--- FILES Mon Aug 29 12:03:17 2005 +++ FILES Sun Sep 18 22:53:43 2005 @@ -50,6 +50,9 @@ cvm-pwfile.html cvm-qmail.c cvm-qmail.html +cvm-radius-local.c +cvm-radius-udp.c +cvm-radius.c cvm-testclient.c cvm-testclient.html cvm-unix.c --- INSTHIER Mon Aug 29 12:03:17 2005 +++ INSTHIER Sun Sep 18 22:53:55 2005 @@ -10,6 +10,9 @@ c?:::755::cvm-pgsql-udp c:::755::cvm-pwfile c:::755::cvm-qmail +c?:::755::cvm-radius +c?:::755::cvm-radius-local +c?:::755::cvm-radius-udp c:::755::cvm-testclient c:::755::cvm-v1benchclient c:::755::cvm-v1checkpassword --- Makefile Mon Aug 29 12:03:17 2005 +++ Makefile Sat Sep 17 18:36:58 2005 @@ -115,6 +115,24 @@ cvm-qmail.o: compile cvm-qmail.c module.h credentials.h errors.h facts.h qmail.h ./compile cvm-qmail.c +cvm-radius: load cvm-radius.o module.a + ./load cvm-radius module.a -lbg -lradius + +cvm-radius-local: load cvm-radius-local.o cvm-radius.o local.a + ./load cvm-radius-local cvm-radius.o local.a -lbg -lradius + +cvm-radius-local.o: compile cvm-radius-local.c + ./compile cvm-radius-local.c + +cvm-radius-udp: load cvm-radius-udp.o cvm-radius.o udp.a + ./load cvm-radius-udp cvm-radius.o udp.a -lbg -lradius + +cvm-radius-udp.o: compile cvm-radius-udp.c + ./compile cvm-radius-udp.c + +cvm-radius.o: compile cvm-radius.c module.h credentials.h errors.h facts.h sql.h + ./compile cvm-radius.c + cvm-testclient: load cvm-testclient.o v2client.a socket.lib ./load cvm-testclient v2client.a -lbg `cat socket.lib` @@ -262,6 +280,8 @@ qmail.a: makelib qmail-domains.o qmail-dotfile.o qmail-init.o qmail-lookup.o qmail-users.o ./makelib qmail.a qmail-domains.o qmail-dotfile.o qmail-init.o qmail-lookup.o qmail-users.o + +radius: cvm-radius cvm-radius-local cvm-radius-udp s.lib: compile load trylib.c ( ( ./compile trylib.c && ./load trylib -ls ) >/dev/null 2>&1 \ --- SRCFILES Mon Aug 29 12:03:17 2005 +++ SRCFILES Sun Sep 18 22:54:03 2005 @@ -17,6 +17,9 @@ cvm-pgsql.c cvm-pwfile.c cvm-qmail.c +cvm-radius-local.c +cvm-radius-udp.c +cvm-radius.c cvm-testclient.c cvm-unix.c cvm-v1benchclient.c --- TARGETS Mon Aug 29 12:03:17 2005 +++ TARGETS Sun Sep 18 22:54:11 2005 @@ -32,6 +32,12 @@ cvm-pwfile.o cvm-qmail cvm-qmail.o +cvm-radius +cvm-radius-local +cvm-radius-local.o +cvm-radius-udp +cvm-radius-udp.o +cvm-radius.o cvm-testclient cvm-testclient.o cvm-unix @@ -79,6 +85,7 @@ qmail-lookup.o qmail-users.o qmail.a +radius s.lib sasl-auth-test sasl-auth-test.o --- cvm-radius-local.c Wed Dec 31 19:00:00 1969 +++ cvm-radius-local.c Sun Sep 18 22:41:57 2005 @@ -0,0 +1 @@ +/* for diff */ --- cvm-radius-udp.c Wed Dec 31 19:00:00 1969 +++ cvm-radius-udp.c Sun Sep 18 22:41:53 2005 @@ -0,0 +1 @@ +/* for diff */ --- cvm-radius.c Wed Dec 31 19:00:00 1969 +++ cvm-radius.c Sun Sep 18 22:37:44 2005 @@ -0,0 +1,100 @@ +/* cvm/cvm-radius.c - Radius CVM + * Copyright (C) 2005 Dale Woolridge + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +#include +#include +#include +#include +#include +#include "module.h" + +const char program[] = "cvm-radius"; + +static struct rad_handle *rh = 0; + +int cvm_module_init(void) +{ + rh = rad_auth_open(); + if (!rh) return CVME_CONFIG; + if (rad_config(rh, getenv("CVM_RADIUS_CONFIG"))) return CVME_CONFIG; + + return 0; +} + +int cvm_module_lookup(void) +{ + CVM_CRED_REQUIRED(DOMAIN); + return 0; +} + +int cvm_module_authenticate(void) +{ + int r; + + CVM_CRED_REQUIRED(PASSWORD); + + /* can retrieve errors using rad_strerror(rh) */ + if (rad_create_request(rh, RAD_ACCESS_REQUEST)) return CVME_PERMFAIL; + if (rad_put_string(rh, RAD_USER_NAME, cvm_module_credentials[CVM_CRED_ACCOUNT].s)) return CVME_PERMFAIL; + if (rad_put_string(rh, RAD_USER_PASSWORD, cvm_module_credentials[CVM_CRED_PASSWORD].s)) return CVME_PERMFAIL; + if (rad_put_int(rh, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY)) return CVME_PERMFAIL; + + r = rad_send_request(rh); + switch (r) { + case RAD_ACCESS_ACCEPT: break; + case RAD_ACCESS_REJECT: return CVME_PERMFAIL; + default: /* case -1: */ + return CVME_GENERAL | CVME_FATAL; + } + + return 0; +} + +int cvm_module_results(void) +{ + int type; + const void *val; + size_t len; + char *p; + + cvm_fact_username = cvm_module_credentials[CVM_CRED_ACCOUNT].s; + while ((type = rad_get_attr(rh, &val, &len)) > 0) { + if (type == RAD_USER_NAME) { + p = rad_cvt_string(val, len); + if (!p) return CVME_IO; + cvm_fact_username = p; + } + } + + cvm_fact_userid = -1; + cvm_fact_groupid = -1; + cvm_fact_directory = ""; /* we'd make it 0, but this will allow cvm-testclient to work */ + cvm_fact_realname = 0; + cvm_fact_shell = 0; + cvm_fact_groupname = 0; + cvm_fact_domain = cvm_module_credentials[CVM_CRED_DOMAIN].s; + cvm_fact_sys_username = 0; + cvm_fact_sys_directory = 0; + cvm_fact_mailbox = 0; + + return 0; +} + +void cvm_module_stop(void) +{ + rad_close(rh); +} --- cvm-radius.html Wed Dec 31 19:00:00 1969 +++ cvm-radius.html Sun Sep 18 22:32:56 2005 @@ -0,0 +1,25 @@ + + + +

CVM

+ +

The cvm-radius Module

+ +

Synopsis:

RADIUS protocol module

+ +

Credentials:

+ +
    +
  1. Pass phrase +
+ +

Description:

+ +

This module uses the RADIUS protocol (via the libradius(3) API) to validate credentials. + +

Configuration Variables:

+ +

None

+ + +