src/modules/rlm_logintime/rlm_logintime.c

   1 /*
   2  * rlm_logintime.c
   3  *
   4  * Version:  $Id$
   5  *
   6  *   This program is free software; you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation; either version 2 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   This program is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with this program; if not, write to the Free Software
  18  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  * Copyright 2001  The FreeRADIUS server project
  21  * Copyright 2004  Kostas Kalevras <kkalev@noc.ntua.gr>
  22  */
  23
  24 #include "autoconf.h"
  25 #include "libradius.h"
  26
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29 #include <string.h>
  30 #include <ctype.h>
  31
  32 #include "radiusd.h"
  33 #include "modules.h"
  34 #include "conffile.h"
  35
  36
  37 static const char rcsid[] = "$Id$";
  38
  39 /*
  40  *      Define a structure for our module configuration.
  41  *
  42  *      These variables do not need to be in a structure, but it's
  43  *      a lot cleaner to do so, and a pointer to the structure can
  44  *      be used as the instance handle.
  45  */
  46 typedef struct rlm_logintime_t {
  47         char *msg;              /* The Reply-Message passed back to the user
  48                                  * if the account is outside allowed timestamp */
  49         int min_time;
  50 } rlm_logintime_t;
  51
  52 /*
  53  *      A mapping of configuration file names to internal variables.
  54  *
  55  *      Note that the string is dynamically allocated, so it MUST
  56  *      be freed.  When the configuration file parse re-reads the string,
  57  *      it free's the old one, and strdup's the new one, placing the pointer
  58  *      to the strdup'd string into 'config.string'.  This gets around
  59  *      buffer over-flows.
  60  */
  61 static CONF_PARSER module_config[] = {
  62   { "reply-message", PW_TYPE_STRING_PTR, offsetof(rlm_logintime_t,msg), NULL,
  63         "You are calling outside your allowed timespan\r\n"},
  64   { "minimum-timeout", PW_TYPE_INTEGER, offsetof(rlm_logintime_t,min_time), NULL, "60" },
  65   { NULL, -1, 0, NULL, NULL }
  66 };
  67
  68 static int logintime_detach(void *instance);
  69
  70 /*
  71  *      Compare the current time to a range.
  72  */
  73 static int timecmp(void *instance,
  74                 REQUEST *req,
  75                 VALUE_PAIR *request, VALUE_PAIR *check,
  76                 VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
  77 {
  78         instance = instance;
  79         request = request;      /* shut the compiler up */
  80         check_pairs = check_pairs;
  81         reply_pairs = reply_pairs;
  82
  83         /*
  84          *      If there's a request, use that timestamp.
  85          */
  86         if (timestr_match((char *)check->strvalue,
  87         req ? req->timestamp : time(NULL)) >= 0)
  88                 return 0;
  89
  90         return -1;
  91 }
  92
  93 /*
  94  *      Check if account has expired, and if user may login now.
  95  */
  96 static int logintime_authorize(void *instance, REQUEST *request)
  97 {
  98         rlm_logintime_t *data = (rlm_logintime_t *)instance;
  99         VALUE_PAIR *check_item = NULL;
 100         int r;
 101
 102         if ((check_item = pairfind(request->config_items, PW_LOGIN_TIME)) != NULL) {
 103
 104                 /*
 105                  *      Authentication is OK. Now see if this
 106                  *      user may login at this time of the day.
 107                  */
 108                 DEBUG("rlm_logintime: Checking Login-Time: '%s'",check_item->strvalue);
 109                 r = timestr_match((char *)check_item->strvalue,
 110                 request->timestamp);
 111                 if (r == 0) {   /* unlimited */
 112                         /*
 113                          *      Do nothing: login-time is OK.
 114                          */
 115
 116                 /*
 117                  *      Session-Timeout needs to be at least
 118                  *      60 seconds, some terminal servers
 119                  *      ignore smaller values.
 120                  */
 121                         DEBUG("rlm_logintime: timestr returned unlimited");
 122                 } else if (r < data->min_time) {
 123                         char logstr[MAX_STRING_LEN];
 124                         VALUE_PAIR *module_fmsg_vp;
 125
 126                         /*
 127                          *      User called outside allowed time interval.
 128                          */
 129
 130                         DEBUG("rlm_logintime: timestr returned reject");
 131                         if (data->msg){
 132                                 char msg[MAX_STRING_LEN];
 133                                 VALUE_PAIR *tmp;
 134
 135                                 if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL)) {
 136                                         radlog(L_ERR, "rlm_logintime: xlat failed.");
 137                                         return RLM_MODULE_FAIL;
 138                                 }
 139                                 pairfree(&request->reply->vps);
 140                                 tmp = pairmake("Reply-Message", msg, T_OP_SET);
 141                                 request->reply->vps = tmp;
 142                         }
 143
 144                         snprintf(logstr, sizeof(logstr), "Outside allowed timespan (time allowed %s)",
 145                         check_item->strvalue);
 146                         module_fmsg_vp = pairmake("Module-Failure-Message", logstr, T_OP_EQ);
 147                         pairadd(&request->packet->vps, module_fmsg_vp);
 148
 149                         return RLM_MODULE_REJECT;
 150
 151                 } else if (r > 0) {
 152                         VALUE_PAIR *reply_item;
 153
 154                         /*
 155                          *      User is allowed, but set Session-Timeout.
 156                          */
 157                         DEBUG("rlm_logintime: timestr returned accept");
 158                         if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT)) != NULL) {
 159                                 if (reply_item->lvalue > (unsigned) r)
 160                                         reply_item->lvalue = r;
 161                         } else {
 162                                 if ((reply_item = paircreate( PW_SESSION_TIMEOUT, PW_TYPE_INTEGER)) == NULL) {
 163                                         radlog(L_ERR|L_CONS, "no memory");
 164                                         return RLM_MODULE_FAIL;
 165                                 }
 166                                 reply_item->lvalue = r;
 167                                 pairadd(&request->reply->vps, reply_item);
 168                         }
 169                         DEBUG("rlm_logintime: Session-Timeout set to: %d",r);
 170                 }
 171         }
 172         else
 173                 return RLM_MODULE_NOOP;
 174
 175         return RLM_MODULE_OK;
 176 }
 177
 178
 179 /*
 180  *      Do any per-module initialization that is separate to each
 181  *      configured instance of the module.  e.g. set up connections
 182  *      to external databases, read configuration files, set up
 183  *      dictionary entries, etc.
 184  *
 185  *      If configuration information is given in the config section
 186  *      that must be referenced in later calls, store a handle to it
 187  *      in *instance otherwise put a null pointer there.
 188  */
 189 static int logintime_instantiate(CONF_SECTION *conf, void **instance)
 190 {
 191         rlm_logintime_t *data;
 192
 193         /*
 194          *      Set up a storage area for instance data
 195          */
 196         data = rad_malloc(sizeof(*data));
 197         if (!data) {
 198                 radlog(L_ERR, "rlm_logintime: rad_malloc() failed.");
 199                 return -1;
 200         }
 201         memset(data, 0, sizeof(*data));
 202
 203         /*
 204          *      If the configuration parameters can't be parsed, then
 205          *      fail.
 206          */
 207         if (cf_section_parse(conf, data, module_config) < 0) {
 208                 free(data);
 209                 radlog(L_ERR, "rlm_logintime: Configuration parsing failed.");
 210                 return -1;
 211         }
 212
 213         /*
 214          * If we are passed an empty reply-message don't use it
 215          */
 216         if (!strlen(data->msg)){
 217                 free(data->msg);
 218                 data->msg = NULL;
 219         }
 220
 221         if (data->min_time == 0){
 222                 radlog(L_ERR, "rlm_logintime: Minimum timeout should be non zero.");
 223                 free(data->msg);
 224                 free(data);
 225                 return -1;
 226         }
 227
 228         /*
 229          * Register a Current-Time comparison function
 230          */
 231         paircompare_register(PW_CURRENT_TIME, 0, timecmp, data);
 232
 233         *instance = data;
 234
 235         return 0;
 236 }
 237
 238 static int logintime_detach(void *instance)
 239 {
 240         rlm_logintime_t *data = (rlm_logintime_t *) instance;
 241
 242         paircompare_unregister(PW_CURRENT_TIME, timecmp);
 243         if (data->msg)
 244                 free(data->msg);
 245         free(instance);
 246         return 0;
 247 }
 248
 249 /*
 250  *      The module name should be the only globally exported symbol.
 251  *      That is, everything else should be 'static'.
 252  *
 253  *      If the module needs to temporarily modify it's instantiation
 254  *      data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
 255  *      The server will then take care of ensuring that the module
 256  *      is single-threaded.
 257  */
 258 module_t rlm_logintime = {
 259         "Login Time",
 260         RLM_TYPE_THREAD_SAFE,           /* type */
 261         NULL,                           /* initialization */
 262         logintime_instantiate,          /* instantiation */
 263         {
 264                 NULL,                   /* authentication */
 265                 logintime_authorize,    /* authorization */
 266                 NULL,                   /* preaccounting */
 267                 NULL,                   /* accounting */
 268                 NULL,                   /* checksimul */
 269                 NULL,                   /* pre-proxy */
 270                 NULL,                   /* post-proxy */
 271                 NULL                    /* post-auth */
 272         },
 273         logintime_detach,               /* detach */
 274         NULL,                           /* destroy */
 275 };