New upstream version 5.7.2

author: Yves-Alexis Perez <corsac@debian.org> 2019-01-02 10:45:36 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2019-01-02 11:07:05 +0100
commit: 918094fde55fa0dbfd59a5f88d576efb513a88db (patch)
tree: 61e31656c60a6cc928c50cd633568043673e2cbd /src/libcharon/plugins/eap_radius
parent: 69bc96f6b0b388d35e983f8d27224fa49d92918c (diff)
download: vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz
vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip
5 files changed, 116 insertions, 8 deletions
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index fbbf6da83..ae1371b45 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2017 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -156,7 +156,7 @@ void eap_radius_build_attributes(radius_message_t *request)
 {
 	ike_sa_t *ike_sa;
 	host_t *host;
-	char buf[40], *station_id_fmt;;
+	char buf[40], *station_id_fmt, *session_id;
 	uint32_t value;
 	chunk_t chunk;
 
@@ -202,6 +202,14 @@ void eap_radius_build_attributes(radius_message_t *request)
 		host = ike_sa->get_other_host(ike_sa);
 		snprintf(buf, sizeof(buf), station_id_fmt, host);
 		request->add(request, RAT_CALLING_STATION_ID, chunk_from_str(buf));
+
+		session_id = eap_radius_accounting_session_id(ike_sa);
+		if (session_id)
+		{
+			request->add(request, RAT_ACCT_SESSION_ID,
+						 chunk_from_str(session_id));
+			free(session_id);
+		}
 	}
 }
 
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index 92611492b..ecb2083c9 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015-2017 Tobias Brunner
+ * Copyright (C) 2015-2018 Tobias Brunner
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
@@ -17,6 +17,7 @@
  */
 
 #include "eap_radius_accounting.h"
+#include "eap_radius_provider.h"
 #include "eap_radius_plugin.h"
 
 #include <time.h>
@@ -461,6 +462,37 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this,
 }
 
 /**
+ * Add any unclaimed IP addresses to the message
+ */
+static void add_unclaimed_ips(radius_message_t *message, ike_sa_t *ike_sa)
+{
+	eap_radius_provider_t *provider;
+	enumerator_t *enumerator;
+	host_t *vip;
+
+	provider = eap_radius_provider_get();
+	enumerator = provider->clear_unclaimed(provider,
+										   ike_sa->get_unique_id(ike_sa));
+	while (enumerator->enumerate(enumerator, &vip))
+	{
+		switch (vip->get_family(vip))
+		{
+			case AF_INET:
+				message->add(message, RAT_FRAMED_IP_ADDRESS,
+							 vip->get_address(vip));
+				break;
+			case AF_INET6:
+				message->add(message, RAT_FRAMED_IPV6_ADDRESS,
+							 vip->get_address(vip));
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
  * Add the Class attributes received in the Access-Accept message to the
  * RADIUS accounting message
  */
@@ -790,6 +822,7 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
 					 chunk_create(entry->sid, strlen(entry->sid)));
 		add_class_attributes(message, entry);
 		add_ike_sa_parameters(this, message, ike_sa);
+		add_unclaimed_ips(message, ike_sa);
 
 		value = htonl(entry->usage.bytes.sent);
 		message->add(message, RAT_ACCT_OUTPUT_OCTETS, chunk_from_thing(value));
@@ -816,7 +849,6 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
 		value = htonl(time_monotonic(NULL) - entry->created);
 		message->add(message, RAT_ACCT_SESSION_TIME, chunk_from_thing(value));
 
-
 		value = htonl(entry->cause);
 		message->add(message, RAT_ACCT_TERMINATE_CAUSE, chunk_from_thing(value));
 
@@ -1070,8 +1102,27 @@ eap_radius_accounting_t *eap_radius_accounting_create()
 	return &this->public;
 }
 
-/**
- * See header
+/*
+ * Described in header
+ */
+char *eap_radius_accounting_session_id(ike_sa_t *ike_sa)
+{
+	entry_t *entry;
+	char *sid = NULL;
+
+	if (singleton)
+	{
+		singleton->mutex->lock(singleton->mutex);
+		entry = get_or_create_entry(singleton, ike_sa->get_id(ike_sa),
+									ike_sa->get_unique_id(ike_sa));
+		sid = strdup(entry->sid);
+		singleton->mutex->unlock(singleton->mutex);
+	}
+	return sid;
+}
+
+/*
+ * Described in header
  */
 void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval)
 {
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
index dc1edcf54..1fe1107ea 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
@@ -50,6 +50,14 @@ struct eap_radius_accounting_t {
 eap_radius_accounting_t *eap_radius_accounting_create();
 
 /**
+ * Get the Accounting session ID for the given IKE_SA.
+ *
+ * @param ike_sa			IKE_SA for which to determine the session ID
+ * @return					allocated session ID
+ */
+char *eap_radius_accounting_session_id(ike_sa_t *ike_sa);
+
+/**
  * Schedule Accounting interim updates for the given IKE_SA.
  *
  * @param ike_sa			IKE_SA to send updates for
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c
index 8188bb764..defabb782 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
  *
@@ -131,7 +134,7 @@ static entry_t* get_or_create_entry(hashtable_t *hashtable, uintptr_t id)
 }
 
 /**
- * Put an entry to hashtable, or destroy it ife empty
+ * Put an entry to hashtable, or destroy it if empty
  */
 static void put_or_destroy_entry(hashtable_t *hashtable, entry_t *entry)
 {
@@ -494,6 +497,24 @@ METHOD(eap_radius_provider_t, add_attribute, void,
 	this->listener.mutex->unlock(this->listener.mutex);
 }
 
+METHOD(eap_radius_provider_t, clear_unclaimed, enumerator_t*,
+	private_eap_radius_provider_t *this, uint32_t id)
+{
+	entry_t *entry;
+
+	this->listener.mutex->lock(this->listener.mutex);
+	entry = this->listener.unclaimed->remove(this->listener.unclaimed,
+											 (void*)(uintptr_t)id);
+	this->listener.mutex->unlock(this->listener.mutex);
+	if (!entry)
+	{
+		return enumerator_create_empty();
+	}
+	return enumerator_create_cleaner(
+					entry->addrs->create_enumerator(entry->addrs),
+					(void*)destroy_entry, entry);
+}
+
 METHOD(eap_radius_provider_t, destroy, void,
 	private_eap_radius_provider_t *this)
 {
@@ -523,6 +544,7 @@ eap_radius_provider_t *eap_radius_provider_create()
 				},
 				.add_framed_ip = _add_framed_ip,
 				.add_attribute = _add_attribute,
+				.clear_unclaimed = _clear_unclaimed,
 				.destroy = _destroy,
 			},
 			.listener = {
@@ -539,6 +561,14 @@ eap_radius_provider_t *eap_radius_provider_create()
 			},
 		);
 
+		if (lib->settings->get_bool(lib->settings,
+							"%s.plugins.eap-radius.accounting", FALSE, lib->ns))
+		{
+			/* if RADIUS accounting is enabled, keep unclaimed IPs around until
+			 * the Accounting-Stop message is sent */
+			this->listener.public.message = NULL;
+		}
+
 		charon->bus->add_listener(charon->bus, &this->listener.public);
 
 		singleton = &this->public;
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.h b/src/libcharon/plugins/eap_radius/eap_radius_provider.h
index 80971bddb..9f1121ca3 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_provider.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.h
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
  *
@@ -56,6 +59,14 @@ struct eap_radius_provider_t {
 						  configuration_attribute_type_t type, chunk_t data);
 
 	/**
+	 * Clears any unclaimed IP addresses and attributes for the given IKE_SA.
+	 *
+	 * @param id			IKE_SA unique identifier
+	 * @return				enumerator over unclaimed IP addresses, if any
+	 */
+	enumerator_t *(*clear_unclaimed)(eap_radius_provider_t *this, uint32_t id);
+
+	/**
 	 * Destroy a eap_radius_provider_t.
 	 */
 	void (*destroy)(eap_radius_provider_t *this);
author	Yves-Alexis Perez <corsac@debian.org>	2019-01-02 10:45:36 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2019-01-02 11:07:05 +0100
commit	918094fde55fa0dbfd59a5f88d576efb513a88db (patch)
tree	61e31656c60a6cc928c50cd633568043673e2cbd /src/libcharon/plugins/eap_radius
parent	69bc96f6b0b388d35e983f8d27224fa49d92918c (diff)
download	vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip