int main(int argc, char **argv)
{
int i =0;
char *config_file =NULL;
char *listen_addr = NULL;
int fd_arr[MAX_FD];
int no_fds=1;
int just_dump=0;
fd_set fds;
struct sockaddr_atmsvc client;
int len;
unsigned char buffer[P_SIZE];
while(i!=-1) {
i = getopt(argc, argv, "f:l:d");
switch(i) {
case 'd':
printf("Dumping databasefile\n");
just_dump=1;
break;
case 'f':
if (config_file) {
usage(argv[0]);
exit(-1);
}
config_file = (char*)mem_alloc(COMP_NAME, strlen(optarg)+1);
if (!config_file) {
exit(-1);
}
memcpy(config_file, optarg, strlen(optarg)+1);
break;
case 'l':
if (listen_addr) {
usage(argv[0]);
exit(-1);
}
listen_addr = (char*)mem_alloc(COMP_NAME, strlen(optarg)+1);
if (!listen_addr)
exit(-1);
memcpy(listen_addr, optarg, strlen(optarg)+1);
break;
case -1:
break;
default:
usage(argv[0]);
exit(-1);
}
}
if (argc != optind) {
usage(argv[0]);
exit(-1);
}
/* Following gets run in the beginning or when lecs is restarted */
while (stay_alive) {
/* Read configuration file */
if (config_file) {
if (load_db(config_file)<0)
exit(-1);
} else {
if (load_db(DEFAULT_CONFIG)<0)
exit(-1);
}
if (just_dump) {
dump_db(NULL);
exit(0);
}
/* Reserve signals */
signal(SIGHUP, sig_reset);
signal(SIGINT, sig_kill);
signal(SIGQUIT, sig_kill);
signal(SIGABRT, sig_kill);
signal(SIGTERM, sig_kill);
signal(SIGSEGV, sig_kill);
/* CHANGE: First parameter, then configuration file! */
fd_arr[0] = atm_create_socket(CONFIGURATION_DIRECT,
get_lecs_addr());
no_fds=1;
if (fd_arr[0] <0) {
stay_alive=0; /* No need to go on */
}
while(!reset && stay_alive) {
FD_ZERO(&fds);
for(i=0;i<no_fds;i++) {
FD_SET(fd_arr[i],&fds);
}
if (select(MAX_FD, &fds, NULL, NULL, NULL)<0) {
perror("select(MAX_FD,...)");
stay_alive=0;
} else {
if (FD_ISSET(fd_arr[0],&fds)) { /* Incoming call */
if (no_fds == MAX_FD) {
close(fd_arr[1]); /* Oldest */
memmove(&fd_arr[1], &fd_arr[2], sizeof(int)*(MAX_FD-2));
no_fds--;
}
len = sizeof(client);
fd_arr[no_fds] = accept(fd_arr[0], (struct sockaddr*)&client,
&len);
if (fd_arr[no_fds]<0) {
if (errno==ENETRESET)
reset=1;
if (errno==EUNATCH)
stay_alive=1;
} else {
no_fds++;
}
}
for(i=1;i<no_fds;i++) {
if (FD_ISSET(fd_arr[i],&fds)) {
len = read(fd_arr[i], buffer, P_SIZE);
if (len <0 && (errno == ENETRESET || errno == EUNATCH)) {
reset=0;
}
if (len<=0) {
close(fd_arr[i]);
memmove(&fd_arr[i], &fd_arr[i+1], sizeof(int)*(--no_fds -i));
i--;
} else {
if(send_response(fd_arr[i], buffer, len)<0) {
close(fd_arr[i]);
memmove(&fd_arr[i], &fd_arr[i+1], sizeof(int)*(--no_fds -i));
}
}
}
}
}
}
/* This gets done if a signal has been caught, or if
network resets/becomes unavailable */
reset=0;
for(i=0;i<no_fds;i++)
close(fd_arr[i]);
no_fds=0;
reset_db();
}
return 0;
}
/*
* Write accounting information to this modules database.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_accounting(void *instance, REQUEST *request)
{
rlm_counter_t *inst = instance;
datum key_datum;
datum count_datum;
VALUE_PAIR *key_vp, *count_vp, *proto_vp, *uniqueid_vp;
rad_counter counter;
rlm_rcode_t rcode;
int ret;
int acctstatustype = 0;
time_t diff;
if ((key_vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL)
acctstatustype = key_vp->vp_integer;
else {
DEBUG("rlm_counter: Could not find account status type in packet");
return RLM_MODULE_NOOP;
}
if (acctstatustype != PW_STATUS_STOP) {
DEBUG("rlm_counter: We only run on Accounting-Stop packets");
return RLM_MODULE_NOOP;
}
uniqueid_vp = pairfind(request->packet->vps, PW_ACCT_UNIQUE_SESSION_ID, 0, TAG_ANY);
if (uniqueid_vp != NULL)
DEBUG("rlm_counter: Packet Unique ID = '%s'",uniqueid_vp->vp_strvalue);
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (inst->reset_time && (inst->reset_time <= request->timestamp)) {
DEBUG("rlm_counter: Time to reset the database");
inst->last_reset = inst->reset_time;
find_next_reset(inst,request->timestamp);
pthread_mutex_lock(&inst->mutex);
rcode = reset_db(inst);
pthread_mutex_unlock(&inst->mutex);
if (rcode != RLM_MODULE_OK)
return rcode;
}
/*
* Check if we need to watch out for a specific service-type. If yes then check it
*/
if (inst->service_type != NULL) {
if ((proto_vp = pairfind(request->packet->vps, PW_SERVICE_TYPE, 0, TAG_ANY)) == NULL) {
DEBUG("rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP");
return RLM_MODULE_NOOP;
}
if ((unsigned)proto_vp->vp_integer != inst->service_val) {
DEBUG("rlm_counter: This Service-Type is not allowed. Returning NOOP");
return RLM_MODULE_NOOP;
}
}
/*
* Check if request->timestamp - {Acct-Delay-Time} < last_reset
* If yes reject the packet since it is very old
*/
key_vp = pairfind(request->packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
if (key_vp != NULL) {
if ((key_vp->vp_integer != 0) && (request->timestamp - (time_t) key_vp->vp_integer) < inst->last_reset) {
DEBUG("rlm_counter: This packet is too old. Returning NOOP");
return RLM_MODULE_NOOP;
}
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
key_vp = (inst->key_attr->attr == PW_USER_NAME) ? request->username :
pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
if (!key_vp) {
DEBUG("rlm_counter: Could not find the key-attribute in the request. Returning NOOP");
return RLM_MODULE_NOOP;
}
/*
* Look for the attribute to use as a counter.
*/
count_vp = pair_find_by_da(request->packet->vps, inst->count_attr, TAG_ANY);
if (!count_vp) {
DEBUG("rlm_counter: Could not find the count_attribute in the request");
return RLM_MODULE_NOOP;
}
ASSIGN(key_datum.dptr, key_vp->vp_strvalue);
key_datum.dsize = key_vp->length;
DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
pthread_mutex_lock(&inst->mutex);
count_datum = gdbm_fetch(inst->gdbm, key_datum);
if (!count_datum.dptr) {
DEBUG("rlm_counter: Could not find the requested key in the database");
counter.user_counter = 0;
if (uniqueid_vp != NULL)
strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue, sizeof(counter.uniqueid));
else
memset((char *)counter.uniqueid,0,UNIQUEID_MAX_LEN);
} else {
DEBUG("rlm_counter: Key found");
memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
free(count_datum.dptr);
DEBUG("rlm_counter: Counter Unique ID = '%s'",counter.uniqueid);
if (uniqueid_vp != NULL) {
if (strncmp(uniqueid_vp->vp_strvalue,counter.uniqueid, UNIQUEID_MAX_LEN - 1) == 0) {
DEBUG("rlm_counter: Unique IDs for user match. Droping the request");
pthread_mutex_unlock(&inst->mutex);
return RLM_MODULE_NOOP;
}
strlcpy(counter.uniqueid,uniqueid_vp->vp_strvalue, sizeof(counter.uniqueid));
}
DEBUG("rlm_counter: User=%s, Counter=%d.",request->username->vp_strvalue,counter.user_counter);
}
if (inst->count_attr->attr == PW_ACCT_SESSION_TIME) {
/*
* If session time < diff then the user got in after the
* last reset. So add his session time, otherwise add the
* diff.
*
* That way if he logged in at 23:00 and we reset the
* daily counter at 24:00 and he logged out at 01:00
* then we will only count one hour (the one in the new
* day). That is the right thing
*/
diff = request->timestamp - inst->last_reset;
counter.user_counter += ((time_t) count_vp->vp_integer < diff) ? count_vp->vp_integer : diff;
} else if (count_vp->da->type == PW_TYPE_INTEGER) {
/*
* Integers get counted, without worrying about
* reset dates.
*/
counter.user_counter += count_vp->vp_integer;
} else {
/*
* The attribute is NOT an integer, just count once
* more that we've seen it.
*/
counter.user_counter++;
}
DEBUG("rlm_counter: User=%s, New Counter=%d.",request->username->vp_strvalue,counter.user_counter);
count_datum.dptr = (char *) &counter;
count_datum.dsize = sizeof(rad_counter);
DEBUG("rlm_counter: Storing new value in database");
ret = gdbm_store(inst->gdbm, key_datum, count_datum, GDBM_REPLACE);
pthread_mutex_unlock(&inst->mutex);
if (ret < 0) {
ERROR("rlm_counter: Failed storing data to %s: %s", inst->filename, gdbm_strerror(gdbm_errno));
return RLM_MODULE_FAIL;
}
DEBUG("rlm_counter: New value stored successfully");
return RLM_MODULE_OK;
}
/*
* Find the named user in this modules database. Create the set
* of attribute-value pairs to check and reply with for this user
* from the database. The authentication code only needs to check
* the password, the rest is done here.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void *instance, UNUSED REQUEST *request)
{
rlm_counter_t *inst = instance;
rlm_rcode_t rcode = RLM_MODULE_NOOP;
datum key_datum;
datum count_datum;
rad_counter counter;
VALUE_PAIR *key_vp, *check_vp;
VALUE_PAIR *reply_item;
char msg[128];
/*
* Before doing anything else, see if we have to reset
* the counters.
*/
if (inst->reset_time && (inst->reset_time <= request->timestamp)) {
rlm_rcode_t rcode2;
inst->last_reset = inst->reset_time;
find_next_reset(inst,request->timestamp);
pthread_mutex_lock(&inst->mutex);
rcode2 = reset_db(inst);
pthread_mutex_unlock(&inst->mutex);
if (rcode2 != RLM_MODULE_OK) {
return rcode2;
}
}
/*
* Look for the key. User-Name is special. It means
* The REAL username, after stripping.
*/
DEBUG2("rlm_counter: Entering module authorize code");
key_vp = (inst->key_attr->attr == PW_USER_NAME) ? request->username :
pair_find_by_da(request->packet->vps, inst->key_attr, TAG_ANY);
if (!key_vp) {
DEBUG2("rlm_counter: Could not find Key value pair");
return rcode;
}
/*
* Look for the check item
*/
if ((check_vp = pair_find_by_da(request->config_items, inst->check_attr, TAG_ANY)) == NULL) {
DEBUG2("rlm_counter: Could not find Check item value pair");
return rcode;
}
ASSIGN(key_datum.dptr, key_vp->vp_strvalue);
key_datum.dsize = key_vp->length;
/*
* Init to be sure
*/
counter.user_counter = 0;
DEBUG("rlm_counter: Searching the database for key '%s'",key_vp->vp_strvalue);
pthread_mutex_lock(&inst->mutex);
count_datum = gdbm_fetch(inst->gdbm, key_datum);
pthread_mutex_unlock(&inst->mutex);
if (count_datum.dptr != NULL) {
DEBUG("rlm_counter: Key Found");
memcpy(&counter, count_datum.dptr, sizeof(rad_counter));
free(count_datum.dptr);
}
else
DEBUG("rlm_counter: Could not find the requested key in the database");
/*
* Check if check item > counter
*/
DEBUG("rlm_counter: Check item = %d, Count = %d",check_vp->vp_integer,counter.user_counter);
if (check_vp->vp_integer > counter.user_counter) {
unsigned int res;
res = check_vp->vp_integer - counter.user_counter;
DEBUG("rlm_counter: res is greater than zero");
if (inst->count_attr->attr == PW_ACCT_SESSION_TIME) {
/*
* Do the following only if the count attribute is
* AcctSessionTime
*/
/*
* We are assuming that simultaneous-use=1. But
* even if that does not happen then our user
* could login at max for 2*max-usage-time Is
* that acceptable?
*/
/*
* User is allowed, but set Session-Timeout.
* Stolen from main/auth.c
*/
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
* Before that set the return value to the time
* remaining to next reset
*/
if (inst->reset_time && (res >= (inst->reset_time - request->timestamp))) {
res = inst->reset_time - request->timestamp;
res += check_vp->vp_integer;
}
reply_item = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer > res) {
reply_item->vp_integer = res;
}
} else {
reply_item = radius_paircreate(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
reply_item->vp_integer = res;
}
} else if (inst->reply_attr) {
reply_item = pair_find_by_da(request->reply->vps, inst->reply_attr, TAG_ANY);
if (reply_item) {
if (reply_item->vp_integer > res) {
reply_item->vp_integer = res;
}
} else {
reply_item = radius_paircreate(request->reply, &request->reply->vps, inst->reply_attr->attr,
inst->reply_attr->vendor);
reply_item->vp_integer = res;
}
}
rcode = RLM_MODULE_OK;
DEBUG2("rlm_counter: (Check item - counter) is greater than zero");
DEBUG2("rlm_counter: Authorized user %s, check_item=%d, counter=%d",
key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
DEBUG2("rlm_counter: Sent Reply-Item for user %s, Type=Session-Timeout, value=%d", key_vp->vp_strvalue,res);
} else {
/*
* User is denied access, send back a reply message
*/
sprintf(msg, "Your maximum %s usage time has been reached", inst->reset);
pairmake_reply("Reply-Message", msg, T_OP_EQ);
REDEBUG("Maximum %s usage time reached", inst->reset);
rcode = RLM_MODULE_REJECT;
DEBUG2("rlm_counter: Rejected user %s, check_item=%d, counter=%d",
key_vp->vp_strvalue,check_vp->vp_integer,counter.user_counter);
}
return rcode;
}
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
rlm_counter_t *inst = instance;
DICT_ATTR const *da;
DICT_VALUE *dval;
ATTR_FLAGS flags;
time_t now;
int cache_size;
int ret;
datum key_datum;
datum time_datum;
char const *default1 = "DEFAULT1";
char const *default2 = "DEFAULT2";
cache_size = inst->cache_size;
da = dict_attrbyname(inst->key_name);
rad_assert(da != NULL);
inst->key_attr = da;
/*
* Discover the attribute number of the counter.
*/
da = dict_attrbyname(inst->count_attribute);
rad_assert(da != NULL);
inst->count_attr = da;
/*
* Discover the attribute number of the reply attribute.
*/
if (inst->reply_name != NULL) {
da = dict_attrbyname(inst->reply_name);
if (!da) {
cf_log_err_cs(conf, "No such attribute %s", inst->reply_name);
return -1;
}
if (da->type != PW_TYPE_INTEGER) {
cf_log_err_cs(conf, "Reply attribute' %s' is not of type integer", inst->reply_name);
return -1;
}
inst->reply_attr = da;
} else {
inst->reply_attr = NULL;
}
/*
* Create a new attribute for the counter.
*/
rad_assert(inst->counter_name && *inst->counter_name);
memset(&flags, 0, sizeof(flags));
if (dict_addattr(inst->counter_name, -1, 0, PW_TYPE_INTEGER, flags) < 0) {
ERROR("rlm_counter: Failed to create counter attribute %s: %s", inst->counter_name, fr_strerror());
return -1;
}
da = dict_attrbyname(inst->counter_name);
if (!da) {
cf_log_err_cs(conf, "Failed to find counter attribute %s", inst->counter_name);
return -1;
}
inst->dict_attr = da;
DEBUG2("rlm_counter: Counter attribute %s is number %d", inst->counter_name, inst->dict_attr->attr);
/*
* Create a new attribute for the check item.
*/
rad_assert(inst->check_name && *inst->check_name);
if (dict_addattr(inst->check_name, -1, 0, PW_TYPE_INTEGER, flags) < 0) {
ERROR("rlm_counter: Failed to create check attribute %s: %s", inst->counter_name, fr_strerror());
return -1;
}
da = dict_attrbyname(inst->check_name);
if (!da) {
ERROR("rlm_counter: Failed to find check attribute %s", inst->counter_name);
return -1;
}
inst->check_attr = da;
/*
* Find the attribute for the allowed protocol
*/
if (inst->service_type != NULL) {
if ((dval = dict_valbyname(PW_SERVICE_TYPE, 0, inst->service_type)) == NULL) {
ERROR("rlm_counter: Failed to find attribute number for %s", inst->service_type);
return -1;
}
inst->service_val = dval->value;
}
/*
* Find when to reset the database.
*/
rad_assert(inst->reset && *inst->reset);
now = time(NULL);
inst->reset_time = 0;
inst->last_reset = now;
if (find_next_reset(inst,now) == -1) {
ERROR("rlm_counter: find_next_reset() returned -1. Exiting");
return -1;
}
{
char *filename;
memcpy(&filename, &inst->filename, sizeof(filename));
inst->gdbm = gdbm_open(filename, sizeof(int), GDBM_NEWDB | GDBM_COUNTER_OPTS, 0600, NULL);
}
if (!inst->gdbm) {
ERROR("rlm_counter: Failed to open file %s: %s", inst->filename, fr_syserror(errno));
return -1;
}
if (gdbm_setopt(inst->gdbm, GDBM_CACHESIZE, &cache_size, sizeof(cache_size)) == -1) {
ERROR("rlm_counter: Failed to set cache size");
}
/*
* Look for the DEFAULT1 entry. This entry if it exists contains the
* time of the next database reset. This time is set each time we reset
* the database. If next_reset < now then we reset the database.
* That way we can overcome the problem where radiusd is down during a database
* reset time. If we did not keep state information in the database then the reset
* would be extended and that would create problems.
*
* We also store the time of the last reset in the DEFAULT2 entry.
*
* If DEFAULT1 and DEFAULT2 do not exist (new database) we add them to the database
*/
memcpy(&key_datum.dptr, &default1, sizeof(key_datum.dptr));
key_datum.dsize = strlen(key_datum.dptr);
time_datum = gdbm_fetch(inst->gdbm, key_datum);
if (time_datum.dptr != NULL) {
time_t next_reset = 0;
memcpy(&next_reset, time_datum.dptr, sizeof(time_t));
free(time_datum.dptr);
time_datum.dptr = NULL;
if (next_reset && next_reset <= now) {
inst->last_reset = now;
ret = reset_db(inst);
if (ret != RLM_MODULE_OK) {
ERROR("rlm_counter: reset_db() failed");
return -1;
}
} else {
inst->reset_time = next_reset;
}
memcpy(&key_datum.dptr, &default2, sizeof(key_datum.dptr));
key_datum.dsize = strlen(key_datum.dptr);
time_datum = gdbm_fetch(inst->gdbm, key_datum);
if (time_datum.dptr != NULL) {
memcpy(&inst->last_reset, time_datum.dptr, sizeof(time_t));
free(time_datum.dptr);
}
} else {
ret = add_defaults(inst);
if (ret != RLM_MODULE_OK) {
ERROR("rlm_counter: add_defaults() failed");
return -1;
}
}
/*
* Register the counter comparison operation.
* FIXME: move all attributes to DA
*/
paircompare_register(inst->dict_attr, NULL, true, counter_cmp, inst);
/*
* Init the mutex
*/
pthread_mutex_init(&inst->mutex, NULL);
return 0;
}
