*** empty log message ***

AcctScheduler.cpp

@@ -67,7 +67,7 @@ void AcctScheduler::addUser(UserAcct *user)
 
 /** The method deletes an user from the user lists. Before 
  * the user is deleted the status file is parsed for the sent and received bytes
- * and the stop accouting ticket is send to the server.
+ * and the stop accounting ticket is send to the server.
  * @param context The plugin context as an object from the class PluginContext.
  * @param user A pointer to an object from the class UserAcct
  */
@@ -84,7 +84,7 @@ void AcctScheduler::delUser(PluginContext * context, UserAcct *user)
 	user->setGigaOut(bytesout >> 32);
 
 	if (DEBUG (context->getVerbosity()))
-	    cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Got accouting data from file, CN: " << user->getCommonname() << " in: " << user->getBytesIn() << " out: " << user->getBytesOut() << ".\n";
+	    cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT: Got accounting data from file, CN: " << user->getCommonname() << " in: " << user->getBytesIn() << " out: " << user->getBytesOut() << ".\n";
 
 
 	//send the stop ticket
@@ -113,7 +113,7 @@ void AcctScheduler::delUser(PluginContext * context, UserAcct *user)
 
 /** The method deletes all users from the user lists. Before 
  * the user is deleted the status file is parsed for the sent and received bytes
- * and the stop accouting ticket is send to the server.
+ * and the stop accounting ticket is send to the server.
  * @param context The plugin context as an object from the class PluginContext.
  */
 void AcctScheduler::delallUsers(PluginContext * context)
@@ -133,7 +133,7 @@ void AcctScheduler::delallUsers(PluginContext * context)
 
 }
 
-/** The accouting method. When the method is called it
+/** The accounting method. When the method is called it
  * searches for users in activeuserlist for users who need an update.
  * If a user is found the sent and received bytes are read from the
  * OpenVpn status file.

ChangeLog

@@ -96,4 +96,6 @@ radiusplugin_2.1:
 - Add support for RADIUS reply message, the output is sent to stderr 
 - Only create the client-config file, if one of attributes for it is defined.
 - Add NAS port number to the session id, it's definitely unique
-- Acct-Session-Id added to Access-Request packet (RFC2866)
+- Acct-Session-Id added to Access-Request packet (RFC2866)
+- Implement accounting only feature (option: accountingonly, default false)
+- Implement non fatal accounting (failures during accounting let the user still connect) (nonfatalaccounting)

Config.cpp

@@ -33,6 +33,8 @@ Config::Config(void)
 	this->clientcertnotrequired=false;
 	this->overwriteccfiles=true;
         this->useauthcontrolfile=false;
+	this->accountingonly=false;
+	this->nonfatalaccounting=false;
 	this->ccdPath="";
 	this->openvpnconfig="";
 	this->vsanamedpipe="";
@@ -59,6 +61,8 @@ Config::Config(char * configfile)
 	this->clientcertnotrequired=false;
 	this->overwriteccfiles=true;	
         this->useauthcontrolfile=false;
+	this->accountingonly=false;
+	this->nonfatalaccounting=false;
 	this->parseConfigFile(configfile);
 
 }
@@ -143,6 +147,26 @@ int Config::parseConfigFile(const char * configfile)
 					else return BAD_FILE;
 
 				}
+				if (strncmp(line.c_str(),"accountingonly=",15)==0)
+				{
+
+					string stmp=line.substr(15,line.size()-15);
+					deletechars(&stmp);
+					if(stmp == "true") this->accountingonly=true;
+					else if (stmp =="false") this->accountingonly=false;
+					else return BAD_FILE;
+
+				}
+				if (strncmp(line.c_str(),"nonfatalaccounting=",19)==0)
+				{
+
+					string stmp=line.substr(19,line.size()-19);
+					deletechars(&stmp);
+					if(stmp == "true") this->nonfatalaccounting=true;
+					else if (stmp =="false") this->nonfatalaccounting=false;
+					else return BAD_FILE;
+
+				}
 			}
 
 		}
@@ -491,3 +515,25 @@ void Config::setUseAuthControlFile(bool b)
 {
 	this->useauthcontrolfile=b;	
 }
+
+
+bool Config::getAccountingOnly(void)
+{
+ return this->accountingonly; 
+}
+
+void Config::setAccountingOnly(bool b)
+{
+ this->accountingonly=b; 
+}
+
+
+bool Config::getNonFatalAccounting(void)
+{
+ return this->nonfatalaccounting; 
+}
+
+void Config::setNonFatalAccounting(bool b)
+{
+ this->nonfatalaccounting=b; 
+}

Config.h

@@ -50,7 +50,8 @@ class Config
 	string openvpnconfig;			/**<Path to OpenVPN config.*/
 	bool overwriteccfiles; 			/**<If true the plugin overwrites the client config files.*/
         bool useauthcontrolfile;                /**<If true and the OpenVPN version supports auth control files, the acf is used.*/
-
+        bool accountingonly;			/**<Only the accounting is done by the plugin.*/
+	bool nonfatalaccounting;		/**<If errors during the accounting occurs, the users can still connect.*/
 	void deletechars(string * );
 
 public:
@@ -94,6 +95,12 @@ class Config
         bool getUseAuthControlFile(void);
 	void setUseAuthControlFile(bool);
 
+	bool getAccountingOnly(void);
+	void setAccountingOnly(bool);
+
+	bool getNonFatalAccounting(void);
+	void setNonFatalAccounting(bool);
+
 	string getOpenVPNConfig(void);
 	void setOpenVPNConfig(string);
 };

Makefile

@@ -6,12 +6,15 @@ OK      =[$(GREEN) Ok $(ESC)]
 FAILED  =[$(RED) failed $(ESC)]
 
 CC=g++
+
+
+
 INCL=
 LDFLAGS=
 LIBS=-lgcrypt -lpthread
-
 CFLAGS=-Wall -shared -fPIC -DPIC
 
+
 PLUGIN=radiusplugin.so
 
 OBJECTS=\

Makefile.bsd

@@ -1,7 +1,7 @@
 CC=g++
 INCL=-I/usr/local/include
 LDFLAGS=-L/usr/local/lib
-LIBS=-lgcrypt -lgpg-error -lstdc++ -lm
+LIBS=-lgcrypt -lgpg-error -lstdc++ -lm -lpthread
 
 CFLAGS=-Wall -shared -fPIC -DPIC
 

UserAcct.cpp

@@ -261,7 +261,7 @@ int UserAcct::sendUpdatePacket(PluginContext *context)
 	return 1;
 }
 
-/** The method sends an accouting start packet for the user to the radius server.
+/** The method sends an accounting start packet for the user to the radius server.
  *  The following attributes are sent to the radius server:
  * - User_Name, 
  * - Framed_IP_Address,
@@ -384,7 +384,8 @@ int UserAcct::sendStartPacket(PluginContext * context)
 	}
 
 	//receive the response
-	if (packet.radiusReceive(serverlist)>=0)
+	int ret=packet.radiusReceive(serverlist);
+	if (ret>=0)
 	{
 		//is is a accounting resopnse ?
 		if(packet.getCode()==ACCOUNTING_RESPONSE)
@@ -398,11 +399,15 @@ int UserAcct::sendStartPacket(PluginContext * context)
 		else
 		{
 			if (DEBUG (context->getVerbosity()))
-				cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT:  No response on accounting request.\n";
+				cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT:  Get no ACCOUNTING_RESPONSE-Packet.\n";
 			return 1;
 		}
 
 	}
+	else
+	{
+	  cerr << getTime() << "RADIUS-PLUGIN: BACKGROUND-ACCT:  Error on receiving radius response, code: " <<  ret << endl;
+	}
 
 	return 1;
 }

UserAcct.h

@@ -33,7 +33,7 @@
 
 /** The class represents a user in the accounting background process. The class is
  * derived from the User class. This class defined additonal attributes
- * for accouting a user.*/
+ * for accounting a user.*/
 
 class UserAcct : public User
 {

radiusplugin.cnf

@@ -39,6 +39,20 @@ overwriteccfiles=true
 # default is false
 # useauthcontrolfile=false
 
+# Only the accouting functionality is used, if no user name to forwarded to the plugin, the common name of certificate is used
+# as user name for radius accounting.
+# default is false
+# accountingonly=false
+
+
+# If the accounting is non essential, nonfatalaccounting can be set to true. 
+# If set to true all errors during the accounting procedure are ignored, which can be
+# - radius accounting can fail
+# - FramedRouted (if configured) maybe not configured correctly
+# - errors during vendor specific attributes script execution are ignored
+# But if set to true the performance is increased because OpenVPN does not block during the accounting procedure.
+# default is false
+nonfatalaccounting=false
 
 # Path to a script for vendor specific attributes.
 # Leave it out if you don't use an own script.
@@ -66,19 +80,19 @@ server
 	sharedsecret=testpw
 }
 
-server
-{
-	# The UDP port for radius accounting.
-	acctport=1813
-	# The UDP port for radius authentication.
-	authport=1812
-	# The name or ip address of the radius server.
-	name=127.0.0.1
-	# How many times should the plugin send the if there is no response?
-	retry=1
-	# How long should the plugin wait for a response?
-	wait=1
-	# The shared secret.
-	sharedsecret=testpw
-}
+#server
+#{
+#	# The UDP port for radius accounting.
+#	acctport=1813
+#	# The UDP port for radius authentication.
+#	authport=1812
+#	# The name or ip address of the radius server.
+#	name=127.0.0.1
+#	# How many times should the plugin send the if there is no response?
+#	retry=1
+#	# How long should the plugin wait for a response?
+#	wait=1
+#	# The shared secret.
+#	sharedsecret=testpw
+#}