debian/0000755000000000000000000000000012252427316007172 5ustar debian/openvpn-auth-radius.examples0000644000000000000000000000003612251371014014632 0ustar radiusplugin.cnf vsascript.pl debian/source/0000755000000000000000000000000012251372001010457 5ustar debian/source/format0000644000000000000000000000001412251334534011676 0ustar 3.0 (quilt) debian/rules0000755000000000000000000000120012251417061010236 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 DPKG_EXPORT_BUILDFLAGS = 1 # use -include to support old dpkg -include /usr/share/dpkg/buildflags.mk CFLAGS += $(CPPFLAGS) export CFLAGS %: dh $@ override_dh_clean: dh_clean -XUserAcct.cpp.orig override_dh_auto_install: install -m755 radiusplugin.so $(CURDIR)/debian/openvpn-auth-radius/usr/lib/openvpn/radiusplugin.so override_dh_fixperms: dh_fixperms chmod a-x $(CURDIR)/debian/openvpn-auth-radius/usr/share/doc/openvpn-auth-radius/examples/radiusplugin.cnf override_dh_strip: dh_strip --dbg-package=openvpn-auth-radius-dbg debian/openvpn-auth-radius.docs0000644000000000000000000000001412251414531013742 0ustar README ToDo debian/clean0000644000000000000000000000000512251370444010170 0ustar main debian/openvpn-auth-radius.dirs0000644000000000000000000000002012251365470013757 0ustar usr/lib/openvpn debian/copyright0000644000000000000000000001224112251367115011124 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: radiusplugin Upstream-Contact: Ralf Luebben Source: http://www.nongnu.org/radiusplugin/ Files: * Copyright: 2005, EWE TEL GmbH 2005, Ralf Luebben License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. Files: RadiusClass/radius.h Copyright: 2005, EWE TEL GmbH 2005, Ralf Luebben License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program (see the file COPYING included with this distribution); if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. Files: openvpn-plugin.h Copyright: 2002-2008, OpenVPN Technologies, Inc. License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program (see the file COPYING included with this distribution); if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. Files: RadiusClass/vsa.h RadiusClass/utilities/vsa.h RadiusClass/utilities/vsa_if_statements.txt RadiusClass/utilities/dictionary Copyright: 2000-2008, The FreeRADIUS Server Project 1997-1999, Cistron Internet Services B.V. 2005, EWE TEL GmbH 2005, Ralf Luebben License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. Comment: The vsa*.* files can be regenerated from the dictionary file using vsahelper.pl. The dictionary file is derived from files from the freeradius project which uses the same license. Files: debian/* Copyright: 2010-2012, Cygnus Networks GmbH License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. debian/control0000644000000000000000000000220412251415741010571 0ustar Source: openvpn-auth-radius Maintainer: Cygnus Networks GmbH Uploaders: Dr. Torge Szczepanek Standards-Version: 3.9.5 Section: net Priority: extra Build-Depends: debhelper (>= 9), libgcrypt11-dev Homepage: http://www.nongnu.org/radiusplugin/ Package: openvpn-auth-radius Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openvpn (>= 2) Description: OpenVPN RADIUS authentication module A plugin for OpenVPN 2.x that implements authentication of users against a RADIUS server. It features: * RADIUS authentication and accounting support for OpenVPN * analysis of RADIUS attributes: o framed ip address o framed routes o acct interim interval o vendor specific attributes by additional scripts Package: openvpn-auth-radius-dbg Architecture: any Depends: openvpn-auth-radius (= ${binary:Version}), ${misc:Depends} Section: debug Description: debugging symbols for openvpn-plugin-radius openvpn-auth-radius is a plugin for OpenVPN 2.x that implements authentication of users against a RADIUS server. . This package contains the debugging symbols for openvpn-auth-radius. debian/patches/0000755000000000000000000000000012251416023010611 5ustar debian/patches/verbose_built0000644000000000000000000000132012251372351013401 0ustar --- a/Makefile +++ b/Makefile @@ -1,10 +1,3 @@ -BLUE =\033[20;36m -GREEN =\033[32m -RED =\033[31m -ESC =\033[0m -OK =[$(GREEN) Ok $(ESC)] -FAILED =[$(RED) failed $(ESC)] - CC=g++ @@ -40,15 +33,13 @@ all: $(PLUGIN) $(PLUGIN): $(OBJECTS) - @echo -e 'BIN: $(GREEN) $(PLUGIN) $(ESC)' - @$(CC) $(CFLAGS) $(OBJECTS) -o $(PLUGIN) $(LDFLAGS) $(LIBS) + $(CC) $(CFLAGS) $(OBJECTS) -o $(PLUGIN) $(LDFLAGS) $(LIBS) %.o: %.cpp - @echo -e 'OBJ: $(GREEN) $@ $(ESC)' - @$(CC) $(INCL) $(CFLAGS) -o $@ -c $< + $(CC) $(INCL) $(CFLAGS) -o $@ -c $< test: $(OBJECTS) - @$(CC) -Wall $(OBJECTS) -o main $(LDFLAGS) $(LIBS) + $(CC) -Wall $(OBJECTS) -o main $(LDFLAGS) $(LIBS) clean: -rm $(PLUGIN) *.o */*.o debian/patches/fix-fd-leak0000644000000000000000000000106112251337260012626 0ustar There is a file descriptor leak in an errors path in AccountingProcess.cpp. --- a/AccountingProcess.cpp +++ b/AccountingProcess.cpp @@ -478,12 +478,14 @@ string exe=string(context->conf.getVsaScript()) + " " + string(context->conf.getVsaNamedPipe()); if (write (fd_fifo, buf, buflen) != buflen) { + close(fd_fifo); cerr << getTime() << "RADIUS-PLUGIN: Could not write in Pipe to VSAScript!"; return -1; } if(system(exe.c_str())!=0) { + close(fd_fifo); cerr << getTime() << "RADIUS-PLUGIN: Error in VSAScript!"; return -1; } debian/patches/iroute_mask0000644000000000000000000000637112251415056013072 0ustar Subject: [PATCH] Fix iroute netmask computation This rewrites computation of the netmask from CIDR netmask. It was previously completely buggy due to using j instead of k. Using doubles to store a 32bit value is not really safe, and using masks and shifts is much simpler actually. --- a/UserAuth.cpp +++ b/UserAuth.cpp @@ -1492,11 +1492,10 @@ char framedroutes[4096]; char framednetmask_cidr[3]; // ->/24 char framednetmask[16]; // ->255.255.255.0 - char mask_part[6]; char framedgw[16]; char framedmetric[5]; //what is the biggest metric? - double d1,d2; + unsigned long d1,d2; int j=0,k=0; int len=0; @@ -1601,7 +1600,6 @@ { j=0;k=0; //set everything back for the next route entry - memset(mask_part,0,6); memset(framednetmask_cidr,0,3); memset(framedip,0,16); memset(framednetmask,0,16); @@ -1673,78 +1671,31 @@ //create string for client config file //transform framednetmask_cidr - d2=7; - d1=0; memset(framednetmask,0,16); - if (atoi(framednetmask_cidr)>32) + d2=atoi(framednetmask_cidr); + if (d2>32) { cerr << getTime() << "RADIUS-PLUGIN: Bad net CIDR netmask.\n"; } else { - for (k=1; k<=atoi(framednetmask_cidr); k++) + if (d2==32) { - d1=d1+pow(2,d2); - d2--; - - if (k==8) - { - sprintf(mask_part,"%.0lf.", d1); - d1=0; - d2=7; - strncat(framednetmask, mask_part, 4); - memset(mask_part,0,6); - } - if(k==16) - { - sprintf(mask_part,"%.0lf.", d1); - d1=0; - d2=7; - strncat(framednetmask, mask_part, 4); - memset(mask_part,0,6); - } - if(k==24) - { - sprintf(mask_part,"%.0lf.", d1); - d1=0; - d2=7; - strncat(framednetmask, mask_part, 4); - memset(mask_part,0,6); - } + d1=0xffffffffUL; } - if (j<8) + else if (d2==0) { - sprintf(mask_part,"%.0lf.", d1); - d1=0; - strncat(framednetmask, mask_part, 4); - strncat(framednetmask, "0.0.0", 5); - memset(mask_part,0,6); + d1=0x00000000UL; } - else if (j<16) + else { - sprintf(mask_part,"%.0lf.", d1); - d1=0; - strncat(framednetmask, mask_part, 4); - strncat(framednetmask, "0.0", 3); - memset(mask_part,0,6); + d1=((1UL<24) - { - sprintf(mask_part,"%.0lf", d1); - d1=0; - strncat(framednetmask, mask_part, 4); - memset(mask_part,0,6); - } - - + snprintf(framednetmask, 16, "%lu.%lu.%lu.%lu", + (d1 >> 24) & 0xff, + (d1 >> 16) & 0xff, + (d1 >> 8) & 0xff, + (d1 ) & 0xff); } if (DEBUG (context->getVerbosity())) debian/patches/series0000644000000000000000000000007712251372154012040 0ustar iroute_mask fix-fd-leak build-with-debug-symbols verbose_built debian/patches/build-with-debug-symbols0000644000000000000000000000063012251337004015356 0ustar The upstream source provides no way to extend the CFLAGS by -g which is needed for building the debug package. So instead of setting the variables, we add to them. --- a/Makefile +++ b/Makefile @@ -9,10 +9,10 @@ -INCL= -LDFLAGS= -LIBS=-lgcrypt -lpthread -CFLAGS=-Wall -shared -fPIC -DPIC +INCL += +LDFLAGS += +LIBS += -lgcrypt -lpthread +CFLAGS += -Wall -shared -fPIC -DPIC PLUGIN=radiusplugin.so debian/changelog0000644000000000000000000000324212252427316011045 0ustar openvpn-auth-radius (2.1-6) unstable; urgency=low * Switch to dpkg-source 3.0 (quilt) format * Bump compat to level 9 * Fixed Makefile to do verbose built -- Dr. Torge Szczepanek Mon, 09 Dec 2013 17:47:04 +0100 openvpn-auth-radius (2.1-5) unstable; urgency=low * Update maintainer address * Bump standards version - no changes needed * Fix "netmask computation is bogus" thanks to Samuel Thibault (Closes: #727564) -- Dr. Torge Szczepanek Tue, 19 Nov 2013 15:44:23 +0100 openvpn-auth-radius (2.1-4) unstable; urgency=low * binary* targets need to depend on build target. * Mention quilt's README.source in README.source. * Bumped Standards-Version: no changes needed. * Update debian/copyright to machine readable specification 1.0. * Support dpkg-buildflags. * Switch to debhelper 8 and use overrides. -- Helmut Grohne Tue, 10 Apr 2012 14:39:06 +0200 openvpn-auth-radius (2.1-3) unstable; urgency=low * Fix binary-arch target. (Closes: #613666) -- Helmut Grohne Wed, 16 Feb 2011 15:34:49 +0100 openvpn-auth-radius (2.1-2) unstable; urgency=low * Use quilt. * Updated names and addresses. * Fixed a file descriptor leak. * Fixed debian/copyright (syntax error and debian/* missing). * Added Homepage to contol. * Thanks to Paul Wise for reviewing the package. -- Helmut Grohne Thu, 16 Dec 2010 17:43:49 +0100 openvpn-auth-radius (2.1-1) unstable; urgency=low * Initial release. * Closes: #556460 (ITP) -- Helmut Grohne Tue, 14 Dec 2010 14:11:19 +0100 debian/compat0000644000000000000000000000000212251373502010364 0ustar 9 debian/watch0000644000000000000000000000014712251371030010213 0ustar version=3 opts="uversionmangle=s/_/-/g" http://www.nongnu.org/radiusplugin/radiusplugin_v(.*)\.tar\.gz