6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2001,2006 The FreeRADIUS server project
21 * Copyright 2004 Kostas Kalevras <kkalev@noc.ntua.gr>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/autoconf.h>
34 #include <freeradius-devel/radiusd.h>
35 #include <freeradius-devel/modules.h>
38 * Define a structure for our module configuration.
40 * These variables do not need to be in a structure, but it's
41 * a lot cleaner to do so, and a pointer to the structure can
42 * be used as the instance handle.
44 typedef struct rlm_logintime_t {
45 char *msg; /* The Reply-Message passed back to the user
46 * if the account is outside allowed timestamp */
51 * A mapping of configuration file names to internal variables.
53 * Note that the string is dynamically allocated, so it MUST
54 * be freed. When the configuration file parse re-reads the string,
55 * it free's the old one, and strdup's the new one, placing the pointer
56 * to the strdup'd string into 'config.string'. This gets around
59 static const CONF_PARSER module_config[] = {
60 { "reply-message", PW_TYPE_STRING_PTR, offsetof(rlm_logintime_t,msg), NULL,
61 "You are calling outside your allowed timespan\r\n"},
62 { "minimum-timeout", PW_TYPE_INTEGER, offsetof(rlm_logintime_t,min_time), NULL, "60" },
63 { NULL, -1, 0, NULL, NULL }
66 static int logintime_detach(void *instance);
69 * Compare the current time to a range.
71 static int timecmp(void *instance,
73 VALUE_PAIR *request, VALUE_PAIR *check,
74 VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
77 request = request; /* shut the compiler up */
78 check_pairs = check_pairs;
79 reply_pairs = reply_pairs;
82 * If there's a request, use that timestamp.
84 if (timestr_match((char *)check->vp_strvalue,
85 req ? req->timestamp : time(NULL)) >= 0)
95 static int time_of_day(void *instance,
97 VALUE_PAIR *request, VALUE_PAIR *check,
98 VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
106 request = request; /* shut the compiler up */
107 check_pairs = check_pairs;
108 reply_pairs = reply_pairs;
111 * Must be called with a request pointer.
115 if (strspn(check->vp_strvalue, "0123456789: ") != strlen(check->vp_strvalue)) {
116 DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
121 tm = localtime_r(&req->timestamp, &s_tm);
122 hhmmss = (tm->tm_hour * 3600) + (tm->tm_min * 60) + tm->tm_sec;
125 * Time of day is a 24-hour clock
127 p = check->vp_strvalue;
130 if ((scan > 23) || !p) {
131 DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
140 DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
150 DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
157 fprintf(stderr, "returning %d - %d\n",
160 return hhmmss - when;
164 * Check if account has expired, and if user may login now.
166 static int logintime_authorize(void *instance, REQUEST *request)
168 rlm_logintime_t *data = (rlm_logintime_t *)instance;
169 VALUE_PAIR *check_item = NULL;
172 if ((check_item = pairfind(request->config_items, PW_LOGIN_TIME)) != NULL) {
175 * Authentication is OK. Now see if this
176 * user may login at this time of the day.
178 DEBUG("rlm_logintime: Checking Login-Time: '%s'",check_item->vp_strvalue);
179 r = timestr_match((char *)check_item->vp_strvalue,
181 if (r == 0) { /* unlimited */
183 * Do nothing: login-time is OK.
187 * Session-Timeout needs to be at least
188 * 60 seconds, some terminal servers
189 * ignore smaller values.
191 DEBUG("rlm_logintime: timestr returned unlimited");
192 } else if (r < data->min_time) {
193 char logstr[MAX_STRING_LEN];
194 VALUE_PAIR *module_fmsg_vp;
197 * User called outside allowed time interval.
200 DEBUG("rlm_logintime: timestr returned reject");
201 if (data->msg && data->msg[0]){
202 char msg[MAX_STRING_LEN];
205 if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL)) {
206 radlog(L_ERR, "rlm_logintime: xlat failed.");
207 return RLM_MODULE_FAIL;
209 pairfree(&request->reply->vps);
210 tmp = pairmake("Reply-Message", msg, T_OP_SET);
211 request->reply->vps = tmp;
214 snprintf(logstr, sizeof(logstr), "Outside allowed timespan (time allowed %s)",
215 check_item->vp_strvalue);
216 module_fmsg_vp = pairmake("Module-Failure-Message", logstr, T_OP_EQ);
217 pairadd(&request->packet->vps, module_fmsg_vp);
219 return RLM_MODULE_REJECT;
222 VALUE_PAIR *reply_item;
225 * User is allowed, but set Session-Timeout.
227 DEBUG("rlm_logintime: timestr returned accept");
228 if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT)) != NULL) {
229 if (reply_item->lvalue > (unsigned) r)
230 reply_item->lvalue = r;
232 if ((reply_item = paircreate( PW_SESSION_TIMEOUT, PW_TYPE_INTEGER)) == NULL) {
233 radlog(L_ERR|L_CONS, "no memory");
234 return RLM_MODULE_FAIL;
236 reply_item->lvalue = r;
237 pairadd(&request->reply->vps, reply_item);
239 DEBUG("rlm_logintime: Session-Timeout set to: %d",r);
243 return RLM_MODULE_NOOP;
245 return RLM_MODULE_OK;
250 * Do any per-module initialization that is separate to each
251 * configured instance of the module. e.g. set up connections
252 * to external databases, read configuration files, set up
253 * dictionary entries, etc.
255 * If configuration information is given in the config section
256 * that must be referenced in later calls, store a handle to it
257 * in *instance otherwise put a null pointer there.
259 static int logintime_instantiate(CONF_SECTION *conf, void **instance)
261 rlm_logintime_t *data;
264 * Set up a storage area for instance data
266 data = rad_malloc(sizeof(*data));
268 radlog(L_ERR, "rlm_logintime: rad_malloc() failed.");
271 memset(data, 0, sizeof(*data));
274 * If the configuration parameters can't be parsed, then
277 if (cf_section_parse(conf, data, module_config) < 0) {
279 radlog(L_ERR, "rlm_logintime: Configuration parsing failed.");
283 if (data->min_time == 0){
284 radlog(L_ERR, "rlm_logintime: Minimum timeout should be non zero.");
290 * Register a Current-Time comparison function
292 paircompare_register(PW_CURRENT_TIME, 0, timecmp, data);
293 paircompare_register(PW_TIME_OF_DAY, 0, time_of_day, data);
300 static int logintime_detach(void *instance)
302 rlm_logintime_t *data = (rlm_logintime_t *) instance;
304 paircompare_unregister(PW_CURRENT_TIME, timecmp);
305 paircompare_unregister(PW_TIME_OF_DAY, time_of_day);
311 * The module name should be the only globally exported symbol.
312 * That is, everything else should be 'static'.
314 * If the module needs to temporarily modify it's instantiation
315 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
316 * The server will then take care of ensuring that the module
317 * is single-threaded.
319 module_t rlm_logintime = {
322 RLM_TYPE_THREAD_SAFE, /* type */
323 logintime_instantiate, /* instantiation */
324 logintime_detach, /* detach */
326 NULL, /* authentication */
327 logintime_authorize, /* authorization */
328 NULL, /* preaccounting */
329 NULL, /* accounting */
330 NULL, /* checksimul */
331 NULL, /* pre-proxy */
332 NULL, /* post-proxy */