Opposite of Expiraton attribute?

Phil Mayers p.mayers at imperial.ac.uk
Sat Jun 18 09:03:55 CEST 2011 

On 06/17/2011 11:50 PM, Matthew George wrote:
> Using logintime I cannot specify a date and time, its uucp.
>
> I need to be able to specify a date and time. I'm curious as to why the
> "Date" attribute does not exist.
>
> None the less, I still need to get this working even if it involves me
> having to pay someone.

I can think of a few ways of doing this; you probably don't need to pay 
someone. At the end of the day, it's just an attribute comparison. All 
you need to do is make sure the attributes are populated.

Can you be a bit more specific about where you want to read the validity 
range from, and how you want to do the comparisons? Are they stored in 
SQL or LDAP for example? What format are they stored in?

Here's an example of how you could implement it yourself, using unix 
timestamps read from a file, and integer comparisons:

raddb/dictionary:

ATTRIBUTE	Account-Starttime	3000 integer
ATTRIBUTE	Account-Endtime		3001 integer
ATTRIBUTE	Current-Time		3002 integer

raddb/policy.conf:

policy {
   check_validity {
     update control {
       Current-Time := "%l"
     }
     if (Account-Starttime > control:Current-Time) {
       update reply {
         Reply-Message := "account not yet active"
       }
       reject
     }
     if (Account-Endtime < control:Current-Time) {
       update reply {
         Reply-Message := "account no longer active"
       }
       reject
     }
   }
}

raddb/modules/start_end_time:

passwd start_end_time {
   # Entries in this file are of the format:
   #
   # username:epochstart:epochend
   #
   # date -d "$THEDATE" +%s can be used to convert strings
   # to epoch at the unix shell

   filename = ${raddbdir}/start_end
   format = "*User-Name:~Account-Starttime:~Account-Endtime"
}

raddb/sites-enabled/xxx:

authorize {
   ....
   # read the validity from file
   start_end_time
   # check it
   check_validity
   ...
}


But there are probably very many ways of doing this. If you can be more 
specific, I or others can make more suggestions, but better would be to 
break the problem down into parts, then look at the tools FreeRADIUS 
gives you (namely - lots of ways to populate attributes from data 
sources, and lots of ways to compare them) and factor a solution.

More information about the Freeradius-Users mailing list