d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial RADIUS support (using libradius). See the man page for

Browse Source 
details.  Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
      to be supplied as a set of routines so that ppp doesn't
      have to wait indefinitely for the radius server(s).  Instead,
      we need to get a descriptor back, select() on the descriptor,
      and ask libradius to service it when necessary.
      For now, ppp blocks SIGALRM while in rad_send_request(), so
      it misses PAP/CHAP retries & timeouts if they occur.

      Only PAP is functional.  When CHAP is attempted, libradius
      complains that no User-Password has been specified... rfc2138
      says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland
This commit is contained in:
Brian Somers 1999-01-28 01:56:34 +00:00
parent 485111b55b
commit 972a1bcf5d
38 changed files with 982 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
usr.sbin/ppp/Makefile
View File

@ -1,4 +1,4 @@
# $Id: Makefile,v 1.49 1998/10/20 00:19:38 brian Exp $
# $Id: Makefile,v 1.50 1998/10/22 02:32:48 brian Exp $
PROG= ppp
SRCS= arp.c async.c auth.c bundle.c cbcp.c ccp.c chap.c chat.c command.c \
@ -7,14 +7,12 @@ SRCS= arp.c async.c auth.c bundle.c cbcp.c ccp.c chap.c chat.c command.c \
mp.c pap.c physical.c pred.c probe.c prompt.c route.c server.c \
sig.c slcompress.c systems.c throughput.c timer.c tun.c vjcomp.c
CFLAGS+=-Wall
LDADD+= -lutil -lz
DPADD+= ${LIBUTIL} ${LIBZ}
LDADD+= -lcrypt -lmd -lutil -lz
DPADD+= ${LIBCRYPT} ${LIBMD} ${LIBUTIL} ${LIBZ}
BINMODE=4554
BINOWN= root
BINGRP= network
MAN8= ppp.8
LDADD+= -lmd -lcrypt
DPADD+= ${LIBMD} ${LIBCRYPT}
.if defined(RELEASE_CRUNCH)
CFLAGS+=-DRELEASE_CRUNCH
@ -38,12 +36,22 @@ LDADD+= -ldes
DPADD+= ${LIBDES}
.endif
.if defined(NORADIUS)
CFLAGS+=-DNORADIUS
.else
.if !defined(RELEASE_CRUNCH)
SRCS+= radius.c
LDADD+= -lradius
DPADD+= ${LIBRADIUS}
.endif
.endif
.if defined(RELEASE_CRUNCH)
# We must create these objects because the crunchgen will link them,
# We must create these objects because crunchgen will link them,
# and we don't want any unused symbols to spoil the final link.
CFLAGS+=-DNOALIAS
SRCS+= alias_cmd.c chap_ms.c
chap_ms.o alias_cmd.o:
CFLAGS+=-DNOALIAS -DNORADIUS
SRCS+= alias_cmd.c chap_ms.c radius.c
chap_ms.o alias_cmd.o radius.o:
>null_${.PREFIX}.c
cc -c -o ${.TARGET} null_${.PREFIX}.c
.endif

7
usr.sbin/ppp/alias_cmd.c
View File

@ -2,10 +2,10 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
* $Id: alias_cmd.c,v 1.17 1998/08/26 17:39:36 brian Exp $
* $Id: alias_cmd.c,v 1.18 1998/09/17 00:45:25 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
@ -44,6 +44,9 @@
#include "link.h"
#include "mp.h"
#include "filter.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"

7
usr.sbin/ppp/arp.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: arp.c,v 1.30 1998/08/26 17:39:36 brian Exp $
* $Id: arp.c,v 1.31 1998/10/26 19:07:38 brian Exp $
*
*/
@ -25,7 +25,7 @@
* TODO:
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/if.h>
#include <net/route.h>
@ -62,6 +62,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "arp.h"

75
usr.sbin/ppp/auth.c
View File

@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: auth.c,v 1.33 1998/08/26 17:39:36 brian Exp $
* $Id: auth.c,v 1.34 1998/12/17 00:28:12 brian Exp $
*
* TODO:
* o Implement check against with registered IP addresses.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -53,6 +53,9 @@
#include "lcpproto.h"
#include "filter.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
const char *
@ -105,12 +108,12 @@ auth_SetPhoneList(const char *name, char *phone, int phonelen)
if (n < 5)
continue;
if (strcmp(vector[0], name) == 0) {
CloseSecret(fp);
if (*vector[4] == '\0')
CloseSecret(fp);
if (*vector[4] == '\0')
return 0;
strncpy(phone, vector[4], phonelen - 1);
phone[phonelen - 1] = '\0';
return 1; /* Valid */
return 1; /* Valid */
}
}
CloseSecret(fp);
@ -128,10 +131,20 @@ auth_Select(struct bundle *bundle, const char *name)
char buff[LINE_LEN];
if (*name == '\0') {
ipcp_Setup(&bundle->ncp.ipcp);
ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
return 1;
}
#ifndef NORADIUS
if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) {
/* We've got a radius IP - it overrides everything */
if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip))
return 0;
ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr);
/* Continue with ppp.secret in case we've got a new label */
}
#endif
fp = OpenSecret(SECRETFILE);
if (fp != NULL) {
while (fgets(buff, sizeof buff, fp)) {
@ -143,14 +156,20 @@ auth_Select(struct bundle *bundle, const char *name)
if (n < 2)
continue;
if (strcmp(vector[0], name) == 0) {
CloseSecret(fp);
if (n > 2 && *vector[2] && strcmp(vector[2], "*") &&
!ipcp_UseHisaddr(bundle, vector[2], 1))
return 0;
ipcp_Setup(&bundle->ncp.ipcp);
if (n > 3 && *vector[3] && strcmp(vector[3], "*"))
bundle_SetLabel(bundle, vector[3]);
return 1; /* Valid */
CloseSecret(fp);
#ifndef NORADIUS
if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) {
#endif
if (n > 2 && *vector[2] && strcmp(vector[2], "*") &&
!ipcp_UseHisaddr(bundle, vector[2], 1))
return 0;
ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
#ifndef NORADIUS
}
#endif
if (n > 3 && *vector[3] && strcmp(vector[3], "*"))
bundle_SetLabel(bundle, vector[3]);
return 1; /* Valid */
}
}
CloseSecret(fp);
@ -158,16 +177,21 @@ auth_Select(struct bundle *bundle, const char *name)
#ifndef NOPASSWDAUTH
/* Let 'em in anyway - they must have been in the passwd file */
ipcp_Setup(&bundle->ncp.ipcp);
ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
return 1;
#else
/* Disappeared from ppp.secret ? */
#ifndef NORADIUS
if (bundle->radius.valid)
return 1;
#endif
/* Disappeared from ppp.secret ??? */
return 0;
#endif
}
int
auth_Validate(struct bundle *bundle, const char *system,
auth_Validate(struct bundle *bundle, const char *name,
const char *key, struct physical *physical)
{
/* Used by PAP routines */
@ -177,6 +201,11 @@ auth_Validate(struct bundle *bundle, const char *system,
char *vector[5];
char buff[LINE_LEN];
#ifndef NORADIUS
if (*bundle->radius.cfg.file)
return radius_Authenticate(&bundle->radius, bundle, name, key, NULL);
#endif
fp = OpenSecret(SECRETFILE);
if (fp != NULL) {
while (fgets(buff, sizeof buff, fp)) {
@ -187,9 +216,9 @@ auth_Validate(struct bundle *bundle, const char *system,
n = MakeArgs(buff, vector, VECSIZE(vector));
if (n < 2)
continue;
if (strcmp(vector[0], system) == 0) {
CloseSecret(fp);
return auth_CheckPasswd(vector[0], vector[1], key);
if (strcmp(vector[0], name) == 0) {
CloseSecret(fp);
return auth_CheckPasswd(name, vector[1], key);
}
}
CloseSecret(fp);
@ -197,14 +226,14 @@ auth_Validate(struct bundle *bundle, const char *system,
#ifndef NOPASSWDAUTH
if (Enabled(bundle, OPT_PASSWDAUTH))
return auth_CheckPasswd(system, "*", key);
return auth_CheckPasswd(name, "*", key);
#endif
return 0; /* Invalid */
}
char *
auth_GetSecret(struct bundle *bundle, const char *system, int len,
auth_GetSecret(struct bundle *bundle, const char *name, int len,
struct physical *physical)
{
/* Used by CHAP routines */
@ -226,7 +255,7 @@ auth_GetSecret(struct bundle *bundle, const char *system, int len,
n = MakeArgs(buff, vector, VECSIZE(vector));
if (n < 2)
continue;
if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) {
CloseSecret(fp);
return vector[1];
}

19
usr.sbin/ppp/bundle.c
View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: bundle.c,v 1.42 1998/12/14 19:24:28 brian Exp $
* $Id: bundle.c,v 1.43 1999/01/06 00:08:03 brian Exp $
*/
#include <sys/param.h>
@ -76,6 +76,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "async.h"
#include "physical.h"
@ -134,7 +137,6 @@ bundle_NewPhase(struct bundle *bundle, u_int new)
break;
case PHASE_NETWORK:
ipcp_Setup(&bundle->ncp.ipcp);
fsm_Up(&bundle->ncp.ipcp.fsm);
fsm_Open(&bundle->ncp.ipcp.fsm);
bundle->phase = new;
@ -874,6 +876,9 @@ bundle_Create(const char *prefix, int type, const char **argv)
bundle.autoload.done = 0;
bundle.autoload.running = 0;
memset(&bundle.choked.timer, '\0', sizeof bundle.choked.timer);
#ifndef NORADIUS
radius_Init(&bundle.radius);
#endif
/* Clean out any leftover crud */
iface_Clear(bundle.iface, IFACE_CLEAR_ALL);
@ -933,6 +938,11 @@ bundle_Destroy(struct bundle *bundle)
ipcp_CleanInterface(&bundle->ncp.ipcp);
bundle_DownInterface(bundle);
#ifndef NORADIUS
/* Tell the radius server the bad news */
radius_Destroy(&bundle->radius);
#endif
/* Again, these are all DATALINK_CLOSED unless we're abending */
dl = bundle->links;
while (dl)
@ -1224,6 +1234,11 @@ bundle_ShowStatus(struct cmdargs const *arg)
prompt_Printf(arg->prompt, " Choked Timer: %ds\n",
arg->bundle->cfg.choked.timeout);
#ifndef NORADIUS
radius_Show(&arg->bundle->radius, arg->prompt);
#endif
prompt_Printf(arg->prompt, " Idle Timer: ");
if (arg->bundle->cfg.idle_timeout) {
prompt_Printf(arg->prompt, "%ds", arg->bundle->cfg.idle_timeout);

26
usr.sbin/ppp/bundle.h
View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: bundle.h,v 1.19 1998/10/29 02:12:54 brian Exp $
* $Id: bundle.h,v 1.20 1998/12/10 18:36:30 brian Exp $
*/
#define PHASE_DEAD 0 /* Link is dead */
@ -87,8 +87,8 @@ struct bundle {
struct {
int idle_timeout; /* NCP Idle timeout value */
struct {
char name[50]; /* PAP/CHAP system name */
char key[50]; /* PAP/CHAP key */
char name[AUTHLEN]; /* PAP/CHAP system name */
char key[AUTHLEN]; /* PAP/CHAP key */
} auth;
unsigned opt; /* Uses OPT_ bits from above */
char label[50]; /* last thing `load'ed */
@ -102,7 +102,7 @@ struct bundle {
} autoload;
struct {
int timeout; /* How long to leave the output queue choked */
int timeout; /* How long to leave the output queue choked */
} choked;
} cfg;
@ -112,19 +112,19 @@ struct bundle {
} ncp;
struct {
struct filter in; /* incoming packet filter */
struct filter out; /* outgoing packet filter */
struct filter dial; /* dial-out packet filter */
struct filter alive; /* keep-alive packet filter */
struct filter in; /* incoming packet filter */
struct filter out; /* outgoing packet filter */
struct filter dial; /* dial-out packet filter */
struct filter alive; /* keep-alive packet filter */
} filter;
struct {
struct pppTimer timer; /* timeout after cfg.idle_timeout */
struct pppTimer timer; /* timeout after cfg.idle_timeout */
time_t done;
} idle;
struct {
int fd; /* write status here */
int fd; /* write status here */
} notify;
struct {
@ -135,8 +135,12 @@ struct bundle {
} autoload;
struct {
struct pppTimer timer; /* choked output queue timer */
struct pppTimer timer; /* choked output queue timer */
} choked;
#ifndef NORADIUS
struct radius radius; /* Info retrieved from radius server */
#endif
};
#define descriptor2bundle(d) \

4
usr.sbin/ppp/cbcp.c
View File

@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: cbcp.c,v 1.7 1998/10/31 17:38:48 brian Exp $
* $Id: cbcp.c,v 1.8 1999/01/19 22:15:25 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/un.h>

7
usr.sbin/ppp/ccp.c
View File

@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ccp.c,v 1.39 1998/08/26 17:39:36 brian Exp $
* $Id: ccp.c,v 1.40 1998/08/26 18:07:56 brian Exp $
*
* TODO:
* o Support other compression protocols
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -57,6 +57,9 @@
#include "mp.h"
#include "async.h"
#include "physical.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
static void CcpSendConfigReq(struct fsm *);

57
usr.sbin/ppp/chap.c
View File

@ -17,11 +17,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: chap.c,v 1.36 1998/08/07 18:42:47 brian Exp $
* $Id: chap.c,v 1.37 1998/08/26 18:07:56 brian Exp $
*
* TODO:
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -57,6 +57,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "chat.h"
#include "cbcp.h"
@ -102,12 +105,24 @@ chap_SendChallenge(struct authinfo *auth, int chapid, struct physical *physical)
randinit();
cp = chap->challenge_data;
*cp++ = chap->challenge_len = random() % 32 + 16;
for (i = 0; i < chap->challenge_len; i++)
*cp++ = random() & 0xff;
len = strlen(physical->dl->bundle->cfg.auth.name);
memcpy(cp, physical->dl->bundle->cfg.auth.name, len);
cp += len;
#ifndef NORADIUS
if (*physical->dl->bundle->radius.cfg.file) {
/* For radius, our challenge is 16 readable NUL terminated bytes :*/
*cp++ = chap->challenge_len = 16;
for (i = 0; i < chap->challenge_len; i++)
*cp++ = (random() & (0x7f - 0x20)) + 0x20;
*cp = '\0';
} else {
#endif
*cp++ = chap->challenge_len = random() % (CHAPCHALLENGELEN-16) + 16;
for (i = 0; i < chap->challenge_len; i++)
*cp++ = random() & 0xff;
len = strlen(physical->dl->bundle->cfg.auth.name);
memcpy(cp, physical->dl->bundle->cfg.auth.name, len);
cp += len;
#ifndef NORADIUS
}
#endif
ChapOutput(physical, CHAP_CHALLENGE, chapid, chap->challenge_data,
cp - chap->challenge_data, NULL);
}
@ -121,7 +136,7 @@ RecvChapTalk(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp,
char *cp, *argp, *ap, *name, *digest;
char *keyp;
MD5_CTX MD5context; /* context for MD5 */
char answer[100];
char answer[CHAPDIGESTLEN];
char cdigest[16];
#ifdef HAVE_DES
int ix;
@ -214,11 +229,25 @@ RecvChapTalk(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp,
/*
* Get a secret key corresponds to the peer
*/
keyp = auth_GetSecret(bundle, name, namelen, physical);
if (keyp) {
/*
* Compute correct digest value
*/
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
char chapname[AUTHLEN];
if (namelen > AUTHLEN - 1)
namelen = AUTHLEN - 1;
strncpy(chapname, name, namelen);
chapname[namelen] = '\0';
strncpy(answer, cp-1, 17);
answer[17] = '\0';
if (radius_Authenticate(&bundle->radius, bundle, chapname, answer,
physical->dl->chap.challenge_data + 1))
break; /* And there was much rejoicing ! */
} else
#endif
if ((keyp = auth_GetSecret(bundle, name, namelen, physical))) {
/* Compute correct digest value */
keylen = strlen(keyp);
ap = answer;
*ap++ = chp->id;

7
usr.sbin/ppp/chat.c
View File

@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: chat.c,v 1.51 1998/08/07 18:42:47 brian Exp $
* $Id: chat.c,v 1.52 1998/10/27 22:53:25 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -66,6 +66,9 @@
#include "filter.h"
#include "cbcp.h"
#include "datalink.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#define BUFLEFT(c) (sizeof (c)->buf - ((c)->bufend - (c)->buf))

53
usr.sbin/ppp/command.c
View File

@ -17,10 +17,10 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: command.c,v 1.176 1998/11/05 21:59:47 brian Exp $
* $Id: command.c,v 1.177 1998/12/14 01:15:34 brian Exp $
*
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
@ -76,6 +76,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "server.h"
#include "prompt.h"
@ -115,6 +118,7 @@
#define VAR_CHOKED 26
#define VAR_SENDPIPE 27
#define VAR_RECVPIPE 28
#define VAR_RADIUS 29
/* ``accept|deny|disable|enable'' masks */
#define NEG_HISMASK (1)
@ -134,7 +138,7 @@
#define NEG_DNS 50
const char Version[] = "2.0";
const char VersionDate[] = "$Date: 1998/11/05 21:59:47 $";
const char VersionDate[] = "$Date: 1998/12/14 01:15:34 $";
static int ShowCommand(struct cmdargs const *);
static int TerminalCommand(struct cmdargs const *);
@ -1297,7 +1301,7 @@ SetInterfaceAddr(struct cmdargs const *arg)
iplist_reset(&ipcp->cfg.peer_list);
if (arg->argc > arg->argn) {
if (!ParseAddr(ipcp, arg->argc - arg->argn, arg->argv + arg->argn,
if (!ParseAddr(ipcp, arg->argv[arg->argn],
&ipcp->cfg.my_range.ipaddr, &ipcp->cfg.my_range.mask,
&ipcp->cfg.my_range.width))
return 1;
@ -1616,10 +1620,10 @@ SetVariable(struct cmdargs const *arg)
addr[0].s_addr = addr[1].s_addr = INADDR_ANY;
if (arg->argc > arg->argn) {
ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn,
ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn],
addr, &dummyaddr, &dummyint);
if (arg->argc > arg->argn+1)
ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn + 1,
ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn + 1],
addr + 1, &dummyaddr, &dummyint);
if (addr[1].s_addr == INADDR_ANY)
@ -1691,6 +1695,22 @@ SetVariable(struct cmdargs const *arg)
long_val = atol(argp);
arg->bundle->ncp.ipcp.cfg.recvpipe = long_val;
break;
#ifndef NORADIUS
case VAR_RADIUS:
if (!*argp)
*arg->bundle->radius.cfg.file = '\0';
else if (access(argp, R_OK)) {
log_Printf(LogWARN, "%s: %s\n", argp, strerror(errno));
return 1;
} else {
strncpy(arg->bundle->radius.cfg.file, argp,
sizeof arg->bundle->radius.cfg.file - 1);
arg->bundle->radius.cfg.file
[sizeof arg->bundle->radius.cfg.file - 1] = '\0';
}
break;
#endif
}
return err ? 1 : 0;
@ -1788,6 +1808,10 @@ static struct cmdtab const SetCommands[] = {
"set phone phone1[:phone2[...]]", (const void *)VAR_PHONE},
{"proctitle", "title", SetProcTitle, LOCAL_AUTH,
"Process title", "set proctitle [value]"},
#ifndef NORADIUS
{"radius", NULL, SetVariable, LOCAL_AUTH,
"RADIUS Config", "set radius cfgfile", (const void *)VAR_RADIUS},
#endif
{"reconnect", NULL, datalink_SetReconnect, LOCAL_AUTH | LOCAL_CX,
"Reconnect timeout", "set reconnect value ntries"},
{"recvpipe", NULL, SetVariable, LOCAL_AUTH,
@ -1844,7 +1868,7 @@ AddCommand(struct cmdargs const *arg)
else {
int width;
if (!ParseAddr(&arg->bundle->ncp.ipcp, 1, arg->argv + arg->argn,
if (!ParseAddr(&arg->bundle->ncp.ipcp, arg->argv[arg->argn],
&dest, &netmask, &width))
return -1;
if (!strncasecmp(arg->argv[arg->argn], "MYADDR", 6))
@ -1873,7 +1897,8 @@ AddCommand(struct cmdargs const *arg)
gateway = GetIpAddr(arg->argv[arg->argn+gw]);
if (bundle_SetRoute(arg->bundle, RTM_ADD, dest, gateway, netmask,
arg->cmd->args ? 1 : 0, (addrs & ROUTE_GWHISADDR) ? 1 : 0))
arg->cmd->args ? 1 : 0, (addrs & ROUTE_GWHISADDR) ? 1 : 0)
&& addrs != ROUTE_STATIC)
route_Add(&arg->bundle->ncp.ipcp.route, addrs, dest, netmask, gateway);
return 0;
@ -2355,24 +2380,24 @@ IfaceAddCommand(struct cmdargs const *arg)
struct in_addr ifa, mask, brd;
if (arg->argc == arg->argn + 1) {
if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL))
if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL))
return -1;
mask.s_addr = brd.s_addr = INADDR_BROADCAST;
} else {
if (arg->argc == arg->argn + 2) {
if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, &mask, &bits))
if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, &mask, &bits))
return -1;
n = 1;
} else if (arg->argc == arg->argn + 3) {
if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL))
if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL))
return -1;
if (!ParseAddr(NULL, 1, arg->argv + arg->argn + 1, &mask, NULL, NULL))
if (!ParseAddr(NULL, arg->argv[arg->argn + 1], &mask, NULL, NULL))
return -1;
n = 2;
} else
return -1;
if (!ParseAddr(NULL, 1, arg->argv + arg->argn + n, &brd, NULL, NULL))
if (!ParseAddr(NULL, arg->argv[arg->argn + n], &brd, NULL, NULL))
return -1;
}
@ -2392,7 +2417,7 @@ IfaceDeleteCommand(struct cmdargs const *arg)
if (arg->argc != arg->argn + 1)
return -1;
if (!ParseAddr(NULL, 1, arg->argv + arg->argn, &ifa, NULL, NULL))
if (!ParseAddr(NULL, arg->argv[arg->argn], &ifa, NULL, NULL))
return -1;
if (arg->bundle->ncp.ipcp.fsm.state == ST_OPENED &&

7
usr.sbin/ppp/datalink.c
View File

@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: datalink.c,v 1.24 1999/01/12 21:50:20 brian Exp $
* $Id: datalink.c,v 1.25 1999/01/20 18:06:52 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -58,6 +58,9 @@
#include "ipcp.h"
#include "filter.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "chat.h"
#include "auth.h"

5
usr.sbin/ppp/defs.h
View File

@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: defs.h,v 1.35 1998/08/07 18:42:48 brian Exp $
* $Id: defs.h,v 1.36 1998/08/25 17:48:42 brian Exp $
*
* TODO:
*/
@ -44,6 +44,9 @@
#define DIAL_NEXT_TIMEOUT 3 /* Default Hold time to next number redial */
#define SCRIPT_LEN 512 /* Size of login scripts */
#define LINE_LEN SCRIPT_LEN /* Size of login scripts */
#define AUTHLEN 50 /* Size of authname/authkey */
#define CHAPDIGESTLEN 100 /* Maximum chap digest */
#define CHAPCHALLENGELEN 48 /* Maximum chap challenge */
#define MAXARGS 40 /* How many args per config line */
#define NCP_IDLE_TIMEOUT 180 /* Drop all links */
#define CHOKED_TIMEOUT 120 /* Delete queued packets w/ blocked tun */

54
usr.sbin/ppp/filter.c
View File

@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: filter.c,v 1.25 1998/06/27 12:03:48 brian Exp $
* $Id: filter.c,v 1.26 1998/10/22 02:32:48 brian Exp $
*
* TODO: Shoud send ICMP error message when we discard packets.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
@ -54,6 +54,9 @@
#include "descriptor.h"
#include "prompt.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
static int filter_Nam2Proto(int, char const *const *);
@ -71,34 +74,38 @@ static const u_int32_t netmasks[33] = {
0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF,
};
struct in_addr
bits2mask(int bits)
{
struct in_addr result;
result.s_addr = htonl(netmasks[bits]);
return result;
}
int
ParseAddr(struct ipcp *ipcp, int argc, char const *const *argv,
ParseAddr(struct ipcp *ipcp, const char *data,
struct in_addr *paddr, struct in_addr *pmask, int *pwidth)
{
int bits, len;
char *wp;
const char *cp;
if (argc < 1) {
log_Printf(LogWARN, "ParseAddr: address/mask is expected.\n");
return (0);
}
if (pmask)
pmask->s_addr = INADDR_BROADCAST; /* Assume 255.255.255.255 as default */
cp = pmask || pwidth ? strchr(*argv, '/') : NULL;
len = cp ? cp - *argv : strlen(*argv);
cp = pmask || pwidth ? strchr(data, '/') : NULL;
len = cp ? cp - data : strlen(data);
if (ipcp && strncasecmp(*argv, "HISADDR", len) == 0)
if (ipcp && strncasecmp(data, "HISADDR", len) == 0)
*paddr = ipcp->peer_ip;
else if (ipcp && strncasecmp(*argv, "MYADDR", len) == 0)
else if (ipcp && strncasecmp(data, "MYADDR", len) == 0)
*paddr = ipcp->my_ip;
else if (len > 15)
log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", *argv);
log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", data);
else {
char s[16];
strncpy(s, *argv, len);
strncpy(s, data, len);
s[len] = '\0';
if (inet_aton(s, paddr) == 0) {
log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s);
@ -125,7 +132,7 @@ ParseAddr(struct ipcp *ipcp, int argc, char const *const *argv,
if (paddr->s_addr == INADDR_ANY)
pmask->s_addr = INADDR_ANY;
else
pmask->s_addr = htonl(netmasks[bits]);
*pmask = bits2mask(bits);
}
return (1);
@ -302,7 +309,7 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
argc--;
argv++;
if (filterdata.action == A_DENY) {
if (argc && filterdata.action == A_DENY) {
if (!strcmp(*argv, "host")) {
filterdata.action |= A_UHOST;
argc--;
@ -313,21 +320,26 @@ Parse(struct ipcp *ipcp, int argc, char const *const *argv,
argv++;
}
}
proto = filter_Nam2Proto(argc, argv);
if (proto == P_NONE) {
if (ParseAddr(ipcp, argc, argv, &filterdata.saddr, &filterdata.smask,
&filterdata.swidth)) {
if (!argc)
log_Printf(LogWARN, "Parse: address/mask is expected.\n");
else if (ParseAddr(ipcp, *argv, &filterdata.saddr, &filterdata.smask,
&filterdata.swidth)) {
argc--;
argv++;
proto = filter_Nam2Proto(argc, argv);
if (proto == P_NONE) {
if (ParseAddr(ipcp, argc, argv, &filterdata.daddr, &filterdata.dmask,
if (!argc)
log_Printf(LogWARN, "Parse: address/mask is expected.\n");
else if (proto == P_NONE) {
if (ParseAddr(ipcp, *argv, &filterdata.daddr, &filterdata.dmask,
&filterdata.dwidth)) {
argc--;
argv++;
}
proto = filter_Nam2Proto(argc, argv);
if (proto != P_NONE) {
if (argc && proto != P_NONE) {
argc--;
argv++;
}

5
usr.sbin/ppp/filter.h
View File

@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: filter.h,v 1.12 1998/05/21 21:45:16 brian Exp $
* $Id: filter.h,v 1.13 1999/01/19 22:16:01 brian Exp $
*
* TODO:
*/
@ -83,10 +83,11 @@ struct filter {
struct ipcp;
struct cmdargs;
extern int ParseAddr(struct ipcp *, int, char const *const *, struct in_addr *,
extern int ParseAddr(struct ipcp *, const char *, struct in_addr *,
struct in_addr *, int *);
extern int filter_Show(struct cmdargs const *);
extern int filter_Set(struct cmdargs const *);
extern const char * filter_Action2Nam(int);
extern const char *filter_Proto2Nam(int);
extern const char *filter_Op2Nam(int);
extern struct in_addr bits2mask(int);

7
usr.sbin/ppp/fsm.c
View File

@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: fsm.c,v 1.36 1998/08/01 01:02:41 brian Exp $
* $Id: fsm.c,v 1.37 1998/09/04 18:25:59 brian Exp $
*
* TODO:
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -49,6 +49,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "async.h"
#include "physical.h"

7
usr.sbin/ppp/hdlc.c
View File

@ -17,11 +17,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: hdlc.c,v 1.35 1998/08/01 01:02:12 brian Exp $
* $Id: hdlc.c,v 1.36 1998/08/07 18:42:48 brian Exp $
*
* TODO:
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -61,6 +61,9 @@
#include "cbcp.h"
#include "datalink.h"
#include "filter.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
static u_int16_t const fcstab[256] = {

7
usr.sbin/ppp/iface.c
View File

@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: iface.c,v 1.1 1998/10/22 02:32:49 brian Exp $
* $Id: iface.c,v 1.2 1998/10/26 19:07:36 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/if.h>
@ -65,6 +65,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "prompt.h"
#include "iface.h"

7
usr.sbin/ppp/ip.c
View File

@ -17,13 +17,13 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ip.c,v 1.53 1998/09/17 00:45:26 brian Exp $
* $Id: ip.c,v 1.54 1998/11/10 00:32:39 brian Exp $
*
* TODO:
* o Return ICMP message for filterd packet
* and optionaly record it into log.
*/
#include <sys/types.h>
#include <sys/param.h>
#ifdef __OpenBSD__
#include <sys/socket.h>
#endif
@ -66,6 +66,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "vjcomp.h"
#include "tun.h"

57
usr.sbin/ppp/ipcp.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ipcp.c,v 1.67 1998/10/22 02:32:49 brian Exp $
* $Id: ipcp.c,v 1.68 1998/10/26 19:07:39 brian Exp $
*
* TODO:
* o More RFC1772 backward compatibility
@ -73,6 +73,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "id.h"
#include "arp.h"
@ -278,7 +281,7 @@ ipcp_Show(struct cmdargs const *arg)
if (ipcp->route) {
prompt_Printf(arg->prompt, "\n");
route_ShowSticky(arg->prompt, ipcp->route);
route_ShowSticky(arg->prompt, ipcp->route, "Sticky routes", 1);
}
prompt_Printf(arg->prompt, "\nDefaults:\n");
@ -378,7 +381,7 @@ ipcp_Init(struct ipcp *ipcp, struct bundle *bundle, struct link *l,
throughput_init(&ipcp->throughput);
memset(ipcp->Queue, '\0', sizeof ipcp->Queue);
ipcp_Setup(ipcp);
ipcp_Setup(ipcp, INADDR_NONE);
}
void
@ -388,13 +391,14 @@ ipcp_SetLink(struct ipcp *ipcp, struct link *l)
}
void
ipcp_Setup(struct ipcp *ipcp)
ipcp_Setup(struct ipcp *ipcp, u_int32_t mask)
{
struct iface *iface = ipcp->fsm.bundle->iface;
int pos, n;
ipcp->fsm.open_mode = 0;
ipcp->fsm.maxconfig = 10;
ipcp->ifmask.s_addr = mask == INADDR_NONE ? ipcp->cfg.netmask.s_addr : mask;
if (iplist_isvalid(&ipcp->cfg.peer_list)) {
/* Try to give the peer a previously configured IP address */
@ -446,7 +450,11 @@ ipcp_Setup(struct ipcp *ipcp)
ipcp->my_ip = ipcp->cfg.my_range.ipaddr;
}
if (IsEnabled(ipcp->cfg.vj.neg))
if (IsEnabled(ipcp->cfg.vj.neg)
#ifndef NORADIUS
|| (ipcp->fsm.bundle->radius.valid && ipcp->fsm.bundle->radius.vj)
#endif
)
ipcp->my_compproto = (PROTO_VJCOMP << 16) +
((ipcp->cfg.vj.slots - 1) << 8) +
ipcp->cfg.vj.slotcomp;
@ -496,16 +504,11 @@ ipcp_SetIPaddress(struct bundle *bundle, struct in_addr myaddr,
u_int32_t addr;
addr = htonl(myaddr.s_addr);
if (IN_CLASSA(addr))
mask.s_addr = htonl(IN_CLASSA_NET);
else if (IN_CLASSB(addr))
mask.s_addr = htonl(IN_CLASSB_NET);
else
mask.s_addr = htonl(IN_CLASSC_NET);
mask.s_addr = addr2mask(addr);
if (bundle->ncp.ipcp.cfg.netmask.s_addr != INADDR_ANY &&
(ntohl(bundle->ncp.ipcp.cfg.netmask.s_addr) & mask.s_addr) == mask.s_addr)
mask.s_addr = htonl(bundle->ncp.ipcp.cfg.netmask.s_addr);
if (bundle->ncp.ipcp.ifmask.s_addr != INADDR_ANY &&
(ntohl(bundle->ncp.ipcp.ifmask.s_addr) & mask.s_addr) == mask.s_addr)
mask.s_addr = htonl(bundle->ncp.ipcp.ifmask.s_addr);
oaddr.s_addr = bundle->iface->in_addrs ?
bundle->iface->in_addr[0].ifa.s_addr : INADDR_ANY;
@ -524,6 +527,11 @@ ipcp_SetIPaddress(struct bundle *bundle, struct in_addr myaddr,
if (Enabled(bundle, OPT_SROUTES))
route_Change(bundle, bundle->ncp.ipcp.route, myaddr, hisaddr);
#ifndef NORADIUS
if (bundle->radius.valid)
route_Change(bundle, bundle->radius.routes, myaddr, hisaddr);
#endif
if (Enabled(bundle, OPT_PROXY) || Enabled(bundle, OPT_PROXYALL)) {
int s = ID0socket(AF_INET, SOCK_DGRAM, 0);
if (s < 0)
@ -705,7 +713,7 @@ IpcpLayerDown(struct fsm *fp)
system_Select(fp->bundle, "MYADDR", LINKDOWNFILE, NULL, NULL);
}
ipcp_Setup(ipcp);
ipcp_Setup(ipcp, INADDR_NONE);
}
int
@ -1114,6 +1122,23 @@ ipcp_Input(struct ipcp *ipcp, struct bundle *bundle, struct mbuf *bp)
}
}
int
ipcp_UseHisIPaddr(struct bundle *bundle, struct in_addr hisaddr)
{
struct ipcp *ipcp = &bundle->ncp.ipcp;
memset(&ipcp->cfg.peer_range, '\0', sizeof ipcp->cfg.peer_range);
iplist_reset(&ipcp->cfg.peer_list);
ipcp->peer_ip = ipcp->cfg.peer_range.ipaddr = hisaddr;
ipcp->cfg.peer_range.mask.s_addr = INADDR_BROADCAST;
ipcp->cfg.peer_range.width = 32;
if (ipcp_SetIPaddress(bundle, ipcp->cfg.my_range.ipaddr, hisaddr, 0) < 0)
return 0;
return 1; /* Ok */
}
int
ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
{
@ -1138,7 +1163,7 @@ ipcp_UseHisaddr(struct bundle *bundle, const char *hisaddr, int setaddr)
log_Printf(LogWARN, "%s: Invalid range !\n", hisaddr);
return 0;
}
} else if (ParseAddr(ipcp, 1, &hisaddr, &ipcp->cfg.peer_range.ipaddr,
} else if (ParseAddr(ipcp, hisaddr, &ipcp->cfg.peer_range.ipaddr,
&ipcp->cfg.peer_range.mask,
&ipcp->cfg.peer_range.width) != 0) {
ipcp->peer_ip.s_addr = ipcp->cfg.peer_range.ipaddr.s_addr;

17
usr.sbin/ppp/ipcp.h
View File

@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ipcp.h,v 1.21 1998/10/22 02:32:49 brian Exp $
* $Id: ipcp.h,v 1.22 1998/10/26 19:07:39 brian Exp $
*
* TODO:
*/
@ -34,6 +34,14 @@
#define TY_SECONDARY_NBNS 132
#define TY_ADJUST_NS 119 /* subtract from NS val for REJECT bit */
#define addr2mask(addr) ( \
IN_CLASSA(addr) ? \
htonl(IN_CLASSA_NET) : \
IN_CLASSB(addr) ? \
htonl(IN_CLASSB_NET) : htonl(IN_CLASSC_NET) \
)
struct sticky_route;
struct in_range {
@ -53,7 +61,7 @@ struct ipcp {
} vj;
struct in_range my_range; /* MYADDR spec */
struct in_addr netmask; /* netmask (unused by most OSs) */
struct in_addr netmask; /* Iface netmask (unused by most OSs) */
struct in_range peer_range; /* HISADDR spec */
struct iplist peer_list; /* Ranges of HISADDR values */
@ -84,6 +92,8 @@ struct ipcp {
struct in_addr peer_ip; /* IP address he's willing to use */
u_int32_t peer_compproto; /* VJ params he's willing to use */
struct in_addr ifmask; /* Interface netmask */
struct in_addr my_ip; /* IP address I'm willing to use */
u_int32_t my_compproto; /* VJ params I'm willing to use */
@ -102,13 +112,14 @@ struct cmdargs;
extern void ipcp_Init(struct ipcp *, struct bundle *, struct link *,
const struct fsm_parent *);
extern void ipcp_Setup(struct ipcp *);
extern void ipcp_Setup(struct ipcp *, u_int32_t);
extern void ipcp_SetLink(struct ipcp *, struct link *);
extern int ipcp_Show(struct cmdargs const *);
extern void ipcp_Input(struct ipcp *, struct bundle *, struct mbuf *);
extern void ipcp_AddInOctets(struct ipcp *, int);
extern void ipcp_AddOutOctets(struct ipcp *, int);
extern int ipcp_UseHisIPaddr(struct bundle *, struct in_addr);
extern int ipcp_UseHisaddr(struct bundle *, const char *, int);
extern int ipcp_vjset(struct cmdargs const *);
extern void ipcp_CleanInterface(struct ipcp *);

7
usr.sbin/ppp/lcp.c
View File

@ -17,13 +17,13 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: lcp.c,v 1.65 1998/10/17 12:28:02 brian Exp $
* $Id: lcp.c,v 1.66 1999/01/12 21:50:20 brian Exp $
*
* TODO:
* o Limit data field length by MRU
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -64,6 +64,9 @@
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
/* for received LQRs */

4
usr.sbin/ppp/lqr.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: lqr.c,v 1.29 1998/06/27 23:48:49 brian Exp $
* $Id: lqr.c,v 1.30 1998/08/07 18:42:49 brian Exp $
*
* o LQR based on RFC1333
*
@ -26,7 +26,7 @@
* o Allow user to configure LQM method and interval.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/un.h>
#include <string.h>

7
usr.sbin/ppp/main.c
View File

@ -17,12 +17,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: main.c,v 1.146 1998/12/10 18:36:30 brian Exp $
* $Id: main.c,v 1.147 1999/01/25 10:19:03 brian Exp $
*
* TODO:
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -64,6 +64,9 @@
#include "descriptor.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "auth.h"
#include "systems.h"

5
usr.sbin/ppp/modem.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: modem.c,v 1.99 1998/08/26 18:07:56 brian Exp $
* $Id: modem.c,v 1.100 1999/01/10 01:26:28 brian Exp $
*
* TODO:
*/
@ -69,6 +69,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "prompt.h"
#include "chat.h"

7
usr.sbin/ppp/mp.c
View File

@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: mp.c,v 1.16 1998/09/04 18:25:59 brian Exp $
* $Id: mp.c,v 1.17 1998/10/24 01:08:45 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -71,6 +71,9 @@
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "ip.h"
#include "prompt.h"

7
usr.sbin/ppp/nat_cmd.c
View File

@ -2,10 +2,10 @@
* The code in this file was written by Eivind Eklund <perhaps@yes.no>,
* who places it in the public domain without restriction.
*
* $Id: alias_cmd.c,v 1.17 1998/08/26 17:39:36 brian Exp $
* $Id: alias_cmd.c,v 1.18 1998/09/17 00:45:25 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
@ -44,6 +44,9 @@
#include "link.h"
#include "mp.h"
#include "filter.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"

7
usr.sbin/ppp/pap.c
View File

@ -18,11 +18,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: pap.c,v 1.26 1998/08/07 18:42:50 brian Exp $
* $Id: pap.c,v 1.27 1998/08/26 18:07:57 brian Exp $
*
* TODO:
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -53,6 +53,9 @@
#include "ipcp.h"
#include "filter.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "chat.h"
#include "chap.h"

116
usr.sbin/ppp/ppp.8
View File

@ -1,4 +1,4 @@
.\" $Id: ppp.8,v 1.141 1999/01/19 22:15:41 brian Exp $
.\" $Id: ppp.8,v 1.142 1999/01/19 22:16:02 brian Exp $
.Dd 20 September 1995
.nr XX \w'\fC00'
.Os FreeBSD
@ -109,11 +109,29 @@ CHAP authentication and
.Nm
is compiled with DES support, an appropriate MD4/DES response will be
made.
.It Supports RADIUS authentication.
An extension to PAP and CHAP,
.Em \&R Ns No emote
.Em \&A Ns No ccess
.Em \&D Ns No ial
.Em \&I Ns No n
.Em \&U Ns No ser
.Em \&S Ns No ervice
allows authentication information to be stored in a central or
distributed database along with various per-user framed connection
characteristics. If
.Pa libradius
is available at compile time,
.Nm
will use it to make
.Em RADIUS
requests when configured to do so.
.It Supports Proxy Arp.
When
.Em PPP
is set up as server, you can also configure it to do proxy arp for your
connection.
.Nm
is set up as server, it can be configured to make one or more proxy arp
entries on behalf of the client. This allows routing to the LAN without
configuring each machine on that LAN.
.It Supports packet filtering.
User can define four kinds of filters: the
.Em in
@ -3498,6 +3516,95 @@ command must appear in
as it is not known when the commands in
.Pa ppp.conf
are executed.
.It set radius Op Ar config-file
This command enables RADIUS support (if it's compiled in).
.Ar config-file
refers to the radius client configuration file as described in
.Xr radius.conf 5 .
If PAP or CHAP are
.Dq enable Ns No d ,
.Nm
behaves as a
.Em \&N Ns No etwork
.Em \&A Ns No ccess
.Em \&S Ns No erver
and uses the configured RADIUS server to authenticate rather than
authenticating from the
.Pa ppp.secret
file or from the passwd database.
.Pp
If neither PAP or CHAP are enabled,
.Dq set radius
will do nothing.
.Pp
.Nm
uses the following attributes from the RADIUS reply:
.Bl -tag -width XXX -offset XXX
.It RAD_FRAMED_IP_ADDRESS
The peer IP address is set to the given value.
.It RAD_FRAMED_IP_NETMASK
The tun interface netmask is set to the given value.
.It RAD_FRAMED_MTU
If the given MTU is less than the peers MRU as agreed during LCP
negotiation, *and* it is less that any configured MTU (see the
.Dq set mru
command), the tun interface MTU is set to the given value.
.It RAD_FRAMED_COMPRESSION
If the received compression type is
.Dq 1 ,
.Nm
will request VJ compression during IPCP negotiations despite any
.Dq disable vj
configuration command.
.It RAD_FRAMED_ROUTE
The received string is expected to be in the format
.Ar dest Ns Op / Ns Ar bits
.Ar gw
.Op Ar metrics .
Any specified metrics are ignored.
.Dv MYADDR
and
.Dv HISADDR
are understood as valid values for
.Ar dest
and
.Ar gw ,
.Dq default
can be used for
.Ar dest
to sepcify the default route, and
.Dq 0.0.0.0
is understood to be the same as
.Dq default
for
.Ar dest
and
.Dv HISADDR
for
.Ar gw .
.Pp
For example, a returned value of
.Dq 1.2.3.4/24 0.0.0.0 1 2 -1 3 400
would result in a routing table entry to the 1.2.3.0/24 network via
.Dv HISADDR
and a returned value of
.Dq 0.0.0.0 0.0.0.0
or
.Dq default HISADDR
would result in a default route to
.Dv HISADDR .
.Pp
All RADIUS routes are applied after any sticky routes are applied, making
RADIUS routes override configured routes. This also applies for RADIUS
routes that don't include the
.Dv MYADDR
or
.Dv HISADDR
keywords.
.Pp
.El
Values received from the RADIUS server may be viewed using
.Dq show bundle .
.It set reconnect Ar timeout ntries
Should the line drop unexpectedly (due to loss of CD or LQR
failure), a connection will be re-established after the given
@ -3841,6 +3948,7 @@ This socket is used to pass links between different instances of
.Xr ping 8 ,
.Xr pppctl 8 ,
.Xr pppd 8 ,
.Xr radius.conf 5 ,
.Xr route 8 ,
.Xr syslogd 8 ,
.Xr traceroute 8 ,

116
usr.sbin/ppp/ppp.8.m4
View File

@ -1,4 +1,4 @@
.\" $Id: ppp.8,v 1.141 1999/01/19 22:15:41 brian Exp $
.\" $Id: ppp.8,v 1.142 1999/01/19 22:16:02 brian Exp $
.Dd 20 September 1995
.nr XX \w'\fC00'
.Os FreeBSD
@ -109,11 +109,29 @@ CHAP authentication and
.Nm
is compiled with DES support, an appropriate MD4/DES response will be
made.
.It Supports RADIUS authentication.
An extension to PAP and CHAP,
.Em \&R Ns No emote
.Em \&A Ns No ccess
.Em \&D Ns No ial
.Em \&I Ns No n
.Em \&U Ns No ser
.Em \&S Ns No ervice
allows authentication information to be stored in a central or
distributed database along with various per-user framed connection
characteristics. If
.Pa libradius
is available at compile time,
.Nm
will use it to make
.Em RADIUS
requests when configured to do so.
.It Supports Proxy Arp.
When
.Em PPP
is set up as server, you can also configure it to do proxy arp for your
connection.
.Nm
is set up as server, it can be configured to make one or more proxy arp
entries on behalf of the client. This allows routing to the LAN without
configuring each machine on that LAN.
.It Supports packet filtering.
User can define four kinds of filters: the
.Em in
@ -3498,6 +3516,95 @@ command must appear in
as it is not known when the commands in
.Pa ppp.conf
are executed.
.It set radius Op Ar config-file
This command enables RADIUS support (if it's compiled in).
.Ar config-file
refers to the radius client configuration file as described in
.Xr radius.conf 5 .
If PAP or CHAP are
.Dq enable Ns No d ,
.Nm
behaves as a
.Em \&N Ns No etwork
.Em \&A Ns No ccess
.Em \&S Ns No erver
and uses the configured RADIUS server to authenticate rather than
authenticating from the
.Pa ppp.secret
file or from the passwd database.
.Pp
If neither PAP or CHAP are enabled,
.Dq set radius
will do nothing.
.Pp
.Nm
uses the following attributes from the RADIUS reply:
.Bl -tag -width XXX -offset XXX
.It RAD_FRAMED_IP_ADDRESS
The peer IP address is set to the given value.
.It RAD_FRAMED_IP_NETMASK
The tun interface netmask is set to the given value.
.It RAD_FRAMED_MTU
If the given MTU is less than the peers MRU as agreed during LCP
negotiation, *and* it is less that any configured MTU (see the
.Dq set mru
command), the tun interface MTU is set to the given value.
.It RAD_FRAMED_COMPRESSION
If the received compression type is
.Dq 1 ,
.Nm
will request VJ compression during IPCP negotiations despite any
.Dq disable vj
configuration command.
.It RAD_FRAMED_ROUTE
The received string is expected to be in the format
.Ar dest Ns Op / Ns Ar bits
.Ar gw
.Op Ar metrics .
Any specified metrics are ignored.
.Dv MYADDR
and
.Dv HISADDR
are understood as valid values for
.Ar dest
and
.Ar gw ,
.Dq default
can be used for
.Ar dest
to sepcify the default route, and
.Dq 0.0.0.0
is understood to be the same as
.Dq default
for
.Ar dest
and
.Dv HISADDR
for
.Ar gw .
.Pp
For example, a returned value of
.Dq 1.2.3.4/24 0.0.0.0 1 2 -1 3 400
would result in a routing table entry to the 1.2.3.0/24 network via
.Dv HISADDR
and a returned value of
.Dq 0.0.0.0 0.0.0.0
or
.Dq default HISADDR
would result in a default route to
.Dv HISADDR .
.Pp
All RADIUS routes are applied after any sticky routes are applied, making
RADIUS routes override configured routes. This also applies for RADIUS
routes that don't include the
.Dv MYADDR
or
.Dv HISADDR
keywords.
.Pp
.El
Values received from the RADIUS server may be viewed using
.Dq show bundle .
.It set reconnect Ar timeout ntries
Should the line drop unexpectedly (due to loss of CD or LQR
failure), a connection will be re-established after the given
@ -3841,6 +3948,7 @@ This socket is used to pass links between different instances of
.Xr ping 8 ,
.Xr pppctl 8 ,
.Xr pppd 8 ,
.Xr radius.conf 5 ,
.Xr route 8 ,
.Xr syslogd 8 ,
.Xr traceroute 8 ,

5
usr.sbin/ppp/prompt.c
View File

@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: prompt.c,v 1.11 1998/08/09 15:34:11 brian Exp $
* $Id: prompt.c,v 1.12 1998/08/26 17:39:37 brian Exp $
*/
#include <sys/param.h>
@ -63,6 +63,9 @@
#include "link.h"
#include "physical.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "chat.h"
#include "chap.h"

287
usr.sbin/ppp/radius.c Normal file
View File

@ -0,0 +1,287 @@
/*
* Copyright 1999 Internet Business Solutions Ltd., Switzerland
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id:$
*
*/
#include <sys/param.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <sys/un.h>
#include <errno.h>
#include <radlib.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include "defs.h"
#include "log.h"
#include "descriptor.h"
#include "prompt.h"
#include "timer.h"
#include "fsm.h"
#include "iplist.h"
#include "slcompress.h"
#include "throughput.h"
#include "lqr.h"
#include "hdlc.h"
#include "mbuf.h"
#include "ipcp.h"
#include "route.h"
#include "command.h"
#include "filter.h"
#include "server.h"
#include "lcp.h"
#include "ccp.h"
#include "link.h"
#include "mp.h"
#include "radius.h"
#include "bundle.h"
void
radius_Init(struct radius *r)
{
r->valid = 0;
*r->cfg.file = '\0';;
}
void
radius_Destroy(struct radius *r)
{
r->valid = 0;
route_DeleteAll(&r->routes);
}
int
radius_Authenticate(struct radius *r, struct bundle *bundle, const char *name,
const char *key, const char *challenge)
{
struct rad_handle *h;
sigset_t alrm, prevset;
const void *data;
int got, len, argc, addrs;
char *argv[MAXARGS], *nuke;
struct in_range dest;
struct in_addr gw;
radius_Destroy(r);
if (!*r->cfg.file)
return 0;
if ((h = rad_open()) == NULL) {
log_Printf(LogERROR, "rad_open: %s\n", strerror(errno));
return 0;
}
if (rad_config(h, r->cfg.file) != 0) {
log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(h));
rad_close(h);
return 0;
}
if (rad_create_request(h, RAD_ACCESS_REQUEST) != 0) {
log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(h));
rad_close(h);
return 0;
}
if (rad_put_string(h, RAD_USER_NAME, name) != 0 ||
rad_put_int(h, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
rad_put_int(h, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {
log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(h));
rad_close(h);
return 0;
}
if (challenge != NULL) { /* CHAP */
if (rad_put_string(h, RAD_CHAP_PASSWORD, key) != 0 ||
rad_put_string(h, RAD_CHAP_CHALLENGE, challenge) != 0) {
log_Printf(LogERROR, "CHAP: rad_put_string: %s\n", rad_strerror(h));
rad_close(h);
return 0;
}
} else if (rad_put_string(h, RAD_USER_PASSWORD, key) != 0) { /* PAP */
/* We're talking PAP */
log_Printf(LogERROR, "PAP: rad_put_string: %s\n", rad_strerror(h));
rad_close(h);
return 0;
}
/*
* Having to do this is bad news. The right way is to grab the
* descriptor that rad_send_request() selects on and add it to
* our own selection list (making a full ``struct descriptor''),
* then to ``continue'' the call when the descriptor is ready.
* This requires altering libradius....
*/
sigemptyset(&alrm);
sigaddset(&alrm, SIGALRM);
sigprocmask(SIG_BLOCK, &alrm, &prevset);
got = rad_send_request(h);
sigprocmask(SIG_SETMASK, &prevset, NULL);
switch (got) {
case RAD_ACCESS_ACCEPT:
break;
case RAD_ACCESS_CHALLENGE:
/* we can't deal with this (for now) ! */
log_Printf(LogPHASE, "Can't handle radius CHALLENGEs !\n");
rad_close(h);
return 0;
case -1:
log_Printf(LogPHASE, "radius: %s\n", rad_strerror(h));
rad_close(h);
return 0;
default:
log_Printf(LogERROR, "rad_send_request: Failed %d: %s\n",
got, rad_strerror(h));
rad_close(h);
return 0;
case RAD_ACCESS_REJECT:
log_Printf(LogPHASE, "radius: Rejected !\n");
rad_close(h);
return 0;
}
/* So we've been accepted ! Let's see what we've got in our reply :-I */
r->ip.s_addr = r->mask.s_addr = INADDR_NONE;
r->mtu = 0;
r->vj = 0;
while ((got = rad_get_attr(h, &data, &len)) > 0) {
switch (got) {
case RAD_FRAMED_IP_ADDRESS:
r->ip = rad_cvt_addr(data);
log_Printf(LogDEBUG, "radius: Got IP %s\n", inet_ntoa(r->ip));
break;
case RAD_FRAMED_IP_NETMASK:
r->mask = rad_cvt_addr(data);
log_Printf(LogDEBUG, "radius: Got MASK %s\n", inet_ntoa(r->mask));
break;
case RAD_FRAMED_MTU:
r->mtu = rad_cvt_int(data);
log_Printf(LogDEBUG, "radius: Got MTU %lu\n", r->mtu);
break;
case RAD_FRAMED_ROUTING:
/* Disabled for now - should we automatically set up some filters ? */
/* rad_cvt_int(data); */
/* bit 1 = Send routing packets */
/* bit 2 = Receive routing packets */
break;
case RAD_FRAMED_COMPRESSION:
r->vj = rad_cvt_int(data) == 1 ? 1 : 0;
log_Printf(LogDEBUG, "radius: Got VJ %sabled\n", r->vj ? "en" : "dis");
break;
case RAD_FRAMED_ROUTE:
/*
* We expect a string of the format ``dest[/bits] gw [metrics]''
* Any specified metrics are ignored. MYADDR and HISADDR are
* understood for ``dest'' and ``gw'' and ``0.0.0.0'' is the same
* as ``HISADDR''.
*/
if ((nuke = rad_cvt_string(data, len)) == NULL) {
log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(h));
rad_close(h);
return 0;
}
dest.ipaddr.s_addr = dest.mask.s_addr = INADDR_ANY;
dest.width = 0;
argc = command_Interpret(nuke, strlen(nuke), argv);
if (argc < 2)
log_Printf(LogWARN, "radius: %s: Invalid route\n",
argc == 1 ? argv[0] : "\"\"");
else if ((strcasecmp(argv[0], "default") != 0 &&
!ParseAddr(&bundle->ncp.ipcp, argv[0], &dest.ipaddr,
&dest.mask, &dest.width)) ||
!ParseAddr(&bundle->ncp.ipcp, argv[1], &gw, NULL, NULL))
log_Printf(LogWARN, "radius: %s %s: Invalid route\n",
argv[0], argv[1]);
else {
if (dest.width == 32 && strchr(argv[0], '/') == NULL)
/* No mask specified - use the natural mask */
dest.mask.s_addr = addr2mask(dest.ipaddr.s_addr);
addrs = 0;
if (!strncasecmp(argv[0], "HISADDR", 7))
addrs = ROUTE_DSTHISADDR;
else if (!strncasecmp(argv[0], "MYADDR", 6))
addrs = ROUTE_DSTMYADDR;
if (gw.s_addr == INADDR_ANY) {
addrs |= ROUTE_GWHISADDR;
gw = bundle->ncp.ipcp.peer_ip;
} else if (strcasecmp(argv[1], "HISADDR") == 0)
addrs |= ROUTE_GWHISADDR;
route_Add(&r->routes, addrs, dest.ipaddr, dest.mask, gw);
}
free(nuke);
break;
}
}
if (got == -1) {
log_Printf(LogERROR, "rad_get_attr: %s\n", rad_strerror(h));
rad_close(h);
return 0;
}
log_Printf(LogPHASE, "radius: SUCCESS\n");
rad_close(h);
return r->valid = 1;
}
void
radius_Show(struct radius *r, struct prompt *p)
{
prompt_Printf(p, " Radius config: %s", *r->cfg.file ? r->cfg.file : "none");
if (r->valid) {
prompt_Printf(p, "\n IP: %s\n", inet_ntoa(r->ip));
prompt_Printf(p, " Netmask: %s\n", inet_ntoa(r->mask));
prompt_Printf(p, " MTU: %lu\n", r->mtu);
prompt_Printf(p, " VJ: %sabled\n", r->vj ? "en" : "dis");
if (r->routes)
route_ShowSticky(p, r->routes, " Routes", 16);
} else
prompt_Printf(p, " (not authenticated)\n");
}

48
usr.sbin/ppp/radius.h Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright 1999 Internet Business Solutions Ltd., Switzerland
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id:$
*/
struct radius {
unsigned valid : 1; /* Is this structure valid ? */
unsigned vj : 1; /* FRAMED Compression */
struct in_addr ip; /* FRAMED IP */
struct in_addr mask; /* FRAMED Netmask */
unsigned long mtu; /* FRAMED MTU */
struct sticky_route *routes; /* FRAMED Routes */
struct {
char file[MAXPATHLEN]; /* Radius config file */
} cfg;
};
struct bundle;
extern void radius_Init(struct radius *);
extern void radius_Destroy(struct radius *);
extern void radius_Show(struct radius *, struct prompt *);
extern int radius_Authenticate(struct radius *, struct bundle *, const char *,
const char *, const char *);

62
usr.sbin/ppp/route.c
View File

@ -17,11 +17,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: route.c,v 1.53 1998/08/17 06:42:40 brian Exp $
* $Id: route.c,v 1.54 1998/10/22 02:32:50 brian Exp $
*
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <net/if_types.h>
#include <net/route.h>
@ -58,6 +58,9 @@
#include "filter.h"
#include "descriptor.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "route.h"
#include "prompt.h"
@ -486,29 +489,29 @@ void
route_Add(struct sticky_route **rp, int type, struct in_addr dst,
struct in_addr mask, struct in_addr gw)
{
if (type != ROUTE_STATIC) {
struct sticky_route *r;
int dsttype = type & ROUTE_DSTANY;
struct sticky_route *r;
int dsttype = type & ROUTE_DSTANY;
r = NULL;
while (*rp) {
if ((dsttype && dsttype == ((*rp)->type & ROUTE_DSTANY)) ||
(!dsttype && (*rp)->dst.s_addr == dst.s_addr)) {
r = *rp;
*rp = r->next;
} else
rp = &(*rp)->next;
}
if (!r)
r = (struct sticky_route *)malloc(sizeof(struct sticky_route));
r->type = type;
r->next = NULL;
r->dst = dst;
r->mask = mask;
r->gw = gw;
*rp = r;
r = NULL;
while (*rp) {
if ((dsttype && dsttype == ((*rp)->type & ROUTE_DSTANY)) ||
(!dsttype && (*rp)->dst.s_addr == dst.s_addr)) {
/* Oops, we already have this route - unlink it */
free(r); /* impossible really */
r = *rp;
*rp = r->next;
} else
rp = &(*rp)->next;
}
if (!r)
r = (struct sticky_route *)malloc(sizeof(struct sticky_route));
r->type = type;
r->next = NULL;
r->dst = dst;
r->mask = mask;
r->gw = gw;
*rp = r;
}
void
@ -541,15 +544,22 @@ route_DeleteAll(struct sticky_route **rp)
}
void
route_ShowSticky(struct prompt *p, struct sticky_route *r)
route_ShowSticky(struct prompt *p, struct sticky_route *r, const char *tag,
int indent)
{
int def;
int tlen = strlen(tag);
if (tlen + 2 > indent)
prompt_Printf(p, "%s:\n%*s", tag, indent, "");
else
prompt_Printf(p, "%s:%*s", tag, indent - tlen - 1, "");
prompt_Printf(p, "Sticky routes:\n");
for (; r; r = r->next) {
def = r->dst.s_addr == INADDR_ANY && r->mask.s_addr == INADDR_ANY;
prompt_Printf(p, " add ");
prompt_Printf(p, "%*sadd ", tlen ? 0 : indent, "");
tlen = 0;
if (r->type & ROUTE_DSTMYADDR)
prompt_Printf(p, "MYADDR");
else if (r->type & ROUTE_DSTHISADDR)

5
usr.sbin/ppp/route.h
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: route.h,v 1.10.2.6 1998/05/05 23:30:13 brian Exp $
* $Id: route.h,v 1.11 1998/05/21 21:48:12 brian Exp $
*
*/
@ -50,4 +50,5 @@ extern void route_Add(struct sticky_route **, int, struct in_addr,
extern void route_Delete(struct sticky_route **, int, struct in_addr);
extern void route_DeleteAll(struct sticky_route **);
extern void route_Clean(struct bundle *, struct sticky_route *);
extern void route_ShowSticky(struct prompt *, struct sticky_route *);
extern void route_ShowSticky(struct prompt *, struct sticky_route *,
const char *, int);

7
usr.sbin/ppp/slcompress.c
View File

@ -17,13 +17,13 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: slcompress.c,v 1.19 1998/06/27 12:03:50 brian Exp $
* $Id: slcompress.c,v 1.20 1998/08/26 17:39:37 brian Exp $
*
* Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
* - Initial distribution.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
@ -53,6 +53,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
void

17
usr.sbin/ppp/tun.c
View File

@ -23,10 +23,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: tun.c,v 1.9 1998/08/09 16:41:01 brian Exp $
* $Id: tun.c,v 1.10 1998/10/22 02:32:50 brian Exp $
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h> /* For IFF_ defines */
#include <net/if.h> /* For IFF_ defines */
#include <netinet/in.h>
@ -57,6 +57,9 @@
#include "ccp.h"
#include "link.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "tun.h"
@ -67,7 +70,15 @@ tun_configure(struct bundle *bundle, int mtu)
memset(&info, '\0', sizeof info);
info.type = IFT_PPP;
info.mtu = mtu;
#ifndef NORADIUS
if (bundle->radius.valid && bundle->radius.mtu && bundle->radius.mtu < mtu) {
log_Printf(LogLCP, "Reducing MTU to radius value %lu\n",
bundle->radius.mtu);
info.mtu = bundle->radius.mtu;
} else
#endif
info.mtu = mtu;
info.baudrate = bundle->ifSpeed;
#ifdef __OpenBSD__
info.flags = IFF_UP|IFF_POINTOPOINT;

7
usr.sbin/ppp/vjcomp.c
View File

@ -17,11 +17,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: vjcomp.c,v 1.22 1998/08/07 18:42:51 brian Exp $
* $Id: vjcomp.c,v 1.23 1998/08/26 18:07:57 brian Exp $
*
* TODO:
*/
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
@ -48,6 +48,9 @@
#include "filter.h"
#include "descriptor.h"
#include "mp.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "vjcomp.h"