Add a new option for ppp.conf: rad_port_id. It allows to

change the way of what ppp submits to the RADIUS server as NAS-Port-Id. Possible options are: the PID of the process owning the corresponding interface, tun(4) interface number, interface index (as it would get returned by if_nametoindex(3)), or it's possible to keep the default behavior. Check the ppp(8) manual page for details. PR: bin/112764 Submitted by: novel (myself) Reviewed by: flz Approved by: flz MFC after: 1 month
2007-05-25 13:45:49 +00:00 · 2007-05-25 13:45:49 +00:00 · d4d4a70a35
commit d4d4a70a35
parent ec5430045b
4 changed files with 80 additions and 12 deletions
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@ -144,6 +144,7 @@
 #define	VAR_IPV6CPRETRY	37
 #define	VAR_RAD_ALIVE	38
 #define	VAR_PPPOE	39
 #define	VAR_PORT_ID	40
 /* ``accept|deny|disable|enable'' masks */
 #define NEG_HISMASK (1)
@ -2311,6 +2312,29 @@ SetVariable(struct cmdargs const *arg)
    }
    break;
 #ifndef NORADIUS
  case VAR_PORT_ID:
    if (strcasecmp(argp, "default") == 0)
 	    arg->bundle->radius.port_id_type = RPI_DEFAULT;
    else if (strcasecmp(argp, "pid") == 0)
 	    arg->bundle->radius.port_id_type = RPI_PID;
    else if (strcasecmp(argp, "ifnum") == 0)
 	    arg->bundle->radius.port_id_type = RPI_IFNUM; 
    else if (strcasecmp(argp, "tunnum") == 0)
 	    arg->bundle->radius.port_id_type = RPI_TUNNUM;
    else {
 	   log_Printf(LogWARN,
 		"RADIUS port id must be one of \"default\", \"pid\", \"ifnum\" or \"tunnum\"\n");
 	   res = 1;
    }
    if (arg->bundle->radius.port_id_type && !arg->bundle->radius.cfg.file) {
 	    log_Printf(LogWARN, "rad_port_id requires radius to be configured\n");
 	    res = 1;
    }
    break;
 #endif
  }
  return res;
@ -2416,6 +2440,8 @@ static struct cmdtab const SetCommands[] = {
  {"rad_alive", NULL, SetVariable, LOCAL_AUTH,
  "Raduis alive interval", "set rad_alive value",
  (const void *)VAR_RAD_ALIVE},
  {"rad_port_id", NULL, SetVariable, LOCAL_AUTH,
  "NAS-Port-Id", "set rad_port_id [default|pid|ifnum|tunnum]", (const void *)VAR_PORT_ID},
 #endif
  {"reconnect", NULL, datalink_SetReconnect, LOCAL_AUTH | LOCAL_CX,
  "Reconnect timeout", "set reconnect value ntries", NULL},
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@ -27,7 +27,7 @@ changecom(,)dnl
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 5, 2006
+.Dd May 24, 2007
 .Dt PPP 8
 .Os
 .Sh NAME
@ -5588,6 +5588,25 @@ value will tell
 to sent RADIUS accounting information to the RADIUS server every
 .Ar timeout
 seconds.
 .It set rad_port_id Ar option
 When RADIUS is configured, setting
 .Dq rad_port_id
 value allows to specify what should be sent to the RADIUS server as
 NAS-Port-Id.
 The
 .Ar option Ns No s
 are as follows:
 .Pp
 .Bl -tag -width Ds
 .It pid
 PID of the corresponding tunnel.
 .It tunnum
 tun(4) interface number.
 .It ifnum
 index of the interface as of returned by if_nametoindex(3).
 .It default
 keeps the default behavior.
 .El
 .It set reconnect Ar timeout ntries
 Should the line drop unexpectedly (due to loss of CD or LQR
 failure), a connection will be re-established after the given
--- a/usr.sbin/ppp/radius.c
+++ b/usr.sbin/ppp/radius.c
@ -95,6 +95,7 @@
 #include "ncp.h"
 #include "bundle.h"
 #include "proto.h"
 #include "iface.h"
 #ifndef NODES
 struct mschap_response {
@ -825,7 +826,7 @@ radius_Destroy(struct radius *r)
 }
 static int
-radius_put_physical_details(struct rad_handle *rad, struct physical *p)
+radius_put_physical_details(struct radius *rad, struct physical *p)
 {
  int slot, type;
@ -853,16 +854,32 @@ radius_put_physical_details(struct rad_handle *rad, struct physical *p)
        break;
    }
-  if (rad_put_int(rad, RAD_NAS_PORT_TYPE, type) != 0) {
+  if (rad_put_int(rad->cx.rad, RAD_NAS_PORT_TYPE, type) != 0) {
-    log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
+    log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad->cx.rad));
-    rad_close(rad);
+    rad_close(rad->cx.rad);
    return 0;
  }
-  if ((slot = physical_Slot(p)) >= 0)
+  switch (rad->port_id_type) {
-    if (rad_put_int(rad, RAD_NAS_PORT, slot) != 0) {
+    case RPI_PID:
-      log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
+      slot = (int)getpid();
-      rad_close(rad);
+      break;
    case RPI_IFNUM:
      slot = p->dl->bundle->iface->index;
      break;
    case RPI_TUNNUM:
      slot = p->dl->bundle->unit;
      break;
    case RPI_DEFAULT:
    default:
      slot = physical_Slot(p);
      break;
  }
  if (slot >= 0)
    if (rad_put_int(rad->cx.rad, RAD_NAS_PORT, slot) != 0) {
      log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad->cx.rad));
      rad_close(rad->cx.rad);
      return 0;
    }
@ -1031,7 +1048,7 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
    return 0;
  }
-  radius_put_physical_details(r->cx.rad, authp->physical);
+  radius_put_physical_details(r, authp->physical);
  log_Printf(LogRADIUS, "Radius(auth): %s data sent for %s\n", what, name);
@ -1209,7 +1226,7 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
    }
  }
-  radius_put_physical_details(r->cx.rad, dl->physical);
+  radius_put_physical_details(r, dl->physical);
  if (rad_put_int(r->cx.rad, RAD_ACCT_STATUS_TYPE, acct_type) != 0 ||
      rad_put_string(r->cx.rad, RAD_ACCT_SESSION_ID, ac->session_id) != 0 ||
--- a/usr.sbin/ppp/radius.h
+++ b/usr.sbin/ppp/radius.h
@ -32,6 +32,11 @@
 #define	MPPE_TYPE_40BIT		2
 #define	MPPE_TYPE_128BIT	4
 #define	RPI_DEFAULT		1
 #define	RPI_PID			2
 #define	RPI_IFNUM		3
 #define	RPI_TUNNUM		4
 struct radius {
  struct fdescriptor desc;	/* We're a sort of (selectable) fdescriptor */
  struct {
@ -70,6 +75,7 @@ struct radius {
    struct pppTimer timer;	/* for this long */
    int interval;
  } alive;
  short unsigned int port_id_type;
 };
 struct radacct {