From: Alan T. DeKok Date: Mon, 27 Jan 2025 14:20:13 +0000 (-0500) Subject: remove accounting from unix module X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70b1bd2970865ff13d265bbb595f85d455071603;p=thirdparty%2Ffreeradius-server.git remove accounting from unix module no one has used this for a long time --- diff --git a/src/lib/server/base.h b/src/lib/server/base.h index 10a1eb0c501..10a4d1184cc 100644 --- a/src/lib/server/base.h +++ b/src/lib/server/base.h @@ -59,7 +59,6 @@ RCSIDH(base_h, "$Id$") #include #include #include -#include #include #include #include diff --git a/src/lib/server/sysutmp.h b/src/lib/server/sysutmp.h deleted file mode 100644 index 1b236ef092a..00000000000 --- a/src/lib/server/sysutmp.h +++ /dev/null @@ -1,127 +0,0 @@ -#pragma once -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA - */ - -/** - * $Id$ - * - * @file lib/server/sysutmp.h - * @brief Compatibility stuff for the different UTMP systems. - * - * @copyright 2015 The FreeRADIUS server project - */ -RCSIDH(sysutmp_h, "$Id$") - -#include - -/* - * If we have BOTH utmp.h and utmpx.h, then - * we prefer to use utmp.h, but only on systems other than Solaris. - */ -#if !defined(__sun) && !defined(sgi) && !defined(hpux) -# ifdef HAVE_UTMP_H -# undef HAVE_UTMPX_H -# endif -#endif - -#if defined(HAVE_UTMP_H) || defined(HAVE_UTMPX_H) - -/* UTMP stuff. Uses utmpx on svr4 */ -#ifdef HAVE_UTMPX_H -# include -# include -# define USE_UTMPX 1 -# define UT_NAMESIZE 32 -# define UT_LINESIZE 32 -# define UT_HOSTSIZE 257 -#if defined(hpux) || defined(__FreeBSD__) -# define ut_name ut_user -#endif -#if defined(__FreeBSD__) -# define utmp utmpx -#endif -#else -# include -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef __osf__ -# define UT_NAMESIZE 32 -# define UT_LINESIZE 32 -# define UT_HOSTSIZE 64 -#endif - -#if (defined(__FreeBSD__) && !defined(HAVE_UTMPX_H)) || defined(__NetBSD__) || defined(bsdi) || defined(__OpenBSD__) || defined(__APPLE__) -# ifndef UTMP_FILE -# define UTMP_FILE "/var/run/utmp" -# endif -# define ut_user ut_name -#endif - -/* - * Generate definitions for systems which are too broken to - * do it themselves. - * - * Hmm... this means that we can probably get rid of a lot of - * the static defines above, as the following lines will generate - * the proper defines for any system. - */ -#ifndef UT_LINESIZE -#define UT_LINESIZE sizeof(((struct utmp *) NULL)->ut_line) -#endif - -#ifndef UT_NAMESIZE -#define UT_NAMESIZE sizeof(((struct utmp *) NULL)->ut_user) -#endif - -#ifndef UT_HOSTSIZE -#define UT_HOSTSIZE sizeof(((struct utmp *) NULL)->ut_host) -#endif - -#else /* HAVE_UTMP_H */ - -/* - * No file - define stuff ourselves (minimally). - */ -#define UT_LINESIZE 16 -#define UT_NAMESIZE 16 -#define UT_HOSTSIZE 16 - -#define USER_PROCESS 7 -#define DEAD_PROCESS 8 - -#define UTMP_FILE "/var/run/utmp" -#define ut_name ut_user - -struct utmp { - short ut_type; - int ut_pid; - char ut_line[UT_LINESIZE]; - char ut_id[4]; - long ut_time; - char ut_user[UT_NAMESIZE]; - char ut_host[UT_HOSTSIZE]; - long ut_addr; -}; - -#endif /* HAVE_UTMP_H */ - -#ifdef __cplusplus -} -#endif diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c index a66913ce637..d1cc1b6c0b5 100644 --- a/src/modules/rlm_unix/rlm_unix.c +++ b/src/modules/rlm_unix/rlm_unix.c @@ -31,7 +31,6 @@ USES_APPLE_DEPRECATED_API #include #include #include -#include #include #include @@ -45,18 +44,6 @@ USES_APPLE_DEPRECATED_API # include #endif -static char trans[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -#define ENC(c) trans[c] - -typedef struct { - char const *radwtmp; -} rlm_unix_t; - -static const conf_parser_t module_config[] = { - { FR_CONF_OFFSET_FLAGS("radwtmp", CONF_FLAG_FILE_INPUT, rlm_unix_t, radwtmp) }, - CONF_PARSER_TERMINATOR -}; - static fr_dict_t const *dict_freeradius; static fr_dict_t const *dict_radius; @@ -98,7 +85,7 @@ fr_dict_attr_autoload_t rlm_unix_dict_attr[] = { /** Check if the user is in the given group * */ -static bool CC_HINT(nonnull) unix_check_group(UNUSED rlm_unix_t const *inst, request_t *request, char const *name) +static bool CC_HINT(nonnull) unix_check_group(request_t *request, char const *name) { bool rcode = false; struct passwd *pwd; @@ -159,10 +146,9 @@ static bool CC_HINT(nonnull) unix_check_group(UNUSED rlm_unix_t const *inst, req * @ingroup xlat_functions */ static xlat_action_t unix_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, - xlat_ctx_t const *xctx, + UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in) { - rlm_unix_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_unix_t); fr_value_box_t *arg = fr_value_box_list_head(in); char const *p = arg->vb_strvalue; fr_value_box_t *vb; @@ -170,7 +156,7 @@ static xlat_action_t unix_group_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, fr_skip_whitespace(p); MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum)); - vb->vb_bool = unix_check_group(inst, request, p); + vb->vb_bool = unix_check_group(request, p); fr_dcursor_append(out, vb); return XLAT_ACTION_DONE; @@ -338,217 +324,6 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, UNU } -/* - * UUencode 4 bits base64. We use this to turn a 4 byte field - * (an IP address) into 6 bytes of ASCII. This is used for the - * wtmp file if we didn't find a short name in the naslist file. - */ -static char *uue(void *in) -{ - int i; - static unsigned char res[7]; - unsigned char *data = (unsigned char *)in; - - res[0] = ENC( data[0] >> 2 ); - res[1] = ENC( ((data[0] << 4) & 060) + ((data[1] >> 4) & 017) ); - res[2] = ENC( ((data[1] << 2) & 074) + ((data[2] >> 6) & 03) ); - res[3] = ENC( data[2] & 077 ); - - res[4] = ENC( data[3] >> 2 ); - res[5] = ENC( (data[3] << 4) & 060 ); - res[6] = 0; - - for(i = 0; i < 6; i++) { - if (res[i] == ' ') res[i] = '`'; - if (res[i] < 32 || res[i] > 127) - printf("uue: protocol error ?!\n"); - } - return (char *)res; -} - - -/* - * Unix accounting - write a wtmp file. - */ -static unlang_action_t CC_HINT(nonnull) mod_accounting(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) -{ - rlm_unix_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_unix_t); - fr_pair_t *vp; - FILE *fp; - struct utmp ut; - uint64_t t; - char buf[64]; - char const *s = NULL; - int status = -1; - int nas_address = 0; - int framed_address = 0; -#ifdef USER_PROCESS - int protocol = -1; -#endif - uint32_t nas_port = 0; - bool port_seen = true; - fr_client_t *client; - - /* - * No radwtmp. Don't do anything. - */ - if (!inst->radwtmp) { - RDEBUG2("No radwtmp file configured. Ignoring accounting request"); - RETURN_MODULE_NOOP; - } - - if (request->packet->socket.inet.src_ipaddr.af != AF_INET) { - RDEBUG2("IPv6 is not supported!"); - RETURN_MODULE_NOOP; - } - - /* - * Which type is this. - */ - if ((vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_acct_status_type)) == NULL) { - RDEBUG2("no Accounting-Status-Type attribute in request"); - RETURN_MODULE_NOOP; - } - status = vp->vp_uint32; - - /* - * Maybe handle ALIVE, too? - */ - if (status != FR_STATUS_START && - status != FR_STATUS_STOP) - RETURN_MODULE_NOOP; - - /* - * We're only interested in accounting messages - * with a username in it. - */ - if (fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name) == NULL) - RETURN_MODULE_NOOP; - - t = fr_time_to_sec(request->packet->timestamp); - memset(&ut, 0, sizeof(ut)); - - /* - * First, find the interesting attributes. - */ - for (vp = fr_pair_list_head(&request->request_pairs); - vp; - vp = fr_pair_list_next(&request->request_pairs, vp)) { - if (vp->da == attr_user_name) { - if (vp->vp_length >= sizeof(ut.ut_name)) { - memcpy(ut.ut_name, vp->vp_strvalue, sizeof(ut.ut_name)); - } else { - strlcpy(ut.ut_name, vp->vp_strvalue, sizeof(ut.ut_name)); - } - - } else if (vp->da == attr_login_ip_host || - vp->da == attr_framed_ip_address) { - framed_address = vp->vp_ipv4addr; - -#ifdef USER_PROCESS - } else if (vp->da == attr_framed_protocol) { - protocol = vp->vp_uint32; -#endif - } else if (vp->da == attr_nas_ip_address) { - nas_address = vp->vp_ipv4addr; - - } else if (vp->da == attr_nas_port) { - nas_port = vp->vp_uint32; - port_seen = true; - - } else if (vp->da == attr_acct_delay_time) { - uint32_t delay; - - delay = vp->vp_uint32; - - if (t < delay) RETURN_MODULE_FAIL; - - t -= delay; - } - } - if (t > UINT32_MAX) RETURN_MODULE_FAIL; - - /* - * We don't store !root sessions, or sessions - * where we didn't see a NAS-Port attribute. - */ - if (strncmp(ut.ut_name, "!root", sizeof(ut.ut_name)) == 0 || !port_seen) - RETURN_MODULE_NOOP; - - /* - * If we didn't find out the NAS address, use the - * originator's IP address. - */ - if (nas_address == 0) { - nas_address = request->packet->socket.inet.src_ipaddr.addr.v4.s_addr; - } - - client = client_from_request(request); - if (client) s = client->shortname; - if (!s || s[0] == 0) s = uue(&(nas_address)); - -#ifdef __linux__ - /* - * Linux has a field for the client address. - */ - ut.ut_addr = framed_address; -#endif - /* - * We use the tty field to store the terminal servers' port - * and address so that the tty field is unique. - */ - snprintf(buf, sizeof(buf), "%03u:%s", nas_port, s); - strlcpy(ut.ut_line, buf, sizeof(ut.ut_line)); - - /* - * We store the dynamic IP address in the hostname field. - */ -#ifdef UT_HOSTSIZE - if (framed_address) { - inet_ntop(AF_INET, &framed_address, buf, sizeof(buf)); - strlcpy(ut.ut_host, buf, sizeof(ut.ut_host)); - } -#endif -#ifdef USE_UTMPX - ut.ut_xtime = t; -#else - ut.ut_time = t; -#endif -#ifdef USER_PROCESS - /* - * And we can use the ID field to store - * the protocol. - */ - if (protocol == FR_PPP) - strcpy(ut.ut_id, "P"); - else if (protocol == FR_SLIP) - strcpy(ut.ut_id, "S"); - else - strcpy(ut.ut_id, "T"); - ut.ut_type = status == FR_STATUS_STOP ? DEAD_PROCESS : USER_PROCESS; -#endif - if (status == FR_STATUS_STOP) - ut.ut_name[0] = 0; - - /* - * Write a RADIUS wtmp log file. - * - * Try to open the file if we can't, we don't write the - * wtmp file. If we can try to write. If we fail, - * return RLM_MODULE_FAIL .. - */ - if ((fp = fopen(inst->radwtmp, "a")) != NULL) { - if ((fwrite(&ut, sizeof(ut), 1, fp)) != 1) { - fclose(fp); - RETURN_MODULE_FAIL; - } - fclose(fp); - } else - RETURN_MODULE_FAIL; - - RETURN_MODULE_OK; -} - /* globally exported name */ extern module_rlm_t rlm_unix; module_rlm_t rlm_unix = { @@ -556,15 +331,11 @@ module_rlm_t rlm_unix = { .magic = MODULE_MAGIC_INIT, .name = "unix", .flags = MODULE_TYPE_THREAD_UNSAFE, - .inst_size = sizeof(rlm_unix_t), - .config = module_config, .bootstrap = mod_bootstrap }, .method_group = { .bindings = (module_method_binding_t[]){ - { .section = SECTION_NAME("accounting", CF_IDENT_ANY), .method = mod_accounting }, { .section = SECTION_NAME("recv", "Access-Request"), .method = mod_authorize }, - { .section = SECTION_NAME("send", "Accounting-Response"), .method = mod_accounting }, /* Backwards compatibility */ MODULE_BINDING_TERMINATOR } }