ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/src/trunk/usr.sbin/ppp/radius.c
Revision: 10362
Committed: Sun Jun 3 23:05:05 2018 UTC (5 years, 11 months ago) by laffer1
Content type: text/plain
File size: 40358 byte(s)
Log Message: 
tag

File Contents

# User Rev Content
1 laffer1 10362 /* $MidnightBSD$ */
2 laffer1 2 /*
3     * Copyright 1999 Internet Business Solutions Ltd., Switzerland
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     * 1. Redistributions of source code must retain the above copyright
10     * notice, this list of conditions and the following disclaimer.
11     * 2. Redistributions in binary form must reproduce the above copyright
12     * notice, this list of conditions and the following disclaimer in the
13     * documentation and/or other materials provided with the distribution.
14     *
15     * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18     * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21     * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23     * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25     * SUCH DAMAGE.
26     *
27 laffer1 10362 * $FreeBSD: stable/10/usr.sbin/ppp/radius.c 241844 2012-10-22 03:00:37Z eadler $
28 laffer1 2 *
29     */
30    
31     #include <stdint.h>
32     #include <sys/param.h>
33    
34     #include <sys/select.h>
35     #include <sys/socket.h>
36     #include <netinet/in_systm.h>
37     #include <netinet/in.h>
38     #include <netinet/ip.h>
39     #include <arpa/inet.h>
40     #include <sys/un.h>
41     #include <net/route.h>
42    
43     #ifdef LOCALRAD
44     #include "radlib.h"
45     #include "radlib_vs.h"
46     #else
47     #include <radlib.h>
48     #include <radlib_vs.h>
49     #endif
50    
51     #include <errno.h>
52     #ifndef NODES
53     #include <md5.h>
54     #endif
55     #include <stdarg.h>
56     #include <stdio.h>
57     #include <stdlib.h>
58     #include <string.h>
59     #include <sys/time.h>
60     #include <termios.h>
61     #include <unistd.h>
62     #include <netdb.h>
63    
64     #include "layer.h"
65     #include "defs.h"
66     #include "log.h"
67     #include "descriptor.h"
68     #include "prompt.h"
69     #include "timer.h"
70     #include "fsm.h"
71     #include "iplist.h"
72     #include "slcompress.h"
73     #include "throughput.h"
74     #include "lqr.h"
75     #include "hdlc.h"
76     #include "mbuf.h"
77     #include "ncpaddr.h"
78     #include "ip.h"
79     #include "ipcp.h"
80     #include "ipv6cp.h"
81     #include "route.h"
82     #include "command.h"
83     #include "filter.h"
84     #include "lcp.h"
85     #include "ccp.h"
86     #include "link.h"
87     #include "mp.h"
88     #include "radius.h"
89     #include "auth.h"
90     #include "async.h"
91     #include "physical.h"
92     #include "chat.h"
93     #include "cbcp.h"
94     #include "chap.h"
95     #include "datalink.h"
96     #include "ncp.h"
97     #include "bundle.h"
98     #include "proto.h"
99 laffer1 2976 #include "iface.h"
100 laffer1 2
101     #ifndef NODES
102     struct mschap_response {
103     u_char ident;
104     u_char flags;
105     u_char lm_response[24];
106     u_char nt_response[24];
107     };
108    
109     struct mschap2_response {
110     u_char ident;
111     u_char flags;
112     u_char pchallenge[16];
113     u_char reserved[8];
114     u_char response[24];
115     };
116    
117     #define AUTH_LEN 16
118     #define SALT_LEN 2
119     #endif
120    
121     static const char *
122     radius_policyname(int policy)
123     {
124     switch(policy) {
125     case MPPE_POLICY_ALLOWED:
126     return "Allowed";
127     case MPPE_POLICY_REQUIRED:
128     return "Required";
129     }
130     return NumStr(policy, NULL, 0);
131     }
132    
133     static const char *
134     radius_typesname(int types)
135     {
136     switch(types) {
137     case MPPE_TYPE_40BIT:
138     return "40 bit";
139     case MPPE_TYPE_128BIT:
140     return "128 bit";
141     case MPPE_TYPE_40BIT|MPPE_TYPE_128BIT:
142     return "40 or 128 bit";
143     }
144     return NumStr(types, NULL, 0);
145     }
146    
147     #ifndef NODES
148     static void
149     demangle(struct radius *r, const void *mangled, size_t mlen,
150     char **buf, size_t *len)
151     {
152     char R[AUTH_LEN]; /* variable names as per rfc2548 */
153     const char *S;
154     u_char b[16];
155     const u_char *A, *C;
156     MD5_CTX Context;
157     int Slen, i, Clen, Ppos;
158     u_char *P;
159    
160     if (mlen % 16 != SALT_LEN) {
161     log_Printf(LogWARN, "Cannot interpret mangled data of length %ld\n",
162     (u_long)mlen);
163     *buf = NULL;
164     *len = 0;
165     return;
166     }
167    
168     /* We need the RADIUS Request-Authenticator */
169     if (rad_request_authenticator(r->cx.rad, R, sizeof R) != AUTH_LEN) {
170     log_Printf(LogWARN, "Cannot obtain the RADIUS request authenticator\n");
171     *buf = NULL;
172     *len = 0;
173     return;
174     }
175    
176     A = (const u_char *)mangled; /* Salt comes first */
177     C = (const u_char *)mangled + SALT_LEN; /* Then the ciphertext */
178     Clen = mlen - SALT_LEN;
179     S = rad_server_secret(r->cx.rad); /* We need the RADIUS secret */
180     Slen = strlen(S);
181     P = alloca(Clen); /* We derive our plaintext */
182    
183     MD5Init(&Context);
184     MD5Update(&Context, S, Slen);
185     MD5Update(&Context, R, AUTH_LEN);
186     MD5Update(&Context, A, SALT_LEN);
187     MD5Final(b, &Context);
188     Ppos = 0;
189    
190     while (Clen) {
191     Clen -= 16;
192    
193     for (i = 0; i < 16; i++)
194     P[Ppos++] = C[i] ^ b[i];
195    
196     if (Clen) {
197     MD5Init(&Context);
198     MD5Update(&Context, S, Slen);
199     MD5Update(&Context, C, 16);
200     MD5Final(b, &Context);
201     }
202    
203     C += 16;
204     }
205    
206     /*
207     * The resulting plain text consists of a one-byte length, the text and
208     * maybe some padding.
209     */
210     *len = *P;
211     if (*len > mlen - 1) {
212     log_Printf(LogWARN, "Mangled data seems to be garbage\n");
213     *buf = NULL;
214     *len = 0;
215     return;
216     }
217    
218     if ((*buf = malloc(*len)) == NULL) {
219     log_Printf(LogWARN, "demangle: Out of memory (%lu bytes)\n", (u_long)*len);
220     *len = 0;
221     } else
222     memcpy(*buf, P + 1, *len);
223     }
224     #endif
225    
226     /* XXX: This should go into librarius. */
227     #ifndef NOINET6
228     static uint8_t *
229     rad_cvt_ipv6prefix(const void *data, size_t len)
230     {
231     const size_t ipv6len = sizeof(struct in6_addr) + 2;
232     uint8_t *s;
233    
234     if (len > ipv6len)
235     return NULL;
236     s = malloc(ipv6len);
237     if (s != NULL) {
238     memset(s, 0, ipv6len);
239     memcpy(s, data, len);
240     }
241     return s;
242     }
243     #endif
244    
245     /*
246     * rad_continue_send_request() has given us `got' (non-zero). Deal with it.
247     */
248     static void
249     radius_Process(struct radius *r, int got)
250     {
251     char *argv[MAXARGS], *nuke;
252     struct bundle *bundle;
253     int argc, addrs, res, width;
254     size_t len;
255     struct ncprange dest;
256     struct ncpaddr gw;
257     const void *data;
258     const char *stype;
259     u_int32_t ipaddr, vendor;
260     struct in_addr ip;
261     #ifndef NOINET6
262     uint8_t ipv6addr[INET6_ADDRSTRLEN];
263     struct in6_addr ip6;
264     #endif
265    
266     r->cx.fd = -1; /* Stop select()ing */
267     stype = r->cx.auth ? "auth" : "acct";
268    
269     switch (got) {
270     case RAD_ACCESS_ACCEPT:
271     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
272     "Radius(%s): ACCEPT received\n", stype);
273     if (!r->cx.auth) {
274     rad_close(r->cx.rad);
275     return;
276     }
277     break;
278    
279     case RAD_ACCESS_REJECT:
280     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
281     "Radius(%s): REJECT received\n", stype);
282     if (!r->cx.auth) {
283     rad_close(r->cx.rad);
284     return;
285     }
286     break;
287    
288     case RAD_ACCESS_CHALLENGE:
289     /* we can't deal with this (for now) ! */
290     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
291     "Radius: CHALLENGE received (can't handle yet)\n");
292     if (r->cx.auth)
293     auth_Failure(r->cx.auth);
294     rad_close(r->cx.rad);
295     return;
296    
297     case RAD_ACCOUNTING_RESPONSE:
298     /*
299     * It's probably not ideal to log this at PHASE level as we'll see
300     * too much stuff going to the log when ``set rad_alive'' is used.
301     * So we differ from older behaviour (ppp version 3.1 and before)
302     * and just log accounting responses to LogRADIUS.
303     */
304     log_Printf(LogRADIUS, "Radius(%s): Accounting response received\n",
305     stype);
306     if (r->cx.auth)
307     auth_Failure(r->cx.auth); /* unexpected !!! */
308    
309     /* No further processing for accounting requests, please */
310     rad_close(r->cx.rad);
311     return;
312    
313     case -1:
314     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
315     "radius(%s): %s\n", stype, rad_strerror(r->cx.rad));
316     if (r->cx.auth)
317     auth_Failure(r->cx.auth);
318     rad_close(r->cx.rad);
319     return;
320    
321     default:
322     log_Printf(LogERROR, "rad_send_request(%s): Failed %d: %s\n", stype,
323     got, rad_strerror(r->cx.rad));
324     if (r->cx.auth)
325     auth_Failure(r->cx.auth);
326     rad_close(r->cx.rad);
327     return;
328     }
329    
330     /* Let's see what we've got in our reply */
331     r->ip.s_addr = r->mask.s_addr = INADDR_NONE;
332     r->mtu = 0;
333     r->vj = 0;
334     while ((res = rad_get_attr(r->cx.rad, &data, &len)) > 0) {
335     switch (res) {
336     case RAD_FRAMED_IP_ADDRESS:
337     r->ip = rad_cvt_addr(data);
338     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
339     " IP %s\n", inet_ntoa(r->ip));
340     break;
341    
342     case RAD_FILTER_ID:
343     free(r->filterid);
344     if ((r->filterid = rad_cvt_string(data, len)) == NULL) {
345     log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
346     auth_Failure(r->cx.auth);
347     rad_close(r->cx.rad);
348     return;
349     }
350     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
351     " Filter \"%s\"\n", r->filterid);
352     break;
353    
354     case RAD_SESSION_TIMEOUT:
355     r->sessiontime = rad_cvt_int(data);
356     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
357     " Session-Timeout %lu\n", r->sessiontime);
358     break;
359    
360     case RAD_FRAMED_IP_NETMASK:
361     r->mask = rad_cvt_addr(data);
362     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
363     " Netmask %s\n", inet_ntoa(r->mask));
364     break;
365    
366     case RAD_FRAMED_MTU:
367     r->mtu = rad_cvt_int(data);
368     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
369     " MTU %lu\n", r->mtu);
370     break;
371    
372     case RAD_FRAMED_ROUTING:
373     /* Disabled for now - should we automatically set up some filters ? */
374     /* rad_cvt_int(data); */
375     /* bit 1 = Send routing packets */
376     /* bit 2 = Receive routing packets */
377     break;
378    
379     case RAD_FRAMED_COMPRESSION:
380     r->vj = rad_cvt_int(data) == 1 ? 1 : 0;
381     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
382     " VJ %sabled\n", r->vj ? "en" : "dis");
383     break;
384    
385     case RAD_FRAMED_ROUTE:
386     /*
387     * We expect a string of the format ``dest[/bits] gw [metrics]''
388     * Any specified metrics are ignored. MYADDR and HISADDR are
389     * understood for ``dest'' and ``gw'' and ``0.0.0.0'' is the same
390     * as ``HISADDR''.
391     */
392    
393     if ((nuke = rad_cvt_string(data, len)) == NULL) {
394     log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
395     auth_Failure(r->cx.auth);
396     rad_close(r->cx.rad);
397     return;
398     }
399    
400     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
401     " Route: %s\n", nuke);
402     bundle = r->cx.auth->physical->dl->bundle;
403     ip.s_addr = INADDR_ANY;
404     ncpaddr_setip4(&gw, ip);
405     ncprange_setip4host(&dest, ip);
406     argc = command_Interpret(nuke, strlen(nuke), argv);
407     if (argc < 0)
408     log_Printf(LogWARN, "radius: %s: Syntax error\n",
409     argc == 1 ? argv[0] : "\"\"");
410     else if (argc < 2)
411     log_Printf(LogWARN, "radius: %s: Invalid route\n",
412     argc == 1 ? argv[0] : "\"\"");
413     else if ((strcasecmp(argv[0], "default") != 0 &&
414     !ncprange_aton(&dest, &bundle->ncp, argv[0])) ||
415     !ncpaddr_aton(&gw, &bundle->ncp, argv[1]))
416     log_Printf(LogWARN, "radius: %s %s: Invalid route\n",
417     argv[0], argv[1]);
418     else {
419     ncprange_getwidth(&dest, &width);
420     if (width == 32 && strchr(argv[0], '/') == NULL) {
421     /* No mask specified - use the natural mask */
422     ncprange_getip4addr(&dest, &ip);
423     ncprange_setip4mask(&dest, addr2mask(ip));
424     }
425     addrs = 0;
426    
427     if (!strncasecmp(argv[0], "HISADDR", 7))
428     addrs = ROUTE_DSTHISADDR;
429     else if (!strncasecmp(argv[0], "MYADDR", 6))
430     addrs = ROUTE_DSTMYADDR;
431    
432     if (ncpaddr_getip4addr(&gw, &ipaddr) && ipaddr == INADDR_ANY) {
433     addrs |= ROUTE_GWHISADDR;
434     ncpaddr_setip4(&gw, bundle->ncp.ipcp.peer_ip);
435     } else if (strcasecmp(argv[1], "HISADDR") == 0)
436     addrs |= ROUTE_GWHISADDR;
437    
438     route_Add(&r->routes, addrs, &dest, &gw);
439     }
440     free(nuke);
441     break;
442    
443     case RAD_REPLY_MESSAGE:
444     free(r->repstr);
445     if ((r->repstr = rad_cvt_string(data, len)) == NULL) {
446     log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
447     auth_Failure(r->cx.auth);
448     rad_close(r->cx.rad);
449     return;
450     }
451     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
452     " Reply-Message \"%s\"\n", r->repstr);
453     break;
454    
455     #ifndef NOINET6
456     case RAD_FRAMED_IPV6_PREFIX:
457     free(r->ipv6prefix);
458 laffer1 2976 if ((r->ipv6prefix = rad_cvt_ipv6prefix(data, len)) == NULL) {
459     log_Printf(LogERROR, "rad_cvt_ipv6prefix: %s\n",
460     "Malformed attribute in response");
461     auth_Failure(r->cx.auth);
462     rad_close(r->cx.rad);
463     return;
464     }
465 laffer1 2 inet_ntop(AF_INET6, &r->ipv6prefix[2], ipv6addr, sizeof(ipv6addr));
466     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
467     " IPv6 %s/%d\n", ipv6addr, r->ipv6prefix[1]);
468     break;
469    
470     case RAD_FRAMED_IPV6_ROUTE:
471     /*
472     * We expect a string of the format ``dest[/bits] gw [metrics]''
473     * Any specified metrics are ignored. MYADDR6 and HISADDR6 are
474     * understood for ``dest'' and ``gw'' and ``::'' is the same
475     * as ``HISADDR6''.
476     */
477    
478     if ((nuke = rad_cvt_string(data, len)) == NULL) {
479     log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
480     auth_Failure(r->cx.auth);
481     rad_close(r->cx.rad);
482     return;
483     }
484    
485     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
486     " IPv6 Route: %s\n", nuke);
487     bundle = r->cx.auth->physical->dl->bundle;
488     ncpaddr_setip6(&gw, &in6addr_any);
489     ncprange_set(&dest, &gw, 0);
490     argc = command_Interpret(nuke, strlen(nuke), argv);
491     if (argc < 0)
492     log_Printf(LogWARN, "radius: %s: Syntax error\n",
493     argc == 1 ? argv[0] : "\"\"");
494     else if (argc < 2)
495     log_Printf(LogWARN, "radius: %s: Invalid route\n",
496     argc == 1 ? argv[0] : "\"\"");
497     else if ((strcasecmp(argv[0], "default") != 0 &&
498     !ncprange_aton(&dest, &bundle->ncp, argv[0])) ||
499     !ncpaddr_aton(&gw, &bundle->ncp, argv[1]))
500     log_Printf(LogWARN, "radius: %s %s: Invalid route\n",
501     argv[0], argv[1]);
502     else {
503     addrs = 0;
504    
505     if (!strncasecmp(argv[0], "HISADDR6", 8))
506     addrs = ROUTE_DSTHISADDR6;
507     else if (!strncasecmp(argv[0], "MYADDR6", 7))
508     addrs = ROUTE_DSTMYADDR6;
509    
510     if (ncpaddr_getip6(&gw, &ip6) && IN6_IS_ADDR_UNSPECIFIED(&ip6)) {
511     addrs |= ROUTE_GWHISADDR6;
512     ncpaddr_copy(&gw, &bundle->ncp.ipv6cp.hisaddr);
513     } else if (strcasecmp(argv[1], "HISADDR6") == 0)
514     addrs |= ROUTE_GWHISADDR6;
515    
516     route_Add(&r->ipv6routes, addrs, &dest, &gw);
517     }
518     free(nuke);
519     break;
520     #endif
521    
522     case RAD_VENDOR_SPECIFIC:
523     if ((res = rad_get_vendor_attr(&vendor, &data, &len)) <= 0) {
524     log_Printf(LogERROR, "rad_get_vendor_attr: %s (failing!)\n",
525     rad_strerror(r->cx.rad));
526     auth_Failure(r->cx.auth);
527     rad_close(r->cx.rad);
528     return;
529     }
530    
531     switch (vendor) {
532     case RAD_VENDOR_MICROSOFT:
533     switch (res) {
534     #ifndef NODES
535     case RAD_MICROSOFT_MS_CHAP_ERROR:
536     free(r->errstr);
537     if (len == 0)
538     r->errstr = NULL;
539     else {
540     if (len < 3 || ((const char *)data)[1] != '=') {
541     /*
542     * Only point at the String field if we don't think the
543     * peer has misformatted the response.
544     */
545     data = (const char *)data + 1;
546     len--;
547     } else
548     log_Printf(LogWARN, "Warning: The MS-CHAP-Error "
549     "attribute is mis-formatted. Compensating\n");
550     if ((r->errstr = rad_cvt_string((const char *)data,
551     len)) == NULL) {
552     log_Printf(LogERROR, "rad_cvt_string: %s\n",
553     rad_strerror(r->cx.rad));
554     auth_Failure(r->cx.auth);
555     rad_close(r->cx.rad);
556     return;
557     }
558     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
559     " MS-CHAP-Error \"%s\"\n", r->errstr);
560     }
561     break;
562    
563     case RAD_MICROSOFT_MS_CHAP2_SUCCESS:
564     free(r->msrepstr);
565     if (len == 0)
566     r->msrepstr = NULL;
567     else {
568     if (len < 3 || ((const char *)data)[1] != '=') {
569     /*
570     * Only point at the String field if we don't think the
571     * peer has misformatted the response.
572     */
573     data = (const char *)data + 1;
574     len--;
575     } else
576     log_Printf(LogWARN, "Warning: The MS-CHAP2-Success "
577     "attribute is mis-formatted. Compensating\n");
578     if ((r->msrepstr = rad_cvt_string((const char *)data,
579     len)) == NULL) {
580     log_Printf(LogERROR, "rad_cvt_string: %s\n",
581     rad_strerror(r->cx.rad));
582     auth_Failure(r->cx.auth);
583     rad_close(r->cx.rad);
584     return;
585     }
586     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
587     " MS-CHAP2-Success \"%s\"\n", r->msrepstr);
588     }
589     break;
590    
591     case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
592     r->mppe.policy = rad_cvt_int(data);
593     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
594     " MS-MPPE-Encryption-Policy %s\n",
595     radius_policyname(r->mppe.policy));
596     break;
597    
598     case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:
599     r->mppe.types = rad_cvt_int(data);
600     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
601     " MS-MPPE-Encryption-Types %s\n",
602     radius_typesname(r->mppe.types));
603     break;
604    
605     case RAD_MICROSOFT_MS_MPPE_RECV_KEY:
606     free(r->mppe.recvkey);
607     demangle(r, data, len, &r->mppe.recvkey, &r->mppe.recvkeylen);
608     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
609     " MS-MPPE-Recv-Key ********\n");
610     break;
611    
612     case RAD_MICROSOFT_MS_MPPE_SEND_KEY:
613     demangle(r, data, len, &r->mppe.sendkey, &r->mppe.sendkeylen);
614     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
615     " MS-MPPE-Send-Key ********\n");
616     break;
617     #endif
618    
619     default:
620     log_Printf(LogDEBUG, "Dropping MICROSOFT vendor specific "
621     "RADIUS attribute %d\n", res);
622     break;
623     }
624     break;
625    
626     default:
627     log_Printf(LogDEBUG, "Dropping vendor %lu RADIUS attribute %d\n",
628     (unsigned long)vendor, res);
629     break;
630     }
631     break;
632    
633     default:
634     log_Printf(LogDEBUG, "Dropping RADIUS attribute %d\n", res);
635     break;
636     }
637     }
638    
639     if (res == -1) {
640     log_Printf(LogERROR, "rad_get_attr: %s (failing!)\n",
641     rad_strerror(r->cx.rad));
642     auth_Failure(r->cx.auth);
643     } else if (got == RAD_ACCESS_REJECT)
644     auth_Failure(r->cx.auth);
645     else {
646     r->valid = 1;
647     auth_Success(r->cx.auth);
648     }
649     rad_close(r->cx.rad);
650     }
651    
652     /*
653     * We've either timed out or select()ed on the read descriptor
654     */
655     static void
656     radius_Continue(struct radius *r, int sel)
657     {
658     struct timeval tv;
659     int got;
660    
661     timer_Stop(&r->cx.timer);
662     if ((got = rad_continue_send_request(r->cx.rad, sel, &r->cx.fd, &tv)) == 0) {
663     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
664     "Radius: Request re-sent\n");
665     r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
666     timer_Start(&r->cx.timer);
667     return;
668     }
669    
670     radius_Process(r, got);
671     }
672    
673     /*
674     * Time to call rad_continue_send_request() - timed out.
675     */
676     static void
677     radius_Timeout(void *v)
678     {
679     radius_Continue((struct radius *)v, 0);
680     }
681    
682     /*
683     * Time to call rad_continue_send_request() - something to read.
684     */
685     static void
686     radius_Read(struct fdescriptor *d, struct bundle *bundle __unused,
687     const fd_set *fdset __unused)
688     {
689     radius_Continue(descriptor2radius(d), 1);
690     }
691    
692     /*
693     * Flush any pending transactions
694     */
695     void
696     radius_Flush(struct radius *r)
697     {
698     struct timeval tv;
699     fd_set s;
700    
701     while (r->cx.fd != -1) {
702     FD_ZERO(&s);
703     FD_SET(r->cx.fd, &s);
704     tv.tv_sec = 0;
705     tv.tv_usec = TICKUNIT;
706     select(r->cx.fd + 1, &s, NULL, NULL, &tv);
707     radius_Continue(r, 1);
708     }
709     }
710    
711     /*
712     * Behave as a struct fdescriptor (descriptor.h)
713     */
714     static int
715     radius_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w __unused,
716     fd_set *e __unused, int *n)
717     {
718     struct radius *rad = descriptor2radius(d);
719    
720     if (r && rad->cx.fd != -1) {
721     FD_SET(rad->cx.fd, r);
722     if (*n < rad->cx.fd + 1)
723     *n = rad->cx.fd + 1;
724     log_Printf(LogTIMER, "Radius: fdset(r) %d\n", rad->cx.fd);
725     return 1;
726     }
727    
728     return 0;
729     }
730    
731     /*
732     * Behave as a struct fdescriptor (descriptor.h)
733     */
734     static int
735     radius_IsSet(struct fdescriptor *d, const fd_set *fdset)
736     {
737     struct radius *r = descriptor2radius(d);
738    
739     return r && r->cx.fd != -1 && FD_ISSET(r->cx.fd, fdset);
740     }
741    
742     /*
743     * Behave as a struct fdescriptor (descriptor.h)
744     */
745     static int
746     radius_Write(struct fdescriptor *d __unused, struct bundle *bundle __unused,
747     const fd_set *fdset __unused)
748     {
749     /* We never want to write here ! */
750     log_Printf(LogALERT, "radius_Write: Internal error: Bad call !\n");
751     return 0;
752     }
753    
754     /*
755     * Initialise ourselves
756     */
757     void
758     radius_Init(struct radius *r)
759     {
760     r->desc.type = RADIUS_DESCRIPTOR;
761     r->desc.UpdateSet = radius_UpdateSet;
762     r->desc.IsSet = radius_IsSet;
763     r->desc.Read = radius_Read;
764     r->desc.Write = radius_Write;
765     r->cx.fd = -1;
766     r->cx.rad = NULL;
767     memset(&r->cx.timer, '\0', sizeof r->cx.timer);
768     r->cx.auth = NULL;
769     r->valid = 0;
770     r->vj = 0;
771     r->ip.s_addr = INADDR_ANY;
772     r->mask.s_addr = INADDR_NONE;
773     r->routes = NULL;
774     r->mtu = DEF_MTU;
775     r->msrepstr = NULL;
776     r->repstr = NULL;
777     #ifndef NOINET6
778     r->ipv6prefix = NULL;
779     r->ipv6routes = NULL;
780     #endif
781     r->errstr = NULL;
782     r->mppe.policy = 0;
783     r->mppe.types = 0;
784     r->mppe.recvkey = NULL;
785     r->mppe.recvkeylen = 0;
786     r->mppe.sendkey = NULL;
787     r->mppe.sendkeylen = 0;
788 laffer1 8328 *r->cfg.file = '\0';
789 laffer1 2 log_Printf(LogDEBUG, "Radius: radius_Init\n");
790     }
791    
792     /*
793     * Forget everything and go back to initialised state.
794     */
795     void
796     radius_Destroy(struct radius *r)
797     {
798     r->valid = 0;
799     log_Printf(LogDEBUG, "Radius: radius_Destroy\n");
800     timer_Stop(&r->cx.timer);
801     route_DeleteAll(&r->routes);
802     #ifndef NOINET6
803     route_DeleteAll(&r->ipv6routes);
804     #endif
805     free(r->filterid);
806     r->filterid = NULL;
807     free(r->msrepstr);
808     r->msrepstr = NULL;
809     free(r->repstr);
810     r->repstr = NULL;
811     #ifndef NOINET6
812     free(r->ipv6prefix);
813     r->ipv6prefix = NULL;
814     #endif
815     free(r->errstr);
816     r->errstr = NULL;
817     free(r->mppe.recvkey);
818     r->mppe.recvkey = NULL;
819     r->mppe.recvkeylen = 0;
820     free(r->mppe.sendkey);
821     r->mppe.sendkey = NULL;
822     r->mppe.sendkeylen = 0;
823     if (r->cx.fd != -1) {
824     r->cx.fd = -1;
825     rad_close(r->cx.rad);
826     }
827     }
828    
829     static int
830 laffer1 2976 radius_put_physical_details(struct radius *rad, struct physical *p)
831 laffer1 2 {
832     int slot, type;
833    
834     type = RAD_VIRTUAL;
835     if (p->handler)
836     switch (p->handler->type) {
837 laffer1 5397 case I4B_DEVICE:
838     type = RAD_ISDN_SYNC;
839     break;
840    
841 laffer1 2 case TTY_DEVICE:
842     type = RAD_ASYNC;
843     break;
844    
845     case ETHER_DEVICE:
846     type = RAD_ETHERNET;
847     break;
848    
849     case TCP_DEVICE:
850     case UDP_DEVICE:
851     case EXEC_DEVICE:
852     case ATM_DEVICE:
853     case NG_DEVICE:
854     type = RAD_VIRTUAL;
855     break;
856     }
857    
858 laffer1 2976 if (rad_put_int(rad->cx.rad, RAD_NAS_PORT_TYPE, type) != 0) {
859     log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad->cx.rad));
860     rad_close(rad->cx.rad);
861 laffer1 2 return 0;
862     }
863    
864 laffer1 2976 switch (rad->port_id_type) {
865     case RPI_PID:
866     slot = (int)getpid();
867     break;
868     case RPI_IFNUM:
869     slot = p->dl->bundle->iface->index;
870     break;
871     case RPI_TUNNUM:
872     slot = p->dl->bundle->unit;
873     break;
874     case RPI_DEFAULT:
875     default:
876     slot = physical_Slot(p);
877     break;
878     }
879    
880     if (slot >= 0)
881     if (rad_put_int(rad->cx.rad, RAD_NAS_PORT, slot) != 0) {
882     log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad->cx.rad));
883     rad_close(rad->cx.rad);
884 laffer1 2 return 0;
885     }
886    
887     return 1;
888     }
889    
890     /*
891     * Start an authentication request to the RADIUS server.
892     */
893     int
894     radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
895     const char *key, int klen, const char *nchallenge,
896     int nclen)
897     {
898     char hostname[MAXHOSTNAMELEN];
899     struct timeval tv;
900     const char *what = "questionable"; /* silence warnings! */
901     char *mac_addr;
902     int got;
903     struct hostent *hp;
904     struct in_addr hostaddr;
905     #ifndef NODES
906     struct mschap_response msresp;
907     struct mschap2_response msresp2;
908     const struct MSCHAPv2_resp *keyv2;
909     #endif
910    
911     if (!*r->cfg.file)
912     return 0;
913    
914     if (r->cx.fd != -1)
915     /*
916     * We assume that our name/key/challenge is the same as last time,
917     * and just continue to wait for the RADIUS server(s).
918     */
919     return 1;
920    
921     radius_Destroy(r);
922    
923     if ((r->cx.rad = rad_auth_open()) == NULL) {
924     log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno));
925     return 0;
926     }
927    
928     if (rad_config(r->cx.rad, r->cfg.file) != 0) {
929     log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));
930     rad_close(r->cx.rad);
931     return 0;
932     }
933    
934     if (rad_create_request(r->cx.rad, RAD_ACCESS_REQUEST) != 0) {
935     log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));
936     rad_close(r->cx.rad);
937     return 0;
938     }
939    
940     if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 ||
941     rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
942     rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {
943     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
944     rad_close(r->cx.rad);
945     return 0;
946     }
947    
948     switch (authp->physical->link.lcp.want_auth) {
949     case PROTO_PAP:
950     /* We're talking PAP */
951     if (rad_put_attr(r->cx.rad, RAD_USER_PASSWORD, key, klen) != 0) {
952     log_Printf(LogERROR, "PAP: rad_put_string: %s\n",
953     rad_strerror(r->cx.rad));
954     rad_close(r->cx.rad);
955     return 0;
956     }
957     what = "PAP";
958     break;
959    
960     case PROTO_CHAP:
961     switch (authp->physical->link.lcp.want_authtype) {
962     case 0x5:
963     if (rad_put_attr(r->cx.rad, RAD_CHAP_PASSWORD, key, klen) != 0 ||
964     rad_put_attr(r->cx.rad, RAD_CHAP_CHALLENGE, nchallenge, nclen) != 0) {
965     log_Printf(LogERROR, "CHAP: rad_put_string: %s\n",
966     rad_strerror(r->cx.rad));
967     rad_close(r->cx.rad);
968     return 0;
969     }
970     what = "CHAP";
971     break;
972    
973     #ifndef NODES
974     case 0x80:
975     if (klen != 50) {
976     log_Printf(LogERROR, "CHAP80: Unrecognised key length %d\n", klen);
977     rad_close(r->cx.rad);
978     return 0;
979     }
980    
981     rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
982     RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen);
983     msresp.ident = *key;
984     msresp.flags = 0x01;
985     memcpy(msresp.lm_response, key + 1, 24);
986     memcpy(msresp.nt_response, key + 25, 24);
987     rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
988     RAD_MICROSOFT_MS_CHAP_RESPONSE, &msresp,
989     sizeof msresp);
990     what = "MSCHAP";
991     break;
992    
993     case 0x81:
994     if (klen != sizeof(*keyv2) + 1) {
995     log_Printf(LogERROR, "CHAP81: Unrecognised key length %d\n", klen);
996     rad_close(r->cx.rad);
997     return 0;
998     }
999    
1000     keyv2 = (const struct MSCHAPv2_resp *)(key + 1);
1001     rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
1002     RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen);
1003     msresp2.ident = *key;
1004     msresp2.flags = keyv2->Flags;
1005     memcpy(msresp2.response, keyv2->NTResponse, sizeof msresp2.response);
1006     memset(msresp2.reserved, '\0', sizeof msresp2.reserved);
1007     memcpy(msresp2.pchallenge, keyv2->PeerChallenge,
1008     sizeof msresp2.pchallenge);
1009     rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
1010     RAD_MICROSOFT_MS_CHAP2_RESPONSE, &msresp2,
1011     sizeof msresp2);
1012     what = "MSCHAPv2";
1013     break;
1014     #endif
1015     default:
1016     log_Printf(LogERROR, "CHAP: Unrecognised type 0x%02x\n",
1017     authp->physical->link.lcp.want_authtype);
1018     rad_close(r->cx.rad);
1019     return 0;
1020     }
1021     }
1022    
1023     if (gethostname(hostname, sizeof hostname) != 0)
1024     log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno));
1025     else {
1026     if (Enabled(authp->physical->dl->bundle, OPT_NAS_IP_ADDRESS) &&
1027     (hp = gethostbyname(hostname)) != NULL) {
1028     hostaddr.s_addr = *(u_long *)hp->h_addr;
1029     if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
1030     log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
1031     rad_strerror(r->cx.rad));
1032     rad_close(r->cx.rad);
1033     return 0;
1034     }
1035     }
1036     if (Enabled(authp->physical->dl->bundle, OPT_NAS_IDENTIFIER) &&
1037     rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) {
1038     log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
1039     rad_strerror(r->cx.rad));
1040     rad_close(r->cx.rad);
1041     return 0;
1042     }
1043     }
1044    
1045     if ((mac_addr = getenv("HISMACADDR")) != NULL &&
1046     rad_put_string(r->cx.rad, RAD_CALLING_STATION_ID, mac_addr) != 0) {
1047     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1048     rad_close(r->cx.rad);
1049     return 0;
1050     }
1051    
1052 laffer1 2976 radius_put_physical_details(r, authp->physical);
1053 laffer1 2
1054     log_Printf(LogRADIUS, "Radius(auth): %s data sent for %s\n", what, name);
1055    
1056     r->cx.auth = authp;
1057     if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
1058     radius_Process(r, got);
1059     else {
1060     log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE,
1061     "Radius: Request sent\n");
1062     log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
1063     r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
1064     r->cx.timer.func = radius_Timeout;
1065     r->cx.timer.name = "radius auth";
1066     r->cx.timer.arg = r;
1067     timer_Start(&r->cx.timer);
1068     }
1069    
1070     return 1;
1071     }
1072    
1073     /* Fetch IP, netmask from IPCP */
1074     void
1075     radius_Account_Set_Ip(struct radacct *ac, struct in_addr *peer_ip,
1076     struct in_addr *netmask)
1077     {
1078     ac->proto = PROTO_IPCP;
1079     memcpy(&ac->peer.ip.addr, peer_ip, sizeof(ac->peer.ip.addr));
1080     memcpy(&ac->peer.ip.mask, netmask, sizeof(ac->peer.ip.mask));
1081     }
1082    
1083     #ifndef NOINET6
1084     /* Fetch interface-id from IPV6CP */
1085     void
1086     radius_Account_Set_Ipv6(struct radacct *ac, u_char *ifid)
1087     {
1088     ac->proto = PROTO_IPV6CP;
1089     memcpy(&ac->peer.ipv6.ifid, ifid, sizeof(ac->peer.ipv6.ifid));
1090     }
1091     #endif
1092    
1093     /*
1094     * Send an accounting request to the RADIUS server
1095     */
1096     void
1097     radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
1098     int acct_type, struct pppThroughput *stats)
1099     {
1100     struct timeval tv;
1101     int got;
1102     char hostname[MAXHOSTNAMELEN];
1103     char *mac_addr;
1104     struct hostent *hp;
1105     struct in_addr hostaddr;
1106    
1107     if (!*r->cfg.file)
1108     return;
1109    
1110     if (r->cx.fd != -1)
1111     /*
1112     * We assume that our name/key/challenge is the same as last time,
1113     * and just continue to wait for the RADIUS server(s).
1114     */
1115     return;
1116    
1117     timer_Stop(&r->cx.timer);
1118    
1119     if ((r->cx.rad = rad_acct_open()) == NULL) {
1120     log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno));
1121     return;
1122     }
1123    
1124     if (rad_config(r->cx.rad, r->cfg.file) != 0) {
1125     log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));
1126     rad_close(r->cx.rad);
1127     return;
1128     }
1129    
1130     if (rad_create_request(r->cx.rad, RAD_ACCOUNTING_REQUEST) != 0) {
1131     log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));
1132     rad_close(r->cx.rad);
1133     return;
1134     }
1135    
1136     /* Grab some accounting data and initialize structure */
1137     if (acct_type == RAD_START) {
1138     ac->rad_parent = r;
1139     /* Fetch username from datalink */
1140     strncpy(ac->user_name, dl->peer.authname, sizeof ac->user_name);
1141     ac->user_name[AUTHLEN-1] = '\0';
1142    
1143     ac->authentic = 2; /* Assume RADIUS verified auth data */
1144    
1145     /* Generate a session ID */
1146     snprintf(ac->session_id, sizeof ac->session_id, "%s%ld-%s%lu",
1147     dl->bundle->cfg.auth.name, (long)getpid(),
1148     dl->peer.authname, (unsigned long)stats->uptime);
1149    
1150     /* And grab our MP socket name */
1151     snprintf(ac->multi_session_id, sizeof ac->multi_session_id, "%s",
1152     dl->bundle->ncp.mp.active ?
1153     dl->bundle->ncp.mp.server.socket.sun_path : "");
1154     };
1155    
1156     if (rad_put_string(r->cx.rad, RAD_USER_NAME, ac->user_name) != 0 ||
1157     rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
1158     rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {
1159     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1160     rad_close(r->cx.rad);
1161     return;
1162     }
1163     switch (ac->proto) {
1164     case PROTO_IPCP:
1165     if (rad_put_addr(r->cx.rad, RAD_FRAMED_IP_ADDRESS,
1166     ac->peer.ip.addr) != 0 ||
1167     rad_put_addr(r->cx.rad, RAD_FRAMED_IP_NETMASK,
1168     ac->peer.ip.mask) != 0) {
1169     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1170     rad_close(r->cx.rad);
1171     return;
1172     }
1173     break;
1174     #ifndef NOINET6
1175     case PROTO_IPV6CP:
1176     if (rad_put_attr(r->cx.rad, RAD_FRAMED_INTERFACE_ID, ac->peer.ipv6.ifid,
1177     sizeof(ac->peer.ipv6.ifid)) != 0) {
1178     log_Printf(LogERROR, "rad_put_attr: %s\n", rad_strerror(r->cx.rad));
1179     rad_close(r->cx.rad);
1180     return;
1181     }
1182     if (r->ipv6prefix) {
1183     /*
1184     * Since PPP doesn't delegate an IPv6 prefix to a peer,
1185     * Framed-IPv6-Prefix may be not used, actually.
1186     */
1187     if (rad_put_attr(r->cx.rad, RAD_FRAMED_IPV6_PREFIX, r->ipv6prefix,
1188     sizeof(struct in6_addr) + 2) != 0) {
1189     log_Printf(LogERROR, "rad_put_attr: %s\n", rad_strerror(r->cx.rad));
1190     rad_close(r->cx.rad);
1191     return;
1192     }
1193     }
1194     break;
1195     #endif
1196     default:
1197     /* We don't log any protocol specific information */
1198     break;
1199     }
1200    
1201     if ((mac_addr = getenv("HISMACADDR")) != NULL &&
1202     rad_put_string(r->cx.rad, RAD_CALLING_STATION_ID, mac_addr) != 0) {
1203     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1204     rad_close(r->cx.rad);
1205     return;
1206     }
1207    
1208     if (gethostname(hostname, sizeof hostname) != 0)
1209     log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno));
1210     else {
1211     if (Enabled(dl->bundle, OPT_NAS_IP_ADDRESS) &&
1212     (hp = gethostbyname(hostname)) != NULL) {
1213     hostaddr.s_addr = *(u_long *)hp->h_addr;
1214     if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
1215     log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
1216     rad_strerror(r->cx.rad));
1217     rad_close(r->cx.rad);
1218     return;
1219     }
1220     }
1221     if (Enabled(dl->bundle, OPT_NAS_IDENTIFIER) &&
1222     rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) {
1223     log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
1224     rad_strerror(r->cx.rad));
1225     rad_close(r->cx.rad);
1226     return;
1227     }
1228     }
1229    
1230 laffer1 2976 radius_put_physical_details(r, dl->physical);
1231 laffer1 2
1232     if (rad_put_int(r->cx.rad, RAD_ACCT_STATUS_TYPE, acct_type) != 0 ||
1233     rad_put_string(r->cx.rad, RAD_ACCT_SESSION_ID, ac->session_id) != 0 ||
1234     rad_put_string(r->cx.rad, RAD_ACCT_MULTI_SESSION_ID,
1235     ac->multi_session_id) != 0 ||
1236     rad_put_int(r->cx.rad, RAD_ACCT_DELAY_TIME, 0) != 0) {
1237     /* XXX ACCT_DELAY_TIME should be increased each time a packet is waiting */
1238     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1239     rad_close(r->cx.rad);
1240     return;
1241     }
1242    
1243     if (acct_type == RAD_STOP || acct_type == RAD_ALIVE)
1244     /* Show some statistics */
1245     if (rad_put_int(r->cx.rad, RAD_ACCT_INPUT_OCTETS, stats->OctetsIn % UINT32_MAX) != 0 ||
1246     rad_put_int(r->cx.rad, RAD_ACCT_INPUT_GIGAWORDS, stats->OctetsIn / UINT32_MAX) != 0 ||
1247     rad_put_int(r->cx.rad, RAD_ACCT_INPUT_PACKETS, stats->PacketsIn) != 0 ||
1248     rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_OCTETS, stats->OctetsOut % UINT32_MAX) != 0 ||
1249     rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_GIGAWORDS, stats->OctetsOut / UINT32_MAX) != 0 ||
1250     rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_PACKETS, stats->PacketsOut)
1251     != 0 ||
1252     rad_put_int(r->cx.rad, RAD_ACCT_SESSION_TIME, throughput_uptime(stats))
1253     != 0) {
1254     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1255     rad_close(r->cx.rad);
1256     return;
1257     }
1258    
1259     if (log_IsKept(LogPHASE) || log_IsKept(LogRADIUS)) {
1260     const char *what;
1261     int level;
1262    
1263     switch (acct_type) {
1264     case RAD_START:
1265     what = "START";
1266     level = log_IsKept(LogPHASE) ? LogPHASE : LogRADIUS;
1267     break;
1268     case RAD_STOP:
1269     what = "STOP";
1270     level = log_IsKept(LogPHASE) ? LogPHASE : LogRADIUS;
1271     break;
1272     case RAD_ALIVE:
1273     what = "ALIVE";
1274     level = LogRADIUS;
1275     break;
1276     default:
1277     what = "<unknown>";
1278     level = log_IsKept(LogPHASE) ? LogPHASE : LogRADIUS;
1279     break;
1280     }
1281     log_Printf(level, "Radius(acct): %s data sent\n", what);
1282     }
1283    
1284     r->cx.auth = NULL; /* Not valid for accounting requests */
1285     if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
1286     radius_Process(r, got);
1287     else {
1288     log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
1289     r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
1290     r->cx.timer.func = radius_Timeout;
1291     r->cx.timer.name = "radius acct";
1292     r->cx.timer.arg = r;
1293     timer_Start(&r->cx.timer);
1294     }
1295     }
1296    
1297     /*
1298     * How do things look at the moment ?
1299     */
1300     void
1301     radius_Show(struct radius *r, struct prompt *p)
1302     {
1303     prompt_Printf(p, " Radius config: %s",
1304     *r->cfg.file ? r->cfg.file : "none");
1305     if (r->valid) {
1306     prompt_Printf(p, "\n IP: %s\n", inet_ntoa(r->ip));
1307     prompt_Printf(p, " Netmask: %s\n", inet_ntoa(r->mask));
1308     prompt_Printf(p, " MTU: %lu\n", r->mtu);
1309     prompt_Printf(p, " VJ: %sabled\n", r->vj ? "en" : "dis");
1310     prompt_Printf(p, " Message: %s\n", r->repstr ? r->repstr : "");
1311     prompt_Printf(p, " MPPE Enc Policy: %s\n",
1312     radius_policyname(r->mppe.policy));
1313     prompt_Printf(p, " MPPE Enc Types: %s\n",
1314     radius_typesname(r->mppe.types));
1315     prompt_Printf(p, " MPPE Recv Key: %seceived\n",
1316     r->mppe.recvkey ? "R" : "Not r");
1317     prompt_Printf(p, " MPPE Send Key: %seceived\n",
1318     r->mppe.sendkey ? "R" : "Not r");
1319     prompt_Printf(p, " MS-CHAP2-Response: %s\n",
1320     r->msrepstr ? r->msrepstr : "");
1321     prompt_Printf(p, " Error Message: %s\n", r->errstr ? r->errstr : "");
1322     if (r->routes)
1323     route_ShowSticky(p, r->routes, " Routes", 16);
1324     #ifndef NOINET6
1325     if (r->ipv6routes)
1326     route_ShowSticky(p, r->ipv6routes, " IPv6 Routes", 16);
1327     #endif
1328     } else
1329     prompt_Printf(p, " (not authenticated)\n");
1330     }
1331    
1332     static void
1333     radius_alive(void *v)
1334     {
1335     struct bundle *bundle = (struct bundle *)v;
1336    
1337     timer_Stop(&bundle->radius.alive.timer);
1338     bundle->radius.alive.timer.load = bundle->radius.alive.interval * SECTICKS;
1339     if (bundle->radius.alive.timer.load) {
1340     radius_Account(&bundle->radius, &bundle->radacct,
1341     bundle->links, RAD_ALIVE, &bundle->ncp.ipcp.throughput);
1342     timer_Start(&bundle->radius.alive.timer);
1343     }
1344     }
1345    
1346     void
1347     radius_StartTimer(struct bundle *bundle)
1348     {
1349     if (bundle->radius.cfg.file && bundle->radius.alive.interval) {
1350     bundle->radius.alive.timer.func = radius_alive;
1351     bundle->radius.alive.timer.name = "radius alive";
1352     bundle->radius.alive.timer.load = bundle->radius.alive.interval * SECTICKS;
1353     bundle->radius.alive.timer.arg = bundle;
1354     radius_alive(bundle);
1355     }
1356     }
1357    
1358     void
1359     radius_StopTimer(struct radius *r)
1360     {
1361     timer_Stop(&r->alive.timer);
1362     }

Properties

Name Value
svn:keywords MidnightBSD=%H