[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Radiusplugin-devel] [PATCH 1/4] support for Framed-IPv6-Route
|
From: |
Samuel Thibault |
|
Subject: |
[Radiusplugin-devel] [PATCH 1/4] support for Framed-IPv6-Route |
|
Date: |
Mon, 1 Apr 2013 01:24:16 +0200 |
|
User-agent: |
Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) |
This adds support for Framed-IPv6-Route, which is recorded in
user->framedroutes6, which is used to add IPv6 framed routes just like IPv4 are.
--- a/AccountingProcess.cpp
+++ b/AccountingProcess.cpp
@@ -107,6 +107,7 @@ void AccountingProcess::Accounting(Plugi
user->setCommonname(context->acctsocketforegr.recvStr());
user->setAcctInterimInterval(context->acctsocketforegr.recvInt());
user->setFramedRoutes(context->acctsocketforegr.recvStr());
+
user->setFramedRoutes6(context->acctsocketforegr.recvStr());
user->setKey(context->acctsocketforegr.recvStr());
user->setStatusFileKey(context->acctsocketforegr.recvStr());
user->setUntrustedPort(context->acctsocketforegr.recvStr());
--- a/AuthenticationProcess.cpp
+++ b/AuthenticationProcess.cpp
@@ -105,6 +105,9 @@ void AuthenticationProcess::Authenticati
//send the framed ip to the parent process
context->authsocketforegr.send(user->getFramedIp());
+ //send the IPv6 routes to the parent process
+
context->authsocketforegr.send(user->getFramedRoutes6());
+
//send the interval to the parent
process
context->authsocketforegr.send(user->getAcctInterimInterval());
--- a/User.cpp
+++ b/User.cpp
@@ -26,6 +26,7 @@ User::User()
{
this->framedip="";
this->framedroutes="";
+ this->framedroutes6="";
this->key="";
this->statusfilekey="";
this->untrustedport="";
@@ -43,6 +44,7 @@ User::User()
{
this->framedip="";
this->framedroutes="";
+ this->framedroutes6="";
this->key="";
this->untrustedport="";
this->acctinteriminterval=0;
@@ -70,6 +72,7 @@ User & User::operator=(const User & u)
this->commonname=u.commonname;
this->framedroutes=u.framedroutes;
this->framedip=u.framedip;
+ this->framedroutes6=u.framedroutes6;
this->key=u.key;
this->statusfilekey=u.statusfilekey;
this->callingstationid=u.callingstationid;
@@ -110,6 +113,7 @@ User::User(const User & u)
this->commonname=u.commonname;
this->framedroutes=u.framedroutes;
this->framedip=u.framedip;
+ this->framedroutes6=u.framedroutes6;
this->key=u.key;
this->statusfilekey=u.statusfilekey;
this->callingstationid=u.callingstationid;
@@ -171,7 +175,7 @@ string User::getFramedRoutes(void)
}
/** The setter method for the framedroutes.
* @param froutes The framedroutes, if there are more
- * routes they are diveded through a ';'.*/
+ * routes they are divided through a ';'.*/
void User::setFramedRoutes(string froutes)
{
this->framedroutes=froutes;
@@ -190,6 +194,20 @@ void User::setFramedIp(string ip)
this->framedip=ip;
}
+/** The getter method for the framed IPv6 routes.
+ * @return The framed IPv6 routes as a string.*/
+string User::getFramedRoutes6(void)
+{
+ return this->framedroutes6;
+}
+/** The setter method for the framed IPv6 routes.
+ * @param froutes6 The framed IPv6 routes, if there are more
+ * routes they are divided through a ';'.*/
+void User::setFramedRoutes6(string froutes6)
+{
+ this->framedroutes6=froutes6;
+}
+
/** The getter method for the fkey.
* @return The unique key as a string.*/
string User::getKey(void)
--- a/User.h
+++ b/User.h
@@ -47,6 +47,7 @@ protected:
string commonname; /**<The commonname.*/
string framedroutes; /**<The framedroutes, they are stored
as a string. If there are more routes, they must be delimited by an ';'*/
string framedip; /**<The framed ip.*/
+ string framedroutes6; /**<The framed IPv6 routes, they are
stored as a string. If there are more routes, they must be delimited by an ';'*/
string callingstationid; /**<The calling station id, in this
case the real ip address of the client.*/
string key; /**<A unique key to find the user in a
map. */
string statusfilekey; /**<Unique identifier in the status log
file (version 1) "commonname,untrusted_ip:untrusted_port"*/
@@ -80,6 +81,9 @@ public:
string getFramedIp(void);
void setFramedIp(string);
+ string getFramedRoutes6(void);
+ void setFramedRoutes6(string);
+
string getKey(void);
void setKey(string);
--- a/UserAcct.cpp
+++ b/UserAcct.cpp
@@ -599,13 +599,13 @@ int UserAcct::sendStopPacket(PluginConte
void UserAcct::delSystemRoutes(PluginContext * context)
{
char * route;
- char framedip[16];
+ char framedip[40];
- char routestring[100];
- char framednetmask_cidr[3];
- char framedgw[16];
+ char routestring[200];
+ char framednetmask_cidr[4];
+ char framedgw[40];
char framedmetric[5];
- char * framedroutes;
+ char * framedroutes, * framedroutes6;
int j=0,k=0,len=0;
//copy the framed route string to an char array, it is easier to
@@ -750,6 +750,141 @@ void UserAcct::delSystemRoutes(PluginCon
delete [] framedroutes;
+ //copy the framed route string to an char array, it is easier to
+ //analyse
+ framedroutes6=new char[this->getFramedRoutes6().size()+1];
+ memset(framedroutes6,0,this->getFramedRoutes6().size()+1);
+
+ // copy in a temp-string, because strtok deletes the delimiter, if it
used anywhere
+
strncpy(framedroutes6,this->getFramedRoutes6().c_str(),this->getFramedRoutes6().size());
+
+ //are there framed routes
+ if (framedroutes6[0]!='\0')
+ {
+ //get the first route
+ route=strtok(framedroutes6,";");
+ len=strlen(route);
+ if (len > 150) //this is too big!! but the length is variable
+ {
+ cerr << getTime() <<"RADIUS-PLUGIN: BACKGROUND-ACCT:
Argument for Framed Route is too long (>150 Characters).\n";
+ }
+ else
+ {
+ while (route!=NULL)
+ {
+ //set the arrays to 0
+ memset(routestring,0,200);
+ memset(framednetmask_cidr,0,4);
+ memset(framedip,0,40);
+ memset(framedgw,0,40);
+ memset(framedmetric,0,5);
+
+ j=0;k=0;
+ //get ip address and add it to framedip
+ while(route[j]!='/' && j<len)
+ {
+ if (route[j]!=' ')
+ {
+ framedip[k]=route[j];
+ k++;
+ }
+ j++;
+ }
+ k=0;
+ j++;
+ //get the framednetmask and add it to
framednetmack_cidr
+ while(route[j]!=' ' && j<=len)
+ {
+ framednetmask_cidr[k]=route[j];
+ k++;
+ j++;
+ }
+ k=0;
+ //jump spaces
+ while(route[j]==' ' && j<=len)
+ {
+ j++;
+ }
+ //get the gateway
+ while(route[j]!='/' && j<=len)
+ {
+ if (route[j]!=' ')
+ {
+ framedgw[k]=route[j];
+ k++;
+ }
+ j++;
+ }
+ j++;
+ //find gateway netmask (this isn't used
+ //at the command route under linux)
+ while(route[j]!=' ' && j<=len)
+ {
+ j++;
+ }
+ //jump spaces
+ while(route[j]==' ' && j<=len)
+ {
+ j++;
+ }
+ k=0;
+ if (j<=len) //is there a metric (optional)
+ {
+ k=0;
+ //find the metric
+ while(route[j]!=' ' && j<=len)
+ {
+
framedmetric[k]=route[j];
+ k++;
+ j++;
+ }
+ }
+
+ //create system call
+ strncat(routestring, "route -6 del ",13);
+ strncat(routestring, framedip ,40);
+ strncat(routestring, "/" ,1);
+ strncat(routestring, framednetmask_cidr, 3);
+ strncat(routestring, " gw ", 4);
+ strncat(routestring, framedgw, 40);
+ if (framedmetric[0]!='\0')
+ {
+ strncat(routestring, " metric ", 8);
+ strncat(routestring, framedmetric , 5);
+ }
+ //redirect the output stderr to /dev/null
+ strncat(routestring," 2> /dev/null",13);
+
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND-ACCT: Create IPv6 route string "<< routestring <<".\n";
+
+ //system call
+ if(system(routestring)!=0)
+ //if(1)//-> the debugg can't context system()
+ {
+ cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND-ACCT: Route " << routestring << " could not set. Route already set
or bad route string.\n";
+ }
+ else
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND-ACCT: Add route to system routing table.\n";
+
+ }
+ //get the next route
+ route=strtok(NULL,";");
+ }
+ }
+
+ }
+ else
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: No IPv6
routes for user in AccessAcceptPacket.\n";
+ }
+ //free the char array
+ delete [] framedroutes6;
+
}
/** The method adds ths routes of the user to the system routing table.
@@ -758,13 +893,13 @@ void UserAcct::delSystemRoutes(PluginCon
void UserAcct::addSystemRoutes(PluginContext * context)
{
char * route;
- char framedip[16];
+ char framedip[40];
- char routestring[100];
- char framednetmask_cidr[3];
- char framedgw[16];
+ char routestring[200];
+ char framednetmask_cidr[4];
+ char framedgw[40];
char framedmetric[5];
- char * framedroutes;
+ char * framedroutes, * framedroutes6;
int j=0,k=0,len=0;
//copy the framed route string to an char array, it is easier to
@@ -905,9 +1040,144 @@ void UserAcct::addSystemRoutes(PluginCon
if (DEBUG (context->getVerbosity()))
cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: No
routes for user.\n";
}
- //fre the chat array
+ //free the char array
delete [] framedroutes;
+ //copy the framed route string to an char array, it is easier to
+ //analyse
+ framedroutes6=new char[this->getFramedRoutes6().size()+1];
+ memset(framedroutes6,0,this->getFramedRoutes6().size()+1);
+
+ // copy in a temp-string, becaue strtok deletes the delimiter, if it
used anywhere
+
strncpy(framedroutes6,this->getFramedRoutes6().c_str(),this->getFramedRoutes6().size());
+
+ //are there framed routes
+ if (framedroutes6[0]!='\0')
+ {
+ //get the first route
+ route=strtok(framedroutes6,";");
+ len=strlen(route);
+ if (len > 150) //this is to big!! but the length is variable
+ {
+ cerr << getTime() <<"RADIUS-PLUGIN: BACKGROUND-ACCT:
Argument for Framed Route is to long (>150 Characters).\n";
+ }
+ else
+ {
+ while (route!=NULL)
+ {
+ //set the arrays to 0
+ memset(routestring,0,200);
+ memset(framednetmask_cidr,0,4);
+ memset(framedip,0,40);
+ memset(framedgw,0,40);
+ memset(framedmetric,0,5);
+
+ j=0;k=0;
+ //get ip address and add it to framedip
+ while(route[j]!='/' && j<len)
+ {
+ if (route[j]!=' ')
+ {
+ framedip[k]=route[j];
+ k++;
+ }
+ j++;
+ }
+ k=0;
+ j++;
+ //get the framednetmask and add it to
framednetmask_cidr
+ while(route[j]!=' ' && j<=len)
+ {
+ framednetmask_cidr[k]=route[j];
+ k++;
+ j++;
+ }
+ k=0;
+ //jump spaces
+ while(route[j]==' ' && j<=len)
+ {
+ j++;
+ }
+ //get the gateway
+ while(route[j]!='/' && j<=len)
+ {
+ if (route[j]!=' ')
+ {
+ framedgw[k]=route[j];
+ k++;
+ }
+ j++;
+ }
+ j++;
+ //find gateway netmask (this isn't used
+ //at the command route under linux)
+ while(route[j]!=' ' && j<=len)
+ {
+ j++;
+ }
+ //jump spaces
+ while(route[j]==' ' && j<=len)
+ {
+ j++;
+ }
+ k=0;
+ if (j<=len) //is there a metric (optional)
+ {
+ k=0;
+ //find the metric
+ while(route[j]!=' ' && j<=len)
+ {
+
framedmetric[k]=route[j];
+ k++;
+ j++;
+ }
+ }
+
+
+ //create system call
+ strncat(routestring, "route -6 add ",13);
+ strncat(routestring, framedip ,40);
+ strncat(routestring, "/" ,1);
+ strncat(routestring, framednetmask_cidr, 3);
+ strncat(routestring, " gw ", 4);
+ strncat(routestring, framedgw, 40);
+ if (framedmetric[0]!='\0')
+ {
+ strncat(routestring, " metric ", 8);
+ strncat(routestring, framedmetric , 5);
+ }
+ //redirect the output stderr to /dev/null
+ strncat(routestring," 2> /dev/null",13);
+
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND-ACCT: Create IPv6 route string "<< routestring << " dev " <<
this->getDev() << ".\n";
+
+ //system call route
+ if(system(routestring)!=0)
+ //if(1)//-> the debugg can't context system()
+ {
+ cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND-ACCT: Route " << routestring << " could not set. Route already set
or bad route string.\n";
+ }
+ else
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND-ACCT: Add route to system routing table.\n";
+
+ }
+ //get the next route
+ route=strtok(NULL,";");
+ }
+ }
+ }
+ else
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: No IPv6
routes for user.\n";
+ }
+ //free the char array
+ delete [] framedroutes6;
+
}
@@ -995,7 +1265,7 @@ int UserAcct::deleteCcdFile(PluginContex
{
string filename;
filename = context->conf.getCcdPath()+ this->getCommonname();
- if(context->conf.getOverWriteCCFiles()==true &&
(this->getFramedIp().length() > 0 || this->getFramedRoutes().length() > 0))
+ if(context->conf.getOverWriteCCFiles()==true &&
(this->getFramedIp().length() > 0 || this->getFramedRoutes().length() > 0 ||
this->getFramedRoutes6().length() > 0))
{
remove(filename.c_str());
}
--- a/UserAuth.cpp
+++ b/UserAuth.cpp
@@ -251,6 +251,25 @@ void UserAuth::parseResponsePacket(Radiu
+ range=packet->findAttributes(99);
+ iter1=range.first;
+ iter2=range.second;
+ string froutes6;
+
+ while (iter1!=iter2)
+ {
+
+ froutes6.append((char *) iter1->second.getValue(),
iter1->second.getLength()-2);
+ froutes6.append(";");
+ iter1++;
+ }
+ this->setFramedRoutes6(froutes6);
+
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND AUTH: framed ipv6
route: " << this->getFramedRoutes6() <<".\n";
+
+
+
range=packet->findAttributes(85);
iter1=range.first;
iter2=range.second;
@@ -1485,16 +1504,17 @@ int UserAuth::createCcdFile(PluginContex
ofstream ccdfile;
char * route;
- char framedip[16];
+ char framedip[40];
char ipstring[100];
in_addr_t ip2;
in_addr ip3;
string filename;
char framedroutes[4096];
- char framednetmask_cidr[3]; // ->/24
+ char framedroutes6[4096];
+ char framednetmask_cidr[4]; // ->/128
char framednetmask[16]; // ->255.255.255.0
char mask_part[6];
- char framedgw[16];
+ char framedgw[40];
char framedmetric[5]; //what is the biggest metric?
double d1,d2;
@@ -1503,11 +1523,12 @@ int UserAuth::createCcdFile(PluginContex
int len=0;
- if(context->conf.getOverWriteCCFiles()==true &&
(this->getFramedIp().length() > 0 || this->getFramedRoutes().length() > 0))
+ if(context->conf.getOverWriteCCFiles()==true &&
(this->getFramedIp().length() > 0 || this->getFramedRoutes().length() > 0 ||
this->getFramedRoutes6().length() > 0))
{
memset(ipstring,0,100);
memset(framedip,0,16);
memset(framedroutes,0,4096);
+ memset(framedroutes6,0,4096);
//create the filename, ccd-path + commonname
filename=context->conf.getCcdPath()+this->getCommonname();
@@ -1526,6 +1547,9 @@ int UserAuth::createCcdFile(PluginContex
// copy in a temp-string, becaue strtok deletes the delimiter,
if it is used anywhere
strncpy(framedroutes,this->getFramedRoutes().c_str(),4095);
+ // copy in a temp-string, becaue strtok deletes the delimiter,
if it is used anywhere
+ strncpy(framedroutes6,this->getFramedRoutes6().c_str(),4095);
+
if (ccdfile.is_open())
{
@@ -1756,6 +1780,106 @@ int UserAuth::createCcdFile(PluginContex
route=strtok(NULL,";");
}
+ }
+ }
+
+ //set the IPv6 framed routes in the file for the
openvpn process
+ if (framedroutes6[0]!='\0')
+ {
+ if (DEBUG (context->getVerbosity()))
+ cerr << getTime() << "RADIUS-PLUGIN:
BACKGROUND AUTH: Write framed routes to ccd-file.\n";
+
+ route=strtok(framedroutes6,";");
+ len=strlen(route);
+ if (len > 150) //this is too big! but the
length is variable
+ {
+ cerr << getTime() <<"RADIUS-PLUGIN:
Argument for Framed Route is to long (>50 Characters).\n";
+ return 1;
+ }
+ else
+ {
+ while (route!=NULL)
+ {
+ j=0;k=0;
+ //set everything back for the
next route entry
+ memset(mask_part,0,6);
+ memset(framednetmask_cidr,0,4);
+ memset(framedip,0,40);
+ memset(framednetmask,0,40);
+ memset(framedgw,0,40);
+ memset(framedmetric,0,5);
+
+ //add ip address to string
+ while(route[j]!='/' && j<len)
+ {
+ if (route[j]!='
')
+ {
+
framedip[k]=route[j];
+ k++;
+ }
+ j++;
+ }
+ k=0;
+ j++;
+ //add netmask
+ while(route[j]!=' ' &&
j<=len)
+ {
+
framednetmask_cidr[k]=route[j];
+ k++;
+ j++;
+ }
+ k=0;
+ //jump spaces
+ while(route[j]==' ' &&
j<len)
+ {
+ j++;
+ }
+ //find gateway
+ while(route[j]!='/' &&
j<len)
+ {
+ if (route[j]!='
')
+ {
+
framedgw[k]=route[j];
+ k++;
+ }
+ j++;
+ }
+ j++;
+
+ //find gateway netmask
(this isn't used
+ //at the command route
under linux)
+ while(route[j]!=' ' &&
j<len)
+ {
+ j++;
+ }
+ //jump spaces
+
+ while(route[j]==' ' &&
j<len )
+ {
+ j++;
+ }
+ k=0;
+ if (j<=len)
+ {
+
+ k=0;
+ //find the
metric
+
while(route[j]!=' ' && j<len)
+ {
+
framedmetric[k]=route[j];
+ k++;
+ j++;
+ }
+ }
+
+ if (DEBUG
(context->getVerbosity()))
+ cerr <<
getTime() << "RADIUS-PLUGIN: Write route string: iroute-ipv6 " << framedip <<
"/" << framednetmask_cidr << " " << framedgw << " " << framedmetric << " to
ccd-file.\n";
+
+ //write iroute to
client file
+ ccdfile << "iroute-ipv6
" << framedip << "/"<< framednetmask_cidr << "\n";
+
+ route=strtok(NULL,";");
+ }
}
}
--- a/radiusplugin.cpp
+++ b/radiusplugin.cpp
@@ -494,6 +494,7 @@ error:
context->acctsocketbackgr.send ( newuser->getCommonname()
);
context->acctsocketbackgr.send (
newuser->getAcctInterimInterval() );
context->acctsocketbackgr.send (
newuser->getFramedRoutes() );
+ context->acctsocketbackgr.send (
newuser->getFramedRoutes6() );
context->acctsocketbackgr.send ( newuser->getKey() );
context->acctsocketbackgr.send (
newuser->getStatusFileKey());
context->acctsocketbackgr.send (
newuser->getUntrustedPort() );
@@ -988,6 +989,10 @@ void * auth_user_pass_verify(void * c)
newuser->setFramedIp ( context->authsocketbackgr.recvStr() );
if ( DEBUG ( context->getVerbosity() ) )
cerr << getTime() << "RADIUS-PLUGIN: FOREGROUND THREAD:
Received framed ip for user: "<< newuser->getFramedIp() << "." << endl;
+ //get the routes from background process
+ newuser->setFramedRoutes6 (
context->authsocketbackgr.recvStr() );
+ if ( DEBUG ( context->getVerbosity() ) )
+ cerr << getTime() << "RADIUS-PLUGIN: FOREGROUND THREAD:
Received IPv6 routes for user: "<< newuser->getFramedRoutes6() << ".\n";
// get the interval from the background process