3 * Copyright 1998-2009 The OpenLDAP Foundation.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted only as authorized by the OpenLDAP
10 * A copy of this license is available in the file LICENSE in the
11 * top-level directory of the distribution or, alternatively, at
12 * <http://www.OpenLDAP.org/license.html>.
20 #include <lber_pvt.h> /* BER_BVC definition */
22 #include <ldap_pvt_thread.h>
23 #include <ac/string.h>
24 #include <ac/unistd.h>
28 static LUTIL_PASSWD_CHK_FUNC chk_radius;
29 static const struct berval scheme = BER_BVC("{RADIUS}");
30 static char *config_filename;
31 static ldap_pvt_thread_mutex_t libradius_mutex;
35 const struct berval *sc,
36 const struct berval *passwd,
37 const struct berval *cred,
41 int rc = LUTIL_PASSWD_ERR;
43 struct rad_handle *h = NULL;
45 for ( i = 0; i < cred->bv_len; i++ ) {
46 if ( cred->bv_val[ i ] == '\0' ) {
47 return LUTIL_PASSWD_ERR; /* NUL character in cred */
51 if ( cred->bv_val[ i ] != '\0' ) {
52 return LUTIL_PASSWD_ERR; /* cred must behave like a string */
55 for ( i = 0; i < passwd->bv_len; i++ ) {
56 if ( passwd->bv_val[ i ] == '\0' ) {
57 return LUTIL_PASSWD_ERR; /* NUL character in password */
61 if ( passwd->bv_val[ i ] != '\0' ) {
62 return LUTIL_PASSWD_ERR; /* passwd must behave like a string */
65 ldap_pvt_thread_mutex_lock( &libradius_mutex );
69 ldap_pvt_thread_mutex_unlock( &libradius_mutex );
70 return LUTIL_PASSWD_ERR;
73 if ( rad_config( h, config_filename ) != 0 ) {
77 if ( rad_create_request( h, RAD_ACCESS_REQUEST ) ) {
81 if ( rad_put_string( h, RAD_USER_NAME, passwd->bv_val ) != 0 ) {
85 if ( rad_put_string( h, RAD_USER_PASSWORD, cred->bv_val ) != 0 ) {
89 switch ( rad_send_request( h ) ) {
90 case RAD_ACCESS_ACCEPT:
94 case RAD_ACCESS_REJECT:
95 rc = LUTIL_PASSWD_ERR;
98 case RAD_ACCESS_CHALLENGE:
99 rc = LUTIL_PASSWD_ERR;
103 /* no valid response is received */
110 ldap_pvt_thread_mutex_unlock( &libradius_mutex );
117 return ldap_pvt_thread_mutex_destroy( &libradius_mutex );
121 init_module( int argc, char *argv[] )
125 for ( i = 0; i < argc; i++ ) {
126 if ( strncasecmp( argv[ i ], "config=", STRLENOF( "config=" ) ) == 0 ) {
127 /* FIXME: what if multiple loads of same module?
128 * does it make sense (e.g. override an existing one)? */
129 if ( config_filename == NULL ) {
130 config_filename = ber_strdup( &argv[ i ][ STRLENOF( "config=" ) ] );
134 fprintf( stderr, "init_module(radius): unknown arg#%d=\"%s\".\n",
140 ldap_pvt_thread_mutex_init( &libradius_mutex );
142 return lutil_passwd_add( (struct berval *)&scheme, chk_radius, NULL );