1 package FS::part_export::sqlradius;
3 use vars qw(@ISA $DEBUG %info %options $notes1 $notes2);
5 use FS::Record qw( dbh qsearch qsearchs str2time_sql );
11 @ISA = qw(FS::part_export);
15 tie %options, 'Tie::IxHash',
16 'datasrc' => { label=>'DBI data source ' },
17 'username' => { label=>'Database username' },
18 'password' => { label=>'Database password' },
19 'ignore_accounting' => {
21 label => 'Ignore accounting records from this database'
25 label => 'Hide IP address information on session reports',
29 label => 'Hide download/upload information on session reports',
31 'show_called_station' => {
33 label => 'Show the Called-Station-ID on session reports',
35 'overlimit_groups' => { label => 'Radius groups to assign to svc_acct which has exceeded its bandwidth or time limit', } ,
36 'groups_susp_reason' => { label =>
37 'Radius group mapping to reason (via template user) (svcnum|username|username@domain reasonnum|reason)',
44 Real-time export of <b>radcheck</b>, <b>radreply</b> and <b>usergroup</b>
45 tables to any SQL database for
46 <a href="http://www.freeradius.org/">FreeRADIUS</a>
47 or <a href="http://radius.innercite.com/">ICRADIUS</a>.
51 An existing RADIUS database will be updated in realtime, but you can use
52 <a href="../docs/man/bin/freeside-sqlradius-reset">freeside-sqlradius-reset</a>
53 to delete the entire RADIUS database and repopulate the tables from the
54 Freeside database. See the
55 <a href="http://search.cpan.org/dist/DBI/DBI.pm#connect">DBI documentation</a>
57 <a href="http://search.cpan.org/search?mode=module&query=DBD%3A%3A">documentation for your DBD</a>
58 for the exact syntax of a DBI data source.
60 <li>Using FreeRADIUS 0.9.0 with the PostgreSQL backend, the db_postgresql.sql schema and postgresql.conf queries contain incompatible changes. This is fixed in 0.9.1. Only new installs with 0.9.0 and PostgreSQL are affected - upgrades and other database backends and versions are unaffected.
61 <li>Using ICRADIUS, add a dummy "op" column to your database:
63 ALTER TABLE radcheck ADD COLUMN op VARCHAR(2) NOT NULL DEFAULT '=='<br>
64 ALTER TABLE radreply ADD COLUMN op VARCHAR(2) NOT NULL DEFAULT '=='<br>
65 ALTER TABLE radgroupcheck ADD COLUMN op VARCHAR(2) NOT NULL DEFAULT '=='<br>
66 ALTER TABLE radgroupreply ADD COLUMN op VARCHAR(2) NOT NULL DEFAULT '=='
68 <li>Using Radiator, see the
69 <a href="http://www.open.com.au/radiator/faq.html#38">Radiator FAQ</a>
70 for configuration information.
76 'desc' => 'Real-time export to SQL-backed RADIUS (FreeRADIUS, ICRADIUS)',
77 'options' => \%options,
80 'This export does not export RADIUS realms (see also '.
81 'sqlradius_withdomain). '.
85 sub _groups_susp_reason_map { map { reverse( /^\s*(\S+)\s*(.*)$/ ) }
86 split( "\n", shift->option('groups_susp_reason'));
89 sub rebless { shift; }
92 my($self, $svc_acct) = (shift, shift);
93 warn "export_username called on $self with arg $svc_acct" if $DEBUG > 1;
98 my($self, $svc_acct) = (shift, shift);
100 foreach my $table (qw(reply check)) {
101 my $method = "radius_$table";
102 my %attrib = $svc_acct->$method();
103 next unless keys %attrib;
104 my $err_or_queue = $self->sqlradius_queue( $svc_acct->svcnum, 'insert',
105 $table, $self->export_username($svc_acct), %attrib );
106 return $err_or_queue unless ref($err_or_queue);
108 my @groups = $svc_acct->radius_groups;
110 cluck localtime(). ": queuing usergroup_insert for ". $svc_acct->svcnum.
111 " (". $self->export_username($svc_acct). " with ". join(", ", @groups)
113 my $err_or_queue = $self->sqlradius_queue(
114 $svc_acct->svcnum, 'usergroup_insert',
115 $self->export_username($svc_acct), @groups );
116 return $err_or_queue unless ref($err_or_queue);
121 sub _export_replace {
122 my( $self, $new, $old ) = (shift, shift, shift);
124 local $SIG{HUP} = 'IGNORE';
125 local $SIG{INT} = 'IGNORE';
126 local $SIG{QUIT} = 'IGNORE';
127 local $SIG{TERM} = 'IGNORE';
128 local $SIG{TSTP} = 'IGNORE';
129 local $SIG{PIPE} = 'IGNORE';
131 my $oldAutoCommit = $FS::UID::AutoCommit;
132 local $FS::UID::AutoCommit = 0;
136 if ( $self->export_username($old) ne $self->export_username($new) ) {
137 my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'rename',
138 $self->export_username($new), $self->export_username($old) );
139 unless ( ref($err_or_queue) ) {
140 $dbh->rollback if $oldAutoCommit;
141 return $err_or_queue;
143 $jobnum = $err_or_queue->jobnum;
146 foreach my $table (qw(reply check)) {
147 my $method = "radius_$table";
148 my %new = $new->$method();
149 my %old = $old->$method();
150 if ( grep { !exists $old{$_} #new attributes
151 || $new{$_} ne $old{$_} #changed
154 my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'insert',
155 $table, $self->export_username($new), %new );
156 unless ( ref($err_or_queue) ) {
157 $dbh->rollback if $oldAutoCommit;
158 return $err_or_queue;
161 my $error = $err_or_queue->depend_insert( $jobnum );
163 $dbh->rollback if $oldAutoCommit;
169 my @del = grep { !exists $new{$_} } keys %old;
171 my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'attrib_delete',
172 $table, $self->export_username($new), @del );
173 unless ( ref($err_or_queue) ) {
174 $dbh->rollback if $oldAutoCommit;
175 return $err_or_queue;
178 my $error = $err_or_queue->depend_insert( $jobnum );
180 $dbh->rollback if $oldAutoCommit;
188 my (@oldgroups) = $old->radius_groups;
189 my (@newgroups) = $new->radius_groups;
190 $error = $self->sqlreplace_usergroups( $new->svcnum,
191 $self->export_username($new),
192 $jobnum ? $jobnum : '',
197 $dbh->rollback if $oldAutoCommit;
201 $dbh->commit or die $dbh->errstr if $oldAutoCommit;
206 sub _export_suspend {
207 my( $self, $svc_acct ) = (shift, shift);
209 my $new = $svc_acct->clone_suspended;
211 local $SIG{HUP} = 'IGNORE';
212 local $SIG{INT} = 'IGNORE';
213 local $SIG{QUIT} = 'IGNORE';
214 local $SIG{TERM} = 'IGNORE';
215 local $SIG{TSTP} = 'IGNORE';
216 local $SIG{PIPE} = 'IGNORE';
218 my $oldAutoCommit = $FS::UID::AutoCommit;
219 local $FS::UID::AutoCommit = 0;
222 my $err_or_queue = $self->sqlradius_queue( $new->svcnum, 'insert',
223 'check', $self->export_username($new), $new->radius_check );
224 unless ( ref($err_or_queue) ) {
225 $dbh->rollback if $oldAutoCommit;
226 return $err_or_queue;
230 my (@newgroups) = $self->suspended_usergroups($svc_acct);
232 $self->sqlreplace_usergroups( $new->svcnum,
233 $self->export_username($new),
235 $svc_acct->usergroup,
239 $dbh->rollback if $oldAutoCommit;
242 $dbh->commit or die $dbh->errstr if $oldAutoCommit;
247 sub _export_unsuspend {
248 my( $self, $svc_acct ) = (shift, shift);
250 local $SIG{HUP} = 'IGNORE';
251 local $SIG{INT} = 'IGNORE';
252 local $SIG{QUIT} = 'IGNORE';
253 local $SIG{TERM} = 'IGNORE';
254 local $SIG{TSTP} = 'IGNORE';
255 local $SIG{PIPE} = 'IGNORE';
257 my $oldAutoCommit = $FS::UID::AutoCommit;
258 local $FS::UID::AutoCommit = 0;
261 my $err_or_queue = $self->sqlradius_queue( $svc_acct->svcnum, 'insert',
262 'check', $self->export_username($svc_acct), $svc_acct->radius_check );
263 unless ( ref($err_or_queue) ) {
264 $dbh->rollback if $oldAutoCommit;
265 return $err_or_queue;
269 my (@oldgroups) = $self->suspended_usergroups($svc_acct);
270 $error = $self->sqlreplace_usergroups( $svc_acct->svcnum,
271 $self->export_username($svc_acct),
274 $svc_acct->usergroup,
277 $dbh->rollback if $oldAutoCommit;
280 $dbh->commit or die $dbh->errstr if $oldAutoCommit;
286 my( $self, $svc_acct ) = (shift, shift);
287 my $err_or_queue = $self->sqlradius_queue( $svc_acct->svcnum, 'delete',
288 $self->export_username($svc_acct) );
289 ref($err_or_queue) ? '' : $err_or_queue;
292 sub sqlradius_queue {
293 my( $self, $svcnum, $method ) = (shift, shift, shift);
294 my $queue = new FS::queue {
296 'job' => "FS::part_export::sqlradius::sqlradius_$method",
299 $self->option('datasrc'),
300 $self->option('username'),
301 $self->option('password'),
306 sub suspended_usergroups {
307 my ($self, $svc_acct) = (shift, shift);
309 return () unless $svc_acct;
311 #false laziness with FS::part_export::shellcommands
312 #subclass part_export?
314 my $r = $svc_acct->cust_svc->cust_pkg->last_reason;
315 my %reasonmap = $self->_groups_susp_reason_map;
318 $userspec = $reasonmap{$r->reasonnum}
319 if exists($reasonmap{$r->reasonnum});
320 $userspec = $reasonmap{$r->reason}
321 if (!$userspec && exists($reasonmap{$r->reason}));
324 if ($userspec =~ /^d+$/ ){
325 $suspend_user = qsearchs( 'svc_acct', { 'svcnum' => $userspec } );
326 }elsif ($userspec =~ /^\S+\@\S+$/){
327 my ($username,$domain) = split(/\@/, $userspec);
328 for my $user (qsearch( 'svc_acct', { 'username' => $username } )){
329 $suspend_user = $user if $userspec eq $user->email;
332 $suspend_user = qsearchs( 'svc_acct', { 'username' => $userspec } );
335 return $suspend_user->radius_groups if $suspend_user;
339 sub sqlradius_insert { #subroutine, not method
340 my $dbh = sqlradius_connect(shift, shift, shift);
341 my( $table, $username, %attributes ) = @_;
343 foreach my $attribute ( keys %attributes ) {
345 my $s_sth = $dbh->prepare(
346 "SELECT COUNT(*) FROM rad$table WHERE UserName = ? AND Attribute = ?"
347 ) or die $dbh->errstr;
348 $s_sth->execute( $username, $attribute ) or die $s_sth->errstr;
350 if ( $s_sth->fetchrow_arrayref->[0] ) {
352 my $u_sth = $dbh->prepare(
353 "UPDATE rad$table SET Value = ? WHERE UserName = ? AND Attribute = ?"
354 ) or die $dbh->errstr;
355 $u_sth->execute($attributes{$attribute}, $username, $attribute)
356 or die $u_sth->errstr;
360 my $i_sth = $dbh->prepare(
361 "INSERT INTO rad$table ( UserName, Attribute, op, Value ) ".
362 "VALUES ( ?, ?, ?, ? )"
363 ) or die $dbh->errstr;
367 ( $attribute =~ /Password/i ? '==' : ':=' ),
368 $attributes{$attribute},
369 ) or die $i_sth->errstr;
377 sub sqlradius_usergroup_insert { #subroutine, not method
378 my $dbh = sqlradius_connect(shift, shift, shift);
379 my( $username, @groups ) = @_;
381 my $s_sth = $dbh->prepare(
382 "SELECT COUNT(*) FROM usergroup WHERE UserName = ? AND GroupName = ?"
383 ) or die $dbh->errstr;
385 my $sth = $dbh->prepare(
386 "INSERT INTO usergroup ( UserName, GroupName ) VALUES ( ?, ? )"
387 ) or die $dbh->errstr;
389 foreach my $group ( @groups ) {
390 $s_sth->execute( $username, $group ) or die $s_sth->errstr;
391 if ($s_sth->fetchrow_arrayref->[0]) {
392 warn localtime() . ": sqlradius_usergroup_insert attempted to reinsert " .
393 "$group for $username\n"
397 $sth->execute( $username, $group )
398 or die "can't insert into groupname table: ". $sth->errstr;
403 sub sqlradius_usergroup_delete { #subroutine, not method
404 my $dbh = sqlradius_connect(shift, shift, shift);
405 my( $username, @groups ) = @_;
407 my $sth = $dbh->prepare(
408 "DELETE FROM usergroup WHERE UserName = ? AND GroupName = ?"
409 ) or die $dbh->errstr;
410 foreach my $group ( @groups ) {
411 $sth->execute( $username, $group )
412 or die "can't delete from groupname table: ". $sth->errstr;
417 sub sqlradius_rename { #subroutine, not method
418 my $dbh = sqlradius_connect(shift, shift, shift);
419 my($new_username, $old_username) = @_;
420 foreach my $table (qw(radreply radcheck usergroup )) {
421 my $sth = $dbh->prepare("UPDATE $table SET Username = ? WHERE UserName = ?")
423 $sth->execute($new_username, $old_username)
424 or die "can't update $table: ". $sth->errstr;
429 sub sqlradius_attrib_delete { #subroutine, not method
430 my $dbh = sqlradius_connect(shift, shift, shift);
431 my( $table, $username, @attrib ) = @_;
433 foreach my $attribute ( @attrib ) {
434 my $sth = $dbh->prepare(
435 "DELETE FROM rad$table WHERE UserName = ? AND Attribute = ?" )
437 $sth->execute($username,$attribute)
438 or die "can't delete from rad$table table: ". $sth->errstr;
443 sub sqlradius_delete { #subroutine, not method
444 my $dbh = sqlradius_connect(shift, shift, shift);
445 my $username = shift;
447 foreach my $table (qw( radcheck radreply usergroup )) {
448 my $sth = $dbh->prepare( "DELETE FROM $table WHERE UserName = ?" );
449 $sth->execute($username)
450 or die "can't delete from $table table: ". $sth->errstr;
455 sub sqlradius_connect {
456 #my($datasrc, $username, $password) = @_;
457 #DBI->connect($datasrc, $username, $password) or die $DBI::errstr;
458 DBI->connect(@_) or die $DBI::errstr;
461 sub sqlreplace_usergroups {
462 my ($self, $svcnum, $username, $jobnum, $old, $new) = @_;
464 # (sorta) false laziness with FS::svc_acct::replace
465 my @oldgroups = @$old;
466 my @newgroups = @$new;
468 foreach my $oldgroup ( @oldgroups ) {
469 if ( grep { $oldgroup eq $_ } @newgroups ) {
470 @newgroups = grep { $oldgroup ne $_ } @newgroups;
473 push @delgroups, $oldgroup;
477 my $err_or_queue = $self->sqlradius_queue( $svcnum, 'usergroup_delete',
478 $username, @delgroups );
480 unless ref($err_or_queue);
482 my $error = $err_or_queue->depend_insert( $jobnum );
483 return $error if $error;
488 cluck localtime(). ": queuing usergroup_insert for $svcnum ($username) ".
489 "with ". join(", ", @newgroups)
491 my $err_or_queue = $self->sqlradius_queue( $svcnum, 'usergroup_insert',
492 $username, @newgroups );
494 unless ref($err_or_queue);
496 my $error = $err_or_queue->depend_insert( $jobnum );
497 return $error if $error;
506 =item usage_sessions TIMESTAMP_START TIMESTAMP_END [ SVC_ACCT [ IP [ PREFIX [ SQL_SELECT ] ] ] ]
508 TIMESTAMP_START and TIMESTAMP_END are specified as UNIX timestamps; see
509 L<perlfunc/"time">. Also see L<Time::Local> and L<Date::Parse> for conversion
512 SVC_ACCT, if specified, limits the results to the specified account.
514 IP, if specified, limits the results to the specified IP address.
516 PREFIX, if specified, limits the results to records with a matching
519 #SQL_SELECT defaults to * if unspecified. It can be useful to set it to
520 #SUM(acctsessiontime) or SUM(AcctInputOctets), etc.
522 Returns an arrayref of hashrefs with the following fields:
528 =item framedipaddress
534 =item acctsessiontime
536 =item acctinputoctets
538 =item acctoutputoctets
540 =item calledstationid
546 #some false laziness w/cust_svc::seconds_since_sqlradacct
549 my( $self, $start, $end ) = splice(@_, 0, 3);
550 my $svc_acct = @_ ? shift : '';
551 my $ip = @_ ? shift : '';
552 my $prefix = @_ ? shift : '';
553 #my $select = @_ ? shift : '*';
557 return [] if $self->option('ignore_accounting');
559 my $dbh = sqlradius_connect( map $self->option($_),
560 qw( datasrc username password ) );
562 #select a unix time conversion function based on database type
563 my $str2time = str2time_sql( $dbh->{Driver}->{Name} );
566 qw( username realm framedipaddress
567 acctsessiontime acctinputoctets acctoutputoctets
570 "$str2time acctstarttime ) as acctstarttime",
571 "$str2time acctstoptime ) as acctstoptime",
578 my $username = $self->export_username($svc_acct);
579 if ( $svc_acct =~ /^([^@]+)\@([^@]+)$/ ) {
580 $where = '( UserName = ? OR ( UserName = ? AND Realm = ? ) ) AND';
581 push @param, $username, $1, $2;
583 $where = 'UserName = ? AND';
584 push @param, $username;
589 $where .= ' FramedIPAddress = ? AND';
593 if ( length($prefix) ) {
594 #assume sip: for now, else things get ugly trying to match /^\w+:$prefix/
595 $where .= " CalledStationID LIKE 'sip:$prefix\%' AND";
598 push @param, $start, $end;
600 my $sth = $dbh->prepare('SELECT '. join(', ', @fields).
603 $str2time AcctStopTime ) >= ?
604 AND $str2time AcctStopTime ) <= ?
605 ORDER BY AcctStartTime DESC
606 ") or die $dbh->errstr;
607 $sth->execute(@param) or die $sth->errstr;
609 [ map { { %$_ } } @{ $sth->fetchall_arrayref({}) } ];
613 =item update_svc_acct
617 sub update_svc_acct {
620 my $conf = new FS::Conf;
623 my $dbh = sqlradius_connect( map $self->option($_),
624 qw( datasrc username password ) );
626 my $str2time = str2time_sql( $dbh->{Driver}->{Name} );
627 my @fields = qw( radacctid username realm acctsessiontime );
632 my $sth = $dbh->prepare("
633 SELECT RadAcctId, UserName, Realm, AcctSessionTime,
634 $str2time AcctStartTime), $str2time AcctStopTime),
635 AcctInputOctets, AcctOutputOctets
637 WHERE FreesideStatus IS NULL
638 AND AcctStopTime != 0
639 ") or die $dbh->errstr;
640 $sth->execute() or die $sth->errstr;
642 while ( my $row = $sth->fetchrow_arrayref ) {
643 my($RadAcctId, $UserName, $Realm, $AcctSessionTime, $AcctStartTime,
644 $AcctStopTime, $AcctInputOctets, $AcctOutputOctets) = @$row;
645 warn "processing record: ".
646 "$RadAcctId ($UserName\@$Realm for ${AcctSessionTime}s"
649 $UserName = lc($UserName) unless $conf->exists('username-uppercase');
651 my %search = ( 'username' => $UserName );
654 if ( ref($self) =~ /withdomain/ ) { #well...
655 $extra_sql = " AND '$Realm' = ( SELECT domain FROM svc_domain
656 WHERE svc_domain.svcnum = svc_acct.domsvc ) ";
659 my $oldAutoCommit = $FS::UID::AutoCommit; # can't undo side effects, but at
660 local $FS::UID::AutoCommit = 0; # least we can avoid over counting
663 grep { qsearch( 'export_svc', { 'exportnum' => $self->exportnum,
664 'svcpart' => $_->cust_svc->svcpart, } )
667 { 'username' => $UserName },
672 my $errinfo = "for RADIUS detail RadAcctID $RadAcctId ".
673 "(UserName $UserName, Realm $Realm)";
674 my $status = 'skipped';
676 warn "WARNING: no svc_acct record found $errinfo - skipping\n";
677 } elsif ( scalar(@svc_acct) > 1 ) {
678 warn "WARNING: multiple svc_acct records found $errinfo - skipping\n";
680 warn "found svc_acct ". $svc_acct[0]->svcnum. " $errinfo\n" if $DEBUG;
681 $svc_acct[0]->last_login($AcctStartTime);
682 $svc_acct[0]->last_logout($AcctStopTime);
684 push @stati, _try_decrement($svc_acct[0], 'seconds', $AcctSessionTime);
685 push @stati, _try_decrement($svc_acct[0], 'upbytes', $AcctInputOctets);
686 push @stati, _try_decrement($svc_acct[0], 'downbytes', $AcctOutputOctets);
687 push @stati, _try_decrement($svc_acct[0], 'totalbytes', $AcctInputOctets +
689 $status=join(' ', @stati);
692 warn "setting FreesideStatus to $status $errinfo\n" if $DEBUG;
693 my $psth = $dbh->prepare("UPDATE radacct
694 SET FreesideStatus = ?
696 ) or die $dbh->errstr;
697 $psth->execute($status, $RadAcctId) or die $psth->errstr;
699 $fdbh->commit or die $fdbh->errstr if $oldAutoCommit;
706 my ($svc_acct, $column, $amount) = @_;
707 if ( $svc_acct->$column !~ /^$/ ) {
708 warn " svc_acct.$column found (". $svc_acct->$column.
711 my $method = 'decrement_' . $column;
712 my $error = $svc_acct->$method($amount);
713 die $error if $error;
716 warn " no existing $column value for svc_acct - skipping\n" if $DEBUG;