proposal and patch for time unit in rlm_sqlcounter.c

Markus Krause krause at biochem.mpg.de
Fri Dec 16 16:07:35 CET 2005


hello freeradius developers,

let me introduce myself first so you know who is talking here ;-)
my name is markus an i am currently working on a radius-related project at the
max-planck-institute of biochemistry in martinsried/munich/germany. the aim of
the project is to get more control over the network access of the ~900 users
and >1200 devices.

an important part of the project is to allow access to our guests and visitors
to parts of our network, of course only with username and password, and do some
logging. the idea is that guests get an account and a password which they can
use for a period of one to seven days (according to setup). to achieve this i
am using the sqlcounter module using the following query:

query = "SELECT TO_DAYS(NOW()) - MIN(TO_DAYS(AcctStartTime)) FROM radacct WHERE
UserName = '%{%k}' LIMIT 1";

this actually works very well, a user logs in and is allowed to access to the
network until the date changes e.g. the second time if he is allowed access for
two days. but as i am saving the days as "days" in the mysql database, i run
into trouble with "Session-Timeout" because rlm_sqlcounter assumes that the
query returns seconds and the user gets a session timeout of the remaining days
as seconds (a value between 1 and 7!). putting the day limit as seconds into
the database does (in my case/opinion) not make any sense here.

as i posted a question about this some two months ago to the freeradius users
list unfortunately nobody had a solution available, but i can remember several
answers (to the list an by private mail) that this feature would be nice!

so i finaly tried some coding today and now here is my proposal:

add an optional parameter 'timeunit' to sqlcounter.conf that represents the time
unit used in the query and the check value (in the sql db), my config then
reads:

+++++ /etc/raddb/sqlcounter.conf
sqlcounter shorttermaccounts {
        counter-name = Short-Term-Account
        check-name = Max-Days-Passed
        sqlmod-inst = sql
        key = User-Name
        reset = never
        timeunit = days
        query = "SELECT TO_DAYS(NOW()) - MIN(TO_DAYS(AcctStartTime)) FROM
radacct WHERE UserName = '%{%k}' LIMIT 1";
}
----- /etc/raddb/sqlcounter.conf

in rlm_sqlcounter.c i added some lines which (if 'timeunit' is set) multiply the
value of 'res' (i assume this is the remaining time of allowd success) by an
appropriate value to get seconds. in this case Session-Timeout is returned
"correctly".

the code for this is (definitions and config items left out, i put them in the
diff file created with 'diff -Naur' in the attachement):

+++++ part of rlm_sqlcounter.c (approx. starting at line 616)
        /*
         * Check if check item > counter
         */

        res=check_vp->lvalue - counter;

        if( data->timeunit != NULL ) {
                if(strcmp(data->timeunit, "minutes") == 0 ) {
                        timemultiplier = 60;
                } else if(strcmp(data->timeunit, "hours") == 0 ) {
                        timemultiplier = 3600;
                } else if(strcmp(data->timeunit, "days") == 0 ) {
                        timemultiplier = 86400;
                } else if(strcmp(data->timeunit, "weeks") == 0 ) {
                        timemultiplier = 604800;
                } else {
                        radlog(L_ERR, "rlm_sqlcounter: Unknown value for timeuni
t \"%s\" in sqlcounter.conf", data->timeunit);
                        return -1;
                }
        }

        if( timemultiplier)
                 res *= timemultiplier;

        if (res > 0) {
----- end part of rlm_sqlcounter.c

i ran several tests and it is also working with different queries (like the ones
in the doc)

there surely are other and certainly better ways to achieve this (and i do not
have an idea if this type of code (style, variable names etc.) does fit into
the "philosophie" of freeradius) so any feedback is welcome!) but as it seems
that nobody has made a proposal for this yet, what do think about it? as i got
some mails that others may need this too what are the chances that something
like this will be added to the freeradius code?

hoping for many feedback! ;-)

with best regards,
  markus

--
Markus Krause                           email: krause at biochem.mpg.de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

---------------------------------------------------------------------
     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rlm_sqlcounter_patch_for_timeunit.diff
Type: text/diff
Size: 1903 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20051216/3829b49d/attachment.bin>


More information about the Freeradius-Devel mailing list