From 32be3676b6d3ad8db2052b8d445e7ef4b9ca6352 Mon Sep 17 00:00:00 2001 From: Frank Cusack Date: Tue, 1 Oct 2002 09:51:01 +0000 Subject: [PATCH] Send NAS-Identifier attribute instead of NAS-IP-Address, if configured. Set some reasonable defaults for various options, if not supplied. Patch from Ben McKeegan. --- .../radius/radiusclient/etc/dictionary | 1 + .../radiusclient/etc/radiusclient.conf.in | 25 ++++-- .../radius/radiusclient/lib/buildreq.c | 79 +++++++++++++------ pppd/plugins/radius/radiusclient/lib/config.c | 5 +- .../plugins/radius/radiusclient/lib/options.h | 16 ++-- 5 files changed, 86 insertions(+), 40 deletions(-) diff --git a/pppd/plugins/radius/radiusclient/etc/dictionary b/pppd/plugins/radius/radiusclient/etc/dictionary index 903824d..6dd086a 100644 --- a/pppd/plugins/radius/radiusclient/etc/dictionary +++ b/pppd/plugins/radius/radiusclient/etc/dictionary @@ -71,6 +71,7 @@ ATTRIBUTE Idle-Timeout 28 integer ATTRIBUTE Termination-Action 29 integer ATTRIBUTE Called-Station-Id 30 string ATTRIBUTE Calling-Station-Id 31 string +ATTRIBUTE NAS-Identifier 32 string ATTRIBUTE Acct-Status-Type 40 integer ATTRIBUTE Acct-Delay-Time 41 integer ATTRIBUTE Acct-Input-Octets 42 integer diff --git a/pppd/plugins/radius/radiusclient/etc/radiusclient.conf.in b/pppd/plugins/radius/radiusclient/etc/radiusclient.conf.in index 916289a..eae292c 100644 --- a/pppd/plugins/radius/radiusclient/etc/radiusclient.conf.in +++ b/pppd/plugins/radius/radiusclient/etc/radiusclient.conf.in @@ -7,21 +7,21 @@ # this server is asked. auth_order radius -# maximum login tries a user has +# maximum login tries a user has (default 4) login_tries 4 -# timeout for all login tries -# if this time is exceeded the user is kicked out +# timeout for all login tries (default 60) +# if this time is exceeded the user is kicked out login_timeout 60 # name of the nologin file which when it exists disables logins. # it may be extended by the ttyname which will result in # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable -# logins on /dev/ttyS2) +# logins on /dev/ttyS2) (default /etc/nologin) nologin /etc/nologin # name of the issue file. it's only display when no username is passed -# on the radlogin command line +# on the radlogin command line (default /etc/radiusclient/issue) issue @pkgsysconfdir@/issue # RADIUS settings @@ -49,7 +49,8 @@ servers @pkgsysconfdir@/servers # just like in the normal RADIUS distributions dictionary @pkgsysconfdir@/dictionary -# program to call for a RADIUS authenticated login +# program to call for a RADIUS authenticated login +# (default /usr/sbin/login.radius) login_radius @sbindir@/login.radius # file which holds sequence number for communication with the @@ -71,6 +72,18 @@ radius_timeout 10 # resend request this many times before trying the next server radius_retries 3 +# NAS-Identifier +# +# If supplied, this option will cause the client to send the given string +# as the contents of the NAS-Identifier attribute in RADIUS requests. No +# NAS-IP-Address attribute will be sent in this case. +# +# The default behavior is to send a NAS-IP-Address option and not send +# a NAS-Identifier. The value of the NAS-IP-Address option is chosen +# by resolving the system hostname. + +# nas_identifier MyUniqueNASName + # LOCAL settings # program to execute for local login diff --git a/pppd/plugins/radius/radiusclient/lib/buildreq.c b/pppd/plugins/radius/radiusclient/lib/buildreq.c index d8a52c9..cd80d19 100644 --- a/pppd/plugins/radius/radiusclient/lib/buildreq.c +++ b/pppd/plugins/radius/radiusclient/lib/buildreq.c @@ -1,5 +1,5 @@ /* - * $Id: buildreq.c,v 1.3 2002/04/02 14:09:35 dfs Exp $ + * $Id: buildreq.c,v 1.4 2002/10/01 09:51:01 fcusack Exp $ * * Copyright (C) 1995,1997 Lars Fenneberg * @@ -15,6 +15,44 @@ unsigned char rc_get_seqnbr(void); +/* + * Function: rc_get_nas_id + * + * Purpose: fills in NAS-Identifier or NAS-IP-Address in request + * + */ + +int rc_get_nas_id(VALUE_PAIR **sendpairs) +{ + UINT4 client_id; + char *nasid; + + nasid = rc_conf_str("nas_identifier"); + if (strlen(nasid)) { + /* + * Fill in NAS-Identifier + */ + if (rc_avpair_add(sendpairs, PW_NAS_IDENTIFIER, nasid, 0, + VENDOR_NONE) == NULL) + return (ERROR_RC); + + return (OK_RC); + + } else { + /* + * Fill in NAS-IP-Address + */ + if ((client_id = rc_own_ipaddress()) == 0) + return (ERROR_RC); + + if (rc_avpair_add(sendpairs, PW_NAS_IP_ADDRESS, &client_id, + 0, VENDOR_NONE) == NULL) + return (ERROR_RC); + } + + return (OK_RC); +} + /* * Function: rc_buildreq * @@ -150,7 +188,6 @@ int rc_auth_using_server(SERVER *authserver, char *msg, REQUEST_INFO *info) { SEND_DATA data; - UINT4 client_id; int result; int i; int timeout = rc_conf_int("radius_timeout"); @@ -160,14 +197,11 @@ int rc_auth_using_server(SERVER *authserver, data.receive_pairs = NULL; /* - * Fill in NAS-IP-Address + * Fill in NAS-IP-Address or NAS-Identifier */ - if ((client_id = rc_own_ipaddress()) == 0) - return (ERROR_RC); - - if (rc_avpair_add(&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0, VENDOR_NONE) == NULL) - return (ERROR_RC); + if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) + return (ERROR_RC); /* * Fill in NAS-Port @@ -246,8 +280,8 @@ int rc_auth_proxy(VALUE_PAIR *send, VALUE_PAIR **received, char *msg) * Purpose: Builds an accounting request for port id client_port * with the value_pairs send. You explicitly supply server list. * - * Remarks: NAS-IP-Address, NAS-Port and Acct-Delay-Time get filled - * in by this function, the rest has to be supplied. + * Remarks: NAS-Identifier/NAS-IP-Address, NAS-Port and Acct-Delay-Time get + * filled in by this function, the rest has to be supplied. */ int rc_acct_using_server(SERVER *acctserver, @@ -256,7 +290,6 @@ int rc_acct_using_server(SERVER *acctserver, { SEND_DATA data; VALUE_PAIR *adt_vp; - UINT4 client_id; int result; time_t start_time, dtime; char msg[4096]; @@ -268,14 +301,11 @@ int rc_acct_using_server(SERVER *acctserver, data.receive_pairs = NULL; /* - * Fill in NAS-IP-Address + * Fill in NAS-IP-Address or NAS-Identifier */ - if ((client_id = rc_own_ipaddress()) == 0) - return (ERROR_RC); - - if (rc_avpair_add(&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0, VENDOR_NONE) == NULL) - return (ERROR_RC); + if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) + return (ERROR_RC); /* * Fill in NAS-Port @@ -321,8 +351,8 @@ int rc_acct_using_server(SERVER *acctserver, * Purpose: Builds an accounting request for port id client_port * with the value_pairs send * - * Remarks: NAS-IP-Address, NAS-Port and Acct-Delay-Time get filled - * in by this function, the rest has to be supplied. + * Remarks: NAS-Identifier/NAS-IP-Address, NAS-Port and Acct-Delay-Time get + * filled in by this function, the rest has to be supplied. */ int rc_acct(UINT4 client_port, VALUE_PAIR *send) @@ -384,20 +414,19 @@ int rc_check(char *host, unsigned short port, char *msg) { SEND_DATA data; int result; - UINT4 client_id, service_type; + UINT4 service_type; int timeout = rc_conf_int("radius_timeout"); int retries = rc_conf_int("radius_retries"); data.send_pairs = data.receive_pairs = NULL; /* - * Fill in NAS-IP-Address, although it isn't neccessary + * Fill in NAS-IP-Address or NAS-Identifier, + * although it isn't neccessary */ - if ((client_id = rc_own_ipaddress()) == 0) - return (ERROR_RC); - - rc_avpair_add(&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0, VENDOR_NONE); + if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) + return (ERROR_RC); /* * Fill in Service-Type diff --git a/pppd/plugins/radius/radiusclient/lib/config.c b/pppd/plugins/radius/radiusclient/lib/config.c index 724edbe..e9713c4 100644 --- a/pppd/plugins/radius/radiusclient/lib/config.c +++ b/pppd/plugins/radius/radiusclient/lib/config.c @@ -1,5 +1,5 @@ /* - * $Id: config.c,v 1.2 2002/02/27 15:51:20 dfs Exp $ + * $Id: config.c,v 1.3 2002/10/01 09:51:01 fcusack Exp $ * * Copyright (C) 1995,1996,1997 Lars Fenneberg * @@ -479,8 +479,7 @@ int rc_find_server (char *server_name, UINT4 *ip_addr, char *secret) return (-1); } - if ((myipaddr = rc_own_ipaddress()) == 0) - return (-1); + myipaddr = rc_own_ipaddress(); result = 0; while (fgets (buffer, sizeof (buffer), clientfd) != (char *) NULL) diff --git a/pppd/plugins/radius/radiusclient/lib/options.h b/pppd/plugins/radius/radiusclient/lib/options.h index 800ec81..c223c16 100644 --- a/pppd/plugins/radius/radiusclient/lib/options.h +++ b/pppd/plugins/radius/radiusclient/lib/options.h @@ -1,5 +1,5 @@ /* - * $Id: options.h,v 1.1 2002/01/22 16:03:02 dfs Exp $ + * $Id: options.h,v 1.2 2002/10/01 09:51:01 fcusack Exp $ * * Copyright (C) 1996 Lars Fenneberg * @@ -31,26 +31,30 @@ typedef struct _option { static SERVER acctserver = {0}; static SERVER authserver = {0}; +int default_tries = 4; +int default_timeout = 60; + static OPTION config_options[] = { /* internally used options */ {"config_file", OT_STR, ST_UNDEF, NULL}, /* General options */ {"auth_order", OT_AUO, ST_UNDEF, NULL}, -{"login_tries", OT_INT, ST_UNDEF, NULL}, -{"login_timeout", OT_INT, ST_UNDEF, NULL}, -{"nologin", OT_STR, ST_UNDEF, NULL}, -{"issue", OT_STR, ST_UNDEF, NULL}, +{"login_tries", OT_INT, ST_UNDEF, &default_tries}, +{"login_timeout", OT_INT, ST_UNDEF, &default_timeout}, +{"nologin", OT_STR, ST_UNDEF, "/etc/nologin"}, +{"issue", OT_STR, ST_UNDEF, "/etc/radiusclient/issue"}, /* RADIUS specific options */ {"authserver", OT_SRV, ST_UNDEF, &authserver}, {"acctserver", OT_SRV, ST_UNDEF, &acctserver}, {"servers", OT_STR, ST_UNDEF, NULL}, {"dictionary", OT_STR, ST_UNDEF, NULL}, -{"login_radius", OT_STR, ST_UNDEF, NULL}, +{"login_radius", OT_STR, ST_UNDEF, "/usr/sbin/login.radius"}, {"seqfile", OT_STR, ST_UNDEF, NULL}, {"mapfile", OT_STR, ST_UNDEF, NULL}, {"default_realm", OT_STR, ST_UNDEF, NULL}, {"radius_timeout", OT_INT, ST_UNDEF, NULL}, {"radius_retries", OT_INT, ST_UNDEF, NULL}, +{"nas_identifier", OT_STR, ST_UNDEF, ""}, /* local options */ {"login_local", OT_STR, ST_UNDEF, NULL}, }; -- 2.39.2