Permalink
Browse files

radiusplugin_v2.1_beta3.tar.gz

  • Loading branch information...
squadette committed May 4, 2009
1 parent b1ad7d7 commit ff3360653da8bdd9567191aae6b0653e017c393a
Showing with 65 additions and 7 deletions.
  1. +4 −3 ChangeLog
  2. +38 −0 User.cpp
  3. +16 −2 User.h
  4. +7 −2 radiusplugin.cpp
View
@@ -80,13 +80,14 @@ radiusplugin_2.0d_beta:
- add parenthesize to avoid compiler warnings
radiusplugin_2.1:
-- Support of OPENVPN_PLUGIN_FUNC_DEFERRED:
+- Support of OPENVPN_PLUGIN_FUNC_DEFERRED:
*** The communication to the radius server for authentication is outsourced in a thread.
*** If an auth control file is defined and "useauthcontrolfile=true" is defined in the config file of plugin the authentication is done the background.
*** The OpenVPN process needs write permission in the OpenVPN directory.
- Timestamps are included in the debug information.
- Adapted to OPENVPN_PLUGIN_VERSION 2
- Internal key is now based on untrusted_ip and untrusted_before.
-- Separated key for status file is added.
-
+- Separated key for status file is added.
+- Update password and username if the user (key) is already known. Before if the ip and port would be the same and the timeout hasn't occured the login will success. The update prevents against this behaviour.
+
View
@@ -29,6 +29,8 @@ User::User()
this->key="";
this->statusfilekey="";
this->untrustedport="";
+// this->trustedport="";
+// this->trustedip="";
this->acctinteriminterval=0;
this->portnumber=0;
this->vsabuf=NULL;
@@ -74,6 +76,8 @@ User & User::operator=(const User & u)
this->portnumber=u.portnumber;
this->acctinteriminterval=u.acctinteriminterval;
this->untrustedport=u.untrustedport;
+// this->trustedport=u.trustedport;
+// this->trustedip=u.trustedip;
this->vsabuflen=u.vsabuflen;
if(u.vsabuf != NULL)
{
@@ -103,6 +107,8 @@ User::User(const User & u)
this->portnumber=u.portnumber;
this->acctinteriminterval=u.acctinteriminterval;
this->untrustedport=u.untrustedport;
+// this->trustedport=u.trustedport;
+// this->trustedip=u.trustedip;
this->vsabuflen=u.vsabuflen;
if(u.vsabuf != NULL)
{
@@ -316,3 +322,35 @@ void User::setVsaBufLen(unsigned int len)
+
+/** The getter method for trusted port.
+ * @return trusted port
+ */
+// string User::getTrustedPort() const
+// {
+// return trustedport;
+// }
+
+/**The setter method for trusted port.
+ * @param The trusted port number as string.
+ */
+// void User::setTrustedPort ( const string& port )
+// {
+// trustedport = port;
+// }
+
+/** The getter method for trusted ip.
+ * @return trusted ip
+ */
+// string User::getTrustedIp() const
+// {
+// return trustedip;
+// }
+
+/**The setter method for trusted ip.
+ * @param The trusted ip as string.
+ */
+// void User::setTrustedIp ( const string& ip )
+// {
+// trustedip = ip;
+// }
View
18 User.h
@@ -45,14 +45,16 @@ class User
string username; /**<The username.*/
string commonname; /**<The commonname.*/
string framedroutes; /**<The framedroutes, they are stored as a string. if there are more routes, they must be delimted by an ';'*/
- string framedip; /**<The framed ip.*/
+ string framedip; /**<The framed ip.*/
string callingstationid; /**<The calling station id, in this case the real ip addres of the client.*/
string key; /**<A unique key to find the user in a map. */
string statusfilekey; /**<Unique identifier in the status log file (version 1) "commonname,untrusted_ip:untrusted_port"*/
int portnumber; /**<The portnumber.*/
time_t acctinteriminterval; /**<The acct interim interval.*/
string untrustedport; /**<The untrusted port number from OpenVPN for a client.*/
- Octet * vsabuf; /**<Buffer for all VSA attributes.*/
+ //string trustedport; /**<The trusted port number from OpenVPN for a client.*/
+ //string trustedip; /**<The trusted ip from OpenVPN for a client.*/
+ Octet * vsabuf; /**<Buffer for all VSA attributes.*/
unsigned int vsabuflen; /**<Length of vsabuf.*/
public:
@@ -100,6 +102,18 @@ class User
unsigned int getVsaBufLen();
void setVsaBufLen(unsigned int);
+
+// void setTrustedPort ( const string& theValue );
+//
+//
+// string getTrustedPort() const;
+//
+// void setTrustedIp ( const string& theValue );
+//
+//
+// string getTrustedIp() const;
+
+
View
@@ -398,15 +398,17 @@ extern "C"
throw Exception ( "RADIUS-PLUGIN: FOREGROUND: common_name is not defined\n" );
}
}
- else if ( get_env ( "untrusted_port", envp ) ==NULL )
+ else if ( get_env ( "untrusted_port", envp ) ==NULL )
{
throw Exception ( "RADIUS-PLUGIN: FOREGROUND: untrusted_port is not defined\n" );
}
+
if (get_env ( "auth_control_file", envp ) != NULL)
{
newuser->setAuthControlFile( get_env ( "auth_control_file", envp ) );
}
+
// get username, password, unrusted_ip and common_name from envp string array
newuser->setUsername ( get_env ( "username", envp ) );
@@ -987,7 +989,10 @@ void * auth_user_pass_verify(void * c)
<< "\n";
cerr << getTime() << "RADIUS-PLUGIN: FOREGROUND THREAD: isAuthenticated()" << olduser->isAuthenticated();
cerr << getTime() << "RADIUS-PLUGIN: FOREGROUND THREAD: isAcct()" << olduser->isAccounted();
- //delete the newuser and use the olduser
+ // update password and username, can happen when a new connection is established from the same client with the same port before the timeout in the openvpn server occurs!
+ olduser->setPassword(newuser->getPassword());
+ olduser->setUsername(newuser->getUsername());
+ //delete the newuser and use the olduser
delete newuser;
newuser=olduser;
//TODO: for threading check if the user is already accounted (He must be for renegotiation)

0 comments on commit ff33606

Please sign in to comment.