*** empty log message ***

Author: ralfluebben

AcctScheduler.cpp

@@ -195,7 +195,6 @@ void AcctScheduler::parseStatusFile(PluginContext *context, uint64_t *bytesin, u
 
 	//open the status file to read
 	ifstream file(context->conf.getStatusFile().c_str(), ios::in);
-	
 	if (file.is_open())
 	{
 		if (DEBUG (context->getVerbosity()))

AuthenticationProcess.cpp

@@ -74,6 +74,7 @@ void AuthenticationProcess::Authentication(PluginContext * context)
 			    user->setUsername(context->authsocketforegr.recvStr());
 			    user->setPassword(context->authsocketforegr.recvStr());
 			    user->setPortnumber(context->authsocketforegr.recvInt());
+			    user->setSessionId(context->authsocketforegr.recvStr());
 			    user->setCallingStationId(context->authsocketforegr.recvStr());
 			    user->setCommonname(context->authsocketforegr.recvStr());
 				// framed-ip is an @IP if we're renegotiating, "" otherwise

ChangeLog

@@ -66,7 +66,7 @@ radiusplugin_2.0b:
 - update example config file
 - use string for config parsing
 - correct bug in Config.cpp: parameter status was detected wrong if parameter status-version parameter is used in OpenVPN config
-- don't delete client config file at CLIENT-DISCONNECT it could already a new file from a new AUTH-USER-PASS-VERIFY
+- don't delete client config file at CLIENT-DISCONNECT it could be already a new file from a new AUTH-USER-PASS-VERIFY
 - Fix segmentation fault in radiusplugin.cpp. The error occurs if an accounting request fails after a successful authentication.
 
 radiusplugin_2.0c:
@@ -75,7 +75,7 @@ radiusplugin_2.0c:
 - delete NAS port if authentication fails
 
 radiusplugin_2.0d_beta:
-- add some some headerfiles to avoid compiling errors on Fedora with gcc4
+- add some headerfiles to avoid compiling errors on Fedora with gcc4
 - close socket in radiuspacket.cpp on retries
 - add parenthesize to avoid compiler warnings 
 
@@ -93,4 +93,7 @@ radiusplugin_2.1:
 - Rewrite ACF file when the user is authenticated.
 - Include nested configfiles from main configfile.
 - Add "\r" in the configfile parser, before the carriage return was ignored.
-- Add support for RADIUS reply message, the output is sent to stderr 
+- Add support for RADIUS reply message, the output is sent to stderr 
+- Only create the client-config file, if one of attributes for it is defined.
+- Add NAS port number to the session id, it's definitely unique
+- Acct-Session-Id added to Access-Request packet (RFC2866)

Config.cpp

@@ -215,15 +215,14 @@ int Config::parseConfigFile(const char * configfile)
 						  // trim leading whitespace again
 						  pos = line.find_first_not_of(" \t");
 						  if (pos != string::npos) line.erase(0,pos);
-						  
 						  //delete the trailing version of status if there
 						  pos = line.find_first_of(delims);
 						  if (pos != string::npos) line.erase(pos);
 						  this->deletechars(&line);
-						  
 						  if(!line.empty())
 						  {
-							  this->statusfile=line;
+							    
+						    this->statusfile=line;
 						  }
 					  }	
 				  }

RadiusClass/RadiusAttribute.cpp

@@ -162,16 +162,19 @@ char * RadiusAttribute::makePasswordHash(const char *password,char * hpassword,
 
 	//build the hash	
 	if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
-// 	{ /* No other library has already initialized libgcrypt. */
-// 
-// 	  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
-// 
-// 	  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
-// 	    {
-// 		cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
-// 	    }
-// 	  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-// 	}
+	{ /* No other library has already initialized libgcrypt. */
+
+	  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
+
+	  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+	    {
+		cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
+	    }
+	    /* Disable secure memory.  */
+          gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+
+	  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+	}
 
 	gcry_md_open(&context, GCRY_MD_MD5, 0);
 	gcry_md_write(context, sharedSecret, strlen(sharedSecret));
@@ -202,17 +205,19 @@ char * RadiusAttribute::makePasswordHash(const char *password,char * hpassword,
 
 			//put the hash of the last XOR in the digest
 			//build the hash	
-// 			if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
-// 			{ /* No other library has already initialized libgcrypt. */
-// 
-// 			  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
-// 
-// 			  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
-// 			    {
-// 				cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
-// 			    }
-// 			  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-// 			}
+			if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
+			{ /* No other library has already initialized libgcrypt. */
+
+			  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
+
+			  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+			    {
+				cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
+			    }
+			  /* Disable secure memory.  */
+			  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+			  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+			}
 			gcry_md_open (&context, GCRY_MD_MD5, 0);
 			gcry_md_write(context, sharedSecret, strlen(sharedSecret));
 			gcry_md_write(context, hpassword+(k*MD5_DIGEST_LENGTH), MD5_DIGEST_LENGTH);

RadiusClass/RadiusPacket.cpp

@@ -578,17 +578,19 @@ void RadiusPacket::calcacctdigest(const char *secret)
 
 	memset((this->sendbuffer+4), 0, 16);
 	//build the hash	
-// 	if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
-// 	{ /* No other library has already initialized libgcrypt. */
-// 
-// 	  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
-// 
-// 	  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
-// 	    {
-// 		cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
-// 	    }
-// 	  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-// 	}
+	if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
+	{ /* No other library has already initialized libgcrypt. */
+
+	  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
+
+	  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+	    {
+		cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
+	    }
+	    /* Disable secure memory.  */
+          gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+	  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+	}
 	gcry_md_open (&context, GCRY_MD_MD5, 0);
 	gcry_md_write(context, this->sendbuffer, this->length);
 	gcry_md_write(context, secret, strlen(secret));
@@ -667,17 +669,19 @@ int	RadiusPacket::authenticateReceivedPacket(const char *secret)
 
 	//bulid the hash of the copy
 	//build the hash	
-// 	if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
-// 	{ /* No other library has already initialized libgcrypt. */
-// 
-// 	  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
-// 
-// 	  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
-// 	    {
-// 		cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
-// 	    }
-// 	  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-// 	}
+	if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
+	{ /* No other library has already initialized libgcrypt. */
+
+	  gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
+
+	  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+	    {
+		cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION << ", have " << gcry_check_version (NULL) << ")\n";
+	    }
+	    /* Disable secure memory.  */
+          gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+	  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
+	}
 	gcry_md_open (&context, GCRY_MD_MD5, 0);
 	gcry_md_write(context, cpy_recvpacket, this->recvbufferlen);
 	gcry_md_write(context, secret, strlen(secret));

UserAcct.cpp

@@ -32,14 +32,48 @@ UserAcct::UserAcct():User()
 	bytesout=0;
 	nextupdate=0;
 	starttime=0;
-		
 }
 
 /** The destructor. Nothing happens here.*/
 UserAcct::~UserAcct()
 {
 }
 
+/** The assignment-operator.
+ * @param u A refernece to a UserAcct.*/
+UserAcct & UserAcct::operator=(const UserAcct &u)
+{
+	
+	if (this!=&u)
+	{
+		this->User::operator=(u);
+		this->gigain=u.gigain;
+		this->gigaout=u.gigaout;
+		this->bytesin=u.bytesin;
+		this->bytesout=u.bytesout;
+		this->nextupdate=u.nextupdate;
+		this->starttime=u.starttime;
+	}
+	return *this;
+}
+
+
+
+
+/**The copy constructor, it calls first the copy constructor
+ * of the User class.
+ * @param UserAcct u : A reference to an UserAcct object.*/
+UserAcct::UserAcct(const UserAcct &u):User(u)
+{
+	this->gigain=u.gigain;
+	this->gigaout=u.gigaout;
+	this->bytesin=u.bytesin;
+	this->bytesout=u.bytesout;
+	this->nextupdate=u.nextupdate;
+	this->starttime=u.starttime;
+	
+}
+
 /** The method sends an accounting update packet for the user to the radius server.
  * The accounting information are read from the OpenVpn
  * status file. The following attributes are sent to the radius server:
@@ -859,58 +893,7 @@ void UserAcct::addSystemRoutes(PluginContext * context)
 
 }
 
-/** The assignment-operator.
- * @param u A refernece to a UserAcct.*/
-UserAcct & UserAcct::operator=(const UserAcct &u)
-{
-	
-	if (this!=&u)
-	{
-		this->sessionid=u.sessionid;
-		//this->servicetype=u.servicetype;
-		
-		this->gigain=u.gigain;
-		this->gigaout=u.gigaout;
-		this->bytesin=u.bytesin;
-		this->bytesout=u.bytesout;
-		this->nextupdate=u.nextupdate;
-		this->starttime=u.starttime;
-	}
-	return *this;
-}
-
-
 
-/**The copy constructor, it calls first the copy constructor
- * of the User class.
- * @param UserAcct u : A reference to an UserAcct object.*/
-UserAcct::UserAcct(const UserAcct &u):User(u)
-{
-	
-	this->sessionid=u.sessionid;
-	//this->servicetype=u.servicetype;
-	
-	this->gigain=u.gigain;
-	this->gigaout=u.gigaout;
-	this->bytesin=u.bytesin;
-	this->bytesout=u.bytesout;
-	this->nextupdate=u.nextupdate;
-	this->starttime=u.starttime;
-	
-}
-
-/** The getter method for the sessionid.
- * @return An integer of the sessionid.*/
-string UserAcct::getSessionId(void)
-{
-	return this->sessionid;
-}
-/**The setter method for the sessionid.
- * @param id The session id.*/
-void UserAcct::setSessionId(string id)
-{
-	this->sessionid=id;
-}
 
 
 /** The getter method for the gigain variable.
@@ -995,7 +978,7 @@ int UserAcct::deleteCcdFile(PluginContext * context)
 {
 	string filename;
 	filename = context->conf.getCcdPath()+ this->getCommonname();
-	if(context->conf.getOverWriteCCFiles())
+	if(context->conf.getOverWriteCCFiles()==true && (this->getFramedIp().length() > 0 || this->getFramedRoutes().length() > 0))
 	{
 		remove(filename.c_str());
 	}

UserAcct.h

@@ -38,7 +38,6 @@
 class UserAcct : public User
 {
 private:
-	string sessionid;		/**< The sessionid of the user.*/
 	uint32_t gigain;		/**< The received bytes.*/
 	uint32_t gigaout;		/**< The sent bytes.*/
 	uint32_t bytesin;		/**< The received bytes.*/
@@ -53,9 +52,6 @@ class UserAcct : public User
 	UserAcct();
 	~UserAcct();
 
-	string getSessionId(void);
-	void setSessionId(string);
-	
 	int getServiceType(void);
 	void setServiceType(int);
 

UserPlugin.h

@@ -36,9 +36,8 @@ class UserPlugin : public User
 {
 private:
 	string password;	/**<The user password.*/
-	string sessionid;	/**<The user sessionid.*/
         string authcontrolfile; /**<The auth control file of the user.*/
-	bool authenticated; /**<Indicates if a user is authenticated.*/
+	bool authenticated; 	/**<Indicates if a user is authenticated.*/
 	bool accounted;		/**<Indicates if a user is accounted.*/