6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2001 The FreeRADIUS server project
21 * Copyright 2004 Kostas Kalevras <kkalev@noc.ntua.gr>
24 #include <freeradius-devel/autoconf.h>
31 #include <freeradius-devel/radiusd.h>
32 #include <freeradius-devel/modules.h>
33 #include <freeradius-devel/conffile.h>
36 static const char rcsid[] = "$Id$";
39 * Define a structure for our module configuration.
41 * These variables do not need to be in a structure, but it's
42 * a lot cleaner to do so, and a pointer to the structure can
43 * be used as the instance handle.
45 typedef struct rlm_expiration_t {
46 char *msg; /* The Reply-Message passed back to the user if the account is expired */
50 * A mapping of configuration file names to internal variables.
52 * Note that the string is dynamically allocated, so it MUST
53 * be freed. When the configuration file parse re-reads the string,
54 * it free's the old one, and strdup's the new one, placing the pointer
55 * to the strdup'd string into 'config.string'. This gets around
58 static const CONF_PARSER module_config[] = {
59 { "reply-message", PW_TYPE_STRING_PTR, offsetof(rlm_expiration_t,msg),
60 NULL, "Password Has Expired\r\n"},
61 { NULL, -1, 0, NULL, NULL }
65 * Check if account has expired, and if user may login now.
67 static int expiration_authorize(void *instance, REQUEST *request)
69 rlm_expiration_t *data = (rlm_expiration_t *)instance;
70 VALUE_PAIR *vp, *check_item = NULL;
71 char msg[MAX_STRING_LEN];
73 if ((check_item = pairfind(request->config_items, PW_EXPIRATION)) != NULL){
75 * Has this user's password expired?
77 * If so, remove ALL reply attributes,
78 * and add our own Reply-Message, saying
79 * why they're being rejected.
81 DEBUG("rlm_expiration: Checking Expiration time: '%s'",check_item->vp_strvalue);
82 if (((time_t) check_item->lvalue) <= request->timestamp) {
83 char logstr[MAX_STRING_LEN];
84 VALUE_PAIR *module_fmsg_vp;
86 DEBUG("rlm_expiration: Account has expired");
89 if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL)) {
90 radlog(L_ERR, "rlm_expiration: xlat failed.");
91 return RLM_MODULE_FAIL;
94 vp = pairmake("Reply-Message", msg, T_OP_ADD);
95 pairfree(&request->reply->vps);
96 request->reply->vps = vp;
98 snprintf(logstr, sizeof(logstr), "Account has expired [Expiration %s]",check_item->vp_strvalue);
99 module_fmsg_vp = pairmake("Module-Failure-Message", logstr, T_OP_EQ);
100 pairadd(&request->packet->vps, module_fmsg_vp);
102 return RLM_MODULE_USERLOCK;
105 * Else the account hasn't expired, but it may do so
106 * in the future. Set Session-Timeout.
108 vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT);
110 vp = paircreate(PW_SESSION_TIMEOUT, PW_TYPE_INTEGER);
112 radlog(L_ERR|L_CONS, "No memory!");
113 return RLM_MODULE_FAIL;
115 pairadd(&request->reply->vps, vp);
116 vp->lvalue = (uint32_t) (((time_t) check_item->lvalue) - request->timestamp);
118 } else if (vp->lvalue > ((uint32_t) (((time_t) check_item->lvalue) - request->timestamp))) {
119 vp->lvalue = (uint32_t) (((time_t) check_item->lvalue) - request->timestamp);
123 return RLM_MODULE_NOOP;
125 return RLM_MODULE_OK;
129 * Compare the expiration date.
131 static int expirecmp(void *instance, REQUEST *req,
132 VALUE_PAIR *request, VALUE_PAIR *check,
133 VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
137 request = request; /* shut the compiler up */
138 check_pairs = check_pairs;
139 reply_pairs = reply_pairs;
141 now = (req) ? req->timestamp : time(NULL);
143 if (now <= ((time_t) check->lvalue))
149 static int expiration_detach(void *instance)
151 rlm_expiration_t *data = (rlm_expiration_t *) instance;
153 paircompare_unregister(PW_CURRENT_TIME, expirecmp);
161 * Do any per-module initialization that is separate to each
162 * configured instance of the module. e.g. set up connections
163 * to external databases, read configuration files, set up
164 * dictionary entries, etc.
166 * If configuration information is given in the config section
167 * that must be referenced in later calls, store a handle to it
168 * in *instance otherwise put a null pointer there.
170 static int expiration_instantiate(CONF_SECTION *conf, void **instance)
172 rlm_expiration_t *data;
175 * Set up a storage area for instance data
177 data = rad_malloc(sizeof(*data));
179 radlog(L_ERR, "rlm_expiration: rad_malloc() failed.");
182 memset(data, 0, sizeof(*data));
185 * If the configuration parameters can't be parsed, then
188 if (cf_section_parse(conf, data, module_config) < 0) {
190 radlog(L_ERR, "rlm_expiration: Configuration parsing failed.");
195 * If we are passed an empty reply-message don't use it
197 if (!strlen(data->msg)){
203 * Register the expiration comparison operation.
205 paircompare_register(PW_EXPIRATION, 0, expirecmp, data);
213 * The module name should be the only globally exported symbol.
214 * That is, everything else should be 'static'.
216 * If the module needs to temporarily modify it's instantiation
217 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
218 * The server will then take care of ensuring that the module
219 * is single-threaded.
221 module_t rlm_expiration = {
224 RLM_TYPE_THREAD_SAFE, /* type */
225 expiration_instantiate, /* instantiation */
226 expiration_detach, /* detach */
228 NULL, /* authentication */
229 expiration_authorize, /* authorization */
230 NULL, /* preaccounting */
231 NULL, /* accounting */
232 NULL, /* checksimul */
233 NULL, /* pre-proxy */
234 NULL, /* post-proxy */