-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathclient_connection_accounting.rb
69 lines (54 loc) · 2.32 KB
/
client_connection_accounting.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
module TacacsPlus
class ClientConnection
private
#==============================================================================#
# process_accounting()
#==============================================================================#
# the main handler for accounting messages
#
def process_accounting(session)
acct_request = session.acct_request
new_body = TacacsPlus::AccountingReply.new
# fail if version unsupported
if (acct_request.header.version != 0xc0)
msg = "Client version of TACACS+ (0x#{acct_request.header.version.to_s(16)}) is unsupported."
@tacacs_daemon.log(:error,['msg_type=TacacsPlus::Server', "message=#{msg}"],acct_request,@peeraddr)
acct_request.header.version = 0xc0
new_body.status_error!
new_body.server_msg = msg
elsif (acct_request.body.args)
# validate avpairs
av_error = nil
acct_request.body.args.each do |arg|
begin
TacacsPlus.validate_avpair(arg)
rescue => av_error
break
end
end
if (!av_error)
args = ['msg_type=Accounting', "message=Client provided the following args: #{acct_request.body.args.join(', ')}",
"status=Success", "flags=#{acct_request.body.xlate_flags}"]
new_body.status_success!
@tacacs_daemon.log(:warn,args,acct_request,@peeraddr)
else
msg = "AVPair provided by client raised the following error: #{av_error}"
new_body.status_error!
new_body.data = msg
@tacacs_daemon.log(:debug,['msg_type=Accounting', "message=#{msg}", "status=Error"],acct_request,@peeraddr)
end
else
msg = "Accounting request contained no args."
new_body.status_error!
new_body.data = msg
@tacacs_daemon.log(:debug,['msg_type=Accounting', "message=#{msg}", "status=Error"],acct_request,@peeraddr)
end
# finish up
session.reply.header = acct_request.header.dup
session.reply.body = new_body
session.terminate = true
return(nil)
end
end # class ClientConnection
end # module TacacsPlus
__END__