> Hello,
>
> I use PM2Es and Livingston's Radius for dialup. I have a certain user whom
> I wish to grant dialup access to from 9-5 daily. I have set some cron jobs
> to alter the raddb/users file at the appropriate times and authentication
> works great.
I had this same situation come up a few weeks ago as well. My solution
was to modify radiusd to add a Time-Rule attribute. Here's an example
user entry for someone with a Time-Rule:
someuser Password = "UNIX", Time-Rule = "12345 1600-2200, 06 0000-2359"
User-Service-Type = Login-User,
Login-Host = shell.mydomain.com,
Login-Service = PortMaster
The Time-Rule works as follows:
Time-Rule = "12345 1600-2200, 06 0000-2359"
Where: 0 = Sunday
1 = Monday
2 = Tuesday
3 = Wednesday
4 = Thursday
5 = Friday
6 = Saturday
and the time range that the user is allowed to login
In the above example, the user would be allowed to login from 4:00PM to
10:00PM Monday through Friday, and any time on Saturday and Sunday.
Sorry I don't have a diff file to give you, but here's the code snippets
to make this work (at least for me):
- in radiusd.c, function rad_authenticate(), I added the timerule variables:
/* curtis' timerule additions */
time_t timerule_thetime;
struct tm *timerule_ltime;
char timerule_rule[256];
char *timerule_offset, *timerule_endrule;
char *timerule_starttime, *timerule_endtime;
char *timerule_curday;
int timerule_allow;
/* end curtis' timerule additions */
- in radiusd.c, function rad_authenticate(), AFTER this snippet of code:
/*
* Check expiration date if we are doing password aging.
*/
if(check_item->attribute == PW_EXPIRATION) {
/* Has this user's password expired */
retval = pw_expired(check_item->lvalue);
if(retval < 0) {
result = -1;
user_msg = "Password Has Expired\r\n";
}
else {
if(retval > 0) {
sprintf(umsg,
"Password Will Expire in %d Days\r\n",
retval);
user_msg = umsg;
}
check_item = check_item->next;
}
continue;
}
add the following:
/*
* Check time rule (curtis)
*/
if(check_item->attribute == PW_TIME_RULE) {
timerule_allow=0;
time(&timerule_thetime);
timerule_ltime = localtime(&timerule_thetime);
strncpy(timerule_rule,check_item->strvalue, sizeof(timerule_rule));
for (timerule_offset=timerule_rule; timerule_offset!=NULL; timerule_offset=timerule_endrule) {
if ((timerule_endrule=strchr(timerule_offset,','))!=NULL) {
*timerule_endrule='\0';
timerule_endrule++;
while (*timerule_endrule==' ') {
timerule_endrule++;
}
}
timerule_starttime=strchr(timerule_offset,' ');
*timerule_starttime++ = '\0';
while (*timerule_starttime==' ') {
timerule_starttime++;
}
timerule_endtime=strchr(timerule_starttime,'-');
*timerule_endtime++ = '\0';
while (*(timerule_starttime+strlen(timerule_starttime)-1)==' ') {
*(timerule_starttime+strlen(timerule_starttime)-1)='\0';
}
while (*timerule_endtime==' ') {
timerule_endtime++;
}
while (*(timerule_endtime+strlen(timerule_endtime)-1)==' ') {
while (*(timerule_endtime+strlen(timerule_endtime)-1)==' ') {
*(timerule_endtime+strlen(timerule_endtime)-1)='\0';
}
for (timerule_curday=timerule_offset; *timerule_curday!='\0'; timerule_curday++) {
printf("\"%c\" : \"%s\" - \"%s\"\n",*timerule_curday,timerule_starttime,timerule_endtime);
if (*timerule_curday-0x30==timerule_ltime->tm_wday &&
timerule_ltime->tm_hour*100+timerule_ltime->tm_min >= atoi(timerule_starttime) &&
timerule_ltime->tm_hour*100+timerule_ltime->tm_min <= atoi(timerule_endtime)) {
timerule_allow=1;
}
}
}
if (timerule_allow!=1) {
result = -1;
user_msg="You are not allowed to login at this time.\r\n";
}
check_item = check_item->next;
continue;
}
- in radius.h, I added:
#define PW_TIME_RULE 26
- and in the radius dictionary file I added:
ATTRIBUTE Time-Rule 26 string
That's it.
---------------------------------------------------------------------------
"There is an exception to every - Curtis Coleman, - (204) 985-9025
rule, except this one." . - Telenetworkputerologist - Pangea.CA Inc.