X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fradius%2Fradius.c;h=0417454d504ecbe52dd566639a978eb484740bf9;hb=d2330632fd4bdab5cf89bfdcce45eefd6fe34b97;hp=c4ef0a5cae4a14df4695e9c5c5b4220fc22869b0;hpb=6bd2208f408588cab66a4da26ebee1159840db81;p=ppp.git

diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c
index c4ef0a5..0417454 100644
--- a/pppd/plugins/radius/radius.c
+++ b/pppd/plugins/radius/radius.c
@@ -24,30 +24,36 @@
 *
 ***********************************************************************/
 static char const RCSID[] =
-"$Id: radius.c,v 1.29 2004/11/15 22:13:26 paulus Exp $";
-
-#include "pppd.h"
-#include "chap-new.h"
-#ifdef CHAPMS
-#include "chap_ms.h"
-#ifdef MPPE
-#include "md5.h"
-#endif
-#endif
-#include "radiusclient.h"
-#include "fsm.h"
-#include "ipcp.h"
+"$Id: radius.c,v 1.32 2008/05/26 09:18:08 paulus Exp $";
+
 #include <syslog.h>
 #include <sys/types.h>
 #include <sys/time.h>
+#include <sys/param.h>
 #include <string.h>
 #include <netinet/in.h>
 #include <stdlib.h>
 
+#include <pppd/pppd.h>
+#include <pppd/chap-new.h>
+#ifdef PPP_WITH_CHAPMS
+#include <pppd/chap_ms.h>
+#ifdef PPP_WITH_MPPE
+#include <pppd/mppe.h>
+#include <pppd/md5.h>
+#endif
+#endif
+#include <pppd/fsm.h>
+#include <pppd/ipcp.h>
+
+#include "radiusclient.h"
+
 #define BUF_LEN 1024
 
 #define MD5_HASH_SIZE	16
 
+#define MSDNS 1
+
 static char *config_file = NULL;
 static int add_avp(char **);
 static struct avpopt {
@@ -90,7 +96,7 @@ static int radius_init(char *msg);
 static int get_client_port(char *ifname);
 static int radius_allowed_address(u_int32_t addr);
 static void radius_acct_interim(void *);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 static int radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
 			      unsigned char *);
 static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info);
@@ -105,7 +111,6 @@ static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info);
 #endif
 
 struct radius_state {
-    int accounting_started;
     int initialized;
     int client_port;
     int choose_ip;
@@ -134,7 +139,7 @@ void (*radius_pre_auth_hook)(char const *user,
 
 static struct radius_state rstate;
 
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
 
 /**********************************************************************
 * %FUNCTION: plugin_init
@@ -200,7 +205,7 @@ add_avp(char **argv)
 *  1 -- we are ALWAYS willing to supply a secret. :-)
 * %DESCRIPTION:
 * Tells pppd that we will try to authenticate the peer, and not to
-* worry about looking in /etc/ppp/*-secrets
+* worry about looking in *-secrets file(s)
 ***********************************************************************/
 static int
 radius_secret_check(void)
@@ -340,7 +345,7 @@ radius_chap_verify(char *user, char *ourname, int id,
     int result;
     int challenge_len, response_len;
     u_char cpassword[MAX_RESPONSE_LEN + 1];
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
     /* Need the RADIUS secret and Request Authenticator to decode MPPE */
     REQUEST_INFO request_info, *req_info = &request_info;
 #else
@@ -359,7 +364,7 @@ radius_chap_verify(char *user, char *ourname, int id,
 
     /* return error for types we can't handle */
     if ((digest->code != CHAP_MD5)
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	&& (digest->code != CHAP_MICROSOFT)
 	&& (digest->code != CHAP_MICROSOFT_V2)
 #endif
@@ -406,7 +411,7 @@ radius_chap_verify(char *user, char *ourname, int id,
 		      cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE);
 	break;
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
     case CHAP_MICROSOFT:
     {
 	/* MS-CHAP-Challenge and MS-CHAP-Response */
@@ -471,6 +476,8 @@ radius_chap_verify(char *user, char *ourname, int id,
 			 req_info);
     }
 
+    strlcpy(message, radius_msg, message_space);
+
     if (result == OK_RC) {
 	if (!rstate.done_chap_once) {
 	    if (radius_setparams(received, radius_msg, req_info, digest,
@@ -536,11 +543,19 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 {
     u_int32_t remote;
     int ms_chap2_success = 0;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
     int mppe_enc_keys = 0;	/* whether or not these were received */
     int mppe_enc_policy = 0;
     int mppe_enc_types = 0;
 #endif
+#ifdef MSDNS
+    ipcp_options *wo = &ipcp_wantoptions[0];
+    ipcp_options *ao = &ipcp_allowoptions[0];
+    int got_msdns_1 = 0;
+    int got_msdns_2 = 0;
+    int got_wins_1 = 0;
+    int got_wins_2 = 0;
+#endif
 
     /* Send RADIUS attributes to anyone else who might be interested */
     if (radius_attributes_hook) {
@@ -579,7 +594,19 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		/* Session timeout */
 		maxconnect = vp->lvalue;
 		break;
-#ifdef MAXOCTETS
+           case PW_FILTER_ID:
+               /* packet filter, will be handled via ip-(up|down) script */
+               script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1);
+               break;
+           case PW_FRAMED_ROUTE:
+               /* route, will be handled via ip-(up|down) script */
+               script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1);
+               break;
+           case PW_IDLE_TIMEOUT:
+               /* idle parameter */
+               idle_time_limit = vp->lvalue;
+               break;
+#ifdef PPP_WITH_MAXOCTETS
 	    case PW_SESSION_OCTETS_LIMIT:
 		/* Session traffic limit */
 		maxoctets = vp->lvalue;
@@ -617,6 +644,9 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		    rstate.ip_addr = remote;
 		}
 		break;
+            case PW_NAS_IP_ADDRESS:
+                wo->ouraddr = htonl(vp->lvalue);
+                break;
 	    case PW_CLASS:
 		/* Save Class attribute to pass it in accounting request */
 		if (vp->lvalue <= MAXCLASSLEN) {
@@ -624,23 +654,26 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		    memcpy(rstate.class, vp->strvalue, rstate.class_len);
 		} /* else too big for our buffer - ignore it */
 		break;
+	    case PW_FRAMED_MTU:
+		netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue));
+		break;
 	    }
 
 
-#ifdef CHAPMS
 	} else if (vp->vendorcode == VENDOR_MICROSOFT) {
+#ifdef PPP_WITH_CHAPMS
 	    switch (vp->attribute) {
 	    case PW_MS_CHAP2_SUCCESS:
-		if ((vp->lvalue != 43) || strncmp(vp->strvalue + 1, "S=", 2)) {
+		if ((vp->lvalue != 43) || strncmp((char*) vp->strvalue + 1, "S=", 2)) {
 		    slprintf(msg,BUF_LEN,"RADIUS: bad MS-CHAP2-Success packet");
 		    return -1;
 		}
 		if (message != NULL)
-		    strlcpy(message, vp->strvalue + 1, message_space);
+		    strlcpy(message, (char*) vp->strvalue + 1, message_space);
 		ms_chap2_success = 1;
 		break;
 
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 	    case PW_MS_CHAP_MPPE_KEYS:
 		if (radius_setmppekeys(vp, req_info, challenge) < 0) {
 		    slprintf(msg, BUF_LEN,
@@ -670,16 +703,35 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
 		mppe_enc_types = vp->lvalue;	/* save for later */
 		break;
 
-#endif /* MPPE */
-#if 0
+#endif /* PPP_WITH_MPPE */
+#ifdef MSDNS
 	    case PW_MS_PRIMARY_DNS_SERVER:
+		ao->dnsaddr[0] = htonl(vp->lvalue);
+		got_msdns_1 = 1;
+		if (!got_msdns_2)
+		    ao->dnsaddr[1] = ao->dnsaddr[0];
+		break;
 	    case PW_MS_SECONDARY_DNS_SERVER:
+		ao->dnsaddr[1] = htonl(vp->lvalue);
+		got_msdns_2 = 1;
+		if (!got_msdns_1)
+		    ao->dnsaddr[0] = ao->dnsaddr[1];
+		break;
 	    case PW_MS_PRIMARY_NBNS_SERVER:
+		ao->winsaddr[0] = htonl(vp->lvalue);
+		got_wins_1 = 1;
+		if (!got_wins_2)
+		    ao->winsaddr[1] = ao->winsaddr[0];
+		break;
 	    case PW_MS_SECONDARY_NBNS_SERVER:
+		ao->winsaddr[1] = htonl(vp->lvalue);
+		got_wins_2 = 1;
+		if (!got_wins_1)
+		    ao->winsaddr[0] = ao->winsaddr[1];
 		break;
-#endif
+#endif /* MSDNS */
 	    }
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 	}
 	vp = vp->next;
     }
@@ -688,23 +740,24 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
     if (digest && (digest->code == CHAP_MICROSOFT_V2) && !ms_chap2_success)
 	return -1;
 
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
     /*
      * Require both policy and key attributes to indicate a valid key.
      * Note that if the policy value was '0' we don't set the key!
      */
     if (mppe_enc_policy && mppe_enc_keys) {
-	mppe_keys_set = 1;
 	/* Set/modify allowed encryption types. */
 	if (mppe_enc_types)
-	    set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
+	    mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
+	return 0;
     }
+    mppe_clear_keys();
 #endif
 
     return 0;
 }
 
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 /**********************************************************************
 * %FUNCTION: radius_setmppekeys
 * %ARGUMENTS:
@@ -754,7 +807,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
      * the NAS (us) doesn't need; we only need the start key.  So we have
      * to generate the start key, sigh.  NB: We do not support the LM-Key.
      */
-    mppe_set_keys(challenge, &plain[8]);
+    mppe_set_chapv1(challenge, &plain[8]);
 
     return 0;    
 }
@@ -806,7 +859,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
     for (i = 0; i < 16; i++)
 	plain[i] ^= buf[i];
 
-    if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
+    if (plain[0] != 16) {
 	error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
 	      (int) plain[0], type);
 	return -1;
@@ -820,13 +873,13 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
     plain[16] ^= buf[0]; /* only need the first byte */
 
     if (vp->attribute == PW_MS_MPPE_SEND_KEY)
-	memcpy(mppe_send_key, plain + 1, 16);
+	mppe_set_keys(plain + 1, NULL, 16);
     else
-	memcpy(mppe_recv_key, plain + 1, 16);
+	mppe_set_keys(NULL, plain + 1, 16);
 
     return 0;
 }
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
 
 /**********************************************************************
 * %FUNCTION: radius_acct_start
@@ -852,7 +905,7 @@ radius_acct_start(void)
 
     rstate.start_time = time(NULL);
 
-    strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id));
+    strlcpy(rstate.session_id, rc_mksid(), MAXSESSIONID);
 
     rc_avpair_add(&send, PW_ACCT_SESSION_ID,
 		   rstate.session_id, 0, VENDOR_NONE);
@@ -906,12 +959,11 @@ radius_acct_start(void)
 	/* RADIUS server could be down so make this a warning */
 	syslog(LOG_WARNING,
 		"Accounting START failed for %s", rstate.user);
-    } else {
-	rstate.accounting_started = 1;
-	/* Kick off periodic accounting reports */
-	if (rstate.acct_interim_interval) {
-	    TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
-	}
+    }
+
+    /* Kick off periodic accounting reports */
+    if (rstate.acct_interim_interval) {
+	TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
     }
 }
 
@@ -937,16 +989,18 @@ radius_acct_stop(void)
 	return;
     }
 
-    if (!rstate.accounting_started) {
-	return;
-    }
+    if (rstate.acct_interim_interval)
+	UNTIMEOUT(radius_acct_interim, NULL);
 
-    rstate.accounting_started = 0;
     rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
 		   0, VENDOR_NONE);
 
     rc_avpair_add(&send, PW_USER_NAME, rstate.user, 0, VENDOR_NONE);
 
+    if (rstate.class_len > 0)
+	rc_avpair_add(&send, PW_CLASS,
+		      rstate.class, rstate.class_len, VENDOR_NONE);
+
     av_type = PW_STATUS_STOP;
     rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE);
 
@@ -964,12 +1018,22 @@ radius_acct_stop(void)
 	av_type = link_connect_time;
 	rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_out;
+	av_type = link_stats.bytes_out & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_in;
+	if (link_stats.bytes_out > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_out >> 32;
+	    rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
+	av_type = link_stats.bytes_in & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
+	if (link_stats.bytes_in > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_in >> 32;
+	    rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
 	av_type = link_stats.pkts_out;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
 
@@ -1017,11 +1081,15 @@ radius_acct_stop(void)
 	    av_type = PW_ACCT_IDLE_TIMEOUT;
 	    break;
 
+	case EXIT_CALLBACK:
+	    av_type = PW_CALLBACK;
+	    break;
+	    
 	case EXIT_CONNECT_TIME:
 	    av_type = PW_ACCT_SESSION_TIMEOUT;
 	    break;
 	    
-#ifdef MAXOCTETS
+#ifdef PPP_WITH_MAXOCTETS
 	case EXIT_TRAFFIC_LIMIT:
 	    av_type = PW_NAS_REQUEST;
 	    break;
@@ -1078,15 +1146,15 @@ radius_acct_interim(void *ignored)
 	return;
     }
 
-    if (!rstate.accounting_started) {
-	return;
-    }
-
     rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
 		   0, VENDOR_NONE);
 
     rc_avpair_add(&send, PW_USER_NAME, rstate.user, 0, VENDOR_NONE);
 
+    if (rstate.class_len > 0)
+	rc_avpair_add(&send, PW_CLASS,
+		      rstate.class, rstate.class_len, VENDOR_NONE);
+
     av_type = PW_STATUS_ALIVE;
     rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE);
 
@@ -1108,12 +1176,22 @@ radius_acct_interim(void *ignored)
 	av_type = link_connect_time;
 	rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_out;
+	av_type = link_stats.bytes_out & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
-	av_type = link_stats.bytes_in;
+	if (link_stats.bytes_out > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_out >> 32;
+	    rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
+	av_type = link_stats.bytes_in & 0xFFFFFFFF;
 	rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
 
+	if (link_stats.bytes_in > 0xFFFFFFFF) {
+	    av_type = link_stats.bytes_in >> 32;
+	    rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+	}
+
 	av_type = link_stats.pkts_out;
 	rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);