diff options
author | Brad Smith <brad@cvs.openbsd.org> | 2005-09-21 01:16:06 +0000 |
---|---|---|
committer | Brad Smith <brad@cvs.openbsd.org> | 2005-09-21 01:16:06 +0000 |
commit | 80f7eed5cc8a4974151407b6fbde542635e507e4 (patch) | |
tree | 94dfc02f847af7c8f0d486e0bfd09b4b825e6676 | |
parent | b0ddc21ffc3ab4ec85f2acae325c229c9e8b63ae (diff) |
Install routes specified by Framed-IPv6-Route. Since the format
of Framed-IPv6-Route is user defined, it follows Framed-IP-route.
From ume FreeBSD
-rw-r--r-- | usr.sbin/ppp/ppp/ipv6cp.c | 4 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/ppp.8.m4 | 48 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/radius.c | 68 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/radius.h | 6 |
4 files changed, 121 insertions, 5 deletions
diff --git a/usr.sbin/ppp/ppp/ipv6cp.c b/usr.sbin/ppp/ppp/ipv6cp.c index 4998c8d3b12..df17924adac 100644 --- a/usr.sbin/ppp/ppp/ipv6cp.c +++ b/usr.sbin/ppp/ppp/ipv6cp.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: ipv6cp.c,v 1.6 2005/09/19 19:31:46 brad Exp $ + * $OpenBSD: ipv6cp.c,v 1.7 2005/09/21 01:16:05 brad Exp $ */ #include <sys/param.h> @@ -253,7 +253,7 @@ ipcp_SetIPv6address(struct ipv6cp *ipv6cp, u_char *myifid, u_char *hisifid) #ifndef NORADIUS if (bundle->radius.valid) - route_Change(bundle, bundle->radius.routes, &ipv6cp->myaddr, + route_Change(bundle, bundle->radius.ipv6routes, &ipv6cp->myaddr, &ipv6cp->hisaddr); #endif diff --git a/usr.sbin/ppp/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp/ppp.8.m4 index e606fb510d8..138cfea3c6a 100644 --- a/usr.sbin/ppp/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp/ppp.8.m4 @@ -25,7 +25,7 @@ changecom(,)dnl .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: ppp.8.m4,v 1.30 2005/07/26 06:01:02 jmc Exp $ +.\" $OpenBSD: ppp.8.m4,v 1.31 2005/09/21 01:16:05 brad Exp $ .\" .Dd September 20, 1995 .Dt PPP 8 @@ -5397,6 +5397,52 @@ or .Dv HISADDR keywords. .Pp +.It RAD_FRAMED_IPV6_ROUTE +The received string is expected to be in the format +.Ar dest Ns Op / Ns Ar bits +.Ar gw +.Op Ar metrics . +Any specified metrics are ignored. +.Dv MYADDR6 +and +.Dv HISADDR6 +are understood as valid values for +.Ar dest +and +.Ar gw , +.Dq default +can be used for +.Ar dest +to sepcify the default route, and +.Dq :: +is understood to be the same as +.Dq default +for +.Ar dest +and +.Dv HISADDR6 +for +.Ar gw . +.Pp +For example, a returned value of +.Dq 3ffe:505:abcd::/48 :: +would result in a routing table entry to the 3ffe:505:abcd::/48 network via +.Dv HISADDR6 +and a returned value of +.Dq :: :: +or +.Dq default HISADDR6 +would result in a default route to +.Dv HISADDR6 . +.Pp +All RADIUS IPv6 routes are applied after any sticky routes are +applied, making RADIUS IPv6 routes override configured routes. This +also applies for RADIUS IPv6 routes that don't {include} the +.Dv MYADDR6 +or +.Dv HISADDR6 +keywords. +.Pp .It RAD_SESSION_TIMEOUT If supplied, the client connection is closed after the given number of seconds. diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c index ac98f3ccd35..6a3050259c1 100644 --- a/usr.sbin/ppp/ppp/radius.c +++ b/usr.sbin/ppp/ppp/radius.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: radius.c,v 1.26 2005/07/17 19:13:25 brad Exp $ + * $OpenBSD: radius.c,v 1.27 2005/09/21 01:16:05 brad Exp $ * */ @@ -235,6 +235,9 @@ radius_Process(struct radius *r, int got) const char *stype; u_int32_t ipaddr, vendor; struct in_addr ip; +#ifndef NOINET6 + struct in6_addr ip6; +#endif r->cx.fd = -1; /* Stop select()ing */ stype = r->cx.auth ? "auth" : "acct"; @@ -356,6 +359,7 @@ radius_Process(struct radius *r, int got) log_Printf(LogPHASE, " Route: %s\n", nuke); bundle = r->cx.auth->physical->dl->bundle; ip.s_addr = INADDR_ANY; + ncpaddr_setip4(&gw, ip); ncprange_setip4host(&dest, ip); argc = command_Interpret(nuke, strlen(nuke), argv); if (argc < 0) @@ -405,6 +409,58 @@ radius_Process(struct radius *r, int got) log_Printf(LogPHASE, " Reply-Message \"%s\"\n", r->repstr); break; +#ifndef NOINET6 + case RAD_FRAMED_IPV6_ROUTE: + /* + * We expect a string of the format ``dest[/bits] gw [metrics]'' + * Any specified metrics are ignored. MYADDR6 and HISADDR6 are + * understood for ``dest'' and ``gw'' and ``::'' is the same + * as ``HISADDR6''. + */ + + if ((nuke = rad_cvt_string(data, len)) == NULL) { + log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad)); + auth_Failure(r->cx.auth); + rad_close(r->cx.rad); + return; + } + + log_Printf(LogPHASE, " IPv6 Route: %s\n", nuke); + bundle = r->cx.auth->physical->dl->bundle; + ncpaddr_setip6(&gw, &in6addr_any); + ncprange_set(&dest, &gw, 0); + argc = command_Interpret(nuke, strlen(nuke), argv); + if (argc < 0) + log_Printf(LogWARN, "radius: %s: Syntax error\n", + argc == 1 ? argv[0] : "\"\""); + else if (argc < 2) + log_Printf(LogWARN, "radius: %s: Invalid route\n", + argc == 1 ? argv[0] : "\"\""); + else if ((strcasecmp(argv[0], "default") != 0 && + !ncprange_aton(&dest, &bundle->ncp, argv[0])) || + !ncpaddr_aton(&gw, &bundle->ncp, argv[1])) + log_Printf(LogWARN, "radius: %s %s: Invalid route\n", + argv[0], argv[1]); + else { + addrs = 0; + + if (!strncasecmp(argv[0], "HISADDR6", 8)) + addrs = ROUTE_DSTHISADDR6; + else if (!strncasecmp(argv[0], "MYADDR6", 7)) + addrs = ROUTE_DSTMYADDR6; + + if (ncpaddr_getip6(&gw, &ip6) && IN6_IS_ADDR_UNSPECIFIED(&ip6)) { + addrs |= ROUTE_GWHISADDR6; + ncpaddr_copy(&gw, &bundle->ncp.ipv6cp.hisaddr); + } else if (strcasecmp(argv[1], "HISADDR6") == 0) + addrs |= ROUTE_GWHISADDR6; + + route_Add(&r->ipv6routes, addrs, &dest, &gw); + } + free(nuke); + break; +#endif + case RAD_VENDOR_SPECIFIC: if ((res = rad_get_vendor_attr(&vendor, &data, &len)) <= 0) { log_Printf(LogERROR, "rad_get_vendor_attr: %s (failing!)\n", @@ -632,6 +688,9 @@ radius_Init(struct radius *r) r->mtu = DEF_MTU; r->msrepstr = NULL; r->repstr = NULL; +#ifndef NOINET6 + r->ipv6routes = NULL; +#endif r->errstr = NULL; r->mppe.policy = 0; r->mppe.types = 0; @@ -653,6 +712,9 @@ radius_Destroy(struct radius *r) log_Printf(LogDEBUG, "Radius: radius_Destroy\n"); timer_Stop(&r->cx.timer); route_DeleteAll(&r->routes); +#ifndef NOINET6 + route_DeleteAll(&r->ipv6routes); +#endif free(r->filterid); r->filterid = NULL; free(r->msrepstr); @@ -1055,6 +1117,10 @@ radius_Show(struct radius *r, struct prompt *p) prompt_Printf(p, " Error Message: %s\n", r->errstr ? r->errstr : ""); if (r->routes) route_ShowSticky(p, r->routes, " Routes", 16); +#ifndef NOINET6 + if (r->ipv6routes) + route_ShowSticky(p, r->ipv6routes, " IPv6 Routes", 16); +#endif } else prompt_Printf(p, " (not authenticated)\n"); } diff --git a/usr.sbin/ppp/ppp/radius.h b/usr.sbin/ppp/ppp/radius.h index a59a8308d41..406761e4043 100644 --- a/usr.sbin/ppp/ppp/radius.h +++ b/usr.sbin/ppp/ppp/radius.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: radius.h,v 1.11 2002/06/17 01:14:08 brian Exp $ + * $OpenBSD: radius.h,v 1.12 2005/09/21 01:16:05 brad Exp $ */ #define MPPE_POLICY_ALLOWED 1 @@ -51,6 +51,10 @@ struct radius { char *msrepstr; /* MS-CHAP2-Response */ char *repstr; /* Reply-Message */ char *errstr; /* Error-Message */ +#ifndef NOINET6 + uint8_t *ipv6prefix; /* FRAMED IPv6 Prefix */ + struct sticky_route *ipv6routes; /* FRAMED IPv6 Routes */ +#endif struct { int policy; /* MPPE_POLICY_* */ int types; /* MPPE_TYPE_*BIT bitmask */ |