Patch: support for custom simultaneous-use reply-message
Josh Howlett
josh.howlett at bristol.ac.uk
Mon Jul 10 12:35:58 CEST 2006
I'm re-sending this patch, because I attached the patch previously
rather than sending in-line.
This patch allows sending a custom reply-message in the event of
simultaneous-use. It defines a two new internal attributes
(SIMULTANEOUS_REPLY_MESSAGE_ONCE and
SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE) which hold the Reply-Message values
and two new global config options to define the default values of these
attributes. These attributes can be defined as configuration items in
the user database to allow per-user messages.
best regards, josh.
--- freeradius-1.1.2/src/main/auth.c 2005-10-31 17:59:21.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/src/main/auth.c 2006-07-07
10:39:18.000000000 +0100
@@ -733,12 +733,25 @@
}
if (!mpp_ok){
if (check_item->lvalue > 1) {
- snprintf(umsg, sizeof(umsg),
- "\r\nYou are
already logged in %d times - access denied\r\n\n",
-
(int)check_item->lvalue);
- user_msg = umsg;
+ /*
+ * Use a Reply-Message
appropriate for reporting single session concurrency
+ */
+ tmp =
pairfind(request->reply->vps, PW_SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE);
+ if ( tmp != NULL ){
+ user_msg = strdup((char
*)tmp->strvalue);
+ } else {
+ user_msg =
mainconfig.simul_reply_message_multiple;
+ }
} else {
- user_msg = "\r\nYou are already
logged in - access denied\r\n\n";
+ /*
+ * Use a Reply-Message
appropriate for reporting multiple session concurrency
+ */
+ tmp =
pairfind(request->reply->vps, PW_SIMULTANEOUS_REPLY_MESSAGE_ONCE);
+ if ( tmp != NULL ){
+ user_msg = strdup((char
*)tmp->strvalue);
+ } else {
+ user_msg =
mainconfig.simul_reply_message_once;
+ }
}
request->reply->code =
PW_AUTHENTICATION_REJECT;
@@ -751,6 +764,20 @@
tmp = pairmake("Reply-Message",
user_msg, T_OP_SET);
request->reply->vps = tmp;
+ /*
+ * Xlat the Reply-Message.
+ * This is also done for
Access-Accepts at line 1000,
+ * perhaps the code should be
refactored to avoid
+ * this special case?
+ */
+
+ reply_item =
pairfind(request->reply->vps, PW_REPLY_MESSAGE);
+ radius_xlat(buf,
sizeof(reply_item->strvalue),
+ (char
*)reply_item->strvalue, request, NULL);
+ strNcpy((char *)reply_item->strvalue, buf,
+ sizeof(reply_item->strvalue));
+ reply_item->length = strlen((char
*)reply_item->strvalue);
+
snprintf(logstr, sizeof(logstr),
"Multiple logins (max %d) %s",
check_item->lvalue,
r == 2 ? "[MPP attempt]" : "");
--- freeradius-1.1.2/src/main/mainconfig.c 2006-04-18
18:26:26.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/src/main/mainconfig.c
2006-07-07 13:35:07.000000000 +0100
@@ -138,6 +138,8 @@
{ "nospace_user", PW_TYPE_STRING_PTR, 0,
&mainconfig.do_nospace_user, "no" },
{ "nospace_pass", PW_TYPE_STRING_PTR, 0,
&mainconfig.do_nospace_pass, "no" },
{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad,
"${sbindir}/checkrad" },
+ { "simul_reply_message_once", PW_TYPE_STRING_PTR, 0,
&mainconfig.simul_reply_message_once, "\r\nDear %{User-Name}, you are
already logged in - access denied\r\n\n" },
+ { "simul_reply_message_multiple", PW_TYPE_STRING_PTR, 0,
&mainconfig.simul_reply_message_multiple, "\r\nDear %{User-Name}, you
are already logged in %{check:Simultaneous-Use} times - access
denied\r\n\n" },
{ "proxy_requests", PW_TYPE_BOOLEAN, 0,
&mainconfig.proxy_requests, "yes" },
{ "proxy", PW_TYPE_SUBSECTION, 0, proxy_config, NULL },
{ "security", PW_TYPE_SUBSECTION, 0, security_config, NULL },
--- freeradius-1.1.2/share/dictionary.freeradius.internal
2006-03-07 18:10:09.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/share/dictionary.freeradius.internal
2006-07-05 14:54:07.000000000 +0100
@@ -66,6 +66,8 @@
ATTRIBUTE User-Category 1029 string
ATTRIBUTE Group-Name 1030 string
ATTRIBUTE Huntgroup-Name 1031 string
+ATTRIBUTE Simultaneous-Reply-Message-Once 1032 string
+ATTRIBUTE Simultaneous-Reply-Message-Multiple 1033 string
ATTRIBUTE Simultaneous-Use 1034 integer
ATTRIBUTE Strip-User-Name 1035 integer
ATTRIBUTE Hint 1040 string
--- freeradius-1.1.2/src/include/radius.h 2006-03-07
18:10:08.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/src/include/radius.h 2006-07-05
14:21:03.000000000 +0100
@@ -143,6 +143,8 @@
#define PW_USER_CATEGORY 1029
#define PW_GROUP_NAME 1030
#define PW_HUNTGROUP_NAME 1031
+#define PW_SIMULTANEOUS_REPLY_MESSAGE_ONCE 1032
+#define PW_SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE 1033
#define PW_SIMULTANEOUS_USE 1034
#define PW_STRIP_USER_NAME 1035
#define PW_HINT 1040
--- freeradius-1.1.2/raddb/radiusd.conf.in 2006-04-20
19:40:29.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/raddb/radiusd.conf.in
2006-07-07 11:52:46.000000000 +0100
@@ -352,6 +352,18 @@
nospace_user = no
nospace_pass = no
+# simul_reply_message_once / simul_reply_message_multiple:
+#
+# The default values to use for the Reply-Message attribute
+# returned if session concurrency is detected. These can be
+# over-ridden with the Simultaneous-Reply-Use-Once and
+# Simultaneous-Reply-Message-Multiple reply attributes.
+#
+# The message to return if only a single session is permitted.
+simul_reply_message_once = "\r\nDear %{User-Name}, you are already
logged in - access denied\r\n\n"
+# The message to return is more than one sessions are permitted.
+simul_reply_message_multiple = "\r\nDear %{User-Name}, you are already
logged in %{check:Simultaneous-Use} times - access denied\r\n\n"
+
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
--- freeradius-1.1.2/src/include/radiusd.h 2005-04-12
00:45:21.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/src/include/radiusd.h
2006-07-05 12:50:57.000000000 +0100
@@ -209,6 +209,8 @@
char *nospace_time;
char *log_file;
char *checkrad;
+ char *simul_reply_message_once;
+ char *simul_reply_message_multiple;
const char *pid_file;
const char *uid_name;
const char *gid_name;
More information about the Freeradius-Devel
mailing list