summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrad Smith <brad@cvs.openbsd.org>2005-09-21 01:16:06 +0000
committerBrad Smith <brad@cvs.openbsd.org>2005-09-21 01:16:06 +0000
commit80f7eed5cc8a4974151407b6fbde542635e507e4 (patch)
tree94dfc02f847af7c8f0d486e0bfd09b4b825e6676
parentb0ddc21ffc3ab4ec85f2acae325c229c9e8b63ae (diff)
Install routes specified by Framed-IPv6-Route. Since the format
of Framed-IPv6-Route is user defined, it follows Framed-IP-route. From ume FreeBSD
-rw-r--r--usr.sbin/ppp/ppp/ipv6cp.c4
-rw-r--r--usr.sbin/ppp/ppp/ppp.8.m448
-rw-r--r--usr.sbin/ppp/ppp/radius.c68
-rw-r--r--usr.sbin/ppp/ppp/radius.h6
4 files changed, 121 insertions, 5 deletions
diff --git a/usr.sbin/ppp/ppp/ipv6cp.c b/usr.sbin/ppp/ppp/ipv6cp.c
index 4998c8d3b12..df17924adac 100644
--- a/usr.sbin/ppp/ppp/ipv6cp.c
+++ b/usr.sbin/ppp/ppp/ipv6cp.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: ipv6cp.c,v 1.6 2005/09/19 19:31:46 brad Exp $
+ * $OpenBSD: ipv6cp.c,v 1.7 2005/09/21 01:16:05 brad Exp $
*/
#include <sys/param.h>
@@ -253,7 +253,7 @@ ipcp_SetIPv6address(struct ipv6cp *ipv6cp, u_char *myifid, u_char *hisifid)
#ifndef NORADIUS
if (bundle->radius.valid)
- route_Change(bundle, bundle->radius.routes, &ipv6cp->myaddr,
+ route_Change(bundle, bundle->radius.ipv6routes, &ipv6cp->myaddr,
&ipv6cp->hisaddr);
#endif
diff --git a/usr.sbin/ppp/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp/ppp.8.m4
index e606fb510d8..138cfea3c6a 100644
--- a/usr.sbin/ppp/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp/ppp.8.m4
@@ -25,7 +25,7 @@ changecom(,)dnl
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $OpenBSD: ppp.8.m4,v 1.30 2005/07/26 06:01:02 jmc Exp $
+.\" $OpenBSD: ppp.8.m4,v 1.31 2005/09/21 01:16:05 brad Exp $
.\"
.Dd September 20, 1995
.Dt PPP 8
@@ -5397,6 +5397,52 @@ or
.Dv HISADDR
keywords.
.Pp
+.It RAD_FRAMED_IPV6_ROUTE
+The received string is expected to be in the format
+.Ar dest Ns Op / Ns Ar bits
+.Ar gw
+.Op Ar metrics .
+Any specified metrics are ignored.
+.Dv MYADDR6
+and
+.Dv HISADDR6
+are understood as valid values for
+.Ar dest
+and
+.Ar gw ,
+.Dq default
+can be used for
+.Ar dest
+to sepcify the default route, and
+.Dq ::
+is understood to be the same as
+.Dq default
+for
+.Ar dest
+and
+.Dv HISADDR6
+for
+.Ar gw .
+.Pp
+For example, a returned value of
+.Dq 3ffe:505:abcd::/48 ::
+would result in a routing table entry to the 3ffe:505:abcd::/48 network via
+.Dv HISADDR6
+and a returned value of
+.Dq :: ::
+or
+.Dq default HISADDR6
+would result in a default route to
+.Dv HISADDR6 .
+.Pp
+All RADIUS IPv6 routes are applied after any sticky routes are
+applied, making RADIUS IPv6 routes override configured routes. This
+also applies for RADIUS IPv6 routes that don't {include} the
+.Dv MYADDR6
+or
+.Dv HISADDR6
+keywords.
+.Pp
.It RAD_SESSION_TIMEOUT
If supplied, the client connection is closed after the given number of
seconds.
diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c
index ac98f3ccd35..6a3050259c1 100644
--- a/usr.sbin/ppp/ppp/radius.c
+++ b/usr.sbin/ppp/ppp/radius.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: radius.c,v 1.26 2005/07/17 19:13:25 brad Exp $
+ * $OpenBSD: radius.c,v 1.27 2005/09/21 01:16:05 brad Exp $
*
*/
@@ -235,6 +235,9 @@ radius_Process(struct radius *r, int got)
const char *stype;
u_int32_t ipaddr, vendor;
struct in_addr ip;
+#ifndef NOINET6
+ struct in6_addr ip6;
+#endif
r->cx.fd = -1; /* Stop select()ing */
stype = r->cx.auth ? "auth" : "acct";
@@ -356,6 +359,7 @@ radius_Process(struct radius *r, int got)
log_Printf(LogPHASE, " Route: %s\n", nuke);
bundle = r->cx.auth->physical->dl->bundle;
ip.s_addr = INADDR_ANY;
+ ncpaddr_setip4(&gw, ip);
ncprange_setip4host(&dest, ip);
argc = command_Interpret(nuke, strlen(nuke), argv);
if (argc < 0)
@@ -405,6 +409,58 @@ radius_Process(struct radius *r, int got)
log_Printf(LogPHASE, " Reply-Message \"%s\"\n", r->repstr);
break;
+#ifndef NOINET6
+ case RAD_FRAMED_IPV6_ROUTE:
+ /*
+ * We expect a string of the format ``dest[/bits] gw [metrics]''
+ * Any specified metrics are ignored. MYADDR6 and HISADDR6 are
+ * understood for ``dest'' and ``gw'' and ``::'' is the same
+ * as ``HISADDR6''.
+ */
+
+ if ((nuke = rad_cvt_string(data, len)) == NULL) {
+ log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
+ auth_Failure(r->cx.auth);
+ rad_close(r->cx.rad);
+ return;
+ }
+
+ log_Printf(LogPHASE, " IPv6 Route: %s\n", nuke);
+ bundle = r->cx.auth->physical->dl->bundle;
+ ncpaddr_setip6(&gw, &in6addr_any);
+ ncprange_set(&dest, &gw, 0);
+ argc = command_Interpret(nuke, strlen(nuke), argv);
+ if (argc < 0)
+ log_Printf(LogWARN, "radius: %s: Syntax error\n",
+ argc == 1 ? argv[0] : "\"\"");
+ else if (argc < 2)
+ log_Printf(LogWARN, "radius: %s: Invalid route\n",
+ argc == 1 ? argv[0] : "\"\"");
+ else if ((strcasecmp(argv[0], "default") != 0 &&
+ !ncprange_aton(&dest, &bundle->ncp, argv[0])) ||
+ !ncpaddr_aton(&gw, &bundle->ncp, argv[1]))
+ log_Printf(LogWARN, "radius: %s %s: Invalid route\n",
+ argv[0], argv[1]);
+ else {
+ addrs = 0;
+
+ if (!strncasecmp(argv[0], "HISADDR6", 8))
+ addrs = ROUTE_DSTHISADDR6;
+ else if (!strncasecmp(argv[0], "MYADDR6", 7))
+ addrs = ROUTE_DSTMYADDR6;
+
+ if (ncpaddr_getip6(&gw, &ip6) && IN6_IS_ADDR_UNSPECIFIED(&ip6)) {
+ addrs |= ROUTE_GWHISADDR6;
+ ncpaddr_copy(&gw, &bundle->ncp.ipv6cp.hisaddr);
+ } else if (strcasecmp(argv[1], "HISADDR6") == 0)
+ addrs |= ROUTE_GWHISADDR6;
+
+ route_Add(&r->ipv6routes, addrs, &dest, &gw);
+ }
+ free(nuke);
+ break;
+#endif
+
case RAD_VENDOR_SPECIFIC:
if ((res = rad_get_vendor_attr(&vendor, &data, &len)) <= 0) {
log_Printf(LogERROR, "rad_get_vendor_attr: %s (failing!)\n",
@@ -632,6 +688,9 @@ radius_Init(struct radius *r)
r->mtu = DEF_MTU;
r->msrepstr = NULL;
r->repstr = NULL;
+#ifndef NOINET6
+ r->ipv6routes = NULL;
+#endif
r->errstr = NULL;
r->mppe.policy = 0;
r->mppe.types = 0;
@@ -653,6 +712,9 @@ radius_Destroy(struct radius *r)
log_Printf(LogDEBUG, "Radius: radius_Destroy\n");
timer_Stop(&r->cx.timer);
route_DeleteAll(&r->routes);
+#ifndef NOINET6
+ route_DeleteAll(&r->ipv6routes);
+#endif
free(r->filterid);
r->filterid = NULL;
free(r->msrepstr);
@@ -1055,6 +1117,10 @@ radius_Show(struct radius *r, struct prompt *p)
prompt_Printf(p, " Error Message: %s\n", r->errstr ? r->errstr : "");
if (r->routes)
route_ShowSticky(p, r->routes, " Routes", 16);
+#ifndef NOINET6
+ if (r->ipv6routes)
+ route_ShowSticky(p, r->ipv6routes, " IPv6 Routes", 16);
+#endif
} else
prompt_Printf(p, " (not authenticated)\n");
}
diff --git a/usr.sbin/ppp/ppp/radius.h b/usr.sbin/ppp/ppp/radius.h
index a59a8308d41..406761e4043 100644
--- a/usr.sbin/ppp/ppp/radius.h
+++ b/usr.sbin/ppp/ppp/radius.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: radius.h,v 1.11 2002/06/17 01:14:08 brian Exp $
+ * $OpenBSD: radius.h,v 1.12 2005/09/21 01:16:05 brad Exp $
*/
#define MPPE_POLICY_ALLOWED 1
@@ -51,6 +51,10 @@ struct radius {
char *msrepstr; /* MS-CHAP2-Response */
char *repstr; /* Reply-Message */
char *errstr; /* Error-Message */
+#ifndef NOINET6
+ uint8_t *ipv6prefix; /* FRAMED IPv6 Prefix */
+ struct sticky_route *ipv6routes; /* FRAMED IPv6 Routes */
+#endif
struct {
int policy; /* MPPE_POLICY_* */
int types; /* MPPE_TYPE_*BIT bitmask */