6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2001,2006 The FreeRADIUS server project
21 * Copyright 2001 Alan DeKok <aland@ox.org>
22 * Copyright 2001-3 Kostas Kalevras <kkalev@noc.ntua.gr>
25 #include <freeradius-devel/ident.h>
28 #include <freeradius-devel/radiusd.h>
29 #include <freeradius-devel/modules.h>
37 #ifdef NEEDS_GDBM_SYNC
38 # define GDBM_SYNCOPT GDBM_SYNC
40 # define GDBM_SYNCOPT 0
44 #define GDBM_COUNTER_OPTS (GDBM_SYNCOPT | GDBM_NOLOCK)
46 #define GDBM_COUNTER_OPTS (GDBM_SYNCOPT)
49 #ifndef HAVE_GDBM_FDESC
50 #define gdbm_fdesc(foo) (-1)
53 #define UNIQUEID_MAX_LEN 32
56 * Define a structure for our module configuration.
58 * These variables do not need to be in a structure, but it's
59 * a lot cleaner to do so, and a pointer to the structure can
60 * be used as the instance handle.
62 typedef struct rlm_counter_t {
63 char *filename; /* name of the database file */
64 char *reset; /* daily, weekly, monthly, never or user defined */
65 char *key_name; /* User-Name */
66 char *count_attribute; /* Acct-Session-Time */
67 char *counter_name; /* Daily-Session-Time */
68 char *check_name; /* Daily-Max-Session */
69 char *reply_name; /* Session-Timeout */
70 char *service_type; /* Service-Type to search for */
77 time_t reset_time; /* The time of the next reset. */
78 time_t last_reset; /* The time of the last reset. */
79 int dict_attr; /* attribute number for the counter. */
80 GDBM_FILE gdbm; /* The gdbm file handle */
82 pthread_mutex_t mutex; /* A mutex to lock the gdbm file for only one reader/writer */
86 #ifndef HAVE_PTHREAD_H
88 * This is a lot simpler than putting ifdef's around
89 * every use of the pthread functions.
91 #define pthread_mutex_lock(a)
92 #define pthread_mutex_unlock(a)
93 #define pthread_mutex_init(a,b)
94 #define pthread_mutex_destroy(a)
97 typedef struct rad_counter {
98 unsigned int user_counter;
99 char uniqueid[UNIQUEID_MAX_LEN];
103 * A mapping of configuration file names to internal variables.
105 * Note that the string is dynamically allocated, so it MUST
106 * be freed. When the configuration file parse re-reads the string,
107 * it free's the old one, and strdup's the new one, placing the pointer
108 * to the strdup'd string into 'config.string'. This gets around
111 static const CONF_PARSER module_config[] = {
112 { "filename", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,filename), NULL, NULL },
113 { "key", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,key_name), NULL, NULL },
114 { "reset", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,reset), NULL, NULL },
115 { "count-attribute", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,count_attribute), NULL, NULL },
116 { "counter-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,counter_name), NULL, NULL },
117 { "check-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,check_name), NULL, NULL },
118 { "reply-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,reply_name), NULL, NULL },
119 { "allowed-servicetype", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,service_type),NULL, NULL },
120 { "cache-size", PW_TYPE_INTEGER, offsetof(rlm_counter_t,cache_size), NULL, "1000" },
121 { NULL, -1, 0, NULL, NULL }
124 static int counter_detach(void *instance);
128 * See if the counter matches.
130 static int counter_cmp(void *instance,
132 VALUE_PAIR *request, VALUE_PAIR *check,
133 VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
135 rlm_counter_t *data = (rlm_counter_t *) instance;
141 check_pairs = check_pairs; /* shut the compiler up */
142 reply_pairs = reply_pairs;
146 * Find the key attribute.
148 key_vp = pairfind(request, data->key_attr, 0);
149 if (key_vp == NULL) {
150 return RLM_MODULE_NOOP;
153 key_datum.dptr = key_vp->vp_strvalue;
154 key_datum.dsize = key_vp->length;
156 count_datum = gdbm_fetch(data->gdbm, key_datum);
158 if (count_datum.dptr == NULL) {
161 memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
162 free(count_datum.dptr);
164 return counter.user_counter - check->vp_integer;
168 static int add_defaults(rlm_counter_t *data)
172 const char *default1 = "DEFAULT1";
173 const char *default2 = "DEFAULT2";
175 DEBUG2("rlm_counter: add_defaults: Start");
177 key_datum.dptr = (char *) default1;
178 key_datum.dsize = strlen(default1);
179 time_datum.dptr = (char *) &data->reset_time;
180 time_datum.dsize = sizeof(time_t);
182 if (gdbm_store(data->gdbm, key_datum, time_datum, GDBM_REPLACE) < 0){
183 radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
184 data->filename, gdbm_strerror(gdbm_errno));
185 return RLM_MODULE_FAIL;
187 DEBUG2("rlm_counter: DEFAULT1 set to %d",(int)data->reset_time);
189 key_datum.dptr = (char *) default2;
190 key_datum.dsize = strlen(default2);
191 time_datum.dptr = (char *) &data->last_reset;
192 time_datum.dsize = sizeof(time_t);
194 if (gdbm_store(data->gdbm, key_datum, time_datum, GDBM_REPLACE) < 0){
195 radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
196 data->filename, gdbm_strerror(gdbm_errno));
197 return RLM_MODULE_FAIL;
199 DEBUG2("rlm_counter: DEFAULT2 set to %d",(int)data->last_reset);
200 DEBUG2("rlm_counter: add_defaults: End");
202 return RLM_MODULE_OK;
205 static int reset_db(rlm_counter_t *data)
207 int cache_size = data->cache_size;
210 DEBUG2("rlm_counter: reset_db: Closing database");
211 gdbm_close(data->gdbm);
214 * Open a completely new database.
216 data->gdbm = gdbm_open(data->filename, sizeof(int),
217 GDBM_NEWDB | GDBM_COUNTER_OPTS, 0600, NULL);
218 if (data->gdbm == NULL) {
219 radlog(L_ERR, "rlm_counter: Failed to open file %s: %s",
220 data->filename, strerror(errno));
221 return RLM_MODULE_FAIL;
223 if (gdbm_setopt(data->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(int)) == -1)
224 radlog(L_ERR, "rlm_counter: Failed to set cache size");
225 DEBUG2("rlm_counter: reset_db: Opened new database");
230 ret = add_defaults(data);
231 if (ret != RLM_MODULE_OK)
234 DEBUG2("rlm_counter: reset_db ended");
236 return RLM_MODULE_OK;
239 static int find_next_reset(rlm_counter_t *data, time_t timeval)
243 unsigned int num = 1;
246 char sCurrentTime[40], sNextTime[40];
248 tm = localtime_r(&timeval, &s_tm);
249 len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
250 if (len == 0) *sCurrentTime = '\0';
251 tm->tm_sec = tm->tm_min = 0;
253 if (data->reset == NULL)
255 if (isdigit((int) data->reset[0])){
256 len = strlen(data->reset);
259 last = data->reset[len - 1];
260 if (!isalpha((int) last))
262 num = atoi(data->reset);
263 DEBUG("rlm_counter: num=%d, last=%c",num,last);
265 if (strcmp(data->reset, "hourly") == 0 || last == 'h') {
267 * Round up to the next nearest hour.
270 data->reset_time = mktime(tm);
271 } else if (strcmp(data->reset, "daily") == 0 || last == 'd') {
273 * Round up to the next nearest day.
277 data->reset_time = mktime(tm);
278 } else if (strcmp(data->reset, "weekly") == 0 || last == 'w') {
280 * Round up to the next nearest week.
283 tm->tm_mday += (7 - tm->tm_wday) +(7*(num-1));
284 data->reset_time = mktime(tm);
285 } else if (strcmp(data->reset, "monthly") == 0 || last == 'm') {
289 data->reset_time = mktime(tm);
290 } else if (strcmp(data->reset, "never") == 0) {
291 data->reset_time = 0;
293 radlog(L_ERR, "rlm_counter: Unknown reset timer \"%s\"",
298 len = strftime(sNextTime, sizeof(sNextTime), "%Y-%m-%d %H:%M:%S", tm);
299 if (len == 0) *sNextTime = '\0';
300 DEBUG2("rlm_counter: Current Time: %li [%s], Next reset %li [%s]",
301 timeval, sCurrentTime, data->reset_time, sNextTime);
308 * Do any per-module initialization that is separate to each
309 * configured instance of the module. e.g. set up connections
310 * to external databases, read configuration files, set up
311 * dictionary entries, etc.
313 * If configuration information is given in the config section
314 * that must be referenced in later calls, store a handle to it
315 * in *instance otherwise put a null pointer there.
317 static int counter_instantiate(CONF_SECTION *conf, void **instance)
328 const char *default1 = "DEFAULT1";
329 const char *default2 = "DEFAULT2";
332 * Set up a storage area for instance data
334 data = rad_malloc(sizeof(*data));
336 radlog(L_ERR, "rlm_counter: rad_malloc() failed.");
339 memset(data, 0, sizeof(*data));
342 * If the configuration parameters can't be parsed, then
345 if (cf_section_parse(conf, data, module_config) < 0) {
349 cache_size = data->cache_size;
352 * Discover the attribute number of the key.
354 if (data->key_name == NULL) {
355 radlog(L_ERR, "rlm_counter: 'key' must be set.");
356 counter_detach(data);
359 dattr = dict_attrbyname(data->key_name);
361 radlog(L_ERR, "rlm_counter: No such attribute %s",
363 counter_detach(data);
366 data->key_attr = dattr->attr;
369 * Discover the attribute number of the counter.
371 if (data->count_attribute == NULL) {
372 radlog(L_ERR, "rlm_counter: 'count-attribute' must be set.");
373 counter_detach(data);
376 dattr = dict_attrbyname(data->count_attribute);
378 radlog(L_ERR, "rlm_counter: No such attribute %s",
379 data->count_attribute);
380 counter_detach(data);
383 data->count_attr = dattr->attr;
386 * Discover the attribute number of the reply attribute.
388 if (data->reply_name != NULL) {
389 dattr = dict_attrbyname(data->reply_name);
391 radlog(L_ERR, "rlm_counter: No such attribute %s",
393 counter_detach(data);
396 if (dattr->type != PW_TYPE_INTEGER) {
397 radlog(L_ERR, "rlm_counter: Reply attribute %s is not of type integer",
399 counter_detach(data);
402 data->reply_attr = dattr->attr;
407 * Create a new attribute for the counter.
409 if (data->counter_name == NULL) {
410 radlog(L_ERR, "rlm_counter: 'counter-name' must be set.");
411 counter_detach(data);
415 memset(&flags, 0, sizeof(flags));
416 dict_addattr(data->counter_name, -1, 0, PW_TYPE_INTEGER, flags);
417 dattr = dict_attrbyname(data->counter_name);
419 radlog(L_ERR, "rlm_counter: Failed to create counter attribute %s",
421 counter_detach(data);
424 data->dict_attr = dattr->attr;
425 DEBUG2("rlm_counter: Counter attribute %s is number %d",
426 data->counter_name, data->dict_attr);
429 * Create a new attribute for the check item.
431 if (data->check_name == NULL) {
432 radlog(L_ERR, "rlm_counter: 'check-name' must be set.");
433 counter_detach(data);
436 dict_addattr(data->check_name, 0, PW_TYPE_INTEGER, -1, flags);
437 dattr = dict_attrbyname(data->check_name);
439 radlog(L_ERR, "rlm_counter: Failed to create check attribute %s",
441 counter_detach(data);
444 data->check_attr = dattr->attr;
447 * Find the attribute for the allowed protocol
449 if (data->service_type != NULL) {
450 if ((dval = dict_valbyname(PW_SERVICE_TYPE, 0, data->service_type)) == NULL) {
451 radlog(L_ERR, "rlm_counter: Failed to find attribute number for %s",
453 counter_detach(data);
456 data->service_val = dval->value;
460 * Find when to reset the database.
462 if (data->reset == NULL) {
463 radlog(L_ERR, "rlm_counter: 'reset' must be set.");
464 counter_detach(data);
468 data->reset_time = 0;
469 data->last_reset = now;
471 if (find_next_reset(data,now) == -1){
472 radlog(L_ERR, "rlm_counter: find_next_reset() returned -1. Exiting.");
473 counter_detach(data);
477 if (data->filename == NULL) {
478 radlog(L_ERR, "rlm_counter: 'filename' must be set.");
479 counter_detach(data);
482 data->gdbm = gdbm_open(data->filename, sizeof(int),
483 GDBM_WRCREAT | GDBM_COUNTER_OPTS, 0600, NULL);
484 if (data->gdbm == NULL) {
485 radlog(L_ERR, "rlm_counter: Failed to open file %s: %s",
486 data->filename, strerror(errno));
487 counter_detach(data);
490 if (gdbm_setopt(data->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(int)) == -1)
491 radlog(L_ERR, "rlm_counter: Failed to set cache size");
494 * Look for the DEFAULT1 entry. This entry if it exists contains the
495 * time of the next database reset. This time is set each time we reset
496 * the database. If next_reset < now then we reset the database.
497 * That way we can overcome the problem where radiusd is down during a database
498 * reset time. If we did not keep state information in the database then the reset
499 * would be extended and that would create problems.
501 * We also store the time of the last reset in the DEFAULT2 entry.
503 * If DEFAULT1 and DEFAULT2 do not exist (new database) we add them to the database
506 key_datum.dptr = (char *)default1;
507 key_datum.dsize = strlen(default1);
509 time_datum = gdbm_fetch(data->gdbm, key_datum);
510 if (time_datum.dptr != NULL){
511 time_t next_reset = 0;
513 memcpy(&next_reset, time_datum.dptr, sizeof(time_t));
514 free(time_datum.dptr);
515 if (next_reset && next_reset <= now){
517 data->last_reset = now;
518 ret = reset_db(data);
519 if (ret != RLM_MODULE_OK){
520 radlog(L_ERR, "rlm_counter: reset_db() failed");
521 counter_detach(data);
526 data->reset_time = next_reset;
527 key_datum.dptr = (char *)default2;
528 key_datum.dsize = strlen(default2);
530 time_datum = gdbm_fetch(data->gdbm, key_datum);
531 if (time_datum.dptr != NULL){
532 memcpy(&data->last_reset, time_datum.dptr, sizeof(time_t));
533 free(time_datum.dptr);
537 ret = add_defaults(data);
538 if (ret != RLM_MODULE_OK){
539 radlog(L_ERR, "rlm_counter: add_defaults() failed");
540 counter_detach(data);
547 * Register the counter comparison operation.
549 paircompare_register(data->dict_attr, 0, counter_cmp, data);
554 pthread_mutex_init(&data->mutex, NULL);
562 * Write accounting information to this modules database.
564 static int counter_accounting(void *instance, REQUEST *request)
566 rlm_counter_t *data = (rlm_counter_t *)instance;
569 VALUE_PAIR *key_vp, *count_vp, *proto_vp, *uniqueid_vp;
572 int acctstatustype = 0;
575 if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL)
576 acctstatustype = key_vp->vp_integer;
578 DEBUG("rlm_counter: Could not find account status type in packet.");
579 return RLM_MODULE_NOOP;
581 if (acctstatustype != PW_STATUS_STOP){
582 DEBUG("rlm_counter: We only run on Accounting-Stop packets.");
583 return RLM_MODULE_NOOP;
585 uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0);
586 if (uniqueid_vp != NULL)
587 DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue);
590 * Before doing anything else, see if we have to reset
593 if (data->reset_time && (data->reset_time <= request->timestamp)) {
596 DEBUG("rlm_counter: Time to reset the database.");
597 data->last_reset = data->reset_time;
598 find_next_reset(data,request->timestamp);
599 pthread_mutex_lock(&data->mutex);
600 ret = reset_db(data);
601 pthread_mutex_unlock(&data->mutex);
602 if (ret != RLM_MODULE_OK)
606 * Check if we need to watch out for a specific service-type. If yes then check it
608 if (data->service_type != NULL) {
609 if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0)) == NULL){
610 DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP.");
611 return RLM_MODULE_NOOP;
613 if ((unsigned)proto_vp->vp_integer != data->service_val){
614 DEBUG("rlm_counter: This Service-Type is not allowed. Returning NOOP.");
615 return RLM_MODULE_NOOP;
619 * Check if request->timestamp - {Acct-Delay-Time} < last_reset
620 * If yes reject the packet since it is very old
622 key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0);
624 if (key_vp->vp_integer != 0 &&
625 (request->timestamp - key_vp->vp_integer) < data->last_reset){
626 DEBUG("rlm_counter: This packet is too old. Returning NOOP.");
627 return RLM_MODULE_NOOP;
634 * Look for the key. User-Name is special. It means
635 * The REAL username, after stripping.
637 key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr, 0);
639 DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP.");
640 return RLM_MODULE_NOOP;
644 * Look for the attribute to use as a counter.
646 count_vp = pairfind(request->packet->vps, data->count_attr, 0);
647 if (count_vp == NULL){
648 DEBUG("rlm_counter: Could not find the count-attribute in the request.");
649 return RLM_MODULE_NOOP;
652 key_datum.dptr = key_vp->vp_strvalue;
653 key_datum.dsize = key_vp->length;
655 DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
656 pthread_mutex_lock(&data->mutex);
657 count_datum = gdbm_fetch(data->gdbm, key_datum);
658 pthread_mutex_unlock(&data->mutex);
659 if (count_datum.dptr == NULL){
660 DEBUG("rlm_counter: Could not find the requested key in the database.");
661 counter.user_counter = 0;
662 if (uniqueid_vp != NULL)
663 strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue,
664 sizeof(counter.uniqueid));
666 memset((char *)counter.uniqueid,0,UNIQUEID_MAX_LEN);
669 DEBUG("rlm_counter: Key found.");
670 memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
671 free(count_datum.dptr);
672 if (counter.uniqueid)
673 DEBUG("rlm_counter: Counter Unique ID = '%s'",counter.uniqueid);
674 if (uniqueid_vp != NULL){
675 if (counter.uniqueid != NULL &&
676 strncmp(uniqueid_vp->vp_strvalue,counter.uniqueid, UNIQUEID_MAX_LEN - 1) == 0){
677 DEBUG("rlm_counter: Unique IDs for user match. Droping the request.");
678 return RLM_MODULE_NOOP;
680 strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue,
681 sizeof(counter.uniqueid));
683 DEBUG("rlm_counter: User=%s, Counter=%d.",request->username->vp_strvalue,counter.user_counter);
686 if (data->count_attr == PW_ACCT_SESSION_TIME) {
688 * If session time < diff then the user got in after the
689 * last reset. So add his session time, otherwise add the
692 * That way if he logged in at 23:00 and we reset the
693 * daily counter at 24:00 and he logged out at 01:00
694 * then we will only count one hour (the one in the new
695 * day). That is the right thing
697 diff = request->timestamp - data->last_reset;
698 counter.user_counter += (count_vp->vp_integer < diff) ? count_vp->vp_integer : diff;
700 } else if (count_vp->type == PW_TYPE_INTEGER) {
702 * Integers get counted, without worrying about
705 counter.user_counter += count_vp->vp_integer;
709 * The attribute is NOT an integer, just count once
710 * more that we've seen it.
712 counter.user_counter++;
715 DEBUG("rlm_counter: User=%s, New Counter=%d.",request->username->vp_strvalue,counter.user_counter);
716 count_datum.dptr = (char *) &counter;
717 count_datum.dsize = sizeof(rad_counter);
719 DEBUG("rlm_counter: Storing new value in database.");
720 pthread_mutex_lock(&data->mutex);
721 rcode = gdbm_store(data->gdbm, key_datum, count_datum, GDBM_REPLACE);
722 pthread_mutex_unlock(&data->mutex);
724 radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
725 data->filename, gdbm_strerror(gdbm_errno));
726 return RLM_MODULE_FAIL;
728 DEBUG("rlm_counter: New value stored successfully.");
730 return RLM_MODULE_OK;
734 * Find the named user in this modules database. Create the set
735 * of attribute-value pairs to check and reply with for this user
736 * from the database. The authentication code only needs to check
737 * the password, the rest is done here.
739 static int counter_authorize(void *instance, REQUEST *request)
741 rlm_counter_t *data = (rlm_counter_t *) instance;
742 int ret=RLM_MODULE_NOOP;
747 VALUE_PAIR *key_vp, *check_vp;
748 VALUE_PAIR *reply_item;
751 /* quiet the compiler */
756 * Before doing anything else, see if we have to reset
759 if (data->reset_time && (data->reset_time <= request->timestamp)) {
762 data->last_reset = data->reset_time;
763 find_next_reset(data,request->timestamp);
764 pthread_mutex_lock(&data->mutex);
765 ret2 = reset_db(data);
766 pthread_mutex_unlock(&data->mutex);
767 if (ret2 != RLM_MODULE_OK)
773 * Look for the key. User-Name is special. It means
774 * The REAL username, after stripping.
776 DEBUG2("rlm_counter: Entering module authorize code");
777 key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr, 0);
778 if (key_vp == NULL) {
779 DEBUG2("rlm_counter: Could not find Key value pair");
784 * Look for the check item
786 if ((check_vp= pairfind(request->config_items, data->check_attr, 0)) == NULL) {
787 DEBUG2("rlm_counter: Could not find Check item value pair");
791 key_datum.dptr = key_vp->vp_strvalue;
792 key_datum.dsize = key_vp->length;
799 counter.user_counter = 0;
801 DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
802 pthread_mutex_lock(&data->mutex);
803 count_datum = gdbm_fetch(data->gdbm, key_datum);
804 pthread_mutex_unlock(&data->mutex);
805 if (count_datum.dptr != NULL){
806 DEBUG("rlm_counter: Key Found.");
807 memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
808 free(count_datum.dptr);
811 DEBUG("rlm_counter: Could not find the requested key in the database.");
814 * Check if check item > counter
816 DEBUG("rlm_counter: Check item = %d, Count = %d",check_vp->vp_integer,counter.user_counter);
817 res=check_vp->vp_integer - counter.user_counter;
819 DEBUG("rlm_counter: res is greater than zero");
820 if (data->count_attr == PW_ACCT_SESSION_TIME) {
822 * Do the following only if the count attribute is
827 * We are assuming that simultaneous-use=1. But
828 * even if that does not happen then our user
829 * could login at max for 2*max-usage-time Is
834 * User is allowed, but set Session-Timeout.
835 * Stolen from main/auth.c
839 * If we are near a reset then add the next
840 * limit, so that the user will not need to
842 * Before that set the return value to the time
843 * remaining to next reset
845 if (data->reset_time && (
846 res >= (data->reset_time - request->timestamp))) {
847 res = data->reset_time - request->timestamp;
848 res += check_vp->vp_integer;
851 if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0)) != NULL) {
852 if (reply_item->vp_integer > res)
853 reply_item->vp_integer = res;
855 reply_item = radius_paircreate(request, &request->reply->vps, PW_SESSION_TIMEOUT, 0, PW_TYPE_INTEGER);
856 reply_item->vp_integer = res;
859 else if (data->reply_attr) {
860 if ((reply_item = pairfind(request->reply->vps, data->reply_attr, 0)) != NULL) {
861 if (reply_item->vp_integer > res)
862 reply_item->vp_integer = res;
865 reply_item = radius_paircreate(request, &request->reply->vps, data->reply_attr, 0, PW_TYPE_INTEGER);
866 reply_item->vp_integer = res;
872 DEBUG2("rlm_counter: (Check item - counter) is greater than zero");
873 DEBUG2("rlm_counter: Authorized user %s, check_item=%d, counter=%d",
874 key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
875 DEBUG2("rlm_counter: Sent Reply-Item for user %s, Type=Session-Timeout, value=%d",
876 key_vp->vp_strvalue,res);
879 char module_fmsg[MAX_STRING_LEN];
880 VALUE_PAIR *module_fmsg_vp;
883 * User is denied access, send back a reply message
885 sprintf(msg, "Your maximum %s usage time has been reached", data->reset);
886 reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
887 pairadd(&request->reply->vps, reply_item);
889 snprintf(module_fmsg,sizeof(module_fmsg), "rlm_counter: Maximum %s usage time reached", data->reset);
890 module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
891 pairadd(&request->packet->vps, module_fmsg_vp);
893 ret=RLM_MODULE_REJECT;
895 DEBUG2("rlm_counter: Rejected user %s, check_item=%d, counter=%d",
896 key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
902 static int counter_detach(void *instance)
904 rlm_counter_t *data = (rlm_counter_t *) instance;
906 paircompare_unregister(data->dict_attr, counter_cmp);
908 gdbm_close(data->gdbm);
909 pthread_mutex_destroy(&data->mutex);
916 * The module name should be the only globally exported symbol.
917 * That is, everything else should be 'static'.
919 * If the module needs to temporarily modify it's instantiation
920 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
921 * The server will then take care of ensuring that the module
922 * is single-threaded.
924 module_t rlm_counter = {
927 RLM_TYPE_THREAD_SAFE, /* type */
928 counter_instantiate, /* instantiation */
929 counter_detach, /* detach */
931 NULL, /* authentication */
932 counter_authorize, /* authorization */
933 NULL, /* preaccounting */
934 counter_accounting, /* accounting */
935 NULL, /* checksimul */
936 NULL, /* pre-proxy */
937 NULL, /* post-proxy */