/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int sqlcounter_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_sqlcounter_t *data;
DICT_ATTR *dattr;
ATTR_FLAGS flags;
time_t now;
char buffer[MAX_STRING_LEN];
/*
* Set up a storage area for instance data
*/
data = rad_malloc(sizeof(*data));
if (!data) {
return -1;
}
memset(data, 0, sizeof(*data));
/*
* If the configuration parameters can't be parsed, then
* fail.
*/
if (cf_section_parse(conf, data, module_config) < 0) {
free(data);
return -1;
}
/*
* No query, die.
*/
if (data->query == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'query' must be set.");
return -1;
}
/*
* Safe characters list for sql queries. Everything else is
* replaced rwith their mime-encoded equivalents.
*/
allowed_chars = data->allowed_chars;
/*
* Discover the attribute number of the key.
*/
if (data->key_name == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'key' must be set.");
return -1;
}
sql_escape_func(buffer, sizeof(buffer), data->key_name);
if (strcmp(buffer, data->key_name) != 0) {
radlog(L_ERR, "rlm_sqlcounter: The value for option 'key' is too long or contains unsafe characters.");
return -1;
}
dattr = dict_attrbyname(data->key_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: No such attribute %s",
data->key_name);
return -1;
}
data->key_attr = dattr->attr;
/*
* Check the "sqlmod-inst" option.
*/
if (data->sqlmod_inst == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'sqlmod-inst' must be set.");
return -1;
}
sql_escape_func(buffer, sizeof(buffer), data->sqlmod_inst);
if (strcmp(buffer, data->sqlmod_inst) != 0) {
radlog(L_ERR, "rlm_sqlcounter: The value for option 'sqlmod-inst' is too long or contains unsafe characters.");
return -1;
}
/*
* Create a new attribute for the counter.
*/
if (data->counter_name == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'counter-name' must be set.");
return -1;
}
memset(&flags, 0, sizeof(flags));
dict_addattr(data->counter_name, 0, PW_TYPE_INTEGER, -1, flags);
dattr = dict_attrbyname(data->counter_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: Failed to create counter attribute %s",
data->counter_name);
return -1;
}
data->dict_attr = dattr->attr;
DEBUG2("rlm_sqlcounter: Counter attribute %s is number %d",
data->counter_name, data->dict_attr);
/*
* Create a new attribute for the check item.
*/
if (data->check_name == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'check-name' must be set.");
return -1;
}
dict_addattr(data->check_name, 0, PW_TYPE_INTEGER, -1, flags);
dattr = dict_attrbyname(data->check_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: Failed to create check attribute %s",
data->counter_name);
return -1;
}
DEBUG2("rlm_sqlcounter: Check attribute %s is number %d",
data->check_name, dattr->attr);
/*
* Discover the end of the current time period.
*/
if (data->reset == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'reset' must be set.");
return -1;
}
now = time(NULL);
data->reset_time = 0;
if (find_next_reset(data,now) == -1)
return -1;
/*
* Discover the beginning of the current time period.
*/
data->last_reset = 0;
if (find_prev_reset(data,now) == -1)
return -1;
/*
* Register the counter comparison operation.
*/
paircompare_register(data->dict_attr, 0, sqlcounter_cmp, data);
*instance = data;
return 0;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static int sqlcounter_authorize(void *instance, REQUEST *request)
{
rlm_sqlcounter_t *data = (rlm_sqlcounter_t *) instance;
int ret=RLM_MODULE_NOOP;
int counter=0;
int res=0;
DICT_ATTR *dattr;
VALUE_PAIR *key_vp, *check_vp;
VALUE_PAIR *reply_item;
char msg[128];
char querystr[MAX_QUERY_LEN];
char responsestr[MAX_QUERY_LEN];
/* quiet the compiler */
instance = instance;
request = request;
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (data->reset_time && (data->reset_time <= request->timestamp)) {
/*
* Re-set the next time and prev_time for this counters range
*/
data->last_reset = data->reset_time;
find_next_reset(data,request->timestamp);
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
DEBUG2("rlm_sqlcounter: Entering module authorize code");
key_vp = (data->key_attr == PW_USER_NAME) ? request->username : pairfind(request->packet->vps, data->key_attr);
if (key_vp == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Key value pair");
return ret;
}
/*
* Look for the check item
*/
if ((dattr = dict_attrbyname(data->check_name)) == NULL) {
return ret;
}
/* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */
if ((check_vp= pairfind(request->config_items, dattr->attr)) == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Check item value pair");
return ret;
}
/* first, expand %k, %b and %e in query */
sqlcounter_expand(querystr, MAX_QUERY_LEN, data->query, instance);
/* second, xlat any request attribs in query */
radius_xlat(responsestr, MAX_QUERY_LEN, querystr, request, sql_escape_func);
/* third, wrap query with sql module & expand */
snprintf(querystr, sizeof(querystr), "%%{%%S:%s}", responsestr);
sqlcounter_expand(responsestr, MAX_QUERY_LEN, querystr, instance);
/* Finally, xlat resulting SQL query */
radius_xlat(querystr, MAX_QUERY_LEN, responsestr, request, sql_escape_func);
counter = atoi(querystr);
/*
* Check if check item > counter
*/
res=check_vp->lvalue - counter;
if (res > 0) {
DEBUG2("rlm_sqlcounter: (Check item - counter) is greater than zero");
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* User is allowed, but set Session-Timeout.
* Stolen from main/auth.c
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
*/
if (data->reset_time && (
res >= (data->reset_time - request->timestamp))) {
res = data->reset_time - request->timestamp;
res += check_vp->lvalue;
}
if ((reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT)) != NULL) {
if (reply_item->lvalue > res)
reply_item->lvalue = res;
} else {
if ((reply_item = paircreate(PW_SESSION_TIMEOUT, PW_TYPE_INTEGER)) == NULL) {
radlog(L_ERR|L_CONS, "no memory");
return RLM_MODULE_NOOP;
}
reply_item->lvalue = res;
pairadd(&request->reply->vps, reply_item);
}
ret=RLM_MODULE_OK;
DEBUG2("rlm_sqlcounter: Authorized user %s, check_item=%d, counter=%d",
key_vp->strvalue,check_vp->lvalue,counter);
DEBUG2("rlm_sqlcounter: Sent Reply-Item for user %s, Type=Session-Timeout, value=%d",
key_vp->strvalue,reply_item->lvalue);
}
else{
char module_fmsg[MAX_STRING_LEN];
VALUE_PAIR *module_fmsg_vp;
DEBUG2("rlm_sqlcounter: (Check item - counter) is less than zero");
/*
* User is denied access, send back a reply message
*/
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", data->reset);
reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
pairadd(&request->reply->vps, reply_item);
snprintf(module_fmsg, sizeof(module_fmsg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset);
module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
ret=RLM_MODULE_REJECT;
DEBUG2("rlm_sqlcounter: Rejected user %s, check_item=%d, counter=%d",
key_vp->strvalue,check_vp->lvalue,counter);
}
return ret;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int sqlcounter_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_sqlcounter_t *data;
DICT_ATTR *dattr;
ATTR_FLAGS flags;
time_t now;
/*
* Set up a storage area for instance data
*/
data = rad_malloc(sizeof(*data));
if (!data) {
radlog(L_ERR, "rlm_sqlcounter: Not enough memory.");
return -1;
}
memset(data, 0, sizeof(*data));
/*
* If the configuration parameters can't be parsed, then
* fail.
*/
if (cf_section_parse(conf, data, module_config) < 0) {
radlog(L_ERR, "rlm_sqlcounter: Unable to parse parameters.");
sqlcounter_detach(data);
return -1;
}
/*
* No query, die.
*/
if (data->query == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'query' must be set.");
sqlcounter_detach(data);
return -1;
}
/*
* Discover the attribute number of the key.
*/
if (data->key_name == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'key' must be set.");
sqlcounter_detach(data);
return -1;
}
dattr = dict_attrbyname(data->key_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: No such attribute %s",
data->key_name);
sqlcounter_detach(data);
return -1;
}
data->key_attr = dattr;
dattr = dict_attrbyname(data->reply_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: No such attribute %s",
data->reply_name);
sqlcounter_detach(data);
return -1;
}
data->reply_attr = dattr;
DEBUG2("rlm_sqlcounter: Reply attribute %s is number %d",
data->reply_name, dattr->attr);
/*
* Check the "sqlmod-inst" option.
*/
if (data->sqlmod_inst == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'sqlmod-inst' must be set.");
sqlcounter_detach(data);
return -1;
}
/*
* Create a new attribute for the counter.
*/
if (data->counter_name == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'counter-name' must be set.");
sqlcounter_detach(data);
return -1;
}
memset(&flags, 0, sizeof(flags));
dict_addattr(data->counter_name, -1, 0, PW_TYPE_INTEGER, flags);
dattr = dict_attrbyname(data->counter_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: Failed to create counter attribute %s",
data->counter_name);
sqlcounter_detach(data);
return -1;
}
if (dattr->vendor != 0) {
radlog(L_ERR, "Counter attribute must not be a VSA");
sqlcounter_detach(data);
return -1;
}
data->dict_attr = dattr;
/*
* Create a new attribute for the check item.
*/
if (data->check_name == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'check-name' must be set.");
sqlcounter_detach(data);
return -1;
}
dict_addattr(data->check_name, 0, PW_TYPE_INTEGER, -1, flags);
dattr = dict_attrbyname(data->check_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: Failed to create check attribute %s",
data->check_name);
sqlcounter_detach(data);
return -1;
}
DEBUG2("rlm_sqlcounter: Check attribute %s is number %d",
data->check_name, dattr->attr);
/*
* Discover the end of the current time period.
*/
if (data->reset == NULL) {
radlog(L_ERR, "rlm_sqlcounter: 'reset' must be set.");
sqlcounter_detach(data);
return -1;
}
now = time(NULL);
data->reset_time = 0;
if (find_next_reset(data,now) == -1) {
radlog(L_ERR, "rlm_sqlcounter: Failed to find the next reset time.");
sqlcounter_detach(data);
return -1;
}
/*
* Discover the beginning of the current time period.
*/
data->last_reset = 0;
if (find_prev_reset(data,now) == -1) {
radlog(L_ERR, "rlm_sqlcounter: Failed to find the previous reset time.");
sqlcounter_detach(data);
return -1;
}
/*
* Register the counter comparison operation.
*/
paircompare_register(data->dict_attr->attr, 0, sqlcounter_cmp, data);
*instance = data;
return 0;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static int sqlcounter_authorize(void *instance, REQUEST *request)
{
rlm_sqlcounter_t *data = (rlm_sqlcounter_t *) instance;
int ret=RLM_MODULE_NOOP;
unsigned int counter;
DICT_ATTR *dattr;
VALUE_PAIR *key_vp, *check_vp;
VALUE_PAIR *reply_item;
char msg[128];
char querystr[MAX_QUERY_LEN];
char sqlxlat[MAX_QUERY_LEN];
/* quiet the compiler */
instance = instance;
request = request;
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (data->reset_time && (data->reset_time <= request->timestamp)) {
/*
* Re-set the next time and prev_time for this counters range
*/
data->last_reset = data->reset_time;
find_next_reset(data,request->timestamp);
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
DEBUG2("rlm_sqlcounter: Entering module authorize code");
key_vp = ((data->key_attr->vendor == 0) && (data->key_attr->attr == PW_USER_NAME)) ? request->username : pairfind(request->packet->vps, data->key_attr->attr, data->key_attr->vendor);
if (key_vp == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Key value pair");
return ret;
}
/*
* Look for the check item
*/
if ((dattr = dict_attrbyname(data->check_name)) == NULL) {
return ret;
}
/* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */
if ((check_vp= pairfind(request->config_items, dattr->attr, dattr->vendor)) == NULL) {
DEBUG2("rlm_sqlcounter: Could not find Check item value pair");
return ret;
}
/* first, expand %k, %b and %e in query */
sqlcounter_expand(querystr, MAX_QUERY_LEN, data->query, instance);
/* next, wrap query with sql module & expand */
snprintf(sqlxlat, sizeof(sqlxlat), "%%{%s:%s}", data->sqlmod_inst, querystr);
/* Finally, xlat resulting SQL query */
radius_xlat(querystr, MAX_QUERY_LEN, sqlxlat, request, NULL, NULL);
if (sscanf(querystr, "%u", &counter) != 1) {
DEBUG2("rlm_sqlcounter: No integer found in string \"%s\"",
querystr);
return RLM_MODULE_NOOP;
}
/*
* Check if check item > counter
*/
if (check_vp->vp_integer > counter) {
unsigned int res = check_vp->vp_integer - counter;
DEBUG2("rlm_sqlcounter: Check item is greater than query result");
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to login
* again. Do this only for Session-Timeout.
*/
if ((data->reply_attr->attr == PW_SESSION_TIMEOUT) &&
data->reset_time &&
(res >= (data->reset_time - request->timestamp))) {
res = data->reset_time - request->timestamp;
res += check_vp->vp_integer;
}
/*
* Limit the reply attribute to the minimum of
* the existing value, or this new one.
*/
reply_item = pairfind(request->reply->vps, data->reply_attr->attr, data->reply_attr->vendor);
if (reply_item) {
if (reply_item->vp_integer > res)
reply_item->vp_integer = res;
} else {
reply_item = radius_paircreate(request,
&request->reply->vps,
data->reply_attr->attr,
data->reply_attr->vendor,
PW_TYPE_INTEGER);
reply_item->vp_integer = res;
}
ret=RLM_MODULE_OK;
DEBUG2("rlm_sqlcounter: Authorized user %s, check_item=%u, counter=%u",
key_vp->vp_strvalue,check_vp->vp_integer,counter);
DEBUG2("rlm_sqlcounter: Sent Reply-Item for user %s, Type=%s, value=%u",
key_vp->vp_strvalue,data->reply_name,reply_item->vp_integer);
}
else{
char module_fmsg[MAX_STRING_LEN];
VALUE_PAIR *module_fmsg_vp;
DEBUG2("rlm_sqlcounter: (Check item - counter) is less than zero");
/*
* User is denied access, send back a reply message
*/
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", data->reset);
reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
pairadd(&request->reply->vps, reply_item);
snprintf(module_fmsg, sizeof(module_fmsg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset);
module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
pairadd(&request->packet->vps, module_fmsg_vp);
ret=RLM_MODULE_REJECT;
DEBUG2("rlm_sqlcounter: Rejected user %s, check_item=%u, counter=%u",
key_vp->vp_strvalue,check_vp->vp_integer,counter);
}
return ret;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_sqlcounter_t *inst = instance;
DICT_ATTR const *da;
ATTR_FLAGS flags;
time_t now;
rad_assert(inst->query && *inst->query);
da = dict_attrbyname(inst->key_name);
if (!da) {
cf_log_err_cs(conf, "Invalid attribute '%s'", inst->key_name);
return -1;
}
inst->key_attr = da;
da = dict_attrbyname(inst->reply_name);
if (!da) {
cf_log_err_cs(conf, "Invalid attribute '%s'", inst->reply_name);
return -1;
}
inst->reply_attr = da;
/*
* Create a new attribute for the counter.
*/
rad_assert(inst->counter_name && *inst->counter_name);
memset(&flags, 0, sizeof(flags));
dict_addattr(inst->counter_name, -1, 0, PW_TYPE_INTEGER, flags);
da = dict_attrbyname(inst->counter_name);
if (!da) {
cf_log_err_cs(conf, "Failed to create counter attribute %s", inst->counter_name);
return -1;
}
inst->dict_attr = da;
/*
* Create a new attribute for the check item.
*/
rad_assert(inst->limit_name && *inst->limit_name);
dict_addattr(inst->limit_name, -1, 0, PW_TYPE_INTEGER, flags);
da = dict_attrbyname(inst->limit_name);
if (!da) {
cf_log_err_cs(conf, "Failed to create check attribute %s", inst->limit_name);
return -1;
}
now = time(NULL);
inst->reset_time = 0;
if (find_next_reset(inst,now) == -1) {
cf_log_err_cs(conf, "Invalid reset '%s'", inst->reset);
return -1;
}
/*
* Discover the beginning of the current time period.
*/
inst->last_reset = 0;
if (find_prev_reset(inst, now) < 0) {
cf_log_err_cs(conf, "Invalid reset '%s'", inst->reset);
return -1;
}
/*
* Register the counter comparison operation.
*/
paircompare_register(inst->dict_attr, NULL, true, sqlcounter_cmp, inst);
return 0;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void *instance, REQUEST *request)
{
rlm_sqlcounter_t *inst = instance;
int rcode = RLM_MODULE_NOOP;
uint64_t counter, res;
DICT_ATTR const *da;
VALUE_PAIR *key_vp, *limit;
VALUE_PAIR *reply_item;
char msg[128];
char query[MAX_QUERY_LEN], subst[MAX_QUERY_LEN];
char *expanded = NULL;
size_t len;
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (inst->reset_time && (inst->reset_time <= request->timestamp)) {
/*
* Re-set the next time and prev_time for this counters range
*/
inst->last_reset = inst->reset_time;
find_next_reset(inst,request->timestamp);
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
if ((inst->key_attr->vendor == 0) && (inst->key_attr->attr == PW_USER_NAME)) {
key_vp = request->username;
} else {
key_vp = pairfind(request->packet->vps, inst->key_attr->attr, inst->key_attr->vendor, TAG_ANY);
}
if (!key_vp) {
RWDEBUG2("Couldn't find key attribute 'request:%s'", inst->key_attr->name);
return rcode;
}
/*
* Look for the check item
*/
if ((da = dict_attrbyname(inst->limit_name)) == NULL) {
return rcode;
}
limit = pairfind(request->config_items, da->attr, da->vendor, TAG_ANY);
if (limit == NULL) {
RWDEBUG2("Couldn't find control attribute 'control:%s'", inst->limit_name);
return rcode;
}
/* First, expand %k, %b and %e in query */
if (sqlcounter_expand(subst, sizeof(subst), inst->query, inst) <= 0) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
}
/* Then combine that with the name of the module were using to do the query */
len = snprintf(query, sizeof(query), "%%{%s:%s}", inst->sqlmod_inst, subst);
if (len >= (sizeof(query) - 1)) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
}
/* Finally, xlat resulting SQL query */
if (radius_axlat(&expanded, request, query, NULL, NULL) < 0) {
return RLM_MODULE_FAIL;
}
talloc_free(expanded);
if (sscanf(expanded, "%" PRIu64, &counter) != 1) {
RDEBUG2("No integer found in result string \"%s\". May be first session, setting counter to 0",
expanded);
counter = 0;
}
/*
* Check if check item > counter
*/
if (limit->vp_integer64 <= counter) {
/* User is denied access, send back a reply message */
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", inst->reset);
pairmake_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG2("Maximum %s usage time reached", inst->reset);
REDEBUG2("Rejecting user, control:%s value (%" PRIu64 ") is less than counter value (%" PRIu64 ")",
inst->limit_name, limit->vp_integer64, counter);
return RLM_MODULE_REJECT;
}
res = limit->vp_integer64 - counter;
RDEBUG2("Allowing user, control:%s value (%" PRIu64 ") is greater than counter value (%" PRIu64 ")",
inst->limit_name, limit->vp_integer64, counter);
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to login
* again. Do this only for Session-Timeout.
*/
if (((inst->reply_attr->vendor == 0) && (inst->reply_attr->attr == PW_SESSION_TIMEOUT)) &&
inst->reset_time && ((int) res >= (inst->reset_time - request->timestamp))) {
res = (inst->reset_time - request->timestamp);
res += limit->vp_integer;
}
/*
* Limit the reply attribute to the minimum of the existing value, or this new one.
*/
reply_item = pairfind(request->reply->vps, inst->reply_attr->attr, inst->reply_attr->vendor, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer64 <= res) {
RDEBUG2("Leaving existing reply:%s value of %" PRIu64, inst->reply_attr->name,
reply_item->vp_integer64);
return RLM_MODULE_OK;
}
} else {
reply_item = radius_paircreate(request->reply, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
}
reply_item->vp_integer64 = res;
RDEBUG2("Setting reply:%s value to %" PRIu64, inst->reply_name, reply_item->vp_integer64);
return RLM_MODULE_OK;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static rlm_rcode_t mod_authorize(UNUSED void *instance, UNUSED REQUEST *request)
{
rlm_sqlcounter_t *inst = instance;
int rcode = RLM_MODULE_NOOP;
uint64_t counter, res;
DICT_ATTR const *dattr;
VALUE_PAIR *key_vp, *check_vp;
VALUE_PAIR *reply_item;
char msg[128];
char *p;
char query[MAX_QUERY_LEN];
char *expanded = NULL;
size_t len;
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (inst->reset_time && (inst->reset_time <= request->timestamp)) {
/*
* Re-set the next time and prev_time for this counters range
*/
inst->last_reset = inst->reset_time;
find_next_reset(inst,request->timestamp);
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
RDEBUG2("Entering module authorize code");
key_vp = ((inst->key_attr->vendor == 0) && (inst->key_attr->attr == PW_USER_NAME)) ?
request->username :
pairfind(request->packet->vps, inst->key_attr->attr, inst->key_attr->vendor, TAG_ANY);
if (!key_vp) {
RDEBUG2("Could not find Key value pair");
return rcode;
}
/*
* Look for the check item
*/
if ((dattr = dict_attrbyname(inst->check_name)) == NULL) {
return rcode;
}
/* DEBUG2("rlm_sqlcounter: Found Check item attribute %d", dattr->attr); */
if ((check_vp = pairfind(request->config_items, dattr->attr, dattr->vendor, TAG_ANY)) == NULL) {
RDEBUG2("Could not find Check item value pair");
return rcode;
}
len = snprintf(query, sizeof(query), "%%{%s:%s}", inst->sqlmod_inst, query);
if (len >= sizeof(query) - 1) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
}
p = query + len;
/* first, expand %k, %b and %e in query */
len = sqlcounter_expand(p, p - query, inst->query, inst);
if (len <= 0) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
}
p += len;
if ((p - query) < 2) {
REDEBUG("Insufficient query buffer space");
return RLM_MODULE_FAIL;
}
p[0] = '}';
p[1] = '\0';
/* Finally, xlat resulting SQL query */
if (radius_axlat(&expanded, request, query, NULL, NULL) < 0) {
return RLM_MODULE_FAIL;
}
if (sscanf(expanded, "%" PRIu64, &counter) != 1) {
RDEBUG2("No integer found in string \"%s\"", expanded);
return RLM_MODULE_NOOP;
}
talloc_free(expanded);
/*
* Check if check item > counter
*/
if (check_vp->vp_integer64 <= counter) {
RDEBUG2("(Check item - counter) is less than zero");
/*
* User is denied access, send back a reply message
*/
snprintf(msg, sizeof(msg), "Your maximum %s usage time has been reached", inst->reset);
pairmake_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG("Maximum %s usage time reached", inst->reset);
rcode = RLM_MODULE_REJECT;
RDEBUG2("Rejected user %s, check_item=%" PRIu64 ", counter=%" PRIu64,
key_vp->vp_strvalue, check_vp->vp_integer64, counter);
return RLM_MODULE_REJECT;
}
res = check_vp->vp_integer64 - counter;
RDEBUG2("Check item is greater than query result");
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to login
* again. Do this only for Session-Timeout.
*/
if ((inst->reply_attr->attr == PW_SESSION_TIMEOUT) &&
inst->reset_time && ((int) res >= (inst->reset_time - request->timestamp))) {
res = inst->reset_time - request->timestamp;
res += check_vp->vp_integer;
}
/*
* Limit the reply attribute to the minimum of
* the existing value, or this new one.
*/
reply_item = pairfind(request->reply->vps, inst->reply_attr->attr, inst->reply_attr->vendor, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer64 > res) {
reply_item->vp_integer64 = res;
}
} else {
reply_item = radius_paircreate(request, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
reply_item->vp_integer64 = res;
}
RDEBUG2("Authorized user %s, check_item=%" PRIu64 ", counter=%" PRIu64 ,
key_vp->vp_strvalue, check_vp->vp_integer64, counter);
RDEBUG2("Sent Reply-Item for user %s, Type=%s, value=%" PRIu64,
key_vp->vp_strvalue, inst->reply_name, reply_item->vp_integer64);
return RLM_MODULE_OK;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_sqlcounter_t *inst = instance;
DICT_ATTR const *dattr;
ATTR_FLAGS flags;
time_t now;
rad_assert(inst->query && *inst->query);
dattr = dict_attrbyname(inst->key_name);
rad_assert(dattr != NULL);
if (dattr->vendor != 0) {
cf_log_err_cs(conf, "Configuration item 'key' cannot be a VSA");
return -1;
}
inst->key_attr = dattr;
dattr = dict_attrbyname(inst->reply_name);
rad_assert(dattr != NULL);
if (dattr->vendor != 0) {
cf_log_err_cs(conf, "Configuration item 'reply_name' cannot be a VSA");
return -1;
}
inst->reply_attr = dattr;
DEBUG2("rlm_sqlcounter: Reply attribute %s is number %d",
inst->reply_name, dattr->attr);
/*
* Create a new attribute for the counter.
*/
rad_assert(inst->counter_name && *inst->counter_name);
memset(&flags, 0, sizeof(flags));
dict_addattr(inst->counter_name, -1, 0, PW_TYPE_INTEGER, flags);
dattr = dict_attrbyname(inst->counter_name);
if (!dattr) {
cf_log_err_cs(conf, "Failed to create counter attribute %s",
inst->counter_name);
return -1;
}
if (dattr->vendor != 0) {
cf_log_err_cs(conf, "Counter attribute must not be a VSA");
return -1;
}
inst->dict_attr = dattr;
/*
* Create a new attribute for the check item.
*/
rad_assert(inst->check_name && *inst->check_name);
dict_addattr(inst->check_name, 0, PW_TYPE_INTEGER, -1, flags);
dattr = dict_attrbyname(inst->check_name);
if (!dattr) {
cf_log_err_cs(conf, "Failed to create check attribute %s",
inst->check_name);
return -1;
}
DEBUG2("rlm_sqlcounter: Check attribute %s is number %d",
inst->check_name, dattr->attr);
now = time(NULL);
inst->reset_time = 0;
if (find_next_reset(inst,now) == -1) {
cf_log_err_cs(conf, "Invalid reset '%s'", inst->reset);
return -1;
}
/*
* Discover the beginning of the current time period.
*/
inst->last_reset = 0;
if (find_prev_reset(inst, now) < 0) {
cf_log_err_cs(conf, "Invalid reset '%s'", inst->reset);
return -1;
}
/*
* Register the counter comparison operation.
*/
paircompare_register(inst->dict_attr, NULL, true, sqlcounter_cmp, inst);
return 0;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void *instance, UNUSED REQUEST *request)
{
rlm_counter_t *inst = instance;
rlm_rcode_t rcode = RLM_MODULE_NOOP;
datum key_datum;
datum count_datum;
rad_counter counter;
VALUE_PAIR *key_vp, *check_vp;
VALUE_PAIR *reply_item;
char msg[128];
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (inst->reset_time && (inst->reset_time <= request->timestamp)) {
rlm_rcode_t rcode2;
inst->last_reset = inst->reset_time;
find_next_reset(inst,request->timestamp);
pthread_mutex_lock(&inst->mutex);
rcode2 = reset_db(inst);
pthread_mutex_unlock(&inst->mutex);
if (rcode2 != RLM_MODULE_OK) {
return rcode2;
}
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
DEBUG2("rlm_counter: Entering module authorize code");
key_vp = (inst->key_attr->attr == PW_USER_NAME) ? request->username :
pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
if (!key_vp) {
DEBUG2("rlm_counter: Could not find Key value pair");
return rcode;
}
/*
* Look for the check item
*/
if ((check_vp = pair_find_by_da(request->config_items, inst->check_attr, TAG_ANY)) == NULL) {
DEBUG2("rlm_counter: Could not find Check item value pair");
return rcode;
}
ASSIGN(key_datum.dptr, key_vp->vp_strvalue);
key_datum.dsize = key_vp->length;
/*
* Init to be sure
*/
counter.user_counter = 0;
DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
pthread_mutex_lock(&inst->mutex);
count_datum = gdbm_fetch(inst->gdbm, key_datum);
pthread_mutex_unlock(&inst->mutex);
if (count_datum.dptr != NULL) {
DEBUG("rlm_counter: Key Found");
memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
free(count_datum.dptr);
}
else
DEBUG("rlm_counter: Could not find the requested key in the database");
/*
* Check if check item > counter
*/
DEBUG("rlm_counter: Check item = %d, Count = %d",check_vp->vp_integer,counter.user_counter);
if (check_vp->vp_integer > counter.user_counter) {
unsigned int res;
res = check_vp->vp_integer - counter.user_counter;
DEBUG("rlm_counter: res is greater than zero");
if (inst->count_attr->attr == PW_ACCT_SESSION_TIME) {
/*
* Do the following only if the count attribute is
* AcctSessionTime
*/
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* User is allowed, but set Session-Timeout.
* Stolen from main/auth.c
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
* Before that set the return value to the time
* remaining to next reset
*/
if (inst->reset_time && (res >= (inst->reset_time - request->timestamp))) {
res = inst->reset_time - request->timestamp;
res += check_vp->vp_integer;
}
reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer > res) {
reply_item->vp_integer = res;
}
} else {
reply_item = radius_paircreate(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
reply_item->vp_integer = res;
}
} else if (inst->reply_attr) {
reply_item = pair_find_by_da(request->reply->vps, inst->reply_attr, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer > res) {
reply_item->vp_integer = res;
}
} else {
reply_item = radius_paircreate(request->reply, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
reply_item->vp_integer = res;
}
}
rcode = RLM_MODULE_OK;
DEBUG2("rlm_counter: (Check item - counter) is greater than zero");
DEBUG2("rlm_counter: Authorized user %s, check_item=%d, counter=%d",
key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
DEBUG2("rlm_counter: Sent Reply-Item for user %s, Type=Session-Timeout, value=%d", key_vp->vp_strvalue,res);
} else {
/*
* User is denied access, send back a reply message
*/
sprintf(msg, "Your maximum %s usage time has been reached", inst->reset);
pairmake_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG("Maximum %s usage time reached", inst->reset);
rcode = RLM_MODULE_REJECT;
DEBUG2("rlm_counter: Rejected user %s, check_item=%d, counter=%d",
key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
}
return rcode;
}
/*
* Write accounting information to this modules database.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_accounting(void *instance, REQUEST *request)
{
rlm_counter_t *inst = instance;
datum key_datum;
datum count_datum;
VALUE_PAIR *key_vp, *count_vp, *proto_vp, *uniqueid_vp;
rad_counter counter;
rlm_rcode_t rcode;
int ret;
int acctstatustype = 0;
time_t diff;
if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL)
acctstatustype = key_vp->vp_integer;
else {
DEBUG("rlm_counter: Could not find account status type in packet");
return RLM_MODULE_NOOP;
}
if (acctstatustype != PW_STATUS_STOP) {
DEBUG("rlm_counter: We only run on Accounting-Stop packets");
return RLM_MODULE_NOOP;
}
uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
if (uniqueid_vp != NULL)
DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue);
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (inst->reset_time && (inst->reset_time <= request->timestamp)) {
DEBUG("rlm_counter: Time to reset the database");
inst->last_reset = inst->reset_time;
find_next_reset(inst,request->timestamp);
pthread_mutex_lock(&inst->mutex);
rcode = reset_db(inst);
pthread_mutex_unlock(&inst->mutex);
if (rcode != RLM_MODULE_OK)
return rcode;
}
/*
* Check if we need to watch out for a specific service-type. If yes then check it
*/
if (inst->service_type != NULL) {
if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY)) == NULL) {
DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP");
return RLM_MODULE_NOOP;
}
if ((unsigned)proto_vp->vp_integer != inst->service_val) {
DEBUG("rlm_counter: This Service-Type is not allowed. Returning NOOP");
return RLM_MODULE_NOOP;
}
}
/*
* Check if request->timestamp - {Acct-Delay-Time} < last_reset
* If yes reject the packet since it is very old
*/
key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (key_vp != NULL) {
if ((key_vp->vp_integer != 0) && (request->timestamp - (time_t) key_vp->vp_integer) < inst->last_reset) {
DEBUG("rlm_counter: This packet is too old. Returning NOOP");
return RLM_MODULE_NOOP;
}
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
key_vp = (inst->key_attr->attr == PW_USER_NAME) ? request->username :
pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
if (!key_vp) {
DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP");
return RLM_MODULE_NOOP;
}
/*
* Look for the attribute to use as a counter.
*/
count_vp = pair_find_by_da(request->packet->vps, inst->count_attr, TAG_ANY);
if (!count_vp) {
DEBUG("rlm_counter: Could not find the count_attribute in the request");
return RLM_MODULE_NOOP;
}
ASSIGN(key_datum.dptr, key_vp->vp_strvalue);
key_datum.dsize = key_vp->length;
DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
pthread_mutex_lock(&inst->mutex);
count_datum = gdbm_fetch(inst->gdbm, key_datum);
if (!count_datum.dptr) {
DEBUG("rlm_counter: Could not find the requested key in the database");
counter.user_counter = 0;
if (uniqueid_vp != NULL)
strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue, sizeof(counter.uniqueid));
else
memset((char *)counter.uniqueid,0,UNIQUEID_MAX_LEN);
} else {
DEBUG("rlm_counter: Key found");
memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
free(count_datum.dptr);
DEBUG("rlm_counter: Counter Unique ID = '%s'",counter.uniqueid);
if (uniqueid_vp != NULL) {
if (strncmp(uniqueid_vp->vp_strvalue,counter.uniqueid, UNIQUEID_MAX_LEN - 1) == 0) {
DEBUG("rlm_counter: Unique IDs for user match. Droping the request");
pthread_mutex_unlock(&inst->mutex);
return RLM_MODULE_NOOP;
}
strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue, sizeof(counter.uniqueid));
}
DEBUG("rlm_counter: User=%s, Counter=%d.",request->username->vp_strvalue,counter.user_counter);
}
if (inst->count_attr->attr == PW_ACCT_SESSION_TIME) {
/*
* If session time < diff then the user got in after the
* last reset. So add his session time, otherwise add the
* diff.
*
* That way if he logged in at 23:00 and we reset the
* daily counter at 24:00 and he logged out at 01:00
* then we will only count one hour (the one in the new
* day). That is the right thing
*/
diff = request->timestamp - inst->last_reset;
counter.user_counter += ((time_t) count_vp->vp_integer < diff) ? count_vp->vp_integer : diff;
} else if (count_vp->da->type == PW_TYPE_INTEGER) {
/*
* Integers get counted, without worrying about
* reset dates.
*/
counter.user_counter += count_vp->vp_integer;
} else {
/*
* The attribute is NOT an integer, just count once
* more that we've seen it.
*/
counter.user_counter++;
}
DEBUG("rlm_counter: User=%s, New Counter=%d.",request->username->vp_strvalue,counter.user_counter);
count_datum.dptr = (char *) &counter;
count_datum.dsize = sizeof(rad_counter);
DEBUG("rlm_counter: Storing new value in database");
ret = gdbm_store(inst->gdbm, key_datum, count_datum, GDBM_REPLACE);
pthread_mutex_unlock(&inst->mutex);
if (ret < 0) {
ERROR("rlm_counter: Failed storing data to %s: %s", inst->filename, gdbm_strerror(gdbm_errno));
return RLM_MODULE_FAIL;
}
DEBUG("rlm_counter: New value stored successfully");
return RLM_MODULE_OK;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_counter_t *inst = instance;
DICT_ATTR const *da;
DICT_VALUE *dval;
ATTR_FLAGS flags;
time_t now;
int cache_size;
int ret;
datum key_datum;
datum time_datum;
char const *default1 = "DEFAULT1";
char const *default2 = "DEFAULT2";
cache_size = inst->cache_size;
da = dict_attrbyname(inst->key_name);
rad_assert(da != NULL);
inst->key_attr = da;
/*
* Discover the attribute number of the counter.
*/
da = dict_attrbyname(inst->count_attribute);
rad_assert(da != NULL);
inst->count_attr = da;
/*
* Discover the attribute number of the reply attribute.
*/
if (inst->reply_name != NULL) {
da = dict_attrbyname(inst->reply_name);
if (!da) {
cf_log_err_cs(conf, "No such attribute %s", inst->reply_name);
return -1;
}
if (da->type != PW_TYPE_INTEGER) {
cf_log_err_cs(conf, "Reply attribute' %s' is not of type integer", inst->reply_name);
return -1;
}
inst->reply_attr = da;
} else {
inst->reply_attr = NULL;
}
/*
* Create a new attribute for the counter.
*/
rad_assert(inst->counter_name && *inst->counter_name);
memset(&flags, 0, sizeof(flags));
if (dict_addattr(inst->counter_name, -1, 0, PW_TYPE_INTEGER, flags) < 0) {
ERROR("rlm_counter: Failed to create counter attribute %s: %s", inst->counter_name, fr_strerror());
return -1;
}
da = dict_attrbyname(inst->counter_name);
if (!da) {
cf_log_err_cs(conf, "Failed to find counter attribute %s", inst->counter_name);
return -1;
}
inst->dict_attr = da;
DEBUG2("rlm_counter: Counter attribute %s is number %d", inst->counter_name, inst->dict_attr->attr);
/*
* Create a new attribute for the check item.
*/
rad_assert(inst->check_name && *inst->check_name);
if (dict_addattr(inst->check_name, -1, 0, PW_TYPE_INTEGER, flags) < 0) {
ERROR("rlm_counter: Failed to create check attribute %s: %s", inst->counter_name, fr_strerror());
return -1;
}
da = dict_attrbyname(inst->check_name);
if (!da) {
ERROR("rlm_counter: Failed to find check attribute %s", inst->counter_name);
return -1;
}
inst->check_attr = da;
/*
* Find the attribute for the allowed protocol
*/
if (inst->service_type != NULL) {
if ((dval = dict_valbyname(PW_SERVICE_TYPE, 0, inst->service_type)) == NULL) {
ERROR("rlm_counter: Failed to find attribute number for %s", inst->service_type);
return -1;
}
inst->service_val = dval->value;
}
/*
* Find when to reset the database.
*/
rad_assert(inst->reset && *inst->reset);
now = time(NULL);
inst->reset_time = 0;
inst->last_reset = now;
if (find_next_reset(inst,now) == -1) {
ERROR("rlm_counter: find_next_reset() returned -1. Exiting");
return -1;
}
{
char *filename;
memcpy(&filename, &inst->filename, sizeof(filename));
inst->gdbm = gdbm_open(filename, sizeof(int), GDBM_NEWDB | GDBM_COUNTER_OPTS, 0600, NULL);
}
if (!inst->gdbm) {
ERROR("rlm_counter: Failed to open file %s: %s", inst->filename, fr_syserror(errno));
return -1;
}
if (gdbm_setopt(inst->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(cache_size)) == -1) {
ERROR("rlm_counter: Failed to set cache size");
}
/*
* Look for the DEFAULT1 entry. This entry if it exists contains the
* time of the next database reset. This time is set each time we reset
* the database. If next_reset < now then we reset the database.
* That way we can overcome the problem where radiusd is down during a database
* reset time. If we did not keep state information in the database then the reset
* would be extended and that would create problems.
*
* We also store the time of the last reset in the DEFAULT2 entry.
*
* If DEFAULT1 and DEFAULT2 do not exist (new database) we add them to the database
*/
memcpy(&key_datum.dptr, &default1, sizeof(key_datum.dptr));
key_datum.dsize = strlen(key_datum.dptr);
time_datum = gdbm_fetch(inst->gdbm, key_datum);
if (time_datum.dptr != NULL) {
time_t next_reset = 0;
memcpy(&next_reset, time_datum.dptr, sizeof(time_t));
free(time_datum.dptr);
time_datum.dptr = NULL;
if (next_reset && next_reset <= now) {
inst->last_reset = now;
ret = reset_db(inst);
if (ret != RLM_MODULE_OK) {
ERROR("rlm_counter: reset_db() failed");
return -1;
}
} else {
inst->reset_time = next_reset;
}
memcpy(&key_datum.dptr, &default2, sizeof(key_datum.dptr));
key_datum.dsize = strlen(key_datum.dptr);
time_datum = gdbm_fetch(inst->gdbm, key_datum);
if (time_datum.dptr != NULL) {
memcpy(&inst->last_reset, time_datum.dptr, sizeof(time_t));
free(time_datum.dptr);
}
} else {
ret = add_defaults(inst);
if (ret != RLM_MODULE_OK) {
ERROR("rlm_counter: add_defaults() failed");
return -1;
}
}
/*
* Register the counter comparison operation.
* FIXME: move all attributes to DA
*/
paircompare_register(inst->dict_attr, NULL, true, counter_cmp, inst);
/*
* Init the mutex
*/
pthread_mutex_init(&inst->mutex, NULL);
return 0;
}
