summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>1999-02-06 03:22:50 +0000
committerbrian <brian@cvs.openbsd.org>1999-02-06 03:22:50 +0000
commit2af1aed63620b581255ec92d5ac3a11a8411063d (patch)
tree5c0699a9b7923f8a1f56cd6fb68f936a7e7abd2a /usr.sbin
parentea5107c2b569aa24b669049bc54723c410a7ac50 (diff)
Support RADIUS
While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/ppp/ppp/Makefile24
-rw-r--r--usr.sbin/ppp/ppp/alias_cmd.c7
-rw-r--r--usr.sbin/ppp/ppp/alias_cmd.h2
-rw-r--r--usr.sbin/ppp/ppp/arp.c7
-rw-r--r--usr.sbin/ppp/ppp/arp.h2
-rw-r--r--usr.sbin/ppp/ppp/async.c2
-rw-r--r--usr.sbin/ppp/ppp/async.h2
-rw-r--r--usr.sbin/ppp/ppp/auth.c132
-rw-r--r--usr.sbin/ppp/ppp/auth.h27
-rw-r--r--usr.sbin/ppp/ppp/bundle.c34
-rw-r--r--usr.sbin/ppp/ppp/bundle.h26
-rw-r--r--usr.sbin/ppp/ppp/cbcp.c4
-rw-r--r--usr.sbin/ppp/ppp/cbcp.h2
-rw-r--r--usr.sbin/ppp/ppp/ccp.c8
-rw-r--r--usr.sbin/ppp/ppp/ccp.h2
-rw-r--r--usr.sbin/ppp/ppp/chap.c484
-rw-r--r--usr.sbin/ppp/ppp/chap.h10
-rw-r--r--usr.sbin/ppp/ppp/chap_ms.c2
-rw-r--r--usr.sbin/ppp/ppp/chap_ms.h2
-rw-r--r--usr.sbin/ppp/ppp/chat.c7
-rw-r--r--usr.sbin/ppp/ppp/chat.h2
-rw-r--r--usr.sbin/ppp/ppp/command.c55
-rw-r--r--usr.sbin/ppp/ppp/command.h2
-rw-r--r--usr.sbin/ppp/ppp/datalink.c54
-rw-r--r--usr.sbin/ppp/ppp/datalink.h4
-rw-r--r--usr.sbin/ppp/ppp/deflate.c2
-rw-r--r--usr.sbin/ppp/ppp/deflate.h2
-rw-r--r--usr.sbin/ppp/ppp/defs.c2
-rw-r--r--usr.sbin/ppp/ppp/defs.h5
-rw-r--r--usr.sbin/ppp/ppp/descriptor.h3
-rw-r--r--usr.sbin/ppp/ppp/filter.c54
-rw-r--r--usr.sbin/ppp/ppp/filter.h5
-rw-r--r--usr.sbin/ppp/ppp/fsm.c7
-rw-r--r--usr.sbin/ppp/ppp/fsm.h2
-rw-r--r--usr.sbin/ppp/ppp/hdlc.c11
-rw-r--r--usr.sbin/ppp/ppp/hdlc.h2
-rw-r--r--usr.sbin/ppp/ppp/id.c2
-rw-r--r--usr.sbin/ppp/ppp/id.h2
-rw-r--r--usr.sbin/ppp/ppp/iface.c7
-rw-r--r--usr.sbin/ppp/ppp/iface.h2
-rw-r--r--usr.sbin/ppp/ppp/ip.c7
-rw-r--r--usr.sbin/ppp/ppp/ip.h2
-rw-r--r--usr.sbin/ppp/ppp/ipcp.c60
-rw-r--r--usr.sbin/ppp/ppp/ipcp.h17
-rw-r--r--usr.sbin/ppp/ppp/iplist.c2
-rw-r--r--usr.sbin/ppp/ppp/iplist.h2
-rw-r--r--usr.sbin/ppp/ppp/lcp.c7
-rw-r--r--usr.sbin/ppp/ppp/lcp.h2
-rw-r--r--usr.sbin/ppp/ppp/lcpproto.h2
-rw-r--r--usr.sbin/ppp/ppp/link.c3
-rw-r--r--usr.sbin/ppp/ppp/link.h2
-rw-r--r--usr.sbin/ppp/ppp/log.c2
-rw-r--r--usr.sbin/ppp/ppp/log.h2
-rw-r--r--usr.sbin/ppp/ppp/lqr.c4
-rw-r--r--usr.sbin/ppp/ppp/lqr.h2
-rw-r--r--usr.sbin/ppp/ppp/main.c9
-rw-r--r--usr.sbin/ppp/ppp/main.h2
-rw-r--r--usr.sbin/ppp/ppp/mbuf.c9
-rw-r--r--usr.sbin/ppp/ppp/mbuf.h2
-rw-r--r--usr.sbin/ppp/ppp/modem.c5
-rw-r--r--usr.sbin/ppp/ppp/modem.h2
-rw-r--r--usr.sbin/ppp/ppp/mp.c7
-rw-r--r--usr.sbin/ppp/ppp/mp.h2
-rw-r--r--usr.sbin/ppp/ppp/pap.c219
-rw-r--r--usr.sbin/ppp/ppp/pap.h7
-rw-r--r--usr.sbin/ppp/ppp/physical.c2
-rw-r--r--usr.sbin/ppp/ppp/physical.h2
-rw-r--r--usr.sbin/ppp/ppp/ppp.8120
-rw-r--r--usr.sbin/ppp/ppp/pred.c2
-rw-r--r--usr.sbin/ppp/ppp/pred.h2
-rw-r--r--usr.sbin/ppp/ppp/probe.c2
-rw-r--r--usr.sbin/ppp/ppp/probe.h2
-rw-r--r--usr.sbin/ppp/ppp/prompt.c5
-rw-r--r--usr.sbin/ppp/ppp/prompt.h2
-rw-r--r--usr.sbin/ppp/ppp/radius.c423
-rw-r--r--usr.sbin/ppp/ppp/radius.h58
-rw-r--r--usr.sbin/ppp/ppp/radlib.c783
-rw-r--r--usr.sbin/ppp/ppp/radlib.h130
-rw-r--r--usr.sbin/ppp/ppp/radlib_private.h86
-rw-r--r--usr.sbin/ppp/ppp/route.c62
-rw-r--r--usr.sbin/ppp/ppp/route.h5
-rw-r--r--usr.sbin/ppp/ppp/server.c2
-rw-r--r--usr.sbin/ppp/ppp/server.h2
-rw-r--r--usr.sbin/ppp/ppp/sig.c2
-rw-r--r--usr.sbin/ppp/ppp/sig.h2
-rw-r--r--usr.sbin/ppp/ppp/slcompress.c7
-rw-r--r--usr.sbin/ppp/ppp/slcompress.h2
-rw-r--r--usr.sbin/ppp/ppp/systems.c2
-rw-r--r--usr.sbin/ppp/ppp/systems.h2
-rw-r--r--usr.sbin/ppp/ppp/throughput.c2
-rw-r--r--usr.sbin/ppp/ppp/throughput.h2
-rw-r--r--usr.sbin/ppp/ppp/timer.c2
-rw-r--r--usr.sbin/ppp/ppp/timer.h2
-rw-r--r--usr.sbin/ppp/ppp/tun.c17
-rw-r--r--usr.sbin/ppp/ppp/tun.h2
-rw-r--r--usr.sbin/ppp/ppp/ua.h2
-rw-r--r--usr.sbin/ppp/ppp/vjcomp.c8
-rw-r--r--usr.sbin/ppp/ppp/vjcomp.h2
98 files changed, 2541 insertions, 596 deletions
diff --git a/usr.sbin/ppp/ppp/Makefile b/usr.sbin/ppp/ppp/Makefile
index dee84377e8d..042db528042 100644
--- a/usr.sbin/ppp/ppp/Makefile
+++ b/usr.sbin/ppp/ppp/Makefile
@@ -1,13 +1,14 @@
-# $Id: Makefile,v 1.5 1998/10/29 02:21:44 brian Exp $
+# $Id: Makefile,v 1.6 1999/02/06 03:22:30 brian Exp $
PROG= ppp
-SRCS= arp.c async.c auth.c bundle.c cbcp.c ccp.c chap.c chap_ms.c chat.c \
- command.c datalink.c deflate.c defs.c filter.c fsm.c hdlc.c id.c \
- iface.c ip.c ipcp.c iplist.c lcp.c link.c log.c lqr.c main.c mbuf.c \
- modem.c mp.c pap.c physical.c pred.c probe.c prompt.c route.c \
- server.c sig.c slcompress.c systems.c throughput.c timer.c tun.c \
- vjcomp.c
-CFLAGS+=-Wall -DHAVE_DES
+SRCS= alias.c alias_cmd.c alias_cuseeme.c alias_db.c alias_ftp.c \
+ alias_irc.c alias_nbt.c alias_util.c arp.c async.c auth.c bundle.c \
+ cbcp.c ccp.c chap.c chap_ms.c chat.c command.c datalink.c deflate.c \
+ defs.c filter.c fsm.c hdlc.c id.c iface.c ip.c ipcp.c iplist.c lcp.c \
+ link.c log.c lqr.c main.c mbuf.c modem.c mp.c pap.c physical.c pred.c \
+ probe.c prompt.c radius.c radlib.c route.c server.c sig.c slcompress.c \
+ systems.c throughput.c timer.c tun.c vjcomp.c
+CFLAGS+=-Wall -DHAVE_DES -DNO_FW_PUNCH
LDADD+= -ldes -lutil -lz
DPADD+= ${LIBDES} ${LIBUTIL} ${LIBZ}
BINMODE=4554
@@ -15,12 +16,5 @@ BINOWN= root
BINGRP= network
MAN= ppp.8
-.if defined(NOALIAS)
-CFLAGS+=-DNOALIAS
-.else
-CFLAGS+=-DNO_FW_PUNCH
-SRCS+= alias.c alias_cmd.c alias_cuseeme.c alias_db.c alias_ftp.c \
- alias_irc.c alias_nbt.c alias_util.c
-.endif
.include <bsd.prog.mk>
diff --git a/usr.sbin/ppp/ppp/alias_cmd.c b/usr.sbin/ppp/ppp/alias_cmd.c
index 335b7465a4e..7acb2cd1d7d 100644
--- a/usr.sbin/ppp/ppp/alias_cmd.c
+++ b/usr.sbin/ppp/ppp/alias_cmd.c
@@ -2,10 +2,10 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
- * $Id: alias_cmd.c,v 1.2 1998/08/31 08:16:27 brian Exp $
+ * $Id: alias_cmd.c,v 1.3 1999/02/06 03:22:30 brian Exp $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
@@ -44,6 +44,9 @@
#include "link.h"
#include "mp.h"
#include "filter.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
diff --git a/usr.sbin/ppp/ppp/alias_cmd.h b/usr.sbin/ppp/ppp/alias_cmd.h
index ff5476659b4..1f38ff55893 100644
--- a/usr.sbin/ppp/ppp/alias_cmd.h
+++ b/usr.sbin/ppp/ppp/alias_cmd.h
@@ -2,7 +2,7 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
- * $Id: alias_cmd.h,v 1.1 1998/08/31 00:22:15 brian Exp $
+ * $Id: alias_cmd.h,v 1.2 1999/02/06 03:22:30 brian Exp $
*/
struct cmdargs;
diff --git a/usr.sbin/ppp/ppp/arp.c b/usr.sbin/ppp/ppp/arp.c
index 19cd1fcbbe7..04f6be66e25 100644
--- a/usr.sbin/ppp/ppp/arp.c
+++ b/usr.sbin/ppp/ppp/arp.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: arp.c,v 1.2 1998/10/29 02:21:44 brian Exp $
+ * $Id: arp.c,v 1.3 1999/02/06 03:22:30 brian Exp $
*
*/
@@ -25,7 +25,7 @@
* TODO:
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/socket.h>
#include <net/if.h>
#include <net/route.h>
@@ -62,6 +62,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "arp.h"
diff --git a/usr.sbin/ppp/ppp/arp.h b/usr.sbin/ppp/ppp/arp.h
index a37821924eb..39d9d5b97f4 100644
--- a/usr.sbin/ppp/ppp/arp.h
+++ b/usr.sbin/ppp/ppp/arp.h
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: arp.h,v 1.1 1998/08/31 00:22:15 brian Exp $
+ * $Id: arp.h,v 1.2 1999/02/06 03:22:31 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/async.c b/usr.sbin/ppp/ppp/async.c
index a4502ca1b5d..67447402a79 100644
--- a/usr.sbin/ppp/ppp/async.c
+++ b/usr.sbin/ppp/ppp/async.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: async.c,v 1.1 1998/08/31 00:22:15 brian Exp $
+ * $Id: async.c,v 1.2 1999/02/06 03:22:31 brian Exp $
*
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/async.h b/usr.sbin/ppp/ppp/async.h
index ccac7fe481c..d2e8888cc21 100644
--- a/usr.sbin/ppp/ppp/async.h
+++ b/usr.sbin/ppp/ppp/async.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: async.h,v 1.1 1998/08/31 00:22:16 brian Exp $
+ * $Id: async.h,v 1.2 1999/02/06 03:22:31 brian Exp $
*/
#define HDLCSIZE (MAX_MRU*2+6)
diff --git a/usr.sbin/ppp/ppp/auth.c b/usr.sbin/ppp/ppp/auth.c
index 88b2d7a477d..170f41c46ac 100644
--- a/usr.sbin/ppp/ppp/auth.c
+++ b/usr.sbin/ppp/ppp/auth.c
@@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: auth.c,v 1.4 1999/02/02 09:49:57 brian Exp $
+ * $Id: auth.c,v 1.5 1999/02/06 03:22:31 brian Exp $
*
* TODO:
* o Implement check against with registered IP addresses.
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -55,6 +55,9 @@
#include "lcpproto.h"
#include "filter.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "cbcp.h"
#include "chap.h"
#include "async.h"
@@ -112,12 +115,12 @@ auth_SetPhoneList(const char *name, char *phone, int phonelen)
if (n < 5)
continue;
if (strcmp(vector[0], name) == 0) {
- CloseSecret(fp);
- if (*vector[4] == '\0')
+ CloseSecret(fp);
+ if (*vector[4] == '\0')
return 0;
strncpy(phone, vector[4], phonelen - 1);
phone[phonelen - 1] = '\0';
- return 1; /* Valid */
+ return 1; /* Valid */
}
}
CloseSecret(fp);
@@ -135,10 +138,20 @@ auth_Select(struct bundle *bundle, const char *name)
char buff[LINE_LEN];
if (*name == '\0') {
- ipcp_Setup(&bundle->ncp.ipcp);
+ ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
return 1;
}
+#ifndef NORADIUS
+ if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) {
+ /* We've got a radius IP - it overrides everything */
+ if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip))
+ return 0;
+ ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr);
+ /* Continue with ppp.secret in case we've got a new label */
+ }
+#endif
+
fp = OpenSecret(SECRETFILE);
if (fp != NULL) {
while (fgets(buff, sizeof buff, fp)) {
@@ -150,14 +163,20 @@ auth_Select(struct bundle *bundle, const char *name)
if (n < 2)
continue;
if (strcmp(vector[0], name) == 0) {
- CloseSecret(fp);
- if (n > 2 && *vector[2] && strcmp(vector[2], "*") &&
- !ipcp_UseHisaddr(bundle, vector[2], 1))
- return 0;
- ipcp_Setup(&bundle->ncp.ipcp);
- if (n > 3 && *vector[3] && strcmp(vector[3], "*"))
- bundle_SetLabel(bundle, vector[3]);
- return 1; /* Valid */
+ CloseSecret(fp);
+#ifndef NORADIUS
+ if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) {
+#endif
+ if (n > 2 && *vector[2] && strcmp(vector[2], "*") &&
+ !ipcp_UseHisaddr(bundle, vector[2], 1))
+ return 0;
+ ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
+#ifndef NORADIUS
+ }
+#endif
+ if (n > 3 && *vector[3] && strcmp(vector[3], "*"))
+ bundle_SetLabel(bundle, vector[3]);
+ return 1; /* Valid */
}
}
CloseSecret(fp);
@@ -165,16 +184,21 @@ auth_Select(struct bundle *bundle, const char *name)
#ifndef NOPASSWDAUTH
/* Let 'em in anyway - they must have been in the passwd file */
- ipcp_Setup(&bundle->ncp.ipcp);
+ ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
return 1;
#else
- /* Disappeared from ppp.secret ? */
+#ifndef NORADIUS
+ if (bundle->radius.valid)
+ return 1;
+#endif
+
+ /* Disappeared from ppp.secret ??? */
return 0;
#endif
}
int
-auth_Validate(struct bundle *bundle, const char *system,
+auth_Validate(struct bundle *bundle, const char *name,
const char *key, struct physical *physical)
{
/* Used by PAP routines */
@@ -194,9 +218,9 @@ auth_Validate(struct bundle *bundle, const char *system,
n = MakeArgs(buff, vector, VECSIZE(vector));
if (n < 2)
continue;
- if (strcmp(vector[0], system) == 0) {
- CloseSecret(fp);
- return auth_CheckPasswd(vector[0], vector[1], key);
+ if (strcmp(vector[0], name) == 0) {
+ CloseSecret(fp);
+ return auth_CheckPasswd(name, vector[1], key);
}
}
CloseSecret(fp);
@@ -204,14 +228,14 @@ auth_Validate(struct bundle *bundle, const char *system,
#ifndef NOPASSWDAUTH
if (Enabled(bundle, OPT_PASSWDAUTH))
- return auth_CheckPasswd(system, "*", key);
+ return auth_CheckPasswd(name, "*", key);
#endif
return 0; /* Invalid */
}
char *
-auth_GetSecret(struct bundle *bundle, const char *system, int len,
+auth_GetSecret(struct bundle *bundle, const char *name, int len,
struct physical *physical)
{
/* Used by CHAP routines */
@@ -233,7 +257,7 @@ auth_GetSecret(struct bundle *bundle, const char *system, int len,
n = MakeArgs(buff, vector, VECSIZE(vector));
if (n < 2)
continue;
- if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
+ if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) {
CloseSecret(fp);
return vector[1];
}
@@ -249,8 +273,9 @@ AuthTimeout(void *vauthp)
timer_Stop(&authp->authtimer);
if (--authp->retry > 0) {
+ authp->id++;
+ (*authp->fn.req)(authp);
timer_Start(&authp->authtimer);
- (*authp->ChallengeFunc)(authp, ++authp->id, authp->physical);
} else {
log_Printf(LogPHASE, "Auth: No response from server\n");
datalink_AuthNotOk(authp->physical->dl);
@@ -258,26 +283,28 @@ AuthTimeout(void *vauthp)
}
void
-auth_Init(struct authinfo *authinfo)
+auth_Init(struct authinfo *authp, struct physical *p, auth_func req,
+ auth_func success, auth_func failure)
{
- memset(authinfo, '\0', sizeof(struct authinfo));
- authinfo->cfg.fsmretry = DEF_FSMRETRY;
+ memset(authp, '\0', sizeof(struct authinfo));
+ authp->cfg.fsmretry = DEF_FSMRETRY;
+ authp->fn.req = req;
+ authp->fn.success = success;
+ authp->fn.failure = failure;
+ authp->physical = p;
}
void
-auth_StartChallenge(struct authinfo *authp, struct physical *physical,
- void (*chal)(struct authinfo *, int, struct physical *))
+auth_StartReq(struct authinfo *authp)
{
- authp->ChallengeFunc = chal;
- authp->physical = physical;
timer_Stop(&authp->authtimer);
authp->authtimer.func = AuthTimeout;
authp->authtimer.name = "auth";
authp->authtimer.load = authp->cfg.fsmretry * SECTICKS;
- authp->authtimer.arg = (void *) authp;
+ authp->authtimer.arg = (void *)authp;
authp->retry = 3;
authp->id = 1;
- (*authp->ChallengeFunc)(authp, authp->id, physical);
+ (*authp->fn.req)(authp);
timer_Start(&authp->authtimer);
}
@@ -285,5 +312,42 @@ void
auth_StopTimer(struct authinfo *authp)
{
timer_Stop(&authp->authtimer);
- authp->physical = NULL;
+}
+
+struct mbuf *
+auth_ReadHeader(struct authinfo *authp, struct mbuf *bp)
+{
+ int len;
+
+ len = mbuf_Length(bp);
+ if (len >= sizeof authp->in.hdr) {
+ bp = mbuf_Read(bp, (u_char *)&authp->in.hdr, sizeof authp->in.hdr);
+ if (len >= ntohs(authp->in.hdr.length))
+ return bp;
+ }
+
+ mbuf_Free(bp);
+ return NULL;
+}
+
+struct mbuf *
+auth_ReadName(struct authinfo *authp, struct mbuf *bp, int len)
+{
+ if (len > sizeof authp->in.name - 1)
+ log_Printf(LogERROR, "auth_ReadName: Name too long (%d) !\n", len);
+ else {
+ int mlen = mbuf_Length(bp);
+
+ if (len > mlen)
+ log_Printf(LogERROR, "auth_ReadName: Short packet !\n");
+ else {
+ bp = mbuf_Read(bp, (u_char *)authp->in.name, len);
+ authp->in.name[len] = '\0';
+ return bp;
+ }
+ }
+
+ *authp->in.name = '\0';
+ mbuf_Free(bp);
+ return NULL;
}
diff --git a/usr.sbin/ppp/ppp/auth.h b/usr.sbin/ppp/ppp/auth.h
index 37d06aa5ee3..16683709b9a 100644
--- a/usr.sbin/ppp/ppp/auth.h
+++ b/usr.sbin/ppp/ppp/auth.h
@@ -15,16 +15,26 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: auth.h,v 1.3 1999/02/02 09:49:57 brian Exp $
+ * $Id: auth.h,v 1.4 1999/02/06 03:22:31 brian Exp $
*
* TODO:
*/
struct physical;
struct bundle;
+struct authinfo;
+typedef void (*auth_func)(struct authinfo *);
struct authinfo {
- void (*ChallengeFunc)(struct authinfo *, int, struct physical *);
+ struct {
+ auth_func req;
+ auth_func success;
+ auth_func failure;
+ } fn;
+ struct {
+ struct fsmheader hdr;
+ char name[AUTHLEN];
+ } in;
struct pppTimer authtimer;
int retry;
int id;
@@ -34,16 +44,19 @@ struct authinfo {
} cfg;
};
-extern const char *Auth2Nam(u_short);
+#define auth_Failure(a) (*a->fn.failure)(a);
+#define auth_Success(a) (*a->fn.success)(a);
-extern void auth_Init(struct authinfo *);
+extern const char *Auth2Nam(u_short);
+extern void auth_Init(struct authinfo *, struct physical *,
+ auth_func, auth_func, auth_func);
extern void auth_StopTimer(struct authinfo *);
-extern void auth_StartChallenge(struct authinfo *, struct physical *,
- void (*)(struct authinfo *, int,
- struct physical *));
+extern void auth_StartReq(struct authinfo *);
extern int auth_Validate(struct bundle *, const char *, const char *,
struct physical *);
extern char *auth_GetSecret(struct bundle *, const char *, int,
struct physical *);
extern int auth_SetPhoneList(const char *, char *, int);
extern int auth_Select(struct bundle *, const char *);
+extern struct mbuf *auth_ReadHeader(struct authinfo *, struct mbuf *);
+extern struct mbuf *auth_ReadName(struct authinfo *, struct mbuf *, int);
diff --git a/usr.sbin/ppp/ppp/bundle.c b/usr.sbin/ppp/ppp/bundle.c
index 398aacf17af..41ea14f1771 100644
--- a/usr.sbin/ppp/ppp/bundle.c
+++ b/usr.sbin/ppp/ppp/bundle.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: bundle.c,v 1.7 1999/02/04 11:54:47 brian Exp $
+ * $Id: bundle.c,v 1.8 1999/02/06 03:22:31 brian Exp $
*/
#include <sys/param.h>
@@ -32,7 +32,6 @@
#include <net/if.h>
#include <arpa/inet.h>
#include <net/route.h>
-#include <net/if_dl.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <sys/un.h>
@@ -76,6 +75,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "async.h"
#include "physical.h"
@@ -134,7 +136,6 @@ bundle_NewPhase(struct bundle *bundle, u_int new)
break;
case PHASE_NETWORK:
- ipcp_Setup(&bundle->ncp.ipcp);
fsm_Up(&bundle->ncp.ipcp.fsm);
fsm_Open(&bundle->ncp.ipcp.fsm);
bundle->phase = new;
@@ -556,6 +557,10 @@ bundle_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
}
}
+#ifndef NORADIUS
+ result += descriptor_UpdateSet(&bundle->radius.desc, r, w, e, n);
+#endif
+
/* Which links need a select() ? */
for (dl = bundle->links; dl; dl = dl->next)
result += descriptor_UpdateSet(&dl->desc, r, w, e, n);
@@ -580,6 +585,11 @@ bundle_IsSet(struct descriptor *d, const fd_set *fdset)
if (descriptor_IsSet(&dl->desc, fdset))
return 1;
+#ifndef NORADIUS
+ if (descriptor_IsSet(&bundle->radius.desc, fdset))
+ return 1;
+#endif
+
if (descriptor_IsSet(&bundle->ncp.mp.server.desc, fdset))
return 1;
@@ -599,6 +609,11 @@ bundle_DescriptorRead(struct descriptor *d, struct bundle *bundle,
if (descriptor_IsSet(&dl->desc, fdset))
descriptor_Read(&dl->desc, bundle, fdset);
+#ifndef NORADIUS
+ if (descriptor_IsSet(&bundle->radius.desc, fdset))
+ descriptor_Read(&bundle->radius.desc, bundle, fdset);
+#endif
+
if (FD_ISSET(bundle->dev.fd, fdset)) {
struct tun_data tun;
int n, pri;
@@ -874,6 +889,9 @@ bundle_Create(const char *prefix, int type, const char **argv)
bundle.autoload.done = 0;
bundle.autoload.running = 0;
memset(&bundle.choked.timer, '\0', sizeof bundle.choked.timer);
+#ifndef NORADIUS
+ radius_Init(&bundle.radius);
+#endif
/* Clean out any leftover crud */
iface_Clear(bundle.iface, IFACE_CLEAR_ALL);
@@ -933,6 +951,11 @@ bundle_Destroy(struct bundle *bundle)
ipcp_CleanInterface(&bundle->ncp.ipcp);
bundle_DownInterface(bundle);
+#ifndef NORADIUS
+ /* Tell the radius server the bad news */
+ radius_Destroy(&bundle->radius);
+#endif
+
/* Again, these are all DATALINK_CLOSED unless we're abending */
dl = bundle->links;
while (dl)
@@ -1224,6 +1247,11 @@ bundle_ShowStatus(struct cmdargs const *arg)
prompt_Printf(arg->prompt, " Choked Timer: %ds\n",
arg->bundle->cfg.choked.timeout);
+
+#ifndef NORADIUS
+ radius_Show(&arg->bundle->radius, arg->prompt);
+#endif
+
prompt_Printf(arg->prompt, " Idle Timer: ");
if (arg->bundle->cfg.idle_timeout) {
prompt_Printf(arg->prompt, "%ds", arg->bundle->cfg.idle_timeout);
diff --git a/usr.sbin/ppp/ppp/bundle.h b/usr.sbin/ppp/ppp/bundle.h
index 14ac040eb21..0590539b139 100644
--- a/usr.sbin/ppp/ppp/bundle.h
+++ b/usr.sbin/ppp/ppp/bundle.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: bundle.h,v 1.3 1998/12/10 18:40:41 brian Exp $
+ * $Id: bundle.h,v 1.4 1999/02/06 03:22:31 brian Exp $
*/
#define PHASE_DEAD 0 /* Link is dead */
@@ -87,8 +87,8 @@ struct bundle {
struct {
int idle_timeout; /* NCP Idle timeout value */
struct {
- char name[50]; /* PAP/CHAP system name */
- char key[50]; /* PAP/CHAP key */
+ char name[AUTHLEN]; /* PAP/CHAP system name */
+ char key[AUTHLEN]; /* PAP/CHAP key */
} auth;
unsigned opt; /* Uses OPT_ bits from above */
char label[50]; /* last thing `load'ed */
@@ -102,7 +102,7 @@ struct bundle {
} autoload;
struct {
- int timeout; /* How long to leave the output queue choked */
+ int timeout; /* How long to leave the output queue choked */
} choked;
} cfg;
@@ -112,19 +112,19 @@ struct bundle {
} ncp;
struct {
- struct filter in; /* incoming packet filter */
- struct filter out; /* outgoing packet filter */
- struct filter dial; /* dial-out packet filter */
- struct filter alive; /* keep-alive packet filter */
+ struct filter in; /* incoming packet filter */
+ struct filter out; /* outgoing packet filter */
+ struct filter dial; /* dial-out packet filter */
+ struct filter alive; /* keep-alive packet filter */
} filter;
struct {
- struct pppTimer timer; /* timeout after cfg.idle_timeout */
+ struct pppTimer timer; /* timeout after cfg.idle_timeout */
time_t done;
} idle;
struct {
- int fd; /* write status here */
+ int fd; /* write status here */
} notify;
struct {
@@ -135,8 +135,12 @@ struct bundle {
} autoload;
struct {
- struct pppTimer timer; /* choked output queue timer */
+ struct pppTimer timer; /* choked output queue timer */
} choked;
+
+#ifndef NORADIUS
+ struct radius radius; /* Info retrieved from radius server */
+#endif
};
#define descriptor2bundle(d) \
diff --git a/usr.sbin/ppp/ppp/cbcp.c b/usr.sbin/ppp/ppp/cbcp.c
index a71312397c7..2b0ea11b732 100644
--- a/usr.sbin/ppp/ppp/cbcp.c
+++ b/usr.sbin/ppp/ppp/cbcp.c
@@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: cbcp.c,v 1.4 1999/01/19 22:17:13 brian Exp $
+ * $Id: cbcp.c,v 1.5 1999/02/06 03:22:31 brian Exp $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/un.h>
diff --git a/usr.sbin/ppp/ppp/cbcp.h b/usr.sbin/ppp/ppp/cbcp.h
index 16f25f4b0da..bc682c31560 100644
--- a/usr.sbin/ppp/ppp/cbcp.h
+++ b/usr.sbin/ppp/ppp/cbcp.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: cbcp.h,v 1.1 1998/08/31 00:22:17 brian Exp $
+ * $Id: cbcp.h,v 1.2 1999/02/06 03:22:32 brian Exp $
*/
struct mbuf;
diff --git a/usr.sbin/ppp/ppp/ccp.c b/usr.sbin/ppp/ppp/ccp.c
index 0405ca3fb25..8edba14406b 100644
--- a/usr.sbin/ppp/ppp/ccp.c
+++ b/usr.sbin/ppp/ppp/ccp.c
@@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ccp.c,v 1.1 1998/08/31 00:22:17 brian Exp $
+ * $Id: ccp.c,v 1.2 1999/02/06 03:22:32 brian Exp $
*
* TODO:
* o Support other compression protocols
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -30,7 +30,6 @@
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <termios.h>
#include "defs.h"
@@ -57,6 +56,9 @@
#include "mp.h"
#include "async.h"
#include "physical.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
static void CcpSendConfigReq(struct fsm *);
diff --git a/usr.sbin/ppp/ppp/ccp.h b/usr.sbin/ppp/ppp/ccp.h
index 3ebefefc68d..425611fe811 100644
--- a/usr.sbin/ppp/ppp/ccp.h
+++ b/usr.sbin/ppp/ppp/ccp.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ccp.h,v 1.1 1998/08/31 00:22:17 brian Exp $
+ * $Id: ccp.h,v 1.2 1999/02/06 03:22:32 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/chap.c b/usr.sbin/ppp/ppp/chap.c
index 996ef62f8ff..e01f8c39680 100644
--- a/usr.sbin/ppp/ppp/chap.c
+++ b/usr.sbin/ppp/ppp/chap.c
@@ -17,11 +17,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: chap.c,v 1.1 1998/08/31 00:22:17 brian Exp $
+ * $Id: chap.c,v 1.2 1999/02/06 03:22:32 brian Exp $
*
* TODO:
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -29,10 +29,10 @@
#ifdef HAVE_DES
#include <md4.h>
+#include <string.h>
#endif
#include <md5.h>
#include <stdlib.h>
-#include <string.h>
#include <termios.h>
#include "mbuf.h"
@@ -57,6 +57,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "chat.h"
#include "cbcp.h"
@@ -68,10 +71,11 @@
static const char *chapcodes[] = {
"???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE"
};
+#define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)
static void
ChapOutput(struct physical *physical, u_int code, u_int id,
- const u_char * ptr, int count, const char *text)
+ const u_char *ptr, int count, const char *text)
{
int plen;
struct fsmheader lh;
@@ -93,229 +97,311 @@ ChapOutput(struct physical *physical, u_int code, u_int id,
hdlc_Output(&physical->link, PRI_LINK, PROTO_CHAP, bp);
}
-void
-chap_SendChallenge(struct authinfo *auth, int chapid, struct physical *physical)
+static char *
+chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, int MSChap)
{
- struct chap *chap = auth2chap(auth);
- int len, i;
- char *cp;
+ char *result, *digest;
+ size_t nlen, klen;
- randinit();
- cp = chap->challenge_data;
- *cp++ = chap->challenge_len = random() % 32 + 16;
- for (i = 0; i < chap->challenge_len; i++)
- *cp++ = random() & 0xff;
- len = strlen(physical->dl->bundle->cfg.auth.name);
- memcpy(cp, physical->dl->bundle->cfg.auth.name, len);
- cp += len;
- ChapOutput(physical, CHAP_CHALLENGE, chapid, chap->challenge_data,
- cp - chap->challenge_data, NULL);
-}
+ nlen = strlen(name);
+ klen = strlen(key);
-static void
-RecvChapTalk(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp,
- struct physical *physical)
-{
- int valsize, len;
- int arglen, keylen, namelen;
- char *cp, *argp, *ap, *name, *digest;
- char *keyp;
- MD5_CTX MD5context; /* context for MD5 */
- char answer[100];
- char cdigest[16];
#ifdef HAVE_DES
- int ix;
- MD4_CTX MD4context; /* context for MD4 */
-#endif
+ if (MSChap) {
+ char expkey[AUTHLEN << 2];
+ MD4_CTX MD4context;
+ int f;
- len = ntohs(chp->length);
- log_Printf(LogDEBUG, "RecvChapTalk: length: %d\n", len);
- arglen = len - sizeof(struct fsmheader);
- cp = (char *) MBUF_CTOP(bp);
- valsize = *cp++ & 255;
- name = cp + valsize;
- namelen = arglen - valsize - 1;
- name[namelen] = 0;
-
- log_Printf(LogPHASE, "Chap Input: %s (from %s)\n",
- chapcodes[chp->code], name);
-
- switch (chp->code) {
- case CHAP_CHALLENGE:
- keyp = bundle->cfg.auth.key;
- keylen = strlen(bundle->cfg.auth.key);
- name = bundle->cfg.auth.name;
- namelen = strlen(bundle->cfg.auth.name);
+ if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL)
+ return result;
-#ifdef HAVE_DES
- if (physical->dl->chap.using_MSChap)
- argp = malloc(1 + namelen + MS_CHAP_RESPONSE_LEN);
- else
-#endif
- argp = malloc(1 + valsize + namelen + 16);
+ digest = result; /* this is the response */
+ *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */
+ memset(digest, '\0', 24);
+ digest += 24;
- if (argp == NULL) {
- ChapOutput(physical, CHAP_FAILURE, chp->id, "Out of memory!", 14, NULL);
- return;
- }
-#ifdef HAVE_DES
- if (physical->dl->chap.using_MSChap) {
- digest = argp; /* this is the response */
- *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */
- memset(digest, '\0', 24);
- digest += 24;
-
- ap = answer; /* this is the challenge */
- memcpy(ap, keyp, keylen);
- ap += 2 * keylen;
- memcpy(ap, cp, valsize);
- log_DumpBuff(LogDEBUG, "recv", ap, valsize);
- ap += valsize;
- for (ix = keylen; ix > 0 ; ix--) {
- answer[2*ix-2] = answer[ix-1];
- answer[2*ix-1] = 0;
- }
- MD4Init(&MD4context);
- MD4Update(&MD4context, answer, 2 * keylen);
- MD4Final(digest, &MD4context);
- memcpy(digest + 25, name, namelen);
- ap += 2 * keylen;
- chap_MS(digest, answer + 2 * keylen, valsize);
- log_DumpBuff(LogDEBUG, "answer", digest, 24);
- ChapOutput(physical, CHAP_RESPONSE, chp->id, argp,
- namelen + MS_CHAP_RESPONSE_LEN + 1, name);
- } else {
-#endif
- digest = argp;
- *digest++ = 16; /* value size */
- ap = answer;
- *ap++ = chp->id;
- memcpy(ap, keyp, keylen);
- ap += keylen;
- memcpy(ap, cp, valsize);
- log_DumpBuff(LogDEBUG, "recv", ap, valsize);
- ap += valsize;
- MD5Init(&MD5context);
- MD5Update(&MD5context, answer, ap - answer);
- MD5Final(digest, &MD5context);
- log_DumpBuff(LogDEBUG, "answer", digest, 16);
- memcpy(digest + 16, name, namelen);
- ap += namelen;
- /* Send answer to the peer */
- ChapOutput(physical, CHAP_RESPONSE, chp->id, argp, namelen + 17, name);
-#ifdef HAVE_DES
+ for (f = klen; f; f--) {
+ expkey[2*f-2] = key[f-1];
+ expkey[2*f-1] = 0;
}
-#endif
- free(argp);
- if (*name == '\0')
- log_Printf(LogWARN, "Sending empty CHAP authname!\n");
- break;
- case CHAP_RESPONSE:
+
/*
- * Get a secret key corresponds to the peer
+ * -----------
+ * answer = | k\0e\0y\0 |
+ * -----------
*/
- keyp = auth_GetSecret(bundle, name, namelen, physical);
- if (keyp) {
- /*
- * Compute correct digest value
- */
- keylen = strlen(keyp);
- ap = answer;
- *ap++ = chp->id;
- memcpy(ap, keyp, keylen);
- ap += keylen;
- MD5Init(&MD5context);
- MD5Update(&MD5context, answer, ap - answer);
- MD5Update(&MD5context, physical->dl->chap.challenge_data + 1,
- physical->dl->chap.challenge_len);
- MD5Final(cdigest, &MD5context);
- log_DumpBuff(LogDEBUG, "got", cp, 16);
- log_DumpBuff(LogDEBUG, "expect", cdigest, 16);
-
- /*
- * Compare with the response
- */
- if (memcmp(cp, cdigest, 16) == 0) {
- datalink_GotAuthname(physical->dl, name, namelen);
- ChapOutput(physical, CHAP_SUCCESS, chp->id, "Welcome!!", 10, NULL);
- physical->link.lcp.auth_ineed = 0;
- if (Enabled(bundle, OPT_UTMP))
- physical_Login(physical, name);
-
- if (physical->link.lcp.auth_iwait == 0)
- /*
- * Either I didn't need to authenticate, or I've already been
- * told that I got the answer right.
- */
- datalink_AuthOk(physical->dl);
-
- break;
- }
- }
+ MD4Init(&MD4context);
+ MD4Update(&MD4context, expkey, klen << 1);
+ MD4Final(digest, &MD4context);
+ memcpy(digest + 25, name, nlen);
+
+ /*
+ * ``result'' is:
+ * ---- --------- -------------------- ------
+ * result = | 49 | 24 * \0 | digest (pad to 25) | name |
+ * ---- --------- -------------------- ------
+ */
+ chap_MS(digest, challenge + 1, *challenge);
/*
- * Peer is not registerd, or response digest is wrong.
+ * ---- --------- ---------------- --- ----------
+ * result = | 49 | 24 * \0 | 24 byte digest | 1 | authname |
+ * ---- --------- ---------------- --- ----------
+ */
+ } else
+#endif
+ if ((result = malloc(nlen + 17)) != NULL) {
+ /* Normal MD5 stuff */
+ MD5_CTX MD5context;
+
+ digest = result;
+ *digest++ = 16; /* value size */
+
+ MD5Init(&MD5context);
+log_Printf(LogPHASE, "Build with 0x%x, %s & %.*s\n", id, key, *challenge, challenge+1);
+ MD5Update(&MD5context, &id, 1);
+ MD5Update(&MD5context, key, klen);
+ MD5Update(&MD5context, challenge + 1, *challenge);
+ MD5Final(digest, &MD5context);
+
+ memcpy(digest + 16, name, nlen);
+ /*
+ * ---- -------- ------
+ * result = | 16 | digest | name |
+ * ---- -------- ------
*/
- ChapOutput(physical, CHAP_FAILURE, chp->id, "Invalid!!", 9, NULL);
- datalink_AuthNotOk(physical->dl);
- break;
}
+
+ return result;
}
static void
-RecvChapResult(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp,
- struct physical *physical)
+chap_Challenge(struct authinfo *authp)
{
- int len;
-
- len = ntohs(chp->length);
- log_Printf(LogDEBUG, "RecvChapResult: length: %d\n", len);
- if (chp->code == CHAP_SUCCESS) {
- if (physical->link.lcp.auth_iwait == PROTO_CHAP) {
- physical->link.lcp.auth_iwait = 0;
- if (physical->link.lcp.auth_ineed == 0)
- /*
- * We've succeeded in our ``login''
- * If we're not expecting the peer to authenticate (or he already
- * has), proceed to network phase.
- */
- datalink_AuthOk(physical->dl);
- }
- } else {
- /* CHAP failed - it's not going to get any better */
- log_Printf(LogPHASE, "Chap Input: Giving up after name/key FAILURE\n");
- datalink_AuthNotOk(physical->dl);
+ struct chap *chap = auth2chap(authp);
+ int len, i;
+ char *cp;
+
+ randinit();
+ cp = chap->challenge;
+
+#ifndef NORADIUS
+ if (*authp->physical->dl->bundle->radius.cfg.file) {
+ /* For radius, our challenge is 16 readable NUL terminated bytes :*/
+ *cp++ = 16;
+ for (i = 0; i < 16; i++)
+ *cp++ = (random() % 10) + '0';
+ } else
+#endif
+ {
+ *cp++ = random() % (CHAPCHALLENGELEN-16) + 16;
+ for (i = 0; i < *chap->challenge; i++)
+ *cp++ = random() & 0xff;
}
+
+ len = strlen(authp->physical->dl->bundle->cfg.auth.name);
+ memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
+ cp += len;
+ ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge,
+ cp - chap->challenge, NULL);
+}
+
+static void
+chap_Success(struct authinfo *authp)
+{
+ datalink_GotAuthname(authp->physical->dl, authp->in.name);
+ ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL);
+ authp->physical->link.lcp.auth_ineed = 0;
+ if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
+ physical_Login(authp->physical, authp->in.name);
+
+ if (authp->physical->link.lcp.auth_iwait == 0)
+ /*
+ * Either I didn't need to authenticate, or I've already been
+ * told that I got the answer right.
+ */
+ datalink_AuthOk(authp->physical->dl);
+}
+
+static void
+chap_Failure(struct authinfo *authp)
+{
+ ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL);
+ datalink_AuthNotOk(authp->physical->dl);
}
void
-chap_Input(struct bundle *bundle, struct mbuf *bp, struct physical *physical)
+chap_Init(struct chap *chap, struct physical *p)
{
- int len = mbuf_Length(bp);
- struct fsmheader *chp;
-
- if (len >= sizeof(struct fsmheader)) {
- chp = (struct fsmheader *) MBUF_CTOP(bp);
- if (len >= ntohs(chp->length)) {
- if (chp->code < 1 || chp->code > 4)
- chp->code = 0;
- bp->offset += sizeof(struct fsmheader);
- bp->cnt -= sizeof(struct fsmheader);
-
- switch (chp->code) {
+ auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);
+ *chap->challenge = 0;
+ chap->using_MSChap = 0;
+}
+
+void
+chap_Input(struct physical *p, struct mbuf *bp)
+{
+ struct chap *chap = &p->dl->chap;
+ char *name, *key, *ans, *myans;
+ int len, nlen;
+ u_char alen;
+
+ if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL)
+ log_Printf(LogERROR, "Chap Input: Truncated header !\n");
+ else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
+ log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
+ chap->auth.in.hdr.code);
+ else {
+ len = mbuf_Length(bp);
+ ans = NULL;
+
+ if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
+ chap->auth.id != chap->auth.in.hdr.id &&
+ Enabled(p->dl->bundle, OPT_IDCHECK)) {
+ /* Wrong conversation dude ! */
+ log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
+ chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
+ chap->auth.id);
+ mbuf_Free(bp);
+ return;
+ }
+ chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
+
+ switch (chap->auth.in.hdr.code) {
+ case CHAP_CHALLENGE:
+ bp = mbuf_Read(bp, chap->challenge, 1);
+ len -= *chap->challenge + 1;
+ if (len < 0) {
+ log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
+ mbuf_Free(bp);
+ return;
+ }
+ bp = mbuf_Read(bp, chap->challenge + 1, *chap->challenge);
+ bp = auth_ReadName(&chap->auth, bp, len);
+ break;
+
case CHAP_RESPONSE:
- auth_StopTimer(&physical->dl->chap.auth);
- /* Fall into.. */
+ auth_StopTimer(&chap->auth);
+ bp = mbuf_Read(bp, &alen, 1);
+ len -= alen + 1;
+ if (len < 0) {
+ log_Printf(LogERROR, "Chap Input: Truncated response !\n");
+ mbuf_Free(bp);
+ return;
+ }
+ if ((ans = malloc(alen + 2)) == NULL) {
+ log_Printf(LogERROR, "Chap Input: Out of memory !\n");
+ mbuf_Free(bp);
+ return;
+ }
+ *ans = chap->auth.id;
+ bp = mbuf_Read(bp, ans + 1, alen);
+ ans[alen+1] = '\0';
+ bp = auth_ReadName(&chap->auth, bp, len);
+ break;
+
+ case CHAP_SUCCESS:
+ case CHAP_FAILURE:
+ /* chap->auth.in.name is already set up at CHALLENGE time */
+ if ((ans = malloc(len + 1)) == NULL) {
+ log_Printf(LogERROR, "Chap Input: Out of memory !\n");
+ mbuf_Free(bp);
+ return;
+ }
+ bp = mbuf_Read(bp, ans, len);
+ ans[len] = '\0';
+ break;
+ }
+
+ switch (chap->auth.in.hdr.code) {
+ case CHAP_CHALLENGE:
+ case CHAP_RESPONSE:
+ if (*chap->auth.in.name)
+ log_Printf(LogPHASE, "Chap Input: %s (from %s)\n",
+ chapcodes[chap->auth.in.hdr.code], chap->auth.in.name);
+ else
+ log_Printf(LogPHASE, "Chap Input: %s\n",
+ chapcodes[chap->auth.in.hdr.code]);
+ break;
+
+ case CHAP_SUCCESS:
+ case CHAP_FAILURE:
+ if (*ans)
+ log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
+ chapcodes[chap->auth.in.hdr.code], ans);
+ else
+ log_Printf(LogPHASE, "Chap Input: %s\n",
+ chapcodes[chap->auth.in.hdr.code]);
+ break;
+ }
+
+ switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
- RecvChapTalk(bundle, chp, bp, physical);
- break;
+ name = p->dl->bundle->cfg.auth.name;
+ nlen = strlen(name);
+ key = p->dl->bundle->cfg.auth.key;
+ myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, 0);
+ if (myans) {
+ ChapOutput(p, CHAP_RESPONSE, chap->auth.id, myans,
+ *myans + 1 + nlen, name);
+ free(myans);
+ } else
+ ChapOutput(p, CHAP_FAILURE, chap->auth.id, "Out of memory!",
+ 14, NULL);
+ break;
+
+ case CHAP_RESPONSE:
+ name = chap->auth.in.name;
+ nlen = strlen(name);
+#ifndef NORADIUS
+ if (*p->dl->bundle->radius.cfg.file) {
+ chap->challenge[*chap->challenge+1] = '\0';
+log_Printf(LogPHASE, "Challenge %s, answer is %d bytes starting with %d\n", chap->challenge+1, alen+1, *ans);
+ radius_Authenticate(&p->dl->bundle->radius, &chap->auth,
+ chap->auth.in.name, ans, chap->challenge + 1);
+ } else
+#endif
+ {
+ key = auth_GetSecret(p->dl->bundle, name, nlen, p);
+ if (key) {
+ myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge,
+ chap->using_MSChap);
+ if (myans == NULL)
+ key = NULL;
+ else {
+ if (memcmp(myans, ans, 1 + *myans))
+ key = NULL;
+ free(myans);
+ }
+ }
+
+ if (key)
+ chap_Success(&chap->auth);
+ else
+ chap_Failure(&chap->auth);
+ }
+
+ break;
+
case CHAP_SUCCESS:
+ if (p->link.lcp.auth_iwait == PROTO_CHAP) {
+ p->link.lcp.auth_iwait = 0;
+ if (p->link.lcp.auth_ineed == 0)
+ /*
+ * We've succeeded in our ``login''
+ * If we're not expecting the peer to authenticate (or he already
+ * has), proceed to network phase.
+ */
+ datalink_AuthOk(p->dl);
+ }
+ break;
+
case CHAP_FAILURE:
- log_Printf(LogPHASE, "Chap Input: %s\n", chapcodes[chp->code]);
- RecvChapResult(bundle, chp, bp, physical);
- break;
- }
+ datalink_AuthNotOk(p->dl);
+ break;
}
+ free(ans);
}
+
mbuf_Free(bp);
}
diff --git a/usr.sbin/ppp/ppp/chap.h b/usr.sbin/ppp/ppp/chap.h
index f95a10d18fc..213eef4a0cf 100644
--- a/usr.sbin/ppp/ppp/chap.h
+++ b/usr.sbin/ppp/ppp/chap.h
@@ -15,14 +15,13 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: chap.h,v 1.1 1998/08/31 00:22:17 brian Exp $
+ * $Id: chap.h,v 1.2 1999/02/06 03:22:32 brian Exp $
*
* TODO:
*/
struct mbuf;
struct physical;
-struct bundle;
#define CHAP_CHALLENGE 1
#define CHAP_RESPONSE 2
@@ -31,12 +30,11 @@ struct bundle;
struct chap {
struct authinfo auth;
- char challenge_data[80];
- int challenge_len;
+ char challenge[CHAPCHALLENGELEN + AUTHLEN];
unsigned using_MSChap : 1; /* A combination of MD4 & DES */
};
#define auth2chap(a) ((struct chap *)(a))
-extern void chap_Input(struct bundle *, struct mbuf *, struct physical *);
-extern void chap_SendChallenge(struct authinfo *, int, struct physical *);
+extern void chap_Init(struct chap *, struct physical *);
+extern void chap_Input(struct physical *, struct mbuf *);
diff --git a/usr.sbin/ppp/ppp/chap_ms.c b/usr.sbin/ppp/ppp/chap_ms.c
index ec2c8b873f8..3a220c95211 100644
--- a/usr.sbin/ppp/ppp/chap_ms.c
+++ b/usr.sbin/ppp/ppp/chap_ms.c
@@ -19,7 +19,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: chap_ms.c,v 1.1 1998/08/31 00:22:17 brian Exp $
+ * $Id: chap_ms.c,v 1.2 1999/02/06 03:22:33 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/chap_ms.h b/usr.sbin/ppp/ppp/chap_ms.h
index 7b2e2870744..e8a5eb20c84 100644
--- a/usr.sbin/ppp/ppp/chap_ms.h
+++ b/usr.sbin/ppp/ppp/chap_ms.h
@@ -19,7 +19,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: chap_ms.h,v 1.1 1998/08/31 00:22:17 brian Exp $
+ * $Id: chap_ms.h,v 1.2 1999/02/06 03:22:33 brian Exp $
*/
/* Max # of (Unicode) chars in an NT password */
diff --git a/usr.sbin/ppp/ppp/chat.c b/usr.sbin/ppp/ppp/chat.c
index 3cb19aa8824..eb55e15cd72 100644
--- a/usr.sbin/ppp/ppp/chat.c
+++ b/usr.sbin/ppp/ppp/chat.c
@@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: chat.c,v 1.2 1998/10/29 02:21:44 brian Exp $
+ * $Id: chat.c,v 1.3 1999/02/06 03:22:33 brian Exp $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -66,6 +66,9 @@
#include "filter.h"
#include "cbcp.h"
#include "datalink.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#define BUFLEFT(c) (sizeof (c)->buf - ((c)->bufend - (c)->buf))
diff --git a/usr.sbin/ppp/ppp/chat.h b/usr.sbin/ppp/ppp/chat.h
index 9c2fdb75d9c..b6fec29e30d 100644
--- a/usr.sbin/ppp/ppp/chat.h
+++ b/usr.sbin/ppp/ppp/chat.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: chat.h,v 1.1 1998/08/31 00:22:18 brian Exp $
+ * $Id: chat.h,v 1.2 1999/02/06 03:22:33 brian Exp $
*/
#define CHAT_EXPECT 0
diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c
index 75edc858a2a..ec5c0df6be9 100644
--- a/usr.sbin/ppp/ppp/command.c
+++ b/usr.sbin/ppp/ppp/command.c
@@ -17,10 +17,10 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: command.c,v 1.6 1998/12/14 01:23:48 brian Exp $
+ * $Id: command.c,v 1.7 1999/02/06 03:22:33 brian Exp $
*
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
@@ -76,6 +76,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "server.h"
#include "prompt.h"
@@ -115,6 +118,7 @@
#define VAR_CHOKED 26
#define VAR_SENDPIPE 27
#define VAR_RECVPIPE 28
+#define VAR_RADIUS 29
/* ``accept|deny|disable|enable'' masks */
#define NEG_HISMASK (1)
@@ -133,8 +137,8 @@
#define NEG_VJCOMP 49
#define NEG_DNS 50
-const char Version[] = "2.0";
-const char VersionDate[] = "$Date: 1998/12/14 01:23:48 $";
+const char Version[] = "2.1";
+const char VersionDate[] = "$Date: 1999/02/06 03:22:33 $";
static int ShowCommand(struct cmdargs const *);
static int TerminalCommand(struct cmdargs const *);
@@ -1297,7 +1301,7 @@ SetInterfaceAddr(struct cmdargs const *arg)
iplist_reset(&ipcp->cfg.peer_list);
if (arg->argc > arg->argn) {
- if (!ParseAddr(ipcp, arg->argc - arg->argn, arg->argv + arg->argn,
+ if (!ParseAddr(ipcp, arg->argv[arg->argn],
&ipcp->cfg.my_range.ipaddr, &ipcp->cfg.my_range.mask,
&ipcp->cfg.my_range.width))
return 1;
@@ -1616,10 +1620,10 @@ SetVariable(struct cmdargs const *arg)
addr[0].s_addr = addr[1].s_addr = INADDR_ANY;
if (arg->argc > arg->argn) {
- ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn,
+ ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn],
addr, &dummyaddr, &dummyint);
if (arg->argc > arg->argn+1)
- ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn + 1,
+ ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn + 1],
addr + 1, &dummyaddr, &dummyint);
if (addr[1].s_addr == INADDR_ANY)
@@ -1691,6 +1695,22 @@ SetVariable(struct cmdargs const *arg)
long_val = atol(argp);
arg->bundle->ncp.ipcp.cfg.recvpipe = long_val;
break;
+
+#ifndef NORADIUS
+ case VAR_RADIUS:
+ if (!*argp)
+ *arg->bundle->radius.cfg.file = '\0';
+ else if (access(argp, R_OK)) {
+ log_Printf(LogWARN, "%s: %s\n", argp, strerror(errno));
+ return 1;
+ } else {
+ strncpy(arg->bundle->radius.cfg.file, argp,
+ sizeof arg->bundle->radius.cfg.file - 1);
+ arg->bundle->radius.cfg.file
+ [sizeof arg->bundle->radius.cfg.file - 1] = '\0';
+ }
+ break;
+#endif
}
return err ? 1 : 0;
@@ -1788,6 +1808,10 @@ static struct cmdtab const SetCommands[] = {
"set phone phone1[:phone2[...]]", (const void *)VAR_PHONE},
{"proctitle", "title", SetProcTitle, LOCAL_AUTH,
"Process title", "set proctitle [value]"},
+#ifndef NORADIUS
+ {"radius", NULL, SetVariable, LOCAL_AUTH,
+ "RADIUS Config", "set radius cfgfile", (const void *)VAR_RADIUS},
+#endif
{"reconnect", NULL, datalink_SetReconnect, LOCAL_AUTH | LOCAL_CX,
"Reconnect timeout", "set reconnect value ntries"},
{"recvpipe", NULL, SetVariable, LOCAL_AUTH,
@@ -1844,7 +1868,7 @@ AddCommand(struct cmdargs const *arg)
else {
int width;
- if (!ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn,
+ if (!ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn],
&dest, &netmask, &width))
return -1;
if (!strncasecmp(arg->argv[arg->argn], "MYADDR", 6))
@@ -1873,7 +1897,8 @@ AddCommand(struct cmdargs const *arg)
gateway = GetIpAddr(arg->argv[arg->argn+gw]);
if (bundle_SetRoute(arg->bundle, RTM_ADD, dest, gateway, netmask,
- arg->cmd->args ? 1 : 0, (addrs & ROUTE_GWHISADDR) ? 1 : 0))
+ arg->cmd->args ? 1 : 0, (addrs & ROUTE_GWHISADDR) ? 1 : 0)
+ && addrs != ROUTE_STATIC)
route_Add(&arg->bundle->ncp.ipcp.route, addrs, dest, netmask, gateway);
return 0;
@@ -2355,24 +2380,24 @@ IfaceAddCommand(struct cmdargs const *arg)
struct in_addr ifa, mask, brd;
if (arg->argc == arg->argn + 1) {
- if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL))
+ if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL))
return -1;
mask.s_addr = brd.s_addr = INADDR_BROADCAST;
} else {
if (arg->argc == arg->argn + 2) {
- if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, &mask, &bits))
+ if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, &mask, &bits))
return -1;
n = 1;
} else if (arg->argc == arg->argn + 3) {
- if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL))
+ if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL))
return -1;
- if (!ParseAddr(NULL, 1, arg->argv + arg->argn + 1, &mask, NULL, NULL))
+ if (!ParseAddr(NULL, arg->argv[arg->argn + 1], &mask, NULL, NULL))
return -1;
n = 2;
} else
return -1;
- if (!ParseAddr(NULL, 1, arg->argv + arg->argn + n, &brd, NULL, NULL))
+ if (!ParseAddr(NULL, arg->argv[arg->argn + n], &brd, NULL, NULL))
return -1;
}
@@ -2392,7 +2417,7 @@ IfaceDeleteCommand(struct cmdargs const *arg)
if (arg->argc != arg->argn + 1)
return -1;
- if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL))
+ if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL))
return -1;
if (arg->bundle->ncp.ipcp.fsm.state == ST_OPENED &&
diff --git a/usr.sbin/ppp/ppp/command.h b/usr.sbin/ppp/ppp/command.h
index 3907b92953d..e90e3c078eb 100644
--- a/usr.sbin/ppp/ppp/command.h
+++ b/usr.sbin/ppp/ppp/command.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: command.h,v 1.1 1998/08/31 00:22:18 brian Exp $
+ * $Id: command.h,v 1.2 1999/02/06 03:22:34 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/datalink.c b/usr.sbin/ppp/ppp/datalink.c
index 93cc161f9c8..49b15103e49 100644
--- a/usr.sbin/ppp/ppp/datalink.c
+++ b/usr.sbin/ppp/ppp/datalink.c
@@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: datalink.c,v 1.9 1999/02/02 09:49:57 brian Exp $
+ * $Id: datalink.c,v 1.10 1999/02/06 03:22:34 brian Exp $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -58,6 +58,9 @@
#include "ipcp.h"
#include "filter.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "chat.h"
#include "auth.h"
@@ -466,7 +469,7 @@ datalink_LayerUp(void *v, struct fsm *fp)
struct datalink *dl = (struct datalink *)v;
if (fp->proto == PROTO_LCP) {
- datalink_GotAuthname(dl, "", 0);
+ datalink_GotAuthname(dl, "");
dl->physical->link.lcp.auth_ineed = dl->physical->link.lcp.want_auth;
dl->physical->link.lcp.auth_iwait = dl->physical->link.lcp.his_auth;
if (dl->physical->link.lcp.his_auth || dl->physical->link.lcp.want_auth) {
@@ -476,21 +479,19 @@ datalink_LayerUp(void *v, struct fsm *fp)
Auth2Nam(dl->physical->link.lcp.his_auth),
Auth2Nam(dl->physical->link.lcp.want_auth));
if (dl->physical->link.lcp.his_auth == PROTO_PAP)
- auth_StartChallenge(&dl->pap, dl->physical, pap_SendChallenge);
+ auth_StartReq(&dl->pap);
if (dl->physical->link.lcp.want_auth == PROTO_CHAP)
- auth_StartChallenge(&dl->chap.auth, dl->physical, chap_SendChallenge);
+ auth_StartReq(&dl->chap.auth);
} else
datalink_AuthOk(dl);
}
}
void
-datalink_GotAuthname(struct datalink *dl, const char *name, int len)
+datalink_GotAuthname(struct datalink *dl, const char *name)
{
- if (len >= sizeof dl->peer.authname)
- len = sizeof dl->peer.authname - 1;
- strncpy(dl->peer.authname, name, len);
- dl->peer.authname[len] = '\0';
+ strncpy(dl->peer.authname, name, sizeof dl->peer.authname - 1);
+ dl->peer.authname[sizeof dl->peer.authname - 1] = '\0';
}
void
@@ -721,14 +722,14 @@ datalink_Create(const char *name, struct bundle *bundle, int type)
dl->fsmp.LayerFinish = datalink_LayerFinish;
dl->fsmp.object = dl;
- auth_Init(&dl->pap);
- auth_Init(&dl->chap.auth);
-
if ((dl->physical = modem_Create(dl, type)) == NULL) {
free(dl->name);
free(dl);
return NULL;
}
+
+ pap_Init(&dl->pap, dl->physical);
+ chap_Init(&dl->chap, dl->physical);
cbcp_Init(&dl->cbcp, dl->physical);
chat_Init(&dl->chat, dl->physical, NULL, 1, NULL);
@@ -771,17 +772,18 @@ datalink_Clone(struct datalink *odl, const char *name)
dl->parent = odl->parent;
memcpy(&dl->fsmp, &odl->fsmp, sizeof dl->fsmp);
dl->fsmp.object = dl;
- auth_Init(&dl->pap);
- dl->pap.cfg.fsmretry = odl->pap.cfg.fsmretry;
-
- auth_Init(&dl->chap.auth);
- dl->chap.auth.cfg.fsmretry = odl->chap.auth.cfg.fsmretry;
if ((dl->physical = modem_Create(dl, PHYS_INTERACTIVE)) == NULL) {
free(dl->name);
free(dl);
return NULL;
}
+ pap_Init(&dl->pap, dl->physical);
+ dl->pap.cfg.fsmretry = odl->pap.cfg.fsmretry;
+
+ chap_Init(&dl->chap, dl->physical);
+ dl->chap.auth.cfg.fsmretry = odl->chap.auth.cfg.fsmretry;
+
memcpy(&dl->physical->cfg, &odl->physical->cfg, sizeof dl->physical->cfg);
memcpy(&dl->physical->link.lcp.cfg, &odl->physical->link.lcp.cfg,
sizeof dl->physical->link.lcp.cfg);
@@ -1177,14 +1179,6 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov,
dl->fsmp.LayerFinish = datalink_LayerFinish;
dl->fsmp.object = dl;
- retry = dl->pap.cfg.fsmretry;
- auth_Init(&dl->pap);
- dl->pap.cfg.fsmretry = retry;
-
- retry = dl->chap.auth.cfg.fsmretry;
- auth_Init(&dl->chap.auth);
- dl->chap.auth.cfg.fsmretry = retry;
-
dl->physical = iov2modem(dl, iov, niov, maxiov, fd);
if (!dl->physical) {
@@ -1192,6 +1186,14 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov,
free(dl);
dl = NULL;
} else {
+ retry = dl->pap.cfg.fsmretry;
+ pap_Init(&dl->pap, dl->physical);
+ dl->pap.cfg.fsmretry = retry;
+
+ retry = dl->chap.auth.cfg.fsmretry;
+ chap_Init(&dl->chap, dl->physical);
+ dl->chap.auth.cfg.fsmretry = retry;
+
cbcp_Init(&dl->cbcp, dl->physical);
chat_Init(&dl->chat, dl->physical, NULL, 1, NULL);
diff --git a/usr.sbin/ppp/ppp/datalink.h b/usr.sbin/ppp/ppp/datalink.h
index 047ed10cd41..5338ee922b2 100644
--- a/usr.sbin/ppp/ppp/datalink.h
+++ b/usr.sbin/ppp/ppp/datalink.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: datalink.h,v 1.1 1998/08/31 00:22:19 brian Exp $
+ * $Id: datalink.h,v 1.2 1999/02/06 03:22:35 brian Exp $
*/
#define DATALINK_CLOSED (0)
@@ -123,7 +123,7 @@ extern struct datalink *iov2datalink(struct bundle *, struct iovec *, int *,
int, int);
extern int datalink2iov(struct datalink *, struct iovec *, int *, int, pid_t);
extern struct datalink *datalink_Destroy(struct datalink *);
-extern void datalink_GotAuthname(struct datalink *, const char *, int);
+extern void datalink_GotAuthname(struct datalink *, const char *);
extern void datalink_Up(struct datalink *, int, int);
extern void datalink_Close(struct datalink *, int);
extern void datalink_Down(struct datalink *, int);
diff --git a/usr.sbin/ppp/ppp/deflate.c b/usr.sbin/ppp/ppp/deflate.c
index 499734b49c7..69c1a7e6b1f 100644
--- a/usr.sbin/ppp/ppp/deflate.c
+++ b/usr.sbin/ppp/ppp/deflate.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: deflate.c,v 1.1 1998/08/31 00:22:19 brian Exp $
+ * $Id: deflate.c,v 1.2 1999/02/06 03:22:35 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/deflate.h b/usr.sbin/ppp/ppp/deflate.h
index c29ad82ef4e..d02741b5375 100644
--- a/usr.sbin/ppp/ppp/deflate.h
+++ b/usr.sbin/ppp/ppp/deflate.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: deflate.h,v 1.1 1998/08/31 00:22:19 brian Exp $
+ * $Id: deflate.h,v 1.2 1999/02/06 03:22:35 brian Exp $
*/
extern const struct ccp_algorithm PppdDeflateAlgorithm;
diff --git a/usr.sbin/ppp/ppp/defs.c b/usr.sbin/ppp/ppp/defs.c
index 1d04277d871..9eca872d325 100644
--- a/usr.sbin/ppp/ppp/defs.c
+++ b/usr.sbin/ppp/ppp/defs.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: defs.c,v 1.1 1998/08/31 00:22:19 brian Exp $
+ * $Id: defs.c,v 1.2 1999/02/06 03:22:35 brian Exp $
*/
diff --git a/usr.sbin/ppp/ppp/defs.h b/usr.sbin/ppp/ppp/defs.h
index 3bc6c9ba795..3255f5309a4 100644
--- a/usr.sbin/ppp/ppp/defs.h
+++ b/usr.sbin/ppp/ppp/defs.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: defs.h,v 1.1 1998/08/31 00:22:19 brian Exp $
+ * $Id: defs.h,v 1.2 1999/02/06 03:22:35 brian Exp $
*
* TODO:
*/
@@ -44,6 +44,9 @@
#define DIAL_NEXT_TIMEOUT 3 /* Default Hold time to next number redial */
#define SCRIPT_LEN 512 /* Size of login scripts */
#define LINE_LEN SCRIPT_LEN /* Size of login scripts */
+#define AUTHLEN 50 /* Size of authname/authkey */
+#define CHAPDIGESTLEN 100 /* Maximum chap digest */
+#define CHAPCHALLENGELEN 48 /* Maximum chap challenge */
#define MAXARGS 40 /* How many args per config line */
#define NCP_IDLE_TIMEOUT 180 /* Drop all links */
#define CHOKED_TIMEOUT 120 /* Delete queued packets w/ blocked tun */
diff --git a/usr.sbin/ppp/ppp/descriptor.h b/usr.sbin/ppp/ppp/descriptor.h
index be0cd5a0c89..875a1a018a8 100644
--- a/usr.sbin/ppp/ppp/descriptor.h
+++ b/usr.sbin/ppp/ppp/descriptor.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: descriptor.h,v 1.1 1998/08/31 00:22:20 brian Exp $
+ * $Id: descriptor.h,v 1.2 1999/02/06 03:22:36 brian Exp $
*/
#define PHYSICAL_DESCRIPTOR (1)
@@ -33,6 +33,7 @@
#define DATALINK_DESCRIPTOR (5)
#define BUNDLE_DESCRIPTOR (6)
#define MPSERVER_DESCRIPTOR (7)
+#define RADIUS_DESCRIPTOR (8)
struct bundle;
diff --git a/usr.sbin/ppp/ppp/filter.c b/usr.sbin/ppp/ppp/filter.c
index 5e82924437c..aef796fd3dd 100644
--- a/usr.sbin/ppp/ppp/filter.c
+++ b/usr.sbin/ppp/ppp/filter.c
@@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: filter.c,v 1.2 1998/10/29 02:21:45 brian Exp $
+ * $Id: filter.c,v 1.3 1999/02/06 03:22:36 brian Exp $
*
* TODO: Shoud send ICMP error message when we discard packets.
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
@@ -54,6 +54,9 @@
#include "descriptor.h"
#include "prompt.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
static int filter_Nam2Proto(int, char const *const *);
@@ -71,34 +74,38 @@ static const u_int32_t netmasks[33] = {
0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF,
};
+struct in_addr
+bits2mask(int bits)
+{
+ struct in_addr result;
+
+ result.s_addr = htonl(netmasks[bits]);
+ return result;
+}
+
int
-ParseAddr(struct ipcp *ipcp, int argc, char const *const *argv,
+ParseAddr(struct ipcp *ipcp, const char *data,
struct in_addr *paddr, struct in_addr *pmask, int *pwidth)
{
int bits, len;
char *wp;
const char *cp;
- if (argc < 1) {
- log_Printf(LogWARN, "ParseAddr: address/mask is expected.\n");
- return (0);
- }
-
if (pmask)
pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */
- cp = pmask || pwidth ? strchr(*argv, '/') : NULL;
- len = cp ? cp - *argv : strlen(*argv);
+ cp = pmask || pwidth ? strchr(data, '/') : NULL;
+ len = cp ? cp - data : strlen(data);
- if (ipcp && strncasecmp(*argv, "HISADDR", len) == 0)
+ if (ipcp && strncasecmp(data, "HISADDR", len) == 0)
*paddr = ipcp->peer_ip;
- else if (ipcp && strncasecmp(*argv, "MYADDR", len) == 0)
+ else if (ipcp && strncasecmp(data, "MYADDR", len) == 0)
*paddr = ipcp->my_ip;
else if (len > 15)
- log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", *argv);
+ log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", data);
else {
char s[16];
- strncpy(s, *argv, len);
+ strncpy(s, data, len);
s[len] = '\0';
if (inet_aton(s, paddr) == 0) {
log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s);
@@ -125,7 +132,7 @@ ParseAddr(struct ipcp *ipcp, int argc, char const *const *argv,
if (paddr->s_addr == INADDR_ANY)
pmask->s_addr = INADDR_ANY;
else
- pmask->s_addr = htonl(netmasks[bits]);
+ *pmask = bits2mask(bits);
}
return (1);
@@ -302,7 +309,7 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
argc--;
argv++;
- if (filterdata.action == A_DENY) {
+ if (argc && filterdata.action == A_DENY) {
if (!strcmp(*argv, "host")) {
filterdata.action |= A_UHOST;
argc--;
@@ -313,21 +320,26 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
argv++;
}
}
+
proto = filter_Nam2Proto(argc, argv);
if (proto == P_NONE) {
- if (ParseAddr(ipcp, argc, argv, &filterdata.saddr, &filterdata.smask,
- &filterdata.swidth)) {
+ if (!argc)
+ log_Printf(LogWARN, "Parse: address/mask is expected.\n");
+ else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask,
+ &filterdata.swidth)) {
argc--;
argv++;
proto = filter_Nam2Proto(argc, argv);
- if (proto == P_NONE) {
- if (ParseAddr(ipcp, argc, argv, &filterdata.daddr, &filterdata.dmask,
+ if (!argc)
+ log_Printf(LogWARN, "Parse: address/mask is expected.\n");
+ else if (proto == P_NONE) {
+ if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask,
&filterdata.dwidth)) {
argc--;
argv++;
}
proto = filter_Nam2Proto(argc, argv);
- if (proto != P_NONE) {
+ if (argc && proto != P_NONE) {
argc--;
argv++;
}
diff --git a/usr.sbin/ppp/ppp/filter.h b/usr.sbin/ppp/ppp/filter.h
index 310e3082b98..8f1c4b48d34 100644
--- a/usr.sbin/ppp/ppp/filter.h
+++ b/usr.sbin/ppp/ppp/filter.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: filter.h,v 1.2 1999/01/19 22:21:43 brian Exp $
+ * $Id: filter.h,v 1.3 1999/02/06 03:22:36 brian Exp $
*
* TODO:
*/
@@ -83,10 +83,11 @@ struct filter {
struct ipcp;
struct cmdargs;
-extern int ParseAddr(struct ipcp *, int, char const *const *, struct in_addr *,
+extern int ParseAddr(struct ipcp *, const char *, struct in_addr *,
struct in_addr *, int *);
extern int filter_Show(struct cmdargs const *);
extern int filter_Set(struct cmdargs const *);
extern const char * filter_Action2Nam(int);
extern const char *filter_Proto2Nam(int);
extern const char *filter_Op2Nam(int);
+extern struct in_addr bits2mask(int);
diff --git a/usr.sbin/ppp/ppp/fsm.c b/usr.sbin/ppp/ppp/fsm.c
index b992f941f73..8a076dd8d30 100644
--- a/usr.sbin/ppp/ppp/fsm.c
+++ b/usr.sbin/ppp/ppp/fsm.c
@@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: fsm.c,v 1.2 1998/09/04 18:27:45 brian Exp $
+ * $Id: fsm.c,v 1.3 1999/02/06 03:22:36 brian Exp $
*
* TODO:
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -49,6 +49,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "async.h"
#include "physical.h"
diff --git a/usr.sbin/ppp/ppp/fsm.h b/usr.sbin/ppp/ppp/fsm.h
index b2fc4dd9707..b515656c30c 100644
--- a/usr.sbin/ppp/ppp/fsm.h
+++ b/usr.sbin/ppp/ppp/fsm.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: fsm.h,v 1.1 1998/08/31 00:22:20 brian Exp $
+ * $Id: fsm.h,v 1.2 1999/02/06 03:22:36 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/hdlc.c b/usr.sbin/ppp/ppp/hdlc.c
index ae28e2259fb..56e223e852b 100644
--- a/usr.sbin/ppp/ppp/hdlc.c
+++ b/usr.sbin/ppp/ppp/hdlc.c
@@ -17,11 +17,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: hdlc.c,v 1.1 1998/08/31 00:22:20 brian Exp $
+ * $Id: hdlc.c,v 1.2 1999/02/06 03:22:36 brian Exp $
*
* TODO:
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -61,6 +61,9 @@
#include "cbcp.h"
#include "datalink.h"
#include "filter.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
static u_int16_t const fcstab[256] = {
@@ -390,7 +393,7 @@ hdlc_DecodePacket(struct bundle *bundle, u_short proto, struct mbuf * bp,
break;
case PROTO_PAP:
if (p)
- pap_Input(bundle, bp, p);
+ pap_Input(p, bp);
else {
log_Printf(LogERROR, "DecodePacket: PAP: Not a physical link !\n");
mbuf_Free(bp);
@@ -415,7 +418,7 @@ hdlc_DecodePacket(struct bundle *bundle, u_short proto, struct mbuf * bp,
break;
case PROTO_CHAP:
if (p)
- chap_Input(bundle, bp, p);
+ chap_Input(p, bp);
else {
log_Printf(LogERROR, "DecodePacket: CHAP: Not a physical link !\n");
mbuf_Free(bp);
diff --git a/usr.sbin/ppp/ppp/hdlc.h b/usr.sbin/ppp/ppp/hdlc.h
index c6c5c02b324..6e5e412b852 100644
--- a/usr.sbin/ppp/ppp/hdlc.h
+++ b/usr.sbin/ppp/ppp/hdlc.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: hdlc.h,v 1.1 1998/08/31 00:22:21 brian Exp $
+ * $Id: hdlc.h,v 1.2 1999/02/06 03:22:36 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/id.c b/usr.sbin/ppp/ppp/id.c
index 070bb8466f1..d77c7554ec2 100644
--- a/usr.sbin/ppp/ppp/id.c
+++ b/usr.sbin/ppp/ppp/id.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: id.c,v 1.1 1998/08/31 00:22:21 brian Exp $
+ * $Id: id.c,v 1.2 1999/02/06 03:22:37 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/id.h b/usr.sbin/ppp/ppp/id.h
index 0c213ec391a..728caf430c5 100644
--- a/usr.sbin/ppp/ppp/id.h
+++ b/usr.sbin/ppp/ppp/id.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: id.h,v 1.1 1998/08/31 00:22:21 brian Exp $
+ * $Id: id.h,v 1.2 1999/02/06 03:22:37 brian Exp $
*/
struct utmp;
diff --git a/usr.sbin/ppp/ppp/iface.c b/usr.sbin/ppp/ppp/iface.c
index 09141a96d1e..f6488633e2e 100644
--- a/usr.sbin/ppp/ppp/iface.c
+++ b/usr.sbin/ppp/ppp/iface.c
@@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: iface.c,v 1.1 1998/10/29 02:21:45 brian Exp $
+ * $Id: iface.c,v 1.2 1999/02/06 03:22:37 brian Exp $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/if.h>
@@ -65,6 +65,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "prompt.h"
#include "iface.h"
diff --git a/usr.sbin/ppp/ppp/iface.h b/usr.sbin/ppp/ppp/iface.h
index c9c5cafc61b..ffd1fefe913 100644
--- a/usr.sbin/ppp/ppp/iface.h
+++ b/usr.sbin/ppp/ppp/iface.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: iface.h,v 1.1 1998/10/29 02:21:45 brian Exp $
+ * $Id: iface.h,v 1.2 1999/02/06 03:22:37 brian Exp $
*/
struct iface_addr {
diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c
index fa2fda2938b..3c2298301fe 100644
--- a/usr.sbin/ppp/ppp/ip.c
+++ b/usr.sbin/ppp/ppp/ip.c
@@ -17,13 +17,13 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ip.c,v 1.3 1998/11/10 00:32:23 brian Exp $
+ * $Id: ip.c,v 1.4 1999/02/06 03:22:38 brian Exp $
*
* TODO:
* o Return ICMP message for filterd packet
* and optionaly record it into log.
*/
-#include <sys/types.h>
+#include <sys/param.h>
#ifdef __OpenBSD__
#include <sys/socket.h>
#endif
@@ -66,6 +66,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "vjcomp.h"
#include "tun.h"
diff --git a/usr.sbin/ppp/ppp/ip.h b/usr.sbin/ppp/ppp/ip.h
index b8598aa5370..12dc5d65f46 100644
--- a/usr.sbin/ppp/ppp/ip.h
+++ b/usr.sbin/ppp/ppp/ip.h
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ip.h,v 1.1 1998/08/31 00:22:21 brian Exp $
+ * $Id: ip.h,v 1.2 1999/02/06 03:22:38 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/ipcp.c b/usr.sbin/ppp/ppp/ipcp.c
index 83f1090c4aa..ab4923e396d 100644
--- a/usr.sbin/ppp/ppp/ipcp.c
+++ b/usr.sbin/ppp/ppp/ipcp.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ipcp.c,v 1.6 1999/02/04 11:54:47 brian Exp $
+ * $Id: ipcp.c,v 1.7 1999/02/06 03:22:39 brian Exp $
*
* TODO:
* o More RFC1772 backward compatibility
@@ -30,10 +30,7 @@
#include <sys/socket.h>
#include <net/route.h>
#include <netdb.h>
-#include <net/if.h>
-#include <sys/sockio.h>
#include <sys/un.h>
-#include <arpa/nameser.h>
#include <fcntl.h>
#include <resolv.h>
@@ -73,6 +70,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "id.h"
#include "arp.h"
@@ -278,7 +278,7 @@ ipcp_Show(struct cmdargs const *arg)
if (ipcp->route) {
prompt_Printf(arg->prompt, "\n");
- route_ShowSticky(arg->prompt, ipcp->route);
+ route_ShowSticky(arg->prompt, ipcp->route, "Sticky routes", 1);
}
prompt_Printf(arg->prompt, "\nDefaults:\n");
@@ -378,7 +378,7 @@ ipcp_Init(struct ipcp *ipcp, struct bundle *bundle, struct link *l,
throughput_init(&ipcp->throughput);
memset(ipcp->Queue, '\0', sizeof ipcp->Queue);
- ipcp_Setup(ipcp);
+ ipcp_Setup(ipcp, INADDR_NONE);
}
void
@@ -388,13 +388,14 @@ ipcp_SetLink(struct ipcp *ipcp, struct link *l)
}
void
-ipcp_Setup(struct ipcp *ipcp)
+ipcp_Setup(struct ipcp *ipcp, u_int32_t mask)
{
struct iface *iface = ipcp->fsm.bundle->iface;
int pos, n;
ipcp->fsm.open_mode = 0;
ipcp->fsm.maxconfig = 10;
+ ipcp->ifmask.s_addr = mask == INADDR_NONE ? ipcp->cfg.netmask.s_addr : mask;
if (iplist_isvalid(&ipcp->cfg.peer_list)) {
/* Try to give the peer a previously configured IP address */
@@ -446,7 +447,11 @@ ipcp_Setup(struct ipcp *ipcp)
ipcp->my_ip = ipcp->cfg.my_range.ipaddr;
}
- if (IsEnabled(ipcp->cfg.vj.neg))
+ if (IsEnabled(ipcp->cfg.vj.neg)
+#ifndef NORADIUS
+ || (ipcp->fsm.bundle->radius.valid && ipcp->fsm.bundle->radius.vj)
+#endif
+ )
ipcp->my_compproto = (PROTO_VJCOMP << 16) +
((ipcp->cfg.vj.slots - 1) << 8) +
ipcp->cfg.vj.slotcomp;
@@ -496,16 +501,11 @@ ipcp_SetIPaddress(struct bundle *bundle, struct in_addr myaddr,
u_int32_t addr;
addr = htonl(myaddr.s_addr);
- if (IN_CLASSA(addr))
- mask.s_addr = htonl(IN_CLASSA_NET);
- else if (IN_CLASSB(addr))
- mask.s_addr = htonl(IN_CLASSB_NET);
- else
- mask.s_addr = htonl(IN_CLASSC_NET);
+ mask.s_addr = addr2mask(addr);
- if (bundle->ncp.ipcp.cfg.netmask.s_addr != INADDR_ANY &&
- (ntohl(bundle->ncp.ipcp.cfg.netmask.s_addr) & mask.s_addr) == mask.s_addr)
- mask.s_addr = htonl(bundle->ncp.ipcp.cfg.netmask.s_addr);
+ if (bundle->ncp.ipcp.ifmask.s_addr != INADDR_ANY &&
+ (ntohl(bundle->ncp.ipcp.ifmask.s_addr) & mask.s_addr) == mask.s_addr)
+ mask.s_addr = htonl(bundle->ncp.ipcp.ifmask.s_addr);
oaddr.s_addr = bundle->iface->in_addrs ?
bundle->iface->in_addr[0].ifa.s_addr : INADDR_ANY;
@@ -524,6 +524,11 @@ ipcp_SetIPaddress(struct bundle *bundle, struct in_addr myaddr,
if (Enabled(bundle, OPT_SROUTES))
route_Change(bundle, bundle->ncp.ipcp.route, myaddr, hisaddr);
+#ifndef NORADIUS
+ if (bundle->radius.valid)
+ route_Change(bundle, bundle->radius.routes, myaddr, hisaddr);
+#endif
+
if (Enabled(bundle, OPT_PROXY) || Enabled(bundle, OPT_PROXYALL)) {
int s = ID0socket(AF_INET, SOCK_DGRAM, 0);
if (s < 0)
@@ -710,7 +715,7 @@ IpcpLayerDown(struct fsm *fp)
system_Select(fp->bundle, "MYADDR", LINKDOWNFILE, NULL, NULL);
}
- ipcp_Setup(ipcp);
+ ipcp_Setup(ipcp, INADDR_NONE);
}
int
@@ -1142,6 +1147,23 @@ ipcp_Input(struct ipcp *ipcp, struct bundle *bundle, struct mbuf *bp)
}
int
+ipcp_UseHisIPaddr(struct bundle *bundle, struct in_addr hisaddr)
+{
+ struct ipcp *ipcp = &bundle->ncp.ipcp;
+
+ memset(&ipcp->cfg.peer_range, '\0', sizeof ipcp->cfg.peer_range);
+ iplist_reset(&ipcp->cfg.peer_list);
+ ipcp->peer_ip = ipcp->cfg.peer_range.ipaddr = hisaddr;
+ ipcp->cfg.peer_range.mask.s_addr = INADDR_BROADCAST;
+ ipcp->cfg.peer_range.width = 32;
+
+ if (ipcp_SetIPaddress(bundle, ipcp->cfg.my_range.ipaddr, hisaddr, 0) < 0)
+ return 0;
+
+ return 1; /* Ok */
+}
+
+int
ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
{
struct ipcp *ipcp = &bundle->ncp.ipcp;
@@ -1165,7 +1187,7 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
log_Printf(LogWARN, "%s: Invalid range !\n", hisaddr);
return 0;
}
- } else if (ParseAddr(ipcp, 1, &hisaddr, &ipcp->cfg.peer_range.ipaddr,
+ } else if (ParseAddr(ipcp, hisaddr, &ipcp->cfg.peer_range.ipaddr,
&ipcp->cfg.peer_range.mask,
&ipcp->cfg.peer_range.width) != 0) {
ipcp->peer_ip.s_addr = ipcp->cfg.peer_range.ipaddr.s_addr;
diff --git a/usr.sbin/ppp/ppp/ipcp.h b/usr.sbin/ppp/ppp/ipcp.h
index e52459001f8..aec762e11b7 100644
--- a/usr.sbin/ppp/ppp/ipcp.h
+++ b/usr.sbin/ppp/ppp/ipcp.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: ipcp.h,v 1.2 1998/10/29 02:21:45 brian Exp $
+ * $Id: ipcp.h,v 1.3 1999/02/06 03:22:39 brian Exp $
*
* TODO:
*/
@@ -34,6 +34,14 @@
#define TY_SECONDARY_NBNS 132
#define TY_ADJUST_NS 119 /* subtract from NS val for REJECT bit */
+#define addr2mask(addr) ( \
+ IN_CLASSA(addr) ? \
+ htonl(IN_CLASSA_NET) : \
+ IN_CLASSB(addr) ? \
+ htonl(IN_CLASSB_NET) : htonl(IN_CLASSC_NET) \
+)
+
+
struct sticky_route;
struct in_range {
@@ -53,7 +61,7 @@ struct ipcp {
} vj;
struct in_range my_range; /* MYADDR spec */
- struct in_addr netmask; /* netmask (unused by most OSs) */
+ struct in_addr netmask; /* Iface netmask (unused by most OSs) */
struct in_range peer_range; /* HISADDR spec */
struct iplist peer_list; /* Ranges of HISADDR values */
@@ -84,6 +92,8 @@ struct ipcp {
struct in_addr peer_ip; /* IP address he's willing to use */
u_int32_t peer_compproto; /* VJ params he's willing to use */
+ struct in_addr ifmask; /* Interface netmask */
+
struct in_addr my_ip; /* IP address I'm willing to use */
u_int32_t my_compproto; /* VJ params I'm willing to use */
@@ -102,13 +112,14 @@ struct cmdargs;
extern void ipcp_Init(struct ipcp *, struct bundle *, struct link *,
const struct fsm_parent *);
-extern void ipcp_Setup(struct ipcp *);
+extern void ipcp_Setup(struct ipcp *, u_int32_t);
extern void ipcp_SetLink(struct ipcp *, struct link *);
extern int ipcp_Show(struct cmdargs const *);
extern void ipcp_Input(struct ipcp *, struct bundle *, struct mbuf *);
extern void ipcp_AddInOctets(struct ipcp *, int);
extern void ipcp_AddOutOctets(struct ipcp *, int);
+extern int ipcp_UseHisIPaddr(struct bundle *, struct in_addr);
extern int ipcp_UseHisaddr(struct bundle *, const char *, int);
extern int ipcp_vjset(struct cmdargs const *);
extern void ipcp_CleanInterface(struct ipcp *);
diff --git a/usr.sbin/ppp/ppp/iplist.c b/usr.sbin/ppp/ppp/iplist.c
index 4acbecc67ce..45eaa14d31c 100644
--- a/usr.sbin/ppp/ppp/iplist.c
+++ b/usr.sbin/ppp/ppp/iplist.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: iplist.c,v 1.1 1998/08/31 00:22:22 brian Exp $
+ * $Id: iplist.c,v 1.2 1999/02/06 03:22:39 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/iplist.h b/usr.sbin/ppp/ppp/iplist.h
index c9f941973b2..6e07aea7ecb 100644
--- a/usr.sbin/ppp/ppp/iplist.h
+++ b/usr.sbin/ppp/ppp/iplist.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: iplist.h,v 1.1 1998/08/31 00:22:22 brian Exp $
+ * $Id: iplist.h,v 1.2 1999/02/06 03:22:40 brian Exp $
*/
struct iplist_cur {
diff --git a/usr.sbin/ppp/ppp/lcp.c b/usr.sbin/ppp/ppp/lcp.c
index 5b8fe164aed..4071968e148 100644
--- a/usr.sbin/ppp/ppp/lcp.c
+++ b/usr.sbin/ppp/ppp/lcp.c
@@ -17,13 +17,13 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: lcp.c,v 1.5 1999/01/13 17:39:57 brian Exp $
+ * $Id: lcp.c,v 1.6 1999/02/06 03:22:40 brian Exp $
*
* TODO:
* o Limit data field length by MRU
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -64,6 +64,9 @@
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
/* for received LQRs */
diff --git a/usr.sbin/ppp/ppp/lcp.h b/usr.sbin/ppp/ppp/lcp.h
index 75aa506d162..7261bc094ea 100644
--- a/usr.sbin/ppp/ppp/lcp.h
+++ b/usr.sbin/ppp/ppp/lcp.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: lcp.h,v 1.1 1998/08/31 00:22:22 brian Exp $
+ * $Id: lcp.h,v 1.2 1999/02/06 03:22:41 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/lcpproto.h b/usr.sbin/ppp/ppp/lcpproto.h
index cc523f6f2a6..95d6c604ec8 100644
--- a/usr.sbin/ppp/ppp/lcpproto.h
+++ b/usr.sbin/ppp/ppp/lcpproto.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: lcpproto.h,v 1.1 1998/08/31 00:22:23 brian Exp $
+ * $Id: lcpproto.h,v 1.2 1999/02/06 03:22:41 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/link.c b/usr.sbin/ppp/ppp/link.c
index 6866d4e6a94..0ec31d7ec28 100644
--- a/usr.sbin/ppp/ppp/link.c
+++ b/usr.sbin/ppp/ppp/link.c
@@ -23,14 +23,13 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: link.c,v 1.1 1998/08/31 00:22:23 brian Exp $
+ * $Id: link.c,v 1.2 1999/02/06 03:22:41 brian Exp $
*
*/
#include <sys/types.h>
#include <stdio.h>
-#include <string.h>
#include <termios.h>
#include "defs.h"
diff --git a/usr.sbin/ppp/ppp/link.h b/usr.sbin/ppp/ppp/link.h
index 87a5402d2c2..ab1a7a9e074 100644
--- a/usr.sbin/ppp/ppp/link.h
+++ b/usr.sbin/ppp/ppp/link.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: link.h,v 1.1 1998/08/31 00:22:23 brian Exp $
+ * $Id: link.h,v 1.2 1999/02/06 03:22:41 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/log.c b/usr.sbin/ppp/ppp/log.c
index 82c6f33e96a..443303bd8f3 100644
--- a/usr.sbin/ppp/ppp/log.c
+++ b/usr.sbin/ppp/ppp/log.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: log.c,v 1.1 1998/08/31 00:22:23 brian Exp $
+ * $Id: log.c,v 1.2 1999/02/06 03:22:41 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/log.h b/usr.sbin/ppp/ppp/log.h
index b399ca16ff7..43f7eaecaef 100644
--- a/usr.sbin/ppp/ppp/log.h
+++ b/usr.sbin/ppp/ppp/log.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: log.h,v 1.1 1998/08/31 00:22:23 brian Exp $
+ * $Id: log.h,v 1.2 1999/02/06 03:22:41 brian Exp $
*/
#define LogMIN (1)
diff --git a/usr.sbin/ppp/ppp/lqr.c b/usr.sbin/ppp/ppp/lqr.c
index 690d75d193e..c0c1a9ed49b 100644
--- a/usr.sbin/ppp/ppp/lqr.c
+++ b/usr.sbin/ppp/ppp/lqr.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: lqr.c,v 1.1 1998/08/31 00:22:23 brian Exp $
+ * $Id: lqr.c,v 1.2 1999/02/06 03:22:41 brian Exp $
*
* o LQR based on RFC1333
*
@@ -26,7 +26,7 @@
* o Allow user to configure LQM method and interval.
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/un.h>
#include <string.h>
diff --git a/usr.sbin/ppp/ppp/lqr.h b/usr.sbin/ppp/ppp/lqr.h
index d5de2074c8d..cc9e1c8fd0d 100644
--- a/usr.sbin/ppp/ppp/lqr.h
+++ b/usr.sbin/ppp/ppp/lqr.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: lqr.h,v 1.1 1998/08/31 00:22:23 brian Exp $
+ * $Id: lqr.h,v 1.2 1999/02/06 03:22:41 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/main.c b/usr.sbin/ppp/ppp/main.c
index 33035015734..e080e93f8a5 100644
--- a/usr.sbin/ppp/ppp/main.c
+++ b/usr.sbin/ppp/ppp/main.c
@@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: main.c,v 1.7 1999/02/02 09:50:14 brian Exp $
+ * $Id: main.c,v 1.8 1999/02/06 03:22:41 brian Exp $
*
* TODO:
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -64,6 +64,9 @@
#include "descriptor.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "auth.h"
#include "systems.h"
@@ -513,6 +516,8 @@ DoLoop(struct bundle *bundle)
break;
}
+ log_Printf(LogTIMER, "Select returns %d\n", i);
+
sig_Handle();
if (i <= 0)
diff --git a/usr.sbin/ppp/ppp/main.h b/usr.sbin/ppp/ppp/main.h
index 88318476a33..a870efd8008 100644
--- a/usr.sbin/ppp/ppp/main.h
+++ b/usr.sbin/ppp/ppp/main.h
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: main.h,v 1.1 1998/08/31 00:22:24 brian Exp $
+ * $Id: main.h,v 1.2 1999/02/06 03:22:42 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/mbuf.c b/usr.sbin/ppp/ppp/mbuf.c
index 41de244acd0..7ef4bb23f27 100644
--- a/usr.sbin/ppp/ppp/mbuf.c
+++ b/usr.sbin/ppp/ppp/mbuf.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: mbuf.c,v 1.1 1998/08/31 00:22:24 brian Exp $
+ * $Id: mbuf.c,v 1.2 1999/02/06 03:22:42 brian Exp $
*
*/
#include <sys/types.h>
@@ -114,13 +114,8 @@ mbuf_Read(struct mbuf * bp, u_char * ptr, int len)
bp->cnt -= nb;
len -= nb;
bp->offset += nb;
- if (bp->cnt == 0) {
-#ifdef notdef
- bp = bp->next;
-#else
+ if (bp->cnt == 0)
bp = mbuf_FreeSeg(bp);
-#endif
- }
}
return (bp);
}
diff --git a/usr.sbin/ppp/ppp/mbuf.h b/usr.sbin/ppp/ppp/mbuf.h
index 104f44661b8..1b987439387 100644
--- a/usr.sbin/ppp/ppp/mbuf.h
+++ b/usr.sbin/ppp/ppp/mbuf.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: mbuf.h,v 1.1 1998/08/31 00:22:24 brian Exp $
+ * $Id: mbuf.h,v 1.2 1999/02/06 03:22:42 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/modem.c b/usr.sbin/ppp/ppp/modem.c
index 7dacede5c9b..e1c62f5e7b5 100644
--- a/usr.sbin/ppp/ppp/modem.c
+++ b/usr.sbin/ppp/ppp/modem.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: modem.c,v 1.2 1999/01/10 02:23:22 brian Exp $
+ * $Id: modem.c,v 1.3 1999/02/06 03:22:42 brian Exp $
*
* TODO:
*/
@@ -69,6 +69,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "prompt.h"
#include "chat.h"
diff --git a/usr.sbin/ppp/ppp/modem.h b/usr.sbin/ppp/ppp/modem.h
index c2adf2cc9bb..bd9b2975b7f 100644
--- a/usr.sbin/ppp/ppp/modem.h
+++ b/usr.sbin/ppp/ppp/modem.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: modem.h,v 1.1 1998/08/31 00:22:24 brian Exp $
+ * $Id: modem.h,v 1.2 1999/02/06 03:22:42 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/mp.c b/usr.sbin/ppp/ppp/mp.c
index 97e74f16791..0270b42044c 100644
--- a/usr.sbin/ppp/ppp/mp.c
+++ b/usr.sbin/ppp/ppp/mp.c
@@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: mp.c,v 1.3 1998/10/29 02:21:46 brian Exp $
+ * $Id: mp.c,v 1.4 1999/02/06 03:22:42 brian Exp $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@@ -71,6 +71,9 @@
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "ip.h"
#include "prompt.h"
diff --git a/usr.sbin/ppp/ppp/mp.h b/usr.sbin/ppp/ppp/mp.h
index 7bf1aa30755..b79022dad7e 100644
--- a/usr.sbin/ppp/ppp/mp.h
+++ b/usr.sbin/ppp/ppp/mp.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: mp.h,v 1.1 1998/08/31 00:22:25 brian Exp $
+ * $Id: mp.h,v 1.2 1999/02/06 03:22:42 brian Exp $
*/
struct mbuf;
diff --git a/usr.sbin/ppp/ppp/pap.c b/usr.sbin/ppp/ppp/pap.c
index c36d0098077..a118baefd95 100644
--- a/usr.sbin/ppp/ppp/pap.c
+++ b/usr.sbin/ppp/ppp/pap.c
@@ -18,17 +18,17 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: pap.c,v 1.3 1999/02/02 09:49:57 brian Exp $
+ * $Id: pap.c,v 1.4 1999/02/06 03:22:42 brian Exp $
*
* TODO:
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <sys/un.h>
-#include <string.h>
+#include <stdlib.h>
#include <termios.h>
#include "mbuf.h"
@@ -53,6 +53,9 @@
#include "ipcp.h"
#include "filter.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "chat.h"
#include "chap.h"
@@ -60,41 +63,41 @@
#include "datalink.h"
static const char *papcodes[] = { "???", "REQUEST", "SUCCESS", "FAILURE" };
+#define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
-void
-pap_SendChallenge(struct authinfo *auth, int papid, struct physical *physical)
+static void
+pap_Req(struct authinfo *authp)
{
+ struct bundle *bundle = authp->physical->dl->bundle;
struct fsmheader lh;
struct mbuf *bp;
u_char *cp;
int namelen, keylen, plen;
- namelen = strlen(physical->dl->bundle->cfg.auth.name);
- keylen = strlen(physical->dl->bundle->cfg.auth.key);
+ namelen = strlen(bundle->cfg.auth.name);
+ keylen = strlen(bundle->cfg.auth.key);
plen = namelen + keylen + 2;
- log_Printf(LogDEBUG, "pap_SendChallenge: namelen = %d, keylen = %d\n",
- namelen, keylen);
- log_Printf(LogPHASE, "Pap Output: %s ********\n",
- physical->dl->bundle->cfg.auth.name);
- if (*physical->dl->bundle->cfg.auth.name == '\0')
+ log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
+ log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
+ if (*bundle->cfg.auth.name == '\0')
log_Printf(LogWARN, "Sending empty PAP authname!\n");
lh.code = PAP_REQUEST;
- lh.id = papid;
+ lh.id = authp->id;
lh.length = htons(plen + sizeof(struct fsmheader));
bp = mbuf_Alloc(plen + sizeof(struct fsmheader), MB_FSM);
memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
*cp++ = namelen;
- memcpy(cp, physical->dl->bundle->cfg.auth.name, namelen);
+ memcpy(cp, bundle->cfg.auth.name, namelen);
cp += namelen;
*cp++ = keylen;
- memcpy(cp, physical->dl->bundle->cfg.auth.key, keylen);
+ memcpy(cp, bundle->cfg.auth.key, keylen);
- hdlc_Output(&physical->link, PRI_LINK, PROTO_PAP, bp);
+ hdlc_Output(&authp->physical->link, PRI_LINK, PROTO_PAP, bp);
}
static void
-SendPapCode(int id, int code, const char *message, struct physical *physical)
+SendPapCode(struct authinfo *authp, int code, const char *message)
{
struct fsmheader lh;
struct mbuf *bp;
@@ -102,7 +105,7 @@ SendPapCode(int id, int code, const char *message, struct physical *physical)
int plen, mlen;
lh.code = code;
- lh.id = id;
+ lh.id = authp->id;
mlen = strlen(message);
plen = mlen + 1;
lh.length = htons(plen + sizeof(struct fsmheader));
@@ -112,90 +115,124 @@ SendPapCode(int id, int code, const char *message, struct physical *physical)
*cp++ = mlen;
memcpy(cp, message, mlen);
log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
- hdlc_Output(&physical->link, PRI_LINK, PROTO_PAP, bp);
+
+ hdlc_Output(&authp->physical->link, PRI_LINK, PROTO_PAP, bp);
}
-/*
- * Validate given username and passwrd against with secret table
- */
-static int
-PapValidate(struct bundle *bundle, u_char *name, u_char *key,
- struct physical *physical)
+static void
+pap_Success(struct authinfo *authp)
{
- int nlen, klen;
+ datalink_GotAuthname(authp->physical->dl, authp->in.name);
+ SendPapCode(authp, PAP_ACK, "Greetings!!");
+ authp->physical->link.lcp.auth_ineed = 0;
+ if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
+ physical_Login(authp->physical, authp->in.name);
- nlen = *name++;
- klen = *key;
- *key++ = 0;
- key[klen] = 0;
- log_Printf(LogDEBUG, "PapValidate: name %s (%d), key %s (%d)\n",
- name, nlen, key, klen);
+ if (authp->physical->link.lcp.auth_iwait == 0)
+ /*
+ * Either I didn't need to authenticate, or I've already been
+ * told that I got the answer right.
+ */
+ datalink_AuthOk(authp->physical->dl);
+}
- return auth_Validate(bundle, name, key, physical);
+static void
+pap_Failure(struct authinfo *authp)
+{
+ SendPapCode(authp, PAP_NAK, "Login incorrect");
+ datalink_AuthNotOk(authp->physical->dl);
}
void
-pap_Input(struct bundle *bundle, struct mbuf *bp, struct physical *physical)
+pap_Init(struct authinfo *pap, struct physical *p)
{
- int len = mbuf_Length(bp);
- struct fsmheader *php;
- u_char *cp;
+ auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
+}
+
+void
+pap_Input(struct physical *p, struct mbuf *bp)
+{
+ struct authinfo *authp = &p->dl->pap;
+ u_char nlen, klen, *key;
+
+ if ((bp = auth_ReadHeader(authp, bp)) == NULL)
+ return;
- if (len >= sizeof(struct fsmheader)) {
- php = (struct fsmheader *) MBUF_CTOP(bp);
- if (len >= ntohs(php->length)) {
- if (php->code < PAP_REQUEST || php->code > PAP_NAK)
- php->code = 0;
- switch (php->code) {
- case PAP_REQUEST:
- cp = (u_char *) (php + 1);
- log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
- papcodes[php->code], *cp, cp + 1);
- if (PapValidate(bundle, cp, cp + *cp + 1, physical)) {
- datalink_GotAuthname(physical->dl, cp+1, *cp);
- SendPapCode(php->id, PAP_ACK, "Greetings!!", physical);
- physical->link.lcp.auth_ineed = 0;
- if (Enabled(bundle, OPT_UTMP))
- physical_Login(physical, cp + 1);
-
- if (physical->link.lcp.auth_iwait == 0)
- /*
- * Either I didn't need to authenticate, or I've already been
- * told that I got the answer right.
- */
- datalink_AuthOk(physical->dl);
- } else {
- SendPapCode(php->id, PAP_NAK, "Login incorrect", physical);
- datalink_AuthNotOk(physical->dl);
- }
- break;
- case PAP_ACK:
- auth_StopTimer(&physical->dl->pap);
- cp = (u_char *) (php + 1);
- len = *cp++;
- cp[len] = 0;
- log_Printf(LogPHASE, "Pap Input: %s (%s)\n", papcodes[php->code], cp);
- if (physical->link.lcp.auth_iwait == PROTO_PAP) {
- physical->link.lcp.auth_iwait = 0;
- if (physical->link.lcp.auth_ineed == 0)
- /*
- * We've succeeded in our ``login''
- * If we're not expecting the peer to authenticate (or he already
- * has), proceed to network phase.
- */
- datalink_AuthOk(physical->dl);
- }
- break;
- case PAP_NAK:
- auth_StopTimer(&physical->dl->pap);
- cp = (u_char *) (php + 1);
- len = *cp++;
- cp[len] = 0;
- log_Printf(LogPHASE, "Pap Input: %s (%s)\n", papcodes[php->code], cp);
- datalink_AuthNotOk(physical->dl);
- break;
+ if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
+ log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
+ mbuf_Free(bp);
+ return;
+ }
+
+ if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
+ Enabled(p->dl->bundle, OPT_IDCHECK)) {
+ /* Wrong conversation dude ! */
+ log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
+ papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
+ mbuf_Free(bp);
+ return;
+ }
+ authp->id = authp->in.hdr.id; /* We respond with this id */
+
+ if (bp) {
+ bp = mbuf_Read(bp, &nlen, 1);
+ bp = auth_ReadName(authp, bp, nlen);
+ }
+
+ log_Printf(LogPHASE, "Pap Input: %s (%s)\n",
+ papcodes[authp->in.hdr.code], authp->in.name);
+
+ switch (authp->in.hdr.code) {
+ case PAP_REQUEST:
+ if (bp == NULL) {
+ log_Printf(LogPHASE, "Pap Input: No key given !\n");
+ break;
+ }
+ bp = mbuf_Read(bp, &klen, 1);
+ if (mbuf_Length(bp) < klen) {
+ log_Printf(LogERROR, "Pap Input: Truncated key !\n");
+ break;
}
- }
+ if ((key = malloc(klen+1)) == NULL) {
+ log_Printf(LogERROR, "Pap Input: Out of memory !\n");
+ break;
+ }
+ bp = mbuf_Read(bp, key, klen);
+ key[klen] = '\0';
+
+#ifndef NORADIUS
+ if (*p->dl->bundle->radius.cfg.file)
+ radius_Authenticate(&p->dl->bundle->radius, authp, authp->in.name,
+ key, NULL);
+ else
+#endif
+ if (auth_Validate(p->dl->bundle, authp->in.name, key, p))
+ pap_Success(authp);
+ else
+ pap_Failure(authp);
+
+ free(key);
+ break;
+
+ case PAP_ACK:
+ auth_StopTimer(authp);
+ if (p->link.lcp.auth_iwait == PROTO_PAP) {
+ p->link.lcp.auth_iwait = 0;
+ if (p->link.lcp.auth_ineed == 0)
+ /*
+ * We've succeeded in our ``login''
+ * If we're not expecting the peer to authenticate (or he already
+ * has), proceed to network phase.
+ */
+ datalink_AuthOk(p->dl);
+ }
+ break;
+
+ case PAP_NAK:
+ auth_StopTimer(authp);
+ datalink_AuthNotOk(p->dl);
+ break;
}
+
mbuf_Free(bp);
}
diff --git a/usr.sbin/ppp/ppp/pap.h b/usr.sbin/ppp/ppp/pap.h
index c5fcbd3daf2..4c4dac129b5 100644
--- a/usr.sbin/ppp/ppp/pap.h
+++ b/usr.sbin/ppp/ppp/pap.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: pap.h,v 1.3 1999/02/02 09:49:57 brian Exp $
+ * $Id: pap.h,v 1.4 1999/02/06 03:22:42 brian Exp $
*
* TODO:
*/
@@ -27,7 +27,6 @@
struct mbuf;
struct physical;
struct authinfo;
-struct bundle;
-extern void pap_Input(struct bundle *, struct mbuf *, struct physical *);
-extern void pap_SendChallenge(struct authinfo *, int, struct physical *);
+extern void pap_Init(struct authinfo *, struct physical *);
+extern void pap_Input(struct physical *, struct mbuf *);
diff --git a/usr.sbin/ppp/ppp/physical.c b/usr.sbin/ppp/ppp/physical.c
index 683f7943e27..2d35a14b457 100644
--- a/usr.sbin/ppp/ppp/physical.c
+++ b/usr.sbin/ppp/ppp/physical.c
@@ -16,7 +16,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: physical.c,v 1.2 1999/01/10 02:23:22 brian Exp $
+ * $Id: physical.c,v 1.3 1999/02/06 03:22:42 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/physical.h b/usr.sbin/ppp/ppp/physical.h
index 89cb39581fd..5db54c2b353 100644
--- a/usr.sbin/ppp/ppp/physical.h
+++ b/usr.sbin/ppp/ppp/physical.h
@@ -16,7 +16,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: physical.h,v 1.2 1999/01/10 02:23:22 brian Exp $
+ * $Id: physical.h,v 1.3 1999/02/06 03:22:42 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/ppp.8 b/usr.sbin/ppp/ppp/ppp.8
index 74a50e042fa..601cf486d9e 100644
--- a/usr.sbin/ppp/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp/ppp.8
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.15 1999/02/04 11:54:48 brian Exp $
+.\" $Id: ppp.8,v 1.16 1999/02/06 03:22:42 brian Exp $
.Dd 20 September 1995
.nr XX \w'\fC00'
.Os FreeBSD
@@ -109,11 +109,29 @@ CHAP authentication and
.Nm
is compiled with DES support, an appropriate MD4/DES response will be
made.
+.It Supports RADIUS authentication.
+An extension to PAP and CHAP,
+.Em \&R Ns No emote
+.Em \&A Ns No ccess
+.Em \&D Ns No ial
+.Em \&I Ns No n
+.Em \&U Ns No ser
+.Em \&S Ns No ervice
+allows authentication information to be stored in a central or
+distributed database along with various per-user framed connection
+characteristics. If
+.Pa libradius
+is available at compile time,
+.Nm
+will use it to make
+.Em RADIUS
+requests when configured to do so.
.It Supports Proxy Arp.
When
-.Em PPP
-is set up as server, you can also configure it to do proxy arp for your
-connection.
+.Nm
+is set up as server, it can be configured to make one or more proxy arp
+entries on behalf of the client. This allows routing to the LAN without
+configuring each machine on that LAN.
.It Supports packet filtering.
User can define four kinds of filters: the
.Em in
@@ -360,10 +378,6 @@ file:
*.*<TAB>/var/log/ppp.log
.Ed
.Pp
-Make sure you use actual TABs here. If you use spaces, the line will be
-silently ignored by
-.Xr syslogd 8 .
-.Pp
It is possible to have more than one
.Em PPP
log file by creating a link to the
@@ -3498,6 +3512,95 @@ command must appear in
as it is not known when the commands in
.Pa ppp.conf
are executed.
+.It set radius Op Ar config-file
+This command enables RADIUS support (if it's compiled in).
+.Ar config-file
+refers to the radius client configuration file as described in
+.Xr radius.conf 5 .
+If PAP or CHAP are
+.Dq enable Ns No d ,
+.Nm
+behaves as a
+.Em \&N Ns No etwork
+.Em \&A Ns No ccess
+.Em \&S Ns No erver
+and uses the configured RADIUS server to authenticate rather than
+authenticating from the
+.Pa ppp.secret
+file or from the passwd database.
+.Pp
+If neither PAP or CHAP are enabled,
+.Dq set radius
+will do nothing.
+.Pp
+.Nm
+uses the following attributes from the RADIUS reply:
+.Bl -tag -width XXX -offset XXX
+.It RAD_FRAMED_IP_ADDRESS
+The peer IP address is set to the given value.
+.It RAD_FRAMED_IP_NETMASK
+The tun interface netmask is set to the given value.
+.It RAD_FRAMED_MTU
+If the given MTU is less than the peers MRU as agreed during LCP
+negotiation, *and* it is less that any configured MTU (see the
+.Dq set mru
+command), the tun interface MTU is set to the given value.
+.It RAD_FRAMED_COMPRESSION
+If the received compression type is
+.Dq 1 ,
+.Nm
+will request VJ compression during IPCP negotiations despite any
+.Dq disable vj
+configuration command.
+.It RAD_FRAMED_ROUTE
+The received string is expected to be in the format
+.Ar dest Ns Op / Ns Ar bits
+.Ar gw
+.Op Ar metrics .
+Any specified metrics are ignored.
+.Dv MYADDR
+and
+.Dv HISADDR
+are understood as valid values for
+.Ar dest
+and
+.Ar gw ,
+.Dq default
+can be used for
+.Ar dest
+to sepcify the default route, and
+.Dq 0.0.0.0
+is understood to be the same as
+.Dq default
+for
+.Ar dest
+and
+.Dv HISADDR
+for
+.Ar gw .
+.Pp
+For example, a returned value of
+.Dq 1.2.3.4/24 0.0.0.0 1 2 -1 3 400
+would result in a routing table entry to the 1.2.3.0/24 network via
+.Dv HISADDR
+and a returned value of
+.Dq 0.0.0.0 0.0.0.0
+or
+.Dq default HISADDR
+would result in a default route to
+.Dv HISADDR .
+.Pp
+All RADIUS routes are applied after any sticky routes are applied, making
+RADIUS routes override configured routes. This also applies for RADIUS
+routes that don't include the
+.Dv MYADDR
+or
+.Dv HISADDR
+keywords.
+.Pp
+.El
+Values received from the RADIUS server may be viewed using
+.Dq show bundle .
.It set reconnect Ar timeout ntries
Should the line drop unexpectedly (due to loss of CD or LQR
failure), a connection will be re-established after the given
@@ -3841,6 +3944,7 @@ This socket is used to pass links between different instances of
.Xr ping 8 ,
.Xr pppctl 8 ,
.Xr pppd 8 ,
+.Xr radius.conf 5 ,
.Xr route 8 ,
.Xr syslogd 8 ,
.Xr traceroute 8 ,
diff --git a/usr.sbin/ppp/ppp/pred.c b/usr.sbin/ppp/ppp/pred.c
index 0480e61cfb3..dce5ec49949 100644
--- a/usr.sbin/ppp/ppp/pred.c
+++ b/usr.sbin/ppp/ppp/pred.c
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: pred.c,v 1.1 1998/08/31 00:22:26 brian Exp $
+ * $Id: pred.c,v 1.2 1999/02/06 03:22:43 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/pred.h b/usr.sbin/ppp/ppp/pred.h
index d2fb046a298..0ad1eae2ec3 100644
--- a/usr.sbin/ppp/ppp/pred.h
+++ b/usr.sbin/ppp/ppp/pred.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: pred.h,v 1.1 1998/08/31 00:22:26 brian Exp $
+ * $Id: pred.h,v 1.2 1999/02/06 03:22:43 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/probe.c b/usr.sbin/ppp/ppp/probe.c
index fd6c5e5c8e0..d364a04a31d 100644
--- a/usr.sbin/ppp/ppp/probe.c
+++ b/usr.sbin/ppp/ppp/probe.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: probe.c,v 1.1 1998/08/31 00:22:26 brian Exp $
+ * $Id: probe.c,v 1.2 1999/02/06 03:22:43 brian Exp $
*/
#include <sys/time.h>
diff --git a/usr.sbin/ppp/ppp/probe.h b/usr.sbin/ppp/ppp/probe.h
index e8d68facfce..fe48eefc9c5 100644
--- a/usr.sbin/ppp/ppp/probe.h
+++ b/usr.sbin/ppp/ppp/probe.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: probe.h,v 1.1 1998/08/31 00:22:27 brian Exp $
+ * $Id: probe.h,v 1.2 1999/02/06 03:22:43 brian Exp $
*/
struct probe {
diff --git a/usr.sbin/ppp/ppp/prompt.c b/usr.sbin/ppp/ppp/prompt.c
index 81034155678..3ec1b832f01 100644
--- a/usr.sbin/ppp/ppp/prompt.c
+++ b/usr.sbin/ppp/ppp/prompt.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: prompt.c,v 1.1 1998/08/31 00:22:27 brian Exp $
+ * $Id: prompt.c,v 1.2 1999/02/06 03:22:43 brian Exp $
*/
#include <sys/param.h>
@@ -63,6 +63,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "chat.h"
#include "chap.h"
diff --git a/usr.sbin/ppp/ppp/prompt.h b/usr.sbin/ppp/ppp/prompt.h
index 6f58cb6588a..699d745a460 100644
--- a/usr.sbin/ppp/ppp/prompt.h
+++ b/usr.sbin/ppp/ppp/prompt.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: prompt.h,v 1.1 1998/08/31 00:22:27 brian Exp $
+ * $Id: prompt.h,v 1.2 1999/02/06 03:22:43 brian Exp $
*/
#define LOCAL_AUTH 0x01
diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c
new file mode 100644
index 00000000000..2e7296db8fc
--- /dev/null
+++ b/usr.sbin/ppp/ppp/radius.c
@@ -0,0 +1,423 @@
+/*
+ * Copyright 1999 Internet Business Solutions Ltd., Switzerland
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: radius.c,v 1.1 1999/02/06 03:22:44 brian Exp $
+ *
+ */
+
+#include <sys/param.h>
+#include <netinet/in_systm.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <arpa/inet.h>
+#include <sys/un.h>
+
+#include <errno.h>
+#include "radlib.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/time.h>
+#include <termios.h>
+
+#include "defs.h"
+#include "log.h"
+#include "descriptor.h"
+#include "prompt.h"
+#include "timer.h"
+#include "fsm.h"
+#include "iplist.h"
+#include "slcompress.h"
+#include "throughput.h"
+#include "lqr.h"
+#include "hdlc.h"
+#include "mbuf.h"
+#include "ipcp.h"
+#include "route.h"
+#include "command.h"
+#include "filter.h"
+#include "lcp.h"
+#include "ccp.h"
+#include "link.h"
+#include "mp.h"
+#include "radius.h"
+#include "auth.h"
+#include "async.h"
+#include "physical.h"
+#include "chat.h"
+#include "cbcp.h"
+#include "chap.h"
+#include "datalink.h"
+#include "bundle.h"
+
+/*
+ * rad_continue_send_request() has given us `got' (non-zero). Deal with it.
+ */
+static void
+radius_Process(struct radius *r, int got)
+{
+ char *argv[MAXARGS], *nuke;
+ struct bundle *bundle;
+ int len, argc, addrs;
+ struct in_range dest;
+ struct in_addr gw;
+ const void *data;
+
+ r->cx.fd = -1; /* Stop select()ing */
+
+ switch (got) {
+ case RAD_ACCESS_ACCEPT:
+ log_Printf(LogPHASE, "Radius: ACCEPT received\n");
+ break;
+
+ case RAD_ACCESS_REJECT:
+ log_Printf(LogPHASE, "Radius: REJECT received\n");
+ auth_Failure(r->cx.auth);
+ rad_close(r->cx.rad);
+ return;
+
+ case RAD_ACCESS_CHALLENGE:
+ /* we can't deal with this (for now) ! */
+ log_Printf(LogPHASE, "Radius: CHALLENGE received (can't handle yet)\n");
+ auth_Failure(r->cx.auth);
+ rad_close(r->cx.rad);
+ return;
+
+ case -1:
+ log_Printf(LogPHASE, "radius: %s\n", rad_strerror(r->cx.rad));
+ auth_Failure(r->cx.auth);
+ rad_close(r->cx.rad);
+ return;
+
+ default:
+ log_Printf(LogERROR, "rad_send_request: Failed %d: %s\n",
+ got, rad_strerror(r->cx.rad));
+ auth_Failure(r->cx.auth);
+ rad_close(r->cx.rad);
+ return;
+ }
+
+ /* So we've been accepted ! Let's see what we've got in our reply :-I */
+ r->ip.s_addr = r->mask.s_addr = INADDR_NONE;
+ r->mtu = 0;
+ r->vj = 0;
+ while ((got = rad_get_attr(r->cx.rad, &data, &len)) > 0) {
+ switch (got) {
+ case RAD_FRAMED_IP_ADDRESS:
+ r->ip = rad_cvt_addr(data);
+ log_Printf(LogPHASE, " IP %s\n", inet_ntoa(r->ip));
+ break;
+
+ case RAD_FRAMED_IP_NETMASK:
+ r->mask = rad_cvt_addr(data);
+ log_Printf(LogPHASE, " Netmask %s\n", inet_ntoa(r->mask));
+ break;
+
+ case RAD_FRAMED_MTU:
+ r->mtu = rad_cvt_int(data);
+ log_Printf(LogPHASE, " MTU %lu\n", r->mtu);
+ break;
+
+ case RAD_FRAMED_ROUTING:
+ /* Disabled for now - should we automatically set up some filters ? */
+ /* rad_cvt_int(data); */
+ /* bit 1 = Send routing packets */
+ /* bit 2 = Receive routing packets */
+ break;
+
+ case RAD_FRAMED_COMPRESSION:
+ r->vj = rad_cvt_int(data) == 1 ? 1 : 0;
+ log_Printf(LogPHASE, " VJ %sabled\n", r->vj ? "en" : "dis");
+ break;
+
+ case RAD_FRAMED_ROUTE:
+ /*
+ * We expect a string of the format ``dest[/bits] gw [metrics]''
+ * Any specified metrics are ignored. MYADDR and HISADDR are
+ * understood for ``dest'' and ``gw'' and ``0.0.0.0'' is the same
+ * as ``HISADDR''.
+ */
+
+ if ((nuke = rad_cvt_string(data, len)) == NULL) {
+ log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
+ rad_close(r->cx.rad);
+ return;
+ }
+
+ log_Printf(LogPHASE, " Route: %s\n", nuke);
+ bundle = r->cx.auth->physical->dl->bundle;
+ dest.ipaddr.s_addr = dest.mask.s_addr = INADDR_ANY;
+ dest.width = 0;
+ argc = command_Interpret(nuke, strlen(nuke), argv);
+ if (argc < 2)
+ log_Printf(LogWARN, "radius: %s: Invalid route\n",
+ argc == 1 ? argv[0] : "\"\"");
+ else if ((strcasecmp(argv[0], "default") != 0 &&
+ !ParseAddr(&bundle->ncp.ipcp, argv[0], &dest.ipaddr,
+ &dest.mask, &dest.width)) ||
+ !ParseAddr(&bundle->ncp.ipcp, argv[1], &gw, NULL, NULL))
+ log_Printf(LogWARN, "radius: %s %s: Invalid route\n",
+ argv[0], argv[1]);
+ else {
+ if (dest.width == 32 && strchr(argv[0], '/') == NULL)
+ /* No mask specified - use the natural mask */
+ dest.mask.s_addr = addr2mask(dest.ipaddr.s_addr);
+ addrs = 0;
+
+ if (!strncasecmp(argv[0], "HISADDR", 7))
+ addrs = ROUTE_DSTHISADDR;
+ else if (!strncasecmp(argv[0], "MYADDR", 6))
+ addrs = ROUTE_DSTMYADDR;
+
+ if (gw.s_addr == INADDR_ANY) {
+ addrs |= ROUTE_GWHISADDR;
+ gw = bundle->ncp.ipcp.peer_ip;
+ } else if (strcasecmp(argv[1], "HISADDR") == 0)
+ addrs |= ROUTE_GWHISADDR;
+
+ route_Add(&r->routes, addrs, dest.ipaddr, dest.mask, gw);
+ }
+ free(nuke);
+ break;
+ }
+ }
+
+ if (got == -1) {
+ log_Printf(LogERROR, "rad_get_attr: %s (failing!)\n",
+ rad_strerror(r->cx.rad));
+ auth_Failure(r->cx.auth);
+ rad_close(r->cx.rad);
+ } else {
+ r->valid = 1;
+ auth_Success(r->cx.auth);
+ rad_close(r->cx.rad);
+ }
+}
+
+/*
+ * We've either timed out or select()ed on the read descriptor
+ */
+static void
+radius_Continue(struct radius *r, int sel)
+{
+ struct timeval tv;
+ int got;
+
+ timer_Stop(&r->cx.timer);
+ if ((got = rad_continue_send_request(r->cx.rad, sel, &r->cx.fd, &tv)) == 0) {
+ log_Printf(LogPHASE, "Radius: Request re-sent\n");
+ r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
+ timer_Start(&r->cx.timer);
+ return;
+ }
+
+ radius_Process(r, got);
+}
+
+/*
+ * Time to call rad_continue_send_request() - timed out.
+ */
+static void
+radius_Timeout(void *v)
+{
+ radius_Continue((struct radius *)v, 0);
+}
+
+/*
+ * Time to call rad_continue_send_request() - something to read.
+ */
+static void
+radius_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset)
+{
+ radius_Continue(descriptor2radius(d), 1);
+}
+
+/*
+ * Behave as a struct descriptor (descriptor.h)
+ */
+static int
+radius_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
+{
+ struct radius *rad = descriptor2radius(d);
+
+ if (r && rad->cx.fd != -1) {
+ FD_SET(rad->cx.fd, r);
+ if (*n < rad->cx.fd + 1)
+ *n = rad->cx.fd + 1;
+ log_Printf(LogTIMER, "Radius: fdset(r) %d\n", rad->cx.fd);
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * Behave as a struct descriptor (descriptor.h)
+ */
+static int
+radius_IsSet(struct descriptor *d, const fd_set *fdset)
+{
+ struct radius *r = descriptor2radius(d);
+
+ return r && r->cx.fd != -1 && FD_ISSET(r->cx.fd, fdset);
+}
+
+/*
+ * Behave as a struct descriptor (descriptor.h)
+ */
+static int
+radius_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset)
+{
+ /* We never want to write here ! */
+ log_Printf(LogALERT, "radius_Write: Internal error: Bad call !\n");
+ return 0;
+}
+
+/*
+ * Initialise ourselves
+ */
+void
+radius_Init(struct radius *r)
+{
+ r->valid = 0;
+ r->cx.fd = -1;
+ *r->cfg.file = '\0';;
+ r->desc.type = RADIUS_DESCRIPTOR;
+ r->desc.UpdateSet = radius_UpdateSet;
+ r->desc.IsSet = radius_IsSet;
+ r->desc.Read = radius_Read;
+ r->desc.Write = radius_Write;
+ memset(&r->cx.timer, '\0', sizeof r->cx.timer);
+}
+
+/*
+ * Forget everything and go back to initialised state.
+ */
+void
+radius_Destroy(struct radius *r)
+{
+ r->valid = 0;
+ timer_Stop(&r->cx.timer);
+ route_DeleteAll(&r->routes);
+ if (r->cx.fd != -1) {
+ r->cx.fd = -1;
+ rad_close(r->cx.rad);
+ }
+}
+
+/*
+ * Start an authentication request to the RADIUS server.
+ */
+void
+radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
+ const char *key, const char *challenge)
+{
+ struct timeval tv;
+ int got;
+
+ if (!*r->cfg.file)
+ return;
+
+ if (r->cx.fd != -1)
+ /*
+ * We assume that our name/key/challenge is the same as last time,
+ * and just continue to wait for the RADIUS server(s).
+ */
+ return;
+
+ radius_Destroy(r);
+
+ if ((r->cx.rad = rad_open()) == NULL) {
+ log_Printf(LogERROR, "rad_open: %s\n", strerror(errno));
+ return;
+ }
+
+ if (rad_config(r->cx.rad, r->cfg.file) != 0) {
+ log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));
+ rad_close(r->cx.rad);
+ return;
+ }
+
+ if (rad_create_request(r->cx.rad, RAD_ACCESS_REQUEST) != 0) {
+ log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));
+ rad_close(r->cx.rad);
+ return;
+ }
+
+ if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 ||
+ rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
+ rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {
+ log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
+ rad_close(r->cx.rad);
+ return;
+ }
+
+ if (challenge != NULL) {
+ /* We're talking CHAP */
+ if (rad_put_string(r->cx.rad, RAD_CHAP_PASSWORD, key) != 0 ||
+ rad_put_string(r->cx.rad, RAD_CHAP_CHALLENGE, challenge) != 0) {
+ log_Printf(LogERROR, "CHAP: rad_put_string: %s\n",
+ rad_strerror(r->cx.rad));
+ rad_close(r->cx.rad);
+ return;
+ }
+ } else if (rad_put_string(r->cx.rad, RAD_USER_PASSWORD, key) != 0) {
+ /* We're talking PAP */
+ log_Printf(LogERROR, "PAP: rad_put_string: %s\n", rad_strerror(r->cx.rad));
+ rad_close(r->cx.rad);
+ return;
+ }
+
+ if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
+ radius_Process(r, got);
+ else {
+ log_Printf(LogPHASE, "Radius: Request sent\n");
+ log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
+ r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
+ r->cx.timer.func = radius_Timeout;
+ r->cx.timer.name = "radius";
+ r->cx.timer.arg = r;
+ r->cx.auth = authp;
+ timer_Start(&r->cx.timer);
+ }
+}
+
+/*
+ * How do things look at the moment ?
+ */
+void
+radius_Show(struct radius *r, struct prompt *p)
+{
+ prompt_Printf(p, " Radius config: %s", *r->cfg.file ? r->cfg.file : "none");
+ if (r->valid) {
+ prompt_Printf(p, "\n IP: %s\n", inet_ntoa(r->ip));
+ prompt_Printf(p, " Netmask: %s\n", inet_ntoa(r->mask));
+ prompt_Printf(p, " MTU: %lu\n", r->mtu);
+ prompt_Printf(p, " VJ: %sabled\n", r->vj ? "en" : "dis");
+ if (r->routes)
+ route_ShowSticky(p, r->routes, " Routes", 16);
+ } else
+ prompt_Printf(p, " (not authenticated)\n");
+}
diff --git a/usr.sbin/ppp/ppp/radius.h b/usr.sbin/ppp/ppp/radius.h
new file mode 100644
index 00000000000..a9b625c6a3f
--- /dev/null
+++ b/usr.sbin/ppp/ppp/radius.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1999 Internet Business Solutions Ltd., Switzerland
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: radius.h,v 1.1 1999/02/06 03:22:44 brian Exp $
+ */
+
+struct radius {
+ struct descriptor desc; /* We're a sort of (selectable) descriptor */
+ struct {
+ int fd; /* We're selecting on this */
+ struct rad_handle *rad; /* Using this to talk to our lib */
+ struct pppTimer timer; /* for this long */
+ struct authinfo *auth; /* Tell this about success/failure */
+ } cx;
+ unsigned valid : 1; /* Is this structure valid ? */
+ unsigned vj : 1; /* FRAMED Compression */
+ struct in_addr ip; /* FRAMED IP */
+ struct in_addr mask; /* FRAMED Netmask */
+ unsigned long mtu; /* FRAMED MTU */
+ struct sticky_route *routes; /* FRAMED Routes */
+ struct {
+ char file[MAXPATHLEN]; /* Radius config file */
+ } cfg;
+};
+
+#define descriptor2radius(d) \
+ ((d)->type == RADIUS_DESCRIPTOR ? (struct radius *)(d) : NULL)
+
+struct bundle;
+
+extern void radius_Init(struct radius *);
+extern void radius_Destroy(struct radius *);
+
+extern void radius_Show(struct radius *, struct prompt *);
+extern void radius_Authenticate(struct radius *, struct authinfo *,
+ const char *, const char *, const char *);
diff --git a/usr.sbin/ppp/ppp/radlib.c b/usr.sbin/ppp/ppp/radlib.c
new file mode 100644
index 00000000000..342fdbb1787
--- /dev/null
+++ b/usr.sbin/ppp/ppp/radlib.c
@@ -0,0 +1,783 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $OpenBSD: radlib.c,v 1.1 1999/02/06 03:22:45 brian Exp $
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <md5.h>
+#include <netdb.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "defs.h"
+#include "radlib_private.h"
+
+static void clear_password(struct rad_handle *);
+static void generr(struct rad_handle *, const char *, ...);
+static void insert_scrambled_password(struct rad_handle *, int);
+static int is_valid_response(struct rad_handle *, int,
+ const struct sockaddr_in *);
+static int put_password_attr(struct rad_handle *, int,
+ const void *, size_t);
+static int put_raw_attr(struct rad_handle *, int,
+ const void *, size_t);
+static int split(char *, char *[], int, char *, size_t);
+
+static void
+clear_password(struct rad_handle *h)
+{
+ if (h->pass_len != 0) {
+ memset(h->pass, 0, h->pass_len);
+ h->pass_len = 0;
+ h->pass_pos = 0;
+ }
+}
+
+static void
+generr(struct rad_handle *h, const char *format, ...)
+{
+ va_list ap;
+
+ va_start(ap, format);
+ vsnprintf(h->errmsg, ERRSIZE, format, ap);
+ va_end(ap);
+}
+
+static void
+insert_scrambled_password(struct rad_handle *h, int srv)
+{
+ MD5_CTX ctx;
+ unsigned char md5[16];
+ const struct rad_server *srvp;
+ int padded_len;
+ int pos;
+
+ srvp = &h->servers[srv];
+ padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf;
+
+ memcpy(md5, &h->request[POS_AUTH], LEN_AUTH);
+ for (pos = 0; pos < padded_len; pos += 16) {
+ int i;
+
+ /* Calculate the new scrambler */
+ MD5Init(&ctx);
+ MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
+ MD5Update(&ctx, md5, 16);
+ MD5Final(md5, &ctx);
+
+ /*
+ * Mix in the current chunk of the password, and copy
+ * the result into the right place in the request. Also
+ * modify the scrambler in place, since we will use this
+ * in calculating the scrambler for next time.
+ */
+ for (i = 0; i < 16; i++)
+ h->request[h->pass_pos + pos + i] =
+ md5[i] ^= h->pass[pos + i];
+ }
+}
+
+/*
+ * Return true if the current response is valid for a request to the
+ * specified server.
+ */
+static int
+is_valid_response(struct rad_handle *h, int srv,
+ const struct sockaddr_in *from)
+{
+ MD5_CTX ctx;
+ unsigned char md5[16];
+ const struct rad_server *srvp;
+ int len;
+
+ srvp = &h->servers[srv];
+
+ /* Check the source address */
+ if (from->sin_family != srvp->addr.sin_family ||
+ from->sin_addr.s_addr != srvp->addr.sin_addr.s_addr ||
+ from->sin_port != srvp->addr.sin_port)
+ return 0;
+
+ /* Check the message length */
+ if (h->resp_len < POS_ATTRS)
+ return 0;
+ len = h->response[POS_LENGTH] << 8 | h->response[POS_LENGTH+1];
+ if (len > h->resp_len)
+ return 0;
+
+ /* Check the response authenticator */
+ MD5Init(&ctx);
+ MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
+ MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH);
+ MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
+ MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
+ MD5Final(md5, &ctx);
+ if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0)
+ return 0;
+
+ return 1;
+}
+
+static int
+put_password_attr(struct rad_handle *h, int type, const void *value, size_t len)
+{
+ int padded_len;
+ int pad_len;
+
+ if (h->pass_pos != 0) {
+ generr(h, "Multiple User-Password attributes specified");
+ return -1;
+ }
+ if (len > PASSSIZE)
+ len = PASSSIZE;
+ padded_len = len == 0 ? 16 : (len+15) & ~0xf;
+ pad_len = padded_len - len;
+
+ /*
+ * Put in a place-holder attribute containing all zeros, and
+ * remember where it is so we can fill it in later.
+ */
+ clear_password(h);
+ put_raw_attr(h, type, h->pass, padded_len);
+ h->pass_pos = h->req_len - padded_len;
+
+ /* Save the cleartext password, padded as necessary */
+ memcpy(h->pass, value, len);
+ h->pass_len = len;
+ memset(h->pass + len, 0, pad_len);
+ return 0;
+}
+
+static int
+put_raw_attr(struct rad_handle *h, int type, const void *value, size_t len)
+{
+ if (len > 253) {
+ generr(h, "Attribute too long");
+ return -1;
+ }
+ if (h->req_len + 2 + len > MSGSIZE) {
+ generr(h, "Maximum message length exceeded");
+ return -1;
+ }
+ h->request[h->req_len++] = type;
+ h->request[h->req_len++] = len + 2;
+ memcpy(&h->request[h->req_len], value, len);
+ h->req_len += len;
+ return 0;
+}
+
+int
+rad_add_server(struct rad_handle *h, const char *host, int port,
+ const char *secret, int timeout, int tries)
+{
+ struct rad_server *srvp;
+
+ if (h->num_servers >= MAXSERVERS) {
+ generr(h, "Too many RADIUS servers specified");
+ return -1;
+ }
+ srvp = &h->servers[h->num_servers];
+
+ memset(&srvp->addr, 0, sizeof srvp->addr);
+ srvp->addr.sin_len = sizeof srvp->addr;
+ srvp->addr.sin_family = AF_INET;
+ if (!inet_aton(host, &srvp->addr.sin_addr)) {
+ struct hostent *hent;
+
+ if ((hent = gethostbyname(host)) == NULL) {
+ generr(h, "%s: host not found", host);
+ return -1;
+ }
+ memcpy(&srvp->addr.sin_addr, hent->h_addr,
+ sizeof srvp->addr.sin_addr);
+ }
+ if (port != 0)
+ srvp->addr.sin_port = htons(port);
+ else {
+ struct servent *sent;
+
+ srvp->addr.sin_port =
+ (sent = getservbyname("radius", "udp")) != NULL ?
+ sent->s_port : htons(RADIUS_PORT);
+ }
+ if ((srvp->secret = strdup(secret)) == NULL) {
+ generr(h, "Out of memory");
+ return -1;
+ }
+ srvp->timeout = timeout;
+ srvp->max_tries = tries;
+ srvp->num_tries = 0;
+ h->num_servers++;
+ return 0;
+}
+
+void
+rad_close(struct rad_handle *h)
+{
+ int srv;
+
+ if (h->fd != -1)
+ close(h->fd);
+ for (srv = 0; srv < h->num_servers; srv++) {
+ memset(h->servers[srv].secret, 0,
+ strlen(h->servers[srv].secret));
+ free(h->servers[srv].secret);
+ }
+ clear_password(h);
+ free(h);
+}
+
+int
+rad_config(struct rad_handle *h, const char *path)
+{
+ FILE *fp;
+ char buf[MAXCONFLINE];
+ int linenum;
+ int retval;
+
+ if (path == NULL)
+ path = PATH_RADIUS_CONF;
+ if ((fp = fopen(path, "r")) == NULL) {
+ generr(h, "Cannot open \"%s\": %s", path, strerror(errno));
+ return -1;
+ }
+ retval = 0;
+ linenum = 0;
+ while (fgets(buf, sizeof buf, fp) != NULL) {
+ int len;
+ char *fields[4];
+ int nfields;
+ char msg[ERRSIZE];
+ char *host;
+ char *port_str;
+ char *secret;
+ char *timeout_str;
+ char *maxtries_str;
+ char *end;
+ unsigned long timeout;
+ unsigned long maxtries;
+ int port;
+
+ linenum++;
+ len = strlen(buf);
+ /* We know len > 0, else fgets would have returned NULL. */
+ if (buf[len - 1] != '\n') {
+ if (len == sizeof buf - 1)
+ generr(h, "%s:%d: line too long", path,
+ linenum);
+ else
+ generr(h, "%s:%d: missing newline", path,
+ linenum);
+ retval = -1;
+ break;
+ }
+ buf[len - 1] = '\0';
+
+ /* Extract the fields from the line. */
+ nfields = split(buf, fields, 4, msg, sizeof msg);
+ if (nfields == -1) {
+ generr(h, "%s:%d: %s", path, linenum, msg);
+ retval = -1;
+ break;
+ }
+ if (nfields == 0)
+ continue;
+ if (nfields < 2) {
+ generr(h, "%s:%d: missing shared secret", path,
+ linenum);
+ retval = -1;
+ break;
+ }
+ host = fields[0];
+ secret = fields[1];
+ timeout_str = fields[2];
+ maxtries_str = fields[3];
+
+ /* Parse and validate the fields. */
+ host = strtok(host, ":");
+ port_str = strtok(NULL, ":");
+ if (port_str != NULL) {
+ port = strtoul(port_str, &end, 10);
+ if (*end != '\0') {
+ generr(h, "%s:%d: invalid port", path,
+ linenum);
+ retval = -1;
+ break;
+ }
+ } else
+ port = 0;
+ if (timeout_str != NULL) {
+ timeout = strtoul(timeout_str, &end, 10);
+ if (*end != '\0') {
+ generr(h, "%s:%d: invalid timeout", path,
+ linenum);
+ retval = -1;
+ break;
+ }
+ } else
+ timeout = TIMEOUT;
+ if (maxtries_str != NULL) {
+ maxtries = strtoul(maxtries_str, &end, 10);
+ if (*end != '\0') {
+ generr(h, "%s:%d: invalid maxtries", path,
+ linenum);
+ retval = -1;
+ break;
+ }
+ } else
+ maxtries = MAXTRIES;
+
+ if (rad_add_server(h, host, port, secret, timeout, maxtries) ==
+ -1) {
+ strcpy(msg, h->errmsg);
+ generr(h, "%s:%d: %s", path, linenum, msg);
+ retval = -1;
+ break;
+ }
+ }
+ /* Clear out the buffer to wipe a possible copy of a shared secret */
+ memset(buf, 0, sizeof buf);
+ fclose(fp);
+ return retval;
+}
+
+/*
+ * rad_init_send_request() must have previously been called.
+ * Returns:
+ * 0 The application should select on *fd with a timeout of tv before
+ * calling rad_continue_send_request again.
+ * < 0 Failure
+ * > 0 Success
+ */
+int
+rad_continue_send_request(struct rad_handle *h, int selected, int *fd,
+ struct timeval *tv)
+{
+ int n;
+
+ if (selected) {
+ struct sockaddr_in from;
+ int fromlen;
+
+ fromlen = sizeof from;
+ h->resp_len = recvfrom(h->fd, h->response,
+ MSGSIZE, MSG_WAITALL, (struct sockaddr *)&from, &fromlen);
+ if (h->resp_len == -1) {
+ generr(h, "recvfrom: %s", strerror(errno));
+ return -1;
+ }
+ if (is_valid_response(h, h->srv, &from)) {
+ h->resp_len = h->response[POS_LENGTH] << 8 |
+ h->response[POS_LENGTH+1];
+ h->resp_pos = POS_ATTRS;
+ return h->response[POS_CODE];
+ }
+ }
+
+ if (h->try == h->total_tries) {
+ generr(h, "No valid RADIUS responses received");
+ return -1;
+ }
+
+ /*
+ * Scan round-robin to the next server that has some
+ * tries left. There is guaranteed to be one, or we
+ * would have exited this loop by now.
+ */
+ while (h->servers[h->srv].num_tries >= h->servers[h->srv].max_tries)
+ if (++h->srv >= h->num_servers)
+ h->srv = 0;
+
+ /* Insert the scrambled password into the request */
+ if (h->pass_pos != 0)
+ insert_scrambled_password(h, h->srv);
+
+ /* Send the request */
+ n = sendto(h->fd, h->request, h->req_len, 0,
+ (const struct sockaddr *)&h->servers[h->srv].addr,
+ sizeof h->servers[h->srv].addr);
+ if (n != h->req_len) {
+ if (n == -1)
+ generr(h, "sendto: %s", strerror(errno));
+ else
+ generr(h, "sendto: short write");
+ return -1;
+ }
+
+ h->try++;
+ h->servers[h->srv].num_tries++;
+ tv->tv_sec = h->servers[h->srv].timeout;
+ tv->tv_usec = 0;
+ *fd = h->fd;
+
+ return 0;
+}
+
+int
+rad_create_request(struct rad_handle *h, int code)
+{
+ int i;
+
+ h->request[POS_CODE] = code;
+ h->request[POS_IDENT] = ++h->ident;
+ /* Create a random authenticator */
+ for (i = 0; i < LEN_AUTH; i += 2) {
+ long r;
+ r = random();
+ h->request[POS_AUTH+i] = r;
+ h->request[POS_AUTH+i+1] = r >> 8;
+ }
+ h->req_len = POS_ATTRS;
+ clear_password(h);
+ return 0;
+}
+
+struct in_addr
+rad_cvt_addr(const void *data)
+{
+ struct in_addr value;
+
+ memcpy(&value.s_addr, data, sizeof value.s_addr);
+ return value;
+}
+
+u_int32_t
+rad_cvt_int(const void *data)
+{
+ u_int32_t value;
+
+ memcpy(&value, data, sizeof value);
+ return ntohl(value);
+}
+
+char *
+rad_cvt_string(const void *data, size_t len)
+{
+ char *s;
+
+ s = malloc(len + 1);
+ if (s != NULL) {
+ memcpy(s, data, len);
+ s[len] = '\0';
+ }
+ return s;
+}
+
+/*
+ * Returns the attribute type. If none are left, returns 0. On failure,
+ * returns -1.
+ */
+int
+rad_get_attr(struct rad_handle *h, const void **value, size_t *len)
+{
+ int type;
+
+ if (h->resp_pos >= h->resp_len)
+ return 0;
+ if (h->resp_pos + 2 > h->resp_len) {
+ generr(h, "Malformed attribute in response");
+ return -1;
+ }
+ type = h->response[h->resp_pos++];
+ *len = h->response[h->resp_pos++] - 2;
+ if (h->resp_pos + *len > h->resp_len) {
+ generr(h, "Malformed attribute in response");
+ return -1;
+ }
+ *value = &h->response[h->resp_pos];
+ h->resp_pos += *len;
+ return type;
+}
+
+/*
+ * Returns -1 on error, 0 to indicate no event and >0 for success
+ */
+int
+rad_init_send_request(struct rad_handle *h, int *fd, struct timeval *tv)
+{
+ int srv;
+
+ /* Make sure we have a socket to use */
+ if (h->fd == -1) {
+ struct sockaddr_in sin;
+
+ if ((h->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
+ generr(h, "Cannot create socket: %s", strerror(errno));
+ return -1;
+ }
+ memset(&sin, 0, sizeof sin);
+ sin.sin_len = sizeof sin;
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = INADDR_ANY;
+ sin.sin_port = htons(0);
+ if (bind(h->fd, (const struct sockaddr *)&sin,
+ sizeof sin) == -1) {
+ generr(h, "bind: %s", strerror(errno));
+ close(h->fd);
+ h->fd = -1;
+ return -1;
+ }
+ }
+
+ /* Make sure the user gave us a password */
+ if (h->pass_pos == 0 && !h->chap_pass) {
+ generr(h, "No User or Chap Password attributes given");
+ return -1;
+ }
+ if (h->pass_pos != 0 && h->chap_pass) {
+ generr(h, "Both User and Chap Password attributes given");
+ return -1;
+ }
+
+ /* Fill in the length field in the message */
+ h->request[POS_LENGTH] = h->req_len >> 8;
+ h->request[POS_LENGTH+1] = h->req_len;
+
+ /*
+ * Count the total number of tries we will make, and zero the
+ * counter for each server.
+ */
+ h->total_tries = 0;
+ for (srv = 0; srv < h->num_servers; srv++) {
+ h->total_tries += h->servers[srv].max_tries;
+ h->servers[srv].num_tries = 0;
+ }
+ if (h->total_tries == 0) {
+ generr(h, "No RADIUS servers specified");
+ return -1;
+ }
+
+ h->try = h->srv = 0;
+
+ return rad_continue_send_request(h, 0, fd, tv);
+}
+
+/*
+ * Create and initialize a rad_handle structure, and return it to the
+ * caller. Can fail only if the necessary memory cannot be allocated.
+ * In that case, it returns NULL.
+ */
+struct rad_handle *
+rad_open(void)
+{
+ struct rad_handle *h;
+
+ h = (struct rad_handle *)malloc(sizeof(struct rad_handle));
+ if (h != NULL) {
+ randinit();
+ h->fd = -1;
+ h->num_servers = 0;
+ h->ident = random();
+ h->errmsg[0] = '\0';
+ memset(h->pass, 0, sizeof h->pass);
+ h->pass_len = 0;
+ h->pass_pos = 0;
+ h->chap_pass = 0;
+ }
+ return h;
+}
+
+int
+rad_put_addr(struct rad_handle *h, int type, struct in_addr addr)
+{
+ return rad_put_attr(h, type, &addr.s_addr, sizeof addr.s_addr);
+}
+
+int
+rad_put_attr(struct rad_handle *h, int type, const void *value, size_t len)
+{
+ int result;
+
+ if (type == RAD_USER_PASSWORD)
+ result = put_password_attr(h, type, value, len);
+ else {
+ result = put_raw_attr(h, type, value, len);
+ if (result == 0 && type == RAD_CHAP_PASSWORD)
+ h->chap_pass = 1;
+ }
+
+ return result;
+}
+
+int
+rad_put_int(struct rad_handle *h, int type, u_int32_t value)
+{
+ u_int32_t nvalue;
+
+ nvalue = htonl(value);
+ return rad_put_attr(h, type, &nvalue, sizeof nvalue);
+}
+
+int
+rad_put_string(struct rad_handle *h, int type, const char *str)
+{
+ return rad_put_attr(h, type, str, strlen(str));
+}
+
+/*
+ * Returns the response type code on success, or -1 on failure.
+ */
+int
+rad_send_request(struct rad_handle *h)
+{
+ struct timeval timelimit;
+ struct timeval tv;
+ int fd;
+ int n;
+
+ n = rad_init_send_request(h, &fd, &tv);
+
+ if (n != 0)
+ return n;
+
+ gettimeofday(&timelimit, NULL);
+ timeradd(&tv, &timelimit, &timelimit);
+
+ for ( ; ; ) {
+ fd_set readfds;
+
+ FD_ZERO(&readfds);
+ FD_SET(fd, &readfds);
+
+ n = select(fd + 1, &readfds, NULL, NULL, &tv);
+
+ if (n == -1) {
+ generr(h, "select: %s", strerror(errno));
+ return -1;
+ }
+
+ if (!FD_ISSET(fd, &readfds)) {
+ /* Compute a new timeout */
+ gettimeofday(&tv, NULL);
+ timersub(&timelimit, &tv, &tv);
+ if (tv.tv_sec > 0 || (tv.tv_sec == 0 && tv.tv_usec > 0))
+ /* Continue the select */
+ continue;
+ }
+
+ n = rad_continue_send_request(h, n, &fd, &tv);
+
+ if (n != 0)
+ return n;
+
+ gettimeofday(&timelimit, NULL);
+ timeradd(&tv, &timelimit, &timelimit);
+ }
+}
+
+const char *
+rad_strerror(struct rad_handle *h)
+{
+ return h->errmsg;
+}
+
+/*
+ * Destructively split a string into fields separated by white space.
+ * `#' at the beginning of a field begins a comment that extends to the
+ * end of the string. Fields may be quoted with `"'. Inside quoted
+ * strings, the backslash escapes `\"' and `\\' are honored.
+ *
+ * Pointers to up to the first maxfields fields are stored in the fields
+ * array. Missing fields get NULL pointers.
+ *
+ * The return value is the actual number of fields parsed, and is always
+ * <= maxfields.
+ *
+ * On a syntax error, places a message in the msg string, and returns -1.
+ */
+static int
+split(char *str, char *fields[], int maxfields, char *msg, size_t msglen)
+{
+ char *p;
+ int i;
+ static const char ws[] = " \t";
+
+ for (i = 0; i < maxfields; i++)
+ fields[i] = NULL;
+ p = str;
+ i = 0;
+ while (*p != '\0') {
+ p += strspn(p, ws);
+ if (*p == '#' || *p == '\0')
+ break;
+ if (i >= maxfields) {
+ snprintf(msg, msglen, "line has too many fields");
+ return -1;
+ }
+ if (*p == '"') {
+ char *dst;
+
+ dst = ++p;
+ fields[i] = dst;
+ while (*p != '"') {
+ if (*p == '\\') {
+ p++;
+ if (*p != '"' && *p != '\\' &&
+ *p != '\0') {
+ snprintf(msg, msglen,
+ "invalid `\\' escape");
+ return -1;
+ }
+ }
+ if (*p == '\0') {
+ snprintf(msg, msglen,
+ "unterminated quoted string");
+ return -1;
+ }
+ *dst++ = *p++;
+ }
+ *dst = '\0';
+ p++;
+ if (*fields[i] == '\0') {
+ snprintf(msg, msglen,
+ "empty quoted string not permitted");
+ return -1;
+ }
+ if (*p != '\0' && strspn(p, ws) == 0) {
+ snprintf(msg, msglen, "quoted string not"
+ " followed by white space");
+ return -1;
+ }
+ } else {
+ fields[i] = p;
+ p += strcspn(p, ws);
+ if (*p != '\0')
+ *p++ = '\0';
+ }
+ i++;
+ }
+ return i;
+}
diff --git a/usr.sbin/ppp/ppp/radlib.h b/usr.sbin/ppp/ppp/radlib.h
new file mode 100644
index 00000000000..fd36e1a3644
--- /dev/null
+++ b/usr.sbin/ppp/ppp/radlib.h
@@ -0,0 +1,130 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $OpenBSD: radlib.h,v 1.1 1999/02/06 03:22:45 brian Exp $
+ */
+
+#ifndef _RADLIB_H_
+#define _RADLIB_H_
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+/* Message types */
+#define RAD_ACCESS_REQUEST 1
+#define RAD_ACCESS_ACCEPT 2
+#define RAD_ACCESS_REJECT 3
+#define RAD_ACCESS_CHALLENGE 11
+
+/* Attribute types and values */
+#define RAD_USER_NAME 1 /* String */
+#define RAD_USER_PASSWORD 2 /* String */
+#define RAD_CHAP_PASSWORD 3 /* String */
+#define RAD_NAS_IP_ADDRESS 4 /* IP address */
+#define RAD_NAS_PORT 5 /* Integer */
+#define RAD_SERVICE_TYPE 6 /* Integer */
+ #define RAD_LOGIN 1
+ #define RAD_FRAMED 2
+ #define RAD_CALLBACK_LOGIN 3
+ #define RAD_CALLBACK_FRAMED 4
+ #define RAD_OUTBOUND 5
+ #define RAD_ADMINISTRATIVE 6
+ #define RAD_NAS_PROMPT 7
+ #define RAD_AUTHENTICATE_ONLY 8
+ #define RAD_CALLBACK_NAS_PROMPT 9
+#define RAD_FRAMED_PROTOCOL 7 /* Integer */
+ #define RAD_PPP 1
+ #define RAD_SLIP 2
+ #define RAD_ARAP 3 /* Appletalk */
+ #define RAD_GANDALF 4
+ #define RAD_XYLOGICS 5
+#define RAD_FRAMED_IP_ADDRESS 8 /* IP address */
+#define RAD_FRAMED_IP_NETMASK 9 /* IP address */
+#define RAD_FRAMED_ROUTING 10 /* Integer */
+#define RAD_FILTER_ID 11 /* String */
+#define RAD_FRAMED_MTU 12 /* Integer */
+#define RAD_FRAMED_COMPRESSION 13 /* Integer */
+#define RAD_LOGIN_IP_HOST 14 /* IP address */
+#define RAD_LOGIN_SERVICE 15 /* Integer */
+#define RAD_LOGIN_TCP_PORT 16 /* Integer */
+ /* unassiged 17 */
+#define RAD_REPLY_MESSAGE 18 /* String */
+#define RAD_CALLBACK_NUMBER 19 /* String */
+#define RAD_CALLBACK_ID 20 /* String */
+ /* unassiged 21 */
+#define RAD_FRAMED_ROUTE 22 /* String */
+#define RAD_FRAMED_IPX_NETWORK 23 /* IP address */
+#define RAD_STATE 24 /* String */
+#define RAD_CLASS 25 /* Integer */
+#define RAD_VENDOR_SPECIFIC 26 /* Integer */
+#define RAD_SESSION_TIMEOUT 27 /* Integer */
+#define RAD_IDLE_TIMEOUT 28 /* Integer */
+#define RAD_TERMINATION_ACTION 29 /* Integer */
+#define RAD_CALLED_STATION_ID 30 /* String */
+#define RAD_CALLING_STATION_ID 31 /* String */
+#define RAD_NAS_IDENTIFIER 32 /* Integer */
+#define RAD_PROXY_STATE 33 /* Integer */
+#define RAD_LOGIN_LAT_SERVICE 34 /* Integer */
+#define RAD_LOGIN_LAT_NODE 35 /* Integer */
+#define RAD_LOGIN_LAT_GROUP 36 /* Integer */
+#define RAD_FRAMED_APPLETALK_LINK 37 /* Integer */
+#define RAD_FRAMED_APPLETALK_NETWORK 38 /* Integer */
+#define RAD_FRAMED_APPLETALK_ZONE 39 /* Integer */
+ /* reserved for accounting 40-59 */
+#define RAD_CHAP_CHALLENGE 60 /* String */
+#define RAD_NAS_PORT_TYPE 61 /* Integer */
+#define RAD_PORT_LIMIT 62 /* Integer */
+#define RAD_LOGIN_LAT_PORT 63 /* Integer */
+
+struct rad_handle;
+struct timeval;
+
+__BEGIN_DECLS
+int rad_add_server(struct rad_handle *,
+ const char *, int, const char *, int, int);
+void rad_close(struct rad_handle *);
+int rad_config(struct rad_handle *, const char *);
+int rad_continue_send_request(struct rad_handle *, int,
+ int *, struct timeval *);
+int rad_create_request(struct rad_handle *, int);
+struct in_addr rad_cvt_addr(const void *);
+u_int32_t rad_cvt_int(const void *);
+char *rad_cvt_string(const void *, size_t);
+int rad_get_attr(struct rad_handle *, const void **,
+ size_t *);
+int rad_init_send_request(struct rad_handle *, int *,
+ struct timeval *);
+struct rad_handle *rad_open(void);
+int rad_put_addr(struct rad_handle *, int, struct in_addr);
+int rad_put_attr(struct rad_handle *, int,
+ const void *, size_t);
+int rad_put_int(struct rad_handle *, int, u_int32_t);
+int rad_put_string(struct rad_handle *, int,
+ const char *);
+int rad_send_request(struct rad_handle *);
+const char *rad_strerror(struct rad_handle *);
+__END_DECLS
+
+#endif /* _RADLIB_H_ */
diff --git a/usr.sbin/ppp/ppp/radlib_private.h b/usr.sbin/ppp/ppp/radlib_private.h
new file mode 100644
index 00000000000..4ccb6e443dc
--- /dev/null
+++ b/usr.sbin/ppp/ppp/radlib_private.h
@@ -0,0 +1,86 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $OpenBSD: radlib_private.h,v 1.1 1999/02/06 03:22:45 brian Exp $
+ */
+
+#ifndef RADLIB_PRIVATE_H
+#define RADLIB_PRIVATE_H
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+#include "radlib.h"
+
+/* Defaults */
+#define MAXTRIES 3
+#define PATH_RADIUS_CONF "/etc/radius.conf"
+#define RADIUS_PORT 1812
+#define TIMEOUT 3 /* In seconds */
+
+/* Limits */
+#define ERRSIZE 128 /* Maximum error message length */
+#define MAXCONFLINE 1024 /* Maximum config file line length */
+#define MAXSERVERS 10 /* Maximum number of servers to try */
+#define MSGSIZE 4096 /* Maximum RADIUS message */
+#define PASSSIZE 128 /* Maximum significant password chars */
+
+/* Positions of fields in RADIUS messages */
+#define POS_CODE 0 /* Message code */
+#define POS_IDENT 1 /* Identifier */
+#define POS_LENGTH 2 /* Message length */
+#define POS_AUTH 4 /* Authenticator */
+#define LEN_AUTH 16 /* Length of authenticator */
+#define POS_ATTRS 20 /* Start of attributes */
+
+struct rad_server {
+ struct sockaddr_in addr; /* Address of server */
+ char *secret; /* Shared secret */
+ int timeout; /* Timeout in seconds */
+ int max_tries; /* Number of tries before giving up */
+ int num_tries; /* Number of tries so far */
+};
+
+struct rad_handle {
+ int fd; /* Socket file descriptor */
+ struct rad_server servers[MAXSERVERS]; /* Servers to contact */
+ int num_servers; /* Number of valid server entries */
+ int ident; /* Current identifier value */
+ char errmsg[ERRSIZE]; /* Most recent error message */
+ unsigned char request[MSGSIZE]; /* Request to send */
+ int req_len; /* Length of request */
+ char pass[PASSSIZE]; /* Cleartext password */
+ int pass_len; /* Length of cleartext password */
+ int pass_pos; /* Position of scrambled password */
+ char chap_pass; /* Have we got a CHAP_PASSWORD ? */
+ unsigned char response[MSGSIZE]; /* Response received */
+ int resp_len; /* Length of response */
+ int resp_pos; /* Current position scanning attrs */
+ int total_tries; /* How many requests we'll send */
+ int try; /* How many requests we've sent */
+ int srv; /* Server number we did last */
+};
+
+#endif
diff --git a/usr.sbin/ppp/ppp/route.c b/usr.sbin/ppp/ppp/route.c
index d5243f2adf3..4be0e1fd7f5 100644
--- a/usr.sbin/ppp/ppp/route.c
+++ b/usr.sbin/ppp/ppp/route.c
@@ -17,11 +17,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: route.c,v 1.2 1998/10/29 02:21:46 brian Exp $
+ * $Id: route.c,v 1.3 1999/02/06 03:22:46 brian Exp $
*
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/socket.h>
#include <net/if_types.h>
#include <net/route.h>
@@ -58,6 +58,9 @@
#include "filter.h"
#include "descriptor.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "route.h"
#include "prompt.h"
@@ -486,29 +489,29 @@ void
route_Add(struct sticky_route **rp, int type, struct in_addr dst,
struct in_addr mask, struct in_addr gw)
{
- if (type != ROUTE_STATIC) {
- struct sticky_route *r;
- int dsttype = type & ROUTE_DSTANY;
-
- r = NULL;
- while (*rp) {
- if ((dsttype && dsttype == ((*rp)->type & ROUTE_DSTANY)) ||
- (!dsttype && (*rp)->dst.s_addr == dst.s_addr)) {
- r = *rp;
- *rp = r->next;
- } else
- rp = &(*rp)->next;
- }
+ struct sticky_route *r;
+ int dsttype = type & ROUTE_DSTANY;
- if (!r)
- r = (struct sticky_route *)malloc(sizeof(struct sticky_route));
- r->type = type;
- r->next = NULL;
- r->dst = dst;
- r->mask = mask;
- r->gw = gw;
- *rp = r;
+ r = NULL;
+ while (*rp) {
+ if ((dsttype && dsttype == ((*rp)->type & ROUTE_DSTANY)) ||
+ (!dsttype && (*rp)->dst.s_addr == dst.s_addr)) {
+ /* Oops, we already have this route - unlink it */
+ free(r); /* impossible really */
+ r = *rp;
+ *rp = r->next;
+ } else
+ rp = &(*rp)->next;
}
+
+ if (!r)
+ r = (struct sticky_route *)malloc(sizeof(struct sticky_route));
+ r->type = type;
+ r->next = NULL;
+ r->dst = dst;
+ r->mask = mask;
+ r->gw = gw;
+ *rp = r;
}
void
@@ -541,15 +544,22 @@ route_DeleteAll(struct sticky_route **rp)
}
void
-route_ShowSticky(struct prompt *p, struct sticky_route *r)
+route_ShowSticky(struct prompt *p, struct sticky_route *r, const char *tag,
+ int indent)
{
int def;
+ int tlen = strlen(tag);
+
+ if (tlen + 2 > indent)
+ prompt_Printf(p, "%s:\n%*s", tag, indent, "");
+ else
+ prompt_Printf(p, "%s:%*s", tag, indent - tlen - 1, "");
- prompt_Printf(p, "Sticky routes:\n");
for (; r; r = r->next) {
def = r->dst.s_addr == INADDR_ANY && r->mask.s_addr == INADDR_ANY;
- prompt_Printf(p, " add ");
+ prompt_Printf(p, "%*sadd ", tlen ? 0 : indent, "");
+ tlen = 0;
if (r->type & ROUTE_DSTMYADDR)
prompt_Printf(p, "MYADDR");
else if (r->type & ROUTE_DSTHISADDR)
diff --git a/usr.sbin/ppp/ppp/route.h b/usr.sbin/ppp/ppp/route.h
index 7b230b6e106..8593b5c2d26 100644
--- a/usr.sbin/ppp/ppp/route.h
+++ b/usr.sbin/ppp/ppp/route.h
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: route.h,v 1.1 1998/08/31 00:22:27 brian Exp $
+ * $Id: route.h,v 1.2 1999/02/06 03:22:47 brian Exp $
*
*/
@@ -50,4 +50,5 @@ extern void route_Add(struct sticky_route **, int, struct in_addr,
extern void route_Delete(struct sticky_route **, int, struct in_addr);
extern void route_DeleteAll(struct sticky_route **);
extern void route_Clean(struct bundle *, struct sticky_route *);
-extern void route_ShowSticky(struct prompt *, struct sticky_route *);
+extern void route_ShowSticky(struct prompt *, struct sticky_route *,
+ const char *, int);
diff --git a/usr.sbin/ppp/ppp/server.c b/usr.sbin/ppp/ppp/server.c
index 317d858f0d7..8fca38eebdf 100644
--- a/usr.sbin/ppp/ppp/server.c
+++ b/usr.sbin/ppp/ppp/server.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: server.c,v 1.1 1998/08/31 00:22:27 brian Exp $
+ * $Id: server.c,v 1.2 1999/02/06 03:22:47 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/server.h b/usr.sbin/ppp/ppp/server.h
index a1a8eb15c91..a9c34f86d30 100644
--- a/usr.sbin/ppp/ppp/server.h
+++ b/usr.sbin/ppp/ppp/server.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: server.h,v 1.1 1998/08/31 00:22:28 brian Exp $
+ * $Id: server.h,v 1.2 1999/02/06 03:22:47 brian Exp $
*/
struct bundle;
diff --git a/usr.sbin/ppp/ppp/sig.c b/usr.sbin/ppp/ppp/sig.c
index 40c4f8733b9..86f1e00e972 100644
--- a/usr.sbin/ppp/ppp/sig.c
+++ b/usr.sbin/ppp/ppp/sig.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: sig.c,v 1.1 1998/08/31 00:22:28 brian Exp $
+ * $Id: sig.c,v 1.2 1999/02/06 03:22:47 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/sig.h b/usr.sbin/ppp/ppp/sig.h
index 6db3c6133b7..70bdde0103b 100644
--- a/usr.sbin/ppp/ppp/sig.h
+++ b/usr.sbin/ppp/ppp/sig.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: sig.h,v 1.1 1998/08/31 00:22:28 brian Exp $
+ * $Id: sig.h,v 1.2 1999/02/06 03:22:47 brian Exp $
*/
typedef void (*sig_type)(int);
diff --git a/usr.sbin/ppp/ppp/slcompress.c b/usr.sbin/ppp/ppp/slcompress.c
index 37b585f7590..6420829af2e 100644
--- a/usr.sbin/ppp/ppp/slcompress.c
+++ b/usr.sbin/ppp/ppp/slcompress.c
@@ -17,13 +17,13 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: slcompress.c,v 1.1 1998/08/31 00:22:28 brian Exp $
+ * $Id: slcompress.c,v 1.2 1999/02/06 03:22:47 brian Exp $
*
* Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
* - Initial distribution.
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
@@ -53,6 +53,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
void
diff --git a/usr.sbin/ppp/ppp/slcompress.h b/usr.sbin/ppp/ppp/slcompress.h
index 06479d90563..2fa2ebb7971 100644
--- a/usr.sbin/ppp/ppp/slcompress.h
+++ b/usr.sbin/ppp/ppp/slcompress.h
@@ -16,7 +16,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: slcompress.h,v 1.1 1998/08/31 00:22:28 brian Exp $
+ * $Id: slcompress.h,v 1.2 1999/02/06 03:22:48 brian Exp $
*
* Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
* - Initial distribution.
diff --git a/usr.sbin/ppp/ppp/systems.c b/usr.sbin/ppp/ppp/systems.c
index f64740e2d64..8f19f339063 100644
--- a/usr.sbin/ppp/ppp/systems.c
+++ b/usr.sbin/ppp/ppp/systems.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: systems.c,v 1.4 1999/02/02 09:50:14 brian Exp $
+ * $Id: systems.c,v 1.5 1999/02/06 03:22:48 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/systems.h b/usr.sbin/ppp/ppp/systems.h
index 24651e22021..46cb34d60d3 100644
--- a/usr.sbin/ppp/ppp/systems.h
+++ b/usr.sbin/ppp/ppp/systems.h
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: systems.h,v 1.2 1998/10/31 17:38:51 brian Exp $
+ * $Id: systems.h,v 1.3 1999/02/06 03:22:48 brian Exp $
*
*/
diff --git a/usr.sbin/ppp/ppp/throughput.c b/usr.sbin/ppp/ppp/throughput.c
index 90d27eb34d0..8e20e7b7fb2 100644
--- a/usr.sbin/ppp/ppp/throughput.c
+++ b/usr.sbin/ppp/ppp/throughput.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: throughput.c,v 1.1 1998/08/31 00:22:29 brian Exp $
+ * $Id: throughput.c,v 1.2 1999/02/06 03:22:49 brian Exp $
*/
#include <sys/types.h>
diff --git a/usr.sbin/ppp/ppp/throughput.h b/usr.sbin/ppp/ppp/throughput.h
index e33954e445a..a6e5865ec50 100644
--- a/usr.sbin/ppp/ppp/throughput.h
+++ b/usr.sbin/ppp/ppp/throughput.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: throughput.h,v 1.1 1998/08/31 00:22:29 brian Exp $
+ * $Id: throughput.h,v 1.2 1999/02/06 03:22:49 brian Exp $
*/
#define SAMPLE_PERIOD 5
diff --git a/usr.sbin/ppp/ppp/timer.c b/usr.sbin/ppp/ppp/timer.c
index 371cf58b2c2..1ff1fc8a8d0 100644
--- a/usr.sbin/ppp/ppp/timer.c
+++ b/usr.sbin/ppp/ppp/timer.c
@@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: timer.c,v 1.2 1999/02/04 11:54:48 brian Exp $
+ * $Id: timer.c,v 1.3 1999/02/06 03:22:49 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/timer.h b/usr.sbin/ppp/ppp/timer.h
index 9de9a00f1bc..fa9c5e1e7a6 100644
--- a/usr.sbin/ppp/ppp/timer.h
+++ b/usr.sbin/ppp/ppp/timer.h
@@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: timer.h,v 1.2 1999/02/04 11:54:49 brian Exp $
+ * $Id: timer.h,v 1.3 1999/02/06 03:22:49 brian Exp $
*
* TODO:
*/
diff --git a/usr.sbin/ppp/ppp/tun.c b/usr.sbin/ppp/ppp/tun.c
index 353cb0043e3..326b8507d57 100644
--- a/usr.sbin/ppp/ppp/tun.c
+++ b/usr.sbin/ppp/ppp/tun.c
@@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: tun.c,v 1.2 1998/10/29 02:21:46 brian Exp $
+ * $Id: tun.c,v 1.3 1999/02/06 03:22:49 brian Exp $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/socket.h> /* For IFF_ defines */
#include <net/if.h> /* For IFF_ defines */
#include <netinet/in.h>
@@ -57,6 +57,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "tun.h"
@@ -67,7 +70,15 @@ tun_configure(struct bundle *bundle, int mtu)
memset(&info, '\0', sizeof info);
info.type = IFT_PPP;
- info.mtu = mtu;
+#ifndef NORADIUS
+ if (bundle->radius.valid && bundle->radius.mtu && bundle->radius.mtu < mtu) {
+ log_Printf(LogLCP, "Reducing MTU to radius value %lu\n",
+ bundle->radius.mtu);
+ info.mtu = bundle->radius.mtu;
+ } else
+#endif
+ info.mtu = mtu;
+
info.baudrate = bundle->ifSpeed;
#ifdef __OpenBSD__
info.flags = IFF_UP|IFF_POINTOPOINT;
diff --git a/usr.sbin/ppp/ppp/tun.h b/usr.sbin/ppp/ppp/tun.h
index 705a8b731b6..fbf78b4072c 100644
--- a/usr.sbin/ppp/ppp/tun.h
+++ b/usr.sbin/ppp/ppp/tun.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: tun.h,v 1.1 1998/08/31 00:22:30 brian Exp $
+ * $Id: tun.h,v 1.2 1999/02/06 03:22:49 brian Exp $
*/
struct tun_data {
diff --git a/usr.sbin/ppp/ppp/ua.h b/usr.sbin/ppp/ppp/ua.h
index a4c16fc1e63..aa11802d5ce 100644
--- a/usr.sbin/ppp/ppp/ua.h
+++ b/usr.sbin/ppp/ppp/ua.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: ua.h,v 1.2 1998/09/15 17:21:58 brian Exp $
+ * $Id: ua.h,v 1.3 1999/02/06 03:22:49 brian Exp $
*/
#ifdef __i386__ /* Do any other archs not care about alignment ? */
diff --git a/usr.sbin/ppp/ppp/vjcomp.c b/usr.sbin/ppp/ppp/vjcomp.c
index d2e2e1fdfeb..b93a08b3b8d 100644
--- a/usr.sbin/ppp/ppp/vjcomp.c
+++ b/usr.sbin/ppp/ppp/vjcomp.c
@@ -17,18 +17,17 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: vjcomp.c,v 1.1 1998/08/31 00:22:30 brian Exp $
+ * $Id: vjcomp.c,v 1.2 1999/02/06 03:22:49 brian Exp $
*
* TODO:
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <sys/un.h>
#include <stdio.h>
-#include <string.h>
#include "mbuf.h"
#include "log.h"
@@ -48,6 +47,9 @@
#include "filter.h"
#include "descriptor.h"
#include "mp.h"
+#ifndef NORADIUS
+#include "radius.h"
+#endif
#include "bundle.h"
#include "vjcomp.h"
diff --git a/usr.sbin/ppp/ppp/vjcomp.h b/usr.sbin/ppp/ppp/vjcomp.h
index 734ebc011f7..a228d258178 100644
--- a/usr.sbin/ppp/ppp/vjcomp.h
+++ b/usr.sbin/ppp/ppp/vjcomp.h
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: vjcomp.h,v 1.1 1998/08/31 00:22:30 brian Exp $
+ * $Id: vjcomp.h,v 1.2 1999/02/06 03:22:49 brian Exp $
*/
struct mbuf;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 02:29:01 +0000