@@ -5,6 +5,7 @@ # Works with mysql and postgresql # use POSIX; +use File::Temp; $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; $back_days = 35; @@ -42,11 +43,10 @@ if (POSIX::strftime("%Y-%m-%d %T",localtime) eq $date){ $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';"; print "$query\n"; -open TMP, ">/tmp/clean_radacct.query" - or die "Could not open tmp file\n"; -print TMP $query; -close TMP; -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh $query; +close $fh; +$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`; dialup_admin/bin/clean_radacct @@ -14,6 +14,7 @@ use Date::Manip qw(ParseDate UnixDate); use Digest::MD5; +use File::Temp; $|=1; $file=shift||'none'; @@ -29,7 +30,8 @@ $all_file=shift||'no'; # CHANGE THESE TO MATCH YOUR SETUP # #$regexp = 'from client localhost port 135|from client blabla '; -$tmpfile='/var/tmp/sql.input'; +$tmpdir=tempdir( CLEANUP => 1 ); +$tmpfile="$tmpdir/sql.input"; # $verbose = 0; # dialup_admin/bin/log_badlogins @@ -1,5 +1,6 @@ #!/usr/bin/perl use POSIX; +use File::Temp; # Log in the mtotacct table aggregated accounting information for # each user spaning in one month period. @@ -51,14 +52,13 @@ $query2 = "INSERT INTO mtotacct (UserName,AcctDate,ConnNum,ConnTotDuration, AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;"; print "$query1\n"; print "$query2\n"; -open TMP, ">/tmp/tot_stats.query" - or die "Could not open tmp file\n"; -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print TMP $query1; -print TMP $query2; -close TMP; -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +print $fh $query1; +print $fh $query2; +close $fh; +$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`; dialup_admin/bin/monthly_tot_stats @@ -1,5 +1,6 @@ #!/usr/bin/perl use POSIX; +use File::Temp; # Log in the totacct table aggregated daily accounting information for # each user. @@ -48,14 +49,13 @@ $query2 = "INSERT INTO totacct (UserName,AcctDate,ConnNum,ConnTotDuration, AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;"; print "$query1\n"; print "$query2\n"; -open TMP, ">/tmp/tot_stats.query" - or die "Could not open tmp file\n"; -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print TMP $query1; -print TMP $query2; -close TMP; -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +print $fh $query1; +print $fh $query2; +close $fh; +$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`; dialup_admin/bin/tot_stats @@ -5,6 +5,7 @@ # Works with mysql and postgresql # use POSIX; +use File::Temp; $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; $back_days = 90; @@ -44,13 +45,12 @@ $query = "LOCK TABLES $sql_accounting_table WRITE;" if ($sql_type eq 'mysql'); $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;"; $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql'); print "$query\n"; -open TMP, ">/tmp/truncate_radacct.query" - or die "Could not open tmp file\n"; -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print TMP $query; -close TMP; -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +print $fh $query; +close $fh; +$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`; dialup_admin/bin/truncate_radacct 1e85251f1014c21f3f2d7525aa8773ee925ef2a8 Alan T. DeKok aland@freeradius.org http://github.com/Antti/freeradius-server/commit/57d9720a48961b55027d50745c74cb23938f1523 57d9720a48961b55027d50745c74cb23938f1523 2008-12-02T01:15:46-08:00 2008-12-02T01:11:38-08:00 Fix for CVE-2008-4474 Dialup-admin uses tmp files insecurely. Since it isn't running in a default install, this shouldn't be a major problem. Patch from bug #605 6ff41914fd637da07bcb9931dc3f8c93c23dbd28 Alan T. DeKok aland@freeradius.org