diff options
Diffstat (limited to 'pppd/plugins/radius')
32 files changed, 0 insertions, 6591 deletions
diff --git a/pppd/plugins/radius/COPYRIGHT b/pppd/plugins/radius/COPYRIGHT deleted file mode 100644 index 3a0f999..0000000 --- a/pppd/plugins/radius/COPYRIGHT +++ /dev/null @@ -1,90 +0,0 @@ -See the respective source files to find out which copyrights apply. - ------------------------------------------------------------------------------- -Copyright (C) 2002 Roaring Penguin Software Inc. - -Permission to use, copy, modify, and distribute this software for any -purpose and without fee is hereby granted, provided that this -copyright and permission notice appear on all copies and supporting -documentation, the name of Roaring Penguin Software Inc. not be used -in advertising or publicity pertaining to distribution of the program -without specific prior permission, and notice be given in supporting -documentation that copying and distribution is by permission of -Roaring Penguin Software Inc.. - -Roaring Penguin Software Inc. makes no representations about the -suitability of this software for any purpose. It is provided "as is" -without express or implied warranty. - ------------------------------------------------------------------------------- -Copyright (C) 1995,1996,1997,1998 Lars Fenneberg <lf@elemental.net> - -Permission to use, copy, modify, and distribute this software for any -purpose and without fee is hereby granted, provided that this copyright and -permission notice appear on all copies and supporting documentation, the -name of Lars Fenneberg not be used in advertising or publicity pertaining to -distribution of the program without specific prior permission, and notice be -given in supporting documentation that copying and distribution is by -permission of Lars Fenneberg. - -Lars Fenneberg makes no representations about the suitability of this -software for any purpose. It is provided "as is" without express or implied -warranty. - ------------------------------------------------------------------------------- -Copyright 1992 Livingston Enterprises, Inc. -Livingston Enterprises, Inc. 6920 Koll Center Parkway Pleasanton, CA 94566 - -Permission to use, copy, modify, and distribute this software for any -purpose and without fee is hereby granted, provided that this copyright -and permission notice appear on all copies and supporting documentation, -the name of Livingston Enterprises, Inc. not be used in advertising or -publicity pertaining to distribution of the program without specific -prior permission, and notice be given in supporting documentation that -copying and distribution is by permission of Livingston Enterprises, Inc. - -Livingston Enterprises, Inc. makes no representations about the suitability -of this software for any purpose. It is provided "as is" without express -or implied warranty. ------------------------------------------------------------------------------- -[C] The Regents of the University of Michigan and Merit Network, Inc. 1992, -1993, 1994, 1995 All Rights Reserved - -Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice and this permission notice appear in all -copies of the software and derivative works or modified versions thereof, -and that both the copyright notice and this permission and disclaimer -notice appear in supporting documentation. - -THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER -EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE -UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE -FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR -THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the -University of Michigan and Merit Network, Inc. shall not be liable for any -special, indirect, incidental or consequential damages with respect to any -claim by Licensee or any third party arising from use of the software. ------------------------------------------------------------------------------- -Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. -All rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. ------------------------------------------------------------------------------- diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux deleted file mode 100644 index 24ed3e5..0000000 --- a/pppd/plugins/radius/Makefile.linux +++ /dev/null @@ -1,65 +0,0 @@ -# Makefile for RADIUS plugin -# -# Copyright 2002 Roaring Penguin Software Inc. -# - -DESTDIR = $(INSTROOT)@DESTDIR@ -MANDIR = $(DESTDIR)/share/man/man8 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) - -VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - -INSTALL = install - -PLUGIN=radius.so radattr.so radrealms.so -CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON - -# Uncomment the next line to include support for Microsoft's -# MS-CHAP authentication protocol. -CHAPMS=y -# Uncomment the next line to include support for MPPE. -MPPE=y -# Uncomment the next lint to include support for traffic limiting -MAXOCTETS=y - -ifdef CHAPMS -CFLAGS += -DCHAPMS=1 -ifdef MPPE -CFLAGS += -DMPPE=1 -endif -endif -ifdef MAXOCTETS -CFLAGS += -DMAXOCTETS=1 -endif - -all: $(PLUGIN) - -install: all - $(INSTALL) -d -m 755 $(LIBDIR) - $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) - $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) - $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) - $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) - $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) - -radius.so: radius.o libradiusclient.a - $(CC) -o radius.so -shared radius.o libradiusclient.a - -radattr.so: radattr.o - $(CC) -o radattr.so -shared radattr.o - -radrealms.so: radrealms.o - $(CC) -o radrealms.so -shared radrealms.o - -CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ - clientid.o sendserver.o lock.o util.o md5.o -libradiusclient.a: $(CLIENTOBJS) - $(AR) rv $@ $? - -clean: - rm -f *.o *.so *.a - -distclean: - rm -f *.o *.so *.a - -dist-clean: distclean diff --git a/pppd/plugins/radius/avpair.c b/pppd/plugins/radius/avpair.c deleted file mode 100644 index 716d23f..0000000 --- a/pppd/plugins/radius/avpair.c +++ /dev/null @@ -1,795 +0,0 @@ -/* - * $Id: avpair.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> - -static void rc_extract_vendor_specific_attributes(int attrlen, - unsigned char *ptr, - VALUE_PAIR **vp); -/* - * Function: rc_avpair_add - * - * Purpose: add an attribute-value pair to the given list. - * - * Returns: pointer to added a/v pair upon success, NULL pointer upon failure. - * - * Remarks: Always appends the new pair to the end of the list. - * - */ - -VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, void *pval, int len, - int vendorcode) -{ - VALUE_PAIR *vp; - - vp = rc_avpair_new (attrid, pval, len, vendorcode); - - if (vp != (VALUE_PAIR *) NULL) - { - rc_avpair_insert (list, (VALUE_PAIR *) NULL, vp); - } - - return vp; - -} - -/* - * Function: rc_avpair_assign - * - * Purpose: assign the given value to an attribute-value pair. - * - * Returns: 0 on success, - * -1 on failure. - * - */ - -int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len) -{ - int result = -1; - - switch (vp->type) - { - case PW_TYPE_STRING: - - if (((len == 0) && (strlen ((char *) pval)) > AUTH_STRING_LEN) - || (len > AUTH_STRING_LEN)) { - error("rc_avpair_assign: bad attribute length"); - return result; - } - - if (len > 0) { - memcpy(vp->strvalue, (char *)pval, len); - vp->strvalue[len] = '\0'; - vp->lvalue = len; - } else { - strncpy (vp->strvalue, (char *) pval, AUTH_STRING_LEN); - vp->lvalue = strlen((char *) pval); - } - - result = 0; - break; - - case PW_TYPE_DATE: - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - - vp->lvalue = * (UINT4 *) pval; - - result = 0; - break; - - default: - error("rc_avpair_assign: unknown attribute %d", vp->type); - } - return result; -} - -/* - * Function: rc_avpair_new - * - * Purpose: make a new attribute-value pair with given parameters. - * - * Returns: pointer to generated a/v pair when successful, NULL when failure. - * - */ - -VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode) -{ - VALUE_PAIR *vp = (VALUE_PAIR *) NULL; - DICT_ATTR *pda; - - if ((pda = rc_dict_getattr (attrid, vendorcode)) == (DICT_ATTR *) NULL) - { - error("rc_avpair_new: unknown attribute %d", attrid); - } - else - { - if ((vp = (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR))) - != (VALUE_PAIR *) NULL) - { - strncpy (vp->name, pda->name, sizeof (vp->name)); - vp->attribute = attrid; - vp->vendorcode = vendorcode; - vp->next = (VALUE_PAIR *) NULL; - vp->type = pda->type; - if (rc_avpair_assign (vp, pval, len) == 0) - { - return vp; - } - free (vp); - vp = (VALUE_PAIR *) NULL; - } - else - novm("rc_avpair_new"); - } - return vp; -} - -/* - * - * Function: rc_avpair_gen - * - * Purpose: takes attribute/value pairs from buffer and builds a - * value_pair list using allocated memory. - * - * Returns: value_pair list or NULL on failure - */ - -VALUE_PAIR *rc_avpair_gen (AUTH_HDR *auth) -{ - int length; - int x_len; - int attribute; - int attrlen; - UINT4 lvalue; - unsigned char *x_ptr; - unsigned char *ptr; - DICT_ATTR *attr; - VALUE_PAIR *vp; - VALUE_PAIR *pair; - unsigned char hex[3]; /* For hex string conversion. */ - char buffer[512]; - - /* - * Extract attribute-value pairs - */ - ptr = auth->data; - length = ntohs ((unsigned short) auth->length) - AUTH_HDR_LEN; - vp = (VALUE_PAIR *) NULL; - - while (length > 0) - { - attribute = *ptr++; - attrlen = *ptr++; - attrlen -= 2; - if (attrlen < 0) - { - error("rc_avpair_gen: received attribute with invalid length"); - break; - } - - /* Handle vendor-specific specially */ - if (attribute == PW_VENDOR_SPECIFIC) { - rc_extract_vendor_specific_attributes(attrlen, ptr, &vp); - ptr += attrlen; - length -= (attrlen + 2); - continue; - } - if ((attr = rc_dict_getattr (attribute, VENDOR_NONE)) == (DICT_ATTR *) NULL) - { - *buffer= '\0'; /* Initial length. */ - for (x_ptr = ptr, x_len = attrlen ; - x_len > 0 ; - x_len--, x_ptr++) - { - sprintf (hex, "%2.2X", *x_ptr); - strcat (buffer, hex); - } - warn("rc_avpair_gen: received unknown attribute %d of length %d: 0x%s", - attribute, attrlen, buffer); - } - else - { - if ((pair = - (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR))) == - (VALUE_PAIR *) NULL) - { - novm("rc_avpair_gen"); - rc_avpair_free(vp); - return NULL; - } - strcpy (pair->name, attr->name); - pair->attribute = attr->value; - pair->vendorcode = VENDOR_NONE; - pair->type = attr->type; - pair->next = (VALUE_PAIR *) NULL; - - switch (attr->type) - { - - case PW_TYPE_STRING: - memcpy (pair->strvalue, (char *) ptr, (size_t) attrlen); - pair->strvalue[attrlen] = '\0'; - pair->lvalue = attrlen; - rc_avpair_insert (&vp, (VALUE_PAIR *) NULL, pair); - break; - - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - memcpy ((char *) &lvalue, (char *) ptr, - sizeof (UINT4)); - pair->lvalue = ntohl (lvalue); - rc_avpair_insert (&vp, (VALUE_PAIR *) NULL, pair); - break; - - default: - warn("rc_avpair_gen: %s has unknown type", attr->name); - free (pair); - break; - } - - } - ptr += attrlen; - length -= attrlen + 2; - } - return (vp); -} - -/* - * Function: rc_extract_vendor_specific_attributes - * - * Purpose: Extracts vendor-specific attributes, assuming they are in - * the "SHOULD" format recommended by RCF 2138. - * - * Returns: found value_pair - * - */ -static void rc_extract_vendor_specific_attributes(int attrlen, - unsigned char *ptr, - VALUE_PAIR **vp) -{ - int vendor_id; - int vtype; - int vlen; - UINT4 lvalue; - DICT_ATTR *attr; - VALUE_PAIR *pair; - - /* ptr is sitting at vendor-ID */ - if (attrlen < 8) { - /* Nothing to see here... */ - return; - } - - /* High-order octet of Vendor-Id must be zero (RFC2138) */ - if (*ptr) { - return; - } - - /* Extract vendor_id */ - vendor_id = (int) ( - ((unsigned int) ptr[1]) * 256 * 256 + - ((unsigned int) ptr[2]) * 256 + - ((unsigned int) ptr[3])); - /* Bump ptr up to contents */ - ptr += 4; - - /* Set attrlen to length of data */ - attrlen -= 4; - for (; attrlen; attrlen -= vlen+2, ptr += vlen) { - vtype = *ptr++; - vlen = *ptr++; - vlen -= 2; - if (vlen < 0 || vlen > attrlen - 2) { - /* Do not log an error. We are supposed to be able to cope with - arbitrary vendor-specific gunk */ - return; - } - /* Looks plausible... */ - if ((attr = rc_dict_getattr(vtype, vendor_id)) == NULL) { - continue; - } - - /* TODO: Check that length matches data size!!!!! */ - pair = (VALUE_PAIR *) malloc(sizeof(VALUE_PAIR)); - if (!pair) { - novm("rc_avpair_gen"); - return; - } - strcpy(pair->name, attr->name); - pair->attribute = attr->value; - pair->vendorcode = vendor_id; - pair->type = attr->type; - pair->next = NULL; - switch (attr->type) { - case PW_TYPE_STRING: - memcpy (pair->strvalue, (char *) ptr, (size_t) vlen); - pair->strvalue[vlen] = '\0'; - pair->lvalue = vlen; - rc_avpair_insert (vp, (VALUE_PAIR *) NULL, pair); - break; - - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - memcpy ((char *) &lvalue, (char *) ptr, - sizeof (UINT4)); - pair->lvalue = ntohl (lvalue); - rc_avpair_insert (vp, (VALUE_PAIR *) NULL, pair); - break; - - default: - warn("rc_avpair_gen: %s has unknown type", attr->name); - free (pair); - break; - } - } -} - -/* - * Function: rc_avpair_get - * - * Purpose: Find the first attribute value-pair (which matches the given - * attribute) from the specified value-pair list. - * - * Returns: found value_pair - * - */ - -VALUE_PAIR *rc_avpair_get (VALUE_PAIR *vp, UINT4 attr) -{ - for (; vp != (VALUE_PAIR *) NULL && vp->attribute != attr; vp = vp->next) - { - continue; - } - return (vp); -} - -/* - * Function: rc_avpair_copy - * - * Purpose: Return a copy of the existing list "p" ala strdup(). - * - */ -VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *p) -{ - VALUE_PAIR *vp, *fp = NULL, *lp = NULL; - - while (p) { - vp = malloc(sizeof(VALUE_PAIR)); - if (!vp) { - novm("rc_avpair_copy"); - return NULL; /* leaks a little but so what */ - } - *vp = *p; - if (!fp) - fp = vp; - if (lp) - lp->next = vp; - lp = vp; - p = p->next; - } - - return fp; -} - -/* - * Function: rc_avpair_insert - * - * Purpose: Given the address of an existing list "a" and a pointer - * to an entry "p" in that list, add the list "b" to - * the "a" list after the "p" entry. If "p" is NULL, add - * the list "b" to the end of "a". - * - */ - -void rc_avpair_insert (VALUE_PAIR **a, VALUE_PAIR *p, VALUE_PAIR *b) -{ - VALUE_PAIR *this_node = NULL; - VALUE_PAIR *vp; - - if (*a == (VALUE_PAIR *) NULL) - { - *a = b; - return; - } - - if (!b) - return; - - vp = *a; - - if ( p == (VALUE_PAIR *) NULL) /* run to end of "a" list */ - { - while (vp != (VALUE_PAIR *) NULL) - { - this_node = vp; - vp = vp->next; - } - } - else /* look for the "p" entry in the "a" list (or run to end) */ - { - this_node = *a; - while (this_node != (VALUE_PAIR *) NULL) - { - if (this_node == p) - { - break; - } - this_node = this_node->next; - } - } - - /* add "b" at this_node */ - vp = this_node->next; - this_node->next = b; - - /* run to end of "b" and connect the rest of "a" */ - while (b->next) - b = b->next; - b->next = vp; - - return; -} - -/* - * Function: rc_avpair_free - * - * Purpose: frees all value_pairs in the list - * - */ - -void rc_avpair_free (VALUE_PAIR *pair) -{ - VALUE_PAIR *next; - - while (pair != (VALUE_PAIR *) NULL) - { - next = pair->next; - free (pair); - pair = next; - } -} - -/* - * Function: rc_fieldcpy - * - * Purpose: Copy a data field from the buffer. Advance the buffer - * past the data field. - * - */ - -static void rc_fieldcpy (char *string, char **uptr) -{ - char *ptr; - - ptr = *uptr; - if (*ptr == '"') - { - ptr++; - while (*ptr != '"' && *ptr != '\0' && *ptr != '\n') - { - *string++ = *ptr++; - } - *string = '\0'; - if (*ptr == '"') - { - ptr++; - } - *uptr = ptr; - return; - } - - while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0' && *ptr != '\n' && - *ptr != '=' && *ptr != ',') - { - *string++ = *ptr++; - } - *string = '\0'; - *uptr = ptr; - return; -} - - -/* - * Function: rc_avpair_parse - * - * Purpose: parses the buffer to extract the attribute-value pairs. - * - * Returns: 0 = successful parse of attribute-value pair, - * -1 = syntax (or other) error detected. - * - */ - -#define PARSE_MODE_NAME 0 -#define PARSE_MODE_EQUAL 1 -#define PARSE_MODE_VALUE 2 -#define PARSE_MODE_INVALID 3 - -int rc_avpair_parse (char *buffer, VALUE_PAIR **first_pair) -{ - int mode; - char attrstr[AUTH_ID_LEN]; - char valstr[AUTH_ID_LEN]; - DICT_ATTR *attr = NULL; - DICT_VALUE *dval; - VALUE_PAIR *pair; - VALUE_PAIR *link; - struct tm *tm; - time_t timeval; - - mode = PARSE_MODE_NAME; - while (*buffer != '\n' && *buffer != '\0') - { - if (*buffer == ' ' || *buffer == '\t') - { - buffer++; - continue; - } - - switch (mode) - { - case PARSE_MODE_NAME: /* Attribute Name */ - rc_fieldcpy (attrstr, &buffer); - if ((attr = - rc_dict_findattr (attrstr)) == (DICT_ATTR *) NULL) - { - error("rc_avpair_parse: unknown attribute"); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - return (-1); - } - mode = PARSE_MODE_EQUAL; - break; - - case PARSE_MODE_EQUAL: /* Equal sign */ - if (*buffer == '=') - { - mode = PARSE_MODE_VALUE; - buffer++; - } - else - { - error("rc_avpair_parse: missing or misplaced equal sign"); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - return (-1); - } - break; - - case PARSE_MODE_VALUE: /* Value */ - rc_fieldcpy (valstr, &buffer); - - if ((pair = - (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR))) - == (VALUE_PAIR *) NULL) - { - novm("rc_avpair_parse"); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - return (-1); - } - strcpy (pair->name, attr->name); - pair->attribute = attr->value; - pair->type = attr->type; - pair->vendorcode = attr->vendorcode; - - switch (pair->type) - { - - case PW_TYPE_STRING: - strcpy (pair->strvalue, valstr); - pair->lvalue = strlen(valstr); - break; - - case PW_TYPE_INTEGER: - if (isdigit (*valstr)) - { - pair->lvalue = atoi (valstr); - } - else - { - if ((dval = rc_dict_findval (valstr)) - == (DICT_VALUE *) NULL) - { - error("rc_avpair_parse: unknown attribute value: %s", valstr); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - free (pair); - return (-1); - } - else - { - pair->lvalue = dval->value; - } - } - break; - - case PW_TYPE_IPADDR: - pair->lvalue = rc_get_ipaddr(valstr); - break; - - case PW_TYPE_DATE: - timeval = time (0); - tm = localtime (&timeval); - tm->tm_hour = 0; - tm->tm_min = 0; - tm->tm_sec = 0; - rc_str2tm (valstr, tm); -#ifdef TIMELOCAL - pair->lvalue = (UINT4) timelocal (tm); -#else /* TIMELOCAL */ - pair->lvalue = (UINT4) mktime (tm); -#endif /* TIMELOCAL */ - break; - - default: - error("rc_avpair_parse: unknown attribute type %d", pair->type); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - free (pair); - return (-1); - } - pair->next = (VALUE_PAIR *) NULL; - - if (*first_pair == (VALUE_PAIR *) NULL) - { - *first_pair = pair; - } - else - { - link = *first_pair; - while (link->next != (VALUE_PAIR *) NULL) - { - link = link->next; - } - link->next = pair; - } - - mode = PARSE_MODE_NAME; - break; - - default: - mode = PARSE_MODE_NAME; - break; - } - } - return (0); -} - -/* - * Function: rc_avpair_tostr - * - * Purpose: Translate an av_pair into two strings - * - * Returns: 0 on success, -1 on failure - * - */ - -int rc_avpair_tostr (VALUE_PAIR *pair, char *name, int ln, char *value, int lv) -{ - DICT_VALUE *dval; - char buffer[32]; - struct in_addr inad; - unsigned char *ptr; - - *name = *value = '\0'; - - if (!pair || pair->name[0] == '\0') { - error("rc_avpair_tostr: pair is NULL or empty"); - return (-1); - } - - strncpy(name, pair->name, (size_t) ln); - - switch (pair->type) - { - case PW_TYPE_STRING: - lv--; - ptr = (unsigned char *) pair->strvalue; - while (*ptr != '\0') - { - if (!(isprint (*ptr))) - { - sprintf (buffer, "\\%03o", *ptr); - strncat(value, buffer, (size_t) lv); - lv -= 4; - if (lv < 0) break; - } - else - { - strncat(value, ptr, 1); - lv--; - if (lv < 0) break; - } - ptr++; - } - break; - - case PW_TYPE_INTEGER: - dval = rc_dict_getval (pair->lvalue, pair->name); - if (dval != (DICT_VALUE *) NULL) - { - strncpy(value, dval->name, (size_t) lv-1); - } - else - { - sprintf (buffer, "%ld", pair->lvalue); - strncpy(value, buffer, (size_t) lv); - } - break; - - case PW_TYPE_IPADDR: - inad.s_addr = htonl(pair->lvalue); - strncpy (value, inet_ntoa (inad), (size_t) lv-1); - break; - - case PW_TYPE_DATE: - strftime (buffer, sizeof (buffer), "%m/%d/%y %H:%M:%S", - gmtime ((time_t *) & pair->lvalue)); - strncpy(value, buffer, lv-1); - break; - - default: - error("rc_avpair_tostr: unknown attribute type %d", pair->type); - return (-1); - break; - } - - return 0; -} - -/* - * Function: rc_avpair_readin - * - * Purpose: get a sequence of attribute value pairs from the file input - * and make them into a list of value_pairs - * - */ - -VALUE_PAIR *rc_avpair_readin(FILE *input) -{ - VALUE_PAIR *vp = NULL; - char buffer[1024], *q; - - while (fgets(buffer, sizeof(buffer), input) != NULL) - { - q = buffer; - - while(*q && isspace(*q)) q++; - - if ((*q == '\n') || (*q == '#') || (*q == '\0')) - continue; - - if (rc_avpair_parse(q, &vp) < 0) { - error("rc_avpair_readin: malformed attribute: %s", buffer); - rc_avpair_free(vp); - return NULL; - } - } - - return vp; -} diff --git a/pppd/plugins/radius/buildreq.c b/pppd/plugins/radius/buildreq.c deleted file mode 100644 index 955b052..0000000 --- a/pppd/plugins/radius/buildreq.c +++ /dev/null @@ -1,446 +0,0 @@ -/* - * $Id: buildreq.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1997 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> - -unsigned char rc_get_seqnbr(void); - -/* - * Function: rc_get_nas_id - * - * Purpose: fills in NAS-Identifier or NAS-IP-Address in request - * - */ - -int rc_get_nas_id(VALUE_PAIR **sendpairs) -{ - UINT4 client_id; - char *nasid; - - nasid = rc_conf_str("nas_identifier"); - if (strlen(nasid)) { - /* - * Fill in NAS-Identifier - */ - if (rc_avpair_add(sendpairs, PW_NAS_IDENTIFIER, nasid, 0, - VENDOR_NONE) == NULL) - return (ERROR_RC); - - return (OK_RC); - - } else { - /* - * Fill in NAS-IP-Address - */ - if ((client_id = rc_own_ipaddress()) == 0) - return (ERROR_RC); - - if (rc_avpair_add(sendpairs, PW_NAS_IP_ADDRESS, &client_id, - 0, VENDOR_NONE) == NULL) - return (ERROR_RC); - } - - return (OK_RC); -} - -/* - * Function: rc_buildreq - * - * Purpose: builds a skeleton RADIUS request using information from the - * config file. - * - */ - -void rc_buildreq(SEND_DATA *data, int code, char *server, unsigned short port, - int timeout, int retries) -{ - data->server = server; - data->svc_port = port; - data->seq_nbr = rc_get_seqnbr(); - data->timeout = timeout; - data->retries = retries; - data->code = code; -} - -/* - * Function: rc_guess_seqnbr - * - * Purpose: return a random sequence number - * - */ - -static unsigned char rc_guess_seqnbr(void) -{ - return (unsigned char)(magic() & UCHAR_MAX); -} - -/* - * Function: rc_get_seqnbr - * - * Purpose: generate a sequence number - * - */ - -unsigned char rc_get_seqnbr(void) -{ - FILE *sf; - int tries = 1; - int seq_nbr, pos; - char *seqfile = rc_conf_str("seqfile"); - - if ((sf = fopen(seqfile, "a+")) == NULL) - { - error("rc_get_seqnbr: couldn't open sequence file %s: %s", seqfile, strerror(errno)); - /* well, so guess a sequence number */ - return rc_guess_seqnbr(); - } - - while (do_lock_exclusive(fileno(sf))!= 0) - { - if (errno != EWOULDBLOCK) { - error("rc_get_seqnbr: flock failure: %s: %s", seqfile, strerror(errno)); - fclose(sf); - return rc_guess_seqnbr(); - } - tries++; - if (tries <= 10) - rc_mdelay(500); - else - break; - } - - if (tries > 10) { - error("rc_get_seqnbr: couldn't get lock after %d tries: %s", tries-1, seqfile); - fclose(sf); - return rc_guess_seqnbr(); - } - - pos = ftell(sf); - rewind(sf); - if (fscanf(sf, "%d", &seq_nbr) != 1) { - if (pos != ftell(sf)) { - /* file was not empty */ - error("rc_get_seqnbr: fscanf failure: %s", seqfile); - } - seq_nbr = rc_guess_seqnbr(); - } - - rewind(sf); - ftruncate(fileno(sf),0); - fprintf(sf,"%d\n", (seq_nbr+1) & UCHAR_MAX); - - fflush(sf); /* fflush because a process may read it between the do_unlock and fclose */ - - if (do_unlock(fileno(sf)) != 0) - error("rc_get_seqnbr: couldn't release lock on %s: %s", seqfile, strerror(errno)); - - fclose(sf); - - return (unsigned char)seq_nbr; -} - -/* - * Function: rc_auth - * - * Purpose: Builds an authentication request for port id client_port - * with the value_pairs send and submits it to a server - * - * Returns: received value_pairs in received, messages from the server in msg - * and 0 on success, negative on failure as return value - * - */ - -int rc_auth(UINT4 client_port, VALUE_PAIR *send, VALUE_PAIR **received, - char *msg, REQUEST_INFO *info) -{ - SERVER *authserver = rc_conf_srv("authserver"); - - if (!authserver) { - return (ERROR_RC); - } - return rc_auth_using_server(authserver, client_port, send, received, - msg, info); -} - -/* - * Function: rc_auth_using_server - * - * Purpose: Builds an authentication request for port id client_port - * with the value_pairs send and submits it to a server. You - * explicitly supply a server list. - * - * Returns: received value_pairs in received, messages from the server in msg - * and 0 on success, negative on failure as return value - * - */ - -int rc_auth_using_server(SERVER *authserver, - UINT4 client_port, - VALUE_PAIR *send, - VALUE_PAIR **received, - char *msg, REQUEST_INFO *info) -{ - SEND_DATA data; - int result; - int i; - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - /* - * Fill in NAS-IP-Address or NAS-Identifier - */ - - if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) - return (ERROR_RC); - - /* - * Fill in NAS-Port - */ - - if (rc_avpair_add(&(data.send_pairs), PW_NAS_PORT, &client_port, 0, VENDOR_NONE) == NULL) - return (ERROR_RC); - - result = ERROR_RC; - for(i=0; (i<authserver->max) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCESS_REQUEST, authserver->name[i], - authserver->port[i], timeout, retries); - - result = rc_send_server (&data, msg, info); - } - - *received = data.receive_pairs; - - return result; -} - -/* - * Function: rc_auth_proxy - * - * Purpose: Builds an authentication request - * with the value_pairs send and submits it to a server. - * Works for a proxy; does not add IP address, and does - * does not rely on config file. - * - * Returns: received value_pairs in received, messages from the server in msg - * and 0 on success, negative on failure as return value - * - */ - -int rc_auth_proxy(VALUE_PAIR *send, VALUE_PAIR **received, char *msg) -{ - SEND_DATA data; - int result; - int i; - SERVER *authserver = rc_conf_srv("authserver"); - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - result = ERROR_RC; - for(i=0; (i<authserver->max) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCESS_REQUEST, authserver->name[i], - authserver->port[i], timeout, retries); - - result = rc_send_server (&data, msg, NULL); - } - - *received = data.receive_pairs; - - return result; -} - - -/* - * Function: rc_acct_using_server - * - * Purpose: Builds an accounting request for port id client_port - * with the value_pairs send. You explicitly supply server list. - * - * Remarks: NAS-Identifier/NAS-IP-Address, NAS-Port and Acct-Delay-Time get - * filled in by this function, the rest has to be supplied. - */ - -int rc_acct_using_server(SERVER *acctserver, - UINT4 client_port, - VALUE_PAIR *send) -{ - SEND_DATA data; - VALUE_PAIR *adt_vp; - int result; - time_t start_time, dtime; - char msg[4096]; - int i; - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - /* - * Fill in NAS-IP-Address or NAS-Identifier - */ - - if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) - return (ERROR_RC); - - /* - * Fill in NAS-Port - */ - - if (rc_avpair_add(&(data.send_pairs), PW_NAS_PORT, &client_port, 0, VENDOR_NONE) == NULL) - return (ERROR_RC); - - /* - * Fill in Acct-Delay-Time - */ - - dtime = 0; - if ((adt_vp = rc_avpair_add(&(data.send_pairs), PW_ACCT_DELAY_TIME, &dtime, 0, VENDOR_NONE)) == NULL) - return (ERROR_RC); - - start_time = time(NULL); - result = ERROR_RC; - for(i=0; (i<acctserver->max) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i], - acctserver->port[i], timeout, retries); - - dtime = time(NULL) - start_time; - rc_avpair_assign(adt_vp, &dtime, 0); - - result = rc_send_server (&data, msg, NULL); - } - - rc_avpair_free(data.receive_pairs); - - return result; -} - -/* - * Function: rc_acct - * - * Purpose: Builds an accounting request for port id client_port - * with the value_pairs send - * - * Remarks: NAS-Identifier/NAS-IP-Address, NAS-Port and Acct-Delay-Time get - * filled in by this function, the rest has to be supplied. - */ - -int rc_acct(UINT4 client_port, VALUE_PAIR *send) -{ - SERVER *acctserver = rc_conf_srv("acctserver"); - if (!acctserver) return (ERROR_RC); - - return rc_acct_using_server(acctserver, client_port, send); -} - -/* - * Function: rc_acct_proxy - * - * Purpose: Builds an accounting request with the value_pairs send - * - */ - -int rc_acct_proxy(VALUE_PAIR *send) -{ - SEND_DATA data; - int result; - char msg[4096]; - int i; - SERVER *acctserver = rc_conf_srv("authserver"); - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - result = ERROR_RC; - for(i=0; (i<acctserver->max) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i], - acctserver->port[i], timeout, retries); - - result = rc_send_server (&data, msg, NULL); - } - - rc_avpair_free(data.receive_pairs); - - return result; -} - -/* - * Function: rc_check - * - * Purpose: ask the server hostname on the specified port for a - * status message - * - */ - -int rc_check(char *host, unsigned short port, char *msg) -{ - SEND_DATA data; - int result; - UINT4 service_type; - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = data.receive_pairs = NULL; - - /* - * Fill in NAS-IP-Address or NAS-Identifier, - * although it isn't neccessary - */ - - if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) - return (ERROR_RC); - - /* - * Fill in Service-Type - */ - - service_type = PW_ADMINISTRATIVE; - rc_avpair_add(&(data.send_pairs), PW_SERVICE_TYPE, &service_type, 0, VENDOR_NONE); - - rc_buildreq(&data, PW_STATUS_SERVER, host, port, timeout, retries); - result = rc_send_server (&data, msg, NULL); - - rc_avpair_free(data.receive_pairs); - - return result; -} diff --git a/pppd/plugins/radius/clientid.c b/pppd/plugins/radius/clientid.c deleted file mode 100644 index d49579c..0000000 --- a/pppd/plugins/radius/clientid.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * $Id: clientid.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> - -struct map2id_s { - char *name; - UINT4 id; - - struct map2id_s *next; -}; - -static struct map2id_s *map2id_list = NULL; - -/* - * Function: rc_read_mapfile - * - * Purpose: Read in the ttyname to port id map file - * - * Arguments: the file name of the map file - * - * Returns: zero on success, negative integer on failure - */ - -int rc_read_mapfile(char *filename) -{ - char buffer[1024]; - FILE *mapfd; - char *c, *name, *id, *q; - struct map2id_s *p; - int lnr = 0; - - if ((mapfd = fopen(filename,"r")) == NULL) - { - error("rc_read_mapfile: can't read %s: %s", filename, strerror(errno)); - return (-1); - } - -#define SKIP(p) while(*p && isspace(*p)) p++; - - while (fgets(buffer, sizeof(buffer), mapfd) != NULL) - { - lnr++; - - q = buffer; - - SKIP(q); - - if ((*q == '\n') || (*q == '#') || (*q == '\0')) - continue; - - if (( c = strchr(q, ' ')) || (c = strchr(q,'\t'))) { - - *c = '\0'; c++; - SKIP(c); - - name = q; - id = c; - - if ((p = (struct map2id_s *)malloc(sizeof(*p))) == NULL) { - novm("rc_read_mapfile"); - return (-1); - } - - p->name = strdup(name); - p->id = atoi(id); - p->next = map2id_list; - map2id_list = p; - - } else { - - error("rc_read_mapfile: malformed line in %s, line %d", filename, lnr); - return (-1); - - } - } - -#undef SKIP - - fclose(mapfd); - - return 0; -} - -/* - * Function: rc_map2id - * - * Purpose: Map ttyname to port id - * - * Arguments: full pathname of the tty - * - * Returns: port id, zero if no entry found - */ - -UINT4 rc_map2id(char *name) -{ - struct map2id_s *p; - char ttyname[PATH_MAX]; - - *ttyname = '\0'; - if (*name != '/') - strcpy(ttyname, "/dev/"); - - strncat(ttyname, name, sizeof(ttyname)); - - for(p = map2id_list; p; p = p->next) - if (!strcmp(ttyname, p->name)) return p->id; - - warn("rc_map2id: can't find tty %s in map database", ttyname); - - return 0; -} diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c deleted file mode 100644 index a29e5e8..0000000 --- a/pppd/plugins/radius/config.c +++ /dev/null @@ -1,544 +0,0 @@ -/* - * $Id: config.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> -#include <options.h> - -static int test_config(char *); - -/* - * Function: find_option - * - * Purpose: find an option in the option list - * - * Returns: pointer to option on success, NULL otherwise - */ - -static OPTION *find_option(char *optname, unsigned int type) -{ - int i; - - /* there're so few options that a binary search seems not necessary */ - for (i = 0; i < num_options; i++) { - if (!strcmp(config_options[i].name, optname) && - (config_options[i].type & type)) - return &config_options[i]; - } - - return NULL; -} - -/* - * Function: set_option_... - * - * Purpose: set a specific option doing type conversions - * - * Returns: 0 on success, -1 on failure - */ - -static int set_option_str(char *filename, int line, OPTION *option, char *p) -{ - if (p) - option->val = (void *) strdup(p); - else - option->val = NULL; - - return 0; -} - -static int set_option_int(char *filename, int line, OPTION *option, char *p) -{ - int *iptr; - - if (p == NULL) { - error("%s: line %d: bogus option value", filename, line); - return (-1); - } - - if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) { - novm("read_config"); - return (-1); - } - - *iptr = atoi(p); - option->val = (void *) iptr; - - return 0; -} - -static int set_option_srv(char *filename, int line, OPTION *option, char *p) -{ - SERVER *serv; - char *q; - struct servent *svp; - int i; - - if (p == NULL) { - error("%s: line %d: bogus option value", filename, line); - return (-1); - } - - serv = (SERVER *) option->val; - - for (i = 0; i < serv->max; i++) { - free(serv->name[i]); - } - serv->max = 0; - - while ((p = strtok(p, ", \t")) != NULL) { - - if ((q = strchr(p,':')) != NULL) { - *q = '\0'; - q++; - serv->port[serv->max] = atoi(q); - } else { - if (!strcmp(option->name,"authserver")) - if ((svp = getservbyname ("radius", "udp")) == NULL) - serv->port[serv->max] = PW_AUTH_UDP_PORT; - else - serv->port[serv->max] = ntohs ((unsigned int) svp->s_port); - else if (!strcmp(option->name, "acctserver")) - if ((svp = getservbyname ("radacct", "udp")) == NULL) - serv->port[serv->max] = PW_ACCT_UDP_PORT; - else - serv->port[serv->max] = ntohs ((unsigned int) svp->s_port); - else { - error("%s: line %d: no default port for %s", filename, line, option->name); - return (-1); - } - } - - serv->name[serv->max++] = strdup(p); - - p = NULL; - } - - return 0; -} - -static int set_option_auo(char *filename, int line, OPTION *option, char *p) -{ - int *iptr; - - if (p == NULL) { - warn("%s: line %d: bogus option value", filename, line); - return (-1); - } - - if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) { - novm("read_config"); - return (-1); - } - - *iptr = 0; - p = strtok(p, ", \t"); - - if (!strncmp(p, "local", 5)) - *iptr = AUTH_LOCAL_FST; - else if (!strncmp(p, "radius", 6)) - *iptr = AUTH_RADIUS_FST; - else { - error("%s: auth_order: unknown keyword: %s", filename, p); - return (-1); - } - - p = strtok(NULL, ", \t"); - - if (p && (*p != '\0')) { - if ((*iptr & AUTH_RADIUS_FST) && !strcmp(p, "local")) - *iptr = (*iptr) | AUTH_LOCAL_SND; - else if ((*iptr & AUTH_LOCAL_FST) && !strcmp(p, "radius")) - *iptr = (*iptr) | AUTH_RADIUS_SND; - else { - error("%s: auth_order: unknown or unexpected keyword: %s", filename, p); - return (-1); - } - } - - option->val = (void *) iptr; - - return 0; -} - - -/* - * Function: rc_read_config - * - * Purpose: read the global config file - * - * Returns: 0 on success, -1 when failure - */ - -int rc_read_config(char *filename) -{ - FILE *configfd; - char buffer[512], *p; - OPTION *option; - int line, pos; - - if ((configfd = fopen(filename,"r")) == NULL) - { - error("rc_read_config: can't open %s: %m", filename); - return (-1); - } - - line = 0; - while ((fgets(buffer, sizeof(buffer), configfd) != NULL)) - { - line++; - p = buffer; - - if ((*p == '\n') || (*p == '#') || (*p == '\0')) - continue; - - p[strlen(p)-1] = '\0'; - - - if ((pos = strcspn(p, "\t ")) == 0) { - error("%s: line %d: bogus format: %s", filename, line, p); - return (-1); - } - - p[pos] = '\0'; - - if ((option = find_option(p, OT_ANY)) == NULL) { - warn("%s: line %d: unrecognized keyword: %s", filename, line, p); - continue; - } - - if (option->status != ST_UNDEF) { - error("%s: line %d: duplicate option line: %s", filename, line, p); - return (-1); - } - - p += pos+1; - while (isspace(*p)) - p++; - - switch (option->type) { - case OT_STR: - if (set_option_str(filename, line, option, p) < 0) - return (-1); - break; - case OT_INT: - if (set_option_int(filename, line, option, p) < 0) - return (-1); - break; - case OT_SRV: - if (set_option_srv(filename, line, option, p) < 0) - return (-1); - break; - case OT_AUO: - if (set_option_auo(filename, line, option, p) < 0) - return (-1); - break; - default: - fatal("rc_read_config: impossible case branch!"); - abort(); - } - } - fclose(configfd); - - return test_config(filename); -} - -/* - * Function: rc_conf_str, rc_conf_int, rc_conf_src - * - * Purpose: get the value of a config option - * - * Returns: config option value - */ - -char *rc_conf_str(char *optname) -{ - OPTION *option; - - option = find_option(optname, OT_STR); - - if (option == NULL) - fatal("rc_conf_str: unkown config option requested: %s", optname); - return (char *)option->val; -} - -int rc_conf_int(char *optname) -{ - OPTION *option; - - option = find_option(optname, OT_INT|OT_AUO); - - if (option == NULL) - fatal("rc_conf_int: unkown config option requested: %s", optname); - return *((int *)option->val); -} - -SERVER *rc_conf_srv(char *optname) -{ - OPTION *option; - - option = find_option(optname, OT_SRV); - - if (option == NULL) - fatal("rc_conf_srv: unkown config option requested: %s", optname); - return (SERVER *)option->val; -} - -/* - * Function: test_config - * - * Purpose: test the configuration the user supplied - * - * Returns: 0 on success, -1 when failure - */ - -static int test_config(char *filename) -{ -#if 0 - struct stat st; - char *file; -#endif - - if (!(rc_conf_srv("authserver")->max)) - { - error("%s: no authserver specified", filename); - return (-1); - } - if (!(rc_conf_srv("acctserver")->max)) - { - error("%s: no acctserver specified", filename); - return (-1); - } - if (!rc_conf_str("servers")) - { - error("%s: no servers file specified", filename); - return (-1); - } - if (!rc_conf_str("dictionary")) - { - error("%s: no dictionary specified", filename); - return (-1); - } - - if (rc_conf_int("radius_timeout") <= 0) - { - error("%s: radius_timeout <= 0 is illegal", filename); - return (-1); - } - if (rc_conf_int("radius_retries") <= 0) - { - error("%s: radius_retries <= 0 is illegal", filename); - return (-1); - } - -#if 0 - file = rc_conf_str("login_local"); - if (stat(file, &st) == 0) - { - if (!S_ISREG(st.st_mode)) { - error("%s: not a regular file: %s", filename, file); - return (-1); - } - } else { - error("%s: file not found: %s", filename, file); - return (-1); - } - file = rc_conf_str("login_radius"); - if (stat(file, &st) == 0) - { - if (!S_ISREG(st.st_mode)) { - error("%s: not a regular file: %s", filename, file); - return (-1); - } - } else { - error("%s: file not found: %s", filename, file); - return (-1); - } -#endif - - if (rc_conf_int("login_tries") <= 0) - { - error("%s: login_tries <= 0 is illegal", filename); - return (-1); - } - if (rc_conf_str("seqfile") == NULL) - { - error("%s: seqfile not specified", filename); - return (-1); - } - if (rc_conf_int("login_timeout") <= 0) - { - error("%s: login_timeout <= 0 is illegal", filename); - return (-1); - } - if (rc_conf_str("mapfile") == NULL) - { - error("%s: mapfile not specified", filename); - return (-1); - } - if (rc_conf_str("nologin") == NULL) - { - error("%s: nologin not specified", filename); - return (-1); - } - - return 0; -} - -/* - * Function: rc_find_match - * - * Purpose: see if ip_addr is one of the ip addresses of hostname - * - * Returns: 0 on success, -1 when failure - * - */ - -static int find_match (UINT4 *ip_addr, char *hostname) -{ - UINT4 addr; - char **paddr; - struct hostent *hp; - - if (rc_good_ipaddr (hostname) == 0) - { - if (*ip_addr == ntohl(inet_addr (hostname))) - { - return (0); - } - } - else - { - if ((hp = gethostbyname (hostname)) == (struct hostent *) NULL) - { - return (-1); - } - for (paddr = hp->h_addr_list; *paddr; paddr++) - { - addr = ** (UINT4 **) paddr; - if (ntohl(addr) == *ip_addr) - { - return (0); - } - } - } - return (-1); -} - -/* - * Function: rc_find_server - * - * Purpose: search a server in the servers file - * - * Returns: 0 on success, -1 on failure - * - */ - -int rc_find_server (char *server_name, UINT4 *ip_addr, char *secret) -{ - UINT4 myipaddr = 0; - int len; - int result; - FILE *clientfd; - char *h; - char *s; - char *host2; - char buffer[128]; - char hostnm[AUTH_ID_LEN + 1]; - - /* Get the IP address of the authentication server */ - if ((*ip_addr = rc_get_ipaddr (server_name)) == (UINT4) 0) - return (-1); - - if ((clientfd = fopen (rc_conf_str("servers"), "r")) == (FILE *) NULL) - { - error("rc_find_server: couldn't open file: %m: %s", rc_conf_str("servers")); - return (-1); - } - - myipaddr = rc_own_ipaddress(); - - result = 0; - while (fgets (buffer, sizeof (buffer), clientfd) != (char *) NULL) - { - if (*buffer == '#') - continue; - - if ((h = strtok (buffer, " \t\n")) == NULL) /* first hostname */ - continue; - - memset (hostnm, '\0', AUTH_ID_LEN); - len = strlen (h); - if (len > AUTH_ID_LEN) - { - len = AUTH_ID_LEN; - } - strncpy (hostnm, h, (size_t) len); - hostnm[AUTH_ID_LEN] = '\0'; - - if ((s = strtok (NULL, " \t\n")) == NULL) /* and secret field */ - continue; - - memset (secret, '\0', MAX_SECRET_LENGTH); - len = strlen (s); - if (len > MAX_SECRET_LENGTH) - { - len = MAX_SECRET_LENGTH; - } - strncpy (secret, s, (size_t) len); - secret[MAX_SECRET_LENGTH] = '\0'; - - if (!strchr (hostnm, '/')) /* If single name form */ - { - if (find_match (ip_addr, hostnm) == 0) - { - result++; - break; - } - } - else /* <name1>/<name2> "paired" form */ - { - strtok (hostnm, "/"); - if (find_match (&myipaddr, hostnm) == 0) - { /* If we're the 1st name, target is 2nd */ - host2 = strtok (NULL, " "); - if (find_match (ip_addr, host2) == 0) - { - result++; - break; - } - } - else /* If we were 2nd name, target is 1st name */ - { - if (find_match (ip_addr, hostnm) == 0) - { - result++; - break; - } - } - } - } - fclose (clientfd); - if (result == 0) - { - memset (buffer, '\0', sizeof (buffer)); - memset (secret, '\0', sizeof (secret)); - error("rc_find_server: couldn't find RADIUS server %s in %s", - server_name, rc_conf_str("servers")); - return (-1); - } - return 0; -} diff --git a/pppd/plugins/radius/dict.c b/pppd/plugins/radius/dict.c deleted file mode 100644 index 72b3e70..0000000 --- a/pppd/plugins/radius/dict.c +++ /dev/null @@ -1,450 +0,0 @@ -/* - * $Id: dict.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 2002 Roaring Penguin Software Inc. - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> - -static DICT_ATTR *dictionary_attributes = NULL; -static DICT_VALUE *dictionary_values = NULL; -static VENDOR_DICT *vendor_dictionaries = NULL; - -/* - * Function: rc_read_dictionary - * - * Purpose: Initialize the dictionary. Read all ATTRIBUTES into - * the dictionary_attributes list. Read all VALUES into - * the dictionary_values list. Construct VENDOR dictionaries - * as required. - * - */ - -int rc_read_dictionary (char *filename) -{ - FILE *dictfd; - char dummystr[AUTH_ID_LEN]; - char namestr[AUTH_ID_LEN]; - char valstr[AUTH_ID_LEN]; - char attrstr[AUTH_ID_LEN]; - char typestr[AUTH_ID_LEN]; - char vendorstr[AUTH_ID_LEN]; - int line_no; - DICT_ATTR *attr; - DICT_VALUE *dval; - VENDOR_DICT *vdict; - char buffer[256]; - int value; - int type; - int n; - int retcode; - if ((dictfd = fopen (filename, "r")) == (FILE *) NULL) - { - error( "rc_read_dictionary: couldn't open dictionary %s: %s", - filename, strerror(errno)); - return (-1); - } - - line_no = 0; - retcode = 0; - while (fgets (buffer, sizeof (buffer), dictfd) != (char *) NULL) - { - line_no++; - - /* Skip empty space */ - if (*buffer == '#' || *buffer == '\0' || *buffer == '\n') - { - continue; - } - - if (strncmp (buffer, "VENDOR", 6) == 0) { - /* Read the VENDOR line */ - if (sscanf(buffer, "%s%s%d", dummystr, namestr, &value) != 3) { - error("rc_read_dictionary: invalid vendor on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - /* Validate entry */ - if (strlen (namestr) > NAME_LENGTH) { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - /* Create new vendor entry */ - vdict = (VENDOR_DICT *) malloc (sizeof (VENDOR_DICT)); - if (!vdict) { - novm("rc_read_dictionary"); - retcode = -1; - break; - } - strcpy(vdict->vendorname, namestr); - vdict->vendorcode = value; - vdict->attributes = NULL; - vdict->next = vendor_dictionaries; - vendor_dictionaries = vdict; - } - else if (strncmp (buffer, "ATTRIBUTE", 9) == 0) - { - - /* Read the ATTRIBUTE line. It is one of: - * ATTRIBUTE attr_name attr_val type OR - * ATTRIBUTE attr_name attr_val type vendor */ - vendorstr[0] = 0; - n = sscanf(buffer, "%s%s%s%s%s", dummystr, namestr, valstr, typestr, vendorstr); - if (n != 4 && n != 5) - { - error("rc_read_dictionary: invalid attribute on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - /* - * Validate all entries - */ - if (strlen (namestr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (strlen (vendorstr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (!isdigit (*valstr)) - { - error("rc_read_dictionary: invalid value on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - value = atoi (valstr); - - if (strcmp (typestr, "string") == 0) - { - type = PW_TYPE_STRING; - } - else if (strcmp (typestr, "integer") == 0) - { - type = PW_TYPE_INTEGER; - } - else if (strcmp (typestr, "ipaddr") == 0) - { - type = PW_TYPE_IPADDR; - } - else if (strcmp (typestr, "date") == 0) - { - type = PW_TYPE_DATE; - } - else - { - error("rc_read_dictionary: invalid type on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - /* Search for vendor if supplied */ - if (*vendorstr) { - vdict = rc_dict_findvendor(vendorstr); - if (!vdict) { - error("rc_read_dictionary: unknown vendor on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - } else { - vdict = NULL; - } - /* Create a new attribute for the list */ - if ((attr = - (DICT_ATTR *) malloc (sizeof (DICT_ATTR))) - == (DICT_ATTR *) NULL) - { - novm("rc_read_dictionary"); - retcode = -1; - break; - } - strcpy (attr->name, namestr); - if (vdict) { - attr->vendorcode = vdict->vendorcode; - } else { - attr->vendorcode = VENDOR_NONE; - } - attr->value = value; - attr->type = type; - - /* Insert it into the list */ - if (vdict) { - attr->next = vdict->attributes; - vdict->attributes = attr; - } else { - attr->next = dictionary_attributes; - dictionary_attributes = attr; - } - } - else if (strncmp (buffer, "VALUE", 5) == 0) - { - /* Read the VALUE line */ - if (sscanf (buffer, "%s%s%s%s", dummystr, attrstr, - namestr, valstr) != 4) - { - error("rc_read_dictionary: invalid value entry on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - /* - * Validate all entries - */ - if (strlen (attrstr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid attribute length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (strlen (namestr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (!isdigit (*valstr)) - { - error("rc_read_dictionary: invalid value on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - value = atoi (valstr); - - /* Create a new VALUE entry for the list */ - if ((dval = - (DICT_VALUE *) malloc (sizeof (DICT_VALUE))) - == (DICT_VALUE *) NULL) - { - novm("rc_read_dictionary"); - retcode = -1; - break; - } - strcpy (dval->attrname, attrstr); - strcpy (dval->name, namestr); - dval->value = value; - - /* Insert it into the list */ - dval->next = dictionary_values; - dictionary_values = dval; - } - else if (strncmp (buffer, "INCLUDE", 7) == 0) - { - /* Read the INCLUDE line */ - if (sscanf (buffer, "%s%s", dummystr, namestr) != 2) - { - error("rc_read_dictionary: invalid include entry on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - if (rc_read_dictionary(namestr) == -1) - { - retcode = -1; - break; - } - } - } - fclose (dictfd); - return retcode; -} - -/* - * Function: rc_dict_getattr - * - * Purpose: Return the full attribute structure based on the - * attribute id number and vendor code. If vendor code is VENDOR_NONE, - * non-vendor-specific attributes are used - * - */ - -DICT_ATTR *rc_dict_getattr (int attribute, int vendor) -{ - DICT_ATTR *attr; - VENDOR_DICT *dict; - - if (vendor == VENDOR_NONE) { - attr = dictionary_attributes; - while (attr != (DICT_ATTR *) NULL) { - if (attr->value == attribute) { - return (attr); - } - attr = attr->next; - } - } else { - dict = rc_dict_getvendor(vendor); - if (!dict) { - return NULL; - } - attr = dict->attributes; - while (attr) { - if (attr->value == attribute) { - return attr; - } - attr = attr->next; - } - } - return NULL; -} - -/* - * Function: rc_dict_findattr - * - * Purpose: Return the full attribute structure based on the - * attribute name. - * - */ - -DICT_ATTR *rc_dict_findattr (char *attrname) -{ - DICT_ATTR *attr; - VENDOR_DICT *dict; - - attr = dictionary_attributes; - while (attr != (DICT_ATTR *) NULL) - { - if (strcasecmp (attr->name, attrname) == 0) - { - return (attr); - } - attr = attr->next; - } - - /* Search vendor-specific dictionaries */ - dict = vendor_dictionaries; - while (dict) { - attr = dict->attributes; - while (attr) { - if (strcasecmp (attr->name, attrname) == 0) { - return (attr); - } - attr = attr->next; - } - dict = dict->next; - } - return ((DICT_ATTR *) NULL); -} - - -/* - * Function: rc_dict_findval - * - * Purpose: Return the full value structure based on the - * value name. - * - */ - -DICT_VALUE *rc_dict_findval (char *valname) -{ - DICT_VALUE *val; - - val = dictionary_values; - while (val != (DICT_VALUE *) NULL) - { - if (strcasecmp (val->name, valname) == 0) - { - return (val); - } - val = val->next; - } - return ((DICT_VALUE *) NULL); -} - -/* - * Function: dict_getval - * - * Purpose: Return the full value structure based on the - * actual value and the associated attribute name. - * - */ - -DICT_VALUE * rc_dict_getval (UINT4 value, char *attrname) -{ - DICT_VALUE *val; - - val = dictionary_values; - while (val != (DICT_VALUE *) NULL) - { - if (strcmp (val->attrname, attrname) == 0 && - val->value == value) - { - return (val); - } - val = val->next; - } - return ((DICT_VALUE *) NULL); -} - -/* - * Function: rc_dict_findvendor - * - * Purpose: Return the vendor's dictionary given the vendor name. - * - */ -VENDOR_DICT * rc_dict_findvendor (char *vendorname) -{ - VENDOR_DICT *dict; - - dict = vendor_dictionaries; - while (dict) { - if (!strcmp(vendorname, dict->vendorname)) { - return dict; - } - dict = dict->next; - } - return NULL; -} - -/* - * Function: rc_dict_getvendor - * - * Purpose: Return the vendor's dictionary given the vendor ID - * - */ -VENDOR_DICT * rc_dict_getvendor (int id) -{ - VENDOR_DICT *dict; - - dict = vendor_dictionaries; - while (dict) { - if (id == dict->vendorcode) { - return dict; - } - dict = dict->next; - } - return NULL; -} diff --git a/pppd/plugins/radius/etc/dictionary b/pppd/plugins/radius/etc/dictionary deleted file mode 100644 index 6dd086a..0000000 --- a/pppd/plugins/radius/etc/dictionary +++ /dev/null @@ -1,253 +0,0 @@ -# -# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl -# -# This file contains dictionary translations for parsing -# requests and generating responses. All transactions are -# composed of Attribute/Value Pairs. The value of each attribute -# is specified as one of 4 data types. Valid data types are: -# -# string - 0-253 octets -# ipaddr - 4 octets in network byte order -# integer - 32 bit value in big endian order (high byte first) -# date - 32 bit value in big endian order - seconds since -# 00:00:00 GMT, Jan. 1, 1970 -# -# Enumerated values are stored in the user file with dictionary -# VALUE translations for easy administration. -# -# Example: -# -# ATTRIBUTE VALUE -# --------------- ----- -# Framed-Protocol = PPP -# 7 = 1 (integer encoding) -# - -# The dictionary format now supports vendor-specific attributes. -# Vendors are introduced like this: -# -# VENDOR vendor_name vendor_number -# -# For example: -# -# VENDOR RoaringPenguin 10055 -# -# Vendor-specific attributes have a fifth field with the name of the -# vendor. For example: -# -# ATTRIBUTE RP-Upstream-Speed-Limit 1 integer RoaringPenguin -# -# introduces a Roaring Penguin vendor-specific attribbute with name -# RP-Upstream-Speed-Limit, number 1, type integer and vendor RoaringPenguin. - -# -# Following are the proper new names. Use these. -# -ATTRIBUTE User-Name 1 string -ATTRIBUTE Password 2 string -ATTRIBUTE CHAP-Password 3 string -ATTRIBUTE NAS-IP-Address 4 ipaddr -ATTRIBUTE NAS-Port-Id 5 integer -ATTRIBUTE Service-Type 6 integer -ATTRIBUTE Framed-Protocol 7 integer -ATTRIBUTE Framed-IP-Address 8 ipaddr -ATTRIBUTE Framed-IP-Netmask 9 ipaddr -ATTRIBUTE Framed-Routing 10 integer -ATTRIBUTE Filter-Id 11 string -ATTRIBUTE Framed-MTU 12 integer -ATTRIBUTE Framed-Compression 13 integer -ATTRIBUTE Login-IP-Host 14 ipaddr -ATTRIBUTE Login-Service 15 integer -ATTRIBUTE Login-TCP-Port 16 integer -ATTRIBUTE Reply-Message 18 string -ATTRIBUTE Callback-Number 19 string -ATTRIBUTE Callback-Id 20 string -ATTRIBUTE Framed-Route 22 string -ATTRIBUTE Framed-IPX-Network 23 ipaddr -ATTRIBUTE State 24 string -ATTRIBUTE Class 25 string -ATTRIBUTE Session-Timeout 27 integer -ATTRIBUTE Idle-Timeout 28 integer -ATTRIBUTE Termination-Action 29 integer -ATTRIBUTE Called-Station-Id 30 string -ATTRIBUTE Calling-Station-Id 31 string -ATTRIBUTE NAS-Identifier 32 string -ATTRIBUTE Acct-Status-Type 40 integer -ATTRIBUTE Acct-Delay-Time 41 integer -ATTRIBUTE Acct-Input-Octets 42 integer -ATTRIBUTE Acct-Output-Octets 43 integer -ATTRIBUTE Acct-Session-Id 44 string -ATTRIBUTE Acct-Authentic 45 integer -ATTRIBUTE Acct-Session-Time 46 integer -ATTRIBUTE Acct-Input-Packets 47 integer -ATTRIBUTE Acct-Output-Packets 48 integer -ATTRIBUTE Acct-Terminate-Cause 49 integer -ATTRIBUTE Chap-Challenge 60 string -ATTRIBUTE NAS-Port-Type 61 integer -ATTRIBUTE Port-Limit 62 integer -ATTRIBUTE Connect-Info 77 string - -# RFC 2869 -ATTRIBUTE Acct-Interim-Interval 85 integer - -# -# Experimental Non Protocol Attributes used by Cistron-Radiusd -# -ATTRIBUTE Huntgroup-Name 221 string -ATTRIBUTE User-Category 1029 string -ATTRIBUTE Group-Name 1030 string -ATTRIBUTE Simultaneous-Use 1034 integer -ATTRIBUTE Strip-User-Name 1035 integer -ATTRIBUTE Fall-Through 1036 integer -ATTRIBUTE Add-Port-To-IP-Address 1037 integer -ATTRIBUTE Exec-Program 1038 string -ATTRIBUTE Exec-Program-Wait 1039 string -ATTRIBUTE Hint 1040 string - -# -# Non-Protocol Attributes -# These attributes are used internally by the server -# -ATTRIBUTE Expiration 21 date -ATTRIBUTE Auth-Type 1000 integer -ATTRIBUTE Menu 1001 string -ATTRIBUTE Termination-Menu 1002 string -ATTRIBUTE Prefix 1003 string -ATTRIBUTE Suffix 1004 string -ATTRIBUTE Group 1005 string -ATTRIBUTE Crypt-Password 1006 string -ATTRIBUTE Connect-Rate 1007 integer - -# -# Experimental, implementation specific attributes -# -# Limit session traffic -ATTRIBUTE Session-Octets-Limit 227 integer -# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out) -ATTRIBUTE Octets-Direction 228 integer - -# -# Integer Translations -# - -# User Types - -VALUE Service-Type Login-User 1 -VALUE Service-Type Framed-User 2 -VALUE Service-Type Callback-Login-User 3 -VALUE Service-Type Callback-Framed-User 4 -VALUE Service-Type Outbound-User 5 -VALUE Service-Type Administrative-User 6 -VALUE Service-Type NAS-Prompt-User 7 - -# Framed Protocols - -VALUE Framed-Protocol PPP 1 -VALUE Framed-Protocol SLIP 2 - -# Framed Routing Values - -VALUE Framed-Routing None 0 -VALUE Framed-Routing Broadcast 1 -VALUE Framed-Routing Listen 2 -VALUE Framed-Routing Broadcast-Listen 3 - -# Framed Compression Types - -VALUE Framed-Compression None 0 -VALUE Framed-Compression Van-Jacobson-TCP-IP 1 - -# Login Services - -VALUE Login-Service Telnet 0 -VALUE Login-Service Rlogin 1 -VALUE Login-Service TCP-Clear 2 -VALUE Login-Service PortMaster 3 - -# Status Types - -VALUE Acct-Status-Type Start 1 -VALUE Acct-Status-Type Stop 2 -VALUE Acct-Status-Type Accounting-On 7 -VALUE Acct-Status-Type Accounting-Off 8 - -# Authentication Types - -VALUE Acct-Authentic RADIUS 1 -VALUE Acct-Authentic Local 2 -VALUE Acct-Authentic PowerLink128 100 - -# Termination Options - -VALUE Termination-Action Default 0 -VALUE Termination-Action RADIUS-Request 1 - -# NAS Port Types, available in 3.3.1 and later - -VALUE NAS-Port-Type Async 0 -VALUE NAS-Port-Type Sync 1 -VALUE NAS-Port-Type ISDN 2 -VALUE NAS-Port-Type ISDN-V120 3 -VALUE NAS-Port-Type ISDN-V110 4 - -# Acct Terminate Causes, available in 3.3.2 and later - -VALUE Acct-Terminate-Cause User-Request 1 -VALUE Acct-Terminate-Cause Lost-Carrier 2 -VALUE Acct-Terminate-Cause Lost-Service 3 -VALUE Acct-Terminate-Cause Idle-Timeout 4 -VALUE Acct-Terminate-Cause Session-Timeout 5 -VALUE Acct-Terminate-Cause Admin-Reset 6 -VALUE Acct-Terminate-Cause Admin-Reboot 7 -VALUE Acct-Terminate-Cause Port-Error 8 -VALUE Acct-Terminate-Cause NAS-Error 9 -VALUE Acct-Terminate-Cause NAS-Request 10 -VALUE Acct-Terminate-Cause NAS-Reboot 11 -VALUE Acct-Terminate-Cause Port-Unneeded 12 -VALUE Acct-Terminate-Cause Port-Preempted 13 -VALUE Acct-Terminate-Cause Port-Suspended 14 -VALUE Acct-Terminate-Cause Service-Unavailable 15 -VALUE Acct-Terminate-Cause Callback 16 -VALUE Acct-Terminate-Cause User-Error 17 -VALUE Acct-Terminate-Cause Host-Request 18 - -# -# Non-Protocol Integer Translations -# - -VALUE Auth-Type Local 0 -VALUE Auth-Type System 1 -VALUE Auth-Type SecurID 2 -VALUE Auth-Type Crypt-Local 3 -VALUE Auth-Type Reject 4 - -# -# Cistron extensions -# -VALUE Auth-Type Pam 253 -VALUE Auth-Type None 254 - -# -# Experimental Non-Protocol Integer Translations for Cistron-Radiusd -# -VALUE Fall-Through No 0 -VALUE Fall-Through Yes 1 -VALUE Add-Port-To-IP-Address No 0 -VALUE Add-Port-To-IP-Address Yes 1 - -# -# Configuration Values -# uncomment these two lines to turn account expiration on -# - -#VALUE Server-Config Password-Expiration 30 -#VALUE Server-Config Password-Warning 5 - -# Octets-Direction -VALUE Octets-Direction Sum 0 -VALUE Octets-Direction Input 1 -VALUE Octets-Direction Output 2 -VALUE Octets-Direction MaxOveral 3 -VALUE Octets-Direction MaxSession 4 - -INCLUDE /etc/radiusclient/dictionary.microsoft diff --git a/pppd/plugins/radius/etc/dictionary.ascend b/pppd/plugins/radius/etc/dictionary.ascend deleted file mode 100644 index f9f9bdc..0000000 --- a/pppd/plugins/radius/etc/dictionary.ascend +++ /dev/null @@ -1,295 +0,0 @@ -# -# Ascend dictionary. -# -# -# Version: 1.00 21-Jul-1997 Jens Glaser <jens@regio.net> -# - - -# -# Ascend specific extensions -# Used by ASCEND MAX/Pipeline products -# -ATTRIBUTE Ascend-FCP-Parameter 119 string -ATTRIBUTE Ascend-Modem-PortNo 120 integer -ATTRIBUTE Ascend-Modem-SlotNo 121 integer -ATTRIBUTE Ascend-Modem-ShelfNo 122 integer -ATTRIBUTE Ascend-Call-Attempt-Limit 123 integer -ATTRIBUTE Ascend-Call-Block-Duration 124 integer -ATTRIBUTE Ascend-Maximum-Call-Duration 125 integer -ATTRIBUTE Ascend-Temporary-Rtes 126 integer -ATTRIBUTE Tunneling-Protocol 127 integer -ATTRIBUTE Ascend-Shared-Profile-Enable 128 integer -ATTRIBUTE Ascend-Primary-Home-Agent 129 string -ATTRIBUTE Ascend-Secondary-Home-Agent 130 string -ATTRIBUTE Ascend-Dialout-Allowed 131 integer -ATTRIBUTE Ascend-Client-Gateway 132 ipaddr -ATTRIBUTE Ascend-BACP-Enable 133 integer -ATTRIBUTE Ascend-DHCP-Maximum-Leases 134 integer -ATTRIBUTE Ascend-Client-Primary-DNS 135 ipaddr -ATTRIBUTE Ascend-Client-Secondary-DNS 136 ipaddr -ATTRIBUTE Ascend-Client-Assign-DNS 137 integer -ATTRIBUTE Ascend-User-Acct-Type 138 integer -ATTRIBUTE Ascend-User-Acct-Host 139 ipaddr -ATTRIBUTE Ascend-User-Acct-Port 140 integer -ATTRIBUTE Ascend-User-Acct-Key 141 string -ATTRIBUTE Ascend-User-Acct-Base 142 integer -ATTRIBUTE Ascend-User-Acct-Time 143 integer -ATTRIBUTE Ascend-Assign-IP-Client 144 ipaddr -ATTRIBUTE Ascend-Assign-IP-Server 145 ipaddr -ATTRIBUTE Ascend-Assign-IP-Global-Pool 146 string -ATTRIBUTE Ascend-DHCP-Reply 147 integer -ATTRIBUTE Ascend-DHCP-Pool-Number 148 integer -ATTRIBUTE Ascend-Expect-Callback 149 integer -ATTRIBUTE Ascend-Event-Type 150 integer -ATTRIBUTE Ascend-Session-Svr-Key 151 string -ATTRIBUTE Ascend-Multicast-Rate-Limit 152 integer -ATTRIBUTE Ascend-IF-Netmask 153 ipaddr -ATTRIBUTE Ascend-Remote-Addr 154 ipaddr -ATTRIBUTE Ascend-Multicast-Client 155 integer -ATTRIBUTE Ascend-FR-Circuit-Name 156 string -ATTRIBUTE Ascend-FR-LinkUp 157 integer -ATTRIBUTE Ascend-FR-Nailed-Grp 158 integer -ATTRIBUTE Ascend-FR-Type 159 integer -ATTRIBUTE Ascend-FR-Link-Mgt 160 integer -ATTRIBUTE Ascend-FR-N391 161 integer -ATTRIBUTE Ascend-FR-DCE-N392 162 integer -ATTRIBUTE Ascend-FR-DTE-N392 163 integer -ATTRIBUTE Ascend-FR-DCE-N393 164 integer -ATTRIBUTE Ascend-FR-DTE-N393 165 integer -ATTRIBUTE Ascend-FR-T391 166 integer -ATTRIBUTE Ascend-FR-T392 167 integer -ATTRIBUTE Ascend-Bridge-Address 168 string -ATTRIBUTE Ascend-TS-Idle-Limit 169 integer -ATTRIBUTE Ascend-TS-Idle-Mode 170 integer -ATTRIBUTE Ascend-DBA-Monitor 171 integer -ATTRIBUTE Ascend-Base-Channel-Count 172 integer -ATTRIBUTE Ascend-Minimum-Channels 173 integer -ATTRIBUTE Ascend-IPX-Route 174 string -ATTRIBUTE Ascend-FT1-Caller 175 integer -ATTRIBUTE Ascend-Backup 176 string -ATTRIBUTE Ascend-Call-Type 177 integer -ATTRIBUTE Ascend-Group 178 string -ATTRIBUTE Ascend-FR-DLCI 179 integer -ATTRIBUTE Ascend-FR-Profile-Name 180 string -ATTRIBUTE Ascend-Ara-PW 181 string -ATTRIBUTE Ascend-IPX-Node-Addr 182 string -ATTRIBUTE Ascend-Home-Agent-IP-Addr 183 ipaddr -ATTRIBUTE Ascend-Home-Agent-Password 184 string -ATTRIBUTE Ascend-Home-Network-Name 185 string -ATTRIBUTE Ascend-Home-Agent-UDP-Port 186 integer -ATTRIBUTE Ascend-Multilink-ID 187 integer -ATTRIBUTE Ascend-Num-In-Multilink 188 integer -ATTRIBUTE Ascend-First-Dest 189 ipaddr -ATTRIBUTE Ascend-Pre-Input-Octets 190 integer -ATTRIBUTE Ascend-Pre-Output-Octets 191 integer -ATTRIBUTE Ascend-Pre-Input-Packets 192 integer -ATTRIBUTE Ascend-Pre-Output-Packets 193 integer -ATTRIBUTE Ascend-Maximum-Time 194 integer -ATTRIBUTE Ascend-Disconnect-Cause 195 integer -ATTRIBUTE Ascend-Connect-Progress 196 integer -ATTRIBUTE Ascend-Data-Rate 197 integer -ATTRIBUTE Ascend-PreSession-Time 198 integer -ATTRIBUTE Ascend-Token-Idle 199 integer -ATTRIBUTE Ascend-Token-Immediate 200 integer -ATTRIBUTE Ascend-Require-Auth 201 integer -ATTRIBUTE Ascend-Number-Sessions 202 string -ATTRIBUTE Ascend-Authen-Alias 203 string -ATTRIBUTE Ascend-Token-Expiry 204 integer -ATTRIBUTE Ascend-Menu-Selector 205 string -ATTRIBUTE Ascend-Menu-Item 206 string -ATTRIBUTE Ascend-PW-Warntime 207 integer -ATTRIBUTE Ascend-PW-Lifetime 208 integer -ATTRIBUTE Ascend-IP-Direct 209 ipaddr -ATTRIBUTE Ascend-PPP-VJ-Slot-Comp 210 integer -ATTRIBUTE Ascend-PPP-VJ-1172 211 integer -ATTRIBUTE Ascend-PPP-Async-Map 212 integer -ATTRIBUTE Ascend-Third-Prompt 213 string -ATTRIBUTE Ascend-Send-Secret 214 string -ATTRIBUTE Ascend-Receive-Secret 215 string -ATTRIBUTE Ascend-IPX-Peer-Mode 216 integer -ATTRIBUTE Ascend-IP-Pool-Definition 217 string -ATTRIBUTE Ascend-Assign-IP-Pool 218 integer -ATTRIBUTE Ascend-FR-Direct 219 integer -ATTRIBUTE Ascend-FR-Direct-Profile 220 string -ATTRIBUTE Ascend-FR-Direct-DLCI 221 integer -ATTRIBUTE Ascend-Handle-IPX 222 integer -ATTRIBUTE Ascend-Netware-timeout 223 integer -ATTRIBUTE Ascend-IPX-Alias 224 integer -ATTRIBUTE Ascend-Metric 225 integer -ATTRIBUTE Ascend-PRI-Number-Type 226 integer -ATTRIBUTE Ascend-Dial-Number 227 string -ATTRIBUTE Ascend-Route-IP 228 integer -ATTRIBUTE Ascend-Route-IPX 229 integer -ATTRIBUTE Ascend-Bridge 230 integer -ATTRIBUTE Ascend-Send-Auth 231 integer -ATTRIBUTE Ascend-Send-Passwd 232 string -ATTRIBUTE Ascend-Link-Compression 233 integer -ATTRIBUTE Ascend-Target-Util 234 integer -ATTRIBUTE Ascend-Maximum-Channels 235 integer -ATTRIBUTE Ascend-Inc-Channel-Count 236 integer -ATTRIBUTE Ascend-Dec-Channel-Count 237 integer -ATTRIBUTE Ascend-Seconds-Of-History 238 integer -ATTRIBUTE Ascend-History-Weigh-Type 239 integer -ATTRIBUTE Ascend-Add-Seconds 240 integer -ATTRIBUTE Ascend-Remove-Seconds 241 integer -ATTRIBUTE Ascend-Idle-Limit 244 integer -ATTRIBUTE Ascend-Preempt-Limit 245 integer -ATTRIBUTE Ascend-Callback 246 integer -ATTRIBUTE Ascend-Data-Svc 247 integer -ATTRIBUTE Ascend-Force-56 248 integer -ATTRIBUTE Ascend-Billing-Number 249 string -ATTRIBUTE Ascend-Call-By-Call 250 integer -ATTRIBUTE Ascend-Transit-Number 251 string -ATTRIBUTE Ascend-Host-Info 252 string -ATTRIBUTE Ascend-PPP-Address 253 ipaddr -ATTRIBUTE Ascend-MPP-Idle-Percent 254 integer -ATTRIBUTE Ascend-Xmit-Rate 255 integer - - - -# Ascend protocols -VALUE Service-Type Dialout-Framed-User 5 -VALUE Framed-Protocol ARA 255 -VALUE Framed-Protocol MPP 256 -VALUE Framed-Protocol EURAW 257 -VALUE Framed-Protocol EUUI 258 -VALUE Framed-Protocol X25 259 -VALUE Framed-Protocol COMB 260 -VALUE Framed-Protocol FR 261 -VALUE Framed-Protocol MP 262 -VALUE Framed-Protocol FR-CIR 263 - - -# -# Ascend specific extensions -# Used by ASCEND MAX/Pipeline products (see above) -# - -VALUE Ascend-FR-Direct FR-Direct-No 0 -VALUE Ascend-FR-Direct FR-Direct-Yes 1 -VALUE Ascend-Handle-IPX Handle-IPX-None 0 -VALUE Ascend-Handle-IPX Handle-IPX-Client 1 -VALUE Ascend-Handle-IPX Handle-IPX-Server 2 -VALUE Ascend-IPX-Peer-Mode IPX-Peer-Router 0 -VALUE Ascend-IPX-Peer-Mode IPX-Peer-Dialin 1 -VALUE Ascend-Call-Type Nailed 1 -VALUE Ascend-Call-Type Nailed/Mpp 2 -VALUE Ascend-Call-Type Perm/Switched 3 -VALUE Ascend-FT1-Caller FT1-No 0 -VALUE Ascend-FT1-Caller FT1-Yes 1 -VALUE Ascend-PRI-Number-Type Unknown-Number 0 -VALUE Ascend-PRI-Number-Type Intl-Number 1 -VALUE Ascend-PRI-Number-Type National-Number 2 -VALUE Ascend-PRI-Number-Type Local-Number 4 -VALUE Ascend-PRI-Number-Type Abbrev-Number 5 -VALUE Ascend-Route-IPX Route-IPX-No 0 -VALUE Ascend-Route-IPX Route-IPX-Yes 1 -VALUE Ascend-Bridge Bridge-No 0 -VALUE Ascend-Bridge Bridge-Yes 1 -VALUE Ascend-TS-Idle-Mode TS-Idle-None 0 -VALUE Ascend-TS-Idle-Mode TS-Idle-Input 1 -VALUE Ascend-TS-Idle-Mode TS-Idle-Input-Output 2 -VALUE Ascend-Send-Auth Send-Auth-None 0 -VALUE Ascend-Send-Auth Send-Auth-PAP 1 -VALUE Ascend-Send-Auth Send-Auth-CHAP 2 -VALUE Ascend-Send-Auth Send-Auth-MS-CHAP 3 -VALUE Ascend-Link-Compression Link-Comp-None 0 -VALUE Ascend-Link-Compression Link-Comp-Stac 1 -VALUE Ascend-Link-Compression Link-Comp-Stac-Draft-9 2 -VALUE Ascend-Link-Compression Link-Comp-MS-Stac 3 -VALUE Ascend-History-Weigh-Type History-Constant 0 -VALUE Ascend-History-Weigh-Type History-Linear 1 -VALUE Ascend-History-Weigh-Type History-Quadratic 2 -VALUE Ascend-Callback Callback-No 0 -VALUE Ascend-Callback Callback-Yes 1 -VALUE Ascend-Expect-Callback Expect-Callback-No 0 -VALUE Ascend-Expect-Callback Expect-Callback-Yes 1 -VALUE Ascend-Data-Svc Switched-Voice-Bearer 0 -VALUE Ascend-Data-Svc Switched-56KR 1 -VALUE Ascend-Data-Svc Switched-64K 2 -VALUE Ascend-Data-Svc Switched-64KR 3 -VALUE Ascend-Data-Svc Switched-56K 4 -VALUE Ascend-Data-Svc Switched-384KR 5 -VALUE Ascend-Data-Svc Switched-384K 6 -VALUE Ascend-Data-Svc Switched-1536K 7 -VALUE Ascend-Data-Svc Switched-1536KR 8 -VALUE Ascend-Data-Svc Switched-128K 9 -VALUE Ascend-Data-Svc Switched-192K 10 -VALUE Ascend-Data-Svc Switched-256K 11 -VALUE Ascend-Data-Svc Switched-320K 12 -VALUE Ascend-Data-Svc Switched-384K-MR 13 -VALUE Ascend-Data-Svc Switched-448K 14 -VALUE Ascend-Data-Svc Switched-512K 15 -VALUE Ascend-Data-Svc Switched-576K 16 -VALUE Ascend-Data-Svc Switched-640K 17 -VALUE Ascend-Data-Svc Switched-704K 18 -VALUE Ascend-Data-Svc Switched-768K 19 -VALUE Ascend-Data-Svc Switched-832K 20 -VALUE Ascend-Data-Svc Switched-896K 21 -VALUE Ascend-Data-Svc Switched-960K 22 -VALUE Ascend-Data-Svc Switched-1024K 23 -VALUE Ascend-Data-Svc Switched-1088K 24 -VALUE Ascend-Data-Svc Switched-1152K 25 -VALUE Ascend-Data-Svc Switched-1216K 26 -VALUE Ascend-Data-Svc Switched-1280K 27 -VALUE Ascend-Data-Svc Switched-1344K 28 -VALUE Ascend-Data-Svc Switched-1408K 29 -VALUE Ascend-Data-Svc Switched-1472K 30 -VALUE Ascend-Data-Svc Switched-1600K 31 -VALUE Ascend-Data-Svc Switched-1664K 32 -VALUE Ascend-Data-Svc Switched-1728K 33 -VALUE Ascend-Data-Svc Switched-1792K 34 -VALUE Ascend-Data-Svc Switched-1856K 35 -VALUE Ascend-Data-Svc Switched-1920K 36 -VALUE Ascend-Data-Svc Switched-inherited 37 -VALUE Ascend-Data-Svc Switched-restricted-bearer-x30 38 -VALUE Ascend-Data-Svc Switched-clear-bearer-v110 39 -VALUE Ascend-Data-Svc Switched-restricted-64-x30 40 -VALUE Ascend-Data-Svc Switched-clear-56-v110 41 -VALUE Ascend-Data-Svc Switched-modem 42 -VALUE Ascend-Data-Svc Switched-atmodem 43 -VALUE Ascend-Data-Svc Nailed-56KR 1 -VALUE Ascend-Data-Svc Nailed-64K 2 -VALUE Ascend-Force-56 Force-56-No 0 -VALUE Ascend-Force-56 Force-56-Yes 1 -VALUE Ascend-PW-Lifetime Lifetime-In-Days 0 -VALUE Ascend-PW-Warntime Days-Of-Warning 0 -VALUE Ascend-PPP-VJ-1172 PPP-VJ-1172 1 -VALUE Ascend-PPP-VJ-Slot-Comp VJ-Slot-Comp-No 1 -VALUE Ascend-Require-Auth Not-Require-Auth 0 -VALUE Ascend-Require-Auth Require-Auth 1 -VALUE Ascend-Token-Immediate Tok-Imm-No 0 -VALUE Ascend-Token-Immediate Tok-Imm-Yes 1 -VALUE Ascend-DBA-Monitor DBA-Transmit 0 -VALUE Ascend-DBA-Monitor DBA-Transmit-Recv 1 -VALUE Ascend-DBA-Monitor DBA-None 2 -VALUE Ascend-FR-Type Ascend-FR-DTE 0 -VALUE Ascend-FR-Type Ascend-FR-DCE 1 -VALUE Ascend-FR-Type Ascend-FR-NNI 2 -VALUE Ascend-FR-Link-Mgt Ascend-FR-No-Link-Mgt 0 -VALUE Ascend-FR-Link-Mgt Ascend-FR-T1-617D 1 -VALUE Ascend-FR-Link-Mgt Ascend-FR-Q-933A 2 -VALUE Ascend-FR-LinkUp Ascend-LinkUp-Default 0 -VALUE Ascend-FR-LinkUp Ascend-LinkUp-AlwaysUp 1 -VALUE Ascend-Multicast-Client Multicast-No 0 -VALUE Ascend-Multicast-Client Multicast-Yes 1 -VALUE Ascend-User-Acct-Type Ascend-User-Acct-None 0 -VALUE Ascend-User-Acct-Type Ascend-User-Acct-User 1 -VALUE Ascend-User-Acct-Type Ascend-User-Acct-User-Default 2 -VALUE Ascend-User-Acct-Base Base-10 0 -VALUE Ascend-User-Acct-Base Base-16 1 -VALUE Ascend-DHCP-Reply DHCP-Reply-No 0 -VALUE Ascend-DHCP-Reply DHCP-Reply-Yes 1 -VALUE Ascend-Client-Assign-DNS DNS-Assign-No 0 -VALUE Ascend-Client-Assign-DNS DNS-Assign-Yes 1 -VALUE Ascend-Event-Type Ascend-ColdStart 1 -VALUE Ascend-Event-Type Ascend-Session-Event 2 -VALUE Ascend-BACP-Enable BACP-No 0 -VALUE Ascend-BACP-Enable BACP-Yes 1 -VALUE Ascend-Dialout-Allowed Dialout-Not-Allowed 0 -VALUE Ascend-Dialout-Allowed Dialout-Allowed 1 -VALUE Ascend-Shared-Profile-Enable Shared-Profile-No 0 -VALUE Ascend-Shared-Profile-Enable Shared-Profile-Yes 1 -VALUE Ascend-Temporary-Rtes Temp-Rtes-No 0 -VALUE Ascend-Temporary-Rtes Temp-Rtes-Yes 1 diff --git a/pppd/plugins/radius/etc/dictionary.compat b/pppd/plugins/radius/etc/dictionary.compat deleted file mode 100644 index fe3f087..0000000 --- a/pppd/plugins/radius/etc/dictionary.compat +++ /dev/null @@ -1,45 +0,0 @@ -# -# Obsolete names for backwards compatibility with older users files. -# -ATTRIBUTE Client-Id 4 ipaddr -ATTRIBUTE Client-Port-Id 5 integer -ATTRIBUTE User-Service-Type 6 integer -ATTRIBUTE Framed-Address 8 ipaddr -ATTRIBUTE Framed-Netmask 9 ipaddr -ATTRIBUTE Framed-Filter-Id 11 string -ATTRIBUTE Login-Host 14 ipaddr -ATTRIBUTE Login-Port 16 integer -ATTRIBUTE Old-Password 17 string -ATTRIBUTE Port-Message 18 string -ATTRIBUTE Dialback-No 19 string -ATTRIBUTE Dialback-Name 20 string -ATTRIBUTE Challenge-State 24 string -VALUE Framed-Compression Van-Jacobsen-TCP-IP 1 -VALUE Framed-Compression VJ-TCP-IP 1 -VALUE Service-Type Shell-User 6 -VALUE Auth-Type Unix 1 -VALUE Service-Type Dialback-Login-User 3 -VALUE Service-Type Dialback-Framed-User 4 - -# -# For compatibility with MERIT users files. -# -ATTRIBUTE NAS-Port 5 integer -ATTRIBUTE Login-Host 14 ipaddr -ATTRIBUTE Login-Callback-Number 19 string -ATTRIBUTE Framed-Callback-Id 20 string -ATTRIBUTE Client-Port-DNIS 30 string -ATTRIBUTE Caller-ID 31 string -VALUE Service-Type Login 1 -VALUE Service-Type Framed 2 -VALUE Service-Type Callback-Login 3 -VALUE Service-Type Callback-Framed 4 -VALUE Service-Type Exec-User 7 - -# -# For compatibility with ESVA RADIUS, Old Cistron RADIUS -# -ATTRIBUTE Session 1034 integer -ATTRIBUTE User-Name-Is-Star 1035 integer -VALUE User-Name-Is-Star No 0 -VALUE User-Name-Is-Star Yes 1 diff --git a/pppd/plugins/radius/etc/dictionary.merit b/pppd/plugins/radius/etc/dictionary.merit deleted file mode 100644 index 7d675e5..0000000 --- a/pppd/plugins/radius/etc/dictionary.merit +++ /dev/null @@ -1,17 +0,0 @@ -# -# Experimental extensions, configuration only (for check-items) -# Names/numbers as per the MERIT extensions (if possible). -# -ATTRIBUTE NAS-Identifier 32 string -ATTRIBUTE Proxy-State 33 string -ATTRIBUTE Login-LAT-Service 34 string -ATTRIBUTE Login-LAT-Node 35 string -ATTRIBUTE Login-LAT-Group 36 string -ATTRIBUTE Framed-AppleTalk-Link 37 integer -ATTRIBUTE Framed-AppleTalk-Network 38 integer -ATTRIBUTE Framed-AppleTalk-Zone 39 string -ATTRIBUTE Acct-Input-Packets 47 integer -ATTRIBUTE Acct-Output-Packets 48 integer -# 8 is a MERIT extension. -VALUE Service-Type Authenticate-Only 8 - diff --git a/pppd/plugins/radius/etc/dictionary.microsoft b/pppd/plugins/radius/etc/dictionary.microsoft deleted file mode 100644 index da3a317..0000000 --- a/pppd/plugins/radius/etc/dictionary.microsoft +++ /dev/null @@ -1,81 +0,0 @@ -# -# Microsoft's VSA's, from RFC 2548 -# -# $Id: dictionary.microsoft,v 1.1 2004/11/14 07:26:26 paulus Exp $ -# - -VENDOR Microsoft 311 Microsoft - -ATTRIBUTE MS-CHAP-Response 1 string Microsoft -ATTRIBUTE MS-CHAP-Error 2 string Microsoft -ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft -ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft -ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft -ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft -ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft -# This is referred to as both singular and plural in the RFC. -# Plural seems to make more sense. -ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft -ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft -ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft -ATTRIBUTE MS-CHAP-Domain 10 string Microsoft -ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft -ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft -ATTRIBUTE MS-BAP-Usage 13 integer Microsoft -ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft -ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft -ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft -ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft -ATTRIBUTE MS-RAS-Version 18 string Microsoft -ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft -ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft -ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft - -ATTRIBUTE MS-Filter 22 string Microsoft -ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft -ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft - -ATTRIBUTE MS-CHAP2-Response 25 string Microsoft -ATTRIBUTE MS-CHAP2-Success 26 string Microsoft -ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft - -ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr Microsoft -ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr Microsoft -ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft -ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft - -#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft - - -# -# Integer Translations -# - -# MS-BAP-Usage Values - -VALUE MS-BAP-Usage Not-Allowed 0 -VALUE MS-BAP-Usage Allowed 1 -VALUE MS-BAP-Usage Required 2 - -# MS-ARAP-Password-Change-Reason Values - -VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1 -VALUE MS-ARAP-PW-Change-Reason Expired-Password 2 -VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3 -VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4 - -# MS-Acct-Auth-Type Values - -VALUE MS-Acct-Auth-Type PAP 1 -VALUE MS-Acct-Auth-Type CHAP 2 -VALUE MS-Acct-Auth-Type MS-CHAP-1 3 -VALUE MS-Acct-Auth-Type MS-CHAP-2 4 -VALUE MS-Acct-Auth-Type EAP 5 - -# MS-Acct-EAP-Type Values - -VALUE MS-Acct-EAP-Type MD5 4 -VALUE MS-Acct-EAP-Type OTP 5 -VALUE MS-Acct-EAP-Type Generic-Token-Card 6 -VALUE MS-Acct-EAP-Type TLS 13 - diff --git a/pppd/plugins/radius/etc/issue b/pppd/plugins/radius/etc/issue deleted file mode 100644 index 6254487..0000000 --- a/pppd/plugins/radius/etc/issue +++ /dev/null @@ -1,5 +0,0 @@ -(\I) ------------------------------------------------------ -\S \R (\N) (port \L) ------------------------------------------------------ - diff --git a/pppd/plugins/radius/etc/port-id-map b/pppd/plugins/radius/etc/port-id-map deleted file mode 100644 index 9088a0b..0000000 --- a/pppd/plugins/radius/etc/port-id-map +++ /dev/null @@ -1,24 +0,0 @@ -# -# port-id-map -# -# This file describes the ttyname to port id mapping. The port id -# is reported as part of a RADIUS authentication or accouting request. -# -#ttyname (as returned by ttyname(3)) port-id -/dev/tty1 1 -/dev/tty2 2 -/dev/tty3 3 -/dev/tty4 4 -/dev/tty5 5 -/dev/tty6 6 -/dev/tty7 7 -/dev/tty8 8 -/dev/ttyS0 9 -/dev/ttyS1 10 -/dev/ttyS2 11 -/dev/ttyS3 12 -/dev/ttyS4 13 -/dev/ttyS5 14 -/dev/ttyS6 15 -/dev/ttyS7 16 -
\ No newline at end of file diff --git a/pppd/plugins/radius/etc/radiusclient.conf b/pppd/plugins/radius/etc/radiusclient.conf deleted file mode 100644 index 44c18a5..0000000 --- a/pppd/plugins/radius/etc/radiusclient.conf +++ /dev/null @@ -1,91 +0,0 @@ -# General settings - -# specify which authentication comes first respectively which -# authentication is used. possible values are: "radius" and "local". -# if you specify "radius,local" then the RADIUS server is asked -# first then the local one. if only one keyword is specified only -# this server is asked. -auth_order radius - -# maximum login tries a user has (default 4) -login_tries 4 - -# timeout for all login tries (default 60) -# if this time is exceeded the user is kicked out -login_timeout 60 - -# name of the nologin file which when it exists disables logins. -# it may be extended by the ttyname which will result in -# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable -# logins on /dev/ttyS2) (default /etc/nologin) -nologin /etc/nologin - -# name of the issue file. it's only display when no username is passed -# on the radlogin command line (default /etc/radiusclient/issue) -issue /usr/local/etc/radiusclient/issue - -# RADIUS settings - -# RADIUS server to use for authentication requests. this config -# item can appear more then one time. if multiple servers are -# defined they are tried in a round robin fashion if one -# server is not answering. -# optionally you can specify a the port number on which is remote -# RADIUS listens separated by a colon from the hostname. if -# no port is specified /etc/services is consulted of the radius -# service. if this fails also a compiled in default is used. -authserver localhost:1812 - -# RADIUS server to use for accouting requests. All that I -# said for authserver applies, too. -# -acctserver localhost:1813 - -# file holding shared secrets used for the communication -# between the RADIUS client and server -servers /usr/local/etc/radiusclient/servers - -# dictionary of allowed attributes and values -# just like in the normal RADIUS distributions -dictionary /usr/local/etc/radiusclient/dictionary - -# program to call for a RADIUS authenticated login -# (default /usr/sbin/login.radius) -login_radius /usr/local/sbin/login.radius - -# file which holds sequence number for communication with the -# RADIUS server -seqfile /var/run/radius.seq - -# file which specifies mapping between ttyname and NAS-Port attribute -mapfile /usr/local/etc/radiusclient/port-id-map - -# default authentication realm to append to all usernames if no -# realm was explicitly specified by the user -# the radiusd directly form Livingston doesnt use any realms, so leave -# it blank then -default_realm - -# time to wait for a reply from the RADIUS server -radius_timeout 10 - -# resend request this many times before trying the next server -radius_retries 3 - -# NAS-Identifier -# -# If supplied, this option will cause the client to send the given string -# as the contents of the NAS-Identifier attribute in RADIUS requests. No -# NAS-IP-Address attribute will be sent in this case. -# -# The default behavior is to send a NAS-IP-Address option and not send -# a NAS-Identifier. The value of the NAS-IP-Address option is chosen -# by resolving the system hostname. - -# nas_identifier MyUniqueNASName - -# LOCAL settings - -# program to execute for local login -# it must support the -f flag for preauthenticated login -login_local /bin/login diff --git a/pppd/plugins/radius/etc/radiusclient.conf.in b/pppd/plugins/radius/etc/radiusclient.conf.in deleted file mode 100644 index eae292c..0000000 --- a/pppd/plugins/radius/etc/radiusclient.conf.in +++ /dev/null @@ -1,91 +0,0 @@ -# General settings - -# specify which authentication comes first respectively which -# authentication is used. possible values are: "radius" and "local". -# if you specify "radius,local" then the RADIUS server is asked -# first then the local one. if only one keyword is specified only -# this server is asked. -auth_order radius - -# maximum login tries a user has (default 4) -login_tries 4 - -# timeout for all login tries (default 60) -# if this time is exceeded the user is kicked out -login_timeout 60 - -# name of the nologin file which when it exists disables logins. -# it may be extended by the ttyname which will result in -# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable -# logins on /dev/ttyS2) (default /etc/nologin) -nologin /etc/nologin - -# name of the issue file. it's only display when no username is passed -# on the radlogin command line (default /etc/radiusclient/issue) -issue @pkgsysconfdir@/issue - -# RADIUS settings - -# RADIUS server to use for authentication requests. this config -# item can appear more then one time. if multiple servers are -# defined they are tried in a round robin fashion if one -# server is not answering. -# optionally you can specify a the port number on which is remote -# RADIUS listens separated by a colon from the hostname. if -# no port is specified /etc/services is consulted of the radius -# service. if this fails also a compiled in default is used. -authserver localhost:1812 - -# RADIUS server to use for accouting requests. All that I -# said for authserver applies, too. -# -acctserver localhost:1813 - -# file holding shared secrets used for the communication -# between the RADIUS client and server -servers @pkgsysconfdir@/servers - -# dictionary of allowed attributes and values -# just like in the normal RADIUS distributions -dictionary @pkgsysconfdir@/dictionary - -# program to call for a RADIUS authenticated login -# (default /usr/sbin/login.radius) -login_radius @sbindir@/login.radius - -# file which holds sequence number for communication with the -# RADIUS server -seqfile /var/run/radius.seq - -# file which specifies mapping between ttyname and NAS-Port attribute -mapfile @pkgsysconfdir@/port-id-map - -# default authentication realm to append to all usernames if no -# realm was explicitly specified by the user -# the radiusd directly form Livingston doesnt use any realms, so leave -# it blank then -default_realm - -# time to wait for a reply from the RADIUS server -radius_timeout 10 - -# resend request this many times before trying the next server -radius_retries 3 - -# NAS-Identifier -# -# If supplied, this option will cause the client to send the given string -# as the contents of the NAS-Identifier attribute in RADIUS requests. No -# NAS-IP-Address attribute will be sent in this case. -# -# The default behavior is to send a NAS-IP-Address option and not send -# a NAS-Identifier. The value of the NAS-IP-Address option is chosen -# by resolving the system hostname. - -# nas_identifier MyUniqueNASName - -# LOCAL settings - -# program to execute for local login -# it must support the -f flag for preauthenticated login -login_local /bin/login diff --git a/pppd/plugins/radius/etc/realms b/pppd/plugins/radius/etc/realms deleted file mode 100644 index 3440364..0000000 --- a/pppd/plugins/radius/etc/realms +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/radiusclient/realms -# -# Handle realm @netservers.co.uk on an internal RADIUS server -# (note the server must be told to strip the realm) - -#authserver netservers.co.uk 192.168.1.1:1812 -#acctserver netservers.co.uk 192.168.1.1:1813 - -# users in realm @example.com are handled by separate servers - -#authserver example.com 10.0.0.1:1812 -#acctserver example.com 10.0.0.2:1813 - -# the DEFAULT realm matches users that do not supply a realm - -#authserver DEFAULT 192.168.1.1:1812 -#acctserver DEFAULT 192.168.1.1:1813 - -# Any realms that do not match in the realms file automatically fall -# through to the standard radius plugin which uses the servers in the -# radiusclient.conf file. Note that this is different than the -# DEFAULT realm match, above. diff --git a/pppd/plugins/radius/etc/servers b/pppd/plugins/radius/etc/servers deleted file mode 100644 index b061bf9..0000000 --- a/pppd/plugins/radius/etc/servers +++ /dev/null @@ -1,4 +0,0 @@ -#Server Name or Client/Server pair Key -#---------------- --------------- -#portmaster.elemental.net hardlyasecret -#portmaster2.elemental.net donttellanyone diff --git a/pppd/plugins/radius/includes.h b/pppd/plugins/radius/includes.h deleted file mode 100644 index f48d9b7..0000000 --- a/pppd/plugins/radius/includes.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * $Id: includes.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <sys/types.h> - -#include <ctype.h> -#include <stdio.h> -#include <errno.h> -#include <netdb.h> -#include <syslog.h> - -#include <stdlib.h> -#include <string.h> -#include <stdarg.h> - -#include <unistd.h> -#include <fcntl.h> -#include <sys/stat.h> - -#include <limits.h> - -#ifndef PATH_MAX -#define PATH_MAX 1024 -#endif - -#ifndef UCHAR_MAX -# define UCHAR_MAX 255 -#endif - -#include <pwd.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -#include <time.h> - -#include "magic.h" - -/* rlib/lock.c */ -int do_lock_exclusive(int); -int do_unlock(int); diff --git a/pppd/plugins/radius/ip_util.c b/pppd/plugins/radius/ip_util.c deleted file mode 100644 index 1f6a76e..0000000 --- a/pppd/plugins/radius/ip_util.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * $Id: ip_util.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> - -/* - * Function: rc_get_ipaddr - * - * Purpose: return an IP address in host long notation from a host - * name or address in dot notation. - * - * Returns: 0 on failure - */ - -UINT4 rc_get_ipaddr (char *host) -{ - struct hostent *hp; - - if (rc_good_ipaddr (host) == 0) - { - return ntohl(inet_addr (host)); - } - else if ((hp = gethostbyname (host)) == (struct hostent *) NULL) - { - error("rc_get_ipaddr: couldn't resolve hostname: %s", host); - return ((UINT4) 0); - } - return ntohl((*(UINT4 *) hp->h_addr)); -} - -/* - * Function: rc_good_ipaddr - * - * Purpose: check for valid IP address in standard dot notation. - * - * Returns: 0 on success, -1 when failure - * - */ - -int rc_good_ipaddr (char *addr) -{ - int dot_count; - int digit_count; - - if (addr == NULL) - return (-1); - - dot_count = 0; - digit_count = 0; - while (*addr != '\0' && *addr != ' ') - { - if (*addr == '.') - { - dot_count++; - digit_count = 0; - } - else if (!isdigit (*addr)) - { - dot_count = 5; - } - else - { - digit_count++; - if (digit_count > 3) - { - dot_count = 5; - } - } - addr++; - } - if (dot_count != 3) - { - return (-1); - } - else - { - return (0); - } -} - -/* - * Function: rc_ip_hostname - * - * Purpose: Return a printable host name (or IP address in dot notation) - * for the supplied IP address. - * - */ - -const char *rc_ip_hostname (UINT4 h_ipaddr) -{ - struct hostent *hp; - UINT4 n_ipaddr = htonl (h_ipaddr); - - if ((hp = gethostbyaddr ((char *) &n_ipaddr, sizeof (struct in_addr), - AF_INET)) == NULL) { - error("rc_ip_hostname: couldn't look up host by addr: %08lX", h_ipaddr); - } - - return ((hp==NULL)?"unknown":hp->h_name); -} - -/* - * Function: rc_own_ipaddress - * - * Purpose: get the IP address of this host in host order - * - * Returns: IP address on success, 0 on failure - * - */ - -UINT4 rc_own_ipaddress(void) -{ - static UINT4 this_host_ipaddr = 0; - - if (!this_host_ipaddr) { - if ((this_host_ipaddr = rc_get_ipaddr (hostname)) == 0) { - error("rc_own_ipaddress: couldn't get own IP address"); - return 0; - } - } - - return this_host_ipaddr; -} - -/* - * Function: rc_own_bind_ipaddress - * - * Purpose: get the IP address to be used as a source address - * for sending requests in host order - * - * Returns: IP address - * - */ - -UINT4 rc_own_bind_ipaddress(void) -{ - char *bindaddr; - UINT4 rval = 0; - - if ((bindaddr = rc_conf_str("bindaddr")) == NULL || - strcmp(rc_conf_str("bindaddr"), "*") == 0) { - rval = INADDR_ANY; - } else { - if ((rval = rc_get_ipaddr(bindaddr)) == 0) { - error("rc_own_bind_ipaddress: couldn't get IP address from bindaddr"); - rval = INADDR_ANY; - } - } - - return rval; -} diff --git a/pppd/plugins/radius/lock.c b/pppd/plugins/radius/lock.c deleted file mode 100644 index 482e97c..0000000 --- a/pppd/plugins/radius/lock.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * $Id: lock.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1997 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include "includes.h" -#include <unistd.h> -#include <fcntl.h> - -int do_lock_exclusive(int fd) -{ - struct flock fl; - int res; - - memset((void *)&fl, 0, sizeof(fl)); - - fl.l_type = F_WRLCK; - fl.l_whence = fl.l_start = 0; - fl.l_len = 0; /* 0 means "to end of file" */ - - res = fcntl(fd, F_SETLK, &fl); - - if ((res == -1) && (errno == EAGAIN)) - errno = EWOULDBLOCK; - - return res; -} - -int do_unlock(int fd) -{ - struct flock fl; - - memset((void *)&fl, 0, sizeof(fl)); - - fl.l_type = F_UNLCK; - fl.l_whence = fl.l_start = 0; - fl.l_len = 0; /* 0 means "to end of file" */ - - return fcntl(fd, F_SETLK, &fl); -} diff --git a/pppd/plugins/radius/md5.c b/pppd/plugins/radius/md5.c deleted file mode 100644 index 8af03aa..0000000 --- a/pppd/plugins/radius/md5.c +++ /dev/null @@ -1,13 +0,0 @@ -/* - * $Id: md5.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - */ -#include "md5.h" - -void rc_md5_calc (unsigned char *output, unsigned char *input, unsigned int inlen) -{ - MD5_CTX context; - - MD5_Init (&context); - MD5_Update (&context, input, inlen); - MD5_Final (output, &context); -} diff --git a/pppd/plugins/radius/options.h b/pppd/plugins/radius/options.h deleted file mode 100644 index f4ad986..0000000 --- a/pppd/plugins/radius/options.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * $Id: options.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1996 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#define OPTION_LEN 64 - -/* ids for different option types */ -#define OT_STR (1<<0) /* string */ -#define OT_INT (1<<1) /* integer */ -#define OT_SRV (1<<2) /* server list */ -#define OT_AUO (1<<3) /* authentication order */ - -#define OT_ANY ((unsigned int)~0) /* used internally */ - -/* status types */ -#define ST_UNDEF (1<<0) /* option is undefined */ - -typedef struct _option { - char name[OPTION_LEN]; /* name of the option */ - int type, status; /* type and status */ - void *val; /* pointer to option value */ -} OPTION; - -static SERVER acctserver = {0}; -static SERVER authserver = {0}; - -int default_tries = 4; -int default_timeout = 60; - -static OPTION config_options[] = { -/* internally used options */ -{"config_file", OT_STR, ST_UNDEF, NULL}, -/* General options */ -{"auth_order", OT_AUO, ST_UNDEF, NULL}, -{"login_tries", OT_INT, ST_UNDEF, &default_tries}, -{"login_timeout", OT_INT, ST_UNDEF, &default_timeout}, -{"nologin", OT_STR, ST_UNDEF, "/etc/nologin"}, -{"issue", OT_STR, ST_UNDEF, "/etc/radiusclient/issue"}, -/* RADIUS specific options */ -{"authserver", OT_SRV, ST_UNDEF, &authserver}, -{"acctserver", OT_SRV, ST_UNDEF, &acctserver}, -{"servers", OT_STR, ST_UNDEF, NULL}, -{"dictionary", OT_STR, ST_UNDEF, NULL}, -{"login_radius", OT_STR, ST_UNDEF, "/usr/sbin/login.radius"}, -{"seqfile", OT_STR, ST_UNDEF, NULL}, -{"mapfile", OT_STR, ST_UNDEF, NULL}, -{"default_realm", OT_STR, ST_UNDEF, NULL}, -{"radius_timeout", OT_INT, ST_UNDEF, NULL}, -{"radius_retries", OT_INT, ST_UNDEF, NULL}, -{"nas_identifier", OT_STR, ST_UNDEF, ""}, -{"bindaddr", OT_STR, ST_UNDEF, NULL}, -/* local options */ -{"login_local", OT_STR, ST_UNDEF, NULL}, -}; - -static int num_options = ((sizeof(config_options))/(sizeof(config_options[0]))); diff --git a/pppd/plugins/radius/pathnames.h b/pppd/plugins/radius/pathnames.h deleted file mode 100644 index 5aa4c60..0000000 --- a/pppd/plugins/radius/pathnames.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * $Id: pathnames.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#ifndef PATHNAMES_H -#define PATHNAMES_H - -#define _PATH_DEV_URANDOM "/dev/urandom" /* Linux only */ -#define _PATH_ETC_ISSUE "/etc/issue" - -/* normally defined in the Makefile */ -#ifndef _PATH_ETC_RADIUSCLIENT_CONF -#define _PATH_ETC_RADIUSCLIENT_CONF "/etc/radiusclient.conf" -#endif - -#endif /* PATHNAMES_H */ diff --git a/pppd/plugins/radius/pppd-radattr.8 b/pppd/plugins/radius/pppd-radattr.8 deleted file mode 100644 index 22d190b..0000000 --- a/pppd/plugins/radius/pppd-radattr.8 +++ /dev/null @@ -1,44 +0,0 @@ -.\" manual page [] for RADATTR plugin for pppd 2.4 -.\" $Id: pppd-radattr.8,v 1.2 2003/04/25 07:33:20 fcusack Exp $ -.\" SH section heading -.\" SS subsection heading -.\" LP paragraph -.\" IP indented paragraph -.\" TP hanging label -.TH PPPD-RADATTR 8 -.SH NAME -radattr.so \- RADIUS utility plugin for -.BR pppd (8) -.SH SYNOPSIS -.B pppd -[ -.I options -] -plugin radius.so plugin radattr.so -.SH DESCRIPTION -.LP -The radattr plugin for pppd causes all radius attributes returned by -the RADIUS server at authentication time to be stored in the file -.I /var/run/radattr.pppN -where -.I pppN -is the name of the PPP interface. The RADIUS attributes are stored -one per line in the format "Attribute-Name Attribute-Value". This -format is convenient for use in /etc/ppp/ip-up and /etc/ppp/ip-down -scripts. -.LP -Note that you -.I must -load the radius.so plugin before loading the radattr.so plugin; -radattr.so depends on symbols defined in radius.so. - -.SH USAGE -To use the plugin, simply supply the -.B plugin radius.so plugin radattr.so -options to pppd. - -.SH SEE ALSO -.BR pppd (8) " pppd-radius" (8) - -.SH AUTHOR -David F. Skoll <dfs@roaringpenguin.com> diff --git a/pppd/plugins/radius/pppd-radius.8 b/pppd/plugins/radius/pppd-radius.8 deleted file mode 100644 index a8c103c..0000000 --- a/pppd/plugins/radius/pppd-radius.8 +++ /dev/null @@ -1,67 +0,0 @@ -.\" manual page [] for RADIUS plugin for pppd 2.4 -.\" $Id: pppd-radius.8,v 1.5 2004/03/26 13:27:17 kad Exp $ -.\" SH section heading -.\" SS subsection heading -.\" LP paragraph -.\" IP indented paragraph -.\" TP hanging label -.TH PPPD-RADIUS 8 -.SH NAME -radius.so \- RADIUS authentication plugin for -.BR pppd (8) -.SH SYNOPSIS -.B pppd -[ -.I options -] -plugin radius.so -.SH DESCRIPTION -.LP -The RADIUS plugin for pppd permits pppd to perform PAP, CHAP, MS-CHAP and -MS-CHAPv2 authentication against a RADIUS server instead of the usual -.I /etc/ppp/pap-secrets -and -.I /etc/ppp/chap-secrets -files. -.LP -The RADIUS plugin is built on a library called -.B radiusclient -which has its own configuration files (usually in \fI/etc/radiusclient\fR), -consult those files for more information on configuring the RADIUS -plugin - -.SH OPTIONS -The RADIUS plugin introduces one additional pppd option: -.TP -.BI "radius-config-file " filename -The file -.I filename -is taken as the radiusclient configuration file. If this option is not -used, then the plugin uses -.I /etc/radiusclient/radiusclient.conf -as the configuration file. -.TP -.BI "avpair " attribute=value -Adds an Attribute-Value pair to be passed on to the RADIUS server on each request. -.TP -.BI map-to-ifname -Sets Radius NAS-Port attribute to number equal to interface name (Default) -.TP -.BI map-to-ttyname -Sets Radius NAS-Port attribute value via libradiusclient library - -.SH USAGE -To use the plugin, simply supply the -.B plugin radius.so -option to pppd, and edit -.I /etc/radiusclient/radiusclient.conf -appropriately. If you use the RADIUS plugin, the normal pppd authentication -schemes (login, checking the /etc/ppp/*-secrets files) are skipped. The -RADIUS server should assign an IP address to the peer using the RADIUS -Framed-IP-Address attribute. - -.SH SEE ALSO -.BR pppd (8) " pppd-radattr" (8) - -.SH AUTHOR -David F. Skoll <dfs@roaringpenguin.com> diff --git a/pppd/plugins/radius/radattr.c b/pppd/plugins/radius/radattr.c deleted file mode 100644 index 1fe7daa..0000000 --- a/pppd/plugins/radius/radattr.c +++ /dev/null @@ -1,111 +0,0 @@ -/*********************************************************************** -* -* radattr.c -* -* A plugin which is stacked on top of radius.so. This plugin writes -* all RADIUS attributes from the server's authentication confirmation -* into /var/run/radattr.pppN. These attributes are available for -* consumption by /etc/ppp/ip-{up,down} scripts. -* -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* This plugin may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ - -static char const RCSID[] = -"$Id: radattr.c,v 1.2 2004/10/28 00:24:40 paulus Exp $"; - -#include "pppd.h" -#include "radiusclient.h" -#include <stdio.h> - -extern void (*radius_attributes_hook)(VALUE_PAIR *); -static void print_attributes(VALUE_PAIR *); -static void cleanup(void *opaque, int arg); - -char pppd_version[] = VERSION; - -/********************************************************************** -* %FUNCTION: plugin_init -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Initializes radattr plugin. -***********************************************************************/ -void -plugin_init(void) -{ - radius_attributes_hook = print_attributes; - -#if 0 - /* calling cleanup() on link down is problematic because print_attributes() - is called only after PAP or CHAP authentication, but not when the link - should go up again for any other reason */ - add_notifier(&link_down_notifier, cleanup, NULL); -#endif - - /* Just in case... */ - add_notifier(&exitnotify, cleanup, NULL); - info("RADATTR plugin initialized."); -} - -/********************************************************************** -* %FUNCTION: print_attributes -* %ARGUMENTS: -* vp -- linked-list of RADIUS attribute-value pairs -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Prints the attribute pairs to /var/run/radattr.pppN. Each line of the -* file contains "name value" pairs. -***********************************************************************/ -static void -print_attributes(VALUE_PAIR *vp) -{ - FILE *fp; - char fname[512]; - char name[2048]; - char value[2048]; - int cnt = 0; - - slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname); - fp = fopen(fname, "w"); - if (!fp) { - warn("radattr plugin: Could not open %s for writing: %m", fname); - return; - } - - for (; vp; vp=vp->next) { - if (rc_avpair_tostr(vp, name, sizeof(name), value, sizeof(value)) < 0) { - continue; - } - fprintf(fp, "%s %s\n", name, value); - cnt++; - } - fclose(fp); - dbglog("RADATTR plugin wrote %d line(s) to file %s.", cnt, fname); -} - -/********************************************************************** -* %FUNCTION: cleanup -* %ARGUMENTS: -* opaque -- not used -* arg -- not used -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Deletes /var/run/radattr.pppN -***********************************************************************/ -static void -cleanup(void *opaque, int arg) -{ - char fname[512]; - - slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname); - (void) remove(fname); - dbglog("RADATTR plugin removed file %s.", fname); -} diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c deleted file mode 100644 index 4ba5f52..0000000 --- a/pppd/plugins/radius/radius.c +++ /dev/null @@ -1,1350 +0,0 @@ -/*********************************************************************** -* -* radius.c -* -* RADIUS plugin for pppd. Performs PAP, CHAP, MS-CHAP, MS-CHAPv2 -* authentication using RADIUS. -* -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* Based on a patch for ipppd, which is: -* Copyright (C) 1996, Matjaz Godec <gody@elgo.si> -* Copyright (C) 1996, Lars Fenneberg <in5y050@public.uni-hamburg.de> -* Copyright (C) 1997, Miguel A.L. Paraz <map@iphil.net> -* -* Uses radiusclient library, which is: -* Copyright (C) 1995,1996,1997,1998 Lars Fenneberg <lf@elemental.net> -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* MPPE support is by Ralf Hofmann, <ralf.hofmann@elvido.net>, with -* modification from Frank Cusack, <frank@google.com>. -* -* This plugin may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ -static char const RCSID[] = -"$Id: radius.c,v 1.32 2008/05/26 09:18:08 paulus Exp $"; - -#include "pppd.h" -#include "chap-new.h" -#ifdef CHAPMS -#include "chap_ms.h" -#ifdef MPPE -#include "md5.h" -#endif -#endif -#include "radiusclient.h" -#include "fsm.h" -#include "ipcp.h" -#include <syslog.h> -#include <sys/types.h> -#include <sys/time.h> -#include <string.h> -#include <netinet/in.h> -#include <stdlib.h> - -#define BUF_LEN 1024 - -#define MD5_HASH_SIZE 16 - -#define MSDNS 1 - -static char *config_file = NULL; -static int add_avp(char **); -static struct avpopt { - char *vpstr; - struct avpopt *next; -} *avpopt = NULL; -static bool portnummap = 0; - -static option_t Options[] = { - { "radius-config-file", o_string, &config_file }, - { "avpair", o_special, add_avp }, - { "map-to-ttyname", o_bool, &portnummap, - "Set Radius NAS-Port attribute value via libradiusclient library", OPT_PRIO | 1 }, - { "map-to-ifname", o_bool, &portnummap, - "Set Radius NAS-Port attribute to number as in interface name (Default)", OPT_PRIOSUB | 0 }, - { NULL } -}; - -static int radius_secret_check(void); -static int radius_pap_auth(char *user, - char *passwd, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts); -static int radius_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, - unsigned char *response, - char *message, int message_space); - -static void radius_ip_up(void *opaque, int arg); -static void radius_ip_down(void *opaque, int arg); -static void make_username_realm(char *user); -static int radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, - struct chap_digest_type *digest, - unsigned char *challenge, - char *message, int message_space); -static void radius_choose_ip(u_int32_t *addrp); -static int radius_init(char *msg); -static int get_client_port(char *ifname); -static int radius_allowed_address(u_int32_t addr); -static void radius_acct_interim(void *); -#ifdef MPPE -static int radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, - unsigned char *); -static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info); -#endif - -#ifndef MAXSESSIONID -#define MAXSESSIONID 32 -#endif - -#ifndef MAXCLASSLEN -#define MAXCLASSLEN 500 -#endif - -struct radius_state { - int accounting_started; - int initialized; - int client_port; - int choose_ip; - int any_ip_addr_ok; - int done_chap_once; - u_int32_t ip_addr; - char user[MAXNAMELEN]; - char config_file[MAXPATHLEN]; - char session_id[MAXSESSIONID + 1]; - time_t start_time; - int acct_interim_interval; - SERVER *authserver; /* Authentication server to use */ - SERVER *acctserver; /* Accounting server to use */ - int class_len; - char class[MAXCLASSLEN]; - VALUE_PAIR *avp; /* Additional (user supplied) vp's to send to server */ -}; - -void (*radius_attributes_hook)(VALUE_PAIR *) = NULL; - -/* The pre_auth_hook MAY set authserver and acctserver if it wants. - In that case, they override the values in the radiusclient.conf file */ -void (*radius_pre_auth_hook)(char const *user, - SERVER **authserver, - SERVER **acctserver) = NULL; - -static struct radius_state rstate; - -char pppd_version[] = VERSION; - -/********************************************************************** -* %FUNCTION: plugin_init -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Initializes RADIUS plugin. -***********************************************************************/ -void -plugin_init(void) -{ - pap_check_hook = radius_secret_check; - pap_auth_hook = radius_pap_auth; - - chap_check_hook = radius_secret_check; - chap_verify_hook = radius_chap_verify; - - ip_choose_hook = radius_choose_ip; - allowed_address_hook = radius_allowed_address; - - add_notifier(&ip_up_notifier, radius_ip_up, NULL); - add_notifier(&ip_down_notifier, radius_ip_down, NULL); - - memset(&rstate, 0, sizeof(rstate)); - - strlcpy(rstate.config_file, "/etc/radiusclient/radiusclient.conf", - sizeof(rstate.config_file)); - - add_options(Options); - - info("RADIUS plugin initialized."); -} - -/********************************************************************** -* %FUNCTION: add_avp -* %ARGUMENTS: -* argv -- the <attribute=value> pair to add -* %RETURNS: -* 1 -* %DESCRIPTION: -* Adds an av pair to be passed on to the RADIUS server on each request. -***********************************************************************/ -static int -add_avp(char **argv) -{ - struct avpopt *p = malloc(sizeof(struct avpopt)); - - /* Append to a list of vp's for later parsing */ - p->vpstr = strdup(*argv); - p->next = avpopt; - avpopt = p; - - return 1; -} - -/********************************************************************** -* %FUNCTION: radius_secret_check -* %ARGUMENTS: -* None -* %RETURNS: -* 1 -- we are ALWAYS willing to supply a secret. :-) -* %DESCRIPTION: -* Tells pppd that we will try to authenticate the peer, and not to -* worry about looking in /etc/ppp/*-secrets -***********************************************************************/ -static int -radius_secret_check(void) -{ - return 1; -} - -/********************************************************************** -* %FUNCTION: radius_choose_ip -* %ARGUMENTS: -* addrp -- where to store the IP address -* %RETURNS: -* Nothing -* %DESCRIPTION: -* If RADIUS server has specified an IP address, it is stored in *addrp. -***********************************************************************/ -static void -radius_choose_ip(u_int32_t *addrp) -{ - if (rstate.choose_ip) { - *addrp = rstate.ip_addr; - } -} - -/********************************************************************** -* %FUNCTION: radius_pap_auth -* %ARGUMENTS: -* user -- user-name of peer -* passwd -- password supplied by peer -* msgp -- Message which will be sent in PAP response -* paddrs -- set to a list of possible peer IP addresses -* popts -- set to a list of additional pppd options -* %RETURNS: -* 1 if we can authenticate, -1 if we cannot. -* %DESCRIPTION: -* Performs PAP authentication using RADIUS -***********************************************************************/ -static int -radius_pap_auth(char *user, - char *passwd, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts) -{ - VALUE_PAIR *send, *received; - UINT4 av_type; - int result; - static char radius_msg[BUF_LEN]; - - radius_msg[0] = 0; - *msgp = radius_msg; - - if (radius_init(radius_msg) < 0) { - return 0; - } - - /* Put user with potentially realm added in rstate.user */ - make_username_realm(user); - - if (radius_pre_auth_hook) { - radius_pre_auth_hook(rstate.user, - &rstate.authserver, - &rstate.acctserver); - } - - send = NULL; - received = NULL; - - /* Hack... the "port" is the ppp interface number. Should really be - the tty */ - rstate.client_port = get_client_port(portnummap ? devnam : ifname); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - rc_avpair_add(&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE); - rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE); - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, - VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.authserver) { - result = rc_auth_using_server(rstate.authserver, - rstate.client_port, send, - &received, radius_msg, NULL); - } else { - result = rc_auth(rstate.client_port, send, &received, radius_msg, NULL); - } - - if (result == OK_RC) { - if (radius_setparams(received, radius_msg, NULL, NULL, NULL, NULL, 0) < 0) { - result = ERROR_RC; - } - } - - /* free value pairs */ - rc_avpair_free(received); - rc_avpair_free(send); - - return (result == OK_RC) ? 1 : 0; -} - -/********************************************************************** -* %FUNCTION: radius_chap_verify -* %ARGUMENTS: -* user -- name of the peer -* ourname -- name for this machine -* id -- the ID byte in the challenge -* digest -- points to the structure representing the digest type -* challenge -- the challenge string we sent (length in first byte) -* response -- the response (hash) the peer sent back (length in 1st byte) -* message -- space for a message to be returned to the peer -* message_space -- number of bytes available at *message. -* %RETURNS: -* 1 if the response is good, 0 if it is bad -* %DESCRIPTION: -* Performs CHAP, MS-CHAP and MS-CHAPv2 authentication using RADIUS. -***********************************************************************/ -static int -radius_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ - VALUE_PAIR *send, *received; - UINT4 av_type; - static char radius_msg[BUF_LEN]; - int result; - int challenge_len, response_len; - u_char cpassword[MAX_RESPONSE_LEN + 1]; -#ifdef MPPE - /* Need the RADIUS secret and Request Authenticator to decode MPPE */ - REQUEST_INFO request_info, *req_info = &request_info; -#else - REQUEST_INFO *req_info = NULL; -#endif - - challenge_len = *challenge++; - response_len = *response++; - - radius_msg[0] = 0; - - if (radius_init(radius_msg) < 0) { - error("%s", radius_msg); - return 0; - } - - /* return error for types we can't handle */ - if ((digest->code != CHAP_MD5) -#ifdef CHAPMS - && (digest->code != CHAP_MICROSOFT) - && (digest->code != CHAP_MICROSOFT_V2) -#endif - ) { - error("RADIUS: Challenge type %u unsupported", digest->code); - return 0; - } - - /* Put user with potentially realm added in rstate.user */ - if (!rstate.done_chap_once) { - make_username_realm(user); - rstate.client_port = get_client_port (portnummap ? devnam : ifname); - if (radius_pre_auth_hook) { - radius_pre_auth_hook(rstate.user, - &rstate.authserver, - &rstate.acctserver); - } - } - - send = received = NULL; - - av_type = PW_FRAMED; - rc_avpair_add (&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add (&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - rc_avpair_add (&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE); - - /* - * add the challenge and response fields - */ - switch (digest->code) { - case CHAP_MD5: - /* CHAP-Challenge and CHAP-Password */ - if (response_len != MD5_HASH_SIZE) - return 0; - cpassword[0] = id; - memcpy(&cpassword[1], response, MD5_HASH_SIZE); - - rc_avpair_add(&send, PW_CHAP_CHALLENGE, - challenge, challenge_len, VENDOR_NONE); - rc_avpair_add(&send, PW_CHAP_PASSWORD, - cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE); - break; - -#ifdef CHAPMS - case CHAP_MICROSOFT: - { - /* MS-CHAP-Challenge and MS-CHAP-Response */ - u_char *p = cpassword; - - if (response_len != MS_CHAP_RESPONSE_LEN) - return 0; - *p++ = id; - /* The idiots use a different field order in RADIUS than PPP */ - *p++ = response[MS_CHAP_USENT]; - memcpy(p, response, MS_CHAP_LANMANRESP_LEN + MS_CHAP_NTRESP_LEN); - - rc_avpair_add(&send, PW_MS_CHAP_CHALLENGE, - challenge, challenge_len, VENDOR_MICROSOFT); - rc_avpair_add(&send, PW_MS_CHAP_RESPONSE, - cpassword, MS_CHAP_RESPONSE_LEN + 1, VENDOR_MICROSOFT); - break; - } - - case CHAP_MICROSOFT_V2: - { - /* MS-CHAP-Challenge and MS-CHAP2-Response */ - u_char *p = cpassword; - - if (response_len != MS_CHAP2_RESPONSE_LEN) - return 0; - *p++ = id; - /* The idiots use a different field order in RADIUS than PPP */ - *p++ = response[MS_CHAP2_FLAGS]; - memcpy(p, response, (MS_CHAP2_PEER_CHAL_LEN + MS_CHAP2_RESERVED_LEN - + MS_CHAP2_NTRESP_LEN)); - - rc_avpair_add(&send, PW_MS_CHAP_CHALLENGE, - challenge, challenge_len, VENDOR_MICROSOFT); - rc_avpair_add(&send, PW_MS_CHAP2_RESPONSE, - cpassword, MS_CHAP2_RESPONSE_LEN + 1, VENDOR_MICROSOFT); - break; - } -#endif - } - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, - VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - /* - * make authentication with RADIUS server - */ - - if (rstate.authserver) { - result = rc_auth_using_server(rstate.authserver, - rstate.client_port, send, - &received, radius_msg, req_info); - } else { - result = rc_auth(rstate.client_port, send, &received, radius_msg, - req_info); - } - - strlcpy(message, radius_msg, message_space); - - if (result == OK_RC) { - if (!rstate.done_chap_once) { - if (radius_setparams(received, radius_msg, req_info, digest, - challenge, message, message_space) < 0) { - error("%s", radius_msg); - result = ERROR_RC; - } else { - rstate.done_chap_once = 1; - } - } - } - - rc_avpair_free(received); - rc_avpair_free (send); - return (result == OK_RC); -} - -/********************************************************************** -* %FUNCTION: make_username_realm -* %ARGUMENTS: -* user -- the user given to pppd -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Copies user into rstate.user. If it lacks a realm (no "@domain" part), -* then the default realm from the radiusclient config file is added. -***********************************************************************/ -static void -make_username_realm(char *user) -{ - char *default_realm; - - if ( user != NULL ) { - strlcpy(rstate.user, user, sizeof(rstate.user)); - } else { - rstate.user[0] = 0; - } - - default_realm = rc_conf_str("default_realm"); - - if (!strchr(rstate.user, '@') && - default_realm && - (*default_realm != '\0')) { - strlcat(rstate.user, "@", sizeof(rstate.user)); - strlcat(rstate.user, default_realm, sizeof(rstate.user)); - } -} - -/********************************************************************** -* %FUNCTION: radius_setparams -* %ARGUMENTS: -* vp -- received value-pairs -* msg -- buffer in which to place error message. Holds up to BUF_LEN chars -* %RETURNS: -* >= 0 on success; -1 on failure -* %DESCRIPTION: -* Parses attributes sent by RADIUS server and sets them in pppd. -***********************************************************************/ -static int -radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, - struct chap_digest_type *digest, unsigned char *challenge, - char *message, int message_space) -{ - u_int32_t remote; - int ms_chap2_success = 0; -#ifdef MPPE - int mppe_enc_keys = 0; /* whether or not these were received */ - int mppe_enc_policy = 0; - int mppe_enc_types = 0; -#endif -#ifdef MSDNS - ipcp_options *wo = &ipcp_wantoptions[0]; - ipcp_options *ao = &ipcp_allowoptions[0]; - int got_msdns_1 = 0; - int got_msdns_2 = 0; - int got_wins_1 = 0; - int got_wins_2 = 0; -#endif - - /* Send RADIUS attributes to anyone else who might be interested */ - if (radius_attributes_hook) { - (*radius_attributes_hook)(vp); - } - - /* - * service type (if not framed then quit), - * new IP address (RADIUS can define static IP for some users), - */ - - while (vp) { - if (vp->vendorcode == VENDOR_NONE) { - switch (vp->attribute) { - case PW_SERVICE_TYPE: - /* check for service type */ - /* if not FRAMED then exit */ - if (vp->lvalue != PW_FRAMED) { - slprintf(msg, BUF_LEN, "RADIUS: wrong service type %ld for %s", - vp->lvalue, rstate.user); - return -1; - } - break; - - case PW_FRAMED_PROTOCOL: - /* check for framed protocol type */ - /* if not PPP then also exit */ - if (vp->lvalue != PW_PPP) { - slprintf(msg, BUF_LEN, "RADIUS: wrong framed protocol %ld for %s", - vp->lvalue, rstate.user); - return -1; - } - break; - - case PW_SESSION_TIMEOUT: - /* Session timeout */ - maxconnect = vp->lvalue; - break; - case PW_FILTER_ID: - /* packet filter, will be handled via ip-(up|down) script */ - script_setenv("RADIUS_FILTER_ID", vp->strvalue, 1); - break; - case PW_FRAMED_ROUTE: - /* route, will be handled via ip-(up|down) script */ - script_setenv("RADIUS_FRAMED_ROUTE", vp->strvalue, 1); - break; - case PW_IDLE_TIMEOUT: - /* idle parameter */ - idle_time_limit = vp->lvalue; - break; -#ifdef MAXOCTETS - case PW_SESSION_OCTETS_LIMIT: - /* Session traffic limit */ - maxoctets = vp->lvalue; - break; - case PW_OCTETS_DIRECTION: - /* Session traffic limit direction check */ - maxoctets_dir = ( vp->lvalue > 4 ) ? 0 : vp->lvalue ; - break; -#endif - case PW_ACCT_INTERIM_INTERVAL: - /* Send accounting updates every few seconds */ - rstate.acct_interim_interval = vp->lvalue; - /* RFC says it MUST NOT be less than 60 seconds */ - /* We use "0" to signify not sending updates */ - if (rstate.acct_interim_interval && - rstate.acct_interim_interval < 60) { - rstate.acct_interim_interval = 60; - } - break; - case PW_FRAMED_IP_ADDRESS: - /* seting up remote IP addresses */ - remote = vp->lvalue; - if (remote == 0xffffffff) { - /* 0xffffffff means user should be allowed to select one */ - rstate.any_ip_addr_ok = 1; - } else if (remote != 0xfffffffe) { - /* 0xfffffffe means NAS should select an ip address */ - remote = htonl(vp->lvalue); - if (bad_ip_adrs (remote)) { - slprintf(msg, BUF_LEN, "RADIUS: bad remote IP address %I for %s", - remote, rstate.user); - return -1; - } - rstate.choose_ip = 1; - rstate.ip_addr = remote; - } - break; - case PW_NAS_IP_ADDRESS: - wo->ouraddr = htonl(vp->lvalue); - break; - case PW_CLASS: - /* Save Class attribute to pass it in accounting request */ - if (vp->lvalue <= MAXCLASSLEN) { - rstate.class_len=vp->lvalue; - memcpy(rstate.class, vp->strvalue, rstate.class_len); - } /* else too big for our buffer - ignore it */ - break; - } - - - } else if (vp->vendorcode == VENDOR_MICROSOFT) { -#ifdef CHAPMS - switch (vp->attribute) { - case PW_MS_CHAP2_SUCCESS: - if ((vp->lvalue != 43) || strncmp(vp->strvalue + 1, "S=", 2)) { - slprintf(msg,BUF_LEN,"RADIUS: bad MS-CHAP2-Success packet"); - return -1; - } - if (message != NULL) - strlcpy(message, vp->strvalue + 1, message_space); - ms_chap2_success = 1; - break; - -#ifdef MPPE - case PW_MS_CHAP_MPPE_KEYS: - if (radius_setmppekeys(vp, req_info, challenge) < 0) { - slprintf(msg, BUF_LEN, - "RADIUS: bad MS-CHAP-MPPE-Keys attribute"); - return -1; - } - mppe_enc_keys = 1; - break; - - case PW_MS_MPPE_SEND_KEY: - case PW_MS_MPPE_RECV_KEY: - if (radius_setmppekeys2(vp, req_info) < 0) { - slprintf(msg, BUF_LEN, - "RADIUS: bad MS-MPPE-%s-Key attribute", - (vp->attribute == PW_MS_MPPE_SEND_KEY)? - "Send": "Recv"); - return -1; - } - mppe_enc_keys = 1; - break; - - case PW_MS_MPPE_ENCRYPTION_POLICY: - mppe_enc_policy = vp->lvalue; /* save for later */ - break; - - case PW_MS_MPPE_ENCRYPTION_TYPES: - mppe_enc_types = vp->lvalue; /* save for later */ - break; - -#endif /* MPPE */ -#ifdef MSDNS - case PW_MS_PRIMARY_DNS_SERVER: - ao->dnsaddr[0] = htonl(vp->lvalue); - got_msdns_1 = 1; - if (!got_msdns_2) - ao->dnsaddr[1] = ao->dnsaddr[0]; - break; - case PW_MS_SECONDARY_DNS_SERVER: - ao->dnsaddr[1] = htonl(vp->lvalue); - got_msdns_2 = 1; - if (!got_msdns_1) - ao->dnsaddr[0] = ao->dnsaddr[1]; - break; - case PW_MS_PRIMARY_NBNS_SERVER: - ao->winsaddr[0] = htonl(vp->lvalue); - got_wins_1 = 1; - if (!got_wins_2) - ao->winsaddr[1] = ao->winsaddr[0]; - break; - case PW_MS_SECONDARY_NBNS_SERVER: - ao->winsaddr[1] = htonl(vp->lvalue); - got_wins_2 = 1; - if (!got_wins_1) - ao->winsaddr[0] = ao->winsaddr[1]; - break; -#endif /* MSDNS */ - } -#endif /* CHAPMS */ - } - vp = vp->next; - } - - /* Require a valid MS-CHAP2-SUCCESS for MS-CHAPv2 auth */ - if (digest && (digest->code == CHAP_MICROSOFT_V2) && !ms_chap2_success) - return -1; - -#ifdef MPPE - /* - * Require both policy and key attributes to indicate a valid key. - * Note that if the policy value was '0' we don't set the key! - */ - if (mppe_enc_policy && mppe_enc_keys) { - mppe_keys_set = 1; - /* Set/modify allowed encryption types. */ - if (mppe_enc_types) - set_mppe_enc_types(mppe_enc_policy, mppe_enc_types); - } -#endif - - return 0; -} - -#ifdef MPPE -/********************************************************************** -* %FUNCTION: radius_setmppekeys -* %ARGUMENTS: -* vp -- value pair holding MS-CHAP-MPPE-KEYS attribute -* req_info -- radius request information used for encryption -* %RETURNS: -* >= 0 on success; -1 on failure -* %DESCRIPTION: -* Decrypt the "key" provided by the RADIUS server for MPPE encryption. -* See RFC 2548. -***********************************************************************/ -static int -radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, - unsigned char *challenge) -{ - int i; - MD5_CTX Context; - u_char plain[32]; - u_char buf[16]; - - if (vp->lvalue != 32) { - error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys", - vp->lvalue); - return -1; - } - - memcpy(plain, vp->strvalue, sizeof(plain)); - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN); - MD5_Final(buf, &Context); - - for (i = 0; i < 16; i++) - plain[i] ^= buf[i]; - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, vp->strvalue, 16); - MD5_Final(buf, &Context); - - for(i = 0; i < 16; i++) - plain[i + 16] ^= buf[i]; - - /* - * Annoying. The "key" returned is just the NTPasswordHashHash, which - * the NAS (us) doesn't need; we only need the start key. So we have - * to generate the start key, sigh. NB: We do not support the LM-Key. - */ - mppe_set_keys(challenge, &plain[8]); - - return 0; -} - -/********************************************************************** -* %FUNCTION: radius_setmppekeys2 -* %ARGUMENTS: -* vp -- value pair holding MS-MPPE-SEND-KEY or MS-MPPE-RECV-KEY attribute -* req_info -- radius request information used for encryption -* %RETURNS: -* >= 0 on success; -1 on failure -* %DESCRIPTION: -* Decrypt the key provided by the RADIUS server for MPPE encryption. -* See RFC 2548. -***********************************************************************/ -static int -radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) -{ - int i; - MD5_CTX Context; - u_char *salt = vp->strvalue; - u_char *crypt = vp->strvalue + 2; - u_char plain[32]; - u_char buf[MD5_HASH_SIZE]; - char *type = "Send"; - - if (vp->attribute == PW_MS_MPPE_RECV_KEY) - type = "Recv"; - - if (vp->lvalue != 34) { - error("RADIUS: Incorrect attribute length (%d) for MS-MPPE-%s-Key", - vp->lvalue, type); - return -1; - } - - if ((salt[0] & 0x80) == 0) { - error("RADIUS: Illegal salt value for MS-MPPE-%s-Key attribute", type); - return -1; - } - - memcpy(plain, crypt, 32); - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN); - MD5_Update(&Context, salt, 2); - MD5_Final(buf, &Context); - - for (i = 0; i < 16; i++) - plain[i] ^= buf[i]; - - if (plain[0] != sizeof(mppe_send_key) /* 16 */) { - error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", - (int) plain[0], type); - return -1; - } - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, crypt, 16); - MD5_Final(buf, &Context); - - plain[16] ^= buf[0]; /* only need the first byte */ - - if (vp->attribute == PW_MS_MPPE_SEND_KEY) - memcpy(mppe_send_key, plain + 1, 16); - else - memcpy(mppe_recv_key, plain + 1, 16); - - return 0; -} -#endif /* MPPE */ - -/********************************************************************** -* %FUNCTION: radius_acct_start -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Sends a "start" accounting message to the RADIUS server. -***********************************************************************/ -static void -radius_acct_start(void) -{ - UINT4 av_type; - int result; - VALUE_PAIR *send = NULL; - ipcp_options *ho = &ipcp_hisoptions[0]; - u_int32_t hisaddr; - - if (!rstate.initialized) { - return; - } - - rstate.start_time = time(NULL); - - strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id)); - - rc_avpair_add(&send, PW_ACCT_SESSION_ID, - rstate.session_id, 0, VENDOR_NONE); - rc_avpair_add(&send, PW_USER_NAME, - rstate.user, 0, VENDOR_NONE); - - if (rstate.class_len > 0) - rc_avpair_add(&send, PW_CLASS, - rstate.class, rstate.class_len, VENDOR_NONE); - - av_type = PW_STATUS_START; - rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, - remote_number, 0, VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - av_type = PW_RADIUS; - rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - - - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); - rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); - - hisaddr = ho->hisaddr; - av_type = htonl(hisaddr); - rc_avpair_add(&send, PW_FRAMED_IP_ADDRESS , &av_type , 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.acctserver) { - result = rc_acct_using_server(rstate.acctserver, - rstate.client_port, send); - } else { - result = rc_acct(rstate.client_port, send); - } - - rc_avpair_free(send); - - if (result != OK_RC) { - /* RADIUS server could be down so make this a warning */ - syslog(LOG_WARNING, - "Accounting START failed for %s", rstate.user); - } else { - rstate.accounting_started = 1; - /* Kick off periodic accounting reports */ - if (rstate.acct_interim_interval) { - TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); - } - } -} - -/********************************************************************** -* %FUNCTION: radius_acct_stop -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Sends a "stop" accounting message to the RADIUS server. -***********************************************************************/ -static void -radius_acct_stop(void) -{ - UINT4 av_type; - VALUE_PAIR *send = NULL; - ipcp_options *ho = &ipcp_hisoptions[0]; - u_int32_t hisaddr; - int result; - - if (!rstate.initialized) { - return; - } - - if (!rstate.accounting_started) { - return; - } - - if (rstate.acct_interim_interval) - UNTIMEOUT(radius_acct_interim, NULL); - - rstate.accounting_started = 0; - rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, - 0, VENDOR_NONE); - - rc_avpair_add(&send, PW_USER_NAME, rstate.user, 0, VENDOR_NONE); - - av_type = PW_STATUS_STOP; - rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - av_type = PW_RADIUS; - rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - - - if (link_stats_valid) { - av_type = link_connect_time; - rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_in; - rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_in; - rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE); - } - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, - remote_number, 0, VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); - rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_NAS_ERROR; - switch( status ) { - case EXIT_OK: - case EXIT_USER_REQUEST: - av_type = PW_USER_REQUEST; - break; - - case EXIT_HANGUP: - case EXIT_PEER_DEAD: - case EXIT_CONNECT_FAILED: - av_type = PW_LOST_CARRIER; - break; - - case EXIT_INIT_FAILED: - case EXIT_OPEN_FAILED: - case EXIT_LOCK_FAILED: - case EXIT_PTYCMD_FAILED: - av_type = PW_PORT_ERROR; - break; - - case EXIT_PEER_AUTH_FAILED: - case EXIT_AUTH_TOPEER_FAILED: - case EXIT_NEGOTIATION_FAILED: - case EXIT_CNID_AUTH_FAILED: - av_type = PW_SERVICE_UNAVAILABLE; - break; - - case EXIT_IDLE_TIMEOUT: - av_type = PW_ACCT_IDLE_TIMEOUT; - break; - - case EXIT_CALLBACK: - av_type = PW_CALLBACK; - break; - - case EXIT_CONNECT_TIME: - av_type = PW_ACCT_SESSION_TIMEOUT; - break; - -#ifdef MAXOCTETS - case EXIT_TRAFFIC_LIMIT: - av_type = PW_NAS_REQUEST; - break; -#endif - - default: - av_type = PW_NAS_ERROR; - break; - } - rc_avpair_add(&send, PW_ACCT_TERMINATE_CAUSE, &av_type, 0, VENDOR_NONE); - - hisaddr = ho->hisaddr; - av_type = htonl(hisaddr); - rc_avpair_add(&send, PW_FRAMED_IP_ADDRESS , &av_type , 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.acctserver) { - result = rc_acct_using_server(rstate.acctserver, - rstate.client_port, send); - } else { - result = rc_acct(rstate.client_port, send); - } - - if (result != OK_RC) { - /* RADIUS server could be down so make this a warning */ - syslog(LOG_WARNING, - "Accounting STOP failed for %s", rstate.user); - } - rc_avpair_free(send); -} - -/********************************************************************** -* %FUNCTION: radius_acct_interim -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Sends an interim accounting message to the RADIUS server -***********************************************************************/ -static void -radius_acct_interim(void *ignored) -{ - UINT4 av_type; - VALUE_PAIR *send = NULL; - ipcp_options *ho = &ipcp_hisoptions[0]; - u_int32_t hisaddr; - int result; - - if (!rstate.initialized) { - return; - } - - if (!rstate.accounting_started) { - return; - } - - rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, - 0, VENDOR_NONE); - - rc_avpair_add(&send, PW_USER_NAME, rstate.user, 0, VENDOR_NONE); - - av_type = PW_STATUS_ALIVE; - rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - av_type = PW_RADIUS; - rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - - /* Update link stats */ - update_link_stats(0); - - if (link_stats_valid) { - link_stats_valid = 0; /* Force later code to update */ - - av_type = link_connect_time; - rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_in; - rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_in; - rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE); - } - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, - remote_number, 0, VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); - rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); - - hisaddr = ho->hisaddr; - av_type = htonl(hisaddr); - rc_avpair_add(&send, PW_FRAMED_IP_ADDRESS , &av_type , 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.acctserver) { - result = rc_acct_using_server(rstate.acctserver, - rstate.client_port, send); - } else { - result = rc_acct(rstate.client_port, send); - } - - if (result != OK_RC) { - /* RADIUS server could be down so make this a warning */ - syslog(LOG_WARNING, - "Interim accounting failed for %s", rstate.user); - } - rc_avpair_free(send); - - /* Schedule another one */ - TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); -} - -/********************************************************************** -* %FUNCTION: radius_ip_up -* %ARGUMENTS: -* opaque -- ignored -* arg -- ignored -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Called when IPCP is up. We'll do a start-accounting record. -***********************************************************************/ -static void -radius_ip_up(void *opaque, int arg) -{ - radius_acct_start(); -} - -/********************************************************************** -* %FUNCTION: radius_ip_down -* %ARGUMENTS: -* opaque -- ignored -* arg -- ignored -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Called when IPCP is down. We'll do a stop-accounting record. -***********************************************************************/ -static void -radius_ip_down(void *opaque, int arg) -{ - radius_acct_stop(); -} - -/********************************************************************** -* %FUNCTION: radius_init -* %ARGUMENTS: -* msg -- buffer of size BUF_LEN for error message -* %RETURNS: -* negative on failure; non-negative on success -* %DESCRIPTION: -* Initializes radiusclient library -***********************************************************************/ -static int -radius_init(char *msg) -{ - if (rstate.initialized) { - return 0; - } - - if (config_file && *config_file) { - strlcpy(rstate.config_file, config_file, MAXPATHLEN-1); - } - - rstate.initialized = 1; - - if (rc_read_config(rstate.config_file) != 0) { - slprintf(msg, BUF_LEN, "RADIUS: Can't read config file %s", - rstate.config_file); - return -1; - } - - if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) { - slprintf(msg, BUF_LEN, "RADIUS: Can't read dictionary file %s", - rc_conf_str("dictionary")); - return -1; - } - - if (rc_read_mapfile(rc_conf_str("mapfile")) != 0) { - slprintf(msg, BUF_LEN, "RADIUS: Can't read map file %s", - rc_conf_str("mapfile")); - return -1; - } - - /* Add av pairs saved during option parsing */ - while (avpopt) { - struct avpopt *n = avpopt->next; - - rc_avpair_parse(avpopt->vpstr, &rstate.avp); - free(avpopt->vpstr); - free(avpopt); - avpopt = n; - } - return 0; -} - -/********************************************************************** -* %FUNCTION: get_client_port -* %ARGUMENTS: -* ifname -- PPP interface name (e.g. "ppp7") -* %RETURNS: -* The NAS port number (e.g. 7) -* %DESCRIPTION: -* Extracts the port number from the interface name -***********************************************************************/ -static int -get_client_port(char *ifname) -{ - int port; - if (sscanf(ifname, "ppp%d", &port) == 1) { - return port; - } - return rc_map2id(ifname); -} - -/********************************************************************** -* %FUNCTION: radius_allowed_address -* %ARGUMENTS: -* addr -- IP address -* %RETURNS: -* 1 if we're allowed to use that IP address; 0 if not; -1 if we do -* not know. -***********************************************************************/ -static int -radius_allowed_address(u_int32_t addr) -{ - ipcp_options *wo = &ipcp_wantoptions[0]; - - if (!rstate.choose_ip) { - /* If RADIUS server said any address is OK, then fine... */ - if (rstate.any_ip_addr_ok) { - return 1; - } - - /* Sigh... if an address was supplied for remote host in pppd - options, it has to match that. */ - if (wo->hisaddr != 0 && wo->hisaddr == addr) { - return 1; - } - - return 0; - } - if (addr == rstate.ip_addr) return 1; - return 0; -} - -/* Useful for other plugins */ -char *radius_logged_in_user(void) -{ - return rstate.user; -} diff --git a/pppd/plugins/radius/radiusclient.h b/pppd/plugins/radius/radiusclient.h deleted file mode 100644 index 51b959a..0000000 --- a/pppd/plugins/radius/radiusclient.h +++ /dev/null @@ -1,459 +0,0 @@ -/* - * $Id: radiusclient.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#ifndef RADIUSCLIENT_H -#define RADIUSCLIENT_H - -#include <sys/types.h> -#include <stdio.h> -#include <time.h> -#include "pppd.h" - -#ifndef _UINT4_T -/* This works for all machines that Linux runs on... */ -typedef unsigned int UINT4; -typedef int INT4; -#endif - -#define AUTH_VECTOR_LEN 16 -#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */ -#define AUTH_ID_LEN 64 -#define AUTH_STRING_LEN 128 /* maximum of 253 */ - -#define BUFFER_LEN 8192 - -#define NAME_LENGTH 32 -#define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */ - -/* codes for radius_buildreq, radius_getport, etc. */ -#define AUTH 0 -#define ACCT 1 - -/* defines for config.c */ - -#define SERVER_MAX 8 - -#define AUTH_LOCAL_FST (1<<0) -#define AUTH_RADIUS_FST (1<<1) -#define AUTH_LOCAL_SND (1<<2) -#define AUTH_RADIUS_SND (1<<3) - -typedef struct server { - int max; - char *name[SERVER_MAX]; - unsigned short port[SERVER_MAX]; -} SERVER; - -typedef struct pw_auth_hdr -{ - u_char code; - u_char id; - u_short length; - u_char vector[AUTH_VECTOR_LEN]; - u_char data[2]; -} AUTH_HDR; - -#define AUTH_HDR_LEN 20 -#define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */ -#define CHAP_VALUE_LENGTH 16 - -#define PW_AUTH_UDP_PORT 1812 -#define PW_ACCT_UDP_PORT 1813 - -#define PW_TYPE_STRING 0 -#define PW_TYPE_INTEGER 1 -#define PW_TYPE_IPADDR 2 -#define PW_TYPE_DATE 3 - -/* standard RADIUS codes */ - -#define PW_ACCESS_REQUEST 1 -#define PW_ACCESS_ACCEPT 2 -#define PW_ACCESS_REJECT 3 -#define PW_ACCOUNTING_REQUEST 4 -#define PW_ACCOUNTING_RESPONSE 5 -#define PW_ACCOUNTING_STATUS 6 -#define PW_PASSWORD_REQUEST 7 -#define PW_PASSWORD_ACK 8 -#define PW_PASSWORD_REJECT 9 -#define PW_ACCOUNTING_MESSAGE 10 -#define PW_ACCESS_CHALLENGE 11 -#define PW_STATUS_SERVER 12 -#define PW_STATUS_CLIENT 13 - - -/* standard RADIUS attribute-value pairs */ - -#define PW_USER_NAME 1 /* string */ -#define PW_USER_PASSWORD 2 /* string */ -#define PW_CHAP_PASSWORD 3 /* string */ -#define PW_NAS_IP_ADDRESS 4 /* ipaddr */ -#define PW_NAS_PORT 5 /* integer */ -#define PW_SERVICE_TYPE 6 /* integer */ -#define PW_FRAMED_PROTOCOL 7 /* integer */ -#define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */ -#define PW_FRAMED_IP_NETMASK 9 /* ipaddr */ -#define PW_FRAMED_ROUTING 10 /* integer */ -#define PW_FILTER_ID 11 /* string */ -#define PW_FRAMED_MTU 12 /* integer */ -#define PW_FRAMED_COMPRESSION 13 /* integer */ -#define PW_LOGIN_IP_HOST 14 /* ipaddr */ -#define PW_LOGIN_SERVICE 15 /* integer */ -#define PW_LOGIN_PORT 16 /* integer */ -#define PW_OLD_PASSWORD 17 /* string */ /* deprecated */ -#define PW_REPLY_MESSAGE 18 /* string */ -#define PW_LOGIN_CALLBACK_NUMBER 19 /* string */ -#define PW_FRAMED_CALLBACK_ID 20 /* string */ -#define PW_EXPIRATION 21 /* date */ /* deprecated */ -#define PW_FRAMED_ROUTE 22 /* string */ -#define PW_FRAMED_IPX_NETWORK 23 /* integer */ -#define PW_STATE 24 /* string */ -#define PW_CLASS 25 /* string */ -#define PW_VENDOR_SPECIFIC 26 /* string */ -#define PW_SESSION_TIMEOUT 27 /* integer */ -#define PW_IDLE_TIMEOUT 28 /* integer */ -#define PW_TERMINATION_ACTION 29 /* integer */ -#define PW_CALLED_STATION_ID 30 /* string */ -#define PW_CALLING_STATION_ID 31 /* string */ -#define PW_NAS_IDENTIFIER 32 /* string */ -#define PW_PROXY_STATE 33 /* string */ -#define PW_LOGIN_LAT_SERVICE 34 /* string */ -#define PW_LOGIN_LAT_NODE 35 /* string */ -#define PW_LOGIN_LAT_GROUP 36 /* string */ -#define PW_FRAMED_APPLETALK_LINK 37 /* integer */ -#define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */ -#define PW_FRAMED_APPLETALK_ZONE 39 /* string */ -#define PW_CHAP_CHALLENGE 60 /* string */ -#define PW_NAS_PORT_TYPE 61 /* integer */ -#define PW_PORT_LIMIT 62 /* integer */ -#define PW_LOGIN_LAT_PORT 63 /* string */ - -/* Vendor RADIUS attribute-value pairs */ -#define PW_MS_CHAP_CHALLENGE 11 /* string */ -#define PW_MS_CHAP_RESPONSE 1 /* string */ -#define PW_MS_CHAP2_RESPONSE 25 /* string */ -#define PW_MS_CHAP2_SUCCESS 26 /* string */ -#define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */ -#define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */ -#define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE -#define PW_MS_CHAP_MPPE_KEYS 12 /* string */ -#define PW_MS_MPPE_SEND_KEY 16 /* string */ -#define PW_MS_MPPE_RECV_KEY 17 /* string */ -#define PW_MS_PRIMARY_DNS_SERVER 28 /* ipaddr */ -#define PW_MS_SECONDARY_DNS_SERVER 29 /* ipaddr */ -#define PW_MS_PRIMARY_NBNS_SERVER 30 /* ipaddr */ -#define PW_MS_SECONDARY_NBNS_SERVER 31 /* ipaddr */ - -/* Accounting */ - -#define PW_ACCT_STATUS_TYPE 40 /* integer */ -#define PW_ACCT_DELAY_TIME 41 /* integer */ -#define PW_ACCT_INPUT_OCTETS 42 /* integer */ -#define PW_ACCT_OUTPUT_OCTETS 43 /* integer */ -#define PW_ACCT_SESSION_ID 44 /* string */ -#define PW_ACCT_AUTHENTIC 45 /* integer */ -#define PW_ACCT_SESSION_TIME 46 /* integer */ -#define PW_ACCT_INPUT_PACKETS 47 /* integer */ -#define PW_ACCT_OUTPUT_PACKETS 48 /* integer */ -#define PW_ACCT_TERMINATE_CAUSE 49 /* integer */ -#define PW_ACCT_MULTI_SESSION_ID 50 /* string */ -#define PW_ACCT_LINK_COUNT 51 /* integer */ - -/* From RFC 2869 */ -#define PW_ACCT_INTERIM_INTERVAL 85 /* integer */ - -/* Merit Experimental Extensions */ - -#define PW_USER_ID 222 /* string */ -#define PW_USER_REALM 223 /* string */ - - -/* Session limits */ -#define PW_SESSION_OCTETS_LIMIT 227 /* integer */ -#define PW_OCTETS_DIRECTION 228 /* integer */ - -/* Integer Translations */ - -/* SERVICE TYPES */ - -#define PW_LOGIN 1 -#define PW_FRAMED 2 -#define PW_CALLBACK_LOGIN 3 -#define PW_CALLBACK_FRAMED 4 -#define PW_OUTBOUND 5 -#define PW_ADMINISTRATIVE 6 -#define PW_NAS_PROMPT 7 -#define PW_AUTHENTICATE_ONLY 8 -#define PW_CALLBACK_NAS_PROMPT 9 - -/* FRAMED PROTOCOLS */ - -#define PW_PPP 1 -#define PW_SLIP 2 -#define PW_ARA 3 -#define PW_GANDALF 4 -#define PW_XYLOGICS 5 - -/* FRAMED ROUTING VALUES */ - -#define PW_NONE 0 -#define PW_BROADCAST 1 -#define PW_LISTEN 2 -#define PW_BROADCAST_LISTEN 3 - -/* FRAMED COMPRESSION TYPES */ - -#define PW_VAN_JACOBSON_TCP_IP 1 -#define PW_IPX_HEADER_COMPRESSION 2 - -/* LOGIN SERVICES */ - -#define PW_TELNET 0 -#define PW_RLOGIN 1 -#define PW_TCP_CLEAR 2 -#define PW_PORTMASTER 3 -#define PW_LAT 4 -#define PW_X25_PAD 5 -#define PW_X25_T3POS 6 - -/* TERMINATION ACTIONS */ - -#define PW_DEFAULT 0 -#define PW_RADIUS_REQUEST 1 - -/* PROHIBIT PROTOCOL */ - -#define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */ -#define PW_AUTH_ONLY 3 -#define PW_ALL 255 - -/* ACCOUNTING STATUS TYPES */ - -#define PW_STATUS_START 1 -#define PW_STATUS_STOP 2 -#define PW_STATUS_ALIVE 3 -#define PW_STATUS_MODEM_START 4 -#define PW_STATUS_MODEM_STOP 5 -#define PW_STATUS_CANCEL 6 -#define PW_ACCOUNTING_ON 7 -#define PW_ACCOUNTING_OFF 8 - -/* ACCOUNTING TERMINATION CAUSES */ - -#define PW_USER_REQUEST 1 -#define PW_LOST_CARRIER 2 -#define PW_LOST_SERVICE 3 -#define PW_ACCT_IDLE_TIMEOUT 4 -#define PW_ACCT_SESSION_TIMEOUT 5 -#define PW_ADMIN_RESET 6 -#define PW_ADMIN_REBOOT 7 -#define PW_PORT_ERROR 8 -#define PW_NAS_ERROR 9 -#define PW_NAS_REQUEST 10 -#define PW_NAS_REBOOT 11 -#define PW_PORT_UNNEEDED 12 -#define PW_PORT_PREEMPTED 13 -#define PW_PORT_SUSPENDED 14 -#define PW_SERVICE_UNAVAILABLE 15 -#define PW_CALLBACK 16 -#define PW_USER_ERROR 17 -#define PW_HOST_REQUEST 18 - -/* NAS PORT TYPES */ - -#define PW_ASYNC 0 -#define PW_SYNC 1 -#define PW_ISDN_SYNC 2 -#define PW_ISDN_SYNC_V120 3 -#define PW_ISDN_SYNC_V110 4 -#define PW_VIRTUAL 5 - -/* AUTHENTIC TYPES */ -#define PW_RADIUS 1 -#define PW_LOCAL 2 -#define PW_REMOTE 3 - -/* Session-Octets-Limit */ -#define PW_OCTETS_DIRECTION_SUM 0 -#define PW_OCTETS_DIRECTION_IN 1 -#define PW_OCTETS_DIRECTION_OUT 2 -#define PW_OCTETS_DIRECTION_MAX 3 - - -/* Vendor codes */ -#define VENDOR_NONE (-1) -#define VENDOR_MICROSOFT 311 - -/* Server data structures */ - -typedef struct dict_attr -{ - char name[NAME_LENGTH + 1]; /* attribute name */ - int value; /* attribute index */ - int type; /* string, int, etc. */ - int vendorcode; /* vendor code */ - struct dict_attr *next; -} DICT_ATTR; - -typedef struct dict_value -{ - char attrname[NAME_LENGTH +1]; - char name[NAME_LENGTH + 1]; - int value; - struct dict_value *next; -} DICT_VALUE; - -typedef struct vendor_dict -{ - char vendorname[NAME_LENGTH + 1]; - int vendorcode; - DICT_ATTR *attributes; - struct vendor_dict *next; -} VENDOR_DICT; - -typedef struct value_pair -{ - char name[NAME_LENGTH + 1]; - int attribute; - int vendorcode; - int type; - UINT4 lvalue; - u_char strvalue[AUTH_STRING_LEN + 1]; - struct value_pair *next; -} VALUE_PAIR; - -/* don't change this, as it has to be the same as in the Merit radiusd code */ -#define MGMT_POLL_SECRET "Hardlyasecret" - -/* Define return codes from "SendServer" utility */ - -#define BADRESP_RC -2 -#define ERROR_RC -1 -#define OK_RC 0 -#define TIMEOUT_RC 1 - -typedef struct send_data /* Used to pass information to sendserver() function */ -{ - u_char code; /* RADIUS packet code */ - u_char seq_nbr; /* Packet sequence number */ - char *server; /* Name/addrress of RADIUS server */ - int svc_port; /* RADIUS protocol destination port */ - int timeout; /* Session timeout in seconds */ - int retries; - VALUE_PAIR *send_pairs; /* More a/v pairs to send */ - VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */ -} SEND_DATA; - -typedef struct request_info -{ - char secret[MAX_SECRET_LENGTH + 1]; - u_char request_vector[AUTH_VECTOR_LEN]; -} REQUEST_INFO; - -#ifndef MIN -#define MIN(a, b) ((a) < (b) ? (a) : (b)) -#endif -#ifndef MAX -#define MAX(a, b) ((a) > (b) ? (a) : (b)) -#endif - -#ifndef PATH_MAX -#define PATH_MAX 1024 -#endif - -typedef struct env -{ - int maxsize, size; - char **env; -} ENV; - -#define ENV_SIZE 128 - -/* Function prototypes */ - -/* avpair.c */ - -VALUE_PAIR *rc_avpair_add __P((VALUE_PAIR **, int, void *, int, int)); -int rc_avpair_assign __P((VALUE_PAIR *, void *, int)); -VALUE_PAIR *rc_avpair_new __P((int, void *, int, int)); -VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *)); -VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4)); -VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *)); -void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *)); -void rc_avpair_free __P((VALUE_PAIR *)); -int rc_avpair_parse __P((char *, VALUE_PAIR **)); -int rc_avpair_tostr __P((VALUE_PAIR *, char *, int, char *, int)); -VALUE_PAIR *rc_avpair_readin __P((FILE *)); - -/* buildreq.c */ - -void rc_buildreq __P((SEND_DATA *, int, char *, unsigned short, int, int)); -unsigned char rc_get_seqnbr __P((void)); -int rc_auth __P((UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *)); -int rc_auth_using_server __P((SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **, - char *, REQUEST_INFO *)); -int rc_auth_proxy __P((VALUE_PAIR *, VALUE_PAIR **, char *)); -int rc_acct __P((UINT4, VALUE_PAIR *)); -int rc_acct_using_server __P((SERVER *, UINT4, VALUE_PAIR *)); -int rc_acct_proxy __P((VALUE_PAIR *)); -int rc_check __P((char *, unsigned short, char *)); - -/* clientid.c */ - -int rc_read_mapfile __P((char *)); -UINT4 rc_map2id __P((char *)); - -/* config.c */ - -int rc_read_config __P((char *)); -char *rc_conf_str __P((char *)); -int rc_conf_int __P((char *)); -SERVER *rc_conf_srv __P((char *)); -int rc_find_server __P((char *, UINT4 *, char *)); - -/* dict.c */ - -int rc_read_dictionary __P((char *)); -DICT_ATTR *rc_dict_getattr __P((int, int)); -DICT_ATTR *rc_dict_findattr __P((char *)); -DICT_VALUE *rc_dict_findval __P((char *)); -DICT_VALUE * rc_dict_getval __P((UINT4, char *)); -VENDOR_DICT * rc_dict_findvendor __P((char *)); -VENDOR_DICT * rc_dict_getvendor __P((int)); - -/* ip_util.c */ - -UINT4 rc_get_ipaddr __P((char *)); -int rc_good_ipaddr __P((char *)); -const char *rc_ip_hostname __P((UINT4)); -UINT4 rc_own_ipaddress __P((void)); - - -/* sendserver.c */ - -int rc_send_server __P((SEND_DATA *, char *, REQUEST_INFO *)); - -/* util.c */ - -void rc_str2tm __P((char *, struct tm *)); -char *rc_mksid __P((void)); -void rc_mdelay __P((int)); - -/* md5.c */ - -void rc_md5_calc __P((unsigned char *, unsigned char *, unsigned int)); - -#endif /* RADIUSCLIENT_H */ diff --git a/pppd/plugins/radius/radrealms.c b/pppd/plugins/radius/radrealms.c deleted file mode 100644 index 7a30370..0000000 --- a/pppd/plugins/radius/radrealms.c +++ /dev/null @@ -1,148 +0,0 @@ -/* -* -* radrealms.c -* -* A pppd plugin which is stacked on top of radius.so. This plugin -* allows selection of alternate set of servers based on the user's realm. -* -* Author: Ben McKeegan ben@netservers.co.uk -* -* Copyright (C) 2002 Netservers -* -* This plugin may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -*/ - -static char const RCSID[] = - "$Id: radrealms.c,v 1.2 2004/11/14 07:26:26 paulus Exp $"; - -#include "pppd.h" -#include "radiusclient.h" -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -char pppd_version[] = VERSION; - -char radrealms_config[MAXPATHLEN] = "/etc/radiusclient/realms"; - -static option_t Options[] = { - { "realms-config-file", o_string, &radrealms_config, - "Configuration file for RADIUS realms", OPT_STATIC, NULL, MAXPATHLEN }, - { NULL } -}; - -extern void (*radius_pre_auth_hook)(char const *user, - SERVER **authserver, - SERVER **acctserver); - -static void -lookup_realm(char const *user, - SERVER **authserver, - SERVER **acctserver) -{ - char *realm; - FILE *fd; - SERVER *accts, *auths, *s; - char buffer[512], *p; - int line = 0; - - auths = (SERVER *) malloc(sizeof(SERVER)); - auths->max = 0; - accts = (SERVER *) malloc(sizeof(SERVER)); - accts->max = 0; - - realm = strrchr(user, '@'); - - if (realm) { - info("Looking up servers for realm '%s'", realm); - } else { - info("Looking up servers for DEFAULT realm"); - } - if (realm) { - if (*(++realm) == '\0') { - realm = NULL; - } - } - - if ((fd = fopen(radrealms_config, "r")) == NULL) { - option_error("cannot open %s", radrealms_config); - return; - } - info("Reading %s", radrealms_config); - - while ((fgets(buffer, sizeof(buffer), fd) != NULL)) { - line++; - - if ((*buffer == '\n') || (*buffer == '#') || (*buffer == '\0')) - continue; - - buffer[strlen(buffer)-1] = '\0'; - - p = strtok(buffer, "\t "); - - if (p == NULL || (strcmp(p, "authserver") !=0 - && strcmp(p, "acctserver"))) { - fclose(fd); - option_error("%s: invalid line %d: %s", radrealms_config, - line, buffer); - return; - } - info("Parsing '%s' entry:", p); - s = auths; - if (p[1] == 'c') { - s = accts; - } - if (s->max >= SERVER_MAX) - continue; - - if ((p = strtok(NULL, "\t ")) == NULL) { - fclose(fd); - option_error("%s: realm name missing on line %d: %s", - radrealms_config, line, buffer); - return; - } - - if ((realm != NULL && strcmp(p, realm) == 0) || - (realm == NULL && strcmp(p, "DEFAULT") == 0) ) { - info(" - Matched realm %s", p); - if ((p = strtok(NULL, ":")) == NULL) { - fclose(fd); - option_error("%s: server address missing on line %d: %s", - radrealms_config, line, buffer); - return; - } - s->name[s->max] = strdup(p); - info(" - Address is '%s'",p); - if ((p = strtok(NULL, "\t ")) == NULL) { - fclose(fd); - option_error("%s: server port missing on line %d: %s", - radrealms_config, line, buffer); - return; - } - s->port[s->max] = atoi(p); - info(" - Port is '%d'", s->port[s->max]); - s->max++; - } else - info(" - Skipping realm '%s'", p); - } - fclose(fd); - - if (accts->max) - *acctserver = accts; - - if (auths->max) - *authserver = auths; - - return; -} - -void -plugin_init(void) -{ - radius_pre_auth_hook = lookup_realm; - - add_options(Options); - info("RADIUS Realms plugin initialized."); -} diff --git a/pppd/plugins/radius/sendserver.c b/pppd/plugins/radius/sendserver.c deleted file mode 100644 index f68aa67..0000000 --- a/pppd/plugins/radius/sendserver.c +++ /dev/null @@ -1,520 +0,0 @@ -/* - * $Id: sendserver.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> -#include <pathnames.h> - -static void rc_random_vector (unsigned char *); -static int rc_check_reply (AUTH_HDR *, int, char *, unsigned char *, unsigned char); - -/* - * Function: rc_pack_list - * - * Purpose: Packs an attribute value pair list into a buffer. - * - * Returns: Number of octets packed. - * - */ - -static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth) -{ - int length, i, pc, secretlen, padded_length; - int total_length = 0; - UINT4 lvalue; - unsigned char passbuf[MAX(AUTH_PASS_LEN, CHAP_VALUE_LENGTH)]; - unsigned char md5buf[256]; - unsigned char *buf, *vector, *lenptr; - - buf = auth->data; - - while (vp != (VALUE_PAIR *) NULL) - { - - if (vp->vendorcode != VENDOR_NONE) { - *buf++ = PW_VENDOR_SPECIFIC; - - /* Place-holder for where to put length */ - lenptr = buf++; - - /* Insert vendor code */ - *buf++ = 0; - *buf++ = (((unsigned int) vp->vendorcode) >> 16) & 255; - *buf++ = (((unsigned int) vp->vendorcode) >> 8) & 255; - *buf++ = ((unsigned int) vp->vendorcode) & 255; - - /* Insert vendor-type */ - *buf++ = vp->attribute; - - /* Insert value */ - switch(vp->type) { - case PW_TYPE_STRING: - length = vp->lvalue; - *lenptr = length + 8; - *buf++ = length+2; - memcpy(buf, vp->strvalue, (size_t) length); - buf += length; - total_length += length+8; - break; - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - length = sizeof(UINT4); - *lenptr = length + 8; - *buf++ = length+2; - lvalue = htonl(vp->lvalue); - memcpy(buf, (char *) &lvalue, sizeof(UINT4)); - buf += length; - total_length += length+8; - break; - default: - break; - } - } else { - *buf++ = vp->attribute; - switch (vp->attribute) { - case PW_USER_PASSWORD: - - /* Encrypt the password */ - - /* Chop off password at AUTH_PASS_LEN */ - length = vp->lvalue; - if (length > AUTH_PASS_LEN) length = AUTH_PASS_LEN; - - /* Calculate the padded length */ - padded_length = (length+(AUTH_VECTOR_LEN-1)) & ~(AUTH_VECTOR_LEN-1); - - /* Record the attribute length */ - *buf++ = padded_length + 2; - - /* Pad the password with zeros */ - memset ((char *) passbuf, '\0', AUTH_PASS_LEN); - memcpy ((char *) passbuf, vp->strvalue, (size_t) length); - - secretlen = strlen (secret); - vector = (char *)auth->vector; - for(i = 0; i < padded_length; i += AUTH_VECTOR_LEN) { - /* Calculate the MD5 digest*/ - strcpy ((char *) md5buf, secret); - memcpy ((char *) md5buf + secretlen, vector, - AUTH_VECTOR_LEN); - rc_md5_calc (buf, md5buf, secretlen + AUTH_VECTOR_LEN); - - /* Remeber the start of the digest */ - vector = buf; - - /* Xor the password into the MD5 digest */ - for (pc = i; pc < (i + AUTH_VECTOR_LEN); pc++) { - *buf++ ^= passbuf[pc]; - } - } - - total_length += padded_length + 2; - - break; -#if 0 - case PW_CHAP_PASSWORD: - - *buf++ = CHAP_VALUE_LENGTH + 2; - - /* Encrypt the Password */ - length = vp->lvalue; - if (length > CHAP_VALUE_LENGTH) { - length = CHAP_VALUE_LENGTH; - } - memset ((char *) passbuf, '\0', CHAP_VALUE_LENGTH); - memcpy ((char *) passbuf, vp->strvalue, (size_t) length); - - /* Calculate the MD5 Digest */ - secretlen = strlen (secret); - strcpy ((char *) md5buf, secret); - memcpy ((char *) md5buf + secretlen, (char *) auth->vector, - AUTH_VECTOR_LEN); - rc_md5_calc (buf, md5buf, secretlen + AUTH_VECTOR_LEN); - - /* Xor the password into the MD5 digest */ - for (i = 0; i < CHAP_VALUE_LENGTH; i++) { - *buf++ ^= passbuf[i]; - } - total_length += CHAP_VALUE_LENGTH + 2; - - break; -#endif - default: - switch (vp->type) { - case PW_TYPE_STRING: - length = vp->lvalue; - *buf++ = length + 2; - memcpy (buf, vp->strvalue, (size_t) length); - buf += length; - total_length += length + 2; - break; - - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - *buf++ = sizeof (UINT4) + 2; - lvalue = htonl (vp->lvalue); - memcpy (buf, (char *) &lvalue, sizeof (UINT4)); - buf += sizeof (UINT4); - total_length += sizeof (UINT4) + 2; - break; - - default: - break; - } - break; - } - } - vp = vp->next; - } - return total_length; -} - -/* - * Function: rc_send_server - * - * Purpose: send a request to a RADIUS server and wait for the reply - * - */ - -int rc_send_server (SEND_DATA *data, char *msg, REQUEST_INFO *info) -{ - int sockfd; - struct sockaddr salocal; - struct sockaddr saremote; - struct sockaddr_in *sin; - struct timeval authtime; - fd_set readfds; - AUTH_HDR *auth, *recv_auth; - UINT4 auth_ipaddr; - char *server_name; /* Name of server to query */ - int salen; - int result; - int total_length; - int length; - int retry_max; - int secretlen; - char secret[MAX_SECRET_LENGTH + 1]; - unsigned char vector[AUTH_VECTOR_LEN]; - char recv_buffer[BUFFER_LEN]; - char send_buffer[BUFFER_LEN]; - int retries; - VALUE_PAIR *vp; - - server_name = data->server; - if (server_name == (char *) NULL || server_name[0] == '\0') - return (ERROR_RC); - - if ((vp = rc_avpair_get(data->send_pairs, PW_SERVICE_TYPE)) && \ - (vp->lvalue == PW_ADMINISTRATIVE)) - { - strcpy(secret, MGMT_POLL_SECRET); - if ((auth_ipaddr = rc_get_ipaddr(server_name)) == 0) - return (ERROR_RC); - } - else - { - if (rc_find_server (server_name, &auth_ipaddr, secret) != 0) - { - return (ERROR_RC); - } - } - - sockfd = socket (AF_INET, SOCK_DGRAM, 0); - if (sockfd < 0) - { - memset (secret, '\0', sizeof (secret)); - error("rc_send_server: socket: %s", strerror(errno)); - return (ERROR_RC); - } - - length = sizeof (salocal); - sin = (struct sockaddr_in *) & salocal; - memset ((char *) sin, '\0', (size_t) length); - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = htonl(rc_own_bind_ipaddress()); - sin->sin_port = htons ((unsigned short) 0); - if (bind (sockfd, (struct sockaddr *) sin, length) < 0 || - getsockname (sockfd, (struct sockaddr *) sin, &length) < 0) - { - close (sockfd); - memset (secret, '\0', sizeof (secret)); - error("rc_send_server: bind: %s: %m", server_name); - return (ERROR_RC); - } - - retry_max = data->retries; /* Max. numbers to try for reply */ - retries = 0; /* Init retry cnt for blocking call */ - - /* Build a request */ - auth = (AUTH_HDR *) send_buffer; - auth->code = data->code; - auth->id = data->seq_nbr; - - if (data->code == PW_ACCOUNTING_REQUEST) - { - total_length = rc_pack_list(data->send_pairs, secret, auth) + AUTH_HDR_LEN; - - auth->length = htons ((unsigned short) total_length); - - memset((char *) auth->vector, 0, AUTH_VECTOR_LEN); - secretlen = strlen (secret); - memcpy ((char *) auth + total_length, secret, secretlen); - rc_md5_calc (vector, (char *) auth, total_length + secretlen); - memcpy ((char *) auth->vector, (char *) vector, AUTH_VECTOR_LEN); - } - else - { - rc_random_vector (vector); - memcpy (auth->vector, vector, AUTH_VECTOR_LEN); - - total_length = rc_pack_list(data->send_pairs, secret, auth) + AUTH_HDR_LEN; - - auth->length = htons ((unsigned short) total_length); - } - - sin = (struct sockaddr_in *) & saremote; - memset ((char *) sin, '\0', sizeof (saremote)); - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = htonl (auth_ipaddr); - sin->sin_port = htons ((unsigned short) data->svc_port); - - for (;;) - { - sendto (sockfd, (char *) auth, (unsigned int) total_length, (int) 0, - (struct sockaddr *) sin, sizeof (struct sockaddr_in)); - - authtime.tv_usec = 0L; - authtime.tv_sec = (long) data->timeout; - FD_ZERO (&readfds); - FD_SET (sockfd, &readfds); - if (select (sockfd + 1, &readfds, NULL, NULL, &authtime) < 0) - { - if (errno == EINTR) - continue; - error("rc_send_server: select: %m"); - memset (secret, '\0', sizeof (secret)); - close (sockfd); - return (ERROR_RC); - } - if (FD_ISSET (sockfd, &readfds)) - break; - - /* - * Timed out waiting for response. Retry "retry_max" times - * before giving up. If retry_max = 0, don't retry at all. - */ - if (++retries >= retry_max) - { - error("rc_send_server: no reply from RADIUS server %s:%u", - rc_ip_hostname (auth_ipaddr), data->svc_port); - close (sockfd); - memset (secret, '\0', sizeof (secret)); - return (TIMEOUT_RC); - } - } - salen = sizeof (saremote); - length = recvfrom (sockfd, (char *) recv_buffer, - (int) sizeof (recv_buffer), - (int) 0, &saremote, &salen); - - if (length <= 0) - { - error("rc_send_server: recvfrom: %s:%d: %m", server_name,\ - data->svc_port); - close (sockfd); - memset (secret, '\0', sizeof (secret)); - return (ERROR_RC); - } - - recv_auth = (AUTH_HDR *)recv_buffer; - - result = rc_check_reply (recv_auth, BUFFER_LEN, secret, vector, data->seq_nbr); - - data->receive_pairs = rc_avpair_gen(recv_auth); - - close (sockfd); - if (info) - { - memcpy(info->secret, secret, sizeof(info->secret)); - memcpy(info->request_vector, vector, - sizeof(info->request_vector)); - } - memset (secret, '\0', sizeof (secret)); - - if (result != OK_RC) return (result); - - *msg = '\0'; - vp = data->receive_pairs; - while (vp) - { - if ((vp = rc_avpair_get(vp, PW_REPLY_MESSAGE))) - { - strcat(msg, vp->strvalue); - strcat(msg, "\n"); - vp = vp->next; - } - } - - if ((recv_auth->code == PW_ACCESS_ACCEPT) || - (recv_auth->code == PW_PASSWORD_ACK) || - (recv_auth->code == PW_ACCOUNTING_RESPONSE)) - { - result = OK_RC; - } - else - { - result = BADRESP_RC; - } - - return (result); -} - -/* - * Function: rc_check_reply - * - * Purpose: verify items in returned packet. - * - * Returns: OK_RC -- upon success, - * BADRESP_RC -- if anything looks funny. - * - */ - -static int rc_check_reply (AUTH_HDR *auth, int bufferlen, char *secret, - unsigned char *vector, unsigned char seq_nbr) -{ - int secretlen; - int totallen; - unsigned char calc_digest[AUTH_VECTOR_LEN]; - unsigned char reply_digest[AUTH_VECTOR_LEN]; - - totallen = ntohs (auth->length); - - secretlen = strlen (secret); - - /* Do sanity checks on packet length */ - if ((totallen < 20) || (totallen > 4096)) - { - error("rc_check_reply: received RADIUS server response with invalid length"); - return (BADRESP_RC); - } - - /* Verify buffer space, should never trigger with current buffer size and check above */ - if ((totallen + secretlen) > bufferlen) - { - error("rc_check_reply: not enough buffer space to verify RADIUS server response"); - return (BADRESP_RC); - } - /* Verify that id (seq. number) matches what we sent */ - if (auth->id != seq_nbr) - { - error("rc_check_reply: received non-matching id in RADIUS server response"); - return (BADRESP_RC); - } - - /* Verify the reply digest */ - memcpy ((char *) reply_digest, (char *) auth->vector, AUTH_VECTOR_LEN); - memcpy ((char *) auth->vector, (char *) vector, AUTH_VECTOR_LEN); - memcpy ((char *) auth + totallen, secret, secretlen); - rc_md5_calc (calc_digest, (char *) auth, totallen + secretlen); - -#ifdef DIGEST_DEBUG - { - int i; - - fputs("reply_digest: ", stderr); - for (i = 0; i < AUTH_VECTOR_LEN; i++) - { - fprintf(stderr,"%.2x ", (int) reply_digest[i]); - } - fputs("\ncalc_digest: ", stderr); - for (i = 0; i < AUTH_VECTOR_LEN; i++) - { - fprintf(stderr,"%.2x ", (int) calc_digest[i]); - } - fputs("\n", stderr); - } -#endif - - if (memcmp ((char *) reply_digest, (char *) calc_digest, - AUTH_VECTOR_LEN) != 0) - { -#ifdef RADIUS_116 - /* the original Livingston radiusd v1.16 seems to have - a bug in digest calculation with accounting requests, - authentication request are ok. i looked at the code - but couldn't find any bugs. any help to get this - kludge out are welcome. preferably i want to - reproduce the calculation bug here to be compatible - to stock Livingston radiusd v1.16. -lf, 03/14/96 - */ - if (auth->code == PW_ACCOUNTING_RESPONSE) - return (OK_RC); -#endif - error("rc_check_reply: received invalid reply digest from RADIUS server"); - return (BADRESP_RC); - } - - return (OK_RC); - -} - -/* - * Function: rc_random_vector - * - * Purpose: generates a random vector of AUTH_VECTOR_LEN octets. - * - * Returns: the vector (call by reference) - * - */ - -static void rc_random_vector (unsigned char *vector) -{ - int randno; - int i; - int fd; - -/* well, I added this to increase the security for user passwords. - we use /dev/urandom here, as /dev/random might block and we don't - need that much randomness. BTW, great idea, Ted! -lf, 03/18/95 */ - - if ((fd = open(_PATH_DEV_URANDOM, O_RDONLY)) >= 0) - { - unsigned char *pos; - int readcount; - - i = AUTH_VECTOR_LEN; - pos = vector; - while (i > 0) - { - readcount = read(fd, (char *)pos, i); - pos += readcount; - i -= readcount; - } - - close(fd); - return; - } /* else fall through */ - - for (i = 0; i < AUTH_VECTOR_LEN;) - { - randno = magic(); - memcpy ((char *) vector, (char *) &randno, sizeof (int)); - vector += sizeof (int); - i += sizeof (int); - } - - return; -} diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c deleted file mode 100644 index 6f976a7..0000000 --- a/pppd/plugins/radius/util.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * $Id: util.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include <includes.h> -#include <radiusclient.h> - -/* - * Function: rc_str2tm - * - * Purpose: Turns printable string into correct tm struct entries. - * - */ - -static const char * months[] = - { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" - }; - -void rc_str2tm (char *valstr, struct tm *tm) -{ - int i; - - /* Get the month */ - for (i = 0; i < 12; i++) - { - if (strncmp (months[i], valstr, 3) == 0) - { - tm->tm_mon = i; - i = 13; - } - } - - /* Get the Day */ - tm->tm_mday = atoi (&valstr[4]); - - /* Now the year */ - tm->tm_year = atoi (&valstr[7]) - 1900; -} - -void rc_mdelay(int msecs) -{ - struct timeval tv; - - tv.tv_sec = (int) msecs / 1000; - tv.tv_usec = (msecs % 1000) * 1000; - - select(0,(fd_set *)NULL,(fd_set *)NULL,(fd_set *)NULL, &tv); -} - -/* - * Function: rc_mksid - * - * Purpose: generate a quite unique string - * - * Remarks: not that unique at all... - * - */ - -char * -rc_mksid (void) -{ - static char buf[15]; - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), - (unsigned int) getpid (), - cnt & 0xFF); - cnt++; - return buf; -} |