X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fradius%2Fradius.c;h=02875b4fec2069de9d31339b80df793bf8a709e5;hb=ebe6b4ad00c2290a9147b9bedb57c1c49bb18b02;hp=fbf872006005b59ca5472f73b1a5c1b69007bef4;hpb=5c765a67fd25f9d84e71ed61ace37c8c97f6be15;p=ppp.git

diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c
index fbf8720..02875b4 100644
--- a/pppd/plugins/radius/radius.c
+++ b/pppd/plugins/radius/radius.c
@@ -26,24 +26,28 @@
 static char const RCSID[] =
 "$Id: radius.c,v 1.32 2008/05/26 09:18:08 paulus Exp $";
 
-#include "pppd.h"
-#include "chap-new.h"
-#ifdef CHAPMS
-#include "chap_ms.h"
-#ifdef MPPE
-#include "md5.h"
-#endif
-#endif
-#include "radiusclient.h"
-#include "fsm.h"
-#include "ipcp.h"
 #include <syslog.h>
 #include <sys/types.h>
 #include <sys/time.h>
+#include <sys/param.h>
 #include <string.h>
 #include <netinet/in.h>
 #include <stdlib.h>
 
+#include <pppd/pppd.h>
+#include <pppd/chap-new.h>
+#ifdef PPP_WITH_CHAPMS
+#include <pppd/chap_ms.h>
+#ifdef PPP_WITH_MPPE
+#include <pppd/mppe.h>
+#include <pppd/md5.h>
+#endif
+#endif
+#include <pppd/fsm.h>
+#include <pppd/ipcp.h>
+
+#include "radiusclient.h"
+
 #define BUF_LEN 1024
 
 #define MD5_HASH_SIZE	16
@@ -92,7 +96,7 @@ static int radius_init(char *msg);
 static int get_client_port(char *ifname);
 static int radius_allowed_address(u_int32_t addr);
 static void radius_acct_interim(void *);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 static int radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
 			      unsigned char *);
 static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info);
@@ -107,7 +111,6 @@ static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info);
 #endif
 
 struct radius_state {
-    int accounting_started;
     int initialized;
     int client_port;
     int choose_ip;
@@ -136,7 +139,7 @@ void (*radius_pre_auth_hook)(char const *user,
 
 static struct radius_state rstate;
 
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
 
 /**********************************************************************
 * %FUNCTION: plugin_init
@@ -202,7 +205,7 @@ add_avp(char **argv)
 *  1 -- we are ALWAYS willing to supply a secret. :-)
 * %DESCRIPTION:
 * Tells pppd that we will try to authenticate the peer, and not to
-* worry about looking in /etc/ppp/*-secrets
+* worry about looking in *-secrets file(s)
 ***********************************************************************/
 static int
 radius_secret_check(void)
@@ -342,7 +345,7 @@ radius_chap_verify(char *user, char *ourname, int id,
     int result;
     int challenge_len, response_len;
     u_char cpassword[MAX_RESPONSE_LEN + 1];
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
     /* Need the RADIUS secret and Request Authenticator to decode MPPE */
     REQUEST_INFO request_info, *req_info = &request_info;
 #else
@@ -361,7 +364,7 @@ radius_chap_verify(char *user, char *ourname, int id,
 
     /* return error for types we can't handle */
     if ((digest->code != CHAP_MD5)
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	&& (digest->code != CHAP_MICROSOFT)
 	&& (digest->code != CHAP_MICROSOFT_V2)
 #endif
@@ -408,7 +411,7 @@ radius_chap_verify(char *user, char *ourname, int id,
 		      cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE);
 	break;
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
     case CHAP_MICROSOFT:
     {
 	/* MS-CHAP-Challenge and MS-CHAP-Response */
@@ -540,7 +543,7 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 {
     u_int32_t remote;
     int ms_chap2_success = 0;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
     int mppe_enc_keys = 0;	/* whether or not these were received */
     int mppe_enc_policy = 0;
     int mppe_enc_types = 0;
@@ -593,17 +596,16 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		break;
            case PW_FILTER_ID:
                /* packet filter, will be handled via ip-(up|down) script */
-               script_setenv("RADIUS_FILTER_ID", vp->strvalue, 1);
+               script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1);
                break;
            case PW_FRAMED_ROUTE:
                /* route, will be handled via ip-(up|down) script */
-               script_setenv("RADIUS_FRAMED_ROUTE", vp->strvalue, 1);
+               script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1);
                break;
            case PW_IDLE_TIMEOUT:
                /* idle parameter */
                idle_time_limit = vp->lvalue;
                break;
-#ifdef MAXOCTETS
 	    case PW_SESSION_OCTETS_LIMIT:
 		/* Session traffic limit */
 		maxoctets = vp->lvalue;
@@ -612,7 +614,6 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		/* Session traffic limit direction check */
 		maxoctets_dir = ( vp->lvalue > 4 ) ? 0 : vp->lvalue ;
 		break;
-#endif
 	    case PW_ACCT_INTERIM_INTERVAL:
 		/* Send accounting updates every few seconds */
 		rstate.acct_interim_interval = vp->lvalue;
@@ -651,23 +652,26 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		    memcpy(rstate.class, vp->strvalue, rstate.class_len);
 		} /* else too big for our buffer - ignore it */
 		break;
+	    case PW_FRAMED_MTU:
+		netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue));
+		break;
 	    }
 
 
 	} else if (vp->vendorcode == VENDOR_MICROSOFT) {
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	    switch (vp->attribute) {
 	    case PW_MS_CHAP2_SUCCESS:
-		if ((vp->lvalue != 43) || strncmp(vp->strvalue + 1, "S=", 2)) {
+		if ((vp->lvalue != 43) || strncmp((char*) vp->strvalue + 1, "S=", 2)) {
 		    slprintf(msg,BUF_LEN,"RADIUS: bad MS-CHAP2-Success packet");
 		    return -1;
 		}
 		if (message != NULL)
-		    strlcpy(message, vp->strvalue + 1, message_space);
+		    strlcpy(message, (char*) vp->strvalue + 1, message_space);
 		ms_chap2_success = 1;
 		break;
 
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 	    case PW_MS_CHAP_MPPE_KEYS:
 		if (radius_setmppekeys(vp, req_info, challenge) < 0) {
 		    slprintf(msg, BUF_LEN,
@@ -697,7 +701,7 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		mppe_enc_types = vp->lvalue;	/* save for later */
 		break;
 
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
 #ifdef MSDNS
 	    case PW_MS_PRIMARY_DNS_SERVER:
 		ao->dnsaddr[0] = htonl(vp->lvalue);
@@ -725,7 +729,7 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		break;
 #endif /* MSDNS */
 	    }
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 	}
 	vp = vp->next;
     }
@@ -734,23 +738,24 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
     if (digest && (digest->code == CHAP_MICROSOFT_V2) && !ms_chap2_success)
 	return -1;
 
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
     /*
      * Require both policy and key attributes to indicate a valid key.
      * Note that if the policy value was '0' we don't set the key!
      */
     if (mppe_enc_policy && mppe_enc_keys) {
-	mppe_keys_set = 1;
 	/* Set/modify allowed encryption types. */
 	if (mppe_enc_types)
-	    set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
+	    mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
+	return 0;
     }
+    mppe_clear_keys();
 #endif
 
     return 0;
 }
 
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 /**********************************************************************
 * %FUNCTION: radius_setmppekeys
 * %ARGUMENTS:
@@ -800,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
      * the NAS (us) doesn't need; we only need the start key.  So we have
      * to generate the start key, sigh.  NB: We do not support the LM-Key.
      */
-    mppe_set_keys(challenge, &plain[8]);
+    mppe_set_chapv1(challenge, &plain[8]);
 
     return 0;    
 }
@@ -852,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
     for (i = 0; i < 16; i++)
 	plain[i] ^= buf[i];
 
-    if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
+    if (plain[0] != 16) {
 	error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
 	      (int) plain[0], type);
 	return -1;
@@ -866,13 +871,13 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
     plain[16] ^= buf[0]; /* only need the first byte */
 
     if (vp->attribute == PW_MS_MPPE_SEND_KEY)
-	memcpy(mppe_send_key, plain + 1, 16);
+	mppe_set_keys(plain + 1, NULL, 16);
     else
-	memcpy(mppe_recv_key, plain + 1, 16);
+	mppe_set_keys(NULL, plain + 1, 16);
 
     return 0;
 }
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
 
 /**********************************************************************
 * %FUNCTION: radius_acct_start
@@ -898,7 +903,7 @@ radius_acct_start(void)
 
     rstate.start_time = time(NULL);
 
-    strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id));
+    strlcpy(rstate.session_id, rc_mksid(), MAXSESSIONID);
 
     rc_avpair_add(&send, PW_ACCT_SESSION_ID,
 		   rstate.session_id, 0, VENDOR_NONE);
@@ -952,12 +957,11 @@ radius_acct_start(void)
 	/* RADIUS server could be down so make this a warning */
 	syslog(LOG_WARNING,
 		"Accounting START failed for %s", rstate.user);
-    } else {
-	rstate.accounting_started = 1;
-	/* Kick off periodic accounting reports */
-	if (rstate.acct_interim_interval) {
-	    TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
-	}
+    }
+
+    /* Kick off periodic accounting reports */
+    if (rstate.acct_interim_interval) {
+	TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
     }
 }
 
@@ -983,14 +987,9 @@ radius_acct_stop(void)
 	return;
     }
 
-    if (!rstate.accounting_started) {
-	return;
-    }
-
     if (rstate.acct_interim_interval)
 	UNTIMEOUT(radius_acct_interim, NULL);
 
-    rstate.accounting_started = 0;
     rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
 		   0, VENDOR_NONE);
 
@@ -1017,12 +1016,22 @@ radius_acct_stop(void)
 	av_type = link_connect_time;
 	rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_out;
+	av_type = link_stats.bytes_out & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_in;
+	if (link_stats.bytes_out > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_out >> 32;
+	    rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
+	av_type = link_stats.bytes_in & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
+	if (link_stats.bytes_in > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_in >> 32;
+	    rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
 	av_type = link_stats.pkts_out;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
 
@@ -1078,11 +1087,9 @@ radius_acct_stop(void)
 	    av_type = PW_ACCT_SESSION_TIMEOUT;
 	    break;
 	    
-#ifdef MAXOCTETS
 	case EXIT_TRAFFIC_LIMIT:
 	    av_type = PW_NAS_REQUEST;
 	    break;
-#endif
 
 	default:
 	    av_type = PW_NAS_ERROR;
@@ -1135,10 +1142,6 @@ radius_acct_interim(void *ignored)
 	return;
     }
 
-    if (!rstate.accounting_started) {
-	return;
-    }
-
     rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
 		   0, VENDOR_NONE);
 
@@ -1169,12 +1172,22 @@ radius_acct_interim(void *ignored)
 	av_type = link_connect_time;
 	rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_out;
+	av_type = link_stats.bytes_out & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_in;
+	if (link_stats.bytes_out > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_out >> 32;
+	    rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
+	av_type = link_stats.bytes_in & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
+	if (link_stats.bytes_in > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_in >> 32;
+	    rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
 	av_type = link_stats.pkts_out;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);