diff options
Diffstat (limited to 'usr.sbin')
98 files changed, 2541 insertions, 596 deletions
diff --git a/usr.sbin/ppp/ppp/Makefile b/usr.sbin/ppp/ppp/Makefile index dee84377e8d..042db528042 100644 --- a/usr.sbin/ppp/ppp/Makefile +++ b/usr.sbin/ppp/ppp/Makefile @@ -1,13 +1,14 @@ -# $Id: Makefile,v 1.5 1998/10/29 02:21:44 brian Exp $ +# $Id: Makefile,v 1.6 1999/02/06 03:22:30 brian Exp $ PROG= ppp -SRCS= arp.c async.c auth.c bundle.c cbcp.c ccp.c chap.c chap_ms.c chat.c \ - command.c datalink.c deflate.c defs.c filter.c fsm.c hdlc.c id.c \ - iface.c ip.c ipcp.c iplist.c lcp.c link.c log.c lqr.c main.c mbuf.c \ - modem.c mp.c pap.c physical.c pred.c probe.c prompt.c route.c \ - server.c sig.c slcompress.c systems.c throughput.c timer.c tun.c \ - vjcomp.c -CFLAGS+=-Wall -DHAVE_DES +SRCS= alias.c alias_cmd.c alias_cuseeme.c alias_db.c alias_ftp.c \ + alias_irc.c alias_nbt.c alias_util.c arp.c async.c auth.c bundle.c \ + cbcp.c ccp.c chap.c chap_ms.c chat.c command.c datalink.c deflate.c \ + defs.c filter.c fsm.c hdlc.c id.c iface.c ip.c ipcp.c iplist.c lcp.c \ + link.c log.c lqr.c main.c mbuf.c modem.c mp.c pap.c physical.c pred.c \ + probe.c prompt.c radius.c radlib.c route.c server.c sig.c slcompress.c \ + systems.c throughput.c timer.c tun.c vjcomp.c +CFLAGS+=-Wall -DHAVE_DES -DNO_FW_PUNCH LDADD+= -ldes -lutil -lz DPADD+= ${LIBDES} ${LIBUTIL} ${LIBZ} BINMODE=4554 @@ -15,12 +16,5 @@ BINOWN= root BINGRP= network MAN= ppp.8 -.if defined(NOALIAS) -CFLAGS+=-DNOALIAS -.else -CFLAGS+=-DNO_FW_PUNCH -SRCS+= alias.c alias_cmd.c alias_cuseeme.c alias_db.c alias_ftp.c \ - alias_irc.c alias_nbt.c alias_util.c -.endif .include <bsd.prog.mk> diff --git a/usr.sbin/ppp/ppp/alias_cmd.c b/usr.sbin/ppp/ppp/alias_cmd.c index 335b7465a4e..7acb2cd1d7d 100644 --- a/usr.sbin/ppp/ppp/alias_cmd.c +++ b/usr.sbin/ppp/ppp/alias_cmd.c @@ -2,10 +2,10 @@ * The code in this file was written by Eivind Eklund <perhaps@yes.no>, * who places it in the public domain without restriction. * - * $Id: alias_cmd.c,v 1.2 1998/08/31 08:16:27 brian Exp $ + * $Id: alias_cmd.c,v 1.3 1999/02/06 03:22:30 brian Exp $ */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> @@ -44,6 +44,9 @@ #include "link.h" #include "mp.h" #include "filter.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" diff --git a/usr.sbin/ppp/ppp/alias_cmd.h b/usr.sbin/ppp/ppp/alias_cmd.h index ff5476659b4..1f38ff55893 100644 --- a/usr.sbin/ppp/ppp/alias_cmd.h +++ b/usr.sbin/ppp/ppp/alias_cmd.h @@ -2,7 +2,7 @@ * The code in this file was written by Eivind Eklund <perhaps@yes.no>, * who places it in the public domain without restriction. * - * $Id: alias_cmd.h,v 1.1 1998/08/31 00:22:15 brian Exp $ + * $Id: alias_cmd.h,v 1.2 1999/02/06 03:22:30 brian Exp $ */ struct cmdargs; diff --git a/usr.sbin/ppp/ppp/arp.c b/usr.sbin/ppp/ppp/arp.c index 19cd1fcbbe7..04f6be66e25 100644 --- a/usr.sbin/ppp/ppp/arp.c +++ b/usr.sbin/ppp/ppp/arp.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: arp.c,v 1.2 1998/10/29 02:21:44 brian Exp $ + * $Id: arp.c,v 1.3 1999/02/06 03:22:30 brian Exp $ * */ @@ -25,7 +25,7 @@ * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/socket.h> #include <net/if.h> #include <net/route.h> @@ -62,6 +62,9 @@ #include "ccp.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "arp.h" diff --git a/usr.sbin/ppp/ppp/arp.h b/usr.sbin/ppp/ppp/arp.h index a37821924eb..39d9d5b97f4 100644 --- a/usr.sbin/ppp/ppp/arp.h +++ b/usr.sbin/ppp/ppp/arp.h @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: arp.h,v 1.1 1998/08/31 00:22:15 brian Exp $ + * $Id: arp.h,v 1.2 1999/02/06 03:22:31 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/async.c b/usr.sbin/ppp/ppp/async.c index a4502ca1b5d..67447402a79 100644 --- a/usr.sbin/ppp/ppp/async.c +++ b/usr.sbin/ppp/ppp/async.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: async.c,v 1.1 1998/08/31 00:22:15 brian Exp $ + * $Id: async.c,v 1.2 1999/02/06 03:22:31 brian Exp $ * */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/async.h b/usr.sbin/ppp/ppp/async.h index ccac7fe481c..d2e8888cc21 100644 --- a/usr.sbin/ppp/ppp/async.h +++ b/usr.sbin/ppp/ppp/async.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: async.h,v 1.1 1998/08/31 00:22:16 brian Exp $ + * $Id: async.h,v 1.2 1999/02/06 03:22:31 brian Exp $ */ #define HDLCSIZE (MAX_MRU*2+6) diff --git a/usr.sbin/ppp/ppp/auth.c b/usr.sbin/ppp/ppp/auth.c index 88b2d7a477d..170f41c46ac 100644 --- a/usr.sbin/ppp/ppp/auth.c +++ b/usr.sbin/ppp/ppp/auth.c @@ -17,12 +17,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: auth.c,v 1.4 1999/02/02 09:49:57 brian Exp $ + * $Id: auth.c,v 1.5 1999/02/06 03:22:31 brian Exp $ * * TODO: * o Implement check against with registered IP addresses. */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -55,6 +55,9 @@ #include "lcpproto.h" #include "filter.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "cbcp.h" #include "chap.h" #include "async.h" @@ -112,12 +115,12 @@ auth_SetPhoneList(const char *name, char *phone, int phonelen) if (n < 5) continue; if (strcmp(vector[0], name) == 0) { - CloseSecret(fp); - if (*vector[4] == '\0') + CloseSecret(fp); + if (*vector[4] == '\0') return 0; strncpy(phone, vector[4], phonelen - 1); phone[phonelen - 1] = '\0'; - return 1; /* Valid */ + return 1; /* Valid */ } } CloseSecret(fp); @@ -135,10 +138,20 @@ auth_Select(struct bundle *bundle, const char *name) char buff[LINE_LEN]; if (*name == '\0') { - ipcp_Setup(&bundle->ncp.ipcp); + ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); return 1; } +#ifndef NORADIUS + if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) { + /* We've got a radius IP - it overrides everything */ + if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip)) + return 0; + ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr); + /* Continue with ppp.secret in case we've got a new label */ + } +#endif + fp = OpenSecret(SECRETFILE); if (fp != NULL) { while (fgets(buff, sizeof buff, fp)) { @@ -150,14 +163,20 @@ auth_Select(struct bundle *bundle, const char *name) if (n < 2) continue; if (strcmp(vector[0], name) == 0) { - CloseSecret(fp); - if (n > 2 && *vector[2] && strcmp(vector[2], "*") && - !ipcp_UseHisaddr(bundle, vector[2], 1)) - return 0; - ipcp_Setup(&bundle->ncp.ipcp); - if (n > 3 && *vector[3] && strcmp(vector[3], "*")) - bundle_SetLabel(bundle, vector[3]); - return 1; /* Valid */ + CloseSecret(fp); +#ifndef NORADIUS + if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) { +#endif + if (n > 2 && *vector[2] && strcmp(vector[2], "*") && + !ipcp_UseHisaddr(bundle, vector[2], 1)) + return 0; + ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); +#ifndef NORADIUS + } +#endif + if (n > 3 && *vector[3] && strcmp(vector[3], "*")) + bundle_SetLabel(bundle, vector[3]); + return 1; /* Valid */ } } CloseSecret(fp); @@ -165,16 +184,21 @@ auth_Select(struct bundle *bundle, const char *name) #ifndef NOPASSWDAUTH /* Let 'em in anyway - they must have been in the passwd file */ - ipcp_Setup(&bundle->ncp.ipcp); + ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); return 1; #else - /* Disappeared from ppp.secret ? */ +#ifndef NORADIUS + if (bundle->radius.valid) + return 1; +#endif + + /* Disappeared from ppp.secret ??? */ return 0; #endif } int -auth_Validate(struct bundle *bundle, const char *system, +auth_Validate(struct bundle *bundle, const char *name, const char *key, struct physical *physical) { /* Used by PAP routines */ @@ -194,9 +218,9 @@ auth_Validate(struct bundle *bundle, const char *system, n = MakeArgs(buff, vector, VECSIZE(vector)); if (n < 2) continue; - if (strcmp(vector[0], system) == 0) { - CloseSecret(fp); - return auth_CheckPasswd(vector[0], vector[1], key); + if (strcmp(vector[0], name) == 0) { + CloseSecret(fp); + return auth_CheckPasswd(name, vector[1], key); } } CloseSecret(fp); @@ -204,14 +228,14 @@ auth_Validate(struct bundle *bundle, const char *system, #ifndef NOPASSWDAUTH if (Enabled(bundle, OPT_PASSWDAUTH)) - return auth_CheckPasswd(system, "*", key); + return auth_CheckPasswd(name, "*", key); #endif return 0; /* Invalid */ } char * -auth_GetSecret(struct bundle *bundle, const char *system, int len, +auth_GetSecret(struct bundle *bundle, const char *name, int len, struct physical *physical) { /* Used by CHAP routines */ @@ -233,7 +257,7 @@ auth_GetSecret(struct bundle *bundle, const char *system, int len, n = MakeArgs(buff, vector, VECSIZE(vector)); if (n < 2) continue; - if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) { + if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) { CloseSecret(fp); return vector[1]; } @@ -249,8 +273,9 @@ AuthTimeout(void *vauthp) timer_Stop(&authp->authtimer); if (--authp->retry > 0) { + authp->id++; + (*authp->fn.req)(authp); timer_Start(&authp->authtimer); - (*authp->ChallengeFunc)(authp, ++authp->id, authp->physical); } else { log_Printf(LogPHASE, "Auth: No response from server\n"); datalink_AuthNotOk(authp->physical->dl); @@ -258,26 +283,28 @@ AuthTimeout(void *vauthp) } void -auth_Init(struct authinfo *authinfo) +auth_Init(struct authinfo *authp, struct physical *p, auth_func req, + auth_func success, auth_func failure) { - memset(authinfo, '\0', sizeof(struct authinfo)); - authinfo->cfg.fsmretry = DEF_FSMRETRY; + memset(authp, '\0', sizeof(struct authinfo)); + authp->cfg.fsmretry = DEF_FSMRETRY; + authp->fn.req = req; + authp->fn.success = success; + authp->fn.failure = failure; + authp->physical = p; } void -auth_StartChallenge(struct authinfo *authp, struct physical *physical, - void (*chal)(struct authinfo *, int, struct physical *)) +auth_StartReq(struct authinfo *authp) { - authp->ChallengeFunc = chal; - authp->physical = physical; timer_Stop(&authp->authtimer); authp->authtimer.func = AuthTimeout; authp->authtimer.name = "auth"; authp->authtimer.load = authp->cfg.fsmretry * SECTICKS; - authp->authtimer.arg = (void *) authp; + authp->authtimer.arg = (void *)authp; authp->retry = 3; authp->id = 1; - (*authp->ChallengeFunc)(authp, authp->id, physical); + (*authp->fn.req)(authp); timer_Start(&authp->authtimer); } @@ -285,5 +312,42 @@ void auth_StopTimer(struct authinfo *authp) { timer_Stop(&authp->authtimer); - authp->physical = NULL; +} + +struct mbuf * +auth_ReadHeader(struct authinfo *authp, struct mbuf *bp) +{ + int len; + + len = mbuf_Length(bp); + if (len >= sizeof authp->in.hdr) { + bp = mbuf_Read(bp, (u_char *)&authp->in.hdr, sizeof authp->in.hdr); + if (len >= ntohs(authp->in.hdr.length)) + return bp; + } + + mbuf_Free(bp); + return NULL; +} + +struct mbuf * +auth_ReadName(struct authinfo *authp, struct mbuf *bp, int len) +{ + if (len > sizeof authp->in.name - 1) + log_Printf(LogERROR, "auth_ReadName: Name too long (%d) !\n", len); + else { + int mlen = mbuf_Length(bp); + + if (len > mlen) + log_Printf(LogERROR, "auth_ReadName: Short packet !\n"); + else { + bp = mbuf_Read(bp, (u_char *)authp->in.name, len); + authp->in.name[len] = '\0'; + return bp; + } + } + + *authp->in.name = '\0'; + mbuf_Free(bp); + return NULL; } diff --git a/usr.sbin/ppp/ppp/auth.h b/usr.sbin/ppp/ppp/auth.h index 37d06aa5ee3..16683709b9a 100644 --- a/usr.sbin/ppp/ppp/auth.h +++ b/usr.sbin/ppp/ppp/auth.h @@ -15,16 +15,26 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: auth.h,v 1.3 1999/02/02 09:49:57 brian Exp $ + * $Id: auth.h,v 1.4 1999/02/06 03:22:31 brian Exp $ * * TODO: */ struct physical; struct bundle; +struct authinfo; +typedef void (*auth_func)(struct authinfo *); struct authinfo { - void (*ChallengeFunc)(struct authinfo *, int, struct physical *); + struct { + auth_func req; + auth_func success; + auth_func failure; + } fn; + struct { + struct fsmheader hdr; + char name[AUTHLEN]; + } in; struct pppTimer authtimer; int retry; int id; @@ -34,16 +44,19 @@ struct authinfo { } cfg; }; -extern const char *Auth2Nam(u_short); +#define auth_Failure(a) (*a->fn.failure)(a); +#define auth_Success(a) (*a->fn.success)(a); -extern void auth_Init(struct authinfo *); +extern const char *Auth2Nam(u_short); +extern void auth_Init(struct authinfo *, struct physical *, + auth_func, auth_func, auth_func); extern void auth_StopTimer(struct authinfo *); -extern void auth_StartChallenge(struct authinfo *, struct physical *, - void (*)(struct authinfo *, int, - struct physical *)); +extern void auth_StartReq(struct authinfo *); extern int auth_Validate(struct bundle *, const char *, const char *, struct physical *); extern char *auth_GetSecret(struct bundle *, const char *, int, struct physical *); extern int auth_SetPhoneList(const char *, char *, int); extern int auth_Select(struct bundle *, const char *); +extern struct mbuf *auth_ReadHeader(struct authinfo *, struct mbuf *); +extern struct mbuf *auth_ReadName(struct authinfo *, struct mbuf *, int); diff --git a/usr.sbin/ppp/ppp/bundle.c b/usr.sbin/ppp/ppp/bundle.c index 398aacf17af..41ea14f1771 100644 --- a/usr.sbin/ppp/ppp/bundle.c +++ b/usr.sbin/ppp/ppp/bundle.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: bundle.c,v 1.7 1999/02/04 11:54:47 brian Exp $ + * $Id: bundle.c,v 1.8 1999/02/06 03:22:31 brian Exp $ */ #include <sys/param.h> @@ -32,7 +32,6 @@ #include <net/if.h> #include <arpa/inet.h> #include <net/route.h> -#include <net/if_dl.h> #include <netinet/in_systm.h> #include <netinet/ip.h> #include <sys/un.h> @@ -76,6 +75,9 @@ #include "ccp.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "async.h" #include "physical.h" @@ -134,7 +136,6 @@ bundle_NewPhase(struct bundle *bundle, u_int new) break; case PHASE_NETWORK: - ipcp_Setup(&bundle->ncp.ipcp); fsm_Up(&bundle->ncp.ipcp.fsm); fsm_Open(&bundle->ncp.ipcp.fsm); bundle->phase = new; @@ -556,6 +557,10 @@ bundle_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) } } +#ifndef NORADIUS + result += descriptor_UpdateSet(&bundle->radius.desc, r, w, e, n); +#endif + /* Which links need a select() ? */ for (dl = bundle->links; dl; dl = dl->next) result += descriptor_UpdateSet(&dl->desc, r, w, e, n); @@ -580,6 +585,11 @@ bundle_IsSet(struct descriptor *d, const fd_set *fdset) if (descriptor_IsSet(&dl->desc, fdset)) return 1; +#ifndef NORADIUS + if (descriptor_IsSet(&bundle->radius.desc, fdset)) + return 1; +#endif + if (descriptor_IsSet(&bundle->ncp.mp.server.desc, fdset)) return 1; @@ -599,6 +609,11 @@ bundle_DescriptorRead(struct descriptor *d, struct bundle *bundle, if (descriptor_IsSet(&dl->desc, fdset)) descriptor_Read(&dl->desc, bundle, fdset); +#ifndef NORADIUS + if (descriptor_IsSet(&bundle->radius.desc, fdset)) + descriptor_Read(&bundle->radius.desc, bundle, fdset); +#endif + if (FD_ISSET(bundle->dev.fd, fdset)) { struct tun_data tun; int n, pri; @@ -874,6 +889,9 @@ bundle_Create(const char *prefix, int type, const char **argv) bundle.autoload.done = 0; bundle.autoload.running = 0; memset(&bundle.choked.timer, '\0', sizeof bundle.choked.timer); +#ifndef NORADIUS + radius_Init(&bundle.radius); +#endif /* Clean out any leftover crud */ iface_Clear(bundle.iface, IFACE_CLEAR_ALL); @@ -933,6 +951,11 @@ bundle_Destroy(struct bundle *bundle) ipcp_CleanInterface(&bundle->ncp.ipcp); bundle_DownInterface(bundle); +#ifndef NORADIUS + /* Tell the radius server the bad news */ + radius_Destroy(&bundle->radius); +#endif + /* Again, these are all DATALINK_CLOSED unless we're abending */ dl = bundle->links; while (dl) @@ -1224,6 +1247,11 @@ bundle_ShowStatus(struct cmdargs const *arg) prompt_Printf(arg->prompt, " Choked Timer: %ds\n", arg->bundle->cfg.choked.timeout); + +#ifndef NORADIUS + radius_Show(&arg->bundle->radius, arg->prompt); +#endif + prompt_Printf(arg->prompt, " Idle Timer: "); if (arg->bundle->cfg.idle_timeout) { prompt_Printf(arg->prompt, "%ds", arg->bundle->cfg.idle_timeout); diff --git a/usr.sbin/ppp/ppp/bundle.h b/usr.sbin/ppp/ppp/bundle.h index 14ac040eb21..0590539b139 100644 --- a/usr.sbin/ppp/ppp/bundle.h +++ b/usr.sbin/ppp/ppp/bundle.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: bundle.h,v 1.3 1998/12/10 18:40:41 brian Exp $ + * $Id: bundle.h,v 1.4 1999/02/06 03:22:31 brian Exp $ */ #define PHASE_DEAD 0 /* Link is dead */ @@ -87,8 +87,8 @@ struct bundle { struct { int idle_timeout; /* NCP Idle timeout value */ struct { - char name[50]; /* PAP/CHAP system name */ - char key[50]; /* PAP/CHAP key */ + char name[AUTHLEN]; /* PAP/CHAP system name */ + char key[AUTHLEN]; /* PAP/CHAP key */ } auth; unsigned opt; /* Uses OPT_ bits from above */ char label[50]; /* last thing `load'ed */ @@ -102,7 +102,7 @@ struct bundle { } autoload; struct { - int timeout; /* How long to leave the output queue choked */ + int timeout; /* How long to leave the output queue choked */ } choked; } cfg; @@ -112,19 +112,19 @@ struct bundle { } ncp; struct { - struct filter in; /* incoming packet filter */ - struct filter out; /* outgoing packet filter */ - struct filter dial; /* dial-out packet filter */ - struct filter alive; /* keep-alive packet filter */ + struct filter in; /* incoming packet filter */ + struct filter out; /* outgoing packet filter */ + struct filter dial; /* dial-out packet filter */ + struct filter alive; /* keep-alive packet filter */ } filter; struct { - struct pppTimer timer; /* timeout after cfg.idle_timeout */ + struct pppTimer timer; /* timeout after cfg.idle_timeout */ time_t done; } idle; struct { - int fd; /* write status here */ + int fd; /* write status here */ } notify; struct { @@ -135,8 +135,12 @@ struct bundle { } autoload; struct { - struct pppTimer timer; /* choked output queue timer */ + struct pppTimer timer; /* choked output queue timer */ } choked; + +#ifndef NORADIUS + struct radius radius; /* Info retrieved from radius server */ +#endif }; #define descriptor2bundle(d) \ diff --git a/usr.sbin/ppp/ppp/cbcp.c b/usr.sbin/ppp/ppp/cbcp.c index a71312397c7..2b0ea11b732 100644 --- a/usr.sbin/ppp/ppp/cbcp.c +++ b/usr.sbin/ppp/ppp/cbcp.c @@ -23,10 +23,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: cbcp.c,v 1.4 1999/01/19 22:17:13 brian Exp $ + * $Id: cbcp.c,v 1.5 1999/02/06 03:22:31 brian Exp $ */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/un.h> diff --git a/usr.sbin/ppp/ppp/cbcp.h b/usr.sbin/ppp/ppp/cbcp.h index 16f25f4b0da..bc682c31560 100644 --- a/usr.sbin/ppp/ppp/cbcp.h +++ b/usr.sbin/ppp/ppp/cbcp.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: cbcp.h,v 1.1 1998/08/31 00:22:17 brian Exp $ + * $Id: cbcp.h,v 1.2 1999/02/06 03:22:32 brian Exp $ */ struct mbuf; diff --git a/usr.sbin/ppp/ppp/ccp.c b/usr.sbin/ppp/ppp/ccp.c index 0405ca3fb25..8edba14406b 100644 --- a/usr.sbin/ppp/ppp/ccp.c +++ b/usr.sbin/ppp/ppp/ccp.c @@ -17,12 +17,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ccp.c,v 1.1 1998/08/31 00:22:17 brian Exp $ + * $Id: ccp.c,v 1.2 1999/02/06 03:22:32 brian Exp $ * * TODO: * o Support other compression protocols */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -30,7 +30,6 @@ #include <stdio.h> #include <stdlib.h> -#include <string.h> #include <termios.h> #include "defs.h" @@ -57,6 +56,9 @@ #include "mp.h" #include "async.h" #include "physical.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" static void CcpSendConfigReq(struct fsm *); diff --git a/usr.sbin/ppp/ppp/ccp.h b/usr.sbin/ppp/ppp/ccp.h index 3ebefefc68d..425611fe811 100644 --- a/usr.sbin/ppp/ppp/ccp.h +++ b/usr.sbin/ppp/ppp/ccp.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ccp.h,v 1.1 1998/08/31 00:22:17 brian Exp $ + * $Id: ccp.h,v 1.2 1999/02/06 03:22:32 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/chap.c b/usr.sbin/ppp/ppp/chap.c index 996ef62f8ff..e01f8c39680 100644 --- a/usr.sbin/ppp/ppp/chap.c +++ b/usr.sbin/ppp/ppp/chap.c @@ -17,11 +17,11 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap.c,v 1.1 1998/08/31 00:22:17 brian Exp $ + * $Id: chap.c,v 1.2 1999/02/06 03:22:32 brian Exp $ * * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -29,10 +29,10 @@ #ifdef HAVE_DES #include <md4.h> +#include <string.h> #endif #include <md5.h> #include <stdlib.h> -#include <string.h> #include <termios.h> #include "mbuf.h" @@ -57,6 +57,9 @@ #include "link.h" #include "physical.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "chat.h" #include "cbcp.h" @@ -68,10 +71,11 @@ static const char *chapcodes[] = { "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE" }; +#define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1) static void ChapOutput(struct physical *physical, u_int code, u_int id, - const u_char * ptr, int count, const char *text) + const u_char *ptr, int count, const char *text) { int plen; struct fsmheader lh; @@ -93,229 +97,311 @@ ChapOutput(struct physical *physical, u_int code, u_int id, hdlc_Output(&physical->link, PRI_LINK, PROTO_CHAP, bp); } -void -chap_SendChallenge(struct authinfo *auth, int chapid, struct physical *physical) +static char * +chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, int MSChap) { - struct chap *chap = auth2chap(auth); - int len, i; - char *cp; + char *result, *digest; + size_t nlen, klen; - randinit(); - cp = chap->challenge_data; - *cp++ = chap->challenge_len = random() % 32 + 16; - for (i = 0; i < chap->challenge_len; i++) - *cp++ = random() & 0xff; - len = strlen(physical->dl->bundle->cfg.auth.name); - memcpy(cp, physical->dl->bundle->cfg.auth.name, len); - cp += len; - ChapOutput(physical, CHAP_CHALLENGE, chapid, chap->challenge_data, - cp - chap->challenge_data, NULL); -} + nlen = strlen(name); + klen = strlen(key); -static void -RecvChapTalk(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp, - struct physical *physical) -{ - int valsize, len; - int arglen, keylen, namelen; - char *cp, *argp, *ap, *name, *digest; - char *keyp; - MD5_CTX MD5context; /* context for MD5 */ - char answer[100]; - char cdigest[16]; #ifdef HAVE_DES - int ix; - MD4_CTX MD4context; /* context for MD4 */ -#endif + if (MSChap) { + char expkey[AUTHLEN << 2]; + MD4_CTX MD4context; + int f; - len = ntohs(chp->length); - log_Printf(LogDEBUG, "RecvChapTalk: length: %d\n", len); - arglen = len - sizeof(struct fsmheader); - cp = (char *) MBUF_CTOP(bp); - valsize = *cp++ & 255; - name = cp + valsize; - namelen = arglen - valsize - 1; - name[namelen] = 0; - - log_Printf(LogPHASE, "Chap Input: %s (from %s)\n", - chapcodes[chp->code], name); - - switch (chp->code) { - case CHAP_CHALLENGE: - keyp = bundle->cfg.auth.key; - keylen = strlen(bundle->cfg.auth.key); - name = bundle->cfg.auth.name; - namelen = strlen(bundle->cfg.auth.name); + if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL) + return result; -#ifdef HAVE_DES - if (physical->dl->chap.using_MSChap) - argp = malloc(1 + namelen + MS_CHAP_RESPONSE_LEN); - else -#endif - argp = malloc(1 + valsize + namelen + 16); + digest = result; /* this is the response */ + *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */ + memset(digest, '\0', 24); + digest += 24; - if (argp == NULL) { - ChapOutput(physical, CHAP_FAILURE, chp->id, "Out of memory!", 14, NULL); - return; - } -#ifdef HAVE_DES - if (physical->dl->chap.using_MSChap) { - digest = argp; /* this is the response */ - *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */ - memset(digest, '\0', 24); - digest += 24; - - ap = answer; /* this is the challenge */ - memcpy(ap, keyp, keylen); - ap += 2 * keylen; - memcpy(ap, cp, valsize); - log_DumpBuff(LogDEBUG, "recv", ap, valsize); - ap += valsize; - for (ix = keylen; ix > 0 ; ix--) { - answer[2*ix-2] = answer[ix-1]; - answer[2*ix-1] = 0; - } - MD4Init(&MD4context); - MD4Update(&MD4context, answer, 2 * keylen); - MD4Final(digest, &MD4context); - memcpy(digest + 25, name, namelen); - ap += 2 * keylen; - chap_MS(digest, answer + 2 * keylen, valsize); - log_DumpBuff(LogDEBUG, "answer", digest, 24); - ChapOutput(physical, CHAP_RESPONSE, chp->id, argp, - namelen + MS_CHAP_RESPONSE_LEN + 1, name); - } else { -#endif - digest = argp; - *digest++ = 16; /* value size */ - ap = answer; - *ap++ = chp->id; - memcpy(ap, keyp, keylen); - ap += keylen; - memcpy(ap, cp, valsize); - log_DumpBuff(LogDEBUG, "recv", ap, valsize); - ap += valsize; - MD5Init(&MD5context); - MD5Update(&MD5context, answer, ap - answer); - MD5Final(digest, &MD5context); - log_DumpBuff(LogDEBUG, "answer", digest, 16); - memcpy(digest + 16, name, namelen); - ap += namelen; - /* Send answer to the peer */ - ChapOutput(physical, CHAP_RESPONSE, chp->id, argp, namelen + 17, name); -#ifdef HAVE_DES + for (f = klen; f; f--) { + expkey[2*f-2] = key[f-1]; + expkey[2*f-1] = 0; } -#endif - free(argp); - if (*name == '\0') - log_Printf(LogWARN, "Sending empty CHAP authname!\n"); - break; - case CHAP_RESPONSE: + /* - * Get a secret key corresponds to the peer + * ----------- + * answer = | k\0e\0y\0 | + * ----------- */ - keyp = auth_GetSecret(bundle, name, namelen, physical); - if (keyp) { - /* - * Compute correct digest value - */ - keylen = strlen(keyp); - ap = answer; - *ap++ = chp->id; - memcpy(ap, keyp, keylen); - ap += keylen; - MD5Init(&MD5context); - MD5Update(&MD5context, answer, ap - answer); - MD5Update(&MD5context, physical->dl->chap.challenge_data + 1, - physical->dl->chap.challenge_len); - MD5Final(cdigest, &MD5context); - log_DumpBuff(LogDEBUG, "got", cp, 16); - log_DumpBuff(LogDEBUG, "expect", cdigest, 16); - - /* - * Compare with the response - */ - if (memcmp(cp, cdigest, 16) == 0) { - datalink_GotAuthname(physical->dl, name, namelen); - ChapOutput(physical, CHAP_SUCCESS, chp->id, "Welcome!!", 10, NULL); - physical->link.lcp.auth_ineed = 0; - if (Enabled(bundle, OPT_UTMP)) - physical_Login(physical, name); - - if (physical->link.lcp.auth_iwait == 0) - /* - * Either I didn't need to authenticate, or I've already been - * told that I got the answer right. - */ - datalink_AuthOk(physical->dl); - - break; - } - } + MD4Init(&MD4context); + MD4Update(&MD4context, expkey, klen << 1); + MD4Final(digest, &MD4context); + memcpy(digest + 25, name, nlen); + + /* + * ``result'' is: + * ---- --------- -------------------- ------ + * result = | 49 | 24 * \0 | digest (pad to 25) | name | + * ---- --------- -------------------- ------ + */ + chap_MS(digest, challenge + 1, *challenge); /* - * Peer is not registerd, or response digest is wrong. + * ---- --------- ---------------- --- ---------- + * result = | 49 | 24 * \0 | 24 byte digest | 1 | authname | + * ---- --------- ---------------- --- ---------- + */ + } else +#endif + if ((result = malloc(nlen + 17)) != NULL) { + /* Normal MD5 stuff */ + MD5_CTX MD5context; + + digest = result; + *digest++ = 16; /* value size */ + + MD5Init(&MD5context); +log_Printf(LogPHASE, "Build with 0x%x, %s & %.*s\n", id, key, *challenge, challenge+1); + MD5Update(&MD5context, &id, 1); + MD5Update(&MD5context, key, klen); + MD5Update(&MD5context, challenge + 1, *challenge); + MD5Final(digest, &MD5context); + + memcpy(digest + 16, name, nlen); + /* + * ---- -------- ------ + * result = | 16 | digest | name | + * ---- -------- ------ */ - ChapOutput(physical, CHAP_FAILURE, chp->id, "Invalid!!", 9, NULL); - datalink_AuthNotOk(physical->dl); - break; } + + return result; } static void -RecvChapResult(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp, - struct physical *physical) +chap_Challenge(struct authinfo *authp) { - int len; - - len = ntohs(chp->length); - log_Printf(LogDEBUG, "RecvChapResult: length: %d\n", len); - if (chp->code == CHAP_SUCCESS) { - if (physical->link.lcp.auth_iwait == PROTO_CHAP) { - physical->link.lcp.auth_iwait = 0; - if (physical->link.lcp.auth_ineed == 0) - /* - * We've succeeded in our ``login'' - * If we're not expecting the peer to authenticate (or he already - * has), proceed to network phase. - */ - datalink_AuthOk(physical->dl); - } - } else { - /* CHAP failed - it's not going to get any better */ - log_Printf(LogPHASE, "Chap Input: Giving up after name/key FAILURE\n"); - datalink_AuthNotOk(physical->dl); + struct chap *chap = auth2chap(authp); + int len, i; + char *cp; + + randinit(); + cp = chap->challenge; + +#ifndef NORADIUS + if (*authp->physical->dl->bundle->radius.cfg.file) { + /* For radius, our challenge is 16 readable NUL terminated bytes :*/ + *cp++ = 16; + for (i = 0; i < 16; i++) + *cp++ = (random() % 10) + '0'; + } else +#endif + { + *cp++ = random() % (CHAPCHALLENGELEN-16) + 16; + for (i = 0; i < *chap->challenge; i++) + *cp++ = random() & 0xff; } + + len = strlen(authp->physical->dl->bundle->cfg.auth.name); + memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); + cp += len; + ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge, + cp - chap->challenge, NULL); +} + +static void +chap_Success(struct authinfo *authp) +{ + datalink_GotAuthname(authp->physical->dl, authp->in.name); + ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL); + authp->physical->link.lcp.auth_ineed = 0; + if (Enabled(authp->physical->dl->bundle, OPT_UTMP)) + physical_Login(authp->physical, authp->in.name); + + if (authp->physical->link.lcp.auth_iwait == 0) + /* + * Either I didn't need to authenticate, or I've already been + * told that I got the answer right. + */ + datalink_AuthOk(authp->physical->dl); +} + +static void +chap_Failure(struct authinfo *authp) +{ + ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL); + datalink_AuthNotOk(authp->physical->dl); } void -chap_Input(struct bundle *bundle, struct mbuf *bp, struct physical *physical) +chap_Init(struct chap *chap, struct physical *p) { - int len = mbuf_Length(bp); - struct fsmheader *chp; - - if (len >= sizeof(struct fsmheader)) { - chp = (struct fsmheader *) MBUF_CTOP(bp); - if (len >= ntohs(chp->length)) { - if (chp->code < 1 || chp->code > 4) - chp->code = 0; - bp->offset += sizeof(struct fsmheader); - bp->cnt -= sizeof(struct fsmheader); - - switch (chp->code) { + auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); + *chap->challenge = 0; + chap->using_MSChap = 0; +} + +void +chap_Input(struct physical *p, struct mbuf *bp) +{ + struct chap *chap = &p->dl->chap; + char *name, *key, *ans, *myans; + int len, nlen; + u_char alen; + + if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL) + log_Printf(LogERROR, "Chap Input: Truncated header !\n"); + else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE) + log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n", + chap->auth.in.hdr.code); + else { + len = mbuf_Length(bp); + ans = NULL; + + if (chap->auth.in.hdr.code != CHAP_CHALLENGE && + chap->auth.id != chap->auth.in.hdr.id && + Enabled(p->dl->bundle, OPT_IDCHECK)) { + /* Wrong conversation dude ! */ + log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n", + chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id, + chap->auth.id); + mbuf_Free(bp); + return; + } + chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */ + + switch (chap->auth.in.hdr.code) { + case CHAP_CHALLENGE: + bp = mbuf_Read(bp, chap->challenge, 1); + len -= *chap->challenge + 1; + if (len < 0) { + log_Printf(LogERROR, "Chap Input: Truncated challenge !\n"); + mbuf_Free(bp); + return; + } + bp = mbuf_Read(bp, chap->challenge + 1, *chap->challenge); + bp = auth_ReadName(&chap->auth, bp, len); + break; + case CHAP_RESPONSE: - auth_StopTimer(&physical->dl->chap.auth); - /* Fall into.. */ + auth_StopTimer(&chap->auth); + bp = mbuf_Read(bp, &alen, 1); + len -= alen + 1; + if (len < 0) { + log_Printf(LogERROR, "Chap Input: Truncated response !\n"); + mbuf_Free(bp); + return; + } + if ((ans = malloc(alen + 2)) == NULL) { + log_Printf(LogERROR, "Chap Input: Out of memory !\n"); + mbuf_Free(bp); + return; + } + *ans = chap->auth.id; + bp = mbuf_Read(bp, ans + 1, alen); + ans[alen+1] = '\0'; + bp = auth_ReadName(&chap->auth, bp, len); + break; + + case CHAP_SUCCESS: + case CHAP_FAILURE: + /* chap->auth.in.name is already set up at CHALLENGE time */ + if ((ans = malloc(len + 1)) == NULL) { + log_Printf(LogERROR, "Chap Input: Out of memory !\n"); + mbuf_Free(bp); + return; + } + bp = mbuf_Read(bp, ans, len); + ans[len] = '\0'; + break; + } + + switch (chap->auth.in.hdr.code) { + case CHAP_CHALLENGE: + case CHAP_RESPONSE: + if (*chap->auth.in.name) + log_Printf(LogPHASE, "Chap Input: %s (from %s)\n", + chapcodes[chap->auth.in.hdr.code], chap->auth.in.name); + else + log_Printf(LogPHASE, "Chap Input: %s\n", + chapcodes[chap->auth.in.hdr.code]); + break; + + case CHAP_SUCCESS: + case CHAP_FAILURE: + if (*ans) + log_Printf(LogPHASE, "Chap Input: %s (%s)\n", + chapcodes[chap->auth.in.hdr.code], ans); + else + log_Printf(LogPHASE, "Chap Input: %s\n", + chapcodes[chap->auth.in.hdr.code]); + break; + } + + switch (chap->auth.in.hdr.code) { case CHAP_CHALLENGE: - RecvChapTalk(bundle, chp, bp, physical); - break; + name = p->dl->bundle->cfg.auth.name; + nlen = strlen(name); + key = p->dl->bundle->cfg.auth.key; + myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, 0); + if (myans) { + ChapOutput(p, CHAP_RESPONSE, chap->auth.id, myans, + *myans + 1 + nlen, name); + free(myans); + } else + ChapOutput(p, CHAP_FAILURE, chap->auth.id, "Out of memory!", + 14, NULL); + break; + + case CHAP_RESPONSE: + name = chap->auth.in.name; + nlen = strlen(name); +#ifndef NORADIUS + if (*p->dl->bundle->radius.cfg.file) { + chap->challenge[*chap->challenge+1] = '\0'; +log_Printf(LogPHASE, "Challenge %s, answer is %d bytes starting with %d\n", chap->challenge+1, alen+1, *ans); + radius_Authenticate(&p->dl->bundle->radius, &chap->auth, + chap->auth.in.name, ans, chap->challenge + 1); + } else +#endif + { + key = auth_GetSecret(p->dl->bundle, name, nlen, p); + if (key) { + myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, + chap->using_MSChap); + if (myans == NULL) + key = NULL; + else { + if (memcmp(myans, ans, 1 + *myans)) + key = NULL; + free(myans); + } + } + + if (key) + chap_Success(&chap->auth); + else + chap_Failure(&chap->auth); + } + + break; + case CHAP_SUCCESS: + if (p->link.lcp.auth_iwait == PROTO_CHAP) { + p->link.lcp.auth_iwait = 0; + if (p->link.lcp.auth_ineed == 0) + /* + * We've succeeded in our ``login'' + * If we're not expecting the peer to authenticate (or he already + * has), proceed to network phase. + */ + datalink_AuthOk(p->dl); + } + break; + case CHAP_FAILURE: - log_Printf(LogPHASE, "Chap Input: %s\n", chapcodes[chp->code]); - RecvChapResult(bundle, chp, bp, physical); - break; - } + datalink_AuthNotOk(p->dl); + break; } + free(ans); } + mbuf_Free(bp); } diff --git a/usr.sbin/ppp/ppp/chap.h b/usr.sbin/ppp/ppp/chap.h index f95a10d18fc..213eef4a0cf 100644 --- a/usr.sbin/ppp/ppp/chap.h +++ b/usr.sbin/ppp/ppp/chap.h @@ -15,14 +15,13 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap.h,v 1.1 1998/08/31 00:22:17 brian Exp $ + * $Id: chap.h,v 1.2 1999/02/06 03:22:32 brian Exp $ * * TODO: */ struct mbuf; struct physical; -struct bundle; #define CHAP_CHALLENGE 1 #define CHAP_RESPONSE 2 @@ -31,12 +30,11 @@ struct bundle; struct chap { struct authinfo auth; - char challenge_data[80]; - int challenge_len; + char challenge[CHAPCHALLENGELEN + AUTHLEN]; unsigned using_MSChap : 1; /* A combination of MD4 & DES */ }; #define auth2chap(a) ((struct chap *)(a)) -extern void chap_Input(struct bundle *, struct mbuf *, struct physical *); -extern void chap_SendChallenge(struct authinfo *, int, struct physical *); +extern void chap_Init(struct chap *, struct physical *); +extern void chap_Input(struct physical *, struct mbuf *); diff --git a/usr.sbin/ppp/ppp/chap_ms.c b/usr.sbin/ppp/ppp/chap_ms.c index ec2c8b873f8..3a220c95211 100644 --- a/usr.sbin/ppp/ppp/chap_ms.c +++ b/usr.sbin/ppp/ppp/chap_ms.c @@ -19,7 +19,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap_ms.c,v 1.1 1998/08/31 00:22:17 brian Exp $ + * $Id: chap_ms.c,v 1.2 1999/02/06 03:22:33 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/chap_ms.h b/usr.sbin/ppp/ppp/chap_ms.h index 7b2e2870744..e8a5eb20c84 100644 --- a/usr.sbin/ppp/ppp/chap_ms.h +++ b/usr.sbin/ppp/ppp/chap_ms.h @@ -19,7 +19,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap_ms.h,v 1.1 1998/08/31 00:22:17 brian Exp $ + * $Id: chap_ms.h,v 1.2 1999/02/06 03:22:33 brian Exp $ */ /* Max # of (Unicode) chars in an NT password */ diff --git a/usr.sbin/ppp/ppp/chat.c b/usr.sbin/ppp/ppp/chat.c index 3cb19aa8824..eb55e15cd72 100644 --- a/usr.sbin/ppp/ppp/chat.c +++ b/usr.sbin/ppp/ppp/chat.c @@ -23,10 +23,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: chat.c,v 1.2 1998/10/29 02:21:44 brian Exp $ + * $Id: chat.c,v 1.3 1999/02/06 03:22:33 brian Exp $ */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -66,6 +66,9 @@ #include "filter.h" #include "cbcp.h" #include "datalink.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #define BUFLEFT(c) (sizeof (c)->buf - ((c)->bufend - (c)->buf)) diff --git a/usr.sbin/ppp/ppp/chat.h b/usr.sbin/ppp/ppp/chat.h index 9c2fdb75d9c..b6fec29e30d 100644 --- a/usr.sbin/ppp/ppp/chat.h +++ b/usr.sbin/ppp/ppp/chat.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: chat.h,v 1.1 1998/08/31 00:22:18 brian Exp $ + * $Id: chat.h,v 1.2 1999/02/06 03:22:33 brian Exp $ */ #define CHAT_EXPECT 0 diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c index 75edc858a2a..ec5c0df6be9 100644 --- a/usr.sbin/ppp/ppp/command.c +++ b/usr.sbin/ppp/ppp/command.c @@ -17,10 +17,10 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.6 1998/12/14 01:23:48 brian Exp $ + * $Id: command.c,v 1.7 1999/02/06 03:22:33 brian Exp $ * */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in_systm.h> #include <netinet/in.h> #include <netinet/ip.h> @@ -76,6 +76,9 @@ #include "link.h" #include "physical.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "server.h" #include "prompt.h" @@ -115,6 +118,7 @@ #define VAR_CHOKED 26 #define VAR_SENDPIPE 27 #define VAR_RECVPIPE 28 +#define VAR_RADIUS 29 /* ``accept|deny|disable|enable'' masks */ #define NEG_HISMASK (1) @@ -133,8 +137,8 @@ #define NEG_VJCOMP 49 #define NEG_DNS 50 -const char Version[] = "2.0"; -const char VersionDate[] = "$Date: 1998/12/14 01:23:48 $"; +const char Version[] = "2.1"; +const char VersionDate[] = "$Date: 1999/02/06 03:22:33 $"; static int ShowCommand(struct cmdargs const *); static int TerminalCommand(struct cmdargs const *); @@ -1297,7 +1301,7 @@ SetInterfaceAddr(struct cmdargs const *arg) iplist_reset(&ipcp->cfg.peer_list); if (arg->argc > arg->argn) { - if (!ParseAddr(ipcp, arg->argc - arg->argn, arg->argv + arg->argn, + if (!ParseAddr(ipcp, arg->argv[arg->argn], &ipcp->cfg.my_range.ipaddr, &ipcp->cfg.my_range.mask, &ipcp->cfg.my_range.width)) return 1; @@ -1616,10 +1620,10 @@ SetVariable(struct cmdargs const *arg) addr[0].s_addr = addr[1].s_addr = INADDR_ANY; if (arg->argc > arg->argn) { - ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn, + ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn], addr, &dummyaddr, &dummyint); if (arg->argc > arg->argn+1) - ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn + 1, + ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn + 1], addr + 1, &dummyaddr, &dummyint); if (addr[1].s_addr == INADDR_ANY) @@ -1691,6 +1695,22 @@ SetVariable(struct cmdargs const *arg) long_val = atol(argp); arg->bundle->ncp.ipcp.cfg.recvpipe = long_val; break; + +#ifndef NORADIUS + case VAR_RADIUS: + if (!*argp) + *arg->bundle->radius.cfg.file = '\0'; + else if (access(argp, R_OK)) { + log_Printf(LogWARN, "%s: %s\n", argp, strerror(errno)); + return 1; + } else { + strncpy(arg->bundle->radius.cfg.file, argp, + sizeof arg->bundle->radius.cfg.file - 1); + arg->bundle->radius.cfg.file + [sizeof arg->bundle->radius.cfg.file - 1] = '\0'; + } + break; +#endif } return err ? 1 : 0; @@ -1788,6 +1808,10 @@ static struct cmdtab const SetCommands[] = { "set phone phone1[:phone2[...]]", (const void *)VAR_PHONE}, {"proctitle", "title", SetProcTitle, LOCAL_AUTH, "Process title", "set proctitle [value]"}, +#ifndef NORADIUS + {"radius", NULL, SetVariable, LOCAL_AUTH, + "RADIUS Config", "set radius cfgfile", (const void *)VAR_RADIUS}, +#endif {"reconnect", NULL, datalink_SetReconnect, LOCAL_AUTH | LOCAL_CX, "Reconnect timeout", "set reconnect value ntries"}, {"recvpipe", NULL, SetVariable, LOCAL_AUTH, @@ -1844,7 +1868,7 @@ AddCommand(struct cmdargs const *arg) else { int width; - if (!ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn, + if (!ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn], &dest, &netmask, &width)) return -1; if (!strncasecmp(arg->argv[arg->argn], "MYADDR", 6)) @@ -1873,7 +1897,8 @@ AddCommand(struct cmdargs const *arg) gateway = GetIpAddr(arg->argv[arg->argn+gw]); if (bundle_SetRoute(arg->bundle, RTM_ADD, dest, gateway, netmask, - arg->cmd->args ? 1 : 0, (addrs & ROUTE_GWHISADDR) ? 1 : 0)) + arg->cmd->args ? 1 : 0, (addrs & ROUTE_GWHISADDR) ? 1 : 0) + && addrs != ROUTE_STATIC) route_Add(&arg->bundle->ncp.ipcp.route, addrs, dest, netmask, gateway); return 0; @@ -2355,24 +2380,24 @@ IfaceAddCommand(struct cmdargs const *arg) struct in_addr ifa, mask, brd; if (arg->argc == arg->argn + 1) { - if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL)) + if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL)) return -1; mask.s_addr = brd.s_addr = INADDR_BROADCAST; } else { if (arg->argc == arg->argn + 2) { - if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, &mask, &bits)) + if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, &mask, &bits)) return -1; n = 1; } else if (arg->argc == arg->argn + 3) { - if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL)) + if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL)) return -1; - if (!ParseAddr(NULL, 1, arg->argv + arg->argn + 1, &mask, NULL, NULL)) + if (!ParseAddr(NULL, arg->argv[arg->argn + 1], &mask, NULL, NULL)) return -1; n = 2; } else return -1; - if (!ParseAddr(NULL, 1, arg->argv + arg->argn + n, &brd, NULL, NULL)) + if (!ParseAddr(NULL, arg->argv[arg->argn + n], &brd, NULL, NULL)) return -1; } @@ -2392,7 +2417,7 @@ IfaceDeleteCommand(struct cmdargs const *arg) if (arg->argc != arg->argn + 1) return -1; - if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL)) + if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL)) return -1; if (arg->bundle->ncp.ipcp.fsm.state == ST_OPENED && diff --git a/usr.sbin/ppp/ppp/command.h b/usr.sbin/ppp/ppp/command.h index 3907b92953d..e90e3c078eb 100644 --- a/usr.sbin/ppp/ppp/command.h +++ b/usr.sbin/ppp/ppp/command.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.h,v 1.1 1998/08/31 00:22:18 brian Exp $ + * $Id: command.h,v 1.2 1999/02/06 03:22:34 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/datalink.c b/usr.sbin/ppp/ppp/datalink.c index 93cc161f9c8..49b15103e49 100644 --- a/usr.sbin/ppp/ppp/datalink.c +++ b/usr.sbin/ppp/ppp/datalink.c @@ -23,10 +23,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: datalink.c,v 1.9 1999/02/02 09:49:57 brian Exp $ + * $Id: datalink.c,v 1.10 1999/02/06 03:22:34 brian Exp $ */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -58,6 +58,9 @@ #include "ipcp.h" #include "filter.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "chat.h" #include "auth.h" @@ -466,7 +469,7 @@ datalink_LayerUp(void *v, struct fsm *fp) struct datalink *dl = (struct datalink *)v; if (fp->proto == PROTO_LCP) { - datalink_GotAuthname(dl, "", 0); + datalink_GotAuthname(dl, ""); dl->physical->link.lcp.auth_ineed = dl->physical->link.lcp.want_auth; dl->physical->link.lcp.auth_iwait = dl->physical->link.lcp.his_auth; if (dl->physical->link.lcp.his_auth || dl->physical->link.lcp.want_auth) { @@ -476,21 +479,19 @@ datalink_LayerUp(void *v, struct fsm *fp) Auth2Nam(dl->physical->link.lcp.his_auth), Auth2Nam(dl->physical->link.lcp.want_auth)); if (dl->physical->link.lcp.his_auth == PROTO_PAP) - auth_StartChallenge(&dl->pap, dl->physical, pap_SendChallenge); + auth_StartReq(&dl->pap); if (dl->physical->link.lcp.want_auth == PROTO_CHAP) - auth_StartChallenge(&dl->chap.auth, dl->physical, chap_SendChallenge); + auth_StartReq(&dl->chap.auth); } else datalink_AuthOk(dl); } } void -datalink_GotAuthname(struct datalink *dl, const char *name, int len) +datalink_GotAuthname(struct datalink *dl, const char *name) { - if (len >= sizeof dl->peer.authname) - len = sizeof dl->peer.authname - 1; - strncpy(dl->peer.authname, name, len); - dl->peer.authname[len] = '\0'; + strncpy(dl->peer.authname, name, sizeof dl->peer.authname - 1); + dl->peer.authname[sizeof dl->peer.authname - 1] = '\0'; } void @@ -721,14 +722,14 @@ datalink_Create(const char *name, struct bundle *bundle, int type) dl->fsmp.LayerFinish = datalink_LayerFinish; dl->fsmp.object = dl; - auth_Init(&dl->pap); - auth_Init(&dl->chap.auth); - if ((dl->physical = modem_Create(dl, type)) == NULL) { free(dl->name); free(dl); return NULL; } + + pap_Init(&dl->pap, dl->physical); + chap_Init(&dl->chap, dl->physical); cbcp_Init(&dl->cbcp, dl->physical); chat_Init(&dl->chat, dl->physical, NULL, 1, NULL); @@ -771,17 +772,18 @@ datalink_Clone(struct datalink *odl, const char *name) dl->parent = odl->parent; memcpy(&dl->fsmp, &odl->fsmp, sizeof dl->fsmp); dl->fsmp.object = dl; - auth_Init(&dl->pap); - dl->pap.cfg.fsmretry = odl->pap.cfg.fsmretry; - - auth_Init(&dl->chap.auth); - dl->chap.auth.cfg.fsmretry = odl->chap.auth.cfg.fsmretry; if ((dl->physical = modem_Create(dl, PHYS_INTERACTIVE)) == NULL) { free(dl->name); free(dl); return NULL; } + pap_Init(&dl->pap, dl->physical); + dl->pap.cfg.fsmretry = odl->pap.cfg.fsmretry; + + chap_Init(&dl->chap, dl->physical); + dl->chap.auth.cfg.fsmretry = odl->chap.auth.cfg.fsmretry; + memcpy(&dl->physical->cfg, &odl->physical->cfg, sizeof dl->physical->cfg); memcpy(&dl->physical->link.lcp.cfg, &odl->physical->link.lcp.cfg, sizeof dl->physical->link.lcp.cfg); @@ -1177,14 +1179,6 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov, dl->fsmp.LayerFinish = datalink_LayerFinish; dl->fsmp.object = dl; - retry = dl->pap.cfg.fsmretry; - auth_Init(&dl->pap); - dl->pap.cfg.fsmretry = retry; - - retry = dl->chap.auth.cfg.fsmretry; - auth_Init(&dl->chap.auth); - dl->chap.auth.cfg.fsmretry = retry; - dl->physical = iov2modem(dl, iov, niov, maxiov, fd); if (!dl->physical) { @@ -1192,6 +1186,14 @@ iov2datalink(struct bundle *bundle, struct iovec *iov, int *niov, int maxiov, free(dl); dl = NULL; } else { + retry = dl->pap.cfg.fsmretry; + pap_Init(&dl->pap, dl->physical); + dl->pap.cfg.fsmretry = retry; + + retry = dl->chap.auth.cfg.fsmretry; + chap_Init(&dl->chap, dl->physical); + dl->chap.auth.cfg.fsmretry = retry; + cbcp_Init(&dl->cbcp, dl->physical); chat_Init(&dl->chat, dl->physical, NULL, 1, NULL); diff --git a/usr.sbin/ppp/ppp/datalink.h b/usr.sbin/ppp/ppp/datalink.h index 047ed10cd41..5338ee922b2 100644 --- a/usr.sbin/ppp/ppp/datalink.h +++ b/usr.sbin/ppp/ppp/datalink.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: datalink.h,v 1.1 1998/08/31 00:22:19 brian Exp $ + * $Id: datalink.h,v 1.2 1999/02/06 03:22:35 brian Exp $ */ #define DATALINK_CLOSED (0) @@ -123,7 +123,7 @@ extern struct datalink *iov2datalink(struct bundle *, struct iovec *, int *, int, int); extern int datalink2iov(struct datalink *, struct iovec *, int *, int, pid_t); extern struct datalink *datalink_Destroy(struct datalink *); -extern void datalink_GotAuthname(struct datalink *, const char *, int); +extern void datalink_GotAuthname(struct datalink *, const char *); extern void datalink_Up(struct datalink *, int, int); extern void datalink_Close(struct datalink *, int); extern void datalink_Down(struct datalink *, int); diff --git a/usr.sbin/ppp/ppp/deflate.c b/usr.sbin/ppp/ppp/deflate.c index 499734b49c7..69c1a7e6b1f 100644 --- a/usr.sbin/ppp/ppp/deflate.c +++ b/usr.sbin/ppp/ppp/deflate.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: deflate.c,v 1.1 1998/08/31 00:22:19 brian Exp $ + * $Id: deflate.c,v 1.2 1999/02/06 03:22:35 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/deflate.h b/usr.sbin/ppp/ppp/deflate.h index c29ad82ef4e..d02741b5375 100644 --- a/usr.sbin/ppp/ppp/deflate.h +++ b/usr.sbin/ppp/ppp/deflate.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: deflate.h,v 1.1 1998/08/31 00:22:19 brian Exp $ + * $Id: deflate.h,v 1.2 1999/02/06 03:22:35 brian Exp $ */ extern const struct ccp_algorithm PppdDeflateAlgorithm; diff --git a/usr.sbin/ppp/ppp/defs.c b/usr.sbin/ppp/ppp/defs.c index 1d04277d871..9eca872d325 100644 --- a/usr.sbin/ppp/ppp/defs.c +++ b/usr.sbin/ppp/ppp/defs.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: defs.c,v 1.1 1998/08/31 00:22:19 brian Exp $ + * $Id: defs.c,v 1.2 1999/02/06 03:22:35 brian Exp $ */ diff --git a/usr.sbin/ppp/ppp/defs.h b/usr.sbin/ppp/ppp/defs.h index 3bc6c9ba795..3255f5309a4 100644 --- a/usr.sbin/ppp/ppp/defs.h +++ b/usr.sbin/ppp/ppp/defs.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: defs.h,v 1.1 1998/08/31 00:22:19 brian Exp $ + * $Id: defs.h,v 1.2 1999/02/06 03:22:35 brian Exp $ * * TODO: */ @@ -44,6 +44,9 @@ #define DIAL_NEXT_TIMEOUT 3 /* Default Hold time to next number redial */ #define SCRIPT_LEN 512 /* Size of login scripts */ #define LINE_LEN SCRIPT_LEN /* Size of login scripts */ +#define AUTHLEN 50 /* Size of authname/authkey */ +#define CHAPDIGESTLEN 100 /* Maximum chap digest */ +#define CHAPCHALLENGELEN 48 /* Maximum chap challenge */ #define MAXARGS 40 /* How many args per config line */ #define NCP_IDLE_TIMEOUT 180 /* Drop all links */ #define CHOKED_TIMEOUT 120 /* Delete queued packets w/ blocked tun */ diff --git a/usr.sbin/ppp/ppp/descriptor.h b/usr.sbin/ppp/ppp/descriptor.h index be0cd5a0c89..875a1a018a8 100644 --- a/usr.sbin/ppp/ppp/descriptor.h +++ b/usr.sbin/ppp/ppp/descriptor.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: descriptor.h,v 1.1 1998/08/31 00:22:20 brian Exp $ + * $Id: descriptor.h,v 1.2 1999/02/06 03:22:36 brian Exp $ */ #define PHYSICAL_DESCRIPTOR (1) @@ -33,6 +33,7 @@ #define DATALINK_DESCRIPTOR (5) #define BUNDLE_DESCRIPTOR (6) #define MPSERVER_DESCRIPTOR (7) +#define RADIUS_DESCRIPTOR (8) struct bundle; diff --git a/usr.sbin/ppp/ppp/filter.c b/usr.sbin/ppp/ppp/filter.c index 5e82924437c..aef796fd3dd 100644 --- a/usr.sbin/ppp/ppp/filter.c +++ b/usr.sbin/ppp/ppp/filter.c @@ -17,12 +17,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: filter.c,v 1.2 1998/10/29 02:21:45 brian Exp $ + * $Id: filter.c,v 1.3 1999/02/06 03:22:36 brian Exp $ * * TODO: Shoud send ICMP error message when we discard packets. */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> @@ -54,6 +54,9 @@ #include "descriptor.h" #include "prompt.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" static int filter_Nam2Proto(int, char const *const *); @@ -71,34 +74,38 @@ static const u_int32_t netmasks[33] = { 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF, }; +struct in_addr +bits2mask(int bits) +{ + struct in_addr result; + + result.s_addr = htonl(netmasks[bits]); + return result; +} + int -ParseAddr(struct ipcp *ipcp, int argc, char const *const *argv, +ParseAddr(struct ipcp *ipcp, const char *data, struct in_addr *paddr, struct in_addr *pmask, int *pwidth) { int bits, len; char *wp; const char *cp; - if (argc < 1) { - log_Printf(LogWARN, "ParseAddr: address/mask is expected.\n"); - return (0); - } - if (pmask) pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */ - cp = pmask || pwidth ? strchr(*argv, '/') : NULL; - len = cp ? cp - *argv : strlen(*argv); + cp = pmask || pwidth ? strchr(data, '/') : NULL; + len = cp ? cp - data : strlen(data); - if (ipcp && strncasecmp(*argv, "HISADDR", len) == 0) + if (ipcp && strncasecmp(data, "HISADDR", len) == 0) *paddr = ipcp->peer_ip; - else if (ipcp && strncasecmp(*argv, "MYADDR", len) == 0) + else if (ipcp && strncasecmp(data, "MYADDR", len) == 0) *paddr = ipcp->my_ip; else if (len > 15) - log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", *argv); + log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", data); else { char s[16]; - strncpy(s, *argv, len); + strncpy(s, data, len); s[len] = '\0'; if (inet_aton(s, paddr) == 0) { log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s); @@ -125,7 +132,7 @@ ParseAddr(struct ipcp *ipcp, int argc, char const *const *argv, if (paddr->s_addr == INADDR_ANY) pmask->s_addr = INADDR_ANY; else - pmask->s_addr = htonl(netmasks[bits]); + *pmask = bits2mask(bits); } return (1); @@ -302,7 +309,7 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv, argc--; argv++; - if (filterdata.action == A_DENY) { + if (argc && filterdata.action == A_DENY) { if (!strcmp(*argv, "host")) { filterdata.action |= A_UHOST; argc--; @@ -313,21 +320,26 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv, argv++; } } + proto = filter_Nam2Proto(argc, argv); if (proto == P_NONE) { - if (ParseAddr(ipcp, argc, argv, &filterdata.saddr, &filterdata.smask, - &filterdata.swidth)) { + if (!argc) + log_Printf(LogWARN, "Parse: address/mask is expected.\n"); + else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask, + &filterdata.swidth)) { argc--; argv++; proto = filter_Nam2Proto(argc, argv); - if (proto == P_NONE) { - if (ParseAddr(ipcp, argc, argv, &filterdata.daddr, &filterdata.dmask, + if (!argc) + log_Printf(LogWARN, "Parse: address/mask is expected.\n"); + else if (proto == P_NONE) { + if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask, &filterdata.dwidth)) { argc--; argv++; } proto = filter_Nam2Proto(argc, argv); - if (proto != P_NONE) { + if (argc && proto != P_NONE) { argc--; argv++; } diff --git a/usr.sbin/ppp/ppp/filter.h b/usr.sbin/ppp/ppp/filter.h index 310e3082b98..8f1c4b48d34 100644 --- a/usr.sbin/ppp/ppp/filter.h +++ b/usr.sbin/ppp/ppp/filter.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: filter.h,v 1.2 1999/01/19 22:21:43 brian Exp $ + * $Id: filter.h,v 1.3 1999/02/06 03:22:36 brian Exp $ * * TODO: */ @@ -83,10 +83,11 @@ struct filter { struct ipcp; struct cmdargs; -extern int ParseAddr(struct ipcp *, int, char const *const *, struct in_addr *, +extern int ParseAddr(struct ipcp *, const char *, struct in_addr *, struct in_addr *, int *); extern int filter_Show(struct cmdargs const *); extern int filter_Set(struct cmdargs const *); extern const char * filter_Action2Nam(int); extern const char *filter_Proto2Nam(int); extern const char *filter_Op2Nam(int); +extern struct in_addr bits2mask(int); diff --git a/usr.sbin/ppp/ppp/fsm.c b/usr.sbin/ppp/ppp/fsm.c index b992f941f73..8a076dd8d30 100644 --- a/usr.sbin/ppp/ppp/fsm.c +++ b/usr.sbin/ppp/ppp/fsm.c @@ -17,12 +17,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: fsm.c,v 1.2 1998/09/04 18:27:45 brian Exp $ + * $Id: fsm.c,v 1.3 1999/02/06 03:22:36 brian Exp $ * * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -49,6 +49,9 @@ #include "ccp.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "async.h" #include "physical.h" diff --git a/usr.sbin/ppp/ppp/fsm.h b/usr.sbin/ppp/ppp/fsm.h index b2fc4dd9707..b515656c30c 100644 --- a/usr.sbin/ppp/ppp/fsm.h +++ b/usr.sbin/ppp/ppp/fsm.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: fsm.h,v 1.1 1998/08/31 00:22:20 brian Exp $ + * $Id: fsm.h,v 1.2 1999/02/06 03:22:36 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/hdlc.c b/usr.sbin/ppp/ppp/hdlc.c index ae28e2259fb..56e223e852b 100644 --- a/usr.sbin/ppp/ppp/hdlc.c +++ b/usr.sbin/ppp/ppp/hdlc.c @@ -17,11 +17,11 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: hdlc.c,v 1.1 1998/08/31 00:22:20 brian Exp $ + * $Id: hdlc.c,v 1.2 1999/02/06 03:22:36 brian Exp $ * * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -61,6 +61,9 @@ #include "cbcp.h" #include "datalink.h" #include "filter.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" static u_int16_t const fcstab[256] = { @@ -390,7 +393,7 @@ hdlc_DecodePacket(struct bundle *bundle, u_short proto, struct mbuf * bp, break; case PROTO_PAP: if (p) - pap_Input(bundle, bp, p); + pap_Input(p, bp); else { log_Printf(LogERROR, "DecodePacket: PAP: Not a physical link !\n"); mbuf_Free(bp); @@ -415,7 +418,7 @@ hdlc_DecodePacket(struct bundle *bundle, u_short proto, struct mbuf * bp, break; case PROTO_CHAP: if (p) - chap_Input(bundle, bp, p); + chap_Input(p, bp); else { log_Printf(LogERROR, "DecodePacket: CHAP: Not a physical link !\n"); mbuf_Free(bp); diff --git a/usr.sbin/ppp/ppp/hdlc.h b/usr.sbin/ppp/ppp/hdlc.h index c6c5c02b324..6e5e412b852 100644 --- a/usr.sbin/ppp/ppp/hdlc.h +++ b/usr.sbin/ppp/ppp/hdlc.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: hdlc.h,v 1.1 1998/08/31 00:22:21 brian Exp $ + * $Id: hdlc.h,v 1.2 1999/02/06 03:22:36 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/id.c b/usr.sbin/ppp/ppp/id.c index 070bb8466f1..d77c7554ec2 100644 --- a/usr.sbin/ppp/ppp/id.c +++ b/usr.sbin/ppp/ppp/id.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: id.c,v 1.1 1998/08/31 00:22:21 brian Exp $ + * $Id: id.c,v 1.2 1999/02/06 03:22:37 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/id.h b/usr.sbin/ppp/ppp/id.h index 0c213ec391a..728caf430c5 100644 --- a/usr.sbin/ppp/ppp/id.h +++ b/usr.sbin/ppp/ppp/id.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: id.h,v 1.1 1998/08/31 00:22:21 brian Exp $ + * $Id: id.h,v 1.2 1999/02/06 03:22:37 brian Exp $ */ struct utmp; diff --git a/usr.sbin/ppp/ppp/iface.c b/usr.sbin/ppp/ppp/iface.c index 09141a96d1e..f6488633e2e 100644 --- a/usr.sbin/ppp/ppp/iface.c +++ b/usr.sbin/ppp/ppp/iface.c @@ -23,10 +23,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: iface.c,v 1.1 1998/10/29 02:21:45 brian Exp $ + * $Id: iface.c,v 1.2 1999/02/06 03:22:37 brian Exp $ */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/socket.h> #include <netinet/in.h> #include <net/if.h> @@ -65,6 +65,9 @@ #include "ccp.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "prompt.h" #include "iface.h" diff --git a/usr.sbin/ppp/ppp/iface.h b/usr.sbin/ppp/ppp/iface.h index c9c5cafc61b..ffd1fefe913 100644 --- a/usr.sbin/ppp/ppp/iface.h +++ b/usr.sbin/ppp/ppp/iface.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: iface.h,v 1.1 1998/10/29 02:21:45 brian Exp $ + * $Id: iface.h,v 1.2 1999/02/06 03:22:37 brian Exp $ */ struct iface_addr { diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c index fa2fda2938b..3c2298301fe 100644 --- a/usr.sbin/ppp/ppp/ip.c +++ b/usr.sbin/ppp/ppp/ip.c @@ -17,13 +17,13 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ip.c,v 1.3 1998/11/10 00:32:23 brian Exp $ + * $Id: ip.c,v 1.4 1999/02/06 03:22:38 brian Exp $ * * TODO: * o Return ICMP message for filterd packet * and optionaly record it into log. */ -#include <sys/types.h> +#include <sys/param.h> #ifdef __OpenBSD__ #include <sys/socket.h> #endif @@ -66,6 +66,9 @@ #include "ccp.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "vjcomp.h" #include "tun.h" diff --git a/usr.sbin/ppp/ppp/ip.h b/usr.sbin/ppp/ppp/ip.h index b8598aa5370..12dc5d65f46 100644 --- a/usr.sbin/ppp/ppp/ip.h +++ b/usr.sbin/ppp/ppp/ip.h @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ip.h,v 1.1 1998/08/31 00:22:21 brian Exp $ + * $Id: ip.h,v 1.2 1999/02/06 03:22:38 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/ipcp.c b/usr.sbin/ppp/ppp/ipcp.c index 83f1090c4aa..ab4923e396d 100644 --- a/usr.sbin/ppp/ppp/ipcp.c +++ b/usr.sbin/ppp/ppp/ipcp.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipcp.c,v 1.6 1999/02/04 11:54:47 brian Exp $ + * $Id: ipcp.c,v 1.7 1999/02/06 03:22:39 brian Exp $ * * TODO: * o More RFC1772 backward compatibility @@ -30,10 +30,7 @@ #include <sys/socket.h> #include <net/route.h> #include <netdb.h> -#include <net/if.h> -#include <sys/sockio.h> #include <sys/un.h> -#include <arpa/nameser.h> #include <fcntl.h> #include <resolv.h> @@ -73,6 +70,9 @@ #include "link.h" #include "physical.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "id.h" #include "arp.h" @@ -278,7 +278,7 @@ ipcp_Show(struct cmdargs const *arg) if (ipcp->route) { prompt_Printf(arg->prompt, "\n"); - route_ShowSticky(arg->prompt, ipcp->route); + route_ShowSticky(arg->prompt, ipcp->route, "Sticky routes", 1); } prompt_Printf(arg->prompt, "\nDefaults:\n"); @@ -378,7 +378,7 @@ ipcp_Init(struct ipcp *ipcp, struct bundle *bundle, struct link *l, throughput_init(&ipcp->throughput); memset(ipcp->Queue, '\0', sizeof ipcp->Queue); - ipcp_Setup(ipcp); + ipcp_Setup(ipcp, INADDR_NONE); } void @@ -388,13 +388,14 @@ ipcp_SetLink(struct ipcp *ipcp, struct link *l) } void -ipcp_Setup(struct ipcp *ipcp) +ipcp_Setup(struct ipcp *ipcp, u_int32_t mask) { struct iface *iface = ipcp->fsm.bundle->iface; int pos, n; ipcp->fsm.open_mode = 0; ipcp->fsm.maxconfig = 10; + ipcp->ifmask.s_addr = mask == INADDR_NONE ? ipcp->cfg.netmask.s_addr : mask; if (iplist_isvalid(&ipcp->cfg.peer_list)) { /* Try to give the peer a previously configured IP address */ @@ -446,7 +447,11 @@ ipcp_Setup(struct ipcp *ipcp) ipcp->my_ip = ipcp->cfg.my_range.ipaddr; } - if (IsEnabled(ipcp->cfg.vj.neg)) + if (IsEnabled(ipcp->cfg.vj.neg) +#ifndef NORADIUS + || (ipcp->fsm.bundle->radius.valid && ipcp->fsm.bundle->radius.vj) +#endif + ) ipcp->my_compproto = (PROTO_VJCOMP << 16) + ((ipcp->cfg.vj.slots - 1) << 8) + ipcp->cfg.vj.slotcomp; @@ -496,16 +501,11 @@ ipcp_SetIPaddress(struct bundle *bundle, struct in_addr myaddr, u_int32_t addr; addr = htonl(myaddr.s_addr); - if (IN_CLASSA(addr)) - mask.s_addr = htonl(IN_CLASSA_NET); - else if (IN_CLASSB(addr)) - mask.s_addr = htonl(IN_CLASSB_NET); - else - mask.s_addr = htonl(IN_CLASSC_NET); + mask.s_addr = addr2mask(addr); - if (bundle->ncp.ipcp.cfg.netmask.s_addr != INADDR_ANY && - (ntohl(bundle->ncp.ipcp.cfg.netmask.s_addr) & mask.s_addr) == mask.s_addr) - mask.s_addr = htonl(bundle->ncp.ipcp.cfg.netmask.s_addr); + if (bundle->ncp.ipcp.ifmask.s_addr != INADDR_ANY && + (ntohl(bundle->ncp.ipcp.ifmask.s_addr) & mask.s_addr) == mask.s_addr) + mask.s_addr = htonl(bundle->ncp.ipcp.ifmask.s_addr); oaddr.s_addr = bundle->iface->in_addrs ? bundle->iface->in_addr[0].ifa.s_addr : INADDR_ANY; @@ -524,6 +524,11 @@ ipcp_SetIPaddress(struct bundle *bundle, struct in_addr myaddr, if (Enabled(bundle, OPT_SROUTES)) route_Change(bundle, bundle->ncp.ipcp.route, myaddr, hisaddr); +#ifndef NORADIUS + if (bundle->radius.valid) + route_Change(bundle, bundle->radius.routes, myaddr, hisaddr); +#endif + if (Enabled(bundle, OPT_PROXY) || Enabled(bundle, OPT_PROXYALL)) { int s = ID0socket(AF_INET, SOCK_DGRAM, 0); if (s < 0) @@ -710,7 +715,7 @@ IpcpLayerDown(struct fsm *fp) system_Select(fp->bundle, "MYADDR", LINKDOWNFILE, NULL, NULL); } - ipcp_Setup(ipcp); + ipcp_Setup(ipcp, INADDR_NONE); } int @@ -1142,6 +1147,23 @@ ipcp_Input(struct ipcp *ipcp, struct bundle *bundle, struct mbuf *bp) } int +ipcp_UseHisIPaddr(struct bundle *bundle, struct in_addr hisaddr) +{ + struct ipcp *ipcp = &bundle->ncp.ipcp; + + memset(&ipcp->cfg.peer_range, '\0', sizeof ipcp->cfg.peer_range); + iplist_reset(&ipcp->cfg.peer_list); + ipcp->peer_ip = ipcp->cfg.peer_range.ipaddr = hisaddr; + ipcp->cfg.peer_range.mask.s_addr = INADDR_BROADCAST; + ipcp->cfg.peer_range.width = 32; + + if (ipcp_SetIPaddress(bundle, ipcp->cfg.my_range.ipaddr, hisaddr, 0) < 0) + return 0; + + return 1; /* Ok */ +} + +int ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr) { struct ipcp *ipcp = &bundle->ncp.ipcp; @@ -1165,7 +1187,7 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr) log_Printf(LogWARN, "%s: Invalid range !\n", hisaddr); return 0; } - } else if (ParseAddr(ipcp, 1, &hisaddr, &ipcp->cfg.peer_range.ipaddr, + } else if (ParseAddr(ipcp, hisaddr, &ipcp->cfg.peer_range.ipaddr, &ipcp->cfg.peer_range.mask, &ipcp->cfg.peer_range.width) != 0) { ipcp->peer_ip.s_addr = ipcp->cfg.peer_range.ipaddr.s_addr; diff --git a/usr.sbin/ppp/ppp/ipcp.h b/usr.sbin/ppp/ppp/ipcp.h index e52459001f8..aec762e11b7 100644 --- a/usr.sbin/ppp/ppp/ipcp.h +++ b/usr.sbin/ppp/ppp/ipcp.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipcp.h,v 1.2 1998/10/29 02:21:45 brian Exp $ + * $Id: ipcp.h,v 1.3 1999/02/06 03:22:39 brian Exp $ * * TODO: */ @@ -34,6 +34,14 @@ #define TY_SECONDARY_NBNS 132 #define TY_ADJUST_NS 119 /* subtract from NS val for REJECT bit */ +#define addr2mask(addr) ( \ + IN_CLASSA(addr) ? \ + htonl(IN_CLASSA_NET) : \ + IN_CLASSB(addr) ? \ + htonl(IN_CLASSB_NET) : htonl(IN_CLASSC_NET) \ +) + + struct sticky_route; struct in_range { @@ -53,7 +61,7 @@ struct ipcp { } vj; struct in_range my_range; /* MYADDR spec */ - struct in_addr netmask; /* netmask (unused by most OSs) */ + struct in_addr netmask; /* Iface netmask (unused by most OSs) */ struct in_range peer_range; /* HISADDR spec */ struct iplist peer_list; /* Ranges of HISADDR values */ @@ -84,6 +92,8 @@ struct ipcp { struct in_addr peer_ip; /* IP address he's willing to use */ u_int32_t peer_compproto; /* VJ params he's willing to use */ + struct in_addr ifmask; /* Interface netmask */ + struct in_addr my_ip; /* IP address I'm willing to use */ u_int32_t my_compproto; /* VJ params I'm willing to use */ @@ -102,13 +112,14 @@ struct cmdargs; extern void ipcp_Init(struct ipcp *, struct bundle *, struct link *, const struct fsm_parent *); -extern void ipcp_Setup(struct ipcp *); +extern void ipcp_Setup(struct ipcp *, u_int32_t); extern void ipcp_SetLink(struct ipcp *, struct link *); extern int ipcp_Show(struct cmdargs const *); extern void ipcp_Input(struct ipcp *, struct bundle *, struct mbuf *); extern void ipcp_AddInOctets(struct ipcp *, int); extern void ipcp_AddOutOctets(struct ipcp *, int); +extern int ipcp_UseHisIPaddr(struct bundle *, struct in_addr); extern int ipcp_UseHisaddr(struct bundle *, const char *, int); extern int ipcp_vjset(struct cmdargs const *); extern void ipcp_CleanInterface(struct ipcp *); diff --git a/usr.sbin/ppp/ppp/iplist.c b/usr.sbin/ppp/ppp/iplist.c index 4acbecc67ce..45eaa14d31c 100644 --- a/usr.sbin/ppp/ppp/iplist.c +++ b/usr.sbin/ppp/ppp/iplist.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: iplist.c,v 1.1 1998/08/31 00:22:22 brian Exp $ + * $Id: iplist.c,v 1.2 1999/02/06 03:22:39 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/iplist.h b/usr.sbin/ppp/ppp/iplist.h index c9f941973b2..6e07aea7ecb 100644 --- a/usr.sbin/ppp/ppp/iplist.h +++ b/usr.sbin/ppp/ppp/iplist.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: iplist.h,v 1.1 1998/08/31 00:22:22 brian Exp $ + * $Id: iplist.h,v 1.2 1999/02/06 03:22:40 brian Exp $ */ struct iplist_cur { diff --git a/usr.sbin/ppp/ppp/lcp.c b/usr.sbin/ppp/ppp/lcp.c index 5b8fe164aed..4071968e148 100644 --- a/usr.sbin/ppp/ppp/lcp.c +++ b/usr.sbin/ppp/ppp/lcp.c @@ -17,13 +17,13 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: lcp.c,v 1.5 1999/01/13 17:39:57 brian Exp $ + * $Id: lcp.c,v 1.6 1999/02/06 03:22:40 brian Exp $ * * TODO: * o Limit data field length by MRU */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -64,6 +64,9 @@ #include "chap.h" #include "cbcp.h" #include "datalink.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" /* for received LQRs */ diff --git a/usr.sbin/ppp/ppp/lcp.h b/usr.sbin/ppp/ppp/lcp.h index 75aa506d162..7261bc094ea 100644 --- a/usr.sbin/ppp/ppp/lcp.h +++ b/usr.sbin/ppp/ppp/lcp.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: lcp.h,v 1.1 1998/08/31 00:22:22 brian Exp $ + * $Id: lcp.h,v 1.2 1999/02/06 03:22:41 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/lcpproto.h b/usr.sbin/ppp/ppp/lcpproto.h index cc523f6f2a6..95d6c604ec8 100644 --- a/usr.sbin/ppp/ppp/lcpproto.h +++ b/usr.sbin/ppp/ppp/lcpproto.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: lcpproto.h,v 1.1 1998/08/31 00:22:23 brian Exp $ + * $Id: lcpproto.h,v 1.2 1999/02/06 03:22:41 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/link.c b/usr.sbin/ppp/ppp/link.c index 6866d4e6a94..0ec31d7ec28 100644 --- a/usr.sbin/ppp/ppp/link.c +++ b/usr.sbin/ppp/ppp/link.c @@ -23,14 +23,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: link.c,v 1.1 1998/08/31 00:22:23 brian Exp $ + * $Id: link.c,v 1.2 1999/02/06 03:22:41 brian Exp $ * */ #include <sys/types.h> #include <stdio.h> -#include <string.h> #include <termios.h> #include "defs.h" diff --git a/usr.sbin/ppp/ppp/link.h b/usr.sbin/ppp/ppp/link.h index 87a5402d2c2..ab1a7a9e074 100644 --- a/usr.sbin/ppp/ppp/link.h +++ b/usr.sbin/ppp/ppp/link.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: link.h,v 1.1 1998/08/31 00:22:23 brian Exp $ + * $Id: link.h,v 1.2 1999/02/06 03:22:41 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/log.c b/usr.sbin/ppp/ppp/log.c index 82c6f33e96a..443303bd8f3 100644 --- a/usr.sbin/ppp/ppp/log.c +++ b/usr.sbin/ppp/ppp/log.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: log.c,v 1.1 1998/08/31 00:22:23 brian Exp $ + * $Id: log.c,v 1.2 1999/02/06 03:22:41 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/log.h b/usr.sbin/ppp/ppp/log.h index b399ca16ff7..43f7eaecaef 100644 --- a/usr.sbin/ppp/ppp/log.h +++ b/usr.sbin/ppp/ppp/log.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: log.h,v 1.1 1998/08/31 00:22:23 brian Exp $ + * $Id: log.h,v 1.2 1999/02/06 03:22:41 brian Exp $ */ #define LogMIN (1) diff --git a/usr.sbin/ppp/ppp/lqr.c b/usr.sbin/ppp/ppp/lqr.c index 690d75d193e..c0c1a9ed49b 100644 --- a/usr.sbin/ppp/ppp/lqr.c +++ b/usr.sbin/ppp/ppp/lqr.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: lqr.c,v 1.1 1998/08/31 00:22:23 brian Exp $ + * $Id: lqr.c,v 1.2 1999/02/06 03:22:41 brian Exp $ * * o LQR based on RFC1333 * @@ -26,7 +26,7 @@ * o Allow user to configure LQM method and interval. */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/un.h> #include <string.h> diff --git a/usr.sbin/ppp/ppp/lqr.h b/usr.sbin/ppp/ppp/lqr.h index d5de2074c8d..cc9e1c8fd0d 100644 --- a/usr.sbin/ppp/ppp/lqr.h +++ b/usr.sbin/ppp/ppp/lqr.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: lqr.h,v 1.1 1998/08/31 00:22:23 brian Exp $ + * $Id: lqr.h,v 1.2 1999/02/06 03:22:41 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/main.c b/usr.sbin/ppp/ppp/main.c index 33035015734..e080e93f8a5 100644 --- a/usr.sbin/ppp/ppp/main.c +++ b/usr.sbin/ppp/ppp/main.c @@ -17,12 +17,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: main.c,v 1.7 1999/02/02 09:50:14 brian Exp $ + * $Id: main.c,v 1.8 1999/02/06 03:22:41 brian Exp $ * * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -64,6 +64,9 @@ #include "descriptor.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "auth.h" #include "systems.h" @@ -513,6 +516,8 @@ DoLoop(struct bundle *bundle) break; } + log_Printf(LogTIMER, "Select returns %d\n", i); + sig_Handle(); if (i <= 0) diff --git a/usr.sbin/ppp/ppp/main.h b/usr.sbin/ppp/ppp/main.h index 88318476a33..a870efd8008 100644 --- a/usr.sbin/ppp/ppp/main.h +++ b/usr.sbin/ppp/ppp/main.h @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: main.h,v 1.1 1998/08/31 00:22:24 brian Exp $ + * $Id: main.h,v 1.2 1999/02/06 03:22:42 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/mbuf.c b/usr.sbin/ppp/ppp/mbuf.c index 41de244acd0..7ef4bb23f27 100644 --- a/usr.sbin/ppp/ppp/mbuf.c +++ b/usr.sbin/ppp/ppp/mbuf.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: mbuf.c,v 1.1 1998/08/31 00:22:24 brian Exp $ + * $Id: mbuf.c,v 1.2 1999/02/06 03:22:42 brian Exp $ * */ #include <sys/types.h> @@ -114,13 +114,8 @@ mbuf_Read(struct mbuf * bp, u_char * ptr, int len) bp->cnt -= nb; len -= nb; bp->offset += nb; - if (bp->cnt == 0) { -#ifdef notdef - bp = bp->next; -#else + if (bp->cnt == 0) bp = mbuf_FreeSeg(bp); -#endif - } } return (bp); } diff --git a/usr.sbin/ppp/ppp/mbuf.h b/usr.sbin/ppp/ppp/mbuf.h index 104f44661b8..1b987439387 100644 --- a/usr.sbin/ppp/ppp/mbuf.h +++ b/usr.sbin/ppp/ppp/mbuf.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: mbuf.h,v 1.1 1998/08/31 00:22:24 brian Exp $ + * $Id: mbuf.h,v 1.2 1999/02/06 03:22:42 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/modem.c b/usr.sbin/ppp/ppp/modem.c index 7dacede5c9b..e1c62f5e7b5 100644 --- a/usr.sbin/ppp/ppp/modem.c +++ b/usr.sbin/ppp/ppp/modem.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: modem.c,v 1.2 1999/01/10 02:23:22 brian Exp $ + * $Id: modem.c,v 1.3 1999/02/06 03:22:42 brian Exp $ * * TODO: */ @@ -69,6 +69,9 @@ #include "link.h" #include "physical.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "prompt.h" #include "chat.h" diff --git a/usr.sbin/ppp/ppp/modem.h b/usr.sbin/ppp/ppp/modem.h index c2adf2cc9bb..bd9b2975b7f 100644 --- a/usr.sbin/ppp/ppp/modem.h +++ b/usr.sbin/ppp/ppp/modem.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: modem.h,v 1.1 1998/08/31 00:22:24 brian Exp $ + * $Id: modem.h,v 1.2 1999/02/06 03:22:42 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/mp.c b/usr.sbin/ppp/ppp/mp.c index 97e74f16791..0270b42044c 100644 --- a/usr.sbin/ppp/ppp/mp.c +++ b/usr.sbin/ppp/ppp/mp.c @@ -23,10 +23,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: mp.c,v 1.3 1998/10/29 02:21:46 brian Exp $ + * $Id: mp.c,v 1.4 1999/02/06 03:22:42 brian Exp $ */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -71,6 +71,9 @@ #include "chap.h" #include "cbcp.h" #include "datalink.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "ip.h" #include "prompt.h" diff --git a/usr.sbin/ppp/ppp/mp.h b/usr.sbin/ppp/ppp/mp.h index 7bf1aa30755..b79022dad7e 100644 --- a/usr.sbin/ppp/ppp/mp.h +++ b/usr.sbin/ppp/ppp/mp.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: mp.h,v 1.1 1998/08/31 00:22:25 brian Exp $ + * $Id: mp.h,v 1.2 1999/02/06 03:22:42 brian Exp $ */ struct mbuf; diff --git a/usr.sbin/ppp/ppp/pap.c b/usr.sbin/ppp/ppp/pap.c index c36d0098077..a118baefd95 100644 --- a/usr.sbin/ppp/ppp/pap.c +++ b/usr.sbin/ppp/ppp/pap.c @@ -18,17 +18,17 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: pap.c,v 1.3 1999/02/02 09:49:57 brian Exp $ + * $Id: pap.c,v 1.4 1999/02/06 03:22:42 brian Exp $ * * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> #include <sys/un.h> -#include <string.h> +#include <stdlib.h> #include <termios.h> #include "mbuf.h" @@ -53,6 +53,9 @@ #include "ipcp.h" #include "filter.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "chat.h" #include "chap.h" @@ -60,41 +63,41 @@ #include "datalink.h" static const char *papcodes[] = { "???", "REQUEST", "SUCCESS", "FAILURE" }; +#define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1) -void -pap_SendChallenge(struct authinfo *auth, int papid, struct physical *physical) +static void +pap_Req(struct authinfo *authp) { + struct bundle *bundle = authp->physical->dl->bundle; struct fsmheader lh; struct mbuf *bp; u_char *cp; int namelen, keylen, plen; - namelen = strlen(physical->dl->bundle->cfg.auth.name); - keylen = strlen(physical->dl->bundle->cfg.auth.key); + namelen = strlen(bundle->cfg.auth.name); + keylen = strlen(bundle->cfg.auth.key); plen = namelen + keylen + 2; - log_Printf(LogDEBUG, "pap_SendChallenge: namelen = %d, keylen = %d\n", - namelen, keylen); - log_Printf(LogPHASE, "Pap Output: %s ********\n", - physical->dl->bundle->cfg.auth.name); - if (*physical->dl->bundle->cfg.auth.name == '\0') + log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen); + log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name); + if (*bundle->cfg.auth.name == '\0') log_Printf(LogWARN, "Sending empty PAP authname!\n"); lh.code = PAP_REQUEST; - lh.id = papid; + lh.id = authp->id; lh.length = htons(plen + sizeof(struct fsmheader)); bp = mbuf_Alloc(plen + sizeof(struct fsmheader), MB_FSM); memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); cp = MBUF_CTOP(bp) + sizeof(struct fsmheader); *cp++ = namelen; - memcpy(cp, physical->dl->bundle->cfg.auth.name, namelen); + memcpy(cp, bundle->cfg.auth.name, namelen); cp += namelen; *cp++ = keylen; - memcpy(cp, physical->dl->bundle->cfg.auth.key, keylen); + memcpy(cp, bundle->cfg.auth.key, keylen); - hdlc_Output(&physical->link, PRI_LINK, PROTO_PAP, bp); + hdlc_Output(&authp->physical->link, PRI_LINK, PROTO_PAP, bp); } static void -SendPapCode(int id, int code, const char *message, struct physical *physical) +SendPapCode(struct authinfo *authp, int code, const char *message) { struct fsmheader lh; struct mbuf *bp; @@ -102,7 +105,7 @@ SendPapCode(int id, int code, const char *message, struct physical *physical) int plen, mlen; lh.code = code; - lh.id = id; + lh.id = authp->id; mlen = strlen(message); plen = mlen + 1; lh.length = htons(plen + sizeof(struct fsmheader)); @@ -112,90 +115,124 @@ SendPapCode(int id, int code, const char *message, struct physical *physical) *cp++ = mlen; memcpy(cp, message, mlen); log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]); - hdlc_Output(&physical->link, PRI_LINK, PROTO_PAP, bp); + + hdlc_Output(&authp->physical->link, PRI_LINK, PROTO_PAP, bp); } -/* - * Validate given username and passwrd against with secret table - */ -static int -PapValidate(struct bundle *bundle, u_char *name, u_char *key, - struct physical *physical) +static void +pap_Success(struct authinfo *authp) { - int nlen, klen; + datalink_GotAuthname(authp->physical->dl, authp->in.name); + SendPapCode(authp, PAP_ACK, "Greetings!!"); + authp->physical->link.lcp.auth_ineed = 0; + if (Enabled(authp->physical->dl->bundle, OPT_UTMP)) + physical_Login(authp->physical, authp->in.name); - nlen = *name++; - klen = *key; - *key++ = 0; - key[klen] = 0; - log_Printf(LogDEBUG, "PapValidate: name %s (%d), key %s (%d)\n", - name, nlen, key, klen); + if (authp->physical->link.lcp.auth_iwait == 0) + /* + * Either I didn't need to authenticate, or I've already been + * told that I got the answer right. + */ + datalink_AuthOk(authp->physical->dl); +} - return auth_Validate(bundle, name, key, physical); +static void +pap_Failure(struct authinfo *authp) +{ + SendPapCode(authp, PAP_NAK, "Login incorrect"); + datalink_AuthNotOk(authp->physical->dl); } void -pap_Input(struct bundle *bundle, struct mbuf *bp, struct physical *physical) +pap_Init(struct authinfo *pap, struct physical *p) { - int len = mbuf_Length(bp); - struct fsmheader *php; - u_char *cp; + auth_Init(pap, p, pap_Req, pap_Success, pap_Failure); +} + +void +pap_Input(struct physical *p, struct mbuf *bp) +{ + struct authinfo *authp = &p->dl->pap; + u_char nlen, klen, *key; + + if ((bp = auth_ReadHeader(authp, bp)) == NULL) + return; - if (len >= sizeof(struct fsmheader)) { - php = (struct fsmheader *) MBUF_CTOP(bp); - if (len >= ntohs(php->length)) { - if (php->code < PAP_REQUEST || php->code > PAP_NAK) - php->code = 0; - switch (php->code) { - case PAP_REQUEST: - cp = (u_char *) (php + 1); - log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n", - papcodes[php->code], *cp, cp + 1); - if (PapValidate(bundle, cp, cp + *cp + 1, physical)) { - datalink_GotAuthname(physical->dl, cp+1, *cp); - SendPapCode(php->id, PAP_ACK, "Greetings!!", physical); - physical->link.lcp.auth_ineed = 0; - if (Enabled(bundle, OPT_UTMP)) - physical_Login(physical, cp + 1); - - if (physical->link.lcp.auth_iwait == 0) - /* - * Either I didn't need to authenticate, or I've already been - * told that I got the answer right. - */ - datalink_AuthOk(physical->dl); - } else { - SendPapCode(php->id, PAP_NAK, "Login incorrect", physical); - datalink_AuthNotOk(physical->dl); - } - break; - case PAP_ACK: - auth_StopTimer(&physical->dl->pap); - cp = (u_char *) (php + 1); - len = *cp++; - cp[len] = 0; - log_Printf(LogPHASE, "Pap Input: %s (%s)\n", papcodes[php->code], cp); - if (physical->link.lcp.auth_iwait == PROTO_PAP) { - physical->link.lcp.auth_iwait = 0; - if (physical->link.lcp.auth_ineed == 0) - /* - * We've succeeded in our ``login'' - * If we're not expecting the peer to authenticate (or he already - * has), proceed to network phase. - */ - datalink_AuthOk(physical->dl); - } - break; - case PAP_NAK: - auth_StopTimer(&physical->dl->pap); - cp = (u_char *) (php + 1); - len = *cp++; - cp[len] = 0; - log_Printf(LogPHASE, "Pap Input: %s (%s)\n", papcodes[php->code], cp); - datalink_AuthNotOk(physical->dl); - break; + if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) { + log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code); + mbuf_Free(bp); + return; + } + + if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id && + Enabled(p->dl->bundle, OPT_IDCHECK)) { + /* Wrong conversation dude ! */ + log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n", + papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id); + mbuf_Free(bp); + return; + } + authp->id = authp->in.hdr.id; /* We respond with this id */ + + if (bp) { + bp = mbuf_Read(bp, &nlen, 1); + bp = auth_ReadName(authp, bp, nlen); + } + + log_Printf(LogPHASE, "Pap Input: %s (%s)\n", + papcodes[authp->in.hdr.code], authp->in.name); + + switch (authp->in.hdr.code) { + case PAP_REQUEST: + if (bp == NULL) { + log_Printf(LogPHASE, "Pap Input: No key given !\n"); + break; + } + bp = mbuf_Read(bp, &klen, 1); + if (mbuf_Length(bp) < klen) { + log_Printf(LogERROR, "Pap Input: Truncated key !\n"); + break; } - } + if ((key = malloc(klen+1)) == NULL) { + log_Printf(LogERROR, "Pap Input: Out of memory !\n"); + break; + } + bp = mbuf_Read(bp, key, klen); + key[klen] = '\0'; + +#ifndef NORADIUS + if (*p->dl->bundle->radius.cfg.file) + radius_Authenticate(&p->dl->bundle->radius, authp, authp->in.name, + key, NULL); + else +#endif + if (auth_Validate(p->dl->bundle, authp->in.name, key, p)) + pap_Success(authp); + else + pap_Failure(authp); + + free(key); + break; + + case PAP_ACK: + auth_StopTimer(authp); + if (p->link.lcp.auth_iwait == PROTO_PAP) { + p->link.lcp.auth_iwait = 0; + if (p->link.lcp.auth_ineed == 0) + /* + * We've succeeded in our ``login'' + * If we're not expecting the peer to authenticate (or he already + * has), proceed to network phase. + */ + datalink_AuthOk(p->dl); + } + break; + + case PAP_NAK: + auth_StopTimer(authp); + datalink_AuthNotOk(p->dl); + break; } + mbuf_Free(bp); } diff --git a/usr.sbin/ppp/ppp/pap.h b/usr.sbin/ppp/ppp/pap.h index c5fcbd3daf2..4c4dac129b5 100644 --- a/usr.sbin/ppp/ppp/pap.h +++ b/usr.sbin/ppp/ppp/pap.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: pap.h,v 1.3 1999/02/02 09:49:57 brian Exp $ + * $Id: pap.h,v 1.4 1999/02/06 03:22:42 brian Exp $ * * TODO: */ @@ -27,7 +27,6 @@ struct mbuf; struct physical; struct authinfo; -struct bundle; -extern void pap_Input(struct bundle *, struct mbuf *, struct physical *); -extern void pap_SendChallenge(struct authinfo *, int, struct physical *); +extern void pap_Init(struct authinfo *, struct physical *); +extern void pap_Input(struct physical *, struct mbuf *); diff --git a/usr.sbin/ppp/ppp/physical.c b/usr.sbin/ppp/ppp/physical.c index 683f7943e27..2d35a14b457 100644 --- a/usr.sbin/ppp/ppp/physical.c +++ b/usr.sbin/ppp/ppp/physical.c @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: physical.c,v 1.2 1999/01/10 02:23:22 brian Exp $ + * $Id: physical.c,v 1.3 1999/02/06 03:22:42 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/physical.h b/usr.sbin/ppp/ppp/physical.h index 89cb39581fd..5db54c2b353 100644 --- a/usr.sbin/ppp/ppp/physical.h +++ b/usr.sbin/ppp/ppp/physical.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: physical.h,v 1.2 1999/01/10 02:23:22 brian Exp $ + * $Id: physical.h,v 1.3 1999/02/06 03:22:42 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/ppp.8 b/usr.sbin/ppp/ppp/ppp.8 index 74a50e042fa..601cf486d9e 100644 --- a/usr.sbin/ppp/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp/ppp.8 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.15 1999/02/04 11:54:48 brian Exp $ +.\" $Id: ppp.8,v 1.16 1999/02/06 03:22:42 brian Exp $ .Dd 20 September 1995 .nr XX \w'\fC00' .Os FreeBSD @@ -109,11 +109,29 @@ CHAP authentication and .Nm is compiled with DES support, an appropriate MD4/DES response will be made. +.It Supports RADIUS authentication. +An extension to PAP and CHAP, +.Em \&R Ns No emote +.Em \&A Ns No ccess +.Em \&D Ns No ial +.Em \&I Ns No n +.Em \&U Ns No ser +.Em \&S Ns No ervice +allows authentication information to be stored in a central or +distributed database along with various per-user framed connection +characteristics. If +.Pa libradius +is available at compile time, +.Nm +will use it to make +.Em RADIUS +requests when configured to do so. .It Supports Proxy Arp. When -.Em PPP -is set up as server, you can also configure it to do proxy arp for your -connection. +.Nm +is set up as server, it can be configured to make one or more proxy arp +entries on behalf of the client. This allows routing to the LAN without +configuring each machine on that LAN. .It Supports packet filtering. User can define four kinds of filters: the .Em in @@ -360,10 +378,6 @@ file: *.*<TAB>/var/log/ppp.log .Ed .Pp -Make sure you use actual TABs here. If you use spaces, the line will be -silently ignored by -.Xr syslogd 8 . -.Pp It is possible to have more than one .Em PPP log file by creating a link to the @@ -3498,6 +3512,95 @@ command must appear in as it is not known when the commands in .Pa ppp.conf are executed. +.It set radius Op Ar config-file +This command enables RADIUS support (if it's compiled in). +.Ar config-file +refers to the radius client configuration file as described in +.Xr radius.conf 5 . +If PAP or CHAP are +.Dq enable Ns No d , +.Nm +behaves as a +.Em \&N Ns No etwork +.Em \&A Ns No ccess +.Em \&S Ns No erver +and uses the configured RADIUS server to authenticate rather than +authenticating from the +.Pa ppp.secret +file or from the passwd database. +.Pp +If neither PAP or CHAP are enabled, +.Dq set radius +will do nothing. +.Pp +.Nm +uses the following attributes from the RADIUS reply: +.Bl -tag -width XXX -offset XXX +.It RAD_FRAMED_IP_ADDRESS +The peer IP address is set to the given value. +.It RAD_FRAMED_IP_NETMASK +The tun interface netmask is set to the given value. +.It RAD_FRAMED_MTU +If the given MTU is less than the peers MRU as agreed during LCP +negotiation, *and* it is less that any configured MTU (see the +.Dq set mru +command), the tun interface MTU is set to the given value. +.It RAD_FRAMED_COMPRESSION +If the received compression type is +.Dq 1 , +.Nm +will request VJ compression during IPCP negotiations despite any +.Dq disable vj +configuration command. +.It RAD_FRAMED_ROUTE +The received string is expected to be in the format +.Ar dest Ns Op / Ns Ar bits +.Ar gw +.Op Ar metrics . +Any specified metrics are ignored. +.Dv MYADDR +and +.Dv HISADDR +are understood as valid values for +.Ar dest +and +.Ar gw , +.Dq default +can be used for +.Ar dest +to sepcify the default route, and +.Dq 0.0.0.0 +is understood to be the same as +.Dq default +for +.Ar dest +and +.Dv HISADDR +for +.Ar gw . +.Pp +For example, a returned value of +.Dq 1.2.3.4/24 0.0.0.0 1 2 -1 3 400 +would result in a routing table entry to the 1.2.3.0/24 network via +.Dv HISADDR +and a returned value of +.Dq 0.0.0.0 0.0.0.0 +or +.Dq default HISADDR +would result in a default route to +.Dv HISADDR . +.Pp +All RADIUS routes are applied after any sticky routes are applied, making +RADIUS routes override configured routes. This also applies for RADIUS +routes that don't include the +.Dv MYADDR +or +.Dv HISADDR +keywords. +.Pp +.El +Values received from the RADIUS server may be viewed using +.Dq show bundle . .It set reconnect Ar timeout ntries Should the line drop unexpectedly (due to loss of CD or LQR failure), a connection will be re-established after the given @@ -3841,6 +3944,7 @@ This socket is used to pass links between different instances of .Xr ping 8 , .Xr pppctl 8 , .Xr pppd 8 , +.Xr radius.conf 5 , .Xr route 8 , .Xr syslogd 8 , .Xr traceroute 8 , diff --git a/usr.sbin/ppp/ppp/pred.c b/usr.sbin/ppp/ppp/pred.c index 0480e61cfb3..dce5ec49949 100644 --- a/usr.sbin/ppp/ppp/pred.c +++ b/usr.sbin/ppp/ppp/pred.c @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pred.c,v 1.1 1998/08/31 00:22:26 brian Exp $ + * $Id: pred.c,v 1.2 1999/02/06 03:22:43 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/pred.h b/usr.sbin/ppp/ppp/pred.h index d2fb046a298..0ad1eae2ec3 100644 --- a/usr.sbin/ppp/ppp/pred.h +++ b/usr.sbin/ppp/ppp/pred.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: pred.h,v 1.1 1998/08/31 00:22:26 brian Exp $ + * $Id: pred.h,v 1.2 1999/02/06 03:22:43 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/probe.c b/usr.sbin/ppp/ppp/probe.c index fd6c5e5c8e0..d364a04a31d 100644 --- a/usr.sbin/ppp/ppp/probe.c +++ b/usr.sbin/ppp/ppp/probe.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: probe.c,v 1.1 1998/08/31 00:22:26 brian Exp $ + * $Id: probe.c,v 1.2 1999/02/06 03:22:43 brian Exp $ */ #include <sys/time.h> diff --git a/usr.sbin/ppp/ppp/probe.h b/usr.sbin/ppp/ppp/probe.h index e8d68facfce..fe48eefc9c5 100644 --- a/usr.sbin/ppp/ppp/probe.h +++ b/usr.sbin/ppp/ppp/probe.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: probe.h,v 1.1 1998/08/31 00:22:27 brian Exp $ + * $Id: probe.h,v 1.2 1999/02/06 03:22:43 brian Exp $ */ struct probe { diff --git a/usr.sbin/ppp/ppp/prompt.c b/usr.sbin/ppp/ppp/prompt.c index 81034155678..3ec1b832f01 100644 --- a/usr.sbin/ppp/ppp/prompt.c +++ b/usr.sbin/ppp/ppp/prompt.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: prompt.c,v 1.1 1998/08/31 00:22:27 brian Exp $ + * $Id: prompt.c,v 1.2 1999/02/06 03:22:43 brian Exp $ */ #include <sys/param.h> @@ -63,6 +63,9 @@ #include "link.h" #include "physical.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "chat.h" #include "chap.h" diff --git a/usr.sbin/ppp/ppp/prompt.h b/usr.sbin/ppp/ppp/prompt.h index 6f58cb6588a..699d745a460 100644 --- a/usr.sbin/ppp/ppp/prompt.h +++ b/usr.sbin/ppp/ppp/prompt.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: prompt.h,v 1.1 1998/08/31 00:22:27 brian Exp $ + * $Id: prompt.h,v 1.2 1999/02/06 03:22:43 brian Exp $ */ #define LOCAL_AUTH 0x01 diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c new file mode 100644 index 00000000000..2e7296db8fc --- /dev/null +++ b/usr.sbin/ppp/ppp/radius.c @@ -0,0 +1,423 @@ +/* + * Copyright 1999 Internet Business Solutions Ltd., Switzerland + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: radius.c,v 1.1 1999/02/06 03:22:44 brian Exp $ + * + */ + +#include <sys/param.h> +#include <netinet/in_systm.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <arpa/inet.h> +#include <sys/un.h> + +#include <errno.h> +#include "radlib.h" +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/time.h> +#include <termios.h> + +#include "defs.h" +#include "log.h" +#include "descriptor.h" +#include "prompt.h" +#include "timer.h" +#include "fsm.h" +#include "iplist.h" +#include "slcompress.h" +#include "throughput.h" +#include "lqr.h" +#include "hdlc.h" +#include "mbuf.h" +#include "ipcp.h" +#include "route.h" +#include "command.h" +#include "filter.h" +#include "lcp.h" +#include "ccp.h" +#include "link.h" +#include "mp.h" +#include "radius.h" +#include "auth.h" +#include "async.h" +#include "physical.h" +#include "chat.h" +#include "cbcp.h" +#include "chap.h" +#include "datalink.h" +#include "bundle.h" + +/* + * rad_continue_send_request() has given us `got' (non-zero). Deal with it. + */ +static void +radius_Process(struct radius *r, int got) +{ + char *argv[MAXARGS], *nuke; + struct bundle *bundle; + int len, argc, addrs; + struct in_range dest; + struct in_addr gw; + const void *data; + + r->cx.fd = -1; /* Stop select()ing */ + + switch (got) { + case RAD_ACCESS_ACCEPT: + log_Printf(LogPHASE, "Radius: ACCEPT received\n"); + break; + + case RAD_ACCESS_REJECT: + log_Printf(LogPHASE, "Radius: REJECT received\n"); + auth_Failure(r->cx.auth); + rad_close(r->cx.rad); + return; + + case RAD_ACCESS_CHALLENGE: + /* we can't deal with this (for now) ! */ + log_Printf(LogPHASE, "Radius: CHALLENGE received (can't handle yet)\n"); + auth_Failure(r->cx.auth); + rad_close(r->cx.rad); + return; + + case -1: + log_Printf(LogPHASE, "radius: %s\n", rad_strerror(r->cx.rad)); + auth_Failure(r->cx.auth); + rad_close(r->cx.rad); + return; + + default: + log_Printf(LogERROR, "rad_send_request: Failed %d: %s\n", + got, rad_strerror(r->cx.rad)); + auth_Failure(r->cx.auth); + rad_close(r->cx.rad); + return; + } + + /* So we've been accepted ! Let's see what we've got in our reply :-I */ + r->ip.s_addr = r->mask.s_addr = INADDR_NONE; + r->mtu = 0; + r->vj = 0; + while ((got = rad_get_attr(r->cx.rad, &data, &len)) > 0) { + switch (got) { + case RAD_FRAMED_IP_ADDRESS: + r->ip = rad_cvt_addr(data); + log_Printf(LogPHASE, " IP %s\n", inet_ntoa(r->ip)); + break; + + case RAD_FRAMED_IP_NETMASK: + r->mask = rad_cvt_addr(data); + log_Printf(LogPHASE, " Netmask %s\n", inet_ntoa(r->mask)); + break; + + case RAD_FRAMED_MTU: + r->mtu = rad_cvt_int(data); + log_Printf(LogPHASE, " MTU %lu\n", r->mtu); + break; + + case RAD_FRAMED_ROUTING: + /* Disabled for now - should we automatically set up some filters ? */ + /* rad_cvt_int(data); */ + /* bit 1 = Send routing packets */ + /* bit 2 = Receive routing packets */ + break; + + case RAD_FRAMED_COMPRESSION: + r->vj = rad_cvt_int(data) == 1 ? 1 : 0; + log_Printf(LogPHASE, " VJ %sabled\n", r->vj ? "en" : "dis"); + break; + + case RAD_FRAMED_ROUTE: + /* + * We expect a string of the format ``dest[/bits] gw [metrics]'' + * Any specified metrics are ignored. MYADDR and HISADDR are + * understood for ``dest'' and ``gw'' and ``0.0.0.0'' is the same + * as ``HISADDR''. + */ + + if ((nuke = rad_cvt_string(data, len)) == NULL) { + log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad)); + rad_close(r->cx.rad); + return; + } + + log_Printf(LogPHASE, " Route: %s\n", nuke); + bundle = r->cx.auth->physical->dl->bundle; + dest.ipaddr.s_addr = dest.mask.s_addr = INADDR_ANY; + dest.width = 0; + argc = command_Interpret(nuke, strlen(nuke), argv); + if (argc < 2) + log_Printf(LogWARN, "radius: %s: Invalid route\n", + argc == 1 ? argv[0] : "\"\""); + else if ((strcasecmp(argv[0], "default") != 0 && + !ParseAddr(&bundle->ncp.ipcp, argv[0], &dest.ipaddr, + &dest.mask, &dest.width)) || + !ParseAddr(&bundle->ncp.ipcp, argv[1], &gw, NULL, NULL)) + log_Printf(LogWARN, "radius: %s %s: Invalid route\n", + argv[0], argv[1]); + else { + if (dest.width == 32 && strchr(argv[0], '/') == NULL) + /* No mask specified - use the natural mask */ + dest.mask.s_addr = addr2mask(dest.ipaddr.s_addr); + addrs = 0; + + if (!strncasecmp(argv[0], "HISADDR", 7)) + addrs = ROUTE_DSTHISADDR; + else if (!strncasecmp(argv[0], "MYADDR", 6)) + addrs = ROUTE_DSTMYADDR; + + if (gw.s_addr == INADDR_ANY) { + addrs |= ROUTE_GWHISADDR; + gw = bundle->ncp.ipcp.peer_ip; + } else if (strcasecmp(argv[1], "HISADDR") == 0) + addrs |= ROUTE_GWHISADDR; + + route_Add(&r->routes, addrs, dest.ipaddr, dest.mask, gw); + } + free(nuke); + break; + } + } + + if (got == -1) { + log_Printf(LogERROR, "rad_get_attr: %s (failing!)\n", + rad_strerror(r->cx.rad)); + auth_Failure(r->cx.auth); + rad_close(r->cx.rad); + } else { + r->valid = 1; + auth_Success(r->cx.auth); + rad_close(r->cx.rad); + } +} + +/* + * We've either timed out or select()ed on the read descriptor + */ +static void +radius_Continue(struct radius *r, int sel) +{ + struct timeval tv; + int got; + + timer_Stop(&r->cx.timer); + if ((got = rad_continue_send_request(r->cx.rad, sel, &r->cx.fd, &tv)) == 0) { + log_Printf(LogPHASE, "Radius: Request re-sent\n"); + r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS; + timer_Start(&r->cx.timer); + return; + } + + radius_Process(r, got); +} + +/* + * Time to call rad_continue_send_request() - timed out. + */ +static void +radius_Timeout(void *v) +{ + radius_Continue((struct radius *)v, 0); +} + +/* + * Time to call rad_continue_send_request() - something to read. + */ +static void +radius_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) +{ + radius_Continue(descriptor2radius(d), 1); +} + +/* + * Behave as a struct descriptor (descriptor.h) + */ +static int +radius_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) +{ + struct radius *rad = descriptor2radius(d); + + if (r && rad->cx.fd != -1) { + FD_SET(rad->cx.fd, r); + if (*n < rad->cx.fd + 1) + *n = rad->cx.fd + 1; + log_Printf(LogTIMER, "Radius: fdset(r) %d\n", rad->cx.fd); + return 1; + } + + return 0; +} + +/* + * Behave as a struct descriptor (descriptor.h) + */ +static int +radius_IsSet(struct descriptor *d, const fd_set *fdset) +{ + struct radius *r = descriptor2radius(d); + + return r && r->cx.fd != -1 && FD_ISSET(r->cx.fd, fdset); +} + +/* + * Behave as a struct descriptor (descriptor.h) + */ +static int +radius_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) +{ + /* We never want to write here ! */ + log_Printf(LogALERT, "radius_Write: Internal error: Bad call !\n"); + return 0; +} + +/* + * Initialise ourselves + */ +void +radius_Init(struct radius *r) +{ + r->valid = 0; + r->cx.fd = -1; + *r->cfg.file = '\0';; + r->desc.type = RADIUS_DESCRIPTOR; + r->desc.UpdateSet = radius_UpdateSet; + r->desc.IsSet = radius_IsSet; + r->desc.Read = radius_Read; + r->desc.Write = radius_Write; + memset(&r->cx.timer, '\0', sizeof r->cx.timer); +} + +/* + * Forget everything and go back to initialised state. + */ +void +radius_Destroy(struct radius *r) +{ + r->valid = 0; + timer_Stop(&r->cx.timer); + route_DeleteAll(&r->routes); + if (r->cx.fd != -1) { + r->cx.fd = -1; + rad_close(r->cx.rad); + } +} + +/* + * Start an authentication request to the RADIUS server. + */ +void +radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, + const char *key, const char *challenge) +{ + struct timeval tv; + int got; + + if (!*r->cfg.file) + return; + + if (r->cx.fd != -1) + /* + * We assume that our name/key/challenge is the same as last time, + * and just continue to wait for the RADIUS server(s). + */ + return; + + radius_Destroy(r); + + if ((r->cx.rad = rad_open()) == NULL) { + log_Printf(LogERROR, "rad_open: %s\n", strerror(errno)); + return; + } + + if (rad_config(r->cx.rad, r->cfg.file) != 0) { + log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad)); + rad_close(r->cx.rad); + return; + } + + if (rad_create_request(r->cx.rad, RAD_ACCESS_REQUEST) != 0) { + log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad)); + rad_close(r->cx.rad); + return; + } + + if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 || + rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 || + rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) { + log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); + rad_close(r->cx.rad); + return; + } + + if (challenge != NULL) { + /* We're talking CHAP */ + if (rad_put_string(r->cx.rad, RAD_CHAP_PASSWORD, key) != 0 || + rad_put_string(r->cx.rad, RAD_CHAP_CHALLENGE, challenge) != 0) { + log_Printf(LogERROR, "CHAP: rad_put_string: %s\n", + rad_strerror(r->cx.rad)); + rad_close(r->cx.rad); + return; + } + } else if (rad_put_string(r->cx.rad, RAD_USER_PASSWORD, key) != 0) { + /* We're talking PAP */ + log_Printf(LogERROR, "PAP: rad_put_string: %s\n", rad_strerror(r->cx.rad)); + rad_close(r->cx.rad); + return; + } + + if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv))) + radius_Process(r, got); + else { + log_Printf(LogPHASE, "Radius: Request sent\n"); + log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout); + r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS; + r->cx.timer.func = radius_Timeout; + r->cx.timer.name = "radius"; + r->cx.timer.arg = r; + r->cx.auth = authp; + timer_Start(&r->cx.timer); + } +} + +/* + * How do things look at the moment ? + */ +void +radius_Show(struct radius *r, struct prompt *p) +{ + prompt_Printf(p, " Radius config: %s", *r->cfg.file ? r->cfg.file : "none"); + if (r->valid) { + prompt_Printf(p, "\n IP: %s\n", inet_ntoa(r->ip)); + prompt_Printf(p, " Netmask: %s\n", inet_ntoa(r->mask)); + prompt_Printf(p, " MTU: %lu\n", r->mtu); + prompt_Printf(p, " VJ: %sabled\n", r->vj ? "en" : "dis"); + if (r->routes) + route_ShowSticky(p, r->routes, " Routes", 16); + } else + prompt_Printf(p, " (not authenticated)\n"); +} diff --git a/usr.sbin/ppp/ppp/radius.h b/usr.sbin/ppp/ppp/radius.h new file mode 100644 index 00000000000..a9b625c6a3f --- /dev/null +++ b/usr.sbin/ppp/ppp/radius.h @@ -0,0 +1,58 @@ +/* + * Copyright 1999 Internet Business Solutions Ltd., Switzerland + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: radius.h,v 1.1 1999/02/06 03:22:44 brian Exp $ + */ + +struct radius { + struct descriptor desc; /* We're a sort of (selectable) descriptor */ + struct { + int fd; /* We're selecting on this */ + struct rad_handle *rad; /* Using this to talk to our lib */ + struct pppTimer timer; /* for this long */ + struct authinfo *auth; /* Tell this about success/failure */ + } cx; + unsigned valid : 1; /* Is this structure valid ? */ + unsigned vj : 1; /* FRAMED Compression */ + struct in_addr ip; /* FRAMED IP */ + struct in_addr mask; /* FRAMED Netmask */ + unsigned long mtu; /* FRAMED MTU */ + struct sticky_route *routes; /* FRAMED Routes */ + struct { + char file[MAXPATHLEN]; /* Radius config file */ + } cfg; +}; + +#define descriptor2radius(d) \ + ((d)->type == RADIUS_DESCRIPTOR ? (struct radius *)(d) : NULL) + +struct bundle; + +extern void radius_Init(struct radius *); +extern void radius_Destroy(struct radius *); + +extern void radius_Show(struct radius *, struct prompt *); +extern void radius_Authenticate(struct radius *, struct authinfo *, + const char *, const char *, const char *); diff --git a/usr.sbin/ppp/ppp/radlib.c b/usr.sbin/ppp/ppp/radlib.c new file mode 100644 index 00000000000..342fdbb1787 --- /dev/null +++ b/usr.sbin/ppp/ppp/radlib.c @@ -0,0 +1,783 @@ +/*- + * Copyright 1998 Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $OpenBSD: radlib.c,v 1.1 1999/02/06 03:22:45 brian Exp $ + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/time.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <errno.h> +#include <md5.h> +#include <netdb.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "defs.h" +#include "radlib_private.h" + +static void clear_password(struct rad_handle *); +static void generr(struct rad_handle *, const char *, ...); +static void insert_scrambled_password(struct rad_handle *, int); +static int is_valid_response(struct rad_handle *, int, + const struct sockaddr_in *); +static int put_password_attr(struct rad_handle *, int, + const void *, size_t); +static int put_raw_attr(struct rad_handle *, int, + const void *, size_t); +static int split(char *, char *[], int, char *, size_t); + +static void +clear_password(struct rad_handle *h) +{ + if (h->pass_len != 0) { + memset(h->pass, 0, h->pass_len); + h->pass_len = 0; + h->pass_pos = 0; + } +} + +static void +generr(struct rad_handle *h, const char *format, ...) +{ + va_list ap; + + va_start(ap, format); + vsnprintf(h->errmsg, ERRSIZE, format, ap); + va_end(ap); +} + +static void +insert_scrambled_password(struct rad_handle *h, int srv) +{ + MD5_CTX ctx; + unsigned char md5[16]; + const struct rad_server *srvp; + int padded_len; + int pos; + + srvp = &h->servers[srv]; + padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf; + + memcpy(md5, &h->request[POS_AUTH], LEN_AUTH); + for (pos = 0; pos < padded_len; pos += 16) { + int i; + + /* Calculate the new scrambler */ + MD5Init(&ctx); + MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); + MD5Update(&ctx, md5, 16); + MD5Final(md5, &ctx); + + /* + * Mix in the current chunk of the password, and copy + * the result into the right place in the request. Also + * modify the scrambler in place, since we will use this + * in calculating the scrambler for next time. + */ + for (i = 0; i < 16; i++) + h->request[h->pass_pos + pos + i] = + md5[i] ^= h->pass[pos + i]; + } +} + +/* + * Return true if the current response is valid for a request to the + * specified server. + */ +static int +is_valid_response(struct rad_handle *h, int srv, + const struct sockaddr_in *from) +{ + MD5_CTX ctx; + unsigned char md5[16]; + const struct rad_server *srvp; + int len; + + srvp = &h->servers[srv]; + + /* Check the source address */ + if (from->sin_family != srvp->addr.sin_family || + from->sin_addr.s_addr != srvp->addr.sin_addr.s_addr || + from->sin_port != srvp->addr.sin_port) + return 0; + + /* Check the message length */ + if (h->resp_len < POS_ATTRS) + return 0; + len = h->response[POS_LENGTH] << 8 | h->response[POS_LENGTH+1]; + if (len > h->resp_len) + return 0; + + /* Check the response authenticator */ + MD5Init(&ctx); + MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE); + MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH); + MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS); + MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); + MD5Final(md5, &ctx); + if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0) + return 0; + + return 1; +} + +static int +put_password_attr(struct rad_handle *h, int type, const void *value, size_t len) +{ + int padded_len; + int pad_len; + + if (h->pass_pos != 0) { + generr(h, "Multiple User-Password attributes specified"); + return -1; + } + if (len > PASSSIZE) + len = PASSSIZE; + padded_len = len == 0 ? 16 : (len+15) & ~0xf; + pad_len = padded_len - len; + + /* + * Put in a place-holder attribute containing all zeros, and + * remember where it is so we can fill it in later. + */ + clear_password(h); + put_raw_attr(h, type, h->pass, padded_len); + h->pass_pos = h->req_len - padded_len; + + /* Save the cleartext password, padded as necessary */ + memcpy(h->pass, value, len); + h->pass_len = len; + memset(h->pass + len, 0, pad_len); + return 0; +} + +static int +put_raw_attr(struct rad_handle *h, int type, const void *value, size_t len) +{ + if (len > 253) { + generr(h, "Attribute too long"); + return -1; + } + if (h->req_len + 2 + len > MSGSIZE) { + generr(h, "Maximum message length exceeded"); + return -1; + } + h->request[h->req_len++] = type; + h->request[h->req_len++] = len + 2; + memcpy(&h->request[h->req_len], value, len); + h->req_len += len; + return 0; +} + +int +rad_add_server(struct rad_handle *h, const char *host, int port, + const char *secret, int timeout, int tries) +{ + struct rad_server *srvp; + + if (h->num_servers >= MAXSERVERS) { + generr(h, "Too many RADIUS servers specified"); + return -1; + } + srvp = &h->servers[h->num_servers]; + + memset(&srvp->addr, 0, sizeof srvp->addr); + srvp->addr.sin_len = sizeof srvp->addr; + srvp->addr.sin_family = AF_INET; + if (!inet_aton(host, &srvp->addr.sin_addr)) { + struct hostent *hent; + + if ((hent = gethostbyname(host)) == NULL) { + generr(h, "%s: host not found", host); + return -1; + } + memcpy(&srvp->addr.sin_addr, hent->h_addr, + sizeof srvp->addr.sin_addr); + } + if (port != 0) + srvp->addr.sin_port = htons(port); + else { + struct servent *sent; + + srvp->addr.sin_port = + (sent = getservbyname("radius", "udp")) != NULL ? + sent->s_port : htons(RADIUS_PORT); + } + if ((srvp->secret = strdup(secret)) == NULL) { + generr(h, "Out of memory"); + return -1; + } + srvp->timeout = timeout; + srvp->max_tries = tries; + srvp->num_tries = 0; + h->num_servers++; + return 0; +} + +void +rad_close(struct rad_handle *h) +{ + int srv; + + if (h->fd != -1) + close(h->fd); + for (srv = 0; srv < h->num_servers; srv++) { + memset(h->servers[srv].secret, 0, + strlen(h->servers[srv].secret)); + free(h->servers[srv].secret); + } + clear_password(h); + free(h); +} + +int +rad_config(struct rad_handle *h, const char *path) +{ + FILE *fp; + char buf[MAXCONFLINE]; + int linenum; + int retval; + + if (path == NULL) + path = PATH_RADIUS_CONF; + if ((fp = fopen(path, "r")) == NULL) { + generr(h, "Cannot open \"%s\": %s", path, strerror(errno)); + return -1; + } + retval = 0; + linenum = 0; + while (fgets(buf, sizeof buf, fp) != NULL) { + int len; + char *fields[4]; + int nfields; + char msg[ERRSIZE]; + char *host; + char *port_str; + char *secret; + char *timeout_str; + char *maxtries_str; + char *end; + unsigned long timeout; + unsigned long maxtries; + int port; + + linenum++; + len = strlen(buf); + /* We know len > 0, else fgets would have returned NULL. */ + if (buf[len - 1] != '\n') { + if (len == sizeof buf - 1) + generr(h, "%s:%d: line too long", path, + linenum); + else + generr(h, "%s:%d: missing newline", path, + linenum); + retval = -1; + break; + } + buf[len - 1] = '\0'; + + /* Extract the fields from the line. */ + nfields = split(buf, fields, 4, msg, sizeof msg); + if (nfields == -1) { + generr(h, "%s:%d: %s", path, linenum, msg); + retval = -1; + break; + } + if (nfields == 0) + continue; + if (nfields < 2) { + generr(h, "%s:%d: missing shared secret", path, + linenum); + retval = -1; + break; + } + host = fields[0]; + secret = fields[1]; + timeout_str = fields[2]; + maxtries_str = fields[3]; + + /* Parse and validate the fields. */ + host = strtok(host, ":"); + port_str = strtok(NULL, ":"); + if (port_str != NULL) { + port = strtoul(port_str, &end, 10); + if (*end != '\0') { + generr(h, "%s:%d: invalid port", path, + linenum); + retval = -1; + break; + } + } else + port = 0; + if (timeout_str != NULL) { + timeout = strtoul(timeout_str, &end, 10); + if (*end != '\0') { + generr(h, "%s:%d: invalid timeout", path, + linenum); + retval = -1; + break; + } + } else + timeout = TIMEOUT; + if (maxtries_str != NULL) { + maxtries = strtoul(maxtries_str, &end, 10); + if (*end != '\0') { + generr(h, "%s:%d: invalid maxtries", path, + linenum); + retval = -1; + break; + } + } else + maxtries = MAXTRIES; + + if (rad_add_server(h, host, port, secret, timeout, maxtries) == + -1) { + strcpy(msg, h->errmsg); + generr(h, "%s:%d: %s", path, linenum, msg); + retval = -1; + break; + } + } + /* Clear out the buffer to wipe a possible copy of a shared secret */ + memset(buf, 0, sizeof buf); + fclose(fp); + return retval; +} + +/* + * rad_init_send_request() must have previously been called. + * Returns: + * 0 The application should select on *fd with a timeout of tv before + * calling rad_continue_send_request again. + * < 0 Failure + * > 0 Success + */ +int +rad_continue_send_request(struct rad_handle *h, int selected, int *fd, + struct timeval *tv) +{ + int n; + + if (selected) { + struct sockaddr_in from; + int fromlen; + + fromlen = sizeof from; + h->resp_len = recvfrom(h->fd, h->response, + MSGSIZE, MSG_WAITALL, (struct sockaddr *)&from, &fromlen); + if (h->resp_len == -1) { + generr(h, "recvfrom: %s", strerror(errno)); + return -1; + } + if (is_valid_response(h, h->srv, &from)) { + h->resp_len = h->response[POS_LENGTH] << 8 | + h->response[POS_LENGTH+1]; + h->resp_pos = POS_ATTRS; + return h->response[POS_CODE]; + } + } + + if (h->try == h->total_tries) { + generr(h, "No valid RADIUS responses received"); + return -1; + } + + /* + * Scan round-robin to the next server that has some + * tries left. There is guaranteed to be one, or we + * would have exited this loop by now. + */ + while (h->servers[h->srv].num_tries >= h->servers[h->srv].max_tries) + if (++h->srv >= h->num_servers) + h->srv = 0; + + /* Insert the scrambled password into the request */ + if (h->pass_pos != 0) + insert_scrambled_password(h, h->srv); + + /* Send the request */ + n = sendto(h->fd, h->request, h->req_len, 0, + (const struct sockaddr *)&h->servers[h->srv].addr, + sizeof h->servers[h->srv].addr); + if (n != h->req_len) { + if (n == -1) + generr(h, "sendto: %s", strerror(errno)); + else + generr(h, "sendto: short write"); + return -1; + } + + h->try++; + h->servers[h->srv].num_tries++; + tv->tv_sec = h->servers[h->srv].timeout; + tv->tv_usec = 0; + *fd = h->fd; + + return 0; +} + +int +rad_create_request(struct rad_handle *h, int code) +{ + int i; + + h->request[POS_CODE] = code; + h->request[POS_IDENT] = ++h->ident; + /* Create a random authenticator */ + for (i = 0; i < LEN_AUTH; i += 2) { + long r; + r = random(); + h->request[POS_AUTH+i] = r; + h->request[POS_AUTH+i+1] = r >> 8; + } + h->req_len = POS_ATTRS; + clear_password(h); + return 0; +} + +struct in_addr +rad_cvt_addr(const void *data) +{ + struct in_addr value; + + memcpy(&value.s_addr, data, sizeof value.s_addr); + return value; +} + +u_int32_t +rad_cvt_int(const void *data) +{ + u_int32_t value; + + memcpy(&value, data, sizeof value); + return ntohl(value); +} + +char * +rad_cvt_string(const void *data, size_t len) +{ + char *s; + + s = malloc(len + 1); + if (s != NULL) { + memcpy(s, data, len); + s[len] = '\0'; + } + return s; +} + +/* + * Returns the attribute type. If none are left, returns 0. On failure, + * returns -1. + */ +int +rad_get_attr(struct rad_handle *h, const void **value, size_t *len) +{ + int type; + + if (h->resp_pos >= h->resp_len) + return 0; + if (h->resp_pos + 2 > h->resp_len) { + generr(h, "Malformed attribute in response"); + return -1; + } + type = h->response[h->resp_pos++]; + *len = h->response[h->resp_pos++] - 2; + if (h->resp_pos + *len > h->resp_len) { + generr(h, "Malformed attribute in response"); + return -1; + } + *value = &h->response[h->resp_pos]; + h->resp_pos += *len; + return type; +} + +/* + * Returns -1 on error, 0 to indicate no event and >0 for success + */ +int +rad_init_send_request(struct rad_handle *h, int *fd, struct timeval *tv) +{ + int srv; + + /* Make sure we have a socket to use */ + if (h->fd == -1) { + struct sockaddr_in sin; + + if ((h->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { + generr(h, "Cannot create socket: %s", strerror(errno)); + return -1; + } + memset(&sin, 0, sizeof sin); + sin.sin_len = sizeof sin; + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_port = htons(0); + if (bind(h->fd, (const struct sockaddr *)&sin, + sizeof sin) == -1) { + generr(h, "bind: %s", strerror(errno)); + close(h->fd); + h->fd = -1; + return -1; + } + } + + /* Make sure the user gave us a password */ + if (h->pass_pos == 0 && !h->chap_pass) { + generr(h, "No User or Chap Password attributes given"); + return -1; + } + if (h->pass_pos != 0 && h->chap_pass) { + generr(h, "Both User and Chap Password attributes given"); + return -1; + } + + /* Fill in the length field in the message */ + h->request[POS_LENGTH] = h->req_len >> 8; + h->request[POS_LENGTH+1] = h->req_len; + + /* + * Count the total number of tries we will make, and zero the + * counter for each server. + */ + h->total_tries = 0; + for (srv = 0; srv < h->num_servers; srv++) { + h->total_tries += h->servers[srv].max_tries; + h->servers[srv].num_tries = 0; + } + if (h->total_tries == 0) { + generr(h, "No RADIUS servers specified"); + return -1; + } + + h->try = h->srv = 0; + + return rad_continue_send_request(h, 0, fd, tv); +} + +/* + * Create and initialize a rad_handle structure, and return it to the + * caller. Can fail only if the necessary memory cannot be allocated. + * In that case, it returns NULL. + */ +struct rad_handle * +rad_open(void) +{ + struct rad_handle *h; + + h = (struct rad_handle *)malloc(sizeof(struct rad_handle)); + if (h != NULL) { + randinit(); + h->fd = -1; + h->num_servers = 0; + h->ident = random(); + h->errmsg[0] = '\0'; + memset(h->pass, 0, sizeof h->pass); + h->pass_len = 0; + h->pass_pos = 0; + h->chap_pass = 0; + } + return h; +} + +int +rad_put_addr(struct rad_handle *h, int type, struct in_addr addr) +{ + return rad_put_attr(h, type, &addr.s_addr, sizeof addr.s_addr); +} + +int +rad_put_attr(struct rad_handle *h, int type, const void *value, size_t len) +{ + int result; + + if (type == RAD_USER_PASSWORD) + result = put_password_attr(h, type, value, len); + else { + result = put_raw_attr(h, type, value, len); + if (result == 0 && type == RAD_CHAP_PASSWORD) + h->chap_pass = 1; + } + + return result; +} + +int +rad_put_int(struct rad_handle *h, int type, u_int32_t value) +{ + u_int32_t nvalue; + + nvalue = htonl(value); + return rad_put_attr(h, type, &nvalue, sizeof nvalue); +} + +int +rad_put_string(struct rad_handle *h, int type, const char *str) +{ + return rad_put_attr(h, type, str, strlen(str)); +} + +/* + * Returns the response type code on success, or -1 on failure. + */ +int +rad_send_request(struct rad_handle *h) +{ + struct timeval timelimit; + struct timeval tv; + int fd; + int n; + + n = rad_init_send_request(h, &fd, &tv); + + if (n != 0) + return n; + + gettimeofday(&timelimit, NULL); + timeradd(&tv, &timelimit, &timelimit); + + for ( ; ; ) { + fd_set readfds; + + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + + n = select(fd + 1, &readfds, NULL, NULL, &tv); + + if (n == -1) { + generr(h, "select: %s", strerror(errno)); + return -1; + } + + if (!FD_ISSET(fd, &readfds)) { + /* Compute a new timeout */ + gettimeofday(&tv, NULL); + timersub(&timelimit, &tv, &tv); + if (tv.tv_sec > 0 || (tv.tv_sec == 0 && tv.tv_usec > 0)) + /* Continue the select */ + continue; + } + + n = rad_continue_send_request(h, n, &fd, &tv); + + if (n != 0) + return n; + + gettimeofday(&timelimit, NULL); + timeradd(&tv, &timelimit, &timelimit); + } +} + +const char * +rad_strerror(struct rad_handle *h) +{ + return h->errmsg; +} + +/* + * Destructively split a string into fields separated by white space. + * `#' at the beginning of a field begins a comment that extends to the + * end of the string. Fields may be quoted with `"'. Inside quoted + * strings, the backslash escapes `\"' and `\\' are honored. + * + * Pointers to up to the first maxfields fields are stored in the fields + * array. Missing fields get NULL pointers. + * + * The return value is the actual number of fields parsed, and is always + * <= maxfields. + * + * On a syntax error, places a message in the msg string, and returns -1. + */ +static int +split(char *str, char *fields[], int maxfields, char *msg, size_t msglen) +{ + char *p; + int i; + static const char ws[] = " \t"; + + for (i = 0; i < maxfields; i++) + fields[i] = NULL; + p = str; + i = 0; + while (*p != '\0') { + p += strspn(p, ws); + if (*p == '#' || *p == '\0') + break; + if (i >= maxfields) { + snprintf(msg, msglen, "line has too many fields"); + return -1; + } + if (*p == '"') { + char *dst; + + dst = ++p; + fields[i] = dst; + while (*p != '"') { + if (*p == '\\') { + p++; + if (*p != '"' && *p != '\\' && + *p != '\0') { + snprintf(msg, msglen, + "invalid `\\' escape"); + return -1; + } + } + if (*p == '\0') { + snprintf(msg, msglen, + "unterminated quoted string"); + return -1; + } + *dst++ = *p++; + } + *dst = '\0'; + p++; + if (*fields[i] == '\0') { + snprintf(msg, msglen, + "empty quoted string not permitted"); + return -1; + } + if (*p != '\0' && strspn(p, ws) == 0) { + snprintf(msg, msglen, "quoted string not" + " followed by white space"); + return -1; + } + } else { + fields[i] = p; + p += strcspn(p, ws); + if (*p != '\0') + *p++ = '\0'; + } + i++; + } + return i; +} diff --git a/usr.sbin/ppp/ppp/radlib.h b/usr.sbin/ppp/ppp/radlib.h new file mode 100644 index 00000000000..fd36e1a3644 --- /dev/null +++ b/usr.sbin/ppp/ppp/radlib.h @@ -0,0 +1,130 @@ +/*- + * Copyright 1998 Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $OpenBSD: radlib.h,v 1.1 1999/02/06 03:22:45 brian Exp $ + */ + +#ifndef _RADLIB_H_ +#define _RADLIB_H_ + +#include <sys/types.h> +#include <netinet/in.h> + +/* Message types */ +#define RAD_ACCESS_REQUEST 1 +#define RAD_ACCESS_ACCEPT 2 +#define RAD_ACCESS_REJECT 3 +#define RAD_ACCESS_CHALLENGE 11 + +/* Attribute types and values */ +#define RAD_USER_NAME 1 /* String */ +#define RAD_USER_PASSWORD 2 /* String */ +#define RAD_CHAP_PASSWORD 3 /* String */ +#define RAD_NAS_IP_ADDRESS 4 /* IP address */ +#define RAD_NAS_PORT 5 /* Integer */ +#define RAD_SERVICE_TYPE 6 /* Integer */ + #define RAD_LOGIN 1 + #define RAD_FRAMED 2 + #define RAD_CALLBACK_LOGIN 3 + #define RAD_CALLBACK_FRAMED 4 + #define RAD_OUTBOUND 5 + #define RAD_ADMINISTRATIVE 6 + #define RAD_NAS_PROMPT 7 + #define RAD_AUTHENTICATE_ONLY 8 + #define RAD_CALLBACK_NAS_PROMPT 9 +#define RAD_FRAMED_PROTOCOL 7 /* Integer */ + #define RAD_PPP 1 + #define RAD_SLIP 2 + #define RAD_ARAP 3 /* Appletalk */ + #define RAD_GANDALF 4 + #define RAD_XYLOGICS 5 +#define RAD_FRAMED_IP_ADDRESS 8 /* IP address */ +#define RAD_FRAMED_IP_NETMASK 9 /* IP address */ +#define RAD_FRAMED_ROUTING 10 /* Integer */ +#define RAD_FILTER_ID 11 /* String */ +#define RAD_FRAMED_MTU 12 /* Integer */ +#define RAD_FRAMED_COMPRESSION 13 /* Integer */ +#define RAD_LOGIN_IP_HOST 14 /* IP address */ +#define RAD_LOGIN_SERVICE 15 /* Integer */ +#define RAD_LOGIN_TCP_PORT 16 /* Integer */ + /* unassiged 17 */ +#define RAD_REPLY_MESSAGE 18 /* String */ +#define RAD_CALLBACK_NUMBER 19 /* String */ +#define RAD_CALLBACK_ID 20 /* String */ + /* unassiged 21 */ +#define RAD_FRAMED_ROUTE 22 /* String */ +#define RAD_FRAMED_IPX_NETWORK 23 /* IP address */ +#define RAD_STATE 24 /* String */ +#define RAD_CLASS 25 /* Integer */ +#define RAD_VENDOR_SPECIFIC 26 /* Integer */ +#define RAD_SESSION_TIMEOUT 27 /* Integer */ +#define RAD_IDLE_TIMEOUT 28 /* Integer */ +#define RAD_TERMINATION_ACTION 29 /* Integer */ +#define RAD_CALLED_STATION_ID 30 /* String */ +#define RAD_CALLING_STATION_ID 31 /* String */ +#define RAD_NAS_IDENTIFIER 32 /* Integer */ +#define RAD_PROXY_STATE 33 /* Integer */ +#define RAD_LOGIN_LAT_SERVICE 34 /* Integer */ +#define RAD_LOGIN_LAT_NODE 35 /* Integer */ +#define RAD_LOGIN_LAT_GROUP 36 /* Integer */ +#define RAD_FRAMED_APPLETALK_LINK 37 /* Integer */ +#define RAD_FRAMED_APPLETALK_NETWORK 38 /* Integer */ +#define RAD_FRAMED_APPLETALK_ZONE 39 /* Integer */ + /* reserved for accounting 40-59 */ +#define RAD_CHAP_CHALLENGE 60 /* String */ +#define RAD_NAS_PORT_TYPE 61 /* Integer */ +#define RAD_PORT_LIMIT 62 /* Integer */ +#define RAD_LOGIN_LAT_PORT 63 /* Integer */ + +struct rad_handle; +struct timeval; + +__BEGIN_DECLS +int rad_add_server(struct rad_handle *, + const char *, int, const char *, int, int); +void rad_close(struct rad_handle *); +int rad_config(struct rad_handle *, const char *); +int rad_continue_send_request(struct rad_handle *, int, + int *, struct timeval *); +int rad_create_request(struct rad_handle *, int); +struct in_addr rad_cvt_addr(const void *); +u_int32_t rad_cvt_int(const void *); +char *rad_cvt_string(const void *, size_t); +int rad_get_attr(struct rad_handle *, const void **, + size_t *); +int rad_init_send_request(struct rad_handle *, int *, + struct timeval *); +struct rad_handle *rad_open(void); +int rad_put_addr(struct rad_handle *, int, struct in_addr); +int rad_put_attr(struct rad_handle *, int, + const void *, size_t); +int rad_put_int(struct rad_handle *, int, u_int32_t); +int rad_put_string(struct rad_handle *, int, + const char *); +int rad_send_request(struct rad_handle *); +const char *rad_strerror(struct rad_handle *); +__END_DECLS + +#endif /* _RADLIB_H_ */ diff --git a/usr.sbin/ppp/ppp/radlib_private.h b/usr.sbin/ppp/ppp/radlib_private.h new file mode 100644 index 00000000000..4ccb6e443dc --- /dev/null +++ b/usr.sbin/ppp/ppp/radlib_private.h @@ -0,0 +1,86 @@ +/*- + * Copyright 1998 Juniper Networks, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $OpenBSD: radlib_private.h,v 1.1 1999/02/06 03:22:45 brian Exp $ + */ + +#ifndef RADLIB_PRIVATE_H +#define RADLIB_PRIVATE_H + +#include <sys/types.h> +#include <netinet/in.h> + +#include "radlib.h" + +/* Defaults */ +#define MAXTRIES 3 +#define PATH_RADIUS_CONF "/etc/radius.conf" +#define RADIUS_PORT 1812 +#define TIMEOUT 3 /* In seconds */ + +/* Limits */ +#define ERRSIZE 128 /* Maximum error message length */ +#define MAXCONFLINE 1024 /* Maximum config file line length */ +#define MAXSERVERS 10 /* Maximum number of servers to try */ +#define MSGSIZE 4096 /* Maximum RADIUS message */ +#define PASSSIZE 128 /* Maximum significant password chars */ + +/* Positions of fields in RADIUS messages */ +#define POS_CODE 0 /* Message code */ +#define POS_IDENT 1 /* Identifier */ +#define POS_LENGTH 2 /* Message length */ +#define POS_AUTH 4 /* Authenticator */ +#define LEN_AUTH 16 /* Length of authenticator */ +#define POS_ATTRS 20 /* Start of attributes */ + +struct rad_server { + struct sockaddr_in addr; /* Address of server */ + char *secret; /* Shared secret */ + int timeout; /* Timeout in seconds */ + int max_tries; /* Number of tries before giving up */ + int num_tries; /* Number of tries so far */ +}; + +struct rad_handle { + int fd; /* Socket file descriptor */ + struct rad_server servers[MAXSERVERS]; /* Servers to contact */ + int num_servers; /* Number of valid server entries */ + int ident; /* Current identifier value */ + char errmsg[ERRSIZE]; /* Most recent error message */ + unsigned char request[MSGSIZE]; /* Request to send */ + int req_len; /* Length of request */ + char pass[PASSSIZE]; /* Cleartext password */ + int pass_len; /* Length of cleartext password */ + int pass_pos; /* Position of scrambled password */ + char chap_pass; /* Have we got a CHAP_PASSWORD ? */ + unsigned char response[MSGSIZE]; /* Response received */ + int resp_len; /* Length of response */ + int resp_pos; /* Current position scanning attrs */ + int total_tries; /* How many requests we'll send */ + int try; /* How many requests we've sent */ + int srv; /* Server number we did last */ +}; + +#endif diff --git a/usr.sbin/ppp/ppp/route.c b/usr.sbin/ppp/ppp/route.c index d5243f2adf3..4be0e1fd7f5 100644 --- a/usr.sbin/ppp/ppp/route.c +++ b/usr.sbin/ppp/ppp/route.c @@ -17,11 +17,11 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: route.c,v 1.2 1998/10/29 02:21:46 brian Exp $ + * $Id: route.c,v 1.3 1999/02/06 03:22:46 brian Exp $ * */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/socket.h> #include <net/if_types.h> #include <net/route.h> @@ -58,6 +58,9 @@ #include "filter.h" #include "descriptor.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "route.h" #include "prompt.h" @@ -486,29 +489,29 @@ void route_Add(struct sticky_route **rp, int type, struct in_addr dst, struct in_addr mask, struct in_addr gw) { - if (type != ROUTE_STATIC) { - struct sticky_route *r; - int dsttype = type & ROUTE_DSTANY; - - r = NULL; - while (*rp) { - if ((dsttype && dsttype == ((*rp)->type & ROUTE_DSTANY)) || - (!dsttype && (*rp)->dst.s_addr == dst.s_addr)) { - r = *rp; - *rp = r->next; - } else - rp = &(*rp)->next; - } + struct sticky_route *r; + int dsttype = type & ROUTE_DSTANY; - if (!r) - r = (struct sticky_route *)malloc(sizeof(struct sticky_route)); - r->type = type; - r->next = NULL; - r->dst = dst; - r->mask = mask; - r->gw = gw; - *rp = r; + r = NULL; + while (*rp) { + if ((dsttype && dsttype == ((*rp)->type & ROUTE_DSTANY)) || + (!dsttype && (*rp)->dst.s_addr == dst.s_addr)) { + /* Oops, we already have this route - unlink it */ + free(r); /* impossible really */ + r = *rp; + *rp = r->next; + } else + rp = &(*rp)->next; } + + if (!r) + r = (struct sticky_route *)malloc(sizeof(struct sticky_route)); + r->type = type; + r->next = NULL; + r->dst = dst; + r->mask = mask; + r->gw = gw; + *rp = r; } void @@ -541,15 +544,22 @@ route_DeleteAll(struct sticky_route **rp) } void -route_ShowSticky(struct prompt *p, struct sticky_route *r) +route_ShowSticky(struct prompt *p, struct sticky_route *r, const char *tag, + int indent) { int def; + int tlen = strlen(tag); + + if (tlen + 2 > indent) + prompt_Printf(p, "%s:\n%*s", tag, indent, ""); + else + prompt_Printf(p, "%s:%*s", tag, indent - tlen - 1, ""); - prompt_Printf(p, "Sticky routes:\n"); for (; r; r = r->next) { def = r->dst.s_addr == INADDR_ANY && r->mask.s_addr == INADDR_ANY; - prompt_Printf(p, " add "); + prompt_Printf(p, "%*sadd ", tlen ? 0 : indent, ""); + tlen = 0; if (r->type & ROUTE_DSTMYADDR) prompt_Printf(p, "MYADDR"); else if (r->type & ROUTE_DSTHISADDR) diff --git a/usr.sbin/ppp/ppp/route.h b/usr.sbin/ppp/ppp/route.h index 7b230b6e106..8593b5c2d26 100644 --- a/usr.sbin/ppp/ppp/route.h +++ b/usr.sbin/ppp/ppp/route.h @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: route.h,v 1.1 1998/08/31 00:22:27 brian Exp $ + * $Id: route.h,v 1.2 1999/02/06 03:22:47 brian Exp $ * */ @@ -50,4 +50,5 @@ extern void route_Add(struct sticky_route **, int, struct in_addr, extern void route_Delete(struct sticky_route **, int, struct in_addr); extern void route_DeleteAll(struct sticky_route **); extern void route_Clean(struct bundle *, struct sticky_route *); -extern void route_ShowSticky(struct prompt *, struct sticky_route *); +extern void route_ShowSticky(struct prompt *, struct sticky_route *, + const char *, int); diff --git a/usr.sbin/ppp/ppp/server.c b/usr.sbin/ppp/ppp/server.c index 317d858f0d7..8fca38eebdf 100644 --- a/usr.sbin/ppp/ppp/server.c +++ b/usr.sbin/ppp/ppp/server.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: server.c,v 1.1 1998/08/31 00:22:27 brian Exp $ + * $Id: server.c,v 1.2 1999/02/06 03:22:47 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/server.h b/usr.sbin/ppp/ppp/server.h index a1a8eb15c91..a9c34f86d30 100644 --- a/usr.sbin/ppp/ppp/server.h +++ b/usr.sbin/ppp/ppp/server.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: server.h,v 1.1 1998/08/31 00:22:28 brian Exp $ + * $Id: server.h,v 1.2 1999/02/06 03:22:47 brian Exp $ */ struct bundle; diff --git a/usr.sbin/ppp/ppp/sig.c b/usr.sbin/ppp/ppp/sig.c index 40c4f8733b9..86f1e00e972 100644 --- a/usr.sbin/ppp/ppp/sig.c +++ b/usr.sbin/ppp/ppp/sig.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: sig.c,v 1.1 1998/08/31 00:22:28 brian Exp $ + * $Id: sig.c,v 1.2 1999/02/06 03:22:47 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/sig.h b/usr.sbin/ppp/ppp/sig.h index 6db3c6133b7..70bdde0103b 100644 --- a/usr.sbin/ppp/ppp/sig.h +++ b/usr.sbin/ppp/ppp/sig.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: sig.h,v 1.1 1998/08/31 00:22:28 brian Exp $ + * $Id: sig.h,v 1.2 1999/02/06 03:22:47 brian Exp $ */ typedef void (*sig_type)(int); diff --git a/usr.sbin/ppp/ppp/slcompress.c b/usr.sbin/ppp/ppp/slcompress.c index 37b585f7590..6420829af2e 100644 --- a/usr.sbin/ppp/ppp/slcompress.c +++ b/usr.sbin/ppp/ppp/slcompress.c @@ -17,13 +17,13 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: slcompress.c,v 1.1 1998/08/31 00:22:28 brian Exp $ + * $Id: slcompress.c,v 1.2 1999/02/06 03:22:47 brian Exp $ * * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989: * - Initial distribution. */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in_systm.h> #include <netinet/in.h> #include <netinet/tcp.h> @@ -53,6 +53,9 @@ #include "ccp.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" void diff --git a/usr.sbin/ppp/ppp/slcompress.h b/usr.sbin/ppp/ppp/slcompress.h index 06479d90563..2fa2ebb7971 100644 --- a/usr.sbin/ppp/ppp/slcompress.h +++ b/usr.sbin/ppp/ppp/slcompress.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: slcompress.h,v 1.1 1998/08/31 00:22:28 brian Exp $ + * $Id: slcompress.h,v 1.2 1999/02/06 03:22:48 brian Exp $ * * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989: * - Initial distribution. diff --git a/usr.sbin/ppp/ppp/systems.c b/usr.sbin/ppp/ppp/systems.c index f64740e2d64..8f19f339063 100644 --- a/usr.sbin/ppp/ppp/systems.c +++ b/usr.sbin/ppp/ppp/systems.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: systems.c,v 1.4 1999/02/02 09:50:14 brian Exp $ + * $Id: systems.c,v 1.5 1999/02/06 03:22:48 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/systems.h b/usr.sbin/ppp/ppp/systems.h index 24651e22021..46cb34d60d3 100644 --- a/usr.sbin/ppp/ppp/systems.h +++ b/usr.sbin/ppp/ppp/systems.h @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: systems.h,v 1.2 1998/10/31 17:38:51 brian Exp $ + * $Id: systems.h,v 1.3 1999/02/06 03:22:48 brian Exp $ * */ diff --git a/usr.sbin/ppp/ppp/throughput.c b/usr.sbin/ppp/ppp/throughput.c index 90d27eb34d0..8e20e7b7fb2 100644 --- a/usr.sbin/ppp/ppp/throughput.c +++ b/usr.sbin/ppp/ppp/throughput.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: throughput.c,v 1.1 1998/08/31 00:22:29 brian Exp $ + * $Id: throughput.c,v 1.2 1999/02/06 03:22:49 brian Exp $ */ #include <sys/types.h> diff --git a/usr.sbin/ppp/ppp/throughput.h b/usr.sbin/ppp/ppp/throughput.h index e33954e445a..a6e5865ec50 100644 --- a/usr.sbin/ppp/ppp/throughput.h +++ b/usr.sbin/ppp/ppp/throughput.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: throughput.h,v 1.1 1998/08/31 00:22:29 brian Exp $ + * $Id: throughput.h,v 1.2 1999/02/06 03:22:49 brian Exp $ */ #define SAMPLE_PERIOD 5 diff --git a/usr.sbin/ppp/ppp/timer.c b/usr.sbin/ppp/ppp/timer.c index 371cf58b2c2..1ff1fc8a8d0 100644 --- a/usr.sbin/ppp/ppp/timer.c +++ b/usr.sbin/ppp/ppp/timer.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: timer.c,v 1.2 1999/02/04 11:54:48 brian Exp $ + * $Id: timer.c,v 1.3 1999/02/06 03:22:49 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/timer.h b/usr.sbin/ppp/ppp/timer.h index 9de9a00f1bc..fa9c5e1e7a6 100644 --- a/usr.sbin/ppp/ppp/timer.h +++ b/usr.sbin/ppp/ppp/timer.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: timer.h,v 1.2 1999/02/04 11:54:49 brian Exp $ + * $Id: timer.h,v 1.3 1999/02/06 03:22:49 brian Exp $ * * TODO: */ diff --git a/usr.sbin/ppp/ppp/tun.c b/usr.sbin/ppp/ppp/tun.c index 353cb0043e3..326b8507d57 100644 --- a/usr.sbin/ppp/ppp/tun.c +++ b/usr.sbin/ppp/ppp/tun.c @@ -23,10 +23,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: tun.c,v 1.2 1998/10/29 02:21:46 brian Exp $ + * $Id: tun.c,v 1.3 1999/02/06 03:22:49 brian Exp $ */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/socket.h> /* For IFF_ defines */ #include <net/if.h> /* For IFF_ defines */ #include <netinet/in.h> @@ -57,6 +57,9 @@ #include "ccp.h" #include "link.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "tun.h" @@ -67,7 +70,15 @@ tun_configure(struct bundle *bundle, int mtu) memset(&info, '\0', sizeof info); info.type = IFT_PPP; - info.mtu = mtu; +#ifndef NORADIUS + if (bundle->radius.valid && bundle->radius.mtu && bundle->radius.mtu < mtu) { + log_Printf(LogLCP, "Reducing MTU to radius value %lu\n", + bundle->radius.mtu); + info.mtu = bundle->radius.mtu; + } else +#endif + info.mtu = mtu; + info.baudrate = bundle->ifSpeed; #ifdef __OpenBSD__ info.flags = IFF_UP|IFF_POINTOPOINT; diff --git a/usr.sbin/ppp/ppp/tun.h b/usr.sbin/ppp/ppp/tun.h index 705a8b731b6..fbf78b4072c 100644 --- a/usr.sbin/ppp/ppp/tun.h +++ b/usr.sbin/ppp/ppp/tun.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: tun.h,v 1.1 1998/08/31 00:22:30 brian Exp $ + * $Id: tun.h,v 1.2 1999/02/06 03:22:49 brian Exp $ */ struct tun_data { diff --git a/usr.sbin/ppp/ppp/ua.h b/usr.sbin/ppp/ppp/ua.h index a4c16fc1e63..aa11802d5ce 100644 --- a/usr.sbin/ppp/ppp/ua.h +++ b/usr.sbin/ppp/ppp/ua.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: ua.h,v 1.2 1998/09/15 17:21:58 brian Exp $ + * $Id: ua.h,v 1.3 1999/02/06 03:22:49 brian Exp $ */ #ifdef __i386__ /* Do any other archs not care about alignment ? */ diff --git a/usr.sbin/ppp/ppp/vjcomp.c b/usr.sbin/ppp/ppp/vjcomp.c index d2e2e1fdfeb..b93a08b3b8d 100644 --- a/usr.sbin/ppp/ppp/vjcomp.c +++ b/usr.sbin/ppp/ppp/vjcomp.c @@ -17,18 +17,17 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: vjcomp.c,v 1.1 1998/08/31 00:22:30 brian Exp $ + * $Id: vjcomp.c,v 1.2 1999/02/06 03:22:49 brian Exp $ * * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> #include <sys/un.h> #include <stdio.h> -#include <string.h> #include "mbuf.h" #include "log.h" @@ -48,6 +47,9 @@ #include "filter.h" #include "descriptor.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "vjcomp.h" diff --git a/usr.sbin/ppp/ppp/vjcomp.h b/usr.sbin/ppp/ppp/vjcomp.h index 734ebc011f7..a228d258178 100644 --- a/usr.sbin/ppp/ppp/vjcomp.h +++ b/usr.sbin/ppp/ppp/vjcomp.h @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: vjcomp.h,v 1.1 1998/08/31 00:22:30 brian Exp $ + * $Id: vjcomp.h,v 1.2 1999/02/06 03:22:49 brian Exp $ */ struct mbuf; |