6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2001 The FreeRADIUS server project
21 * Copyright 2001 Alan DeKok <aland@ox.org>
22 * Copyright 2001-3 Kostas Kalevras <kkalev@noc.ntua.gr>
26 #include <freeradius-devel/autoconf.h>
33 #include <freeradius-devel/radiusd.h>
34 #include <freeradius-devel/modules.h>
38 #ifdef NEEDS_GDBM_SYNC
39 # define GDBM_SYNCOPT GDBM_SYNC
41 # define GDBM_SYNCOPT 0
45 #define GDBM_COUNTER_OPTS (GDBM_SYNCOPT | GDBM_NOLOCK)
47 #define GDBM_COUNTER_OPTS (GDBM_SYNCOPT)
50 #ifndef HAVE_GDBM_FDESC
51 #define gdbm_fdesc(foo) (-1)
54 #define UNIQUEID_MAX_LEN 32
56 static const char rcsid[] = "$Id$";
59 * Define a structure for our module configuration.
61 * These variables do not need to be in a structure, but it's
62 * a lot cleaner to do so, and a pointer to the structure can
63 * be used as the instance handle.
65 typedef struct rlm_counter_t {
66 char *filename; /* name of the database file */
67 char *reset; /* daily, weekly, monthly, never or user defined */
68 char *key_name; /* User-Name */
69 char *count_attribute; /* Acct-Session-Time */
70 char *return_attribute; /* Session-Timeout */
71 char *counter_name; /* Daily-Session-Time */
72 char *check_name; /* Daily-Max-Session */
73 char *service_type; /* Service-Type to search for */
80 time_t reset_time; /* The time of the next reset. */
81 time_t last_reset; /* The time of the last reset. */
82 int dict_attr; /* attribute number for the counter. */
83 GDBM_FILE gdbm; /* The gdbm file handle */
85 pthread_mutex_t mutex; /* A mutex to lock the gdbm file for only one reader/writer */
89 #ifndef HAVE_PTHREAD_H
91 * This is a lot simpler than putting ifdef's around
92 * every use of the pthread functions.
94 #define pthread_mutex_lock(a)
95 #define pthread_mutex_unlock(a)
96 #define pthread_mutex_init(a,b)
97 #define pthread_mutex_destroy(a)
100 typedef struct rad_counter {
101 unsigned int user_counter;
102 char uniqueid[UNIQUEID_MAX_LEN];
106 * A mapping of configuration file names to internal variables.
108 * Note that the string is dynamically allocated, so it MUST
109 * be freed. When the configuration file parse re-reads the string,
110 * it free's the old one, and strdup's the new one, placing the pointer
111 * to the strdup'd string into 'config.string'. This gets around
114 static const CONF_PARSER module_config[] = {
115 { "filename", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,filename), NULL, NULL },
116 { "key", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,key_name), NULL, NULL },
117 { "reset", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,reset), NULL, NULL },
118 { "count-attribute", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,count_attribute), NULL, NULL },
119 { "return-attribute", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,return_attribute), NULL, NULL },
120 { "counter-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,counter_name), NULL, NULL },
121 { "check-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,check_name), NULL, NULL },
122 { "allowed-servicetype", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,service_type),NULL, NULL },
123 { "cache-size", PW_TYPE_INTEGER, offsetof(rlm_counter_t,cache_size), NULL, "1000" },
124 { NULL, -1, 0, NULL, NULL }
127 static int counter_detach(void *instance);
131 * See if the counter matches.
133 static int counter_cmp(void *instance,
135 VALUE_PAIR *request, VALUE_PAIR *check,
136 VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
138 rlm_counter_t *data = (rlm_counter_t *) instance;
144 check_pairs = check_pairs; /* shut the compiler up */
145 reply_pairs = reply_pairs;
149 * Find the key attribute.
151 key_vp = pairfind(request, data->key_attr);
152 if (key_vp == NULL) {
153 return RLM_MODULE_NOOP;
156 key_datum.dptr = key_vp->vp_strvalue;
157 key_datum.dsize = key_vp->length;
159 count_datum = gdbm_fetch(data->gdbm, key_datum);
161 if (count_datum.dptr == NULL) {
164 memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
165 free(count_datum.dptr);
167 return counter.user_counter - check->lvalue;
171 static int add_defaults(rlm_counter_t *data)
175 const char *default1 = "DEFAULT1";
176 const char *default2 = "DEFAULT2";
178 DEBUG2("rlm_counter: add_defaults: Start");
180 key_datum.dptr = (char *) default1;
181 key_datum.dsize = strlen(default1);
182 time_datum.dptr = (char *) &data->reset_time;
183 time_datum.dsize = sizeof(time_t);
185 if (gdbm_store(data->gdbm, key_datum, time_datum, GDBM_REPLACE) < 0){
186 radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
187 data->filename, gdbm_strerror(gdbm_errno));
188 return RLM_MODULE_FAIL;
190 DEBUG2("rlm_counter: DEFAULT1 set to %d",(int)data->reset_time);
192 key_datum.dptr = (char *) default2;
193 key_datum.dsize = strlen(default2);
194 time_datum.dptr = (char *) &data->last_reset;
195 time_datum.dsize = sizeof(time_t);
197 if (gdbm_store(data->gdbm, key_datum, time_datum, GDBM_REPLACE) < 0){
198 radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
199 data->filename, gdbm_strerror(gdbm_errno));
200 return RLM_MODULE_FAIL;
202 DEBUG2("rlm_counter: DEFAULT2 set to %d",(int)data->last_reset);
203 DEBUG2("rlm_counter: add_defaults: End");
205 return RLM_MODULE_OK;
208 static int reset_db(rlm_counter_t *data)
210 int cache_size = data->cache_size;
213 DEBUG2("rlm_counter: reset_db: Closing database");
214 gdbm_close(data->gdbm);
217 * Open a completely new database.
219 data->gdbm = gdbm_open(data->filename, sizeof(int),
220 GDBM_NEWDB | GDBM_COUNTER_OPTS, 0600, NULL);
221 if (data->gdbm == NULL) {
222 radlog(L_ERR, "rlm_counter: Failed to open file %s: %s",
223 data->filename, strerror(errno));
224 return RLM_MODULE_FAIL;
226 if (gdbm_setopt(data->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(int)) == -1)
227 radlog(L_ERR, "rlm_counter: Failed to set cache size");
228 DEBUG2("rlm_counter: reset_db: Opened new database");
233 ret = add_defaults(data);
234 if (ret != RLM_MODULE_OK)
237 DEBUG2("rlm_counter: reset_db ended");
239 return RLM_MODULE_OK;
242 static int find_next_reset(rlm_counter_t *data, time_t timeval)
246 unsigned int num = 1;
249 char sCurrentTime[40], sNextTime[40];
251 tm = localtime_r(&timeval, &s_tm);
252 len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
253 if (len == 0) *sCurrentTime = '\0';
254 tm->tm_sec = tm->tm_min = 0;
256 if (data->reset == NULL)
258 if (isdigit((int) data->reset[0])){
259 len = strlen(data->reset);
262 last = data->reset[len - 1];
263 if (!isalpha((int) last))
265 num = atoi(data->reset);
266 DEBUG("rlm_counter: num=%d, last=%c",num,last);
268 if (strcmp(data->reset, "hourly") == 0 || last == 'h') {
270 * Round up to the next nearest hour.
273 data->reset_time = mktime(tm);
274 } else if (strcmp(data->reset, "daily") == 0 || last == 'd') {
276 * Round up to the next nearest day.
280 data->reset_time = mktime(tm);
281 } else if (strcmp(data->reset, "weekly") == 0 || last == 'w') {
283 * Round up to the next nearest week.
286 tm->tm_mday += (7 - tm->tm_wday) +(7*(num-1));
287 data->reset_time = mktime(tm);
288 } else if (strcmp(data->reset, "monthly") == 0 || last == 'm') {
292 data->reset_time = mktime(tm);
293 } else if (strcmp(data->reset, "never") == 0) {
294 data->reset_time = 0;
296 radlog(L_ERR, "rlm_counter: Unknown reset timer \"%s\"",
301 len = strftime(sNextTime, sizeof(sNextTime), "%Y-%m-%d %H:%M:%S", tm);
302 if (len == 0) *sNextTime = '\0';
303 DEBUG2("rlm_counter: Current Time: %li [%s], Next reset %li [%s]",
304 timeval, sCurrentTime, data->reset_time, sNextTime);
311 * Do any per-module initialization that is separate to each
312 * configured instance of the module. e.g. set up connections
313 * to external databases, read configuration files, set up
314 * dictionary entries, etc.
316 * If configuration information is given in the config section
317 * that must be referenced in later calls, store a handle to it
318 * in *instance otherwise put a null pointer there.
320 static int counter_instantiate(CONF_SECTION *conf, void **instance)
331 const char *default1 = "DEFAULT1";
332 const char *default2 = "DEFAULT2";
335 * Set up a storage area for instance data
337 data = rad_malloc(sizeof(*data));
339 radlog(L_ERR, "rlm_counter: rad_malloc() failed.");
342 memset(data, 0, sizeof(*data));
345 * If the configuration parameters can't be parsed, then
348 if (cf_section_parse(conf, data, module_config) < 0) {
352 cache_size = data->cache_size;
355 * Discover the attribute number of the key.
357 if (data->key_name == NULL) {
358 radlog(L_ERR, "rlm_counter: 'key' must be set.");
359 counter_detach(data);
362 dattr = dict_attrbyname(data->key_name);
364 radlog(L_ERR, "rlm_counter: No such attribute %s",
366 counter_detach(data);
369 data->key_attr = dattr->attr;
372 * Discover the attribute number of the counter.
374 if (data->count_attribute == NULL) {
375 radlog(L_ERR, "rlm_counter: 'count-attribute' must be set.");
376 counter_detach(data);
379 dattr = dict_attrbyname(data->count_attribute);
381 radlog(L_ERR, "rlm_counter: No such attribute %s",
382 data->count_attribute);
383 counter_detach(data);
386 data->count_attr = dattr->attr;
389 * Discover the attribute number of the return attribute.
391 if (data->return_attribute != NULL) {
392 dattr = dict_attrbyname(data->return_attribute);
394 radlog(L_ERR, "rlm_counter: No such attribute %s",
395 data->return_attribute);
396 counter_detach(data);
399 if (dattr->type != PW_TYPE_INTEGER) {
400 radlog(L_ERR, "rlm_counter: Return attribute %s is not of type integer",
401 data->return_attribute);
402 counter_detach(data);
405 data->return_attr = dattr->attr;
410 * Create a new attribute for the counter.
412 if (data->counter_name == NULL) {
413 radlog(L_ERR, "rlm_counter: 'counter-name' must be set.");
414 counter_detach(data);
418 memset(&flags, 0, sizeof(flags));
419 dict_addattr(data->counter_name, 0, PW_TYPE_INTEGER, -1, flags);
420 dattr = dict_attrbyname(data->counter_name);
422 radlog(L_ERR, "rlm_counter: Failed to create counter attribute %s",
424 counter_detach(data);
427 data->dict_attr = dattr->attr;
428 DEBUG2("rlm_counter: Counter attribute %s is number %d",
429 data->counter_name, data->dict_attr);
432 * Create a new attribute for the check item.
434 if (data->check_name == NULL) {
435 radlog(L_ERR, "rlm_counter: 'check-name' must be set.");
436 counter_detach(data);
439 dict_addattr(data->check_name, 0, PW_TYPE_INTEGER, -1, flags);
440 dattr = dict_attrbyname(data->check_name);
442 radlog(L_ERR, "rlm_counter: Failed to create check attribute %s",
444 counter_detach(data);
447 data->check_attr = dattr->attr;
450 * Find the attribute for the allowed protocol
452 if (data->service_type != NULL) {
453 if ((dval = dict_valbyname(PW_SERVICE_TYPE, data->service_type)) == NULL) {
454 radlog(L_ERR, "rlm_counter: Failed to find attribute number for %s",
456 counter_detach(data);
459 data->service_val = dval->value;
463 * Find when to reset the database.
465 if (data->reset == NULL) {
466 radlog(L_ERR, "rlm_counter: 'reset' must be set.");
467 counter_detach(data);
471 data->reset_time = 0;
472 data->last_reset = now;
474 if (find_next_reset(data,now) == -1){
475 radlog(L_ERR, "rlm_counter: find_next_reset() returned -1. Exiting.");
476 counter_detach(data);
480 if (data->filename == NULL) {
481 radlog(L_ERR, "rlm_counter: 'filename' must be set.");
482 counter_detach(data);
485 data->gdbm = gdbm_open(data->filename, sizeof(int),
486 GDBM_WRCREAT | GDBM_COUNTER_OPTS, 0600, NULL);
487 if (data->gdbm == NULL) {
488 radlog(L_ERR, "rlm_counter: Failed to open file %s: %s",
489 data->filename, strerror(errno));
490 counter_detach(data);
493 if (gdbm_setopt(data->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(int)) == -1)
494 radlog(L_ERR, "rlm_counter: Failed to set cache size");
497 * Look for the DEFAULT1 entry. This entry if it exists contains the
498 * time of the next database reset. This time is set each time we reset
499 * the database. If next_reset < now then we reset the database.
500 * That way we can overcome the problem where radiusd is down during a database
501 * reset time. If we did not keep state information in the database then the reset
502 * would be extended and that would create problems.
504 * We also store the time of the last reset in the DEFAULT2 entry.
506 * If DEFAULT1 and DEFAULT2 do not exist (new database) we add them to the database
509 key_datum.dptr = (char *)default1;
510 key_datum.dsize = strlen(default1);
512 time_datum = gdbm_fetch(data->gdbm, key_datum);
513 if (time_datum.dptr != NULL){
514 time_t next_reset = 0;
516 memcpy(&next_reset, time_datum.dptr, sizeof(time_t));
517 free(time_datum.dptr);
518 if (next_reset && next_reset <= now){
520 data->last_reset = now;
521 ret = reset_db(data);
522 if (ret != RLM_MODULE_OK){
523 radlog(L_ERR, "rlm_counter: reset_db() failed");
524 counter_detach(data);
529 data->reset_time = next_reset;
530 key_datum.dptr = (char *)default2;
531 key_datum.dsize = strlen(default2);
533 time_datum = gdbm_fetch(data->gdbm, key_datum);
534 if (time_datum.dptr != NULL){
535 memcpy(&data->last_reset, time_datum.dptr, sizeof(time_t));
536 free(time_datum.dptr);
540 ret = add_defaults(data);
541 if (ret != RLM_MODULE_OK){
542 radlog(L_ERR, "rlm_counter: add_defaults() failed");
543 counter_detach(data);
550 * Register the counter comparison operation.
552 paircompare_register(data->dict_attr, 0, counter_cmp, data);
557 pthread_mutex_init(&data->mutex, NULL);
565 * Write accounting information to this modules database.
567 static int counter_accounting(void *instance, REQUEST *request)
569 rlm_counter_t *data = (rlm_counter_t *)instance;
572 VALUE_PAIR *key_vp, *count_vp, *proto_vp, *uniqueid_vp;
575 int acctstatustype = 0;
578 if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE)) != NULL)
579 acctstatustype = key_vp->lvalue;
581 DEBUG("rlm_counter: Could not find account status type in packet.");
582 return RLM_MODULE_NOOP;
584 if (acctstatustype != PW_STATUS_STOP){
585 DEBUG("rlm_counter: We only run on Accounting-Stop packets.");
586 return RLM_MODULE_NOOP;
588 uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID);
589 if (uniqueid_vp != NULL)
590 DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue);
593 * Before doing anything else, see if we have to reset
596 if (data->reset_time && (data->reset_time <= request->timestamp)) {
599 DEBUG("rlm_counter: Time to reset the database.");
600 data->last_reset = data->reset_time;
601 find_next_reset(data,request->timestamp);
602 pthread_mutex_lock(&data->mutex);
603 ret = reset_db(data);
604 pthread_mutex_unlock(&data->mutex);
605 if (ret != RLM_MODULE_OK)
609 * Check if we need to watch out for a specific service-type. If yes then check it
611 if (data->service_type != NULL) {
612 if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE)) == NULL){
613 DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP.");
614 return RLM_MODULE_NOOP;
616 if ((unsigned)proto_vp->lvalue != data->service_val){
617 DEBUG("rlm_counter: This Service-Type is not allowed. Returning NOOP.");
618 return RLM_MODULE_NOOP;
622 * Check if request->timestamp - {Acct-Delay-Time} < last_reset
623 * If yes reject the packet since it is very old
625 key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME);
627 if (key_vp->lvalue != 0 &&
628 (request->timestamp - key_vp->lvalue) < data->last_reset){
629 DEBUG("rlm_counter: This packet is too old. Returning NOOP.");
630 return RLM_MODULE_NOOP;
637 * Look for the key. User-Name is special. It means
638 * The REAL username, after stripping.
640 key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr);
642 DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP.");
643 return RLM_MODULE_NOOP;
647 * Look for the attribute to use as a counter.
649 count_vp = pairfind(request->packet->vps, data->count_attr);
650 if (count_vp == NULL){
651 DEBUG("rlm_counter: Could not find the count-attribute in the request.");
652 return RLM_MODULE_NOOP;
655 key_datum.dptr = key_vp->vp_strvalue;
656 key_datum.dsize = key_vp->length;
658 DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
659 pthread_mutex_lock(&data->mutex);
660 count_datum = gdbm_fetch(data->gdbm, key_datum);
661 pthread_mutex_unlock(&data->mutex);
662 if (count_datum.dptr == NULL){
663 DEBUG("rlm_counter: Could not find the requested key in the database.");
664 counter.user_counter = 0;
665 if (uniqueid_vp != NULL)
666 strncpy(counter.uniqueid,uniqueid_vp->vp_strvalue,UNIQUEID_MAX_LEN - 1);
668 memset((char *)counter.uniqueid,0,UNIQUEID_MAX_LEN);
671 DEBUG("rlm_counter: Key found.");
672 memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
673 free(count_datum.dptr);
674 if (counter.uniqueid)
675 DEBUG("rlm_counter: Counter Unique ID = '%s'",counter.uniqueid);
676 if (uniqueid_vp != NULL){
677 if (counter.uniqueid != NULL &&
678 strncmp(uniqueid_vp->vp_strvalue,counter.uniqueid, UNIQUEID_MAX_LEN - 1) == 0){
679 DEBUG("rlm_counter: Unique IDs for user match. Droping the request.");
680 return RLM_MODULE_NOOP;
682 strncpy(counter.uniqueid,uniqueid_vp->vp_strvalue,UNIQUEID_MAX_LEN - 1);
684 DEBUG("rlm_counter: User=%s, Counter=%d.",request->username->vp_strvalue,counter.user_counter);
687 if (data->count_attr == PW_ACCT_SESSION_TIME) {
689 * If session time < diff then the user got in after the
690 * last reset. So add his session time, otherwise add the
693 * That way if he logged in at 23:00 and we reset the
694 * daily counter at 24:00 and he logged out at 01:00
695 * then we will only count one hour (the one in the new
696 * day). That is the right thing
698 diff = request->timestamp - data->last_reset;
699 counter.user_counter += (count_vp->lvalue < diff) ? count_vp->lvalue : diff;
701 } else if (count_vp->type == PW_TYPE_INTEGER) {
703 * Integers get counted, without worrying about
706 counter.user_counter += count_vp->lvalue;
710 * The attribute is NOT an integer, just count once
711 * more that we've seen it.
713 counter.user_counter++;
716 DEBUG("rlm_counter: User=%s, New Counter=%d.",request->username->vp_strvalue,counter.user_counter);
717 count_datum.dptr = (char *) &counter;
718 count_datum.dsize = sizeof(rad_counter);
720 DEBUG("rlm_counter: Storing new value in database.");
721 pthread_mutex_lock(&data->mutex);
722 rcode = gdbm_store(data->gdbm, key_datum, count_datum, GDBM_REPLACE);
723 pthread_mutex_unlock(&data->mutex);
725 radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
726 data->filename, gdbm_strerror(gdbm_errno));
727 return RLM_MODULE_FAIL;
729 DEBUG("rlm_counter: New value stored successfully.");
731 return RLM_MODULE_OK;
735 * Find the named user in this modules database. Create the set
736 * of attribute-value pairs to check and reply with for this user
737 * from the database. The authentication code only needs to check
738 * the password, the rest is done here.
740 static int counter_authorize(void *instance, REQUEST *request)
742 rlm_counter_t *data = (rlm_counter_t *) instance;
743 int ret=RLM_MODULE_NOOP;
748 VALUE_PAIR *key_vp, *check_vp;
749 VALUE_PAIR *reply_item;
752 /* quiet the compiler */
757 * Before doing anything else, see if we have to reset
760 if (data->reset_time && (data->reset_time <= request->timestamp)) {
763 data->last_reset = data->reset_time;
764 find_next_reset(data,request->timestamp);
765 pthread_mutex_lock(&data->mutex);
766 ret2 = reset_db(data);
767 pthread_mutex_unlock(&data->mutex);
768 if (ret2 != RLM_MODULE_OK)
774 * Look for the key. User-Name is special. It means
775 * The REAL username, after stripping.
777 DEBUG2("rlm_counter: Entering module authorize code");
778 key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr);
779 if (key_vp == NULL) {
780 DEBUG2("rlm_counter: Could not find Key value pair");
785 * Look for the check item
787 if ((check_vp= pairfind(request->config_items, data->check_attr)) == NULL) {
788 DEBUG2("rlm_counter: Could not find Check item value pair");
792 key_datum.dptr = key_vp->vp_strvalue;
793 key_datum.dsize = key_vp->length;
800 counter.user_counter = 0;
802 DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
803 pthread_mutex_lock(&data->mutex);
804 count_datum = gdbm_fetch(data->gdbm, key_datum);
805 pthread_mutex_unlock(&data->mutex);
806 if (count_datum.dptr != NULL){
807 DEBUG("rlm_counter: Key Found.");
808 memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
809 free(count_datum.dptr);
812 DEBUG("rlm_counter: Could not find the requested key in the database.");
815 * Check if check item > counter
817 DEBUG("rlm_counter: Check item = %d, Count = %d",check_vp->lvalue,counter.user_counter);
818 res=check_vp->lvalue - counter.user_counter;
820 DEBUG("rlm_counter: res is greater than zero");
821 if (data->count_attr == PW_ACCT_SESSION_TIME) {
823 * Do the following only if the count attribute is
828 * We are assuming that simultaneous-use=1. But
829 * even if that does not happen then our user
830 * could login at max for 2*max-usage-time Is
835 * User is allowed, but set Session-Timeout.
836 * Stolen from main/auth.c
840 * If we are near a reset then add the next
841 * limit, so that the user will not need to
843 * Before that set the return value to the time
844 * remaining to next reset
846 if (data->reset_time && (
847 res >= (data->reset_time - request->timestamp))) {
848 res = data->reset_time - request->timestamp;
849 res += check_vp->lvalue;
852 if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT)) != NULL) {
853 if (reply_item->lvalue > res)
854 reply_item->lvalue = res;
856 if ((reply_item = paircreate(PW_SESSION_TIMEOUT, PW_TYPE_INTEGER)) == NULL) {
857 radlog(L_ERR|L_CONS, "no memory");
858 return RLM_MODULE_NOOP;
860 reply_item->lvalue = res;
861 pairadd(&request->reply->vps, reply_item);
864 else if (data->return_attr) {
865 if ((reply_item = pairfind(request->reply->vps, data->return_attr)) != NULL) {
866 if (reply_item->lvalue > res)
867 reply_item->lvalue = res;
870 if ((reply_item = paircreate(data->return_attr, PW_TYPE_INTEGER)) == NULL) {
871 radlog(L_ERR|L_CONS, "no memory");
872 return RLM_MODULE_NOOP;
874 reply_item->lvalue = res;
875 pairadd(&request->reply->vps, reply_item);
881 DEBUG2("rlm_counter: (Check item - counter) is greater than zero");
882 DEBUG2("rlm_counter: Authorized user %s, check_item=%d, counter=%d",
883 key_vp->vp_strvalue,check_vp->lvalue,counter.user_counter);
884 DEBUG2("rlm_counter: Sent Reply-Item for user %s, Type=Session-Timeout, value=%d",
885 key_vp->vp_strvalue,res);
888 char module_fmsg[MAX_STRING_LEN];
889 VALUE_PAIR *module_fmsg_vp;
892 * User is denied access, send back a reply message
894 sprintf(msg, "Your maximum %s usage time has been reached", data->reset);
895 reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
896 pairadd(&request->reply->vps, reply_item);
898 snprintf(module_fmsg,sizeof(module_fmsg), "rlm_counter: Maximum %s usage time reached", data->reset);
899 module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
900 pairadd(&request->packet->vps, module_fmsg_vp);
902 ret=RLM_MODULE_REJECT;
904 DEBUG2("rlm_counter: Rejected user %s, check_item=%d, counter=%d",
905 key_vp->vp_strvalue,check_vp->lvalue,counter.user_counter);
911 static int counter_detach(void *instance)
913 rlm_counter_t *data = (rlm_counter_t *) instance;
915 paircompare_unregister(data->dict_attr, counter_cmp);
917 gdbm_close(data->gdbm);
918 free(data->filename);
920 free(data->key_name);
921 free(data->count_attribute);
922 free(data->counter_name);
923 free(data->check_name);
924 free(data->service_type);
925 pthread_mutex_destroy(&data->mutex);
932 * The module name should be the only globally exported symbol.
933 * That is, everything else should be 'static'.
935 * If the module needs to temporarily modify it's instantiation
936 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
937 * The server will then take care of ensuring that the module
938 * is single-threaded.
940 module_t rlm_counter = {
943 RLM_TYPE_THREAD_SAFE, /* type */
944 counter_instantiate, /* instantiation */
945 counter_detach, /* detach */
947 NULL, /* authentication */
948 counter_authorize, /* authorization */
949 NULL, /* preaccounting */
950 counter_accounting, /* accounting */
951 NULL, /* checksimul */
952 NULL, /* pre-proxy */
953 NULL, /* post-proxy */