/etc/freeradius/sites-available \
/etc/freeradius/sites-enabled \
/etc/freeradius/mods-config/attr_filter \
+ /etc/freeradius/global.d \
/etc/freeradius/policy.d
do
if ! dpkg-statoverride --list | grep -qw $dir$; then
/etc/freeradius/mods-enabled \
/etc/freeradius/mods-config/attr_filter \
/etc/freeradius/mods-config \
+ /etc/freeradius/global.d \
/etc/freeradius/policy.d \
/var/run/freeradius \
/var/log/freeradius
BUILD_RADDB := $(strip $(foreach x,install clean,$(findstring $(x),$(MAKECMDGOALS))))
ifneq "$(BUILD_RADDB)" ""
-RADDB_DIRS := certs mods-available mods-enabled policy.d template.d \
+RADDB_DIRS := certs mods-available mods-enabled global.d policy.d template.d \
sites-available sites-enabled \
$(patsubst raddb/%,%,$(call FIND_DIRS,raddb/mods-config))
$(addprefix raddb/,$(LOCAL_FILES)) \
$(addprefix raddb/certs/,$(INSTALL_CERT_FILES)) \
$(call FIND_FILES,raddb/mods-config) \
+ $(call FIND_FILES,raddb/global.d) \
$(call FIND_FILES,raddb/policy.d) \
$(call FIND_FILES,raddb/template.d)
--- /dev/null
+ldap {
+ #
+ # random_file:: Provides random number generator.
+ #
+# random_file = /dev/urandom
+
+ #
+ # ldap_debug:: Debug flags for libldap (see OpenLDAP documentation).
+ # Set this to enable debugging output from different code areas within libldap.
+ #
+ # NOTE: These debugging options can produce significant amounts of logging output.
+ #
+ # [options="header,autowidth"]
+ # |===
+ # | Option | Value
+ # | LDAP_DEBUG_TRACE | 0x0001
+ # | LDAP_DEBUG_PACKETS | 0x0002
+ # | LDAP_DEBUG_ARGS | 0x0004
+ # | LDAP_DEBUG_CONNS | 0x0008
+ # | LDAP_DEBUG_BER | 0x0010
+ # | LDAP_DEBUG_FILTER | 0x0020
+ # | LDAP_DEBUG_CONFIG | 0x0040
+ # | LDAP_DEBUG_ACL | 0x0080
+ # | LDAP_DEBUG_STATS | 0x0100
+ # | LDAP_DEBUG_STATS2 | 0x0200
+ # | LDAP_DEBUG_SHELL | 0x0400
+ # | LDAP_DEBUG_PARSE | 0x0800
+ # | LDAP_DEBUG_SYNC | 0x4000
+ # | LDAP_DEBUG_NONE | 0x8000
+ # | LDAP_DEBUG_ANY | (-1)
+ # |===
+ #
+ # e.g:
+ #
+ # If you want to see the LDAP logs only for `trace` and `parse`,
+ # facilities you should use:
+ #
+ # (LDAP_DEBUG_TRACE + LDAP_DEBUG_PARSE) = 0x0801
+ #
+ # Setting the `ldap_debug` configuration item as follows:
+ #
+ # ldap_debug = 0x0801
+ #
+ # Default: 0x0000 (no debugging messages)
+ #
+ ldap_debug = 0x0000
+}
#
# valuepair_attribute = 'radiusAttribute'
- #
- # ### Global
- #
- global {
- #
- # random_file:: Provides random number generator.
- #
-# random_file = /dev/urandom
-
- #
- # ldap_debug:: Debug flags for libldap (see OpenLDAP documentation).
- # Set this to enable debugging output from different code areas within libldap.
- #
- # NOTE: These debugging options can produce significant amounts of logging output.
- #
- # [options="header,autowidth"]
- # |===
- # | Option | Value
- # | LDAP_DEBUG_TRACE | 0x0001
- # | LDAP_DEBUG_PACKETS | 0x0002
- # | LDAP_DEBUG_ARGS | 0x0004
- # | LDAP_DEBUG_CONNS | 0x0008
- # | LDAP_DEBUG_BER | 0x0010
- # | LDAP_DEBUG_FILTER | 0x0020
- # | LDAP_DEBUG_CONFIG | 0x0040
- # | LDAP_DEBUG_ACL | 0x0080
- # | LDAP_DEBUG_STATS | 0x0100
- # | LDAP_DEBUG_STATS2 | 0x0200
- # | LDAP_DEBUG_SHELL | 0x0400
- # | LDAP_DEBUG_PARSE | 0x0800
- # | LDAP_DEBUG_SYNC | 0x4000
- # | LDAP_DEBUG_NONE | 0x8000
- # | LDAP_DEBUG_ANY | (-1)
- # |===
- #
- # e.g:
- #
- # If you want to see the LDAP logs only for `trace` and `parse`,
- # facilities you should use:
- #
- # (LDAP_DEBUG_TRACE + LDAP_DEBUG_PARSE) = 0x0801
- #
- # Setting the `ldap_debug` configuration item as follows:
- #
- # ldap_debug = 0x0801
- #
- # Default: 0x0000 (no debugging messages)
- #
- ldap_debug = 0x0000
- }
-
#
# ### Mapping of LDAP directory attributes to RADIUS dictionary attributes.
#
#
#$INCLUDE trigger.conf
+#
+# .Global Library Settings
+#
+# Each library which has global settings will have its own configuration
+# file in global.d
+#
+global {
+ $INCLUDE global.d/
+}
+
#
# .Module Configuration
#
%config(noreplace) %{_sysconfdir}/raddb/sites-enabled/*
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/policy.d
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.d/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/global.d
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/global.d/*
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/template.d
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/template.d/*
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-available
static _Thread_local LDAP *ldap_thread_local_handle; //!< Hack for functions which require an ldap handle
///< but don't actually use it for anything.
-static uint32_t instance_count = 0;
-
/** Used to set the global log prefix for functions which don't operate on connections
*
*/
};
size_t fr_ldap_dereference_len = NUM_ELEMENTS(fr_ldap_dereference);
+static fr_libldap_global_config_t libldap_global_config = {
+ .ldap_debug = 0x00,
+ .tls_random_file = ""
+};
+
+static CONF_PARSER const ldap_global_config[] = {
+ { FR_CONF_OFFSET("random_file", FR_TYPE_FILE_EXISTS, fr_libldap_global_config_t, tls_random_file) },
+ { FR_CONF_OFFSET("ldap_debug", FR_TYPE_UINT32, fr_libldap_global_config_t, ldap_debug), .dflt = "0x0000" },
+ CONF_PARSER_TERMINATOR
+};
+
+/** Initialise libldap library and set global options
+ *
+ * Used as a callback from global library initialisation.
+ */
+static int libldap_init(void)
+{
+ if (fr_ldap_init() < 0) return -1;
+
+ fr_ldap_global_config(libldap_global_config.ldap_debug, libldap_global_config.tls_random_file);
+
+ return 0;
+}
+
+/** Free any global libldap resources
+ *
+ */
+static void libldap_free(void)
+{
+ /*
+ * Keeping the dummy ld around for the lifetime
+ * of the module should always work,
+ * irrespective of what changes happen in libldap.
+ */
+ ldap_unbind_ext_s(ldap_global_handle, NULL, NULL);
+}
+
+/*
+ * Public symbol modules can reference to auto instantiate libldap
+ */
+global_lib_autoinst_t fr_libldap_global_config = {
+ .name = "ldap",
+ .config = (const CONF_PARSER *)ldap_global_config,
+ .inst = &libldap_global_config,
+ .init = libldap_init,
+ .free = libldap_free
+};
+
typedef struct {
fr_ldap_query_t *query;
LDAPMessage **result;
static LDAPAPIInfo info = { .ldapai_info_version = LDAP_API_INFO_VERSION }; /* static to quiet valgrind about this being uninitialised */
fr_ldap_config_t *handle_config = &ldap_global_handle_config;
- if (instance_count > 0) {
- instance_count++;
- return 0;
- }
-
/*
* Only needs to be done once, prevents races in environment
* initialisation within libldap.
LDAP_VENDOR_VERSION_MAJOR, LDAP_VENDOR_VERSION_MINOR, LDAP_VENDOR_VERSION_PATCH);
}
- instance_count++;
-
return 0;
}
-
-/** Free any global libldap resources
- *
- */
-void fr_ldap_free(void)
-{
- if (--instance_count > 0) return;
-
- /*
- * Keeping the dummy ld around for the lifetime
- * of the module should always work,
- * irrespective of what changes happen in libldap.
- */
- ldap_unbind_ext_s(ldap_global_handle, NULL, NULL);
-}
*/
#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/connection.h>
+#include <freeradius-devel/server/global_lib.h>
#include <freeradius-devel/server/map.h>
#include <freeradius-devel/server/trunk.h>
fr_time_delta_t idle_timeout; //!< How long to wait before closing unused connections.
} fr_ldap_config_t;
+/** libldap global configuration data
+ *
+ */
+typedef struct {
+ uint32_t ldap_debug; //!< LDAP debug level
+ char const *tls_random_file; //!< Path to the ramdon file if /dev/random and /dev/urandom
+ //!< are unavailable
+} fr_libldap_global_config_t;
+
+extern global_lib_autoinst_t fr_libldap_global_config;
+
typedef struct fr_ldap_thread_trunk_s fr_ldap_thread_trunk_t;
/** Tracks the state of a libldap connection handle
CONF_PARSER_TERMINATOR
};
-static const CONF_PARSER global_config[] = {
- { FR_CONF_OFFSET("random_file", FR_TYPE_FILE_EXISTS, rlm_ldap_t, tls_random_file) },
-
- { FR_CONF_OFFSET("ldap_debug", FR_TYPE_UINT32, rlm_ldap_t, ldap_debug), .dflt = "0x0000" }, /* Debugging flags to the server */
-
- CONF_PARSER_TERMINATOR
-};
-
static const CONF_PARSER module_config[] = {
/*
* Pool config items
{ FR_CONF_POINTER("options", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) option_config },
- { FR_CONF_POINTER("global", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) global_config },
-
{ FR_CONF_OFFSET("tls", FR_TYPE_SUBSECTION, rlm_ldap_t, handle_config), .subcs = (void const *) tls_config },
{ FR_CONF_OFFSET("pool", FR_TYPE_SUBSECTION, rlm_ldap_t, trunk_conf), .subcs = (void const *) fr_trunk_config },
{ NULL }
};
+extern global_lib_autoinst_t const *rlm_ldap_lib[];
+global_lib_autoinst_t const *rlm_ldap_lib[] = {
+ &fr_libldap_global_config,
+ GLOBAL_LIB_TERMINATOR
+};
+
static xlat_arg_parser_t const ldap_escape_xlat_arg = { .required = true, .concat = true, .type = FR_TYPE_STRING };
}
}
- /*
- * Set global options
- */
- if (fr_ldap_init() < 0) goto error;
-
- fr_ldap_global_config(inst->ldap_debug, inst->tls_random_file);
-
return 0;
error:
return -1;
}
-static int mod_load(void)
-{
- fr_ldap_init();
-
- return 0;
-}
-
-static void mod_unload(void)
-{
- fr_ldap_free();
-}
-
/* globally exported name */
extern module_rlm_t rlm_ldap;
module_rlm_t rlm_ldap = {
.type = 0,
.inst_size = sizeof(rlm_ldap_t),
.config = module_config,
- .onload = mod_load,
- .unload = mod_unload,
.bootstrap = mod_bootstrap,
.instantiate = mod_instantiate,
.detach = mod_detach,
fr_pool_t *pool; //!< Connection pool instance.
fr_ldap_config_t handle_config; //!< Connection configuration instance.
fr_trunk_conf_t trunk_conf; //!< Trunk configuration
-
- /*
- * Global config
- */
- char const *tls_random_file; //!< Path to the random file if /dev/random and /dev/urandom
- //!< are unavailable.
-
- uint32_t ldap_debug; //!< Debug flag for the SDK.
} rlm_ldap_t;
extern HIDDEN fr_dict_attr_t const *attr_cleartext_password;
--- /dev/null
+global {
+ ldap {
+ # ldap_debug: debug flag for LDAP SDK
+ # (see OpenLDAP documentation). Set this to enable
+ # huge amounts of LDAP debugging on the screen.
+ # You should only use this if you are an LDAP expert.
+ #
+ # default: 0x0000 (no debugging messages)
+ # Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
+ ldap_debug = 0x0801
+ }
+}
# realm = 'example.org'
}
- global {
- # ldap_debug: debug flag for LDAP SDK
- # (see OpenLDAP documentation). Set this to enable
- # huge amounts of LDAP debugging on the screen.
- # You should only use this if you are an LDAP expert.
- #
- # default: 0x0000 (no debugging messages)
- # Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
- ldap_debug = 0x0801
- }
-
#
# Generic valuepair attribute
#
$INCLUDE $ENV{MODULE_TEST_DIR}/module.conf
}
+$-INCLUDE $ENV{MODULE_TEST_DIR}/global.conf
+
$-INCLUDE $ENV{MODULE_TEST_DIR}/triggers.conf
$-INCLUDE $ENV{MODULE_TEST_DIR}/clients.conf
projects / thirdparty / freeradius-server.git / commitdiff
