# Create links for default modules
for mod in always attr_filter cache_eap chap client \
delay detail detail.log digest eap \
- eap_inner echo exec files linelog logintime \
+ eap_inner echo exec files linelog \
mschap ntlm_auth pap pam passwd radutmp \
sradutmp stats unix unpack utf8 ; do
if test ! -h /etc/freeradius/mods-enabled/$mod && \
** found some useful attributes associated with that user
*** the password which it placed into `control.Password.With-Header`
*** as RADIUS attributes were changed, it returns `updated` as a result code to unlang
- . the modules `expiration` and `logintime` were used, but both had no effect (`noop`)
. the module `pap` was used
** it found a suitable password to use in `&Password.With-Header`
*** populates `&control.Password.Cleartext`
(0) ldap - Released connection (0)
(0) ldap (ok)
(0) expiration (noop)
-(0) logintime (noop)
(0) pap - WARNING: No "known good" password found for the user. Not setting Auth-Type
(0) pap - WARNING: Authentication will fail unless a "known good" password is available
(0) pap (noop)
** found `uid=john,ou=people,dc=example,dc=com`
** did *not* find any useful attributes associated with that user
** module was successful in operation, but changed no RADIUS attributes so returns `ok`
- . the modules `expiration` and `logintime` were used, but both had no effect (`noop`)
+ . the module `expiration` was used, but it had no effect (`noop`)
. the module `pap` was used
** it finds no suitable password RADIUS attributes to use
** as it makes no changes, the module returns `noop`
(0) } # update (noop)
(0) } # if ((ok || updated) && &User-Password) (noop)
(0) expiration (noop)
-(0) logintime (noop)
(0) pap - WARNING: No "known good" password found for the user. Not setting Auth-Type
(0) pap - WARNING: Authentication will fail unless a "known good" password is available
(0) pap (noop)
** did *not* find any useful attributes associated with that user
** module was successful in operation, but changed no RADIUS attributes so returns `ok`
. `&control.Auth-Type := ldap` was set as the `ldap` module was successful in finding a user
- . the modules `expiration` and `logintime` were used, but both had no effect (`noop`)
+ . the module `expiration` was used, but it had no effect (`noop`)
. the module `pap` was used
** it finds no suitable password RADIUS attributes to use
** as it makes no changes, the module returns `noop`
functionality. As a result, we have simplified the server by removing
duplicate functionality.
+== rlm_logintime
+
+This module was poorly documented, and it appears that no one was using it.
+
+The attributes `Time-Of-Day`, `Login-Time`, and `Current-Time` have
+also been removed. Any configuration which tries to use them will
+result in an error.
+
== Deleted Functionality
The `Response-Packet-Type` attribute has been removed. Please replace
*** xref:mods-available/krb5.adoc[Kerberos Module]
*** xref:mods-available/ldap.adoc[LDAP (Lightweight Directory Access Protocol) Module]
*** xref:mods-available/linelog.adoc[Linelog Module]
-*** xref:mods-available/logintime.adoc[Login time Module]
*** xref:mods-available/logtee.adoc[Logtee Module]
*** xref:mods-available/lua.adoc[Lua Module]
*** xref:mods-available/mac2ip.adoc[Mac2IP Module]
| xref:mods-available/escape.adoc[escape] | Escapes and unescapes strings using the MIME escape format
| xref:mods-available/idn.adoc[idn] | Converts internationalized domain names to ASCII.
| xref:mods-available/json.adoc[json] | Parses JSON strings into an in memory format using the json-c library.
-| xref:mods-available/logintime.adoc[logintime] | Enforces the time span during which a user may login to the system.
| xref:mods-available/sometimes.adoc[sometimes] | Is a hashing and distribution protocol, that will sometimes return one code or another depending on the input value
configured.
| xref:mods-available/sqlcounter.adoc[sqlcounter] | Records statistics for users such as data transfer and session time, and prevent further logins when limits are reached.
+++ /dev/null
-
-
-
-
-= Login time Module
-
-The `logintime` module handles the `Login-Time`, `Current-Time`,
-and `Time-Of-Day` attributes.
-
-It should be included in the *end* of the `recv Access-Request`
-section in order to handle `Login-Time` checks.
-
-When the `Login-Time` attribute is set to some value, and the user
-has been permitted to log in, the `link:https://freeradius.org/rfc/rfc2865.html#Session-Timeout[Session-Timeout]` will be
-calculated based on the remaining time. Note that this is a
- *maximum* value. If another module sets `link:https://freeradius.org/rfc/rfc2865.html#Session-Timeout[Session-Timeout]` to a
-lower value, the `logintime` module will not increase its value.
-
-
-
-## Configuration Settings
-
-
-minimum_timeout::
-
-The minimum timeout (in seconds) a user is allowed
-to have. If the calculated timeout is lower we don't
-allow the login.
-
-NOTE: Some NAS do not handle values lower than 60 seconds.
-They will either ignore the result, or set it to some
-larger value.
-
-Default is `60`.
-
-
-
-== Default Configuration
-
-```
-logintime {
- minimum_timeout = 60
-}
-```
-.Please see the link:../mods-available/expiration.adoc[mods-available/expiration] for full documentation.
-
-
-
-.Please see the link:../mods-available/logintime.adoc[mods-available/logintime] for full documentation.
+.Please see the link:../../../../../../mods-available/expiration.adoc[mods-available/expiration] for full documentation.
ok = return
}
expiration
- logintime
}
authenticate eap {
eap
configurations These references serve as place-holders, and as
documentation. If you need the functionality of that module, then:
- * configure the module in link:../mods-available/index.adoc[mods-available/]
+ * configure the module in link:../../../../../../mods-available/index.adoc[mods-available/]
* enable the module in `mods-enabled`. e.g. for LDAP, do: `cd mods-enabled;ln -s ../mods-available/ldap`
* uncomment the references to it in this file.
Uncomment the next bit in order to have a log of
authentication requests. For more information, see
-link:../mods-available/detail.log.adoc[mods-available/detail.log].
+link:../../../../../../mods-available/detail.log.adoc[mods-available/detail.log].
-Look at the `Login-Time` attribute and reject if the user
-is not allowed access at the present time. Otherwise,
-set `link:https://freeradius.org/rfc/rfc2865.html#Session-Timeout[Session-Timeout]` to the end of the permitted time span.
-
-
-
The `pap` module will set `Auth-Type := PAP` if the
packet contains a `link:https://freeradius.org/rfc/rfc2865.html#User-Password[User-Password]` attribute. The module
does this only if the `Auth-Type` attribute has not already
The `Auth-Type` attribute would need to be set to
`proxy-example.com`. The home servers MUST be defined in
-link:../mods-available/radius.adoc[mods-available/radius].
+link:../../../../../../mods-available/radius.adoc[mods-available/radius].
If you want to have a log of authentication replies,
uncomment the following line. This is defined in
-link:../mods-available/detail.log.adoc[mods-available/detail.log].
+link:../../../../../../mods-available/detail.log.adoc[mods-available/detail.log].
You may want to delete the `MS-MPPE-*-Keys` from the
reply, as some WiMAX clients behave badly when those
attributes are included. See the configuration entry
-`delete_mppe_keys` in link:../mods-available/wimax.adoc[mods-available/wimax] for
+`delete_mppe_keys` in link:../../../../../../mods-available/wimax.adoc[mods-available/wimax] for
more information.
Log traffic to an SQL database.
-See "Accounting Queries" in link:../mods-available/sql.adoc[mods-available/sql].
+See "Accounting Queries" in link:../../../../../../mods-available/sql.adoc[mods-available/sql].
-ldap
# dailycounter
expiration
- logintime
pap
}
recv Status-Server {
-ldap
# daily
expiration
- logintime
pap
}
authenticate pap {
DEFAULT_MODULES := always attr_filter cache_eap chap client \
delay detail detail.log digest eap \
- eap_inner echo escape exec files linelog logintime \
+ eap_inner echo escape exec files linelog \
mschap ntlm_auth pap passwd radutmp \
sradutmp stats unix unpack utf8
+++ /dev/null
-# -*- text -*-
-#
-#
-# $Id$
-
-#######################################################################
-#
-# = Login time Module
-#
-# The `logintime` module handles the `Login-Time`, `Current-Time`,
-# and `Time-Of-Day` attributes.
-#
-# It should be included in the *end* of the `recv Access-Request`
-# section in order to handle `Login-Time` checks.
-#
-# When the `Login-Time` attribute is set to some value, and the user
-# has been permitted to log in, the `Session-Timeout` will be
-# calculated based on the remaining time. Note that this is a
-# *maximum* value. If another module sets `Session-Timeout` to a
-# lower value, the `logintime` module will not increase its value.
-#
-
-#
-# ## Configuration Settings
-#
-logintime {
- #
- # minimum_timeout::
- #
- # The minimum timeout (in seconds) a user is allowed
- # to have. If the calculated timeout is lower we don't
- # allow the login.
- #
- # NOTE: Some NAS do not handle values lower than 60 seconds.
- # They will either ignore the result, or set it to some
- # larger value.
- #
- # Default is `60`.
- #
- minimum_timeout = 60
-}
-
# .Please see the `mods-available/expiration` for full documentation.
#
expiration
-
- #
- # .Please see the `mods-available/logintime` for full documentation.
- #
- logintime
}
#
#
expiration
- #
- # Look at the `Login-Time` attribute and reject if the user
- # is not allowed access at the present time. Otherwise,
- # set `Session-Timeout` to the end of the permitted time span.
- #
- logintime
-
#
# The `pap` module will set `Auth-Type := PAP` if the
# packet contains a `User-Password` attribute. The module
# daily
expiration
- logintime
#
# If no other module has claimed responsibility for
%{_libdir}/freeradius/rlm_icmp.so
%{_libdir}/freeradius/rlm_isc_dhcp.so
%{_libdir}/freeradius/rlm_linelog.so
-%{_libdir}/freeradius/rlm_logintime.so
%{_libdir}/freeradius/rlm_logtee.so
%{_libdir}/freeradius/rlm_mschap.so
%{_libdir}/freeradius/rlm_pam.so
-# -*- text -*-
+ # -*- text -*-
# Copyright (C) 2022 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
# Version $Id$
ATTRIBUTE User-Category 1013 string
ATTRIBUTE Pam-Auth 1014 string
-ATTRIBUTE Login-Time 1015 string
+# 1015 was Current-Time
-ATTRIBUTE Current-Time 1016 string
ATTRIBUTE Realm 1017 string
# 1018 was No-Such-Attribute
ATTRIBUTE NTLM-User-Name 1042 string
ATTRIBUTE MS-CHAP-User-Name 1043 string
-ATTRIBUTE Time-Of-Day 1089 string
+# 1089 was Time-Of-Day
ATTRIBUTE SQL-Table-Name 1110 string
ATTRIBUTE Home-Server-Pool 1111 string
+++ /dev/null
-# rlm_logintime
-## Metadata
-<dl>
- <dt>category</dt><dd>policy</dd>
-</dl>
-
-## Summary
-Enforces the time span during which a user may login to the system.
-
-Time spans are defined with timestrings, which are similar in format to those used by UUCP. A timestring may be a
-simple timestring, or it may be a list of simpletime strings separated by "|" or ",".
+++ /dev/null
-TARGETNAME := rlm_logintime
-
-TARGET := $(TARGETNAME)$(L)
-SOURCES := $(TARGETNAME).c timestr.c
-
-LOG_ID_LIB = 28
+++ /dev/null
-/*
- * This program is is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/**
- * $Id$
- * @file rlm_logintime.c
- * @brief Allow login only during a given timeslot.
- *
- * @copyright 2001,2006 The FreeRADIUS server project
- * @copyright 2004 Kostas Kalevras (kkalev@noc.ntua.gr)
- */
-RCSID("$Id$")
-
-#include <freeradius-devel/server/base.h>
-#include <freeradius-devel/server/module_rlm.h>
-
-#include <ctype.h>
-
-/* timestr.c */
-int timestr_match(fr_time_delta_t *out, char const *tmstr, fr_time_t when);
-
-/*
- * Define a structure for our module configuration.
- *
- * These variables do not need to be in a structure, but it's
- * a lot cleaner to do so, and a pointer to the structure can
- * be used as the instance handle.
- */
-typedef struct {
- fr_time_delta_t min_time;
-} rlm_logintime_t;
-
-static const CONF_PARSER module_config[] = {
- { FR_CONF_OFFSET("minimum_timeout", FR_TYPE_TIME_DELTA, rlm_logintime_t, min_time), .dflt = "60s" },
- CONF_PARSER_TERMINATOR
-};
-
-static fr_dict_t const *dict_freeradius;
-static fr_dict_t const *dict_radius;
-
-extern fr_dict_autoload_t rlm_logintime_dict[];
-fr_dict_autoload_t rlm_logintime_dict[] = {
- { .out = &dict_freeradius, .proto = "freeradius" },
- { .out = &dict_radius, .proto = "radius" },
- { NULL }
-};
-
-static fr_dict_attr_t const *attr_current_time;
-static fr_dict_attr_t const *attr_login_time;
-static fr_dict_attr_t const *attr_time_of_day;
-
-static fr_dict_attr_t const *attr_session_timeout;
-
-extern fr_dict_attr_autoload_t rlm_logintime_dict_attr[];
-fr_dict_attr_autoload_t rlm_logintime_dict_attr[] = {
- { .out = &attr_current_time, .name = "Current-Time", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
- { .out = &attr_login_time, .name = "Login-Time", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
- { .out = &attr_time_of_day, .name = "Time-Of-Day", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
-
- { .out = &attr_session_timeout, .name = "Session-Timeout", .type = FR_TYPE_UINT32, .dict = &dict_radius },
-
- { NULL }
-};
-
-/*
- * Compare the current time to a range.
- */
-static int timecmp(UNUSED void *instance, request_t *request, fr_pair_t const *check)
-{
- fr_time_delta_t left;
-
- if (timestr_match(&left, check->vp_strvalue, request->packet->timestamp) < 0) return -1;
-
- /*
- * 0 is a special case meaning "allowed".
- */
- if (fr_time_delta_gteq(left, fr_time_delta_wrap(0))) return 0;
-
- return -1;
-}
-
-
-/*
- * Time-Of-Day support
- */
-static int time_of_day(UNUSED void *instance, request_t *request, fr_pair_t const *check)
-{
- int scan;
- int hhmmss, when;
- char const *p;
- struct tm *tm, s_tm;
- time_t now;
-
- if (strspn(check->vp_strvalue, "0123456789: ") != strlen(check->vp_strvalue)) {
- RDEBUG2("Bad Time-Of-Day value \"%pV\"", &check->data);
- return -1;
- }
-
- now = fr_time_to_sec(request->packet->timestamp);
- tm = localtime_r(&now, &s_tm);
- hhmmss = (tm->tm_hour * 3600) + (tm->tm_min * 60) + tm->tm_sec;
-
- /*
- * Time of day is a 24-hour clock
- */
- p = check->vp_strvalue;
- scan = atoi(p);
- p = strchr(p, ':');
- if ((scan > 23) || !p) {
- RDEBUG2("Bad Time-Of-Day value \"%pV\"", &check->data);
- return -1;
- }
- when = scan * 3600;
- p++;
-
- scan = atoi(p);
- if (scan > 59) {
- RDEBUG2("Bad Time-Of-Day value \"%pV\"", &check->data);
- return -1;
- }
- when += scan * 60;
-
- p = strchr(p, ':');
- if (p) {
- scan = atoi(p + 1);
- if (scan > 59) {
- RDEBUG2("Bad Time-Of-Day value \"%pV\"", &check->data);
- return -1;
- }
- when += scan;
- }
-
- return hhmmss - when;
-}
-
-/*
- * Check if account has expired, and if user may login now.
- */
-static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
-{
- rlm_logintime_t const *inst = talloc_get_type_abort_const(mctx->inst->data, rlm_logintime_t);
- fr_pair_t *ends, *vp;
- fr_time_delta_t left;
-
- ends = fr_pair_find_by_da(&request->control_pairs, NULL, attr_login_time);
- if (!ends) RETURN_MODULE_NOOP;
-
- /*
- * Authentication is OK. Now see if this user may login at this time of the day.
- */
- RDEBUG2("Checking Login-Time");
-
- /*
- * Compare the time the request was received with the current Login-Time value
- */
- if (timestr_match(&left, ends->vp_strvalue, request->packet->timestamp) < 0) {
- RETURN_MODULE_DISALLOW; /* outside of the allowed time */
- }
-
- /*
- * Do nothing, login time is not controlled (unended).
- */
- if (fr_time_delta_eq(left, fr_time_delta_wrap(0))) RETURN_MODULE_OK;
-
- /*
- * The min_time setting is to deal with NAS that won't allow Session-vp values below a certain value
- * For example some Alcatel Lucent products won't allow a Session-vp < 300 (5 minutes).
- *
- * We don't know were going to get another chance to lock out the user, so we need to do it now.
- */
- if (fr_time_delta_lt(left, inst->min_time)) {
- REDEBUG("Login outside of allowed time-slot (session end %s, with lockout %i seconds before)",
- ends->vp_strvalue, (int) fr_time_delta_to_sec(inst->min_time));
-
- RETURN_MODULE_DISALLOW;
- }
-
- /* else left > inst->min_time */
-
- /*
- * There's time left in the users session, inform the NAS by including a Session-Timeout
- * attribute in the reply, or modifying the existing one.
- */
- RDEBUG2("Login within allowed time-slot, %d seconds left in this session", (int) fr_time_delta_to_sec(left));
-
- switch (pair_update_reply(&vp, attr_session_timeout)) {
- case 1:
- /* just update... */
- if (vp->vp_uint32 > fr_time_delta_to_sec(left)) {
- vp->vp_uint32 = fr_time_delta_to_sec(left);
- RDEBUG2("&reply.Session-Timeout := %pV", &vp->data);
- }
- break;
-
- case 0: /* no pre-existing */
- vp->vp_uint32 = fr_time_delta_to_sec(left);
- RDEBUG2("&reply.Session-Timeout := %pV", &vp->data);
- break;
-
- case -1: /* malloc failure */
- MEM(NULL);
- }
-
- RETURN_MODULE_OK;
-}
-
-
-/*
- * Do any per-module initialization that is separate to each
- * configured instance of the module. e.g. set up connections
- * to external databases, read configuration files, set up
- * dictionary entries, etc.
- *
- * If configuration information is given in the config section
- * that must be referenced in later calls, store a handle to it
- * in *instance otherwise put a null pointer there.
- */
-static int mod_instantiate(module_inst_ctx_t const *mctx)
-{
- rlm_logintime_t *inst = talloc_get_type_abort(mctx->inst->data, rlm_logintime_t);
- CONF_SECTION *conf = mctx->inst->conf;
-
- if (!fr_time_delta_ispos(inst->min_time)) {
- cf_log_err(conf, "Invalid value '0' for minimum_timeout");
- return -1;
- }
-
- /*
- * Register a Current-Time comparison function
- */
- paircmp_register(attr_current_time, NULL, true, timecmp, inst);
- paircmp_register(attr_time_of_day, NULL, true, time_of_day, inst);
-
- return 0;
-}
-
-/*
- * The module name should be the only globally exported symbol.
- * That is, everything else should be 'static'.
- *
- * If the module needs to temporarily modify it's instantiation
- * data, the type should be changed to MODULE_TYPE_THREAD_UNSAFE.
- * The server will then take care of ensuring that the module
- * is single-threaded.
- */
-extern module_rlm_t rlm_logintime;
-module_rlm_t rlm_logintime = {
- .common = {
- .magic = MODULE_MAGIC_INIT,
- .name = "logintime",
- .inst_size = sizeof(rlm_logintime_t),
- .config = module_config,
- .instantiate = mod_instantiate
- },
- .method_names = (module_method_name_t[]){
- { .name1 = CF_IDENT_ANY, .name2 = CF_IDENT_ANY, .method = mod_authorize },
- MODULE_NAME_TERMINATOR
- }
-};
+++ /dev/null
-/*
- * timestr.c See if a string like 'Su2300-0700' matches (UUCP style).
- *
- * Version: $Id$
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * @copyright 2000,2006 The FreeRADIUS server project
- * @copyright 2000 Alan DeKok (aland@freeradius.org)
- */
-
-RCSID("$Id$")
-
-#include <freeradius-devel/server/base.h>
-
-#include <ctype.h>
-
-int timestr_match(fr_time_delta_t *out, char const *tmstr, fr_time_t when);
-
-static char const *days[] =
- { "su", "mo", "tu", "we", "th", "fr", "sa", "wk", "any", "al" };
-
-#define DAYMIN (24*60)
-#define WEEKMIN (24*60*7)
-#define val(x) (( (x) < 48 || (x) > 57) ? 0 : ((x) - 48))
-
-#if 0 /* Set to 1 if you're a developer and want to debug this code */
-# define timestr_debug DEBUG2
-# define do_timestr_debug 1
-#else
-# define timestr_debug if (0) printf
-#endif
-
-/*
- * String code.
- */
-static int strcode (char const **str)
-{
- int i;
- size_t l;
-
- timestr_debug("strcode %s called\n", *str);
-
- for (i = 0; i < 10; i++) {
- l = strlen(days[i]);
- if (l > strlen(*str))
- continue;
- if (strncmp(*str, days[i], l) == 0) {
- *str += l;
- break;
- }
- }
- timestr_debug("strcode result %d\n", i);
-
- return (i >= 10) ? -1 : i;
-
-}
-
-/*
- * Fill bitmap with hours/mins.
- */
-static int hour_fill(char *bitmap, char const *tm)
-{
- char *p;
- int start, end;
- int i, bit, byte;
-
- timestr_debug("hour_fill called for %s\n", tm);
-
- /*
- * Get timerange in start and end.
- */
- end = -1;
- if ((p = strchr(tm, '-')) != NULL) {
- p++;
- if (p - tm != 5 || strlen(p) < 4 || !isdigit((uint8_t) *p))
- return 0;
- end = 600 * val(p[0]) + 60 * val(p[1]) + atoi(p + 2);
- }
- if (*tm == 0) {
- start = 0;
- end = DAYMIN - 1;
- } else {
- if (strlen(tm) < 4 || !isdigit((uint8_t) *tm))
- return 0;
- start = 600 * val(tm[0]) + 60 * val(tm[1]) + atoi(tm + 2);
- if (end < 0) end = start;
- }
- /* Treat 2400 as 0000, and do some more silent error checks. */
- if (end < 0) end = 0;
- if (start < 0) start = 0;
- if (end >= DAYMIN) end = DAYMIN - 1;
- if (start >= DAYMIN) start = DAYMIN - 1;
-
- timestr_debug("hour_fill: range from %d to %d\n", start, end);
-
- /*
- * Fill bitmap.
- */
- i = start;
- while (1) {
- byte = (i / 8);
- bit = i % 8;
- timestr_debug("setting byte %d, bit %d\n", byte, bit);
- bitmap[byte] |= (1 << bit);
- if (i == end) break;
- i++;
- i %= DAYMIN;
- }
- return 1;
-}
-
-/*
- * Call the fill bitmap function for every day listed.
- */
-static int day_fill(char *bitmap, char const *tm)
-{
- char const *hr;
- int n;
- int start, end;
-
- for (hr = tm; *hr; hr++)
- if (isdigit((uint8_t) *hr))
- break;
- if (hr == tm)
- tm = "Al";
-
- timestr_debug("dayfill: hr %s tm %s\n", hr, tm);
-
- while ((start = strcode(&tm)) >= 0) {
- /*
- * Find start and end weekdays and
- * build a valid range 0 - 6.
- */
- if (*tm == '-') {
- tm++;
- if ((end = strcode(&tm)) < 0)
- break;
- } else
- end = start;
- if (start == 7) {
- start = 1;
- end = 5;
- }
- if (start > 7) {
- start = 0;
- end = 6;
- }
- n = start;
- timestr_debug("day_fill: range from %d to %d\n", start, end);
- while (1) {
- hour_fill(bitmap + 180 * n, hr);
- if (n == end) break;
- n++;
- n %= 7;
- }
- }
-
- return 1;
-}
-
-/*
- * Fill the week bitmap with allowed times.
- */
-static int week_fill(char *bitmap, char const *tm)
-{
- char *s;
- char tmp[256];
-
- strlcpy(tmp, tm, sizeof(tmp));
- for (s = tmp; *s; s++)
- if (isupper((uint8_t) *s)) *s = tolower((uint8_t) *s);
-
- s = strtok(tmp, ",|");
- while (s) {
- day_fill(bitmap, s);
- s = strtok(NULL, ",|");
- }
-
- return 0;
-}
-
-/*
- * Match a time string, and return time left in `out`.
- * -1 for no match
- */
-int timestr_match(fr_time_delta_t *out, char const *tmstr, fr_time_t when)
-{
- struct tm *tm, s_tm;
- char bitmap[WEEKMIN / 8];
- int64_t now, tot, i;
- int byte, bit;
-#ifdef do_timestr_debug
- int y;
- char *s;
- char null[8];
-#endif
- time_t t = fr_time_to_sec(when);
-
- tm = localtime_r(&t, &s_tm);
- now = (int64_t) (tm->tm_wday) * DAYMIN + (int64_t) (tm->tm_hour) * 60 + tm->tm_min;
- tot = 0;
- memset(bitmap, 0, sizeof(bitmap));
- week_fill(bitmap, tmstr);
-
-#ifdef do_timestr_debug
- memset(null, 0, 8);
- for (i = 0; i < 7; i++) {
- timestr_debug("%d: ", i);
- s = bitmap + 180 * i;
- for (y = 0; y < 23; y++) {
- s = bitmap + 180 * i + (75 * y) / 10;
- timestr_debug("%c", memcmp(s, null, 8) == 0 ? '.' : '#');
- }
- timestr_debug("\n");
- }
-#endif
-
- /*
- * See how many minutes we have.
- */
- i = now;
- while (1) {
- byte = i / 8;
- bit = i % 8;
- timestr_debug("READ: checking byte %d bit %d\n", byte, bit);
- if (!(bitmap[byte] & (1 << bit)))
- break;
- tot += 60;
- i++;
- i %= WEEKMIN;
- if (i == now)
- break;
- }
-
- if (!tot) return -1;
-
- if (i == now) {
- *out = fr_time_delta_wrap(0);
- return 0;
- }
-
- *out = fr_time_delta_wrap(tot);
- return 0;
-}
-
-#ifdef STANDALONE
-
-int main(int argc, char **argv)
-{
- fr_time_delta_t l;
-
- if (argc != 2) {
- fprintf(stderr, "Usage: test timestring\n");
- fr_exit_now(EXIT_FAILURE);
- }
- l = timestr_match(argv[1], fr_time());
- printf ("%s: %d seconds left\n", argv[1], fr_time_delta_to_sec(l));
- return 0;
-}
-
-#endif
-
rlm_krb5
rlm_ldap
rlm_linelog
-rlm_logintime
rlm_mschap
rlm_pam
rlm_pap
projects / thirdparty / freeradius-server.git / commitdiff
