NotBefore and Epiration (was Temporary Accounts), Enhancement proposal

Thibault Le Meur Thibault.LeMeur at supelec.fr
Mon Dec 11 12:58:17 CET 2006


I post here a cleaner solution to my need, and propose the opportunity to
have an even better way to code this (but requires a patch).

The Goal
========
I wanted to be able to manage temporary accounts for guests:
* these accounts are created in advance, but mustn't be valid before a given
date
* these account have an expiration date
* these account must be valid within a given time range

One current solution to achieve this
====================================
The current solution is to create a local String attribute (3000<id<4000) in
the dictionary file /etc/raddb/dictionary:
ATTRIBUTE       My-Local-NotBefore      3000    string

Then in the hint file, I add the current date to the request (for my NAS
192.168.1.1):
DEFAULT NAS-IP-ADDRESS == 192.168.1.1
         My-Local-NotBefore = `%D`

In the users file, I add the 'Myuser' user, who can log in within the
following time range '12 Dec to 13 Dec 2006, from 8AM to 9 PM':
Myuser  NAS-IP-Address == 192.168.1.1, Auth-Type = Local, User-Password ==
MyPass, My-Local-NotBefore >= 20061212, Login-Time := 'Wk0800-2100',
Expiration := "14 Dec 2006"
        Fall-Through = no


It is working, but is just a pity that the NotBefore and Expiration part are
not handled the same way, though beeing quite similar.

Enhancement proposal
====================

Why not implement the NotBefore part in the FR server code as it is already
done for Expiration ?

It would require (AFAIK):
* Adding an offical "NotBefore" internal freeradius dictionary
* Add a "#define PW_NOTBEFORE" definition in include/radius.h
* Add a time check to the "check_expiration" function in main/auth.c
* Optionnal ??? Add a notbeforecmp function and a  "paircompare_register"
call to main/valuepair.c ????

However, I had no report so far that this could prove to be useful to
someone else, so I wonder if It is worth implementing.

If you think this could be useful, I'll try to propose a patch.

Thibault








More information about the Freeradius-Users mailing list