Home | pfodApps/pfodDevices | WebStringTemplates | Java/J2EE | Unix | Torches | Superannuation | | About Us
 

Forward Logo (image)      

Freebees - Webpage from Tacacs+ user logs
Modifications to the Tacacs+ software

These mods are base on the Tacacs+ V2.1 source files. As well as writing to the normal log file, a line is written to the individual user files each time a user logs off. The line contains amoung other things the time the user was on line and the bytes down loaded.

Modifed tac_plus source file do_acct.c to write individual user log files in dir /var/log/users-time-dir  These files are used to generate usage logs.

File do_acct.c

/* modified 22/7/97 by M.P.ford to write out stop line to indivigual user files */
** Modification Copyright(c)1997 Forward Computing and Control Pty. Ltd.
** All rights reserved.     ACN 003 669 994  NSW, Australia
*/
/* modified to write out acc_type= for CWW etc */
/* variable useraccpath holds path of these files */


/* 
   Copyright (c) 1995 by Cisco systems, Inc.
   All rights reserved.

   Please NOTE:  None of the TACACS code available here comes with any
   warranty or support.
*/

#include "tac_plus.h"

static int acctfd = 0;
static int userfd = 0;  /* added 10/4/96 mpf */
#define USERFILELEN 1024  /* added 10/4/96 */
static char userfile[USERFILELEN+1]; /* added 10/4/96 */
static char useraccpath[]="/var/log/users-time-dir/";  /* added 22/7/97 */

/* Make a acct entry into the accounting file for accounting. 
   Return 1 on error  */

static int
acct_write(string)
    char *string;
{
    if (write(acctfd, string, strlen(string)) != strlen(string)) {
        report(LOG_ERR, "%s: couldn't write acct file %s %s",
               session.peer,
               session.acctfile, sys_errlist[errno]);
        return(1);
    }
    
    if (debug & DEBUG_ACCT_FLAG)
        report(LOG_DEBUG, "'%s'", string);

    return(0);
}


/* user_acct_write added 22/7/97 */
static int
user_acct_write(char *string,int fd)
   /* char *string; */
{
    if (write(fd, string, strlen(string)) != strlen(string)) {
        report(LOG_ERR, "%s: couldn't write user time file %s %s\n%s",
               session.peer,
               userfile, sys_errlist[errno], string);
        return(1);
    }
    return(0);
}


/* Write a string or "unknown" into the accounting file.
   Return 1 on error  */
static int
user_acct_write_field(string)
    char *string;
{
    if (string && string[0]) {
        if (acct_write(string))
            return(1);
    } else {
        if (acct_write("unknown"))
            return(1);
    }
    return(0);
}

/* user_write added 10/4/96 */
static int
user_write(string)
    char *string;
{
    if (write(userfd, string, strlen(string)) != strlen(string)) {
        report(LOG_ERR, "%s: couldn't write user file %s %s",
               session.peer,
               userfile, sys_errlist[errno]);
        return(1);
    }

    return(0);
}

/* Write a string or "unknown" into the accounting file.
   Return 1 on error  */
static int
acct_write_field(string)
    char *string;
{
    if (string && string[0]) {
        if (acct_write(string))
            return(1);
    } else {
        if (acct_write("unknown"))
            return(1);
    }
    return(0);
}

/* user_write_field added 10/4/96 */
/* Write a string or "unknown" into the accounting file.
   Return 1 on error  */
static int
user_write_field(string)
    char *string;
{
    if (string && string[0]) {
        if (user_write(string))
            return(1);
    } else {
        if (user_write("unknown"))
            return(1);
    }
    return(0);
}


int
do_acct(rec)
struct acct_rec *rec;
{
    int i, status;
    time_t t = time(NULL);
    char *ct = ctime(&t);

    char *usertype = NULL; /* added 21/9/97 for usertype lookup */

    ct[24] = '\0';

    if (!acctfd) {
        acctfd = open(session.acctfile, O_CREAT | O_WRONLY | O_APPEND, 0666);
        if (acctfd < 0) {
            report(LOG_ERR, "Can't open acct file %s -- %s",
                   session.acctfile, sys_errlist[errno]);
            return(1);
        }
    }
    if (!tac_lockfd(session.acctfile, acctfd)) {
        rec->admin_msg = tac_strdup("Cannot lock log file");
        report(LOG_ERR, "%s: Cannot lock %s", 
               session.peer, session.acctfile);
        return(1);
    }

    status = 0;

    status += acct_write(ct);
    status += acct_write("\t");

    status += acct_write_field(rec->identity->NAS_name);
    status += acct_write("\t");

    status += acct_write_field(rec->identity->username);
    status += acct_write("\t");

    status += acct_write_field(rec->identity->NAS_port);
    status += acct_write("\t");

    status += acct_write_field(rec->identity->NAC_address);
    status += acct_write("\t");

    switch(rec->acct_type) {
    case ACCT_TYPE_UPDATE:
        status += acct_write("update\t");
        break;
    case ACCT_TYPE_START:
        status += acct_write("start\t");
        break;
    case ACCT_TYPE_STOP:
        status += acct_write("stop\t");
        break;
    default:
        status += acct_write("unknown\t");
        break;
    }

    for (i=0; i < rec->num_args; i++) {
        status += acct_write(rec->args[i]);
        if (i < (rec->num_args-1)) 
            status += acct_write("\t");
    }
    status += acct_write("\n");

    close(acctfd);
    acctfd = 0;

/************* added 22/7/97 ********************/
 if ((rec->acct_type == ACCT_TYPE_STOP)) {
   int fd = 0;

   #define USERFILESTRLEN 1024
   char userfile[USERFILESTRLEN];
   char unknownuser[] = "unknown-users";
/* test if have username else use unknown file */
   if ((rec->identity->username) && (rec->identity->username[0])) {
       
       if ((strlen(useraccpath) + strlen(rec->identity->username) + 1) > USERFILESTRLEN) {
        report(LOG_ERR, "User filename too long %s%s",useraccpath,rec->identity->username);
         return(1);
   }
     /* lookup username */
     if (!cfg_user_exists(rec->identity->username)) {
        /* does not exist so do not write account data */
        report(LOG_ERR, "User not found '%s'",rec->identity->username);

        if (status) {
            return(1);
        }
        return (0);
     }
     /* else copy username to userfile */
     usertype = cfg_get_pvalue(rec->identity->username, TAC_IS_USER,
                                 S_member, TAC_PLUS_NORECURSE);
      if (! usertype ) { /* memeber missing do not store accounting */
        if (status) {
            return(1);
        }
        return (0);
      }

       strcpy(userfile,useraccpath);
       strcat(userfile,rec->identity->username);
   } else {
      /* unknown user just return */
      /* get these for async8 when dialing up the external mail */
        if (status) {
            return(1);
        }
        return (0);
     /* this code not used *********************
       if ((strlen(useraccpath) + strlen(unknownuser) + 1) > USERFILESTRLEN) {
        report(LOG_ERR, "User filename too long %s%s",useraccpath,unknownuser);
         return(1);
       }
       strcpy(userfile,useraccpath);
       strcat(userfile,unknownuser);
     *******************************/
   }

     fd = open(userfile, O_CREAT | O_WRONLY | O_APPEND, 0666);
    if (fd < 0) {
        report(LOG_ERR, "Can't open acct file %s -- %s",
               userfile, sys_errlist[errno]);
         return(1);
    }
    if (!tac_lockfd(userfile, fd)) {
        rec->admin_msg = tac_strdup("Cannot lock log file");
        report(LOG_ERR, "%s: Cannot lock %s",
               session.peer, userfile);
        close(fd);
         return(1);
    }


   /* status = 0; use global status var */

    status += user_acct_write_field(ct,fd);
    status += user_acct_write("\t",fd);

    for (i=0; i < rec->num_args; i++) {
        status += user_acct_write_field(rec->args[i],fd);
        if (i < (rec->num_args-1))
            status += user_acct_write("\t",fd);
    }
    /* write out user member type */
    status += user_acct_write("\tacc_type=",fd);
    status += user_acct_write_field(usertype,fd);
    status += user_acct_write("\r\n",fd);

      if (close(fd) != 0) {
        report(LOG_ERR, "%s: couldn't write return to user time file %s %s",
               session.peer,
               userfile, sys_errlist[errno]);
         return(1);
    }
    fd = 0;
}

/* *************** ********* ****************/

    if (status) {
        return(1);
    }
    return (0);
}

Refer to Conditions of Use


Forward home page link (image)

Contact Forward Computing and Control by
©Copyright 1996-2012 Forward Computing and Control Pty. Ltd. ACN 003 669 994