# reply-message = "Your account has expired, %{User-Name}\r\n"
}
+ # The logintime module. This handles the Login-Time,
+ # Current-Time, and Time-Of-Day attributes. It should be
+ # included in the *end* of the authorize section in order to
+ # handle Login-Time checks. It should also be included in the
+ # instantiate section in order to register the Current-Time
+ # and Time-Of-Day comparison functions.
#
- # The logintime module. Handles the Login-Time and Current-Time attributes.
- # It should be included in the *end* of the authorize section
- # in order to handle Login-Time checks. It should also be included in
- # the instantiate section in order to register the Current-Time compare
- # function.
- # If the user is allowed to logon a Session-Timeout is calculated based on the
- # remaining time.
+ # When the Login-Time attribute is set to some value, and the
+ # user has bene permitted to log in, a Session-Timeout is
+ # calculated based on the remaining time. See "doc/README".
#
logintime {
#
- # The Reply-Message which will be sent back in case the account
- # is calling outside of the allowed timespan. Dynamic substitution is
- # supported.
+ # The Reply-Message which will be sent back in case
+ # the account is calling outside of the allowed
+ # timespan. Dynamic substitution is supported.
#
reply-message = "You are calling outside your allowed timespan\r\n"
# reply-message = "Outside allowed timespan (%{check:Login-Time}), %{User-Name}\r\n"
- #
- # The minimum timeout (in seconds) a user is allowed to have. If the calculated
- # timeout is lower we don't allow the logon. Some NASes do not handle
- # values lower than 60 seconds well.
- #
+
+ # The minimum timeout (in seconds) a user is allowed
+ # to have. If the calculated timeout is lower we don't
+ # allow the logon. Some NASes do not handle values
+ # lower than 60 seconds well.
minimum-timeout = 60
}
#
# ANSI X9.9 token support. Not included by default.
# $INCLUDE ${confdir}/x99.conf
+ #
+ # Implements Login-Time, Current-Time, and Time-Of-Day
+ #
+ logintime {
+ #
+ # Don't worry about anything here for now..
+ #
+ }
}
# Instantiation
ATTRIBUTE Packet-Src-Port 1086 integer
ATTRIBUTE Packet-Dst-Port 1087 integer
ATTRIBUTE Packet-Authentication-Vector 1088 octets
+ATTRIBUTE Time-Of-Day 1089 string
#
# Range: 1084-1199
#
-# Range: 1800-2999
+# Range: 1800-1899
+# Temporary attributes, for local storage.
+#
+ATTRIBUTE Tmp-String-0 1800 string
+ATTRIBUTE Tmp-String-1 1801 string
+ATTRIBUTE Tmp-String-2 1802 string
+ATTRIBUTE Tmp-String-3 1803 string
+ATTRIBUTE Tmp-String-4 1804 string
+ATTRIBUTE Tmp-String-5 1805 string
+ATTRIBUTE Tmp-String-6 1806 string
+ATTRIBUTE Tmp-String-7 1807 string
+ATTRIBUTE Tmp-String-8 1808 string
+ATTRIBUTE Tmp-String-9 1809 string
+
+ATTRIBUTE Tmp-Integer-0 1810 integer
+ATTRIBUTE Tmp-Integer-1 1811 integer
+ATTRIBUTE Tmp-Integer-2 1812 integer
+ATTRIBUTE Tmp-Integer-3 1813 integer
+ATTRIBUTE Tmp-Integer-4 1814 integer
+ATTRIBUTE Tmp-Integer-5 1815 integer
+ATTRIBUTE Tmp-Integer-6 1816 integer
+ATTRIBUTE Tmp-Integer-7 1817 integer
+ATTRIBUTE Tmp-Integer-8 1818 integer
+ATTRIBUTE Tmp-Integer-9 1819 integer
+
+ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr
+ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr
+ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr
+ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr
+ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr
+ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr
+ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr
+ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr
+ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
+ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
+
+
+#
+# Range: 1900-2999
# Free
#
# Range: 3000-3999
#define PW_PACKET_SRC_PORT 1086
#define PW_PACKET_DST_PORT 1087
#define PW_PACKET_AUTHENTICATION_VECTOR 1088
+#define PW_TIME_OF_DAY 1089
/*
* Integer Translations
return -1;
}
+
+/*
+ * Time-Of-Day support
+ */
+static int time_of_day(void *instance,
+ REQUEST *req,
+ VALUE_PAIR *request, VALUE_PAIR *check,
+ VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
+{
+ int scan;
+ int hhmmss, when;
+ char *p;
+ struct tm *tm, s_tm;
+
+ instance = instance;
+ request = request; /* shut the compiler up */
+ check_pairs = check_pairs;
+ reply_pairs = reply_pairs;
+
+ /*
+ * Must be called with a request pointer.
+ */
+ if (!req) return -1;
+
+ if (strspn(check->strvalue, "0123456789: ") != strlen(check->strvalue)) {
+ DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
+ check->strvalue);
+ return -1;
+ }
+
+ tm = localtime_r(&req->timestamp, &s_tm);
+ hhmmss = (tm->tm_hour * 3600) + (tm->tm_min * 60) + tm->tm_sec;
+
+ /*
+ * Time of day is a 24-hour clock
+ */
+ p = check->strvalue;
+ scan = atoi(p);
+ p = strchr(p, ':');
+ if ((scan > 23) || !p) {
+ DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
+ check->strvalue);
+ return -1;
+ }
+ when = scan * 3600;
+ p++;
+
+ scan = atoi(p);
+ if (scan > 59) {
+ DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
+ check->strvalue);
+ return -1;
+ }
+ when += scan * 60;
+
+ p = strchr(p, ':');
+ if (p) {
+ scan = atoi(p + 1);
+ if (scan > 59) {
+ DEBUG("rlm_logintime: Bad Time-Of-Day value \"%s\"",
+ check->strvalue);
+ return -1;
+ }
+ when += scan;
+ }
+
+ fprintf(stderr, "returning %d - %d\n",
+ hhmmss, when);
+
+ return hhmmss - when;
+}
+
/*
* Check if account has expired, and if user may login now.
*/
* Register a Current-Time comparison function
*/
paircompare_register(PW_CURRENT_TIME, 0, timecmp, data);
+ paircompare_register(PW_TIME_OF_DAY, 0, time_of_day, data);
*instance = data;
* is single-threaded.
*/
module_t rlm_logintime = {
- "Login Time",
+ "logintime",
RLM_TYPE_THREAD_SAFE, /* type */
NULL, /* initialization */
logintime_instantiate, /* instantiation */