Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # We check for this prefix to determine whether the class |
| 2 | # value was generated by this server. It should be changed |
| 3 | # so that it is globally unique. |
| 4 | class_value_prefix = 'ai:' |
| 5 | |
| 6 | # |
| 7 | # Replacement for the old rlm_acct_unique module |
| 8 | # |
| 9 | acct_unique { |
| 10 | # |
| 11 | # If we have a class attribute in the format |
| 12 | # 'auth_id:[0-9a-f]{32}' it'll have a local value |
| 13 | # (defined by insert_acct_class), this ensures |
| 14 | # uniqueness and suitability. |
| 15 | # |
| 16 | # We could just use the Class attribute as |
| 17 | # Acct-Unique-Session-Id, but this may cause problems |
| 18 | # with NAS that carry Class values across between |
| 19 | # multiple linked sessions. So we rehash class with |
| 20 | # Acct-Session-ID to provide a truely unique session |
| 21 | # identifier. |
| 22 | # |
| 23 | # Using a Class/Session-ID combination is more robust |
| 24 | # than using elements in the Accounting-Request, |
| 25 | # which may be subject to change, such as |
| 26 | # NAS-IP-Address, Client-IP-Address and |
| 27 | # NAS-Port-ID/NAS-Port. |
| 28 | # |
| 29 | # This policy should ensure that session data is not |
| 30 | # affected if NAS IP addresses change, or the client |
| 31 | # roams to a different 'port' whilst maintaining its |
| 32 | # initial authentication session (Common in a |
| 33 | # wireless environment). |
| 34 | # |
| 35 | if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) { |
| 36 | update request { |
| 37 | Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}" |
| 38 | } |
| 39 | } |
| 40 | |
| 41 | # |
| 42 | # Not All devices respect RFC 2865 when dealing with |
| 43 | # the class attribute, so be prepared to use the |
| 44 | # older style of hashing scheme if a class attribute |
| 45 | # is not included |
| 46 | # |
| 47 | else { |
| 48 | update request { |
| 49 | Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" |
| 50 | } |
| 51 | } |
| 52 | } |
| 53 | |
| 54 | # |
| 55 | # Insert a (hopefully unique) value into class |
| 56 | # |
| 57 | insert_acct_class { |
| 58 | update reply { |
| 59 | Class = "${policy.class_value_prefix}%{md5:%t,%I,%{Packet-Src-Port},%{Packet-Src-IP-Address},%{NAS-IP-Address},%{Calling-Station-ID},%{User-Name}}" |
| 60 | } |
| 61 | } |
| 62 | |
| 63 | # |
| 64 | # Merges Acct-[Input|Output]-Octets and Acct-[Input|Output]-Gigawords into Acct-[Input|Output]-Octets64 |
| 65 | # |
| 66 | acct_counters64.preacct { |
| 67 | update request { |
| 68 | Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}" |
| 69 | Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}" |
| 70 | } |
| 71 | } |
| 72 | |