X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fplugins%2Fradius%2Fradius.c;h=968cf4422e4c1e74d9c89bc9de7f60099c84408c;hb=c95c6162dd3b5774ee680f9c7df60db217cae161;hp=fbf872006005b59ca5472f73b1a5c1b69007bef4;hpb=d98ab3805c818bfb58e20ee18e6488a851c1a90d;p=ppp.git diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c index fbf8720..968cf44 100644 --- a/pppd/plugins/radius/radius.c +++ b/pppd/plugins/radius/radius.c @@ -26,11 +26,16 @@ static char const RCSID[] = "$Id: radius.c,v 1.32 2008/05/26 09:18:08 paulus Exp $"; +#ifdef HAVE_CONFIG_H +#include +#endif + #include "pppd.h" #include "chap-new.h" -#ifdef CHAPMS +#ifdef PPP_WITH_CHAPMS #include "chap_ms.h" -#ifdef MPPE +#ifdef PPP_WITH_MPPE +#include "mppe.h" #include "md5.h" #endif #endif @@ -92,7 +97,7 @@ static int radius_init(char *msg); static int get_client_port(char *ifname); static int radius_allowed_address(u_int32_t addr); static void radius_acct_interim(void *); -#ifdef MPPE +#ifdef PPP_WITH_MPPE static int radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, unsigned char *); static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info); @@ -107,7 +112,6 @@ static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info); #endif struct radius_state { - int accounting_started; int initialized; int client_port; int choose_ip; @@ -202,7 +206,7 @@ add_avp(char **argv) * 1 -- we are ALWAYS willing to supply a secret. :-) * %DESCRIPTION: * Tells pppd that we will try to authenticate the peer, and not to -* worry about looking in /etc/ppp/*-secrets +* worry about looking in *-secrets file(s) ***********************************************************************/ static int radius_secret_check(void) @@ -342,7 +346,7 @@ radius_chap_verify(char *user, char *ourname, int id, int result; int challenge_len, response_len; u_char cpassword[MAX_RESPONSE_LEN + 1]; -#ifdef MPPE +#ifdef PPP_WITH_MPPE /* Need the RADIUS secret and Request Authenticator to decode MPPE */ REQUEST_INFO request_info, *req_info = &request_info; #else @@ -361,7 +365,7 @@ radius_chap_verify(char *user, char *ourname, int id, /* return error for types we can't handle */ if ((digest->code != CHAP_MD5) -#ifdef CHAPMS +#ifdef PPP_WITH_CHAPMS && (digest->code != CHAP_MICROSOFT) && (digest->code != CHAP_MICROSOFT_V2) #endif @@ -408,7 +412,7 @@ radius_chap_verify(char *user, char *ourname, int id, cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE); break; -#ifdef CHAPMS +#ifdef PPP_WITH_CHAPMS case CHAP_MICROSOFT: { /* MS-CHAP-Challenge and MS-CHAP-Response */ @@ -540,7 +544,7 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, { u_int32_t remote; int ms_chap2_success = 0; -#ifdef MPPE +#ifdef PPP_WITH_MPPE int mppe_enc_keys = 0; /* whether or not these were received */ int mppe_enc_policy = 0; int mppe_enc_types = 0; @@ -593,17 +597,17 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, break; case PW_FILTER_ID: /* packet filter, will be handled via ip-(up|down) script */ - script_setenv("RADIUS_FILTER_ID", vp->strvalue, 1); + script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1); break; case PW_FRAMED_ROUTE: /* route, will be handled via ip-(up|down) script */ - script_setenv("RADIUS_FRAMED_ROUTE", vp->strvalue, 1); + script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1); break; case PW_IDLE_TIMEOUT: /* idle parameter */ idle_time_limit = vp->lvalue; break; -#ifdef MAXOCTETS +#ifdef PPP_WITH_MAXOCTETS case PW_SESSION_OCTETS_LIMIT: /* Session traffic limit */ maxoctets = vp->lvalue; @@ -651,23 +655,26 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, memcpy(rstate.class, vp->strvalue, rstate.class_len); } /* else too big for our buffer - ignore it */ break; + case PW_FRAMED_MTU: + netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue)); + break; } } else if (vp->vendorcode == VENDOR_MICROSOFT) { -#ifdef CHAPMS +#ifdef PPP_WITH_CHAPMS switch (vp->attribute) { case PW_MS_CHAP2_SUCCESS: - if ((vp->lvalue != 43) || strncmp(vp->strvalue + 1, "S=", 2)) { + if ((vp->lvalue != 43) || strncmp((char*) vp->strvalue + 1, "S=", 2)) { slprintf(msg,BUF_LEN,"RADIUS: bad MS-CHAP2-Success packet"); return -1; } if (message != NULL) - strlcpy(message, vp->strvalue + 1, message_space); + strlcpy(message, (char*) vp->strvalue + 1, message_space); ms_chap2_success = 1; break; -#ifdef MPPE +#ifdef PPP_WITH_MPPE case PW_MS_CHAP_MPPE_KEYS: if (radius_setmppekeys(vp, req_info, challenge) < 0) { slprintf(msg, BUF_LEN, @@ -697,7 +704,7 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, mppe_enc_types = vp->lvalue; /* save for later */ break; -#endif /* MPPE */ +#endif /* PPP_WITH_MPPE */ #ifdef MSDNS case PW_MS_PRIMARY_DNS_SERVER: ao->dnsaddr[0] = htonl(vp->lvalue); @@ -725,7 +732,7 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, break; #endif /* MSDNS */ } -#endif /* CHAPMS */ +#endif /* PPP_WITH_CHAPMS */ } vp = vp->next; } @@ -734,23 +741,24 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, if (digest && (digest->code == CHAP_MICROSOFT_V2) && !ms_chap2_success) return -1; -#ifdef MPPE +#ifdef PPP_WITH_MPPE /* * Require both policy and key attributes to indicate a valid key. * Note that if the policy value was '0' we don't set the key! */ if (mppe_enc_policy && mppe_enc_keys) { - mppe_keys_set = 1; /* Set/modify allowed encryption types. */ if (mppe_enc_types) - set_mppe_enc_types(mppe_enc_policy, mppe_enc_types); + mppe_set_enc_types(mppe_enc_policy, mppe_enc_types); + return 0; } + mppe_clear_keys(); #endif return 0; } -#ifdef MPPE +#ifdef PPP_WITH_MPPE /********************************************************************** * %FUNCTION: radius_setmppekeys * %ARGUMENTS: @@ -800,7 +808,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, * the NAS (us) doesn't need; we only need the start key. So we have * to generate the start key, sigh. NB: We do not support the LM-Key. */ - mppe_set_keys(challenge, &plain[8]); + mppe_set_chapv1(challenge, &plain[8]); return 0; } @@ -852,7 +860,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) for (i = 0; i < 16; i++) plain[i] ^= buf[i]; - if (plain[0] != sizeof(mppe_send_key) /* 16 */) { + if (plain[0] != 16) { error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", (int) plain[0], type); return -1; @@ -866,13 +874,13 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) plain[16] ^= buf[0]; /* only need the first byte */ if (vp->attribute == PW_MS_MPPE_SEND_KEY) - memcpy(mppe_send_key, plain + 1, 16); + mppe_set_keys(plain + 1, NULL, 16); else - memcpy(mppe_recv_key, plain + 1, 16); + mppe_set_keys(NULL, plain + 1, 16); return 0; } -#endif /* MPPE */ +#endif /* PPP_WITH_MPPE */ /********************************************************************** * %FUNCTION: radius_acct_start @@ -898,7 +906,7 @@ radius_acct_start(void) rstate.start_time = time(NULL); - strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id)); + strlcpy(rstate.session_id, rc_mksid(), MAXSESSIONID); rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, 0, VENDOR_NONE); @@ -952,12 +960,11 @@ radius_acct_start(void) /* RADIUS server could be down so make this a warning */ syslog(LOG_WARNING, "Accounting START failed for %s", rstate.user); - } else { - rstate.accounting_started = 1; - /* Kick off periodic accounting reports */ - if (rstate.acct_interim_interval) { - TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); - } + } + + /* Kick off periodic accounting reports */ + if (rstate.acct_interim_interval) { + TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); } } @@ -983,14 +990,9 @@ radius_acct_stop(void) return; } - if (!rstate.accounting_started) { - return; - } - if (rstate.acct_interim_interval) UNTIMEOUT(radius_acct_interim, NULL); - rstate.accounting_started = 0; rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, 0, VENDOR_NONE); @@ -1017,12 +1019,22 @@ radius_acct_stop(void) av_type = link_connect_time; rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - av_type = link_stats.bytes_out; + av_type = link_stats.bytes_out & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - av_type = link_stats.bytes_in; + if (link_stats.bytes_out > 0xFFFFFFFF) { + av_type = link_stats.bytes_out >> 32; + rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); + } + + av_type = link_stats.bytes_in & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); + if (link_stats.bytes_in > 0xFFFFFFFF) { + av_type = link_stats.bytes_in >> 32; + rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); + } + av_type = link_stats.pkts_out; rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE); @@ -1078,7 +1090,7 @@ radius_acct_stop(void) av_type = PW_ACCT_SESSION_TIMEOUT; break; -#ifdef MAXOCTETS +#ifdef PPP_WITH_MAXOCTETS case EXIT_TRAFFIC_LIMIT: av_type = PW_NAS_REQUEST; break; @@ -1135,10 +1147,6 @@ radius_acct_interim(void *ignored) return; } - if (!rstate.accounting_started) { - return; - } - rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, 0, VENDOR_NONE); @@ -1169,12 +1177,22 @@ radius_acct_interim(void *ignored) av_type = link_connect_time; rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - av_type = link_stats.bytes_out; + av_type = link_stats.bytes_out & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - av_type = link_stats.bytes_in; + if (link_stats.bytes_out > 0xFFFFFFFF) { + av_type = link_stats.bytes_out >> 32; + rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); + } + + av_type = link_stats.bytes_in & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); + if (link_stats.bytes_in > 0xFFFFFFFF) { + av_type = link_stats.bytes_in >> 32; + rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); + } + av_type = link_stats.pkts_out; rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);