6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * Copyright 2001 The FreeRADIUS server project
21 * Copyright 2001 Alan DeKok <aland@ox.org>
24 /* This module is based directly on the rlm_counter module */
29 #include "libradius.h"
40 #define MAX_QUERY_LEN 1024
45 /* Note: When your counter spans more than 1 period (ie 3 months or 2 weeks), this module
46 * probably does NOT do what you want! It calculates the range of dates to count across
47 * by first calculating the End of the Current period and then subtracting the number of
48 * periods you specify from that to determine the beginning of the range.
50 * For example, if you specify a 3 month counter and today is June 15th, the end of the current
51 * period is June 30. Subtracting 3 months from that gives April 1st. So, the counter will
52 * sum radacct entries from April 1st to June 30. Then, next month, it will sum entries
53 * from May 1st to July 31st.
55 * To fix this behavior, we need to add some way of storing the Next Reset Time
59 static const char rcsid[] = "$Id$";
62 * Define a structure for our module configuration.
64 * These variables do not need to be in a structure, but it's
65 * a lot cleaner to do so, and a pointer to the structure can
66 * be used as the instance handle.
68 typedef struct rlm_sqlcounter_t {
69 char *counter_name; /* Daily-Session-Time */
70 char *check_name; /* Max-Daily-Session */
71 char *key_name; /* User-Name */
72 char *sqlmod_inst; /* instance of SQL module to use, usually just 'sql' */
73 char *query; /* SQL query to retrieve current session time */
74 char *reset; /* daily, weekly, monthly, never or user defined */
77 int key_attr; /* attribute number for key field */
78 int dict_attr; /* attribute number for the counter. */
82 * A mapping of configuration file names to internal variables.
84 * Note that the string is dynamically allocated, so it MUST
85 * be freed. When the configuration file parse re-reads the string,
86 * it free's the old one, and strdup's the new one, placing the pointer
87 * to the strdup'd string into 'config.string'. This gets around
90 static CONF_PARSER module_config[] = {
91 { "counter-name", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,counter_name), NULL, NULL },
92 { "check-name", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,check_name), NULL, NULL },
93 { "key", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,key_name), NULL, NULL },
94 { "sqlmod-inst", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,sqlmod_inst), NULL, NULL },
95 { "query", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,query), NULL, NULL },
96 { "reset", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,reset), NULL, NULL },
97 { NULL, -1, 0, NULL, NULL }
101 static int find_next_reset(rlm_sqlcounter_t *data, time_t timeval)
107 char sCurrentTime[40], sNextTime[40];
109 tm = localtime_r(&timeval, &s_tm);
110 strftime(sCurrentTime, sizeof(sCurrentTime),"%Y-%m-%d %H:%M:%S",tm);
111 tm->tm_sec = tm->tm_min = 0;
113 if (data->reset == NULL)
115 if (isdigit((int) data->reset[0])){
118 len = strlen(data->reset);
121 last = data->reset[len - 1];
122 if (!isalpha((int) last))
124 /* num = atoi(data->reset); */
125 DEBUG("rlm_sqlcounter: num=%d, last=%c",num,last);
127 if (strcmp(data->reset, "hourly") == 0 || last == 'h') {
129 * Round up to the next nearest hour.
132 data->reset_time = mktime(tm);
133 } else if (strcmp(data->reset, "daily") == 0 || last == 'd') {
135 * Round up to the next nearest day.
139 data->reset_time = mktime(tm);
140 } else if (strcmp(data->reset, "weekly") == 0 || last == 'w') {
142 * Round up to the next nearest week.
145 tm->tm_mday += (7 - tm->tm_wday) +(7*(num-1));
146 data->reset_time = mktime(tm);
147 } else if (strcmp(data->reset, "monthly") == 0 || last == 'm') {
151 data->reset_time = mktime(tm);
152 } else if (strcmp(data->reset, "never") == 0) {
153 data->reset_time = 0;
155 radlog(L_ERR, "rlm_sqlcounter: Unknown reset timer \"%s\"",
159 strftime(sNextTime, sizeof(sNextTime),"%Y-%m-%d %H:%M:%S",tm);
160 DEBUG2("rlm_sqlcounter: Current Time: %d [%s], Next reset %d [%s]",
161 (int)timeval,sCurrentTime,(int)data->reset_time, sNextTime);
167 /* I don't believe that this routine handles Daylight Saving Time adjustments
168 properly. Any suggestions?
171 static int find_prev_reset(rlm_sqlcounter_t *data, time_t timeval)
177 char sCurrentTime[40], sPrevTime[40];
179 tm = localtime_r(&timeval, &s_tm);
180 strftime(sCurrentTime, sizeof(sCurrentTime),"%Y-%m-%d %H:%M:%S",tm);
181 tm->tm_sec = tm->tm_min = 0;
183 if (data->reset == NULL)
185 if (isdigit((int) data->reset[0])){
188 len = strlen(data->reset);
191 last = data->reset[len - 1];
192 if (!isalpha((int) last))
194 num = atoi(data->reset);
195 DEBUG("rlm_sqlcounter: num=%d, last=%c",num,last);
197 if (strcmp(data->reset, "hourly") == 0 || last == 'h') {
199 * Round down to the prev nearest hour.
201 tm->tm_hour -= num - 1;
202 data->last_reset = mktime(tm);
203 } else if (strcmp(data->reset, "daily") == 0 || last == 'd') {
205 * Round down to the prev nearest day.
208 tm->tm_mday -= num - 1;
209 data->last_reset = mktime(tm);
210 } else if (strcmp(data->reset, "weekly") == 0 || last == 'w') {
212 * Round down to the prev nearest week.
215 tm->tm_mday -= (7 - tm->tm_wday) +(7*(num-1));
216 data->last_reset = mktime(tm);
217 } else if (strcmp(data->reset, "monthly") == 0 || last == 'm') {
220 tm->tm_mon -= num - 1;
221 data->last_reset = mktime(tm);
222 } else if (strcmp(data->reset, "never") == 0) {
223 data->reset_time = 0;
225 radlog(L_ERR, "rlm_sqlcounter: Unknown reset timer \"%s\"",
229 strftime(sPrevTime, sizeof(sPrevTime),"%Y-%m-%d %H:%M:%S",tm);
230 DEBUG2("rlm_sqlcounter: Current Time: %d [%s], Prev reset %d [%s]",
231 (int)timeval,sCurrentTime,(int)data->last_reset, sPrevTime);
238 * Replace %<whatever> in a string.
247 static int sqlcounter_expand(char *out, int outlen, const char *fmt, void *instance)
249 rlm_sqlcounter_t *data = (rlm_sqlcounter_t *) instance;
253 char tmpdt[40]; /* For temporary storing of dates */
257 for (p = fmt; *p ; p++) {
258 /* Calculate freespace in output */
259 freespace = outlen - (q - out);
263 if ((c != '%') && (c != '$') && (c != '\\')) {
265 * We check if we're inside an open brace. If we are
266 * then we assume this brace is NOT literal, but is
267 * a closing brace and apply it
269 if((c == '}') && openbraces) {
276 if (*++p == '\0') break;
277 if (c == '\\') switch(*p) {
292 } else if (c == '%') switch(*p) {
296 case 'b': /* last_reset */
297 sprintf(tmpdt, "%lu", data->last_reset);
298 strNcpy(q, tmpdt, freespace);
301 case 'e': /* reset_time */
302 sprintf(tmpdt, "%lu", data->reset_time);
303 strNcpy(q, tmpdt, freespace);
306 case 'k': /* Key Name */
307 strNcpy(q, data->key_name, freespace);
310 case 'S': /* SQL module instance */
311 strNcpy(q, data->sqlmod_inst, freespace);
322 DEBUG2("sqlcounter_expand: '%s'", out);
329 * See if the counter matches.
331 static int sqlcounter_cmp(void *instance, REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check,
332 VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
334 rlm_sqlcounter_t *data = (rlm_sqlcounter_t *) instance;
336 char querystr[MAX_QUERY_LEN];
337 char responsestr[MAX_QUERY_LEN];
339 check_pairs = check_pairs; /* shut the compiler up */
340 reply_pairs = reply_pairs;
342 /* first, expand %k, %b and %e in query */
343 sqlcounter_expand(querystr, MAX_QUERY_LEN, data->query, instance);
345 /* second, xlat any request attribs in query */
346 radius_xlat(responsestr, MAX_QUERY_LEN, querystr, req, NULL);
348 /* third, wrap query with sql module call & expand */
349 sprintf(querystr, "%%{%%S:%s}", responsestr);
350 sqlcounter_expand(responsestr, MAX_QUERY_LEN, querystr, instance);
352 /* Finally, xlat resulting SQL query */
353 radius_xlat(querystr, MAX_QUERY_LEN, responsestr, req, NULL);
355 counter = atoi(querystr);
357 return counter - check->lvalue;
362 * Do any per-module initialization that is separate to each
363 * configured instance of the module. e.g. set up connections
364 * to external databases, read configuration files, set up
365 * dictionary entries, etc.
367 * If configuration information is given in the config section
368 * that must be referenced in later calls, store a handle to it
369 * in *instance otherwise put a null pointer there.
371 static int sqlcounter_instantiate(CONF_SECTION *conf, void **instance)
373 rlm_sqlcounter_t *data;
379 * Set up a storage area for instance data
381 data = rad_malloc(sizeof(*data));
385 memset(data, 0, sizeof(*data));
388 * If the configuration parameters can't be parsed, then
391 if (cf_section_parse(conf, data, module_config) < 0) {
397 * Discover the attribute number of the key.
399 if (data->key_name == NULL) {
400 radlog(L_ERR, "rlm_sqlcounter: 'key' must be set.");
403 dattr = dict_attrbyname(data->key_name);
405 radlog(L_ERR, "rlm_sqlcounter: No such attribute %s",
409 data->key_attr = dattr->attr;
413 * Create a new attribute for the counter.
415 if (data->counter_name == NULL) {
416 radlog(L_ERR, "rlm_sqlcounter: 'counter-name' must be set.");
420 memset(&flags, 0, sizeof(flags));
421 dict_addattr(data->counter_name, 0, PW_TYPE_INTEGER, -1, flags);
422 dattr = dict_attrbyname(data->counter_name);
424 radlog(L_ERR, "rlm_sqlcounter: Failed to create counter attribute %s",
428 data->dict_attr = dattr->attr;
429 DEBUG2("rlm_sqlcounter: Counter attribute %s is number %d",
430 data->counter_name, data->dict_attr);
433 * Create a new attribute for the check item.
435 if (data->check_name == NULL) {
436 radlog(L_ERR, "rlm_sqlcounter: 'check-name' must be set.");
439 dict_addattr(data->check_name, 0, PW_TYPE_INTEGER, -1, flags);
440 dattr = dict_attrbyname(data->check_name);
442 radlog(L_ERR, "rlm_sqlcounter: Failed to create check attribute %s",
446 DEBUG2("rlm_sqlcounter: Check attribute %s is number %d",
447 data->check_name, dattr->attr);
450 * Discover the end of the current time period.
452 if (data->reset == NULL) {
453 radlog(L_ERR, "rlm_sqlcounter: 'reset' must be set.");
457 data->reset_time = 0;
459 if (find_next_reset(data,now) == -1)
463 * Discover the beginning of the current time period.
465 data->last_reset = 0;
467 if (find_prev_reset(data,now) == -1)
472 * Register the counter comparison operation.
474 paircompare_register(data->dict_attr, 0, sqlcounter_cmp, data);
482 * Find the named user in this modules database. Create the set
483 * of attribute-value pairs to check and reply with for this user
484 * from the database. The authentication code only needs to check
485 * the password, the rest is done here.
487 static int sqlcounter_authorize(void *instance, REQUEST *request)
489 rlm_sqlcounter_t *data = (rlm_sqlcounter_t *) instance;
490 int ret=RLM_MODULE_NOOP;
494 VALUE_PAIR *key_vp, *check_vp;
495 VALUE_PAIR *reply_item;
497 char querystr[MAX_QUERY_LEN];
498 char responsestr[MAX_QUERY_LEN];
500 /* quiet the compiler */
505 * Before doing anything else, see if we have to reset
508 if (data->reset_time && (data->reset_time <= request->timestamp)) {
511 * Re-set the next time and prev_time for this counters range
513 data->last_reset = data->reset_time;
514 find_next_reset(data,request->timestamp);
519 * Look for the key. User-Name is special. It means
520 * The REAL username, after stripping.
522 DEBUG2("rlm_sqlcounter: Entering module authorize code");
523 key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr);
524 if (key_vp == NULL) {
525 DEBUG2("rlm_sqlcounter: Could not find Key value pair");
530 * Look for the check item
532 if ((dattr = dict_attrbyname(data->check_name)) == NULL) {
535 /* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */
536 if ((check_vp= pairfind(request->config_items, dattr->attr)) == NULL) {
537 DEBUG2("rlm_sqlcounter: Could not find Check item value pair");
541 /* first, expand %k, %b and %e in query */
542 sqlcounter_expand(querystr, MAX_QUERY_LEN, data->query, instance);
544 /* second, xlat any request attribs in query */
545 radius_xlat(responsestr, MAX_QUERY_LEN, querystr, request, NULL);
547 /* third, wrap query with sql module & expand */
548 sprintf(querystr, "%%{%%S:%s}", responsestr);
549 sqlcounter_expand(responsestr, MAX_QUERY_LEN, querystr, instance);
551 /* Finally, xlat resulting SQL query */
552 radius_xlat(querystr, MAX_QUERY_LEN, responsestr, request, NULL);
554 counter = atoi(querystr);
558 * Check if check item > counter
560 res=check_vp->lvalue - counter;
562 DEBUG2("rlm_sqlcounter: (Check item - counter) is greater than zero");
564 * We are assuming that simultaneous-use=1. But
565 * even if that does not happen then our user
566 * could login at max for 2*max-usage-time Is
571 * User is allowed, but set Session-Timeout.
572 * Stolen from main/auth.c
576 * If we are near a reset then add the next
577 * limit, so that the user will not need to
580 if (data->reset_time && (
581 res >= (data->reset_time - request->timestamp))) {
582 res += check_vp->lvalue;
585 if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT)) != NULL) {
586 if (reply_item->lvalue > res)
587 reply_item->lvalue = res;
589 if ((reply_item = paircreate(PW_SESSION_TIMEOUT, PW_TYPE_INTEGER)) == NULL) {
590 radlog(L_ERR|L_CONS, "no memory");
591 return RLM_MODULE_NOOP;
593 reply_item->lvalue = res;
594 pairadd(&request->reply->vps, reply_item);
599 DEBUG2("rlm_sqlcounter: Authorized user %s, check_item=%d, counter=%d",
600 key_vp->strvalue,check_vp->lvalue,counter);
601 DEBUG2("rlm_sqlcounter: Sent Reply-Item for user %s, Type=Session-Timeout, value=%d",
602 key_vp->strvalue,reply_item->lvalue);
605 char module_fmsg[MAX_STRING_LEN];
606 VALUE_PAIR *module_fmsg_vp;
608 DEBUG2("rlm_sqlcounter: (Check item - counter) is less than zero");
611 * User is denied access, send back a reply message
613 sprintf(msg, "Your maximum %s usage time has been reached", data->reset);
614 reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
615 pairadd(&request->reply->vps, reply_item);
617 snprintf(module_fmsg, sizeof(module_fmsg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset);
618 module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
619 pairadd(&request->packet->vps, module_fmsg_vp);
621 ret=RLM_MODULE_REJECT;
623 DEBUG2("rlm_sqlcounter: Rejected user %s, check_item=%d, counter=%d",
624 key_vp->strvalue,check_vp->lvalue,counter);
630 static int sqlcounter_detach(void *instance)
632 rlm_sqlcounter_t *data = (rlm_sqlcounter_t *) instance;
634 paircompare_unregister(data->dict_attr, sqlcounter_cmp);
637 free(data->check_name);
638 free(data->sqlmod_inst);
639 free(data->counter_name);
646 * The module name should be the only globally exported symbol.
647 * That is, everything else should be 'static'.
649 * If the module needs to temporarily modify it's instantiation
650 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
651 * The server will then take care of ensuring that the module
652 * is single-threaded.
654 module_t rlm_sqlcounter = {
656 RLM_TYPE_THREAD_SAFE, /* type */
657 NULL, /* initialization */
658 sqlcounter_instantiate, /* instantiation */
660 NULL, /* authentication */
661 sqlcounter_authorize, /* authorization */
662 NULL, /* preaccounting */
663 NULL, /* accounting */
664 NULL, /* checksimul */
665 NULL, /* pre-proxy */
666 NULL, /* post-proxy */
669 sqlcounter_detach, /* detach */
projects / freeradius.git / blob