rlm_perl.c

使用最广泛的radius的linux的源码

 /*
 * rlm_perl.c
 *
 * Version:    $Id: rlm_perl.c,v 1.53 2008/01/06 03:03:09 nbk Exp $
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 *
 * Copyright 2002,2006  The FreeRADIUS server project
 * Copyright 2002  Boian Jordanov <bjordanov@orbitel.bg>
 */

#include <freeradius-devel/ident.h>
RCSID("$Id: rlm_perl.c,v 1.53 2008/01/06 03:03:09 nbk Exp $")

#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>

#ifdef DEBUG
#undef DEBUG
#endif

#ifdef INADDR_ANY
#undef INADDR_ANY
#endif

#include <EXTERN.h>
#include <perl.h>
#include <XSUB.h>
#include <dlfcn.h>
#include <semaphore.h>

#ifdef __APPLE__
extern char **environ;
#endif

#ifdef USE_ITHREADS

/*
 * Pool of Perl's clones (genetically cloned) ;)
 *
 */
typedef struct pool_handle {
	struct pool_handle	*next;
	struct pool_handle	*prev;
	enum {busy, idle}	status;
	unsigned int		request_count;
	PerlInterpreter	 	*clone;
	perl_mutex		lock;
} POOL_HANDLE;

typedef struct PERL_POOL {
	POOL_HANDLE	*head;
	POOL_HANDLE	*tail;

	int		current_clones;
	int		active_clones;
	int		max_clones;
	int		start_clones;
	int		min_spare_clones;
	int		max_spare_clones;
	int		max_request_per_clone;
	int		cleanup_delay;
	enum {yes,no}	detach;
	perl_mutex	mutex;
	time_t		time_when_last_added;
} PERL_POOL;

#endif

/*
 *	Define a structure for our module configuration.
 *
 *	These variables do not need to be in a structure, but it's
 *	a lot cleaner to do so, and a pointer to the structure can
 *	be used as the instance handle.
 */
typedef struct perl_inst {
	/* Name of the perl module */
	char	*module;

	/* Name of the functions for each module method */
	char	*func_authorize;
	char	*func_authenticate;
	char	*func_accounting;
	char	*func_start_accounting;
	char	*func_stop_accounting;
	char	*func_preacct;
	char	*func_checksimul;
	char	*func_detach;
	char	*func_xlat;
	char	*func_pre_proxy;
	char	*func_post_proxy;
	char	*func_post_auth;
	char	*xlat_name;
	char	*perl_flags;
	PerlInterpreter *perl;
#ifdef USE_ITHREADS
	PERL_POOL	*perl_pool;
#endif
} PERL_INST;
/*
 *	A mapping of configuration file names to internal variables.
 *
 *	Note that the string is dynamically allocated, so it MUST
 *	be freed.  When the configuration file parse re-reads the string,
 *	it free's the old one, and strdup's the new one, placing the pointer
 *	to the strdup'd string into 'config.string'.  This gets around
 *	buffer over-flows.
 */
static const CONF_PARSER module_config[] = {
	{ "module",  PW_TYPE_FILENAME,
	  offsetof(PERL_INST,module), NULL,  "module"},
	{ "func_authorize", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_authorize), NULL, "authorize"},
	{ "func_authenticate", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_authenticate), NULL, "authenticate"},
	{ "func_accounting", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_accounting), NULL, "accounting"},
	{ "func_preacct", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_preacct), NULL, "preacct"},
	{ "func_checksimul", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_checksimul), NULL, "checksimul"},
	{ "func_detach", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_detach), NULL, "detach"},
	{ "func_xlat", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_xlat), NULL, "xlat"},
	{ "func_pre_proxy", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_pre_proxy), NULL, "pre_proxy"},
	{ "func_post_proxy", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_post_proxy), NULL, "post_proxy"},
	{ "func_post_auth", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_post_auth), NULL, "post_auth"},
	{ "perl_flags", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,perl_flags), NULL, NULL},
	{ "func_start_accounting", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_start_accounting), NULL, NULL},
	{ "func_stop_accounting", PW_TYPE_STRING_PTR,
	  offsetof(PERL_INST,func_stop_accounting), NULL, NULL},

	{ NULL, -1, 0, NULL, NULL }		/* end the list */
};

/*
 * man perlembed
 */
EXTERN_C void boot_DynaLoader(pTHX_ CV* cv);

#ifdef USE_ITHREADS
/*
 *	We use one perl to clone from it i.e. main boss
 *	We clone it for every instance if we have perl
 *	with -Duseithreads compiled in
 */
static PerlInterpreter	*interp = NULL;

static const CONF_PARSER pool_conf[] = {
	{ "max_clones", PW_TYPE_INTEGER, offsetof(PERL_POOL, max_clones), NULL,		"32"},
	{ "start_clones",PW_TYPE_INTEGER, offsetof(PERL_POOL, start_clones), NULL,		"32"},
	{ "min_spare_clones",PW_TYPE_INTEGER, offsetof(PERL_POOL, min_spare_clones),NULL,	"0"},
	{ "max_spare_clones",PW_TYPE_INTEGER, offsetof(PERL_POOL,max_spare_clones),NULL,	"32"},
	{ "cleanup_delay",PW_TYPE_INTEGER, offsetof(PERL_POOL,cleanup_delay),NULL,		"5"},
	{ "max_request_per_clone",PW_TYPE_INTEGER, offsetof(PERL_POOL,max_request_per_clone),NULL,	"0"},
	{ NULL, -1, 0, NULL, NULL }		/* end the list */
};


#define dl_librefs "DynaLoader::dl_librefs"
#define dl_modules "DynaLoader::dl_modules"
static void rlm_perl_clear_handles(pTHX)
{
	AV *librefs = get_av(dl_librefs, FALSE);
	if (librefs) {
		av_clear(librefs);
	}
}

static void **rlm_perl_get_handles(pTHX)
{
	I32 i;
	AV *librefs = get_av(dl_librefs, FALSE);
	AV *modules = get_av(dl_modules, FALSE);
	void **handles;

	if (!librefs) {
		radlog(L_ERR,
		   "Could not get @%s for unloading.\n",
		   dl_librefs);
		return NULL;
	}

	if (!(AvFILL(librefs) >= 0)) {
		return NULL;
	}

	handles = (void **)rad_malloc(sizeof(void *) * (AvFILL(librefs)+2));

	for (i=0; i<=AvFILL(librefs); i++) {
		void *handle;
		SV *handle_sv = *av_fetch(librefs, i, FALSE);

		if(!handle_sv) {
		    radlog(L_ERR,
			       "Could not fetch $%s[%d]!\n",
			       dl_librefs, (int)i);
		    continue;
		}
		handle = (void *)SvIV(handle_sv);

		if (handle) {
		    handles[i] = handle;
		}
	}

	av_clear(modules);
	av_clear(librefs);

	handles[i] = (void *)0;

	return handles;
}

static void rlm_perl_close_handles(void **handles)
{
	int i;

	if (!handles) {
		return;
	}

	for (i=0; handles[i]; i++) {
		radlog(L_DBG, "close 0x%lx\n", (unsigned long)handles[i]);
		dlclose(handles[i]);
	}

	free(handles);
}

static PerlInterpreter *rlm_perl_clone(PerlInterpreter *perl)
{
	PerlInterpreter *clone;
	UV clone_flags = 0;

	PERL_SET_CONTEXT(perl);

	clone = perl_clone(perl, clone_flags);
	{
		dTHXa(clone);
	}
#if PERL_REVISION >= 5 && PERL_VERSION <8
	call_pv("CLONE",0);
#endif
	ptr_table_free(PL_ptr_table);
	PL_ptr_table = NULL;

	PERL_SET_CONTEXT(aTHX);
    	rlm_perl_clear_handles(aTHX);

	return clone;
}

static void rlm_perl_destruct(PerlInterpreter *perl)
{
	char **orig_environ = NULL;
	dTHXa(perl);

	PERL_SET_CONTEXT(perl);

	PL_perl_destruct_level = 2;

	PL_origenviron = environ;

	{
		dTHXa(perl);
	}
	/*
	 * FIXME: This shouldn't happen
	 *
	 */
	while (PL_scopestack_ix > 1 ){
		LEAVE;
	}

	perl_destruct(perl);
	perl_free(perl);

	if (orig_environ) {
		environ = orig_environ;
	}
}

static void rlm_destroy_perl(PerlInterpreter *perl)
{
	void	**handles;

	dTHXa(perl);
	PERL_SET_CONTEXT(perl);

	handles = rlm_perl_get_handles(aTHX);
	rlm_perl_destruct(perl);
	rlm_perl_close_handles(handles);
}

static void delete_pool_handle(POOL_HANDLE *handle, PERL_INST *inst)
{
        POOL_HANDLE *prev;
        POOL_HANDLE *next;

        prev = handle->prev;
        next = handle->next;

        if (prev == NULL) {
		inst->perl_pool->head = next;
        } else {
                prev->next = next;
        }

        if (next == NULL) {
		inst->perl_pool->tail = prev;
        } else {
                next->prev = prev;
        }
	inst->perl_pool->current_clones--;
	MUTEX_DESTROY(&handle->lock);
	free(handle);
}

static void move2tail(POOL_HANDLE *handle, PERL_INST *inst)
{
	POOL_HANDLE *prev;
	POOL_HANDLE *next;

	if (inst->perl_pool->head == NULL) {

		handle->prev = NULL;
		handle->next = NULL;
		inst->perl_pool->head = handle;
		inst->perl_pool->tail = handle;
		return;
	}

	if (inst->perl_pool->tail == handle) {
		return;
	}

	prev = handle->prev;
	next = handle->next;

	if ((next != NULL) ||
			(prev != NULL)) {
		if (next == NULL) {
			return;
		}

		if (prev == NULL) {
			inst->perl_pool->head = next;
			next->prev = NULL;

		} else {

			prev->next = next;
			next->prev = prev;
		}
	}

	handle->next = NULL;
	prev = inst->perl_pool->tail;

	inst->perl_pool->tail = handle;
	handle->prev = prev;
	prev->next = handle;
}


static POOL_HANDLE *pool_grow (PERL_INST *inst) {
	POOL_HANDLE *handle;
	time_t	now;

	if (inst->perl_pool->max_clones == inst->perl_pool->current_clones) {
		return NULL;
	}
	if (inst->perl_pool->detach == yes ) {
		return NULL;
	}

	handle = (POOL_HANDLE *)rad_malloc(sizeof(POOL_HANDLE));

	if (!handle) {
		radlog(L_ERR,"Could not find free memory for pool. Aborting");
		return NULL;
	}

	handle->prev = NULL;
	handle->next = NULL;
	handle->status = idle;
	handle->clone = rlm_perl_clone(inst->perl);
	handle->request_count = 0;
	MUTEX_INIT(&handle->lock);
	inst->perl_pool->current_clones++;
	move2tail(handle, inst);

	now = time(NULL);
	inst->perl_pool->time_when_last_added = now;

	return handle;
}

static POOL_HANDLE *pool_pop(PERL_INST *inst)
{
	POOL_HANDLE	*handle;
	POOL_HANDLE	*found;
	POOL_HANDLE	*tmp;
	/*
	 * Lock the pool and be fast other thread maybe
	 * waiting for us to finish
	 */
	MUTEX_LOCK(&inst->perl_pool->mutex);

	found = NULL;

	for (handle = inst->perl_pool->head; handle ; handle = tmp) {
		tmp = handle->next;

		if (handle->status == idle){
			found = handle;
			break;
		}
	}

	if (found == NULL) {
		if (inst->perl_pool->current_clones < inst->perl_pool->max_clones ) {

			found = pool_grow(inst);

			if (found == NULL) {
				radlog(L_ERR,"Cannot grow pool returning");
				MUTEX_UNLOCK(&inst->perl_pool->mutex);
				return NULL;
			}
		} else {
			radlog(L_ERR,"rlm_perl:: reached maximum clones %d cannot grow",
					inst->perl_pool->current_clones);
			MUTEX_UNLOCK(&inst->perl_pool->mutex);
			return NULL;
		}
	}

	move2tail(found, inst);
	found->status = busy;
	MUTEX_LOCK(&found->lock);
	inst->perl_pool->active_clones++;
	found->request_count++;
	/*
	 * Hurry Up
	 */
	MUTEX_UNLOCK(&inst->perl_pool->mutex);
	radlog(L_DBG,"perl_pool: item 0x%lx asigned new request. Handled so far: %d",
			(unsigned long) found->clone, found->request_count);
	return found;
}
static int pool_release(POOL_HANDLE *handle, PERL_INST *inst) {

	POOL_HANDLE *tmp, *tmp2;
	int spare, i, t;
	time_t	now;
	/*
	 * Lock it
	 */
	MUTEX_LOCK(&inst->perl_pool->mutex);

	/*
	 * If detach is set then just release the mutex
	 */
	if (inst->perl_pool->detach == yes ) {
	handle->status = idle;
		MUTEX_UNLOCK(&handle->lock);
		MUTEX_UNLOCK(&inst->perl_pool->mutex);
		return 0;
	}

	MUTEX_UNLOCK(&handle->lock);
	handle->status = idle;
	inst->perl_pool->active_clones--;

	spare = inst->perl_pool->current_clones - inst->perl_pool->active_clones;

	radlog(L_DBG,"perl_pool total/active/spare [%d/%d/%d]"
			, inst->perl_pool->current_clones, inst->perl_pool->active_clones, spare);

	if (spare < inst->perl_pool->min_spare_clones) {
		t = inst->perl_pool->min_spare_clones - spare;
		for (i=0;i<t; i++) {
			if ((tmp = pool_grow(inst)) == NULL) {
				MUTEX_UNLOCK(&inst->perl_pool->mutex);
				return -1;
			}
		}
		MUTEX_UNLOCK(&inst->perl_pool->mutex);
		return 0;
	}
	now = time(NULL);
	if ((now - inst->perl_pool->time_when_last_added) < inst->perl_pool->cleanup_delay) {
		MUTEX_UNLOCK(&inst->perl_pool->mutex);
		return 0;
	}
	if (spare > inst->perl_pool->max_spare_clones) {
		spare -= inst->perl_pool->max_spare_clones;
		for (tmp = inst->perl_pool->head; (tmp !=NULL ) && (spare > 0) ; tmp = tmp2) {
			tmp2 = tmp->next;

			if(tmp->status == idle) {
				rlm_destroy_perl(tmp->clone);
				delete_pool_handle(tmp,inst);
				spare--;
				break;
			}
		}
	}
	/*
	 * If the clone have reached max_request_per_clone clean it.
	 */
	if (inst->perl_pool->max_request_per_clone > 0 ) {
			if (handle->request_count > inst->perl_pool->max_request_per_clone) {
				rlm_destroy_perl(handle->clone);
				delete_pool_handle(handle,inst);
		}
	}
	/*
	 * Hurry Up :)
	 */
	MUTEX_UNLOCK(&inst->perl_pool->mutex);
	return 0;
}
static int init_pool (CONF_SECTION *conf, PERL_INST *inst) {
	POOL_HANDLE 	*handle;
	int t;
	PERL_POOL	*pool;


	pool = rad_malloc(sizeof(PERL_POOL));
	memset(pool,0,sizeof(PERL_POOL));

	inst->perl_pool = pool;

	MUTEX_INIT(&pool->mutex);

	/*
	 * Read The Config
	 *
	 */

	cf_section_parse(conf,pool,pool_conf);
	inst->perl_pool = pool;
	inst->perl_pool->detach = no;

	for(t = 0;t < inst->perl_pool->start_clones ;t++){
		if ((handle = pool_grow(inst)) == NULL) {
			return -1;
		}

	}

	return 1;
}
#endif

static void xs_init(pTHX)
{
	char *file = __FILE__;

	/* DynaLoader is a special case */
	newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);

}
/*
 *
 * This is wrapper for radlog
 * Now users can call radiusd::radlog(level,msg) wich is the same
 * calling radlog from C code.
 * Boyan
 */
static XS(XS_radiusd_radlog)
{
       dXSARGS;
       if (items !=2)
	       croak("Usage: radiusd::radlog(level, message)");
       {
	       int     level;
	       char    *msg;

	       level = (int) SvIV(ST(0));
	       msg   = (char *) SvPV(ST(1), PL_na);

	       /*
		*	Because 'msg' is a 'char *', we don't want '%s', etc.
		*	in it to give us printf-style vulnerabilities.
		*/
	       radlog(level, "rlm_perl: %s", msg);
	}
       XSRETURN_NO;
}

/*
 * The xlat function
 */
static size_t perl_xlat(void *instance, REQUEST *request, char *fmt, char *out,
			size_t freespace, RADIUS_ESCAPE_STRING func)
{

	PERL_INST	*inst= (PERL_INST *) instance;
	PerlInterpreter *perl;
	char		params[1024], *ptr, *tmp;
	int		count;
	size_t		ret = 0;
	STRLEN		n_a;

	/*
	 * Do an xlat on the provided string (nice recursive operation).
	*/
	if (!radius_xlat(params, sizeof(params), fmt, request, func)) {
		radlog(L_ERR, "rlm_perl: xlat failed.");
		return 0;
	}
#ifndef USE_ITHREADS
	perl = inst->perl;
#endif
#ifdef USE_ITHREADS
	POOL_HANDLE	*handle;

	if ((handle = pool_pop(instance)) == NULL) {
		return 0;
	}

	perl = handle->clone;

	radlog(L_DBG,"Found a interpetator 0x%lx",(unsigned long) perl);
	{
	dTHXa(perl);
	}
#endif
	PERL_SET_CONTEXT(perl);
	{
	dSP;
	ENTER;SAVETMPS;

	ptr = strtok(params, " ");

	PUSHMARK(SP);

	while (ptr != NULL) {
		XPUSHs(sv_2mortal(newSVpv(ptr,0)));
		ptr = strtok(NULL, " ");
	}

	PUTBACK;