#include <freeradius-devel/ident.h>
RCSID("$Id$")
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <ctype.h>
#include "config.h"
#include <gdbm.h>
#ifdef NEEDS_GDBM_SYNC
# define GDBM_SYNCOPT GDBM_SYNC
#else
# define GDBM_SYNCOPT 0
#endif
#ifdef GDBM_NOLOCK
#define GDBM_COUNTER_OPTS (GDBM_SYNCOPT | GDBM_NOLOCK)
#else
#define GDBM_COUNTER_OPTS (GDBM_SYNCOPT)
#endif
#ifndef HAVE_GDBM_FDESC
#define gdbm_fdesc(foo) (-1)
#endif
#define UNIQUEID_MAX_LEN 32
typedef struct rlm_counter_t {
char *filename;
char *reset;
char *key_name;
char *count_attribute;
char *counter_name;
char *check_name;
char *reply_name;
char *service_type;
int cache_size;
int service_val;
int key_attr;
int count_attr;
int check_attr;
int reply_attr;
time_t reset_time;
time_t last_reset;
int dict_attr;
GDBM_FILE gdbm;
#ifdef HAVE_PTHREAD_H
pthread_mutex_t mutex;
#endif
} rlm_counter_t;
#ifndef HAVE_PTHREAD_H
#define pthread_mutex_lock(a)
#define pthread_mutex_unlock(a)
#define pthread_mutex_init(a,b)
#define pthread_mutex_destroy(a)
#endif
typedef struct rad_counter {
unsigned int user_counter;
char uniqueid[UNIQUEID_MAX_LEN];
} rad_counter;
static const CONF_PARSER module_config[] = {
{ "filename", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,filename), NULL, NULL },
{ "key", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,key_name), NULL, NULL },
{ "reset", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,reset), NULL, NULL },
{ "count-attribute", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,count_attribute), NULL, NULL },
{ "counter-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,counter_name), NULL, NULL },
{ "check-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,check_name), NULL, NULL },
{ "reply-name", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,reply_name), NULL, NULL },
{ "allowed-servicetype", PW_TYPE_STRING_PTR, offsetof(rlm_counter_t,service_type),NULL, NULL },
{ "cache-size", PW_TYPE_INTEGER, offsetof(rlm_counter_t,cache_size), NULL, "1000" },
{ NULL, -1, 0, NULL, NULL }
};
static int counter_detach(void *instance);
static int counter_cmp(void *instance,
REQUEST *req UNUSED,
VALUE_PAIR *request, VALUE_PAIR *check,
VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
{
rlm_counter_t *data = (rlm_counter_t *) instance;
datum key_datum;
datum count_datum;
VALUE_PAIR *key_vp;
rad_counter counter;
check_pairs = check_pairs;
reply_pairs = reply_pairs;
req = req;
key_vp = pairfind(request, data->key_attr);
if (key_vp == NULL) {
return RLM_MODULE_NOOP;
}
key_datum.dptr = key_vp->vp_strvalue;
key_datum.dsize = key_vp->length;
count_datum = gdbm_fetch(data->gdbm, key_datum);
if (count_datum.dptr == NULL) {
return -1;
}
memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
free(count_datum.dptr);
return counter.user_counter - check->vp_integer;
}
static int add_defaults(rlm_counter_t *data)
{
datum key_datum;
datum time_datum;
const char *default1 = "DEFAULT1";
const char *default2 = "DEFAULT2";
DEBUG2("rlm_counter: add_defaults: Start");
key_datum.dptr = (char *) default1;
key_datum.dsize = strlen(default1);
time_datum.dptr = (char *) &data->reset_time;
time_datum.dsize = sizeof(time_t);
if (gdbm_store(data->gdbm, key_datum, time_datum, GDBM_REPLACE) < 0){
radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
data->filename, gdbm_strerror(gdbm_errno));
return RLM_MODULE_FAIL;
}
DEBUG2("rlm_counter: DEFAULT1 set to %d",(int)data->reset_time);
key_datum.dptr = (char *) default2;
key_datum.dsize = strlen(default2);
time_datum.dptr = (char *) &data->last_reset;
time_datum.dsize = sizeof(time_t);
if (gdbm_store(data->gdbm, key_datum, time_datum, GDBM_REPLACE) < 0){
radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
data->filename, gdbm_strerror(gdbm_errno));
return RLM_MODULE_FAIL;
}
DEBUG2("rlm_counter: DEFAULT2 set to %d",(int)data->last_reset);
DEBUG2("rlm_counter: add_defaults: End");
return RLM_MODULE_OK;
}
static int reset_db(rlm_counter_t *data)
{
int cache_size = data->cache_size;
int ret;
DEBUG2("rlm_counter: reset_db: Closing database");
gdbm_close(data->gdbm);
data->gdbm = gdbm_open(data->filename, sizeof(int),
GDBM_NEWDB | GDBM_COUNTER_OPTS, 0600, NULL);
if (data->gdbm == NULL) {
radlog(L_ERR, "rlm_counter: Failed to open file %s: %s",
data->filename, strerror(errno));
return RLM_MODULE_FAIL;
}
if (gdbm_setopt(data->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(int)) == -1)
radlog(L_ERR, "rlm_counter: Failed to set cache size");
DEBUG2("rlm_counter: reset_db: Opened new database");
ret = add_defaults(data);
if (ret != RLM_MODULE_OK)
return ret;
DEBUG2("rlm_counter: reset_db ended");
return RLM_MODULE_OK;
}
static int find_next_reset(rlm_counter_t *data, time_t timeval)
{
int ret = 0;
size_t len;
unsigned int num = 1;
char last = '\0';
struct tm *tm, s_tm;
char sCurrentTime[40], sNextTime[40];
tm = localtime_r(&timeval, &s_tm);
len = strftime(sCurrentTime, sizeof(sCurrentTime), "%Y-%m-%d %H:%M:%S", tm);
if (len == 0) *sCurrentTime = '\0';
tm->tm_sec = tm->tm_min = 0;
if (data->reset == NULL)
return -1;
if (isdigit((int) data->reset[0])){
len = strlen(data->reset);
if (len == 0)
return -1;
last = data->reset[len - 1];
if (!isalpha((int) last))
last = 'd';
num = atoi(data->reset);
DEBUG("rlm_counter: num=%d, last=%c",num,last);
}
if (strcmp(data->reset, "hourly") == 0 || last == 'h') {
tm->tm_hour += num;
data->reset_time = mktime(tm);
} else if (strcmp(data->reset, "daily") == 0 || last == 'd') {
tm->tm_hour = 0;
tm->tm_mday += num;
data->reset_time = mktime(tm);
} else if (strcmp(data->reset, "weekly") == 0 || last == 'w') {
tm->tm_hour = 0;
tm->tm_mday += (7 - tm->tm_wday) +(7*(num-1));
data->reset_time = mktime(tm);
} else if (strcmp(data->reset, "monthly") == 0 || last == 'm') {
tm->tm_hour = 0;
tm->tm_mday = 1;
tm->tm_mon += num;
data->reset_time = mktime(tm);
} else if (strcmp(data->reset, "never") == 0) {
data->reset_time = 0;
} else {
radlog(L_ERR, "rlm_counter: Unknown reset timer \"%s\"",
data->reset);
return -1;
}
len = strftime(sNextTime, sizeof(sNextTime), "%Y-%m-%d %H:%M:%S", tm);
if (len == 0) *sNextTime = '\0';
DEBUG2("rlm_counter: Current Time: %li [%s], Next reset %li [%s]",
timeval, sCurrentTime, data->reset_time, sNextTime);
return ret;
}
static int counter_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_counter_t *data;
DICT_ATTR *dattr;
DICT_VALUE *dval;
ATTR_FLAGS flags;
time_t now;
int cache_size;
int ret;
datum key_datum;
datum time_datum;
const char *default1 = "DEFAULT1";
const char *default2 = "DEFAULT2";
data = rad_malloc(sizeof(*data));
if (!data) {
radlog(L_ERR, "rlm_counter: rad_malloc() failed.");
return -1;
}
memset(data, 0, sizeof(*data));
if (cf_section_parse(conf, data, module_config) < 0) {
free(data);
return -1;
}
cache_size = data->cache_size;
if (data->key_name == NULL) {
radlog(L_ERR, "rlm_counter: 'key' must be set.");
counter_detach(data);
return -1;
}
dattr = dict_attrbyname(data->key_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_counter: No such attribute %s",
data->key_name);
counter_detach(data);
return -1;
}
data->key_attr = dattr->attr;
if (data->count_attribute == NULL) {
radlog(L_ERR, "rlm_counter: 'count-attribute' must be set.");
counter_detach(data);
return -1;
}
dattr = dict_attrbyname(data->count_attribute);
if (dattr == NULL) {
radlog(L_ERR, "rlm_counter: No such attribute %s",
data->count_attribute);
counter_detach(data);
return -1;
}
data->count_attr = dattr->attr;
if (data->reply_name != NULL) {
dattr = dict_attrbyname(data->reply_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_counter: No such attribute %s",
data->reply_name);
counter_detach(data);
return -1;
}
if (dattr->type != PW_TYPE_INTEGER) {
radlog(L_ERR, "rlm_counter: Reply attribute %s is not of type integer",
data->reply_name);
counter_detach(data);
return -1;
}
data->reply_attr = dattr->attr;
}
if (data->counter_name == NULL) {
radlog(L_ERR, "rlm_counter: 'counter-name' must be set.");
counter_detach(data);
return -1;
}
memset(&flags, 0, sizeof(flags));
dict_addattr(data->counter_name, 0, PW_TYPE_INTEGER, -1, flags);
dattr = dict_attrbyname(data->counter_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_counter: Failed to create counter attribute %s",
data->counter_name);
counter_detach(data);
return -1;
}
data->dict_attr = dattr->attr;
DEBUG2("rlm_counter: Counter attribute %s is number %d",
data->counter_name, data->dict_attr);
if (data->check_name == NULL) {
radlog(L_ERR, "rlm_counter: 'check-name' must be set.");
counter_detach(data);
return -1;
}
dict_addattr(data->check_name, 0, PW_TYPE_INTEGER, -1, flags);
dattr = dict_attrbyname(data->check_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_counter: Failed to create check attribute %s",
data->counter_name);
counter_detach(data);
return -1;
}
data->check_attr = dattr->attr;
if (data->service_type != NULL) {
if ((dval = dict_valbyname(PW_SERVICE_TYPE, data->service_type)) == NULL) {
radlog(L_ERR, "rlm_counter: Failed to find attribute number for %s",
data->service_type);
counter_detach(data);
return -1;
}
data->service_val = dval->value;
}
if (data->reset == NULL) {
radlog(L_ERR, "rlm_counter: 'reset' must be set.");
counter_detach(data);
return -1;
}
now = time(NULL);
data->reset_time = 0;
data->last_reset = now;
if (find_next_reset(data,now) == -1){
radlog(L_ERR, "rlm_counter: find_next_reset() returned -1. Exiting.");
counter_detach(data);
return -1;
}
if (data->filename == NULL) {
radlog(L_ERR, "rlm_counter: 'filename' must be set.");
counter_detach(data);
return -1;
}
data->gdbm = gdbm_open(data->filename, sizeof(int),
GDBM_WRCREAT | GDBM_COUNTER_OPTS, 0600, NULL);
if (data->gdbm == NULL) {
radlog(L_ERR, "rlm_counter: Failed to open file %s: %s",
data->filename, strerror(errno));
counter_detach(data);
return -1;
}
if (gdbm_setopt(data->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(int)) == -1)
radlog(L_ERR, "rlm_counter: Failed to set cache size");
key_datum.dptr = (char *)default1;
key_datum.dsize = strlen(default1);
time_datum = gdbm_fetch(data->gdbm, key_datum);
if (time_datum.dptr != NULL){
time_t next_reset = 0;
memcpy(&next_reset, time_datum.dptr, sizeof(time_t));
free(time_datum.dptr);
if (next_reset && next_reset <= now){
data->last_reset = now;
ret = reset_db(data);
if (ret != RLM_MODULE_OK){
radlog(L_ERR, "rlm_counter: reset_db() failed");
counter_detach(data);
return -1;
}
}
else
data->reset_time = next_reset;
key_datum.dptr = (char *)default2;
key_datum.dsize = strlen(default2);
time_datum = gdbm_fetch(data->gdbm, key_datum);
if (time_datum.dptr != NULL){
memcpy(&data->last_reset, time_datum.dptr, sizeof(time_t));
free(time_datum.dptr);
}
}
else{
ret = add_defaults(data);
if (ret != RLM_MODULE_OK){
radlog(L_ERR, "rlm_counter: add_defaults() failed");
counter_detach(data);
return -1;
}
}
paircompare_register(data->dict_attr, 0, counter_cmp, data);
pthread_mutex_init(&data->mutex, NULL);
*instance = data;
return 0;
}
static int counter_accounting(void *instance, REQUEST *request)
{
rlm_counter_t *data = (rlm_counter_t *)instance;
datum key_datum;
datum count_datum;
VALUE_PAIR *key_vp, *count_vp, *proto_vp, *uniqueid_vp;
rad_counter counter;
int rcode;
int acctstatustype = 0;
time_t diff;
if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE)) != NULL)
acctstatustype = key_vp->vp_integer;
else {
DEBUG("rlm_counter: Could not find account status type in packet.");
return RLM_MODULE_NOOP;
}
if (acctstatustype != PW_STATUS_STOP){
DEBUG("rlm_counter: We only run on Accounting-Stop packets.");
return RLM_MODULE_NOOP;
}
uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID);
if (uniqueid_vp != NULL)
DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue);
if (data->reset_time && (data->reset_time <= request->timestamp)) {
int ret;
DEBUG("rlm_counter: Time to reset the database.");
data->last_reset = data->reset_time;
find_next_reset(data,request->timestamp);
pthread_mutex_lock(&data->mutex);
ret = reset_db(data);
pthread_mutex_unlock(&data->mutex);
if (ret != RLM_MODULE_OK)
return ret;
}
if (data->service_type != NULL) {
if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE)) == NULL){
DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP.");
return RLM_MODULE_NOOP;
}
if ((unsigned)proto_vp->vp_integer != data->service_val){
DEBUG("rlm_counter: This Service-Type is not allowed. Returning NOOP.");
return RLM_MODULE_NOOP;
}
}
key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME);
if (key_vp != NULL){
if (key_vp->vp_integer != 0 &&
(request->timestamp - key_vp->vp_integer) < data->last_reset){
DEBUG("rlm_counter: This packet is too old. Returning NOOP.");
return RLM_MODULE_NOOP;
}
}
key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr);
if (key_vp == NULL){
DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP.");
return RLM_MODULE_NOOP;
}
count_vp = pairfind(request->packet->vps, data->count_attr);
if (count_vp == NULL){
DEBUG("rlm_counter: Could not find the count-attribute in the request.");
return RLM_MODULE_NOOP;
}
key_datum.dptr = key_vp->vp_strvalue;
key_datum.dsize = key_vp->length;
DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
pthread_mutex_lock(&data->mutex);
count_datum = gdbm_fetch(data->gdbm, key_datum);
pthread_mutex_unlock(&data->mutex);
if (count_datum.dptr == NULL){
DEBUG("rlm_counter: Could not find the requested key in the database.");
counter.user_counter = 0;
if (uniqueid_vp != NULL)
strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue,
sizeof(counter.uniqueid));
else
memset((char *)counter.uniqueid,0,UNIQUEID_MAX_LEN);
}
else{
DEBUG("rlm_counter: Key found.");
memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
free(count_datum.dptr);
if (counter.uniqueid)
DEBUG("rlm_counter: Counter Unique ID = '%s'",counter.uniqueid);
if (uniqueid_vp != NULL){
if (counter.uniqueid != NULL &&
strncmp(uniqueid_vp->vp_strvalue,counter.uniqueid, UNIQUEID_MAX_LEN - 1) == 0){
DEBUG("rlm_counter: Unique IDs for user match. Droping the request.");
return RLM_MODULE_NOOP;
}
strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue,
sizeof(counter.uniqueid));
}
DEBUG("rlm_counter: User=%s, Counter=%d.",request->username->vp_strvalue,counter.user_counter);
}
if (data->count_attr == PW_ACCT_SESSION_TIME) {
diff = request->timestamp - data->last_reset;
counter.user_counter += (count_vp->vp_integer < diff) ? count_vp->vp_integer : diff;
} else if (count_vp->type == PW_TYPE_INTEGER) {
counter.user_counter += count_vp->vp_integer;
} else {
counter.user_counter++;
}
DEBUG("rlm_counter: User=%s, New Counter=%d.",request->username->vp_strvalue,counter.user_counter);
count_datum.dptr = (char *) &counter;
count_datum.dsize = sizeof(rad_counter);
DEBUG("rlm_counter: Storing new value in database.");
pthread_mutex_lock(&data->mutex);
rcode = gdbm_store(data->gdbm, key_datum, count_datum, GDBM_REPLACE);
pthread_mutex_unlock(&data->mutex);
if (rcode < 0) {
radlog(L_ERR, "rlm_counter: Failed storing data to %s: %s",
data->filename, gdbm_strerror(gdbm_errno));
return RLM_MODULE_FAIL;
}
DEBUG("rlm_counter: New value stored successfully.");
return RLM_MODULE_OK;
}
static int counter_authorize(void *instance, REQUEST *request)
{
rlm_counter_t *data = (rlm_counter_t *) instance;
int ret=RLM_MODULE_NOOP;
datum key_datum;
datum count_datum;
rad_counter counter;
int res=0;
VALUE_PAIR *key_vp, *check_vp;
VALUE_PAIR *reply_item;
char msg[128];
instance = instance;
request = request;
if (data->reset_time && (data->reset_time <= request->timestamp)) {
int ret2;
data->last_reset = data->reset_time;
find_next_reset(data,request->timestamp);
pthread_mutex_lock(&data->mutex);
ret2 = reset_db(data);
pthread_mutex_unlock(&data->mutex);
if (ret2 != RLM_MODULE_OK)
return ret2;
}
DEBUG2("rlm_counter: Entering module authorize code");
key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr);
if (key_vp == NULL) {
DEBUG2("rlm_counter: Could not find Key value pair");
return ret;
}
if ((check_vp= pairfind(request->config_items, data->check_attr)) == NULL) {
DEBUG2("rlm_counter: Could not find Check item value pair");
return ret;
}
key_datum.dptr = key_vp->vp_strvalue;
key_datum.dsize = key_vp->length;
counter.user_counter = 0;
DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
pthread_mutex_lock(&data->mutex);
count_datum = gdbm_fetch(data->gdbm, key_datum);
pthread_mutex_unlock(&data->mutex);
if (count_datum.dptr != NULL){
DEBUG("rlm_counter: Key Found.");
memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
free(count_datum.dptr);
}
else
DEBUG("rlm_counter: Could not find the requested key in the database.");
DEBUG("rlm_counter: Check item = %d, Count = %d",check_vp->vp_integer,counter.user_counter);
res=check_vp->vp_integer - counter.user_counter;
if (res > 0) {
DEBUG("rlm_counter: res is greater than zero");
if (data->count_attr == PW_ACCT_SESSION_TIME) {
if (data->reset_time && (
res >= (data->reset_time - request->timestamp))) {
res = data->reset_time - request->timestamp;
res += check_vp->vp_integer;
}
if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT)) != NULL) {
if (reply_item->vp_integer > res)
reply_item->vp_integer = res;
} else {
reply_item = radius_paircreate(request, &request->reply->vps, PW_SESSION_TIMEOUT, PW_TYPE_INTEGER);
reply_item->vp_integer = res;
}
}
else if (data->reply_attr) {
if ((reply_item = pairfind(request->reply->vps, data->reply_attr)) != NULL) {
if (reply_item->vp_integer > res)
reply_item->vp_integer = res;
}
else {
reply_item = radius_paircreate(request, &request->reply->vps, data->reply_attr, PW_TYPE_INTEGER);
reply_item->vp_integer = res;
}
}
ret=RLM_MODULE_OK;
DEBUG2("rlm_counter: (Check item - counter) is greater than zero");
DEBUG2("rlm_counter: Authorized user %s, check_item=%d, counter=%d",
key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
DEBUG2("rlm_counter: Sent Reply-Item for user %s, Type=Session-Timeout, value=%d",
key_vp->vp_strvalue,res);
}
else{
char module_fmsg[MAX_STRING_LEN];
VALUE_PAIR *module_fmsg_vp;
sprintf(msg, "Your maximum %s usage time has been reached", data->reset);
reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
pairadd(&request->reply->vps, reply_item);
snprintf(module_fmsg,sizeof(module_fmsg), "rlm_counter: Maximum %s usage time reached", data->reset);
module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
ret=RLM_MODULE_REJECT;
DEBUG2("rlm_counter: Rejected user %s, check_item=%d, counter=%d",
key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
}
return ret;
}
static int counter_detach(void *instance)
{
rlm_counter_t *data = (rlm_counter_t *) instance;
paircompare_unregister(data->dict_attr, counter_cmp);
if (data->gdbm)
gdbm_close(data->gdbm);
pthread_mutex_destroy(&data->mutex);
free(instance);
return 0;
}
module_t rlm_counter = {
RLM_MODULE_INIT,
"counter",
RLM_TYPE_THREAD_SAFE,
counter_instantiate,
counter_detach,
{
NULL,
counter_authorize,
NULL,
counter_accounting,
NULL,
NULL,
NULL,
NULL
},
};