Permalink
Browse files

radiusplugin_v2.1_beta.tar.gz

  • Loading branch information...
0 parents commit 53fc9209be0f86b83546aab7d1cff3145413d836 @squadette committed May 4, 2009
Showing with 24,847 additions and 0 deletions.
  1. +495 −0 AccountingProcess.cpp
  2. +39 −0 AccountingProcess.h
  3. +257 −0 AcctScheduler.cpp
  4. +68 −0 AcctScheduler.h
  5. +167 −0 AuthenticationProcess.cpp
  6. +37 −0 AuthenticationProcess.h
  7. +340 −0 COPYING
  8. +90 −0 ChangeLog
  9. +479 −0 Config.cpp
  10. +102 −0 Config.h
  11. +283 −0 Doxyfile
  12. +70 −0 Exception.cpp
  13. +51 −0 Exception.h
  14. +227 −0 IpcSocket.cpp
  15. +71 −0 IpcSocket.h
  16. +47 −0 Makefile
  17. +289 −0 PluginContext.cpp
  18. +138 −0 PluginContext.h
  19. +221 −0 README
  20. +26 −0 RadiusClass/Changelog
  21. +32 −0 RadiusClass/README
  22. +541 −0 RadiusClass/RadiusAttribute.cpp
  23. +81 −0 RadiusClass/RadiusAttribute.h
  24. +365 −0 RadiusClass/RadiusConfig.cpp
  25. +91 −0 RadiusClass/RadiusConfig.h
  26. +676 −0 RadiusClass/RadiusPacket.cpp
  27. +114 −0 RadiusClass/RadiusPacket.h
  28. +201 −0 RadiusClass/RadiusServer.cpp
  29. +71 −0 RadiusClass/RadiusServer.h
  30. +288 −0 RadiusClass/RadiusVendorSpecificAttribute.cpp
  31. +84 −0 RadiusClass/RadiusVendorSpecificAttribute.h
  32. +1,217 −0 RadiusClass/doxygen.conf
  33. +44 −0 RadiusClass/error.h
  34. +25 −0 RadiusClass/exampleconfig
  35. +771 −0 RadiusClass/main.cpp
  36. +155 −0 RadiusClass/radius.h
  37. +2,682 −0 RadiusClass/utilities/dictionary
  38. +2,721 −0 RadiusClass/utilities/vsa.h
  39. +1,159 −0 RadiusClass/utilities/vsa_if_statements.txt
  40. +198 −0 RadiusClass/utilities/vsahelper.pl
  41. +2,721 −0 RadiusClass/vsa.h
  42. +21 −0 ToDo
  43. +302 −0 User.cpp
  44. +104 −0 User.h
  45. +1,008 −0 UserAcct.cpp
  46. +93 −0 UserAcct.h
  47. +1,748 −0 UserAuth.cpp
  48. +68 −0 UserAuth.h
  49. +152 −0 UserPlugin.cpp
  50. +72 −0 UserPlugin.h
  51. +8 −0 clean.sh
  52. +1,219 −0 doxygen.conf
  53. 0 log.txt
  54. +272 −0 main.cpp
  55. +465 −0 openvpn-plugin.h
  56. +84 −0 radiusplugin.cnf
  57. +1,180 −0 radiusplugin.cpp
  58. +117 −0 radiusplugin.h
  59. +200 −0 vsascript.pl
495 AccountingProcess.cpp
@@ -0,0 +1,495 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "AccountingProcess.h"
+
+/** This method is the background process for accounting. It is in a endless loop
+ * until it gets a exit command. In the loop the process is
+ * waiting for a command from the foregroundprocess (USER_ADD, USER_DEL, EXIT).
+ * If no command is arrived in an interval of 0,5s the accounting is done
+ * for all users who need a update. The interval is 0,5s because every second
+ * a user can connect with an unknown interval, so this interval must be shorter.
+ * @param context The plugin context as object from the class PluginContext.
+ */
+
+void AccountingProcess::Accounting(PluginContext * context)
+{
+ UserAcct *user=NULL; //The user for acconting.
+ int command, //The command from foreground process.
+ result; //The result from the socket.
+ string key; //The unique key.
+ AcctScheduler scheduler; //The scheduler for the accounting.
+ fd_set set; //A set for the select function.
+ struct timeval tv; //A timeinterval for the select funtion.
+
+
+
+
+ //Tell the parent everythink is ok.
+ try
+ {
+ context->acctsocketforegr.send(RESPONSE_INIT_SUCCEEDED);
+ }
+ catch (Exception &e)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT:" << e <<"\n";
+ goto done;
+ }
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Started, RESPONSE_INIT_SUCCEEDED was sent to Foreground Process.\n";
+
+
+ // Event loop
+ while (1)
+ {
+ //create the informations for the result function
+ tv.tv_sec = 0;
+ tv.tv_usec = 500000; //wait 0,5s
+ FD_ZERO(&set); // clear out the set
+ FD_SET(context->acctsocketforegr.getSocket(), &set); // wait only on the socket from the foreground process
+ result = select(FD_SETSIZE, &set, NULL, NULL, &tv);
+
+ //if there is a data on the socket
+ if (result>0)
+ {
+ // get a command from foreground process
+ command = context->acctsocketforegr.recvInt();
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Get a command.\n";
+
+ switch (command)
+ {
+ //add a new user to the scheduler
+ case ADD_USER:
+ try
+ {
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: New User.\n";
+
+ //allocate memory
+ user= new UserAcct;
+
+ //get the information from the foreground process
+ user->setUsername(context->acctsocketforegr.recvStr());
+ user->setSessionId(context->acctsocketforegr.recvStr()) ;
+ user->setPortnumber(context->acctsocketforegr.recvInt());
+ user->setCallingStationId(context->acctsocketforegr.recvStr());
+ user->setFramedIp(context->acctsocketforegr.recvStr());
+ user->setCommonname(context->acctsocketforegr.recvStr());
+ user->setAcctInterimInterval(context->acctsocketforegr.recvInt());
+ user->setFramedRoutes(context->acctsocketforegr.recvStr());
+ user->setKey(context->acctsocketforegr.recvStr());
+ user->setUntrustedPort(context->acctsocketforegr.recvStr());
+ context->acctsocketforegr.recvBuf(user);
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: New user acct: username: " << user->getUsername() << ", interval: " << user->getAcctInterimInterval() << ", calling station: " << user->getCallingStationId() << ", commonname: " << user->getCommonname() << ", framed ip: " << user->getFramedIp() <<".\n";
+
+
+ //set the starttime
+ user->setStarttime(time(NULL));
+
+ //calculate the nextupdate
+ user->setNextUpdate(user->getStarttime()+user->getAcctInterimInterval());
+
+ //send the start packet
+ if (user->sendStartPacket(context)==0)
+ {
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Start packet was send.\n";
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: User was added to accounting scheduler.\n";
+
+ //set the system routes
+ user->addSystemRoutes(context);
+
+
+ string script = context->conf.getVsaScript();
+ //execute vendor specific attribute script
+ if(script.length() > 0)
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Call vendor specific attribute script.\n";
+ if(callVsaScript(context, user, 1, 0) != 0)
+ {
+ throw Exception("Vendor specific attribute script failed.\n");
+ }
+ }
+
+ //add the user to the scheduler
+ scheduler.addUser(user);
+ //send the ok to the parent process
+ context->acctsocketforegr.send(RESPONSE_SUCCEEDED);
+
+ }
+ else
+ {
+ //delete the ccd file which was created at authentication
+ //user->deleteCcdFile(context);
+ //tell the parent parent process something is wrong
+ throw Exception("Start packet couldn't send.\n");
+
+ }
+ // free the user, he was copied to the accounting scheduler list
+
+ }
+ catch (Exception &e)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: "<< e << "!\n";
+ context->acctsocketforegr.send(RESPONSE_FAILED);
+ //close the background process, if the ipc socket is bad
+ if (e.getErrnum()==Exception::SOCKETSEND || e.getErrnum()==Exception::SOCKETRECV)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Error in socket!\n";
+ goto done;
+ }
+ }
+ catch (...)
+ {
+ context->acctsocketforegr.send(RESPONSE_FAILED);
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Unknown Exception!\n";
+ }
+ delete user;
+ break;
+
+ //delete a user
+ case DEL_USER:
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Delete user from accounting.\n";
+
+ //receive the information
+ try
+ {
+ key=context->acctsocketforegr.recvStr();
+ }
+ catch(Exception &e)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: "<< e << "!\n";
+ //close the background process, if the ipc socket is bad
+ if (e.getErrnum()==Exception::SOCKETSEND || e.getErrnum()==Exception::SOCKETRECV)
+ {
+ goto done;
+ }
+ }
+ catch (...)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Unknown Exception!\n";
+ }
+
+ //find the user, he must be already there
+ user=scheduler.findUser(key.c_str());
+
+ if (user)
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Stop acct: username: " << user->getUsername()<< ", calling station: " << user->getCallingStationId()<< ", commonname: " << user->getCommonname() << ".\n";
+
+ //delete the system routes
+ user->delSystemRoutes(context);
+
+ //delete the ccd file which was created at authentication
+ //user->deleteCcdFile(context);
+
+ string script = context->conf.getVsaScript();
+ //execute vendor specific attribute script
+ if(script.length() > 0)
+ {
+ //string command= context->conf.getVsaScript() + string(" ") + string("ACTION=CLIENT_CONNECT")+string(" ")+string("USERNAME=")+user->getUsername()+string(" ")+string("COMMONNAME=")+user->getCommonname()+string(" ")+string("UNTRUSTED_IP=")+user->getCallingStationId() + string(" ") + string("UNTRUSTED_PORT=") + user->getUntrustedPort() + user->getVsaString();
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Call vendor specific attribute script.\n";
+ if(callVsaScript(context, user, 1, 0) != 0)
+ {
+ throw Exception("Vendor specific attribute script failed.\n");
+ }
+ }
+
+ try
+ {
+ //delete the user from the accounting scheduler
+ scheduler.delUser(context, user);
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: User with key: " << key << " was deleted from accouting.\n";
+
+ //send the parent process the ok
+ context->acctsocketforegr.send(RESPONSE_SUCCEEDED);
+
+
+ }
+ catch(Exception &e)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: " << e << "\n";
+ goto done;
+ }
+ catch (...)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Unknown Exception!\n";
+ }
+ }
+ else
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: No user with this key "<< key <<".\n";
+ context->acctsocketforegr.send(RESPONSE_FAILED);
+
+ }
+ break;
+
+ //exit the loop
+ case COMMAND_EXIT:
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Get command exit.\n";
+ goto done;
+
+ case -1:
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND: read error on command channel.\n";
+ break;
+
+ default:
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND: unknown command code: code= "<< command <<", exiting.\n";
+ goto done;
+
+
+ }
+ }
+ //after 0,5sec without a command call the scheduler
+ scheduler.doAccounting(context);
+
+ }
+ done:
+ //end the process
+ if(1)
+ scheduler.delallUsers(context);
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: EXIT\n";
+ return;
+}
+
+/** This method executes the program for the vendor specific attributes and pass
+ * attributes to the program and vendor specific attributes as a buffer
+ * to the program.
+ * Attributes Code for decoding
+ *
+ * string username => 101
+ * string commonname => 102
+ * string framedip => 103
+ * string callingstationid => 104
+ * string untrustedport => 105
+ * string framedroutes => 106
+ * Octet vsabuf => 107
+ * The code is used for decoding in the additional program. The vsabuf must be decode also in the program.
+ * Example: vsascript.pl
+ * @param context The PluginContext
+ * @param user The user for which the script is executed.
+ * @param action Action: 0 => Authentication, 1 => Client-Connect, 2 => Client-Disconnect
+ * @param rekeying If equal 1 this is a rekeying.
+ * @return -1 in case of error, else 0
+ */
+
+int AccountingProcess::callVsaScript(PluginContext * context, User * user, unsigned int action, unsigned int rekeying)
+{
+ char * route;
+ int buflen = 3 * sizeof(int);
+ if (user->getUsername().length() != 0)
+ {
+ buflen=buflen+user->getUsername().length()+2*sizeof(int);
+ }
+ if (user->getCommonname().length() != 0)
+ {
+ buflen=buflen+user->getCommonname().length()+2*sizeof(int);
+ }
+ if (user->getFramedIp().length() != 0)
+ {
+ buflen=buflen+user->getFramedIp().length()+2*sizeof(int);
+ }
+ if (user->getCallingStationId().length() != 0)
+ {
+ buflen=buflen+user->getCallingStationId().length()+2*sizeof(int);
+ }
+ if (user->getUntrustedPort().length() != 0)
+ {
+ buflen=buflen+user->getUntrustedPort().length()+2*sizeof(int);
+ }
+ if (user->getVsaBufLen() != 0)
+ {
+ buflen=buflen+user->getVsaBufLen() +2*sizeof(int);
+ }
+
+ char routes[user->getFramedRoutes().length()+1];
+ strncpy(routes, user->getFramedRoutes().c_str(), user->getFramedRoutes().length());
+ routes[user->getFramedRoutes().length()]=0;
+ if((route = strtok(routes,";")) != NULL)
+ {
+ buflen=buflen+strlen(route)+2*sizeof(int);
+ while((route = strtok(NULL,";"))!= NULL)
+ {
+ buflen=buflen+strlen(route)+2*sizeof(int);
+ }
+ }
+
+ Octet * buf = new Octet[buflen];
+ unsigned int value = htonl(action);
+ memcpy(buf,&value, 4);
+
+ value = htonl(rekeying);
+ memcpy(buf+4,&value, 4);
+
+ value = htonl(buflen);
+ memcpy(buf+8,&value, 4);
+
+ int i=12;
+
+ if (user->getUsername().length() != 0)
+ {
+ value = htonl(101);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(user->getUsername().length());
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy( buf+i, user->getUsername().c_str(),user->getUsername().length());
+ i=i+user->getUsername().length();
+ }
+ if (user->getCommonname().length() != 0)
+ {
+ value = htonl(102);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(user->getCommonname().length());
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy( buf+i, user->getCommonname().c_str(),user->getCommonname().length());
+ i=i+user->getCommonname().length();
+ }
+ if (user->getFramedIp().length() != 0)
+ {
+ value = htonl(103);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(user->getFramedIp().length());
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy( buf+i, user->getFramedIp().c_str(),user->getFramedIp().length());
+ i=i+user->getFramedIp().length();
+ }
+ if (user->getCallingStationId().length() != 0)
+ {
+ value = htonl(104);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(user->getCallingStationId().length());
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy( buf+i, user->getCallingStationId().c_str(),user->getCallingStationId().length());
+ i=i+user->getCallingStationId().length();
+ }
+ if (user->getUntrustedPort().length() != 0)
+ {
+ value = htonl(105);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(user->getUntrustedPort().length());
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy( buf+i, user->getUntrustedPort().c_str(),user->getUntrustedPort().length());
+ i=i+user->getUntrustedPort().length();
+ }
+ strncpy(routes, user->getFramedRoutes().c_str(), user->getFramedRoutes().length());
+
+ routes[user->getFramedRoutes().length()]=0;
+ if((route = strtok(routes,";")) != NULL)
+ {
+ value = htonl(106);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(strlen(route));
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy(buf+i, route, strlen(route));
+ i=i+strlen(route);
+ while((route = strtok(NULL,";"))!= NULL)
+ {
+ value = htonl(106);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(strlen(route));
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy(buf+i, route, strlen(route));
+ i=i+strlen(route);
+ }
+ }
+
+ if (user->getVsaBufLen() != 0)
+ {
+ value = htonl(107);
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ value = htonl(user->getVsaBufLen());
+ memcpy(buf+i,&value, 4);
+ i+=4;
+ memcpy(buf+i, user->getVsaBuf(),user->getVsaBufLen());
+ i=i+user->getVsaBufLen();
+ }
+
+
+ if(mkfifo(context->conf.getVsaNamedPipe().c_str(), 0600)== -1)
+ {
+ /* FIFO bereits vorhanden - kein fataler Fehler */
+ if(errno == EEXIST)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN:FIFO already exist.";
+ }
+ else
+ {
+ cerr << getTime() <<"RADIUS-PLUGIN: Error in mkfifio()";
+ return -1;
+ }
+ }
+ int fd_fifo=open(context->conf.getVsaNamedPipe().c_str(), O_RDWR | O_NONBLOCK);
+
+ if (fd_fifo == -1)
+ {
+ cerr << getTime() <<"RADIUS-PLUGIN: Error in opening pipe to VSAScript.";
+ return -1;
+ }
+ string exe=string(context->conf.getVsaScript()) + " " + string(context->conf.getVsaNamedPipe());
+ if (write (fd_fifo, buf, buflen) != buflen)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: Could not write in Pipe to VSAScript!";
+ return -1;
+ }
+
+ if(system(exe.c_str())!=0)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: Error in VSAScript!";
+ return -1;
+ }
+ close(fd_fifo);
+
+ delete [] buf;
+ return 0;
+}
+
+
39 AccountingProcess.h
@@ -0,0 +1,39 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _ACCOUNTINGPROCESS_H_
+#define _ACCOUNTINGPROCESS_H_
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "PluginContext.h"
+#include "UserAcct.h"
+#include "AcctScheduler.h"
+#include "radiusplugin.h"
+
+/** The class represents the background process for accounting. */
+class AccountingProcess
+{
+public:
+ void Accounting(PluginContext *);
+ int callVsaScript(PluginContext *, User *, unsigned int , unsigned int);
+};
+
+#endif //_ACCOUNTINGPROCESS_H_
257 AcctScheduler.cpp
@@ -0,0 +1,257 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "AcctScheduler.h"
+#include "PluginContext.h"
+#include "RadiusClass/RadiusConfig.h"
+#include "Config.h"
+#include "radiusplugin.h"
+
+
+
+
+using namespace std;
+
+/** The constructor of the class.
+ * Nothing happens here.
+ */
+
+AcctScheduler::AcctScheduler()
+{
+}
+
+/**The destructor of the class.
+ * The user lists are cleared here.
+ */
+AcctScheduler::~AcctScheduler()
+{
+ activeuserlist.clear();
+ passiveuserlist.clear();
+}
+
+/** The method adds an user to the user lists. An user with an acct interim
+ * interval is added to the activeuserlist, an user
+ * without this interval is added to passiveuserlist.
+ * @param user A pointer to an object from the class UserAcct.
+ */
+void AcctScheduler::addUser(UserAcct *user)
+{
+ if (user->getAcctInterimInterval()==0)
+ {
+
+ this->passiveuserlist.insert(make_pair(user->getKey(),*user));
+ }
+ else
+ {
+ this->activeuserlist.insert(make_pair(user->getKey(),*user));
+ }
+}
+
+/** The method deletes an user from the user lists. Before
+ * the user is deleted the status file is parsed for the sent and received bytes
+ * and the stop accouting ticket is send to the server.
+ * @param context The plugin context as an object from the class PluginContext.
+ * @param user A pointer to an object from the class UserAcct
+ */
+void AcctScheduler::delUser(PluginContext * context, UserAcct *user)
+{
+ uint64_t bytesin=0, bytesout=0;
+
+ //get the sent and received bytes
+ this->parseStatusFile(context, &bytesin, &bytesout,user->getKey().c_str());
+
+ user->setBytesIn(bytesin & 0xFFFFFFFF);
+ user->setBytesOut(bytesout & 0xFFFFFFFF);
+ user->setGigaIn(bytesin >> 32);
+ user->setGigaOut(bytesout >> 32);
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Got accouting data from file, CN: " << user->getCommonname() << " in: " << user->getBytesIn() << " out: " << user->getBytesOut() << ".\n";
+
+
+ //send the stop ticket
+ if (user->sendStopPacket(context)==0)
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Stop packet was sent. CN: " << user->getCommonname() << ".\n";
+ }
+ else
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Error on sending stop packet.";
+ }
+
+ if (user->getAcctInterimInterval()==0)
+ {
+ passiveuserlist.erase(user->getKey());
+ }
+ else
+ {
+
+ activeuserlist.erase(user->getKey());
+ }
+
+}
+
+
+/** The method deletes all users from the user lists. Before
+ * the user is deleted the status file is parsed for the sent and received bytes
+ * and the stop accouting ticket is send to the server.
+ * @param context The plugin context as an object from the class PluginContext.
+ */
+void AcctScheduler::delallUsers(PluginContext * context)
+{
+ map<string, UserAcct>::iterator iter1, iter2;
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Delete all users.";
+ iter1=activeuserlist.begin();
+ iter2=activeuserlist.end();
+
+
+ while (iter1!=iter2)
+ {
+ this->delUser(context,&(iter1->second));
+ iter1++;
+ }
+
+}
+
+/** The accouting method. When the method is called it
+ * searches for users in activeuserlist for users who need an update.
+ * If a user is found the sent and received bytes are read from the
+ * OpenVpn status file.
+ * @param context The plugin context as an object from the class PluginContext.
+ */
+
+void AcctScheduler::doAccounting(PluginContext * context)
+{
+ time_t t;
+
+ uint64_t bytesin=0, bytesout=0;
+ map<string, UserAcct>::iterator iter1, iter2;
+
+
+ iter1=activeuserlist.begin();
+ iter2=activeuserlist.end();
+
+
+ while (iter1!=iter2)
+ {
+ //get the time
+ time(&t);
+ //if the user needs an update
+ if ( t>=iter1->second.getNextUpdate())
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Scheduler: Update for User " << iter1->second.getUsername() << ".\n";
+
+ this->parseStatusFile(context, &bytesin, &bytesout,iter1->second.getKey().c_str());
+ iter1->second.setBytesIn(bytesin & 0xFFFFFFFF);
+ iter1->second.setBytesOut(bytesout & 0xFFFFFFFF);
+ iter1->second.setGigaIn(bytesin >> 32);
+ iter1->second.setGigaOut(bytesout >> 32);
+ iter1->second.sendUpdatePacket(context);
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Scheduler: Update packet for User " << iter1->second.getUsername() << " was send.\n";
+
+ //calculate the next update
+ iter1->second.setNextUpdate(iter1->second.getNextUpdate()+iter1->second.getAcctInterimInterval());
+ }
+ iter1++;
+ }
+}
+
+/**The method parses the status file for accounting information. It reads the bytes sent
+ * and received from the status file. It finds the values about the commonname. The method will
+ * only work if there are no changes in the structure of the status file.
+ * The method is test with OpenVpn 2.0.
+ * @param context The plugin context as an object from the class PluginContext.
+ * @param bytesin An int pointer for the received bytes.
+ * @param bytesout An int pointer for the sent bytes.
+ * @param key A key which identifies the row in the statusfile, it looks like: "commonname,ip:port".
+ */
+void AcctScheduler::parseStatusFile(PluginContext *context, uint64_t *bytesin, uint64_t *bytesout, string key)
+{
+ char line[512], newline[512];
+ memset(newline, 0, 512);
+
+ //open the status file to read
+ ifstream file(context->conf.getStatusFile().c_str(), ios::in);
+
+ if (file.is_open())
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: Scheduler: Read Statusfile.\n";
+
+ //find the key, is delimited with a ',' from the informations
+
+ //loop until the name is found, there is no delimiter, the string
+ //"ROUTING TABLE" is found or EOF
+
+ do
+ {
+ file.getline(line, 512);
+
+ }
+ while (line!=NULL && strncmp(line,key.c_str(),key.length())!=0 && strcmp(line,"ROUTING TABLE")!=0 && file.eof()==false);
+
+
+ //the information is after the next delimiters
+ if (line!=NULL && strncmp(line,key.c_str(),key.length())==0)
+ {
+ memcpy(newline, line+key.length(), strlen(line)-key.length()+1);
+ *bytesin=strtoull(strtok(newline,","),NULL,10);
+ *bytesout=strtoull(strtok(NULL,","),NULL,10);
+ }
+ else
+ {
+
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND ACCT: No accounting data was found for "<< key <<".\n";
+
+ }
+ file.close();
+ }
+ else
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Statusfile "<< context->conf.getStatusFile() <<" could not opened.\n";
+ }
+}
+
+/** The method finds an user.
+ * @param key The commonname of the user to find.
+ * @return A poniter to an object of the class UserAcct.
+ */
+UserAcct * AcctScheduler::findUser(string key)
+{
+ map<string, UserAcct>::iterator iter;
+ iter=activeuserlist.find(key);
+ if (iter!=activeuserlist.end())
+ {
+ return &(iter->second);
+ }
+ iter=passiveuserlist.find(key);
+ if (iter!=passiveuserlist.end())
+ {
+ return &(iter->second);
+ }
+
+ return NULL;
+}
68 AcctScheduler.h
@@ -0,0 +1,68 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _ACCT_SCHEDULER_H_
+#define _ACCT_SCHEDULER_H_
+
+#include <ctime>
+#include <cstdlib>
+#include <cstring>
+#include <cstdio>
+
+#include <iostream>
+#include <map>
+#include <fstream>
+#include "UserAcct.h"
+
+using std::map;
+
+/**The class is a scheduler for accounting radius users. It calculates the
+ * accounting interval if the ACCT-INTERIM-INTERVAL was present in the
+ * authentication response from the radius server.
+ * The start and stop accounting ticket are always sent for a user
+ * which is added to the scheduler.
+ * For the update and stop accounting ticket the sent and received bytes
+ * are read out of the OpenVpn status file.
+ */
+
+
+class AcctScheduler
+{
+
+private:
+ map<string, UserAcct> activeuserlist; /**<The map for user with a acct interim interval.*/
+ map<string, UserAcct> passiveuserlist; /**<The map for user without a acct interim interval.*/
+
+public:
+ AcctScheduler();
+ ~AcctScheduler();
+
+ void addUser(UserAcct *user);
+ void delUser(PluginContext * context, UserAcct *user);
+ void delallUsers(PluginContext * context);
+
+ UserAcct * findUser(string);
+
+ void doAccounting(PluginContext *);
+
+ void parseStatusFile(PluginContext *, uint64_t *, uint64_t *,string);
+};
+#endif //_ACCT_SCHEDULER_H_
167 AuthenticationProcess.cpp
@@ -0,0 +1,167 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+
+
+#include "AuthenticationProcess.h"
+
+/** This method is the background process for authentication.
+ * After it is called it is in a endless loop until it get's an EXIT-command.
+ * Otherwise it waits the command COMMAND_VERIFY to authenticate
+ * an user. It authenticates the user with the radius protocol and
+ * sends the result back to the foreground process. If the response
+ * is an access accept ticket,
+ * it parses the response from the radius server for the following attributes and
+ * send them to the foregroundprocess too.:
+ * - FramedIpAddress
+ * - FramedRoutes
+ * - AcctInterimInterval
+ * @param context The plugin context as an object from the class PluginContext.
+ */
+
+
+void AuthenticationProcess::Authentication(PluginContext * context)
+{
+ UserAuth * user; /**<The user to authenticate.*/
+ int command; /**<A command from the parent process.*/
+
+ //Tell the parent everythink is ok.
+ try
+ {
+ context->authsocketforegr.send(RESPONSE_INIT_SUCCEEDED);
+ }
+ catch(Exception &e)
+ {
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH:" << e <<"\n";
+ goto done;
+ }
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: Started, RESPONSE_INIT_SUCCEEDED was sent to Foreground Process.\n";
+ // Event loop
+ while (1)
+ {
+ // get a command from foreground process
+ command = context->authsocketforegr.recvInt();
+
+ switch (command)
+ {
+ //authenticate the user
+ case COMMAND_VERIFY:
+ //allcoate memory for the new user
+ user=new UserAuth;
+
+ try
+ {
+ //get the user informations
+ user->setUsername(context->authsocketforegr.recvStr());
+ user->setPassword(context->authsocketforegr.recvStr());
+ user->setPortnumber(context->authsocketforegr.recvInt());
+ user->setCallingStationId(context->authsocketforegr.recvStr());
+ user->setCommonname(context->authsocketforegr.recvStr());
+ // framed-ip is an @IP if we're renegotiating, "" otherwise
+ user->setFramedIp(context->authsocketforegr.recvStr());
+
+ if (DEBUG (context->getVerbosity()) && (user->getFramedIp().compare("") == 0))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: New user auth: username: " << user->getUsername() << ", password: *****, calling station: " << user->getCallingStationId() << ", commonname: " << user->getCommonname() << ".\n";
+
+ if (DEBUG (context->getVerbosity()) && (user->getFramedIp().compare("") !=0 ))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: Old user ReAuth: username: " << user->getUsername() << ", password: *****, calling station: " << user->getCallingStationId() << ", commonname: " << user->getCommonname() << ".\n";
+
+ //send the AcceptRequestPacket
+ if (user->sendAcceptRequestPacket(context)==0) /* Succeeded */
+ {
+ //if the authentication succeeded
+ //create the user configuration file
+ //Unless this is a renegotiation (ie: if FramedIP is already set)
+ if (user->createCcdFile(context)>0 && (user->getFramedIp().compare("") == 0))
+ {
+ throw Exception ("RADIUS-PLUGIN: BACKGROUND AUTH: Ccd-file could not created for user with commonname: "+user->getCommonname()+"!\n");
+ }
+
+ //tell the parent process
+ context->authsocketforegr.send(RESPONSE_SUCCEEDED);
+
+ //send the routes to the parent process
+ context->authsocketforegr.send(user->getFramedRoutes());
+
+ //send the framed ip to the parent process
+ context->authsocketforegr.send(user->getFramedIp());
+
+ //send the interval to the parent process
+ context->authsocketforegr.send(user->getAcctInterimInterval());
+
+ //send the vsa buffer
+ context->authsocketforegr.send(user->getVsaBuf(), user->getVsaBufLen());
+
+
+ //free user_context_auth
+ delete user;
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: Auth succeeded in radius_server().\n";
+
+
+
+ }
+ else /* Failed */
+ {
+ context->authsocketforegr.send(RESPONSE_FAILED);
+ throw Exception("RADIUS-PLUGIN: BACKGROUND AUTH: Auth failed!.\n");
+ }
+ }
+ catch (Exception &e)
+ {
+ cerr << getTime() << e;
+ delete user;
+ if (e.getErrnum()==Exception::SOCKETSEND || e.getErrnum()==Exception::SOCKETRECV)
+ {
+ goto done;
+ }
+ }
+ catch (...)
+ {
+ delete user;
+ goto done;
+ }
+
+ break;
+
+ //exit the loop
+ case COMMAND_EXIT:
+ goto done;
+
+ case -1:
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: read error on command channel.\n";
+ break;
+
+ default:
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: unknown command code: code="<<command<<", exiting.\n";
+ goto done;
+ }
+ }
+ done:
+
+ if (1)
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: EXIT\n";
+
+ return;
+}
+
37 AuthenticationProcess.h
@@ -0,0 +1,37 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _AUTHENTICATIONPROCESS_H_
+#define _AUTHENTICATIONPROCESS_H_
+#include "PluginContext.h"
+#include "UserAuth.h"
+#include "radiusplugin.h"
+
+/**The class represents the background process for authentication.*/
+
+class AuthenticationProcess
+{
+public:
+ void Authentication(PluginContext *);
+};
+
+#endif //_AUTHENTICATIONPROCESS_H_
+
340 COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
90 ChangeLog
@@ -0,0 +1,90 @@
+radiusplugin_v1.1a:
+- Standard configfile: /etc/openvon/radiusplugin.cnf.
+- #include <unistd.h> in IpcSocket.h, is needed for compiling on some systems.
+- Correct README: A configfile must set with "-c configfile".
+- Correct fprintf statement in UserAuth.cpp (line 300).
+- Set debug level from 7 to 5.
+
+radiusplugin_v1.1.a (5.1.06):
+- correct calculate of ipaddress for ifconfig-push in UserAuth::createCcdFile()
+- FramedIpAddress-Attribute is set to the IP address OpenVPN is assigned to the client,
+ the address is read from ENVP-Array with name ifconfig_pool_remote_ip and set to
+ FramedIpAddress-Attribute at client connect. (radiusplugin.cpp, openvpn_plugin_func_v1(), part: CLIENT_CONNECT)
+- suppert for topology option (OpenVPN 2.0.1)
+ - read from configfile parameters subnet, p2p
+ - add parameters in config with getters, setters and modify constructors and destructor
+ - modify UserAuth::createCcdFile to set the right topology option
+
+radiusplugin_1.2:
+- use libgcrypt instead openssl (for gpl compability)
+- checking of the authenticator field from received packets
+- correct error on deleting users without an acct-interim-interval in AcctScheduler.cpp::findUser()
+- send message to foreground process if no user was found (else the plugin hangs)
+
+radiusplugin_1.2a:
+- correct error if a user connects again, if he is still known by the plugin, now the user can't reconnect if he is known by the plugin
+- Change GPL text
+- add COPYING file
+
+radiusplugin_1.2b:
+- correct error: don't disconnect at rekeying/renegotiation
+
+radiusplugin_1.2c:
+- new algorithm to generate Acct-Session-ID, so it should be unique ever, see createSessionID in radiusplugin.cpp
+
+radiusplugin_1.2d:
+- option in OpenVPN config file is now: "plugin /etc/openvpn/radiusplugin.so [configfile]
+- correct bug: close of configfile was missing
+
+radiusplugin_1.2e:
+- use RadiusClass_v1.1a for more machine independance (big endian/little endian)
+- use send()/recvInt() instead of sendCode()/recvCode() for internal socket communication
+
+radiusplugin_2.0:
+- new features:
+ - support of vendor specific attributes with example perl script
+ - support for OpenVPN options: dupliate-cn, client-cert-not-required, username-as-commonname
+ - comments allowd in config file
+ - parsing of OpenVPN config file for options (see radiusplugin.cnf)
+- fixed bugs:
+ - crash on rekeying if no radius server respond
+ - framed ip is sent in access request packets if the client already has one (at rekeying), for dynamical key assignment through the radius server, so it will not send a new one
+ - passwords and sharedsecret are shown as ****** in the logs
+
+radiusplugin_2.0a:
+- fix error in IpcSocket.h,
+ bad function name: void IpcSocket::recvBuf(User *) -> void recvBuf(User *);
+
+radiusplugin_2.0b:
+- fixed datatypes from int to uint32_t/uint64_t to prevent overflows above 2^31
+- added support for gigawords
+- added a Makefile
+- correct bug in parsing config files
+- add new config variable overwriteccfiles, allows the plugin to overwrite client config files if set to true
+- update some documentation
+- correct parsing of ip address in RadiusAttribute.cpp in setValue for data type IPADDRESS
+- update example config file
+- use string for config parsing
+- correct bug in Config.cpp: parameter status was detected wrong if parameter status-version parameter is used in OpenVPN config
+- don't delete client config file at CLIENT-DISCONNECT it could already a new file from a new AUTH-USER-PASS-VERIFY
+- Fix segmentation fault in radiusplugin.cpp. The error occurs if an accounting request fails after a successful authentication.
+
+radiusplugin_2.0c:
+- add IPv6 support (IPv6 patch for OpenVPN openvpn-2.1-udp6.patch)
+- check if string/buffer length is zero in IpcSocket
+- delete NAS port if authentication fails
+
+radiusplugin_2.0d_beta:
+- add some some headerfiles to avoid compiling errors on Fedora with gcc4
+- close socket in radiuspacket.cpp on retries
+- add parenthesize to avoid compiler warnings
+
+radiusplugin_2.1_beta:
+- Support for OPENVPN_PLUGIN_FUNC_DEFERRED, the authentication is done a thread if an auth_control_file is defined.
+-- The OpenVPN process needs write permission in the OpenVPN directory.
+- Timestamps are included in the debug information.
+- Adapted to OPENVPN_PLUGIN_VERSION 2
+- Option to swith on/off the usage of auth control files
+- Internal key is now based on untrusted_ip and untrusted_before.
+
+
479 Config.cpp
@@ -0,0 +1,479 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+
+#include "Config.h"
+
+
+/** The constructor The constructor initializes all char arrays with 0.
+ */
+
+Config::Config(void)
+{
+
+ this->usernameascommonname=false;
+ this->clientcertnotrequired=false;
+ this->overwriteccfiles=true;
+ this->useauthcontrolfile=false;
+ this->ccdPath="";
+ this->openvpnconfig="";
+ this->vsanamedpipe="";
+ this->vsascript="";
+ memset(this->subnet,0,16);
+ memset(this->p2p,0,16);
+}
+
+/** The constructor initializes all char arrays with 0. After the initialization
+ * the configfile is parsed and the information which are
+ * found are copied to the attributes.
+ * @param configfile The name of the configfile.
+ */
+
+Config::Config(char * configfile)
+{
+ memset(this->subnet,0,16);
+ memset(this->p2p,0,16);
+ this->ccdPath="";
+ this->openvpnconfig="";
+ this->vsanamedpipe="";
+ this->vsascript="";
+ this->usernameascommonname=false;
+ this->clientcertnotrequired=false;
+ this->overwriteccfiles=true;
+ this->useauthcontrolfile=false;
+ this->parseConfigFile(configfile);
+
+}
+
+
+/** The destructur clears the serverlist. */
+Config::~Config(void)
+{
+
+
+}
+
+
+
+/** The method parse the configfile for attributes and
+ * radius server, the attributes are copied to the
+ * member variables.
+ * @param configfile The name of the configfile.
+ * @return An integer, 0 if everything is ok
+ * or PARSING_ERROR or BAD_FILE if something is wrong.*/
+int Config::parseConfigFile(const char * configfile)
+{
+ string line;
+
+ ifstream file;
+ file.open(configfile, ios::in);
+ if (file.is_open())
+ {
+ while (file.eof()==false)
+ {
+ getline(file,line);
+ this->deletechars(&line);
+ if(line.empty()==false)
+ {
+ if (strncmp(line.c_str(),"subnet=",7)==0)
+ {
+ if((line.size()-7)>15)
+ {
+ return BAD_FILE;
+ }
+ line.copy(this->subnet,line.size()-7,7);
+
+ }
+ if (strncmp(line.c_str(),"p2p=",4)==0)
+ {
+ if((line.size()-4)>15)
+ {
+ return BAD_FILE;
+ }
+ line.copy(this->p2p,line.size()-4,4);
+ }
+ if (strncmp(line.c_str(),"vsascript=",10)==0)
+ {
+ this->vsascript=line.substr(10,line.size()-10);
+ }
+ if (strncmp(line.c_str(),"vsanamedpipe=",13)==0)
+ {
+ this->vsanamedpipe=line.substr(13,line.size()-13);
+ }
+
+ if (strncmp(line.c_str(),"OpenVPNConfig=",14)==0)
+ {
+ this->openvpnconfig=line.substr(14,line.size()-14);
+ }
+ if (strncmp(line.c_str(),"overwriteccfiles=",17)==0)
+ {
+
+ string stmp=line.substr(17,line.size()-17);
+ deletechars(&stmp);
+ if(stmp == "true") this->overwriteccfiles=true;
+ else if (stmp =="false") this->overwriteccfiles=false;
+ else return BAD_FILE;
+
+ }
+ if (strncmp(line.c_str(),"useauthcontrolfile=",19)==0)
+ {
+
+ string stmp=line.substr(19,line.size()-19);
+ deletechars(&stmp);
+ if(stmp == "true") this->useauthcontrolfile=true;
+ else if (stmp =="false") this->useauthcontrolfile=false;
+ else return BAD_FILE;
+
+ }
+ }
+
+ }
+ file.close();
+ //open OpenVPN config
+ ifstream file2;
+ file2.open(this->openvpnconfig.c_str(), ios::in);
+ if (file2.is_open())
+ {
+ while(file2.eof()==false)
+ {
+ getline(file2,line);
+
+ if(line.empty()==false)
+ {
+ string param=line;
+ // trim leading whitespace
+ string::size_type pos = param.find_first_not_of(" \t\r\n\0");
+ if (pos != string::npos) param.erase(0,pos );
+ pos=param.find_first_of(" \t\n\0");
+ if (pos != string::npos) param.erase(pos);
+ if (param == "client-cert-not-required")
+ {
+ this->deletechars(&line);
+ if (line == "client-cert-not-required")
+ {
+ this->clientcertnotrequired=true;
+ }
+ }
+ if (param == "username-as-common-name")
+ {
+ this->deletechars(&line);
+ if (line == "username-as-common-name")
+ {
+ this->usernameascommonname=true;
+ }
+ }
+ if (param == "client-config-dir")
+ {
+ this->deletechars(&line);
+ line.erase(0, 17);
+ this->setCcdPath(line);
+ }
+ if (param == "status")
+ {
+ //method deletechars don't work, entry has formet: status <file> [time]
+ pos = line.find_first_of("#");
+ if (pos != string::npos)
+ {
+ line.erase(pos);
+ }
+ // trim leading whitespace
+ char const* delims = " \t\r\n\0";
+ pos = line.find_first_not_of(delims);
+ if (pos != string::npos) line.erase(0,pos);
+ line.erase(0, 6);
+ // trim leading whitespace again
+ pos = line.find_first_not_of(" \t");
+ if (pos != string::npos) line.erase(0,pos);
+
+ //delete the trailing version of status if there
+ pos = line.find_first_of(" \t\n\r\0");
+ if (pos != string::npos) line.erase(pos);
+ this->deletechars(&line);
+
+ if(!line.empty())
+ {
+ this->statusfile=line;
+ }
+ }
+ }
+ }
+ file.close();
+ }
+ else
+ {
+ return BAD_FILE;
+ }
+ }
+ else
+ {
+ return BAD_FILE;
+ }
+ return 0;
+}
+
+
+/** The method deletes chars from a string.
+ * This is used to delete tabs, spaces, # and '\0'
+ * from a string.
+ * @param text The string which should be cleaned.
+ */
+void Config::deletechars(string * line)
+{
+ char const* delims = " \t\r\n\0";
+
+ // trim leading whitespace
+ string::size_type pos = line->find_first_not_of(delims);
+ if (pos != string::npos) line->erase(0,pos );
+ // trim trailing whitespace
+ pos = line->find_last_not_of(delims);
+ if (pos != string::npos) line->erase(pos+1);
+
+ //trim whitespaces in line
+ pos = line->find_first_of(delims);
+ while (pos != string::npos)
+ {
+ line->erase(pos,1);
+ pos = line->find_first_of(delims);
+ }
+
+ // trim comments
+ pos = line->find_first_of("#");
+ if (pos != string::npos)
+ {
+ line->erase(pos);
+ }
+
+}
+
+
+/**The method finds the part of the string after the
+ * '=' and puts it in the value.
+ * @param text The string with the value.
+ * @param value The value where to put the part of the string. */
+void Config::getValue(const char * text, char * value)
+{
+ int i=0,j=0;
+ while (text[i]!='=' && text[i]!='\0')
+ {
+ i++;
+ }
+ i++;
+ while (text[i]!='\0')
+ {
+ value[j]=text[i];
+ i++;
+ j++;
+ }
+ value[j]='\0';
+}
+
+
+
+
+
+/** The getter methid for the client config dir (ccd).
+ * @return A string to the ccd.
+ */
+string Config::getCcdPath(void)
+{
+ return this->ccdPath;
+}
+
+
+/** The setter method for the client config dir (ccd).
+ * @param path A string to the ccd path.
+ */
+void Config::setCcdPath(string path)
+{
+ if(path[path.length()]!= '/')
+ {
+ path +='/';
+ }
+ this->ccdPath=path;
+}
+
+/** Returns the path to the status file.
+ * @param A string to path of the status file.
+ */
+string Config::getStatusFile(void)
+{
+ return this->statusfile;
+}
+
+/** The setter method for thepath to the statusfile (path + filename).
+ * @param file A string of the filepath.
+ */
+void Config::setStatusFile(string file)
+{
+
+ this->statusfile=file;
+}
+
+/** The setter method for the nas ip address.
+ * @param ip A string with ip address.
+ */
+void Config::setSubnet(char * ip)
+{
+ strncpy(this->subnet,ip, 16);
+}
+
+
+/** The getter method for the nas ip address.
+ * @return A pointer to the nas ipaddress.
+ */
+char * Config::getSubnet(void)
+{
+ return this->subnet;
+}
+
+/** The setter method for the p2p address.
+ * @param ip A string with p2p address.
+ */
+void Config::setP2p(char * ip)
+{
+ strncpy(this->p2p,ip, 16);
+}
+
+
+/** The getter method for the p2p address.
+ * @return A pointer to the p2p address.
+ */
+char * Config::getP2p(void)
+{
+ return this->p2p;
+}
+
+/** The setter method for the vsascript.
+ * @param script A path of the script.
+ */
+void Config::setVsaScript(string script)
+{
+ this->vsascript=script;
+}
+
+
+/** The getter method for vsascript.
+ * @return A pointer to the path of the script.
+ */
+string Config::getVsaScript(void)
+{
+ return this->vsascript;
+}
+
+/** The setter method for the usernameascommonname value.
+ * @param b A boolean for option usernameascommonname.
+ */
+void Config::setUsernameAsCommonname(bool b)
+{
+ this->usernameascommonname=b;
+}
+
+
+/** The getter method for the usernameascommonname value.
+ * @return A boolean for option usernameascommonname.
+ */
+bool Config::getUsernameAsCommonname(void)
+{
+ return this->usernameascommonname;
+}
+
+/** The setter method for the vsanamedpipe.
+ * @param script A path of the pipe.
+ */
+void Config::setVsaNamedPipe(string pipe)
+{
+ this->vsanamedpipe=pipe;
+}
+
+
+/** The getter method for vsanamedpipe.
+ * @return A pointer to the path of the pipe.
+ */
+string Config::getVsaNamedPipe(void)
+{
+ return this->vsanamedpipe;
+}
+
+
+/** The setter method for the clientcertnotrequired value.
+ * @param b A boolean for option clientcertnotrequired.
+ */
+void Config::setClientCertNotRequired(bool b)
+{
+ this->clientcertnotrequired=b;
+}
+
+
+/** The getter method for the clientcertnotrequired value.
+ * @return A boolean for option clientcertnotrequired.
+ */
+bool Config::getClientCertNotRequired(void)
+{
+ return this->clientcertnotrequired;
+}
+
+/** The getter method for the path to the OpenVPN config
+ * @return A string to the path.
+ */
+string Config::getOpenVPNConfig(void)
+{
+ return this->openvpnconfig;
+}
+
+/** The setter method for the path to the OpenVPN config
+ * @param conf Path to the config file.
+ */
+void Config::setOpenVPNConfig(string conf)
+{
+ this->openvpnconfig=conf;
+}
+
+/** The getter method for the overwriteccfiles variable.
+ * @return A bool of overwriteccfiles.
+ */
+bool Config::getOverWriteCCFiles(void)
+{
+ return this->overwriteccfiles;
+}
+
+/** The setter method for the overwriteccfiles varibale
+ * @param overwrite Set to true if the plugin is allowed to overwrite the client config files.
+ */
+void Config::setOverWriteCCFiles(bool overwrite)
+{
+ this->overwriteccfiles=overwrite;
+}
+
+/** Getter method for the authcontrolfile variable.
+ * @return A bool of authcontrolfile .
+ */
+bool Config::getUseAuthControlFile(void)
+{
+ return this->useauthcontrolfile;
+}
+
+/** The setter method for the authcontrolfile varibale
+ * @param overwrite Set to true if the plugin if auth control files should be if supported by the OpenVPN version.
+ */
+void Config::setUseAuthControlFile(bool b)
+{
+ this->useauthcontrolfile=b;
+}
102 Config.h
@@ -0,0 +1,102 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _CONFIG_H_
+
+#define _CONFIG_H_
+#include <fstream>
+#include <iostream>
+#include <cstring>
+
+#include "RadiusClass/error.h"
+
+#include <list>
+#include <utility>
+using namespace std;
+
+/**This class represents the configurations attributes (without radius configuration) which
+ * can set in the configuration file and methods for the attributes.
+ */
+class Config
+{
+private:
+
+ string ccdPath; /**<The client config dir, where the plugin writes the config informations (framed routes & ip address of the client)*/
+ string statusfile; /**< The path and filename of the status file, where openvpn writes the status information.*/
+ char subnet[16]; /**<The subnet which is assigned to the client in topology option.*/
+ char p2p[16]; /**<The OpenVPN server address which is assigned to the client in topology p2p.*/
+ string vsascript; /**<A script whcih handles vendor specific attributes.*/
+ string vsanamedpipe; /**<The named pipe to the vsascript.*/
+ bool usernameascommonname; /**<Use the username as commonname in the plugin (for OpenVPN option username-as-common-name (no commonname in the enviroment!)).*/
+ bool clientcertnotrequired; /**<For OpenVPN option client_cert_not_required, commonname = UNDEF.*/
+ string openvpnconfig; /**<Path to OpenVPN config.*/
+ bool overwriteccfiles; /**<If true the plugin overwrites the client config files.*/
+ bool useauthcontrolfile; /**<If true and the OpenVPN version supports auth control files, the acf is used.*/
+
+ void deletechars(string * );
+
+public:
+ Config(void);
+ Config(char * configfile);
+ ~Config();
+
+ int parseConfigFile(const char * configfile);
+
+
+
+ void getValue(const char * text, char * value);
+
+ string getCcdPath(void);
+ void setCcdPath(string);
+
+ string getStatusFile(void);
+ void setStatusFile(string);
+
+ char * getSubnet(void);
+ void setSubnet(char * );
+
+ char * getP2p(void);
+ void setP2p(char * );
+
+ string getVsaScript(void);
+ void setVsaScript(string);
+
+ string getVsaNamedPipe(void);
+ void setVsaNamedPipe(string);
+
+ bool getUsernameAsCommonname(void);
+ void setUsernameAsCommonname(bool);
+
+ bool getClientCertNotRequired(void);
+ void setClientCertNotRequired(bool);
+
+ bool getOverWriteCCFiles(void);
+ void setOverWriteCCFiles(bool);
+
+ bool getUseAuthControlFile(void);
+ void setUseAuthControlFile(bool);
+
+ string getOpenVPNConfig(void);
+ void setOpenVPNConfig(string);
+};
+
+#endif //_CONFIG_H_
+
283 Doxyfile
@@ -0,0 +1,283 @@
+# Doxyfile 1.5.1-KDevelop
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+PROJECT_NAME = radiusplugin
+PROJECT_NUMBER = 1
+OUTPUT_DIRECTORY =
+CREATE_SUBDIRS = NO
+OUTPUT_LANGUAGE = English
+USE_WINDOWS_ENCODING = NO
+BRIEF_MEMBER_DESC = YES
+REPEAT_BRIEF = YES
+ABBREVIATE_BRIEF = "The $name class" \
+ "The $name widget" \
+ "The $name file" \
+ is \
+ provides \
+ specifies \
+ contains \
+ represents \
+ a \
+ an \
+ the
+ALWAYS_DETAILED_SEC = NO
+INLINE_INHERITED_MEMB = NO
+FULL_PATH_NAMES = YES
+STRIP_FROM_PATH = /home/ralf/
+STRIP_FROM_INC_PATH =
+SHORT_NAMES = NO
+JAVADOC_AUTOBRIEF = NO
+MULTILINE_CPP_IS_BRIEF = NO
+DETAILS_AT_TOP = NO
+INHERIT_DOCS = YES
+SEPARATE_MEMBER_PAGES = NO
+TAB_SIZE = 8
+ALIASES =
+OPTIMIZE_OUTPUT_FOR_C = NO
+OPTIMIZE_OUTPUT_JAVA = NO
+BUILTIN_STL_SUPPORT = NO
+DISTRIBUTE_GROUP_DOC = NO
+SUBGROUPING = YES
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+EXTRACT_ALL = NO
+EXTRACT_PRIVATE = NO
+EXTRACT_STATIC = NO
+EXTRACT_LOCAL_CLASSES = YES
+EXTRACT_LOCAL_METHODS = NO
+HIDE_UNDOC_MEMBERS = NO
+HIDE_UNDOC_CLASSES = NO
+HIDE_FRIEND_COMPOUNDS = NO
+HIDE_IN_BODY_DOCS = NO
+INTERNAL_DOCS = NO
+CASE_SENSE_NAMES = YES
+HIDE_SCOPE_NAMES = NO
+SHOW_INCLUDE_FILES = YES
+INLINE_INFO = YES
+SORT_MEMBER_DOCS = YES
+SORT_BRIEF_DOCS = NO
+SORT_BY_SCOPE_NAME = NO
+GENERATE_TODOLIST = YES
+GENERATE_TESTLIST = YES
+GENERATE_BUGLIST = YES
+GENERATE_DEPRECATEDLIST= YES
+ENABLED_SECTIONS =
+MAX_INITIALIZER_LINES = 30
+SHOW_USED_FILES = YES
+SHOW_DIRECTORIES = NO
+FILE_VERSION_FILTER =
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+QUIET = NO
+WARNINGS = YES
+WARN_IF_UNDOCUMENTED = YES
+WARN_IF_DOC_ERROR = YES
+WARN_NO_PARAMDOC = NO
+WARN_FORMAT = "$file:$line: $text"
+WARN_LOGFILE =
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+INPUT = /home/ralf/cvs/sources/radiusplugin
+FILE_PATTERNS = *.c \
+ *.cc \
+ *.cxx \
+ *.cpp \
+ *.c++ \
+ *.d \
+ *.java \
+ *.ii \
+ *.ixx \
+ *.ipp \
+ *.i++ \
+ *.inl \
+ *.h \
+ *.hh \
+ *.hxx \
+ *.hpp \
+ *.h++ \
+ *.idl \
+ *.odl \
+ *.cs \
+ *.php \
+ *.php3 \
+ *.inc \
+ *.m \
+ *.mm \
+ *.dox \
+ *.py \
+ *.C \
+ *.CC \
+ *.C++ \
+ *.II \
+ *.I++ \
+ *.H \
+ *.HH \
+ *.H++ \
+ *.CS \
+ *.PHP \
+ *.PHP3 \
+ *.M \
+ *.MM \
+ *.PY \
+ *.C \
+ *.H \
+ *.tlh \
+ *.diff \
+ *.patch \
+ *.moc \
+ *.xpm \
+ *.dox
+RECURSIVE = yes
+EXCLUDE =
+EXCLUDE_SYMLINKS = NO
+EXCLUDE_PATTERNS =
+EXAMPLE_PATH =
+EXAMPLE_PATTERNS = *
+EXAMPLE_RECURSIVE = NO
+IMAGE_PATH =
+INPUT_FILTER =
+FILTER_PATTERNS =
+FILTER_SOURCE_FILES = NO
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+SOURCE_BROWSER = NO
+INLINE_SOURCES = NO
+STRIP_CODE_COMMENTS = YES
+REFERENCED_BY_RELATION = YES
+REFERENCES_RELATION = YES
+REFERENCES_LINK_SOURCE = YES
+USE_HTAGS = NO
+VERBATIM_HEADERS = YES
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+ALPHABETICAL_INDEX = NO
+COLS_IN_ALPHA_INDEX = 5
+IGNORE_PREFIX =
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+GENERATE_HTML = YES
+HTML_OUTPUT = html
+HTML_FILE_EXTENSION = .html
+HTML_HEADER =
+HTML_FOOTER =
+HTML_STYLESHEET =
+HTML_ALIGN_MEMBERS = YES
+GENERATE_HTMLHELP = NO
+CHM_FILE =
+HHC_LOCATION =
+GENERATE_CHI = NO
+BINARY_TOC = NO
+TOC_EXPAND = NO
+DISABLE_INDEX = NO
+ENUM_VALUES_PER_LINE = 4
+GENERATE_TREEVIEW = NO
+TREEVIEW_WIDTH = 250
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+GENERATE_LATEX = YES
+LATEX_OUTPUT = latex
+LATEX_CMD_NAME = latex
+MAKEINDEX_CMD_NAME = makeindex
+COMPACT_LATEX = NO
+PAPER_TYPE = a4wide
+EXTRA_PACKAGES =
+LATEX_HEADER =
+PDF_HYPERLINKS = NO
+USE_PDFLATEX = NO
+LATEX_BATCHMODE = NO
+LATEX_HIDE_INDICES = NO
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+GENERATE_RTF = NO
+RTF_OUTPUT = rtf
+COMPACT_RTF = NO
+RTF_HYPERLINKS = NO
+RTF_STYLESHEET_FILE =
+RTF_EXTENSIONS_FILE =
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+GENERATE_MAN = NO
+MAN_OUTPUT = man
+MAN_EXTENSION = .3
+MAN_LINKS = NO
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+GENERATE_XML = yes
+XML_OUTPUT = xml
+XML_SCHEMA =
+XML_DTD =
+XML_PROGRAMLISTING = YES
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+GENERATE_AUTOGEN_DEF = NO
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+GENERATE_PERLMOD = NO
+PERLMOD_LATEX = NO
+PERLMOD_PRETTY = YES
+PERLMOD_MAKEVAR_PREFIX =
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+ENABLE_PREPROCESSING = YES
+MACRO_EXPANSION = NO
+EXPAND_ONLY_PREDEF = NO
+SEARCH_INCLUDES = YES
+INCLUDE_PATH =
+INCLUDE_FILE_PATTERNS =
+PREDEFINED =
+EXPAND_AS_DEFINED =
+SKIP_FUNCTION_MACROS = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+TAGFILES =
+GENERATE_TAGFILE = radiusplugin.tag
+ALLEXTERNALS = NO
+EXTERNAL_GROUPS = YES
+PERL_PATH = /usr/bin/perl
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+CLASS_DIAGRAMS = YES
+HIDE_UNDOC_RELATIONS = YES
+HAVE_DOT = NO
+CLASS_GRAPH = YES
+COLLABORATION_GRAPH = YES
+GROUP_GRAPHS = YES
+UML_LOOK = NO
+TEMPLATE_RELATIONS = NO
+INCLUDE_GRAPH = YES
+INCLUDED_BY_GRAPH = YES
+CALL_GRAPH = NO
+CALLER_GRAPH = NO
+GRAPHICAL_HIERARCHY = YES
+DIRECTORY_GRAPH = YES
+DOT_IMAGE_FORMAT = png
+DOT_PATH =
+DOTFILE_DIRS =
+MAX_DOT_GRAPH_WIDTH = 1024
+MAX_DOT_GRAPH_HEIGHT = 1024
+MAX_DOT_GRAPH_DEPTH = 1000
+DOT_TRANSPARENT = NO
+DOT_MULTI_TARGETS = NO
+GENERATE_LEGEND = YES
+DOT_CLEANUP = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+SEARCHENGINE = NO
70 Exception.cpp
@@ -0,0 +1,70 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "Exception.h"
+
+
+
+/**The constructor of the class, it sets the exception number and if
+ * the number is known the text for the number.
+ * @param err The exception number.
+ */
+Exception::Exception(int err)
+{
+ errnum = err;
+ switch(err)
+ {
+ case Exception::SOCKETRECV:
+ this->errtext="Receiving data from internal socket failed!";
+ break;
+
+ case Exception::SOCKETSEND:
+ this->errtext="Sending data via internal socket failed!";
+
+ case Exception::ALREADYAUTHENTICATED:
+ this->errtext="The User is already authenticated. He could not insert in user map. The client connect will fail. In case of rekeying this note is ok.";
+ }
+}
+
+/**The constructor sets the text of the Exception.
+ * @param txt The exception text.
+ */
+Exception::Exception(string txt)
+{
+ this->errnum=-1;
+ this->errtext=txt;
+}
+
+/**The overloading of ostream for the exception class.
+ */
+ostream & operator <<(ostream& os, const Exception& e)
+{
+ os <<"Error: " << e.errtext << "\n";
+ return os;
+}
+
+/**The method returns the exception number.
+ * @return The exception number.
+ */
+int Exception::getErrnum(void)
+{
+ return this->errnum;
+}
51 Exception.h
@@ -0,0 +1,51 @@
+/*
+ * radiusplugin -- An OpenVPN plugin for do radius authentication
+ * and accounting.
+ *
+ * Copyright (C) 2005 EWE TEL GmbH/Ralf Luebben <ralfluebben@gmx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _EXCEPTION_H_
+#define _EXCEPTION_H_
+#include <string>
+#include <iostream>
+//#include "radiusplugin.h"