/*
* This program is is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License, version 2 if the
- * License as published by the Free Software Foundation.
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
#include <ctype.h>
-#define MAX_QUERY_LEN 1024
+#define MAX_QUERY_LEN 2048
/*
* Note: When your counter spans more than 1 period (ie 3 months
* be used as the instance handle.
*/
typedef struct rlm_sqlcounter_t {
- char *counter_name; //!< Daily-Session-Time.
- char *limit_name; //!< Max-Daily-Session.
- char *reply_name; //!< Session-Timeout.
- char *key_name; //!< User-Name.
- char *sqlmod_inst; //!< Instance of SQL module to use,
+ char const *counter_name; //!< Daily-Session-Time.
+ char const *limit_name; //!< Max-Daily-Session.
+ char const *reply_name; //!< Session-Timeout.
+ char const *key_name; //!< User-Name.
+ char const *sqlmod_inst; //!< Instance of SQL module to use,
//!< usually just 'sql'.
- char *query; //!< SQL query to retrieve current
+ char const *query; //!< SQL query to retrieve current
//!< session time.
- char *reset; //!< Daily, weekly, monthly,
+ char const *reset; //!< Daily, weekly, monthly,
//!< never or user defined.
time_t reset_time;
time_t last_reset;
* buffer over-flows.
*/
static const CONF_PARSER module_config[] = {
- { "sql-module-instance", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED,
- offsetof(rlm_sqlcounter_t,sqlmod_inst), NULL, NULL },
- { "sql_module_instance", PW_TYPE_STRING_PTR | PW_TYPE_REQUIRED,
- offsetof(rlm_sqlcounter_t,sqlmod_inst), NULL, NULL },
-
- { "key", PW_TYPE_STRING_PTR | PW_TYPE_ATTRIBUTE,
- offsetof(rlm_sqlcounter_t,key_name), NULL, NULL },
- { "query", PW_TYPE_STRING_PTR | PW_TYPE_REQUIRED,
- offsetof(rlm_sqlcounter_t,query), NULL, NULL },
- { "reset", PW_TYPE_STRING_PTR | PW_TYPE_REQUIRED,
- offsetof(rlm_sqlcounter_t,reset), NULL, NULL },
-
- { "counter-name", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED,
- offsetof(rlm_sqlcounter_t,counter_name), NULL, NULL },
- { "counter_name", PW_TYPE_STRING_PTR | PW_TYPE_REQUIRED,
- offsetof(rlm_sqlcounter_t,counter_name), NULL, NULL },
-
- { "check-name", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED,
- offsetof(rlm_sqlcounter_t,limit_name), NULL, NULL },
- { "check_name", PW_TYPE_STRING_PTR | PW_TYPE_REQUIRED,
- offsetof(rlm_sqlcounter_t,limit_name), NULL, NULL },
-
- { "reply-name", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED,
- offsetof(rlm_sqlcounter_t,reply_name), NULL, NULL },
- { "reply_name", PW_TYPE_STRING_PTR | PW_TYPE_ATTRIBUTE,
- offsetof(rlm_sqlcounter_t,reply_name), NULL, "Session-Timeout" },
-
- { NULL, -1, 0, NULL, NULL }
+ { "sql-module-instance", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_DEPRECATED, rlm_sqlcounter_t, sqlmod_inst), NULL },
+ { "sql_module_instance", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_sqlcounter_t, sqlmod_inst), NULL },
+
+ { "key", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_ATTRIBUTE, rlm_sqlcounter_t, key_name), NULL },
+ { "query", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_XLAT | PW_TYPE_REQUIRED, rlm_sqlcounter_t, query), NULL },
+ { "reset", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_sqlcounter_t, reset), NULL },
+
+ { "counter-name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_DEPRECATED, rlm_sqlcounter_t, counter_name), NULL },
+ { "counter_name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_sqlcounter_t, counter_name), NULL },
+
+ { "check-name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_DEPRECATED, rlm_sqlcounter_t, limit_name), NULL },
+ { "check_name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_sqlcounter_t, limit_name), NULL },
+
+ { "reply-name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_DEPRECATED, rlm_sqlcounter_t, reply_name), NULL },
+ { "reply_name", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_ATTRIBUTE, rlm_sqlcounter_t, reply_name), "Session-Timeout" },
+ CONF_PARSER_TERMINATOR
};
-static int find_next_reset(rlm_sqlcounter_t *inst, time_t timeval)
+static int find_next_reset(rlm_sqlcounter_t *inst, REQUEST *request, time_t timeval)
{
int ret = 0;
size_t len;
char sCurrentTime[40], sNextTime[40];
tm = localtime_r(&timeval, &s_tm);
- len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
- if (len == 0) *sCurrentTime = '\0';
tm->tm_sec = tm->tm_min = 0;
rad_assert(inst->reset != NULL);
+ /*
+ * Reset every N hours, days, weeks, months.
+ */
if (isdigit((int) inst->reset[0])){
len = strlen(inst->reset);
- if (len == 0)
- return -1;
+ if (len == 0) return -1;
+
last = inst->reset[len - 1];
- if (!isalpha((int) last))
+ if (!isalpha((int) last)) {
last = 'd';
+ }
+
num = atoi(inst->reset);
DEBUG("rlm_sqlcounter: num=%d, last=%c",num,last);
}
+
if (strcmp(inst->reset, "hourly") == 0 || last == 'h') {
/*
* Round up to the next nearest hour.
*/
tm->tm_hour += num;
inst->reset_time = mktime(tm);
+
} else if (strcmp(inst->reset, "daily") == 0 || last == 'd') {
/*
* Round up to the next nearest day.
tm->tm_hour = 0;
tm->tm_mday += num;
inst->reset_time = mktime(tm);
+
} else if (strcmp(inst->reset, "weekly") == 0 || last == 'w') {
/*
* Round up to the next nearest week.
tm->tm_hour = 0;
tm->tm_mday += (7 - tm->tm_wday) +(7*(num-1));
inst->reset_time = mktime(tm);
+
} else if (strcmp(inst->reset, "monthly") == 0 || last == 'm') {
tm->tm_hour = 0;
tm->tm_mday = 1;
tm->tm_mon += num;
inst->reset_time = mktime(tm);
+
} else if (strcmp(inst->reset, "never") == 0) {
inst->reset_time = 0;
+
} else {
return -1;
}
+ if (!request || (rad_debug_lvl < 2)) return ret;
+
+ len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
+ if (len == 0) *sCurrentTime = '\0';
+
len = strftime(sNextTime, sizeof(sNextTime),"%Y-%m-%d %H:%M:%S",tm);
if (len == 0) *sNextTime = '\0';
- DEBUG2("rlm_sqlcounter: Current Time: %" PRId64 " [%s], Next reset %" PRId64 " [%s]",
- (int64_t) timeval, sCurrentTime, (int64_t) inst->reset_time, sNextTime);
+ RDEBUG2("rlm_sqlcounter: Current Time: %" PRId64 " [%s], Next reset %" PRId64 " [%s]",
+ (int64_t) timeval, sCurrentTime, (int64_t) inst->reset_time, sNextTime);
return ret;
}
*/
tm->tm_hour -= num - 1;
inst->last_reset = mktime(tm);
+
} else if (strcmp(inst->reset, "daily") == 0 || last == 'd') {
/*
* Round down to the prev nearest day.
tm->tm_hour = 0;
tm->tm_mday -= num - 1;
inst->last_reset = mktime(tm);
+
} else if (strcmp(inst->reset, "weekly") == 0 || last == 'w') {
/*
* Round down to the prev nearest week.
*/
tm->tm_hour = 0;
- tm->tm_mday -= (7 - tm->tm_wday) +(7*(num-1));
+ tm->tm_mday -= tm->tm_wday +(7*(num-1));
inst->last_reset = mktime(tm);
+
} else if (strcmp(inst->reset, "monthly") == 0 || last == 'm') {
tm->tm_hour = 0;
tm->tm_mday = 1;
tm->tm_mon -= num - 1;
inst->last_reset = mktime(tm);
+
} else if (strcmp(inst->reset, "never") == 0) {
inst->reset_time = 0;
+
} else {
return -1;
}
static size_t sqlcounter_expand(char *out, int outlen, char const *fmt, rlm_sqlcounter_t *inst)
{
- int c, freespace;
+ int freespace;
char const *p;
char *q;
char tmpdt[40]; /* For temporary storing of dates */
q = out;
- for (p = fmt; *p ; p++) {
+ p = fmt;
+ while (*p) {
/* Calculate freespace in output */
freespace = outlen - (q - out);
if (freespace <= 1) {
return -1;
}
- c = *p;
- if ((c != '%') && (c != '\\')) {
- *q++ = *p;
+
+ /*
+ * Non-% get copied as-is.
+ */
+ if (*p != '%') {
+ *q++ = *p++;
continue;
}
- if (*++p == '\0') break;
- if (c == '\\') switch(*p) {
- case '\\':
- *q++ = *p;
- break;
- case 't':
- *q++ = '\t';
- break;
- case 'n':
- *q++ = '\n';
- break;
- default:
- *q++ = c;
- *q++ = *p;
- break;
+ p++;
+ if (!*p) { /* % and then EOS --> % */
+ *q++ = '%';
+ break;
+ }
- } else if (c == '%') switch(*p) {
+ if (freespace <= 2) return -1;
- case '%':
- *q++ = *p;
- break;
+ /*
+ * We need TWO %% in a row before we do our expansions.
+ * If we only get one, just copy the %s as-is.
+ */
+ if (*p != '%') {
+ *q++ = '%';
+ *q++ = *p++;
+ continue;
+ }
+ p++;
+ if (!*p) {
+ *q++ = '%';
+ *q++ = '%';
+ break;
+ }
+
+ if (freespace <= 3) return -1;
+
+ switch (*p) {
case 'b': /* last_reset */
snprintf(tmpdt, sizeof(tmpdt), "%" PRId64, (int64_t) inst->last_reset);
strlcpy(q, tmpdt, freespace);
q += strlen(q);
+ p++;
break;
case 'e': /* reset_time */
snprintf(tmpdt, sizeof(tmpdt), "%" PRId64, (int64_t) inst->reset_time);
strlcpy(q, tmpdt, freespace);
q += strlen(q);
+ p++;
break;
case 'k': /* Key Name */
- WDEBUG2("Please replace '%%k' with '${key}'");
+ WARN("Please replace '%%k' with '${key}'");
strlcpy(q, inst->key_name, freespace);
q += strlen(q);
+ p++;
break;
+
+ /*
+ * %%s gets copied over as-is.
+ */
default:
*q++ = '%';
- *q++ = *p;
+ *q++ = '%';
+ *q++ = *p++;
break;
}
}
size_t len;
/* First, expand %k, %b and %e in query */
- len = sqlcounter_expand(subst, sizeof(subst), inst->query, inst);
- if (len <= 0) {
+ if (sqlcounter_expand(subst, sizeof(subst), inst->query, inst) <= 0) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
return 0;
}
+static int mod_bootstrap(CONF_SECTION *conf, void *instance)
+{
+ rlm_sqlcounter_t *inst = instance;
+ DICT_ATTR const *da;
+ ATTR_FLAGS flags;
+
+ memset(&flags, 0, sizeof(flags));
+ flags.compare = 1; /* ugly hack */
+ da = dict_attrbyname(inst->counter_name);
+ if (da && (da->type != PW_TYPE_INTEGER64)) {
+ cf_log_err_cs(conf, "Counter attribute %s MUST be integer64", inst->counter_name);
+ return -1;
+ }
+
+ if (!da && (dict_addattr(inst->counter_name, -1, 0, PW_TYPE_INTEGER64, flags) < 0)) {
+ cf_log_err_cs(conf, "Failed to create counter attribute %s: %s", inst->counter_name, fr_strerror());
+ return -1;
+ }
+
+ /*
+ * Register the counter comparison operation.
+ */
+ if (paircompare_register_byname(inst->counter_name, NULL, true, sqlcounter_cmp, inst) < 0) {
+ cf_log_err_cs(conf, "Failed registering counter attribute %s: %s", inst->counter_name, fr_strerror());
+ return -1;
+ }
+
+ inst->dict_attr = dict_attrbyname(inst->counter_name);
+ if (!inst->dict_attr) {
+ cf_log_err_cs(conf, "Failed to find counter attribute %s", inst->counter_name);
+ return -1;
+ }
+
+ /*
+ * Create a new attribute for the check item.
+ */
+ flags.compare = 0;
+ if ((dict_addattr(inst->limit_name, -1, 0, PW_TYPE_INTEGER64, flags) < 0) ||
+ !dict_attrbyname(inst->limit_name)) {
+ cf_log_err_cs(conf, "Failed to create check attribute %s: %s", inst->limit_name, fr_strerror());
+ return -1;
+ }
+
+ return 0;
+}
/*
* Do any per-module initialization that is separate to each
{
rlm_sqlcounter_t *inst = instance;
DICT_ATTR const *da;
- ATTR_FLAGS flags;
time_t now;
rad_assert(inst->query && *inst->query);
}
inst->reply_attr = da;
- /*
- * Create a new attribute for the counter.
- */
- rad_assert(inst->counter_name && *inst->counter_name);
- memset(&flags, 0, sizeof(flags));
- dict_addattr(inst->counter_name, -1, 0, PW_TYPE_INTEGER, flags);
- da = dict_attrbyname(inst->counter_name);
- if (!da) {
- cf_log_err_cs(conf, "Failed to create counter attribute %s", inst->counter_name);
- return -1;
- }
- inst->dict_attr = da;
-
- /*
- * Create a new attribute for the check item.
- */
- rad_assert(inst->limit_name && *inst->limit_name);
- dict_addattr(inst->limit_name, -1, 0, PW_TYPE_INTEGER, flags);
- da = dict_attrbyname(inst->limit_name);
- if (!da) {
- cf_log_err_cs(conf, "Failed to create check attribute %s", inst->limit_name);
- return -1;
- }
-
now = time(NULL);
inst->reset_time = 0;
- if (find_next_reset(inst,now) == -1) {
+ if (find_next_reset(inst, NULL, now) < 0) {
cf_log_err_cs(conf, "Invalid reset '%s'", inst->reset);
return -1;
}
return -1;
}
- /*
- * Register the counter comparison operation.
- */
- paircompare_register(inst->dict_attr, NULL, true, sqlcounter_cmp, inst);
-
return 0;
}
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
-static rlm_rcode_t mod_authorize(void *instance, REQUEST *request)
+static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void *instance, REQUEST *request)
{
rlm_sqlcounter_t *inst = instance;
int rcode = RLM_MODULE_NOOP;
size_t len;
- rad_assert(instance != NULL);
- rad_assert(request != NULL);
-
/*
* Before doing anything else, see if we have to reset
* the counters.
* Re-set the next time and prev_time for this counters range
*/
inst->last_reset = inst->reset_time;
- find_next_reset(inst,request->timestamp);
+ find_next_reset(inst, request, request->timestamp);
}
/*
if ((inst->key_attr->vendor == 0) && (inst->key_attr->attr == PW_USER_NAME)) {
key_vp = request->username;
} else {
- key_vp = pairfind(request->packet->vps, inst->key_attr->attr, inst->key_attr->vendor, TAG_ANY);
+ key_vp = fr_pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
}
if (!key_vp) {
- RWDEBUG2("Couldn't find key attribute 'request:%s'", inst->key_attr->name);
+ RWDEBUG2("Couldn't find key attribute, request:%s, doing nothing...", inst->key_attr->name);
return rcode;
}
return rcode;
}
- limit = pairfind(request->config_items, da->attr, da->vendor, TAG_ANY);
+ limit = fr_pair_find_by_da(request->config, da, TAG_ANY);
if (limit == NULL) {
- RWDEBUG2("Couldn't find control attribute 'control:%s'", inst->limit_name);
+ /* Yes this really is 'check' as distinct from control */
+ RWDEBUG2("Couldn't find check attribute, control:%s, doing nothing...", inst->limit_name);
return rcode;
}
/* First, expand %k, %b and %e in query */
- len = sqlcounter_expand(subst, sizeof(subst), inst->query, inst);
- if (len <= 0) {
+ if (sqlcounter_expand(subst, sizeof(subst), inst->query, inst) <= 0) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
if (limit->vp_integer64 <= counter) {
/* User is denied access, send back a reply message */
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", inst->reset);
- pairmake_reply("Reply-Message", msg, T_OP_EQ);
+ pair_make_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG2("Maximum %s usage time reached", inst->reset);
- REDEBUG2("Rejecting user, control:%s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")",
+ REDEBUG2("Rejecting user, &control:%s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")",
inst->limit_name, limit->vp_integer64, counter);
return RLM_MODULE_REJECT;
}
res = limit->vp_integer64 - counter;
- RDEBUG2("Allowing user, control:%s value (%" PRIu64 ") is greater than counter value (%" PRIu64 ")",
+ RDEBUG2("Allowing user, &control:%s value (%" PRIu64 ") is greater than counter value (%" PRIu64 ")",
inst->limit_name, limit->vp_integer64, counter);
/*
* We are assuming that simultaneous-use=1. But
* again. Do this only for Session-Timeout.
*/
if (((inst->reply_attr->vendor == 0) && (inst->reply_attr->attr == PW_SESSION_TIMEOUT)) &&
- inst->reset_time && ((int) res >= (inst->reset_time - request->timestamp))) {
- res = (inst->reset_time - request->timestamp);
- res += limit->vp_integer;
+ inst->reset_time && (res >= (uint64_t)(inst->reset_time - request->timestamp))) {
+ uint64_t to_reset = inst->reset_time - request->timestamp;
+
+ RDEBUG2("Time remaining (%" PRIu64 "s) is greater than time to reset (%" PRIu64 "s). "
+ "Adding %" PRIu64 "s to reply value", to_reset, res, to_reset);
+ res = to_reset + limit->vp_integer;
}
/*
* Limit the reply attribute to the minimum of the existing value, or this new one.
*/
- reply_item = pairfind(request->reply->vps, inst->reply_attr->attr, inst->reply_attr->vendor, TAG_ANY);
+ reply_item = fr_pair_find_by_da(request->reply->vps, inst->reply_attr, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer64 <= res) {
- RDEBUG2("Leaving existing reply:%s value of %" PRIu64, inst->reply_attr->name,
- reply_item->vp_integer64);
+ RDEBUG2("Leaving existing &reply:%s value of %" PRIu64, inst->reply_attr->name,
+ reply_item->vp_integer64);
return RLM_MODULE_OK;
}
} else {
- reply_item = radius_paircreate(request, &request->reply->vps, inst->reply_attr->attr,
+ reply_item = radius_pair_create(request->reply, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
}
reply_item->vp_integer64 = res;
- RDEBUG2("Setting reply:%s value to %" PRIu64, inst->reply_name, reply_item->vp_integer64);
+ RDEBUG2("Setting &reply:%s value to %" PRIu64, inst->reply_name, reply_item->vp_integer64);
return RLM_MODULE_OK;
}
* The server will then take care of ensuring that the module
* is single-threaded.
*/
+extern module_t rlm_sqlcounter;
module_t rlm_sqlcounter = {
- RLM_MODULE_INIT,
- "rlm_sqlcounter",
- RLM_TYPE_THREAD_SAFE, /* type */
- sizeof(rlm_sqlcounter_t),
- module_config,
- mod_instantiate, /* instantiation */
- NULL, /* detach */
- {
- NULL, /* authentication */
- mod_authorize, /* authorization */
- NULL, /* preaccounting */
- NULL, /* accounting */
- NULL, /* checksimul */
- NULL, /* pre-proxy */
- NULL, /* post-proxy */
- NULL /* post-auth */
+ .magic = RLM_MODULE_INIT,
+ .name = "sqlcounter",
+ .type = RLM_TYPE_THREAD_SAFE,
+ .inst_size = sizeof(rlm_sqlcounter_t),
+ .config = module_config,
+ .bootstrap = mod_bootstrap,
+ .instantiate = mod_instantiate,
+ .methods = {
+ [MOD_AUTHORIZE] = mod_authorize
},
};
projects / freeradius.git / blobdiff