[tac_plus] accounting + syslog

Mark Ellzey Thomas mark.thomas at corp.aol.com
Tue Jun 10 14:59:03 UTC 2008 

Greetings all, 

We have recently needed the support of sysloging accounting data
here. Attached is a patch for the F4.0.4.15 branch that allows for
this feature.

A new configuration option has been added:                                                                       
"accounting syslog"                                                                                              

This will use the global syslog facility and log to the priority
LOG_INFO.                                       

Thank you for the project.
-------------- next part --------------
Index: acct.c
===================================================================
RCS file: /cvs/netsec-dev/tacacs/acct.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- acct.c	4 Jun 2008 14:49:54 -0000	1.3
+++ acct.c	9 Jun 2008 14:53:37 -0000	1.4
@@ -1,5 +1,5 @@
 /*
- * $Id: acct.c,v 1.3 2008/06/04 14:49:54 jathan Exp $
+ * $Id: acct.c,v 1.4 2008/06/09 14:53:37 mthomas Exp $
  *
  * Copyright (c) 1995-1998 by Cisco systems, Inc.
  *
@@ -145,7 +145,11 @@
     if (wtmpfile) {
 	errors = do_wtmp(&rec);
     } else {
-	errors = do_acct(&rec);
+	if (session.acctfile != NULL)
+	    errors = do_acct(&rec);
+	if (session.acct_syslog)
+	    errors = do_syslog_acct(&rec);
+
     }
 
     if (errors) {
Index: config.c
===================================================================
RCS file: /cvs/netsec-dev/tacacs/config.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- config.c	4 Jun 2008 14:49:55 -0000	1.3
+++ config.c	9 Jun 2008 14:53:37 -0000	1.4
@@ -1,5 +1,5 @@
 /*
- * $Id: config.c,v 1.3 2008/06/04 14:49:55 jathan Exp $
+ * $Id: config.c,v 1.4 2008/06/09 14:53:37 mthomas Exp $
  *
  * Copyright (c) 1995-1998 by Cisco systems, Inc.
  *
@@ -749,11 +749,21 @@
 
 	case S_accounting:
 	    sym_get();
-	    parse(S_file);
-	    parse(S_separator);
-	    if (session.acctfile)
-		free(session.acctfile);
-	    session.acctfile = tac_strdup(sym_buf);
+
+	    switch(sym_code) {
+		case S_file:
+		    parse(S_file);
+		    parse(S_separator);
+		    if (session.acctfile)
+			free(session.acctfile);
+		    session.acctfile = tac_strdup(sym_buf);
+		    break;
+		    
+		case S_syslog:
+		    session.acct_syslog = 1;
+		    break;
+	    }
+
 	    sym_get();
 	    continue;
 
Index: do_acct.c
===================================================================
RCS file: /cvs/netsec-dev/tacacs/do_acct.c,v
retrieving revision 1.3
retrieving revision 1.5
diff -u -r1.3 -r1.5
--- do_acct.c	4 Jun 2008 14:49:55 -0000	1.3
+++ do_acct.c	9 Jun 2008 18:46:21 -0000	1.5
@@ -1,5 +1,5 @@
 /*
- * $Id: do_acct.c,v 1.3 2008/06/04 14:49:55 jathan Exp $
+ * $Id: do_acct.c,v 1.5 2008/06/09 18:46:21 mthomas Exp $
  *
  * Copyright (c) 1995-1998 by Cisco systems, Inc.
  *
@@ -64,6 +64,66 @@
     return(0);
 }
 
+int do_syslog_acct(struct acct_rec *rec)
+{
+    char *acct_type = "unknown";
+    char *cmdbuf;
+    int written, i;
+    size_t bufsize;
+
+    bufsize = 1024;
+
+    cmdbuf = tac_malloc(bufsize);
+    bzero(cmdbuf, bufsize);
+    written = 0;
+
+    switch(rec->acct_type)
+    {
+	case ACCT_TYPE_UPDATE:
+	    acct_type = "update"; 
+	    break;
+	case ACCT_TYPE_START:
+	    acct_type = "start"; 
+	    break;
+	case ACCT_TYPE_STOP:
+	    acct_type = "stop"; 
+	    break;
+    }
+
+    for (i = 0; i < rec->num_args; i++)
+    {
+	/* possible 4 spaces and and a null terminator == 5 */
+	if ((strlen(rec->args[i]) + written + 5) > bufsize)
+	{
+	    cmdbuf = tac_realloc(cmdbuf, strlen(rec->args[i]) + written + 5);
+	    bufsize += strlen(rec->args[i]) + written + 5;
+	}
+
+	strncat(cmdbuf, rec->args[i], strlen(rec->args[i]));
+	written += strlen(rec->args[i]);
+
+	if (i < (rec->num_args-1))
+	{
+	    strncat(cmdbuf, "    ", 4);
+	    written += 4;
+	}
+    }
+
+    syslog(LOG_INFO, "%s    %s    %s    %s    %s    %s", 
+     ((rec->identity->NAS_name) && rec->identity->NAS_name[0]) ? 
+       rec->identity->NAS_name:"unknown",
+     ((rec->identity->username) && rec->identity->username[0]) ? 
+       rec->identity->username:"unknown",
+     ((rec->identity->NAS_port) && rec->identity->NAS_port[0]) ? 
+       rec->identity->NAS_port:"unknown",
+     ((rec->identity->NAC_address) && rec->identity->NAC_address[0]) ? 
+       rec->identity->NAC_address:"unknown", acct_type, cmdbuf);
+
+    free(cmdbuf);
+
+    return 0;
+}
+
 int
 do_acct(struct acct_rec *rec)
 {
Index: parse.c
===================================================================
RCS file: /cvs/netsec-dev/tacacs/parse.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- parse.c	4 Jun 2008 14:49:55 -0000	1.3
+++ parse.c	9 Jun 2008 14:53:37 -0000	1.4
@@ -1,5 +1,5 @@
 /*
- * $Id: parse.c,v 1.3 2008/06/04 14:49:55 jathan Exp $
+ * $Id: parse.c,v 1.4 2008/06/09 14:53:37 mthomas Exp $
  *
  * Copyright (c) 1995-1998 by Cisco systems, Inc.
  *
@@ -117,6 +117,7 @@
 #ifdef HAVE_PAM
     declare("PAM", S_pam);
 #endif
+    declare("syslog", S_syslog);
 }
 
 /* Return a keyword code if a keyword is recognized. 0 otherwise */
@@ -256,5 +257,7 @@
     case S_pam:
 	return("PAM");
 #endif
+    case S_syslog:
+	return("syslog");
     }
 }
Index: parse.h
===================================================================
RCS file: /cvs/netsec-dev/tacacs/parse.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- parse.h	4 Jun 2008 14:49:55 -0000	1.3
+++ parse.h	9 Jun 2008 14:53:37 -0000	1.4
@@ -1,5 +1,5 @@
 /*
- * $Id: parse.h,v 1.3 2008/06/04 14:49:55 jathan Exp $
+ * $Id: parse.h,v 1.4 2008/06/09 14:53:37 mthomas Exp $
  *
  * Copyright (c) 1995-1998 by Cisco systems, Inc.
  *
@@ -86,3 +86,4 @@
 #ifdef HAVE_PAM
 # define S_pam		49
 #endif
+#define S_syslog  50
Index: tac_plus.c
===================================================================
RCS file: /cvs/netsec-dev/tacacs/tac_plus.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- tac_plus.c	4 Jun 2008 14:49:55 -0000	1.3
+++ tac_plus.c	9 Jun 2008 14:53:37 -0000	1.4
@@ -1,5 +1,5 @@
 /*
- * $Id: tac_plus.c,v 1.3 2008/06/04 14:49:55 jathan Exp $
+ * $Id: tac_plus.c,v 1.4 2008/06/09 14:53:37 mthomas Exp $
  *
  * TACACS_PLUS daemon suitable for using on Un*x systems.
  *
@@ -101,7 +101,8 @@
 
     report(LOG_NOTICE, "Reading config");
 
-    session.acctfile = tac_strdup(TACPLUS_ACCTFILE);
+    session.acctfile = NULL;
+    //session.acctfile = tac_strdup(TACPLUS_ACCTFILE);
 
     if (!session.cfgfile) {
 	report(LOG_ERR, "no config file specified");
Index: tac_plus.h
===================================================================
RCS file: /cvs/netsec-dev/tacacs/tac_plus.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- tac_plus.h	4 Jun 2008 14:49:55 -0000	1.3
+++ tac_plus.h	9 Jun 2008 14:53:37 -0000	1.4
@@ -1,5 +1,5 @@
 /*
- * $Id: tac_plus.h,v 1.3 2008/06/04 14:49:55 jathan Exp $
+ * $Id: tac_plus.h,v 1.4 2008/06/09 14:53:37 mthomas Exp $
  *
  * Copyright (c) 1995-1998 by Cisco systems, Inc.
  *
@@ -335,6 +335,7 @@
     char *acctfile;                /* name of accounting file */
     char port[NAS_PORT_MAX_LEN+1]; /* For error reporting */
     u_char version;                /* version of last packet read */
+		u_char acct_syslog;            /* syslog the accounting data */ 
 };
 
 extern struct session session;     /* the session */
@@ -633,6 +634,7 @@
 char *tac_realloc();
 
 /* do_acct.c */
+int do_syslog_acct(struct acct_rec *);
 int do_acct(struct acct_rec *);
 int do_wtmp(struct acct_rec *);

More information about the tac_plus mailing list