3 # login program to invoke PPP.
4 # RADIUS accounting is NOT handled by this; it is handled by /etc/ppp/
5 # ip-up and ip-down which are invoked when the TCP/IP connection is up.
7 # version 0.1 November 5 1996
8 # clean up the code, minor features.
10 # version 0.02 May 8 1996
12 # start implementing other types of logins, not only Framed.
13 # Also honor static IP addresses.
15 # version 0.01 April 1 1996
17 # - ignore RADIUS server requests for Framed-User, just
18 # do PPP. Later, this should be honored. For now,
19 # just use RADIUS for authentication; it's much simpler.
20 # Always use dynamic addresses.
26 #### CONFIGURATION SECTION ##################################################
28 # Local IP address for the PPP connection.
29 my $ip_address_local = "203.176.0.3";
31 # First IP address for this terminal server, if dynamic addressing
32 # is requested, or if nothing is specified for Framed-IP-Address.
33 my $ip_address_begin = "203.176.0.161";
35 # IP translation factor; subtract this value from radclient before adding
36 # the beginning IP address.
37 my $ip_translate_factor = 32;
39 # Debugging to screen?
44 # Async map - this one escapes only XON and XOFF characters.
45 my $asyncmap = "0x000A0000";
47 # MTU and MRU. 296 is good for interactive performance,
48 # but larger ones will lead to less overhead for file transfers.
50 my ($mtu, $mru) = (296, 296);
52 # If we're using proxy ARP, set this to "proxyarp", else leave it blank.
53 # my $proxyarp = "proxyarp";
56 # Login host for non-framed connections.
57 # This should only be an IP address, since that's what
58 # Login-IP-Host should be.
59 my $login_host = "203.176.0.4"; # marikit.iphil.net
62 my $prog_pppd = "/usr/sbin/pppd";
63 my $prog_radacct = "/usr/local/lib/radiusclient/radacct";
64 my $prog_rlogin = "/usr/bin/rlogin";
65 my $prog_telnet = "/bin/telnet";
66 my $prog_tcpclear = "/bin/telnet -e ''";
67 my $prog_tty = "/usr/bin/tty";
68 my $prog_who = "/usr/bin/who";
70 my $path_portinfo = "/var/ipoint/acct/portinfo";
71 my $path_radiusclient_map = "/etc/radclient/port-id-map";
73 #############################################################################
77 print "Starting.\n" if ($debug);
79 # Run 'who am i' to determine the current port.
80 my $port = `$prog_tty`;
83 # Translate port numbers to numbers for RADIUS.
84 # This translation is done again by radacct, but it may be useful here.
85 # Remove if CPU time is a problem.
88 open (H, $path_radiusclient_map);
89 while (($line = <H>) && (!$portid))
91 my @info = split (/\s+/, $line);
92 $portid = $info[1] if ($info[0] eq $port);
98 # Print out all the RADIUS variables.
99 my @el = grep (/^RADIUS/, keys (%ENV));
103 print "$e = " . $ENV{$e} . "\n";
107 # If the service type is Framed, then give them PPP.
108 # SLIP is not implemented (and will probably never be).
110 my $username = $ENV{"RADIUS_USER_NAME"};
112 # Generate a "unique" string for the session ID.
113 my $sessionid = "$$" . time ();
115 if ($ENV{"RADIUS_SERVICE_TYPE"} =~ /^Framed$/)
118 # Use the specified IP address, or generate one if none is specified,
119 # or a dynamic one requested. Or, let the user negotiate the address.
121 my $ip_address = $ENV{"RADIUS_FRAMED_IP_ADDRESS"};
123 if (!$ip_address || ($ip_address eq "255.255.255.254"))
125 my @ipn = split (/\./, $ip_address_begin);
126 $ipn[3] += $portid - $ip_translate_factor;
127 $ip_address = join ('.', @ipn);
131 print "port: $port\n";
132 print "portid: $portid\n";
133 print "ip_translate_factor: $ip_translate_factor\n";
134 print "ip_address: $ip_address\n";
139 elsif ($ip_address eq "255.255.255.255")
141 # Clear it out so that pppd will let the remote end specify the
146 # Override the specified MTU.
147 $mtu = $ENV{"RADIUS_FRAMED_MTU"} if $ENV{"RADIUS_FRAMED_MTU"};
149 # If no compression is specified, turn it off.
151 if (!$ENV{"RADIUS_FRAMED_COMPRESSION"})
156 # Fix up the parameters to be passed to ip-up. Include Framed-Route.
157 # Escape spaces with %20's.
159 # Split up the framed route into multiple parts.
160 # Separate the different given routes with bars.
161 my $routelist = join ("@", map {$ENV{$_}}
162 grep {/^RADIUS_FRAMED_ROUTE/} keys (%ENV)
164 $routelist =~ s/ /%20/g;
166 my $param = join (':', $sessionid, $username, $port, $portid,
167 $ENV{"RADIUS_SESSION_TIMEOUT"}, $routelist);
170 # Run pppd through exec, so that it grabs hold of the terminal
171 # and catches disconnections.
173 # Portmaster-style prompt.
174 if ($ENV{"RADIUS_SESSION_TIMEOUT"})
176 print "Session timeout: " . $ENV{"RADIUS_SESSION_TIMEOUT"} .
179 print "PPP session from ($ip_address_local) to $ip_address beginning....";
181 "$prog_pppd $ip_address_local:$ip_address modem crtscts " .
182 "asyncmap $asyncmap lock -detach $compress " .
183 "ipparam $param mtu $mtu mru $mru $proxyarp";
187 elsif ($ENV{"RADIUS_SERVICE_TYPE"} =~ /Login/)
189 # Warning: This code has not been tested as well as the PPP version,
190 # as of now (19961107).
192 # Determine what host to connect to.
193 if (($ENV{"RADIUS_LOGIN_IP_HOST"} eq "0.0.0.0") ||
194 !defined ($ENV{"RADIUS_LOGIN_IP_HOST"}))
196 # Do nothing, it's already specified above in the config section.
198 elsif ($ENV{"RADIUS_LOGIN_IP_HOST"} eq "255.255.255.255")
200 # The user should be able to choose. Prompt the user.
201 print "Host to connect to? ";
202 $login_host = <STDIN>;
207 # Use what's specified by the RADIUS server.
208 $login_host = $ENV{"RADIUS_LOGIN_IP_HOST"};
211 # Log into a host. Default to telnet. Do the accounting
212 # now, since the target of the login wouldn't know how to
215 # Start accounting. Send the record.
216 open (H, "| $prog_radacct") || die ("Cannot run $prog_radacct");
218 my $login_service = $ENV{"RADIUS_LOGIN_SERVICE"};
221 "Acct-Session-ID = \"$sessionid\"\n" .
222 "User-Name = \"$username\"\n" .
223 "Acct-Status-Type = Start\n" .
224 "Acct-Authentic = RADIUS\n" .
225 "Service-Type = Login\n" .
226 "Login-Service = " . $login_service . "\n" .
227 "Login-IP-Host = $login_host\n";
233 my $timestart = time ();
235 # What protocol are we running?
236 my ($prog_run, $login_port);
238 if ($login_service eq "Rlogin")
240 $prog_run = $prog_rlogin;
242 elsif ($login_service eq "Telnet")
244 $prog_run = $prog_telnet;
245 $login_port = $ENV{"RADIUS_LOGIN_PORT"};
247 elsif ($login_service eq "TCP-Clear")
249 $prog_run = $prog_tcpclear;
250 $login_port = $ENV{"RADIUS_LOGIN_PORT"};
253 # Store the user information into portinfo. We need to
254 # manually fork, since we have to know the PID of the program.
259 # Child. Run the program.
260 # print "Connecting to $login_host:\n";
261 my $cmd = "$prog_run $login_host $login_port";
267 # Create the portinfo record, which needs the pid of the program
269 # The IP address is all zero, as it is not applicable here.
270 # Store the time now, and the Session-Timeout.
274 tie (%db_portinfo, "GDBM_File", $path_portinfo, GDBM_WRCREAT, 0600);
275 $db_portinfo{$portid} =
276 join (':', $username, "Login/$login_service",
277 "0.0.0.0", $pid, $timestart, $ENV{"RADIUS_SESSION_TIMEOUT"});
278 untie (%db_portinfo);
280 # Wait for the session to finish.
283 # Stop. Send the record.
284 open (H, "| $prog_radacct") || die ("Cannot run $prog_radacct");
286 my $timespent = time () - $timestart;
289 "Acct-Session-ID = \"$sessionid\"\n" .
290 "User-Name = \"$username\"\n" .
291 "Acct-Status-Type = Stop\n" .
292 "Acct-Authentic = RADIUS\n" .
293 "Service-Type = Login\n" .
294 "Login-Service = " . $login_service . "\n" .
295 "Login-IP-Host = $login_host\n" .
296 "Acct-Session-Time = $timespent\n";
301 # Remove the record from portinfo.
303 tie (%db_portinfo, "GDBM_File", $path_portinfo, GDBM_WRCREAT, 0600);
304 delete $db_portinfo{$portid};
305 untie (%db_portinfo);
projects / ppp.git / blob