Patch: support for custom simultaneous-use reply-message

Josh Howlett josh.howlett at bristol.ac.uk
Mon Jul 10 12:35:58 CEST 2006


I'm re-sending this patch, because I attached the patch previously 
rather than sending in-line.

This patch allows sending a custom reply-message in the event of 
simultaneous-use. It defines a two new internal attributes 
(SIMULTANEOUS_REPLY_MESSAGE_ONCE and 
SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE) which hold the Reply-Message values 
and two new global config options to define the default values of these 
attributes. These attributes can be defined as configuration items in 
the user database to allow per-user messages.

best regards, josh.

--- freeradius-1.1.2/src/main/auth.c    2005-10-31 17:59:21.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/src/main/auth.c      2006-07-07 
10:39:18.000000000 +0100
@@ -733,12 +733,25 @@
                         }
                         if (!mpp_ok){
                                 if (check_item->lvalue > 1) {
-                               snprintf(umsg, sizeof(umsg),
-                                                       "\r\nYou are 
already logged in %d times  - access denied\r\n\n",
- 
(int)check_item->lvalue);
-                                       user_msg = umsg;
+                                       /*
+                                        * Use a Reply-Message 
appropriate for reporting single session concurrency
+                                        */
+                                       tmp = 
pairfind(request->reply->vps, PW_SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE);
+                                       if ( tmp != NULL ){
+                                               user_msg = strdup((char 
*)tmp->strvalue);
+                                       } else {
+                                               user_msg = 
mainconfig.simul_reply_message_multiple;
+                                       }
                                 } else {
-                                       user_msg = "\r\nYou are already 
logged in - access denied\r\n\n";
+                                       /*
+                                        * Use a Reply-Message 
appropriate for reporting multiple session concurrency
+                                        */
+                                       tmp = 
pairfind(request->reply->vps, PW_SIMULTANEOUS_REPLY_MESSAGE_ONCE);
+                                       if ( tmp != NULL ){
+                                               user_msg = strdup((char 
*)tmp->strvalue);
+                                       } else {
+                                               user_msg = 
mainconfig.simul_reply_message_once;
+                                       }
                                 }

                                 request->reply->code = 
PW_AUTHENTICATION_REJECT;
@@ -751,6 +764,20 @@
                                 tmp = pairmake("Reply-Message", 
user_msg, T_OP_SET);
                                 request->reply->vps = tmp;

+                               /*
+                                *      Xlat the Reply-Message.
+                                *      This is also done for 
Access-Accepts at line 1000,
+                                *      perhaps the code should be 
refactored to avoid
+                                *      this special case?
+                                */
+
+                               reply_item = 
pairfind(request->reply->vps, PW_REPLY_MESSAGE);
+                               radius_xlat(buf, 
sizeof(reply_item->strvalue),
+                                           (char 
*)reply_item->strvalue, request, NULL);
+                               strNcpy((char *)reply_item->strvalue, buf,
+                                       sizeof(reply_item->strvalue));
+                               reply_item->length = strlen((char 
*)reply_item->strvalue);
+
                                 snprintf(logstr, sizeof(logstr), 
"Multiple logins (max %d) %s",
                                         check_item->lvalue,
                                         r == 2 ? "[MPP attempt]" : "");
--- freeradius-1.1.2/src/main/mainconfig.c      2006-04-18 
18:26:26.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/src/main/mainconfig.c 
2006-07-07 13:35:07.000000000 +0100
@@ -138,6 +138,8 @@
         { "nospace_user", PW_TYPE_STRING_PTR, 0, 
&mainconfig.do_nospace_user, "no" },
         { "nospace_pass", PW_TYPE_STRING_PTR, 0, 
&mainconfig.do_nospace_pass, "no" },
         { "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, 
"${sbindir}/checkrad" },
+       { "simul_reply_message_once", PW_TYPE_STRING_PTR, 0, 
&mainconfig.simul_reply_message_once, "\r\nDear %{User-Name}, you are 
already logged in - access denied\r\n\n" },
+       { "simul_reply_message_multiple", PW_TYPE_STRING_PTR, 0, 
&mainconfig.simul_reply_message_multiple, "\r\nDear %{User-Name}, you 
are already logged in %{check:Simultaneous-Use} times - access 
denied\r\n\n" },
         { "proxy_requests", PW_TYPE_BOOLEAN, 0, 
&mainconfig.proxy_requests, "yes" },
         { "proxy", PW_TYPE_SUBSECTION, 0, proxy_config, NULL },
         { "security", PW_TYPE_SUBSECTION, 0, security_config, NULL },
--- freeradius-1.1.2/share/dictionary.freeradius.internal 
2006-03-07 18:10:09.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/share/dictionary.freeradius.internal 
2006-07-05 14:54:07.000000000 +0100
@@ -66,6 +66,8 @@
  ATTRIBUTE      User-Category                           1029    string
  ATTRIBUTE      Group-Name                              1030    string
  ATTRIBUTE      Huntgroup-Name                          1031    string
+ATTRIBUTE      Simultaneous-Reply-Message-Once         1032    string
+ATTRIBUTE      Simultaneous-Reply-Message-Multiple     1033    string
  ATTRIBUTE      Simultaneous-Use                        1034    integer
  ATTRIBUTE      Strip-User-Name                         1035    integer
  ATTRIBUTE      Hint                                    1040    string
--- freeradius-1.1.2/src/include/radius.h       2006-03-07 
18:10:08.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/src/include/radius.h 2006-07-05 
14:21:03.000000000 +0100
@@ -143,6 +143,8 @@
  #define PW_USER_CATEGORY               1029
  #define PW_GROUP_NAME                  1030
  #define PW_HUNTGROUP_NAME              1031
+#define PW_SIMULTANEOUS_REPLY_MESSAGE_ONCE     1032
+#define PW_SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE 1033
  #define PW_SIMULTANEOUS_USE            1034
  #define PW_STRIP_USER_NAME             1035
  #define PW_HINT                                1040
--- freeradius-1.1.2/raddb/radiusd.conf.in      2006-04-20 
19:40:29.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/raddb/radiusd.conf.in 
2006-07-07 11:52:46.000000000 +0100
@@ -352,6 +352,18 @@
  nospace_user = no
  nospace_pass = no

+# simul_reply_message_once / simul_reply_message_multiple:
+#
+# The default values to use for the Reply-Message attribute
+# returned if session concurrency is detected. These can be
+# over-ridden with the Simultaneous-Reply-Use-Once and
+# Simultaneous-Reply-Message-Multiple reply attributes.
+#
+# The message to return if only a single session is permitted.
+simul_reply_message_once = "\r\nDear %{User-Name}, you are already 
logged in - access denied\r\n\n"
+# The message to return is more than one sessions are permitted.
+simul_reply_message_multiple = "\r\nDear %{User-Name}, you are already 
logged in %{check:Simultaneous-Use} times - access denied\r\n\n"
+
  #  The program to execute to do concurrency checks.
  checkrad = ${sbindir}/checkrad

--- freeradius-1.1.2/src/include/radiusd.h      2005-04-12 
00:45:21.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/src/include/radiusd.h 
2006-07-05 12:50:57.000000000 +0100
@@ -209,6 +209,8 @@
         char            *nospace_time;
         char            *log_file;
         char            *checkrad;
+       char            *simul_reply_message_once;
+       char            *simul_reply_message_multiple;
         const char      *pid_file;
         const char      *uid_name;
         const char      *gid_name;



More information about the Freeradius-Devel mailing list