Skip to content
Snippets Groups Projects
Commit f4fdf102 authored by Robert Anderson's avatar Robert Anderson
Browse files

* Updated config file handling 

* Various other API changes, fixes & updates
parent 6a6684ad
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 59 additions and 31 deletions
smradiusd
+ 59
31
View file @ f4fdf102
...@@ -25,6 +25,7 @@ use warnings; ...@@ -25,6 +25,7 @@ use warnings;
use lib qw( use lib qw(
../ ./ ../ ./
smradius/modules/authentication smradius/modules/authentication
smradius/modules/userdb
); );
package radiusd; package radiusd;
...@@ -172,19 +173,25 @@ sub configure { ...@@ -172,19 +173,25 @@ sub configure {
# Authentication plugins # Authentication plugins
# #
my @auth_params = ( my @auth_params = (
'plugins', 'mechanisms',
'users',
); );
my $auth; my $auth;
foreach my $param (@auth_params) { foreach my $param (@auth_params) {
$auth->{$param} = $config{'authentication'}{$param} if (defined($config{'authentication'}{$param})); $auth->{$param} = $config{'authentication'}{$param} if (defined($config{'authentication'}{$param}));
} }
if (!defined($auth->{'plugins'})) { if (!defined($auth->{'mechanisms'})) {
$self->log(LOG_ERR,"[SMRADIUS] Authentication configuration error: 'plugins' not found"); $self->log(LOG_ERR,"[SMRADIUS] Authentication configuration error: Mechanism plugins not found");
exit 1; exit 1;
} }
if (!defined($auth->{'users'})) {
$self->log(LOG_ERR,"[SMRADIUS] Authentication configuration error: Userdb plugins not found");
exit 1;
}
# Split off plugins # Split off plugins
foreach my $plugin (@{$auth->{'plugins'}}) { foreach my $plugin (@{$auth->{'mechanisms'}},@{$auth->{'users'}}) {
$plugin =~ s/\s+//g; $plugin =~ s/\s+//g;
} }
...@@ -211,7 +218,10 @@ sub configure { ...@@ -211,7 +218,10 @@ sub configure {
$cfg->{'authentication'} = $auth; $cfg->{'authentication'} = $auth;
$cfg->{'dictionary'} = $dictionary; $cfg->{'dictionary'} = $dictionary;
$cfg->{'plugins'} = [ @{$auth->{'plugins'}} ]; $cfg->{'plugins'} = [
@{$auth->{'mechanisms'}},
@{$auth->{'users'}}
];
# Save our config and stuff # Save our config and stuff
$self->{'config'} = $cfg; $self->{'config'} = $cfg;
...@@ -241,8 +251,7 @@ sub post_configure_hook { ...@@ -241,8 +251,7 @@ sub post_configure_hook {
# Store the dictionary # Store the dictionary
$self->{'radius'}->{'dictionary'} = $dict; $self->{'radius'}->{'dictionary'} = $dict;
# Load authentication mechs $self->log(LOG_NOTICE,"[SMRADIUS] Initializing modules...");
$self->log(LOG_NOTICE,"[SMRADIUS] Initializing authentication mechanisms...");
# Load plugins # Load plugins
foreach my $plugin (@{$config->{'plugins'}}) { foreach my $plugin (@{$config->{'plugins'}}) {
# Load plugin # Load plugin
...@@ -251,12 +260,12 @@ sub post_configure_hook { ...@@ -251,12 +260,12 @@ sub post_configure_hook {
plugin_register(\$self,\"$plugin\",\$${plugin}::pluginInfo); plugin_register(\$self,\"$plugin\",\$${plugin}::pluginInfo);
"); ");
if ($@ || (defined($res) && $res != 0)) { if ($@ || (defined($res) && $res != 0)) {
$self->log(LOG_WARN,"[SMRADIUS] Error loading authentication plugin $plugin ($@)"); $self->log(LOG_WARN,"[SMRADIUS] Error loading plugin $plugin ($@)");
} else { } else {
$self->log(LOG_DEBUG,"[SMRADIUS] Authentication plugin '$plugin' loaded."); $self->log(LOG_DEBUG,"[SMRADIUS] Plugin '$plugin' loaded.");
} }
} }
$self->log(LOG_NOTICE,"[SMRADIUS] Authentication mechanisms initialized."); $self->log(LOG_NOTICE,"[SMRADIUS] Plugins initialized.");
$self->log(LOG_NOTICE,"[SMRADIUS] Initializing system modules."); $self->log(LOG_NOTICE,"[SMRADIUS] Initializing system modules.");
# Init config # Init config
...@@ -360,7 +369,7 @@ sub process_request { ...@@ -360,7 +369,7 @@ sub process_request {
my $pkt = new Radius::Packet($self->{'radius'}->{'dictionary'},$udp_packet); my $pkt = new Radius::Packet($self->{'radius'}->{'dictionary'},$udp_packet);
# VERIFY SOURCE SERVER # VERIFY SOURCE SERVER
$self->log(LOG_DEBUG,"[SMRADIUS] Packet From = > ".$server->{'peeraddr'}."\n"); $self->log(LOG_DEBUG,"[SMRADIUS] Packet From = > ".$server->{'peeraddr'});
#LOGIN #LOGIN
...@@ -450,21 +459,26 @@ sub process_request { ...@@ -450,21 +459,26 @@ sub process_request {
# Is this an accounting request # Is this an accounting request
if ($pkt->code eq "Accounting-Request") { if ($pkt->code eq "Accounting-Request") {
$self->log(LOG_DEBUG,"[SMRADIUS] Accounting Request Packet");
# Or maybe a access request # Or maybe a access request
} elsif ($pkt->code eq "Access-Request") { } elsif ($pkt->code eq "Access-Request") {
$self->log(LOG_DEBUG,"[SMRADIUS] Access Request Packet");
$self->log(LOG_DEBUG,"[SMRADIUS] Packet: ".$pkt->dump);
# Main user hash with everything in # Main user hash with everything in
my $user = { my $user = {
'Username' => $pkt->attr('User-Name') 'Username' => $pkt->attr('User-Name')
}; };
# Found stuff # UserDB variables
my $found = 0; my $userdb; # This is the module that ACK or NACK the user
my $userdb; # Authentication variables
# Authentication stuff
my $authenticated = 0; my $authenticated = 0;
my $mechanism; my $mechanism;
# Authorization stuff # Authorization variables
my $authorized = 0; my $authorized = 0;
...@@ -475,9 +489,9 @@ sub process_request { ...@@ -475,9 +489,9 @@ sub process_request {
# Loop with modules to try find user # Loop with modules to try find user
foreach my $module (@{$self->{'plugins'}}) { foreach my $module (@{$self->{'plugins'}}) {
# Try find user # Try find user
if ($module->{'Auth_find'}) { if ($module->{'User_find'}) {
$self->log(LOG_INFO,"[SMRADIUS] FIND: Trying plugin '".$module->{'Name'}."' for username '".$user->{'Username'}."'"); $self->log(LOG_INFO,"[SMRADIUS] FIND: Trying plugin '".$module->{'Name'}."' for username '".$user->{'Username'}."'");
my $res = $module->{'Auth_find'}($self,$user); my $res = $module->{'User_find'}($self,$user,$pkt);
# Check result # Check result
if (!defined($res)) { if (!defined($res)) {
...@@ -491,13 +505,11 @@ sub process_request { ...@@ -491,13 +505,11 @@ sub process_request {
} elsif ($res == MOD_RES_ACK) { } elsif ($res == MOD_RES_ACK) {
$self->log(LOG_NOTICE,"[SMRADIUS] FIND: Username found with '".$module->{'Name'}."'"); $self->log(LOG_NOTICE,"[SMRADIUS] FIND: Username found with '".$module->{'Name'}."'");
$userdb = $module; $userdb = $module;
$found = 1;
last; last;
# Or a negative result # Or a negative result
} elsif ($res == MOD_RES_NACK) { } elsif ($res == MOD_RES_NACK) {
$self->log(LOG_NOTICE,"[SMRADIUS] FIND: Username not found with '".$module->{'Name'}."'"); $self->log(LOG_NOTICE,"[SMRADIUS] FIND: Username not found with '".$module->{'Name'}."'");
$userdb = $module;
last; last;
} }
...@@ -505,7 +517,8 @@ sub process_request { ...@@ -505,7 +517,8 @@ sub process_request {
} }
# If no user is found, bork out ... # If no user is found, bork out ...
if (!$found) { if (!defined($userdb)) {
$self->log(LOG_INFO,"[SMRADIUS] FIND: No plugin found for username '".$user->{'Username'}."'");
goto CHECK_RESULT; goto CHECK_RESULT;
} }
...@@ -514,17 +527,21 @@ sub process_request { ...@@ -514,17 +527,21 @@ sub process_request {
# #
# Get user data # Get user data
if ($userdb->{'Auth_get'}) { if ($userdb->{'User_get'}) {
my $res = $userdb->{'Auth_get'}($self,$user); my $res = $userdb->{'User_get'}($self,$user);
# Check result # Check result
if (!defined($res) || ref($res) ne "HASH") { if (!defined($res) || ref($res) ne "HASH") {
$self->log(LOG_WARNING,"[SMRADIUS] GET: No data returned from '".$userdb->{'Name'}."' for user '".$user->{'Username'}."'"); $self->log(LOG_WARN,"[SMRADIUS] GET: No data returned from '".$userdb->{'Name'}."' for username '".$user->{'Username'}."'");
goto CHECK_RESULT; goto CHECK_RESULT;
} }
# Setup user data # Setup user dataw
$user->{'User'} = $res->{'User'}; $user->{'ClearPassword'} = $res->{'ClearPassword'};
$user->{'Group'} = $res->{'Group'}; $user->{'Attributes'} = $res->{'Attributes'};
} else {
$self->log(LOG_INFO,"[SMRADIUS] GET: No 'User_get' funcation available for module '".$userdb->{'Name'}."'");
goto CHECK_RESULT;
} }
# #
...@@ -575,14 +592,25 @@ sub process_request { ...@@ -575,14 +592,25 @@ sub process_request {
$resp->set_code('Access-Accept'); $resp->set_code('Access-Accept');
$resp->set_identifier($pkt->identifier); $resp->set_identifier($pkt->identifier);
$resp->set_authenticator($pkt->authenticator); $resp->set_authenticator($pkt->authenticator);
$resp->set_attr('Framed-IP-Address' => "192.168.0.233"); # Loop with user attributes and add to radius response
foreach my $attr (@{$user->{'Attributes'}}) {
$resp->set_attr($attr->{'Name'},$attr->{'Value'});
}
$self->log(LOG_DEBUG,"[SMRADIUS] User attributes:".Dumper($user));
$udp_packet = auth_resp($resp->pack, "test"); $udp_packet = auth_resp($resp->pack, "test");
$server->{'client'}->send($udp_packet); $server->{'client'}->send($udp_packet);
} }
CHECK_RESULT: CHECK_RESULT:
# Check if found and authenticated # Check if found and authenticated
if (!$found || !$authenticated) { if (!$authenticated) {
} else { my $resp = Radius::Packet->new($self->{'radius'}->{'dictionary'});
$resp->set_code('Access-Reject');
$resp->set_identifier($pkt->identifier);
$resp->set_authenticator($pkt->authenticator);
$udp_packet = auth_resp($resp->pack, "test");
$server->{'client'}->send($udp_packet);
} }
# We don't know how to handle this # We don't know how to handle this
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment