Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allows to disable accounting #23

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Publish release
on:
push:
tags:
- v*.*
jobs:
publush-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: install libgcrypt
run: sudo apt-get install -y libgcrypt-dev
- name: build
run: make
- name: release
uses: softprops/action-gh-release@v1
with:
files: |
radiusplugin.so
radiusplugin.cnf
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,5 @@
*.so
*~
main
.vscode/
.DS_Store
327 changes: 155 additions & 172 deletions AccountingProcess.cpp

Large diffs are not rendered by default.

69 changes: 39 additions & 30 deletions ChangeLog → CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
radiusplugin_v1.1a:
# CHANGELOG

## v1.1a:
- Standard configfile: /etc/openvon/radiusplugin.cnf.
- #include <unistd.h> in IpcSocket.h, is needed for compiling on some systems.
- Correct README: A configfile must set with "-c configfile".
- Correct fprintf statement in UserAuth.cpp (line 300).
- Set debug level from 7 to 5.

radiusplugin_v1.1.a (5.1.06):
## v1.1.a (5.1.06):
- correct calculate of ipaddress for ifconfig-push in UserAuth::createCcdFile()
- FramedIpAddress-Attribute is set to the IP address OpenVPN is assigned to the client,
the address is read from ENVP-Array with name ifconfig_pool_remote_ip and set to
Expand All @@ -15,47 +17,48 @@ radiusplugin_v1.1.a (5.1.06):
- add parameters in config with getters, setters and modify constructors and destructor
- modify UserAuth::createCcdFile to set the right topology option

radiusplugin_1.2:
## 1.2:
- use libgcrypt instead openssl (for gpl compability)
- checking of the authenticator field from received packets
- correct error on deleting users without an acct-interim-interval in AcctScheduler.cpp::findUser()
- send message to foreground process if no user was found (else the plugin hangs)

radiusplugin_1.2a:
## 1.2a:
- correct error if a user connects again, if he is still known by the plugin, now the user can't reconnect if he is known by the plugin
- Change GPL text
- add COPYING file

radiusplugin_1.2b:
## 1.2b:
- correct error: don't disconnect at rekeying/renegotiation

radiusplugin_1.2c:
## 1.2c:
- new algorithm to generate Acct-Session-ID, so it should be unique ever, see createSessionID in radiusplugin.cpp

radiusplugin_1.2d:
## 1.2d:
- option in OpenVPN config file is now: "plugin /etc/openvpn/radiusplugin.so [configfile]
- correct bug: close of configfile was missing

radiusplugin_1.2e:
## 1.2e:
- use RadiusClass_v1.1a for more machine independance (big endian/little endian)
- use send()/recvInt() instead of sendCode()/recvCode() for internal socket communication

radiusplugin_2.0:
- new features:
- support of vendor specific attributes with example perl script
- support for OpenVPN options: dupliate-cn, client-cert-not-required, username-as-commonname
- comments allowd in config file
- parsing of OpenVPN config file for options (see radiusplugin.cnf)
- fixed bugs:
- crash on rekeying if no radius server respond
- framed ip is sent in access request packets if the client already has one (at rekeying), for dynamical key assignment through the radius server, so it will not send a new one
## 2.0:
new features
- support of vendor specific attributes with example perl script
- support for OpenVPN options: dupliate-cn, client-cert-not-required, username-as-commonname
- comments allowd in config file
- parsing of OpenVPN config file for options (see radiusplugin.cnf)

fixed bugs
- crash on rekeying if no radius server respond
- framed ip is sent in access request packets if the client already has one (at rekeying), for dynamical key assignment through the radius server, so it will not send a new one
- passwords and sharedsecret are shown as ****** in the logs

radiusplugin_2.0a:
- fix error in IpcSocket.h,
bad function name: void IpcSocket::recvBuf(User *) -> void recvBuf(User *);
## 2.0a:
- fix error in IpcSocket.h,
bad function name: void IpcSocket::recvBuf(User *) -> void recvBuf(User *);

radiusplugin_2.0b:
## 2.0b:
- fixed datatypes from int to uint32_t/uint64_t to prevent overflows above 2^31
- added support for gigawords
- added a Makefile
Expand All @@ -69,21 +72,21 @@ radiusplugin_2.0b:
- don't delete client config file at CLIENT-DISCONNECT it could be already a new file from a new AUTH-USER-PASS-VERIFY
- Fix segmentation fault in radiusplugin.cpp. The error occurs if an accounting request fails after a successful authentication.

radiusplugin_2.0c:
## 2.0c:
- add IPv6 support (IPv6 patch for OpenVPN openvpn-2.1-udp6.patch)
- check if string/buffer length is zero in IpcSocket
- delete NAS port if authentication fails

radiusplugin_2.0d_beta:
## 2.0d_beta:
- add some headerfiles to avoid compiling errors on Fedora with gcc4
- close socket in radiuspacket.cpp on retries
- add parenthesize to avoid compiler warnings

radiusplugin_2.1:
- Support of OPENVPN_PLUGIN_FUNC_DEFERRED:
*** The communication to the radius server for authentication is outsourced in a thread.
*** If an auth control file is defined and "useauthcontrolfile=true" is defined in the config file of plugin the authentication is done the background.
*** The OpenVPN process needs write permission in the OpenVPN directory.
## 2.1:
- Support of OPENVPN_PLUGIN_FUNC_DEFERRED:
The communication to the radius server for authentication is outsourced in a thread.
If an auth control file is defined and `useauthcontrolfile=true` is defined in the config file of plugin the authentication is done the background.
The OpenVPN process needs write permission in the OpenVPN directory.
- Timestamps are included in the debug information.
- Adapted to OPENVPN_PLUGIN_VERSION 2
- Internal key is now based on untrusted_ip and untrusted_before.
Expand All @@ -98,6 +101,12 @@ radiusplugin_2.1:
- Add NAS port number to the session id, it's definitely unique
- Acct-Session-Id added to Access-Request packet (RFC2866)

radiusplugin_2.1a:
## 2.1a:
- Implement accounting only feature (option: accountingonly, default false)
- Implement non fatal accounting (failures during accounting let the user still connect) (nonfatalaccounting)
- Implement non fatal accounting (failures during accounting let the user still connect) (nonfatalaccounting)

## 2.2
- Fix locks for operations with users waiting for authentication or accounting start

## 2.3:
- Allow to disable accounting
Loading