diff --git a/radsecproxy.c b/radsecproxy.c index 975db21..0c54ce6 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -32,6 +32,7 @@ * Useful for TCP accounting? Now we require separate server config for alt port */ +#define _GNU_SOURCE #include #include #include @@ -1220,75 +1221,64 @@ uint8_t *radattr2ascii(struct tlv *attr) { } void replylog(struct radmsg *msg, struct server *server, struct request *rq) { - uint8_t *username, *logusername, *stationid, *logstationid, *replymsg; - char *servername; + uint8_t *username, *logusername = NULL, *stationid, *replymsg, *tmp; + char *servername, *logstationid = NULL; servername = server ? server->conf->name : "_self_"; - - if (msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Accounting_Response) { username = radattr2ascii(radmsg_gettype(rq->msg, RAD_Attr_User_Name)); if (username) { - if (options.logfullusername) { - logusername = username; - } else { - logusername = (uint8_t *)strchr((char *)username, '@'); + logusername = options.logfullusername ? username : (uint8_t *)strchr((char *)username, '@'); + } + stationid = radattr2ascii(radmsg_gettype(rq->msg, RAD_Attr_Calling_Station_Id)); + if (stationid) { + logstationid = calloc(64, sizeof(char)); + sprintf((char *)logstationid, " stationid "); + switch (options.log_mac) { + case RSP_MAC_VENDOR_HASHED: + case RSP_MAC_VENDOR_KEY_HASHED: + memcpy(logstationid + 11, stationid, 9); + fticks_hashmac((uint8_t *)stationid, options.log_mac == RSP_MAC_VENDOR_KEY_HASHED ? + options.log_key : NULL, 32, (uint8_t *)logstationid+20); + break; + case RSP_MAC_FULLY_HASHED: + case RSP_MAC_FULLY_KEY_HASHED: + fticks_hashmac((uint8_t *)stationid, options.log_mac == RSP_MAC_FULLY_KEY_HASHED ? + options.log_key : NULL, 32, (uint8_t *)logstationid+11); + break; + case RSP_MAC_STATIC: + sprintf(logstationid+11, "undisclosed"); + case RSP_MAC_ORIGINAL: + default: + strncpy(logstationid+11, (char *)stationid, 64-12); } - stationid = radattr2ascii(radmsg_gettype(rq->msg, RAD_Attr_Calling_Station_Id)); - replymsg = radattr2ascii(radmsg_gettype(msg, RAD_Attr_Reply_Message)); - if (stationid && options.log_mac != RSP_MAC_STATIC) { - logstationid = calloc(64, sizeof(char)); - switch (options.log_mac) { - case RSP_MAC_VENDOR_HASHED: - case RSP_MAC_VENDOR_KEY_HASHED: - memcpy(logstationid, stationid, 9); - fticks_hashmac(stationid, options.log_mac == RSP_MAC_VENDOR_KEY_HASHED ? - options.log_key : NULL, 32, logstationid+9); - break; - case RSP_MAC_FULLY_HASHED: - case RSP_MAC_FULLY_KEY_HASHED: - fticks_hashmac(stationid, options.log_mac == RSP_MAC_FULLY_KEY_HASHED ? - options.log_key : NULL, 32, logstationid); - break; - case RSP_MAC_ORIGINAL: - default: - strncpy((char *)logstationid, (char *)stationid, 64-1); - } - if (replymsg) { - debug(DBG_NOTICE, "%s for user %s stationid %s from %s (%s) to %s (%s)", - radmsgtype2string(msg->code), logusername, logstationid, - servername, replymsg, rq->from->conf->name, - addr2string(rq->from->addr)); - free(replymsg); - } else { - debug(DBG_NOTICE, "%s for user %s stationid %s from %s to %s (%s)", - radmsgtype2string(msg->code), logusername, logstationid, - servername, rq->from->conf->name, - addr2string(rq->from->addr)); - } - free(stationid); - if (options.log_mac != RSP_MAC_STATIC && - options.log_mac != RSP_MAC_ORIGINAL) - free(logstationid); - } else { - if (replymsg) { - debug(DBG_NOTICE, "%s for user %s from %s (%s) to %s (%s)", - radmsgtype2string(msg->code), logusername, - servername, replymsg, rq->from->conf->name, - addr2string(rq->from->addr)); - free(replymsg); - } else - debug(DBG_NOTICE, "%s for user %s from %s to %s (%s)", - radmsgtype2string(msg->code), logusername, - servername, rq->from->conf->name, - addr2string(rq->from->addr)); - } - free(username); + free(stationid); + } + replymsg = radattr2ascii(radmsg_gettype(msg, RAD_Attr_Reply_Message)); + if (replymsg) { + asprintf((char **)&tmp, " (%s)", replymsg); + free(replymsg); + replymsg = tmp; + } + + if (msg->code == RAD_Access_Accept || msg->code == RAD_Access_Reject || msg->code == RAD_Accounting_Response) { + if (logusername) { + debug(DBG_NOTICE, "%s for user %s %s from %s%s to %s (%s)", + radmsgtype2string(msg->code), logusername, logstationid ? logstationid : "", + servername, replymsg ? (char *)replymsg : "", rq->from->conf->name, + addr2string(rq->from->addr)); } else { debug(DBG_NOTICE, "%s (response to %s) from %s to %s (%s)", radmsgtype2string(msg->code), radmsgtype2string(rq->msg->code), servername, rq->from->conf->name, addr2string(rq->from->addr)); } + } else if(msg->code == RAD_Access_Request) { + debug(DBG_NOTICE, "missing response to %s for user %s%s from %s (%s) to %s", + radmsgtype2string(msg->code), logusername, logstationid ? logstationid : "", + rq->from->conf->name, addr2string(rq->from->addr), servername); } + free(username); + free(logstationid); + free(replymsg); } void respond(struct request *rq, uint8_t code, char *message, @@ -1522,7 +1512,7 @@ int radsrv(struct request *rq) { userascii = radattr2ascii(attr); if (!userascii) goto rmclrqexit; - debug(DBG_DBG, "radsrv: got %s (id %d) with username: %s from client %s (%s)", radmsgtype2string(msg->code), msg->id, userascii, from->conf->name, addr2string(from->addr)); + debug(DBG_INFO, "radsrv: got %s (id %d) with username: %s from client %s (%s)", radmsgtype2string(msg->code), msg->id, userascii, from->conf->name, addr2string(from->addr)); /* will return with lock on the realm */ to = findserver(&realm, attr, msg->code == RAD_Accounting_Request); @@ -1898,6 +1888,7 @@ void *clientwr(void *arg) { if (rqout->tries == (*rqout->rq->buf == RAD_Status_Server ? 1 : conf->retrycount + 1)) { debug(DBG_DBG, "clientwr: removing expired packet from queue"); + replylog(rqout->rq->msg, server, rqout->rq); if (conf->statusserver) { if (*rqout->rq->buf == RAD_Status_Server) { debug(DBG_WARN, "clientwr: no status server response, %s dead?", conf->name);