---------- Forwarded message ----------
Date: Sat, 19 Jul 2003 18:41:45 +0300 (WET)
From: Evren Yurtesen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: some bugs in dialup_admin
First of all log_badlogins is getting confused if there is a space in
username. Also I thought it is not very efficent to give the error a name
and record this name to sql. I think its better to record the error
as it is and then recall it from mysql as it is. Well I attached a patch
for that to log_badlogins which breaks the failed_logins page which is
waiting to find the names that log_badlogins put into mysql. But the fix
for that is below also... The files were from freeradius-0.9.0-pre3
release so patch apply to dialup_admin log_badlogins in that release
The other problem is in truncate_radacct... it gives this error normally.
But it works when the commands are given line by line
Also radius logs users who are online with AcctStoptime 0000-00-00
00:00:00 so it is kind of funny because whatever date you enter to
truncate_radacct it erases all accounting info of all online users too!
Thus the delete query must be exclusive for 0000-00-00 00:00:00
2003-04-20 18:35:04
DBD::mysql::db do failed: You have an error in your SQL syntax near
';DELETE FROM radacct WHERE AcctStopTime < '2003-04-20 18:35:04';UNLOCK
TABLES' at line 1 at ./truncate_radacct line 30.
---------- Forwarded message ----------
Date: Fri, 18 Jul 2003 03:01:59 +0300 (WET)
From: Evren Yurtesen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: fix to patch log_badlogins.patch :)
Oups I realized that the patch was adding other messages than auth
messages to mysql too :) So I fixed it. This should be bug free :)
and I used context output in diff so its better now...
Evren
On Fri, 18 Jul 2003, Evren Yurtesen wrote:
> Since I changed the log_badlogin script I realized the failed_logins page
> doesnt work :) I thought since the error is dynamically changing now.
> We can look for ServiceType and FramedProtocol if they are NULL
> I am pretty sure at least one wouldnt be NULL if a user logs in, so the
> SQL statement looks like this inside failed_logins page
>
> $search = @da_sql_query($link,$config,
> "SELECT
> AcctStopTime,UserName,NASIPAddress,NASPortId,AcctTerminateCause,CallingStationId,ServiceType,FramedProtocol
> FROM $config[sql_accounting_table]
> WHERE AcctStopTime <= '$now_str' AND AcctStopTime >= '$prev_str'
> AND ( ServiceType IS NULL AND
> FramedProtocol IS NULL ) $callerid_str $server_str
> ORDER BY AcctStopTime $order $limit;");
>
> Also this way, if there are different kind of errors in future, the code
> doesnt need updating...
>
> Evren
>
> On Fri, 18 Jul 2003, Evren Yurtesen wrote:
>
> > Hi,
> > I have realized that if people enter usernames with spaces in
> > (accidentally or not) then the log_badlogins script is getting
> > confused.
> > Example:
> > Thu Jul 17 23:49:03 2003 : Auth: Login incorrect: [Kullanici Adinizi Girin] (from
> > client as1 port 55 cli 01231234567)
> > Thus I have devised a patch. I dont know if this is the right way to do
> > but I also removed the error detection part and changed it so that it
> > catches anything else than "Login OK"
> > Please just check it out and let me know.
> >
> > Also I wonder why in sourgeforce the version number is 1.62 and in
> > freeradius it comes 1.63...
> > http://sourceforge.net/projects/dialup-admin/
> > I have installed sourceforge version thinking it would be newer though.
> >
*** log_badlogins Sat Apr 19 19:26:10 2003
--- log_bad Fri Jul 18 02:56:51 2003
***************
*** 61,106 ****
seek LOG, 0, 2 if ($all_file eq 'no');
for(;;){
while(<LOG>){
- $do=0;
chomp;
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
! if (/Login incorrect/){
! if (/Login incorrect \((.+?)\):/){
! $cause = "Login-Incorrect ($1)";
! }else{
! $cause='Login-Incorrect';
! }
! $do=1;
! }
! elsif (/Invalid user/){
! if (/Invalid user \((.+?)\):/){
! $cause = "Invalid-User ($1)";
! }else{
! $cause='Invalid-User';
! }
! $do=1;
! }
! elsif (/Multiple logins/){
! $cause='Multiple-Logins';
! $do=1;
! }
! elsif (/(Outside allowed timespan \(.+?\)):/){
! $cause = "$1";
! $do=1;
! }
! if ($do){
$date = (split / : /,$_)[0];
$date2 = ParseDate($date);
if ($date2){
($year,$mon,$mday,$hour,$min,$sec)=UnixDate($date2,'%Y','%m','%d','%H','%M','%S');
}
$time = "$year-$mon-$mday $hour:$min:$sec";
! if (/\[([EMAIL PROTECTED])\]\s+\(from (.+?)\)/){
$user = $1;
($nas,$port,$caller) = (split /\s+/,$2)[1,3,5];
}
! elsif (/\[([EMAIL PROTECTED])\/.+?\]\s+\(from
(.+?)\)/){
$user = $1;
($nas,$port,$caller) = (split /\s+/,$2)[1,3,5];
}
--- 61,84 ----
seek LOG, 0, 2 if ($all_file eq 'no');
for(;;){
while(<LOG>){
chomp;
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
! #process if login is not ok
! if ( ! /Login OK/ && /: Auth:.+\(from client.+/ ) {
$date = (split / : /,$_)[0];
$date2 = ParseDate($date);
if ($date2){
($year,$mon,$mday,$hour,$min,$sec)=UnixDate($date2,'%Y','%m','%d','%H','%M','%S');
}
$time = "$year-$mon-$mday $hour:$min:$sec";
! $cause = (split /:/,$_)[4];
! $cause =~ s/^\s+|\s+$//g;
! if (/\[([\ [EMAIL PROTECTED])\]\s+\(from (.+?)\)/){
$user = $1;
($nas,$port,$caller) = (split /\s+/,$2)[1,3,5];
}
! elsif (/\[([\ [EMAIL PROTECTED])\/.+?\]\s+\(from
(.+?)\)/){
$user = $1;
($nas,$port,$caller) = (split /\s+/,$2)[1,3,5];
}
