Proposed patch for auth.c

Alain cocconi cocconi at net-outremer.nc
Fri Nov 18 03:06:01 CET 2005


Hello,

I've mad a small patch to the rad_authlog function in auth.c
The purpose of this patch is to make a pair with the auth log message in it 
(Auth: login Ok ....). For this I use the Reply-Message attribute. What do 
you think, is it safe to use this one ? Or should I define a new one ?
Thank you

Here is the new function :

/*
  * Make sure user/pass are clean
  * and then log them
  */
static int rad_authlog(const char *msg, REQUEST *request, int goodpass) {

         char clean_password[1024];
         char clean_username[1024];
         char buf[1024];
         char msg_log[1024];
         VALUE_PAIR *username = NULL;
         VALUE_PAIR *log_pair;


         if (!mainconfig.log_auth) {
                 return 0;
         }

         /*
          * Get the correct username based on the configured value
          */
         if (log_stripped_names == 0) {
                 username = pairfind(request->packet->vps, PW_USER_NAME);
         } else {
                 username = request->username;
         }

         /*
          *      Clean up the username
          */
         if (username == NULL) {
                 strcpy(clean_username, "<no User-Name attribute>");
         } else {
                 librad_safeprint((char *)username->strvalue,
                                 username->length,
                                 clean_username, sizeof(clean_username));
         }

         /*
          *      Clean up the password
          */
         if (mainconfig.log_auth_badpass || mainconfig.log_auth_goodpass) {
                 if (!request->password) {
                         strcpy(clean_password, "<no User-Password 
attribute>");
                 } else if (request->password->attribute == PW_CHAP_PASSWORD) {
                         strcpy(clean_password, "<CHAP-Password>");
                 } else {
                         librad_safeprint((char *)request->password->strvalue,
                                          request->password->length,
                                          clean_password, 
sizeof(clean_password));
                 }
         }


         if (goodpass) {
                 sprintf(msg_log, "%s: [%s%s%s] (%s)",
                                 msg,
                                 clean_username,
                                 mainconfig.log_auth_goodpass ? "/" : "",
                                 mainconfig.log_auth_goodpass ? 
clean_password : "",
                                 auth_name(buf, sizeof(buf), request, 1));
         } else {
                 sprintf(msg_log, "%s: [%s%s%s] (%s)",
                                 msg,
                                 clean_username,
                                 mainconfig.log_auth_badpass ? "/" : "",
                                 mainconfig.log_auth_badpass ? 
clean_password : "",
                                 auth_name(buf, sizeof(buf), request, 1));
         }
         radlog(L_AUTH, msg_log);

         log_pair = paircreate(PW_REPLY_MESSAGE, PW_TYPE_STRING);
         if (log_pair == NULL) {
             radlog(L_ERR|L_CONS, "no memory");
             exit(1);
         }
         sprintf((char *)log_pair->strvalue, "%s", msg_log);
         log_pair->length = strlen((char *)log_pair->strvalue);
         pairadd(&request->reply->vps, log_pair);

         return 0;
}






More information about the Freeradius-Users mailing list