
} else {
if (RDEBUG_ENABLED) {
vp_prints_value(date, sizeof(date), check_item, 0);
RDEBUG("Account will expire at '%s'", date);
}
}
/*
* Else the account hasn't expired, but it may do so
* in the future. Set Session-Timeout.
*/
vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
} else if (vp->vp_date > ((uint32_t) (((time_t) check_item->vp_date) - request->timestamp))) {
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
}
} else {
return RLM_MODULE_NOOP;
}
return RLM_MODULE_OK;
}
开发者ID:K1ngR1chard,项目名称:freeradius-server,代码行数:46,代码来源:rlm_expiration.c
示例8: CC_HINT
/*
* Access-Requests can have the CHAP-Challenge implicitly taken
* from the request authenticator. If the NAS has done that,
* then we need to copy the data to a real CHAP-Challenge
* attribute when proxying. Otherwise when we proxy the request,
* the new authenticator is different, and the CHAP calculations
* will fail.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_pre_proxy(UNUSED void *instance,
REQUEST *request)
{
VALUE_PAIR *vp;
/*
* For Access-Requests, which have CHAP-Password,
* and no CHAP-Challenge, copy it over from the request.
*/
if (request->packet->code != PW_CODE_AUTHENTICATION_REQUEST) return RLM_MODULE_NOOP;
if (!pairfind(request->proxy->vps, PW_CHAP_PASSWORD, 0, TAG_ANY)) return RLM_MODULE_NOOP;
vp = radius_paircreate(request, &request->proxy->vps, PW_CHAP_CHALLENGE, 0);
if (!vp) return RLM_MODULE_FAIL;
pairmemcpy(vp, request->packet->vector, sizeof(request->packet->vector));
return RLM_MODULE_OK;
}
开发者ID:AirspeedTelecom,项目名称:freeradius,代码行数:28,代码来源:rlm_chap.c
示例9: mod_post_auth
//.........这里部分代码省略.........
ip_start = strtoul(sqlsock->row[1], (char **) NULL, 10);
ip_stop = strtoul(sqlsock->row[2], (char **) NULL, 10);
nvp_select_finish(inst, sqlsock);
/* reserve an IP address */
if (!nvp_query(__LINE__, inst, sqlsock,
"UPDATE `%s`.`ips` "
"SET "
"`pid` = %lu, "
"`rsv_since` = NOW(), "
"`rsv_by` = '" RLM_NETVIM_TMP_PREFIX "%lu', "
"`rsv_until` = NOW() + INTERVAL %d SECOND "
"WHERE "
"`ip` BETWEEN %lu AND %lu AND "
"("
"`pid` IS NULL OR "
"(`rsv_until` > 0 AND `rsv_until` < NOW())"
") "
"ORDER BY RAND() "
"LIMIT 1",
inst->db_name, pid, connid, inst->free_after, ip_start, ip_stop)) {
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
else {
nvp_finish(inst, sqlsock);
}
/* select assigned IP address */
switch (nvp_select(__LINE__, inst, sqlsock,
"SELECT `ip` "
"FROM `%s`.`ips` "
"WHERE `rsv_by` = '" RLM_NETVIM_TMP_PREFIX "%lu' "
"ORDER BY `rsv_since` DESC "
"LIMIT 1",
inst->db_name, connid)) {
case -1:
nvp_log(__LINE__, inst, L_ERR,
"mod_post_auth(): couldn't reserve an IP address "
"from pool of pid = %lu (prio = %ld, gid = %lu)",
pid, prio, gid);
continue; /* select next pid */
case 0:
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
/* update free IPs count */
if (!nvp_query(__LINE__, inst, sqlsock,
"UPDATE `%s`.`ip_pools` "
"SET "
"`free` = `free` - 1 "
"WHERE "
"`pid` = %lu "
"LIMIT 1",
inst->db_name, pid)) {
sql_release_socket(inst->sqlinst, sqlsock);
return RLM_MODULE_FAIL;
}
else {
nvp_finish(inst, sqlsock);
}
/* get assigned IP and free memory */
ip.s_addr = htonl(strtoul(sqlsock->row[0], (char **) NULL, 10));
nvp_select_finish(inst, sqlsock);
} /* pid */
end_pid: continue; /* stupid */
} /* prio */
end_prio: continue; /* stupid */
} /* gid */
end_gid:
/* release SQL socket */
sql_release_socket(inst->sqlinst, sqlsock);
/* no free IP address found */
if (!ip.s_addr) {
nvp_log(__LINE__, inst, L_INFO,
"mod_post_auth(): no free IP address found!");
if (inst->no_free_fail) {
nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): rejecting user");
return RLM_MODULE_REJECT;
}
else {
nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): exiting");
return RLM_MODULE_NOOP;
}
}
/* add IP address to reply packet */
vp = radius_paircreate(request, &request->reply->vps,
PW_FRAMED_IP_ADDRESS, 0);
vp->vp_ipaddr = ip.s_addr;
nvp_log(__LINE__, inst, L_DBG, "mod_post_auth(): returning %s",
inet_ntoa(ip));
return RLM_MODULE_OK;
}
开发者ID:Distrotech,项目名称:freeradius-server,代码行数:101,代码来源:rlm_sqlhpwippool.c
示例10: dhcp_process
static int dhcp_process(REQUEST *request)
{
int rcode;
unsigned int i;
VALUE_PAIR *vp;
dhcp_socket_t *sock;
/*
* If there's a giaddr, save it as the Relay-IP-Address
* in the response. That way the later code knows where
* to send the reply.
*/
vp = pairfind(request->packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Gateway-IP-Address */
if (vp && (vp->vp_ipaddr != htonl(INADDR_ANY))) {
VALUE_PAIR *relay;
/* DHCP-Relay-IP-Address */
relay = radius_paircreate(request->reply, &request->reply->vps,
272, DHCP_MAGIC_VENDOR);
if (relay) relay->vp_ipaddr = vp->vp_ipaddr;
}
vp = pairfind(request->packet->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
DICT_VALUE *dv = dict_valbyattr(53, DHCP_MAGIC_VENDOR, vp->vp_integer);
DEBUG("Trying sub-section dhcp %s {...}",
dv->name ? dv->name : "<unknown>");
rcode = process_post_auth(vp->vp_integer, request);
} else {
DEBUG("DHCP: Failed to find DHCP-Message-Type in packet!");
rcode = RLM_MODULE_FAIL;
}
vp = pairfind(request->reply->vps, 53, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
request->reply->code = vp->vp_integer;
if ((request->reply->code != 0) &&
(request->reply->code < PW_DHCP_OFFSET)) {
request->reply->code += PW_DHCP_OFFSET;
}
}
else switch (rcode) {
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
if (request->packet->code == PW_DHCP_DISCOVER) {
request->reply->code = PW_DHCP_OFFER;
break;
} else if (request->packet->code == PW_DHCP_REQUEST) {
request->reply->code = PW_DHCP_ACK;
break;
}
request->reply->code = PW_DHCP_NAK;
break;
default:
case RLM_MODULE_REJECT:
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
if (request->packet->code == PW_DHCP_DISCOVER) {
request->reply->code = 0; /* ignore the packet */
} else {
request->reply->code = PW_DHCP_NAK;
}
break;
case RLM_MODULE_HANDLED:
request->reply->code = 0; /* ignore the packet */
break;
}
/*
* TODO: Handle 'output' of RLM_MODULE when acting as a
* DHCP relay We may want to not forward packets in
* certain circumstances.
*/
/*
* Handle requests when acting as a DHCP relay
*/
vp = pairfind(request->packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY); /* DHCP-Opcode */
if (!vp) {
RDEBUG("FAILURE: Someone deleted the DHCP-Opcode!");
return 1;
}
/* BOOTREPLY received on port 67 (i.e. from a server) */
if (vp->vp_integer == 2) {
return dhcprelay_process_server_reply(request);
}
/* Packet from client, and we have DHCP-Relay-To-IP-Address */
if (pairfind(request->config_items, 270, DHCP_MAGIC_VENDOR, TAG_ANY)) {
return dhcprelay_process_client_request(request);
}
/* else it's a packet from a client, without relaying */
rad_assert(vp->vp_integer == 1); /* BOOTREQUEST */
//.........这里部分代码省略.........
开发者ID:capone1992,项目名称:freeradius-server,代码行数:101,代码来源:dhcpd.c
示例11: rad_authenticate
/*
* Process and reply to an authentication request
*
* The return value of this function isn't actually used right now, so
* it's not entirely clear if it is returning the right things. --Pac.
*/
int rad_authenticate(REQUEST *request)
{
VALUE_PAIR *namepair;
#ifdef WITH_SESSION_MGMT
VALUE_PAIR *check_item;
#endif
VALUE_PAIR *auth_item = NULL;
VALUE_PAIR *module_msg;
VALUE_PAIR *tmp = NULL;
int result;
const char *password;
char autz_retry = 0;
int autz_type = 0;
password = "";
#ifdef WITH_PROXY
/*
* If this request got proxied to another server, we need
* to check whether it authenticated the request or not.
*/
if (request->proxy_reply) {
switch (request->proxy_reply->code) {
/*
* Reply of ACCEPT means accept, thus set Auth-Type
* accordingly.
*/
case PW_AUTHENTICATION_ACK:
tmp = radius_paircreate(request,
&request->config_items,
PW_AUTH_TYPE, PW_TYPE_INTEGER);
if (tmp) tmp->vp_integer = PW_AUTHTYPE_ACCEPT;
#ifdef WITH_POST_PROXY_AUTHORIZE
if (mainconfig.post_proxy_authorize) break;
#endif
goto authenticate;
/*
* Challenges are punted back to the NAS without any
* further processing.
*/
case PW_ACCESS_CHALLENGE:
request->reply->code = PW_ACCESS_CHALLENGE;
return RLM_MODULE_OK;
/*
* ALL other replies mean reject. (this is fail-safe)
*
* Do NOT do any authorization or authentication. They
* are being rejected, so we minimize the amount of work
* done by the server, by rejecting them here.
*/
case PW_AUTHENTICATION_REJECT:
rad_authlog("Login incorrect (Home Server says so)",
request, 0);
request->reply->code = PW_AUTHENTICATION_REJECT;
return RLM_MODULE_REJECT;
default:
rad_authlog("Login incorrect (Home Server failed to respond)",
request, 0);
return RLM_MODULE_REJECT;
}
}
#endif
/*
* Get the username from the request.
*
* Note that namepair MAY be NULL, in which case there
* is no User-Name attribute in the request.
*/
namepair = request->username;
/*
* Look for, and cache, passwords.
*/
if (!request->password) {
request->password = pairfind(request->packet->vps,
PW_USER_PASSWORD);
}
/*
* Discover which password we want to use.
*/
auth_item = request->password;
if (auth_item) {
password = (const char *)auth_item->vp_strvalue;
} else {
/*
* Maybe there's a CHAP-Password?
*/
if ((auth_item = pairfind(request->packet->vps,
PW_CHAP_PASSWORD)) != NULL) {
//.........这里部分代码省略.........
开发者ID:ebichu,项目名称:dd-wrt,代码行数:101,代码来源:auth.c
示例12: request_stats_reply
static void request_stats_reply(REQUEST *request)
{
VALUE_PAIR *flag, *vp;
/*
* Statistics are available ONLY on a "status" port.
*/
rad_assert(request->packet->code == PW_STATUS_SERVER);
rad_assert(request->listener->type == RAD_LISTEN_NONE);
flag = pairfind(request->packet->vps, FR2ATTR(127));
if (!flag || (flag->vp_integer == 0)) return;
/*
* Authentication.
*/
if (((flag->vp_integer & 0x01) != 0) &&
((flag->vp_integer & 0xc0) == 0)) {
request_stats_addvp(request, authvp, &radius_auth_stats);
}
#ifdef WITH_ACCOUNTING
/*
* Accounting
*/
if (((flag->vp_integer & 0x02) != 0) &&
((flag->vp_integer & 0xc0) == 0)) {
request_stats_addvp(request, acctvp, &radius_acct_stats);
}
#endif
#ifdef WITH_PROXY
/*
* Proxied authentication requests.
*/
if (((flag->vp_integer & 0x04) != 0) &&
((flag->vp_integer & 0x20) == 0)) {
request_stats_addvp(request, proxy_authvp, &proxy_auth_stats);
}
#ifdef WITH_ACCOUNTING
/*
* Proxied accounting requests.
*/
if (((flag->vp_integer & 0x08) != 0) &&
((flag->vp_integer & 0x20) == 0)) {
request_stats_addvp(request, proxy_acctvp, &proxy_acct_stats);
}
#endif
#endif
/*
* Internal server statistics
*/
if ((flag->vp_integer & 0x10) != 0) {
vp = radius_paircreate(request, &request->reply->vps,
FR2ATTR(176), PW_TYPE_DATE);
if (vp) vp->vp_date = radius_start_time.tv_sec;
vp = radius_paircreate(request, &request->reply->vps,
FR2ATTR(177), PW_TYPE_DATE);
if (vp) vp->vp_date = radius_hup_time.tv_sec;
#ifdef HAVE_PTHREAD_H
int i, array[RAD_LISTEN_MAX];
thread_pool_queue_stats(array);
for (i = 0; i <= RAD_LISTEN_DETAIL; i++) {
vp = radius_paircreate(request, &request->reply->vps,
FR2ATTR(162 + i),
PW_TYPE_INTEGER);
if (!vp) continue;
vp->vp_integer = array[i];
}
#endif
}
/*
* For a particular client.
*/
if ((flag->vp_integer & 0x20) != 0) {
fr_ipaddr_t ipaddr;
VALUE_PAIR *server_ip, *server_port = NULL;
RADCLIENT *client = NULL;
RADCLIENT_LIST *cl = NULL;
/*
* See if we need to look up the client by server
* socket.
*/
server_ip = pairfind(request->packet->vps, FR2ATTR(170));
if (server_ip) {
server_port = pairfind(request->packet->vps,
FR2ATTR(171));
if (server_port) {
ipaddr.af = AF_INET;
ipaddr.ipaddr.ip4addr.s_addr = server_ip->vp_ipaddr;
cl = listener_find_client_list(&ipaddr, server_port->vp_integer);
//.........这里部分代码省略.........
开发者ID:Antti,项目名称:freeradius-server,代码行数:101,代码来源:frs_status.c
示例13: mod_authorize
/*
* Check if account has expired, and if user may login now.
*/
static rlm_rcode_t mod_authorize(void *instance, REQUEST *request)
{
rlm_logintime_t *inst = instance;
VALUE_PAIR *ends, *timeout;
int left;
ends = pairfind(request->config_items, PW_LOGIN_TIME, 0, TAG_ANY);
if (!ends) {
return RLM_MODULE_NOOP;
}
/*
* Authentication is OK. Now see if this user may login at this time of the day.
*/
RDEBUG("Checking Login-Time");
/*
* Compare the time the request was received with the current Login-Time value
*/
left = timestr_match(ends->vp_strvalue, request->timestamp);
/*
* Do nothing, login time is not controlled (unendsed).
*/
if (left == 0) {
return RLM_MODULE_OK;
}
/*
* The min_time setting is to deal with NAS that won't allow Session-Timeout values below a certain value
* For example some Alcatel Lucent products won't allow a Session-Timeout < 300 (5 minutes).
*
* We don't know were going to get another chance to lock out the user, so we need to do it now.
*/
if (left < inst->min_time) {
RDEBUGE("Login outside of allowed time-slot (session end %s, with lockout %i seconds before)",
ends->vp_strvalue, inst->min_time);
return RLM_MODULE_USERLOCK;
}
/* else left > inst->min_time */
/*
* There's time left in the users session, inform the NAS by including a Session-Timeout
* attribute in the reply, or modifying the existing one.
*/
RDEBUG("Login within allowed time-slot, %i seconds left in this session", left);
timeout = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (timeout) { /* just update... */
if (timeout->vp_integer > (unsigned int) left) {
timeout->vp_integer = left;
}
} else {
timeout = radius_paircreate(request, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
timeout->vp_integer = left;
}
RDEBUG("reply:Session-Timeout set to %i", left);
return RLM_MODULE_OK;
}
开发者ID:p11235,项目名称:freeradius-server,代码行数:66,代码来源:rlm_logintime.c
示例14: main
//.........这里部分代码省略.........
if (!filter_file || filedone ||
((input_file != NULL) && (strcmp(filter_file, input_file) != 0))) {
if (output_file) {
fclose(fp);
fp = NULL;
}
filedone = false;
}
/*
* There is a filter file. If necessary, open it. If we
* already are reading it via "input_file", then we don't
* need to re-open it.
*/
if (filter_file) {
if (!fp) {
fp = fopen(filter_file, "r");
if (!fp) {
fprintf(stderr, "Failed reading %s: %s\n", filter_file, strerror(errno));
rcode = EXIT_FAILURE;
goto finish;
}
}
if (readvp2(request, &filter_vps, fp, &filedone) < 0) {
fprintf(stderr, "Failed reading attributes from %s: %s\n",
filter_file, fr_strerror());
rcode = EXIT_FAILURE;
goto finish;
}
/*
* FIXME: loop over input packets.
*/
fclose(fp);
}
rad_virtual_server(request);
if (!output_file || (strcmp(output_file, "-") == 0)) {
fp = stdout;
} else {
fp = fopen(output_file, "w");
if (!fp) {
fprintf(stderr, "Failed writing %s: %s\n",
output_file, strerror(errno));
exit(EXIT_FAILURE);
}
}
print_packet(fp, request->reply);
if (output_file) fclose(fp);
/*
* Update the list with the response type.
*/
vp = radius_paircreate(request->reply, &request->reply->vps,
PW_RESPONSE_PACKET_TYPE, 0);
vp->vp_integer = request->reply->code;
{
VALUE_PAIR const *failed[2];
if (filter_vps && !pairvalidate(failed, filter_vps, request->reply->vps)) {
pairvalidate_debug(request, failed);
fr_perror("Output file %s does not match attributes in filter %s",
output_file ? output_file : input_file, filter_file);
rcode = EXIT_FAILURE;
goto finish;
}
}
INFO("Exiting normally");
finish:
talloc_free(request);
/*
* Detach any modules.
*/
modules_free();
xlat_free(); /* modules may have xlat's */
fr_state_delete();
/*
* Free the configuration items.
*/
main_config_free();
if (memory_report) {
INFO("Allocated memory at time of report:");
fr_log_talloc_report(NULL);
}
return rcode;
}
开发者ID:LarsKollstedt,项目名称:freeradius-server,代码行数:101,代码来源:unittest.c
示例15: logintime_authorize
/*
* Check if account has expired, and if user may login now.
*/
static rlm_rcode_t logintime_authorize(void *instance, REQUEST *request)
{
rlm_logintime_t *data = (rlm_logintime_t *)instance;
VALUE_PAIR *check_item = NULL;
int r;
if ((check_item = pairfind(request->config_items, PW_LOGIN_TIME, 0, TAG_ANY)) != NULL) {
/*
* Authentication is OK. Now see if this
* user may login at this time of the day.
*/
DEBUG("rlm_logintime: Checking Login-Time: '%s'",check_item->vp_strvalue);
r = timestr_match((char *)check_item->vp_strvalue,
request->timestamp);
if (r == 0) { /* unlimited */
/*
* Do nothing: login-time is OK.
*/
/*
* Session-Timeout needs to be at least
* 60 seconds, some terminal servers
* ignore smaller values.
*/
DEBUG("rlm_logintime: timestr returned unlimited");
} else if (r < data->min_time) {
char logstr[MAX_STRING_LEN];
VALUE_PAIR *module_fmsg_vp;
/*
* User called outside allowed time interval.
*/
DEBUG("rlm_logintime: timestr returned reject");
if (data->msg && data->msg[0]){
char msg[MAX_STRING_LEN];
VALUE_PAIR *tmp;
if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL, NULL)) {
radlog(L_ERR, "rlm_logintime: xlat failed.");
return RLM_MODULE_FAIL;
}
pairfree(&request->reply->vps);
tmp = pairmake("Reply-Message", msg, T_OP_SET);
request->reply->vps = tmp;
}
snprintf(logstr, sizeof(logstr), "Outside allowed timespan (time allowed %s)",
check_item->vp_strvalue);
module_fmsg_vp = pairmake("Module-Failure-Message", logstr, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
} else if (r > 0) {
VALUE_PAIR *reply_item;
/*
* User is allowed, but set Session-Timeout.
*/
DEBUG("rlm_logintime: timestr returned accept");
if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY)) != NULL) {
if (reply_item->vp_integer > (unsigned) r)
reply_item->vp_integer = r;
} else {
reply_item = radius_paircreate(request,
&request->reply->vps,
PW_SESSION_TIMEOUT, 0,
PW_TYPE_INTEGER);
reply_item->vp_integer = r;
}
DEBUG("rlm_logintime: Session-Timeout set to: %d",r);
}
}
else
return RLM_MODULE_NOOP;
return RLM_MODULE_OK;
}
开发者ID:FabioPedretti,项目名称:freeradius-server,代码行数:83,代码来源:rlm_logintime.c
示例16: CC_HINT
//.........这里部分代码省略.........
return rcode;
}
/*
* Look for the check item
*/
if ((da = dict_attrbyname(inst->limit_name)) == NULL) {
return rcode;
}
limit = pairfind(request->config_items, da->attr, da->vendor, TAG_ANY);
if (limit == NULL) {
RWDEBUG2("Couldn't find control attribute 'control:%s'", inst->limit_name);
return rcode;
}
/* First, expand %k, %b and %e in query */
if (sqlcounter_expand(subst, sizeof(subst), inst->query, inst) <= 0) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
}
/* Then combine that with the name of the module were using to do the query */
len = snprintf(query, sizeof(query), "%%{%s:%s}", inst->sqlmod_inst, subst);
if (len >= (sizeof(query) - 1)) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
}
/* Finally, xlat resulting SQL query */
if (radius_axlat(&expanded, request, query, NULL, NULL) < 0) {
return RLM_MODULE_FAIL;
}
talloc_free(expanded);
if (sscanf(expanded, "%" PRIu64, &counter) != 1) {
RDEBUG2("No integer found in result string \"%s\". May be first session, setting counter to 0",
expanded);
counter = 0;
}
/*
* Check if check item > counter
*/
if (limit->vp_integer64 <= counter) {
/* User is denied access, send back a reply message */
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", inst->reset);
pairmake_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG2("Maximum %s usage time reached", inst->reset);
REDEBUG2("Rejecting user, control:%s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")",
inst->limit_name, limit->vp_integer64, counter);
return RLM_MODULE_REJECT;
}
res = limit->vp_integer64 - counter;
RDEBUG2("Allowing user, control:%s value (%" PRIu64 ") is greater than counter value (%" PRIu64 ")",
inst->limit_name, limit->vp_integer64, counter);
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to login
* again. Do this only for Session-Timeout.
*/
if (((inst->reply_attr->vendor == 0) && (inst->reply_attr->attr == PW_SESSION_TIMEOUT)) &&
inst->reset_time && ((int) res >= (inst->reset_time - request->timestamp))) {
res = (inst->reset_time - request->timestamp);
res += limit->vp_integer;
}
/*
* Limit the reply attribute to the minimum of the existing value, or this new one.
*/
reply_item = pairfind(request->reply->vps, inst->reply_attr->attr, inst->reply_attr->vendor, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer64 <= res) {
RDEBUG2("Leaving existing reply:%s value of %" PRIu64, inst->reply_attr->name,
reply_item->vp_integer64);
return RLM_MODULE_OK;
}
} else {
reply_item = radius_paircreate(request->reply, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
}
reply_item->vp_integer64 = res;
RDEBUG2("Setting reply:%s value to %" PRIu64, inst->reply_name, reply_item->vp_integer64);
return RLM_MODULE_OK;
}
开发者ID:AirspeedTelecom,项目名称:freeradius,代码行数:101,代码来源:rlm_sqlcounter.c
示例17: sqlcounter_authorize
//.........这里部分代码省略.........
if ((dattr = dict_attrbyname(data->check_name)) == NULL) {
return ret;
}
/* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */
if ((check_vp= pairfind(request->config_items, dattr->attr, dattr->vendor)) == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Check item value pair");
return ret;
}
/* first, expand %k, %b and %e in query */
sqlcounter_expand(querystr, MAX_QUERY_LEN, data->query, instance);
/* next, wrap query with sql module & expand */
snprintf(sqlxlat, sizeof(sqlxlat), "%%{%s:%s}", data->sqlmod_inst, querystr);
/* Finally, xlat resulting SQL query */
radius_xlat(querystr, MAX_QUERY_LEN, sqlxlat, request, NULL, NULL);
if (sscanf(querystr, "%u", &counter) != 1) {
DEBUG2("rlm_sqlcounter: No integer found in string \"%s\"",
querystr);
return RLM_MODULE_NOOP;
}
/*
* Check if check item > counter
*/
if (check_vp->vp_integer > counter) {
unsigned int res = check_vp->vp_integer - counter;
DEBUG2("rlm_sqlcounter: Check item is greater than query result");
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to login
* again. Do this only for Session-Timeout.
*/
if ((data->reply_attr->attr == PW_SESSION_TIMEOUT) &&
data->reset_time &&
(res >= (data->reset_time - request->timestamp))) {
res = data->reset_time - request->timestamp;
res += check_vp->vp_integer;
}
/*
* Limit the reply attribute to the minimum of
* the existing value, or this new one.
*/
reply_item = pairfind(request->reply->vps, data->reply_attr->attr, data->reply_attr->vendor);
if (reply_item) {
if (reply_item->vp_integer > res)
reply_item->vp_integer = res;
} else {
reply_item = radius_paircreate(request,
&request->reply->vps,
data->reply_attr->attr,
data->reply_attr->vendor,
PW_TYPE_INTEGER);
reply_item->vp_integer = res;
}
ret=RLM_MODULE_OK;
DEBUG2("rlm_sqlcounter: Authorized user %s, check_item=%u, counter=%u",
key_vp->vp_strvalue,check_vp->vp_integer,counter);
DEBUG2("rlm_sqlcounter: Sent Reply-Item for user %s, Type=%s, value=%u",
key_vp->vp_strvalue,data->reply_name,reply_item->vp_integer);
}
else{
char module_fmsg[MAX_STRING_LEN];
VALUE_PAIR *module_fmsg_vp;
DEBUG2("rlm_sqlcounter: (Check item - counter) is less than zero");
/*
* User is denied access, send back a reply message
*/
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", data->reset);
reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
pairadd(&request->reply->vps, reply_item);
snprintf(module_fmsg, sizeof(module_fmsg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset);
module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
ret=RLM_MODULE_REJECT;
DEBUG2("rlm_sqlcounter: Rejected user %s, check_item=%u, counter=%u",
key_vp->vp_strvalue,check_vp->vp_integer,counter);
}
return ret;
}
开发者ID:iliyap,项目名称:freeradius-server,代码行数:101,代码来源:rlm_sqlcounter.c
示例18: replicate_packet
//.........这里部分代码省略.........
pool = realm->acct_pool;
break;
#endif
#ifdef WITH_COA
case PW_COA_REQUEST:
case PW_DISCONNECT_REQUEST:
pool = realm->acct_pool;
break;
#endif
}
if (!pool) {
RDEBUG2(" WARNING: Cancelling replication to Realm %s, as the realm is local.", realm->name);
continue;
}
home = home_server_ldb(realm->name, pool, request);
if (!home) {
RDEBUG2("ERROR: Failed to find live home server for realm %s",
realm->name);
continue;
}
if (!packet) {
packet = rad_alloc(1);
if (!packet) return RLM_MODULE_FAIL;
packet->sockfd = -1;
packet->code = request->packet->code;
packet->id = fr_rand() & 0xff;
packet->sockfd = fr_socket(&home->src_ipaddr, 0);
if (packet->sockfd < 0) {
RDEBUG("ERROR: Failed opening socket: %s", fr_strerror());
cleanup(packet);
return RLM_MODULE_FAIL;
}
packet->vps = paircopy(request->packet->vps);
if (!packet->vps) {
RDEBUG("ERROR: Out of memory!");
cleanup(packet);
return RLM_MODULE_FAIL;
}
/*
* For CHAP, create the CHAP-Challenge if
* it doesn't exist.
*/
if ((request->packet->code == PW_AUTHENTICATION_REQUEST) &&
(pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0) != NULL) &&
(pairfind(request->packet->vps, PW_CHAP_CHALLENGE, 0) == NULL)) {
vp = radius_paircreate(request, &packet->vps,
PW_CHAP_CHALLENGE, 0,
PW_TYPE_OCTETS);
vp->length = AUTH_VECTOR_LEN;
memcpy(vp->vp_strvalue, request->packet->vector,
AUTH_VECTOR_LEN);
}
} else {
size_t i;
for (i = 0; i < sizeof(packet->vector); i++) {
packet->vector[i] = fr_rand() & 0xff;
}
packet->id++;
free(packet->data);
packet->data = NULL;
packet->data_len = 0;
}
/*
* (Re)-Write these.
*/
packet->dst_ipaddr = home->ipaddr;
packet->dst_port = home->port;
memset(&packet->src_ipaddr, 0, sizeof(packet->src_ipaddr));
packet->src_port = 0;
/*
* Encode, sign and then send the packet.
*/
RDEBUG("Replicating packet to Realm %s", realm->name);
if (rad_send(packet, NULL, home->secret) < 0) {
RDEBUG("ERROR: Failed replicating packet: %s",
fr_strerror());
cleanup(packet);
return RLM_MODULE_FAIL;
}
/*
* We've sent it to at least one destination.
*/
rcode = RLM_MODULE_OK;
}
cleanup(packet);
return rcode;
}
开发者ID:vlet,项目名称:freeradius-server,代码行数:101,代码来源:rlm_replicate.c
|
客服电话
APP下载
官方微信
请发表评论